summaryrefslogtreecommitdiff
path: root/debian/patches
diff options
context:
space:
mode:
authorJörg Frings-Fürst <debian@jff-webhosting.net>2022-10-30 18:12:02 +0100
committerJörg Frings-Fürst <debian@jff-webhosting.net>2022-10-30 18:12:02 +0100
commit1f3c9b4ae26ce1d46d954d509b83b8684ada5625 (patch)
tree260b922ec4d5d153cc6db745e27931cfd464472f /debian/patches
parent8fcf0ba6f182918bd584bb80bf0b8998acad26a8 (diff)
parent8b758ee941f4c1ffea0532caa74b1fcd8101d1d8 (diff)
Merge branch 'release/debian/1.8.19-1'debian/1.8.19-1
Diffstat (limited to 'debian/patches')
-rw-r--r--debian/patches/0005-gcc10.patch63
-rw-r--r--debian/patches/0100-fix_buf_overflow.patch4
-rw-r--r--debian/patches/0105-sensor_reading.patch35
-rw-r--r--debian/patches/0110-getpass-prototype.patch23
-rw-r--r--debian/patches/0115-typo.patch164
-rw-r--r--debian/patches/0120-openssl1.1.patch150
-rw-r--r--debian/patches/0125-nvidia-iana.patch36
-rw-r--r--debian/patches/0130-Correct_lanplus_segment_violation.patch29
-rw-r--r--debian/patches/0500-fix_CVE-2011-4339.patch21
-rw-r--r--debian/patches/0505-fix_CVE-2020-5208.patch299
-rw-r--r--debian/patches/0600-manpage_longlines.patch56
-rw-r--r--debian/patches/0615-manpage_typo.patch49
-rw-r--r--debian/patches/0620-manpage_typo.patch370
-rw-r--r--debian/patches/0700-build.patch105
-rw-r--r--debian/patches/CVE-2020-5208_1_Fix_buffer_overflow_vulnerabilities.patch120
-rw-r--r--debian/patches/CVE-2020-5208_2-fru-Fix-buffer-overflow-in-ipmi_spd_print_fru.patch48
-rw-r--r--debian/patches/CVE-2020-5208_3-session-Fix-buffer-overflow-in-ipmi_get_session_info.patch48
-rw-r--r--debian/patches/CVE-2020-5208_4-channel-Fix-buffer-overflow.patch37
-rw-r--r--debian/patches/CVE-2020-5208_5_lanp-Fix-buffer-overflows-in-get_lan_param_select.patch85
-rw-r--r--debian/patches/CVE-2020-5208_6-fru-sdr-Fix-id_string-buffer-overflows.patch134
-rw-r--r--debian/patches/series19
21 files changed, 515 insertions, 1380 deletions
diff --git a/debian/patches/0005-gcc10.patch b/debian/patches/0005-gcc10.patch
deleted file mode 100644
index a4e5d8a..0000000
--- a/debian/patches/0005-gcc10.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-Description: Fix ftbfs with gcc-10
-Author: Jörg Frings-Fürst <debian@jff.email>
-Bug: https://github.com/ipmitool/ipmitool/issues/220
-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=957371
-Last-Update: 2020-07-28
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
-Index: trunk/include/ipmitool/ipmi_hpmfwupg.h
-===================================================================
---- trunk.orig/include/ipmitool/ipmi_hpmfwupg.h
-+++ trunk/include/ipmitool/ipmi_hpmfwupg.h
-@@ -30,9 +30,22 @@
- * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
- */
-
-+
- #ifndef IPMI_HPMFWUPG_H
- #define IPMI_HPMFWUPG_H
-
-+
-+#ifdef IPMI_HPMFWUPG_MOD
-+
-+ #define EXTERN
-+
-+#else
-+
-+ #define EXTERN extern
-+
-+#endif
-+
-+
- #include <inttypes.h>
- #include <ipmitool/ipmi.h>
-
-@@ -800,10 +813,12 @@ typedef struct _VERSIONINFO {
- char descString[HPMFWUPG_DESC_STRING_LENGTH + 1];
- }VERSIONINFO, *PVERSIONINFO;
-
--VERSIONINFO gVersionInfo[HPMFWUPG_COMPONENT_ID_MAX];
-+EXTERN VERSIONINFO gVersionInfo[HPMFWUPG_COMPONENT_ID_MAX];
-
- #define TARGET_VER (0x01)
- #define ROLLBACK_VER (0x02)
- #define IMAGE_VER (0x04)
-
- #endif /* IPMI_KFWUM_H */
-+
-+#undef EXTERN
-Index: trunk/lib/ipmi_hpmfwupg.c
-===================================================================
---- trunk.orig/lib/ipmi_hpmfwupg.c
-+++ trunk/lib/ipmi_hpmfwupg.c
-@@ -37,7 +37,10 @@
-
- #include <ipmitool/ipmi_intf.h>
- #include <ipmitool/ipmi_mc.h>
-+
-+#define IPMI_HPMFWUPG_MOD
- #include <ipmitool/ipmi_hpmfwupg.h>
-+
- #include <ipmitool/helper.h>
- #include <ipmitool/ipmi_strings.h>
- #include <ipmitool/log.h>
diff --git a/debian/patches/0100-fix_buf_overflow.patch b/debian/patches/0100-fix_buf_overflow.patch
index 174d205..1651487 100644
--- a/debian/patches/0100-fix_buf_overflow.patch
+++ b/debian/patches/0100-fix_buf_overflow.patch
@@ -11,12 +11,12 @@ Index: trunk/lib/ipmi_tsol.c
===================================================================
--- trunk.orig/lib/ipmi_tsol.c
+++ trunk/lib/ipmi_tsol.c
-@@ -375,7 +375,7 @@ ipmi_tsol_main(struct ipmi_intf *intf, i
+@@ -374,7 +374,7 @@ ipmi_tsol_main(struct ipmi_intf *intf, i
char *recvip = NULL;
char in_buff[IPMI_BUF_SIZE];
char out_buff[IPMI_BUF_SIZE * 8];
- char buff[IPMI_BUF_SIZE + 4];
+ char buff[IPMI_BUF_SIZE * 8 + 4];
int fd_socket, result, i;
- int out_buff_fill, in_buff_fill;
+ size_t out_buff_fill, in_buff_fill;
int ip1, ip2, ip3, ip4;
diff --git a/debian/patches/0105-sensor_reading.patch b/debian/patches/0105-sensor_reading.patch
new file mode 100644
index 0000000..edde4a0
--- /dev/null
+++ b/debian/patches/0105-sensor_reading.patch
@@ -0,0 +1,35 @@
+Description: Fix soensor reading
+Author: mareedu srinivasa rao
+Origin: upstream, https://sourceforge.net/p/ipmitool/bugs/490/
+Bug: https://sourceforge.net/p/ipmitool/bugs/490/
+Bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983082
+Forwarded: not-needed
+Last-Update: 2022-10-29
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: trunk/lib/ipmi_sdr.c
+===================================================================
+--- trunk.orig/lib/ipmi_sdr.c
++++ trunk/lib/ipmi_sdr.c
+@@ -1799,7 +1799,7 @@ ipmi_sdr_print_sensor_fc(struct ipmi_int
+ sr->s_a_units);
+ } else /* Discrete */
+ snprintf(sval, sizeof(sval),
+- "0x%02x", sr->s_reading);
++ "0x%02x", sr->s_data2);
+ }
+ else if (sr->s_scanning_disabled)
+ snprintf(sval, sizeof (sval), sr->full ? "disabled" : "Not Readable");
+Index: trunk/lib/ipmi_sensor.c
+===================================================================
+--- trunk.orig/lib/ipmi_sensor.c
++++ trunk/lib/ipmi_sensor.c
+@@ -201,7 +201,7 @@ ipmi_sensor_print_fc_discrete(struct ipm
+ sr->s_a_str, sr->s_a_units, "ok");
+ } else {
+ printf("| 0x%-8x | %-10s | 0x%02x%02x",
+- sr->s_reading, "discrete",
++ sr->s_data2, "discrete",
+ sr->s_data2, sr->s_data3);
+ }
+ } else {
diff --git a/debian/patches/0110-getpass-prototype.patch b/debian/patches/0110-getpass-prototype.patch
deleted file mode 100644
index ecd8ee9..0000000
--- a/debian/patches/0110-getpass-prototype.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-Description: use necessary source dialect to ensure getpass() availability
- getpass is a deprecated function, and building with either c99 or gnu99
- does not ensure this function's availability. So instead, declare
- _DEFAULT_SOURCE so that the function remains available.
-Author: Steve Langasek <steve.langasek@ubuntu.com>
-Origin: <upstream|backport|vendor|other>, <URL, required except if Author is present>
-Bug: <URL to the upstream bug report if any, implies patch has been forwarded, optional>
-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819340
-Last-Update: 2016-05-15
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
-Index: trunk/lib/ipmi_main.c
-===================================================================
---- trunk.orig/lib/ipmi_main.c
-+++ trunk/lib/ipmi_main.c
-@@ -34,6 +34,7 @@
- (_XOPEN_SOURCE >= 500 || \
- _XOPEN_SOURCE && _XOPEN_SOURCE_EXTENDED) && \
- !(_POSIX_C_SOURCE >= 200112L || _XOPEN_SOURCE >= 600)
-+#define _DEFAULT_SOURCE
-
- #include <stdlib.h>
- #include <stdio.h>
diff --git a/debian/patches/0115-typo.patch b/debian/patches/0115-typo.patch
deleted file mode 100644
index e8f762c..0000000
--- a/debian/patches/0115-typo.patch
+++ /dev/null
@@ -1,164 +0,0 @@
-Description: source typos
-Author: Jörg Frings-Fürst <debian@jff-webhosting.net>
-Forwarded: not-needed
-Last-Update: 2017-08-13
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
-Index: trunk/lib/dimm_spd.c
-===================================================================
---- trunk.orig/lib/dimm_spd.c
-+++ trunk/lib/dimm_spd.c
-@@ -798,7 +798,7 @@ const struct valstr jedec_id5_vals[] = {
- { 0xE3, "WIS Technologies" },
- { 0x64, "GateChange Technologies" },
- { 0xE5, "High Density Devices AS" },
-- { 0xE6, "Synopsys" },
-+ { 0xE6, "Synopsis" },
- { 0x67, "Gigaram" },
- { 0x68, "Enigma Semiconductor Inc." },
- { 0xE9, "Century Micro Inc." },
-Index: trunk/lib/ipmi_hpmfwupg.c
-===================================================================
---- trunk.orig/lib/ipmi_hpmfwupg.c
-+++ trunk/lib/ipmi_hpmfwupg.c
-@@ -1507,7 +1507,7 @@ HpmfwupgGetTargetUpgCapabilities(struct
- pCtx->resp.GlobalCapabilities.bitField.autRollbackOverride ? 'y' : 'n');
- lprintf(LOG_NOTICE, "IPMC degraded...........[%c] ",
- pCtx->resp.GlobalCapabilities.bitField.ipmcDegradedDurinUpg ? 'y' : 'n');
-- lprintf(LOG_NOTICE, "Defered activation......[%c] ",
-+ lprintf(LOG_NOTICE, "Deferred activation......[%c] ",
- pCtx->resp.GlobalCapabilities.bitField.deferActivation ? 'y' : 'n');
- lprintf(LOG_NOTICE, "Service affected........[%c] ",
- pCtx->resp.GlobalCapabilities.bitField.servAffectDuringUpg ? 'y' : 'n');
-Index: trunk/lib/ipmi_kontronoem.c
-===================================================================
---- trunk.orig/lib/ipmi_kontronoem.c
-+++ trunk/lib/ipmi_kontronoem.c
-@@ -85,7 +85,7 @@ ipmi_kontronoem_main(struct ipmi_intf *i
- return (-1);
- }
- if (ipmi_kontron_set_serial_number(intf) > 0) {
-- printf("FRU serial number setted successfully\n");
-+ printf("FRU serial number set successfully\n");
- } else {
- printf("FRU serial number set failed\n");
- rc = (-1);
-@@ -96,7 +96,7 @@ ipmi_kontronoem_main(struct ipmi_intf *i
- return (-1);
- }
- if (ipmi_kontron_set_mfg_date(intf) > 0) {
-- printf("FRU manufacturing date setted successfully\n");
-+ printf("FRU manufacturing date set successfully\n");
- } else {
- printf("FRU manufacturing date set failed\n");
- rc = (-1);
-Index: trunk/lib/ipmi_ekanalyzer.c
-===================================================================
---- trunk.orig/lib/ipmi_ekanalyzer.c
-+++ trunk/lib/ipmi_ekanalyzer.c
-@@ -3398,7 +3398,7 @@ ipmi_ek_display_board_p2p_record(struct
- printf("ShMC Cross-connect (two-pair)\n");
- break;
- default:
-- printf("Unknwon\n");
-+ printf("Unknown\n");
- break;
- }
- } else if (d->type == FRU_PICMGEXT_LINK_TYPE_FABRIC_ETHERNET) {
-@@ -3413,17 +3413,17 @@ ipmi_ek_display_board_p2p_record(struct
- printf("FC-PI\n");
- break;
- default:
-- printf("Unknwon\n");
-+ printf("Unknown\n");
- break;
- }
- } else if (d->type == FRU_PICMGEXT_LINK_TYPE_FABRIC_INFINIBAND) {
-- printf("Unknwon\n");
-+ printf("Unknown\n");
- } else if (d->type == FRU_PICMGEXT_LINK_TYPE_FABRIC_STAR) {
-- printf("Unknwon\n");
-+ printf("Unknown\n");
- } else if (d->type == FRU_PICMGEXT_LINK_TYPE_PCIE) {
-- printf("Unknwon\n");
-+ printf("Unknown\n");
- } else {
-- printf("Unknwon\n");
-+ printf("Unknown\n");
- }
- printf("\tLink Type:\t\t0x%02x - ", d->type);
- if (d->type == 0 || d->type == 0xff) {
-Index: trunk/src/ipmievd.c
-===================================================================
---- trunk.orig/src/ipmievd.c
-+++ trunk/src/ipmievd.c
-@@ -125,7 +125,7 @@ static int openipmi_wait(struct ipmi_eve
- static int openipmi_read(struct ipmi_event_intf * eintf);
- static struct ipmi_event_intf openipmi_event_intf = {
- .name = "open",
-- .desc = "OpenIPMI asyncronous notification of events",
-+ .desc = "OpenIPMI asynchronous notification of events",
- .prefix = "",
- .setup = openipmi_setup,
- .wait = openipmi_wait,
-@@ -864,7 +864,7 @@ ipmievd_open_main(struct ipmi_intf * int
-
- struct ipmi_cmd ipmievd_cmd_list[] = {
- #ifdef IPMI_INTF_OPEN
-- { ipmievd_open_main, "open", "Use OpenIPMI for asyncronous notification of events" },
-+ { ipmievd_open_main, "open", "Use OpenIPMI for asynchronous notification of events" },
- #endif
- { ipmievd_sel_main, "sel", "Poll SEL for notification of events" },
- { NULL }
-Index: trunk/include/ipmitool/ipmi_pef.h
-===================================================================
---- trunk.orig/include/ipmitool/ipmi_pef.h
-+++ trunk/include/ipmitool/ipmi_pef.h
-@@ -178,7 +178,7 @@ BIT_DESC_MAP_LIST,
- {"Entity presence", 37},
- {"Monitor ASIC/IC", 38},
- {"LAN", 39},
-- {"Management subsytem health",40},
-+ {"Management subsystem health",40},
- {"Battery", 41},
- {NULL}
- } };
-Index: trunk/doc/ipmievd.8
-===================================================================
---- trunk.orig/doc/ipmievd.8
-+++ trunk/doc/ipmievd.8
-@@ -145,7 +145,7 @@ placed at the end of commands to get opt
- > ipmievd help
- .br
- Commands:
-- open Use OpenIPMI for asyncronous notification of events
-+ open Use OpenIPMI for asynchronous notification of events
- sel Poll SEL for notification of events
-
- .TP
-Index: trunk/lib/ipmi_lanp.c
-===================================================================
---- trunk.orig/lib/ipmi_lanp.c
-+++ trunk/lib/ipmi_lanp.c
-@@ -1271,7 +1271,7 @@ print_lan_set_bad_pass_thresh_usage(void
- {
- lprintf(LOG_NOTICE,
- "lan set <chanel> bad_pass_thresh <thresh_num> <1|0> <reset_interval> <lockout_interval>\n"
--" <thresh_num> Bad Pasword Threshold number.\n"
-+" <thresh_num> Bad Password Threshold number.\n"
- " <1|0> 1 = generate a Session Audit sensor event.\n"
- " 0 = do not generate an event.\n"
- " <reset_interval> Attempt Count Reset Interval. In tens of seconds.\n"
-Index: trunk/lib/ipmi_mc.c
-===================================================================
---- trunk.orig/lib/ipmi_mc.c
-+++ trunk/lib/ipmi_mc.c
-@@ -583,7 +583,7 @@ static int ipmi_mc_get_selftest(struct i
- printf(" -> SEL device not accessible\n");
- }
- if (sft_res->test & IPM_SELFTEST_SDR_ERROR) {
-- printf(" -> SDR repository not accesible\n");
-+ printf(" -> SDR repository not accessible\n");
- }
- if (sft_res->test & IPM_SELFTEST_FRU_ERROR) {
- printf("FRU device not accessible\n");
diff --git a/debian/patches/0120-openssl1.1.patch b/debian/patches/0120-openssl1.1.patch
deleted file mode 100644
index a7523fd..0000000
--- a/debian/patches/0120-openssl1.1.patch
+++ /dev/null
@@ -1,150 +0,0 @@
-Description: Migrate to openssl 1.1
- Cherry-picked from upstream
-Author: Jörg Frings-Fürst <debian@jff-webhosting.net>
-Origin: upstream https://sourceforge.net/p/ipmitool/source/ci/1664902525a1c3771b4d8b3ccab7ea1ba6b2bdd1/
-Bug: https://sourceforge.net/p/ipmitool/bugs/461/
-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853782
-Forwarded: not-needed
-Last-Update: 2017-08-13 <YYYY-MM-DD, last update of the meta-information, optional>
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
-Index: trunk/src/plugins/lanplus/lanplus_crypt_impl.c
-===================================================================
---- trunk.orig/src/plugins/lanplus/lanplus_crypt_impl.c
-+++ trunk/src/plugins/lanplus/lanplus_crypt_impl.c
-@@ -164,11 +164,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_
- uint8_t * output,
- uint32_t * bytes_written)
- {
-- EVP_CIPHER_CTX ctx;
-- EVP_CIPHER_CTX_init(&ctx);
-- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
-- EVP_CIPHER_CTX_set_padding(&ctx, 0);
--
-+ EVP_CIPHER_CTX *ctx = NULL;
-
- *bytes_written = 0;
-
-@@ -182,6 +178,14 @@ lanplus_encrypt_aes_cbc_128(const uint8_
- printbuf(input, input_length, "encrypting this data");
- }
-
-+ ctx = EVP_CIPHER_CTX_new();
-+ if (ctx == NULL) {
-+ lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
-+ return;
-+ }
-+ EVP_CIPHER_CTX_init(ctx);
-+ EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
-+ EVP_CIPHER_CTX_set_padding(ctx, 0);
-
- /*
- * The default implementation adds a whole block of padding if the input
-@@ -191,28 +195,28 @@ lanplus_encrypt_aes_cbc_128(const uint8_
- assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
-
-
-- if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
-+ if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
- {
- /* Error */
- *bytes_written = 0;
-- return;
- }
- else
- {
- uint32_t tmplen;
-
-- if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
-+ if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
- {
-+ /* Error */
- *bytes_written = 0;
-- return; /* Error */
- }
- else
- {
- /* Success */
- *bytes_written += tmplen;
-- EVP_CIPHER_CTX_cleanup(&ctx);
- }
- }
-+ /* performs cleanup and free */
-+ EVP_CIPHER_CTX_free(ctx);
- }
-
-
-@@ -239,11 +243,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_
- uint8_t * output,
- uint32_t * bytes_written)
- {
-- EVP_CIPHER_CTX ctx;
-- EVP_CIPHER_CTX_init(&ctx);
-- EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
-- EVP_CIPHER_CTX_set_padding(&ctx, 0);
--
-+ EVP_CIPHER_CTX *ctx = NULL;
-
- if (verbose >= 5)
- {
-@@ -252,12 +252,20 @@ lanplus_decrypt_aes_cbc_128(const uint8_
- printbuf(input, input_length, "decrypting this data");
- }
-
--
- *bytes_written = 0;
-
- if (input_length == 0)
- return;
-
-+ ctx = EVP_CIPHER_CTX_new();
-+ if (ctx == NULL) {
-+ lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
-+ return;
-+ }
-+ EVP_CIPHER_CTX_init(ctx);
-+ EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
-+ EVP_CIPHER_CTX_set_padding(ctx, 0);
-+
- /*
- * The default implementation adds a whole block of padding if the input
- * data is perfectly aligned. We would like to keep that from happening.
-@@ -266,33 +274,33 @@ lanplus_decrypt_aes_cbc_128(const uint8_
- assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
-
-
-- if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
-+ if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
- {
- /* Error */
- lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
- *bytes_written = 0;
-- return;
- }
- else
- {
- uint32_t tmplen;
-
-- if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
-+ if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
- {
-+ /* Error */
- char buffer[1000];
- ERR_error_string(ERR_get_error(), buffer);
- lprintf(LOG_DEBUG, "the ERR error %s", buffer);
- lprintf(LOG_DEBUG, "ERROR: decrypt final failed");
- *bytes_written = 0;
-- return; /* Error */
- }
- else
- {
- /* Success */
- *bytes_written += tmplen;
-- EVP_CIPHER_CTX_cleanup(&ctx);
- }
- }
-+ /* performs cleanup and free */
-+ EVP_CIPHER_CTX_free(ctx);
-
- if (verbose >= 5)
- {
diff --git a/debian/patches/0125-nvidia-iana.patch b/debian/patches/0125-nvidia-iana.patch
deleted file mode 100644
index 28276f8..0000000
--- a/debian/patches/0125-nvidia-iana.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Description: Add IANA ID for NVIDIA hardware
- Add the NVIDIA IANA ID to the hardcoded list used in ipmitool <= 1.8.18.
