[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#735549: pu: package nvidia-graphics-drivers/304.117-1



Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,

I'd like to update nvidia-graphics-drivers [non-free] in wheezy to fix
CVE-2013-5987 - Unprivileged GPU access vulnerability (#735271)
This requires switching to a new upstream release from the 304.xx legacy
branch (wheezy currently has 304.88).
The same upstream release is available in sid as
nvidia-graphics-drivers-legacy-304xx, while sid already has a 319.xx
release for nvidia-graphics-drivers.

At the same time I merged some important bugfixes from sid.

I intentionally want to use the version 304.117-1 for wheezy-pu to avoid
getting a seriously inflated version number for the updated kernel module
packages built from src:nvidia-graphics-modules.

nvidia-graphics-modules will need a followup update for wheezy.


Andreas
Index: debian/libgl1-nvidia-alternatives-ia32.lintian-overrides
===================================================================
--- debian/libgl1-nvidia-alternatives-ia32.lintian-overrides	(revision 3887)
+++ debian/libgl1-nvidia-alternatives-ia32.lintian-overrides	(revision 4631)
@@ -1,2 +1,3 @@
 # The diversions are placed here.
 package-contains-empty-directory usr/lib32/nvidia/diversions/
+non-multi-arch-lib-dir usr/lib32/
Index: debian/libcuda1.postinst.in
===================================================================
--- debian/libcuda1.postinst.in	(revision 3887)
+++ debian/libcuda1.postinst.in	(revision 4631)
@@ -1,6 +1,7 @@
 #!/bin/sh
 set -e
 
+. /usr/share/debconf/confmodule
 
 if [ "$1" = "configure" ]
 then
Index: debian/libgl1-nvidia-glx.lintian-overrides.in
===================================================================
--- debian/libgl1-nvidia-glx.lintian-overrides.in	(revision 3887)
+++ debian/libgl1-nvidia-glx.lintian-overrides.in	(revision 4631)
@@ -1,7 +1,8 @@
 # The NVIDIA license does not allow any form of modification.
+[!amd64]: binary-file-built-without-LFS-support
+shlib-calls-exit
 [i386]: shlib-with-non-pic-code
 spelling-error-in-binary
-shlib-calls-exit
 hardening-no-fortify-functions
 hardening-no-relro
 hardening-no-stackprotector
@@ -12,8 +13,8 @@
 # other libraries).
 shlibs-declares-dependency-on-other-package libgl1-mesa-glx | libgl1
 
-# This package is a strange special case since it overrides standard
-# libraries and diverts them, so the package name won't ever be able to
+# This package is a strange special case since it provides an alternative
+# implementation of libGL.so.1, so the package name won't ever be able to
 # match the library names it provides.
 package-name-doesnt-match-sonames
 
Index: debian/bug-script
===================================================================
--- debian/bug-script	(revision 3887)
+++ debian/bug-script	(revision 4631)
@@ -83,9 +83,9 @@
 done
 
 echo "Kernel modules: nvidia.ko"
-find /lib/modules -name nvidia.ko
+find /lib/modules -name "nvidia*.ko"
 echo
-find /lib/modules -name nvidia.ko | xargs -r modinfo | grep -v ^parm:
+find /lib/modules -name "nvidia*.ko" | xargs -r modinfo | grep -v ^parm:
 echo
 
 exit 0
Index: debian/control
===================================================================
--- debian/control	(revision 3887)
+++ debian/control	(revision 4631)
@@ -5,8 +5,8 @@
 Uploaders:
  Russ Allbery <rra@debian.org>,
  Andreas Beckmann <anbe@debian.org>,
-Vcs-Svn: svn://svn.debian.org/svn/pkg-nvidia/packages/nvidia-graphics-drivers/trunk
-Vcs-Browser: http://svn.debian.org/wsvn/pkg-nvidia/packages/nvidia-graphics-drivers/
+Vcs-Svn: svn://anonscm.debian.org/pkg-nvidia/packages/nvidia-graphics-drivers/trunk
+Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-nvidia/packages/nvidia-graphics-drivers/
 Build-Depends:
  debhelper (>= 9),
  bzip2,
Index: debian/libxvmcnvidia1.lintian-overrides.in
===================================================================
--- debian/libxvmcnvidia1.lintian-overrides.in	(revision 3887)
+++ debian/libxvmcnvidia1.lintian-overrides.in	(revision 4631)
@@ -1,4 +1,5 @@
 # The NVIDIA license does not allow any form of modification.
+[!amd64]: binary-file-built-without-LFS-support
 [i386]: shlib-with-non-pic-code
 hardening-no-fortify-functions
 hardening-no-relro
Index: debian/nvidia-opencl-icd.lintian-overrides.in
===================================================================
--- debian/nvidia-opencl-icd.lintian-overrides.in	(revision 3887)
+++ debian/nvidia-opencl-icd.lintian-overrides.in	(revision 4631)
@@ -1,6 +1,8 @@
 # The NVIDIA license does not allow any form of modification.
+[!amd64]: binary-file-built-without-LFS-support
 shlib-with-executable-stack
 [i386]: shlib-with-non-pic-code
+[i386]: spelling-error-in-binary
 unstripped-binary-or-object
 hardening-no-fortify-functions
 hardening-no-relro
Index: debian/libgl1-nvidia-glx.postinst.in
===================================================================
--- debian/libgl1-nvidia-glx.postinst.in	(revision 3887)
+++ debian/libgl1-nvidia-glx.postinst.in	(revision 4631)
@@ -1,6 +1,7 @@
 #!/bin/sh
 set -e
 
+. /usr/share/debconf/confmodule
 
 if [ "$1" = "configure" ]
 then
Index: debian/nvidia-kernel-dkms.lintian-overrides
===================================================================
--- debian/nvidia-kernel-dkms.lintian-overrides	(revision 3887)
+++ debian/nvidia-kernel-dkms.lintian-overrides	(revision 4631)
@@ -1,5 +1,6 @@
 # This is the upstream binary module, which we're not allowed (by the
 # NVIDIA license) to change in any way.  Both architectures are included
-# so that (on i386) we can build the kernel module for the amd64 kernel.
+# on i386 so that we can build the kernel module for the amd64 kernel.
 [i386]: binary-from-other-architecture
 unstripped-binary-or-object
+spelling-error-in-binary
Index: debian/libcuda1.lintian-overrides.in
===================================================================
--- debian/libcuda1.lintian-overrides.in	(revision 3887)
+++ debian/libcuda1.lintian-overrides.in	(revision 4631)
@@ -1,7 +1,9 @@
 # The NVIDIA license does not allow any form of modification.
+[!amd64]: binary-file-built-without-LFS-support
 embedded-library usr/lib*/libcuda.so.#VERSION#: zlib
 shlib-with-executable-stack
 [i386]: shlib-with-non-pic-code
+[i386]: spelling-error-in-binary
 unstripped-binary-or-object
 hardening-no-fortify-functions
 hardening-no-relro
Index: debian/xserver-xorg-video-nvidia.lintian-overrides.in
===================================================================
--- debian/xserver-xorg-video-nvidia.lintian-overrides.in	(revision 3887)
+++ debian/xserver-xorg-video-nvidia.lintian-overrides.in	(revision 4631)
@@ -1,4 +1,5 @@
 # The NVIDIA license does not allow any form of modification.
+[!amd64]: binary-file-built-without-LFS-support
 embedded-library usr/lib/#PRIVATE#/nvidia_drv.so: zlib
 embedded-library usr/lib/#PRIVATE#/nvidia_drv.so: libpng
 hardening-no-fortify-functions
Index: debian/README.alternatives
===================================================================
--- debian/README.alternatives	(revision 3887)
+++ debian/README.alternatives	(revision 4631)
@@ -23,7 +23,7 @@
 in the libgl1-nvidia-glx (or a corresponding libgl1-nvidia-legacy*-glx)
 package.  Also, NVIDIA provides its own libglx.so module for X.org which
 is shipped along with X.org driver nvidia_drv.so in the
-xserver-xorg-video-nvidia (or xserver-xorg-video-nvidia-glx-legacy*)
+xserver-xorg-video-nvidia (or xserver-xorg-video-nvidia-legacy*)
 package.  Furthermore NVIDIA maintains several legacy driver releases that
 support older GPUs and ship files with the same names (but of course they
 may not be mixed between different versions).
Index: debian/nvidia-smi.lintian-overrides
===================================================================
--- debian/nvidia-smi.lintian-overrides	(revision 3887)
+++ debian/nvidia-smi.lintian-overrides	(revision 4631)
@@ -1,4 +1,5 @@
 # The NVIDIA license does not allow any form of modification.
+[!amd64]: binary-file-built-without-LFS-support
 hardening-no-fortify-functions
 hardening-no-relro
 hardening-no-stackprotector
Index: debian/source/lintian-overrides
===================================================================
--- debian/source/lintian-overrides	(revision 3887)
+++ debian/source/lintian-overrides	(revision 4631)
@@ -1,2 +1,5 @@
 # quilt is used to patch the module source for the dkms package
 unneeded-build-dep-on-quilt
+
+# upstream provides no signatures
+debian-watch-may-check-gpg-signature
Index: debian/copyright
===================================================================
--- debian/copyright	(revision 3887)
+++ debian/copyright	(revision 4631)
@@ -18,7 +18,7 @@
 
 Files: debian/*
 Copyright: 2001-2010 Randall Donald <rdonald@debian.org>
-           2009-2013 Andreas Beckmann <anbe@debian.org>
+           2009-2014 Andreas Beckmann <anbe@debian.org>
            2010 Russ Allbery <rra@debian.org>
            Based on packages by Christopher Cheney.
 License: GPL-2.0+
Index: debian/nvidia-vdpau-driver.lintian-overrides
===================================================================
--- debian/nvidia-vdpau-driver.lintian-overrides	(revision 3887)
+++ debian/nvidia-vdpau-driver.lintian-overrides	(revision 4631)
@@ -1,4 +1,5 @@
 # The NVIDIA license does not allow any form of modification.
+[i386]: binary-file-built-without-LFS-support
 [i386]: shlib-with-non-pic-code
 hardening-no-fortify-functions
 hardening-no-relro
Index: debian/rules.defs
===================================================================
--- debian/rules.defs	(revision 3887)
+++ debian/rules.defs	(revision 4631)
@@ -2,8 +2,8 @@
 #NVIDIA_LEGACY		 =
 WATCH_VERSION		 = 304
 
-XORG_ABI_LIST		 = 14 13 12 11 10 8 6.0
-XORG_BOUND		 = (<< 2:1.14.99)
+XORG_ABI_LIST		 = 15 14 13 12 11 10 8 6.0
+XORG_BOUND		 = (<< 2:1.15.99)
 
 NVIDIA_DIRNAME_X86	 = NVIDIA-Linux-x86-${NVIDIA_RELEASE}
 NVIDIA_DIRNAME_X86_64	 = NVIDIA-Linux-x86_64-${NVIDIA_RELEASE}
Index: debian/libnvidia-compiler.lintian-overrides.in
===================================================================
--- debian/libnvidia-compiler.lintian-overrides.in	(revision 3887)
+++ debian/libnvidia-compiler.lintian-overrides.in	(revision 4631)
@@ -1,4 +1,5 @@
 # The NVIDIA license does not allow any form of modification.
+[i386]: binary-file-built-without-LFS-support
 binary-has-unneeded-section
 shlib-with-executable-stack
 [i386]: shlib-with-non-pic-code
Index: debian/libnvcuvid1.lintian-overrides
===================================================================
--- debian/libnvcuvid1.lintian-overrides	(revision 3887)
+++ debian/libnvcuvid1.lintian-overrides	(revision 4631)
@@ -1,4 +1,5 @@
 # The NVIDIA license does not allow any form of modification.
+[!amd64]: binary-file-built-without-LFS-support
 [i386]: shlib-with-non-pic-code
 hardening-no-fortify-functions
 hardening-no-relro
Index: debian/nvidia-glx.README.Debian.in
===================================================================
--- debian/nvidia-glx.README.Debian.in	(revision 3887)
+++ debian/nvidia-glx.README.Debian.in	(revision 4631)
@@ -17,8 +17,8 @@
 
 Using the nvidia X driver requires some user modification.
 
-The current X Server 1.7 can autodetect many things, so you probably don't
-have a /etc/X11/xorg.conf at all after a fresh installation of Debian squeeze
+The current X Server 1.12 can autodetect many things, so you probably don't
+have a /etc/X11/xorg.conf at all after a fresh installation of Debian wheezy
 or a newer release.
 
 The NVIDIA driver is not autodetected by Xorg, so you will have to create a
Index: debian/libnvidia-ml1.lintian-overrides
===================================================================
--- debian/libnvidia-ml1.lintian-overrides	(revision 3887)
+++ debian/libnvidia-ml1.lintian-overrides	(revision 4631)
@@ -1,4 +1,5 @@
 # The NVIDIA license does not allow any form of modification.
+[!amd64]: binary-file-built-without-LFS-support
 hardening-no-fortify-functions
 hardening-no-relro
 hardening-no-stackprotector
Index: debian/module/debian/prep-modules
===================================================================
--- debian/module/debian/prep-modules	(revision 3887)
+++ debian/module/debian/prep-modules	(revision 4631)
@@ -74,6 +74,10 @@
         | sed -e 's/.*source-\([^ ]*\) (\([^)]*\)).*/\2/'`
 fi
 
+# Sanitize.
+nvidia_kvers="$(echo "$nvidia_kvers" | tr _ -)"
+nvidia_kdrev="$(echo "$nvidia_kdrev" | tr _ -)"
+
 # Generate the control file from the template.
 
 sed "s/#KVERS#/${nvidia_kvers}/g" debian/control.template > debian/control
Index: debian/module/debian/patches/fix-typos.patch
===================================================================
--- debian/module/debian/patches/fix-typos.patch	(revision 3887)
+++ debian/module/debian/patches/fix-typos.patch	(revision 4631)
@@ -2,14 +2,12 @@
 Description: fix a typo found by lintian
  s/ouput/output/
 
-Index: b/nv-procfs.c
-===================================================================
---- a/nv-procfs.c	2011-04-26 20:57:50.958352573 +0200
-+++ b/nv-procfs.c	2011-04-26 20:58:01.450352581 +0200
-@@ -405,7 +405,7 @@
+--- a/nv-procfs.c
++++ b/nv-procfs.c
+@@ -431,7 +431,7 @@
          if (agp_config != NVOS_AGP_CONFIG_DISABLE_AGP && NV_AGP_FAILED(nv))
          {
-             len += sprintf(page+len,
+             seq_printf(s,
 -                  "AGP initialization failed, please check the ouput  \n"
 +                  "AGP initialization failed, please check the output \n"
                    "of the 'dmesg' command and/or your system log file \n"
Index: debian/module/conftest.h
===================================================================
--- debian/module/conftest.h	(revision 3887)
+++ debian/module/conftest.h	(revision 4631)
@@ -1,9 +1,33 @@
-/* synchronized with conftest.sh from 313.26, 310.40, 304.84, 295.75, 173.14.37, 96.43.23, 71.86.15 */
+/* synchronized with conftest.sh from 331.20, 325.15, 319.72, 304.116, 295.75, 173.14.38, 96.43.23, 71.86.15 */
 
 #ifndef LINUX_VERSION_CODE
 #include <linux/version.h>
 #endif
 
+#if !defined(IS_ENABLED) && LINUX_VERSION_CODE < KERNEL_VERSION(3,1,0)
+#define __ARG_PLACEHOLDER_1 0,
+#define config_enabled(cfg) _config_enabled(cfg)
+#define _config_enabled(value) __config_enabled(__ARG_PLACEHOLDER_##value)
+#define __config_enabled(arg1_or_junk) ___config_enabled(arg1_or_junk 1, 0)
+#define ___config_enabled(__ignored, val, ...) val
+#define IS_ENABLED(option) (config_enabled(option) || config_enabled(option##_MODULE))
+#endif
+
+/* Implement conftest.sh function nvidiafb_sanity_check */
+#if IS_ENABLED(CONFIG_FB_NVIDIA)
+#warning "The nvidia module is incompatible with nvidiafb!"
+#endif
+
+/* Implement conftest.sh function xen_sanity_check */
+#if IS_ENABLED(CONFIG_XEN) && ! IS_ENABLED(CONFIG_PARAVIRT)
+#warning "Xen kernels are not supported!"
+#endif
+
+/* Implement conftest.sh function preempt_rt_sanity_check */
+#if IS_ENABLED(CONFIG_PREEMPT_RT) || IS_ENABLED(CONFIG_PREEMPT_RT_FULL)
+#warning "PREEMPT_RT kernels are not supported!"
+#endif
+
 /* Implement conftest.sh function remap_page_range */
 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,11)
  #if LINUX_VERSION_CODE < KERNEL_VERSION(2,5,0)
@@ -18,29 +42,32 @@
 #endif
 
 /* Implement conftest.sh function set_memory_uc */
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25) && IS_ENABLED(CONFIG_X86)
  #define NV_SET_MEMORY_UC_PRESENT
 #else
  #undef NV_SET_MEMORY_UC_PRESENT
 #endif
 
 /* Implement conftest.sh function set_memory_array_uc */
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28) && IS_ENABLED(CONFIG_X86)
  #define NV_SET_MEMORY_ARRAY_UC_PRESENT
 #else
  #undef NV_SET_MEMORY_ARRAY_UC_PRESENT
 #endif
 
 /* Implement conftest.sh function set_pages_uc */
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25) && IS_ENABLED(CONFIG_X86)
  #define NV_SET_PAGES_UC_PRESENT
 #else
  #undef NV_SET_PAGES_UC_PRESENT
 #endif
 
 /* Implement conftest.sh function outer_flush_all */
-// ARM only
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,34) && IS_ENABLED(CONFIG_ARM)
+ #define NV_OUTER_FLUSH_ALL_PRESENT
+#else
  #undef NV_OUTER_FLUSH_ALL_PRESENT
+#endif
 
 /* Implement conftest.sh function change_page_attr */
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,20) && \
@@ -240,7 +267,7 @@
 #endif
 
 /* Implement conftest.sh function ioremap_cache */
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25) && IS_ENABLED(CONFIG_X86)
  #define NV_IOREMAP_CACHE_PRESENT
 #else
  #undef NV_IOREMAP_CACHE_PRESENT
@@ -326,6 +353,77 @@
  #undef NV_EFI_ENABLED_PRESENT
 #endif
 
+/* Implement conftest.sh function dom0_kernel_present */
+#if 0
+ #define NV_DOM0_KERNEL_PRESENT
+#else
+ #undef NV_DOM0_KERNEL_PRESENT
+#endif
+
+/* Implement conftest.sh function drm_available */
+#if 0
+ #define NV_DRM_AVAILABLE
+#else
+ #undef NV_DRM_AVAILABLE
+#endif
+
+/* Implement conftest.sh function proc_create_data */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,26)
+ #define NV_PROC_CREATE_DATA_PRESENT
+#else
+ #undef NV_PROC_CREATE_DATA_PRESENT
+#endif
+
+/* Implement conftest.sh function pde_data */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,10,0)
+ #define NV_PDE_DATA_PRESENT
+#else
+ #undef NV_PDE_DATA_PRESENT
+#endif
+
+/* Implement conftest.sh function get_num_physpages */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,11,0)
+ #define NV_GET_NUM_PHYSPAGES_PRESENT
+#else
+ #undef NV_GET_NUM_PHYSPAGES_PRESENT
+#endif
+
+/* Implement conftest.sh function proc_remove */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,10,0)
+ #define NV_PROC_REMOVE_PRESENT
+#else
+ #undef NV_PROC_REMOVE_PRESENT
+#endif
+
+/* Implement conftest.sh function vm_operations_struct */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
+ #define NV_VM_OPERATIONS_STRUCT_HAS_FAULT
+#else
+ #undef NV_VM_OPERATIONS_STRUCT_HAS_FAULT
+#endif
+
+/* Implement conftest.sh function task_struct */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,29)
+ #define NV_TASK_STRUCT_HAS_CRED
+#else
+ #undef NV_TASK_STRUCT_HAS_CRED
+#endif
+
+/* Implement conftest.sh function address_space */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,12) && \
+                LINUX_VERSION_CODE < KERNEL_VERSION(2,6,27)
+ #define NV_ADDRESS_SPACE_HAS_RWLOCK_TREE_LOCK
+#else
+ #undef NV_ADDRESS_SPACE_HAS_RWLOCK_TREE_LOCK
+#endif
+
+/* Implement conftest.sh function address_space_init_once */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,38)  /* 2.6.37.3 */
+ #define NV_ADDRESS_SPACE_INIT_ONCE_PRESENT
+#else
+ #undef NV_ADDRESS_SPACE_INIT_ONCE_PRESENT
+#endif
+
 /* Implement conftest.sh function sg_init_table */
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24)
  #define NV_SG_INIT_TABLE_PRESENT
@@ -347,6 +445,13 @@
  #undef NV_LINUX_CRED_H_PRESENT
 #endif
 
