Accepting request 110919 from Virtualization

use pie/fPIE for setuid binaries (vbox-fpie.diff) (bnc#743143), added websrv subpackage

OBS-URL: https://build.opensuse.org/request/show/110919
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/virtualbox?expand=0&rev=47
This commit is contained in:
Stephan Kulow 2012-03-26 12:02:37 +00:00 committed by Git OBS Bridge
commit cc2ce59db2
6 changed files with 201 additions and 45 deletions

20
vbox-fpie.diff Normal file
View File

@ -0,0 +1,20 @@
Index: VirtualBox-4.1.8_OSE/Config.kmk
===================================================================
--- VirtualBox-4.1.8_OSE.orig/Config.kmk
+++ VirtualBox-4.1.8_OSE/Config.kmk
@@ -3368,10 +3368,13 @@ TEMPLATE_VBOXR3HARDENEDEXE_LDFLAGS.darwi
ifeq ($(KBUILD_TARGET),linux)
# not necessary except USE_LIB_PCAP is defined in SUPR3HardenedMain.cpp
# TEMPLATE_VBOXR3HARDENEDEXE_LIBS += cap
+ TEMPLATE_VBOXR3HARDENEDEXE_CXXFLAGS.linux = $(TEMPLATE_VBOXR3EXE_CXXFLAGS.linux) -fPIE
+ TEMPLATE_VBOXR3HARDENEDEXE_CFLAGS.linux = $(TEMPLATE_VBOXR3EXE_CFLAGS.linux) -fPIE
+ TEMPLATE_VBOXR3HARDENEDEXE_LDFLAGS.linux = $(TEMPLATE_VBOXR3EXE_LDFLAGS.linux) -pie
endif
ifn1of ($(KBUILD_TARGET), win os2)
- TEMPLATE_VBOXR3HARDENEDEXE_LDFLAGS = $(filter-out '$(VBOX_GCC_RPATH_OPT)%,$(TEMPLATE_VBOXR3EXE_LDFLAGS))
- TEMPLATE_VBOXR3HARDENEDEXE_LDFLAGS.linux = $(filter-out $(VBOX_GCC_ORIGIN_OPT),$(TEMPLATE_VBOXR3EXE_LDFLAGS.linux))
+ TEMPLATE_VBOXR3HARDENEDEXE_LDFLAGS = $(filter-out '$(VBOX_GCC_RPATH_OPT)%,$(TEMPLATE_VBOXR3EXE_LDFLAGS)) -pie
+ TEMPLATE_VBOXR3HARDENEDEXE_LDFLAGS.linux = $(filter-out $(VBOX_GCC_ORIGIN_OPT),$(TEMPLATE_VBOXR3EXE_LDFLAGS.linux)) -pie
endif
#

View File

@ -2,15 +2,6 @@ Index: src/VBox/Installer/linux/vboxdrv.sh.in
===================================================================
--- src/VBox/Installer/linux/vboxdrv.sh.in.orig
+++ src/VBox/Installer/linux/vboxdrv.sh.in
@@ -3,7 +3,7 @@
# Linux kernel module init script
#
-# Copyright (C) 2006-2010 Oracle Corporation
+# Copyright (C) 2007-2010 Oracle Corporation
#
# This file is part of VirtualBox Open Source Edition (OSE), as
# available from http://www.virtualbox.org. This file is free software;
@@ -19,11 +19,12 @@
#
### BEGIN INIT INFO
@ -27,15 +18,6 @@ Index: src/VBox/Installer/linux/vboxdrv.sh.in
### END INIT INFO
PATH=/sbin:/bin:/usr/sbin:/usr/bin:$PATH
@@ -58,7 +59,7 @@ fi
# silently exit if the package was uninstalled but not purged,
# applies to Debian packages only
-[ -z "$DEBIAN" -o -x $VBOXMANAGE -a -x $BUILDVBOXDRV ] || exit 0
+[ -z "$DEBIAN" -o -x $VBOXMANAGE -a -x $BUILDVBOXDRV ] || exit 1
if [ -n "$NOLSB" ]; then
if [ -f /etc/redhat-release ]; then
@@ -195,13 +196,6 @@ start()
fi
fi

