mirror of
https://github.com/xcat2/xcat-dep.git
synced 2024-11-24 02:19:53 +00:00
Merge pull request #38 from xcat2/security
Support new known ipmitool security vulnerabilities on ipmitool-xcat-1.8.18-3
This commit is contained in:
commit
40be643e03
377
ipmitool/0012-CVE-2020-5208.patch
Normal file
377
ipmitool/0012-CVE-2020-5208.patch
Normal file
@ -0,0 +1,377 @@
|
||||
From b3e74778c65ba3ffc8a9b3133c87588ee5d18a74 Mon Sep 17 00:00:00 2001
|
||||
From: Chrostoper Ertl <chertl@microsoft.com>
|
||||
Date: Thu, 28 Nov 2019 16:33:59 +0000
|
||||
Subject: [PATCH] Fixes for CVE-2020-5208
|
||||
|
||||
see https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
|
||||
|
||||
This patch is combination of following commits:
|
||||
|
||||
pick e824c23316ae50beb7f7488f2055ac65e8b341f2 fru: Fix buffer overflow vulnerabilities
|
||||
pick 840fb1cbb4fb365cb9797300e3374d4faefcdb10 fru: Fix buffer overflow in ipmi_spd_print_fru
|
||||
pick 41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22 session: Fix buffer overflow in ipmi_get_session_info
|
||||
pick 9452be87181a6e83cfcc768b3ed8321763db50e4 channel: Fix buffer overflow
|
||||
pick d45572d71e70840e0d4c50bf48218492b79c1a10 lanp: Fix buffer overflows in get_lan_param_select
|
||||
pick 7ccea283dd62a05a320c1921e3d8d71a87772637 fru, sdr: Fix id_string buffer overflows
|
||||
---
|
||||
lib/dimm_spd.c | 9 ++++++++-
|
||||
lib/ipmi_channel.c | 5 ++++-
|
||||
lib/ipmi_fru.c | 35 ++++++++++++++++++++++++++++++++---
|
||||
lib/ipmi_lanp.c | 14 +++++++-------
|
||||
lib/ipmi_sdr.c | 40 ++++++++++++++++++++++++----------------
|
||||
lib/ipmi_session.c | 12 ++++++++----
|
||||
6 files changed, 83 insertions(+), 32 deletions(-)
|
||||
|
||||
diff --git a/lib/dimm_spd.c b/lib/dimm_spd.c
|
||||
index 41e30db..68f3b4f 100644
|
||||
--- a/lib/dimm_spd.c
|
||||
+++ b/lib/dimm_spd.c
|
||||
@@ -1621,7 +1621,7 @@ ipmi_spd_print_fru(struct ipmi_intf * intf, uint8_t id)
|
||||
struct ipmi_rq req;
|
||||
struct fru_info fru;
|
||||
uint8_t *spd_data, msg_data[4];
|
||||
- int len, offset;
|
||||
+ uint32_t len, offset;
|
||||
|
||||
msg_data[0] = id;
|
||||
|
||||
@@ -1697,6 +1697,13 @@ ipmi_spd_print_fru(struct ipmi_intf * intf, uint8_t id)
|
||||
}
|
||||
|
||||
len = rsp->data[0];
|
||||
+ if(rsp->data_len < 1
|
||||
+ || len > rsp->data_len - 1
|
||||
+ || len > fru.size - offset)
|
||||
+ {
|
||||
+ printf(" Not enough buffer size");
|
||||
+ return -1;
|
||||
+ }
|
||||
memcpy(&spd_data[offset], rsp->data + 1, len);
|
||||
offset += len;
|
||||
} while (offset < fru.size);
|
||||
diff --git a/lib/ipmi_channel.c b/lib/ipmi_channel.c
|
||||
index 3ae3104..80ba522 100644
|
||||
--- a/lib/ipmi_channel.c
|
||||
+++ b/lib/ipmi_channel.c
|
||||
@@ -447,7 +447,10 @@ ipmi_get_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type,
|
||||
lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites");
|
||||
return -1;
|
||||
}
|
||||
- if (rsp->ccode > 0) {
|
||||
+ if (rsp->ccode
|
||||
+ || rsp->data_len < 1
|
||||
+ || rsp->data_len > sizeof(uint8_t) )
|
||||
+ {
|
||||
lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
|
||||
val2str(rsp->ccode, completion_code_vals));
|
||||
return -1;
|
||||
diff --git a/lib/ipmi_fru.c b/lib/ipmi_fru.c
|
||||
