Bug#987725: buster-pu: package nvidia-graphics-drivers/418.197.02-1

[Andreas Beckmann]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian....@packages.debian.org
Usertags: pu

Hi,

let's fix CVE-2021-1076 by updating the non-free nvidia-graphics-drivers
in buster to a new upstream release.
This driver version is in sid and bullseye available as
src:nvidia-graphics-drivers-tesla-418

There is an additional packaging change: the creation of the missing
libnvidia-ml.so symlink.

Andreas

diff --git a/debian/changelog b/debian/changelog
index 154072b1..d50a7005 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+nvidia-graphics-drivers (418.197.02-1) buster; urgency=medium
+
+  * New upstream Tesla release 418.197.02 (2021-04-19).
+    * Fixed CVE-2021-1076.  (Closes: #987216)
+      https://nvidia.custhelp.com/app/answers/detail/a_id/5172
+
+  [ Andreas Beckmann ]
+  * nvidia-alternative: Add libnvidia-ml.so slave alternative if
+    libnvidia-ml-dev is installed (460.56-2).  (Closes: #984881)
+
+ -- Andreas Beckmann <a...@debian.org>  Tue, 20 Apr 2021 15:01:59 +0200
+
 nvidia-graphics-drivers (418.181.07-1) buster; urgency=medium
 
   * New upstream Tesla release 418.181.07 (2021-01-19).
@@ -607,6 +619,19 @@ nvidia-graphics-drivers (396.18-1) experimental; 
urgency=medium
 
  -- Andreas Beckmann <a...@debian.org>  Sun, 22 Apr 2018 13:59:45 +0200
 
+nvidia-graphics-drivers (390.143-1) UNRELEASED; urgency=medium
+
+  * New upstream legacy branch release 390.143 (2021-04-19).
+    * Fixed CVE-2021-1076.
+      https://nvidia.custhelp.com/app/answers/detail/a_id/5172
+    - Fixed a bug where vkCreateSwapchain could cause the X Server to crash
+      when an invalid imageFormat was provided.
+    - Fixed a driver installation failure on Linux kernel 5.11 release
+      candidates, where the NVIDIA kernel module failed to build with error
+      "fatal error: asm/kmap_types.h: No such file or directory".
+
+ -- Andreas Beckmann <a...@debian.org>  Mon, 19 Apr 2021 22:38:56 +0200
+
 nvidia-graphics-drivers (390.141-1) UNRELEASED; urgency=medium
 
   * New upstream legacy branch release 390.141 (2021-01-07).
diff --git a/debian/control.md5sum b/debian/control.md5sum
index 0a0335ac..8eef27fc 100644
--- a/debian/control.md5sum
+++ b/debian/control.md5sum
@@ -1,5 +1,5 @@
 d821215e307c351bf49071c22198c3cf  debian/control
 e4f873e158ee77960509ee7b1737f5ae  debian/control.in
 db12f898b07cdaf431ad34bd68a1662e  debian/gen-control.pl
-cd0f1042158bc0093df3bde0a9f851b2  debian/rules
+bdecb50e210cbb969730b9369509aaed  debian/rules
 c461274a68eab2da346c5d34d32f2485  debian/rules.defs
diff --git a/debian/nvidia-alternative.postinst.in 
b/debian/nvidia-alternative.postinst.in
index 1069caa7..8f6bc805 100644
--- a/debian/nvidia-alternative.postinst.in
+++ b/debian/nvidia-alternative.postinst.in
@@ -82,10 +82,14 @@ if [ "$1" = "triggered" ]; then
                $(add_slave /etc/nvidia/nvidia-modprobe.conf 
nvidia-modprobe.conf /etc/#PRIVATE#/nvidia-modprobe.conf)
                $(add_slave /etc/nvidia/nvidia-load.conf nvidia-load.conf 
/etc/#PRIVATE#/nvidia-load.conf)
 "
+       libnvidia_ml_so_slave=
+       if [ -f /usr/include/nvml.h ]; then
+               libnvidia_ml_so_slave="$(add_multiarch_slave /usr/lib "" 
libnvidia-ml.so /usr/lib #PRIVATE#/)"
+       fi
        if echo "$slaves" | grep -q "slave" ; then
-               update-alternatives --install /usr/lib/nvidia/nvidia nvidia 
/usr/lib/#PRIVATE# #MAJOR# $slaves $conf_slaves
+               update-alternatives --install /usr/lib/nvidia/nvidia nvidia 
/usr/lib/#PRIVATE# #MAJOR# $slaves $conf_slaves $libnvidia_ml_so_slave
                # work around #916799 and re-register the alternative to 
clean-up leftover slaves
-               update-alternatives --install /usr/lib/nvidia/nvidia nvidia 
/usr/lib/#PRIVATE# #MAJOR# $slaves $conf_slaves
+               update-alternatives --install /usr/lib/nvidia/nvidia nvidia 
/usr/lib/#PRIVATE# #MAJOR# $slaves $conf_slaves $libnvidia_ml_so_slave
        else
                update-alternatives --remove nvidia /usr/lib/#PRIVATE#
        fi
diff --git a/debian/nvidia-alternative.triggers.in 
b/debian/nvidia-alternative.triggers.in
index 153c0e6a..e4886029 100644
--- a/debian/nvidia-alternative.triggers.in
+++ b/debian/nvidia-alternative.triggers.in
@@ -4,3 +4,5 @@ interest-await /etc/#PRIVATE#
 interest-await /usr/lib/#PRIVATE#
 interest-await /usr/lib/i386-linux-gnu/#PRIVATE#
 interest-await /usr/lib/x86_64-linux-gnu/#PRIVATE#
+
+interest-await /usr/include/nvml.h
diff --git a/debian/rules b/debian/rules
index 5f8236c2..2c24bc17 100755
--- a/debian/rules
+++ b/debian/rules
@@ -169,9 +169,9 @@ nonglvnd/nvidia_icd.json: $(nvidia_icd.json.template)
        sed 's/__NV_VK_ICD__/libGL.so.1/' $< > $@
 
 nv-readme.ids: unpack-stamp
-       sed     -e '0,/A. Supported\|APPENDIX A: SUPPORTED/d' \
-               -e '0,/Appendix A. Supported\|APPENDIX A: SUPPORTED/d' \
-               -e '0,/^Below\|APPENDIX B/{/ 0x/s/.*  
0x\([0-9a-fA-F]\{4\}\).*/10de\1/p; /^.\{41\} [0-9a-fA-F]\{4\} /s/^.\{41\} 
\([0-9a-fA-F]\{4\}\) .*/10de\1/p};d' \
+       sed -r  -e '0,/A. Supported|APPENDIX A: SUPPORTED/d' \
+               -e '0,/Appendix A. Supported|APPENDIX A: SUPPORTED/d' \
+               -e '0,/^Below|APPENDIX B/{/ 0x/s/.*  
0x([0-9a-fA-F]{4}).*/10de\1/p; /^(.{41}|.{49}) [0-9a-fA-F]{4} /s/^(.{41}|.{49}) 
([0-9a-fA-F]{4}) .*/10de\2/p};d' \
                NVIDIA-Linux/README.txt \
                | tr a-f A-F | sort -u > $@
        @set -e -x ; \