Bug#886852: NVidia driver : upgrade to version 384.111

2018-03-05 Thread Andreas Beckmann 
On 2018-03-06 00:44, Vincent Lefevre wrote:
> It appears that while the bug was fixed in unstable
> (384.111-1 -> 384.111-4), a new buggy version has just been uploaded
> to unstable (387.34-4), as detected by apt-listbugs. Indeed, this bug
> is marked as found in 387.34-1, but there's no fixed version for 387.*:

That driver will be replaced by 390.25 in sid in a few hours :-)


Andreas

Bug#886852: NVidia driver : upgrade to version 384.111

2018-03-05 Thread Vincent Lefevre 
It appears that while the bug was fixed in unstable
(384.111-1 -> 384.111-4), a new buggy version has just been uploaded
to unstable (387.34-4), as detected by apt-listbugs. Indeed, this bug
is marked as found in 387.34-1, but there's no fixed version for 387.*:

Found in versions nvidia-graphics-drivers/387.34-1, 
nvidia-graphics-drivers/343.22-1, nvidia-graphics-drivers/375.82-1~deb9u1

Fixed in versions nvidia-graphics-drivers/384.111-1, 
nvidia-graphics-drivers/390.12-1, 
nvidia-graphics-drivers-legacy-340xx/340.106-1, 
nvidia-graphics-drivers-legacy-340xx/340.106-2~deb9u1

So, either this bug should be reopened, or if this is an error in
the above metadata, they should be corrected.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#886852: NVidia driver : upgrade to version 384.111

2018-01-13 Thread Luca Boccassi 
On Sat, 2018-01-13 at 14:59 +0100, Andreas Beckmann wrote:
> On 2018-01-11 23:26, Luca Boccassi wrote:
> > The new meta packages for switching over are handy, unfortunately
> > apt
> > chokes on them - aptitude is able to figure it out though.
> > 
> > I suspect it's again due to multiarch - seems to be a recurring
> > problem
> > with apt. So don't think there's anything we can do.
> 
> Do you have more details? What does not work with apt?

It cannot find a resolution (with hints it gets to a point where it
present removing half of the GUI packages as a solution) - if you
remember we had the same problem a month ago or so, and it looked like
it was due to having both amd64 and i386 installed - as with only one
arch (in a chroot) it couldn't be reproduced:

$ dpkg -l | grep nvidia-driver
ii  nvidia-driver 384.111-1~bpo9+1  
  amd64NVIDIA metapackage
ii  nvidia-driver-bin 384.111-1~bpo9+1  
  amd64NVIDIA driver support binaries
ii  nvidia-driver-libs:amd64  384.111-1~bpo9+1  
  amd64NVIDIA metapackage (OpenGL/GLX/EGL/GLES 
libraries)
ii  nvidia-driver-libs:i386   384.111-1~bpo9+1  
  i386 NVIDIA metapackage (OpenGL/GLX/EGL/GLES 
libraries)
ii  nvidia-driver-libs-i386:i386  384.111-1~bpo9+1  
  i386 NVIDIA metapackage (OpenGL/GLX/EGL/GLES 
32-bit libraries)
$ sudo apt install -t stretch-backports nvidia-driver-libs-nonglvnd 
nvidia-driver-libs-nonglvnd-i386
[sudo] password for luca: 
Reading package lists... Done
Building dependency tree   
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 libgl1 : Depends: libglx0 (= 1.0.0-1) but it is not going to be installed
 libpurple0 : Depends: libfarstream-0.2-5 (>= 0.2.7) but it is not going to be 
installed
  Recommends: libpurple-bin but it is not going to be installed
 nvidia-driver-libs-nonglvnd : Depends: libgl1-nvidia-glx (= 384.111-1~bpo9+1) 
but it is not going to be installed
   Depends: libegl1-nvidia (= 384.111-1~bpo9+1) but 
it is not going to be installed
   Recommends: libglx-nvidia0 (= 384.111-1~bpo9+1) 
but it is not going to be installed
   Recommends: libgles-nvidia1 (= 384.111-1~bpo9+1) 
but it is not going to be installed
   Recommends: libgles-nvidia2 (= 384.111-1~bpo9+1) 
but it is not going to be installed
   Recommends: libnvidia-cfg1 (= 384.111-1~bpo9+1) 
but it is not going to be installed
   Recommends: nvidia-egl-wayland-icd (= 
384.111-1~bpo9+1) but it is not going to be installed
   Recommends: nvidia-nonglvnd-vulkan-icd (= 
384.111-1~bpo9+1) but it is not going to be installed
 nvidia-driver-libs-nonglvnd-i386:i386 : Depends: 
nvidia-driver-libs-nonglvnd:i386 but it is not going to be installed
E: Error, pkgProblemResolver::Resolve generated breaks, this may be caused by 
held packages.

