diff mbox series

[bug#67047] gnu: xorg-server: Update to 21.1.9.

Message ID 80e916fe13f864ec59afe3b8e517dce2bf3b7718.1699634744.git.kaelyn.alexi@protonmail.com
State New
Headers show
Series [bug#67047] gnu: xorg-server: Update to 21.1.9. | expand

Commit Message

Kaelyn Takata Nov. 10, 2023, 4:46 p.m. UTC 
Fixes CVE-2023-5367 and CVE-2023-5380.  See the X.Org security advisory
<https://lists.x.org/archives/xorg/2023-October/003430.html> for more
information.

* gnu/packages/xorg.scm (xorg-server): Update to 21.1.9.

Change-Id: I5786210cf1e5de4d603155fbbd076763e7ae3447
---
 gnu/packages/xorg.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


base-commit: bb3ab24a296ffa5273b2e82a02ed057e90c095f3

Comments

Kaelyn Takata Nov. 27, 2023, 8:46 p.m. UTC | #1 
Hi,

I wanted to bring folks' attention to https://issues.guix.gnu.org/67047 which updates xorg-server, including a number of security fixes. The patch has been pending for about 17 days now, and while the QA badge reports "failed" I just spot-checked some of the failures and they seem to be unrelated (e.g. a lot of builds going from unknown to blocked or vice versa, the one new failure for aarch64 being a large download test in the onionshare package, etc). 

Is there anything I can do to help the process along? It may also be worth noting that "guix refresh -l xorg-server" reports 125 rebuilds. I also checked and the update to xorg-server does not appear to alter the derivation for the xorg-server-for-tests (which is still at version 21.1.1).

Cheers,
Kaelyn
John Kehayias Nov. 28, 2023, 5:21 a.m. UTC | #2 
Dear Kaelyn,

On Mon, Nov 27, 2023 at 08:46 PM, Kaelyn wrote:

> Hi,
>
> I wanted to bring folks' attention to
> <https://issues.guix.gnu.org/67047> which updates xorg-server, including
> a number of security fixes. The patch has been pending for about 17
> days now, and while the QA badge reports "failed" I just spot-checked
> some of the failures and they seem to be unrelated (e.g. a lot of
> builds going from unknown to blocked or vice versa, the one new
> failure for aarch64 being a large download test in the onionshare
> package, etc).
>

Thanks for the update. Yes, QA looked good to me too, all things
considered.

> Is there anything I can do to help the process along? It may also be
> worth noting that "guix refresh -l xorg-server" reports 125 rebuilds.
> I also checked and the update to xorg-server does not appear to alter
> the derivation for the xorg-server-for-tests (which is still at
> version 21.1.1).
>
> Cheers,
> Kaelyn

No, you did exactly what you needed to. I did see this patch when it
came in and was just giving a bit for QA to do the builds. That took
longer, I got distracted hoping I could merge mesa-updates first, then
hit CI delays...all that is to say I should have communicated I had
this on my radar.

Sorry about that! I appreciate the patch and the nudge.

Pushed as 06e0f638abd36f816a221af4542ca4a850d7af2d with a minor tweak
to the commit message to note [security fixes] at the top. I built it
locally for x86_64 with mesa-updates merged.

Which reminds me to make sure we have a way to flagging security
updates just like other teams/tags and get them priority. Now on the
security team, it is a first priority.

Thanks again!
John
diff mbox series

Patch

diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index f65ffa7476..b30e5c1f07 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -5029,7 +5029,7 @@  (define-public libxcvt
 (define-public xorg-server
   (package
     (name "xorg-server")
-    (version "21.1.4")
+    (version "21.1.9")
     (source
      (origin
        (method url-fetch)
@@ -5037,7 +5037,7 @@  (define-public xorg-server
                            "/xserver/xorg-server-" version ".tar.xz"))
        (sha256
         (base32
-         "11y5w6z3rz3i4jyv0wc3scd2jh3bsmcklq0fm7a5invywj7bxi2w"))
+         "0fjk9ggcrn96blq0bm80739yj23s3gjjjsc0nxk4jk0v07i7nsgz"))
        (patches
         (list
          ;; See: