From d27c52e1907d723ae3ff09d584baedd57ff7d761a18ffa1923b7275d88ef2f84 Mon Sep 17 00:00:00 2001
From: Olaf Hering <ohering@suse.com>
Date: Sun, 8 Nov 2015 09:13:53 +0000
Subject: [PATCH] Accepting request 342960 from
 home:lwfinger:branches:Virtualization

Add popup for USB passthru security (boo#953018).

OBS-URL: https://build.opensuse.org/request/show/342960
OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=233
---
 vbox-usb-warning.diff       | 66 +++++++++++++++++++++++++++++++++++++
 vbox_build_kms_modules.diff | 11 +++++++
 virtualbox.changes          | 10 ++++++
 virtualbox.spec             |  4 +++
 4 files changed, 91 insertions(+)
 create mode 100644 vbox-usb-warning.diff
 create mode 100644 vbox_build_kms_modules.diff

diff --git a/vbox-usb-warning.diff b/vbox-usb-warning.diff
new file mode 100644
index 0000000..f6461ac
--- /dev/null
+++ b/vbox-usb-warning.diff
@@ -0,0 +1,66 @@
+Index: a/src/apps/Makefile.kmk
+===================================================================
+--- a/src/apps/Makefile.kmk	(revision 58576)
++++ b/src/apps/Makefile.kmk	(working copy)
+@@ -34,7 +34,9 @@
+  endif
+ endif
+ 
+ include $(PATH_SUB_CURRENT)/VBoxPermissionMessage/Makefile.kmk
+ 
++include $(PATH_SUB_CURRENT)/VBoxUSB_DevRules/Makefile.kmk
++
+ include $(FILE_KBUILD_SUB_FOOTER)
+ 
+Index: a/src/apps/VBoxUSB_DevRules/Makefile.kmk
+===================================================================
+--- a/src/apps/VBoxUSB_DevRules/Makefile.kmk	(revision 0)
++++ b/src/apps/VBoxUSB_DevRules/Makefile.kmk	(working copy)
+@@ -0,0 +1,29 @@
++# $Id: Makefile.kmk 28800 2010-04-27 08:22:32Z vboxsync $
++## @file
++#
++# VBoxUSB_DevRules is wrapper for suse users
++#
++# This file is part of VirtualBox Open Source Edition (OSE), as
++# available from http://www.virtualbox.org. This file is free software;
++# you can redistribute it and/or modify it under the terms of the GNU
++# General Public License (GPL) as published by the Free Software
++# Foundation, in version 2 as it comes in the "COPYING" file of the
++# VirtualBox OSE distribution. VirtualBox OSE is distributed in the
++# hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
++#
++
++
++SUB_DEPTH = ../../..
++include $(KBUILD_PATH)/subheader.kmk
++
++PROGRAMS += VBoxUSB_DevRules
++
++VBoxUSB_DevRules_TEMPLATE = VBOXQT4GUIEXE
++VBoxUSB_DevRules_SOURCES = VBoxUSB_DevRules.cpp
++VBoxUSB_DevRules_QT_MODULES = Core Gui
++
++#INSTALLS += VBoxUSB_DevRules
++
++include $(KBUILD_PATH)/subfooter.kmk
++
++
+Index: a/src/apps/VBoxUSB_DevRules/VBoxUSB_DevRules.cpp
+===================================================================
+--- a/src/apps/VBoxUSB_DevRules/VBoxUSB_DevRules.cpp	(revision 0)
++++ b/src/apps/VBoxUSB_DevRules/VBoxUSB_DevRules.cpp	(working copy)
+@@ -0,0 +1,13 @@
++#include <QtGui/QApplication>
++#include <QtGui/QMessageBox>
++int main(int argc, char *argv[])
++{
++        QApplication app(argc, argv);
++        QMessageBox msgBox;
++        msgBox.setWindowTitle(QObject::tr("USB Rules and Permissions !"));
++        msgBox.setText(QObject::tr("USB passthru opens a security hole. Please read \n\nhttps://bugzilla.novell.com/show_bug.cgi?id=664520\n\nto understand the problem. If you really want/need to use USB passthru, then copy /usr/lib/udev/rules.d/60-vboxdrv.rules to /etc/udev/rules.d/, and modify that file as outlined in the comments.\n\nTo avoid seeing this message every time VirtualBox is started, a dummy file is being created."));
++        int ret = msgBox.exec();
++        app.quit();
++        return 0;
++}
++
diff --git a/vbox_build_kms_modules.diff b/vbox_build_kms_modules.diff
new file mode 100644
index 0000000..230d427
--- /dev/null
+++ b/vbox_build_kms_modules.diff
@@ -0,0 +1,11 @@
+--- VirtualBox-5.0.8/Config.kmk.orig	2015-10-28 14:20:16.890267889 -0500
++++ VirtualBox-5.0.8/Config.kmk	2015-10-28 14:22:09.734462286 -0500
+@@ -327,6 +327,8 @@ endif
+ ifdef VBOX_ONLY_SDK
+  VBOX_WITHOUT_ADDITIONS = 1
+ endif
++# Build the KMS versions of the Guest Additions
++VBOX_WITH_GUEST_KMS_DRIVER=1
+ # Don't create the additions ISO.
+ # (Used by the additions build server, don't invert it.)
+ #VBOX_WITHOUT_ADDITIONS_ISO = 1
diff --git a/virtualbox.changes b/virtualbox.changes
index 058ee8b..4b23c0b 100644
--- a/virtualbox.changes
+++ b/virtualbox.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Sun Nov  8 05:10:36 UTC 2015 - Larry.Finger@lwfinger.net
+
+- Add a popup window to the VB startup wrapper to make clear why USB passthru is not automatically
+  enabled, and explain what steps the user should take if this feature is wanted despite the security
+  hole.
+
+  This change fixes the problem shown in boo#953018. 
+
+-------------------------------------------------------------------
 Tue Oct 20 19:01:09 UTC 2015 - Larry.Finger@lwfinger.net
 
 - Version bump to 5.0.8 (released 2015-10-20 by Oracle)
diff --git a/virtualbox.spec b/virtualbox.spec
index 1553930..81b926e 100644
--- a/virtualbox.spec
+++ b/virtualbox.spec
@@ -81,6 +81,9 @@ Patch106:       gcc5-real-support.patch
 Patch107:       virtualbox-sed-params.patch
 # Patch to use snprintf correcty and not overflow dst buffer
 Patch108:       virtualbox-snpritnf-buffer-overflow.patch
+# Patch to add code to explain USB Passthru
+Patch109:       vbox-usb-warning.diff
+#
 BuildRequires:  LibVNCServer-devel
 BuildRequires:  SDL-devel
 BuildRequires:  acpica
@@ -307,6 +310,7 @@ This package contains icons for guest desktop files that were created on the des
 %patch106 -p1
 %patch107 -p1
 %patch108 -p1
+%patch109 -p1
 #copy user manual
 cp %{SOURCE1} UserManual.pdf
 #copy kbuild config