Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--dev-games/simgear/files/simgear-2020.3.19-flightgear-CVE-2025-0781.patch84
-rw-r--r--dev-games/simgear/simgear-2020.3.19-r1.ebuild (renamed from dev-games/simgear/simgear-2020.3.19.ebuild)3
-rw-r--r--games-simulation/flightgear/files/flightgear-2020.3.19-CVE-2025-0781.patch61
-rw-r--r--games-simulation/flightgear/flightgear-2020.3.19-r1.ebuild (renamed from games-simulation/flightgear/flightgear-2020.3.19.ebuild)3
4 files changed, 149 insertions, 2 deletions
diff --git a/dev-games/simgear/files/simgear-2020.3.19-flightgear-CVE-2025-0781.patch b/dev-games/simgear/files/simgear-2020.3.19-flightgear-CVE-2025-0781.patch
new file mode 100644
index 000000000000..3de416a1a2e9
--- /dev/null
+++ b/dev-games/simgear/files/simgear-2020.3.19-flightgear-CVE-2025-0781.patch
@@ -0,0 +1,84 @@
+From 5bb023647114267141a7610e8f1ca7d6f4f5a5a8 Mon Sep 17 00:00:00 2001
+From: Florent Rougon <f.rougon@frougon.net>
+Date: Tue, 21 Jan 2025 00:16:43 +0100
+Subject: [PATCH] cppbind: check I/O rules when auto-constructing an SGPath
+ from a Nasal scalar
+
+- Add static member function SGPath::NasalIORulesChecker as a
+ PermissionChecker (this is essentially checkIORules() moved from the
+ flightgear repository).
+
+- Use it in the from_nasal_helper() that creates an SGPath instance from
+ a Nasal scalar.
+---
+ simgear/misc/sg_path.cxx | 20 +++++++++++++++++++
+ simgear/misc/sg_path.hxx | 7 +++++++
+ .../cppbind/detail/from_nasal_helper.cxx | 3 ++-
+ 3 files changed, 29 insertions(+), 1 deletion(-)
+
+diff --git a/simgear/misc/sg_path.cxx b/simgear/misc/sg_path.cxx
+index f6c5b089e..c66bc72c4 100644
+--- a/simgear/misc/sg_path.cxx
++++ b/simgear/misc/sg_path.cxx
+@@ -275,6 +275,26 @@ void SGPath::set_cached(bool cached)
+ // * Access permissions for Nasal code *
+ // ***************************************************************************
+
++// Static member function
++SGPath::Permissions SGPath::NasalIORulesChecker(const SGPath& path)
++{
++ Permissions perm;
++
++ if (!path.isAbsolute()) {
++ // SGPath caches permissions, which breaks for relative paths if the
++ // current directory changes.
++ SG_LOG(SG_NASAL, SG_ALERT,
++ "SGPath::NasalIORulesChecker(): file operation on '" <<
++ path.utf8Str() << "': access denied (relative paths not "
++ "accepted; use realpath() to obtain an absolute path)");
++ }
++
++ perm.read = path.isAbsolute() && !path.validate(false).isNull();
++ perm.write = path.isAbsolute() && !path.validate(true).isNull();
++
++ return perm;
++}
++
+ // Static member function
+ void SGPath::clearListOfAllowedPaths(bool write)
+ {
+diff --git a/simgear/misc/sg_path.hxx b/simgear/misc/sg_path.hxx
+index 32e9d662b..75da94c95 100644
+--- a/simgear/misc/sg_path.hxx
++++ b/simgear/misc/sg_path.hxx
+@@ -162,6 +162,13 @@ public:
+ */
+ SGPath validate(bool write) const;
+
++ /**
++ * Normal PermissionChecker for SGPath instances created from Nasal.
++ * @param path an SGPath instance
++ * @return read and write permissions conforming to validate()
++ */
++ static Permissions NasalIORulesChecker(const SGPath& path);
++
+ /**
+ * Append another piece to the existing path. Inserts a path
+ * separator between the existing component and the new component.
+diff --git a/simgear/nasal/cppbind/detail/from_nasal_helper.cxx b/simgear/nasal/cppbind/detail/from_nasal_helper.cxx
+index bdf10fe5e..ad027c0b0 100644
+--- a/simgear/nasal/cppbind/detail/from_nasal_helper.cxx
++++ b/simgear/nasal/cppbind/detail/from_nasal_helper.cxx
+@@ -47,7 +47,8 @@ namespace nasal
+ SGPath from_nasal_helper(naContext c, naRef ref, const SGPath*)
+ {
+ naRef na_str = naStringValue(c, ref);
+- return SGPath(std::string(naStr_data(na_str), naStr_len(na_str)));
++ return SGPath(std::string(naStr_data(na_str), naStr_len(na_str)),
++ &SGPath::NasalIORulesChecker);
+ }
+
+ //----------------------------------------------------------------------------
+--
+GitLab
+
diff --git a/dev-games/simgear/simgear-2020.3.19.ebuild b/dev-games/simgear/simgear-2020.3.19-r1.ebuild
index 0d07ca324560..fac3a4948f31 100644
--- a/dev-games/simgear/simgear-2020.3.19.ebuild
+++ b/dev-games/simgear/simgear-2020.3.19-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2024 Gentoo Authors
+# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -38,6 +38,7 @@ PATCHES=(
"${FILESDIR}/${PN}-2019.1.1-gdal3.patch"
"${FILESDIR}/${PN}-2020.1.2-do-not-assume-libc++-clang.patch"
"${FILESDIR}/${PN}-2020.3.17-boost-1.81.patch"
+ "${FILESDIR}/${PN}-2020.3.19-flightgear-CVE-2025-0781.patch"
)
pkg_pretend() {
diff --git a/games-simulation/flightgear/files/flightgear-2020.3.19-CVE-2025-0781.patch b/games-simulation/flightgear/files/flightgear-2020.3.19-CVE-2025-0781.patch
new file mode 100644
index 000000000000..eb8e092c5d7a
--- /dev/null
+++ b/games-simulation/flightgear/files/flightgear-2020.3.19-CVE-2025-0781.patch
@@ -0,0 +1,61 @@
+From ad37afce28083fad7f79467b3ffdead753584358 Mon Sep 17 00:00:00 2001
+From: Florent Rougon <f.rougon@frougon.net>
+Date: Tue, 21 Jan 2025 00:31:22 +0100
+Subject: [PATCH] NasalSGPath: move checkIORules() to
+ SGPath::NasalIORulesChecker()
+
+This allows the from_nasal_helper() in SimGear that constructs SGPath
+instances from Nasal scalars to use SGPath::NasalIORulesChecker() as a
+PermissionChecker.
+---
+ src/Scripting/NasalSGPath.cxx | 23 ++++-------------------
+ 1 file changed, 4 insertions(+), 19 deletions(-)
+
+diff --git a/src/Scripting/NasalSGPath.cxx b/src/Scripting/NasalSGPath.cxx
+index 92abbbe873..d5f49d8922 100644
+--- a/src/Scripting/NasalSGPath.cxx
++++ b/src/Scripting/NasalSGPath.cxx
+@@ -30,28 +30,12 @@
+ typedef std::shared_ptr<SGPath> SGPathRef;
+ typedef nasal::Ghost<SGPathRef> NasalSGPath;
+
+-SGPath::Permissions checkIORules(const SGPath& path)
+-{
+- SGPath::Permissions perm;
+- if (!path.isAbsolute()) {
+- // SGPath caches permissions, which breaks for relative paths
+- // if the current directory changes
+- SG_LOG(SG_NASAL, SG_ALERT, "os.path: file operation on '" <<
+- path<< "' access denied (relative paths not accepted; use "
+- "realpath() to make a path absolute)");
+- }
+-
+- perm.read = path.isAbsolute() && !SGPath(path).validate(false).isNull();
+- perm.write = path.isAbsolute() && !SGPath(path).validate(true).isNull();
+-
+- return perm;
+-}
+-
+ // TODO make exposing such function easier...
+ static naRef validatedPathToNasal( const nasal::CallContext& ctx,
+ const SGPath& p )
+ {
+- return ctx.to_nasal( SGPathRef(new SGPath(p.utf8Str(), &checkIORules)) );
++ return ctx.to_nasal(SGPathRef(new SGPath(p.utf8Str(),
++ &SGPath::NasalIORulesChecker)));
+ }
+
+ /**
+@@ -78,7 +62,8 @@ static void f_path_set(SGPath& p, const nasal::CallContext& ctx)
+ */
+ static naRef f_desktop(const nasal::CallContext& ctx)
+ {
+- return validatedPathToNasal(ctx, SGPath::desktop(SGPath(&checkIORules)));
++ return validatedPathToNasal(
++ ctx, SGPath::desktop(SGPath(&SGPath::NasalIORulesChecker)));
+ }
+
+ /**
+--
+GitLab
+
diff --git a/games-simulation/flightgear/flightgear-2020.3.19.ebuild b/games-simulation/flightgear/flightgear-2020.3.19-r1.ebuild
index 9d6373a47ddb..a9721bf5e6c4 100644
--- a/games-simulation/flightgear/flightgear-2020.3.19.ebuild
+++ b/games-simulation/flightgear/flightgear-2020.3.19-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2024 Gentoo Authors
+# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -66,6 +66,7 @@ BDEPEND="qt5? ( >=dev-qt/linguist-tools-5.7.1:5 )"
PATCHES=(
"${FILESDIR}/${PN}-2020.3.8-cmake.patch"
+ "${FILESDIR}/${PN}-2020.3.19-CVE-2025-0781.patch"
)
DOCS=(AUTHORS ChangeLog NEWS README Thanks)