[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#800877: marked as done (wheezy-pu: package nvidia-graphics-drivers/304.128-1)

Your message dated Sat, 02 Apr 2016 14:22:42 +0100
with message-id <1459603362.2441.217.camel@adam-barratt.org.uk>
and subject line Fix included in oldstable
has caused the Debian Bug report #800877,
regarding wheezy-pu: package nvidia-graphics-drivers/304.128-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
800877: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800877
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian.org@packages.debian.org
Usertags: pu

CVE-2015-5950 in the non-free nvidia-graphics-drivers shall be fixed via
PU, there won't be a DSA for this.

This is the first request in a series of -pu requests (jessie is
affected, too, with two source packages, and we need to rebuild
nvidia-graphics-modules once this new upstream release is in *-pu)

The version "304.128-1" is unusual for PU, but we did the same the last
time, too, to avoid version inflation for the packages built from
nvidia-graphics-modules. This version has not been used for any upload
to the archive.


Annotated changelog:

+  * New upstream legacy 304xx branch release 304.128 (2015-08-31).
+    * Fixed CVE-2015-5950: Memory corruption due to an unsanitized pointer.
+      (Closes: #800566)
+    * Improved compatibility with recent Linux kernels.

This is a blob, so the only way to get fixes is via new upstream
releases.

+  * libgl1-nvidia-glx: Add Provides+Conflicts:
+    libgl1-nvidia-glx-${nvidia:Version} to forbid co-installation of
+    libgl1-nvidia-legacy-304xx-glx from the same upstream version due to file
+    conflicts on versioned files that are not handled via alternatives.

Bumping upstream versions in (old-)stable may invalidate version
constraints in stable/testing.
Doing this change in both packages allows much finer granularity in
conflicting and therefore more packages can be co-installable.
While there is no -legacy-304xx in wheezy, we have it in backports and
jessie and need to ensure clean upgrade paths.
(These issues were noted to have an even larger impact while forking off
340xx for stretch.)

+  * conftest.h:
+    - Implement new conftest.sh functions file_inode, drm_pci_set_busid
+      (340.76).
+    - Implement check for linux/log2.h (346.16).
+    - Implement check for xen/ioemu.h (346.59).
+    - Implement new conftest.sh functions write_cr4, xen_ioemu_inject_msi
+      (346.59), list_cut_position (349.12).
+    - Implement new conftest.sh functions backing_dev_info (346.82),
+      phys_to_dma, dma_ops, get_dma_ops, noncoherent_swiotlb_dma_ops (352.09).
+    - Implement new conftest.sh function dma_map_ops (352.30).
+    - Reorder conftest.h to match conftest.sh.
+    - Implement new conftest.sh function nvidia_grid_build (352.41).

Upstream's conftest.sh does not work with Debian kernels, so we need to
manually create a conftest.h.
We only maintain one version of conftest.h that works with all upstream
release branches. The versions denote the first appearance of some
check, but these checks usually get "backported" by upstream to
their older release branches, so we need some (probably not all) of them
for 304.128 now, too.

+  * Update lintian overrides.

An annoying false positive in the source package.


Building the kernel module has been verified against all amd64 release
and backports kernels from squeeze to experimental.
Due to lack of legacy hardware we currently cannot test this legacy driver.


Andreas

Index: debian/source/lintian-overrides
===================================================================
--- debian/source/lintian-overrides	(.../304-wheezy)	(revision 5555)
+++ debian/source/lintian-overrides	(.../304)	(revision 5555)
@@ -3,3 +3,6 @@
 
 # upstream provides no signatures
 debian-watch-may-check-gpg-signature
+
+# false positive, see #726589
+version-substvar-for-external-package
Index: debian/module/conftest.h
===================================================================
--- debian/module/conftest.h	(.../304-wheezy)	(revision 5555)
+++ debian/module/conftest.h	(.../304)	(revision 5555)
@@ -1,4 +1,4 @@
-/* synchronized with conftest.sh from 346.22, 343.36, 340.65, 319.82, 304.125, 173.14.39, 96.43.23, 71.86.15 */
+/* synchronized with conftest.sh from 352.41, 349.16, 346.96, 343.36, 340.93, 304.128, 173.14.39, 96.43.23, 71.86.15 */
 
 #ifndef LINUX_VERSION_CODE
 #include <linux/version.h>
@@ -122,6 +122,7 @@
  #undef NV_FOLLOW_PFN_PRESENT
 #endif
 
+/* removed in 349.xx */
 /* Implement conftest.sh function vmap */
 /* I can not find any released kernel that uses the 2 argument variant */
 /* of vmap */
@@ -254,6 +255,7 @@
 /* nv-xen.h does not exist */
 #undef HAVE_NV_XEN
 
+/* removed in 352 */
 /* Implement conftest.sh function nvmap_support */
 /* nv-android.h does not exist */
 #undef HAVE_NV_ANDROID
@@ -373,6 +375,33 @@
  #undef NV_FILE_OPERATIONS_HAS_COMPAT_IOCTL
 #endif
 
+/* removed in 352 */
+/* Implement conftest.sh function sg_init_table */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24)
+ #define NV_SG_INIT_TABLE_PRESENT
+#else
+ #undef NV_SG_INIT_TABLE_PRESENT
+#endif
+
+/* Implement conftest.sh function sg_table */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)
+ #define NV_SG_TABLE_PRESENT
+#else
+ #undef NV_SG_TABLE_PRESENT
+#endif
+
+/* Implement conftest.sh function sg_alloc_table */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)
+ #define NV_SG_ALLOC_TABLE_PRESENT
+#else
+ #undef NV_SG_ALLOC_TABLE_PRESENT
+#endif
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,6,0)
+ #define NV_SG_ALLOC_TABLE_FROM_PAGES_PRESENT
+#else
+ #undef NV_SG_ALLOC_TABLE_FROM_PAGES_PRESENT
+#endif
+
 /* Implement conftest.sh function efi_enabled */
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,1)
  #define NV_EFI_ENABLED_PRESENT
@@ -387,6 +416,13 @@
  #undef NV_DOM0_KERNEL_PRESENT
 #endif
 
+/* Implement conftest.sh function nvidia_grid_build */
+#if 0
+ #define NV_GRID_BUILD
+#else
+ #undef NV_GRID_BUILD
+#endif
+
 /* Implement conftest.sh function drm_available */
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(3,9,0) && IS_ENABLED(CONFIG_DRM)
  #define NV_DRM_AVAILABLE
@@ -455,6 +491,13 @@
  #undef NV_TASK_STRUCT_HAS_CRED
 #endif
 
+/* Implement conftest.sh function backing_dev_info */
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4,0,0)
+ #define NV_ADDRESS_SPACE_HAS_BACKING_DEV_INFO
+#else
+ #undef NV_ADDRESS_SPACE_HAS_BACKING_DEV_INFO
+#endif
+
 /* Implement conftest.sh function address_space */
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,12) && \
                 LINUX_VERSION_CODE < KERNEL_VERSION(2,6,27)
@@ -498,32 +541,95 @@
  #undef NV_PM_VT_SWITCH_REQUIRED_PRESENT
 #endif
 
-/* Implement conftest.sh function sg_table */
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)
- #define NV_SG_TABLE_PRESENT
+/* Implement conftest.sh function list_cut_position */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,27)
+ #define NV_LIST_CUT_POSITION_PRESENT
 #else
- #undef NV_SG_TABLE_PRESENT
+ #undef NV_LIST_CUT_POSITION_PRESENT
 #endif
 
-/* Implement conftest.sh function sg_alloc_table */
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)
- #define NV_SG_ALLOC_TABLE_PRESENT
+/* Implement conftest.sh function file_inode */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,9,0)
+ #define NV_FILE_HAS_INODE
 #else
- #undef NV_SG_ALLOC_TABLE_PRESENT
+ #undef NV_FILE_HAS_INODE
 #endif
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,6,0)
- #define NV_SG_ALLOC_TABLE_FROM_PAGES_PRESENT
+
+/* Implement conftest.sh function drm_pci_set_busid */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,18,0)
+ #define NV_DRM_PCI_SET_BUSID_PRESENT
 #else
- #undef NV_SG_ALLOC_TABLE_FROM_PAGES_PRESENT
+ #undef NV_DRM_PCI_SET_BUSID_PRESENT
 #endif
 
-/* Implement conftest.sh function sg_init_table */
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24)
- #define NV_SG_INIT_TABLE_PRESENT
+/* Implement conftest.sh function xen_ioemu_inject_msi */
+/* this seems to require some xen patch for the kernel */
+#if 0
+ #define NV_XEN_IOEMU_INJECT_MSI
 #else
- #undef NV_SG_INIT_TABLE_PRESENT
+ #undef NV_XEN_IOEMU_INJECT_MSI
 #endif
 
+/* Implement conftest.sh function phys_to_dma */
+#if ((IS_ENABLED(CONFIG_X86) || (IS_ENABLED(CONFIG_PPC)) \
+    && LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,32)) || \
+  (IS_ENABLED(CONFIG_ARM64) && LINUX_VERSION_CODE >= KERNEL_VERSION(3,7,0)) || \
+  (IS_ENABLED(CONFIG_ARM) && LINUX_VERSION_CODE >= KERNEL_VERSION(3,13,0)))
+ #define NV_PHYS_TO_DMA_PRESENT
+#else
+ #undef NV_PHYS_TO_DMA_PRESENT
+#endif
+
+/* Implement conftest.sh function dma_ops */
+#if (IS_ENABLED(CONFIG_X86) && LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,26)) || \
+  (IS_ENABLED(CONFIG_X86_64) && LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16)) || \
+  (IS_ENABLED(CONFIG_ARM64) && LINUX_VERSION_CODE >= KERNEL_VERSION(3,7,0)) || \
+  (IS_ENABLED(CONFIG_ARM) && LINUX_VERSION_CODE >= KERNEL_VERSION(3,5,0)) || \
+  (IS_ENABLED(CONFIG_PPC) && LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28)) || \
+  (IS_ENABLED(CONFIG_PPC64) && LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20))
+ #define NV_DMA_OPS_PRESENT
+#else
+ #undef NV_DMA_OPS_PRESENT
+#endif
+
+/* Implement conftest.sh function dma_map_ops */
+#if (IS_ENABLED(CONFIG_X86) && LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,30)) || \
+  (IS_ENABLED(CONFIG_ARM64) && LINUX_VERSION_CODE >= KERNEL_VERSION(3,7,0)) || \
+  (IS_ENABLED(CONFIG_ARM) && LINUX_VERSION_CODE >= KERNEL_VERSION(3,5,0)) || \
+  (IS_ENABLED(CONFIG_PPC) && LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,32)) || \
+  (IS_ENABLED(CONFIG_PPC64) && LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,32))
+ #define NV_DMA_MAP_OPS_PRESENT
+#else
+ #undef NV_DMA_MAP_OPS_PRESENT
+#endif
+
+/* Implement conftest.sh function get_dma_ops */
+#if (IS_ENABLED(CONFIG_X86) && LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,27)) || \
+  (IS_ENABLED(CONFIG_ARM64) && LINUX_VERSION_CODE >= KERNEL_VERSION(3,7,0)) || \
+  (IS_ENABLED(CONFIG_ARM) && LINUX_VERSION_CODE >= KERNEL_VERSION(3,5,0)) || \
+  (IS_ENABLED(CONFIG_PPC) && LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28)) || \
+  (IS_ENABLED(CONFIG_PPC64) && LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20))
+ #define NV_GET_DMA_OPS_PRESENT
+#else
+ #undef NV_GET_DMA_OPS_PRESENT
+#endif
+
+/* Implement conftest.sh function noncoherent_swiotlb_dma_ops */
+#if IS_ENABLED(CONFIG_ARM64) && LINUX_VERSION_CODE < KERNEL_VERSION(4,0,0) && \
+  LINUX_VERSION_CODE >= KERNEL_VERSION(3,15,0)
+ #define NV_NONCOHERENT_SWIOTLB_DMA_OPS_PRESENT
+#else
+ #undef NV_NONCOHERENT_SWIOTLB_DMA_OPS_PRESENT
+#endif
+
+/* Implement conftest.sh function write_cr4 */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20) && \
+    LINUX_VERSION_CODE < KERNEL_VERSION(3,20,0)
+ #define NV_WRITE_CR4_PRESENT
+#else
+ #undef NV_WRITE_CR4_PRESENT
+#endif
+
 /* Check for linux/semaphore.h */
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,26)
  #define NV_LINUX_SEMAPHORE_H_PRESENT
@@ -601,6 +707,7 @@
  #undef NV_LINUX_SCREEN_INFO_H_PRESENT
 #endif
 
