basebuilder_pel7x64builder0
2 years ago
18 changed files with 1808 additions and 0 deletions
@ -0,0 +1,48 @@ |
|||||||
|
From 88c6180c807bcdcbe5a189fa7a2a7432cd3a750d Mon Sep 17 00:00:00 2001 |
||||||
|
From: Boris Ranto <branto@redhat.com> |
||||||
|
Date: Fri, 6 Nov 2015 12:06:52 +0100 |
||||||
|
Subject: [PATCH 01/11] ipmitool-1.8.10-ipmievd-init.patch |
||||||
|
|
||||||
|
562186 - Initscript of the ipmievd service not LSB compliant |
||||||
|
|
||||||
|
Backported by: dgregor jsafrane |
||||||
|
--- |
||||||
|
contrib/ipmievd.init.redhat | 8 ++++---- |
||||||
|
1 file changed, 4 insertions(+), 4 deletions(-) |
||||||
|
|
||||||
|
diff --git a/contrib/ipmievd.init.redhat b/contrib/ipmievd.init.redhat |
||||||
|
index 1c0253d..7cf9d24 100755 |
||||||
|
--- a/contrib/ipmievd.init.redhat |
||||||
|
+++ b/contrib/ipmievd.init.redhat |
||||||
|
@@ -5,7 +5,7 @@ |
||||||
|
# Based on example sysvinitfiles script |
||||||
|
# Copyright (c) 2000 Red Hat Software, Inc. |
||||||
|
# |
||||||
|
-# chkconfig: 345 99 00 |
||||||
|
+# chkconfig: - 99 00 |
||||||
|
# description: ipmievd daemon to send events to syslog |
||||||
|
# processname: ipmievd |
||||||
|
# config: /etc/sysconfig/ipmievd |
||||||
|
@@ -16,8 +16,8 @@ |
||||||
|
# Should-Start: $time |
||||||
|
# Required-Stop: $syslog ipmi |
||||||
|
# Should-Stop: $time |
||||||
|
-# Default-Start: 3 4 5 |
||||||
|
-# Default-Stop: 0 1 2 6 |
||||||
|
+# Default-Start: |
||||||
|
+# Default-Stop: |
||||||
|
# Short-Description: ipmievd daemon to send events to syslog |
||||||
|
# Description: Start ipmievd to read events from BMC and |
||||||
|
# log them to syslog. Events correspond to hardware faults, |
||||||
|
@@ -81,7 +81,7 @@ case "$1" in |
||||||
|
;; |
||||||
|
*) |
||||||
|
echo "Usage: ipmievd {start|stop|status|reload|restart|condrestart}" |
||||||
|
- exit 1 |
||||||
|
+ exit 2 |
||||||
|
;; |
||||||
|
esac |
||||||
|
exit $? |
||||||
|
-- |
||||||
|
2.1.0 |
||||||
|
|
@ -0,0 +1,76 @@ |
|||||||
|
From a82448d0a53be621e9a1f5f7dff44e4e481e174c Mon Sep 17 00:00:00 2001 |
||||||
|
From: Boris Ranto <branto@redhat.com> |
||||||
|
Date: Fri, 6 Nov 2015 12:12:29 +0100 |
||||||
|
Subject: [PATCH 02/11] ipmitool-1.8.10-ipmievd-condrestart.patch |
||||||
|
MIME-Version: 1.0 |
||||||
|
Content-Type: text/plain; charset=UTF-8 |
||||||
|
Content-Transfer-Encoding: 8bit |
||||||
|
|
||||||
|
532188 - ipmievd init script's condrestart doesn't work |
||||||
|
Author: Ville Skyttä (ville.skytta@iki.fi) |
||||||
|
Sent upstream as |
||||||
|
https://sourceforge.net/tracker/?func=detail&aid=2889888&group_id=95200&atid=610552 |
||||||
|
|
||||||
|
Initscipt output tuning by Jan Safranek |
||||||
|
|
||||||
|
Backported by: dgregor jsafrane |
||||||
|
--- |
||||||
|
contrib/ipmievd.init.redhat | 18 ++++++++++++------ |
||||||
|
1 file changed, 12 insertions(+), 6 deletions(-) |
||||||
|
|
||||||
|
diff --git a/contrib/ipmievd.init.redhat b/contrib/ipmievd.init.redhat |
||||||
|
index 7cf9d24..71b90b9 100755 |
||||||
|
--- a/contrib/ipmievd.init.redhat |
||||||
|
+++ b/contrib/ipmievd.init.redhat |
||||||
|
@@ -44,24 +44,31 @@ test -r $IPMIEVD_CONFIG || { echo "$IPMIEVD_CONFIG does not exist"; |
||||||
|
. /etc/init.d/functions |
||||||
|
|
||||||
|
start() { |
||||||
|
- echo "Starting ipmievd:" |
||||||
|
+ echo -n "Starting ipmievd:" |
||||||
|
if [ -f /var/lock/subsys/ipmievd ]; then |
||||||
|
return 0 |
||||||
|
fi |
||||||
|
daemon $IPMIEVD_BIN $IPMIEVD_OPTIONS |
||||||
|
ret=$? |
||||||
|
[ $ret -eq 0 ] && touch /var/lock/subsys/ipmievd |
||||||
|
+ echo |
||||||
|
return $ret |
||||||
|
} |
||||||
|
|
||||||
|
stop() { |
||||||
|
- echo "Shutting down ipmievd:" |
||||||
|
+ echo -n "Shutting down ipmievd:" |
||||||
|
killproc $IPMIEVD_BIN |
||||||
|
ret=$? |
||||||
|
[ $ret -eq 0 ] && rm -f /var/lock/subsys/ipmievd |
||||||
|
+ echo |
||||||
|
return $ret |
||||||
|
} |
||||||
|
|
||||||
|
+restart() { |
||||||
|
+ stop |
||||||
|
+ start |
||||||
|
+} |
||||||
|
+ |
||||||
|
case "$1" in |
||||||
|
start) |
||||||
|
start |
||||||
|
@@ -72,11 +79,10 @@ case "$1" in |
||||||
|
status) |
||||||
|
status $IPMIEVD_BIN |
||||||
|
;; |
||||||
|
- restart|reload) |
||||||
|
- stop |
||||||
|
- start |
||||||
|
+ restart|reload|force-reload) |
||||||
|
+ restart |
||||||
|
;; |
||||||
|
- condrestart) |
||||||
|
+ try-restart|condrestart) |
||||||
|
[ -f /var/lock/subsys/ipmievd ] && restart || : |
||||||
|
;; |
||||||
|
*) |
||||||
|
-- |
||||||
|
2.1.0 |
||||||
|
|
@ -0,0 +1,240 @@ |
|||||||
|
diff -urNp old/doc/ipmitool.1 new/doc/ipmitool.1 |
||||||
|
--- old/doc/ipmitool.1 2017-02-06 10:20:02.254362909 +0100 |
||||||
|
+++ new/doc/ipmitool.1 2017-02-06 10:33:41.729294474 +0100 |
||||||
|
@@ -372,6 +372,20 @@ Configure user access information on the |
||||||
|
|
||||||
|
Displays the list of cipher suites supported for the given |
||||||
|
application (ipmi or sol) on the given channel. |
||||||
|
+.TP |
||||||
|
+\fIsetkg\fP <\fIhex\fP|\fIplain\fP> <\fBkey\fP> [<\fBchannel\fR>] |
||||||
|
+.br |
||||||
|
+ |
||||||
|
+Sets K_g key to given value. Use \fIplain\fP to specify \fBkey\fR as simple ASCII string. |
||||||
|
+Use \fIhex\fP to specify \fBkey\fR as sequence of hexadecimal codes of ASCII charactes. |
||||||
|
+I.e. following two examples are equivalent: |
||||||
|
+ |
||||||
|
+.RS |
||||||
|
+ipmitool channel setkg plain PASSWORD |
||||||
|
+ |
||||||
|
+ipmitool channel setkg hex 50415353574F5244 |
||||||
|
+.RE |
||||||
|
+ |
||||||
|
.RE |
||||||
|
.RE |
||||||
|
.TP |
||||||
|
diff -urNp old/include/ipmitool/helper.h new/include/ipmitool/helper.h |
||||||
|
--- old/include/ipmitool/helper.h 2017-02-06 10:20:02.254362909 +0100 |
||||||
|
+++ new/include/ipmitool/helper.h 2017-02-06 10:40:07.336136844 +0100 |
||||||
|
@@ -58,6 +58,8 @@ |
||||||
|
# define IPMI_UID_MAX 63 |
||||||
|
#endif |
||||||
|
|
||||||
|
+#define IPMI_KG_BUFFER_SIZE 21 /* key plus null byte */ |
||||||
|
+ |
||||||
|
struct ipmi_intf; |
||||||
|
|
||||||
|
struct valstr { |
||||||
|
diff -urNp old/include/ipmitool/ipmi_channel.h new/include/ipmitool/ipmi_channel.h |
||||||
|
--- old/include/ipmitool/ipmi_channel.h 2017-02-06 10:20:02.253316684 +0100 |
||||||
|
+++ new/include/ipmitool/ipmi_channel.h 2017-02-06 10:58:15.291287621 +0100 |
||||||
|
@@ -49,6 +49,10 @@ |
||||||
|
#define IPMI_GET_USER_NAME 0x46 |
||||||
|
#define IPMI_SET_USER_PASSWORD 0x47 |
||||||
|
#define IPMI_GET_CHANNEL_CIPHER_SUITES 0x54 |
||||||
|
+#define IPMI_SET_CHANNEL_SECURITY_KEYS 0x56 |
||||||
|
+ |
||||||
|
+#define IPMI_KG_KEY_ID 1 |
||||||
|
+#define IPMI_SET_CHANNEL_SECURITY_KEYS_OP_SET 1 |
||||||
|
|
||||||
|
/* These are for channel_info_t.session_support */ |
||||||
|
#define IPMI_CHANNEL_SESSION_LESS 0x00 |
||||||
|
@@ -137,6 +141,40 @@ int _ipmi_set_channel_access(struct ipmi |
||||||
|
struct channel_access_t channel_access, uint8_t access_option, |
||||||
|
uint8_t privilege_option); |
||||||
|
|
||||||
|
+struct set_channel_security_keys_req { |
||||||
|
+#if WORDS_BIGENDIAN |
||||||
|
+ uint8_t __reserved1 :4; |
||||||
|
+ uint8_t channel :4; |
||||||
|
+ |
||||||
|
+ uint8_t __reserved2 :6; |
||||||
|
+ uint8_t operation :2; |
||||||
|
+ |
||||||
|
+ uint8_t key_id; |
||||||
|
+ unsigned char key_value[IPMI_KG_BUFFER_SIZE-1]; /* we don't want space for '\0' at the end */ |
||||||
|
+#else |
||||||
|
+ uint8_t channel :4; |
||||||
|
+ uint8_t __reserved1 :4; |
||||||
|
+ |
||||||
|
+ uint8_t operation :2; |
||||||
|
+ uint8_t __reserved2 :6; |
||||||
|
+ |
||||||
|
+ uint8_t key_id; |
||||||
|
+ unsigned char key_value[IPMI_KG_BUFFER_SIZE-1]; /* we don't want space for '\0' at the end */ |
||||||
|
+#endif |
||||||
|
+} __attribute__ ((packed)); |
||||||
|
+ |
||||||
|
+struct set_channel_security_keys_rsp { |
||||||
|
+#if WORDS_BIGENDIAN |
||||||
|
+ uint8_t __reserved1 :6; |
||||||
|
+ uint8_t lock_status :2; |
||||||
|
+ unsigned char key_value; /* just the first character, use &key_value to explore the rest */ |
||||||
|
+#else |
||||||
|
+ uint8_t lock_status :2; |
||||||
|
+ uint8_t __reserved1 :6; |
||||||
|
+ unsigned char key_value; /* just the first character, use &key_value to explore the rest */ |
||||||
|
+#endif |
||||||
|
+} __attribute__ ((packed)); |
||||||
|
+ |
||||||
|
uint8_t ipmi_get_channel_medium(struct ipmi_intf * intf, uint8_t channel); |
||||||
|
uint8_t ipmi_current_channel_medium(struct ipmi_intf * intf); |
||||||
|
int ipmi_channel_main(struct ipmi_intf * intf, int argc, char ** argv); |
||||||
|
diff -urNp old/include/ipmitool/ipmi_intf.h new/include/ipmitool/ipmi_intf.h |
||||||
|
--- old/include/ipmitool/ipmi_intf.h 2017-02-06 10:20:02.254362909 +0100 |
||||||
|
+++ new/include/ipmitool/ipmi_intf.h 2017-02-06 10:40:40.264577602 +0100 |
||||||
|
@@ -60,7 +60,6 @@ enum LANPLUS_SESSION_STATE { |
||||||
|
|
||||||
|
#define IPMI_AUTHCODE_BUFFER_SIZE 20 |
||||||
|
#define IPMI_SIK_BUFFER_SIZE IPMI_MAX_MD_SIZE |
||||||
|
-#define IPMI_KG_BUFFER_SIZE 21 /* key plus null byte */ |
||||||
|
|
||||||
|
struct ipmi_session_params { |
||||||
|
char * hostname; |
||||||
|
diff -urNp old/lib/ipmi_channel.c new/lib/ipmi_channel.c |
||||||
|
--- old/lib/ipmi_channel.c 2017-02-06 10:20:02.255409134 +0100 |
||||||
|
+++ new/lib/ipmi_channel.c 2017-02-06 12:32:14.222282317 +0100 |
||||||
|
@@ -821,6 +821,92 @@ ipmi_set_user_access(struct ipmi_intf *i |
||||||
|
return 0; |
||||||
|
} |
||||||
|
|
||||||
|
+int |
||||||
|
+ipmi_set_channel_security_keys (struct ipmi_intf *intf, uint8_t channel, const char *method, const char *key) |
||||||
|
+{ |
||||||
|
+ uint8_t kgkey[IPMI_KG_BUFFER_SIZE]; |
||||||
|
+ struct ipmi_rs *rsp; |
||||||
|
+ struct ipmi_rq req; |
||||||
|
+ struct set_channel_security_keys_req req_data; |
||||||
|
+ int rc = -1; |
||||||
|
+ |
||||||
|
+ /* convert provided key to array of bytes */ |
||||||
|
+ if (strcmp(method, "hex") == 0) { |
||||||
|
+ if (strlen(key) > (IPMI_KG_BUFFER_SIZE-1)*2) { |
||||||
|
+ lprintf(LOG_ERR, "Provided key is too long, max. length is %d bytes", (IPMI_KG_BUFFER_SIZE-1)); |
||||||
|
+ printf_channel_usage(); |
||||||
|
+ return -1; |
||||||
|
+ } |
||||||
|
+ |
||||||
|
+ rc = ipmi_parse_hex(key, kgkey, sizeof(kgkey)-1); |
||||||
|
+ if (rc == -1) { |
||||||
|
+ lprintf(LOG_ERR, "Number of Kg key characters is not even"); |
||||||
|
+ return rc; |
||||||
|
+ } else if (rc == -3) { |
||||||
|
+ lprintf(LOG_ERR, "Kg key is not hexadecimal number"); |
||||||
|
+ return rc; |
||||||
|
+ } else if (rc > (IPMI_KG_BUFFER_SIZE-1)) { |
||||||
|
+ lprintf(LOG_ERR, "Kg key is too long"); |
||||||
|
+ return rc; |
||||||
|
+ } |
||||||
|
+ |
||||||
|
+ } else if (strcmp(method, "plain") == 0) { |
||||||
|
+ if (strlen(key) > IPMI_KG_BUFFER_SIZE-1) { |
||||||
|
+ lprintf(LOG_ERR, "Provided key is too long, max. length is %d bytes", (IPMI_KG_BUFFER_SIZE -1)); |
||||||
|
+ printf_channel_usage(); |
||||||
|
+ return rc; |
||||||
|
+ } |
||||||
|
+ |
||||||
|
+ strncpy(kgkey, key, IPMI_KG_BUFFER_SIZE-1); |
||||||
|
+ } else { |
||||||
|
+ printf_channel_usage(); |
||||||
|
+ return rc; |
||||||
|
+ } |
||||||
|
+ |
||||||
|
+ /* assemble and send request to set kg key */ |
||||||
|
+ memset(&req_data, 0, sizeof(req_data)); |
||||||
|
+ req_data.channel = channel; |
||||||
|
+ req_data.operation = IPMI_SET_CHANNEL_SECURITY_KEYS_OP_SET; |
||||||
|
+ req_data.key_id = IPMI_KG_KEY_ID; |
||||||
|
+ memcpy(req_data.key_value, kgkey, IPMI_KG_BUFFER_SIZE-1); |
||||||
|
+ |
||||||
|
+ memset(&req, 0, sizeof(req)); |
||||||
|
+ req.msg.netfn = IPMI_NETFN_APP; |
||||||
|
+ req.msg.cmd = IPMI_SET_CHANNEL_SECURITY_KEYS; |
||||||
|
+ req.msg.data = (uint8_t*) &req_data; |
||||||
|
+ req.msg.data_len = sizeof(req_data); |
||||||
|
+ |
||||||
|
+ rsp = intf->sendrecv(intf, &req); |
||||||
|
+ if (rsp == NULL) { |
||||||
|
+ lprintf(LOG_ERR, "Set Channel Security Keys command failed"); |
||||||
|
+ return rc; |
||||||
|
+ } |
||||||
|
+ if (rsp->ccode > 0) { |
||||||
|
+ const char *error = NULL; |
||||||
|
+ switch (rsp->ccode) { |
||||||
|
+ case 0x80: |
||||||
|
+ error = "Key is locked"; |
||||||
|
+ break; |
||||||
|
+ case 0x81: |
||||||
|
+ error = "Insufficient key bytes"; |
||||||
|
+ break; |
||||||
|
+ case 0x82: |
||||||
|
+ error = "Too many key bytes"; |
||||||
|
+ break; |
||||||
|
+ case 0x83: |
||||||
|
+ error = "Key value does not meet criteria for K_g key"; |
||||||
|
+ break; |
||||||
|
+ default: |
||||||
|
+ error = val2str(rsp->ccode, completion_code_vals); |
||||||
|
+ } |
||||||
|
+ lprintf(LOG_ERR, "Error setting security key: %X (%s)", rsp->ccode, error); |
||||||
|
+ return rc; |
||||||
|
+ } |
||||||
|
+ |
||||||
|
+ lprintf(LOG_NOTICE, "Set Channel Security Keys command succeeded"); |
||||||
|
+ return 0; |
||||||
|
+} |
||||||
|
+ |
||||||
|
int |
||||||
|
ipmi_channel_main(struct ipmi_intf *intf, int argc, char **argv) |
||||||
|
{ |
||||||
|
@@ -890,6 +976,19 @@ ipmi_channel_main(struct ipmi_intf *intf |
||||||
|
retval = ipmi_get_channel_cipher_suites(intf, |
||||||
|
argv[1], /* ipmi | sol */ |
||||||
|
channel); |
||||||
|
+ } else if (strncmp(argv[0], "setkg", 5) == 0) { |
||||||
|
+ if (argc < 3 || argc > 4) |
||||||
|
+ printf_channel_usage(); |
||||||
|
+ else { |
||||||
|
+ uint8_t ch = 0xe; |
||||||
|
+ char *method = argv[1]; |
||||||
|
+ char *key = argv[2]; |
||||||
|
+ if (argc == 4) { |
||||||
|
+ ch = (uint8_t)strtol(argv[3], NULL, 0); |
||||||
|
+ } |
||||||
|
+ |
||||||
|
+ retval = ipmi_set_channel_security_keys(intf, ch, method, key); |
||||||
|
+ } |
||||||
|
} else { |
||||||
|
lprintf(LOG_ERR, "Invalid CHANNEL command: %s\n", argv[0]); |
||||||
|
printf_channel_usage(); |
||||||
|
@@ -916,6 +1015,10 @@ printf_channel_usage() |
||||||
|
lprintf(LOG_NOTICE, |
||||||
|
""); |
||||||
|
lprintf(LOG_NOTICE, |
||||||
|
+" setkg hex|plain <key> [channel]"); |
||||||
|
+ lprintf(LOG_NOTICE, |
||||||
|
+""); |
||||||
|
+ lprintf(LOG_NOTICE, |
||||||
|
"Possible privilege levels are:"); |
||||||
|
lprintf(LOG_NOTICE, |
||||||
|
" 1 Callback level"); |
||||||
|
diff -urNp old/src/plugins/ipmi_intf.c new/src/plugins/ipmi_intf.c |
||||||
|
--- old/src/plugins/ipmi_intf.c 2017-02-06 10:20:02.257501584 +0100 |
||||||
|
+++ new/src/plugins/ipmi_intf.c 2017-02-06 10:42:12.585257810 +0100 |
||||||
|
@@ -55,6 +55,7 @@ |
||||||
|
#include <ipmitool/ipmi.h> |
||||||
|
#include <ipmitool/ipmi_sdr.h> |
||||||
|
#include <ipmitool/log.h> |
||||||
|
+#include <ipmitool/helper.h> |
||||||
|
|
||||||
|
#define IPMI_DEFAULT_PAYLOAD_SIZE 25 |
||||||
|
|
@ -0,0 +1,28 @@ |
|||||||
|
From 4ca58a30ef718975232231f1a5044554718b3404 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Boris Ranto <branto@redhat.com> |
||||||
|
Date: Fri, 6 Nov 2015 12:58:31 +0100 |
||||||
|
Subject: [PATCH 07/11] ipmitool-1.8.11-remove-umask0.patch |
||||||
|
|
||||||
|
CVE-2011-4339 OpenIPMI: IPMI event daemon creates PID file with world |
||||||
|
writeable permissions |
||||||
|
|
||||||
|
Backported by: jsafrane |
||||||
|
--- |
||||||
|
lib/helper.c | 1 - |
||||||
|
1 file changed, 1 deletion(-) |
||||||
|
|
||||||
|
diff --git a/lib/helper.c b/lib/helper.c |
||||||
|
index d934fc0..998b2e6 100644 |
||||||
|
--- a/lib/helper.c |
||||||
|
+++ b/lib/helper.c |
||||||
|
@@ -658,7 +658,6 @@ ipmi_start_daemon(struct ipmi_intf *intf) |
||||||
|
#endif |
||||||
|
|
||||||
|
chdir("/"); |
||||||
|
- umask(0); |
||||||
|
|
||||||
|
for (fd=0; fd<64; fd++) { |
||||||
|
if (fd != intf->fd) |
||||||
|
-- |
||||||
|
2.1.0 |
||||||
|
|
@ -0,0 +1,28 @@ |
|||||||
|
From 850661bd57c0c98c319fd30d9e9697c1667ad457 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Boris Ranto <branto@redhat.com> |
||||||
|
Date: Wed, 11 Nov 2015 17:58:43 +0100 |
||||||
|
Subject: [PATCH 09/11] ipmitool-1.8.11-bz1126333-slowswid.patch |
||||||
|
|
||||||
|
See rhbz#1194420 for details. |
||||||
|
|
||||||
|
Backported by: aledvink |
||||||
|
--- |
||||||
|
lib/ipmi_sdr.c | 2 ++ |
||||||
|
1 file changed, 2 insertions(+) |
||||||
|
|
||||||
|
diff --git a/lib/ipmi_sdr.c b/lib/ipmi_sdr.c |
||||||
|
index fa7b082..9bc5ac2 100644 |
||||||
|
--- a/lib/ipmi_sdr.c |
||||||
|
+++ b/lib/ipmi_sdr.c |
||||||
|
@@ -572,6 +572,8 @@ ipmi_sdr_get_sensor_reading_ipmb(struct ipmi_intf *intf, uint8_t sensor, |
||||||
|
uint32_t save_addr; |
||||||
|
uint32_t save_channel; |
||||||
|
|
||||||
|
+ if (target == (uint8_t) 0xb1) |
||||||
|
+ return ipmi_sdr_get_sensor_reading(intf, sensor); |
||||||
|
if ( BRIDGE_TO_SENSOR(intf, target, channel) ) { |
||||||
|
lprintf(LOG_DEBUG, |
||||||
|
"Bridge to Sensor " |
||||||
|
-- |
||||||
|
2.1.0 |
||||||
|
|
@ -0,0 +1,28 @@ |
|||||||
|
From bf51496f56ffd53c75045129f539c182a38f4671 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Boris Ranto <branto@redhat.com> |
||||||
|
Date: Wed, 11 Nov 2015 18:14:52 +0100 |
||||||
|
Subject: [PATCH 10/11] ipmitool-1.8.11-bz878614-overname.patch |
||||||
|
|
||||||
|
See rhbz#878614 for details. |
||||||
|
|
||||||
|
Backported by: aledvink |
||||||
|
--- |
||||||
|
include/ipmitool/ipmi_sdr.h | 2 +- |
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-) |
||||||
|
|
||||||
|
diff --git a/include/ipmitool/ipmi_sdr.h b/include/ipmitool/ipmi_sdr.h |
||||||
|
index ccf0cf0..47d3949 100644 |
||||||
|
--- a/include/ipmitool/ipmi_sdr.h |
||||||
|
+++ b/include/ipmitool/ipmi_sdr.h |
||||||
|
@@ -819,7 +819,7 @@ static const char *sensor_type_desc[] __attribute__ ((unused)) = { |
||||||
|
"Version Change", "FRU State" }; |
||||||
|
|
||||||
|
struct sensor_reading { |
||||||
|
- char s_id[17]; /* name of the sensor */ |
||||||
|
+ char s_id[33]; /* name of the sensor */ |
||||||
|
struct sdr_record_full_sensor *full; |
||||||
|
struct sdr_record_compact_sensor *compact; |
||||||
|
uint8_t s_reading_valid; /* read value valididity */ |
||||||
|
-- |
||||||
|
2.1.0 |
||||||
|
|
@ -0,0 +1,21 @@ |
|||||||
|
diff -urNp old/configure.ac new/configure.ac |
||||||
|
--- old/configure.ac 2017-02-02 14:20:33.230784269 +0100 |
||||||
|
+++ new/configure.ac 2017-02-02 14:22:53.528510336 +0100 |
||||||
|
@@ -63,7 +63,7 @@ xenable_intf_imb=yes |
||||||
|
xenable_intf_lipmi=yes |
||||||
|
xenable_intf_open=yes |
||||||
|
#xenable_intf_serial=yes |
||||||
|
-xenable_intf_usb=no |
||||||
|
+xenable_intf_usb=yes |
||||||
|
xenable_ipmishell=yes |
||||||
|
|
||||||
|
dnl set some things so we build with GNU tools on Solaris |
||||||
|
@@ -209,7 +209,7 @@ fi |
||||||
|
dnl enable IPMI USB interface |
||||||
|
AC_ARG_ENABLE([intf-usb], |
||||||
|
[AC_HELP_STRING([--enable-intf-usb], |
||||||
|
- [enable IPMI USB interface [default=auto]])], |
||||||
|
+ [enable IPMI USB interface [default=yes]])], |
||||||
|
[xenable_intf_usb=$enableval], |
||||||
|
[xenable_intf_usb=$xenable_intf_usb]) |
||||||
|
if test "x$xenable_intf_usb" = "xstatic" || test "x$xenable_intf_usb" = "xplugin"; then |
