-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wrong SHA256 checksum for mbedtls-2.7.19.tar.gz shown on release page #4225
Comments
We've double-checked the checksums for 2.7.19 - they are correct. I've also unpacked the tar.gz and the .zip - the contents are identical. Can you please provide more details about how you got this checksum? |
Under “Mbed TLS 2.7.19”, the release identified by the tag
I double-checked this file on a non-work machine to be sure and it has the sha256sum from the release announcement: 0f83d43f7de8866820d41db398b6640c8baebb358819223f9b2b3502f77db3d7. Separately, GitHub generates an archive for the tag Is this what you're seeing? It's the same for the tar.gz files. These additional archives and confusing names are an unfortunate consequence of the way GitHub very strongly believes that release tags should be called |
Thanks for checking back @daverodgman and for the details @gilles-peskine-arm. Yeah, I'm aware of the versioning ( Actually it's pretty weird; I did the same now and the checksum is correct. At the time of opening this issue of course I triple-checked the checksum because I didn't want to raise any false alarms. What I did:
When I did exactly the same three days ago, I got a file This looks pretty much like it fits your description of the separate archive with the double However, sorry for the noise. I was just a bit concerned due to the security-critical nature of the library. Thanks again :) |
Hey,
thanks for providing the latest releases.
The SHA256 checksum shown at the release page is incorrect:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.19
I've compared the
mbedtls-2.7
branch with the providedmbedtls-2.7.19.tar.gz
and their contents are identical with the resulting correct checksum for the.tar.gz
:3da12b1cebe1a25da8365d5349f67db514aefcaa75e26082d7cb2fa3ce9608aa
However, the listed checksum for the
zip
archive is correct.Greetings,
Michael
The text was updated successfully, but these errors were encountered: