New version (0:1.8.17-1)
- CVE-2011-4339 OpenIPMI
This commit is contained in:
Boris Ranto
parent
10c4114768
commit
39b15aa909
1
.gitignore
vendored
1
.gitignore
vendored
@ -8,3 +8,4 @@ ipmitool-1.8.11.tar.bz2
|
||||
/ipmitool-1.8.13.tar.bz2
|
||||
/ipmitool-1.8.15.tar.bz2
|
||||
/ipmitool-1.8.16.tar.bz2
|
||||
/ipmitool-1.8.17.tar.bz2
|
||||
|
||||
25
0001-CVE-2011-4339-OpenIPMI.patch
Normal file
25
0001-CVE-2011-4339-OpenIPMI.patch
Normal file
@ -0,0 +1,25 @@
|
||||
From 25d443a25e3c1254e531a9cf1b3ceb39bb1674ca Mon Sep 17 00:00:00 2001
|
||||
From: Boris Ranto <branto@redhat.com>
|
||||
Date: Tue, 10 May 2016 19:12:08 +0200
|
||||
Subject: [PATCH] CVE-2011-4339 OpenIPMI
|
||||
|
||||
IPMI event daemon creates PID file with world writeable permissions
|
||||
---
|
||||
lib/helper.c | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/lib/helper.c b/lib/helper.c
|
||||
index 022a9c9..e570759 100644
|
||||
--- a/lib/helper.c
|
||||
+++ b/lib/helper.c
|
||||
@@ -664,7 +664,6 @@ ipmi_start_daemon(struct ipmi_intf *intf)
|
||||
#endif
|
||||
|
||||
chdir("/");
|
||||
- umask(0);
|
||||
|
||||
for (fd=0; fd<64; fd++) {
|
||||
if (fd != intf->fd)
|
||||
--
|
||||
2.5.5
|
||||
|
||||
@ -1,39 +0,0 @@
|
||||
532188 - ipmievd init script's condrestart doesn't work
|
||||
|
||||
Author: Ville Skyttä (ville.skytta@iki.fi)
|
||||
Sent upstream as https://sourceforge.net/tracker/?func=detail&aid=2889888&group_id=95200&atid=610552
|
||||
|
||||
Index: contrib/ipmievd.init.redhat
|
||||
===================================================================
|
||||
RCS file: /cvsroot/ipmitool/ipmitool/contrib/ipmievd.init.redhat,v
|
||||
retrieving revision 1.1
|
||||
diff -u -r1.1 ipmievd.init.redhat
|
||||
--- contrib/ipmievd.init.redhat 19 Mar 2006 23:05:48 -0000 1.1
|
||||
+++ contrib/ipmievd.init.redhat 31 Oct 2009 08:50:07 -0000
|
||||
@@ -62,6 +62,11 @@
|
||||
return $ret
|
||||
}
|
||||
|
||||
+restart() {
|
||||
+ stop
|
||||
+ start
|
||||
+}
|
||||
+
|
||||
case "$1" in
|
||||
start)
|
||||
start
|
||||
@@ -72,11 +77,10 @@
|
||||
status)
|
||||
status $IPMIEVD_BIN
|
||||
;;
|
||||
- restart|reload)
|
||||
- stop
|
||||
- start
|
||||
+ restart|reload|force-reload)
|
||||
+ restart
|
||||
;;
|
||||
- condrestart)
|
||||
+ try-restart|condrestart)
|
||||
[ -f /var/lock/subsys/ipmievd ] && restart || :
|
||||
;;
|
||||
*)
|
||||
@ -1,32 +0,0 @@
|
||||
diff -up ipmitool-1.8.10/contrib/ipmievd.init.redhat.ipmievd-init ipmitool-1.8.10/contrib/ipmievd.init.redhat
|
||||
--- ipmitool-1.8.10/contrib/ipmievd.init.redhat.ipmievd-init 2006-03-20 00:05:48.000000000 +0100
|
||||
+++ ipmitool-1.8.10/contrib/ipmievd.init.redhat 2008-10-14 13:46:35.000000000 +0200
|
||||
@@ -5,7 +5,7 @@
|
||||
# Based on example sysvinitfiles script
|
||||
# Copyright (c) 2000 Red Hat Software, Inc.
|
||||
#
|
||||
-# chkconfig: 345 99 00
|
||||
+# chkconfig: - 99 00
|
||||
# description: ipmievd daemon to send events to syslog
|
||||
# processname: ipmievd
|
||||
# config: /etc/sysconfig/ipmievd
|
||||
@@ -16,8 +16,8 @@
|
||||
# Should-Start: $time
|
||||
# Required-Stop: $syslog ipmi
|
||||
# Should-Stop: $time
|
||||
-# Default-Start: 3 4 5
|
||||
-# Default-Stop: 0 1 2 6
|
||||
+# Default-Start:
|
||||
+# Default-Stop:
|
||||
# Short-Description: ipmievd daemon to send events to syslog
|
||||
# Description: Start ipmievd to read events from BMC and
|
||||
# log them to syslog. Events correspond to hardware faults,
|
||||
@@ -85,7 +85,7 @@ case "$1" in
|
||||
;;
|
||||
*)
|
||||
echo "Usage: ipmievd {start|stop|status|reload|restart|condrestart}"
|
||||
- exit 1
|
||||
+ exit 2
|
||||
;;
|
||||
esac
|
||||
exit $?
|
||||
@ -1,13 +0,0 @@
|
||||
CVE-2011-4339 OpenIPMI: IPMI event daemon creates PID file with world writeable permissions
|
||||
|
||||
diff -up ipmitool-1.8.11/lib/helper.c.original ipmitool-1.8.11/lib/helper.c
|
||||
--- ipmitool-1.8.11/lib/helper.c.original 2011-10-03 13:00:54.000000000 +0900
|
||||
+++ ipmitool-1.8.11/lib/helper.c 2011-10-03 13:01:01.000000000 +0900
|
||||
@@ -427,7 +427,6 @@ ipmi_start_daemon(struct ipmi_intf *intf
|
||||
#endif
|
||||
|
||||
chdir("/");
|
||||
- umask(0);
|
||||
|
||||
for (fd=0; fd<64; fd++) {
|
||||
if (fd != intf->fd)
|
||||
@ -1,6 +1,6 @@
|
||||
Name: ipmitool
|
||||
Summary: Utility for IPMI control
|
||||
Version: 1.8.16
|
||||
Version: 1.8.17
|
||||
Release: 1%{?dist}
|
||||
License: BSD
|
||||
Group: System Environment/Base
|
||||
@ -12,6 +12,7 @@ Source3: exchange-bmc-os-info.service
|
||||
Source4: exchange-bmc-os-info.sysconf
|
||||
Source5: set-bmc-url.sh
|
||||
Source6: exchange-bmc-os-info
|
||||
Patch1: 0001-CVE-2011-4339-OpenIPMI.patch
|
||||
|
||||
BuildRequires: openssl-devel readline-devel ncurses-devel
|
||||
BuildRequires: systemd-units
|
||||
@ -20,9 +21,6 @@ BuildRequires: automake autoconf libtool
|
||||
Obsoletes: OpenIPMI-tools < 2.0.14-3
|
||||
Provides: OpenIPMI-tools = 2.0.14-3
|
||||
|
||||
Patch1: ipmitool-1.8.10-ipmievd-init.patch
|
||||
Patch2: ipmitool-1.8.10-ipmievd-condrestart.patch
|
||||
Patch3: ipmitool-1.8.11-remove-umask0.patch
|
||||
|
||||
%description
|
||||
This package contains a utility for interfacing with devices that support
|
||||
@ -82,9 +80,7 @@ for the host OS to use.
|
||||
%prep
|
||||
|
||||
%setup -q
|
||||
%patch1 -p1 -b .ipmievd-init
|
||||
%patch2 -p0 -b .condrestart
|
||||
%patch3 -p1 -b .umask
|
||||
%patch1 -p1
|
||||
|
||||
for f in AUTHORS ChangeLog; do
|
||||
iconv -f iso-8859-1 -t utf8 < ${f} > ${f}.utf8
|
||||
@ -179,6 +175,10 @@ install -Dm 755 contrib/bmc-snmp-proxy %{buildroot}%{_libexecdir}/bmc-sn
|
||||
%{_libexecdir}/bmc-snmp-proxy
|
||||
|
||||
%changelog
|
||||
* Tue May 10 2016 Boris Ranto <branto@redhat.com> - 0:1.8.17-1
|
||||
- New version (0:1.8.17-1)
|
||||
- CVE-2011-4339 OpenIPMI
|
||||
|
||||
* Tue Feb 23 2016 Boris Ranto <branto@redhat.com> - 1.8.16-1
|
||||
- Rebase to version 1.8.16
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user