Please consider the attached patch.
Raw file:
https://salsa.debian.org/friki/slic3r-prusa/-/raw/1d54f79dc7108515aeb62d2dab4918aea1ffd0e7/debian/patches/Secured-self-updates-and-disable-by-default.patch
Merge Request:
https://salsa.debian.org/3dprinting-team/slic3r-prusa/-/merge_requests/1
--
Antoni Villalonga
https://friki.cat/
From: Antoni Villalonga
Date: Sun, 09 Aug 2020 00:15:17 +0200
Subject: Secure self-updates and disable by default
Bug-Debian: http://bugs.debian.org/961903
Forwarded: not-needed
--- a/src/slic3r/GUI/AppConfig.cpp
+++ b/src/slic3r/GUI/AppConfig.cpp
@@ -57,9 +57,9 @@
set("show_incompatible_presets", "0");
if (get("version_check").empty())
-set("version_check", "1");
+set("version_check", "0");
if (get("preset_update").empty())
-set("preset_update", "1");
+set("preset_update", "0");
if (get("export_sources_full_pathnames").empty())
set("export_sources_full_pathnames", "0");
--- a/resources/profiles/BIBO.ini
+++ b/resources/profiles/BIBO.ini
@@ -7,7 +7,7 @@
# This means, the server may force the PrusaSlicer configuration to be downgraded.
config_version = 0.0.1
# Where to get the updates from?
-config_update_url = http://files.prusa3d.com/wp-content/uploads/repository/PrusaSlicer-settings-master/live/BIBO/
+config_update_url = https://files.prusa3d.com/wp-content/uploads/repository/PrusaSlicer-settings-master/live/BIBO/
# The printer models will be shown by the Configuration Wizard in this order,
# also the first model installed & the first nozzle installed will be activated after install.
--- a/resources/profiles/Creality.ini
+++ b/resources/profiles/Creality.ini
@@ -7,8 +7,8 @@
# This means, the server may force the PrusaSlicer configuration to be downgraded.
config_version = 0.0.2
# Where to get the updates from?
-config_update_url = http://files.prusa3d.com/wp-content/uploads/repository/PrusaSlicer-settings-master/live/Creality/
-# changelog_url = http://files.prusa3d.com/?latest=slicer-profiles=%1%
+config_update_url = https://files.prusa3d.com/wp-content/uploads/repository/PrusaSlicer-settings-master/live/Creality/
+# changelog_url = https://files.prusa3d.com/?latest=slicer-profiles=%1%
# The printer models will be shown by the Configuration Wizard in this order,
# also the first model installed & the first nozzle installed will be activated after install.
--- a/resources/profiles/LulzBot.ini
+++ b/resources/profiles/LulzBot.ini
@@ -4,7 +4,7 @@
# Vendor name will be shown by the Config Wizard.
name = LulzBot
config_version = 0.0.1
-config_update_url = http://files.prusa3d.com/wp-content/uploads/repository/PrusaSlicer-settings-master/live/LulzBot/
+config_update_url = https://files.prusa3d.com/wp-content/uploads/repository/PrusaSlicer-settings-master/live/LulzBot/
[printer_model:MINI_AERO]
name = Mini Aero
--- a/resources/profiles/PrusaResearch.ini
+++ b/resources/profiles/PrusaResearch.ini
@@ -7,8 +7,8 @@
# This means, the server may force the PrusaSlicer configuration to be downgraded.
config_version = 1.1.2
# Where to get the updates from?
-config_update_url = http://files.prusa3d.com/wp-content/uploads/repository/PrusaSlicer-settings-master/live/PrusaResearch/
-changelog_url = http://files.prusa3d.com/?latest=slicer-profiles=%1%
+config_update_url = https://files.prusa3d.com/wp-content/uploads/repository/PrusaSlicer-settings-master/live/PrusaResearch/
+changelog_url = https://files.prusa3d.com/?latest=slicer-profiles=%1%
# The printer models will be shown by the Configuration Wizard in this order,
# also the first model installed & the first nozzle installed will be activated after install.
--- a/src/slic3r/GUI/UpdateDialogs.cpp
+++ b/src/slic3r/GUI/UpdateDialogs.cpp
@@ -25,7 +25,7 @@
namespace GUI {
-static const char* URL_CHANGELOG = "http://files.prusa3d.com/?latest=slicer-stable=%1%;;
+static const char* URL_CHANGELOG = "https://files.prusa3d.com/?latest=slicer-stable=%1%;;
static const char* URL_DOWNLOAD = "https://www.prusa3d.com/downloads=%1%;;
static const char* URL_DEV = "https://github.com/prusa3d/PrusaSlicer/releases/tag/version_%1%;;
--- a/src/slic3r/Utils/PresetUpdater.cpp
+++ b/src/slic3r/Utils/PresetUpdater.cpp
@@ -301,7 +301,7 @@
const std::string idx_path = (cache_path / (vendor.id + ".idx")).string();
const std::string idx_path_temp = idx_path + "-update";
//check if idx_url is leading to our site
- if (! boost::starts_with(idx_url, "http://files.prusa3d.com/wp-content/uploads/repository/;))
+ if (! boost::starts_with(idx_url, "https://files.prusa3d.com/wp-content/uploads/repository/;))
{
BOOST_LOG_TRIVIAL(warning) << "unsafe url path for vendor \"" << vendor.name << "\" rejected: " << idx_url;
continue;