Index: head/devel/simgear/Makefile =================================================================== --- head/devel/simgear/Makefile (revision 430719) +++ head/devel/simgear/Makefile (revision 430720) @@ -1,30 +1,29 @@ # $FreeBSD$ PORTNAME= simgear -PORTVERSION= 2016.4.3 -PORTREVISION= 2 +PORTVERSION= 2016.4.4 CATEGORIES= devel games MASTER_SITES= SF/flightgear/release-${PORTVERSION:R} MAINTAINER= martymac@FreeBSD.org COMMENT= Toolkit for 3D games and simulations LICENSE= GPLv2 BUILD_DEPENDS= ${LOCALBASE}/lib/libplibsl.a:x11-toolkits/plib RUN_DEPENDS= ${LOCALBASE}/lib/libplibsl.a:x11-toolkits/plib LIB_DEPENDS= libboost_thread.so:devel/boost-libs \ libosg.so:graphics/osg USE_XORG= ice sm x11 xext xi xmu xt USE_GL= gl glu glut USES= alias cmake compiler cpe jpeg openal:al,alut tar:bzip2 .include # When building with Gcc, needs Gcc 4.6+ .if ${COMPILER_TYPE} == gcc && ${COMPILER_VERSION} < 46 USE_GCC= yes .endif .include Index: head/devel/simgear/distinfo =================================================================== --- head/devel/simgear/distinfo (revision 430719) +++ head/devel/simgear/distinfo (revision 430720) @@ -1,3 +1,3 @@ -TIMESTAMP = 1481013012 -SHA256 (simgear-2016.4.3.tar.bz2) = 6933550215818c2043b84df01b6bf5f7adef218c8648b510b8202e394003d2bd -SIZE (simgear-2016.4.3.tar.bz2) = 1201326 +TIMESTAMP = 1483648162 +SHA256 (simgear-2016.4.4.tar.bz2) = 5514fd0006bbfcdbdc0e2dab7da41eae491ea03a6246cc6a009590032b2fc1dc +SIZE (simgear-2016.4.4.tar.bz2) = 1200320 Index: head/devel/simgear/files/patch-a2b111b-simgear-io-HTTPRepository.cxx =================================================================== --- head/devel/simgear/files/patch-a2b111b-simgear-io-HTTPRepository.cxx (revision 430719) +++ head/devel/simgear/files/patch-a2b111b-simgear-io-HTTPRepository.cxx (nonexistent) @@ -1,28 +0,0 @@ -commit a2b111bb09485769d75addf563cb6e44be6655b3 -Author: James Turner -Date: Wed Dec 14 09:41:44 2016 +0000 - - Bugfix: reject dubious paths in HTTP repos. - - This avoids a malicious repository writing to files outside the local - storage root. - -diff --git simgear/io/HTTPRepository.cxx simgear/io/HTTPRepository.cxx -index 1c95f278..b0335783 100644 ---- simgear/io/HTTPRepository.cxx -+++ simgear/io/HTTPRepository.cxx -@@ -503,6 +503,14 @@ private: - SG_LOG(SG_TERRASYNC, SG_WARN, "malformed .dirindex file: invalid type in line '" << line << "', expected 'd' or 'f', (ignoring line)" ); - continue; - } -+ -+ // security: prevent writing outside the repository via ../../.. filenames -+ // (valid filenames never contain / - subdirectories have their own .dirindex) -+ if ((tokens[1] == "..") || (tokens[1].find_first_of("/\\") != std::string::npos)) { -+ SG_LOG(SG_TERRASYNC, SG_WARN, "malformed .dirindex file: invalid filename in line '" << line << "', (ignoring line)" ); -+ continue; -+ } -+ - children.push_back(ChildInfo(typeData == "f" ? ChildInfo::FileType : ChildInfo::DirectoryType, tokens[1], tokens[2])); - - if (tokens.size() > 3) { Property changes on: head/devel/simgear/files/patch-a2b111b-simgear-io-HTTPRepository.cxx ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/games/flightgear/Makefile =================================================================== --- head/games/flightgear/Makefile (revision 430719) +++ head/games/flightgear/Makefile (revision 430720) @@ -1,63 +1,62 @@ # Created by: Brian Buchanan # $FreeBSD$ PORTNAME= flightgear -PORTVERSION= 2016.4.3 -PORTREVISION= 2 +PORTVERSION= 2016.4.4 CATEGORIES= games MASTER_SITES= SF/flightgear/release-${PORTVERSION:R} MAINTAINER= martymac@FreeBSD.org COMMENT= The FlightGear flight simulator LICENSE= GPLv2 LIB_DEPENDS= libpng.so:graphics/png \ libboost_thread.so:devel/boost-libs \ libfltk.so:x11-toolkits/fltk \ libosg.so:graphics/osg \ libspeex.so:audio/speex \ libspeexdsp.so:audio/speexdsp \ libcurl.so:ftp/curl BUILD_DEPENDS= ${LOCALBASE}/lib/libplibsl.a:x11-toolkits/plib \ ${LOCALBASE}/lib/libSimGearCore.a:devel/simgear RUN_DEPENDS= ${LOCALBASE}/lib/libplibsl.a:x11-toolkits/plib \ ${LOCALBASE}/lib/libSimGearCore.a:devel/simgear \ ${LOCALBASE}/share/flightgear/version:games/flightgear-data USE_XORG= ice sm x11 xext xft xi xinerama xmu xt USE_GL= gl glu glut USES= alias cmake compiler cpe dos2unix jpeg openal:al,alut sqlite \ tar:bzip2 DOS2UNIX_REGEX= .*\.(c|h|cxx|cpp|hxx|hpp) CMAKE_ARGS+= -DENABLE_JS_SERVER:BOOL=ON \ -DSYSTEM_SQLITE:BOOL=ON \ -DFG_DATA_DIR:PATH=${LOCALBASE}/share/${PORTNAME} \ -DCMAKE_INSTALL_MANDIR:PATH=${MANPREFIX}/man \ -DFGCOM_DATA_PATH:PATH=${DATADIR} LDFLAGS+= -L${LOCALBASE}/lib OPTIONS_DEFINE= DBUS QT5 OPTIONS_DEFAULT= DBUS QT5 DBUS_LIB_DEPENDS= libdbus-1.so:devel/dbus DBUS_USES= pkgconfig DBUS_CMAKE_ON= -DUSE_DBUS:BOOL=ON DBUS_CMAKE_OFF= -DUSE_DBUS:BOOL=OFF QT5_CMAKE_ON= -DENABLE_QT:BOOL=ON QT5_CMAKE_OFF= -DENABLE_QT:BOOL=OFF QT5_USE= QT5=core,buildtools,gui,qmake,widgets .include # Chase devel/simgear compiler version .if ${COMPILER_TYPE} == gcc && ${COMPILER_VERSION} < 46 USE_GCC= yes CXXFLAGS+= -D_GLIBCXX_USE_C99 .endif post-install: ${INSTALL_PROGRAM} ${WRKSRC}/utils/js_server/js_server \ ${STAGEDIR}${PREFIX}/bin .include Index: head/games/flightgear/distinfo =================================================================== --- head/games/flightgear/distinfo (revision 430719) +++ head/games/flightgear/distinfo (revision 430720) @@ -1,3 +1,3 @@ -TIMESTAMP = 1481013038 -SHA256 (flightgear-2016.4.3.tar.bz2) = 35a9c439265e4a9caf794458bb42917d93280b2e561cc7b9a02aaba1226d2822 -SIZE (flightgear-2016.4.3.tar.bz2) = 7559919 +TIMESTAMP = 1483648311 +SHA256 (flightgear-2016.4.4.tar.bz2) = d51992cbe40f1812f9821ab27b838d52e04c10551772d57fc2e815f4444dfafc +SIZE (flightgear-2016.4.4.tar.bz2) = 7560911 Index: head/games/flightgear/files/patch-280cd52-src-Autopilot-route_mgr.cxx =================================================================== --- head/games/flightgear/files/patch-280cd52-src-Autopilot-route_mgr.cxx (revision 430719) +++ head/games/flightgear/files/patch-280cd52-src-Autopilot-route_mgr.cxx (nonexistent) @@ -1,55 +0,0 @@ -commit 280cd523686fbdb175d50417266d2487a8ce67d2 -Author: Florent Rougon -Date: Fri Dec 9 11:29:13 2016 +0100 - - Security fix: don't allow the route manager to overwrite any file - - Since the Save function can be triggered from Nasal with an arbitrary - path, we must check this path before overwriting the file. - - (also add a missing include that is directly needed for this commit) - -diff --git src/Autopilot/route_mgr.cxx src/Autopilot/route_mgr.cxx -index bae5b1d23..901c64e14 100644 ---- src/Autopilot/route_mgr.cxx -+++ src/Autopilot/route_mgr.cxx -@@ -44,6 +44,7 @@ - #include - #include - -+#include
- #include "Main/fg_props.hxx" - #include "Navaids/positioned.hxx" - #include -@@ -54,6 +55,8 @@ - #include "Airports/runways.hxx" - #include - #include -+#include
// fgValidatePath() -+#include - - #define RM "/autopilot/route-manager/" - -@@ -709,7 +712,21 @@ void FGRouteMgr::InputListener::valueChanged(SGPropertyNode *prop) - mgr->loadRoute(path); - } else if (!strcmp(s, "@SAVE")) { - SGPath path(mgr->_pathNode->getStringValue()); -- mgr->saveRoute(path); -+ SGPath authorizedPath = fgValidatePath(path, true /* write */); -+ -+ if (!authorizedPath.isNull()) { -+ mgr->saveRoute(authorizedPath); -+ } else { -+ std::string msg = -+ "The route manager was asked to write the flightplan to '" + -+ path.utf8Str() + "', but this path is not authorized for writing. " + -+ "Please choose another location, for instance in the $FG_HOME/Export " -+ "folder (" + (globals->get_fg_home() / "Export").utf8Str() + ")."; -+ -+ SG_LOG(SG_AUTOPILOT, SG_ALERT, msg); -+ modalMessageBox("FlightGear", "Unable to write to the specified file", -+ msg); -+ } - } else if (!strcmp(s, "@NEXT")) { - mgr->jumpToIndex(mgr->currentIndex() + 1); - } else if (!strcmp(s, "@PREVIOUS")) { Property changes on: head/games/flightgear/files/patch-280cd52-src-Autopilot-route_mgr.cxx ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/games/flightgear-data/Makefile =================================================================== --- head/games/flightgear-data/Makefile (revision 430719) +++ head/games/flightgear-data/Makefile (revision 430720) @@ -1,44 +1,44 @@ # Created by: Brian Buchanan # $FreeBSD$ PORTNAME= flightgear-data -PORTVERSION= 2016.4.3 +PORTVERSION= 2016.4.4 CATEGORIES= games MASTER_SITES= SF/flightgear/release-${PORTVERSION:R} DISTNAME= FlightGear-${PORTVERSION}-data MAINTAINER= martymac@FreeBSD.org COMMENT= FlightGear scenery, textures, and aircraft models LICENSE= GPLv2 NO_BUILD= yes USES= tar:bzip2 WRKSRC= ${WRKDIR}/fgdata DATADIR= ${PREFIX}/share/flightgear PLIST= ${WRKDIR}/pkg-plist PLIST_DIRS= %%DATADIR%% BROKEN_aarch64= Fails to install: runaway process BROKEN_armv6= Fails to install: runaway process BROKEN_mips64= Fails to install: runaway process post-patch: @${RM} ${WRKSRC}/COPYING pre-install: @${RM} ${PLIST} @cd ${WRKSRC} && \ ${FIND} * -type d -empty | ${SORT} \ | ${SED} -e 's|^|@exec ${MKDIR} %D/share/flightgear/|' >> ${PLIST} && \ ${FIND} * -type f | ${SORT} \ | ${SED} -e 's|^|%%DATADIR%%/|' >> ${PLIST} && \ ${FIND} * -type d -empty | ${SORT} -r \ | ${SED} -e 's|^|@dir %%DATADIR%%/|' >> ${PLIST} do-install: ${MKDIR} ${STAGEDIR}${DATADIR} (cd ${WRKSRC}/ && ${COPYTREE_SHARE} . ${STAGEDIR}${DATADIR} "! ( -name .git -o -name .gitignore )") .include Index: head/games/flightgear-data/distinfo =================================================================== --- head/games/flightgear-data/distinfo (revision 430719) +++ head/games/flightgear-data/distinfo (revision 430720) @@ -1,3 +1,3 @@ -TIMESTAMP = 1481013221 -SHA256 (FlightGear-2016.4.3-data.tar.bz2) = e4f6b26624af3fa6cf874077a8fe2f57fc298d124a7899731946a593cd73c4f3 -SIZE (FlightGear-2016.4.3-data.tar.bz2) = 1648602662 +TIMESTAMP = 1483648719 +SHA256 (FlightGear-2016.4.4-data.tar.bz2) = 3dfd4b82c99a8bf4b81dd31846efce52ed417be180eaa71020ccc914f9a49668 +SIZE (FlightGear-2016.4.4-data.tar.bz2) = 1654119067