games-simulation/flightgear: patch for CVE-2025-0781

Signed-off-by: Maciej Mrozowski <reavertm@gentoo.org>

2 files changed, 63 insertions, 1 deletions

diff --git a/games-simulation/flightgear/files/flightgear-2020.3.19-CVE-2025-0781.patch b/games-simulation/flightgear/files/flightgear-2020.3.19-CVE-2025-0781.patch
new file mode 100644
index 000000000000..eb8e092c5d7a
--- /dev/null
+++ b/games-simulation/flightgear/files/flightgear-2020.3.19-CVE-2025-0781.patch
@@ -0,0 +1,61 @@
+From ad37afce28083fad7f79467b3ffdead753584358 Mon Sep 17 00:00:00 2001
+From: Florent Rougon <f.rougon@frougon.net>
+Date: Tue, 21 Jan 2025 00:31:22 +0100
+Subject: [PATCH] NasalSGPath: move checkIORules() to
+ SGPath::NasalIORulesChecker()
+
+This allows the from_nasal_helper() in SimGear that constructs SGPath
+instances from Nasal scalars to use SGPath::NasalIORulesChecker() as a
+PermissionChecker.
+---
+ src/Scripting/NasalSGPath.cxx | 23 ++++-------------------
+ 1 file changed, 4 insertions(+), 19 deletions(-)
+
+diff --git a/src/Scripting/NasalSGPath.cxx b/src/Scripting/NasalSGPath.cxx
+index 92abbbe873..d5f49d8922 100644
+--- a/src/Scripting/NasalSGPath.cxx
++++ b/src/Scripting/NasalSGPath.cxx
+@@ -30,28 +30,12 @@
+ typedef std::shared_ptr<SGPath> SGPathRef;
+ typedef nasal::Ghost<SGPathRef> NasalSGPath;
+ 
+-SGPath::Permissions checkIORules(const SGPath& path)
+-{
+-  SGPath::Permissions perm;
+-  if (!path.isAbsolute()) {
+-    // SGPath caches permissions, which breaks for relative paths
+-    // if the current directory changes
+-    SG_LOG(SG_NASAL, SG_ALERT, "os.path: file operation on '" <<
+-        path<< "' access denied (relative paths not accepted; use "
+-        "realpath() to make a path absolute)");
+-  }
+-
+-  perm.read  = path.isAbsolute() && !SGPath(path).validate(false).isNull();
+-  perm.write = path.isAbsolute() && !SGPath(path).validate(true).isNull();
+-
+-  return perm;
+-}
+-
+ // TODO make exposing such function easier...
+ static naRef validatedPathToNasal( const nasal::CallContext& ctx,
+                                    const SGPath& p )
+ {
+-  return ctx.to_nasal( SGPathRef(new SGPath(p.utf8Str(), &checkIORules)) );
++    return ctx.to_nasal(SGPathRef(new SGPath(p.utf8Str(),
++                                             &SGPath::NasalIORulesChecker)));
+ }
+ 
+ /**
+@@ -78,7 +62,8 @@ static void f_path_set(SGPath& p, const nasal::CallContext& ctx)
+  */
+ static naRef f_desktop(const nasal::CallContext& ctx)
+ {
+-  return validatedPathToNasal(ctx, SGPath::desktop(SGPath(&checkIORules)));
++    return validatedPathToNasal(
++        ctx, SGPath::desktop(SGPath(&SGPath::NasalIORulesChecker)));
+ }
+ 
+ /**
+-- 
+GitLab
+
diff --git a/games-simulation/flightgear/flightgear-2020.3.19.ebuild b/games-simulation/flightgear/flightgear-2020.3.19-r1.ebuild
index 9d6373a47ddb..a9721bf5e6c4 100644
--- a/games-simulation/flightgear/flightgear-2020.3.19.ebuild
+++ b/games-simulation/flightgear/flightgear-2020.3.19-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2024 Gentoo Authors
+# Copyright 1999-2025 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -66,6 +66,7 @@ BDEPEND="qt5? ( >=dev-qt/linguist-tools-5.7.1:5 )"
 
 PATCHES=(
 	"${FILESDIR}/${PN}-2020.3.8-cmake.patch"
+	"${FILESDIR}/${PN}-2020.3.19-CVE-2025-0781.patch"
 )
 
 DOCS=(AUTHORS ChangeLog NEWS README Thanks)