Nathan Hartman wrote on Tue, Dec 10, 2019 at 01:22:41 -0500:
> On Mon, Dec 9, 2019 at 10:22 PM Daniel Shahaf <d.s_at_daniel.shahaf.name> wrote:
> > There were multiple security issues fixed in later 1.9 patch releases; see
> > https://subversion.apache.org/security/
>
> Yes. I see quite a few affecting various 1.9.x. I will handle these
> separately.
Thanks.
> 1.9 release notes: Document known issue SVN-4722 in 1.9.6 and 1.9.7
>
> * docs/release-notes/1.9.html
> (Known issues in the release): Add new subsection,
> "Commit can fail with an undeserved SHA1 collision error,"
> to document issue SVN-4722, which affects 1.9.6 and 1.9.7.
Historically, we've usually used the section's id in the «(symbol name)»
part of the log message. In fact, I'd probably have written this as just:
(#svn-4722): New subsection.
This affects searchability of the logs.
In INSTALL this wouldn't make as much sense, though, because sections of INSTALL
don't have stable identifiers.
> +++ 1.9.html (working copy)
> @@ -1466,6 +1466,26 @@
>
> </div> <!-- shattered-sha1 -->
*nod*
> +<div class="h3" id="svn-4722">
> +<h3>Commit can fail with an undeserved SHA1 collision error
> + <a class="sectionlink" href="#svn-4722"
> + title="Link to this section">¶</a>
> +</h3>
> +
> +<p>See <a href="https://issues.apache.org/jira/browse/SVN-4722?issueNumber=4722"
> +>issue 4722, "checksum fail during commit when delta is 16K"</a>.
> +</p>
Consider moving the above paragraph to be last, immediately before the </div>
tag. (I think it'll read better that way, but YMMV.)
> +<p>When using a Subversion 1.9.6 or 1.9.7 server, a commit may fail
> +with an undeserved SHA1 collision error: "E160000: SHA1 of reps
> +… and … matches (…) but contents differ." This
> +bug affects the 1.9.6 and 1.9.7 releases.</p>
> +
> +<p>A fix for this problem has been included in the 1.9.9 release
> +(1.9.8 was not publicly released).</p>
> +
> +</div> <!-- svn-4722 -->
> +
> </div> <!-- issues -->
>
> <div class="h2" id="troubleshooting">
+1 to commit.
Received on 2019-12-10 07:56:43 CET