Accepting request 773431 from home:trenn:branches:systemsmanagement

- bsc#1163026 - CVE-2020-5208 - Use license macro for COPYING, instead of doc - Add ChangeLog mainline log to docs for shorter obs changelogs. This will be the last more detailed changelog, due to more important buffer overflow patches. Otherwise this changelog will not include (mainline) changes anymore. - Update to version 1.8.18+git20200204.7ccea28: * fru, sdr: Fix id_string buffer overflows * lanp: Fix buffer overflows in get_lan_param_select * channel: Fix buffer overflow * session: Fix buffer overflow in ipmi_get_session_info * fru: Fix buffer overflow in ipmi_spd_print_fru * fru: Fix buffer overflow vulnerabilities * chassis: bootmbox: Refix 62a04390 * configure: Drop requirement for curses et. al libs - Add a configure option to disable IANA PEN database internet download A autotools_define_DOWNLOAD.diff D create_pen_list_from_local_file.patch - New pen database: M enterprise-numbers - Patches adjusted to latest mainline code: M fix_file_permissions.patch M ipmitool_adjust_suse_paths.patch M several_more_compile_fixes.patch OBS-URL: https://build.opensuse.org/request/show/773431 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ipmitool?expand=0&rev=51
2020-02-11 12:28:03 +00:00 · 2020-02-11 12:28:03 +00:00 · 0728bd93f6
commit 0728bd93f6
parent 4cb932c196
11 changed files with 10954 additions and 686 deletions
--- a/4
+++ b/4
@ -2,9 +2,13 @@
  <service mode="disabled" name="tar_scm">
    <param name="url">https://github.com/ipmitool/ipmitool.git</param>
    <param name="scm">git</param>
+    <param name="version">HEAD</param>
    <param name="changesgenerate">enable</param>
    <param name="filename">ipmitool</param>
+<!--
    <param name="versionformat">1.8.18</param>
+-->
+    <param name="versionformat">1.8.18+git%cd.%h</param>    
  </service>
  <service mode="disabled" name="recompress">
    <param name="file">*.tar</param>
--- a/autotools_define_DOWNLOAD.diff
+++ b/autotools_define_DOWNLOAD.diff
@ -0,0 +1,122 @@
+Make IANA PEN download configurable - fix uninitalized DOWNLOAD variable
+
+Currently if you do not have wget and curl requirement met, you get
+this error:
+[   93s] configure: WARNING: ** Neither wget nor curl could be found.
+[   93s] configure: WARNING: ** IANA PEN database will not be installed by `make install` !
+[   93s] configure: WARNING: ** Download is:
+[   93s] configure: WARNING: 
+...
+[  104s] configure: error: conditional "DOWNLOAD" was never defined.
+[  104s] Usually this means the macro was only invoked conditionally.
+[  104s] error: Bad exit status from /var/tmp/rpm-tmp.TYnvu5 (%build)
+
+
+Internet download is restricted in most build environments.
+So there must be a knob to enable/disable IANA PEN database download.
+For security reasons and as a good manner for open source tools, the internet
+download is by default set to off.
+
+This patch initializes all needed variables and also introduces to make the
+IANA PEN internet download configurable.
+
+./configure
+then has this additional feature:
+
+  --enable-iana-download  Download IANA PEN database [default=no]
+
+Depending on whether it has explicitly been enabled this additional output
+is shown after build env is successfully set up via ./configure:
+
+  Download IANA PEN database   : yes
+  IANA PEN database URL        : http://www.iana.org/assignments/enterprise-numbers
+
+The URL is unfortunately hardcoded in the message. I couldn't find a quick
+way to show the IANA_PEN_URL variable there, so if this is ever changed (it is
+not configurable right now, but maybe with a follow up patch in the future),
+it has to be changed in the help string as well.
+
+
+---
+ Makefile.am  |    5 ++---
+ configure.ac |   38 ++++++++++++++++++++++++++------------
+ 2 files changed, 28 insertions(+), 15 deletions(-)
+
+--- a/Makefile.am
+++ b/Makefile.am
+@@ -41,7 +41,6 @@
+ 	$(distdir).tar.gz $(distdir).tar.bz2
+ 
+ SUBDIRS = lib src include doc contrib control
+-IANA_PEN = http://www.iana.org/assignments/enterprise-numbers
+ 
+ dist-hook:
+ 	cp control/ipmitool.spec $(distdir)
