pool/virtualbox
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8b8f0d439a
virtualbox/security_fixes.patch
Larry Finger c251bb8d97 Accepting request 1004165 from home:larryr:branches:Virtualization 
- Version bump to 6.1.38r86 released by Oracle September 02 2022
  This is a maintenance release. The following items were fixed and/or added:
  GUI: Improvements in Native Language Support area
  Main: OVF Export: Added support for exporting VMs containing Virtio-SCSI controllers
  Recording settings: Fixed a regression which could cause not starting the COM server (VBoxSVC) under certain circumstances (bug #21034)
  Recording: More deterministic naming for recorded files (will now overwrite old .webm files if present)
  Linux Host and Guest Additions installer: Improved check for systemd presence in the system (bug #19033)
  Linux Guest Additions: Introduced initial support for kernel 6.0
  Linux Guest Additions: Additional fixes for kernel RHEL 9.1 (bug #21065)
  Windows Guest Additions: Improvements in Drag and Drop area
  
  Fixes permission problem with /dev/vboxuser (boo#1203370)
  Fixes boo#1203306 - 6.1.38 is available
  Fixes missing firewall opening (boo#1203086)
  Fixes boo#1201720 CVE items for CVE-2022-21571, CVE-2022-21554

OBS-URL: https://build.opensuse.org/request/show/1004165
OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=653
2022-09-16 17:04:36 +00:00

41 lines
1.6 KiB
Diff
Raw Blame History

# This patch file is to warn future maintainers of VirtualBox on openSUSE
# platforms that the distributed versions of vboxadd.sh and vboxdrv.sh
# contain security holes. If you need to use these scripts in the future,
# please consult the Security Group at openSUSE.
#
# January 31, 2019 - Larry Finger
#
Index: VirtualBox-6.1.38/src/VBox/Additions/linux/installer/vboxadd.sh
===================================================================
--- VirtualBox-6.1.38.orig/src/VBox/Additions/linux/installer/vboxadd.sh
+++ VirtualBox-6.1.38/src/VBox/Additions/linux/installer/vboxadd.sh
@@ -611,9 +611,11 @@ dmnstatus()
fi
}
-for i; do
- case "$i" in quiet) QUIET=yes;; esac
-done
+echo "This script has insecurities. It must never be used in openSUSE without consultine Security."
+exit 1
+
+case "$2" in quiet)
+ QUIET=yes;;
case "$1" in
# Does setup without clean-up first and marks all kernels currently found on the
# system so that we can see later if any were added.
Index: VirtualBox-6.1.38/src/VBox/Installer/linux/vboxdrv.sh
===================================================================
--- VirtualBox-6.1.38.orig/src/VBox/Installer/linux/vboxdrv.sh
+++ VirtualBox-6.1.38/src/VBox/Installer/linux/vboxdrv.sh
@@ -38,6 +38,9 @@ DEVICE=/dev/vboxdrv
MODPROBE=/sbin/modprobe
SCRIPTNAME=vboxdrv.sh
+echo "This script has insecurities. It must never be used in openSUSE without consultine Security."
+exit 1
+
# The below is GNU-specific. See VBox.sh for the longer Solaris/OS X version.
TARGET=`readlink -e -- "${0}"` || exit 1
SCRIPT_DIR="${TARGET%/[!/]*}"
Reference in New Issue View Git Blame Copy Permalink