GNU bug report logs - #32508
[PATCH] gnu: libx11: Replace with 1.6.6 [security fixes].

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Marius Bakke <mbakke <at> fastmail.com>
Subject: bug#32508: closed (Re: [bug#32508] [PATCH] gnu: libx11: Replace
 with 1.6.6 [security fixes].)
Date: Sat, 25 Aug 2018 14:36:01 +0000

[Message part 1 (text/plain, inline)]

Your bug report

#32508: [PATCH] gnu: libx11: Replace with 1.6.6 [security fixes].

which was filed against the guix-patches package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 32508 <at> debbugs.gnu.org.

-- 
32508: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=32508
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Marius Bakke <mbakke <at> fastmail.com>
To: Leo Famulari <leo <at> famulari.name>
Cc: 32508-done <at> debbugs.gnu.org
Subject: Re: [bug#32508] [PATCH] gnu: libx11: Replace with 1.6.6 [security
 fixes].
Date: Sat, 25 Aug 2018 16:35:38 +0200

[Message part 3 (text/plain, inline)]

Leo Famulari <leo <at> famulari.name> writes:

>> +;; Replacement package to fix multiple security bugs:
>> +;; <http://seclists.org/oss-sec/2018/q3/146>.
>> +(define-public libx11-1.6.6
>> +  (package/inherit libx11
>
> Does it need to use package/inherit? My understanding is that procedure
> is primarily useful for packages that inherit from another package foo,
> when foo is being grafted. For example, the current situation with
> cups-minimal and cups.

Ah yes; you're right: in this case we don't need package/inherit because
we are not inheriting an existing graft.  I always mix those up, thanks
for catching it!

Pushed as 94e9d750a22e30459732d2ae14d71c5f3acabd91.

[signature.asc (application/pgp-signature, inline)]

[Message part 5 (message/rfc822, inline)]

From: Marius Bakke <mbakke <at> fastmail.com>
To: guix-patches <at> gnu.org
Cc: Marius Bakke <mbakke <at> fastmail.com>
Subject: [PATCH] gnu: libx11: Replace with 1.6.6 [security fixes].
Date: Thu, 23 Aug 2018 16:59:47 +0200

This fixes CVE-2018-14599, CVE-2018-14600, and CVE-2018-14598.

* gnu/packages/xorg.scm (libx11)[replacement]: New field.
(libx11-1.6.6): New public variable.
---
 gnu/packages/xorg.scm | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 0a78b8ee7..f67206454 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -5239,6 +5239,7 @@ draggable titlebars and borders.")
   (package
     (name "libx11")
     (version "1.6.5")
+    (replacement libx11-1.6.6)
     (source
       (origin
         (method url-fetch)
@@ -5268,6 +5269,18 @@ draggable titlebars and borders.")
     (description "Xorg Core X11 protocol client library.")
     (license license:x11)))
 
+;; Replacement package to fix multiple security bugs:
+;; <http://seclists.org/oss-sec/2018/q3/146>.
+(define-public libx11-1.6.6
+  (package/inherit libx11
+   (version "1.6.6")
+   (source (origin
+             (method url-fetch)
+             (uri (string-append "mirror://xorg/individual/lib/libX11-"
+                                 version ".tar.bz2"))
+             (sha256
+              (base32 "0ks1mxlda7nxfmffihi15ljsn50q8dknl33i2xag8xzc80fiizk5"))))))
+
 ;; packages of height 5 in the propagated-inputs tree
 
 (define-public libxcursor
-- 
2.18.0

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.