+@@ -52,8 +51,8 @@
+ 
+ enterprise-numbers:
+ 	@echo Downloading IANA PEN database...
+-	@$(DOWNLOAD) "$(IANA_PEN)" > tmpfile.$$PPID || {\
+-		echo "FAILED to download the IANA PEN database"; \
+	@$(DOWNLOAD) "$(IANA_PEN_URL)" > tmpfile.$$PPID || {\
+		echo "FAILED to download the IANA PEN database from $(IANA_PEN_URL)"; \
+ 		rm tmpfile.$$PPID; \
+ 		false; \
+ 	}
+--- a/configure.ac
+++ b/configure.ac
+@@ -56,23 +56,34 @@
+ 	exec_prefix="$prefix"
+ fi
+ 
+-if test "x$WGET" = "x"; then
+-	if test "x$CURL" = "x"; then
+-		AC_MSG_WARN([** Neither wget nor curl could be found.])
+-		AC_MSG_WARN([** IANA PEN database will not be installed by `make install` !])
+xiana_pen_url="http://www.iana.org/assignments/enterprise-numbers"
+AC_SUBST(IANA_PEN_URL, xiana_pen_url)
+
+AC_ARG_ENABLE([iana-download],
+	[AC_HELP_STRING([--enable-iana-download],
+			[Download IANA PEN database [default=no]])],
+	[xenable_iana_download=$enableval],
+	[xenable_iana_download=no])
+if test "x$xenable_iana_download" = "xyes"; then
+	if test "x$WGET" = "x"; then
+		if test "x$CURL" = "x"; then
+			AC_MSG_WARN([** Neither wget nor curl could be found.])
+			AC_MSG_WARN([** IANA PEN database will not be installed by `make install` !])
+			xenable_iana_download="no"
+		else
+			DOWNLOAD="$CURL -#"
+		fi
+ 	else
+-		DOWNLOAD="$CURL -#"
+-		AM_CONDITIONAL([DOWNLOAD], [true])
+		DOWNLOAD="$WGET -c -nd -O -"
+ 	fi
+-else
+-	DOWNLOAD="$WGET -c -nd -O -"
+fi
+if test "x$xenable_iana_download" = "xyes"; then
+ 	AM_CONDITIONAL([DOWNLOAD], [true])
+	AC_SUBST(DOWNLOAD, $DOWNLOAD)
+else
+	AM_CONDITIONAL([DOWNLOAD], [false])
+ fi
+ 
+-AC_MSG_WARN([** Download is:])
+-AC_MSG_WARN($DOWNLOAD)
+-AC_SUBST(DOWNLOAD, $DOWNLOAD)
+-
+ dnl
+ dnl set default option values
+ dnl
+@@ -776,4 +787,7 @@
+ AC_MSG_RESULT([  ipmievd   : yes])
+ AC_MSG_RESULT([  ipmishell : $xenable_ipmishell])
+ AC_MSG_RESULT([])
+AC_MSG_RESULT([  Download IANA PEN database   : $xenable_iana_download])
+AC_MSG_RESULT([  IANA PEN database URL        : $xiana_pen_url])
+AC_MSG_RESULT([])
+ 
--- a/create_pen_list_from_local_file.patch
+++ b/create_pen_list_from_local_file.patch
@ -1,24 +0,0 @@
-Author: Thomas Renninger <trenn@suse.de>
-
-Create pen list include file from already downloaded iana file
-
-This is needed for build services where you typically cannot download.
-
-
-Index: ipmitool-1.8.18/lib/create_pen_list
-===================================================================
--- ipmitool-1.8.18.orig/lib/create_pen_list	2018-09-25 13:32:46.000000000 +0200
-+++ ipmitool-1.8.18/lib/create_pen_list	2018-09-26 09:09:10.543717017 +0200
-@@ -71,5 +71,10 @@ parse_pen_list() {
-       }'
- }
- 
-echo "Generating IANA PEN list..."
-curl -# "$PENLIST_URL" | parse_pen_list > "$OUTFILE"
-+if [ -r enterprise-numbers ];then
-+    echo "Generating IANA PEN list from local file..."
-+    cat enterprise-numbers | parse_pen_list > "$OUTFILE"
-+else
-+    echo "Generating IANA PEN list from iana downloaded file..."
-+    curl -# "$PENLIST_URL" | parse_pen_list > "$OUTFILE"
-+fi
--- a/11314
+++ b/11314
--- a/fix_file_permissions.patch
+++ b/fix_file_permissions.patch
@ -1,20 +1,10 @@
-Index: ipmitool-1.8.18/lib/helper.c
-===================================================================
--- ipmitool-1.8.18.orig/lib/helper.c	2018-09-25 11:36:13.675132165 +0200
-+++ ipmitool-1.8.18/lib/helper.c	2018-09-25 11:40:43.283111633 +0200
-@@ -867,7 +867,6 @@ ipmi_start_daemon(struct ipmi_intf *intf
- #endif
- 
- 	chdir("/");
-	umask(0);
- 
- 	for (fd=0; fd<64; fd++) {
- 		if (fd != intf->fd)
-Index: ipmitool-1.8.18/src/ipmievd.c
-===================================================================
--- ipmitool-1.8.18.orig/src/ipmievd.c	2018-09-25 11:36:13.679132402 +0200
-+++ ipmitool-1.8.18/src/ipmievd.c	2018-09-25 11:41:12.744857808 +0200
-@@ -701,6 +701,7 @@ ipmievd_main(struct ipmi_event_intf * ei
+---
+ src/ipmievd.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/src/ipmievd.c
+++ b/src/ipmievd.c
+@@ -700,6 +700,7 @@
 	int i, rc;
 	int daemon = 1;
 	struct sigaction act;
@ -22,7 +12,7 @@ Index: ipmitool-1.8.18/src/ipmievd.c
 
 	memset(pidfile, 0, 64);
 	sprintf(pidfile, "%s%d", DEFAULT_PIDFILE, eintf->intf->devnum);
-@@ -763,8 +764,9 @@ ipmievd_main(struct ipmi_event_intf * ei
+@@ -762,8 +763,9 @@
 
 		ipmi_start_daemon(eintf->intf);
 
--- a/ipmitool-1.8.18+git20200204.7ccea28.tar.xz
+++ b/ipmitool-1.8.18+git20200204.7ccea28.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:52768d6a7346f34c8e60fdc023a0d578ade1921dca07f75fe3dc1c0cbd690671
+size 456868
--- a/ipmitool-1.8.18.tar.xz
+++ b/ipmitool-1.8.18.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3b3d15b6af37d4d0c52e980f03405f0cc79439cdb8954aeb0fef7e8f60ece3cb
-size 441900
--- a/ipmitool.changes
+++ b/ipmitool.changes
@ -1,3 +1,34 @@
+-------------------------------------------------------------------
+Mon Feb 10 08:27:23 UTC 2020 - trenn@suse.de
+
+- bsc#1163026
+- CVE-2020-5208
+- Use license macro for COPYING, instead of doc
+- Add ChangeLog mainline log to docs for shorter
+  obs changelogs. This will be the last more detailed
+  changelog, due to more important buffer overflow patches.
+  Otherwise this changelog will not include (mainline) changes
+  anymore.
+- Update to version 1.8.18+git20200204.7ccea28:
+  * fru, sdr: Fix id_string buffer overflows
+  * lanp: Fix buffer overflows in get_lan_param_select
+  * channel: Fix buffer overflow
+  * session: Fix buffer overflow in ipmi_get_session_info
+  * fru: Fix buffer overflow in ipmi_spd_print_fru
+  * fru: Fix buffer overflow vulnerabilities
+  * chassis: bootmbox: Refix 62a04390
+  * configure: Drop requirement for curses et. al libs
+
+- Add a configure option to disable IANA PEN database internet download
+A    autotools_define_DOWNLOAD.diff
+D    create_pen_list_from_local_file.patch
+- New pen database:
+M    enterprise-numbers
+- Patches adjusted to latest mainline code:
+M    fix_file_permissions.patch
+M    ipmitool_adjust_suse_paths.patch
+M    several_more_compile_fixes.patch
+
 -------------------------------------------------------------------
 Mon Sep  2 16:22:47 UTC 2019 - trenn@suse.de

--- a/ipmitool.spec
+++ b/ipmitool.spec
@ -17,7 +17,7 @@


 Name:           ipmitool
-Version:        1.8.18
+Version:        1.8.18+git20200204.7ccea28
 Release:        0
 Summary:        Utility for IPMI Control
 License:        BSD-3-Clause
@ -32,7 +32,7 @@ Patch1:         fix_file_permissions.patch
 Patch2:         several_more_compile_fixes.patch
 Patch3:         ipmitool_adjust_suse_paths.patch
 Patch4:         hpm_x_compatibility_msg_is_debug_only.patch
-Patch5:         create_pen_list_from_local_file.patch
+Patch5:         autotools_define_DOWNLOAD.diff
 BuildRequires:  libtool
 BuildRequires:  openssl-devel
 BuildRequires:  readline-devel
@ -87,6 +87,8 @@ make %{?_smp_mflags}
 %make_install
 rm -rf %{buildroot}%{_datadir}/doc/ipmitool

+install -D -m 644 %{SOURCE3}  %{buildroot}/usr/share/misc/enterprise-numbers
+
 # exchange-bmc-os-info service
 install -D -m 0755 contrib/exchange-bmc-os-info.init.redhat %{buildroot}/%{_sbindir}/exchange-bmc-os-info
 install -D -m 0644 contrib/exchange-bmc-os-info.service.redhat %{buildroot}%{_unitdir}/exchange-bmc-os-info.service
@ -129,7 +131,8 @@ ln -sf service %{buildroot}%{_sbindir}/rcbmc-snmp-proxy
 %service_del_postun bmc-snmp-proxy.service exchange-bmc-os-info.service ipmievd.service

 %files
-%doc AUTHORS COPYING README
+%doc AUTHORS README ChangeLog
+%license COPYING
 %{_datadir}/ipmitool
 %attr(755,root,root) %{_bindir}/ipmitool
 %attr(755,root,root) %{_sbindir}/ipmievd
@ -142,6 +145,7 @@ ln -sf service %{buildroot}%{_sbindir}/rcbmc-snmp-proxy
 %{_unitdir}/ipmievd.service
 %{_mandir}/man1/*
 %{_mandir}/man8/*
+/usr/share/misc/enterprise-numbers

 %files bmc-snmp-proxy
 %attr(755,root,root) %{_sbindir}/bmc-snmp-proxy
--- a/ipmitool_adjust_suse_paths.patch
+++ b/ipmitool_adjust_suse_paths.patch
@ -1,37 +1,11 @@
-Index: ipmitool-1.8.13/contrib/bmc-snmp-proxy.service
-===================================================================
--- ipmitool-1.8.13.orig/contrib/bmc-snmp-proxy.service
-+++ ipmitool-1.8.13/contrib/bmc-snmp-proxy.service
-@@ -11,8 +11,8 @@ ConditionPathExists=/var/run/bmc-info
- Type=oneshot
- RemainAfterExit=yes
- 
-ExecStart=/usr/libexec/bmc-snmp-proxy start
-ExecStop=/usr/libexec/bmc-snmp-proxy stop
-+ExecStart=/usr/sbin/bmc-snmp-proxy start
-+ExecStop=/usr/sbin/bmc-snmp-proxy stop
- 
- [Install]
- WantedBy=multi-user.target
-Index: ipmitool-1.8.13/contrib/exchange-bmc-os-info.service.redhat
-===================================================================
--- ipmitool-1.8.13.orig/contrib/exchange-bmc-os-info.service.redhat
-+++ ipmitool-1.8.13/contrib/exchange-bmc-os-info.service.redhat
-@@ -6,8 +6,8 @@ Requires=ipmi.service
- [Service]
- Type=oneshot
- RemainAfterExit=yes
-ExecStart=/usr/libexec/exchange-bmc-os-info start
-ExecStop=/usr/libexec/exchange-bmc-os-info stop
-+ExecStart=/usr/sbin/exchange-bmc-os-info start
-+ExecStop=/usr/sbin/exchange-bmc-os-info stop
- 
- [Install]
- WantedBy=multi-user.target
-Index: ipmitool-1.8.13/contrib/bmc-snmp-proxy
-===================================================================
--- ipmitool-1.8.13.orig/contrib/bmc-snmp-proxy
-+++ ipmitool-1.8.13/contrib/bmc-snmp-proxy
+---
+ contrib/bmc-snmp-proxy                      |    4 ++++
+ contrib/bmc-snmp-proxy.service              |    4 ++--
+ contrib/exchange-bmc-os-info.service.redhat |    4 ++--
+ 3 files changed, 8 insertions(+), 4 deletions(-)
+
+--- a/contrib/bmc-snmp-proxy
+++ b/contrib/bmc-snmp-proxy
@@ -14,6 +14,10 @@
 #
 # Assumptions:  This script will work only when /etc/snmp/ is writable.
@ -43,3 +17,29 @@ Index: ipmitool-1.8.13/contrib/bmc-snmp-proxy
 #############################################################################
 # GLOBALS
 #############################################################################
+--- a/contrib/bmc-snmp-proxy.service
+++ b/contrib/bmc-snmp-proxy.service
+@@ -11,8 +11,8 @@
+ Type=oneshot
+ RemainAfterExit=yes
+ 
+-ExecStart=/usr/libexec/bmc-snmp-proxy start
+-ExecStop=/usr/libexec/bmc-snmp-proxy stop
+ExecStart=/usr/sbin/bmc-snmp-proxy start
+ExecStop=/usr/sbin/bmc-snmp-proxy stop
+ 
+ [Install]
+ WantedBy=multi-user.target
+--- a/contrib/exchange-bmc-os-info.service.redhat
+++ b/contrib/exchange-bmc-os-info.service.redhat
+@@ -7,8 +7,8 @@
+ [Service]
+ Type=oneshot
+ RemainAfterExit=yes
+-ExecStart=/usr/libexec/exchange-bmc-os-info start
+-ExecStop=/usr/libexec/exchange-bmc-os-info stop
+ExecStart=/usr/sbin/exchange-bmc-os-info start
+ExecStop=/usr/sbin/exchange-bmc-os-info stop
+ 
+ [Install]
+ WantedBy=multi-user.target
--- a/several_more_compile_fixes.patch
+++ b/several_more_compile_fixes.patch
@ -4,11 +4,14 @@ Changes partly very old and not possible to find the original author.

 Signed-off-by: Thomas Renninger <trenn@suse.de>

-Index: ipmitool-1.8.18/lib/ipmi_ekanalyzer.c
-===================================================================
--- ipmitool-1.8.18.orig/lib/ipmi_ekanalyzer.c	2018-09-09 13:48:58.000000000 +0200
-+++ ipmitool-1.8.18/lib/ipmi_ekanalyzer.c	2018-09-25 11:42:30.901490572 +0200
-@@ -4014,7 +4014,7 @@ ipmi_ek_display_clock_config_record(stru
+---
+ lib/ipmi_ekanalyzer.c |    2 +-
+ lib/ipmi_picmg.c      |    4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+--- a/lib/ipmi_ekanalyzer.c
+++ b/lib/ipmi_ekanalyzer.c
+@@ -4013,7 +4013,7 @@
 					(feature & 1) ? "Source" : "Receiver");
 			printf("\tFamily:  0x%02x    - AccLVL: 0x%02x\n",
 					family, accuracy);
@ -17,11 +20,9 @@ Index: ipmitool-1.8.18/lib/ipmi_ekanalyzer.c
 					freq, min_freq, max_freq);
 		}
 		printf("\n");
-Index: ipmitool-1.8.18/lib/ipmi_picmg.c
-===================================================================
--- ipmitool-1.8.18.orig/lib/ipmi_picmg.c	2018-09-09 13:48:58.000000000 +0200
-+++ ipmitool-1.8.18/lib/ipmi_picmg.c	2018-09-25 11:42:30.905490809 +0200
-@@ -850,7 +850,7 @@ ipmi_picmg_portstate_get(struct ipmi_int
+--- a/lib/ipmi_picmg.c
+++ b/lib/ipmi_picmg.c
+@@ -949,7 +949,7 @@
 					}
 					else if (d->type >= 0x06 && d->type <= 0xef)
 					{
@ -30,7 +31,7 @@ Index: ipmitool-1.8.18/lib/ipmi_picmg.c
 					}
 					else if (d->type >= 0xf0 && d->type <= 0xfe)
 					{
-@@ -1702,7 +1702,7 @@ ipmi_picmg_clk_get(struct ipmi_intf * in
+@@ -1805,7 +1805,7 @@
 						oemval2str( rsp->data[3], rsp->data[4],
 											picmg_clk_accuracy_vals));
 		
@ -39,15 +40,3 @@ Index: ipmitool-1.8.18/lib/ipmi_picmg.c
 		   }
 		}
 	}
-Index: ipmitool-1.8.18/lib/ipmi_sdr.c
-===================================================================
--- ipmitool-1.8.18.orig/lib/ipmi_sdr.c	2018-09-09 13:48:58.000000000 +0200
-+++ ipmitool-1.8.18/lib/ipmi_sdr.c	2018-09-25 11:42:30.909491047 +0200
-@@ -52,6 +52,7 @@
- #include <ipmitool/ipmi_entity.h>
- #include <ipmitool/ipmi_constants.h>
- #include <ipmitool/ipmi_strings.h>
-+#include <ipmitool/ipmi_sensor.h>
- 
- #if HAVE_CONFIG_H
- # include <config.h>