SRU virtualbox-ext-pack, virtualbox-guest-additions-iso to match virtualbox versions

Bug #1540243 reported by Jan Henke on 2016-02-01
42
This bug affects 9 people
Affects Status Importance Assigned to Milestone
virtualbox-ext-pack (Ubuntu)
Low
Unassigned
Wily
Low
Unassigned
Xenial
Low
Unassigned
virtualbox-guest-additions-iso (Ubuntu)
Low
Unassigned
Precise
Low
Unassigned
Trusty
Low
Unassigned
Vivid
Low
Unassigned
Wily
Low
Unassigned
Xenial
Low
Unassigned

Bug Description

[Impact]

 * some ext-pack and guest-additions-iso versions are too old to be useful with newer virtualbox releases

[Test Case]

* install a virtualbox machine and extpack/guest-additions, update virtualbox from -security, and in some case you won't be able to start the machine anymore

[Regression Potential]

 * none.

[Other Info]

Due to upstream's patch policy, security updated are newer minor releases. That is great for the user. But the catch is that just the main virtua box packages (virtualbox, virtualbox-qt and virtualbox-dkms) are updated.

Both virtualbox-guest-additions-iso and virtualbox-ext-pack become useless after the security update is installed, as the minor version must match for it to work. While the virtualbox-ext-pack is arguably relatively easy to find on upstream's webpage (which one has to know about and go there yourself), the guest additions iso actually has no public download, since it always comes bundled with the virtualbox releases.

Long story short, please also update these packages whenever you upload a new minor version as security update, otherwise you make those packages completely useless.

ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: virtualbox-guest-additions-iso 5.0.4-1
ProcVersionSignature: Ubuntu 4.2.0-25.30-generic 4.2.6
Uname: Linux 4.2.0-25-generic x86_64
ApportVersion: 2.19.1-0ubuntu5
Architecture: amd64
CurrentDesktop: XFCE
Date: Mon Feb 1 08:32:31 2016
InstallationDate: Installed on 2015-11-04 (88 days ago)
InstallationMedia: Xubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021)
PackageArchitecture: all
SourcePackage: virtualbox-guest-additions-iso
UpgradeStatus: No upgrade log present (probably fresh install)

Jan Henke (jhe) wrote :
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in virtualbox-ext-pack (Ubuntu):
status: New → Confirmed
Changed in virtualbox-guest-additions-iso (Ubuntu):
status: New → Confirmed
Peter John Allebone (allebone) wrote :

This can potentially cause issues on guests running with 3d support as I just found out. Came here to log the same bug as I had to get them from http://download.virtualbox.org/virtualbox/

Pete

Kevin Funk (kfunk) wrote :

Work-around for extpack:

$ wget http://download.virtualbox.org/virtualbox/5.0.14/Oracle_VM_VirtualBox_Extension_Pack-5.0.14-105127.vbox-extpack
$ sudo VBoxManage extpack uninstall "Oracle VM VirtualBox Extension Pack"
$ sudo VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-5.0.14-105127.vbox-extpack

Jan Henke (jhe) wrote :

@kfunk: There is also a GUI option for that, but that is not the point of this bug. It is possible to download these things manually, but they are also packaged, so the packaged version must continue to work even after a security related update.

That is currently not the case, so the whole point is to make the package maintainer aware he/she needs to update those associated packages as well.

Kevin Funk (kfunk) wrote :

I didn't know there's a GUI option.

I agree it's a bug which needs to be handled; that's why I said "work-around", not "fix".

summary: - Packaged version must match version of virtualbox package
+ SRU virtualbox-ext-pack, virtualbox-guest-additions-iso to match
+ virtualbox versions
description: updated

 virtualbox-ext-pack - 5.0.14-0ubuntu1
 virtualbox-guest-additions-iso - 5.0.14-0ubuntu1.15.10.1
 virtualbox-guest-additions-iso - 4.3.36-1ubuntu1.14.04.1
 virtualbox-guest-additions-iso - 4.1.44-1ubuntu1.12.04.1

ready in my ppa
https://launchpad.net/~costamagnagianfranco/+archive/ubuntu/costamagnagianfranco-ppa

Hi Security Team, I would like to ask you if I can upload directly or you prefer to do it. it isn't not a strict security upload, but a followup of a security one.

Marc Deslauriers (mdeslaur) wrote :

I think it makes sense to update these packages in the -security pocket, along with the other virtualbox security releases.

Changed in virtualbox-ext-pack (Ubuntu Xenial):
status: Confirmed → Fix Released
Changed in virtualbox-ext-pack (Ubuntu Wily):
status: New → Confirmed
Changed in virtualbox-ext-pack (Ubuntu Precise):
status: New → Invalid
Changed in virtualbox-ext-pack (Ubuntu Trusty):
status: New → Invalid
Changed in virtualbox-ext-pack (Ubuntu Vivid):
status: New → Invalid
Changed in virtualbox-guest-additions-iso (Ubuntu Precise):
status: New → Confirmed
Changed in virtualbox-guest-additions-iso (Ubuntu Trusty):
status: New → Confirmed
Changed in virtualbox-guest-additions-iso (Ubuntu Vivid):
status: New → Won't Fix
Changed in virtualbox-guest-additions-iso (Ubuntu Wily):
status: New → Confirmed
Changed in virtualbox-guest-additions-iso (Ubuntu Xenial):
status: Confirmed → Fix Released
Mathew Hodson (mhodson) on 2016-02-04
tags: added: upgrade-software-version
Changed in virtualbox-ext-pack (Ubuntu Wily):
importance: Undecided → Low
Changed in virtualbox-ext-pack (Ubuntu Xenial):
importance: Undecided → Low
Changed in virtualbox-guest-additions-iso (Ubuntu Precise):
importance: Undecided → Low
Changed in virtualbox-guest-additions-iso (Ubuntu Trusty):
importance: Undecided → Low
Changed in virtualbox-guest-additions-iso (Ubuntu Vivid):
importance: Undecided → Low
Changed in virtualbox-guest-additions-iso (Ubuntu Wily):
importance: Undecided → Low
Changed in virtualbox-guest-additions-iso (Ubuntu Xenial):
importance: Undecided → Low
tags: added: trusty
Tyler Hicks (tyhicks) wrote :

Hi LocutusOfBorg - I have reviewed the virtualbox-guest-additions-iso changes and have a couple questions about the Precise debdiff.

 1) You removed the virtualbox-guest-additions transitional binary package from the control file but there's no mention of that in the changelog. Was that intentional? If so, what is the reasoning and what affect does it have on installs and upgrades?

 2) In the trusty debdiff, you renamed debian/create-upstream-tarball to debian/get-orig-source.sh and made some changes to it. In the precise debdiff, it looks like you left debian/create-upstream-tarball around despite creating debian/get-orig-source.sh. Was that intentional?

Changed in virtualbox-guest-additions-iso (Ubuntu Precise):
status: Confirmed → Incomplete

1) I actually wondered about it. It was a transitional package introduced in 4.0, but in fact lucid did have the old package.
So there isn't an upgrade path issue from precise-1 to precise, but there is one from Lucid to Precise (LTS-LTS).

I restored it, even if Lucid is EOL, we should give users the new package upon upgrade, good catch!

2) I removed it, I don't care too much about the watch file, but since it is fixed in a later release, it would be nice to allow people apt-get source the guest-additions and use the uscan command.
(a plain uscan doesn't work because of upstream changes, but the new script is better than the old one anyway, even if it needs to be called manually because both of them don't work anymore with iso files)

there is a .2 upload on my ppa, feel free to rebase into the previous .1 :)

Tyler Hicks (tyhicks) wrote :

The debdiffs all look good. I had to make some minor adjustments to the changelogs such as routing them to the security pockets but nothing major. These are building in the security-proposed ppa and will be released sometime today. Thanks!

Changed in virtualbox-guest-additions-iso (Ubuntu Precise):
status: Incomplete → Confirmed

True, for some reasons ppa doesn't handle security pockets (I tried to change the .changes pocket manually, but dput-ng complains, and I gave up because I don't remember/know how to override the check :p)

thanks!

Mathew Hodson (mhodson) on 2016-02-10
no longer affects: virtualbox-ext-pack (Ubuntu Vivid)
no longer affects: virtualbox-ext-pack (Ubuntu Trusty)
no longer affects: virtualbox-ext-pack (Ubuntu Precise)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package virtualbox-ext-pack - 5.0.14-1~ubuntu1.15.10.1

---------------
virtualbox-ext-pack (5.0.14-1~ubuntu1.15.10.1) wily-security; urgency=medium

  * Upload to wily, following the virtualbox security upload
    (LP: #1540243)

 -- Gianfranco Costamagna <email address hidden> Thu, 04 Feb 2016 10:12:32 +0100

Changed in virtualbox-ext-pack (Ubuntu Wily):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package virtualbox-guest-additions-iso - 4.1.44-1ubuntu1.12.04.1

---------------
virtualbox-guest-additions-iso (4.1.44-1ubuntu1.12.04.1) precise-security; urgency=medium

  * Upload to precise, following the virtualbox security upload
    (LP: #1540243)

 -- Gianfranco Costamagna <email address hidden> Thu, 04 Feb 2016 11:04:25 +0100

Changed in virtualbox-guest-additions-iso (Ubuntu Precise):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package virtualbox-guest-additions-iso - 4.3.36-1ubuntu1.14.04.1

---------------
virtualbox-guest-additions-iso (4.3.36-1ubuntu1.14.04.1) trusty-security; urgency=medium

  * Upload to trusty, following the virtualbox security upload
    (LP: #1540243)

 -- Gianfranco Costamagna <email address hidden> Thu, 04 Feb 2016 11:14:10 +0100

Changed in virtualbox-guest-additions-iso (Ubuntu Trusty):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package virtualbox-guest-additions-iso - 5.0.14-1~ubuntu1.15.10.1

---------------
virtualbox-guest-additions-iso (5.0.14-1~ubuntu1.15.10.1) wily-security; urgency=medium

  * Upload to wily, following the virtualbox security upload
    (LP: #1540243)

 -- Gianfranco Costamagna <email address hidden> Thu, 04 Feb 2016 11:17:47 +0100

Changed in virtualbox-guest-additions-iso (Ubuntu Wily):
status: Confirmed → Fix Released
Kevin Funk (kfunk) wrote :

This is still (or again?) broken in Ubuntu Xenial:

# dpkg -l | grep virtualbox
ii virtualbox 5.0.14-dfsg-2build1 amd64 x86 virtualization solution - base binaries
ii virtualbox-dkms 5.0.14-dfsg-2build1 all x86 virtualization solution - kernel module sources for dkms
ii virtualbox-ext-pack 5.0.16-1 all extra capabilities for VirtualBox, downloader.
ii virtualbox-guest-additions-iso 5.0.16-1 all guest additions iso image for VirtualBox
ii virtualbox-qt 5.0.14-dfsg-2build1 amd64 x86 virtualization solution - Qt based user interface

=> virtualbox at 5.0.14, extpack at 5.0.16.

Graham Inggs (ginggs) wrote :

@kfunk:
Virtualbox 5.0.16 hasn't migrated from -proposed yet:
https://launchpad.net/ubuntu/+source/virtualbox/5.0.16-dfsg-2

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers