From owner-svn-ports-head@FreeBSD.ORG Sun Sep 16 09:24:15 2012 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E208A1065688; Sun, 16 Sep 2012 09:24:14 +0000 (UTC) (envelope-from danfe@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id CC1B78FC08; Sun, 16 Sep 2012 09:24:14 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q8G9OEZN050459; Sun, 16 Sep 2012 09:24:14 GMT (envelope-from danfe@svn.freebsd.org) Received: (from danfe@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q8G9OEh7050456; Sun, 16 Sep 2012 09:24:14 GMT (envelope-from danfe@svn.freebsd.org) Message-Id: <201209160924.q8G9OEh7050456@svn.freebsd.org> From: Alexey Dokuchaev Date: Sun, 16 Sep 2012 09:24:14 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r304337 - in head/x11/nvidia-driver: . files X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Sep 2012 09:24:15 -0000 Author: danfe Date: Sun Sep 16 09:24:14 2012 New Revision: 304337 URL: http://svn.freebsd.org/changeset/ports/304337 Log: - Revert patch for CVE-2012-0946 to its original form and apply both CVE patches when needed, for clarity's sake - Touch some comments in Makefile while here (purely cosmetic) Modified: head/x11/nvidia-driver/Makefile head/x11/nvidia-driver/files/security-patch-CVE-2012-0946 Modified: head/x11/nvidia-driver/Makefile ============================================================================== --- head/x11/nvidia-driver/Makefile Sun Sep 16 09:23:38 2012 (r304336) +++ head/x11/nvidia-driver/Makefile Sun Sep 16 09:24:14 2012 (r304337) @@ -64,11 +64,10 @@ EXTRA_PATCHES= ${FILESDIR}/legacy-patch- # Fix recent arbitrary memory access vulnerability in legacy drivers .if ${NVVERSION} <= 1905300 -. if ${NVVERSION} == 1731435 -EXTRA_PATCHES+= ${FILESDIR}/security-patch-CVE-2012-4225 -. else +. if ${NVVERSION} != 1731435 EXTRA_PATCHES+= ${FILESDIR}/security-patch-CVE-2012-0946 . endif +EXTRA_PATCHES+= ${FILESDIR}/security-patch-CVE-2012-4225 .endif OPTIONS= FREEBSD_AGP "Use FreeBSD AGP GART driver" off \ @@ -111,7 +110,7 @@ post-patch: .SILENT s/int nprot/&, vm_memattr_t *memattr/' \ ${WRKSRC}/src/nvidia_dev.c .endif -# Catch up legacy drivers with FreeBSD SVN r225617 +# Catch up legacy drivers with FreeBSD src SVN r225617 .if ${OSVERSION} > 900043 && ${NVVERSION} < 1952200 ${REINPLACE_CMD} -e '/return/s/ioctl/sys_&/' \ ${WRKSRC}/src/nvidia_linux.c @@ -135,7 +134,8 @@ post-patch: .SILENT .endif ${REINPLACE_CMD} -e '/exists/s/$$/ \&\& !defined(WITHOUT_LINUX)/' \ ${WRKSRC}/lib/Makefile -# Do not install VDPAU libraries, they are provided by `multimedia/libvdpau' +# Do not install VDPAU libraries which are provided by `multimedia/libvdpau' +# port for a while now .if ${NVVERSION} >= 1802900 ${REINPLACE_CMD} -e '/libvdpau[[:blank:]_][^n]/d ; \ s/name libvdpau/&_nvidia/' ${WRKSRC}/lib/Makefile @@ -158,7 +158,8 @@ post-patch: .SILENT ${WRKSRC}/x11/extension/Makefile ${REINPLACE_CMD} -e '/LIBDIR/s:lib:&/.nvidia:' \ ${WRKSRC}/lib/libGL/Makefile -# Do not execute afterinstall target (prevent automatic module registration) +# Do not execute afterinstall target (prevent automatic module registration +# and "smart" installation of conflicting files heuristics) ${REINPLACE_CMD} -e 's/afterinstall/dontexecute/' ${WRKSRC}/Makefile ${REINPLACE_CMD} -e 's/beforeinstall/dontexecute/' \ ${WRKSRC}/lib/Makefile ${WRKSRC}/src/Makefile Modified: head/x11/nvidia-driver/files/security-patch-CVE-2012-0946 ============================================================================== --- head/x11/nvidia-driver/files/security-patch-CVE-2012-0946 Sun Sep 16 09:23:38 2012 (r304336) +++ head/x11/nvidia-driver/files/security-patch-CVE-2012-0946 Sun Sep 16 09:24:14 2012 (r304337) @@ -1,6 +1,6 @@ --- src/nv.h.orig 2011-07-14 02:51:53.000000000 +0800 +++ src/nv.h 2012-05-10 18:15:51.000000000 +0800 -@@ -364,6 +364,27 @@ +@@ -364,6 +364,14 @@ ((offset) >= (nv)->agp.address) && \ (((offset) + ((length)-1)) <= (nv)->agp.address + ((nv)->agp.size-1))) @@ -10,20 +10,7 @@ + +#define IS_BLACKLISTED_REG_OFFSET(nv, offset, length) \ + ((IS_REG_RANGE_WITHIN_MAPPING(nv, 0x1000, 0x1000, offset, length)) ||\ -+ (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x84000, 0x1000, offset, length)) ||\ -+ (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x85000, 0x1000, offset, length)) ||\ -+ (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x86000, 0x1000, offset, length)) ||\ -+ (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x87000, 0x1000, offset, length)) ||\ -+ (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x89000, 0x1000, offset, length)) ||\ -+ (IS_REG_RANGE_WITHIN_MAPPING(nv, 0xa0000, 0x20000, offset, length)) ||\ -+ (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x104000, 0x1000, offset, length)) ||\ -+ (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x105000, 0x1000, offset, length)) ||\ -+ (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x10a000, 0x1000, offset, length)) ||\ -+ (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x1c2000, 0x1000, offset, length)) ||\ -+ (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x1c3000, 0x1000, offset, length)) ||\ -+ (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x618000, 0x2000, offset, length)) ||\ -+ (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x627000, 0x1000, offset, length)) ||\ -+ (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x700000, 0x100000, offset, length))) ++ (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x700000, 0x100000, offset, length))) + /* duplicated from nvos.h for external builds */ #ifndef NVOS_AGP_CONFIG_DISABLE_AGP