GNU bug report logs -
#32508
[PATCH] gnu: libx11: Replace with 1.6.6 [security fixes].
Previous Next
Reported by: Marius Bakke <mbakke <at> fastmail.com>
Date: Thu, 23 Aug 2018 15:01:01 UTC
Severity: normal
Tags: patch
Done: Marius Bakke <mbakke <at> fastmail.com>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 32508 in the body.
You can then email your comments to 32508 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#32508; Package
guix-patches.
(Thu, 23 Aug 2018 15:01:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Marius Bakke <mbakke <at> fastmail.com>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Thu, 23 Aug 2018 15:01:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2018-14599, CVE-2018-14600, and CVE-2018-14598.
* gnu/packages/xorg.scm (libx11)[replacement]: New field.
(libx11-1.6.6): New public variable.
---
gnu/packages/xorg.scm | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 0a78b8ee7..f67206454 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -5239,6 +5239,7 @@ draggable titlebars and borders.")
(package
(name "libx11")
(version "1.6.5")
+ (replacement libx11-1.6.6)
(source
(origin
(method url-fetch)
@@ -5268,6 +5269,18 @@ draggable titlebars and borders.")
(description "Xorg Core X11 protocol client library.")
(license license:x11)))
+;; Replacement package to fix multiple security bugs:
+;; <http://seclists.org/oss-sec/2018/q3/146>.
+(define-public libx11-1.6.6
+ (package/inherit libx11
+ (version "1.6.6")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://xorg/individual/lib/libX11-"
+ version ".tar.bz2"))
+ (sha256
+ (base32 "0ks1mxlda7nxfmffihi15ljsn50q8dknl33i2xag8xzc80fiizk5"))))))
+
;; packages of height 5 in the propagated-inputs tree
(define-public libxcursor
--
2.18.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#32508; Package
guix-patches.
(Thu, 23 Aug 2018 20:21:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 32508 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Thu, Aug 23, 2018 at 04:59:47PM +0200, Marius Bakke wrote:
> This fixes CVE-2018-14599, CVE-2018-14600, and CVE-2018-14598.
>
> * gnu/packages/xorg.scm (libx11)[replacement]: New field.
> (libx11-1.6.6): New public variable.
Thanks!
> +;; Replacement package to fix multiple security bugs:
> +;; <http://seclists.org/oss-sec/2018/q3/146>.
> +(define-public libx11-1.6.6
> + (package/inherit libx11
Does it need to use package/inherit? My understanding is that procedure
is primarily useful for packages that inherit from another package foo,
when foo is being grafted. For example, the current situation with
cups-minimal and cups.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#32508; Package
guix-patches.
(Fri, 24 Aug 2018 09:38:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 32508 <at> debbugs.gnu.org (full text, mbox):
Hello!
Leo Famulari <leo <at> famulari.name> skribis:
> On Thu, Aug 23, 2018 at 04:59:47PM +0200, Marius Bakke wrote:
>> This fixes CVE-2018-14599, CVE-2018-14600, and CVE-2018-14598.
>>
>> * gnu/packages/xorg.scm (libx11)[replacement]: New field.
>> (libx11-1.6.6): New public variable.
>
> Thanks!
+1
>> +;; Replacement package to fix multiple security bugs:
>> +;; <http://seclists.org/oss-sec/2018/q3/146>.
>> +(define-public libx11-1.6.6
>> + (package/inherit libx11
>
> Does it need to use package/inherit? My understanding is that procedure
> is primarily useful for packages that inherit from another package foo,
> when foo is being grafted. For example, the current situation with
> cups-minimal and cups.
Correct, it’s not required in this case but it doesn’t hurt.
Ludo’.
Reply sent
to
Marius Bakke <mbakke <at> fastmail.com>:
You have taken responsibility.
(Sat, 25 Aug 2018 14:36:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Marius Bakke <mbakke <at> fastmail.com>:
bug acknowledged by developer.
(Sat, 25 Aug 2018 14:36:01 GMT)
Full text and
rfc822 format available.
Message #16 received at 32508-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Leo Famulari <leo <at> famulari.name> writes:
>> +;; Replacement package to fix multiple security bugs:
>> +;; <http://seclists.org/oss-sec/2018/q3/146>.
>> +(define-public libx11-1.6.6
>> + (package/inherit libx11
>
> Does it need to use package/inherit? My understanding is that procedure
> is primarily useful for packages that inherit from another package foo,
> when foo is being grafted. For example, the current situation with
> cups-minimal and cups.
Ah yes; you're right: in this case we don't need package/inherit because
we are not inheriting an existing graft. I always mix those up, thanks
for catching it!
Pushed as 94e9d750a22e30459732d2ae14d71c5f3acabd91.
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Sun, 23 Sep 2018 11:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 6 years and 271 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.