{"id":2223187,"url":"http://patchwork.ozlabs.org/api/1.1/patches/2223187/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/patch/20260414163424.2355464-1-bernd@kuhls.net/","project":{"id":27,"url":"http://patchwork.ozlabs.org/api/1.1/projects/27/?format=json","name":"Buildroot development","link_name":"buildroot","list_id":"buildroot.buildroot.org","list_email":"buildroot@buildroot.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260414163424.2355464-1-bernd@kuhls.net>","date":"2026-04-14T16:34:23","name":"[1/2] package/x11r7/xserver_xorg-server: security bump version to 21.1.22","commit_ref":null,"pull_url":null,"state":"accepted","archived":false,"hash":"1283c7a020944f97195ec597ada81a048c752186","submitter":{"id":86624,"url":"http://patchwork.ozlabs.org/api/1.1/people/86624/?format=json","name":"Bernd Kuhls","email":"bernd@kuhls.net"},"delegate":{"id":89618,"url":"http://patchwork.ozlabs.org/api/1.1/users/89618/?format=json","username":"juju","first_name":"Julien","last_name":"Olivain","email":"juju@cotds.org"},"mbox":"http://patchwork.ozlabs.org/project/buildroot/patch/20260414163424.2355464-1-bernd@kuhls.net/mbox/","series":[{"id":499870,"url":"http://patchwork.ozlabs.org/api/1.1/series/499870/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/list/?series=499870","date":"2026-04-14T16:34:23","name":"[1/2] package/x11r7/xserver_xorg-server: security bump version to 21.1.22","version":1,"mbox":"http://patchwork.ozlabs.org/series/499870/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2223187/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2223187/checks/","tags":{},"headers":{"Return-Path":"","X-Original-To":["incoming-buildroot@patchwork.ozlabs.org","buildroot@buildroot.org"],"Delivered-To":["patchwork-incoming-buildroot@legolas.ozlabs.org","buildroot@buildroot.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=YYG28jVn;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)"],"Received":["from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fw8xj1MxMz1yCv\n\tfor ;\n Wed, 15 Apr 2026 02:34:33 +1000 (AEST)","from localhost (localhost [127.0.0.1])\n\tby smtp1.osuosl.org (Postfix) with ESMTP id C0E7E84D5E;\n\tTue, 14 Apr 2026 16:34:30 +0000 (UTC)","from smtp1.osuosl.org ([127.0.0.1])\n by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id SOZcjDst2qwm; Tue, 14 Apr 2026 16:34:30 +0000 (UTC)","from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp1.osuosl.org (Postfix) with ESMTP id DF25B84D60;\n\tTue, 14 Apr 2026 16:34:29 +0000 (UTC)","from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136])\n by lists1.osuosl.org (Postfix) with ESMTP id A7B20375\n for ; Tue, 14 Apr 2026 16:34:28 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n by smtp3.osuosl.org (Postfix) with ESMTP id A4FD36F49F\n for ; Tue, 14 Apr 2026 16:34:28 +0000 (UTC)","from smtp3.osuosl.org ([127.0.0.1])\n by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id Z4ts94eDbzWG