[vbox-dev] Virtualbox 2.1.4 OSE Update of 2009-02-26
Heinz Wiesinger
HMWiesinger at liwjatan.at
Thu Mar 5 22:52:55 GMT 2009
On Tuesday 03 March 2009 11:10:16 Frank Mehnert wrote:
> Hi,
>
> On Monday 02 March 2009, Heinz Wiesinger wrote:
> > Can anyone tell me the reason for updating the tarball for 2.1.4-OSE last
> > week?
> > I haven't found any information on this on neither mailing list nor
> > website nor forum.
>
> There was a security bug related to hardened builds which we fixed
> last week. In short, the SUID stubs must not been compiled with
> RPATH=$ORIGIN. This is not necessary and introduces a security
> problem. The Sun security alert should be available today or tomorrow.
Thanks for that explanation. I will keep an eye open for the alert.
(it has still not appeared on Sun's security page)
> > This update is a more or less big issue as the new tarball does no longer
> > compile! I bails out with:
> >
> > Config.kmk:1564:
> > /usr/src/ljt_tmp/VirtualBox-2.1.4_OSE/out/linux.x86/release/GCCConfig.kmk
> >: No such file or directory
> > Config.kmk:2511: *** extraneous `endif'. Stop.
> >
> > From reports I can tell, that the only way to probably get it to compile
> > is by disable hardening.
>
> The fix is easy (as Alessio already mentioned): Just remove this superflous
> endif. I will update the OSE archive once more.
I figured as much already, but wanted to report this anyway. I saw the tarball
is already updated. Thank you very much for that one.
> > Please fix this as soon as possible. Further some wishes for the future:
> > If such a thing is ever necessary again, be sure to announce it
> > somewhere, at least on vbox-dev. Additionally, renaming the tarball would
> > help a lot (2.1.4-2 instead of just replacing 2.1.4).
>
> Right, we will do this next time.
Great :)
Grs,
Heinz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://www.virtualbox.org/pipermail/vbox-dev/attachments/20090305/42d5ca60/attachment.sig>
More information about the vbox-dev
mailing list