diff options
35 files changed, 2615 insertions, 0 deletions
diff --git a/debian/README.source b/debian/README.source new file mode 100644 index 0000000..e4f2b3d --- /dev/null +++ b/debian/README.source @@ -0,0 +1,18 @@ +Hello, + +now I use the branching model from Vincent Driessen[1]. + +I use the gitflow-avh[2]. with the Documentation[3]. +The Debian package can be found here[4]. + +Please upload unattended uploads use a branch feature/<your title>. + + +Many thanks. + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Fri, 02 Jun 2017 19:00:40 +0200 + +[1] http://nvie.com/posts/a-successful-git-branching-model/ +[2] https://github.com/petervanderdoes/gitflow-avh +[3] https://github.com/petervanderdoes/gitflow-avh/wiki +[4] https://tracker.debian.org/pkg/git-flow diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..b910c40 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,843 @@ +ipmitool (1.8.19-1) UNRELEASED; urgency=medium + + * New upstrem release. + + -- Jörg Frings-Fürst <debian@jff.email> Sat, 10 Sep 2022 15:35:32 +0200 + +ipmitool (1.8.18-11) unstable; urgency=medium + + * Remove useless debian/ipmitool.lintian-overrides. + * Declare compliance with Debian Policy 4.6.0.0 (No changes needed). + * Remove useless DEP 8 Smoketest. + * debian/copyright: + - Add year 2021 to debian/*. + * debian/ipmitool.maintscript (Closes: #947384): + - Change prior-version to 1.8.18-11~. + * debian/systemd/ipmitool.ipmievd.service: + - Add After=openipmi.service (Closes: #950206). + + -- Jörg Frings-Fürst <debian@jff.email> Sun, 22 Aug 2021 21:15:52 +0200 + +ipmitool (1.8.18-10.1) unstable; urgency=high + + * Non-maintainer upload. + * CVE-2020-5208: buffer overflows and potentially to remote code execution. + Applied upstream patches: + - CVE-2020-5208_1_Fix_buffer_overflow_vulnerabilities.patch + - CVE-2020-5208_2-fru-Fix-buffer-overflow-in-ipmi_spd_print_fru.patch + - CVE-2020-5208_3-session-Fix-buffer-overflow-in-ipmi_get_session_info.patch + - CVE-2020-5208_4-channel-Fix-buffer-overflow.patch + - CVE-2020-5208_5_lanp-Fix-buffer-overflows-in-get_lan_param_select.patch + - CVE-2020-5208_6-fru-sdr-Fix-id_string-buffer-overflows.patch + (Closes: #950761). + + -- Thomas Goirand <zigo@debian.org> Fri, 19 Feb 2021 11:04:17 +0100 + +ipmitool (1.8.18-10) unstable; urgency=medium + + * Add "Restrictions: superficial" to debian/tests/control (Closes: #969834). + + -- Jörg Frings-Fürst <debian@jff.email> Mon, 14 Sep 2020 14:35:04 +0200 + +ipmitool (1.8.18-9) unstable; urgency=medium + + * New debian/patches/0005-gcc10.patch: Fix ftbfs with gcc-10 + (Closes: #957371). + * Refresh debian/patches/0115-typo.patch. + * Remove not longer used patches: + - 0605-manpage_typo.patch + - 0105-typo.patch + - 0610-readme_typo.patch + - 0001-Dialect_change.patch + * Declare compliance with Debian Policy 4.5.0 (No changes needed). + * Switch to debhelper-compat level 13. + * debian/ipmitool.maintscript: + - Fix syntax (Closes: #947384). + + -- Jörg Frings-Fürst <debian@jff.email> Tue, 28 Jul 2020 18:20:20 +0200 + +ipmitool (1.8.18-8) unstable; urgency=medium + + * New debian/patches/0130-Correct_lanplus_segment_violation.patch: + - Fix lanplus segment violation for truncated response (Closes: #945764). + * Declare compliance with Debian Policy 4.4.1.2 (No changes needed). + * Switch to debhelper-compat: + - debian/control: change to debhelper-compat (=12). + - remove debian/compat. + * debian/control: + - Add Rules-Requires-Root: no. + * debian/copyright: + - Add 2019 to debian/*. + + -- Jörg Frings-Fürst <debian@jff.email> Sun, 22 Dec 2019 20:55:43 +0100 + +ipmitool (1.8.18-7) unstable; urgency=medium + + * debian/watch: Use tags instead releases to fix the wrong format. + * Migrate to debhelper 12: + - Change debian/compat to 12. + - Bump minimum debhelper version in debian/control to >= 12. + * Declare compliance with Debian Policy 4.4.0 (No changes needed). + * debian/control: Add missing Depend init_system_helpers to fix + lintan warning missing-versioned-depends-on-init-system-helpers. + * New debian/patches/0615-manpage_typo.patch: Fix typos in man pages. + * Add DEP 8 smoketest (Closes: #903676). + Thanks to "Dann Frazier" <dannf@debian.org>. + * Remove not longer needed debian/ipmitool.ipmievd.default (Closes: #907832). + - New debian/ipmitool.maintscript to remove /etc/default/ipmitool. + - Add IPMIEVD_OPTIONS from /etc/default/ipmitool into + debian/ipmitool.ipmievd.service. + + -- Jörg Frings-Fürst <debian@jff.email> Sat, 20 Jul 2019 10:59:12 +0200 + +ipmitool (1.8.18-6) unstable; urgency=medium + + * debian/changelog: + - Remove trailing whitespaces. + * debian/control: + - Change to my new email address. + - Switch Vcs-* to new location. + - Switch homepage to github. + * debian/copyright: + - Use secure copyright format URI. + - Change to my new email address. + - Switch homepage to github. + - Add year 2018 for debian/*. + * debian/rules: + - Replace outdated dh_systemd_enable with dh_installsystemd. + * debian/watch: + - Switch to github. + * Declare compliance with Debian Policy 4.1.5: + - Switch from enable ipmievd daemon via /etc/default/ipmievd to use + update-rc.d. + * Migrate to debhelper 11: + - Change debian/compat to 11. + - Bump minimum debhelper version in debian/control to >= 11. + * New debian/patches/0125-nvidia-iana.patch: + - Add IANA ID for NVIDIA hardware (Closes: #903616). + * I disagree to the upload of the release 1.8.18-5 as a team upload. + That was a NMU. + + -- Jörg Frings-Fürst <debian@jff.email> Sun, 05 Aug 2018 12:20:50 +0200 + +ipmitool (1.8.18-5) unstable; urgency=medium + + * Team upload. + * Use dh_systemd_enable --name to install ipmitool.ipmievd.service. + (closes: #879063) + + -- Bas Couwenberg <sebastic@debian.org> Tue, 14 Nov 2017 07:58:01 +0100 + +ipmitool (1.8.18-4) unstable; urgency=medium + + * Migrate to OpenSSL1.1 (Closes_# 853782): + - New debian/patches/0120-openssl1.1.patch: + + Cherry-picked from upstream. + - debian/control: + + Switch Build-Depends from libssl1.0-dev to + libssl-dev to build against OpenSSL 1.1. + * Declare compliance with Debian Policy 4.0.0. (No changes needed). + * Refresh debian/patches/0115-typo.patch. + * debian/rules: + - Enable dummy interface. + * New README.source to explain the branching model used. + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Sun, 13 Aug 2017 10:56:16 +0200 + +ipmitool (1.8.18-3) unstable; urgency=medium + + * debian/rules: + - Fix enablement of usb interface (Closes: #849349). + Thanks to Steve Langasek <steve.langasek@canonical.com>. + * Drop both dh-autoreconf/dh-systemd from both build-depends + and dh --with arguments because this is all defaults when + using dh compat 10. + * debian/copyright: + Add year 2017 to debian/*. + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Tue, 03 Jan 2017 07:07:30 +0100 + +ipmitool (1.8.18-2) unstable; urgency=medium + + * debian/control: + - Switch Build-Depeds from libssl-dev to libssl1.0-dev. + We can't yet use libssl 1.1. + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Fri, 18 Nov 2016 10:50:13 +0100 + +ipmitool (1.8.18-1) unstable; urgency=medium + + * New upstream release: + - Fix for lan print does not report ipv6 addresses (Closes: #837164). + * Refresh patches: + - 0115-typo.patch + - 0500-fix_CVE-2011-4339.patch + * Bump compat to 10: + - Change debian/compat to 10. + - Change debhelper version at debian/control to >= 10. + * debian/control: + - Add requested version for lsb-base to prevent lintian error. + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Sun, 09 Oct 2016 13:27:29 +0200 + +ipmitool (1.8.17-1) unstable; urgency=medium + + * New upstream release. + * Drop upstream applied patches: + - 0001-Dialect_change.patch + - 0105-typo.patch + - 0605-manpage_typo.patch + - 0610-readme_typo.patch + * Refresh patches: + - 0110-getpass-prototype.patch + - 0500-fix_CVE-2011-4339.patch + * New patch: + - 0115-typo.patch + * Remove override_dh_autoreconf from debian/rules, the NEWS file is now + available from source. + * debian/control: + - Change Vcs-Git to cgit uri. + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Sun, 15 May 2016 11:23:50 +0200 + +ipmitool (1.8.16-3) unstable; urgency=medium + + * debian/rules: + - Use of USB only on Linux architectures (Closes: #820007). + Thanks to Steven Chamberlain <steven@pyro.eu.org>. + * New debian/patches/0110-getpass-prototype.patch: + - use necessary source dialect to ensure getpass() availability + (Closes: #819340). + Thanks to Steve Langasek <steve.langasek@ubuntu.com>. + * debian/control: + - Bump Standards-Version to 3.9.8 (no changes required). + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Wed, 13 Apr 2016 07:45:13 +0200 + +ipmitool (1.8.16-2) unstable; urgency=medium + + * New debian/patches/0001-Dialect_change.patch (Closes: #816491): + - Change dialect from c99 to gnu99 to prevend segfaults + on missing functions. + - Add autoreconf and remove dh_autotools-dev to/from debian/rules + and debian/control. + * Correct Vcs-Git uri. + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Sun, 13 Mar 2016 12:31:08 +0100 + +ipmitool (1.8.16-1) unstable; urgency=medium + + * New upstream release (Closes: #810827). + - fix does not fall back to IPv4 for IPMI v2 / RMCP+ sessions + (Closes: #755479). + * Refresh patches. + * Add year 2016 to debian/copyright. + * debian/control: + - Bump Standards-Version to 3.9.7 (no changes required). + - Change Vcs-* and homepage to secure uri. + - Add [!hurd-i386] to libfreeipmi-dev because freeipmi + isn't available at hurd-i386 (Closes: #815443). + * debian/watch: Bump Version to 4 (no changes required). + * New debian/patches/0105-typo.patch to fix some typos. + * Renew debian/patches/0605-manpage_typo.patch. + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Tue, 23 Feb 2016 07:07:52 +0100 + +ipmitool (1.8.15-1) unstable; urgency=medium + + * New upstream release. + * debian/patches: + - Remove patches (including in upstream): + - 120-Dell-13G.patch + - 115-lib_declarations.patch + - 097-source_typo.patch + - Refresh patches: + - 099_readme_typo + - 101_fix_buf_overflow.patch + - 112_fix_CVE-2011-4339.patch + * debian/contol: + - bump Standards-Version to 3.9.6 (no changes required). + - Change Vcs-* to new cgit based repository viewer. + - Add libfreeipmi-dev to Build-Depends to enable freeipmi interface. + * debian/source/options: + - Removed because xz is now standard compression. + * debian/rules: + - Remove oldstyle debhelper parts. + - Add "--with autotools-dev". + * debian/watch: + - Add xz for searching upstream tarballs. + * debian/copyright: + - Add missing section for debian/*. + * debian/ipmitool.postrm: + - Escape the double quote around false. + * debian/rules: + - Add override_dh_systemd_enable to disable start after a fresh install. + * Remove load of kernel modules via init scripts (Closes: #766418): + - Remove debian/systemd/*.conf. + - Empty REQMODULES at ipmitool.ipmievd.init. + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Mon, 05 Jan 2015 14:42:49 +0100 + +ipmitool (1.8.14-4) unstable; urgency=medium + + * New debian/patches/120-Dell-13G.patch: + - Add support for Dell 13G server (Closes: #756555) + * debian/rules: + - Remove oldstyle CFLAGS parameter. + - change hardening to modern dh. + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Thu, 07 Aug 2014 15:09:16 +0200 + +ipmitool (1.8.14-3) unstable; urgency=medium + + * move ipmitool.conf + from /etc/modules-load.d + to /usr/lib/modules-load.d ( Closes: #753762 ) + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Mon, 02 Jun 2014 20:46:28 +0200 + +ipmitool (1.8.14-2) unstable; urgency=medium + + * patch 115-lib_declarations.patch + - lib/kontronoem.c + correct declaration of write_fru_area ( Closes: #749913 ) + * remove hardening-wrapper from build-Depends + * add ipmi* kernel-modules to startup-script + ( LP: #908112 ) + * add debian/systemd/ipmitool.conf to load + ipmi* kernel-modules under systemd + * add debian/source/option + compression xy / level 9 + + [ Gerald Turner <gturner@unzane.com> ] + * changes on systemd startup scripts ( Closes: #750003 ) + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Tue, 27 May 2014 14:53:55 +0200 + +ipmitool (1.8.14-1) unstable; urgency=medium + + * remove debian/README.debian + * remove debian/dirs + * add debian/ipmitool.ipmievd.default + - default ipmievd start is disabled + * add patch + - 096-manpage_longlines.patch + - 097-source_typo.patch + - 098-manpage_typo.patch + - fix "tiny misprint" ( Closes: #554348 ) + * add systemd + * rewrite debian/copyright + * add debian/source/format + * debian/control + - add homepage ( Closes: #744283 ) + - bump Standards-Version to 3.9.5 + - remove unused Build-Depends + - quilt + * change to upstream version 1.8.14 + - fix FTBFS on kfreebsd ( Closes: #725476 ) + * Bumps compat to 9 + * New maintainer ( Closes: #748487 ) + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Sun, 18 May 2014 17:40:37 +0200 + +ipmitool (1.8.13-1) unstable; urgency=low + + * New upstream release + - Fixes regression in default cipher suite selection (Closes: #708621). + + -- Luk Claes <luk@debian.org> Wed, 18 Sep 2013 07:45:10 +0200 + +ipmitool (1.8.12-1) unstable; urgency=low + + * Merge new upstream from Ubuntu (Closes: #692292). + + -- Luk Claes <luk@debian.org> Tue, 07 May 2013 18:12:12 +0200 + +ipmitool (1.8.12-0ubuntu2) raring; urgency=low + + * debian/patches/big_endian: cherry-pick missing includes from upstream; + fixes FTBFS on powerpc. + + -- Robie Basak <robie.basak@canonical.com> Tue, 05 Mar 2013 13:38:42 +0000 + +ipmitool (1.8.12-0ubuntu1) raring; urgency=low + + * New upstream release (LP: #1074443): + - Dropped patches: + + fix_sdr_segfault: ipmi_sdr_print_sensor_compact no longer + exists upstream. + + dell_*: merged upstream. + + -- Robie Basak <robie.basak@canonical.com> Mon, 04 Mar 2013 12:13:46 +0000 + +ipmitool (1.8.11-5ubuntu1) precise; urgency=low + + * Merge from Debian testing (LP: #914920). Remaining changes: + - debian/contol: + + Changed openipmi from Suggests to Recommends + - debian/copyright: + + Add DELL copyright notice. + - Apply a series of 6 patches from upstream's patch tracker to + add DELL specific commands (delloem) + * Drop changes: + - Add armel/armhf support, now Architecture is any + - 101_fix_buf_overflow.patch now in debian + + -- Leo Iannacone <l3on@ubuntu.com> Wed, 11 Jan 2012 18:49:15 +0100 + +ipmitool (1.8.11-5) unstable; urgency=high + + * debian/control: Add libncurses-dev build dependency + * Don't set umask to fix CVE-2011-4339 (Closes: #651917). + + -- Luk Claes <luk@debian.org> Wed, 28 Dec 2011 12:34:15 +0100 + +ipmitool (1.8.11-4) unstable; urgency=low + + * debian/control: + - Add ${misc:Depends} so deps can be added by debhelper. + * debian/README.source: Add reference to quilt docs. + * debian/ipmitool.ipmievd.init: + - Test if /etc/default/rcS exists, before executing it. + - Add status support (Closes: #536119). + * debian/ipmitool.{post,pre}{inst,rm}: Add -e. + * Fix buffer overflow in tsol session. + * Update Vcs-Browser as URL mentioned within Alioth's gitweb + interface does not work. + + -- Luk Claes <luk@debian.org> Thu, 22 Sep 2011 07:49:10 +0200 + +ipmitool (1.8.11-3) unstable; urgency=high + + * debian/control: + - Add myself as co-maintainer. + - Add Vcs entries. + - Update Architecture to any as ipmitool can be used for + remote devices (Closes: #578492). + * Only approach rsp->data when rsp is set (Closes: #637423). + + -- Luk Claes <luk@debian.org> Mon, 19 Sep 2011 19:35:04 +0200 + +ipmitool (1.8.11-2ubuntu6) oneiric; urgency=low + + * Add armel/armhf support + + -- Michael Casadevall <mcasadevall@ubuntu.com> Wed, 05 Oct 2011 15:04:58 -0700 + +ipmitool (1.8.11-2ubuntu5) oneiric; urgency=low + + * Rebuild for OpenSSL 1.0.0. + + -- Colin Watson <cjwatson@ubuntu.com> Wed, 18 May 2011 00:10:19 +0100 + +ipmitool (1.8.11-2ubuntu4) natty; urgency=low + + * Changed openipmi from Suggests to Recommends to ensure + it's installed too. (LP: #110992) + + -- Jeff Lane <jeff@ubuntu.com> Wed, 09 Mar 2011 10:40:28 -0500 + +ipmitool (1.8.11-2ubuntu3) maverick; urgency=low + + * debian/patches/101_fix_buf_overflow.patch: Add patch to fix buffer overflow. + (LP: #633054) + + -- Chuck Short <zulcss@ubuntu.com> Wed, 08 Sep 2010 09:11:26 -0400 + +ipmitool (1.8.11-2ubuntu2) maverick; urgency=low + + * Actually remove 30_ipmi_delloem.patch this time. + + -- Stefano Rivera <stefano@rivera.za.net> Mon, 28 Jun 2010 12:47:48 +0200 + +ipmitool (1.8.11-2ubuntu1) maverick; urgency=low + + [ Lorenzo De Liso ] + * Merge from debian unstable (LP: #598993), remaining changes: + - debian/copyright: + + Add DELL copyright notice. + + [ Stefano Rivera ] + * Replaced 30_ipmi_delloem.patch (never accepted upstream) with a new series + of 6 patches from upstream's patch tracker. + + -- Lorenzo De Liso <blackz@ubuntu.com> Sun, 27 Jun 2010 12:26:30 +0200 + +ipmitool (1.8.11-2) unstable; urgency=low + + * Fix password reading (Patch from Kris Popendorf + <08kcn0b02@sneakemail.com> closes: #559363) + * Remove libreadline5-dev dependency in favour of libreadline-dev + (Closes: #553788) + + -- Matthew Johnson <mjj29@debian.org> Sun, 06 Dec 2009 00:05:49 +0000 + +ipmitool (1.8.11-1ubuntu1) karmic; urgency=low + + * Merge from debian unstable, remaining changes: + + debian/control: + - change Maintainer field according to specs. + + debian/patches/30_ipmi_delloem:.patch: + - Rediffed due to version bump. + - Dropped dpatchiness. + + debian/copyright: + - Add DELL copyright notice. + + -- Chuck Short <zulcss@ubuntu.com> Mon, 23 Mar 2009 00:01:26 +0000 + +ipmitool (1.8.11-1) unstable; urgency=low + + * New upstream release + * Change to quilt rather than dpatch + * Refresh config.sub/config.guess in configure + * Bump standards version + + -- Matthew Johnson <mjj29@debian.org> Sun, 22 Mar 2009 16:44:06 +0000 + +ipmitool (1.8.9-2ubuntu1) jaunty; urgency=low + + * debian/patches/30_ipmi_delloem: + - add DELL specific commands (delloem) + * debian/patches/20_ipmi_ipmi: + - clean up *.orig + * debian/patches/20_ipmi_isol: + - clean up *.orig + * debian/copyright: + - add DELL copyright notice + * debian/control: + - change Maintainer field + + -- Ante Karamatic <ivoks@ubuntu.com> Wed, 18 Feb 2009 08:48:33 +0100 + +ipmitool (1.8.9-2) unstable; urgency=medium + + * Change pidfile name to the one it actually is. (Closes: #508434) + * Fix typo in README (Closes: #508231) + * Make sdr/Temperatures reading working again (Closes: #507760): + - Add patch to revert some bits from 1.8.8 to 1.8.9: + 20_ipmi_sdr.dpatch (Patch from Cyril Brulebois + <cyril.brulebois@kerlabs.com>) + * Bump Standards-Version + * Remove empty /usr/share/ipmitool directory + + -- Matthew Johnson <mjj29@debian.org> Tue, 19 Feb 2008 15:21:40 +0000 + +ipmitool (1.8.9-1) unstable; urgency=low + + * Adopt package (Closes: #432027) + * New upstream release + - Closes: #422864 + - Closes: #377628 + * Add patch to fix segfault (Closes: #389741) + * Add patch to fix isol (Closes: #412816) + * Add watch file + * Move from DH_COMPAT to debian/compat + * Bump to dephelper v5 + + -- Matthew Johnson <mjj29@debian.org> Thu, 13 Dec 2007 10:25:22 +0000 + +ipmitool (1.8.8-3.1) unstable; urgency=high + + * Non-maintainer upload. + * High urgency for RC bug fix. + * Fix build with linux-libc-dev (closes: #428929). + * Fix debian/rules to not rerun configure in the binary target. + + -- Julien Cristau <jcristau@debian.org> Fri, 20 Jul 2007 16:29:18 +0200 + +ipmitool (1.8.8-3) unstable; urgency=low + + * Ported fix to ipmievd from upstream version 1.8.9 (Closes: #408536): + - fix ipmievd fd closing bug. Patch from Rupert Hair. + * Started using dpatch to apply patches. Added dpatch to build dependencies. + * Add powerpc to the list of supported archs (Closes: #405455) + + -- Petter Reinholdtsen <pere@debian.org> Tue, 03 Apr 2007 16:37:45 +0200 + +ipmitool (1.8.8-2) unstable; urgency=low + + * Add handler for the ipmievd init.d script failure during removal and + installation. If it fail during installation, update + /etc/default/ipmievd to disable ipmievd. + + -- Petter Reinholdtsen <pere@debian.org> Sun, 1 Oct 2006 11:21:44 +0200 + +ipmitool (1.8.8-1) unstable; urgency=low + + * New upstream release. + - Daemon now tries to access device before it forks, and thus will + report errors to the init.d script if it fail. (Closes: #362425) + * Make it possible to disable ipmievd by setting ENABLED=false in + /etc/defaults/ipmievd. (Closes: #370511) + * Add --oknodo as start-stop-daemon argument when stopping ipmievd, + to avoid returning an error if it is not running. (Closes: #370509) + * Update standards-version from 3.6.2.1 to 3.7.2. No changes needed. + * Correct dependency and runlevel info in init.d script. + + -- Petter Reinholdtsen <pere@debian.org> Fri, 29 Sep 2006 19:16:41 +0200 + +ipmitool (1.8.7-2) unstable; urgency=low + + * Fix typo in init.d/ipmievd. (Closes: #361309) + + -- Petter Reinholdtsen <pere@debian.org> Sat, 8 Apr 2006 06:44:31 +0200 + +ipmitool (1.8.7-1) unstable; urgency=low + + * New upstream version. + - Dropped nuclear clause from the copyright. Updated debian/copyright + to reflect this. + - ipmievd now store pid in /var/run/ipmievd.pid. Adjust init.d + script to use it. + * Rename /etc/default/ipmievd variable IPMIEVD_OPTS is renamed to + IPMIEVD_OPTIONS to stay compatible with upstream and other + distributions. Add backwards compatibility code with a warning to + the users of the old variable. + + -- Petter Reinholdtsen <pere@debian.org> Sun, 26 Mar 2006 21:11:08 +0200 + +ipmitool (1.8.6-2) unstable; urgency=low + + * Add ia64 as an supported arch. (Closes: #355930) + + -- Petter Reinholdtsen <pere@debian.org> Fri, 10 Mar 2006 23:34:50 +0100 + +ipmitool (1.8.6-1) unstable; urgency=low + + * New upstream version. + - Avoid crashing when setting lan IP address. (Closes: #351205) + * Avoid changing history by reverding upstream change + to email addresses in debian/changelog. + * Correct typo in control file: Suggest -> Suggests. Thanks + to Philipp Matthias Hahn for the report. + * Add init.d/ipmievd script. Based on script from Elmar Hoffmann, + slightly modified to use lsb-base functions. Added dependency on + lsb-base. (Closes: #345994) + + -- Petter Reinholdtsen <pere@debian.org> Sun, 26 Feb 2006 10:31:14 +0100 + +ipmitool (1.8.2-2) unstable; urgency=low + + * Add build-dependency on 'libreadline5-dev | libreadline-dev' to make + sure all archs get readline support. (Closes: #326341) + * Add build-dependency on libssl-dev to enable SSL support on + all archs. + * Updated Standards-Version to 3.6.2.1. (No updates required) + + -- Petter Reinholdtsen <pere@debian.org> Sat, 3 Sep 2005 19:18:51 +0200 + +ipmitool (1.8.2-1) unstable; urgency=low + + * New upstream release. + - Fix FRU reading for large (>255 bytes) areas. + - Overhaul to ipmievd to support SEL polling in addition to OpenIPMI. + - Fix LAN parameter segfault when no Ciphers supported by + BMC. (Closes: #306806) + - Fix IPMIv2 support on Intel v2 BMCs (use -o intelplus). + - Separate option parsing code from main ipmitool source file. + - Add raw I2C support with IPMI Master Read-Write command. + - Add support for new 'sdr elist' extended output format. + - Add support for listing sensors by type with 'sdr type' command. + - Add support for new 'sel elist' extended output format that + cross-references events with sensors. + - Add support for sending dynamically generated platform events + based on existing