Control: tags -1 - moreinfo On Sun, 2017-07-30 at 23:04 +0100, Adam D. Barratt wrote: > Control: tags -1 + moreinfo > > On Wed, 2017-07-26 at 22:51 +0100, Luca Boccassi wrote: > > The non-free proprietary nvidia-graphics-drivers version 375.66 in > > Stretch is affected by CVE-2017-6257 and CVE-2017-6259. Debian bug: > > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869783 > > > > Please consider allowing the new upstream version 375.82, which > > fixes > > these CVEs, in proposed-updates. As usual with these proprietary > > drivers, we cannot just cherry-pick the fixes for the CVEs as they > > are > > in the binary blobs. > > > > I have tested this new version on a Stretch amd64 desktop and > > didn't > > encounter any issue. > > > > The debdiff from 375.66-2~deb9u1 to 375.82-1 is attached. > > While I'm sure it's probably fine, could we have a diff of the > proposed > 375.82-1~deb9u1, as built and tested on stretch, please? > > Regards, > > Adam Hi Adam, There were no changes when I opened the bug apart from the new changelog entry. Andreas has since committed 2 small fixes to the changelog as well, inlined, just minor clarifications. I still find the way upstream compiles their changelog quite confusing and often make mistakes when copying over :-) Kind regards, Luca Boccassi @@ -1,14 +1,18 @@ +nvidia-graphics-drivers (375.82-1~deb9u1) stretch; urgency=medium + + * Rebuild for stretch. + + -- Luca Boccassi <luca.boccassi@gmail.com> Sun, 30 Jul 2017 23:09:12 +0100 + nvidia-graphics-drivers (375.82-1) unstable; urgency=high * New upstream long lived branch release 375.82 (2017-07-24). * Fixed CVE-2017-6257, CVE-2017-6259. (Closes: #869783) - - Fix a bug with GLX_EXT_buffer_age where incorrect buffer age values would - be reported for SLI AFR configurations. In such configurations buffer age - may now be greater than 3, the previous maximum buffer age. + - Fix a bug with GLX_EXT_buffer_age where incorrect buffer age values + would be reported for SLI AFR configurations. In such configurations + buffer age may now be greater than 3, the previous maximum buffer age. - Fixed a bug that could cause hanging and Xids when performing RandR transforms with Overlay and SLI enabled. - - Improved handling of framebuffer console restore on systems booted in - UEFI mode. - Extended the information reported by the NVIDIA Xinerama X extension to report PRIME displays in addition to directly-connected displays. - Fixed a bug that caused HDMI audio devices to appear or disappear @@ -15,17 +19,13 @@ inconsistently when HDMI devices were hotplugged or unplugged. - Fixed a bug that could cause driver errors when setting modes on X screens running at Depth 8 or Depth 15. + - Added support for the following GPUs: GeForce GTX 1080 with Max-Q + Design, GeForce GTX 1070 with Max-Q Design, + GeForce GTX 1060 with Max-Q Design. - Fixed a bug that could cause intermittent kernel panics when running with PRIME Sync. - - Fixed a bug that caused a kernel panic when hotplugging HDMI displays on - some Zotac mini PCs. - - Updated nvidia-installer to label kernel modules with SELinux file type - 'modules_object_t'. Some system SELinux policies only permit loading of - kernel modules with this SELinux file type. - - Removed support for checking for and downloading updated driver packages - and precompiled kernel interfaces from nvidia-installer. This - functionality was limited to unencrypted ftp and http, and was - implemented using code that is no longer actively maintained. + - Fixed a bug that caused a kernel panic when hotplugging HDMI displays + on some Zotac mini PCs. [ Andreas Beckmann ] * nvidia-kernel-dkms: Honor parallel setting from dkms. (Closes: #864639) @@ -33,7 +33,7 @@ * Switch watch URL from ftp:// to https://. ;(Closes: #868815) [ Luca Boccassi ] - * Add support for buster/sid in nvidia-detect. (Closes: #866126) + * Add support for buster in nvidia-detect. (Closes: #866126) * Update symbols files. -- Luca Boccassi <luca.boccassi@gmail.com> Wed, 26 Jul 2017 21:42:00 +0100
Attachment:
signature.asc
Description: This is a digitally signed message part