[linux] 01/03: abiupdate.py: Use current config instead of downloading previous config
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Fri Jan 12 02:37:56 UTC 2018
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch wheezy-security
in repository linux.
commit 561b3f01c7ed947f31ac3238bbee416c2fb32b1b
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Sat Jan 7 17:42:39 2017 +0000
abiupdate.py: Use current config instead of downloading previous config
Until we authenticate downloads we should not do this as pickle.load
allows running arbitrary code.
(cherry picked from commit f3ddd1118d6dbde61b5a59ca7fb8a44122ab9aae,
plus a little bit of commit eb1f86e012a2cce3b7b381ed59c52fbd494208f9)
---
debian/bin/abiupdate.py | 15 ++++++---------
debian/changelog | 6 ++++++
2 files changed, 12 insertions(+), 9 deletions(-)
diff --git a/debian/bin/abiupdate.py b/debian/bin/abiupdate.py
index 69a2a23..fbec1d4 100755
--- a/debian/bin/abiupdate.py
+++ b/debian/bin/abiupdate.py
@@ -63,9 +63,9 @@ class Main(object):
self.version = changelog.version.linux_version
self.version_source = changelog.version.complete
- local_config = ConfigCoreDump(fp=file("debian/config.defines.dump"))
+ self.config = ConfigCoreDump(fp=file("debian/config.defines.dump"))
- self.version_abi = local_config['version', ]['abiname']
+ self.version_abi = self.config['version', ]['abiname']
def __call__(self):
self.dir = tempfile.mkdtemp(prefix='abiupdate')
@@ -103,13 +103,10 @@ class Main(object):
return s
def get_config(self):
- filename = "linux-support-%s_%s_all.deb" % (self.version_abi, self.version_source)
- f = self.retrieve_package(self.url_config, filename, 'all')
- d = self.extract_package(f, "linux-support")
- c = d + "/usr/src/linux-support-" + self.version_abi + "/config.defines.dump"
- config = ConfigCoreDump(fp=file(c))
- shutil.rmtree(d)
- return config
+ # XXX We used to fetch the previous version of linux-support here,
+ # but until we authenticate downloads we should not do that as
+ # pickle.load allows running arbitrary code.
+ return self.config
def retrieve_package(self, url, filename, arch):
u = url(self.source, filename, arch)
diff --git a/debian/changelog b/debian/changelog
index 60893a1..dbe4225 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+linux (3.2.96-4) UNRELEASED; urgency=medium
+
+ * abiupdate.py: Use current config instead of downloading previous config
+
+ -- Ben Hutchings <ben at decadent.org.uk> Sat, 07 Jan 2017 17:41:34 +0000
+
linux (3.2.96-3) wheezy-security; urgency=high
* [amd64] Implement Kernel Page Table Isolation (KPTI, aka KAISER)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list