diff options
| author |   Michael Marineau <marineam@gentoo.org> | 2007-09-26 22:43:50 +0000 |
|---|---|---|
| committer | Michael Marineau <marineam@gentoo.org> | 2007-09-26 22:43:50 +0000 |
| commit | 0d66cbda935b832a02af7c5db9508a408a786e1f (patch) | |
| tree | 62128954a25db4b36406071ea6c4b78a36ddc1de /app-emulation/xen-tools/files | |
| parent | Revision bump, grabbing up till Linux 2.6.22.9. (diff) | |
| download | gentoo-2-0d66cbda935b832a02af7c5db9508a408a786e1f.tar.gz gentoo-2-0d66cbda935b832a02af7c5db9508a408a786e1f.tar.bz2 gentoo-2-0d66cbda935b832a02af7c5db9508a408a786e1f.zip | |
Security bump, see bug #193808
(Portage version: 2.1.2.12)
Diffstat (limited to 'app-emulation/xen-tools/files')
| -rw-r--r-- | app-emulation/xen-tools/files/digest-xen-tools-3.0.4_p1-r1 (renamed from app-emulation/xen-tools/files/digest-xen-tools-3.0.4_p1) | 0 | ||||
| -rw-r--r-- | app-emulation/xen-tools/files/digest-xen-tools-3.1.0-r1 (renamed from app-emulation/xen-tools/files/digest-xen-tools-3.1.0) | 0 | ||||
| -rw-r--r-- | app-emulation/xen-tools/files/xen-tools-3.0.4_p1-pygrub-security-fix.patch | 75 | ||||
| -rw-r--r-- | app-emulation/xen-tools/files/xen-tools-3.1.0-pygrub-security-fix.patch | 114 |
4 files changed, 189 insertions, 0 deletions
diff --git a/app-emulation/xen-tools/files/digest-xen-tools-3.0.4_p1 b/app-emulation/xen-tools/files/digest-xen-tools-3.0.4_p1-r1 index 7aadef066796..7aadef066796 100644 --- a/app-emulation/xen-tools/files/digest-xen-tools-3.0.4_p1 +++ b/app-emulation/xen-tools/files/digest-xen-tools-3.0.4_p1-r1 diff --git a/app-emulation/xen-tools/files/digest-xen-tools-3.1.0 b/app-emulation/xen-tools/files/digest-xen-tools-3.1.0-r1 index e436de9ac59e..e436de9ac59e 100644 --- a/app-emulation/xen-tools/files/digest-xen-tools-3.1.0 +++ b/app-emulation/xen-tools/files/digest-xen-tools-3.1.0-r1 diff --git a/app-emulation/xen-tools/files/xen-tools-3.0.4_p1-pygrub-security-fix.patch b/app-emulation/xen-tools/files/xen-tools-3.0.4_p1-pygrub-security-fix.patch new file mode 100644 index 000000000000..73432d412faf --- /dev/null +++ b/app-emulation/xen-tools/files/xen-tools-3.0.4_p1-pygrub-security-fix.patch @@ -0,0 +1,75 @@ +Protect pygrub from possible malicious content in guest grub +config file. This fixes CVE-2007-4993. Original patch from +Jeremy Katz, I updated to close 2 remaining issues pointed out +by Christian and Keir, and to use setattr(self, ...). + +Signed-off-by: Chris Wright <chrisw@sous-sol.org> + +(Tweeked for Xen 3.0.4) +--- +diff -r a00cc97b392a tools/pygrub/src/GrubConf.py +--- a/tools/pygrub/src/GrubConf.py Wed Sep 12 09:43:33 2007 +0100 ++++ b/tools/pygrub/src/GrubConf.py Mon Sep 24 12:43:19 2007 -0700 +@@ -101,7 +101,7 @@ class GrubImage(object): + + if self.commands.has_key(com): + if self.commands[com] is not None: +- exec("%s = r\"%s\"" %(self.commands[com], arg.strip())) ++ setattr(self, self.commands[com], arg.strip()) + else: + logging.info("Ignored image directive %s" %(com,)) + else: +@@ -142,11 +142,11 @@ class GrubImage(object): + initrd = property(get_initrd, set_initrd) + + # set up command handlers +- commands = { "title": "self.title", +- "root": "self.root", +- "rootnoverify": "self.root", +- "kernel": "self.kernel", +- "initrd": "self.initrd", ++ commands = { "title": "title", ++ "root": "root", ++ "rootnoverify": "root", ++ "kernel": "kernel", ++ "initrd": "initrd", + "chainloader": None, + "module": None} + +@@ -195,7 +195,7 @@ class GrubConfigFile(object): + (com, arg) = grub_exact_split(l, 2) + if self.commands.has_key(com): + if self.commands[com] is not None: +- exec("%s = r\"%s\"" %(self.commands[com], arg.strip())) ++ setattr(self, self.commands[com], arg.strip()) + else: + logging.info("Ignored directive %s" %(com,)) + else: +@@ -208,7 +208,7 @@ class GrubConfigFile(object): + (com, arg) = grub_exact_split(line, 2) + if self.commands.has_key(com): + if self.commands[com] is not None: +- exec("%s = r\"%s\"" %(self.commands[com], arg.strip())) ++ setattr(self, self.commands[com], arg.strip()) + else: + logging.info("Ignored directive %s" %(com,)) + else: +@@ -236,12 +236,12 @@ class GrubConfigFile(object): + splash = property(get_splash, set_splash) + + # set up command handlers +- commands = { "default": "self.default", +- "timeout": "self.timeout", +- "fallback": "self.fallback", +- "hiddenmenu": "self.hiddenmenu", +- "splashimage": "self.splash", +- "password": "self.password" } ++ commands = { "default": "default", ++ "timeout": "timeout", ++ "fallback": "fallback", ++ "hiddenmenu": "hiddenmenu", ++ "splashimage": "splash", ++ "password": "password" } + for c in ("bootp", "color", "device", "dhcp", "hide", "ifconfig", + "pager", "partnew", "parttype", "rarp", "serial", + "setkey", "terminal", "terminfo", "tftpserver", "unhide"): diff --git a/app-emulation/xen-tools/files/xen-tools-3.1.0-pygrub-security-fix.patch b/app-emulation/xen-tools/files/xen-tools-3.1.0-pygrub-security-fix.patch new file mode 100644 index 000000000000..c4e1222caf7a --- /dev/null +++ b/app-emulation/xen-tools/files/xen-tools-3.1.0-pygrub-security-fix.patch @@ -0,0 +1,114 @@ +Protect pygrub from possible malicious content in guest grub +config file. This fixes CVE-2007-4993. Original patch from +Jeremy Katz, I updated to close 2 remaining issues pointed out +by Christian and Keir, and to use setattr(self, ...). + +Signed-off-by: Chris Wright <chrisw@sous-sol.org> + +(Tweeked for Xen 3.1.0) +diff -rup xen-3.1.0-src.orig/tools/pygrub/src/GrubConf.py xen-3.1.0-src/tools/pygrub/src/GrubConf.py +--- xen-3.1.0-src.orig/tools/pygrub/src/GrubConf.py 2007-05-18 07:45:21.000000000 -0700 ++++ xen-3.1.0-src/tools/pygrub/src/GrubConf.py 2007-09-26 14:49:21.000000000 -0700 +@@ -101,7 +101,7 @@ class GrubImage(object): + + if self.commands.has_key(com): + if self.commands[com] is not None: +- exec("%s = r\"%s\"" %(self.commands[com], arg.strip())) ++ setattr(self, self.commands[com], arg.strip()) + else: + logging.info("Ignored image directive %s" %(com,)) + else: +@@ -142,11 +142,11 @@ class GrubImage(object): + initrd = property(get_initrd, set_initrd) + + # set up command handlers +- commands = { "title": "self.title", +- "root": "self.root", +- "rootnoverify": "self.root", +- "kernel": "self.kernel", +- "initrd": "self.initrd", ++ commands = { "title": "title", ++ "root": "root", ++ "rootnoverify": "root", ++ "kernel": "kernel", ++ "initrd": "initrd", + "chainloader": None, + "module": None} + +@@ -195,7 +195,7 @@ class GrubConfigFile(object): + (com, arg) = grub_exact_split(l, 2) + if self.commands.has_key(com): + if self.commands[com] is not None: +- exec("%s = r\"%s\"" %(self.commands[com], arg.strip())) ++ setattr(self, self.commands[com], arg.strip()) + else: + logging.info("Ignored directive %s" %(com,)) + else: +@@ -208,7 +208,7 @@ class GrubConfigFile(object): + (com, arg) = grub_exact_split(line, 2) + if self.commands.has_key(com): + if self.commands[com] is not None: +- exec("%s = r\"%s\"" %(self.commands[com], arg.strip())) ++ setattr(self, self.commands[com], arg.strip()) + else: + logging.info("Ignored directive %s" %(com,)) + else: +@@ -236,12 +236,12 @@ class GrubConfigFile(object): + splash = property(get_splash, set_splash) + + # set up command handlers +- commands = { "default": "self.default", +- "timeout": "self.timeout", +- "fallback": "self.fallback", +- "hiddenmenu": "self.hiddenmenu", +- "splashimage": "self.splash", +- "password": "self.password" } ++ commands = { "default": "default", ++ "timeout": "timeout", ++ "fallback": "fallback", ++ "hiddenmenu": "hiddenmenu", ++ "splashimage": "splash", ++ "password": "password" } + for c in ("bootp", "color", "device", "dhcp", "hide", "ifconfig", + "pager", "partnew", "parttype", "rarp", "serial", + "setkey", "terminal", "terminfo", "tftpserver", "unhide"): +diff -rup xen-3.1.0-src.orig/tools/pygrub/src/LiloConf.py xen-3.1.0-src/tools/pygrub/src/LiloConf.py +--- xen-3.1.0-src.orig/tools/pygrub/src/LiloConf.py 2007-05-18 07:45:21.000000000 -0700 ++++ xen-3.1.0-src/tools/pygrub/src/LiloConf.py 2007-09-26 14:52:30.000000000 -0700 +@@ -30,7 +30,7 @@ class LiloImage(object): + + if self.commands.has_key(com): + if self.commands[com] is not None: +- exec("%s = r\'%s\'" %(self.commands[com], re.sub('^"(.+)"$', r"\1", arg.strip()))) ++ setattr(self, self.commands[com], re.sub('^"(.+)"$', r"\1", arg.strip())) + else: + logging.info("Ignored image directive %s" %(com,)) + else: +@@ -56,12 +56,12 @@ class LiloImage(object): + initrd = property(get_initrd, set_initrd) + + # set up command handlers +- commands = { "label": "self.title", +- "root": "self.root", +- "rootnoverify": "self.root", +- "image": "self.kernel", +- "initrd": "self.initrd", +- "append": "self.args", ++ commands = { "label": "title", ++ "root": "root", ++ "rootnoverify": "root", ++ "image": "kernel", ++ "initrd": "initrd", ++ "append": "args", + "read-only": None, + "chainloader": None, + "module": None} +@@ -111,7 +111,7 @@ class LiloConfigFile(object): + (com, arg) = GrubConf.grub_exact_split(l, 2) + if self.commands.has_key(com): + if self.commands[com] is not None: +- exec("%s = r\"%s\"" %(self.commands[com], arg.strip())) ++ setattr(self, self.commands[com], arg.strip()) + else: + logging.info("Ignored directive %s" %(com,)) + else: |