- After upstream commit "9d41136 ID:491 - Fetch vendor IDs from IANA", ipmitool
- generates a list of vendor IDs dynamically at build time, so we can drop this
- patch in future releases.
-Author: dann frazier <dannf@debian.org>
-Origin: backport
-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903616
-Forwarded: not-needed
-Last-Update: 2018-07-11
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
-Index: ipmitool-1.8.18/include/ipmitool/ipmi.h
-===================================================================
---- ipmitool-1.8.18.orig/include/ipmitool/ipmi.h
-+++ ipmitool-1.8.18/include/ipmitool/ipmi.h
-@@ -279,6 +279,7 @@ typedef enum IPMI_OEM {
- /* 4769 for [IBM Corporation] */
- IPMI_OEM_IBM_4769 = 4769,
- IPMI_OEM_MAGNUM = 5593,
-+ IPMI_OEM_NVIDIA = 5703,
- IPMI_OEM_TYAN = 6653,
- IPMI_OEM_QUANTA = 7244,
- IPMI_OEM_NEWISYS = 9237,
-Index: ipmitool-1.8.18/lib/ipmi_strings.c
-===================================================================
---- ipmitool-1.8.18.orig/lib/ipmi_strings.c
-+++ ipmitool-1.8.18/lib/ipmi_strings.c
-@@ -96,6 +96,7 @@ const struct valstr ipmi_oem_info[] = {
- { IPMI_OEM_IBM_4769, "IBM Corporation" },
- { IPMI_OEM_IBM_20301, "IBM eServer X" },
- { IPMI_OEM_ADLINK_24339, "ADLINK Technology Inc." },
-+ { IPMI_OEM_NVIDIA, "NVIDIA Corporation" },
- { 0xffff , NULL },
- };
-
diff --git a/debian/patches/0130-Correct_lanplus_segment_violation.patch b/debian/patches/0130-Correct_lanplus_segment_violation.patch
deleted file mode 100644
index 17e8fe5..0000000
--- a/debian/patches/0130-Correct_lanplus_segment_violation.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-Description: Fix lanplus segment violation for truncated response
-Origin: upstream, https://github.com/pjdhpe/ipmitool/commit/815aae70cf8dc9f0e1ba1923fc4ec3cc16d0d2f1?diff=unified
-Bug: https://github.com/ipmitool/ipmitool/issues/72
-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945764
-Last-Update: 2019-12-22
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
-Index: trunk/src/plugins/lanplus/lanplus.c
-===================================================================
---- trunk.orig/src/plugins/lanplus/lanplus.c
-+++ trunk/src/plugins/lanplus/lanplus.c
-@@ -819,7 +819,7 @@ ipmi_lan_poll_single(struct ipmi_intf *
- * rsp->data_len becomes the length of that data
- */
- extra_data_length = payload_size - (offset - payload_start) - 1;
-- if (extra_data_length) {
-+ if (extra_data_length > 0) {
- rsp->data_len = extra_data_length;
- memmove(rsp->data, rsp->data + offset, extra_data_length);
- } else {
-@@ -873,7 +873,7 @@ ipmi_lan_poll_single(struct ipmi_intf *
- }
- read_sol_packet(rsp, &offset);
- extra_data_length = payload_size - (offset - payload_start);
-- if (rsp && extra_data_length) {
-+ if (rsp && extra_data_length > 0) {
- rsp->data_len = extra_data_length;
- memmove(rsp->data, rsp->data + offset, extra_data_length);
- } else {
diff --git a/debian/patches/0500-fix_CVE-2011-4339.patch b/debian/patches/0500-fix_CVE-2011-4339.patch
deleted file mode 100644
index 62a9d0c..0000000
--- a/debian/patches/0500-fix_CVE-2011-4339.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-Description: CVE-2011-4339
- insecure file permission when creating PID files
- based on 112_fix_CVE-2011-4339
-Author: Jörg Frings-Fürst <debian@jff-webhosting.net>
-Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651917
-Forwarded: https://sourceforge.net/p/ipmitool/patches/99/
-Last-Update: 2014-12-01
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
-Index: trunk/lib/helper.c
-===================================================================
---- trunk.orig/lib/helper.c
-+++ trunk/lib/helper.c
-@@ -829,7 +829,6 @@ ipmi_start_daemon(struct ipmi_intf *intf
- #endif
-
- chdir("/");
-- umask(0);
-
- for (fd=0; fd<64; fd++) {
- if (fd != intf->fd)
diff --git a/debian/patches/0505-fix_CVE-2020-5208.patch b/debian/patches/0505-fix_CVE-2020-5208.patch
deleted file mode 100644
index 1295180..0000000
--- a/debian/patches/0505-fix_CVE-2020-5208.patch
+++ /dev/null
@@ -1,299 +0,0 @@
-Description: Fix CVE-2020-5208
-Origin: backport from
- https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2
- https://github.com/ipmitool/ipmitool/commit/840fb1cbb4fb365cb9797300e3374d4faefcdb10
- https://github.com/ipmitool/ipmitool/commit/41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22
- https://github.com/ipmitool/ipmitool/commit/9452be87181a6e83cfcc768b3ed8321763db50e4
- https://github.com/ipmitool/ipmitool/commit/d45572d71e70840e0d4c50bf48218492b79c1a10
- https://github.com/ipmitool/ipmitool/commit/7ccea283dd62a05a320c1921e3d8d71a87772637
-Bug: https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950761
-Forwarded: not-needed
-Last-Update: 2021-01-03
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
-Index: trunk/lib/ipmi_fru.c
-===================================================================
---- trunk.orig/lib/ipmi_fru.c
-+++ trunk/lib/ipmi_fru.c
-@@ -615,7 +615,10 @@ int
- read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
- uint32_t offset, uint32_t length, uint8_t *frubuf)
- {
-- uint32_t off = offset, tmp, finish;
-+ uint32_t off = offset;
-+ uint32_t tmp;
-+ uint32_t finish;
-+ uint32_t size_left_in_buffer;
- struct ipmi_rs * rsp;
- struct ipmi_rq req;
- uint8_t msg_data[4];
-@@ -628,10 +631,12 @@ read_fru_area(struct ipmi_intf * intf, s
-
- finish = offset + length;
- if (finish > fru->size) {
-+ memset(frubuf + fru->size, 0, length - fru->size);
- finish = fru->size;
- lprintf(LOG_NOTICE, "Read FRU Area length %d too large, "
- "Adjusting to %d",
- offset + length, finish - offset);
-+ length = finish - offset;
- }
-
- memset(&req, 0, sizeof(req));
-@@ -667,6 +672,7 @@ read_fru_area(struct ipmi_intf * intf, s
- }
- }
-
-+ size_left_in_buffer = length;
- do {
- tmp = fru->access ? off >> 1 : off;
- msg_data[0] = id;
-@@ -707,9 +713,18 @@ read_fru_area(struct ipmi_intf * intf, s
- }
-
- tmp = fru->access ? rsp->data[0] << 1 : rsp->data[0];
-+ if(rsp->data_len < 1
-+ || tmp > rsp->data_len - 1
-+ || tmp > size_left_in_buffer)
-+ {
-+ printf(" Not enough buffer size");
-+ return -1;
-+ }
-+
- memcpy(frubuf, rsp->data + 1, tmp);
- off += tmp;
- frubuf += tmp;
-+ size_left_in_buffer -= tmp;
- /* sometimes the size returned in the Info command
- * is too large. return 0 so higher level function
- * still attempts to parse what was returned */
-@@ -742,7 +757,9 @@ read_fru_area_section(struct ipmi_intf *
- uint32_t offset, uint32_t length, uint8_t *frubuf)
- {
- static uint32_t fru_data_rqst_size = 20;
-- uint32_t off = offset, tmp, finish;
-+ uint32_t off = offset;
-+ uint32_t tmp, finish;
-+ uint32_t size_left_in_buffer;
- struct ipmi_rs * rsp;
- struct ipmi_rq req;
- uint8_t msg_data[4];
-@@ -755,10 +772,12 @@ read_fru_area_section(struct ipmi_intf *
-
- finish = offset + length;
- if (finish > fru->size) {
-+ memset(frubuf + fru->size, 0, length - fru->size);
- finish = fru->size;
- lprintf(LOG_NOTICE, "Read FRU Area length %d too large, "
- "Adjusting to %d",
- offset + length, finish - offset);
-+ length = finish - offset;
- }
-
- memset(&req, 0, sizeof(req));
-@@ -773,6 +792,8 @@ read_fru_area_section(struct ipmi_intf *
- if (fru->access && fru_data_rqst_size > 16)
- #endif
- fru_data_rqst_size = 16;
-+
-+ size_left_in_buffer = length;
- do {
- tmp = fru->access ? off >> 1 : off;
- msg_data[0] = id;
-@@ -804,8 +825,16 @@ read_fru_area_section(struct ipmi_intf *
- }
-
- tmp = fru->access ? rsp->data[0] << 1 : rsp->data[0];
-+ if(rsp->data_len < 1
-+ || tmp > rsp->data_len - 1
-+ || tmp > size_left_in_buffer)
-+ {
-+ printf(" Not enough buffer size");
-+ return -1;
-+ }
- memcpy((frubuf + off)-offset, rsp->data + 1, tmp);
- off += tmp;
-+ size_left_in_buffer -= tmp;
-
- /* sometimes the size returned in the Info command
- * is too large. return 0 so higher level function
-@@ -3033,7 +3062,7 @@ ipmi_fru_print(struct ipmi_intf * intf,
- return 0;
-
- memset(desc, 0, sizeof(desc));
-- memcpy(desc, fru->id_string, fru->id_code & 0x01f);
-+ memcpy(desc, fru->id_string, __min(fru->id_code & 0x01f, sizeof(desc)));
- desc[fru->id_code & 0x01f] = 0;
- printf("FRU Device Description : %s (ID %d)\n", desc, fru->device_id);
-
-Index: trunk/lib/ipmi_sdr.c
-===================================================================
---- trunk.orig/lib/ipmi_sdr.c
-+++ trunk/lib/ipmi_sdr.c
-@@ -2084,7 +2084,7 @@ ipmi_sdr_print_sensor_eventonly(struct i
- return -1;
-
- memset(desc, 0, sizeof (desc));
-- snprintf(desc, (sensor->id_code & 0x1f) + 1, "%s", sensor->id_string);
-+ snprintf(desc, sizeof(desc), "%.*s", (sensor->id_code & 0x1f) + 1, sensor->id_string);
-
- if (verbose) {
- printf("Sensor ID : %s (0x%x)\n",
-@@ -2135,7 +2135,7 @@ ipmi_sdr_print_sensor_mc_locator(struct
- return -1;
-
- memset(desc, 0, sizeof (desc));
-- snprintf(desc, (mc->id_code & 0x1f) + 1, "%s", mc->id_string);
-+ snprintf(desc, sizeof(desc), "%.*s", (mc->id_code & 0x1f) + 1, mc->id_string);
-
- if (verbose == 0) {
- if (csv_output)
-@@ -2228,7 +2228,7 @@ ipmi_sdr_print_sensor_generic_locator(st
- char desc[17];
-
- memset(desc, 0, sizeof (desc));
-- snprintf(desc, (dev->id_code & 0x1f) + 1, "%s", dev->id_string);
-+ snprintf(desc, sizeof(desc), "%.*s", (dev->id_code & 0x1f) + 1, dev->id_string);
-
- if (!verbose) {
- if (csv_output)
-@@ -2285,7 +2285,7 @@ ipmi_sdr_print_sensor_fru_locator(struct
- char desc[17];
-
- memset(desc, 0, sizeof (desc));
-- snprintf(desc, (fru->id_code & 0x1f) + 1, "%s", fru->id_string);
-+ snprintf(desc, sizeof(desc), "%.*s", (fru->id_code & 0x1f) + 1, fru->id_string);
-
- if (!verbose) {
- if (csv_output)
-@@ -2489,35 +2489,43 @@ ipmi_sdr_print_name_from_rawentry(struct
-
- int rc =0;
- char desc[17];
-+ const char *id_string;
-+ uint8_t id_code;
- memset(desc, ' ', sizeof (desc));
-
- switch ( type) {
- case SDR_RECORD_TYPE_FULL_SENSOR:
- record.full = (struct sdr_record_full_sensor *) raw;
-- snprintf(desc, (record.full->id_code & 0x1f) +1, "%s",
-- (const char *)record.full->id_string);
-+ id_code = record.full->id_code;
-+ id_string = record.full->id_string;
- break;
-+
- case SDR_RECORD_TYPE_COMPACT_SENSOR:
- record.compact = (struct sdr_record_compact_sensor *) raw ;
-- snprintf(desc, (record.compact->id_code & 0x1f) +1, "%s",
-- (const char *)record.compact->id_string);
-+ id_code = record.compact->id_code;
-+ id_string = record.compact->id_string;
- break;
-+
- case SDR_RECORD_TYPE_EVENTONLY_SENSOR:
- record.eventonly = (struct sdr_record_eventonly_sensor *) raw ;
-- snprintf(desc, (record.eventonly->id_code & 0x1f) +1, "%s",
-- (const char *)record.eventonly->id_string);
-- break;
-+ id_code = record.eventonly->id_code;
-+ id_string = record.eventonly->id_string;
-+ break;
-+
- case SDR_RECORD_TYPE_MC_DEVICE_LOCATOR:
- record.mcloc = (struct sdr_record_mc_locator *) raw ;
-- snprintf(desc, (record.mcloc->id_code & 0x1f) +1, "%s",
-- (const char *)record.mcloc->id_string);
-+ id_code = record.mcloc->id_code;
-+ id_string = record.mcloc->id_string;
- break;
-+
- default:
- rc = -1;
-- break;
-- }
-+ }
-+ if (!rc) {
-+ snprintf(desc, sizeof(desc), "%.*s", (id_code & 0x1f) + 1, id_string);
-+ }
-
-- lprintf(LOG_INFO, "ID: 0x%04x , NAME: %-16s", id, desc);
-+ lprintf(LOG_INFO, "ID: 0x%04x , NAME: %-16s", id, desc);
- return rc;
- }
-
-Index: trunk/lib/ipmi_channel.c
-===================================================================
---- trunk.orig/lib/ipmi_channel.c
-+++ trunk/lib/ipmi_channel.c
-@@ -378,7 +378,10 @@ ipmi_get_channel_cipher_suites(struct ip
- lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites");
- return -1;
- }
-- if (rsp->ccode > 0) {
-+ if (rsp->ccode
-+ || rsp->data_len < 1
-+ || rsp->data_len > sizeof(uint8_t) + MAX_CIPHER_SUITE_DATA_LEN)
-+ {
- lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
- val2str(rsp->ccode, completion_code_vals));
- return -1;
-Index: trunk/lib/ipmi_session.c
-===================================================================
---- trunk.orig/lib/ipmi_session.c
-+++ trunk/lib/ipmi_session.c
-@@ -309,8 +309,10 @@ ipmi_get_session_info(struct ipmi_intf
- }
- else
- {
-- memcpy(&session_info, rsp->data, rsp->data_len);
-- print_session_info(&session_info, rsp->data_len);
-+ memcpy(&session_info, rsp->data,
-+ __min(rsp->data_len, sizeof(session_info)));
-+ print_session_info(&session_info,
-+ __min(rsp->data_len, sizeof(session_info)));
- }
- break;
-
-@@ -341,9 +343,10 @@ ipmi_get_session_info(struct ipmi_intf
- break;
- }
-
-- memcpy(&session_info, rsp->data, rsp->data_len);
-- print_session_info(&session_info, rsp->data_len);
--
-+ memcpy(&session_info, rsp->data,
-+ __min(rsp->data_len, sizeof(session_info)));
-+ print_session_info(&session_info,
-+ __min(rsp->data_len, sizeof(session_info)));
- } while (i <= session_info.session_slot_count);
- break;
- }
-Index: trunk/lib/dimm_spd.c
-===================================================================
---- trunk.orig/lib/dimm_spd.c
-+++ trunk/lib/dimm_spd.c
-@@ -1621,7 +1621,7 @@ ipmi_spd_print_fru(struct ipmi_intf * in
- struct ipmi_rq req;
- struct fru_info fru;
- uint8_t *spd_data, msg_data[4];
-- int len, offset;
-+ uint32_t len, offset;
-
- msg_data[0] = id;
-
-@@ -1697,6 +1697,13 @@ ipmi_spd_print_fru(struct ipmi_intf * in
- }
-
- len = rsp->data[0];
-+ if(rsp->data_len < 1
-+ || len > rsp->data_len - 1
-+ || len > fru.size - offset)
-+ {
-+ printf(" Not enough buffer size");
-+ return -1;
-+ }
- memcpy(&spd_data[offset], rsp->data + 1, len);
- offset += len;
- } while (offset < fru.size);
diff --git a/debian/patches/0600-manpage_longlines.patch b/debian/patches/0600-manpage_longlines.patch
deleted file mode 100644
index 8fae0a9..0000000
--- a/debian/patches/0600-manpage_longlines.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-Description: long lines in man-page
- prevent "can't break line" warnings
-Author: Jörg Frings-Fürst <debian@jff-webhosting.net>
-Forwarded: not-needed
-Last-Update: 2014-05-20
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
-Index: trunk/doc/ipmitool.1
-===================================================================
---- trunk.orig/doc/ipmitool.1
-+++ trunk/doc/ipmitool.1
-@@ -1035,7 +1035,7 @@ Display point to point physical connecti
- AMC slot B2 topology:
- Port 0 =====> On Carrier Device ID 0, Port 3
- Port 2 =====> AMC slot B1, Port 2
-- *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
-+ *-*-*-* *-*-* *-*-* *-*-* *-*-* *-*-* *-*-*
- From Carrier file: carrierfru
- On Carrier Device ID 0 topology:
- Port 0 =====> AMC slot B1, Port 4
-@@ -1091,7 +1091,7 @@ and an AMC module or between 2 AMC modul
- \-Link Type: AMC.2 Ethernet
- \-Link Type extension: 1000BASE-BX (SerDES Gigabit) Ethernet link
- \-Link Group ID: 0 || Link Asym. Match: exact match
-- *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
-+ *-*-*-* *-*-* *-*-* *-*-* *-*-* *-*-* *-*-*
- AMC slot B1 port 1 ==> On-Carrier Device 0 port 12
- Matching Result
- - From On-Carrier Device ID 0
-@@ -1104,7 +1104,7 @@ and an AMC module or between 2 AMC modul
- \-Link Type: AMC.2 Ethernet
- \-Link Type extension: 1000BASE-BX (SerDES Gigabit) Ethernet link
- \-Link Group ID: 0 || Link Asym. Match: exact match
-- *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
-+ *-*-*-* *-*-* *-*-* *-*-* *-*-* *-*-* *-*-*
- On-Carrier Device vs AMC slot A2
- AMC slot A2 port 0 ==> On-Carrier Device 0 port 3
- Matching Result
-@@ -1118,7 +1118,7 @@ and an AMC module or between 2 AMC modul
- \-Link Type: AMC.2 Ethernet
- \-Link Type extension: 1000BASE-BX (SerDES Gigabit) Ethernet link
- \-Link Group ID: 0 || Link Asym. Match: exact match
-- *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
-+ *-*-*-* *-*-* *-*-* *-*-* *-*-* *-*-* *-*-*
- AMC slot B1 vs AMC slot A2
- AMC slot A2 port 2 ==> AMC slot B1 port 2
- Matching Result
-@@ -1132,7 +1132,7 @@ and an AMC module or between 2 AMC modul
- \-Link Type: AMC.3 Storage
- \-Link Type extension: Serial Attached SCSI (SAS/SATA)
- \-Link Group ID: 0 || Link Asym. Match: FC or SAS interface {exact match}
-- *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
-+ *-*-*-* *-*-* *-*-* *-*-* *-*-* *-*-* *-*-*
- .TP
- \fIunmatch\fP <\fBxx=filename\fR> <\fBxx=filename\fR> \fB...\fr
- .br
diff --git a/debian/patches/0615-manpage_typo.patch b/debian/patches/0615-manpage_typo.patch
deleted file mode 100644
index b1196d7..0000000
--- a/debian/patches/0615-manpage_typo.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-Description: typo in man-pages
-Author: Jörg Frings-Fürst <debian@jff.email>
-Last-Update: 2019-07-18
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
-Index: trunk/doc/ipmitool.1
-===================================================================
---- trunk.orig/doc/ipmitool.1
-+++ trunk/doc/ipmitool.1
-@@ -2478,7 +2478,7 @@ Discover Node Manager presence as well a
- .br
-
- Add a new power policy, or overwrite an existing policy.
--The \fIcorrection\fP parameter is the agressiveness of frequency limiting, default is auto.
-+The \fIcorrection\fP parameter is the aggressiveness of frequency limiting, default is auto.
- The \fItrig_lim\fP is the correction time limit and must be at least 6000 and not greater than 65535.
- The \fIstats\fP setting is the averaging period in seconds and ranges from 1-65535.
- If domain is not supplied a default of platform is used.
-@@ -2489,7 +2489,7 @@ If domain is not supplied a default of p
- .br
-
- Add a new inlet temp policy, or overwrite an existing policy.
--The \fIcorrection\fP parameter is the agressiveness of frequency limiting, default is auto.
-+The \fIcorrection\fP parameter is the aggressiveness of frequency limiting, default is auto.
- The \fItrig_lim\fP is the correction time limit and must be at least 6000 and not greater than 65535.
- The \fIstats\fP setting is the averaging period in seconds and ranges from 1-65535.
- If domain is not supplied a default of platform is used.
-@@ -3657,7 +3657,7 @@ and encryption algorithms to use for for
- on the cipher suite ID found in the IPMIv2.0 specification in table
- 22\-19. The default cipher suite is \fI3\fP which specifies
- RAKP\-HMAC\-SHA1 authentication, HMAC\-SHA1\-96 integrity, and AES\-CBC\-128
--encryption algorightms.
-+encryption algorithms.
-
- .SH "FREE INTERFACE"
- .LP
-Index: trunk/doc/ipmievd.8
-===================================================================
---- trunk.orig/doc/ipmievd.8
-+++ trunk/doc/ipmievd.8
-@@ -56,7 +56,7 @@ This is not available with all commands.
- The remote server authentication, integrity, and encryption algorithms
- to use for IPMIv2 \fIlanplus\fP connections. See table 22\-19 in the
- IPMIv2 specification. The default is 3 which specifies RAKP\-HMAC\-SHA1
--authentication, HMAC\-SHA1\-96 integrity, and AES\-CBC\-128 encryption algorightms.
-+authentication, HMAC\-SHA1\-96 integrity, and AES\-CBC\-128 encryption algorithms.
- .TP
- \fB\-E\fR
- The remote server password is specified by the environment
diff --git a/debian/patches/0620-manpage_typo.patch b/debian/patches/0620-manpage_typo.patch
new file mode 100644
index 0000000..63ed5d4
--- /dev/null
+++ b/debian/patches/0620-manpage_typo.patch
@@ -0,0 +1,370 @@
+Description: Fix man page typos
+Author: Jörg Frings-Fürst <debian@jff.email>
+Forwarded: not-needed
+Last-Update: 2022-10-29
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: trunk/doc/ipmitool.1.in
+===================================================================
+--- trunk.orig/doc/ipmitool.1.in
++++ trunk/doc/ipmitool.1.in
+@@ -3,7 +3,7 @@
+ ipmitool \- utility for controlling IPMI\-enabled devices
+ .SH "SYNOPSIS"
+
+-.BR ipmitool
++.br ipmitool
+ [ <options> ] <command> [ <sub-commands and sub-options> ]
+
+ <options> := [ <general-options> | <conditional-opts> ]
+@@ -68,7 +68,7 @@ On Solaris this driver is called \fIBMC\
+ Management of a remote station requires the IPMI\-over\-LAN interface to be
+ enabled and configured. Depending on the particular requirements of each
+ system it may be possible to enable the LAN interface using
+-.BR ipmitool
++.br ipmitool
+ over the system interface.
+ .SH "OPTIONS"
+ .TP
+@@ -102,7 +102,7 @@ IPMI v2.0 specification. The default is
+ authentication, HMAC\-SHA256\-128 integrity, and AES\-CBC\-128 encryption algorithms.
+
+ NOTE: In
+-.BR ipmitool
++.br ipmitool
+ 1.8.18 and earlier the default was 3, which was insecure and was not supported
+ by some more recent BMC implementations.
+ .TP
+@@ -242,7 +242,7 @@ Change Size of Communication Channel. (O
+
+ .LP
+ If no password method is specified then
+-.BR ipmitool
++.br ipmitool
+ will prompt the user for a password. If no password is entered at the prompt,
+ the remote server password will default to NULL.
+ .SH "SECURITY"
+@@ -267,17 +267,17 @@ local station.
+ For IPMI v1.5, the maximum password length is 16 characters; longer
+ passwords might be truncated or rejected by the server, or rejected
+ by
+-.BR ipmitool .
++.br ipmitool .
+
+ For IPMI v2.0, the maximum password length is 20 characters; longer
+ passwords will be rejected by
+-.BR ipmitool .
++.br ipmitool .
+
+ .SH "COMMANDS"
+ .TP
+ \fIhelp\fP
+ This can be used to get command\-line help on
+-.BR ipmitool
++.br ipmitool
+ commands. It may also be placed at the end of commands to get option usage help.
+
+ > ipmitool help
+@@ -1223,7 +1223,7 @@ Get a list of all the possible Sensor St
+ Shortcuts available for a particular sensor. \fBsensorid\fR is the character
+ string representation of the sensor and must be enclosed in double quotes
+ if it includes white space. Several different commands including
+-.BR ipmitool
++.br ipmitool
+ \fIsensor list\fP may be used to obtain a list that includes
+ the \fBsensorid\fR strings representing the sensors on a given system.
+ .RS
+@@ -1287,7 +1287,7 @@ Finding sensor PS 2T Fan Fault... ok
+
+ .RS
+ Execute
+-.BR ipmitool
++.br ipmitool
+ commands from \fIfilename\fR. Each line is a
+ complete command. The syntax of the commands are defined by the
+ COMMANDS section in this manpage. Each line may have an optional
+@@ -1698,7 +1698,7 @@ user, operator, admin, oem.
+ .br
+
+ Causes
+-.BR ipmitool
++.br ipmitool
+ to enter Intel IPMI v1.5 Serial Over LAN mode. An RMCP+
+ connection is made to the BMC, the terminal is set to raw mode, and user
+ input is sent to the serial console on the remote server. On exit,
+@@ -1752,7 +1752,7 @@ Select the next boot order on the Kontro
+
+ These commands will allow you to configure IPMI LAN channels
+ with network information so they can be used with the
+-..BR ipmitool
++.br ipmitool
+ \fIlan\fP and \fIlanplus\fP interfaces. \fINOTE\fR: To
+ determine on which channel the LAN interface is located, issue
+ the `channel info \fInumber\fR' command until you come across
+@@ -2035,7 +2035,7 @@ Display the Management Controller Global
+ .br
+
+ This is the default behavior for
+-.BR ipmitool (1).
++.br ipmitool (1).
+
+ Try to automatically detect the encoding based on the value of the
+ version field and (for version 1) the timestamp. The version is
+@@ -2049,11 +2049,11 @@ neither one has that, then the precedenc
+ \fIsmbios\fP, \fIipmi\fP, \fIrfc4122\fP.
+
+ If neither encoding yields a valid version field, then
+-.BR ipmitool (1)
++.br ipmitool (1)
+ defaults to \fIdump\fP mode.
+
+ If this option is in use, then
+-.BR ipmitool (1)
++.br ipmitool (1)
+ will also print out the detected encoding and warn
+ regarding IPMI specification violation if the encoding isn't \fIipmi\fP.
+
+@@ -2551,7 +2551,7 @@ Discover Node Manager presence as well a
+ .br
+
+ Add a new power policy, or overwrite an existing policy.
+-The \fIcorrection\fP parameter is the agressiveness of frequency limiting, default is auto.
++The \fIcorrection\fP parameter is the aggressiveness of frequency limiting, default is auto.
+ The \fItrig_lim\fP is the correction time limit and must be at least 6000 and not greater than 65535.
+ The \fIstats\fP setting is the averaging period in seconds and ranges from 1-65535.
+ If domain is not supplied a default of platform is used.
+@@ -2562,7 +2562,7 @@ If domain is not supplied a default of p
+ .br
+
+ Add a new inlet temp policy, or overwrite an existing policy.
+-The \fIcorrection\fP parameter is the agressiveness of frequency limiting, default is auto.
++The \fIcorrection\fP parameter is the aggressiveness of frequency limiting, default is auto.
+ The \fItrig_lim\fP is the correction time limit and must be at least 6000 and not greater than 65535.
+ The \fIstats\fP setting is the averaging period in seconds and ranges from 1-65535.
+ If domain is not supplied a default of platform is used.
+@@ -2960,7 +2960,7 @@ A list of all entity ids can be found in
+ Dumps raw SDR data to a file. This data file can then be used as
+ a local SDR cache of the remote managed system with the \fI\-S <file>\fP
+ option on the
+-.BR ipmitool
++.br ipmitool
+ command line. This can greatly improve performance
+ over system interface or remote LAN.
+ .TP
+@@ -3045,7 +3045,7 @@ Print information on the specified SEL R
+
+ Save SEL records to a text file that can be fed back into the
+ \fIevent file\fP
+-.BR ipmitool
++.br ipmitool
+ command. This can be useful for
+ testing Event generation by building an appropriate Platform
+ Event Message file based on existing events. Please see the
+@@ -3056,14 +3056,14 @@ the format of this file.
+
+ Save SEL records to a file in raw, binary format. This file can
+ be fed back to the \fIsel readraw\fP
+-.BR ipmitool
++.br ipmitool
+ command for viewing.
+ .TP
+ \fIreadraw\fP <\fBfile\fR>
+
+ Read and display SEL records from a binary file. Such a file can
+ be created using the \fIsel writeraw\fP
+-.BR ipmitool
++.br ipmitool
+ command.
+ .TP
+ \fItime\fP
+@@ -3194,10 +3194,10 @@ Verbosity level.
+ .RS
+ This command will launch an interactive shell which you can use
+ to send multiple
+-.BR ipmitool
++.br ipmitool
+ commands to a BMC and see the responses. This can be useful instead of
+ running the full
+-.BR ipmitool
++.br ipmitool
+ command each time. Some commands will make use of a Sensor Data Record cache
+ and you will see marked improvement in speed if these commands
+ are able to reuse the same cache in a shell session. LAN sessions
+@@ -3275,7 +3275,7 @@ by the IPMI over serial channel.
+ .br
+
+ Causes
+-.BR ipmitool
++.br ipmitool
+ to enter Serial Over LAN
+ mode, and is only available when using the lanplus
+ interface. An RMCP+ connection is made to the BMC,
+@@ -3568,7 +3568,7 @@ Determine whether a password has been st
+
+ .SH "OPEN INTERFACE"
+ The
+-.BR ipmitool
++.br ipmitool
+ \fIopen\fP interface utilizes the OpenIPMI
+ kernel device driver. This driver is present in all modern
+ 2.4 and all 2.6 kernels and it should be present in recent
+@@ -3579,7 +3579,7 @@ the OpenIPMI homepage.
+ The required kernel modules is different for 2.4 and 2.6
+ kernels. The following kernel modules must be loaded on
+ a 2.4\-based kernel in order for
+-.BR ipmitool
++.br ipmitool
+ to work:
+ .TP
+ .B ipmi_msghandler
+@@ -3593,7 +3593,7 @@ Linux character device interface for the
+ .LP
+ The following kernel modules must be loaded on
+ a 2.6\-based kernel in order for
+-.BR ipmitool
++.br ipmitool
+ to work:
+ .TP
+ .B ipmi_msghandler
+@@ -3622,12 +3622,12 @@ entry with:
+
+ .I mknod /dev/ipmi0 c 254 0
+
+-.BR ipmitool
++.br ipmitool
+ includes some sample initialization scripts that
+ can perform this task automatically at start\-up.
+
+ In order to have
+-.BR ipmitool
++.br ipmitool
+ use the OpenIPMI device interface
+ you can specify it on the command line:
+ .PP
+@@ -3652,16 +3652,16 @@ The following files are associated with
+ Character device node used to communicate with the bmc driver.
+ .SH "LIPMI INTERFACE"
+ The
+-.BR ipmitool
++.br ipmitool
+ \fIlipmi\fP interface uses the Solaris 9 IPMI kernel device driver.
+ It has been superceeded by the \fIbmc\fP interface on Solaris 10. You can tell
+-.BR ipmitool
++.br ipmitool
+ to use this interface by specifying it on the command line.
+
+ > ipmitool \fB\-I\fR \fIlipmi\fP <\fIexpression\fP>
+ .SH "LAN INTERFACE"
+ The
+-.BR ipmitool
++.br ipmitool
+ \fIlan\fP interface communicates with the BMC
+ over an Ethernet LAN connection using UDP under IPv4. UDP
+ datagrams are formatted to contain IPMI request/response
+@@ -3676,12 +3676,12 @@ The LAN interface is an authentication m
+ messages delivered to the BMC can (and should) be authenticated
+ with a challenge/response protocol with either straight
+ password/key or MD5 message\-digest algorithm.
+-.BR ipmitool
++.br ipmitool
+ will attempt to connect with administrator privilege level as this
+ is required to perform chassis power functions.
+
+ You can tell
+-.BR ipmitool
++.br ipmitool
+ to use the lan interface with the
+ \fB\-I\fR \fIlan\fP option:
+
+@@ -3692,7 +3692,7 @@ to use the lan interface with the
+ A hostname must be given on the command line in order to use the
+ lan interface with \fBipmitool\fR. The password field is optional;
+ if you do not provide a password on the command line,
+-.BR ipmitool
++.br ipmitool
+ will attempt to connect without authentication. If you specify a
+ password it will use MD5 authentication if supported by the BMC
+ and straight password/key otherwise, unless overridden with a
+@@ -3706,14 +3706,14 @@ specification. RMCP+ allows for improve
+ integrity checks, as well as encryption and the ability to carry
+ multiple types of payloads. Generic Serial Over LAN support
+ requires RMCP+, so the
+-.BR ipmitool
++.br ipmitool
+ \fIsol activate\fP command
+ requires the use of the \fIlanplus\fP interface.
+
+ RMCP+ session establishment uses a symmetric challenge\-response
+ protocol called RAKP (\fBRemote Authenticated Key\-Exchange Protocol\fR)
+ which allows the negotiation of many options.
+-.BR ipmitool
++.br ipmitool
+ does not
+ yet allow the user to specify the value of every option, defaulting
+ to the most obvious settings marked as required in the v2.0
+@@ -3721,14 +3721,14 @@ specification. Authentication and integ
+ SHA1, and encryption is performed with AES\-CBC\-128. Role\-level logins
+ are not yet supported.
+
+-.BR ipmitool
++.br ipmitool
+ must be linked with the \fIOpenSSL\fP library in order to
+ perform the encryption functions and support the \fIlanplus\fP
+ interface. If the required packages are not found it will not be
+ compiled in and supported.
+
+ You can tell
+-.BR ipmitool
++.br ipmitool
+ to use the lanplus interface with the
+ \fB\-I\fR \fIlanplus\fP option:
+
+@@ -3749,17 +3749,17 @@ and encryption algorithms to use for for
+ on the cipher suite ID found in the IPMIv2.0 specification in table
+ 22\-20. The default cipher suite is \fI17\fP which specifies
+ RAKP\-HMAC\-SHA256 authentication, HMAC\-SHA256\-128 integrity, and
+-AES\-CBC\-128 encryption algorightms.
++AES\-CBC\-128 encryption algorithms.
+
+ .SH "FREE INTERFACE"
+ .LP
+ The
+-.BR ipmitool
++.br ipmitool
+ \fIfree\fP interface utilizes the FreeIPMI libfreeipmi
+ drivers.
+ .LP
+ You can tell
+-.BR ipmitool
++.br ipmitool
+ to use the FreeIPMI interface with the \-I option:
+ .PP
+ > ipmitool \fB\-I\fR \fIfree\fP <\fIcommand\fP>
+@@ -3768,12 +3768,12 @@ to use the FreeIPMI interface with the \
+ .SH "IMB INTERFACE"
+ .LP
+ The
+-.BR ipmitool
++.br ipmitool
+ \fIimb\fP interface supports the Intel IMB (Intel
+ Inter-module Bus) Interface through the /dev/imb device.
+ .LP
+ You can tell
+-.BR ipmitool
++.br ipmitool
+ to use the IMB interface with the \-I option:
+ .PP
+ > ipmitool \fB\-I\fR \fIimb\fP <\fIcommand\fP>
+Index: trunk/doc/ipmievd.8.in
+===================================================================
+--- trunk.orig/doc/ipmievd.8.in
++++ trunk/doc/ipmievd.8.in
+@@ -56,7 +56,7 @@ This is not available with all commands.
+ The remote server authentication, integrity, and encryption algorithms
+ to use for IPMIv2 \fIlanplus\fP connections. See table 22\-19 in the
+ IPMIv2 specification. The default is 3 which specifies RAKP\-HMAC\-SHA1
+-authentication, HMAC\-SHA1\-96 integrity, and AES\-CBC\-128 encryption algorightms.
++authentication, HMAC\-SHA1\-96 integrity, and AES\-CBC\-128 encryption algorithms.
+ .TP
+ \fB\-E\fR
+ The remote server password is specified by the environment
diff --git a/debian/patches/0700-build.patch b/debian/patches/0700-build.patch
new file mode 100644
index 0000000..5334bf6
--- /dev/null
+++ b/debian/patches/0700-build.patch
@@ -0,0 +1,105 @@
+Description: Remove downloads at build time
+Author: Jörg Frings-Fürst <debian@jff.email>
+Forwarded: not-needed
+Last-Update: 2022-10-29
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: trunk/configure.ac
+===================================================================
+--- trunk.orig/configure.ac
++++ trunk/configure.ac
+@@ -56,22 +56,22 @@ if test "x$exec_prefix" = "xNONE"; then
+ exec_prefix="$prefix"
+ fi
+
+-if test "x$WGET" = "x"; then
+- if test "x$CURL" = "x"; then
+- AC_MSG_WARN([** Neither wget nor curl could be found.])
+- AC_MSG_WARN([** IANA PEN database will not be installed by `make install` !])
+- else
+- DOWNLOAD="$CURL --location --progress-bar"
+- AM_CONDITIONAL([DOWNLOAD], [true])
+- fi
+-else
+- DOWNLOAD="$WGET -c -nd -O -"
+- AM_CONDITIONAL([DOWNLOAD], [true])
+-fi
++#if test "x$WGET" = "x"; then
++# if test "x$CURL" = "x"; then
++# AC_MSG_WARN([** Neither wget nor curl could be found.])
++# AC_MSG_WARN([** IANA PEN database will not be installed by `make install` !])
++# else
++# DOWNLOAD="$CURL --location --progress-bar"
++# AM_CONDITIONAL([DOWNLOAD], [true])
++# fi
++#else
++# DOWNLOAD="$WGET -c -nd -O -"
++# AM_CONDITIONAL([DOWNLOAD], [true])
++#fi
+
+-AC_MSG_WARN([** Download is:])
+-AC_MSG_WARN($DOWNLOAD)
+-AC_SUBST(DOWNLOAD, $DOWNLOAD)
++#AC_MSG_WARN([** Download is:])
++#AC_MSG_WARN($DOWNLOAD)
++#AC_SUBST(DOWNLOAD, $DOWNLOAD)
+
+ dnl
+ dnl set default option values
+Index: trunk/Makefile.am
+===================================================================
+--- trunk.orig/Makefile.am
++++ trunk/Makefile.am
+@@ -49,25 +49,25 @@ dist-hook:
+ .PHONY: install-pen-database uninstall-pen-database
+ .INTERMEDIATE: %.o %.la enterprise-numbers
+
+-if DOWNLOAD
++#if DOWNLOAD
+
+-enterprise-numbers:
+- @echo Downloading IANA PEN database...
+- @$(DOWNLOAD) "$(IANA_PEN)" > tmpfile.$$PPID || {\
+- echo "FAILED to download the IANA PEN database"; \
+- rm tmpfile.$$PPID; \
+- false; \
+- }
+- @mv tmpfile.$$PPID $@
+-
+-install-pen-database: enterprise-numbers
+- mkdir -m 755 -p $(DESTDIR)$(IANADIR)
+- $(INSTALL_DATA) $< $(DESTDIR)$(IANADIR)/
+-
+-uninstall-pen-database:
+- -rm -rf $(DESTDIR)$(IANADIR)/enterprise-numbers
+-
+-else
++#enterprise-numbers:
++# @echo Downloading IANA PEN database...
++# @$(DOWNLOAD) "$(IANA_PEN)" > tmpfile.$$PPID || {\
++# echo "FAILED to download the IANA PEN database"; \
++# rm tmpfile.$$PPID; \
++# false; \
++# }
++# @mv tmpfile.$$PPID $@
++#
++#install-pen-database: enterprise-numbers
++# mkdir -m 755 -p $(DESTDIR)$(IANADIR)
++# $(INSTALL_DATA) $< $(DESTDIR)$(IANADIR)/
++#
++#uninstall-pen-database:
++# -rm -rf $(DESTDIR)$(IANADIR)/enterprise-numbers
++#
++#else
+
+ install-pen-database:
+ @echo "*** NOT installing the IANA PEN database."
+@@ -77,7 +77,7 @@ uninstall-pen-database:
+ @echo "*** NOT uninstalling the IANA PEN database."
+ @echo "*** It was installed manually (if ever)."
+
+-endif
++#endif
+
+ install-data-local: install-pen-database
+ mkdir -p $(DESTDIR)$(DOCDIR)
diff --git a/debian/patches/CVE-2020-5208_1_Fix_buffer_overflow_vulnerabilities.patch b/debian/patches/CVE-2020-5208_1_Fix_buffer_overflow_vulnerabilities.patch
deleted file mode 100644
index 1c3029d..0000000
--- a/debian/patches/CVE-2020-5208_1_Fix_buffer_overflow_vulnerabilities.patch
+++ /dev/null
@@ -1,120 +0,0 @@
-Description: fru: Fix buffer overflow vulnerabilities
- Partial fix for CVE-2020-5208, see
- https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
- .
- The `read_fru_area_section` function only performs size validation of
- requested read size, and falsely assumes that the IPMI message will not
- respond with more than the requested amount of data; it uses the
- unvalidated response size to copy into `frubuf`. If the response is
- larger than the request, this can result in overflowing the buffer.
- .
- The same issue affects the `read_fru_area` function.
-Author: Chrostoper Ertl <chertl@microsoft.com>
-Date: Thu, 28 Nov 2019 16:33:59 +0000
-
-Index: ipmitool-1.8.18/lib/ipmi_fru.c
-===================================================================
---- ipmitool-1.8.18.orig/lib/ipmi_fru.c
-+++ ipmitool-1.8.18/lib/ipmi_fru.c
-@@ -615,7 +615,10 @@ int
- read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
- uint32_t offset, uint32_t length, uint8_t *frubuf)
- {
-- uint32_t off = offset, tmp, finish;
-+ uint32_t off = offset;
-+ uint32_t tmp;
-+ uint32_t finish;
-+ uint32_t size_left_in_buffer;
- struct ipmi_rs * rsp;
- struct ipmi_rq req;
- uint8_t msg_data[4];
-@@ -628,10 +631,12 @@ read_fru_area(struct ipmi_intf * intf, s
-
- finish = offset + length;
- if (finish > fru->size) {
-+ memset(frubuf + fru->size, 0, length - fru->size);
- finish = fru->size;
- lprintf(LOG_NOTICE, "Read FRU Area length %d too large, "
- "Adjusting to %d",
- offset + length, finish - offset);
-+ length = finish - offset;
- }
-
- memset(&req, 0, sizeof(req));
-@@ -667,6 +672,7 @@ read_fru_area(struct ipmi_intf * intf, s
- }
- }
-
-+ size_left_in_buffer = length;
- do {
- tmp = fru->access ? off >> 1 : off;
- msg_data[0] = id;
-@@ -707,9 +713,18 @@ read_fru_area(struct ipmi_intf * intf, s
- }
-
- tmp = fru->access ? rsp->data[0] << 1 : rsp->data[0];
-+ if(rsp->data_len < 1
-+ || tmp > rsp->data_len - 1
-+ || tmp > size_left_in_buffer)
-+ {
-+ printf(" Not enough buffer size");
-+ return -1;
-+ }
-+
- memcpy(frubuf, rsp->data + 1, tmp);
- off += tmp;
- frubuf += tmp;
-+ size_left_in_buffer -= tmp;
- /* sometimes the size returned in the Info command
- * is too large. return 0 so higher level function
- * still attempts to parse what was returned */
-@@ -742,7 +757,9 @@ read_fru_area_section(struct ipmi_intf *
- uint32_t offset, uint32_t length, uint8_t *frubuf)
- {
- static uint32_t fru_data_rqst_size = 20;
-- uint32_t off = offset, tmp, finish;
-+ uint32_t off = offset;
-+ uint32_t tmp, finish;
-+ uint32_t size_left_in_buffer;
- struct ipmi_rs * rsp;
- struct ipmi_rq req;
- uint8_t msg_data[4];
-@@ -755,10 +772,12 @@ read_fru_area_section(struct ipmi_intf *
-
- finish = offset + length;
- if (finish > fru->size) {
-+ memset(frubuf + fru->size, 0, length - fru->size);
- finish = fru->size;
- lprintf(LOG_NOTICE, "Read FRU Area length %d too large, "
- "Adjusting to %d",
- offset + length, finish - offset);
-+ length = finish - offset;
- }
-
- memset(&req, 0, sizeof(req));
-@@ -773,6 +792,8 @@ read_fru_area_section(struct ipmi_intf *
- if (fru->access && fru_data_rqst_size > 16)
- #endif
- fru_data_rqst_size = 16;
-+
-+ size_left_in_buffer = length;
- do {
- tmp = fru->access ? off >> 1 : off;
- msg_data[0] = id;
-@@ -804,8 +825,16 @@ read_fru_area_section(struct ipmi_intf *
- }
-
- tmp = fru->access ? rsp->data[0] << 1 : rsp->data[0];
-+ if(rsp->data_len < 1
-+ || tmp > rsp->data_len - 1
-+ || tmp > size_left_in_buffer)
-+ {
-+ printf(" Not enough buffer size");
-+ return -1;
-+ }
- memcpy((frubuf + off)-offset, rsp->data + 1, tmp);
- off += tmp;
-+ size_left_in_buffer -= tmp;
-
- /* sometimes the size returned in the Info command
- * is too large. return 0 so higher level function
diff --git a/debian/patches/CVE-2020-5208_2-fru-Fix-buffer-overflow-in-ipmi_spd_print_fru.patch b/debian/patches/CVE-2020-5208_2-fru-Fix-buffer-overflow-in-ipmi_spd_print_fru.patch
deleted file mode 100644
index efa2381..0000000
--- a/debian/patches/CVE-2020-5208_2-fru-Fix-buffer-overflow-in-ipmi_spd_print_fru.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 840fb1cbb4fb365cb9797300e3374d4faefcdb10 Mon Sep 17 00:00:00 2001
-From: Chrostoper Ertl <chertl@microsoft.com>
-Date: Thu, 28 Nov 2019 16:44:18 +0000
-Subject: [PATCH 2/6] fru: Fix buffer overflow in ipmi_spd_print_fru
-
-Partial fix for CVE-2020-5208, see
-https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
-
-The `ipmi_spd_print_fru` function has a similar issue as the one fixed
-by the previous commit in `read_fru_area_section`. An initial request is
-made to get the `fru.size`, which is used as the size for the allocation
-of `spd_data`. Inside a loop, further requests are performed to get the
-copy sizes which are not checked before being used as the size for a
-copy into the buffer.
----
- lib/dimm_spd.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/lib/dimm_spd.c b/lib/dimm_spd.c
-index 163a2c2..d559cb4 100644
---- a/lib/dimm_spd.c
-+++ b/lib/dimm_spd.c
-@@ -1621,7 +1621,7 @@ ipmi_spd_print_fru(struct ipmi_intf * intf, uint8_t id)
- struct ipmi_rq req;
- struct fru_info fru;
- uint8_t *spd_data, msg_data[4];
-- int len, offset;
-+ uint32_t len, offset;
-
- msg_data[0] = id;
-
-@@ -1697,6 +1697,13 @@ ipmi_spd_print_fru(struct ipmi_intf * intf, uint8_t id)
- }
-
- len = rsp->data[0];
-+ if(rsp->data_len < 1
-+ || len > rsp->data_len - 1
-+ || len > fru.size - offset)
-+ {
-+ printf(" Not enough buffer size");
-+ return -1;
-+ }
- memcpy(&spd_data[offset], rsp->data + 1, len);
- offset += len;
- } while (offset < fru.size);
---
-2.20.1
-
diff --git a/debian/patches/CVE-2020-5208_3-session-Fix-buffer-overflow-in-ipmi_get_session_info.patch b/debian/patches/CVE-2020-5208_3-session-Fix-buffer-overflow-in-ipmi_get_session_info.patch
deleted file mode 100644
index df07c96..0000000
--- a/debian/patches/CVE-2020-5208_3-session-Fix-buffer-overflow-in-ipmi_get_session_info.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22 Mon Sep 17 00:00:00 2001
-From: Chrostoper Ertl <chertl@microsoft.com>
-Date: Thu, 28 Nov 2019 16:51:49 +0000
-Subject: [PATCH 3/6] session: Fix buffer overflow in ipmi_get_session_info
-
-Partial fix for CVE-2020-5208, see
-https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
-
-The `ipmi_get_session_info` function does not properly check the
-response `data_len`, which is used as a copy size, allowing stack buffer
-overflow.
----
- lib/ipmi_session.c | 12 ++++++++----
- 1 file changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/lib/ipmi_session.c b/lib/ipmi_session.c
-index ecf4afc..b282d6d 100644
---- a/lib/ipmi_session.c
-+++ b/lib/ipmi_session.c
-@@ -309,8 +309,10 @@ ipmi_get_session_info(struct ipmi_intf * intf,
- }
- else
- {
-- memcpy(&session_info, rsp->data, rsp->data_len);
-- print_session_info(&session_info, rsp->data_len);
-+ memcpy(&session_info, rsp->data,
-+ __min(rsp->data_len, sizeof(session_info)));
-+ print_session_info(&session_info,
-+ __min(rsp->data_len, sizeof(session_info)));
- }
- break;
-
-@@ -341,8 +343,10 @@ ipmi_get_session_info(struct ipmi_intf * intf,
- break;
- }
-
-- memcpy(&session_info, rsp->data, rsp->data_len);
-- print_session_info(&session_info, rsp->data_len);
-+ memcpy(&session_info, rsp->data,
-+ __min(rsp->data_len, sizeof(session_info)));
-+ print_session_info(&session_info,
-+ __min(rsp->data_len, sizeof(session_info)));
-
- } while (i <= session_info.session_slot_count);
- break;
---
-2.20.1
-
diff --git a/debian/patches/CVE-2020-5208_4-channel-Fix-buffer-overflow.patch b/debian/patches/CVE-2020-5208_4-channel-Fix-buffer-overflow.patch
deleted file mode 100644
index cae9ddd..0000000
--- a/debian/patches/CVE-2020-5208_4-channel-Fix-buffer-overflow.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Subject: [PATCH 4/6] channel: Fix buffer overflow
- Partial fix for CVE-2020-5208, see
- https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
- .
- The `ipmi_get_channel_cipher_suites` function does not properly check
- the final response’s `data_len`, which can lead to stack buffer overflow
- on the final copy.
- From 9452be87181a6e83cfcc768b3ed8321763db50e4 Mon Sep 17 00:00:00 2001
-From: Chrostoper Ertl <chertl@microsoft.com>
-Date: Thu, 28 Nov 2019 16:56:38 +0000
-Last-Update: 2021-02-08
-
---- ipmitool-1.8.18.orig/lib/ipmi_channel.c
-+++ ipmitool-1.8.18/lib/ipmi_channel.c
-@@ -413,7 +413,10 @@ ipmi_get_channel_cipher_suites(struct ip
- lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites");
- return -1;
- }
-- if (rsp->ccode > 0) {
-+ if (rsp->ccode
-+ || rsp->data_len < 1
-+ || rsp->data_len > sizeof(uint8_t) + MAX_CIPHER_SUITE_DATA_LEN)
-+ {
- lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
- val2str(rsp->ccode, completion_code_vals));
- return -1;
---- a/include/ipmitool/ipmi_channel.h 2016-05-29 21:46:53.000000000 +0200
-+++ b/include/ipmitool/ipmi_channel.h 2021-02-08 23:45:10.598535426 +0100
-@@ -77,6 +77,8 @@
- uint8_t user_level_auth;
- };
-
-+#define MAX_CIPHER_SUITE_DATA_LEN 0x10
-+
- /*
- * The Get Authentication Capabilities response structure
- * From table 22-15 of the IPMI v2.0 spec
diff --git a/debian/patches/CVE-2020-5208_5_lanp-Fix-buffer-overflows-in-get_lan_param_select.patch b/debian/patches/CVE-2020-5208_5_lanp-Fix-buffer-overflows-in-get_lan_param_select.patch
deleted file mode 100644
index 9c10aeb..0000000
--- a/debian/patches/CVE-2020-5208_5_lanp-Fix-buffer-overflows-in-get_lan_param_select.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From d45572d71e70840e0d4c50bf48218492b79c1a10 Mon Sep 17 00:00:00 2001
-From: Chrostoper Ertl <chertl@microsoft.com>
-Date: Thu, 28 Nov 2019 17:06:39 +0000
-Subject: [PATCH 5/6] lanp: Fix buffer overflows in get_lan_param_select
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Partial fix for CVE-2020-5208, see
-https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
-
-The `get_lan_param_select` function is missing a validation check on the
-response’s `data_len`, which it then returns to caller functions, where
-stack buffer overflow can occur.
----
- lib/ipmi_lanp.c | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
-Index: ipmitool-1.8.18/lib/ipmi_lanp.c
-===================================================================
---- ipmitool-1.8.18.orig/lib/ipmi_lanp.c
-+++ ipmitool-1.8.18/lib/ipmi_lanp.c
-@@ -1809,7 +1809,7 @@ ipmi_lan_alert_set(struct ipmi_intf * in
- if (p == NULL) {
- return (-1);
- }
-- memcpy(data, p->data, p->data_len);
-+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
- /* set new ipaddr */
- memcpy(data+3, temp, 4);
- printf("Setting LAN Alert %d IP Address to %d.%d.%d.%d\n", alert,
-@@ -1824,7 +1824,7 @@ ipmi_lan_alert_set(struct ipmi_intf * in
- if (p == NULL) {
- return (-1);
- }
-- memcpy(data, p->data, p->data_len);
-+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
- /* set new macaddr */
- memcpy(data+7, temp, 6);
- printf("Setting LAN Alert %d MAC Address to "
-@@ -1838,7 +1838,7 @@ ipmi_lan_alert_set(struct ipmi_intf * in
- if (p == NULL) {
- return (-1);
- }
-- memcpy(data, p->data, p->data_len);
-+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
-
- if (strncasecmp(argv[1], "def", 3) == 0 ||
- strncasecmp(argv[1], "default", 7) == 0) {
-@@ -1864,7 +1864,7 @@ ipmi_lan_alert_set(struct ipmi_intf * in
- if (p == NULL) {
- return (-1);
- }
-- memcpy(data, p->data, p->data_len);
-+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
-
- if (strncasecmp(argv[1], "on", 2) == 0 ||
- strncasecmp(argv[1], "yes", 3) == 0) {
-@@ -1889,7 +1889,7 @@ ipmi_lan_alert_set(struct ipmi_intf * in
- if (p == NULL) {
- return (-1);
- }
-- memcpy(data, p->data, p->data_len);
-+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
-
- if (strncasecmp(argv[1], "pet", 3) == 0) {
- printf("Setting LAN Alert %d destination to PET Trap\n", alert);
-@@ -1917,7 +1917,7 @@ ipmi_lan_alert_set(struct ipmi_intf * in
- if (p == NULL) {
- return (-1);
- }
-- memcpy(data, p->data, p->data_len);
-+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
-
- if (str2uchar(argv[1], &data[2]) != 0) {
- lprintf(LOG_ERR, "Invalid time: %s", argv[1]);
-@@ -1933,7 +1933,7 @@ ipmi_lan_alert_set(struct ipmi_intf * in
- if (p == NULL) {
- return (-1);
- }
-- memcpy(data, p->data, p->data_len);
-+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
-
- if (str2uchar(argv[1], &data[3]) != 0) {
- lprintf(LOG_ERR, "Invalid retry: %s", argv[1]);
diff --git a/debian/patches/CVE-2020-5208_6-fru-sdr-Fix-id_string-buffer-overflows.patch b/debian/patches/CVE-2020-5208_6-fru-sdr-Fix-id_string-buffer-overflows.patch
deleted file mode 100644
index 03451ed..0000000
--- a/debian/patches/CVE-2020-5208_6-fru-sdr-Fix-id_string-buffer-overflows.patch
+++ /dev/null
@@ -1,134 +0,0 @@
-From 7ccea283dd62a05a320c1921e3d8d71a87772637 Mon Sep 17 00:00:00 2001
-From: Chrostoper Ertl <chertl@microsoft.com>
-Date: Thu, 28 Nov 2019 17:13:45 +0000
-Subject: [PATCH 6/6] fru, sdr: Fix id_string buffer overflows
-
-Final part of the fixes for CVE-2020-5208, see
-https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
-
-9 variants of stack buffer overflow when parsing `id_string` field of
-SDR records returned from `CMD_GET_SDR` command.
-
-SDR record structs have an `id_code` field, and an `id_string` `char`
-array.
-
-The length of `id_string` is calculated as `(id_code & 0x1f) + 1`,
-which can be larger than expected 16 characters (if `id_code = 0xff`,
-then length will be `(0xff & 0x1f) + 1 = 32`).
-
-In numerous places, this can cause stack buffer overflow when copying
-into fixed buffer of size `17` bytes from this calculated length.
----
- lib/ipmi_fru.c | 2 +-
- lib/ipmi_sdr.c | 40 ++++++++++++++++++++++++----------------
- 2 files changed, 25 insertions(+), 17 deletions(-)
-
-Index: ipmitool-1.8.18/lib/ipmi_fru.c
-===================================================================
---- ipmitool-1.8.18.orig/lib/ipmi_fru.c
-+++ ipmitool-1.8.18/lib/ipmi_fru.c
-@@ -3062,7 +3062,7 @@ ipmi_fru_print(struct ipmi_intf * intf,
- return 0;
-
- memset(desc, 0, sizeof(desc));
-- memcpy(desc, fru->id_string, fru->id_code & 0x01f);
-+ memcpy(desc, fru->id_string, __min(fru->id_code & 0x01f, sizeof(desc)));
- desc[fru->id_code & 0x01f] = 0;
- printf("FRU Device Description : %s (ID %d)\n", desc, fru->device_id);
-
-Index: ipmitool-1.8.18/lib/ipmi_sdr.c
-===================================================================
---- ipmitool-1.8.18.orig/lib/ipmi_sdr.c
-+++ ipmitool-1.8.18/lib/ipmi_sdr.c
-@@ -2084,7 +2084,7 @@ ipmi_sdr_print_sensor_eventonly(struct i
- return -1;
-
- memset(desc, 0, sizeof (desc));
-- snprintf(desc, (sensor->id_code & 0x1f) + 1, "%s", sensor->id_string);
-+ snprintf(desc, sizeof(desc), "%.*s", (sensor->id_code & 0x1f) + 1, sensor->id_string);
-
- if (verbose) {
- printf("Sensor ID : %s (0x%x)\n",
-@@ -2135,7 +2135,7 @@ ipmi_sdr_print_sensor_mc_locator(struct
- return -1;
-
- memset(desc, 0, sizeof (desc));
-- snprintf(desc, (mc->id_code & 0x1f) + 1, "%s", mc->id_string);
-+ snprintf(desc, sizeof(desc), "%.*s", (mc->id_code & 0x1f) + 1, mc->id_string);
-
- if (verbose == 0) {
- if (csv_output)
-@@ -2228,7 +2228,7 @@ ipmi_sdr_print_sensor_generic_locator(st
- char desc[17];
-
- memset(desc, 0, sizeof (desc));
-- snprintf(desc, (dev->id_code & 0x1f) + 1, "%s", dev->id_string);
-+ snprintf(desc, sizeof(desc), "%.*s", (dev->id_code & 0x1f) + 1, dev->id_string);
-
- if (!verbose) {
- if (csv_output)
-@@ -2285,7 +2285,7 @@ ipmi_sdr_print_sensor_fru_locator(struct
- char desc[17];
-
- memset(desc, 0, sizeof (desc));
-- snprintf(desc, (fru->id_code & 0x1f) + 1, "%s", fru->id_string);
-+ snprintf(desc, sizeof(desc), "%.*s", (fru->id_code & 0x1f) + 1, fru->id_string);
-
- if (!verbose) {
- if (csv_output)
-@@ -2489,35 +2489,43 @@ ipmi_sdr_print_name_from_rawentry(struct
-
- int rc =0;
- char desc[17];
-+ const char *id_string;
-+ uint8_t id_code;
- memset(desc, ' ', sizeof (desc));
-
- switch ( type) {
- case SDR_RECORD_TYPE_FULL_SENSOR:
- record.full = (struct sdr_record_full_sensor *) raw;
-- snprintf(desc, (record.full->id_code & 0x1f) +1, "%s",
-- (const char *)record.full->id_string);
-+ id_code = record.full->id_code;
-+ id_string = record.full->id_string;
- break;
-+
- case SDR_RECORD_TYPE_COMPACT_SENSOR:
- record.compact = (struct sdr_record_compact_sensor *) raw ;
-- snprintf(desc, (record.compact->id_code & 0x1f) +1, "%s",
-- (const char *)record.compact->id_string);
-+ id_code = record.compact->id_code;
-+ id_string = record.compact->id_string;
- break;
-+
- case SDR_RECORD_TYPE_EVENTONLY_SENSOR:
- record.eventonly = (struct sdr_record_eventonly_sensor *) raw ;
-- snprintf(desc, (record.eventonly->id_code & 0x1f) +1, "%s",
-- (const char *)record.eventonly->id_string);
-- break;
-+ id_code = record.eventonly->id_code;
-+ id_string = record.eventonly->id_string;
-+ break;
-+
- case SDR_RECORD_TYPE_MC_DEVICE_LOCATOR:
- record.mcloc = (struct sdr_record_mc_locator *) raw ;
-- snprintf(desc, (record.mcloc->id_code & 0x1f) +1, "%s",
-- (const char *)record.mcloc->id_string);
-+ id_code = record.mcloc->id_code;
-+ id_string = record.mcloc->id_string;
- break;
-+
- default:
- rc = -1;
-- break;
-- }
-+ }
-+ if (!rc) {
-+ snprintf(desc, sizeof(desc), "%.*s", (id_code & 0x1f) + 1, id_string);
-+ }
-
-- lprintf(LOG_INFO, "ID: 0x%04x , NAME: %-16s", id, desc);
-+ lprintf(LOG_INFO, "ID: 0x%04x , NAME: %-16s", id, desc);
- return rc;
- }
-
diff --git a/debian/patches/series b/debian/patches/series
index 771ac8f..e7d92ed 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,18 +1,5 @@
-#0505-fix_CVE-2020-5208.patch
-0120-openssl1.1.patch
+0105-sensor_reading.patch
+0620-manpage_typo.patch
+0700-build.patch
0100-fix_buf_overflow.patch
-0500-fix_CVE-2011-4339.patch
-0600-manpage_longlines.patch
-0110-getpass-prototype.patch
-0115-typo.patch
-0125-nvidia-iana.patch
-0615-manpage_typo.patch
-0130-Correct_lanplus_segment_violation.patch
-0005-gcc10.patch
0010-utf8.patch
-CVE-2020-5208_1_Fix_buffer_overflow_vulnerabilities.patch
-CVE-2020-5208_2-fru-Fix-buffer-overflow-in-ipmi_spd_print_fru.patch
-CVE-2020-5208_3-session-Fix-buffer-overflow-in-ipmi_get_session_info.patch
-CVE-2020-5208_4-channel-Fix-buffer-overflow.patch
-CVE-2020-5208_5_lanp-Fix-buffer-overflows-in-get_lan_param_select.patch
-CVE-2020-5208_6-fru-sdr-Fix-id_string-buffer-overflows.patch