From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:303:5f26::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id yK5cCQKshGXybwAAkFu2QA (envelope-from ) for ; Thu, 21 Dec 2023 22:20:02 +0100 Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id yLcuBgKshGV3LQEAqHPOHw (envelope-from ) for ; Thu, 21 Dec 2023 22:20:02 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=protonmail.com header.s=protonmail3 header.b=hCzngUiL; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=quarantine) header.from=protonmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1703193602; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=WK01ZLEcH1fZujrP7oUyBua37bX5gJRJTxeosYydJ4c=; b=uw3ZVLcSINYTsaEdwrERFGcggS8kUeUGSAZjtz0CccWBF86rxttX+HHP9b9tLUsly1RqpI kj1wgZK81j6pzRkHAMUAyMn+KdG/6a+7o+nsG0na5xCWfvSBnFXFKLgM8OnCeBIspTtWFO xSXJMYeZMbn5RMIJc/IMyuI2RK/lXYT3HfEsC7pR4D9FnEoq9UmrXlYcMoqd8JDHIktxIQ QRNg2tSKrEgUuawiJPs9V0zz1Du2eJ3MYOHeNh2Kmk+Ov+E//iFRnRyd6LlLn+OgI51Vvz syrDLpXQ2onIEJRXSxXQHLWPEbDJyW6G2Ozdh/RzfEbADaRpZKjOiZP5dLrnAQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=protonmail.com header.s=protonmail3 header.b=hCzngUiL; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=quarantine) header.from=protonmail.com ARC-Seal: i=1; s=key1; d=yhetil.org; t=1703193602; a=rsa-sha256; cv=none; b=cB/63ywgRbmpTV/SvQBtFxCAy5YWVg3b2UP7Uv2RlIkv60zpIBixNvG90s2Lmt5yXPMvh1 0YgZf3hXlSpq803cPPLYcsm2DY/slMigFSUuycQ9ITIlJUEppFMRNdSxD3DmDfwB1j5Dv9 axIjKD2kgqtP8wFGI087cI0NlHlaWTnR/ynXmAEJvRQNUoSXzQS3SF7FAJg4XmaL0yugdQ GJy4XanxX+7PgBIQ6+daU/mSAIzwZ/Ika+YhD7/nh2hh9mowSvO1zjG7lTagg5G5NPZrab JaEQNVhtgWzorgQZwCO1bpP5hPQDAU+zIp8iUJfzhzoamSSqW6PVqafsdexuXA== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 78E3F63F3A for ; Thu, 21 Dec 2023 22:20:00 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rGQRp-00058U-HM; Thu, 21 Dec 2023 16:19:17 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rGQRn-00058K-UJ for guix-devel@gnu.org; Thu, 21 Dec 2023 16:19:16 -0500 Received: from mail-4322.protonmail.ch ([185.70.43.22]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rGQRk-0005NX-JJ for guix-devel@gnu.org; Thu, 21 Dec 2023 16:19:15 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1703193545; x=1703452745; bh=WK01ZLEcH1fZujrP7oUyBua37bX5gJRJTxeosYydJ4c=; h=Date:To:From:Cc:Subject:Message-ID:Feedback-ID:From:To:Cc:Date: Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector; b=hCzngUiL2LG+LfPwgYedffyPhFj14+SM6lT8eqs3KyJ2g1i22mglheOT0jPRhROqu kN73N4q0rB9saoLohQUnOq/Lw23YHtu95wLJ8VtXgpEhfhTaEinMRFXNXo+NNYrAoe JUb3Ulk2+tjUg63JSPLGzdjAnnGgPTNw1kMxBFDihpL2Qu0/7/C9X8dDBADyR9XlxV tiOqjeuicEK1t7bLXaMZkFIFlz5qm7UwFQoWaWLS4TLcNuy39qcXGvoXue9+u+EK15 RmfHGZ1KNfFBO4NHyVQAL7IuZjtQWk/MT4ZBqGihDTXPdgfGjfn2IvhxBMUVi0oic6 7Q+qaQNGVBzsA== Date: Thu, 21 Dec 2023 21:18:50 +0000 To: guix-devel From: John Kehayias Cc: Kaelyn , Maxim Cournoyer , Liliana Marie Prikler , Vivien Kraus , Efraim Flashner Subject: Re: xwayland security updates, to mesa- or core-updates or ? Message-ID: <878r5nqmod.fsf@protonmail.com> Feedback-ID: 7805494:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=185.70.43.22; envelope-from=john.kehayias@protonmail.com; helo=mail-4322.protonmail.ch X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Scanner: mx13.migadu.com X-Migadu-Spam-Score: -3.90 X-Spam-Score: -3.90 X-Migadu-Queue-Id: 78E3F63F3A X-TUID: YHDjwYBubFoD Hi all, On Mon, Dec 18, 2023 at 12:57 AM, John Kehayias wrote: > Hi Kaelyn and everyone, > > On Fri, Dec 15, 2023 at 05:25 PM, Kaelyn wrote: > >> On Thursday, December 14th, 2023 at 10:21 PM, John Kehayias >> wrote: >> >>> >>> Hi Guix, >>> >>> In light of (more) CVEs in xwayland, see >>> , >>> >>> with already pending security updates, see >>> , I would like to prioritize >>> >>> getting that fixed in master. The tricky thing is that, according to >>> 67136, the xwayland update needs newer xorgproto, which corresponds to >>> many rebuilds. (The related CVEs in xorg-server have been pushed >>> already as effectively minor version bumps.) >>> I also updated curl as it was going to be rebuilt and had a new version out (with some security fixes). I hadn't grafted it on master but we could do that if the mesa-updates branch isn't merged to master first. [snip] > > I've pushed 3 patches (mesa, xorgproto, xorg-server-xwayland) to > mesa-updates after merging in master. The farm is building away. > I also had to skip a failing test (unknown reasons) of gtk with these updates. Finally, I also enabled the zink driver in Mesa (zink is for OpenGL on Vulkan). I remember someone asking about it on #guix recently as well, and we should have it enabled in general, to support devices which may not be able to use OpenGL without it. > The request for merging is at with > some details. In short, running into some issues with builds "failing" > because they just die or "missing derivation" errors. I'm restarting > what I see that seems higher impact, but is there anyway to restart > all the failed builds or ones with missing dependencies? > This is still true though I've tried to manually restart lots of builds on x86_64 and i686, which has removed many of the failures. Any idea what is happening to cause this more recently? [snip] > Thanks! I saw you had posted the latest version and that's what I > included. On x86_64-linux at least everything has built fine for > those, but the larger world remains to be seen. > > Would still like confirmation from other branches about what they want > to do, but we have some time while things build. And builds get > restarted. > I haven't seen QA process this branch, so I'm just going with what I see on Berlin. From the branches overview it shows about 61% last I saw, compared to 72% for master. Unfortunately, non x86 architectures are usually better covered by Bordeaux, but I don't know where to get a sense of that coverage. For what it is worth, Efraim has manually built xorgproto and mesa at least on powerpc64le, riscv64, without issues. Coverage on x86_64 and i686 seems good from what I can tell. I also don't think there are any other branches ready to merge, and would like to give them time to rebuild once these changes hit. Any thoughts on when to merge? Thanks everyone! John