rpms/xen/devel pygrub-dont-exec.patch, NONE, 1.1 xen-qemu-ne2000-CVE-2007-1321.patch, NONE, 1.1 xen.spec, 1.190, 1.191
Chris Lalancette (clalance)
fedora-extras-commits at redhat.com
Wed Sep 26 15:44:02 UTC 2007
Author: clalance
Update of /cvs/pkgs/rpms/xen/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20672
Modified Files:
xen.spec
Added Files:
pygrub-dont-exec.patch xen-qemu-ne2000-CVE-2007-1321.patch
Log Message:
- Fixes for CVE-2007-1321, CVE-2007-4993
pygrub-dont-exec.patch:
--- NEW FILE pygrub-dont-exec.patch ---
diff -up xen-3.1.0-src/tools/pygrub/src/GrubConf.py.noexec xen-3.1.0-src/tools/pygrub/src/GrubConf.py
--- xen-3.1.0-src/tools/pygrub/src/GrubConf.py.noexec 2007-09-25 15:20:14.000000000 -0400
+++ xen-3.1.0-src/tools/pygrub/src/GrubConf.py 2007-09-25 15:20:25.000000000 -0400
@@ -101,7 +101,7 @@ class GrubImage(object):
if self.commands.has_key(com):
if self.commands[com] is not None:
- exec("%s = r\"%s\"" %(self.commands[com], arg.strip()))
+ setattr(self, self.commands[com], arg.strip())
else:
logging.info("Ignored image directive %s" %(com,))
else:
@@ -142,11 +142,11 @@ class GrubImage(object):
initrd = property(get_initrd, set_initrd)
# set up command handlers
- commands = { "title": "self.title",
- "root": "self.root",
- "rootnoverify": "self.root",
- "kernel": "self.kernel",
- "initrd": "self.initrd",
+ commands = { "title": "title",
+ "root": "root",
+ "rootnoverify": "root",
+ "kernel": "kernel",
+ "initrd": "initrd",
"chainloader": None,
"module": None}
@@ -195,7 +195,7 @@ class GrubConfigFile(object):
(com, arg) = grub_exact_split(l, 2)
if self.commands.has_key(com):
if self.commands[com] is not None:
- exec("%s = r\"%s\"" %(self.commands[com], arg.strip()))
+ setattr(self, self.commands[com], arg.strip())
else:
logging.info("Ignored directive %s" %(com,))
else:
@@ -208,7 +208,7 @@ class GrubConfigFile(object):
(com, arg) = grub_exact_split(line, 2)
if self.commands.has_key(com):
if self.commands[com] is not None:
- exec("%s = r\"%s\"" %(self.commands[com], arg.strip()))
+ setattr(self, self.commands[com], arg.strip())
else:
logging.info("Ignored directive %s" %(com,))
else:
@@ -236,12 +236,12 @@ class GrubConfigFile(object):
splash = property(get_splash, set_splash)
# set up command handlers
- commands = { "default": "self.default",
- "timeout": "self.timeout",
- "fallback": "self.fallback",
- "hiddenmenu": "self.hiddenmenu",
- "splashimage": "self.splash",
- "password": "self.password" }
+ commands = { "default": "default",
+ "timeout": "timeout",
+ "fallback": "fallback",
+ "hiddenmenu": "hiddenmenu",
+ "splashimage": "splash",
+ "password": "password" }
for c in ("bootp", "color", "device", "dhcp", "hide", "ifconfig",
"pager", "partnew", "parttype", "rarp", "serial",
"setkey", "terminal", "terminfo", "tftpserver", "unhide"):
diff -up xen-3.1.0-src/tools/pygrub/src/LiloConf.py.noexec xen-3.1.0-src/tools/pygrub/src/LiloConf.py
--- xen-3.1.0-src/tools/pygrub/src/LiloConf.py.noexec 2007-09-25 15:20:18.000000000 -0400
+++ xen-3.1.0-src/tools/pygrub/src/LiloConf.py 2007-09-25 15:20:23.000000000 -0400
@@ -30,7 +30,7 @@ class LiloImage(object):
if self.commands.has_key(com):
if self.commands[com] is not None:
- exec("%s = r\'%s\'" %(self.commands[com], re.sub('^"(.+)"$', r"\1", arg.strip())))
+ setattr(self, self.commands[com], re.sub('^"(.+)"$', r"\1", arg.strip()))
else:
logging.info("Ignored image directive %s" %(com,))
else:
@@ -56,12 +56,12 @@ class LiloImage(object):
initrd = property(get_initrd, set_initrd)
# set up command handlers
- commands = { "label": "self.title",
- "root": "self.root",
- "rootnoverify": "self.root",
- "image": "self.kernel",
- "initrd": "self.initrd",
- "append": "self.args",
+ commands = { "label": "title",
+ "root": "root",
+ "rootnoverify": "root",
+ "image": "kernel",
+ "initrd": "initrd",
+ "append": "args",
"read-only": None,
"chainloader": None,
"module": None}
@@ -111,7 +111,7 @@ class LiloConfigFile(object):
(com, arg) = GrubConf.grub_exact_split(l, 2)
if self.commands.has_key(com):
if self.commands[com] is not None:
- exec("%s = r\"%s\"" %(self.commands[com], arg.strip()))
+ setattr(self, self.commands[com], arg.strip())
else:
logging.info("Ignored directive %s" %(com,))
else:
xen-qemu-ne2000-CVE-2007-1321.patch:
--- NEW FILE xen-qemu-ne2000-CVE-2007-1321.patch ---
diff -up xen-3.0.3_0-src/tools/ioemu/hw/ne2000.c.cve xen-3.0.3_0-src/tools/ioemu/hw/ne2000.c
--- xen-3.0.3_0-src/tools/ioemu/hw/ne2000.c.cve 2007-09-25 10:27:44.000000000 -0400
+++ xen-3.0.3_0-src/tools/ioemu/hw/ne2000.c 2007-09-25 10:27:47.000000000 -0400
@@ -252,7 +252,7 @@ static void ne2000_receive(void *opaque,
{
NE2000State *s = opaque;
uint8_t *p;
- int total_len, next, avail, len, index, mcast_idx;
+ unsigned int total_len, next, avail, len, index, mcast_idx;
uint8_t buf1[60];
static const uint8_t broadcast_macaddr[6] =
{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
@@ -327,7 +327,10 @@ static void ne2000_receive(void *opaque,
/* write packet data */
while (size > 0) {
- avail = s->stop - index;
+ if (index <= s->stop)
+ avail = s->stop - index;
+ else
+ avail = 0;
len = size;
if (len > avail)
len = avail;
Index: xen.spec
===================================================================
RCS file: /cvs/pkgs/rpms/xen/devel/xen.spec,v
retrieving revision 1.190
retrieving revision 1.191
diff -u -r1.190 -r1.191
--- xen.spec 25 Sep 2007 05:00:17 -0000 1.190
+++ xen.spec 26 Sep 2007 15:43:29 -0000 1.191
@@ -3,7 +3,7 @@
Summary: Xen is a virtual machine monitor
Name: xen
Version: 3.1.0
-Release: 9%{?dist}
+Release: 10%{?dist}
Group: Development/Libraries
License: GPL
URL: http://www.cl.cam.ac.uk/Research/SRG/netos/xen/index.html
@@ -51,6 +51,11 @@
# Performance fix for listing domains
Patch280: xen-xs-transactions.patch
+# CVE-2007-1321
+Patch600: xen-qemu-ne2000-CVE-2007-1321.patch
+# CVE-2007-4993
+Patch601: pygrub-dont-exec.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: transfig libidn-devel zlib-devel texi2html SDL-devel curl-devel
BuildRequires: libX11-devel python-devel ghostscript tetex-latex
@@ -158,6 +163,10 @@
# performance patch
%patch280 -p1
+# CVE patches
+%patch600 -p1
+%patch601 -p1
+
%build
CFLAGS="$RPM_OPT_FLAGS" %{__make} XENFB_TOOLS=y XEN_PYTHON_NATIVE_INSTALL=1 DESTDIR=%{buildroot} tools docs
@@ -278,6 +287,10 @@
%{_libdir}/*.a
%changelog
+* Wed Sep 26 2007 Chris Lalancette <clalance at redhat.com> - 3.1.0-10.fc8
+- QEmu NE2000 overflow check - CVE-2007-1321
+- Pygrub guest escape - CVE-2007-4993
+
* Mon Sep 24 2007 Daniel P. Berrange <berrange at redhat.com> - 3.1.0-9.fc8
- Fix generation of manual pages (rhbz #250791)
- Really fix FC-6 32-on-64 guests
More information about the fedora-extras-commits
mailing list