summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2020-10-21 15:08:51 -0700
committerRobin H. Johnson <robbat2@gentoo.org>2020-10-21 15:09:13 -0700
commit354053fecd502788f67e9d432c0985f3ab724c79 (patch)
treebac1124a0b971756d86114532d13a3f080244e17
parentnet-dns/valtz: new version 0.8. (diff)
downloadgentoo-354053fecd502788f67e9d432c0985f3ab724c79.tar.gz
gentoo-354053fecd502788f67e9d432c0985f3ab724c79.tar.bz2
gentoo-354053fecd502788f67e9d432c0985f3ab724c79.zip
sys-apps/ipmitool: snapshot upstream for CVE
Upstream has still made a new release since 2016/10/08; including the promised 1.8.19 per their own security advisory on 2020/02/04. Capture the latest upstream state as a snapshot release, and port the Debian patchset to it, as the Debian patchset contains other updates & CVE fixes rejected by upstream. Reference: https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp Bug: https://bugs.gentoo.org/708436 Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
-rw-r--r--sys-apps/ipmitool/Manifest4
-rw-r--r--sys-apps/ipmitool/ipmitool-1.8.18-r2.ebuild96
-rw-r--r--sys-apps/ipmitool/ipmitool-1.8.18_p20201004.ebuild145
3 files changed, 245 insertions, 0 deletions
diff --git a/sys-apps/ipmitool/Manifest b/sys-apps/ipmitool/Manifest
index b3c7ece3e8c5..dac59e8952bf 100644
--- a/sys-apps/ipmitool/Manifest
+++ b/sys-apps/ipmitool/Manifest
@@ -1,2 +1,6 @@
+DIST enterprise-numbers.2020-10-21.xz 1426932 BLAKE2B bfe39ceea321ba47cd40eafa67862eb4dfd6dc29b192afb20ad0c908cd93a16b4103c5de64d042df012417c8cadc03000f2b2a00779bcc582a430603cad5f3cf SHA512 4a854a56e8ed51997c320cbfba041d43cb98b14743ef80b67e701942068d3729604abaedb617655a83ca21a7e20ea5a622ede4de317ca492cefd46da784d28f3
DIST ipmitool-1.8.18.tar.gz 995313 BLAKE2B 4aee2b1488a8a97348954dd1555baf3d576d70f22fd17f11ba6147595b07ef52059ac8ab6775afa0ad956355eefbf3e2b0300cf87bb373d2f82b585de807412d SHA512 274d424fff079f7628c0f9fe06580937cb9717c809a71b2f5ef97266c6b6c89983b662fbb1f090e2f94861f1799677c8fc6536013828a8a5e6cb239af53e45ab
+DIST ipmitool-1.8.18_p20201004.tar.gz 638493 BLAKE2B 52f4ec8c82336b88640d1b91fc17af8f2fe0948a5c48c16067867dcad0852168d48bb21fdd99bde7ed957b66df888fd369c909079d1f81c861acd8c7f8dfa6f2 SHA512 8d72eef3584f4d2c86bfe43f70b5d687f3b7bbdf75b8979f7132c5c98b01baae22c336e540c197652187749fc9bb221a92e546b56e5cf2eb5650fad5094e9433
DIST ipmitool_1.8.18-1.debian.tar.xz 19140 BLAKE2B 255c4da005946f3b118a127f96fc5daad02a170ea079d7a765a0c7650e1eb7e50ad49b31fca95312b49e5a524e04a8a21215cafb1a8451e5b2af2aaec22cda75 SHA512 8aede337d07987decfd032898f194d32730eced443630ac3956676533d693fb2d17a175ef14218cbcd55da44f6b17714f676a912a1d5124a15a995e01d2828ef
+DIST ipmitool_1.8.18-9.debian-ported-gentoo.tar.xz 3208 BLAKE2B b37a127eff361039b3b810e19dd97f0c395462b658803f56f10f2dd1abbbe92743dc409ce6b83560db15621b7fa7a3c0f989100077893993df18108a082e49d2 SHA512 0f7646a2307ac98425e99dece9d3e3b23026136a97524151efdecc910fb537af41a91702782989046e44163da98610fa05792878473e228b45c16351f6015a45
+DIST ipmitool_1.8.18-9.debian.tar.xz 18508 BLAKE2B 09e37fd2f6fad8f847bae87aa51f44293e5640b4c8ebc05e52ebd751542d7865024835fe728c14e3a44f48d54fedff9e7693653bd2288db27d21a5bae16268b6 SHA512 af2b4aa855125e1beb62ffd2931b5d4c0aa8cc4edbde27ea1b4be172e6a4351f574c32b2437b354d11b7f1c739161d850c47839d7a7d9f522b52e24f47a9ea8d
diff --git a/sys-apps/ipmitool/ipmitool-1.8.18-r2.ebuild b/sys-apps/ipmitool/ipmitool-1.8.18-r2.ebuild
new file mode 100644
index 000000000000..eb3cdab7d446
--- /dev/null
+++ b/sys-apps/ipmitool/ipmitool-1.8.18-r2.ebuild
@@ -0,0 +1,96 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit autotools eutils
+
+DESCRIPTION="Utility for controlling IPMI enabled devices."
+HOMEPAGE="http://ipmitool.sf.net/"
+DEBIAN_PR="9.debian"
+DEBIAN_PV="${PV/_p*}"
+DEBIAN_P="${PN}_${DEBIAN_PV}"
+DEBIAN_PF="${DEBIAN_P}-${DEBIAN_PR}"
+COMMIT_ID=
+if [[ -n "${COMMIT_ID}" ]]; then
+ S="${WORKDIR}/${PN}-${COMMIT_ID}"
+ SRC_URI="https://github.com/ipmitool/ipmitool/archive/${COMMIT_ID}.tar.gz -> ${P}.tar.gz"
+else
+ SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
+fi
+SRC_URI+="
+ http://http.debian.net/debian/pool/main/i/${PN}/${DEBIAN_PF}.tar.xz"
+ # https://launchpad.net/ubuntu/+archive/primary/+files/${DEBIAN_PF}.tar.xz
+#IUSE="freeipmi openipmi status"
+IUSE="libressl openipmi static"
+SLOT="0"
+KEYWORDS="~amd64 ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~x86"
+LICENSE="BSD"
+
+RDEPEND="
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:0= )
+ sys-libs/readline:0="
+DEPEND="${RDEPEND}
+ openipmi? ( sys-libs/openipmi )
+ virtual/os-headers"
+ #freeipmi? ( sys-libs/freeipmi )
+# ipmitool CAN build against || ( sys-libs/openipmi sys-libs/freeipmi )
+# but it doesn't actually need either.
+
+PATCHES=(
+ #"${FILESDIR}"/${P}-openssl-1.1.patch
+)
+
+src_prepare() {
+ default
+ [ -d "${S}"/debian ] && mv "${S}"/debian{,.package}
+ ln -s "${WORKDIR}"/debian "${S}"
+ for p in $(grep -v "^#" debian/patches/series) ; do
+ eapply debian/patches/$p
+ done
+
+ eautoreconf
+}
+
+src_configure() {
+ # - LIPMI and BMC are the Solaris libs
+ # - OpenIPMI is unconditionally enabled in the configure as there is compat
+ # code that is used if the library itself is not available
+ # FreeIPMI does build now, but is disabled until the other arches keyword it
+ # `use_enable freeipmi intf-free` \
+ # --enable-ipmievd is now unconditional
+ econf \
+ $(use_enable static) \
+ --enable-ipmishell \
+ --enable-intf-lan \
+ --enable-intf-lanplus \
+ --enable-intf-open \
+ --enable-intf-serial \
+ --disable-intf-bmc \
+ --disable-intf-dummy \
+ --disable-intf-free \
+ --disable-intf-imb \
+ --disable-intf-lipmi \
+ --disable-internal-md5 \
+ --with-kerneldir=/usr --bindir=/usr/sbin
+
+ # Fix linux/ipmi.h to compile properly. This is a hack since it doesn't
+ # include the below file to define some things.
+ echo "#include <asm/byteorder.h>" >>config.h
+}
+
+src_install() {
+ emake DESTDIR="${D}" PACKAGE="${PF}" install
+
+ into /usr
+ dosbin contrib/bmclanconf
+ rm -f "${D}"/usr/share/doc/${PF}/COPYING
+ docinto contrib
+ cd "${S}"/contrib
+ dodoc collect_data.sh create_rrds.sh create_webpage_compact.sh create_webpage.sh README
+
+ newinitd "${FILESDIR}"/${PN}-1.8.9-ipmievd.initd ipmievd
+ newconfd "${FILESDIR}"/${PN}-1.8.9-ipmievd.confd ipmievd
+ # TODO: init script for contrib/bmc-snmp-proxy
+ # TODO: contrib/exchange-bmc-os-info
+}
diff --git a/sys-apps/ipmitool/ipmitool-1.8.18_p20201004.ebuild b/sys-apps/ipmitool/ipmitool-1.8.18_p20201004.ebuild
new file mode 100644
index 000000000000..df692871cc0d
--- /dev/null
+++ b/sys-apps/ipmitool/ipmitool-1.8.18_p20201004.ebuild
@@ -0,0 +1,145 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit autotools eutils
+
+DESCRIPTION="Utility for controlling IPMI enabled devices."
+HOMEPAGE="http://ipmitool.sf.net/"
+DEBIAN_PR="9.debian"
+DEBIAN_PV="${PV/_p*}"
+DEBIAN_P="${PN}_${DEBIAN_PV}"
+DEBIAN_PF="${DEBIAN_P}-${DEBIAN_PR}"
+COMMIT_ID=7fd7c0f2ba39e223868a8d83d81d4074f057d6fc
+if [[ -n "${COMMIT_ID}" ]]; then
+ S="${WORKDIR}/${PN}-${COMMIT_ID}"
+ SRC_URI="https://github.com/ipmitool/ipmitool/archive/${COMMIT_ID}.tar.gz -> ${P}.tar.gz"
+else
+ SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
+fi
+# https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers
+# is not available with version numbers or dates!
+SRC_URI+="
+ https://dev.gentoo.org/~robbat2/distfiles/ipmitool_1.8.18-9.debian-ported-gentoo.tar.xz
+ https://dev.gentoo.org/~robbat2/distfiles/enterprise-numbers.2020-10-21.xz
+ "
+ #http://http.debian.net/debian/pool/main/i/${PN}/${DEBIAN_PF}.tar.xz
+ # https://launchpad.net/ubuntu/+archive/primary/+files/${DEBIAN_PF}.tar.xz
+#IUSE="freeipmi openipmi status"
+IUSE="libressl openipmi static systemd"
+SLOT="0"
+KEYWORDS="~amd64 ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~x86"
+LICENSE="BSD"
+
+RDEPEND="
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:0= )
+ systemd? ( sys-apps/systemd:0= )
+ sys-libs/readline:0="
+DEPEND="${RDEPEND}
+ openipmi? ( sys-libs/openipmi )
+ virtual/os-headers"
+ #freeipmi? ( sys-libs/freeipmi )
+# ipmitool CAN build against || ( sys-libs/openipmi sys-libs/freeipmi )
+# but it doesn't actually need either.
+
+PATCHES=(
+ #"${FILESDIR}"/${P}-openssl-1.1.patch
+)
+
+# I hope all of this will get MUCH cleaner if upstream will just make a new
+# release! - robbat2 2020/10/21
+src_prepare() {
+ default
+ if [ -d "${S}"/debian ] ; then
+ mv "${S}"/debian{,.package}
+ ln -s "${WORKDIR}"/debian "${S}"
+ eautoreconf
+ # Upstream commit includes SOME of the debian changes, but not all of them
+ sed -i \
+ -e '/^#/d' \
+ -e '/0120-openssl1.1.patch/d' \
+ debian/patches/series
+ for p in $(cat debian/patches/series) ; do
+ echo $p
+ if ! nonfatal eapply -p1 debian/patches/$p ; then
+ echo "failed $p"
+ fail=1
+ fi
+ done
+ [[ $fail -eq 1 ]] && die "fail"
+ fi
+ pd="${WORKDIR}"/ipmitool_1.8.18-9.debian-ported-gentoo/
+ PATCHES=(
+ #"${pd}"/0000.0120-openssl1.1.patch
+ "${pd}"/0001.0100-fix_buf_overflow.patch
+ "${pd}"/0002.0500-fix_CVE-2011-4339.patch
+ "${pd}"/0003.0600-manpage_longlines.patch
+ #"${pd}"/0004.0110-getpass-prototype.patch
+ #"${pd}"/0005.0115-typo.patch
+ "${pd}"/0006.0125-nvidia-iana.patch
+ "${pd}"/0007.0615-manpage_typo.patch
+ #"${pd}"/0008.0130-Correct_lanplus_segment_violation.patch
+ "${pd}"/0009.0005-gcc10.patch
+ #"${pd}"/0010.0010-utf8.patch
+ )
+ for p in "${PATCHES[@]}" ; do
+ eapply -p1 $p || die "failed $p"
+ done
+
+ eautoreconf
+
+ # If this file is not present, then ipmitool will try to download it during make install!
+ cp -al \
+ "${WORKDIR}/enterprise-numbers.2020-10-21" \
+ "${S}"/enterprise-numbers \
+ || die "Could not place IANA enterprise-numbers"
+}
+
+src_configure() {
+ # - LIPMI and BMC are the Solaris libs
+ # - OpenIPMI is unconditionally enabled in the configure as there is compat
+ # code that is used if the library itself is not available
+ # FreeIPMI does build now, but is disabled until the other arches keyword it
+ # `use_enable freeipmi intf-free` \
+ # --enable-ipmievd is now unconditional
+ WGET=/bin/true \
+ CURL=/bin/true \
+ econf \
+ $(use_enable static) \
+ --enable-ipmishell \
+ --enable-intf-lan \
+ --enable-intf-usb \
+ $(enable_with systemd intf-dbus) \
+ --enable-intf-lanplus \
+ --enable-intf-open \
+ --enable-intf-serial \
+ --disable-intf-bmc \
+ --disable-intf-dummy \
+ --disable-intf-free \
+ --disable-intf-imb \
+ --disable-intf-lipmi \
+ --disable-internal-md5 \
+ --with-kerneldir=/usr \
+ --bindir=/usr/sbin
+
+ # Fix linux/ipmi.h to compile properly. This is a hack since it doesn't
+ # include the below file to define some things.
+ echo "#include <asm/byteorder.h>" >>config.h
+}
+
+src_install() {
+ emake DESTDIR="${D}" PACKAGE="${PF}" install
+
+ into /usr
+ dosbin contrib/bmclanconf
+ rm -f "${D}"/usr/share/doc/${PF}/COPYING
+ docinto contrib
+ cd "${S}"/contrib
+ dodoc collect_data.sh create_rrds.sh create_webpage_compact.sh create_webpage.sh README
+
+ newinitd "${FILESDIR}"/${PN}-1.8.9-ipmievd.initd ipmievd
+ newconfd "${FILESDIR}"/${PN}-1.8.9-ipmievd.confd ipmievd
+ # TODO: init script for contrib/bmc-snmp-proxy
+ # TODO: contrib/exchange-bmc-os-info
+}