On Mon, Dec 9, 2019 at 10:22 PM Daniel Shahaf <d...@daniel.shahaf.name> wrote:
>
> Change «"Filesystem is corrupt"» in the section title to match the actual 
> error
> message?

Good catch! Fixed.

A more careful reading of SVN-4722 and the 1.9.x CHANGES file made me
realize that this issue affected 1.9.6 and 1.9.7 (previously I wrote
1.9.7 only). It was introduced in 1.9.6 with SHA1 collision avoidance.
(The 1.9.7 release was a fix for CVE-2017-9800 only.) So I updated the
text to reflect that. I also fixed a number of formatting issues and
made it consistent with other fixed issues in the document.

> There were multiple security issues fixed in later 1.9 patch releases; see
> https://subversion.apache.org/security/

Yes. I see quite a few affecting various 1.9.x. I will handle these
separately.

If the following seems reasonable, I'll go ahead and commit it later:

Log:

[[[

1.9 release notes: Document known issue SVN-4722 in 1.9.6 and 1.9.7

* docs/release-notes/1.9.html
  (Known issues in the release): Add new subsection,
    "Commit can fail with an undeserved SHA1 collision error,"
    to document issue SVN-4722, which affects 1.9.6 and 1.9.7.

Review by: danielsh

]]]

Patch:

[[[

Index: 1.9.html
===================================================================
--- 1.9.html (revision 1871119)
+++ 1.9.html (working copy)
@@ -1466,6 +1466,26 @@

 </div>  <!-- shattered-sha1 -->

+<div class="h3" id="svn-4722">
+<h3>Commit can fail with an undeserved SHA1 collision error
+  <a class="sectionlink" href="#svn-4722"
+    title="Link to this section">&para;</a>
+</h3>
+
+<p>See <a 
href="https://issues.apache.org/jira/browse/SVN-4722?issueNumber=4722";
+>issue 4722, "checksum fail during commit when delta is 16K"</a>.
+</p>
+
+<p>When using a Subversion 1.9.6 or 1.9.7 server, a commit may fail
+with an undeserved SHA1 collision error: "E160000: SHA1 of reps
+&hellip; and &hellip; matches (&hellip;) but contents differ." This
+bug affects the 1.9.6 and 1.9.7 releases.</p>
+
+<p>A fix for this problem has been included in the 1.9.9 release
+(1.9.8 was not publicly released).</p>
+
+</div>  <!-- svn-4722 -->
+
 </div>  <!-- issues -->

 <div class="h2" id="troubleshooting">

]]]

Nathan

Reply via email to