From 22eeb1b665cbcadcdf11c20fae42700215becdb5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Sat, 29 Oct 2022 18:45:57 +0200 Subject: Add new patches --- debian/changelog | 2 + debian/patches/0620-manpage_typo.patch | 370 +++++++++++++++++++++++++++++++++ debian/patches/0700-build.patch | 105 ++++++++++ debian/patches/series | 2 + 4 files changed, 479 insertions(+) create mode 100644 debian/patches/0620-manpage_typo.patch create mode 100644 debian/patches/0700-build.patch diff --git a/debian/changelog b/debian/changelog index b910c40..ef1b8ed 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,8 @@ ipmitool (1.8.19-1) UNRELEASED; urgency=medium * New upstrem release. + - New debian/patches/0700-build.patch. + - New debian/patches/0620-manpage_typo.patch. -- Jörg Frings-Fürst Sat, 10 Sep 2022 15:35:32 +0200 diff --git a/debian/patches/0620-manpage_typo.patch b/debian/patches/0620-manpage_typo.patch new file mode 100644 index 0000000..63ed5d4 --- /dev/null +++ b/debian/patches/0620-manpage_typo.patch @@ -0,0 +1,370 @@ +Description: Fix man page typos +Author: Jörg Frings-Fürst +Forwarded: not-needed +Last-Update: 2022-10-29 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/doc/ipmitool.1.in +=================================================================== +--- trunk.orig/doc/ipmitool.1.in ++++ trunk/doc/ipmitool.1.in +@@ -3,7 +3,7 @@ + ipmitool \- utility for controlling IPMI\-enabled devices + .SH "SYNOPSIS" + +-.BR ipmitool ++.br ipmitool + [ ] [ ] + + := [ | ] +@@ -68,7 +68,7 @@ On Solaris this driver is called \fIBMC\ + Management of a remote station requires the IPMI\-over\-LAN interface to be + enabled and configured. Depending on the particular requirements of each + system it may be possible to enable the LAN interface using +-.BR ipmitool ++.br ipmitool + over the system interface. + .SH "OPTIONS" + .TP +@@ -102,7 +102,7 @@ IPMI v2.0 specification. The default is + authentication, HMAC\-SHA256\-128 integrity, and AES\-CBC\-128 encryption algorithms. + + NOTE: In +-.BR ipmitool ++.br ipmitool + 1.8.18 and earlier the default was 3, which was insecure and was not supported + by some more recent BMC implementations. + .TP +@@ -242,7 +242,7 @@ Change Size of Communication Channel. (O + + .LP + If no password method is specified then +-.BR ipmitool ++.br ipmitool + will prompt the user for a password. If no password is entered at the prompt, + the remote server password will default to NULL. + .SH "SECURITY" +@@ -267,17 +267,17 @@ local station. + For IPMI v1.5, the maximum password length is 16 characters; longer + passwords might be truncated or rejected by the server, or rejected + by +-.BR ipmitool . ++.br ipmitool . + + For IPMI v2.0, the maximum password length is 20 characters; longer + passwords will be rejected by +-.BR ipmitool . ++.br ipmitool . + + .SH "COMMANDS" + .TP + \fIhelp\fP + This can be used to get command\-line help on +-.BR ipmitool ++.br ipmitool + commands. It may also be placed at the end of commands to get option usage help. + + > ipmitool help +@@ -1223,7 +1223,7 @@ Get a list of all the possible Sensor St + Shortcuts available for a particular sensor. \fBsensorid\fR is the character + string representation of the sensor and must be enclosed in double quotes + if it includes white space. Several different commands including +-.BR ipmitool ++.br ipmitool + \fIsensor list\fP may be used to obtain a list that includes + the \fBsensorid\fR strings representing the sensors on a given