Description: This is my first time doing this, please bare with me. I downloaded LibreOffice from https://www.libreoffice.org/download/download/ for Microsoft Windows 10 version (LibreOffice_5.3.3_Win_x86.msi). The hash values for SHA256 and SHA1 that are listed on the info page did NOT match when I computed the checksums for the .msi file. The hash values I used where located here http://download.documentfoundation.org/libreoffice/stable/5.3.3/win/x86/LibreOffice_5.3.3_Win_x86.msi.mirrorlist To compute the checksums and compare the hash values I used a tool I created for that purpose using Windows PowerShell. I've made it freely available on GitHub as open source software here: https://github.com/FlyDuoATL/powershell-compare-hash Steps to Reproduce: 1. Download the .msi from LibreOffice 2. Run the utility I linked to on GitHub to create the checksum for the msi 3. The utility will then compare the generated checksum with the hash values listed on the .msi download "info" page. 4. Repeat steps 2 and 3 for each different hash type, ie: SHA256, SHA-1, MD5. 5. The tool will output whether the generated checksum value and the hash values provided by LibreOffice are a match. I ran this several times to be sure and they did NOT all match. Actual Results: Some of the hash types did not match with the generated checksum value for the .msi I downloaded. Expected Results: The hash values and the generated checksums should have all matched exactly for each type: SHA-256, SHA-1, MD5. Reproducible: Always User Profile Reset: No Additional Info: I did not install the software because the hash values and the generated checksums did not match. This problem is purely about the downloaded file's various hash values and the generated checksums from that file not matching correctly as they should. I would assume this may be a critical problem because I was under the impression it may mean that somehow the software got corrupted or the software being downloaded is not the correct legit software from the LibreOffice team. I know this type of thing happened with the HandBrake project (video encoding software) and it was a security issue, someone had been changing the downloaded software to a version that had malware, but for the MacOS version of the software only. This page (https://forum.handbrake.fr/viewtopic.php?f=33&t=36399&p=171143&hilit=hash#p171143) has the information for that particular situation for comparison, I hope it's helpful. Regarding LibreOffice, of course I have no idea at all what the cause of this is. This is NOT my area of expertise by any means. I do hope that this is helpful for your development team. User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0
On Windows 10 Pro 64-bit en-US, can not reproduce. I downloaded the 5.3.3 build and its helppack via the link noted. MD5, SHA1, SHA256 match the provided MirrorBrain "info" meta listing. LibreOffice_5.3.3_Win_x86.msi MD5 9418d8a7671eae528a3d54303a9467f9 SHA-1 dbcee633b1c04ed97f25d35847d847cb04f43b64 SHA-256 f57824b10ad2fd871ff8f0bf7edb4d810b4d05fb2189aa7daa953a10184c2512 LibreOffice_5.3.3_Win_x86_helppack_en-US.msi MD5 909c24d5da01d79749f4f0c36a7db7cf SHA-1 f79a9101c12e153590e5c15c9f19fcb96c8a2f65 SHA-256 ab83927c6053e62ac26fd012e5e598b35cdb4cb3d8c036e81955439fd1f9723d On Windows you can run "certutil -hashvalue <filename.ext> [MD5|SHA1|SHA256]" to generate a valid HASH value. If still getting a bad HASH for your download(s), I would try the project archive, there the HASH values are in the details file. Note: the mirrors drop the older builds but the project archive is maintained. For this BZ issue to have any actionable outcome we'd need to know the mirror that is pushing a bad upload--and verify. The project infrastructure team would contact the mirror maintainer. =-ref-= http://downloadarchive.documentfoundation.org/libreoffice/old/
(In reply to V Stuart Foote from comment #1) > > On Windows you can run "certutil -hashvalue <filename.ext> > [MD5|SHA1|SHA256]" to generate a valid HASH value. Sorry, s/-hashvalue/-hashfile/
Dear Bug Submitter, This bug has been in NEEDINFO status with no change for at least 6 months. Please provide the requested information as soon as possible and mark the bug as UNCONFIRMED. Due to regular bug tracker maintenance, if the bug is still in NEEDINFO status with no change in 30 days the QA team will close the bug as INSUFFICIENTDATA due to lack of needed information. For more information about our NEEDINFO policy please read the wiki located here: https://wiki.documentfoundation.org/QA/Bugzilla/Fields/Status/NEEDINFO If you have already provided the requested information, please mark the bug as UNCONFIRMED so that the QA team knows that the bug is ready to be confirmed. Thank you for helping us make LibreOffice even better for everyone! Warm Regards, QA Team MassPing-NeedInfo-Ping-20180102
Dear Bug Submitter, Please read this message in its entirety before proceeding. Your bug report is being closed as INSUFFICIENTDATA due to inactivity and a lack of information which is needed in order to accurately reproduce and confirm the problem. We encourage you to retest your bug against the latest release. If the issue is still present in the latest stable release, we need the following information (please ignore any that you've already provided): a) Provide details of your system including your operating system and the latest version of LibreOffice that you have confirmed the bug to be present b) Provide easy to reproduce steps – the simpler the better c) Provide any test case(s) which will help us confirm the problem d) Provide screenshots of the problem if you think it might help e) Read all comments and provide any requested information Once all of this is done, please set the bug back to UNCONFIRMED and we will attempt to reproduce the issue. Please do not: a) respond via email b) update the version field in the bug or any of the other details on the top section of our bug tracker Warm Regards, QA Team MassPing-NeedInfo-20180129