virtualbox/vbox-suid-warning.diff

Index: VirtualBox-6.0.4/src/apps/Makefile.kmk
===================================================================
--- VirtualBox-6.0.4.orig/src/apps/Makefile.kmk
+++ VirtualBox-6.0.4/src/apps/Makefile.kmk
@@ -33,5 +33,7 @@ include $(PATH_SUB_CURRENT)/VBoxPermissi
 
 include $(PATH_SUB_CURRENT)/VBoxUSB_DevRules/Makefile.kmk
 
+include $(PATH_SUB_CURRENT)/VBoxSUIDMessage/Makefile.kmk
+
 include $(FILE_KBUILD_SUB_FOOTER)
 
Index: VirtualBox-6.0.4/src/apps/VBoxSUIDMessage/Makefile.kmk
===================================================================
--- /dev/null
+++ VirtualBox-6.0.4/src/apps/VBoxSUIDMessage/Makefile.kmk
@@ -0,0 +1,33 @@
+# $Id: Makefile.kmk 28800 2010-04-27 08:22:32Z vboxsync $
+## @file
+#
+# VBoxSUIDMessage is wrapper for suse users
+#
+#
+# Copyright (C) 2009 Oracle Corporation
+#
+# This file is part of VirtualBox Open Source Edition (OSE), as
+# available from http://www.virtualbox.org. This file is free software;
+# you can redistribute it and/or modify it under the terms of the GNU
+# General Public License (GPL) as published by the Free Software
+# Foundation, in version 2 as it comes in the "COPYING" file of the
+# VirtualBox OSE distribution. VirtualBox OSE is distributed in the
+# hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
+#
+
+
+SUB_DEPTH = ../../..
+include $(KBUILD_PATH)/subheader.kmk
+
+PROGRAMS += VBoxSUIDMessage
+
+VBoxSUIDMessage_TEMPLATE = VBOXQTGUIEXE
+VBoxSUIDMessage_SOURCES = VBoxSUIDMessage.cpp
+VBoxSUIDMessage_QT_MODULES = Core Gui
+VBoxSUIDMessage_QT_MODULES += Widgets
+
+#INSTALLS += VBoxSUIDMessage
+
+include $(KBUILD_PATH)/subfooter.kmk
+
+
Index: VirtualBox-6.0.4/src/apps/VBoxSUIDMessage/VBoxSUIDMessage.cpp
===================================================================
--- /dev/null
+++ VirtualBox-6.0.4/src/apps/VBoxSUIDMessage/VBoxSUIDMessage.cpp
@@ -0,0 +1,15 @@
+#include <QtWidgets/QApplication>
+#include <QtWidgets/QMessageBox>
+int main(int argc, char *argv[])
+{
+        QApplication app(argc, argv);
+        QMessageBox msgBox;
+        msgBox.setWindowTitle(QObject::tr("File Permissions problem !"));
+        msgBox.setText(QObject::tr("File VirtualBoxVM must be SUID, but the file permissions are wrong.\n\n"
+		"To fix this problem, please run\n"
+		"sudo chmod 4750 /usr/lib/virtualbox/VirtualBoxVM\n\n"
+		"Until this is done, Virtual Machines cannot run."));
+        msgBox.exec();
+        app.quit();
+        return 0;
+}
Accepting request 696073 from home:lwfinger:branches:openSUSE:Factory - Updated file "Fixes_for_Leap15.1.patch" to handle one addition problem due to backporting of kernel APIa. Remove "BuildRequires: quilt" - that package is not needed. VirtualBox 6.0.6 fixes the following: CVE-2019-2656, CVE-2019-2680, CVE-2019-2696, CVE-2019-2703, CVE-2019-2721, CVE-2019-2722, CVE-2019-2723, CVE-2019-2657, CVE-2019-2690, CVE-2019-2679, CVE-2019-2678, and CVE-2019-2574 boo#1132827. - Version bump to 6.0.6 (released April 17 2019 by Oracle) The following files in the openSUSE implemetation are removed: "fix_32_bit_builds.patch", "fixes_for_5.0.patch", and "fixes_for_5.1.patch". These issues are fixed upstream. OBS-URL: https://build.opensuse.org/request/show/696073 OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=486 2019-04-30 02:56:27 +02:00			`Index: VirtualBox-6.0.4/src/apps/Makefile.kmk`
			`===================================================================`
			`--- VirtualBox-6.0.4.orig/src/apps/Makefile.kmk`
			`+++ VirtualBox-6.0.4/src/apps/Makefile.kmk`
			`@@ -33,5 +33,7 @@ include $(PATH_SUB_CURRENT)/VBoxPermissi`

			`include $(PATH_SUB_CURRENT)/VBoxUSB_DevRules/Makefile.kmk`

			`+include $(PATH_SUB_CURRENT)/VBoxSUIDMessage/Makefile.kmk`
			`+`
			`include $(FILE_KBUILD_SUB_FOOTER)`

