Description: If I try to install the LibreOffice_5.2.5_Win_x86 I keep getting a security warning for an unknown publisher and at the same time I get a very strange name for the publisher. If I try it again the name will be different but the same problem persist. Most of the time the publisher name will be made up of Chinese symbols. I use a basic Windows 10 system with only Microsoft security programs on it. Steps to Reproduce: 1. Download the installer from https://nl.libreoffice.org/download/libreoffice-fris/ 2. Just install it and the bug pops up. Actual Results: 1. Download the installer from https://nl.libreoffice.org/download/libreoffice-fris/ 2. Just install it and the bug pops up. Expected Results: Normal installation / upgrade from my current Libre Office suite Reproducible: Always User Profile Reset: No Additional Info: Not sure what is wrong but it feels like there is a virus in the installation file but my anti virus program does not respond when I download it or does a full system scan. User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0
Created attachment 130730 [details] Screenshot of installation bug
Have you verified the HASH value checksum for the installer you downloaded? If it differs, your download is corrupt or worse tainted. We'd then need to know the mirror site you downloaded from to have them restore a correct installer. http://download.documentfoundation.org/libreoffice/stable/5.2.5/win/x86/LibreOffice_5.2.5_Win_x86.msi.mirrorlist http://download.documentfoundation.org/libreoffice/stable/5.2.5/win/x86_64/LibreOffice_5.2.5_Win_x64.msi.mirrorlist
It -looks- like there's a virus on the machine, which makes you wanna download & install some more insecure software. That's probably why the system won't let you open the file. So better check the machine first before downloading anything else. If there is a virus, downloading from another mirror won't help either, as it redirects the download anyway.
I am using Windows Defender and it gets a daily update so a virus on my system looks strange. But the main point is that if I look at the certifying path I see the following info: Root: StartCom Certification Authority (this one has been revoked by CA) Next step: StartCom Class 3 Primary Intermediate Object CA (is good) Next step: The Document Foundation (is good) And I can't find anything close to the SHA1 string I found in the mirror list As for the digital signature of the file I have the following info Version: V2 Provider: CN = StartCom Class 3 Primary Intermediate Object CA OU = Secure Digital Certificate Signing O = StartCom Ltd. C = IL Serialnr: 11 bf f1 b8 5c 2c da Digest-algoritme: sha1 Digest-keyalgoritme: RSA verified marks Type contence: 06 0a 2b 06 01 04 01 82 ..+..... 37 02 01 04 7... 1.3.6.1.4.1.311.2.1.11: 30 0c 06 0a 2b 06 01 04 0...+... 01 82 37 02 01 15 ..7... Distributionlist: 04 14 b0 d5 15 3a 7a cc .....:z. 28 b0 85 92 8b bb 5e 5a (.....^Z e1 d7 03 bc db 80 ...... 1.3.6.1.4.1.33.2.1.12: 04 14 b0 d5 15 3a 7a cc .....:z. 28 b0 85 92 8b bb 5e 5a (.....^Z e1 d7 03 bc db 80 ...... unconfermed marks: controlsignature: 30 82 02 8b 02 01 01 30 0......0 68 30 52 31 0b 30 09 06 h0R1.0.. 03 55 04 06 13 02 42 45 .U....BE 31 19 30 17 06 03 55 04 1.0...U. 0a 13 10 47 6c 6f 62 61 ...Globa 6c 53 69 67 6e 20 6e 76 lSign nv 2d 73 61 31 28 30 26 06 -sa1(0&. 03 55 04 03 13 1f 47 6c .U....Gl 6f 62 61 6c 53 69 67 6e obalSign 20 54 69 6d 65 73 74 61 Timesta 6d 70 69 6e 67 20 43 41 mping CA 20 2d 20 47 32 02 12 11 - G2... 21 d6 99 a7 64 97 3e f1 !...d.>. f8 42 7e e9 19 cc 53 41 .B~...SA 14 30 09 06 05 2b 0e 03 .0...+.. 02 1a 05 00 a0 81 fd 30 .......0 18 06 09 2a 86 48 86 f7 ...*.H.. 0d 01 09 03 31 0b 06 09 ....1... 2a 86 48 86 f7 0d 01 07 *.H..... 01 30 1c 06 09 2a 86 48 .0...*.H 86 f7 0d 01 09 05 31 0f ......1. 17 0d 31 37 30 31 31 32 ..170112 31 33 35 39 32 33 5a 30 135923Z0 23 06 09 2a 86 48 86 f7 #..*.H.. 0d 01 09 04 31 16 04 14 ....1... 6c 1b ad 23 cf 1b df 6e l..#...n 8f a1 ae 39 c9 cc 56 19 ...9..V. 34 a4 69 49 30 81 9d 06 4.iI0... 0b 2a 86 48 86 f7 0d 01 .*.H.... 09 10 02 0c 31 81 8d 30 ....1..0 81 8a 30 81 87 30 81 84 ..0..0.. 04 14 63 b8 2f ab 61 f5 ..c./.a. 83 90 96 95 05 0b 00 24 .......