From 2d1d9124b5e11076a9eb4e40d8bdad665af8b5cc Mon Sep 17 00:00:00 2001
From: CBL-Mariner Servicing Account <cblmargh@microsoft.com>
Date: Thu, 2 Apr 2026 12:15:11 +0000
Subject: [PATCH 1/2] Upgrade freeipmi to 1.6.17 for CVE-2026-33554

---
 SPECS/freeipmi/freeipmi.signatures.json | 12 ++++++------
 SPECS/freeipmi/freeipmi.spec            |  5 ++++-
 cgmanifest.json                         |  4 ++--
 3 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/SPECS/freeipmi/freeipmi.signatures.json b/SPECS/freeipmi/freeipmi.signatures.json
index 4c0a494dc97..9dfe97a4b4f 100644
--- a/SPECS/freeipmi/freeipmi.signatures.json
+++ b/SPECS/freeipmi/freeipmi.signatures.json
@@ -1,8 +1,8 @@
 {
- "Signatures": {
-  "bmc-watchdog.service": "8fe627d5fe40ae7dee4437c9f136e76397166ebdd90487eb8a4852ce1d22bf12",
-  "freeipmi-1.6.11.tar.gz": "65fbd6910fc010457748695414f27c5755b4e8d75734221221f3858c6230a897",
-  "ipmidetectd.service": "a0d9af1447e72c449bbec5cc1fedd447673eaf6cca93e5c4644517d853b39e20",
-  "ipmiseld.service": "58b467e507eb805414697180dc94f7bb128bd61d520f3b4cb36e084dbdd5835c"
- }
+  "Signatures": {
+    "bmc-watchdog.service": "8fe627d5fe40ae7dee4437c9f136e76397166ebdd90487eb8a4852ce1d22bf12",
+    "ipmidetectd.service": "a0d9af1447e72c449bbec5cc1fedd447673eaf6cca93e5c4644517d853b39e20",
+    "ipmiseld.service": "58b467e507eb805414697180dc94f7bb128bd61d520f3b4cb36e084dbdd5835c",
+    "freeipmi-1.6.17.tar.gz": "16783d10faa28847a795cce0bf86deeaa72b8fbe71d1f0dc1101d13a6b501ec1"
+  }
 }
diff --git a/SPECS/freeipmi/freeipmi.spec b/SPECS/freeipmi/freeipmi.spec
index 61b1df45182..2f7bdabc781 100644
--- a/SPECS/freeipmi/freeipmi.spec
+++ b/SPECS/freeipmi/freeipmi.spec
@@ -4,7 +4,7 @@ Distribution:   Azure Linux
 # Copyright (c) 2003 FreeIPMI Core Team
 
 Name:             freeipmi
-Version:          1.6.11
+Version:          1.6.17
 Release:          1%{?dist}
 Summary:          IPMI remote console and system management software
 License:          GPLv3+
@@ -345,6 +345,9 @@ rm -frv %{buildroot}%{_initrddir} %{buildroot}%{_sysconfdir}/init.d
 %dir %{_localstatedir}/cache/ipmiseld
 
 %changelog
+* Thu Apr 02 2026 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 1.6.17-1
+- Auto-upgrade to 1.6.17 - for CVE-2026-33554
+
 * Thu Jan 11 2024 Xiaohong Deng <xiaohongdeng@microsoft.com> 1.6.11-1
 - Upgrade for Mariner 3.0
 
diff --git a/cgmanifest.json b/cgmanifest.json
index 2ca692a1a15..c791c404815 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -3890,8 +3890,8 @@
         "type": "other",
         "other": {
           "name": "freeipmi",
-          "version": "1.6.11",
-          "downloadUrl": "http://ftp.gnu.org/gnu/freeipmi/freeipmi-1.6.11.tar.gz"
+          "version": "1.6.17",
+          "downloadUrl": "https://ftp.gnu.org/gnu/freeipmi/freeipmi-1.6.17.tar.gz"
         }
       }
     },

From 38c18d11a91d0af99d1210e50ecb7a830c3603a7 Mon Sep 17 00:00:00 2001
From: Kanishk Bansal <kanbansal@microsoft.com>
Date: Thu, 2 Apr 2026 14:16:32 +0000
Subject: [PATCH 2/2] lisc check fix

Signed-off-by: Kanishk Bansal <kanbansal@microsoft.com>
---
 SPECS/freeipmi/freeipmi.spec | 29 ++++++++++++++++-------------
 1 file changed, 16 insertions(+), 13 deletions(-)

diff --git a/SPECS/freeipmi/freeipmi.spec b/SPECS/freeipmi/freeipmi.spec
index 2f7bdabc781..de00aadee7b 100644
--- a/SPECS/freeipmi/freeipmi.spec
+++ b/SPECS/freeipmi/freeipmi.spec
@@ -78,6 +78,9 @@ install -pm644 %SOURCE1 %SOURCE2 %SOURCE3 %{buildroot}%{_unitdir}/
 # Remove initscripts
 rm -frv %{buildroot}%{_initrddir} %{buildroot}%{_sysconfdir}/init.d
 
+# Remove COPYING files from doc dir; they will be installed via %%license
+rm -f %{buildroot}%{_datadir}/doc/%{name}/COPYING*
+
 %post bmc-watchdog
 %systemd_post bmc-watchdog.service
 
@@ -133,7 +136,7 @@ rm -frv %{buildroot}%{_initrddir} %{buildroot}%{_sysconfdir}/init.d
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/freeipmi/freeipmi_interpret_sensor.conf
 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/freeipmi/libipmiconsole.conf
 %doc %{_datadir}/doc/%{name}/AUTHORS
-%doc %{_datadir}/doc/%{name}/COPYING
+%license COPYING
 %doc %{_datadir}/doc/%{name}/ChangeLog
 %doc %{_datadir}/doc/%{name}/ChangeLog.0
 %doc %{_datadir}/doc/%{name}/INSTALL
@@ -144,16 +147,16 @@ rm -frv %{buildroot}%{_initrddir} %{buildroot}%{_sysconfdir}/init.d
 %doc %{_datadir}/doc/%{name}/README.openipmi
 %doc %{_datadir}/doc/%{name}/TODO
 %doc %{_infodir}/*
-%doc %{_datadir}/doc/%{name}/COPYING.ipmiping
-%doc %{_datadir}/doc/%{name}/COPYING.ipmipower
-%doc %{_datadir}/doc/%{name}/COPYING.ipmiconsole
-%doc %{_datadir}/doc/%{name}/COPYING.ipmimonitoring
-%doc %{_datadir}/doc/%{name}/COPYING.pstdout
-%doc %{_datadir}/doc/%{name}/COPYING.ipmidetect
-%doc %{_datadir}/doc/%{name}/COPYING.ipmi-fru
-%doc %{_datadir}/doc/%{name}/COPYING.ipmi-dcmi
-%doc %{_datadir}/doc/%{name}/COPYING.sunbmc
-%doc %{_datadir}/doc/%{name}/COPYING.ZRESEARCH
+%license COPYING.ipmiping
+%license COPYING.ipmipower
+%license COPYING.ipmiconsole
+%license COPYING.ipmimonitoring
+%license COPYING.pstdout
+%license COPYING.ipmidetect
+%license COPYING.ipmi-fru
+%license COPYING.ipmi-dcmi
+%license COPYING.sunbmc
+%license COPYING.ZRESEARCH
 %doc %{_datadir}/doc/%{name}/DISCLAIMER.ipmiping
 %doc %{_datadir}/doc/%{name}/DISCLAIMER.ipmipower
 %doc %{_datadir}/doc/%{name}/DISCLAIMER.ipmiconsole
@@ -319,7 +322,7 @@ rm -frv %{buildroot}%{_initrddir} %{buildroot}%{_sysconfdir}/init.d
 %{_libdir}/pkgconfig/*
 
 %files bmc-watchdog
-%doc %{_datadir}/doc/%{name}/COPYING.bmc-watchdog
+%license COPYING.bmc-watchdog
 %doc %{_datadir}/doc/%{name}/DISCLAIMER.bmc-watchdog
 %doc %{_datadir}/doc/%{name}/DISCLAIMER.bmc-watchdog.UC
 %config(noreplace) %{_sysconfdir}/sysconfig/bmc-watchdog
@@ -335,7 +338,7 @@ rm -frv %{buildroot}%{_initrddir} %{buildroot}%{_sysconfdir}/init.d
 %{_unitdir}/ipmidetectd.service
 
 %files ipmiseld
-%doc %{_datadir}/doc/%{name}/COPYING.ipmiseld
+%license COPYING.ipmiseld
 %doc %{_datadir}/doc/%{name}/DISCLAIMER.ipmiseld
 %{_unitdir}/ipmiseld.service
 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/freeipmi/ipmiseld.conf