* [bug#52562] [PATCH] gnu: xorg-server: Update to 21.1.2.
@ 2021-12-16 23:29 Kaelyn Takata via Guix-patches via
2021-12-18 15:23 ` Kaelyn via Guix-patches via
2021-12-18 20:40 ` Leo Famulari
0 siblings, 2 replies; 12+ messages in thread
From: Kaelyn Takata via Guix-patches via @ 2021-12-16 23:29 UTC (permalink / raw)
To: 52562; +Cc: Kaelyn Takata
* gnu/packages/xorg.scm (xorg-server): Update to 21.1.2.
---
gnu/packages/xorg.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 85a93dee30..204fd857c0 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -5234,7 +5234,7 @@ (define-public libxcvt
(define-public xorg-server
(package
(name "xorg-server")
- (version "21.1.1")
+ (version "21.1.2")
(source
(origin
(method url-fetch)
@@ -5243,7 +5243,7 @@ (define-public xorg-server
"/xserver/xorg-server-" version ".tar.xz"))
(sha256
(base32
- "0md7dqsc5qb30gym06c4zc2cjsdc5ps8nywk1bkcpix05kppybkq"))
+ "1c4dgvpv3kib8rhw37b00vc056nlb1z66c2lwzs4prz8kxmg82y2"))
(patches
(list
;; See:
base-commit: b329c2139b9f0818f27107bec5226cb98cfe1446
--
2.34.0
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [bug#52562] [PATCH] gnu: xorg-server: Update to 21.1.2.
2021-12-16 23:29 [bug#52562] [PATCH] gnu: xorg-server: Update to 21.1.2 Kaelyn Takata via Guix-patches via
@ 2021-12-18 15:23 ` Kaelyn via Guix-patches via
2021-12-18 20:40 ` Leo Famulari
1 sibling, 0 replies; 12+ messages in thread
From: Kaelyn via Guix-patches via @ 2021-12-18 15:23 UTC (permalink / raw)
To: 52562@debbugs.gnu.org
Hi,
I would like to propose this update for the 1.4.0 branch as well, as xorg-server 21.1.2 fixes four recently reported security vulnerabilities that can lead to priviledge escalation: https://lists.x.org/archives/xorg/2021-December/060842.html
Cheers,
Kaelyn
^ permalink raw reply [flat|nested] 12+ messages in thread
* [bug#52562] [PATCH] gnu: xorg-server: Update to 21.1.2.
2021-12-16 23:29 [bug#52562] [PATCH] gnu: xorg-server: Update to 21.1.2 Kaelyn Takata via Guix-patches via
2021-12-18 15:23 ` Kaelyn via Guix-patches via
@ 2021-12-18 20:40 ` Leo Famulari
2021-12-19 1:49 ` Kaelyn via Guix-patches via
1 sibling, 1 reply; 12+ messages in thread
From: Leo Famulari @ 2021-12-18 20:40 UTC (permalink / raw)
To: 52562; +Cc: kaelyn.alexi
On Thu, Dec 16, 2021 at 11:29:50PM +0000, Kaelyn Takata via Guix-patches via wrote:
> * gnu/packages/xorg.scm (xorg-server): Update to 21.1.2.
Thanks! I am reviewing this patch now. It's not quite as simple as it
seems because we must take care to avoid changing xorg-server-for-tests,
or almost every package will have to be rebuilt.
See section 8 here for more information about how many package rebuilds are okay
for the master branch:
https://guix.gnu.org/manual/en/html_node/Submitting-Patches.html#Submitting-Patches
^ permalink raw reply [flat|nested] 12+ messages in thread
* [bug#52562] [PATCH] gnu: xorg-server: Update to 21.1.2.
2021-12-18 20:40 ` Leo Famulari
@ 2021-12-19 1:49 ` Kaelyn via Guix-patches via
2021-12-19 4:56 ` Leo Famulari
0 siblings, 1 reply; 12+ messages in thread
From: Kaelyn via Guix-patches via @ 2021-12-19 1:49 UTC (permalink / raw)
To: Leo Famulari; +Cc: 52562
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Saturday, December 18th, 2021 at 12:40 PM, Leo Famulari <leo@famulari.name> wrote:
> On Thu, Dec 16, 2021 at 11:29:50PM +0000, Kaelyn Takata via Guix-patches via wrote:
>
> > - gnu/packages/xorg.scm (xorg-server): Update to 21.1.2.
>
> Thanks! I am reviewing this patch now. It's not quite as simple as it
>
> seems because we must take care to avoid changing xorg-server-for-tests,
>
> or almost every package will have to be rebuilt.
>
> See section 8 here for more information about how many package rebuilds are okay
>
> for the master branch:
>
> https://guix.gnu.org/manual/en/html_node/Submitting-Patches.html#Submitting-Patches
No worries, and take your time! I just wanted to ping the patch so that the security fixes could land before the 1.4 release. :)
When I first sent it, on my machine "guix refresh --list-dependent xorg-serv" said it was 80-something packages that would be rebuilt (just checked again after typing that, and it says 82 packages would be built to ensure 137 dependet packages are rebuilt).
Thanks,
Kaelyn
^ permalink raw reply [flat|nested] 12+ messages in thread
* [bug#52562] [PATCH] gnu: xorg-server: Update to 21.1.2.
2021-12-19 1:49 ` Kaelyn via Guix-patches via
@ 2021-12-19 4:56 ` Leo Famulari
2021-12-19 20:30 ` Leo Famulari
0 siblings, 1 reply; 12+ messages in thread
From: Leo Famulari @ 2021-12-19 4:56 UTC (permalink / raw)
To: Kaelyn; +Cc: 52562
On Sun, Dec 19, 2021 at 01:49:08AM +0000, Kaelyn wrote:
> No worries, and take your time! I just wanted to ping the patch so that the security fixes could land before the 1.4 release. :)
Sure, I intend to land the patch in the next day or so.
> When I first sent it, on my machine "guix refresh --list-dependent xorg-serv" said it was 80-something packages that would be rebuilt (just checked again after typing that, and it says 82 packages would be built to ensure 137 dependet packages are rebuilt).
Right, that's correct. But there is a also a package
'xorg-server-for-tests', which is used basically for package test
suites. The idea is that it's never used "for real" and so security
issues matter less. And we update that package less often.
You can check on that package like this:
Scheme syntax for working with "hidden" packages
----- ▼
$ guix refresh -l --expression='(@@ (gnu packages xorg) xorg-server-for-tests)'
Building the following 1419 packages would ensure 3063 dependent packages are rebuilt:
[...]
------
^ permalink raw reply [flat|nested] 12+ messages in thread
* [bug#52562] [PATCH] gnu: xorg-server: Update to 21.1.2.
2021-12-19 4:56 ` Leo Famulari
@ 2021-12-19 20:30 ` Leo Famulari
2021-12-21 17:36 ` Leo Famulari
0 siblings, 1 reply; 12+ messages in thread
From: Leo Famulari @ 2021-12-19 20:30 UTC (permalink / raw)
To: Kaelyn; +Cc: 52562
[-- Attachment #1.1: Type: text/plain, Size: 526 bytes --]
On Sat, Dec 18, 2021 at 11:56:53PM -0500, Leo Famulari wrote:
> Sure, I intend to land the patch in the next day or so.
Alright, with the attached patch, X works in my tests, and
xorg-server-for-tests is unchanged.
It would be great to get some more testing from other X users.
I tested with QEMU, using our VM image template:
`guix environment guix -- ./pre-inst-env guix system vm-image --image-size=20G -t qcow2 gnu/system/examples/vm-image.tmpl`
I can't test on bare metal due to <https://issues.guix.gnu.org/52051>.
[-- Attachment #1.2: 0001-gnu-xorg-server-Update-to-21.1.2.patch --]
[-- Type: text/plain, Size: 2431 bytes --]
From 2b597e7887be70a0faaa04b9dabd69030dca6614 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Sat, 18 Dec 2021 15:30:41 -0500
Subject: [PATCH] gnu: xorg-server: Update to 21.1.2.
* gnu/packages/xorg.scm (xorg-server): Update to 21.1.2.
(xorg-server-for-tests): Use version 21.1.1.
---
gnu/packages/xorg.scm | 30 ++++++++++++++++++++++++++----
1 file changed, 26 insertions(+), 4 deletions(-)
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 9a854bcbf8..b09d95f770 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -5235,16 +5235,15 @@ (define-public libxcvt
(define-public xorg-server
(package
(name "xorg-server")
- (version "21.1.1")
+ (version "21.1.2")
(source
(origin
(method url-fetch)
-
(uri (string-append "https://xorg.freedesktop.org/archive/individual"
"/xserver/xorg-server-" version ".tar.xz"))
(sha256
(base32
- "0md7dqsc5qb30gym06c4zc2cjsdc5ps8nywk1bkcpix05kppybkq"))
+ "1c4dgvpv3kib8rhw37b00vc056nlb1z66c2lwzs4prz8kxmg82y2"))
(patches
(list
;; See:
@@ -5361,7 +5360,30 @@ (define-public xorg-server
(define-public xorg-server-for-tests
(hidden-package
(package
- (inherit xorg-server))))
+ (inherit xorg-server)
+ (version "21.1.1")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://xorg.freedesktop.org/archive/individual"
+ "/xserver/xorg-server-" version ".tar.xz"))
+ (sha256
+ (base32
+ "0md7dqsc5qb30gym06c4zc2cjsdc5ps8nywk1bkcpix05kppybkq"))
+ (patches
+ (list
+ ;; See:
+ ;; https://lists.fedoraproject.org/archives/list/devel@lists.
+ ;; fedoraproject.org/message/JU655YB7AM4OOEQ4MOMCRHJTYJ76VFOK/
+ (origin
+ (method url-fetch)
+ (uri (string-append
+ "http://pkgs.fedoraproject.org/cgit/rpms/xorg-x11-server.git"
+ "/plain/06_use-intel-only-on-pre-gen4.diff"))
+ (sha256
+ (base32
+ "0mm70y058r8s9y9jiv7q2myv0ycnaw3iqzm7d274410s0ik38w7q"))
+ (file-name "xorg-server-use-intel-only-on-pre-gen4.diff")))))))))
(define-public eglexternalplatform
(package
--
2.34.0
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [bug#52562] [PATCH] gnu: xorg-server: Update to 21.1.2.
2021-12-19 20:30 ` Leo Famulari
@ 2021-12-21 17:36 ` Leo Famulari
2021-12-21 17:47 ` Leo Famulari
` (2 more replies)
0 siblings, 3 replies; 12+ messages in thread
From: Leo Famulari @ 2021-12-21 17:36 UTC (permalink / raw)
To: Kaelyn; +Cc: 52562
[-- Attachment #1: Type: text/plain, Size: 435 bytes --]
On Sun, Dec 19, 2021 at 03:30:59PM -0500, Leo Famulari wrote:
> It would be great to get some more testing from other X users.
In case anybody is wondering about the security issues, the commit
message has been amended like this in my tree:
------
gnu: xorg-server: Update to 21.1.2 [fixes CVE-2021-{4008,4009,4010,4011}].
* gnu/packages/xorg.scm (xorg-server): Update to 21.1.2.
(xorg-server-for-tests): Use version 21.1.1.
------
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* [bug#52562] [PATCH] gnu: xorg-server: Update to 21.1.2.
2021-12-21 17:36 ` Leo Famulari
@ 2021-12-21 17:47 ` Leo Famulari
2021-12-21 19:09 ` Leo Famulari
2021-12-22 13:56 ` Josselin Poiret via Guix-patches via
2021-12-22 23:38 ` bug#52562: " Leo Famulari
2 siblings, 1 reply; 12+ messages in thread
From: Leo Famulari @ 2021-12-21 17:47 UTC (permalink / raw)
To: Kaelyn; +Cc: 52562
[-- Attachment #1: Type: text/plain, Size: 507 bytes --]
On Tue, Dec 21, 2021 at 12:36:39PM -0500, Leo Famulari wrote:
> On Sun, Dec 19, 2021 at 03:30:59PM -0500, Leo Famulari wrote:
> > It would be great to get some more testing from other X users.
>
> In case anybody is wondering about the security issues, the commit
> message has been amended like this in my tree:
And, we may have a solution for the login timeout that has been
preventing testing for many of us. A patch for #52051 has been proposed:
https://issues.guix.gnu.org/issue/52051#29
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* [bug#52562] [PATCH] gnu: xorg-server: Update to 21.1.2.
2021-12-21 17:47 ` Leo Famulari
@ 2021-12-21 19:09 ` Leo Famulari
0 siblings, 0 replies; 12+ messages in thread
From: Leo Famulari @ 2021-12-21 19:09 UTC (permalink / raw)
To: Kaelyn; +Cc: 52562
[-- Attachment #1: Type: text/plain, Size: 683 bytes --]
On Tue, Dec 21, 2021 at 12:47:38PM -0500, Leo Famulari wrote:
> On Tue, Dec 21, 2021 at 12:36:39PM -0500, Leo Famulari wrote:
> > On Sun, Dec 19, 2021 at 03:30:59PM -0500, Leo Famulari wrote:
> > > It would be great to get some more testing from other X users.
> >
> > In case anybody is wondering about the security issues, the commit
> > message has been amended like this in my tree:
>
> And, we may have a solution for the login timeout that has been
> preventing testing for many of us. A patch for #52051 has been proposed:
>
> https://issues.guix.gnu.org/issue/52051#29
Alright, with the fix for #52051, I successfully used xorg-server 21.1.2
on my laptop.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* [bug#52562] [PATCH] gnu: xorg-server: Update to 21.1.2.
2021-12-21 17:36 ` Leo Famulari
2021-12-21 17:47 ` Leo Famulari
@ 2021-12-22 13:56 ` Josselin Poiret via Guix-patches via
2021-12-22 17:19 ` Leo Famulari
2021-12-22 23:38 ` bug#52562: " Leo Famulari
2 siblings, 1 reply; 12+ messages in thread
From: Josselin Poiret via Guix-patches via @ 2021-12-22 13:56 UTC (permalink / raw)
To: Leo Famulari, Kaelyn; +Cc: 52562
Hello,
Leo Famulari <leo@famulari.name> writes:
> In case anybody is wondering about the security issues, the commit
> message has been amended like this in my tree:
>
> ------
> gnu: xorg-server: Update to 21.1.2 [fixes CVE-2021-{4008,4009,4010,4011}].
>
> * gnu/packages/xorg.scm (xorg-server): Update to 21.1.2.
> (xorg-server-for-tests): Use version 21.1.1.
> ------
Just pitching in to say that those CVE numbers should be fully typed
instead of using shell expansion-style, so that one can run `git log
--grep=CVE-2021-4008`. Note that these can be in the commit message
body.
--
Josselin Poiret
^ permalink raw reply [flat|nested] 12+ messages in thread
* bug#52562: [PATCH] gnu: xorg-server: Update to 21.1.2.
2021-12-21 17:36 ` Leo Famulari
2021-12-21 17:47 ` Leo Famulari
2021-12-22 13:56 ` Josselin Poiret via Guix-patches via
@ 2021-12-22 23:38 ` Leo Famulari
2 siblings, 0 replies; 12+ messages in thread
From: Leo Famulari @ 2021-12-22 23:38 UTC (permalink / raw)
To: Kaelyn; +Cc: Kaelyn Takata via Guix-patches via, 52562-done
[-- Attachment #1: Type: text/plain, Size: 327 bytes --]
On Tue, Dec 21, 2021 at 12:36:39PM -0500, Leo Famulari wrote:
> ------
> gnu: xorg-server: Update to 21.1.2 [fixes CVE-2021-{4008,4009,4010,4011}].
>
> * gnu/packages/xorg.scm (xorg-server): Update to 21.1.2.
> (xorg-server-for-tests): Use version 21.1.1.
> ------
Pushed as 0751451ae3a77977916b67577837349219d482ec
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2021-12-22 23:40 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-12-16 23:29 [bug#52562] [PATCH] gnu: xorg-server: Update to 21.1.2 Kaelyn Takata via Guix-patches via
2021-12-18 15:23 ` Kaelyn via Guix-patches via
2021-12-18 20:40 ` Leo Famulari
2021-12-19 1:49 ` Kaelyn via Guix-patches via
2021-12-19 4:56 ` Leo Famulari
2021-12-19 20:30 ` Leo Famulari
2021-12-21 17:36 ` Leo Famulari
2021-12-21 17:47 ` Leo Famulari
2021-12-21 19:09 ` Leo Famulari
2021-12-22 13:56 ` Josselin Poiret via Guix-patches via
2021-12-22 17:19 ` Leo Famulari
2021-12-22 23:38 ` bug#52562: " Leo Famulari
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).