summaryrefslogtreecommitdiff
path: root/app-emulation/virtualbox
diff options
context:
space:
mode:
Diffstat (limited to 'app-emulation/virtualbox')
-rw-r--r--app-emulation/virtualbox/Manifest4
-rw-r--r--app-emulation/virtualbox/files/virtualbox-5.1.22-opengl_dlopen_fix.patch167
-rw-r--r--app-emulation/virtualbox/virtualbox-5.1.22-r1.ebuild (renamed from app-emulation/virtualbox/virtualbox-5.1.14.ebuild)22
3 files changed, 185 insertions, 8 deletions
diff --git a/app-emulation/virtualbox/Manifest b/app-emulation/virtualbox/Manifest
index 237da10d..842a00c8 100644
--- a/app-emulation/virtualbox/Manifest
+++ b/app-emulation/virtualbox/Manifest
@@ -1,2 +1,2 @@
-DIST VirtualBox-5.1.14.tar.bz2 115042132 SHA256 8267bb026717c6e55237eb798210767d9c703cfcdf01224d9bc26f7dac9f228a SHA512 ab0646c587fa1b573a9332ca0f1959660adc02f2ecf63ac808f4a7e3ceb9b2c58adab8e309aec4630ff7fa447f47d7487e7e8d0a1f718a42d39ce71e96067fae WHIRLPOOL 915b3ac0d50def86e92b662c7fe32e1390c9dab73efb9fc9595465c45818b86b4380be93a7075d17e33f9b70d92dbbbf6063ce0dad6448c9a592648a10f2409b
-DIST virtualbox-5.1.6-patches-01.tar.xz 4268 SHA256 5bfae08bc53fee06aea501e77b7998348adba43792149248d217ab03dea8c04f SHA512 2401df42ac8c2fd1f4bbc795713b185d5e65c2a36c763fa1d7274686599808aecdc28aaa6443c9efc9842f7b3eeb928818c95d1e7ad3b86239c2ace441a5e116 WHIRLPOOL 25505eaff2eeb820a09a2c8807c2d5cec48cbfe98fcd30b04daf86c4cd7c506f09c67b80d5ecc221ded08af6e48297e0161bae16862e5a1d3204b27945c511b0
+DIST VirtualBox-5.1.22.tar.bz2 115838360 SHA256 fcc918000b8c5ece553541ec10a9182410a742b7266257c76dda895dcd389899 SHA512 e48457371c9139fc04477c82fbd18974378fde08af2a6f9058a0eafa6e522987bd129b8d87c9f381789c4e817aded752fde6ea7fcb2ade471997373802e09348 WHIRLPOOL c6034aad69c8a25eaf5909b6889f04f8090ace562e18a76bc55ad4d3e8347844fa1ab466d32e92b09180dff71e0f928826db0994d34b03f44b11bdb03ccc40d2
+DIST virtualbox-5.1.18-patches-01.tar.xz 4512 SHA256 1aa525a8230f77abc672e61bea76af9ddfbb8f22acf21ef382b7a0a88de92764 SHA512 f1c88dd9b7fbafb9764df0a88dc5615aa78a01408d0a14c0dae33e3a53bd75c191c0181934848e17f5fd77784f9e01bf44b444f1485fc302cb1538c2e8ddac95 WHIRLPOOL c11adda0297cc18f0ac614a3492c411413bf640090c9cdb4c5382c4da0391734c479d92c2933e46e0dc8ccf59e155ce35e72182abcb5015a7e03ec33d51c1ab0
diff --git a/app-emulation/virtualbox/files/virtualbox-5.1.22-opengl_dlopen_fix.patch b/app-emulation/virtualbox/files/virtualbox-5.1.22-opengl_dlopen_fix.patch
new file mode 100644
index 00000000..71fa978c
--- /dev/null
+++ b/app-emulation/virtualbox/files/virtualbox-5.1.22-opengl_dlopen_fix.patch
@@ -0,0 +1,167 @@
+Index: VirtualBox-5.1.22/src/VBox/HostDrivers/Support/posix/SUPR3HardenedMain-posix.cpp
+===================================================================
+--- VirtualBox-5.1.22/src/VBox/HostDrivers/Support/posix/SUPR3HardenedMain-posix.cpp (revision 115126)
++++ VirtualBox-5.1.22/src/VBox/HostDrivers/Support/posix/SUPR3HardenedMain-posix.cpp (revision 115307)
+@@ -341,6 +341,7 @@
+ * Patch 64-bit hosts.
+ */
+ uint32_t cRipRelMovs = 0;
++ uint32_t cRelCalls = 0;
+
+ /* Just use the disassembler to skip 12 bytes or more, we might need to
+ rewrite mov instructions using RIP relative addressing. */
+@@ -349,7 +350,8 @@
+ cbInstr = 1;
+ int rc = DISInstr(pbTarget + offJmpBack, DISCPUMODE_64BIT, &Dis, &cbInstr);
+ if ( RT_FAILURE(rc)
+- || (Dis.pCurInstr->fOpType & DISOPTYPE_CONTROLFLOW)
++ || ( Dis.pCurInstr->fOpType & DISOPTYPE_CONTROLFLOW
++ && Dis.pCurInstr->uOpcode != OP_CALL)
+ || ( Dis.ModRM.Bits.Mod == 0
+ && Dis.ModRM.Bits.Rm == 5 /* wrt RIP */
+ && Dis.pCurInstr->uOpcode != OP_MOV))
+@@ -357,15 +359,23 @@
+
+ if (Dis.ModRM.Bits.Mod == 0 && Dis.ModRM.Bits.Rm == 5 /* wrt RIP */)
+ cRipRelMovs++;
++ if ( Dis.pCurInstr->uOpcode == OP_CALL
++ && (Dis.pCurInstr->fOpType & DISOPTYPE_RELATIVE_CONTROLFLOW))
++ cRelCalls++;
+
+ offJmpBack += cbInstr;
+ cbPatchMem += cbInstr;
+ }
+
++ /*
++ * Each relative call requires extra bytes as it is converted to a pushq imm32
++ * + mov [RSP+4], imm32 + a jmp qword [$+8 wrt RIP] to avoid clobbering registers.
++ */
++ cbPatchMem += cRelCalls * RT_ALIGN_32(13 + 6 + 8, 8);
+ cbPatchMem += 14; /* jmp qword [$+8 wrt RIP] + 8 byte address to jump to. */
+ cbPatchMem = RT_ALIGN_32(cbPatchMem, 8);
+
+- /* Allocate suitable exectuable memory available. */
++ /* Allocate suitable executable memory available. */
+ bool fConvRipRelMovs = false;
+ uint8_t *pbPatchMem = supR3HardenedMainPosixExecMemAlloc(cbPatchMem, pbTarget, cRipRelMovs > 0);
+ if (!pbPatchMem)
+@@ -396,7 +406,8 @@
+ cbInstr = 1;
+ int rc = DISInstr(pbTarget + offInsn, DISCPUMODE_64BIT, &Dis, &cbInstr);
+ if ( RT_FAILURE(rc)
+- || (Dis.pCurInstr->fOpType & DISOPTYPE_CONTROLFLOW))
++ || ( Dis.pCurInstr->fOpType & DISOPTYPE_CONTROLFLOW
++ && Dis.pCurInstr->uOpcode != OP_CALL))
+ return VERR_SUPLIB_UNEXPECTED_INSTRUCTION;
+
+ if ( Dis.ModRM.Bits.Mod == 0
+@@ -439,6 +450,34 @@
+ pbPatchMem += sizeof(int32_t);
+ }
+ }
++ else if ( Dis.pCurInstr->uOpcode == OP_CALL
++ && (Dis.pCurInstr->fOpType & DISOPTYPE_RELATIVE_CONTROLFLOW))
++ {
++ /* Convert to absolute jump. */
++ uintptr_t uAddr = (uintptr_t)&pbTarget[offInsn + cbInstr] + (intptr_t)Dis.Param1.uValue;
++
++ /* Skip the push instructions till the return address is known. */
++ uint8_t *pbPatchMemPush = pbPatchMem;
++ pbPatchMem += 13;
++
++ *pbPatchMem++ = 0xff; /* jmp qword [$+8 wrt RIP] */
++ *pbPatchMem++ = 0x25;
++ *(uint32_t *)pbPatchMem = (uint32_t)(RT_ALIGN_PT(pbPatchMem + 4, 8, uint8_t *) - (pbPatchMem + 4));
++ pbPatchMem = RT_ALIGN_PT(pbPatchMem + 4, 8, uint8_t *);
++ *(uint64_t *)pbPatchMem = uAddr;
++ pbPatchMem += sizeof(uint64_t);
++
++ /* Push the return address onto stack. Difficult on amd64 without clobbering registers... */
++ uintptr_t uAddrReturn = (uintptr_t)pbPatchMem;
++ *pbPatchMemPush++ = 0x68; /* push imm32 sign-extended as 64-bit*/