$ sudo aptitude install -t stretch-backports nvidia-driver-libs-nonglvnd 
nvidia-driver-libs-nonglvnd-i386
Note: selecting "nvidia-driver-libs-nonglvnd-i386:i386" instead of the virtual 
package "nvidia-driver-libs-nonglvnd-i386"
The following NEW packages will be installed:
  libegl1-nvidia{a} libegl1-nvidia:i386{a} libgl1-nvidia-glx{ab} 
libgl1-nvidia-glx:i386{ab} libgles-nvidia1{a} 
  libgles-nvidia1:i386{a} libgles1-glvnd-nvidia{a} 
libgles1-glvnd-nvidia:i386{a} nvidia-driver-libs-nonglvnd{b} 
  nvidia-driver-libs-nonglvnd:i386{ab} nvidia-driver-libs-nonglvnd-i386:i386 
nvidia-nonglvnd-vulkan-common{ab} 
  nvidia-nonglvnd-vulkan-icd{ab} nvidia-nonglvnd-vulkan-icd:i386{ab} 
0 packages upgraded, 14 newly installed, 0 to remove and 169 not upgraded.
Need to get 3,382 kB of archives. After unpacking 5,976 kB will be used.
The following packages have unmet dependencies:
 nvidia-vulkan-icd : Conflicts: nvidia-nonglvnd-vulkan-icd but 384.111-1~bpo9+1 
is to be installed
 Conflicts: nvidia-nonglvnd-vulkan-icd:i386 but 
384.111-1~bpo9+1 is to be installed
 nvidia-vulkan-icd:i386 : Conflicts: nvidia-nonglvnd-vulkan-icd but 
384.111-1~bpo9+1 is to be installed
  Conflicts: nvidia-nonglvnd-vulkan-icd:i386 but 
384.111-1~bpo9+1 is to be installed
 nvidia-nonglvnd-vulkan-icd : Conflicts: nvidia-vulkan-icd but 384.111-1~bpo9+1 
is installed

Bug#886852: NVidia driver : upgrade to version 384.111

2018-01-13 Thread Andreas Beckmann 
On 2018-01-11 23:26, Luca Boccassi wrote:
> The new meta packages for switching over are handy, unfortunately apt
> chokes on them - aptitude is able to figure it out though.
> 
> I suspect it's again due to multiarch - seems to be a recurring problem
> with apt. So don't think there's anything we can do.

Do you have more details? What does not work with apt?


Andreas

Bug#886852: NVidia driver : upgrade to version 384.111

2018-01-11 Thread Luca Boccassi 
Great, thanks!

Andreas, tested as well on my Stretch desktop, both glvnd and non-glvnd 
look fine.

The new meta packages for switching over are handy, unfortunately apt
chokes on them - aptitude is able to figure it out though.

I suspect it's again due to multiarch - seems to be a recurring problem
with apt. So don't think there's anything we can do.

Also tried DOW3 with Vulkan and it worked fine too.