for ;\n Tue, 14 Apr 2026 16:34:26 +0000 (UTC)","from dd20012.kasserver.com (dd20012.kasserver.com [85.13.140.57])\n by smtp3.osuosl.org (Postfix) with ESMTPS id 71DBC6F49E\n for ; Tue, 14 Apr 2026 16:34:26 +0000 (UTC)","from fli4l.lan.fli4l (p54a1be9a.dip0.t-ipconnect.de\n [84.161.190.154])\n by dd20012.kasserver.com (Postfix) with ESMTPSA id 75329A4C0C96;\n Tue, 14 Apr 2026 18:34:24 +0200 (CEST)","from bruckner.lan.fli4l ([192.168.1.1]:53522)\n by fli4l.lan.fli4l with esmtp (Exim 4.99.1)\n (envelope-from ) id 1wCgiV-000000008Pi-3Pgy;\n Tue, 14 Apr 2026 16:34:24 +0000"],"X-Virus-Scanned":["amavis at osuosl.org","amavis at osuosl.org"],"X-Comment":"SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver= ","DKIM-Filter":["OpenDKIM Filter v2.11.0 smtp1.osuosl.org DF25B84D60","OpenDKIM Filter v2.11.0 smtp3.osuosl.org 71DBC6F49E"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1776184470;\n\tbh=8cb8o3mHokQ5GtJlF5LCMTm3HtmyLVyJHIsRocBhoOY=;\n\th=From:To:Cc:Date:Subject:List-Id:List-Unsubscribe:List-Archive:\n\t List-Post:List-Help:List-Subscribe:From;\n\tb=YYG28jVnqfmz9rUBB1YhJAoI2L+Y46du7QibgklnASAdywr3rJtPeCF6g26yRzE7J\n\t 4+iZrZr2viAUWvCH0u9UrWSqKxsnWPaXHmySQVZejvO3nygZ18UapDRXrqX9ZuAt4A\n\t WdH7h4Lbm+Or7ZGv6Pem/jM6E9fuduFiyoLq1hfOMmfOmoVVgJA/B/H+h4b0KhyWYG\n\t 6mR/YUfznuuYq6TBPD4WD68Y+C9asFfJKnd4oEw6scnRcvFrXZYmZ/ppSMpcPv8y2f\n\t 5jhuzY851ZIy+HBSq6jKXJ05vxNKMBTMBe5zdz5wyVPclPzcOaXj5rxYpc6sJiS0QB\n\t bbXkrorw6581g==","Received-SPF":"Pass (mailfrom) identity=mailfrom; client-ip=85.13.140.57;\n helo=dd20012.kasserver.com; envelope-from=bernd@kuhls.net;\n receiver=","DMARC-Filter":"OpenDMARC Filter v1.4.2 smtp3.osuosl.org 71DBC6F49E","From":"Bernd Kuhls ","To":"buildroot@buildroot.org","Cc":"Raphael Pavlidis ","Date":"Tue, 14 Apr 2026 18:34:23 +0200","Message-ID":"<20260414163424.2355464-1-bernd@kuhls.net>","X-Mailer":"git-send-email 2.47.3","MIME-Version":"1.0","X-Spamd-Bar":"--","X-Mailman-Original-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=kuhls.net;\n s=kas202511301023; t=1776184464;\n bh=MybPtSKqEzW0t5pbd+E6julazkKFrHHhLhowe7149p8=;\n h=From:To:Cc:Subject:Date:From;\n b=TkE5a2dmKecUzJ1c/I0p9g2Ijr84lm6rynDv6QCu2LtzWxabUoWzIfFXXHpsjFDFD\n cel7oZxM/Zff4n+tyRLtBcXyz5tYTqM7Frdzl1DCtgfEoOwiWB6Y8GvYyEii4Irv94\n MgirhC8EsSYD0nFWqmvZ/REdl1LwTC9FFrA0iPAlum49pK1akBZQgJQ6/6ZwMoHI8x\n yMRgUy1EdILmgaz4F9BoXZxIWCe0d5XJPMDWK6cetNvbPA9mVZIf1L2AA6MXbUhAPa\n dAoUtU9M7+wwkRUxUUKhUwH+hn20g0xlSzPZVv5zqv2xKqpt0wzPM3jKVkFHt6KvfH\n cG6ut2z8vrQJg==","X-Mailman-Original-Authentication-Results":["smtp3.osuosl.org;\n dmarc=pass (p=none dis=none)\n header.from=kuhls.net","smtp3.osuosl.org;\n dkim=pass (2048-bit key) header.d=kuhls.net header.i=@kuhls.net\n header.a=rsa-sha256 header.s=kas202511301023 header.b=TkE5a2dm"],"Subject":"[Buildroot] [PATCH 1/2] package/x11r7/xserver_xorg-server: security\n bump version to 21.1.22","X-BeenThere":"buildroot@buildroot.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"Discussion and development of buildroot ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@buildroot.org","Sender":"\"buildroot\" "},"content":"https://lists.x.org/archives/xorg-announce/2026-April/003678.html\n\nUpdated license hash due to upstream commits:\nhttps://gitlab.freedesktop.org/xorg/xserver/-/commit/3069f64d691db5396706c1ec1182bd8db52ffb22\nhttps://gitlab.freedesktop.org/xorg/xserver/-/commit/dd924b160c9b434ff7687d1e1d2a9058cdefb6b8\n\nFixes the following CVEs:\n\n* CVE-2026-33999: XKB Integer Underflow in XkbSetCompatMap()\n* CVE-2026-34000: XKB Out-of-bounds Read in CheckSetGeom()\n* CVE-2026-34001: XSYNC Use-after-free in miSyncTriggerFence()\n* CVE-2026-34002: XKB Out-of-bounds read in CheckModifierMap()\n* CVE-2026-34003: XKB Buffer overflow in CheckKeyTypes()\n\nSigned-off-by: Bernd Kuhls \n---\n .../x11r7/xserver_xorg-server/xserver_xorg-server.hash | 8 ++++----\n package/x11r7/xserver_xorg-server/xserver_xorg-server.mk | 2 +-\n 2 files changed, 5 insertions(+), 5 deletions(-)","diff":"diff --git a/package/x11r7/xserver_xorg-server/xserver_xorg-server.hash b/package/x11r7/xserver_xorg-server/xserver_xorg-server.hash\nindex ceca9c215b..b7adf1559d 100644\n--- a/package/x11r7/xserver_xorg-server/xserver_xorg-server.hash\n+++ b/package/x11r7/xserver_xorg-server/xserver_xorg-server.hash\n@@ -1,5 +1,5 @@\n-# From https://lists.x.org/archives/xorg-announce/2025-November/003643.html\n-sha256 c0cbe5545b3f645bae6024b830d1d1154a956350683a4e52b2fff5b0fa1ab519 xorg-server-21.1.21.tar.xz\n-sha512 bb2eb4e6756eb9e38b61bd47c017da44bcf5f45f2b7a906b4bb3a56b3d791cec64abb9bf37b224efe1e4fab9cc296f3672c9b2f8e00e1cdfc54337bef63cd16c xorg-server-21.1.21.tar.xz\n+# From https://lists.x.org/archives/xorg-announce/2026-April/003678.html\n+sha256 1a242c8917c49ba29ccc1f6021613d8a2b9805dd0d271a66ae9d09f4b0bb06b3 xorg-server-21.1.22.tar.xz\n+sha512 6cb37ff971e10eb4a7dfcb3e8071afd769c7632d50e4ad8bc948b810dc4847e152b8a05ec135f55e0695b35908abd07e7728ef85dd3135456fd532e919f440f4 xorg-server-21.1.22.tar.xz\n # Locally calculated\n-sha256 abbb7969df55e399e91104ded4d0a20a1b67de7c01138e63d61b7ed4f81fec0d COPYING\n+sha256 c9f90a6669109aad6c9a7c3b46cc2c574221a73b792afa419336816b49da5c11 COPYING\ndiff --git a/package/x11r7/xserver_xorg-server/xserver_xorg-server.mk b/package/x11r7/xserver_xorg-server/xserver_xorg-server.mk\nindex 0dc3a4a5c6..d1e7267c27 100644\n--- a/package/x11r7/xserver_xorg-server/xserver_xorg-server.mk\n+++ b/package/x11r7/xserver_xorg-server/xserver_xorg-server.mk\n@@ -4,7 +4,7 @@\n #\n ################################################################################\n \n-XSERVER_XORG_SERVER_VERSION = 21.1.21\n+XSERVER_XORG_SERVER_VERSION = 21.1.22\n XSERVER_XORG_SERVER_SOURCE = xorg-server-$(XSERVER_XORG_SERVER_VERSION).tar.xz\n XSERVER_XORG_SERVER_SITE = https://xorg.freedesktop.org/archive/individual/xserver\n XSERVER_XORG_SERVER_LICENSE = MIT\n","prefixes":["1/2"]}