1 |
marineam 07/09/26 22:43:50 |
2 |
|
3 |
Added: xen-tools-3.0.4_p1-pygrub-security-fix.patch |
4 |
xen-tools-3.1.0-pygrub-security-fix.patch |
5 |
digest-xen-tools-3.1.0-r1 |
6 |
digest-xen-tools-3.0.4_p1-r1 |
7 |
Removed: digest-xen-tools-3.1.0 digest-xen-tools-3.0.4_p1 |
8 |
Log: |
9 |
Security bump, see bug #193808 |
10 |
(Portage version: 2.1.2.12) |
11 |
|
12 |
Revision Changes Path |
13 |
1.1 app-emulation/xen-tools/files/xen-tools-3.0.4_p1-pygrub-security-fix.patch |
14 |
|
15 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/xen-tools/files/xen-tools-3.0.4_p1-pygrub-security-fix.patch?rev=1.1&view=markup |
16 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/xen-tools/files/xen-tools-3.0.4_p1-pygrub-security-fix.patch?rev=1.1&content-type=text/plain |
17 |
|
18 |
Index: xen-tools-3.0.4_p1-pygrub-security-fix.patch |
19 |
=================================================================== |
20 |
Protect pygrub from possible malicious content in guest grub |
21 |
config file. This fixes CVE-2007-4993. Original patch from |
22 |
Jeremy Katz, I updated to close 2 remaining issues pointed out |
23 |
by Christian and Keir, and to use setattr(self, ...). |
24 |
|
25 |
Signed-off-by: Chris Wright <chrisw@××××××××.org> |
26 |
|
27 |
(Tweeked for Xen 3.0.4) |
28 |
--- |
29 |
diff -r a00cc97b392a tools/pygrub/src/GrubConf.py |
30 |
--- a/tools/pygrub/src/GrubConf.py Wed Sep 12 09:43:33 2007 +0100 |
31 |
+++ b/tools/pygrub/src/GrubConf.py Mon Sep 24 12:43:19 2007 -0700 |
32 |
@@ -101,7 +101,7 @@ class GrubImage(object): |
33 |
|
34 |
if self.commands.has_key(com): |
35 |
if self.commands[com] is not None: |
36 |
- exec("%s = r\"%s\"" %(self.commands[com], arg.strip())) |
37 |
+ setattr(self, self.commands[com], arg.strip()) |
38 |
else: |
39 |
logging.info("Ignored image directive %s" %(com,)) |
40 |
else: |
41 |
@@ -142,11 +142,11 @@ class GrubImage(object): |
42 |
initrd = property(get_initrd, set_initrd) |
43 |
|
44 |
# set up command handlers |
45 |
- commands = { "title": "self.title", |
46 |
- "root": "self.root", |
47 |
- "rootnoverify": "self.root", |
48 |
- "kernel": "self.kernel", |
49 |
- "initrd": "self.initrd", |
50 |
+ commands = { "title": "title", |
51 |
+ "root": "root", |
52 |
+ "rootnoverify": "root", |
53 |
+ "kernel": "kernel", |
54 |
+ "initrd": "initrd", |
55 |
"chainloader": None, |
56 |
"module": None} |
57 |
|
58 |
@@ -195,7 +195,7 @@ class GrubConfigFile(object): |
59 |
(com, arg) = grub_exact_split(l, 2) |
60 |
if self.commands.has_key(com): |
61 |
if self.commands[com] is not None: |
62 |
- exec("%s = r\"%s\"" %(self.commands[com], arg.strip())) |
63 |
+ setattr(self, self.commands[com], arg.strip()) |
64 |
else: |
65 |
logging.info("Ignored directive %s" %(com,)) |
66 |
else: |
67 |
@@ -208,7 +208,7 @@ class GrubConfigFile(object): |
68 |
(com, arg) = grub_exact_split(line, 2) |
69 |
if self.commands.has_key(com): |
70 |
if self.commands[com] is not None: |
71 |
- exec("%s = r\"%s\"" %(self.commands[com], arg.strip())) |
72 |
+ setattr(self, self.commands[com], arg.strip()) |
73 |
else: |
74 |
logging.info("Ignored directive %s" %(com,)) |
75 |
else: |
76 |
@@ -236,12 +236,12 @@ class GrubConfigFile(object): |
77 |
splash = property(get_splash, set_splash) |
78 |
|
79 |
# set up command handlers |
80 |
- commands = { "default": "self.default", |
81 |
- "timeout": "self.timeout", |
82 |
- "fallback": "self.fallback", |
83 |
- "hiddenmenu": "self.hiddenmenu", |
84 |
- "splashimage": "self.splash", |
85 |
- "password": "self.password" } |
86 |
+ commands = { "default": "default", |
87 |
+ "timeout": "timeout", |
88 |
+ "fallback": "fallback", |
89 |
