powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
Browse Source

ipmitool update 

Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org>
master
basebuilder_pel7x64builder0 1 year ago
parent
cc41f4b902
commit
80bca7f155
18 changed files with 1808 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 48
      SOURCES/0001-ipmitool-1.8.10-ipmievd-init.patch.patch
  2. 76
      SOURCES/0002-ipmitool-1.8.10-ipmievd-condrestart.patch.patch
  3. 240
      SOURCES/0004-ipmitool-1.8.11-set-kg-key.patch.patch
  4. 28
      SOURCES/0007-ipmitool-1.8.11-remove-umask0.patch.patch
  5. 28
      SOURCES/0009-ipmitool-1.8.11-bz1126333-slowswid.patch.patch
  6. 28
      SOURCES/0010-ipmitool-1.8.11-bz878614-overname.patch.patch
  7. 21
      SOURCES/0015-ID-390-Support-for-new-Communication-Interface-USB-M.patch
  8. 110
      SOURCES/0016-ipmitool-1.8.18-verbose.patch
  9. 41
      SOURCES/0017-ipmitool-1.8.18-check-input-values.patch
  10. 365
      SOURCES/0018-CVE-2020-5208.patch
  11. 44
      SOURCES/0019-CVE-2020-5208_2.patch
  12. 326
      SOURCES/exchange-bmc-os-info
  13. 13
      SOURCES/exchange-bmc-os-info.service
  14. 26
      SOURCES/exchange-bmc-os-info.sysconf
  15. 13
      SOURCES/ipmievd.service
  16. 1
      SOURCES/openipmi-ipmievd.sysconf
  17. 11
      SOURCES/set-bmc-url.sh
  18. 389
      SPECS/ipmitool.spec

48
SOURCES/0001-ipmitool-1.8.10-ipmievd-init.patch.patch
Unescape View File

@ -0,0 +1,48 @@ @@ -0,0 +1,48 @@
From 88c6180c807bcdcbe5a189fa7a2a7432cd3a750d Mon Sep 17 00:00:00 2001
From: Boris Ranto <branto@redhat.com>
Date: Fri, 6 Nov 2015 12:06:52 +0100
Subject: [PATCH 01/11] ipmitool-1.8.10-ipmievd-init.patch

562186 - Initscript of the ipmievd service not LSB compliant

Backported by: dgregor jsafrane
---
contrib/ipmievd.init.redhat | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/contrib/ipmievd.init.redhat b/contrib/ipmievd.init.redhat
index 1c0253d..7cf9d24 100755
--- a/contrib/ipmievd.init.redhat
+++ b/contrib/ipmievd.init.redhat
@@ -5,7 +5,7 @@
# Based on example sysvinitfiles script
# Copyright (c) 2000 Red Hat Software, Inc.
#
-# chkconfig: 345 99 00
+# chkconfig: - 99 00
# description: ipmievd daemon to send events to syslog
# processname: ipmievd
# config: /etc/sysconfig/ipmievd
@@ -16,8 +16,8 @@
# Should-Start: $time
# Required-Stop: $syslog ipmi
# Should-Stop: $time
-# Default-Start: 3 4 5
-# Default-Stop: 0 1 2 6
+# Default-Start:
+# Default-Stop:
# Short-Description: ipmievd daemon to send events to syslog
# Description: Start ipmievd to read events from BMC and
# log them to syslog. Events correspond to hardware faults,
@@ -81,7 +81,7 @@ case "$1" in
;;
*)
echo "Usage: ipmievd {start|stop|status|reload|restart|condrestart}"
- exit 1
+ exit 2
;;
esac
exit $?
--
2.1.0

76
SOURCES/0002-ipmitool-1.8.10-ipmievd-condrestart.patch.patch
Unescape View File

@ -0,0 +1,76 @@ @@ -0,0 +1,76 @@
From a82448d0a53be621e9a1f5f7dff44e4e481e174c Mon Sep 17 00:00:00 2001
From: Boris Ranto <branto@redhat.com>
Date: Fri, 6 Nov 2015 12:12:29 +0100
Subject: [PATCH 02/11] ipmitool-1.8.10-ipmievd-condrestart.patch
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

532188 - ipmievd init script's condrestart doesn't work
Author: Ville Skyttä (ville.skytta@iki.fi)
Sent upstream as
https://sourceforge.net/tracker/?func=detail&aid=2889888&group_id=95200&atid=610552

Initscipt output tuning by Jan Safranek

Backported by: dgregor jsafrane
---
contrib/ipmievd.init.redhat | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/contrib/ipmievd.init.redhat b/contrib/ipmievd.init.redhat
index 7cf9d24..71b90b9 100755
--- a/contrib/ipmievd.init.redhat
+++ b/contrib/ipmievd.init.redhat
@@ -44,24 +44,31 @@ test -r $IPMIEVD_CONFIG || { echo "$IPMIEVD_CONFIG does not exist";
. /etc/init.d/functions
start() {
- echo "Starting ipmievd:"
+ echo -n "Starting ipmievd:"
if [ -f /var/lock/subsys/ipmievd ]; then
return 0
fi
daemon $IPMIEVD_BIN $IPMIEVD_OPTIONS
ret=$?
[ $ret -eq 0 ] && touch /var/lock/subsys/ipmievd
+ echo
return $ret
}
stop() {
- echo "Shutting down ipmievd:"
+ echo -n "Shutting down ipmievd:"
killproc $IPMIEVD_BIN
ret=$?
[ $ret -eq 0 ] && rm -f /var/lock/subsys/ipmievd
+ echo
return $ret
}
+restart() {
+ stop
+ start
+}
+
case "$1" in
start)
start
@@ -72,11 +79,10 @@ case "$1" in
status)
status $IPMIEVD_BIN
;;
- restart|reload)
- stop
- start
+ restart|reload|force-reload)
+ restart
;;
- condrestart)
+ try-restart|condrestart)
[ -f /var/lock/subsys/ipmievd ] && restart || :
;;
*)
--
2.1.0

240
SOURCES/0004-ipmitool-1.8.11-set-kg-key.patch.patch
Unescape View File

@ -0,0 +1,240 @@ @@ -0,0 +1,240 @@
diff -urNp old/doc/ipmitool.1 new/doc/ipmitool.1
--- old/doc/ipmitool.1 2017-02-06 10:20:02.254362909 +0100
+++ new/doc/ipmitool.1 2017-02-06 10:33:41.729294474 +0100
@@ -372,6 +372,20 @@ Configure user access information on the
Displays the list of cipher suites supported for the given
application (ipmi or sol) on the given channel.
+.TP
+\fIsetkg\fP <\fIhex\fP|\fIplain\fP> <\fBkey\fP> [<\fBchannel\fR>]
+.br
+
+Sets K_g key to given value. Use \fIplain\fP to specify \fBkey\fR as simple ASCII string.
+Use \fIhex\fP to specify \fBkey\fR as sequence of hexadecimal codes of ASCII charactes.
+I.e. following two examples are equivalent:
+
+.RS
+ipmitool channel setkg plain PASSWORD
+
+ipmitool channel setkg hex 50415353574F5244
+.RE
+
.RE
.RE
.TP
diff -urNp old/include/ipmitool/helper.h new/include/ipmitool/helper.h
--- old/include/ipmitool/helper.h 2017-02-06 10:20:02.254362909 +0100
+++ new/include/ipmitool/helper.h 2017-02-06 10:40:07.336136844 +0100
@@ -58,6 +58,8 @@
# define IPMI_UID_MAX 63
#endif
+#define IPMI_KG_BUFFER_SIZE 21 /* key plus null byte */
+
struct ipmi_intf;
struct valstr {
diff -urNp old/include/ipmitool/ipmi_channel.h new/include/ipmitool/ipmi_channel.h
--- old/include/ipmitool/ipmi_channel.h 2017-02-06 10:20:02.253316684 +0100
+++ new/include/ipmitool/ipmi_channel.h 2017-02-06 10:58:15.291287621 +0100
@@ -49,6 +49,10 @@
#define IPMI_GET_USER_NAME 0x46
#define IPMI_SET_USER_PASSWORD 0x47
#define IPMI_GET_CHANNEL_CIPHER_SUITES 0x54
+#define IPMI_SET_CHANNEL_SECURITY_KEYS 0x56
+
+#define IPMI_KG_KEY_ID 1
+#define IPMI_SET_CHANNEL_SECURITY_KEYS_OP_SET 1
/* These are for channel_info_t.session_support */
#define IPMI_CHANNEL_SESSION_LESS 0x00
@@ -137,6 +141,40 @@ int _ipmi_set_channel_access(struct ipmi
struct channel_access_t channel_access, uint8_t access_option,
uint8_t privilege_option);
+struct set_channel_security_keys_req {
+#if WORDS_BIGENDIAN
+ uint8_t __reserved1 :4;
+ uint8_t channel :4;
+
+ uint8_t __reserved2 :6;
+ uint8_t operation :2;
+
+ uint8_t key_id;
+ unsigned char key_value[IPMI_KG_BUFFER_SIZE-1]; /* we don't want space for '\0' at the end */
+#else
+ uint8_t channel :4;
+ uint8_t __reserved1 :4;
+
+ uint8_t operation :2;
+ uint8_t __reserved2 :6;
+
+ uint8_t key_id;
+ unsigned char key_value[IPMI_KG_BUFFER_SIZE-1]; /* we don't want space for '\0' at the end */
+#endif
+} __attribute__ ((packed));
+
+struct set_channel_security_keys_rsp {
+#if WORDS_BIGENDIAN
+ uint8_t __reserved1 :6;
+ uint8_t lock_status :2;
+ unsigned char key_value; /* just the first character, use &key_value to explore the rest */
+#else
+ uint8_t lock_status :2;
+ uint8_t __reserved1 :6;
+ unsigned char key_value; /* just the first character, use &key_value to explore the rest */
+#endif
+} __attribute__ ((packed));
+
uint8_t ipmi_get_channel_medium(struct ipmi_intf * intf, uint8_t channel);
uint8_t ipmi_current_channel_medium(struct ipmi_intf * intf);
int ipmi_channel_main(struct ipmi_intf * intf, int argc, char ** argv);
diff -urNp old/include/ipmitool/ipmi_intf.h new/include/ipmitool/ipmi_intf.h
--- old/include/ipmitool/ipmi_intf.h 2017-02-06 10:20:02.254362909 +0100
+++ new/include/ipmitool/ipmi_intf.h 2017-02-06 10:40:40.264577602 +0100
@@ -60,7 +60,6 @@ enum LANPLUS_SESSION_STATE {
#define IPMI_AUTHCODE_BUFFER_SIZE 20
#define IPMI_SIK_BUFFER_SIZE IPMI_MAX_MD_SIZE
-#define IPMI_KG_BUFFER_SIZE 21 /* key plus null byte */
struct ipmi_session_params {
char * hostname;
diff -urNp old/lib/ipmi_channel.c new/lib/ipmi_channel.c
--- old/lib/ipmi_channel.c 2017-02-06 10:20:02.255409134 +0100
+++ new/lib/ipmi_channel.c 2017-02-06 12:32:14.222282317 +0100
@@ -821,6 +821,92 @@ ipmi_set_user_access(struct ipmi_intf *i
return 0;
}
+int
+ipmi_set_channel_security_keys (struct ipmi_intf *intf, uint8_t channel, const char *method, const char *key)
+{
+ uint8_t kgkey[IPMI_KG_BUFFER_SIZE];
+ struct ipmi_rs *rsp;
+ struct ipmi_rq req;
+ struct set_channel_security_keys_req req_data;
+ int rc = -1;
+
+ /* convert provided key to array of bytes */
+ if (strcmp(method, "hex") == 0) {
+ if (strlen(key) > (IPMI_KG_BUFFER_SIZE-1)*2) {
+ lprintf(LOG_ERR, "Provided key is too long, max. length is %d bytes", (IPMI_KG_BUFFER_SIZE-1));
+ printf_channel_usage();
+ return -1;
+ }
+
+ rc = ipmi_parse_hex(key, kgkey, sizeof(kgkey)-1);
+ if (rc == -1) {
+ lprintf(LOG_ERR, "Number of Kg key characters is not even");
+ return rc;
+ } else if (rc == -3) {
+ lprintf(LOG_ERR, "Kg key is not hexadecimal number");
+ return rc;
+ } else if (rc > (IPMI_KG_BUFFER_SIZE-1)) {
+ lprintf(LOG_ERR, "Kg key is too long");
+ return rc;
+ }
+
+ } else if (strcmp(method, "plain") == 0) {
+ if (strlen(key) > IPMI_KG_BUFFER_SIZE-1) {
+ lprintf(LOG_ERR, "Provided key is too long, max. length is %d bytes", (IPMI_KG_BUFFER_SIZE -1));
+ printf_channel_usage();
+ return rc;
+ }
+
+ strncpy(kgkey, key, IPMI_KG_BUFFER_SIZE-1);
+ } else {
+ printf_channel_usage();
+ return rc;
+ }
+
+ /* assemble and send request to set kg key */
+ memset(&req_data, 0, sizeof(req_data));
+ req_data.channel = channel;
+ req_data.operation = IPMI_SET_CHANNEL_SECURITY_KEYS_OP_SET;
+ req_data.key_id = IPMI_KG_KEY_ID;
+ memcpy(req_data.key_value, kgkey, IPMI_KG_BUFFER_SIZE-1);
+
+ memset(&req, 0, sizeof(req));
+ req.msg.netfn = IPMI_NETFN_APP;
+ req.msg.cmd = IPMI_SET_CHANNEL_SECURITY_KEYS;
+ req.msg.data = (uint8_t*) &req_data;
+ req.msg.data_len = sizeof(req_data);
+
+ rsp = intf->sendrecv(intf, &req);
+ if (rsp == NULL) {
+ lprintf(LOG_ERR, "Set Channel Security Keys command failed");
+ return rc;
+ }
+ if (rsp->ccode > 0) {
+ const char *error = NULL;
+ switch (rsp->ccode) {
+ case 0x80:
+ error = "Key is locked";
+ break;
+ case 0x81:
+ error = "Insufficient key bytes";
+ break;
+ case 0x82:
+ error = "Too many key bytes";
+ break;
+ case 0x83:
+ error = "Key value does not meet criteria for K_g key";
+ break;
+ default:
+ error = val2str(rsp->ccode, completion_code_vals);
+ }
+ lprintf(LOG_ERR, "Error setting security key: %X (%s)", rsp->ccode, error);
+ return rc;
+ }
+
+ lprintf(LOG_NOTICE, "Set Channel Security Keys command succeeded");
+ return 0;
+}
+
int
ipmi_channel_main(struct ipmi_intf *intf, int argc, char **argv)
{
@@ -890,6 +976,19 @@ ipmi_channel_main(struct ipmi_intf *intf
retval = ipmi_get_channel_cipher_suites(intf,
argv[1], /* ipmi | sol */
channel);
+ } else if (strncmp(argv[0], "setkg", 5) == 0) {
+ if (argc < 3 || argc > 4)
+ printf_channel_usage();
+ else {
+ uint8_t ch = 0xe;
+ char *method = argv[1];
+ char *key = argv[2];
+ if (argc == 4) {
+ ch = (uint8_t)strtol(argv[3], NULL, 0);
+ }
+
+ retval = ipmi_set_channel_security_keys(intf, ch, method, key);
+ }
} else {
lprintf(LOG_ERR, "Invalid CHANNEL command: %s\n", argv[0]);
printf_channel_usage();
@@ -916,6 +1015,10 @@ printf_channel_usage()
lprintf(LOG_NOTICE,
"");
lprintf(LOG_NOTICE,
+" setkg hex|plain <key> [channel]");
+ lprintf(LOG_NOTICE,
+"");
+ lprintf(LOG_NOTICE,
"Possible privilege levels are:");
lprintf(LOG_NOTICE,
" 1 Callback level");
diff -urNp old/src/plugins/ipmi_intf.c new/src/plugins/ipmi_intf.c
--- old/src/plugins/ipmi_intf.c 2017-02-06 10:20:02.257501584 +0100
+++ new/src/plugins/ipmi_intf.c 2017-02-06 10:42:12.585257810 +0100
@@ -55,6 +55,7 @@
#include <ipmitool/ipmi.h>
#include <ipmitool/ipmi_sdr.h>
#include <ipmitool/log.h>
+#include <ipmitool/helper.h>
#define IPMI_DEFAULT_PAYLOAD_SIZE 25

28
SOURCES/0007-ipmitool-1.8.11-remove-umask0.patch.patch
Unescape View File

@ -0,0 +1,28 @@ @@ -0,0 +1,28 @@
From 4ca58a30ef718975232231f1a5044554718b3404 Mon Sep 17 00:00:00 2001
From: Boris Ranto <branto@redhat.com>
Date: Fri, 6 Nov 2015 12:58:31 +0100
Subject: [PATCH 07/11] ipmitool-1.8.11-remove-umask0.patch

CVE-2011-4339 OpenIPMI: IPMI event daemon creates PID file with world
writeable permissions

Backported by: jsafrane
---
lib/helper.c | 1 -
1 file changed, 1 deletion(-)

diff --git a/lib/helper.c b/lib/helper.c
index d934fc0..998b2e6 100644
--- a/lib/helper.c
+++ b/lib/helper.c
@@ -658,7 +658,6 @@ ipmi_start_daemon(struct ipmi_intf *intf)
#endif
chdir("/");
- umask(0);
for (fd=0; fd<64; fd++) {
if (fd != intf->fd)
--
2.1.0

28
SOURCES/0009-ipmitool-1.8.11-bz1126333-slowswid.patch.patch
Unescape View File

@ -0,0 +1,28 @@ @@ -0,0 +1,28 @@
From 850661bd57c0c98c319fd30d9e9697c1667ad457 Mon Sep 17 00:00:00 2001
From: Boris Ranto <branto@redhat.com>
Date: Wed, 11 Nov 2015 17:58:43 +0100
Subject: [PATCH 09/11] ipmitool-1.8.11-bz1126333-slowswid.patch

See rhbz#1194420 for details.

Backported by: aledvink
---
lib/ipmi_sdr.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/lib/ipmi_sdr.c b/lib/ipmi_sdr.c
index fa7b082..9bc5ac2 100644
--- a/lib/ipmi_sdr.c
+++ b/lib/ipmi_sdr.c
@@ -572,6 +572,8 @@ ipmi_sdr_get_sensor_reading_ipmb(struct ipmi_intf *intf, uint8_t sensor,
uint32_t save_addr;
uint32_t save_channel;
+ if (target == (uint8_t) 0xb1)
+ return ipmi_sdr_get_sensor_reading(intf, sensor);
if ( BRIDGE_TO_SENSOR(intf, target, channel) ) {
lprintf(LOG_DEBUG,
"Bridge to Sensor "
--
2.1.0

28
SOURCES/0010-ipmitool-1.8.11-bz878614-overname.patch.patch
Unescape View File

@ -0,0 +1,28 @@ @@ -0,0 +1,28 @@
From bf51496f56ffd53c75045129f539c182a38f4671 Mon Sep 17 00:00:00 2001
From: Boris Ranto <branto@redhat.com>
Date: Wed, 11 Nov 2015 18:14:52 +0100
Subject: [PATCH 10/11] ipmitool-1.8.11-bz878614-overname.patch

See rhbz#878614 for details.

Backported by: aledvink
---
include/ipmitool/ipmi_sdr.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/ipmitool/ipmi_sdr.h b/include/ipmitool/ipmi_sdr.h
index ccf0cf0..47d3949 100644
--- a/include/ipmitool/ipmi_sdr.h
+++ b/include/ipmitool/ipmi_sdr.h
@@ -819,7 +819,7 @@ static const char *sensor_type_desc[] __attribute__ ((unused)) = {
"Version Change", "FRU State" };
struct sensor_reading {
- char s_id[17]; /* name of the sensor */
+ char s_id[33]; /* name of the sensor */
struct sdr_record_full_sensor *full;
struct sdr_record_compact_sensor *compact;
uint8_t s_reading_valid; /* read value valididity */
--
2.1.0

21
SOURCES/0015-ID-390-Support-for-new-Communication-Interface-USB-M.patch
Unescape View File

@ -0,0 +1,21 @@ @@ -0,0 +1,21 @@
diff -urNp old/configure.ac new/configure.ac
--- old/configure.ac 2017-02-02 14:20:33.230784269 +0100
+++ new/configure.ac 2017-02-02 14:22:53.528510336 +0100
@@ -63,7 +63,7 @@ xenable_intf_imb=yes
xenable_intf_lipmi=yes
xenable_intf_open=yes
#xenable_intf_serial=yes
-xenable_intf_usb=no
+xenable_intf_usb=yes
xenable_ipmishell=yes
dnl set some things so we build with GNU tools on Solaris
@@ -209,7 +209,7 @@ fi
dnl enable IPMI USB interface
AC_ARG_ENABLE([intf-usb],
[AC_HELP_STRING([--enable-intf-usb],
- [enable IPMI USB interface [default=auto]])],
+ [enable IPMI USB interface [default=yes]])],
[xenable_intf_usb=$enableval],
[xenable_intf_usb=$xenable_intf_usb])
if test "x$xenable_intf_usb" = "xstatic" || test "x$xenable_intf_usb" = "xplugin"; then

110
SOURCES/0016-ipmitool-1.8.18-verbose.patch
Unescape View File

@ -0,0 +1,110 @@ @@ -0,0 +1,110 @@
diff -urNp old/lib/ipmi_picmg.c new/lib/ipmi_picmg.c
--- old/lib/ipmi_picmg.c 2016-07-31 07:29:49.000000000 +0200
+++ new/lib/ipmi_picmg.c 2017-10-03 15:38:48.711790645 +0200
@@ -2353,28 +2353,28 @@ picmg_discover(struct ipmi_intf *intf) {
req.msg.data_len = 1;
msg_data = 0;
- lprintf(LOG_INFO, "Running Get PICMG Properties my_addr %#x, transit %#x, target %#x",
+ lprintf(LOG_DEBUG, "Running Get PICMG Properties my_addr %#x, transit %#x, target %#x",
intf->my_addr, intf->transit_addr, intf->target_addr);
rsp = intf->sendrecv(intf, &req);
if (rsp == NULL) {
- lprintf(LOG_INFO,"No response from Get PICMG Properties");
+ lprintf(LOG_DEBUG,"No response from Get PICMG Properties");
} else if (rsp->ccode != 0) {
- lprintf(LOG_INFO,"Error response %#x from Get PICMG Properities",
+ lprintf(LOG_DEBUG,"Error response %#x from Get PICMG Properities",
rsp->ccode);
} else if (rsp->data_len < 4) {
- lprintf(LOG_INFO,"Invalid Get PICMG Properties response length %d",
+ lprintf(LOG_DEBUG,"Invalid Get PICMG Properties response length %d",
rsp->data_len);
} else if (rsp->data[0] != 0) {
- lprintf(LOG_INFO,"Invalid Get PICMG Properties group extension %#x",
+ lprintf(LOG_DEBUG,"Invalid Get PICMG Properties group extension %#x",
rsp->data[0]);
} else if ((rsp->data[1] & 0x0F) != PICMG_EXTENSION_ATCA_MAJOR_VERSION
&& (rsp->data[1] & 0x0F) != PICMG_EXTENSION_AMC0_MAJOR_VERSION
&& (rsp->data[1] & 0x0F) != PICMG_EXTENSION_UTCA_MAJOR_VERSION) {
- lprintf(LOG_INFO,"Unknown PICMG Extension Version %d.%d",
+ lprintf(LOG_DEBUG,"Unknown PICMG Extension Version %d.%d",
(rsp->data[1] & 0x0F), (rsp->data[1] >> 4));
} else {
picmg_avail = 1;
- lprintf(LOG_INFO, "Discovered PICMG Extension Version %d.%d",
+ lprintf(LOG_DEBUG, "Discovered PICMG Extension Version %d.%d",
(rsp->data[1] & 0x0f), (rsp->data[1] >> 4));
}
diff -urNp old/lib/ipmi_vita.c new/lib/ipmi_vita.c
--- old/lib/ipmi_vita.c 2018-01-05 10:29:51.290694252 +0100
+++ new/lib/ipmi_vita.c 2018-01-05 12:09:56.480413217 +0100
@@ -184,7 +184,7 @@ vita_discover(struct ipmi_intf *intf)
msg_data = GROUP_EXT_VITA;
- lprintf(LOG_INFO, "Running Get VSO Capabilities my_addr %#x, "
+ lprintf(LOG_DEBUG, "Running Get VSO Capabilities my_addr %#x, "
"transit %#x, target %#x",
intf->my_addr, intf->transit_addr, intf->target_addr);
@@ -193,29 +193,29 @@ vita_discover(struct ipmi_intf *intf)
if (rsp == NULL) {
lprintf(LOG_ERR, "No valid response received");
} else if (rsp->ccode == 0xC1) {
- lprintf(LOG_INFO, "Invalid completion code received: %s",
+ lprintf(LOG_DEBUG, "Invalid completion code received: %s",
val2str(rsp->ccode, completion_code_vals));
} else if (rsp->ccode == 0xCC) {
- lprintf(LOG_INFO, "Invalid data field received: %s",
+ lprintf(LOG_DEBUG, "Invalid data field received: %s",
val2str(rsp->ccode, completion_code_vals));
} else if (rsp->ccode != 0) {
- lprintf(LOG_INFO, "Invalid completion code received: %s",
+ lprintf(LOG_DEBUG, "Invalid completion code received: %s",
val2str(rsp->ccode, completion_code_vals));
} else if (rsp->data_len < 5) {
- lprintf(LOG_INFO, "Invalid response length %d",
+ lprintf(LOG_DEBUG, "Invalid response length %d",
rsp->data_len);
} else if (rsp->data[0] != GROUP_EXT_VITA) {
- lprintf(LOG_INFO, "Invalid group extension %#x",
+ lprintf(LOG_DEBUG, "Invalid group extension %#x",
rsp->data[0]);
} else if ((rsp->data[3] & 0x03) != 0) {
- lprintf(LOG_INFO, "Unknown VSO Standard %d",
+ lprintf(LOG_DEBUG, "Unknown VSO Standard %d",
(rsp->data[3] & 0x03));
} else if ((rsp->data[4] & 0x0F) != 1) {
- lprintf(LOG_INFO, "Unknown VSO Specification Revision %d.%d",
+ lprintf(LOG_DEBUG, "Unknown VSO Specification Revision %d.%d",
(rsp->data[4] & 0x0F), (rsp->data[4] >> 4));
} else {
vita_avail = 1;
- lprintf(LOG_INFO, "Discovered VITA 46.11 Revision %d.%d",
+ lprintf(LOG_DEBUG, "Discovered VITA 46.11 Revision %d.%d",
(rsp->data[4] & 0x0F), (rsp->data[4] >> 4));
}
diff -urNp old/lib/ipmi_main.c new/lib/ipmi_main.c
--- old/lib/ipmi_main.c 2018-01-08 15:31:37.159786062 +0100
+++ new/lib/ipmi_main.c 2018-01-08 15:32:35.960077134 +0100
@@ -904,7 +904,7 @@ ipmi_main(int argc, char ** argv,
} else if (!ipmi_oem_active(ipmi_main_intf, "i82571spt")) {
lprintf(LOG_DEBUG, "Acquire IPMB address");
addr = ipmi_acquire_ipmb_address(ipmi_main_intf);
- lprintf(LOG_INFO, "Discovered IPMB address 0x%x", addr);
+ lprintf(LOG_DEBUG, "Discovered IPMB address 0x%x", addr);
}
/*
@@ -956,7 +956,7 @@ ipmi_main(int argc, char ** argv,
ipmi_main_intf->transit_addr,
ipmi_main_intf->transit_channel);
if (ipmi_main_intf->target_ipmb_addr) {
- lprintf(LOG_INFO, "Discovered Target IPMB-0 address %#x",
+ lprintf(LOG_DEBUG, "Discovered Target IPMB-0 address %#x",
ipmi_main_intf->target_ipmb_addr);
}
}

41
SOURCES/0017-ipmitool-1.8.18-check-input-values.patch
Unescape View File

@ -0,0 +1,41 @@ @@ -0,0 +1,41 @@
diff -urNp old/doc/ipmitool.1 new/doc/ipmitool.1
--- old/doc/ipmitool.1 2017-10-03 16:10:50.446539988 +0200
+++ new/doc/ipmitool.1 2017-10-03 16:16:37.039673239 +0200
@@ -3170,13 +3170,14 @@ SOL configuration data for the currently
Enable, disable or show status of SOL payload for the user on the specified channel.
.TP
-\fIset\fP <\fBparameter\fR> <\fBvalue\fR> [<\fBchannel\fR>]
+\fIset\fP <\fBparameter\fR> <\fBvalue\fR> [<\fBchannel\fR>] [\fBnoguard\fR]
.br
Configure parameters for Serial Over Lan. If no channel is given,
it will display SOL configuration data for the currently used
channel. Configuration parameter updates are automatically guarded
-with the updates to the set\-in\-progress parameter.
+with the updates to the set\-in\-progress parameter, unless \fInoguard\fR
+parameter is present.
.RS
.TP
Valid parameters and values are:
diff -urNp old/lib/ipmi_sol.c new/lib/ipmi_sol.c
--- old/lib/ipmi_sol.c 2017-10-03 16:10:50.447539996 +0200
+++ new/lib/ipmi_sol.c 2017-10-03 16:18:37.079006949 +0200
@@ -1875,7 +1875,7 @@ static void
print_sol_usage(void)
{
lprintf(LOG_NOTICE, "SOL Commands: info [<channel number>]");
- lprintf(LOG_NOTICE, " set <parameter> <value> [channel]");
+ lprintf(LOG_NOTICE, " set <parameter> <value> [channel] [noguard]");
lprintf(LOG_NOTICE, " payload <enable|disable|status> [channel] [userid]");
lprintf(LOG_NOTICE, " activate [<usesolkeepalive|nokeepalive>] [instance=<number>]");
lprintf(LOG_NOTICE, " deactivate [instance=<number>]");
@@ -1890,6 +1890,8 @@ print_sol_usage(void)
static void
print_sol_set_usage(void)
{
+ lprintf(LOG_NOTICE, "\nSOL set usage: \n");
+ lprintf(LOG_NOTICE, " sol set <parameter> <value> [channel] [noguard]\n");
lprintf(LOG_NOTICE, "\nSOL set parameters and values: \n");
lprintf(LOG_NOTICE, " set-in-progress set-complete | "
"set-in-progress | commit-write");

365
SOURCES/0018-CVE-2020-5208.patch
Unescape View File

@ -0,0 +1,365 @@ @@ -0,0 +1,365 @@
From 9f436aae2d85c38e0679049bf09f291773079008 Mon Sep 17 00:00:00 2001
From: Chrostoper Ertl <chertl@microsoft.com>
Date: Thu, 28 Nov 2019 16:33:59 +0000
Subject: [PATCH] Fixes for CVE-2020-5208

see https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp

This patch is combination of following commits:

pick e824c23316ae50beb7f7488f2055ac65e8b341f2 fru: Fix buffer overflow vulnerabilities
pick 840fb1cbb4fb365cb9797300e3374d4faefcdb10 fru: Fix buffer overflow in ipmi_spd_print_fru
pick 41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22 session: Fix buffer overflow in ipmi_get_session_info
pick d45572d71e70840e0d4c50bf48218492b79c1a10 lanp: Fix buffer overflows in get_lan_param_select
pick 7ccea283dd62a05a320c1921e3d8d71a87772637 fru, sdr: Fix id_string buffer overflows

[vdolezal@redhat.com]: fixed memleak of `spd_data` in
lib/dimm_spd.c:ipmi_spd_print_fru()
---
lib/dimm_spd.c | 11 ++++++++++-
lib/ipmi_fru.c | 35 ++++++++++++++++++++++++++++++++---
lib/ipmi_lanp.c | 14 +++++++-------
lib/ipmi_sdr.c | 40 ++++++++++++++++++++++++----------------
lib/ipmi_session.c | 12 ++++++++----
5 files changed, 81 insertions(+), 31 deletions(-)

diff --git a/lib/dimm_spd.c b/lib/dimm_spd.c
index 41e30db..ebcc94c 100644
--- a/lib/dimm_spd.c
+++ b/lib/dimm_spd.c
@@ -1621,7 +1621,7 @@ ipmi_spd_print_fru(struct ipmi_intf * intf, uint8_t id)
struct ipmi_rq req;
struct fru_info fru;
uint8_t *spd_data, msg_data[4];
- int len, offset;
+ uint32_t len, offset;
msg_data[0] = id;
@@ -1697,6 +1697,15 @@ ipmi_spd_print_fru(struct ipmi_intf * intf, uint8_t id)
}
len = rsp->data[0];
+ if(rsp->data_len < 1
+ || len > rsp->data_len - 1
+ || len > fru.size - offset)
+ {
+ printf(" Not enough buffer size");
+ free(spd_data);
+ spd_data = NULL;
+ return -1;
+ }
memcpy(&spd_data[offset], rsp->data + 1, len);
offset += len;
} while (offset < fru.size);
diff --git a/lib/ipmi_fru.c b/lib/ipmi_fru.c
index cf00eff..98bc984 100644
--- a/lib/ipmi_fru.c
+++ b/lib/ipmi_fru.c
@@ -615,7 +615,10 @@ int
read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
uint32_t offset, uint32_t length, uint8_t *frubuf)
{
- uint32_t off = offset, tmp, finish;
+ uint32_t off = offset;
+ uint32_t tmp;
+ uint32_t finish;
+ uint32_t size_left_in_buffer;
struct ipmi_rs * rsp;
struct ipmi_rq req;
uint8_t msg_data[4];
@@ -628,10 +631,12 @@ read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
finish = offset + length;
if (finish > fru->size) {
+ memset(frubuf + fru->size, 0, length - fru->size);
finish = fru->size;
lprintf(LOG_NOTICE, "Read FRU Area length %d too large, "
"Adjusting to %d",
offset + length, finish - offset);
+ length = finish - offset;
}
memset(&req, 0, sizeof(req));
@@ -667,6 +672,7 @@ read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
}
}
+ size_left_in_buffer = length;
do {
tmp = fru->access ? off >> 1 : off;
msg_data[0] = id;
@@ -707,9 +713,18 @@ read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
}
tmp = fru->access ? rsp->data[0] << 1 : rsp->data[0];
+ if(rsp->data_len < 1
+ || tmp > rsp->data_len - 1
+ || tmp > size_left_in_buffer)
+ {
+ printf(" Not enough buffer size");
+ return -1;
+ }
+
memcpy(frubuf, rsp->data + 1, tmp);
off += tmp;
frubuf += tmp;
+ size_left_in_buffer -= tmp;
/* sometimes the size returned in the Info command
* is too large. return 0 so higher level function
* still attempts to parse what was returned */
@@ -742,7 +757,9 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
uint32_t offset, uint32_t length, uint8_t *frubuf)
{
static uint32_t fru_data_rqst_size = 20;
- uint32_t off = offset, tmp, finish;
+ uint32_t off = offset;
+ uint32_t tmp, finish;
+ uint32_t size_left_in_buffer;
struct ipmi_rs * rsp;
struct ipmi_rq req;
uint8_t msg_data[4];
@@ -755,10 +772,12 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
finish = offset + length;
if (finish > fru->size) {
+ memset(frubuf + fru->size, 0, length - fru->size);
finish = fru->size;
lprintf(LOG_NOTICE, "Read FRU Area length %d too large, "
"Adjusting to %d",
offset + length, finish - offset);
+ length = finish - offset;
}
memset(&req, 0, sizeof(req));
@@ -773,6 +792,8 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
if (fru->access && fru_data_rqst_size > 16)
#endif
fru_data_rqst_size = 16;
+
+ size_left_in_buffer = length;
do {
tmp = fru->access ? off >> 1 : off;
msg_data[0] = id;
@@ -804,8 +825,16 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
}
tmp = fru->access ? rsp->data[0] << 1 : rsp->data[0];
+ if(rsp->data_len < 1
+ || tmp > rsp->data_len - 1
+ || tmp > size_left_in_buffer)
+ {
+ printf(" Not enough buffer size");
+ return -1;
+ }
memcpy((frubuf + off)-offset, rsp->data + 1, tmp);
off += tmp;
+ size_left_in_buffer -= tmp;
/* sometimes the size returned in the Info command
* is too large. return 0 so higher level function
@@ -3033,7 +3062,7 @@ ipmi_fru_print(struct ipmi_intf * intf, struct sdr_record_fru_locator * fru)
return 0;
memset(desc, 0, sizeof(desc));
- memcpy(desc, fru->id_string, fru->id_code & 0x01f);
+ memcpy(desc, fru->id_string, __min(fru->id_code & 0x01f, sizeof(desc)));
desc[fru->id_code & 0x01f] = 0;
printf("FRU Device Description : %s (ID %d)\n", desc, fru->device_id);
diff --git a/lib/ipmi_lanp.c b/lib/ipmi_lanp.c
index 65d881b..022c7f1 100644
--- a/lib/ipmi_lanp.c
+++ b/lib/ipmi_lanp.c
@@ -1809,7 +1809,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert,
if (p == NULL) {
return (-1);
}
- memcpy(data, p->data, p->data_len);
+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
/* set new ipaddr */
memcpy(data+3, temp, 4);
printf("Setting LAN Alert %d IP Address to %d.%d.%d.%d\n", alert,
@@ -1824,7 +1824,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert,
if (p == NULL) {
return (-1);
}
- memcpy(data, p->data, p->data_len);
+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
/* set new macaddr */
memcpy(data+7, temp, 6);
printf("Setting LAN Alert %d MAC Address to "
@@ -1838,7 +1838,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert,
if (p == NULL) {
return (-1);
}
- memcpy(data, p->data, p->data_len);
+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
if (strncasecmp(argv[1], "def", 3) == 0 ||
strncasecmp(argv[1], "default", 7) == 0) {
@@ -1864,7 +1864,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert,
if (p == NULL) {
return (-1);
}
- memcpy(data, p->data, p->data_len);
+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
if (strncasecmp(argv[1], "on", 2) == 0 ||
strncasecmp(argv[1], "yes", 3) == 0) {
@@ -1889,7 +1889,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert,
if (p == NULL) {
return (-1);
}
- memcpy(data, p->data, p->data_len);
+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
if (strncasecmp(argv[1], "pet", 3) == 0) {
printf("Setting LAN Alert %d destination to PET Trap\n", alert);
@@ -1917,7 +1917,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert,
if (p == NULL) {
return (-1);
}
- memcpy(data, p->data, p->data_len);
+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
if (str2uchar(argv[1], &data[2]) != 0) {
lprintf(LOG_ERR, "Invalid time: %s", argv[1]);
@@ -1933,7 +1933,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert,
if (p == NULL) {
return (-1);
}
- memcpy(data, p->data, p->data_len);
+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
if (str2uchar(argv[1], &data[3]) != 0) {
lprintf(LOG_ERR, "Invalid retry: %s", argv[1]);
diff --git a/lib/ipmi_sdr.c b/lib/ipmi_sdr.c
index fd2c02d..01d81f7 100644
--- a/lib/ipmi_sdr.c
+++ b/lib/ipmi_sdr.c
@@ -2086,7 +2086,7 @@ ipmi_sdr_print_sensor_eventonly(struct ipmi_intf *intf,
return -1;
memset(desc, 0, sizeof (desc));
- snprintf(desc, (sensor->id_code & 0x1f) + 1, "%s", sensor->id_string);
+ snprintf(desc, sizeof(desc), "%.*s", (sensor->id_code & 0x1f) + 1, sensor->id_string);
if (verbose) {
printf("Sensor ID : %s (0x%x)\n",
@@ -2137,7 +2137,7 @@ ipmi_sdr_print_sensor_mc_locator(struct ipmi_intf *intf,
return -1;
memset(desc, 0, sizeof (desc));
- snprintf(desc, (mc->id_code & 0x1f) + 1, "%s", mc->id_string);
+ snprintf(desc, sizeof(desc), "%.*s", (mc->id_code & 0x1f) + 1, mc->id_string);
if (verbose == 0) {
if (csv_output)
@@ -2230,7 +2230,7 @@ ipmi_sdr_print_sensor_generic_locator(struct ipmi_intf *intf,
char desc[17];
memset(desc, 0, sizeof (desc));
- snprintf(desc, (dev->id_code & 0x1f) + 1, "%s", dev->id_string);
+ snprintf(desc, sizeof(desc), "%.*s", (dev->id_code & 0x1f) + 1, dev->id_string);
if (!verbose) {
if (csv_output)
@@ -2287,7 +2287,7 @@ ipmi_sdr_print_sensor_fru_locator(struct ipmi_intf *intf,
char desc[17];
memset(desc, 0, sizeof (desc));
- snprintf(desc, (fru->id_code & 0x1f) + 1, "%s", fru->id_string);
+ snprintf(desc, sizeof(desc), "%.*s", (fru->id_code & 0x1f) + 1, fru->id_string);
if (!verbose) {
if (csv_output)
@@ -2491,35 +2491,43 @@ ipmi_sdr_print_name_from_rawentry(struct ipmi_intf *intf, uint16_t id,
int rc =0;
char desc[17];
+ const char *id_string;
+ uint8_t id_code;
memset(desc, ' ', sizeof (desc));
switch ( type) {
case SDR_RECORD_TYPE_FULL_SENSOR:
record.full = (struct sdr_record_full_sensor *) raw;
- snprintf(desc, (record.full->id_code & 0x1f) +1, "%s",
- (const char *)record.full->id_string);
+ id_code = record.full->id_code;
+ id_string = record.full->id_string;
break;
+
case SDR_RECORD_TYPE_COMPACT_SENSOR:
record.compact = (struct sdr_record_compact_sensor *) raw ;
- snprintf(desc, (record.compact->id_code & 0x1f) +1, "%s",
- (const char *)record.compact->id_string);
+ id_code = record.compact->id_code;
+ id_string = record.compact->id_string;
break;
+
case SDR_RECORD_TYPE_EVENTONLY_SENSOR:
record.eventonly = (struct sdr_record_eventonly_sensor *) raw ;
- snprintf(desc, (record.eventonly->id_code & 0x1f) +1, "%s",
- (const char *)record.eventonly->id_string);
- break;
+ id_code = record.eventonly->id_code;
+ id_string = record.eventonly->id_string;
+ break;
+
case SDR_RECORD_TYPE_MC_DEVICE_LOCATOR:
record.mcloc = (struct sdr_record_mc_locator *) raw ;
- snprintf(desc, (record.mcloc->id_code & 0x1f) +1, "%s",
- (const char *)record.mcloc->id_string);
+ id_code = record.mcloc->id_code;
+ id_string = record.mcloc->id_string;
break;
+
default:
rc = -1;
- break;
- }
+ }
+ if (!rc) {
+ snprintf(desc, sizeof(desc), "%.*s", (id_code & 0x1f) + 1, id_string);
+ }
- lprintf(LOG_INFO, "ID: 0x%04x , NAME: %-16s", id, desc);
+ lprintf(LOG_INFO, "ID: 0x%04x , NAME: %-16s", id, desc);
return rc;
}
diff --git a/lib/ipmi_session.c b/lib/ipmi_session.c
index 141f0f4..b9af1fd 100644
--- a/lib/ipmi_session.c
+++ b/lib/ipmi_session.c
@@ -309,8 +309,10 @@ ipmi_get_session_info(struct ipmi_intf * intf,
}
else
{
- memcpy(&session_info, rsp->data, rsp->data_len);
- print_session_info(&session_info, rsp->data_len);
+ memcpy(&session_info, rsp->data,
+ __min(rsp->data_len, sizeof(session_info)));
+ print_session_info(&session_info,
+ __min(rsp->data_len, sizeof(session_info)));
}
break;
@@ -341,8 +343,10 @@ ipmi_get_session_info(struct ipmi_intf * intf,
break;
}
- memcpy(&session_info, rsp->data, rsp->data_len);
- print_session_info(&session_info, rsp->data_len);
+ memcpy(&session_info, rsp->data,
+ __min(rsp->data_len, sizeof(session_info)));
+ print_session_info(&session_info,
+ __min(rsp->data_len, sizeof(session_info)));
} while (i <= session_info.session_slot_count);
break;
--
2.20.1

44
SOURCES/0019-CVE-2020-5208_2.patch
Unescape View File

@ -0,0 +1,44 @@ @@ -0,0 +1,44 @@
From eb7d138163c835ba5f4c34cd943c05b0e324bcc7 Mon Sep 17 00:00:00 2001
From: Vaclav Dolezal <vdolezal@redhat.com>
Date: Wed, 12 Feb 2020 15:20:32 +0100
Subject: [PATCH] Partial fix for CVE-2020-5208

replacement for patch:
9452be8 channel: Fix buffer overflow

Signed-off-by: Vaclav Dolezal <vdolezal@redhat.com>
---
lib/ipmi_channel.c | 10 ++++++++++
1 file changed, 10 insertions(+)

diff --git a/lib/ipmi_channel.c b/lib/ipmi_channel.c
index e1fc75f..81ae82e 100644
--- a/lib/ipmi_channel.c
+++ b/lib/ipmi_channel.c
@@ -383,6 +383,11 @@ ipmi_get_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type,
val2str(rsp->ccode, completion_code_vals));
return -1;
}
+ if (rsp->data_len > 17) {
+ lprintf(LOG_ERR, "Get Channel Cipher Suites failed - "
+ "received invalid data");
+ return -1;
+ }
/*
@@ -418,6 +423,11 @@ ipmi_get_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type,
val2str(rsp->ccode, completion_code_vals));
return -1;
}
+ if (rsp->data_len > 17) {
+ lprintf(LOG_ERR, "Get Channel Cipher Suites failed - "
+ "received invalid data");
+ return -1;
+ }
}
/* Copy last chunk */
--
2.20.1

326
SOURCES/exchange-bmc-os-info
Unescape View File

@ -0,0 +1,326 @@ @@ -0,0 +1,326 @@
#!/bin/sh
#############################################################################
#
# exchange-bmc-os-info: Set OS and BMC (Baseboard Management Controller)
# parameters during system startup.
#
# version: 0.72
#
# Authors: Charles Rose <charles_rose@dell.com>
# Jordan Hargrave <jordan_hargrave@dell.com>
#
# Description: Script to set OS information in the BMC; fetch BMC IP/URL
# and set in the OS for use by other scripts/user.
#
# BMC IP and URL are made available in /var/run/bmc-info
#
# Example to launch BMC web-interface:
# # . /var/run/bmc-info
# # xdg-open $BMC_URL
#
# See here for details:
# https://fedoraproject.org/wiki/Features/AgentFreeManagement
#
# OEM Specific: OEM specific ipmi commands go in:
# 'oem_set_os_version' and 'oem_get_bmc_url'
#############################################################################
#
# chkconfig: 345 99 00
# description: Set OS name, hostname in BMC; make BMC IP/URL available in OS
# processname: exchange-bmc-os-info
# config: /etc/sysconfig/exchange-bmc-os-info
#
### BEGIN INIT INFO
# Provides: exchange-bmc-os-info
# Required-Start: ipmi
# Default-Start: 3 4 5
# Default-Stop: 0 1 2 6


#############################################################################
# GLOBALS
#############################################################################
CONFIGFILE=/etc/sysconfig/exchange-bmc-os-info
IPMI_TOOL=/usr/bin/ipmitool
BMC_INFO=/var/run/bmc-info

# BMC Manufacturer ID used in 'oem_set_os_version' and 'oem_get_bmc_url'
DELL="674"
#OTHER_OEM="123"

# Defaults for ${CONFIGFILE}
SET_OS_INFO="yes"
RESET_OS_INFO="no"
SET_BMC_INFO="yes"

# getsysinfo and setsysinfo commands
IPMI_SET_SYSINFO="${IPMI_TOOL} mc setsysinfo"
IPMI_GET_SYSINFO="${IPMI_TOOL} mc getsysinfo"
#############################################################################
SCRIPT_NAME=$(basename $0)

# source config
[ -r ${CONFIGFILE} ] && . ${CONFIGFILE}

RETVAL=0

if [ -f /bin/gettext.sh ]; then
GETTEXT=1
. /bin/gettext.sh
OUTPUT="eval_gettext"
else
GETTEXT=0
OUTPUT="echo"
fi

#############################################################################
# Get Vendor ID of BMC for use in 'oem_set_os_version' and 'oem_get_bmc_url'
#
get_bmc_vendor_id()
{
BMC_VENDOR=$(${IPMI_TOOL} mc info 2>/dev/null | \
sed -n "s#^Manufacturer ID.*: ##p")
[ -z "${BMC_VENDOR}" ] && RETVAL=4
}

# set/getsysinfo support was added to ipmitool post v1.8.12 via this patch
# http://sourceforge.net/mailarchive/message.php?msg_id=29647222
check_ipmitool()
{
if [ -x ${IPMI_TOOL} ]; then
[ ! ${IPMI_GET_SYSINFO} >/dev/null 2>&1 ] && \
RETVAL=3
else
RETVAL=2
fi
}

bmc_exists()
{
check_ipmitool
[ $RETVAL -eq 0 ] && get_bmc_vendor_id
return $RETVAL
}
#############################################################################

get_os_info()
{
OS_HOSTNAME=$(hostname)
KERNEL_VERSION=$(uname -r -m)

if [ -e /etc/lsb-release ] ; then
. /etc/lsb-release
NAME=${DISTRIB_ID}
VERSION="${DISTRIB_RELEASE} ${DISTRIB_CODENAME}"
fi

# we prefer systemd's /etc/os-release over other sources
[ -e /etc/os-release ] && . /etc/os-release

OS_NAME=${NAME}
OS_VERSION="${VERSION} kernel ${KERNEL_VERSION}"
}

oem_set_os_version()
{
# OS Version setting is not standard yet
# we need per vendor oem commands
case "${BMC_VENDOR}" in
$DELL) ${IPMI_SET_SYSINFO} delloem_os_version \
"${OS_VERSION}" > /dev/null 2>&1
return $?
;;
# Add OEM specific commands.
# Example:
# $OTHER_OEM) ${IPMI_SET_SYSINFO} otheroem_os_version \
# "${OS_VERSION}" > /dev/null 2>&1
# return $?
# ;;
*) return 0
;;
esac
}

set_os_info()
{
# Set and reset OS info in the BMC
if [ "$1" = "reset" ]; then
OS_NAME=""
OS_HOSTNAME=""
OS_VERSION=""
fi

${IPMI_SET_SYSINFO} os_name "${OS_NAME}" >/dev/null 2>&1 \
|| RETVAL=6
${IPMI_SET_SYSINFO} primary_os_name "${OS_NAME}" >/dev/null 2>&1 \
|| RETVAL=6
${IPMI_SET_SYSINFO} system_name "${OS_HOSTNAME}" >/dev/null 2>&1 \
|| RETVAL=6
oem_set_os_version || RETVAL=6
}

#############################################################################
valid_url()
{
url="(https?|http)://[a-z0-9-]+(\.[a-z0-9-]+)+([/?].*)?"
printf -- "%s" "${TMP_URL}"| grep -Eq "^${url}"
return $?
}

oem_get_bmc_url()
{
# BMC URL is not standard yet
# we need per vendor oem commands
case "$BMC_VENDOR" in
$DELL) TMP_URL=$(${IPMI_GET_SYSINFO} delloem_url 2> /dev/null)
;;
# Add OEM specific commands
# Example:
# $OTHER_OEM)
# TMP_URL=$(${IPMI_GET_SYSINFO} otheroem_url 2> /dev/null)
# ;;
*) TMP_URL="" ;;
esac

valid_url && BMC_URL=${TMP_URL} || BMC_URL=""
}

valid_ip()
{
#Thanks to mkyong.com
octet="([01]?[[:digit:]][[:digit:]]?|2[0-4][[:digit:]]|25[0-5])"

printf -- "%s" "${TMP_IPv4}"| grep -Eq "^${octet}\\.${octet}\\.${octet}\\.${octet}$"
return $?
}

get_bmc_ip()
{
#Thanks to http://ingvar.blog.redpill-linpro.com
for CHANNEL in `seq 1 14`
do
[ $(${IPMI_TOOL} lan print ${CHANNEL} 2>/dev/null \
| grep -q "^Set") ] || break
done

# Get BMC_IPv4 and BMC_URL from BMC
TMP_IPv4=$(${IPMI_TOOL} lan print ${CHANNEL} 2>/dev/null \
| sed -n "s#^IP Address .*: ##p")

valid_ip && BMC_IPv4=${TMP_IPv4} || BMC_IPv4=""
}

get_bmc_info()
{
get_bmc_ip
if [ -z "${BMC_IPv4}" ] || [ "${BMC_IPv4}" = "0.0.0.0" ]; then
BMC_IPv4=""
RETVAL=5
else
# URL makes sense only if there is an IP
oem_get_bmc_url
fi
}

set_bmc_info()
{
if [ ! $(touch "${BMC_INFO}" && chmod 600 "${BMC_INFO}") ]; then
printf "BMC_IPv4=%s\n" "${BMC_IPv4}" > "${BMC_INFO}"
[ -n "${BMC_URL}" ] && \
printf "BMC_URL=%s\n" "${BMC_URL}" >> "${BMC_INFO}"
else
RETVAL=5
fi
}

unset_bmc_info()
{
[ -f ${BMC_INFO} ] && rm -f ${BMC_INFO} > /dev/null 2>&1
}

#############################################################################
start()
{
if bmc_exists; then
[ "${SET_OS_INFO}" = "yes" ] && \
get_os_info && set_os_info

if [ "${SET_BMC_INFO}" = "yes" ]; then
get_bmc_info
if [ ${RETVAL} -eq 0 ]; then
set_bmc_info
fi
fi
fi
}

#############################################################################
stop()
{
if bmc_exists; then
# reset OS info while system reboots
# aids with debugging OS boot-up issues
if [ "${RESET_OS_INFO}" = "yes" ]; then
set_os_info reset
fi
unset_bmc_info
fi
}

#############################################################################
restart()
{
stop
[ $RETVAL -eq 0 ] && start
}

#############################################################################
status()
{
[ -r ${BMC_INFO} ] && \
grep -q "BMC_IPv4" "${BMC_INFO}" >/dev/null 1>&2 && \
BMC_STATUS="ok" || BMC_STATUS="inactive"
${OUTPUT} "${SCRIPT_NAME}: ${BMC_STATUS}" 1>&2
[ ${GETTEXT} -eq 1 ] && echo
}

#############################################################################
usage()
{
${OUTPUT} "Usage: ${SCRIPT_NAME} {start|stop|restart|status}" 1>&2
[ ${GETTEXT} -eq 1 ] && echo
RETVAL=1
}

#############################################################################
# MAIN
#############################################################################
case "$1" in
start) start ;;
stop) stop ;;
restart) restart ;;
status) status ;;
*) usage ;;
esac

case "$RETVAL" in
0|1) ;;
2) ${OUTPUT} "${SCRIPT_NAME}: ipmitool(1) not found." 1>&2 ;;
3) ${OUTPUT} "${SCRIPT_NAME}: this version of ipmitool does not support getsysinfo." 1>&2 ;;
4) ${OUTPUT} "${SCRIPT_NAME}: failed to communicate with BMC." 1>&2 ;;
5) ${OUTPUT} "${SCRIPT_NAME}: failed to set OS information in BMC." 1>&2 ;;
6) ${OUTPUT} "${SCRIPT_NAME}: failed to get BMC information." 1>&2 ;;
*) ${OUTPUT} "${SCRIPT_NAME}: unexpected error." 1>&2 ;;
esac

if [ ${RETVAL} -gt 1 ]; then
${OUTPUT} " Return code: ${RETVAL}" 1>&2
[ ${GETTEXT} -eq 1 ] && echo
fi


exit ${RETVAL}

#############################################################################
# end of file
#############################################################################

13
SOURCES/exchange-bmc-os-info.service
Unescape View File

@ -0,0 +1,13 @@ @@ -0,0 +1,13 @@
[Unit]
Description=Exchange Information between BMC and OS
After=ipmi.service network.target
Requires=ipmi.service

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/libexec/exchange-bmc-os-info start
ExecStop=/usr/libexec/exchange-bmc-os-info stop

[Install]
WantedBy=multi-user.target

26
SOURCES/exchange-bmc-os-info.sysconf
Unescape View File

@ -0,0 +1,26 @@ @@ -0,0 +1,26 @@
# exchange-bmc-os-info
#
# Config file to control Exchange of information between
# the OS and Service Processor/Baseboard Management Controller (BMC)
#
# See here for details
# https://fedoraproject.org/wiki/Features/AgentFreeManagement

### Set OS Info in BMC/Service Processor ###
# Name: SET_OS_INFO
# Description: Set OS Name, Version and Hostname in the Service Processor (BMC)
# Default: yes
SET_OS_INFO="yes"

### Reset OS Info in BMC/Service Processor ###
# Name: RESET_OS_INFO
# Description: Reset OS Name, Version and Hostname in the Service Processor (BMC).
# Useful when the OS Name/Hostname should be empty on reboot
# Default: no
RESET_OS_INFO="no"

### Set BMC/Service Processor Info in OS ###
# Name; SET_BMC_INFO
# Description: Set IP Address and URL of Service Processor/BMC in /run/bmc-info
# Default: yes
SET_BMC_INFO="yes"

13
SOURCES/ipmievd.service
Unescape View File

@ -0,0 +1,13 @@ @@ -0,0 +1,13 @@
[Unit]
Description=Ipmievd Daemon
After=syslog.target
After=ipmi.service

[Service]
EnvironmentFile=-/etc/sysconfig/ipmievd
ExecStart=/usr/sbin/ipmievd $IPMIEVD_OPTIONS
Type=forking
PIDFile=/var/run/ipmievd.pid

[Install]
WantedBy=multi-user.target

1
SOURCES/openipmi-ipmievd.sysconf
Unescape View File

@ -0,0 +1 @@ @@ -0,0 +1 @@
IPMIEVD_OPTIONS="sel daemon pidfile=/var/run/ipmievd.pid"

11
SOURCES/set-bmc-url.sh
Unescape View File

@ -0,0 +1,11 @@ @@ -0,0 +1,11 @@
# Export BMC URL
#

BMC_INFO="/var/run/bmc-info"

if [ "$(id -u)" = "0" ]; then
[ -f ${BMC_INFO} ] && . ${BMC_INFO} && \
export "${BMC_URL}" "${BMC_IPv4}" >/dev/null 2>&1
fi

unset BMC_INFO

389
SPECS/ipmitool.spec
Unescape View File

@ -0,0 +1,389 @@ @@ -0,0 +1,389 @@
%global _hardened_build 1

Name: ipmitool
Summary: Utility for IPMI control
Version: 1.8.18
Release: 9%{?dist}
License: BSD
Group: System Environment/Base
URL: http://ipmitool.sourceforge.net/
Source0: http://downloads.sourceforge.net/project/%{name}/%{name}/%{version}/%{name}-%{version}.tar.bz2
Source1: openipmi-ipmievd.sysconf
Source2: ipmievd.service
Source3: exchange-bmc-os-info.service
Source4: exchange-bmc-os-info.sysconf
Source5: set-bmc-url.sh
Source6: exchange-bmc-os-info

BuildRequires: openssl-devel readline-devel ncurses-devel
BuildRequires: systemd-units
# bootstrap
BuildRequires: automake autoconf libtool
Requires:OpenIPMI-modalias
Requires(post): systemd-sysv
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
Obsoletes: OpenIPMI-tools < 2.0.14-3
Provides: OpenIPMI-tools = 2.0.14-3

Patch1: 0001-ipmitool-1.8.10-ipmievd-init.patch.patch
Patch2: 0002-ipmitool-1.8.10-ipmievd-condrestart.patch.patch
Patch4: 0004-ipmitool-1.8.11-set-kg-key.patch.patch
Patch7: 0007-ipmitool-1.8.11-remove-umask0.patch.patch
Patch9: 0009-ipmitool-1.8.11-bz1126333-slowswid.patch.patch
Patch10: 0010-ipmitool-1.8.11-bz878614-overname.patch.patch
Patch15: 0015-ID-390-Support-for-new-Communication-Interface-USB-M.patch
Patch16: 0016-ipmitool-1.8.18-verbose.patch
Patch17: 0017-ipmitool-1.8.18-check-input-values.patch
Patch18: 0018-CVE-2020-5208.patch
Patch19: 0019-CVE-2020-5208_2.patch


%description
This package contains a utility for interfacing with devices that support
the Intelligent Platform Management Interface specification. IPMI is
an open standard for machine health, inventory, and remote power control.

This utility can communicate with IPMI-enabled devices through either a
kernel driver such as OpenIPMI or over the RMCP LAN protocol defined in
the IPMI specification. IPMIv2 adds support for encrypted LAN
communications and remote Serial-over-LAN functionality.

It provides commands for reading the Sensor Data Repository (SDR) and
displaying sensor values, displaying the contents of the System Event
Log (SEL), printing Field Replaceable Unit (FRU) information, reading and
setting LAN configuration, and chassis power control.

%package -n bmc-snmp-proxy
Requires: net-snmp
Requires: exchange-bmc-os-info
Requires:OpenIPMI-modalias
BuildArch: noarch
Summary: Reconfigure SNMP to include host SNMP agent within BMC
%description -n bmc-snmp-proxy
Given a host with BMC, this package would extend system configuration
of net-snmp to include redirections to BMC based SNMP.


%package -n exchange-bmc-os-info
Requires: hostname
Requires: ipmitool OpenIPMI
Requires:OpenIPMI-modalias
BuildArch: noarch
Requires(post): systemd-sysv
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units

Summary: Let OS and BMC exchange info

%description -n exchange-bmc-os-info
Given a host with BMC, this package would pass the hostname &
OS information to the BMC and also capture the BMC ip info
for the host OS to use.


%prep

%setup -q

%patch1 -p1
%patch2 -p1
%patch4 -p1
%patch7 -p1
%patch9 -p1
%patch10 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1

for f in AUTHORS ChangeLog; do
iconv -f iso-8859-1 -t utf8 < ${f} > ${f}.utf8
mv ${f}.utf8 ${f}
done

%build
# --disable-dependency-tracking speeds up the build
# --enable-file-security adds some security checks
# --disable-intf-free disables FreeIPMI support - we don't want to depend on
# FreeIPMI libraries, FreeIPMI has its own ipmitoool-like utility.

# begin: release auto-tools
# Used to be needed by aarch64 support, now only cxoem patch makefiles are left.
aclocal
libtoolize --automake --copy
autoheader
automake --foreign --add-missing --copy
aclocal
autoconf
automake --foreign
# end: release auto-tools

%configure \
CFLAGS="%{optflags} -fno-strict-aliasing" \
--disable-dependency-tracking --enable-file-security --disable-intf-free
make %{?_smp_mflags}

%install
make DESTDIR=%{buildroot} install

install -Dpm 644 %{SOURCE2} %{buildroot}%{_unitdir}/ipmievd.service
install -Dpm 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/sysconfig/ipmievd
install -Dm 644 %{SOURCE3} %{buildroot}%{_unitdir}/exchange-bmc-os-info.service
install -Dm 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/exchange-bmc-os-info
install -Dm 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/profile.d/set-bmc-url.sh
install -Dm 755 %{SOURCE6} %{buildroot}%{_libexecdir}/exchange-bmc-os-info


install -Dm 644 contrib/bmc-snmp-proxy.sysconf %{buildroot}%{_sysconfdir}/sysconfig/bmc-snmp-proxy
install -Dm 644 contrib/bmc-snmp-proxy.service %{buildroot}%{_unitdir}/bmc-snmp-proxy.service
install -Dm 755 contrib/bmc-snmp-proxy %{buildroot}%{_libexecdir}/bmc-snmp-proxy

%post
%systemd_post ipmievd.service

%preun
%systemd_preun ipmievd.service

%postun
%systemd_postun_with_restart ipmievd.service

%post -n exchange-bmc-os-info
%systemd_post exchange-bmc-os-info.service

%preun -n exchange-bmc-os-info
%systemd_preun exchange-bmc-os-info.service

%postun -n exchange-bmc-os-info
%systemd_postun_with_restart exchange-bmc-os-info.service


%triggerun -- ipmievd < 1.8.11-7
# Save the current service runlevel info
# User must manually run systemd-sysv-convert --apply ipmievd
# to migrate them to systemd targets
/usr/bin/systemd-sysv-convert --save ipmievd >/dev/null 2>&1 ||:

# Run these because the SysV package being removed won't do them
/sbin/chkconfig --del ipmievd >/dev/null 2>&1 || :
/bin/systemctl try-restart ipmievd.service >/dev/null 2>&1 || :

