unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
From: John Kehayias <john.kehayias@protonmail.com>
To: Kaelyn <kaelyn.alexi@protonmail.com>
Cc: guix-devel <guix-devel@gnu.org>,
	Maxim Cournoyer <maxim.cournoyer@gmail.com>,
	Liliana Marie Prikler <liliana.prikler@gmail.com>,
	Vivien Kraus <vivien@planete-kraus.eu>
Subject: Re: xwayland security updates, to mesa- or core-updates or ?
Date: Mon, 18 Dec 2023 06:02:18 +0000	[thread overview]
Message-ID: <87v88wqc9l.fsf@protonmail.com> (raw)
In-Reply-To: <c5eotCGqpz85MXz9O5pMgf_FAVUtIo4ZLW-5PI5Q6IB-nwEuk4wtIgHJU1NEacuLjqsgflL0mmR0LgNC7bKHOWDRBwk6qBZXMaJHMU4Ev-U=@protonmail.com>

Hi Kaelyn and everyone,

On Fri, Dec 15, 2023 at 05:25 PM, Kaelyn wrote:

> On Thursday, December 14th, 2023 at 10:21 PM, John Kehayias
> <john.kehayias@protonmail.com> wrote:
>
>>
>> Hi Guix,
>>
>> In light of (more) CVEs in xwayland, see
>> <https://lists.x.org/archives/xorg-announce/2023-December/003435.html>,
>>
>> with already pending security updates, see
>> <https://issues.guix.gnu.org/67136>, I would like to prioritize
>>
>> getting that fixed in master. The tricky thing is that, according to
>> 67136, the xwayland update needs newer xorgproto, which corresponds to
>> many rebuilds. (The related CVEs in xorg-server have been pushed
>> already as effectively minor version bumps.)
>>
>> Where is the most efficient branch for this, that could take these
>> rebuilds to be merged to master soon (whatever soon is for a scope of
>> something like 22k affected packages)?
>>
>> I was thinking to put that update and mesa, since it had a new stable
>> release after the current one never got updates, on mesa-updates and
>> merge once builds are done assuming no issues. Again, the potential
>> sore spot is xorgproto I would say. I could see about any other
>> pending/urgent related changes, but I'm not aware of any off the top
>> of my head and want to let this move quickly. I also don't want to
>> jump the queue sending other branches to rebuild everything again.
>
> This doesn't seem unreasonable to me, for picking up both the new mesa
> release and the latest xwayland security fixes.
>
>> I'll test things locally in the meantime, but please chime in. If I
>> don't hear anything too urgent I'll update the mesa-updates branch to
>> start builds at least. I've also cc'ed some names I think will be
>> knowledgeable about some current branches.
>>

I've pushed 3 patches (mesa, xorgproto, xorg-server-xwayland) to
mesa-updates after merging in master. The farm is building away.

The request for merging is at <https://issues.guix.gnu.org/67875> with
some details. In short, running into some issues with builds "failing"
because they just die or "missing derivation" errors. I'm restarting
what I see that seems higher impact, but is there anyway to restart
all the failed builds or ones with missing dependencies?

Also, gtk for i686-linux is failing a test and I don't know why. With
a newer version incoming from the gnome team I would just go for
disabling that test if I knew how...

>> And thanks to Kaelyn (also cc'ed) for the pending xwayland patches!
>
> You're welcome! I've been working on updating my patch set to xwayland
> 23.2.3, but it's been taking a while to build the update because most
> of the dependency stack on core-updates apparently needed rebuilding
> locally (presumably from a lack of recent substitutes unrelated to the
> xorgproto-triggered rebuilds, but that's based on my computer churning
> away at the build for the past day or so, and not having checked guix
> weather yet--I even ran into an issue with coreutils-minimal failing a
> test when /tmp was a btrfs partition, that I got past by mounting a
> tmpfs on /tmp).
>
> Cheers,
> Kaelyn
>

Thanks! I saw you had posted the latest version and that's what I
included. On x86_64-linux at least everything has built fine for
those, but the larger world remains to be seen.

Would still like confirmation from other branches about what they want
to do, but we have some time while things build. And builds get
restarted.

Thanks!
John



  reply	other threads:[~2023-12-18  6:03 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-12-15  6:21 xwayland security updates, to mesa- or core-updates or ? John Kehayias
2023-12-15 17:25 ` Kaelyn
2023-12-18  6:02   ` John Kehayias [this message]
  -- strict thread matches above, loose matches on Subject: below --
2023-12-21 21:18 John Kehayias
2023-12-22  7:19 ` Efraim Flashner
2023-12-25  6:44   ` Efraim Flashner
2024-01-04  5:13     ` John Kehayias
2024-01-08  5:43 John Kehayias
2024-01-08  8:32 ` Efraim Flashner
2024-01-08 17:24   ` John Kehayias

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87v88wqc9l.fsf@protonmail.com \
    --to=john.kehayias@protonmail.com \
    --cc=guix-devel@gnu.org \
    --cc=kaelyn.alexi@protonmail.com \
    --cc=liliana.prikler@gmail.com \
    --cc=maxim.cournoyer@gmail.com \
    --cc=vivien@planete-kraus.eu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).