import sudo-1.8.29-10.el8

2023-05-16 06:17:14 +00:00 · 2023-05-16 06:17:14 +00:00 · aa5f31f663
commit aa5f31f663
parent e879763e7b
2 changed files with 36 additions and 5 deletions
--- a/SOURCES/sha-digest-calc.patch
+++ b/SOURCES/sha-digest-calc.patch
@ -0,0 +1,26 @@
+From e4f08157b6693b956fe9c7c987bc3eeac1abb2cc Mon Sep 17 00:00:00 2001
+From: Tim Shearer <timtimminz@gmail.com>
+Date: Tue, 2 Aug 2022 08:48:32 -0400
+Subject: [PATCH] Fix incorrect SHA384/512 digest calculation.
+
+Resolves an issue where certain message sizes result in an incorrect
+checksum. Specifically, when:
+(n*8) mod 1024 == 896
+where n is the file size in bytes.
+---
+ lib/util/sha2.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/util/sha2.c b/lib/util/sha2.c
+index b7a28cca8..f769f77f2 100644
+--- a/lib/util/sha2.c
+++ b/lib/util/sha2.c
+@@ -490,7 +490,7 @@ SHA512Pad(SHA2_CTX *ctx)
+ 	SHA512Update(ctx, (uint8_t *)"\200", 1);
+ 
+ 	/* Pad message such that the resulting length modulo 1024 is 896. */
+-	while ((ctx->count[0] & 1008) != 896)
+	while ((ctx->count[0] & 1016) != 896)
+ 		SHA512Update(ctx, (uint8_t *)"\0", 1);
+ 
+ 	/* Append length of message in bits and do final SHA512Transform(). */
--- a/SPECS/sudo.spec
+++ b/SPECS/sudo.spec
@ -1,7 +1,7 @@
 Summary: Allows restricted root access for specified users
 Name: sudo
 Version: 1.8.29
-Release: 8%{?dist}.1
+Release: 10%{?dist}
 License: ISC
 Group: Applications/System
 URL: https://www.sudo.ws/
@ -76,7 +76,9 @@ Patch21: sudo-1.9.7-krb5ccname.patch
 # 1986572 - utmp resource leak in sudo
 Patch22: sudo-1.9.7-utmp-leak.patch

-# 2161220 - EMBARGOED CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user [rhel-8.7.0]
+# 2114576 - sudo digest check fails incorrectly for certain file sizes (SHA512/SHA384)
+Patch23: sha-digest-calc.patch
+# 2161221 - EMBARGOED CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user [rhel-8.8.0]
 Patch24: sudo-1.9.12-CVE-2023-22809-whitelist.patch
 Patch25: sudo-1.9.12-CVE-2023-22809-backports.patch
 Patch26: sudo-1.9.12-CVE-2023-22809.patch
@ -133,6 +135,7 @@ plugins that use %{name}.
 %patch21 -p1 -b .krb5ccname
 %patch22 -p1 -b .utmp-leak

+%patch23 -p1 -b .sha-digest
 %patch24 -p1 -b .whitelist
 %patch25 -p1 -b .backports
 %patch26 -p1 -b .cve
@ -295,10 +298,12 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man8/sudo_plugin.8*

 %changelog
-* Wed Jan 11 2023 Radovan Sroka <rsroka@redhat.com> - 1.8.29.8.1
-RHEL 8.7.0.Z ERRATUM
+* Wed Jan 11 2023 Radovan Sroka <rsroka@redhat.com> - 1.8.29.9
+RHEL 8.8.0 ERRATUM
 - CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user
-Resolves: rhbz#2161220
+Resolves: rhbz#2161221
+- sudo digest check fails incorrectly for certain file sizes (SHA512/SHA384)
+Resolves: rhbz#2114576

 * Mon Dec 06 2021 Radovan Sroka <rsroka@redhat.com> - 1.8.29-8
 RHEL 8.6.0 ERRATUM