.gitignore

@@ -1,13 +1 @@
 ipmitool-1.8.11.tar.bz2
-/ipmitool-1.8.12.tar.bz2
-/exchange-bmc-os-info
-/exchange-bmc-os-info.service
-/exchange-bmc-os-info.sysconf
-/set-bmc-url.sh
-/ipmitool-1.8.12-130731.tar.bz2
-/ipmitool-1.8.13.tar.bz2
-/ipmitool-1.8.15.tar.bz2
-/ipmitool-1.8.16.tar.bz2
-/ipmitool-1.8.17.tar.bz2
-/ipmitool-1.8.18.tar.bz2
-/ipmitool-1.8.18.tar.gz

0001-CVE-2011-4339-OpenIPMI.patch

@@ -1,25 +0,0 @@
-From 152efd46931a70ab4e3d81e99d312df7dcd666e6 Mon Sep 17 00:00:00 2001
-From: Boris Ranto <branto@redhat.com>
-Date: Tue, 10 May 2016 19:12:08 +0200
-Subject: [PATCH] CVE-2011-4339 OpenIPMI
-
-IPMI event daemon creates PID file with world writeable permissions
----
- lib/helper.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/lib/helper.c b/lib/helper.c
-index de91438..c3a1c80 100644
---- a/lib/helper.c
-+++ b/lib/helper.c
-@@ -829,7 +829,6 @@ ipmi_start_daemon(struct ipmi_intf *intf)
- #endif
- 
- 	chdir("/");
--	umask(0);
- 
- 	for (fd=0; fd<64; fd++) {
- 		if (fd != intf->fd)
--- 
-2.7.4
-

0002-openssl.patch

@@ -1,89 +0,0 @@
-diff -urNp old/src/plugins/lanplus/lanplus_crypt_impl.c new/src/plugins/lanplus/lanplus_crypt_impl.c
---- old/src/plugins/lanplus/lanplus_crypt_impl.c	2016-05-28 10:20:20.000000000 +0200
-+++ new/src/plugins/lanplus/lanplus_crypt_impl.c	2017-02-21 10:50:21.634873466 +0100
-@@ -164,10 +164,10 @@ lanplus_encrypt_aes_cbc_128(const uint8_
- 							uint8_t       * output,
- 							uint32_t        * bytes_written)
- {
--	EVP_CIPHER_CTX ctx;
--	EVP_CIPHER_CTX_init(&ctx);
--	EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
--	EVP_CIPHER_CTX_set_padding(&ctx, 0);
-+	EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
-+	EVP_CIPHER_CTX_init(ctx);
-+	EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
-+	EVP_CIPHER_CTX_set_padding(ctx, 0);
- 	
- 
- 	*bytes_written = 0;
-@@ -191,7 +191,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_
- 	assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
- 
- 
--	if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
-+	if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
- 	{
- 		/* Error */
- 		*bytes_written = 0;
-@@ -201,7 +201,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_
- 	{
- 		uint32_t tmplen;
- 
--		if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
-+		if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
- 		{
- 			*bytes_written = 0;
- 			return; /* Error */
-@@ -210,7 +210,8 @@ lanplus_encrypt_aes_cbc_128(const uint8_
- 		{
- 			/* Success */
- 			*bytes_written += tmplen;
--			EVP_CIPHER_CTX_cleanup(&ctx);
-+			EVP_CIPHER_CTX_cleanup(ctx);
-+			EVP_CIPHER_CTX_free(ctx);
- 		}
- 	}
- }
-@@ -239,10 +240,10 @@ lanplus_decrypt_aes_cbc_128(const uint8_
- 							uint8_t       * output,
- 							uint32_t        * bytes_written)
- {
--	EVP_CIPHER_CTX ctx;
--	EVP_CIPHER_CTX_init(&ctx);
--	EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
--	EVP_CIPHER_CTX_set_padding(&ctx, 0);
-+	EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
-+	EVP_CIPHER_CTX_init(ctx);
-+	EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
-+	EVP_CIPHER_CTX_set_padding(ctx, 0);
- 
- 
- 	if (verbose >= 5)
-@@ -266,7 +267,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_
- 	assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
- 
- 
--	if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
-+	if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
- 	{
- 		/* Error */
- 		lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
-@@ -277,7 +278,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_
- 	{
- 		uint32_t tmplen;
- 
--		if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
-+		if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
- 		{
- 			char buffer[1000];
- 			ERR_error_string(ERR_get_error(), buffer);
-@@ -290,7 +291,8 @@ lanplus_decrypt_aes_cbc_128(const uint8_
- 		{
- 			/* Success */
- 			*bytes_written += tmplen;
--			EVP_CIPHER_CTX_cleanup(&ctx);
-+			EVP_CIPHER_CTX_cleanup(ctx);
-+			EVP_CIPHER_CTX_free(ctx);
- 		}
- 	}
- 

0003-ipmitool-1.8.11-set-kg-key.patch

@@ -1,240 +0,0 @@
-diff -urNp old/doc/ipmitool.1 new/doc/ipmitool.1
---- old/doc/ipmitool.1	2017-02-06 10:20:02.254362909 +0100
-+++ new/doc/ipmitool.1	2017-02-06 10:33:41.729294474 +0100
-@@ -372,6 +372,20 @@ Configure user access information on the
- 
- Displays the list of cipher suites supported for the given
- application (ipmi or sol) on the given channel.
-+.TP
-+\fIsetkg\fP <\fIhex\fP|\fIplain\fP> <\fBkey\fP> [<\fBchannel\fR>]
-+.br
-+
-+Sets K_g key to given value. Use \fIplain\fP to specify \fBkey\fR as simple ASCII string.
-+Use \fIhex\fP to specify \fBkey\fR as sequence of hexadecimal codes of ASCII charactes.
-+I.e. following two examples are equivalent:
-+
-+.RS
-+ipmitool channel setkg plain PASSWORD
-+
-+ipmitool channel setkg hex 50415353574F5244
-+.RE
-+
- .RE
- .RE
- .TP 
-diff -urNp old/include/ipmitool/helper.h new/include/ipmitool/helper.h
---- old/include/ipmitool/helper.h	2017-02-06 10:20:02.254362909 +0100
-+++ new/include/ipmitool/helper.h	2017-02-06 10:40:07.336136844 +0100
-@@ -58,6 +58,8 @@
- # define IPMI_UID_MAX 63
- #endif
- 
-+#define IPMI_KG_BUFFER_SIZE       21 /* key plus null byte */
-+
- struct ipmi_intf;
- 
- struct valstr {
-diff -urNp old/include/ipmitool/ipmi_channel.h new/include/ipmitool/ipmi_channel.h
---- old/include/ipmitool/ipmi_channel.h	2017-02-06 10:20:02.253316684 +0100
-+++ new/include/ipmitool/ipmi_channel.h	2017-02-06 10:58:15.291287621 +0100
-@@ -49,6 +49,10 @@
- #define IPMI_GET_USER_NAME             0x46
- #define IPMI_SET_USER_PASSWORD         0x47
- #define IPMI_GET_CHANNEL_CIPHER_SUITES 0x54
-+#define IPMI_SET_CHANNEL_SECURITY_KEYS 0x56
-+
-+#define IPMI_KG_KEY_ID  1
-+#define IPMI_SET_CHANNEL_SECURITY_KEYS_OP_SET 1
- 
- /* These are for channel_info_t.session_support */
- #define IPMI_CHANNEL_SESSION_LESS 0x00
-@@ -137,6 +141,40 @@ int _ipmi_set_channel_access(struct ipmi
- 		struct channel_access_t channel_access, uint8_t access_option,
- 		uint8_t privilege_option);
- 
-+struct set_channel_security_keys_req {
-+#if WORDS_BIGENDIAN
-+	uint8_t __reserved1			:4;
-+	uint8_t channel				:4;
-+	
-+	uint8_t __reserved2			:6;
-+	uint8_t operation			:2;
-+	
-+	uint8_t key_id;
-+	unsigned char key_value[IPMI_KG_BUFFER_SIZE-1]; /* we don't want space for '\0' at the end */
-+#else
-+	uint8_t channel				:4;
-+	uint8_t __reserved1			:4;
-+	
-+	uint8_t operation			:2;
-+	uint8_t __reserved2			:6;
-+	
-+	uint8_t key_id;
-+	unsigned char key_value[IPMI_KG_BUFFER_SIZE-1]; /* we don't want space for '\0' at the end */
-+#endif
-+} __attribute__ ((packed));
-+
-+struct set_channel_security_keys_rsp {
-+#if WORDS_BIGENDIAN
-+	uint8_t __reserved1			:6;
-+	uint8_t lock_status			:2;
-+	unsigned char key_value; /* just the first character, use &key_value to explore the rest */
-+#else
-+	uint8_t lock_status			:2;
-+	uint8_t __reserved1			:6;
-+	unsigned char key_value; /* just the first character, use &key_value to explore the rest */
-+#endif
-+} __attribute__ ((packed));
-+
- uint8_t ipmi_get_channel_medium(struct ipmi_intf * intf, uint8_t channel);
- uint8_t ipmi_current_channel_medium(struct ipmi_intf * intf);
- int ipmi_channel_main(struct ipmi_intf * intf, int argc, char ** argv);
-diff -urNp old/include/ipmitool/ipmi_intf.h new/include/ipmitool/ipmi_intf.h
---- old/include/ipmitool/ipmi_intf.h	2017-02-06 10:20:02.254362909 +0100
-+++ new/include/ipmitool/ipmi_intf.h	2017-02-06 10:40:40.264577602 +0100
-@@ -60,7 +60,6 @@ enum LANPLUS_SESSION_STATE {
- 
- #define IPMI_AUTHCODE_BUFFER_SIZE 20
- #define IPMI_SIK_BUFFER_SIZE      IPMI_MAX_MD_SIZE
--#define IPMI_KG_BUFFER_SIZE       21 /* key plus null byte */
- 
- struct ipmi_session_params {
- 	char * hostname;
-diff -urNp old/lib/ipmi_channel.c new/lib/ipmi_channel.c
---- old/lib/ipmi_channel.c	2017-02-06 10:20:02.255409134 +0100
-+++ new/lib/ipmi_channel.c	2017-02-06 12:32:14.222282317 +0100
-@@ -821,6 +821,92 @@ ipmi_set_user_access(struct ipmi_intf *i
- 	return 0;
