svn commit: r440915 - in head/games/flightgear: . files

Ganael LAPLANCHE martymac at FreeBSD.org
Mon May 15 10:16:27 UTC 2017 

Author: martymac
Date: Mon May 15 10:16:25 2017
New Revision: 440915
URL: https://svnweb.freebsd.org/changeset/ports/440915

Log:
  Backport security fix faf872e7 (CVE-2017-8921)
  
  Reported by:    Florent Rougon <f.rougon at free.fr>
  Security:	https://sourceforge.net/p/flightgear/flightgear/ci/faf872e7

Added:
  head/games/flightgear/files/patch-src-Autopilot-route_mgr.cxx   (contents, props changed)
Modified:
  head/games/flightgear/Makefile

Modified: head/games/flightgear/Makefile
==============================================================================
--- head/games/flightgear/Makefile	Mon May 15 10:01:40 2017	(r440914)
+++ head/games/flightgear/Makefile	Mon May 15 10:16:25 2017	(r440915)
@@ -3,7 +3,7 @@
 
 PORTNAME=	flightgear
 PORTVERSION=	2017.1.3
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	games
 MASTER_SITES=	SF/flightgear/release-${PORTVERSION:R}
 

Added: head/games/flightgear/files/patch-src-Autopilot-route_mgr.cxx
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/games/flightgear/files/patch-src-Autopilot-route_mgr.cxx	Mon May 15 10:16:25 2017	(r440915)
@@ -0,0 +1,28 @@
+Fix for CVE-2017-8921 (backport of commit faf872e7)
+
+--- src/Autopilot/route_mgr.cxx.orig
++++ src/Autopilot/route_mgr.cxx
+@@ -74,7 +74,22 @@ static bool commandSaveFlightPlan(const SGPropertyNode* arg)
+ {
+   FGRouteMgr* self = (FGRouteMgr*) globals->get_subsystem("route-manager");
+   SGPath path = SGPath::fromUtf8(arg->getStringValue("path"));
+-  return self->saveRoute(path);
++  SGPath authorizedPath = fgValidatePath(path, true /* write */);
++
++  if (!authorizedPath.isNull()) {
++    return self->saveRoute(authorizedPath);
++  } else {
++    std::string msg =
++          "The route manager was asked to write the flightplan to '" +
++          path.utf8Str() + "', but this path is not authorized for writing. " +
++          "Please choose another location, for instance in the $FG_HOME/Export "
++          "folder (" + (globals->get_fg_home() / "Export").utf8Str() + ").";
++
++    SG_LOG(SG_AUTOPILOT, SG_ALERT, msg);
++    modalMessageBox("FlightGear", "Unable to write to the specified file",
++                        msg);
++    return false;
++  }
+ }
+ 
+ static bool commandActivateFlightPlan(const SGPropertyNode* arg)

More information about the svn-ports-all mailing list