[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: 1.9.x release notes, SVN-4722

From: Nathan Hartman <hartman.nathan_at_gmail.com>
Date: Tue, 10 Dec 2019 01:22:41 -0500

On Mon, Dec 9, 2019 at 10:22 PM Daniel Shahaf <d.s_at_daniel.shahaf.name> wrote:
>
> Change «"Filesystem is corrupt"» in the section title to match the actual error
> message?

Good catch! Fixed.

A more careful reading of SVN-4722 and the 1.9.x CHANGES file made me
realize that this issue affected 1.9.6 and 1.9.7 (previously I wrote
1.9.7 only). It was introduced in 1.9.6 with SHA1 collision avoidance.
(The 1.9.7 release was a fix for CVE-2017-9800 only.) So I updated the
text to reflect that. I also fixed a number of formatting issues and
made it consistent with other fixed issues in the document.

> There were multiple security issues fixed in later 1.9 patch releases; see
> https://subversion.apache.org/security/

Yes. I see quite a few affecting various 1.9.x. I will handle these
separately.

If the following seems reasonable, I'll go ahead and commit it later:

Log:

[[[

1.9 release notes: Document known issue SVN-4722 in 1.9.6 and 1.9.7

* docs/release-notes/1.9.html
  (Known issues in the release): Add new subsection,
    "Commit can fail with an undeserved SHA1 collision error,"
    to document issue SVN-4722, which affects 1.9.6 and 1.9.7.

Review by: danielsh

]]]

Patch:

[[[

Index: 1.9.html
===================================================================
--- 1.9.html (revision 1871119)
+++ 1.9.html (working copy)
@@ -1466,6 +1466,26 @@

 </div> <!-- shattered-sha1 -->

+<div class="h3" id="svn-4722">
+<h3>Commit can fail with an undeserved SHA1 collision error
+ <a class="sectionlink" href="#svn-4722"
+ title="Link to this section">&para;</a>
+</h3>
+
+<p>See <a href="https://issues.apache.org/jira/browse/SVN-4722?issueNumber=4722"
+>issue 4722, "checksum fail during commit when delta is 16K"</a>.
+</p>
+
+<p>When using a Subversion 1.9.6 or 1.9.7 server, a commit may fail
+with an undeserved SHA1 collision error: "E160000: SHA1 of reps
+&hellip; and &hellip; matches (&hellip;) but contents differ." This
+bug affects the 1.9.6 and 1.9.7 releases.</p>
+
+<p>A fix for this problem has been included in the 1.9.9 release
+(1.9.8 was not publicly released).</p>
+
+</div> <!-- svn-4722 -->
+
 </div> <!-- issues -->

 <div class="h2" id="troubleshooting">

]]]

Nathan
Received on 2019-12-10 07:22:57 CET

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.