Re: svn commit: r1886494 - /subversion/site/staging/docs/community-guide/releasing.part.html

2021-02-17 Thread Øyvind A . Holm 
On 2021-02-17 21:10:29, Daniel Sahlberg wrote:
> Den ons 17 feb. 2021 19:47 Daniel Shahaf  
> skrev:
> > Your email client added a hard link break, breaking the patch.
>
> Stupid Gmail. Anyone have a suggestion for a reasonable email client 
> on Windows? 

If you're ok with a text-based interface, there's Mutt for MS Windows:

https://cygwin.com/packages/summary/mutt.html

Mutt doesn't do any funky stuff with your emails, WYWIWYS (What You 
Write Is What You Send). You'll need to install Cygwin, though.

- Øyvind

geo:60.38,5.33;u=500
OpenPGP fingerprint: A006 05D6 E676 B319 55E2  E77E FB0C BEE8 94A5 06E5
5224e9f2-715d-11eb-8625-5582e081d110

Files with identical SHA1 breaks the repo

2017-02-23 Thread Øyvind A . Holm 
Earlier today, the first known SHA1 collision was presented:

  https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
  http://shattered.io/

It turns out that adding these two PDF files to a svn repository makes 
it impossible to checkout the repository properly if both files exist in 
the repo. This script demonstrates what happens:

--- CUT
#!/bin/sh

if test -e repo -o -e wc1 -o -e wc2; then
  echo repo, wc1 or wc2 already exist >&2
  exit 1
fi
svnadmin create repo
svn co file://$(pwd)/repo wc1
cd wc1
wget https://shattered.it/static/shattered-1.pdf
wget https://shattered.it/static/shattered-2.pdf
svn add *.pdf
svn ci -m "Add files with identical SHA1"
cd ..
svn co file://$(pwd)/repo wc2
--- CUT

This happens:

  $ ./runme
  Checked out revision 0.
  --2017-02-23 20:41:05--  https://shattered.it/static/shattered-1.pdf
  Resolving shattered.it (shattered.it)... 216.239.38.21, 216.239.36.21, 
216.239.32.21, ...
  Connecting to shattered.it (shattered.it)|216.239.38.21|:443... connected.
  HTTP request sent, awaiting response... 200 OK
  Length: 422435 (413K) [application/pdf]
  Saving to: ‘shattered-1.pdf’

  shattered-1.pdf   100%[===>] 412.53K  --.-KB/s   in 0.04s

  2017-02-23 20:41:05 (10.9 MB/s) - ‘shattered-1.pdf’ saved [422435/422435]

  --2017-02-23 20:41:05--  https://shattered.it/static/shattered-2.pdf
  Resolving shattered.it (shattered.it)... 216.239.38.21, 216.239.36.21, 
216.239.32.21, ...
  Connecting to shattered.it (shattered.it)|216.239.38.21|:443... connected.
  HTTP request sent, awaiting response... 200 OK
  Length: 422435 (413K) [application/pdf]
  Saving to: ‘shattered-2.pdf’

  shattered-2.pdf   100%[===>] 412.53K  --.-KB/s   in 0.04s

  2017-02-23 20:41:06 (9.03 MB/s) - ‘shattered-2.pdf’ saved [422435/422435]

  A  (bin)  shattered-1.pdf
  A  (bin)  shattered-2.pdf
  Adding  (bin)  shattered-1.pdf
  Adding  (bin)  shattered-2.pdf
  Transmitting file data ..
  Committed revision 1.
  Awc2/shattered-1.pdf
  svn: E200014: Checksum mismatch for 
'/home/sunny/src/git/svn-sha1/wc2/shattered-2.pdf':
 expected:  5bd9d8cabc46041579a311230539b8d1
   actual:  ee4aa52b139d925f8d8884402b0a750c

  $

Tested with svn-1.8.10, which is the default svn in Debian 8.7, newest 
stable. shattered-1.pdf is checked out, but not shattered-2.pdf.

This is the only known SHA-1 collision at the moment, but Google will 
release the collision code in 90 days, so we can expect this not to last 
forever.

Regards,
Øyvind

+-| Øyvind A. Holm <su...@sunbase.org> - N 60.37604° E 5.9° |-+
| OpenPGP: 0xFB0CBEE894A506E5 - http://www.sunbase.org/pubkey.asc |
| Fingerprint: A006 05D6 E676 B319 55E2  E77E FB0C BEE8 94A5 06E5 |
+| cb5c25a6-fa01-11e6-8cd8-db5caa6d21d3 |-+


signature.asc
Description: PGP signature