virtualbox: 7.1.6a -> 7.1.8

[FriedrichAltheide]

• Bump virtualbox and virtualboxGuestAdditions

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[LeSuisse]

Fixes CVE-2025-30712, CVE-2025-30725 and CVE-2025-30719.

https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixOVIR

[FriedrichAltheide]

@muellerbernd could you (or someone else) please run nixpkgs-review and post the output. Thank you.

[muellerbernd]

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 400278

---

x86_64-linux

⏩ 4 packages marked as broken and skipped:

• linuxKernel.packages.linux_5_4_hardened.virtualbox
• linuxKernel.packages.linux_5_4_hardened.virtualboxGuestAdditions
• linuxPackages_5_4_hardened.virtualbox
• linuxPackages_5_4_hardened.virtualboxGuestAdditions

❌ 5 packages failed to build:

• linuxKernel.packages.linux_5_10.virtualbox
• linuxKernel.packages.linux_5_10.virtualboxGuestAdditions
• linuxPackages_latest-libre.virtualbox (linuxKernel.packages.linux_latest_libre.virtualbox)
• linuxPackages_latest-libre.virtualboxGuestAdditions (linuxKernel.packages.linux_latest_libre.virtualboxGuestAdditions)
• virtualboxKvm

✅ 47 packages built:

• linuxPackages_5_10_hardened.virtualbox (linuxKernel.packages.linux_5_10_hardened.virtualbox)
• linuxPackages_5_10_hardened.virtualboxGuestAdditions (linuxKernel.packages.linux_5_10_hardened.virtualboxGuestAdditions)
• linuxKernel.packages.linux_5_15.virtualbox
• linuxKernel.packages.linux_5_15.virtualboxGuestAdditions
• linuxPackages_5_15_hardened.virtualbox (linuxKernel.packages.linux_5_15_hardened.virtualbox)
• linuxPackages_5_15_hardened.virtualboxGuestAdditions (linuxKernel.packages.linux_5_15_hardened.virtualboxGuestAdditions)
• linuxKernel.packages.linux_5_4.virtualbox
• linuxKernel.packages.linux_5_4.virtualboxGuestAdditions
• linuxKernel.packages.linux_6_1.virtualbox
• linuxKernel.packages.linux_6_1.virtualboxGuestAdditions
• linuxPackages.virtualbox (linuxKernel.packages.linux_6_12.virtualbox)
• linuxPackages.virtualboxGuestAdditions (linuxKernel.packages.linux_6_12.virtualboxGuestAdditions)
• linuxPackages_hardened.virtualbox (linuxPackages_6_12_hardened.virtualbox)
• linuxPackages_hardened.virtualboxGuestAdditions (linuxPackages_6_12_hardened.virtualboxGuestAdditions)
• linuxKernel.packages.linux_6_13.virtualbox
• linuxKernel.packages.linux_6_13.virtualboxGuestAdditions
• linuxPackages_6_13_hardened.virtualbox (linuxKernel.packages.linux_6_13_hardened.virtualbox)
• linuxPackages_6_13_hardened.virtualboxGuestAdditions (linuxKernel.packages.linux_6_13_hardened.virtualboxGuestAdditions)
• linuxPackages_latest.virtualbox (linuxKernel.packages.linux_6_14.virtualbox)
• linuxPackages_latest.virtualboxGuestAdditions (linuxKernel.packages.linux_6_14.virtualboxGuestAdditions)
• linuxPackages_6_1_hardened.virtualbox (linuxKernel.packages.linux_6_1_hardened.virtualbox)
• linuxPackages_6_1_hardened.virtualboxGuestAdditions (linuxKernel.packages.linux_6_1_hardened.virtualboxGuestAdditions)
• linuxKernel.packages.linux_6_6.virtualbox
• linuxKernel.packages.linux_6_6.virtualboxGuestAdditions
• linuxPackages_6_6_hardened.virtualbox (linuxKernel.packages.linux_6_6_hardened.virtualbox)
• linuxPackages_6_6_hardened.virtualboxGuestAdditions (linuxKernel.packages.linux_6_6_hardened.virtualboxGuestAdditions)
• linuxPackages_ham.virtualbox (linuxKernel.packages.linux_ham.virtualbox)
• linuxPackages_ham.virtualboxGuestAdditions (linuxKernel.packages.linux_ham.virtualboxGuestAdditions)
• linuxPackages-libre.virtualbox (linuxKernel.packages.linux_libre.virtualbox)
• linuxPackages-libre.virtualboxGuestAdditions (linuxKernel.packages.linux_libre.virtualboxGuestAdditions)
• linuxPackages_lqx.virtualbox (linuxKernel.packages.linux_lqx.virtualbox)
• linuxPackages_lqx.virtualboxGuestAdditions (linuxKernel.packages.linux_lqx.virtualboxGuestAdditions)
• linuxPackages_xanmod.virtualbox (linuxKernel.packages.linux_xanmod.virtualbox)
• linuxPackages_xanmod.virtualboxGuestAdditions (linuxKernel.packages.linux_xanmod.virtualboxGuestAdditions)
• linuxPackages_xanmod_latest.virtualbox (linuxKernel.packages.linux_xanmod_latest.virtualbox ,linuxPackages_xanmod_stable.virtualbox)
• linuxPackages_xanmod_latest.virtualboxGuestAdditions (linuxKernel.packages.linux_xanmod_latest.virtualboxGuestAdditions ,linuxPackages_xanmod_stable.virtualboxGuestAdditions)
• linuxPackages_zen.virtualbox (linuxKernel.packages.linux_zen.virtualbox)
• linuxPackages_zen.virtualboxGuestAdditions (linuxKernel.packages.linux_zen.virtualboxGuestAdditions)
• virtualbox
• virtualbox.modsrc
• virtualboxExtpack
• virtualboxHardened
• virtualboxHardened.modsrc
• virtualboxHeadless
• virtualboxHeadless.modsrc
• virtualboxWithExtpack
• virtualboxWithExtpack.modsrc

