From f035421fd5e24c8c159e46e4552779ba03e1cc88 Mon Sep 17 00:00:00 2001 From: modric Date: Wed, 23 Nov 2022 02:59:41 +0000 Subject: [PATCH] Backport patches from upstream community --- ...orrect-SHA384-512-digest-calculation.patch | 29 +++++++++++++++++++ ...fy-zero-out-des_pass-before-returnin.patch | 25 ++++++++++++++++ sudo.spec | 7 ++++- 3 files changed, 60 insertions(+), 1 deletion(-) create mode 100644 backport-Fix-incorrect-SHA384-512-digest-calculation.patch create mode 100644 backport-sudo_passwd_verify-zero-out-des_pass-before-returnin.patch diff --git a/backport-Fix-incorrect-SHA384-512-digest-calculation.patch b/backport-Fix-incorrect-SHA384-512-digest-calculation.patch new file mode 100644 index 0000000..04f72d4 --- /dev/null +++ b/backport-Fix-incorrect-SHA384-512-digest-calculation.patch @@ -0,0 +1,29 @@ +From e4f08157b6693b956fe9c7c987bc3eeac1abb2cc Mon Sep 17 00:00:00 2001 +From: Tim Shearer +Date: Tue, 2 Aug 2022 08:48:32 -0400 +Subject: [PATCH] Fix incorrect SHA384/512 digest calculation. + +Resolves an issue where certain message sizes result in an incorrect +checksum. Specifically, when: +(n*8) mod 1024 == 896 +where n is the file size in bytes. +--- + lib/util/sha2.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/util/sha2.c b/lib/util/sha2.c +index b7a28cca8..f769f77f2 100644 +--- a/lib/util/sha2.c ++++ b/lib/util/sha2.c +@@ -490,7 +490,7 @@ SHA512Pad(SHA2_CTX *ctx) + SHA512Update(ctx, (uint8_t *)"\200", 1); + + /* Pad message such that the resulting length modulo 1024 is 896. */ +- while ((ctx->count[0] & 1008) != 896) ++ while ((ctx->count[0] & 1016) != 896) + SHA512Update(ctx, (uint8_t *)"\0", 1); + + /* Append length of message in bits and do final SHA512Transform(). */ +-- +2.33.0 + diff --git a/backport-sudo_passwd_verify-zero-out-des_pass-before-returnin.patch b/backport-sudo_passwd_verify-zero-out-des_pass-before-returnin.patch new file mode 100644 index 0000000..a232dc9 --- /dev/null +++ b/backport-sudo_passwd_verify-zero-out-des_pass-before-returnin.patch @@ -0,0 +1,25 @@ +From 9f948224acb911cbec1ed9041887c1fe62c59877 Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Tue, 8 Nov 2022 13:17:11 -0700 +Subject: [PATCH] sudo_passwd_verify: zero out des_pass before returning. + +--- + plugins/sudoers/auth/passwd.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/plugins/sudoers/auth/passwd.c b/plugins/sudoers/auth/passwd.c +index 636c07bab..89da96ff6 100644 +--- a/plugins/sudoers/auth/passwd.c ++++ b/plugins/sudoers/auth/passwd.c +@@ -95,6 +95,8 @@ sudo_passwd_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct + matched = !strcmp(pw_epasswd, epass); + } + ++ explicit_bzero(des_pass, sizeof(des_pass)); ++ + debug_return_int(matched ? AUTH_SUCCESS : AUTH_FAILURE); + } + #else +-- +2.33.0 + diff --git a/sudo.spec b/sudo.spec index f1e9808..15f2810 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,6 +1,6 @@ Name: sudo Version: 1.9.8p2 -Release: 4 +Release: 5 Summary: Allows restricted root access for specified users License: ISC URL: http://www.courtesan.com/sudo/ @@ -14,6 +14,8 @@ Patch0: backport-0001-CVE-2022-37434.patch Patch1: backport-0002-CVE-2022-37434.patch Patch2: backport-CVE-2022-33070.patch Patch3: backport-Fix-CVE-2022-43995-potential-heap-overflow-for-passwords.patch +Patch4: backport-Fix-incorrect-SHA384-512-digest-calculation.patch +Patch5: backport-sudo_passwd_verify-zero-out-des_pass-before-returnin.patch Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: pam @@ -155,6 +157,9 @@ install -p -c -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sudo-i %exclude %{_pkgdocdir}/ChangeLog %changelog +* Wed Nov 23 2022 wangyu - 1.9.8p2-5 +- Backport patches from upstream community + * Sat Nov 5 2022 wangyu - 1.9.8p2-4 - Fix CVE-2022-43995 -- Gitee