diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000000000000000000000000000000000000..0a80fdce31f59c062e2abba28776e9521eddff30 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +*.gz filter=lfs diff=lfs merge=lfs -text diff --git a/.lfsconfig b/.lfsconfig new file mode 100644 index 0000000000000000000000000000000000000000..80059eec4595da77af8ac0225edc963b21e5aac4 --- /dev/null +++ b/.lfsconfig @@ -0,0 +1,2 @@ +[lfs] + url = https://artlfs.openeuler.openatom.cn/src-openEuler/OpenIPMI diff --git a/0001-man.patch b/0001-man.patch index da1a2fdbfb5a57c43b49c8dc66fd280d45f23115..0c4d0c3a167556ada5cee573dbb6c7a19d9230b5 100644 --- a/0001-man.patch +++ b/0001-man.patch @@ -54,7 +54,7 @@ index ff43d5c..9360507 100644 .SH CONFIGURATION diff --git a/man/ipmi_cmdlang.7 b/man/ipmi_cmdlang.7 -index 4d18e76..a6d73b9 100644 +index 917b7f5..7562cb0 100644 --- a/man/ipmi_cmdlang.7 +++ b/man/ipmi_cmdlang.7 @@ -246,7 +246,7 @@ instance, the command to create a domain is @@ -450,10 +450,10 @@ index 1479a1b..ada15d8 100644 .TP diff --git a/sample/ipmicmd.c b/sample/ipmicmd.c -index 6cbcdc5..5f5c1ec 100644 +index 8f121ac..72d7c82 100644 --- a/sample/ipmicmd.c +++ b/sample/ipmicmd.c -@@ -124,6 +124,7 @@ void usage(void) +@@ -105,6 +105,7 @@ void usage(void) printf("%s [-k ] [-v] \n", progname); printf("Where is one of:"); ipmi_parse_args_iter_help(con_usage, NULL); @@ -462,10 +462,10 @@ index 6cbcdc5..5f5c1ec 100644 char * diff --git a/sample/rmcp_ping.c b/sample/rmcp_ping.c -index 7814792..5778fea 100644 +index 4bc8592..92b39f2 100644 --- a/sample/rmcp_ping.c +++ b/sample/rmcp_ping.c -@@ -156,6 +156,11 @@ main(int argc, char *argv[]) +@@ -153,6 +153,11 @@ main(int argc, char *argv[]) if (strcmp(argv[i], "--") == 0) { i++; break; @@ -478,10 +478,10 @@ index 7814792..5778fea 100644 i++; if (i >= argc) { diff --git a/sample/solterm.c b/sample/solterm.c -index 38a3f9d..a3e52de 100644 +index fb4ff5d..074e6d7 100644 --- a/sample/solterm.c +++ b/sample/solterm.c -@@ -743,7 +743,12 @@ int main(int argc, char *argv[]) +@@ -762,7 +762,12 @@ int main(int argc, char *argv[]) /* Now we make sure "lan" is the first argument so we get the right connection type... */ @@ -496,12 +496,12 @@ index 38a3f9d..a3e52de 100644 progname); exit(1); diff --git a/ui/basic_ui.c b/ui/basic_ui.c -index 6993eb2..84889cb 100644 +index c564017..66b08fe 100644 --- a/ui/basic_ui.c +++ b/ui/basic_ui.c -@@ -306,6 +306,26 @@ snmp_init(os_handler_t *os_hnd) +@@ -273,6 +273,26 @@ snmp_init(os_handler_t *os_hnd) static void snmp_setup_fds(os_handler_t *os_hnd) { } - #endif /* HAVE_UCDSNMP */ + #endif /* HAVE_NETSNMP */ +void help(void) +{ @@ -526,7 +526,7 @@ index 6993eb2..84889cb 100644 int main(int argc, char *argv[]) { -@@ -327,6 +347,11 @@ main(int argc, char *argv[]) +@@ -294,6 +314,11 @@ main(int argc, char *argv[]) curr_arg++; if (strcmp(arg, "--") == 0) { break; diff --git a/OpenIPMI-2.0.34.tar.gz b/OpenIPMI-2.0.34.tar.gz deleted file mode 100644 index 2f2cc1a00c41effe431213c1c08bfd923ce2f546..0000000000000000000000000000000000000000 Binary files a/OpenIPMI-2.0.34.tar.gz and /dev/null differ diff --git a/OpenIPMI-2.0.37.tar.gz b/OpenIPMI-2.0.37.