From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 07 16:33:19 2024 Received: (at submit) by debbugs.gnu.org; 7 Nov 2024 21:33:19 +0000 Received: from localhost ([127.0.0.1]:49815 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t9A7z-0005Ly-5T for submit@debbugs.gnu.org; Thu, 07 Nov 2024 16:33:19 -0500 Received: from lists.gnu.org ([209.51.188.17]:36142) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t9A7x-0005Lq-Er for submit@debbugs.gnu.org; Thu, 07 Nov 2024 16:33:18 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t9A7w-0005FB-So for guix-patches@gnu.org; Thu, 07 Nov 2024 16:33:16 -0500 Received: from mail-4322.protonmail.ch ([185.70.43.22]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t9A7u-0000Sm-JO for guix-patches@gnu.org; Thu, 07 Nov 2024 16:33:16 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1731015190; x=1731274390; bh=QwJ/l4X6yYU/e7gepgF4p9Y/FpVf52wbR8iWVdWajJI=; h=Date:To:From:Cc:Subject:Message-ID:Feedback-ID:From:To:Cc:Date: Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector: List-Unsubscribe:List-Unsubscribe-Post; b=iLYS9OO3jBXY8SX0MZsa+i7PghY+R5pssdOVejFwDrmGVRxqBfqsQHrPH4F8gD+sL Hpaa7QNkYRqsAvVEDr1ZrC6/+ggFNv04V7xnOPupfkuzHZyfR/Cmp+BclZncCU3gsw 1C948dAx2ztJnSD6DcIKxlx5NeGuUIbf3aa/rQHJPpElsW4UUTPhsI6JLhCyxSMUqL eMR+P/dANauVI3TU3d02BL+C+TDDwKqYslWSSCsnUZJB5wdfIBp0nJRpG4Y1FJaUzo lPWseXy/1ok7Ev7hUpfPOUWqG5f7TjlR9C4x7EDDjheNafrJXxb1Nc1c73G/uQa+3J FPzwA5uC42J2Q== Date: Thu, 07 Nov 2024 21:33:03 +0000 To: guix-patches@gnu.org From: Kaelyn Takata Subject: [PATCH 0/3] Update xorg-server and xwayland for CVE-2024-9632. Message-ID: Feedback-ID: 34709329:user:proton X-Pm-Message-ID: 7d83d0426ffff9fc322ba1d059f2465b5be07ca4 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=185.70.43.22; envelope-from=kaelyn.alexi@protonmail.com; helo=mail-4322.protonmail.ch X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit Cc: Kaelyn Takata X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) This patch series updates xorg-server and xorg-server-xwayland to their lat= est versions to fix CVE-2024-9632, which Red Hat has rated "7.8 High" according= to https://nvd.nist.gov/vuln/detail/CVE-2024-9632. The updated Xwayland depends on a newer version of presentproto than is available in the current xorgproto package, so I added xorgproto-next to satisfy Xwayland's dependency while avoiding triggering 10761 additional package rebuilds. Kaelyn Takata (3): gnu: xorg-server: Update to 21.1.14. [security fixes] gnu: Add xorgproto-next. gnu: xorg-server-xwayland: Update to 24.1.4 [security fixes]. gnu/packages/xorg.scm | 35 ++++++++++++++++++++++++++++------- 1 file changed, 28 insertions(+), 7 deletions(-) base-commit: 2a6d96425eea57dc6dd48a2bec16743046e32e06 -- 2.46.0 From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 07 16:41:41 2024 Received: (at 74248) by debbugs.gnu.org; 7 Nov 2024 21:41:41 +0000 Received: from localhost ([127.0.0.1]:49827 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t9AG5-0005kD-6x for submit@debbugs.gnu.org; Thu, 07 Nov 2024 16:41:41 -0500 Received: from mail-40133.protonmail.ch ([185.70.40.133]:60071) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t9AG2-0005jx-T1 for 