Package: extlinux Version: 2:4.05+dfsg-6+deb7u1 Severity: important Tags: patch
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Adding a kernel parameter with a quoted value to EXTLINUX_PARAMETERS is impossible because extlinux-update strips the quotes when rewriting /etc/default/extlinux. So if you start with EXTLINUX_PARAMETERS="ro dyndbg=\"module foo func rw +p\"" you get EXTLINUX_PARAMETERS="ro dyndbg="module foo func rw +p"" after the first run and EXTLINUX_PARAMETERS="ro dyndbg=module foo func rw +p" after the second run. The unexpected resulting kernel command line can give dangerous results unless caught before rebooting, hence the severity of this bug. The attached patch is a primitive attempt to fix this issue with a minimum change. But I really think the whole concept of rewriting /etc/default/extlinux on each an every invocation of extlinux-update should be rethought. It is unexpected in itself. There should never be any reason to write this file. Either it exists and should be assumed to be properly configured by the adminstrator, or it does not exist and you use the defaults. In either case there is no reason to write the file. Thanks, Bjørn - - System Information: Debian Release: 7.0 APT prefers stable APT policy: (700, 'stable'), (600, 'unstable'), (500, 'stable-updates'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.10.0-rc1+idletest+ (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages extlinux depends on: ii debconf [debconf-2.0] 1.5.49 ii libc6 2.13-38 Versions of packages extlinux recommends: ii os-prober 1.58 ii syslinux-common 2:4.05+dfsg-6+deb7u1 ii syslinux-themes-debian 11-1.1 extlinux suggests no packages. - -- debconf information: * extlinux/install: false - -- debsums errors found: debsums: changed file /usr/sbin/extlinux-update (from extlinux package) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGR8YwACgkQ10rqkowbIsn5AACaA0MAXh1ywFpuZBW3kqWvF37f xTkAn03iMB9VBNzSAX4NCUGcdGIwalvw =UriP -----END PGP SIGNATURE-----
--- /usr/sbin/extlinux-update.orig 2012-12-10 13:16:56.000000000 +0100 +++ /usr/sbin/extlinux-update 2013-05-14 09:56:00.671512498 +0200 @@ -136,7 +136,7 @@ EXTLINUX_MEMDISK_DIRECTORY="${EXTLINUX_MEMDISK_DIRECTORY}" EXTLINUX_MENU_LABEL="${EXTLINUX_MENU_LABEL}" EXTLINUX_OS_PROBER="${EXTLINUX_OS_PROBER}" -EXTLINUX_PARAMETERS="${EXTLINUX_PARAMETERS}" +EXTLINUX_PARAMETERS="`echo -n ${EXTLINUX_PARAMETERS} | sed -e 's/\"/\\\"/g'`" EXTLINUX_ROOT="${EXTLINUX_ROOT}" EXTLINUX_THEME="${EXTLINUX_THEME}" EXTLINUX_TIMEOUT="${EXTLINUX_TIMEOUT}"