On 2016-01-15 17:58, Adam D. Barratt wrote:
> On Mon, 2015-11-02 at 03:07 +0100, Andreas Beckmann wrote:
>> The only option to fix CVE-2015-7723, CVE-2015-7724 (#803517) in
>> fglrx-driver is to update to a new upstream release of the blob.
>>
>> I have prepared a backport of the current sid version to jessie and only
>> reverted the changes that are problematic for jessie (removal of the
>> libxvbaw-dev package and related changes).
> 
> Apologies for the delay in getting back to you on this.
> 
> Please go ahead

Uploaded 1:15.9-4~deb8u1

In the meantime 1:15.9-3 got uploaded to sid followed by 1:15.9-4, so I
rebuilt that for jessie to get a few more typo fixes and lintian
overrides into the package. The "big" changes from -3 and -4 that were
made after I filed the pu request (and therefore were not yet in the
diff I sent) have been reverted for jessie: while the patches managed to
get the kernel module built for Linux 4.3/4.4 (which is irrelevant for
jessie anyway), the module would just oops with a null pointer
dereference in the blob on 4.3. So better restrict support to <= 4.2
which is known to work.

The
  "* Reinstate breaks between fglrx-driver and libgl1-fglrx-glx."
actually reverts a change, going back to what we have in jessie currently.

Attached is the incremental source diff for the additional changes not
in the previous pu-request diff.

Attached is also a filtered diff (excluding *.patch and *.po) from
1:14.9+ga14.201-2 to 1:15.9-4~deb8u1, generated from svn.

Please note that when checking the full diff from jessie, there will be
a lot of noise due to renaming/renumbering of the patches (and of course
the blobs itself).


Andreas

Attachment: 15.9-4~deb8u1.incremental.diff
Description: application/pgp-keys

Attachment: 1:15.9-4~deb8u1.filtered.diff
Description: application/pgp-keys

Reply via email to