Why has the checksum of eigen-3.3.4.zip changed?
Summary
The checksum for the ZIP file of the Eigen 3.3.4 release seems to have changed:
- URL of the file: https://gitlab.com/libeigen/eigen/-/archive/3.3.4/eigen-3.3.4.zip
- Previous SHA256 checksum: b4415a2e16bbaff7568e52853c9e131633248c9bc66d565086e095087e95877d
- SHA256 checksum now: 70b73ee95270f17f59d6436847c030d6a8511ba636b17759655c1a5d0b8f517f
Is there a good reason for this change, or should it be investigated as a potential security issue?
Environment
- Eigen Version : 3.3.4
Steps to reproduce
wget https://gitlab.com/libeigen/eigen/-/archive/3.3.4/eigen-3.3.4.zipsha256sum eigen-3.3.4.zip
What is the current bug behavior?
sha256sum eigen-3.3.4.zip
70b73ee95270f17f59d6436847c030d6a8511ba636b17759655c1a5d0b8f517f eigen-3.3.4.zipWhat is the expected correct behavior?
sha256sum eigen-3.3.4.zip
b4415a2e16bbaff7568e52853c9e131633248c9bc66d565086e095087e95877d eigen-3.3.4.zipAnything else that might help
I first noticed the change in this GitHub Actions job.
The change was detected by Bazel, since this definition of the Eigen 3.3.4 dependency defines a SHA256 checksum. The previous SHA256 was valid from 2022-05 to 2025-03.
Edited by Stéphane Caron