subject:"Bug#803410\: jessie\-pu\: package libvdpau\/0.8\-3\+deb8u2"

Bug#803410: jessie-pu: package libvdpau/0.8-3+deb8u2

2015-10-30 Thread Alessandro Ghedini

On Thu, Oct 29, 2015 at 07:52:23pm +, luca wrote:
> Package: release.debian.org
> Severity: normal
> Tags: jessie
> User: release.debian@packages.debian.org
> Usertags: pu
> 
> Dear release team,
> 
> We would like to update libvdpau in jessie to address a segmentation fault in 
> a
> particular use case.
> 
> 0.8-3+deb8u1 was uploaded through jessie-security with an upstream fix for 3
> security bugs: CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 (see
> https://bugs.debian.org/797895).
> 
> The upstream patch unfortunately introduced a regression when running with
> DRI_PRIME=1, as reported by a user in https://bugs.debian.org/802625 and
> upstream has committed a fix for it.
> 
> We already uploaded a fixed version to unstable, and now we would like to
> backport it to jessie as well. The debdiff follows. I have verified that it
> fixes the problem on a vanilla jessie amd64 installation.
> 
> Thank you!
> 
> Kind regards,
> Luca Boccassi
> 
> 
> diff -Nru libvdpau-0.8/debian/changelog libvdpau-0.8/debian/changelog
> --- libvdpau-0.8/debian/changelog   2015-09-05 13:14:50.0 +0100
> +++ libvdpau-0.8/debian/changelog   2015-10-29 19:30:28.0 +
> @@ -1,3 +1,10 @@
> +libvdpau (0.8-3+deb8u2) jessie; urgency=medium

The diff looks good, could you change the target to jessie-security and upload
to security-master?

Also, do you plan to prepare an update for wheezy-security as well?

Cheers


signature.asc
Description: PGP signature

Bug#803410: jessie-pu: package libvdpau/0.8-3+deb8u2

2015-10-30 Thread Luca Boccassi

On Fri, 2015-10-30 at 14:32 +0100, Alessandro Ghedini wrote:
> On Thu, Oct 29, 2015 at 07:52:23pm +, luca wrote:
> > Package: release.debian.org
> > Severity: normal
> > Tags: jessie
> > User: release.debian@packages.debian.org
> > Usertags: pu
> > 
> > Dear release team,
> > 
> > We would like to update libvdpau in jessie to address a segmentation fault 
> > in a
> > particular use case.
> > 
> > 0.8-3+deb8u1 was uploaded through jessie-security with an upstream fix for 3
> > security bugs: CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 (see
> > https://bugs.debian.org/797895).
> > 
> > The upstream patch unfortunately introduced a regression when running with
> > DRI_PRIME=1, as reported by a user in https://bugs.debian.org/802625 and
> > upstream has committed a fix for it.
> > 
> > We already uploaded a fixed version to unstable, and now we would like to
> > backport it to jessie as well. The debdiff follows. I have verified that it
> > fixes the problem on a vanilla jessie amd64 installation.
> > 
> > Thank you!
> > 
> > Kind regards,
> > Luca Boccassi
> > 
> > 
> > diff -Nru libvdpau-0.8/debian/changelog libvdpau-0.8/debian/changelog
> > --- libvdpau-0.8/debian/changelog   2015-09-05 13:14:50.0 +0100
> > +++ libvdpau-0.8/debian/changelog   2015-10-29 19:30:28.0 +
> > @@ -1,3 +1,10 @@
> > +libvdpau (0.8-3+deb8u2) jessie; urgency=medium
> 
> The diff looks good, could you change the target to jessie-security and upload
> to security-master?

Committed in git, but I'll have to ask Andreas to upload as I lack the
supercow powers :-)

Andreas, the new version is tested and ready in the jessie branch in git
[1], could you please upload to security-master when you have time?
Thanks!

> Also, do you plan to prepare an update for wheezy-security as well?

I'll have access to a wheezy guinea pig machine on Monday, so if the
regression is present there as well I'll test a patched version and
reply back here.

Kind regards,
Luca Boccassi

[1] https://anonscm.debian.org/cgit/pkg-nvidia/libvdpau.git/log/?h=jessie


signature.asc
Description: This is a digitally signed message part

Bug#803410: jessie-pu: package libvdpau/0.8-3+deb8u2

2015-10-29 Thread luca

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

Dear release team,

We would like to update libvdpau in jessie to address a segmentation fault in a
particular use case.

0.8-3+deb8u1 was uploaded through jessie-security with an upstream fix for 3
security bugs: CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 (see
https://bugs.debian.org/797895).

The upstream patch unfortunately introduced a regression when running with
DRI_PRIME=1, as reported by a user in https://bugs.debian.org/802625 and
upstream has committed a fix for it.

We already uploaded a fixed version to unstable, and now we would like to
backport it to jessie as well. The debdiff follows. I have verified that it
fixes the problem on a vanilla jessie amd64 installation.

Thank you!

Kind regards,
Luca Boccassi


diff -Nru libvdpau-0.8/debian/changelog libvdpau-0.8/debian/changelog
--- libvdpau-0.8/debian/changelog   2015-09-05 13:14:50.0 +0100
+++ libvdpau-0.8/debian/changelog   2015-10-29 19:30:28.0 +
@@ -1,3 +1,10 @@
+libvdpau (0.8-3+deb8u2) jessie; urgency=medium
+
+  [Luca Boccassi]
+  * Cherry-pick patch for DRI_PRIME crash. (Closes: #802625)
+
+ -- Luca Boccassi   Wed, 28 Oct 2015 22:41:57 +
+
 libvdpau (0.8-3+deb8u1) jessie-security; urgency=high

   * Patch for CVE 2015-5198, 2015-5199, 2015-5200
diff -Nru libvdpau-0.8/debian/gbp.conf libvdpau-0.8/debian/gbp.conf
--- libvdpau-0.8/debian/gbp.conf2015-09-05 13:13:56.0 +0100
+++ libvdpau-0.8/debian/gbp.conf2015-10-29 19:25:06.0 +
@@ -1,6 +1,6 @@
 [DEFAULT]
 upstream-branch = upstream
-debian-branch = master
+debian-branch = jessie
 upstream-tag = upstream/%(version)s
 debian-tag = debian/%(version)s
 pristine-tar = True
diff -Nru libvdpau-0.8/debian/patches/missing-configh-include.patch
libvdpau-0.8/debian/patches/missing-configh-include.patch
--- libvdpau-0.8/debian/patches/missing-configh-include.patch   1970-01-01
01:00:00.0 +0100
+++ libvdpau-0.8/debian/patches/missing-configh-include.patch   2015-10-28
23:47:48.0 +
@@ -0,0 +1,28 @@
+From: Rico Tzschichholz 
+Date: Tue, 1 Sep 2015 10:45:11 +0200
+Subject: mesa_dri2: Add missing include of config.h to define _GNU_SOURCE
+
+Fix build with -Wimplicit-function-declaration while secure_getenv() is
+guarded by __USE_GNU.
+
+Reviewed-by: Aaron Plattner 
+Tested-by: Stefan Dirsch 
+(cherry picked from commit 1cda354bdfd0c9ca107293b84b52f4464fdbedcc)
+---
+ src/mesa_dri2.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/mesa_dri2.c b/src/mesa_dri2.c
+index 51e8794..420ccee 100644
+--- a/src/mesa_dri2.c
 b/src/mesa_dri2.c
+@@ -33,6 +33,9 @@
+  *   and José Hiram Soltren (jsolt...@nvidia.com)
+  */
+
++#ifdef HAVE_CONFIG_H
++#include "config.h"
++#endif
+
+ #define NEED_REPLIES
+ #include 
diff -Nru libvdpau-0.8/debian/patches/series libvdpau-0.8/debian/patches/series
--- libvdpau-0.8/debian/patches/series  2015-09-05 13:13:56.0 +0100
+++ libvdpau-0.8/debian/patches/series  2015-10-29 19:25:06.0 +
@@ -5,3 +5,4 @@
 vdpau-module-searchpath.patch
 hardening.patch
 0007-Use-secure_getenv-3-to-improve-security.patch
+missing-configh-include.patch

Bug#803410: jessie-pu: package libvdpau/0.8-3+deb8u2

2015-10-29 Thread Moritz Mühlenhoff

On Thu, Oct 29, 2015 at 07:52:23PM +, luca wrote:
> Package: release.debian.org
> Severity: normal
> Tags: jessie
> User: release.debian@packages.debian.org
> Usertags: pu
> 
> Dear release team,
> 
> We would like to update libvdpau in jessie to address a segmentation fault in 
> a
> particular use case.
> 
> 0.8-3+deb8u1 was uploaded through jessie-security with an upstream fix for 3
> security bugs: CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 (see
> https://bugs.debian.org/797895).

If that bug was introduced through a security update, we usually also
fix the regression in a DSA.

Alessandro, since you took care of the DSA for libvdpau, could you
look into this?

Cheers,
Moritz

Bug#803410: jessie-pu: package libvdpau/0.8-3+deb8u2

Bug#803410: jessie-pu: package libvdpau/0.8-3+deb8u2

Bug#803410: jessie-pu: package libvdpau/0.8-3+deb8u2

Bug#803410: jessie-pu: package libvdpau/0.8-3+deb8u2

4 matches

Site Navigation

Mail list logo

Footer information