packages/OpenIPMI
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:4eae316bf64d3b8841b694b2c479694b41e49b8a
Branches Tags
packages:main
...
compare: packages:6e401fcd53da9ceb57f133305a8f00de6bfef423
Branches Tags
packages:main

10 Commits
4eae316bf6 ... 6e401fcd53

Author SHA1 Message Date
openeuler-ci-bot
6e401fcd53
!39 fix CVE-2024-42934 
From: @yangl777 
Reviewed-by: @robertxw 
Signed-off-by: @robertxw
 2024-10-14 10:59:22 +00:00
yangl777
1283a3cb97 fix CVE-2024-42934 2024-10-11 12:08:08 +00:00
openeuler-ci-bot
4c6abb0fb9
!31 update OpenIPMI version to 2.0.34 
From: @yangl777 
Reviewed-by: @robertxw 
Signed-off-by: @robertxw
 2024-01-10 10:54:11 +00:00
yangl777
3b6b11bc62 update OpenIPMI version to 2.0.34 2024-01-05 09:19:18 +00:00
openeuler-ci-bot
80b311bb33
!25 enabled DT testcases 
From: @yangl777 
Reviewed-by: @sunsuwan 
Signed-off-by: @sunsuwan
 2023-10-10 01:38:07 +00:00
yangl777
96619b07f6 enable test 2023-09-28 11:15:13 +08:00
openeuler-ci-bot
d73c5091e2
!18 fix coredump when use ipmi_ui 
From: @yangl777 
Reviewed-by: @zengwefeng 
Signed-off-by: @zengwefeng
 2023-04-03 01:45:07 +00:00
yangl777
fdbe624cca fix coredump when use ipmi_ui 2023-04-01 08:06:47 +00:00
openeuler-ci-bot
6da25671bb
!17 update OpenIPMI version to 2.0.33 
From: @yangl777 
Reviewed-by: @seuzw 
Signed-off-by: @seuzw
 2023-01-31 11:50:08 +00:00
yangl777
a7884cf865 update OpenIPMI version to 2.0.33 2023-01-31 06:29:54 +00:00
8 changed files with 207 additions and 255 deletions
Show Stats Expand all files Collapse all files

BIN
OpenIPMI-2.0.32.tar.gz
View File

Binary file not shown.

BIN
OpenIPMI-2.0.34.tar.gz Normal file
View File

Binary file not shown.

44
OpenIPMI.spec
View File

@ -1,5 +1,5 @@
Name: OpenIPMI
Version: 2.0.32
Version: 2.0.34
Release: 2
Summary: IPMI (Intelligent Platform Management Interface) library and tools
License: LGPLv2+ and GPLv2+ or BSD
@ -10,10 +10,11 @@ Source2: ipmi.service
Source3: openipmi-helper
Patch0: 0001-man.patch
Patch1: backport-OpenIPMI-ax-python.patch
Patch2: backport-OpenIPMI-sysconfig.patch
Patch1: backport-0001-CVE-2024-42934.patch
Patch2: backport-0002-CVE-2024-42934.patch
Patch3: backport-0003-CVE-2024-42934.patch
BuildRequires: gdbm-devel swig glib2-devel net-snmp-devel ncurses-devel
BuildRequires: make gdbm-devel swig glib2-devel net-snmp-devel ncurses-devel
BuildRequires: openssl-devel python3-devel perl-devel perl-generators
BuildRequires: pkgconfig libedit-devel automake autoconf libtool readline-devel
%{?systemd_requires}
@ -93,6 +94,11 @@ echo ".so man1/openipmish.1" > %{buildroot}%{_mandir}/man1/ipmish.1
%delete_la
%check
sed -i 's#-lgdbm#-lgdbm -Wl,--rpath=\\$progdir:\\$progdir/../../utils/.libs#g' unix/test_handlers
sed -i 's#-lpthread#-lpthread -Wl,--rpath=\\$progdir:\\$progdir/../../utils/.libs:\\$progdir/../../unix/.libs#g' lanserv/ipmi_sim
make check
%post
%systemd_post ipmi.service
@ -143,6 +149,36 @@ echo ".so man1/openipmish.1" > %{buildroot}%{_mandir}/man1/ipmish.1
%exclude %{_mandir}/man1/openipmigui.1
%changelog
* Fri Oct 11 2024 yanglu <yanglu72@h-partners.com> - 2.0.34-2
- Type:CVE
- CVE:CVE-2024-42934
- SUG:NA
- DESC:fix CVE-2024-42934
* Fri Jan 05 2024 yanglu <yanglu72@h-partners.com> - 2.0.34-1
- Type:requirement
- CVE:NA
- SUG:NA
- DESC:update OpenIPMI version to 2.0.34
* Tue Sep 26 2023 yanglu <yanglu72@h-partners.com> - 2.0.33-3
- Type:enhancement
- CVE:NA
- SUG:NA
- DESC:enable test
* Sat Apr 01 2023 yanglu <yanglu72@h-partners.com> - 2.0.33-2
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:fix coredump when use ipmi_ui
* Tue Jan 31 2023 yanglu <yanglu72@h-partners.com> - 2.0.33-1
- Type:requirement
- CVE:NA
- SUG:NA
- DESC:update OpenIPMI version to 2.0.33
* Fri Nov 04 2022 yanglu <yanglu72@h-partners.com> - 2.0.32-2
- Type:bugfix
- CVE:

