head	1.2;
access;
symbols
	pkgsrc-2016Q4:1.1.0.2
	pkgsrc-2016Q4-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2016.12.29.19.13.03;	author wiz;	state dead;
branches;
next	1.1;
commitid	kFYPk8EnajcmFUzz;

1.1
date	2016.11.22.20.53.40;	author bouyer;	state Exp;
branches;
next	;
commitid	o5sczsI7INv1pavz;


desc
@@


1.2
log
@Remove xenkernel and tools versions 3, 33, and 41.

As discussed on pkgsrc-users.
@
text
@$NetBSD: patch-XSA-198,v 1.1 2016/11/22 20:53:40 bouyer Exp $

Backported from:

From 71a389ae940bc52bf897a6e5becd73fd8ede94c5 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ian.jackson@@eu.citrix.com>
Date: Thu, 3 Nov 2016 16:37:40 +0000
Subject: [PATCH] pygrub: Properly quote results, when returning them to the
 caller:

* When the caller wants sexpr output, use `repr()'
  This is what Xend expects.

  The returned S-expressions are now escaped and quoted by Python,
  generally using '...'.  Previously kernel and ramdisk were unquoted
  and args was quoted with "..." but without proper escaping.  This
  change may break toolstacks which do not properly dequote the
  returned S-expressions.

* When the caller wants "simple" output, crash if the delimiter is
  contained in the returned value.

  With --output-format=simple it does not seem like this could ever
  happen, because the bootloader config parsers all take line-based
  input from the various bootloader config files.

  With --output-format=simple0, this can happen if the bootloader
  config file contains nul bytes.

This is XSA-198.

Signed-off-by: Ian Jackson <Ian.Jackson@@eu.citrix.com>
Tested-by: Ian Jackson <Ian.Jackson@@eu.citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@@citrix.com>

--- pygrub/src/pygrub.orig	2013-09-10 08:42:18.000000000 +0200
+++ pygrub/src/pygrub	2016-11-22 16:26:10.000000000 +0100
@@@@ -653,14 +653,17 @@@@
     return cfg
 
 def format_sxp(kernel, ramdisk, args):
-    s = "linux (kernel %s)" % kernel
+    s = "linux (kernel %s)" % repr(kernel)
     if ramdisk:
-        s += "(ramdisk %s)" % ramdisk
+        s += "(ramdisk %s)" % repr(ramdisk)
     if args:
-        s += "(args \"%s\")" % args
+        s += "(args %s)" % repr(args)
     return s
                 
 def format_simple(kernel, ramdisk, args, sep):
+    for check in (kernel, ramdisk, args):
+        if check is not None and sep in check:
+            raise RuntimeError, "simple format cannot represent delimiter-containing value"
     s = ("kernel %s" % kernel) + sep
     if ramdisk:
         s += ("ramdisk %s" % ramdisk) + sep
@


1.1
log
@Backport upstream patches, fixing today's XSA 191, 192, 195, 197, 198.
Bump PKGREVISIONs
@
text
@d1 1
a1 1
$NetBSD: $
@