Package: release.debian.org Severity: normal Tags: jessie User: release.debian....@packages.debian.org Usertags: pu
Dear release team, We would like to update libvdpau in jessie to address a segmentation fault in a particular use case. 0.8-3+deb8u1 was uploaded through jessie-security with an upstream fix for 3 security bugs: CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 (see https://bugs.debian.org/797895). The upstream patch unfortunately introduced a regression when running with DRI_PRIME=1, as reported by a user in https://bugs.debian.org/802625 and upstream has committed a fix for it. We already uploaded a fixed version to unstable, and now we would like to backport it to jessie as well. The debdiff follows. I have verified that it fixes the problem on a vanilla jessie amd64 installation. Thank you! Kind regards, Luca Boccassi diff -Nru libvdpau-0.8/debian/changelog libvdpau-0.8/debian/changelog --- libvdpau-0.8/debian/changelog 2015-09-05 13:14:50.000000000 +0100 +++ libvdpau-0.8/debian/changelog 2015-10-29 19:30:28.000000000 +0000 @@ -1,3 +1,10 @@ +libvdpau (0.8-3+deb8u2) jessie; urgency=medium + + [Luca Boccassi] + * Cherry-pick patch for DRI_PRIME crash. (Closes: #802625) + + -- Luca Boccassi <luca.bocca...@gmail.com> Wed, 28 Oct 2015 22:41:57 +0000 + libvdpau (0.8-3+deb8u1) jessie-security; urgency=high * Patch for CVE 2015-5198, 2015-5199, 2015-5200 diff -Nru libvdpau-0.8/debian/gbp.conf libvdpau-0.8/debian/gbp.conf --- libvdpau-0.8/debian/gbp.conf 2015-09-05 13:13:56.000000000 +0100 +++ libvdpau-0.8/debian/gbp.conf 2015-10-29 19:25:06.000000000 +0000 @@ -1,6 +1,6 @@ [DEFAULT] upstream-branch = upstream -debian-branch = master +debian-branch = jessie upstream-tag = upstream/%(version)s debian-tag = debian/%(version)s pristine-tar = True diff -Nru libvdpau-0.8/debian/patches/missing-configh-include.patch libvdpau-0.8/debian/patches/missing-configh-include.patch --- libvdpau-0.8/debian/patches/missing-configh-include.patch 1970-01-01 01:00:00.000000000 +0100 +++ libvdpau-0.8/debian/patches/missing-configh-include.patch 2015-10-28 23:47:48.000000000 +0000 @@ -0,0 +1,28 @@ +From: Rico Tzschichholz <ric...@ubuntu.com> +Date: Tue, 1 Sep 2015 10:45:11 +0200 +Subject: mesa_dri2: Add missing include of config.h to define _GNU_SOURCE + +Fix build with -Wimplicit-function-declaration while secure_getenv() is +guarded by __USE_GNU. + +Reviewed-by: Aaron Plattner <aplatt...@nvidia.com> +Tested-by: Stefan Dirsch <sndir...@suse.de> +(cherry picked from commit 1cda354bdfd0c9ca107293b84b52f4464fdbedcc) +--- + src/mesa_dri2.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/mesa_dri2.c b/src/mesa_dri2.c +index 51e8794..420ccee 100644 +--- a/src/mesa_dri2.c ++++ b/src/mesa_dri2.c +@@ -33,6 +33,9 @@ + * and José Hiram Soltren (jsolt...@nvidia.com) + */ + ++#ifdef HAVE_CONFIG_H ++#include "config.h" ++#endif + + #define NEED_REPLIES + #include <X11/Xlibint.h> diff -Nru libvdpau-0.8/debian/patches/series libvdpau-0.8/debian/patches/series --- libvdpau-0.8/debian/patches/series 2015-09-05 13:13:56.000000000 +0100 +++ libvdpau-0.8/debian/patches/series 2015-10-29 19:25:06.000000000 +0000 @@ -5,3 +5,4 @@ vdpau-module-searchpath.patch hardening.patch 0007-Use-secure_getenv-3-to-improve-security.patch +missing-configh-include.patch