Bug#1104893: bookworm-pu: package nvidia-open-gpu-kernel-modules/535.247.01-1~deb12u1

Andreas Beckmann anbe at debian.org
Thu May 8 00:12:04 BST 2025 

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org at packages.debian.org
Usertags: pu
X-Debbugs-Cc: nvidia-open-gpu-kernel-modules at packages.debian.org
Control: affects -1 + src:nvidia-open-gpu-kernel-modules

[ Reason ]
In order to fix a few CVEs we need to update
src:nvidia-open-gpu-kernel-modules (and src:nvidia-graphics-drivers in
lock-step for firmware-nvidia-gsp) to a new upstream release.

[ Impact ]
A proprietary graphics driver with unfixed CVEs.

[ Tests ]
autopkgtests for building the kernel module.

[ Risks ]
Updating the nvidia driver stack to a new upstream release in stable is
an established procedure.

[ Checklist ]
  [*] *all* changes are documented in the d/changelog
  [*] I reviewed all changes and I approve them
  [*] attach debdiff against the package in (old)stable
      only for the debian/ directory
  [*] the issue is verified as fixed in unstable

[ Changes ]
+  * New upstream LTS and Tesla branch release 535.247.01 (2025-04-17).
+    * Fixed CVE-2025-23244.  (Closes: #1104076)
+      https://nvidia.custhelp.com/app/answers/detail/a_id/5630
+  * New upstream LTS and Tesla branch release 535.230.02 (2025-01-16).
+    * Fixed CVE-2024-0150, CVE-2024-0147, CVE-2024-53869, CVE-2024-0131,
+      CVE-2024-0149.  (Closes: #1093916)
+      https://nvidia.custhelp.com/app/answers/detail/a_id/5614
+  * Do not add -mfunction-return=thunk-extern flag, breaks backwards
+    compatibility with kernels built without this flag.
+  * Apply both patch sets manually.
+  * Backport NV_MODULE_IMPORT_NS_TAKES_STRING_LITERAL and
+    NV_CRYPTO_AKCIPHER_VERIFY_PRESENT changes from 550.144.03 and
+    NV_FOLIO_TEST_SWAPCACHE_PRESENT changes from 565.57.01 to fix open kernel
+    module build for Linux 6.13.
+  * Let pahole ignore language c++11 for BTF generation.  (Closes: #1098812)
+  * Fix warnings during open module build.
+  * Build with more kernel hardening flags.
+  * Sync with src:nvidia-graphics-drivers.
+  * Bump Standards-Version to 4.7.2. No changes needed.
+  * New upstream Tesla branch release 535.216.03 (2024-11-19).

[ Other info ]
This is a rebuild of the package from sid with no further changes.


Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nvidia-open-gpu-kernel-modules_535.247.01-1~deb12u1.diff.xz
Type: application/x-xz
Size: 16084 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-nvidia-devel/attachments/20250508/c1cd2863/attachment-0001.xz>

More information about the pkg-nvidia-devel mailing list