diff --git a/SOURCES/sha-digest-calc.patch b/SOURCES/sha-digest-calc.patch new file mode 100644 index 0000000..affab8b --- /dev/null +++ b/SOURCES/sha-digest-calc.patch @@ -0,0 +1,26 @@ +From e4f08157b6693b956fe9c7c987bc3eeac1abb2cc Mon Sep 17 00:00:00 2001 +From: Tim Shearer +Date: Tue, 2 Aug 2022 08:48:32 -0400 +Subject: [PATCH] Fix incorrect SHA384/512 digest calculation. + +Resolves an issue where certain message sizes result in an incorrect +checksum. Specifically, when: +(n*8) mod 1024 == 896 +where n is the file size in bytes. +--- + lib/util/sha2.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/util/sha2.c b/lib/util/sha2.c +index b7a28cca8..f769f77f2 100644 +--- a/lib/util/sha2.c ++++ b/lib/util/sha2.c +@@ -490,7 +490,7 @@ SHA512Pad(SHA2_CTX *ctx) + SHA512Update(ctx, (uint8_t *)"\200", 1); + + /* Pad message such that the resulting length modulo 1024 is 896. */ +- while ((ctx->count[0] & 1008) != 896) ++ while ((ctx->count[0] & 1016) != 896) + SHA512Update(ctx, (uint8_t *)"\0", 1); + + /* Append length of message in bits and do final SHA512Transform(). */ diff --git a/SPECS/sudo.spec b/SPECS/sudo.spec index e3610e4..8c29268 100644 --- a/SPECS/sudo.spec +++ b/SPECS/sudo.spec @@ -1,7 +1,7 @@ Summary: Allows restricted root access for specified users Name: sudo Version: 1.9.5p2 -Release: 7%{?dist}.1 +Release: 9%{?dist} License: ISC URL: https://www.sudo.ws @@ -25,17 +25,14 @@ BuildRequires: sendmail BuildRequires: gettext BuildRequires: zlib-devel - Patch1: sudo-conf.patch Patch2: sudo-1.9.5-undefined-symbol.patch Patch3: sudo-1.9.5-selinux-t.patch Patch4: sudo-1.9.5-sesh-bad-condition.patch Patch5: sudo-1.9.5-utmp-leak.patch Patch6: covscan.patch - -# 2161224 - EMBARGOED CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user [rhel-9.1.0] -Patch7: sudo-1.9.12-CVE-2023-22809.patch - +Patch7: sha-digest-calc.patch +Patch8: sudo-1.9.12-CVE-2023-22809.patch %description Sudo (superuser do) allows a system administrator to give certain @@ -74,8 +71,8 @@ BuildRequires: python3-devel %patch4 -p1 -b .bad-cond %patch5 -p1 -b .utmp-leak %patch6 -p1 -b .covscan - -%patch7 -p1 -b .cve +%patch7 -p1 -b .sha-digest +%patch8 -p1 -b .cve-fix %build # Remove bundled copy of zlib @@ -250,10 +247,15 @@ EOF %attr(0644,root,root) %{_libexecdir}/sudo/python_plugin.so %changelog -* Tue Jan 17 2023 Radovan Sroka - 1.9.5p2-7.1 -RHEL 9.1.0.Z ERRATUM +* Thu Jan 19 2023 Radovan Sroka - 1.9.5p2-9 +RHEL 9.2.0 ERRATUM - CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user -Resolves: rhbz#2161224 +Resolves: rhbz#2161225 + +* Wed Jan 11 2023 Radovan Sroka - 1.9.5p2-8 +RHEL 9.2.0 ERRATUM +- sudo digest check fails incorrectly for certain file sizes (SHA512/SHA384) +Resolves: rhbz#2115789 * Fri Aug 20 2021 Radovan Sroka - 1.9.5p2-7 - utmp resource leak in sudo