%files
%config(noreplace) %{_sysconfdir}/sysconfig/ipmievd
%{_unitdir}/ipmievd.service
%{_bindir}/*
%{_sbindir}/*
%{_mandir}/man*/*
%doc %{_datadir}/doc/ipmitool
%{_datadir}/ipmitool

%files -n exchange-bmc-os-info
%config(noreplace) %{_sysconfdir}/sysconfig/exchange-bmc-os-info
%{_sysconfdir}/profile.d/set-bmc-url.sh
%{_unitdir}/exchange-bmc-os-info.service
%{_libexecdir}/exchange-bmc-os-info

%files -n bmc-snmp-proxy
%config(noreplace) %{_sysconfdir}/sysconfig/bmc-snmp-proxy
%{_unitdir}/bmc-snmp-proxy.service
%{_libexecdir}/bmc-snmp-proxy

%changelog
* Wed Mar 04 2020 Václav Doležal <vdolezal@redhat.com> - 0:1.8.18-9
- Disable -fstrict-aliasing (RPMDiff issue)

* Tue Mar 03 2020 Václav Doležal <vdolezal@redhat.com> - 0:1.8.18-8
- Backport fix for CVE-2020-5208

* Tue Feb 06 2018 Josef Ridky <jridky@redhat.com> - 0:1.8.18-7
- Remove debug prints shown without -v option (#1483163)

* Tue Oct 03 2017 Josef Ridky <jridky@redhat.com> - 0:1.8.18-6
- Hide unrequested verbose output (#1483163)
- Fix doc for check input values (#1495098)

* Mon Apr 10 2017 Josef Ridky <jridky@redhat.com> - 0:1.8.18-5
- Remove RPMDiff fix file (#1439269) related to #1398658

* Tue Feb 21 2017 Josef Ridky <jridky@redhat.com> - 0:1.8.18-4
- Fix RPMDiff issues and rebuild

* Thu Feb 16 2017 Josef Ridky <jridky@redhat.com> - 0:1.8.18-3
- Fix issues with warning: dereferencing type-punned pointer
will break strict-aliasing rules from RPMDiff

* Mon Feb 13 2017 Josef Ridky <jridky@redhat.com> - 0:1.8.18-2
- Fix issue in file sources

* Thu Feb 02 2017 Josef Ridky <jridky@redhat.com> - 0:1.8.18-1
- New upstream release 1.8.18 (#1398658)

* Tue May 03 2016 Boris Ranto <branto@redhat.com> - 0:1.8.15-7
- New release (0:1.8.15-7)
- ID:437 - sel: Fix "sel time set <time>"
- ID 408 - fix sel list last X listing

* Thu Mar 24 2016 Boris Ranto <branto@redhat.com> - 1.8.15-6
- Fix missing return in ipmi_kontronoem_main() - CID#1261317

* Fri Feb 19 2016 Boris Ranto <branto@redhat.com> - 1.8.15-5
- allow to upgrade the latest HPM files using usb options
- resolves: rhbz#1257316

* Thu Feb 18 2016 Boris Ranto <branto@redhat.com> - 1.8.15-4
- use meaningful generator ID for ipmitool sel
- resolves: rhbz#1289507

* Thu Feb 18 2016 Boris Ranto <branto@redhat.com> - 1.8.15-3
- perform a hardened build
- resolves: rhbz#1092551

* Thu Feb 18 2016 Boris Ranto <branto@redhat.com> - 1.8.15-2
- avoid assert on mismatched session ID
- resolves: rhbz#1286035

* Fri Dec 11 2015 Boris Ranto <branto@redhat.com> - 1.8.15-1
- rebase to latest stable upstream version
- resolves: rhbz#1269523

* Mon Mar 09 2015 Ales Ledvinka <aledvink@redhat.com> - 1.8.13-8
- Chassis boot parameter settings support.

* Wed Mar 05 2014 Ales Ledvinka <aledvink@redhat.com> - 1.8.13-7
- Allow setting channel Kg key.

* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.8.13-6
- Mass rebuild 2014-01-24

* Mon Jan 20 2014 Ales Ledvinka <aledvink@redhat.com> 1.8.13-5
- bmc-snmp-proxy upstream bugfixes.

* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.8.13-4
- Mass rebuild 2013-12-27

* Tue Nov 5 2013 Ales Ledvinka <aledvink@redhat.com> 1.8.13-3
- Cleanup of dual bridge option.

* Tue Oct 15 2013 Ales Ledvinka <aledvink@redhat.com> 1.8.13-2
- BMC SNMP agent redirection

* Mon Oct 14 2013 Ales Ledvinka <aledvink@redhat.com> 1.8.13-1
- Upstream release 1.8.13

* Fri Aug 09 2013 Ales Ledvinka <aledvink@redhat.com> 1.8.12-13073103
- Avoid FIPS mode crashes if possible.
- Document FIPS limitations.

* Wed Jul 31 2013 Ales Ledvinka <aledvink@redhat.com> 1.8.12-13073101
- Include current upstream bugfixes.

* Thu Jul 25 2013 Ales Ledvinka <aledvink@redhat.com> 1.8.12-16
- Calxeda OEM extensions.

* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.12-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Mon Dec 17 2012 Praveen K Paladugu <praveen_paladugu@dell.com> - 1.8.12-14
- Updated the exchange-bmc-os-info's service file with Requires stmt

* Fri Dec 14 2012 Ales Ledvinka <aledvink@redhat.com> 1.8.12-13
- fixed argument parsing leaks
- ask user for password only once and do so only when interactive password
is the chosen password method.

* Thu Dec 13 2012 Praveen K Paladugu <praveen_paladugu@dell.com> - 1.8.12-12
- Removed the extra symbols in the patch, as the build is failing.

* Thu Dec 13 2012 Praveen K Paladugu <praveen_paladugu@dell.com> - 1.8.12-11
- Subpackage for exchange-bmc-os-info as it requires OPenIPMI

* Wed Dec 12 2012 Ales Ledvinka <aledvink@redhat.com> 1.8.12-10
- documented fixed and conditional defaults. adjusted synopsis

* Tue Dec 4 2012 Ales Ledvinka <aledvink@redhat.com> 1.8.12-9
- fixed ipmitool documentation

* Fri Nov 30 2012 Praveen K Paladugu <praveen_paladugu@dell.com> 1.8.12-8
- service & scripts to allow OS to capture BMC's IP & URL info
- Also pass the OS information to BMC
- patches submitted by Charles Rose (charles_rose[at]dell.com)

* Fri Nov 16 2012 Ales Ledvinka <aledvink@redhat.com> 1.8.12-7
- failed sol session activation crashes while logging exit

* Fri Nov 16 2012 Ales Ledvinka <aledvink@redhat.com> 1.8.12-6
- revert default cipersuite back to 3 which includes integrity and confidentiality

* Thu Oct 18 2012 Dan Horák <dan[at]danny.cz> - 1.8.12-5
- fix build on big endian arches

* Wed Oct 17 2012 Ales Ledvinka <aledvink@redhat.cz> 1.8.12-4
- support setting OS name and Hostname on BMC

* Tue Sep 04 2012 Dan Horák <dan[at]danny.cz> - 1.8.12-3
- fix build on big endian arches

* Mon Aug 27 2012 Jan Safranek <jsafrane@redhat.com> - 1.8.12-2
- Fixed starting ipmievd under systemd (#819234).
- Updated RPM scriplets with latest systemd-rpm macros (#850161)

* Fri Aug 10 2012 Jan Safranek <jsafrane@redhat.com> - 1.8.12-1
- update to ipmitool-1.8.12

* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.11-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Tue May 22 2012 Jan Safranek <jsafrane@redhat.com> - 1.8.11-11
- start ipmievd.service after ipmi (#819234)

* Thu Apr 26 2012 Jan Safranek <jsafrane@redhat.com> - 1.8.11-10
- fixed ipmievd.service systemd unit (#807757)

* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.11-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

* Tue Dec 13 2011 Jan Safranek <jsafrane@redhat.com> - 1.8.11-8
- fixed CVE-2011-4339

* Mon Sep 12 2011 Tom Callaway <spot@fedoraproject.org> - 1.8.11-7
- convert to systemd

* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.11-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

* Wed Mar 3 2010 Jan Safranek <jsafrane@redhat.com> - 1.8.11-5
- Fixed exit code of ipmievd initscript with wrong arguments

* Mon Nov 2 2009 Jan Safranek <jsafrane@redhat.com> 1.8.11-4
- fix ipmievd initscript 'condrestart' action (#532188)

* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.8.11-3
- rebuilt with new openssl

* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

* Thu Feb 26 2009 Jan Safranek <jsafrane@redhat.com> 1.8.11-1
- updated to new version

* Tue Feb 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.10-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

* Sat Jan 17 2009 Tomas Mraz <tmraz@redhat.com> 1.8.10-3
- rebuild with new openssl

* Tue Oct 14 2008 Jan Safranek <jsafrane@redhat.com> 1.8.10-2
- fix issues found during package review:
- clear Default-Start: line in the init script, the service should be
disabled by default
- added Obsoletes: OpenIPMI-tools
- compile with --disable-dependency-tracking to speed things up
- compile with --enable-file-security
- compile with --disable-intf-free, don't depend on FreeIPMI libraries
(FreeIPMI has its own ipmitool-like utility)

* Mon Oct 13 2008 Jan Safranek <jsafrane@redhat.com> 1.8.10-1
- package created, based on upstream .spec file
Write Preview
Loading…
Cancel
Save