From 70a9c78bfcd76d92a704c4a3d61c923581ec9c7b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= <leana.jiang+git@icloud.com>
Date: Mon, 3 Nov 2025 13:56:34 +0800
Subject: [PATCH] vanadium/overlays: patch xorg temporarily

---
 nix/configurations/vanadium/overlay.nix | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/nix/configurations/vanadium/overlay.nix b/nix/configurations/vanadium/overlay.nix
index 7f973f21..5e5c3279 100644
--- a/nix/configurations/vanadium/overlay.nix
+++ b/nix/configurations/vanadium/overlay.nix
@@ -62,4 +62,20 @@ in
         ./patches/fcitx5-chinese-addons/disable-fullwidth.patch
         # Note: disabling pinyin helper breaks canjie
       ];
+
+      # Security, Xorg vuln
+      # Backport has failed in upstream currently <https://github.com/NixOS/nixpkgs/pull/457804>,
+      # might as well patch it while people are blogging about it <https://github.com/Xe/site/pull/1062>
+      # Upstream talks about it here https://lists.x.org/archives/xorg-announce/2025-October/003635.html
+      xorg.xorgserver.__output.version = oldVersion: let
+        version = "21.1.20";
+      in
+        if oldVersion == version
+        then throw "This patch has been merged upstream"
+        else version;
+      xorg.xorgserver.__output.src = _:
+        final.fetchurl {
+          url = "mirror://xorg/individual/xserver/xorg-server-21.1.20.tar.xz";
+          sha256 = "sha256-dpW8YYJLOoG2utL3iwVADKAVAD3kAtGzIhFxBbcC6Tc=";
+        };
     }