From 8c6ee842007f884b28f6461300906e1505b7d3f9 Mon Sep 17 00:00:00 2001 From: Graham Christensen Date: Wed, 26 Oct 2016 07:48:21 -0400 Subject: [PATCH] virtualbox: 5.1.6 -> 5.1.8 for many CVEs: From LWN: From the NVD entries: CVE-2016-5501: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5538. CVE-2016-5538: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5501. CVE-2016-5605: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.1.4 in Oracle Virtualization allows remote attackers to affect confidentiality and integrity via vectors related to VRDE. CVE-2016-5608: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5613. CVE-2016-5610: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core. CVE-2016-5611: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core. CVE-2016-5613: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5608. (cherry picked from commit 69e8bac9cd1b605440a28e4cb56a4acf6e2c0103) --- .../virtualization/virtualbox/default.nix | 2 +- .../virtualization/virtualbox/libressl.patch | 47 ------------------- .../virtualbox/upstream-info.json | 10 ++-- 3 files changed, 6 insertions(+), 53 deletions(-) delete mode 100644 pkgs/applications/virtualization/virtualbox/libressl.patch diff --git a/pkgs/applications/virtualization/virtualbox/default.nix b/pkgs/applications/virtualization/virtualbox/default.nix index ef834897022d4e..64275448651cd1 100644 --- a/pkgs/applications/virtualization/virtualbox/default.nix +++ b/pkgs/applications/virtualization/virtualbox/default.nix @@ -81,7 +81,7 @@ in stdenv.mkDerivation { ''; patches = optional enableHardening ./hardened.patch - ++ [ ./libressl.patch ./qtx11extras.patch ]; + ++ [ ./qtx11extras.patch ]; postPatch = '' sed -i -e 's|/sbin/ifconfig|${nettools}/bin/ifconfig|' \ diff --git a/pkgs/applications/virtualization/virtualbox/libressl.patch b/pkgs/applications/virtualization/virtualbox/libressl.patch deleted file mode 100644 index db9b7e7a59d95c..00000000000000 --- a/pkgs/applications/virtualization/virtualbox/libressl.patch +++ /dev/null @@ -1,47 +0,0 @@ -diff --git a/src/VBox/Runtime/common/crypto/digest-builtin.cpp b/src/VBox/Runtime/common/crypto/digest-builtin.cpp -index 66b4304..1aaceff 100644 ---- a/src/VBox/Runtime/common/crypto/digest-builtin.cpp -+++ b/src/VBox/Runtime/common/crypto/digest-builtin.cpp -@@ -561,7 +561,7 @@ static PCRTCRDIGESTDESC const g_apDigestOps[] = - * OpenSSL EVP. - */ - --# if OPENSSL_VERSION_NUMBER >= 0x10100000 -+# if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER) - /** @impl_interface_method{RTCRDIGESTDESC::pfnNew} */ - static DECLCALLBACK(void*) rtCrDigestOsslEvp_New(void) - { -@@ -597,7 +597,7 @@ static DECLCALLBACK(int) rtCrDigestOsslEvp_Init(void *pvState, void *pvOpaque, b - if (fReInit) - { - pEvpType = EVP_MD_CTX_md(pThis); --# if OPENSSL_VERSION_NUMBER >= 0x10100000 -+# if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER) - EVP_MD_CTX_reset(pThis); - # else - EVP_MD_CTX_cleanup(pThis); -@@ -616,7 +616,7 @@ static DECLCALLBACK(int) rtCrDigestOsslEvp_Init(void *pvState, void *pvOpaque, b - static DECLCALLBACK(void) rtCrDigestOsslEvp_Delete(void *pvState) - { - EVP_MD_CTX *pThis = (EVP_MD_CTX *)pvState; --# if OPENSSL_VERSION_NUMBER >= 0x10100000 -+# if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER) - EVP_MD_CTX_reset(pThis); - # else - EVP_MD_CTX_cleanup(pThis); -@@ -661,13 +661,13 @@ static RTCRDIGESTDESC const g_rtCrDigestOpenSslDesc = - NULL, - RTDIGESTTYPE_UNKNOWN, - EVP_MAX_MD_SIZE, --# if OPENSSL_VERSION_NUMBER >= 0x10100000 -+# if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER) - 0, - # else - sizeof(EVP_MD_CTX), - # endif - 0, --# if OPENSSL_VERSION_NUMBER >= 0x10100000 -+# if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER) - rtCrDigestOsslEvp_New, - rtCrDigestOsslEvp_Free, - # else diff --git a/pkgs/applications/virtualization/virtualbox/upstream-info.json b/pkgs/applications/virtualization/virtualbox/upstream-info.json index 3a386004a3fd0b..d861a7e79324fc 100644 --- a/pkgs/applications/virtualization/virtualbox/upstream-info.json +++ b/pkgs/applications/virtualization/virtualbox/upstream-info.json @@ -1,8 +1,8 @@ { "__NOTE": "Generated using update.py from the same directory.", - "extpack": "607ac3636bd49a738d5c48159b39261369b5487f71fb10afa2ecf869627a12de", - "extpackRev": "110634", - "guest": "cbcf9b9b1000e09911b3d20e1efe529aef8a945cf130f6abffc14a39522cc1ed", - "main": "2e0112b0d85841587b8f212e6ba8f6c35b31e1cce6b6999497dc917cd37e6911", - "version": "5.1.6" + "extpack": "d28bcd01c14eb07eedd2b964d1abe4876f0a7e0e89530e7ba285a5d6267bf322", + "extpackRev": "111374", + "guest": "347fd39df6ddee8079ad41fbc038e2fb64952a40255d75292e8e49a0a0cbf657", + "main": "e447031de468aee746529b2cf60768922f9beff22a13c54284aa430f5e925933", + "version": "5.1.8" }