projects / libreoffice.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f262b58) | patch
[PATCH] Improve adbe.pkcs7.sha1 signature verification
authorJuraj Šarinay <juraj@sarinay.com>
Thu, 6 Mar 2025 15:44:01 +0000 (16:44 +0100)
committerDaniel Leidert <dleidert@debian.org>
Sat, 31 May 2025 03:25:27 +0000 (05:25 +0200)
commitd2e3a365a26d54199394a97d1c8c839dfff9aa2a
treee4d888ec5cbda4c18fdf8185b91c0def562608fdtree | snapshot
parentf262b5849129c6192170833fe71837efb6269f06commit | diff
[PATCH] Improve adbe.pkcs7.sha1 signature verification

For PDF signatures with SubFilter == adbe.pkcs7.sha1, we only
compared hash values and never actually checked SignatureValue
within SignerInfo.

Fix bugs introduced by 055fd58711d57af4d96214aebd71b713303d5527 and
e58ed17e35989350afe3e9fd77b24515df782eac by verifying the actual
(public-key) signature after the hash values compare equal.

Change-Id: I5fa3d60df214cc5efedd1c0eba6cf1b9faf05360
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/183059
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Tested-by: Jenkins
(cherry picked from commit 9f687b06fc25156a2a3f4d688b56542612995aa9)

Reviewed-By: Daniel Leidert <dleidert@debian.org>
Origin: https://git.libreoffice.org/core/+/9f687b06fc25156a2a3f4d688b56542612995aa9%5E%21
Bug: https://www.libreoffice.org/about-us/security/advisories/cve-2025-2866
Bug: https://github.com/advisories/GHSA-22mj-r7hq-f9h2
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2025-2866
Bug-Freexian-Security: https://deb.freexian.com/extended-lts/tracker/CVE-2025-2866

Gbp-Pq: Name CVE-2025-2866.patch
svl/source/crypto/cryptosign.cxx diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.