Bug 260526 - x11-servers/xorg-server: Update to 1.20.14 as a security fix
Summary: x11-servers/xorg-server: Update to 1.20.14 as a security fix
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: freebsd-x11 (Nobody)
URL: https://www.x.org/wiki/Development/Se...
Keywords: security
Depends on:
Blocks:
 
Reported: 2021-12-18 22:09 UTC by Greg Veldman
Modified: 2023-03-27 18:27 UTC (History)
7 users (show)

See Also:
zeising: maintainer-feedback+

Attachments
Update version (2.63 KB, patch)
2021-12-18 22:09 UTC, Greg Veldman 		no flags Details | Diff
Fix typo (2.63 KB, patch)
2021-12-18 22:13 UTC, Greg Veldman 		no flags Details | Diff
VuXML entry (2.74 KB, patch)
2022-01-04 19:22 UTC, Greg Veldman 		no flags Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Greg Veldman 2021-12-18 22:09:38 UTC 
Created attachment 230226 [details]
Update version

Update to 1.20.14 to fix a handful of recently announced vulnerabilities per https://www.x.org/wiki/Development/Security.

These should also be documented in security/vuxml.
Comment 1 Greg Veldman 2021-12-18 22:10:38 UTC 
Tag ports-secteam@ for vuxml update.
Comment 2 Greg Veldman 2021-12-18 22:13:59 UTC 
Created attachment 230227 [details]
Fix typo
Comment 3 Niclas Zeising freebsd_committer freebsd_triage 2021-12-30 18:24:25 UTC 
Approved.

Can you write a VuXML entry as well?
Comment 4 Greg Veldman 2022-01-04 19:22:10 UTC 
Created attachment 230708 [details]
VuXML entry

(In reply to Niclas Zeising from comment #3)
I'm not sure if this request was aimed at me or at ports-secteam, but in any case I'm including another patch to document this.
Comment 5 Kurt Jaeger freebsd_committer freebsd_triage 2022-03-14 16:30:04 UTC 
testbuild@work
Comment 6 commit-hook freebsd_committer freebsd_triage 2022-03-14 19:20:55 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=b4fc2a71b177f4a1d9824eb246f25140d929a34f

commit b4fc2a71b177f4a1d9824eb246f25140d929a34f
Author:     Greg Veldman <freebsd@gregv.net>
AuthorDate: 2022-03-14 19:15:42 +0000
Commit:     Kurt Jaeger <pi@FreeBSD.org>
CommitDate: 2022-03-14 19:19:41 +0000

    x11-servers/xorg-server: update 1.20.13 -> 1.20.14 for security

    - See also:
      https://www.x.org/wiki/Development/Security/

    PR:                     260526
    Approved by:            ports-secteam (zeising)
    Relnotes:               https://lists.x.org/archives/xorg-announce/2021-December/003124.html

 x11-servers/xorg-server/Makefile              | 2 +-
 x11-servers/xorg-server/distinfo              | 6 +++---
 x11-servers/xorg-server/files/patch-configure | 8 ++++----
 3 files changed, 8 insertions(+), 8 deletions(-)
Comment 7 Graham Perrin freebsd_committer freebsd_triage 2022-03-23 07:11:35 UTC 
Please, what's a likely date for commit to 2022Q1?

For what it's worth: here, no (new) problem noted with latest on FreeBSD 14.0-CURRENT d5ad1713cc3 or 92e6b4712b5. 

----

% zgrep xorg-server /var/log/messages.0.bz2
Mar 18 09:45:13 mowa219-gjp4-8570p-freebsd pkg[94269]: xorg-server upgraded: 1.20.13,1 -> 1.20.14,1 
% bectl list -c creation
BE                    Active Mountpoint Space Created
n250511-5f73b3338ee-d -      -          4.94G 2021-11-13 15:43
n252381-75d20a5e386-b -      -          6.81G 2022-01-12 23:23
n252450-5efa7281a79-a -      -          6.49G 2022-01-14 19:27
n252483-c8f8299a230-b -      -          4.84G 2022-01-17 14:24
n252505-cc68614da82-a -      -          4.90G 2022-01-18 14:26
n252531-0ce7909cd0b-h -      -          5.71G 2022-02-06 12:24
n252997-b6724f7004c-c -      -          6.17G 2022-02-11 23:07
n253116-39a36707bd3-e -      -          5.66G 2022-02-20 07:03
n253343-9835900cb95-c -      -          1.54G 2022-02-27 14:58
n253627-25375b1415f-e -      -          4.58G 2022-03-12 18:20
n253776-d5ad1713cc3-b -      -          1.56G 2022-03-18 09:31
n253861-92e6b4712b5-a -      -          189M  2022-03-19 07:40
n253861-92e6b4712b5-b NR     /          165G  2022-03-21 12:38
%
Comment 8 Dimitry Andric freebsd_committer freebsd_triage 2023-03-27 18:27:16 UTC 
Should be fixed in https://cgit.freebsd.org/ports/commit/?id=f3039fe1340adfccc18903816ed05dca734855c2, which updates xorg-server to 21.1.7, for bug 268963.