GNU bug report logs - #64116
[PATCH] gnu: libx11: Replace with 1.8.6 [security and bug fixes]

Previous Next

Package: guix-patches;

Reported by: Kaelyn Takata <kaelyn.alexi <at> protonmail.com>

Date: Fri, 16 Jun 2023 18:49:02 UTC

Severity: normal

Tags: patch

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 64116 in the body.
You can then email your comments to 64116 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to guix-patches <at> gnu.org:
bug#64116; Package guix-patches. (Fri, 16 Jun 2023 18:49:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Kaelyn Takata <kaelyn.alexi <at> protonmail.com>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Fri, 16 Jun 2023 18:49:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Kaelyn Takata <kaelyn.alexi <at> protonmail.com>
To: guix-patches <at> gnu.org
Cc: Kaelyn Takata <kaelyn.alexi <at> protonmail.com>
Subject: [PATCH] gnu: libx11: Replace with 1.8.6 [security and bug fixes]
Date: Fri, 16 Jun 2023 18:47:52 +0000

Includes fix for: CVE-2023-3138.

* gnu/packages/xorg.scm (libx11-fixed): New variable.
(libx11)[replacement]: Graft.
---
 gnu/packages/xorg.scm | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index e1a7cf96f9..49a70b1e07 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -5254,6 +5254,7 @@ (define-public libx11
   (package
     (name "libx11")
     (version "1.8.1")
+    (replacement libx11-fixed) ; security fixes
     (source
      (origin
        (method url-fetch)
@@ -5283,6 +5284,19 @@ (define-public libx11
     (description "Xorg Core X11 protocol client library.")
     (license license:x11)))

+(define-public libx11-fixed
+  (package
+    (inherit libx11)
+    (version "1.8.6")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://xorg/individual/lib/libX11-"
+                           version ".tar.xz"))
+       (sha256
+        (base32
+         "1jawl8zp1h7hdmxx1sc6kmxkki187d9yixr2l03ai6wqqry5nlsr"))))))
+
 ;; packages of height 5 in the propagated-inputs tree

 (define-public libxcursor

base-commit: 31336e9f5d68512a9c1c6826bce9f17c892a2125
--
2.40.1
Reply sent to Maxim Cournoyer <maxim.cournoyer <at> gmail.com>:
You have taken responsibility. (Sat, 02 Sep 2023 18:51:02 GMT) Full text and rfc822 format available.
Notification sent to Kaelyn Takata <kaelyn.alexi <at> protonmail.com>:
bug acknowledged by developer. (Sat, 02 Sep 2023 18:51:02 GMT) Full text and rfc822 format available.

Message #10 received at 64116-done <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Kaelyn Takata <kaelyn.alexi <at> protonmail.com>
Cc: 64116-done <at> debbugs.gnu.org
Subject: Re: bug#64116: [PATCH] gnu: libx11: Replace with 1.8.6 [security
 and bug fixes]
Date: Sat, 02 Sep 2023 14:49:50 -0400

Hi,

Kaelyn Takata <kaelyn.alexi <at> protonmail.com> writes:

> Includes fix for: CVE-2023-3138.
>
> * gnu/packages/xorg.scm (libx11-fixed): New variable.
> (libx11)[replacement]: Graft.

Installed, thank you!

-- 
Maxim
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Sun, 01 Oct 2023 11:24:09 GMT) Full text and rfc822 format available.
This bug report was last modified 1 year and 222 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.