Re: (268963) Security patches for xorg-server-21.1.4_1,1

In reply to: Graham Perrin : "(268963) Security patches for xorg-server-21.1.4_1,1"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Robert Eckardt <rol_at_robert-eckardt.de>
Date: Sun, 26 Feb 2023 16:14:43 UTC

Hi folks,

thanks a lot.

For the records:

Eventually, I downloaded xorg-server-21.1.7 (fetch https://xorg.freedesktop.org/releases/individual/xserver/xorg-server-21.1.7.tar.xz) and changed Makefile and distinfo of the 21.1.4 port accordingly.

I checked only for FLAVOR=xvfb, although it also builds xorg-server without errors when you forget the FLAVOR.
And luckily the port built and reinstalled xorg-vfbserver without problems.


diff -rC2 xorg-server-21.1.4/Makefile xorg-server/Makefile
*** xorg-server-21.1.4/Makefile  Sun Feb 26 11:34:01 2023
--- xorg-server/Makefile        Sun Feb 26 11:36:49 2023
***************
*** 1,4 ****
  PORTNAME=     xorg
! PORTVERSION=  21.1.4
  PORTREVISION= 1
  PORTEPOCH=    1
--- 1,4 ----
  PORTNAME=     xorg
! PORTVERSION=  21.1.7
  PORTREVISION= 1
  PORTEPOCH=    1
diff -rC2 xorg-server-21.1.4/distinfo xorg-server/distinfo
*** xorg-server-21.1.4/distinfo  Wed Jun 29 15:44:41 2022
--- xorg-server/distinfo        Sun Feb 26 11:38:12 2023
***************
*** 1,3 ****
  TIMESTAMP = 1659367891
! SHA256 (xorg-server-21.1.4.tar.xz) = 5cc4be8ee47edb58d4a90e603a59d56b40291ad38371b0bd2471fc3cbee1c587
! SIZE (xorg-server-21.1.4.tar.xz) = 4940176
--- 1,3 ----
  TIMESTAMP = 1659367891
! SHA256 (xorg-server-21.1.7.tar.xz) = d9c60b2dd0ec52326ca6ab20db0e490b1ff4f566f59ca742d6532e92795877bb
! SIZE (xorg-server-21.1.7.tar.xz) = 4933292



26. Februar 2023 04:28, "Greg Veldman" <freebsd@gregv.net> schrieb:

> On Sat, Feb 25, 2023 at 06:15:03PM +0000, Graham Perrin wrote:
> 
>> On 25/02/2023 14:13, Robert Eckardt wrote:
>> 
>> Hi all,
>> 
>> does someone know, when an update for xorg-server-21.1.4_1,1 will be
>> available? ???
>> 
>> I can't guess when a commit will be made.
>> 
>> In the meantime, please know that the Ports Security Team is aware of
>> the security aspect.
>> 
>> <https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268963>
> 
> If it helps at all, I've been running xorg-server 21.1.7 built
> from the patch in that PR for over a week on my desktop machine
> with no issues. FreeBSD 12.3 amd64, built on the same machine
> I'm running it on.
> 
> If you're willing to take my word that I didn't do anything
> nefarious to it, I've also put up a binary package of that
> build that anyone is free to use.
> 
> https://www.gregv.net/xorg-server-21.1.7,1.pkg
> 
> SHA256 sum:
> 353311aabccc9379af4d90e8ff445f8ba7444078cf8bb7bf4ea2f43b04351187
> xorg-server-21.1.7,1.pkg
> 
> --
> Greg Veldman
> freebsd@gregv.net