Index: head/games/flightgear/Makefile =================================================================== --- head/games/flightgear/Makefile (revision 448871) +++ head/games/flightgear/Makefile (revision 448872) @@ -1,65 +1,65 @@ # Created by: Brian Buchanan # $FreeBSD$ PORTNAME= flightgear PORTVERSION= 2017.1.3 -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= games MASTER_SITES= SF/flightgear/release-${PORTVERSION:R} MAINTAINER= martymac@FreeBSD.org COMMENT= The FlightGear flight simulator LICENSE= GPLv2 LIB_DEPENDS= libpng.so:graphics/png \ libboost_thread.so:devel/boost-libs \ libfltk.so:x11-toolkits/fltk \ libfreetype.so:print/freetype2 \ libosg.so:graphics/osg \ libspeex.so:audio/speex \ libspeexdsp.so:audio/speexdsp \ libcurl.so:ftp/curl \ libudev.so:devel/libudev-devd BUILD_DEPENDS= ${LOCALBASE}/lib/libplibsl.a:x11-toolkits/plib \ ${LOCALBASE}/lib/libSimGearCore.a:devel/simgear RUN_DEPENDS= ${LOCALBASE}/lib/libplibsl.a:x11-toolkits/plib \ ${LOCALBASE}/lib/libSimGearCore.a:devel/simgear \ ${LOCALBASE}/share/flightgear/version:games/flightgear-data USE_XORG= ice sm x11 xext xft xi xinerama xmu xt USE_GL= gl glew glu glut USES= alias cmake compiler cpe dos2unix jpeg openal:al,alut sqlite \ tar:bzip2 DOS2UNIX_REGEX= .*\.(c|h|cxx|cpp|hxx|hpp) CMAKE_ARGS+= -DENABLE_JS_SERVER:BOOL=ON \ -DSYSTEM_SQLITE:BOOL=ON \ -DFG_DATA_DIR:PATH=${LOCALBASE}/share/${PORTNAME} \ -DCMAKE_INSTALL_MANDIR:PATH=${MANPREFIX}/man \ -DFGCOM_DATA_PATH:PATH=${DATADIR} LDFLAGS+= -L${LOCALBASE}/lib OPTIONS_DEFINE= DBUS QT5 OPTIONS_DEFAULT= DBUS QT5 DBUS_LIB_DEPENDS= libdbus-1.so:devel/dbus DBUS_USES= pkgconfig DBUS_CMAKE_ON= -DUSE_DBUS:BOOL=ON DBUS_CMAKE_OFF= -DUSE_DBUS:BOOL=OFF QT5_CMAKE_ON= -DENABLE_QT:BOOL=ON QT5_CMAKE_OFF= -DENABLE_QT:BOOL=OFF QT5_USE= QT5=core,buildtools,gui,qmake,widgets .include # Chase devel/simgear compiler version .if ${COMPILER_TYPE} == gcc && ${COMPILER_VERSION} < 46 USE_GCC= yes CXXFLAGS+= -D_GLIBCXX_USE_C99 .endif post-install: ${INSTALL_PROGRAM} ${WRKSRC}/utils/js_server/js_server \ ${STAGEDIR}${PREFIX}/bin .include Index: head/games/flightgear/files/patch-src-Autopilot-route_mgr.cxx =================================================================== --- head/games/flightgear/files/patch-src-Autopilot-route_mgr.cxx (revision 448871) +++ head/games/flightgear/files/patch-src-Autopilot-route_mgr.cxx (nonexistent) @@ -1,28 +0,0 @@ -Fix for CVE-2017-8921 (backport of commit faf872e7) - ---- src/Autopilot/route_mgr.cxx.orig -+++ src/Autopilot/route_mgr.cxx -@@ -74,7 +74,22 @@ static bool commandSaveFlightPlan(const SGPropertyNode* arg) - { - FGRouteMgr* self = (FGRouteMgr*) globals->get_subsystem("route-manager"); - SGPath path = SGPath::fromUtf8(arg->getStringValue("path")); -- return self->saveRoute(path); -+ SGPath authorizedPath = fgValidatePath(path, true /* write */); -+ -+ if (!authorizedPath.isNull()) { -+ return self->saveRoute(authorizedPath); -+ } else { -+ std::string msg = -+ "The route manager was asked to write the flightplan to '" + -+ path.utf8Str() + "', but this path is not authorized for writing. " + -+ "Please choose another location, for instance in the $FG_HOME/Export " -+ "folder (" + (globals->get_fg_home() / "Export").utf8Str() + ")."; -+ -+ SG_LOG(SG_AUTOPILOT, SG_ALERT, msg); -+ modalMessageBox("FlightGear", "Unable to write to the specified file", -+ msg); -+ return false; -+ } - } - - static bool commandActivateFlightPlan(const SGPropertyNode* arg) Property changes on: head/games/flightgear/files/patch-src-Autopilot-route_mgr.cxx ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/games/flightgear/files/patch-CVE-2017-13709.txt =================================================================== --- head/games/flightgear/files/patch-CVE-2017-13709.txt (nonexistent) +++ head/games/flightgear/files/patch-CVE-2017-13709.txt (revision 448872) @@ -0,0 +1,129 @@ +Backport of commits 0ba2ac31 and 1ad2bf44 + +Fixes CVE-2017-13709. + +--- src/Main/fg_init.cxx.orig ++++ src/Main/fg_init.cxx +@@ -1090,7 +1090,12 @@ void fgStartNewReset() + fgInitGeneral(); // all of this? + + flightgear::Options::sharedInstance()->processOptions(); +- ++ ++ // Rebuild the lists of allowed paths for cases where a path comes from an ++ // untrusted source, such as the global property tree (this uses $FG_HOME ++ // and other paths set by Options::processOptions()). ++ fgInitAllowedPaths(); ++ + // PRESERVED properties over-write state from options, intentionally + if ( copyProperties(preserved, globals->get_props()) ) { + SG_LOG( SG_GENERAL, SG_INFO, "Preserved state restored successfully" ); +--- src/Main/main.cxx.orig ++++ src/Main/main.cxx +@@ -536,7 +536,12 @@ int fgMainInit( int argc, char **argv ) + } else if (configResult == flightgear::FG_OPTIONS_EXIT) { + return EXIT_SUCCESS; + } +- ++ ++ // Set the lists of allowed paths for cases where a path comes from an ++ // untrusted source, such as the global property tree (this uses $FG_HOME ++ // and other paths set by Options::processOptions()). ++ fgInitAllowedPaths(); ++ + // Initialize the Window/Graphics environment. + fgOSInit(&argc, argv); + _bootstrap_OSInit++; +--- src/Scripting/NasalSys.cxx.orig ++++ src/Scripting/NasalSys.cxx +@@ -909,10 +909,6 @@ void FGNasalSys::init() + .member("simulatedTime", &TimerObj::isSimTime, &f_timerObj_setSimTime) + .member("isRunning", &TimerObj::isRunning); + +- +- // Set allowed paths for Nasal I/O +- fgInitAllowedPaths(); +- + // Now load the various source files in the Nasal directory + simgear::Dir nasalDir(SGPath(globals->get_fg_root(), "Nasal")); + loadScriptDirectory(nasalDir); +--- src/Main/logger.cxx.orig ++++ src/Main/logger.cxx +@@ -9,12 +9,17 @@ + + #include "logger.hxx" + +-#include ++#include + #include ++#include + + #include ++#include ++#include + + #include "fg_props.hxx" ++#include "globals.hxx" ++#include "util.hxx" + + using std::string; + using std::endl; +@@ -59,6 +64,25 @@ FGLogger::init () + child->setStringValue("filename", filename.c_str()); + } + ++ // Security: the path comes from the global Property Tree; it *must* be ++ // validated before we overwrite the file. ++ const SGPath authorizedPath = fgValidatePath(SGPath::fromUtf8(filename), ++ /* write */ true); ++ ++ if (authorizedPath.isNull()) { ++ const string propertyPath = child->getChild("filename") ++ ->getPath(/* simplify */ true); ++ const string msg = ++ "The FGLogger logging system, via the '" + propertyPath + "' property, " ++ "was asked to write to '" + filename + "', however this path is not " ++ "authorized for writing anymore for security reasons. " + ++ "Please choose another location, for instance in the $FG_HOME/Export " ++ "folder (" + (globals->get_fg_home() / "Export").utf8Str() + ")."; ++ ++ SG_LOG(SG_GENERAL, SG_ALERT, msg); ++ exit(EXIT_FAILURE); ++ } ++ + string delimiter = child->getStringValue("delimiter"); + if (delimiter.empty()) { + delimiter = ","; +@@ -68,7 +92,8 @@ FGLogger::init () + log.interval_ms = child->getLongValue("interval-ms"); + log.last_time_ms = globals->get_sim_time_sec() * 1000; + log.delimiter = delimiter.c_str()[0]; +- log.output = new std::ofstream(filename.c_str()); ++ // Security: use the return value of fgValidatePath() ++ log.output = new sg_ofstream(authorizedPath, std::ios_base::out); + if (!log.output) { + SG_LOG(SG_GENERAL, SG_ALERT, "Cannot write log to " << filename); + continue; +--- src/Main/logger.hxx.orig ++++ src/Main/logger.hxx +@@ -6,10 +6,10 @@ + #ifndef __LOGGER_HXX + #define __LOGGER_HXX 1 + +-#include + #include + + #include ++#include + #include + #include + +@@ -39,7 +39,7 @@ private: + Log (); + virtual ~Log (); + std::vector nodes; +- std::ostream * output; ++ sg_ofstream * output; + long interval_ms; + double last_time_ms; + char delimiter; Property changes on: head/games/flightgear/files/patch-CVE-2017-13709.txt ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/games/flightgear/files/patch-CVE-2017-8921.txt =================================================================== --- head/games/flightgear/files/patch-CVE-2017-8921.txt (nonexistent) +++ head/games/flightgear/files/patch-CVE-2017-8921.txt (revision 448872) @@ -0,0 +1,28 @@ +Fix for CVE-2017-8921 (backport of commit faf872e7) + +--- src/Autopilot/route_mgr.cxx.orig ++++ src/Autopilot/route_mgr.cxx +@@ -74,7 +74,22 @@ static bool commandSaveFlightPlan(const SGPropertyNode* arg) + { + FGRouteMgr* self = (FGRouteMgr*) globals->get_subsystem("route-manager"); + SGPath path = SGPath::fromUtf8(arg->getStringValue("path")); +- return self->saveRoute(path); ++ SGPath authorizedPath = fgValidatePath(path, true /* write */); ++ ++ if (!authorizedPath.isNull()) { ++ return self->saveRoute(authorizedPath); ++ } else { ++ std::string msg = ++ "The route manager was asked to write the flightplan to '" + ++ path.utf8Str() + "', but this path is not authorized for writing. " + ++ "Please choose another location, for instance in the $FG_HOME/Export " ++ "folder (" + (globals->get_fg_home() / "Export").utf8Str() + ")."; ++ ++ SG_LOG(SG_AUTOPILOT, SG_ALERT, msg); ++ modalMessageBox("FlightGear", "Unable to write to the specified file", ++ msg); ++ return false; ++ } + } + + static bool commandActivateFlightPlan(const SGPropertyNode* arg) Property changes on: head/games/flightgear/files/patch-CVE-2017-8921.txt ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property