From d27c52e1907d723ae3ff09d584baedd57ff7d761a18ffa1923b7275d88ef2f84 Mon Sep 17 00:00:00 2001 From: Olaf Hering Date: Sun, 8 Nov 2015 09:13:53 +0000 Subject: [PATCH 1/4] Accepting request 342960 from home:lwfinger:branches:Virtualization Add popup for USB passthru security (boo#953018). OBS-URL: https://build.opensuse.org/request/show/342960 OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=233 --- vbox-usb-warning.diff | 66 +++++++++++++++++++++++++++++++++++++ vbox_build_kms_modules.diff | 11 +++++++ virtualbox.changes | 10 ++++++ virtualbox.spec | 4 +++ 4 files changed, 91 insertions(+) create mode 100644 vbox-usb-warning.diff create mode 100644 vbox_build_kms_modules.diff diff --git a/vbox-usb-warning.diff b/vbox-usb-warning.diff new file mode 100644 index 0000000..f6461ac --- /dev/null +++ b/vbox-usb-warning.diff @@ -0,0 +1,66 @@ +Index: a/src/apps/Makefile.kmk +=================================================================== +--- a/src/apps/Makefile.kmk (revision 58576) ++++ b/src/apps/Makefile.kmk (working copy) +@@ -34,7 +34,9 @@ + endif + endif + + include $(PATH_SUB_CURRENT)/VBoxPermissionMessage/Makefile.kmk + ++include $(PATH_SUB_CURRENT)/VBoxUSB_DevRules/Makefile.kmk ++ + include $(FILE_KBUILD_SUB_FOOTER) + +Index: a/src/apps/VBoxUSB_DevRules/Makefile.kmk +=================================================================== +--- a/src/apps/VBoxUSB_DevRules/Makefile.kmk (revision 0) ++++ b/src/apps/VBoxUSB_DevRules/Makefile.kmk (working copy) +@@ -0,0 +1,29 @@ ++# $Id: Makefile.kmk 28800 2010-04-27 08:22:32Z vboxsync $ ++## @file ++# ++# VBoxUSB_DevRules is wrapper for suse users ++# ++# This file is part of VirtualBox Open Source Edition (OSE), as ++# available from http://www.virtualbox.org. This file is free software; ++# you can redistribute it and/or modify it under the terms of the GNU ++# General Public License (GPL) as published by the Free Software ++# Foundation, in version 2 as it comes in the "COPYING" file of the ++# VirtualBox OSE distribution. VirtualBox OSE is distributed in the ++# hope that it will be useful, but WITHOUT ANY WARRANTY of any kind. ++# ++ ++ ++SUB_DEPTH = ../../.. ++include $(KBUILD_PATH)/subheader.kmk ++ ++PROGRAMS += VBoxUSB_DevRules ++ ++VBoxUSB_DevRules_TEMPLATE = VBOXQT4GUIEXE ++VBoxUSB_DevRules_SOURCES = VBoxUSB_DevRules.cpp ++VBoxUSB_DevRules_QT_MODULES = Core Gui ++ ++#INSTALLS += VBoxUSB_DevRules ++ ++include $(KBUILD_PATH)/subfooter.kmk ++ ++ +Index: a/src/apps/VBoxUSB_DevRules/VBoxUSB_DevRules.cpp +=================================================================== +--- a/src/apps/VBoxUSB_DevRules/VBoxUSB_DevRules.cpp (revision 0) ++++ b/src/apps/VBoxUSB_DevRules/VBoxUSB_DevRules.cpp (working copy) +@@ -0,0 +1,13 @@ ++#include ++#include ++int main(int argc, char *argv[]) ++{ ++ QApplication app(argc, argv); ++ QMessageBox msgBox; ++ msgBox.setWindowTitle(QObject::tr("USB Rules and Permissions !")); ++ msgBox.setText(QObject::tr("USB passthru opens a security hole. Please read \n\nhttps://bugzilla.novell.com/show_bug.cgi?id=664520\n\nto understand the problem. If you really want/need to use USB passthru, then copy /usr/lib/udev/rules.d/60-vboxdrv.rules to /etc/udev/rules.d/, and modify that file as outlined in the comments.\n\nTo avoid seeing this message every time VirtualBox is started, a dummy file is being created.")); ++ int ret = msgBox.exec(); ++ app.quit(); ++ return 0; ++} ++ diff --git a/vbox_build_kms_modules.diff b/vbox_build_kms_modules.diff new file mode 100644 index 0000000..230d427 --- /dev/null +++ b/vbox_build_kms_modules.diff @@ -0,0 +1,11 @@ +--- VirtualBox-5.0.8/Config.kmk.orig 2015-10-28 14:20:16.890267889 -0500 ++++ VirtualBox-5.0.8/Config.kmk 2015-10-28 14:22:09.734462286 -0500 +@@ -327,6 +327,8 @@ endif + ifdef VBOX_ONLY_SDK + VBOX_WITHOUT_ADDITIONS = 1 + endif ++# Build the KMS versions of the Guest Additions ++VBOX_WITH_GUEST_KMS_DRIVER=1 + # Don't create the additions ISO. + # (Used by the additions build server, don't invert it.) + #VBOX_WITHOUT_ADDITIONS_ISO = 1 diff --git a/virtualbox.changes b/virtualbox.changes index 058ee8b..4b23c0b 100644 --- a/virtualbox.changes +++ b/virtualbox.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Sun Nov 8 05:10:36 UTC 2015 - Larry.Finger@lwfinger.net + +- Add a popup window to the VB startup wrapper to make clear why USB passthru is not automatically + enabled, and explain what steps the user should take if this feature is wanted despite the security + hole. + + This change fixes the problem shown in boo#953018. + +------------------------------------------------------------------- Tue Oct 20 19:01:09 UTC 2015 - Larry.Finger@lwfinger.net - Version bump to 5.0.8 (released 2015-10-20 by Oracle) diff --git a/virtualbox.spec b/virtualbox.spec index 1553930..81b926e 100644 --- a/virtualbox.spec +++ b/virtualbox.spec @@ -81,6 +81,9 @@ Patch106: gcc5-real-support.patch Patch107: virtualbox-sed-params.patch # Patch to use snprintf correcty and not overflow dst buffer Patch108: virtualbox-snpritnf-buffer-overflow.patch +# Patch to add code to explain USB Passthru +Patch109: vbox-usb-warning.diff +# BuildRequires: LibVNCServer-devel BuildRequires: SDL-devel BuildRequires: acpica @@ -307,6 +310,7 @@ This package contains icons for guest desktop files that were created on the des %patch106 -p1 %patch107 -p1 %patch108 -p1 +%patch109 -p1 #copy user manual cp %{SOURCE1} UserManual.pdf #copy kbuild config From 51e167746bae59bd2b9f1197d97f0a68d0c358ff4d058da53030fe9e2b43d3a6 Mon Sep 17 00:00:00 2001 From: Martin Pluskal Date: Thu, 12 Nov 2015 13:52:08 +0000 Subject: [PATCH 2/4] Accepting request 344040 from home:namtrac:branches:Virtualization - Version bump to 5.0.10 (released 2015-11-10 by Oracle) This is a maintenance release. The following items were fixed and/or added: VMM: improved support for certain Intel Atom CPUs (bug #14773) VMM: system register emulation fix (5.0 regression; bug #14515) GUI: fixed immediate screenshot issue (bug #14108) GUI: fixed another 3D overlay window reparenting issue when the VM is switched to fullscreen mode on X11 hosts GUI: fixed help index (bug #14722) GUI: fixed state synchronization issue in the VM manager window when VM was paused from its runtime window Audio: fixed suspending/resuming audio streams on VM pause/unpause (bug #14784) Audio: properly reset AC97 audio streams, otherwise there is silence until a non-48 kHz stream is played Audio: fixed a small emulation quirk of the AD1980 codec of the HDA device to make recent linux guests work (bug #14653) USB: serveral fixes for the xHCI controller USB: fixed a crash under certain conditions on hosts with Linux kernels older than version 3.3 USB: better identification of certain