18:16 danfe 

In sight of upcoming update, deorbit support for legacy versions (part 1):

- Make the top comment reflect the current reality
- MASTER_SITE_SUBDIR does not have be set later, as it no longer depends
  on NVVERSION (this also allows to move ONLY_FOR_ARCHS where it belongs)
- Delete no longer relevant legacy only versions specific patches; retain
  EXTRA_PATCHES as this separation would still be needed in new versions
- All security patches only touch legacy drivers and thus also deleted
- PAE and WBINVD options are now unconditional (independent of NVVERSION)
- Drop no longer needed LIB_DEPENDS on libm.so.3 from `misc/compat5x'
- Adjust a comment and simplify regexp that had been sitting in my tree
- Stop mentioning that this driver does not support PAE-enabled kernels
  in pkg-message

 

09:24 danfe 

- Revert patch for CVE-2012-0946 to its original form and apply both CVE
  patches when needed, for clarity's sake
- Touch some comments in Makefile while here (purely cosmetic)

 

07:14 danfe 

- Update legacy 173.14.xx series driver to version 173.14.35 and provide a
  patch for CVE-2012-4225 for this version
- Augment security patch for CVE-2012-0946 to cover CVE-2012-4225 as well
  for the benefit of really old legacy drivers

 

11:22 danfe 

Provide home-made patch for legacy nVidia drivers against recent arbitrary
memory access vulnerability.  While affected underlying code is very similar
in all released drivers, and they all are technically exploitable the same
way, the exploit relies on hardware that is not present in GPUs older than
NV50/G80, hence versions starting from 100.14.03 must be patched.

That said, while the patch does apply to all legacy versions, port revision
bump makes sense only for 173.14.xx series (as 96.43.xx and 71.86.xx do not
hardware exploit relies upon).

Discussed with: Christian Zander
Security:       CVE-2012-0946