diff --git a/OpenIPMI-2.0.34.tar.gz b/OpenIPMI-2.0.36.tar.gz similarity index 34% rename from OpenIPMI-2.0.34.tar.gz rename to OpenIPMI-2.0.36.tar.gz index 2f2cc1a00c41effe431213c1c08bfd923ce2f546..ac03efb29c9f44ad65f08b8c945655f674d558c0 100644 Binary files a/OpenIPMI-2.0.34.tar.gz and b/OpenIPMI-2.0.36.tar.gz differ diff --git a/OpenIPMI.spec b/OpenIPMI.spec index 299eef574f0ffb0de93e8ec669665b5926cdfa6b..434fe45f44936dd7aa0612b3025259c8a1c82d06 100644 --- a/OpenIPMI.spec +++ b/OpenIPMI.spec @@ -1,6 +1,6 @@ Name: OpenIPMI -Version: 2.0.34 -Release: 2 +Version: 2.0.36 +Release: 1 Summary: IPMI (Intelligent Platform Management Interface) library and tools License: LGPLv2+ and GPLv2+ or BSD URL: https://sourceforge.net/projects/openipmi/ @@ -10,9 +10,6 @@ Source2: ipmi.service Source3: openipmi-helper Patch0: 0001-man.patch -Patch1: backport-0001-CVE-2024-42934.patch -Patch2: backport-0002-CVE-2024-42934.patch -Patch3: backport-0003-CVE-2024-42934.patch BuildRequires: make gdbm-devel swig glib2-devel net-snmp-devel ncurses-devel BuildRequires: openssl-devel python3-devel perl-devel perl-generators @@ -149,6 +146,12 @@ make check %exclude %{_mandir}/man1/openipmigui.1 %changelog +* Wed Feb 26 2025 yanglu - 2.0.36-1 +- Type:requirement +- CVE:NA +- SUG:NA +- DESC:update OpenIPMI version to 2.0.36 + * Fri Oct 11 2024 yanglu - 2.0.34-2 - Type:CVE - CVE:CVE-2024-42934 diff --git a/backport-0001-CVE-2024-42934.patch b/backport-0001-CVE-2024-42934.patch deleted file mode 100644 index 075f0f173f5bd23b19731d1df85b039f81237c93..0000000000000000000000000000000000000000 --- a/backport-0001-CVE-2024-42934.patch +++ /dev/null @@ -1,46 +0,0 @@ -From b52e8e2538b2b48ef6b63bff12b5cc9e2d52eff1 Mon Sep 17 00:00:00 2001 -From: Corey Minyard -Date: Mon, 29 Apr 2024 12:46:23 -0500 -Subject: [PATCH] lanserv: Check some bounds on incoming messages - -Signed-off-by: Corey Minyard - -Reference:https://sourceforge.net/p/openipmi/code/ci/b52e8e2538b2b48ef6b63bff12b5cc9e2d52eff1/ -Conflict:NA - ---- - lanserv/lanserv_ipmi.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c -index ccd6001..0ee6451 100644 ---- a/lanserv/lanserv_ipmi.c -+++ b/lanserv/lanserv_ipmi.c -@@ -882,6 +882,12 @@ handle_temp_session(lanserv_data_t *lan, msg_t *msg) - } - - auth = msg->data[0] & 0xf; -+ if (auth >= MAX_IPMI_AUTHS) { -+ lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg, -+ "Activate session failed: Invalid auth: 0x%x", auth); -+ return; -+ } -+ - user = &(lan->users[user_idx]); - if (! (user->valid)) { - lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg, -@@ -3034,6 +3040,11 @@ ipmi_handle_lan_msg(lanserv_data_t *lan, - } - - msg.authtype = data[4]; -+ if (msg.authtype >= MAX_IPMI_AUTHS) { -+ lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg, -+ "LAN msg failure: Invalid authtype"); -+ return; -+ } - msg.data = data+5; - msg.len = len - 5; - msg.channel = lan->channel.channel_num; --- -2.43.0 - diff --git a/backport-0002-CVE-2024-42934.patch b/backport-0002-CVE-2024-42934.patch deleted file mode 100644 index 3a43e58a2a8f6f507071262c0b94f30d7bdf4a31..0000000000000000000000000000000000000000 --- a/backport-0002-CVE-2024-42934.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 663e3cd3b6d1d9fc82267c7d7474320cb67e03a4 Mon Sep 17 00:00:00 2001 -From: Corey Minyard -Date: Sun, 2 Jun 2024 14:11:16 -0500 -Subject: [PATCH] lanserv: Fix an issue logging an error on a message - -A message structure was passed to the log, but it was not sufficiently -initialized and the logging program crashed. Rework the initialization -to make the message data ready and legal for the logging calls. - -Found-by: Fabio Massimo Di Nitto -Signed-off-by: Corey Minyard - -Reference:https://sourceforge.net/p/openipmi/code/ci/663e3cd3b6d1d9fc82267c7d7474320cb67e03a4/ -Conflict:NA - ---- - lanserv/lanserv_ipmi.c | 20 ++++++++++++++++---- - 1 file changed, 16 insertions(+), 4 deletions(-) - -diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c -index 0ee6451..1ef5710 100644 ---- a/lanserv/lanserv_ipmi.c -+++ b/lanserv/lanserv_ipmi.c -@@ -3022,17 +3022,33 @@ ipmi_handle_lan_msg(lanserv_data_t *lan, - { - msg_t msg; - -+ memset(&msg, 0, sizeof(msg)); -+ - msg.src_addr = from_addr; - msg.src_len = from_len; - - msg.oem_data = 0; - -+ msg.channel = lan->channel.channel_num; -+ msg.orig_channel = &lan->channel; -+ -+ /* -+ * Initialize the data so the log won't crash if it gets called, and -+ * so the log might have useful info. -+ */ -+ msg.data = data; -+ msg.len = len; -+ - if (len < 5) { - lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg, - "LAN msg failure: message too short"); - return; - } - -+ /* Length is at least marginally correct, skip the first part now. */ -+ msg.data = data + 5; -+ msg.len = len - 5; -+ - if (data[2] != 0xff) { - lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg, - "LAN msg failure: seq not ff"); -@@ -3045,10 +3061,6 @@ ipmi_handle_lan_msg(lanserv_data_t *lan, - "LAN msg failure: Invalid authtype"); - return; - } -- msg.data = data+5; -- msg.len = len - 5; -- msg.channel = lan->channel.channel_num; -- msg.orig_channel = &lan->channel; - - if (msg.authtype == IPMI_AUTHTYPE_RMCP_PLUS) { - ipmi_handle_rmcpp_msg(lan, &msg); --- -2.43.0 - diff --git a/backport-0003-CVE-2024-42934.patch b/backport-0003-CVE-2024-42934.patch deleted file mode 100644 index 8c512e6665226498ae4cbb605acb67ff70c3c4aa..0000000000000000000000000000000000000000 --- a/backport-0003-CVE-2024-42934.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 4c129d0540f3578ecc078d8612bbf84b6cd24c87 Mon Sep 17 00:00:00 2001 -From: Corey Minyard -Date: Thu, 1 Aug 2024 10:56:06 -0500 -Subject: [PATCH] lanserv: Fix an issue with authorization range checking - -A recent change added a range check on authorization type, but it didn't -take into account the RMCP authorization type that's special. Add a -check for that. - -Fixes: b52e8e2538b2b48ef6b6 "lanserv: Check some bounds on incoming messages" - -Signed-off-by: Corey Minyard - -Reference:https://sourceforge.net/p/openipmi/code/ci/4c129d0540f3578ecc078d8612bbf84b6cd24c87/ -Conflict:NA - ---- - lanserv/lanserv_ipmi.c | 11 ++++------- - 1 file changed, 4 insertions(+), 7 deletions(-) - -diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c -index 1ef5710..5de396e 100644 ---- a/lanserv/lanserv_ipmi.c -+++ b/lanserv/lanserv_ipmi.c -@@ -3056,18 +3056,15 @@ ipmi_handle_lan_msg(lanserv_data_t *lan, - } - - msg.authtype = data[4]; -- if (msg.authtype >= MAX_IPMI_AUTHS) { -- lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg, -- "LAN msg failure: Invalid authtype"); -- return; -- } -- - if (msg.authtype == IPMI_AUTHTYPE_RMCP_PLUS) { - ipmi_handle_rmcpp_msg(lan, &msg); -+ } else if (msg.authtype >= MAX_IPMI_AUTHS) { -+ lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg, -+ "LAN msg failure: Invalid authtype: %d", data[4]); -+ return; - } else { - ipmi_handle_rmcp_msg(lan, &msg); - } -- - } - - static void --- -2.43.0 -