games-simulation/flightgear: patch for CVE-2025-0781

Signed-off-by: Maciej Mrozowski <reavertm@gentoo.org>
2026-01-06 02:17:34 -08:00 · 2025-02-01 23:52:35 +01:00 · 2025-02-01 23:52:35 +01:00 · e3c3661a93
commit e3c3661a93
parent 50354a59b2
4 changed files with 149 additions and 2 deletions
--- a/dev-games/simgear/files/simgear-2020.3.19-flightgear-CVE-2025-0781.patch
+++ b/dev-games/simgear/files/simgear-2020.3.19-flightgear-CVE-2025-0781.patch
@ -0,0 +1,84 @@
+From 5bb023647114267141a7610e8f1ca7d6f4f5a5a8 Mon Sep 17 00:00:00 2001
+From: Florent Rougon <f.rougon@frougon.net>
+Date: Tue, 21 Jan 2025 00:16:43 +0100
+Subject: [PATCH] cppbind: check I/O rules when auto-constructing an SGPath
+ from a Nasal scalar
+
+- Add static member function SGPath::NasalIORulesChecker as a
+  PermissionChecker (this is essentially checkIORules() moved from the
+  flightgear repository).
+
+- Use it in the from_nasal_helper() that creates an SGPath instance from
+  a Nasal scalar.
+---
+ simgear/misc/sg_path.cxx                      | 20 +++++++++++++++++++
+ simgear/misc/sg_path.hxx                      |  7 +++++++
+ .../cppbind/detail/from_nasal_helper.cxx      |  3 ++-
+ 3 files changed, 29 insertions(+), 1 deletion(-)
+
+diff --git a/simgear/misc/sg_path.cxx b/simgear/misc/sg_path.cxx
+index f6c5b089e..c66bc72c4 100644
+--- a/simgear/misc/sg_path.cxx
+++ b/simgear/misc/sg_path.cxx
+@@ -275,6 +275,26 @@ void SGPath::set_cached(bool cached)
+ // *                    Access permissions for Nasal code                    *
+ // ***************************************************************************
+ 
+// Static member function
+SGPath::Permissions SGPath::NasalIORulesChecker(const SGPath& path)
+{
+    Permissions perm;
+
+    if (!path.isAbsolute()) {
+        // SGPath caches permissions, which breaks for relative paths if the
+        // current directory changes.
+        SG_LOG(SG_NASAL, SG_ALERT,
+               "SGPath::NasalIORulesChecker(): file operation on '" <<
+               path.utf8Str() << "': access denied (relative paths not "
+               "accepted; use realpath() to obtain an absolute path)");
+    }
+
+    perm.read  = path.isAbsolute() && !path.validate(false).isNull();
+    perm.write = path.isAbsolute() && !path.validate(true).isNull();
+
+    return perm;
+}
+
+ // Static member function
+ void SGPath::clearListOfAllowedPaths(bool write)
+ {
+diff --git a/simgear/misc/sg_path.hxx b/simgear/misc/sg_path.hxx
+index 32e9d662b..75da94c95 100644
+--- a/simgear/misc/sg_path.hxx
+++ b/simgear/misc/sg_path.hxx
+@@ -162,6 +162,13 @@ public:
+      */
+     SGPath validate(bool write) const;
+ 
+    /**
+     * Normal PermissionChecker for SGPath instances created from Nasal.
+     * @param path an SGPath instance
+     * @return read and write permissions conforming to validate()
+     */
+    static Permissions NasalIORulesChecker(const SGPath& path);
+
+     /**
+      * Append another piece to the existing path.  Inserts a path
+      * separator between the existing component and the new component.
+diff --git a/simgear/nasal/cppbind/detail/from_nasal_helper.cxx b/simgear/nasal/cppbind/detail/from_nasal_helper.cxx
+index bdf10fe5e..ad027c0b0 100644
+--- a/simgear/nasal/cppbind/detail/from_nasal_helper.cxx
+++ b/simgear/nasal/cppbind/detail/from_nasal_helper.cxx
+@@ -47,7 +47,8 @@ namespace nasal
+   SGPath from_nasal_helper(naContext c, naRef ref, const SGPath*)
+   {
+       naRef na_str = naStringValue(c, ref);
+-      return SGPath(std::string(naStr_data(na_str), naStr_len(na_str)));
+      return SGPath(std::string(naStr_data(na_str), naStr_len(na_str)),
+                    &SGPath::NasalIORulesChecker);
+   }
+ 
+   //----------------------------------------------------------------------------
+-- 
+GitLab
+
--- a/dev-games/simgear/simgear-2020.3.19-r1.ebuild
+++ b/dev-games/simgear/simgear-2020.3.19-r1.ebuild
@ -1,4 +1,4 @@
-# Copyright 1999-2024 Gentoo Authors
+# Copyright 1999-2025 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2

 EAPI=7
@ -38,6 +38,7 @@ PATCHES=(
 	"${FILESDIR}/${PN}-2019.1.1-gdal3.patch"
 	"${FILESDIR}/${PN}-2020.1.2-do-not-assume-libc++-clang.patch"
 	"${FILESDIR}/${PN}-2020.3.17-boost-1.81.patch"
+	"${FILESDIR}/${PN}-2020.3.19-flightgear-CVE-2025-0781.patch"
 )

 pkg_pretend() {
--- a/games-simulation/flightgear/files/flightgear-2020.3.19-CVE-2025-0781.patch
+++ b/games-simulation/flightgear/files/flightgear-2020.3.19-CVE-2025-0781.patch
@ -0,0 +1,61 @@
+From ad37afce28083fad7f79467b3ffdead753584358 Mon Sep 17 00:00:00 2001
+From: Florent Rougon <f.rougon@frougon.net>
+Date: Tue, 21 Jan 2025 00:31:22 +0100
+Subject: [PATCH] NasalSGPath: move checkIORules() to
+ SGPath::NasalIORulesChecker()
+
+This allows the from_nasal_helper() in SimGear that constructs SGPath
+instances from Nasal scalars to use SGPath::NasalIORulesChecker() as a
+PermissionChecker.
+---
+ src/Scripting/NasalSGPath.cxx | 23 ++++-------------------
+ 1 file changed, 4 insertions(+), 19 deletions(-)
+
+diff --git a/src/Scripting/NasalSGPath.cxx b/src/Scripting/NasalSGPath.cxx
+index 92abbbe873..d5f49d8922 100644
+--- a/src/Scripting/NasalSGPath.cxx
+++ b/src/Scripting/NasalSGPath.cxx
+@@ -30,28 +30,12 @@
+ typedef std::shared_ptr<SGPath> SGPathRef;
+ typedef nasal::Ghost<SGPathRef> NasalSGPath;
+ 
+-SGPath::Permissions checkIORules(const SGPath& path)
+-{
+-  SGPath::Permissions perm;
+-  if (!path.isAbsolute()) {
+-    // SGPath caches permissions, which breaks for relative paths
+-    // if the current directory changes
+-    SG_LOG(SG_NASAL, SG_ALERT, "os.path: file operation on '" <<
+-        path<< "' access denied (relative paths not accepted; use "
+-        "realpath() to make a path absolute)");
+-  }
+-
+-  perm.read  = path.isAbsolute() && !SGPath(path).validate(false).isNull();
+-  perm.write = path.isAbsolute() && !SGPath(path).validate(true).isNull();
+-
+-  return perm;
+-}
+-
+ // TODO make exposing such function easier...
+ static naRef validatedPathToNasal( const nasal::CallContext& ctx,
+                                    const SGPath& p )
+ {
+-  return ctx.to_nasal( SGPathRef(new SGPath(p.utf8Str(), &checkIORules)) );
+    return ctx.to_nasal(SGPathRef(new SGPath(p.utf8Str(),
+                                             &SGPath::NasalIORulesChecker)));
+ }
+ 
+ /**
+@@ -78,7 +62,8 @@ static void f_path_set(SGPath& p, const nasal::CallContext& ctx)
+  */
+ static naRef f_desktop(const nasal::CallContext& ctx)
+ {
+-  return validatedPathToNasal(ctx, SGPath::desktop(SGPath(&checkIORules)));
+    return validatedPathToNasal(
+        ctx, SGPath::desktop(SGPath(&SGPath::NasalIORulesChecker)));
+ }
+ 
+ /**
+-- 
+GitLab
+
--- a/games-simulation/flightgear/flightgear-2020.3.19-r1.ebuild
+++ b/games-simulation/flightgear/flightgear-2020.3.19-r1.ebuild
@ -1,4 +1,4 @@
-# Copyright 1999-2024 Gentoo Authors
+# Copyright 1999-2025 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2

 EAPI=7
@ -66,6 +66,7 @@ BDEPEND="qt5? ( >=dev-qt/linguist-tools-5.7.1:5 )"

 PATCHES=(
 	"${FILESDIR}/${PN}-2020.3.8-cmake.patch"
+	"${FILESDIR}/${PN}-2020.3.19-CVE-2025-0781.patch"
 )

 DOCS=(AUTHORS ChangeLog NEWS README Thanks)