$ 9c 50 29 33 ec 79 30 6c .P)3.y0l 30 56 a4 54 30 52 31 0b 0V.T0R1. 30 09 06 03 55 04 06 13 0...U... 02 42 45 31 19 30 17 06 .BE1.0.. 03 55 04 0a 13 10 47 6c .U....Gl 6f 62 61 6c 53 69 67 6e obalSign 20 6e 76 2d 73 61 31 28 nv-sa1( 30 26 06 03 55 04 03 13 0&..U... 1f 47 6c 6f 62 61 6c 53 .GlobalS 69 67 6e 20 54 69 6d 65 ign Time 73 74 61 6d 70 69 6e 67 stamping 20 43 41 20 2d 20 47 32 CA - G2 02 12 11 21 d6 99 a7 64 ...!...d 97 3e f1 f8 42 7e e9 19 .>..B~.. cc 53 41 14 30 0d 06 09 .SA.0... 2a 86 48 86 f7 0d 01 01 *.H..... 01 05 00 04 82 01 00 86 ........ 9f a9 bb 8c bf 9b 67 26 ......g& 2c 50 8b 54 9a 3b f4 7a ,P.T.;.z 20 2b 2a 72 25 f5 22 f9 +*r%.". 47 fa 71 8a 46 c2 b6 33 G.q.F..3 28 9d f0 fb 8d 20 5f ed (.... _. e7 a3 ae a4 70 1a b4 e6 ....p... 21 4c 60 62 8a 21 33 2f !L`b.!3/ 58 cd 25 e0 8b d6 6f b2 X.%...o. 09 ee 86 54 73 dd 18 a1 ...Ts... 90 34 0c 32 c8 ba 01 fd .4.2.... 67 d1 81 fc 9b 3a 59 07 g....:Y. 5e 66 76 29 8d 7f 31 21 ^fv).1! ab 5e 2c 7a e6 9b 20 e1 .^,z.. . 0e ec e4 da d5 62 4c 68 .....bLh 41 6a d2 9d 08 c2 b6 95 Aj...... f0 3c b5 d4 07 33 67 87 .<...3g. d8 bf 54 a2 63 47 18 53 ..T.cG.S 6a 18 ab f7 bf fc 63 f1 j.....c. c1 82 c9 67 7a be 8c 50 ...gz..P 8f 31 ca fd ce 2d b7 4e .1...-.N 0d 98 15 db f5 dd 12 47 .......G 7c 8a a2 27 e9 8c e2 b7 |..'.... 0f 81 f3 fc c4 31 9e aa .....1.. 5b 53 72 db 28 de fc 41 [Sr.(..A 81 c4 c3 b9 38 17 07 38 ....8..8 c7 78 a9 11 ec a1 86 cc .x...... f6 fe 1c b8 4b 7d 2e ba ....K}.. 17 0c 53 a3 a6 56 4f 53 ..S..VOS 93 f6 28 9f 2f 49 a5 1c ..(./I.. d0 a7 08 a0 22 67 12 1d ...."g.. db 57 87 39 cf ee ad 59 .W.9...Y bd 0c 91 a5 f7 f4 fd .......
I found the SHA code and they are the same but it is something in the chain of trusted people that is breaking the installation proces
(In reply to Joost from comment #4) > I am using Windows Defender and it gets a daily update so a virus on my > system looks strange. Sorry, but defender is not the best viruschecker around, probably the worst. Just search for the tests. It's just basic protection, nothing else. >Root: StartCom Certification Authority (this one has been revoked by CA) I already had 5.2.5 installed on this system (windows 7), so the root certificate is good.
Dear Bug Submitter, This bug has been in NEEDINFO status with no change for at least 6 months. Please provide the requested information as soon as possible and mark the bug as UNCONFIRMED. Due to regular bug tracker maintenance, if the bug is still in NEEDINFO status with no change in 30 days the QA team will close the bug as INSUFFICIENTDATA due to lack of needed information. For more information about our NEEDINFO policy please read the wiki located here: https://wiki.documentfoundation.org/QA/Bugzilla/Fields/Status/NEEDINFO If you have already provided the requested information, please mark the bug as UNCONFIRMED so that the QA team knows that the bug is ready to be confirmed. Thank you for helping us make LibreOffice even better for everyone! Warm Regards, QA Team MassPing-NeedInfo-Ping-20170727
Dear Bug Submitter, Please read this message in its entirety before proceeding. Your bug report is being closed as INSUFFICIENTDATA due to inactivity and a lack of information which is needed in order to accurately reproduce and confirm the problem. We encourage you to retest your bug against the latest release. If the issue is still present in the latest stable release, we need the following information (please ignore any that you've already provided): a) Provide details of your system including your operating system and the latest version of LibreOffice that you have confirmed the bug to be present b) Provide easy to reproduce steps – the simpler the better c) Provide any test case(s) which will help us confirm the problem d) Provide screenshots of the problem if you think it might help e) Read all comments and provide any requested information Once all of this is done, please set the bug back to UNCONFIRMED and we will attempt to reproduce the issue. Please do not: a) respond via email b) update the version field in the bug or any of the other details on the top section of our bug tracker Warm Regards, QA Team MassPing-NeedInfo-20170830