Changes 1.1.1:

Use secure_getenv(3) to improve security

This patch is in response to the following security vulnerabilities
(CVEs) reported to NVIDIA against libvdpau:

CVE-2015-5198
CVE-2015-5199
CVE-2015-5200

To address these CVEs, this patch:

- replaces all uses of getenv(3) with secure_getenv(3);
- uses secure_getenv(3) when available, with a fallback option;
- protects VDPAU_DRIVER against directory traversal by checking for '/'

On platforms where secure_getenv(3) is not available, the C preprocessor
will print a warning at compile time. Then, a preprocessor macro will
replace secure_getenv(3) with our getenv_wrapper(), which utilizes the check:

  getuid() == geteuid() && getgid() == getegid()

See getuid(2) and getgid(2) for further details.

1 files changed, 3 insertions, 3 deletions

diff --git a/multimedia/libvdpau/available.mk b/multimedia/libvdpau/available.mk
index 2c1d79ec83d..8a01c985b9b 100644
--- a/multimedia/libvdpau/available.mk
+++ b/multimedia/libvdpau/available.mk
@@ -1,4 +1,4 @@
-# $NetBSD: available.mk,v 1.4 2017/01/22 10:58:47 maya Exp $
+# $NetBSD: available.mk,v 1.5 2017/01/23 18:20:59 adam Exp $
 
 .include "../../mk/bsd.prefs.mk"
 
@@ -15,10 +15,10 @@
 #  && !empty(OS_VERSION:M5.1[0-9]*)
 #VDPAU_AVAILABLE=	yes
 #.else
-#VDPAU_AVAILABLE=	no
+VDPAU_AVAILABLE=	no
 #.endif
 
 # XXX even these restrictions seem arbitrary
-.if (${MACHINE_ARCH} == "i386" || ${MACHINE_ARCH} == "x86_64")
+.if ${OPSYS} != "Darwin" && (${MACHINE_ARCH} == "i386" || ${MACHINE_ARCH} == "x86_64")
 VDPAU_AVAILABLE=	yes
 .endif