Accepting request 773431 from home:trenn:branches:systemsmanagement

- bsc#1163026
- CVE-2020-5208
- Use license macro for COPYING, instead of doc
- Add ChangeLog mainline log to docs for shorter
  obs changelogs. This will be the last more detailed
  changelog, due to more important buffer overflow patches.
  Otherwise this changelog will not include (mainline) changes
  anymore.
- Update to version 1.8.18+git20200204.7ccea28:
  * fru, sdr: Fix id_string buffer overflows
  * lanp: Fix buffer overflows in get_lan_param_select
  * channel: Fix buffer overflow
  * session: Fix buffer overflow in ipmi_get_session_info
  * fru: Fix buffer overflow in ipmi_spd_print_fru
  * fru: Fix buffer overflow vulnerabilities
  * chassis: bootmbox: Refix 62a04390
  * configure: Drop requirement for curses et. al libs
- Add a configure option to disable IANA PEN database internet download
A    autotools_define_DOWNLOAD.diff
D    create_pen_list_from_local_file.patch
- New pen database:
M    enterprise-numbers
- Patches adjusted to latest mainline code:
M    fix_file_permissions.patch
M    ipmitool_adjust_suse_paths.patch
M    several_more_compile_fixes.patch

OBS-URL: https://build.opensuse.org/request/show/773431
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ipmitool?expand=0&rev=51
This commit is contained in:
Thomas Renninger 2020-02-11 12:28:03 +00:00 committed by Git OBS Bridge
parent 4cb932c196
commit 0728bd93f6
11 changed files with 10954 additions and 686 deletions

View File

@ -2,9 +2,13 @@
<service mode="disabled" name="tar_scm"> <service mode="disabled" name="tar_scm">
<param name="url">https://github.com/ipmitool/ipmitool.git</param> <param name="url">https://github.com/ipmitool/ipmitool.git</param>
<param name="scm">git</param> <param name="scm">git</param>
<param name="version">HEAD</param>
<param name="changesgenerate">enable</param> <param name="changesgenerate">enable</param>
<param name="filename">ipmitool</param> <param name="filename">ipmitool</param>
<!--
<param name="versionformat">1.8.18</param> <param name="versionformat">1.8.18</param>
-->
<param name="versionformat">1.8.18+git%cd.%h</param>
</service> </service>
<service mode="disabled" name="recompress"> <service mode="disabled" name="recompress">
<param name="file">*.tar</param> <param name="file">*.tar</param>

View File

@ -0,0 +1,122 @@
Make IANA PEN download configurable - fix uninitalized DOWNLOAD variable
Currently if you do not have wget and curl requirement met, you get
this error:
[ 93s] configure: WARNING: ** Neither wget nor curl could be found.
[ 93s] configure: WARNING: ** IANA PEN database will not be installed by `make install` !
[ 93s] configure: WARNING: ** Download is:
[ 93s] configure: WARNING:
...
[ 104s] configure: error: conditional "DOWNLOAD" was never defined.
[ 104s] Usually this means the macro was only invoked conditionally.
[ 104s] error: Bad exit status from /var/tmp/rpm-tmp.TYnvu5 (%build)
Internet download is restricted in most build environments.
So there must be a knob to enable/disable IANA PEN database download.
For security reasons and as a good manner for open source tools, the internet
download is by default set to off.
This patch initializes all needed variables and also introduces to make the
IANA PEN internet download configurable.
./configure
then has this additional feature:
--enable-iana-download Download IANA PEN database [default=no]
Depending on whether it has explicitly been enabled this additional output
is shown after build env is successfully set up via ./configure:
Download IANA PEN database : yes
IANA PEN database URL : http://www.iana.org/assignments/enterprise-numbers
The URL is unfortunately hardcoded in the message. I couldn't find a quick
way to show the IANA_PEN_URL variable there, so if this is ever changed (it is
not configurable right now, but maybe with a follow up patch in the future),
it has to be changed in the help string as well.
---
Makefile.am | 5 ++---
configure.ac | 38 ++++++++++++++++++++++++++------------
2 files changed, 28 insertions(+), 15 deletions(-)
--- a/Makefile.am
+++ b/Makefile.am
@@ -41,7 +41,6 @@
$(distdir).tar.gz $(distdir).tar.bz2
SUBDIRS = lib src include doc contrib control
-IANA_PEN = http://www.iana.org/assignments/enterprise-numbers
dist-hook:
cp control/ipmitool.spec $(distdir)
@@ -52,8 +51,8 @@
enterprise-numbers:
@echo Downloading IANA PEN database...
- @$(DOWNLOAD) "$(IANA_PEN)" > tmpfile.$$PPID || {\
- echo "FAILED to download the IANA PEN database"; \
+ @$(DOWNLOAD) "$(IANA_PEN_URL)" > tmpfile.$$PPID || {\
+ echo "FAILED to download the IANA PEN database from $(IANA_PEN_URL)"; \
rm tmpfile.$$PPID; \
false; \
}
--- a/configure.ac
+++ b/configure.ac
@@ -56,23 +56,34 @@
exec_prefix="$prefix"
fi
-if test "x$WGET" = "x"; then
- if test "x$CURL" = "x"; then
- AC_MSG_WARN([** Neither wget nor curl could be found.])
- AC_MSG_WARN([** IANA PEN database will not be installed by `make install` !])
+xiana_pen_url="http://www.iana.org/assignments/enterprise-numbers"
+AC_SUBST(IANA_PEN_URL, xiana_pen_url)
+
+AC_ARG_ENABLE([iana-download],
+ [AC_HELP_STRING([--enable-iana-download],
+ [Download IANA PEN database [default=no]])],
+ [xenable_iana_download=$enableval],
+ [xenable_iana_download=no])
+if test "x$xenable_iana_download" = "xyes"; then
+ if test "x$WGET" = "x"; then
+ if test "x$CURL" = "x"; then
+ AC_MSG_WARN([** Neither wget nor curl could be found.])
+ AC_MSG_WARN([** IANA PEN database will not be installed by `make install` !])
+ xenable_iana_download="no"
+ else
+ DOWNLOAD="$CURL -#"
+ fi
else
- DOWNLOAD="$CURL -#"
- AM_CONDITIONAL([DOWNLOAD], [true])
+ DOWNLOAD="$WGET -c -nd -O -"
fi
-else
- DOWNLOAD="$WGET -c -nd -O -"
+fi
+if test "x$xenable_iana_download" = "xyes"; then
AM_CONDITIONAL([DOWNLOAD], [true])
+ AC_SUBST(DOWNLOAD, $DOWNLOAD)
+else
+ AM_CONDITIONAL([DOWNLOAD], [false])
fi
-AC_MSG_WARN([** Download is:])
-AC_MSG_WARN($DOWNLOAD)
-AC_SUBST(DOWNLOAD, $DOWNLOAD)
-
dnl
dnl set default option values
dnl
@@ -776,4 +787,7 @@
AC_MSG_RESULT([ ipmievd : yes])
AC_MSG_RESULT([ ipmishell : $xenable_ipmishell])
AC_MSG_RESULT([])
+AC_MSG_RESULT([ Download IANA PEN database : $xenable_iana_download])
+AC_MSG_RESULT([ IANA PEN database URL : $xiana_pen_url])
+AC_MSG_RESULT([])

View File

@ -1,24 +0,0 @@
Author: Thomas Renninger <trenn@suse.de>
Create pen list include file from already downloaded iana file
This is needed for build services where you typically cannot download.
Index: ipmitool-1.8.18/lib/create_pen_list
===================================================================
--- ipmitool-1.8.18.orig/lib/create_pen_list 2018-09-25 13:32:46.000000000 +0200
+++ ipmitool-1.8.18/lib/create_pen_list 2018-09-26 09:09:10.543717017 +0200
@@ -71,5 +71,10 @@ parse_pen_list() {
}'
}
-echo "Generating IANA PEN list..."
-curl -# "$PENLIST_URL" | parse_pen_list > "$OUTFILE"
+if [ -r enterprise-numbers ];then
+ echo "Generating IANA PEN list from local file..."
+ cat enterprise-numbers | parse_pen_list > "$OUTFILE"
+else
+ echo "Generating IANA PEN list from iana downloaded file..."
+ curl -# "$PENLIST_URL" | parse_pen_list > "$OUTFILE"
+fi

File diff suppressed because it is too large Load Diff

View File

@ -1,20 +1,10 @@
Index: ipmitool-1.8.18/lib/helper.c ---
=================================================================== src/ipmievd.c | 4 +++-
--- ipmitool-1.8.18.orig/lib/helper.c 2018-09-25 11:36:13.675132165 +0200 1 file changed, 3 insertions(+), 1 deletion(-)
+++ ipmitool-1.8.18/lib/helper.c 2018-09-25 11:40:43.283111633 +0200
@@ -867,7 +867,6 @@ ipmi_start_daemon(struct ipmi_intf *intf
#endif
chdir("/"); --- a/src/ipmievd.c
- umask(0); +++ b/src/ipmievd.c
@@ -700,6 +700,7 @@
for (fd=0; fd<64; fd++) {
if (fd != intf->fd)
Index: ipmitool-1.8.18/src/ipmievd.c
===================================================================
--- ipmitool-1.8.18.orig/src/ipmievd.c 2018-09-25 11:36:13.679132402 +0200
+++ ipmitool-1.8.18/src/ipmievd.c 2018-09-25 11:41:12.744857808 +0200
@@ -701,6 +701,7 @@ ipmievd_main(struct ipmi_event_intf * ei
int i, rc; int i, rc;
int daemon = 1; int daemon = 1;
struct sigaction act; struct sigaction act;
@ -22,7 +12,7 @@ Index: ipmitool-1.8.18/src/ipmievd.c
memset(pidfile, 0, 64); memset(pidfile, 0, 64);
sprintf(pidfile, "%s%d", DEFAULT_PIDFILE, eintf->intf->devnum); sprintf(pidfile, "%s%d", DEFAULT_PIDFILE, eintf->intf->devnum);
@@ -763,8 +764,9 @@ ipmievd_main(struct ipmi_event_intf * ei @@ -762,8 +763,9 @@
ipmi_start_daemon(eintf->intf); ipmi_start_daemon(eintf->intf);

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:52768d6a7346f34c8e60fdc023a0d578ade1921dca07f75fe3dc1c0cbd690671
size 456868

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3b3d15b6af37d4d0c52e980f03405f0cc79439cdb8954aeb0fef7e8f60ece3cb
size 441900

View File

@ -1,3 +1,34 @@
-------------------------------------------------------------------
Mon Feb 10 08:27:23 UTC 2020 - trenn@suse.de
- bsc#1163026
- CVE-2020-5208
- Use license macro for COPYING, instead of doc
- Add ChangeLog mainline log to docs for shorter
obs changelogs. This will be the last more detailed
changelog, due to more important buffer overflow patches.
Otherwise this changelog will not include (mainline) changes
anymore.
- Update to version 1.8.18+git20200204.7ccea28:
* fru, sdr: Fix id_string buffer overflows
* lanp: Fix buffer overflows in get_lan_param_select
* channel: Fix buffer overflow
* session: Fix buffer overflow in ipmi_get_session_info
* fru: Fix buffer overflow in ipmi_spd_print_fru
* fru: Fix buffer overflow vulnerabilities
* chassis: bootmbox: Refix 62a04390
* configure: Drop requirement for curses et. al libs
- Add a configure option to disable IANA PEN database internet download
A autotools_define_DOWNLOAD.diff
D create_pen_list_from_local_file.patch
- New pen database:
M enterprise-numbers
- Patches adjusted to latest mainline code:
M fix_file_permissions.patch
M ipmitool_adjust_suse_paths.patch
M several_more_compile_fixes.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Sep 2 16:22:47 UTC 2019 - trenn@suse.de Mon Sep 2 16:22:47 UTC 2019 - trenn@suse.de

View File

@ -17,7 +17,7 @@
Name: ipmitool Name: ipmitool
Version: 1.8.18 Version: 1.8.18+git20200204.7ccea28
Release: 0 Release: 0
Summary: Utility for IPMI Control Summary: Utility for IPMI Control
License: BSD-3-Clause License: BSD-3-Clause
@ -32,7 +32,7 @@ Patch1: fix_file_permissions.patch
Patch2: several_more_compile_fixes.patch Patch2: several_more_compile_fixes.patch
Patch3: ipmitool_adjust_suse_paths.patch Patch3: ipmitool_adjust_suse_paths.patch
Patch4: hpm_x_compatibility_msg_is_debug_only.patch Patch4: hpm_x_compatibility_msg_is_debug_only.patch
Patch5: create_pen_list_from_local_file.patch Patch5: autotools_define_DOWNLOAD.diff
BuildRequires: libtool BuildRequires: libtool
BuildRequires: openssl-devel BuildRequires: openssl-devel
BuildRequires: readline-devel BuildRequires: readline-devel
@ -87,6 +87,8 @@ make %{?_smp_mflags}
%make_install %make_install
rm -rf %{buildroot}%{_datadir}/doc/ipmitool rm -rf %{buildroot}%{_datadir}/doc/ipmitool
install -D -m 644 %{SOURCE3} %{buildroot}/usr/share/misc/enterprise-numbers
# exchange-bmc-os-info service # exchange-bmc-os-info service
install -D -m 0755 contrib/exchange-bmc-os-info.init.redhat %{buildroot}/%{_sbindir}/exchange-bmc-os-info install -D -m 0755 contrib/exchange-bmc-os-info.init.redhat %{buildroot}/%{_sbindir}/exchange-bmc-os-info
install -D -m 0644 contrib/exchange-bmc-os-info.service.redhat %{buildroot}%{_unitdir}/exchange-bmc-os-info.service install -D -m 0644 contrib/exchange-bmc-os-info.service.redhat %{buildroot}%{_unitdir}/exchange-bmc-os-info.service
@ -129,7 +131,8 @@ ln -sf service %{buildroot}%{_sbindir}/rcbmc-snmp-proxy
%service_del_postun bmc-snmp-proxy.service exchange-bmc-os-info.service ipmievd.service %service_del_postun bmc-snmp-proxy.service exchange-bmc-os-info.service ipmievd.service
%files %files
%doc AUTHORS COPYING README %doc AUTHORS README ChangeLog
%license COPYING
%{_datadir}/ipmitool %{_datadir}/ipmitool
%attr(755,root,root) %{_bindir}/ipmitool %attr(755,root,root) %{_bindir}/ipmitool
%attr(755,root,root) %{_sbindir}/ipmievd %attr(755,root,root) %{_sbindir}/ipmievd
@ -142,6 +145,7 @@ ln -sf service %{buildroot}%{_sbindir}/rcbmc-snmp-proxy
%{_unitdir}/ipmievd.service %{_unitdir}/ipmievd.service
%{_mandir}/man1/* %{_mandir}/man1/*
%{_mandir}/man8/* %{_mandir}/man8/*
/usr/share/misc/enterprise-numbers
%files bmc-snmp-proxy %files bmc-snmp-proxy
%attr(755,root,root) %{_sbindir}/bmc-snmp-proxy %attr(755,root,root) %{_sbindir}/bmc-snmp-proxy

View File

@ -1,37 +1,11 @@
Index: ipmitool-1.8.13/contrib/bmc-snmp-proxy.service ---
=================================================================== contrib/bmc-snmp-proxy | 4 ++++
--- ipmitool-1.8.13.orig/contrib/bmc-snmp-proxy.service contrib/bmc-snmp-proxy.service | 4 ++--
+++ ipmitool-1.8.13/contrib/bmc-snmp-proxy.service contrib/exchange-bmc-os-info.service.redhat | 4 ++--
@@ -11,8 +11,8 @@ ConditionPathExists=/var/run/bmc-info 3 files changed, 8 insertions(+), 4 deletions(-)
Type=oneshot
RemainAfterExit=yes
-ExecStart=/usr/libexec/bmc-snmp-proxy start --- a/contrib/bmc-snmp-proxy
-ExecStop=/usr/libexec/bmc-snmp-proxy stop +++ b/contrib/bmc-snmp-proxy
+ExecStart=/usr/sbin/bmc-snmp-proxy start
+ExecStop=/usr/sbin/bmc-snmp-proxy stop
[Install]
WantedBy=multi-user.target
Index: ipmitool-1.8.13/contrib/exchange-bmc-os-info.service.redhat
===================================================================
--- ipmitool-1.8.13.orig/contrib/exchange-bmc-os-info.service.redhat
+++ ipmitool-1.8.13/contrib/exchange-bmc-os-info.service.redhat
@@ -6,8 +6,8 @@ Requires=ipmi.service
[Service]
Type=oneshot
RemainAfterExit=yes
-ExecStart=/usr/libexec/exchange-bmc-os-info start
-ExecStop=/usr/libexec/exchange-bmc-os-info stop
+ExecStart=/usr/sbin/exchange-bmc-os-info start
+ExecStop=/usr/sbin/exchange-bmc-os-info stop
[Install]
WantedBy=multi-user.target
Index: ipmitool-1.8.13/contrib/bmc-snmp-proxy
===================================================================
--- ipmitool-1.8.13.orig/contrib/bmc-snmp-proxy
+++ ipmitool-1.8.13/contrib/bmc-snmp-proxy
@@ -14,6 +14,10 @@ @@ -14,6 +14,10 @@
# #
# Assumptions: This script will work only when /etc/snmp/ is writable. # Assumptions: This script will work only when /etc/snmp/ is writable.
@ -43,3 +17,29 @@ Index: ipmitool-1.8.13/contrib/bmc-snmp-proxy
############################################################################# #############################################################################
# GLOBALS # GLOBALS
############################################################################# #############################################################################
--- a/contrib/bmc-snmp-proxy.service
+++ b/contrib/bmc-snmp-proxy.service
@@ -11,8 +11,8 @@
Type=oneshot
RemainAfterExit=yes
-ExecStart=/usr/libexec/bmc-snmp-proxy start
-ExecStop=/usr/libexec/bmc-snmp-proxy stop
+ExecStart=/usr/sbin/bmc-snmp-proxy start
+ExecStop=/usr/sbin/bmc-snmp-proxy stop
[Install]
WantedBy=multi-user.target
--- a/contrib/exchange-bmc-os-info.service.redhat
+++ b/contrib/exchange-bmc-os-info.service.redhat
@@ -7,8 +7,8 @@
[Service]
Type=oneshot
RemainAfterExit=yes
-ExecStart=/usr/libexec/exchange-bmc-os-info start
-ExecStop=/usr/libexec/exchange-bmc-os-info stop
+ExecStart=/usr/sbin/exchange-bmc-os-info start
+ExecStop=/usr/sbin/exchange-bmc-os-info stop
[Install]
WantedBy=multi-user.target

View File

@ -4,11 +4,14 @@ Changes partly very old and not possible to find the original author.
Signed-off-by: Thomas Renninger <trenn@suse.de> Signed-off-by: Thomas Renninger <trenn@suse.de>
Index: ipmitool-1.8.18/lib/ipmi_ekanalyzer.c ---
=================================================================== lib/ipmi_ekanalyzer.c | 2 +-
--- ipmitool-1.8.18.orig/lib/ipmi_ekanalyzer.c 2018-09-09 13:48:58.000000000 +0200 lib/ipmi_picmg.c | 4 ++--
+++ ipmitool-1.8.18/lib/ipmi_ekanalyzer.c 2018-09-25 11:42:30.901490572 +0200 2 files changed, 3 insertions(+), 3 deletions(-)
@@ -4014,7 +4014,7 @@ ipmi_ek_display_clock_config_record(stru
--- a/lib/ipmi_ekanalyzer.c
+++ b/lib/ipmi_ekanalyzer.c
@@ -4013,7 +4013,7 @@
(feature & 1) ? "Source" : "Receiver"); (feature & 1) ? "Source" : "Receiver");
printf("\tFamily: 0x%02x - AccLVL: 0x%02x\n", printf("\tFamily: 0x%02x - AccLVL: 0x%02x\n",
family, accuracy); family, accuracy);
@ -17,11 +20,9 @@ Index: ipmitool-1.8.18/lib/ipmi_ekanalyzer.c
freq, min_freq, max_freq); freq, min_freq, max_freq);
} }
printf("\n"); printf("\n");
Index: ipmitool-1.8.18/lib/ipmi_picmg.c --- a/lib/ipmi_picmg.c
=================================================================== +++ b/lib/ipmi_picmg.c
--- ipmitool-1.8.18.orig/lib/ipmi_picmg.c 2018-09-09 13:48:58.000000000 +0200 @@ -949,7 +949,7 @@
+++ ipmitool-1.8.18/lib/ipmi_picmg.c 2018-09-25 11:42:30.905490809 +0200
@@ -850,7 +850,7 @@ ipmi_picmg_portstate_get(struct ipmi_int
} }
else if (d->type >= 0x06 && d->type <= 0xef) else if (d->type >= 0x06 && d->type <= 0xef)
{ {
@ -30,7 +31,7 @@ Index: ipmitool-1.8.18/lib/ipmi_picmg.c
} }
else if (d->type >= 0xf0 && d->type <= 0xfe) else if (d->type >= 0xf0 && d->type <= 0xfe)
{ {
@@ -1702,7 +1702,7 @@ ipmi_picmg_clk_get(struct ipmi_intf * in @@ -1805,7 +1805,7 @@
oemval2str( rsp->data[3], rsp->data[4], oemval2str( rsp->data[3], rsp->data[4],
picmg_clk_accuracy_vals)); picmg_clk_accuracy_vals));
@ -39,15 +40,3 @@ Index: ipmitool-1.8.18/lib/ipmi_picmg.c
} }
} }
} }
Index: ipmitool-1.8.18/lib/ipmi_sdr.c
===================================================================
--- ipmitool-1.8.18.orig/lib/ipmi_sdr.c 2018-09-09 13:48:58.000000000 +0200
+++ ipmitool-1.8.18/lib/ipmi_sdr.c 2018-09-25 11:42:30.909491047 +0200
@@ -52,6 +52,7 @@
#include <ipmitool/ipmi_entity.h>
#include <ipmitool/ipmi_constants.h>
#include <ipmitool/ipmi_strings.h>
+#include <ipmitool/ipmi_sensor.h>
#if HAVE_CONFIG_H
# include <config.h>