[vbox-dev] Virtualbox 2.1.4 OSE Update of 2009-02-26
Frank.Mehnert at Sun.COM
Tue Mar 3 02:10:16 PST 2009
On Monday 02 March 2009, Heinz Wiesinger wrote:
> Can anyone tell me the reason for updating the tarball for 2.1.4-OSE last
> I haven't found any information on this on neither mailing list nor website
> nor forum.
There was a security bug related to hardened builds which we fixed
last week. In short, the SUID stubs must not been compiled with
RPATH=$ORIGIN. This is not necessary and introduces a security
problem. The Sun security alert should be available today or tomorrow.
> This update is a more or less big issue as the new tarball does no longer
> compile! I bails out with:
> No such file or directory
> Config.kmk:2511: *** extraneous `endif'. Stop.
> From reports I can tell, that the only way to probably get it to compile is
> by disable hardening.
The fix is easy (as Alessio already mentioned): Just remove this superflous
endif. I will update the OSE archive once more.
> Please fix this as soon as possible. Further some wishes for the future: If
> such a thing is ever necessary again, be sure to announce it somewhere, at
> least on vbox-dev. Additionally, renaming the tarball would help a lot
> (2.1.4-2 instead of just replacing 2.1.4).
Right, we will do this next time.
Dr.-Ing. Frank Mehnert Sun Microsystems http://www.sun.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://www.virtualbox.org/pipermail/vbox-dev/attachments/20090303/6c86e7f3/attachment-0001.bin
More information about the vbox-dev