diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | debian/README.source | 18 | ||||
| -rw-r--r-- | debian/changelog | 16 | ||||
| -rw-r--r-- | debian/control | 4 | ||||
| -rw-r--r-- | debian/files | 1 | ||||
| -rw-r--r-- | debian/patches/0115-typo.patch | 15 | ||||
| -rw-r--r-- | debian/patches/0120-openssl1.1.patch | 150 | ||||
| -rw-r--r-- | debian/patches/series | 1 | ||||
| -rwxr-xr-x | debian/rules | 2 |
9 files changed, 203 insertions, 5 deletions
@@ -2,3 +2,4 @@ .bzrignore .pc .git +debian/files diff --git a/debian/README.source b/debian/README.source new file mode 100644 index 0000000..e4f2b3d --- /dev/null +++ b/debian/README.source @@ -0,0 +1,18 @@ +Hello, + +now I use the branching model from Vincent Driessen[1]. + +I use the gitflow-avh[2]. with the Documentation[3]. +The Debian package can be found here[4]. + +Please upload unattended uploads use a branch feature/<your title>. + + +Many thanks. + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Fri, 02 Jun 2017 19:00:40 +0200 + +[1] http://nvie.com/posts/a-successful-git-branching-model/ +[2] https://github.com/petervanderdoes/gitflow-avh +[3] https://github.com/petervanderdoes/gitflow-avh/wiki +[4] https://tracker.debian.org/pkg/git-flow diff --git a/debian/changelog b/debian/changelog index 229a8c2..8d860cb 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,19 @@ +ipmitool (1.8.18-4) unstable; urgency=medium + + * Migrate to OpenSSL1.1 (Closes_# 853782): + - New debian/patches/0120-openssl1.1.patch: + + Cherry-picked from upstream. + - debian/control: + + Switch Build-Depends from libssl1.0-dev to + libssl-dev to build against OpenSSL 1.1. + * Declare compliance with Debian Policy 4.0.0. (No changes needed). + * Refresh debian/patches/0115-typo.patch. + * debian/rules: + - Enable dummy interface. + * New README.source to explain the branching model used. + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Sun, 13 Aug 2017 10:56:16 +0200 + ipmitool (1.8.18-3) unstable; urgency=medium * debian/rules: diff --git a/debian/control b/debian/control index 82207f9..a5b3b1b 100644 --- a/debian/control +++ b/debian/control @@ -7,8 +7,8 @@ Build-Depends: libncurses-dev, libfreeipmi-dev [!hurd-i386], libreadline-dev, - libssl1.0-dev -Standards-Version: 3.9.8 + libssl-dev +Standards-Version: 4.0.0 Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/ipmitool.git Vcs-Git: https://anonscm.debian.org/cgit/collab-maint/ipmitool.git Homepage: https://sourceforge.net/projects/ipmitool/ diff --git a/debian/files b/debian/files deleted file mode 100644 index 58d13ec..0000000 --- a/debian/files +++ /dev/null @@ -1 +0,0 @@ -ipmitool_1.8.18-3_source.buildinfo utils optional diff --git a/debian/patches/0115-typo.patch b/debian/patches/0115-typo.patch index 1e32199..e2ee54b 100644 --- a/debian/patches/0115-typo.patch +++ b/debian/patches/0115-typo.patch @@ -1,6 +1,6 @@ Description: source typos Author: Jörg Frings-Fürst <debian@jff-webhosting.net> -Last-Update: 2016-05-15 +Last-Update: 2017-08-13 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ Index: trunk/lib/dimm_spd.c @@ -135,3 +135,16 @@ Index: trunk/doc/ipmievd.8 sel Poll SEL for notification of events .TP +Index: trunk/lib/ipmi_lanp.c +=================================================================== +--- trunk.orig/lib/ipmi_lanp.c ++++ trunk/lib/ipmi_lanp.c +@@ -1271,7 +1271,7 @@ print_lan_set_bad_pass_thresh_usage(void + { + lprintf(LOG_NOTICE, + "lan set <chanel> bad_pass_thresh <thresh_num> <1|0> <reset_interval> <lockout_interval>\n" +-" <thresh_num> Bad Pasword Threshold number.\n" ++" <thresh_num> Bad Password Threshold number.\n" + " <1|0> 1 = generate a Session Audit sensor event.\n" + " 0 = do not generate an event.\n" + " <reset_interval> Attempt Count Reset Interval. In tens of seconds.