From: "Ævar Arnfjörð Bjarmason" <email@example.com>
To: Jeff King <firstname.lastname@example.org>
Cc: "Vanak\, Ibrahim" <email@example.com>,
Subject: Re: GIT issue while cloning (fatal: pack is corrupted (SHA1 mismatch)) !!!
Date: Tue, 28 May 2019 11:51:20 +0200 [thread overview]
Message-ID: <firstname.lastname@example.org> (raw)
On Tue, May 28 2019, Jeff King wrote:
> On Tue, May 28, 2019 at 09:10:12AM +0000, Vanak, Ibrahim wrote:
>> We are seeing issue with GIT 2.14 version. When we try to clone the
>> repos, it is taking HUGE amount of time on HPUX, whereas on the linux
>> machine with same network configuration, it's getting cloned in less
>> than mins. So we want to know has anyone reported this issue? What is
>> the fix for this? Has the fix been released for this? Whom should we
>> contact for this?
> I don't know about the slowness, but...
>> Below is the HPUX system where we are seeing issue, it is taking 1 hr 45 mins and later it failed:
>> email@example.com# uname -a
>> HP-UX sstl002 B.11.31 U ia64 0158936019 unlimited-user license
>> firstname.lastname@example.org# time git clone email@example.com:HPUX/SysFaultMgmt.git
>> Cloning into 'SysFaultMgmt'...
>> remote: Enumerating objects: 63627, done.
>> remote: Total 63627 (delta 0), reused 0 (delta 0), pack-reused 63627
>> Receiving objects: 100% (63627/63627), 681.90 MiB | 111.00 KiB/s, done.
>> fatal: pack is corrupted (SHA1 mismatch)
>> fatal: index-pack failed
> Git v2.14 uses the sha1collision-detection implementation of sha1 by
> default. That has a bug that was fixed recently with:
> commit 4125f78222749cb8fc91115abec3ac83e5dfb194
> Author: Ævar Arnfjörð Bjarmason <firstname.lastname@example.org>
> Date: Tue May 14 00:17:01 2019 +0200
> sha1dc: update from upstream
> Update sha1dc from the latest version by the upstream
> maintainer. See 07a20f569b ("Makefile: fix unaligned loads in
> sha1dc with UBSan", 2019-03-12) for the last update.
> This fixes an issue where HP-UX IA64 was wrongly detected as a
> Little-endian instead of a Big-endian system, see  and .
> 1. https://github.com/cr-marcstevens/sha1collisiondetection/commit/855827c583bc30645ba427885caa40c5b81764d2
> 2. https://email@example.com/
> 3. https://github.com/cr-marcstevens/sha1collisiondetection/pull/50
> which looks like it would impact your system. You can either:
> 1. Try v2.22.0-rc1, which will be the first release with that fix.
> 2. Try cherry-picking the various fixes on top of v2.14.0:
> git checkout v2.14.0
> git cherry-pick 23e37f8e9d5961c0c8d52ac481693d3fca5309ce
> git cherry-pick 07a20f569b4b1690e717eaac0954007a8edfbfc2
> git cherry-pick 4125f78222749cb8fc91115abec3ac83e5dfb194
> 3. Compile with another sha1 implementation. E.g.:
> # if you have openssl available; otherwise,
> # try BLK_SHA1
> echo 'OPENSSL_SHA1 = Yes' >config.mak
> Note that you won't be protected from collision attacks, but those
> are still impractically expensive to mount at this point. It may be
> a good tradeoff until you can upgrade to a more recent Git.
As a follow-up perhaps we should hash_object_file_literally() early in
main() (or maybe just clone & init) to detect this issue & exit with
some "zomg broken!".
Vanak: Also, this issue suggests whoever compiled the package you're
using (you?) installed it with a failing "make test", so a lot of other
things may be broken...
next prev parent reply other threads:[~2019-05-28 9:51 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-28 9:10 Vanak, Ibrahim
2019-05-28 9:37 ` Jeff King
2019-05-28 9:51 ` Ævar Arnfjörð Bjarmason [this message]
2019-05-28 18:45 ` Vanak, Ibrahim
2019-05-28 21:30 ` Jeff King
2019-05-29 5:29 ` Vanak, Ibrahim
2019-05-29 9:06 ` Vanak, Ibrahim
2019-05-30 11:57 ` Jeff King
2019-06-11 16:39 ` Vanak, Ibrahim
2019-06-18 14:31 ` Vanak, Ibrahim
2019-06-18 17:15 ` Jeff Hostetler
2019-06-28 16:18 ` Vanak, Ibrahim
2019-06-28 23:55 ` Jeff King
2019-05-28 10:16 ` Johannes Schindelin
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this inbox:
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).