sensor information. + - New '-S' argument to read local SDR cache created with 'sdr dump'. + - Updated manpage for ipmitool and ipmievd. (Closes: #306894) + * Correct the upstream URL in debian/changelog to the current one. + * Suggest package openipmi. (Closes: #305629) + * Add debian/watch file to detect new source versions. + + -- Petter Reinholdtsen <pere@debian.org> Sun, 5 Jun 2005 10:29:18 +0200 + +ipmitool (1.8.1-1) unstable; urgency=low + + * New upstream release. + * Install ipmievd into /usr/sbin/. + + -- Petter Reinholdtsen <pere@debian.org> Thu, 7 Apr 2005 01:18:44 +0200 + +ipmitool (1.8.0-1) unstable; urgency=low + + * Initial upload into Debian, based on the upstream build + rules. (Closes: #299924) + * Convert debian/changelog to UTF-8. + * Change section from 'contrib' to 'utils'. + * Build-depend on debhelper (>> 4.0.0) to match the rules file. + * Set Standards-version to 3.6.1. + * Make sure binary dependency is properly generated. + * Add long description, copied from the project README. + * Drop useless provides 'ipmitool', as the package is called 'ipmitool'. + * Don't install the COPYING file, as the license text already is + included in debian/copyright. + * Remove unused parts of the rules file. + * Correct clean target in rules file, to use 'distclean' and remove + configure-stamp not bogus config-stamp. + + -- Petter Reinholdtsen <pere@debian.org> Sun, 3 Apr 2005 20:52:02 +0200 + +ipmitool (1.8.0) unstable; urgency=low + + * Fix IPMIv2.0 issues + * Fix chassis boot parameter support + * Add support for linear sensors + + -- Duncan Laurie <duncan@iceblink.org> Wed, 16 Mar 2005 17:08:12 -0700 + +ipmitool (1.7.1) unstable; urgency=low + + * Update bmc plugin to work with new Solaris bmc driver (new ioctl + for interface detection and new STREAMS message-based interface). + + -- Seth Goldberg <sethmeisterg@hotmail.com> Mon, 7 Mar 2005 18:03:00 -0800 + +ipmitool (1.7.0) unstable; urgency=low + + * Propogate errors correctly so exit status will be useful + * More consistent display of errors including completion code text + * Errors and debug is send to stderr now + * New "sel get" command that will print details about SEL entry + and corresponding SDR records as well as FRUs via entity association + * Improved event generator, now supports reading events from text file + * New "-o oemtype" option for specifying OEM boards + exsting types are "supermicro" and "intelwv2" + * New PEF subsystem + * New "bmc" plugin for Solaris 10 x86 + * Many bugfixes and contributed patches + + -- Duncan Laurie <duncan@iceblink.org> Fri, 7 Jan 2005 19:58:22 -0700 + +ipmitool (1.6.2) unstable; urgency=low + + * Support for Supermicro BMC OEM authentication method + + -- Duncan Laurie <duncan@iceblink.org> Mon, 16 Nov 2004 08:20:01 -0700 + +ipmitool (1.6.1) unstable; urgency=low + + * Fix minor problem with LAN parameter setting + + -- Duncan Laurie <duncan@iceblink.org> Wed, 29 Sep 2004 11:19:17 -0700 + +ipmitool (1.6.0) unstable; urgency=low + + * Add a README + * Add support for IPMIv2 and Serial-over-LAN from Newisys + * Add Solaris x86 lipmi interface + * Add support for building Solaris packages + * Add support for building RPMs as non-root user + * Fix segfault when doing "sel list" (from Matthew Braithwaite) + * Fix "chassis identify" on some BMCs (from ebrower@sourceforge) + * Add "bmc info" and related output (from ebrower@sourceforge) + * new "shell" and "exec" commands + * lots of other contributed patches + + -- Duncan Laurie <duncan@iceblink.org> Thu, 9 Sep 2004 21:39:37 -0700 + +ipmitool (1.5.9) unstable; urgency=low + + * Add ability to get a particular sensor by name + * Add ability to set a particular sensor threshold + * Add support for displaying V2 channel authentication levels + * Add README for rrdtool scripts in contrib directory + * Improve lan interface retry handling + * Support prompting for password or reading from environment + * Move chaninfo command into channel subcommand + * Fix reservation ID handling when two sessions open to BMC + * Fix reading of large FRU data + * Add configure option for changing binary to ipmiadm for Solaris + * Fix compile problem on Solaris 8 + + -- Duncan Laurie <duncan@sun.com> Sat, 27 Mar 2004 00:11:37 -0700 + +ipmitool (1.5.8) unstable; urgency=low + + * Enable static compilation of interfaces + * Fix types to be 64-bit safe + * Fix compilation problems on Solaris + * Fix multiple big-endian problems for Solaris/SPARC + * Fix channel access to save settings to NVRAM + * Set channel privilege limit to ADMIN during "access on" + * Enable gratuitous ARP in bmcautoconf.sh + * Add support for Linux kernel panic messages in SEL output + * Add support for type 3 SDR records + + -- Duncan Laurie <duncan@sun.com> Tue, 27 Jan 2004 16:23:25 -0700 + +ipmitool (1.5.7) unstable; urgency=low + + * add IPMIv1.5 eratta fixes + * additions to FRU printing and FRU multirecords + * better handling of SDR printing + * contrib scripts for creating rrdtool graphs + + -- Duncan Laurie <duncan@sun.com> Mon, 5 Jan 2004 17:29:50 -0700 + +ipmitool (1.5.6) unstable; urgency=low + + * Fix SEL event decoding for generic events + * Handle empty SEL gracefully when doing "sel list" + * Fix sdr handling of sensors that do not return a reading + * Fix for CSV display of sensor readings/units from Fredrik Öhrn + + -- Duncan Laurie <duncan@sun.com> Thu, 4 Dec 2003 14:47:19 -0700 + +ipmitool (1.5.5) unstable; urgency=low + + * Add -U option for setting LAN username + * Fix -v usage for plugin interfaces + + -- Duncan Laurie <duncan@sun.com> Tue, 25 Nov 2003 15:10:48 -0700 + +ipmitool (1.5.4) unstable; urgency=low + + * Put interface plugin API into library + * Fix ipmievd + + -- Duncan Laurie <duncan@sun.com> Fri, 14 Nov 2003 15:16:34 -0700 + +ipmitool (1.5.3) unstable; urgency=low + + * Add -g option to work with grizzly bmc + + -- Duncan Laurie <duncan@sun.com> Mon, 3 Nov 2003 18:04:07 -0700 + +ipmitool (1.5.2) unstable; urgency=low + + * add support for setting gratuitous arp interval + + -- Duncan Laurie <duncan@sun.com> Fri, 24 Oct 2003 11:00:00 -0700 + +ipmitool (1.5.1) unstable; urgency=low + + * better SEL support + * fix display bug in SDR list + + -- Duncan Laurie <duncan@sun.com> Wed, 8 Oct 2003 17:28:51 -0700 + +ipmitool (1.5.0) unstable; urgency=low + + * more robust UDP packet handling + * add Intel IMB driver support + * use autoconf/automake/libtool + + -- Duncan Laurie <duncan@sun.com> Fri, 5 Sep 2003 11:57:32 -0700 + +ipmitool (1.2-1) unstable; urgency=low + + * New command line option parsing + * More chassis commands supported + + -- Duncan Laurie <duncan@sun.com> Wed, 2 Apr 2003 17:44:17 -0700 + +ipmitool (1.1-1) unstable; urgency=low + + * Minor fixes. + + -- Duncan Laurie <duncan@sun.com> Tue, 1 Apr 2003 14:31:10 -0700 + +ipmitool (1.0-1) unstable; urgency=low + + * Initial Release. + + -- Duncan Laurie <duncan@sun.com> Sun, 30 Mar 2003 21:30:46 -0700 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..06e676a --- /dev/null +++ b/debian/control @@ -0,0 +1,43 @@ +Source: ipmitool +Section: utils +Priority: optional +Maintainer: Jörg Frings-Fürst <debian@jff.email> +Build-Depends: + debhelper-compat (= 13), + init-system-helpers (>= 1.58), + libncurses-dev, + libfreeipmi-dev [!hurd-i386], + libreadline-dev, + libssl-dev +Standards-Version: 4.6.0.0 +Rules-Requires-Root: no +Vcs-Git: git://jff.email/opt/git/ipmitool.git +Vcs-Browser: https://jff.email/cgit/ipmitool.git +Homepage: https://github.com/ipmitool/ipmitool + +Package: ipmitool +Architecture: any +Depends: + ${misc:Depends}, + ${shlibs:Depends}, + lsb-base (>= 3.0-6) +Pre-Depends: + ${misc:Pre-Depends} +Recommends: openipmi +Description: utility for IPMI control with kernel driver or LAN interface (daemon) + A utility for managing and configuring devices that support the + Intelligent Platform Management Interface. IPMI is an open standard + for monitoring, logging, recovery, inventory, and control of hardware + that is implemented independent of the main CPU, BIOS, and OS. The + service processor (or Baseboard Management Controller, BMC) is the + brain behind platform management and its primary purpose is to handle + the autonomous sensor monitoring and event logging features. + . + The ipmitool program provides a simple command-line interface to this + BMC. It features the ability to read the sensor data repository + (SDR) and print sensor values, display the contents of the System + Event Log (SEL), print Field Replaceable Unit (FRU) inventory + information, read and set LAN configuration parameters, and perform + remote chassis power control. + . + This package contains the daemon. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..5e6d315 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,64 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0 +Source: https://github.com/ipmitool/ipmitool + +Files: * +Copyright: 1999-2002 Aladdin Enterprises + 2002-2008 Intel Corporation + 2003 Elmar Hoffmann + 2003-2007 Kontron Canada, Inc. + 2003 Ducan Laurie + 2003-2004 Fredrik Ohrn + 2003-2005 Sun Microsystems, Inc. + 2004-2008 Dell Inc. + 2005 International Business Machines, Inc. + 2005 Tyan Computer Corp + 2009-2014 Oracle and/or its affiliates. + 2012 Hewlett-Packard Development Company, L.P. + 2012 Pigeon Point Systems + 2013-2016 Zdenek Styblik + 2014 Jörg Frings-Fürst +License: BSD-3-clause + +Files: debian/* +Copyright: 2003-2005 Duncan Laurie <duncan@sun.com> + 2005 Seth Goldberg <sethmeisterg@hotmail.com> + 2005-2007 Petter Reinholdtsen <pere@debian.org> + 2007 Julien Cristau <jcristau@debian.org> + 2008-2009 Matthew Johnson <mjj29@debian.org> + 2009 Chuck Short <zulcss@ubuntu.com> + 2010 Lorenzo De Liso <blackz@ubuntu.com> + 2010 Stefano Rivera <stefano@rivera.za.net> + 2011 Jeff Lane <jeff@ubuntu.com> + 2011 Colin Watson <cjwatson@ubuntu.com> + 2011 Michael Casadevall <mcasadevall@ubuntu.com> + 2011-2013 Luk Claes <luk@debian.org> + 2012 Leo Iannacone <l3on@ubuntu.com> + 2013 Robie Basak <robie.basak@canonical.com> + 2014-2021 Jörg Frings-Fürst <debian@jff.email> +License: BSD-3-clause + +License: BSD-3-clause + All rights reserved. + . + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. The name of the author may not be used to endorse or promote products + derived from this software without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. diff --git a/debian/ipmitool.docs b/debian/ipmitool.docs new file mode 100644 index 0000000..55bc0a6 --- /dev/null +++ b/debian/ipmitool.docs @@ -0,0 +1,2 @@ +README +AUTHORS diff --git a/debian/ipmitool.ipmievd.init b/debian/ipmitool.ipmievd.init new file mode 100644 index 0000000..dcd0c28 --- /dev/null +++ b/debian/ipmitool.ipmievd.init @@ -0,0 +1,126 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: ipmievd +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: IPMI event daemon +# Description: ipmievd is a daemon which will listen for events +# from the BMC that are being sent to the SEL and +# also log those messages to syslog. +### END INIT INFO +# +# Author: Elmar Hoffmann <elho@elho.net> +# Licence: This script is public domain using the same +# licence as ipmitool itself. +# Modified by: Petter Reinholdtsen +# Jörg Frings-Fürst 2014-06-01 + +set -e + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DESC="IPMI event daemon" +NAME=ipmievd +DAEMON=/usr/sbin/$NAME +PIDFILE=/var/run/$NAME.pid0 +SCRIPTNAME=/etc/init.d/$NAME +ENABLED=true + +# Gracefully exit if the package has been removed. +test -x $DAEMON || exit 0 + +. /lib/lsb/init-functions +test -r /etc/default/rcS && . /etc/default/rcS + +# Options used by ipmievd. +# +# "open" uses the asynchronous event notification from the OpenIPMI +# kernel driver, "sel" uses active polling of the contents of the SEL +# for new events. +# +# Need to force 'daemon' mode, to make sure messages are sent to +# syslog and the program forks into the background. +# +# Se ipmievd(8) for more info. +IPMIEVD_OPTIONS="open daemon" + +# +# requested kernelmodules +# +#REQMODULES="ipmi_devintf ipmi_msghandler ipmi_poweroff ipmi_si ipmi_watchdog" +REQMODULES="" + +# Read config file if it is present. +[ -f /etc/default/$NAME ] && . /etc/default/$NAME + +test "$ENABLED" != "false" || exit 0 + +# Backwards compatibility with version 1.8.6-2 and 1.8.6-1. The +# variable was renamed to be compatible with upstream, SuSe and RedHat. +if [ -n "$IPMIEVD_OPTS" ]; then + echo "warning: /etc/default/$NAME variable IPMIEVD_OPTS should be renamed to IPMIEVD_OPTIONS" + IPMIEVD_OPTIONS="$IPMIEVD_OPTS" +fi + +# +# function to load requested kernelmodules +do_modprobe() { + if [ -x /sbin/modprobe -a -f /proc/modules ] + then + modprobe -q "$1" || true + fi +} + +# +# Function that starts the daemon/service. +# +d_start() { + start-stop-daemon --start --quiet --exec $DAEMON --pidfile $PIDFILE -- $IPMIEVD_OPTIONS +} + +# +# Function that stops the daemon/service. +# +d_stop() { + start-stop-daemon --stop --oknodo --quiet --name $NAME --exec $DAEMON --pidfile $PIDFILE +} + +CODE=0 + +case "$1" in + start) + # load kernelmodules + for rmod in ${REQMODULES} + do + do_modprobe ${rmod} + done + [ "$VERBOSE" != no ] && log_begin_msg "Starting $DESC" "$NAME" + d_start || CODE=$? + [ "$VERBOSE" != no ] && log_end_msg $CODE + exit $CODE + ;; + stop) + log_begin_msg "Stopping $DESC" "$NAME" + d_stop || CODE=$? + log_end_msg $CODE + exit $CODE + ;; + restart|force-reload) + log_begin_msg "Restarting $DESC" "$NAME" + d_stop || true + sleep 1 + d_start || CODE=$? + log_end_msg $CODE + exit $CODE + ;; + status) + status_of_proc $DAEMON $NAME + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/debian/ipmitool.ipmievd.service b/debian/ipmitool.ipmievd.service new file mode 120000 index 0000000..1ca4cb1 --- /dev/null +++ b/debian/ipmitool.ipmievd.service @@ -0,0 +1 @@ +systemd/ipmitool.ipmievd.service
\ No newline at end of file diff --git a/debian/ipmitool.maintscript b/debian/ipmitool.maintscript new file mode 100644 index 0000000..7761b8a --- /dev/null +++ b/debian/ipmitool.maintscript @@ -0,0 +1 @@ +rm_conffile /etc/default/ipmitool 1.8.18-11~ ipmitool diff --git a/debian/ipmitool.manpages b/debian/ipmitool.manpages new file mode 100644 index 0000000..ee0c5db --- /dev/null +++ b/debian/ipmitool.manpages @@ -0,0 +1,2 @@ +doc/ipmievd.8 +doc/ipmitool.1 diff --git a/debian/ipmitool.postinst b/debian/ipmitool.postinst new file mode 100644 index 0000000..b09b515 --- /dev/null +++ b/debian/ipmitool.postinst @@ -0,0 +1,17 @@ +#!/bin/sh + +set -e + + +ipmievd_initd_failed() { + echo "Unable to start ipmievd during installation. Trying to disable." + if [ -f /etc/default/ipmievd ] && \ + grep -q ^ENABLED=\"false\" /etc/default/ipmievd ; then + : + else + touch /etc/default/ipmievd + echo "ENABLED=\"false\"" >> /etc/default/ipmievd + fi +} + +#DEBHELPER# diff --git a/debian/ipmitool.postrm b/debian/ipmitool.postrm new file mode 100644 index 0000000..6cd9693 --- /dev/null +++ b/debian/ipmitool.postrm @@ -0,0 +1,10 @@ +#!/bin/sh + +set -e + + +ipmievd_initd_failed() { + : +} + +#DEBHELPER# diff --git a/debian/ipmitool.prerm b/debian/ipmitool.prerm new file mode 100644 index 0000000..b45afde --- /dev/null +++ b/debian/ipmitool.prerm @@ -0,0 +1,9 @@ +#!/bin/sh + +set -e + +ipmievd_initd_failed() { + : +} + +#DEBHELPER# diff --git a/debian/patches/0005-gcc10.patch b/debian/patches/0005-gcc10.patch new file mode 100644 index 0000000..a4e5d8a --- /dev/null +++ b/debian/patches/0005-gcc10.patch @@ -0,0 +1,63 @@ +Description: Fix ftbfs with gcc-10 +Author: Jörg Frings-Fürst <debian@jff.email> +Bug: https://github.com/ipmitool/ipmitool/issues/220 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=957371 +Last-Update: 2020-07-28 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/include/ipmitool/ipmi_hpmfwupg.h +=================================================================== +--- trunk.orig/include/ipmitool/ipmi_hpmfwupg.h ++++ trunk/include/ipmitool/ipmi_hpmfwupg.h +@@ -30,9 +30,22 @@ + * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + */ + ++ + #ifndef IPMI_HPMFWUPG_H + #define IPMI_HPMFWUPG_H + ++ ++#ifdef IPMI_HPMFWUPG_MOD ++ ++ #define EXTERN ++ ++#else ++ ++ #define EXTERN extern ++ ++#endif ++ ++ + #include <inttypes.h> + #include <ipmitool/ipmi.h> + +@@ -800,10 +813,12 @@ typedef struct _VERSIONINFO { + char descString[HPMFWUPG_DESC_STRING_LENGTH + 1]; + }VERSIONINFO, *PVERSIONINFO; + +-VERSIONINFO gVersionInfo[HPMFWUPG_COMPONENT_ID_MAX]; ++EXTERN VERSIONINFO gVersionInfo[HPMFWUPG_COMPONENT_ID_MAX]; + + #define TARGET_VER (0x01) + #define ROLLBACK_VER (0x02) + #define IMAGE_VER (0x04) + + #endif /* IPMI_KFWUM_H */ ++ ++#undef EXTERN +Index: trunk/lib/ipmi_hpmfwupg.c +=================================================================== +--- trunk.orig/lib/ipmi_hpmfwupg.c ++++ trunk/lib/ipmi_hpmfwupg.c +@@ -37,7 +37,10 @@ + + #include <ipmitool/ipmi_intf.h> + #include <ipmitool/ipmi_mc.h> ++ ++#define IPMI_HPMFWUPG_MOD + #include <ipmitool/ipmi_hpmfwupg.h> ++ + #include <ipmitool/helper.h> + #include <ipmitool/ipmi_strings.h> + #include <ipmitool/log.h> diff --git a/debian/patches/0010-utf8.patch b/debian/patches/0010-utf8.patch new file mode 100644 index 0000000..3bc474a --- /dev/null +++ b/debian/patches/0010-utf8.patch @@ -0,0 +1,17 @@ +Description: conv AUTHORS to UTF-8 +Author: Jörg Frings-Fürst <debian@jff.email> +Forwarded: not-needed +Last-Update: 2020-07-28 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/AUTHORS +=================================================================== +--- trunk.orig/AUTHORS ++++ trunk/AUTHORS +@@ -1,5 +1,5 @@ + Duncan Laurie <duncan@iceblink.org> +-Fredrik Öhrn <ohrn@chl.chalmers.se> ++Fredrik Öhrn <ohrn@chl.chalmers.se> + Jon Cassorla <jon.cassorla@newisys.com> + Jeremy Ellington <jeremy@jeremye.net> + Petter Reinholdtsen <pere@hungry.com> diff --git a/debian/patches/0100-fix_buf_overflow.patch b/debian/patches/0100-fix_buf_overflow.patch new file mode 100644 index 0000000..174d205 --- /dev/null +++ b/debian/patches/0100-fix_buf_overflow.patch @@ -0,0 +1,22 @@ +Description: fix buffer overflow + based on 101_fix_buf_overflow from Leo Iannacone <l3on@ubuntu.com> +Author: Jörg Frings-Fürst <debian@jff-webhosting.net> +Bug: TSOL buffer overflow +Bug-ubuntu: https://bugs.launchpad.net/ubuntu/+source/ipmitool/+bug/633054 +Forwarded: https://sourceforge.net/p/ipmitool/patches/100/ +Last-Update: 2014-12-01 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/lib/ipmi_tsol.c +=================================================================== +--- trunk.orig/lib/ipmi_tsol.c ++++ trunk/lib/ipmi_tsol.c +@@ -375,7 +375,7 @@ ipmi_tsol_main(struct ipmi_intf *intf, i + char *recvip = NULL; + char in_buff[IPMI_BUF_SIZE]; + char out_buff[IPMI_BUF_SIZE * 8]; +- char buff[IPMI_BUF_SIZE + 4]; ++ char buff[IPMI_BUF_SIZE * 8 + 4]; + int fd_socket, result, i; + int out_buff_fill, in_buff_fill; + int ip1, ip2, ip3, ip4; diff --git a/debian/patches/0110-getpass-prototype.patch b/debian/patches/0110-getpass-prototype.patch new file mode 100644 index 0000000..ecd8ee9 --- /dev/null +++ b/debian/patches/0110-getpass-prototype.patch @@ -0,0 +1,23 @@ +Description: use necessary source dialect to ensure getpass() availability + getpass is a deprecated function, and building with either c99 or gnu99 + does not ensure this function's availability. So instead, declare + _DEFAULT_SOURCE so that the function remains available. +Author: Steve Langasek <steve.langasek@ubuntu.com> +Origin: <upstream|backport|vendor|other>, <URL, required except if Author is present> +Bug: <URL to the upstream bug report if any, implies patch has been forwarded, optional> +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819340 +Last-Update: 2016-05-15 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/lib/ipmi_main.c +=================================================================== +--- trunk.orig/lib/ipmi_main.c ++++ trunk/lib/ipmi_main.c +@@ -34,6 +34,7 @@ + (_XOPEN_SOURCE >= 500 || \ + _XOPEN_SOURCE && _XOPEN_SOURCE_EXTENDED) && \ + !(_POSIX_C_SOURCE >= 200112L || _XOPEN_SOURCE >= 600) ++#define _DEFAULT_SOURCE + + #include <stdlib.h> + #include <stdio.h> diff --git a/debian/patches/0115-typo.patch b/debian/patches/0115-typo.patch new file mode 100644 index 0000000..e8f762c --- /dev/null +++ b/debian/patches/0115-typo.patch @@ -0,0 +1,164 @@ +Description: source typos +Author: Jörg Frings-Fürst <debian@jff-webhosting.net> +Forwarded: not-needed +Last-Update: 2017-08-13 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/lib/dimm_spd.c +=================================================================== +--- trunk.orig/lib/dimm_spd.c ++++ trunk/lib/dimm_spd.c +@@ -798,7 +798,7 @@ const struct valstr jedec_id5_vals[] = { + { 0xE3, "WIS Technologies" }, + { 0x64, "GateChange Technologies" }, + { 0xE5, "High Density Devices AS" }, +- { 0xE6, "Synopsys" }, ++ { 0xE6, "Synopsis" }, + { 0x67, "Gigaram" }, + { 0x68, "Enigma Semiconductor Inc." }, + { 0xE9, "Century Micro Inc." }, +Index: trunk/lib/ipmi_hpmfwupg.c +=================================================================== +--- trunk.orig/lib/ipmi_hpmfwupg.c ++++ trunk/lib/ipmi_hpmfwupg.c +@@ -1507,7 +1507,7 @@ HpmfwupgGetTargetUpgCapabilities(struct + pCtx->resp.GlobalCapabilities.bitField.autRollbackOverride ? 'y' : 'n'); + lprintf(LOG_NOTICE, "IPMC degraded...........[%c] ", + pCtx->resp.GlobalCapabilities.bitField.ipmcDegradedDurinUpg ? 'y' : 'n'); +- lprintf(LOG_NOTICE, "Defered activation......[%c] ", ++ lprintf(LOG_NOTICE, "Deferred activation......[%c] ", + pCtx->resp.GlobalCapabilities.bitField.deferActivation ? 'y' : 'n'); + lprintf(LOG_NOTICE, "Service affected........[%c] ", + pCtx->resp.GlobalCapabilities.bitField.servAffectDuringUpg ? 'y' : 'n'); +Index: trunk/lib/ipmi_kontronoem.c +=================================================================== +--- trunk.orig/lib/ipmi_kontronoem.c ++++ trunk/lib/ipmi_kontronoem.c +@@ -85,7 +85,7 @@ ipmi_kontronoem_main(struct ipmi_intf *i + return (-1); + } + if (ipmi_kontron_set_serial_number(intf) > 0) { +- printf("FRU serial number setted successfully\n"); ++ printf("FRU serial number set successfully\n"); + } else { + printf("FRU serial number set failed\n"); + rc = (-1); +@@ -96,7 +96,7 @@ ipmi_kontronoem_main(struct ipmi_intf *i + return (-1); + } + if (ipmi_kontron_set_mfg_date(intf) > 0) { +- printf("FRU manufacturing date setted successfully\n"); ++ printf("FRU manufacturing date set successfully\n"); + } else { + printf("FRU manufacturing date set failed\n"); + rc = (-1); +Index: trunk/lib/ipmi_ekanalyzer.c +=================================================================== +--- trunk.orig/lib/ipmi_ekanalyzer.c ++++ trunk/lib/ipmi_ekanalyzer.c +@@ -3398,7 +3398,7 @@ ipmi_ek_display_board_p2p_record(struct + printf("ShMC Cross-connect (two-pair)\n"); + break; + default: +- printf("Unknwon\n"); ++ printf("Unknown\n"); + break; + } + } else if (d->type == FRU_PICMGEXT_LINK_TYPE_FABRIC_ETHERNET) { +@@ -3413,17 +3413,17 @@ ipmi_ek_display_board_p2p_record(struct + printf("FC-PI\n"); + break; + default: +- printf("Unknwon\n"); ++ printf("Unknown\n"); + break; + } + } else if (d->type == FRU_PICMGEXT_LINK_TYPE_FABRIC_INFINIBAND) { +- printf("Unknwon\n"); ++ printf("Unknown\n"); + } else if (d->type == FRU_PICMGEXT_LINK_TYPE_FABRIC_STAR) { +- printf("Unknwon\n"); ++ printf("Unknown\n"); + } else if (d->type == FRU_PICMGEXT_LINK_TYPE_PCIE) { +- printf("Unknwon\n"); ++ printf("Unknown\n"); + } else { +- printf("Unknwon\n"); ++ printf("Unknown\n"); + } + printf("\tLink Type:\t\t0x%02x - ", d->type); + if (d->type == 0 || d->type == 0xff) { +Index: trunk/src/ipmievd.c +=================================================================== +--- trunk.orig/src/ipmievd.c ++++ trunk/src/ipmievd.c +@@ -125,7 +125,7 @@ static int openipmi_wait(struct ipmi_eve + static int openipmi_read(struct ipmi_event_intf * eintf); + static struct ipmi_event_intf openipmi_event_intf = { + .name = "open", +- .desc = "OpenIPMI asyncronous notification of events", ++ .desc = "OpenIPMI asynchronous notification of events", + .prefix = "", + .setup = openipmi_setup, + .wait = openipmi_wait, +@@ -864,7 +864,7 @@ ipmievd_open_main(struct ipmi_intf * int + + struct ipmi_cmd ipmievd_cmd_list[] = { + #ifdef IPMI_INTF_OPEN +- { ipmievd_open_main, "open", "Use OpenIPMI for asyncronous notification of events" }, ++ { ipmievd_open_main, "open", "Use OpenIPMI for asynchronous notification of events" }, + #endif + { ipmievd_sel_main, "sel", "Poll SEL for notification of events" }, + { NULL } +Index: trunk/include/ipmitool/ipmi_pef.h +=================================================================== +--- trunk.orig/include/ipmitool/ipmi_pef.h ++++ trunk/include/ipmitool/ipmi_pef.h +@@ -178,7 +178,7 @@ BIT_DESC_MAP_LIST, + {"Entity presence", 37}, + {"Monitor ASIC/IC", 38}, + {"LAN", 39}, +- {"Management subsytem health",40}, ++ {"Management subsystem health",40}, + {"Battery", 41}, + {NULL} + } }; +Index: trunk/doc/ipmievd.8 +=================================================================== +--- trunk.orig/doc/ipmievd.8 ++++ trunk/doc/ipmievd.8 +@@ -145,7 +145,7 @@ placed at the end of commands to get opt + > ipmievd help + .br + Commands: +- open Use OpenIPMI for asyncronous notification of events ++ open Use OpenIPMI for asynchronous notification of events + sel Poll SEL for notification of events + + .TP +Index: trunk/lib/ipmi_lanp.c +=================================================================== +--- trunk.orig/lib/ipmi_lanp.c ++++ trunk/lib/ipmi_lanp.c +@@ -1271,7 +1271,7 @@ print_lan_set_bad_pass_thresh_usage(void + { + lprintf(LOG_NOTICE, + "lan set <chanel> bad_pass_thresh <thresh_num> <1|0> <reset_interval> <lockout_interval>\n" +-" <thresh_num> Bad Pasword Threshold number.\n" ++" <thresh_num> Bad Password Threshold number.\n" + " <1|0> 1 = generate a Session Audit sensor event.\n" + " 0 = do not generate an event.\n" + " <reset_interval> Attempt Count Reset Interval. In tens of seconds.\n" +Index: trunk/lib/ipmi_mc.c +=================================================================== +--- trunk.orig/lib/ipmi_mc.c ++++ trunk/lib/ipmi_mc.c +@@ -583,7 +583,7 @@ static int ipmi_mc_get_selftest(struct i + printf(" -> SEL device not accessible\n"); + } + if (sft_res->test & IPM_SELFTEST_SDR_ERROR) { +- printf(" -> SDR repository not accesible\n"); ++ printf(" -> SDR repository not accessible\n"); + } + if (sft_res->test & IPM_SELFTEST_FRU_ERROR) { + printf("FRU device not accessible\n"); diff --git a/debian/patches/0120-openssl1.1.patch b/debian/patches/0120-openssl1.1.patch new file mode 100644 index 0000000..a7523fd --- /dev/null +++ b/debian/patches/0120-openssl1.1.patch @@ -0,0 +1,150 @@ +Description: Migrate to openssl 1.1 + Cherry-picked from upstream +Author: Jörg Frings-Fürst <debian@jff-webhosting.net> +Origin: upstream https://sourceforge.net/p/ipmitool/source/ci/1664902525a1c3771b4d8b3ccab7ea1ba6b2bdd1/ +Bug: https://sourceforge.net/p/ipmitool/bugs/461/ +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853782 +Forwarded: not-needed +Last-Update: 2017-08-13 <YYYY-MM-DD, last update of the meta-information, optional> +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/src/plugins/lanplus/lanplus_crypt_impl.c +=================================================================== +--- trunk.orig/src/plugins/lanplus/lanplus_crypt_impl.c ++++ trunk/src/plugins/lanplus/lanplus_crypt_impl.c +@@ -164,11 +164,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_ + uint8_t * output, + uint32_t * bytes_written) + { +- EVP_CIPHER_CTX ctx; +- EVP_CIPHER_CTX_init(&ctx); +- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv); +- EVP_CIPHER_CTX_set_padding(&ctx, 0); +- ++ EVP_CIPHER_CTX *ctx = NULL; + + *bytes_written = 0; + +@@ -182,6 +178,14 @@ lanplus_encrypt_aes_cbc_128(const uint8_ + printbuf(input, input_length, "encrypting this data"); + } + ++ ctx = EVP_CIPHER_CTX_new(); ++ if (ctx == NULL) { ++ lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed"); ++ return; ++ } ++ EVP_CIPHER_CTX_init(ctx); ++ EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); ++ EVP_CIPHER_CTX_set_padding(ctx, 0); + + /* + * The default implementation adds a whole block of padding if the input +@@ -191,28 +195,28 @@ lanplus_encrypt_aes_cbc_128(const uint8_ + assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0); + + +- if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length)) ++ if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length)) + { + /* Error */ + *bytes_written = 0; +- return; + } + else + { + uint32_t tmplen; + +- if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen)) ++ if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen)) + { ++ /* Error */ + *bytes_written = 0; +- return; /* Error */ + } + else + { + /* Success */ + *bytes_written += tmplen; +- EVP_CIPHER_CTX_cleanup(&ctx); + } + } ++ /* performs cleanup and free */ ++ EVP_CIPHER_CTX_free(ctx); + } + + +@@ -239,11 +243,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_ + uint8_t * output, + uint32_t * bytes_written) + { +- EVP_CIPHER_CTX ctx; +- EVP_CIPHER_CTX_init(&ctx); +- EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv); +- EVP_CIPHER_CTX_set_padding(&ctx, 0); +- ++ EVP_CIPHER_CTX *ctx = NULL; + + if (verbose >= 5) + { +@@ -252,12 +252,20 @@ lanplus_decrypt_aes_cbc_128(const uint8_ + printbuf(input, input_length, "decrypting this data"); + } + +- + *bytes_written = 0; + + if (input_length == 0) + return; + ++ ctx = EVP_CIPHER_CTX_new(); ++ if (ctx == NULL) { ++ lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed"); ++ return; ++ } ++ EVP_CIPHER_CTX_init(ctx); ++ EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); ++ EVP_CIPHER_CTX_set_padding(ctx, 0); ++ + /* + * The default implementation adds a whole block of padding if the input + * data is perfectly aligned. We would like to keep that from happening. +@@ -266,33 +274,33 @@ lanplus_decrypt_aes_cbc_128(const uint8_ + assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0); + + +- if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length)) ++ if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length)) + { + /* Error */ + lprintf(LOG_DEBUG, "ERROR: decrypt update failed"); + *bytes_written = 0; +- return; + } + else + { + uint32_t tmplen; + +- if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen)) ++ if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen)) + { ++ /* Error */ + char buffer[1000]; + ERR_error_string(ERR_get_error(), buffer); + lprintf(LOG_DEBUG, "the ERR error %s", buffer); + lprintf(LOG_DEBUG, "ERROR: decrypt final failed"); + *bytes_written = 0; +- return; /* Error */ + } + else + { + /* Success */ + *bytes_written += tmplen; +- EVP_CIPHER_CTX_cleanup(&ctx); + } + } ++ /* performs cleanup and free */ ++ EVP_CIPHER_CTX_free(ctx); + + if (verbose >= 5) + { diff --git a/debian/patches/0125-nvidia-iana.patch b/debian/patches/0125-nvidia-iana.patch new file mode 100644 index 0000000..28276f8 --- /dev/null +++ b/debian/patches/0125-nvidia-iana.patch @@ -0,0 +1,36 @@ +Description: Add IANA ID for NVIDIA hardware + Add the NVIDIA IANA ID to the hardcoded list used in ipmitool <= 1.8.18. + After upstream commit "9d41136 ID:491 - Fetch vendor IDs from IANA", ipmitool + generates a list of vendor IDs dynamically at build time, so we can drop this + patch in future releases. +Author: dann frazier <dannf@debian.org> +Origin: backport +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903616 +Forwarded: not-needed +Last-Update: 2018-07-11 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: ipmitool-1.8.18/include/ipmitool/ipmi.h +=================================================================== +--- ipmitool-1.8.18.orig/include/ipmitool/ipmi.h ++++ ipmitool-1.8.18/include/ipmitool/ipmi.h +@@ -279,6 +279,7 @@ typedef enum IPMI_OEM { + /* 4769 for [IBM Corporation] */ + IPMI_OEM_IBM_4769 = 4769, + IPMI_OEM_MAGNUM = 5593, ++ IPMI_OEM_NVIDIA = 5703, + IPMI_OEM_TYAN = 6653, + IPMI_OEM_QUANTA = 7244, + IPMI_OEM_NEWISYS = 9237, +Index: ipmitool-1.8.18/lib/ipmi_strings.c +=================================================================== +--- ipmitool-1.8.18.orig/lib/ipmi_strings.c ++++ ipmitool-1.8.18/lib/ipmi_strings.c +@@ -96,6 +96,7 @@ const struct valstr ipmi_oem_info[] = { + { IPMI_OEM_IBM_4769, "IBM Corporation" }, + { IPMI_OEM_IBM_20301, "IBM eServer X" }, + { IPMI_OEM_ADLINK_24339, "ADLINK Technology Inc." }, ++ { IPMI_OEM_NVIDIA, "NVIDIA Corporation" }, + { 0xffff , NULL }, + }; + diff --git a/debian/patches/0130-Correct_lanplus_segment_violation.patch b/debian/patches/0130-Correct_lanplus_segment_violation.patch new file mode 100644 index 0000000..17e8fe5 --- /dev/null +++ b/debian/patches/0130-Correct_lanplus_segment_violation.patch @@ -0,0 +1,29 @@ +Description: Fix lanplus segment violation for truncated response +Origin: upstream, https://github.com/pjdhpe/ipmitool/commit/815aae70cf8dc9f0e1ba1923fc4ec3cc16d0d2f1?diff=unified +Bug: https://github.com/ipmitool/ipmitool/issues/72 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945764 +Last-Update: 2019-12-22 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/src/plugins/lanplus/lanplus.c +=================================================================== +--- trunk.orig/src/plugins/lanplus/lanplus.c ++++ trunk/src/plugins/lanplus/lanplus.c +@@ -819,7 +819,7 @@ ipmi_lan_poll_single(struct ipmi_intf * + * rsp->data_len becomes the length of that data + */ + extra_data_length = payload_size - (offset - payload_start) - 1; +- if (extra_data_length) { ++ if (extra_data_length > 0) { + rsp->data_len = extra_data_length; + memmove(rsp->data, rsp->data + offset, extra_data_length); + } else { +@@ -873,7 +873,7 @@ ipmi_lan_poll_single(struct ipmi_intf * + } + read_sol_packet(rsp, &offset); + extra_data_length = payload_size - (offset - payload_start); +- if (rsp && extra_data_length) { ++ if (rsp && extra_data_length > 0) { + rsp->data_len = extra_data_length; + memmove(rsp->data, rsp->data + offset, extra_data_length); + } else { diff --git a/debian/patches/0500-fix_CVE-2011-4339.patch b/debian/patches/0500-fix_CVE-2011-4339.patch new file mode 100644 index 0000000..62a9d0c --- /dev/null +++ b/debian/patches/0500-fix_CVE-2011-4339.patch @@ -0,0 +1,21 @@ +Description: CVE-2011-4339 + insecure file permission when creating PID files + based on 112_fix_CVE-2011-4339 +Author: Jörg Frings-Fürst <debian@jff-webhosting.net> +Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651917 +Forwarded: https://sourceforge.net/p/ipmitool/patches/99/ +Last-Update: 2014-12-01 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/lib/helper.c +=================================================================== +--- trunk.orig/lib/helper.c ++++ trunk/lib/helper.c +@@ -829,7 +829,6 @@ ipmi_start_daemon(struct ipmi_intf *intf + #endif + + chdir("/"); +- umask(0); + + for (fd=0; fd<64; fd++) { + if (fd != intf->fd) diff --git a/debian/patches/0505-fix_CVE-2020-5208.patch b/debian/patches/0505-fix_CVE-2020-5208.patch new file mode 100644 index 0000000..1295180 --- /dev/null +++ b/debian/patches/0505-fix_CVE-2020-5208.patch @@ -0,0 +1,299 @@ +Description: Fix CVE-2020-5208 +Origin: backport from + https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2 + https://github.com/ipmitool/ipmitool/commit/840fb1cbb4fb365cb9797300e3374d4faefcdb10 + https://github.com/ipmitool/ipmitool/commit/41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22 + https://github.com/ipmitool/ipmitool/commit/9452be87181a6e83cfcc768b3ed8321763db50e4 + https://github.com/ipmitool/ipmitool/commit/d45572d71e70840e0d4c50bf48218492b79c1a10 + https://github.com/ipmitool/ipmitool/commit/7ccea283dd62a05a320c1921e3d8d71a87772637 +Bug: https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950761 +Forwarded: not-needed +Last-Update: 2021-01-03 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/lib/ipmi_fru.c +=================================================================== +--- trunk.orig/lib/ipmi_fru.c ++++ trunk/lib/ipmi_fru.c +@@ -615,7 +615,10 @@ int + read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, + uint32_t offset, uint32_t length, uint8_t *frubuf) + { +- uint32_t off = offset, tmp, finish; ++ uint32_t off = offset; ++ uint32_t tmp; ++ uint32_t finish; ++ uint32_t size_left_in_buffer; + struct ipmi_rs * rsp; + struct ipmi_rq req; + uint8_t msg_data[4]; +@@ -628,10 +631,12 @@ read_fru_area(struct ipmi_intf * intf, s + + finish = offset + length; + if (finish > fru->size) { ++ memset(frubuf + fru->size, 0, length - fru->size); + finish = fru->size; + lprintf(LOG_NOTICE, "Read FRU Area length %d too large, " + "Adjusting to %d", + offset + length, finish - offset); ++ length = finish - offset; + } + + memset(&req, 0, sizeof(req)); +@@ -667,6 +672,7 @@ read_fru_area(struct ipmi_intf * intf, s + } + } + ++ size_left_in_buffer = length; + do { + tmp = fru->access ? off >> 1 : off; + msg_data[0] = id; +@@ -707,9 +713,18 @@ read_fru_area(struct ipmi_intf * intf, s + } + + tmp = fru->access ? rsp->data[0] << 1 : rsp->data[0]; ++ if(rsp->data_len < 1 ++ || tmp > rsp->data_len - 1 ++ || tmp > size_left_in_buffer) ++ { ++ printf(" Not enough buffer size"); ++ return -1; ++ } ++ + memcpy(frubuf, rsp->data + 1, tmp); + off += tmp; + frubuf += tmp; ++ size_left_in_buffer -= tmp; + /* sometimes the size returned in the Info command + * is too large. return 0 so higher level function + * still attempts to parse what was returned */ +@@ -742,7 +757,9 @@ read_fru_area_section(struct ipmi_intf * + uint32_t offset, uint32_t length, uint8_t *frubuf) + { + static uint32_t fru_data_rqst_size = 20; +- uint32_t off = offset, tmp, finish; ++ uint32_t off = offset; ++ uint32_t tmp, finish; ++ uint32_t size_left_in_buffer; + struct ipmi_rs * rsp; + struct ipmi_rq req; + uint8_t msg_data[4]; +@@ -755,10 +772,12 @@ read_fru_area_section(struct ipmi_intf * + + finish = offset + length; + if (finish > fru->size) { ++ memset(frubuf + fru->size, 0, length - fru->size); + finish = fru->size; + lprintf(LOG_NOTICE, "Read FRU Area length %d too large, " + "Adjusting to %d", + offset + length, finish - offset); ++ length = finish - offset; + } + + memset(&req, 0, sizeof(req)); +@@ -773,6 +792,8 @@ read_fru_area_section(struct ipmi_intf * + if (fru->access && fru_data_rqst_size > 16) + #endif + fru_data_rqst_size = 16; ++ ++ size_left_in_buffer = length; + do { + tmp = fru->access ? off >> 1 : off; + msg_data[0] = id; +@@ -804,8 +825,16 @@ read_fru_area_section(struct ipmi_intf * + } + + tmp = fru->access ? rsp->data[0] << 1 : rsp->data[0]; ++ if(rsp->data_len < 1 ++ || tmp > rsp->data_len - 1 ++ || tmp > size_left_in_buffer) ++ { ++ printf(" Not enough buffer size"); ++ return -1; ++ } + memcpy((frubuf + off)-offset, rsp->data + 1, tmp); + off += tmp; ++ size_left_in_buffer -= tmp; + + /* sometimes the size returned in the Info command + * is too large. return 0 so higher level function +@@ -3033,7 +3062,7 @@ ipmi_fru_print(struct ipmi_intf * intf, + return 0; + + memset(desc, 0, sizeof(desc)); +- memcpy(desc, fru->id_string, fru->id_code & 0x01f); ++ memcpy(desc, fru->id_string, __min(fru->id_code & 0x01f, sizeof(desc))); + desc[fru->id_code & 0x01f] = 0; + printf("FRU Device Description : %s (ID %d)\n", desc, fru->device_id); + +Index: trunk/lib/ipmi_sdr.c +=================================================================== +--- trunk.orig/lib/ipmi_sdr.c ++++ trunk/lib/ipmi_sdr.c +@@ -2084,7 +2084,7 @@ ipmi_sdr_print_sensor_eventonly(struct i + return -1; + + memset(desc, 0, sizeof (desc)); +- snprintf(desc, (sensor->id_code & 0x1f) + 1, "%s", sensor->id_string); ++ snprintf(desc, sizeof(desc), "%.*s", (sensor->id_code & 0x1f) + 1, sensor->id_string); + + if (verbose) { + printf("Sensor ID : %s (0x%x)\n", +@@ -2135,7 +2135,7 @@ ipmi_sdr_print_sensor_mc_locator(struct + return -1; + + memset(desc, 0, sizeof (desc)); +- snprintf(desc, (mc->id_code & 0x1f) + 1, "%s", mc->id_string); ++ snprintf(desc, sizeof(desc), "%.*s", (mc->id_code & 0x1f) + 1, mc->id_string); + + if (verbose == 0) { + if (csv_output) +@@ -2228,7 +2228,7 @@ ipmi_sdr_print_sensor_generic_locator(st + char desc[17]; + + memset(desc, 0, sizeof (desc)); +- snprintf(desc, (dev->id_code & 0x1f) + 1, "%s", dev->id_string); ++ snprintf(desc, sizeof(desc), "%.*s", (dev->id_code & 0x1f) + 1, dev->id_string); + + if (!verbose) { + if (csv_output) +@@ -2285,7 +2285,7 @@ ipmi_sdr_print_sensor_fru_locator(struct + char desc[17]; + + memset(desc, 0, sizeof (desc)); +- snprintf(desc, (fru->id_code & 0x1f) + 1, "%s", fru->id_string); ++ snprintf(desc, sizeof(desc), "%.*s", (fru->id_code & 0x1f) + 1, fru->id_string); + + if (!verbose) { + if (csv_output) +@@ -2489,35 +2489,43 @@ ipmi_sdr_print_name_from_rawentry(struct + + int rc =0; + char desc[17]; ++ const char *id_string; ++ uint8_t id_code; + memset(desc, ' ', sizeof (desc)); + + switch ( type) { + case SDR_RECORD_TYPE_FULL_SENSOR: + record.full = (struct sdr_record_full_sensor *) raw; +- snprintf(desc, (record.full->id_code & 0x1f) +1, "%s", +- (const char *)record.full->id_string); ++ id_code = record.full->id_code; ++ id_string = record.full->id_string; + break; ++ + case SDR_RECORD_TYPE_COMPACT_SENSOR: + record.compact = (struct sdr_record_compact_sensor *) raw ; +- snprintf(desc, (record.compact->id_code & 0x1f) +1, "%s", +- (const char *)record.compact->id_string); ++ id_code = record.compact->id_code; ++ id_string = record.compact->id_string; + break; ++ + case SDR_RECORD_TYPE_EVENTONLY_SENSOR: + record.eventonly = (struct sdr_record_eventonly_sensor *) raw ; +- snprintf(desc, (record.eventonly->id_code & 0x1f) +1, "%s", +- (const char *)record.eventonly->id_string); +- break; ++ id_code = record.eventonly->id_code; ++ id_string = record.eventonly->id_string; ++ break; ++ + case SDR_RECORD_TYPE_MC_DEVICE_LOCATOR: + record.mcloc = (struct sdr_record_mc_locator *) raw ; +- snprintf(desc, (record.mcloc->id_code & 0x1f) +1, "%s", +- (const char *)record.mcloc->id_string); ++ id_code = record.mcloc->id_code; ++ id_string = record.mcloc->id_string; + break; ++ + default: + rc = -1; +- break; +- } ++ } ++ if (!rc) { ++ snprintf(desc, sizeof(desc), "%.*s", (id_code & 0x1f) + 1, id_string); ++ } + +- lprintf(LOG_INFO, "ID: 0x%04x , NAME: %-16s", id, desc); ++ lprintf(LOG_INFO, "ID: 0x%04x , NAME: %-16s", id, desc); + return rc; + } + +Index: trunk/lib/ipmi_channel.c +=================================================================== +--- trunk.orig/lib/ipmi_channel.c ++++ trunk/lib/ipmi_channel.c +@@ -378,7 +378,10 @@ ipmi_get_channel_cipher_suites(struct ip + lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites"); + return -1; + } +- if (rsp->ccode > 0) { ++ if (rsp->ccode ++ || rsp->data_len < 1 ++ || rsp->data_len > sizeof(uint8_t) + MAX_CIPHER_SUITE_DATA_LEN) ++ { + lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s", + val2str(rsp->ccode, completion_code_vals)); + return -1; +Index: trunk/lib/ipmi_session.c +=================================================================== +--- trunk.orig/lib/ipmi_session.c ++++ trunk/lib/ipmi_session.c +@@ -309,8 +309,10 @@ ipmi_get_session_info(struct ipmi_intf + } + else + { +- memcpy(&session_info, rsp->data, rsp->data_len); +- print_session_info(&session_info, rsp->data_len); ++ memcpy(&session_info, rsp->data, ++ __min(rsp->data_len, sizeof(session_info))); ++ print_session_info(&session_info, ++ __min(rsp->data_len, sizeof(session_info))); + } + break; + +@@ -341,9 +343,10 @@ ipmi_get_session_info(struct ipmi_intf + break; + } + +- memcpy(&session_info, rsp->data, rsp->data_len); +- print_session_info(&session_info, rsp->data_len); +- ++ memcpy(&session_info, rsp->data, ++ __min(rsp->data_len, sizeof(session_info))); ++ print_session_info(&session_info, ++ __min(rsp->data_len, sizeof(session_info))); + } while (i <= session_info.session_slot_count); + break; + } +Index: trunk/lib/dimm_spd.c +=================================================================== +--- trunk.orig/lib/dimm_spd.c ++++ trunk/lib/dimm_spd.c +@@ -1621,7 +1621,7 @@ ipmi_spd_print_fru(struct ipmi_intf * in + struct ipmi_rq req; + struct fru_info fru; + uint8_t *spd_data, msg_data[4]; +- int len, offset; ++ uint32_t len, offset; + + msg_data[0] = id; + +@@ -1697,6 +1697,13 @@ ipmi_spd_print_fru(struct ipmi_intf * in + } + + len = rsp->data[0]; ++ if(rsp->data_len < 1 ++ || len > rsp->data_len - 1 ++ || len > fru.size - offset) ++ { ++ printf(" Not enough buffer size"); ++ return -1; ++ } + memcpy(&spd_data[offset], rsp->data + 1, len); + offset += len; + } while (offset < fru.size); diff --git a/debian/patches/0600-manpage_longlines.patch b/debian/patches/0600-manpage_longlines.patch new file mode 100644 index 0000000..8fae0a9 --- /dev/null +++ b/debian/patches/0600-manpage_longlines.patch @@ -0,0 +1,56 @@ +Description: long lines in man-page + prevent "can't break line" warnings +Author: Jörg Frings-Fürst <debian@jff-webhosting.net> +Forwarded: not-needed +Last-Update: 2014-05-20 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/doc/ipmitool.1 +=================================================================== +--- trunk.orig/doc/ipmitool.1 ++++ trunk/doc/ipmitool.1 +@@ -1035,7 +1035,7 @@ Display point to point physical connecti + AMC slot B2 topology: + Port 0 =====> On Carrier Device ID 0, Port 3 + Port 2 =====> AMC slot B1, Port 2 +- *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* ++ *-*-*-* *-*-* *-*-* *-*-* *-*-* *-*-* *-*-* + From Carrier file: carrierfru + On Carrier Device ID 0 topology: + Port 0 =====> AMC slot B1, Port 4 +@@ -1091,7 +1091,7 @@ and an AMC module or between 2 AMC modul + \-Link Type: AMC.2 Ethernet + \-Link Type extension: 1000BASE-BX (SerDES Gigabit) Ethernet link + \-Link Group ID: 0 || Link Asym. Match: exact match +- *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* ++ *-*-*-* *-*-* *-*-* *-*-* *-*-* *-*-* *-*-* + AMC slot B1 port 1 ==> On-Carrier Device 0 port 12 + Matching Result + - From On-Carrier Device ID 0 +@@ -1104,7 +1104,7 @@ and an AMC module or between 2 AMC modul + \-Link Type: AMC.2 Ethernet + \-Link Type extension: 1000BASE-BX (SerDES Gigabit) Ethernet link + \-Link Group ID: 0 || Link Asym. Match: exact match +- *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* ++ *-*-*-* *-*-* *-*-* *-*-* *-*-* *-*-* *-*-* + On-Carrier Device vs AMC slot A2 + AMC slot A2 port 0 ==> On-Carrier Device 0 port 3 + Matching Result +@@ -1118,7 +1118,7 @@ and an AMC module or between 2 AMC modul + \-Link Type: AMC.2 Ethernet + \-Link Type extension: 1000BASE-BX (SerDES Gigabit) Ethernet link + \-Link Group ID: 0 || Link Asym. Match: exact match +- *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* ++ *-*-*-* *-*-* *-*-* *-*-* *-*-* *-*-* *-*-* + AMC slot B1 vs AMC slot A2 + AMC slot A2 port 2 ==> AMC slot B1 port 2 + Matching Result +@@ -1132,7 +1132,7 @@ and an AMC module or between 2 AMC modul + \-Link Type: AMC.3 Storage + \-Link Type extension: Serial Attached SCSI (SAS/SATA) + \-Link Group ID: 0 || Link Asym. Match: FC or SAS interface {exact match} +- *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* ++ *-*-*-* *-*-* *-*-* *-*-* *-*-* *-*-* *-*-* + .TP + \fIunmatch\fP <\fBxx=filename\fR> <\fBxx=filename\fR> \fB...\fr + .br diff --git a/debian/patches/0615-manpage_typo.patch b/debian/patches/0615-manpage_typo.patch new file mode 100644 index 0000000..b1196d7 --- /dev/null +++ b/debian/patches/0615-manpage_typo.patch @@ -0,0 +1,49 @@ +Description: typo in man-pages +Author: Jörg Frings-Fürst <debian@jff.email> +Last-Update: 2019-07-18 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/doc/ipmitool.1 +=================================================================== +--- trunk.orig/doc/ipmitool.1 ++++ trunk/doc/ipmitool.1 +@@ -2478,7 +2478,7 @@ Discover Node Manager presence as well a + .br + + Add a new power policy, or overwrite an existing policy. +-The \fIcorrection\fP parameter is the agressiveness of frequency limiting, default is auto. ++The \fIcorrection\fP parameter is the aggressiveness of frequency limiting, default is auto. + The \fItrig_lim\fP is the correction time limit and must be at least 6000 and not greater than 65535. + The \fIstats\fP setting is the averaging period in seconds and ranges from 1-65535. + If domain is not supplied a default of platform is used. +@@ -2489,7 +2489,7 @@ If domain is not supplied a default of p + .br + + Add a new inlet temp policy, or overwrite an existing policy. +-The \fIcorrection\fP parameter is the agressiveness of frequency limiting, default is auto. ++The \fIcorrection\fP parameter is the aggressiveness of frequency limiting, default is auto. + The \fItrig_lim\fP is the correction time limit and must be at least 6000 and not greater than 65535. + The \fIstats\fP setting is the averaging period in seconds and ranges from 1-65535. + If domain is not supplied a default of platform is used. +@@ -3657,7 +3657,7 @@ and encryption algorithms to use for for + on the cipher suite ID found in the IPMIv2.0 specification in table + 22\-19. The default cipher suite is \fI3\fP which specifies + RAKP\-HMAC\-SHA1 authentication, HMAC\-SHA1\-96 integrity, and AES\-CBC\-128 +-encryption algorightms. ++encryption algorithms. + + .SH "FREE INTERFACE" + .LP +Index: trunk/doc/ipmievd.8 +=================================================================== +--- trunk.orig/doc/ipmievd.8 ++++ trunk/doc/ipmievd.8 +@@ -56,7 +56,7 @@ This is not available with all commands. + The remote server authentication, integrity, and encryption algorithms + to use for IPMIv2 \fIlanplus\fP connections. See table 22\-19 in the + IPMIv2 specification. The default is 3 which specifies RAKP\-HMAC\-SHA1 +-authentication, HMAC\-SHA1\-96 integrity, and AES\-CBC\-128 encryption algorightms. ++authentication, HMAC\-SHA1\-96 integrity, and AES\-CBC\-128 encryption algorithms. + .TP + \fB\-E\fR + The remote server password is specified by the environment diff --git a/debian/patches/CVE-2020-5208_1_Fix_buffer_overflow_vulnerabilities.patch b/debian/patches/CVE-2020-5208_1_Fix_buffer_overflow_vulnerabilities.patch new file mode 100644 index 0000000..1c3029d --- /dev/null +++ b/debian/patches/CVE-2020-5208_1_Fix_buffer_overflow_vulnerabilities.patch @@ -0,0 +1,120 @@ +Description: fru: Fix buffer overflow vulnerabilities + Partial fix for CVE-2020-5208, see + https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp + . + The `read_fru_area_section` function only performs size validation of + requested read size, and falsely assumes that the IPMI message will not + respond with more than the requested amount of data; it uses the + unvalidated response size to copy into `frubuf`. If the response is + larger than the request, this can result in overflowing the buffer. + . + The same issue affects the `read_fru_area` function. +Author: Chrostoper Ertl <chertl@microsoft.com> +Date: Thu, 28 Nov 2019 16:33:59 +0000 + +Index: ipmitool-1.8.18/lib/ipmi_fru.c +=================================================================== +--- ipmitool-1.8.18.orig/lib/ipmi_fru.c ++++ ipmitool-1.8.18/lib/ipmi_fru.c +@@ -615,7 +615,10 @@ int + read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, + uint32_t offset, uint32_t length, uint8_t *frubuf) + { +- uint32_t off = offset, tmp, finish; ++ uint32_t off = offset; ++ uint32_t tmp; ++ uint32_t finish; ++ uint32_t size_left_in_buffer; + struct ipmi_rs * rsp; + struct ipmi_rq req; + uint8_t msg_data[4]; +@@ -628,10 +631,12 @@ read_fru_area(struct ipmi_intf * intf, s + + finish = offset + length; + if (finish > fru->size) { ++ memset(frubuf + fru->size, 0, length - fru->size); + finish = fru->size; + lprintf(LOG_NOTICE, "Read FRU Area length %d too large, " + "Adjusting to %d", + offset + length, finish - offset); ++ length = finish - offset; + } + + memset(&req, 0, sizeof(req)); +@@ -667,6 +672,7 @@ read_fru_area(struct ipmi_intf * intf, s + } + } + ++ size_left_in_buffer = length; + do { + tmp = fru->access ? off >> 1 : off; + msg_data[0] = id; +@@ -707,9 +713,18 @@ read_fru_area(struct ipmi_intf * intf, s + } + + tmp = fru->access ? rsp->data[0] << 1 : rsp->data[0]; ++ if(rsp->data_len < 1 ++ || tmp > rsp->data_len - 1 ++ || tmp > size_left_in_buffer) ++ { ++ printf(" Not enough buffer size"); ++ return -1; ++ } ++ + memcpy(frubuf, rsp->data + 1, tmp); + off += tmp; + frubuf += tmp; ++ size_left_in_buffer -= tmp; + /* sometimes the size returned in the Info command + * is too large. return 0 so higher level function + * still attempts to parse what was returned */ +@@ -742,7 +757,9 @@ read_fru_area_section(struct ipmi_intf * + uint32_t offset, uint32_t length, uint8_t *frubuf) + { + static uint32_t fru_data_rqst_size = 20; +- uint32_t off = offset, tmp, finish; ++ uint32_t off = offset; ++ uint32_t tmp, finish; ++ uint32_t size_left_in_buffer; + struct ipmi_rs * rsp; + struct ipmi_rq req; + uint8_t msg_data[4]; +@@ -755,10 +772,12 @@ read_fru_area_section(struct ipmi_intf * + + finish = offset + length; + if (finish > fru->size) { ++ memset(frubuf + fru->size, 0, length - fru->size); + finish = fru->size; + lprintf(LOG_NOTICE, "Read FRU Area length %d too large, " + "Adjusting to %d", + offset + length, finish - offset); ++ length = finish - offset; + } + + memset(&req, 0, sizeof(req)); +@@ -773,6 +792,8 @@ read_fru_area_section(struct ipmi_intf * + if (fru->access && fru_data_rqst_size > 16) + #endif + fru_data_rqst_size = 16; ++ ++ size_left_in_buffer = length; + do { + tmp = fru->access ? off >> 1 : off; + msg_data[0] = id; +@@ -804,8 +825,16 @@ read_fru_area_section(struct ipmi_intf * + } + + tmp = fru->access ? rsp->data[0] << 1 : rsp->data[0]; ++ if(rsp->data_len < 1 ++ || tmp > rsp->data_len - 1 ++ || tmp > size_left_in_buffer) ++ { ++ printf(" Not enough buffer size"); ++ return -1; ++ } + memcpy((frubuf + off)-offset, rsp->data + 1, tmp); + off += tmp; ++ size_left_in_buffer -= tmp; + + /* sometimes the size returned in the Info command + * is too large. return 0 so higher level function diff --git a/debian/patches/CVE-2020-5208_2-fru-Fix-buffer-overflow-in-ipmi_spd_print_fru.patch b/debian/patches/CVE-2020-5208_2-fru-Fix-buffer-overflow-in-ipmi_spd_print_fru.patch new file mode 100644 index 0000000..efa2381 --- /dev/null +++ b/debian/patches/CVE-2020-5208_2-fru-Fix-buffer-overflow-in-ipmi_spd_print_fru.patch @@ -0,0 +1,48 @@ +From 840fb1cbb4fb365cb9797300e3374d4faefcdb10 Mon Sep 17 00:00:00 2001 +From: Chrostoper Ertl <chertl@microsoft.com> +Date: Thu, 28 Nov 2019 16:44:18 +0000 +Subject: [PATCH 2/6] fru: Fix buffer overflow in ipmi_spd_print_fru + +Partial fix for CVE-2020-5208, see +https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp + +The `ipmi_spd_print_fru` function has a similar issue as the one fixed +by the previous commit in `read_fru_area_section`. An initial request is +made to get the `fru.size`, which is used as the size for the allocation +of `spd_data`. Inside a loop, further requests are performed to get the +copy sizes which are not checked before being used as the size for a +copy into the buffer. +--- + lib/dimm_spd.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/lib/dimm_spd.c b/lib/dimm_spd.c +index 163a2c2..d559cb4 100644 +--- a/lib/dimm_spd.c ++++ b/lib/dimm_spd.c +@@ -1621,7 +1621,7 @@ ipmi_spd_print_fru(struct ipmi_intf * intf, uint8_t id) + struct ipmi_rq req; + struct fru_info fru; + uint8_t *spd_data, msg_data[4]; +- int len, offset; ++ uint32_t len, offset; + + msg_data[0] = id; + +@@ -1697,6 +1697,13 @@ ipmi_spd_print_fru(struct ipmi_intf * intf, uint8_t id) + } + + len = rsp->data[0]; ++ if(rsp->data_len < 1 ++ || len > rsp->data_len - 1 ++ || len > fru.size - offset) ++ { ++ printf(" Not enough buffer size"); ++ return -1; ++ } + memcpy(&spd_data[offset], rsp->data + 1, len); + offset += len; + } while (offset < fru.size); +-- +2.20.1 + diff --git a/debian/patches/CVE-2020-5208_3-session-Fix-buffer-overflow-in-ipmi_get_session_info.patch b/debian/patches/CVE-2020-5208_3-session-Fix-buffer-overflow-in-ipmi_get_session_info.patch new file mode 100644 index 0000000..df07c96 --- /dev/null +++ b/debian/patches/CVE-2020-5208_3-session-Fix-buffer-overflow-in-ipmi_get_session_info.patch @@ -0,0 +1,48 @@ +From 41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22 Mon Sep 17 00:00:00 2001 +From: Chrostoper Ertl <chertl@microsoft.com> +Date: Thu, 28 Nov 2019 16:51:49 +0000 +Subject: [PATCH 3/6] session: Fix buffer overflow in ipmi_get_session_info + +Partial fix for CVE-2020-5208, see +https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp + +The `ipmi_get_session_info` function does not properly check the +response `data_len`, which is used as a copy size, allowing stack buffer +overflow. +--- + lib/ipmi_session.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/lib/ipmi_session.c b/lib/ipmi_session.c +index ecf4afc..b282d6d 100644 +--- a/lib/ipmi_session.c ++++ b/lib/ipmi_session.c +@@ -309,8 +309,10 @@ ipmi_get_session_info(struct ipmi_intf * intf, + } + else + { +- memcpy(&session_info, rsp->data, rsp->data_len); +- print_session_info(&session_info, rsp->data_len); ++ memcpy(&session_info, rsp->data, ++ __min(rsp->data_len, sizeof(session_info))); ++ print_session_info(&session_info, ++ __min(rsp->data_len, sizeof(session_info))); + } + break; + +@@ -341,8 +343,10 @@ ipmi_get_session_info(struct ipmi_intf * intf, + break; + } + +- memcpy(&session_info, rsp->data, rsp->data_len); +- print_session_info(&session_info, rsp->data_len); ++ memcpy(&session_info, rsp->data, ++ __min(rsp->data_len, sizeof(session_info))); ++ print_session_info(&session_info, ++ __min(rsp->data_len, sizeof(session_info))); + + } while (i <= session_info.session_slot_count); + break; +-- +2.20.1 + diff --git a/debian/patches/CVE-2020-5208_4-channel-Fix-buffer-overflow.patch b/debian/patches/CVE-2020-5208_4-channel-Fix-buffer-overflow.patch new file mode 100644 index 0000000..cae9ddd --- /dev/null +++ b/debian/patches/CVE-2020-5208_4-channel-Fix-buffer-overflow.patch @@ -0,0 +1,37 @@ +Subject: [PATCH 4/6] channel: Fix buffer overflow + Partial fix for CVE-2020-5208, see + https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp + . + The `ipmi_get_channel_cipher_suites` function does not properly check + the final response’s `data_len`, which can lead to stack buffer overflow + on the final copy. + From 9452be87181a6e83cfcc768b3ed8321763db50e4 Mon Sep 17 00:00:00 2001 +From: Chrostoper Ertl <chertl@microsoft.com> +Date: Thu, 28 Nov 2019 16:56:38 +0000 +Last-Update: 2021-02-08 + +--- ipmitool-1.8.18.orig/lib/ipmi_channel.c ++++ ipmitool-1.8.18/lib/ipmi_channel.c +@@ -413,7 +413,10 @@ ipmi_get_channel_cipher_suites(struct ip + lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites"); + return -1; + } +- if (rsp->ccode > 0) { ++ if (rsp->ccode ++ || rsp->data_len < 1 ++ || rsp->data_len > sizeof(uint8_t) + MAX_CIPHER_SUITE_DATA_LEN) ++ { + lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s", + val2str(rsp->ccode, completion_code_vals)); + return -1; +--- a/include/ipmitool/ipmi_channel.h 2016-05-29 21:46:53.000000000 +0200 ++++ b/include/ipmitool/ipmi_channel.h 2021-02-08 23:45:10.598535426 +0100 +@@ -77,6 +77,8 @@ + uint8_t user_level_auth; + }; + ++#define MAX_CIPHER_SUITE_DATA_LEN 0x10 ++ + /* + * The Get Authentication Capabilities response structure + * From table 22-15 of the IPMI v2.0 spec diff --git a/debian/patches/CVE-2020-5208_5_lanp-Fix-buffer-overflows-in-get_lan_param_select.patch b/debian/patches/CVE-2020-5208_5_lanp-Fix-buffer-overflows-in-get_lan_param_select.patch new file mode 100644 index 0000000..9c10aeb --- /dev/null +++ b/debian/patches/CVE-2020-5208_5_lanp-Fix-buffer-overflows-in-get_lan_param_select.patch @@ -0,0 +1,85 @@ +From d45572d71e70840e0d4c50bf48218492b79c1a10 Mon Sep 17 00:00:00 2001 +From: Chrostoper Ertl <chertl@microsoft.com> +Date: Thu, 28 Nov 2019 17:06:39 +0000 +Subject: [PATCH 5/6] lanp: Fix buffer overflows in get_lan_param_select +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Partial fix for CVE-2020-5208, see +https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp + +The `get_lan_param_select` function is missing a validation check on the +response’s `data_len`, which it then returns to caller functions, where +stack buffer overflow can occur. +--- + lib/ipmi_lanp.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +Index: ipmitool-1.8.18/lib/ipmi_lanp.c +=================================================================== +--- ipmitool-1.8.18.orig/lib/ipmi_lanp.c ++++ ipmitool-1.8.18/lib/ipmi_lanp.c +@@ -1809,7 +1809,7 @@ ipmi_lan_alert_set(struct ipmi_intf * in + if (p == NULL) { + return (-1); + } +- memcpy(data, p->data, p->data_len); ++ memcpy(data, p->data, __min(p->data_len, sizeof(data))); + /* set new ipaddr */ + memcpy(data+3, temp, 4); + printf("Setting LAN Alert %d IP Address to %d.%d.%d.%d\n", alert, +@@ -1824,7 +1824,7 @@ ipmi_lan_alert_set(struct ipmi_intf * in + if (p == NULL) { + return (-1); + } +- memcpy(data, p->data, p->data_len); ++ memcpy(data, p->data, __min(p->data_len, sizeof(data))); + /* set new macaddr */ + memcpy(data+7, temp, 6); + printf("Setting LAN Alert %d MAC Address to " +@@ -1838,7 +1838,7 @@ ipmi_lan_alert_set(struct ipmi_intf * in + if (p == NULL) { + return (-1); + } +- memcpy(data, p->data, p->data_len); ++ memcpy(data, p->data, __min(p->data_len, sizeof(data))); + + if (strncasecmp(argv[1], "def", 3) == 0 || + strncasecmp(argv[1], "default", 7) == 0) { +@@ -1864,7 +1864,7 @@ ipmi_lan_alert_set(struct ipmi_intf * in + if (p == NULL) { + return (-1); + } +- memcpy(data, p->data, p->data_len); ++ memcpy(data, p->data, __min(p->data_len, sizeof(data))); + + if (strncasecmp(argv[1], "on", 2) == 0 || + strncasecmp(argv[1], "yes", 3) == 0) { +@@ -1889,7 +1889,7 @@ ipmi_lan_alert_set(struct ipmi_intf * in + if (p == NULL) { + return (-1); + } +- memcpy(data, p->data, p->data_len); ++ memcpy(data, p->data, __min(p->data_len, sizeof(data))); + + if (strncasecmp(argv[1], "pet", 3) == 0) { + printf("Setting LAN Alert %d destination to PET Trap\n", alert); +@@ -1917,7 +1917,7 @@ ipmi_lan_alert_set(struct ipmi_intf * in + if (p == NULL) { + return (-1); + } +- memcpy(data, p->data, p->data_len); ++ memcpy(data, p->data, __min(p->data_len, sizeof(data))); + + if (str2uchar(argv[1], &data[2]) != 0) { + lprintf(LOG_ERR, "Invalid time: %s", argv[1]); +@@ -1933,7 +1933,7 @@ ipmi_lan_alert_set(struct ipmi_intf * in + if (p == NULL) { + return (-1); + } +- memcpy(data, p->data, p->data_len); ++ memcpy(data, p->data, __min(p->data_len, sizeof(data))); + + if (str2uchar(argv[1], &data[3]) != 0) { + lprintf(LOG_ERR, "Invalid retry: %s", argv[1]); diff --git a/debian/patches/CVE-2020-5208_6-fru-sdr-Fix-id_string-buffer-overflows.patch b/debian/patches/CVE-2020-5208_6-fru-sdr-Fix-id_string-buffer-overflows.patch new file mode 100644 index 0000000..03451ed --- /dev/null +++ b/debian/patches/CVE-2020-5208_6-fru-sdr-Fix-id_string-buffer-overflows.patch @@ -0,0 +1,134 @@ +From 7ccea283dd62a05a320c1921e3d8d71a87772637 Mon Sep 17 00:00:00 2001 +From: Chrostoper Ertl <chertl@microsoft.com> +Date: Thu, 28 Nov 2019 17:13:45 +0000 +Subject: [PATCH 6/6] fru, sdr: Fix id_string buffer overflows + +Final part of the fixes for CVE-2020-5208, see +https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp + +9 variants of stack buffer overflow when parsing `id_string` field of +SDR records returned from `CMD_GET_SDR` command. + +SDR record structs have an `id_code` field, and an `id_string` `char` +array. + +The length of `id_string` is calculated as `(id_code & 0x1f) + 1`, +which can be larger than expected 16 characters (if `id_code = 0xff`, +then length will be `(0xff & 0x1f) + 1 = 32`). + +In numerous places, this can cause stack buffer overflow when copying +into fixed buffer of size `17` bytes from this calculated length. +--- + lib/ipmi_fru.c | 2 +- + lib/ipmi_sdr.c | 40 ++++++++++++++++++++++++---------------- + 2 files changed, 25 insertions(+), 17 deletions(-) + +Index: ipmitool-1.8.18/lib/ipmi_fru.c +=================================================================== +--- ipmitool-1.8.18.orig/lib/ipmi_fru.c ++++ ipmitool-1.8.18/lib/ipmi_fru.c +@@ -3062,7 +3062,7 @@ ipmi_fru_print(struct ipmi_intf * intf, + return 0; + + memset(desc, 0, sizeof(desc)); +- memcpy(desc, fru->id_string, fru->id_code & 0x01f); ++ memcpy(desc, fru->id_string, __min(fru->id_code & 0x01f, sizeof(desc))); + desc[fru->id_code & 0x01f] = 0; + printf("FRU Device Description : %s (ID %d)\n", desc, fru->device_id); + +Index: ipmitool-1.8.18/lib/ipmi_sdr.c +=================================================================== +--- ipmitool-1.8.18.orig/lib/ipmi_sdr.c ++++ ipmitool-1.8.18/lib/ipmi_sdr.c +@@ -2084,7 +2084,7 @@ ipmi_sdr_print_sensor_eventonly(struct i + return -1; + + memset(desc, 0, sizeof (desc)); +- snprintf(desc, (sensor->id_code & 0x1f) + 1, "%s", sensor->id_string); ++ snprintf(desc, sizeof(desc), "%.*s", (sensor->id_code & 0x1f) + 1, sensor->id_string); + + if (verbose) { + printf("Sensor ID : %s (0x%x)\n", +@@ -2135,7 +2135,7 @@ ipmi_sdr_print_sensor_mc_locator(struct + return -1; + + memset(desc, 0, sizeof (desc)); +- snprintf(desc, (mc->id_code & 0x1f) + 1, "%s", mc->id_string); ++ snprintf(desc, sizeof(desc), "%.*s", (mc->id_code & 0x1f) + 1, mc->id_string); + + if (verbose == 0) { + if (csv_output) +@@ -2228,7 +2228,7 @@ ipmi_sdr_print_sensor_generic_locator(st + char desc[17]; + + memset(desc, 0, sizeof (desc)); +- snprintf(desc, (dev->id_code & 0x1f) + 1, "%s", dev->id_string); ++ snprintf(desc, sizeof(desc), "%.*s", (dev->id_code & 0x1f) + 1, dev->id_string); + + if (!verbose) { + if (csv_output) +@@ -2285,7 +2285,7 @@ ipmi_sdr_print_sensor_fru_locator(struct + char desc[17]; + + memset(desc, 0, sizeof (desc)); +- snprintf(desc, (fru->id_code & 0x1f) + 1, "%s", fru->id_string); ++ snprintf(desc, sizeof(desc), "%.*s", (fru->id_code & 0x1f) + 1, fru->id_string); + + if (!verbose) { + if (csv_output) +@@ -2489,35 +2489,43 @@ ipmi_sdr_print_name_from_rawentry(struct + + int rc =0; + char desc[17]; ++ const char *id_string; ++ uint8_t id_code; + memset(desc, ' ', sizeof (desc)); + + switch ( type) { + case SDR_RECORD_TYPE_FULL_SENSOR: + record.full = (struct sdr_record_full_sensor *) raw; +- snprintf(desc, (record.full->id_code & 0x1f) +1, "%s", +- (const char *)record.full->id_string); ++ id_code = record.full->id_code; ++ id_string = record.full->id_string; + break; ++ + case SDR_RECORD_TYPE_COMPACT_SENSOR: + record.compact = (struct sdr_record_compact_sensor *) raw ; +- snprintf(desc, (record.compact->id_code & 0x1f) +1, "%s", +- (const char *)record.compact->id_string); ++ id_code = record.compact->id_code; ++ id_string = record.compact->id_string; + break; ++ + case SDR_RECORD_TYPE_EVENTONLY_SENSOR: + record.eventonly = (struct sdr_record_eventonly_sensor *) raw ; +- snprintf(desc, (record.eventonly->id_code & 0x1f) +1, "%s", +- (const char *)record.eventonly->id_string); +- break; ++ id_code = record.eventonly->id_code; ++ id_string = record.eventonly->id_string; ++ break; ++ + case SDR_RECORD_TYPE_MC_DEVICE_LOCATOR: + record.mcloc = (struct sdr_record_mc_locator *) raw ; +- snprintf(desc, (record.mcloc->id_code & 0x1f) +1, "%s", +- (const char *)record.mcloc->id_string); ++ id_code = record.mcloc->id_code; ++ id_string = record.mcloc->id_string; + break; ++ + default: + rc = -1; +- break; +- } ++ } ++ if (!rc) { ++ snprintf(desc, sizeof(desc), "%.*s", (id_code & 0x1f) + 1, id_string); ++ } + +- lprintf(LOG_INFO, "ID: 0x%04x , NAME: %-16s", id, desc); ++ lprintf(LOG_INFO, "ID: 0x%04x , NAME: %-16s", id, desc); + return rc; + } + diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..771ac8f --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,18 @@ +#0505-fix_CVE-2020-5208.patch +0120-openssl1.1.patch +0100-fix_buf_overflow.patch +0500-fix_CVE-2011-4339.patch +0600-manpage_longlines.patch +0110-getpass-prototype.patch +0115-typo.patch +0125-nvidia-iana.patch +0615-manpage_typo.patch +0130-Correct_lanplus_segment_violation.patch +0005-gcc10.patch +0010-utf8.patch +CVE-2020-5208_1_Fix_buffer_overflow_vulnerabilities.patch +CVE-2020-5208_2-fru-Fix-buffer-overflow-in-ipmi_spd_print_fru.patch +CVE-2020-5208_3-session-Fix-buffer-overflow-in-ipmi_get_session_info.patch +CVE-2020-5208_4-channel-Fix-buffer-overflow.patch +CVE-2020-5208_5_lanp-Fix-buffer-overflows-in-get_lan_param_select.patch +CVE-2020-5208_6-fru-sdr-Fix-id_string-buffer-overflows.patch diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..96ce733 --- /dev/null +++ b/debian/rules @@ -0,0 +1,39 @@ +#!/usr/bin/make -f + +#include /usr/share/quilt/quilt.make + +#export DH_VERBOSE=1 +export DH_OPTIONS + +# +# Hardening +# +export DEB_BUILD_MAINT_OPTIONS = hardening=+all + +# Platform-specific features +DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS) + +ifeq ($(DEB_HOST_ARCH_OS),linux) + # USB implementation is Linux-specific + extra_config_opts += --enable-intf-usb +else + extra_config_opts += --disable-intf-usb +endif + +%: + dh $@ + +override_dh_auto_install: + dh_auto_install + # No need to have two copies of the license text/changelog in the package. + $(RM) $(CURDIR)/debian/ipmitool/usr/share/doc/ipmitool/COPYING + $(RM) $(CURDIR)/debian/ipmitool/usr/share/doc/ipmitool/ChangeLog + +override_dh_installsystemd: + dh_installsystemd --no-enable --name ipmievd + +override_dh_auto_configure: + dh_auto_configure -- --prefix=/usr --with-kerneldir --mandir=/usr/share/man --enable-intf-dummy $(extra_config_opts) + +override_dh_installinit: + dh_installinit --no-enable --name ipmievd --error-handler=ipmievd_initd_failed diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/systemd/ipmitool.ipmievd.service b/debian/systemd/ipmitool.ipmievd.service new file mode 100644 index 0000000..db30b27 --- /dev/null +++ b/debian/systemd/ipmitool.ipmievd.service @@ -0,0 +1,11 @@ +[Unit] +Description=IPMI event daemon +After=openipmi.service + +[Service] +Type=forking +ExecStart=/usr/sbin/ipmievd open daemon + +[Install] +WantedBy=multi-user.target +Alias=ipmi.service diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..616229c --- /dev/null +++ b/debian/watch @@ -0,0 +1,9 @@ +version=4 +opts=\ +dversionmangle=s/\+(debian|dfsg|ds|deb)\d*$//,\ +uversionmangle=s/(\d)[_\.\-\+]?((RC|rc|pre|dev|beta|alpha)\d*)$/$1~$2/;s/RC/rc/;s/\-/\./g;s/\_/\./g,\ +filenamemangle=s/(?:.*?)?(?:rel|v|ipmitool|IPMITOOL)?[\-\_]?(\d\S+)\.(tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz)))/ipmitool-$1.$2/ \ +https://github.com/ipmitool/ipmitool/tags \ +(?:.*?/)?(?:rel|v|ipmitool|IPMITOOL)?[\-\_]?(\d\S+)\.(?:tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz))) \ + + |