Changes 1.1.1:

Use secure_getenv(3) to improve security

This patch is in response to the following security vulnerabilities
(CVEs) reported to NVIDIA against libvdpau:

CVE-2015-5198
CVE-2015-5199
CVE-2015-5200

To address these CVEs, this patch:

- replaces all uses of getenv(3) with secure_getenv(3);
- uses secure_getenv(3) when available, with a fallback option;
- protects VDPAU_DRIVER against directory traversal by checking for '/'

On platforms where secure_getenv(3) is not available, the C preprocessor
will print a warning at compile time. Then, a preprocessor macro will
replace secure_getenv(3) with our getenv_wrapper(), which utilizes the check:

  getuid() == geteuid() && getgid() == getegid()

See getuid(2) and getgid(2) for further details.

5 files changed, 23 insertions, 34 deletions

diff --git a/multimedia/libvdpau/Makefile b/multimedia/libvdpau/Makefile
index 8ab2c9a2280..d8d962071e7 100644
--- a/multimedia/libvdpau/Makefile
+++ b/multimedia/libvdpau/Makefile
@@ -1,37 +1,29 @@
-# $NetBSD: Makefile,v 1.9 2016/04/11 04:22:34 dbj Exp $
-#
+# $NetBSD: Makefile,v 1.10 2017/01/23 18:20:59 adam Exp $
 
-DISTNAME=	libvdpau-0.5
+DISTNAME=	libvdpau-1.1.1
 CATEGORIES=	multimedia
 MASTER_SITES=	http://people.freedesktop.org/~aplattner/vdpau/
+EXTRACT_SUFX=	.tar.bz2
 
 MAINTAINER=	cheusov@NetBSD.org
 HOMEPAGE=	http://http.download.nvidia.com/XFree86/vdpau/doxygen/html/index.html
 COMMENT=	Video Decode and Presentation API for Unix
 LICENSE=	mit
 
-GNU_CONFIGURE=	yes
-USE_LIBTOOL=	yes
-USE_TOOLS+=	pkg-config gmake
-USE_LANGUAGES=	c c++
+USE_LIBTOOL=		yes
+USE_TOOLS+=		pkg-config gmake
+USE_LANGUAGES=		c c++
+GNU_CONFIGURE=		yes
 CONFIGURE_ARGS+=	--disable-documentation
 
-AUTO_MKDIRS=	yes
-
 PKGCONFIG_OVERRIDE+=	vdpau.pc.in
 
-DOCDIR=		${PREFIX}/share/doc/libvdpau
 EGDIR=		${PREFIX}/share/examples/libvdpau
 CONF_FILES=	${EGDIR}/vdpau_wrapper.cfg \
 		${PKG_SYSCONFDIR}/vdpau_wrapper.cfg
 
 INSTALL_MAKE_FLAGS=	sysconfdir=${EGDIR}
 
-DOCFILES=		README NEWS COPYING AUTHORS
-post-install:
-	set -e; cd ${WRKSRC}; \
-	${INSTALL_DATA} ${DOCFILES} ${DESTDIR}${DOCDIR}
-
 .include "available.mk"
 .if ${VDPAU_AVAILABLE} == no
 PKG_SKIP_REASON+=	"VDPAU is not available on this platform"
diff --git a/multimedia/libvdpau/PLIST b/multimedia/libvdpau/PLIST
index 28877ab4a61..2f945c27fe4 100644
--- a/multimedia/libvdpau/PLIST
+++ b/multimedia/libvdpau/PLIST
@@ -1,11 +1,7 @@
-@comment $NetBSD: PLIST,v 1.2 2012/12/02 12:15:08 cheusov Exp $
+@comment $NetBSD: PLIST,v 1.3 2017/01/23 18:20:59 adam Exp $
 include/vdpau/vdpau.h
 include/vdpau/vdpau_x11.h
 lib/libvdpau.la
 lib/pkgconfig/vdpau.pc
 lib/vdpau/libvdpau_trace.la
-share/doc/libvdpau/AUTHORS
-share/doc/libvdpau/COPYING
-share/doc/libvdpau/NEWS
-share/doc/libvdpau/README
 share/examples/libvdpau/vdpau_wrapper.cfg
diff --git a/multimedia/libvdpau/available.mk b/multimedia/libvdpau/available.mk
index 2c1d79ec83d..8a01c985b9b 100644
--- a/multimedia/libvdpau/available.mk
+++ b/multimedia/libvdpau/available.mk
@@ -1,4 +1,4 @@
-# $NetBSD: available.mk,v 1.4 2017/01/22 10:58:47 maya Exp $
+# $NetBSD: available.mk,v 1.5 2017/01/23 18:20:59 adam Exp $
 