++ *(uint32_t *)pbPatchMemPush = RT_LO_U32(uAddrReturn);
++ pbPatchMemPush += sizeof(uint32_t);
++ *pbPatchMemPush++ = 0xc7;
++ *pbPatchMemPush++ = 0x44;
++ *pbPatchMemPush++ = 0x24;
++ *pbPatchMemPush++ = 0x04; /* movl [RSP+4], imm32 */
++ *(uint32_t *)pbPatchMemPush = RT_HI_U32(uAddrReturn);
++ }
+ else
+ {
+ memcpy(pbPatchMem, pbTarget + offInsn, cbInstr);
+Index: VirtualBox-5.1.22/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp
+===================================================================
+--- VirtualBox-5.1.22/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp (revision 115126)
++++ VirtualBox-5.1.22/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp (revision 115307)
+@@ -86,6 +86,9 @@
+ /** The max path length acceptable for a trusted path. */
+ #define SUPR3HARDENED_MAX_PATH 260U
+
++/** Enable to resolve symlinks using realpath() instead of cooking our own stuff. */
++#define SUP_HARDENED_VERIFY_FOLLOW_SYMLINKS_USE_REALPATH 1
++
+ #ifdef RT_OS_SOLARIS
+ # define dirfd(d) ((d)->d_fd)
+ #endif
+@@ -1091,7 +1094,8 @@
+ #endif
+
+
+-#if defined(RT_OS_DARWIN) || defined(RT_OS_LINUX)
++#ifndef SUP_HARDENED_VERIFY_FOLLOW_SYMLINKS_USE_REALPATH
++# if defined(RT_OS_DARWIN) || defined(RT_OS_LINUX)
+ /**
+ * Copies the error message to the error buffer and returns @a rc.
+ *
+@@ -1104,6 +1108,7 @@
+ {
+ return supR3HardenedSetErrorN(rc, pErrInfo, 1, pszMsg);
+ }
++# endif
+ #endif
+
+
+@@ -1893,7 +1898,9 @@
+ /*
+ * Verify each component from the root up.
+ */
++#ifndef SUP_HARDENED_VERIFY_FOLLOW_SYMLINKS_USE_REALPATH
+ uint32_t iLoops = 0;
++#endif
+ SUPR3HARDENEDFSOBJSTATE FsObjState;
+ uint32_t iComponent = 0;
+ while (iComponent < Info.cComponents)
+@@ -1915,6 +1922,24 @@
+ if ( RT_SUCCESS(rc)
+ && S_ISLNK(FsObjState.Stat.st_mode))
+ {
++#if SUP_HARDENED_VERIFY_FOLLOW_SYMLINKS_USE_REALPATH /* Another approach using realpath() and verifying the result when encountering a symlink. */
++ char *pszFilenameResolved = realpath(pszFilename, NULL);
++ if (pszFilenameResolved)
++ {
++ rc = supR3HardenedVerifyFile(pszFilenameResolved, hNativeFile, fMaybe3rdParty, pErrInfo);
++ free(pszFilenameResolved);
++ return rc;
++ }
++ else
++ {
++ int iErr = errno;
++ supR3HardenedError(VERR_ACCESS_DENIED, false /*fFatal*/,
++ "supR3HardenedVerifyFileFollowSymlinks: Failed to resolve the real path '%s': %s (%d)\n",
++ pszFilename, strerror(iErr), iErr);
++ return supR3HardenedSetError4(VERR_ACCESS_DENIED, pErrInfo,
++ "realpath failed for '", pszFilename, "': ", strerror(iErr));
++ }
++#else
+ /* Don't loop forever. */
+ iLoops++;
+ if (iLoops < 8)
+@@ -1989,6 +2014,7 @@
+ else
+ return supR3HardenedSetError3(VERR_TOO_MANY_SYMLINKS, pErrInfo,
+ "Too many symbolic links: '", pszFilename, "'");
++#endif
+ }
+ }
+ if (RT_FAILURE(rc))
