From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id YFGjMmIASGdUWwAAqHPOHw:P1 (envelope-from ) for ; Thu, 28 Nov 2024 05:32:19 +0000 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id YFGjMmIASGdUWwAAqHPOHw (envelope-from ) for ; Thu, 28 Nov 2024 06:32:18 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=gXEcnxIq; dkim=fail ("headers rsa verify failed") header.d=protonmail.com header.s=protonmail3 header.b=AJ7eRNB+; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1732771938; a=rsa-sha256; cv=none; b=bZTMcziuW2MuVVmSai292EtUtBluleromn1ZbwAjkX0EWqZt0oQeD+osVkvCn5YSvvgomQ L+A4AX8BSHK2hlF07T7RMJwxFJS6mmwSxU021T/g0yT8jN5/9PWY1nXfqmfBY3C7FsOsE6 oCeyXdAYFp2S5dg8oKe+0e/a5mH9zdWCm2VEHsHYfEsHGsDHE4FkEX7yBoOP7QW+td/0Pu 2aL/RnXRPztn/vDkobnUTvrSsAYuwf2PHpLqo3aTfhPEsuizB/svM8mADz7lpcKtMu/dt4 KSx8v+NaIckmK1EShPyspVxEAFyvPBNn9ylY8n3VUhHfVWQh9nCnfr0PKFR53A== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=gXEcnxIq; dkim=fail ("headers rsa verify failed") header.d=protonmail.com header.s=protonmail3 header.b=AJ7eRNB+; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1732771938; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-to: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=hwHy5lMdp5tUTJ8pAt18IywthPnDS2atotd36TcHOD0=; b=a8fV05ZEfuvwQXoMWBVjhqHYhJYvfFleocwcvcZCSlIctBBE3MUG+RbCgn2dkWmeWpQO/U rcs/+T/7F6OlasEDjkHZnC7qLfApVeP5Gf+sPJlKpJoo3GU0xP387IAZQ+gWHluOdCbNXi +MSSIRxYLyXK5UVUPs8UE26R0ZV6Ddi6Pro0myB/knUIOKBPTJnUGa9i28zw3MlIkl3OEq gahpvimxkVo6KIBPbdcht2z/ShZdIgiFIJWgJvuPfmtTPvo+6kxBzYteAb+ocq3oxqifC/ WMOhT1H5C80APScAWtlwxoN6AJMfJoAjBMfnWZEOL5xafSPLDZfeVX1npMRLVw== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 792958DB9B for ; Thu, 28 Nov 2024 06:32:18 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tGX8J-0002ob-7i; Thu, 28 Nov 2024 00:32:07 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tGX8G-0002nm-IX for guix-patches@gnu.org; Thu, 28 Nov 2024 00:32:04 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tGX8F-0002Ur-8V for guix-patches@gnu.org; Thu, 28 Nov 2024 00:32:04 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:From:Date:To:In-Reply-To:References:Subject; bh=hwHy5lMdp5tUTJ8pAt18IywthPnDS2atotd36TcHOD0=; b=gXEcnxIqdazIU8SnIiqElG5Z5wanW2opPrcPpfsOYyhA1XIzMcm4JAaut9KtCIiEheBcm1iHX0zosP8Vx4v+AmgFD9tEW1+rfAGVplDgw/ZbZ0meHtgM3jFbmSISVFmHn2o8fBaOrsv94vdTqU4Zhvy+p+U9bCB+IlJqPCL+kpnxGnr+TG9f4s1/0iuhNRiMnLKY4NGHF98O0GkYf12USVbRsEZyAR/NE0u4Cso5cKU5/IPaiOp+PMjmjbHeU/SSdq1x1COIYlZAMqENrEZKD8IeAWhK6Me4859VRmWRv12K5FZCFJ73k4vSza92xAyzbltX7m7kfxISKr4e7ajgag==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tGX8E-0002nw-Oh for guix-patches@gnu.org; Thu, 28 Nov 2024 00:32:02 -0500 Subject: bug#74248: [PATCH 0/3] Update xorg-server and xwayland for CVE-2024-9632. References: In-Reply-To: Resent-From: John Kehayias Original-Sender: "Debbugs-submit" Resent-To: guix-patches@gnu.org Resent-Date: Thu, 28 Nov 2024 05:32:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: cc-closed 74248 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Kaelyn Takata Cc: 74248-done@debbugs.gnu.org, Andreas Enge , Steve George Mail-Followup-To: 74248@debbugs.gnu.org, john.kehayias@protonmail.com, kaelyn.alexi@protonmail.com