rpms/VirtualBox-OSE/devel VirtualBox-OSE-3.0.4-optflags.patch, NONE, 1.1 VirtualBox-OSE.blacklist-kvm, NONE, 1.1 VirtualBox-OSE-guest.modules, 1.1, 1.2 VirtualBox-OSE.modules, 1.3, 1.4 VirtualBox-OSE.spec, 1.21, 1.22 VirtualBox-OSE-3.0.2-dri.patch, 1.1, NONE VirtualBox-OSE-3.0.2-videodrv6.patch, 1.1, NONE

Lubomir Rintel lkundrak at rpmfusion.org
Mon Aug 17 05:29:12 CEST 2009 

Author: lkundrak

Update of /cvs/free/rpms/VirtualBox-OSE/devel
In directory se02.es.rpmfusion.net:/tmp/cvs-serv5429

Modified Files:
	VirtualBox-OSE-guest.modules VirtualBox-OSE.modules 
	VirtualBox-OSE.spec 
Added Files:
	VirtualBox-OSE-3.0.4-optflags.patch 
	VirtualBox-OSE.blacklist-kvm 
Removed Files:
	VirtualBox-OSE-3.0.2-dri.patch 
	VirtualBox-OSE-3.0.2-videodrv6.patch 
Log Message:
* Sun Aug 16 2009 Lubomir Rintel <lkundrak at v3.sk> - 3.0.4-5
- Enable debuginfo package
- Correctly use compiler flags
- Make it possible to blacklist our modules
- Blacklist KVM


VirtualBox-OSE-3.0.4-optflags.patch:

--- NEW FILE VirtualBox-OSE-3.0.4-optflags.patch ---
diff -up VirtualBox-3.0.4_OSE/Config.kmk.optflags VirtualBox-3.0.4_OSE/Config.kmk
--- VirtualBox-3.0.4_OSE/Config.kmk.optflags	2009-08-16 11:43:40.000000000 +0200
+++ VirtualBox-3.0.4_OSE/Config.kmk	2009-08-16 11:45:41.000000000 +0200
@@ -3131,8 +3131,8 @@ ifdef VBOX_WITH_QTGUI
 
   TEMPLATE_VBOXQT4GUIEXE_INCS += \
  	$(LIB_SDL_INC)
-  TEMPLATE_VBOXQT4GUIEXE_CXXFLAGS = \
- 	-g -pipe $(filter-out -Wno-unused,$(VBOX_GCC_WARN)) -frtti -fno-exceptions -Wno-non-virtual-dtor \
+  TEMPLATE_VBOXQT4GUIEXE_CXXFLAGS = $(VBOX_GCC_OPT) \
+ 	$(filter-out -Wno-unused,$(VBOX_GCC_WARN)) -frtti -fno-exceptions -Wno-non-virtual-dtor \
  	-Wno-long-long -fshort-wchar -fno-strict-aliasing \
  	$(VBOX_GCC_fvisibility-hidden) $(VBOX_GCC_fvisibility-inlines-hidden)
   TEMPLATE_VBOXQT4GUIEXE_CXXFLAGS.x86 = -m32


--- NEW FILE VirtualBox-OSE.blacklist-kvm ---
# Feel free to comment these out if you wish to use KVM hypervisor.
#
# Be warned that you won't be able to use VMX extensions in VirtualBox-OSE
# as long as these modules are loaded (you'll still be able to launch the
# virtual machines if you switch off use of hardware-supported
# virtualization).

blacklist kvm
blacklist kvm_intel
blacklist kvm_amd


Index: VirtualBox-OSE-guest.modules
===================================================================
RCS file: /cvs/free/rpms/VirtualBox-OSE/devel/VirtualBox-OSE-guest.modules,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- VirtualBox-OSE-guest.modules	21 Apr 2009 06:26:11 -0000	1.1
+++ VirtualBox-OSE-guest.modules	17 Aug 2009 03:29:11 -0000	1.2
@@ -1,3 +1,3 @@
 #!/bin/sh
-/sbin/modprobe vboxadd &>/dev/null
-/sbin/modprobe vboxvfs &>/dev/null
+/sbin/modprobe -b vboxadd &>/dev/null
+/sbin/modprobe -b vboxvfs &>/dev/null


Index: VirtualBox-OSE.modules
===================================================================
RCS file: /cvs/free/rpms/VirtualBox-OSE/devel/VirtualBox-OSE.modules,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- VirtualBox-OSE.modules	3 Aug 2009 22:36:00 -0000	1.3
+++ VirtualBox-OSE.modules	17 Aug 2009 03:29:11 -0000	1.4
@@ -1,10 +1,10 @@
 #!/bin/sh
 
 # User is advised to run this on upgrades
-/sbin/rmmod vboxnetflt &>/dev/null ||:
-/sbin/rmmod vboxdrv &>/dev/null ||:
-/sbin/rmmod vboxnetadp &>/dev/null ||:
+/sbin/modprobe -r -b vboxnetflt &>/dev/null ||:
+/sbin/modprobe -r -b vboxdrv &>/dev/null ||:
+/sbin/modprobe -r -b vboxnetadp &>/dev/null ||:
 
-/sbin/modprobe vboxdrv
-/sbin/modprobe vboxnetflt
-/sbin/modprobe vboxnetadp
+/sbin/modprobe -b vboxdrv
+/sbin/modprobe -b vboxnetflt
+/sbin/modprobe -b vboxnetadp


Index: VirtualBox-OSE.spec
===================================================================
RCS file: /cvs/free/rpms/VirtualBox-OSE/devel/VirtualBox-OSE.spec,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- VirtualBox-OSE.spec	15 Aug 2009 16:57:39 -0000	1.21
+++ VirtualBox-OSE.spec	17 Aug 2009 03:29:11 -0000	1.22
@@ -1,14 +1,17 @@
 %{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
 
-# This is to prevent certain object files from being stripped.
-# FIXME: We would not probably get useful information
-# without utilizing optflags (see below)
-# TODO: Remove executable bit temporarily to prevent stripping
-%global debug_package %{nil}
+# VirtualBox-OSE takes care of reasonable warning very well
+%global optflags %(rpm --eval %%optflags |sed 's/-Wall//')
 
-# Lots of useless checks
-# This will be enabled by default once RPM is built with caps enabled
+# Hardening is basically a lot of seemingly useless checks that are here to
+# mitigate impact of eventual security issue in setuid root VBox. When we
+# use the filesystem capabilities instead of running privileged, it can't
+# be used.
+%if 0%{?fedora} > 11
 %bcond_with hardening
+%else
+%bcond_without hardening
+%endif
 
 %if %with hardening
 %define priv_mode %%attr(4755,root,root)
@@ -18,7 +21,7 @@
 
 Name:           VirtualBox-OSE
 Version:        3.0.4
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        A general-purpose full virtualizer for PC hardware
 
 Group:          Development/Tools
@@ -31,6 +34,7 @@
 Source6:        VirtualBox-OSE.modules
 Source7:        VirtualBox-OSE-guest.modules
 Source8:        VirtualBox-OSE-vboxresize.desktop
+Source9:        VirtualBox-OSE.blacklist-kvm
 Patch1:         VirtualBox-OSE-2.2.0-noupdate.patch
 Patch2:         VirtualBox-OSE-3.0.0-strings.patch
 Patch3:         VirtualBox-OSE-3.0.2-libcxx.patch
@@ -39,6 +43,7 @@
 Patch6:         VirtualBox-OSE-3.0.2-xinput2.patch
 Patch7:         VirtualBox-OSE-3.0.4-videodrv6.patch
 Patch8:         VirtualBox-OSE-3.0.4-vblank.patch
+Patch9:         VirtualBox-OSE-3.0.4-optflags.patch
 Patch10:        VirtualBox-OSE-2.2.0-32bit.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -57,6 +62,7 @@
 BuildRequires:  libcap-devel
 BuildRequires:  qt4-devel
 BuildRequires:  gsoap-devel
+BuildRequires:  xz
 
 # For the X11 module
 BuildRequires:  libdrm-devel
@@ -140,6 +146,7 @@
 %patch6 -p1 -b .xinput2
 %patch7 -p1 -b .videodrv6
 %patch8 -p1 -b .vblank
+%patch9 -p1 -b .optflags
 %patch10 -p1 -b .32bit
 
 # Remove prebuilt binary tools
@@ -165,8 +172,11 @@
 # FIXME: Utilize optflags. This will probably involve patching of makefiles
 # Setting VBOX_GCC_OPT to optflags doesn't use the flags for large part of
 # the tree, while preventing required symbols to be generated in .r0 files
-kmk KBUILD_VERBOSE=2 TOOL_YASM_AS=yasm VBOX_WITH_REGISTRATION_REQUEST= PATH_INS="$PWD/obj" \
-        KMK_REVISION=3000 KBUILD_KMK_REVISION=3000
+kmk KBUILD_VERBOSE=2 TOOL_YASM_AS=yasm PATH_INS="$PWD/obj"              \
+        VBOX_WITH_REGISTRATION_REQUEST= VBOX_WITH_UPDATE_REQUEST=       \
+        KMK_REVISION=3000 KBUILD_KMK_REVISION=3000                      \
+        VBOX_GCC_OPT="%{optflags}" VBOX_GCC_GC_OPT="%{optflags}"        \
+        VBOX_GCC_R0_OPT="%{optflags}"
 
 
 %install
@@ -292,12 +302,13 @@
 # Install modules load script
 install -p -m 0755 -D %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/modules/%{name}.modules
 install -p -m 0755 -D %{SOURCE7} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/modules/%{name}-guest.modules
+install -p -m 0644 -D %{SOURCE8} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/modprobe.d/blacklist-kvm.conf
 
 # Module Source Code
 mkdir -p %{name}-kmod-%{version}
 cp -al obj/bin/src/vbox* obj/bin/additions/src/vbox* %{name}-kmod-%{version}
 install -d $RPM_BUILD_ROOT%{_datadir}/%{name}-kmod-%{version}
-tar --use-compress-program lzma -cf $RPM_BUILD_ROOT%{_datadir}/%{name}-kmod-%{version}/%{name}-kmod-%{version}.tar.lzma \
+tar --use-compress-program xz -cf $RPM_BUILD_ROOT%{_datadir}/%{name}-kmod-%{version}/%{name}-kmod-%{version}.tar.xz \
         %{name}-kmod-%{version}
 
 # Menu entry
@@ -385,6 +396,7 @@
 %config %{_sysconfdir}/vbox/vbox.cfg
 %config %{_sysconfdir}/udev/rules.d/90-vboxdrv.rules
 %config %{_sysconfdir}/sysconfig/modules/%{name}.modules
+%config(noreplace) %{_sysconfdir}/sysconfig/modprobe.d/*.conf
 %doc COPYING UserManual.pdf
 
 
@@ -424,6 +436,12 @@
 
 
 %changelog
+* Sun Aug 16 2009 Lubomir Rintel <lkundrak at v3.sk> - 3.0.4-5
+- Enable debuginfo package
+- Correctly use compiler flags
+- Make it possible to blacklist our modules
+- Blacklist KVM
+
 * Sat Aug 15 2009 Lubomir Rintel <lkundrak at v3.sk> - 3.0.4-4
 - Exchange hardening for filesystem capabilities
 - Enable web services


--- VirtualBox-OSE-3.0.2-dri.patch DELETED ---


--- VirtualBox-OSE-3.0.2-videodrv6.patch DELETED ---

More information about the rpmfusion-commits mailing list