[jira] [Closed] (SVN-4673) Reports of SHA-1 collision causing repository breakage

Johan Corveleyn (JIRA) Mon, 03 Jul 2017 05:51:24 -0700

     [ 
https://issues.apache.org/jira/browse/SVN-4673?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Johan Corveleyn closed SVN-4673.
--------------------------------

As of version 1.8.18, 1.9.6 and 1.10, Subversion rejects commits which create 
SHA1 collisions, if the server is configured with rep-sharing enabled (which is 
the default). See http://subversion.apache.org/faq.html#shattered-sha1 for more 
information.

> Reports of SHA-1 collision causing repository breakage
> ------------------------------------------------------
>
>                 Key: SVN-4673
>                 URL: https://issues.apache.org/jira/browse/SVN-4673
>             Project: Subversion
>          Issue Type: Bug
>            Reporter: Bryan Rosander
>            Priority: Critical
>             Fix For: 1.8.18, 1.9.6, 1.10.0
>
>
> Google recently created two pdfs with the same sha-1 checksum [1].  There are 
> reports of this breaking svn repositories[2][3].
> [1] 
> https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
> [2] 
> https://arstechnica.com/security/2017/02/watershed-sha1-collision-just-broke-the-webkit-repository-others-may-follow/
> [3] https://lists.webkit.org/pipermail/webkit-dev/2017-February/028795.html
> Additional resources:
> [https://bugs.webkit.org/show_bug.cgi?id=168774#c23<Paste>]
> https://shattered.io/



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (SVN-4673) Reports of SHA-1 collision causing repository breakage

Reply via email to