index cf00eff..98bc984 100644
|
||||
--- a/lib/ipmi_fru.c
|
||||
+++ b/lib/ipmi_fru.c
|
||||
@@ -615,7 +615,10 @@ int
|
||||
read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
|
||||
uint32_t offset, uint32_t length, uint8_t *frubuf)
|
||||
{
|
||||
- uint32_t off = offset, tmp, finish;
|
||||
+ uint32_t off = offset;
|
||||
+ uint32_t tmp;
|
||||
+ uint32_t finish;
|
||||
+ uint32_t size_left_in_buffer;
|
||||
struct ipmi_rs * rsp;
|
||||
struct ipmi_rq req;
|
||||
uint8_t msg_data[4];
|
||||
@@ -628,10 +631,12 @@ read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
|
||||
|
||||
finish = offset + length;
|
||||
if (finish > fru->size) {
|
||||
+ memset(frubuf + fru->size, 0, length - fru->size);
|
||||
finish = fru->size;
|
||||
lprintf(LOG_NOTICE, "Read FRU Area length %d too large, "
|
||||
"Adjusting to %d",
|
||||
offset + length, finish - offset);
|
||||
+ length = finish - offset;
|
||||
}
|
||||
|
||||
memset(&req, 0, sizeof(req));
|
||||
@@ -667,6 +672,7 @@ read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
|
||||
}
|
||||
}
|
||||
|
||||
+ size_left_in_buffer = length;
|
||||
do {
|
||||
tmp = fru->access ? off >> 1 : off;
|
||||
msg_data[0] = id;
|
||||
@@ -707,9 +713,18 @@ read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
|
||||
}
|
||||
|
||||
tmp = fru->access ? rsp->data[0] << 1 : rsp->data[0];
|
||||
+ if(rsp->data_len < 1
|
||||
+ || tmp > rsp->data_len - 1
|
||||
+ || tmp > size_left_in_buffer)
|
||||
+ {
|
||||
+ printf(" Not enough buffer size");
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
memcpy(frubuf, rsp->data + 1, tmp);
|
||||
off += tmp;
|
||||
frubuf += tmp;
|
||||
+ size_left_in_buffer -= tmp;
|
||||
/* sometimes the size returned in the Info command
|
||||
* is too large. return 0 so higher level function
|
||||
* still attempts to parse what was returned */
|
||||
@@ -742,7 +757,9 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
|
||||
uint32_t offset, uint32_t length, uint8_t *frubuf)
|
||||
{
|
||||
static uint32_t fru_data_rqst_size = 20;
|
||||
- uint32_t off = offset, tmp, finish;
|
||||
+ uint32_t off = offset;
|
||||
+ uint32_t tmp, finish;
|
||||
+ uint32_t size_left_in_buffer;
|
||||
struct ipmi_rs * rsp;
|
||||
struct ipmi_rq req;
|
||||
uint8_t msg_data[4];
|
||||
@@ -755,10 +772,12 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
|
||||
|
||||
finish = offset + length;
|
||||
if (finish > fru->size) {
|
||||
+ memset(frubuf + fru->size, 0, length - fru->size);
|
||||
finish = fru->size;
|
||||
lprintf(LOG_NOTICE, "Read FRU Area length %d too large, "
|
||||
"Adjusting to %d",
|
||||
offset + length, finish - offset);
|
||||
+ length = finish - offset;
|
||||
}
|
||||
|
||||
memset(&req, 0, sizeof(req));
|
||||
@@ -773,6 +792,8 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
|
||||
if (fru->access && fru_data_rqst_size > 16)
|
||||
#endif
|
||||
fru_data_rqst_size = 16;
|
||||
+
|
||||
+ size_left_in_buffer = length;
|
||||
do {
|
||||
tmp = fru->access ? off >> 1 : off;
|
||||
msg_data[0] = id;
|
||||
@@ -804,8 +825,16 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
|
||||
}
|
||||
|
||||
tmp = fru->access ? rsp->data[0] << 1 : rsp->data[0];
|
||||
+ if(rsp->data_len < 1
|
||||
+ || tmp > rsp->data_len - 1
|
||||
+ || tmp > size_left_in_buffer)
|
||||
+ {
|
||||
+ printf(" Not enough buffer size");
|
||||
+ return -1;
|
||||
+ }
|
||||
memcpy((frubuf + off)-offset, rsp->data + 1, tmp);
|
||||
off += tmp;
|
||||
+ size_left_in_buffer -= tmp;
|
||||
|
||||
/* sometimes the size returned in the Info command
|
||||
* is too large. return 0 so higher level function
|
||||
@@ -3033,7 +3062,7 @@ ipmi_fru_print(struct ipmi_intf * intf, struct sdr_record_fru_locator * fru)
|
||||
return 0;
|
||||
|
||||
memset(desc, 0, sizeof(desc));
|
||||
- memcpy(desc, fru->id_string, fru->id_code & 0x01f);
|
||||
+ memcpy(desc, fru->id_string, __min(fru->id_code & 0x01f, sizeof(desc)));
|
||||
desc[fru->id_code & 0x01f] = 0;
|
||||
printf("FRU Device Description : %s (ID %d)\n", desc, fru->device_id);
|
||||
|
||||
diff --git a/lib/ipmi_lanp.c b/lib/ipmi_lanp.c
|
||||
index 65d881b..022c7f1 100644
|
||||
--- a/lib/ipmi_lanp.c
|
||||
+++ b/lib/ipmi_lanp.c
|
||||
@@ -1809,7 +1809,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert,
|
||||
if (p == NULL) {
|
||||
return (-1);
|
||||
}
|
||||
- memcpy(data, p->data, p->data_len);
|
||||
+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
|
||||
/* set new ipaddr */
|
||||
memcpy(data+3, temp, 4);
|
||||
printf("Setting LAN Alert %d IP Address to %d.%d.%d.%d\n", alert,
|
||||
@@ -1824,7 +1824,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert,
|
||||
if (p == NULL) {
|
||||
return (-1);
|
||||
}
|
||||
- memcpy(data, p->data, p->data_len);
|
||||
+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
|
||||
/* set new macaddr */
|
||||
memcpy(data+7, temp, 6);
|
||||
printf("Setting LAN Alert %d MAC Address to "
|
||||
@@ -1838,7 +1838,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert,
|
||||
if (p == NULL) {
|
||||
return (-1);
|
||||
}
|
||||
- memcpy(data, p->data, p->data_len);
|
||||
+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
|
||||
|
||||
if (strncasecmp(argv[1], "def", 3) == 0 ||
|
||||
strncasecmp(argv[1], "default", 7) == 0) {
|
||||
@@ -1864,7 +1864,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert,
|
||||
if (p == NULL) {
|
||||
return (-1);
|
||||
}
|
||||
- memcpy(data, p->data, p->data_len);
|
||||
+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
|
||||
|
||||
if (strncasecmp(argv[1], "on", 2) == 0 ||
|
||||
strncasecmp(argv[1], "yes", 3) == 0) {
|
||||
@@ -1889,7 +1889,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert,
|
||||
if (p == NULL) {
|
||||
return (-1);
|
||||
}
|
||||
- memcpy(data, p->data, p->data_len);
|
||||
+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
|
||||
|
||||
if (strncasecmp(argv[1], "pet", 3) == 0) {
|
||||
printf("Setting LAN Alert %d destination to PET Trap\n", alert);
|
||||
@@ -1917,7 +1917,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert,
|
||||
if (p == NULL) {
|
||||
return (-1);
|
||||
}
|
||||
- memcpy(data, p->data, p->data_len);
|
||||
+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
|
||||
|
||||
if (str2uchar(argv[1], &data[2]) != 0) {
|
||||
lprintf(LOG_ERR, "Invalid time: %s", argv[1]);
|
||||
@@ -1933,7 +1933,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert,
|
||||
if (p == NULL) {
|
||||
