rpms/VirtualBox-OSE/F-11 VirtualBox-OSE-3.0.4-optflags.patch, NONE,
1.1 VirtualBox-OSE-3.0.4-visibility.patch, NONE,
1.1 VirtualBox-OSE-90-vboxdrv.rules.hardening, NONE,
1.1 VirtualBox-OSE.blacklist-kvm, NONE,
1.1 VirtualBox-OSE-90-vboxdrv.rules, 1.2,
1.3 VirtualBox-OSE-guest.modules, 1.1,
1.2 VirtualBox-OSE.modules, 1.3, 1.4 VirtualBox-OSE.spec, 1.11, 1.12
Lubomir Rintel
lkundrak at rpmfusion.org
Sat Aug 22 00:13:30 CEST 2009
- Previous message: rpms/VirtualBox-OSE/devel VirtualBox-OSE-90-vboxdrv.rules.hardening,
NONE, 1.1 VirtualBox-OSE-90-vboxdrv.rules, 1.3,
1.4 VirtualBox-OSE.spec, 1.26, 1.27
- Next message: rpms/VirtualBox-OSE/devel VirtualBox-OSE-90-vboxdrv.rules, 1.4,
1.5 VirtualBox-OSE-90-vboxdrv.rules.hardening, 1.1,
1.2 VirtualBox-OSE.spec, 1.27, 1.28
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: lkundrak
Update of /cvs/free/rpms/VirtualBox-OSE/F-11
In directory se02.es.rpmfusion.net:/tmp/cvs-serv6744/F-11
Modified Files:
VirtualBox-OSE-90-vboxdrv.rules VirtualBox-OSE-guest.modules
VirtualBox-OSE.modules VirtualBox-OSE.spec
Added Files:
VirtualBox-OSE-3.0.4-optflags.patch
VirtualBox-OSE-3.0.4-visibility.patch
VirtualBox-OSE-90-vboxdrv.rules.hardening
VirtualBox-OSE.blacklist-kvm
Log Message:
Merge from dekel
VirtualBox-OSE-3.0.4-optflags.patch:
--- NEW FILE VirtualBox-OSE-3.0.4-optflags.patch ---
diff -up VirtualBox-3.0.4_OSE/Config.kmk.optflags VirtualBox-3.0.4_OSE/Config.kmk
--- VirtualBox-3.0.4_OSE/Config.kmk.optflags 2009-08-16 11:43:40.000000000 +0200
+++ VirtualBox-3.0.4_OSE/Config.kmk 2009-08-16 11:45:41.000000000 +0200
@@ -3131,8 +3131,8 @@ ifdef VBOX_WITH_QTGUI
TEMPLATE_VBOXQT4GUIEXE_INCS += \
$(LIB_SDL_INC)
- TEMPLATE_VBOXQT4GUIEXE_CXXFLAGS = \
- -g -pipe $(filter-out -Wno-unused,$(VBOX_GCC_WARN)) -frtti -fno-exceptions -Wno-non-virtual-dtor \
+ TEMPLATE_VBOXQT4GUIEXE_CXXFLAGS = $(VBOX_GCC_OPT) \
+ $(filter-out -Wno-unused,$(VBOX_GCC_WARN)) -frtti -fno-exceptions -Wno-non-virtual-dtor \
-Wno-long-long -fshort-wchar -fno-strict-aliasing \
$(VBOX_GCC_fvisibility-hidden) $(VBOX_GCC_fvisibility-inlines-hidden)
TEMPLATE_VBOXQT4GUIEXE_CXXFLAGS.x86 = -m32
VirtualBox-OSE-3.0.4-visibility.patch:
--- NEW FILE VirtualBox-OSE-3.0.4-visibility.patch ---
Hack to fix up build of gsoap bindings on Rawhide.
Still needs to be looked into.
Lubomir Rintel <lkundrak at v3.sk>
diff -up VirtualBox-3.0.4_OSE/Config.kmk.visibility VirtualBox-3.0.4_OSE/Config.kmk
--- VirtualBox-3.0.4_OSE/Config.kmk.visibility 2009-08-19 07:26:08.353120473 +0200
+++ VirtualBox-3.0.4_OSE/Config.kmk 2009-08-19 07:28:35.203118058 +0200
@@ -2436,7 +2436,7 @@ ifeq ($(KBUILD_TARGET),win)
else # the gcc guys
TEMPLATE_VBOXR3EXE_TOOL = $(VBOX_GCC_TOOL)
-TEMPLATE_VBOXR3EXE_CXXFLAGS = -g -pipe $(VBOX_GCC_PEDANTIC) $(VBOX_GCC_Wno-variadic-macros) $(VBOX_GCC_OPT) $(VBOX_GCC_FP) -fno-strict-aliasing $(VBOX_GCC_fvisibility-inlines-hidden) $(VBOX_GCC_fvisibility-hidden)
+TEMPLATE_VBOXR3EXE_CXXFLAGS = -g -pipe $(VBOX_GCC_PEDANTIC) $(VBOX_GCC_Wno-variadic-macros) $(VBOX_GCC_OPT) $(VBOX_GCC_FP) -fno-strict-aliasing $(VBOX_GCC_fvisibility-inlines-hidden)
TEMPLATE_VBOXR3EXE_CXXFLAGS.x86 = -m32
TEMPLATE_VBOXR3EXE_CXXFLAGS.amd64 = -m64
# L4 currently can't handle exception handling.
diff -up VirtualBox-3.0.4_OSE/src/VBox/Main/webservice/websrv-nsmap.xsl.visibility VirtualBox-3.0.4_OSE/src/VBox/Main/webservice/websrv-nsmap.xsl
--- VirtualBox-3.0.4_OSE/src/VBox/Main/webservice/websrv-nsmap.xsl.visibility 2009-08-04 19:18:47.000000000 +0200
+++ VirtualBox-3.0.4_OSE/src/VBox/Main/webservice/websrv-nsmap.xsl 2009-08-19 07:26:08.475118377 +0200
@@ -49,6 +49,7 @@
* Generated from: src/VBox/Main/idl/VirtualBox.xidl (VirtualBox's interface definitions in XML)
* Generator: src/VBox/Main/webservice/websrv-nsmap.xsl */
+#pragma GCC visibility push(default)
#include "soapH.h"
SOAP_NMAC struct Namespace namespaces[] =
{
@@ -64,6 +65,7 @@ SOAP_NMAC struct Namespace namespaces[]
<xsl:text><![CDATA[
{NULL, NULL, NULL, NULL}
};
+#pragma GCC visibility pop
]]></xsl:text>
</xsl:template>
--- NEW FILE VirtualBox-OSE-90-vboxdrv.rules.hardening ---
ACTION=="add", DEVPATH=="/devices/virtual/misc/vboxdrv", OWNER="root", MODE="0666"
ACTION=="add", DEVPATH=="/devices/virtual/misc/vboxnetctl", OWNER="root", MODE="0666"
--- NEW FILE VirtualBox-OSE.blacklist-kvm ---
# Feel free to comment these out if you wish to use KVM hypervisor.
#
# Be warned that you won't be able to use VMX extensions in VirtualBox-OSE
# as long as these modules are loaded (you'll still be able to launch the
# virtual machines if you switch off use of hardware-supported
# virtualization).
blacklist kvm
blacklist kvm_intel
blacklist kvm_amd
Index: VirtualBox-OSE-90-vboxdrv.rules
===================================================================
RCS file: /cvs/free/rpms/VirtualBox-OSE/F-11/VirtualBox-OSE-90-vboxdrv.rules,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- VirtualBox-OSE-90-vboxdrv.rules 3 May 2009 14:24:14 -0000 1.2
+++ VirtualBox-OSE-90-vboxdrv.rules 21 Aug 2009 22:13:29 -0000 1.3
@@ -1 +1,2 @@
-ACTION=="add", DEVPATH=="/class/misc/vboxdrv", OWNER="root", MODE="0600"
+ACTION=="add", DEVPATH=="/devices/virtual/misc/vboxdrv", OWNER="root", MODE="0600"
+ACTION=="add", DEVPATH=="/devices/virtual/misc/vboxnetctl", OWNER="root", MODE="0600"
Index: VirtualBox-OSE-guest.modules
===================================================================