@ -0,0 +1,110 @@ |
|||||||
|
diff -urNp old/lib/ipmi_picmg.c new/lib/ipmi_picmg.c |
||||||
|
--- old/lib/ipmi_picmg.c 2016-07-31 07:29:49.000000000 +0200 |
||||||
|
+++ new/lib/ipmi_picmg.c 2017-10-03 15:38:48.711790645 +0200 |
||||||
|
@@ -2353,28 +2353,28 @@ picmg_discover(struct ipmi_intf *intf) { |
||||||
|
req.msg.data_len = 1; |
||||||
|
msg_data = 0; |
||||||
|
|
||||||
|
- lprintf(LOG_INFO, "Running Get PICMG Properties my_addr %#x, transit %#x, target %#x", |
||||||
|
+ lprintf(LOG_DEBUG, "Running Get PICMG Properties my_addr %#x, transit %#x, target %#x", |
||||||
|
intf->my_addr, intf->transit_addr, intf->target_addr); |
||||||
|
rsp = intf->sendrecv(intf, &req); |
||||||
|
if (rsp == NULL) { |
||||||
|
- lprintf(LOG_INFO,"No response from Get PICMG Properties"); |
||||||
|
+ lprintf(LOG_DEBUG,"No response from Get PICMG Properties"); |
||||||
|
} else if (rsp->ccode != 0) { |
||||||
|
- lprintf(LOG_INFO,"Error response %#x from Get PICMG Properities", |
||||||
|
+ lprintf(LOG_DEBUG,"Error response %#x from Get PICMG Properities", |
||||||
|
rsp->ccode); |
||||||
|
} else if (rsp->data_len < 4) { |
||||||
|
- lprintf(LOG_INFO,"Invalid Get PICMG Properties response length %d", |
||||||
|
+ lprintf(LOG_DEBUG,"Invalid Get PICMG Properties response length %d", |
||||||
|
rsp->data_len); |
||||||
|
} else if (rsp->data[0] != 0) { |
||||||
|
- lprintf(LOG_INFO,"Invalid Get PICMG Properties group extension %#x", |
||||||
|
+ lprintf(LOG_DEBUG,"Invalid Get PICMG Properties group extension %#x", |
||||||
|
rsp->data[0]); |
||||||
|
} else if ((rsp->data[1] & 0x0F) != PICMG_EXTENSION_ATCA_MAJOR_VERSION |
||||||
|
&& (rsp->data[1] & 0x0F) != PICMG_EXTENSION_AMC0_MAJOR_VERSION |
||||||
|
&& (rsp->data[1] & 0x0F) != PICMG_EXTENSION_UTCA_MAJOR_VERSION) { |
||||||
|
- lprintf(LOG_INFO,"Unknown PICMG Extension Version %d.%d", |
||||||
|
+ lprintf(LOG_DEBUG,"Unknown PICMG Extension Version %d.%d", |
||||||
|
(rsp->data[1] & 0x0F), (rsp->data[1] >> 4)); |
||||||
|
} else { |
||||||
|
picmg_avail = 1; |
||||||
|
- lprintf(LOG_INFO, "Discovered PICMG Extension Version %d.%d", |
||||||
|
+ lprintf(LOG_DEBUG, "Discovered PICMG Extension Version %d.%d", |
||||||
|
(rsp->data[1] & 0x0f), (rsp->data[1] >> 4)); |
||||||
|
} |
||||||
|
|
||||||
|
diff -urNp old/lib/ipmi_vita.c new/lib/ipmi_vita.c |
||||||
|
--- old/lib/ipmi_vita.c 2018-01-05 10:29:51.290694252 +0100 |
||||||
|
+++ new/lib/ipmi_vita.c 2018-01-05 12:09:56.480413217 +0100 |
||||||
|
@@ -184,7 +184,7 @@ vita_discover(struct ipmi_intf *intf) |
||||||
|
|
||||||
|
msg_data = GROUP_EXT_VITA; |
||||||
|
|
||||||
|
- lprintf(LOG_INFO, "Running Get VSO Capabilities my_addr %#x, " |
||||||
|
+ lprintf(LOG_DEBUG, "Running Get VSO Capabilities my_addr %#x, " |
||||||
|
"transit %#x, target %#x", |
||||||
|
intf->my_addr, intf->transit_addr, intf->target_addr); |
||||||
|
|
||||||
|
@@ -193,29 +193,29 @@ vita_discover(struct ipmi_intf *intf) |
||||||
|
if (rsp == NULL) { |
||||||
|
lprintf(LOG_ERR, "No valid response received"); |
||||||
|
} else if (rsp->ccode == 0xC1) { |
||||||
|
- lprintf(LOG_INFO, "Invalid completion code received: %s", |
||||||
|
+ lprintf(LOG_DEBUG, "Invalid completion code received: %s", |
||||||
|
val2str(rsp->ccode, completion_code_vals)); |
||||||
|
} else if (rsp->ccode == 0xCC) { |
||||||
|
- lprintf(LOG_INFO, "Invalid data field received: %s", |
||||||
|
+ lprintf(LOG_DEBUG, "Invalid data field received: %s", |
||||||
|
val2str(rsp->ccode, completion_code_vals)); |
||||||
|
} else if (rsp->ccode != 0) { |
||||||
|
- lprintf(LOG_INFO, "Invalid completion code received: %s", |
||||||
|
+ lprintf(LOG_DEBUG, "Invalid completion code received: %s", |
||||||
|
val2str(rsp->ccode, completion_code_vals)); |
||||||
|
} else if (rsp->data_len < 5) { |
||||||
|
- lprintf(LOG_INFO, "Invalid response length %d", |
||||||
|
+ lprintf(LOG_DEBUG, "Invalid response length %d", |
||||||
|
rsp->data_len); |
||||||
|
} else if (rsp->data[0] != GROUP_EXT_VITA) { |
||||||
|
- lprintf(LOG_INFO, "Invalid group extension %#x", |
||||||
|
+ lprintf(LOG_DEBUG, "Invalid group extension %#x", |
||||||
|
rsp->data[0]); |
||||||
|
} else if ((rsp->data[3] & 0x03) != 0) { |
||||||
|
- lprintf(LOG_INFO, "Unknown VSO Standard %d", |
||||||
|
+ lprintf(LOG_DEBUG, "Unknown VSO Standard %d", |
||||||
|
(rsp->data[3] & 0x03)); |
||||||
|
} else if ((rsp->data[4] & 0x0F) != 1) { |
||||||
|
- lprintf(LOG_INFO, "Unknown VSO Specification Revision %d.%d", |
||||||
|
+ lprintf(LOG_DEBUG, "Unknown VSO Specification Revision %d.%d", |
||||||
|
(rsp->data[4] & 0x0F), (rsp->data[4] >> 4)); |
||||||
|
} else { |
||||||
|
vita_avail = 1; |
||||||
|
- lprintf(LOG_INFO, "Discovered VITA 46.11 Revision %d.%d", |
||||||
|
+ lprintf(LOG_DEBUG, "Discovered VITA 46.11 Revision %d.%d", |
||||||
|
(rsp->data[4] & 0x0F), (rsp->data[4] >> 4)); |
||||||
|
} |
||||||
|
|
||||||
|
diff -urNp old/lib/ipmi_main.c new/lib/ipmi_main.c |
||||||
|
--- old/lib/ipmi_main.c 2018-01-08 15:31:37.159786062 +0100 |
||||||
|
+++ new/lib/ipmi_main.c 2018-01-08 15:32:35.960077134 +0100 |
||||||
|
@@ -904,7 +904,7 @@ ipmi_main(int argc, char ** argv, |
||||||
|
} else if (!ipmi_oem_active(ipmi_main_intf, "i82571spt")) { |
||||||
|
lprintf(LOG_DEBUG, "Acquire IPMB address"); |
||||||
|
addr = ipmi_acquire_ipmb_address(ipmi_main_intf); |
||||||
|
- lprintf(LOG_INFO, "Discovered IPMB address 0x%x", addr); |
||||||
|
+ lprintf(LOG_DEBUG, "Discovered IPMB address 0x%x", addr); |
||||||
|
} |
||||||
|
|
||||||
|
/* |
||||||
|
@@ -956,7 +956,7 @@ ipmi_main(int argc, char ** argv, |
||||||
|
ipmi_main_intf->transit_addr, |
||||||
|
ipmi_main_intf->transit_channel); |
||||||
|
if (ipmi_main_intf->target_ipmb_addr) { |
||||||
|
- lprintf(LOG_INFO, "Discovered Target IPMB-0 address %#x", |
||||||
|
+ lprintf(LOG_DEBUG, "Discovered Target IPMB-0 address %#x", |
||||||
|
ipmi_main_intf->target_ipmb_addr); |
||||||
|
} |
||||||
|
} |
@ -0,0 +1,41 @@ |
|||||||
|
diff -urNp old/doc/ipmitool.1 new/doc/ipmitool.1 |
||||||
|
--- old/doc/ipmitool.1 2017-10-03 16:10:50.446539988 +0200 |
||||||
|
+++ new/doc/ipmitool.1 2017-10-03 16:16:37.039673239 +0200 |
||||||
|
@@ -3170,13 +3170,14 @@ SOL configuration data for the currently |
||||||
|
|
||||||
|
Enable, disable or show status of SOL payload for the user on the specified channel. |
||||||
|
.TP |
||||||
|
-\fIset\fP <\fBparameter\fR> <\fBvalue\fR> [<\fBchannel\fR>] |
||||||
|
+\fIset\fP <\fBparameter\fR> <\fBvalue\fR> [<\fBchannel\fR>] [\fBnoguard\fR] |
||||||
|
.br |
||||||
|
|
||||||
|
Configure parameters for Serial Over Lan. If no channel is given, |
||||||
|
it will display SOL configuration data for the currently used |
||||||
|
channel. Configuration parameter updates are automatically guarded |
||||||
|
-with the updates to the set\-in\-progress parameter. |
||||||
|
+with the updates to the set\-in\-progress parameter, unless \fInoguard\fR |
||||||
|
+parameter is present. |
||||||
|
.RS |
||||||
|
.TP |
||||||
|
Valid parameters and values are: |
||||||
|
diff -urNp old/lib/ipmi_sol.c new/lib/ipmi_sol.c |
||||||
|
--- old/lib/ipmi_sol.c 2017-10-03 16:10:50.447539996 +0200 |
||||||
|
+++ new/lib/ipmi_sol.c 2017-10-03 16:18:37.079006949 +0200 |
||||||
|
@@ -1875,7 +1875,7 @@ static void |
||||||
|
print_sol_usage(void) |
||||||
|
{ |
||||||
|
lprintf(LOG_NOTICE, "SOL Commands: info [<channel number>]"); |
||||||
|
- lprintf(LOG_NOTICE, " set <parameter> <value> [channel]"); |
||||||
|
+ lprintf(LOG_NOTICE, " set <parameter> <value> [channel] [noguard]"); |
||||||
|
lprintf(LOG_NOTICE, " payload <enable|disable|status> [channel] [userid]"); |
||||||
|
lprintf(LOG_NOTICE, " activate [<usesolkeepalive|nokeepalive>] [instance=<number>]"); |
||||||
|
lprintf(LOG_NOTICE, " deactivate [instance=<number>]"); |
||||||
|
@@ -1890,6 +1890,8 @@ print_sol_usage(void) |
||||||
|
static void |
||||||
|
print_sol_set_usage(void) |
||||||
|
{ |
||||||
|
+ lprintf(LOG_NOTICE, "\nSOL set usage: \n"); |
||||||
|
+ lprintf(LOG_NOTICE, " sol set <parameter> <value> [channel] [noguard]\n"); |
||||||
|
lprintf(LOG_NOTICE, "\nSOL set parameters and values: \n"); |
||||||
|
lprintf(LOG_NOTICE, " set-in-progress set-complete | " |
||||||
|
"set-in-progress | commit-write"); |
@ -0,0 +1,365 @@ |
|||||||
|
From 9f436aae2d85c38e0679049bf09f291773079008 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Chrostoper Ertl <chertl@microsoft.com> |
||||||
|
Date: Thu, 28 Nov 2019 16:33:59 +0000 |
||||||
|
Subject: [PATCH] Fixes for CVE-2020-5208 |
||||||
|
|
||||||
|
see https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp |
||||||
|
|
||||||
|
This patch is combination of following commits: |
||||||
|
|
||||||
|
pick e824c23316ae50beb7f7488f2055ac65e8b341f2 fru: Fix buffer overflow vulnerabilities |
||||||
|
pick 840fb1cbb4fb365cb9797300e3374d4faefcdb10 fru: Fix buffer overflow in ipmi_spd_print_fru |
||||||
|
pick 41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22 session: Fix buffer overflow in ipmi_get_session_info |
||||||
|
pick d45572d71e70840e0d4c50bf48218492b79c1a10 lanp: Fix buffer overflows in get_lan_param_select |
||||||
|
pick 7ccea283dd62a05a320c1921e3d8d71a87772637 fru, sdr: Fix id_string buffer overflows |
||||||
|
|
||||||
|
[vdolezal@redhat.com]: fixed memleak of `spd_data` in |
||||||
|
lib/dimm_spd.c:ipmi_spd_print_fru() |
||||||
|
--- |
||||||
|
lib/dimm_spd.c | 11 ++++++++++- |
||||||
|
lib/ipmi_fru.c | 35 ++++++++++++++++++++++++++++++++--- |
||||||
|
lib/ipmi_lanp.c | 14 +++++++------- |
||||||
|
lib/ipmi_sdr.c | 40 ++++++++++++++++++++++++---------------- |
||||||
|
lib/ipmi_session.c | 12 ++++++++---- |
||||||
|
5 files changed, 81 insertions(+), 31 deletions(-) |
||||||
|
|
||||||
|
diff --git a/lib/dimm_spd.c b/lib/dimm_spd.c |
||||||
|
index 41e30db..ebcc94c 100644 |
||||||
|
--- a/lib/dimm_spd.c |
||||||
|
+++ b/lib/dimm_spd.c |
||||||
|
@@ -1621,7 +1621,7 @@ ipmi_spd_print_fru(struct ipmi_intf * intf, uint8_t id) |
||||||
|
struct ipmi_rq req; |
||||||
|
struct fru_info fru; |
||||||
|
uint8_t *spd_data, msg_data[4]; |
||||||
|
- int len, offset; |
||||||
|
+ uint32_t len, offset; |
||||||
|
|
||||||
|
msg_data[0] = id; |
||||||
|
|
||||||
|
@@ -1697,6 +1697,15 @@ ipmi_spd_print_fru(struct ipmi_intf * intf, uint8_t id) |
||||||
|
} |
||||||
|
|
||||||
|
len = rsp->data[0]; |
||||||
|
+ if(rsp->data_len < 1 |
||||||
|
+ || len > rsp->data_len - 1 |
||||||
|
+ || len > fru.size - offset) |
||||||
|
+ { |
||||||
|
+ printf(" Not enough buffer size"); |
||||||
|
+ free(spd_data); |
||||||
|
+ spd_data = NULL; |
||||||
|
+ return -1; |
||||||
|
+ } |
||||||
|
memcpy(&spd_data[offset], rsp->data + 1, len); |
||||||
|
offset += len; |
||||||
|
} while (offset < fru.size); |
||||||
|
diff --git a/lib/ipmi_fru.c b/lib/ipmi_fru.c |
||||||
|
index cf00eff..98bc984 100644 |
||||||
|
--- a/lib/ipmi_fru.c |
||||||
|
+++ b/lib/ipmi_fru.c |
||||||
|
@@ -615,7 +615,10 @@ int |
||||||
|
read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, |
||||||
|
uint32_t offset, uint32_t length, uint8_t *frubuf) |
||||||
|
{ |
||||||
|
- uint32_t off = offset, tmp, finish; |
||||||
|
+ uint32_t off = offset; |
||||||
|
+ uint32_t tmp; |
||||||
|
+ uint32_t finish; |
||||||
|
+ uint32_t size_left_in_buffer; |
||||||
|
struct ipmi_rs * rsp; |
||||||
|
struct ipmi_rq req; |
||||||
|
uint8_t msg_data[4]; |
||||||
|
@@ -628,10 +631,12 @@ read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, |
||||||
|
|
||||||
|
finish = offset + length; |
||||||
|
if (finish > fru->size) { |
||||||
|
+ memset(frubuf + fru->size, 0, length - fru->size); |
||||||
|
finish = fru->size; |
||||||
|
lprintf(LOG_NOTICE, "Read FRU Area length %d too large, " |
||||||
|
"Adjusting to %d", |
||||||
|
offset + length, finish - offset); |
||||||
|
+ length = finish - offset; |
||||||
|
} |
||||||
|
|
||||||
|
memset(&req, 0, sizeof(req)); |
||||||
|
@@ -667,6 +672,7 @@ read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, |
||||||
|
} |
||||||
|
} |
||||||
|
|
||||||
|
+ size_left_in_buffer = length; |
||||||
|
do { |
||||||
|
tmp = fru->access ? off >> 1 : off; |
||||||
|
msg_data[0] = id; |
||||||
|
@@ -707,9 +713,18 @@ read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, |
||||||
|
} |
||||||
|
|
||||||
|
tmp = fru->access ? rsp->data[0] << 1 : rsp->data[0]; |
||||||
|
+ if(rsp->data_len < 1 |
||||||
|
+ || tmp > rsp->data_len - 1 |
||||||
|
+ || tmp > size_left_in_buffer) |
||||||
|
+ { |
||||||
|
+ printf(" Not enough buffer size"); |
||||||
|
+ return -1; |
||||||
|
+ } |
||||||
|
+ |
||||||
|
memcpy(frubuf, rsp->data + 1, tmp); |
||||||
|
off += tmp; |
||||||
|
frubuf += tmp; |
||||||
|
+ size_left_in_buffer -= tmp; |
||||||
|
/* sometimes the size returned in the Info command |
||||||
|
* is too large. return 0 so higher level function |
||||||
|
* still attempts to parse what was returned */ |
||||||
|
@@ -742,7 +757,9 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, |
||||||
|
uint32_t offset, uint32_t length, uint8_t *frubuf) |
||||||
|
{ |
||||||
|
static uint32_t fru_data_rqst_size = 20; |
||||||
|
- uint32_t off = offset, tmp, finish; |
||||||
|
+ uint32_t off = offset; |
||||||
|
+ uint32_t tmp, finish; |
||||||
|
+ uint32_t size_left_in_buffer; |
||||||
|
struct ipmi_rs * rsp; |
||||||
|
struct ipmi_rq req; |
||||||
|
uint8_t msg_data[4]; |
||||||
|
@@ -755,10 +772,12 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, |
||||||
|
|
||||||
|
finish = offset + length; |
||||||
|
if (finish > fru->size) { |
||||||
|
+ memset(frubuf + fru->size, 0, length - fru->size); |
||||||
|
finish = fru->size; |
||||||
|
lprintf(LOG_NOTICE, "Read FRU Area length %d too large, " |
||||||
|
"Adjusting to %d", |
||||||
|
offset + length, finish - offset); |
||||||
|
+ length = finish - offset; |
||||||
|
} |
||||||
|
|
||||||
|
memset(&req, 0, sizeof(req)); |
||||||
|
@@ -773,6 +792,8 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, |
||||||
|
if (fru->access && fru_data_rqst_size > 16) |
||||||
|
#endif |
||||||
|
fru_data_rqst_size = 16; |
||||||
|
+ |
||||||
|
+ size_left_in_buffer = length; |
||||||
|
do { |
||||||
|
tmp = fru->access ? off >> 1 : off; |
||||||
|
msg_data[0] = id; |
||||||
|
@@ -804,8 +825,16 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, |
||||||
|
} |
||||||
|
|
||||||
|
tmp = fru->access ? rsp->data[0] << 1 : rsp->data[0]; |
||||||
|
+ if(rsp->data_len < 1 |
||||||
|
+ || tmp > rsp->data_len - 1 |
||||||
|
+ || tmp > size_left_in_buffer) |
||||||
|
+ { |
||||||
|
+ printf(" Not enough buffer size"); |
||||||
|
+ return -1; |
||||||
|
+ } |
||||||
|
memcpy((frubuf + off)-offset, rsp->data + 1, tmp); |
||||||
|
off += tmp; |
||||||
|
+ size_left_in_buffer -= tmp; |
||||||
|
|
||||||
|
/* sometimes the size returned in the Info command |
||||||
|
* is too large. return 0 so higher level function |
||||||
|
@@ -3033,7 +3062,7 @@ ipmi_fru_print(struct ipmi_intf * intf, struct sdr_record_fru_locator * fru) |
||||||
|
return 0; |
||||||
|
|
||||||
|
memset(desc, 0, sizeof(desc)); |
||||||
|
- memcpy(desc, fru->id_string, fru->id_code & 0x01f); |
||||||
|
+ memcpy(desc, fru->id_string, __min(fru->id_code & 0x01f, sizeof(desc))); |
||||||
|
desc[fru->id_code & 0x01f] = 0; |
||||||
|
printf("FRU Device Description : %s (ID %d)\n", desc, fru->device_id); |
||||||
|
|
||||||
|
diff --git a/lib/ipmi_lanp.c b/lib/ipmi_lanp.c |
||||||
|
index 65d881b..022c7f1 100644 |
||||||
|
--- a/lib/ipmi_lanp.c |
||||||
|
+++ b/lib/ipmi_lanp.c |
||||||
|
@@ -1809,7 +1809,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert, |
||||||
|
if (p == NULL) { |
||||||
|
return (-1); |
||||||
|
} |
||||||
|
- memcpy(data, p->data, p->data_len); |
||||||
|
+ memcpy(data, p->data, __min(p->data_len, sizeof(data))); |
||||||
|
/* set new ipaddr */ |
||||||
|
memcpy(data+3, temp, 4); |
||||||
|
printf("Setting LAN Alert %d IP Address to %d.%d.%d.%d\n", alert, |
||||||
|
@@ -1824,7 +1824,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert, |
||||||
|
if (p == NULL) { |
||||||
|
return (-1); |
||||||
|
} |
||||||
|
- memcpy(data, p->data, p->data_len); |
||||||
|
+ memcpy(data, p->data, __min(p->data_len, sizeof(data))); |
||||||
|
/* set new macaddr */ |
||||||
|
memcpy(data+7, temp, 6); |
||||||
|
printf("Setting LAN Alert %d MAC Address to " |
||||||
|
@@ -1838,7 +1838,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert, |
||||||
|
if (p == NULL) { |
||||||
|
return (-1); |
||||||
|
} |
||||||
|
- memcpy(data, p->data, p->data_len); |
||||||
|
+ memcpy(data, p->data, __min(p->data_len, sizeof(data))); |
||||||
|
|
||||||
|
if (strncasecmp(argv[1], "def", 3) == 0 || |
||||||
|
strncasecmp(argv[1], "default", 7) == 0) { |
||||||
|
@@ -1864,7 +1864,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert, |
||||||
|
if (p == NULL) { |
||||||
|
return (-1); |
||||||
|
} |
||||||
|
- memcpy(data, p->data, p->data_len); |
||||||
|
+ memcpy(data, p->data, __min(p->data_len, sizeof(data))); |
||||||
|
|
||||||
|
if (strncasecmp(argv[1], "on", 2) == 0 || |
||||||
|
strncasecmp(argv[1], "yes", 3) == 0) { |
||||||
|
@@ -1889,7 +1889,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert, |
||||||
|
if (p == NULL) { |
||||||
|
return (-1); |
||||||
|
} |
||||||
|
- memcpy(data, p->data, p->data_len); |
||||||
|
+ memcpy(data, p->data, __min(p->data_len, sizeof(data))); |
||||||
|
|
||||||
|
if (strncasecmp(argv[1], "pet", 3) == 0) { |
||||||
|
printf("Setting LAN Alert %d destination to PET Trap\n", alert); |
||||||
|
@@ -1917,7 +1917,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert, |
||||||
|
if (p == NULL) { |
||||||
|
return (-1); |
||||||
|
} |
||||||
|
- memcpy(data, p->data, p->data_len); |
||||||
|
+ memcpy(data, p->data, __min(p->data_len, sizeof(data))); |
||||||
|
|
||||||
|
if (str2uchar(argv[1], &data[2]) != 0) { |
||||||
|
lprintf(LOG_ERR, "Invalid time: %s", argv[1]); |
||||||
|
@@ -1933,7 +1933,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert, |
||||||
|
if (p == NULL) { |
||||||
|
return (-1); |
||||||
|
} |
||||||
|
- memcpy(data, p->data, p->data_len); |
||||||
|
+ memcpy(data, p->data, __min(p->data_len, sizeof(data))); |
||||||
|
|
||||||
|
if (str2uchar(argv[1], &data[3]) != 0) { |
||||||
|
lprintf(LOG_ERR, "Invalid retry: %s", argv[1]); |
||||||
|
diff --git a/lib/ipmi_sdr.c b/lib/ipmi_sdr.c |
||||||
|
index fd2c02d..01d81f7 100644 |
||||||
|
--- a/lib/ipmi_sdr.c |
||||||
|
+++ b/lib/ipmi_sdr.c |
||||||
|
@@ -2086,7 +2086,7 @@ ipmi_sdr_print_sensor_eventonly(struct ipmi_intf *intf, |
||||||
|
return -1; |
||||||
|
|
||||||
|
memset(desc, 0, sizeof (desc)); |
||||||
|
- snprintf(desc, (sensor->id_code & 0x1f) + 1, "%s", sensor->id_string); |
||||||
|
+ snprintf(desc, sizeof(desc), "%.*s", (sensor->id_code & 0x1f) + 1, sensor->id_string); |
||||||
|
|
||||||
|
if (verbose) { |
||||||
|
printf("Sensor ID : %s (0x%x)\n", |
||||||
|
@@ -2137,7 +2137,7 @@ ipmi_sdr_print_sensor_mc_locator(struct ipmi_intf *intf, |
||||||
|
return -1; |
||||||
|
|
||||||
|
memset(desc, 0, sizeof (desc)); |
||||||
|
- snprintf(desc, (mc->id_code & 0x1f) + 1, "%s", mc->id_string); |
||||||
|
+ snprintf(desc, sizeof(desc), "%.*s", (mc->id_code & 0x1f) + 1, mc->id_string); |
||||||
|
|
||||||
|
if (verbose == 0) { |
||||||
|
if (csv_output) |
||||||
|
@@ -2230,7 +2230,7 @@ ipmi_sdr_print_sensor_generic_locator(struct ipmi_intf *intf, |
||||||
|
char desc[17]; |
||||||
|
|
||||||
|
memset(desc, 0, sizeof (desc)); |
||||||
|
- snprintf(desc, (dev->id_code & 0x1f) + 1, "%s", dev->id_string); |
||||||
|
+ snprintf(desc, sizeof(desc), "%.*s", (dev->id_code & 0x1f) + 1, dev->id_string); |
||||||
|
|
||||||
|
if (!verbose) { |
||||||
|
if (csv_output) |
||||||
|
@@ -2287,7 +2287,7 @@ ipmi_sdr_print_sensor_fru_locator(struct ipmi_intf *intf, |
||||||
|
char desc[17]; |
||||||
|
|
||||||
|
memset(desc, 0, sizeof (desc)); |
||||||
|
- snprintf(desc, (fru->id_code & 0x1f) + 1, "%s", fru->id_string); |
||||||
|
+ snprintf(desc, sizeof(desc), "%.*s", (fru->id_code & 0x1f) + 1, fru->id_string); |
||||||
|
|
||||||
|
if (!verbose) { |
||||||
|
if (csv_output) |
||||||
|
@@ -2491,35 +2491,43 @@ ipmi_sdr_print_name_from_rawentry(struct ipmi_intf *intf, uint16_t id, |
||||||
|
|
||||||
|
int rc =0; |
||||||
|
char desc[17]; |
||||||
|
+ const char *id_string; |
||||||
|
+ uint8_t id_code; |
||||||
|
memset(desc, ' ', sizeof (desc)); |
||||||
|
|
||||||
|
switch ( type) { |
||||||
|
case SDR_RECORD_TYPE_FULL_SENSOR: |
||||||
|
record.full = (struct sdr_record_full_sensor *) raw; |
||||||
|
- snprintf(desc, (record.full->id_code & 0x1f) +1, "%s", |
||||||
|
- (const char *)record.full->id_string); |
||||||
|
+ id_code = record.full->id_code; |
||||||
|
+ id_string = record.full->id_string; |
||||||
|
break; |
||||||
|
+ |
||||||
|
case SDR_RECORD_TYPE_COMPACT_SENSOR: |
||||||
|
record.compact = (struct sdr_record_compact_sensor *) raw ; |
||||||
|
- snprintf(desc, (record.compact->id_code & 0x1f) +1, "%s", |
||||||
|
- (const char *)record.compact->id_string); |
||||||
|
+ id_code = record.compact->id_code; |
||||||
|
+ id_string = record.compact->id_string; |
||||||
|
break; |
||||||
|
+ |
||||||
|
case SDR_RECORD_TYPE_EVENTONLY_SENSOR: |
||||||
|
record.eventonly = (struct sdr_record_eventonly_sensor *) raw ; |
||||||
|
- snprintf(desc, (record.eventonly->id_code & 0x1f) +1, "%s", |
||||||
|
- (const char *)record.eventonly->id_string); |
||||||
|
- break; |
||||||
|
+ id_code = record.eventonly->id_code; |
||||||
|
+ id_string = record.eventonly->id_string; |
||||||
|
+ break; |
||||||
|
+ |
||||||
|
case SDR_RECORD_TYPE_MC_DEVICE_LOCATOR: |
||||||
|
record.mcloc = (struct sdr_record_mc_locator *) raw ; |
||||||
|
- snprintf(desc, (record.mcloc->id_code & 0x1f) +1, "%s", |
||||||
|
- (const char *)record.mcloc->id_string); |
||||||
|
+ id_code = record.mcloc->id_code; |
||||||
|
+ id_string = record.mcloc->id_string; |
||||||
|
break; |
||||||
|
+ |
||||||
|
default: |
||||||
|
rc = -1; |
||||||
|
- break; |
||||||
|
- } |
||||||
|
+ } |
||||||
|
+ if (!rc) { |
||||||
|
+ snprintf(desc, sizeof(desc), "%.*s", (id_code & 0x1f) + 1, id_string); |
||||||
|
+ } |
||||||
|
|
||||||
|
- lprintf(LOG_INFO, "ID: 0x%04x , NAME: %-16s", id, desc); |
||||||
|
+ lprintf(LOG_INFO, "ID: 0x%04x , NAME: %-16s", id, desc); |
||||||
|
return rc; |
||||||
|
} |
||||||
|
|
||||||
|
diff --git a/lib/ipmi_session.c b/lib/ipmi_session.c |
||||||
|
index 141f0f4..b9af1fd 100644 |
||||||
|
--- a/lib/ipmi_session.c |
||||||
|
+++ b/lib/ipmi_session.c |
||||||
|
@@ -309,8 +309,10 @@ ipmi_get_session_info(struct ipmi_intf * intf, |
||||||
|
} |
||||||
|
else |
||||||
|
{ |
||||||
|
- memcpy(&session_info, rsp->data, rsp->data_len); |
||||||
|
- print_session_info(&session_info, rsp->data_len); |
||||||
|
+ memcpy(&session_info, rsp->data, |
||||||
|
+ __min(rsp->data_len, sizeof(session_info))); |
||||||
|
+ print_session_info(&session_info, |
||||||
|
+ __min(rsp->data_len, sizeof(session_info))); |
||||||
|
} |
||||||
|
break; |
||||||
|
|
||||||
|
@@ -341,8 +343,10 @@ ipmi_get_session_info(struct ipmi_intf * intf, |
||||||
|
break; |
||||||
|
} |
||||||
|
|
||||||
|
- memcpy(&session_info, rsp->data, rsp->data_len); |
||||||
|
- print_session_info(&session_info, rsp->data_len); |
||||||
|
+ memcpy(&session_info, rsp->data, |
||||||
|
+ __min(rsp->data_len, sizeof(session_info))); |
||||||
|
+ print_session_info(&session_info, |
||||||
|
+ __min(rsp->data_len, sizeof(session_info))); |
||||||
|
|
||||||
|
} while (i <= session_info.session_slot_count); |
||||||
|
break; |
||||||
|
-- |
||||||
|
2.20.1 |
||||||
|
|
@ -0,0 +1,44 @@ |
|||||||
|
From eb7d138163c835ba5f4c34cd943c05b0e324bcc7 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Vaclav Dolezal <vdolezal@redhat.com> |
||||||
|
Date: Wed, 12 Feb 2020 15:20:32 +0100 |
||||||
|
Subject: [PATCH] Partial fix for CVE-2020-5208 |
||||||
|
|
||||||
|
replacement for patch: |
||||||
|
9452be8 channel: Fix buffer overflow |
||||||
|
|
||||||
|
Signed-off-by: Vaclav Dolezal <vdolezal@redhat.com> |
||||||
|
--- |
||||||
|
lib/ipmi_channel.c | 10 ++++++++++ |
||||||
|
1 file changed, 10 insertions(+) |
||||||
|
|
||||||
|
diff --git a/lib/ipmi_channel.c b/lib/ipmi_channel.c |
||||||
|
index e1fc75f..81ae82e 100644 |
||||||
|
--- a/lib/ipmi_channel.c |
||||||
|
+++ b/lib/ipmi_channel.c |
||||||
|
@@ -383,6 +383,11 @@ ipmi_get_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type, |
||||||
|
val2str(rsp->ccode, completion_code_vals)); |
||||||
|
return -1; |
||||||
|
} |
||||||
|
+ if (rsp->data_len > 17) { |
||||||
|
+ lprintf(LOG_ERR, "Get Channel Cipher Suites failed - " |
||||||
|
+ "received invalid data"); |
||||||
|
+ return -1; |
||||||
|
+ } |
||||||
|
|
||||||
|
|
||||||
|
/* |
||||||
|
@@ -418,6 +423,11 @@ ipmi_get_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type, |
||||||
|
val2str(rsp->ccode, completion_code_vals)); |
||||||
|
return -1; |
||||||
|
} |
||||||
|
+ if (rsp->data_len > 17) { |
||||||
|
+ lprintf(LOG_ERR, "Get Channel Cipher Suites failed - " |
||||||
|
+ "received invalid data"); |
||||||
|
+ return -1; |
||||||
|
+ } |
||||||
|
} |
||||||
|
|
||||||
|
/* Copy last chunk */ |
||||||
|
-- |
||||||
|
2.20.1 |
||||||
|
|
@ -0,0 +1,326 @@ |
|||||||
|
#!/bin/sh |
||||||
|
############################################################################# |
||||||
|
# |
||||||
|
# exchange-bmc-os-info: Set OS and BMC (Baseboard Management Controller) |
||||||
|
# parameters during system startup. |
||||||
|
# |
||||||
|
# version: 0.72 |
||||||
|
# |
||||||
|
# Authors: Charles Rose <charles_rose@dell.com> |
||||||
|
# Jordan Hargrave <jordan_hargrave@dell.com> |
||||||
|
# |
||||||
|
# Description: Script to set OS information in the BMC; fetch BMC IP/URL |
||||||
|
# and set in the OS for use by other scripts/user. |
||||||
|
# |
||||||
|
# BMC IP and URL are made available in /var/run/bmc-info |
||||||
|
# |
||||||
|
# Example to launch BMC web-interface: |
||||||
|
# # . /var/run/bmc-info |
||||||
|
# # xdg-open $BMC_URL |
||||||
|
# |
||||||
|
# See here for details: |
||||||
|
# https://fedoraproject.org/wiki/Features/AgentFreeManagement |
||||||
|
# |
||||||
|
# OEM Specific: OEM specific ipmi commands go in: |
||||||
|
# 'oem_set_os_version' and 'oem_get_bmc_url' |
||||||
|
############################################################################# |
||||||
|
# |
||||||
|
# chkconfig: 345 99 00 |
||||||
|
# description: Set OS name, hostname in BMC; make BMC IP/URL available in OS |
||||||
|
# processname: exchange-bmc-os-info |
||||||
|
# config: /etc/sysconfig/exchange-bmc-os-info |
||||||
|
# |
||||||
|
### BEGIN INIT INFO |
||||||
|
# Provides: exchange-bmc-os-info |
||||||
|
# Required-Start: ipmi |
||||||
|
# Default-Start: 3 4 5 |
||||||
|
# Default-Stop: 0 1 2 6 |
||||||
|
|
||||||
|
|
||||||
|
############################################################################# |
||||||
|
# GLOBALS |
||||||
|
############################################################################# |
||||||
|
CONFIGFILE=/etc/sysconfig/exchange-bmc-os-info |
||||||
|
IPMI_TOOL=/usr/bin/ipmitool |
||||||
|
BMC_INFO=/var/run/bmc-info |
||||||
|
|
||||||
|
# BMC Manufacturer ID used in 'oem_set_os_version' and 'oem_get_bmc_url' |
||||||
|
DELL="674" |
||||||
|
#OTHER_OEM="123" |
||||||
|
|
||||||
|
# Defaults for ${CONFIGFILE} |
||||||
|
SET_OS_INFO="yes" |
||||||
|
RESET_OS_INFO="no" |
||||||
|
SET_BMC_INFO="yes" |
||||||
|
|
||||||
|
# getsysinfo and setsysinfo commands |
||||||
|
IPMI_SET_SYSINFO="${IPMI_TOOL} mc setsysinfo" |
||||||
|
IPMI_GET_SYSINFO="${IPMI_TOOL} mc getsysinfo" |
||||||
|
############################################################################# |
||||||
|
SCRIPT_NAME=$(basename $0) |
||||||
|
|
||||||
|
# source config |
||||||
|
[ -r ${CONFIGFILE} ] && . ${CONFIGFILE} |
||||||
|
|
||||||
|
RETVAL=0 |
||||||
|
|
||||||
|
if [ -f /bin/gettext.sh ]; then |
||||||
|
GETTEXT=1 |
||||||
|
. /bin/gettext.sh |
||||||
|
OUTPUT="eval_gettext" |
||||||
|
else |
||||||
|
GETTEXT=0 |
||||||
|
OUTPUT="echo" |
||||||
|
fi |
||||||
|
|
||||||
|
############################################################################# |
||||||
|
# Get Vendor ID of BMC for use in 'oem_set_os_version' and 'oem_get_bmc_url' |
||||||
|
# |
||||||
|
get_bmc_vendor_id() |
||||||
|
{ |
||||||
|
BMC_VENDOR=$(${IPMI_TOOL} mc info 2>/dev/null | \ |
||||||
|
sed -n "s#^Manufacturer ID.*: ##p") |
||||||
|
[ -z "${BMC_VENDOR}" ] && RETVAL=4 |
||||||
|
} |
||||||
|
|
||||||
|
# set/getsysinfo support was added to ipmitool post v1.8.12 via this patch |
||||||
|
# http://sourceforge.net/mailarchive/message.php?msg_id=29647222 |
||||||
|
check_ipmitool() |
||||||
|
{ |
||||||
|
if [ -x ${IPMI_TOOL} ]; then |
||||||
|
[ ! ${IPMI_GET_SYSINFO} >/dev/null 2>&1 ] && \ |
||||||
|
RETVAL=3 |
||||||
|
else |
||||||
|
RETVAL=2 |
||||||
|
fi |
||||||
|
} |
||||||
|
|
||||||
|
bmc_exists() |
||||||
|
{ |
||||||
|
check_ipmitool |
||||||
|
[ $RETVAL -eq 0 ] && get_bmc_vendor_id |
||||||
|
return $RETVAL |
||||||
|
} |
||||||
|
############################################################################# |
||||||
|
|
||||||
|
get_os_info() |
||||||
|
{ |
||||||
|
OS_HOSTNAME=$(hostname) |
||||||
|
KERNEL_VERSION=$(uname -r -m) |
||||||
|
|
||||||
|
if [ -e /etc/lsb-release ] ; then |
||||||
|
. /etc/lsb-release |
||||||
|
NAME=${DISTRIB_ID} |
||||||
|
VERSION="${DISTRIB_RELEASE} ${DISTRIB_CODENAME}" |
||||||
|
fi |
||||||
|
|
||||||
|
# we prefer systemd's /etc/os-release over other sources |
||||||
|
[ -e /etc/os-release ] && . /etc/os-release |
||||||
|
|
||||||
|
OS_NAME=${NAME} |
||||||
|
OS_VERSION="${VERSION} kernel ${KERNEL_VERSION}" |
||||||
|
} |
||||||
|
|
||||||
|
oem_set_os_version() |
||||||
|
{ |
||||||
|
# OS Version setting is not standard yet |
||||||
|
# we need per vendor oem commands |
||||||
|
case "${BMC_VENDOR}" in |
||||||
|
$DELL) ${IPMI_SET_SYSINFO} delloem_os_version \ |
||||||
|
"${OS_VERSION}" > /dev/null 2>&1 |
||||||
|
return $? |
||||||
|
;; |
||||||
|
# Add OEM specific commands. |
||||||
|
# Example: |
||||||
|
# $OTHER_OEM) ${IPMI_SET_SYSINFO} otheroem_os_version \ |
||||||
|
# "${OS_VERSION}" > /dev/null 2>&1 |
||||||
|
# return $? |
||||||
|
# ;; |
||||||
|
*) return 0 |
||||||
|
;; |
||||||
|
esac |
||||||
|
} |
||||||
|
|
||||||
|
set_os_info() |
||||||
|
{ |
||||||
|
# Set and reset OS info in the BMC |
||||||
|
if [ "$1" = "reset" ]; then |
||||||
|
OS_NAME="" |
||||||
|
OS_HOSTNAME="" |
||||||
|
OS_VERSION="" |
||||||
|
fi |
||||||
|
|
||||||
|
${IPMI_SET_SYSINFO} os_name "${OS_NAME}" >/dev/null 2>&1 \ |
||||||
|
|| RETVAL=6 |
||||||
|
${IPMI_SET_SYSINFO} primary_os_name "${OS_NAME}" >/dev/null 2>&1 \ |
||||||
|
|| RETVAL=6 |
||||||
|
${IPMI_SET_SYSINFO} system_name "${OS_HOSTNAME}" >/dev/null 2>&1 \ |
||||||
|
|| RETVAL=6 |
||||||
|
oem_set_os_version || RETVAL=6 |
||||||
|
} |
||||||
|
|
||||||
|
############################################################################# |
||||||
|
valid_url() |
||||||
|
{ |
||||||
|
url="(https?|http)://[a-z0-9-]+(\.[a-z0-9-]+)+([/?].*)?" |
||||||
|
printf -- "%s" "${TMP_URL}"| grep -Eq "^${url}" |
||||||
|
return $? |
||||||
|
} |
||||||
|
|
||||||
|
oem_get_bmc_url() |
||||||
|
{ |
||||||
|
# BMC URL is not standard yet |
||||||
|
# we need per vendor oem commands |
||||||
|
case "$BMC_VENDOR" in |
||||||
|
$DELL) TMP_URL=$(${IPMI_GET_SYSINFO} delloem_url 2> /dev/null) |
||||||
|
;; |
||||||
|
# Add OEM specific commands |
||||||
|
# Example: |
||||||
|
# $OTHER_OEM) |
||||||
|
# TMP_URL=$(${IPMI_GET_SYSINFO} otheroem_url 2> /dev/null) |
||||||
|
# ;; |
||||||
|
*) TMP_URL="" ;; |
||||||
|
esac |
||||||
|
|
||||||
|
valid_url && BMC_URL=${TMP_URL} || BMC_URL="" |
||||||
|
} |
||||||
|
|
||||||
|
valid_ip() |
||||||
|
{ |
||||||
|
#Thanks to mkyong.com |
||||||
|
octet="([01]?[[:digit:]][[:digit:]]?|2[0-4][[:digit:]]|25[0-5])" |
||||||
|
|
||||||
|
printf -- "%s" "${TMP_IPv4}"| grep -Eq "^${octet}\\.${octet}\\.${octet}\\.${octet}$" |
||||||
|
return $? |
||||||
|
} |
||||||
|
|
||||||
|
get_bmc_ip() |
||||||
|
{ |
||||||
|
#Thanks to http://ingvar.blog.redpill-linpro.com |
||||||
|
for CHANNEL in `seq 1 14` |
||||||
|
do |
||||||
|
[ $(${IPMI_TOOL} lan print ${CHANNEL} 2>/dev/null \ |
||||||
|
| grep -q "^Set") ] || break |
||||||
|
done |
||||||
|
|
||||||
|
# Get BMC_IPv4 and BMC_URL from BMC |
||||||
|
TMP_IPv4=$(${IPMI_TOOL} lan print ${CHANNEL} 2>/dev/null \ |
||||||
|
| sed -n "s#^IP Address .*: ##p") |
||||||
|
|
||||||
|
valid_ip && BMC_IPv4=${TMP_IPv4} || BMC_IPv4="" |
||||||
|
} |
||||||
|
|
||||||
|
get_bmc_info() |
||||||
|
{ |
||||||
|
get_bmc_ip |
||||||
|
if [ -z "${BMC_IPv4}" ] || [ "${BMC_IPv4}" = "0.0.0.0" ]; then |
||||||
|
BMC_IPv4="" |
||||||
|
RETVAL=5 |
||||||
|
else |
||||||
|
# URL makes sense only if there is an IP |
||||||
|
oem_get_bmc_url |
||||||
|
fi |
||||||
|
} |
||||||
|
|
||||||
|
set_bmc_info() |
||||||
|
{ |
||||||
|
if [ ! $(touch "${BMC_INFO}" && chmod 600 "${BMC_INFO}") ]; then |
||||||
|
printf "BMC_IPv4=%s\n" "${BMC_IPv4}" > "${BMC_INFO}" |
||||||
|
[ -n "${BMC_URL}" ] && \ |
||||||
|
printf "BMC_URL=%s\n" "${BMC_URL}" >> "${BMC_INFO}" |
||||||
|
else |
||||||
|
RETVAL=5 |
||||||
|
fi |
||||||
|
} |
||||||
|
|
||||||
|
unset_bmc_info() |
||||||
|
{ |
||||||
|
[ -f ${BMC_INFO} ] && rm -f ${BMC_INFO} > /dev/null 2>&1 |
||||||
|
} |
||||||
|
|
||||||
|
############################################################################# |
||||||
|
start() |
||||||
|
{ |
||||||
|
if bmc_exists; then |
||||||
|
[ "${SET_OS_INFO}" = "yes" ] && \ |
||||||
|
get_os_info && set_os_info |
||||||
|
|
||||||
|
if [ "${SET_BMC_INFO}" = "yes" ]; then |
||||||
|
get_bmc_info |
||||||
|
if [ ${RETVAL} -eq 0 ]; then |
||||||
|
set_bmc_info |
||||||
|
fi |
||||||
|
fi |
||||||
|
fi |
||||||
|
} |
||||||
|
|
||||||
|
############################################################################# |
||||||
|
stop() |
||||||
|
{ |
||||||
|
if bmc_exists; then |
||||||
|
# reset OS info while system reboots |
||||||
|
# aids with debugging OS boot-up issues |
||||||
|
if [ "${RESET_OS_INFO}" = "yes" ]; then |
||||||
|
set_os_info reset |
||||||
|
fi |
||||||
|
unset_bmc_info |
||||||
|
fi |
||||||
|
} |
||||||
|
|
||||||
|
############################################################################# |
||||||
|
restart() |
||||||
|
{ |
||||||
|
stop |
||||||
|
[ $RETVAL -eq 0 ] && start |
||||||
|
} |
||||||
|
|
||||||
|
############################################################################# |
||||||
|
status() |
||||||
|
{ |
||||||
|
[ -r ${BMC_INFO} ] && \ |
||||||
|
grep -q "BMC_IPv4" "${BMC_INFO}" >/dev/null 1>&2 && \ |
||||||
|
BMC_STATUS="ok" || BMC_STATUS="inactive" |
||||||
|
${OUTPUT} "${SCRIPT_NAME}: ${BMC_STATUS}" 1>&2 |
||||||
|
[ ${GETTEXT} -eq 1 ] && echo |
||||||
|
} |
||||||
|
|
||||||
|
############################################################################# |
||||||
|
usage() |
||||||
|
{ |
||||||
|
${OUTPUT} "Usage: ${SCRIPT_NAME} {start|stop|restart|status}" 1>&2 |
||||||
|
[ ${GETTEXT} -eq 1 ] && echo |
||||||
|
RETVAL=1 |
||||||
|
} |
||||||
|
|
||||||
|
############################################################################# |
||||||
|
# MAIN |
||||||
|
############################################################################# |
||||||
|
case "$1" in |
||||||
|
start) start ;; |
||||||
|
stop) stop ;; |
||||||
|
restart) restart ;; |
||||||
|
status) status ;; |
||||||
|
*) usage ;; |
||||||
|
esac |
||||||
|
|
||||||
|
case "$RETVAL" in |
||||||
|
0|1) ;; |
||||||
|
2) ${OUTPUT} "${SCRIPT_NAME}: ipmitool(1) not found." 1>&2 ;; |
||||||
|
3) ${OUTPUT} "${SCRIPT_NAME}: this version of ipmitool does not support getsysinfo." 1>&2 ;; |
||||||
|
4) ${OUTPUT} "${SCRIPT_NAME}: failed to communicate with BMC." 1>&2 ;; |
||||||
|
5) ${OUTPUT} "${SCRIPT_NAME}: failed to set OS information in BMC." 1>&2 ;; |
||||||
|
6) ${OUTPUT} "${SCRIPT_NAME}: failed to get BMC information." 1>&2 ;; |
||||||
|
*) ${OUTPUT} "${SCRIPT_NAME}: unexpected error." 1>&2 ;; |
||||||
|
esac |
||||||
|
|
||||||
|
if [ ${RETVAL} -gt 1 ]; then |
||||||
|
${OUTPUT} " Return code: ${RETVAL}" 1>&2 |
||||||
|
[ ${GETTEXT} -eq 1 ] && echo |
||||||
|
fi |
||||||
|
|
||||||
|
|
||||||
|
exit ${RETVAL} |
||||||
|
|
||||||
|
############################################################################# |
||||||
|
# end of file |
||||||
|
############################################################################# |
@ -0,0 +1,13 @@ |
|||||||
|
[Unit] |
||||||
|
Description=Exchange Information between BMC and OS |
||||||
|
After=ipmi.service network.target |
||||||
|
Requires=ipmi.service |
||||||
|
|
||||||
|
[Service] |
||||||
|
Type=oneshot |
||||||
|
RemainAfterExit=yes |
||||||
|
ExecStart=/usr/libexec/exchange-bmc-os-info start |
||||||
|
ExecStop=/usr/libexec/exchange-bmc-os-info stop |
||||||
|
|
||||||
|
[Install] |
||||||
|
WantedBy=multi-user.target |
@ -0,0 +1,26 @@ |
|||||||
|
# exchange-bmc-os-info |
||||||
|
# |
||||||
|
# Config file to control Exchange of information between |
||||||
|
# the OS and Service Processor/Baseboard Management Controller (BMC) |
||||||
|
# |
||||||
|
# See here for details |
||||||
|
# https://fedoraproject.org/wiki/Features/AgentFreeManagement |
||||||
|
|
||||||
|
### Set OS Info in BMC/Service Processor ### |
||||||
|
# Name: SET_OS_INFO |
||||||
|
# Description: Set OS Name, Version and Hostname in the Service Processor (BMC) |
||||||
|
# Default: yes |
||||||
|
SET_OS_INFO="yes" |
||||||
|
|
||||||
|
### Reset OS Info in BMC/Service Processor ### |
||||||
|
# Name: RESET_OS_INFO |
||||||
|
# Description: Reset OS Name, Version and Hostname in the Service Processor (BMC). |
||||||
|
# Useful when the OS Name/Hostname should be empty on reboot |
||||||
|
# Default: no |
||||||
|
RESET_OS_INFO="no" |
||||||
|
|
||||||
|
### Set BMC/Service Processor Info in OS ### |
||||||
|
# Name; SET_BMC_INFO |
||||||
|
# Description: Set IP Address and URL of Service Processor/BMC in /run/bmc-info |
||||||
|
# Default: yes |
||||||
|
SET_BMC_INFO="yes" |
@ -0,0 +1,13 @@ |
|||||||
|
[Unit] |
||||||
|
Description=Ipmievd Daemon |
||||||
|
After=syslog.target |
||||||
|
After=ipmi.service |
||||||
|
|
||||||
|
[Service] |
||||||
|
EnvironmentFile=-/etc/sysconfig/ipmievd |
||||||
|
ExecStart=/usr/sbin/ipmievd $IPMIEVD_OPTIONS |
||||||
|
Type=forking |
||||||
|
PIDFile=/var/run/ipmievd.pid |
||||||
|
|
||||||
|
[Install] |
||||||
|
WantedBy=multi-user.target |
@ -0,0 +1 @@ |
|||||||
|
IPMIEVD_OPTIONS="sel daemon pidfile=/var/run/ipmievd.pid" |
@ -0,0 +1,11 @@ |
|||||||
|
# Export BMC URL |
||||||
|
# |
||||||
|
|
||||||
|
BMC_INFO="/var/run/bmc-info" |
||||||
|
|
||||||
|
if [ "$(id -u)" = "0" ]; then |
||||||
|
[ -f ${BMC_INFO} ] && . ${BMC_INFO} && \ |
||||||
|
export "${BMC_URL}" "${BMC_IPv4}" >/dev/null 2>&1 |
||||||
|
fi |
||||||
|
|
||||||
|
unset BMC_INFO |
@ -0,0 +1,389 @@ |
|||||||
|
%global _hardened_build 1 |
||||||
|
|
||||||
|
Name: ipmitool |
||||||
|
Summary: Utility for IPMI control |
||||||
|
Version: 1.8.18 |
||||||
|
Release: 9%{?dist} |
||||||
|
License: BSD |
||||||
|
Group: System Environment/Base |
||||||
|
URL: http://ipmitool.sourceforge.net/ |
||||||
|
Source0: http://downloads.sourceforge.net/project/%{name}/%{name}/%{version}/%{name}-%{version}.tar.bz2 |
||||||
|
Source1: openipmi-ipmievd.sysconf |
||||||
|
Source2: ipmievd.service |
||||||
|
Source3: exchange-bmc-os-info.service |
||||||
|
Source4: exchange-bmc-os-info.sysconf |
||||||
|
Source5: set-bmc-url.sh |
||||||
|
Source6: exchange-bmc-os-info |
||||||
|
|
||||||
|
BuildRequires: openssl-devel readline-devel ncurses-devel |
||||||
|
BuildRequires: systemd-units |
||||||
|
# bootstrap |
||||||
|
BuildRequires: automake autoconf libtool |
||||||
|
Requires:OpenIPMI-modalias |
||||||
|
Requires(post): systemd-sysv |
||||||
|
Requires(post): systemd-units |
||||||
|
Requires(preun): systemd-units |
||||||
|
Requires(postun): systemd-units |
||||||
|
Obsoletes: OpenIPMI-tools < 2.0.14-3 |
||||||
|
Provides: OpenIPMI-tools = 2.0.14-3 |
||||||
|
|
||||||
|
Patch1: 0001-ipmitool-1.8.10-ipmievd-init.patch.patch |
||||||
|
Patch2: 0002-ipmitool-1.8.10-ipmievd-condrestart.patch.patch |
||||||
|
Patch4: 0004-ipmitool-1.8.11-set-kg-key.patch.patch |
||||||
|
Patch7: 0007-ipmitool-1.8.11-remove-umask0.patch.patch |
||||||
|
Patch9: 0009-ipmitool-1.8.11-bz1126333-slowswid.patch.patch |
||||||
|
Patch10: 0010-ipmitool-1.8.11-bz878614-overname.patch.patch |
||||||
|
Patch15: 0015-ID-390-Support-for-new-Communication-Interface-USB-M.patch |
||||||
|
Patch16: 0016-ipmitool-1.8.18-verbose.patch |
||||||
|
Patch17: 0017-ipmitool-1.8.18-check-input-values.patch |
||||||
|
Patch18: 0018-CVE-2020-5208.patch |
||||||
|
Patch19: 0019-CVE-2020-5208_2.patch |
||||||
|
|
||||||
|
|
||||||
|
%description |
||||||
|
This package contains a utility for interfacing with devices that support |
||||||
|
the Intelligent Platform Management Interface specification. IPMI is |
||||||
|
an open standard for machine health, inventory, and remote power control. |
||||||
|
|
||||||
|
This utility can communicate with IPMI-enabled devices through either a |
||||||
|
kernel driver such as OpenIPMI or over the RMCP LAN protocol defined in |
||||||
|
the IPMI specification. IPMIv2 adds support for encrypted LAN |
||||||
|
communications and remote Serial-over-LAN functionality. |
||||||
|
|
||||||
|
It provides commands for reading the Sensor Data Repository (SDR) and |
||||||
|
displaying sensor values, displaying the contents of the System Event |
||||||
|
Log (SEL), printing Field Replaceable Unit (FRU) information, reading and |
||||||
|
setting LAN configuration, and chassis power control. |
||||||
|
|
||||||
|
%package -n bmc-snmp-proxy |
||||||
|
Requires: net-snmp |
||||||
|
Requires: exchange-bmc-os-info |
||||||
|
Requires:OpenIPMI-modalias |
||||||
|
BuildArch: noarch |
||||||
|
Summary: Reconfigure SNMP to include host SNMP agent within BMC |
||||||
|
%description -n bmc-snmp-proxy |
||||||
|
Given a host with BMC, this package would extend system configuration |
||||||
|
of net-snmp to include redirections to BMC based SNMP. |
||||||
|
|
||||||
|
|
||||||
|
%package -n exchange-bmc-os-info |
||||||
|
Requires: hostname |
||||||
|
Requires: ipmitool OpenIPMI |
||||||
|
Requires:OpenIPMI-modalias |
||||||
|
BuildArch: noarch |
||||||
|
Requires(post): systemd-sysv |
||||||
|
Requires(post): systemd-units |
||||||
|
Requires(preun): systemd-units |
||||||
|
Requires(postun): systemd-units |
||||||
|
|
||||||
|
Summary: Let OS and BMC exchange info |
||||||
|
|
||||||
|
%description -n exchange-bmc-os-info |
||||||
|
Given a host with BMC, this package would pass the hostname & |
||||||
|
OS information to the BMC and also capture the BMC ip info |
||||||
|
for the host OS to use. |
||||||
|
|
||||||
|
|
||||||
|
%prep |
||||||
|
|
||||||
|
%setup -q |
||||||
|
|
||||||
|
%patch1 -p1 |
||||||
|
%patch2 -p1 |
||||||
|
%patch4 -p1 |
||||||
|
%patch7 -p1 |
||||||
|
%patch9 -p1 |
||||||
|
%patch10 -p1 |
||||||
|
%patch15 -p1 |
||||||
|
%patch16 -p1 |
||||||
|
%patch17 -p1 |
||||||
|
%patch18 -p1 |
||||||
|
%patch19 -p1 |
||||||
|
|
||||||
|
for f in AUTHORS ChangeLog; do |
||||||
|
iconv -f iso-8859-1 -t utf8 < ${f} > ${f}.utf8 |
||||||
|
mv ${f}.utf8 ${f} |
||||||
|
done |
||||||
|
|
||||||
|
%build |
||||||
|
# --disable-dependency-tracking speeds up the build |
||||||
|
# --enable-file-security adds some security checks |
||||||
|
# --disable-intf-free disables FreeIPMI support - we don't want to depend on |
||||||
|
# FreeIPMI libraries, FreeIPMI has its own ipmitoool-like utility. |
||||||
|
|
||||||
|
# begin: release auto-tools |
||||||
|
# Used to be needed by aarch64 support, now only cxoem patch makefiles are left. |
||||||
|
aclocal |
||||||
|
libtoolize --automake --copy |
||||||
|
autoheader |
||||||
|
automake --foreign --add-missing --copy |
||||||
|
aclocal |
||||||
|
autoconf |
||||||
|
automake --foreign |
||||||
|
# end: release auto-tools |
||||||
|
|
||||||
|
%configure \ |
||||||
|
CFLAGS="%{optflags} -fno-strict-aliasing" \ |
||||||
|
--disable-dependency-tracking --enable-file-security --disable-intf-free |
||||||
|
make %{?_smp_mflags} |
||||||
|
|
||||||
|
%install |
||||||
|
make DESTDIR=%{buildroot} install |
||||||
|
|
||||||
|
install -Dpm 644 %{SOURCE2} %{buildroot}%{_unitdir}/ipmievd.service |
||||||
|
install -Dpm 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/sysconfig/ipmievd |
||||||
|
install -Dm 644 %{SOURCE3} %{buildroot}%{_unitdir}/exchange-bmc-os-info.service |
||||||
|
install -Dm 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/exchange-bmc-os-info |
||||||
|
install -Dm 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/profile.d/set-bmc-url.sh |
||||||
|
install -Dm 755 %{SOURCE6} %{buildroot}%{_libexecdir}/exchange-bmc-os-info |
||||||
|
|
||||||
|
|
||||||
|
install -Dm 644 contrib/bmc-snmp-proxy.sysconf %{buildroot}%{_sysconfdir}/sysconfig/bmc-snmp-proxy |
||||||
|
install -Dm 644 contrib/bmc-snmp-proxy.service %{buildroot}%{_unitdir}/bmc-snmp-proxy.service |
||||||
|
install -Dm 755 contrib/bmc-snmp-proxy %{buildroot}%{_libexecdir}/bmc-snmp-proxy |
||||||
|
|
||||||
|
%post |
||||||
|
%systemd_post ipmievd.service |
||||||
|
|
||||||
|
%preun |
||||||
|
%systemd_preun ipmievd.service |
||||||
|
|
||||||
|
%postun |
||||||
|
%systemd_postun_with_restart ipmievd.service |
||||||
|
|
||||||
|
%post -n exchange-bmc-os-info |
||||||
|
%systemd_post exchange-bmc-os-info.service |
||||||
|
|
||||||
|
%preun -n exchange-bmc-os-info |
||||||
|
%systemd_preun exchange-bmc-os-info.service |
||||||
|
|
||||||
|
%postun -n exchange-bmc-os-info |
||||||
|
%systemd_postun_with_restart exchange-bmc-os-info.service |
||||||
|
|
||||||
|
|
||||||
|
%triggerun -- ipmievd < 1.8.11-7 |
||||||
|
# Save the current service runlevel info |
||||||
|
# User must manually run systemd-sysv-convert --apply ipmievd |
||||||
|
# to migrate them to systemd targets |
||||||
|
/usr/bin/systemd-sysv-convert --save ipmievd >/dev/null 2>&1 ||: |
||||||
|
|
||||||
|
# Run these because the SysV package being removed won't do them |
||||||
|
/sbin/chkconfig --del ipmievd >/dev/null 2>&1 || : |
||||||
|
/bin/systemctl try-restart ipmievd.service >/dev/null 2>&1 || : |
||||||
|
|
||||||
|
%files |
||||||
|
%config(noreplace) %{_sysconfdir}/sysconfig/ipmievd |
||||||
|
%{_unitdir}/ipmievd.service |
||||||
|
%{_bindir}/* |
||||||
|
%{_sbindir}/* |
||||||
|
%{_mandir}/man*/* |
||||||
|
%doc %{_datadir}/doc/ipmitool |
||||||
|
%{_datadir}/ipmitool |
||||||
|
|
||||||
|
%files -n exchange-bmc-os-info |
||||||
|
%config(noreplace) %{_sysconfdir}/sysconfig/exchange-bmc-os-info |
||||||
|
%{_sysconfdir}/profile.d/set-bmc-url.sh |
||||||
|
%{_unitdir}/exchange-bmc-os-info.service |
||||||
|
%{_libexecdir}/exchange-bmc-os-info |
||||||
|
|
||||||
|
%files -n bmc-snmp-proxy |
||||||
|
%config(noreplace) %{_sysconfdir}/sysconfig/bmc-snmp-proxy |
||||||
|
%{_unitdir}/bmc-snmp-proxy.service |
||||||
|
%{_libexecdir}/bmc-snmp-proxy |
||||||
|
|
||||||
|
%changelog |
||||||
|
* Wed Mar 04 2020 Václav Doležal <vdolezal@redhat.com> - 0:1.8.18-9 |
||||||
|
- Disable -fstrict-aliasing (RPMDiff issue) |
||||||
|
|
||||||
|
* Tue Mar 03 2020 Václav Doležal <vdolezal@redhat.com> - 0:1.8.18-8 |
||||||
|
- Backport fix for CVE-2020-5208 |
||||||
|
|
||||||
|
* Tue Feb 06 2018 Josef Ridky <jridky@redhat.com> - 0:1.8.18-7 |
||||||
|
- Remove debug prints shown without -v option (#1483163) |
||||||
|
|
||||||
|
* Tue Oct 03 2017 Josef Ridky <jridky@redhat.com> - 0:1.8.18-6 |
||||||
|
- Hide unrequested verbose output (#1483163) |
||||||
|
- Fix doc for check input values (#1495098) |
||||||
|
|
||||||
|
* Mon Apr 10 2017 Josef Ridky <jridky@redhat.com> - 0:1.8.18-5 |
||||||
|
- Remove RPMDiff fix file (#1439269) related to #1398658 |
||||||
|
|
||||||
|
* Tue Feb 21 2017 Josef Ridky <jridky@redhat.com> - 0:1.8.18-4 |
||||||
|
- Fix RPMDiff issues and rebuild |
||||||
|
|
||||||
|
* Thu Feb 16 2017 Josef Ridky <jridky@redhat.com> - 0:1.8.18-3 |
||||||
|
- Fix issues with warning: dereferencing type-punned pointer |
||||||
|
will break strict-aliasing rules from RPMDiff |
||||||
|
|
||||||
|
* Mon Feb 13 2017 Josef Ridky <jridky@redhat.com> - 0:1.8.18-2 |
||||||
|
- Fix issue in file sources |
||||||
|
|
||||||
|
* Thu Feb 02 2017 Josef Ridky <jridky@redhat.com> - 0:1.8.18-1 |
||||||
|
- New upstream release 1.8.18 (#1398658) |
||||||
|
|
||||||
|
* Tue May 03 2016 Boris Ranto <branto@redhat.com> - 0:1.8.15-7 |
||||||
|
- New release (0:1.8.15-7) |
||||||
|
- ID:437 - sel: Fix "sel time set <time>" |
||||||
|
- ID 408 - fix sel list last X listing |
||||||
|
|
||||||
|
* Thu Mar 24 2016 Boris Ranto <branto@redhat.com> - 1.8.15-6 |
||||||
|
- Fix missing return in ipmi_kontronoem_main() - CID#1261317 |
||||||
|
|
||||||
|
* Fri Feb 19 2016 Boris Ranto <branto@redhat.com> - 1.8.15-5 |
||||||
|
- allow to upgrade the latest HPM files using usb options |
||||||
|
- resolves: rhbz#1257316 |
||||||
|
|
||||||
|
* Thu Feb 18 2016 Boris Ranto <branto@redhat.com> - 1.8.15-4 |
||||||
|
- use meaningful generator ID for ipmitool sel |
||||||
|
- resolves: rhbz#1289507 |
||||||
|
|
||||||
|
* Thu Feb 18 2016 Boris Ranto <branto@redhat.com> - 1.8.15-3 |
||||||
|
- perform a hardened build |
||||||
|
- resolves: rhbz#1092551 |
||||||
|
|
||||||
|
* Thu Feb 18 2016 Boris Ranto <branto@redhat.com> - 1.8.15-2 |
||||||
|
- avoid assert on mismatched session ID |
||||||
|
- resolves: rhbz#1286035 |
||||||
|
|
||||||
|
* Fri Dec 11 2015 Boris Ranto <branto@redhat.com> - 1.8.15-1 |
||||||
|
- rebase to latest stable upstream version |
||||||
|
- resolves: rhbz#1269523 |
||||||
|
|
||||||
|
* Mon Mar 09 2015 Ales Ledvinka <aledvink@redhat.com> - 1.8.13-8 |
||||||
|
- Chassis boot parameter settings support. |
||||||
|
|
||||||
|
* Wed Mar 05 2014 Ales Ledvinka <aledvink@redhat.com> - 1.8.13-7 |
||||||
|
- Allow setting channel Kg key. |
||||||
|
|
||||||
|
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.8.13-6 |
||||||
|
- Mass rebuild 2014-01-24 |
||||||
|
|
||||||
|
* Mon Jan 20 2014 Ales Ledvinka <aledvink@redhat.com> 1.8.13-5 |
||||||
|
- bmc-snmp-proxy upstream bugfixes. |
||||||
|
|
||||||
|
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.8.13-4 |
||||||
|
- Mass rebuild 2013-12-27 |
||||||
|
|
||||||
|
* Tue Nov 5 2013 Ales Ledvinka <aledvink@redhat.com> 1.8.13-3 |
||||||
|
- Cleanup of dual bridge option. |
||||||
|
|
||||||
|
* Tue Oct 15 2013 Ales Ledvinka <aledvink@redhat.com> 1.8.13-2 |
||||||
|
- BMC SNMP agent redirection |
||||||
|
|
||||||
|
* Mon Oct 14 2013 Ales Ledvinka <aledvink@redhat.com> 1.8.13-1 |
||||||
|
- Upstream release 1.8.13 |
||||||
|
|
||||||
|
* Fri Aug 09 2013 Ales Ledvinka <aledvink@redhat.com> 1.8.12-13073103 |
||||||
|
- Avoid FIPS mode crashes if possible. |
||||||
|
- Document FIPS limitations. |
||||||
|
|
||||||
|
* Wed Jul 31 2013 Ales Ledvinka <aledvink@redhat.com> 1.8.12-13073101 |
||||||
|
- Include current upstream bugfixes. |
||||||
|
|
||||||
|
* Thu Jul 25 2013 Ales Ledvinka <aledvink@redhat.com> 1.8.12-16 |
||||||
|
- Calxeda OEM extensions. |
||||||
|
|
||||||
|
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.12-15 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild |
||||||
|
|
||||||
|
* Mon Dec 17 2012 Praveen K Paladugu <praveen_paladugu@dell.com> - 1.8.12-14 |
||||||
|
- Updated the exchange-bmc-os-info's service file with Requires stmt |
||||||
|
|
||||||
|
* Fri Dec 14 2012 Ales Ledvinka <aledvink@redhat.com> 1.8.12-13 |
||||||
|
- fixed argument parsing leaks |
||||||
|
- ask user for password only once and do so only when interactive password |
||||||
|
is the chosen password method. |
||||||
|
|
||||||
|
* Thu Dec 13 2012 Praveen K Paladugu <praveen_paladugu@dell.com> - 1.8.12-12 |
||||||
|
- Removed the extra symbols in the patch, as the build is failing. |
||||||
|
|
||||||
|
* Thu Dec 13 2012 Praveen K Paladugu <praveen_paladugu@dell.com> - 1.8.12-11 |
||||||
|
- Subpackage for exchange-bmc-os-info as it requires OPenIPMI |
||||||
|
|
||||||
|
* Wed Dec 12 2012 Ales Ledvinka <aledvink@redhat.com> 1.8.12-10 |
||||||
|
- documented fixed and conditional defaults. adjusted synopsis |
||||||
|
|
||||||
|
* Tue Dec 4 2012 Ales Ledvinka <aledvink@redhat.com> 1.8.12-9 |
||||||
|
- fixed ipmitool documentation |
||||||
|
|
||||||
|
* Fri Nov 30 2012 Praveen K Paladugu <praveen_paladugu@dell.com> 1.8.12-8 |
||||||
|
- service & scripts to allow OS to capture BMC's IP & URL info |
||||||
|
- Also pass the OS information to BMC |
||||||
|
- patches submitted by Charles Rose (charles_rose[at]dell.com) |
||||||
|
|
||||||
|
* Fri Nov 16 2012 Ales Ledvinka <aledvink@redhat.com> 1.8.12-7 |
||||||
|
- failed sol session activation crashes while logging exit |
||||||
|
|
||||||
|
* Fri Nov 16 2012 Ales Ledvinka <aledvink@redhat.com> 1.8.12-6 |
||||||
|
- revert default cipersuite back to 3 which includes integrity and confidentiality |
||||||
|
|
||||||
|
* Thu Oct 18 2012 Dan Horák <dan[at]danny.cz> - 1.8.12-5 |
||||||
|
- fix build on big endian arches |
||||||
|
|
||||||
|
* Wed Oct 17 2012 Ales Ledvinka <aledvink@redhat.cz> 1.8.12-4 |
||||||
|
- support setting OS name and Hostname on BMC |
||||||
|
|
||||||
|
* Tue Sep 04 2012 Dan Horák <dan[at]danny.cz> - 1.8.12-3 |
||||||
|
- fix build on big endian arches |
||||||
|
|
||||||
|
* Mon Aug 27 2012 Jan Safranek <jsafrane@redhat.com> - 1.8.12-2 |
||||||
|
- Fixed starting ipmievd under systemd (#819234). |
||||||
|
- Updated RPM scriplets with latest systemd-rpm macros (#850161) |
||||||
|
|
||||||
|
* Fri Aug 10 2012 Jan Safranek <jsafrane@redhat.com> - 1.8.12-1 |
||||||
|
- update to ipmitool-1.8.12 |
||||||
|
|
||||||
|
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.11-12 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild |
||||||
|
|
||||||
|
* Tue May 22 2012 Jan Safranek <jsafrane@redhat.com> - 1.8.11-11 |
||||||
|
- start ipmievd.service after ipmi (#819234) |
||||||
|
|
||||||
|
* Thu Apr 26 2012 Jan Safranek <jsafrane@redhat.com> - 1.8.11-10 |
||||||
|
- fixed ipmievd.service systemd unit (#807757) |
||||||
|
|
||||||
|
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.11-9 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild |
||||||
|
|
||||||
|
* Tue Dec 13 2011 Jan Safranek <jsafrane@redhat.com> - 1.8.11-8 |
||||||
|
- fixed CVE-2011-4339 |
||||||
|
|
||||||
|
* Mon Sep 12 2011 Tom Callaway <spot@fedoraproject.org> - 1.8.11-7 |
||||||
|
- convert to systemd |
||||||
|
|
||||||
|
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.11-6 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild |
||||||
|
|
||||||
|
* Wed Mar 3 2010 Jan Safranek <jsafrane@redhat.com> - 1.8.11-5 |
||||||
|
- Fixed exit code of ipmievd initscript with wrong arguments |
||||||
|
|
||||||
|
* Mon Nov 2 2009 Jan Safranek <jsafrane@redhat.com> 1.8.11-4 |
||||||
|
- fix ipmievd initscript 'condrestart' action (#532188) |
||||||
|
|
||||||
|
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.8.11-3 |
||||||
|
- rebuilt with new openssl |
||||||
|
|
||||||
|
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.11-2 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild |
||||||
|
|
||||||
|
* Thu Feb 26 2009 Jan Safranek <jsafrane@redhat.com> 1.8.11-1 |
||||||
|
- updated to new version |
||||||
|
|
||||||
|
* Tue Feb 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.10-4 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild |
||||||
|
|
||||||
|
* Sat Jan 17 2009 Tomas Mraz <tmraz@redhat.com> 1.8.10-3 |
||||||
|
- rebuild with new openssl |
||||||
|
|
||||||
|
* Tue Oct 14 2008 Jan Safranek <jsafrane@redhat.com> 1.8.10-2 |
||||||
|
- fix issues found during package review: |
||||||
|
- clear Default-Start: line in the init script, the service should be |
||||||
|
disabled by default |
||||||
|
- added Obsoletes: OpenIPMI-tools |
||||||
|
- compile with --disable-dependency-tracking to speed things up |
||||||
|
- compile with --enable-file-security |
||||||
|
- compile with --disable-intf-free, don't depend on FreeIPMI libraries |
||||||
|
(FreeIPMI has its own ipmitool-like utility) |
||||||
|
|
||||||
|
* Mon Oct 13 2008 Jan Safranek <jsafrane@redhat.com> 1.8.10-1 |
||||||
|
- package created, based on upstream .spec file |
Loading…
Reference in new issue