* [Buildroot] [PATCH] package/x11r7/xwayland: security bump to 23.2.3
@ 2023-12-23 19:55 Thomas Petazzoni via buildroot
2023-12-27 16:21 ` Peter Korsgaard
2024-01-10 10:20 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Thomas Petazzoni via buildroot @ 2023-12-23 19:55 UTC (permalink / raw)
To: buildroot; +Cc: Raphael Pavlidis, Thomas Petazzoni
According to
https://lists.x.org/archives/xorg-announce/2023-December/003437.html:
This release contains the fixes for CVE-2023-6377 and CVE-2023-6478
in today's security advisory:
https://lists.x.org/archives/xorg-announce/2023-December/003435.html
The release has only 10 commits compared to 23.2.2, all of which being
fixes, two of them being the security fixes. So it seems like bumping
the version is a reasonable trade-off vs. backporting the security
fixes.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
package/x11r7/xwayland/xwayland.hash | 6 +++---
package/x11r7/xwayland/xwayland.mk | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/x11r7/xwayland/xwayland.hash b/package/x11r7/xwayland/xwayland.hash
index 12363a66bf..533ef9de86 100644
--- a/package/x11r7/xwayland/xwayland.hash
+++ b/package/x11r7/xwayland/xwayland.hash
@@ -1,6 +1,6 @@
-# From https://lists.x.org/archives/xorg-announce/2023-October/003432.html
-sha256 9f7c0938d2a41e941ffa04f99c35e5db2bcd3eec034afe8d35d5c810a22eb0a8 xwayland-23.2.2.tar.xz
-sha512 f5b319fdace7d7c078544730ecd26afeb63b1a0c779fb097455147945df85af32d9e91501ebdb70209d48e8a3ead3b23be31e9d5118358ac17e699abb4b6ac07 xwayland-23.2.2.tar.xz
+# From https://lists.x.org/archives/xorg-announce/2023-December/003437.html
+sha256 eb9d9aa7232c47412c8835ec15a97c575f03563726c787754ff0c019bd07e302 xwayland-23.2.3.tar.xz
+sha512 37198aa2f06313a0cb2add51cc78f81b26a42f2c9d55a0d3eecf958777107ea5560961c128f2d0af055f7460ba10fadb1b9050251c2c50f2251b40ab517e79cd xwayland-23.2.3.tar.xz
# Locally calculated
sha256 4cc0447a22635c7b2f1a93fec4aa94f1970fadeb72a063de006b51cf4963a06f COPYING
diff --git a/package/x11r7/xwayland/xwayland.mk b/package/x11r7/xwayland/xwayland.mk
index b0bff19be5..8f4bcd8117 100644
--- a/package/x11r7/xwayland/xwayland.mk
+++ b/package/x11r7/xwayland/xwayland.mk
@@ -4,7 +4,7 @@
#
################################################################################
-XWAYLAND_VERSION = 23.2.2
+XWAYLAND_VERSION = 23.2.3
XWAYLAND_SOURCE = xwayland-$(XWAYLAND_VERSION).tar.xz
XWAYLAND_SITE = https://xorg.freedesktop.org/archive/individual/xserver
XWAYLAND_LICENSE = MIT
--
2.43.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH] package/x11r7/xwayland: security bump to 23.2.3
2023-12-23 19:55 [Buildroot] [PATCH] package/x11r7/xwayland: security bump to 23.2.3 Thomas Petazzoni via buildroot
@ 2023-12-27 16:21 ` Peter Korsgaard
2024-01-10 10:20 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2023-12-27 16:21 UTC (permalink / raw)
To: Thomas Petazzoni via buildroot; +Cc: Raphael Pavlidis, Thomas Petazzoni
>>>>> "Thomas" == Thomas Petazzoni via buildroot <buildroot@buildroot.org> writes:
> According to
> https://lists.x.org/archives/xorg-announce/2023-December/003437.html:
> This release contains the fixes for CVE-2023-6377 and CVE-2023-6478
> in today's security advisory:
> https://lists.x.org/archives/xorg-announce/2023-December/003435.html
> The release has only 10 commits compared to 23.2.2, all of which being
> fixes, two of them being the security fixes. So it seems like bumping
> the version is a reasonable trade-off vs. backporting the security
> fixes.
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Committed, thanks.
Xserver 21.1.10 has been released with the same fixes, so I have sent a
patch for that.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH] package/x11r7/xwayland: security bump to 23.2.3
2023-12-23 19:55 [Buildroot] [PATCH] package/x11r7/xwayland: security bump to 23.2.3 Thomas Petazzoni via buildroot
2023-12-27 16:21 ` Peter Korsgaard
@ 2024-01-10 10:20 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2024-01-10 10:20 UTC (permalink / raw)
To: buildroot
On 23/12/2023 20.55, Thomas Petazzoni via buildroot wrote:
> According to
> https://lists.x.org/archives/xorg-announce/2023-December/003437.html:
>
> This release contains the fixes for CVE-2023-6377 and CVE-2023-6478
> in today's security advisory:
> https://lists.x.org/archives/xorg-announce/2023-December/003435.html
>
> The release has only 10 commits compared to 23.2.2, all of which being
> fixes, two of them being the security fixes. So it seems like bumping
> the version is a reasonable trade-off vs. backporting the security
> fixes.
>
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Committed to 2023.02.x and 2023.11.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-01-10 10:20 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-12-23 19:55 [Buildroot] [PATCH] package/x11r7/xwayland: security bump to 23.2.3 Thomas Petazzoni via buildroot
2023-12-27 16:21 ` Peter Korsgaard
2024-01-10 10:20 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.