[LeSuisse]

KVM patch for 7.1.6 still applies with 7.1.8, we might want to adjust the build to avoid breaking virtualbox-kvm

diff --git a/pkgs/applications/virtualization/virtualbox/default.nix b/pkgs/applications/virtualization/virtualbox/default.nix
index 524b873be198..6a4bddaaab2b 100644
--- a/pkgs/applications/virtualization/virtualbox/default.nix
+++ b/pkgs/applications/virtualization/virtualbox/default.nix
@@ -249,8 +249,8 @@ stdenv.mkDerivation (finalAttrs: {
     ++ optional enableKvm (
       let
         patchVboxVersion =
-          # There is no updated patch for 7.0.22 yet, but the older one still applies.
-          if finalAttrs.virtualboxVersion == "7.0.22" then "7.0.20" else finalAttrs.virtualboxVersion;
+          # There is no updated patch for 7.1.8 yet, but the older one still applies.
+          if finalAttrs.virtualboxVersion == "7.1.8" then "7.1.6" else finalAttrs.virtualboxVersion;
       in
       fetchpatch {
         name = "virtualbox-${finalAttrs.virtualboxVersion}-kvm-dev-${finalAttrs.kvmPatchVersion}.patch";

[FriedrichAltheide]

I would prefer your proposed change as a separate PR

[snue]

I would prefer to have it in the same PR, as otherwise this breaks the virtualbox-kvm build needlessly. In general, we may consider moving virtualbox-kvm to a separate package, so the versions can be bumped independently when the KVM patch does not apply.

[LeSuisse]

Pushed the change to re-use the 7.1.6 patch for virtualboxKvm so we do not break it.

[Yarny0]

Review per https://github.com/NixOS/nixpkgs/tree/f771eb401a46846c1aebd20552521b233dd7e18b/pkgs#package-updates

Reviewed points

• package name fits guidelines
• package version fits guidelines
• package builds on x86-64
• executables tested on ARCHITECTURE
• all depending packages build
• patches have a comment describing either the upstream URL or a reason why the patch wasn't upstreamed
• patches that are remotely available are fetched rather than vendored

Comments

After cherry-picking the commit onto the current nixos-unstable, I prepared a network boot image with NixOS (with the new vbox guest additions, and X11/Plasma5) and booted the image inside the new virtualbox host version on a NixOS. Works all nice for me!

[FriedrichAltheide]

This PR should be merged together with #352640

[nixpkgs-ci]

Successfully created backport PR for release-24.11:

• [Backport release-24.11] virtualbox: 7.1.6a -> 7.1.8 #403432