From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:303:5f26::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id ICcTMrs4hWXOswAAkFu2QA (envelope-from ) for ; Fri, 22 Dec 2023 08:20:27 +0100 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id CJY0Lbs4hWU6QwAAqHPOHw (envelope-from ) for ; Fri, 22 Dec 2023 08:20:27 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=Hv7O23tZ; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1703229627; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=edKK+wn70F9cMrvWiEwAP5qkqI6CKsrVZKqJRJ3KnSs=; b=CtkcUCO8XRWktroH1jftQ1DNVLvnoOQl3aWOalgq7AYL+GwI6Q37dD53if4aRTLvOeuwDF RHF15Ru17dfVxdPggLakG8GHdLGBYLngr2KO0kO7o8cF1GrXs3jsJSrGekH5D2zffZ85Cu znephRwznsXSe6NHiGHdukzKxEXEu8c8zuAmIQq+pWYlcXCdI30iOlzgwfyWqKiMJB46SV Qw0L39WDLGy3iXKK/AaiKaiUD8q1EaYQA9Fl31Cg8Q/5Kl30YllrEAxk/cjxz9T60DCuly /E45Fbpw3R8oR+0gQu6Dk1z5uvjjN6wr/++rp6dx0XyZRVN4Ga2i2eEiZtY+Fg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1703229627; a=rsa-sha256; cv=none; b=JS7WWu9SMioX2Ak/0LMhBZc1MSFZgqHxxCdeS1N2OaAKmI1f3rtNRrp9xO57Nn2GTMoKdv oxfl4Q8ipJYJElapAHPiCqxR+9RaCkAhn1K96uKs5ZMf1zD8isKJ4ampqr349jOpXKawV0 YhkML4JO24Ox/mC+86gfjBX0rGYCZOieq8uTlZ9af8sZw7fD7K3J3hkp2rbIZA+2VdoSX4 ekXZ+SnCxFYuMw5Io3VregGJ1rSNp8yqm0N2FHQmPC2qkNRxBjjEt8i19453W6dtkxyjp2 ZZsD0kfDHOXeMnAT50QGjS02hGtgmGOUPnRmIA+deyl+OVm40I2LRwrT6gHQdg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=Hv7O23tZ; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=none Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 7DD60408DF for ; Fri, 22 Dec 2023 08:20:27 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rGZop-0000r3-Qn; Fri, 22 Dec 2023 02:19:39 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rGZom-0000pj-Rh for guix-devel@gnu.org; Fri, 22 Dec 2023 02:19:36 -0500 Received: from mail-wm1-x331.google.com ([2a00:1450:4864:20::331]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rGZok-00028F-2z for guix-devel@gnu.org; Fri, 22 Dec 2023 02:19:36 -0500 Received: by mail-wm1-x331.google.com with SMTP id 5b1f17b1804b1-40b5155e154so19061705e9.3 for ; Thu, 21 Dec 2023 23:19:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1703229572; x=1703834372; darn=gnu.org; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date:sender:from:to :cc:subject:date:message-id:reply-to; bh=edKK+wn70F9cMrvWiEwAP5qkqI6CKsrVZKqJRJ3KnSs=; b=Hv7O23tZrEq62+8Oh3vXPqiOlAuvtD4AIh7GCSUqZr+urK+VQsm42pwUxijpLDD/MB S7qjGZhdNgPDw2Y2mYtaNj4j5gY2sLhxW7hqjWfVAjw7N0l6r3jWol1Fy2KPevMDXkY5 nDSixZTNl4Pnh9lt5DYh6IbFrVZ2M2jQ8FbgI4g6Mu9jRZvrXzCVtzCpYRjNcpCwDrzG KsiyzZebiMSjNM3nXKTWoxQxrudKIi4dPY6MMjFse4Aao7Gkcwh1MojxWI/hYCEZsg86 7vHRK6EFeADI/pxiSFjrg8AGPbdZ5YU5ngyuQI3mS7cx8xDyahVOe706suQzjiw6hNxt /fPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703229572; x=1703834372; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date:sender :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=edKK+wn70F9cMrvWiEwAP5qkqI6CKsrVZKqJRJ3KnSs=; b=RmaAoWa+tZPHRvhVwy1S/F/uNq+9GDCarhzVvnbo6IrxeRTviYhF7kLHsdjrsGR/Zs OTl5BLWEqnlR1ESKa4FROk/oM5vak/Q4yqHZADd682fT6UD/ehobD2JUzYedIyrJ3rNx szhvBZqcBA4ftYX/J1HMLkFMZrdj0mdSANI45zZ6s2Rvk95hGCnGzFhXg1pZtEloGoh+ tHSBXi0X9WFXGUIkGoyGEimY6zIpqIfCCEkP3P+PzI8wAmrgWudM533JgVL+FCv5P0fm UzDcvlYjSeihkmWmx4ZOfWOefMDEOnvkCRLh1HUeqjeqgcDmQ1V13LFoK/Nkm54f2yt4 SJww== X-Gm-Message-State: AOJu0YyqS2aYEIpGXpQWj8x2b+kEo4zZ2+OtBwy60+wntsup7ENf9CVC ts35dqri1biAnkdwcwqJ+Cg= X-Google-Smtp-Source: AGHT+IHWsPwgCfaEPNNt5QjmqSgwfI1pUIYw0SdUeTErwueZqFYZX/fCt7Qm6/uyJmADGCat/kTGWQ== X-Received: by 2002:a05:600c:c4:b0:40d:2b9a:85c6 with SMTP id u4-20020a05600c00c400b0040d2b9a85c6mr427930wmm.70.1703229571898; Thu, 21 Dec 2023 23:19:31 -0800 (PST) Received: from localhost ([5.102.238.170]) by smtp.gmail.com with ESMTPSA id u10-20020a05600c138a00b0040b45356b72sm13689182wmf.33.2023.12.21.23.19.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 23:19:30 -0800 (PST) Date: Fri, 22 Dec 2023 09:19:27 +0200 From: Efraim Flashner To: John Kehayias Cc: guix-devel , Kaelyn , Maxim Cournoyer , Liliana Marie Prikler , Vivien Kraus Subject: Re: xwayland security updates, to mesa- or core-updates or ? Message-ID: Mail-Followup-To: John Kehayias , guix-devel , Kaelyn , Maxim Cournoyer , Liliana Marie Prikler , Vivien Kraus References: <878r5nqmod.fsf@protonmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="+1BaKIm5ggDns54i" Content-Disposition: inline In-Reply-To: <878r5nqmod.fsf@protonmail.com> X-PGP-Key-ID: 0x41AAE7DCCA3D8351 X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc X-PGP-Fingerprint: A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Received-SPF: pass client-ip=2a00:1450:4864:20::331; envelope-from=efraim.flashner@gmail.com; helo=mail-wm1-x331.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -4.30 X-Spam-Score: -4.30 X-Migadu-Queue-Id: 7DD60408DF X-Migadu-Scanner: mx11.migadu.com X-TUID: cslWTTIX0OaV --+1BaKIm5ggDns54i Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Dec 21, 2023 at 09:18:50PM +0000, John Kehayias wrote: > Hi all, >=20 > On Mon, Dec 18, 2023 at 12:57 AM, John Kehayias wrote: >=20 > > Hi Kaelyn and everyone, > > > > On Fri, Dec 15, 2023 at 05:25 PM, Kaelyn wrote: > > > >> On Thursday, December 14th, 2023 at 10:21 PM, John Kehayias > >> wrote: > >> > >>> > >>> Hi Guix, > >>> > >>> In light of (more) CVEs in xwayland, see > >>> , > >>> > >>> with already pending security updates, see > >>> , I would like to prioritize > >>> > >>> getting that fixed in master. The tricky thing is that, according to > >>> 67136, the xwayland update needs newer xorgproto, which corresponds to > >>> many rebuilds. (The related CVEs in xorg-server have been pushed > >>> already as effectively minor version bumps.) > >>> >=20 > I also updated curl as it was going to be rebuilt and had a new > version out (with some security fixes). I hadn't grafted it on master > but we could do that if the mesa-updates branch isn't merged to master > first. >=20 > [snip] >=20 > > > > I've pushed 3 patches (mesa, xorgproto, xorg-server-xwayland) to > > mesa-updates after merging in master. The farm is building away. > > >=20 > I also had to skip a failing test (unknown reasons) of gtk with these > updates. >=20 > Finally, I also enabled the zink driver in Mesa (zink is for OpenGL on > Vulkan). I remember someone asking about it on #guix recently as well, > and we should have it enabled in general, to support devices which may > not be able to use OpenGL without it. >=20 > > The request for merging is at with > > some details. In short, running into some issues with builds "failing" > > because they just die or "missing derivation" errors. I'm restarting > > what I see that seems higher impact, but is there anyway to restart > > all the failed builds or ones with missing dependencies? > > >=20 > This is still true though I've tried to manually restart lots of > builds on x86_64 and i686, which has removed many of the failures. Any > idea what is happening to cause this more recently? >=20 > [snip] >=20 > > Thanks! I saw you had posted the latest version and that's what I > > included. On x86_64-linux at least everything has built fine for > > those, but the larger world remains to be seen. > > > > Would still like confirmation from other branches about what they want > > to do, but we have some time while things build. And builds get > > restarted. > > >=20 > I haven't seen QA process this branch, so I'm just going with what I > see on Berlin. From the branches overview it shows about 61% last I > saw, compared to 72% for master. Unfortunately, non x86 architectures > are usually better covered by Bordeaux, but I don't know where to get > a sense of that coverage. For what it is worth, Efraim has manually > built xorgproto and mesa at least on powerpc64le, riscv64, without > issues. I had berlin build for powerpc64le and that went without any problems. Locally I built for riscv64 and powerpc and those both built fine. I ran into an issue locally with curl on aarch64 and test 1477(?) which is weird since it's supposed to be skipped but I'm sending it through again. Haven't started armhf yet. > Coverage on x86_64 and i686 seems good from what I can tell. I also > don't think there are any other branches ready to merge, and would > like to give them time to rebuild once these changes hit. >=20 > Any thoughts on when to merge? >=20 > Thanks everyone! > John >=20 --=20 Efraim Flashner =D7=A8=D7=A0=D7=A9=D7=9C=D7=A4 = =D7=9D=D7=99=D7=A8=D7=A4=D7=90 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --+1BaKIm5ggDns54i Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmWFOH4ACgkQQarn3Mo9 g1Ez8g/9GbzQLy16Um+hCWT7OWyhtULRkPQ7oBVljU5ZwQsuA7OfSk4Gr1W7Y5hR QDSyTkp7q9EToi6zOzVntksJ1JpVJqdFU8i7mml3aYri77/OBH2grFjGfkOuiUCz /VaiUpEiKQS2E8O/M4MuWkET489QFYk8u496J8mdlXxqGWqVjPH2p4ECqQM2W7Ji f1hkdd10H5o9frmYkVLjjVvoMg85j9QZZhxiis1iP+yItvCcE39H0n/JQ91+pB/0 j+3E+PjopAUrwEN2CrAbQdgcO8jNNutsANvaG9TQJnYAsogyPhoNUgTBdCOzsUPR yukZvCzVv38iubiCov9iNrw8I213l6icKa74HSeTDbKLdu10mDpI8PO/mOwHyP3Q ZcuukwmBjIqH2JGv5px6VnnPyXdqLFUBd8Nrd6+PnjHa+Ji3flAX0/CjdqK+qXDo VdRLfoAHNBz7pTC1bOFfl1OmBxfLqNLIfSx5VamqbucUMIdmkvWEAI9cVQkd/4uW RN0oAkOeo7u+OME0vplK1xGRMA2fC9BEz9pr0AZqX0NhLsLnCf9SnZOxEGUGaQdY N6YvbxDSR8FvMctO7qCWDCJe1aXHMRO8eXSj9L4Lq3EjmSFRiUc13WQUWSUtSrYL FqqIoWBFG2Vu2Aj70Y8xV9paMo6gLiJ+49Gt2YuEzQ/DGEihd4w= =7tTZ -----END PGP SIGNATURE----- --+1BaKIm5ggDns54i--