[PATCH 0/2] Security update for xorg-server and xorg-server-xwayland

  • Done
  • quality assurance status badge
Details
2 participants
  • John Kehayias
  • Kaelyn Takata
Owner
unassigned
Submitted by
Kaelyn Takata
Severity
normal

Debbugs page

Kaelyn Takata wrote 1 years ago
(address . guix-patches@gnu.org)(name . Kaelyn Takata)(address . kaelyn.alexi@protonmail.com)
cover.1705445709.git.kaelyn.alexi@protonmail.com
Update both xorg-server and xorg-server-xwayland to 21.1.11 and 23.2.4
respectively to address six security issues described in the release
announcement / security advisory from 2024-01-16:

Kaelyn Takata (2):
gnu: xorg-server: Update to 21.1.11 [security fixes].
gnu: xorg-server-xwayland: Update to 23.2.4 [security fixes].

gnu/packages/xorg.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)


base-commit: 20606ca9af1ac019073f4ed872a9ad9960ff0725
--
2.41.0
Kaelyn Takata wrote 1 years ago
[PATCH 1/2] gnu: xorg-server: Update to 21.1.11 [security fixes].
(address . 68520@debbugs.gnu.org)(name . Kaelyn Takata)(address . kaelyn.alexi@protonmail.com)
7a37f15687e60ef2d2f60cf8bbbea6770b25535f.1705445709.git.kaelyn.alexi@protonmail.com
Fixes CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886,
CVE-2024-0409, and CVE-2024-0408. See the X.Org security advisory
information.

* gnu/packages/xorg.scm (xorg-server): Update to 21.1.11.

Change-Id: I07cb273e2a504f94f8f26624d26ad79c6e92f109
---
gnu/packages/xorg.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 9624fb44aa..4f9af0ad2a 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -5017,7 +5017,7 @@ (define-public libxcvt
(define-public xorg-server
(package
(name "xorg-server")
- (version "21.1.10")
+ (version "21.1.11")
(source
(origin
(method url-fetch)
@@ -5025,7 +5025,7 @@ (define-public xorg-server
"/xserver/xorg-server-" version ".tar.xz"))
(sha256
(base32
- "1l0iaq83vbl9jr34sa7v7630c5bnp64drlw8yg6c6yn5xyib7c6f"))
+ "1vr6sc38sqipazsm61bcym2ggbgfgaamz7wf05mb31pvayyssg8x"))
(patches
(list
;; See:
--
2.41.0
Kaelyn Takata wrote 1 years ago
[PATCH 2/2] gnu: xorg-server-xwayland: Update to 23.2.4 [security fixes].
(address . 68520@debbugs.gnu.org)(name . Kaelyn Takata)(address . kaelyn.alexi@protonmail.com)
6268d77a20f457938140807ab0a6936686e99e14.1705445709.git.kaelyn.alexi@protonmail.com
Fixes CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886,
CVE-2024-0409, and CVE-2024-0408. See the X.Org security advisory
information.

* gnu/packages/xorg.scm (xorg-server-xwayland): Update to 23.2.4.

Change-Id: Ie6343d34652ba0caf00940775b5b227dd9bc05bc
---
gnu/packages/xorg.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 4f9af0ad2a..02deccc468 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -5250,7 +5250,7 @@ (define-public egl-wayland
(define-public xorg-server-xwayland
(package
(name "xorg-server-xwayland")
- (version "23.2.3")
+ (version "23.2.4")
(source
(origin
(method url-fetch)
@@ -5258,7 +5258,7 @@ (define-public xorg-server-xwayland
"/xserver/xwayland-" version ".tar.xz"))
(sha256
(base32
- "00p30yyikh7h9xsqgir66xb06pspgjlibv1mi0n42irc4fkrm7gb"))))
+ "0sxlh43cnpf56p2p5jnhp7427knfpy42mcka7f5hjcqddndib7m9"))))
(inputs (list font-dejavu
dbus
egl-wayland
--
2.41.0
Kaelyn wrote 1 years ago
Missed copyright line
(name . 68520@debbugs.gnu.org)(address . 68520@debbugs.gnu.org)
j1Vl3VHQyflnyOUCKyRZOx_jDcg5-SbyEyDNVmF7sUcseXzsC1gRJJqlcQn81nsoYGZJu3v2NCVwqKKvtckYfRiIlP5VUBWpVYOy2J6yF0U=@protonmail.com
Hi,

I just realized that with this patch series, along with my previous xorg.scm updates (commits 3080abba40 and 158502e40d) I forgot to add to the top of the file:

;;; Copyright © 2023, 2024 Kaelyn Takata <kaelyn.alexi@protonmail.com>

To be fair, I'm not too particular about the attribution for basic package updates--but I also know copyright is never a simple issue.

Cheers,
Kaelyn
John Kehayias wrote 1 years ago
(name . Kaelyn)(address . kaelyn.alexi@protonmail.com)(address . 68520-done@debbugs.gnu.org)
87edebd5r3.fsf@protonmail.com
Hi Kaelyn

On Tue, Jan 16, 2024 at 11:37 PM, Kaelyn wrote:

Toggle quote (4 lines)
> Hi,
>
> I just realized that with this patch series, along with my previous

Thanks for the quick work on these patches! I saw the security notice
but glad I checked the bug tracker first, made things even easier :)

By the way, this isn't mentioned anywhere but I think we should make it
a policy to CC (or directly only, if the need arises) the guix-security
mailing list. I'll try to make that happen.

Toggle quote (6 lines)
> xorg.scm updates (commits 3080abba40 and 158502e40d) I forgot to add
> to the top of the file:
>
> ;;; Copyright © 2023, 2024 Kaelyn Takata <kaelyn.alexi@protonmail.com>
>

I added it to ed6ff0ec7b6fe65a3cd7d40b1f301f8def6fb8e3 (first commit)
with a note that the copyright line is a followup to those previous
commits as well. Hopefully that covers it!

And committed the second patch as
c79ffe25e98607d6803f960d5187e4098e1dc7c2.

Toggle quote (4 lines)
> To be fair, I'm not too particular about the attribution for basic
> package updates--but I also know copyright is never a simple issue.
>

I'm not too particular either for my own, but I do think it is good to
have it clear especially when committing changes for someone else.
Though it is in the git log, too.

Toggle quote (3 lines)
> Cheers,
> Kaelyn

Thanks again!
John
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 68520@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 68520
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch
You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags
mumi command -t +confirmed -t +easy
Or, remove the moreinfo tag and set the help tag
mumi command -t -moreinfo -t +help