From unknown Wed Jun 18 23:03:51 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#68520 <68520@debbugs.gnu.org> To: bug#68520 <68520@debbugs.gnu.org> Subject: Status: [PATCH 0/2] Security update for xorg-server and xorg-server-xwayland Reply-To: bug#68520 <68520@debbugs.gnu.org> Date: Thu, 19 Jun 2025 06:03:51 +0000 retitle 68520 [PATCH 0/2] Security update for xorg-server and xorg-server-x= wayland reassign 68520 guix-patches submitter 68520 Kaelyn Takata severity 68520 normal tag 68520 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Tue Jan 16 17:59:14 2024 Received: (at submit) by debbugs.gnu.org; 16 Jan 2024 22:59:14 +0000 Received: from localhost ([127.0.0.1]:50099 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rPsOn-0001oj-Sw for submit@debbugs.gnu.org; Tue, 16 Jan 2024 17:59:14 -0500 Received: from lists.gnu.org ([2001:470:142::17]:39012) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rPsOm-0001oW-4E for submit@debbugs.gnu.org; Tue, 16 Jan 2024 17:59:12 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rPsOf-0003dS-Ky for guix-patches@gnu.org; Tue, 16 Jan 2024 17:59:05 -0500 Received: from mail-4316.protonmail.ch ([185.70.43.16]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rPsOc-0003YS-1m for guix-patches@gnu.org; Tue, 16 Jan 2024 17:59:05 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1705445937; x=1705705137; bh=wVgvWu9H0TyY7bOlYvTvCYu0WAK2EAL1t8GooyohqVI=; h=Date:To:From:Cc:Subject:Message-ID:Feedback-ID:From:To:Cc:Date: Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector; b=QVvF/Nf/VHO30RhbvEiDiImHR1q/Ed6Eh2JgmWXRSTj3FQEhN0/OzK6Wn6r1uo4eV y1dbwNwRjvgo3AY1W1zd9CyWSiF6vywGMxjXLmqYu7vroYN9VmYt8Wo542ApRoiy8W 07TvvUkLfq0nIiXnVoLIHly3pejV+sJuCU/9bOtN9dqpJBXB+v68m8r08FSrVSdG4q jk1yRWuEUe/+fDxBK2A8q3uOTyhcb4alnc4JgB/XX39GHSxTtfqsng4QDeLVkkbGWz k5BHKokW29i+J1jTPKSdBs8tei0/QskRAOMD8R4g5rZriD9A35SkZRaiXMznzrzdb/ byvLNuugfrPxQ== Date: Tue, 16 Jan 2024 22:58:47 +0000 To: guix-patches@gnu.org From: Kaelyn Takata Subject: [PATCH 0/2] Security update for xorg-server and xorg-server-xwayland Message-ID: Feedback-ID: 34709329:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=185.70.43.16; envelope-from=kaelyn.alexi@protonmail.com; helo=mail-4316.protonmail.ch X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: submit Cc: Kaelyn Takata X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) Update both xorg-server and xorg-server-xwayland to 21.1.11 and 23.2.4 respectively to address six security issues described in the release announcement / security advisory from 2024-01-16: https://lists.x.org/archives/xorg/2024-January/061525.html Kaelyn Takata (2): gnu: xorg-server: Update to 21.1.11 [security fixes]. gnu: xorg-server-xwayland: Update to 23.2.4 [security fixes]. gnu/packages/xorg.scm | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) base-commit: 20606ca9af1ac019073f4ed872a9ad9960ff0725 -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Tue Jan 16 18:01:06 2024 Received: (at 68520) by debbugs.gnu.org; 16 Jan 2024 23:01:06 +0000 Received: from localhost ([127.0.0.1]:50106 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rPsQc-0003uW-Aa for submit@debbugs.gnu.org; Tue, 16 Jan 2024 18:01:06 -0500 Received: from mail-40134.protonmail.ch ([185.70.40.134]:29307) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rPsQY-0003gy-UH for 68520@debbugs.gnu.org; Tue, 16 Jan 2024 18:01:04 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1705446056; x=1705705256; bh=Rqv8A/itHCD55+n3YLrda8d0Y7biW09aMZUy6uC8a0A=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=xaA1wRXkFRv24+gB0ins1LI648Ki3H3NQYbpwKq6VqS8lpZmwes0Dm6Iao6ubeO/k MwVLuqK59GHKxD1a2hBYPDIGMzmj0hiMzm2pzPlcvLPUABqcvn5e4QuqHuetM7R3fa B0n1RoReYZDGgKk9nvrQqAx4Fv7aiT+AFbqQ7a1XspC33GVUd3fvPVlKiXDS9RMecK YNR8i5ElrSPaLMuKDAHDezrtX8q6jeSHUq0++0kIyXPoSZxLVal9O7r5+n9xgDpUqr ib2B4m2xLVyGZwgrBd24bxcqwDRWYY4NtlcxP78upvvMI6eNXueadSZyeJAz+KEVkn m1l+XwJ4Fd1UQ== Date: Tue, 16 Jan 2024 23:00:46 +0000 To: 68520@debbugs.gnu.org From: Kaelyn Takata Subject: [PATCH 1/2] gnu: xorg-server: Update to 21.1.11 [security fixes]. Message-ID: <7a37f15687e60ef2d2f60cf8bbbea6770b25535f.1705445709.git.kaelyn.alexi@protonmail.com> In-Reply-To: References: Feedback-ID: 34709329:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 68520 Cc: Kaelyn Takata X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Fixes CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886, CVE-2024-0409, and CVE-2024-0408. See the X.Org security advisory for more information. * gnu/packages/xorg.scm (xorg-server): Update to 21.1.11. Change-Id: I07cb273e2a504f94f8f26624d26ad79c6e92f109 --- gnu/packages/xorg.