- Fixes for CVE-2017-3561, CVE-2017-3563, CVE-2017-3576, CVE-2017-3558, CVE-2017-3587

CVE-2017-3559, CVE-2017-3575, CVE-2017-3538, CVE-2017-3513 Version bump to 5.1.20 (released 2017-04-18 by Oracle) This is a maintenance release. The following items were fixed and/or added: GUI: don't check if the Extension Pack is up-to-date if the user is about to install a new Extension Pack (bug #16317) GUI: fixed a possible crash when switching a multi-monitor VM into full-screen or seamless mode GUI: several mini-toolbar fixes in full-screen / seamless mode (X11 hosts only) GUI: don't crash on restoring defaults in the appliance import dialog Windows Additions: another fix for automatic logins for Windows Vista and newer (bug #15904) ICH9: fix for Windows guests with a huge amount (>64G) of guest memory BIOS: fixed El Torito hard disk emulation geometry calculation (thanks Dwight Engen) OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=325
2017-04-20 20:01:58 +00:00 · 2017-04-20 20:01:58 +00:00 · c3b3915a83
commit c3b3915a83
parent d1039d5c96
6 changed files with 119 additions and 96 deletions
--- a/UserManual.pdf
+++ b/UserManual.pdf
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:1e520c8fd6c7249fc89e39f61c117537fe9e469688af0912c45517c27f9c2255
-size 4363880
+oid sha256:73b685e32fe65b291e5c18a1de27c758c432b3423e1b02aa5184bde7a779b528
+size 4365078
--- a/VirtualBox-5.1.18-patched.tar.bz2
+++ b/VirtualBox-5.1.18-patched.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ac5c5430ab29021b133948b88d8960d39a9a80caae0da927a482d6d8a0ad3acd
-size 81031394
--- a/VirtualBox-5.1.20-patched.tar.bz2
+++ b/VirtualBox-5.1.20-patched.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:eebde919a146c6b028f20b72d74b60bba08e9462e292224063448bed411688ea
+size 81111766
--- a/vbox-vboxadd-init-script.diff
+++ b/vbox-vboxadd-init-script.diff
@ -1,7 +1,7 @@
-Index: VirtualBox-5.1.14/src/VBox/Additions/linux/installer/vboxadd.sh
+Index: VirtualBox-5.1.20/src/VBox/Additions/linux/installer/vboxadd.sh
 ===================================================================
--- VirtualBox-5.1.14.orig/src/VBox/Additions/linux/installer/vboxadd.sh
-+++ VirtualBox-5.1.14/src/VBox/Additions/linux/installer/vboxadd.sh
+--- VirtualBox-5.1.20.orig/src/VBox/Additions/linux/installer/vboxadd.sh
+++ VirtualBox-5.1.20/src/VBox/Additions/linux/installer/vboxadd.sh
@@ -23,9 +23,12 @@
 # Provides:       vboxadd
 # Required-Start:
@ -16,7 +16,7 @@ Index: VirtualBox-5.1.14/src/VBox/Additions/linux/installer/vboxadd.sh
 ### END INIT INFO
 
 ## @todo This file duplicates a lot of script with vboxdrv.sh.  When making
-@@ -94,7 +97,6 @@ fail()
+@@ -108,7 +111,6 @@ fail()
 
 dev=/dev/vboxguest
 userdev=/dev/vboxuser
@ -24,7 +24,7 @@ Index: VirtualBox-5.1.14/src/VBox/Additions/linux/installer/vboxadd.sh
 owner=vboxadd
 group=1
 
-@@ -140,12 +142,6 @@ do_vboxguest_non_udev()
+@@ -162,12 +164,6 @@ do_vboxguest_non_udev()
             fail "Cannot create device $dev with major $maj and minor $min"
         }
     fi
@ -37,7 +37,7 @@ Index: VirtualBox-5.1.14/src/VBox/Additions/linux/installer/vboxadd.sh
 
     if [ ! -c $userdev ]; then
         maj=10
-@@ -156,12 +152,6 @@ do_vboxguest_non_udev()
+@@ -178,12 +174,6 @@ do_vboxguest_non_udev()
                 rmmod vboxguest 2>/dev/null
                 fail "Cannot create device $userdev with major $maj and minor $min"
             }
@ -50,31 +50,29 @@ Index: VirtualBox-5.1.14/src/VBox/Additions/linux/installer/vboxadd.sh
         fi
     fi
 }
-@@ -171,13 +161,6 @@ start()
+@@ -193,9 +183,8 @@ start()
     begin "Starting the VirtualBox Guest Additions" console;
     # If we got this far assume that the slow set-up has been done.
     QUICKSETUP=yes
-    if test -r $config; then
-      . $config
-    else
-      fail "Configuration file $config not found"
-    fi
-    test -n "$INSTALL_DIR" -a -n "$INSTALL_VER" ||
-      fail "Configuration file $config not complete"
-     uname -r | grep -q -E '^2\.6|^3|^4' 2>/dev/null &&
-         ps -A -o comm | grep -q '/*udevd$' 2>/dev/null ||
-         no_udev=1
-@@ -193,7 +176,7 @@ start()
-         $MODPROBE vboxguest >/dev/null 2>&1 || {
-             setup
+-    if test -z "${INSTALL_NO_MODULE_BUILDS}"; then
+-        uname -r | grep -q -E '^2\.6|^3|^4' 2>/dev/null &&
+-            ps -A -o comm | grep -q '/*udevd$' 2>/dev/null ||
+    uname -r | grep -q -E '^2\.6|^3|^4' 2>/dev/null &&
+        ps -A -o comm | grep -q '/*udevd$' 2>/dev/null ||
+             no_udev=1
+         running_vboxguest || {
+             rm -f $dev || {
+@@ -209,7 +198,7 @@ start()
             $MODPROBE vboxguest >/dev/null 2>&1 || {
-                /sbin/rcvboxadd-x11 cleanup
-+                #/sbin/rcvboxadd-x11 cleanup
-                 fail "modprobe vboxguest failed"
+                 setup
+                 $MODPROBE vboxguest >/dev/null 2>&1 || {
+-                    ${INSTALL_DIR}/init/vboxadd-x11 cleanup
+                    ${INSTALL_DIR}#/init/vboxadd-x11 cleanup
+                     fail "modprobe vboxguest failed"
+                 }
             }
-         }
-@@ -217,14 +200,14 @@ start()
-     }
+@@ -234,14 +223,14 @@ start()
+     fi  # INSTALL_NO_MODULE_BUILDS
 
     # Put the X.Org driver in place.  This is harmless if it is not needed.
 -    /sbin/rcvboxadd-x11 setup
@ -91,7 +89,7 @@ Index: VirtualBox-5.1.14/src/VBox/Additions/linux/installer/vboxadd.sh
         # SELinux for the OpenGL libraries, so that gdm can load them during the
         # acceleration support check.  This prevents an "Oh no, something has gone
         # wrong!" error when starting EL7 guests.
-@@ -237,6 +220,15 @@ start()
+@@ -254,6 +243,15 @@ start()
             chcon -h  -t lib_t  "/var/lib/VBoxGuestAdditions/lib/libEGL.so.1"
         fi
         echo "/var/lib/VBoxGuestAdditions/lib" > /etc/ld.so.conf.d/00vboxvideo.conf
@ -107,27 +105,38 @@ Index: VirtualBox-5.1.14/src/VBox/Additions/linux/installer/vboxadd.sh
     fi
     ldconfig
 
-@@ -382,7 +374,7 @@ extra_setup()
-     ln -sf "$lib_path/$PACKAGE/mount.vboxsf" /sbin
-     # And an rc file to re-build the kernel modules and re-set-up the X server.
-     ln -sf "$lib_path/$PACKAGE/vboxadd" /sbin/rcvboxadd
-    ln -sf "$lib_path/$PACKAGE/vboxadd-x11" /sbin/rcvboxadd-x11
+@@ -394,9 +392,9 @@ create_udev_rule()
+         echo "KERNEL=${udev_fix}\"vboxuser\", NAME=\"vboxuser\", OWNER=\"vboxadd\", MODE=\"0666\"" >> /etc/udev/rules.d/60-vboxadd.rules
+     fi
+ }
+-
+-create_module_rebuild_script()
+-{
+    # And an rc file to re-build the kernel modules and re-set-up the X server.
+    ln -sf "$lib_path/$PACKAGE/vboxadd" /sbin/rcvboxadd
 +    #ln -sf "$lib_path/$PACKAGE/vboxadd-x11" /sbin/rcvboxadd-x11
     # And a post-installation script for rebuilding modules when a new kernel
     # is installed.
     mkdir -p /etc/kernel/postinst.d /etc/kernel/prerm.d
-@@ -415,49 +407,13 @@ EOF
+@@ -427,47 +425,18 @@ shared_folder_setup()
+     ## @todo It would be nicer if the kernel module just parsed parameters
+     # itself instead of needing a separate binary to do that.
+     ln -sf "${INSTALL_DIR}/other/mount.vboxsf" /sbin
+-    # SELinux security context for the mount helper.
+-    if test -e /etc/selinux/config; then
+-        # This is correct.  semanage maps this to the real path, and it aborts
+-        # with an error, telling you what you should have typed, if you specify
+-        # the real path.  The "chcon" is there as a back-up for old guests.
+-        command -v semanage > /dev/null &&
+-            semanage fcontext -a -t mount_exec_t "/usr/lib/$PACKAGE/mount.vboxsf"
+-        chcon -t mount_exec_t "$lib_path/$PACKAGE/mount.vboxsf"
+-    fi
+-    succ_msg
+-}
+-
 # setup_script
 setup()
 {
-    begin "Building Guest Additions kernel modules" console
-    if test -r $config; then
-      . $config
-    else
-      fail "Configuration file $config not found"
-    fi
-    test -n "$INSTALL_DIR" -a -n "$INSTALL_VER" ||
-      fail "Configuration file $config not complete"
 -    export BUILD_TYPE
 -    export USERNAME
 -
@ -136,20 +145,16 @@ Index: VirtualBox-5.1.14/src/VBox/Additions/linux/installer/vboxadd.sh
 -    BUILDINTMP="$MODULE_SRC/build_in_tmp"
 -    chcon -t bin_t "$BUILDINTMP" > /dev/null 2>&1
 -
-    if setup_modules; then
-        mod_succ=0
-    else
-        mod_succ=1
-        show_error "Please check that you have gcc, make, the header files for your Linux kernel and possibly perl installed."
+-    test -z "${INSTALL_NO_MODULE_BUILDS}" && setup_modules
+-    create_vbox_user
+-    create_udev_rule
+-    test -z "${INSTALL_NO_MODULE_BUILDS}" && create_module_rebuild_script
+-    test -n "${QUICKSETUP}" && return 0
+-    shared_folder_setup
+-    if  running_vboxguest || running_vboxadd; then
+-        begin "Running kernel modules will not be replaced until the system is restarted"
 -    fi
-    test -n "${QUICKSETUP}" && return "${mod_succ}"
-    extra_setup
-    if [ "$mod_succ" -eq "0" ]; then
-        if running_vboxguest || running_vboxadd; then
-            begin "You should restart your guest to make sure the new modules are actually used" console
-        fi
-    fi
-    return "${mod_succ}"
+-    return 0
 +    begin "Recompiling VirtualBox kernel module, NOT. It has been packaged."
 +    succ_msg
 }
@ -157,36 +162,37 @@ Index: VirtualBox-5.1.14/src/VBox/Additions/linux/installer/vboxadd.sh
 # cleanup_script
 cleanup()
 {
-    if test -r $config; then
-      . $config
-      test -n "$INSTALL_DIR" -a -n "$INSTALL_VER" ||
-        fail "Configuration file $config not complete"
-    else
-      fail "Configuration file $config not found"
-    fi
-
-     # Delete old versions of VBox modules.
-     cleanup_modules
-     depmod
-@@ -468,12 +424,12 @@ cleanup()
-     done
+-    if test -z "${INSTALL_NO_MODULE_BUILDS}"; then
+-        # Delete old versions of VBox modules.
+-        cleanup_modules
+    # Delete old versions of VBox modules.
+    cleanup_modules
+         depmod
+ 
+         # Remove old module sources
+@@ -477,13 +446,14 @@ cleanup()
+     fi
 
     # Clean-up X11-related bits
-    /sbin/rcvboxadd-x11 cleanup
+-    ${INSTALL_DIR}/init/vboxadd-x11 cleanup
 +    #/sbin/rcvboxadd-x11 cleanup
 
     # Remove other files
     rm /sbin/mount.vboxsf 2>/dev/null
-     rm /sbin/rcvboxadd 2>/dev/null
-    rm /sbin/rcvboxadd-x11 2>/dev/null
+-    if test -z "${INSTALL_NO_MODULE_BUILDS}"; then
+-        rm -f /etc/kernel/postinst.d/vboxadd /etc/kernel/prerm.d/vboxadd
+-        rmdir -p /etc/kernel/postinst.d /etc/kernel/prerm.d 2>/dev/null
+    rm /sbin/rcvboxadd 2>/dev/null
 +    #rm /sbin/rcvboxadd-x11 2>/dev/null
-     rm -f /etc/kernel/postinst.d/vboxadd /etc/kernel/prerm.d/vboxadd
-     rmdir -p /etc/kernel/postinst.d /etc/kernel/prerm.d 2>/dev/null
+    rm -f /etc/kernel/postinst.d/vboxadd /etc/kernel/prerm.d/vboxadd
+    rmdir -p /etc/kernel/postinst.d /etc/kernel/prerm.d 2>/dev/null
+     fi
     rm /etc/udev/rules.d/60-vboxadd.rules 2>/dev/null
-Index: VirtualBox-5.1.14/src/VBox/Additions/linux/installer/vboxadd-service.sh
+ }
+Index: VirtualBox-5.1.20/src/VBox/Additions/linux/installer/vboxadd-service.sh
 ===================================================================
--- VirtualBox-5.1.14.orig/src/VBox/Additions/linux/installer/vboxadd-service.sh
-+++ VirtualBox-5.1.14/src/VBox/Additions/linux/installer/vboxadd-service.sh
+--- VirtualBox-5.1.20.orig/src/VBox/Additions/linux/installer/vboxadd-service.sh
+++ VirtualBox-5.1.20/src/VBox/Additions/linux/installer/vboxadd-service.sh
@@ -20,7 +20,7 @@
 # Provides:       vboxadd-service
 # Required-Start: vboxadd
@ -196,10 +202,10 @@ Index: VirtualBox-5.1.14/src/VBox/Additions/linux/installer/vboxadd-service.sh
 # Default-Stop:   0 1 6
 # Description:    VirtualBox Additions Service
 ### END INIT INFO
-Index: VirtualBox-5.1.14/src/VBox/Installer/linux/vboxautostart-service.sh
+Index: VirtualBox-5.1.20/src/VBox/Installer/linux/vboxautostart-service.sh
 ===================================================================
--- VirtualBox-5.1.14.orig/src/VBox/Installer/linux/vboxautostart-service.sh
-+++ VirtualBox-5.1.14/src/VBox/Installer/linux/vboxautostart-service.sh
+--- VirtualBox-5.1.20.orig/src/VBox/Installer/linux/vboxautostart-service.sh
+++ VirtualBox-5.1.20/src/VBox/Installer/linux/vboxautostart-service.sh
@@ -20,7 +20,7 @@
 # Provides:       vboxautostart-service
 # Required-Start: vboxdrv
@ -209,10 +215,10 @@ Index: VirtualBox-5.1.14/src/VBox/Installer/linux/vboxautostart-service.sh
 # Default-Stop:   0 1 6
 # Description:    VirtualBox autostart service
 ### END INIT INFO
-Index: VirtualBox-5.1.14/src/VBox/Installer/linux/vboxballoonctrl-service.sh
+Index: VirtualBox-5.1.20/src/VBox/Installer/linux/vboxballoonctrl-service.sh
 ===================================================================
--- VirtualBox-5.1.14.orig/src/VBox/Installer/linux/vboxballoonctrl-service.sh
-+++ VirtualBox-5.1.14/src/VBox/Installer/linux/vboxballoonctrl-service.sh
+--- VirtualBox-5.1.20.orig/src/VBox/Installer/linux/vboxballoonctrl-service.sh
+++ VirtualBox-5.1.20/src/VBox/Installer/linux/vboxballoonctrl-service.sh
@@ -20,7 +20,7 @@
 # Provides:       vboxballoonctrl-service
 # Required-Start: vboxdrv
@ -222,10 +228,10 @@ Index: VirtualBox-5.1.14/src/VBox/Installer/linux/vboxballoonctrl-service.sh
 # Default-Stop:   0 1 6
 # Description:    VirtualBox watchdog daemon
 ### END INIT INFO
-Index: VirtualBox-5.1.14/src/VBox/ValidationKit/testboxscript/linux/testboxscript-service.sh
+Index: VirtualBox-5.1.20/src/VBox/ValidationKit/testboxscript/linux/testboxscript-service.sh
 ===================================================================
--- VirtualBox-5.1.14.orig/src/VBox/ValidationKit/testboxscript/linux/testboxscript-service.sh
-+++ VirtualBox-5.1.14/src/VBox/ValidationKit/testboxscript/linux/testboxscript-service.sh
+--- VirtualBox-5.1.20.orig/src/VBox/ValidationKit/testboxscript/linux/testboxscript-service.sh
+++ VirtualBox-5.1.20/src/VBox/ValidationKit/testboxscript/linux/testboxscript-service.sh
@@ -31,7 +31,7 @@
 # Provides:       testboxscript-service
 # Required-Start: $network
@ -235,10 +241,10 @@ Index: VirtualBox-5.1.14/src/VBox/ValidationKit/testboxscript/linux/testboxscrip
 # Default-Stop:   0 1 6
 # Description:    TestBoxScript service
 ### END INIT INFO
-Index: VirtualBox-5.1.14/src/VBox/ValidationKit/utils/TestExecServ/linux/vboxtxs-nat.sh
+Index: VirtualBox-5.1.20/src/VBox/ValidationKit/utils/TestExecServ/linux/vboxtxs-nat.sh
 ===================================================================
--- VirtualBox-5.1.14.orig/src/VBox/ValidationKit/utils/TestExecServ/linux/vboxtxs-nat.sh
-+++ VirtualBox-5.1.14/src/VBox/ValidationKit/utils/TestExecServ/linux/vboxtxs-nat.sh
+--- VirtualBox-5.1.20.orig/src/VBox/ValidationKit/utils/TestExecServ/linux/vboxtxs-nat.sh
+++ VirtualBox-5.1.20/src/VBox/ValidationKit/utils/TestExecServ/linux/vboxtxs-nat.sh
@@ -31,7 +31,7 @@
 # Provides:       vboxtxs
 # Required-Start: $network
@ -248,10 +254,10 @@ Index: VirtualBox-5.1.14/src/VBox/ValidationKit/utils/TestExecServ/linux/vboxtxs
 # Default-Stop:   0 1 6
 # Description:    VirtualBox Test Execution Service
 ### END INIT INFO
-Index: VirtualBox-5.1.14/src/VBox/ValidationKit/utils/TestExecServ/linux/vboxtxs.sh
+Index: VirtualBox-5.1.20/src/VBox/ValidationKit/utils/TestExecServ/linux/vboxtxs.sh
 ===================================================================
--- VirtualBox-5.1.14.orig/src/VBox/ValidationKit/utils/TestExecServ/linux/vboxtxs.sh
-+++ VirtualBox-5.1.14/src/VBox/ValidationKit/utils/TestExecServ/linux/vboxtxs.sh
+--- VirtualBox-5.1.20.orig/src/VBox/ValidationKit/utils/TestExecServ/linux/vboxtxs.sh
+++ VirtualBox-5.1.20/src/VBox/ValidationKit/utils/TestExecServ/linux/vboxtxs.sh
@@ -31,7 +31,7 @@
 # Provides:       vboxtxs
 # Required-Start: $network
--- a/virtualbox.changes
+++ b/virtualbox.changes
@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Thu Apr 20 19:51:27 UTC 2017 - Larry.Finger@lwfinger.net
+
+-  Fixes for CVE-2017-3561, CVE-2017-3563, CVE-2017-3576, CVE-2017-3558, CVE-2017-3587
+            CVE-2017-3559, CVE-2017-3575, CVE-2017-3538, CVE-2017-3513
+   Version bump to 5.1.20 (released 2017-04-18 by Oracle)
+
+   This is a maintenance release. The following items were fixed and/or added:
+
+    GUI: don't check if the Extension Pack is up-to-date if the user is about to install a new Extension Pack (bug #16317)
+    GUI: fixed a possible crash when switching a multi-monitor VM into full-screen or seamless mode
+    GUI: several mini-toolbar fixes in full-screen / seamless mode (X11 hosts only)
+    GUI: don't crash on restoring defaults in the appliance import dialog
+    Windows Additions: another fix for automatic logins for Windows Vista and newer (bug #15904)
+    ICH9: fix for Windows guests with a huge amount (>64G) of guest memory
+    BIOS: fixed El Torito hard disk emulation geometry calculation (thanks Dwight Engen) 
+
 -------------------------------------------------------------------
 Sat Apr  8 23:10:36 UTC 2017 - Larry.Finger@lwfinger.net

--- a/virtualbox.spec
+++ b/virtualbox.spec
@ -22,7 +22,7 @@
 %define _vbox_instdir  %{_libexecdir}/virtualbox
 %define _udevrulesdir %{_sysconfdir}/udev/rules.d
 Name:           virtualbox
-Version:        5.1.18
+Version:        5.1.20
 Release:        0
 Summary:        VirtualBox is an Emulator
 License:        GPL-2.0+