The trunk check-in of Fossil (https://www.fossil-scm.org/fossil/timeline?c=trunk) is the release candidate for version 2.0. I plan to do the version 2.0 release with 48 hours. Please test it out, as you are able.
Version 2.0 is a drop-in replacement for Fossil-1.37 and earlier. Do not worry that the leading "1" has changed into a "2". The new Fossil 2.0 is completely backwards compatible. All you need to do is update your current "fossil" (or "fossil.exe") executable with the new 2.0 version, then keep on working just like you always have. You will not notice any changes. You do not need to run "fossil rebuidl". Fossil 2.0 continues to interoperate with older repositories and older Fossil 1.x servers and clients. The changes of interest in the 2.0 release are as follows: (1) Replace the SHA1 implementation with Hardened-SHA1. (https://github.com/cr-marcstevens/sha1collisiondetection). Hardened-SHA1 gives exactly the same result on all normal inputs, but a very different result for inputs that have been intentionally designed to collide. Instead of this: 38762cf7f55934b34d179ae6a4c80cadccbb7f0a shattered-1.pdf 38762cf7f55934b34d179ae6a4c80cadccbb7f0a shattered-2.pdf You now get this: 16e96b70000dd1e7c85b8368ee197754400e58ec shattered-1.pdf e1761773e6a35916d99f891b77663e6405313587 shattered-2.pdf All other SHA1 hashes remain the same. If you doubt that assertion, you can test it by running "fossil test-integrity" or "fossil all test-integrity". (2) The low-level file format (https://www.fossil-scm.org/fossil/doc/trunk/www/fileformat.wiki) has been enhanced so that it allows artifacts to be named using SHA3-256 hashes as an alternative to SHA1 hashes. Version 2.0 will understand and use any SHA3 hashes it sees, but it will not generate any new SHA3 hashes. In this way, Fossil 2.0 will continue to interoperate seamlessly with Fossil 1.x. At some future date, after folks have had an opportunity to update to Fossil 2.0 or later, we can throw the switch and start generating only SHA3 hash names. (3) There is a new "sha3sum" command made available for your convenience. Further documentation updates are likely prior to the release, but at this point the code is feature complete and ready for testing. Please report any problems you find quickly. Thanks. -- D. Richard Hipp d...@sqlite.org _______________________________________________ fossil-dev mailing list fossil-dev@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/fossil-dev
