Bug#803410: jessie-pu: package libvdpau/0.8-3+deb8u2
On Thu, Oct 29, 2015 at 07:52:23pm +, luca wrote: > Package: release.debian.org > Severity: normal > Tags: jessie > User: release.debian@packages.debian.org > Usertags: pu > > Dear release team, > > We would like to update libvdpau in jessie to address a segmentation fault in > a > particular use case. > > 0.8-3+deb8u1 was uploaded through jessie-security with an upstream fix for 3 > security bugs: CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 (see > https://bugs.debian.org/797895). > > The upstream patch unfortunately introduced a regression when running with > DRI_PRIME=1, as reported by a user in https://bugs.debian.org/802625 and > upstream has committed a fix for it. > > We already uploaded a fixed version to unstable, and now we would like to > backport it to jessie as well. The debdiff follows. I have verified that it > fixes the problem on a vanilla jessie amd64 installation. > > Thank you! > > Kind regards, > Luca Boccassi > > > diff -Nru libvdpau-0.8/debian/changelog libvdpau-0.8/debian/changelog > --- libvdpau-0.8/debian/changelog 2015-09-05 13:14:50.0 +0100 > +++ libvdpau-0.8/debian/changelog 2015-10-29 19:30:28.0 + > @@ -1,3 +1,10 @@ > +libvdpau (0.8-3+deb8u2) jessie; urgency=medium The diff looks good, could you change the target to jessie-security and upload to security-master? Also, do you plan to prepare an update for wheezy-security as well? Cheers signature.asc Description: PGP signature
Bug#803410: jessie-pu: package libvdpau/0.8-3+deb8u2
On Fri, 2015-10-30 at 14:32 +0100, Alessandro Ghedini wrote: > On Thu, Oct 29, 2015 at 07:52:23pm +, luca wrote: > > Package: release.debian.org > > Severity: normal > > Tags: jessie > > User: release.debian@packages.debian.org > > Usertags: pu > > > > Dear release team, > > > > We would like to update libvdpau in jessie to address a segmentation fault > > in a > > particular use case. > > > > 0.8-3+deb8u1 was uploaded through jessie-security with an upstream fix for 3 > > security bugs: CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 (see > > https://bugs.debian.org/797895). > > > > The upstream patch unfortunately introduced a regression when running with > > DRI_PRIME=1, as reported by a user in https://bugs.debian.org/802625 and > > upstream has committed a fix for it. > > > > We already uploaded a fixed version to unstable, and now we would like to > > backport it to jessie as well. The debdiff follows. I have verified that it > > fixes the problem on a vanilla jessie amd64 installation. > > > > Thank you! > > > > Kind regards, > > Luca Boccassi > > > > > > diff -Nru libvdpau-0.8/debian/changelog libvdpau-0.8/debian/changelog > > --- libvdpau-0.8/debian/changelog 2015-09-05 13:14:50.0 +0100 > > +++ libvdpau-0.8/debian/changelog 2015-10-29 19:30:28.0 + > > @@ -1,3 +1,10 @@ > > +libvdpau (0.8-3+deb8u2) jessie; urgency=medium > > The diff looks good, could you change the target to jessie-security and upload > to security-master? Committed in git, but I'll have to ask Andreas to upload as I lack the supercow powers :-) Andreas, the new version is tested and ready in the jessie branch in git [1], could you please upload to security-master when you have time? Thanks! > Also, do you plan to prepare an update for wheezy-security as well? I'll have access to a wheezy guinea pig machine on Monday, so if the regression is present there as well I'll test a patched version and reply back here. Kind regards, Luca Boccassi [1] https://anonscm.debian.org/cgit/pkg-nvidia/libvdpau.git/log/?h=jessie signature.asc Description: This is a digitally signed message part
Bug#803410: jessie-pu: package libvdpau/0.8-3+deb8u2
