fixed CVE-2011-4339

ipmitool-1.8.11-remove-umask0.patch

@@ -0,0 +1,13 @@
+CVE-2011-4339 OpenIPMI: IPMI event daemon creates PID file with world writeable permissions
+
+diff -up ipmitool-1.8.11/lib/helper.c.original ipmitool-1.8.11/lib/helper.c
+--- ipmitool-1.8.11/lib/helper.c.original	2011-10-03 13:00:54.000000000 +0900
++++ ipmitool-1.8.11/lib/helper.c	2011-10-03 13:01:01.000000000 +0900
+@@ -427,7 +427,6 @@ ipmi_start_daemon(struct ipmi_intf *intf
+ #endif
+ 
+ 	chdir("/");
+-	umask(0);
+ 
+ 	for (fd=0; fd<64; fd++) {
+ 		if (fd != intf->fd)

ipmitool.spec

@@ -1,7 +1,7 @@
 Name:         ipmitool
 Summary:      Utility for IPMI control
 Version:      1.8.11
-Release:      7%{?dist}
+Release:      8%{?dist}
 License:      BSD
 Group:        System Environment/Base
 URL:          http://ipmitool.sourceforge.net/
@@ -19,6 +19,7 @@ Provides: OpenIPMI-tools = 2.0.14-3
 
 Patch1: ipmitool-1.8.10-ipmievd-init.patch
 Patch2: ipmitool-1.8.10-ipmievd-condrestart.patch
+Patch3: ipmitool-1.8.11-remove-umask0.patch
 
 %description
 This package contains a utility for interfacing with devices that support
@@ -40,6 +41,7 @@ setting LAN configuration, and chassis power control.
 %setup -q
 %patch1 -p1 -b .ipmievd-init
 %patch2 -p0 -b .condrestart
+%patch3 -p1 -b .umask
 
 for f in AUTHORS ChangeLog; do
     iconv -f iso-8859-1 -t utf8 < ${f} > ${f}.utf8
@@ -101,6 +103,9 @@ fi
 
 
 %changelog
+* Tue Dec 13 2011 Jan Safranek <jsafrane@redhat.com> - 1.8.11-8
+- fixed CVE-2011-4339
+
 * Mon Sep 12 2011 Tom Callaway <spot@fedoraproject.org> - 1.8.11-7
 - convert to systemd