Bug#803410: marked as done (jessie-pu: package libvdpau/0.8-3+deb8u2)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Mon, 02 Nov 2015 14:25:48 +0100
with message-id <5637645C.6020404@debian.org>
and subject line Re: Bug#803410: jessie-pu: package libvdpau/0.8-3+deb8u2
has caused the Debian Bug report #803410,
regarding jessie-pu: package libvdpau/0.8-3+deb8u2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
803410: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803410
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: jessie-pu: package libvdpau/0.8-3+deb8u2
• From: luca <luca.boccassi@gmail.com>
• Date: Thu, 29 Oct 2015 19:52:23 +0000
• Message-id: <20151029195223.1020.97487.reportbug@luca-desktop.home>

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

Dear release team,

We would like to update libvdpau in jessie to address a segmentation fault in a
particular use case.

0.8-3+deb8u1 was uploaded through jessie-security with an upstream fix for 3
security bugs: CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 (see
https://bugs.debian.org/797895).

The upstream patch unfortunately introduced a regression when running with
DRI_PRIME=1, as reported by a user in https://bugs.debian.org/802625 and
upstream has committed a fix for it.

We already uploaded a fixed version to unstable, and now we would like to
backport it to jessie as well. The debdiff follows. I have verified that it
fixes the problem on a vanilla jessie amd64 installation.

Thank you!

Kind regards,
Luca Boccassi


diff -Nru libvdpau-0.8/debian/changelog libvdpau-0.8/debian/changelog
--- libvdpau-0.8/debian/changelog       2015-09-05 13:14:50.000000000 +0100
+++ libvdpau-0.8/debian/changelog       2015-10-29 19:30:28.000000000 +0000
@@ -1,3 +1,10 @@
+libvdpau (0.8-3+deb8u2) jessie; urgency=medium
+
+  [Luca Boccassi]
+  * Cherry-pick patch for DRI_PRIME crash. (Closes: #802625)
+
+ -- Luca Boccassi <luca.boccassi@gmail.com>  Wed, 28 Oct 2015 22:41:57 +0000
+
 libvdpau (0.8-3+deb8u1) jessie-security; urgency=high

   * Patch for CVE 2015-5198, 2015-5199, 2015-5200
diff -Nru libvdpau-0.8/debian/gbp.conf libvdpau-0.8/debian/gbp.conf
--- libvdpau-0.8/debian/gbp.conf        2015-09-05 13:13:56.000000000 +0100
+++ libvdpau-0.8/debian/gbp.conf        2015-10-29 19:25:06.000000000 +0000
@@ -1,6 +1,6 @@
 [DEFAULT]
 upstream-branch = upstream
-debian-branch = master
+debian-branch = jessie
 upstream-tag = upstream/%(version)s
 debian-tag = debian/%(version)s
 pristine-tar = True
diff -Nru libvdpau-0.8/debian/patches/missing-configh-include.patch
libvdpau-0.8/debian/patches/missing-configh-include.patch
--- libvdpau-0.8/debian/patches/missing-configh-include.patch   1970-01-01
01:00:00.000000000 +0100
+++ libvdpau-0.8/debian/patches/missing-configh-include.patch   2015-10-28
23:47:48.000000000 +0000
@@ -0,0 +1,28 @@
+From: Rico Tzschichholz <ricotz@ubuntu.com>
+Date: Tue, 1 Sep 2015 10:45:11 +0200
+Subject: mesa_dri2: Add missing include of config.h to define _GNU_SOURCE
+
+Fix build with -Wimplicit-function-declaration while secure_getenv() is
+guarded by __USE_GNU.
+
+Reviewed-by: Aaron Plattner <aplattner@nvidia.com>
+Tested-by: Stefan Dirsch <sndirsch@suse.de>
+(cherry picked from commit 1cda354bdfd0c9ca107293b84b52f4464fdbedcc)
+---
+ src/mesa_dri2.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/mesa_dri2.c b/src/mesa_dri2.c
+index 51e8794..420ccee 100644
+--- a/src/mesa_dri2.c
++++ b/src/mesa_dri2.c
+@@ -33,6 +33,9 @@
+  *   and José Hiram Soltren (jsoltren@nvidia.com)
+  */
+
++#ifdef HAVE_CONFIG_H
++#include "config.h"
++#endif
+
+ #define NEED_REPLIES
+ #include <X11/Xlibint.h>
diff -Nru libvdpau-0.8/debian/patches/series libvdpau-0.8/debian/patches/series
--- libvdpau-0.8/debian/patches/series  2015-09-05 13:13:56.000000000 +0100
+++ libvdpau-0.8/debian/patches/series  2015-10-29 19:25:06.000000000 +0000
@@ -5,3 +5,4 @@
 vdpau-module-searchpath.patch
 hardening.patch
 0007-Use-secure_getenv-3-to-improve-security.patch
+missing-configh-include.patch

--- End Message ---

--- Begin Message ---

• To: Luca Boccassi <luca.boccassi@gmail.com>, Alessandro Ghedini <ghedo@debian.org>
• Cc: 803410-done@bugs.debian.org, team@security.debian.org
• Subject: Re: Bug#803410: jessie-pu: package libvdpau/0.8-3+deb8u2
• From: Andreas Beckmann <anbe@debian.org>
• Date: Mon, 02 Nov 2015 14:25:48 +0100
• Message-id: <5637645C.6020404@debian.org>
• In-reply-to: <1446223278.3026.7.camel@gmail.com>
• References: <20151029195223.1020.97487.reportbug@luca-desktop.home> <20151030133250.GA7387@kronk.local> <1446223278.3026.7.camel@gmail.com>

On 2015-10-30 17:41, Luca Boccassi wrote:
>> The diff looks good, could you change the target to jessie-security and upload
>> to security-master?
> 
> Committed in git, but I'll have to ask Andreas to upload as I lack the
> supercow powers :-)

Extended the problem description and uploaded, thus closing this pu request.

>> Also, do you plan to prepare an update for wheezy-security as well?
> 
> I'll have access to a wheezy guinea pig machine on Monday, so if the
> regression is present there as well I'll test a patched version and
> reply back here.

Not needed, src/mesa_dri2.c in 0.4.1 does not call (secure_)getenv().


Andreas

--- End Message ---