Bug#856174: jessie-pu: package nvidia-graphics-drivers-legacy-304xx/304.135-1

Sat, 25 Feb 2017 14:42:27 -0800 

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian....@packages.debian.org
Usertags: pu

Hi,

a new upstream release is needed to fix the latest CVE series in the
legacy driver too.

Intentionally no +deb8u1 suffix to reduce the version number inflation
when backporting this to wheezy(-backports).

The "Depend on a setuid root Xserver." changelog entry was a mismerge
in the previous pu upload, this change is not needed in stable.


Andreas

Index: debian/copyright
===================================================================
--- debian/copyright	(.../tags/304.134-0~deb8u1)	(revision 7212)
+++ debian/copyright	(.../branches/jessie)	(revision 7212)
@@ -18,7 +18,7 @@
 
 Files: debian/*
 Copyright: 2001-2010 Randall Donald <rdon...@debian.org>
-           2009-2016 Andreas Beckmann <a...@debian.org>
+           2009-2017 Andreas Beckmann <a...@debian.org>
            2010 Russ Allbery <r...@debian.org>
            Based on packages by Christopher Cheney.
 License: GPL-2.0+
Index: debian/module/debian/patches/drm-driver-legacy.patch
===================================================================
--- debian/module/debian/patches/drm-driver-legacy.patch	(.../tags/304.134-0~deb8u1)	(revision 0)
+++ debian/module/debian/patches/drm-driver-legacy.patch	(.../branches/jessie)	(revision 7212)
@@ -0,0 +1,20 @@
+Author: Luca Boccassi <luca.bocca...@gmail.com>
+Description: Fix kernel module load on 4.9 and greater
+ From kernel 4.9 and newer (commit fa5386459f06) non-modesetting drivers have
+ to use the DRM flag DRIVER_LEGACY. Without this flag the kernel module does
+ not load correctly.
+
+--- a/nv-drm.c
++++ b/nv-drm.c
+@@ -71,7 +71,11 @@
+ };
+ 
+ static struct drm_driver nv_drm_driver = {
++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 9, 0)
+     .driver_features = 0,
++#else
++    .driver_features = DRIVER_LEGACY,
++#endif
+     .load = nv_drm_load,
+     .unload = nv_drm_unload,
+     .fops = &nv_drm_fops,
Index: debian/module/debian/patches/disable-mtrr.patch
===================================================================
--- debian/module/debian/patches/disable-mtrr.patch	(.../tags/304.134-0~deb8u1)	(revision 7212)
+++ debian/module/debian/patches/disable-mtrr.patch	(.../branches/jessie)	(revision 7212)
@@ -23,3 +23,15 @@
  #if !defined(NV_VMWARE) && defined(CONFIG_MTRR)
  #include <asm/mtrr.h>
  #endif
+--- a/os-agp.c
++++ b/os-agp.c
+@@ -180,8 +180,8 @@
+     {
+         nv_mtrr_del(nv->agp.arch_phys_wc_add_token, agp_info.aper_base,
+                     agp_info.aper_size << 20);
+-#endif
+     }
++#endif
+ release:
+     NV_AGPGART_BACKEND_RELEASE(drm_agp_p, nvl->agp_bridge);
+ bailout:
Index: debian/module/debian/patches/deprecated-cpu-events.patch
===================================================================
--- debian/module/debian/patches/deprecated-cpu-events.patch	(.../tags/304.134-0~deb8u1)	(revision 0)
+++ debian/module/debian/patches/deprecated-cpu-events.patch	(.../branches/jessie)	(revision 7212)
@@ -0,0 +1,49 @@
+Author: Luca Boccassi <luca.bocca...@gmail.com>
+Description: Fix kernel module build on 4.10 and greater
+ From kernel 4.10 and newer (commit 530e9b76ae8f8) CPU_DOWN_FAILED and
+ CPU_DOWN_PREPARE are no longer available as events, together with their
+ callback registers.
+--- a/nv-pat.c
++++ b/nv-pat.c
+@@ -210,19 +210,23 @@
+ 
+     switch (action)
+     {
++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
+         case CPU_DOWN_FAILED:
++#endif
+         case CPU_ONLINE:
+             if (cpu == (NvUPtr)hcpu)
+                 nv_setup_pat_entries(NULL);
+             else
+                 NV_SMP_CALL_FUNCTION(nv_setup_pat_entries, hcpu, 1);
+             break;
++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
+         case CPU_DOWN_PREPARE:
+             if (cpu == (NvUPtr)hcpu)
+                 nv_restore_pat_entries(NULL);
+             else
+                 NV_SMP_CALL_FUNCTION(nv_restore_pat_entries, hcpu, 1);
+             break;
++#endif
+     }
+ 
+     put_cpu();
+@@ -252,7 +256,7 @@
+     if (!disable_pat)
+     {
+         nv_enable_pat_support();
+-#if defined(NV_ENABLE_PAT_SUPPORT) && defined(NV_ENABLE_HOTPLUG_CPU)
++#if defined(NV_ENABLE_PAT_SUPPORT) && defined(NV_ENABLE_HOTPLUG_CPU) && LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
+         if (nv_pat_mode == NV_PAT_MODE_BUILTIN)
+         {
+             if (register_hotcpu_notifier(&nv_hotcpu_nfb) != 0)
+@@ -279,7 +283,7 @@
+     if (nv_pat_mode == NV_PAT_MODE_BUILTIN)
+     {
+         nv_disable_pat_support();
+-#if defined(NV_ENABLE_PAT_SUPPORT) && defined(NV_ENABLE_HOTPLUG_CPU)
++#if defined(NV_ENABLE_PAT_SUPPORT) && defined(NV_ENABLE_HOTPLUG_CPU) && LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
+         unregister_hotcpu_notifier(&nv_hotcpu_nfb);
+ #endif
+     }
Index: debian/module/debian/patches/series.in
===================================================================
--- debian/module/debian/patches/series.in	(.../tags/304.134-0~deb8u1)	(revision 7212)
+++ debian/module/debian/patches/series.in	(.../branches/jessie)	(revision 7212)
@@ -1,5 +1,7 @@
 # kernel support
 fix-typos.patch
+drm-driver-legacy.patch
+deprecated-cpu-events.patch
 
 # build system updates
 separate-makefile-kbuild.patch
Index: debian/changelog
===================================================================
--- debian/changelog	(.../tags/304.134-0~deb8u1)	(revision 7212)
+++ debian/changelog	(.../branches/jessie)	(revision 7212)
@@ -1,7 +1,23 @@
+nvidia-graphics-drivers-legacy-304xx (304.135-1) jessie; urgency=medium
+
+  * New upstream legacy 304xx branch release 304.135 (2017-02-14).
+    * Fixed CVE-2017-0309, CVE-2017-0310, CVE-2017-0311, CVE-2017-0318,
+      CVE-2017-0321.  (Closes: #855279)
+
+  [ Luca Boccassi ]
+  * Synchronize packaging with nvidia-graphics-drivers-legacy-304xx 304.135-2:
+    - Add deprecated-cpu-events.patch and update disable-mtrr.patch to fix
+      kernel module build on Linux 4.10 and newer.
+  * Synchronize packaging with nvidia-graphics-drivers-legacy-304xx 304.134-2:
+    - Add drm-driver-legacy.patch to fix nvidia kernel module load issue on
+      Linux 4.9 and newer.  (Closes: #852152)
+
+ -- Andreas Beckmann <a...@debian.org>  Sat, 25 Feb 2017 23:09:26 +0100
+
 nvidia-graphics-drivers-legacy-304xx (304.134-0~deb8u1) jessie; urgency=medium
 
   * New upstream legacy 304xx branch release 304.134 (2016-12-14).
-    * Fixed CVE-2016-8826.  (Closes: #848195)
+    * Fixed CVE-2016-8826.  (Closes: #848197)
     - Added support for X.Org xserver ABI 23 (xorg-server 1.19)
     * Improved compatibility with recent Linux kernels.
   * New upstream legacy 304xx branch release 304.132 (2016-09-26).
@@ -51,13 +67,13 @@
       uses are no longer exported, causing a failure when the module is
       loaded at runtime.  (Closes: #809324)
   * Drop some packaging bits needed for 340.xx and newer drivers only.
-  * Depend on a setuid root Xserver.  (Closes: #805554)
   * Add xorg-video-abi-23 as alternative dependency.  (Closes: #845639)
   * nvidia-legacy-304xx-alternative: Restrict Depends: glx-alternative-nvidia
     to (<< 0.7). Uploading a new upstream legacy release to stable will
     invalidate package relationships in unstable, thus permitting some
     (partial) upgrade paths that will fail.
   * Update lintian overrides.
+  * Upload to jessie.
 
  -- Andreas Beckmann <a...@debian.org>  Tue, 03 Jan 2017 10:05:35 +0100
 

Property changes on: .
___________________________________________________________________
Modified: svn:mergeinfo
   Merged /packages/nvidia-graphics-drivers/branches/304:r7072-7202
   Merged /packages/nvidia-graphics-drivers/branches/304-jessie:r7089-7209

Reply via email to