bug#67047: closed ([PATCH] gnu: xorg-server: Update to 21.1.9.)

[GNU bug Tracking System]

Your message dated Tue, 28 Nov 2023 05:21:10 +0000
with message-id <8734wqa1xb.fsf@protonmail.com>
and subject line Re: [PATCH] gnu: xorg-server: Update to 21.1.9.
has caused the debbugs.gnu.org bug report #67047,
regarding [PATCH] gnu: xorg-server: Update to 21.1.9.
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs@gnu.org.)


-- 
67047: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=67047
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems
> --- Begin Message ---
>
>
>
> Subject: 
>
> [PATCH] gnu: xorg-server: Update to 21.1.9.
>
>
>
>
> Date: 
>
> Fri, 10 Nov 2023 16:46:03 +0000
>
>
>
>
> Fixes CVE-2023-5367 and CVE-2023-5380.  See the X.Org security advisory
> <https://lists.x.org/archives/xorg/2023-October/003430.html> for more
> information.
>
> * gnu/packages/xorg.scm (xorg-server): Update to 21.1.9.
>
> Change-Id: I5786210cf1e5de4d603155fbbd076763e7ae3447
> ---
>  gnu/packages/xorg.scm | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
> index f65ffa7476..b30e5c1f07 100644
> --- a/gnu/packages/xorg.scm
> +++ b/gnu/packages/xorg.scm
> @@ -5029,7 +5029,7 @@ (define-public libxcvt
>  (define-public xorg-server
>    (package
>      (name "xorg-server")
> -    (version "21.1.4")
> +    (version "21.1.9")
>      (source
>       (origin
>         (method url-fetch)
> @@ -5037,7 +5037,7 @@ (define-public xorg-server
>                             "/xserver/xorg-server-" version ".tar.xz"))
>         (sha256
>          (base32
> -         "11y5w6z3rz3i4jyv0wc3scd2jh3bsmcklq0fm7a5invywj7bxi2w"))
> +         "0fjk9ggcrn96blq0bm80739yj23s3gjjjsc0nxk4jk0v07i7nsgz"))
>         (patches
>          (list
>           ;; See:
>
> base-commit: bb3ab24a296ffa5273b2e82a02ed057e90c095f3
> -- 
> 2.41.0
>
>
>
>
>
> --- End Message ---
> --- Begin Message ---
>
>
>
> Subject: 
>
> Re: [PATCH] gnu: xorg-server: Update to 21.1.9.
>
>
>
>
> Date: 
>
> Tue, 28 Nov 2023 05:21:10 +0000
>
>
>
>
> Dear Kaelyn,
>
> On Mon, Nov 27, 2023 at 08:46 PM, Kaelyn wrote:
>
> > Hi,
> >
> > I wanted to bring folks' attention to
> > <https://issues.guix.gnu.org/67047> which updates xorg-server, including
> > a number of security fixes. The patch has been pending for about 17
> > days now, and while the QA badge reports "failed" I just spot-checked
> > some of the failures and they seem to be unrelated (e.g. a lot of
> > builds going from unknown to blocked or vice versa, the one new
> > failure for aarch64 being a large download test in the onionshare
> > package, etc).
> >
>
> Thanks for the update. Yes, QA looked good to me too, all things
> considered.
>
> > Is there anything I can do to help the process along? It may also be
> > worth noting that "guix refresh -l xorg-server" reports 125 rebuilds.
> > I also checked and the update to xorg-server does not appear to alter
> > the derivation for the xorg-server-for-tests (which is still at
> > version 21.1.1).
> >
> > Cheers,
> > Kaelyn
>
> No, you did exactly what you needed to. I did see this patch when it
> came in and was just giving a bit for QA to do the builds. That took
> longer, I got distracted hoping I could merge mesa-updates first, then
> hit CI delays...all that is to say I should have communicated I had
> this on my radar.
>
> Sorry about that! I appreciate the patch and the nudge.
>
> Pushed as 06e0f638abd36f816a221af4542ca4a850d7af2d with a minor tweak
> to the commit message to note [security fixes] at the top. I built it
> locally for x86_64 with mesa-updates merged.
>
> Which reminds me to make sure we have a way to flagging security
> updates just like other teams/tags and get them priority. Now on the
> security team, it is a first priority.
>
> Thanks again!
> John
>
>
>
> --- End Message ---