46
backport-0001-CVE-2024-42934.patch Normal file
View File

@ -0,0 +1,46 @@
From b52e8e2538b2b48ef6b63bff12b5cc9e2d52eff1 Mon Sep 17 00:00:00 2001
From: Corey Minyard <minyard@acm.org>
Date: Mon, 29 Apr 2024 12:46:23 -0500
Subject: [PATCH] lanserv: Check some bounds on incoming messages
Signed-off-by: Corey Minyard <minyard@acm.org>
Reference:https://sourceforge.net/p/openipmi/code/ci/b52e8e2538b2b48ef6b63bff12b5cc9e2d52eff1/
Conflict:NA
---
lanserv/lanserv_ipmi.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c
index ccd6001..0ee6451 100644
--- a/lanserv/lanserv_ipmi.c
+++ b/lanserv/lanserv_ipmi.c
@@ -882,6 +882,12 @@ handle_temp_session(lanserv_data_t *lan, msg_t *msg)
}
auth = msg->data[0] & 0xf;
+ if (auth >= MAX_IPMI_AUTHS) {
+ lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg,
+ "Activate session failed: Invalid auth: 0x%x", auth);
+ return;
+ }
+
user = &(lan->users[user_idx]);
if (! (user->valid)) {
lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg,
@@ -3034,6 +3040,11 @@ ipmi_handle_lan_msg(lanserv_data_t *lan,
}
msg.authtype = data[4];
+ if (msg.authtype >= MAX_IPMI_AUTHS) {
+ lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg,
+ "LAN msg failure: Invalid authtype");
+ return;
+ }
msg.data = data+5;
msg.len = len - 5;
msg.channel = lan->channel.channel_num;
--
2.43.0

71
backport-0002-CVE-2024-42934.patch Normal file
View File

@ -0,0 +1,71 @@
From 663e3cd3b6d1d9fc82267c7d7474320cb67e03a4 Mon Sep 17 00:00:00 2001
From: Corey Minyard <minyard@acm.org>
Date: Sun, 2 Jun 2024 14:11:16 -0500
Subject: [PATCH] lanserv: Fix an issue logging an error on a message
A message structure was passed to the log, but it was not sufficiently
initialized and the logging program crashed. Rework the initialization
to make the message data ready and legal for the logging calls.
Found-by: Fabio Massimo Di Nitto
Signed-off-by: Corey Minyard <minyard@acm.org>
Reference:https://sourceforge.net/p/openipmi/code/ci/663e3cd3b6d1d9fc82267c7d7474320cb67e03a4/
Conflict:NA
---
lanserv/lanserv_ipmi.c | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c
index 0ee6451..1ef5710 100644
--- a/lanserv/lanserv_ipmi.c
+++ b/lanserv/lanserv_ipmi.c
@@ -3022,17 +3022,33 @@ ipmi_handle_lan_msg(lanserv_data_t *lan,
{
msg_t msg;
+ memset(&msg, 0, sizeof(msg));
+
msg.src_addr = from_addr;
msg.src_len = from_len;
msg.oem_data = 0;
+ msg.channel = lan->channel.channel_num;
+ msg.orig_channel = &lan->channel;
+
+ /*
+ * Initialize the data so the log won't crash if it gets called, and
+ * so the log might have useful info.
+ */
+ msg.data = data;
+ msg.len = len;
+
if (len < 5) {
lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg,
"LAN msg failure: message too short");
return;
}
+ /* Length is at least marginally correct, skip the first part now. */
+ msg.data = data + 5;
+ msg.len = len - 5;
+
if (data[2] != 0xff) {
lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg,
"LAN msg failure: seq not ff");
@@ -3045,10 +3061,6 @@ ipmi_handle_lan_msg(lanserv_data_t *lan,
"LAN msg failure: Invalid authtype");
return;
}
- msg.data = data+5;
- msg.len = len - 5;
- msg.channel = lan->channel.channel_num;
- msg.orig_channel = &lan->channel;
if (msg.authtype == IPMI_AUTHTYPE_RMCP_PLUS) {
ipmi_handle_rmcpp_msg(lan, &msg);
--
2.43.0

50
backport-0003-CVE-2024-42934.patch Normal file
View File

@ -0,0 +1,50 @@
From 4c129d0540f3578ecc078d8612bbf84b6cd24c87 Mon Sep 17 00:00:00 2001
From: Corey Minyard <corey@minyard.net>
Date: Thu, 1 Aug 2024 10:56:06 -0500
Subject: [PATCH] lanserv: Fix an issue with authorization range checking
A recent change added a range check on authorization type, but it didn't
take into account the RMCP authorization type that's special. Add a
check for that.
Fixes: b52e8e2538b2b48ef6b6 "lanserv: Check some bounds on incoming messages"
Signed-off-by: Corey Minyard <corey@minyard.net>
Reference:https://sourceforge.net/p/openipmi/code/ci/4c129d0540f3578ecc078d8612bbf84b6cd24c87/
Conflict:NA
---
lanserv/lanserv_ipmi.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c
index 1ef5710..5de396e 100644
--- a/lanserv/lanserv_ipmi.c
+++ b/lanserv/lanserv_ipmi.c
@@ -3056,18 +3056,15 @@ ipmi_handle_lan_msg(lanserv_data_t *lan,
}
msg.authtype = data[4];
- if (msg.authtype >= MAX_IPMI_AUTHS) {
- lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg,
- "LAN msg failure: Invalid authtype");
- return;
- }
-
if (msg.authtype == IPMI_AUTHTYPE_RMCP_PLUS) {
ipmi_handle_rmcpp_msg(lan, &msg);
+ } else if (msg.authtype >= MAX_IPMI_AUTHS) {
+ lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg,
+ "LAN msg failure: Invalid authtype: %d", data[4]);
+ return;
} else {
ipmi_handle_rmcp_msg(lan, &msg);
}
-
}
static void
--
2.43.0

12
backport-OpenIPMI-ax-python.patch
View File

@ -1,12 +0,0 @@
diff -urNp a/m4/ax_python_devel.m4 b/m4/ax_python_devel.m4
--- a/m4/ax_python_devel.m4 2021-08-02 13:15:04.122972905 +0200
+++ b/m4/ax_python_devel.m4 2021-08-02 13:16:17.407749535 +0200
@@ -143,7 +143,7 @@ variable to configure. See ``configure -
#
AC_MSG_CHECKING([for the distutils Python package])
ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`
- if test -z "$ac_distutils_result"; then
+ if test $? -eq 0; then
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])

239
backport-OpenIPMI-sysconfig.patch
View File

@ -1,239 +0,0 @@
diff -urNp a/configure b/configure
--- a/configure 2021-08-02 13:38:21.012807239 +0200
+++ b/configure 2021-08-02 14:32:29.884167376 +0200
@@ -13535,20 +13535,20 @@ variable to configure. See \`\`configure
fi
#
- # Check if you have distutils, else fail
+ # Check if you have sysconfig, else fail
#
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the distutils Python package" >&5
-$as_echo_n "checking for the distutils Python package... " >&6; }
- ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`
- if test -z "$ac_distutils_result"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the sysconfig Python package" >&5
+$as_echo_n "checking for the sysconfig Python package... " >&6; }
+ ac_sysconfig_result=`$PYTHON -c "import sysconfig" 2>&1`
+ if test -z "$ac_sysconfig_result"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
- as_fn_error $? "cannot import Python module \"distutils\".
+ as_fn_error $? "cannot import Python module \"sysconfig\".
Please check your Python installation. The error was:
-$ac_distutils_result" "$LINENO" 5
+$ac_sysconfig_result" "$LINENO" 5
PYTHON_VERSION=""
fi
@@ -13558,10 +13558,10 @@ $ac_distutils_result" "$LINENO" 5
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for Python include path" >&5
$as_echo_n "checking for Python include path... " >&6; }
if test -z "$PYTHON_CPPFLAGS"; then
- python_path=`$PYTHON -c "import distutils.sysconfig; \
- print (distutils.sysconfig.get_python_inc ());"`
- plat_python_path=`$PYTHON -c "import distutils.sysconfig; \
- print (distutils.sysconfig.get_python_inc (plat_specific=1));"`
+ python_path=`$PYTHON -c "import sysconfig; \
+ print (sysconfig.get_path('include'));"`
+ plat_python_path=`$PYTHON -c "import sysconfig; \
+ print (sysconfig.get_path('include'));"`
if test -n "${python_path}"; then
if test "${plat_python_path}" != "${python_path}"; then
python_path="-I$python_path -I$plat_python_path"
@@ -13587,7 +13587,7 @@ $as_echo_n "checking for Python library
# join all versioning strings, on some systems
# major/minor numbers could be in different list elements
-from distutils.sysconfig import *
+from sysconfig import *
e = get_config_var('VERSION')
if e is not None:
print(e)
@@ -13613,8 +13613,8 @@ _ACEOF
ac_python_libdir=`cat<<EOD | $PYTHON -
# There should be only one
-import distutils.sysconfig
-e = distutils.sysconfig.get_config_var('LIBDIR')
+import sysconfig
+e = sysconfig.get_config_var('LIBDIR')
if e is not None:
print (e)
EOD`
@@ -13622,8 +13622,8 @@ EOD`
# Now, for the library:
ac_python_library=`cat<<EOD | $PYTHON -
-import distutils.sysconfig
-c = distutils.sysconfig.get_config_vars()
+import sysconfig
+c = sysconfig.get_config_vars()
if 'LDVERSION' in c:
print ('python'+c['LDVERSION'])
else:
@@ -13642,9 +13642,9 @@ EOD`
else
# old way: use libpython from python_configdir
ac_python_libdir=`$PYTHON -c \
- "from distutils.sysconfig import get_python_lib as f; \
+ "from sysconfig import get_path as f; \
import os; \
- print (os.path.join(f(plat_specific=1, standard_lib=1), 'config'));"`
+ print (os.path.join(f('platstdlib'), 'config'));"`
PYTHON_LIBS="-L$ac_python_libdir -lpython$ac_python_version"
fi
@@ -13665,8 +13665,8 @@ $as_echo "$PYTHON_LIBS" >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for Python site-packages path" >&5
$as_echo_n "checking for Python site-packages path... " >&6; }
if test -z "$PYTHON_SITE_PKG"; then
- PYTHON_SITE_PKG=`$PYTHON -c "import distutils.sysconfig; \
- print (distutils.sysconfig.get_python_lib(0,0));"`
+ PYTHON_SITE_PKG=`$PYTHON -c "import sysconfig; \
+ print (sysconfig.get_path('platlib'));"`
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_SITE_PKG" >&5
$as_echo "$PYTHON_SITE_PKG" >&6; }
@@ -13678,8 +13678,8 @@ $as_echo "$PYTHON_SITE_PKG" >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking python extra libraries" >&5
$as_echo_n "checking python extra libraries... " >&6; }
if test -z "$PYTHON_EXTRA_LDFLAGS"; then
- PYTHON_EXTRA_LDFLAGS=`$PYTHON -c "import distutils.sysconfig; \
- conf = distutils.sysconfig.get_config_var; \
+ PYTHON_EXTRA_LDFLAGS=`$PYTHON -c "import sysconfig; \
+ conf = sysconfig.get_config_var; \
print (conf('LIBS') + ' ' + conf('SYSLIBS'))"`
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_EXTRA_LDFLAGS" >&5
@@ -13692,8 +13692,8 @@ $as_echo "$PYTHON_EXTRA_LDFLAGS" >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking python extra linking flags" >&5
$as_echo_n "checking python extra linking flags... " >&6; }
if test -z "$PYTHON_EXTRA_LIBS"; then
- PYTHON_EXTRA_LIBS=`$PYTHON -c "import distutils.sysconfig; \
- conf = distutils.sysconfig.get_config_var; \
+ PYTHON_EXTRA_LIBS=`$PYTHON -c "import sysconfig; \
+ conf = sysconfig.get_config_var; \
print (conf('LINKFORSHARED'))"`
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_EXTRA_LIBS" >&5
diff -urNp a/m4/ax_python_devel.m4 b/m4/ax_python_devel.m4
--- a/m4/ax_python_devel.m4 2021-08-02 13:38:21.025807373 +0200
+++ b/m4/ax_python_devel.m4 2021-08-02 14:36:33.262720424 +0200
@@ -139,17 +139,17 @@ variable to configure. See ``configure -
fi
#
- # Check if you have distutils, else fail
+ # Check if you have sysconfig, else fail
#
- AC_MSG_CHECKING([for the distutils Python package])
- ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`
+ AC_MSG_CHECKING([for the sysconfig Python package])
+ ac_sysconfig_result=`$PYTHON -c "import sysconfig" 2>&1`
if test $? -eq 0; then
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])
- AC_MSG_ERROR([cannot import Python module "distutils".
+ AC_MSG_ERROR([cannot import Python module "sysconfig".
Please check your Python installation. The error was:
-$ac_distutils_result])
+$ac_sysconfig_result])
PYTHON_VERSION=""
fi
@@ -158,10 +158,10 @@ $ac_distutils_result])
#
AC_MSG_CHECKING([for Python include path])
if test -z "$PYTHON_CPPFLAGS"; then
- python_path=`$PYTHON -c "import distutils.sysconfig; \
- print (distutils.sysconfig.get_python_inc ());"`
- plat_python_path=`$PYTHON -c "import distutils.sysconfig; \
- print (distutils.sysconfig.get_python_inc (plat_specific=1));"`
+ python_path=`$PYTHON -c "import sysconfig; \
+ print (sysconfig.get_path('include'));"`
+ plat_python_path=`$PYTHON -c "import sysconfig; \
+ print (sysconfig.get_path('include'));"`
if test -n "${python_path}"; then
if test "${plat_python_path}" != "${python_path}"; then
python_path="-I$python_path -I$plat_python_path"
@@ -185,7 +185,7 @@ $ac_distutils_result])
# join all versioning strings, on some systems
# major/minor numbers could be in different list elements
-from distutils.sysconfig import *
+from sysconfig import *
e = get_config_var('VERSION')
if e is not None:
print(e)
@@ -208,8 +208,8 @@ EOD`
ac_python_libdir=`cat<<EOD | $PYTHON -
# There should be only one
-import distutils.sysconfig
-e = distutils.sysconfig.get_config_var('LIBDIR')
+import sysconfig
+e = sysconfig.get_config_var('LIBDIR')
if e is not None:
print (e)
EOD`
@@ -217,8 +217,8 @@ EOD`
# Now, for the library:
ac_python_library=`cat<<EOD | $PYTHON -
-import distutils.sysconfig
-c = distutils.sysconfig.get_config_vars()
+import sysconfig
+c = sysconfig.get_config_vars()
if 'LDVERSION' in c:
print ('python'+c[['LDVERSION']])
else:
@@ -237,9 +237,9 @@ EOD`
else
# old way: use libpython from python_configdir
ac_python_libdir=`$PYTHON -c \
- "from distutils.sysconfig import get_python_lib as f; \
+ "from sysconfig import get_path as f; \
import os; \
- print (os.path.join(f(plat_specific=1, standard_lib=1), 'config'));"`
+ print (os.path.join(f('platstdlib'), 'config'));"`
PYTHON_LIBS="-L$ac_python_libdir -lpython$ac_python_version"
fi
@@ -258,8 +258,8 @@ EOD`
#
AC_MSG_CHECKING([for Python site-packages path])
if test -z "$PYTHON_SITE_PKG"; then
- PYTHON_SITE_PKG=`$PYTHON -c "import distutils.sysconfig; \
- print (distutils.sysconfig.get_python_lib(0,0));"`
+ PYTHON_SITE_PKG=`$PYTHON -c "import sysconfig; \
+ print (sysconfig.get_path('platlib'));"`
fi
AC_MSG_RESULT([$PYTHON_SITE_PKG])
AC_SUBST([PYTHON_SITE_PKG])
@@ -269,8 +269,8 @@ EOD`
#
AC_MSG_CHECKING(python extra libraries)
if test -z "$PYTHON_EXTRA_LDFLAGS"; then
- PYTHON_EXTRA_LDFLAGS=`$PYTHON -c "import distutils.sysconfig; \
- conf = distutils.sysconfig.get_config_var; \
+ PYTHON_EXTRA_LDFLAGS=`$PYTHON -c "import sysconfig; \
+ conf = sysconfig.get_config_var; \
print (conf('LIBS') + ' ' + conf('SYSLIBS'))"`
fi
AC_MSG_RESULT([$PYTHON_EXTRA_LDFLAGS])
@@ -281,8 +281,8 @@ EOD`
#
AC_MSG_CHECKING(python extra linking flags)
if test -z "$PYTHON_EXTRA_LIBS"; then
- PYTHON_EXTRA_LIBS=`$PYTHON -c "import distutils.sysconfig; \
- conf = distutils.sysconfig.get_config_var; \
+ PYTHON_EXTRA_LIBS=`$PYTHON -c "import sysconfig; \
+ conf = sysconfig.get_config_var; \
print (conf('LINKFORSHARED'))"`
fi
AC_MSG_RESULT([$PYTHON_EXTRA_LIBS])