unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* Re: xwayland security updates, to mesa- or core-updates or ?
@ 2023-12-21 21:18 John Kehayias
  2023-12-22  7:19 ` Efraim Flashner
  0 siblings, 1 reply; 5+ messages in thread
From: John Kehayias @ 2023-12-21 21:18 UTC (permalink / raw)
  To: guix-devel
  Cc: Kaelyn, Maxim Cournoyer, Liliana Marie Prikler, Vivien Kraus,
	Efraim Flashner

Hi all,

On Mon, Dec 18, 2023 at 12:57 AM, John Kehayias wrote:

> Hi Kaelyn and everyone,
>
> On Fri, Dec 15, 2023 at 05:25 PM, Kaelyn wrote:
>
>> On Thursday, December 14th, 2023 at 10:21 PM, John Kehayias
>> <john.kehayias@protonmail.com> wrote:
>>
>>>
>>> Hi Guix,
>>>
>>> In light of (more) CVEs in xwayland, see
>>> <https://lists.x.org/archives/xorg-announce/2023-December/003435.html>,
>>>
>>> with already pending security updates, see
>>> <https://issues.guix.gnu.org/67136>, I would like to prioritize
>>>
>>> getting that fixed in master. The tricky thing is that, according to
>>> 67136, the xwayland update needs newer xorgproto, which corresponds to
>>> many rebuilds. (The related CVEs in xorg-server have been pushed
>>> already as effectively minor version bumps.)
>>>

I also updated curl as it was going to be rebuilt and had a new
version out (with some security fixes). I hadn't grafted it on master
but we could do that if the mesa-updates branch isn't merged to master
first.

[snip]

>
> I've pushed 3 patches (mesa, xorgproto, xorg-server-xwayland) to
> mesa-updates after merging in master. The farm is building away.
>

I also had to skip a failing test (unknown reasons) of gtk with these
updates.

Finally, I also enabled the zink driver in Mesa (zink is for OpenGL on
Vulkan). I remember someone asking about it on #guix recently as well,
and we should have it enabled in general, to support devices which may
not be able to use OpenGL without it.

> The request for merging is at <https://issues.guix.gnu.org/67875> with
> some details. In short, running into some issues with builds "failing"
> because they just die or "missing derivation" errors. I'm restarting
> what I see that seems higher impact, but is there anyway to restart
> all the failed builds or ones with missing dependencies?
>

This is still true though I've tried to manually restart lots of
builds on x86_64 and i686, which has removed many of the failures. Any
idea what is happening to cause this more recently?

[snip]

> Thanks! I saw you had posted the latest version and that's what I
> included. On x86_64-linux at least everything has built fine for
> those, but the larger world remains to be seen.
>
> Would still like confirmation from other branches about what they want
> to do, but we have some time while things build. And builds get
> restarted.
>

I haven't seen QA process this branch, so I'm just going with what I
see on Berlin. From the branches overview it shows about 61% last I
saw, compared to 72% for master. Unfortunately, non x86 architectures
are usually better covered by Bordeaux, but I don't know where to get
a sense of that coverage. For what it is worth, Efraim has manually
built xorgproto and mesa at least on powerpc64le, riscv64, without
issues.

Coverage on x86_64 and i686 seems good from what I can tell. I also
don't think there are any other branches ready to merge, and would
like to give them time to rebuild once these changes hit.

Any thoughts on when to merge?

Thanks everyone!
John



^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2024-01-04  7:35 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-12-21 21:18 xwayland security updates, to mesa- or core-updates or ? John Kehayias
2023-12-22  7:19 ` Efraim Flashner
2023-12-25  6:44   ` Efraim Flashner
2024-01-04  5:13     ` John Kehayias
2024-01-04  7:34       ` [bug#67875] " Efraim Flashner

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).