unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
From: John Kehayias <john.kehayias@protonmail.com>
To: guix-devel <guix-devel@gnu.org>
Cc: Kaelyn <kaelyn.alexi@protonmail.com>,
	Maxim Cournoyer <maxim.cournoyer@gmail.com>,
	Liliana Marie Prikler <liliana.prikler@gmail.com>,
	Vivien Kraus <vivien@planete-kraus.eu>,
	Efraim Flashner <efraim@flashner.co.il>
Subject: Re: xwayland security updates, to mesa- or core-updates or ?
Date: Thu, 21 Dec 2023 21:18:50 +0000	[thread overview]
Message-ID: <878r5nqmod.fsf@protonmail.com> (raw)

Hi all,

On Mon, Dec 18, 2023 at 12:57 AM, John Kehayias wrote:

> Hi Kaelyn and everyone,
>
> On Fri, Dec 15, 2023 at 05:25 PM, Kaelyn wrote:
>
>> On Thursday, December 14th, 2023 at 10:21 PM, John Kehayias
>> <john.kehayias@protonmail.com> wrote:
>>
>>>
>>> Hi Guix,
>>>
>>> In light of (more) CVEs in xwayland, see
>>> <https://lists.x.org/archives/xorg-announce/2023-December/003435.html>,
>>>
>>> with already pending security updates, see
>>> <https://issues.guix.gnu.org/67136>, I would like to prioritize
>>>
>>> getting that fixed in master. The tricky thing is that, according to
>>> 67136, the xwayland update needs newer xorgproto, which corresponds to
>>> many rebuilds. (The related CVEs in xorg-server have been pushed
>>> already as effectively minor version bumps.)
>>>

I also updated curl as it was going to be rebuilt and had a new
version out (with some security fixes). I hadn't grafted it on master
but we could do that if the mesa-updates branch isn't merged to master
first.

[snip]

>
> I've pushed 3 patches (mesa, xorgproto, xorg-server-xwayland) to
> mesa-updates after merging in master. The farm is building away.
>

I also had to skip a failing test (unknown reasons) of gtk with these
updates.

Finally, I also enabled the zink driver in Mesa (zink is for OpenGL on
Vulkan). I remember someone asking about it on #guix recently as well,
and we should have it enabled in general, to support devices which may
not be able to use OpenGL without it.

> The request for merging is at <https://issues.guix.gnu.org/67875> with
> some details. In short, running into some issues with builds "failing"
> because they just die or "missing derivation" errors. I'm restarting
> what I see that seems higher impact, but is there anyway to restart
> all the failed builds or ones with missing dependencies?
>

This is still true though I've tried to manually restart lots of
builds on x86_64 and i686, which has removed many of the failures. Any
idea what is happening to cause this more recently?

[snip]

> Thanks! I saw you had posted the latest version and that's what I
> included. On x86_64-linux at least everything has built fine for
> those, but the larger world remains to be seen.
>
> Would still like confirmation from other branches about what they want
> to do, but we have some time while things build. And builds get
> restarted.
>

I haven't seen QA process this branch, so I'm just going with what I
see on Berlin. From the branches overview it shows about 61% last I
saw, compared to 72% for master. Unfortunately, non x86 architectures
are usually better covered by Bordeaux, but I don't know where to get
a sense of that coverage. For what it is worth, Efraim has manually
built xorgproto and mesa at least on powerpc64le, riscv64, without
issues.

Coverage on x86_64 and i686 seems good from what I can tell. I also
don't think there are any other branches ready to merge, and would
like to give them time to rebuild once these changes hit.

Any thoughts on when to merge?

Thanks everyone!
John



             reply	other threads:[~2023-12-21 21:20 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-12-21 21:18 John Kehayias [this message]
2023-12-22  7:19 ` xwayland security updates, to mesa- or core-updates or ? Efraim Flashner
2023-12-25  6:44   ` Efraim Flashner
2024-01-04  5:13     ` John Kehayias
2024-01-04  7:34       ` [bug#67875] " Efraim Flashner
  -- strict thread matches above, loose matches on Subject: below --
2024-01-08  5:43 John Kehayias
2024-01-08  8:32 ` Efraim Flashner
2024-01-08 17:24   ` John Kehayias
2023-12-15  6:21 John Kehayias
2023-12-15 17:25 ` Kaelyn
2023-12-18  6:02   ` John Kehayias

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=878r5nqmod.fsf@protonmail.com \
    --to=john.kehayias@protonmail.com \
    --cc=efraim@flashner.co.il \
    --cc=guix-devel@gnu.org \
    --cc=kaelyn.alexi@protonmail.com \
    --cc=liliana.prikler@gmail.com \
    --cc=maxim.cournoyer@gmail.com \
    --cc=vivien@planete-kraus.eu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).