- }
- 
-+int 
-+ipmi_set_channel_security_keys (struct ipmi_intf *intf, uint8_t channel, const char *method, const char *key)
-+{
-+	uint8_t kgkey[IPMI_KG_BUFFER_SIZE];
-+	struct ipmi_rs *rsp;
-+	struct ipmi_rq req;
-+	struct set_channel_security_keys_req req_data;
-+	int rc = -1;
-+	
-+	/* convert provided key to array of bytes */
-+	if (strcmp(method, "hex") == 0) {
-+		if (strlen(key) > (IPMI_KG_BUFFER_SIZE-1)*2) {
-+			lprintf(LOG_ERR, "Provided key is too long, max. length is %d bytes", (IPMI_KG_BUFFER_SIZE-1));
-+			printf_channel_usage();
-+			return -1;
-+		}
-+
-+		rc = ipmi_parse_hex(key, kgkey, sizeof(kgkey)-1);
-+		if (rc == -1) {
-+			lprintf(LOG_ERR, "Number of Kg key characters is not even");
-+			return rc;
-+		} else if (rc == -3) {
-+			lprintf(LOG_ERR, "Kg key is not hexadecimal number");
-+			return rc;
-+		} else if (rc > (IPMI_KG_BUFFER_SIZE-1)) {
-+			lprintf(LOG_ERR, "Kg key is too long");
-+			return rc;
-+		}
-+		
-+	} else if (strcmp(method, "plain") == 0) {
-+		if (strlen(key) > IPMI_KG_BUFFER_SIZE-1) {
-+			lprintf(LOG_ERR, "Provided key is too long, max. length is %d bytes", (IPMI_KG_BUFFER_SIZE -1));
-+			printf_channel_usage();
-+			return rc;
-+		}
-+		
-+		strncpy(kgkey, key, IPMI_KG_BUFFER_SIZE-1);
-+	} else {
-+		printf_channel_usage();
-+		return rc;
-+	}
-+	
-+	/* assemble and send request to set kg key */
-+	memset(&req_data, 0, sizeof(req_data));
-+	req_data.channel = channel;
-+	req_data.operation = IPMI_SET_CHANNEL_SECURITY_KEYS_OP_SET;
-+	req_data.key_id = IPMI_KG_KEY_ID;
-+	memcpy(req_data.key_value, kgkey, IPMI_KG_BUFFER_SIZE-1);
-+	
-+	memset(&req, 0, sizeof(req));
-+	req.msg.netfn = IPMI_NETFN_APP;
-+	req.msg.cmd = IPMI_SET_CHANNEL_SECURITY_KEYS;
-+	req.msg.data = (uint8_t*) &req_data;
-+	req.msg.data_len = sizeof(req_data);
-+
-+	rsp = intf->sendrecv(intf, &req);
-+	if (rsp == NULL) {
-+		lprintf(LOG_ERR, "Set Channel Security Keys command failed");
-+		return rc;
-+	}
-+	if (rsp->ccode > 0) {
-+		const char *error = NULL;
-+		switch (rsp->ccode) {
-+		case 0x80:
-+			error = "Key is locked";
-+			break;
-+		case 0x81:
-+			error = "Insufficient key bytes";
-+			break;
-+		case 0x82:
-+			error = "Too many key bytes";
-+			break;
-+		case 0x83:
-+			error = "Key value does not meet criteria for K_g key";
-+			break;
-+		default:
-+			error = val2str(rsp->ccode, completion_code_vals);
-+		}
-+		lprintf(LOG_ERR, "Error setting security key: %X (%s)", rsp->ccode, error);
-+		return rc;
-+	}
-+	
-+	lprintf(LOG_NOTICE, "Set Channel Security Keys command succeeded");
-+	return 0;
-+}
-+
- int
- ipmi_channel_main(struct ipmi_intf *intf, int argc, char **argv)
- {
-@@ -890,6 +976,19 @@ ipmi_channel_main(struct ipmi_intf *intf
- 		retval = ipmi_get_channel_cipher_suites(intf,
- 							argv[1], /* ipmi | sol */
- 							channel);
-+	} else if (strncmp(argv[0], "setkg", 5) == 0) {
-+		if (argc < 3 || argc > 4)
-+			printf_channel_usage();
-+		else {
-+			uint8_t ch = 0xe;
-+			char *method = argv[1];
-+			char *key = argv[2];
-+			if (argc == 4) {
-+				ch = (uint8_t)strtol(argv[3], NULL, 0);
-+			}
-+				
-+			retval = ipmi_set_channel_security_keys(intf, ch, method, key);
-+		}
- 	} else {
- 		lprintf(LOG_ERR, "Invalid CHANNEL command: %s\n", argv[0]);
- 		printf_channel_usage();
-@@ -916,6 +1015,10 @@ printf_channel_usage()
- 	lprintf(LOG_NOTICE,
- "");
- 	lprintf(LOG_NOTICE,
-+"                  setkg hex|plain <key> [channel]");
-+	lprintf(LOG_NOTICE,
-+"");
-+	lprintf(LOG_NOTICE,
- "Possible privilege levels are:");
- 	lprintf(LOG_NOTICE,
- "   1   Callback level");
-diff -urNp old/src/plugins/ipmi_intf.c new/src/plugins/ipmi_intf.c
---- old/src/plugins/ipmi_intf.c	2017-02-06 10:20:02.257501584 +0100
-+++ new/src/plugins/ipmi_intf.c	2017-02-06 10:42:12.585257810 +0100
-@@ -55,6 +55,7 @@
- #include <ipmitool/ipmi.h>
- #include <ipmitool/ipmi_sdr.h>
- #include <ipmitool/log.h>
-+#include <ipmitool/helper.h>
- 
- #define IPMI_DEFAULT_PAYLOAD_SIZE   25
- 

0004-slowswid.patch

@@ -1,16 +0,0 @@
-diff --git a/lib/ipmi_sdr.c b/lib/ipmi_sdr.c
-index fa7b082..9bc5ac2 100644
---- a/lib/ipmi_sdr.c
-+++ b/lib/ipmi_sdr.c
-@@ -572,6 +572,8 @@ ipmi_sdr_get_sensor_reading_ipmb(struct ipmi_intf *intf, uint8_t sensor,
- 	uint32_t save_addr;
- 	uint32_t save_channel;
- 
-+	if (target == (uint8_t) 0xb1)
-+		return ipmi_sdr_get_sensor_reading(intf, sensor);
- 	if ( BRIDGE_TO_SENSOR(intf, target, channel) ) {
- 		lprintf(LOG_DEBUG,
- 			"Bridge to Sensor "
--- 
-2.1.0
-

0005-sensor-id-length.patch

@@ -1,16 +0,0 @@
-diff --git a/include/ipmitool/ipmi_sdr.h b/include/ipmitool/ipmi_sdr.h
-index ccf0cf0..47d3949 100644
---- a/include/ipmitool/ipmi_sdr.h
-+++ b/include/ipmitool/ipmi_sdr.h
-@@ -819,7 +819,7 @@ static const char *sensor_type_desc[] __attribute__ ((unused)) = {
- 	    "Version Change", "FRU State" };
- 
- struct sensor_reading {
--	char		s_id[17];		/* name of the sensor */
-+	char		s_id[33];		/* name of the sensor */
- 	struct sdr_record_full_sensor    *full;
- 	struct sdr_record_compact_sensor *compact;
- 	uint8_t		s_reading_valid;	/* read value valididity */
--- 
-2.1.0
-

0006-enable-usb.patch

@@ -1,21 +0,0 @@
-diff -urNp old/configure.ac new/configure.ac
---- old/configure.ac	2017-02-02 14:20:33.230784269 +0100
-+++ new/configure.ac	2017-02-02 14:22:53.528510336 +0100
-@@ -63,7 +63,7 @@ xenable_intf_imb=yes
- xenable_intf_lipmi=yes
- xenable_intf_open=yes
- #xenable_intf_serial=yes
--xenable_intf_usb=no
-+xenable_intf_usb=yes
- xenable_ipmishell=yes
- 
- dnl set some things so we build with GNU tools on Solaris
-@@ -209,7 +209,7 @@ fi
- dnl enable IPMI USB interface
- AC_ARG_ENABLE([intf-usb],
- 	[AC_HELP_STRING([--enable-intf-usb],
--			[enable IPMI USB interface [default=auto]])],
-+			[enable IPMI USB interface [default=yes]])],
- 		[xenable_intf_usb=$enableval],
- 		[xenable_intf_usb=$xenable_intf_usb])
- if test "x$xenable_intf_usb" = "xstatic" || test "x$xenable_intf_usb" = "xplugin"; then

0007-check-input.patch

@@ -1,41 +0,0 @@
-diff -urNp old/doc/ipmitool.1 new/doc/ipmitool.1
---- old/doc/ipmitool.1	2017-10-03 16:10:50.446539988 +0200
-+++ new/doc/ipmitool.1	2017-10-03 16:16:37.039673239 +0200
-@@ -3170,13 +3170,14 @@ SOL configuration data for the currently
- 
- Enable, disable or show status of SOL payload for the user on the specified channel. 
- .TP 
--\fIset\fP <\fBparameter\fR> <\fBvalue\fR> [<\fBchannel\fR>]
-+\fIset\fP <\fBparameter\fR> <\fBvalue\fR> [<\fBchannel\fR>] [\fBnoguard\fR]
- .br 
- 
- Configure parameters for Serial Over Lan.  If no channel is given,
- it will display SOL configuration data for the currently used
- channel.  Configuration parameter updates are automatically guarded
--with the updates to the set\-in\-progress parameter.
-+with the updates to the set\-in\-progress parameter, unless \fInoguard\fR
-+parameter is present.
- .RS
- .TP 
- Valid parameters and values are:
-diff -urNp old/lib/ipmi_sol.c new/lib/ipmi_sol.c
---- old/lib/ipmi_sol.c	2017-10-03 16:10:50.447539996 +0200
-+++ new/lib/ipmi_sol.c	2017-10-03 16:18:37.079006949 +0200
-@@ -1875,7 +1875,7 @@ static void
- print_sol_usage(void)
- {
- 	lprintf(LOG_NOTICE, "SOL Commands: info [<channel number>]");
--	lprintf(LOG_NOTICE, "              set <parameter> <value> [channel]");
-+	lprintf(LOG_NOTICE, "              set <parameter> <value> [channel] [noguard]");
- 	lprintf(LOG_NOTICE, "              payload <enable|disable|status> [channel] [userid]");
- 	lprintf(LOG_NOTICE, "              activate [<usesolkeepalive|nokeepalive>] [instance=<number>]");
- 	lprintf(LOG_NOTICE, "              deactivate [instance=<number>]");
-@@ -1890,6 +1890,8 @@ print_sol_usage(void)
- static void
- print_sol_set_usage(void)
- {
-+	lprintf(LOG_NOTICE, "\nSOL set usage: \n");
-+	lprintf(LOG_NOTICE, "  sol set <parameter> <value> [channel] [noguard]\n");
- 	lprintf(LOG_NOTICE, "\nSOL set parameters and values: \n");
-   	lprintf(LOG_NOTICE, "  set-in-progress             set-complete | "
- 		"set-in-progress | commit-write");

ipmievd.service

@@ -7,7 +7,7 @@ After=ipmi.service
 EnvironmentFile=-/etc/sysconfig/ipmievd
 ExecStart=/usr/sbin/ipmievd $IPMIEVD_OPTIONS
 Type=forking
-PIDFile=/var/run/ipmievd.pid
+PIDFile=/var/run/ipmievd.pid0
 
 [Install]
 WantedBy=multi-user.target

ipmitool-1.8.10-ipmievd-condrestart.patch

@@ -0,0 +1,39 @@
+532188 -  ipmievd init script's condrestart doesn't work
+
+Author: Ville Skyttä (ville.skytta@iki.fi)
+Sent upstream as https://sourceforge.net/tracker/?func=detail&aid=2889888&group_id=95200&atid=610552
+
+Index: contrib/ipmievd.init.redhat
+===================================================================
+RCS file: /cvsroot/ipmitool/ipmitool/contrib/ipmievd.init.redhat,v
+retrieving revision 1.1
+diff -u -r1.1 ipmievd.init.redhat
+--- contrib/ipmievd.init.redhat	19 Mar 2006 23:05:48 -0000	1.1
++++ contrib/ipmievd.init.redhat	31 Oct 2009 08:50:07 -0000
+@@ -62,6 +62,11 @@
+ 	return $ret
+ }
+ 
++restart() {
++	stop
++	start
++}
++
+ case "$1" in
+     start)
+ 	start
+@@ -72,11 +77,10 @@
+     status)
+ 	status $IPMIEVD_BIN
+ 	;;
+-    restart|reload)
+-    	stop
+-	start
++    restart|reload|force-reload)
++	restart
+ 	;;
+-    condrestart)
++    try-restart|condrestart)
+ 	[ -f /var/lock/subsys/ipmievd ] && restart || :
+ 	;;
+     *)

ipmitool-1.8.10-ipmievd-init.patch

@@ -0,0 +1,32 @@
+diff -up ipmitool-1.8.10/contrib/ipmievd.init.redhat.ipmievd-init ipmitool-1.8.10/contrib/ipmievd.init.redhat
+--- ipmitool-1.8.10/contrib/ipmievd.init.redhat.ipmievd-init	2006-03-20 00:05:48.000000000 +0100
++++ ipmitool-1.8.10/contrib/ipmievd.init.redhat	2008-10-14 13:46:35.000000000 +0200
+@@ -5,7 +5,7 @@
+ #       Based on example sysvinitfiles script
+ #       Copyright (c) 2000 Red Hat Software, Inc.
+ #
+-# chkconfig: 345 99 00
++# chkconfig: - 99 00
+ # description: ipmievd daemon to send events to syslog
+ # processname: ipmievd
+ # config:      /etc/sysconfig/ipmievd
+@@ -16,8 +16,8 @@
+ # Should-Start: $time
+ # Required-Stop:     $syslog ipmi
+ # Should-Stop: $time
+-# Default-Start:     3 4 5
+-# Default-Stop:      0 1 2 6
++# Default-Start:     
++# Default-Stop:      
+ # Short-Description: ipmievd daemon to send events to syslog
+ # Description:       Start ipmievd to read events from BMC and
+ #	             log them to syslog.  Events correspond to hardware faults,
+@@ -85,7 +85,7 @@ case "$1" in
+ 	;;
+     *)
+ 	echo "Usage: ipmievd {start|stop|status|reload|restart|condrestart}"
+-	exit 1
++	exit 2
+ 	;;
+ esac
+ exit $?

ipmitool-1.8.11-remove-umask0.patch

@@ -0,0 +1,13 @@
+CVE-2011-4339 OpenIPMI: IPMI event daemon creates PID file with world writeable permissions
+
+diff -up ipmitool-1.8.11/lib/helper.c.original ipmitool-1.8.11/lib/helper.c
+--- ipmitool-1.8.11/lib/helper.c.original	2011-10-03 13:00:54.000000000 +0900
++++ ipmitool-1.8.11/lib/helper.c	2011-10-03 13:01:01.000000000 +0900
+@@ -427,7 +427,6 @@ ipmi_start_daemon(struct ipmi_intf *intf
+ #endif
+ 
+ 	chdir("/");
+-	umask(0);
+ 
+ 	for (fd=0; fd<64; fd++) {
+ 		if (fd != intf->fd)

ipmitool.spec

@@ -1,37 +1,25 @@
-%global       gitname     IPMITOOL
-%global       gitversion  1_8_18
-
 Name:         ipmitool
 Summary:      Utility for IPMI control
-Version:      1.8.18
-Release:      15%{?dist}
+Version:      1.8.11
+Release:      11%{?dist}
 License:      BSD
+Group:        System Environment/Base
 URL:          http://ipmitool.sourceforge.net/
-Source0:      https://github.com/%{name}/%{name}/archive/%{gitname}_%{gitversion}/%{name}-%{version}.tar.gz
+Source0:      http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.bz2
 Source1:      openipmi-ipmievd.sysconf
 Source2:      ipmievd.service
-Source3:      exchange-bmc-os-info.service
-Source4:      exchange-bmc-os-info.sysconf
-Source5:      set-bmc-url.sh
-Source6:      exchange-bmc-os-info
-
-Patch1:       0001-CVE-2011-4339-OpenIPMI.patch
-# WARNING:  THIS PATCH MUST BE USED FOR RAWHIDE (f26+) BRANCH
-Patch2:       0002-openssl.patch
-Patch3:       0003-ipmitool-1.8.11-set-kg-key.patch
-Patch4:       0004-slowswid.patch
-Patch5:       0005-sensor-id-length.patch
-Patch6:       0006-enable-usb.patch
-Patch7:       0007-check-input.patch
-
 BuildRequires: openssl-devel readline-devel ncurses-devel
-%{?systemd_requires}
-BuildRequires: systemd
-# bootstrap
-BuildRequires: automake autoconf libtool
+BuildRequires: systemd-units
+Requires(post): systemd-sysv
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
 Obsoletes: OpenIPMI-tools < 2.0.14-3
 Provides: OpenIPMI-tools = 2.0.14-3
 
+Patch1: ipmitool-1.8.10-ipmievd-init.patch
+Patch2: ipmitool-1.8.10-ipmievd-condrestart.patch
+Patch3: ipmitool-1.8.11-remove-umask0.patch
 
 %description
 This package contains a utility for interfacing with devices that support
@@ -48,44 +36,12 @@ displaying sensor values, displaying the contents of the System Event
 Log (SEL), printing Field Replaceable Unit (FRU) information, reading and
 setting LAN configuration, and chassis power control.
 
-
-%package -n ipmievd
-Requires: ipmitool
-%{?systemd_requires}
-BuildRequires: systemd
-Summary: IPMI event daemon for sending events to syslog
-%description -n ipmievd
-ipmievd is a daemon which will listen for events from the BMC that are
-being  sent to the SEL and also log those messages to syslog.
-
-
-%package -n bmc-snmp-proxy
-Requires: net-snmp
-Requires: exchange-bmc-os-info
-BuildArch: noarch
-Summary: Reconfigure SNMP to include host SNMP agent within BMC
-%description -n bmc-snmp-proxy
-Given a host with BMC, this package would extend system configuration
-of net-snmp to include redirections to BMC based SNMP.
-
-
-%package -n exchange-bmc-os-info
-Requires: hostname
-Requires: ipmitool
-BuildArch: noarch
-%{?systemd_requires}
-BuildRequires: systemd
-
-Summary: Let OS and BMC exchange info
-
-%description -n exchange-bmc-os-info
-Given a host with BMC, this package would pass the hostname &
-OS information to the BMC and also capture the BMC ip info
-for the host OS to use.
-
-
 %prep
-%autosetup -n %{name}-%{gitname}_%{gitversion} -p1
+
+%setup -q
+%patch1 -p1 -b .ipmievd-init
+%patch2 -p0 -b .condrestart
+%patch3 -p1 -b .umask
 
 for f in AUTHORS ChangeLog; do
     iconv -f iso-8859-1 -t utf8 < ${f} > ${f}.utf8
@@ -97,18 +53,6 @@ done
 # --enable-file-security adds some security checks
 # --disable-intf-free disables FreeIPMI support - we don't want to depend on
 #   FreeIPMI libraries, FreeIPMI has its own ipmitoool-like utility.
-
-# begin: release auto-tools
-# Used to be needed by aarch64 support, now only cxoem patch makefiles are left.
-aclocal
-libtoolize --automake --copy
-autoheader
-automake --foreign --add-missing --copy
-aclocal
-autoconf
-automake --foreign
-# end: release auto-tools
-
 %configure --disable-dependency-tracking --enable-file-security --disable-intf-free
 make %{?_smp_mflags}
 
@@ -117,34 +61,26 @@ make DESTDIR=%{buildroot} install
 
 install -Dpm 644 %{SOURCE2} %{buildroot}%{_unitdir}/ipmievd.service
 install -Dpm 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/sysconfig/ipmievd
-install -Dm 644 %{SOURCE3} %{buildroot}%{_unitdir}/exchange-bmc-os-info.service
-install -Dm 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/exchange-bmc-os-info
-install -Dm 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/profile.d/set-bmc-url.sh
-install -Dm 755 %{SOURCE6} %{buildroot}%{_libexecdir}/exchange-bmc-os-info
 
+%post
+if [ $1 -eq 1 ] ; then 
+    # Initial installation 
+    /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+fi
 
