2019-01-31 20:33:38 +01:00
|
|
|
# This patch file is to warn future maintainers of VirtualBox on openSUSE
|
|
|
|
|
# platforms that the distributed versions of vboxadd.sh and vboxdrv.sh
|
|
|
|
|
# contain security holes. If you need to use these scripts in the future,
|
|
|
|
|
# please consult the Security Group at openSUSE.
|
|
|
|
|
#
|
|
|
|
|
# January 31, 2019 - Larry Finger
|
|
|
|
|
#
|
Accepting request 1060705 from home:larryr:branches:Virtualization
- VirtualBox 7.0.6 (released January 17 2023)
This is a maintenance release. The following items were fixed and/or added: [1]
- VMM: Fixed guru running the FreeBSD loader on older Intel CPUs without unrestricted guest support (bug #21332)
- GUI: Fixed virtual machines grouping when VM was created or modified in command line (bugs #11500, #20933)
- GUI: Introduced generic changes in settings dialogs
- VirtioNet: Fixed broken network after loading saved state (bug #21172)
- Storage: Added support for increasing the size of the following VMDK image variants: monolithicFlat, monolithicSparse, twoGbMaxExtentSparse, twoGbMaxExtentFlat
- VBoxManage: Added missing --directory switch for guestcontrol mktemp command
- Mouse Integration: Guest was provided with extended host mouse state (bug #21139)
- DnD: Introduced generic improvements
- Guest Control: Fixed handling creation mode for temporary directories (bug #21394)
- Linux Host and Guest: Added initial support for building UEK7 kernel on Oracle Linux 8
- Linux Host and Guest: Added initial support for RHEL 9.1 kernel
- Linux Guest Additions: Added initial support for kernel 6.2 for vboxvideo
- Audio: The "--audio" option in VBoxManage is now marked as deprecated; please use "--audio-driver" and "--audio-enabled" instead. This will allow more flexibility when changing the driver and/or controlling the audio functionality
Additionally, it fixes 6 CVE's: [2]
CVE-2023-21886 Oracle VM VirtualBox Core Multiple Yes 8.1 Network High None None Un-
changed High High High Prior to 6.1.42, prior to 7.0.6
CVE-2023-21898 Oracle VM VirtualBox Core None No 5.5 Local Low Low None Un-
changed None None High Prior to 6.1.42, prior to 7.0.6 See Note 1
CVE-2023-21899 Oracle VM VirtualBox Core None No 5.5 Local Low Low None Un-
changed None None High Prior to 6.1.42, prior to 7.0.6 See Note 1
CVE-2023-21884 Oracle VM VirtualBox Core None No 4.4 Local Low High None Un-
changed None None High Prior to 6.1.42, prior to 7.0.6
CVE-2023-21885 Oracle VM VirtualBox Core None No 3.8 Local Low Low None Changed Low None None Prior to 6.1.42, prior to 7.0.6 See Note 2
CVE-2023-21889 Oracle VM VirtualBox Core None No 3.8 Local Low Low None Changed Low None None Prior to 6.1.42, prior to 7.0.6
Note 1: Applies to VirtualBox VMs running Windows 7 and later.
Note 2: Applies to Windows only.
