Bastian Blank
2007-Oct-04 06:47 UTC
[Pkg-xen-changes] r457 - in trunk/xen-3/debian: . patches
Author: waldi
Date: Thu Oct 4 06:47:45 2007
New Revision: 457
Log:
* debian/changelog: Update.
* debian/patches/series: Update.
* debian/patches/tools-pygrub-CVE-2007-4993.patch: Add.
Added:
trunk/xen-3/debian/patches/tools-pygrub-CVE-2007-4993.patch
Modified:
trunk/xen-3/debian/changelog
trunk/xen-3/debian/patches/series
Modified: trunk/xen-3/debian/changelog
=============================================================================---
trunk/xen-3/debian/changelog (original)
+++ trunk/xen-3/debian/changelog Thu Oct 4 06:47:45 2007
@@ -1,3 +1,10 @@
+xen-3 (3.1.0-3) UNRELEASED; urgency=high
+
+ * Don''t use exec with untrusted values in pygrub. (closes: #444430)
+ See CVE-2007-4993.
+
+ -- Bastian Blank <waldi at debian.org> Thu, 04 Oct 2007 08:46:48 +0200
+
xen-3 (3.1.0-2) unstable; urgency=low
* Switch to texlive for documentation.
Modified: trunk/xen-3/debian/patches/series
=============================================================================---
trunk/xen-3/debian/patches/series (original)
+++ trunk/xen-3/debian/patches/series Thu Oct 4 06:47:45 2007
@@ -15,3 +15,4 @@
tools-xenfb-prefix.diff
tools-misc-xend-race.diff
doc-remove-unused.diff
+tools-pygrub-CVE-2007-4993.patch
Added: trunk/xen-3/debian/patches/tools-pygrub-CVE-2007-4993.patch
=============================================================================---
(empty file)
+++ trunk/xen-3/debian/patches/tools-pygrub-CVE-2007-4993.patch Thu Oct 4
06:47:45 2007
@@ -0,0 +1,107 @@
+diff -r 55c45361bbe3 -r 70bb28b62ffb tools/pygrub/src/GrubConf.py
+--- a/tools/pygrub/src/GrubConf.py Tue Sep 25 09:30:00 2007 +0100
++++ b/tools/pygrub/src/GrubConf.py Tue Sep 25 09:34:36 2007 +0100
+@@ -101,7 +101,7 @@ class GrubImage(object):
+
+ if self.commands.has_key(com):
+ if self.commands[com] is not None:
+- exec("%s = r\"%s\"" %(self.commands[com],
arg.strip()))
++ setattr(self, self.commands[com], arg.strip())
+ else:
+ logging.info("Ignored image directive %s" %(com,))
+ else:
+@@ -142,11 +142,11 @@ class GrubImage(object):
+ initrd = property(get_initrd, set_initrd)
+
+ # set up command handlers
+- commands = { "title": "self.title",
+- "root": "self.root",
+- "rootnoverify": "self.root",
+- "kernel": "self.kernel",
+- "initrd": "self.initrd",
++ commands = { "title": "title",
++ "root": "root",
++ "rootnoverify": "root",
++ "kernel": "kernel",
++ "initrd": "initrd",
+ "chainloader": None,
+ "module": None}
+
+@@ -195,7 +195,7 @@ class GrubConfigFile(object):
+ (com, arg) = grub_exact_split(l, 2)
+ if self.commands.has_key(com):
+ if self.commands[com] is not None:
+- exec("%s = r\"%s\""
%(self.commands[com], arg.strip()))
++ setattr(self, self.commands[com], arg.strip())
+ else:
+ logging.info("Ignored directive %s" %(com,))
+ else:
+@@ -208,7 +208,7 @@ class GrubConfigFile(object):
+ (com, arg) = grub_exact_split(line, 2)
+ if self.commands.has_key(com):
+ if self.commands[com] is not None:
+- exec("%s = r\"%s\"" %(self.commands[com],
arg.strip()))
++ setattr(self, self.commands[com], arg.strip())
+ else:
+ logging.info("Ignored directive %s" %(com,))
+ else:
+@@ -236,12 +236,12 @@ class GrubConfigFile(object):
+ splash = property(get_splash, set_splash)
+
+ # set up command handlers
+- commands = { "default": "self.default",
+- "timeout": "self.timeout",
+- "fallback": "self.fallback",
+- "hiddenmenu": "self.hiddenmenu",
+- "splashimage": "self.splash",
+- "password": "self.password" }
++ commands = { "default": "default",
++ "timeout": "timeout",
++ "fallback": "fallback",
++ "hiddenmenu": "hiddenmenu",
++ "splashimage": "splash",
++ "password": "password" }
+ for c in ("bootp", "color", "device",
"dhcp", "hide", "ifconfig",
+ "pager", "partnew", "parttype",
"rarp", "serial",
+ "setkey", "terminal", "terminfo",
"tftpserver", "unhide"):
+diff -r 55c45361bbe3 -r 70bb28b62ffb tools/pygrub/src/LiloConf.py
+--- a/tools/pygrub/src/LiloConf.py Tue Sep 25 09:30:00 2007 +0100
++++ b/tools/pygrub/src/LiloConf.py Tue Sep 25 09:34:36 2007 +0100
+@@ -31,7 +31,7 @@ class LiloImage(object):
+
+ if self.commands.has_key(com):
+ if self.commands[com] is not None:
+- exec("%s = r\''%s\''"
%(self.commands[com], re.sub(''^"(.+)"$'',
r"\1", arg.strip())))
++ setattr(self, self.commands[com],
re.sub(''^"(.+)"$'', r"\1", arg.strip()))
+ else:
+ logging.info("Ignored image directive %s" %(com,))
+ else:
+@@ -74,13 +74,13 @@ class LiloImage(object):
+ initrd = property(get_initrd, set_initrd)
+
+ # set up command handlers
+- commands = { "label": "self.title",
+- "root": "self.root",
+- "rootnoverify": "self.root",
+- "image": "self.kernel",
+- "initrd": "self.initrd",
+- "append": "self.args",
++ commands = { "label": "title",
++ "root": "root",
++ "rootnoverify": "root",
++ "image": "kernel",
++ "initrd": "initrd",
++ "append": "args",
+ "read-only": None,
+ "chainloader": None,
+ "module": None}
+
+@@ -129,7 +129,7 @@ class LiloConfigFile(object):
+ (com, arg) = GrubConf.grub_exact_split(l, 2)
+ if self.commands.has_key(com):
+ if self.commands[com] is not None:
+- exec("%s = r\"%s\""
%(self.commands[com], arg.strip()))
++ setattr(self, self.commands[com], arg.strip())
+ else:
+ logging.info("Ignored directive %s" %(com,))
+ else: