virtualbox/security_fixes.patch

# This patch file is to warn future maintainers of VirtualBox on openSUSE
# platforms that the distributed versions of vboxadd.sh and vboxdrv.sh
# contain security holes. If you need to use these scripts in the future,
# please consult the Security Group at openSUSE.
#
# January 31, 2019 - Larry Finger
#
Index: VirtualBox-6.0.6/src/VBox/Additions/linux/installer/vboxadd.sh
===================================================================
--- VirtualBox-6.0.6.orig/src/VBox/Additions/linux/installer/vboxadd.sh
+++ VirtualBox-6.0.6/src/VBox/Additions/linux/installer/vboxadd.sh
@@ -489,9 +489,11 @@ dmnstatus()
     fi
 }
 
-for i; do
-    case "$i" in quiet) QUIET=yes;; esac
-done
+echo "This script has insecurities. It must never be used in openSUSE without consultine Security."
+exit 1
+
+case "$2" in quiet)
+    QUIET=yes;;
 case "$1" in
 # Does setup without clean-up first and marks all kernels currently found on the
 # system so that we can see later if any were added.
Index: VirtualBox-6.0.6/src/VBox/Installer/linux/vboxdrv.sh
===================================================================
--- VirtualBox-6.0.6.orig/src/VBox/Installer/linux/vboxdrv.sh
+++ VirtualBox-6.0.6/src/VBox/Installer/linux/vboxdrv.sh
@@ -37,6 +37,9 @@ DEVICE=/dev/vboxdrv
 MODPROBE=/sbin/modprobe
 SCRIPTNAME=vboxdrv.sh
 
+echo "This script has insecurities. It must never be used in openSUSE without consultine Security."
+exit 1
+
 # The below is GNU-specific.  See VBox.sh for the longer Solaris/OS X version.
 TARGET=`readlink -e -- "${0}"` || exit 1
 SCRIPT_DIR="${TARGET%/[!/]*}"
- Add changes requested by Security - new file "security_fixes.patch" File UserManual.pdf is resent to clear error in build. OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=468 2019-01-31 20:33:38 +01:00			`# This patch file is to warn future maintainers of VirtualBox on openSUSE`
			`# platforms that the distributed versions of vboxadd.sh and vboxdrv.sh`
			`# contain security holes. If you need to use these scripts in the future,`
			`# please consult the Security Group at openSUSE.`
			`#`
			`# January 31, 2019 - Larry Finger`
			`#`
Accepting request 696073 from home:lwfinger:branches:openSUSE:Factory - Updated file "Fixes_for_Leap15.1.patch" to handle one addition problem due to backporting of kernel APIa. Remove "BuildRequires: quilt" - that package is not needed. VirtualBox 6.0.6 fixes the following: CVE-2019-2656, CVE-2019-2680, CVE-2019-2696, CVE-2019-2703, CVE-2019-2721, CVE-2019-2722, CVE-2019-2723, CVE-2019-2657, CVE-2019-2690, CVE-2019-2679, CVE-2019-2678, and CVE-2019-2574 boo#1132827. - Version bump to 6.0.6 (released April 17 2019 by Oracle) The following files in the openSUSE implemetation are removed: "fix_32_bit_builds.patch", "fixes_for_5.0.patch", and "fixes_for_5.1.patch". These issues are fixed upstream. OBS-URL: https://build.opensuse.org/request/show/696073 OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=486 2019-04-30 02:56:27 +02:00			`Index: VirtualBox-6.0.6/src/VBox/Additions/linux/installer/vboxadd.sh`
- Add changes requested by Security - new file "security_fixes.patch" File UserManual.pdf is resent to clear error in build. OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=468 2019-01-31 20:33:38 +01:00			`===================================================================`
Accepting request 696073 from home:lwfinger:branches:openSUSE:Factory - Updated file "Fixes_for_Leap15.1.patch" to handle one addition problem due to backporting of kernel APIa. Remove "BuildRequires: quilt" - that package is not needed. VirtualBox 6.0.6 fixes the following: CVE-2019-2656, CVE-2019-2680, CVE-2019-2696, CVE-2019-2703, CVE-2019-2721, CVE-2019-2722, CVE-2019-2723, CVE-2019-2657, CVE-2019-2690, CVE-2019-2679, CVE-2019-2678, and CVE-2019-2574 boo#1132827. - Version bump to 6.0.6 (released April 17 2019 by Oracle) The following files in the openSUSE implemetation are removed: "fix_32_bit_builds.patch", "fixes_for_5.0.patch", and "fixes_for_5.1.patch". These issues are fixed upstream. OBS-URL: https://build.opensuse.org/request/show/696073 OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=486 2019-04-30 02:56:27 +02:00			`--- VirtualBox-6.0.6.orig/src/VBox/Additions/linux/installer/vboxadd.sh`
			`+++ VirtualBox-6.0.6/src/VBox/Additions/linux/installer/vboxadd.sh`
			`@@ -489,9 +489,11 @@ dmnstatus()`
- Add changes requested by Security - new file "security_fixes.patch" File UserManual.pdf is resent to clear error in build. OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=468 2019-01-31 20:33:38 +01:00			`fi`
			`}`

Accepting request 696073 from home:lwfinger:branches:openSUSE:Factory - Updated file "Fixes_for_Leap15.1.patch" to handle one addition problem due to backporting of kernel APIa. Remove "BuildRequires: quilt" - that package is not needed. VirtualBox 6.0.6 fixes the following: CVE-2019-2656, CVE-2019-2680, CVE-2019-2696, CVE-2019-2703, CVE-2019-2721, CVE-2019-2722, CVE-2019-2723, CVE-2019-2657, CVE-2019-2690, CVE-2019-2679, CVE-2019-2678, and CVE-2019-2574 boo#1132827. - Version bump to 6.0.6 (released April 17 2019 by Oracle) The following files in the openSUSE implemetation are removed: "fix_32_bit_builds.patch", "fixes_for_5.0.patch", and "fixes_for_5.1.patch". These issues are fixed upstream. OBS-URL: https://build.opensuse.org/request/show/696073 OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=486 2019-04-30 02:56:27 +02:00			`-for i; do`
			`- case "$i" in quiet) QUIET=yes;; esac`
			`-done`
- Add changes requested by Security - new file "security_fixes.patch" File UserManual.pdf is resent to clear error in build. OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=468 2019-01-31 20:33:38 +01:00			`+echo "This script has insecurities. It must never be used in openSUSE without consultine Security."`
			`+exit 1`
			`+`
Accepting request 696073 from home:lwfinger:branches:openSUSE:Factory - Updated file "Fixes_for_Leap15.1.patch" to handle one addition problem due to backporting of kernel APIa. Remove "BuildRequires: quilt" - that package is not needed. VirtualBox 6.0.6 fixes the following: CVE-2019-2656, CVE-2019-2680, CVE-2019-2696, CVE-2019-2703, CVE-2019-2721, CVE-2019-2722, CVE-2019-2723, CVE-2019-2657, CVE-2019-2690, CVE-2019-2679, CVE-2019-2678, and CVE-2019-2574 boo#1132827. - Version bump to 6.0.6 (released April 17 2019 by Oracle) The following files in the openSUSE implemetation are removed: "fix_32_bit_builds.patch", "fixes_for_5.0.patch", and "fixes_for_5.1.patch". These issues are fixed upstream. OBS-URL: https://build.opensuse.org/request/show/696073 OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=486 2019-04-30 02:56:27 +02:00			`+case "$2" in quiet)`
			`+ QUIET=yes;;`
			`case "$1" in`
			`# Does setup without clean-up first and marks all kernels currently found on the`
			`# system so that we can see later if any were added.`
			`Index: VirtualBox-6.0.6/src/VBox/Installer/linux/vboxdrv.sh`
- Add changes requested by Security - new file "security_fixes.patch" File UserManual.pdf is resent to clear error in build. OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=468 2019-01-31 20:33:38 +01:00			`===================================================================`
Accepting request 696073 from home:lwfinger:branches:openSUSE:Factory - Updated file "Fixes_for_Leap15.1.patch" to handle one addition problem due to backporting of kernel APIa. Remove "BuildRequires: quilt" - that package is not needed. VirtualBox 6.0.6 fixes the following: CVE-2019-2656, CVE-2019-2680, CVE-2019-2696, CVE-2019-2703, CVE-2019-2721, CVE-2019-2722, CVE-2019-2723, CVE-2019-2657, CVE-2019-2690, CVE-2019-2679, CVE-2019-2678, and CVE-2019-2574 boo#1132827. - Version bump to 6.0.6 (released April 17 2019 by Oracle) The following files in the openSUSE implemetation are removed: "fix_32_bit_builds.patch", "fixes_for_5.0.patch", and "fixes_for_5.1.patch". These issues are fixed upstream. OBS-URL: https://build.opensuse.org/request/show/696073 OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=486 2019-04-30 02:56:27 +02:00			`--- VirtualBox-6.0.6.orig/src/VBox/Installer/linux/vboxdrv.sh`
			`+++ VirtualBox-6.0.6/src/VBox/Installer/linux/vboxdrv.sh`
- Add changes requested by Security - new file "security_fixes.patch" File UserManual.pdf is resent to clear error in build. OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=468 2019-01-31 20:33:38 +01:00			`@@ -37,6 +37,9 @@ DEVICE=/dev/vboxdrv`
			`MODPROBE=/sbin/modprobe`
			`SCRIPTNAME=vboxdrv.sh`

			`+echo "This script has insecurities. It must never be used in openSUSE without consultine Security."`
			`+exit 1`
			`+`
			`# The below is GNU-specific. See VBox.sh for the longer Solaris/OS X version.`
			TARGET=`readlink -e -- "${0}"` \|\| exit 1
			`SCRIPT_DIR="${TARGET%/[!/]*}"`