return (-1);
|
||||
}
|
||||
- memcpy(data, p->data, p->data_len);
|
||||
+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
|
||||
|
||||
if (str2uchar(argv[1], &data[3]) != 0) {
|
||||
lprintf(LOG_ERR, "Invalid retry: %s", argv[1]);
|
||||
diff --git a/lib/ipmi_sdr.c b/lib/ipmi_sdr.c
|
||||
index 0f6faab..9890132 100644
|
||||
--- a/lib/ipmi_sdr.c
|
||||
+++ b/lib/ipmi_sdr.c
|
||||
@@ -2086,7 +2086,7 @@ ipmi_sdr_print_sensor_eventonly(struct ipmi_intf *intf,
|
||||
return -1;
|
||||
|
||||
memset(desc, 0, sizeof (desc));
|
||||
- snprintf(desc, (sensor->id_code & 0x1f) + 1, "%s", sensor->id_string);
|
||||
+ snprintf(desc, sizeof(desc), "%.*s", (sensor->id_code & 0x1f) + 1, sensor->id_string);
|
||||
|
||||
if (verbose) {
|
||||
printf("Sensor ID : %s (0x%x)\n",
|
||||
@@ -2137,7 +2137,7 @@ ipmi_sdr_print_sensor_mc_locator(struct ipmi_intf *intf,
|
||||
return -1;
|
||||
|
||||
memset(desc, 0, sizeof (desc));
|
||||
- snprintf(desc, (mc->id_code & 0x1f) + 1, "%s", mc->id_string);
|
||||
+ snprintf(desc, sizeof(desc), "%.*s", (mc->id_code & 0x1f) + 1, mc->id_string);
|
||||
|
||||
if (verbose == 0) {
|
||||
if (csv_output)
|
||||
@@ -2230,7 +2230,7 @@ ipmi_sdr_print_sensor_generic_locator(struct ipmi_intf *intf,
|
||||
char desc[17];
|
||||
|
||||
memset(desc, 0, sizeof (desc));
|
||||
- snprintf(desc, (dev->id_code & 0x1f) + 1, "%s", dev->id_string);
|
||||
+ snprintf(desc, sizeof(desc), "%.*s", (dev->id_code & 0x1f) + 1, dev->id_string);
|
||||
|
||||
if (!verbose) {
|
||||
if (csv_output)
|
||||
@@ -2287,7 +2287,7 @@ ipmi_sdr_print_sensor_fru_locator(struct ipmi_intf *intf,
|
||||
char desc[17];
|
||||
|
||||
memset(desc, 0, sizeof (desc));
|
||||
- snprintf(desc, (fru->id_code & 0x1f) + 1, "%s", fru->id_string);
|
||||
+ snprintf(desc, sizeof(desc), "%.*s", (fru->id_code & 0x1f) + 1, fru->id_string);
|
||||
|
||||
if (!verbose) {
|
||||
if (csv_output)
|
||||
@@ -2491,35 +2491,43 @@ ipmi_sdr_print_name_from_rawentry(struct ipmi_intf *intf, uint16_t id,
|
||||
|
||||
int rc =0;
|
||||
char desc[17];
|
||||
+ const char *id_string;
|
||||
+ uint8_t id_code;
|
||||
memset(desc, ' ', sizeof (desc));
|
||||
|
||||
switch ( type) {
|
||||
case SDR_RECORD_TYPE_FULL_SENSOR:
|
||||
record.full = (struct sdr_record_full_sensor *) raw;
|
||||
- snprintf(desc, (record.full->id_code & 0x1f) +1, "%s",
|
||||
- (const char *)record.full->id_string);
|
||||
+ id_code = record.full->id_code;
|
||||
+ id_string = record.full->id_string;
|
||||
break;
|
||||
+
|
||||
case SDR_RECORD_TYPE_COMPACT_SENSOR:
|
||||
record.compact = (struct sdr_record_compact_sensor *) raw ;
|
||||
- snprintf(desc, (record.compact->id_code & 0x1f) +1, "%s",
|
||||
- (const char *)record.compact->id_string);
|
||||
+ id_code = record.compact->id_code;
|
||||
+ id_string = record.compact->id_string;
|
||||
break;
|
||||
+
|
||||
case SDR_RECORD_TYPE_EVENTONLY_SENSOR:
|
||||
record.eventonly = (struct sdr_record_eventonly_sensor *) raw ;
|
||||
- snprintf(desc, (record.eventonly->id_code & 0x1f) +1, "%s",
|
||||
- (const char *)record.eventonly->id_string);
|
||||
- break;
|
||||
+ id_code = record.eventonly->id_code;
|
||||
+ id_string = record.eventonly->id_string;
|
||||
+ break;
|
||||
+
|
||||
case SDR_RECORD_TYPE_MC_DEVICE_LOCATOR:
|
||||
record.mcloc = (struct sdr_record_mc_locator *) raw ;
|
||||
- snprintf(desc, (record.mcloc->id_code & 0x1f) +1, "%s",
|
||||
- (const char *)record.mcloc->id_string);
|
||||
+ id_code = record.mcloc->id_code;
|
||||
+ id_string = record.mcloc->id_string;
|
||||
break;
|
||||
+
|
||||
default:
|
||||
rc = -1;
|
||||
- break;
|
||||
- }
|
||||
+ }
|
||||
+ if (!rc) {
|
||||
+ snprintf(desc, sizeof(desc), "%.*s", (id_code & 0x1f) + 1, id_string);
|
||||
+ }
|
||||
|
||||
- lprintf(LOG_INFO, "ID: 0x%04x , NAME: %-16s", id, desc);
|
||||
+ lprintf(LOG_INFO, "ID: 0x%04x , NAME: %-16s", id, desc);
|
||||
return rc;
|
||||
}
|
||||
|
||||
diff --git a/lib/ipmi_session.c b/lib/ipmi_session.c
|
||||
index 141f0f4..b9af1fd 100644
|
||||
--- a/lib/ipmi_session.c
|
||||
+++ b/lib/ipmi_session.c
|
||||
@@ -309,8 +309,10 @@ ipmi_get_session_info(struct ipmi_intf * intf,
|
||||
}
|
||||
else
|
||||
{
|
||||
- memcpy(&session_info, rsp->data, rsp->data_len);
|
||||
- print_session_info(&session_info, rsp->data_len);
|
||||
+ memcpy(&session_info, rsp->data,
|
||||
+ __min(rsp->data_len, sizeof(session_info)));
|
||||
+ print_session_info(&session_info,
|
||||
+ __min(rsp->data_len, sizeof(session_info)));
|
||||
}
|
||||
break;
|
||||
|
||||
@@ -341,8 +343,10 @@ ipmi_get_session_info(struct ipmi_intf * intf,
|
||||
break;
|
||||
}
|
||||
|
||||
- memcpy(&session_info, rsp->data, rsp->data_len);
|
||||
- print_session_info(&session_info, rsp->data_len);
|
||||
+ memcpy(&session_info, rsp->data,
|
||||
+ __min(rsp->data_len, sizeof(session_info)));
|
||||
+ print_session_info(&session_info,
|
||||
+ __min(rsp->data_len, sizeof(session_info)));
|
||||
|
||||
} while (i <= session_info.session_slot_count);
|
||||
break;
|
||||
--
|
||||
2.20.1
|
@ -1,7 +1,7 @@
|
||||
#! /usr/bin/perl
|
||||
|
||||
my $version = "1.8.18";
|
||||
my $release = "0";
|
||||
my $release = "3";
|
||||
|
||||
#check the distro
|
||||
$cmd = "cat /etc/*release";
|
||||
@ -13,6 +13,8 @@ if (grep /Red Hat Enterprise Linux Server release 5\.\d/, @output) {
|
||||
$os = "rh6";
|
||||
} elsif (grep /Red Hat Enterprise Linux Server release 7\.\d/, @output) {
|
||||
$os = "rh7";
|
||||
} elsif (grep /Red Hat Enterprise Linux release 8\.\d/, @output) {
|
||||
$os = "rh8";
|
||||
} elsif (grep /CentOS Linux release 7\.\d/, @output) {
|
||||
$os = "rh7";
|
||||
} elsif (grep /CentOS release 6\.\d/, @output) {
|
||||
@ -23,6 +25,8 @@ if (grep /Red Hat Enterprise Linux Server release 5\.\d/, @output) {
|
||||
$os = "sles11";
|
||||
} elsif (grep /SUSE Linux Enterprise Server 12/, @output) {
|
||||
$os = "sles12";
|
||||
} elsif (grep /SUSE Linux Enterprise Server 15/, @output) {
|
||||
$os = "sles15";
|
||||
} else {
|
||||
print "unknow os\n";
|
||||
exit 1;
|
||||
@ -49,7 +53,8 @@ if ( (! -f "$pwd/ipmitool-$version.tar.gz")
|
||||
|| (! -f "$pwd/ipmitool.spec")
|
||||
|| (! -f "$pwd/ipmitool-$version-saneretry.patch")
|
||||
|| (! -f "$pwd/ipmitool-$version-rflash.patch")
|
||||
|| (! -f "$pwd/ipmitool-$version-signal.patch")) {
|
||||
|| (! -f "$pwd/ipmitool-$version-signal.patch")
|
||||
|| (! -f "$pwd/0012-CVE-2020-5208.patch")) {
|
||||
print "missed some necessary files for building.\n";
|
||||
exit 1;
