From 806003d2a352806932aa1f8379fd3c0a891f155716f0ed1e29e949ec76370078 Mon Sep 17 00:00:00 2001 From: Larry Finger Date: Tue, 7 Nov 2017 16:41:30 +0000 Subject: [PATCH 1/3] - Modify "fixes_for_leap15.patch" to handle SKB_GSO_UDP API change. - Addresses VUL-0: CVE-2017-10392,CVE-2017-10407,CVE-2017-10408,CVE-2017-3733,CVE-2017-10428 as noted in bsc #1064200 - Fix /sbin/vboxguestconfig.sh to be similar to /sbin/vboxconfig.sh. OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=380 --- fixes_for_leap15.patch | 28 ++++++++++++++++++++++++++++ vboxguestconfig.sh | 22 ++++++++++++++-------- virtualbox.changes | 6 ++++++ virtualbox.spec | 6 ++++++ 4 files changed, 54 insertions(+), 8 deletions(-) diff --git a/fixes_for_leap15.patch b/fixes_for_leap15.patch index 471fb1d..8a5d093 100644 --- a/fixes_for_leap15.patch +++ b/fixes_for_leap15.patch @@ -11,3 +11,31 @@ Index: VirtualBox-5.1.30/src/VBox/Runtime/r0drv/linux/waitqueue-r0drv-linux.h wait_queue_entry_t WaitQE; #else wait_queue_t WaitQE; +Index: VirtualBox-5.1.28/src/VBox/HostDrivers/VBoxNetFlt/linux/VBoxNetFlt-linux.c +=================================================================== +--- VirtualBox-5.1.28.orig/src/VBox/HostDrivers/VBoxNetFlt/linux/VBoxNetFlt-linux.c ++++ VirtualBox-5.1.28/src/VBox/HostDrivers/VBoxNetFlt/linux/VBoxNetFlt-linux.c +@@ -124,6 +124,10 @@ typedef struct VBOXNETFLTNOTIFIER *PVBOX + # define bstats stats + # define qstats stats + # endif ++#endif ++ ++# if 1 ++#define SKB_GSO_UDP 0 + #endif + + #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 20, 0) +@@ -722,9 +726,11 @@ static struct sk_buff *vboxNetFltLinuxSk + case PDMNETWORKGSOTYPE_IPV4_TCP: + fGsoType = SKB_GSO_TCPV4; + break; ++# if 1 + case PDMNETWORKGSOTYPE_IPV4_UDP: + fGsoType = SKB_GSO_UDP; + break; ++#endif + case PDMNETWORKGSOTYPE_IPV6_TCP: + fGsoType = SKB_GSO_TCPV6; + break; + diff --git a/vboxguestconfig.sh b/vboxguestconfig.sh index 299a080..24be4ed 100644 --- a/vboxguestconfig.sh +++ b/vboxguestconfig.sh @@ -5,7 +5,7 @@ # # This script is part of the openSUSE VirtualBox package # -SOURCE="/usr/src/kernel-modules" +SOURCE="/usr/src/kernel-modules/" LOGFILE="/var/log/virtualbox.log" INCLUDE="/lib/modules/`uname -r`/build/include" # @@ -15,13 +15,19 @@ if [ -n "$loaded" ] ; then echo "Kernel modules available - exiting..." exit 0 fi -# Force installation of VB guest sources. Zypper will install all the prerequisies -echo "Installing all required packages..." -killproc PackageKit -zypper install -y virtualbox-guest-source > /dev/null 2>&1 -if [ "$?" -ne 0 ] ; then - echo "Installation of required packages failed." - echo "Use 'sudo zypper install virtualbox-guest-source' to see the reason." +# +# Check if virtualbox-guest-source is installed, quit if not +if ! rpm -qf "$SOURCE/virtualbox/src/Makefile" &>/dev/null ; then + echo "Sources for building guest modules are not present," + echo "Use 'sudo zypper install virtualbox-guest-source' to install them. Quitting .." + exit 1 +fi +# +# Check if virtualbox-guest-source version matches virtualbox version +if [ "$(rpm -q virtualbox virtualbox-guest-source --queryformat='%{version}-%{release}\n' 2>/dev/null | sort -u | wc -l)" -ne "1" ] ; then + echo "virtualbox-guest-source package version doesn't match" + echo "the version of virtualbox package." + echo "Reinstall virtualbox-guest-source package. Quitting .." exit 1 fi # Prerequisites are available, start build diff --git a/virtualbox.changes b/virtualbox.changes index 66ad5d2..1673b44 100644 --- a/virtualbox.changes +++ b/virtualbox.