View File

@ -0,0 +1,22 @@
Index: VirtualBox-4.1.8_OSE/src/VBox/Installer/linux/vboxweb-service.sh.in
===================================================================
--- VirtualBox-4.1.8_OSE.orig/src/VBox/Installer/linux/vboxweb-service.sh.in
+++ VirtualBox-4.1.8_OSE/src/VBox/Installer/linux/vboxweb-service.sh.in
@@ -20,7 +20,7 @@
# Provides: vboxweb-service
# Required-Start: vboxdrv
# Required-Stop: vboxdrv
-# Default-Start: 2 3 4 5
+# Default-Start: 2 3 5
# Default-Stop: 0 1 6
# Description: VirtualBox web service API
### END INIT INFO
@@ -50,7 +50,7 @@ if [ -f /etc/redhat-release ]; then
PIDFILE="/var/lock/subsys/vboxweb-service"
elif [ -f /etc/SuSE-release ]; then
system=suse
- PIDFILE="/var/lock/subsys/vboxweb-service"
+ PIDFILE="/var/run/vboxweb-service"
elif [ -f /etc/debian_version ]; then
system=debian
PIDFILE="/var/run/vboxweb-service"

39
vbox-visibility.diff Normal file
View File

@ -0,0 +1,39 @@
Index: VirtualBox-4.1.8_OSE/src/VBox/Main/webservice/Makefile.kmk
===================================================================
--- VirtualBox-4.1.8_OSE.orig/src/VBox/Main/webservice/Makefile.kmk
+++ VirtualBox-4.1.8_OSE/src/VBox/Main/webservice/Makefile.kmk
@@ -194,7 +194,8 @@ ifdef VBOX_GSOAP_INSTALLED
# vboxsoap - Library used by both the programs (save build time).
#
LIBRARIES += vboxsoap
- vboxsoap_TEMPLATE = VBOXR3EXE
+ vboxsoap_TEMPLATE = VBOXVISIBILITY
+
ifdef VBOX_USE_VCC80
vboxsoap_CXXFLAGS.win += -bigobj
endif
@@ -410,7 +411,7 @@ $$(VBOX_JWSSRC_JAR): $$(VBOX_JWS_JAR) |
# webtest - webservice sample client in C++
#
PROGRAMS += webtest
- webtest_TEMPLATE = VBOXR3EXE
+ webtest_TEMPLATE = VBOXVISIBILITY
ifdef VBOX_USE_VCC80
webtest_CXXFLAGS.win += -bigobj
endif
Index: VirtualBox-4.1.8_OSE/Config.kmk
===================================================================
--- VirtualBox-4.1.8_OSE.orig/Config.kmk
+++ VirtualBox-4.1.8_OSE/Config.kmk
@@ -3211,6 +3211,11 @@ TEMPLATE_VBOXR3EXE_CXXFLAGS.kprofile =
endif
endif
+#enable visibility
+TEMPLATE_VBOXVISIBILITY = ommit -fvisibility=hidden flag
+TEMPLATE_VBOXVISIBILITY_EXTENDS = VBOXR3EXE
+TEMPLATE_VBOXVISIBILITY_CXXFLAGS = $(filter-out $(VBOX_GCC_fvisibility-hidden),$(TEMPLATE_VBOXR3EXE_CXXFLAGS))
+
#
# Template for building R3 shared objects / DLLs.
# This is mostly identical to the VBOXR3EXE template. (Avoid PIC if possible!)

View File

@ -1,3 +1,16 @@
-------------------------------------------------------------------
Sun Mar 18 08:18:34 UTC 2012 - mseben@gmail.com
- use pie/fPIE for setuid binaries (vbox-fpie.diff) (bnc#743143)
- clean up virtualbox-60-vboxdrv.rules and use fillup_only for vbox sysconfig file
- added vbox-vboxweb-init-script.diff to use proper pid file and runlevels in vboxweb initscript
-------------------------------------------------------------------
Wed Mar 14 20:45:06 UTC 2012 - mseben@gmail.com
- enabled websrv feature, this feature is now provided by new subpackage virtualbox-websrv
- added vbox-visibility.diff to fix websrv build (ommit -fvisibility=hidden gcc flag for gsoap related builds)
-------------------------------------------------------------------
Thu Mar 8 15:16:01 UTC 2012 - idonmez@suse.com

View File

@ -29,6 +29,11 @@ BuildRequires: hal-devel
%if %suse_version >= 1210
BuildRequires: glibc-devel-static
%endif
#gsoap and java needed for building webservice
BuildRequires: gsoap-devel
BuildRequires: libgsoap-devel
BuildRequires: java-1_6_0-openjdk-devel
#
BuildRequires: LibVNCServer-devel
BuildRequires: SDL-devel
BuildRequires: bin86
@ -99,9 +104,10 @@ Source12: %{name}-vboxes
Source13: %{name}-sysconfig.vbox
Source98: %{name}-%{version}-rpmlintrc
Source99: %{name}-patch-source.sh
#rework init script
#rework init scripts to fit suse needs
Patch1: vbox-vboxdrv-init-script.diff
Patch2: vbox-vboxadd-init-script.diff
Patch3: vbox-vboxweb-init-script.diff
#fix return values which trigger post build checks and coused build error - should goes to upstream
Patch4: vbox-ret-in-nonvoid-fnc.diff
#fix/enable config (rpath, docs, VNC)
@ -113,6 +119,8 @@ Patch5: vbox-config.diff
Patch6: vbox-smc-napa.diff
#fix build of Python and dev package on openSUSE 11.3
Patch8: vbox-python-detection.diff
#fix build: we have to ommit gcc flag -fvisibility=hidden for soap related sources
Patch9: vbox-visibility.diff
#PATCH-FIX-OPENSUSE implement messagebox (VBoxPermissionMessage app), which is displayed, when user
#try to start VirtualBox and is not memeber of vboxusers group
Patch99: vbox-permissions_warning.diff
@ -123,6 +131,8 @@ Patch101: vbox-default-os-type.diff
Patch102: kernel-3.3.patch
#disable update in vbox gui
Patch103: vbox-disable-updates.diff
#use pie/fPIE for setuid binaries (bnc#743143)
Patch104: vbox-fpie.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: pwdutils permissions
Requires: %{name}-host-kmp = %version
@ -156,6 +166,15 @@ PreReq: permissions
%description qt
Qt GUI part for %{name}.
#########################################
%package websrv
Summary: WebService GUI part for %{name}
Group: System/Emulators/PC
Requires: %{name} = %{version}
Provides: %{name}-gui = %{version}
%description websrv
websrv GUI part for %{name}.
#########################################
%package host-KMP
Summary: Host kernel module for VirtualBox
Group: System/Emulators/PC
@ -227,15 +246,18 @@ Development file for %{name}
%setup -q -n VirtualBox-%{version}_OSE
%patch1
%patch2
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch8 -p1
%patch9 -p1
%patch99 -p1
%patch100
%patch101
%patch102 -p1
%patch103
%patch104 -p1
#copy user manual
%__cp %{S:1} ./UserManual.pdf
@ -249,7 +271,8 @@ rm -rf src/libs/{libpng-*,libxml2-*,libxslt-*,zlib-*,boost-*}
--disable-kmods \
--disable-java \
--disable-docs \
--nofatal
--nofatal \
--enable-webservice
# configure actually warns we should source env.sh (which seems like it could influence the build...)
source env.sh
@ -258,7 +281,7 @@ source env.sh
# VBOX_PATH_PACKAGE_DOCS set propper path for link to pdf in .desktop file
# VBOX_WITH_REGISTRATION_REQUEST= VBOX_WITH_UPDATE_REQUEST= just disable some functionality in gui
echo "build basic parts"
/usr/bin/kmk %{?_smp_mflags} VBOX_GCC_WERR= KBUILD_VERBOSE=2 VBOX_WITH_REGISTRATION_REQUEST= VBOX_WITH_UPDATE_REQUEST= TOOL_YASM_AS=yasm VBOX_PATH_PACKAGE_DOCS=/usr/share/doc/packages/virtualbox all
/usr/bin/kmk %{?_smp_mfalgs} VBOX_JAVA_HOME=/usr/%{_lib}/jvm/java-1.6.0-openjdk-1.6.0/ VBOX_GCC_WERR= KBUILD_VERBOSE=2 VBOX_WITH_REGISTRATION_REQUEST= VBOX_WITH_UPDATE_REQUEST= TOOL_YASM_AS=yasm VBOX_PATH_PACKAGE_DOCS=/usr/share/doc/packages/virtualbox all
#
# build kernel modules for guest and host (check novel-kmp package as example)
# host modules : vboxdrv,vboxnetflt,vboxnetadp
@ -419,65 +442,67 @@ echo "entering virtualbox(-qt) install section"
pushd out/linux.*/release/bin
%__install -m 755 VBoxManage %{buildroot}%{_vbox_instdir}
%__install -m 755 VBoxHeadless %{buildroot}%{_vbox_instdir}
%__install -m 755 VBoxSDL %{buildroot}%{_vbox_instdir}
%__install -m 755 VBoxSDL %{buildroot}%{_vbox_instdir}
%__install -m 755 VBoxTunctl %{buildroot}%{_vbox_instdir}
# create links to vbox tools in PATH - they could be usefull for controlling vbox from command line
%__ln_s %{_vbox_instdir}/VBoxManage %{buildroot}%{_bindir}/VBoxManage
%__ln_s %{_vbox_instdir}/VBoxHeadless \
%{buildroot}%{_bindir}/VBoxHeadless
%{buildroot}%{_bindir}/VBoxHeadless
%__ln_s %{_vbox_instdir}/VBoxSDL %{buildroot}%{_bindir}/VBoxSDL
%__ln_s %{_vbox_instdir}/VBoxTunctl %{buildroot}%{_bindir}/VBoxTunctl
%__install -m 755 VBoxSVC %{buildroot}%{_vbox_instdir}
%__install -m 755 VBoxSVC %{buildroot}%{_vbox_instdir}
%__install -m 755 VBoxXPCOMIPCD %{buildroot}%{_vbox_instdir}
%__install -m 755 VBoxExtPackHelperApp %{buildroot}%{_vbox_instdir}
%__install -m 755 VBoxTestOGL %{buildroot}%{_vbox_instdir}
%__install -m 755 VBoxPermissionMessage \
%{buildroot}%{_vbox_instdir}
%{buildroot}%{_vbox_instdir}
%__install -m 755 VBoxNetDHCP %{buildroot}%{_vbox_instdir}
%__install -m 755 VBoxNetAdpCtl %{buildroot}%{_vbox_instdir}
%__install -m 755 VBoxBFE %{buildroot}%{_vbox_instdir}
%__install -m 755 VBoxBFE %{buildroot}%{_vbox_instdir}
%__install -m 755 VirtualBox %{buildroot}%{_vbox_instdir}
%__install -m 755 VBoxEFI*.fd %{buildroot}%{_vbox_instdir}
%__install -m 755 VBoxSysInfo.sh %{buildroot}%{_vbox_instdir}
%__install -m 755 *.so %{buildroot}%{_vbox_instdir}
%__install -m 644 V*.gc %{buildroot}%{_vbox_instdir}
%__install -m 644 *.r0 %{buildroot}%{_vbox_instdir}
%__install -m 755 VBoxSysInfo.sh %{buildroot}%{_vbox_instdir}
%__install -m 755 *.so %{buildroot}%{_vbox_instdir}
%__install -m 644 V*.gc %{buildroot}%{_vbox_instdir}
