From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:1008:1e59::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id UM+AFJrgf2UQ/gAAkFu2QA (envelope-from ) for ; Mon, 18 Dec 2023 07:03:06 +0100 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id KEu3EZrgf2XJOQAA62LTzQ (envelope-from ) for ; Mon, 18 Dec 2023 07:03:06 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=protonmail.com header.s=protonmail3 header.b=DzTa4bkp; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=quarantine) header.from=protonmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1702879386; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=75wq2XDx++QLi/8gsr+wMCoRPhU9aQ/a2haJoGDz99Q=; b=SpNwKHRUBa5pjPb/HGVIZN/oDqr9ZY+2BNqmEzDfKFRc/UgSa521CNNQGCeCbdWpSYxj+A 6Eoe1tSuVplz6ra71WZw42npMaRpx2dCgNgtDT1eMQIi/NHw1ssxyfrPrZkRZ9dGkqRj3N XFMb6aiFEpKqzel7g7p8r8e2lGd5FVE2+lN7/1DNuZZDjBN2ispslPRTs/OluvpWAvk89B diOLuzD77fp3OEPxkLiGHcsfnCoQ8s/VusO7XeHtXsTjnVOLPxbOLW+H6QeL4ruWs8HQDG P4DoqFQca4EqryNoJY5pGzTFNHnxSAXwkMFQWqzIZ1uZg/ZJzfUqEzqElsvn0A== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1702879386; a=rsa-sha256; cv=none; b=ibBQGAfrErCTTMnMLkOKootSYC7WrfSYNHaLJETTSUASuYrho3pPHI3Fd7CHsQ/6o4eCa4 0oQbTW9SIDGI6Esu2H44cDFPUm4fXeLH+feJSYvCcJYVLaVltGWmuvieqz1TXYPptnY959 4bLsp0e0jzIIYFR9BVRoPOLBbJFXU7Tuvr6Y56rrPEFfzZBcentWknrR1t0iYZxNBcnLs5 12G1Ys6cipmep2+N5/DsJB2G7CJSfOZwJGwkO6PMEKKyKtc+7J9a1K1/wnwrFWRq/0e1OI tQFxlMJ3r/5tbRgS5wYxhjg4FxvQWF4J5oF6QnXlwlCii1NDiJPnpMvU+T9XBQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=protonmail.com header.s=protonmail3 header.b=DzTa4bkp; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=quarantine) header.from=protonmail.com Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 775021E13E for ; Mon, 18 Dec 2023 07:03:05 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rF6i6-0002Sm-Tt; Mon, 18 Dec 2023 01:02:38 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rF6i5-0002Sb-BZ for guix-devel@gnu.org; Mon, 18 Dec 2023 01:02:37 -0500 Received: from mail-4316.protonmail.ch ([185.70.43.16]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rF6i3-0005FB-2L for guix-devel@gnu.org; Mon, 18 Dec 2023 01:02:37 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1702879351; x=1703138551; bh=75wq2XDx++QLi/8gsr+wMCoRPhU9aQ/a2haJoGDz99Q=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=DzTa4bkpo8hJyitbIQqH2ZDxpS49G+9r1F/obShsO7h6OWFIuaknvm1rE50MjTEsq U90lMH46dsNkwnogLK1FmxTGmF7pEQw04QaNjLnR+2xdb34P7QFVisQMFVB5inwZqX V3D7q6bTt4S8biOKY6zCcX/iS7cKEhgAu4eXFqDeQXQMrm3wEA0a4krUKyUyZMMQxE 3WqxEEd8pneRPXNbuWlE+itzYLxPuogYzdPYasxAB6/Y/tqOCIFDvI+jjpPdHczWRH s4nWl1jUhBruiJf8aUt78lDaO8vt24RGI5xW1qQyCNKr1MBkoUejQAmrMzTU4mMK3S 6IaOvC9INwiAA== Date: Mon, 18 Dec 2023 06:02:18 +0000 To: Kaelyn From: John Kehayias Cc: guix-devel , Maxim Cournoyer , Liliana Marie Prikler , Vivien Kraus Subject: Re: xwayland security updates, to mesa- or core-updates or ? Message-ID: <87v88wqc9l.fsf@protonmail.com> In-Reply-To: References: <871qbornny.fsf@protonmail.com> Feedback-ID: 7805494:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=185.70.43.16; envelope-from=john.kehayias@protonmail.com; helo=mail-4316.protonmail.ch X-Spam_score_int: -30 X-Spam_score: -3.1 X-Spam_bar: --- X-Spam_report: (-3.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -7.12 X-Spam-Score: -7.12 X-Migadu-Queue-Id: 775021E13E X-Migadu-Scanner: mx12.migadu.com X-TUID: lzgy/uUp+Wgd Hi Kaelyn and everyone, On Fri, Dec 15, 2023 at 05:25 PM, Kaelyn wrote: > On Thursday, December 14th, 2023 at 10:21 PM, John Kehayias > wrote: > >> >> Hi Guix, >> >> In light of (more) CVEs in xwayland, see >> , >> >> with already pending security updates, see >> , I would like to prioritize >> >> getting that fixed in master. The tricky thing is that, according to >> 67136, the xwayland update needs newer xorgproto, which corresponds to >> many rebuilds. (The related CVEs in xorg-server have been pushed >> already as effectively minor version bumps.) >> >> Where is the most efficient branch for this, that could take these >> rebuilds to be merged to master soon (whatever soon is for a scope of >> something like 22k affected packages)? >> >> I was thinking to put that update and mesa, since it had a new stable >> release after the current one never got updates, on mesa-updates and >> merge once builds are done assuming no issues. Again, the potential >> sore spot is xorgproto I would say. I could see about any other >> pending/urgent related changes, but I'm not aware of any off the top >> of my head and want to let this move quickly. I also don't want to >> jump the queue sending other branches to rebuild everything again. > > This doesn't seem unreasonable to me, for picking up both the new mesa > release and the latest xwayland security fixes. > >> I'll test things locally in the meantime, but please chime in. If I >> don't hear anything too urgent I'll update the mesa-updates branch to >> start builds at least. I've also cc'ed some names I think will be >> knowledgeable about some current branches. >> I've pushed 3 patches (mesa, xorgproto, xorg-server-xwayland) to mesa-updates after merging in master. The farm is building away. The request for merging is at with some details. In short, running into some issues with builds "failing" because they just die or "missing derivation" errors. I'm restarting what I see that seems higher impact, but is there anyway to restart all the failed builds or ones with missing dependencies? Also, gtk for i686-linux is failing a test and I don't know why. With a newer version incoming from the gnome team I would just go for disabling that test if I knew how... >> And thanks to Kaelyn (also cc'ed) for the pending xwayland patches! > > You're welcome! I've been working on updating my patch set to xwayland > 23.2.3, but it's been taking a while to build the update because most > of the dependency stack on core-updates apparently needed rebuilding > locally (presumably from a lack of recent substitutes unrelated to the > xorgproto-triggered rebuilds, but that's based on my computer churning > away at the build for the past day or so, and not having checked guix > weather yet--I even ran into an issue with coreutils-minimal failing a > test when /tmp was a btrfs partition, that I got past by mounting a > tmpfs on /tmp). > > Cheers, > Kaelyn > Thanks! I saw you had posted the latest version and that's what I included. On x86_64-linux at least everything has built fine for those, but the larger world remains to be seen. Would still like confirmation from other branches about what they want to do, but we have some time while things build. And builds get restarted. Thanks! John