diff mbox series

[bug#52562] gnu: xorg-server: Update to 21.1.2.

Message ID Yb+Wgyi8foI1xAIT@jasmine.lan
State Accepted
Headers show
Series [bug#52562] gnu: xorg-server: Update to 21.1.2. | expand

Checks

Context Check Description
cbaines/applying patch fail View Laminar job
cbaines/issue success View issue

Commit Message

Leo Famulari Dec. 19, 2021, 8:30 p.m. UTC 
On Sat, Dec 18, 2021 at 11:56:53PM -0500, Leo Famulari wrote:
> Sure, I intend to land the patch in the next day or so.

Alright, with the attached patch, X works in my tests, and
xorg-server-for-tests is unchanged.

It would be great to get some more testing from other X users.

I tested with QEMU, using our VM image template:

`guix environment guix -- ./pre-inst-env guix system vm-image --image-size=20G -t qcow2 gnu/system/examples/vm-image.tmpl`

I can't test on bare metal due to <https://issues.guix.gnu.org/52051>.
From 2b597e7887be70a0faaa04b9dabd69030dca6614 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Sat, 18 Dec 2021 15:30:41 -0500
Subject: [PATCH] gnu: xorg-server: Update to 21.1.2.

* gnu/packages/xorg.scm (xorg-server): Update to 21.1.2.
(xorg-server-for-tests): Use version 21.1.1.
---
 gnu/packages/xorg.scm | 30 ++++++++++++++++++++++++++----
 1 file changed, 26 insertions(+), 4 deletions(-)

Comments

Leo Famulari Dec. 21, 2021, 5:36 p.m. UTC | #1 
On Sun, Dec 19, 2021 at 03:30:59PM -0500, Leo Famulari wrote:
> It would be great to get some more testing from other X users.

In case anybody is wondering about the security issues, the commit
message has been amended like this in my tree:

------
gnu: xorg-server: Update to 21.1.2 [fixes CVE-2021-{4008,4009,4010,4011}].

* gnu/packages/xorg.scm (xorg-server): Update to 21.1.2.
(xorg-server-for-tests): Use version 21.1.1.
------
Leo Famulari Dec. 21, 2021, 5:47 p.m. UTC | #2 
On Tue, Dec 21, 2021 at 12:36:39PM -0500, Leo Famulari wrote:
> On Sun, Dec 19, 2021 at 03:30:59PM -0500, Leo Famulari wrote:
> > It would be great to get some more testing from other X users.
> 
> In case anybody is wondering about the security issues, the commit
> message has been amended like this in my tree:

And, we may have a solution for the login timeout that has been
preventing testing for many of us. A patch for #52051 has been proposed:

https://issues.guix.gnu.org/issue/52051#29
Leo Famulari Dec. 21, 2021, 7:09 p.m. UTC | #3 
On Tue, Dec 21, 2021 at 12:47:38PM -0500, Leo Famulari wrote:
> On Tue, Dec 21, 2021 at 12:36:39PM -0500, Leo Famulari wrote:
> > On Sun, Dec 19, 2021 at 03:30:59PM -0500, Leo Famulari wrote:
> > > It would be great to get some more testing from other X users.
> > 
> > In case anybody is wondering about the security issues, the commit
> > message has been amended like this in my tree:
> 
> And, we may have a solution for the login timeout that has been
> preventing testing for many of us. A patch for #52051 has been proposed:
> 
> https://issues.guix.gnu.org/issue/52051#29

Alright, with the fix for #52051, I successfully used xorg-server 21.1.2
on my laptop.
Josselin Poiret Dec. 22, 2021, 1:56 p.m. UTC | #4 
Hello,

Leo Famulari <leo@famulari.name> writes:
> In case anybody is wondering about the security issues, the commit
> message has been amended like this in my tree:
>
> ------
> gnu: xorg-server: Update to 21.1.2 [fixes CVE-2021-{4008,4009,4010,4011}].
>
> * gnu/packages/xorg.scm (xorg-server): Update to 21.1.2.
> (xorg-server-for-tests): Use version 21.1.1.
> ------

Just pitching in to say that those CVE numbers should be fully typed
instead of using shell expansion-style, so that one can run `git log
--grep=CVE-2021-4008`.  Note that these can be in the commit message
body.
Leo Famulari Dec. 22, 2021, 5:19 p.m. UTC | #5 
On Wed, Dec 22, 2021 at 02:56:19PM +0100, Josselin Poiret wrote:
> Just pitching in to say that those CVE numbers should be fully typed
> instead of using shell expansion-style, so that one can run `git log
> --grep=CVE-2021-4008`.  Note that these can be in the commit message
> body.

Okay. Can you help test the patch itself?
Leo Famulari Dec. 22, 2021, 11:38 p.m. UTC | #6 
On Tue, Dec 21, 2021 at 12:36:39PM -0500, Leo Famulari wrote:
> ------
> gnu: xorg-server: Update to 21.1.2 [fixes CVE-2021-{4008,4009,4010,4011}].
> 
> * gnu/packages/xorg.scm (xorg-server): Update to 21.1.2.
> (xorg-server-for-tests): Use version 21.1.1.
> ------

Pushed as 0751451ae3a77977916b67577837349219d482ec
diff mbox series

Patch

diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 9a854bcbf8..b09d95f770 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -5235,16 +5235,15 @@  (define-public libxcvt
 (define-public xorg-server
   (package
     (name "xorg-server")
-    (version "21.1.1")
+    (version "21.1.2")
     (source
      (origin
        (method url-fetch)
-
        (uri (string-append "https://xorg.freedesktop.org/archive/individual"
                            "/xserver/xorg-server-" version ".tar.xz"))
        (sha256
         (base32
-         "0md7dqsc5qb30gym06c4zc2cjsdc5ps8nywk1bkcpix05kppybkq"))
+         "1c4dgvpv3kib8rhw37b00vc056nlb1z66c2lwzs4prz8kxmg82y2"))
        (patches
         (list
          ;; See:
@@ -5361,7 +5360,30 @@  (define-public xorg-server
 (define-public xorg-server-for-tests
   (hidden-package
    (package
-     (inherit xorg-server))))
+     (inherit xorg-server)
+     (version "21.1.1")
+     (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "https://xorg.freedesktop.org/archive/individual"
+                            "/xserver/xorg-server-" version ".tar.xz"))
+        (sha256
+         (base32
+          "0md7dqsc5qb30gym06c4zc2cjsdc5ps8nywk1bkcpix05kppybkq"))
+        (patches
+         (list
+          ;; See:
+          ;;   https://lists.fedoraproject.org/archives/list/devel@lists.
+          ;;      fedoraproject.org/message/JU655YB7AM4OOEQ4MOMCRHJTYJ76VFOK/
+          (origin
+            (method url-fetch)
+            (uri (string-append
+                  "http://pkgs.fedoraproject.org/cgit/rpms/xorg-x11-server.git"
+                  "/plain/06_use-intel-only-on-pre-gen4.diff"))
+            (sha256
+             (base32
+              "0mm70y058r8s9y9jiv7q2myv0ycnaw3iqzm7d274410s0ik38w7q"))
+            (file-name "xorg-server-use-intel-only-on-pre-gen4.diff")))))))))
 
 (define-public eglexternalplatform
   (package