On Thu, 2018-01-11 at 17:51 +0100, Julien Aubin wrote:
> Hi,
> 
> Tested w/ the following games :
> Cities Skylines -> OK
> F1 2017 (Vulkan Only) -> OK
> Middle Earth Shadow of Mordor -> OK
> Civilization V -> OK
> 
> All under KDE.
> 
> All is OK for me. :-)
> 
> 2018-01-11 13:47 GMT+01:00 Luca Boccassi :
> 
> > On Thu, 2018-01-11 at 12:23 +0100, Julien Aubin wrote:
> > > Le 11 janv. 2018 12:19, "Luca Boccassi"  a
> > > écrit :
> > > 
> > > On Wed, 2018-01-10 at 23:58 +0100, Andreas Beckmann wrote:
> > > > On 2018-01-10 15:25, Luca Boccassi wrote:
> > > > > I'm a little confused as what their blobs could possible have
> > > > > to
> > > > > do
> > > > > with spectre/meltdown to be honest
> > > > 
> > > > meltdown does not seem to be an issue, but for spectre it is
> > > > not
> > > > neccessarily the GPU bits being fixed, but the CPU side of the
> > > > driver
> > > > -
> > > > which can run untrusted user supplied code (e.g. compiling
> > > > shaders)
> > > > ...
> > > > that could be comparable to the sandboxed javascript in the
> > > > browser
> > > > accessing all the browser memory.
> > > 
> > > Ah I see, makes sense.
> > > 
> > > > > - but in general it sounds like a
> > > > > good idea to move 384 to stable-p-u, since it's won't be the
> > > > > last
> > > > > CVE
> > > > > we get and as you said 375 is dead and buried.
> > > > > 
> > > > > Andreas, what do you think?
> > > > 
> > > > Just uploaded to stretch-backports, will need to go through
> > > > backports-new.
> > > > Untested on my side - please try it out :-)
> > > > 
> > > > 
> > > > Andreas
> > > 
> > > Thanks, will try it out later tonight and report back - I already
> > > had
> > > manually built a locally merged version and it seemed to work
> > > fine so
> > > I
> > > don't expect issues.
> > > 
> > > --
> > > Kind regards,
> > > Luca Boccassi
> > > 
> > > 
> > > Hi
> > > 
> > > If there is something like bpo-new for the bpo repo (as well as
> > > stable-proposed-updates exists) I would be happy to test as well.
> > > 
> > > I prefer avoiding to build the packages myself in order to avoid
> > > building
> > > some kind of tainted package
> > 
> > It was accepted into bpo, so you'll be able to install it from
> > stretch-
> > backports sometimes later today
> > 
> > --
> > Kind regards,
> > Luca Boccassi
> > 

signature.asc
Description: This is a digitally signed message part

Bug#886852: NVidia driver : upgrade to version 384.111

2018-01-11 Thread Julien Aubin 
Hi,

Tested w/ the following games :
Cities Skylines -> OK
F1 2017 (Vulkan Only) -> OK
Middle Earth Shadow of Mordor -> OK
Civilization V -> OK

All under KDE.

All is OK for me. :-)

2018-01-11 13:47 GMT+01:00 Luca Boccassi :

> On Thu, 2018-01-11 at 12:23 +0100, Julien Aubin wrote:
> > Le 11 janv. 2018 12:19, "Luca Boccassi"  a écrit :
> >
> > On Wed, 2018-01-10 at 23:58 +0100, Andreas Beckmann wrote:
> > > On 2018-01-10 15:25, Luca Boccassi wrote:
> > > > I'm a little confused as what their blobs could possible have to
> > > > do
> > > > with spectre/meltdown to be honest
> > >
> > > meltdown does not seem to be an issue, but for spectre it is not
> > > neccessarily the GPU bits being fixed, but the CPU side of the
> > > driver
> > > -
> > > which can run untrusted user supplied code (e.g. compiling shaders)
> > > ...
> > > that could be comparable to the sandboxed javascript in the browser
> > > accessing all the browser memory.
> >
> > Ah I see, makes sense.
> >
> > > > - but in general it sounds like a
> > > > good idea to move 384 to stable-p-u, since it's won't be the last
> > > > CVE
> > > > we get and as you said 375 is dead and buried.
> > > >
> > > > Andreas, what do you think?
> > >
> > > Just uploaded to stretch-backports, will need to go through
> > > backports-new.
> > > Untested on my side - please try it out :-)
> > >
> > >
> > > Andreas
> >
> > Thanks, will try it out later tonight and report back - I already had
> > manually built a locally merged version and it seemed to work fine so
> > I
> > don't expect issues.
> >
> > --
> > Kind regards,
> > Luca Boccassi
> >
> >
> > Hi
> >
> > If there is something like bpo-new for the bpo repo (as well as
> > stable-proposed-updates exists) I would be happy to test as well.
> >
> > I prefer avoiding to build the packages myself in order to avoid
> > building
> > some kind of tainted package
>
> It was accepted into bpo, so you'll be able to install it from stretch-
> backports sometimes later today
>
> --
> Kind regards,
> Luca Boccassi
>

