Project

General

Profile

Actions
Copy link

Bug #1122

closed

LibreOffice Signed binaries appear to have been time stamped incorrectly after certificate expires

Added by - Raal about 9 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

Tags:
URL:

Description

Ci-infra bugs are now tracked in redmine. Copied from bugzilla bug #86780
https://wiki.documentfoundation.org/Category:Infrastructure
https://redmine.documentfoundation.org/projects/infrastructure
https://redmine.documentfoundation.org/issues/1106
---
If you look at the Digital Signature Details for LibreOffice binaries after a certificate has expired it shows that the required certificate is not within its validity period even though the file was correctly signed before the certificate has expired.
This is not usual and can lead to issues within the Windows environment (see below).
I think this is because when these binaries are signed the “Lifetime Signing” EKU is set.
You can tell this is happening by looking at the Countersignatures. Timestamp which always shows the current time (see attached screenshot).
This can cause poor performance when the LibreOffice is operating and although unlikely could potentially cause some anti-malware vendors to incorrectly classify LibreOffice binaries as malware.

Actions
Copy link
 #1

Updated by Christian Lohmaier over 7 years ago

  • Status changed from New to Closed

updating this ticket fell through the cracks.

All builds starting with 5.0 have been signed with a certificate that properly supports timestamping/the signature won't be invalid after the certificate itself expires.

Actions
Copy link

Also available in: Atom PDF