From 0f22c0093759b4040810a5d145ed2a9f9fdc7f07eaa14ae23263d5628e25fe20 Mon Sep 17 00:00:00 2001 From: Larry Finger Date: Thu, 28 Jan 2021 20:53:53 +0000 Subject: [PATCH] Accepting request 867023 from home:lwfinger:branches:Virtualization - Fix additional problem with modal dialog parent. Fixes CVE-2021-2074, boo#1181197 and CVE-2021-2129, boo#1181198. OBS-URL: https://build.opensuse.org/request/show/867023 OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=588 --- vb-6.1.16-modal-dialog-parent.patch | 77 +++++++++++++++++++++-------- virtualbox.changes | 5 ++ 2 files changed, 61 insertions(+), 21 deletions(-) diff --git a/vb-6.1.16-modal-dialog-parent.patch b/vb-6.1.16-modal-dialog-parent.patch index 03b6bae..a147ac2 100644 --- a/vb-6.1.16-modal-dialog-parent.patch +++ b/vb-6.1.16-modal-dialog-parent.patch @@ -1,7 +1,7 @@ -Index: VirtualBox-6.1.16/src/VBox/Frontends/VirtualBox/src/settings/global/UIGlobalSettingsExtension.cpp +Index: VirtualBox-6.1.18/src/VBox/Frontends/VirtualBox/src/settings/global/UIGlobalSettingsExtension.cpp =================================================================== ---- VirtualBox-6.1.16.orig/src/VBox/Frontends/VirtualBox/src/settings/global/UIGlobalSettingsExtension.cpp -+++ VirtualBox-6.1.16/src/VBox/Frontends/VirtualBox/src/settings/global/UIGlobalSettingsExtension.cpp +--- VirtualBox-6.1.18.orig/src/VBox/Frontends/VirtualBox/src/settings/global/UIGlobalSettingsExtension.cpp ++++ VirtualBox-6.1.18/src/VBox/Frontends/VirtualBox/src/settings/global/UIGlobalSettingsExtension.cpp @@ -16,6 +16,7 @@ */ @@ -19,10 +19,10 @@ Index: VirtualBox-6.1.16/src/VBox/Frontends/VirtualBox/src/settings/global/UIGlo QString strFilePath; if (!fileNames.isEmpty()) -Index: VirtualBox-6.1.16/src/VBox/Frontends/VirtualBox/src/widgets/UIFilePathSelector.cpp +Index: VirtualBox-6.1.18/src/VBox/Frontends/VirtualBox/src/widgets/UIFilePathSelector.cpp =================================================================== ---- VirtualBox-6.1.16.orig/src/VBox/Frontends/VirtualBox/src/widgets/UIFilePathSelector.cpp -+++ VirtualBox-6.1.16/src/VBox/Frontends/VirtualBox/src/widgets/UIFilePathSelector.cpp +--- VirtualBox-6.1.18.orig/src/VBox/Frontends/VirtualBox/src/widgets/UIFilePathSelector.cpp ++++ VirtualBox-6.1.18/src/VBox/Frontends/VirtualBox/src/widgets/UIFilePathSelector.cpp @@ -397,10 +397,10 @@ void UIFilePathSelector::selectPath() switch (m_enmMode) { @@ -45,10 +45,10 @@ Index: VirtualBox-6.1.16/src/VBox/Frontends/VirtualBox/src/widgets/UIFilePathSel } /* Do nothing if nothing chosen: */ -Index: VirtualBox-6.1.16/src/VBox/Frontends/VirtualBox/src/widgets/UIEmptyFilePathSelector.cpp +Index: VirtualBox-6.1.18/src/VBox/Frontends/VirtualBox/src/widgets/UIEmptyFilePathSelector.cpp =================================================================== ---- VirtualBox-6.1.16.orig/src/VBox/Frontends/VirtualBox/src/widgets/UIEmptyFilePathSelector.cpp -+++ VirtualBox-6.1.16/src/VBox/Frontends/VirtualBox/src/widgets/UIEmptyFilePathSelector.cpp +--- VirtualBox-6.1.18.orig/src/VBox/Frontends/VirtualBox/src/widgets/UIEmptyFilePathSelector.cpp ++++ VirtualBox-6.1.18/src/VBox/Frontends/VirtualBox/src/widgets/UIEmptyFilePathSelector.cpp @@ -232,16 +232,16 @@ void UIEmptyFilePathSelector::choose() switch (mMode) { @@ -69,10 +69,10 @@ Index: VirtualBox-6.1.16/src/VBox/Frontends/VirtualBox/src/widgets/UIEmptyFilePa } if (path.isEmpty()) return; -Index: VirtualBox-6.1.16/src/VBox/Frontends/VirtualBox/src/medium/UIMediumSelector.cpp +Index: VirtualBox-6.1.18/src/VBox/Frontends/VirtualBox/src/medium/UIMediumSelector.cpp =================================================================== ---- VirtualBox-6.1.16.orig/src/VBox/Frontends/VirtualBox/src/medium/UIMediumSelector.cpp -+++ VirtualBox-6.1.16/src/VBox/Frontends/VirtualBox/src/medium/UIMediumSelector.cpp +--- VirtualBox-6.1.18.orig/src/VBox/Frontends/VirtualBox/src/medium/UIMediumSelector.cpp ++++ VirtualBox-6.1.18/src/VBox/Frontends/VirtualBox/src/medium/UIMediumSelector.cpp @@ -438,7 +438,7 @@ void UIMediumSelector::sltButtonLeaveEmp void UIMediumSelector::sltAddMedium() @@ -82,10 +82,10 @@ Index: VirtualBox-6.1.16/src/VBox/Frontends/VirtualBox/src/medium/UIMediumSelect if (uMediumID.isNull()) return; repopulateTreeWidget(); -Index: VirtualBox-6.1.16/src/VBox/Frontends/VirtualBox/src/globals/UICommon.cpp +Index: VirtualBox-6.1.18/src/VBox/Frontends/VirtualBox/src/globals/UICommon.cpp =================================================================== ---- VirtualBox-6.1.16.orig/src/VBox/Frontends/VirtualBox/src/globals/UICommon.cpp -+++ VirtualBox-6.1.16/src/VBox/Frontends/VirtualBox/src/globals/UICommon.cpp +--- VirtualBox-6.1.18.orig/src/VBox/Frontends/VirtualBox/src/globals/UICommon.cpp ++++ VirtualBox-6.1.18/src/VBox/Frontends/VirtualBox/src/globals/UICommon.cpp @@ -3197,7 +3197,7 @@ void UICommon::updateMachineStorage(cons } else if (target.type == UIMediumTarget::UIMediumTargetType_WithFileDialog) @@ -95,10 +95,10 @@ Index: VirtualBox-6.1.16/src/VBox/Frontends/VirtualBox/src/globals/UICommon.cpp strMachineFolder, false /* fUseLastFolder */); } else if(target.type == UIMediumTarget::UIMediumTargetType_CreateAdHocVISO) -Index: VirtualBox-6.1.16/src/VBox/Frontends/VirtualBox/src/medium/UIMediumManager.cpp +Index: VirtualBox-6.1.18/src/VBox/Frontends/VirtualBox/src/medium/UIMediumManager.cpp =================================================================== ---- VirtualBox-6.1.16.orig/src/VBox/Frontends/VirtualBox/src/medium/UIMediumManager.cpp -+++ VirtualBox-6.1.16/src/VBox/Frontends/VirtualBox/src/medium/UIMediumManager.cpp +--- VirtualBox-6.1.18.orig/src/VBox/Frontends/VirtualBox/src/medium/UIMediumManager.cpp ++++ VirtualBox-6.1.18/src/VBox/Frontends/VirtualBox/src/medium/UIMediumManager.cpp @@ -486,7 +486,7 @@ void UIMediumManagerWidget::sltHandleMac void UIMediumManagerWidget::sltAddMedium() { @@ -108,10 +108,10 @@ Index: VirtualBox-6.1.16/src/VBox/Frontends/VirtualBox/src/medium/UIMediumManage strDefaultMachineFolder, true /* use most recent medium folder */); } -Index: VirtualBox-6.1.16/src/VBox/Frontends/VirtualBox/src/settings/machine/UIMachineSettingsStorage.cpp +Index: VirtualBox-6.1.18/src/VBox/Frontends/VirtualBox/src/settings/machine/UIMachineSettingsStorage.cpp =================================================================== ---- VirtualBox-6.1.16.orig/src/VBox/Frontends/VirtualBox/src/settings/machine/UIMachineSettingsStorage.cpp -+++ VirtualBox-6.1.16/src/VBox/Frontends/VirtualBox/src/settings/machine/UIMachineSettingsStorage.cpp +--- VirtualBox-6.1.18.orig/src/VBox/Frontends/VirtualBox/src/settings/machine/UIMachineSettingsStorage.cpp ++++ VirtualBox-6.1.18/src/VBox/Frontends/VirtualBox/src/settings/machine/UIMachineSettingsStorage.cpp @@ -3958,7 +3958,7 @@ void UIMachineSettingsStorage::sltChoose { const QString strMachineFolder(QFileInfo(m_strMachineSettingsFilePath).absolutePath()); @@ -121,3 +121,38 @@ Index: VirtualBox-6.1.16/src/VBox/Frontends/VirtualBox/src/settings/machine/UIMa if (uMediumId.isNull()) return; m_pMediumIdHolder->setId(uMediumId); +Index: VirtualBox-6.1.18/src/VBox/Frontends/VirtualBox/src/extradata/UIExtraDataManager.cpp +=================================================================== +--- VirtualBox-6.1.18.orig/src/VBox/Frontends/VirtualBox/src/extradata/UIExtraDataManager.cpp ++++ VirtualBox-6.1.18/src/VBox/Frontends/VirtualBox/src/extradata/UIExtraDataManager.cpp +@@ -1176,7 +1176,7 @@ void UIExtraDataManagerWindow::sltSave() + /* Compose initial file-name: */ + const QString strInitialFileName = QDir(uiCommon().homeFolder()).absoluteFilePath(QString("%1_ExtraData.xml").arg(currentChooserName())); + /* Open file-save dialog to choose file to save extra-data into: */ +- const QString strFileName = QIFileDialog::getSaveFileName(strInitialFileName, "XML files (*.xml)", this, ++ const QString strFileName = QIFileDialog::getSaveFileName(strInitialFileName, "XML files (*.xml)", QApplication::activeWindow(), + "Choose file to save extra-data into..", 0, true, true); + /* Make sure file-name was chosen: */ + if (strFileName.isEmpty()) +@@ -1263,7 +1263,7 @@ void UIExtraDataManagerWindow::sltLoad() + /* Compose initial file-name: */ + const QString strInitialFileName = QDir(uiCommon().homeFolder()).absoluteFilePath(QString("%1_ExtraData.xml").arg(currentChooserName())); + /* Open file-open dialog to choose file to open extra-data into: */ +- const QString strFileName = QIFileDialog::getOpenFileName(strInitialFileName, "XML files (*.xml)", this, ++ const QString strFileName = QIFileDialog::getOpenFileName(strInitialFileName, "XML files (*.xml)", QApplication::activeWindow(), + "Choose file to load extra-data from.."); + /* Make sure file-name was chosen: */ + if (strFileName.isEmpty()) +Index: VirtualBox-6.1.18/src/VBox/Frontends/VirtualBox/src/widgets/UILineTextEdit.cpp +=================================================================== +--- VirtualBox-6.1.18.orig/src/VBox/Frontends/VirtualBox/src/widgets/UILineTextEdit.cpp ++++ VirtualBox-6.1.18/src/VBox/Frontends/VirtualBox/src/widgets/UILineTextEdit.cpp +@@ -78,7 +78,7 @@ void UITextEditor::retranslateUi() + + void UITextEditor::open() + { +- QString fileName = QIFileDialog::getOpenFileName(uiCommon().documentsPath(), tr("Text (*.txt);;All (*.*)"), this, tr("Select a file to open...")); ++ QString fileName = QIFileDialog::getOpenFileName(uiCommon().documentsPath(), tr("Text (*.txt);;All (*.*)"), QApplication::activeWindow(), tr("Select a file to open...")); + if (!fileName.isEmpty()) + { + QFile file(fileName); diff --git a/virtualbox.changes b/virtualbox.changes index b975334..a7fb50d 100644 --- a/virtualbox.changes +++ b/virtualbox.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Sat Jan 23 21:28:37 UTC 2021 - Larry Finger +- Fix additional problem with modal dialog parent. + Fixes CVE-2021-2074, boo#1181197 and CVE-2021-2129, boo#1181198. + ------------------------------------------------------------------- Wed Jan 20 19:47:15 UTC 2021 - Larry Finger