From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:700:3204::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id mELxJHeMfGW1/AAAkFu2QA (envelope-from ) for ; Fri, 15 Dec 2023 18:27:19 +0100 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id GBRIHXeMfGWQ6AAAe85BDQ (envelope-from ) for ; Fri, 15 Dec 2023 18:27:19 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=protonmail.com header.s=protonmail3 header.b="HH/3lfiY"; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=quarantine) header.from=protonmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1702661239; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=l2HI0WNIw8xLDe7DXieH9Sw/2x6qGUotFecoYpAH41Q=; b=VHJ7RrkNNQ6Q9abxZC/UhLeyruXMizZimmov+8005cUwm7+za3FBPrtzY95ybNhfnpU+LI YDChoha8wv6X5OAzVUAiUIJLDRq5o2FyhGlCEVtm4SHuhMO6xgpNEweuqdv9zC2lsRubDp 5T5r0EN8rOjwIHoBEkTS1VEHDNkpYq2jHnDC0WO0CEIbCcz2iM0VseAppafL7jnfpvxKwm H89I4f+Og6LQjh9oOlnGqZvRIsAYzIBJqcum+ni4rjnUlUvmaho0YiAqRNFnz+VDvw03WI M7Mf4M/er9Y6oRsegkh6y7Vv9UHsXVJf63ETh8BrA6LBcld1L6Izkj8QTNxE0A== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1702661239; a=rsa-sha256; cv=none; b=j34WETdBSN6+h7n4YlEOj6j6mfef5R5rtQT1lgAICtwmUUpnhw9FpI/ZcAtdJJZS2/Qagg IZPxB/meHp4PelG9vsZi43ha6XvycwoavJoWepGaR4XXPdlfQ0i8l3z0YsLsPJ0dJKTgJO xvApzguBfp9Yx8UQSJvJqigATCwcrs+6uNCOQS8nTbOrq7LKSRF+XJkj/6V3bZhiuQT0gz 5IC8jES4ZiM3FuL2F0jV1fjJJQ0CGnwwuNxLyAo8tY1A33R5te5s5Z9FnoPH/VvO/TAwTM wJTQhIf2BgLQEfxOcNI5m6Na3qj15bH12gi+GH2zznzeTQZYw47QEpHxXb/VEg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=protonmail.com header.s=protonmail3 header.b="HH/3lfiY"; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=quarantine) header.from=protonmail.com Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 52C52523C7 for ; Fri, 15 Dec 2023 18:27:19 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rEBxW-0005am-JN; Fri, 15 Dec 2023 12:26:46 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rEBxU-0005ae-P5 for guix-devel@gnu.org; Fri, 15 Dec 2023 12:26:44 -0500 Received: from mail-4316.protonmail.ch ([185.70.43.16]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rEBxS-0007dr-LI for guix-devel@gnu.org; Fri, 15 Dec 2023 12:26:44 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1702661191; x=1702920391; bh=l2HI0WNIw8xLDe7DXieH9Sw/2x6qGUotFecoYpAH41Q=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=HH/3lfiYWnQVYK1UJw9Ozm9+2Jm5K33GyoGNMjar/SQsfsbLtRDwDYN0V2z2q/e69 cRYBYd62EjlggC0kViS2yPpmwbUxJhodJHG4h8odVWaKunkFQZQURCsQ4onxfWWJOg k8YdRt5v8lrb8XjQkSPRWVVpCdT2eXn4Ucu5MpNkazP3XGEO41DVB838tNbq38SpzG TSsSh2tcMop6fpGc0RFIlrkV0QCBdZeOINpXpTPUIQ8qYlp+IoFRV6pRN90rsY3gn0 2Bc8Htq6DfFdSKAxzbSap2czDVoXKBYA2bdJMMC1CbQiVwjs3WrDOqTn53T8usuL9V 7uBQKfo3P310g== Date: Fri, 15 Dec 2023 17:25:58 +0000 To: John Kehayias From: Kaelyn Cc: guix-devel , Maxim Cournoyer , Liliana Marie Prikler , Vivien Kraus Subject: Re: xwayland security updates, to mesa- or core-updates or ? Message-ID: In-Reply-To: <871qbornny.fsf@protonmail.com> References: <871qbornny.fsf@protonmail.com> Feedback-ID: 34709329:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=185.70.43.16; envelope-from=kaelyn.alexi@protonmail.com; helo=mail-4316.protonmail.ch X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -7.07 X-Spam-Score: -7.07 X-Migadu-Queue-Id: 52C52523C7 X-Migadu-Scanner: mx11.migadu.com X-TUID: 4r3OZWphNvW/ On Thursday, December 14th, 2023 at 10:21 PM, John Kehayias wrote: >=20 > Hi Guix, >=20 > In light of (more) CVEs in xwayland, see > https://lists.x.org/archives/xorg-announce/2023-December/003435.html, >=20 > with already pending security updates, see > https://issues.guix.gnu.org/67136, I would like to prioritize >=20 > getting that fixed in master. The tricky thing is that, according to > 67136, the xwayland update needs newer xorgproto, which corresponds to > many rebuilds. (The related CVEs in xorg-server have been pushed > already as effectively minor version bumps.) >=20 > Where is the most efficient branch for this, that could take these > rebuilds to be merged to master soon (whatever soon is for a scope of > something like 22k affected packages)? >=20 > I was thinking to put that update and mesa, since it had a new stable > release after the current one never got updates, on mesa-updates and > merge once builds are done assuming no issues. Again, the potential > sore spot is xorgproto I would say. I could see about any other > pending/urgent related changes, but I'm not aware of any off the top > of my head and want to let this move quickly. I also don't want to > jump the queue sending other branches to rebuild everything again. This doesn't seem unreasonable to me, for picking up both the new mesa rele= ase and the latest xwayland security fixes. > I'll test things locally in the meantime, but please chime in. If I > don't hear anything too urgent I'll update the mesa-updates branch to > start builds at least. I've also cc'ed some names I think will be > knowledgeable about some current branches. >=20 > And thanks to Kaelyn (also cc'ed) for the pending xwayland patches! You're welcome! I've been working on updating my patch set to xwayland 23.2= .3, but it's been taking a while to build the update because most of the de= pendency stack on core-updates apparently needed rebuilding locally (presum= ably from a lack of recent substitutes unrelated to the xorgproto-triggered= rebuilds, but that's based on my computer churning away at the build for t= he past day or so, and not having checked guix weather yet--I even ran into= an issue with coreutils-minimal failing a test when /tmp was a btrfs parti= tion, that I got past by mounting a tmpfs on /tmp). Cheers, Kaelyn >=20 > Thanks! > John