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Nov 7 16:34:21 UTC 2017 - Larry.Finger@lwfinger.net + +- Modify "fixes_for_leap15.patch" to handle SKB_GSO_UDP API change. +- Addresses VUL-0: CVE-2017-10392,CVE-2017-10407,CVE-2017-10408,CVE-2017-3733,CVE-2017-10428 as noted in bsc #1064200 + ------------------------------------------------------------------- Wed Nov 1 15:22:09 UTC 2017 - mpluskal@suse.com diff --git a/virtualbox.spec b/virtualbox.spec index 91d3ac4..76bb319 100644 --- a/virtualbox.spec +++ b/virtualbox.spec @@ -109,6 +109,8 @@ Patch117: fix_KMS_support.patch Patch118: internal-headers.patch # Fix kernl API change in Leap 15 Patch119: fixes_for_leap15.patch +# Fix rpmlint error for script /lib/usr/virtualbox/vboxshell.py +Patch120: fixes_for_python.patch # BuildRequires: LibVNCServer-devel BuildRequires: SDL-devel @@ -203,6 +205,7 @@ BuildRequires: xorg-x11-libXmu-devel-32bit BuildRequires: xorg-x11-libXt-devel-32bit %endif %{?systemd_requires} +%posttrans %description VirtualBox is an extremely feature rich, high performance product @@ -243,6 +246,7 @@ websrv GUI part for %{name}. Summary: Host kernel module for VirtualBox Group: System/Emulators/PC %kernel_module_package -t %{_builddir}/virtualbox-kmp-template -p %{SOURCE7} -n %{name}-host -f %{SOURCE5} -x kdump um xen pae xenpae pv +Requires: kernel-devel %description host-KMP This package contains the kernel-module for VirtualBox. @@ -252,6 +256,7 @@ This package contains the kernel-module for VirtualBox. Summary: Guest kernel modules for VirtualBox Group: System/Emulators/PC %kernel_module_package -t %{_builddir}/virtualbox-kmp-template -p %{SOURCE8} -n %{name}-guest -f %{SOURCE6} -x kdump um xen pae xenpae pv +Requires: kernel-devel %description guest-KMP This package contains the kernel-module for VirtualBox. @@ -394,6 +399,7 @@ as an "extpack" for VirtualBox. The implementation is licensed under GPL. %if 0%{suse_version} >= 1500 %patch119 -p1 %endif +%patch120 -p1 #copy user manual cp %{SOURCE1} UserManual.pdf From cdc999e54ddd3221d1f9fba1990c60f6df7acc81a81ad990c55ef2687803add8 Mon Sep 17 00:00:00 2001 From: Larry Finger Date: Wed, 8 Nov 2017 02:09:11 +0000 Subject: [PATCH 2/3] - Add file "fixes_for_python.patch". OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=381 --- fixes_for_python.patch | 19 +++++++++++++++++++ virtualbox.changes | 5 +++++ 2 files changed, 24 insertions(+) create mode 100644 fixes_for_python.patch diff --git a/fixes_for_python.patch b/fixes_for_python.patch new file mode 100644 index 0000000..1f6953b --- /dev/null +++ b/fixes_for_python.patch @@ -0,0 +1,19 @@ +To eliminate an rpmlint error, the shebang for this script should be +changed to use pythin directly, rather than through env. + +When openSUSE switches to Python3, the shebang below should be changed +to "#!