From 3c0ea2b4adf42f3a8a3de0b7e9e1991d4fcb357452225cae0643fdbba7f557ec Mon Sep 17 00:00:00 2001
From: Stefan Dirsch <sndirsch@suse.com>
Date: Tue, 1 Sep 2015 14:09:23 +0000
Subject: [PATCH] - Update libvdpau to version 1.1.1   libvdpau versions 1.1
 and earlier, when used in setuid or setgid   applications, contain
 vulnerabilities related to environment   variable handling that could allow
 an attacker to execute   arbitrary code or overwrite arbitrary files.  See
 CVE-2015-5198,   CVE-2015-5199, and CVE-2015-5200 for more details.   This
 release uses the secure_getenv() function, when available,   to fix these
 problems. The updated libvdpau will instead use a   fallback implementation
 of secure_getenv() when the platform   doesn't provide one.   If you use the
 NVIDIA .run installer packages, please see  
 https://devtalk.nvidia.com/default/topic/873035 for additional   information.
   This release also adds tracing of HEVC picture structures to  
 libvdpau_trace. - supersedes patch: libvdpau-nopdftex.patch

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/libvdpau?expand=0&rev=4
---
 libvdpau-1.1.1.tar.bz2  |  3 +++
 libvdpau-1.1.tar.bz2    |  3 ---
 libvdpau-nopdftex.patch | 28 ----------------------------
 libvdpau.changes        | 23 +++++++++++++++++++++++
 libvdpau.spec           |  5 +----
 5 files changed, 27 insertions(+), 35 deletions(-)
 create mode 100644 libvdpau-1.1.1.tar.bz2
 delete mode 100644 libvdpau-1.1.tar.bz2
 delete mode 100644 libvdpau-nopdftex.patch

diff --git a/libvdpau-1.1.1.tar.bz2 b/libvdpau-1.1.1.tar.bz2
new file mode 100644
index 0000000..4c776f6
--- /dev/null
+++ b/libvdpau-1.1.1.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:857a01932609225b9a3a5bf222b85e39b55c08787d0ad427dbd9ec033d58d736
+size 429576
diff --git a/libvdpau-1.1.tar.bz2 b/libvdpau-1.1.tar.bz2
deleted file mode 100644
index 3600e83..0000000
--- a/libvdpau-1.1.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:59c8bcfead6410d12284f1dc11ee919d3b11a684424597ba8961211ad8fdf34c
-size 424233
diff --git a/libvdpau-nopdftex.patch b/libvdpau-nopdftex.patch
deleted file mode 100644
index c7ccdb1..0000000
--- a/libvdpau-nopdftex.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-diff -ur libvdpau-0.9.orig/configure.ac libvdpau-0.9/configure.ac
---- libvdpau-0.9.orig/configure.ac	2014-12-19 18:32:57.000000000 +0100
-+++ libvdpau-0.9/configure.ac	2014-12-23 09:09:51.170774748 +0100
-@@ -56,11 +56,9 @@
- if test "x$DOCS" != xno; then
-     AC_CHECK_TOOL([DOXYGEN], [doxygen], [no])
-     AC_CHECK_TOOL([DOT], [dot], [no])
--    AC_CHECK_TOOL([PDFTEX], [pdftex], [no])
- else
-     DOXYGEN=no
-     DOT=no
--    PDFTEX=no
- fi
- if test "x$DOCS" = xyes; then
-     if test "x$DOXYGEN" = xno; then
-@@ -69,11 +67,8 @@
-     if test "x$DOT" = xno; then
-         AC_ERROR([Documentation enabled but dot was not found in your path.  Please install graphviz])
-     fi
--    if test "x$PDFTEX" = xno; then
--        AC_ERROR([Documentation enabled but pdftex was not found in your path])
--    fi
- fi
--AM_CONDITIONAL([ENABLE_DOCS], [test "x$DOXYGEN" != xno -a "x$DOT" != xno -a "x$PDFTEX" != xno])
-+AM_CONDITIONAL([ENABLE_DOCS], [test "x$DOXYGEN" != xno -a "x$DOT" != xno])
- AC_SUBST(DOXYGEN)
- 
- # Options
diff --git a/libvdpau.changes b/libvdpau.changes
index 741a84a..27ec783 100644
--- a/libvdpau.changes
+++ b/libvdpau.changes
@@ -1,3 +1,26 @@
+-------------------------------------------------------------------
+Tue Sep  1 14:02:11 UTC 2015 - sndirsch@suse.com
+
+- Update libvdpau to version 1.1.1
+  libvdpau versions 1.1 and earlier, when used in setuid or setgid
+  applications, contain vulnerabilities related to environment
+  variable handling that could allow an attacker to execute
+  arbitrary code or overwrite arbitrary files.  See CVE-2015-5198,
+  CVE-2015-5199, and CVE-2015-5200 for more details.
+
+  This release uses the secure_getenv() function, when available,
+  to fix these problems. The updated libvdpau will instead use a
+  fallback implementation of secure_getenv() when the platform
+  doesn't provide one.
+
+  If you use the NVIDIA .run installer packages, please see
+  https://devtalk.nvidia.com/default/topic/873035 for additional
+  information.
+
+  This release also adds tracing of HEVC picture structures to
+  libvdpau_trace.
+- supersedes patch: libvdpau-nopdftex.patch
+
 -------------------------------------------------------------------
 Tue Mar 17 08:38:21 UTC 2015 - sndirsch@suse.com
 
diff --git a/libvdpau.spec b/libvdpau.spec
index c47f973..053c697 100644
--- a/libvdpau.spec
+++ b/libvdpau.spec
@@ -17,7 +17,7 @@
 
 
 Name:           libvdpau
-Version:        1.1
+Version:        1.1.1
 Release:        0
 Summary:        VDPAU wrapper and trace libraries
 License:        MIT
@@ -28,8 +28,6 @@ Source1:        http://people.freedesktop.org/~aplattner/vdpau/vdpauinfo-1.0.tar
 Source2:        README
 Source99:       baselibs.conf
 Source100:      %{name}-rpmlintrc
-# PATCH-FIX-OPENSUSE libvdpau-nopdftex.patch -- don't requires pdftex for building
-Patch1:         libvdpau-nopdftex.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  doxygen
@@ -85,7 +83,6 @@ Its usage is documented in the README.
 
 %prep
 %setup -q -b1
-%patch1 -p1
 
 %build
 autoreconf -fi