[arch-commits] Commit in ipmitool/repos/community-x86_64 (5 files)

Florian Pritz bluewind at archlinux.org
Sun Feb 21 09:41:25 UTC 2021


    Date: Sunday, February 21, 2021 @ 09:41:25
  Author: bluewind
Revision: 867618

archrelease: copy trunk to community-x86_64

Added:
  ipmitool/repos/community-x86_64/9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch
    (from rev 867617, ipmitool/trunk/9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch)
  ipmitool/repos/community-x86_64/PKGBUILD
    (from rev 867617, ipmitool/trunk/PKGBUILD)
  ipmitool/repos/community-x86_64/ipmitool-openssl-1.1.patch
    (from rev 867617, ipmitool/trunk/ipmitool-openssl-1.1.patch)
Deleted:
  ipmitool/repos/community-x86_64/PKGBUILD
  ipmitool/repos/community-x86_64/ipmitool-openssl-1.1.patch

-------------------------------------------------------+
 9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch |   37 +++
 PKGBUILD                                              |  108 ++++++---
 ipmitool-openssl-1.1.patch                            |  178 ++++++++--------
 3 files changed, 195 insertions(+), 128 deletions(-)

Copied: ipmitool/repos/community-x86_64/9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch (from rev 867617, ipmitool/trunk/9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch)
===================================================================
--- 9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch	                        (rev 0)
+++ 9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch	2021-02-21 09:41:25 UTC (rev 867618)
@@ -0,0 +1,37 @@
+NOTE: This diff has been adjusted to apply to 1.8.18.
+
+
+From 9452be87181a6e83cfcc768b3ed8321763db50e4 Mon Sep 17 00:00:00 2001
+From: Chrostoper Ertl <chertl at microsoft.com>
+Date: Thu, 28 Nov 2019 16:56:38 +0000
+Subject: [PATCH] channel: Fix buffer overflow
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Partial fix for CVE-2020-5208, see
+https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
+
+The `ipmi_get_channel_cipher_suites` function does not properly check
+the final response’s `data_len`, which can lead to stack buffer overflow
+on the final copy.
+---
+ lib/ipmi_channel.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/lib/ipmi_channel.c b/lib/ipmi_channel.c
+index a6a6a424..433c4d36 100644
+--- a/lib/ipmi_channel.c
++++ b/lib/ipmi_channel.c
+@@ -498,7 +498,10 @@ ipmi_get_channel_cipher_suites(struct ipmi_intf *intf,
+ 			lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites");
+ 			return -1;
+ 		}
+-		if (rsp->ccode > 0) {
++		if (rsp->ccode
++		    || rsp->data_len < 1
++		    || rsp->data_len > sizeof(uint8_t) + MAX_CIPHER_SUITE_DATA_LEN)
++		{
+ 			lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
+ 					val2str(rsp->ccode, completion_code_vals));
+ 			return -1;

Deleted: PKGBUILD
===================================================================
--- PKGBUILD	2021-02-21 09:41:22 UTC (rev 867617)
+++ PKGBUILD	2021-02-21 09:41:25 UTC (rev 867618)
@@ -1,39 +0,0 @@
-# Maintainer: Florian Pritz <bluewind at xinu.at>
-# Contributor: Florian Dejonckheere <florian at floriandejonckheere.be>
-# Contributor: gori
-
-pkgname=ipmitool
-pkgver=1.8.18
-pkgrel=6
-pkgdesc="Command-line interface to IPMI-enabled devices"
-arch=('x86_64')
-url="http://ipmitool.sourceforge.net"
-depends=('openssl')
-license=('BSD')
-source=("http://downloads.sourceforge.net/project/${pkgname}/${pkgname}/${pkgver}/${pkgname}-${pkgver}.tar.bz2" ipmitool-openssl-1.1.patch)
-md5sums=('bab7ea104c7b85529c3ef65c54427aa3'
-         'aa54f29a94bc0152ae65d96d68490d8b')
-
-prepare() {
-        cd ${pkgname}-${pkgver}
-        # openssl 1.1 support (Fedora)
-        patch -p1 -i ../ipmitool-openssl-1.1.patch
-}
-
-build(){
-	cd "${srcdir}/${pkgname}-${pkgver}"
-
-	CFLAGS+=' -fcommon' # https://wiki.gentoo.org/wiki/Gcc_10_porting_notes/fno_common
-
-	./configure --prefix=/usr --sbindir=/usr/bin --with-kerneldir
-	make
-}
-
-package(){
-	cd "${srcdir}/${pkgname}-${pkgver}"
-
-	make DESTDIR="${pkgdir}" install
-
-	# Install license
-	install -Dm644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
-}

Copied: ipmitool/repos/community-x86_64/PKGBUILD (from rev 867617, ipmitool/trunk/PKGBUILD)
===================================================================
--- PKGBUILD	                        (rev 0)
+++ PKGBUILD	2021-02-21 09:41:25 UTC (rev 867618)
@@ -0,0 +1,69 @@
+# Maintainer: Florian Pritz <bluewind at xinu.at>
+# Contributor: Florian Dejonckheere <florian at floriandejonckheere.be>
+# Contributor: gori
+
+pkgname=ipmitool
+pkgver=1.8.18
+pkgrel=7
+pkgdesc="Command-line interface to IPMI-enabled devices"
+arch=('x86_64')
+url="http://ipmitool.sourceforge.net"
+depends=('openssl')
+license=('BSD')
+source=("https://downloads.sourceforge.net/project/${pkgname}/${pkgname}/${pkgver}/${pkgname}-${pkgver}.tar.bz2"
+         ipmitool-openssl-1.1.patch
+         https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2.patch
+         https://github.com/ipmitool/ipmitool/commit/840fb1cbb4fb365cb9797300e3374d4faefcdb10.patch
+         https://github.com/ipmitool/ipmitool/commit/41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22.patch
+         #https://github.com/ipmitool/ipmitool/commit/9452be87181a6e83cfcc768b3ed8321763db50e4.patch
+         9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch
+         https://github.com/ipmitool/ipmitool/commit/d45572d71e70840e0d4c50bf48218492b79c1a10.patch
+         https://github.com/ipmitool/ipmitool/commit/7ccea283dd62a05a320c1921e3d8d71a87772637.patch
+       )
+sha256sums=('0c1ba3b1555edefb7c32ae8cd6a3e04322056bc087918f07189eeedfc8b81e01'
+            '7da20584541279045b4a4743600925b70fe162e1437a8da6647414926e12b58f'
+            'fcf8a1fce7f902adcb6500143ec04f6541474a2e0e78acfdf52276d3e421e84f'
+            '9774148893ed44f5d85bec26cd54f31ef6f7491232eb3f44f65d391547d83cda'
+            '42ce1143b05e160cee9cc6fb6ed13938ffc62dc11eec0343caccf463d49b76b8'
+            'd51c1f481d4fc1d3fd5617ceeda16327fb6a6916103cf7334f6e44cd325ea0e0'
+            '0b6535b7b54485a9ba107ae09fccdff9f816ae1c4d8a8fe334df6fb48d2ec63a'
+            '146316f1b4001e3929c794d25ee2dacc7602676060da80b9c1655ec01a0032e3')
+
+prepare() {
+        cd ${pkgname}-${pkgver}
+        # openssl 1.1 support (Fedora)
+        patch -p1 -i ../ipmitool-openssl-1.1.patch
+
+        # FS#69708 - [ipmitool] [Security] arbitrary code execution (CVE-2020-5208)
+        patch -p1 -i ../e824c23316ae50beb7f7488f2055ac65e8b341f2.patch
+        patch -p1 -i ../840fb1cbb4fb365cb9797300e3374d4faefcdb10.patch
+        patch -p1 -i ../41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22.patch
+        patch -p1 -i ../9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch
+        patch -p1 -i ../d45572d71e70840e0d4c50bf48218492b79c1a10.patch
+        patch -p1 -i ../7ccea283dd62a05a320c1921e3d8d71a87772637.patch
+}
+
+build(){
+	cd "${srcdir}/${pkgname}-${pkgver}"
+
+	CFLAGS+=' -fcommon' # https://wiki.gentoo.org/wiki/Gcc_10_porting_notes/fno_common
+
+	# Fix warning in ipmi_fru.c
+	CFLAGS+=' -Wno-maybe-uninitialized'
+
+	if [[ $pkgver = '1.8.18' ]]; then
+		CFLAGS+=' -DMAX_CIPHER_SUITE_DATA_LEN=0x10'
+	fi
+
+	./configure --prefix=/usr --sbindir=/usr/bin --with-kerneldir
+	make
+}
+
+package(){
+	cd "${srcdir}/${pkgname}-${pkgver}"
+
+	make DESTDIR="${pkgdir}" install
+
+	# Install license
+	install -Dm644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
+}

Deleted: ipmitool-openssl-1.1.patch
===================================================================
--- ipmitool-openssl-1.1.patch	2021-02-21 09:41:22 UTC (rev 867617)
+++ ipmitool-openssl-1.1.patch	2021-02-21 09:41:25 UTC (rev 867618)
@@ -1,89 +0,0 @@
-diff -urNp old/src/plugins/lanplus/lanplus_crypt_impl.c new/src/plugins/lanplus/lanplus_crypt_impl.c
---- old/src/plugins/lanplus/lanplus_crypt_impl.c	2016-05-28 10:20:20.000000000 +0200
-+++ new/src/plugins/lanplus/lanplus_crypt_impl.c	2017-02-21 10:50:21.634873466 +0100
-@@ -164,10 +164,10 @@ lanplus_encrypt_aes_cbc_128(const uint8_
- 							uint8_t       * output,
- 							uint32_t        * bytes_written)
- {
--	EVP_CIPHER_CTX ctx;
--	EVP_CIPHER_CTX_init(&ctx);
--	EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
--	EVP_CIPHER_CTX_set_padding(&ctx, 0);
-+	EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
-+	EVP_CIPHER_CTX_init(ctx);
-+	EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
-+	EVP_CIPHER_CTX_set_padding(ctx, 0);
- 	
- 
- 	*bytes_written = 0;
-@@ -191,7 +191,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_
- 	assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
- 
- 
--	if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
-+	if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
- 	{
- 		/* Error */
- 		*bytes_written = 0;
-@@ -201,7 +201,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_
- 	{
- 		uint32_t tmplen;
- 
--		if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
-+		if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
- 		{
- 			*bytes_written = 0;
- 			return; /* Error */
-@@ -210,7 +210,8 @@ lanplus_encrypt_aes_cbc_128(const uint8_
- 		{
- 			/* Success */
- 			*bytes_written += tmplen;
--			EVP_CIPHER_CTX_cleanup(&ctx);
-+			EVP_CIPHER_CTX_cleanup(ctx);
-+			EVP_CIPHER_CTX_free(ctx);
- 		}
- 	}
- }
-@@ -239,10 +240,10 @@ lanplus_decrypt_aes_cbc_128(const uint8_
- 							uint8_t       * output,
- 							uint32_t        * bytes_written)
- {
--	EVP_CIPHER_CTX ctx;
--	EVP_CIPHER_CTX_init(&ctx);
--	EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
--	EVP_CIPHER_CTX_set_padding(&ctx, 0);
-+	EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
-+	EVP_CIPHER_CTX_init(ctx);
-+	EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
-+	EVP_CIPHER_CTX_set_padding(ctx, 0);
- 
- 
- 	if (verbose >= 5)
-@@ -266,7 +267,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_
- 	assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
- 
- 
--	if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
-+	if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
- 	{
- 		/* Error */
- 		lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
-@@ -277,7 +278,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_
- 	{
- 		uint32_t tmplen;
- 
--		if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
-+		if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
- 		{
- 			char buffer[1000];
- 			ERR_error_string(ERR_get_error(), buffer);
-@@ -290,7 +291,8 @@ lanplus_decrypt_aes_cbc_128(const uint8_
- 		{
- 			/* Success */
- 			*bytes_written += tmplen;
--			EVP_CIPHER_CTX_cleanup(&ctx);
-+			EVP_CIPHER_CTX_cleanup(ctx);
-+			EVP_CIPHER_CTX_free(ctx);
- 		}
- 	}
- 

Copied: ipmitool/repos/community-x86_64/ipmitool-openssl-1.1.patch (from rev 867617, ipmitool/trunk/ipmitool-openssl-1.1.patch)
===================================================================
--- ipmitool-openssl-1.1.patch	                        (rev 0)
+++ ipmitool-openssl-1.1.patch	2021-02-21 09:41:25 UTC (rev 867618)
@@ -0,0 +1,89 @@
+diff -urNp old/src/plugins/lanplus/lanplus_crypt_impl.c new/src/plugins/lanplus/lanplus_crypt_impl.c
+--- old/src/plugins/lanplus/lanplus_crypt_impl.c	2016-05-28 10:20:20.000000000 +0200
++++ new/src/plugins/lanplus/lanplus_crypt_impl.c	2017-02-21 10:50:21.634873466 +0100
+@@ -164,10 +164,10 @@ lanplus_encrypt_aes_cbc_128(const uint8_
+ 							uint8_t       * output,
+ 							uint32_t        * bytes_written)
+ {
+-	EVP_CIPHER_CTX ctx;
+-	EVP_CIPHER_CTX_init(&ctx);
+-	EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
+-	EVP_CIPHER_CTX_set_padding(&ctx, 0);
++	EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
++	EVP_CIPHER_CTX_init(ctx);
++	EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
++	EVP_CIPHER_CTX_set_padding(ctx, 0);
+ 	
+ 
+ 	*bytes_written = 0;
+@@ -191,7 +191,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_
+ 	assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
+ 
+ 
+-	if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
++	if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
+ 	{
+ 		/* Error */
+ 		*bytes_written = 0;
+@@ -201,7 +201,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_
+ 	{
+ 		uint32_t tmplen;
+ 
+-		if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
++		if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
+ 		{
+ 			*bytes_written = 0;
+ 			return; /* Error */
+@@ -210,7 +210,8 @@ lanplus_encrypt_aes_cbc_128(const uint8_
+ 		{
+ 			/* Success */
+ 			*bytes_written += tmplen;
+-			EVP_CIPHER_CTX_cleanup(&ctx);
++			EVP_CIPHER_CTX_cleanup(ctx);
++			EVP_CIPHER_CTX_free(ctx);
+ 		}
+ 	}
+ }
+@@ -239,10 +240,10 @@ lanplus_decrypt_aes_cbc_128(const uint8_
+ 							uint8_t       * output,
+ 							uint32_t        * bytes_written)
+ {
+-	EVP_CIPHER_CTX ctx;
+-	EVP_CIPHER_CTX_init(&ctx);
+-	EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
+-	EVP_CIPHER_CTX_set_padding(&ctx, 0);
++	EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
++	EVP_CIPHER_CTX_init(ctx);
++	EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
++	EVP_CIPHER_CTX_set_padding(ctx, 0);
+ 
+ 
+ 	if (verbose >= 5)
+@@ -266,7 +267,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_
+ 	assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
+ 
+ 
+-	if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
++	if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
+ 	{
+ 		/* Error */
+ 		lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
+@@ -277,7 +278,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_
+ 	{
+ 		uint32_t tmplen;
+ 
+-		if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
++		if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
+ 		{
+ 			char buffer[1000];
+ 			ERR_error_string(ERR_get_error(), buffer);
+@@ -290,7 +291,8 @@ lanplus_decrypt_aes_cbc_128(const uint8_
+ 		{
+ 			/* Success */
+ 			*bytes_written += tmplen;
+-			EVP_CIPHER_CTX_cleanup(&ctx);
++			EVP_CIPHER_CTX_cleanup(ctx);
++			EVP_CIPHER_CTX_free(ctx);
+ 		}
+ 	}
+ 



More information about the arch-commits mailing list