rpms/sudo
5
0
Fork 0
Code Issues Pull Requests Releases Activity

import sudo-1.9.5p2-9.el9

Browse Source
This commit is contained in:
CentOS Sources 2023-05-09 05:40:46 +00:00 committed by Stepan Oksanichenko
parent 89851ca7bd
commit 1278774524
2 changed files with 39 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
SOURCES/sha-digest-calc.patch Normal file
View File

@ -0,0 +1,26 @@
From e4f08157b6693b956fe9c7c987bc3eeac1abb2cc Mon Sep 17 00:00:00 2001
From: Tim Shearer <timtimminz@gmail.com>
Date: Tue, 2 Aug 2022 08:48:32 -0400
Subject: [PATCH] Fix incorrect SHA384/512 digest calculation.
Resolves an issue where certain message sizes result in an incorrect
checksum. Specifically, when:
(n*8) mod 1024 == 896
where n is the file size in bytes.
---
lib/util/sha2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/util/sha2.c b/lib/util/sha2.c
index b7a28cca8..f769f77f2 100644
--- a/lib/util/sha2.c
+++ b/lib/util/sha2.c
@@ -490,7 +490,7 @@ SHA512Pad(SHA2_CTX *ctx)
SHA512Update(ctx, (uint8_t *)"\200", 1);
/* Pad message such that the resulting length modulo 1024 is 896. */
- while ((ctx->count[0] & 1008) != 896)
+ while ((ctx->count[0] & 1016) != 896)
SHA512Update(ctx, (uint8_t *)"\0", 1);
/* Append length of message in bits and do final SHA512Transform(). */

24
SPECS/sudo.spec
View File

@ -1,7 +1,7 @@
Summary: Allows restricted root access for specified users Summary: Allows restricted root access for specified users
Name: sudo Name: sudo
Version: 1.9.5p2 Version: 1.9.5p2
Release: 7%{?dist}.1 Release: 9%{?dist}
License: ISC License: ISC
URL: https://www.sudo.ws URL: https://www.sudo.ws
@ -25,17 +25,14 @@ BuildRequires: sendmail
BuildRequires: gettext BuildRequires: gettext
BuildRequires: zlib-devel BuildRequires: zlib-devel
Patch1: sudo-conf.patch Patch1: sudo-conf.patch
Patch2: sudo-1.9.5-undefined-symbol.patch Patch2: sudo-1.9.5-undefined-symbol.patch
Patch3: sudo-1.9.5-selinux-t.patch Patch3: sudo-1.9.5-selinux-t.patch
Patch4: sudo-1.9.5-sesh-bad-condition.patch Patch4: sudo-1.9.5-sesh-bad-condition.patch
Patch5: sudo-1.9.5-utmp-leak.patch Patch5: sudo-1.9.5-utmp-leak.patch
Patch6: covscan.patch Patch6: covscan.patch
Patch7: sha-digest-calc.patch
# 2161224 - EMBARGOED CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user [rhel-9.1.0] Patch8: sudo-1.9.12-CVE-2023-22809.patch
Patch7: sudo-1.9.12-CVE-2023-22809.patch
%description %description
Sudo (superuser do) allows a system administrator to give certain Sudo (superuser do) allows a system administrator to give certain
@ -74,8 +71,8 @@ BuildRequires: python3-devel
%patch4 -p1 -b .bad-cond %patch4 -p1 -b .bad-cond
%patch5 -p1 -b .utmp-leak %patch5 -p1 -b .utmp-leak
%patch6 -p1 -b .covscan %patch6 -p1 -b .covscan
%patch7 -p1 -b .sha-digest
%patch7 -p1 -b .cve %patch8 -p1 -b .cve-fix
%build %build
# Remove bundled copy of zlib # Remove bundled copy of zlib
@ -250,10 +247,15 @@ EOF
%attr(0644,root,root) %{_libexecdir}/sudo/python_plugin.so %attr(0644,root,root) %{_libexecdir}/sudo/python_plugin.so
%changelog %changelog
* Tue Jan 17 2023 Radovan Sroka <rsroka@redhat.com> - 1.9.5p2-7.1 * Thu Jan 19 2023 Radovan Sroka <rsroka@redhat.com> - 1.9.5p2-9
RHEL 9.1.0.Z ERRATUM RHEL 9.2.0 ERRATUM
- CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user - CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user
Resolves: rhbz#2161224 Resolves: rhbz#2161225
* Wed Jan 11 2023 Radovan Sroka <rsroka@redhat.com> - 1.9.5p2-8
RHEL 9.2.0 ERRATUM
- sudo digest check fails incorrectly for certain file sizes (SHA512/SHA384)
Resolves: rhbz#2115789
* Fri Aug 20 2021 Radovan Sroka <rsroka@redhat.com> - 1.9.5p2-7 * Fri Aug 20 2021 Radovan Sroka <rsroka@redhat.com> - 1.9.5p2-7
- utmp resource leak in sudo - utmp resource leak in sudo