| Message ID | 20231223195510.18755-1-thomas.petazzoni@bootlin.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | package/x11r7/xwayland: security bump to 23.2.3 | expand |
>>>>> "Thomas" == Thomas Petazzoni via buildroot <buildroot@buildroot.org> writes: > According to > https://lists.x.org/archives/xorg-announce/2023-December/003437.html: > This release contains the fixes for CVE-2023-6377 and CVE-2023-6478 > in today's security advisory: > https://lists.x.org/archives/xorg-announce/2023-December/003435.html > The release has only 10 commits compared to 23.2.2, all of which being > fixes, two of them being the security fixes. So it seems like bumping > the version is a reasonable trade-off vs. backporting the security > fixes. > Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Committed, thanks. Xserver 21.1.10 has been released with the same fixes, so I have sent a patch for that.
On 23/12/2023 20.55, Thomas Petazzoni via buildroot wrote: > According to > https://lists.x.org/archives/xorg-announce/2023-December/003437.html: > > This release contains the fixes for CVE-2023-6377 and CVE-2023-6478 > in today's security advisory: > https://lists.x.org/archives/xorg-announce/2023-December/003435.html > > The release has only 10 commits compared to 23.2.2, all of which being > fixes, two of them being the security fixes. So it seems like bumping > the version is a reasonable trade-off vs. backporting the security > fixes. > > Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Committed to 2023.02.x and 2023.11.x, thanks.
diff --git a/package/x11r7/xwayland/xwayland.hash b/package/x11r7/xwayland/xwayland.hash index 12363a66bf..533ef9de86 100644 --- a/package/x11r7/xwayland/xwayland.hash +++ b/package/x11r7/xwayland/xwayland.hash @@ -1,6 +1,6 @@ -# From https://lists.x.org/archives/xorg-announce/2023-October/003432.html -sha256 9f7c0938d2a41e941ffa04f99c35e5db2bcd3eec034afe8d35d5c810a22eb0a8 xwayland-23.2.2.tar.xz -sha512 f5b319fdace7d7c078544730ecd26afeb63b1a0c779fb097455147945df85af32d9e91501ebdb70209d48e8a3ead3b23be31e9d5118358ac17e699abb4b6ac07 xwayland-23.2.2.tar.xz +# From https://lists.x.org/archives/xorg-announce/2023-December/003437.html +sha256 eb9d9aa7232c47412c8835ec15a97c575f03563726c787754ff0c019bd07e302 xwayland-23.2.3.tar.xz +sha512 37198aa2f06313a0cb2add51cc78f81b26a42f2c9d55a0d3eecf958777107ea5560961c128f2d0af055f7460ba10fadb1b9050251c2c50f2251b40ab517e79cd xwayland-23.2.3.tar.xz # Locally calculated sha256 4cc0447a22635c7b2f1a93fec4aa94f1970fadeb72a063de006b51cf4963a06f COPYING diff --git a/package/x11r7/xwayland/xwayland.mk b/package/x11r7/xwayland/xwayland.mk index b0bff19be5..8f4bcd8117 100644 --- a/package/x11r7/xwayland/xwayland.mk +++ b/package/x11r7/xwayland/xwayland.mk @@ -4,7 +4,7 @@ # ################################################################################ -XWAYLAND_VERSION = 23.2.2 +XWAYLAND_VERSION = 23.2.3 XWAYLAND_SOURCE = xwayland-$(XWAYLAND_VERSION).tar.xz XWAYLAND_SITE = https://xorg.freedesktop.org/archive/individual/xserver XWAYLAND_LICENSE = MIT
According to https://lists.x.org/archives/xorg-announce/2023-December/003437.html: This release contains the fixes for CVE-2023-6377 and CVE-2023-6478 in today's security advisory: https://lists.x.org/archives/xorg-announce/2023-December/003435.html The release has only 10 commits compared to 23.2.2, all of which being fixes, two of them being the security fixes. So it seems like bumping the version is a reasonable trade-off vs. backporting the security fixes. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> --- package/x11r7/xwayland/xwayland.hash | 6 +++--- package/x11r7/xwayland/xwayland.mk | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-)