mbox series

[bug#68520,0/2] Security update for xorg-server and xorg-server-xwayland

Message ID cover.1705445709.git.kaelyn.alexi@protonmail.com
Headers show
Series Security update for xorg-server and xorg-server-xwayland | expand

Message

Kaelyn Takata Jan. 16, 2024, 10:58 p.m. UTC
Update both xorg-server and xorg-server-xwayland to 21.1.11 and 23.2.4
respectively to address six security issues described in the release
announcement / security advisory from 2024-01-16:
https://lists.x.org/archives/xorg/2024-January/061525.html

Kaelyn Takata (2):
  gnu: xorg-server: Update to 21.1.11 [security fixes].
  gnu: xorg-server-xwayland: Update to 23.2.4 [security fixes].

 gnu/packages/xorg.scm | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)


base-commit: 20606ca9af1ac019073f4ed872a9ad9960ff0725
--
2.41.0

Comments

Kaelyn Takata Jan. 16, 2024, 11:37 p.m. UTC | #1
Hi,

I just realized that with this patch series, along with my previous xorg.scm updates (commits 3080abba40 and 158502e40d) I forgot to add to the top of the file:

;;; Copyright © 2023, 2024 Kaelyn Takata <kaelyn.alexi@protonmail.com>

To be fair, I'm not too particular about the attribution for basic package updates--but I also know copyright is never a simple issue.

Cheers,
Kaelyn
John Kehayias Jan. 20, 2024, 10:01 p.m. UTC | #2
Hi Kaelyn

On Tue, Jan 16, 2024 at 11:37 PM, Kaelyn wrote:

> Hi,
>
> I just realized that with this patch series, along with my previous

Thanks for the quick work on these patches! I saw the security notice
but glad I checked the bug tracker first, made things even easier :)

By the way, this isn't mentioned anywhere but I think we should make it
a policy to CC (or directly only, if the need arises) the guix-security
mailing list. I'll try to make that happen.

> xorg.scm updates (commits 3080abba40 and 158502e40d) I forgot to add
> to the top of the file:
>
> ;;; Copyright © 2023, 2024 Kaelyn Takata <kaelyn.alexi@protonmail.com>
>

I added it to ed6ff0ec7b6fe65a3cd7d40b1f301f8def6fb8e3 (first commit)
with a note that the copyright line is a followup to those previous
commits as well. Hopefully that covers it!

And committed the second patch as
c79ffe25e98607d6803f960d5187e4098e1dc7c2.

> To be fair, I'm not too particular about the attribution for basic
> package updates--but I also know copyright is never a simple issue.
>

I'm not too particular either for my own, but I do think it is good to
have it clear especially when committing changes for someone else.
Though it is in the git log, too.

> Cheers,
> Kaelyn

Thanks again!
John