-install -Dm 644 contrib/bmc-snmp-proxy.sysconf %{buildroot}%{_sysconfdir}/sysconfig/bmc-snmp-proxy
-install -Dm 644 contrib/bmc-snmp-proxy.service %{buildroot}%{_unitdir}/bmc-snmp-proxy.service
-install -Dm 755 contrib/bmc-snmp-proxy         %{buildroot}%{_libexecdir}/bmc-snmp-proxy
-
-%post -n ipmievd
-%systemd_post ipmievd.service
-
-%preun -n ipmievd
-%systemd_preun ipmievd.service
-
-%postun -n ipmievd
-%systemd_postun_with_restart ipmievd.service
-
-%post -n exchange-bmc-os-info
-%systemd_post exchange-bmc-os-info.service
-
-%preun -n exchange-bmc-os-info
-%systemd_preun exchange-bmc-os-info.service
-
-%postun -n exchange-bmc-os-info
-%systemd_postun_with_restart exchange-bmc-os-info.service
+%preun
+if [ $1 -eq 0 ] ; then
+    # Package removal, not upgrade
+    /bin/systemctl --no-reload disable ipmievd.service > /dev/null 2>&1 || :
+    /bin/systemctl stop ipmievd.service > /dev/null 2>&1 || :
+fi
 
+%postun
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ $1 -ge 1 ] ; then
+    # Package upgrade, not uninstall
+    /bin/systemctl try-restart ipmievd.service >/dev/null 2>&1 || :
+fi
 
 %triggerun -- ipmievd < 1.8.11-7
 # Save the current service runlevel info
@@ -157,183 +93,16 @@ install -Dm 755 contrib/bmc-snmp-proxy         %{buildroot}%{_libexecdir}/bmc-sn
 /bin/systemctl try-restart ipmievd.service >/dev/null 2>&1 || :
 
 %files
-%{_bindir}/ipmitool
-%{_mandir}/man1/ipmitool.1*
+%config(noreplace) %{_sysconfdir}/sysconfig/ipmievd
+%{_unitdir}/ipmievd.service
+%{_bindir}/*
+%{_sbindir}/*
+%{_mandir}/man*/*
 %doc %{_datadir}/doc/ipmitool
 %{_datadir}/ipmitool
 
-%files -n ipmievd
-%config(noreplace) %{_sysconfdir}/sysconfig/ipmievd
-%{_unitdir}/ipmievd.service
-%{_sbindir}/ipmievd
-%{_mandir}/man8/ipmievd.8*
-
-%files -n exchange-bmc-os-info
-%config(noreplace) %{_sysconfdir}/sysconfig/exchange-bmc-os-info
-%{_sysconfdir}/profile.d/set-bmc-url.sh
-%{_unitdir}/exchange-bmc-os-info.service
-%{_libexecdir}/exchange-bmc-os-info
-
-%files -n bmc-snmp-proxy
-%config(noreplace) %{_sysconfdir}/sysconfig/bmc-snmp-proxy
-%{_unitdir}/bmc-snmp-proxy.service
-%{_libexecdir}/bmc-snmp-proxy
 
