Date: Sunday, September 4, 2022 @ 08:34:35
Author: bluewind
Revision: 1292806
archrelease: copy trunk to community-x86_64
Added:
ipmitool/repos/community-x86_64/9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch
(from rev 1292805,
ipmitool/trunk/9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch)
ipmitool/repos/community-x86_64/PKGBUILD
(from rev 1292805, ipmitool/trunk/PKGBUILD)
ipmitool/repos/community-x86_64/ipmitool-openssl-1.1.patch
(from rev 1292805, ipmitool/trunk/ipmitool-openssl-1.1.patch)
Deleted:
ipmitool/repos/community-x86_64/9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch
ipmitool/repos/community-x86_64/PKGBUILD
ipmitool/repos/community-x86_64/ipmitool-openssl-1.1.patch
-------------------------------------------------------+
9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch | 74 +++---
PKGBUILD | 103 +++------
ipmitool-openssl-1.1.patch | 178 ++++++++--------
3 files changed, 160 insertions(+), 195 deletions(-)
Deleted: 9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch
===================================================================
--- 9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch 2022-09-04
08:34:29 UTC (rev 1292805)
+++ 9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch 2022-09-04
08:34:35 UTC (rev 1292806)
@@ -1,37 +0,0 @@
-NOTE: This diff has been adjusted to apply to 1.8.18.
-
-
-From 9452be87181a6e83cfcc768b3ed8321763db50e4 Mon Sep 17 00:00:00 2001
-From: Chrostoper Ertl <[email protected]>
-Date: Thu, 28 Nov 2019 16:56:38 +0000
-Subject: [PATCH] channel: Fix buffer overflow
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Partial fix for CVE-2020-5208, see
-https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
-
-The `ipmi_get_channel_cipher_suites` function does not properly check
-the final response’s `data_len`, which can lead to stack buffer overflow
-on the final copy.
----
- lib/ipmi_channel.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/lib/ipmi_channel.c b/lib/ipmi_channel.c
-index a6a6a424..433c4d36 100644
---- a/lib/ipmi_channel.c
-+++ b/lib/ipmi_channel.c
-@@ -498,7 +498,10 @@ ipmi_get_channel_cipher_suites(struct ipmi_intf *intf,
- lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites");
- return -1;
- }
-- if (rsp->ccode > 0) {
-+ if (rsp->ccode
-+ || rsp->data_len < 1
-+ || rsp->data_len > sizeof(uint8_t) +
MAX_CIPHER_SUITE_DATA_LEN)
-+ {
- lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
- val2str(rsp->ccode,
completion_code_vals));
- return -1;
Copied:
ipmitool/repos/community-x86_64/9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch
(from rev 1292805,
ipmitool/trunk/9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch)
===================================================================
--- 9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch
(rev 0)
+++ 9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch 2022-09-04
08:34:35 UTC (rev 1292806)
@@ -0,0 +1,37 @@
+NOTE: This diff has been adjusted to apply to 1.8.18.
+
+
+From 9452be87181a6e83cfcc768b3ed8321763db50e4 Mon Sep 17 00:00:00 2001
+From: Chrostoper Ertl <[email protected]>
+Date: Thu, 28 Nov 2019 16:56:38 +0000
+Subject: [PATCH] channel: Fix buffer overflow
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Partial fix for CVE-2020-5208, see
+https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
+
+The `ipmi_get_channel_cipher_suites` function does not properly check
+the final response’s `data_len`, which can lead to stack buffer overflow
+on the final copy.
+---
+ lib/ipmi_channel.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/lib/ipmi_channel.c b/lib/ipmi_channel.c
+index a6a6a424..433c4d36 100644
+--- a/lib/ipmi_channel.c
++++ b/lib/ipmi_channel.c
+@@ -498,7 +498,10 @@ ipmi_get_channel_cipher_suites(struct ipmi_intf *intf,
+ lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites");
+ return -1;
+ }
+- if (rsp->ccode > 0) {
++ if (rsp->ccode
++ || rsp->data_len < 1
++ || rsp->data_len > sizeof(uint8_t) +
MAX_CIPHER_SUITE_DATA_LEN)
++ {
+ lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
+ val2str(rsp->ccode,
completion_code_vals));
+ return -1;
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2022-09-04 08:34:29 UTC (rev 1292805)
+++ PKGBUILD 2022-09-04 08:34:35 UTC (rev 1292806)
@@ -1,69 +0,0 @@
-# Maintainer: Florian Pritz <[email protected]>
-# Contributor: Florian Dejonckheere <[email protected]>
-# Contributor: gori
-
-pkgname=ipmitool
-pkgver=1.8.18
-pkgrel=7
-pkgdesc="Command-line interface to IPMI-enabled devices"
-arch=('x86_64')
-url="http://ipmitool.sourceforge.net";
-depends=('openssl')
-license=('BSD')
-source=("https://downloads.sourceforge.net/project/${pkgname}/${pkgname}/${pkgver}/${pkgname}-${pkgver}.tar.bz2";
- ipmitool-openssl-1.1.patch
-
https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2.patch
-
https://github.com/ipmitool/ipmitool/commit/840fb1cbb4fb365cb9797300e3374d4faefcdb10.patch
-
https://github.com/ipmitool/ipmitool/commit/41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22.patch
-
#https://github.com/ipmitool/ipmitool/commit/9452be87181a6e83cfcc768b3ed8321763db50e4.patch
- 9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch
-
https://github.com/ipmitool/ipmitool/commit/d45572d71e70840e0d4c50bf48218492b79c1a10.patch
-
https://github.com/ipmitool/ipmitool/commit/7ccea283dd62a05a320c1921e3d8d71a87772637.patch
- )
-sha256sums=('0c1ba3b1555edefb7c32ae8cd6a3e04322056bc087918f07189eeedfc8b81e01'
- '7da20584541279045b4a4743600925b70fe162e1437a8da6647414926e12b58f'
- 'fcf8a1fce7f902adcb6500143ec04f6541474a2e0e78acfdf52276d3e421e84f'
- '9774148893ed44f5d85bec26cd54f31ef6f7491232eb3f44f65d391547d83cda'
- '42ce1143b05e160cee9cc6fb6ed13938ffc62dc11eec0343caccf463d49b76b8'
- 'd51c1f481d4fc1d3fd5617ceeda16327fb6a6916103cf7334f6e44cd325ea0e0'
- '0b6535b7b54485a9ba107ae09fccdff9f816ae1c4d8a8fe334df6fb48d2ec63a'
- '146316f1b4001e3929c794d25ee2dacc7602676060da80b9c1655ec01a0032e3')
-
-prepare() {
- cd ${pkgname}-${pkgver}
- # openssl 1.1 support (Fedora)
- patch -p1 -i ../ipmitool-openssl-1.1.patch
-
- # FS#69708 - [ipmitool] [Security] arbitrary code execution
(CVE-2020-5208)
- patch -p1 -i ../e824c23316ae50beb7f7488f2055ac65e8b341f2.patch
- patch -p1 -i ../840fb1cbb4fb365cb9797300e3374d4faefcdb10.patch
- patch -p1 -i ../41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22.patch
- patch -p1 -i ../9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch
- patch -p1 -i ../d45572d71e70840e0d4c50bf48218492b79c1a10.patch
- patch -p1 -i ../7ccea283dd62a05a320c1921e3d8d71a87772637.patch
-}
-
-build(){
- cd "${srcdir}/${pkgname}-${pkgver}"
-
- CFLAGS+=' -fcommon' #
https://wiki.gentoo.org/wiki/Gcc_10_porting_notes/fno_common
-
- # Fix warning in ipmi_fru.c
- CFLAGS+=' -Wno-maybe-uninitialized'
-
- if [[ $pkgver = '1.8.18' ]]; then
- CFLAGS+=' -DMAX_CIPHER_SUITE_DATA_LEN=0x10'
- fi
-
- ./configure --prefix=/usr --sbindir=/usr/bin --with-kerneldir
- make
-}
-
-package(){
- cd "${srcdir}/${pkgname}-${pkgver}"
-
- make DESTDIR="${pkgdir}" install
-
- # Install license
- install -Dm644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
-}
Copied: ipmitool/repos/community-x86_64/PKGBUILD (from rev 1292805,
ipmitool/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2022-09-04 08:34:35 UTC (rev 1292806)
@@ -0,0 +1,34 @@
+# Maintainer: Florian Pritz <[email protected]>
+# Contributor: Florian Dejonckheere <[email protected]>
+# Contributor: gori
+
+pkgname=ipmitool
+pkgver=1.8.19
+pkgrel=1
+pkgdesc="Command-line interface to IPMI-enabled devices"
+arch=('x86_64')
+url="https://github.com/ipmitool/ipmitool";
+depends=('openssl')
+license=('BSD')
+source=("https://github.com/ipmitool/ipmitool/archive/refs/tags/IPMITOOL_${pkgver//./_}.tar.gz";
+ )
+sha256sums=('48b010e7bcdf93e4e4b6e43c53c7f60aa6873d574cbd45a8d86fa7aaeebaff9c')
+
+_srcdir_name="ipmitool-IPMITOOL_${pkgver//./_}"
+
+build(){
+ cd "${srcdir}/${_srcdir_name}"
+
+ ./bootstrap
+ ./configure --prefix=/usr --sbindir=/usr/bin --with-kerneldir
+ make
+}
+
+package(){
+ cd "${srcdir}/${_srcdir_name}"
+
+ make DESTDIR="${pkgdir}" install
+
+ # Install license
+ install -Dm644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
+}
Deleted: ipmitool-openssl-1.1.patch
===================================================================
--- ipmitool-openssl-1.1.patch 2022-09-04 08:34:29 UTC (rev 1292805)
+++ ipmitool-openssl-1.1.patch 2022-09-04 08:34:35 UTC (rev 1292806)
@@ -1,89 +0,0 @@
-diff -urNp old/src/plugins/lanplus/lanplus_crypt_impl.c
new/src/plugins/lanplus/lanplus_crypt_impl.c
---- old/src/plugins/lanplus/lanplus_crypt_impl.c 2016-05-28
10:20:20.000000000 +0200
-+++ new/src/plugins/lanplus/lanplus_crypt_impl.c 2017-02-21
10:50:21.634873466 +0100
-@@ -164,10 +164,10 @@ lanplus_encrypt_aes_cbc_128(const uint8_
- uint8_t * output,
- uint32_t *
bytes_written)
- {
-- EVP_CIPHER_CTX ctx;
-- EVP_CIPHER_CTX_init(&ctx);
-- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
-- EVP_CIPHER_CTX_set_padding(&ctx, 0);
-+ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
-+ EVP_CIPHER_CTX_init(ctx);
-+ EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
-+ EVP_CIPHER_CTX_set_padding(ctx, 0);
-
-
- *bytes_written = 0;
-@@ -191,7 +191,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_
- assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
-
-
-- if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input,
input_length))
-+ if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input,
input_length))
- {
- /* Error */
- *bytes_written = 0;
-@@ -201,7 +201,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_
- {
- uint32_t tmplen;
-
-- if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int
*)&tmplen))
-+ if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int
*)&tmplen))
- {
- *bytes_written = 0;
- return; /* Error */
-@@ -210,7 +210,8 @@ lanplus_encrypt_aes_cbc_128(const uint8_
- {
- /* Success */
- *bytes_written += tmplen;
-- EVP_CIPHER_CTX_cleanup(&ctx);
-+ EVP_CIPHER_CTX_cleanup(ctx);
-+ EVP_CIPHER_CTX_free(ctx);
- }
- }
- }
-@@ -239,10 +240,10 @@ lanplus_decrypt_aes_cbc_128(const uint8_
- uint8_t * output,
- uint32_t *
bytes_written)
- {
-- EVP_CIPHER_CTX ctx;
-- EVP_CIPHER_CTX_init(&ctx);
-- EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
-- EVP_CIPHER_CTX_set_padding(&ctx, 0);
-+ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
-+ EVP_CIPHER_CTX_init(ctx);
-+ EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
-+ EVP_CIPHER_CTX_set_padding(ctx, 0);
-
-
- if (verbose >= 5)
-@@ -266,7 +267,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_
- assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
-
-
-- if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input,
input_length))
-+ if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input,
input_length))
- {
- /* Error */
- lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
-@@ -277,7 +278,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_
- {
- uint32_t tmplen;
-
-- if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int
*)&tmplen))
-+ if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int
*)&tmplen))
- {
- char buffer[1000];
- ERR_error_string(ERR_get_error(), buffer);
-@@ -290,7 +291,8 @@ lanplus_decrypt_aes_cbc_128(const uint8_
- {
- /* Success */
- *bytes_written += tmplen;
-- EVP_CIPHER_CTX_cleanup(&ctx);
-+ EVP_CIPHER_CTX_cleanup(ctx);
-+ EVP_CIPHER_CTX_free(ctx);
- }
- }
-
Copied: ipmitool/repos/community-x86_64/ipmitool-openssl-1.1.patch (from rev
1292805, ipmitool/trunk/ipmitool-openssl-1.1.patch)
===================================================================
--- ipmitool-openssl-1.1.patch (rev 0)
+++ ipmitool-openssl-1.1.patch 2022-09-04 08:34:35 UTC (rev 1292806)
@@ -0,0 +1,89 @@
+diff -urNp old/src/plugins/lanplus/lanplus_crypt_impl.c
new/src/plugins/lanplus/lanplus_crypt_impl.c
+--- old/src/plugins/lanplus/lanplus_crypt_impl.c 2016-05-28
10:20:20.000000000 +0200
++++ new/src/plugins/lanplus/lanplus_crypt_impl.c 2017-02-21
10:50:21.634873466 +0100
+@@ -164,10 +164,10 @@ lanplus_encrypt_aes_cbc_128(const uint8_
+ uint8_t * output,
+ uint32_t *
bytes_written)
+ {
+- EVP_CIPHER_CTX ctx;
+- EVP_CIPHER_CTX_init(&ctx);
+- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
+- EVP_CIPHER_CTX_set_padding(&ctx, 0);
++ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
++ EVP_CIPHER_CTX_init(ctx);
++ EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
++ EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+
+ *bytes_written = 0;
+@@ -191,7 +191,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_
+ assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
+
+
+- if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input,
input_length))
++ if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input,
input_length))
+ {
+ /* Error */
+ *bytes_written = 0;
+@@ -201,7 +201,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_
+ {
+ uint32_t tmplen;
+
+- if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int
*)&tmplen))
++ if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int
*)&tmplen))
+ {
+ *bytes_written = 0;
+ return; /* Error */
+@@ -210,7 +210,8 @@ lanplus_encrypt_aes_cbc_128(const uint8_
+ {
+ /* Success */
+ *bytes_written += tmplen;
+- EVP_CIPHER_CTX_cleanup(&ctx);
++ EVP_CIPHER_CTX_cleanup(ctx);
++ EVP_CIPHER_CTX_free(ctx);
+ }
+ }
+ }
+@@ -239,10 +240,10 @@ lanplus_decrypt_aes_cbc_128(const uint8_
+ uint8_t * output,
+ uint32_t *
bytes_written)
+ {
+- EVP_CIPHER_CTX ctx;
+- EVP_CIPHER_CTX_init(&ctx);
+- EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
+- EVP_CIPHER_CTX_set_padding(&ctx, 0);
++ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
++ EVP_CIPHER_CTX_init(ctx);
++ EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
++ EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+
+ if (verbose >= 5)
+@@ -266,7 +267,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_
+ assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
+
+
+- if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input,
input_length))
++ if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input,
input_length))
+ {
+ /* Error */
+ lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
+@@ -277,7 +278,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_
+ {
+ uint32_t tmplen;
+
+- if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int
*)&tmplen))
++ if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int
*)&tmplen))
+ {
+ char buffer[1000];
+ ERR_error_string(ERR_get_error(), buffer);
+@@ -290,7 +291,8 @@ lanplus_decrypt_aes_cbc_128(const uint8_
+ {
+ /* Success */
+ *bytes_written += tmplen;
+- EVP_CIPHER_CTX_cleanup(&ctx);
++ EVP_CIPHER_CTX_cleanup(ctx);
++ EVP_CIPHER_CTX_free(ctx);
+ }
+ }
+
