unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
* [bug#74248] [PATCH 0/3] Update xorg-server and xwayland for CVE-2024-9632.
@ 2024-11-07 21:33 Kaelyn Takata via Guix-patches via
  2024-11-07 21:41 ` [bug#74248] [PATCH 1/3] gnu: xorg-server: Update to 21.1.14. [security fixes] Kaelyn Takata via Guix-patches via
                   ` (4 more replies)
  0 siblings, 5 replies; 6+ messages in thread
From: Kaelyn Takata via Guix-patches via @ 2024-11-07 21:33 UTC (permalink / raw)
  To: 74248; +Cc: Kaelyn Takata

This patch series updates xorg-server and xorg-server-xwayland to their latest
versions to fix CVE-2024-9632, which Red Hat has rated "7.8 High" according to
https://nvd.nist.gov/vuln/detail/CVE-2024-9632.

The updated Xwayland depends on a newer version of presentproto than is
available in the current xorgproto package, so I added xorgproto-next to
satisfy Xwayland's dependency while avoiding triggering 10761 additional
package rebuilds.

Kaelyn Takata (3):
  gnu: xorg-server: Update to 21.1.14. [security fixes]
  gnu: Add xorgproto-next.
  gnu: xorg-server-xwayland: Update to 24.1.4 [security fixes].

 gnu/packages/xorg.scm | 35 ++++++++++++++++++++++++++++-------
 1 file changed, 28 insertions(+), 7 deletions(-)


base-commit: 2a6d96425eea57dc6dd48a2bec16743046e32e06
--
2.46.0





^ permalink raw reply	[flat|nested] 6+ messages in thread

* [bug#74248] [PATCH 1/3] gnu: xorg-server: Update to 21.1.14. [security fixes]
  2024-11-07 21:33 [bug#74248] [PATCH 0/3] Update xorg-server and xwayland for CVE-2024-9632 Kaelyn Takata via Guix-patches via
@ 2024-11-07 21:41 ` Kaelyn Takata via Guix-patches via
  2024-11-07 21:41 ` [bug#74248] [PATCH 2/3] gnu: Add xorgproto-next Kaelyn Takata via Guix-patches via
                   ` (3 subsequent siblings)
  4 siblings, 0 replies; 6+ messages in thread
From: Kaelyn Takata via Guix-patches via @ 2024-11-07 21:41 UTC (permalink / raw)
  To: 74248; +Cc: Kaelyn Takata

This fixes CVE-2024-9632.

* gnu/packages/xorg.scm (xorg-server): Update to 21.1.14.

Change-Id: I35fdd57991eef89fe339a0f79d361e05985187ce
---
 gnu/packages/xorg.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 0de08a4ad1..1c5201a836 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -5017,7 +5017,7 @@ (define-public libxcvt
 (define-public xorg-server
   (package
     (name "xorg-server")
-    (version "21.1.12")
+    (version "21.1.14")
     (source
      (origin
        (method url-fetch)
@@ -5025,7 +5025,7 @@ (define-public xorg-server
                            "/xserver/xorg-server-" version ".tar.xz"))
        (sha256
         (base32
-         "03x954bygi6sdynk5yy3yvsfhg6i9gjhisn3x9jxvk5mw4mnw08y"))
+         "0dgfajrnkr8d61z1fjn249s3q1pm23v9w2f1aqb7sx64pp7048cg"))
        (patches
         (list
          ;; See:
-- 
2.46.0






^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [bug#74248] [PATCH 2/3] gnu: Add xorgproto-next.
  2024-11-07 21:33 [bug#74248] [PATCH 0/3] Update xorg-server and xwayland for CVE-2024-9632 Kaelyn Takata via Guix-patches via
  2024-11-07 21:41 ` [bug#74248] [PATCH 1/3] gnu: xorg-server: Update to 21.1.14. [security fixes] Kaelyn Takata via Guix-patches via
@ 2024-11-07 21:41 ` Kaelyn Takata via Guix-patches via
  2024-11-07 21:41 ` [bug#74248] [PATCH 3/3] gnu: xorg-server-xwayland: Update to 24.1.4 [security fixes] Kaelyn Takata via Guix-patches via
                   ` (2 subsequent siblings)
  4 siblings, 0 replies; 6+ messages in thread
From: Kaelyn Takata via Guix-patches via @ 2024-11-07 21:41 UTC (permalink / raw)
  To: 74248; +Cc: Kaelyn Takata

* gnu/packages/xorg.scm (xorgproto-next): New variable.

Change-Id: Ib546f911c717611a1dbe10ef6f02e47e00e88a51
---
 gnu/packages/xorg.scm | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 1c5201a836..97a2d8a78a 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -264,6 +264,28 @@ (define-public xorgproto
 the core protocol and (many) extensions for the X Window System.")
     (license license:x11)))
 
+(define-public xorgproto-next
+  (package
+    (name "xorgproto")
+    (version "2024.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://xorg/individual/proto"
+                                  "/xorgproto-" version ".tar.xz"))
+              (sha256
+               (base32
+                "0nfbbi4j130m2gxzp20hp642xizbbl68jpbzahiq8nw183yja8ip"))))
+    (build-system gnu-build-system)
+    (propagated-inputs
+     ;; To get util-macros in (almost?) all package inputs.
+     (list util-macros))
+    (home-page "https://cgit.freedesktop.org/xorg/proto/xorgproto")
+    (synopsis "Xorg protocol headers")
+    (description
+     "This package provides the headers and specification documents defining
+the core protocol and (many) extensions for the X Window System.")
+    (license license:x11)))
+
 (define-public bigreqsproto
   (package
     (name "bigreqsproto")
-- 
2.46.0






^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [bug#74248] [PATCH 3/3] gnu: xorg-server-xwayland: Update to 24.1.4 [security fixes].
  2024-11-07 21:33 [bug#74248] [PATCH 0/3] Update xorg-server and xwayland for CVE-2024-9632 Kaelyn Takata via Guix-patches via
  2024-11-07 21:41 ` [bug#74248] [PATCH 1/3] gnu: xorg-server: Update to 21.1.14. [security fixes] Kaelyn Takata via Guix-patches via
  2024-11-07 21:41 ` [bug#74248] [PATCH 2/3] gnu: Add xorgproto-next Kaelyn Takata via Guix-patches via
@ 2024-11-07 21:41 ` Kaelyn Takata via Guix-patches via
  2024-11-27 22:30 ` [bug#74248] Comment Andreas Enge
  2024-11-28  5:31 ` bug#74248: [PATCH 0/3] Update xorg-server and xwayland for CVE-2024-9632 John Kehayias via Guix-patches via
  4 siblings, 0 replies; 6+ messages in thread
From: Kaelyn Takata via Guix-patches via @ 2024-11-07 21:41 UTC (permalink / raw)
  To: 74248; +Cc: Kaelyn Takata

This fixes CVE-2024-9632.

* gnu/packages/xorg.scm (xorg-server-xwayland): Update to 24.1.4.
[inputs]: Replace xorgproto with xorgproto-next.
[arguments]<#:configure-flags>: Remove unsupported flag.

Change-Id: Ie8542fdbbf9a49a79df2b4cd7b9a919b2f547f5f
---
 gnu/packages/xorg.scm | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 97a2d8a78a..4e833abb44 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -5295,7 +5295,7 @@ (define-public egl-wayland
 (define-public xorg-server-xwayland
   (package
     (name "xorg-server-xwayland")
-    (version "23.2.5")
+    (version "24.1.4")
     (source
      (origin
        (method url-fetch)
@@ -5303,7 +5303,7 @@ (define-public xorg-server-xwayland
                            "/xserver/xwayland-" version ".tar.xz"))
        (sha256
         (base32
-         "145xykwmyqkaa8zrbn5fnvnff67iral9mc5raamglnbsd3r7zv1k"))))
+         "1x1lmw1br3dxxfppfny1vkmk2l2vk5248i3k05smb7w1mgdphsnr"))))
     (inputs (list font-dejavu
                   dbus
                   egl-wayland
@@ -5321,7 +5321,7 @@ (define-public xorg-server-xwayland
                   wayland-protocols
                   xkbcomp
                   xkeyboard-config
-                  xorgproto
+                  xorgproto-next
                   xtrans))
     (native-inputs (cons pkg-config
                          (if (%current-target-system)
@@ -5333,8 +5333,7 @@ (define-public xorg-server-xwayland
     (build-system meson-build-system)
     (arguments
      `(#:configure-flags
-       (list "-Dxwayland_eglstream=true"
-             (string-append "-Dxkb_dir="
+       (list (string-append "-Dxkb_dir="
                             (assoc-ref %build-inputs "xkeyboard-config")
                             "/share/X11/xkb")
              (string-append "-Dxkb_bin_dir="
-- 
2.46.0






^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [bug#74248] Comment
  2024-11-07 21:33 [bug#74248] [PATCH 0/3] Update xorg-server and xwayland for CVE-2024-9632 Kaelyn Takata via Guix-patches via
                   ` (2 preceding siblings ...)
  2024-11-07 21:41 ` [bug#74248] [PATCH 3/3] gnu: xorg-server-xwayland: Update to 24.1.4 [security fixes] Kaelyn Takata via Guix-patches via
@ 2024-11-27 22:30 ` Andreas Enge
  2024-11-28  5:31 ` bug#74248: [PATCH 0/3] Update xorg-server and xwayland for CVE-2024-9632 John Kehayias via Guix-patches via
  4 siblings, 0 replies; 6+ messages in thread
From: Andreas Enge @ 2024-11-27 22:30 UTC (permalink / raw)
  To: 74248; +Cc: Steve George

Hello,

I just checked how many packages depend on xorg-server (650) and
xorgproto (40). So I think there is no need for xorgproto-next, you could
simply update xorgproto directly.

Andreas





^ permalink raw reply	[flat|nested] 6+ messages in thread

* bug#74248: [PATCH 0/3] Update xorg-server and xwayland for CVE-2024-9632.
  2024-11-07 21:33 [bug#74248] [PATCH 0/3] Update xorg-server and xwayland for CVE-2024-9632 Kaelyn Takata via Guix-patches via
                   ` (3 preceding siblings ...)
  2024-11-27 22:30 ` [bug#74248] Comment Andreas Enge
@ 2024-11-28  5:31 ` John Kehayias via Guix-patches via
  4 siblings, 0 replies; 6+ messages in thread
From: John Kehayias via Guix-patches via @ 2024-11-28  5:31 UTC (permalink / raw)
  To: Kaelyn Takata; +Cc: 74248-done, Andreas Enge, Steve George

Hi Kaelyn,

(Andreas: your message did not go to the original author; CC'ing you and
Steve who you CC'ed in your message. If using debbugs through Emacs, for
instance, make sure you do a "wide-reply" or else the author isn't
included. I really wish a bug number email was an alias for a list.)

On Thu, Nov 07, 2024 at 09:33 PM, Kaelyn Takata wrote:

> This patch series updates xorg-server and xorg-server-xwayland to their latest
> versions to fix CVE-2024-9632, which Red Hat has rated "7.8 High" according to
> https://nvd.nist.gov/vuln/detail/CVE-2024-9632.
>
> The updated Xwayland depends on a newer version of presentproto than is
> available in the current xorgproto package, so I added xorgproto-next to
> satisfy Xwayland's dependency while avoiding triggering 10761 additional
> package rebuilds.
>

Thanks for the patches, sorry I missed this earlier.

> Kaelyn Takata (3):
>   gnu: xorg-server: Update to 21.1.14. [security fixes]

I've applied this now as dd4b96e72c8fda4b025a75b47212e06e381e9ea1 (with
a minor change to move a period.)

>   gnu: Add xorgproto-next.
>   gnu: xorg-server-xwayland: Update to 24.1.4 [security fixes].
>

These two look like they were done similarly by Danny in
e6d1f571957e5668b844939070174aedf0bec673. CC'ing just to close the loop
here.

>  gnu/packages/xorg.scm | 35 ++++++++++++++++++++++++++++-------
>  1 file changed, 28 insertions(+), 7 deletions(-)
>
>
> base-commit: 2a6d96425eea57dc6dd48a2bec16743046e32e06
> --
> 2.46.0

Thanks!
John





^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2024-11-28  5:32 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-11-07 21:33 [bug#74248] [PATCH 0/3] Update xorg-server and xwayland for CVE-2024-9632 Kaelyn Takata via Guix-patches via
2024-11-07 21:41 ` [bug#74248] [PATCH 1/3] gnu: xorg-server: Update to 21.1.14. [security fixes] Kaelyn Takata via Guix-patches via
2024-11-07 21:41 ` [bug#74248] [PATCH 2/3] gnu: Add xorgproto-next Kaelyn Takata via Guix-patches via
2024-11-07 21:41 ` [bug#74248] [PATCH 3/3] gnu: xorg-server-xwayland: Update to 24.1.4 [security fixes] Kaelyn Takata via Guix-patches via
2024-11-27 22:30 ` [bug#74248] Comment Andreas Enge
2024-11-28  5:31 ` bug#74248: [PATCH 0/3] Update xorg-server and xwayland for CVE-2024-9632 John Kehayias via Guix-patches via

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).