From unknown Mon Jun 23 18:29:50 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#29487 <29487@debbugs.gnu.org> To: bug#29487 <29487@debbugs.gnu.org> Subject: Status: [PATCH] gnu: libxcursor: Replace with 1.1.15 [fixes CVE-2017-16612]. Reply-To: bug#29487 <29487@debbugs.gnu.org> Date: Tue, 24 Jun 2025 01:29:50 +0000 retitle 29487 [PATCH] gnu: libxcursor: Replace with 1.1.15 [fixes CVE-2017-= 16612]. reassign 29487 guix-patches submitter 29487 Marius Bakke severity 29487 normal tag 29487 patch fixed thanks From debbugs-submit-bounces@debbugs.gnu.org Tue Nov 28 12:02:28 2017 Received: (at submit) by debbugs.gnu.org; 28 Nov 2017 17:02:28 +0000 Received: from localhost ([127.0.0.1]:34851 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eJjHA-0001aA-7A for submit@debbugs.gnu.org; Tue, 28 Nov 2017 12:02:28 -0500 Received: from eggs.gnu.org ([208.118.235.92]:42085) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eJjH9-0001Zq-K2 for submit@debbugs.gnu.org; Tue, 28 Nov 2017 12:02:27 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eJjGz-0008Kk-2j for submit@debbugs.gnu.org; Tue, 28 Nov 2017 12:02:22 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_20,FREEMAIL_FROM, T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:49566) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eJjGy-0008Ke-W8 for submit@debbugs.gnu.org; Tue, 28 Nov 2017 12:02:17 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:32811) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eJjGs-0000CT-Jr for guix-patches@gnu.org; Tue, 28 Nov 2017 12:02:16 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eJjGr-0008FC-Il for guix-patches@gnu.org; Tue, 28 Nov 2017 12:02:10 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:52045) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eJjGr-0008Eo-DX for guix-patches@gnu.org; Tue, 28 Nov 2017 12:02:09 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 95BA020CBC; Tue, 28 Nov 2017 12:02:08 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute5.internal (MEProxy); Tue, 28 Nov 2017 12:02:08 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= cc:date:from:message-id:subject:to:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=VahlN2b3ug2I4dO1N6zT/U92zco9xfdoVsp7+a90a Hc=; b=UE8DAgRw1fMgtXAH9HmwXqPYTcGuGlH9Hv7oX31uInUxs/Qie3C/9th/G QC0ex4aDBuFY2QThKbVMIyDZqgzhfncC/TwOHTgGZ/LcyLT5mqNMlTponEfOrLc3 ghmYhHF7UvnIXu+aLDQauptF/fkTx6pO8NMFXvQmeGiPnJxtW43tyD5uZxtghVHu e0podxoPnAKWsiJB+DiubbGHpPGjFes0+Z16XbQ594WUM0dOKSBUSNlzhr5COSWU H8g+ItSO66EBCifUq77KibGun7y+oLK3krNvhOEFaBNtpF37VejZG6xie4AHZvEB Lx9j8PdLuEJWV+ctaHhnGLyr2lAoA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:date:from:message-id:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=VahlN2b3ug2I4dO1N 6zT/U92zco9xfdoVsp7+a90aHc=; b=bgSRxT/vwJFO9/Va054I0hO9tUP85h5TW Bp+6WA4A/iezEeQN3VhVIdT007cIyXnRMqCCLEwi7k+kOol8cEvyh2SHLKZ3HTdJ Oj+prFsZpLKCqvqBd1pSlAbvx+E5elAjFqm6jaCNULu1RPc3kvuidMs2AHFzGWh8 S75B3D0cyCLupX/hM46+Nqj0hpv7mmrw6NZ2ZIuqK/0E2hpvPpc2c8eTiR82HCNG fHNs7CIiDbH2V1NWb3OVlchyAha9RCPWQ02dvnI2lSacrE3TRDYF5JnLVTyZnUz/ aeK4A+D6LJyp8shK3m4HuXEBY1hZjHIF3SfEo4/sHSoE5UhdV6thw== X-ME-Sender: Received: from localhost (cm-84.214.173.174.getinternet.no [84.214.173.174]) by mail.messagingengine.com (Postfix) with ESMTPA id 0CB9F7F882; Tue, 28 Nov 2017 12:02:07 -0500 (EST) From: Marius Bakke To: guix-patches@gnu.org Subject: [PATCH] gnu: libxcursor: Replace with 1.1.15 [fixes CVE-2017-16612]. Date: Tue, 28 Nov 2017 18:02:05 +0100 Message-Id: <20171128170205.30002-1-mbakke@fastmail.com> X-Mailer: git-send-email 2.15.0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.4 (----) X-Debbugs-Envelope-To: submit Cc: Marius Bakke X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.4 (----) * gnu/packages/xorg.scm (libxcursor-1.1.15): New public variable. (libxcursor)[replacement]: New field. --- gnu/packages/xorg.scm | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index 994476ed6..1c1ddd4bf 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -5307,6 +5307,7 @@ draggable titlebars and borders.") (package (name "libxcursor") (version "1.1.14") + (replacement libxcursor-1.1.15) (source (origin (method url-fetch) @@ -5339,6 +5340,18 @@ draggable titlebars and borders.") (description "Xorg Cursor management library.") (license license:x11))) +;; For CVE-2017-16612. +(define-public libxcursor-1.1.15 + (package + (inherit libxcursor) + (version "1.1.15") + (source (origin + (method url-fetch) + (uri (string-append "mirror://xorg/individual/lib/libXcursor-" + version ".tar.bz2")) + (sha256 + (base32 + "0syzlfvh29037p0vnlc8f3jxz8nl55k65blswsakklkwsc6nfki9")))))) (define-public libxt (package -- 2.15.0 From debbugs-submit-bounces@debbugs.gnu.org Tue Nov 28 13:16:46 2017 Received: (at 29487) by debbugs.gnu.org; 28 Nov 2017 18:16:46 +0000 Received: from localhost ([127.0.0.1]:35025 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eJkR3-0007IC-VD for submit@debbugs.gnu.org; Tue, 28 Nov 2017 13:16:46 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:43613) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eJkR2-0007I4-6m for 29487@debbugs.gnu.org; Tue, 28 Nov 2017 13:16:44 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id B79FE20C2C; Tue, 28 Nov 2017 13:16:43 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Tue, 28 Nov 2017 13:16:43 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= mesmtp; bh=7O0EXvd2d5/0IXuHWZpEfXK4v6QgVCHdtyBloYqb++k=; b=y0snX tMs+m+/Ili4EpKjrcx8/Z8Yy9mcZyKBV5fBi0ffBG8rpilmz6KlYWeQzEwceMFD1 GRbCqPHTj2raq/P+pCvGS1Lwsa+kz993Mecb/wLKJxNudxcaqaVcht90bsBzW6U9 oNqJ9Sv1VgJcCPH0BEZOfxsxxzHDghUh50XfTc= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=7O0EXvd2d5/0IXuHWZpEfXK4v6QgV CHdtyBloYqb++k=; b=PN6jT5kif1BLFOLe1TqKZ9PSspRGHsuIL02DHAEQ22ryW mknwiXqudG2ZHxOFmBwNTW4AVYAgajwQBSOM20wBeeTkBKP9Yk/mHiKEj8L6+o99 oAjlHzYDRxbRUS0OoiS66s9Bh12+8RW4aNKnbcwoX9feNv6dmimXjac2+33FyHj8 z/3oxAg0q0357ncg6c05uKiA2sf2koF9fTB2lIzLiAkPiFpDZ7/7FqYaRTcE15+b s4PKBkiWPG0GlWoHUPfxr7+3JBNdWfOH3GJG6A7broEHnCqRmimC5hk/FMwYs3s0 WNrhA0bbnB7bqFZ/7ZMHT09smkir+TMj+n8kowaUA== X-ME-Sender: Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id 4DCAE7FACC; Tue, 28 Nov 2017 13:16:43 -0500 (EST) Date: Tue, 28 Nov 2017 13:16:42 -0500 From: Leo Famulari To: Marius Bakke Subject: Re: [bug#29487] [PATCH] gnu: libxcursor: Replace with 1.1.15 [fixes CVE-2017-16612]. Message-ID: <20171128181642.GC14200@jasmine.lan> References: <20171128170205.30002-1-mbakke@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="DIOMP1UsTsWJauNi" Content-Disposition: inline In-Reply-To: <20171128170205.30002-1-mbakke@fastmail.com> User-Agent: Mutt/1.9.1 (2017-09-22) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 29487 Cc: 29487@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --DIOMP1UsTsWJauNi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, Nov 28, 2017 at 06:02:05PM +0100, Marius Bakke wrote: > * gnu/packages/xorg.scm (libxcursor-1.1.15): New public variable. > (libxcursor)[replacement]: New field. LGTM, thanks! --DIOMP1UsTsWJauNi Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlodqAoACgkQJkb6MLrK fwjCWQ//fvZj7MdnvIBFDArXkm+JKbOtFKsIA8e248jomNM+QacILQ9AIxvg0zTi MUwI3rPN9ua/9F/NdRBnMFbbXvb7iS8FTlFqYeIPq8YJ6o6kIrKQU9G8f+XvYDuQ 3CyC+MkDPOx5Ecq2YnbYIjzxxltAf3CZ/WGTOQK6oONp1PyB30NwHCjaWpTz7CIi cbCEpFODHCcRFdOMmhXs1cPlJWGMLWnYo4ia4NkVfUDDlLrXf4JKNbFkvLx2R38S GnfS21rZbb3RFFpj4KUCTWH/9jZBZMnmkpvFxveQ2YQalA2oykD9AxaddUci4iZ9 6/z9EOAfXtsTD5IHQ42+WRranQtONLGGwUO84tTU+wAzDRjkZwYTfFPGCpQloNul uxLKmaBfXKr9reNIhkjkq95pm/6XFT2hl0rZmCvN1Wsq6HoZJDNu1tRck8D89HQM lE5J7WMjQ5KwxTtbvXQ1Os2wwFQbxccl4QsLvDELnRijQ0jzh7CSjZIrTCQVNYl4 vT+4YGkL3YTH6FVBkQdc0Q/i89aj29g4uPbRjwEwkFo8z7Iqxoybg2HpVNN+wo5z ezUJ2I4WRtkO7duMftUtnpFJ8az93/KTPC65JbzAKE+kh1sGe1XABlRWax+uR8uE f4IuY4sPSqzb9eBbw7+nSSEiheqJuybuRudS8QnBs1vzd7EnY7I= =rfQF -----END PGP SIGNATURE----- --DIOMP1UsTsWJauNi-- From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 30 09:43:57 2017 Received: (at control) by debbugs.gnu.org; 30 Nov 2017 14:43:57 +0000 Received: from localhost ([127.0.0.1]:37703 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eKQ4D-0001o1-KO for submit@debbugs.gnu.org; Thu, 30 Nov 2017 09:43:57 -0500 Received: from [141.255.128.1] (port=60069 helo=hera.aquilenet.fr) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eKQ4B-0001ns-8i for control@debbugs.gnu.org; Thu, 30 Nov 2017 09:43:55 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 6C8F8100BF for ; Thu, 30 Nov 2017 15:43:57 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zzKipaePz_Jn for ; Thu, 30 Nov 2017 15:43:57 +0100 (CET) Received: from ribbon (unknown [193.50.110.211]) by hera.aquilenet.fr (Postfix) with ESMTPSA id E0D6010035 for ; Thu, 30 Nov 2017 15:43:56 +0100 (CET) Date: Thu, 30 Nov 2017 15:43:53 +0100 Message-Id: <874lpb4yja.fsf@gnu.org> To: control@debbugs.gnu.org From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: control message for bug #29487 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 2.2 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: tags 29487 fixed close 29487 [...] Content analysis details: (2.2 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail) [SPF failed: Please see http://www.openspf.org/Why?s=helo; id=hera.aquilenet.fr; ip=141.255.128.1; r=debbugs.gnu.org] 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 2.2 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: tags 29487 fixed close 29487 [...] Content analysis details: (2.2 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail) [SPF failed: Please see http://www.openspf.org/Why?s=helo;id=hera.aquilenet.fr;ip=141.255.128.1;r=debbugs.gnu.org] 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS tags 29487 fixed close 29487 From unknown Mon Jun 23 18:29:50 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Fri, 29 Dec 2017 12:24:06 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator