diff options
-rw-r--r-- | x11/nvidia-driver-173/Makefile | 1 | ||||
-rw-r--r-- | x11/nvidia-driver/Makefile | 4 | ||||
-rw-r--r-- | x11/nvidia-driver/files/security-patch-CVE-2012-0946 | 28 |
3 files changed, 33 insertions, 0 deletions
diff --git a/x11/nvidia-driver-173/Makefile b/x11/nvidia-driver-173/Makefile index e764fe98cfd2..3bf2ef5c32cb 100644 --- a/x11/nvidia-driver-173/Makefile +++ b/x11/nvidia-driver-173/Makefile @@ -6,6 +6,7 @@ # DISTVERSION= 173.14.31 +PORTREVISION= 1 MASTERDIR= ${.CURDIR}/../nvidia-driver NO_LATEST_LINK= yes diff --git a/x11/nvidia-driver/Makefile b/x11/nvidia-driver/Makefile index e084ad371d0f..4fb0ec1b851e 100644 --- a/x11/nvidia-driver/Makefile +++ b/x11/nvidia-driver/Makefile @@ -61,6 +61,10 @@ MASTER_SITE_SUBDIR= freebsd/${DISTVERSION} ONLY_FOR_ARCHS= i386 .endif +.if ${NVVERSION} <= 1905300 +EXTRA_PATCHES= ${PATCHDIR}/security-patch-CVE-2012-0946 +.endif + OPTIONS= FREEBSD_AGP "Use FreeBSD AGP GART driver" off \ ACPI_PM "Enable support for ACPI Power Management" off \ LINUX "Build with support for Linux compatibility" on diff --git a/x11/nvidia-driver/files/security-patch-CVE-2012-0946 b/x11/nvidia-driver/files/security-patch-CVE-2012-0946 new file mode 100644 index 000000000000..86e7dce9936b --- /dev/null +++ b/x11/nvidia-driver/files/security-patch-CVE-2012-0946 @@ -0,0 +1,28 @@ +--- src/nv.h.orig 2011-07-14 02:51:53.000000000 +0800 ++++ src/nv.h 2012-05-10 18:15:51.000000000 +0800 +@@ -364,6 +364,14 @@ + ((offset) >= (nv)->agp.address) && \ + (((offset) + ((length)-1)) <= (nv)->agp.address + ((nv)->agp.size-1))) + ++#define IS_REG_RANGE_WITHIN_MAPPING(nv, roffset, rlength, moffset, mlength) \ ++ (((moffset) <= ((nv)->regs->address + ((roffset) + (rlength)-1))) &&\ ++ (((moffset) + (mlength)-1) >= ((nv)->regs->address + (roffset)))) ++ ++#define IS_BLACKLISTED_REG_OFFSET(nv, offset, length) \ ++ ((IS_REG_RANGE_WITHIN_MAPPING(nv, 0x1000, 0x1000, offset, length)) ||\ ++ (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x700000, 0x100000, offset, length))) ++ + /* duplicated from nvos.h for external builds */ + #ifndef NVOS_AGP_CONFIG_DISABLE_AGP + # define NVOS_AGP_CONFIG_DISABLE_AGP (0x00000000) +--- src/nvidia_subr.c.orig 2012-05-10 18:09:01.000000000 +0800 ++++ src/nvidia_subr.c 2012-05-10 18:13:41.000000000 +0800 +@@ -1464,6 +1464,8 @@ + } + + if (IS_REG_OFFSET(nv, offset, PAGE_SIZE)) { ++ if (IS_BLACKLISTED_REG_OFFSET(nv, offset, PAGE_SIZE)) ++ return -1; + *physical = offset; + return 0; + } |