GNU bug report logs -
#67047
[PATCH] gnu: xorg-server: Update to 21.1.9.
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 67047 in the body.
You can then email your comments to 67047 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#67047; Package
guix-patches.
(Fri, 10 Nov 2023 16:48:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Kaelyn Takata <kaelyn.alexi <at> protonmail.com>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Fri, 10 Nov 2023 16:48:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Fixes CVE-2023-5367 and CVE-2023-5380. See the X.Org security advisory
<https://lists.x.org/archives/xorg/2023-October/003430.html> for more
information.
* gnu/packages/xorg.scm (xorg-server): Update to 21.1.9.
Change-Id: I5786210cf1e5de4d603155fbbd076763e7ae3447
---
gnu/packages/xorg.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index f65ffa7476..b30e5c1f07 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -5029,7 +5029,7 @@ (define-public libxcvt
(define-public xorg-server
(package
(name "xorg-server")
- (version "21.1.4")
+ (version "21.1.9")
(source
(origin
(method url-fetch)
@@ -5037,7 +5037,7 @@ (define-public xorg-server
"/xserver/xorg-server-" version ".tar.xz"))
(sha256
(base32
- "11y5w6z3rz3i4jyv0wc3scd2jh3bsmcklq0fm7a5invywj7bxi2w"))
+ "0fjk9ggcrn96blq0bm80739yj23s3gjjjsc0nxk4jk0v07i7nsgz"))
(patches
(list
;; See:
base-commit: bb3ab24a296ffa5273b2e82a02ed057e90c095f3
--
2.41.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#67047; Package
guix-patches.
(Mon, 27 Nov 2023 20:47:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 67047 <at> debbugs.gnu.org (full text, mbox):
Hi,
I wanted to bring folks' attention to https://issues.guix.gnu.org/67047 which updates xorg-server, including a number of security fixes. The patch has been pending for about 17 days now, and while the QA badge reports "failed" I just spot-checked some of the failures and they seem to be unrelated (e.g. a lot of builds going from unknown to blocked or vice versa, the one new failure for aarch64 being a large download test in the onionshare package, etc).
Is there anything I can do to help the process along? It may also be worth noting that "guix refresh -l xorg-server" reports 125 rebuilds. I also checked and the update to xorg-server does not appear to alter the derivation for the xorg-server-for-tests (which is still at version 21.1.1).
Cheers,
Kaelyn
Reply sent
to
John Kehayias <john.kehayias <at> protonmail.com>:
You have taken responsibility.
(Tue, 28 Nov 2023 05:22:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Kaelyn Takata <kaelyn.alexi <at> protonmail.com>:
bug acknowledged by developer.
(Tue, 28 Nov 2023 05:22:02 GMT)
Full text and
rfc822 format available.
Message #13 received at 67047-done <at> debbugs.gnu.org (full text, mbox):
Dear Kaelyn,
On Mon, Nov 27, 2023 at 08:46 PM, Kaelyn wrote:
> Hi,
>
> I wanted to bring folks' attention to
> <https://issues.guix.gnu.org/67047> which updates xorg-server, including
> a number of security fixes. The patch has been pending for about 17
> days now, and while the QA badge reports "failed" I just spot-checked
> some of the failures and they seem to be unrelated (e.g. a lot of
> builds going from unknown to blocked or vice versa, the one new
> failure for aarch64 being a large download test in the onionshare
> package, etc).
>
Thanks for the update. Yes, QA looked good to me too, all things
considered.
> Is there anything I can do to help the process along? It may also be
> worth noting that "guix refresh -l xorg-server" reports 125 rebuilds.
> I also checked and the update to xorg-server does not appear to alter
> the derivation for the xorg-server-for-tests (which is still at
> version 21.1.1).
>
> Cheers,
> Kaelyn
No, you did exactly what you needed to. I did see this patch when it
came in and was just giving a bit for QA to do the builds. That took
longer, I got distracted hoping I could merge mesa-updates first, then
hit CI delays...all that is to say I should have communicated I had
this on my radar.
Sorry about that! I appreciate the patch and the nudge.
Pushed as 06e0f638abd36f816a221af4542ca4a850d7af2d with a minor tweak
to the commit message to note [security fixes] at the top. I built it
locally for x86_64 with mesa-updates merged.
Which reminds me to make sure we have a way to flagging security
updates just like other teams/tags and get them priority. Now on the
security team, it is a first priority.
Thanks again!
John
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Tue, 26 Dec 2023 12:24:09 GMT)
Full text and
rfc822 format available.
This bug report was last modified 1 year and 135 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.