Context Navigation

← Previous Ticket
Next Ticket →

#6880 closed enhancement (fixed)

libvdpau-1.1.1

Reported by:	Fernando de Oliveira	Owned by:	Fernando de Oliveira
Priority:	high	Milestone:	7.8
Component:	BOOK	Version:	SVN
Severity:	normal	Keywords:
Cc:

Description ¶

http://people.freedesktop.org/~aplattner/vdpau/libvdpau-1.1.1.tar.bz2

http://people.freedesktop.org/~aplattner/vdpau/libvdpau-1.1.1.tar.bz2.sig

CVE-2015-5198, CVE-2015-5199, and CVE-2015-5200

If you use the NVIDIA .run installer packages, please see https://devtalk.nvidia.com/default/topic/873035 for additional information.

http://lists.freedesktop.org/archives/vdpau/2015-August/000376.html

and

http://lists.freedesktop.org/archives/vdpau/2015-August/000377.html

MD5: 2fa0b05a4f4d06791eec83bc9c854d14 libvdpau-1.1.1.tar.bz2

[VDPAU] libvdpau 1.1.1
Aaron Plattner aplattner at nvidia.com
Mon Aug 31 14:16:33 PDT 2015

libvdpau versions 1.1 and earlier, when used in setuid or setgid
applications, contain vulnerabilities related to environment
variable handling that could allow an attacker to execute
arbitrary code or overwrite arbitrary files.  See CVE-2015-5198,
CVE-2015-5199, and CVE-2015-5200 for more details.

This release uses the secure_getenv() function, when available,
to fix these problems. On platforms where secure_getenv() is not
available, the VDPAU environment variables will not be honored by
the library.

If you use the NVIDIA .run installer packages, please see
https://devtalk.nvidia.com/default/topic/873035 for additional
information.

This release also adds tracing of HEVC picture structures to
libvdpau_trace.

Aaron Plattner (2):
      Remove pdflatex dependency
      Bump version to 1.1.1

Bibhuti Prusty (1):
      Add tracing for HEVC picture info

Emil Velikov (3):
      .gitignore: add compile
      configure.ac: remove AM_MAINTAINER_MODE
      autogen.sh: update/copy over from mesa

José Hiram Soltren (2):
      Fix Doxygen typo: s/no queued/not queued/
      Use secure_getenv(3) to improve security

Errata:

[VDPAU] libvdpau 1.1.1
Aaron Plattner aplattner at nvidia.com
Mon Aug 31 14:28:25 PDT 2015

On 08/31/2015 02:16 PM, Aaron Plattner wrote:
> On platforms where secure_getenv() is not available, the VDPAU
> environment variables will not be honored by the library.

Whoops, this is incorrect, sorry.  The updated libvdpau will
instead use a fallback implementation of secure_getenv() when the
platform doesn't provide one.

Change History (8)

comment:1 by Fernando de Oliveira, 10 years ago

Owner:	changed from blfs-book@… to Fernando de Oliveira
Status:	new → assigned

comment:2 by Fernando de Oliveira, 10 years ago

I'm stuck since yesterday with the test (yes, just one test):

=========================================
   libvdpau 1.1.1: test/test-suite.log
=========================================

# TOTAL: 1
# PASS:  0
# SKIP:  0
# XFAIL: 0
# FAIL:  1
# XPASS: 0
# ERROR: 0

.. contents:: :depth: 2

FAIL: dlclose
=============

Mismatch in the number of open file descriptors!
FAIL dlclose (exit status: 1)

The tests dowsn't do much, just compiles, links and runs dlclose. I couldn't identify what (if any) are the calling parameteres, but did everything by hand and executed ./dlclose and got exactly the same error message.

What is curious is that my first log of previous version 1.1 skipped that test, but now it does execute it with failure instead of skipping it:

libvdpau-1.1-make-k-check-2015.03.17-12h28m38s.log.xz:SKIP: dlclose
libvdpau-1.1-make-k-check-2015.09.02-09h54m33s.log.xz:FAIL: dlclose
libvdpau-1.1.1-make-k-check-2015.09.02-10h43m32s.log.xz:FAIL: dlclose

I'm tending to remove the test from the page, but problem could be just here. Please, can someone comment or perform the test, please? Or, if wished, take the ticket.

comment:3 by Fernando de Oliveira, 10 years ago

Summary:	libvdpau-1.1.1.tar.bz2 → libvdpau-1.1.1

comment:4 by bdubbs@…, 10 years ago

The test passes for me with the current book instructions:

make  dlclose
make[2]: Entering directory '/tmp/xdrivers/libvdpau/libvdpau-1.1.1/test'
gcc -DHAVE_CONFIG_H -I. -I..  -I../include   -g -O2 -MT dlclose.o -MD -MP -MF .deps/dlclose.Tpo -c -o dlclose.o dlclose.c
mv -f .deps/dlclose.Tpo .deps/dlclose.Po
/bin/sh ../libtool  --tag=CC   --mode=link gcc  -g -O2   -o dlclose dlclose.o -ldl -L/opt/xorg/lib -lX11  -lpthread 
libtool: link: gcc -g -O2 -o dlclose dlclose.o  -L/opt/xorg/lib /opt/xorg/lib/libX11.so /opt/xorg/lib/libxcb.so /opt/xorg/lib/libXau.so /opt/xorg/lib/libXdmcp.so -ldl -lpthread
make[2]: Leaving directory '/tmp/xdrivers/libvdpau/libvdpau-1.1.1/test'
make  check-TESTS
make[2]: Entering directory '/tmp/xdrivers/libvdpau/libvdpau-1.1.1/test'
make[3]: Entering directory '/tmp/xdrivers/libvdpau/libvdpau-1.1.1/test'
PASS: dlclose
============================================================================
Testsuite summary for libvdpau 1.1.1
============================================================================
# TOTAL: 1
# make  dlclose
make[2]: Entering directory '/tmp/xdrivers/libvdpau/libvdpau-1.1.1/test'
gcc -DHAVE_CONFIG_H -I. -I..  -I../include   -g -O2 -MT dlclose.o -MD -MP -MF .deps/dlclose.Tpo -c -o dlclose.o dlclose.c
mv -f .deps/dlclose.Tpo .deps/dlclose.Po
/bin/sh ../libtool  --tag=CC   --mode=link gcc  -g -O2   -o dlclose dlclose.o -ldl -L/opt/xorg/lib -lX11  -lpthread 
libtool: link: gcc -g -O2 -o dlclose dlclose.o  -L/opt/xorg/lib /opt/xorg/lib/libX11.so /opt/xorg/lib/libxcb.so /opt/xorg/lib/libXau.so /opt/xorg/lib/libXdmcp.so -ldl -lpthread
make[2]: Leaving directory '/tmp/xdrivers/libvdpau/libvdpau-1.1.1/test'
make  check-TESTS
make[2]: Entering directory '/tmp/xdrivers/libvdpau/libvdpau-1.1.1/test'
make[3]: Entering directory '/tmp/xdrivers/libvdpau/libvdpau-1.1.1/test'
PASS: dlclose
============================================================================
Testsuite summary for libvdpau 1.1.1
============================================================================
# TOTAL: 1
# PASS:  1
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0

comment:5 by Fernando de Oliveira, 10 years ago

OK, thanks, hence I will keep the test part as is. Actually, just some statistics change, in the update.

comment:6 by Fernando de Oliveira, 10 years ago

Owner:	changed from Fernando de Oliveira to blfs-book@…
Status:	assigned → new

I'm sorry, don't know what is happening. Earlier, got Performing 4.4-subscription-ops.test: FAIL. Trying to solve it, changed remote server, configurations, now it is worse:

Performing 4.2-cups-printer-ops.test: FAIL
Performing 4.3-job-ops.test: FAIL
Performing 4.4-subscription-ops.test: FAIL
}}

I am giving back all tickets, until I feel sure about what I am doing again.

Sorry for having delayed these updates.

comment:7 by Fernando de Oliveira, 10 years ago

Owner:	changed from blfs-book@… to Fernando de Oliveira
Status:	new → assigned

After reboot, cups-2.1.0 restored the initial behavior with

Performing 4.2-cups-printer-ops.test: PASS
Performing 4.3-job-ops.test: PASS
Performing 4.4-subscription-ops.test: FAIL
Performing ipp-2.1.test: PASS

Taking back the tickets. Hope to close them tomorrow.

comment:8 by Fernando de Oliveira, 10 years ago

Resolution:	→ fixed
Status:	assigned → closed

Fixed at r16368.

Note: See TracTickets for help on using tickets.

Download in other formats: