Version in base suite: 2020.3.16+dfsg-1

Base version: flightgear_2020.3.16+dfsg-1
Target version: flightgear_2020.3.16+dfsg-1+deb12u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/f/flightgear/flightgear_2020.3.16+dfsg-1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/f/flightgear/flightgear_2020.3.16+dfsg-1+deb12u1.dsc

 changelog                                                    |    9 +
 control                                                      |    2 
 patches/Move-checkIORules-to-SGPathNasalIORulesChecker.patch |   54 +++++++++++
 patches/series                                               |    1 
 4 files changed, 65 insertions(+), 1 deletion(-)

diff -Nru flightgear-2020.3.16+dfsg/debian/changelog flightgear-2020.3.16+dfsg/debian/changelog
--- flightgear-2020.3.16+dfsg/debian/changelog	2022-10-26 17:51:29.000000000 +0000
+++ flightgear-2020.3.16+dfsg/debian/changelog	2025-01-29 10:16:44.000000000 +0000
@@ -1,3 +1,12 @@
+flightgear (1:2020.3.16+dfsg-1+deb12u1) bookworm; urgency=medium
+
+  * Team upload.
+  * New patch: move checkIORules() to SGPath::NasalIORulesChecker()
+    Thanks to Florent Rougon <f.rougon@frougon.net> (CVE-2025-0781)
+  * Update versioned Build-Depends for libsimgear-dev
+
+ -- Dr. Tobias Quathamer <toddy@debian.org>  Wed, 29 Jan 2025 11:16:44 +0100
+
 flightgear (1:2020.3.16+dfsg-1) unstable; urgency=medium
 
   * New upstream version 2020.3.16+dfsg
diff -Nru flightgear-2020.3.16+dfsg/debian/control flightgear-2020.3.16+dfsg/debian/control
--- flightgear-2020.3.16+dfsg/debian/control	2022-10-26 17:51:18.000000000 +0000
+++ flightgear-2020.3.16+dfsg/debian/control	2025-01-29 10:15:51.000000000 +0000
@@ -24,7 +24,7 @@
                libplib-dev,
                libqt5svg5-dev,
                libsimgear-dev (<= 1:2020.3.999),
-               libsimgear-dev (>> 1:2020.3.16~),
+               libsimgear-dev (>> 1:2020.3.16+dfsg-1+deb12u1~),
                libspeex-dev,
                libspeexdsp-dev,
                libsqlite3-dev,
diff -Nru flightgear-2020.3.16+dfsg/debian/patches/Move-checkIORules-to-SGPathNasalIORulesChecker.patch flightgear-2020.3.16+dfsg/debian/patches/Move-checkIORules-to-SGPathNasalIORulesChecker.patch
--- flightgear-2020.3.16+dfsg/debian/patches/Move-checkIORules-to-SGPathNasalIORulesChecker.patch	1970-01-01 00:00:00.000000000 +0000
+++ flightgear-2020.3.16+dfsg/debian/patches/Move-checkIORules-to-SGPathNasalIORulesChecker.patch	2025-01-27 12:10:43.000000000 +0000
@@ -0,0 +1,54 @@
+From: Florent Rougon <f.rougon@frougon.net>
+Date: Tue, 21 Jan 2025 00:31:22 +0100
+Subject: NasalSGPath: move checkIORules() to SGPath::NasalIORulesChecker()
+
+This allows the from_nasal_helper() in SimGear that constructs SGPath
+instances from Nasal scalars to use SGPath::NasalIORulesChecker() as a
+PermissionChecker.
+---
+ src/Scripting/NasalSGPath.cxx | 23 ++++-------------------
+ 1 file changed, 4 insertions(+), 19 deletions(-)
+
+--- a/src/Scripting/NasalSGPath.cxx
++++ b/src/Scripting/NasalSGPath.cxx
+@@ -30,28 +30,12 @@
+ typedef std::shared_ptr<SGPath> SGPathRef;
+ typedef nasal::Ghost<SGPathRef> NasalSGPath;
+ 
+-SGPath::Permissions checkIORules(const SGPath& path)
+-{
+-  SGPath::Permissions perm;
+-  if (!path.isAbsolute()) {
+-    // SGPath caches permissions, which breaks for relative paths
+-    // if the current directory changes
+-    SG_LOG(SG_NASAL, SG_ALERT, "os.path: file operation on '" <<
+-        path<< "' access denied (relative paths not accepted; use "
+-        "realpath() to make a path absolute)");
+-  }
+-
+-  perm.read  = path.isAbsolute() && !SGPath(path).validate(false).isNull();
+-  perm.write = path.isAbsolute() && !SGPath(path).validate(true).isNull();
+-
+-  return perm;
+-}
+-
+ // TODO make exposing such function easier...
+ static naRef validatedPathToNasal( const nasal::CallContext& ctx,
+                                    const SGPath& p )
+ {
+-  return ctx.to_nasal( SGPathRef(new SGPath(p.utf8Str(), &checkIORules)) );
++    return ctx.to_nasal(SGPathRef(new SGPath(p.utf8Str(),
++                                             &SGPath::NasalIORulesChecker)));
+ }
+ 
+ /**
+@@ -78,7 +62,8 @@
+  */
+ static naRef f_desktop(const nasal::CallContext& ctx)
+ {
+-  return validatedPathToNasal(ctx, SGPath::desktop(SGPath(&checkIORules)));
++    return validatedPathToNasal(
++        ctx, SGPath::desktop(SGPath(&SGPath::NasalIORulesChecker)));
+ }
+ 
+ /**
diff -Nru flightgear-2020.3.16+dfsg/debian/patches/series flightgear-2020.3.16+dfsg/debian/patches/series
--- flightgear-2020.3.16+dfsg/debian/patches/series	2022-10-26 17:50:15.000000000 +0000
+++ flightgear-2020.3.16+dfsg/debian/patches/series	2025-01-29 10:15:51.000000000 +0000
@@ -9,3 +9,4 @@
 0009-Disable-some-newly-failing-tests.patch
 0010-Ignore-some-more-tests.patch
 0011-test-compilation-fix.patch
+Move-checkIORules-to-SGPathNasalIORulesChecker.patch