Skip to content

Commit

Permalink
Use CollisionDetection SHA1 backend within libgit2
Browse files Browse the repository at this point in the history 
libgit2 supports SHA1 collision detection [0], which basically
identifies files that have distinctive sequences of bytes that show they
have been hand-crafted to defeat SHA1, and instead alters the SHA1
hashing algorithm to do something different for those bytestreams.  This
"hardens" the SHA1 implementation, and importantly for us, doesn't
introduce any extra dependencies such as libssl.

[0]: https://blog.github.com/2017-03-20-sha-1-collision-detection-on-github-com/
  • Loading branch information
@staticfloat
staticfloat committed Jun 12, 2018
1 parent 0af441f commit fbb677f
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion deps/libgit2.mk
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ LIBGIT2_OPTS += -DCURL_INCLUDE_DIRS=$(build_includedir) -DCURL_LIBRARIES="-L$(bu
endif

ifneq (,$(findstring $(OS),Linux FreeBSD))
LIBGIT2_OPTS += -DUSE_HTTPS=ON -DHTTPS_BACKEND="mbedTLS" -DCMAKE_INSTALL_RPATH="\$$ORIGIN"
LIBGIT2_OPTS += -DUSE_HTTPS="mbedTLS" -DSHA1_BACKEND="CollisionDetection" -DCMAKE_INSTALL_RPATH="\$$ORIGIN"
endif

LIBGIT2_SRC_PATH := $(SRCCACHE)/$(LIBGIT2_SRC_DIR)
Expand Down

0 comments on commit fbb677f

Please sign in to comment.