On Fri, 20 May 2016, Connie Sieh wrote:
The following security errata are now located in "sl-testing". These errata
were released after/during the release of RHEL 6.8 . We require extra
testing for these errata. Please test.
yum --enablerepo=sl-testing list
yum --enablerepo=sl-testing update <package>
file-5.04-30.el6
icedtea-web-1.6.2-1.el6
kernel-2.6.32-642.el6
Not sure SL is the place to fix this SL6 users may wish to known.
The SL6.8 kernel-2.6.32-642.el6 makes the Oracle
VirtualBox-5.0-5.0.20_106931_el6-1.src.rpm unhappy:
Executive summary:
Oracle VirtualBox-5.0 does not want to play with kernel-2.6.32-642.el6
Detailed version:
# /sbin/rcvboxdrv setup
Stopping VirtualBox kernel modules [ OK ]
Removing old VirtualBox kernel module [ OK ]
Recompiling VirtualBox kernel modules [FAILED]
(Look at /var/log/vbox-install.log to find out what went wrong)
tail /var/log/vbox-install.log
/bin/false)
mkdir -p /tmp/vbox.0/.tmp_versions ; rm -f /tmp/vbox.0/.tmp_versions/*
make -f scripts/Makefile.build obj=/tmp/vbox.0
gcc -Wp,-MD,/tmp/vbox.0/linux/.VBoxNetFlt-linux.o.d -nostdinc -isystem
/usr/lib/gcc/x86_64-redhat-linux/4.4.7/include -Iinclude
-I/usr/src/kernels/2.6.32-642.el6.x86_64/include/uapi
-I/usr/src/kernels/2.6.32-642.el6.x86_64/arch/x86/include
-Iarch/include/generated -Iinclude -include
/usr/src/kernels/2.6.32-642.el6.x86_64/include/linux/kconfig.h
-D__KERNEL__ -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs
-fno-strict-aliasing -fno-common -Werror-implicit-function-declaration
-Wno-format-security -fno-delete-null-pointer-checks -O2 -m64
-mtune=generic -mno-red-zone -mcmodel=kernel -funit-at-a-time
-maccumulate-outgoing-args -fstack-protector -DCONFIG_AS_CFI=1
-DCONFIG_AS_CFI_SIGNAL_FRAME=1 -DCONFIG_AS_CFI_SECTIONS=1
-DCONFIG_AS_AVX=1 -pipe -Wno-sign-compare -fno-asynchronous-unwind-tables
-mno-sse -mno-mmx -mno-sse2 -mno-3dnow -Wframe-larger-than=2048
-Wno-unused-but-set-variable -fno-omit-frame-pointer
-fno-optimize-sibling-calls -g -pg -Wdeclaration-after-statement
-Wno-pointer-sign -fno-strict-overflow -fno-dwarf2-cfi-asm
-fconserve-stack -include /tmp/vbox.0/include/VBox/SUPDrvMangling.h
-I/lib/modules/2.6.32-642.el6.x86_64/build/include -I/tmp/vbox.0/
-I/tmp/vbox.0/include -I/tmp/vbox.0/r0drv/linux -I/tmp/vbox.0/vboxnetflt/
-I/tmp/vbox.0/vboxnetflt/include -I/tmp/vbox.0/vboxnetflt/r0drv/linux
-D__KERNEL__ -DMODULE -DRT_OS_LINUX -DIN_RING0 -DIN_RT_R0 -DIN_SUP_R0
-DVBOX -DRT_WITH_VBOX -DVBOX_WITH_HARDENING
-Wno-declaration-after-statement -DRT_ARCH_AMD64
-DVBOX_WITH_64_BITS_GUESTS -DMODULE -D"KBUILD_STR(s)=#s"
-D"KBUILD_BASENAME=KBUILD_STR(VBoxNetFlt_linux)"
-D"KBUILD_MODNAME=KBUILD_STR(vboxnetflt)" -D"DEBUG_HASH=60"
-D"DEBUG_HASH2=11" -c -o /tmp/vbox.0/linux/.tmp_VBoxNetFlt-linux.o
/tmp/vbox.0/linux/VBoxNetFlt-linux.c
/tmp/vbox.0/linux/VBoxNetFlt-linux.c: In function vboxNetFltLinuxPacketHandler
/tmp/vbox.0/linux/VBoxNetFlt-linux.c:943: error: implicit declaration of
function vlan_tx_tag_present
/tmp/vbox.0/linux/VBoxNetFlt-linux.c:953: error: implicit declaration of
function vlan_tx_tag_get
make[2]: *** [/tmp/vbox.0/linux/VBoxNetFlt-linux.o] Error 1
make[1]: *** [_module_/tmp/vbox.0] Error 2
make: *** [vboxnetflt] Error 2
... so the 2.6.32-642 kernels no longer have the vlan_tx_tag_ defines
# egrep -4 "vlan_tx_tag_|VBOX_HAVE_SKB_VLAN"
/usr/share/virtualbox/src/vboxhost/vboxnetflt/linux/VBoxNetFlt-linux.c
# endif
#endif
#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 20, 0)
# define VBOX_HAVE_SKB_VLAN
#else
# ifdef RHEL_RELEASE_CODE
# if RHEL_RELEASE_CODE >= RHEL_RELEASE_VERSION(7, 2)
# define VBOX_HAVE_SKB_VLAN
# endif
# endif
#endif
#ifdef VBOX_HAVE_SKB_VLAN
# define vlan_tx_tag_get(skb) skb_vlan_tag_get(skb)
# define vlan_tx_tag_present(skb) skb_vlan_tag_present(skb)
#endif
#ifndef NET_IP_ALIGN
# define NET_IP_ALIGN 2
--
/* Somehow skb_copy ignores mac_len */
pBuf->mac_len = uMacLen;
# if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 27)
/* Restore VLAN tag stripped by host hardware */
if (vlan_tx_tag_present(pBuf) && skb_headroom(pBuf) >=
VLAN_ETH_HLEN)
{
uint8_t *pMac = (uint8_t*)skb_mac_header(pBuf);
struct vlan_ethhdr *pVHdr = (struct vlan_ethhdr *)(pMac -
VLAN_HLEN);
# if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 4, 0)
--
# else
memmove(pVHdr, pMac, VLAN_ETH_ALEN * 2);
# endif
pVHdr->h_vlan_proto = RT_H2N_U16(ETH_P_8021Q);
pVHdr->h_vlan_TCI = RT_H2N_U16(vlan_tx_tag_get(pBuf));
pBuf->mac_header -= VLAN_HLEN;
pBuf->mac_len += VLAN_HLEN;
}
# endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 27) */
So there is already lots of tweaking for kernel versions in this area;
we just need someone to add a tweak for this kernel.
--
Andrew C Aitchison