Bug#886852: NVidia driver : upgrade to version 384.111

2018-01-11 Thread Luca Boccassi 
On Thu, 2018-01-11 at 12:23 +0100, Julien Aubin wrote:
> Le 11 janv. 2018 12:19, "Luca Boccassi"  a écrit :
> 
> On Wed, 2018-01-10 at 23:58 +0100, Andreas Beckmann wrote:
> > On 2018-01-10 15:25, Luca Boccassi wrote:
> > > I'm a little confused as what their blobs could possible have to
> > > do
> > > with spectre/meltdown to be honest
> > 
> > meltdown does not seem to be an issue, but for spectre it is not
> > neccessarily the GPU bits being fixed, but the CPU side of the
> > driver
> > -
> > which can run untrusted user supplied code (e.g. compiling shaders)
> > ...
> > that could be comparable to the sandboxed javascript in the browser
> > accessing all the browser memory.
> 
> Ah I see, makes sense.
> 
> > > - but in general it sounds like a
> > > good idea to move 384 to stable-p-u, since it's won't be the last
> > > CVE
> > > we get and as you said 375 is dead and buried.
> > > 
> > > Andreas, what do you think?
> > 
> > Just uploaded to stretch-backports, will need to go through
> > backports-new.
> > Untested on my side - please try it out :-)
> > 
> > 
> > Andreas
> 
> Thanks, will try it out later tonight and report back - I already had
> manually built a locally merged version and it seemed to work fine so
> I
> don't expect issues.
> 
> --
> Kind regards,
> Luca Boccassi
> 
> 
> Hi
> 
> If there is something like bpo-new for the bpo repo (as well as
> stable-proposed-updates exists) I would be happy to test as well.
> 
> I prefer avoiding to build the packages myself in order to avoid
> building
> some kind of tainted package

It was accepted into bpo, so you'll be able to install it from stretch-
backports sometimes later today

-- 
Kind regards,
Luca Boccassi

signature.asc
Description: This is a digitally signed message part

Bug#886852: NVidia driver : upgrade to version 384.111

2018-01-11 Thread Phil Wyett 
On Wed, 2018-01-10 at 23:58 +0100, Andreas Beckmann wrote:
> On 2018-01-10 15:25, Luca Boccassi wrote:
> > I'm a little confused as what their blobs could possible have to do
> > with spectre/meltdown to be honest
> 
> meltdown does not seem to be an issue, but for spectre it is not
> neccessarily the GPU bits being fixed, but the CPU side of the driver -
> which can run untrusted user supplied code (e.g. compiling shaders) ...
> that could be comparable to the sandboxed javascript in the browser
> accessing all the browser memory.
> 
> > - but in general it sounds like a
> > good idea to move 384 to stable-p-u, since it's won't be the last CVE
> > we get and as you said 375 is dead and buried.
> > 
> > Andreas, what do you think?
> 
> Just uploaded to stretch-backports, will need to go through backports-new.
> Untested on my side - please try it out :-)
> 
> 
> Andreas
> 

Running this driver version built locally with the following (system marked) two
no longer needed packages purged.

libgles-nvidia1
libgles1-nvidia

No issues thus far.

Regards

Phil

-- 
*** If this is a mailing list, I am subscribed, no need to CC me.***

Playing the game for the games sake.

Web: https://kathenas.org

GitLab: https://gitlab.com/kathenas

Twitter: kathenasorg

Instagram: kathenasorg

GPG: 1B97 6556 913F 73F3 9C9B 25C4 2961 D9B6 2017 A57A

signature.asc
Description: This is a digitally signed message part

Bug#886852: NVidia driver : upgrade to version 384.111

2018-01-11 Thread Julien Aubin 
Le 11 janv. 2018 12:19, "Luca Boccassi"  a écrit :

On Wed, 2018-01-10 at 23:58 +0100, Andreas Beckmann wrote:
> On 2018-01-10 15:25, Luca Boccassi wrote:
> > I'm a little confused as what their blobs could possible have to do
> > with spectre/meltdown to be honest
>
> meltdown does not seem to be an issue, but for spectre it is not
> neccessarily the GPU bits being fixed, but the CPU side of the driver
> -
> which can run untrusted user supplied code (e.g. compiling shaders)
> ...
> that could be comparable to the sandboxed javascript in the browser
> accessing all the browser memory.

Ah I see, makes sense.

> > - but in general it sounds like a
> > good idea to move 384 to stable-p-u, since it's won't be the last
> > CVE
> > we get and as you said 375 is dead and buried.
> >
> > Andreas, what do you think?
>
> Just uploaded to stretch-backports, will need to go through
> backports-new.
> Untested on my side - please try it out :-)
>
>
> Andreas

Thanks, will try it out later tonight and report back - I already had
manually built a locally merged version and it seemed to work fine so I
don't expect issues.

--
Kind regards,
Luca Boccassi


Hi

If there is something like bpo-new for the bpo repo (as well as
stable-proposed-updates exists) I would be happy to test as well.

I prefer avoiding to build the packages myself in order to avoid building
some kind of tainted package

Bug#886852: NVidia driver : upgrade to version 384.111

2018-01-11 Thread Luca Boccassi 
On Wed, 2018-01-10 at 23:58 +0100, Andreas Beckmann wrote:
> On 2018-01-10 15:25, Luca Boccassi wrote:
> > I'm a little confused as what their blobs could possible have to do
> > with spectre/meltdown to be honest
> 
> meltdown does not seem to be an issue, but for spectre it is not
> neccessarily the GPU bits being fixed, but the CPU side of the driver
> -
> which can run untrusted user supplied code (e.g. compiling shaders)
> ...
> that could be comparable to the sandboxed javascript in the browser
> accessing all the browser memory.

Ah I see, makes sense.

> > - but in general it sounds like a
> > good idea to move 384 to stable-p-u, since it's won't be the last
> > CVE
> > we get and as you said 375 is dead and buried.
> > 
> > Andreas, what do you think?
> 
> Just uploaded to stretch-backports, will need to go through
> backports-new.
> Untested on my side - please try it out :-)
> 
> 
> Andreas

Thanks, will try it out later tonight and report back - I already had
manually built a locally merged version and it seemed to work fine so I
don't expect issues.

-- 
Kind regards,
Luca Boccassi

signature.asc
Description: This is a digitally signed message part

Bug#886852: NVidia driver : upgrade to version 384.111

2018-01-10 Thread Andreas Beckmann 
On 2018-01-10 15:25, Luca Boccassi wrote:
> I'm a little confused as what their blobs could possible have to do
> with spectre/meltdown to be honest

meltdown does not seem to be an issue, but for spectre it is not
neccessarily the GPU bits being fixed, but the CPU side of the driver -
which can run untrusted user supplied code (e.g. compiling shaders) ...
that could be comparable to the sandboxed javascript in the browser
accessing all the browser memory.

> - but in general it sounds like a
> good idea to move 384 to stable-p-u, since it's won't be the last CVE
> we get and as you said 375 is dead and buried.
> 
> Andreas, what do you think?

Just uploaded to stretch-backports, will need to go through backports-new.
Untested on my side - please try it out :-)


Andreas

Bug#886852: NVidia driver : upgrade to version 384.111

2018-01-10 Thread Andreas Beckmann 
Control: tag -1 - stretch

Nope, this is not stretch-only. The found/fixed versions are sufficient
to express the occurrences of this bug.


Andreas

Bug#886852: NVidia driver : upgrade to version 384.111

2018-01-10 Thread Luca Boccassi 
Control: fixed -1 384.111-1
Control: tags -1 stretch

On Wed, 2018-01-10 at 15:11 +0100, Julien Aubin wrote:
> Package: nvidia-driver
> Version: 375.82-1~deb9u1
> Severity: critical
> 
> Hi,
> 
> NVidia upgraded their blob to version 384.111 in order to fix Spectre
> /
> Meltdown vulnerability. It turns out that the 375.xx branch is no
> longer
> supported, so we cannot expect getting driver patches for the current
> stretch drivers.
> 
> More details on this bulletin :
> https://nvidia.custhelp.com/app/answers/detail/a_id/4611
> 
> What I suggest is first to put the 384.111 driver in BPO, and then
> once
> we've checked it is good enough put it in the next p-u so that users
> are no
> longer vulnerable.
> 
> What do you think of it ?
> 
> Rgds,

I'm a little confused as what their blobs could possible have to do
with spectre/meltdown to be honest - but in general it sounds like a
good idea to move 384 to stable-p-u, since it's won't be the last CVE
we get and as you said 375 is dead and buried.

Andreas, what do you think?

-- 
Kind regards,
Luca Boccassi

signature.asc
Description: This is a digitally signed message part

Bug#886852: NVidia driver : upgrade to version 384.111

2018-01-10 Thread Julien Aubin 
Package: nvidia-driver
Version: 375.82-1~deb9u1
Severity: critical

Hi,

NVidia upgraded their blob to version 384.111 in order to fix Spectre /
Meltdown vulnerability. It turns out that the 375.xx branch is no longer
supported, so we cannot expect getting driver patches for the current
stretch drivers.

More details on this bulletin :
https://nvidia.custhelp.com/app/answers/detail/a_id/4611

What I suggest is first to put the 384.111 driver in BPO, and then once
we've checked it is good enough put it in the next p-u so that users are no
longer vulnerable.

What do you think of it ?

Rgds,