Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package freeipmi for openSUSE:Factory
checked in at 2026-03-26 21:07:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/freeipmi (Old)
and /work/SRC/openSUSE:Factory/.freeipmi.new.8177 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "freeipmi"
Thu Mar 26 21:07:45 2026 rev:58 rq:1342496 version:1.6.17
Changes:
--------
--- /work/SRC/openSUSE:Factory/freeipmi/freeipmi.changes 2025-09-26
22:24:39.002333728 +0200
+++ /work/SRC/openSUSE:Factory/.freeipmi.new.8177/freeipmi.changes
2026-03-27 06:40:00.854495813 +0100
@@ -1,0 +2,16 @@
+Tue Mar 24 22:10:42 UTC 2026 - Thomas Renninger <[email protected]>
+
+- bsc#1260414 - CVE-2026-33554:
+ freeipmi: improper memory handling and data validation can lead
+ to stack buffer overflows and acceptance of malformed payloads/responses
+ -> This got fixed by version upgrade (fix several out of bounds
+ errors), see below
+- Update to version 1.6.17:
+ * ipmi-oem: fix several memory out of bounds errors
+ * libfreeipmi: Fix comment typo
+ * Implement tcp proxy in ipmiconsole.
+ * Refactor ipmiconsole: put most of the code from main() into functions.
+ * man/ipmiconsole.8.pre.in: fix typo
+ * libfreeipmi/locate/ipmi-locate-acpi-spmi.c: fix mem-leak
+
+-------------------------------------------------------------------
Old:
----
freeipmi-1.6.16.tar.gz
freeipmi-1.6.16.tar.gz.sig
New:
----
_scmsync.obsinfo
build.specials.obscpio
freeipmi-1.6.17.tar.gz
freeipmi-1.6.17.tar.gz.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ freeipmi.spec ++++++
--- /var/tmp/diff_new_pack.Vd01ex/_old 2026-03-27 06:40:01.458520458 +0100
+++ /var/tmp/diff_new_pack.Vd01ex/_new 2026-03-27 06:40:01.462520621 +0100
@@ -37,8 +37,8 @@
%{!?_initddir: %global _initddir %{_sysconfdir}/init.d}
Name: freeipmi
-Version: 1.6.16
-Release: %{release}
+Version: 1.6.17
+Release: 0%{release}
URL: http://www.gnu.org/software/freeipmi/
Source0: http://ftp.gnu.org/gnu/freeipmi/%{name}-%{srcversion}.tar.gz
Source1:
http://ftp.gnu.org/gnu/freeipmi/%{name}-%{srcversion}.tar.gz.sig
++++++ _scmsync.obsinfo ++++++
mtime: 1774434939
commit: 7e0a23f0ae6ca862263c33ec3cdf2a4008a9efc8151bf2e8851412e5c87149cd
url: https://src.opensuse.org/SystemsManagement/freeipmi
revision: main
++++++ _service ++++++
--- /var/tmp/diff_new_pack.Vd01ex/_old 2026-03-27 06:40:01.526523233 +0100
+++ /var/tmp/diff_new_pack.Vd01ex/_new 2026-03-27 06:40:01.530523396 +0100
@@ -2,3 +2,4 @@
<service name="download_files" mode="manual"/>
</services>
+
++++++ build.specials.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.gitignore new/.gitignore
--- old/.gitignore 1970-01-01 01:00:00.000000000 +0100
+++ new/.gitignore 2026-03-25 14:51:38.000000000 +0100
@@ -0,0 +1 @@
+.osc
++++++ freeipmi-1.6.16.tar.gz -> freeipmi-1.6.17.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/freeipmi-1.6.16/ChangeLog
new/freeipmi-1.6.17/ChangeLog
--- old/freeipmi-1.6.16/ChangeLog 2025-09-15 19:31:44.000000000 +0200
+++ new/freeipmi-1.6.17/ChangeLog 2026-03-11 19:07:37.000000000 +0100
@@ -1,3 +1,16 @@
+2026-02-10 Boris Lytochkin <[email protected]>
+
+ * ipmiconsole: Support --proxy.
+
+2026-02-05 Albert Chu <[email protected]>
+
+ * man/ipmiconsole.8.pre.in: Fix typo
+
+2026-01-27 Eric Fang <???>
+
+ * libfreeipmi/locate/ipmi-locate-acpi-spmi.c
+ (_ipmi_acpi_get_table_sysfs): Fix memleak.
+
2025-09-12 Albert Chu <[email protected]>
* libfreeipmi/util/ipmi-sensor-util.c (ipmi_sensor_decode_value)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/freeipmi-1.6.16/NEWS new/freeipmi-1.6.17/NEWS
--- old/freeipmi-1.6.16/NEWS 2025-09-15 19:31:44.000000000 +0200
+++ new/freeipmi-1.6.17/NEWS 2026-03-23 19:02:29.000000000 +0100
@@ -1,3 +1,12 @@
+FreeIPMI 1.6.17 - 03/23/26
+--------------------------
+o Fix exploitable buffer overflows in the following ipmi-oem commands:
+ - ipmi-oem dell get-last-post-code
+ - ipmi-oem supermicro extra-firmware-info
+ - ipmi-oem wistron read-proprietary-string
+o Support --proxy in ipmiconsole.
+o Fix mem-leak within libfreeipmi locate api.
+
FreeIPMI 1.6.16 - 09/15/25
--------------------------
o Fix potential sensor reading miscalculation on systems where a char
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/freeipmi-1.6.16/configure
new/freeipmi-1.6.17/configure
--- old/freeipmi-1.6.16/configure 2025-09-15 19:33:08.000000000 +0200
+++ new/freeipmi-1.6.17/configure 2026-03-23 19:21:42.000000000 +0100
@@ -1,7 +1,7 @@
#! /bin/sh
# From configure.ac Id: configure.ac,v 1.208 2010-08-06 21:02:29 chu11 Exp .
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for freeipmi 1.6.16.
+# Generated by GNU Autoconf 2.69 for freeipmi 1.6.17.
#
# Report bugs to <[email protected]>.
#
@@ -591,8 +591,8 @@
# Identity of this package.
PACKAGE_NAME='freeipmi'
PACKAGE_TARNAME='freeipmi'
-PACKAGE_VERSION='1.6.16'
-PACKAGE_STRING='freeipmi 1.6.16'
+PACKAGE_VERSION='1.6.17'
+PACKAGE_STRING='freeipmi 1.6.17'
PACKAGE_BUGREPORT='[email protected]'
PACKAGE_URL=''
@@ -1410,7 +1410,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures freeipmi 1.6.16 to adapt to many kinds of systems.
+\`configure' configures freeipmi 1.6.17 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1480,7 +1480,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of freeipmi 1.6.16:";;
+ short | recursive ) echo "Configuration of freeipmi 1.6.17:";;
esac
cat <<\_ACEOF
@@ -1622,7 +1622,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-freeipmi configure 1.6.16
+freeipmi configure 1.6.17
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2091,7 +2091,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by freeipmi $as_me 1.6.16, which was
+It was created by freeipmi $as_me 1.6.17, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2447,7 +2447,7 @@
FREEIPMI_PACKAGE_VERSION_MAJOR=1
FREEIPMI_PACKAGE_VERSION_MINOR=6
-FREEIPMI_PACKAGE_VERSION_PATCH=16
+FREEIPMI_PACKAGE_VERSION_PATCH=17
@@ -2973,7 +2973,7 @@
# Define the identity of the package.
PACKAGE='freeipmi'
- VERSION='1.6.16'
+ VERSION='1.6.17'
cat >>confdefs.h <<_ACEOF
@@ -3335,7 +3335,7 @@
# release, then set age to 0.
#
LIBFREEIPMI_CURRENT=19
-LIBFREEIPMI_REVISION=14
+LIBFREEIPMI_REVISION=15
LIBFREEIPMI_AGE=2
LIBFREEIPMI_VERSION=$LIBFREEIPMI_CURRENT.$LIBFREEIPMI_REVISION.$LIBFREEIPMI_AGE
@@ -3357,7 +3357,7 @@
LIBFREEIPMI_VERSION_MAJOR=6
LIBFREEIPMI_VERSION_MINOR=2
-LIBFREEIPMI_VERSION_PATCH=13
+LIBFREEIPMI_VERSION_PATCH=14
@@ -16628,7 +16628,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by freeipmi $as_me 1.6.16, which was
+This file was extended by freeipmi $as_me 1.6.17, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -16694,7 +16694,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-freeipmi config.status 1.6.16
+freeipmi config.status 1.6.17
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/freeipmi-1.6.16/configure.ac
new/freeipmi-1.6.17/configure.ac
--- old/freeipmi-1.6.16/configure.ac 2025-09-15 19:31:45.000000000 +0200
+++ new/freeipmi-1.6.17/configure.ac 2026-03-23 19:04:36.000000000 +0100
@@ -1,11 +1,11 @@
dnl Process this file with autoconf to produce a configure script.
-AC_INIT([freeipmi],[1.6.16],[[email protected]])
+AC_INIT([freeipmi],[1.6.17],[[email protected]])
AC_REVISION([$Id: configure.ac,v 1.208 2010-08-06 21:02:29 chu11 Exp $])
AC_CONFIG_MACRO_DIR([config])
FREEIPMI_PACKAGE_VERSION_MAJOR=1
FREEIPMI_PACKAGE_VERSION_MINOR=6
-FREEIPMI_PACKAGE_VERSION_PATCH=16
+FREEIPMI_PACKAGE_VERSION_PATCH=17
AC_SUBST(FREEIPMI_PACKAGE_VERSION_MAJOR)
AC_SUBST(FREEIPMI_PACKAGE_VERSION_MINOR)
@@ -135,7 +135,7 @@
# release, then set age to 0.
#
LIBFREEIPMI_CURRENT=19
-LIBFREEIPMI_REVISION=14
+LIBFREEIPMI_REVISION=15
LIBFREEIPMI_AGE=2
LIBFREEIPMI_VERSION=$LIBFREEIPMI_CURRENT.$LIBFREEIPMI_REVISION.$LIBFREEIPMI_AGE
@@ -157,7 +157,7 @@
LIBFREEIPMI_VERSION_MAJOR=6
LIBFREEIPMI_VERSION_MINOR=2
-LIBFREEIPMI_VERSION_PATCH=13
+LIBFREEIPMI_VERSION_PATCH=14
AC_SUBST(LIBFREEIPMI_VERSION_MAJOR)
AC_SUBST(LIBFREEIPMI_VERSION_MINOR)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/freeipmi-1.6.16/doc/freeipmi-faq.info
new/freeipmi-1.6.17/doc/freeipmi-faq.info
--- old/freeipmi-1.6.16/doc/freeipmi-faq.info 2025-09-15 19:40:36.000000000
+0200
+++ new/freeipmi-1.6.17/doc/freeipmi-faq.info 2026-03-23 19:24:17.000000000
+0100
@@ -1,7 +1,7 @@
This is freeipmi-faq.info, produced by makeinfo version 6.5 from
freeipmi-faq.texi.
-This manual is for FreeIPMI (version 1.6.16, 27 January 2024).
+This manual is for FreeIPMI (version 1.6.17, 27 January 2024).
Copyright (C) 2006-2012 FreeIPMI Core Team
Permission is granted to copy, distribute and/or modify this
@@ -21,8 +21,8 @@
Frequently Asked Questions on *FreeIPMI*
- This edition of the documentation was last updated on September 15,
-2025 for release 1.6.16 of the FreeIPMI.
+ This edition of the documentation was last updated on March 23, 2026
+for release 1.6.17 of the FreeIPMI.
* Menu:
@@ -1028,33 +1028,33 @@
�
Tag Table:
Node: Top690
-Node: What is IPMI?2303
-Node: What is FreeIPMI?3445
-Node: How did FreeIPMI start?3978
-Node: What operating systems does FreeIPMI run on?5343
-Node: FreeIPMI vs OpenIPMI vs Ipmitool vs Ipmiutil6095
-Node: What is special about FreeIPMI?6900
-Node: Does my system support IPMI?13957
-Node: How do I compile FreeIPMI?15950
-Node: libgcrypt requirement16311
-Node: x86-64 Compilation16950
-Node: Installing FreeIPMI on FreeBSD17634
-Node: What are some IPMI terminology or acronyms I should be aware of?18274
-Node: What setup is needed for FreeIPMI to communicate over LAN?21300
-Node: What setup is needed for Serial over LAN (SOL) or Ipmiconsole?21892
-Node: Do I need to install or configure a driver to perform IPMI inband?23796
-Node: SSIF Driver Configuration25509
-Node: How do you setup Powerman with ipmipower?27105
-Node: How do you setup Conman with ipmiconsole or libipmiconsole?30395
-Node: How do you setup Conserver with libipmiconsole?32374
-Node: How do you setup Ganglia or Nagios to monitor IPMI sensors via
FreeIPMI?33360
-Node: Why are times reported by FreeIPMI tools wrong?34001
-Node: Why is the IPMI kernel driver faster than the KCS driver?34987
-Node: Why is the output from FreeIPMI different than another software?35987
-Node: Why are there so many IPMI compliance bugs?41382
-Node: How do I get around an IPMI compliance bug on my motherboard?42480
-Node: Why am I seeing so many 'internal IPMI error' or 'driver busy'
messages?43293
-Node: How do I program with the FreeIPMI libraries?46419
-Node: Where can I get additional help or support?47762
+Node: What is IPMI?2299
+Node: What is FreeIPMI?3441
+Node: How did FreeIPMI start?3974
+Node: What operating systems does FreeIPMI run on?5339
+Node: FreeIPMI vs OpenIPMI vs Ipmitool vs Ipmiutil6091
+Node: What is special about FreeIPMI?6896
+Node: Does my system support IPMI?13953
+Node: How do I compile FreeIPMI?15946
+Node: libgcrypt requirement16307
+Node: x86-64 Compilation16946
+Node: Installing FreeIPMI on FreeBSD17630
+Node: What are some IPMI terminology or acronyms I should be aware of?18270
+Node: What setup is needed for FreeIPMI to communicate over LAN?21296
+Node: What setup is needed for Serial over LAN (SOL) or Ipmiconsole?21888
+Node: Do I need to install or configure a driver to perform IPMI inband?23792
+Node: SSIF Driver Configuration25505
+Node: How do you setup Powerman with ipmipower?27101
+Node: How do you setup Conman with ipmiconsole or libipmiconsole?30391
+Node: How do you setup Conserver with libipmiconsole?32370
+Node: How do you setup Ganglia or Nagios to monitor IPMI sensors via
FreeIPMI?33356
+Node: Why are times reported by FreeIPMI tools wrong?33997
+Node: Why is the IPMI kernel driver faster than the KCS driver?34983
+Node: Why is the output from FreeIPMI different than another software?35983
+Node: Why are there so many IPMI compliance bugs?41378
+Node: How do I get around an IPMI compliance bug on my motherboard?42476
+Node: Why am I seeing so many 'internal IPMI error' or 'driver busy'
messages?43289
+Node: How do I program with the FreeIPMI libraries?46415
+Node: Where can I get additional help or support?47758
�
End Tag Table
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/freeipmi-1.6.16/doc/stamp-vti
new/freeipmi-1.6.17/doc/stamp-vti
--- old/freeipmi-1.6.16/doc/stamp-vti 2025-09-15 19:34:25.000000000 +0200
+++ new/freeipmi-1.6.17/doc/stamp-vti 2026-03-23 19:22:45.000000000 +0100
@@ -1,4 +1,4 @@
@set UPDATED 27 January 2024
@set UPDATED-MONTH January 2024
-@set EDITION 1.6.16
-@set VERSION 1.6.16
+@set EDITION 1.6.17
+@set VERSION 1.6.17
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/freeipmi-1.6.16/doc/version-faq.texi
new/freeipmi-1.6.17/doc/version-faq.texi
--- old/freeipmi-1.6.16/doc/version-faq.texi 2025-09-15 19:34:25.000000000
+0200
+++ new/freeipmi-1.6.17/doc/version-faq.texi 2026-03-23 19:22:45.000000000
+0100
@@ -1,4 +1,4 @@
@set UPDATED 27 January 2024
@set UPDATED-MONTH January 2024
-@set EDITION 1.6.16
-@set VERSION 1.6.16
+@set EDITION 1.6.17
+@set VERSION 1.6.17
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/freeipmi-1.6.16/freeipmi.spec
new/freeipmi-1.6.17/freeipmi.spec
--- old/freeipmi-1.6.16/freeipmi.spec 2025-09-15 19:33:16.000000000 +0200
+++ new/freeipmi-1.6.17/freeipmi.spec 2026-03-23 19:21:51.000000000 +0100
@@ -3,7 +3,7 @@
#
%define name freeipmi
-%define version 1.6.16
+%define version 1.6.17
%if %{?_with_debug:1}%{!?_with_debug:0}
%define release 1.debug%{?dist}
%else
@@ -573,7 +573,7 @@
- Obsolete old subpackage freeipmi-ipmimonitoring.
* Tue Dec 18 2007 Albert Chu <[email protected]> 0.6.0
-- Use %{version} instead of 1.6.16 for substitution in paths.
+- Use %{version} instead of 1.6.17 for substitution in paths.
* Fri Dec 14 2007 Albert Chu <[email protected]> 0.6.0
- Update packaging for libfreeipmi reorganization
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/freeipmi-1.6.16/ipmi-oem/ipmi-oem-dell.c
new/freeipmi-1.6.17/ipmi-oem/ipmi-oem-dell.c
--- old/freeipmi-1.6.16/ipmi-oem/ipmi-oem-dell.c 2025-09-15
19:31:45.000000000 +0200
+++ new/freeipmi-1.6.17/ipmi-oem/ipmi-oem-dell.c 2026-03-11
19:07:42.000000000 +0100
@@ -7161,7 +7161,7 @@
uint8_t bytes_rq[IPMI_OEM_MAX_BYTES];
uint8_t bytes_rs[IPMI_OEM_MAX_BYTES];
uint8_t post_code;
- uint8_t string_length;
+ size_t string_length;
char post_code_string[IPMI_OEM_STR_BUFLEN + 1];
int rs_len;
int rv = -1;
@@ -7216,10 +7216,16 @@
goto cleanup;
post_code = bytes_rs[2];
- string_length = bytes_rs[3];
+ string_length = (size_t)bytes_rs[3];
if (string_length)
- memcpy (post_code_string, &bytes_rs[4], string_length);
+ {
+ if (string_length > (size_t)(rs_len - 4))
+ string_length = rs_len - 4;
+ if (string_length > IPMI_OEM_STR_BUFLEN)
+ string_length = IPMI_OEM_STR_BUFLEN;
+ memcpy (post_code_string, &bytes_rs[4], string_length);
+ }
pstdout_printf (state_data->pstate,
"Post Code %02Xh : %s\n",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/freeipmi-1.6.16/ipmi-oem/ipmi-oem-supermicro.c
new/freeipmi-1.6.17/ipmi-oem/ipmi-oem-supermicro.c
--- old/freeipmi-1.6.16/ipmi-oem/ipmi-oem-supermicro.c 2025-09-15
19:31:45.000000000 +0200
+++ new/freeipmi-1.6.17/ipmi-oem/ipmi-oem-supermicro.c 2026-03-11
19:07:42.000000000 +0100
@@ -129,7 +129,12 @@
firmware_hardware_id = bytes_rs[18];
if (rs_len > 19)
- memcpy (firmware_tag, &bytes_rs[19], rs_len - 19);
+ {
+ size_t tag_len = (size_t)(rs_len - 19);
+ if (tag_len > IPMI_OEM_SUPERMICRO_STRING_MAX)
+ tag_len = IPMI_OEM_SUPERMICRO_STRING_MAX;
+ memcpy (firmware_tag, &bytes_rs[19], tag_len);
+ }
/* assume minor version is BCD, just like in Get Device ID command */
/* assume sub version is also BCD */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/freeipmi-1.6.16/ipmi-oem/ipmi-oem-wistron.c
new/freeipmi-1.6.17/ipmi-oem/ipmi-oem-wistron.c
--- old/freeipmi-1.6.16/ipmi-oem/ipmi-oem-wistron.c 2023-06-06
00:58:26.000000000 +0200
+++ new/freeipmi-1.6.17/ipmi-oem/ipmi-oem-wistron.c 2026-03-11
19:07:42.000000000 +0100
@@ -3047,6 +3047,7 @@
char string[IPMI_OEM_WISTRON_PROPRIETARY_STRING_MAX + 1];
int rs_len;
int rv = -1;
+ size_t len;
assert (state_data);
assert (!state_data->prog_data->args->oem_options_count);
@@ -3107,8 +3108,12 @@
goto cleanup;
}
+ len = (size_t)bytes_rs[3];
+ if (len > (size_t)(rs_len - 4))
+ len = rs_len - 4;
+
memset (string, '\0', IPMI_OEM_WISTRON_PROPRIETARY_STRING_MAX + 1);
- memcpy (string, &bytes_rs[4], bytes_rs[3]);
+ memcpy (string, &bytes_rs[4], len);
pstdout_printf (state_data->pstate,
"%s\n",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/freeipmi-1.6.16/ipmiconsole/ipmiconsole-argp.c
new/freeipmi-1.6.17/ipmiconsole/ipmiconsole-argp.c
--- old/freeipmi-1.6.16/ipmiconsole/ipmiconsole-argp.c 2025-09-15
19:31:45.000000000 +0200
+++ new/freeipmi-1.6.17/ipmiconsole/ipmiconsole-argp.c 2026-03-11
19:07:37.000000000 +0100
@@ -45,6 +45,12 @@
#include <assert.h>
#include <errno.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+
#include <ipmiconsole.h> /* lib ipmiconsole.h */
#include "ipmiconsole_.h" /* tool ipmiconsole.h */
@@ -101,6 +107,12 @@
{ "noraw", NORAW_KEY, 0, 0,
"Don't enter terminal raw mode.", 49},
#endif
+ { "proxy", TCPPROXY_KEY, 0, 0,
+ "Run in TCP-to-SOL proxy rather than terminal mode.", 50},
+ { "proxyport", TCPPROXY_PORT_KEY, "NUM", 0,
+ "TCP port to be used as SOL tcp proxy.", 51},
+ { "proxyaddr", TCPPROXY_ADDR_KEY, "ADDRESS", 0,
+ "TCP address to bind to for SOL tcp proxy.", 52},
{ NULL, 0, NULL, 0, NULL, 0}
};
@@ -116,6 +128,47 @@
cmdline_args_doc,
cmdline_doc };
+static int
+parse_address (struct addrinfo *addr, const char *hostname)
+{
+ struct addrinfo ai_hints, *ai_res = NULL, *ai = NULL;
+ struct sockaddr *sa;
+ int ret;
+
+ memset (&ai_hints, 0, sizeof (struct addrinfo));
+ ai_hints.ai_family = AF_UNSPEC;
+ ai_hints.ai_socktype = SOCK_STREAM;
+ ai_hints.ai_flags = AI_ADDRCONFIG;
+
+ if ((ret = getaddrinfo (hostname, NULL, &ai_hints, &ai_res)))
+ {
+ fprintf (stderr, "getaddrinfo: %s", gai_strerror (ret));
+ return (-1);
+ }
+
+ /* Try all of the different answers we got, until we succeed. */
+ sa = addr->ai_addr;
+ for (ai = ai_res; ai != NULL; ai = ai->ai_next)
+ {
+ if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
+ continue;
+
+ memcpy (sa, ai->ai_addr, ai->ai_family == AF_INET ?
+ sizeof (struct sockaddr_in) :
+ sizeof (struct sockaddr_in6));
+ *addr = *ai;
+ /* restore real address storage */
+ addr->ai_addr = sa;
+ addr->ai_next = NULL;
+ freeaddrinfo (ai_res);
+ return (0);
+ }
+
+ freeaddrinfo (ai_res);
+ fprintf (stderr, "getaddrinfo: no entry found");
+ return (-1);
+}
+
static error_t
cmdline_parse (int key, char *arg, struct argp_state *state)
{
@@ -170,6 +223,35 @@
cmd_args->noraw++;
break;
#endif /* NDEBUG */
+ case TCPPROXY_KEY:
+ cmd_args->run_solproxy++;
+ if (cmd_args->bind_addr.ai_family == AF_UNSPEC &&
+ parse_address (&cmd_args->bind_addr, "127.0.0.1") != 0)
+ {
+ fprintf (stderr, "parse_address (127.0.0.1) failed \n");
+ exit (EXIT_FAILURE);
+ }
+ break;
+ case TCPPROXY_PORT_KEY:
+ errno = 0;
+ tmp = strtol (arg, &endptr, 0);
+ if (errno
+ || endptr[0] != '\0'
+ || tmp <= 0
+ || tmp > 65535)
+ {
+ fprintf (stderr, "invalid proxy port \n");
+ exit (EXIT_FAILURE);
+ }
+ cmd_args->listen_port = tmp;
+ break;
+ case TCPPROXY_ADDR_KEY:
+ if (parse_address (&cmd_args->bind_addr, arg) != 0)
+ {
+ fprintf (stderr, "invalid proxy listening address \n");
+ exit (EXIT_FAILURE);
+ }
+ break;
case ARGP_KEY_ARG:
/* Too many arguments. */
argp_usage (state);
@@ -264,6 +346,10 @@
cmd_args->sol_payload_instance = 0;
cmd_args->deactivate_all_instances = 0;
cmd_args->lock_memory = 0;
+ cmd_args->run_solproxy = 0;
+ cmd_args->bind_addr.ai_family = AF_UNSPEC;
+ cmd_args->bind_addr.ai_addr = (struct sockaddr *)&cmd_args->__ai_addr;
+ cmd_args->listen_port = 6023;
#ifndef NDEBUG
cmd_args->debugfile = 0;
cmd_args->noraw = 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/freeipmi-1.6.16/ipmiconsole/ipmiconsole.c
new/freeipmi-1.6.17/ipmiconsole/ipmiconsole.c
--- old/freeipmi-1.6.16/ipmiconsole/ipmiconsole.c 2025-09-15
19:31:45.000000000 +0200
+++ new/freeipmi-1.6.17/ipmiconsole/ipmiconsole.c 2026-03-11
19:07:37.000000000 +0100
@@ -55,12 +55,18 @@
#include <assert.h>
#include <errno.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
#include <ipmiconsole.h> /* lib ipmiconsole.h */
#include "ipmiconsole_.h" /* tool ipmiconsole.h */
#include "ipmiconsole-argp.h"
#include "freeipmi-portability.h"
+volatile unsigned int sigterm = 0x0;
static struct termios saved_tty;
static int raw_mode_set = 0;
@@ -161,7 +167,7 @@
}
}
- /* b/c we're exitting */
+ /* b/c we're exiting */
return (-1);
}
else if (buf[i] == 'B')
@@ -246,6 +252,273 @@
return (0);
}
+static void
+sol_ioloop (ipmiconsole_ctx_t c,
+ char escape_char,
+ int solfd,
+ int localfd)
+{
+ char buf[IPMICONSOLE_BUFLEN];
+ struct timeval tv;
+ ssize_t n;
+ fd_set rds;
+
+ while (sigterm == 0)
+ {
+ FD_ZERO (&rds);
+ FD_SET (solfd, &rds);
+ FD_SET (localfd, &rds);
+
+ tv.tv_sec = 0;
+ tv.tv_usec = 250000;
+
+ if (select (solfd + 1, &rds, NULL, NULL, &tv) < 0)
+ {
+ perror ("select");
+ return;
+ }
+
+ if (FD_ISSET (localfd, &rds))
+ {
+ if ((n = read (localfd, buf, IPMICONSOLE_BUFLEN)) < 0)
+ {
+ perror ("read");
+ return;
+ }
+
+ if (!n)
+ return;
+
+ if (localfd == STDIN_FILENO)
+ {
+ if (_stdin (c,
+ escape_char,
+ solfd,
+ buf,
+ n) < 0)
+ return;
+ }
+ else
+ {
+ /* copy data (fd -> cd) */
+ if (write (solfd, buf, n) != n)
+ {
+ perror ("Writing data to SOL socket failed\n");
+ return;
+ }
+ }
+ }
+
+ if (FD_ISSET (solfd, &rds))
+ {
+ if ((n = read (solfd, buf, IPMICONSOLE_BUFLEN)) < 0)
+ {
+ perror ("read");
+ return;
+ }
+
+ if (n)
+ {
+ if (write (localfd, buf, n) != n)
+ {
+ perror ("write");
+ return;
+ }
+ }
+ else
+ {
+ /* b/c we're exiting */
+ /* achu: it is possible that errnum can equal success.
+ * Most likely scenario is user sets a flag in the
+ * libipmiconsole.conf file that alters the behavior of
+ * what this tool expects to happen. For example, if
+ * user specifies deactivate on the command line, we
+ * know to quit early. However, if the user does so in
+ * libipmiconsole.conf, we as a tool won't know to
+ * expect it.
+ */
+ if (ipmiconsole_ctx_errnum (c) == IPMICONSOLE_ERR_SOL_STOLEN)
+ printf ("\r\n[%s]\r\n",
+ ipmiconsole_ctx_errormsg (c));
+ else if (ipmiconsole_ctx_errnum (c) != IPMICONSOLE_ERR_SUCCESS)
+ printf ("\r\n[error received]: %s\r\n",
+ ipmiconsole_ctx_errormsg (c));
+ return;
+ }
+
+ }
+
+ /* Clear out data, may still use buffer */
+ memset (buf, '\0', IPMICONSOLE_BUFLEN);
+ }
+}
+
+static int
+sol_connect (ipmiconsole_ctx_t c,
+ struct ipmiconsole_arguments *cmd_args,
+ struct ipmiconsole_ipmi_config *ipmi_config,
+ struct ipmiconsole_protocol_config *protocol_config,
+ struct ipmiconsole_engine_config *engine_config,
+ int localfd)
+{
+ int solfd = -1;
+
+ if (!(c = ipmiconsole_ctx_create (cmd_args->common_args.hostname,
+ ipmi_config,
+ protocol_config,
+ engine_config)))
+ {
+ perror ("ipmiconsole_ctx_create");
+ return (-1);
+ }
+
+ if (cmd_args->sol_payload_instance)
+ {
+ if (ipmiconsole_ctx_set_config (c,
+
IPMICONSOLE_CTX_CONFIG_OPTION_SOL_PAYLOAD_INSTANCE,
+ &(cmd_args->sol_payload_instance)) < 0)
+ {
+ fprintf (stderr, "ipmiconsole_submit_block: %s\r\n",
ipmiconsole_ctx_errormsg (c));
+ return (-1);
+ }
+ }
+
+ if (ipmiconsole_engine_submit_block (c) < 0)
+ {
+ if (ipmiconsole_ctx_errnum (c) == IPMICONSOLE_ERR_IPMI_2_0_UNAVAILABLE
+ || ipmiconsole_ctx_errnum (c) ==
IPMICONSOLE_ERR_CIPHER_SUITE_ID_UNAVAILABLE
+ || ipmiconsole_ctx_errnum (c) == IPMICONSOLE_ERR_HOSTNAME_INVALID
+ || ipmiconsole_ctx_errnum (c) == IPMICONSOLE_ERR_USERNAME_INVALID
+ || ipmiconsole_ctx_errnum (c) == IPMICONSOLE_ERR_PASSWORD_INVALID
+ || ipmiconsole_ctx_errnum (c) == IPMICONSOLE_ERR_K_G_INVALID
+ || ipmiconsole_ctx_errnum (c) ==
IPMICONSOLE_ERR_PRIVILEGE_LEVEL_INSUFFICIENT
+ || ipmiconsole_ctx_errnum (c) ==
IPMICONSOLE_ERR_PRIVILEGE_LEVEL_CANNOT_BE_OBTAINED
+ || ipmiconsole_ctx_errnum (c) == IPMICONSOLE_ERR_SOL_UNAVAILABLE
+ || ipmiconsole_ctx_errnum (c) == IPMICONSOLE_ERR_SOL_INUSE
+ || ipmiconsole_ctx_errnum (c) ==
IPMICONSOLE_ERR_SOL_REQUIRES_ENCRYPTION
+ || ipmiconsole_ctx_errnum (c) ==
IPMICONSOLE_ERR_SOL_REQUIRES_NO_ENCRYPTION
+ || ipmiconsole_ctx_errnum (c) == IPMICONSOLE_ERR_BMC_BUSY
+ || ipmiconsole_ctx_errnum (c) == IPMICONSOLE_ERR_BMC_ERROR
+ || ipmiconsole_ctx_errnum (c) == IPMICONSOLE_ERR_BMC_IMPLEMENTATION
+ || ipmiconsole_ctx_errnum (c) == IPMICONSOLE_ERR_CONNECTION_TIMEOUT
+ || ipmiconsole_ctx_errnum (c) == IPMICONSOLE_ERR_SESSION_TIMEOUT
+ || ipmiconsole_ctx_errnum (c) ==
IPMICONSOLE_ERR_EXCESS_RETRANSMISSIONS_SENT
+ || ipmiconsole_ctx_errnum (c) ==
IPMICONSOLE_ERR_EXCESS_ERRORS_RECEIVED)
+ printf ("[error received]: %s\n", ipmiconsole_ctx_errormsg (c));
+ else
+ fprintf (stderr, "ipmiconsole_submit_block: %s\r\n",
ipmiconsole_ctx_errormsg (c));
+ return (-1);
+ }
+
+ if (cmd_args->deactivate)
+ return (0);
+
+ if ((solfd = ipmiconsole_ctx_fd (c)) < 0)
+ {
+ fprintf (stderr, "ipmiconsole_ctx_fd: %s\r\n", ipmiconsole_ctx_errormsg
(c));
+ return (-1);
+ }
+
+
+ printf ("[SOL established]\r\n");
+
+ sol_ioloop (c,
+ cmd_args->escape_char,
+ solfd,
+ localfd);
+
+ printf ("\r\n[closing the connection]\r\n");
+ /* ignore potential error, cleanup path */
+ close (solfd);
+ return (0);
+}
+
+static void sigterm_handler (int signal, siginfo_t *_unused, void *_unused2)
+{
+ sigterm = 1;
+}
+
+
+void set_sigterm_handler (int type)
+{
+ struct sigaction sig_action;
+
+ sigemptyset (&sig_action.sa_mask);
+ sig_action.sa_sigaction = &sigterm_handler;
+ sig_action.sa_flags = type;
+ sigaction (SIGTERM, &sig_action, NULL);
+ sigaction (SIGINT, &sig_action, NULL);
+}
+
+static void
+sol_proxy (ipmiconsole_ctx_t c,
+ struct ipmiconsole_arguments *cmd_args,
+ struct ipmiconsole_ipmi_config *ipmi_config,
+ struct ipmiconsole_protocol_config *protocol_config,
+ struct ipmiconsole_engine_config *engine_config,
+ int listen_s)
+{
+ char addrbuf[INET6_ADDRSTRLEN];
+ struct sockaddr remote_addr;
+ int connection_s = -1;
+ int ret;
+ socklen_t remote_addr_len;
+
+ while (sigterm == 0)
+ {
+ if (listen (listen_s, 1) < 0) /* accept 1 connection */
+ {
+ fprintf (stderr, "listen () failure: %s\n", strerror (errno));
+ return;
+ }
+ if (inet_ntop (cmd_args->bind_addr.ai_family,
+ (cmd_args->bind_addr.ai_family == AF_INET ?
+ (void *)&((struct sockaddr_in
*)cmd_args->bind_addr.ai_addr)->sin_addr :
+ (void *)&((struct sockaddr_in6
*)cmd_args->bind_addr.ai_addr)->sin6_addr
+ ),
+ addrbuf,
+ sizeof (addrbuf)) == NULL)
+ {
+ fprintf (stderr, "inet_ntop () failure: %s\n", strerror (errno));
+ return;
+ }
+ printf ("\r\nListening on %s:%d\n", addrbuf, cmd_args->listen_port);
+ set_sigterm_handler (SA_SIGINFO);
+ remote_addr_len = sizeof (remote_addr);
+ connection_s = accept (listen_s, &remote_addr, &remote_addr_len);
+ if (connection_s < 0)
+ {
+ if (errno != EINTR)
+ fprintf (stderr, "Could not accept incoming connection: %s\n",
strerror (errno));
+ return;
+ }
+ set_sigterm_handler (SA_SIGINFO | SA_RESTART);
+ if (inet_ntop (remote_addr.sa_family,
+ (remote_addr.sa_family == AF_INET ?
+ (void *)&((struct sockaddr_in *)&remote_addr)->sin_addr :
+ (void *)&((struct sockaddr_in6 *)&remote_addr)->sin6_addr
+ ),
+ addrbuf,
+ sizeof (addrbuf)) == NULL)
+ {
+ fprintf (stderr, "inet_ntop () failure: %s\n", strerror (errno));
+ strcpy (addrbuf, "[UNSPEC]");
+ }
+ printf ("Connection from %s\n", addrbuf);
+ ret = sol_connect (c,
+ cmd_args,
+ ipmi_config,
+ protocol_config,
+ engine_config,
+ connection_s);
+ if (ret < 0)
+ fprintf (stderr, "Session terminated with error: %d\n", ret);
+
+ printf ("Connection closed\n");
+ close (connection_s);
+ }
+}
+
int
main (int argc, char **argv)
{
@@ -255,7 +528,8 @@
struct ipmiconsole_engine_config engine_config;
ipmiconsole_ctx_t c = NULL;
int debug_flags = 0;
- int fd = -1;
+ int proxyfd = -1;
+ int yes = 1;
ipmiconsole_argp_parse (argc, argv, &cmd_args);
@@ -361,60 +635,49 @@
engine_config.behavior_flags |=
IPMICONSOLE_BEHAVIOR_DEACTIVATE_ALL_INSTANCES;
engine_config.debug_flags = debug_flags;
- if (!(c = ipmiconsole_ctx_create (cmd_args.common_args.hostname,
- &ipmi_config,
- &protocol_config,
- &engine_config)))
- {
- perror ("ipmiconsole_ctx_create");
- goto cleanup;
- }
- if (cmd_args.sol_payload_instance)
+ if (cmd_args.run_solproxy)
{
- if (ipmiconsole_ctx_set_config (c,
-
IPMICONSOLE_CTX_CONFIG_OPTION_SOL_PAYLOAD_INSTANCE,
- &(cmd_args.sol_payload_instance)) < 0)
+ proxyfd = socket (cmd_args.bind_addr.ai_family,
+ cmd_args.bind_addr.ai_socktype,
+ cmd_args.bind_addr.ai_protocol);
+ if (proxyfd < 0)
{
- fprintf (stderr, "ipmiconsole_submit_block: %s\r\n",
ipmiconsole_ctx_errormsg (c));
- goto cleanup;
+ fprintf (stderr, "proxy socket () returned error: %s\r\n", strerror
(errno));
+ exit (EXIT_FAILURE);
}
- }
-
- if (ipmiconsole_engine_submit_block (c) < 0)
- {
- if (ipmiconsole_ctx_errnum (c) == IPMICONSOLE_ERR_IPMI_2_0_UNAVAILABLE
- || ipmiconsole_ctx_errnum (c) ==
IPMICONSOLE_ERR_CIPHER_SUITE_ID_UNAVAILABLE
- || ipmiconsole_ctx_errnum (c) == IPMICONSOLE_ERR_HOSTNAME_INVALID
- || ipmiconsole_ctx_errnum (c) == IPMICONSOLE_ERR_USERNAME_INVALID
- || ipmiconsole_ctx_errnum (c) == IPMICONSOLE_ERR_PASSWORD_INVALID
- || ipmiconsole_ctx_errnum (c) == IPMICONSOLE_ERR_K_G_INVALID
- || ipmiconsole_ctx_errnum (c) ==
IPMICONSOLE_ERR_PRIVILEGE_LEVEL_INSUFFICIENT
- || ipmiconsole_ctx_errnum (c) ==
IPMICONSOLE_ERR_PRIVILEGE_LEVEL_CANNOT_BE_OBTAINED
- || ipmiconsole_ctx_errnum (c) == IPMICONSOLE_ERR_SOL_UNAVAILABLE
- || ipmiconsole_ctx_errnum (c) == IPMICONSOLE_ERR_SOL_INUSE
- || ipmiconsole_ctx_errnum (c) ==
IPMICONSOLE_ERR_SOL_REQUIRES_ENCRYPTION
- || ipmiconsole_ctx_errnum (c) ==
IPMICONSOLE_ERR_SOL_REQUIRES_NO_ENCRYPTION
- || ipmiconsole_ctx_errnum (c) == IPMICONSOLE_ERR_BMC_BUSY
- || ipmiconsole_ctx_errnum (c) == IPMICONSOLE_ERR_BMC_ERROR
- || ipmiconsole_ctx_errnum (c) == IPMICONSOLE_ERR_BMC_IMPLEMENTATION
- || ipmiconsole_ctx_errnum (c) == IPMICONSOLE_ERR_CONNECTION_TIMEOUT
- || ipmiconsole_ctx_errnum (c) == IPMICONSOLE_ERR_SESSION_TIMEOUT
- || ipmiconsole_ctx_errnum (c) ==
IPMICONSOLE_ERR_EXCESS_RETRANSMISSIONS_SENT
- || ipmiconsole_ctx_errnum (c) ==
IPMICONSOLE_ERR_EXCESS_ERRORS_RECEIVED)
- printf ("[error received]: %s\n", ipmiconsole_ctx_errormsg (c));
+ if (cmd_args.bind_addr.ai_family == AF_INET)
+ ((struct sockaddr_in *)cmd_args.bind_addr.ai_addr)->sin_port = htons
(cmd_args.listen_port);
else
- fprintf (stderr, "ipmiconsole_submit_block: %s\r\n",
ipmiconsole_ctx_errormsg (c));
- goto cleanup;
- }
+ ((struct sockaddr_in6 *)cmd_args.bind_addr.ai_addr)->sin6_port = htons
(cmd_args.listen_port);
- if (cmd_args.deactivate)
- goto cleanup;
+ if (setsockopt (proxyfd,
+ SOL_SOCKET,
+ SO_REUSEADDR,
+ &yes,
+ sizeof (int)) == -1)
+ {
+ fprintf (stderr, "setsockopt () return error: %s\r\n", strerror
(errno));
+ exit (EXIT_FAILURE);
+ }
- if ((fd = ipmiconsole_ctx_fd (c)) < 0)
- {
- fprintf (stderr, "ipmiconsole_ctx_fd: %s\r\n", ipmiconsole_ctx_errormsg
(c));
- goto cleanup;
+ if (bind (proxyfd,
+ cmd_args.bind_addr.ai_addr,
+ cmd_args.bind_addr.ai_addrlen
+ ) < 0)
+ {
+ fprintf (stderr, "proxy bind () returned error: %s\r\n", strerror
(errno));
+ exit (EXIT_FAILURE);
+ }
+ sol_proxy (c,
+ &cmd_args,
+ &ipmi_config,
+ &protocol_config,
+ &engine_config,
+ proxyfd);
+ shutdown (proxyfd, 2);
+ close (proxyfd);
+ goto cleanup;
}
#ifndef NDEBUG
@@ -428,99 +691,12 @@
goto cleanup;
#endif /* !NDEBUG */
- printf ("[SOL established]\r\n");
-
- while (1)
- {
- char buf[IPMICONSOLE_BUFLEN];
- struct timeval tv;
- ssize_t n;
- fd_set rds;
-
- FD_ZERO (&rds);
- FD_SET (fd, &rds);
- FD_SET (STDIN_FILENO, &rds);
-
- tv.tv_sec = 0;
- tv.tv_usec = 250000;
-
- if (select (fd + 1, &rds, NULL, NULL, &tv) < 0)
- {
- perror ("select");
- goto cleanup;
- }
-
- if (FD_ISSET (STDIN_FILENO, &rds))
- {
- if ((n = read (STDIN_FILENO, buf, IPMICONSOLE_BUFLEN)) < 0)
- {
- perror ("read");
- goto cleanup;
- }
-
- if (!n)
- goto cleanup;
-
- if (_stdin (c,
- cmd_args.escape_char,
- fd,
- buf,
- n) < 0)
- goto cleanup;
- }
-
- if (FD_ISSET (fd, &rds))
- {
- if ((n = read (fd, buf, IPMICONSOLE_BUFLEN)) < 0)
- {
- perror ("read");
- goto cleanup;
- }
-
- if (n)
- {
- if (write (STDOUT_FILENO, buf, n) != n)
- {
- perror ("write");
- goto cleanup;
- }
- }
- else
- {
- /* b/c we're exitting */
- /* achu: it is possible that errnum can equal success.
- * Most likely scenario is user sets a flag in the
- * libipmiconsole.conf file that alters the behavior of
- * what this tool expects to happen. For example, if
- * user specifies deactivate on the command line, we
- * know to quit early. However, if the user does so in
- * libipmiconsole.conf, we as a tool won't know to
- * expect it.
- */
- if (ipmiconsole_ctx_errnum (c) == IPMICONSOLE_ERR_SOL_STOLEN)
- printf ("\r\n[%s]\r\n",
- ipmiconsole_ctx_errormsg (c));
- else if (ipmiconsole_ctx_errnum (c) != IPMICONSOLE_ERR_SUCCESS)
- printf ("\r\n[error received]: %s\r\n",
- ipmiconsole_ctx_errormsg (c));
- goto cleanup;
- }
-
- }
-
- /* Clear out data, may still use buffer */
- memset (buf, '\0', IPMICONSOLE_BUFLEN);
- }
-
- cleanup:
- if (fd >= 0)
- {
- printf ("\r\n[closing the connection]\r\n");
- /* ignore potential error, cleanup path */
- close (fd);
- }
- ipmiconsole_ctx_destroy (c);
- ipmiconsole_engine_teardown (1);
+ sol_connect (c,
+ &cmd_args,
+ &ipmi_config,
+ &protocol_config,
+ &engine_config,
+ STDIN_FILENO);
#ifndef NDEBUG
if (!cmd_args.noraw)
@@ -529,5 +705,9 @@
_reset_mode ();
#endif /* !NDEBUG */
+ cleanup:
+ ipmiconsole_ctx_destroy (c);
+ ipmiconsole_engine_teardown (1);
+
return (EXIT_SUCCESS);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/freeipmi-1.6.16/ipmiconsole/ipmiconsole_.h
new/freeipmi-1.6.17/ipmiconsole/ipmiconsole_.h
--- old/freeipmi-1.6.16/ipmiconsole/ipmiconsole_.h 2025-09-15
19:31:45.000000000 +0200
+++ new/freeipmi-1.6.17/ipmiconsole/ipmiconsole_.h 2026-03-11
19:07:37.000000000 +0100
@@ -52,11 +52,16 @@
DEBUG_KEY = 167,
DEBUGFILE_KEY = 168,
NORAW_KEY = 169,
+ TCPPROXY_KEY = 170,
+ TCPPROXY_PORT_KEY = 171,
+ TCPPROXY_ADDR_KEY = 172,
};
struct ipmiconsole_arguments
{
struct common_cmd_args common_args;
+ struct addrinfo bind_addr;
+ struct sockaddr_storage __ai_addr;
char escape_char;
int dont_steal;
int deactivate;
@@ -65,6 +70,8 @@
unsigned int sol_payload_instance;
int deactivate_all_instances;
int lock_memory;
+ int run_solproxy;
+ int listen_port;
#ifndef NDEBUG
int debugfile;
int noraw;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/freeipmi-1.6.16/libfreeipmi/locate/ipmi-locate-acpi-spmi.c
new/freeipmi-1.6.17/libfreeipmi/locate/ipmi-locate-acpi-spmi.c
--- old/freeipmi-1.6.16/libfreeipmi/locate/ipmi-locate-acpi-spmi.c
2023-06-06 00:58:27.000000000 +0200
+++ new/freeipmi-1.6.17/libfreeipmi/locate/ipmi-locate-acpi-spmi.c
2026-01-27 20:45:30.000000000 +0100
@@ -1234,6 +1234,7 @@
rv = 0;
cleanup:
close (sysfs_acpi_fd);
+ free (sysfs_path);
return rv;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/freeipmi-1.6.16/man/ipmiconsole.8.pre.in
new/freeipmi-1.6.17/man/ipmiconsole.8.pre.in
--- old/freeipmi-1.6.16/man/ipmiconsole.8.pre.in 2025-09-15
19:31:45.000000000 +0200
+++ new/freeipmi-1.6.17/man/ipmiconsole.8.pre.in 2026-03-11
19:07:37.000000000 +0100
@@ -114,7 +114,7 @@
in which underlying serial data can no longer be sent/received. From
the viewpoint of
.B ipmiconsole,
-data is simply not be sent out of the remote system and this problem
+data is simply not being sent out of the remote system and this problem
is only detected once there is user interaction. By sending the
occasional NUL character, the underlying loss of serial data transfer
can be detected far more quickly. There is some risk with this option,
@@ -147,6 +147,22 @@
\fB\-\-lock-memory\fR
Lock sensitive information (such as usernames and passwords) in
memory.
+.TP
+\fB\-\-proxy\fR
+Run a TCP proxy redirecting all socket input/output into remote console.
+Useful for remote kernel debugging with gdb.
+Please see the SOL-TO-TCP PROXY MODE section below for more information
+on this mode.
+.TP
+\fB\-\-proxyport\fR=\fIPORTNUMBER\fR
+Configure a custom TCP port number for TCP proxy mode.
+Default port is 6023.
+.TP
+\fB\-\-proxyaddr\fR=\fIADDRESS\fR
+Configure a custom listening address for TCP proxy mode.
+Default address is 127.0.0.1.
+Please see the SOL-TO-TCP PROXY MODE section below for security caveats
+overriding this value.
.if @WITH_DEBUG@ \{
.TP
\fB\-\-debugfile\fR
@@ -302,6 +318,25 @@
session is subsequently useless. There is currently no workaround in
place to handle this. The session must be closed and restarted.
+.SH "SOL-TO-TCP PROXY MODE"
+By default
+.B ipmiconsole
+will use current terminal for input/output for a remote console.
+Use
+\fB\-\-proxy\fR
+option to turn
+.B ipmiconsole
+into a TCP proxy that accepts a single TCP connection and use it for
+input/output for a remote console.
+.PP
+Enabling this mode allows any user with an access to the TCP socket
+to connect to a remote SOL instance WITHOUT ANY AUTHENTICATION.
+.PP
+Do not override proxy binding address unless you take measures to
+prevent unauthorized access.
+.PP
+Do not run proxy mode on an untrusted host.
+
.SH "EXAMPLES"
.B # ipmiconsole -h ahost -u myusername -p mypassword
.PP
