OFC 2016 x64_Warnings about SH1 message digests

OFC 2016 x64_Warnings about SH1 message digests

Postby rjohnson68 » 23.01.2020, 20:02

Hello, after building the .ISO files I was reviewing the download.log and received several warnings about patch files deleted because of mismatching SHA-1 message digests. (See below)

Code: Select all
Thu 01/23/2020 11:35:14.24 - Info: Created integrity database for ofc glb
Thu 01/23/2020 11:35:14.40 - Warning: Deleted file ..\ofc\glb\ftp7_x64_kb2716513_db9ab2a657976118b8e2e5db016ed3b09c6db2e9.cab due to mismatching SHA-1 message digest (db9ab2a657976118b8e2e5db016ed3b09c6db2e9)
Thu 01/23/2020 11:35:14.49 - Warning: Deleted file ..\ofc\glb\aspnetwebfxupdate_kb2992080_55c239c6b443cb122b04667a9be948b03046bf88.exe due to mismatching SHA-1 message digest (55c239c6b443cb122b04667a9be948b03046bf88)
Thu 01/23/2020 11:35:14.58 - Warning: Deleted file ..\ofc\glb\ftp75_en_x64_kb2716513_69a517171137d58517ddfe9d35cc96e7bff0572b.cab due to mismatching SHA-1 message digest (69a517171137d58517ddfe9d35cc96e7bff0572b)
Thu 01/23/2020 11:35:14.76 - Warning: Deleted file ..\ofc\glb\mschart_kb2500170_f93011c4baaa9df62d56314e64416dd7f63ea983.exe due to mismatching SHA-1 message digest (f93011c4baaa9df62d56314e64416dd7f63ea983)
Thu 01/23/2020 11:35:15.22 - Warning: Deleted file ..\ofc\glb\vcredist_x64_a7c83077b8a28d409e36316d2d7321fa0ccdb7e8.exe due to mismatching SHA-1 message digest (a7c83077b8a28d409e36316d2d7321fa0ccdb7e8)
Thu 01/23/2020 11:35:15.30 - Warning: Deleted file ..\ofc\glb\vcredist_x86_470640aa4bb7db8e69196b5edb0010933569e98d.exe due to mismatching SHA-1 message digest (470640aa4bb7db8e69196b5edb0010933569e98d)
Thu 01/23/2020 11:35:15.38 - Warning: Deleted file ..\ofc\glb\vcredist_x86_b8fab0bb7f62a24ddfe77b19cd9a1451abd7b847.exe due to mismatching SHA-1 message digest (b8fab0bb7f62a24ddfe77b19cd9a1451abd7b847)
Thu 01/23/2020 11:35:18.20 - Warning: Deleted file ..\ofc\glb\works8_kb977304_es-es_4a8bfde1bb0568caced8b77e7aa99d379b95a8a6.cab due to mismatching SHA-1 message digest (4a8bfde1bb0568caced8b77e7aa99d379b95a8a6)
Thu 01/23/2020 11:35:18.27 - Warning: Deleted file ..\ofc\glb\works8_kb977304_da-dk_80454c3bf7e0e60f1e7554e63c295287cba79e26.cab due to mismatching SHA-1 message digest (80454c3bf7e0e60f1e7554e63c295287cba79e26)
Thu 01/23/2020 11:35:18.35 - Warning: Deleted file ..\ofc\glb\works8_kb977304_hu-hu_bedccc879ca1a1686dcd1af47943b174e64ce16f.cab due to mismatching SHA-1 message digest (bedccc879ca1a1686dcd1af47943b174e64ce16f)
Thu 01/23/2020 11:35:18.43 - Warning: Deleted file ..\ofc\glb\works8_kb977304_mk-mk_83e7cc7fb24ae3d696f40e1f0930104855ef8c96.cab due to mismatching SHA-1 message digest (83e7cc7fb24ae3d696f40e1f0930104855ef8c96)
Thu 01/23/2020 11:35:18.50 - Warning: Deleted file ..\ofc\glb\works8_kb977304_zh-cn_7e50fbecffe01c914281706f01680dc1a158068d.cab due to mismatching SHA-1 message digest (7e50fbecffe01c914281706f01680dc1a158068d)
Thu 01/23/2020 11:35:18.58 - Warning: Deleted file ..\ofc\glb\works8_kb977304_tr-tr_b0eb62d7c3a3a7aa4831dae29ff91a9bc41b0370.cab due to mismatching SHA-1 message digest (b0eb62d7c3a3a7aa4831dae29ff91a9bc41b0370)
Thu 01/23/2020 11:35:18.65 - Warning: Deleted file ..\ofc\glb\works9_kb2754670_da-dk_cfbe410b9827e752986d0a5ee3e867cafdefac9b.cab due to mismatching SHA-1 message digest (cfbe410b9827e752986d0a5ee3e867cafdefac9b)
Thu 01/23/2020 11:35:18.73 - Warning: Deleted file ..\ofc\glb\works9_kb2754670_en-us_a322b43f529beb64ef00e992ae268a1b24ad0783.cab due to mismatching SHA-1 message digest (a322b43f529beb64ef00e992ae268a1b24ad0783)
Thu 01/23/2020 11:35:21.33 - Info: Ending WSUS Offline Update download for ofc glb

