diff -u kismet-2.2.1/CHANGELOG kismet-2.2.2/CHANGELOG
--- kismet-2.2.1/CHANGELOG	Mon May 27 23:46:39 2002
+++ kismet-2.2.2/CHANGELOG	Tue May 28 11:26:36 2002
@@ -1,4 +1,8 @@
-May 26 2002  2.2.1  !! 2.2.1 released - potentially exploitable local root
+May 28 2002  2.2.2  !! 2.2.2 released - fixes potentially exploitable remote
+                       hole in Festival saytext. !!
+                    Added Zaurus default configs to Zaurus ipk
+
+May 27 2002  2.2.1  !! 2.2.1 released - potentially exploitable local root
                        hole fixed !!
 
 May 16 2002  2.2    !! 2.2 released (wow, it's been a month, hasn't it.)
diff -u kismet-2.2.1/Makefile.in kismet-2.2.2/Makefile.in
--- kismet-2.2.1/Makefile.in	Tue May 14 00:50:04 2002
+++ kismet-2.2.2/Makefile.in	Tue May 28 11:25:36 2002
@@ -219,6 +219,8 @@
 		cp scripts/cisco_unmonitor packaging/ipkg/$(BIN)/ ; \
 	else  \
 		cp $(BUZZER) packaging/ipkg/$(BIN)/buzzme; \
+		cp conf/zaurus_kismet.conf packaging/ipkg/$(ETC)/kismet.conf; \
+		cp conf/zaurus_kismet_ui.conf packaging/ipkg/$(ETC)/kismet_ui.conf; \
 	fi
 	@cp scripts/prism2_monitor packaging/ipkg/$(BIN)/
 	@cp scripts/prism2_unmonitor packaging/ipkg/$(BIN)/
Common subdirectories: kismet-2.2.1/conf and kismet-2.2.2/conf
diff -u kismet-2.2.1/config.log kismet-2.2.2/config.log
--- kismet-2.2.1/config.log	Fri May 17 12:35:49 2002
+++ kismet-2.2.2/config.log	Tue May 28 11:51:54 2002
@@ -4,7 +4,7 @@
 It was created by configure, which was
 generated by GNU Autoconf 2.50.  Invocation command line was
 
-  $ ./configure --host=arm-linux --with-pcap=linux
+  $ ./configure --host=arm-linux --disable-pcap --enable-zaurus
 
 ## ---------- ##
 ## Platform.  ##
@@ -335,13 +335,14 @@
 }
 configure:3811: result: no
 configure:3813: WARNING: *** Missing working Linux Wireless kernel extentions.  Wavelan/generic source will not be built. ***
+configure:4095: WARNING: Compiling without libpcap support.
 configure:4109: checking for suid-root installation
 configure:4111: result: yes
 configure:4185: checking for glib-config
 configure:4200: found /opt/gnome/bin/glib-config
 configure:4209: result: yes
 configure:4222: checking for usable wiretap in /usr/src/ethereal-0.9.3/wiretap
-configure:4254: arm-linux-gcc -o conftest -g -O2  -Ilibpcap-2002.05.16 -I/opt/gnome/include/glib-1.2 -I/opt/gnome/lib/glib/include -I/usr/src/ethereal-0.9.3/wiretap  conftest.c  -lpanel -lncurses -lz -L/opt/gnome/lib -lglib -L/usr/src/ethereal-0.9.3/wiretap -lwiretap >&5
+configure:4254: arm-linux-gcc -o conftest -g -O2  -I/opt/gnome/include/glib-1.2 -I/opt/gnome/lib/glib/include -I/usr/src/ethereal-0.9.3/wiretap  conftest.c  -lpanel -lncurses -lz -L/opt/gnome/lib -lglib -L/usr/src/ethereal-0.9.3/wiretap -lwiretap >&5
 collect2: ld terminated with signal 11 [Segmentation fault], core dumped
 configure:4257: $? = 1
 configure: failed program was:
@@ -374,11 +375,11 @@
 configure:4446: found /usr/bin/wget
 configure:4455: result: yes
 configure:4473: checking for magick/api.h
-configure:4483: arm-linux-gcc -E  -Ilibpcap-2002.05.16 -I/usr/X11R6/include/freetype2 -D_REENTRANT -D_FILE_OFFSET_BITS=64 -I/usr/local/include -I/usr/X11R6/include -I/usr/X11R6/include/X11 conftest.c
+configure:4483: arm-linux-gcc -E  -I/usr/X11R6/include/freetype2 -D_REENTRANT -D_FILE_OFFSET_BITS=64 -I/usr/local/include -I/usr/X11R6/include -I/usr/X11R6/include/X11 conftest.c
 configure:4489: $? = 0
 configure:4508: result: yes
 configure:4511: checking for WriteImage in -lMagick
-configure:4538: arm-linux-gcc -o conftest -g -O2  -Ilibpcap-2002.05.16 -I/usr/X11R6/include/freetype2 -D_REENTRANT -D_FILE_OFFSET_BITS=64 -I/usr/local/include -I/usr/X11R6/include -I/usr/X11R6/include/X11  -Ilibpcap-2002.05.16 -Ilibpcap-2002.05.16 -g -O2 -Wall -L/usr/X11R6/lib -L/usr/local/lib -L/usr/X11R6/lib conftest.c -lMagick   -Ilibpcap-2002.05.16 -Ilibpcap-2002.05.16 -g -O2 -Wall -L/home/dragorn/ImageMagick-5.4.5/magick -lMagick -ltiff -lfreetype -ljpeg -lpng -ldpstk -ldps -lXext -lXt -lSM -lICE -lX11 -lbz2 -lz -lpthread -lm >&5
+configure:4538: arm-linux-gcc -o conftest -g -O2  -I/usr/X11R6/include/freetype2 -D_REENTRANT -D_FILE_OFFSET_BITS=64 -I/usr/local/include -I/usr/X11R6/include -I/usr/X11R6/include/X11 -g -O2 -g -O2 -Wall -L/usr/X11R6/lib -L/usr/local/lib -L/usr/X11R6/lib conftest.c -lMagick  -g -O2 -g -O2 -Wall -L/home/dragorn/ImageMagick-5.4.5/magick -lMagick -ltiff -lfreetype -ljpeg -lpng -ldpstk -ldps -lXext -lXt -lSM -lICE -lX11 -lbz2 -lz -lpthread -lm >&5
 /data/lart/cross/arm-linux/bin/ld: cannot find -ltiff
 collect2: ld returned 1 exit status
 configure:4541: $? = 1
@@ -403,11 +404,11 @@
 configure:4558: result: no
 configure:4567: WARNING: *** Missing Imagemagick (or Imagemagick is not recent enough).  gpsmap will not be built. ***
 configure:4665: checking for pthread.h
-configure:4675: arm-linux-gcc -E  -Ilibpcap-2002.05.16 conftest.c
+configure:4675: arm-linux-gcc -E  conftest.c
 configure:4681: $? = 0
 configure:4700: result: yes
 configure:4703: checking for pthread_create in -lpthread
-configure:4730: arm-linux-gcc -o conftest -g -O2  -Ilibpcap-2002.05.16  conftest.c -lpthread   -lpanel -lncurses >&5
+configure:4730: arm-linux-gcc -o conftest -g -O2   conftest.c -lpthread   -lpanel -lncurses >&5
 configure:4733: $? = 0
 configure:4736: test -s conftest
 configure:4739: $? = 0
@@ -432,8 +433,6 @@
 config.status:5307: creating extra/buzzme/Makefile
 config.status:5307: creating extra/Makefile
 config.status:5399: creating config.h
-configure:5644: configuring in libpcap-2002.05.16
-configure:5711: running /bin/sh './configure'  --host=arm-linux --with-pcap=linux --cache-file=/dev/null --srcdir=.
 
 ## ----------------- ##
 ## Cache variables.  ##
@@ -496,7 +495,6 @@
 ac_cv_lib_ncurses_initscr=yes
 ac_cv_lib_panel_new_panel=yes
 ac_cv_lib_pthread_pthread_create=yes
-ac_cv_linux_vers=2.4.16
 ac_cv_objext=o
 ac_cv_path_install=$'/usr/bin/ginstall -c'
 ac_cv_prog_CC=arm-linux-gcc
@@ -557,7 +555,6 @@
 #define BUILD_PANEL 1
 #define HAVE_GPS 1
 #define HAVE_LINUX_NETLINK 1
-#define HAVE_LIBPCAP 1
 #define USE_LOCAL_DUMP 1
 #define HAVE_PTHREAD 1
 
diff -u kismet-2.2.1/configfile.cc kismet-2.2.2/configfile.cc
--- kismet-2.2.1/configfile.cc	Sat May  4 02:18:59 2002
+++ kismet-2.2.2/configfile.cc	Tue May 28 02:11:08 2002
@@ -7,6 +7,39 @@
 #include <errno.h>
 #include "configfile.h"
 
+// Munge input to shell-safe
+void MungeToShell(char *in_data, int max) {
+    for (int i = 0; i < max; i++) {
+        // space
+        if (in_data[i] == 32)
+            continue;
+
+        // " to :
+        if (in_data[i] >= 34 && in_data[i] <= 58)
+            continue;
+
+        // =
+        if (in_data[i] == 61)
+            continue;
+
+        if (in_data[i] >= 63 && in_data[i] <= 90)
+            continue;
+
+        if (in_data[i] == 95)
+            continue;
+
+        if (in_data[i] >= 97 && in_data[i] <= 122)
+            continue;
+
+        if (in_data[i] == 126)
+            continue;
+
+        in_data[i] = '\0';
+        break;
+    }
+}
+
+
 string StrLower(string in_str) {
     string thestr = in_str;
     for (unsigned int i = 0; i < thestr.length(); i++)
diff -u kismet-2.2.1/configfile.h kismet-2.2.2/configfile.h
--- kismet-2.2.1/configfile.h	Tue May  7 10:07:37 2002
+++ kismet-2.2.2/configfile.h	Tue May 28 02:10:49 2002
@@ -13,6 +13,7 @@
 #include <string>
 #include <map>
 
+void MungeToShell(char *in_data, int max);
 string StrLower(string in_str);
 string StrStrip(string in_str);
 
Common subdirectories: kismet-2.2.1/docs and kismet-2.2.2/docs
Common subdirectories: kismet-2.2.1/extra and kismet-2.2.2/extra
diff -u kismet-2.2.1/kismet_curses.cc kismet-2.2.2/kismet_curses.cc
--- kismet-2.2.1/kismet_curses.cc	Mon May 27 23:47:50 2002
+++ kismet-2.2.2/kismet_curses.cc	Tue May 28 02:13:09 2002
@@ -92,8 +92,12 @@
 // Fork and run a system call to play a sound
 void SayText(string player, string text) {
     char snd_call[1024];
+    char textprint[1024];
 
-    snprintf(snd_call, 1024, "echo '(SayText \"%s\")' | %s >/dev/null 2>/dev/null &", text.c_str(),
+    snprintf(textprint, 1024, "%s", text.c_str());
+    MungeToShell(textprint, 1024);
+
+    snprintf(snd_call, 1024, "echo '(SayText \"%s\")' | %s >/dev/null 2>/dev/null &", textprint,
              player.c_str());
 
     if (system(snd_call) < 0) {
diff -u kismet-2.2.1/kismet_server.cc kismet-2.2.2/kismet_server.cc
--- kismet-2.2.1/kismet_server.cc	Mon May 27 23:47:13 2002
+++ kismet-2.2.2/kismet_server.cc	Tue May 28 02:12:04 2002
@@ -265,7 +265,12 @@
 void SayText(string player, string text) {
     char snd_call[1024];
 
-    snprintf(snd_call, 1024, "echo '(SayText \"%s\")' | %s &", text.c_str(),
+    char textprint[1024];
+
+    snprintf(textprint, 1024, "%s", text.c_str());
+    MungeToShell(textprint, 1024);
+
+    snprintf(snd_call, 1024, "echo '(SayText \"%s\")' | %s &", textprint,
              player.c_str());
 
     if (system(snd_call) < 0) {
Common subdirectories: kismet-2.2.1/libpcap-2002.05.16 and kismet-2.2.2/libpcap-2002.05.16
Common subdirectories: kismet-2.2.1/packaging and kismet-2.2.2/packaging
Common subdirectories: kismet-2.2.1/scripts and kismet-2.2.2/scripts
Common subdirectories: kismet-2.2.1/wav and kismet-2.2.2/wav