USB devices NAT: support TCP in DNS proxy (bug #14736) NAT Network: fixed sporadic crashes on Windows hosts (bug #13899) API: when creating differencing images (e.g. as part of a snapshot or cloning a VM) use the same disk image variant as the parent image if possible, which means that e.g. a diff image for a VMDK image split into 2 GB files will also be split (bug #14764) API: event queue handling fixes preventing loss of certain events at runtime (e.g. new webcam attached), particularly important on Mac OS X hosts Webcam: passthrough fix for certain devices (Windows hosts only) VBoxManage: don't crash on snapshot restorecurrent / edit if the VM has no snapshots VBoxManage: don't crash on controlvm addencpassword (bug #14729) Mac OS X hosts: use the correct kernel on certain hosts Windows hosts: fixed VRDP external authentication Windows hosts: allow to use a shared folder path with extended-length path prefix (5.0 regression; bug #14651) Windows hosts: fix a crash in the netfilter host driver under certain conditions (bug #14799) Windows host installer: documented and fixed public properties which can be used to control the installation to some extent Windows host installer: fixed not starting the actual installation when showing the version information or help dialogs X11 Additions: added basic support for X.Org Server 1.18 (3D requires additional fixes) - Refresh vbox-no-build-dates.diff OBS-URL: https://build.opensuse.org/request/show/344040 OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=234 --- UserManual.pdf | 4 ++-- VirtualBox-5.0.10-patched.tar.bz2 | 3 +++ VirtualBox-5.0.8-patched.tar.bz2 | 3 --- vbox-no-build-dates.diff | 34 +++++++++++++---------------- virtualbox.changes | 36 +++++++++++++++++++++++++++++++ virtualbox.spec | 2 +- 6 files changed, 57 insertions(+), 25 deletions(-) create mode 100644 VirtualBox-5.0.10-patched.tar.bz2 delete mode 100644 VirtualBox-5.0.8-patched.tar.bz2 diff --git a/UserManual.pdf b/UserManual.pdf index 5836c36..1fa0c84 100644 --- a/UserManual.pdf +++ b/UserManual.pdf @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:7f643f1414ddc14d01d220d7c9ca1b1de528576251ffd91a96e71f4047d3c65c -size 3468626 +oid sha256:f8200e7b948f0fd0cc18a603a249c37ec69c5fe115e73d0204f7a3316443746e +size 3475107 diff --git a/VirtualBox-5.0.10-patched.tar.bz2 b/VirtualBox-5.0.10-patched.tar.bz2 new file mode 100644 index 0000000..b7a83f0 --- /dev/null +++ b/VirtualBox-5.0.10-patched.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:25482165a12011d15ffaa2f60eebd11643c8468f5262301f33d5d7e643e53046 +size 76515670 diff --git a/VirtualBox-5.0.8-patched.tar.bz2 b/VirtualBox-5.0.8-patched.tar.bz2 deleted file mode 100644 index 0c6ad96..0000000 --- a/VirtualBox-5.0.8-patched.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:19454a177845bea15142586b3ae2b823cd7457605eb8c38ce2720c3567a6a151 -size 76123020 diff --git a/vbox-no-build-dates.diff b/vbox-no-build-dates.diff index fb3efe2..30c0a71 100644 --- a/vbox-no-build-dates.diff +++ b/vbox-no-build-dates.diff @@ -15,7 +15,7 @@ Index: src/VBox/Runtime/common/string/uniread.cpp =================================================================== --- src/VBox/Runtime/common/string/uniread.cpp.orig +++ src/VBox/Runtime/common/string/uniread.cpp -@@ -1033,7 +1033,7 @@ int PrintHeader(const char *argv0, const +@@ -1035,7 +1035,7 @@ int PrintHeader(const char *argv0, const " * IPRT - Unicode Tables.