From nobody Fri Apr 05 08:41:11 2024 X-Original-To: dev-commits-ports-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V9sQk1092z5G01Y; Fri, 5 Apr 2024 08:41:18 +0000 (UTC) (envelope-from manu@bidouilliste.com) Received: from mx.blih.net (mx.blih.net [212.83.155.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4V9sQh65n9z4Vxm; Fri, 5 Apr 2024 08:41:16 +0000 (UTC) (envelope-from manu@bidouilliste.com) Authentication-Results: mx1.freebsd.org; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bidouilliste.com; s=mx; t=1712306474; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=otsIDP6nfmJ9lYQmrxjgz9wsn70QE2AKdJXyi0w2kVY=; b=D7pvtilVrQ6qi/xL1ib63SVI9GQm3BnhECvvM95OoSs7K53wpXQoPGhkRhbOSVdeBa9pSG NBM7V8KOdDlpdb8cT9TXk+uaBgUiWNw6+PZhAQWM3VWrBHTFTMBFsccI8xggbhTXmaH9vT hqFX3nDDLyDuFKEJ/EyHl9h3nxd/tiw= Received: from skull.home.blih.net (lfbn-lyo-1-2174-135.w90-66.abo.wanadoo.fr [90.66.97.135]) by mx.blih.net (OpenSMTPD) with ESMTPSA id adec314b (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Fri, 5 Apr 2024 08:41:14 +0000 (UTC) Date: Fri, 5 Apr 2024 10:41:11 +0200 From: Emmanuel Vadot To: Jan Beich Cc: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org Subject: Re: git: 77f72c463b90 - 2024Q1 - x11-servers/xwayland-devel: backport recent secfixes Message-Id: <20240405104111.9d9263dfe7ce99a01d620ab3@bidouilliste.com> In-Reply-To: References: <202404040955.4349tDrM089062@gitrepo.freebsd.org> <20240404125743.1e52876a69053b726cb456e4@bidouilliste.com> <8r1t-ny0j-wny@FreeBSD.org> <20240404141239.35d54535539b66cd6336ee5b@bidouilliste.com> <7chd-l2ru-wny@FreeBSD.org> <20240404151554.04340786db8562e522f7b1a8@bidouilliste.com> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd15.0) List-Id: Commits to the quarterly branches of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-branches@freebsd.org X-BeenThere: dev-commits-ports-branches@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:12876, ipnet:212.83.128.0/19, country:FR] X-Rspamd-Queue-Id: 4V9sQh65n9z4Vxm On Thu, 04 Apr 2024 15:48:55 +0200 Jan Beich wrote: > Emmanuel Vadot writes: > > >> but also introduced a number of regressions that > >> don't exist in my port, all of which were documented in my reviews. > > > > What regressions ? I'm using xwayland for more than a year on my > > desktop instead of -devel and haven't seen a problem. > > Try diff xwayland{,-devel}/Makefile: > - Missing XSECURITY (ssh -X vs. ssh -Y; xorg-server parity per bug 221984) I admit that I'm a bit lost on this one, I did some test and here is what I found : - Using sway and xwayland (so without xcsecurity enabled) I can't ssh -X to a xorg host and run applications (DISPLAY is not set), but I can ssh -Y fine - If I enable xcsecurity for xwayland behavior is exactly the same (i.e. -X doesn't work, -Y does). - I've confirmed that -X works from another xorg host So what I did next was to recompile xorg-server with xcsecurity set to false. And to my surprise ssh -X from a xorg host to the one with the modified xorg-server still worked. xcsecurity was added in 2018 via PR 221984 which states that it fixes -X, and that doesn't seems to be the case, xcsecurity doesn't seems to be related to X11 forwarding but something for grouping client so they can't access to each other or something (see https://www.x.org/wiki/Development/Documentation/Security/#index2h2 for more info). xcsecurity is disabled by default in xorg-server upstream (in meson) and I think that we should do the same (granted that XACE works correctly). The TLDR is that this has nothing to do with X11 forwarding and that I think that not enabling this option in xwayland (and in -devel too) is a good thing, one of the benefit of wayland is to drop the old X11 crappy model. > - Missing XDMCP (xorg-server parity, maybe used with rootful Xwayland and GUI login managers) I've lost 2 hours looking at xcsecurity so unless you can prove to me that this option is good to have enabled (and explained what it does exactly) I won't look into it for now. > - Missing XTEST input emulation (XDG Portal API, required by GNOME, Plasma and maybe rootful Xwayland) > - Missing CSD for rootful (mainly for GNOME, optional even if preferred elsewhere) I do agree that both should be enabled, bapt@ started a patch and I've asked him to wait so I could have a look at XCSECURITY before. > - Broken on DragonFly due to forcing -Dsha1 (already default after I've fixed upstream bug years ago) > - Redundant -Dglamor, -Dipv6, -Dxkb_*, libEGL dependency Cheers, -- Emmanuel Vadot