Bug#987726: buster-pu: package nvidia-graphics-drivers-legacy-390xx/390.143-1~deb10u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Wed, 2021-04-28 at 17:50 +0200, Andreas Beckmann wrote:
> let's fix CVE-2021-1076 by updating the non-free
> nvidia-graphics-drivers-legacy-390xx in buster to a new upstream
> release.
> 
> This a rebuild of the package in sid, thus it also contains the
> additional packaging change: the creation of the missing
> libnvidia-ml.so symlink

Please go ahead; sorry for the delay.

Regards,

Adam

Bug#987726: buster-pu: package nvidia-graphics-drivers-legacy-390xx/390.143-1~deb10u1

[Andreas Beckmann]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Hi,

let's fix CVE-2021-1076 by updating the non-free
nvidia-graphics-drivers-legacy-390xx in buster to a new upstream release.

This a rebuild of the package in sid, thus it also contains the
additional packaging change: the creation of the missing
libnvidia-ml.so symlink.

Andreas
diff --git a/debian/changelog b/debian/changelog
index d22ddead..d85c2140 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,29 @@
+nvidia-graphics-drivers-legacy-390xx (390.143-1~deb10u1) buster; urgency=medium
+
+  * Rebuild for buster.
+
+ -- Andreas Beckmann   Wed, 28 Apr 2021 17:44:32 +0200
+
+nvidia-graphics-drivers-legacy-390xx (390.143-1) unstable; urgency=medium
+
+  * New upstream legacy branch release 390.143 (2021-04-19).
+* Fixed CVE-2021-1076.  (Closes: #987218)
+  https://nvidia.custhelp.com/app/answers/detail/a_id/5172
+- Fixed a bug where vkCreateSwapchain could cause the X Server to crash
+  when an invalid imageFormat was provided.
+- Fixed a driver installation failure on Linux kernel 5.11 release
+  candidates, where the NVIDIA kernel module failed to build with error
+  "fatal error: asm/kmap_types.h: No such file or directory".
+
+ -- Andreas Beckmann   Tue, 20 Apr 2021 02:04:19 +0200
+
+nvidia-graphics-drivers-legacy-390xx (390.141-3) unstable; urgency=medium
+
+  * nvidia-legacy-390xx-alternative: Add libnvidia-ml.so slave alternative if
+libnvidia-ml-dev is installed (460.56-2).  (Closes: #984881)
+
+ -- Andreas Beckmann   Sat, 13 Mar 2021 22:39:29 +0100
+
 nvidia-graphics-drivers-legacy-390xx (390.141-2~deb10u1) buster; urgency=medium
 
   * Rebuild for buster.
diff --git a/debian/control.md5sum b/debian/control.md5sum
index 6decf255..577ad1e6 100644
--- a/debian/control.md5sum
+++ b/debian/control.md5sum
@@ -1,5 +1,5 @@
 a1db8e174e35b30f771fffdf4690ea8b  debian/control
 0a204645020c143be44b04bd5daf7b85  debian/control.in
 db12f898b07cdaf431ad34bd68a1662e  debian/gen-control.pl
-365281fc24d824d688be59ab97ae1ca5  debian/rules
+e0a6daa55d2509f44d21bbb591ccbad1  debian/rules
 181fae6bc60df1e667ef475560be4fdf  debian/rules.defs
diff --git a/debian/nvidia-alternative.postinst.in 
b/debian/nvidia-alternative.postinst.in
index 23b5ebc2..ba7573ad 100644
--- a/debian/nvidia-alternative.postinst.in
+++ b/debian/nvidia-alternative.postinst.in
@@ -80,10 +80,14 @@ if [ "$1" = "triggered" ]; then
$(add_slave /etc/nvidia/nvidia-modprobe.conf 
nvidia-modprobe.conf /etc/#PRIVATE#/nvidia-modprobe.conf)
$(add_slave /etc/nvidia/nvidia-load.conf nvidia-load.conf 
/etc/#PRIVATE#/nvidia-load.conf)
 "
+   libnvidia_ml_so_slave=
+   if [ -f /usr/include/nvml.h ]; then
+   libnvidia_ml_so_slave="$(add_multiarch_slave /usr/lib "" 
libnvidia-ml.so /usr/lib #PRIVATE#/)"
+   fi
if echo "$slaves" | grep -q "slave" ; then
-   update-alternatives --install /usr/lib/nvidia/nvidia nvidia 
/usr/lib/#PRIVATE# #MAJOR# $slaves $conf_slaves
+   update-alternatives --install /usr/lib/nvidia/nvidia nvidia 
/usr/lib/#PRIVATE# #MAJOR# $slaves $conf_slaves $libnvidia_ml_so_slave
# work around #916799 and re-register the alternative to 
clean-up leftover slaves
-   update-alternatives --install /usr/lib/nvidia/nvidia nvidia 
/usr/lib/#PRIVATE# #MAJOR# $slaves $conf_slaves
+   update-alternatives --install /usr/lib/nvidia/nvidia nvidia 
/usr/lib/#PRIVATE# #MAJOR# $slaves $conf_slaves $libnvidia_ml_so_slave
else
update-alternatives --remove nvidia /usr/lib/#PRIVATE#
fi
diff --git a/debian/nvidia-alternative.triggers.in 
b/debian/nvidia-alternative.triggers.in
index 451bead4..699759ac 100644
--- a/debian/nvidia-alternative.triggers.in
+++ b/debian/nvidia-alternative.triggers.in
@@ -5,3 +5,5 @@ interest-await /usr/lib/#PRIVATE#
 interest-await /usr/lib/i386-linux-gnu/#PRIVATE#
 interest-await /usr/lib/x86_64-linux-gnu/#PRIVATE#
 interest-await /usr/lib/arm-linux-gnueabihf/#PRIVATE#
+
+interest-await /usr/include/nvml.h
diff --git a/debian/rules b/debian/rules
index 6c291a1f..d87de133 100755
--- a/debian/rules
+++ b/debian/rules
@@ -138,9 +138,9 @@ debian/nv-readme.ids: debian/nv-readme.ids.common 
debian/nv-readme.ids.$(DEB_HOS
cat $^ | sort -u > $@
 
 nv-readme.ids: unpack-stamp debian/nv-readme.ids
-   sed -e '0,/A. Supported\|APPENDIX A: SUPPORTED/d' \
-   -e '0,/Appendix A. Supported\|APPENDIX A: SUPPORTED/d' \
-   -e '0,/^Below\|APPENDIX B/{/ 0x/s/.*  
0x\([0-9a-fA-F]\{4\}\).*/10de\1/p; /^.\{41\} [0-9a-fA-F]\{4\} /s/^.\{41\} 
\([0-9a-fA-F]\{4\}\) .*/10de\1/p};d' \
+   sed -r  -e '0,/A. Supported|APPENDIX A: SUPPORTED/d' \
+   -e '0,/Appendix A. Supported|APPENDIX A: SUPPORTED/d' \
+   -e '0,/^Below|APPENDIX B/{/ 0x/s/.*  
0x([0-9a-fA-F]{4}).*/10de\1/p; /^(.{41}|.