New version (0:1.8.17-1)

- CVE-2011-4339 OpenIPMI

.gitignore

@@ -8,3 +8,4 @@ ipmitool-1.8.11.tar.bz2
 /ipmitool-1.8.13.tar.bz2
 /ipmitool-1.8.15.tar.bz2
 /ipmitool-1.8.16.tar.bz2
+/ipmitool-1.8.17.tar.bz2

0001-CVE-2011-4339-OpenIPMI.patch

@@ -0,0 +1,25 @@
+From 25d443a25e3c1254e531a9cf1b3ceb39bb1674ca Mon Sep 17 00:00:00 2001
+From: Boris Ranto <branto@redhat.com>
+Date: Tue, 10 May 2016 19:12:08 +0200
+Subject: [PATCH] CVE-2011-4339 OpenIPMI
+
+IPMI event daemon creates PID file with world writeable permissions
+---
+ lib/helper.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/lib/helper.c b/lib/helper.c
+index 022a9c9..e570759 100644
+--- a/lib/helper.c
++++ b/lib/helper.c
+@@ -664,7 +664,6 @@ ipmi_start_daemon(struct ipmi_intf *intf)
+ #endif
+ 
+ 	chdir("/");
+-	umask(0);
+ 
+ 	for (fd=0; fd<64; fd++) {
+ 		if (fd != intf->fd)
+-- 
+2.5.5
+

ipmitool-1.8.10-ipmievd-condrestart.patch

@@ -1,39 +0,0 @@
-532188 -  ipmievd init script's condrestart doesn't work
-
-Author: Ville Skyttä (ville.skytta@iki.fi)
-Sent upstream as https://sourceforge.net/tracker/?func=detail&aid=2889888&group_id=95200&atid=610552
-
-Index: contrib/ipmievd.init.redhat
-===================================================================
-RCS file: /cvsroot/ipmitool/ipmitool/contrib/ipmievd.init.redhat,v
-retrieving revision 1.1
-diff -u -r1.1 ipmievd.init.redhat
---- contrib/ipmievd.init.redhat	19 Mar 2006 23:05:48 -0000	1.1
-+++ contrib/ipmievd.init.redhat	31 Oct 2009 08:50:07 -0000
-@@ -62,6 +62,11 @@
- 	return $ret
- }
- 
-+restart() {
-+	stop
-+	start
-+}
-+
- case "$1" in
-     start)
- 	start
-@@ -72,11 +77,10 @@
-     status)
- 	status $IPMIEVD_BIN
- 	;;
--    restart|reload)
--    	stop
--	start
-+    restart|reload|force-reload)
-+	restart
- 	;;
--    condrestart)
-+    try-restart|condrestart)
- 	[ -f /var/lock/subsys/ipmievd ] && restart || :
- 	;;
-     *)

ipmitool-1.8.10-ipmievd-init.patch

@@ -1,32 +0,0 @@
-diff -up ipmitool-1.8.10/contrib/ipmievd.init.redhat.ipmievd-init ipmitool-1.8.10/contrib/ipmievd.init.redhat
---- ipmitool-1.8.10/contrib/ipmievd.init.redhat.ipmievd-init	2006-03-20 00:05:48.000000000 +0100
-+++ ipmitool-1.8.10/contrib/ipmievd.init.redhat	2008-10-14 13:46:35.000000000 +0200
-@@ -5,7 +5,7 @@
- #       Based on example sysvinitfiles script
- #       Copyright (c) 2000 Red Hat Software, Inc.
- #
--# chkconfig: 345 99 00
-+# chkconfig: - 99 00
- # description: ipmievd daemon to send events to syslog
- # processname: ipmievd
- # config:      /etc/sysconfig/ipmievd
-@@ -16,8 +16,8 @@
- # Should-Start: $time
- # Required-Stop:     $syslog ipmi
- # Should-Stop: $time
--# Default-Start:     3 4 5
--# Default-Stop:      0 1 2 6
-+# Default-Start:     
-+# Default-Stop:      
- # Short-Description: ipmievd daemon to send events to syslog
- # Description:       Start ipmievd to read events from BMC and
- #	             log them to syslog.  Events correspond to hardware faults,
-@@ -85,7 +85,7 @@ case "$1" in
- 	;;
-     *)
- 	echo "Usage: ipmievd {start|stop|status|reload|restart|condrestart}"
--	exit 1
-+	exit 2
- 	;;
- esac
- exit $?

ipmitool-1.8.11-remove-umask0.patch

@@ -1,13 +0,0 @@
-CVE-2011-4339 OpenIPMI: IPMI event daemon creates PID file with world writeable permissions
-
-diff -up ipmitool-1.8.11/lib/helper.c.original ipmitool-1.8.11/lib/helper.c
---- ipmitool-1.8.11/lib/helper.c.original	2011-10-03 13:00:54.000000000 +0900
-+++ ipmitool-1.8.11/lib/helper.c	2011-10-03 13:01:01.000000000 +0900
-@@ -427,7 +427,6 @@ ipmi_start_daemon(struct ipmi_intf *intf
- #endif
- 
- 	chdir("/");
--	umask(0);
- 
- 	for (fd=0; fd<64; fd++) {
- 		if (fd != intf->fd)

ipmitool.spec

@@ -1,6 +1,6 @@
 Name:         ipmitool
 Summary:      Utility for IPMI control
-Version:      1.8.16
+Version:      1.8.17
 Release:      1%{?dist}
 License:      BSD
 Group:        System Environment/Base
@@ -12,6 +12,7 @@ Source3:      exchange-bmc-os-info.service
 Source4:      exchange-bmc-os-info.sysconf
 Source5:      set-bmc-url.sh
 Source6:      exchange-bmc-os-info
+Patch1: 0001-CVE-2011-4339-OpenIPMI.patch
 
 BuildRequires: openssl-devel readline-devel ncurses-devel
 BuildRequires: systemd-units
@@ -20,9 +21,6 @@ BuildRequires: automake autoconf libtool
 Obsoletes: OpenIPMI-tools < 2.0.14-3
 Provides: OpenIPMI-tools = 2.0.14-3
 
-Patch1: ipmitool-1.8.10-ipmievd-init.patch
-Patch2: ipmitool-1.8.10-ipmievd-condrestart.patch
-Patch3: ipmitool-1.8.11-remove-umask0.patch
 
 %description
 This package contains a utility for interfacing with devices that support
@@ -82,9 +80,7 @@ for the host OS to use.
 %prep
 
 %setup -q
-%patch1 -p1 -b .ipmievd-init
+%patch1 -p1
-%patch2 -p0 -b .condrestart
-%patch3 -p1 -b .umask
 
 for f in AUTHORS ChangeLog; do
     iconv -f iso-8859-1 -t utf8 < ${f} > ${f}.utf8
@@ -179,6 +175,10 @@ install -Dm 755 contrib/bmc-snmp-proxy         %{buildroot}%{_libexecdir}/bmc-sn
 %{_libexecdir}/bmc-snmp-proxy
 
 %changelog
+* Tue May 10 2016 Boris Ranto <branto@redhat.com> - 0:1.8.17-1
+- New version (0:1.8.17-1)
+- CVE-2011-4339 OpenIPMI
+
 * Tue Feb 23 2016 Boris Ranto <branto@redhat.com> - 1.8.16-1
 - Rebase to version 1.8.16
 

sources

@@ -3,3 +3,4 @@
 6598ee7c4ba2c8f69ef2ad48e502cada  exchange-bmc-os-info.service
 3a728964cb3990f3fd6febef36b4e8af  exchange-bmc-os-info.sysconf
 b8943d4efa72aa65e2409194f8d30bdb  set-bmc-url.sh
+f7408aa2b40333db0413d4aab6bbe978  ipmitool-1.8.17.tar.bz2