Received: via spool by 74248-done@debbugs.gnu.org id=D74248.173277187910711 (code D ref 74248); Thu, 28 Nov 2024 05:32:02 +0000 Received: (at 74248-done) by debbugs.gnu.org; 28 Nov 2024 05:31:19 +0000 Received: from localhost ([127.0.0.1]:35989 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tGX7W-0002mg-GX for submit@debbugs.gnu.org; Thu, 28 Nov 2024 00:31:18 -0500 Received: from mail-40131.protonmail.ch ([185.70.40.131]:10357) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tGX7U-0002mM-A5 for 74248-done@debbugs.gnu.org; Thu, 28 Nov 2024 00:31:17 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1732771869; x=1733031069; bh=hwHy5lMdp5tUTJ8pAt18IywthPnDS2atotd36TcHOD0=; h=Date:To:From:Cc:Subject:Message-ID:Feedback-ID:From:To:Cc:Date: Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector: List-Unsubscribe:List-Unsubscribe-Post; b=AJ7eRNB+Yli7U7EpMw+6Gh1AmeC79S6xWb+WsvaZ1IqTf1kSEEacCiWr6e2VL92Jd wRmFaqYLTXoMLP8R2Q4xR13EEI0+Xuz3PABW640hDkhqKZ/Ab6foXXwA47rVJXxwg6 avfD4a0rVA6/7Hvzy/iN6tXdUJyymdfwoC10OwUfpIpVERSm7AjKeb0ow2o34OJnCP saxy5C66dg/9zAM9CKFLHC6RIfXNsksFJHW3YN/GoKunYJ9ExtnLNV8ZZ0fdFsFET5 Ecf75BxOqzPmX4kHgtqG/831hGiUoyFYnEOGzvFBbwIDP9poWMR2L64ngS/JRbQCVS kr73THw2p+W3A== Date: Thu, 28 Nov 2024 05:31:03 +0000 Message-ID: <87o71zsz59.fsf@protonmail.com> Feedback-ID: 7805494:user:proton X-Pm-Message-ID: 2966225e97c529fdfb60bd971a3a19f46e56d720 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: John Kehayias X-ACL-Warn: , John Kehayias via Guix-patches From: John Kehayias via Guix-patches via Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -1.64 X-Spam-Score: -1.64 X-Migadu-Queue-Id: 792958DB9B X-Migadu-Scanner: mx12.migadu.com X-TUID: 6X33C0jC5lY5 Hi Kaelyn, (Andreas: your message did not go to the original author; CC'ing you and Steve who you CC'ed in your message. If using debbugs through Emacs, for instance, make sure you do a "wide-reply" or else the author isn't included. I really wish a bug number email was an alias for a list.) On Thu, Nov 07, 2024 at 09:33 PM, Kaelyn Takata wrote: > This patch series updates xorg-server and xorg-server-xwayland to their l= atest > versions to fix CVE-2024-9632, which Red Hat has rated "7.8 High" accordi= ng to > https://nvd.nist.gov/vuln/detail/CVE-2024-9632. > > The updated Xwayland depends on a newer version of presentproto than is > available in the current xorgproto package, so I added xorgproto-next to > satisfy Xwayland's dependency while avoiding triggering 10761 additional > package rebuilds. > Thanks for the patches, sorry I missed this earlier. > Kaelyn Takata (3): > gnu: xorg-server: Update to 21.1.14. [security fixes] I've applied this now as dd4b96e72c8fda4b025a75b47212e06e381e9ea1 (with a minor change to move a period.) > gnu: Add xorgproto-next. > gnu: xorg-server-xwayland: Update to 24.1.4 [security fixes]. > These two look like they were done similarly by Danny in e6d1f571957e5668b844939070174aedf0bec673. CC'ing just to close the loop here. > gnu/packages/xorg.scm | 35 ++++++++++++++++++++++++++++------- > 1 file changed, 28 insertions(+), 7 deletions(-) > > > base-commit: 2a6d96425eea57dc6dd48a2bec16743046e32e06 > -- > 2.46.0 Thanks! John