Merge branch 'release/1.8.18-4'1.8.18-4

9 files changed, 203 insertions, 5 deletions

diff --git a/.gitignore b/.gitignore
index cb3d651..3bac63c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@
 .bzrignore
 .pc
 .git
+debian/files
diff --git a/debian/README.source b/debian/README.source
new file mode 100644
index 0000000..e4f2b3d
--- /dev/null
+++ b/debian/README.source
@@ -0,0 +1,18 @@
+Hello,
+
+now I use the branching model from Vincent Driessen[1].
+
+I use the gitflow-avh[2]. with the Documentation[3].
+The Debian package can be found here[4].
+
+Please upload unattended uploads use a branch feature/<your title>.
+
+
+Many thanks.
+
+ -- Jörg Frings-Fürst <debian@jff-webhosting.net>  Fri, 02 Jun 2017 19:00:40 +0200
+
+[1] http://nvie.com/posts/a-successful-git-branching-model/
+[2] https://github.com/petervanderdoes/gitflow-avh
+[3] https://github.com/petervanderdoes/gitflow-avh/wiki
+[4] https://tracker.debian.org/pkg/git-flow
diff --git a/debian/changelog b/debian/changelog
index 229a8c2..8d860cb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,19 @@
+ipmitool (1.8.18-4) unstable; urgency=medium
+
+  * Migrate to OpenSSL1.1 (Closes_# 853782):
+    - New debian/patches/0120-openssl1.1.patch:
+      + Cherry-picked from upstream.
+    - debian/control:
+      + Switch Build-Depends from libssl1.0-dev to
+        libssl-dev to build against OpenSSL 1.1.
+  * Declare compliance with Debian Policy 4.0.0. (No changes needed).
+  * Refresh debian/patches/0115-typo.patch.
+  * debian/rules:
+    - Enable dummy interface.
+  * New README.source to explain the branching model used.
+
+ -- Jörg Frings-Fürst <debian@jff-webhosting.net>  Sun, 13 Aug 2017 10:56:16 +0200
+
 ipmitool (1.8.18-3) unstable; urgency=medium
 
   * debian/rules:
diff --git a/debian/control b/debian/control
index 82207f9..a5b3b1b 100644
--- a/debian/control
+++ b/debian/control
@@ -7,8 +7,8 @@ Build-Depends:
  libncurses-dev,
  libfreeipmi-dev [!hurd-i386],
  libreadline-dev,
- libssl1.0-dev
-Standards-Version: 3.9.8
+ libssl-dev
+Standards-Version: 4.0.0
 Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/ipmitool.git
 Vcs-Git: https://anonscm.debian.org/cgit/collab-maint/ipmitool.git
 Homepage: https://sourceforge.net/projects/ipmitool/
diff --git a/debian/files b/debian/files
deleted file mode 100644
index 58d13ec..0000000
--- a/debian/files
+++ /dev/null
@@ -1 +0,0 @@
-ipmitool_1.8.18-3_source.buildinfo utils optional
diff --git a/debian/patches/0115-typo.patch b/debian/patches/0115-typo.patch
index 1e32199..e2ee54b 100644
--- a/debian/patches/0115-typo.patch
+++ b/debian/patches/0115-typo.patch
@@ -1,6 +1,6 @@
 Description: source typos
 Author: Jörg Frings-Fürst <debian@jff-webhosting.net>
-Last-Update: 2016-05-15
+Last-Update: 2017-08-13
 ---
 This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
 Index: trunk/lib/dimm_spd.c
@@ -135,3 +135,16 @@ Index: trunk/doc/ipmievd.8
      sel     Poll SEL for notification of events
  
  .TP 
+Index: trunk/lib/ipmi_lanp.c
+===================================================================
+--- trunk.orig/lib/ipmi_lanp.c
++++ trunk/lib/ipmi_lanp.c
+@@ -1271,7 +1271,7 @@ print_lan_set_bad_pass_thresh_usage(void
+ {
+ 	lprintf(LOG_NOTICE,
+ "lan set <chanel> bad_pass_thresh <thresh_num> <1|0> <reset_interval> <lockout_interval>\n"
+-"        <thresh_num>         Bad Pasword Threshold number.\n"
++"        <thresh_num>         Bad Password Threshold number.\n"
+ "        <1|0>                1 = generate a Session Audit sensor event.\n"
+ "                             0 = do not generate an event.\n"
+ "        <reset_interval>     Attempt Count Reset Interval. In tens of seconds.\n"
diff --git a/debian/patches/0120-openssl1.1.patch b/debian/patches/0120-openssl1.1.patch
new file mode 100644
index 0000000..a7523fd
--- /dev/null
+++ b/debian/patches/0120-openssl1.1.patch
@@ -0,0 +1,150 @@
+Description: Migrate to openssl 1.1
+ Cherry-picked from upstream
+Author: Jörg Frings-Fürst <debian@jff-webhosting.net>
+Origin: upstream https://sourceforge.net/p/ipmitool/source/ci/1664902525a1c3771b4d8b3ccab7ea1ba6b2bdd1/
+Bug: https://sourceforge.net/p/ipmitool/bugs/461/
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853782
+Forwarded: not-needed
+Last-Update: 2017-08-13 <YYYY-MM-DD, last update of the meta-information, optional>
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: trunk/src/plugins/lanplus/lanplus_crypt_impl.c
+===================================================================
+--- trunk.orig/src/plugins/lanplus/lanplus_crypt_impl.c
++++ trunk/src/plugins/lanplus/lanplus_crypt_impl.c
+@@ -164,11 +164,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_
+ 							uint8_t       * output,
+ 							uint32_t        * bytes_written)
+ {
+-	EVP_CIPHER_CTX ctx;
+-	EVP_CIPHER_CTX_init(&ctx);
+-	EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
+-	EVP_CIPHER_CTX_set_padding(&ctx, 0);
+-	
++	EVP_CIPHER_CTX *ctx = NULL;
+ 
+ 	*bytes_written = 0;
+ 
+@@ -182,6 +178,14 @@ lanplus_encrypt_aes_cbc_128(const uint8_
+ 		printbuf(input, input_length, "encrypting this data");
+ 	}
+ 
++	ctx = EVP_CIPHER_CTX_new();
++	if (ctx == NULL) {
++		lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
++		return;
++	}
++	EVP_CIPHER_CTX_init(ctx);
++	EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
++	EVP_CIPHER_CTX_set_padding(ctx, 0);
+ 
+ 	/*
+ 	 * The default implementation adds a whole block of padding if the input
+@@ -191,28 +195,28 @@ lanplus_encrypt_aes_cbc_128(const uint8_
+ 	assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
+ 
+ 
+-	if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
++	if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
+ 	{
+ 		/* Error */
+ 		*bytes_written = 0;
+-		return;
+ 	}
+ 	else
+ 	{
+ 		uint32_t tmplen;
+ 
+-		if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
++		if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
+ 		{
++			/* Error */
+ 			*bytes_written = 0;
+-			return; /* Error */
+ 		}
+ 		else
+ 		{
+ 			/* Success */
+ 			*bytes_written += tmplen;
+-			EVP_CIPHER_CTX_cleanup(&ctx);
+ 		}
+ 	}
++	/* performs cleanup and free */
++	EVP_CIPHER_CTX_free(ctx);
+ }
+ 
+ 
+@@ -239,11 +243,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_
+ 							uint8_t       * output,
+ 							uint32_t        * bytes_written)
+ {
+-	EVP_CIPHER_CTX ctx;
+-	EVP_CIPHER_CTX_init(&ctx);
+-	EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
+-	EVP_CIPHER_CTX_set_padding(&ctx, 0);
+-
++	EVP_CIPHER_CTX *ctx = NULL;
+ 
+ 	if (verbose >= 5)
+ 	{
+@@ -252,12 +252,20 @@ lanplus_decrypt_aes_cbc_128(const uint8_
+ 		printbuf(input, input_length, "decrypting this data");
+ 	}
+ 
+-
+ 	*bytes_written = 0;
+ 
+ 	if (input_length == 0)
+ 		return;
+ 
++	ctx = EVP_CIPHER_CTX_new();
++	if (ctx == NULL) {
++		lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
++		return;
++	}
++	EVP_CIPHER_CTX_init(ctx);
++	EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
++	EVP_CIPHER_CTX_set_padding(ctx, 0);
++
+ 	/*
+ 	 * The default implementation adds a whole block of padding if the input
+ 	 * data is perfectly aligned.  We would like to keep that from happening.
+@@ -266,33 +274,33 @@ lanplus_decrypt_aes_cbc_128(const uint8_
+ 	assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
+ 
+ 
+-	if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
++	if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
+ 	{
+ 		/* Error */
+ 		lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
+ 		*bytes_written = 0;
+-		return;
+ 	}
+ 	else
+ 	{
+ 		uint32_t tmplen;
+ 
+-		if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
++		if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
+ 		{
++			/* Error */
+ 			char buffer[1000];
+ 			ERR_error_string(ERR_get_error(), buffer);
+ 			lprintf(LOG_DEBUG, "the ERR error %s", buffer);
+ 			lprintf(LOG_DEBUG, "ERROR: decrypt final failed");
+ 			*bytes_written = 0;
+-			return; /* Error */
+ 		}
+ 		else
+ 		{
+ 			/* Success */
+ 			*bytes_written += tmplen;
+-			EVP_CIPHER_CTX_cleanup(&ctx);
+ 		}
+ 	}
++	/* performs cleanup and free */
++	EVP_CIPHER_CTX_free(ctx);
+ 
+ 	if (verbose >= 5)
+ 	{
diff --git a/debian/patches/series b/debian/patches/series
index d3b8208..197df06 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,5 +1,6 @@
 #0605-manpage_typo.patch
 #0105-typo.patch
+0120-openssl1.1.patch
 0100-fix_buf_overflow.patch
 0500-fix_CVE-2011-4339.patch
 #0610-readme_typo.patch
diff --git a/debian/rules b/debian/rules
index 5bb138a..7aa7d87 100755
--- a/debian/rules
+++ b/debian/rules
@@ -36,4 +36,4 @@ override_dh_systemd_enable:
 	dh_systemd_enable --no-enable ipmievd.service
 
 override_dh_auto_configure:
-	dh_auto_configure -- --prefix=/usr --with-kerneldir --mandir=/usr/share/man $(extra_config_opts)
+	dh_auto_configure -- --prefix=/usr --with-kerneldir --mandir=/usr/share/man --enable-intf-dummy $(extra_config_opts)