Date: Mon, 15 May 2017 10:16:25 +0000 (UTC) From: Ganael LAPLANCHE <martymac@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r440915 - in head/games/flightgear: . files Message-ID: <201705151016.v4FAGPVl049450@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: martymac Date: Mon May 15 10:16:25 2017 New Revision: 440915 URL: https://svnweb.freebsd.org/changeset/ports/440915 Log: Backport security fix faf872e7 (CVE-2017-8921) Reported by: Florent Rougon <f.rougon@free.fr> Security: https://sourceforge.net/p/flightgear/flightgear/ci/faf872e7 Added: head/games/flightgear/files/patch-src-Autopilot-route_mgr.cxx (contents, props changed) Modified: head/games/flightgear/Makefile Modified: head/games/flightgear/Makefile ============================================================================== --- head/games/flightgear/Makefile Mon May 15 10:01:40 2017 (r440914) +++ head/games/flightgear/Makefile Mon May 15 10:16:25 2017 (r440915) @@ -3,7 +3,7 @@ PORTNAME= flightgear PORTVERSION= 2017.1.3 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= games MASTER_SITES= SF/flightgear/release-${PORTVERSION:R} Added: head/games/flightgear/files/patch-src-Autopilot-route_mgr.cxx ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/games/flightgear/files/patch-src-Autopilot-route_mgr.cxx Mon May 15 10:16:25 2017 (r440915) @@ -0,0 +1,28 @@ +Fix for CVE-2017-8921 (backport of commit faf872e7) + +--- src/Autopilot/route_mgr.cxx.orig ++++ src/Autopilot/route_mgr.cxx +@@ -74,7 +74,22 @@ static bool commandSaveFlightPlan(const SGPropertyNode* arg) + { + FGRouteMgr* self = (FGRouteMgr*) globals->get_subsystem("route-manager"); + SGPath path = SGPath::fromUtf8(arg->getStringValue("path")); +- return self->saveRoute(path); ++ SGPath authorizedPath = fgValidatePath(path, true /* write */); ++ ++ if (!authorizedPath.isNull()) { ++ return self->saveRoute(authorizedPath); ++ } else { ++ std::string msg = ++ "The route manager was asked to write the flightplan to '" + ++ path.utf8Str() + "', but this path is not authorized for writing. " + ++ "Please choose another location, for instance in the $FG_HOME/Export " ++ "folder (" + (globals->get_fg_home() / "Export").utf8Str() + ")."; ++ ++ SG_LOG(SG_AUTOPILOT, SG_ALERT, msg); ++ modalMessageBox("FlightGear", "Unable to write to the specified file", ++ msg); ++ return false; ++ } + } + + static bool commandActivateFlightPlan(const SGPropertyNode* arg)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201705151016.v4FAGPVl049450>