			`Index: VirtualBox-6.0.4/src/apps/VBoxSUIDMessage/Makefile.kmk`
			`===================================================================`
			`--- /dev/null`
			`+++ VirtualBox-6.0.4/src/apps/VBoxSUIDMessage/Makefile.kmk`
			`@@ -0,0 +1,33 @@`
			`+# $Id: Makefile.kmk 28800 2010-04-27 08:22:32Z vboxsync $`
			`+## @file`
			`+#`
			`+# VBoxSUIDMessage is wrapper for suse users`
			`+#`
			`+#`
			`+# Copyright (C) 2009 Oracle Corporation`
			`+#`
			`+# This file is part of VirtualBox Open Source Edition (OSE), as`
			`+# available from http://www.virtualbox.org. This file is free software;`
			`+# you can redistribute it and/or modify it under the terms of the GNU`
			`+# General Public License (GPL) as published by the Free Software`
			`+# Foundation, in version 2 as it comes in the "COPYING" file of the`
			`+# VirtualBox OSE distribution. VirtualBox OSE is distributed in the`
			`+# hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.`
			`+#`
			`+`
			`+`
			`+SUB_DEPTH = ../../..`
			`+include $(KBUILD_PATH)/subheader.kmk`
			`+`
			`+PROGRAMS += VBoxSUIDMessage`
			`+`
			`+VBoxSUIDMessage_TEMPLATE = VBOXQTGUIEXE`
			`+VBoxSUIDMessage_SOURCES = VBoxSUIDMessage.cpp`
			`+VBoxSUIDMessage_QT_MODULES = Core Gui`
			`+VBoxSUIDMessage_QT_MODULES += Widgets`
			`+`
			`+#INSTALLS += VBoxSUIDMessage`
			`+`
			`+include $(KBUILD_PATH)/subfooter.kmk`
			`+`
			`+`
			`Index: VirtualBox-6.0.4/src/apps/VBoxSUIDMessage/VBoxSUIDMessage.cpp`
			`===================================================================`
			`--- /dev/null`
			`+++ VirtualBox-6.0.4/src/apps/VBoxSUIDMessage/VBoxSUIDMessage.cpp`
			`@@ -0,0 +1,15 @@`
			`+#include <QtWidgets/QApplication>`
			`+#include <QtWidgets/QMessageBox>`
			`+int main(int argc, char *argv[])`
			`+{`
			`+ QApplication app(argc, argv);`
			`+ QMessageBox msgBox;`
			`+ msgBox.setWindowTitle(QObject::tr("File Permissions problem !"));`
			`+ msgBox.setText(QObject::tr("File VirtualBoxVM must be SUID, but the file permissions are wrong.\n\n"`
			`+ "To fix this problem, please run\n"`
Accepting request 716635 from home:lwfinger:branches:Virtualization - Version update to 6.0.10 (released July 16 2019 by Oracle) This is a maintenance release. The following items were fixed and/or added: Various vulnerabilities are fixed (bsc#1141801) inclding CVE-2019-2859 CVE-2019-2867 CVE-2019-2866 CVE-2019-2864 CVE-2019-2865 CVE-2019-1543 CVE-2019-2863 CVE-2019-2848 CVE-2019-2877 CVE-2019-2873 CVE-2019-2874 CVE-2019-2875 CVE-2019-2876 CVE-2019-2850 User interface: fix issue inputing controller names (bug #11579) User interface: fix resize problems with recent Linux hosts (bug #18677) Serial: fixed guru meditation when raw mode is enabled (bug #18632) Serial: fixed possible VM crash under certain circumstances USB: Fixed "unrecoverable error" problems in OHCI emulation (bug #18593, 6.0.6 regression) USB: improve captured device identification VBoxManage: fix reversed reporting of audio input and output (thank you Socratis Kalogrianitis) VBoxManage: fix controlling recording for running machine (bug #18723) Guest control service: various fixes Linux hosts: kernel module build fixes for various kernels (bug #18316) Linux hosts: support UEFI secure boot driver signing on Ubuntu and Debian hosts (bug #11577) Linux hosts: fix focus grabbing problems with recent Qt versions (builds from source only; thank you Fabian Vogt (SUSE) and Larry Finger; bug #18745) Windows guests: many shared folders fixes Windows guests: fix other services failing if seamless mode was not available Linux guests: kernel module build fixes for various kernels (bugs #18677 and #18697; fixes by Larry Finger and Gianfranco Costamagna) Linux guests: do not try to load old versions of libcrypt on recent guests in Guest Additions tools (bug #18682) Linux guests: udev rules for guest kernel modules did not always take effect in time Linux guests/VMSVGA: do not forget the guest screen size after a guest reboot OS/2 guests: various shared folder fixes Revise instructions for case when VirtualBoxVM has the wrong privilege. File "fixes_for_5.2.patch" is deleted - fixed upstream. File "fixes_for_5.3.patch" is added to handle API changes in kernel 5.3. File "fixes_for_SLE15.patch" deleted. OBS-URL: https://build.opensuse.org/request/show/716635 OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=497 2019-07-19 21:54:30 +02:00			`+ "sudo chmod 4750 /usr/lib/virtualbox/VirtualBoxVM\n\n"`
Accepting request 696073 from home:lwfinger:branches:openSUSE:Factory - Updated file "Fixes_for_Leap15.1.patch" to handle one addition problem due to backporting of kernel APIa. Remove "BuildRequires: quilt" - that package is not needed. VirtualBox 6.0.6 fixes the following: CVE-2019-2656, CVE-2019-2680, CVE-2019-2696, CVE-2019-2703, CVE-2019-2721, CVE-2019-2722, CVE-2019-2723, CVE-2019-2657, CVE-2019-2690, CVE-2019-2679, CVE-2019-2678, and CVE-2019-2574 boo#1132827. - Version bump to 6.0.6 (released April 17 2019 by Oracle) The following files in the openSUSE implemetation are removed: "fix_32_bit_builds.patch", "fixes_for_5.0.patch", and "fixes_for_5.1.patch". These issues are fixed upstream. OBS-URL: https://build.opensuse.org/request/show/696073 OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=486 2019-04-30 02:56:27 +02:00			`+ "Until this is done, Virtual Machines cannot run."));`
			`+ msgBox.exec();`
			`+ app.quit();`
			`+ return 0;`
			`+}`