Links:
OBS-URL: https://build.opensuse.org/request/show/1060705
OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=673
2023-01-24 22:49:25 +01:00
|
|
|
Index: VirtualBox-7.0.6/src/VBox/Additions/linux/installer/vboxadd.sh
|
2019-01-31 20:33:38 +01:00
|
|
|
===================================================================
|
Accepting request 1060705 from home:larryr:branches:Virtualization
- VirtualBox 7.0.6 (released January 17 2023)
This is a maintenance release. The following items were fixed and/or added: [1]
- VMM: Fixed guru running the FreeBSD loader on older Intel CPUs without unrestricted guest support (bug #21332)
- GUI: Fixed virtual machines grouping when VM was created or modified in command line (bugs #11500, #20933)
- GUI: Introduced generic changes in settings dialogs
- VirtioNet: Fixed broken network after loading saved state (bug #21172)
- Storage: Added support for increasing the size of the following VMDK image variants: monolithicFlat, monolithicSparse, twoGbMaxExtentSparse, twoGbMaxExtentFlat
- VBoxManage: Added missing --directory switch for guestcontrol mktemp command
- Mouse Integration: Guest was provided with extended host mouse state (bug #21139)
- DnD: Introduced generic improvements
- Guest Control: Fixed handling creation mode for temporary directories (bug #21394)
- Linux Host and Guest: Added initial support for building UEK7 kernel on Oracle Linux 8
- Linux Host and Guest: Added initial support for RHEL 9.1 kernel
- Linux Guest Additions: Added initial support for kernel 6.2 for vboxvideo
- Audio: The "--audio" option in VBoxManage is now marked as deprecated; please use "--audio-driver" and "--audio-enabled" instead. This will allow more flexibility when changing the driver and/or controlling the audio functionality
Additionally, it fixes 6 CVE's: [2]
CVE-2023-21886 Oracle VM VirtualBox Core Multiple Yes 8.1 Network High None None Un-
changed High High High Prior to 6.1.42, prior to 7.0.6
CVE-2023-21898 Oracle VM VirtualBox Core None No 5.5 Local Low Low None Un-
changed None None High Prior to 6.1.42, prior to 7.0.6 See Note 1
CVE-2023-21899 Oracle VM VirtualBox Core None No 5.5 Local Low Low None Un-
changed None None High Prior to 6.1.42, prior to 7.0.6 See Note 1
CVE-2023-21884 Oracle VM VirtualBox Core None No 4.4 Local Low High None Un-
changed None None High Prior to 6.1.42, prior to 7.0.6
CVE-2023-21885 Oracle VM VirtualBox Core None No 3.8 Local Low Low None Changed Low None None Prior to 6.1.42, prior to 7.0.6 See Note 2
CVE-2023-21889 Oracle VM VirtualBox Core None No 3.8 Local Low Low None Changed Low None None Prior to 6.1.42, prior to 7.0.6
Note 1: Applies to VirtualBox VMs running Windows 7 and later.
Note 2: Applies to Windows only.
Links:
OBS-URL: https://build.opensuse.org/request/show/1060705
OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=673
2023-01-24 22:49:25 +01:00
|
|
|
--- VirtualBox-7.0.6.orig/src/VBox/Additions/linux/installer/vboxadd.sh
|
|
|
|
|
+++ VirtualBox-7.0.6/src/VBox/Additions/linux/installer/vboxadd.sh
|
2023-02-03 01:11:22 +01:00
|
|
|
@@ -890,9 +890,11 @@ dmnstatus()
|
2019-01-31 20:33:38 +01:00
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
|
Accepting request 696073 from home:lwfinger:branches:openSUSE:Factory
- Updated file "Fixes_for_Leap15.1.patch" to handle one addition problem due to backporting of kernel APIa.
Remove "BuildRequires: quilt" - that package is not needed.
VirtualBox 6.0.6 fixes the following: CVE-2019-2656, CVE-2019-2680, CVE-2019-2696, CVE-2019-2703, CVE-2019-2721,
CVE-2019-2722, CVE-2019-2723, CVE-2019-2657, CVE-2019-2690, CVE-2019-2679,
CVE-2019-2678, and CVE-2019-2574 boo#1132827.
- Version bump to 6.0.6 (released April 17 2019 by Oracle)
The following files in the openSUSE implemetation are removed: "fix_32_bit_builds.patch", "fixes_for_5.0.patch", and
"fixes_for_5.1.patch". These issues are fixed upstream.
OBS-URL: https://build.opensuse.org/request/show/696073
OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=486
2019-04-30 02:56:27 +02:00
|
|
|
-for i; do
|
|
|
|
|
- case "$i" in quiet) QUIET=yes;; esac
|
|
|
|
|
-done
|
2019-01-31 20:33:38 +01:00
|
|
|
+echo "This script has insecurities. It must never be used in openSUSE without consultine Security."
|
|
|
|
|
+exit 1
|
|
|
|
|
+
|
Accepting request 696073 from home:lwfinger:branches:openSUSE:Factory
- Updated file "Fixes_for_Leap15.1.patch" to handle one addition problem due to backporting of kernel APIa.
Remove "BuildRequires: quilt" - that package is not needed.
VirtualBox 6.0.6 fixes the following: CVE-2019-2656, CVE-2019-2680, CVE-2019-2696, CVE-2019-2703, CVE-2019-2721,
CVE-2019-2722, CVE-2019-2723, CVE-2019-2657, CVE-2019-2690, CVE-2019-2679,
CVE-2019-2678, and CVE-2019-2574 boo#1132827.
- Version bump to 6.0.6 (released April 17 2019 by Oracle)
The following files in the openSUSE implemetation are removed: "fix_32_bit_builds.patch", "fixes_for_5.0.patch", and
"fixes_for_5.1.patch". These issues are fixed upstream.
OBS-URL: https://build.opensuse.org/request/show/696073
OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=486
2019-04-30 02:56:27 +02:00
|
|
|
+case "$2" in quiet)
|
|
|
|
|
+ QUIET=yes;;
|
|
|
|
|
case "$1" in
|
|
|
|
|
# Does setup without clean-up first and marks all kernels currently found on the
|
|
|
|
|
# system so that we can see later if any were added.
|
Accepting request 1060705 from home:larryr:branches:Virtualization
- VirtualBox 7.0.6 (released January 17 2023)
This is a maintenance release. The following items were fixed and/or added: [1]
- VMM: Fixed guru running the FreeBSD loader on older Intel CPUs without unrestricted guest support (bug #21332)
- GUI: Fixed virtual machines grouping when VM was created or modified in command line (bugs #11500, #20933)
- GUI: Introduced generic changes in settings dialogs
- VirtioNet: Fixed broken network after loading saved state (bug #21172)
- Storage: Added support for increasing the size of the following VMDK image variants: monolithicFlat, monolithicSparse, twoGbMaxExtentSparse, twoGbMaxExtentFlat
- VBoxManage: Added missing --directory switch for guestcontrol mktemp command
- Mouse Integration: Guest was provided with extended host mouse state (bug #21139)
- DnD: Introduced generic improvements
- Guest Control: Fixed handling creation mode for temporary directories (bug #21394)
- Linux Host and Guest: Added initial support for building UEK7 kernel on Oracle Linux 8
- Linux Host and Guest: Added initial support for RHEL 9.1 kernel
- Linux Guest Additions: Added initial support for kernel 6.2 for vboxvideo
- Audio: The "--audio" option in VBoxManage is now marked as deprecated; please use "--audio-driver" and "--audio-enabled" instead. This will allow more flexibility when changing the driver and/or controlling the audio functionality
Additionally, it fixes 6 CVE's: [2]
CVE-2023-21886 Oracle VM VirtualBox Core Multiple Yes 8.1 Network High None None Un-
changed High High High Prior to 6.1.42, prior to 7.0.6
CVE-2023-21898 Oracle VM VirtualBox Core None No 5.5 Local Low Low None Un-
changed None None High Prior to 6.1.42, prior to 7.0.6 See Note 1
CVE-2023-21899 Oracle VM VirtualBox Core None No 5.5 Local Low Low None Un-
changed None None High Prior to 6.1.42, prior to 7.0.6 See Note 1
CVE-2023-21884 Oracle VM VirtualBox Core None No 4.4 Local Low High None Un-
changed None None High Prior to 6.1.42, prior to 7.0.6
CVE-2023-21885 Oracle VM VirtualBox Core None No 3.8 Local Low Low None Changed Low None None Prior to 6.1.42, prior to 7.0.6 See Note 2
CVE-2023-21889 Oracle VM VirtualBox Core None No 3.8 Local Low Low None Changed Low None None Prior to 6.1.42, prior to 7.0.6
Note 1: Applies to VirtualBox VMs running Windows 7 and later.
Note 2: Applies to Windows only.
Links:
OBS-URL: https://build.opensuse.org/request/show/1060705
OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=673
2023-01-24 22:49:25 +01:00
|
|
|
Index: VirtualBox-7.0.6/src/VBox/Installer/linux/vboxdrv.sh
|
2019-01-31 20:33:38 +01:00
|
|
|
===================================================================
|
Accepting request 1060705 from home:larryr:branches:Virtualization
- VirtualBox 7.0.6 (released January 17 2023)
This is a maintenance release. The following items were fixed and/or added: [1]
- VMM: Fixed guru running the FreeBSD loader on older Intel CPUs without unrestricted guest support (bug #21332)
- GUI: Fixed virtual machines grouping when VM was created or modified in command line (bugs #11500, #20933)
- GUI: Introduced generic changes in settings dialogs
- VirtioNet: Fixed broken network after loading saved state (bug #21172)
- Storage: Added support for increasing the size of the following VMDK image variants: monolithicFlat, monolithicSparse, twoGbMaxExtentSparse, twoGbMaxExtentFlat
- VBoxManage: Added missing --directory switch for guestcontrol mktemp command
- Mouse Integration: Guest was provided with extended host mouse state (bug #21139)
- DnD: Introduced generic improvements
- Guest Control: Fixed handling creation mode for temporary directories (bug #21394)
- Linux Host and Guest: Added initial support for building UEK7 kernel on Oracle Linux 8
- Linux Host and Guest: Added initial support for RHEL 9.1 kernel
- Linux Guest Additions: Added initial support for kernel 6.2 for vboxvideo
- Audio: The "--audio" option in VBoxManage is now marked as deprecated; please use "--audio-driver" and "--audio-enabled" instead. This will allow more flexibility when changing the driver and/or controlling the audio functionality
Additionally, it fixes 6 CVE's: [2]
CVE-2023-21886 Oracle VM VirtualBox Core Multiple Yes 8.1 Network High None None Un-
changed High High High Prior to 6.1.42, prior to 7.0.6
CVE-2023-21898 Oracle VM VirtualBox Core None No 5.5 Local Low Low None Un-
changed None None High Prior to 6.1.42, prior to 7.0.6 See Note 1
CVE-2023-21899 Oracle VM VirtualBox Core None No 5.5 Local Low Low None Un-
changed None None High Prior to 6.1.42, prior to 7.0.6 See Note 1
CVE-2023-21884 Oracle VM VirtualBox Core None No 4.4 Local Low High None Un-
changed None None High Prior to 6.1.42, prior to 7.0.6
CVE-2023-21885 Oracle VM VirtualBox Core None No 3.8 Local Low Low None Changed Low None None Prior to 6.1.42, prior to 7.0.6 See Note 2
CVE-2023-21889 Oracle VM VirtualBox Core None No 3.8 Local Low Low None Changed Low None None Prior to 6.1.42, prior to 7.0.6
Note 1: Applies to VirtualBox VMs running Windows 7 and later.
Note 2: Applies to Windows only.
Links:
OBS-URL: https://build.opensuse.org/request/show/1060705
OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=673
2023-01-24 22:49:25 +01:00
|
|
|
--- VirtualBox-7.0.6.orig/src/VBox/Installer/linux/vboxdrv.sh
|
|
|
|
|
+++ VirtualBox-7.0.6/src/VBox/Installer/linux/vboxdrv.sh
|
2023-02-03 01:11:22 +01:00
|
|
|
@@ -47,6 +47,9 @@ DEVICE=/dev/vboxdrv
|
2019-01-31 20:33:38 +01:00
|
|
|
MODPROBE=/sbin/modprobe
|
|
|
|
|
SCRIPTNAME=vboxdrv.sh
|
|
|
|
|
|
|
|
|
|
+echo "This script has insecurities. It must never be used in openSUSE without consultine Security."
|
|
|
|
|
+exit 1
|
|
|
|
|
+
|
|
|
|
|
# The below is GNU-specific. See VBox.sh for the longer Solaris/OS X version.
|
|
|
|
|
TARGET=`readlink -e -- "${0}"` || exit 1
|
|
|
|
|
SCRIPT_DIR="${TARGET%/[!/]*}"
|
