[ipmitool] Revert cipher defaults. Integrity from None to HMAC-SHA1-96 and confidentiality from None to AES-CBC

aledvink aledvink at fedoraproject.org
Fri Nov 16 13:18:26 UTC 2012 

commit b5bba9c49340767853d615cf53e3837295927ad2
Author: Ales Ledvinka <aledvink at redhat.com>
Date:   Fri Nov 16 14:15:15 2012 +0100

    Revert cipher defaults. Integrity from None to HMAC-SHA1-96
    and confidentiality from None to AES-CBC-128

 ipmitool-1.8.12-ciper-suite-default.patch |   12 ++++++++++++
 ipmitool.spec                             |    7 ++++++-
 2 files changed, 18 insertions(+), 1 deletions(-)
---
diff --git a/ipmitool-1.8.12-ciper-suite-default.patch b/ipmitool-1.8.12-ciper-suite-default.patch
new file mode 100644
index 0000000..3da526e
--- /dev/null
+++ b/ipmitool-1.8.12-ciper-suite-default.patch
@@ -0,0 +1,12 @@
+diff -up ./lib/ipmi_main.c.cip ./lib/ipmi_main.c
+--- ./lib/ipmi_main.c.cip	2012-11-16 14:03:17.729119605 +0100
++++ ./lib/ipmi_main.c	2012-11-16 14:03:25.448123005 +0100
+@@ -382,7 +382,7 @@ ipmi_main(int argc, char ** argv,
+ 	char * seloem   = NULL;
+ 	int port = 0;
+ 	int devnum = 0;
+-	int cipher_suite_id = 1; /* See table 22-19 of the IPMIv2 spec */
++	int cipher_suite_id = 3; /* See table 22-19 of the IPMIv2 spec */
+ 	int argflag, i, found;
+ 	int rc = -1;
+ 	char sol_escape_char = SOL_ESCAPE_CHARACTER_DEFAULT;
diff --git a/ipmitool.spec b/ipmitool.spec
index 1f44d0a..9dc3ffc 100644
--- a/ipmitool.spec
+++ b/ipmitool.spec
@@ -1,7 +1,7 @@
 Name:         ipmitool
 Summary:      Utility for IPMI control
 Version:      1.8.12
-Release:      5%{?dist}
+Release:      6%{?dist}
 License:      BSD
 Group:        System Environment/Base
 URL:          http://ipmitool.sourceforge.net/
@@ -26,6 +26,7 @@ Patch5: ipmitool-1.8.12-bigendian.patch
 Patch6: ipmitool-cvs-mc-sysinfo-dell.patch
 # https://sourceforge.net/tracker/?func=detail&aid=3578022&group_id=95200&atid=610550
 Patch7: ipmitool-1.8.12-bigendian2.patch
+Patch8: ipmitool-1.8.12-ciper-suite-default.patch
 
 %description
 This package contains a utility for interfacing with devices that support
@@ -52,6 +53,7 @@ setting LAN configuration, and chassis power control.
 %patch5 -p1 -b .bigendian
 %patch6 -p1 -b .mcsysinfodell
 %patch7 -p1 -b .bigendian2
+%patch8 -p1 -b .cip
 
 for f in AUTHORS ChangeLog; do
     iconv -f iso-8859-1 -t utf8 < ${f} > ${f}.utf8
@@ -102,6 +104,9 @@ install -Dpm 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/sysconfig/ipmievd
 
 
 %changelog
+* Fri Nov 16 2012 Ales Ledvinka <aledvink at redhat.com> 1.8.12-6
+- revert default cipersuite back to 3 which includes integrity and confidentiality
+
 * Thu Oct 18 2012 Dan HorĂ¡k <dan[at]danny.cz> - 1.8.12-5
 - fix build on big endian arches

More information about the scm-commits mailing list