\n" " *\n" " * Automatically Generated from %s\n" @@ -125,23 +125,6 @@ Index: src/libs/xpcom18a4/nsprpub/lib/ds/plvrsion.c #if !defined(_PRODUCTION) #define _PRODUCTION "" #endif -Index: src/VBox/Additions/common/VBoxService/VBoxService.cpp -=================================================================== ---- src/VBox/Additions/common/VBoxService/VBoxService.cpp.orig -+++ src/VBox/Additions/common/VBoxService/VBoxService.cpp -@@ -161,10 +161,10 @@ static void VBoxServiceLogHeaderFooter(P - case RTLOGPHASE_BEGIN: - { - pfnLog(pLoggerRelease, -- "VBoxService %s r%s (verbosity: %d) %s (%s %s) release log\n" -+ "VBoxService %s r%s (verbosity: %d) %s (%s %s) release log\n" - "Log opened %s\n", - RTBldCfgVersion(), RTBldCfgRevisionStr(), g_cVerbosity, VBOX_BUILD_TARGET, -- __DATE__, __TIME__, szTmp); -+ "openSUSE","Buildservice",szTmp); - - int vrc = RTSystemQueryOSInfo(RTSYSOSINFO_PRODUCT, szTmp, sizeof(szTmp)); - if (RT_SUCCESS(vrc) || vrc == VERR_BUFFER_OVERFLOW) Index: src/VBox/HostServices/SharedOpenGL/OpenGLTest/OpenGLTestApp.cpp =================================================================== --- src/VBox/HostServices/SharedOpenGL/OpenGLTest/OpenGLTestApp.cpp.orig @@ -172,7 +155,7 @@ Index: src/VBox/Main/glue/com.cpp =================================================================== --- src/VBox/Main/glue/com.cpp.orig +++ src/VBox/Main/glue/com.cpp -@@ -294,7 +294,7 @@ static void vboxHeaderFooter(PRTLOGGER p +@@ -292,7 +292,7 @@ static DECLCALLBACK(void) vboxHeaderFoot #endif "Log opened %s\n", g_pszLogEntity, VBOX_VERSION_STRING, RTBldCfgRevision(), @@ -181,3 +164,16 @@ Index: src/VBox/Main/glue/com.cpp pfnLog(pReleaseLogger, "Build Type: %s\n", KBUILD_TYPE); int vrc = RTSystemQueryOSInfo(RTSYSOSINFO_PRODUCT, szTmp, sizeof(szTmp)); +Index: src/VBox/Additions/common/VBoxService/VBoxService.cpp +=================================================================== +--- src/VBox/Additions/common/VBoxService/VBoxService.cpp.orig ++++ src/VBox/Additions/common/VBoxService/VBoxService.cpp +@@ -238,7 +238,7 @@ static DECLCALLBACK(void) vgsvcLogHeader + "VBoxService %s r%s (verbosity: %u) %s (%s %s) release log\n" + "Log opened %s\n", + RTBldCfgVersion(), RTBldCfgRevisionStr(), g_cVerbosity, VBOX_BUILD_TARGET, +- __DATE__, __TIME__, szTmp); ++ "openSUSE", "Build Service", szTmp); + + int vrc = RTSystemQueryOSInfo(RTSYSOSINFO_PRODUCT, szTmp, sizeof(szTmp)); + if (RT_SUCCESS(vrc) || vrc == VERR_BUFFER_OVERFLOW) diff --git a/virtualbox.changes b/virtualbox.changes index 4b23c0b..f1fb23f 100644 --- a/virtualbox.changes +++ b/virtualbox.changes @@ -1,3 +1,39 @@ +------------------------------------------------------------------- +Thu Nov 12 12:55:16 UTC 2015 - idonmez@suse.com + +- Version bump to 5.0.10 (released 2015-11-10 by Oracle) + +This is a maintenance release. The following items were fixed and/or added: + + VMM: improved support for certain Intel Atom CPUs (bug #14773) + VMM: system register emulation fix (5.0 regression; bug #14515) + GUI: fixed immediate screenshot issue (bug #14108) + GUI: fixed another 3D overlay window reparenting issue when the VM is switched to fullscreen mode on X11 hosts + GUI: fixed help index (bug #14722) + GUI: fixed state synchronization issue in the VM manager window when VM was paused from its runtime window + Audio: fixed suspending/resuming audio streams on VM pause/unpause (bug #14784) + Audio: properly reset AC97 audio streams, otherwise there is silence until a non-48 kHz stream is played + Audio: fixed a small emulation quirk of the AD1980 codec of the HDA device to make recent linux guests work (bug #14653) + USB: serveral fixes for the xHCI controller + USB: fixed a crash under certain conditions on hosts with Linux kernels older than version 3.3 + USB: better identification of certain USB devices + NAT: support TCP in DNS proxy (bug #14736) + NAT Network: fixed sporadic crashes on Windows hosts (bug #13899) + API: when creating differencing images (e.g. as part of a snapshot or cloning a VM) use the same disk image variant as the parent image if possible, which means that e.g. a diff image for a VMDK image split into 2 GB files will also be split (bug #14764) + API: event queue handling fixes preventing loss of certain events at runtime (e.g. new webcam attached), particularly important on Mac OS X hosts + Webcam: passthrough fix for certain devices (Windows hosts only) + VBoxManage: don't crash on snapshot restorecurrent / edit if the VM has no snapshots + VBoxManage: don't crash on controlvm addencpassword (bug #14729) + Mac OS X hosts: use the correct kernel on certain hosts + Windows hosts: fixed VRDP external authentication + Windows hosts: allow to use a shared folder path with extended-length path prefix (5.0 regression; bug #14651) + Windows hosts: fix a crash in the netfilter host driver under certain conditions (bug #14799) + Windows host installer: documented and fixed public properties which can be used to control the installation to some extent + Windows host installer: fixed not starting the actual installation when showing the version information or help dialogs + X11 Additions: added basic support for X.Org Server 1.18 (3D requires additional fixes) + +- Refresh vbox-no-build-dates.diff + ------------------------------------------------------------------- Sun Nov 8 05:10:36 UTC 2015 - Larry.Finger@lwfinger.net diff --git a/virtualbox.spec b/virtualbox.spec index 81b926e..ab0b94a 100644 --- a/virtualbox.spec +++ b/virtualbox.spec @@ -19,7 +19,7 @@ %define _vbox_instdir %{_libexecdir}/virtualbox %define _udevrulesdir %{_libexecdir}/udev/rules.d Name: virtualbox -Version: 5.0.8 +Version: 5.0.10 Release: 0 Summary: VirtualBox is an Emulator License: GPL-2.0+ From 171fcb6bee6aec52105089ecb5911fe5bf6db47c33c45e15e7fb0e33ce2cb79f Mon Sep 17 00:00:00 2001 From: Larry Finger Date: Sat, 21 Nov 2015 17:20:33 +0000 Subject: [PATCH 3/4] Accepting request 345512 from home:lwfinger:branches:Virtualization Build with i586 disabled - it fails OBS-URL: https://build.opensuse.org/request/show/345512 OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=235 --- _constraints | 2 +- virtualbox.changes | 17 ++++++++++++++++- virtualbox.spec | 10 ++++++---- 3 files changed, 23 insertions(+), 6 deletions(-) diff --git a/_constraints b/_constraints index 76f2cd7..7a361dd 100644 --- a/_constraints +++ b/_constraints @@ -2,7 +2,7 @@ - 5000 + 8000 diff --git a/virtualbox.changes b/virtualbox.changes index f1fb23f..414995e 100644 --- a/virtualbox.changes +++ b/virtualbox.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Fri Nov 20 19:05:51 UTC 2015 - Larry.Finger@lwfinger.net + +- Temporarily disable i586 builds. + +------------------------------------------------------------------- +Fri Nov 20 15:44:20 UTC 2015 - Larry.Finger@lwfinger.net + +- Increase memory to 8000 MB to try to fix out-of-memory error when building i586 version. + +------------------------------------------------------------------- +Mon Nov 16 19:40:37 UTC 2015 - Larry.Finger@lwfinger.net + +- Increase memory to 7000 MB in _constraint to see if that fixes link problem on i586. + ------------------------------------------------------------------- Thu Nov 12 12:55:16 UTC 2015 - idonmez@suse.com @@ -41,7 +56,7 @@ Sun Nov 8 05:10:36 UTC 2015 - Larry.Finger@lwfinger.net enabled, and explain what steps the user should take if this feature is wanted despite the security hole. - This change fixes the problem shown in boo#953018. + Patch file vbox-usb-warning.diff fixes the problem shown in boo#953018. ------------------------------------------------------------------- Tue Oct 20 19:01:09 UTC 2015 - Larry.Finger@lwfinger.net diff --git a/virtualbox.spec b/virtualbox.spec index ab0b94a..61ab822 100644 --- a/virtualbox.spec +++ b/virtualbox.spec @@ -149,10 +149,12 @@ Provides: %{name}-ose = %{version} Obsoletes: %{name}-ose < %{version} BuildRoot: %{_tmppath}/%{name}-%{version}-build %(sed -e '/^Provides: multiversion(kernel)/d' %{_libexecdir}/rpm/kernel-module-subpackage > %{_builddir}/virtualbox-kmp-template) -ExclusiveArch: %ix86 x86_64 -%if 0%{?suse_version} == 1315 -ExcludeArch: %ix86 -%endif +# Temporarily disable i586 until build problem is solved +#ExclusiveArch: %ix86 x86_64 +#%if 0%{?suse_version} == 1315 +#ExcludeArch: %ix86 +#%endif +ExclusiveArch: x86_64 %ifarch amd64 x86_64 ia32e em64t BuildRequires: gcc-32bit BuildRequires: gcc-c++-32bit From b182b4078ac89b3a96d66e1ac0547d076b4b083128905eb2570d3f1297be4251 Mon Sep 17 00:00:00 2001 From: Martin Pluskal Date: Sat, 21 Nov 2015 18:06:51 +0000 Subject: [PATCH 4/4] Accepting request 345608 from home:lwfinger:branches:Virtualization Removed extraneous file. OBS-URL: https://build.opensuse.org/request/show/345608 OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=236 --- vbox_build_kms_modules.diff | 11 ----------- virtualbox.changes | 5 +++++ 2 files changed, 5 insertions(+), 11 deletions(-) delete mode 100644 vbox_build_kms_modules.diff diff --git a/vbox_build_kms_modules.diff b/vbox_build_kms_modules.diff deleted file mode 100644 index 230d427..0000000 --- a/vbox_build_kms_modules.diff +++ /dev/null @@ -1,11 +0,0 @@ ---- VirtualBox-5.0.8/Config.kmk.orig 2015-10-28 14:20:16.890267889 -0500 -+++ VirtualBox-5.0.8/Config.kmk 2015-10-28 14:22:09.734462286 -0500 -@@ -327,6 +327,8 @@ endif - ifdef VBOX_ONLY_SDK - VBOX_WITHOUT_ADDITIONS = 1 - endif -+# Build the KMS versions of the Guest Additions -+VBOX_WITH_GUEST_KMS_DRIVER=1 - # Don't create the additions ISO. - # (Used by the additions build server, don't invert it.) - #VBOX_WITHOUT_ADDITIONS_ISO = 1 diff --git a/virtualbox.changes b/virtualbox.changes index 414995e..0544a0f 100644 --- a/virtualbox.changes +++ b/virtualbox.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Sat Nov 21 17:54:57 UTC 2015 - Larry.Finger@lwfinger.net + +- Remove file vbox_build_kms_modules.diff. + ------------------------------------------------------------------- Fri Nov 20 19:05:51 UTC 2015 - Larry.Finger@lwfinger.net