GNU bug report logs -
#67047
[PATCH] gnu: xorg-server: Update to 21.1.9.
Previous Next
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your message dated Tue, 28 Nov 2023 05:21:10 +0000
with message-id <8734wqa1xb.fsf <at> protonmail.com>
and subject line Re: [PATCH] gnu: xorg-server: Update to 21.1.9.
has caused the debbugs.gnu.org bug report #67047,
regarding [PATCH] gnu: xorg-server: Update to 21.1.9.
to be marked as done.
(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)
--
67047: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=67047
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
Fixes CVE-2023-5367 and CVE-2023-5380. See the X.Org security advisory
<https://lists.x.org/archives/xorg/2023-October/003430.html> for more
information.
* gnu/packages/xorg.scm (xorg-server): Update to 21.1.9.
Change-Id: I5786210cf1e5de4d603155fbbd076763e7ae3447
---
gnu/packages/xorg.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index f65ffa7476..b30e5c1f07 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -5029,7 +5029,7 @@ (define-public libxcvt
(define-public xorg-server
(package
(name "xorg-server")
- (version "21.1.4")
+ (version "21.1.9")
(source
(origin
(method url-fetch)
@@ -5037,7 +5037,7 @@ (define-public xorg-server
"/xserver/xorg-server-" version ".tar.xz"))
(sha256
(base32
- "11y5w6z3rz3i4jyv0wc3scd2jh3bsmcklq0fm7a5invywj7bxi2w"))
+ "0fjk9ggcrn96blq0bm80739yj23s3gjjjsc0nxk4jk0v07i7nsgz"))
(patches
(list
;; See:
base-commit: bb3ab24a296ffa5273b2e82a02ed057e90c095f3
--
2.41.0
[Message part 3 (message/rfc822, inline)]
Dear Kaelyn,
On Mon, Nov 27, 2023 at 08:46 PM, Kaelyn wrote:
> Hi,
>
> I wanted to bring folks' attention to
> <https://issues.guix.gnu.org/67047> which updates xorg-server, including
> a number of security fixes. The patch has been pending for about 17
> days now, and while the QA badge reports "failed" I just spot-checked
> some of the failures and they seem to be unrelated (e.g. a lot of
> builds going from unknown to blocked or vice versa, the one new
> failure for aarch64 being a large download test in the onionshare
> package, etc).
>
Thanks for the update. Yes, QA looked good to me too, all things
considered.
> Is there anything I can do to help the process along? It may also be
> worth noting that "guix refresh -l xorg-server" reports 125 rebuilds.
> I also checked and the update to xorg-server does not appear to alter
> the derivation for the xorg-server-for-tests (which is still at
> version 21.1.1).
>
> Cheers,
> Kaelyn
No, you did exactly what you needed to. I did see this patch when it
came in and was just giving a bit for QA to do the builds. That took
longer, I got distracted hoping I could merge mesa-updates first, then
hit CI delays...all that is to say I should have communicated I had
this on my radar.
Sorry about that! I appreciate the patch and the nudge.
Pushed as 06e0f638abd36f816a221af4542ca4a850d7af2d with a minor tweak
to the commit message to note [security fixes] at the top. I built it
locally for x86_64 with mesa-updates merged.
Which reminds me to make sure we have a way to flagging security
updates just like other teams/tags and get them priority. Now on the
security team, it is a first priority.
Thanks again!
John
This bug report was last modified 1 year and 174 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.