[vbox-dev] Virtualbox 2.1.4 OSE Update of 2009-02-26

Frank Mehnert Frank.Mehnert at Sun.COM
Tue Mar 3 02:10:16 PST 2009


On Monday 02 March 2009, Heinz Wiesinger wrote:
> Can anyone tell me the reason for updating the tarball for 2.1.4-OSE last
> week?
> I haven't found any information on this on neither mailing list nor website
> nor forum.

There was a security bug related to hardened builds which we fixed
last week. In short, the SUID stubs must not been compiled with
RPATH=$ORIGIN. This is not necessary and introduces a security
problem. The Sun security alert should be available today or tomorrow.

> This update is a more or less big issue as the new tarball does no longer
> compile! I bails out with:
> Config.kmk:1564:
> /usr/src/ljt_tmp/VirtualBox-2.1.4_OSE/out/linux.x86/release/GCCConfig.kmk:
> No such file or directory
> Config.kmk:2511: *** extraneous `endif'.  Stop.
> From reports I can tell, that the only way to probably get it to compile is
> by disable hardening.

The fix is easy (as Alessio already mentioned): Just remove this superflous
endif. I will update the OSE archive once more.

> Please fix this as soon as possible. Further some wishes for the future: If
> such a thing is ever necessary again, be sure to announce it somewhere, at
> least on vbox-dev. Additionally, renaming the tarball would help a lot
> (2.1.4-2 instead of just replacing 2.1.4).

Right, we will do this next time.

Kind regards,

Dr.-Ing. Frank Mehnert    Sun Microsystems    http://www.sun.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://www.virtualbox.org/pipermail/vbox-dev/attachments/20090303/6c86e7f3/attachment-0001.bin 

More information about the vbox-dev mailing list