Date: Monday, February 27, 2017 @ 15:00:56 Author: spupykin Revision: 214055
upgpkg: simgear 2017.1.1-1 upd Modified: simgear/trunk/PKGBUILD Deleted: simgear/trunk/sec-fix.patch ---------------+ PKGBUILD | 14 +++----------- sec-fix.patch | 17 ----------------- 2 files changed, 3 insertions(+), 28 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2017-02-27 15:00:47 UTC (rev 214054) +++ PKGBUILD 2017-02-27 15:00:56 UTC (rev 214055) @@ -4,7 +4,7 @@ # Contributor: Hans Janssen <[email protected]> pkgname=simgear -pkgver=2016.4.4 +pkgver=2017.1.1 _pkgver=${pkgver%.*} pkgrel=1 pkgdesc="A set of open-source libraries designed to be used as building blocks for quickly assembling 3d simulations, games, and visualization applications." @@ -14,17 +14,9 @@ license=("GPL") url="http://www.flightgear.org/"; options=('!makeflags' 'staticlibs') -#source=("git://git.code.sf.net/p/flightgear/simgear#commit=41f40a9a106520e92385d059b80c4ed3779eedcb") -source=("http://downloads.sourceforge.net/project/flightgear/release-${_pkgver}/${pkgname}-${pkgver}.tar.bz2"; - sec-fix.patch) -sha256sums=('5514fd0006bbfcdbdc0e2dab7da41eae491ea03a6246cc6a009590032b2fc1dc' - 'bfd4234d23beb5d2b229dbcd28fa436cfc822c50c0ab03aca51c7ca1194dbd16') +source=("http://downloads.sourceforge.net/project/flightgear/release-${_pkgver}/${pkgname}-${pkgver}.tar.bz2";) +sha256sums=('1815f6a2c3f43bb6121b2394e68f8e6e341c14a7a40e4163c0bcc105ee06ccbc') -prepare() { - cd "$srcdir"/simgear-$pkgver -# patch -p1 -i $srcdir/sec-fix.patch -} - build() { cd "$srcdir"/simgear-$pkgver cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_INSTALL_LIBDIR=lib . Deleted: sec-fix.patch =================================================================== --- sec-fix.patch 2017-02-27 15:00:47 UTC (rev 214054) +++ sec-fix.patch 2017-02-27 15:00:56 UTC (rev 214055) @@ -1,17 +0,0 @@ ---- a/simgear/io/HTTPRepository.cxx -+++ b/simgear/io/HTTPRepository.cxx -@@ -503,6 +503,14 @@ - SG_LOG(SG_TERRASYNC, SG_WARN, "malformed .dirindex file: invalid type in line '" << line << "', expected 'd' or 'f', (ignoring line)" ); - continue; - } -+ -+ // security: prevent writing outside the repository via ../../.. filenames -+ // (valid filenames never contain / - subdirectories have their own .dirindex) -+ if ((tokens[1] == "..") || (tokens[1].find_first_of("/\\") != std::string::npos)) { -+ SG_LOG(SG_TERRASYNC, SG_WARN, "malformed .dirindex file: invalid filename in line '" << line << "', (ignoring line)" ); -+ continue; -+ } -+ - children.push_back(ChildInfo(typeData == "f" ? ChildInfo::FileType : ChildInfo::DirectoryType, tokens[1], tokens[2])); - - if (tokens.size() > 3) {