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Dear release team, We would like to update libvdpau in jessie to address a segmentation fault in a particular use case. 0.8-3+deb8u1 was uploaded through jessie-security with an upstream fix for 3 security bugs: CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 (see https://bugs.debian.org/797895). The upstream patch unfortunately introduced a regression when running with DRI_PRIME=1, as reported by a user in https://bugs.debian.org/802625 and upstream has committed a fix for it. We already uploaded a fixed version to unstable, and now we would like to backport it to jessie as well. The debdiff follows. I have verified that it fixes the problem on a vanilla jessie amd64 installation. Thank you! Kind regards, Luca Boccassi diff -Nru libvdpau-0.8/debian/changelog libvdpau-0.8/debian/changelog --- libvdpau-0.8/debian/changelog 2015-09-05 13:14:50.0 +0100 +++ libvdpau-0.8/debian/changelog 2015-10-29 19:30:28.0 + @@ -1,3 +1,10 @@ +libvdpau (0.8-3+deb8u2) jessie; urgency=medium + + [Luca Boccassi] + * Cherry-pick patch for DRI_PRIME crash. (Closes: #802625) + + -- Luca BoccassiWed, 28 Oct 2015 22:41:57 + + libvdpau (0.8-3+deb8u1) jessie-security; urgency=high * Patch for CVE 2015-5198, 2015-5199, 2015-5200 diff -Nru libvdpau-0.8/debian/gbp.conf libvdpau-0.8/debian/gbp.conf --- libvdpau-0.8/debian/gbp.conf2015-09-05 13:13:56.0 +0100 +++ libvdpau-0.8/debian/gbp.conf2015-10-29 19:25:06.0 + @@ -1,6 +1,6 @@ [DEFAULT] upstream-branch = upstream -debian-branch = master +debian-branch = jessie upstream-tag = upstream/%(version)s debian-tag = debian/%(version)s pristine-tar = True diff -Nru libvdpau-0.8/debian/patches/missing-configh-include.patch libvdpau-0.8/debian/patches/missing-configh-include.patch --- libvdpau-0.8/debian/patches/missing-configh-include.patch 1970-01-01 01:00:00.0 +0100 +++ libvdpau-0.8/debian/patches/missing-configh-include.patch 2015-10-28 23:47:48.0 + @@ -0,0 +1,28 @@ +From: Rico Tzschichholz +Date: Tue, 1 Sep 2015 10:45:11 +0200 +Subject: mesa_dri2: Add missing include of config.h to define _GNU_SOURCE + +Fix build with -Wimplicit-function-declaration while secure_getenv() is +guarded by __USE_GNU. + +Reviewed-by: Aaron Plattner +Tested-by: Stefan Dirsch +(cherry picked from commit 1cda354bdfd0c9ca107293b84b52f4464fdbedcc) +--- + src/mesa_dri2.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/mesa_dri2.c b/src/mesa_dri2.c +index 51e8794..420ccee 100644 +--- a/src/mesa_dri2.c b/src/mesa_dri2.c +@@ -33,6 +33,9 @@ + * and José Hiram Soltren (jsolt...@nvidia.com) + */ + ++#ifdef HAVE_CONFIG_H ++#include "config.h" ++#endif + + #define NEED_REPLIES + #include diff -Nru libvdpau-0.8/debian/patches/series libvdpau-0.8/debian/patches/series --- libvdpau-0.8/debian/patches/series 2015-09-05 13:13:56.0 +0100 +++ libvdpau-0.8/debian/patches/series 2015-10-29 19:25:06.0 + @@ -5,3 +5,4 @@ vdpau-module-searchpath.patch hardening.patch 0007-Use-secure_getenv-3-to-improve-security.patch +missing-configh-include.patch
Bug#803410: jessie-pu: package libvdpau/0.8-3+deb8u2
On Thu, Oct 29, 2015 at 07:52:23PM +, luca wrote: > Package: release.debian.org > Severity: normal > Tags: jessie > User: release.debian@packages.debian.org > Usertags: pu > > Dear release team, > > We would like to update libvdpau in jessie to address a segmentation fault in > a > particular use case. > > 0.8-3+deb8u1 was uploaded through jessie-security with an upstream fix for 3 > security bugs: CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 (see > https://bugs.debian.org/797895). If that bug was introduced through a security update, we usually also fix the regression in a DSA. Alessandro, since you took care of the DSA for libvdpau, could you look into this? Cheers, Moritz