[arch-commits] Commit in ipmitool/trunk (2 files)

Florian Pritz bluewind at archlinux.org
Sun Feb 21 09:41:22 UTC 2021 

    Date: Sunday, February 21, 2021 @ 09:41:22
  Author: bluewind
Revision: 867617

upgpkg: ipmitool 1.8.18-7: fix FS#69708 - [ipmitool] [Security] arbitrary code execution (CVE-2020-5208)

Added:
  ipmitool/trunk/9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch
Modified:
  ipmitool/trunk/PKGBUILD

-------------------------------------------------------+
 9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch |   37 ++++++++++++++++
 PKGBUILD                                              |   35 +++++++++++++--
 2 files changed, 69 insertions(+), 3 deletions(-)

Added: 9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch
===================================================================
--- 9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch	                        (rev 0)
+++ 9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch	2021-02-21 09:41:22 UTC (rev 867617)
@@ -0,0 +1,37 @@
+NOTE: This diff has been adjusted to apply to 1.8.18.
+
+
+From 9452be87181a6e83cfcc768b3ed8321763db50e4 Mon Sep 17 00:00:00 2001
+From: Chrostoper Ertl <chertl at microsoft.com>
+Date: Thu, 28 Nov 2019 16:56:38 +0000
+Subject: [PATCH] channel: Fix buffer overflow
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Partial fix for CVE-2020-5208, see
+https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
+
+The `ipmi_get_channel_cipher_suites` function does not properly check
+the final response’s `data_len`, which can lead to stack buffer overflow
+on the final copy.
+---
+ lib/ipmi_channel.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/lib/ipmi_channel.c b/lib/ipmi_channel.c
+index a6a6a424..433c4d36 100644
+--- a/lib/ipmi_channel.c
++++ b/lib/ipmi_channel.c
+@@ -498,7 +498,10 @@ ipmi_get_channel_cipher_suites(struct ipmi_intf *intf,
+ 			lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites");
+ 			return -1;
+ 		}
+-		if (rsp->ccode > 0) {
++		if (rsp->ccode
++		    || rsp->data_len < 1
++		    || rsp->data_len > sizeof(uint8_t) + MAX_CIPHER_SUITE_DATA_LEN)
++		{
+ 			lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
+ 					val2str(rsp->ccode, completion_code_vals));
+ 			return -1;

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2021-02-21 09:29:03 UTC (rev 867616)
+++ PKGBUILD	2021-02-21 09:41:22 UTC (rev 867617)
@@ -4,7 +4,7 @@
 
 pkgname=ipmitool
 pkgver=1.8.18
-pkgrel=6
+pkgrel=7
 pkgdesc="Command-line interface to IPMI-enabled devices"
 arch=('x86_64')
 url="http://ipmitool.sourceforge.net"
@@ -11,14 +11,36 @@
 depends=('openssl')
 license=('BSD')
 source=("https://downloads.sourceforge.net/project/${pkgname}/${pkgname}/${pkgver}/${pkgname}-${pkgver}.tar.bz2"
-         ipmitool-openssl-1.1.patch)
+         ipmitool-openssl-1.1.patch
+         https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2.patch
+         https://github.com/ipmitool/ipmitool/commit/840fb1cbb4fb365cb9797300e3374d4faefcdb10.patch
+         https://github.com/ipmitool/ipmitool/commit/41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22.patch
+         #https://github.com/ipmitool/ipmitool/commit/9452be87181a6e83cfcc768b3ed8321763db50e4.patch
+         9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch
+         https://github.com/ipmitool/ipmitool/commit/d45572d71e70840e0d4c50bf48218492b79c1a10.patch
+         https://github.com/ipmitool/ipmitool/commit/7ccea283dd62a05a320c1921e3d8d71a87772637.patch
+       )
 sha256sums=('0c1ba3b1555edefb7c32ae8cd6a3e04322056bc087918f07189eeedfc8b81e01'
-            '7da20584541279045b4a4743600925b70fe162e1437a8da6647414926e12b58f')
+            '7da20584541279045b4a4743600925b70fe162e1437a8da6647414926e12b58f'
+            'fcf8a1fce7f902adcb6500143ec04f6541474a2e0e78acfdf52276d3e421e84f'
+            '9774148893ed44f5d85bec26cd54f31ef6f7491232eb3f44f65d391547d83cda'
+            '42ce1143b05e160cee9cc6fb6ed13938ffc62dc11eec0343caccf463d49b76b8'
+            'd51c1f481d4fc1d3fd5617ceeda16327fb6a6916103cf7334f6e44cd325ea0e0'
+            '0b6535b7b54485a9ba107ae09fccdff9f816ae1c4d8a8fe334df6fb48d2ec63a'
+            '146316f1b4001e3929c794d25ee2dacc7602676060da80b9c1655ec01a0032e3')
 
 prepare() {
         cd ${pkgname}-${pkgver}
         # openssl 1.1 support (Fedora)
         patch -p1 -i ../ipmitool-openssl-1.1.patch
+
+        # FS#69708 - [ipmitool] [Security] arbitrary code execution (CVE-2020-5208)
+        patch -p1 -i ../e824c23316ae50beb7f7488f2055ac65e8b341f2.patch
+        patch -p1 -i ../840fb1cbb4fb365cb9797300e3374d4faefcdb10.patch
+        patch -p1 -i ../41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22.patch
+        patch -p1 -i ../9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch
+        patch -p1 -i ../d45572d71e70840e0d4c50bf48218492b79c1a10.patch
+        patch -p1 -i ../7ccea283dd62a05a320c1921e3d8d71a87772637.patch
 }
 
 build(){
@@ -26,6 +48,13 @@
 
 	CFLAGS+=' -fcommon' # https://wiki.gentoo.org/wiki/Gcc_10_porting_notes/fno_common
 
+	# Fix warning in ipmi_fru.c
+	CFLAGS+=' -Wno-maybe-uninitialized'
+
+	if [[ $pkgver = '1.8.18' ]]; then
+		CFLAGS+=' -DMAX_CIPHER_SUITE_DATA_LEN=0x10'
+	fi
+
 	./configure --prefix=/usr --sbindir=/usr/bin --with-kerneldir
 	make
 }

More information about the arch-commits mailing list