diff options
author | adam <adam> | 2017-01-23 18:20:59 +0000 |
---|---|---|
committer | adam <adam> | 2017-01-23 18:20:59 +0000 |
commit | 47b595ce0ab8d109ad3e356a0cc1095c7d151737 (patch) | |
tree | 02958687f8b757334a82730857052abdff722423 /multimedia/libvdpau/available.mk | |
parent | 57436e3e39569b47be4a8ff4e4ddeb411e15b037 (diff) | |
download | pkgsrc-47b595ce0ab8d109ad3e356a0cc1095c7d151737.tar.gz |
Changes 1.1.1:
Use secure_getenv(3) to improve security
This patch is in response to the following security vulnerabilities
(CVEs) reported to NVIDIA against libvdpau:
CVE-2015-5198
CVE-2015-5199
CVE-2015-5200
To address these CVEs, this patch:
- replaces all uses of getenv(3) with secure_getenv(3);
- uses secure_getenv(3) when available, with a fallback option;
- protects VDPAU_DRIVER against directory traversal by checking for '/'
On platforms where secure_getenv(3) is not available, the C preprocessor
will print a warning at compile time. Then, a preprocessor macro will
replace secure_getenv(3) with our getenv_wrapper(), which utilizes the check:
getuid() == geteuid() && getgid() == getegid()
See getuid(2) and getgid(2) for further details.
Diffstat (limited to 'multimedia/libvdpau/available.mk')
-rw-r--r-- | multimedia/libvdpau/available.mk | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/multimedia/libvdpau/available.mk b/multimedia/libvdpau/available.mk index 2c1d79ec83d..8a01c985b9b 100644 --- a/multimedia/libvdpau/available.mk +++ b/multimedia/libvdpau/available.mk @@ -1,4 +1,4 @@ -# $NetBSD: available.mk,v 1.4 2017/01/22 10:58:47 maya Exp $ +# $NetBSD: available.mk,v 1.5 2017/01/23 18:20:59 adam Exp $ .include "../../mk/bsd.prefs.mk" @@ -15,10 +15,10 @@ # && !empty(OS_VERSION:M5.1[0-9]*) #VDPAU_AVAILABLE= yes #.else -#VDPAU_AVAILABLE= no +VDPAU_AVAILABLE= no #.endif # XXX even these restrictions seem arbitrary -.if (${MACHINE_ARCH} == "i386" || ${MACHINE_ARCH} == "x86_64") +.if ${OPSYS} != "Darwin" && (${MACHINE_ARCH} == "i386" || ${MACHINE_ARCH} == "x86_64") VDPAU_AVAILABLE= yes .endif |