 %changelog
-* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.18-15
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Sun Feb 17 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.8.18-14
-- Rebuild for readline 8.0
-
-* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.18-13
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.18-12
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Tue Apr 10 2018 Josef Ridky <jridky@redhat.com> - 1.8.18-11
-- Project moved to github
-
-* Thu Feb 22 2018 Josef Ridky <jridky@redhat.com> - 1.8.18-10
-- Spec clean up
-- Add support to set kg key
-- Fix DDR4 memory issues
-- Increase length of sensor id
-- Enable usb interface by default
-- Fix input options 
-
-* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.18-9
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
-* Tue Jan 30 2018 Josef Ridky <jridky@redhat.com> - 1.8.18-8
-- remove old systemd dependencies
-
-* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.18-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
-
-* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.18-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Tue Feb 21 2017 Josef Ridky <jridky@redhat.com> - 1.8.18-5
-- Fix allocation issue
-
-* Tue Feb 21 2017 Josef Ridky <jridky@redhat.com> - 1.8.18-4
-- Add support for OpenSSL-1.1.0 library (#1423743)
-
-* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.18-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
-
-* Thu Jan 12 2017 Igor Gnatenko <ignatenko@redhat.com> - 1.8.18-2
-- Rebuild for readline 7.x
-
-* Mon Oct 10 2016 Boris Ranto <branto@redhat.com> - 0:1.8.18-1
-- New version (0:1.8.18-1)
-- CVE-2011-4339 OpenIPMI
-
-* Tue May 10 2016 Boris Ranto <branto@redhat.com> - 0:1.8.17-1
-- New version (0:1.8.17-1)
-- CVE-2011-4339 OpenIPMI
-
-* Tue Feb 23 2016 Boris Ranto <branto@redhat.com> - 1.8.16-1
-- Rebase to version 1.8.16
-
-* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.15-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
-
-* Tue Nov 24 2015 Boris Ranto <branto@redhat.com> - 1.8.15-5
-- Split ipmievd bits into a separate package
-
-* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.15-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
-
-* Wed Apr 22 2015 Ales Ledvinka <aledvink@redhat.com> 1.8.15-3
-- Remove modalias dependency.
-
-* Thu Mar 19 2015 Ales Ledvinka <aledvink@redhat.com> 1.8.15-1
-- Upstream release 1.8.15
-
-* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.13-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
-
-* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.13-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
-
-* Tue Apr  8 2014 Ales Ledvinka <aledvink@redhat.com> 1.8.13-4
-- Support for environment variable short options.
-
-* Tue Nov  5 2013 Ales Ledvinka <aledvink@redhat.com> 1.8.13-3
-- Cleanup of dual bridge option.
-
-* Tue Oct 15 2013 Ales Ledvinka <aledvink@redhat.com> 1.8.13-2
-- BMC SNMP agent redirection
-
-* Mon Oct 14 2013 Ales Ledvinka <aledvink@redhat.com> 1.8.13-1
-- Upstream release 1.8.13
-
-* Fri Aug 09 2013 Ales Ledvinka <aledvink@redhat.com> 1.8.12-13073103
-- Avoid FIPS mode crashes if possible.
-- Document FIPS limitations.
-
-* Wed Jul  31 2013 Ales Ledvinka <aledvink@redhat.com> 1.8.12-13073101
-- Include current upstream bugfixes.
-
-* Thu Jul 25 2013 Ales Ledvinka <aledvink@redhat.com> 1.8.12-16
-- Calxeda OEM extensions.
-
-* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.12-15
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
-
-* Mon Dec 17 2012 Praveen K Paladugu <praveen_paladugu@dell.com> - 1.8.12-14
-- Updated the exchange-bmc-os-info's service file with Requires stmt
-
-* Fri Dec 14 2012 Ales Ledvinka <aledvink@redhat.com> 1.8.12-13
-- fixed argument parsing leaks
-- ask user for password only once and do so only when interactive password
-  is the chosen password method.
-
-* Thu Dec 13 2012 Praveen K Paladugu <praveen_paladugu@dell.com> - 1.8.12-12
-- Removed the extra symbols in the patch, as the build is failing.
-
-* Thu Dec 13 2012 Praveen K Paladugu <praveen_paladugu@dell.com> - 1.8.12-11
-- Subpackage for exchange-bmc-os-info as it requires OPenIPMI
-
-* Wed Dec 12 2012 Ales Ledvinka <aledvink@redhat.com> 1.8.12-10
-- documented fixed and conditional defaults. adjusted synopsis
-
-* Tue Dec 4 2012 Ales Ledvinka <aledvink@redhat.com> 1.8.12-9
-- fixed ipmitool documentation
-
-* Fri Nov 30 2012 Praveen K Paladugu <praveen_paladugu@dell.com> 1.8.12-8
-- service & scripts to allow OS to capture BMC's IP & URL info
-- Also pass the OS information to BMC
-- patches submitted by Charles Rose (charles_rose[at]dell.com)
-
-* Fri Nov 16 2012 Ales Ledvinka <aledvink@redhat.com> 1.8.12-7
-- failed sol session activation crashes while logging exit
-
-* Fri Nov 16 2012 Ales Ledvinka <aledvink@redhat.com> 1.8.12-6
-- revert default cipersuite back to 3 which includes integrity and confidentiality
-
-* Thu Oct 18 2012 Dan Horák <dan[at]danny.cz> - 1.8.12-5
-- fix build on big endian arches
-
-* Wed Oct 17 2012 Ales Ledvinka <aledvink@redhat.cz> 1.8.12-4
-- support setting OS name and Hostname on BMC
-
-* Tue Sep 04 2012 Dan Horák <dan[at]danny.cz> - 1.8.12-3
-- fix build on big endian arches
-
-* Mon Aug 27 2012 Jan Safranek <jsafrane@redhat.com> - 1.8.12-2
-- Fixed starting ipmievd under systemd (#819234).
-- Updated RPM scriplets with latest systemd-rpm macros (#850161)
-
-* Fri Aug 10 2012 Jan Safranek <jsafrane@redhat.com> - 1.8.12-1
-- update to ipmitool-1.8.12
-
-* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.11-12
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
-
 * Tue May 22 2012 Jan Safranek <jsafrane@redhat.com> - 1.8.11-11
 - start ipmievd.service after ipmi (#819234)
 

sources

@@ -1,5 +1 @@
-SHA512 (exchange-bmc-os-info) = 77aad6f132b0ab56dcf8f8a5d1efbba9196c2fbb5771e5106833455a071a5dc79109d945a7adc0022f9604cbfd4a01ea1ea54ce15a2409c85f5effbf6cfc4f09
-SHA512 (exchange-bmc-os-info.service) = 4349e7be9879c55c64e6233f749db7d656a12b421ad53a41d612e8c891abbe108d0fabe57d5753b5c1367da4f34e2e3bb579ea4ba8bc39b81ec64b66d5f65f79
-SHA512 (exchange-bmc-os-info.sysconf) = 475f5645eb6a7038efe5568950235fa43a081f26490b7e17de2279e022950144f197e1a545177447ce1ec345862e7fb8fb802eaa3728bc9e32868e34c081263a
-SHA512 (set-bmc-url.sh) = 99bceee522b23e0c4bc55f9e4bdc08ece9ecbf8a50511fa8f8b90ecc94d8f9715e74bb15a5f1e7c2162e7ac2e1933aff0c78b464e1010f21c784d84c0b1bfe2a
-SHA512 (ipmitool-1.8.18.tar.gz) = 2f2b9c4ce76eb2afdac168edbd41241352c2d4d18286494ffb57dcf750f18448d144543faa8a5494f077c78a4f5ae730624d3798ba6e621249c42fd868d86406
+1d0da20add7388d64c549f95538b6858  ipmitool-1.8.11.tar.bz2