Version in base suite: 2020.3.16+dfsg-1

Base version: simgear_2020.3.16+dfsg-1
Target version: simgear_2020.3.16+dfsg-1+deb12u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/s/simgear/simgear_2020.3.16+dfsg-1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/s/simgear/simgear_2020.3.16+dfsg-1+deb12u1.dsc

 changelog                                                          |    9 +
 patches/cppbind-check-I-O-rules-when-auto-constructing-an-SG.patch |   80 ++++++++++
 patches/series                                                     |    1 
 3 files changed, 90 insertions(+)

diff -Nru simgear-2020.3.16+dfsg/debian/changelog simgear-2020.3.16+dfsg/debian/changelog
--- simgear-2020.3.16+dfsg/debian/changelog	2022-10-26 08:53:00.000000000 +0000
+++ simgear-2020.3.16+dfsg/debian/changelog	2025-01-29 10:02:29.000000000 +0000
@@ -1,3 +1,12 @@
+simgear (1:2020.3.16+dfsg-1+deb12u1) bookworm; urgency=medium
+
+  * Team upload.
+  * New patch: check I/O rules when auto-constructing an SGPath from
+    a Nasal scalar. Thanks to Florent Rougon <f.rougon@frougon.net>.
+    (CVE-2025-0781)
+
+ -- Dr. Tobias Quathamer <toddy@debian.org>  Wed, 29 Jan 2025 11:02:29 +0100
+
 simgear (1:2020.3.16+dfsg-1) unstable; urgency=medium
 
   * New upstream version 2020.3.16+dfsg
diff -Nru simgear-2020.3.16+dfsg/debian/patches/cppbind-check-I-O-rules-when-auto-constructing-an-SG.patch simgear-2020.3.16+dfsg/debian/patches/cppbind-check-I-O-rules-when-auto-constructing-an-SG.patch
--- simgear-2020.3.16+dfsg/debian/patches/cppbind-check-I-O-rules-when-auto-constructing-an-SG.patch	1970-01-01 00:00:00.000000000 +0000
+++ simgear-2020.3.16+dfsg/debian/patches/cppbind-check-I-O-rules-when-auto-constructing-an-SG.patch	2025-01-27 19:28:06.000000000 +0000
@@ -0,0 +1,80 @@
+From: Florent Rougon <f.rougon@frougon.net>
+Date: Tue, 21 Jan 2025 00:16:43 +0100
+Subject: cppbind: check I/O rules when auto-constructing an SGPath from a
+ Nasal scalar
+
+- Add static member function SGPath::NasalIORulesChecker as a
+  PermissionChecker (this is essentially checkIORules() moved from the
+  flightgear repository).
+
+- Use it in the from_nasal_helper() that creates an SGPath instance from
+  a Nasal scalar.
+---
+ simgear/misc/sg_path.cxx                           | 20 ++++++++++++++++++++
+ simgear/misc/sg_path.hxx                           |  7 +++++++
+ simgear/nasal/cppbind/detail/from_nasal_helper.cxx |  3 ++-
+ 3 files changed, 29 insertions(+), 1 deletion(-)
+
+diff --git a/simgear/misc/sg_path.cxx b/simgear/misc/sg_path.cxx
+index f0706cd..5709256 100644
+--- a/simgear/misc/sg_path.cxx
++++ b/simgear/misc/sg_path.cxx
+@@ -288,6 +288,26 @@ void SGPath::set_cached(bool cached)
+ // *                    Access permissions for Nasal code                    *
+ // ***************************************************************************
+ 
++// Static member function
++SGPath::Permissions SGPath::NasalIORulesChecker(const SGPath& path)
++{
++    Permissions perm;
++
++    if (!path.isAbsolute()) {
++        // SGPath caches permissions, which breaks for relative paths if the
++        // current directory changes.
++        SG_LOG(SG_NASAL, SG_ALERT,
++               "SGPath::NasalIORulesChecker(): file operation on '" <<
++               path.utf8Str() << "': access denied (relative paths not "
++               "accepted; use realpath() to obtain an absolute path)");
++    }
++
++    perm.read  = path.isAbsolute() && !path.validate(false).isNull();
++    perm.write = path.isAbsolute() && !path.validate(true).isNull();
++
++    return perm;
++}
++
+ // Static member function
+ void SGPath::clearListOfAllowedPaths(bool write)
+ {
+diff --git a/simgear/misc/sg_path.hxx b/simgear/misc/sg_path.hxx
+index 84194b6..f98c004 100644
+--- a/simgear/misc/sg_path.hxx
++++ b/simgear/misc/sg_path.hxx
+@@ -137,6 +137,13 @@ public:
+      */
+     SGPath validate(bool write) const;
+ 
++    /**
++     * Normal PermissionChecker for SGPath instances created from Nasal.
++     * @param path an SGPath instance
++     * @return read and write permissions conforming to validate()
++     */
++    static Permissions NasalIORulesChecker(const SGPath& path);
++
+     /**
+      * Append another piece to the existing path.  Inserts a path
+      * separator between the existing component and the new component.
+diff --git a/simgear/nasal/cppbind/detail/from_nasal_helper.cxx b/simgear/nasal/cppbind/detail/from_nasal_helper.cxx
+index 160d69b..e404877 100644
+--- a/simgear/nasal/cppbind/detail/from_nasal_helper.cxx
++++ b/simgear/nasal/cppbind/detail/from_nasal_helper.cxx
+@@ -61,7 +61,8 @@ namespace nasal
+   SGPath from_nasal_helper(naContext c, naRef ref, const SGPath*)
+   {
+       naRef na_str = naStringValue(c, ref);
+-      return SGPath(std::string(naStr_data(na_str), naStr_len(na_str)));
++      return SGPath(std::string(naStr_data(na_str), naStr_len(na_str)),
++                    &SGPath::NasalIORulesChecker);
+   }
+ 
+   //----------------------------------------------------------------------------
diff -Nru simgear-2020.3.16+dfsg/debian/patches/series simgear-2020.3.16+dfsg/debian/patches/series
--- simgear-2020.3.16+dfsg/debian/patches/series	2022-10-24 11:25:38.000000000 +0000
+++ simgear-2020.3.16+dfsg/debian/patches/series	2025-01-29 10:01:41.000000000 +0000
@@ -5,3 +5,4 @@
 disable_network_tests.patch
 spelling_fixes.patch
 fix-ftbfs-on-armel-armhf.patch
+cppbind-check-I-O-rules-when-auto-constructing-an-SG.patch