Version in base suite: 7.4.7-1+deb12u7 Base version: libreoffice_7.4.7-1+deb12u7 Target version: libreoffice_7.4.7-1+deb12u8 Base file: /srv/ftp-master.debian.org/ftp/pool/main/libr/libreoffice/libreoffice_7.4.7-1+deb12u7.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/libr/libreoffice/libreoffice_7.4.7-1+deb12u8.dsc changelog | 7 patches/Improve-adbe.pkcs7.sha1-signature-verification.diff | 131 ++++++++++++ patches/series | 1 3 files changed, 139 insertions(+) diff -Nru libreoffice-7.4.7/debian/changelog libreoffice-7.4.7/debian/changelog --- libreoffice-7.4.7/debian/changelog 2025-02-06 17:18:37.000000000 +0000 +++ libreoffice-7.4.7/debian/changelog 2025-03-18 17:53:50.000000000 +0000 @@ -1,3 +1,10 @@ +libreoffice (4:7.4.7-1+deb12u8) bookworm-security; urgency=medium + + * debian/patches/Improve-adbe.pkcs7.sha1-signature-verification.diff: + as name says (CVE-2025-2866) + + -- Rene Engelhard Tue, 18 Mar 2025 18:53:50 +0100 + libreoffice (4:7.4.7-1+deb12u7) bookworm-security; urgency=medium * debian/patches/Filter-out-more-unwanted-command-URIs.diff: as name says; diff -Nru libreoffice-7.4.7/debian/patches/Improve-adbe.pkcs7.sha1-signature-verification.diff libreoffice-7.4.7/debian/patches/Improve-adbe.pkcs7.sha1-signature-verification.diff --- libreoffice-7.4.7/debian/patches/Improve-adbe.pkcs7.sha1-signature-verification.diff 1970-01-01 00:00:00.000000000 +0000 +++ libreoffice-7.4.7/debian/patches/Improve-adbe.pkcs7.sha1-signature-verification.diff 2025-03-18 17:53:10.000000000 +0000 @@ -0,0 +1,131 @@ +From 8de63d21a2abe3fcb6a00bb5f093a7bfe4ef5bf3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Juraj=20=C5=A0arinay?= +Date: Thu, 6 Mar 2025 16:44:01 +0100 +Subject: [PATCH] Improve adbe.pkcs7.sha1 signature verification + +For PDF signatures with SubFilter == adbe.pkcs7.sha1, we only +compared hash values and never actually checked SignatureValue +within SignerInfo. + +Fix bugs introduced by 055fd58711d57af4d96214aebd71b713303d5527 and +e58ed17e35989350afe3e9fd77b24515df782eac by verifying the actual +(public-key) signature after the hash values compare equal. + +Change-Id: I5fa3d60df214cc5efedd1c0eba6cf1b9faf05360 +Reviewed-on: https://gerrit.libreoffice.org/c/core/+/183059 +Reviewed-by: Miklos Vajna +Tested-by: Jenkins +(cherry picked from commit 9f687b06fc25156a2a3f4d688b56542612995aa9) +--- + svl/source/crypto/cryptosign.cxx | 54 ++++++++++++++++++-------------- + 1 file changed, 31 insertions(+), 23 deletions(-) + +diff --git a/svl/source/crypto/cryptosign.cxx b/svl/source/crypto/cryptosign.cxx +index 638bf9aa51d1..c2ad079747dc 100644 +--- a/svl/source/crypto/cryptosign.cxx ++++ b/svl/source/crypto/cryptosign.cxx +@@ -2091,23 +2091,30 @@ bool Signing::Verify(const std::vector& aData, + if (pAttribute) + rInformation.bHasSigningCertificate = true; + ++ SECItem aSignedDigestItem {siBuffer, nullptr, 0}; ++ + SECItem* pContentInfoContentData = pCMSSignedData->contentInfo.content.data; + if (bNonDetached && pContentInfoContentData && pContentInfoContentData->data) + { + // Not a detached signature. +- if (!std::memcmp(pActualResultBuffer, pContentInfoContentData->data, nMaxResultLen) && nActualResultLen == pContentInfoContentData->len) +- rInformation.nStatus = xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED; ++ if (nActualResultLen == pContentInfoContentData->len && ++ !std::memcmp(pActualResultBuffer, pContentInfoContentData->data, nMaxResultLen) && ++ HASH_HashBuf(eHashType, pActualResultBuffer, pContentInfoContentData->data, nActualResultLen) == SECSuccess) ++ { ++ aSignedDigestItem.data = pActualResultBuffer; ++ aSignedDigestItem.len = nActualResultLen; ++ } + } + else + { + // Detached, the usual case. +- SECItem aActualResultItem; +- aActualResultItem.data = pActualResultBuffer; +- aActualResultItem.len = nActualResultLen; +- if (NSS_CMSSignerInfo_Verify(pCMSSignerInfo, &aActualResultItem, nullptr) == SECSuccess) +- rInformation.nStatus = xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED; ++ aSignedDigestItem.data = pActualResultBuffer; ++ aSignedDigestItem.len = nActualResultLen; + } + ++ if (aSignedDigestItem.data && NSS_CMSSignerInfo_Verify(pCMSSignerInfo, &aSignedDigestItem, nullptr) == SECSuccess) ++ rInformation.nStatus = xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED; ++ + // Everything went fine + SECITEM_FreeItem(&aOidData.oid, false); + PORT_Free(pActualResultBuffer); +@@ -2140,19 +2147,21 @@ bool Signing::Verify(const std::vector& aData, + return false; + } + +- // Update the message with the content blob. +- if (!CryptMsgUpdate(hMsg, aData.data(), aData.size(), FALSE)) ++ if (!bNonDetached) + { +- SAL_WARN("svl.crypto", "ValidateSignature, CryptMsgUpdate() for the content failed: " << WindowsErrorString(GetLastError())); +- return false; +- } ++ // Update the message with the content blob. ++ if (!CryptMsgUpdate(hMsg, aData.data(), aData.size(), FALSE)) ++ { ++ SAL_WARN("svl.crypto", "ValidateSignature, CryptMsgUpdate() for the content failed: " << WindowsErrorString(GetLastError())); ++ return false; ++ } + +- if (!CryptMsgUpdate(hMsg, nullptr, 0, TRUE)) +- { +- SAL_WARN("svl.crypto", "ValidateSignature, CryptMsgUpdate() for the last content failed: " << WindowsErrorString(GetLastError())); +- return false; ++ if (!CryptMsgUpdate(hMsg, nullptr, 0, TRUE)) ++ { ++ SAL_WARN("svl.crypto", "ValidateSignature, CryptMsgUpdate() for the last content failed: " << WindowsErrorString(GetLastError())); ++ return false; ++ } + } +- + // Get the CRYPT_ALGORITHM_IDENTIFIER from the message. + DWORD nDigestID = 0; + if (!CryptMsgGetParam(hMsg, CMSG_SIGNER_HASH_ALGORITHM_PARAM, 0, nullptr, &nDigestID)) +@@ -2228,6 +2237,8 @@ bool Signing::Verify(const std::vector& aData, + rInformation.X509Datas.emplace_back(temp); + } + ++ std::vector aContentParam; ++ + if (bNonDetached) + { + // Not a detached signature. +@@ -2238,19 +2249,16 @@ bool Signing::Verify(const std::vector& aData, + return false; + } + +- std::vector aContentParam(nContentParam); ++ aContentParam.resize(nContentParam); + if (!CryptMsgGetParam(hMsg, CMSG_CONTENT_PARAM, 0, aContentParam.data(), &nContentParam)) + { + SAL_WARN("svl.crypto", "ValidateSignature: CryptMsgGetParam() failed"); + return false; + } +- +- if (VerifyNonDetachedSignature(aData, aContentParam)) +- rInformation.nStatus = xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED; + } +- else ++ ++ if (!bNonDetached || VerifyNonDetachedSignature(aData, aContentParam)) + { +- // Detached, the usual case. + // Use the CERT_INFO from the signer certificate to verify the signature. + if (CryptMsgControl(hMsg, 0, CMSG_CTRL_VERIFY_SIGNATURE, pSignerCertContext->pCertInfo)) + rInformation.nStatus = xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED; +-- +2.47.2 + diff -Nru libreoffice-7.4.7/debian/patches/series libreoffice-7.4.7/debian/patches/series --- libreoffice-7.4.7/debian/patches/series 2025-02-04 15:35:28.000000000 +0000 +++ libreoffice-7.4.7/debian/patches/series 2025-03-18 17:53:50.000000000 +0000 @@ -67,3 +67,4 @@ consider-VndSunStarExpand-an-exotic-protocol.diff look-at-embedded-protocols-too.diff Filter-out-more-unwanted-command-URIs.diff +Improve-adbe.pkcs7.sha1-signature-verification.diff