%__install -m 644 *.r0 %{buildroot}%{_vbox_instdir}
%__install -m 644 components/* %{buildroot}%{_vbox_instdir}/components/
# install languages
%__install -m 644 nls/* %{buildroot}%{_datadir}/virtualbox/nls/
%__install -m 644 nls/* %{buildroot}%{_datadir}/virtualbox/nls/
popd
# the build process tells us the desktop file is missing a semicolon...(repackage?)
#%__sed 's/^MimeType.*[^;]$/&;/' out/linux.*/release/bin/virtualbox.desktop > %{_tmppath}/virtualbox.desktop
#%__sed 's/Icon=VBox/Icon=VBox.png/' out/linux.*/release/bin/virtualbox.desktop > %{_tmppath}/virtualbox.desktop
# install desktop file
#%__install -m 644 %{_tmppath}/virtualbox.desktop %{buildroot}%{_datadir}/applications/%{name}.desktop
%__install -m 644 out/linux.*/release/bin/virtualbox.desktop %{buildroot}%{_datadir}/applications/%{name}.desktop
%suse_update_desktop_file %{buildroot}%{_datadir}/applications/%{name}.desktop 'System Emulator'
# create a menu entry
%__install -m 644 out/linux.*/release/bin/VBox.png \
%{buildroot}%{_datadir}/pixmaps/virtualbox.png
%{buildroot}%{_datadir}/pixmaps/virtualbox.png
# install udev rule for host (virtualbox)
%__install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/udev/rules.d/60-vboxdrv.rules
# install config with session shutdown defs
%__install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/default/virtualbox
#install wrapper script
%__install -m 644 %{S:9} %{buildroot}%{_bindir}/VirtualBox
%__install -m 644 %{S:9} %{buildroot}%{_bindir}/VirtualBox
# modify and install the vboxdrv init script
# TODO: some of this stuff breaks the fillup macros below?
%__sed -i "s|%NOLSB%|yes|g;s|%DEBIAN%||g;s|%PACKAGE%|virtualbox|g" src/VBox/Installer/linux/vboxdrv.sh.in
%__install -m 744 src/VBox/Installer/linux/vboxdrv.sh.in \
%{buildroot}%{_sysconfdir}/init.d/vboxdrv
%{buildroot}%{_sysconfdir}/init.d/vboxdrv
%__ln_s %{_sysconfdir}/init.d/vboxdrv \
%{buildroot}%{_sbindir}/rcvboxdrv
%{buildroot}%{_sbindir}/rcvboxdrv
# Init script to start virtual boxes during boot
%__install -m 755 %{S:12} %{buildroot}%{_sysconfdir}/init.d/vboxes
%__install -m 755 %{S:12} %{buildroot}%{_sysconfdir}/init.d/vboxes
%__ln_s %{_sysconfdir}/init.d/vboxes \
%{buildroot}%{_sbindir}/rcvboxes
%__install -d -m 755 %{buildroot}%{_var}/adm/fillup-templates
install -m 700 %{S:13} %{buildroot}%{_var}/adm/fillup-templates/sysconfig.vbox
%{buildroot}%{_sbindir}/rcvboxes
# sysconfig file intended for vboxes script
%__install -d -m 755 %{buildroot}%{_var}/adm/fillup-templates
install -m 700 %{S:13} %{buildroot}%{_var}/adm/fillup-templates/sysconfig.vbox
# config file for vboxdrv script and vboxweb
%__install -d -m 755 %{buildroot}%{_sysconfdir}/vbox
echo -e "#settings for vboxwebsrn\nVBOXWEB_USER=root" > \
%{buildroot}%{_sysconfdir}/vbox/vbox.cfg
######################################################
echo "entrering python-virtualbox install section"
@ -503,6 +528,21 @@ popd
%__cp out/linux.*/release/bin/sdk/bindings/VirtualBox.xidl %{buildroot}%{_vbox_instdir}/sdk/bindings
######################################################
echo "entering virtualbox-websrv install section"
######################################################
pushd out/linux.*/release/bin
%__install -m 755 vboxwebsrv %{buildroot}%{_vbox_instdir}
%__install -m 755 webtest %{buildroot}%{_vbox_instdir}
popd
%__sed -i "s|%NOLSB%|yes|g;s|%DEBIAN%||g;s|%PACKAGE%|virtualbox|g" \
src/VBox/Installer/linux/vboxweb-service.sh.in
%__install -m 744 src/VBox/Installer/linux/vboxweb-service.sh.in \
%{buildroot}%{_sysconfdir}/init.d/vboxweb-service
%__ln_s %{_sysconfdir}/init.d/vboxweb-service \
%{buildroot}%{_sbindir}/rcvboxweb-service
#
######################################################
# run fdupes
######################################################
@ -511,14 +551,26 @@ popd
#also some translation files are duplicated
%fdupes %{buildroot}/%{_datadir}/virtualbox/nls
#
#
######################################################
# scriptlets - pre
######################################################
%pre
echo "creating group vboxusers..."
groupadd -r vboxusers 2>/dev/null || :
#######################################################
# scriptlets - post
#######################################################
%post
/sbin/ldconfig
#skip the fill up part and enable vboxdrv by default
%fillup_and_insserv -f -y vboxdrv
%fillup_only -an vboxes
#setup our sysconfig file /etc/sysconfig/vbox
%fillup_only -an vbox
%if %suse_version >= 1140
%set_permissions %{_vbox_instdir}/VBoxNetDHCP
%set_permissions %{_vbox_instdir}/VBoxNetAdpCtl
@ -551,6 +603,12 @@ groupadd -r vboxusers 2>/dev/null || :
%post guest-tools
%fillup_and_insserv -f -y vboxadd
%post websrv
%fillup_and_insserv -f -y vboxweb-service
#######################################################
# scriptlets preun
#######################################################
%preun
%stop_on_removal vboxdrv
exit 0
@ -559,6 +617,14 @@ exit 0
%stop_on_removal vboxadd
exit 0
%preun websrv
%stop_on_removal vboxweb-service
exit 0
#######################################################
# scriptlets postun
#######################################################
%postun
/sbin/ldconfig
%restart_on_update vboxdrv
@ -568,6 +634,12 @@ exit 0
%restart_on_update vboxadd
%insserv_cleanup
%postun websrv
%restart_on_update vboxweb-service
%insserv_cleanup
#
#######################################################
%clean
[ -d "%{buildroot}" -a "%{buildroot}" != "" ] && %__rm -rf "%{buildroot}"
@ -610,7 +682,6 @@ exit 0
%{_vbox_instdir}/VBoxSVC
%{_vbox_instdir}/VBoxTunctl
%{_vbox_instdir}/VBoxXPCOMIPCD
#added for 4.0.0
%{_vbox_instdir}/VBoxExtPackHelperApp
%{_vbox_instdir}/DBGCPlugInDiggers.so
%{_vbox_instdir}/VBoxAuth.so
@ -624,6 +695,8 @@ exit 0
%config %{_sysconfdir}/default/virtualbox
%config(noreplace) %{_sysconfdir}/udev/rules.d/60-vboxdrv.rules
%config %{_sysconfdir}/init.d/vboxdrv
%dir %{_sysconfdir}/vbox
%config %{_sysconfdir}/vbox/vbox.cfg
%{_sysconfdir}/init.d/vboxes
%{_var}/adm/fillup-templates/sysconfig.vbox
%{_sbindir}/rcvboxes
@ -707,4 +780,11 @@ exit 0
%{_vbox_instdir}/sdk/bindings/auth
#%{_vbox_instdir}/sdk/bindings/glue/java
%files websrv
%defattr(-,root, root)
%{_vbox_instdir}/vboxwebsrv
%{_vbox_instdir}/webtest
%{_sysconfdir}/init.d/vboxweb-service
%{_sbindir}/rcvboxweb-service
%changelog