RCS file: /cvs/free/rpms/VirtualBox-OSE/F-11/VirtualBox-OSE-guest.modules,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- VirtualBox-OSE-guest.modules 21 Apr 2009 06:26:11 -0000 1.1
+++ VirtualBox-OSE-guest.modules 21 Aug 2009 22:13:29 -0000 1.2
@@ -1,3 +1,3 @@
#!/bin/sh
-/sbin/modprobe vboxadd &>/dev/null
-/sbin/modprobe vboxvfs &>/dev/null
+/sbin/modprobe -b vboxadd &>/dev/null
+/sbin/modprobe -b vboxvfs &>/dev/null
Index: VirtualBox-OSE.modules
===================================================================
RCS file: /cvs/free/rpms/VirtualBox-OSE/F-11/VirtualBox-OSE.modules,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- VirtualBox-OSE.modules 9 Aug 2009 18:05:39 -0000 1.3
+++ VirtualBox-OSE.modules 21 Aug 2009 22:13:29 -0000 1.4
@@ -1,10 +1,10 @@
#!/bin/sh
# User is advised to run this on upgrades
-/sbin/rmmod vboxnetflt &>/dev/null ||:
-/sbin/rmmod vboxdrv &>/dev/null ||:
-/sbin/rmmod vboxnetadp &>/dev/null ||:
+/sbin/modprobe -r -b vboxnetflt &>/dev/null ||:
+/sbin/modprobe -r -b vboxdrv &>/dev/null ||:
+/sbin/modprobe -r -b vboxnetadp &>/dev/null ||:
-/sbin/modprobe vboxdrv
-/sbin/modprobe vboxnetflt
-/sbin/modprobe vboxnetadp
+/sbin/modprobe -b vboxdrv
+/sbin/modprobe -b vboxnetflt
+/sbin/modprobe -b vboxnetadp
Index: VirtualBox-OSE.spec
===================================================================
RCS file: /cvs/free/rpms/VirtualBox-OSE/F-11/VirtualBox-OSE.spec,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- VirtualBox-OSE.spec 9 Aug 2009 18:05:39 -0000 1.11
+++ VirtualBox-OSE.spec 21 Aug 2009 22:13:29 -0000 1.12
@@ -1,18 +1,30 @@
%{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
-# This is to prevent certain object files from being stripped.
-# FIXME: We would not probably get useful information
-# without utilizing optflags (see below)
-# TODO: Remove executable bit temporarily to prevent stripping
-%global debug_package %{nil}
-
-# Lots of useless checks
-# This will be enabled by default once RPM is built with caps enabled
+# Standard compiler flags, without:
+# -Wall -- VirtualBox-OSE takes care of reasonable warning very well
+# -m32, -m64 -- 32bit code is built besides 64bit on x86_64
+# -fexceptions -- R0 code doesn't link against C++ library, no __gxx_personality_v0
+%global optflags %(rpm --eval %%optflags |sed 's/-Wall//;s/-m[0-9][0-9]//;s/-fexceptions//')
+
+# Hardening is basically a lot of seemingly useless checks that are here to
+# mitigate impact of eventual security issue in setuid root VBox. When we
+# use the filesystem capabilities instead of running privileged, it can't
+# be used.
+%if 0%{?fedora} > 11
+%bcond_with hardening
+%else
%bcond_without hardening
+%endif
+
+%if %with hardening
+%define priv_mode %%attr(4755,root,root)
+%else
+%define priv_mode %%caps(cap_net_raw+ep)
+%endif
Name: VirtualBox-OSE
Version: 3.0.4
-Release: 3%{?dist}
+Release: 7%{?dist}
Summary: A general-purpose full virtualizer for PC hardware
Group: Development/Tools
@@ -20,11 +32,13 @@
URL: http://www.virtualbox.org/wiki/VirtualBox
Source0: http://dlc.sun.com/virtualbox/%{version}/VirtualBox-%{version}-OSE.tar.bz2
Source1: http://download.virtualbox.org/virtualbox/%{version}/UserManual.pdf
-Source4: VirtualBox-OSE-90-vboxdrv.rules
+Source3: VirtualBox-OSE-90-vboxdrv.rules
+Source4: VirtualBox-OSE-90-vboxdrv.rules.hardening
Source5: VirtualBox-OSE-60-vboxadd.rules
Source6: VirtualBox-OSE.modules
Source7: VirtualBox-OSE-guest.modules
Source8: VirtualBox-OSE-vboxresize.desktop
+Source9: VirtualBox-OSE.blacklist-kvm
Patch1: VirtualBox-OSE-2.2.0-noupdate.patch
Patch2: VirtualBox-OSE-3.0.0-strings.patch
Patch3: VirtualBox-OSE-3.0.2-libcxx.patch
@@ -33,7 +47,9 @@
Patch6: VirtualBox-OSE-3.0.2-xinput2.patch
Patch7: VirtualBox-OSE-3.0.4-videodrv6.patch
Patch8: VirtualBox-OSE-3.0.4-vblank.patch
+Patch9: VirtualBox-OSE-3.0.4-optflags.patch
Patch10: VirtualBox-OSE-2.2.0-32bit.patch
+Patch11: VirtualBox-OSE-3.0.4-visibility.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -50,6 +66,8 @@
BuildRequires: desktop-file-utils
BuildRequires: libcap-devel
BuildRequires: qt4-devel
+BuildRequires: gsoap-devel
+BuildRequires: xz
# For the X11 module
BuildRequires: libdrm-devel
@@ -133,7 +151,9 @@
%patch6 -p1 -b .xinput2
%patch7 -p1 -b .videodrv6
%patch8 -p1 -b .vblank
+%patch9 -p1 -b .optflags
%patch10 -p1 -b .32bit
+%patch11 -p1 -b .visibility
# Remove prebuilt binary tools
rm -rf kBuild
@@ -145,7 +165,7 @@
%build
./configure --disable-kmods --enable-webservice \
- %{?_without_hardening:--disable-hardening}
+ %{!?with_hardening:--disable-hardening}
. ./env.sh
@@ -158,8 +178,12 @@
# FIXME: Utilize optflags. This will probably involve patching of makefiles
# Setting VBOX_GCC_OPT to optflags doesn't use the flags for large part of
# the tree, while preventing required symbols to be generated in .r0 files
-kmk KBUILD_VERBOSE=2 TOOL_YASM_AS=yasm VBOX_WITH_REGISTRATION_REQUEST= PATH_INS="$PWD/obj" \
- KMK_REVISION=3000 KBUILD_KMK_REVISION=3000
+echo %{optflags}
+kmk KBUILD_VERBOSE=2 TOOL_YASM_AS=yasm PATH_INS="$PWD/obj" \
+ VBOX_WITH_REGISTRATION_REQUEST= VBOX_WITH_UPDATE_REQUEST= \
+ KMK_REVISION=3000 KBUILD_KMK_REVISION=3000 \
+ VBOX_GCC_OPT="%{optflags}" VBOX_GCC_GC_OPT="%{optflags}" \
+ VBOX_GCC_R0_OPT="%{optflags}"
%install
@@ -203,22 +227,21 @@
obj/bin/V*.gc \
obj/bin/V*.r0
-# SetUID root binaries
-install -p -m 4755 -t $RPM_BUILD_ROOT%{_libdir}/virtualbox \
+# Executabes
+install -p -m 0755 -t $RPM_BUILD_ROOT%{_libdir}/virtualbox \
obj/bin/VBoxHeadless \
obj/bin/VBoxSDL \
obj/bin/VBoxNetDHCP \
obj/bin/VBoxNetAdpCtl \
- obj/bin/VirtualBox
-
-# Other binaries
-install -p -m 0755 -t $RPM_BUILD_ROOT%{_libdir}/virtualbox \
+ obj/bin/VirtualBox \
obj/bin/VBoxManage \
obj/bin/VBoxSVC \
obj/bin/VBoxXPCOMIPCD \
obj/bin/VBoxSysInfo.sh \
obj/bin/vboxshell.py \
- obj/bin/VBoxTestOGL
+ obj/bin/VBoxTestOGL \
+ obj/bin/vboxwebsrv \
+ obj/bin/webtest
# Language files
install -p -m 0755 -t $RPM_BUILD_ROOT%{_libdir}/virtualbox/nls \
@@ -282,18 +305,19 @@
echo 'INSTALL_DIR=%{_libdir}/virtualbox' > $RPM_BUILD_ROOT/%{_sysconfdir}/vbox/vbox.cfg
# Install udev rules
-install -p -m 0644 -D %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/udev/rules.d/90-vboxdrv.rules
-install -p -m 0644 -D %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/udev/rules.d/60-vboxadd.rules
+%define vboxdrv_udev %{?with_hardening:%{SOURCE4}}%{?!with_hardening:%{SOURCE3}}
+install -p -m 0644 -D %{vboxdrv_udev} $RPM_BUILD_ROOT%{_sysconfdir}/udev/rules.d/60-vboxadd.rules
# Install modules load script
install -p -m 0755 -D %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/modules/%{name}.modules
install -p -m 0755 -D %{SOURCE7} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/modules/%{name}-guest.modules
+install -p -m 0644 -D %{SOURCE8} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/modprobe.d/blacklist-kvm.conf
# Module Source Code
mkdir -p %{name}-kmod-%{version}
cp -al obj/bin/src/vbox* obj/bin/additions/src/vbox* %{name}-kmod-%{version}
install -d $RPM_BUILD_ROOT%{_datadir}/%{name}-kmod-%{version}
-tar --use-compress-program lzma -cf $RPM_BUILD_ROOT%{_datadir}/%{name}-kmod-%{version}/%{name}-kmod-%{version}.tar.lzma \
+tar --use-compress-program xz -cf $RPM_BUILD_ROOT%{_datadir}/%{name}-kmod-%{version}/%{name}-kmod-%{version}.tar.xz \
%{name}-kmod-%{version}
# Menu entry
@@ -363,12 +387,27 @@
%{_bindir}/VBoxSDL
%{_bindir}/VBoxTunctl
%{_bindir}/VirtualBox
-%{_libdir}/virtualbox
+%dir %{_libdir}/virtualbox
+%{_libdir}/virtualbox/*.*
+%{_libdir}/virtualbox/components
+%{_libdir}/virtualbox/nls
+%{_libdir}/virtualbox/VBoxManage
+%{_libdir}/virtualbox/VBoxSVC
+%{_libdir}/virtualbox/VBoxTestOGL
+%{_libdir}/virtualbox/VBoxXPCOMIPCD
+%{_libdir}/virtualbox/vboxwebsrv
+%{_libdir}/virtualbox/webtest
+%{priv_mode} %{_libdir}/virtualbox/VBoxHeadless
+%{priv_mode} %{_libdir}/virtualbox/VBoxSDL
+%{priv_mode} %{_libdir}/virtualbox/VBoxNetDHCP
+%{priv_mode} %{_libdir}/virtualbox/VBoxNetAdpCtl
+%{priv_mode} %{_libdir}/virtualbox/VirtualBox
%{_datadir}/pixmaps/*
%{_datadir}/applications/*.desktop
%config %{_sysconfdir}/vbox/vbox.cfg
%config %{_sysconfdir}/udev/rules.d/90-vboxdrv.rules
%config %{_sysconfdir}/sysconfig/modules/%{name}.modules
+%config(noreplace) %{_sysconfdir}/sysconfig/modprobe.d/*.conf
%doc COPYING UserManual.pdf
@@ -408,6 +447,22 @@
%changelog
+* Sat Aug 22 2009 Lubomir Rintel <lkundrak at v3.sk> - 3.0.4-7
+- Correct the path in udev rule and adjust for non-hardening
+
+* Thu Aug 20 2009 Lubomir Rintel <lkundrak at v3.sk> - 3.0.4-6
+- No exceptions in R0 code, should fix unresolved symbol problem
+
+* Sun Aug 16 2009 Lubomir Rintel <lkundrak at v3.sk> - 3.0.4-5
+- Enable debuginfo package
+- Correctly use compiler flags
+- Make it possible to blacklist our modules
+- Blacklist KVM
+
+* Sat Aug 15 2009 Lubomir Rintel <lkundrak at v3.sk> - 3.0.4-4
+- Exchange hardening for filesystem capabilities
+- Enable web services
+
* Sun Aug 08 2009 Lubomir Rintel <lkundrak at v3.sk> - 3.0.4-3
- Include VBoxRandR
- Add dri module to guest
- Previous message: rpms/VirtualBox-OSE/devel VirtualBox-OSE-90-vboxdrv.rules.hardening,
NONE, 1.1 VirtualBox-OSE-90-vboxdrv.rules, 1.3,
1.4 VirtualBox-OSE.spec, 1.26, 1.27
- Next message: rpms/VirtualBox-OSE/devel VirtualBox-OSE-90-vboxdrv.rules, 1.4,
1.5 VirtualBox-OSE-90-vboxdrv.rules.hardening, 1.1,
1.2 VirtualBox-OSE.spec, 1.27, 1.28
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the rpmfusion-commits
mailing list