Commit graph

221 commits

Author SHA1 Message Date
aszlig
63fb845fcf
virtualbox: Rebase hardened.patch on top of 5.1.22
The merge of the version bump in
6fb9f89238 didn't take care of our patch
for the hardening mode and thus enabling VirtualBox without also
force-disabling hardening mode will result in a build error.

While the patch is largely identical with the old version, I've removed
one particular change around the following code:

    if (pFsObjState->Stat.st_mode & S_IWOTH)
        return supR3HardenedSetError3(VERR_SUPLIB_WORLD_WRITABLE, pErrInfo,
                                      "World writable: '", pszPath, "'");

In the old version of the patch we have checked whether the path is
within the Nix store and suppressed the error return if that's the case.

The reason why I did that in the first place was because we had a bunch
of symlinks which were writable.

In VirtualBox 5.1.22 the code specifically checks whether the file is a
symlink, so we can safely drop our change.

Tested via all of the "virtualbox" NixOS VM subtests and they now all
succeed.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-06-23 05:48:54 +02:00
Tim Steinbach
6fb9f89238 Merge pull request #25368 from bachp/virtualbox-5.1.22
virtualbox: 5.1.18 -> 5.1.22
2017-06-22 21:23:47 -04:00
Thomas Tuegel
c816bbc8a8
qt5: remove makeQtWrapper 2017-06-18 08:44:42 -05:00
Vladimír Čunát
cc9a72a286
virtualboxGuestAdditions: don't install setuid/setgid 2017-06-09 13:09:21 +02:00
Pascal Bach
c4a48600bf virtualbox: 5.1.18 -> 5.1.22 2017-04-30 22:55:23 +02:00
Kosyrev Serge
0c3138e602 virtualbox: a more maintenance-free way of patching refs to dlopen()-affected dependencies 2017-03-28 01:32:11 +03:00
Nikolay Amiantov
52451067c7 virtualbox: wrap with Qt dependencies
Fixes GTK file open dialogs. Also make sure that linked applications really
exist, and update their list.
2017-03-28 00:29:40 +03:00
Robin Gloster
07252dc83b
virtualbox: 5.1.14 -> 5.1.18 2017-03-20 16:05:20 +01:00
Alexey Shmalko
0d31a76813
virtualbox: fix build
The issue was caused by upgrading `qt` from `qt56` to `qt57`, which
now requires C++11.

For more info, see https://github.com/NixOS/nixpkgs/issues/23257.
2017-02-28 05:35:52 +02:00
Parnell Springmeyer
9e36a58649
Merging against upstream master 2017-02-13 17:16:28 -06:00
Vladimír Čunát
31eba21d1d
virtualbox: force xorg-server-1.18 for now
This is getting a little hacky, but hopefully it won't break anything.
2017-02-12 21:07:49 +01:00
Pascal Bach
5ca3a7e56f virtualbox: remove upstream-info.json as it is no longer used
We keep the script as it might be useful in the future.
2017-02-02 21:11:08 +01:00
Pascal Bach
599df5e108 virtualbox: 5.1.10 -> 5.1.14 2017-02-02 21:10:01 +01:00
Eelco Dolstra
c20cc6d0b3
Excise use of importJSON
Putting information in external JSON files is IMHO not an improvement
over the idiomatic style of Nix expressions. The use of JSON doesn't
add anything over Nix expressions (in fact it removes expressive
power). And scattering package info over lots of little files makes
packages less readable over having the info in one file.
2017-01-30 11:44:08 +01:00
Parnell Springmeyer
4aa0923009
Getting rid of the var indirection and using a bin path instead 2017-01-29 04:11:01 -06:00
Parnell Springmeyer
e92b8402b0
Addressing PR feedback 2017-01-28 20:48:03 -08:00
Parnell Springmeyer
bae00e8aa8
setcap-wrapper: Merging with upstream master and resolving conflicts 2017-01-25 11:08:05 -08:00
Peter Hoeg
bea3209d5f virtualbox: 5.1.8 -> 5.1.10 2016-12-15 16:20:33 +08:00
Frederik Rietdijk
84e9328028 virtualbox: python is always needed
even when not building bindings.
2016-11-14 19:09:25 +01:00
Frederik Rietdijk
95c54db397 virtualbox: use python2
and remove python buildInput. Python should only be added when
`pythonBindings` is true.
2016-11-08 22:48:54 +01:00
Graham Christensen
69e8bac9cd
virtualbox: 5.1.6 -> 5.1.8 for many CVEs:
From LWN:
From the NVD entries:

CVE-2016-5501: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect confidentiality,
integrity, and availability via vectors related to Core, a different
vulnerability than CVE-2016-5538.

CVE-2016-5538: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect confidentiality,
integrity, and availability via vectors related to Core, a different
vulnerability than CVE-2016-5501.

CVE-2016-5605: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.1.4 in Oracle Virtualization allows remote
attackers to affect confidentiality and integrity via vectors related
to VRDE.

CVE-2016-5608: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect availability via vectors
related to Core, a different vulnerability than CVE-2016-5613.

CVE-2016-5610: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect confidentiality,
integrity, and availability via vectors related to Core.

CVE-2016-5611: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect confidentiality via
vectors related to Core.

CVE-2016-5613: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect availability via vectors
related to Core, a different vulnerability than CVE-2016-5608.
2016-10-26 22:18:00 -04:00
Robin Gloster
2d0c1c6a7c
linuxPackages.virtualboxGuestAdditions: fix with grsecurity 2016-09-26 14:52:49 +02:00
Domen Kožar
5d1db88a7c virtualboxGuestAdditions: mark as broken on grsecurity
(cherry picked from commit 4821fa2d1971a54847d28dfb3e9039c5e5ae4ded)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-21 12:04:19 +02:00
Eelco Dolstra
ddd41a509a virtualbox: Drop dontPatchELF hack
However, this also requires ad8f31df7f
to get rid of gcc_multi.out in the closure.
2016-09-20 18:02:19 +02:00
aszlig
e19aa3819e
virtualbox: 5.1.4 -> 5.1.6
Upstream changelog without bug numbers:

  * GUI: fixed issue with opening '.vbox' files and it's aliases
  * GUI: keyboard grabbing fixes
  * GUI: fix for passing through Ctrl + mouse-click
  * GUI: fixed automatic deletion of extension pack files
  * USB: fixed showing unknown device instead of the manufacturer or
         product description under certain circumstances
  * XHCI: another fix for a hanging guest under certain conditions, this
          time for Windows 7 guests
  * Serial: fixed high CPU usage with certain USB to serial converters
            on Linux hosts
  * Storage: fixed attaching stream optimized VMDK images
  * Storage: reject image variants which are unsupported by the backend
  * Storage: fixed loading saved states created with VirtualBox 5.0.10
             and older when using a SCSI controller
  * Storage: fixed broken NVMe emulation if the host I/O cache setting
             is enabled
  * Storage: fixed using multiple NVMe controllers if ICH9 is used
  * NVMe: fixed a crash during reset which could happen under certain
          circumstances
  * Audio: fixed microphone input (5.1.2 regression)
  * Audio: fixed crashes under certain conditions (5.1.0 regression)
  * Audio: fixed recording with the ALSA backend (5.1 regression)
  * Audio: fixed stream access mode with OSS backend (5.1 regression,
           thanks to Jung-uk Kim)
  * E1000: do also return masked bits when reading the ICR register,
           this fixes booting from iPXE (5.1.2 regression)
  * BIOS: fixed 4bpp scanline calculation
  * API: relax the check for the version attribute in OVF/OVA appliances
  * Windows hosts: fixed crashes when terminating the VM selector or
                   other VBox COM clients
  * Linux Installer: fixed path to the documentation in .rpm packages
                     (5.1.0 regression)
  * Linux Installer: fixed the vboxdrv.sh script to prevent an SELinux
                     complaint
  * Linux hosts: don't use 32-bit legacy capabilities
  * Linux Additions: Linux 4.8 fix for the kernel display driver
  * Linux Additions: don't load the kernel modules provided by the Linux
                     distribution but load the kernel modules from the
                     official Guest Additions package instead
  * Linux Additions: fix dynamic resizing problems in recent Linux
                     guests
  * User Manual: fixed error in the VBoxManage chapter for the
                 getextradata enumerate example

The full upstream changelog with bug numbers can be found at:

https://www.virtualbox.org/wiki/Changelog-5.1#v6

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 14:07:56 +02:00
aszlig
d2af4c6722
virtualbox: Explicitly state Qt 5 dependencies
In 2942815968, the dependencies for Qt 5
were passed using buildEnv with all the development binaries, headers
and libs. Unfortunately, the build output references that environment
which also increases the size of the runtime closure.

The upstream makefile assumes a common Qt 5 library path, but that's not
the case within Nix, because we have separate paths for the Qt 5
modules.

