You are not logged in.
- Topics: Active | Unanswered
#1 2023-12-23 19:31:41
- semil
- Member
- Registered: 2023-08-05
- Posts: 16
Security updates for forked packages? (e.g. xorg-server)
xorg-server had vulnerabilities fixed in Debian about six days ago. I know Devuan’s is forked because of the libseat situation.
In such a case, is “TODO: merge xorg-server security fixes” added to some list of items somewhere, or…?
Offline
#2 2023-12-23 20:48:07
- golinux
- Administrator
- Registered: 2016-11-25
- Posts: 3,153
Re: Security updates for forked packages? (e.g. xorg-server)
It looks like xorg-server comes directly from Debian so you shouldn't have to do anything special if you sources.list is in order.
Offline
#3 2023-12-24 00:01:54
- semil
- Member
- Registered: 2023-08-05
- Posts: 16
Re: Security updates for forked packages? (e.g. xorg-server)
That shows just xorg-server-source, but the runtime pieces have names like xserver-xorg-*. And the xserver-xorg-core in Daedalus is 2:21.1.7-3+deb12u2devuan1.
Offline
#4 2023-12-24 05:24:30
- pcalvert
- Member
- Registered: 2017-05-15
- Posts: 195
Re: Security updates for forked packages? (e.g. xorg-server)
You are correct. This is what my Daedalus-based Refracta system is showing:
$ aptitude show xserver-xorg-core
Package: xserver-xorg-core
Version: 2:21.1.7-3+deb12u2devuan1
State: installed
Automatically installed: yes
Priority: optional
Section: x11
Maintainer: Devuan Developers <devuan-dev@lists.dyne.org>
Architecture: amd64
Uncompressed Size: 3,907 k
Depends: xserver-common (>= 2:21.1.7-3+deb12u2devuan1), keyboard-configuration, udev (>= 149), libegl1, libaudit1 (>= 1:2.2.1),
libbsd0 (>= 0.7.0), libc6 (>= 2.35), libdrm2 (>= 2.4.66), libepoxy0 (>= 1.5.4), libeudev1 (>= 3.2.12), libgbm1 (>=
17.1.0~rc2), libgcrypt20 (>= 1.10.0), libgl1, libpciaccess0 (>= 0.12.902), libpixman-1-0 (>= 0.30.0), libseat1 (>= 0.5.0),
libselinux1 (>= 3.1~), libunwind8, libxau6 (>= 1:1.0.9), libxcvt0 (>= 0.1.0), libxdmcp6, libxfont2 (>= 1:2.0.1),
libxshmfence1
Recommends: libgl1-mesa-dri (>= 7.10.2-4), xcvt
Suggests: xfonts-100dpi | xfonts-75dpi, xfonts-scalable
Conflicts: xserver-xorg-input-evtouch, xserver-xorg-video-modesetting
Breaks: libgl1-mesa-dri (< 18.0.5), systemd (< 226-4~), xserver-xorg (< 1:7.7+10~)
Replaces: xserver-xorg (< 1:7.7+10~), xserver-xorg-video-modesetting
Provides: xorg-input-abi-24, xorg-video-abi-25, xserver-xorg-video-modesetting
Description: Xorg X server - core server
The Xorg X server is an X server for several architectures and operating systems, which is derived from the XFree86 4.x series of X
servers.
The Xorg server supports most modern graphics hardware from most vendors, and supersedes all XFree86 X servers.
More information about X.Org can be found at: <URL:https://www.x.org>
This package is built from the X.org xserver module.
Homepage: https://www.x.org/I also checked the apt cache for recent debs:
$ ls -l /var/cache/apt/archives |grep xserver-xorg
-rw-r--r-- 1 root root 1365092 Oct 26 09:56 xserver-xorg-core_2%3a21.1.7-3+deb12u2devuan1_amd64.deb
-rw-r--r-- 1 root root 122432 Feb 12 2022 xserver-xorg-input-evdev_1%3a2.10.6-2+b1_amd64.deb
-rw-r--r-- 1 root root 69248 Feb 12 2022 xserver-xorg-input-mouse_1%3a1.9.3-1+b1_amd64.deb
-rw-r--r-- 1 root root 214892 Mar 23 2023 xserver-xorg-input-synaptics_1.9.2-1+b1_amd64.debThis is the relevant Debian security advisory:
https://www.debian.org/security/2023/dsa-5576-2
According to that web page, the xserver-xorg-core package in Daedalus is two versions behind.
Offline
