On Tuesday 03 March 2009 11:10:16 Frank Mehnert wrote: > Hi, > > On Monday 02 March 2009, Heinz Wiesinger wrote: > > Can anyone tell me the reason for updating the tarball for 2.1.4-OSE last > > week? > > I haven't found any information on this on neither mailing list nor > > website nor forum. > > There was a security bug related to hardened builds which we fixed > last week. In short, the SUID stubs must not been compiled with > RPATH=$ORIGIN. This is not necessary and introduces a security > problem. The Sun security alert should be available today or tomorrow.
Thanks for that explanation. I will keep an eye open for the alert. (it has still not appeared on Sun's security page) > > This update is a more or less big issue as the new tarball does no longer > > compile! I bails out with: > > > > Config.kmk:1564: > > /usr/src/ljt_tmp/VirtualBox-2.1.4_OSE/out/linux.x86/release/GCCConfig.kmk > >: No such file or directory > > Config.kmk:2511: *** extraneous `endif'. Stop. > > > > From reports I can tell, that the only way to probably get it to compile > > is by disable hardening. > > The fix is easy (as Alessio already mentioned): Just remove this superflous > endif. I will update the OSE archive once more. I figured as much already, but wanted to report this anyway. I saw the tarball is already updated. Thank you very much for that one. > > Please fix this as soon as possible. Further some wishes for the future: > > If such a thing is ever necessary again, be sure to announce it > > somewhere, at least on vbox-dev. Additionally, renaming the tarball would > > help a lot (2.1.4-2 instead of just replacing 2.1.4). > > Right, we will do this next time. Great :) Grs, Heinz
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ vbox-dev mailing list [email protected] http://vbox.innotek.de/mailman/listinfo/vbox-dev
