pool/virtualbox
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3dad334a2b
virtualbox/vbox-usb-warning.diff
Larry Rainey 030c30350e Accepting request 1060705 from home:larryr:branches:Virtualization 
- VirtualBox 7.0.6 (released January 17 2023)
This is a maintenance release. The following items were fixed and/or added: [1]
- VMM: Fixed guru running the FreeBSD loader on older Intel CPUs without unrestricted guest support (bug #21332)
- GUI: Fixed virtual machines grouping when VM was created or modified in command line (bugs #11500, #20933)
- GUI: Introduced generic changes in settings dialogs
- VirtioNet: Fixed broken network after loading saved state (bug #21172)
- Storage: Added support for increasing the size of the following VMDK image variants: monolithicFlat, monolithicSparse, twoGbMaxExtentSparse, twoGbMaxExtentFlat
- VBoxManage: Added missing --directory switch for guestcontrol mktemp command
- Mouse Integration: Guest was provided with extended host mouse state (bug #21139)
- DnD: Introduced generic improvements
- Guest Control: Fixed handling creation mode for temporary directories (bug #21394)
- Linux Host and Guest: Added initial support for building UEK7 kernel on Oracle Linux 8
- Linux Host and Guest: Added initial support for RHEL 9.1 kernel
- Linux Guest Additions: Added initial support for kernel 6.2 for vboxvideo
- Audio: The "--audio" option in VBoxManage is now marked as deprecated; please use "--audio-driver" and "--audio-enabled" instead. This will allow more flexibility when changing the driver and/or controlling the audio functionality 
Additionally, it fixes 6 CVE's: [2]
CVE-2023-21886 	Oracle VM VirtualBox 	Core 	Multiple 	Yes 	8.1 	Network 	High 	None 	None 	Un-
changed 	High 	High 	High 	Prior to 6.1.42, prior to 7.0.6 	 
CVE-2023-21898 	Oracle VM VirtualBox 	Core 	None 	No 	5.5 	Local 	Low 	Low 	None 	Un-
changed 	None 	None 	High 	Prior to 6.1.42, prior to 7.0.6 	See Note 1
CVE-2023-21899 	Oracle VM VirtualBox 	Core 	None 	No 	5.5 	Local 	Low 	Low 	None 	Un-
changed 	None 	None 	High 	Prior to 6.1.42, prior to 7.0.6 	See Note 1
CVE-2023-21884 	Oracle VM VirtualBox 	Core 	None 	No 	4.4 	Local 	Low 	High 	None 	Un-
changed 	None 	None 	High 	Prior to 6.1.42, prior to 7.0.6 	 
CVE-2023-21885 	Oracle VM VirtualBox 	Core 	None 	No 	3.8 	Local 	Low 	Low 	None 	Changed 	Low 	None 	None 	Prior to 6.1.42, prior to 7.0.6 	See Note 2
CVE-2023-21889 	Oracle VM VirtualBox 	Core 	None 	No 	3.8 	Local 	Low 	Low 	None 	Changed 	Low 	None 	None 	Prior to 6.1.42, prior to 7.0.6 	 
								
Note 1: Applies to VirtualBox VMs running Windows 7 and later.
Note 2: Applies to Windows only.
Links:

OBS-URL: https://build.opensuse.org/request/show/1060705
OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=673
2023-01-24 21:49:25 +00:00

78 lines
3.1 KiB
Diff
Raw Blame History

Index: VirtualBox-7.0.6/src/apps/Makefile.kmk
===================================================================
--- VirtualBox-7.0.6.orig/src/apps/Makefile.kmk
+++ VirtualBox-7.0.6/src/apps/Makefile.kmk
@@ -30,5 +30,7 @@ include $(KBUILD_PATH)/subheader.kmk
include $(PATH_SUB_CURRENT)/VBoxPermissionMessage/Makefile.kmk
+include $(PATH_SUB_CURRENT)/VBoxUSB_DevRules/Makefile.kmk
+
include $(FILE_KBUILD_SUB_FOOTER)
Index: VirtualBox-7.0.6/src/apps/VBoxUSB_DevRules/Makefile.kmk
===================================================================
--- /dev/null
+++ VirtualBox-7.0.6/src/apps/VBoxUSB_DevRules/Makefile.kmk
@@ -0,0 +1,30 @@
+# $Id: Makefile.kmk 28800 2010-04-27 08:22:32Z vboxsync $
+## @file
+#
+# VBoxUSB_DevRules is wrapper for suse users
+#
+# This file is part of VirtualBox Open Source Edition (OSE), as
+# available from http://www.virtualbox.org. This file is free software;
+# you can redistribute it and/or modify it under the terms of the GNU
+# General Public License (GPL) as published by the Free Software
+# Foundation, in version 2 as it comes in the "COPYING" file of the
+# VirtualBox OSE distribution. VirtualBox OSE is distributed in the
+# hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
+#
+
+
+SUB_DEPTH = ../../..
+include $(KBUILD_PATH)/subheader.kmk
+
+PROGRAMS += VBoxUSB_DevRules
+
+VBoxUSB_DevRules_TEMPLATE = VBOXQTGUIEXE
+VBoxUSB_DevRules_SOURCES = VBoxUSB_DevRules.cpp
+VBoxUSB_DevRules_QT_MODULES = Core Gui
+VBoxUSB_DevRules_QT_MODULES += Widgets
+
+#INSTALLS += VBoxUSB_DevRules
+
+include $(KBUILD_PATH)/subfooter.kmk
+
+
Index: VirtualBox-7.0.6/src/apps/VBoxUSB_DevRules/VBoxUSB_DevRules.cpp
===================================================================
--- /dev/null
+++ VirtualBox-7.0.6/src/apps/VBoxUSB_DevRules/VBoxUSB_DevRules.cpp
@@ -0,0 +1,25 @@
+#include <QtWidgets/QApplication>
+#include <QtWidgets/QMessageBox>
+#include <QtWidgets/QPushButton>+
+int main(int argc, char *argv[])
+{
+ QApplication app(argc, argv);
+ QMessageBox msgBox;
+ QPushButton *myYesButton = msgBox.addButton("Enable", QMessageBox::YesRole);
+ QPushButton *myNoButton = msgBox.addButton("Disable", QMessageBox::NoRole);
+ msgBox.setWindowTitle(QObject::tr("USB Rules and Permissions !"));
+ msgBox.setText(QObject::tr("USB passthrough requires read/write access to USB devices. "
+ "As a result, it opens a security hole.\n\n"
+ "Nonetheless, this feature is extremely useful and it may be worth the security risk. "
+ "Thus the code defaults to enabling it.\n\nIf you agree that the risk is acceptable, then click 'Enable'.\n"
+ "You should not be asked this question again when VB is updated. If you later change your mind, run 'rm ~/.config/virtualbox/*'\n\n"
+ "If you wish to disable USB passthrough to plug the security hole, then click 'Disable'. "
+ "You will be asked for the system password, and /etc/udev/rules.d/60-vboxdrv.rules will be changed.\n\n"
+ "These changes may not be preserved through VB updates, thus this screen may be displayed again at that time."));
+ msgBox.exec();
+ app.quit();
+ if (msgBox.clickedButton() == myYesButton)
+ return 0;
+ return 1;
+}
+
Reference in New Issue View Git Blame Copy Permalink