import sudo-1.8.29-9.el8

This commit is contained in:
CentOS Sources 2023-01-14 08:13:06 +00:00 committed by Stepan Oksanichenko
parent 97a18cf9fa
commit 140af9f6a6
2 changed files with 37 additions and 1 deletions

View File

@ -0,0 +1,26 @@
From e4f08157b6693b956fe9c7c987bc3eeac1abb2cc Mon Sep 17 00:00:00 2001
From: Tim Shearer <timtimminz@gmail.com>
Date: Tue, 2 Aug 2022 08:48:32 -0400
Subject: [PATCH] Fix incorrect SHA384/512 digest calculation.
Resolves an issue where certain message sizes result in an incorrect
checksum. Specifically, when:
(n*8) mod 1024 == 896
where n is the file size in bytes.
---
lib/util/sha2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/util/sha2.c b/lib/util/sha2.c
index b7a28cca8..f769f77f2 100644
--- a/lib/util/sha2.c
+++ b/lib/util/sha2.c
@@ -490,7 +490,7 @@ SHA512Pad(SHA2_CTX *ctx)
SHA512Update(ctx, (uint8_t *)"\200", 1);
/* Pad message such that the resulting length modulo 1024 is 896. */
- while ((ctx->count[0] & 1008) != 896)
+ while ((ctx->count[0] & 1016) != 896)
SHA512Update(ctx, (uint8_t *)"\0", 1);
/* Append length of message in bits and do final SHA512Transform(). */

View File

@ -1,7 +1,7 @@
Summary: Allows restricted root access for specified users Summary: Allows restricted root access for specified users
Name: sudo Name: sudo
Version: 1.8.29 Version: 1.8.29
Release: 8%{?dist} Release: 9%{?dist}
License: ISC License: ISC
Group: Applications/System Group: Applications/System
URL: https://www.sudo.ws/ URL: https://www.sudo.ws/
@ -76,6 +76,9 @@ Patch21: sudo-1.9.7-krb5ccname.patch
# 1986572 - utmp resource leak in sudo # 1986572 - utmp resource leak in sudo
Patch22: sudo-1.9.7-utmp-leak.patch Patch22: sudo-1.9.7-utmp-leak.patch
# 2114576 - sudo digest check fails incorrectly for certain file sizes (SHA512/SHA384)
Patch23: sha-digest-calc.patch
%description %description
Sudo (superuser do) allows a system administrator to give certain Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all) commands users (or groups of users) the ability to run some (or all) commands
@ -128,6 +131,8 @@ plugins that use %{name}.
%patch21 -p1 -b .krb5ccname %patch21 -p1 -b .krb5ccname
%patch22 -p1 -b .utmp-leak %patch22 -p1 -b .utmp-leak
%patch23 -p1 -b .sha-digest
%build %build
# Remove bundled copy of zlib # Remove bundled copy of zlib
rm -rf zlib/ rm -rf zlib/
@ -286,6 +291,11 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/sudo_plugin.8* %{_mandir}/man8/sudo_plugin.8*
%changelog %changelog
* Wed Jan 11 2023 Radovan Sroka <rsroka@redhat.com> - 1.8.29.9
RHEL 8.8.0 ERRATUM
- sudo digest check fails incorrectly for certain file sizes (SHA512/SHA384)
Resolves: rhbz#2114576
* Mon Dec 06 2021 Radovan Sroka <rsroka@redhat.com> - 1.8.29-8 * Mon Dec 06 2021 Radovan Sroka <rsroka@redhat.com> - 1.8.29-8
RHEL 8.6.0 ERRATUM RHEL 8.6.0 ERRATUM
- sudoedit does not work with selinux args - sudoedit does not work with selinux args