Adding security folks to cc.
On Sat, 2013-03-02 at 08:46 +0100, Sebastian Melchior wrote:
> Package: xen-utils-4.0
> Version: 4.0.1-5.7
> Severity: important
>
> After Upgrading to xen-utils 4.0.1-5.7 my pygrub Xen VMs won't boot. Running
> pygrub manually shows:
>
> /usr/lib/xen-default/bin/pygrub --args=root="/dev/xvda ro" --output=/tmp/foo
> /dev/vg0/vm-disk
> Using to parse /boot/grub/grub.cfg
> WARNING:root:Unknown directive load_video
> WARNING:root:Unknown directive terminal_output
> WARNING:root:Unknown directive source
> Traceback (most recent call last):
> File "/usr/lib/xen-default/bin/pygrub", line 705, in
> output_directory, not_really)
> NameError: name 'output_directory' is not defined
>
> After replacing the new pygrub file with the one from the previous package
> everything works as expected.
>
> I looked in the upstream source and this suggests that there should be a:
> output_directory = "/var/run/xend/boot"
> not_really = False
> somewhere around L646
> If i insert that, it also works as expected.
The fix for CVE-2012-4544 relies on two previous fixes which were not
backported:
21734:b2a89e9e4630 tools/pygrub: --not-really option for debugging
21796:acd99661ba05 pygrub: introduce easier to parse output format
However I think rather than backporting them the find which Sebastian
has identified, i.e. adding those two definitions, is the more minimal
but just as correct fix.
I've attached a debdiff of what I believe the fix is going to be.
However I'm travelling at the moment and on a slight dodgy Internet link
so testing is taking a little longer than normal. I'll try and report
back ASAP.
Sorry for not properly testing this aspect of the backport in the first
place.
Ian.
diff -Nru xen-4.0.1/debian/changelog xen-4.0.1/debian/changelog
--- xen-4.0.1/debian/changelog 2013-02-21 22:05:37.0 +
+++ xen-4.0.1/debian/changelog 2013-03-02 09:23:49.0 +
@@ -1,3 +1,9 @@
+xen (4.0.1-5.8) stable-security; urgency=low
+
+ * Correct fix for CVE-2012-4544 (Closes: #702046)
+
+ -- Ian Campbell Sat, 02 Mar 2013 09:23:14 +
+
xen (4.0.1-5.7) stable-security; urgency=low
* Non-maintainer upload, previously discussed with Guido.
diff -Nru xen-4.0.1/debian/control.md5sum xen-4.0.1/debian/control.md5sum
--- xen-4.0.1/debian/control.md5sum 2013-02-21 22:08:59.0 +
+++ xen-4.0.1/debian/control.md5sum 2013-03-02 09:28:39.0 +
@@ -1,4 +1,4 @@
-e8236e529ad4c7c538c627b54b8b8fd6 debian/changelog
+54e103f5229f8caa345651abee4bef36 debian/changelog
24f2598a23e30264aea4a983d5d19eec debian/bin/gencontrol.py
ee1ccd7bf0932a81ca221cab08347614 debian/templates/control.hypervisor.in
e4335ab10e217a12328cdf123473ed37 debian/templates/control.main.in
diff -Nru xen-4.0.1/debian/patches/CVE-2012-4544-fixup xen-4.0.1/debian/patches/CVE-2012-4544-fixup
--- xen-4.0.1/debian/patches/CVE-2012-4544-fixup 1970-01-01 01:00:00.0 +0100
+++ xen-4.0.1/debian/patches/CVE-2012-4544-fixup 2013-03-02 09:28:48.0 +
@@ -0,0 +1,13 @@
+Index: xen-4.0.1/tools/pygrub/src/pygrub
+===
+--- xen-4.0.1.orig/tools/pygrub/src/pygrub 2013-03-02 09:12:59.0 +
xen-4.0.1/tools/pygrub/src/pygrub 2013-03-02 09:23:05.387914137 +
+@@ -643,6 +643,8 @@
+ entry = None
+ interactive = True
+ isconfig = False
++not_really = False
++output_directory = "/var/run/xend/boot"
+
+ # what was passed in
+ incfg = { "kernel": None, "ramdisk": None, "args": "" }
diff -Nru xen-4.0.1/debian/patches/series xen-4.0.1/debian/patches/series
--- xen-4.0.1/debian/patches/series 2013-02-15 14:56:13.0 +
+++ xen-4.0.1/debian/patches/series 2013-03-02 09:21:46.0 +
@@ -104,3 +104,4 @@
CVE-2013-0153-3
CVE-2013-0153-4
CVE-2013-0153-fixup1
+CVE-2012-4544-fixup
signature.asc
Description: This is a digitally signed message part