virtualbox: 5.1.6 -> 5.1.8 for many CVEs:

From LWN: From the NVD entries: CVE-2016-5501: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5538. CVE-2016-5538: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5501. CVE-2016-5605: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.1.4 in Oracle Virtualization allows remote attackers to affect confidentiality and integrity via vectors related to VRDE. CVE-2016-5608: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5613. CVE-2016-5610: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core. CVE-2016-5611: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core. CVE-2016-5613: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5608.
2016-10-26 07:48:21 -04:00 · 2016-10-26 07:48:21 -04:00 · 69e8bac9cd
parent 9970b28680
commit 69e8bac9cd
3 changed files with 6 additions and 53 deletions
--- a/pkgs/applications/virtualization/virtualbox/default.nix
+++ b/pkgs/applications/virtualization/virtualbox/default.nix
@ -81,7 +81,7 @@ in stdenv.mkDerivation {
  '';

  patches = optional enableHardening ./hardened.patch
-    ++ [ ./libressl.patch ./qtx11extras.patch ];
+    ++ [ ./qtx11extras.patch ];

  postPatch = ''
    sed -i -e 's|/sbin/ifconfig|${nettools}/bin/ifconfig|' \
--- a/pkgs/applications/virtualization/virtualbox/libressl.patch
+++ b/pkgs/applications/virtualization/virtualbox/libressl.patch
@ -1,47 +0,0 @@
-diff --git a/src/VBox/Runtime/common/crypto/digest-builtin.cpp b/src/VBox/Runtime/common/crypto/digest-builtin.cpp
-index 66b4304..1aaceff 100644
--- a/src/VBox/Runtime/common/crypto/digest-builtin.cpp
-+++ b/src/VBox/Runtime/common/crypto/digest-builtin.cpp
-@@ -561,7 +561,7 @@ static PCRTCRDIGESTDESC const g_apDigestOps[] =
-  * OpenSSL EVP.
-  */
- 
-# if OPENSSL_VERSION_NUMBER >= 0x10100000
-+# if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
- /** @impl_interface_method{RTCRDIGESTDESC::pfnNew} */
- static DECLCALLBACK(void*) rtCrDigestOsslEvp_New(void)
- {
-@@ -597,7 +597,7 @@ static DECLCALLBACK(int) rtCrDigestOsslEvp_Init(void *pvState, void *pvOpaque, b
-     if (fReInit)
-     {
-         pEvpType = EVP_MD_CTX_md(pThis);
-# if OPENSSL_VERSION_NUMBER >= 0x10100000
-+# if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
-         EVP_MD_CTX_reset(pThis);
- # else
-         EVP_MD_CTX_cleanup(pThis);
-@@ -616,7 +616,7 @@ static DECLCALLBACK(int) rtCrDigestOsslEvp_Init(void *pvState, void *pvOpaque, b
- static DECLCALLBACK(void) rtCrDigestOsslEvp_Delete(void *pvState)
- {
-     EVP_MD_CTX *pThis = (EVP_MD_CTX *)pvState;
-# if OPENSSL_VERSION_NUMBER >= 0x10100000
-+# if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
-     EVP_MD_CTX_reset(pThis);
- # else
-     EVP_MD_CTX_cleanup(pThis);
-@@ -661,13 +661,13 @@ static RTCRDIGESTDESC const g_rtCrDigestOpenSslDesc =
-     NULL,
-     RTDIGESTTYPE_UNKNOWN,
-     EVP_MAX_MD_SIZE,
-# if OPENSSL_VERSION_NUMBER >= 0x10100000
-+# if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
-     0,
- # else
-     sizeof(EVP_MD_CTX),
- # endif
-     0,
-# if OPENSSL_VERSION_NUMBER >= 0x10100000
-+# if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
-     rtCrDigestOsslEvp_New,
-     rtCrDigestOsslEvp_Free,
- # else
--- a/pkgs/applications/virtualization/virtualbox/upstream-info.json
+++ b/pkgs/applications/virtualization/virtualbox/upstream-info.json
@ -1,8 +1,8 @@
 {
  "__NOTE": "Generated using update.py from the same directory.",
-  "extpack": "607ac3636bd49a738d5c48159b39261369b5487f71fb10afa2ecf869627a12de",
-  "extpackRev": "110634",
-  "guest": "cbcf9b9b1000e09911b3d20e1efe529aef8a945cf130f6abffc14a39522cc1ed",
-  "main": "2e0112b0d85841587b8f212e6ba8f6c35b31e1cce6b6999497dc917cd37e6911",
-  "version": "5.1.6"
+  "extpack": "d28bcd01c14eb07eedd2b964d1abe4876f0a7e0e89530e7ba285a5d6267bf322",
+  "extpackRev": "111374",
+  "guest": "347fd39df6ddee8079ad41fbc038e2fb64952a40255d75292e8e49a0a0cbf657",
+  "main": "e447031de468aee746529b2cf60768922f9beff22a13c54284aa430f5e925933",
+  "version": "5.1.8"
 }