# This patch file is to warn future maintainers of VirtualBox on openSUSE # platforms that the distributed versions of vboxadd.sh and vboxdrv.sh # contain security holes. If you need to use these scripts in the future, # please consult the Security Group at openSUSE. # # January 31, 2019 - Larry Finger # Index: VirtualBox-6.0.6/src/VBox/Additions/linux/installer/vboxadd.sh =================================================================== --- VirtualBox-6.0.6.orig/src/VBox/Additions/linux/installer/vboxadd.sh +++ VirtualBox-6.0.6/src/VBox/Additions/linux/installer/vboxadd.sh @@ -489,9 +489,11 @@ dmnstatus() fi } -for i; do - case "$i" in quiet) QUIET=yes;; esac -done +echo "This script has insecurities. It must never be used in openSUSE without consultine Security." +exit 1 + +case "$2" in quiet) + QUIET=yes;; case "$1" in # Does setup without clean-up first and marks all kernels currently found on the # system so that we can see later if any were added. Index: VirtualBox-6.0.6/src/VBox/Installer/linux/vboxdrv.sh =================================================================== --- VirtualBox-6.0.6.orig/src/VBox/Installer/linux/vboxdrv.sh +++ VirtualBox-6.0.6/src/VBox/Installer/linux/vboxdrv.sh @@ -37,6 +37,9 @@ DEVICE=/dev/vboxdrv MODPROBE=/sbin/modprobe SCRIPTNAME=vboxdrv.sh +echo "This script has insecurities. It must never be used in openSUSE without consultine Security." +exit 1 + # The below is GNU-specific. See VBox.sh for the longer Solaris/OS X version. TARGET=`readlink -e -- "${0}"` || exit 1 SCRIPT_DIR="${TARGET%/[!/]*}"