[pkg-fgfs-crew] Security fix for FlightGear

Florent Rougon f.rougon at free.fr
Wed May 17 08:32:17 UTC 2017 

Hi all,

Markus Wanner <markus at bluegap.ch> wrote:

> @Florent: with the given patch for 3.0.0, flightgear doesn't currently
> compile (nor does 2016.4.4 with its patch). Did you actually try to
> compile the stable release branches, or did you just cherry pick the
> patch? Or did I somehow mess up the patches?

I tested most builds, but not the oldest ones (not sure where I stopped,
probably in the 3.x series).

> The build for 3.0.0 errs out with:
>
>> /home/markus/flightgear.git/src/Autopilot/route_mgr.cxx: In function 'bool commandSaveFlightPlan(const SGPropertyNode*)':
>> /home/markus/flightgear.git/src/Autopilot/route_mgr.cxx:79:69: error: no matching function for call to 'fgValidatePath(SGPath&, bool)'
>>                                                      true /* write */);
>>                                                                      ^

Indeed. Unfortunately, I can't build SimGear 3.0 on my machine due to
unrelated errors:

  /home/flo/flightgear/src/simgear/simgear/canvas/elements/CanvasPath.cxx:371:32:error: invalid covariant return type for ‘virtual osg::BoundingBox simgear::canvas::Path::PathDrawable::computeBound() const’
       virtual osg::BoundingBox computeBound() const
  ...

but I think the attached patch should solve the problem you reported
above (to apply on top of what I already pushed for release/3.0.0,
namely
<https://sourceforge.net/p/flightgear/flightgear/ci/c8250b10bb9a116889f831d2299678b0ef70fec2/>).
Can you please test and report? Thanks.

> The build for 2016.4.4 errs out with:
>
>> /home/markus/pkg-flightgear/flightgear.git/src/Autopilot/route_mgr.cxx: In function ‘bool commandSaveFlightPlan(const SGPropertyNode*)’:
>> /home/markus/pkg-flightgear/flightgear.git/src/Autopilot/route_mgr.cxx:77:52: error: conversion from ‘SGPath’ to non-scalar type ‘const string {aka const std::__cxx11::basic_string<char>}’ requested
>>    const std::string authorizedPath = fgValidatePath(path,
>>                                       ~~~~~~~~~~~~~~^~~~~~
>>                                                      true /* write */);
>>                                                      ~~~~~~~~~~~~~~~~~
>> src/Main/CMakeFiles/fgfs.dir/build.make:1577: recipe for target 'src/Main/CMakeFiles/fgfs.dir/__/Autopilot/route_mgr.cxx.o' failed

In this case, I believe you didn't apply the proper patch. This doesn't
seem to match:

  https://sourceforge.net/p/flightgear/flightgear/ci/19ab09406e4249f2c6f8ac51938258d1c51eace0/

Or did I mess something else?..

> I cannot currently investigate further, but have to defer that until
> this evening, at the very least.

No problem, thanks.

Regards

-- 
Florent
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fixup-for-3.0.patch
Type: text/x-diff
Size: 614 bytes
Desc: Fixup for release/3.0.0
URL: <http://lists.alioth.debian.org/pipermail/pkg-fgfs-crew/attachments/20170517/e9f9d3e5/attachment.patch>

More information about the pkg-fgfs-crew mailing list