Re: git: 77f72c463b90 - 2024Q1 - x11-servers/xwayland-devel: backport recent secfixes

Reply: Jan Beich : "Re: git: 77f72c463b90 - 2024Q1 - x11-servers/xwayland-devel: backport recent secfixes"
In reply to: Jan Beich : "Re: git: 77f72c463b90 - 2024Q1 - x11-servers/xwayland-devel: backport recent secfixes"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Emmanuel Vadot <manu_at_bidouilliste.com>
Date: Thu, 04 Apr 2024 12:12:39 UTC

On Thu, 04 Apr 2024 13:54:52 +0200
Jan Beich <jbeich@FreeBSD.org> wrote:

> Emmanuel Vadot <manu@bidouilliste.com> writes:
> 
> > On Thu, 4 Apr 2024 09:55:13 GMT
> > Jan Beich <jbeich@FreeBSD.org> wrote:
> >
> >> The branch 2024Q1 has been updated by jbeich:
> >> 
> >> URL: https://cgit.FreeBSD.org/ports/commit/?id=77f72c463b90237feeba97e05b597101cc407ebd
> >> 
> >> commit 77f72c463b90237feeba97e05b597101cc407ebd
> >> Author:     Jan Beich <jbeich@FreeBSD.org>
> >> AuthorDate: 2024-04-04 00:38:43 +0000
> >> Commit:     Jan Beich <jbeich@FreeBSD.org>
> >> CommitDate: 2024-04-04 09:40:32 +0000
> >> 
> >>     x11-servers/xwayland-devel: backport recent secfixes
> >>     
> >>     Changes:        https://gitlab.freedesktop.org/xorg/xserver/-/compare/272e2915f...bdca6c3d1
> >>     Security:       CVE-2024-31080 CVE-2024-31081 CVE-2024-31082 CVE-2024-31083
> >>     (cherry picked from commit 0f0eaee14e697cff0101838139091e2c5d5a73bb)
> >
> >  This is not a cherry-pick, this is a direct commit to 2024Q1 as the
> > version differs between main and quarterly.
> 
> Fixing merge conflicts or build errors as part of rebasing cherry-picks doesn't
> require annotating in the commit message. Neither upstream nor downstream.

 This is not what happened here.

> Over the years I did lots of non-trivial rebases, mostly limited by QA.
> Other examples: wlroots -> wlroots-devel (2023Q4), sway -> sway-devel (2024Q1).
> 
> >  You should have noted in this commit that this was a direct commit and
> > that use used the backported patches applied upstream to the 23.2
> > branch of xwayland.
> 
> Only the last upstream commit was changed compared to the previous attempt.

 Yes, this is what should have been amended in the commit message, I
had to look at the repo to find this commit hash because it wasn't in
the merge request in comment in the Makefile. I shouldn't have to do
that.

> Unfortunately, my revert was 1 minute late, breaking /quarterly build
> which would make all binary packages that depend on xwayland-devel
> (e.g., sway, plasma5-kwin or arcan) to temporarily disappear.

 This is only because in your own selfishness you think that this is
JanBSD and not FreeBSD and thus impose everyone to use xwayland-devel
while xwayland is perfectly fine maintained. None of the mentionned
ports should depend on a -devel version.

> Note, 2024Q1 should have been EOL after 2024-04-01.


-- 
Emmanuel Vadot <manu@bidouilliste.com> <manu@freebsd.org>