 .include "../../mk/bsd.prefs.mk"
 
@@ -15,10 +15,10 @@
 #  && !empty(OS_VERSION:M5.1[0-9]*)
 #VDPAU_AVAILABLE=	yes
 #.else
-#VDPAU_AVAILABLE=	no
+VDPAU_AVAILABLE=	no
 #.endif
 
 # XXX even these restrictions seem arbitrary
-.if (${MACHINE_ARCH} == "i386" || ${MACHINE_ARCH} == "x86_64")
+.if ${OPSYS} != "Darwin" && (${MACHINE_ARCH} == "i386" || ${MACHINE_ARCH} == "x86_64")
 VDPAU_AVAILABLE=	yes
 .endif
diff --git a/multimedia/libvdpau/distinfo b/multimedia/libvdpau/distinfo
index 4805759425d..d6283a97b42 100644
--- a/multimedia/libvdpau/distinfo
+++ b/multimedia/libvdpau/distinfo
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.5 2015/11/03 23:54:29 agc Exp $
+$NetBSD: distinfo,v 1.6 2017/01/23 18:20:59 adam Exp $
 
-SHA1 (libvdpau-0.5.tar.gz) = 1b18b8f75eea52740af84881313d860ad5c27d0b
-RMD160 (libvdpau-0.5.tar.gz) = d189dff51a745945c7140bea70b1af20288872e4
-SHA512 (libvdpau-0.5.tar.gz) = 756d7d1647c79fd63d2a49f125303259b6457b84be6f7cf3070063e8919810e94ef4205acac892e4ff96bdad0a4933a1dbf17ebb0b3f770c286c7264f910240c
-Size (libvdpau-0.5.tar.gz) = 478945 bytes
-SHA1 (patch-src_Makefile.in) = eee1081fdc114e7bcd8c1a74b8fa60c2f4d479dc
+SHA1 (libvdpau-1.1.1.tar.bz2) = 86516e2a962fd34f65d49115d6ddf15fd912f579
+RMD160 (libvdpau-1.1.1.tar.bz2) = caac0b909cea14af4c5b2df681c10572b48f5e77
+SHA512 (libvdpau-1.1.1.tar.bz2) = 723515365db1116078deb822592260daff933f3a780d43fdabbd3fd2889ae397ffba97972360dac1ee4090dc68cbc634b6b1e3d0c56f83d1df4c21e3ec601175
+Size (libvdpau-1.1.1.tar.bz2) = 429576 bytes
+SHA1 (patch-src_Makefile.in) = fdacb1106c50852484202edde01cf45e1ded8c9f
diff --git a/multimedia/libvdpau/patches/patch-src_Makefile.in b/multimedia/libvdpau/patches/patch-src_Makefile.in
index c0d5e3ec909..23e8b114180 100644
--- a/multimedia/libvdpau/patches/patch-src_Makefile.in
+++ b/multimedia/libvdpau/patches/patch-src_Makefile.in
@@ -1,10 +1,11 @@
-$NetBSD: patch-src_Makefile.in,v 1.1 2011/02/20 14:24:05 wiz Exp $
+$NetBSD: patch-src_Makefile.in,v 1.2 2017/01/23 18:20:59 adam Exp $
 
 Fix for SunOS/SunStudio/Sun ld
---- src/Makefile.in.orig	2010-09-08 20:07:03.000000000 +0300
-+++ src/Makefile.in	2011-02-25 07:33:48.524607086 +0200
-@@ -249,7 +249,7 @@
-     $(DLOPEN_LIBS) \
+
+--- src/Makefile.in.orig	2015-08-31 21:00:08.000000000 +0000
++++ src/Makefile.in
+@@ -370,7 +370,7 @@ libvdpau_la_LIBADD = \
+     $(PTHREAD_LIBS) \
      $(XEXT_LIBS)
  
 -libvdpau_la_LDFLAGS = -version-info 1:0:0 -no-undefined