From 21fd3a92a61d31ce848177c0049cb6eb39963161 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Wed, 11 Jul 2012 01:00:17 +0100
Subject: [PATCH] make-secnet-sites: Do not permit "include" in simple sites
 files

Restrict the "include" directive to the "header" of -u (groupfile
update) mode.  Callers who are simply using make-secnet-sites to
transform a (possibly untrusted) sites file into a (to be trusted)
sites.conf file should not have to worry about includes.

"include" directives are already forbidden in group files.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---
 make-secnet-sites | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/make-secnet-sites b/make-secnet-sites
index aa50344..966bb77 100755
--- a/make-secnet-sites
+++ b/make-secnet-sites
@@ -480,7 +480,7 @@ else:
 		if len(sys.argv)>3:
 			print "Too many arguments"
 			sys.exit(1)
-		pfilepath(sys.argv[1],allow_include=True)
+		pfilepath(sys.argv[1])
 		of=sys.stdout
 		if len(sys.argv)>2:
 			of=open(sys.argv[2],'w')
-- 
2.30.2