RHEL 9.2.0 ERRATUM
- sudo digest check fails incorrectly for certain file sizes (SHA512/SHA384) Resolves: rhbz#2115789 Signed-off-by: Radovan Sroka <rsroka@redhat.com>
This commit is contained in:
Radovan Sroka
parent
ca5654c8f2
commit
841b1c9d59
|
|
@ -0,0 +1,26 @@
|
|||
From e4f08157b6693b956fe9c7c987bc3eeac1abb2cc Mon Sep 17 00:00:00 2001
|
||||
From: Tim Shearer <timtimminz@gmail.com>
|
||||
Date: Tue, 2 Aug 2022 08:48:32 -0400
|
||||
Subject: [PATCH] Fix incorrect SHA384/512 digest calculation.
|
||||
|
||||
Resolves an issue where certain message sizes result in an incorrect
|
||||
checksum. Specifically, when:
|
||||
(n*8) mod 1024 == 896
|
||||
where n is the file size in bytes.
|
||||
---
|
||||
lib/util/sha2.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/util/sha2.c b/lib/util/sha2.c
|
||||
index b7a28cca8..f769f77f2 100644
|
||||
--- a/lib/util/sha2.c
|
||||
+++ b/lib/util/sha2.c
|
||||
@@ -490,7 +490,7 @@ SHA512Pad(SHA2_CTX *ctx)
|
||||
SHA512Update(ctx, (uint8_t *)"\200", 1);
|
||||
|
||||
/* Pad message such that the resulting length modulo 1024 is 896. */
|
||||
- while ((ctx->count[0] & 1008) != 896)
|
||||
+ while ((ctx->count[0] & 1016) != 896)
|
||||
SHA512Update(ctx, (uint8_t *)"\0", 1);
|
||||
|
||||
/* Append length of message in bits and do final SHA512Transform(). */
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
Summary: Allows restricted root access for specified users
|
||||
Name: sudo
|
||||
Version: 1.9.5p2
|
||||
Release: 7%{?dist}
|
||||
Release: 8%{?dist}
|
||||
License: ISC
|
||||
URL: https://www.sudo.ws
|
||||
|
||||
|
|
@ -31,6 +31,7 @@ Patch3: sudo-1.9.5-selinux-t.patch
|
|||
Patch4: sudo-1.9.5-sesh-bad-condition.patch
|
||||
Patch5: sudo-1.9.5-utmp-leak.patch
|
||||
Patch6: covscan.patch
|
||||
Patch7: sha-digest-calc.patch
|
||||
|
||||
%description
|
||||
Sudo (superuser do) allows a system administrator to give certain
|
||||
|
|
@ -69,6 +70,7 @@ BuildRequires: python3-devel
|
|||
%patch4 -p1 -b .bad-cond
|
||||
%patch5 -p1 -b .utmp-leak
|
||||
%patch6 -p1 -b .covscan
|
||||
%patch7 -p1 -b .sha-digest
|
||||
|
||||
%build
|
||||
# Remove bundled copy of zlib
|
||||
|
|
@ -243,6 +245,11 @@ EOF
|
|||
%attr(0644,root,root) %{_libexecdir}/sudo/python_plugin.so
|
||||
|
||||
%changelog
|
||||
* Wed Jan 11 2023 Radovan Sroka <rsroka@redhat.com> - 1.9.5p2-8
|
||||
RHEL 9.2.0 ERRATUM
|
||||
- sudo digest check fails incorrectly for certain file sizes (SHA512/SHA384)
|
||||
Resolves: rhbz#2115789
|
||||
|
||||
* Fri Aug 20 2021 Radovan Sroka <rsroka@redhat.com> - 1.9.5p2-7
|
||||
- utmp resource leak in sudo
|
||||
Resolves: rhbz#1986579
|
||||
|
|
|
|||
Loading…
Reference in New Issue