We now patch the makefile to recognize PATH_QT5_X11_EXTRAS_{LIB,INC} so
that we can pass in the relevant paths from Qt5X11Extras.

In summary, the closure size goes down to 525559600 bytes (501 MB)
instead of 863035544 bytes (823 MB) with vbox-qt5-env.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 06:12:42 +02:00
aszlig
8bd89c922d
virtualbox: Split kernel modules into own package
Putting the kernel modules into the same output path as the main
VirtualBox derivation causes all of VirtualBox to be rebuilt on every
single kernel update.

The build process of VirtualBox already outputs the kernel module source
along with the generated files for the configuration of the main
VirtualBox package. We put this into a different output called "modsrc"
which we re-use from linuxPackages.virtualbox, which is now only
containing the resulting kernel modules without the main user space
implementation.

This not only has the advantage of decluttering the Nix expression for
the user space portions but also gets rid of the need to nuke references
and the need to patch out "depmod -a".

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 06:12:38 +02:00
aszlig
6d69293f26
virtualbox: Generate and use upstream-info.json
We now no longer need to update VirtualBox manually, which has a few
advantages. Along with making it just easier to update this also makes
the update procedure way less error-prone, for example if people forget
to bump the extension pack revision or to update the guest additions.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 06:12:34 +02:00
aszlig
f5ab9c81a8
virtualbox: Add an update script
Just a small updater which should fetch the latest sha256sums from the
upstream site and check whether the current version is the latest one.

The output is in a JSON file in the same directory, which then will be
used by the Nix expressions to fetch the upstream files.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 03:24:47 +02:00
Christian Albrecht
2942815968 virtualbox: 5.0.26 -> 5.1.4 2016-09-12 17:22:31 +02:00
Parnell Springmeyer
98c058a1ee Adapting everything for the merged permissions wrappers work. 2016-09-01 19:21:06 -05:00
Данило Глинський (Danylo Hlynskyi)
78cd9f8ebc virtualbox: add headless build (without Qt dependency) (#18026) 2016-09-01 20:54:58 +02:00
Tuomas Tynkkynen
feed8beb47 virtualbox: Fix glibc dev reference 2016-08-31 12:32:34 +03:00
obadz
c7142c1aa3 Merge branch 'master' into staging 2016-08-28 13:33:13 +01:00
David Guibert
21f2f30740 virtualbox: 5.0.20 -> 5.0.26 2016-08-28 13:45:49 +02:00
obadz
0e8d2725dc Merge branch 'master' into staging 2016-08-23 18:50:06 +01:00
Tuomas Tynkkynen
51ad423716 treewide: Use makeLibraryPath in 'patchelf --set-rpath' calls 2016-08-23 00:04:39 +03:00
Robin Gloster
5185bc1773 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-15 14:41:01 +00:00
Vladimír Čunát
a02e5ad926 virtualbox: fix build with gcc-5.4 by Debian patch 2016-06-19 10:40:07 +02:00
Robin Gloster
8031cba2ab Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-06-10 09:27:04 +00:00
zimbatm
a6593a16f7 virtualbox: give full url for downloading the ext (#15869)
The user only has to agree on the terms and conditions before
downloading the file. We might as well give him access to the full URL
by default.
2016-06-01 10:01:04 +01:00
Robin Gloster
2d382f3d98 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-05-30 19:39:34 +00:00
Tuomas Tynkkynen
f81af4e6f0 treewide: Make explicit that 'dev' output of glib is used 2016-05-19 10:00:35 +02:00
Franz Pletz
f8d481754c
Merge remote-tracking branch 'origin/master' into hardened-stdenv 2016-05-18 17:10:02 +02:00
Michael Raskin
fde921578a virtualboxGuestAdditions: update hash for virtualbox 5.0.20 2016-05-17 08:44:32 +02:00
Michael Raskin
4f5e4ad69c virtualbox: 5.0.14 -> 5.0.20 2016-05-16 22:42:27 +02:00
Robin Gloster
c92bca56f8 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-05-02 22:58:02 +00:00
Sheena Artrip
50d6c3ba38
virtualbox: obey NIX_BUILD_CORES for make invocation 2016-04-22 02:41:23 -04:00
Robin Gloster
d020caa5b2 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-04-18 13:49:22 +00:00
obadz
bf5e339d24 virtualbox: dontPatchELF = true
Workaround patchelf#93 and help move forward on #14595
2016-04-14 17:05:31 +01:00