diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3070f5b --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/libvdpau-1.1.tar.bz2 diff --git a/.libvdpau.metadata b/.libvdpau.metadata new file mode 100644 index 0000000..bba2640 --- /dev/null +++ b/.libvdpau.metadata @@ -0,0 +1 @@ +dad18f0c70a0f2ba18aa9654ac6a83ec6e00ccd6 SOURCES/libvdpau-1.1.tar.bz2 diff --git a/README.md b/README.md deleted file mode 100644 index 98f42b4..0000000 --- a/README.md +++ /dev/null @@ -1,4 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/Use-secure_getenv-3-to-improve-security.patch b/SOURCES/Use-secure_getenv-3-to-improve-security.patch new file mode 100644 index 0000000..566acd0 --- /dev/null +++ b/SOURCES/Use-secure_getenv-3-to-improve-security.patch @@ -0,0 +1,260 @@ +From a7b5a5b8a1d7bbee50a4a82c0a2e3be4186c486b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Hiram=20Soltren?= +Date: Mon, 17 Aug 2015 16:01:44 -0500 +Subject: [PATCH] Use secure_getenv(3) to improve security + +This patch is in response to the following security vulnerabilities +(CVEs) reported to NVIDIA against libvdpau: + +CVE-2015-5198 +CVE-2015-5199 +CVE-2015-5200 + +To address these CVEs, this patch: + +- replaces all uses of getenv(3) with secure_getenv(3); +- uses secure_getenv(3) when available, with a fallback option; +- protects VDPAU_DRIVER against directory traversal by checking for '/' + +On platforms where secure_getenv(3) is not available, the C preprocessor +will print a warning at compile time. Then, a preprocessor macro will +replace secure_getenv(3) with our getenv_wrapper(), which utilizes the check: + + getuid() == geteuid() && getgid() == getegid() + +See getuid(2) and getgid(2) for further details. + +NVIDIA internal bug ID 1675564 +--- + configure.ac | 4 ++++ + src/Makefile.am | 1 + + src/mesa_dri2.c | 6 ++++-- + src/util.h | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ + src/vdpau_wrapper.c | 28 ++++++++++++++++------------ + trace/vdpau_trace.cpp | 8 +++++--- + 6 files changed, 79 insertions(+), 17 deletions(-) + create mode 100644 src/util.h + +diff --git a/configure.ac b/configure.ac +index f1f6229..4422961 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -5,6 +5,10 @@ AM_INIT_AUTOMAKE([dist-bzip2 foreign]) + + AC_CONFIG_HEADERS(config.h) + ++# Check for secure_getenv ++AC_USE_SYSTEM_EXTENSIONS ++AC_CHECK_FUNCS([__secure_getenv secure_getenv]) ++ + # Disable static libraries by default. Use --enable-static if you really want + # them. + AC_DISABLE_STATIC +diff --git a/src/Makefile.am b/src/Makefile.am +index 0ce8460..8d28bb4 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -9,6 +9,7 @@ lib_LTLIBRARIES = libvdpau.la + + libvdpau_la_SOURCES = \ + vdpau_wrapper.c \ ++ util.h \ + $(DRI2_SOURCES) + + if DRI2 +diff --git a/src/mesa_dri2.c b/src/mesa_dri2.c +index 5f7146a..51e8794 100644 +--- a/src/mesa_dri2.c ++++ b/src/mesa_dri2.c +@@ -1,6 +1,6 @@ + /* + * Copyright © 2008 Red Hat, Inc. +- * Copyright © 2010 NVIDIA Corporation ++ * Copyright © 2010-2015 NVIDIA Corporation + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the "Soft- +@@ -30,6 +30,7 @@ + * Authors: + * Kristian Høgsberg (krh@redhat.com) + * Modified for VDPAU by Aaron Plattner (aplattner@nvidia.com) ++ * and José Hiram Soltren (jsoltren@nvidia.com) + */ + + +@@ -39,6 +40,7 @@ + #include + #include + #include "mesa_dri2.h" ++#include "util.h" + + static char dri2ExtensionName[] = DRI2_NAME; + static XExtensionInfo *dri2Info; +@@ -130,7 +132,7 @@ _vdp_DRI2Connect(Display * dpy, XID window, char **driverName, char **deviceName + req->driverType = DRI2DriverVDPAU; + #ifdef DRI2DriverPrimeShift + { +- char *prime = getenv("DRI_PRIME"); ++ char *prime = secure_getenv("DRI_PRIME"); + if (prime) { + unsigned int primeid; + errno = 0; +diff --git a/src/util.h b/src/util.h +new file mode 100644 +index 0000000..7bc62fe +--- /dev/null ++++ b/src/util.h +@@ -0,0 +1,49 @@ ++/* ++ * Copyright (c) 2015 NVIDIA, Corporation ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to deal ++ * in the Software without restriction, including without limitation the rights ++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ * copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice (including the next ++ * paragraph) shall be included in all copies or substantial portions of the ++ * Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE ++ * SOFTWARE. ++ */ ++ ++#ifdef HAVE_CONFIG_H ++#include "config.h" ++#endif ++ ++#include ++#include ++ ++static char * getenv_wrapper(const char *name) ++{ ++ if(getuid() == geteuid() && getgid() == getegid()) { ++ return getenv(name); ++ } ++ else { ++ return NULL; ++ } ++} ++ ++#ifndef HAVE_SECURE_GETENV ++# ifdef HAVE___SECURE_GETENV ++# define secure_getenv __secure_getenv ++# else ++# warning Neither secure_getenv nor __secure_getenv is available. ++# define secure_getenv getenv_wrapper ++# endif ++#endif ++ +diff --git a/src/vdpau_wrapper.c b/src/vdpau_wrapper.c +index 8efbd39..1daaacd 100644 +--- a/src/vdpau_wrapper.c ++++ b/src/vdpau_wrapper.c +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2008-2009 NVIDIA, Corporation ++ * Copyright (c) 2008-2015 NVIDIA, Corporation + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal +@@ -37,6 +37,7 @@ + #include "mesa_dri2.h" + #include + #endif ++#include "util.h" + + typedef void SetDllHandle( + void * driver_dll_handle +@@ -117,7 +118,12 @@ static VdpStatus _vdp_open_driver( + char const * vdpau_trace; + char const * func_name; + +- vdpau_driver = getenv("VDPAU_DRIVER"); ++ vdpau_driver = secure_getenv("VDPAU_DRIVER"); ++ if (vdpau_driver) { ++ if (strchr(vdpau_driver, '/')) { ++ vdpau_driver = NULL; ++ } ++ } + if (!vdpau_driver) { + vdpau_driver = vdpau_driver_dri2 = + _vdp_get_driver_name_from_dri2(display, screen); +@@ -126,15 +132,13 @@ static VdpStatus _vdp_open_driver( + vdpau_driver = "nvidia"; + } + +- if (geteuid() == getuid()) { +- /* don't allow setuid apps to use VDPAU_DRIVER_PATH */ +- vdpau_driver_path = getenv("VDPAU_DRIVER_PATH"); +- if (vdpau_driver_path && +- snprintf(vdpau_driver_lib, sizeof(vdpau_driver_lib), +- DRIVER_LIB_FORMAT, vdpau_driver_path, vdpau_driver) < +- sizeof(vdpau_driver_lib)) { +- _vdp_driver_dll = dlopen(vdpau_driver_lib, RTLD_NOW | RTLD_GLOBAL); +- } ++ /* Don't allow setuid apps to use VDPAU_DRIVER_PATH */ ++ vdpau_driver_path = secure_getenv("VDPAU_DRIVER_PATH"); ++ if (vdpau_driver_path && ++ snprintf(vdpau_driver_lib, sizeof(vdpau_driver_lib), ++ DRIVER_LIB_FORMAT, vdpau_driver_path, vdpau_driver) < ++ sizeof(vdpau_driver_lib)) { ++ _vdp_driver_dll = dlopen(vdpau_driver_lib, RTLD_NOW | RTLD_GLOBAL); + } + + /* Fallback to VDPAU_MODULEDIR when VDPAU_DRIVER_PATH is not set, +@@ -177,7 +181,7 @@ static VdpStatus _vdp_open_driver( + + _vdp_backend_dll = _vdp_driver_dll; + +- vdpau_trace = getenv("VDPAU_TRACE"); ++ vdpau_trace = secure_getenv("VDPAU_TRACE"); + if (vdpau_trace && atoi(vdpau_trace)) { + SetDllHandle * set_dll_handle; + +diff --git a/trace/vdpau_trace.cpp b/trace/vdpau_trace.cpp +index 6e204b8..2c3e8c5 100644 +--- a/trace/vdpau_trace.cpp ++++ b/trace/vdpau_trace.cpp +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2008-2009 NVIDIA, Corporation ++ * Copyright (c) 2008-2015 NVIDIA, Corporation + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal +@@ -31,6 +31,8 @@ + #include + #include + ++#include "../src/util.h" ++ + #define _VDP_TRACE_ARSIZE(_x_) ((sizeof (_x_)) / (sizeof ((_x_)[0]))) + + #if DEBUG +@@ -4795,13 +4797,13 @@ VdpStatus vdp_trace_device_create_x11( + } + else { + _vdp_cap_data.level = 0; +- char const * vdpau_trace = getenv("VDPAU_TRACE"); ++ char const * vdpau_trace = secure_getenv("VDPAU_TRACE"); + if (vdpau_trace) { + _vdp_cap_data.level = atoi(vdpau_trace); + } + + _vdp_cap_data.fp = 0; +- char const * vdpau_trace_file = getenv("VDPAU_TRACE_FILE"); ++ char const * vdpau_trace_file = secure_getenv("VDPAU_TRACE_FILE"); + if (vdpau_trace_file && strlen(vdpau_trace_file)) { + if (vdpau_trace_file[0] == '&') { + int fd = atoi(&vdpau_trace_file[1]); +-- +1.7.10.4 + diff --git a/SPECS/libvdpau.spec b/SPECS/libvdpau.spec new file mode 100644 index 0000000..d7faf72 --- /dev/null +++ b/SPECS/libvdpau.spec @@ -0,0 +1,171 @@ +Name: libvdpau +Version: 1.1 +Release: 2%{?dist} +Summary: Wrapper library for the Video Decode and Presentation API +License: MIT +URL: http://freedesktop.org/wiki/Software/VDPAU +Source0: http://cgit.freedesktop.org/~aplattner/%{name}/snapshot/%{name}-%{version}.tar.bz2 + +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: doxygen +BuildRequires: graphviz +BuildRequires: libtool +BuildRequires: libX11-devel +BuildRequires: libXext-devel +%if 0%{?fedora} >= 18 || 0%{?rhel} >= 7 +BuildRequires: tex(latex) +%else +BuildRequires: tetex-latex +%endif +BuildRequires: xorg-x11-proto-devel + +Patch0: Use-secure_getenv-3-to-improve-security.patch + +%description +VDPAU is the Video Decode and Presentation API for UNIX. It provides an +interface to video decode acceleration and presentation hardware present in +modern GPUs. + +%package docs +Summary: Documentation for %{name} +BuildArch: noarch +Provides: libvdpau-docs = %{version}-%{release} +Obsoletes: libvdpau-docs < 0.6-2 + +%description docs +The %{name}-docs package contains documentation for %{name}. + +%package devel +Summary: Development files for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: libX11-devel +Requires: pkgconfig + +%description devel +The %{name}-devel package contains libraries and header files for developing +applications that use %{name}. + +%prep +%setup -q +%patch0 -p1 -b .cve20155198-5199-5200 + +%build +autoreconf -vif +%configure --disable-static +make %{?_smp_mflags} + +%install +make install DESTDIR=%{buildroot} INSTALL="install -p" +find %{buildroot} -name '*.la' -delete +# Let %%doc macro create the correct location in the rpm file, creates a +# versioned docdir in <= f19 and an unversioned docdir in >= f20. +rm -fr %{buildroot}%{_docdir} +mv doc/html-out html + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%files +%doc AUTHORS COPYING +%config(noreplace) %{_sysconfdir}/vdpau_wrapper.cfg +%{_libdir}/*.so.* +%dir %{_libdir}/vdpau +%{_libdir}/vdpau/%{name}_trace.so* + +%files docs +%doc html + +%files devel +%{_includedir}/vdpau/ +%{_libdir}/%{name}.so +%{_libdir}/pkgconfig/vdpau.pc + +%changelog +* Thu Aug 27 2015 Benjamin Tissoires 1.1-2 +- Resolves rhbz #1253829 - fix 3 CVEs: + - CVE-2015-5198: libvdpau incorrect check for security transition + - CVE-2015-5199: libvdpau directory traversal in dlopen + - CVE-2015-5200: libvdpau vulnerability in trace functionality + +* Tue Mar 17 2015 Nicolas Chauvet - 1.1-1 +- Update to 1.1 + +* Tue Mar 10 2015 Nicolas Chauvet - 1.0-1 +- Update to 1.0 + +* Fri Dec 19 2014 Nicolas Chauvet - 0.9-1 +- Update to 0.9 + +* Sun Aug 17 2014 Fedora Release Engineering - 0.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Thu Jul 03 2014 Nicolas Chauvet - 0.8-1 +- Update to 0.8 + +* Sat Jun 07 2014 Fedora Release Engineering - 0.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sat Aug 03 2013 Simone Caronni - 0.7-1 +- Update to 0.7; adds prime support. + +* Wed Jul 31 2013 Simone Caronni - 0.6-2 +- Enable documentation by default. +- Clean up spec file a bit; remove el5 tags. +- Let %%doc find the proper location for the documentation. + +* Mon Feb 04 2013 Nicolas Chauvet - 0.6-1 +- Update to 0.6 + +* Wed Sep 05 2012 Nicolas Chauvet - 0.5-1 +- Update to 0.5 + +* Sun Aug 19 2012 Julian Sikorski - 0.4.1-9 +- Added flash workarounds + +* Thu Jul 19 2012 Fedora Release Engineering - 0.4.1-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Wed Apr 25 2012 Nicolas Chauvet - 0.4.1-7 +- Fetch current backport + +* Fri Jan 13 2012 Fedora Release Engineering - 0.4.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Feb 08 2011 Fedora Release Engineering - 0.4.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Fri Dec 10 2010 Nicolas Chauvet - 0.4.1-3 +- Rebuilt for gcc bug 634757 + +* Sun Sep 12 2010 Nicolas Chauvet - 0.4.1-1 +- Update to 0.4.1 + +* Sat Mar 13 2010 Nicolas Chauvet - 0.4-1 +- Update to 0.4 + +* Sun Nov 22 2009 kwizart < kwizart at gmail.com > - 0.3-1 +- Update to 0.3 +- Create docs sub-package +- Allow --without docs conditional + +* Thu Sep 17 2009 kwizart < kwizart at gmail.com > - 0.2-1 +- Update to 0.2 +- Disable ExclusiveArch + +* Mon Sep 7 2009 kwizart < kwizart at gmail.com > - 0.1-0.6.20090904git +- Update to gitdate 20090904git + +* Wed Sep 2 2009 kwizart < kwizart at gmail.com > - 0.1-0.5git20090902 +- Update to gitdate 20090902 with merged patches + +* Mon Jun 15 2009 kwizart < kwizart at gmail.com > - 0.1-0.3git20090318 +- Add missing -ldl at link time + +* Sun Mar 22 2009 kwizart < kwizart at gmail.com > - 0.1-0.2git20090318 +- Backport fix thread_2 + +* Fri Mar 6 2009 kwizart < kwizart at gmail.com > - 0.1-0.1git20090318 +- Initial spec file +