+ "hiddenmenu": "hiddenmenu", |
90 |
+ "splashimage": "splash", |
91 |
+ "password": "password" } |
92 |
for c in ("bootp", "color", "device", "dhcp", "hide", "ifconfig", |
93 |
"pager", "partnew", "parttype", "rarp", "serial", |
94 |
"setkey", "terminal", "terminfo", "tftpserver", "unhide"): |
95 |
|
96 |
|
97 |
|
98 |
1.1 app-emulation/xen-tools/files/xen-tools-3.1.0-pygrub-security-fix.patch |
99 |
|
100 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/xen-tools/files/xen-tools-3.1.0-pygrub-security-fix.patch?rev=1.1&view=markup |
101 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/xen-tools/files/xen-tools-3.1.0-pygrub-security-fix.patch?rev=1.1&content-type=text/plain |
102 |
|
103 |
Index: xen-tools-3.1.0-pygrub-security-fix.patch |
104 |
=================================================================== |
105 |
Protect pygrub from possible malicious content in guest grub |
106 |
config file. This fixes CVE-2007-4993. Original patch from |
107 |
Jeremy Katz, I updated to close 2 remaining issues pointed out |
108 |
by Christian and Keir, and to use setattr(self, ...). |
109 |
|
110 |
Signed-off-by: Chris Wright <chrisw@××××××××.org> |
111 |
|
112 |
(Tweeked for Xen 3.1.0) |
113 |
diff -rup xen-3.1.0-src.orig/tools/pygrub/src/GrubConf.py xen-3.1.0-src/tools/pygrub/src/GrubConf.py |
114 |
--- xen-3.1.0-src.orig/tools/pygrub/src/GrubConf.py 2007-05-18 07:45:21.000000000 -0700 |
115 |
+++ xen-3.1.0-src/tools/pygrub/src/GrubConf.py 2007-09-26 14:49:21.000000000 -0700 |
116 |
@@ -101,7 +101,7 @@ class GrubImage(object): |
117 |
|
118 |
if self.commands.has_key(com): |
119 |
if self.commands[com] is not None: |
120 |
- exec("%s = r\"%s\"" %(self.commands[com], arg.strip())) |
121 |
+ setattr(self, self.commands[com], arg.strip()) |
122 |
else: |
123 |
logging.info("Ignored image directive %s" %(com,)) |
124 |
else: |
125 |
@@ -142,11 +142,11 @@ class GrubImage(object): |
126 |
initrd = property(get_initrd, set_initrd) |
127 |
|
128 |
# set up command handlers |
129 |
- commands = { "title": "self.title", |
130 |
- "root": "self.root", |
131 |
- "rootnoverify": "self.root", |
132 |
- "kernel": "self.kernel", |
133 |
- "initrd": "self.initrd", |
134 |
+ commands = { "title": "title", |
135 |
+ "root": "root", |
136 |
+ "rootnoverify": "root", |
137 |
+ "kernel": "kernel", |
138 |
+ "initrd": "initrd", |
139 |
"chainloader": None, |
140 |
"module": None} |
141 |
|
142 |
@@ -195,7 +195,7 @@ class GrubConfigFile(object): |
143 |
(com, arg) = grub_exact_split(l, 2) |
144 |
if self.commands.has_key(com): |
145 |
if self.commands[com] is not None: |
146 |
- exec("%s = r\"%s\"" %(self.commands[com], arg.strip())) |
147 |
+ setattr(self, self.commands[com], arg.strip()) |
148 |
else: |
149 |
logging.info("Ignored directive %s" %(com,)) |
150 |
else: |
151 |
@@ -208,7 +208,7 @@ class GrubConfigFile(object): |
152 |
(com, arg) = grub_exact_split(line, 2) |
153 |
if self.commands.has_key(com): |
154 |
if self.commands[com] is not None: |
155 |
- exec("%s = r\"%s\"" %(self.commands[com], arg.strip())) |
156 |
+ setattr(self, self.commands[com], arg.strip()) |
157 |
else: |
158 |
logging.info("Ignored directive %s" %(com,)) |
159 |
else: |
160 |
@@ -236,12 +236,12 @@ class GrubConfigFile(object): |
161 |
splash = property(get_splash, set_splash) |
162 |
|
163 |
# set up command handlers |
164 |
- commands = { "default": "self.default", |
165 |
- "timeout": "self.timeout", |
166 |
- "fallback": "self.fallback", |
167 |
- "hiddenmenu": "self.hiddenmenu", |
168 |
- "splashimage": "self.splash", |
169 |
- "password": "self.password" } |
170 |
+ commands = { "default": "default", |
171 |
+ "timeout": "timeout", |
