Version in base suite: 7.4.7-1+deb12u7

Base version: libreoffice_7.4.7-1+deb12u7
Target version: libreoffice_7.4.7-1+deb12u8
Base file: /srv/ftp-master.debian.org/ftp/pool/main/libr/libreoffice/libreoffice_7.4.7-1+deb12u7.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/libr/libreoffice/libreoffice_7.4.7-1+deb12u8.dsc

 changelog                                                   |    7 
 patches/Improve-adbe.pkcs7.sha1-signature-verification.diff |  131 ++++++++++++
 patches/series                                              |    1 
 3 files changed, 139 insertions(+)

diff -Nru libreoffice-7.4.7/debian/changelog libreoffice-7.4.7/debian/changelog
--- libreoffice-7.4.7/debian/changelog	2025-02-06 17:18:37.000000000 +0000
+++ libreoffice-7.4.7/debian/changelog	2025-03-18 17:53:50.000000000 +0000
@@ -1,3 +1,10 @@
+libreoffice (4:7.4.7-1+deb12u8) bookworm-security; urgency=medium
+
+  * debian/patches/Improve-adbe.pkcs7.sha1-signature-verification.diff:
+    as name says (CVE-2025-2866)
+
+ -- Rene Engelhard <rene@debian.org>  Tue, 18 Mar 2025 18:53:50 +0100
+
 libreoffice (4:7.4.7-1+deb12u7) bookworm-security; urgency=medium
 
   * debian/patches/Filter-out-more-unwanted-command-URIs.diff: as name says;
diff -Nru libreoffice-7.4.7/debian/patches/Improve-adbe.pkcs7.sha1-signature-verification.diff libreoffice-7.4.7/debian/patches/Improve-adbe.pkcs7.sha1-signature-verification.diff
--- libreoffice-7.4.7/debian/patches/Improve-adbe.pkcs7.sha1-signature-verification.diff	1970-01-01 00:00:00.000000000 +0000
+++ libreoffice-7.4.7/debian/patches/Improve-adbe.pkcs7.sha1-signature-verification.diff	2025-03-18 17:53:10.000000000 +0000
@@ -0,0 +1,131 @@
+From 8de63d21a2abe3fcb6a00bb5f093a7bfe4ef5bf3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Juraj=20=C5=A0arinay?= <juraj@sarinay.com>
+Date: Thu, 6 Mar 2025 16:44:01 +0100
+Subject: [PATCH] Improve adbe.pkcs7.sha1 signature verification
+
+For PDF signatures with SubFilter == adbe.pkcs7.sha1, we only
+compared hash values and never actually checked SignatureValue
+within SignerInfo.
+
+Fix bugs introduced by 055fd58711d57af4d96214aebd71b713303d5527 and
+e58ed17e35989350afe3e9fd77b24515df782eac by verifying the actual
+(public-key) signature after the hash values compare equal.
+
+Change-Id: I5fa3d60df214cc5efedd1c0eba6cf1b9faf05360
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/183059
+Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
+Tested-by: Jenkins
+(cherry picked from commit 9f687b06fc25156a2a3f4d688b56542612995aa9)
+---
+ svl/source/crypto/cryptosign.cxx | 54 ++++++++++++++++++--------------
+ 1 file changed, 31 insertions(+), 23 deletions(-)
+
+diff --git a/svl/source/crypto/cryptosign.cxx b/svl/source/crypto/cryptosign.cxx
+index 638bf9aa51d1..c2ad079747dc 100644
+--- a/svl/source/crypto/cryptosign.cxx
++++ b/svl/source/crypto/cryptosign.cxx
+@@ -2091,23 +2091,30 @@ bool Signing::Verify(const std::vector<unsigned char>& aData,
+     if (pAttribute)
+         rInformation.bHasSigningCertificate = true;
+ 
++    SECItem aSignedDigestItem {siBuffer, nullptr, 0};
++
+     SECItem* pContentInfoContentData = pCMSSignedData->contentInfo.content.data;
+     if (bNonDetached && pContentInfoContentData && pContentInfoContentData->data)
+     {
+         // Not a detached signature.
+-        if (!std::memcmp(pActualResultBuffer, pContentInfoContentData->data, nMaxResultLen) && nActualResultLen == pContentInfoContentData->len)
+-            rInformation.nStatus = xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
++        if (nActualResultLen == pContentInfoContentData->len &&
++            !std::memcmp(pActualResultBuffer, pContentInfoContentData->data, nMaxResultLen) &&
++            HASH_HashBuf(eHashType, pActualResultBuffer, pContentInfoContentData->data, nActualResultLen) == SECSuccess)
++        {
++            aSignedDigestItem.data = pActualResultBuffer;
++            aSignedDigestItem.len = nActualResultLen;
++        }
+     }
+     else
+     {
+         // Detached, the usual case.
+-        SECItem aActualResultItem;
+-        aActualResultItem.data = pActualResultBuffer;
+-        aActualResultItem.len = nActualResultLen;
+-        if (NSS_CMSSignerInfo_Verify(pCMSSignerInfo, &aActualResultItem, nullptr) == SECSuccess)
+-            rInformation.nStatus = xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
++        aSignedDigestItem.data = pActualResultBuffer;
++        aSignedDigestItem.len = nActualResultLen;
+     }
+ 
++    if (aSignedDigestItem.data && NSS_CMSSignerInfo_Verify(pCMSSignerInfo, &aSignedDigestItem, nullptr) == SECSuccess)
++            rInformation.nStatus = xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
++
+     // Everything went fine
+     SECITEM_FreeItem(&aOidData.oid, false);
+     PORT_Free(pActualResultBuffer);
+@@ -2140,19 +2147,21 @@ bool Signing::Verify(const std::vector<unsigned char>& aData,
+         return false;
+     }
+ 
+-    // Update the message with the content blob.
+-    if (!CryptMsgUpdate(hMsg, aData.data(), aData.size(), FALSE))
++    if (!bNonDetached)
+     {
+-        SAL_WARN("svl.crypto", "ValidateSignature, CryptMsgUpdate() for the content failed: " << WindowsErrorString(GetLastError()));
+-        return false;
+-    }
++        // Update the message with the content blob.
++        if (!CryptMsgUpdate(hMsg, aData.data(), aData.size(), FALSE))
++        {
++            SAL_WARN("svl.crypto", "ValidateSignature, CryptMsgUpdate() for the content failed: " << WindowsErrorString(GetLastError()));
++            return false;
++        }
+ 
+-    if (!CryptMsgUpdate(hMsg, nullptr, 0, TRUE))
+-    {
+-        SAL_WARN("svl.crypto", "ValidateSignature, CryptMsgUpdate() for the last content failed: " << WindowsErrorString(GetLastError()));
+-        return false;
++        if (!CryptMsgUpdate(hMsg, nullptr, 0, TRUE))
++        {
++            SAL_WARN("svl.crypto", "ValidateSignature, CryptMsgUpdate() for the last content failed: " << WindowsErrorString(GetLastError()));
++            return false;
++        }
+     }
+-
+     // Get the CRYPT_ALGORITHM_IDENTIFIER from the message.
+     DWORD nDigestID = 0;
+     if (!CryptMsgGetParam(hMsg, CMSG_SIGNER_HASH_ALGORITHM_PARAM, 0, nullptr, &nDigestID))
+@@ -2228,6 +2237,8 @@ bool Signing::Verify(const std::vector<unsigned char>& aData,
+         rInformation.X509Datas.emplace_back(temp);
+     }
+ 
++    std::vector<BYTE> aContentParam;
++
+     if (bNonDetached)
+     {
+         // Not a detached signature.
+@@ -2238,19 +2249,16 @@ bool Signing::Verify(const std::vector<unsigned char>& aData,
+             return false;
+         }
+ 
+-        std::vector<BYTE> aContentParam(nContentParam);
++        aContentParam.resize(nContentParam);
+         if (!CryptMsgGetParam(hMsg, CMSG_CONTENT_PARAM, 0, aContentParam.data(), &nContentParam))
+         {
+             SAL_WARN("svl.crypto", "ValidateSignature: CryptMsgGetParam() failed");
+             return false;
+         }
+-
+-        if (VerifyNonDetachedSignature(aData, aContentParam))
+-            rInformation.nStatus = xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
+     }
+-    else
++
++    if (!bNonDetached || VerifyNonDetachedSignature(aData, aContentParam))
+     {
+-        // Detached, the usual case.
+         // Use the CERT_INFO from the signer certificate to verify the signature.
+         if (CryptMsgControl(hMsg, 0, CMSG_CTRL_VERIFY_SIGNATURE, pSignerCertContext->pCertInfo))
+             rInformation.nStatus = xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
+-- 
+2.47.2
+
diff -Nru libreoffice-7.4.7/debian/patches/series libreoffice-7.4.7/debian/patches/series
--- libreoffice-7.4.7/debian/patches/series	2025-02-04 15:35:28.000000000 +0000
+++ libreoffice-7.4.7/debian/patches/series	2025-03-18 17:53:50.000000000 +0000
@@ -67,3 +67,4 @@
 consider-VndSunStarExpand-an-exotic-protocol.diff
 look-at-embedded-protocols-too.diff
 Filter-out-more-unwanted-command-URIs.diff
+Improve-adbe.pkcs7.sha1-signature-verification.diff