Re: git: 77f72c463b90 - 2024Q1 - x11-servers/xwayland-devel: backport recent secfixes

From: Jan Beich <jbeich_at_FreeBSD.org>
Date: Thu, 04 Apr 2024 14:47:09 UTC
Baptiste Daroussin <bapt@freebsd.org> writes:

> On Thu 04 Apr 15:48, Jan Beich wrote:
>
>> Emmanuel Vadot <manu@bidouilliste.com> writes:
>> 
>> >> but also introduced a number of regressions that
>> >> don't exist in my port, all of which were documented in my reviews.
>> >
>> >  What regressions ? I'm using xwayland for more than a year on my
>> > desktop instead of -devel and haven't seen a problem.
>> 
>> Try diff xwayland{,-devel}/Makefile:
>> - Missing XSECURITY (ssh -X vs. ssh -Y; xorg-server parity per bug 221984)
>> - Missing XDMCP (xorg-server parity, maybe used with rootful Xwayland and GUI login managers)
>> - Missing XTEST input emulation (XDG Portal API, required by GNOME, Plasma and maybe rootful Xwayland)
>> - Missing CSD for rootful (mainly for GNOME, optional even if preferred elsewhere)
>> - Broken on DragonFly due to forcing -Dsha1 (already default after I've fixed upstream bug years ago)
>> - Redundant -Dglamor, -Dipv6, -Dxkb_*, libEGL dependency
>
> Those feature are not present as well in non of the Xwayland used in production
> in linux distributions.

How did you check? I see
* -Dxcsecurity=true (XCSECURITY) in Arch, Fedora, Alpine, Gentoo recipes
* libXdmcp (XDMCP) being used on Fedora and Gentoo 
* libei (XTEST) being used on Fedora and Gentoo
* libdecor (CSD) being used on Fedora

> They are in development, and that is what -devel is for, you can test in
> advance, but this is not needed for production

That's reasonable if not for the above bugs shrugged off under
"works for me" blanket aka "maintainer's discretion".

> Even linux distros are not including those patches, beside them being more
> mainstream for Wayland than we are.

Do you mean HiDPI patches? Plasma and Hyprland implemented their own
scaling while the rest rely on buggy workarounds. I'll probably drop
the patches if I can't manage to rebase after upstream rootful HiDPI.
To reduce POLA violation this was postponed until 2024Q2 branches.

IIRC, one Arch-based distro included HiDPI patches and old version of
Hyprland used to bundle those via Nix flake.