/usr/bin/python3". + +Larry Finger + +Index: VirtualBox-5.1.30/src/VBox/Frontends/VBoxShell/vboxshell.py +=================================================================== +--- VirtualBox-5.1.30.orig/src/VBox/Frontends/VBoxShell/vboxshell.py ++++ VirtualBox-5.1.30/src/VBox/Frontends/VBoxShell/vboxshell.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/python + # -*- coding: utf-8 -*- + # $Id: vboxshell.py $ + + diff --git a/virtualbox.changes b/virtualbox.changes index 1673b44..df8df87 100644 --- a/virtualbox.changes +++ b/virtualbox.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Nov 8 02:08:27 UTC 2017 - Larry.Finger@lwfinger.net + +- Add file "fixes_for_python.patch". + ------------------------------------------------------------------- Tue Nov 7 16:34:21 UTC 2017 - Larry.Finger@lwfinger.net From f3efb31ed12dccefcd1c268de560382d5dfef213f55895265471f4714507ff4c Mon Sep 17 00:00:00 2001 From: Larry Finger Date: Sat, 11 Nov 2017 03:41:47 +0000 Subject: [PATCH 3/3] - Update "fixes_for_leap15.patch" for wait queue API changes. OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=382 --- fixes_for_leap15.patch | 30 +++++++++++++----------------- virtualbox.changes | 5 +++++ 2 files changed, 18 insertions(+), 17 deletions(-) diff --git a/fixes_for_leap15.patch b/fixes_for_leap15.patch index 8a5d093..3b14bc2 100644 --- a/fixes_for_leap15.patch +++ b/fixes_for_leap15.patch @@ -11,31 +11,27 @@ Index: VirtualBox-5.1.30/src/VBox/Runtime/r0drv/linux/waitqueue-r0drv-linux.h wait_queue_entry_t WaitQE; #else wait_queue_t WaitQE; -Index: VirtualBox-5.1.28/src/VBox/HostDrivers/VBoxNetFlt/linux/VBoxNetFlt-linux.c +Index: VirtualBox-5.1.30/src/VBox/HostDrivers/VBoxNetFlt/linux/VBoxNetFlt-linux.c =================================================================== ---- VirtualBox-5.1.28.orig/src/VBox/HostDrivers/VBoxNetFlt/linux/VBoxNetFlt-linux.c -+++ VirtualBox-5.1.28/src/VBox/HostDrivers/VBoxNetFlt/linux/VBoxNetFlt-linux.c -@@ -124,6 +124,10 @@ typedef struct VBOXNETFLTNOTIFIER *PVBOX - # define bstats stats - # define qstats stats - # endif -+#endif -+ -+# if 1 -+#define SKB_GSO_UDP 0 +--- VirtualBox-5.1.30.orig/src/VBox/HostDrivers/VBoxNetFlt/linux/VBoxNetFlt-linux.c ++++ VirtualBox-5.1.30/src/VBox/HostDrivers/VBoxNetFlt/linux/VBoxNetFlt-linux.c +@@ -130,6 +130,10 @@ typedef struct VBOXNETFLTNOTIFIER *PVBOX + #define SKB_GSO_UDP 0 #endif ++# if 1 ++#define SKB_GSO_UDP 0 ++#endif ++ #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 20, 0) -@@ -722,9 +726,11 @@ static struct sk_buff *vboxNetFltLinuxSk + # define VBOX_HAVE_SKB_VLAN + #else +@@ -726,7 +730,7 @@ static struct sk_buff *vboxNetFltLinuxSk case PDMNETWORKGSOTYPE_IPV4_TCP: fGsoType = SKB_GSO_TCPV4; break; +-# if LINUX_VERSION_CODE < KERNEL_VERSION(4, 14, 0) +# if 1 case PDMNETWORKGSOTYPE_IPV4_UDP: fGsoType = SKB_GSO_UDP; break; -+#endif - case PDMNETWORKGSOTYPE_IPV6_TCP: - fGsoType = SKB_GSO_TCPV6; - break; - diff --git a/virtualbox.changes b/virtualbox.changes index df8df87..61a8173 100644 --- a/virtualbox.changes +++ b/virtualbox.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Sat Nov 11 03:40:07 UTC 2017 - Larry.Finger@lwfinger.net + +- Update "fixes_for_leap15.patch" for wait queue API changes. + ------------------------------------------------------------------- Wed Nov 8 02:08:27 UTC 2017 - Larry.Finger@lwfinger.net