Adding security folks to cc. On Sat, 2013-03-02 at 08:46 +0100, Sebastian Melchior wrote: > Package: xen-utils-4.0 > Version: 4.0.1-5.7 > Severity: important > > After Upgrading to xen-utils 4.0.1-5.7 my pygrub Xen VMs won't boot. Running > pygrub manually shows: > > /usr/lib/xen-default/bin/pygrub --args=root="/dev/xvda ro" --output=/tmp/foo > /dev/vg0/vm-disk > Using <class 'grub.GrubConf.Grub2ConfigFile'> to parse /boot/grub/grub.cfg > WARNING:root:Unknown directive load_video > WARNING:root:Unknown directive terminal_output > WARNING:root:Unknown directive source > Traceback (most recent call last): > File "/usr/lib/xen-default/bin/pygrub", line 705, in <module> > output_directory, not_really) > NameError: name 'output_directory' is not defined > > After replacing the new pygrub file with the one from the previous package > everything works as expected. > > I looked in the upstream source and this suggests that there should be a: > output_directory = "/var/run/xend/boot" > not_really = False > somewhere around L646 > If i insert that, it also works as expected.
The fix for CVE-2012-4544 relies on two previous fixes which were not backported: 21734:b2a89e9e4630 tools/pygrub: --not-really option for debugging 21796:acd99661ba05 pygrub: introduce easier to parse output format However I think rather than backporting them the find which Sebastian has identified, i.e. adding those two definitions, is the more minimal but just as correct fix. I've attached a debdiff of what I believe the fix is going to be. However I'm travelling at the moment and on a slight dodgy Internet link so testing is taking a little longer than normal. I'll try and report back ASAP. Sorry for not properly testing this aspect of the backport in the first place. Ian.
diff -Nru xen-4.0.1/debian/changelog xen-4.0.1/debian/changelog --- xen-4.0.1/debian/changelog 2013-02-21 22:05:37.000000000 +0000 +++ xen-4.0.1/debian/changelog 2013-03-02 09:23:49.000000000 +0000 @@ -1,3 +1,9 @@ +xen (4.0.1-5.8) stable-security; urgency=low + + * Correct fix for CVE-2012-4544 (Closes: #702046) + + -- Ian Campbell <i...@hellion.org.uk> Sat, 02 Mar 2013 09:23:14 +0000 + xen (4.0.1-5.7) stable-security; urgency=low * Non-maintainer upload, previously discussed with Guido. diff -Nru xen-4.0.1/debian/control.md5sum xen-4.0.1/debian/control.md5sum --- xen-4.0.1/debian/control.md5sum 2013-02-21 22:08:59.000000000 +0000 +++ xen-4.0.1/debian/control.md5sum 2013-03-02 09:28:39.000000000 +0000 @@ -1,4 +1,4 @@ -e8236e529ad4c7c538c627b54b8b8fd6 debian/changelog +54e103f5229f8caa345651abee4bef36 debian/changelog 24f2598a23e30264aea4a983d5d19eec debian/bin/gencontrol.py ee1ccd7bf0932a81ca221cab08347614 debian/templates/control.hypervisor.in e4335ab10e217a12328cdf123473ed37 debian/templates/control.main.in diff -Nru xen-4.0.1/debian/patches/CVE-2012-4544-fixup xen-4.0.1/debian/patches/CVE-2012-4544-fixup --- xen-4.0.1/debian/patches/CVE-2012-4544-fixup 1970-01-01 01:00:00.000000000 +0100 +++ xen-4.0.1/debian/patches/CVE-2012-4544-fixup 2013-03-02 09:28:48.000000000 +0000 @@ -0,0 +1,13 @@ +Index: xen-4.0.1/tools/pygrub/src/pygrub +=================================================================== +--- xen-4.0.1.orig/tools/pygrub/src/pygrub 2013-03-02 09:12:59.000000000 +0000 ++++ xen-4.0.1/tools/pygrub/src/pygrub 2013-03-02 09:23:05.387914137 +0000 +@@ -643,6 +643,8 @@ + entry = None + interactive = True + isconfig = False ++ not_really = False ++ output_directory = "/var/run/xend/boot" + + # what was passed in + incfg = { "kernel": None, "ramdisk": None, "args": "" } diff -Nru xen-4.0.1/debian/patches/series xen-4.0.1/debian/patches/series --- xen-4.0.1/debian/patches/series 2013-02-15 14:56:13.000000000 +0000 +++ xen-4.0.1/debian/patches/series 2013-03-02 09:21:46.000000000 +0000 @@ -104,3 +104,4 @@ CVE-2013-0153-3 CVE-2013-0153-4 CVE-2013-0153-fixup1 +CVE-2012-4544-fixup
signature.asc
Description: This is a digitally signed message part