1
0
Fork 0
Commit graph

2606 commits

Author SHA1 Message Date
James Turner
e52e20b54f SHPParser 2015-11-27 23:02:42 +00:00
Rebecca N. Palmer
3e67417bf0 Initialise Qt earlier, and whenever available
(to allow it to be used for error boxes)
2015-11-24 07:21:52 +00:00
James Turner
97a5e15aaf Show paused message when starting frozen. 2015-11-23 00:48:20 +00:00
James Turner
a39df48772 Navaid diagram for launcher
- work in progress, needs labels
2015-11-23 00:47:01 +00:00
James Turner
56d7d049bc Launcher GUI for in-air / navaid starts 2015-11-23 00:46:25 +00:00
James Turner
1e213201cf Work on the launcher 2015-11-23 00:45:21 +00:00
Stuart Buchanan
660c38ce72 Fix for SEGFAULT when using multiple loggers.
Patch from Julian BREITENEICHER.
2015-11-22 17:11:36 +00:00
Rebecca N. Palmer
3e462f3056 fgValidatePath: allow Nasal to read user-set scenery directories
(but not the Terrasync directory, as Nasal can change that)
2015-11-22 11:27:39 +00:00
Rebecca N. Palmer
97f235173e fgValidatePath: documentation improvements 2015-11-22 11:03:00 +00:00
Rebecca N. Palmer
91dc448875 Simplify fgValidatePath + minor fix (requires simgear update)
Drop fgNormalizePath, use realpath() only
As this makes it accept relative paths, always use the returned
(absolute) version for the actual file operation to avoid check-to-use
races, or where this is not possible (NasalSGPath) explicitly reject
relative paths
Fix: do_save is a write, not a read
2015-11-21 21:37:19 +00:00
James Turner
29ef561ed9 Fix some inverted logic
- spotted by Thomas Geymayer!
2015-11-20 21:28:19 +00:00
Thomas Geymayer
fdf4a61ed5 fgcommand remove-subsystem: fix double delete/segfault. 2015-11-19 23:17:58 +01:00
James Turner
f110fc57d6 Fix enable/disable-freeze option.
- set /sim/freeze/clock as well as /sim/freeze/master

Fix by Hamza Alloush
2015-11-13 22:13:44 +00:00
James Turner
bf6ef6664c Fix for OSG 3.5 2015-11-13 22:13:44 +00:00
James Turner
ca1f8cddc9 Fix a package crash on startup. 2015-11-13 22:13:44 +00:00
James Turner
2314ccfe13 Developer-warnings
- make some existing warnings developer-mode only
- add a warning about legacy aircraft path usage
2015-11-13 22:13:44 +00:00
Florent Rougon
7198dec355 Use SGPath::realpath() on the value supplied for --aircraft-dir
* Before setting /sim/aircraft-dir from the --aircraft-dir option,
canonicalize its value with SGPath::realpath() as is already done in
FGGlobals::append_aircraft_path() for the paths given with --fg-aircraft
or via the FG_AIRCRAFT environment variable.

* This fixes a bug when --aircraft-dir is used, due to the fact that
fgValidatePath() canonicalizes its 'path' argument before matching it
against the allowed patterns, and therefore will not validate paths
under the directory specified with --aircraft-dir if this directory has
been given in a non-canonical form by the user (e.g., containing at
least one symlink component).

* This fix does not lower security: the path which is canonicalized has
been explicitely given by the user. This operation is already done for
all paths specified with --fg-aircraft or via the FG_AIRCRAFT
environment variable, via Options::initPaths() which calls
FGGlobals::append_aircraft_paths().

* To reproduce the bug, create a symlink (e.g., /tmp/aircrafts) to a
directory suitable for --fg-aircraft, then run:

  fgfs ... --fg-aircraft=/tmp/aircrafts \
           --aircraft-dir=/tmp/aircrafts/SenecaII --aircraft=SenecaII

This will trigger many failures such as:

  loadxml: reading '/tmp/aircrafts/SenecaII/Dialogs/registration.xml'
  denied (unauthorized directory - authorization no longer follows
  symlinks; to authorize reading additional directories, add them to
  --fg-aircraft)

(from do_load_xml_to_proptree() in flightgear/src/Main/fg_commands.cxx)

I have also tested this with the ec130b4 and the 777-200ER. Same
problem, same fix.
2015-10-06 21:54:50 +02:00
Florent Rougon
1d34b96d49 Don't load resources for the current aircraft from several aircraft dirs
* If one has the same aircraft in several aircraft directories,
  FlightGear should not mix resources from the various aircraft
  directories. For instance, if one starts FG with:

    --fg-aircraft=/my/personal/dir:/path/to/fgaddon/Aircraft

  and one has in /my/personal/dir/ec130 a clone of the upstream
  developer repo, FlightGear should use either the upstream version from
  /my/personal/dir/ec130 or the FGAddon version from
  /path/to/fgaddon/Aircraft/ec130, but not some strange, untested hybrid
  of both.

* This commit makes sure that when the looked-up resource starts with
  Aircraft/<ac>, where <ac> is the current aircraft name [last component
  of aircraftDir = fgGetString("/sim/aircraft-dir")], then
  AircraftResourceProvider::resolve() doesn't search other aircraft
  directories if the resource isn't found under 'aircraftDir'.

* To reproduce the bug before this commit, you may add the following
  code (there is nothing specific about the SenecaII here, it's just the
  aircraft I used for testing):

    var file_path = resolvepath("Aircraft/SenecaII/flo-test");
    if (file_path != "")
      gui.popupTip("flo-test found", 2);
    else
      gui.popupTip("flo-test not found", 2);

  in a keyboard binding for the SenecaII (for instance; you may use the
  F11 binding that otherwise only prints a short message). You should
  add this to the SenecaII/SenecaII-base.xml file *that will be loaded
  by FlightGear*, let's say the one under /my/personal/dir in the
  example above (beware of the <path-cache> in autosave_X_Y.xml). Then,
  by creating or removing a file named "flo-test" in the SenecaII
  subdirectory of other aircraft dirs (for instance,
  /path/to/fgaddon/Aircraft in the example above), you can see that the
  behavior of the loaded aircraft is influenced by the contents of
  unrelated versions of the same aircraft that might be present in other
  aircraft dirs (e.g., loaded /my/personal/dir/SenecaII influenced by
  /path/to/fgaddon/Aircraft/SenecaII).

* Aircrafts loading resources using paths relative to the current
  aircraft directory (e.g., with 'resolvepath("flo-test")') are not
  affected by this kind of problem, because this scheme is handled by
  CurrentAircraftDirProvider, which does not exhibit this bug.
2015-09-26 09:45:33 +02:00
James Turner
18a898f5f9 Lots of work on aircraft package support 2015-09-20 19:46:35 -05:00
Rebecca N. Palmer
e296ea5fe0 Nasal security: document that symlinks are no longer followed 2015-07-25 10:15:31 +01:00
Rebecca N. Palmer
e2cbacff90 fgValidatePath: remove overly fragile test case
Fix failure to start with non-standard TerraSync directory
2015-07-14 19:43:51 +01:00
Rebecca N. Palmer
6957a17434 fgValidatePath: fix \ vs / Windows bug 2015-07-14 08:00:22 +01:00
Rebecca N. Palmer
5b2ae615e5 avoid ERROR: The path '' does not exist... on startup
While harmless, it's an annoying distraction
2015-07-13 23:15:36 +01:00
Rebecca N. Palmer
e090a9da3f fgInitAllowedPaths: remove possibly invalid test paths 2015-07-13 22:53:23 +01:00
Torsten Dreyer
092707e78b Fix #1778: incorrect HUD values
negative latitude/longitude coordinates resulted in negative WEST/
SOUTH coordinates for the default format 0 (zero).
This should be now fixed so that
+12.3 gets formatted as 12.3N/E
-12.3 gets formatted as 12.3S/W
2015-07-13 16:23:56 +02:00
Rebecca N. Palmer
823d57bd53 Security: don't follow symlinks to forbidden directories
https://bugs.debian.org/780867

This messy approach is to minimise changes during freeze; for 3.7,
I plan to make realpath() handle non-existent files as "realpath
they would have if created now" and get rid of fgNormalizePath
2015-07-12 17:57:49 +01:00
Rebecca N. Palmer
1199d6d626 Security: don't pass a string to fgValidatePath then use the original
This is insecure because it always (not just on Windows) converts
\ to / before .. checking.  Either use the path it returns (as in
f_open()) or use an SGPath (where this conversion is already done)

Only a minor problem because the affected functions are limited to
the .sav file type
2015-07-12 17:49:21 +01:00
Torsten Dreyer
36113bf69d Cleanup: remove unused code and includes
no functional change
jpg-httpd functionality was moved into httpd with 3.4
cmd-line option still spits out a warning
2015-07-08 17:24:13 +02:00
James Turner
0f90a2e9f3 FLIGHTGEAR_VERSION is always set. 2015-06-08 10:37:26 +01:00
Durk Talsma
98682c0c68 Fix bug when starting using the --parkpos option. Create a pointer to a ParkingAssignment object, so that the reference counter doesn't get reset to 0 when the local class is destroyed. 2015-05-14 18:15:30 +02:00
James Turner
aa20e0acd8 Work on new download-dir option
- simplify management of a single, user-facing
  location for large downloaded data.
2015-04-10 15:01:54 +01:00
James Turner
73de4aeb86 Fix —show-aircraft with multiple aircraft dirs
Patch from Jens Thoms Toerring
2015-04-09 15:31:09 +01:00
Rebecca N. Palmer
659c5b9676 Fix spelling 2015-04-06 10:28:10 +01:00
Rebecca N. Palmer
14405fe2e3 Fix compile with CMake 3.2.1, by Kevin Seroux
Explicitly link X11, as this no longer comes with OpenGL
2015-04-03 19:15:52 +01:00
James Turner
f2d6b76b13 Portability: Fix compile errors on MSVC (cmath)
From Scott (xDraconian)
2015-03-24 11:11:42 -05:00
Rebecca N. Palmer
6cc98cb995 Improve error messages for system.fgfsrc removal
The original message (b5835c38b4)
was meaningless on Windows
2015-03-20 18:56:13 +00:00
Rebecca N. Palmer
51bfdc21e0 Nasal: remove /tmp/*.xml from allowed paths list
Appears unused, and shouldn't be used on Windows
2015-03-20 18:20:11 +00:00
James Turner
e0274af493 Percentage feedback during nav-cache build.
- also used by the GUI launcher for the same.
2015-03-19 12:01:38 -05:00
Torsten Dreyer
c26fb00049 etxtend "pause" command to force pause/continue 2015-03-14 22:33:06 +01:00
Rebecca N. Palmer
196c667266 Normalize the allowed paths as well (fix Windows breakage) 2015-03-13 22:40:35 +00:00
Torsten Dreyer
817297699f warning fix: use correct type for std::string::find reply 2015-03-13 22:57:03 +01:00
Rebecca N. Palmer
b5835c38b4 Disable system.fgfsrc
Together with the preceding few commits, this is intended
to make security independent of the data package
2015-03-13 18:14:51 +00:00
Rebecca N. Palmer
16784d590a Document that property write-protection is not a security measure
(Nasal can remove it)
2015-03-13 18:11:29 +00:00
Rebecca N. Palmer
9002696195 Make fgValidatePath always return std::string, not char * 2015-03-13 18:07:24 +00:00
Rebecca N. Palmer
6a30e7086e Stop using property listener for fgValidatePath
This was insecure: while removelistener() won't remove it, there are
other ways to remove a listener from Nasal
2015-03-13 17:54:44 +00:00
Torsten Dreyer
f7d476c856 extract RemoteXMLRequest to make it reusable 2015-03-11 18:50:11 +01:00
James Turner
11c2623dec Start wiring package manager into the launcher. 2015-03-11 17:09:59 +00:00
James Turner
2e452e78f3 Fix non-Qt build. 2015-03-08 09:40:44 +00:00
James Turner
c3543f8fdd GUI ‘restore defaults’ support.
- Hold ‘alt’ on launch to restore defaults, including launcher prefs.
2015-03-08 00:42:39 +00:00
James Turner
a466dbce73 Very crude work on GUI base package selection.
- feedback on wording greatly appreciated.
- needed to make nightly builds usable without bundled data.
2015-03-08 00:42:05 +00:00