|
||||
}
|
||||
@ -57,7 +62,7 @@ if ( (! -f "$pwd/ipmitool-$version.tar.gz")
|
||||
my $blddir;
|
||||
if ($os eq "rh5") {
|
||||
$blddir = "/usr/src/redhat";
|
||||
} elsif (($os eq "rh6") || ($os eq "rh7")) {
|
||||
} elsif ($os =~ /rh\d/) {
|
||||
$blddir = "/root/rpmbuild";
|
||||
} elsif ($os =~ /sles1\d/) {
|
||||
$blddir = "/usr/src/packages";
|
||||
@ -116,12 +121,6 @@ if (! -f $objrpm) {
|
||||
exit 0;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
sub runcmd () {
|
||||
my $cmd = shift;
|
||||
print "++++Trying to run command: [$cmd]\n";
|
||||
|
@ -1,7 +1,12 @@
|
||||
ipmitool-xcat (1.8.18) unstable; urgency=low
|
||||
* Upgrade to 1.8.18 version
|
||||
ipmitool-xcat (1.8.18-3) unstable; urgency=low
|
||||
* Add security patch CVE-2020-5208
|
||||
|
||||
-- Victor Hu <vhu@us.ibm.com> Tue, 30 May 2017 14:41:01 -0400
|
||||
-- cxhong <cxhong@us.ibm.com> Thu, 30 Apr 2020 11:10:00 +0100
|
||||
|
||||
ipmitool-xcat (1.8.18) unstable; urgency=low
|
||||
* Upgrade to 1.8.18 version
|
||||
|
||||
-- Victor Hu <vhu@us.ibm.com> Tue, 30 May 2017 14:41:01 +0100
|
||||
|
||||
ipmitool-xcat (1.8.17-1) unstable; urgency=low
|
||||
* Make ipmitool exit gracefully when receiving `INT`, `TERM` or `HUP` signal.
|
||||
|
1
ipmitool/debian/compat
Normal file
1
ipmitool/debian/compat
Normal file
@ -0,0 +1 @@
|
||||
5
|
1
ipmitool/debian/patches/0002-openssl.patch
Symbolic link
1
ipmitool/debian/patches/0002-openssl.patch
Symbolic link
@ -0,0 +1 @@
|
||||
../../0002-openssl.patch
|
1
ipmitool/debian/patches/0012-CVE-2020-5208.patch
Symbolic link
1
ipmitool/debian/patches/0012-CVE-2020-5208.patch
Symbolic link
@ -0,0 +1 @@
|
||||
../../0012-CVE-2020-5208.patch
|
@ -1,3 +1,5 @@
|
||||
ipmitool-1.8.18-saneretry.patch
|
||||
ipmitool-1.8.18-rflash.patch
|
||||
ipmitool-1.8.18-signal.patch
|
||||
0002-openssl.patch
|
||||
0012-CVE-2020-5208.patch
|
||||
|
@ -1,7 +1,7 @@
|
||||
#!/usr/bin/make -f
|
||||
|
||||
#export DH_VERBOSE=1
|
||||
export DH_COMPAT=4
|
||||
#export DH_COMPAT=5
|
||||
export DH_OPTIONS
|
||||
ifndef TARGET_ARCH
|
||||
TARGET_ARCH=amd64
|
||||
|
@ -1,7 +1,7 @@
|
||||
Name: ipmitool-xcat
|
||||
Summary: ipmitool - Utility for IPMI control
|
||||
Version: 1.8.18
|
||||
Release: 2
|
||||
Release: 3
|
||||
License: BSD
|
||||
Group: Utilities
|
||||
Packager: IBM Corp.
|
||||
@ -20,6 +20,8 @@ Patch80: ipmitool-%{version}-saneretry.patch
|
||||
Patch82: ipmitool-%{version}-rflash.patch
|
||||
Patch83: ipmitool-%{version}-signal.patch
|
||||
|
||||
Patch12: 0012-CVE-2020-5208.patch
|
||||
|
||||
Buildroot: /var/tmp/ipmitool-root
|
||||
|
||||
BuildRequires: openssl-devel readline-devel ncurses-devel
|
||||
@ -57,6 +59,7 @@ fi
|
||||
%patch80 -p1
|
||||
%patch82 -p1
|
||||
%patch83 -p1
|
||||
%patch12 -p1
|
||||
|
||||
for f in AUTHORS ChangeLog; do
|
||||
iconv -f iso-8859-1 -t utf8 < ${f} > ${f}.utf8
|
||||
@ -106,6 +109,8 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Thu Apr 30 2020 <cxhong@us.ibm.com> 1.8.18-3
|
||||
Add security patch CVE-2020-5208
|
||||
* Thu Nov 15 2018 <gongjie@linux.vnet.ibm.com> 1.8.18-2
|
||||
Rebuild on RHEL 8. Intigrate patches from RHEL 8
|
||||
* Tue May 30 2017 <vhu@us.im.com> 1.8.18
|
||||
|
Loading…
Reference in New Issue
Block a user