diff --git a/pkgs/applications/virtualization/virtualbox/default.nix b/pkgs/applications/virtualization/virtualbox/default.nix index fc3303baf339..1610fe120070 100644 --- a/pkgs/applications/virtualization/virtualbox/default.nix +++ b/pkgs/applications/virtualization/virtualbox/default.nix @@ -1,5 +1,5 @@ { config, stdenv, fetchurl, lib, acpica-tools, dev86, pam, libxslt, libxml2, wrapQtAppsHook -, libX11, xorgproto, libXext, libXcursor, libXmu, libIDL, SDL, libcap, libGL +, libX11, xorgproto, libXext, libXcursor, libXmu, libIDL, SDL2, libcap, libGL, libGLU , libpng, glib, lvm2, libXrandr, libXinerama, libopus, qtbase, qtx11extras , qttools, qtsvg, qtwayland, pkg-config, which, docbook_xsl, docbook_xml_dtd_43 , alsa-lib, curl, libvpx, nettools, dbus, substituteAll, gsoap, zlib @@ -24,14 +24,14 @@ let buildType = "release"; # Use maintainers/scripts/update.nix to update the version and all related hashes or # change the hashes in extpack.nix and guest-additions/default.nix as well manually. - version = "7.0.6"; + version = "7.0.8"; in stdenv.mkDerivation { pname = "virtualbox"; inherit version; src = fetchurl { - url = "https://download.virtualbox.org/virtualbox/${version}/VirtualBox-${version}.tar.bz2"; - sha256 = "f146d9a86a35af0abb010e628636fd800cb476cc2ce82f95b0c0ca876e1756ff"; + url = "https://download.virtualbox.org/virtualbox/${version}/VirtualBox-${version}a.tar.bz2"; + sha256 = "7de37359518d467b7f888235175cd388f66e9f16bd9359dd6265fbc95933c1e6"; }; outputs = [ "out" "modsrc" ]; @@ -45,12 +45,12 @@ in stdenv.mkDerivation { buildInputs = [ acpica-tools dev86 libxslt libxml2 xorgproto libX11 libXext libXcursor libIDL libcap glib lvm2 alsa-lib curl libvpx pam makeself perl - libXmu libpng libopus python3 ] + libXmu libXrandr libpng libopus python3 ] ++ optional javaBindings jdk ++ optional pythonBindings python3 # Python is needed even when not building bindings ++ optional pulseSupport libpulseaudio - ++ optionals headless [ libXrandr libGL ] - ++ optionals (!headless) [ qtbase qtx11extras libXinerama SDL ] + ++ optionals headless [ libGL ] + ++ optionals (!headless) [ qtbase qtx11extras libXinerama SDL2 libGLU ] ++ optionals enableWebService [ gsoap zlib ]; hardeningDisable = [ "format" "fortify" "pic" "stackprotector" ]; @@ -82,6 +82,8 @@ in stdenv.mkDerivation { patches = optional enableHardening ./hardened.patch + # Since VirtualBox 7.0.8, VBoxSDL requires SDL2, but the build framework uses SDL1 + ++ optional (!headless) ./fix-sdl.patch ++ [ ./extra_symbols.patch ] # When hardening is enabled, we cannot use wrapQtApp to ensure that VirtualBoxVM sees # the correct environment variables needed for Qt to work, specifically QT_PLUGIN_PATH. diff --git a/pkgs/applications/virtualization/virtualbox/extpack.nix b/pkgs/applications/virtualization/virtualbox/extpack.nix index 7e27e79d5dd7..617fa298bebd 100644 --- a/pkgs/applications/virtualization/virtualbox/extpack.nix +++ b/pkgs/applications/virtualization/virtualbox/extpack.nix @@ -12,7 +12,7 @@ fetchurl rec { # Manually sha256sum the extensionPack file, must be hex! # Thus do not use `nix-prefetch-url` but instead plain old `sha256sum`. # Checksums can also be found at https://www.virtualbox.org/download/hashes/${version}/SHA256SUMS - let value = "292961aa8723b54f96f89f6d8abf7d8e29259d94b7de831dbffb9ae15d346434"; + let value = "452320f3b1da42b30c32ea5ab5887983b575638ceb4e3beacfefbbb3b0510a48"; in assert (builtins.stringLength value) == 64; value; meta = { diff --git a/pkgs/applications/virtualization/virtualbox/fix-sdl.patch b/pkgs/applications/virtualization/virtualbox/fix-sdl.patch new file mode 100644 index 000000000000..2f16470c48c7 --- /dev/null +++ b/pkgs/applications/virtualization/virtualbox/fix-sdl.patch @@ -0,0 +1,72 @@ +diff --git a/configure b/configure +index 5edefba..a17e8c5 100755 +--- a/configure ++++ b/configure +@@ -1184,10 +1184,10 @@ check_sdl() + fail + fi + else +- if which_wrapper sdl-config > /dev/null; then +- FLGSDL=`sdl-config --cflags` ++ if which_wrapper sdl2-config > /dev/null; then ++ FLGSDL=`sdl2-config --cflags` + INCSDL=`strip_I "$FLGSDL"` +- LIBSDL=`sdl-config --libs` ++ LIBSDL=`sdl2-config --libs` + LIBSDLMAIN="-lSDLmain" + FLDSDL= + foundsdl=1 +diff --git a/src/VBox/Frontends/VBoxSDL/Framebuffer.cpp b/src/VBox/Frontends/VBoxSDL/Framebuffer.cpp +index 16dc282..4889865 100644 +--- a/src/VBox/Frontends/VBoxSDL/Framebuffer.cpp ++++ b/src/VBox/Frontends/VBoxSDL/Framebuffer.cpp +@@ -56,7 +56,7 @@ using namespace com; + # pragma warning(push) + # pragma warning(disable: 4121) /* warning C4121: 'SDL_SysWMmsg' : alignment of a member was sensitive to packing*/ + # endif +-# include /* for SDL_GetWMInfo() */ ++# include /* for SDL_GetWMInfo() */ + # ifdef _MSC_VER + # pragma warning(pop) + # endif +diff --git a/src/VBox/Frontends/VBoxSDL/Makefile.kmk b/src/VBox/Frontends/VBoxSDL/Makefile.kmk +index da43153..2aa8cd7 100644 +--- a/src/VBox/Frontends/VBoxSDL/Makefile.kmk ++++ b/src/VBox/Frontends/VBoxSDL/Makefile.kmk +@@ -79,10 +79,6 @@ if !defined(VBOX_WITH_HARDENING) || "$(KBUILD_TARGET)" != "darwin" # No hardened + VBoxSDL_INCS += \ + $(VBOX_XCURSOR_INCS) + endif +- ifn1of ($(KBUILD_TARGET), solaris) # Probably wrong with SDL2 +- VBoxSDL_LIBS = \ +- $(LIB_SDK_LIBSDL2_SDLMAIN) +- endif + if1of ($(KBUILD_TARGET), freebsd linux netbsd openbsd solaris) # X11 + VBoxSDL_LIBS += \ + $(PATH_STAGE_DLL)/VBoxKeyboard$(VBOX_SUFF_DLL) \ +diff --git a/src/VBox/Frontends/VBoxSDL/VBoxSDL.cpp b/src/VBox/Frontends/VBoxSDL/VBoxSDL.cpp +index 065c391..22788e1 100644 +--- a/src/VBox/Frontends/VBoxSDL/VBoxSDL.cpp ++++ b/src/VBox/Frontends/VBoxSDL/VBoxSDL.cpp +@@ -64,7 +64,7 @@ using namespace com; + # pragma warning(disable: 4121) /* warning C4121: 'SDL_SysWMmsg' : alignment of a member was sensitive to packing*/ + #endif + #ifndef RT_OS_DARWIN +-# include /* for SDL_GetWMInfo() */ ++# include /* for SDL_GetWMInfo() */ + #endif + #ifdef _MSC_VER + # pragma warning(pop) +diff --git a/src/VBox/Frontends/VBoxSDL/VBoxSDL.h b/src/VBox/Frontends/VBoxSDL/VBoxSDL.h +index dde548f..8fc9fb3 100644 +--- a/src/VBox/Frontends/VBoxSDL/VBoxSDL.h ++++ b/src/VBox/Frontends/VBoxSDL/VBoxSDL.h +@@ -45,7 +45,7 @@ + # pragma warning(disable: 4121) /* warning C4121: 'SDL_SysWMmsg' : alignment of a member was sensitive to packing*/ + # pragma warning(disable: 4668) /* warning C4668: '__GNUC__' is not defined as a preprocessor macro, replacing with '0' for '#if/#elif' */ + #endif +-#include ++#include + #ifdef _MSC_VER + # pragma warning(pop) + #endif diff --git a/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix b/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix index 0601aa3e44a2..1e6cfcf4eb76 100644 --- a/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix +++ b/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix @@ -23,7 +23,7 @@ in stdenv.mkDerivation rec { src = fetchurl { url = "http://download.virtualbox.org/virtualbox/${version}/VBoxGuestAdditions_${version}.iso"; - sha256 = "21e0f407d2a4f5c286084a70718aa20235ea75969eca0cab6cfab43a3499a010"; + sha256 = "8d73e2361afbf696e6128ffa5e96d9f6a78ff32cb2cb54c727a5be7992be0b31"; }; KERN_DIR = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"; diff --git a/pkgs/applications/virtualization/virtualbox/hardened.patch b/pkgs/applications/virtualization/virtualbox/hardened.patch index 786a476df51c..eb53e0d1421e 100644 --- a/pkgs/applications/virtualization/virtualbox/hardened.patch +++ b/pkgs/applications/virtualization/virtualbox/hardened.patch @@ -1,8 +1,8 @@ diff --git a/include/iprt/mangling.h b/include/iprt/mangling.h -index 25b918d1..1420ff1d 100644 +index 991dd9e..defc781 100644 --- a/include/iprt/mangling.h +++ b/include/iprt/mangling.h -@@ -1695,6 +1695,7 @@ +@@ -1802,6 +1802,7 @@ # define RTPathStripSuffix RT_MANGLER(RTPathStripSuffix) # define RTPathStripFilename RT_MANGLER(RTPathStripFilename) # define RTPathStripTrailingSlash RT_MANGLER(RTPathStripTrailingSlash) @@ -10,7 +10,7 @@ index 25b918d1..1420ff1d 100644 # define RTPathTemp RT_MANGLER(RTPathTemp) # define RTPathTraverseList RT_MANGLER(RTPathTraverseList) # define RTPathUnlink RT_MANGLER(RTPathUnlink) -@@ -1734,6 +1735,7 @@ +@@ -1842,6 +1843,7 @@ # define RTProcGetAffinityMask RT_MANGLER(RTProcGetAffinityMask) # define RTProcGetExecutablePath RT_MANGLER(RTProcGetExecutablePath) # define RTProcGetPriority RT_MANGLER(RTProcGetPriority) @@ -19,10 +19,10 @@ index 25b918d1..1420ff1d 100644 # define RTProcQueryParent RT_MANGLER(RTProcQueryParent) # define RTProcQueryUsername RT_MANGLER(RTProcQueryUsername) diff --git a/include/iprt/path.h b/include/iprt/path.h -index 99060e35..ccfbeb76 100644 +index 89bf8f6..5caa578 100644 --- a/include/iprt/path.h +++ b/include/iprt/path.h -@@ -1221,6 +1221,15 @@ RTDECL(int) RTPathCalcRelative(char *pszPathDst, size_t cbPathDst, const char *p +@@ -1235,6 +1235,15 @@ RTDECL(int) RTPathCalcRelative(char *pszPathDst, size_t cbPathDst, const char *p */ RTDECL(int) RTPathExecDir(char *pszPath, size_t cchPath); @@ -39,10 +39,10 @@ index 99060e35..ccfbeb76 100644 * Gets the user home directory. * diff --git a/include/iprt/process.h