From c3b3915a832aed3cbce61c99d2f97938fda4b9d1bb2b8b5ec015aaef74ac95e2 Mon Sep 17 00:00:00 2001 From: Larry Finger Date: Thu, 20 Apr 2017 20:01:58 +0000 Subject: [PATCH] - Fixes for CVE-2017-3561, CVE-2017-3563, CVE-2017-3576, CVE-2017-3558, CVE-2017-3587 CVE-2017-3559, CVE-2017-3575, CVE-2017-3538, CVE-2017-3513 Version bump to 5.1.20 (released 2017-04-18 by Oracle) This is a maintenance release. The following items were fixed and/or added: GUI: don't check if the Extension Pack is up-to-date if the user is about to install a new Extension Pack (bug #16317) GUI: fixed a possible crash when switching a multi-monitor VM into full-screen or seamless mode GUI: several mini-toolbar fixes in full-screen / seamless mode (X11 hosts only) GUI: don't crash on restoring defaults in the appliance import dialog Windows Additions: another fix for automatic logins for Windows Vista and newer (bug #15904) ICH9: fix for Windows guests with a huge amount (>64G) of guest memory BIOS: fixed El Torito hard disk emulation geometry calculation (thanks Dwight Engen) OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=325 --- UserManual.pdf | 4 +- VirtualBox-5.1.18-patched.tar.bz2 | 3 - VirtualBox-5.1.20-patched.tar.bz2 | 3 + vbox-vboxadd-init-script.diff | 186 +++++++++++++++--------------- virtualbox.changes | 17 +++ virtualbox.spec | 2 +- 6 files changed, 119 insertions(+), 96 deletions(-) delete mode 100644 VirtualBox-5.1.18-patched.tar.bz2 create mode 100644 VirtualBox-5.1.20-patched.tar.bz2 diff --git a/UserManual.pdf b/UserManual.pdf index 7080456..433b52d 100644 --- a/UserManual.pdf +++ b/UserManual.pdf @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:1e520c8fd6c7249fc89e39f61c117537fe9e469688af0912c45517c27f9c2255 -size 4363880 +oid sha256:73b685e32fe65b291e5c18a1de27c758c432b3423e1b02aa5184bde7a779b528 +size 4365078 diff --git a/VirtualBox-5.1.18-patched.tar.bz2 b/VirtualBox-5.1.18-patched.tar.bz2 deleted file mode 100644 index f85c6cd..0000000 --- a/VirtualBox-5.1.18-patched.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ac5c5430ab29021b133948b88d8960d39a9a80caae0da927a482d6d8a0ad3acd -size 81031394 diff --git a/VirtualBox-5.1.20-patched.tar.bz2 b/VirtualBox-5.1.20-patched.tar.bz2 new file mode 100644 index 0000000..ae6f5ec --- /dev/null +++ b/VirtualBox-5.1.20-patched.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:eebde919a146c6b028f20b72d74b60bba08e9462e292224063448bed411688ea +size 81111766 diff --git a/vbox-vboxadd-init-script.diff b/vbox-vboxadd-init-script.diff index 023805d..022043f 100644 --- a/vbox-vboxadd-init-script.diff +++ b/vbox-vboxadd-init-script.diff @@ -1,7 +1,7 @@ -Index: VirtualBox-5.1.14/src/VBox/Additions/linux/installer/vboxadd.sh +Index: VirtualBox-5.1.20/src/VBox/Additions/linux/installer/vboxadd.sh =================================================================== ---- VirtualBox-5.1.14.orig/src/VBox/Additions/linux/installer/vboxadd.sh -+++ VirtualBox-5.1.14/src/VBox/Additions/linux/installer/vboxadd.sh +--- VirtualBox-5.1.20.orig/src/VBox/Additions/linux/installer/vboxadd.sh ++++ VirtualBox-5.1.20/src/VBox/Additions/linux/installer/vboxadd.sh @@ -23,9 +23,12 @@ # Provides: vboxadd # Required-Start: @@ -16,7 +16,7 @@ Index: VirtualBox-5.1.14/src/VBox/Additions/linux/installer/vboxadd.sh ### END INIT INFO ## @todo This file duplicates a lot of script with vboxdrv.sh. When making -@@ -94,7 +97,6 @@ fail() +@@ -108,7 +111,6 @@ fail() dev=/dev/vboxguest userdev=/dev/vboxuser @@ -24,7 +24,7 @@ Index: VirtualBox-5.1.14/src/VBox/Additions/linux/installer/vboxadd.sh owner=vboxadd group=1 -@@ -140,12 +142,6 @@ do_vboxguest_non_udev() +@@ -162,12 +164,6 @@ do_vboxguest_non_udev() fail "Cannot create device $dev with major $maj and minor $min" } fi @@ -37,7 +37,7 @@ Index: VirtualBox-5.1.14/src/VBox/Additions/linux/installer/vboxadd.sh if [ ! -c $userdev ]; then maj=10 -@@ -156,12 +152,6 @@ do_vboxguest_non_udev() +@@ -178,12 +174,6 @@ do_vboxguest_non_udev() rmmod vboxguest 2>/dev/null fail "Cannot create device $userdev with major $maj and minor $min" } @@ -50,31 +50,29 @@ Index: VirtualBox-5.1.14/src/VBox/Additions/linux/installer/vboxadd.sh fi fi } -@@ -171,13 +161,6 @@ start() +@@ -193,9 +183,8 @@ start() begin "Starting the VirtualBox Guest Additions" console; # If we got this far assume that the slow set-up has been done. QUICKSETUP=yes -- if test -r $config; then -- . $config -- else -- fail "Configuration file $config not found" -- fi -- test -n "$INSTALL_DIR" -a -n "$INSTALL_VER" || -- fail "Configuration file $config not complete" - uname -r | grep -q -E '^2\.6|^3|^4' 2>/dev/null && - ps -A -o comm | grep -q '/*udevd$' 2>/dev/null || - no_udev=1 -@@ -193,7 +176,7 @@ start() - $MODPROBE vboxguest >/dev/null 2>&1 || { - setup +- if test -z "${INSTALL_NO_MODULE_BUILDS}"; then +- uname -r | grep -q -E '^2\.6|^3|^4' 2>/dev/null && +- ps -A -o comm | grep -q '/*udevd$' 2>/dev/null || ++ uname -r | grep -q -E '^2\.6|^3|^4' 2>/dev/null && ++ ps -A -o comm | grep -q '/*udevd$' 2>/dev/null || + no_udev=1 + running_vboxguest || { + rm -f $dev || { +@@ -209,7 +198,7 @@ start() $MODPROBE vboxguest >/dev/null 2>&1 || { -- /sbin/rcvboxadd-x11 cleanup -+ #/sbin/rcvboxadd-x11 cleanup - fail "modprobe vboxguest failed" + setup + $MODPROBE vboxguest >/dev/null 2>&1 || { +- ${INSTALL_DIR}/init/vboxadd-x11 cleanup ++ ${INSTALL_DIR}#/init/vboxadd-x11 cleanup + fail "modprobe vboxguest failed" + } } - } -@@ -217,14 +200,14 @@ start() - } +@@ -234,14 +223,14 @@ start() + fi # INSTALL_NO_MODULE_BUILDS # Put the X.Org driver in place. This is harmless if it is not needed. - /sbin/rcvboxadd-x11 setup @@ -91,7 +89,7 @@ Index: VirtualBox-5.1.14/src/VBox/Additions/linux/installer/vboxadd.sh # SELinux for the OpenGL libraries, so that gdm can load them during the # acceleration support check. This prevents an "Oh no, something has gone # wrong!" error when starting EL7 guests. -@@ -237,6 +220,15 @@ start() +@@ -254,6 +243,15 @@ start() chcon -h -t lib_t "/var/lib/VBoxGuestAdditions/lib/libEGL.so.1" fi echo "/var/lib/VBoxGuestAdditions/lib" > /etc/ld.so.conf.d/00vboxvideo.conf @@ -107,27 +105,38 @@ Index: VirtualBox-5.1.14/src/VBox/Additions/linux/installer/vboxadd.sh fi ldconfig -@@ -382,7 +374,7 @@ extra_setup() - ln -sf "$lib_path/$PACKAGE/mount.vboxsf" /sbin - # And an rc file to re-build the kernel modules and re-set-up the X server. - ln -sf "$lib_path/$PACKAGE/vboxadd" /sbin/rcvboxadd -- ln -sf "$lib_path/$PACKAGE/vboxadd-x11" /sbin/rcvboxadd-x11 +@@ -394,9 +392,9 @@ create_udev_rule() + echo "KERNEL=${udev_fix}\"vboxuser\", NAME=\"vboxuser\", OWNER=\"vboxadd\", MODE=\"0666\"" >> /etc/udev/rules.d/60-vboxadd.rules + fi + } +- +-create_module_rebuild_script() +-{ ++ # And an rc file to re-build the kernel modules and re-set-up the X server. ++ ln -sf "$lib_path/$PACKAGE/vboxadd" /sbin/rcvboxadd + #ln -sf "$lib_path/$PACKAGE/vboxadd-x11" /sbin/rcvboxadd-x11 # And a post-installation script for rebuilding modules when a new kernel # is installed. mkdir -p /etc/kernel/postinst.d /etc/kernel/prerm.d -@@ -415,49 +407,13 @@ EOF +@@ -427,47 +425,18 @@ shared_folder_setup() + ## @todo It would be nicer if the kernel module just parsed parameters + # itself instead of needing a separate binary to do that. + ln -sf "${INSTALL_DIR}/other/mount.vboxsf" /sbin +- # SELinux security context for the mount helper. +- if test -e /etc/selinux/config; then +- # This is correct. semanage maps this to the real path, and it aborts +- # with an error, telling you what you should have typed, if you specify +- # the real path. The "chcon" is there as a back-up for old guests. +- command -v semanage > /dev/null && +- semanage fcontext -a -t mount_exec_t "/usr/lib/$PACKAGE/mount.vboxsf" +- chcon -t mount_exec_t "$lib_path/$PACKAGE/mount.vboxsf" +- fi +- succ_msg +-} +- # setup_script setup() { -- begin "Building Guest Additions kernel modules" console -- if test -r $config; then -- . $config -- else -- fail "Configuration file $config not found" -- fi -- test -n "$INSTALL_DIR" -a -n "$INSTALL_VER" || -- fail "Configuration file $config not complete" - export BUILD_TYPE - export USERNAME - @@ -136,20 +145,16 @@ Index: VirtualBox-5.1.14/src/VBox/Additions/linux/installer/vboxadd.sh - BUILDINTMP="$MODULE_SRC/build_in_tmp" - chcon -t bin_t "$BUILDINTMP" > /dev/null 2>&1 - -- if setup_modules; then -- mod_succ=0 -- else -- mod_succ=1 -- show_error "Please check that you have gcc, make, the header files for your Linux kernel and possibly perl installed." +- test -z "${INSTALL_NO_MODULE_BUILDS}" && setup_modules +- create_vbox_user +- create_udev_rule +- test -z "${INSTALL_NO_MODULE_BUILDS}" && create_module_rebuild_script +- test -n "${QUICKSETUP}" && return 0 +- shared_folder_setup +- if running_vboxguest || running_vboxadd; then +- begin "Running kernel modules will not be replaced until the system is restarted" - fi -- test -n "${QUICKSETUP}" && return "${mod_succ}" -- extra_setup -- if [ "$mod_succ" -eq "0" ]; then -- if running_vboxguest || running_vboxadd; then -- begin "You should restart your guest to make sure the new modules are actually used" console -- fi -- fi -- return "${mod_succ}" +- return 0 + begin "Recompiling VirtualBox kernel module, NOT. It has been packaged." + succ_msg } @@ -157,36 +162,37 @@ Index: VirtualBox-5.1.14/src/VBox/Additions/linux/installer/vboxadd.sh # cleanup_script cleanup() { -- if test -r $config; then -- . $config -- test -n "$INSTALL_DIR" -a -n "$INSTALL_VER" || -- fail "Configuration file $config not complete" -- else -- fail "Configuration file $config not found" -- fi -- - # Delete old versions of VBox modules. - cleanup_modules - depmod -@@ -468,12 +424,12 @@ cleanup() - done +- if test -z "${INSTALL_NO_MODULE_BUILDS}"; then +- # Delete old versions of VBox modules. +- cleanup_modules ++ # Delete old versions of VBox modules. ++ cleanup_modules + depmod + + # Remove old module sources +@@ -477,13 +446,14 @@ cleanup() + fi # Clean-up X11-related bits -- /sbin/rcvboxadd-x11 cleanup +- ${INSTALL_DIR}/init/vboxadd-x11 cleanup + #/sbin/rcvboxadd-x11 cleanup # Remove other files rm /sbin/mount.vboxsf 2>/dev/null - rm /sbin/rcvboxadd 2>/dev/null -- rm /sbin/rcvboxadd-x11 2>/dev/null +- if test -z "${INSTALL_NO_MODULE_BUILDS}"; then +- rm -f /etc/kernel/postinst.d/vboxadd /etc/kernel/prerm.d/vboxadd +- rmdir -p /etc/kernel/postinst.d /etc/kernel/prerm.d 2>/dev/null ++ rm /sbin/rcvboxadd 2>/dev/null + #rm /sbin/rcvboxadd-x11 2>/dev/null - rm -f /etc/kernel/postinst.d/vboxadd /etc/kernel/prerm.d/vboxadd - rmdir -p /etc/kernel/postinst.d /etc/kernel/prerm.d 2>/dev/null ++ rm -f /etc/kernel/postinst.d/vboxadd /etc/kernel/prerm.d/vboxadd ++ rmdir -p /etc/kernel/postinst.d /etc/kernel/prerm.d 2>/dev/null + fi rm /etc/udev/rules.d/60-vboxadd.rules 2>/dev/null -Index: VirtualBox-5.1.14/src/VBox/Additions/linux/installer/vboxadd-service.sh + } +Index: VirtualBox-5.1.20/src/VBox/Additions/linux/installer/vboxadd-service.sh =================================================================== ---- VirtualBox-5.1.14.orig/src/VBox/Additions/linux/installer/vboxadd-service.sh -+++ VirtualBox-5.1.14/src/VBox/Additions/linux/installer/vboxadd-service.sh +--- VirtualBox-5.1.20.orig/src/VBox/Additions/linux/installer/vboxadd-service.sh ++++ VirtualBox-5.1.20/src/VBox/Additions/linux/installer/vboxadd-service.sh @@ -20,7 +20,7 @@ # Provides: vboxadd-service # Required-Start: vboxadd @@ -196,10 +202,10 @@ Index: VirtualBox-5.1.14/src/VBox/Additions/linux/installer/vboxadd-service.sh # Default-Stop: 0 1 6 # Description: VirtualBox Additions Service ### END INIT INFO -Index: VirtualBox-5.1.14/src/VBox/Installer/linux/vboxautostart-service.sh +Index: VirtualBox-5.1.20/src/VBox/Installer/linux/vboxautostart-service.sh =================================================================== ---- VirtualBox-5.1.14.orig/src/VBox/Installer/linux/vboxautostart-service.sh -+++ VirtualBox-5.1.14/src/VBox/Installer/linux/vboxautostart-service.sh +--- VirtualBox-5.1.20.orig/src/VBox/Installer/linux/vboxautostart-service.sh ++++ VirtualBox-5.1.20/src/VBox/Installer/linux/vboxautostart-service.sh @@ -20,7 +20,7 @@ # Provides: vboxautostart-service # Required-Start: vboxdrv @@ -209,10 +215,10 @@ Index: VirtualBox-5.1.14/src/VBox/Installer/linux/vboxautostart-service.sh # Default-Stop: 0 1 6 # Description: VirtualBox autostart service ### END INIT INFO -Index: VirtualBox-5.1.14/src/VBox/Installer/linux/vboxballoonctrl-service.sh +Index: VirtualBox-5.1.20/src/VBox/Installer/linux/vboxballoonctrl-service.sh =================================================================== ---- VirtualBox-5.1.14.orig/src/VBox/Installer/linux/vboxballoonctrl-service.sh -+++ VirtualBox-5.1.14/src/VBox/Installer/linux/vboxballoonctrl-service.sh +--- VirtualBox-5.1.20.orig/src/VBox/Installer/linux/vboxballoonctrl-service.sh ++++ VirtualBox-5.1.20/src/VBox/Installer/linux/vboxballoonctrl-service.sh @@ -20,7 +20,7 @@ # Provides: vboxballoonctrl-service # Required-Start: vboxdrv @@ -222,10 +228,10 @@ Index: VirtualBox-5.1.14/src/VBox/Installer/linux/vboxballoonctrl-service.sh # Default-Stop: 0 1 6 # Description: VirtualBox watchdog daemon ### END INIT INFO -Index: VirtualBox-5.1.14/src/VBox/ValidationKit/testboxscript/linux/testboxscript-service.sh +Index: VirtualBox-5.1.20/src/VBox/ValidationKit/testboxscript/linux/testboxscript-service.sh =================================================================== ---- VirtualBox-5.1.14.orig/src/VBox/ValidationKit/testboxscript/linux/testboxscript-service.sh -+++ VirtualBox-5.1.14/src/VBox/ValidationKit/testboxscript/linux/testboxscript-service.sh +--- VirtualBox-5.1.20.orig/src/VBox/ValidationKit/testboxscript/linux/testboxscript-service.sh ++++ VirtualBox-5.1.20/src/VBox/ValidationKit/testboxscript/linux/testboxscript-service.sh @@ -31,7 +31,7 @@ # Provides: testboxscript-service # Required-Start: $network @@ -235,10 +241,10 @@ Index: VirtualBox-5.1.14/src/VBox/ValidationKit/testboxscript/linux/testboxscrip # Default-Stop: 0 1 6 # Description: TestBoxScript service ### END INIT INFO -Index: VirtualBox-5.1.14/src/VBox/ValidationKit/utils/TestExecServ/linux/vboxtxs-nat.sh +Index: VirtualBox-5.1.20/src/VBox/ValidationKit/utils/TestExecServ/linux/vboxtxs-nat.sh =================================================================== ---- VirtualBox-5.1.14.orig/src/VBox/ValidationKit/utils/TestExecServ/linux/vboxtxs-nat.sh -+++ VirtualBox-5.1.14/src/VBox/ValidationKit/utils/TestExecServ/linux/vboxtxs-nat.sh +--- VirtualBox-5.1.20.orig/src/VBox/ValidationKit/utils/TestExecServ/linux/vboxtxs-nat.sh ++++ VirtualBox-5.1.20/src/VBox/ValidationKit/utils/TestExecServ/linux/vboxtxs-nat.sh @@ -31,7 +31,7 @@ # Provides: vboxtxs # Required-Start: $network @@ -248,10 +254,10 @@ Index: VirtualBox-5.1.14/src/VBox/ValidationKit/utils/TestExecServ/linux/vboxtxs # Default-Stop: 0 1 6 # Description: VirtualBox Test Execution Service ### END INIT INFO -Index: VirtualBox-5.1.14/src/VBox/ValidationKit/utils/TestExecServ/linux/vboxtxs.sh +Index: VirtualBox-5.1.20/src/VBox/ValidationKit/utils/TestExecServ/linux/vboxtxs.sh =================================================================== ---- VirtualBox-5.1.14.orig/src/VBox/ValidationKit/utils/TestExecServ/linux/vboxtxs.sh -+++ VirtualBox-5.1.14/src/VBox/ValidationKit/utils/TestExecServ/linux/vboxtxs.sh +--- VirtualBox-5.1.20.orig/src/VBox/ValidationKit/utils/TestExecServ/linux/vboxtxs.sh ++++ VirtualBox-5.1.20/src/VBox/ValidationKit/utils/TestExecServ/linux/vboxtxs.sh @@ -31,7 +31,7 @@ # Provides: vboxtxs # Required-Start: $network diff --git a/virtualbox.changes b/virtualbox.changes index 10c01b5..d16da80 100644 --- a/virtualbox.changes +++ b/virtualbox.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Thu Apr 20 19:51:27 UTC 2017 - Larry.Finger@lwfinger.net + +- Fixes for CVE-2017-3561, CVE-2017-3563, CVE-2017-3576, CVE-2017-3558, CVE-2017-3587 + CVE-2017-3559, CVE-2017-3575, CVE-2017-3538, CVE-2017-3513 + Version bump to 5.1.20 (released 2017-04-18 by Oracle) + + This is a maintenance release. The following items were fixed and/or added: + + GUI: don't check if the Extension Pack is up-to-date if the user is about to install a new Extension Pack (bug #16317) + GUI: fixed a possible crash when switching a multi-monitor VM into full-screen or seamless mode + GUI: several mini-toolbar fixes in full-screen / seamless mode (X11 hosts only) + GUI: don't crash on restoring defaults in the appliance import dialog + Windows Additions: another fix for automatic logins for Windows Vista and newer (bug #15904) + ICH9: fix for Windows guests with a huge amount (>64G) of guest memory + BIOS: fixed El Torito hard disk emulation geometry calculation (thanks Dwight Engen) + ------------------------------------------------------------------- Sat Apr 8 23:10:36 UTC 2017 - Larry.Finger@lwfinger.net diff --git a/virtualbox.spec b/virtualbox.spec index 5d0fa41..37cabd0 100644 --- a/virtualbox.spec +++ b/virtualbox.spec @@ -22,7 +22,7 @@ %define _vbox_instdir %{_libexecdir}/virtualbox %define _udevrulesdir %{_sysconfdir}/udev/rules.d Name: virtualbox -Version: 5.1.18 +Version: 5.1.20 Release: 0 Summary: VirtualBox is an Emulator License: GPL-2.0+