CVS commit: pkgsrc/multimedia/libvdpau

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/multimedia/libvdpau
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Mon, 23 Jan 2017 18:20:59 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Mon Jan 23 18:20:59 UTC 2017

Modified Files:
        pkgsrc/multimedia/libvdpau: Makefile PLIST available.mk distinfo
        pkgsrc/multimedia/libvdpau/patches: patch-src_Makefile.in

Log Message:
Changes 1.1.1:
Use secure_getenv(3) to improve security

This patch is in response to the following security vulnerabilities
(CVEs) reported to NVIDIA against libvdpau:

CVE-2015-5198
CVE-2015-5199
CVE-2015-5200

To address these CVEs, this patch:

- replaces all uses of getenv(3) with secure_getenv(3);
- uses secure_getenv(3) when available, with a fallback option;
- protects VDPAU_DRIVER against directory traversal by checking for '/'

On platforms where secure_getenv(3) is not available, the C preprocessor
will print a warning at compile time. Then, a preprocessor macro will
replace secure_getenv(3) with our getenv_wrapper(), which utilizes the check:

  getuid() == geteuid() && getgid() == getegid()

See getuid(2) and getgid(2) for further details.


To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 pkgsrc/multimedia/libvdpau/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/multimedia/libvdpau/PLIST
cvs rdiff -u -r1.4 -r1.5 pkgsrc/multimedia/libvdpau/available.mk
cvs rdiff -u -r1.5 -r1.6 pkgsrc/multimedia/libvdpau/distinfo
cvs rdiff -u -r1.1 -r1.2 \
    pkgsrc/multimedia/libvdpau/patches/patch-src_Makefile.in

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/multimedia/libvdpau/Makefile
diff -u pkgsrc/multimedia/libvdpau/Makefile:1.9 pkgsrc/multimedia/libvdpau/Makefile:1.10
--- pkgsrc/multimedia/libvdpau/Makefile:1.9     Mon Apr 11 04:22:34 2016
+++ pkgsrc/multimedia/libvdpau/Makefile Mon Jan 23 18:20:59 2017
@@ -1,37 +1,29 @@
-# $NetBSD: Makefile,v 1.9 2016/04/11 04:22:34 dbj Exp $
-#
+# $NetBSD: Makefile,v 1.10 2017/01/23 18:20:59 adam Exp $
 
-DISTNAME=      libvdpau-0.5
+DISTNAME=      libvdpau-1.1.1
 CATEGORIES=    multimedia
 MASTER_SITES=  http://people.freedesktop.org/~aplattner/vdpau/
+EXTRACT_SUFX=  .tar.bz2
 
 MAINTAINER=    cheusov%NetBSD.org@localhost
 HOMEPAGE=      http://http.download.nvidia.com/XFree86/vdpau/doxygen/html/index.html
 COMMENT=       Video Decode and Presentation API for Unix
 LICENSE=       mit
 
-GNU_CONFIGURE= yes
-USE_LIBTOOL=   yes
-USE_TOOLS+=    pkg-config gmake
-USE_LANGUAGES= c c++
+USE_LIBTOOL=           yes
+USE_TOOLS+=            pkg-config gmake
+USE_LANGUAGES=         c c++
+GNU_CONFIGURE=         yes
 CONFIGURE_ARGS+=       --disable-documentation
 
-AUTO_MKDIRS=   yes
-
 PKGCONFIG_OVERRIDE+=   vdpau.pc.in
 
-DOCDIR=                ${PREFIX}/share/doc/libvdpau
 EGDIR=         ${PREFIX}/share/examples/libvdpau
 CONF_FILES=    ${EGDIR}/vdpau_wrapper.cfg \
                ${PKG_SYSCONFDIR}/vdpau_wrapper.cfg
 
 INSTALL_MAKE_FLAGS=    sysconfdir=${EGDIR}
 
-DOCFILES=              README NEWS COPYING AUTHORS
-post-install:
-       set -e; cd ${WRKSRC}; \
-       ${INSTALL_DATA} ${DOCFILES} ${DESTDIR}${DOCDIR}
-
 .include "available.mk"
 .if ${VDPAU_AVAILABLE} == no
 PKG_SKIP_REASON+=      "VDPAU is not available on this platform"

Index: pkgsrc/multimedia/libvdpau/PLIST
diff -u pkgsrc/multimedia/libvdpau/PLIST:1.2 pkgsrc/multimedia/libvdpau/PLIST:1.3
--- pkgsrc/multimedia/libvdpau/PLIST:1.2        Sun Dec  2 12:15:08 2012
+++ pkgsrc/multimedia/libvdpau/PLIST    Mon Jan 23 18:20:59 2017
@@ -1,11 +1,7 @@
-@comment $NetBSD: PLIST,v 1.2 2012/12/02 12:15:08 cheusov Exp $
+@comment $NetBSD: PLIST,v 1.3 2017/01/23 18:20:59 adam Exp $
 include/vdpau/vdpau.h
 include/vdpau/vdpau_x11.h
 lib/libvdpau.la
 lib/pkgconfig/vdpau.pc
 lib/vdpau/libvdpau_trace.la
-share/doc/libvdpau/AUTHORS
-share/doc/libvdpau/COPYING
-share/doc/libvdpau/NEWS
-share/doc/libvdpau/README
 share/examples/libvdpau/vdpau_wrapper.cfg

