[arch-commits] Commit in ipmitool/trunk (2 files)
Florian Pritz
bluewind at archlinux.org
Sun Feb 21 09:41:22 UTC 2021
Date: Sunday, February 21, 2021 @ 09:41:22
Author: bluewind
Revision: 867617
upgpkg: ipmitool 1.8.18-7: fix FS#69708 - [ipmitool] [Security] arbitrary code execution (CVE-2020-5208)
Added:
ipmitool/trunk/9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch
Modified:
ipmitool/trunk/PKGBUILD
-------------------------------------------------------+
9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch | 37 ++++++++++++++++
PKGBUILD | 35 +++++++++++++--
2 files changed, 69 insertions(+), 3 deletions(-)
Added: 9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch
===================================================================
--- 9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch (rev 0)
+++ 9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch 2021-02-21 09:41:22 UTC (rev 867617)
@@ -0,0 +1,37 @@
+NOTE: This diff has been adjusted to apply to 1.8.18.
+
+
+From 9452be87181a6e83cfcc768b3ed8321763db50e4 Mon Sep 17 00:00:00 2001
+From: Chrostoper Ertl <chertl at microsoft.com>
+Date: Thu, 28 Nov 2019 16:56:38 +0000
+Subject: [PATCH] channel: Fix buffer overflow
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Partial fix for CVE-2020-5208, see
+https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
+
+The `ipmi_get_channel_cipher_suites` function does not properly check
+the final response’s `data_len`, which can lead to stack buffer overflow
+on the final copy.
+---
+ lib/ipmi_channel.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/lib/ipmi_channel.c b/lib/ipmi_channel.c
+index a6a6a424..433c4d36 100644
+--- a/lib/ipmi_channel.c
++++ b/lib/ipmi_channel.c
+@@ -498,7 +498,10 @@ ipmi_get_channel_cipher_suites(struct ipmi_intf *intf,
+ lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites");
+ return -1;
+ }
+- if (rsp->ccode > 0) {
++ if (rsp->ccode
++ || rsp->data_len < 1
++ || rsp->data_len > sizeof(uint8_t) + MAX_CIPHER_SUITE_DATA_LEN)
++ {
+ lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
+ val2str(rsp->ccode, completion_code_vals));
+ return -1;
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2021-02-21 09:29:03 UTC (rev 867616)
+++ PKGBUILD 2021-02-21 09:41:22 UTC (rev 867617)
@@ -4,7 +4,7 @@
pkgname=ipmitool
pkgver=1.8.18
-pkgrel=6
+pkgrel=7
pkgdesc="Command-line interface to IPMI-enabled devices"
arch=('x86_64')
url="http://ipmitool.sourceforge.net"
@@ -11,14 +11,36 @@
depends=('openssl')
license=('BSD')
source=("https://downloads.sourceforge.net/project/${pkgname}/${pkgname}/${pkgver}/${pkgname}-${pkgver}.tar.bz2"
- ipmitool-openssl-1.1.patch)
+ ipmitool-openssl-1.1.patch
+ https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2.patch
+ https://github.com/ipmitool/ipmitool/commit/840fb1cbb4fb365cb9797300e3374d4faefcdb10.patch
+ https://github.com/ipmitool/ipmitool/commit/41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22.patch
+ #https://github.com/ipmitool/ipmitool/commit/9452be87181a6e83cfcc768b3ed8321763db50e4.patch
+ 9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch
+ https://github.com/ipmitool/ipmitool/commit/d45572d71e70840e0d4c50bf48218492b79c1a10.patch
+ https://github.com/ipmitool/ipmitool/commit/7ccea283dd62a05a320c1921e3d8d71a87772637.patch
+ )
sha256sums=('0c1ba3b1555edefb7c32ae8cd6a3e04322056bc087918f07189eeedfc8b81e01'
- '7da20584541279045b4a4743600925b70fe162e1437a8da6647414926e12b58f')
+ '7da20584541279045b4a4743600925b70fe162e1437a8da6647414926e12b58f'
+ 'fcf8a1fce7f902adcb6500143ec04f6541474a2e0e78acfdf52276d3e421e84f'
+ '9774148893ed44f5d85bec26cd54f31ef6f7491232eb3f44f65d391547d83cda'
+ '42ce1143b05e160cee9cc6fb6ed13938ffc62dc11eec0343caccf463d49b76b8'
+ 'd51c1f481d4fc1d3fd5617ceeda16327fb6a6916103cf7334f6e44cd325ea0e0'
+ '0b6535b7b54485a9ba107ae09fccdff9f816ae1c4d8a8fe334df6fb48d2ec63a'
+ '146316f1b4001e3929c794d25ee2dacc7602676060da80b9c1655ec01a0032e3')
prepare() {
cd ${pkgname}-${pkgver}
# openssl 1.1 support (Fedora)
patch -p1 -i ../ipmitool-openssl-1.1.patch
+
+ # FS#69708 - [ipmitool] [Security] arbitrary code execution (CVE-2020-5208)
+ patch -p1 -i ../e824c23316ae50beb7f7488f2055ac65e8b341f2.patch
+ patch -p1 -i ../840fb1cbb4fb365cb9797300e3374d4faefcdb10.patch
+ patch -p1 -i ../41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22.patch
+ patch -p1 -i ../9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch
+ patch -p1 -i ../d45572d71e70840e0d4c50bf48218492b79c1a10.patch
+ patch -p1 -i ../7ccea283dd62a05a320c1921e3d8d71a87772637.patch
}
build(){
@@ -26,6 +48,13 @@
CFLAGS+=' -fcommon' # https://wiki.gentoo.org/wiki/Gcc_10_porting_notes/fno_common
+ # Fix warning in ipmi_fru.c
+ CFLAGS+=' -Wno-maybe-uninitialized'
+
+ if [[ $pkgver = '1.8.18' ]]; then
+ CFLAGS+=' -DMAX_CIPHER_SUITE_DATA_LEN=0x10'
+ fi
+
./configure --prefix=/usr --sbindir=/usr/bin --with-kerneldir
make
}
More information about the arch-commits
mailing list