diff options
| author | Jörg Frings-Fürst <debian@jff-webhosting.net> | 2022-10-29 18:45:57 +0200 | 
|---|---|---|
| committer | Jörg Frings-Fürst <debian@jff-webhosting.net> | 2022-10-29 18:45:57 +0200 | 
| commit | 22eeb1b665cbcadcdf11c20fae42700215becdb5 (patch) | |
| tree | 2b1be3668814bf48292b4f922bd86bbd904b6d3a | |
| parent | 2a31db85c38fc8c0b2482136a619b35ef0ee2e52 (diff) | |
Add new patches
| -rw-r--r-- | debian/changelog | 2 | ||||
| -rw-r--r-- | debian/patches/0620-manpage_typo.patch | 370 | ||||
| -rw-r--r-- | debian/patches/0700-build.patch | 105 | ||||
| -rw-r--r-- | debian/patches/series | 2 | 
4 files changed, 479 insertions, 0 deletions
| diff --git a/debian/changelog b/debian/changelog index b910c40..ef1b8ed 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,8 @@  ipmitool (1.8.19-1) UNRELEASED; urgency=medium    * New upstrem release. +    - New debian/patches/0700-build.patch. +    - New debian/patches/0620-manpage_typo.patch.   -- Jörg Frings-Fürst <debian@jff.email>  Sat, 10 Sep 2022 15:35:32 +0200 diff --git a/debian/patches/0620-manpage_typo.patch b/debian/patches/0620-manpage_typo.patch new file mode 100644 index 0000000..63ed5d4 --- /dev/null +++ b/debian/patches/0620-manpage_typo.patch @@ -0,0 +1,370 @@ +Description: Fix man page typos +Author: Jörg Frings-Fürst <debian@jff.email> +Forwarded: not-needed +Last-Update: 2022-10-29 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/doc/ipmitool.1.in +=================================================================== +--- trunk.orig/doc/ipmitool.1.in ++++ trunk/doc/ipmitool.1.in +@@ -3,7 +3,7 @@ + ipmitool \- utility for controlling IPMI\-enabled devices + .SH "SYNOPSIS" +  +-.BR ipmitool ++.br ipmitool + [ <options> ] <command> [ <sub-commands and sub-options> ] +  + <options>           := [ <general-options> | <conditional-opts> ] +@@ -68,7 +68,7 @@ On Solaris this driver is called \fIBMC\ + Management of a remote station requires the IPMI\-over\-LAN interface to be + enabled and configured.  Depending on the particular requirements of each + system it may be possible to enable the LAN interface using +-.BR ipmitool ++.br ipmitool + over the system interface. + .SH "OPTIONS" + .TP  +@@ -102,7 +102,7 @@ IPMI v2.0 specification. The default is + authentication, HMAC\-SHA256\-128 integrity, and AES\-CBC\-128 encryption algorithms. +  + NOTE: In +-.BR ipmitool ++.br ipmitool + 1.8.18 and earlier the default was 3, which was insecure and was not supported + by some more recent BMC implementations. + .TP  +@@ -242,7 +242,7 @@ Change Size of Communication Channel. (O +  + .LP  + If no password method is specified then +-.BR ipmitool ++.br ipmitool + will prompt the user for a password. If no password is entered at the prompt, + the remote server password will default to NULL. + .SH "SECURITY" +@@ -267,17 +267,17 @@ local station. + For IPMI v1.5, the maximum password length is 16 characters; longer + passwords might be truncated or rejected by the server, or rejected + by +-.BR ipmitool . ++.br ipmitool . +  + For IPMI v2.0, the maximum password length is 20 characters; longer + passwords will be rejected by +-.BR ipmitool . ++.br ipmitool . +  + .SH "COMMANDS" + .TP  + \fIhelp\fP + This can be used to get command\-line help on  +-.BR ipmitool ++.br ipmitool + commands. It may also be placed at the end of commands to get option usage help. +  + > ipmitool help +@@ -1223,7 +1223,7 @@ Get a list of all the possible Sensor St + Shortcuts available for a particular sensor.   \fBsensorid\fR is the character  + string representation of the sensor and must be enclosed in double quotes + if it includes white space.  Several different commands including  +-.BR ipmitool ++.br ipmitool + \fIsensor list\fP may be used to obtain a list that includes  + the \fBsensorid\fR strings representing the sensors on a given system.  + .RS +@@ -1287,7 +1287,7 @@ Finding sensor PS 2T Fan Fault... ok +  + .RS + Execute +-.BR ipmitool ++.br ipmitool + commands from \fIfilename\fR.  Each line is a + complete command.  The syntax of the commands are defined by the + COMMANDS section in this manpage.  Each line may have an optional +@@ -1698,7 +1698,7 @@ user, operator, admin, oem. + .br +  + Causes +-.BR ipmitool ++.br ipmitool + to enter Intel IPMI v1.5 Serial Over LAN mode. An RMCP+ + connection is made to the BMC, the terminal is set to raw mode, and user + input is sent to the serial console on the remote server. On exit,  +@@ -1752,7 +1752,7 @@ Select the next boot order on the Kontro +  + These commands will allow you to configure IPMI LAN channels + with network information so they can be used with the +-..BR ipmitool ++.br ipmitool + \fIlan\fP and \fIlanplus\fP interfaces.  \fINOTE\fR: To + determine on which channel the LAN interface is located, issue + the `channel info \fInumber\fR' command until you come across +@@ -2035,7 +2035,7 @@ Display the Management Controller Global + .br +  + This is the default behavior for +-.BR ipmitool (1). ++.br ipmitool (1). +  + Try to automatically detect the encoding based on the value of the + version field and (for version 1) the timestamp. The version is +@@ -2049,11 +2049,11 @@ neither one has that, then the precedenc + \fIsmbios\fP, \fIipmi\fP, \fIrfc4122\fP. +  + If neither encoding yields a valid version field, then +-.BR ipmitool (1) ++.br ipmitool (1) + defaults to \fIdump\fP mode. +  + If this option is in use, then +-.BR ipmitool (1) ++.br ipmitool (1) + will also print out the detected encoding and warn + regarding IPMI specification violation if the encoding isn't \fIipmi\fP. +  +@@ -2551,7 +2551,7 @@ Discover Node Manager presence as well a + .br +  + Add a new power policy, or overwrite an existing policy. +-The \fIcorrection\fP parameter is the agressiveness of frequency limiting, default is auto. ++The \fIcorrection\fP parameter is the aggressiveness of frequency limiting, default is auto. + The \fItrig_lim\fP is the correction time limit and must be at least 6000 and not greater than 65535. + The \fIstats\fP setting is the averaging period in seconds and ranges from 1-65535. + If domain is not supplied a default of platform is used. +@@ -2562,7 +2562,7 @@ If domain is not supplied a default of p + .br +  + Add a new inlet temp policy, or overwrite an existing policy. +-The \fIcorrection\fP parameter is the agressiveness of frequency limiting, default is auto. ++The \fIcorrection\fP parameter is the aggressiveness of frequency limiting, default is auto. + The \fItrig_lim\fP is the correction time limit and must be at least 6000 and not greater than 65535. + The \fIstats\fP setting is the averaging period in seconds and ranges from 1-65535. + If domain is not supplied a default of platform is used. +@@ -2960,7 +2960,7 @@ A list of all entity ids can be found in + Dumps raw SDR data to a file.  This data file can then be used as + a local SDR cache of the remote managed system with the \fI\-S <file>\fP + option on the +-.BR ipmitool ++.br ipmitool + command line.  This can greatly improve performance + over system interface or remote LAN. + .TP  +@@ -3045,7 +3045,7 @@ Print information on the specified SEL R +  + Save SEL records to a text file that can be fed back into the + \fIevent file\fP +-.BR ipmitool ++.br ipmitool + command. This can be useful for + testing Event generation by building an appropriate Platform + Event Message file based on existing events.  Please see the +@@ -3056,14 +3056,14 @@ the format of this file. +  + Save SEL records to a file in raw, binary format.  This file can + be fed back to the \fIsel readraw\fP +-.BR ipmitool ++.br ipmitool + command for viewing. + .TP  + \fIreadraw\fP <\fBfile\fR> +  + Read and display SEL records from a binary file.  Such a file can + be created using the \fIsel writeraw\fP +-.BR ipmitool ++.br ipmitool + command. + .TP           + \fItime\fP +@@ -3194,10 +3194,10 @@ Verbosity level. + .RS + This command will launch an interactive shell which you can use + to send multiple  +-.BR ipmitool ++.br ipmitool + commands to a BMC and see the responses. This can be useful instead of + running the full +-.BR ipmitool ++.br ipmitool + command each time. Some commands will make use of a Sensor Data Record cache + and you will see marked improvement in speed if these commands + are able to reuse the same cache in a shell session.  LAN sessions +@@ -3275,7 +3275,7 @@ by the IPMI over serial channel. + .br  +  + Causes +-.BR ipmitool ++.br ipmitool + to enter Serial Over LAN + mode, and is only available when using the lanplus + interface.  An RMCP+ connection is made to the BMC, +@@ -3568,7 +3568,7 @@ Determine whether a password has been st +  + .SH "OPEN INTERFACE" + The +-.BR ipmitool ++.br ipmitool + \fIopen\fP interface utilizes the OpenIPMI + kernel device driver.  This driver is present in all modern + 2.4 and all 2.6 kernels and it should be present in recent +@@ -3579,7 +3579,7 @@ the OpenIPMI homepage. + The required kernel modules is different for 2.4 and 2.6 + kernels.  The following kernel modules must be loaded on + a 2.4\-based kernel in order for +-.BR ipmitool ++.br ipmitool + to work: + .TP  + .B ipmi_msghandler +@@ -3593,7 +3593,7 @@ Linux character device interface for the + .LP  + The following kernel modules must be loaded on + a 2.6\-based kernel in order for +-.BR ipmitool ++.br ipmitool + to work: + .TP  + .B ipmi_msghandler +@@ -3622,12 +3622,12 @@ entry with: +  + .I mknod /dev/ipmi0 c 254 0 +  +-.BR ipmitool ++.br ipmitool + includes some sample initialization scripts that + can perform this task automatically at start\-up. +  + In order to have +-.BR ipmitool ++.br ipmitool + use the OpenIPMI device interface + you can specify it on the command line: + .PP  +@@ -3652,16 +3652,16 @@ The following files are associated with + Character device node used to communicate with the bmc driver. + .SH "LIPMI INTERFACE" + The +-.BR ipmitool ++.br ipmitool + \fIlipmi\fP interface uses the Solaris 9 IPMI kernel device driver. + It has been superceeded by the \fIbmc\fP interface on Solaris 10.  You can tell +-.BR ipmitool ++.br ipmitool + to use this interface by specifying it on the command line. +  + > ipmitool \fB\-I\fR \fIlipmi\fP <\fIexpression\fP> + .SH "LAN INTERFACE" + The +-.BR ipmitool ++.br ipmitool + \fIlan\fP interface communicates with the BMC + over an Ethernet LAN connection using UDP under IPv4.  UDP + datagrams are formatted to contain IPMI request/response  +@@ -3676,12 +3676,12 @@ The LAN interface is an authentication m + messages delivered to the BMC can (and should) be authenticated + with a challenge/response protocol with either straight + password/key or MD5 message\-digest algorithm. +-.BR ipmitool ++.br ipmitool + will attempt to connect with administrator privilege level as this + is required to perform chassis power functions. +  + You can tell +-.BR ipmitool ++.br ipmitool + to use the lan interface with the + \fB\-I\fR \fIlan\fP option: +  +@@ -3692,7 +3692,7 @@ to use the lan interface with the + A hostname must be given on the command line in order to use the  + lan interface with \fBipmitool\fR. The password field is optional; + if you do not provide a password on the command line, +-.BR ipmitool ++.br ipmitool + will attempt to connect without authentication.  If you specify a  + password it will use MD5 authentication if supported by the BMC + and straight password/key otherwise, unless overridden with a +@@ -3706,14 +3706,14 @@ specification.  RMCP+ allows for improve + integrity checks, as well as encryption and the ability to carry + multiple types of payloads.  Generic Serial Over LAN support  + requires RMCP+, so the +-.BR ipmitool ++.br ipmitool + \fIsol activate\fP command + requires the use of the \fIlanplus\fP interface. +  + RMCP+ session establishment uses a symmetric challenge\-response + protocol called RAKP (\fBRemote Authenticated Key\-Exchange Protocol\fR) + which allows the negotiation of many options. +-.BR ipmitool ++.br ipmitool + does not + yet allow the user to specify the value of every option, defaulting + to the most obvious settings marked as required in the v2.0  +@@ -3721,14 +3721,14 @@ specification.  Authentication and integ + SHA1, and encryption is performed with AES\-CBC\-128.  Role\-level logins + are not yet supported. +  +-.BR ipmitool ++.br ipmitool + must be linked with the \fIOpenSSL\fP library in order to + perform the encryption functions and support the \fIlanplus\fP + interface.  If the required packages are not found it will not be + compiled in and supported. +  + You can tell +-.BR ipmitool ++.br ipmitool + to use the lanplus interface with the + \fB\-I\fR \fIlanplus\fP option: +  +@@ -3749,17 +3749,17 @@ and encryption algorithms to use for for + on the cipher suite ID found in the IPMIv2.0 specification in table + 22\-20.  The default cipher suite is \fI17\fP which specifies + RAKP\-HMAC\-SHA256 authentication, HMAC\-SHA256\-128 integrity, and  +-AES\-CBC\-128 encryption algorightms. ++AES\-CBC\-128 encryption algorithms. +  + .SH "FREE INTERFACE" + .LP + The +-.BR ipmitool ++.br ipmitool + \fIfree\fP interface utilizes the FreeIPMI libfreeipmi + drivers.   + .LP + You can tell +-.BR ipmitool ++.br ipmitool + to use the FreeIPMI interface with the \-I option: + .PP + > ipmitool \fB\-I\fR \fIfree\fP <\fIcommand\fP> +@@ -3768,12 +3768,12 @@ to use the FreeIPMI interface with the \ + .SH "IMB INTERFACE" + .LP + The +-.BR ipmitool ++.br ipmitool + \fIimb\fP interface supports the Intel IMB (Intel + Inter-module Bus) Interface through the /dev/imb device.   + .LP + You can tell +-.BR ipmitool ++.br ipmitool + to use the IMB interface with the \-I option: + .PP + > ipmitool \fB\-I\fR \fIimb\fP <\fIcommand\fP> +Index: trunk/doc/ipmievd.8.in +=================================================================== +--- trunk.orig/doc/ipmievd.8.in ++++ trunk/doc/ipmievd.8.in +@@ -56,7 +56,7 @@ This is not available with all commands. + The remote server authentication, integrity, and encryption algorithms + to use for IPMIv2 \fIlanplus\fP connections.  See table 22\-19 in the + IPMIv2 specification.  The default is 3 which specifies RAKP\-HMAC\-SHA1  +-authentication, HMAC\-SHA1\-96 integrity, and AES\-CBC\-128 encryption algorightms. ++authentication, HMAC\-SHA1\-96 integrity, and AES\-CBC\-128 encryption algorithms. + .TP  + \fB\-E\fR + The remote server password is specified by the environment diff --git a/debian/patches/0700-build.patch b/debian/patches/0700-build.patch new file mode 100644 index 0000000..5334bf6 --- /dev/null +++ b/debian/patches/0700-build.patch @@ -0,0 +1,105 @@ +Description: Remove downloads at build time +Author: Jörg Frings-Fürst <debian@jff.email> +Forwarded: not-needed +Last-Update: 2022-10-29 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/configure.ac +=================================================================== +--- trunk.orig/configure.ac ++++ trunk/configure.ac +@@ -56,22 +56,22 @@ if test "x$exec_prefix" = "xNONE"; then + 	exec_prefix="$prefix" + fi +  +-if test "x$WGET" = "x"; then +-	if test "x$CURL" = "x"; then +-		AC_MSG_WARN([** Neither wget nor curl could be found.]) +-		AC_MSG_WARN([** IANA PEN database will not be installed by `make install` !]) +-	else +-		DOWNLOAD="$CURL --location --progress-bar" +-		AM_CONDITIONAL([DOWNLOAD], [true]) +-	fi +-else +-	DOWNLOAD="$WGET -c -nd -O -" +-	AM_CONDITIONAL([DOWNLOAD], [true]) +-fi ++#if test "x$WGET" = "x"; then ++#	if test "x$CURL" = "x"; then ++#		AC_MSG_WARN([** Neither wget nor curl could be found.]) ++#		AC_MSG_WARN([** IANA PEN database will not be installed by `make install` !]) ++#	else ++#		DOWNLOAD="$CURL --location --progress-bar" ++#		AM_CONDITIONAL([DOWNLOAD], [true]) ++#	fi ++#else ++#	DOWNLOAD="$WGET -c -nd -O -" ++#	AM_CONDITIONAL([DOWNLOAD], [true]) ++#fi +  +-AC_MSG_WARN([** Download is:]) +-AC_MSG_WARN($DOWNLOAD) +-AC_SUBST(DOWNLOAD, $DOWNLOAD) ++#AC_MSG_WARN([** Download is:]) ++#AC_MSG_WARN($DOWNLOAD) ++#AC_SUBST(DOWNLOAD, $DOWNLOAD) +  + dnl + dnl set default option values +Index: trunk/Makefile.am +=================================================================== +--- trunk.orig/Makefile.am ++++ trunk/Makefile.am +@@ -49,25 +49,25 @@ dist-hook: + .PHONY: install-pen-database uninstall-pen-database + .INTERMEDIATE: %.o %.la enterprise-numbers +  +-if DOWNLOAD ++#if DOWNLOAD +  +-enterprise-numbers: +-	@echo Downloading IANA PEN database... +-	@$(DOWNLOAD) "$(IANA_PEN)" > tmpfile.$$PPID || {\ +-		echo "FAILED to download the IANA PEN database"; \ +-		rm tmpfile.$$PPID; \ +-		false; \ +-	} +-	@mv tmpfile.$$PPID $@ +- +-install-pen-database: enterprise-numbers +-	mkdir -m 755 -p $(DESTDIR)$(IANADIR) +-	$(INSTALL_DATA) $< $(DESTDIR)$(IANADIR)/ +- +-uninstall-pen-database: +-	-rm -rf $(DESTDIR)$(IANADIR)/enterprise-numbers +- +-else ++#enterprise-numbers: ++#	@echo Downloading IANA PEN database... ++#	@$(DOWNLOAD) "$(IANA_PEN)" > tmpfile.$$PPID || {\ ++#		echo "FAILED to download the IANA PEN database"; \ ++#		rm tmpfile.$$PPID; \ ++#		false; \ ++#	} ++#	@mv tmpfile.$$PPID $@ ++# ++#install-pen-database: enterprise-numbers ++#	mkdir -m 755 -p $(DESTDIR)$(IANADIR) ++#	$(INSTALL_DATA) $< $(DESTDIR)$(IANADIR)/ ++# ++#uninstall-pen-database: ++#	-rm -rf $(DESTDIR)$(IANADIR)/enterprise-numbers ++# ++#else +  + install-pen-database: + 	@echo "*** NOT installing the IANA PEN database." +@@ -77,7 +77,7 @@ uninstall-pen-database: + 	@echo "*** NOT uninstalling the IANA PEN database." + 	@echo "*** It was installed manually (if ever)." +  +-endif ++#endif +  + install-data-local: install-pen-database + 	mkdir -p $(DESTDIR)$(DOCDIR) diff --git a/debian/patches/series b/debian/patches/series index 77224fb..ef6bbbe 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,5 +1,7 @@  #0505-fix_CVE-2020-5208.patch  #0120-openssl1.1.patch +0620-manpage_typo.patch +0700-build.patch  0100-fix_buf_overflow.patch  #0500-fix_CVE-2011-4339.patch  #0600-manpage_longlines.patch | 
