Accepting request 451707 from Virtualization

Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/451707
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/virtualbox?expand=0&rev=126
This commit is contained in:
Dominique Leuenberger 2017-01-25 21:34:24 +00:00 committed by Git OBS Bridge
commit 05c927721b
5 changed files with 29 additions and 3 deletions

View File

@ -62,7 +62,7 @@ Index: a/src/apps/VBoxUSB_DevRules/VBoxUSB_DevRules.cpp
+ QApplication app(argc, argv); + QApplication app(argc, argv);
+ QMessageBox msgBox; + QMessageBox msgBox;
+ msgBox.setWindowTitle(QObject::tr("USB Rules and Permissions !")); + msgBox.setWindowTitle(QObject::tr("USB Rules and Permissions !"));
+ msgBox.setText(QObject::tr("USB passthru opens a security hole. Please read \n\nhttps://bugzilla.novell.com/show_bug.cgi?id=664520\n\nto understand the problem. If you really want/need to use USB passthru, then copy /usr/lib/udev/rules.d/60-vboxdrv.rules to /etc/udev/rules.d/, and modify that file as outlined in the comments.\n\nTo avoid seeing this message every time VirtualBox is started, a dummy file is being created.")); + msgBox.setText(QObject::tr("USB passthru opens a security hole. Please read \n\nhttps://bugzilla.novell.com/show_bug.cgi?id=664520\n\nto understand the problem. If you really want/need to use USB passthru and are willing to accept the security risk, then do nothing. To plug the security hole, remove all 'usb' lines from /etc/udev/rules.d/60-vboxdrv.rules.\n\nThis message will not be seen again!"));
+ int ret = msgBox.exec(); + int ret = msgBox.exec();
+ app.quit(); + app.quit();
+ return 0; + return 0;

View File

@ -0,0 +1,7 @@
KERNEL=="vboxdrv", NAME="vboxdrv", OWNER="root", GROUP="root", MODE="0600"
KERNEL=="vboxdrvu", NAME="vboxdrvu", OWNER="root", GROUP="root", MODE="0666"
KERNEL=="vboxnetctl", NAME="vboxnetctl", OWNER="root", GROUP="root", MODE="0600"
SUBSYSTEM=="usb_device", ACTION=="add", RUN+="/usr/lib/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}"
SUBSYSTEM=="usb", ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="/usr/lib/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}"
SUBSYSTEM=="usb_device", ACTION=="remove", RUN+="/usr/lib/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor"
SUBSYSTEM=="usb", ACTION=="remove", ENV{DEVTYPE}=="usb_device", RUN+="/usr/lib/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor"

View File

@ -1,4 +1,9 @@
#!/bin/bash #!/bin/bash
export QT_NO_KDE_INTEGRATION=1 export QT_NO_KDE_INTEGRATION=1
/usr/bin/id -nG | grep -v -e "root" -e "vboxusers" >/dev/null && /usr/lib/virtualbox/VBoxPermissionMessage && exit /usr/bin/id -nG | grep -v -e "root" -e "vboxusers" >/dev/null && /usr/lib/virtualbox/VBoxPermissionMessage && exit
if [ ! -f ~/.vbox/message_out ] ; then
/usr/lib/virtualbox/VBoxUSB_DevRules
mkdir -p ~/.vbox/
touch ~/.vbox/message_out
fi
LD_LIBRARY_PATH="/usr/lib/virtualbox${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}" /usr/lib/virtualbox/VirtualBox $@ LD_LIBRARY_PATH="/usr/lib/virtualbox${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}" /usr/lib/virtualbox/VirtualBox $@

View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Sat Jan 14 02:14:27 UTC 2017 - Larry.Finger@lwfinger.net
- The printing of the warning about the insecurity in USB passthru had been lost. As most people are likely to want that feature,
the logic has been inverted. Now, the required udev commands to allow passthru are included. The first time that VB is started,
the user will get a screen that points to the bug entry discussing the problem and states what they should do to block the
insecure usage. In any case, that screen will only be printed once. File "virtualbox-60-vboxdrv.rules" has been added
These changes address the issues in bnc #1018340.
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Dec 21 03:19:26 UTC 2016 - Larry.Finger@lwfinger.net Wed Dec 21 03:19:26 UTC 2016 - Larry.Finger@lwfinger.net

View File

@ -1,7 +1,7 @@
# #
# spec file for package virtualbox # spec file for package virtualbox
# #
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -17,7 +17,7 @@
%define _vbox_instdir %{_libexecdir}/virtualbox %define _vbox_instdir %{_libexecdir}/virtualbox
%define _udevrulesdir %{_libexecdir}/udev/rules.d %define _udevrulesdir %{_sysconfdir}/udev/rules.d
Name: virtualbox Name: virtualbox
Version: 5.1.12 Version: 5.1.12
Release: 0 Release: 0
@ -40,6 +40,7 @@ Source7: %{name}-host-preamble
Source8: %{name}-guest-preamble Source8: %{name}-guest-preamble
Source9: %{name}-wrapper.sh Source9: %{name}-wrapper.sh
Source10: %{name}-LocalConfig.kmk Source10: %{name}-LocalConfig.kmk
Source11: %{name}-60-vboxdrv.rules
# init script to start virtual boxes during boot, to be configured via /etc/sysconfig/vbox bnc#582398 # init script to start virtual boxes during boot, to be configured via /etc/sysconfig/vbox bnc#582398
Source12: %{name}-vboxes Source12: %{name}-vboxes
Source13: %{name}-sysconfig.vbox Source13: %{name}-sysconfig.vbox
@ -530,6 +531,7 @@ install -m 755 VBoxXPCOMIPCD %{buildroot}%{_vbox_instdir}
install -m 755 VBoxExtPackHelperApp %{buildroot}%{_vbox_instdir} install -m 755 VBoxExtPackHelperApp %{buildroot}%{_vbox_instdir}
install -m 755 VBoxTestOGL %{buildroot}%{_vbox_instdir} install -m 755 VBoxTestOGL %{buildroot}%{_vbox_instdir}
install -m 755 VBoxPermissionMessage %{buildroot}%{_vbox_instdir} install -m 755 VBoxPermissionMessage %{buildroot}%{_vbox_instdir}
install -m 755 VBoxUSB_DevRules %{buildroot}%{_vbox_instdir}
install -m 755 VBoxNetDHCP %{buildroot}%{_vbox_instdir} install -m 755 VBoxNetDHCP %{buildroot}%{_vbox_instdir}
install -m 755 VBoxNetAdpCtl %{buildroot}%{_vbox_instdir} install -m 755 VBoxNetAdpCtl %{buildroot}%{_vbox_instdir}
install -m 755 VirtualBox %{buildroot}%{_vbox_instdir} install -m 755 VirtualBox %{buildroot}%{_vbox_instdir}
@ -544,6 +546,7 @@ install -m 644 nls/* %{buildroot}%{_datadir}/virtualbox/nls/
# install kmp src # install kmp src
mkdir -p %{buildroot}%{_usrsrc}/kernel-modules mkdir -p %{buildroot}%{_usrsrc}/kernel-modules
cp -a src %{buildroot}%{_usrsrc}/kernel-modules/virtualbox cp -a src %{buildroot}%{_usrsrc}/kernel-modules/virtualbox
install -m 644 %{SOURCE11} %{buildroot}%{_udevrulesdir}/60-vboxdrv.rules
popd popd
# install desktop file # install desktop file
@ -792,6 +795,7 @@ exit 0
%files qt %files qt
%defattr(-, root, root) %defattr(-, root, root)
%attr(0755,root,vboxusers) %{_vbox_instdir}/VBoxPermissionMessage %attr(0755,root,vboxusers) %{_vbox_instdir}/VBoxPermissionMessage
%attr(0755,root,vboxusers) %{_vbox_instdir}/VBoxUSB_DevRules
%verify(not mode) %attr(4750,root,vboxusers) %{_vbox_instdir}/VirtualBox %verify(not mode) %attr(4750,root,vboxusers) %{_vbox_instdir}/VirtualBox
#wrapper script is in bindir #wrapper script is in bindir
%attr(0755,root,root) %{_bindir}/VirtualBox %attr(0755,root,root) %{_bindir}/VirtualBox
@ -802,6 +806,7 @@ exit 0
%{_vbox_instdir}/VirtualBox.so %{_vbox_instdir}/VirtualBox.so
%{_datadir}/pixmaps/virtualbox.png %{_datadir}/pixmaps/virtualbox.png
%{_datadir}/applications/%{name}.desktop %{_datadir}/applications/%{name}.desktop
%{_udevrulesdir}/60-vboxdrv.rules
%files guest-x11 %files guest-x11
%defattr(-, root, root) %defattr(-, root, root)