Package: flightgear / 3.0.0-5+deb8u3

Metadata

Package Version Patches format
flightgear 3.0.0-5+deb8u3 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
systemLibraries.patch | (download)

3rdparty/iaxclient/lib/CMakeLists.txt | 148 87 + 61 - 0 !
3rdparty/iaxclient/lib/audio_encode.c | 8 6 + 2 - 0 !
CMakeLists.txt | 13 13 + 0 - 0 !
CMakeModules/FindGsm.cmake | 88 88 + 0 - 0 !
CMakeModules/FindSpeex.cmake | 87 87 + 0 - 0 !
CMakeModules/FindSpeexdsp.cmake | 88 88 + 0 - 0 !
6 files changed, 369 insertions(+), 63 deletions(-)

 link against system provided libgsm and libspeex.
nasal fix.patch | (download)

src/Scripting/NasalSys.cxx | 52 33 + 19 - 0 !
src/Scripting/NasalSys.hxx | 4 3 + 1 - 0 !
2 files changed, 36 insertions(+), 20 deletions(-)

 fix crash with nasal bindings.
 naBindFunction doesn't save the function code to the global
 hash, so pass an explicit context to various 'call' overloads so
 the function can't be GC-ed in between parsing and calling.
fix mobile tacan.patch | (download)

src/Instrumentation/tacan.cxx | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 fix mobile tacan
750939.patch | (download)

src/Scripting/NasalSys.cxx | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix hang in nested nasal calls

naCall() increments Nasal's "active threads" count; as Nasal's garbage
collector first asks all other threads to stop and waits for them to
say they have, this can cause a hang when used in a function that was
itself called from Nasal (inner function's GC waiting for outer function
to say it has stopped, outer function waiting for inner function to return).

naCallMethodCtx() doesn't, to avoid exactly this problem.
(simgear simgear/nasal/nasal.h:108)

(Deliberately not changing NasalXMLVisitor: that already uses naSubContext,
another mechanism to do the same thing.)

6a30e7.patch | (download)

src/Main/util.cxx | 155 133 + 22 - 0 !
src/Main/util.hxx | 7 6 + 1 - 0 !
src/Scripting/NasalSys.cxx | 3 3 + 0 - 0 !
3 files changed, 142 insertions(+), 23 deletions(-)

 restrict file access for nasal scripts.
 Stop using property listener for fgValidatePath
 .   
 This was insecure: while removelistener() won't remove it, there are
 other ways to remove a listener from Nasal
route manager secu fix 280cd5.patch | (download)

src/Autopilot/route_mgr.cxx | 21 20 + 1 - 0 !
1 file changed, 20 insertions(+), 1 deletion(-)

 security fix: don't allow the route manager to overwrite arbitrary files
 Since the Save function of the route manager can be triggered from Nasal with
 an arbitrary path, we must check the path before overwriting the file.
 .
 (also add a missing include that is directly needed for this commit)
fix missing lX11 in link commands.patch | (download)

CMakeLists.txt | 2 2 + 0 - 0 !
utils/fgviewer/CMakeLists.txt | 1 1 + 0 - 0 !
2 files changed, 3 insertions(+)

 fix build failures ('-lx11' missing for fgfs and fgviewer)
 .
 Tested in a jessie amd64 pbuilder chroot.
restrict save flightplan secu fix faf872.patch | (download)

src/Autopilot/route_mgr.cxx | 19 18 + 1 - 0 !
1 file changed, 18 insertions(+), 1 deletion(-)

 security fix: don't allow overwriting arbitrary files
 the previous fix 280cd523 missed commandSaveFlightPlan
 .
 backported from faf872e7 and fc138213, fixes CVE-2017-8921.
call fgInitAllowedPaths earlier c7a2ae.patch | (download)

src/Main/fg_init.cxx | 7 6 + 1 - 0 !
src/Main/main.cxx | 7 6 + 1 - 0 !
src/Scripting/NasalSys.cxx | 3 0 + 3 - 0 !
3 files changed, 12 insertions(+), 5 deletions(-)

 call fginitallowedpaths earlier: after options::processoptions
 Call fgInitAllowedPaths() right after Options::processOptions() (which,
 among other things, determines $FG_ROOT and processes
 --allow-nasal-read). This way, fgInitAllowedPaths() can be used in much
 more code, such as when initializing subsystems.
 .
 (cherry picked from commit c7a2aef59979af3e9ff22daabb37bdaadb91cd75)
CVE 2017 13709 FGLogger 2a5e3d.patch | (download)

src/Main/logger.cxx | 27 26 + 1 - 0 !
1 file changed, 26 insertions(+), 1 deletion(-)

 security: don't allow fglogger to overwrite arbitrary files
 Since the paths of files written by FGLogger come from the property
 tree[1], they must be validated before we decide to write to these
 files.
 .
 [1] Except for the "empty" case, which uses the default name
 'fg_log.csv'.
 .
 This fixes CVE-2017-13709.
 .
 (cherry picked from commit 2a5e3d06b2c0d9f831063afe7e7260bca456d679)