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index 9624fb44aa..4f9af0ad2a 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -5017,7 +5017,7 @@ (define-public libxcvt (define-public xorg-server (package (name "xorg-server") - (version "21.1.10") + (version "21.1.11") (source (origin (method url-fetch) @@ -5025,7 +5025,7 @@ (define-public xorg-server "/xserver/xorg-server-" version ".tar.xz")) (sha256 (base32 - "1l0iaq83vbl9jr34sa7v7630c5bnp64drlw8yg6c6yn5xyib7c6f")) + "1vr6sc38sqipazsm61bcym2ggbgfgaamz7wf05mb31pvayyssg8x")) (patches (list ;; See: --=20 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Tue Jan 16 18:01:27 2024 Received: (at 68520) by debbugs.gnu.org; 16 Jan 2024 23:01:27 +0000 Received: from localhost ([127.0.0.1]:50110 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rPsQw-0004Io-QJ for submit@debbugs.gnu.org; Tue, 16 Jan 2024 18:01:27 -0500 Received: from mail-4316.protonmail.ch ([185.70.43.16]:62051) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rPsQv-0004Ac-0Z for 68520@debbugs.gnu.org; Tue, 16 Jan 2024 18:01:25 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1705446078; x=1705705278; bh=78Nbvv7zn5yzRASzTSYFSfrkLP1Pxt42gwA8YmrWH7M=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=gg3gTKWLBhNE8mwMd3+DPAB+wz/wleiFzv/HGnfuA6xfFFxmBTgb/CXGdkRXCWB5W ps+u+vMVtMNx7EuSuekw6Ch5ct6DhiAWJsL1ThSmLzLZbHbZhf9+WgPYdNOWHhlBJK qtQJYnkWrSagwEopcLsZbMUioLum8BL0P7ftKsyCh9GNqtiXl+yV+3qeOVBB+Zaoax /10dY/NkssOM/0e3U0hYYWnMnlmPSHyRaHZjPJtqwn2VJz+zSbSRBMKEPn2WetUU/e P2F1T1xfvlvB3L3MBDmytQf+awZtJFupVY1yUIROMi1rNKyDHDMH2SMaAy+Czanu/3 DUGUMylvIH2NA== Date: Tue, 16 Jan 2024 23:00:59 +0000 To: 68520@debbugs.gnu.org From: Kaelyn Takata Subject: [PATCH 2/2] gnu: xorg-server-xwayland: Update to 23.2.4 [security fixes]. Message-ID: <6268d77a20f457938140807ab0a6936686e99e14.1705445709.git.kaelyn.alexi@protonmail.com> In-Reply-To: References: Feedback-ID: 34709329:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 68520 Cc: Kaelyn Takata X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Fixes CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886, CVE-2024-0409, and CVE-2024-0408. See the X.Org security advisory for more information. * gnu/packages/xorg.scm (xorg-server-xwayland): Update to 23.2.4. Change-Id: Ie6343d34652ba0caf00940775b5b227dd9bc05bc --- gnu/packages/xorg.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index 4f9af0ad2a..02deccc468 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -5250,7 +5250,7 @@ (define-public egl-wayland (define-public xorg-server-xwayland (package (name "xorg-server-xwayland") - (version "23.2.3") + (version "23.2.4") (source (origin (method url-fetch) @@ -5258,7 +5258,7 @@ (define-public xorg-server-xwayland "/xserver/xwayland-" version ".tar.xz")) (sha256 (base32 - "00p30yyikh7h9xsqgir66xb06pspgjlibv1mi0n42irc4fkrm7gb")))) + "0sxlh43cnpf56p2p5jnhp7427knfpy42mcka7f5hjcqddndib7m9")))) (inputs (list font-dejavu dbus egl-wayland --=20 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Tue Jan 16 18:38:34 2024 Received: (at 68520) by debbugs.gnu.org; 16 Jan 2024 23:38:34 +0000 Received: from localhost ([127.0.0.1]:50128 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rPt0s-0002Nv-Ah for submit@debbugs.gnu.org; Tue, 16 Jan 2024 18:38:34 -0500 Received: from mail-40134.protonmail.ch ([185.70.40.134]:13183) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rPt0h-0002NZ-79 for 68520@debbugs.gnu.org; Tue, 16 Jan 2024 18:38:33 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1705448295; x=1705707495; bh=8O6GZcJpsyX2YX65U11k0gta6RScBCs/jKtSKFtwrcU=; h=Date:To:From:Subject:Message-ID:Feedback-ID:From:To:Cc:Date: Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector; b=WmssvVQVXNdnmNFl7DERWeb51AOADKXcurh5vQcOC3TErcsIOLxPNMYC+sPaxsDGj 5TvEMeYm6SH5H61ggMOxMa3JIcLd2oqJTBZ0DGYQVLoVhWskrofk2iJAfGTrDk7Evs +aAZPW5KhfjYN2lUVfy1W1t6Ocdd1yo4H3LkJXp12uLp2t2CDJDX/XdWTOOxNDoKla 8unEsFjSAkbbfhqzQdDDhkntjDrPDLGRpiN8vKGdp8QBgPITocXruQBcXU9pzJdeA7 ANgQxVtiUe0Fx4+SIUaA5QRLYxyZ8o2vOI3v46NbF1VTHqfPK94o6n09QExSivf8Gc JojihNk/535dw== Date: Tue, 16 Jan 2024 23:37:59 +0000 To: "68520@debbugs.gnu.org" <68520@debbugs.gnu.org> From: Kaelyn Subject: Missed copyright line Message-ID: Feedback-ID: 34709329:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 68520 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi, I just realized that with this patch series, along with my previous xorg.sc= m updates (commits 3080abba40 and 158502e40d) I forgot to add to the top of= the file: ;;; Copyright =C2=A9 2023, 2024 Kaelyn Takata To be fair, I'm not too particular about the attribution for basic package = updates--but I also know copyright is never a simple issue. Cheers, Kaelyn From debbugs-submit-bounces@debbugs.gnu.org Sat Jan 20 17:01:35 2024 Received: (at 68520-done) by debbugs.gnu.org; 20 Jan 2024 22:01:35 +0000 Received: from localhost ([127.0.0.1]:36035 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rRJPD-00017s-GZ for submit@debbugs.gnu.org; Sat, 20 Jan 2024 17:01:35 -0500 Received: from mail-4316.protonmail.ch ([185.70.43.16]:50827) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rRJP9-00017a-NF for 68520-done@debbugs.gnu.org; Sat, 20 Jan 2024 17:01:34 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1705788081; x=1706047281; bh=w9vBsidw5cGlaWkheUKUj6/Wh8mDLM8GD9ZKmQ0basQ=; h=Date:To:From:Cc:Subject:Message-ID:Feedback-ID:From:To:Cc:Date: Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector; b=bpBLb5xVD4HRTcv9Zc50dlamfli/o2LXaZe1ktxV6K6HrWTExIov863DjixNO4qpB C7ac83tISxruRtIwOqBcfOQ+F9yqOvIx3TA8CamezK9qj9Z9MBTcGWQRo2OuL60dOm mJZvSW5Fvtgy75f5Gtm87UMA3UD10XvulJADqaAixdfH29r1WabteP+ZcQieUwCLov xToUt7c0JZzHeh9Omd6DKm0I78V0NnsfPOzO0wVu93lJqciUuPqbaWr95JO67suqe3 6ISeYiWkIVrNAImfV+3Eyk0/BUjme6L4iLABLbvMdQsB09HqLHVmOfwdae8fCJgs+G 8vSRSZ5615Gxg== Date: Sat, 20 Jan 2024 22:01:09 +0000 To: Kaelyn From: John Kehayias Subject: Re: [bug#68520] Missed copyright line Message-ID: <87edebd5r3.fsf@protonmail.com> Feedback-ID: 7805494:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 68520-done Cc: 68520-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Kaelyn On Tue, Jan 16, 2024 at 11:37 PM, Kaelyn wrote: > Hi, > > I just realized that with this patch series, along with my previous Thanks for the quick work on these patches! I saw the security notice but glad I checked the bug tracker first, made things even easier :) By the way, this isn't mentioned anywhere but I think we should make it a policy to CC (or directly only, if the need arises) the guix-security mailing list. I'll try to make that happen. > xorg.scm updates (commits 3080abba40 and 158502e40d) I forgot to add > to the top of the file: > > ;;; Copyright =C2=A9 2023, 2024 Kaelyn Takata > I added it to ed6ff0ec7b6fe65a3cd7d40b1f301f8def6fb8e3 (first commit) with a note that the copyright line is a followup to those previous commits as well. Hopefully that covers it! And committed the second patch as c79ffe25e98607d6803f960d5187e4098e1dc7c2. > To be fair, I'm not too particular about the attribution for basic > package updates--but I also know copyright is never a simple issue. > I'm not too particular either for my own, but I do think it is good to have it clear especially when committing changes for someone else. Though it is in the git log, too. > Cheers, > Kaelyn Thanks again! John From unknown Wed Jun 18 23:03:51 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Sun, 18 Feb 2024 12:24:10 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator