[tor-bugs] #15539 [Tor bundles/installation]: Removing signature on Tor Browser .exe should result in SHA256 value listed in sha256sums.txt
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Apr 1 15:07:18 UTC 2015
#15539: Removing signature on Tor Browser .exe should result in SHA256 value listed
in sha256sums.txt
------------------------------------------+-----------------
Reporter: gk | Owner: gk
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor bundles/installation | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
------------------------------------------+-----------------
Comment (by cypherpunks):
Because PE-checksum (it's at 0xd8 offset) depends size of file too, but
NSIS don't care to include stuff to PE-checksum it appends to end of file
(it could to do zeroing of PE-checksum then, but not to leave broken PE-
file with wrong checksum). osslsigncode removing signature and
recalculates valid PE-checksum for whole file (includes len, changed after
padding).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15539#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list