diff --git a/app-emulation/virtualbox/virtualbox-5.1.14.ebuild b/app-emulation/virtualbox/virtualbox-5.1.22-r1.ebuild
index 496e3a16..24821a0e 100644
--- a/app-emulation/virtualbox/virtualbox-5.1.14.ebuild
+++ b/app-emulation/virtualbox/virtualbox-5.1.22-r1.ebuild
@@ -1,6 +1,5 @@
# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Id$
EAPI=6
@@ -11,7 +10,7 @@ MY_PV="${PV/beta/BETA}"
MY_PV="${MY_PV/rc/RC}"
MY_P=VirtualBox-${MY_PV}
SRC_URI="http://download.virtualbox.org/virtualbox/${MY_PV}/${MY_P}.tar.bz2
- https://dev.gentoo.org/~polynomial-c/${PN}/patchsets/${PN}-5.1.6-patches-01.tar.xz"
+ https://dev.gentoo.org/~polynomial-c/${PN}/patchsets/${PN}-5.1.18-patches-01.tar.xz"
S="${WORKDIR}/${MY_P}"
DESCRIPTION="Family of powerful x86 virtualization products for enterprise and home use"
@@ -20,7 +19,7 @@ HOMEPAGE="http://www.virtualbox.org/"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="amd64 x86"
-IUSE="alsa debug doc headless java libressl lvm pam pulseaudio +opengl python +qt5 +sdk +udev vboxwebsrv vnc"
+IUSE="alsa debug doc headless java libressl lvm pam pax_kernel pulseaudio +opengl python +qt5 +sdk +udev vboxwebsrv vnc"
RDEPEND="!app-emulation/virtualbox-bin
~app-emulation/virtualbox-modules-${PV}
@@ -64,6 +63,7 @@ DEPEND="${RDEPEND}
virtual/pkgconfig
alsa? ( >=media-libs/alsa-lib-1.0.13 )
doc? (
+ app-text/docbook-sgml-dtd:4.4
dev-texlive/texlive-basic
dev-texlive/texlive-latex
dev-texlive/texlive-latexrecommended
@@ -74,6 +74,7 @@ DEPEND="${RDEPEND}
!headless? ( x11-libs/libXinerama )
java? ( >=virtual/jre-1.6:= )
pam? ( sys-libs/pam )
+ pax_kernel? ( sys-apps/elfix )
pulseaudio? ( media-sound/pulseaudio )
qt5? ( dev-qt/linguist-tools:5 )
vboxwebsrv? ( net-libs/gsoap[-gnutls(-)] )
@@ -146,9 +147,8 @@ src_prepare() {
# Remove shipped binaries (kBuild,yasm), see bug #232775
rm -r kBuild/bin tools || die
- # Remove pointless GCC version limitations in check_gcc()
- sed -e "/\s*-o\s*\\\(\s*\$cc_maj\s*-eq\s*[5-9]\s*-a\s*\$cc_min\s*-gt\s*[0-5]\s*\\\)\s*\\\/d" \
- -i configure || die
+ # Remove pointless GCC version check
+ sed -e '/^check_gcc$/d' -i configure || die
# Disable things unused or split into separate ebuilds
sed -e "s@MY_LIBDIR@$(get_libdir)@" \
@@ -182,7 +182,13 @@ src_prepare() {
rm "${WORKDIR}"/patches/050_${PN}-*-nopie.patch || die
fi
+ # Only add paxmark patch when we're on pax_kernel
+ if use pax_kernel ; then
+ epatch "${FILESDIR}"/virtualbox-5.1.4-paxmark-bldprogs.patch || die
+ fi
+
eapply "${WORKDIR}/patches"
+ eapply "${FILESDIR}/${P}-opengl_dlopen_fix.patch" #616238
eapply_user
}
@@ -395,6 +401,10 @@ src_install() {
newinitd "${FILESDIR}"/vboxwebsrv-initd vboxwebsrv
newconfd "${FILESDIR}"/vboxwebsrv-confd vboxwebsrv
fi
+
+ if use doc ; then
+ dodoc UserManual.pdf
+ fi
}
pkg_postinst() {
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-06 02:50:42 +0000