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..288d2fb0811dd27a42aa0817f22ce45327c58da9 --- /dev/null +++ b/OpenIPMI-2.0.37.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c62d38f5da7df4299ac3a652508e959537752440181e34c76b2aecebd7f301b9 +size 2929014 diff --git a/OpenIPMI.spec b/OpenIPMI.spec index 299eef574f0ffb0de93e8ec669665b5926cdfa6b..3c7fcdcf25bc5fe4eb4d2d8780bf6fc8a5a8c269 100644 --- a/OpenIPMI.spec +++ b/OpenIPMI.spec @@ -1,8 +1,8 @@ Name: OpenIPMI -Version: 2.0.34 -Release: 2 +Version: 2.0.37 +Release: 1 Summary: IPMI (Intelligent Platform Management Interface) library and tools -License: LGPLv2+ and GPLv2+ or BSD +License: LGPL-2.1-or-later and GPL-2.0-or-later or BSD-3-Clause URL: https://sourceforge.net/projects/openipmi/ Source: https://downloads.sourceforge.net/openipmi/%{name}-%{version}.tar.gz Source1: openipmi.sysconf @@ -10,9 +10,6 @@ Source2: ipmi.service Source3: openipmi-helper Patch0: 0001-man.patch -Patch1: backport-0001-CVE-2024-42934.patch -Patch2: backport-0002-CVE-2024-42934.patch -Patch3: backport-0003-CVE-2024-42934.patch BuildRequires: make gdbm-devel swig glib2-devel net-snmp-devel ncurses-devel BuildRequires: openssl-devel python3-devel perl-devel perl-generators @@ -20,11 +17,11 @@ BuildRequires: pkgconfig libedit-devel automake autoconf libtool readline-dev %{?systemd_requires} BuildRequires: systemd -Provides: %{name}-libs -Obsoletes: %{name}-libs +Provides: %{name}-libs = %{version}-%{release} +Obsoletes: %{name}-libs < %{version}-%{release} -Provides: %{name}-lanserv -Obsoletes: %{name}-lanserv +Provides: %{name}-lanserv = %{version}-%{release} +Obsoletes: %{name}-lanserv < %{version}-%{release} %description This is the OpenIPMI library, a library that makes simplifies building @@ -35,7 +32,6 @@ information, and watchdogs. %package perl Summary: IPMI Perl language bindings -Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) Requires: %{name}%{?_isa} = %{version}-%{release} %description perl @@ -55,7 +51,7 @@ The OpenIPMI-python package contains the Python language bindings for OpenIPMI. %package devel Summary: The development environment for the OpenIPMI project -Requires: pkgconfig %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}%{?_isa} = %{version}-%{release} %description devel The OpenIPMI-devel package contains the development libraries and header files @@ -69,7 +65,6 @@ of the OpenIPMI project. %build %configure \ CFLAGS="-fPIC %{optflags} -z now -fno-strict-aliasing" \ - LDFLAGS="%{__global_ldflags} -Wl,--as-needed" \ --disable-dependency-tracking \ --disable-static \ --with-pythoninstall=%{python3_sitearch} \ @@ -108,8 +103,6 @@ make check %postun %systemd_postun_with_restart ipmi.service -%ldconfig_scriptlets - %triggerun -- OpenIPMI < 2.0.18-14 /usr/bin/systemd-sysv-convert --save ipmi >/dev/null 2>&1 ||: /bin/systemctl --no-reload enable ipmi.service >/dev/null 2>&1 ||: @@ -117,7 +110,6 @@ make check /bin/systemctl try-restart ipmi.service >/dev/null 2>&1 || : %files -%defattr(-,root,root) %license COPYING COPYING.BSD COPYING.LIB %config(noreplace) %{_sysconfdir}/sysconfig/ipmi %{_libexecdir}/openipmi-helper @@ -127,28 +119,26 @@ make check %{_unitdir}/ipmi.service %files perl -%defattr(-,root,root) %{perl_vendorarch}/OpenIPMI.pm %{perl_vendorarch}/auto/OpenIPMI %files -n python3-openipmi -%defattr(-,root,root) %{python3_sitearch}/*OpenIPMI* %{python3_sitearch}/__pycache__/OpenIPMI.*.pyc %files devel -%defattr(-,root,root) %{_includedir}/OpenIPMI %{_libdir}/*.so %{_libdir}/pkgconfig/*.pc %files help -%defattr(-,root,root) %doc README.MotorolaMXP README.Force README FAQ CONFIGURING_FOR_LAN %{_mandir}/man*/* -%exclude %{_mandir}/man1/openipmigui.1 %changelog +* Tue May 13 2025 Funda Wang - 2.0.37-1 +- update to 2.0.37 + * Fri Oct 11 2024 yanglu - 2.0.34-2 - Type:CVE - CVE:CVE-2024-42934 diff --git a/backport-0001-CVE-2024-42934.patch b/backport-0001-CVE-2024-42934.patch deleted file mode 100644 index 075f0f173f5bd23b19731d1df85b039f81237c93..0000000000000000000000000000000000000000 --- a/backport-0001-CVE-2024-42934.patch +++ /dev/null @@ -1,46 +0,0 @@ -From b52e8e2538b2b48ef6b63bff12b5cc9e2d52eff1 Mon Sep 17 00:00:00 2001 -From: Corey Minyard -Date: Mon, 29 Apr 2024 12:46:23 -0500 -Subject: [PATCH] lanserv: Check some bounds on incoming messages - -Signed-off-by: Corey Minyard - -Reference:https://sourceforge.net/p/openipmi/code/ci/b52e8e2538b2b48ef6b63bff12b5cc9e2d52eff1/ -Conflict:NA - ---- - lanserv/lanserv_ipmi.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c -index ccd6001..0ee6451 100644 ---- a/lanserv/lanserv_ipmi.c -+++ b/lanserv/lanserv_ipmi.c -@@ -882,6 +882,12 @@ handle_temp_session(lanserv_data_t *lan, msg_t *msg) - } - - auth = msg->data[0] & 0xf; -+ if (auth >= MAX_IPMI_AUTHS) { -+ lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg, -+ "Activate session failed: Invalid auth: 0x%x", auth); -+ return; -+ } -+ - user = &(lan->users[user_idx]); - if (! (user->valid)) { - lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg, -@@ -3034,6 +3040,11 @@ ipmi_handle_lan_msg(lanserv_data_t *lan, - } - - msg.authtype = data[4]; -+ if (msg.authtype >= MAX_IPMI_AUTHS) { -+ lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg, -+ "LAN msg failure: Invalid authtype"); -+ return; -+ } - msg.data = data+5; - msg.len = len - 5; - msg.channel = lan->channel.channel_num; --- -2.43.0 - diff --git a/backport-0002-CVE-2024-42934.patch b/backport-0002-CVE-2024-42934.patch deleted file mode 100644 index 3a43e58a2a8f6f507071262c0b94f30d7bdf4a31..0000000000000000000000000000000000000000 --- a/backport-0002-CVE-2024-42934.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 663e3cd3b6d1d9fc82267c7d7474320cb67e03a4 Mon Sep 17 00:00:00 2001 -From: Corey Minyard -Date: Sun, 2 Jun 2024 14:11:16 -0500 -Subject: [PATCH] lanserv: Fix an issue logging an error on a message - -A message structure was passed to the log, but it was not sufficiently -initialized and the logging program crashed. Rework the initialization -to make the message data ready and legal for the logging calls. - -Found-by: Fabio Massimo Di Nitto -Signed-off-by: Corey Minyard - -Reference:https://sourceforge.net/p/openipmi/code/ci/663e3cd3b6d1d9fc82267c7d7474320cb67e03a4/ -Conflict:NA - ---- - lanserv/lanserv_ipmi.c | 20 ++++++++++++++++---- - 1 file changed, 16 insertions(+), 4 deletions(-) - -diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c -index 0ee6451..1ef5710 100644 ---- a/lanserv/lanserv_ipmi.c -+++ b/lanserv/lanserv_ipmi.c -@@ -3022,17 +3022,33 @@ ipmi_handle_lan_msg(lanserv_data_t *lan, - { - msg_t msg; - -+ memset(&msg, 0, sizeof(msg)); -+ - msg.src_addr = from_addr; - msg.src_len = from_len; - - msg.oem_data = 0; - -+ msg.channel = lan->channel.channel_num; -+ msg.orig_channel = &lan->channel; -+ -+ /* -+ * Initialize the data so the log won't crash if it gets called, and -+ * so the log might have useful info. -+ */ -+ msg.data = data; -+ msg.len = len; -+ - if (len < 5) { - lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg, - "LAN msg failure: message too short"); - return; - } - -+ /* Length is at least marginally correct, skip the first part now. */ -+ msg.data = data + 5; -+ msg.len = len - 5; -+ - if (data[2] != 0xff) { - lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg, - "LAN msg failure: seq not ff"); -@@ -3045,10 +3061,6 @@ ipmi_handle_lan_msg(lanserv_data_t *lan, - "LAN msg failure: Invalid authtype"); - return; - } -- msg.data = data+5; -- msg.len = len - 5; -- msg.channel = lan->channel.channel_num; -- msg.orig_channel = &lan->channel; - - if (msg.authtype == IPMI_AUTHTYPE_RMCP_PLUS) { - ipmi_handle_rmcpp_msg(lan, &msg); --- -2.43.0 - diff --git a/backport-0003-CVE-2024-42934.patch b/backport-0003-CVE-2024-42934.patch deleted file mode 100644 index 8c512e6665226498ae4cbb605acb67ff70c3c4aa..0000000000000000000000000000000000000000 --- a/backport-0003-CVE-2024-42934.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 4c129d0540f3578ecc078d8612bbf84b6cd24c87 Mon Sep 17 00:00:00 2001 -From: Corey Minyard -Date: Thu, 1 Aug 2024 10:56:06 -0500 -Subject: [PATCH] lanserv: Fix an issue with authorization range checking - -A recent change added a range check on authorization type, but it didn't -take into account the RMCP authorization type that's special. Add a -check for that. - -Fixes: b52e8e2538b2b48ef6b6 "lanserv: Check some bounds on incoming messages" - -Signed-off-by: Corey Minyard - -Reference:https://sourceforge.net/p/openipmi/code/ci/4c129d0540f3578ecc078d8612bbf84b6cd24c87/ -Conflict:NA - ---- - lanserv/lanserv_ipmi.c | 11 ++++------- - 1 file changed, 4 insertions(+), 7 deletions(-) - -diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c -index 1ef5710..5de396e 100644 ---- a/lanserv/lanserv_ipmi.c -+++ b/lanserv/lanserv_ipmi.c -@@ -3056,18 +3056,15 @@ ipmi_handle_lan_msg(lanserv_data_t *lan, - } - - msg.authtype = data[4]; -- if (msg.authtype >= MAX_IPMI_AUTHS) { -- lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg, -- "LAN msg failure: Invalid authtype"); -- return; -- } -- - if (msg.authtype == IPMI_AUTHTYPE_RMCP_PLUS) { - ipmi_handle_rmcpp_msg(lan, &msg); -+ } else if (msg.authtype >= MAX_IPMI_AUTHS) { -+ lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg, -+ "LAN msg failure: Invalid authtype: %d", data[4]); -+ return; - } else { - ipmi_handle_rmcp_msg(lan, &msg); - } -- - } - - static void --- -2.43.0 -