File security_fixes.patch of Package virtualbox.openSUSE_Leap_15.3_Update
# This patch file is to warn future maintainers of VirtualBox on openSUSE
# platforms that the distributed versions of vboxadd.sh and vboxdrv.sh
# contain security holes. If you need to use these scripts in the future,
# please consult the Security Group at openSUSE.
#
# January 31, 2019 - Larry Finger
#
Index: VirtualBox-7.0.4/src/VBox/Additions/linux/installer/vboxadd.sh
===================================================================
--- VirtualBox-7.0.4.orig/src/VBox/Additions/linux/installer/vboxadd.sh
+++ VirtualBox-7.0.4/src/VBox/Additions/linux/installer/vboxadd.sh
@@ -864,9 +864,11 @@ dmnstatus()
fi
}
-for i; do
- case "$i" in quiet) QUIET=yes;; esac
-done
+echo "This script has insecurities. It must never be used in openSUSE without consultine Security."
+exit 1
+
+case "$2" in quiet)
+ QUIET=yes;;
case "$1" in
# Does setup without clean-up first and marks all kernels currently found on the
# system so that we can see later if any were added.
Index: VirtualBox-7.0.4/src/VBox/Installer/linux/vboxdrv.sh
===================================================================
--- VirtualBox-7.0.4.orig/src/VBox/Installer/linux/vboxdrv.sh
+++ VirtualBox-7.0.4/src/VBox/Installer/linux/vboxdrv.sh
@@ -48,6 +48,9 @@ DEVICE=/dev/vboxdrv
MODPROBE=/sbin/modprobe
SCRIPTNAME=vboxdrv.sh
+echo "This script has insecurities. It must never be used in openSUSE without consultine Security."
+exit 1
+
# The below is GNU-specific. See VBox.sh for the longer Solaris/OS X version.
TARGET=`readlink -e -- "${0}"` || exit 1
SCRIPT_DIR="${TARGET%/[!/]*}"