Age | Commit message (Collapse) | Author | Files | Lines |
|
Use secure_getenv(3) to improve security
This patch is in response to the following security vulnerabilities
(CVEs) reported to NVIDIA against libvdpau:
CVE-2015-5198
CVE-2015-5199
CVE-2015-5200
To address these CVEs, this patch:
- replaces all uses of getenv(3) with secure_getenv(3);
- uses secure_getenv(3) when available, with a fallback option;
- protects VDPAU_DRIVER against directory traversal by checking for '/'
On platforms where secure_getenv(3) is not available, the C preprocessor
will print a warning at compile time. Then, a preprocessor macro will
replace secure_getenv(3) with our getenv_wrapper(), which utilizes the check:
getuid() == geteuid() && getgid() == getegid()
See getuid(2) and getgid(2) for further details.
|
|
there's no reason to - other operating systems have suitable drivers too,
and it doesn't break builds as far as I can tell.
PR pkg/51704, applying as maintainer did not respond.
|
|
|
|
Problems found locating distfiles:
Package adobe-flash-plugin11: missing distfile flash-plugin-11.2.202.540-release.i386.rpm
Package gmplayer: missing distfile mplayer/AlienMind-1.2.tar.bz2
Package gmplayer: missing distfile mplayer/BlueHeart-1.5.tar.bz2
Package gmplayer: missing distfile mplayer/CornerMP-aqua-1.4.tar.bz2
Package gmplayer: missing distfile mplayer/MPlayer-1.1.1.tar.xz
Package gmplayer: missing distfile mplayer/WMP6-2.2.tar.bz2
Package gmplayer: missing distfile mplayer/gnome-1.1.tar.bz2
Package gmplayer: missing distfile mplayer/hwswskin-1.3.tar.bz2
Package gmplayer: missing distfile mplayer/neutron-1.6.tar.bz2
Package gmplayer: missing distfile mplayer/plastic-1.3.tar.bz2
Package gmplayer: missing distfile mplayer/slim-1.3.tar.bz2
Package gmplayer: missing distfile mplayer/xine-lcd-1.2.tar.bz2
Package handbrake: missing distfile handbrake/HandBrake-0.9.3.tar.gz
Package handbrake: missing distfile handbrake/bzip2-1.0.5.tar.gz
Package handbrake: missing distfile handbrake/faad2-2.6.1.tar.gz
Package handbrake: missing distfile handbrake/lame-3.98.tar.gz
Package handbrake: missing distfile handbrake/libdvdread-0.9.7.tar.gz
Package handbrake: missing distfile handbrake/libmp4v2-r45.tar.gz
Package handbrake: missing distfile handbrake/libquicktime-0.9.10.tar.gz
Package handbrake: missing distfile handbrake/libtheora-1.0.tar.gz
Package handbrake: missing distfile handbrake/mpeg2dec-0.5.1.tar.gz
Package handbrake: missing distfile handbrake/x264-r1028-83baa7f.tar.gz
Package handbrake: missing distfile handbrake/zlib-1.2.3.tar.gz
Package libdvdcss: missing distfile libdvdcss-1.3.99.tar.bz2
Package mplayer-share: missing distfile mplayer/MPlayer-1.1.1.tar.xz
Package mpv: missing distfile mpv-0.12.0.tar.gz
Package realplayer-codecs: missing distfile rp8codecs-20040626.tar.bz2
Package realplayer-codecs: missing distfile rp8codecs-alpha-20050115.tar.bz2
Package win32-codecs: missing distfile rp9codecs-win32-20050115.tar.bz2
Package xanim: missing distfile xa2.0_cvid_netbsd386.o.gz
Package xanim: missing distfile xa2.0_iv32_netbsd386.o.gz
Package xanim: missing distfile xa1.0_cyuv_netbsd68k.o.gz
Package xanim: missing distfile xa2.0_cvid_linuxELF.o.gz
Package xanim: missing distfile xa2.0_iv32_linuxELF.o.gz
Package xanim: missing distfile xa1.0_cyuv_sparcAOUT.o.gz
Package xanim: missing distfile xa2.0_cvid_sparcELF.o.gz
Package xanim: missing distfile xa2.0_iv32_sparcELF.o.gz
Package xanim: missing distfile xa1.0_cyuv_linuxPPC.o.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
|
|
|
|
|
-
Implement workarounds for Adobe Flash bugs
Implement two workarounds:
1) Swap U and V planes to VdpVideoSurfacePutBitsYCbCr to fix blue-tinged
videos.
2) Disable VdpPresentationQueueSetBackgroundColor, so that Flash doesn't
set the background to pure black or pure white, which would cause the
VDPAU image to bleed through to other parts of the desktop with those
very common colors.
-
vdpau_wrapper.c: Track dynamic library handles and free them on exit
using __attribute__((destructor))
|
|
|
|
|
|
|
|
|
|
|
|
commands happen to be found.
|
|
Changes since 0.4:
vdpau.h: Clarify video mixer field amount recommendation
More doc issues pointed out by Xine authors.
* Fix Doxygen warning; it gets confused by quotes.
* Add subsection names, so part of the title doesn't get swallowed as the
subsection name.
* Document data required from MPEG-4 Part 2 & DivX bitstream.
vpdau.h: Fix typo and clarify wording.
|
|
|
|
The Video Decode and Presentation API for Unix (VDPAU) provides a complete
solution for decoding, post-processing, compositing, and displaying
compressed or uncompressed video streams. These video streams may be
combined (composited) with bitmap content, to implement OSDs and other
application user interfaces.
This VDPAU API allows video programs to offload portions of the video
decoding process and video post-processing to the GPU video-hardware.
|