\n" diff --git a/debian/patches/0120-openssl1.1.patch b/debian/patches/0120-openssl1.1.patch new file mode 100644 index 0000000..a7523fd --- /dev/null +++ b/debian/patches/0120-openssl1.1.patch @@ -0,0 +1,150 @@ +Description: Migrate to openssl 1.1 + Cherry-picked from upstream +Author: Jörg Frings-Fürst <debian@jff-webhosting.net> +Origin: upstream https://sourceforge.net/p/ipmitool/source/ci/1664902525a1c3771b4d8b3ccab7ea1ba6b2bdd1/ +Bug: https://sourceforge.net/p/ipmitool/bugs/461/ +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853782 +Forwarded: not-needed +Last-Update: 2017-08-13 <YYYY-MM-DD, last update of the meta-information, optional> +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/src/plugins/lanplus/lanplus_crypt_impl.c +=================================================================== +--- trunk.orig/src/plugins/lanplus/lanplus_crypt_impl.c ++++ trunk/src/plugins/lanplus/lanplus_crypt_impl.c +@@ -164,11 +164,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_ + uint8_t * output, + uint32_t * bytes_written) + { +- EVP_CIPHER_CTX ctx; +- EVP_CIPHER_CTX_init(&ctx); +- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv); +- EVP_CIPHER_CTX_set_padding(&ctx, 0); +- ++ EVP_CIPHER_CTX *ctx = NULL; + + *bytes_written = 0; + +@@ -182,6 +178,14 @@ lanplus_encrypt_aes_cbc_128(const uint8_ + printbuf(input, input_length, "encrypting this data"); + } + ++ ctx = EVP_CIPHER_CTX_new(); ++ if (ctx == NULL) { ++ lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed"); ++ return; ++ } ++ EVP_CIPHER_CTX_init(ctx); ++ EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); ++ EVP_CIPHER_CTX_set_padding(ctx, 0); + + /* + * The default implementation adds a whole block of padding if the input +@@ -191,28 +195,28 @@ lanplus_encrypt_aes_cbc_128(const uint8_ + assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0); + + +- if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length)) ++ if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length)) + { + /* Error */ + *bytes_written = 0; +- return; + } + else + { + uint32_t tmplen; + +- if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen)) ++ if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen)) + { ++ /* Error */ + *bytes_written = 0; +- return; /* Error */ + } + else + { + /* Success */ + *bytes_written += tmplen; +- EVP_CIPHER_CTX_cleanup(&ctx); + } + } ++ /* performs cleanup and free */ ++ EVP_CIPHER_CTX_free(ctx); + } + + +@@ -239,11 +243,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_ + uint8_t * output, + uint32_t * bytes_written) + { +- EVP_CIPHER_CTX ctx; +- EVP_CIPHER_CTX_init(&ctx); +- EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv); +- EVP_CIPHER_CTX_set_padding(&ctx, 0); +- ++ EVP_CIPHER_CTX *ctx = NULL; + + if (verbose >= 5) + { +@@ -252,12 +252,20 @@ lanplus_decrypt_aes_cbc_128(const uint8_ + printbuf(input, input_length, "decrypting this data"); + } + +- + *bytes_written = 0; + + if (input_length == 0) + return; + ++ ctx = EVP_CIPHER_CTX_new(); ++ if (ctx == NULL) { ++ lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed"); ++ return; ++ } ++ EVP_CIPHER_CTX_init(ctx); ++ EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); ++ EVP_CIPHER_CTX_set_padding(ctx, 0); ++ + /* + * The default implementation adds a whole block of padding if the input + * data is perfectly aligned. We would like to keep that from happening. +@@ -266,33 +274,33 @@ lanplus_decrypt_aes_cbc_128(const uint8_ + assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0); + + +- if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length)) ++ if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length)) + { + /* Error */ + lprintf(LOG_DEBUG, "ERROR: decrypt update failed"); + *bytes_written = 0; +- return; + } + else + { + uint32_t tmplen; + +- if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen)) ++ if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen)) + { ++ /* Error */ + char buffer[1000]; + ERR_error_string(ERR_get_error(), buffer); + lprintf(LOG_DEBUG, "the ERR error %s", buffer); + lprintf(LOG_DEBUG, "ERROR: decrypt final failed"); + *bytes_written = 0; +- return; /* Error */ + } + else + { + /* Success */ + *bytes_written += tmplen; +- EVP_CIPHER_CTX_cleanup(&ctx); + } + } ++ /* performs cleanup and free */ ++ EVP_CIPHER_CTX_free(ctx); + + if (verbose >= 5) + { diff --git a/debian/patches/series b/debian/patches/series index d3b8208..197df06 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,5 +1,6 @@ #0605-manpage_typo.patch #0105-typo.patch +0120-openssl1.1.patch 0100-fix_buf_overflow.patch 0500-fix_CVE-2011-4339.patch #0610-readme_typo.patch diff --git a/debian/rules b/debian/rules index 5bb138a..7aa7d87 100755 --- a/debian/rules +++ b/debian/rules @@ -36,4 +36,4 @@ override_dh_systemd_enable: dh_systemd_enable --no-enable ipmievd.service override_dh_auto_configure: - dh_auto_configure -- --prefix=/usr --with-kerneldir --mandir=/usr/share/man $(extra_config_opts) + dh_auto_configure -- --prefix=/usr --with-kerneldir --mandir=/usr/share/man --enable-intf-dummy $(extra_config_opts) |