b/include/iprt/process.h -index f4f67dd4..ab882a19 100644 +index 4ca981e..058ae7a 100644 --- a/include/iprt/process.h +++ b/include/iprt/process.h -@@ -352,6 +352,16 @@ RTR3DECL(const char *) RTProcExecutablePath(void); +@@ -384,6 +384,16 @@ RTR3DECL(const char *) RTProcExecutablePath(void); */ RTR3DECL(char *) RTProcGetExecutablePath(char *pszExecPath, size_t cbExecPath); @@ -60,10 +60,10 @@ index f4f67dd4..ab882a19 100644 * Daemonize the current process, making it a background process. * diff --git a/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp b/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp -index 75ff8572..18a077b7 100644 +index e78a397..ff5b541 100644 --- a/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp +++ b/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp -@@ -1531,9 +1531,9 @@ static int supR3HardenedVerifyFsObject(PCSUPR3HARDENEDFSOBJSTATE pFsObjState, bo +@@ -1541,9 +1541,9 @@ static int supR3HardenedVerifyFsObject(PCSUPR3HARDENEDFSOBJSTATE pFsObjState, bo bool fBad = !fRelaxed || pFsObjState->Stat.st_gid != 2 /*bin*/ || suplibHardenedStrCmp(pszPath, "/usr/lib/iconv"); # else NOREF(fRelaxed); @@ -76,10 +76,10 @@ index 75ff8572..18a077b7 100644 "An unknown (and thus untrusted) group has write access to '", pszPath, "' and we therefore cannot trust the directory content or that of any subdirectory"); diff --git a/src/VBox/Main/src-all/MachineLaunchVMCommonWorker.cpp b/src/VBox/Main/src-all/MachineLaunchVMCommonWorker.cpp -index 2991d3a7..d042a08b 100644 +index 01d7a9f..e52a291 100644 --- a/src/VBox/Main/src-all/MachineLaunchVMCommonWorker.cpp +++ b/src/VBox/Main/src-all/MachineLaunchVMCommonWorker.cpp -@@ -90,7 +90,7 @@ int MachineLaunchVMCommonWorker(const Utf8Str &aNameOrId, +@@ -100,7 +100,7 @@ int MachineLaunchVMCommonWorker(const Utf8Str &aNameOrId, /* Get the path to the executable directory w/ trailing slash: */ char szPath[RTPATH_MAX]; @@ -89,10 +89,10 @@ index 2991d3a7..d042a08b 100644 size_t cbBufLeft = RTPathEnsureTrailingSeparator(szPath, sizeof(szPath)); AssertReturn(cbBufLeft > 0, VERR_FILENAME_TOO_LONG); diff --git a/src/VBox/Main/src-server/NetworkServiceRunner.cpp b/src/VBox/Main/src-server/NetworkServiceRunner.cpp -index 2e57690a..3272c840 100644 +index 773d27f..874ec2d 100644 --- a/src/VBox/Main/src-server/NetworkServiceRunner.cpp +++ b/src/VBox/Main/src-server/NetworkServiceRunner.cpp -@@ -188,7 +188,7 @@ int NetworkServiceRunner::start(bool aKillProcessOnStop) +@@ -198,7 +198,7 @@ int NetworkServiceRunner::start(bool aKillProcessOnStop) * ASSUME it is relative to the directory that holds VBoxSVC. */ char szExePath[RTPATH_MAX]; @@ -102,28 +102,28 @@ index 2e57690a..3272c840 100644 int vrc = RTPathAppend(szExePath, sizeof(szExePath), m->pszProcName); AssertLogRelRCReturn(vrc, vrc); diff --git a/src/VBox/Main/src-server/generic/NetIf-generic.cpp b/src/VBox/Main/src-server/generic/NetIf-generic.cpp -index af155966..3b8e793d 100644 +index 1e2eb61..893344c 100644 --- a/src/VBox/Main/src-server/generic/NetIf-generic.cpp +++ b/src/VBox/Main/src-server/generic/NetIf-generic.cpp -@@ -48,7 +48,7 @@ static int NetIfAdpCtl(const char * pcszIfName, const char *pszAddr, const char +@@ -62,7 +62,7 @@ static int NetIfAdpCtl(const char * pcszIfName, const char *pszAddr, const char const char *args[] = { NULL, pcszIfName, pszAddr, pszOption, pszMask, NULL }; char szAdpCtl[RTPATH_MAX]; -- int rc = RTPathExecDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME)); -+ int rc = RTPathSuidDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME)); - if (RT_FAILURE(rc)) +- int vrc = RTPathExecDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME)); ++ int vrc = RTPathSuidDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME)); + if (RT_FAILURE(vrc)) { - LogRel(("NetIfAdpCtl: failed to get program path, rc=%Rrc.\n", rc)); -@@ -95,7 +95,7 @@ static int NetIfAdpCtl(HostNetworkInterface * pIf, const char *pszAddr, const ch + LogRel(("NetIfAdpCtl: failed to get program path, vrc=%Rrc.\n", vrc)); +@@ -109,7 +109,7 @@ static int NetIfAdpCtl(HostNetworkInterface * pIf, const char *pszAddr, const ch int NetIfAdpCtlOut(const char * pcszName, const char * pcszCmd, char *pszBuffer, size_t cBufSize) { char szAdpCtl[RTPATH_MAX]; -- int rc = RTPathExecDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME " ") - strlen(pcszCmd)); -+ int rc = RTPathSuidDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME " ") - strlen(pcszCmd)); - if (RT_FAILURE(rc)) +- int vrc = RTPathExecDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME " ") - strlen(pcszCmd)); ++ int vrc = RTPathSuidDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME " ") - strlen(pcszCmd)); + if (RT_FAILURE(vrc)) { - LogRel(("NetIfAdpCtlOut: Failed to get program path, rc=%Rrc\n", rc)); -@@ -210,7 +210,7 @@ int NetIfCreateHostOnlyNetworkInterface(VirtualBox *pVirtualBox, + LogRel(("NetIfAdpCtlOut: Failed to get program path, vrc=%Rrc\n", vrc)); +@@ -224,7 +224,7 @@ int NetIfCreateHostOnlyNetworkInterface(VirtualBox *pVirtualBox, progress.queryInterfaceTo(aProgress); char szAdpCtl[RTPATH_MAX]; @@ -133,10 +133,10 @@ index af155966..3b8e793d 100644 { progress->i_notifyComplete(E_FAIL, diff --git a/src/VBox/Runtime/r3/path.cpp b/src/VBox/Runtime/r3/path.cpp -index 4b1a0ada..7f6dd707 100644 +index bcd8deb..46ecd1e 100644 --- a/src/VBox/Runtime/r3/path.cpp +++ b/src/VBox/Runtime/r3/path.cpp -@@ -81,6 +81,12 @@ RTDECL(int) RTPathExecDir(char *pszPath, size_t cchPath) +@@ -91,6 +91,12 @@ RTDECL(int) RTPathExecDir(char *pszPath, size_t cchPath) } @@ -150,10 +150,10 @@ index 4b1a0ada..7f6dd707 100644 { #if !defined(RT_OS_WINDOWS) && defined(RTPATH_APP_PRIVATE) diff --git a/src/VBox/Runtime/r3/process.cpp b/src/VBox/Runtime/r3/process.cpp -index 5f7c7a87..59461cfa 100644 +index f9d1ecf..042e599 100644 --- a/src/VBox/Runtime/r3/process.cpp +++ b/src/VBox/Runtime/r3/process.cpp -@@ -117,6 +117,25 @@ RTR3DECL(const char *) RTProcExecutablePath(void) +@@ -127,6 +127,25 @@ RTR3DECL(const char *) RTProcExecutablePath(void) return g_szrtProcExePath; }