pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/multimedia/libvdpau Changes 1.1.1:

details:   https://anonhg.NetBSD.org/pkgsrc/rev/31226800f22d
branches:  trunk
changeset: 357577:31226800f22d
user:      adam <adam%pkgsrc.org@localhost>
date:      Mon Jan 23 18:20:59 2017 +0000

description:
Changes 1.1.1:
Use secure_getenv(3) to improve security

This patch is in response to the following security vulnerabilities
(CVEs) reported to NVIDIA against libvdpau:

CVE-2015-5198
CVE-2015-5199
CVE-2015-5200

To address these CVEs, this patch:

- replaces all uses of getenv(3) with secure_getenv(3);
- uses secure_getenv(3) when available, with a fallback option;
- protects VDPAU_DRIVER against directory traversal by checking for '/'

On platforms where secure_getenv(3) is not available, the C preprocessor
will print a warning at compile time. Then, a preprocessor macro will
replace secure_getenv(3) with our getenv_wrapper(), which utilizes the check:

  getuid() == geteuid() && getgid() == getegid()

See getuid(2) and getgid(2) for further details.

diffstat:

 multimedia/libvdpau/Makefile                      |  22 +++++++---------------
 multimedia/libvdpau/PLIST                         |   6 +-----
 multimedia/libvdpau/available.mk                  |   6 +++---
 multimedia/libvdpau/distinfo                      |  12 ++++++------
 multimedia/libvdpau/patches/patch-src_Makefile.in |  11 ++++++-----
 5 files changed, 23 insertions(+), 34 deletions(-)

diffs (123 lines):

diff -r 1b22e7a9c8f9 -r 31226800f22d multimedia/libvdpau/Makefile
--- a/multimedia/libvdpau/Makefile      Mon Jan 23 17:58:06 2017 +0000
+++ b/multimedia/libvdpau/Makefile      Mon Jan 23 18:20:59 2017 +0000
@@ -1,37 +1,29 @@
-# $NetBSD: Makefile,v 1.9 2016/04/11 04:22:34 dbj Exp $
-#
+# $NetBSD: Makefile,v 1.10 2017/01/23 18:20:59 adam Exp $
 
-DISTNAME=      libvdpau-0.5
+DISTNAME=      libvdpau-1.1.1
 CATEGORIES=    multimedia
 MASTER_SITES=  http://people.freedesktop.org/~aplattner/vdpau/
+EXTRACT_SUFX=  .tar.bz2
 
 MAINTAINER=    cheusov%NetBSD.org@localhost
 HOMEPAGE=      http://http.download.nvidia.com/XFree86/vdpau/doxygen/html/index.html
 COMMENT=       Video Decode and Presentation API for Unix
 LICENSE=       mit
 
-GNU_CONFIGURE= yes
-USE_LIBTOOL=   yes
-USE_TOOLS+=    pkg-config gmake
-USE_LANGUAGES= c c++
+USE_LIBTOOL=           yes
+USE_TOOLS+=            pkg-config gmake
+USE_LANGUAGES=         c c++
+GNU_CONFIGURE=         yes
 CONFIGURE_ARGS+=       --disable-documentation
 
-AUTO_MKDIRS=   yes
-
 PKGCONFIG_OVERRIDE+=   vdpau.pc.in
 
-DOCDIR=                ${PREFIX}/share/doc/libvdpau
 EGDIR=         ${PREFIX}/share/examples/libvdpau
 CONF_FILES=    ${EGDIR}/vdpau_wrapper.cfg \
                ${PKG_SYSCONFDIR}/vdpau_wrapper.cfg
 
 INSTALL_MAKE_FLAGS=    sysconfdir=${EGDIR}
 
-DOCFILES=              README NEWS COPYING AUTHORS
-post-install:
-       set -e; cd ${WRKSRC}; \
-       ${INSTALL_DATA} ${DOCFILES} ${DESTDIR}${DOCDIR}
-
 .include "available.mk"
 .if ${VDPAU_AVAILABLE} == no
 PKG_SKIP_REASON+=      "VDPAU is not available on this platform"
diff -r 1b22e7a9c8f9 -r 31226800f22d multimedia/libvdpau/PLIST
--- a/multimedia/libvdpau/PLIST Mon Jan 23 17:58:06 2017 +0000
+++ b/multimedia/libvdpau/PLIST Mon Jan 23 18:20:59 2017 +0000
@@ -1,11 +1,7 @@
-@comment $NetBSD: PLIST,v 1.2 2012/12/02 12:15:08 cheusov Exp $
+@comment $NetBSD: PLIST,v 1.3 2017/01/23 18:20:59 adam Exp $
 include/vdpau/vdpau.h
 include/vdpau/vdpau_x11.h
 lib/libvdpau.la
 lib/pkgconfig/vdpau.pc
 lib/vdpau/libvdpau_trace.la
-share/doc/libvdpau/AUTHORS
-share/doc/libvdpau/COPYING
-share/doc/libvdpau/NEWS
-share/doc/libvdpau/README
 share/examples/libvdpau/vdpau_wrapper.cfg
diff -r 1b22e7a9c8f9 -r 31226800f22d multimedia/libvdpau/available.mk
--- a/multimedia/libvdpau/available.mk  Mon Jan 23 17:58:06 2017 +0000
+++ b/multimedia/libvdpau/available.mk  Mon Jan 23 18:20:59 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: available.mk,v 1.4 2017/01/22 10:58:47 maya Exp $
+# $NetBSD: available.mk,v 1.5 2017/01/23 18:20:59 adam Exp $
 
 .include "../../mk/bsd.prefs.mk"
 
@@ -15,10 +15,10 @@
 #  && !empty(OS_VERSION:M5.1[0-9]*)
 #VDPAU_AVAILABLE=      yes
 #.else
-#VDPAU_AVAILABLE=      no
+VDPAU_AVAILABLE=       no
 #.endif
 
 # XXX even these restrictions seem arbitrary
-.if (${MACHINE_ARCH} == "i386" || ${MACHINE_ARCH} == "x86_64")
+.if ${OPSYS} != "Darwin" && (${MACHINE_ARCH} == "i386" || ${MACHINE_ARCH} == "x86_64")
 VDPAU_AVAILABLE=       yes
 .endif
diff -r 1b22e7a9c8f9 -r 31226800f22d multimedia/libvdpau/distinfo
--- a/multimedia/libvdpau/distinfo      Mon Jan 23 17:58:06 2017 +0000
+++ b/multimedia/libvdpau/distinfo      Mon Jan 23 18:20:59 2017 +0000
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.5 2015/11/03 23:54:29 agc Exp $
+$NetBSD: distinfo,v 1.6 2017/01/23 18:20:59 adam Exp $
 
-SHA1 (libvdpau-0.5.tar.gz) = 1b18b8f75eea52740af84881313d860ad5c27d0b
-RMD160 (libvdpau-0.5.tar.gz) = d189dff51a745945c7140bea70b1af20288872e4
-SHA512 (libvdpau-0.5.tar.gz) = 756d7d1647c79fd63d2a49f125303259b6457b84be6f7cf3070063e8919810e94ef4205acac892e4ff96bdad0a4933a1dbf17ebb0b3f770c286c7264f910240c
-Size (libvdpau-0.5.tar.gz) = 478945 bytes
-SHA1 (patch-src_Makefile.in) = eee1081fdc114e7bcd8c1a74b8fa60c2f4d479dc
+SHA1 (libvdpau-1.1.1.tar.bz2) = 86516e2a962fd34f65d49115d6ddf15fd912f579
+RMD160 (libvdpau-1.1.1.tar.bz2) = caac0b909cea14af4c5b2df681c10572b48f5e77
+SHA512 (libvdpau-1.1.1.tar.bz2) = 723515365db1116078deb822592260daff933f3a780d43fdabbd3fd2889ae397ffba97972360dac1ee4090dc68cbc634b6b1e3d0c56f83d1df4c21e3ec601175
+Size (libvdpau-1.1.1.tar.bz2) = 429576 bytes
+SHA1 (patch-src_Makefile.in) = fdacb1106c50852484202edde01cf45e1ded8c9f
diff -r 1b22e7a9c8f9 -r 31226800f22d multimedia/libvdpau/patches/patch-src_Makefile.in
--- a/multimedia/libvdpau/patches/patch-src_Makefile.in Mon Jan 23 17:58:06 2017 +0000
+++ b/multimedia/libvdpau/patches/patch-src_Makefile.in Mon Jan 23 18:20:59 2017 +0000
@@ -1,10 +1,11 @@
-$NetBSD: patch-src_Makefile.in,v 1.1 2011/02/20 14:24:05 wiz Exp $
+$NetBSD: patch-src_Makefile.in,v 1.2 2017/01/23 18:20:59 adam Exp $
 
 Fix for SunOS/SunStudio/Sun ld
---- src/Makefile.in.orig       2010-09-08 20:07:03.000000000 +0300
-+++ src/Makefile.in    2011-02-25 07:33:48.524607086 +0200
-@@ -249,7 +249,7 @@
-     $(DLOPEN_LIBS) \
+
+--- src/Makefile.in.orig       2015-08-31 21:00:08.000000000 +0000
++++ src/Makefile.in
+@@ -370,7 +370,7 @@ libvdpau_la_LIBADD = \
+     $(PTHREAD_LIBS) \
      $(XEXT_LIBS)
  
 -libvdpau_la_LDFLAGS = -version-info 1:0:0 -no-undefined
Home | Main Index | Thread Index | Old Index