Hello community, here is the log from the commit of package virtualbox for openSUSE:Factory checked in at 2017-01-25 22:34:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/virtualbox (Old) and /work/SRC/openSUSE:Factory/.virtualbox.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "virtualbox" Changes: -------- --- /work/SRC/openSUSE:Factory/virtualbox/virtualbox.changes 2017-01-12 15:44:28.075848626 +0100 +++ /work/SRC/openSUSE:Factory/.virtualbox.new/virtualbox.changes 2017-01-25 22:34:26.181840264 +0100 @@ -1,0 +2,9 @@ +Sat Jan 14 02:14:27 UTC 2017 - [email protected] + +- The printing of the warning about the insecurity in USB passthru had been lost. As most people are likely to want that feature, + the logic has been inverted. Now, the required udev commands to allow passthru are included. The first time that VB is started, + the user will get a screen that points to the bug entry discussing the problem and states what they should do to block the + insecure usage. In any case, that screen will only be printed once. File "virtualbox-60-vboxdrv.rules" has been added + These changes address the issues in bnc #1018340. + +------------------------------------------------------------------- New: ---- virtualbox-60-vboxdrv.rules ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ virtualbox.spec ++++++ --- /var/tmp/diff_new_pack.iwtzUX/_old 2017-01-25 22:34:28.597474868 +0100 +++ /var/tmp/diff_new_pack.iwtzUX/_new 2017-01-25 22:34:28.605473657 +0100 @@ -1,7 +1,7 @@ # # spec file for package virtualbox # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ %define _vbox_instdir %{_libexecdir}/virtualbox -%define _udevrulesdir %{_libexecdir}/udev/rules.d +%define _udevrulesdir %{_sysconfdir}/udev/rules.d Name: virtualbox Version: 5.1.12 Release: 0 @@ -40,6 +40,7 @@ Source8: %{name}-guest-preamble Source9: %{name}-wrapper.sh Source10: %{name}-LocalConfig.kmk +Source11: %{name}-60-vboxdrv.rules # init script to start virtual boxes during boot, to be configured via /etc/sysconfig/vbox bnc#582398 Source12: %{name}-vboxes Source13: %{name}-sysconfig.vbox @@ -530,6 +531,7 @@ install -m 755 VBoxExtPackHelperApp %{buildroot}%{_vbox_instdir} install -m 755 VBoxTestOGL %{buildroot}%{_vbox_instdir} install -m 755 VBoxPermissionMessage %{buildroot}%{_vbox_instdir} +install -m 755 VBoxUSB_DevRules %{buildroot}%{_vbox_instdir} install -m 755 VBoxNetDHCP %{buildroot}%{_vbox_instdir} install -m 755 VBoxNetAdpCtl %{buildroot}%{_vbox_instdir} install -m 755 VirtualBox %{buildroot}%{_vbox_instdir} @@ -544,6 +546,7 @@ # install kmp src mkdir -p %{buildroot}%{_usrsrc}/kernel-modules cp -a src %{buildroot}%{_usrsrc}/kernel-modules/virtualbox +install -m 644 %{SOURCE11} %{buildroot}%{_udevrulesdir}/60-vboxdrv.rules popd # install desktop file @@ -792,6 +795,7 @@ %files qt %defattr(-, root, root) %attr(0755,root,vboxusers) %{_vbox_instdir}/VBoxPermissionMessage +%attr(0755,root,vboxusers) %{_vbox_instdir}/VBoxUSB_DevRules %verify(not mode) %attr(4750,root,vboxusers) %{_vbox_instdir}/VirtualBox #wrapper script is in bindir %attr(0755,root,root) %{_bindir}/VirtualBox @@ -802,6 +806,7 @@ %{_vbox_instdir}/VirtualBox.so %{_datadir}/pixmaps/virtualbox.png %{_datadir}/applications/%{name}.desktop +%{_udevrulesdir}/60-vboxdrv.rules %files guest-x11 %defattr(-, root, root) ++++++ vbox-usb-warning.diff ++++++ --- /var/tmp/diff_new_pack.iwtzUX/_old 2017-01-25 22:34:28.701459138 +0100 +++ /var/tmp/diff_new_pack.iwtzUX/_new 2017-01-25 22:34:28.701459138 +0100 @@ -62,7 +62,7 @@ + QApplication app(argc, argv); + QMessageBox msgBox; + msgBox.setWindowTitle(QObject::tr("USB Rules and Permissions !")); -+ msgBox.setText(QObject::tr("USB passthru opens a security hole. Please read \n\nhttps://bugzilla.novell.com/show_bug.cgi?id=664520\n\nto understand the problem. If you really want/need to use USB passthru, then copy /usr/lib/udev/rules.d/60-vboxdrv.rules to /etc/udev/rules.d/, and modify that file as outlined in the comments.\n\nTo avoid seeing this message every time VirtualBox is started, a dummy file is being created.")); ++ msgBox.setText(QObject::tr("USB passthru opens a security hole. Please read \n\nhttps://bugzilla.novell.com/show_bug.cgi?id=664520\n\nto understand the problem. If you really want/need to use USB passthru and are willing to accept the security risk, then do nothing. To plug the security hole, remove all 'usb' lines from /etc/udev/rules.d/60-vboxdrv.rules.\n\nThis message will not be seen again!")); + int ret = msgBox.exec(); + app.quit(); + return 0; ++++++ virtualbox-60-vboxdrv.rules ++++++ KERNEL=="vboxdrv", NAME="vboxdrv", OWNER="root", GROUP="root", MODE="0600" KERNEL=="vboxdrvu", NAME="vboxdrvu", OWNER="root", GROUP="root", MODE="0666" KERNEL=="vboxnetctl", NAME="vboxnetctl", OWNER="root", GROUP="root", MODE="0600" SUBSYSTEM=="usb_device", ACTION=="add", RUN+="/usr/lib/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}" SUBSYSTEM=="usb", ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="/usr/lib/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}" SUBSYSTEM=="usb_device", ACTION=="remove", RUN+="/usr/lib/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor" SUBSYSTEM=="usb", ACTION=="remove", ENV{DEVTYPE}=="usb_device", RUN+="/usr/lib/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor" ++++++ virtualbox-wrapper.sh ++++++ --- /var/tmp/diff_new_pack.iwtzUX/_old 2017-01-25 22:34:28.897429495 +0100 +++ /var/tmp/diff_new_pack.iwtzUX/_new 2017-01-25 22:34:28.901428891 +0100 @@ -1,4 +1,9 @@ #!/bin/bash export QT_NO_KDE_INTEGRATION=1 /usr/bin/id -nG | grep -v -e "root" -e "vboxusers" >/dev/null && /usr/lib/virtualbox/VBoxPermissionMessage && exit +if [ ! -f ~/.vbox/message_out ] ; then + /usr/lib/virtualbox/VBoxUSB_DevRules + mkdir -p ~/.vbox/ + touch ~/.vbox/message_out +fi LD_LIBRARY_PATH="/usr/lib/virtualbox${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}" /usr/lib/virtualbox/VirtualBox $@