+/* Check for drm/drmP.h */
+#if 1
+ #define NV_DRM_DRMP_H_PRESENT
+#else
+ #undef NV_DRM_DRMP_H_PRESENT
+#endif
+
 /* Check for generated/autoconf.h */
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33)
  #define NV_GENERATED_AUTOCONF_H_PRESENT
@@ -399,3 +504,24 @@
 /* Check for linux/nvmap.h */
 // does not (yet) exist in kernel source
  #undef NV_LINUX_NVMAP_H_PRESENT
+
+/* Check for linux/printk.h */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,37)
+ #define NV_LINUX_PRINTK_H_PRESENT
+#else
+ #undef NV_LINUX_PRINTK_H_PRESENT
+#endif
+
+/* Check for linux/ratelimit.h */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,27)
+ #define NV_LINUX_RATELIMIT_H_PRESENT
+#else
+ #undef NV_LINUX_RATELIMIT_H_PRESENT
+#endif
+
+/* Check for linux/prio_tree.h */
+#if LINUX_VERSION_CODE < KERNEL_VERSION(3,7,0)
+ #define NV_LINUX_PRIO_TREE_H_PRESENT
+#else
+ #undef NV_LINUX_PRIO_TREE_H_PRESENT
+#endif
Index: debian/changelog
===================================================================
--- debian/changelog	(revision 3887)
+++ debian/changelog	(revision 4631)
@@ -1,3 +1,47 @@
+nvidia-graphics-drivers (304.117-1) wheezy; urgency=medium
+
+  * New upstream legacy 304xx branch release 304.117 (2013-12-11).
+    - Added support for X.org xserver ABI 15 (xorg-server 1.15).
+  * New upstream legacy 304xx branch release 304.116 (2013-11-06).
+    - Fixed a security vulnerability in the microcode for microcontrollers
+      that are part of NVIDIA GPUs.  This vulnerability could be exploited
+      to take control of a system, and it is described in greater detail at:
+      http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-5987
+    - Improved compatibility with recent Linux kernels.
+    - Updated the NVIDIA OpenGL driver to write temporary files to $TMPDIR
+      if it is set, instead of unconditionally writing to /tmp.
+    - Updated a fallback of writing temporary files to $HOME/.nvidia to
+      use $HOME/.nv instead, as the latter path is already used for other
+      NVIDIA driver related files.
+  * New upstream legacy 304xx branch release 304.108 (2013-08-08).
+    * Add support for Linux 3.10.
+  * Refresh patches.
+  * conftest.h:
+    - conftest.h: Add ARM support.
+    - Implement check for drm/drmP.h (319.12).
+    - Implement new conftest.sh functions drm_available (319.12),
+      dom0_kernel_present (325.08),
+      proc_create_data, pde_data, proc_remove (304.108, 325.15).
+    - Implement conftest.sh sanity checks (only emit warning)
+      nvidiafb_sanity_check (1.0-8174), xen_sanity_check (1.0-9746, 177.76),
+      preempt_rt_sanity_check (325.08).
+    - Implement new conftest.sh function get_num_physpages (173.14.38).
+    - Implement checks for linux/printk.h, linux/ratelimit.h,
+      linux/prio_tree.h (331.13).
+    - Implement new conftest.sh functions vm_operations_struct (331.13),
+      task_struct (331.17), address_space, address_space_init_once (331.20).
+  * Add xorg-video-abi-15 as alternative dependency.
+  * Merge some bugfixes from sid.
+  * Use canonical Vcs-* URLs.
+  * {libgl1-nvidia-glx,libcuda1}.postinst: Load debconf/confmodule, may be
+    used by /usr/lib/nvidia/check* scripts.  (Closes: #722469)
+  * debian/module/debian/prep-modules: Sanitize the kernel version. Replace
+    underscores (may occur in custom kernels) with dashes to be eligible for
+    package names and versions.  (Closes: #710891)
+  * Update lintian overrides.
+
+ -- Andreas Beckmann <anbe@debian.org>  Thu, 16 Jan 2014 12:13:05 +0100
+
 nvidia-graphics-drivers (304.88-1+deb7u1) wheezy; urgency=low
 
   * Update lintian overrides.
Index: debian/nvidia-libopencl1.lintian-overrides
===================================================================
--- debian/nvidia-libopencl1.lintian-overrides	(revision 3887)
+++ debian/nvidia-libopencl1.lintian-overrides	(revision 4631)
@@ -1,4 +1,5 @@
 # The NVIDIA license does not allow any form of modification.
+[i386]: binary-file-built-without-LFS-support
 shlib-with-executable-stack
 hardening-no-fortify-functions
 hardening-no-relro

Reply to: