--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: buster-pu: package nvidia-graphics-drivers/418.197.02-1
- From: Andreas Beckmann <anbe@debian.org>
- Date: Wed, 28 Apr 2021 17:43:35 +0200
- Message-id: <161962461512.25115.15545040471605764558.reportbug@zam504.zam.kfa-juelich.de>
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
Hi,
let's fix CVE-2021-1076 by updating the non-free nvidia-graphics-drivers
in buster to a new upstream release.
This driver version is in sid and bullseye available as
src:nvidia-graphics-drivers-tesla-418
There is an additional packaging change: the creation of the missing
libnvidia-ml.so symlink.
Andreas
diff --git a/debian/changelog b/debian/changelog
index 154072b1..d50a7005 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+nvidia-graphics-drivers (418.197.02-1) buster; urgency=medium
+
+ * New upstream Tesla release 418.197.02 (2021-04-19).
+ * Fixed CVE-2021-1076. (Closes: #987216)
+ https://nvidia.custhelp.com/app/answers/detail/a_id/5172
+
+ [ Andreas Beckmann ]
+ * nvidia-alternative: Add libnvidia-ml.so slave alternative if
+ libnvidia-ml-dev is installed (460.56-2). (Closes: #984881)
+
+ -- Andreas Beckmann <anbe@debian.org> Tue, 20 Apr 2021 15:01:59 +0200
+
nvidia-graphics-drivers (418.181.07-1) buster; urgency=medium
* New upstream Tesla release 418.181.07 (2021-01-19).
@@ -607,6 +619,19 @@ nvidia-graphics-drivers (396.18-1) experimental; urgency=medium
-- Andreas Beckmann <anbe@debian.org> Sun, 22 Apr 2018 13:59:45 +0200
+nvidia-graphics-drivers (390.143-1) UNRELEASED; urgency=medium
+
+ * New upstream legacy branch release 390.143 (2021-04-19).
+ * Fixed CVE-2021-1076.
+ https://nvidia.custhelp.com/app/answers/detail/a_id/5172
+ - Fixed a bug where vkCreateSwapchain could cause the X Server to crash
+ when an invalid imageFormat was provided.
+ - Fixed a driver installation failure on Linux kernel 5.11 release
+ candidates, where the NVIDIA kernel module failed to build with error
+ "fatal error: asm/kmap_types.h: No such file or directory".
+
+ -- Andreas Beckmann <anbe@debian.org> Mon, 19 Apr 2021 22:38:56 +0200
+
nvidia-graphics-drivers (390.141-1) UNRELEASED; urgency=medium
* New upstream legacy branch release 390.141 (2021-01-07).
diff --git a/debian/control.md5sum b/debian/control.md5sum
index 0a0335ac..8eef27fc 100644
--- a/debian/control.md5sum
+++ b/debian/control.md5sum
@@ -1,5 +1,5 @@
d821215e307c351bf49071c22198c3cf debian/control
e4f873e158ee77960509ee7b1737f5ae debian/control.in
db12f898b07cdaf431ad34bd68a1662e debian/gen-control.pl
-cd0f1042158bc0093df3bde0a9f851b2 debian/rules
+bdecb50e210cbb969730b9369509aaed debian/rules
c461274a68eab2da346c5d34d32f2485 debian/rules.defs
diff --git a/debian/nvidia-alternative.postinst.in b/debian/nvidia-alternative.postinst.in
index 1069caa7..8f6bc805 100644
--- a/debian/nvidia-alternative.postinst.in
+++ b/debian/nvidia-alternative.postinst.in
@@ -82,10 +82,14 @@ if [ "$1" = "triggered" ]; then
$(add_slave /etc/nvidia/nvidia-modprobe.conf nvidia-modprobe.conf /etc/#PRIVATE#/nvidia-modprobe.conf)
$(add_slave /etc/nvidia/nvidia-load.conf nvidia-load.conf /etc/#PRIVATE#/nvidia-load.conf)
"
+ libnvidia_ml_so_slave=
+ if [ -f /usr/include/nvml.h ]; then
+ libnvidia_ml_so_slave="$(add_multiarch_slave /usr/lib "" libnvidia-ml.so /usr/lib #PRIVATE#/)"
+ fi
if echo "$slaves" | grep -q "slave" ; then
- update-alternatives --install /usr/lib/nvidia/nvidia nvidia /usr/lib/#PRIVATE# #MAJOR# $slaves $conf_slaves
+ update-alternatives --install /usr/lib/nvidia/nvidia nvidia /usr/lib/#PRIVATE# #MAJOR# $slaves $conf_slaves $libnvidia_ml_so_slave
# work around #916799 and re-register the alternative to clean-up leftover slaves
- update-alternatives --install /usr/lib/nvidia/nvidia nvidia /usr/lib/#PRIVATE# #MAJOR# $slaves $conf_slaves
+ update-alternatives --install /usr/lib/nvidia/nvidia nvidia /usr/lib/#PRIVATE# #MAJOR# $slaves $conf_slaves $libnvidia_ml_so_slave
else
update-alternatives --remove nvidia /usr/lib/#PRIVATE#
fi
diff --git a/debian/nvidia-alternative.triggers.in b/debian/nvidia-alternative.triggers.in
index 153c0e6a..e4886029 100644
--- a/debian/nvidia-alternative.triggers.in
+++ b/debian/nvidia-alternative.triggers.in
@@ -4,3 +4,5 @@ interest-await /etc/#PRIVATE#
interest-await /usr/lib/#PRIVATE#
interest-await /usr/lib/i386-linux-gnu/#PRIVATE#
interest-await /usr/lib/x86_64-linux-gnu/#PRIVATE#
+
+interest-await /usr/include/nvml.h
diff --git a/debian/rules b/debian/rules
index 5f8236c2..2c24bc17 100755
--- a/debian/rules
+++ b/debian/rules
@@ -169,9 +169,9 @@ nonglvnd/nvidia_icd.json: $(nvidia_icd.json.template)
sed 's/__NV_VK_ICD__/libGL.so.1/' $< > $@
nv-readme.ids: unpack-stamp
- sed -e '0,/A. Supported\|APPENDIX A: SUPPORTED/d' \
- -e '0,/Appendix A. Supported\|APPENDIX A: SUPPORTED/d' \
- -e '0,/^Below\|APPENDIX B/{/ 0x/s/.* 0x\([0-9a-fA-F]\{4\}\).*/10de\1/p; /^.\{41\} [0-9a-fA-F]\{4\} /s/^.\{41\} \([0-9a-fA-F]\{4\}\) .*/10de\1/p};d' \
+ sed -r -e '0,/A. Supported|APPENDIX A: SUPPORTED/d' \
+ -e '0,/Appendix A. Supported|APPENDIX A: SUPPORTED/d' \
+ -e '0,/^Below|APPENDIX B/{/ 0x/s/.* 0x([0-9a-fA-F]{4}).*/10de\1/p; /^(.{41}|.{49}) [0-9a-fA-F]{4} /s/^(.{41}|.{49}) ([0-9a-fA-F]{4}) .*/10de\2/p};d' \
NVIDIA-Linux/README.txt \
| tr a-f A-F | sort -u > $@
@set -e -x ; \
--- End Message ---