x264 repository inconsistency [solved]

[LoRd_MuldeR]

When I tried to update my local x264 repository recently, I noticed a zillion of merge errors during the "pull" operation.

First I was not sure what caused this and simply made a fresh "clone" from the official repo at Videolan.org

But then I compared the fresh clone to an older backup copy (from around Jan 2014) and I noticed that apparently all the commit SHA-1 hashes had been changed:




To my understanding of Git, this is never supposed to happen!

Or in other words: In Git you cannot change the history of a project, without changing all the hashes and thus this cannot be done unnoticed.

So this means that, apparently, somebody has messed with the repository


Does anybody know what's going on there? Has the Videolan x264 repository been hacked or did they change something intentionally? Or do I miss something?

------------------------------------------

Update: The x264 Git history has been rewritten, but all is okay!

See also:

• http://forum.doom9.org/showpost.php?...81&postcount=5
• https://mailman.videolan.org/piperma...ne/010683.html

[Groucho2004]

There are apparently two different version (2431) depending on when you checked them out:
0.142.2431M a5831aa
0.142.2431M ac76440

The only difference as far as I can see is the name change in all files from "Jason Garrett-Glaser" to "Fiona Glaser".

Not sure if it's related.

[LoRd_MuldeR]

Quote:

Originally Posted by Groucho2004

There are apparently two different version (2431) depending on when you checked them out:
0.142.2431M a5831aa
0.142.2431M ac76440

That exactly the point!

In Git, each commit (or "version") is identified by a unique SHA-1 hash. And that hash not only depends on the commit itself, but also on it's parent commit (or the "predecessor version"). Consequently, the SHA-1 hash of each commit recursively depends on all the previous commits, i.e. it depends on the complete history of the project. This has the nice effect that in Git it is impossible to change (or insert) a commit retrospectively. At least not without messing up the SHA-1 hash of that commit and and the hashes of all the subsequent commits - which can be easily noticed. If, for example, some attacker had access to the kernel.org server and inserted a backdoor into Linux, everybody would notice this the next morning.

So, apparently, somebody has messed with the x264 repository and all the commits (including the latest one) now have a different hash - which also means that they are different!

Quote:

Originally Posted by Groucho2004

The only difference as far as I can see is the name change in all files from "Jason Garret Glaser" to "Fiona Glaser".

That would definitely explain it!

Still it would be strange and very unusual to make such a change by overwriting/changing the complete history of the project, instead of just making a regular commit

(Only reason I can think of is that they wanted to enforce that the "new" name not only appears in the current version, but also in all previous versions)

[Guest]

Or maybe someone doesn't like Jason, and has hacked it.

https://www.google.com/search?q=Fiona+Glaser&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-USfficial&client=firefox-a&channel=rcs

Don't look at me!

I hope they have good backups.

[MasterNobody]

There was no hacks so don't panic. The git history was rewritten - yes. And pushed with forced update. One more time: all is ok.

[LoRd_MuldeR]

I compared the current repository to my backup and it turns out that up to October 2007 nothing has changed. The first differing commit is this one:

Code:

SHA-1: 22455694153d43a9f85837db6eee641ebc4dcdb6

* use hex instead of dia for rdo mv refinement. ~0.5% lower bitrate at subme=7.
patch by Fiona Glaser.


git-svn-id: svn://svn.videolan.org/x264/trunk@681 df754926-b1dd-0310-bc7b-ec298dee348c

Code:

SHA-1: 7da80e549051583d23d8f503665c0fb660b695bb

* use hex instead of dia for rdo mv refinement. ~0.5% lower bitrate at subme=7.
patch by Dark Shikari.


git-svn-id: svn://svn.videolan.org/x264/trunk@681 df754926-b1dd-0310-bc7b-ec298dee348c

[LoRd_MuldeR]

Quote:

Originally Posted by MasterNobody

There was no hacks so don't panic. The git history was rewritten - yes. And pushed with forced update. One more time: all is ok.

Okay, thank you for confirmation! Still seems like an unusual step to me

[Daemon404]

x264 was not hacked, Jason changed his name.

If you need a mapping of hashes from old to new: https://mailman.videolan.org/pipermail/x264-devel/2014-June/010683.html

You can take off your tinfoil hats now

Edit: I was late, woops!

[Guest]

Quote:

Originally Posted by LoRd_MuldeR

Okay, thank you for confirmation! Still seems like an usual step to me

Did you mean unusual?

[LoRd_MuldeR]

Quote:

Originally Posted by neuron2

Did you mean unusual?

yes