abiupdate.py: Use current config instead of downloading previous config

Until we authenticate downloads we should not do this as pickle.load
allows running arbitrary code.

debian/bin/abiupdate.py

@@ -110,13 +110,10 @@ class Main(object):
         return version_abi, s
 
     def get_config(self):
-        filename = "linux-support-%s_%s_all.deb" % (self.version_abi, self.version_source)
-        f = self.retrieve_package(self.url_config, filename, 'all')
-        d = self.extract_package(f, "linux-support")
-        c = d + "/usr/src/linux-support-" + self.version_abi + "/config.defines.dump"
-        config = ConfigCoreDump(fp=open(c, "rb"))
-        shutil.rmtree(d)
-        return config
+        # XXX We used to fetch the previous version of linux-support here,
+        # but until we authenticate downloads we should not do that as
+        # pickle.load allows running arbitrary code.
+        return self.config
 
     def retrieve_package(self, url, filename, arch):
         u = url(self.source, filename, arch)

debian/changelog

@@ -1,3 +1,9 @@
+linux (4.9.1-1~exp2) UNRELEASED; urgency=medium
+
+  * abiupdate.py: Use current config instead of downloading previous config
+
+ -- Ben Hutchings <ben@decadent.org.uk>  Sat, 07 Jan 2017 17:41:34 +0000
+
 linux (4.9.1-1~exp1) experimental; urgency=medium
 
   * New upstream release: https://kernelnewbies.org/Linux_4.9