Bug#991516: buster-pu: package nvidia-graphics-drivers/418.211.00-1
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
Hi,
this is a new upstream release fixing some CVEs.
Further packaging changes (as in all driver variants in sid):
* adding Recommends on the libnvidia*-encode1 library. Several
multimedia applications are built with nvidia encode support and can
dlopen the library at runtime (if available) to use hardware
acceleration for video encoding
* computing the Vcs-Git branch while generating debian/control,
something I usually forgot to update when forking off a new driver
source package
This package is functionally equivalent (i.e. using the same upstream
.run blobs) to src:nvidia-graphics-drivers-tesla-418 in sid.
The package is already uploaded.
Andreas
diff --git a/debian/changelog b/debian/changelog
index 44f096f5..1a56ab2c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,21 @@
+nvidia-graphics-drivers (418.211.00-1) buster; urgency=medium
+
+ * New upstream Tesla release 418.211.00 (2021-07-20).
+ * Fixed CVE-2021-1093, CVE-2021-1094, CVE-2021-1095. (Closes: #991351)
+ https://nvidia.custhelp.com/app/answers/detail/a_id/5211
+
+ [ Andreas Beckmann ]
+ * Refresh patches.
+ * nvidia-driver-libs: Add Recommends: libnvidia-encode1
+ (470.42.01-1). (Closes: #989885)
+ * debian/gen-control.pl: Support substitutions in the Vcs-Git field
+ (470.57.02-1).
+ * Compute and substitute the Git branch instead of hardcoding it
+ (470.57.02-1).
+ * Upload to buster.
+
+ -- Andreas Beckmann <anbe@debian.org> Wed, 21 Jul 2021 22:06:09 +0200
+
nvidia-graphics-drivers (418.197.02-1) buster; urgency=medium
* New upstream Tesla release 418.197.02 (2021-04-19).
@@ -620,6 +638,19 @@ nvidia-graphics-drivers (396.18-1) experimental; urgency=medium
-- Andreas Beckmann <anbe@debian.org> Sun, 22 Apr 2018 13:59:45 +0200
+nvidia-graphics-drivers (390.144-1) UNRELEASED; urgency=medium
+
+ * New upstream legacy branch release 390.144 (2021-07-20).
+ * Fixed CVE-2021-1093, CVE-2021-1094, CVE-2021-1095.
+ https://nvidia.custhelp.com/app/answers/detail/a_id/5211
+ - Worked around a bug in Meson builds of libglvnd 1.3.0 that caused the
+ nvidia_icd.json file to be installed in the wrong location.
+
+ [ Andreas Beckmann ]
+ * Refresh patches.
+
+ -- Andreas Beckmann <anbe@debian.org> Wed, 21 Jul 2021 18:15:32 +0200
+
nvidia-graphics-drivers (390.143-1) UNRELEASED; urgency=medium
* New upstream legacy branch release 390.143 (2021-04-19).
@@ -631,7 +662,7 @@ nvidia-graphics-drivers (390.143-1) UNRELEASED; urgency=medium
candidates, where the NVIDIA kernel module failed to build with error
"fatal error: asm/kmap_types.h: No such file or directory".
- -- Andreas Beckmann <anbe@debian.org> Mon, 19 Apr 2021 22:38:56 +0200
+ -- Andreas Beckmann <anbe@debian.org> Tue, 20 Apr 2021 02:04:19 +0200
nvidia-graphics-drivers (390.141-1) UNRELEASED; urgency=medium
diff --git a/debian/control b/debian/control
index c059de22..8e3c4372 100644
--- a/debian/control
+++ b/debian/control
@@ -312,6 +312,7 @@ Recommends:
libgles-${nvidia-}1 (= ${binary:Version}),
libgles-${nvidia-}2 (= ${binary:Version}),
lib${nvidia}-cfg1 (= ${binary:Version}) [${nvidia:arch:has-driver}],
+ lib${nvidia}-encode1 (= ${binary:Version}),
${nvidia}-vulkan-icd (= ${binary:Version}) [amd64 i386],
Provides:
nvidia-driver-libs-any,
@@ -1005,12 +1006,12 @@ Pre-Depends:
${misc:Pre-Depends}
Depends:
${shlibs:Depends}, ${misc:Depends}
-Description: NVIDIA PTX JIT Compiler${nvidia:VariantDesc}
+Description: NVIDIA PTX JIT Compiler library${nvidia:VariantDesc}
The Compute Unified Device Architecture (CUDA) enables NVIDIA
graphics processing units (GPUs) to be used for massively parallel
general purpose computation.
.
- This package contains the runtime PTX JIT compiler library.
+ This package contains the runtime PTX JIT Compiler library.
Package: libnvcuvid1
Architecture: i386 amd64
diff --git a/debian/control.in b/debian/control.in
index 423ba6a1..73672dd8 100644
--- a/debian/control.in
+++ b/debian/control.in
@@ -6,7 +6,7 @@ Uploaders:
Andreas Beckmann <anbe@debian.org>,
Luca Boccassi <bluca@debian.org>,
Vcs-Browser: https://salsa.debian.org/nvidia-team/nvidia-graphics-drivers
-Vcs-Git: https://salsa.debian.org/nvidia-team/nvidia-graphics-drivers.git
+Vcs-Git: https://salsa.debian.org/nvidia-team/nvidia-graphics-drivers.git${Vcs-Git:Branch}
Build-Depends:
debhelper-compat (= 12),
dpkg-dev (>= 1.18.8),
@@ -311,6 +311,7 @@ Recommends:
libgles-${nvidia-}1 (= ${binary:Version}),
libgles-${nvidia-}2 (= ${binary:Version}),
lib${nvidia}-cfg1 (= ${binary:Version}) [${nvidia:arch:has-driver}],
+ lib${nvidia}-encode1 (= ${binary:Version}),
${nvidia}-vulkan-icd (= ${binary:Version}) [amd64 i386],
Provides:
nvidia-driver-libs-any,
@@ -1173,12 +1174,12 @@ Pre-Depends:
${misc:Pre-Depends}
Depends:
${shlibs:Depends}, ${misc:Depends}
-Description: NVIDIA PTX JIT Compiler${nvidia:VariantDesc}
+Description: NVIDIA PTX JIT Compiler library${nvidia:VariantDesc}
The Compute Unified Device Architecture (CUDA) enables NVIDIA
graphics processing units (GPUs) to be used for massively parallel
general purpose computation.
.
- This package contains the runtime PTX JIT compiler library.
+ This package contains the runtime PTX JIT Compiler library.
Package: lib${nvidia-if-variant}nvcuvid1
Architecture: i386 amd64 ${arch:ppc64el}
diff --git a/debian/control.md5sum b/debian/control.md5sum
index 8eef27fc..4b4188da 100644
--- a/debian/control.md5sum
+++ b/debian/control.md5sum
@@ -1,5 +1,5 @@
-d821215e307c351bf49071c22198c3cf debian/control
-e4f873e158ee77960509ee7b1737f5ae debian/control.in
-db12f898b07cdaf431ad34bd68a1662e debian/gen-control.pl
-bdecb50e210cbb969730b9369509aaed debian/rules
+6b8bc9e2e8c334c6553a0b203eac538f debian/control
+e38dc2183f10b94d486c76f6d3faeb34 debian/control.in
+8489c83cfe0171c9de6d052c01a6d19b debian/gen-control.pl
+5838fbffeab657e89abf44b83a1536f3 debian/rules
c461274a68eab2da346c5d34d32f2485 debian/rules.defs
diff --git a/debian/copyright b/debian/copyright
index 2dc83a17..038f14b4 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -14,7 +14,7 @@ Disclaimer:
permitted, and the binaries are not distributed with source code.
Files: *
-Copyright: 1993-2020 NVIDIA Corporation. All rights reserved.
+Copyright: 1993-2021 NVIDIA Corporation. All rights reserved.
License: NVIDIA-graphics-drivers
Files: debian/*
diff --git a/debian/gen-control.pl b/debian/gen-control.pl
index 1e84b6bd..37e42484 100755
--- a/debian/gen-control.pl
+++ b/debian/gen-control.pl
@@ -62,6 +62,7 @@ print "# run \`make -f debian/rules debian/control'.\n";
my $src_fields = $control->get_source();
$src_fields->{'Source'} = $substvars->substvars($src_fields->{'Source'});
+$src_fields->{'Vcs-Git'} = $substvars->substvars($src_fields->{'Vcs-Git'});
$src_fields->output(\*STDOUT);
foreach my $pkg_fields ($control->get_packages()) {
diff --git a/debian/module/debian/patches/cc_version_check-gcc5.patch b/debian/module/debian/patches/cc_version_check-gcc5.patch
index ffdee3ae..5c92dc6f 100644
--- a/debian/module/debian/patches/cc_version_check-gcc5.patch
+++ b/debian/module/debian/patches/cc_version_check-gcc5.patch
@@ -5,7 +5,7 @@ Description: ignore __GNUC_MINOR__ from GCC 5 onwards
--- a/conftest.sh
+++ b/conftest.sh
-@@ -4020,7 +4020,7 @@ case "$6" in
+@@ -4156,7 +4156,7 @@ case "$6" in
kernel_cc_minor=`echo ${kernel_cc_version} | cut -d '.' -f 2`
echo "
diff --git a/debian/module/debian/patches/conftest-verbose.patch b/debian/module/debian/patches/conftest-verbose.patch
index 4fae8ce8..1d07bf60 100644
--- a/debian/module/debian/patches/conftest-verbose.patch
+++ b/debian/module/debian/patches/conftest-verbose.patch
@@ -3,7 +3,7 @@ Description: dump the generated conftest headers
--- a/Kbuild
+++ b/Kbuild
-@@ -117,6 +117,16 @@ NV_CONFTEST_HEADERS += $(obj)/conftest/h
+@@ -114,6 +114,16 @@ NV_CONFTEST_HEADERS += $(obj)/conftest/h
NV_CONFTEST_HEADERS += $(NV_CONFTEST_COMPILE_TEST_HEADERS)
@@ -20,7 +20,7 @@ Description: dump the generated conftest headers
#
# Generate a header file for a single conftest compile test. Each compile test
# header depends on conftest.sh, as well as the generated conftest/headers.h
-@@ -141,6 +151,8 @@ define NV_GENERATE_COMPILE_TEST_HEADER
+@@ -138,6 +148,8 @@ define NV_GENERATE_COMPILE_TEST_HEADER
@mkdir -p $(obj)/conftest
@# concatenate /dev/null to prevent cat from hanging when $$^ is empty
@cat $$^ /dev/null > $$@
@@ -29,7 +29,7 @@ Description: dump the generated conftest headers
endef
#
-@@ -160,13 +172,17 @@ $(eval $(call NV_GENERATE_COMPILE_TEST_H
+@@ -157,13 +169,17 @@ $(eval $(call NV_GENERATE_COMPILE_TEST_H
$(eval $(call NV_GENERATE_COMPILE_TEST_HEADER,symbols,$(NV_CONFTEST_SYMBOL_COMPILE_TESTS)))
$(eval $(call NV_GENERATE_COMPILE_TEST_HEADER,types,$(NV_CONFTEST_TYPE_COMPILE_TESTS)))
diff --git a/debian/module/debian/patches/use-kbuild-flags.patch b/debian/module/debian/patches/use-kbuild-flags.patch
index 3d15f726..6b2b729d 100644
--- a/debian/module/debian/patches/use-kbuild-flags.patch
+++ b/debian/module/debian/patches/use-kbuild-flags.patch
@@ -5,7 +5,7 @@ Description: use KBUILD_CFLAGS and (KBUILD_)LDFLAGS
--- a/Kbuild
+++ b/Kbuild
-@@ -104,6 +104,7 @@ NV_CONFTEST_CMD := /bin/sh $(NV_CONFTEST
+@@ -101,6 +101,7 @@ NV_CONFTEST_CMD := /bin/sh $(NV_CONFTEST
"$(CC)" "$(HOST_CC)" $(ARCH) $(NV_KERNEL_SOURCES) $(NV_KERNEL_OUTPUT)
NV_CONFTEST_CFLAGS := $(shell $(NV_CONFTEST_CMD) build_cflags)
@@ -15,8 +15,8 @@ Description: use KBUILD_CFLAGS and (KBUILD_)LDFLAGS
NV_CONFTEST_COMPILE_TEST_HEADERS += $(obj)/conftest/functions.h
--- a/nvidia/nvidia.Kbuild
+++ b/nvidia/nvidia.Kbuild
-@@ -88,7 +88,7 @@ NVIDIA_INTERFACE := nvidia/nv-interface.
- always += $(NVIDIA_INTERFACE)
+@@ -93,7 +93,7 @@ always += $(NVIDIA_INTERFACE)
+ always-y += $(NVIDIA_INTERFACE)
$(obj)/$(NVIDIA_INTERFACE): $(addprefix $(obj)/,$(NVIDIA_OBJECTS))
- $(LD) -r -o $@ $^
@@ -37,8 +37,8 @@ Description: use KBUILD_CFLAGS and (KBUILD_)LDFLAGS
# Kbuild's "clean" rule won't clean up the conftest headers on its own, and
--- a/nvidia-modeset/nvidia-modeset.Kbuild
+++ b/nvidia-modeset/nvidia-modeset.Kbuild
-@@ -70,7 +70,7 @@ NVIDIA_MODESET_INTERFACE := nvidia-modes
- always += $(NVIDIA_MODESET_INTERFACE)
+@@ -75,7 +75,7 @@ always += $(NVIDIA_MODESET_INTERFACE)
+ always-y += $(NVIDIA_MODESET_INTERFACE)
$(obj)/$(NVIDIA_MODESET_INTERFACE): $(addprefix $(obj)/,$(NVIDIA_MODESET_OBJECTS))
- $(LD) -r -o $@ $^
diff --git a/debian/module/debian/patches/use-kbuild-gcc-plugins.patch b/debian/module/debian/patches/use-kbuild-gcc-plugins.patch
index 65e18e1c..a21c7c35 100644
--- a/debian/module/debian/patches/use-kbuild-gcc-plugins.patch
+++ b/debian/module/debian/patches/use-kbuild-gcc-plugins.patch
@@ -4,7 +4,7 @@ Description: ignore GCC plugins
CONFIG_GCC_PLUGIN_STRUCTLEAK and CONFIG_GCC_PLUGIN_RANDSTRUCT.
--- a/Kbuild
+++ b/Kbuild
-@@ -104,7 +104,7 @@ NV_CONFTEST_CMD := /bin/sh $(NV_CONFTEST
+@@ -101,7 +101,7 @@ NV_CONFTEST_CMD := /bin/sh $(NV_CONFTEST
"$(CC)" "$(HOST_CC)" $(ARCH) $(NV_KERNEL_SOURCES) $(NV_KERNEL_OUTPUT)
NV_CONFTEST_CFLAGS := $(shell $(NV_CONFTEST_CMD) build_cflags)
diff --git a/debian/rules b/debian/rules
index 2c24bc17..a8758b38 100755
--- a/debian/rules
+++ b/debian/rules
@@ -411,6 +411,7 @@ debian/control-real: $(CONTROL_FILES)
-V'nvidia-if-variant=$(nvidia_if_variant)' \
-V'nvidia:Variant=$(-variant)' \
-V'libcuda1=$(libcuda1)' \
+ -V'Vcs-Git:Branch=$(if $(variant), -b $(subst legacy-,,$(variant))/master)' \
$(foreach a,$(ARCH_CANDIDATES),-V'arch:$a=$(filter $a,$(DRIVER_ARCH_LIST))') \
-- \
debian/control.in > debian/control.new
Reply to: