[PATCH 0/3] Update xorg-server and xwayland for CVE-2024-9632.

  • Done
  • quality assurance status badge
Details
3 participants
  • Andreas Enge
  • John Kehayias
  • Kaelyn Takata
Owner
unassigned
Submitted by
Kaelyn Takata
Severity
normal

Debbugs page

Kaelyn Takata wrote 4 months ago
(address . guix-patches@gnu.org)(name . Kaelyn Takata)(address . kaelyn.alexi@protonmail.com)
cover.1731011374.git.kaelyn.alexi@protonmail.com
This patch series updates xorg-server and xorg-server-xwayland to their latest
versions to fix CVE-2024-9632, which Red Hat has rated "7.8 High" according to

The updated Xwayland depends on a newer version of presentproto than is
available in the current xorgproto package, so I added xorgproto-next to
satisfy Xwayland's dependency while avoiding triggering 10761 additional
package rebuilds.

Kaelyn Takata (3):
gnu: xorg-server: Update to 21.1.14. [security fixes]
gnu: Add xorgproto-next.
gnu: xorg-server-xwayland: Update to 24.1.4 [security fixes].

gnu/packages/xorg.scm | 35 ++++++++++++++++++++++++++++-------
1 file changed, 28 insertions(+), 7 deletions(-)


base-commit: 2a6d96425eea57dc6dd48a2bec16743046e32e06
--
2.46.0
Kaelyn Takata wrote 4 months ago
[PATCH 1/3] gnu: xorg-server: Update to 21.1.14. [security fixes]
(address . 74248@debbugs.gnu.org)(name . Kaelyn Takata)(address . kaelyn.alexi@protonmail.com)
ace4d644e6f154b10124f37c8a8b0544a5736817.1731011374.git.kaelyn.alexi@protonmail.com
This fixes CVE-2024-9632.

* gnu/packages/xorg.scm (xorg-server): Update to 21.1.14.

Change-Id: I35fdd57991eef89fe339a0f79d361e05985187ce
---
gnu/packages/xorg.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 0de08a4ad1..1c5201a836 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -5017,7 +5017,7 @@ (define-public libxcvt
(define-public xorg-server
(package
(name "xorg-server")
- (version "21.1.12")
+ (version "21.1.14")
(source
(origin
(method url-fetch)
@@ -5025,7 +5025,7 @@ (define-public xorg-server
"/xserver/xorg-server-" version ".tar.xz"))
(sha256
(base32
- "03x954bygi6sdynk5yy3yvsfhg6i9gjhisn3x9jxvk5mw4mnw08y"))
+ "0dgfajrnkr8d61z1fjn249s3q1pm23v9w2f1aqb7sx64pp7048cg"))
(patches
(list
;; See:
--
2.46.0
Kaelyn Takata wrote 4 months ago
[PATCH 2/3] gnu: Add xorgproto-next.
(address . 74248@debbugs.gnu.org)(name . Kaelyn Takata)(address . kaelyn.alexi@protonmail.com)
13c254e76ee10c819fba0cd2aa9979648a0f9317.1731011374.git.kaelyn.alexi@protonmail.com
* gnu/packages/xorg.scm (xorgproto-next): New variable.

Change-Id: Ib546f911c717611a1dbe10ef6f02e47e00e88a51
---
gnu/packages/xorg.scm | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)

Toggle diff (35 lines)
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 1c5201a836..97a2d8a78a 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -264,6 +264,28 @@ (define-public xorgproto
the core protocol and (many) extensions for the X Window System.")
(license license:x11)))
+(define-public xorgproto-next
+ (package
+ (name "xorgproto")
+ (version "2024.1")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://xorg/individual/proto"
+ "/xorgproto-" version ".tar.xz"))
+ (sha256
+ (base32
+ "0nfbbi4j130m2gxzp20hp642xizbbl68jpbzahiq8nw183yja8ip"))))
+ (build-system gnu-build-system)
+ (propagated-inputs
+ ;; To get util-macros in (almost?) all package inputs.
+ (list util-macros))
+ (home-page "https://cgit.freedesktop.org/xorg/proto/xorgproto")
+ (synopsis "Xorg protocol headers")
+ (description
+ "This package provides the headers and specification documents defining
+the core protocol and (many) extensions for the X Window System.")
+ (license license:x11)))
+
(define-public bigreqsproto
(package
(name "bigreqsproto")
--
2.46.0
Kaelyn Takata wrote 4 months ago
[PATCH 3/3] gnu: xorg-server-xwayland: Update to 24.1.4 [security fixes].
(address . 74248@debbugs.gnu.org)(name . Kaelyn Takata)(address . kaelyn.alexi@protonmail.com)
d2ce454aea915d9766eeaaca04b31d50c202c5d8.1731011374.git.kaelyn.alexi@protonmail.com
This fixes CVE-2024-9632.

* gnu/packages/xorg.scm (xorg-server-xwayland): Update to 24.1.4.
[inputs]: Replace xorgproto with xorgproto-next.
[arguments]<#:configure-flags>: Remove unsupported flag.

Change-Id: Ie8542fdbbf9a49a79df2b4cd7b9a919b2f547f5f
---
gnu/packages/xorg.scm | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)

Toggle diff (43 lines)
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 97a2d8a78a..4e833abb44 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -5295,7 +5295,7 @@ (define-public egl-wayland
(define-public xorg-server-xwayland
(package
(name "xorg-server-xwayland")
- (version "23.2.5")
+ (version "24.1.4")
(source
(origin
(method url-fetch)
@@ -5303,7 +5303,7 @@ (define-public xorg-server-xwayland
"/xserver/xwayland-" version ".tar.xz"))
(sha256
(base32
- "145xykwmyqkaa8zrbn5fnvnff67iral9mc5raamglnbsd3r7zv1k"))))
+ "1x1lmw1br3dxxfppfny1vkmk2l2vk5248i3k05smb7w1mgdphsnr"))))
(inputs (list font-dejavu
dbus
egl-wayland
@@ -5321,7 +5321,7 @@ (define-public xorg-server-xwayland
wayland-protocols
xkbcomp
xkeyboard-config
- xorgproto
+ xorgproto-next
xtrans))
(native-inputs (cons pkg-config
(if (%current-target-system)
@@ -5333,8 +5333,7 @@ (define-public xorg-server-xwayland
(build-system meson-build-system)
(arguments
`(#:configure-flags
- (list "-Dxwayland_eglstream=true"
- (string-append "-Dxkb_dir="
+ (list (string-append "-Dxkb_dir="
(assoc-ref %build-inputs "xkeyboard-config")
"/share/X11/xkb")
(string-append "-Dxkb_bin_dir="
--
2.46.0
Andreas Enge wrote 3 months ago
Comment
(address . 74248@debbugs.gnu.org)(name . Steve George)(address . steve@futurile.net)
Z0edc0StUB9pb_OE@jurong
Hello,

I just checked how many packages depend on xorg-server (650) and
xorgproto (40). So I think there is no need for xorgproto-next, you could
simply update xorgproto directly.

Andreas
John Kehayias wrote 3 months ago
Re: [bug#74248] [PATCH 0/3] Update xorg-server and xwayland for CVE-2024-9632.
(name . Kaelyn Takata)(address . kaelyn.alexi@protonmail.com)
87o71zsz59.fsf@protonmail.com
Hi Kaelyn,

(Andreas: your message did not go to the original author; CC'ing you and
Steve who you CC'ed in your message. If using debbugs through Emacs, for
instance, make sure you do a "wide-reply" or else the author isn't
included. I really wish a bug number email was an alias for a list.)

On Thu, Nov 07, 2024 at 09:33 PM, Kaelyn Takata wrote:

Toggle quote (10 lines)
> This patch series updates xorg-server and xorg-server-xwayland to their latest
> versions to fix CVE-2024-9632, which Red Hat has rated "7.8 High" according to
> https://nvd.nist.gov/vuln/detail/CVE-2024-9632.
>
> The updated Xwayland depends on a newer version of presentproto than is
> available in the current xorgproto package, so I added xorgproto-next to
> satisfy Xwayland's dependency while avoiding triggering 10761 additional
> package rebuilds.
>

Thanks for the patches, sorry I missed this earlier.

Toggle quote (3 lines)
> Kaelyn Takata (3):
> gnu: xorg-server: Update to 21.1.14. [security fixes]

I've applied this now as dd4b96e72c8fda4b025a75b47212e06e381e9ea1 (with
a minor change to move a period.)

Toggle quote (4 lines)
> gnu: Add xorgproto-next.
> gnu: xorg-server-xwayland: Update to 24.1.4 [security fixes].
>

These two look like they were done similarly by Danny in
e6d1f571957e5668b844939070174aedf0bec673. CC'ing just to close the loop
here.

Toggle quote (8 lines)
> gnu/packages/xorg.scm | 35 ++++++++++++++++++++++++++++-------
> 1 file changed, 28 insertions(+), 7 deletions(-)
>
>
> base-commit: 2a6d96425eea57dc6dd48a2bec16743046e32e06
> --
> 2.46.0

Thanks!
John
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 74248@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 74248
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch
You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags
mumi command -t +confirmed -t +easy
Or, remove the moreinfo tag and set the help tag
mumi command -t -moreinfo -t +help