Index: pkgsrc/multimedia/libvdpau/available.mk
diff -u pkgsrc/multimedia/libvdpau/available.mk:1.4 pkgsrc/multimedia/libvdpau/available.mk:1.5
--- pkgsrc/multimedia/libvdpau/available.mk:1.4 Sun Jan 22 10:58:47 2017
+++ pkgsrc/multimedia/libvdpau/available.mk     Mon Jan 23 18:20:59 2017
@@ -1,4 +1,4 @@
-# $NetBSD: available.mk,v 1.4 2017/01/22 10:58:47 maya Exp $
+# $NetBSD: available.mk,v 1.5 2017/01/23 18:20:59 adam Exp $
 
 .include "../../mk/bsd.prefs.mk"
 
@@ -15,10 +15,10 @@
 #  && !empty(OS_VERSION:M5.1[0-9]*)
 #VDPAU_AVAILABLE=      yes
 #.else
-#VDPAU_AVAILABLE=      no
+VDPAU_AVAILABLE=       no
 #.endif
 
 # XXX even these restrictions seem arbitrary
-.if (${MACHINE_ARCH} == "i386" || ${MACHINE_ARCH} == "x86_64")
+.if ${OPSYS} != "Darwin" && (${MACHINE_ARCH} == "i386" || ${MACHINE_ARCH} == "x86_64")
 VDPAU_AVAILABLE=       yes
 .endif

Index: pkgsrc/multimedia/libvdpau/distinfo
diff -u pkgsrc/multimedia/libvdpau/distinfo:1.5 pkgsrc/multimedia/libvdpau/distinfo:1.6
--- pkgsrc/multimedia/libvdpau/distinfo:1.5     Tue Nov  3 23:54:29 2015
+++ pkgsrc/multimedia/libvdpau/distinfo Mon Jan 23 18:20:59 2017
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.5 2015/11/03 23:54:29 agc Exp $
+$NetBSD: distinfo,v 1.6 2017/01/23 18:20:59 adam Exp $
 
-SHA1 (libvdpau-0.5.tar.gz) = 1b18b8f75eea52740af84881313d860ad5c27d0b
-RMD160 (libvdpau-0.5.tar.gz) = d189dff51a745945c7140bea70b1af20288872e4
-SHA512 (libvdpau-0.5.tar.gz) = 756d7d1647c79fd63d2a49f125303259b6457b84be6f7cf3070063e8919810e94ef4205acac892e4ff96bdad0a4933a1dbf17ebb0b3f770c286c7264f910240c
-Size (libvdpau-0.5.tar.gz) = 478945 bytes
-SHA1 (patch-src_Makefile.in) = eee1081fdc114e7bcd8c1a74b8fa60c2f4d479dc
+SHA1 (libvdpau-1.1.1.tar.bz2) = 86516e2a962fd34f65d49115d6ddf15fd912f579
+RMD160 (libvdpau-1.1.1.tar.bz2) = caac0b909cea14af4c5b2df681c10572b48f5e77
+SHA512 (libvdpau-1.1.1.tar.bz2) = 723515365db1116078deb822592260daff933f3a780d43fdabbd3fd2889ae397ffba97972360dac1ee4090dc68cbc634b6b1e3d0c56f83d1df4c21e3ec601175
+Size (libvdpau-1.1.1.tar.bz2) = 429576 bytes
+SHA1 (patch-src_Makefile.in) = fdacb1106c50852484202edde01cf45e1ded8c9f

Index: pkgsrc/multimedia/libvdpau/patches/patch-src_Makefile.in
diff -u pkgsrc/multimedia/libvdpau/patches/patch-src_Makefile.in:1.1 pkgsrc/multimedia/libvdpau/patches/patch-src_Makefile.in:1.2
--- pkgsrc/multimedia/libvdpau/patches/patch-src_Makefile.in:1.1        Sun Feb 20 14:24:05 2011
+++ pkgsrc/multimedia/libvdpau/patches/patch-src_Makefile.in    Mon Jan 23 18:20:59 2017
@@ -1,10 +1,11 @@
-$NetBSD: patch-src_Makefile.in,v 1.1 2011/02/20 14:24:05 wiz Exp $
+$NetBSD: patch-src_Makefile.in,v 1.2 2017/01/23 18:20:59 adam Exp $
 
 Fix for SunOS/SunStudio/Sun ld
---- src/Makefile.in.orig       2010-09-08 20:07:03.000000000 +0300
-+++ src/Makefile.in    2011-02-25 07:33:48.524607086 +0200
-@@ -249,7 +249,7 @@
-     $(DLOPEN_LIBS) \
+
+--- src/Makefile.in.orig       2015-08-31 21:00:08.000000000 +0000
++++ src/Makefile.in
+@@ -370,7 +370,7 @@ libvdpau_la_LIBADD = \
+     $(PTHREAD_LIBS) \
      $(XEXT_LIBS)
  
 -libvdpau_la_LDFLAGS = -version-info 1:0:0 -no-undefined

Prev by Date: CVS commit: pkgsrc/misc/screen/patches
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/misc/screen/patches
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index