From 354053fecd502788f67e9d432c0985f3ab724c79 Mon Sep 17 00:00:00 2001 From: "Robin H. Johnson" Date: Wed, 21 Oct 2020 15:08:51 -0700 Subject: sys-apps/ipmitool: snapshot upstream for CVE Upstream has still made a new release since 2016/10/08; including the promised 1.8.19 per their own security advisory on 2020/02/04. Capture the latest upstream state as a snapshot release, and port the Debian patchset to it, as the Debian patchset contains other updates & CVE fixes rejected by upstream. Reference: https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp Bug: https://bugs.gentoo.org/708436 Signed-off-by: Robin H. Johnson --- sys-apps/ipmitool/Manifest | 4 + sys-apps/ipmitool/ipmitool-1.8.18-r2.ebuild | 96 ++++++++++++++ sys-apps/ipmitool/ipmitool-1.8.18_p20201004.ebuild | 145 +++++++++++++++++++++ 3 files changed, 245 insertions(+) create mode 100644 sys-apps/ipmitool/ipmitool-1.8.18-r2.ebuild create mode 100644 sys-apps/ipmitool/ipmitool-1.8.18_p20201004.ebuild diff --git a/sys-apps/ipmitool/Manifest b/sys-apps/ipmitool/Manifest index b3c7ece3e8c5..dac59e8952bf 100644 --- a/sys-apps/ipmitool/Manifest +++ b/sys-apps/ipmitool/Manifest @@ -1,2 +1,6 @@ +DIST enterprise-numbers.2020-10-21.xz 1426932 BLAKE2B bfe39ceea321ba47cd40eafa67862eb4dfd6dc29b192afb20ad0c908cd93a16b4103c5de64d042df012417c8cadc03000f2b2a00779bcc582a430603cad5f3cf SHA512 4a854a56e8ed51997c320cbfba041d43cb98b14743ef80b67e701942068d3729604abaedb617655a83ca21a7e20ea5a622ede4de317ca492cefd46da784d28f3 DIST ipmitool-1.8.18.tar.gz 995313 BLAKE2B 4aee2b1488a8a97348954dd1555baf3d576d70f22fd17f11ba6147595b07ef52059ac8ab6775afa0ad956355eefbf3e2b0300cf87bb373d2f82b585de807412d SHA512 274d424fff079f7628c0f9fe06580937cb9717c809a71b2f5ef97266c6b6c89983b662fbb1f090e2f94861f1799677c8fc6536013828a8a5e6cb239af53e45ab +DIST ipmitool-1.8.18_p20201004.tar.gz 638493 BLAKE2B 52f4ec8c82336b88640d1b91fc17af8f2fe0948a5c48c16067867dcad0852168d48bb21fdd99bde7ed957b66df888fd369c909079d1f81c861acd8c7f8dfa6f2 SHA512 8d72eef3584f4d2c86bfe43f70b5d687f3b7bbdf75b8979f7132c5c98b01baae22c336e540c197652187749fc9bb221a92e546b56e5cf2eb5650fad5094e9433 DIST ipmitool_1.8.18-1.debian.tar.xz 19140 BLAKE2B 255c4da005946f3b118a127f96fc5daad02a170ea079d7a765a0c7650e1eb7e50ad49b31fca95312b49e5a524e04a8a21215cafb1a8451e5b2af2aaec22cda75 SHA512 8aede337d07987decfd032898f194d32730eced443630ac3956676533d693fb2d17a175ef14218cbcd55da44f6b17714f676a912a1d5124a15a995e01d2828ef +DIST ipmitool_1.8.18-9.debian-ported-gentoo.tar.xz 3208 BLAKE2B b37a127eff361039b3b810e19dd97f0c395462b658803f56f10f2dd1abbbe92743dc409ce6b83560db15621b7fa7a3c0f989100077893993df18108a082e49d2 SHA512 0f7646a2307ac98425e99dece9d3e3b23026136a97524151efdecc910fb537af41a91702782989046e44163da98610fa05792878473e228b45c16351f6015a45 +DIST ipmitool_1.8.18-9.debian.tar.xz 18508 BLAKE2B 09e37fd2f6fad8f847bae87aa51f44293e5640b4c8ebc05e52ebd751542d7865024835fe728c14e3a44f48d54fedff9e7693653bd2288db27d21a5bae16268b6 SHA512 af2b4aa855125e1beb62ffd2931b5d4c0aa8cc4edbde27ea1b4be172e6a4351f574c32b2437b354d11b7f1c739161d850c47839d7a7d9f522b52e24f47a9ea8d diff --git a/sys-apps/ipmitool/ipmitool-1.8.18-r2.ebuild b/sys-apps/ipmitool/ipmitool-1.8.18-r2.ebuild new file mode 100644 index 000000000000..eb3cdab7d446 --- /dev/null +++ b/sys-apps/ipmitool/ipmitool-1.8.18-r2.ebuild @@ -0,0 +1,96 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +inherit autotools eutils + +DESCRIPTION="Utility for controlling IPMI enabled devices." +HOMEPAGE="http://ipmitool.sf.net/" +DEBIAN_PR="9.debian" +DEBIAN_PV="${PV/_p*}" +DEBIAN_P="${PN}_${DEBIAN_PV}" +DEBIAN_PF="${DEBIAN_P}-${DEBIAN_PR}" +COMMIT_ID= +if [[ -n "${COMMIT_ID}" ]]; then + S="${WORKDIR}/${PN}-${COMMIT_ID}" + SRC_URI="https://github.com/ipmitool/ipmitool/archive/${COMMIT_ID}.tar.gz -> ${P}.tar.gz" +else + SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" +fi +SRC_URI+=" + http://http.debian.net/debian/pool/main/i/${PN}/${DEBIAN_PF}.tar.xz" + # https://launchpad.net/ubuntu/+archive/primary/+files/${DEBIAN_PF}.tar.xz +#IUSE="freeipmi openipmi status" +IUSE="libressl openipmi static" +SLOT="0" +KEYWORDS="~amd64 ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~x86" +LICENSE="BSD" + +RDEPEND=" + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) + sys-libs/readline:0=" +DEPEND="${RDEPEND} + openipmi? ( sys-libs/openipmi ) + virtual/os-headers" + #freeipmi? ( sys-libs/freeipmi ) +# ipmitool CAN build against || ( sys-libs/openipmi sys-libs/freeipmi ) +# but it doesn't actually need either. + +PATCHES=( + #"${FILESDIR}"/${P}-openssl-1.1.patch +) + +src_prepare() { + default + [ -d "${S}"/debian ] && mv "${S}"/debian{,.package} + ln -s "${WORKDIR}"/debian "${S}" + for p in $(grep -v "^#" debian/patches/series) ; do + eapply debian/patches/$p + done + + eautoreconf +} + +src_configure() { + # - LIPMI and BMC are the Solaris libs + # - OpenIPMI is unconditionally enabled in the configure as there is compat + # code that is used if the library itself is not available + # FreeIPMI does build now, but is disabled until the other arches keyword it + # `use_enable freeipmi intf-free` \ + # --enable-ipmievd is now unconditional + econf \ + $(use_enable static) \ + --enable-ipmishell \ + --enable-intf-lan \ + --enable-intf-lanplus \ + --enable-intf-open \ + --enable-intf-serial \ + --disable-intf-bmc \ + --disable-intf-dummy \ + --disable-intf-free \ + --disable-intf-imb \ + --disable-intf-lipmi \ + --disable-internal-md5 \ + --with-kerneldir=/usr --bindir=/usr/sbin + + # Fix linux/ipmi.h to compile properly. This is a hack since it doesn't + # include the below file to define some things. + echo "#include " >>config.h +} + +src_install() { + emake DESTDIR="${D}" PACKAGE="${PF}" install + + into /usr + dosbin contrib/bmclanconf + rm -f "${D}"/usr/share/doc/${PF}/COPYING + docinto contrib + cd "${S}"/contrib + dodoc collect_data.sh create_rrds.sh create_webpage_compact.sh create_webpage.sh README + + newinitd "${FILESDIR}"/${PN}-1.8.9-ipmievd.initd ipmievd + newconfd "${FILESDIR}"/${PN}-1.8.9-ipmievd.confd ipmievd + # TODO: init script for contrib/bmc-snmp-proxy + # TODO: contrib/exchange-bmc-os-info +} diff --git a/sys-apps/ipmitool/ipmitool-1.8.18_p20201004.ebuild b/sys-apps/ipmitool/ipmitool-1.8.18_p20201004.ebuild new file mode 100644 index 000000000000..df692871cc0d --- /dev/null +++ b/sys-apps/ipmitool/ipmitool-1.8.18_p20201004.ebuild @@ -0,0 +1,145 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +inherit autotools eutils + +DESCRIPTION="Utility for controlling IPMI enabled devices." +HOMEPAGE="http://ipmitool.sf.net/" +DEBIAN_PR="9.debian" +DEBIAN_PV="${PV/_p*}" +DEBIAN_P="${PN}_${DEBIAN_PV}" +DEBIAN_PF="${DEBIAN_P}-${DEBIAN_PR}" +COMMIT_ID=7fd7c0f2ba39e223868a8d83d81d4074f057d6fc +if [[ -n "${COMMIT_ID}" ]]; then + S="${WORKDIR}/${PN}-${COMMIT_ID}" + SRC_URI="https://github.com/ipmitool/ipmitool/archive/${COMMIT_ID}.tar.gz -> ${P}.tar.gz" +else + SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" +fi +# https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers +# is not available with version numbers or dates! +SRC_URI+=" + https://dev.gentoo.org/~robbat2/distfiles/ipmitool_1.8.18-9.debian-ported-gentoo.tar.xz + https://dev.gentoo.org/~robbat2/distfiles/enterprise-numbers.2020-10-21.xz + " + #http://http.debian.net/debian/pool/main/i/${PN}/${DEBIAN_PF}.tar.xz + # https://launchpad.net/ubuntu/+archive/primary/+files/${DEBIAN_PF}.tar.xz +#IUSE="freeipmi openipmi status" +IUSE="libressl openipmi static systemd" +SLOT="0" +KEYWORDS="~amd64 ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~x86" +LICENSE="BSD" + +RDEPEND=" + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) + systemd? ( sys-apps/systemd:0= ) + sys-libs/readline:0=" +DEPEND="${RDEPEND} + openipmi? ( sys-libs/openipmi ) + virtual/os-headers" + #freeipmi? ( sys-libs/freeipmi ) +# ipmitool CAN build against || ( sys-libs/openipmi sys-libs/freeipmi ) +# but it doesn't actually need either. + +PATCHES=( + #"${FILESDIR}"/${P}-openssl-1.1.patch +) + +# I hope all of this will get MUCH cleaner if upstream will just make a new +# release! - robbat2 2020/10/21 +src_prepare() { + default + if [ -d "${S}"/debian ] ; then + mv "${S}"/debian{,.package} + ln -s "${WORKDIR}"/debian "${S}" + eautoreconf + # Upstream commit includes SOME of the debian changes, but not all of them + sed -i \ + -e '/^#/d' \ + -e '/0120-openssl1.1.patch/d' \ + debian/patches/series + for p in $(cat debian/patches/series) ; do + echo $p + if ! nonfatal eapply -p1 debian/patches/$p ; then + echo "failed $p" + fail=1 + fi + done + [[ $fail -eq 1 ]] && die "fail" + fi + pd="${WORKDIR}"/ipmitool_1.8.18-9.debian-ported-gentoo/ + PATCHES=( + #"${pd}"/0000.0120-openssl1.1.patch + "${pd}"/0001.0100-fix_buf_overflow.patch + "${pd}"/0002.0500-fix_CVE-2011-4339.patch + "${pd}"/0003.0600-manpage_longlines.patch + #"${pd}"/0004.0110-getpass-prototype.patch + #"${pd}"/0005.0115-typo.patch + "${pd}"/0006.0125-nvidia-iana.patch + "${pd}"/0007.0615-manpage_typo.patch + #"${pd}"/0008.0130-Correct_lanplus_segment_violation.patch + "${pd}"/0009.0005-gcc10.patch + #"${pd}"/0010.0010-utf8.patch + ) + for p in "${PATCHES[@]}" ; do + eapply -p1 $p || die "failed $p" + done + + eautoreconf + + # If this file is not present, then ipmitool will try to download it during make install! + cp -al \ + "${WORKDIR}/enterprise-numbers.2020-10-21" \ + "${S}"/enterprise-numbers \ + || die "Could not place IANA enterprise-numbers" +} + +src_configure() { + # - LIPMI and BMC are the Solaris libs + # - OpenIPMI is unconditionally enabled in the configure as there is compat + # code that is used if the library itself is not available + # FreeIPMI does build now, but is disabled until the other arches keyword it + # `use_enable freeipmi intf-free` \ + # --enable-ipmievd is now unconditional + WGET=/bin/true \ + CURL=/bin/true \ + econf \ + $(use_enable static) \ + --enable-ipmishell \ + --enable-intf-lan \ + --enable-intf-usb \ + $(enable_with systemd intf-dbus) \ + --enable-intf-lanplus \ + --enable-intf-open \ + --enable-intf-serial \ + --disable-intf-bmc \ + --disable-intf-dummy \ + --disable-intf-free \ + --disable-intf-imb \ + --disable-intf-lipmi \ + --disable-internal-md5 \ + --with-kerneldir=/usr \ + --bindir=/usr/sbin + + # Fix linux/ipmi.h to compile properly. This is a hack since it doesn't + # include the below file to define some things. + echo "#include " >>config.h +} + +src_install() { + emake DESTDIR="${D}" PACKAGE="${PF}" install + + into /usr + dosbin contrib/bmclanconf + rm -f "${D}"/usr/share/doc/${PF}/COPYING + docinto contrib + cd "${S}"/contrib + dodoc collect_data.sh create_rrds.sh create_webpage_compact.sh create_webpage.sh README + + newinitd "${FILESDIR}"/${PN}-1.8.9-ipmievd.initd ipmievd + newconfd "${FILESDIR}"/${PN}-1.8.9-ipmievd.confd ipmievd + # TODO: init script for contrib/bmc-snmp-proxy + # TODO: contrib/exchange-bmc-os-info +} -- cgit v1.2.3-65-gdbad