svn commit: r304134 - in head/x11: nvidia-driver nvidia-driver-173 nvidia-driver-71 nvidia-driver-96 nvidia-driver/files

Alexey Dokuchaev danfe at FreeBSD.org
Wed Sep 12 07:14:35 UTC 2012


Author: danfe
Date: Wed Sep 12 07:14:34 2012
New Revision: 304134
URL: http://svn.freebsd.org/changeset/ports/304134

Log:
  - Update legacy 173.14.xx series driver to version 173.14.35 and provide a
    patch for CVE-2012-4225 for this version
  - Augment security patch for CVE-2012-0946 to cover CVE-2012-4225 as well
    for the benefit of really old legacy drivers

Added:
  head/x11/nvidia-driver/files/security-patch-CVE-2012-4225   (contents, props changed)
Modified:
  head/x11/nvidia-driver-173/Makefile
  head/x11/nvidia-driver-71/Makefile
  head/x11/nvidia-driver-96/Makefile
  head/x11/nvidia-driver/Makefile
  head/x11/nvidia-driver/distinfo
  head/x11/nvidia-driver/files/security-patch-CVE-2012-0946

Modified: head/x11/nvidia-driver-173/Makefile
==============================================================================
--- head/x11/nvidia-driver-173/Makefile	Wed Sep 12 05:40:36 2012	(r304133)
+++ head/x11/nvidia-driver-173/Makefile	Wed Sep 12 07:14:34 2012	(r304134)
@@ -5,8 +5,7 @@
 # $FreeBSD$
 #
 
-DISTVERSION=	173.14.31
-PORTREVISION=	2
+DISTVERSION=	173.14.35
 
 MASTERDIR=	${.CURDIR}/../nvidia-driver
 NO_LATEST_LINK=	yes

Modified: head/x11/nvidia-driver-71/Makefile
==============================================================================
--- head/x11/nvidia-driver-71/Makefile	Wed Sep 12 05:40:36 2012	(r304133)
+++ head/x11/nvidia-driver-71/Makefile	Wed Sep 12 07:14:34 2012	(r304134)
@@ -6,7 +6,7 @@
 #
 
 DISTVERSION=	71.86.15
-PORTREVISION=	1
+PORTREVISION=	2
 
 MASTERDIR=	${.CURDIR}/../nvidia-driver
 NO_LATEST_LINK=	yes

Modified: head/x11/nvidia-driver-96/Makefile
==============================================================================
--- head/x11/nvidia-driver-96/Makefile	Wed Sep 12 05:40:36 2012	(r304133)
+++ head/x11/nvidia-driver-96/Makefile	Wed Sep 12 07:14:34 2012	(r304134)
@@ -6,7 +6,7 @@
 #
 
 DISTVERSION=	96.43.20
-PORTREVISION=	1
+PORTREVISION=	2
 
 MASTERDIR=	${.CURDIR}/../nvidia-driver
 NO_LATEST_LINK=	yes

Modified: head/x11/nvidia-driver/Makefile
==============================================================================
--- head/x11/nvidia-driver/Makefile	Wed Sep 12 05:40:36 2012	(r304133)
+++ head/x11/nvidia-driver/Makefile	Wed Sep 12 07:14:34 2012	(r304134)
@@ -64,7 +64,11 @@ EXTRA_PATCHES=	${FILESDIR}/legacy-patch-
 
 # Fix recent arbitrary memory access vulnerability in legacy drivers
 .if ${NVVERSION} <= 1905300
+. if ${NVVERSION} == 1731435
+EXTRA_PATCHES+=	${FILESDIR}/security-patch-CVE-2012-4225
+. else
 EXTRA_PATCHES+=	${FILESDIR}/security-patch-CVE-2012-0946
+. endif
 .endif
 
 OPTIONS=	FREEBSD_AGP	"Use FreeBSD AGP GART driver" off \

Modified: head/x11/nvidia-driver/distinfo
==============================================================================
--- head/x11/nvidia-driver/distinfo	Wed Sep 12 05:40:36 2012	(r304133)
+++ head/x11/nvidia-driver/distinfo	Wed Sep 12 07:14:34 2012	(r304134)
@@ -2,8 +2,8 @@ SHA256 (NVIDIA-FreeBSD-x86_64-295.71.tar
 SIZE (NVIDIA-FreeBSD-x86_64-295.71.tar.gz) = 33058244
 SHA256 (NVIDIA-FreeBSD-x86-295.71.tar.gz) = 6cc7f25c3b49d3ac2d2cdc2d84e4f0417d51115110bee159de2cc53d7f9ef049
 SIZE (NVIDIA-FreeBSD-x86-295.71.tar.gz) = 32098813
-SHA256 (NVIDIA-FreeBSD-x86-173.14.31.tar.gz) = 98699bc8dc1dad86cebc2ed067b4fc5cd37b8540e897bb218f38ac80c4b4d875
-SIZE (NVIDIA-FreeBSD-x86-173.14.31.tar.gz) = 17991684
+SHA256 (NVIDIA-FreeBSD-x86-173.14.35.tar.gz) = 51e82a12db81b5af4ae5ee59612875c0dbef52cb641d61a44c72f2e1cd7f4c78
+SIZE (NVIDIA-FreeBSD-x86-173.14.35.tar.gz) = 18748428
 SHA256 (NVIDIA-FreeBSD-x86-96.43.20.tar.gz) = e75fce272e72644d53e6ad3c0957fe173735a4b621726ce227ba8ecf9bd9c5cf
 SIZE (NVIDIA-FreeBSD-x86-96.43.20.tar.gz) = 14060884
 SHA256 (NVIDIA-FreeBSD-x86-71.86.15.tar.gz) = 7be5ba641eabaa96a068e147a1dd5d75aadc10575bb1d2c6e8529cd423438168

Modified: head/x11/nvidia-driver/files/security-patch-CVE-2012-0946
==============================================================================
--- head/x11/nvidia-driver/files/security-patch-CVE-2012-0946	Wed Sep 12 05:40:36 2012	(r304133)
+++ head/x11/nvidia-driver/files/security-patch-CVE-2012-0946	Wed Sep 12 07:14:34 2012	(r304134)
@@ -1,6 +1,6 @@
 --- src/nv.h.orig	2011-07-14 02:51:53.000000000 +0800
 +++ src/nv.h	2012-05-10 18:15:51.000000000 +0800
-@@ -364,6 +364,14 @@
+@@ -364,6 +364,27 @@
               ((offset) >= (nv)->agp.address) &&                                \
               (((offset) + ((length)-1)) <= (nv)->agp.address + ((nv)->agp.size-1)))
  
@@ -10,7 +10,20 @@
 +
 +#define IS_BLACKLISTED_REG_OFFSET(nv, offset, length)                          \
 +             ((IS_REG_RANGE_WITHIN_MAPPING(nv, 0x1000, 0x1000, offset, length)) ||\
-+             (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x700000, 0x100000, offset, length)))
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x84000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x85000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x86000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x87000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x89000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0xa0000, 0x20000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x104000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x105000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x10a000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x1c2000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x1c3000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x618000, 0x2000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x627000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x700000, 0x100000, offset, length)))
 +
  /* duplicated from nvos.h for external builds */
  #ifndef NVOS_AGP_CONFIG_DISABLE_AGP

Added: head/x11/nvidia-driver/files/security-patch-CVE-2012-4225
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/x11/nvidia-driver/files/security-patch-CVE-2012-4225	Wed Sep 12 07:14:34 2012	(r304134)
@@ -0,0 +1,24 @@
+--- src/nv.h.orig	2012-08-02 18:19:37.000000000 -0700
++++ src/nv.h 2012-08-02 18:19:37.000000000 -0700
+@@ -436,7 +436,20 @@
+ 
+ #define IS_BLACKLISTED_REG_OFFSET(nv, offset, length)                          \
+              ((IS_REG_RANGE_WITHIN_MAPPING(nv, 0x1000, 0x1000, offset, length)) ||\
+-             (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x700000, 0x100000, offset, length)))
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x84000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x85000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x86000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x87000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x89000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0xa0000, 0x20000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x104000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x105000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x10a000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x1c2000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x1c3000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x618000, 0x2000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x627000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x700000, 0x100000, offset, length)))
+ 
+ /* duplicated from nvos.h for external builds */
+ #ifndef NVOS_AGP_CONFIG_DISABLE_AGP



More information about the svn-ports-all mailing list