Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xorg.libX11: 1.6.8 -> 1.6.12 (CVE-2020-14363, CVE-2020-14344) #99158

Merged
merged 1 commit into from Oct 15, 2020
Merged

xorg.libX11: 1.6.8 -> 1.6.12 (CVE-2020-14363, CVE-2020-14344) #99158

merged 1 commit into from Oct 15, 2020

Conversation

TredwellGit
Copy link
Member

Motivation for this change

https://lists.x.org/archives/xorg-announce/2020-August/003056.html
https://lists.x.org/archives/xorg-announce/2020-July/003050.html

Fixes CVE-2020-14363 and CVE-2020-14344.

Things done

@vcunat vcunat added 1.severity: security 9.needs: port to stable A PR needs a backport to the stable release. labels Sep 30, 2020
@ajs124 ajs124 mentioned this pull request Oct 6, 2020
Closed
2 tasks
@TredwellGit TredwellGit mentioned this pull request Oct 13, 2020
Merged
3 tasks
@ajs124
Copy link
Member

ajs124 commented Oct 13, 2020

Considering this is 10.rebuild-linux: 5001+ according to ofborg, it should probably also go through staging. Thanks for bumping all of this xorg stuff!

@TredwellGit TredwellGit changed the base branch from master to staging October 14, 2020 02:55
@TredwellGit
Copy link
Member Author

Ugh! Is there a way to rebase without having GitHub erroneously request review?

@jonringer
Copy link
Contributor

You have to time it just right, I did it once. But never since.

I usually close and open up another PR.

However, most codeowners are used to it now

vcunat
vcunat approved these changes Oct 15, 2020
View reviewed changes
Copy link
Member

@vcunat vcunat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds unlikely to break anything. I glanced at the announcements and built many packages depending on it. There are no API/ABI changes.

I'm not sure what we should do about stable releases, though (the same or just patch CVEs or ...).

@OmnipotentEntity
Copy link
Contributor

OmnipotentEntity commented Oct 15, 2020
edited

My review was requested, but I'm not sure exactly why. (I figured out why) Diff looks good to me, I'm running a nixpkgs-review on this overnight (platform NixOS). I assume removing the patch is because the issue has been fixed.

@vcunat vcunat merged commit b623690 into NixOS:staging Oct 15, 2020
@vcunat
Copy link
Member

vcunat commented Oct 15, 2020
edited

Trying more NixOS rebuilds seems unlikely to help. Perhaps darwin but that's harder to get.

@TredwellGit TredwellGit deleted the xorg.libX11 branch October 15, 2020 14:04
vcunat added a commit that referenced this pull request Oct 20, 2020
@vcunat
Merge #99158: xorg.libX11: 1.6.8 -> 1.6.12 (security)
550971e 
(cherry picked from commit b623690)
I trust this is regression-free with sufficient probability.
https://lists.x.org/archives/xorg-announce/2020-August/003056.html
https://lists.x.org/archives/xorg-announce/2020-July/003050.html
@TredwellGit TredwellGit added 8.has: port to stable A PR already has a backport to the stable release. and removed 9.needs: port to stable A PR needs a backport to the stable release. labels Jan 13, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vcunat vcunat vcunat approved these changes

@OmnipotentEntity OmnipotentEntity Awaiting requested review from OmnipotentEntity

@Ericson2314 Ericson2314 Awaiting requested review from Ericson2314

@FRidh FRidh Awaiting requested review from FRidh

@jonringer jonringer Awaiting requested review from jonringer

@LnL7 LnL7 Awaiting requested review from LnL7

@matthewbauer matthewbauer Awaiting requested review from matthewbauer

@Mic92 Mic92 Awaiting requested review from Mic92

@nbp nbp Awaiting requested review from nbp

@stigtsp stigtsp Awaiting requested review from stigtsp

@ttuegel ttuegel Awaiting requested review from ttuegel

Assignees
No one assigned
Labels
1.severity: security 2.status: merge conflict 6.topic: lua 6.topic: nixos 6.topic: python 6.topic: qt/kde 6.topic: rust 6.topic: stdenv Standard environment 8.has: changelog 8.has: documentation 8.has: module (update) 8.has: port to stable A PR already has a backport to the stable release. 10.rebuild-darwin: 501+ 10.rebuild-darwin: 2501-5000 10.rebuild-linux: 501+ 10.rebuild-linux: 5001+
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@TredwellGit @ajs124 @jonringer @OmnipotentEntity @vcunat