Is this a know issue and is there a potential problem here?

Thanks
RJ
Last edited by Dalai on 23.01.2020, 20:24, edited 1 time in total.
Reason: Enclosed log output in CODE tags for better readability
rjohnson68
 
Posts: 1
Joined: 23.01.2020, 19:48

Re: OFC 2016 x64_Warnings about SH1 message digests

Postby Dalai » 23.01.2020, 20:25

Which OS are you running the download on? IIRC there is an issue on XP systems for some reason.

Regards
Dalai
Dalai
 
Posts: 1041
Joined: 12.07.2016, 21:00

Re: OFC 2016 x64_Warnings about SH1 message digests

Postby hbuhrmester » 23.01.2020, 22:02

These are old updates and not really related to Microsoft Office. This is a result of the old method for determining dynamic Office updates: Since the file package.xml is not sorted anymore, the script DownloadUpdates.cmd only downloads some random files.

Microsoft Works 9 was released 2007.
https://en.wikipedia.org/wiki/Microsoft_Works

vcredist_x86_b8fab0bb7f62a24ddfe77b19cd9a1451abd7b847.exe and vcredist_x86_470640aa4bb7db8e69196b5edb0010933569e98d.exe seem to be updates for Visual C++ runtime libraries. These shouldn't be in the download directory client/ofc/glb either.

You can try my patch for Office downloads, if you like:
https://forums.wsusoffline.net/viewtopic.php?f=3&t=9954&start=10#p30560



Yet there is still another bug in the script DownloadUpdates.cmd:

This message "mismatching SHA-1 digests" comes from comparing the SHA-1 hash, which is embedded into the filename, with the SHA-1 hash, which is calculated with hashdeep and saved to the integrity database client/md/hashes-ofc-glb.txt.

This doesn't involve any certificates and digital file signatures, and it doesn't depend on Sysinternals Sigcheck. It just compares the expected SHA-1 hash from the filename with the calculated value. This only needs hashdeep (or any similar utility like sha1sum) to calculate the file hashes, and therefore, it also works on Linux without running wine and Sigcheck.

But, actually, all SHA-1 hashes are correct: You can see the expected values in the filename and the calculated values in parentheses, and they are all the same.

So, the problem is, how the script excises the SHA-1 hash from the filename. To make that short, the line:

Code: Select all
for /F "tokens=2 delims=_" %%k in ("%%j") do (


only works, if there is exactly one underscore in the filename. Then %%k will be the excised SHA-1 hash. If there are two or more underscores, then %%k will be something else. This will break the test and delete some innocent file.

But that doesn't really matter, because these are not Office updates. I have never seen this bug with real Office or Windows updates.
hbuhrmester
 
Posts: 525
Joined: 11.10.2013, 20:59

Re: OFC 2016 x64_Warnings about SH1 message digests

Postby Dalai » 23.01.2020, 23:08

hbuhrmester wrote:So, the problem is, how the script excises the SHA-1 hash from the filename. To make that short, the line:

Code: Select all
for /F "tokens=2 delims=_" %%k in ("%%j") do (


only works, if there is exactly one underscore in the filename.

Well, that could be solved by extracting the last 40 characters of the filename instead of relying on the filename structure.
Code: Select all
if "%hash%"=="%filename:~-40%" ...
Problem is that this doesn't work with for-loop variables but only with regular environment variables - thus probably requiring some function call (call of goto :destination).

Apart from that the nested if-condition in this section of the script could be merged into one if-condition (on a single line), like this:
Code: Select all
if /i "%%~xj" NEQ ".crt" if /i "%%~xj" NEQ ".crl" if /i "%%l" NEQ "%%i" (
Maybe not the easiest to read but nesting isn't really readable either...

Regards
Dalai
Dalai
 
Posts: 1041
Joined: 12.07.2016, 21:00


Return to Fehlende Updates / Missing updates

Who is online

Users browsing this forum: No registered users and 50 guests