74248@debbugs.gnu.org; Thu, 07 Nov 2024 16:41:40 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1731015692; x=1731274892; bh=J1JJhZfgcIY+28nHz0BLtYF++V/zUysOQqXe0sS0/vA=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector:List-Unsubscribe:List-Unsubscribe-Post; b=hgdLL6AxoPPEPUK0olqMKLxnkrRWhTDYl+BPkZrD4Xhwj817Nj7i9S4h6uPq1lRCB LemEV1qnrdzWMkNs+Sj7AcGM8NKb8jZoDNgvHNdVPfkRIg4o3qoJGOTEnN76SOsKzH +TBRzUA0W/Edd244VOpQ0W+MeKfirVlfnd+zeaYNx10RKcLoBBa1qWOAPXJ2hZg1vb 2/Vt+qB6haTJNjWs3PYUpi3O8QwJSrxqZWhEM3NPT3ymy1xwLAz2WLA+pBLi4KqAw/ Xp9bcqBgljC4dnI8sjNmqmZArAmj3R6zE3oKNkG/Oy7lz1uO6GErNHwjtEPXvOW/i/ UOCNXZ4l09lnA== Date: Thu, 07 Nov 2024 21:41:27 +0000 To: 74248@debbugs.gnu.org From: Kaelyn Takata Subject: [PATCH 1/3] gnu: xorg-server: Update to 21.1.14. [security fixes] Message-ID: In-Reply-To: References: Feedback-ID: 34709329:user:proton X-Pm-Message-ID: 17ed34ea5c37a68e5b0d567a2d6803dffcff0215 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 74248 Cc: Kaelyn Takata X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) This fixes CVE-2024-9632. * gnu/packages/xorg.scm (xorg-server): Update to 21.1.14. Change-Id: I35fdd57991eef89fe339a0f79d361e05985187ce --- gnu/packages/xorg.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index 0de08a4ad1..1c5201a836 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -5017,7 +5017,7 @@ (define-public libxcvt (define-public xorg-server (package (name "xorg-server") - (version "21.1.12") + (version "21.1.14") (source (origin (method url-fetch) @@ -5025,7 +5025,7 @@ (define-public xorg-server "/xserver/xorg-server-" version ".tar.xz")) (sha256 (base32 - "03x954bygi6sdynk5yy3yvsfhg6i9gjhisn3x9jxvk5mw4mnw08y")) + "0dgfajrnkr8d61z1fjn249s3q1pm23v9w2f1aqb7sx64pp7048cg")) (patches (list ;; See: --=20 2.46.0 From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 07 16:41:45 2024 Received: (at 74248) by debbugs.gnu.org; 7 Nov 2024 21:41:45 +0000 Received: from localhost ([127.0.0.1]:49831 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t9AG9-0005kU-GY for submit@debbugs.gnu.org; Thu, 07 Nov 2024 16:41:45 -0500 Received: from mail-40131.protonmail.ch ([185.70.40.131]:57511) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t9AG7-0005k4-O8 for 74248@debbugs.gnu.org; Thu, 07 Nov 2024 16:41:44 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1731015697; x=1731274897; bh=DUOadUcBWBajRdVL2nx8jZ5dsAjNRtvtYokhM9Xzwy4=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector:List-Unsubscribe:List-Unsubscribe-Post; b=LUKiAdCDt7hn5a2bEmoPF2CYUxhT+M6+KgUseiRUiOJ6JaD/JMeHFe53ZNj5YfaiM bFk6et7X9tNcMHBOhAxbUnHIYueoZNjtkRnveF4nzLwjBS21E3h067snwd1CV6iUrR lPlSLIWY/BLRP3TLTUIV+wWj6/1IvATzs+x/Ka0mhHfCuIDC6B164Pe7KXEPDNLA3v kTqtrUfwAdun0oxva77RDw70lppAKyIOmp9Tf3EpV3uZMcgaSMYe/liwJG5lszcAhv q4GUMMGz5fYKfCiIdRy8/EJej7UMCWI2NPAgU8sRJtSkDtirh5Us8PYjcuQTcCLVBW psTgWP5Ih5WKg== Date: Thu, 07 Nov 2024 21:41:34 +0000 To: 74248@debbugs.gnu.org From: Kaelyn Takata Subject: [PATCH 2/3] gnu: Add xorgproto-next. Message-ID: <13c254e76ee10c819fba0cd2aa9979648a0f9317.1731011374.git.kaelyn.alexi@protonmail.com> In-Reply-To: References: Feedback-ID: 34709329:user:proton X-Pm-Message-ID: 04d1d4186966214f33ef6a6b081af59d1db51775 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 74248 Cc: Kaelyn Takata X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/packages/xorg.scm (xorgproto-next): New variable. Change-Id: Ib546f911c717611a1dbe10ef6f02e47e00e88a51 --- gnu/packages/xorg.scm | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index 1c5201a836..97a2d8a78a 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -264,6 +264,28 @@ (define-public xorgproto the core protocol and (many) extensions for the X Window System.") (license license:x11))) =20 +(define-public xorgproto-next + (package + (name "xorgproto") + (version "2024.1") + (source (origin + (method url-fetch) + (uri (string-append "mirror://xorg/individual/proto" + "/xorgproto-" version ".tar.xz")) + (sha256 + (base32 + "0nfbbi4j130m2gxzp20hp642xizbbl68jpbzahiq8nw183yja8ip")))) + (build-system gnu-build-system) + (propagated-inputs + ;; To get util-macros in (almost?) all package inputs. + (list util-macros)) + (home-page "https://cgit.freedesktop.org/xorg/proto/xorgproto") + (synopsis "Xorg protocol headers") + (description + "This package provides the headers and specification documents defini= ng +the core protocol and (many) extensions for the X Window System.") + (license license:x11))) + (define-public bigreqsproto (package (name "bigreqsproto") --=20 2.46.0 From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 07 16:41:50 2024 Received: (at 74248) by debbugs.gnu.org; 7 Nov 2024 21:41:50 +0000 Received: from localhost ([127.0.0.1]:49836 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t9AGD-0005kq-SI for submit@debbugs.gnu.org; Thu, 07 Nov 2024 16:41:50 -0500 Received: from mail-4322.protonmail.ch ([185.70.43.22]:31813) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t9AGB-0005kL-Mz for 74248@debbugs.gnu.org; Thu, 07 Nov 2024 16:41:48 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1731015701; x=1731274901; bh=K6piZ1J+o0oOJ4Ls30FmQisn0afhVUYLP48JVBSxicU=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector:List-Unsubscribe:List-Unsubscribe-Post; b=GZ/d49nvHnQzTITFytq14BGEB7R6Dlz6nV87OXIf29wogQobmwWdWKes3UeDc4cSW OI6DKKHbma0R8LY2G07YVSLvwArZw9Ikeqi073DuGFR2ndhs82ex6zMvrfcu9gmteq V0pMy/AJieaiec10xfwG94l60VaDhocyJOJL2+hMkXRCuS4I8r08OyvUqBIAL3fp0c TY0CY/MiNEKL4KsuIpVc0ljkkPfg7nGYHjzvCx1Sf/spJXMpRyXYWvuPRbasfFo12z t+/N0slyK0sq9D4ERnAly4nMMvb8rxgoJntOf7BGQv8KL3ISOEf4dQnSb9ZA4rG3Ef xf2iMaAW10cbQ== Date: Thu, 07 Nov 2024 21:41:38 +0000 To: 74248@debbugs.gnu.org From: Kaelyn Takata Subject: [PATCH 3/3] gnu: xorg-server-xwayland: Update to 24.1.4 [security fixes]. Message-ID: In-Reply-To: References: Feedback-ID: 34709329:user:proton X-Pm-Message-ID: 89b77bf301fe59f00e88fa2b6fa1b28ad5153e74 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 74248 Cc: Kaelyn Takata X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) This fixes CVE-2024-9632. * gnu/packages/xorg.scm (xorg-server-xwayland): Update to 24.1.4. [inputs]: Replace xorgproto with xorgproto-next. [arguments]<#:configure-flags>: Remove unsupported flag. Change-Id: Ie8542fdbbf9a49a79df2b4cd7b9a919b2f547f5f --- gnu/packages/xorg.scm | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index 97a2d8a78a..4e833abb44 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -5295,7 +5295,7 @@ (define-public egl-wayland (define-public xorg-server-xwayland (package (name "xorg-server-xwayland") - (version "23.2.5") + (version "24.1.4") (source (origin (method url-fetch) @@ -5303,7 +5303,7 @@ (define-public xorg-server-xwayland "/xserver/xwayland-" version ".tar.xz")) (sha256 (base32 - "145xykwmyqkaa8zrbn5fnvnff67iral9mc5raamglnbsd3r7zv1k")))) + "1x1lmw1br3dxxfppfny1vkmk2l2vk5248i3k05smb7w1mgdphsnr")))) (inputs (list font-dejavu dbus egl-wayland @@ -5321,7 +5321,7 @@ (define-public xorg-server-xwayland wayland-protocols xkbcomp xkeyboard-config - xorgproto + xorgproto-next xtrans)) (native-inputs (cons pkg-config (if (%current-target-system) @@ -5333,8 +5333,7 @@ (define-public xorg-server-xwayland (build-system meson-build-system) (arguments `(#:configure-flags - (list "-Dxwayland_eglstream=3Dtrue" - (string-append "-Dxkb_dir=3D" + (list (string-append "-Dxkb_dir=3D" (assoc-ref %build-inputs "xkeyboard-config") "/share/X11/xkb") (string-append "-Dxkb_bin_dir=3D" --=20 2.46.0 From debbugs-submit-bounces@debbugs.gnu.org Wed Nov 27 17:30:31 2024 Received: (at 74248) by debbugs.gnu.org; 27 Nov 2024 22:30:31 +0000 Received: from localhost ([127.0.0.1]:35393 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tGQYJ-0007Mg-9a for submit@debbugs.gnu.org; Wed, 27 Nov 2024 17:30:31 -0500 Received: from gaia.aquilenet.fr ([185.233.100.2]:45796) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tGQYG-0007MP-Rn for 74248@debbugs.gnu.org; Wed, 27 Nov 2024 17:30:29 -0500 Received: from hera.aquilenet.fr (hera.aquilenet.fr [185.233.100.1]) by gaia.aquilenet.fr (Postfix) with ESMTP id 8B4FF53BA; Wed, 27 Nov 2024 23:30:21 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 5E4B5294; Wed, 27 Nov 2024 23:30:20 +0100 (CET) Authentication-Results: hera.aquilenet.fr; none X-Virus-Scanned: Debian amavis at hera.aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavis, port 10024) with ESMTP id d3H8gSlKilpq; Wed, 27 Nov 2024 23:30:18 +0100 (CET) Received: from jurong (unknown [IPv6:2001:861:c4:f2f0::c64]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 8308829C; Wed, 27 Nov 2024 23:30:14 +0100 (CET) Date: Wed, 27 Nov 2024 23:30:11 +0100 From: Andreas Enge To: 74248@debbugs.gnu.org Subject: Comment Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Spamd-Result: default: False [8.28 / 15.00]; SPAM_FLAG(5.00)[]; NEURAL_SPAM(3.00)[0.999]; MID_RHS_NOT_FQDN(0.50)[]; BAYES_HAM(-0.12)[67.02%]; MIME_GOOD(-0.10)[text/plain]; RCVD_VIA_SMTP_AUTH(0.00)[]; MIME_TRACE(0.00)[0:+]; TO_DN_SOME(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; ARC_NA(0.00)[] X-Spam-Level: ******** X-Rspamd-Action: add header X-Rspamd-Server: hera X-Rspamd-Queue-Id: 5E4B5294 X-Spamd-Bar: ++++++++ X-Spam: Yes X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 74248 Cc: Steve George X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hello, I just checked how many packages depend on xorg-server (650) and xorgproto (40). So I think there is no need for xorgproto-next, you could simply update xorgproto directly. Andreas From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 28 00:31:18 2024 Received: (at 74248-done) by debbugs.gnu.org; 28 Nov 2024 05:31:19 +0000 Received: from localhost ([127.0.0.1]:35989 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tGX7W-0002mg-GX for submit@debbugs.gnu.org; Thu, 28 Nov 2024 00:31:18 -0500 Received: from mail-40131.protonmail.ch ([185.70.40.131]:10357) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tGX7U-0002mM-A5 for 74248-done@debbugs.gnu.org; Thu, 28 Nov 2024 00:31:17 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1732771869; x=1733031069; bh=hwHy5lMdp5tUTJ8pAt18IywthPnDS2atotd36TcHOD0=; h=Date:To:From:Cc:Subject:Message-ID:Feedback-ID:From:To:Cc:Date: Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector: List-Unsubscribe:List-Unsubscribe-Post; b=AJ7eRNB+Yli7U7EpMw+6Gh1AmeC79S6xWb+WsvaZ1IqTf1kSEEacCiWr6e2VL92Jd wRmFaqYLTXoMLP8R2Q4xR13EEI0+Xuz3PABW640hDkhqKZ/Ab6foXXwA47rVJXxwg6 avfD4a0rVA6/7Hvzy/iN6tXdUJyymdfwoC10OwUfpIpVERSm7AjKeb0ow2o34OJnCP saxy5C66dg/9zAM9CKFLHC6RIfXNsksFJHW3YN/GoKunYJ9ExtnLNV8ZZ0fdFsFET5 Ecf75BxOqzPmX4kHgtqG/831hGiUoyFYnEOGzvFBbwIDP9poWMR2L64ngS/JRbQCVS kr73THw2p+W3A== Date: Thu, 28 Nov 2024 05:31:03 +0000 To: Kaelyn Takata From: John Kehayias Subject: Re: [bug#74248] [PATCH 0/3] Update xorg-server and xwayland for CVE-2024-9632. Message-ID: <87o71zsz59.fsf@protonmail.com> Feedback-ID: 7805494:user:proton X-Pm-Message-ID: 2966225e97c529fdfb60bd971a3a19f46e56d720 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 74248-done Cc: 74248-done@debbugs.gnu.org, Andreas Enge , Steve George X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Kaelyn, (Andreas: your message did not go to the original author; CC'ing you and Steve who you CC'ed in your message. If using debbugs through Emacs, for instance, make sure you do a "wide-reply" or else the author isn't included. I really wish a bug number email was an alias for a list.) On Thu, Nov 07, 2024 at 09:33 PM, Kaelyn Takata wrote: > This patch series updates xorg-server and xorg-server-xwayland to their l= atest > versions to fix CVE-2024-9632, which Red Hat has rated "7.8 High" accordi= ng to > https://nvd.nist.gov/vuln/detail/CVE-2024-9632. > > The updated Xwayland depends on a newer version of presentproto than is > available in the current xorgproto package, so I added xorgproto-next to > satisfy Xwayland's dependency while avoiding triggering 10761 additional > package rebuilds. > Thanks for the patches, sorry I missed this earlier. > Kaelyn Takata (3): > gnu: xorg-server: Update to 21.1.14. [security fixes] I've applied this now as dd4b96e72c8fda4b025a75b47212e06e381e9ea1 (with a minor change to move a period.) > gnu: Add xorgproto-next. > gnu: xorg-server-xwayland: Update to 24.1.4 [security fixes]. > These two look like they were done similarly by Danny in e6d1f571957e5668b844939070174aedf0bec673. CC'ing just to close the loop here. > gnu/packages/xorg.scm | 35 ++++++++++++++++++++++++++++------- > 1 file changed, 28 insertions(+), 7 deletions(-) > > > base-commit: 2a6d96425eea57dc6dd48a2bec16743046e32e06 > -- > 2.46.0 Thanks! John From unknown Sun Jun 22 01:01:29 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Thu, 26 Dec 2024 12:24:08 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator