[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Files with identical SHA1 breaks the repo

From: Branko Čibej <brane_at_apache.org>
Date: Fri, 24 Feb 2017 12:59:16 +0100

On 24.02.2017 12:28, Daniel Shahaf wrote:
> Branko Čibej wrote on Fri, Feb 24, 2017 at 12:18:05 +0100:
>> On 24.02.2017 11:51, Stefan Sperling wrote:
>>> On Thu, Feb 23, 2017 at 09:02:28PM +0100, Øyvind A. Holm wrote:
>>>> Earlier today, the first known SHA1 collision was presented:
>>>>
>>>> https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
>>>> http://shattered.io/
>>>>
>>>> It turns out that adding these two PDF files to a svn repository makes
>>>> it impossible to checkout the repository properly if both files exist in
>>>> the repo. This script demonstrates what happens:
>>> As a workaround, disable rep-sharing and the error goes away.
>> This is precisely why rep-sharing is disabled by default when the
>> repository is created.
> It's _enabled_ by default:
>
> /* Initialize ffd->rep_sharing_allowed. */
> if (ffd->format >= SVN_FS_FS__MIN_REP_SHARING_FORMAT)
> SVN_ERR(svn_config_get_bool(config, &ffd->rep_sharing_allowed,
> CONFIG_SECTION_REP_SHARING,
> CONFIG_OPTION_ENABLE_REP_SHARING, TRUE));
> else
> ffd->rep_sharing_allowed = FALSE;

*WHAT*

Since when?

I see now that the default fsfs.conf says the same thing, but this is crazy.

-- Brane
Received on 2017-02-24 12:59:22 CET

This is an archived mail posted to the Subversion Dev mailing list.