GNU bug report logs -
#68520
[PATCH 0/2] Security update for xorg-server and xorg-server-xwayland
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 68520 in the body.
You can then email your comments to 68520 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#68520; Package
guix-patches.
(Tue, 16 Jan 2024 23:00:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Kaelyn Takata <kaelyn.alexi <at> protonmail.com>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Tue, 16 Jan 2024 23:00:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Update both xorg-server and xorg-server-xwayland to 21.1.11 and 23.2.4
respectively to address six security issues described in the release
announcement / security advisory from 2024-01-16:
https://lists.x.org/archives/xorg/2024-January/061525.html
Kaelyn Takata (2):
gnu: xorg-server: Update to 21.1.11 [security fixes].
gnu: xorg-server-xwayland: Update to 23.2.4 [security fixes].
gnu/packages/xorg.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
base-commit: 20606ca9af1ac019073f4ed872a9ad9960ff0725
--
2.41.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#68520; Package
guix-patches.
(Tue, 16 Jan 2024 23:02:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 68520 <at> debbugs.gnu.org (full text, mbox):
Fixes CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886,
CVE-2024-0409, and CVE-2024-0408. See the X.Org security advisory
<https://lists.x.org/archives/xorg/2024-January/061525.html> for more
information.
* gnu/packages/xorg.scm (xorg-server): Update to 21.1.11.
Change-Id: I07cb273e2a504f94f8f26624d26ad79c6e92f109
---
gnu/packages/xorg.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 9624fb44aa..4f9af0ad2a 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -5017,7 +5017,7 @@ (define-public libxcvt
(define-public xorg-server
(package
(name "xorg-server")
- (version "21.1.10")
+ (version "21.1.11")
(source
(origin
(method url-fetch)
@@ -5025,7 +5025,7 @@ (define-public xorg-server
"/xserver/xorg-server-" version ".tar.xz"))
(sha256
(base32
- "1l0iaq83vbl9jr34sa7v7630c5bnp64drlw8yg6c6yn5xyib7c6f"))
+ "1vr6sc38sqipazsm61bcym2ggbgfgaamz7wf05mb31pvayyssg8x"))
(patches
(list
;; See:
--
2.41.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#68520; Package
guix-patches.
(Tue, 16 Jan 2024 23:02:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 68520 <at> debbugs.gnu.org (full text, mbox):
Fixes CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886,
CVE-2024-0409, and CVE-2024-0408. See the X.Org security advisory
<https://lists.x.org/archives/xorg/2024-January/061525.html> for more
information.
* gnu/packages/xorg.scm (xorg-server-xwayland): Update to 23.2.4.
Change-Id: Ie6343d34652ba0caf00940775b5b227dd9bc05bc
---
gnu/packages/xorg.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 4f9af0ad2a..02deccc468 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -5250,7 +5250,7 @@ (define-public egl-wayland
(define-public xorg-server-xwayland
(package
(name "xorg-server-xwayland")
- (version "23.2.3")
+ (version "23.2.4")
(source
(origin
(method url-fetch)
@@ -5258,7 +5258,7 @@ (define-public xorg-server-xwayland
"/xserver/xwayland-" version ".tar.xz"))
(sha256
(base32
- "00p30yyikh7h9xsqgir66xb06pspgjlibv1mi0n42irc4fkrm7gb"))))
+ "0sxlh43cnpf56p2p5jnhp7427knfpy42mcka7f5hjcqddndib7m9"))))
(inputs (list font-dejavu
dbus
egl-wayland
--
2.41.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#68520; Package
guix-patches.
(Tue, 16 Jan 2024 23:39:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 68520 <at> debbugs.gnu.org (full text, mbox):
Hi,
I just realized that with this patch series, along with my previous xorg.scm updates (commits 3080abba40 and 158502e40d) I forgot to add to the top of the file:
;;; Copyright © 2023, 2024 Kaelyn Takata <kaelyn.alexi <at> protonmail.com>
To be fair, I'm not too particular about the attribution for basic package updates--but I also know copyright is never a simple issue.
Cheers,
Kaelyn
Reply sent
to
John Kehayias <john.kehayias <at> protonmail.com>:
You have taken responsibility.
(Sat, 20 Jan 2024 22:02:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Kaelyn Takata <kaelyn.alexi <at> protonmail.com>:
bug acknowledged by developer.
(Sat, 20 Jan 2024 22:02:02 GMT)
Full text and
rfc822 format available.
Message #19 received at 68520-done <at> debbugs.gnu.org (full text, mbox):
Hi Kaelyn
On Tue, Jan 16, 2024 at 11:37 PM, Kaelyn wrote:
> Hi,
>
> I just realized that with this patch series, along with my previous
Thanks for the quick work on these patches! I saw the security notice
but glad I checked the bug tracker first, made things even easier :)
By the way, this isn't mentioned anywhere but I think we should make it
a policy to CC (or directly only, if the need arises) the guix-security
mailing list. I'll try to make that happen.
> xorg.scm updates (commits 3080abba40 and 158502e40d) I forgot to add
> to the top of the file:
>
> ;;; Copyright © 2023, 2024 Kaelyn Takata <kaelyn.alexi <at> protonmail.com>
>
I added it to ed6ff0ec7b6fe65a3cd7d40b1f301f8def6fb8e3 (first commit)
with a note that the copyright line is a followup to those previous
commits as well. Hopefully that covers it!
And committed the second patch as
c79ffe25e98607d6803f960d5187e4098e1dc7c2.
> To be fair, I'm not too particular about the attribution for basic
> package updates--but I also know copyright is never a simple issue.
>
I'm not too particular either for my own, but I do think it is good to
have it clear especially when committing changes for someone else.
Though it is in the git log, too.
> Cheers,
> Kaelyn
Thanks again!
John
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Sun, 18 Feb 2024 12:24:10 GMT)
Full text and
rfc822 format available.
This bug report was last modified 1 year and 121 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.