Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
Hi,
let's fix CVE-2021-1076 by updating the non-free
nvidia-graphics-drivers-legacy-390xx in buster to a new upstream release.
This a rebuild of the package in sid, thus it also contains the
additional packaging change: the creation of the missing
libnvidia-ml.so symlink.
Andreas
diff --git a/debian/changelog b/debian/changelog
index d22ddead..d85c2140 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,29 @@
+nvidia-graphics-drivers-legacy-390xx (390.143-1~deb10u1) buster; urgency=medium
+
+ * Rebuild for buster.
+
+ -- Andreas Beckmann Wed, 28 Apr 2021 17:44:32 +0200
+
+nvidia-graphics-drivers-legacy-390xx (390.143-1) unstable; urgency=medium
+
+ * New upstream legacy branch release 390.143 (2021-04-19).
+* Fixed CVE-2021-1076. (Closes: #987218)
+ https://nvidia.custhelp.com/app/answers/detail/a_id/5172
+- Fixed a bug where vkCreateSwapchain could cause the X Server to crash
+ when an invalid imageFormat was provided.
+- Fixed a driver installation failure on Linux kernel 5.11 release
+ candidates, where the NVIDIA kernel module failed to build with error
+ "fatal error: asm/kmap_types.h: No such file or directory".
+
+ -- Andreas Beckmann Tue, 20 Apr 2021 02:04:19 +0200
+
+nvidia-graphics-drivers-legacy-390xx (390.141-3) unstable; urgency=medium
+
+ * nvidia-legacy-390xx-alternative: Add libnvidia-ml.so slave alternative if
+libnvidia-ml-dev is installed (460.56-2). (Closes: #984881)
+
+ -- Andreas Beckmann Sat, 13 Mar 2021 22:39:29 +0100
+
nvidia-graphics-drivers-legacy-390xx (390.141-2~deb10u1) buster; urgency=medium
* Rebuild for buster.
diff --git a/debian/control.md5sum b/debian/control.md5sum
index 6decf255..577ad1e6 100644
--- a/debian/control.md5sum
+++ b/debian/control.md5sum
@@ -1,5 +1,5 @@
a1db8e174e35b30f771fffdf4690ea8b debian/control
0a204645020c143be44b04bd5daf7b85 debian/control.in
db12f898b07cdaf431ad34bd68a1662e debian/gen-control.pl
-365281fc24d824d688be59ab97ae1ca5 debian/rules
+e0a6daa55d2509f44d21bbb591ccbad1 debian/rules
181fae6bc60df1e667ef475560be4fdf debian/rules.defs
diff --git a/debian/nvidia-alternative.postinst.in
b/debian/nvidia-alternative.postinst.in
index 23b5ebc2..ba7573ad 100644
--- a/debian/nvidia-alternative.postinst.in
+++ b/debian/nvidia-alternative.postinst.in
@@ -80,10 +80,14 @@ if [ "$1" = "triggered" ]; then
$(add_slave /etc/nvidia/nvidia-modprobe.conf
nvidia-modprobe.conf /etc/#PRIVATE#/nvidia-modprobe.conf)
$(add_slave /etc/nvidia/nvidia-load.conf nvidia-load.conf
/etc/#PRIVATE#/nvidia-load.conf)
"
+ libnvidia_ml_so_slave=
+ if [ -f /usr/include/nvml.h ]; then
+ libnvidia_ml_so_slave="$(add_multiarch_slave /usr/lib ""
libnvidia-ml.so /usr/lib #PRIVATE#/)"
+ fi
if echo "$slaves" | grep -q "slave" ; then
- update-alternatives --install /usr/lib/nvidia/nvidia nvidia
/usr/lib/#PRIVATE# #MAJOR# $slaves $conf_slaves
+ update-alternatives --install /usr/lib/nvidia/nvidia nvidia
/usr/lib/#PRIVATE# #MAJOR# $slaves $conf_slaves $libnvidia_ml_so_slave
# work around #916799 and re-register the alternative to
clean-up leftover slaves
- update-alternatives --install /usr/lib/nvidia/nvidia nvidia
/usr/lib/#PRIVATE# #MAJOR# $slaves $conf_slaves
+ update-alternatives --install /usr/lib/nvidia/nvidia nvidia
/usr/lib/#PRIVATE# #MAJOR# $slaves $conf_slaves $libnvidia_ml_so_slave
else
update-alternatives --remove nvidia /usr/lib/#PRIVATE#
fi
diff --git a/debian/nvidia-alternative.triggers.in
b/debian/nvidia-alternative.triggers.in
index 451bead4..699759ac 100644
--- a/debian/nvidia-alternative.triggers.in
+++ b/debian/nvidia-alternative.triggers.in
@@ -5,3 +5,5 @@ interest-await /usr/lib/#PRIVATE#
interest-await /usr/lib/i386-linux-gnu/#PRIVATE#
interest-await /usr/lib/x86_64-linux-gnu/#PRIVATE#
interest-await /usr/lib/arm-linux-gnueabihf/#PRIVATE#
+
+interest-await /usr/include/nvml.h
diff --git a/debian/rules b/debian/rules
index 6c291a1f..d87de133 100755
--- a/debian/rules
+++ b/debian/rules
@@ -138,9 +138,9 @@ debian/nv-readme.ids: debian/nv-readme.ids.common
debian/nv-readme.ids.$(DEB_HOS
cat $^ | sort -u > $@
nv-readme.ids: unpack-stamp debian/nv-readme.ids
- sed -e '0,/A. Supported\|APPENDIX A: SUPPORTED/d' \
- -e '0,/Appendix A. Supported\|APPENDIX A: SUPPORTED/d' \
- -e '0,/^Below\|APPENDIX B/{/ 0x/s/.*
0x\([0-9a-fA-F]\{4\}\).*/10de\1/p; /^.\{41\} [0-9a-fA-F]\{4\} /s/^.\{41\}
\([0-9a-fA-F]\{4\}\) .*/10de\1/p};d' \
+ sed -r -e '0,/A. Supported|APPENDIX A: SUPPORTED/d' \
+ -e '0,/Appendix A. Supported|APPENDIX A: SUPPORTED/d' \
+ -e '0,/^Below|APPENDIX B/{/ 0x/s/.*
0x([0-9a-fA-F]{4}).*/10de\1/p; /^(.{41}|.