[arch-commits] Commit in simgear/repos (6 files)
Sergej Pupykin
spupykin at archlinux.org
Mon Dec 19 15:05:17 UTC 2016
Date: Monday, December 19, 2016 @ 15:05:16
Author: spupykin
Revision: 200315
archrelease: copy trunk to community-i686, community-x86_64
Added:
simgear/repos/community-i686/PKGBUILD
(from rev 200314, simgear/trunk/PKGBUILD)
simgear/repos/community-i686/sec-fix.patch
(from rev 200314, simgear/trunk/sec-fix.patch)
simgear/repos/community-x86_64/PKGBUILD
(from rev 200314, simgear/trunk/PKGBUILD)
simgear/repos/community-x86_64/sec-fix.patch
(from rev 200314, simgear/trunk/sec-fix.patch)
Deleted:
simgear/repos/community-i686/PKGBUILD
simgear/repos/community-x86_64/PKGBUILD
--------------------------------+
/PKGBUILD | 74 +++++++++++++++++++++++++++++++++++++++
community-i686/PKGBUILD | 30 ---------------
community-i686/sec-fix.patch | 17 ++++++++
community-x86_64/PKGBUILD | 30 ---------------
community-x86_64/sec-fix.patch | 17 ++++++++
5 files changed, 108 insertions(+), 60 deletions(-)
Deleted: community-i686/PKGBUILD
===================================================================
--- community-i686/PKGBUILD 2016-12-19 15:04:53 UTC (rev 200314)
+++ community-i686/PKGBUILD 2016-12-19 15:05:16 UTC (rev 200315)
@@ -1,30 +0,0 @@
-# $Id$
-# Maintainer: Sergej Pupykin <pupykin.s+arch at gmail.com>
-# Maintainer: William Rea <sillywilly at gmail.com>
-# Contributor: Hans Janssen <hans at janserv.xs4all.nl>
-
-pkgname=simgear
-pkgver=2016.4.3
-_pkgver=${pkgver%.*}
-pkgrel=1
-pkgdesc="A set of open-source libraries designed to be used as building blocks for quickly assembling 3d simulations, games, and visualization applications."
-arch=(i686 x86_64)
-depends=('glu' 'glut' 'freealut' 'plib' 'openscenegraph')
-makedepends=('boost' 'cmake' 'mesa')
-license=("GPL")
-url="http://www.flightgear.org/"
-options=('!makeflags' 'staticlibs')
-source=("http://downloads.sourceforge.net/project/flightgear/release-${_pkgver}/${pkgname}-${pkgver}.tar.bz2")
-#source=("git://git.code.sf.net/p/flightgear/simgear#commit=41f40a9a106520e92385d059b80c4ed3779eedcb")
-sha256sums=('6933550215818c2043b84df01b6bf5f7adef218c8648b510b8202e394003d2bd')
-
-build() {
- cd "$srcdir"/simgear-$pkgver
- cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_INSTALL_LIBDIR=lib .
- make
-}
-
-package() {
- cd "$srcdir"/simgear-$pkgver
- make DESTDIR="$pkgdir" install
-}
Copied: simgear/repos/community-i686/PKGBUILD (from rev 200314, simgear/trunk/PKGBUILD)
===================================================================
--- community-i686/PKGBUILD (rev 0)
+++ community-i686/PKGBUILD 2016-12-19 15:05:16 UTC (rev 200315)
@@ -0,0 +1,37 @@
+# $Id$
+# Maintainer: Sergej Pupykin <pupykin.s+arch at gmail.com>
+# Maintainer: William Rea <sillywilly at gmail.com>
+# Contributor: Hans Janssen <hans at janserv.xs4all.nl>
+
+pkgname=simgear
+pkgver=2016.4.3
+_pkgver=${pkgver%.*}
+pkgrel=2
+pkgdesc="A set of open-source libraries designed to be used as building blocks for quickly assembling 3d simulations, games, and visualization applications."
+arch=(i686 x86_64)
+depends=('glu' 'glut' 'freealut' 'plib' 'openscenegraph')
+makedepends=('boost' 'cmake' 'mesa')
+license=("GPL")
+url="http://www.flightgear.org/"
+options=('!makeflags' 'staticlibs')
+#source=("git://git.code.sf.net/p/flightgear/simgear#commit=41f40a9a106520e92385d059b80c4ed3779eedcb")
+source=("http://downloads.sourceforge.net/project/flightgear/release-${_pkgver}/${pkgname}-${pkgver}.tar.bz2"
+ sec-fix.patch)
+sha256sums=('6933550215818c2043b84df01b6bf5f7adef218c8648b510b8202e394003d2bd'
+ 'bfd4234d23beb5d2b229dbcd28fa436cfc822c50c0ab03aca51c7ca1194dbd16')
+
+prepare() {
+ cd "$srcdir"/simgear-$pkgver
+ patch -p1 -i $srcdir/sec-fix.patch
+}
+
+build() {
+ cd "$srcdir"/simgear-$pkgver
+ cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_INSTALL_LIBDIR=lib .
+ make
+}
+
+package() {
+ cd "$srcdir"/simgear-$pkgver
+ make DESTDIR="$pkgdir" install
+}
Copied: simgear/repos/community-i686/sec-fix.patch (from rev 200314, simgear/trunk/sec-fix.patch)
===================================================================
--- community-i686/sec-fix.patch (rev 0)
+++ community-i686/sec-fix.patch 2016-12-19 15:05:16 UTC (rev 200315)
@@ -0,0 +1,17 @@
+--- a/simgear/io/HTTPRepository.cxx
++++ b/simgear/io/HTTPRepository.cxx
+@@ -503,6 +503,14 @@
+ SG_LOG(SG_TERRASYNC, SG_WARN, "malformed .dirindex file: invalid type in line '" << line << "', expected 'd' or 'f', (ignoring line)" );
+ continue;
+ }
++
++ // security: prevent writing outside the repository via ../../.. filenames
++ // (valid filenames never contain / - subdirectories have their own .dirindex)
++ if ((tokens[1] == "..") || (tokens[1].find_first_of("/\\") != std::string::npos)) {
++ SG_LOG(SG_TERRASYNC, SG_WARN, "malformed .dirindex file: invalid filename in line '" << line << "', (ignoring line)" );
++ continue;
++ }
++
+ children.push_back(ChildInfo(typeData == "f" ? ChildInfo::FileType : ChildInfo::DirectoryType, tokens[1], tokens[2]));
+
+ if (tokens.size() > 3) {
Deleted: community-x86_64/PKGBUILD
===================================================================
--- community-x86_64/PKGBUILD 2016-12-19 15:04:53 UTC (rev 200314)
+++ community-x86_64/PKGBUILD 2016-12-19 15:05:16 UTC (rev 200315)
@@ -1,30 +0,0 @@
-# $Id$
-# Maintainer: Sergej Pupykin <pupykin.s+arch at gmail.com>
-# Maintainer: William Rea <sillywilly at gmail.com>
-# Contributor: Hans Janssen <hans at janserv.xs4all.nl>
-
-pkgname=simgear
-pkgver=2016.4.3
-_pkgver=${pkgver%.*}
-pkgrel=1
-pkgdesc="A set of open-source libraries designed to be used as building blocks for quickly assembling 3d simulations, games, and visualization applications."
-arch=(i686 x86_64)
-depends=('glu' 'glut' 'freealut' 'plib' 'openscenegraph')
-makedepends=('boost' 'cmake' 'mesa')
-license=("GPL")
-url="http://www.flightgear.org/"
-options=('!makeflags' 'staticlibs')
-source=("http://downloads.sourceforge.net/project/flightgear/release-${_pkgver}/${pkgname}-${pkgver}.tar.bz2")
-#source=("git://git.code.sf.net/p/flightgear/simgear#commit=41f40a9a106520e92385d059b80c4ed3779eedcb")
-sha256sums=('6933550215818c2043b84df01b6bf5f7adef218c8648b510b8202e394003d2bd')
-
-build() {
- cd "$srcdir"/simgear-$pkgver
- cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_INSTALL_LIBDIR=lib .
- make
-}
-
-package() {
- cd "$srcdir"/simgear-$pkgver
- make DESTDIR="$pkgdir" install
-}
Copied: simgear/repos/community-x86_64/PKGBUILD (from rev 200314, simgear/trunk/PKGBUILD)
===================================================================
--- community-x86_64/PKGBUILD (rev 0)
+++ community-x86_64/PKGBUILD 2016-12-19 15:05:16 UTC (rev 200315)
@@ -0,0 +1,37 @@
+# $Id$
+# Maintainer: Sergej Pupykin <pupykin.s+arch at gmail.com>
+# Maintainer: William Rea <sillywilly at gmail.com>
+# Contributor: Hans Janssen <hans at janserv.xs4all.nl>
+
+pkgname=simgear
+pkgver=2016.4.3
+_pkgver=${pkgver%.*}
+pkgrel=2
+pkgdesc="A set of open-source libraries designed to be used as building blocks for quickly assembling 3d simulations, games, and visualization applications."
+arch=(i686 x86_64)
+depends=('glu' 'glut' 'freealut' 'plib' 'openscenegraph')
+makedepends=('boost' 'cmake' 'mesa')
+license=("GPL")
+url="http://www.flightgear.org/"
+options=('!makeflags' 'staticlibs')
+#source=("git://git.code.sf.net/p/flightgear/simgear#commit=41f40a9a106520e92385d059b80c4ed3779eedcb")
+source=("http://downloads.sourceforge.net/project/flightgear/release-${_pkgver}/${pkgname}-${pkgver}.tar.bz2"
+ sec-fix.patch)
+sha256sums=('6933550215818c2043b84df01b6bf5f7adef218c8648b510b8202e394003d2bd'
+ 'bfd4234d23beb5d2b229dbcd28fa436cfc822c50c0ab03aca51c7ca1194dbd16')
+
+prepare() {
+ cd "$srcdir"/simgear-$pkgver
+ patch -p1 -i $srcdir/sec-fix.patch
+}
+
+build() {
+ cd "$srcdir"/simgear-$pkgver
+ cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_INSTALL_LIBDIR=lib .
+ make
+}
+
+package() {
+ cd "$srcdir"/simgear-$pkgver
+ make DESTDIR="$pkgdir" install
+}
Copied: simgear/repos/community-x86_64/sec-fix.patch (from rev 200314, simgear/trunk/sec-fix.patch)
===================================================================
--- community-x86_64/sec-fix.patch (rev 0)
+++ community-x86_64/sec-fix.patch 2016-12-19 15:05:16 UTC (rev 200315)
@@ -0,0 +1,17 @@
+--- a/simgear/io/HTTPRepository.cxx
++++ b/simgear/io/HTTPRepository.cxx
+@@ -503,6 +503,14 @@
+ SG_LOG(SG_TERRASYNC, SG_WARN, "malformed .dirindex file: invalid type in line '" << line << "', expected 'd' or 'f', (ignoring line)" );
+ continue;
+ }
++
++ // security: prevent writing outside the repository via ../../.. filenames
++ // (valid filenames never contain / - subdirectories have their own .dirindex)
++ if ((tokens[1] == "..") || (tokens[1].find_first_of("/\\") != std::string::npos)) {
++ SG_LOG(SG_TERRASYNC, SG_WARN, "malformed .dirindex file: invalid filename in line '" << line << "', (ignoring line)" );
++ continue;
++ }
++
+ children.push_back(ChildInfo(typeData == "f" ? ChildInfo::FileType : ChildInfo::DirectoryType, tokens[1], tokens[2]));
+
+ if (tokens.size() > 3) {
More information about the arch-commits
mailing list