172 |
+ "fallback": "fallback", |
173 |
+ "hiddenmenu": "hiddenmenu", |
174 |
+ "splashimage": "splash", |
175 |
+ "password": "password" } |
176 |
for c in ("bootp", "color", "device", "dhcp", "hide", "ifconfig", |
177 |
"pager", "partnew", "parttype", "rarp", "serial", |
178 |
"setkey", "terminal", "terminfo", "tftpserver", "unhide"): |
179 |
diff -rup xen-3.1.0-src.orig/tools/pygrub/src/LiloConf.py xen-3.1.0-src/tools/pygrub/src/LiloConf.py |
180 |
--- xen-3.1.0-src.orig/tools/pygrub/src/LiloConf.py 2007-05-18 07:45:21.000000000 -0700 |
181 |
+++ xen-3.1.0-src/tools/pygrub/src/LiloConf.py 2007-09-26 14:52:30.000000000 -0700 |
182 |
@@ -30,7 +30,7 @@ class LiloImage(object): |
183 |
|
184 |
if self.commands.has_key(com): |
185 |
if self.commands[com] is not None: |
186 |
- exec("%s = r\'%s\'" %(self.commands[com], re.sub('^"(.+)"$', r"\1", arg.strip()))) |
187 |
+ setattr(self, self.commands[com], re.sub('^"(.+)"$', r"\1", arg.strip())) |
188 |
else: |
189 |
logging.info("Ignored image directive %s" %(com,)) |
190 |
else: |
191 |
@@ -56,12 +56,12 @@ class LiloImage(object): |
192 |
initrd = property(get_initrd, set_initrd) |
193 |
|
194 |
# set up command handlers |
195 |
- commands = { "label": "self.title", |
196 |
- "root": "self.root", |
197 |
- "rootnoverify": "self.root", |
198 |
- "image": "self.kernel", |
199 |
- "initrd": "self.initrd", |
200 |
- "append": "self.args", |
201 |
+ commands = { "label": "title", |
202 |
+ "root": "root", |
203 |
+ "rootnoverify": "root", |
204 |
+ "image": "kernel", |
205 |
+ "initrd": "initrd", |
206 |
+ "append": "args", |
207 |
"read-only": None, |
208 |
"chainloader": None, |
209 |
"module": None} |
210 |
@@ -111,7 +111,7 @@ class LiloConfigFile(object): |
211 |
(com, arg) = GrubConf.grub_exact_split(l, 2) |
212 |
if self.commands.has_key(com): |
213 |
if self.commands[com] is not None: |
214 |
- exec("%s = r\"%s\"" %(self.commands[com], arg.strip())) |
215 |
+ setattr(self, self.commands[com], arg.strip()) |
216 |
else: |
217 |
logging.info("Ignored directive %s" %(com,)) |
218 |
else: |
219 |
|
220 |
|
221 |
|
222 |
1.1 app-emulation/xen-tools/files/digest-xen-tools-3.1.0-r1 |
223 |
|
224 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/xen-tools/files/digest-xen-tools-3.1.0-r1?rev=1.1&view=markup |
225 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/xen-tools/files/digest-xen-tools-3.1.0-r1?rev=1.1&content-type=text/plain |
226 |
|
227 |
Index: digest-xen-tools-3.1.0-r1 |
228 |
=================================================================== |
229 |
MD5 b7ae1f652b071862ae4c90b72d549627 xen-3.1.0-src.tgz 6831094 |
230 |
RMD160 2fd65a3b81e522d0ed2d62fd11e5977167f1ceb3 xen-3.1.0-src.tgz 6831094 |
231 |
SHA256 b5d7cea6deeee1439e8883fed4b3f1a8e4f675b4af8148178721f99bd76676b7 xen-3.1.0-src.tgz 6831094 |
232 |
|
233 |
|
234 |
|
235 |
1.1 app-emulation/xen-tools/files/digest-xen-tools-3.0.4_p1-r1 |
236 |
|
237 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/xen-tools/files/digest-xen-tools-3.0.4_p1-r1?rev=1.1&view=markup |
238 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/xen-tools/files/digest-xen-tools-3.0.4_p1-r1?rev=1.1&content-type=text/plain |
239 |
|
240 |
Index: digest-xen-tools-3.0.4_p1-r1 |
241 |
=================================================================== |
242 |
MD5 e85e16ad3dc354338e3ac4a8951f9649 xen-3.0.4_1-src.tgz 6473636 |
243 |
RMD160 f869eec35f6afe0bc9824ce2eb4a600f789d423b xen-3.0.4_1-src.tgz 6473636 |
244 |
SHA256 6b3842393e69a9c8fcdbc2789d05830aba6f1d108a6f97f1448de4a86f92a5cb xen-3.0.4_1-src.tgz 6473636 |
245 |
|
246 |
|
247 |
|
248 |
-- |
249 |
gentoo-commits@g.o mailing list |