virtualbox/security_fixes.patch

# This patch file is to warn future maintainers of VirtualBox on openSUSE
# platforms that the distributed versions of vboxadd.sh and vboxdrv.sh
# contain security holes. If you need to use these scripts in the future,
# please consult the Security Group at openSUSE.
#
# January 31, 2019 - Larry Finger
#
Index: VirtualBox-6.0.6/src/VBox/Additions/linux/installer/vboxadd.sh
===================================================================
--- VirtualBox-6.0.6.orig/src/VBox/Additions/linux/installer/vboxadd.sh
+++ VirtualBox-6.0.6/src/VBox/Additions/linux/installer/vboxadd.sh
@@ -489,9 +489,11 @@ dmnstatus()
     fi
 }
 
-for i; do
-    case "$i" in quiet) QUIET=yes;; esac
-done
+echo "This script has insecurities. It must never be used in openSUSE without consultine Security."
+exit 1
+
+case "$2" in quiet)
+    QUIET=yes;;
 case "$1" in
 # Does setup without clean-up first and marks all kernels currently found on the
 # system so that we can see later if any were added.
Index: VirtualBox-6.0.6/src/VBox/Installer/linux/vboxdrv.sh
===================================================================
--- VirtualBox-6.0.6.orig/src/VBox/Installer/linux/vboxdrv.sh
+++ VirtualBox-6.0.6/src/VBox/Installer/linux/vboxdrv.sh
@@ -37,6 +37,9 @@ DEVICE=/dev/vboxdrv
 MODPROBE=/sbin/modprobe
 SCRIPTNAME=vboxdrv.sh
 
+echo "This script has insecurities. It must never be used in openSUSE without consultine Security."
+exit 1
+
 # The below is GNU-specific.  See VBox.sh for the longer Solaris/OS X version.
 TARGET=`readlink -e -- "${0}"` || exit 1
 SCRIPT_DIR="${TARGET%/[!/]*}"