Hi.

System: MGA6 x86_64

Using this update with Openbox without any issues after a complete reboot of my system.

$ rpm -qa | grep x11-server
x11-server-xnest-1.19.5-1.1.mga6
x11-server-common-1.19.5-1.1.mga6
x11-server-xwayland-1.19.5-1.1.mga6
x11-server-xorg-1.19.5-1.1.mga6

Only have systems with 1 monitor, so haven't seen the issue mentioned.

Cheers,
Stig

CC: (none) => smelror

Fedora has issued an advisory for this today (October 17):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7PTJE7ZFQ6WA3TNLKJYRT5SI74CWC3ID/

Debian has issued an advisory for this on October 17:
https://www.debian.org/security/2017/dsa-4000

It mentions two CVEs, CVE-2017-13721 and CVE-2017-13723, that Thomas didn't mention before.  Do we have fixes for those?

MGA6-32 on Asus A6000VM MATE
No installation issues.
Before the update I tried to replicate the issue with Firefox as mentioned above, using my beamer as secondary screen. The problem did not show up, but MATE played havoc with the screen settings. I needed several Crtl-Alt-Backspace operations to get back to a normal situation.
After the update I checked normal operation of panel, menus and schortcuts and opened documents, pictures, music and videos all OK.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA6-32-OK

(In reply to David Walser from comment #3)
> Debian has issued an advisory for this on October 17:
> https://www.debian.org/security/2017/dsa-4000
> It mentions two CVEs, CVE-2017-13721 and CVE-2017-13723, that Thomas didn't
> mention before.  Do we have fixes for those?
This is important to know. Or can we expect an updated update? Should these CVEs be in the advisory?
----------------------------------
Using M6/64 XFCE
 x11-server-xorg-1.19.5-1.1.mga6
 x11-server-xwayland-1.19.5-1.1.mga6
 x11-server-common-1.19.5-1.1.mga6
without problems; but holding the OK for a bit.
-----------------------------------------------
Have uploaded an advisory from comments 0, 2, 3. But *without* the 2 CVEs mentioned in comment 3 since I do not know whether they are covered by this update as it stands. If they are, please add them to the advisory.

Keywords: (none) => advisory

(In reply to David Walser from comment #3)
> Debian has issued an advisory for this on October 17:
> https://www.debian.org/security/2017/dsa-4000
> 
> It mentions two CVEs, CVE-2017-13721 and CVE-2017-13723, that Thomas didn't
> mention before.  Do we have fixes for those?

We did them as part of 1.19.4 update:
https://advisories.mageia.org/MGASA-2017-0366.html

Mageia release 6 (Official) for x86_64
4.9.56-desktop-1.mga6
Desktop: Gnome 3.24.2
Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
NVIDIA Corporation GK104 [GeForce GTX 770] 
RAM 15.35 GB
--------------------------------------
2560x1440 pixels (677x381 millimeters)
--------------------------------------
Display Server: Mageia X.org 119.4 drivers: nvidia,v4l
GLX Version: 4.5.0 NVIDIA 384.59

Installed all the components (some were already installed).

Ran the updates.
Logged out of GNOME.
Logged into GNOME on Xorg and the desktop came up OK.
Ran vlc to play a video.  Viewed images.
Logged in to another workstation on the LAN and played videos, viewed images and used firefox.
The latter two responded to keyboard events fairly promptly as well as mouse clicks.

That all looks fine.

CC: (none) => tarazed25

The starting point for the installation in the test reported in comment 7 was from a standpoint of the default login for GNOME.  Testing was done by logging in to GNOME on Xorg.  We should test the Wayland server also but is the default login for GNOME Wayland.  If so it can be tested.  Is it safe to assume that GNOME Classic runs under Wayland?

This bug has nothing to do with Wayland.

On mga6-64 plasma

Packages installed cleanly:

- x11-server-common-1.19.5-1.1.mga6.x86_64
- x11-server-xorg-1.19.5-1.1.mga6.x86_64
- x11-server-xwayland-1.19.5-1.1.mga6.x86_64

Played videos in VLC and flash-player, streaming on flash-player, YouTube videos.
Used LO .ods and odt files

No regressions noted

$ inxi -G
Graphics:  Card: Intel HD Graphics 530
           Display Server: Mageia X.org 119.5 drivers: v4l,intel Resolution: 1920x1080@60.00hz
           GLX Renderer: Mesa DRI Intel HD Graphics 530 (Skylake GT2) GLX Version: 3.0 Mesa 17.1.5
           
Looks OK for mga6-64

CC: (none) => jim

Re comment 9.
So where does x11-xserver-xwayland come into this?  Do we just ignore it?

On mga6-32 in a vbox VM

packages installed cleanly;

x11-server-xwayland-1.19.5-1.1.mga6.i586      
x11-server-xorg-1.19.5-1.1.mga6.i586          
x11-server-common-1.19.5-1.1.mga6.i586        


played videos; used LO

no regressions noted

$ inxi -G
Graphics:  Card: InnoTek Systemberatung VirtualBox Graphics Adapter
           Display Server: Mageia X.org 119.5 drivers: modesetting,v4l
           GLX Renderer: Gallium 0.4 on llvmpipe (LLVM 3.9, 256 bits) 
           
looks OK for mga6-32 in a vbox VM

Yes you can ignore xwayland, that's not what the CVEs are about.  Also, we're primarily just concerned with the functionality of the X server.

The testing looks decent: thanks James for your confirmations.
Adding 2nd OK & validating.

CC: (none) => sysadmin-bugs
Whiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OK
Keywords: (none) => validated_update

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2017-0401.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED