firmware-nonfree - Debian Package Tracker

general

source: firmware-nonfree (non-free-firmware)
version: 20250917-1
maintainer: Debian Kernel Team (archive) (DMD)
uploaders: Bastian Blank [DMD] – Salvatore Bonaccorso [DMD] – maximilian attems [DMD] – Ben Hutchings [DMD]
arch: all
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 20210315-3
oldstable: 20230210-5
old-bpo: 20250410-2~bpo12+1
stable: 20250410-2
stable-bpo: 20250808-1~bpo13+1
testing: 20250808-1
unstable: 20250917-1

versioned links

20210315-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20230210-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20250410-2~bpo12+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20250410-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20250808-1~bpo13+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20250808-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20250917-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

firmware-amd-graphics (8 bugs: 0, 7, 1, 0)
firmware-atheros (3 bugs: 0, 3, 0, 0)
firmware-bnx2
firmware-bnx2x
firmware-brcm80211 (3 bugs: 0, 3, 0, 0)
firmware-cavium
firmware-cirrus
firmware-intel-graphics
firmware-intel-misc
firmware-intel-sound (1 bugs: 0, 1, 0, 0)
firmware-ipw2x00
firmware-ivtv
firmware-iwlwifi (15 bugs: 0, 15, 0, 0)
firmware-libertas
firmware-linux
firmware-linux-nonfree (4 bugs: 0, 1, 3, 0)
firmware-marvell-prestera
firmware-mediatek (1 bugs: 0, 1, 0, 0)
firmware-misc-nonfree (10 bugs: 0, 8, 2, 0)
firmware-myricom
firmware-netronome
firmware-netxen (1 bugs: 0, 1, 0, 0)
firmware-nvidia-graphics (1 bugs: 0, 1, 0, 0)
firmware-qcom-media
firmware-qcom-soc
firmware-qlogic
firmware-realtek (4 bugs: 0, 4, 0, 0)
firmware-samsung
firmware-siano (1 bugs: 0, 1, 0, 0)
firmware-ti-connectivity (1 bugs: 0, 1, 0, 0)

action needed

A new upstream version is available: 20251021 high

A new upstream version 20251021 is available, you should consider packaging it.

Created: 2025-09-21 Last update: 2025-10-23 17:05

13 security issues in buster high

There are 13 open security issues in buster.

12 important issues:

CVE-2023-25951: Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-26586: Uncaught exception for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-28374: Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-28720: Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access..
CVE-2023-32642: Insufficient adherence to expected conventions for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-32644: Protection mechanism failure for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-32651: Improper validation of specified type of input for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-33875: Improper access control for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via local access..
CVE-2023-34983: Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-35061: Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
CVE-2023-38417: Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-47210: Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

1 issue postponed or untriaged:

CVE-2023-4969: (postponed; to be fixed through a stable update) A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.

Created: 2024-05-02 Last update: 2024-05-22 17:48

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2025-10-21 Last update: 2025-10-23 20:30

4 bugs tagged help in the BTS normal

The BTS contains 4 bugs tagged help, please consider helping the maintainer in dealing with them.

Created: 2019-03-21 Last update: 2025-10-23 20:00

3 bugs tagged patch in the BTS normal

The BTS contains patches fixing 3 bugs (4 if counting merged bugs), consider including or untagging them.

Created: 2025-01-06 Last update: 2025-10-23 20:00

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 20250917-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 353261089a61c516cf1b1c563c321365877e1137
Merge: 5685596 9d92c4e
Author: Ben Hutchings <benh@debian.org>
Date:   Mon Oct 20 23:00:56 2025 +0200

    Merge branch 'avoid-broken-links' into 'debian/latest'
    
    Fix another broken symlink and avoid creating more of them
    
    See merge request kernel-team/firmware-nonfree!133

commit 9d92c4ee121801497e37268ffdb023209ab8a078
Author: Ben Hutchings <benh@debian.org>
Date:   Mon Oct 20 22:13:20 2025 +0200

    intel-misc: Include Lenovo ThinkPad X1 2-in-1 Gen 10 ISH firmware
    
    Add the ISH firmware for a Lenovo ThinkPad model.  This is under
    LENOVO/ish because it has a different licence, but there is a symlink
    to it under intel/ish that we already include.
    
    This broken symlink was caught by the check added in the previous
    commit.
    
