Hello community, here is the log from the commit of package ipmitool for openSUSE:Leap:15.2 checked in at 2020-02-19 18:43:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/ipmitool (Old) and /work/SRC/openSUSE:Leap:15.2/.ipmitool.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ipmitool" Wed Feb 19 18:43:22 2020 rev:14 rq:775318 version:1.8.18+git20200204.7ccea28 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/ipmitool/ipmitool.changes 2020-01-15 15:12:28.690142670 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.ipmitool.new.26092/ipmitool.changes 2020-02-19 18:43:34.178458066 +0100 @@ -1,0 +2,36 @@ +Tue Feb 11 13:39:26 UTC 2020 - Ismail Dönmez <[email protected]> + +- Don't hardcode /usr but use rpm variables + +------------------------------------------------------------------- +Mon Feb 10 08:27:23 UTC 2020 - [email protected] + +- bsc#1163026 +- CVE-2020-5208 +- Use license macro for COPYING, instead of doc +- Add ChangeLog mainline log to docs for shorter + obs changelogs. This will be the last more detailed + changelog, due to more important buffer overflow patches. + Otherwise this changelog will not include (mainline) changes + anymore. +- Update to version 1.8.18+git20200204.7ccea28: + * fru, sdr: Fix id_string buffer overflows + * lanp: Fix buffer overflows in get_lan_param_select + * channel: Fix buffer overflow + * session: Fix buffer overflow in ipmi_get_session_info + * fru: Fix buffer overflow in ipmi_spd_print_fru + * fru: Fix buffer overflow vulnerabilities + * chassis: bootmbox: Refix 62a04390 + * configure: Drop requirement for curses et. al libs + +- Add a configure option to disable IANA PEN database internet download +A autotools_define_DOWNLOAD.diff +D create_pen_list_from_local_file.patch +- New pen database: +M enterprise-numbers +- Patches adjusted to latest mainline code: +M fix_file_permissions.patch +M ipmitool_adjust_suse_paths.patch +M several_more_compile_fixes.patch + +------------------------------------------------------------------- Old: ---- create_pen_list_from_local_file.patch ipmitool-1.8.18.tar.xz New: ---- autotools_define_DOWNLOAD.diff ipmitool-1.8.18+git20200204.7ccea28.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ipmitool.spec ++++++ --- /var/tmp/diff_new_pack.awSPvb/_old 2020-02-19 18:43:35.010459750 +0100 +++ /var/tmp/diff_new_pack.awSPvb/_new 2020-02-19 18:43:35.014459758 +0100 @@ -1,7 +1,7 @@ # # spec file for package ipmitool # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,17 +12,17 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: ipmitool -Version: 1.8.18 +Version: 1.8.18+git20200204.7ccea28 Release: 0 Summary: Utility for IPMI Control License: BSD-3-Clause Group: System/Management -Url: https://github.com/ipmitool/ipmitool +URL: https://github.com/ipmitool/ipmitool Source: %{name}-%{version}.tar.xz Source1: ipmievd.service Source2: ipmievd.sysconf @@ -32,7 +32,7 @@ Patch2: several_more_compile_fixes.patch Patch3: ipmitool_adjust_suse_paths.patch Patch4: hpm_x_compatibility_msg_is_debug_only.patch -Patch5: create_pen_list_from_local_file.patch +Patch5: autotools_define_DOWNLOAD.diff BuildRequires: libtool BuildRequires: openssl-devel BuildRequires: readline-devel @@ -87,6 +87,8 @@ %make_install rm -rf %{buildroot}%{_datadir}/doc/ipmitool +install -D -m 644 %{SOURCE3} %{buildroot}%{_datadir}/misc/enterprise-numbers + # exchange-bmc-os-info service install -D -m 0755 contrib/exchange-bmc-os-info.init.redhat %{buildroot}/%{_sbindir}/exchange-bmc-os-info install -D -m 0644 contrib/exchange-bmc-os-info.service.redhat %{buildroot}%{_unitdir}/exchange-bmc-os-info.service @@ -129,7 +131,8 @@ %service_del_postun bmc-snmp-proxy.service exchange-bmc-os-info.service ipmievd.service %files -%doc AUTHORS COPYING README +%doc AUTHORS README ChangeLog +%license COPYING %{_datadir}/ipmitool %attr(755,root,root) %{_bindir}/ipmitool %attr(755,root,root) %{_sbindir}/ipmievd @@ -142,6 +145,7 @@ %{_unitdir}/ipmievd.service %{_mandir}/man1/* %{_mandir}/man8/* +%{_datadir}/misc/enterprise-numbers %files bmc-snmp-proxy %attr(755,root,root) %{_sbindir}/bmc-snmp-proxy ++++++ _service ++++++ --- /var/tmp/diff_new_pack.awSPvb/_old 2020-02-19 18:43:35.042459815 +0100 +++ /var/tmp/diff_new_pack.awSPvb/_new 2020-02-19 18:43:35.046459823 +0100 @@ -2,9 +2,13 @@ <service mode="disabled" name="tar_scm"> <param name="url">https://github.com/ipmitool/ipmitool.git</param> <param name="scm">git</param> + <param name="version">HEAD</param> <param name="changesgenerate">enable</param> <param name="filename">ipmitool</param> +<!-- <param name="versionformat">1.8.18</param> +--> + <param name="versionformat">1.8.18+git%cd.%h</param> </service> <service mode="disabled" name="recompress"> <param name="file">*.tar</param> ++++++ autotools_define_DOWNLOAD.diff ++++++ Make IANA PEN download configurable - fix uninitalized DOWNLOAD variable Currently if you do not have wget and curl requirement met, you get this error: [ 93s] configure: WARNING: ** Neither wget nor curl could be found. [ 93s] configure: WARNING: ** IANA PEN database will not be installed by `make install` ! [ 93s] configure: WARNING: ** Download is: [ 93s] configure: WARNING: ... [ 104s] configure: error: conditional "DOWNLOAD" was never defined. [ 104s] Usually this means the macro was only invoked conditionally. [ 104s] error: Bad exit status from /var/tmp/rpm-tmp.TYnvu5 (%build) Internet download is restricted in most build environments. So there must be a knob to enable/disable IANA PEN database download. For security reasons and as a good manner for open source tools, the internet download is by default set to off. This patch initializes all needed variables and also introduces to make the IANA PEN internet download configurable. ./configure then has this additional feature: --enable-iana-download Download IANA PEN database [default=no] Depending on whether it has explicitly been enabled this additional output is shown after build env is successfully set up via ./configure: Download IANA PEN database : yes IANA PEN database URL : http://www.iana.org/assignments/enterprise-numbers The URL is unfortunately hardcoded in the message. I couldn't find a quick way to show the IANA_PEN_URL variable there, so if this is ever changed (it is not configurable right now, but maybe with a follow up patch in the future), it has to be changed in the help string as well. --- Makefile.am | 5 ++--- configure.ac | 38 ++++++++++++++++++++++++++------------ 2 files changed, 28 insertions(+), 15 deletions(-) --- a/Makefile.am +++ b/Makefile.am @@ -41,7 +41,6 @@ $(distdir).tar.gz $(distdir).tar.bz2 SUBDIRS = lib src include doc contrib control -IANA_PEN = http://www.iana.org/assignments/enterprise-numbers dist-hook: cp control/ipmitool.spec $(distdir) @@ -52,8 +51,8 @@ enterprise-numbers: @echo Downloading IANA PEN database... - @$(DOWNLOAD) "$(IANA_PEN)" > tmpfile.$$PPID || {\ - echo "FAILED to download the IANA PEN database"; \ + @$(DOWNLOAD) "$(IANA_PEN_URL)" > tmpfile.$$PPID || {\ + echo "FAILED to download the IANA PEN database from $(IANA_PEN_URL)"; \ rm tmpfile.