From 69e8bac9cd1b605440a28e4cb56a4acf6e2c0103 Mon Sep 17 00:00:00 2001
From: Graham Christensen <graham@grahamc.com>
Date: Wed, 26 Oct 2016 07:48:21 -0400
Subject: [PATCH] virtualbox: 5.1.6 -> 5.1.8 for many CVEs:

From LWN:
From the NVD entries:

CVE-2016-5501: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect confidentiality,
integrity, and availability via vectors related to Core, a different
vulnerability than CVE-2016-5538.

CVE-2016-5538: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect confidentiality,
integrity, and availability via vectors related to Core, a different
vulnerability than CVE-2016-5501.

CVE-2016-5605: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.1.4 in Oracle Virtualization allows remote
attackers to affect confidentiality and integrity via vectors related
to VRDE.

CVE-2016-5608: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect availability via vectors
related to Core, a different vulnerability than CVE-2016-5613.

CVE-2016-5610: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect confidentiality,
integrity, and availability via vectors related to Core.

CVE-2016-5611: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect confidentiality via
vectors related to Core.

CVE-2016-5613: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect availability via vectors
related to Core, a different vulnerability than CVE-2016-5608.
---
 .../virtualization/virtualbox/default.nix     |  2 +-
 .../virtualization/virtualbox/libressl.patch  | 47 -------------------
 .../virtualbox/upstream-info.json             | 10 ++--
 3 files changed, 6 insertions(+), 53 deletions(-)
 delete mode 100644 pkgs/applications/virtualization/virtualbox/libressl.patch

diff --git a/pkgs/applications/virtualization/virtualbox/default.nix b/pkgs/applications/virtualization/virtualbox/default.nix
index ef834897022d..64275448651c 100644
--- a/pkgs/applications/virtualization/virtualbox/default.nix
+++ b/pkgs/applications/virtualization/virtualbox/default.nix
@@ -81,7 +81,7 @@ in stdenv.mkDerivation {
   '';
 
   patches = optional enableHardening ./hardened.patch
-    ++ [ ./libressl.patch ./qtx11extras.patch ];
+    ++ [ ./qtx11extras.patch ];
 
   postPatch = ''
     sed -i -e 's|/sbin/ifconfig|${nettools}/bin/ifconfig|' \
diff --git a/pkgs/applications/virtualization/virtualbox/libressl.patch b/pkgs/applications/virtualization/virtualbox/libressl.patch
deleted file mode 100644
index db9b7e7a59d9..000000000000
--- a/pkgs/applications/virtualization/virtualbox/libressl.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-diff --git a/src/VBox/Runtime/common/crypto/digest-builtin.cpp b/src/VBox/Runtime/common/crypto/digest-builtin.cpp
-index 66b4304..1aaceff 100644
---- a/src/VBox/Runtime/common/crypto/digest-builtin.cpp
-+++ b/src/VBox/Runtime/common/crypto/digest-builtin.cpp
-@@ -561,7 +561,7 @@ static PCRTCRDIGESTDESC const g_apDigestOps[] =
-  * OpenSSL EVP.
-  */
- 
--# if OPENSSL_VERSION_NUMBER >= 0x10100000
-+# if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
- /** @impl_interface_method{RTCRDIGESTDESC::pfnNew} */
- static DECLCALLBACK(void*) rtCrDigestOsslEvp_New(void)
- {
-@@ -597,7 +597,7 @@ static DECLCALLBACK(int) rtCrDigestOsslEvp_Init(void *pvState, void *pvOpaque, b
-     if (fReInit)
-     {
-         pEvpType = EVP_MD_CTX_md(pThis);
--# if OPENSSL_VERSION_NUMBER >= 0x10100000
-+# if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
-         EVP_MD_CTX_reset(pThis);
- # else
-         EVP_MD_CTX_cleanup(pThis);
-@@ -616,7 +616,7 @@ static DECLCALLBACK(int) rtCrDigestOsslEvp_Init(void *pvState, void *pvOpaque, b
- static DECLCALLBACK(void) rtCrDigestOsslEvp_Delete(void *pvState)
- {
-     EVP_MD_CTX *pThis = (EVP_MD_CTX *)pvState;
--# if OPENSSL_VERSION_NUMBER >= 0x10100000
-+# if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
-     EVP_MD_CTX_reset(pThis);
- # else
-     EVP_MD_CTX_cleanup(pThis);
-@@ -661,13 +661,13 @@ static RTCRDIGESTDESC const g_rtCrDigestOpenSslDesc =
-     NULL,
-     RTDIGESTTYPE_UNKNOWN,
-     EVP_MAX_MD_SIZE,
--# if OPENSSL_VERSION_NUMBER >= 0x10100000
-+# if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
-     0,
- # else
-     sizeof(EVP_MD_CTX),
- # endif
-     0,
--# if OPENSSL_VERSION_NUMBER >= 0x10100000
-+# if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
-     rtCrDigestOsslEvp_New,
-     rtCrDigestOsslEvp_Free,
- # else
diff --git a/pkgs/applications/virtualization/virtualbox/upstream-info.json b/pkgs/applications/virtualization/virtualbox/upstream-info.json
index 3a386004a3fd..d861a7e79324 100644
--- a/pkgs/applications/virtualization/virtualbox/upstream-info.json
+++ b/pkgs/applications/virtualization/virtualbox/upstream-info.json
@@ -1,8 +1,8 @@
 {
   "__NOTE": "Generated using update.py from the same directory.",
-  "extpack": "607ac3636bd49a738d5c48159b39261369b5487f71fb10afa2ecf869627a12de",
-  "extpackRev": "110634",
-  "guest": "cbcf9b9b1000e09911b3d20e1efe529aef8a945cf130f6abffc14a39522cc1ed",
-  "main": "2e0112b0d85841587b8f212e6ba8f6c35b31e1cce6b6999497dc917cd37e6911",
-  "version": "5.1.6"
+  "extpack": "d28bcd01c14eb07eedd2b964d1abe4876f0a7e0e89530e7ba285a5d6267bf322",
+  "extpackRev": "111374",
+  "guest": "347fd39df6ddee8079ad41fbc038e2fb64952a40255d75292e8e49a0a0cbf657",
+  "main": "e447031de468aee746529b2cf60768922f9beff22a13c54284aa430f5e925933",
+  "version": "5.1.8"
 }