Bug#805924: wheezy-pu: package nvidia-graphics-drivers/304.131-1
Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian.org@packages.debian.org
Usertags: pu
CVE-2015-7869: Unsanitized User Mode Input
http://nvidia.custhelp.com/app/answers/detail/a_id/3808
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7869.html
Next CVE in the nvidia driver blob, next round of stable updates :-(
- nvidia-graphics-drivers wheezy+jessie
- nvidia-graphics-drivers-legacy-304xx jessie
- nvidia-graphics-modules wheezy+jessie
New nvidia-graphics-drivers versions are in sid+experimental,
the legacy drivers will follow soon.
This is the first for (old-)stable, nvidia-graphics-drivers 304.131-1
for wheezy:
* New upstream legacy 304xx branch release 304.131 (2015-11-16).
* Fixed CVE-2015-7869: Unsanitized User Mode Input. (Closes: #805917)
- Fixed a bug that could cause texture corruption in some OpenGL
applications when video memory is exhausted by a combination of
simultaneously running graphical and compute workloads.
- Added support for X.Org xserver ABI 20 (xorg-server 1.18).
* Improved compatibility with recent Linux kernels.
* Add xorg-video-abi-20 as alternative dependency.
* conftest.h:
- Implement new conftest.sh functions hlist_for_each_entry,
of_parse_phandle, for_each_online_node, node_end_pfn (358.09).
- Update conftest.sh function scatterlist for logic reversal in
304.131/340.96/352.63, support both ways.
That's all the new upstream bits.
* debian/control: Add Breaks between mismatching upstream versions of
libcuda1 and nvidia-alternative to prevent partial upgrades.
And this I noticed recently: it is possible to concurrently install
mismatching upstream versions of nvidia-driver (or the Xorg driver in
general) and libcuda1 (or the CUDA bits in general). Of course this
won't work, since there can only one version of the kernel module be
loaded.
This fix for wheezy may not be complete (there may be corner cases of
rarely used libraries still being mixable), but it fixes the obvious
problem between CUDA and Xorg parts. For jessie onwards the dependencies
have changed quite a bit, so there is no backporting but reimplementing
and I didn't want to change too much in wheezy now.
As usual, this comes with a -1 debian revision instead of -0+deb7u1/-1~deb7u1
to avoid version inflation in nvidia-graphics-modules. And this time I
took care to keep 340.96-1 free for jessie and uploaded -2 to sid
initially :-)
Andreas
Index: debian/rules.defs
===================================================================
--- debian/rules.defs (.../tags/304.128-1) (revision 5910)
+++ debian/rules.defs (.../branches/304) (revision 5910)
@@ -2,8 +2,8 @@
#NVIDIA_LEGACY =
WATCH_VERSION = 304
-XORG_ABI_LIST = 19 18 15 14 13 12 11 10 8 6.0
-XORG_BOUND = (<< 2:1.17.99)
+XORG_ABI_LIST = 20 19 18 15 14 13 12 11 10 8 6.0
+XORG_BOUND = (<< 2:1.18.99)
NVIDIA_DIRNAME_X86 = NVIDIA-Linux-x86-${NVIDIA_RELEASE}
NVIDIA_DIRNAME_X86_64 = NVIDIA-Linux-x86_64-${NVIDIA_RELEASE}
Index: debian/module/conftest.h
===================================================================
--- debian/module/conftest.h (.../tags/304.128-1) (revision 5910)
+++ debian/module/conftest.h (.../branches/304) (revision 5910)
@@ -1,4 +1,4 @@
-/* synchronized with conftest.sh from 352.41, 349.16, 346.96, 343.36, 340.93, 304.128, 173.14.39, 96.43.23, 71.86.15 */
+/* synchronized with conftest.sh from 358.16, 355.11, 352.63, 349.16, 346.96, 343.36, 340.96, 304.131, 173.14.39, 96.43.23, 71.86.15 */
#ifndef LINUX_VERSION_CODE
#include <linux/version.h>
@@ -348,9 +348,13 @@
#endif
/* Implement conftest.sh function scatterlist */
+/* The logic and the define were reversed from HAS_PAGE
+ to HAS_PAGE_LINK in 304.131/340.96/352.63 */
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24)
+ #undef NV_SCATTERLIST_HAS_PAGE_LINK
#define NV_SCATTERLIST_HAS_PAGE
#else
+ #define NV_SCATTERLIST_HAS_PAGE_LINK
#undef NV_SCATTERLIST_HAS_PAGE
#endif
@@ -548,6 +552,13 @@
#undef NV_LIST_CUT_POSITION_PRESENT
#endif
+/* Implement conftest.sh function hlist_for_each_entry */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,9,0)
+ #define NV_HLIST_FOR_EACH_ENTRY_ARGUMENT_COUNT 3
+#else
+ #define NV_HLIST_FOR_EACH_ENTRY_ARGUMENT_COUNT 4
+#endif
+
/* Implement conftest.sh function file_inode */
#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,9,0)
#define NV_FILE_HAS_INODE
@@ -630,6 +641,29 @@
#undef NV_WRITE_CR4_PRESENT
#endif
+/* Implement conftest.sh function of_parse_phandle */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,31)
+ #define NV_OF_PARSE_PHANDLE_PRESENT
+#else
+ #undef NV_OF_PARSE_PHANDLE_PRESENT
+#endif
+
+/* Implement conftest.sh function for_each_online_node */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24)
+ #define NV_FOR_EACH_ONLINE_NODE_PRESENT
+#else
+ #undef NV_FOR_EACH_ONLINE_NODE_PRESENT
+#endif
+
+/* Implement conftest.sh function node_end_pfn */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,0,0) || \
+ ((IS_ENABLED(CONFIG_X86) || IS_ENABLED(CONFIG_PPC)) && \
+ LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24))
+ #define NV_NODE_END_PFN_PRESENT
+#else
+ #undef NV_NODE_END_PFN_PRESENT
+#endif
+
/* Check for linux/semaphore.h */
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,26)
#define NV_LINUX_SEMAPHORE_H_PRESENT
Index: debian/changelog
===================================================================
--- debian/changelog (.../tags/304.128-1) (revision 5910)
+++ debian/changelog (.../branches/304) (revision 5910)
@@ -1,3 +1,23 @@
+nvidia-graphics-drivers (304.131-1) wheezy; urgency=medium
+
+ * New upstream legacy 304xx branch release 304.131 (2015-11-16).
+ * Fixed CVE-2015-7869: Unsanitized User Mode Input. (Closes: #805917)
+ - Fixed a bug that could cause texture corruption in some OpenGL
+ applications when video memory is exhausted by a combination of
+ simultaneously running graphical and compute workloads.
+ - Added support for X.Org xserver ABI 20 (xorg-server 1.18).
+ * Improved compatibility with recent Linux kernels.
+ * Add xorg-video-abi-20 as alternative dependency.
+ * conftest.h:
+ - Implement new conftest.sh functions hlist_for_each_entry,
+ of_parse_phandle, for_each_online_node, node_end_pfn (358.09).
+ - Update conftest.sh function scatterlist for logic reversal in
+ 304.131/340.96/352.63, support both ways.
+ * debian/control: Add Breaks between mismatching upstream versions of
+ libcuda1 and nvidia-alternative to prevent partial upgrades.
+
+ -- Andreas Beckmann <anbe@debian.org> Sat, 21 Nov 2015 00:54:17 +0100
+
nvidia-graphics-drivers (304.128-1) wheezy; urgency=medium
* New upstream legacy 304xx branch release 304.128 (2015-08-31).
Index: debian/control
===================================================================
--- debian/control (.../tags/304.128-1) (revision 5910)
+++ debian/control (.../branches/304) (revision 5910)
@@ -234,6 +234,7 @@
libglx-nvidia-alternatives (>= 275.09.07-4),
${misc:Depends}
Breaks:
+ libcuda1 (<< ${nvidia:Version}),
nvidia-glx${nvidia:Legacy} (<< 275.09.07-2),
libgl1-nvidia${nvidia:Legacy}-glx (<< 275.09.07-2),
Description: allows the selection of NVIDIA as GLX provider
@@ -440,6 +441,8 @@
Conflicts:
libcuda1-dev,
libcuda1-ia32 [i386],
+Breaks:
+ nvidia-alternative (<< ${nvidia:Version}),
Replaces:
nvidia-glx (<< 185.18.14-2),
nvidia-glx-dev (<< 185.18.14-2),
Property changes on: .
___________________________________________________________________
Added: svn:mergeinfo
Merged /packages/nvidia-graphics-drivers/branches/304.51:r3420-3423
Merged /packages/nvidia-graphics-drivers/branches/304-wheezy:r4676-5874
Merged /packages/nvidia-graphics-drivers/branches/304:r3148-3478
Reply to: