Package: release.debian.org Severity: normal Tags: jessie User: release.debian....@packages.debian.org Usertags: pu
Hi, next nvidia package in non-free to be updated for CVE-2015-7869. Annotated changelog: +nvidia-graphics-drivers (340.96-1) jessie; urgency=medium uncommon version for the benefit of shorter version numbers in nvidia-graphics-modules, sid has an initial upload of 340.96 as 340.96-2. + * New upstream legacy 340xx branch release 340.96 (2015-11-16). + * Fixed CVE-2015-7869: Unsanitized User Mode Input. (Closes: #805917) + * Merge changes from 304.131-1. + * Add xorg-video-abi-20 as alternative dependency. + * conftest.h: + - Implement new conftest.sh functions hlist_for_each_entry, + of_parse_phandle, for_each_online_node, node_end_pfn (358.09). + - Update conftest.sh function scatterlist for logic reversal in + 304.131/340.96/352.63, support both ways. The new upstream bits. + * d/rules: Move tar option --no-recursion before the list of files. Not a problem in jessie, but when working with the packaging in stretch/sid. + * d/control: Make dependencies on nvidia-alternative strictly versioned to + prevent partial upgrades. partial upgrades allowed mismatching upstream versions of libcuda1 and nvidia-driver to be installed concurrently - but we can load only one version of the kernel module, and that needs to match the libraries exactly. + * d/module/debian/control.template: Add armhf to the Architecture list, + otherwise module-assistant can't build any module packages from + nvidia-kernel-source on armhf. That package was useless on armhf so far ... but only noticed after I added a qemu armhf pbuilder chroot locally ... +nvidia-graphics-drivers (304.131-1) UNRELEASED; urgency=medium + + * New upstream legacy 304xx branch release 304.131 (2015-11-16). + - Fixed a bug that could cause texture corruption in some OpenGL + applications when video memory is exhausted by a combination of + simultaneously running graphical and compute workloads. + - Added support for X.Org xserver ABI 20 (xorg-server 1.18). + * Improved compatibility with recent Linux kernels. Upstream now supports Linux 4.3 out of the box (except on armhf, but we have a patch there in sid and jessie-backports). + * Add xorg-video-abi-20 as alternative dependency. + * conftest.h: + - Implement new conftest.sh functions hlist_for_each_entry, + of_parse_phandle, for_each_online_node, node_end_pfn (358.09). + - Update conftest.sh function scatterlist for logic reversal in + 304.131/340.96/352.63, support both ways. the new upstream bits from wheezy-pu ... + * debian/control: Add Breaks between mismatching upstream versions of + libcuda1 and nvidia-alternative to prevent partial upgrades. This we had done differently for wheezy. There is also an undocumented addition of some comments to some lintian overrides to prevent me from "optimizing" them and breaking multiarch installation on the way ... Andreas
Index: debian/rules.defs =================================================================== --- debian/rules.defs (.../tags/340.93-0+deb8u1) (revision 5913) +++ debian/rules.defs (.../branches/340) (revision 5913) @@ -3,13 +3,13 @@ WATCH_VERSION = 340 NVIDIA_SETTINGS = nvidia-settings (>= $(version_major)) -XORG_ABI_LIST = 19 18 15 14 13 12 11 10 8 6.0 -XORG_BOUND = (<< 2:1.17.99) +XORG_ABI_LIST = 20 19 18 15 14 13 12 11 10 8 6.0 +XORG_BOUND = (<< 2:1.18.99) -LINUX_KMOD_TESTED = 4.2 +LINUX_KMOD_TESTED = 4.3 LINUX_KMOD_TESTED_amd64 = LINUX_KMOD_TESTED_i386 = -LINUX_KMOD_TESTED_armhf = +LINUX_KMOD_TESTED_armhf = 4.2 ARCH_LIST = i386 amd64 armhf NVIDIA_DIRNAME_X86 = NVIDIA-Linux-x86-${NVIDIA_RELEASE} Index: debian/module/conftest.h =================================================================== --- debian/module/conftest.h (.../tags/340.93-0+deb8u1) (revision 5913) +++ debian/module/conftest.h (.../branches/340) (revision 5913) @@ -1,4 +1,4 @@ -/* synchronized with conftest.sh from 352.41, 349.16, 346.96, 343.36, 340.93, 304.128, 173.14.39, 96.43.23, 71.86.15 */ +/* synchronized with conftest.sh from 358.16, 355.11, 352.63, 349.16, 346.96, 343.36, 340.96, 304.131, 173.14.39, 96.43.23, 71.86.15 */ #ifndef LINUX_VERSION_CODE #include <linux/version.h> @@ -348,9 +348,13 @@ #endif /* Implement conftest.sh function scatterlist */ +/* The logic and the define were reversed from HAS_PAGE + to HAS_PAGE_LINK in 304.131/340.96/352.63 */ #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24) + #undef NV_SCATTERLIST_HAS_PAGE_LINK #define NV_SCATTERLIST_HAS_PAGE #else + #define NV_SCATTERLIST_HAS_PAGE_LINK #undef NV_SCATTERLIST_HAS_PAGE #endif @@ -548,6 +552,13 @@ #undef NV_LIST_CUT_POSITION_PRESENT #endif +/* Implement conftest.sh function hlist_for_each_entry */ +#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,9,0) + #define NV_HLIST_FOR_EACH_ENTRY_ARGUMENT_COUNT 3 +#else + #define NV_HLIST_FOR_EACH_ENTRY_ARGUMENT_COUNT 4 +#endif + /* Implement conftest.sh function file_inode */ #if LINUX_VERSION_CODE >= KERNEL_VERSION(3,9,0) #define NV_FILE_HAS_INODE @@ -630,6 +641,29 @@ #undef NV_WRITE_CR4_PRESENT #endif +/* Implement conftest.sh function of_parse_phandle */ +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,31) + #define NV_OF_PARSE_PHANDLE_PRESENT +#else + #undef NV_OF_PARSE_PHANDLE_PRESENT +#endif + +/* Implement conftest.sh function for_each_online_node */ +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24) + #define NV_FOR_EACH_ONLINE_NODE_PRESENT +#else + #undef NV_FOR_EACH_ONLINE_NODE_PRESENT +#endif + +/* Implement conftest.sh function node_end_pfn */ +#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,0,0) || \ + ((IS_ENABLED(CONFIG_X86) || IS_ENABLED(CONFIG_PPC)) && \ + LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24)) + #define NV_NODE_END_PFN_PRESENT +#else + #undef NV_NODE_END_PFN_PRESENT +#endif + /* Check for linux/semaphore.h */ #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,26) #define NV_LINUX_SEMAPHORE_H_PRESENT Index: debian/module/debian/control.template.in =================================================================== --- debian/module/debian/control.template.in (.../tags/340.93-0+deb8u1) (revision 5913) +++ debian/module/debian/control.template.in (.../branches/340) (revision 5913) @@ -8,7 +8,7 @@ Homepage: http://www.nvidia.com/ Package: #NVIDIA#-kernel-#KVERS# -Architecture: i386 amd64 +Architecture: i386 amd64 armhf Provides: #NVIDIA#-kernel-#VERSION# Depends: nvidia-kernel-common (>= 20110213), Index: debian/changelog =================================================================== --- debian/changelog (.../tags/340.93-0+deb8u1) (revision 5913) +++ debian/changelog (.../branches/340) (revision 5913) @@ -1,3 +1,23 @@ +nvidia-graphics-drivers (340.96-1) jessie; urgency=medium + + * New upstream legacy 340xx branch release 340.96 (2015-11-16). + * Fixed CVE-2015-7869: Unsanitized User Mode Input. (Closes: #805917) + * Merge changes from 304.131-1. + * Add xorg-video-abi-20 as alternative dependency. + * conftest.h: + - Implement new conftest.sh functions hlist_for_each_entry, + of_parse_phandle, for_each_online_node, node_end_pfn (358.09). + - Update conftest.sh function scatterlist for logic reversal in + 304.131/340.96/352.63, support both ways. + * d/rules: Move tar option --no-recursion before the list of files. + * d/control: Make dependencies on nvidia-alternative strictly versioned to + prevent partial upgrades. + * d/module/debian/control.template: Add armhf to the Architecture list, + otherwise module-assistant can't build any module packages from + nvidia-kernel-source on armhf. + + -- Andreas Beckmann <a...@debian.org> Sat, 21 Nov 2015 02:50:49 +0100 + nvidia-graphics-drivers (340.93-0+deb8u1) jessie; urgency=medium * New upstream legacy 340xx branch release 340.93 (2015-09-02). @@ -1396,6 +1416,25 @@ -- Andreas Beckmann <deb...@abeckmann.de> Wed, 17 Oct 2012 19:54:34 +0200 +nvidia-graphics-drivers (304.131-1) UNRELEASED; urgency=medium + + * New upstream legacy 304xx branch release 304.131 (2015-11-16). + - Fixed a bug that could cause texture corruption in some OpenGL + applications when video memory is exhausted by a combination of + simultaneously running graphical and compute workloads. + - Added support for X.Org xserver ABI 20 (xorg-server 1.18). + * Improved compatibility with recent Linux kernels. + * Add xorg-video-abi-20 as alternative dependency. + * conftest.h: + - Implement new conftest.sh functions hlist_for_each_entry, + of_parse_phandle, for_each_online_node, node_end_pfn (358.09). + - Update conftest.sh function scatterlist for logic reversal in + 304.131/340.96/352.63, support both ways. + * debian/control: Add Breaks between mismatching upstream versions of + libcuda1 and nvidia-alternative to prevent partial upgrades. + + -- Andreas Beckmann <a...@debian.org> Sat, 21 Nov 2015 00:54:17 +0100 + nvidia-graphics-drivers (304.128-1) wheezy; urgency=medium * New upstream legacy 304xx branch release 304.128 (2015-08-31). Index: debian/control =================================================================== --- debian/control (.../tags/340.93-0+deb8u1) (revision 5913) +++ debian/control (.../branches/340) (revision 5913) @@ -70,7 +70,7 @@ Section: non-free/x11 Architecture: i386 amd64 armhf Depends: - ${nvidia-alternative}, + ${nvidia-alternative} (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} Recommends: ${nvidia}-driver, @@ -147,7 +147,7 @@ nvidia-installer-cleanup, ${misc:Pre-Depends} Depends: - ${nvidia-alternative}, + ${nvidia-alternative} (= ${binary:Version}), nvidia-installer-cleanup (>= 20130816) [i386], nvidia-support, ${shlibs:Depends}, ${misc:Depends} @@ -195,7 +195,7 @@ Pre-Depends: ${misc:Pre-Depends} Depends: - ${nvidia-alternative}, + ${nvidia-alternative} (= ${binary:Version}), lib${nvidia}-eglcore (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} Description: NVIDIA binary EGL libraries${nvidia:LegacyDesc} @@ -214,7 +214,7 @@ Pre-Depends: ${misc:Pre-Depends} Depends: - ${nvidia-alternative}, + ${nvidia-alternative} (= ${binary:Version}), lib${nvidia}-eglcore (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} Description: NVIDIA binary OpenGL|ES 1.x libraries${nvidia:LegacyDesc} @@ -236,7 +236,7 @@ Pre-Depends: ${misc:Pre-Depends} Depends: - ${nvidia-alternative}, + ${nvidia-alternative} (= ${binary:Version}), lib${nvidia}-eglcore (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} Description: NVIDIA binary OpenGL|ES 2.x libraries${nvidia:LegacyDesc} @@ -293,7 +293,7 @@ nvidia-settings-legacy-173xx (<< 173.14.37), nvidia-driver (<< 340.46-4~), nvidia-vdpau-driver (<< 340.46-2~), - libcuda1 (<< 340.46-2~), + libcuda1 (<< 340.96), nvidia-opencl-icd (<< 340.46-2~), libnvidia-ifr1 (<< 340.46-2~), libnvidia-fbc1 (<< 340.46-2~), @@ -398,7 +398,7 @@ ${misc:Pre-Depends} Depends: libvdpau1, - ${nvidia-alternative}, + ${nvidia-alternative} (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} Recommends: ${nvidia:kmod:binary}, @@ -474,7 +474,7 @@ ${misc:Pre-Depends} Depends: nvidia-support, - ${nvidia-alternative}, + ${nvidia-alternative} (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} Recommends: ${nvidia:kmod:binary}, @@ -620,7 +620,7 @@ Pre-Depends: ${misc:Pre-Depends} Depends: - ${nvidia-alternative}, + ${nvidia-alternative} (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} Breaks: ${nvidia}-smi (<< ${nvidia:Version}), @@ -655,7 +655,7 @@ Depends: nvidia-opencl-common, ocl-icd-libopencl1 | nvidia-libopencl1 | libopencl1, - ${nvidia-alternative}, + ${nvidia-alternative} (= ${binary:Version}), lib${nvidia}-compiler (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} Suggests: Index: debian/nvidia-opencl-icd.lintian-overrides.in =================================================================== --- debian/nvidia-opencl-icd.lintian-overrides.in (.../tags/340.93-0+deb8u1) (revision 5913) +++ debian/nvidia-opencl-icd.lintian-overrides.in (.../branches/340) (revision 5913) @@ -1,6 +1,5 @@ # The NVIDIA license does not allow any form of modification. [i386]: binary-file-built-without-LFS-support -embedded-library usr/lib*/libnvidia-opencl.so.#VERSION#: zlib shlib-with-executable-stack [i386]: shlib-with-non-pic-code spelling-error-in-binary @@ -8,6 +7,9 @@ hardening-no-relro hardening-no-stackprotector +# Use wildcard instead of exact substitution, this is a M-A: same package. +embedded-library usr/lib*/libnvidia-opencl.so.#VERSION#: zlib + # Lintian and debhelper disagree w.r.t a library in a private directory. postinst-has-useless-call-to-ldconfig postrm-has-useless-call-to-ldconfig Index: debian/libcuda1.lintian-overrides.in =================================================================== --- debian/libcuda1.lintian-overrides.in (.../tags/340.93-0+deb8u1) (revision 5913) +++ debian/libcuda1.lintian-overrides.in (.../branches/340) (revision 5913) @@ -1,6 +1,5 @@ # The NVIDIA license does not allow any form of modification. [!amd64]: binary-file-built-without-LFS-support -embedded-library usr/lib*/libcuda.so.#VERSION#: zlib [!armhf]: shlib-with-executable-stack [i386]: shlib-with-non-pic-code spelling-error-in-binary @@ -8,6 +7,9 @@ hardening-no-relro hardening-no-stackprotector +# Use wildcard instead of exact substitution, this is a M-A: same package. +embedded-library usr/lib*/libcuda.so.#VERSION#: zlib + # Lintian and debhelper disagree w.r.t a library in a private directory. postinst-has-useless-call-to-ldconfig postrm-has-useless-call-to-ldconfig Index: debian/rules =================================================================== --- debian/rules (.../tags/340.93-0+deb8u1) (revision 5913) +++ debian/rules (.../branches/340) (revision 5913) @@ -231,7 +231,7 @@ tar cfJ $(module_txz) \ --owner=root --group=src -C $(module_source)/../.. \ --exclude '*.in' --exclude '.svn' \ - --null -T - --no-recursion + --no-recursion --null -T - tar tfvJ $(module_txz) build-kernel-dkms-tree: build-kernel-source-tree Property changes on: . ___________________________________________________________________ Added: svn:mergeinfo Merged /packages/nvidia-graphics-drivers/branches/304.51:r3420-3423 Merged /packages/nvidia-graphics-drivers/branches/304.60:r3473-3565 Merged /packages/nvidia-graphics-drivers/branches/319:r3826-4401 Merged /packages/nvidia-graphics-drivers/branches/304-wheezy:r3714-5874 Merged /packages/nvidia-graphics-drivers/branches/jessie:r5163-5181 Merged /packages/nvidia-graphics-drivers/branches/310:r3423-4351 Merged /packages/nvidia-graphics-drivers/branches/304:r3148-3478,4676-5887 Merged /packages/nvidia-graphics-drivers/branches/304-jessie:r3566-3819 Merged /packages/nvidia-graphics-drivers/branches/313:r3576-4381 Merged /packages/nvidia-graphics-drivers/branches/331:r4424-4683 Merged /packages/nvidia-graphics-drivers/branches/325:r3946-4423