system. + .RS +@@ -1287,7 +1287,7 @@ Finding sensor PS 2T Fan Fault... ok + + .RS + Execute +-.BR ipmitool ++.br ipmitool + commands from \fIfilename\fR. Each line is a + complete command. The syntax of the commands are defined by the + COMMANDS section in this manpage. Each line may have an optional +@@ -1698,7 +1698,7 @@ user, operator, admin, oem. + .br + + Causes +-.BR ipmitool ++.br ipmitool + to enter Intel IPMI v1.5 Serial Over LAN mode. An RMCP+ + connection is made to the BMC, the terminal is set to raw mode, and user + input is sent to the serial console on the remote server. On exit, +@@ -1752,7 +1752,7 @@ Select the next boot order on the Kontro + + These commands will allow you to configure IPMI LAN channels + with network information so they can be used with the +-..BR ipmitool ++.br ipmitool + \fIlan\fP and \fIlanplus\fP interfaces. \fINOTE\fR: To + determine on which channel the LAN interface is located, issue + the `channel info \fInumber\fR' command until you come across +@@ -2035,7 +2035,7 @@ Display the Management Controller Global + .br + + This is the default behavior for +-.BR ipmitool (1). ++.br ipmitool (1). + + Try to automatically detect the encoding based on the value of the + version field and (for version 1) the timestamp. The version is +@@ -2049,11 +2049,11 @@ neither one has that, then the precedenc + \fIsmbios\fP, \fIipmi\fP, \fIrfc4122\fP. + + If neither encoding yields a valid version field, then +-.BR ipmitool (1) ++.br ipmitool (1) + defaults to \fIdump\fP mode. + + If this option is in use, then +-.BR ipmitool (1) ++.br ipmitool (1) + will also print out the detected encoding and warn + regarding IPMI specification violation if the encoding isn't \fIipmi\fP. + +@@ -2551,7 +2551,7 @@ Discover Node Manager presence as well a + .br + + Add a new power policy, or overwrite an existing policy. +-The \fIcorrection\fP parameter is the agressiveness of frequency limiting, default is auto. ++The \fIcorrection\fP parameter is the aggressiveness of frequency limiting, default is auto. + The \fItrig_lim\fP is the correction time limit and must be at least 6000 and not greater than 65535. + The \fIstats\fP setting is the averaging period in seconds and ranges from 1-65535. + If domain is not supplied a default of platform is used. +@@ -2562,7 +2562,7 @@ If domain is not supplied a default of p + .br + + Add a new inlet temp policy, or overwrite an existing policy. +-The \fIcorrection\fP parameter is the agressiveness of frequency limiting, default is auto. ++The \fIcorrection\fP parameter is the aggressiveness of frequency limiting, default is auto. + The \fItrig_lim\fP is the correction time limit and must be at least 6000 and not greater than 65535. + The \fIstats\fP setting is the averaging period in seconds and ranges from 1-65535. + If domain is not supplied a default of platform is used. +@@ -2960,7 +2960,7 @@ A list of all entity ids can be found in + Dumps raw SDR data to a file. This data file can then be used as + a local SDR cache of the remote managed system with the \fI\-S \fP + option on the +-.BR ipmitool ++.br ipmitool + command line. This can greatly improve performance + over system interface or remote LAN. + .TP +@@ -3045,7 +3045,7 @@ Print information on the specified SEL R + + Save SEL records to a text file that can be fed back into the + \fIevent file\fP +-.BR ipmitool ++.br ipmitool + command. This can be useful for + testing Event generation by building an appropriate Platform + Event Message file based on existing events. Please see the +@@ -3056,14 +3056,14 @@ the format of this file. + + Save SEL records to a file in raw, binary format. This file can + be fed back to the \fIsel readraw\fP +-.BR ipmitool ++.br ipmitool + command for viewing. + .TP + \fIreadraw\fP <\fBfile\fR> + + Read and display SEL records from a binary file. Such a file can + be created using the \fIsel writeraw\fP +-.BR ipmitool ++.br ipmitool + command. + .TP + \fItime\fP +@@ -3194,10 +3194,10 @@ Verbosity level. + .RS + This command will launch an interactive shell which you can use + to send multiple +-.BR ipmitool ++.br ipmitool + commands to a BMC and see the responses. This can be useful instead of + running the full +-.BR ipmitool ++.br ipmitool + command each time. Some commands will make use of a Sensor Data Record cache + and you will see marked improvement in speed if these commands + are able to reuse the same cache in a shell session. LAN sessions +@@ -3275,7 +3275,7 @@ by the IPMI over serial channel. + .br + + Causes +-.BR ipmitool ++.br ipmitool + to enter Serial Over LAN + mode, and is only available when using the lanplus + interface. An RMCP+ connection is made to the BMC, +@@ -3568,7 +3568,7 @@ Determine whether a password has been st + + .SH "OPEN INTERFACE" + The +-.BR ipmitool ++.br ipmitool + \fIopen\fP interface utilizes the OpenIPMI + kernel device driver. This driver is present in all modern + 2.4 and all 2.6 kernels and it should be present in recent +@@ -3579,7 +3579,7 @@ the OpenIPMI homepage. + The required kernel modules is different for 2.4 and 2.6 + kernels. The following kernel modules must be loaded on + a 2.4\-based kernel in order for +-.BR ipmitool ++.br ipmitool + to work: + .TP + .B ipmi_msghandler +@@ -3593,7 +3593,7 @@ Linux character device interface for the + .LP + The following kernel modules must be loaded on + a 2.6\-based kernel in order for +-.BR ipmitool ++.br ipmitool + to work: + .TP + .B ipmi_msghandler +@@ -3622,12 +3622,12 @@ entry with: + + .I mknod /dev/ipmi0 c 254 0 + +-.BR ipmitool ++.br ipmitool + includes some sample initialization scripts that + can perform this task automatically at start\-up. + + In order to have +-.BR ipmitool ++.br ipmitool + use the OpenIPMI device interface + you can specify it on the command line: + .PP +@@ -3652,16 +3652,16 @@ The following files are associated with + Character device node used to communicate with the bmc driver. + .SH "LIPMI INTERFACE" + The +-.BR ipmitool ++.br ipmitool + \fIlipmi\fP interface uses the Solaris 9 IPMI kernel device driver. + It has been superceeded by the \fIbmc\fP interface on Solaris 10. You can tell +-.BR ipmitool ++.br ipmitool + to use this interface by specifying it on the command line. + + > ipmitool \fB\-I\fR \fIlipmi\fP <\fIexpression\fP> + .SH "LAN INTERFACE" + The +-.BR ipmitool ++.br ipmitool + \fIlan\fP interface communicates with the BMC + over an Ethernet LAN connection using UDP under IPv4. UDP + datagrams are formatted to contain IPMI request/response +@@ -3676,12 +3676,12 @@ The LAN interface is an authentication m + messages delivered to the BMC can (and should) be authenticated + with a challenge/response protocol with either straight + password/key or MD5 message\-digest algorithm. +-.BR ipmitool ++.br ipmitool + will attempt to connect with administrator privilege level as this + is required to perform chassis power functions. + + You can tell +-.BR ipmitool ++.br ipmitool + to use the lan interface with the + \fB\-I\fR \fIlan\fP option: + +@@ -3692,7 +3692,7 @@ to use the lan interface with the + A hostname must be given on the command line in order to use the + lan interface with \fBipmitool\fR. The password field is optional; + if you do not provide a password on the command line, +-.BR ipmitool ++.br ipmitool + will attempt to connect without authentication. If you specify a + password it will use MD5 authentication if supported by the BMC + and straight password/key otherwise, unless overridden with a +@@ -3706,14 +3706,14 @@ specification. RMCP+ allows for improve + integrity checks, as well as encryption and the ability to carry + multiple types of payloads. Generic Serial Over LAN support + requires RMCP+, so the +-.BR ipmitool ++.br ipmitool + \fIsol activate\fP command + requires the use of the \fIlanplus\fP interface. + + RMCP+ session establishment uses a symmetric challenge\-response + protocol called RAKP (\fBRemote Authenticated Key\-Exchange Protocol\fR) + which allows the negotiation of many options. +-.BR ipmitool ++.br ipmitool + does not + yet allow the user to specify the value of every option, defaulting + to the most obvious settings marked as required in the v2.0 +@@ -3721,14 +3721,14 @@ specification. Authentication and integ + SHA1, and encryption is performed with AES\-CBC\-128. Role\-level logins + are not yet supported. + +-.BR ipmitool ++.br ipmitool + must be linked with the \fIOpenSSL\fP library in order to + perform the encryption functions and support the \fIlanplus\fP + interface. If the required packages are not found it will not be + compiled in and supported. + + You can tell +-.BR ipmitool ++.br ipmitool + to use the lanplus interface with the + \fB\-I\fR \fIlanplus\fP option: + +@@ -3749,17 +3749,17 @@ and encryption algorithms to use for for + on the cipher suite ID found in the IPMIv2.0 specification in table + 22\-20. The default cipher suite is \fI17\fP which specifies + RAKP\-HMAC\-SHA256 authentication, HMAC\-SHA256\-128 integrity, and +-AES\-CBC\-128 encryption algorightms. ++AES\-CBC\-128 encryption algorithms. + + .SH "FREE INTERFACE" + .LP + The +-.BR ipmitool ++.br ipmitool + \fIfree\fP interface utilizes the FreeIPMI libfreeipmi + drivers. + .LP + You can tell +-.BR ipmitool ++.br ipmitool + to use the FreeIPMI interface with the \-I option: + .PP + > ipmitool \fB\-I\fR \fIfree\fP <\fIcommand\fP> +@@ -3768,12 +3768,12 @@ to use the FreeIPMI interface with the \ + .SH "IMB INTERFACE" + .LP + The +-.BR ipmitool ++.br ipmitool + \fIimb\fP interface supports the Intel IMB (Intel + Inter-module Bus) Interface through the /dev/imb device. + .LP + You can tell +-.BR ipmitool ++.br ipmitool + to use the IMB interface with the \-I option: + .PP + > ipmitool \fB\-I\fR \fIimb\fP <\fIcommand\fP> +Index: trunk/doc/ipmievd.8.in +=================================================================== +--- trunk.orig/doc/ipmievd.8.in ++++ trunk/doc/ipmievd.8.in +@@ -56,7 +56,7 @@ This is not available with all commands. + The remote server authentication, integrity, and encryption algorithms + to use for IPMIv2 \fIlanplus\fP connections. See table 22\-19 in the + IPMIv2 specification. The default is 3 which specifies RAKP\-HMAC\-SHA1 +-authentication, HMAC\-SHA1\-96 integrity, and AES\-CBC\-128 encryption algorightms. ++authentication, HMAC\-SHA1\-96 integrity, and AES\-CBC\-128 encryption algorithms. + .TP + \fB\-E\fR + The remote server password is specified by the environment diff --git a/debian/patches/0700-build.patch b/debian/patches/0700-build.patch new file mode 100644 index 0000000..5334bf6 --- /dev/null +++ b/debian/patches/0700-build.patch @@ -0,0 +1,105 @@ +Description: Remove downloads at build time +Author: Jörg Frings-Fürst +Forwarded: not-needed +Last-Update: 2022-10-29 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/configure.ac +=================================================================== +--- trunk.orig/configure.ac ++++ trunk/configure.ac +@@ -56,22 +56,22 @@ if test "x$exec_prefix" = "xNONE"; then + exec_prefix="$prefix" + fi + +-if test "x$WGET" = "x"; then +- if test "x$CURL" = "x"; then +- AC_MSG_WARN([** Neither wget nor curl could be found.]) +- AC_MSG_WARN([** IANA PEN database will not be installed by `make install` !]) +- else +- DOWNLOAD="$CURL --location --progress-bar" +- AM_CONDITIONAL([DOWNLOAD], [true]) +- fi +-else +- DOWNLOAD="$WGET -c -nd -O -" +- AM_CONDITIONAL([DOWNLOAD], [true]) +-fi ++#if test "x$WGET" = "x"; then ++# if test "x$CURL" = "x"; then ++# AC_MSG_WARN([** Neither wget nor curl could be found.]) ++# AC_MSG_WARN([** IANA PEN database will not be installed by `make install` !]) ++# else ++# DOWNLOAD="$CURL --location --progress-bar" ++# AM_CONDITIONAL([DOWNLOAD], [true]) ++# fi ++#else ++# DOWNLOAD="$WGET -c -nd -O -" ++# AM_CONDITIONAL([DOWNLOAD], [true]) ++#fi + +-AC_MSG_WARN([** Download is:]) +-AC_MSG_WARN($DOWNLOAD) +-AC_SUBST(DOWNLOAD, $DOWNLOAD) ++#AC_MSG_WARN([** Download is:]) ++#AC_MSG_WARN($DOWNLOAD) ++#AC_SUBST(DOWNLOAD, $DOWNLOAD) + + dnl + dnl set default option values +Index: trunk/Makefile.am +=================================================================== +--- trunk.orig/Makefile.am ++++ trunk/Makefile.am +@@ -49,25 +49,25 @@ dist-hook: + .PHONY: install-pen-database uninstall-pen-database + .INTERMEDIATE: %.o %.la enterprise-numbers + +-if DOWNLOAD ++#if DOWNLOAD + +-enterprise-numbers: +- @echo Downloading IANA PEN database... +- @$(DOWNLOAD) "$(IANA_PEN)" > tmpfile.$$PPID || {\ +- echo "FAILED to download the IANA PEN database"; \ +- rm tmpfile.$$PPID; \ +- false; \ +- } +- @mv tmpfile.$$PPID $@ +- +-install-pen-database: enterprise-numbers +- mkdir -m 755 -p $(DESTDIR)$(IANADIR) +- $(INSTALL_DATA) $< $(DESTDIR)$(IANADIR)/ +- +-uninstall-pen-database: +- -rm -rf $(DESTDIR)$(IANADIR)/enterprise-numbers +- +-else ++#enterprise-numbers: ++# @echo Downloading IANA PEN database... ++# @$(DOWNLOAD) "$(IANA_PEN)" > tmpfile.$$PPID || {\ ++# echo "FAILED to download the IANA PEN database"; \ ++# rm tmpfile.$$PPID; \ ++# false; \ ++# } ++# @mv tmpfile.$$PPID $@ ++# ++#install-pen-database: enterprise-numbers ++# mkdir -m 755 -p $(DESTDIR)$(IANADIR) ++# $(INSTALL_DATA) $< $(DESTDIR)$(IANADIR)/ ++# ++#uninstall-pen-database: ++# -rm -rf $(DESTDIR)$(IANADIR)/enterprise-numbers ++# ++#else + + install-pen-database: + @echo "*** NOT installing the IANA PEN database." +@@ -77,7 +77,7 @@ uninstall-pen-database: + @echo "*** NOT uninstalling the IANA PEN database." + @echo "*** It was installed manually (if ever)." + +-endif ++#endif + + install-data-local: install-pen-database + mkdir -p $(DESTDIR)$(DOCDIR) diff --git a/debian/patches/series b/debian/patches/series index 77224fb..ef6bbbe 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,5 +1,7 @@ #0505-fix_CVE-2020-5208.patch #0120-openssl1.1.patch +0620-manpage_typo.patch +0700-build.patch 0100-fix_buf_overflow.patch #0500-fix_CVE-2011-4339.patch #0600-manpage_longlines.patch -- cgit v1.2.3