+/* removed in 352 */
 /* Check for linux/nvmap.h */
 // does not (yet) exist in kernel source
  #undef NV_LINUX_NVMAP_H_PRESENT
@@ -625,3 +732,18 @@
 #else
  #undef NV_LINUX_PRIO_TREE_H_PRESENT
 #endif
+
+/* Check for linux/log2.h */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
+ #define NV_LINUX_LOG2_H_PRESENT
+#else
+ #undef NV_LINUX_LOG2_H_PRESENT
+#endif
+
+/* Check for xen/ioemu.h */
+/* this seems to require some xen patch for the kernel */
+#if 0
+ #define NV_XEN_IOEMU_H_PRESENT
+#else
+ #undef NV_XEN_IOEMU_H_PRESENT
+#endif
Index: debian/changelog
===================================================================
--- debian/changelog	(.../304-wheezy)	(revision 5555)
+++ debian/changelog	(.../304)	(revision 5555)
@@ -1,3 +1,29 @@
+nvidia-graphics-drivers (304.128-1) wheezy; urgency=medium
+
+  * New upstream legacy 304xx branch release 304.128 (2015-08-31).
+    * Fixed CVE-2015-5950: Memory corruption due to an unsanitized pointer.
+      (Closes: #800566)
+    * Improved compatibility with recent Linux kernels.
+  * libgl1-nvidia-glx: Add Provides+Conflicts:
+    libgl1-nvidia-glx-${nvidia:Version} to forbid co-installation of
+    libgl1-nvidia-legacy-304xx-glx from the same upstream version due to file
+    conflicts on versioned files that are not handled via alternatives.
+  * conftest.h:
+    - Implement new conftest.sh functions file_inode, drm_pci_set_busid
+      (340.76).
+    - Implement check for linux/log2.h (346.16).
+    - Implement check for xen/ioemu.h (346.59).
+    - Implement new conftest.sh functions write_cr4, xen_ioemu_inject_msi
+      (346.59), list_cut_position (349.12).
+    - Implement new conftest.sh functions backing_dev_info (346.82),
+      phys_to_dma, dma_ops, get_dma_ops, noncoherent_swiotlb_dma_ops (352.09).
+    - Implement new conftest.sh function dma_map_ops (352.30).
+    - Reorder conftest.h to match conftest.sh.
+    - Implement new conftest.sh function nvidia_grid_build (352.41).
+  * Update lintian overrides.
+
+ -- Andreas Beckmann <anbe@debian.org>  Sun, 13 Sep 2015 23:34:49 +0200
+
 nvidia-graphics-drivers (304.125-1) wheezy; urgency=medium
 
   * New upstream legacy 304xx branch release 304.125 (2014-12-05).
Index: debian/control
===================================================================
--- debian/control	(.../304-wheezy)	(revision 5555)
+++ debian/control	(.../304)	(revision 5555)
@@ -137,7 +137,9 @@
 Provides:
  libgl1-nvidia${nvidia:Legacy}-glx-i386 [i386],
  libgl1-nvidia-glx-any,
+ libgl1-nvidia-glx-${nvidia:Version},
 Conflicts:
+ libgl1-nvidia-glx-${nvidia:Version},
  libgl1-nvidia${nvidia:Legacy}-dev,
  nvidia-glx${nvidia:Legacy}-dev,
  libgl1-nvidia${nvidia:Legacy}-glx-ia32 [i386],

--- End Message ---
--- Begin Message --- 
Version: 7.10

Hi,

The updates referenced in these bugs were included in today's wheezy
point release.

Regards,

Adam

--- End Message ---
Reply to: