Discuss the 5.2.2 release

This is for discussing general topics about how to use VirtualBox.

Discuss the 5.2.2 release

Postby michael » 24. Nov 2017, 16:04

Discuss the 5.2.2 release here.
You can download the release here.
Mainly a regression-fix release for 5.2.0.
michael
Oracle Corporation
 
Posts: 569
Joined: 10. May 2007, 09:46

Re: Discuss the 5.2.2 release

Postby mpack » 24. Nov 2017, 16:44

The main page gives October 24th as the release date of 5.2.2, which is a tad confusing. I had to do several double takes!
[Edit] Ah, fixed now I see.

For others convenience the changelog is here.
mpack
Site Moderator
 
Posts: 25489
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discuss the 5.2.2 release

Postby michael » 24. Nov 2017, 16:49

Fixed, thank you (and Michal, who pointed it out too).
michael
Oracle Corporation
 
Posts: 569
Joined: 10. May 2007, 09:46

Re: Discuss the 5.2.2 release

Postby halfervirt » 25. Nov 2017, 02:42

I think the hashes are missing for this release. Would someone upload them?

Thanks.

https://www.virtualbox.org/download/has ... SHA256SUMS
https://www.virtualbox.org/download/has ... .2/MD5SUMS
halfervirt
 
Posts: 8
Joined: 12. Mar 2016, 12:01

Re: Discuss the 5.2.2 release

Postby ChipMcK » 25. Nov 2017, 06:58

ChipMcK
Volunteer
 
Posts: 962
Joined: 20. May 2009, 02:17
Location: U S of A
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Windows, OSX

Re: Discuss the 5.2.2 release

Postby socratis » 25. Nov 2017, 09:29

The problem is that the checksums that ChipMcK gave are over "http" and people that are checking the checksums want them over "https". And in the Downloads page (which is https) the links to the checksums are broken (the links that halfervirt gave). I've had another complaint over the IRC.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
socratis
Site Moderator
 
Posts: 12694
Joined: 22. Oct 2010, 11:03
Location: Greece
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5

Re: Discuss the 5.2.2 release

Postby halfervirt » 25. Nov 2017, 12:59

Alright, thanks both. I've upgraded to 5.2.0 for now, and I'll await the 5.2.2 hashes being available over a secure channel.
halfervirt
 
Posts: 8
Joined: 12. Mar 2016, 12:01

Re: Discuss the 5.2.2 release

Postby mpack » 25. Nov 2017, 15:20

halfervirt wrote:Alright, thanks both. I've upgraded to 5.2.0 for now, and I'll await the 5.2.2 hashes being available over a secure channel.

I'm curious why? The hashes have nothing to do with security, they're about checking whether you have a corrupted download, after you suspect same.

On Windows versions at least, security is provided by digital signatures embedded in the executables, including the installer.
mpack
Site Moderator
 
Posts: 25489
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discuss the 5.2.2 release

Postby socratis » 25. Nov 2017, 18:18

mpack wrote:On Windows versions at least, security is provided by digital signatures embedded in the executables, including the installer.

Same on the OSX side about the installer. But I guess that if the download is not from an "https" source, and the SHA256 (minimum) is not available again from an "https" source, some people are having trouble sleeping at night ;)
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
socratis
Site Moderator
 
Posts: 12694
Joined: 22. Oct 2010, 11:03
Location: Greece
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5

Re: Discuss the 5.2.2 release

Postby mpack » 25. Nov 2017, 18:24

AFAICS the website shouldn't matter. Even if you got the installer off a guy with a barrow down at the fishmarket, the installer can only pass a digital signature check if the code is untouched since Oracle signed it.
mpack
Site Moderator
 
Posts: 25489
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discuss the 5.2.2 release

Postby Nickna » 27. Nov 2017, 09:13

mpack wrote:AFAICS the website shouldn't matter. Even if you got the installer off a guy with a barrow down at the fishmarket, the installer can only pass a digital signature check if the code is untouched since Oracle signed it.


You REALLY should know what you're talking about if you've going to dispense security advice to people. In your scenario, you acquire an installer from a stranger at the fishmarket. Now how are you going to verify that it came from Oracle? By trying to open it? Do you see the problem with that?
Nickna
 
Posts: 1
Joined: 27. Nov 2017, 07:53

Re: Discuss the 5.2.2 release

Postby michael » 27. Nov 2017, 10:20

Sorry about that, hashes uploaded.
michael
Oracle Corporation
 
Posts: 569
Joined: 10. May 2007, 09:46

Re: Discuss the 5.2.2 release

Postby mpack » 27. Nov 2017, 11:08

Nickna wrote:You REALLY should know what you're talking about if you've going to dispense security advice to people.

I'm speaking as someone who is a developer who digitally signs his own code with a DigiCert EV certificate (requiring a USB key to be present). How about you?

Nickna wrote:In your scenario, you acquire an installer from a stranger at the fishmarket. Now how are you going to verify that it came from Oracle? By trying to open it?

By using the signature verification tools provided by your OS. This is what the signature is there for. This does not require you to run the suspect executable. If the code has been modified then the digest hash check will fail. Only Oracle can provide an Oracle signature which passes.

[Edit] I see that Michael has fixed the hashes problem, and this discussion is off topic (oops), so we had better stop there.
mpack
Site Moderator
 
Posts: 25489
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discuss the 5.2.2 release

Postby RonSMeyer1 » 28. Nov 2017, 04:16

No go. Back to 5.1.30. You still can't use 3D acceleration in a Linux guest. :?
RonSMeyer1
 
Posts: 20
Joined: 26. May 2012, 16:20
Primary OS: Linux other
VBox Version: PUEL
Guest OSses: Host: Linux Mint / Guests: Win7 32bit - Linux Mint - Win XP - Win 10 - OS/2 Warp 4 - MS-DOS

Re: Discuss the 5.2.2 release

Postby socratis » 28. Nov 2017, 05:43

@RonSMeyer1
Please don't generalize, not all Linux guests have issues. All of mine are just fine, thank you. If you have a problem with a specific distro/version, please state which one. Don't just throw an "all of them" out there.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
socratis
Site Moderator
 
Posts: 12694
Joined: 22. Oct 2010, 11:03
Location: Greece
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5

Next

Return to Using VirtualBox

Who is online

Users browsing this forum: socratis and 13 guests