$$PPID; \ false; \ } --- a/configure.ac +++ b/configure.ac @@ -56,23 +56,34 @@ exec_prefix="$prefix" fi -if test "x$WGET" = "x"; then - if test "x$CURL" = "x"; then - AC_MSG_WARN([** Neither wget nor curl could be found.]) - AC_MSG_WARN([** IANA PEN database will not be installed by `make install` !]) +xiana_pen_url="http://www.iana.org/assignments/enterprise-numbers"; +AC_SUBST(IANA_PEN_URL, xiana_pen_url) + +AC_ARG_ENABLE([iana-download], + [AC_HELP_STRING([--enable-iana-download], + [Download IANA PEN database [default=no]])], + [xenable_iana_download=$enableval], + [xenable_iana_download=no]) +if test "x$xenable_iana_download" = "xyes"; then + if test "x$WGET" = "x"; then + if test "x$CURL" = "x"; then + AC_MSG_WARN([** Neither wget nor curl could be found.]) + AC_MSG_WARN([** IANA PEN database will not be installed by `make install` !]) + xenable_iana_download="no" + else + DOWNLOAD="$CURL -#" + fi else - DOWNLOAD="$CURL -#" - AM_CONDITIONAL([DOWNLOAD], [true]) + DOWNLOAD="$WGET -c -nd -O -" fi -else - DOWNLOAD="$WGET -c -nd -O -" +fi +if test "x$xenable_iana_download" = "xyes"; then AM_CONDITIONAL([DOWNLOAD], [true]) + AC_SUBST(DOWNLOAD, $DOWNLOAD) +else + AM_CONDITIONAL([DOWNLOAD], [false]) fi -AC_MSG_WARN([** Download is:]) -AC_MSG_WARN($DOWNLOAD) -AC_SUBST(DOWNLOAD, $DOWNLOAD) - dnl dnl set default option values dnl @@ -776,4 +787,7 @@ AC_MSG_RESULT([ ipmievd : yes]) AC_MSG_RESULT([ ipmishell : $xenable_ipmishell]) AC_MSG_RESULT([]) +AC_MSG_RESULT([ Download IANA PEN database : $xenable_iana_download]) +AC_MSG_RESULT([ IANA PEN database URL : $xiana_pen_url]) +AC_MSG_RESULT([]) ++++++ enterprise-numbers ++++++ ++++ 13435 lines (skipped) ++++ between /work/SRC/openSUSE:Leap:15.2/ipmitool/enterprise-numbers ++++ and /work/SRC/openSUSE:Leap:15.2/.ipmitool.new.26092/enterprise-numbers ++++++ fix_file_permissions.patch ++++++ --- /var/tmp/diff_new_pack.awSPvb/_old 2020-02-19 18:43:35.182460098 +0100 +++ /var/tmp/diff_new_pack.awSPvb/_new 2020-02-19 18:43:35.186460106 +0100 @@ -1,20 +1,10 @@ -Index: ipmitool-1.8.18/lib/helper.c -=================================================================== ---- ipmitool-1.8.18.orig/lib/helper.c 2018-09-25 11:36:13.675132165 +0200 -+++ ipmitool-1.8.18/lib/helper.c 2018-09-25 11:40:43.283111633 +0200 -@@ -867,7 +867,6 @@ ipmi_start_daemon(struct ipmi_intf *intf - #endif - - chdir("/"); -- umask(0); - - for (fd=0; fd<64; fd++) { - if (fd != intf->fd) -Index: ipmitool-1.8.18/src/ipmievd.c -=================================================================== ---- ipmitool-1.8.18.orig/src/ipmievd.c 2018-09-25 11:36:13.679132402 +0200 -+++ ipmitool-1.8.18/src/ipmievd.c 2018-09-25 11:41:12.744857808 +0200 -@@ -701,6 +701,7 @@ ipmievd_main(struct ipmi_event_intf * ei +--- + src/ipmievd.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/src/ipmievd.c ++++ b/src/ipmievd.c +@@ -700,6 +700,7 @@ int i, rc; int daemon = 1; struct sigaction act; @@ -22,7 +12,7 @@ memset(pidfile, 0, 64); sprintf(pidfile, "%s%d", DEFAULT_PIDFILE, eintf->intf->devnum); -@@ -763,8 +764,9 @@ ipmievd_main(struct ipmi_event_intf * ei +@@ -762,8 +763,9 @@ ipmi_start_daemon(eintf->intf); ++++++ ipmitool_adjust_suse_paths.patch ++++++ --- /var/tmp/diff_new_pack.awSPvb/_old 2020-02-19 18:43:35.210460155 +0100 +++ /var/tmp/diff_new_pack.awSPvb/_new 2020-02-19 18:43:35.210460155 +0100 @@ -1,8 +1,25 @@ -Index: ipmitool-1.8.13/contrib/bmc-snmp-proxy.service -=================================================================== ---- ipmitool-1.8.13.orig/contrib/bmc-snmp-proxy.service -+++ ipmitool-1.8.13/contrib/bmc-snmp-proxy.service -@@ -11,8 +11,8 @@ ConditionPathExists=/var/run/bmc-info +--- + contrib/bmc-snmp-proxy | 4 ++++ + contrib/bmc-snmp-proxy.service | 4 ++-- + contrib/exchange-bmc-os-info.service.redhat | 4 ++-- + 3 files changed, 8 insertions(+), 4 deletions(-) + +--- a/contrib/bmc-snmp-proxy ++++ b/contrib/bmc-snmp-proxy +@@ -14,6 +14,10 @@ + # + # Assumptions: This script will work only when /etc/snmp/ is writable. + # ++# Provides: bmc-snmp-proxy ++# Required-Start: ipmi snmp ++# Default-Start: 3 4 5 ++# Default-Stop: 0 1 2 6 + ############################################################################# + # GLOBALS + ############################################################################# +--- a/contrib/bmc-snmp-proxy.service ++++ b/contrib/bmc-snmp-proxy.service +@@ -11,8 +11,8 @@ Type=oneshot RemainAfterExit=yes @@ -13,11 +30,9 @@ [Install] WantedBy=multi-user.target -Index: ipmitool-1.8.13/contrib/exchange-bmc-os-info.service.redhat -=================================================================== ---- ipmitool-1.8.13.orig/contrib/exchange-bmc-os-info.service.redhat -+++ ipmitool-1.8.13/contrib/exchange-bmc-os-info.service.redhat -@@ -6,8 +6,8 @@ Requires=ipmi.service +--- a/contrib/exchange-bmc-os-info.service.redhat ++++ b/contrib/exchange-bmc-os-info.service.redhat +@@ -7,8 +7,8 @@ [Service] Type=oneshot RemainAfterExit=yes @@ -28,18 +43,3 @@ [Install] WantedBy=multi-user.target -Index: ipmitool-1.8.13/contrib/bmc-snmp-proxy -=================================================================== ---- ipmitool-1.8.13.orig/contrib/bmc-snmp-proxy -+++ ipmitool-1.8.13/contrib/bmc-snmp-proxy -@@ -14,6 +14,10 @@ - # - # Assumptions: This script will work only when /etc/snmp/ is writable. - # -+# Provides: bmc-snmp-proxy -+# Required-Start: ipmi snmp -+# Default-Start: 3 4 5 -+# Default-Stop: 0 1 2 6 - ############################################################################# - # GLOBALS - ############################################################################# ++++++ several_more_compile_fixes.patch ++++++ --- /var/tmp/diff_new_pack.awSPvb/_old 2020-02-19 18:43:35.218460171 +0100 +++ /var/tmp/diff_new_pack.awSPvb/_new 2020-02-19 18:43:35.218460171 +0100 @@ -4,11 +4,14 @@ Signed-off-by: Thomas Renninger <[email protected]> -Index: ipmitool-1.8.18/lib/ipmi_ekanalyzer.c -=================================================================== ---- ipmitool-1.8.18.orig/lib/ipmi_ekanalyzer.c 2018-09-09 13:48:58.000000000 +0200 -+++ ipmitool-1.8.18/lib/ipmi_ekanalyzer.c 2018-09-25 11:42:30.901490572 +0200 -@@ -4014,7 +4014,7 @@ ipmi_ek_display_clock_config_record(stru +--- + lib/ipmi_ekanalyzer.c | 2 +- + lib/ipmi_picmg.c | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +--- a/lib/ipmi_ekanalyzer.c ++++ b/lib/ipmi_ekanalyzer.c +@@ -4013,7 +4013,7 @@ (feature & 1) ? "Source" : "Receiver"); printf("\tFamily: 0x%02x - AccLVL: 0x%02x\n", family, accuracy); @@ -17,11 +20,9 @@ freq, min_freq, max_freq); } printf("\n"); -Index: ipmitool-1.8.18/lib/ipmi_picmg.c -=================================================================== ---- ipmitool-1.8.18.orig/lib/ipmi_picmg.c 2018-09-09 13:48:58.000000000 +0200 -+++ ipmitool-1.8.18/lib/ipmi_picmg.c 2018-09-25 11:42:30.905490809 +0200 -@@ -850,7 +850,7 @@ ipmi_picmg_portstate_get(struct ipmi_int +--- a/lib/ipmi_picmg.c ++++ b/lib/ipmi_picmg.c +@@ -949,7 +949,7 @@ } else if (d->type >= 0x06 && d->type <= 0xef) { @@ -30,7 +31,7 @@ } else if (d->type >= 0xf0 && d->type <= 0xfe) { -@@ -1702,7 +1702,7 @@ ipmi_picmg_clk_get(struct ipmi_intf * in +@@ -1805,7 +1805,7 @@ oemval2str( rsp->data[3], rsp->data[4], picmg_clk_accuracy_vals)); @@ -39,15 +40,3 @@ } } } -Index: ipmitool-1.8.18/lib/ipmi_sdr.c -=================================================================== ---- ipmitool-1.8.18.orig/lib/ipmi_sdr.c 2018-09-09 13:48:58.000000000 +0200 -+++ ipmitool-1.8.18/lib/ipmi_sdr.c 2018-09-25 11:42:30.909491047 +0200 -@@ -52,6 +52,7 @@ - #include <ipmitool/ipmi_entity.h> - #include <ipmitool/ipmi_constants.h> - #include <ipmitool/ipmi_strings.h> -+#include <ipmitool/ipmi_sensor.h> - - #if HAVE_CONFIG_H - # include <config.h>