    Also documented this file in debian/copyright.

commit 53b61f2bb7506c6e1d83949615885dd40c4f036c
Author: Ben Hutchings <benh@debian.org>
Date:   Mon Oct 20 21:48:23 2025 +0200

    d/rules: Check for broken symlinks among installed firmware
    
    Now that we only deduplicate files within each binary package, that
    should not create any broken symlinks.  But symlinks can also be
    explicitly defined by WHENCE, so we could still include such a symlink
    and not the file to points to.
    
    Add a check for broken symlinks after running dh_install and
    deduplicating.  For now, this excludes the intentional cross-package
    symlinks from firmware-qcom-soc to firmware-atheros.

commit 6e628aeadca2153e56e895687bef583929278a7a
Author: Ben Hutchings <benh@debian.org>
Date:   Mon Oct 20 21:21:53 2025 +0200

    d/rules: Only deduplicate files that are packaged
    
    Bug #1118195 was caused by dedupe-firmware.sh symlinking a file that
    we included in a binary package to an identical file that we didn't
    yet include.  In general we would want to include both the identical
    files in the same package, but we don't currently have a way to make
    that happen automatically.
    
    To avoid similar bugs in future, switch to running dedupe-firmware.sh
    on each package installation directory, not on debian/build/install.
    
    Also stop running dedupe-firmware.sh in the debian/control-real
    recipe, and update the comment there.

commit 5685596f2ddd9c4e6e1e694c017226a87f832528
Merge: b2c16d3 3c2cdcf
Author: Ben Hutchings <benh@debian.org>
Date:   Mon Oct 20 20:55:08 2025 +0200

    Merge branch 'fix-arm-mali-firmware' into 'debian/latest'
    
    misc-nonfree: Include all Arm Mali firmware
    
    See merge request kernel-team/firmware-nonfree!132

commit 3c2cdcf46c592fbbc1860c0619cf179b4ffd7626
Author: Diederik de Haas <didi.debian@cknow.org>
Date:   Thu Oct 16 13:22:20 2025 +0200

    misc-nonfree: Include all Arm Mali firmware
    
    Various new Arm Mali firmware files were added in upstream commit
    930ef9046e38 ("panthor: Add firmware for more Mali GPUs")
    
    Therefore extend the defines pattern to include them all.
    Also extend the copyright pattern in a similar vein as the new files are
    licensed under the same license terms as the existing file.
    
    Signed-off-by: Diederik de Haas <didi.debian@cknow.org>

Created: 2025-10-20 Last update: 2025-10-20 22:32

1 open merge request in Salsa normal

There is 1 open merge request for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2025-10-20 Last update: 2025-10-20 19:31

lintian reports 21 warnings normal

Lintian reports 21 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-10-16 Last update: 2025-10-16 06:32

AppStream hints: 1 warning for firmware-bnx2,firmware-intel-graphics,firmware-qlogic,firmware-nvidia-graphics,firmware-intel-sound,firmware-ipw2x00,firmware-amd-graphics,firmware-intel-misc,firmware-iwlwifi,firmware-samsung,firmware-realtek,firmware-libertas,firmware-ti-connectivity,firmware-mediatek,firmware-cavium,firmware-atheros,firmware-marvell-prestera,firmware-bnx2x,firmware-brcm80211,firmware-misc-nonfree,firmware-siano,firmware-myricom,firmware-qcom-soc,firmware-ivtv,firmware-cirrus,firmware-netronome,firmware-netxen normal

AppStream found metadata issues for packages:

firmware-ipw2x00: 1 warning

You should get rid of them to provide more metadata about this software.

Created: 2024-01-27 Last update: 2025-04-21 17:20

debian/patches: 1 patch to forward upstream low

Among the 4 debian patches available in version 20250917-1 of the package, we noticed the following issues:

1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2024-12-20 Last update: 2025-10-16 07:33

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.3.0).

Created: 2023-05-16 Last update: 2025-10-16 01:32

No known security issue in bookworm wishlist

There are 13 open security issues in bookworm.

13 ignored issues:

CVE-2023-4969: A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.
CVE-2022-27635: Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-36351: Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2022-38076: Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-40964: Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-46329: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-35061: Improper initialization for the Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
CVE-2023-38417: Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-47210: Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2024-23198: Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access.
CVE-2024-24984: Improper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.40 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2024-25563: Improper initialization in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi before version 23.40 may allow a privileged user to potentially enable information disclosure via local access.
CVE-2024-28049: Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi wireless products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access.

Created: 2023-08-18 Last update: 2025-10-15 21:34

testing migrations

excuses:
- Migration status for firmware-nonfree (20250808-1 to 20250917-1): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ Updating firmware-nonfree would introduce bugs in testing: #1118195
- Additional info:
- ∙ ∙ Cannot be tested by piuparts (not a blocker) - (no link yet)
- ∙ ∙ 8 days old (needed 5 days)
- Not considered

news

[rss feed]

[2025-10-15] Accepted firmware-nonfree 20250917-1 (source) into unstable (Ben Hutchings)
[2025-09-09] Accepted firmware-nonfree 20250808-1~bpo13+1 (all source) into stable-backports (Debian FTP Masters) (signed by: Ben Hutchings)
[2025-08-21] firmware-nonfree 20250808-1 MIGRATED to testing (Debian testing watch)
[2025-08-15] Accepted firmware-nonfree 20250808-1 (source) into unstable (Ben Hutchings)
[2025-07-08] Accepted firmware-nonfree 20250708-1 (source) into experimental (Ben Hutchings)
[2025-07-08] Accepted firmware-nonfree 20250627-1 (source) into experimental (Ben Hutchings)
[2025-06-21] Accepted firmware-nonfree 20250613-1 (source) into experimental (Ben Hutchings)
[2025-06-19] Accepted firmware-nonfree 20250509-1 (source) into experimental (Ben Hutchings)
[2025-05-28] Accepted firmware-nonfree 20250410-2~bpo12+1 (source) into stable-backports (Ben Hutchings)
[2025-05-05] firmware-nonfree 20250410-2 MIGRATED to testing (Debian testing watch)
[2025-04-24] Accepted firmware-nonfree 20250410-2 (source) into unstable (Ben Hutchings)
[2025-04-21] Accepted firmware-nonfree 20250410-1 (source) into unstable (Ben Hutchings)
[2025-04-15] Accepted firmware-nonfree 20250311-1 (source) into unstable (Ben Hutchings)
[2025-04-14] Accepted firmware-nonfree 20250211-1 (source) into unstable (Ben Hutchings)
[2025-04-13] Accepted firmware-nonfree 20250109-1 (source) into unstable (Ben Hutchings)
[2025-03-20] Accepted firmware-nonfree 20241210-1~bpo12+1 (source) into stable-backports (Ben Hutchings)
[2024-12-25] firmware-nonfree 20241210-1 MIGRATED to testing (Debian testing watch)
[2024-12-19] Accepted firmware-nonfree 20241210-1 (source) into unstable (Ben Hutchings)
[2024-11-04] firmware-nonfree 20240909-2 MIGRATED to testing (Debian testing watch)
[2024-10-30] Accepted firmware-nonfree 20240909-2 (source) into unstable (Ben Hutchings)
[2024-10-07] Accepted firmware-nonfree 20240909-1 (source) into unstable (Ben Hutchings)
[2024-10-07] Accepted firmware-nonfree 20240811-1 (source) into unstable (Ben Hutchings)
[2024-09-06] Accepted firmware-nonfree 20240709-2~bpo12+1 (all source) into stable-backports (Debian FTP Masters) (signed by: Ben Hutchings)
[2024-09-06] firmware-nonfree 20240709-2 MIGRATED to testing (Debian testing watch)
[2024-09-01] Accepted firmware-nonfree 20240709-2 (source) into unstable (Ben Hutchings)
[2024-08-01] firmware-nonfree 20240709-1 MIGRATED to testing (Debian testing watch)
[2024-07-26] Accepted firmware-nonfree 20240709-1 (source) into unstable (Ben Hutchings)
[2024-07-21] firmware-nonfree 20240610-1 MIGRATED to testing (Debian testing watch)
[2024-07-15] Accepted firmware-nonfree 20240610-1 (source) into unstable (Ben Hutchings)
[2024-06-30] Accepted firmware-nonfree 20230625-3~exp3 (source) into experimental (Ben Hutchings)

bugs [bug history graph]

all: 66 72
RC: 0
I&N: 50 52
M&W: 15 18
F&P: 1 2
patch: 3 4
help: 4

links

lintian (0, 21)
buildd: logs
popcon
browse source code
edit tags
other distros
security tracker
debian patches