From 3fd025eb973a9c6f83db5b1a3aa77d2dc088a428 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Sun, 13 Aug 2017 09:24:48 +0200 Subject: Migrate to openssl1.1; Declare compliance with Debian Policy 4.0.0 --- debian/patches/0120-openssl1.1.patch | 150 +++++++++++++++++++++++++++++++++++ debian/patches/series | 1 + 2 files changed, 151 insertions(+) create mode 100644 debian/patches/0120-openssl1.1.patch (limited to 'debian/patches') diff --git a/debian/patches/0120-openssl1.1.patch b/debian/patches/0120-openssl1.1.patch new file mode 100644 index 0000000..a7523fd --- /dev/null +++ b/debian/patches/0120-openssl1.1.patch @@ -0,0 +1,150 @@ +Description: Migrate to openssl 1.1 + Cherry-picked from upstream +Author: Jörg Frings-Fürst +Origin: upstream https://sourceforge.net/p/ipmitool/source/ci/1664902525a1c3771b4d8b3ccab7ea1ba6b2bdd1/ +Bug: https://sourceforge.net/p/ipmitool/bugs/461/ +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853782 +Forwarded: not-needed +Last-Update: 2017-08-13 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/src/plugins/lanplus/lanplus_crypt_impl.c +=================================================================== +--- trunk.orig/src/plugins/lanplus/lanplus_crypt_impl.c ++++ trunk/src/plugins/lanplus/lanplus_crypt_impl.c +@@ -164,11 +164,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_ + uint8_t * output, + uint32_t * bytes_written) + { +- EVP_CIPHER_CTX ctx; +- EVP_CIPHER_CTX_init(&ctx); +- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv); +- EVP_CIPHER_CTX_set_padding(&ctx, 0); +- ++ EVP_CIPHER_CTX *ctx = NULL; + + *bytes_written = 0; + +@@ -182,6 +178,14 @@ lanplus_encrypt_aes_cbc_128(const uint8_ + printbuf(input, input_length, "encrypting this data"); + } + ++ ctx = EVP_CIPHER_CTX_new(); ++ if (ctx == NULL) { ++ lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed"); ++ return; ++ } ++ EVP_CIPHER_CTX_init(ctx); ++ EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); ++ EVP_CIPHER_CTX_set_padding(ctx, 0); + + /* + * The default implementation adds a whole block of padding if the input +@@ -191,28 +195,28 @@ lanplus_encrypt_aes_cbc_128(const uint8_ + assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0); + + +- if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length)) ++ if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length)) + { + /* Error */ + *bytes_written = 0; +- return; + } + else + { + uint32_t tmplen; + +- if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen)) ++ if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen)) + { ++ /* Error */ + *bytes_written = 0; +- return; /* Error */ + } + else + { + /* Success */ + *bytes_written += tmplen; +- EVP_CIPHER_CTX_cleanup(&ctx); + } + } ++ /* performs cleanup and free */ ++ EVP_CIPHER_CTX_free(ctx); + } + + +@@ -239,11 +243,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_ + uint8_t * output, + uint32_t * bytes_written) + { +- EVP_CIPHER_CTX ctx; +- EVP_CIPHER_CTX_init(&ctx); +- EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv); +- EVP_CIPHER_CTX_set_padding(&ctx, 0); +- ++ EVP_CIPHER_CTX *ctx = NULL; + + if (verbose >= 5) + { +@@ -252,12 +252,20 @@ lanplus_decrypt_aes_cbc_128(const uint8_ + printbuf(input, input_length, "decrypting this data"); + } + +- + *bytes_written = 0; + + if (input_length == 0) + return; + ++ ctx = EVP_CIPHER_CTX_new(); ++ if (ctx == NULL) { ++ lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed"); ++ return; ++ } ++ EVP_CIPHER_CTX_init(ctx); ++ EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); ++ EVP_CIPHER_CTX_set_padding(ctx, 0); ++ + /* + * The default implementation adds a whole block of padding if the input + * data is perfectly aligned. We would like to keep that from happening. +@@ -266,33 +274,33 @@ lanplus_decrypt_aes_cbc_128(const uint8_ + assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0); + + +- if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length)) ++ if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length)) + { + /* Error */ + lprintf(LOG_DEBUG, "ERROR: decrypt update failed"); + *bytes_written = 0; +- return; + } + else + { + uint32_t tmplen; + +- if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen)) ++ if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen)) + { ++ /* Error */ + char buffer[1000]; + ERR_error_string(ERR_get_error(), buffer); + lprintf(LOG_DEBUG, "the ERR error %s", buffer); + lprintf(LOG_DEBUG, "ERROR: decrypt final failed"); + *bytes_written = 0; +- return; /* Error */ + } + else + { + /* Success */ + *bytes_written += tmplen; +- EVP_CIPHER_CTX_cleanup(&ctx); + } + } ++ /* performs cleanup and free */ ++ EVP_CIPHER_CTX_free(ctx); + + if (verbose >= 5) + { diff --git a/debian/patches/series b/debian/patches/series index d3b8208..197df06 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,5 +1,6 @@ #0605-manpage_typo.patch #0105-typo.patch +0120-openssl1.1.patch 0100-fix_buf_overflow.patch 0500-fix_CVE-2011-4339.patch #0610-readme_typo.patch -- cgit v1.2.3 From 7447df158e09cbac25d7316b80a32f53a0dca87e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Sun, 13 Aug 2017 09:48:23 +0200 Subject: Refresh debian/patches/0115-typo.patch; Enable dummy interface --- debian/patches/0115-typo.patch | 15 ++++- debian/patches/0115-typo.patch~ | 137 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 151 insertions(+), 1 deletion(-) create mode 100644 debian/patches/0115-typo.patch~ (limited to 'debian/patches') diff --git a/debian/patches/0115-typo.patch b/debian/patches/0115-typo.patch index 1e32199..e2ee54b 100644 --- a/debian/patches/0115-typo.patch +++ b/debian/patches/0115-typo.patch @@ -1,6 +1,6 @@ Description: source typos Author: Jörg Frings-Fürst -Last-Update: 2016-05-15 +Last-Update: 2017-08-13 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ Index: trunk/lib/dimm_spd.c @@ -135,3 +135,16 @@ Index: trunk/doc/ipmievd.8 sel Poll SEL for notification of events .TP +Index: trunk/lib/ipmi_lanp.c +=================================================================== +--- trunk.orig/lib/ipmi_lanp.c ++++ trunk/lib/ipmi_lanp.c +@@ -1271,7 +1271,7 @@ print_lan_set_bad_pass_thresh_usage(void + { + lprintf(LOG_NOTICE, + "lan set bad_pass_thresh <1|0> \n" +-" Bad Pasword Threshold number.\n" ++" Bad Password Threshold number.\n" + " <1|0> 1 = generate a Session Audit sensor event.\n" + " 0 = do not generate an event.\n" + " Attempt Count Reset Interval. In tens of seconds.\n" diff --git a/debian/patches/0115-typo.patch~ b/debian/patches/0115-typo.patch~ new file mode 100644 index 0000000..1e32199 --- /dev/null +++ b/debian/patches/0115-typo.patch~ @@ -0,0 +1,137 @@ +Description: source typos +Author: Jörg Frings-Fürst +Last-Update: 2016-05-15 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/lib/dimm_spd.c +=================================================================== +--- trunk.orig/lib/dimm_spd.c ++++ trunk/lib/dimm_spd.c +@@ -798,7 +798,7 @@ const struct valstr jedec_id5_vals[] = { + { 0xE3, "WIS Technologies" }, + { 0x64, "GateChange Technologies" }, + { 0xE5, "High Density Devices AS" }, +- { 0xE6, "Synopsys" }, ++ { 0xE6, "Synopsis" }, + { 0x67, "Gigaram" }, + { 0x68, "Enigma Semiconductor Inc." }, + { 0xE9, "Century Micro Inc." }, +Index: trunk/lib/ipmi_hpmfwupg.c +=================================================================== +--- trunk.orig/lib/ipmi_hpmfwupg.c ++++ trunk/lib/ipmi_hpmfwupg.c +@@ -1507,7 +1507,7 @@ HpmfwupgGetTargetUpgCapabilities(struct + pCtx->resp.GlobalCapabilities.bitField.autRollbackOverride ? 'y' : 'n'); + lprintf(LOG_NOTICE, "IPMC degraded...........[%c] ", + pCtx->resp.GlobalCapabilities.bitField.ipmcDegradedDurinUpg ? 'y' : 'n'); +- lprintf(LOG_NOTICE, "Defered activation......[%c] ", ++ lprintf(LOG_NOTICE, "Deferred activation......[%c] ", + pCtx->resp.GlobalCapabilities.bitField.deferActivation ? 'y' : 'n'); + lprintf(LOG_NOTICE, "Service affected........[%c] ", + pCtx->resp.GlobalCapabilities.bitField.servAffectDuringUpg ? 'y' : 'n'); +Index: trunk/lib/ipmi_kontronoem.c +=================================================================== +--- trunk.orig/lib/ipmi_kontronoem.c ++++ trunk/lib/ipmi_kontronoem.c +@@ -85,7 +85,7 @@ ipmi_kontronoem_main(struct ipmi_intf *i + return (-1); + } + if (ipmi_kontron_set_serial_number(intf) > 0) { +- printf("FRU serial number setted successfully\n"); ++ printf("FRU serial number set successfully\n"); + } else { + printf("FRU serial number set failed\n"); + rc = (-1); +@@ -96,7 +96,7 @@ ipmi_kontronoem_main(struct ipmi_intf *i + return (-1); + } + if (ipmi_kontron_set_mfg_date(intf) > 0) { +- printf("FRU manufacturing date setted successfully\n"); ++ printf("FRU manufacturing date set successfully\n"); + } else { + printf("FRU manufacturing date set failed\n"); + rc = (-1); +Index: trunk/lib/ipmi_ekanalyzer.c +=================================================================== +--- trunk.orig/lib/ipmi_ekanalyzer.c ++++ trunk/lib/ipmi_ekanalyzer.c +@@ -3398,7 +3398,7 @@ ipmi_ek_display_board_p2p_record(struct + printf("ShMC Cross-connect (two-pair)\n"); + break; + default: +- printf("Unknwon\n"); ++ printf("Unknown\n"); + break; + } + } else if (d->type == FRU_PICMGEXT_LINK_TYPE_FABRIC_ETHERNET) { +@@ -3413,17 +3413,17 @@ ipmi_ek_display_board_p2p_record(struct + printf("FC-PI\n"); + break; + default: +- printf("Unknwon\n"); ++ printf("Unknown\n"); + break; + } + } else if (d->type == FRU_PICMGEXT_LINK_TYPE_FABRIC_INFINIBAND) { +- printf("Unknwon\n"); ++ printf("Unknown\n"); + } else if (d->type == FRU_PICMGEXT_LINK_TYPE_FABRIC_STAR) { +- printf("Unknwon\n"); ++ printf("Unknown\n"); + } else if (d->type == FRU_PICMGEXT_LINK_TYPE_PCIE) { +- printf("Unknwon\n"); ++ printf("Unknown\n"); + } else { +- printf("Unknwon\n"); ++ printf("Unknown\n"); + } + printf("\tLink Type:\t\t0x%02x - ", d->type); + if (d->type == 0 || d->type == 0xff) { +Index: trunk/src/ipmievd.c +=================================================================== +--- trunk.orig/src/ipmievd.c ++++ trunk/src/ipmievd.c +@@ -125,7 +125,7 @@ static int openipmi_wait(struct ipmi_eve + static int openipmi_read(struct ipmi_event_intf * eintf); + static struct ipmi_event_intf openipmi_event_intf = { + .name = "open", +- .desc = "OpenIPMI asyncronous notification of events", ++ .desc = "OpenIPMI asynchronous notification of events", + .prefix = "", + .setup = openipmi_setup, + .wait = openipmi_wait, +@@ -864,7 +864,7 @@ ipmievd_open_main(struct ipmi_intf * int + + struct ipmi_cmd ipmievd_cmd_list[] = { + #ifdef IPMI_INTF_OPEN +- { ipmievd_open_main, "open", "Use OpenIPMI for asyncronous notification of events" }, ++ { ipmievd_open_main, "open", "Use OpenIPMI for asynchronous notification of events" }, + #endif + { ipmievd_sel_main, "sel", "Poll SEL for notification of events" }, + { NULL } +Index: trunk/include/ipmitool/ipmi_pef.h +=================================================================== +--- trunk.orig/include/ipmitool/ipmi_pef.h ++++ trunk/include/ipmitool/ipmi_pef.h +@@ -178,7 +178,7 @@ BIT_DESC_MAP_LIST, + {"Entity presence", 37}, + {"Monitor ASIC/IC", 38}, + {"LAN", 39}, +- {"Management subsytem health",40}, ++ {"Management subsystem health",40}, + {"Battery", 41}, + {NULL} + } }; +Index: trunk/doc/ipmievd.8 +=================================================================== +--- trunk.orig/doc/ipmievd.8 ++++ trunk/doc/ipmievd.8 +@@ -145,7 +145,7 @@ placed at the end of commands to get opt + > ipmievd help + .br + Commands: +- open Use OpenIPMI for asyncronous notification of events ++ open Use OpenIPMI for asynchronous notification of events + sel Poll SEL for notification of events + + .TP -- cgit v1.2.3 From dc9e2baa9176353765be3e5a187e54f068034359 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Sun, 13 Aug 2017 10:50:03 +0200 Subject: New README.source to explain the branching model used. --- debian/patches/0115-typo.patch~ | 137 ---------------------------------------- 1 file changed, 137 deletions(-) delete mode 100644 debian/patches/0115-typo.patch~ (limited to 'debian/patches') diff --git a/debian/patches/0115-typo.patch~ b/debian/patches/0115-typo.patch~ deleted file mode 100644 index 1e32199..0000000 --- a/debian/patches/0115-typo.patch~ +++ /dev/null @@ -1,137 +0,0 @@ -Description: source typos -Author: Jörg Frings-Fürst -Last-Update: 2016-05-15 ---- -This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ -Index: trunk/lib/dimm_spd.c -=================================================================== ---- trunk.orig/lib/dimm_spd.c -+++ trunk/lib/dimm_spd.c -@@ -798,7 +798,7 @@ const struct valstr jedec_id5_vals[] = { - { 0xE3, "WIS Technologies" }, - { 0x64, "GateChange Technologies" }, - { 0xE5, "High Density Devices AS" }, -- { 0xE6, "Synopsys" }, -+ { 0xE6, "Synopsis" }, - { 0x67, "Gigaram" }, - { 0x68, "Enigma Semiconductor Inc." }, - { 0xE9, "Century Micro Inc." }, -Index: trunk/lib/ipmi_hpmfwupg.c -=================================================================== ---- trunk.orig/lib/ipmi_hpmfwupg.c -+++ trunk/lib/ipmi_hpmfwupg.c -@@ -1507,7 +1507,7 @@ HpmfwupgGetTargetUpgCapabilities(struct - pCtx->resp.GlobalCapabilities.bitField.autRollbackOverride ? 'y' : 'n'); - lprintf(LOG_NOTICE, "IPMC degraded...........[%c] ", - pCtx->resp.GlobalCapabilities.bitField.ipmcDegradedDurinUpg ? 'y' : 'n'); -- lprintf(LOG_NOTICE, "Defered activation......[%c] ", -+ lprintf(LOG_NOTICE, "Deferred activation......[%c] ", - pCtx->resp.GlobalCapabilities.bitField.deferActivation ? 'y' : 'n'); - lprintf(LOG_NOTICE, "Service affected........[%c] ", - pCtx->resp.GlobalCapabilities.bitField.servAffectDuringUpg ? 'y' : 'n'); -Index: trunk/lib/ipmi_kontronoem.c -=================================================================== ---- trunk.orig/lib/ipmi_kontronoem.c -+++ trunk/lib/ipmi_kontronoem.c -@@ -85,7 +85,7 @@ ipmi_kontronoem_main(struct ipmi_intf *i - return (-1); - } - if (ipmi_kontron_set_serial_number(intf) > 0) { -- printf("FRU serial number setted successfully\n"); -+ printf("FRU serial number set successfully\n"); - } else { - printf("FRU serial number set failed\n"); - rc = (-1); -@@ -96,7 +96,7 @@ ipmi_kontronoem_main(struct ipmi_intf *i - return (-1); - } - if (ipmi_kontron_set_mfg_date(intf) > 0) { -- printf("FRU manufacturing date setted successfully\n"); -+ printf("FRU manufacturing date set successfully\n"); - } else { - printf("FRU manufacturing date set failed\n"); - rc = (-1); -Index: trunk/lib/ipmi_ekanalyzer.c -=================================================================== ---- trunk.orig/lib/ipmi_ekanalyzer.c -+++ trunk/lib/ipmi_ekanalyzer.c -@@ -3398,7 +3398,7 @@ ipmi_ek_display_board_p2p_record(struct - printf("ShMC Cross-connect (two-pair)\n"); - break; - default: -- printf("Unknwon\n"); -+ printf("Unknown\n"); - break; - } - } else if (d->type == FRU_PICMGEXT_LINK_TYPE_FABRIC_ETHERNET) { -@@ -3413,17 +3413,17 @@ ipmi_ek_display_board_p2p_record(struct - printf("FC-PI\n"); - break; - default: -- printf("Unknwon\n"); -+ printf("Unknown\n"); - break; - } - } else if (d->type == FRU_PICMGEXT_LINK_TYPE_FABRIC_INFINIBAND) { -- printf("Unknwon\n"); -+ printf("Unknown\n"); - } else if (d->type == FRU_PICMGEXT_LINK_TYPE_FABRIC_STAR) { -- printf("Unknwon\n"); -+ printf("Unknown\n"); - } else if (d->type == FRU_PICMGEXT_LINK_TYPE_PCIE) { -- printf("Unknwon\n"); -+ printf("Unknown\n"); - } else { -- printf("Unknwon\n"); -+ printf("Unknown\n"); - } - printf("\tLink Type:\t\t0x%02x - ", d->type); - if (d->type == 0 || d->type == 0xff) { -Index: trunk/src/ipmievd.c -=================================================================== ---- trunk.orig/src/ipmievd.c -+++ trunk/src/ipmievd.c -@@ -125,7 +125,7 @@ static int openipmi_wait(struct ipmi_eve - static int openipmi_read(struct ipmi_event_intf * eintf); - static struct ipmi_event_intf openipmi_event_intf = { - .name = "open", -- .desc = "OpenIPMI asyncronous notification of events", -+ .desc = "OpenIPMI asynchronous notification of events", - .prefix = "", - .setup = openipmi_setup, - .wait = openipmi_wait, -@@ -864,7 +864,7 @@ ipmievd_open_main(struct ipmi_intf * int - - struct ipmi_cmd ipmievd_cmd_list[] = { - #ifdef IPMI_INTF_OPEN -- { ipmievd_open_main, "open", "Use OpenIPMI for asyncronous notification of events" }, -+ { ipmievd_open_main, "open", "Use OpenIPMI for asynchronous notification of events" }, - #endif - { ipmievd_sel_main, "sel", "Poll SEL for notification of events" }, - { NULL } -Index: trunk/include/ipmitool/ipmi_pef.h -=================================================================== ---- trunk.orig/include/ipmitool/ipmi_pef.h -+++ trunk/include/ipmitool/ipmi_pef.h -@@ -178,7 +178,7 @@ BIT_DESC_MAP_LIST, - {"Entity presence", 37}, - {"Monitor ASIC/IC", 38}, - {"LAN", 39}, -- {"Management subsytem health",40}, -+ {"Management subsystem health",40}, - {"Battery", 41}, - {NULL} - } }; -Index: trunk/doc/ipmievd.8 -=================================================================== ---- trunk.orig/doc/ipmievd.8 -+++ trunk/doc/ipmievd.8 -@@ -145,7 +145,7 @@ placed at the end of commands to get opt - > ipmievd help - .br - Commands: -- open Use OpenIPMI for asyncronous notification of events -+ open Use OpenIPMI for asynchronous notification of events - sel Poll SEL for notification of events - - .TP -- cgit v1.2.3