Index: head/games/flightgear/Makefile
===================================================================
--- head/games/flightgear/Makefile	(revision 428555)
+++ head/games/flightgear/Makefile	(revision 428556)
@@ -1,62 +1,63 @@
 # Created by: Brian Buchanan <brian@CSUA.Berkeley.EDU>
 # $FreeBSD$
 
 PORTNAME=	flightgear
 PORTVERSION=	2016.4.3
+PORTREVISION=	1
 CATEGORIES=	games
 MASTER_SITES=	SF/flightgear/release-${PORTVERSION:R}
 
 MAINTAINER=	martymac@FreeBSD.org
 COMMENT=	The FlightGear flight simulator
 
 LICENSE=	GPLv2
 
 LIB_DEPENDS=	libpng.so:graphics/png \
 		libboost_thread.so:devel/boost-libs \
 		libfltk.so:x11-toolkits/fltk \
 		libosg.so:graphics/osg \
 		libspeex.so:audio/speex \
 		libspeexdsp.so:audio/speexdsp \
 		libcurl.so:ftp/curl
 BUILD_DEPENDS=	${LOCALBASE}/lib/libplibsl.a:x11-toolkits/plib \
 		${LOCALBASE}/lib/libSimGearCore.a:devel/simgear
 RUN_DEPENDS=	${LOCALBASE}/lib/libplibsl.a:x11-toolkits/plib \
 		${LOCALBASE}/lib/libSimGearCore.a:devel/simgear \
 		${LOCALBASE}/share/flightgear/version:games/flightgear-data
 
 USE_XORG=	ice sm x11 xext xft xi xinerama xmu xt
 USE_GL=		gl glu glut
 
 USES=		alias cmake compiler cpe dos2unix jpeg openal:al,alut sqlite \
 		tar:bzip2
 DOS2UNIX_REGEX=	.*\.(c|h|cxx|cpp|hxx|hpp)
 CMAKE_ARGS+=	-DENABLE_JS_SERVER:BOOL=ON \
 		-DSYSTEM_SQLITE:BOOL=ON \
 		-DFG_DATA_DIR:PATH=${LOCALBASE}/share/${PORTNAME} \
 		-DCMAKE_INSTALL_MANDIR:PATH=${MANPREFIX}/man \
 		-DFGCOM_DATA_PATH:PATH=${DATADIR}
 LDFLAGS+=	-L${LOCALBASE}/lib
 
 OPTIONS_DEFINE=	DBUS QT5
 OPTIONS_DEFAULT=	DBUS QT5
 DBUS_LIB_DEPENDS=	libdbus-1.so:devel/dbus
 DBUS_USES=	pkgconfig
 DBUS_CMAKE_ON=	-DUSE_DBUS:BOOL=ON
 DBUS_CMAKE_OFF=	-DUSE_DBUS:BOOL=OFF
 QT5_CMAKE_ON=	-DENABLE_QT:BOOL=ON
 QT5_CMAKE_OFF=	-DENABLE_QT:BOOL=OFF
 QT5_USE=	QT5=core,buildtools,gui,qmake,widgets
 
 .include <bsd.port.pre.mk>
 
 # Chase devel/simgear compiler version
 .if ${COMPILER_TYPE} == gcc && ${COMPILER_VERSION} < 46
 USE_GCC=	yes
 CXXFLAGS+=	-D_GLIBCXX_USE_C99
 .endif
 
 post-install:
 	${INSTALL_PROGRAM} ${WRKSRC}/utils/js_server/js_server \
 		${STAGEDIR}${PREFIX}/bin
 
 .include <bsd.port.post.mk>
Index: head/games/flightgear/files/patch-280cd52-src-Autopilot-route_mgr.cxx
===================================================================
--- head/games/flightgear/files/patch-280cd52-src-Autopilot-route_mgr.cxx	(nonexistent)
+++ head/games/flightgear/files/patch-280cd52-src-Autopilot-route_mgr.cxx	(revision 428556)
@@ -0,0 +1,55 @@
+commit 280cd523686fbdb175d50417266d2487a8ce67d2
+Author: Florent Rougon <f.rougon@free.fr>
+Date:   Fri Dec 9 11:29:13 2016 +0100
+
+    Security fix: don't allow the route manager to overwrite any file
+    
+    Since the Save function can be triggered from Nasal with an arbitrary
+    path, we must check this path before overwriting the file.
+    
+    (also add a missing include that is directly needed for this commit)
+
+diff --git src/Autopilot/route_mgr.cxx src/Autopilot/route_mgr.cxx
+index bae5b1d23..901c64e14 100644
+--- src/Autopilot/route_mgr.cxx
++++ src/Autopilot/route_mgr.cxx
+@@ -44,6 +44,7 @@
+ #include <simgear/timing/sg_time.hxx>
+ #include <simgear/sg_inlines.h>
+ 
++#include <Main/globals.hxx>
+ #include "Main/fg_props.hxx"
+ #include "Navaids/positioned.hxx"
+ #include <Navaids/waypoint.hxx>
+@@ -54,6 +55,8 @@
+ #include "Airports/runways.hxx"
+ #include <GUI/new_gui.hxx>
+ #include <GUI/dialog.hxx>
++#include <Main/util.hxx>        // fgValidatePath()
++#include <GUI/MessageBox.hxx>
+ 
+ #define RM "/autopilot/route-manager/"
+ 
+@@ -709,7 +712,21 @@ void FGRouteMgr::InputListener::valueChanged(SGPropertyNode *prop)
+       mgr->loadRoute(path);
+     } else if (!strcmp(s, "@SAVE")) {
+       SGPath path(mgr->_pathNode->getStringValue());
+-      mgr->saveRoute(path);
++      SGPath authorizedPath = fgValidatePath(path, true /* write */);
++
++      if (!authorizedPath.isNull()) {
++        mgr->saveRoute(authorizedPath);
++      } else {
++        std::string msg =
++          "The route manager was asked to write the flightplan to '" +
++          path.utf8Str() + "', but this path is not authorized for writing. " +
++          "Please choose another location, for instance in the $FG_HOME/Export "
++          "folder (" + (globals->get_fg_home() / "Export").utf8Str() + ").";
++
++        SG_LOG(SG_AUTOPILOT, SG_ALERT, msg);
++        modalMessageBox("FlightGear", "Unable to write to the specified file",
++                        msg);
++      }
+     } else if (!strcmp(s, "@NEXT")) {
+       mgr->jumpToIndex(mgr->currentIndex() + 1);
+     } else if (!strcmp(s, "@PREVIOUS")) {

Property changes on: head/games/flightgear/files/patch-280cd52-src-Autopilot-route_mgr.cxx
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property