Nathan Hartman wrote on Tue, Dec 10, 2019 at 01:22:41 -0500: > On Mon, Dec 9, 2019 at 10:22 PM Daniel Shahaf <d...@daniel.shahaf.name> wrote: > > There were multiple security issues fixed in later 1.9 patch releases; see > > https://subversion.apache.org/security/ > > Yes. I see quite a few affecting various 1.9.x. I will handle these > separately.
Thanks. > 1.9 release notes: Document known issue SVN-4722 in 1.9.6 and 1.9.7 > > * docs/release-notes/1.9.html > (Known issues in the release): Add new subsection, > "Commit can fail with an undeserved SHA1 collision error," > to document issue SVN-4722, which affects 1.9.6 and 1.9.7. Historically, we've usually used the section's id in the «(symbol name)» part of the log message. In fact, I'd probably have written this as just: (#svn-4722): New subsection. This affects searchability of the logs. In INSTALL this wouldn't make as much sense, though, because sections of INSTALL don't have stable identifiers. > +++ 1.9.html (working copy) > @@ -1466,6 +1466,26 @@ > > </div> <!-- shattered-sha1 --> *nod* > +<div class="h3" id="svn-4722"> > +<h3>Commit can fail with an undeserved SHA1 collision error > + <a class="sectionlink" href="#svn-4722" > + title="Link to this section">¶</a> > +</h3> > + > +<p>See <a > href="https://issues.apache.org/jira/browse/SVN-4722?issueNumber=4722"; > +>issue 4722, "checksum fail during commit when delta is 16K"</a>. > +</p> Consider moving the above paragraph to be last, immediately before the </div> tag. (I think it'll read better that way, but YMMV.) > +<p>When using a Subversion 1.9.6 or 1.9.7 server, a commit may fail > +with an undeserved SHA1 collision error: "E160000: SHA1 of reps > +… and … matches (…) but contents differ." This > +bug affects the 1.9.6 and 1.9.7 releases.</p> > + > +<p>A fix for this problem has been included in the 1.9.9 release > +(1.9.8 was not publicly released).</p> > + > +</div> <!-- svn-4722 --> > + > </div> <!-- issues --> > > <div class="h2" id="troubleshooting"> +1 to commit.
