Re: git: 77f72c463b90 - 2024Q1 - x11-servers/xwayland-devel: backport recent secfixes

From: Emmanuel Vadot <>
Date: Thu, 04 Apr 2024 15:42:08 UTC
On Thu, 04 Apr 2024 16:47:09 +0200
Jan Beich <> wrote:

> Baptiste Daroussin <> writes:
> > On Thu 04 Apr 15:48, Jan Beich wrote:
> >
> >> Emmanuel Vadot <> writes:
> >> 
> >> >> but also introduced a number of regressions that
> >> >> don't exist in my port, all of which were documented in my reviews.
> >> >
> >> >  What regressions ? I'm using xwayland for more than a year on my
> >> > desktop instead of -devel and haven't seen a problem.
> >> 
> >> Try diff xwayland{,-devel}/Makefile:
> >> - Missing XSECURITY (ssh -X vs. ssh -Y; xorg-server parity per bug 221984)
> >> - Missing XDMCP (xorg-server parity, maybe used with rootful Xwayland and GUI login managers)
> >> - Missing XTEST input emulation (XDG Portal API, required by GNOME, Plasma and maybe rootful Xwayland)
> >> - Missing CSD for rootful (mainly for GNOME, optional even if preferred elsewhere)

 All those options could be added. The main reason that they are not is
that x11-server/xwayland isn't used by anyone but me as it requires
patching ports to use it. So obviously if they aren't needed for my
case no one will stand up and ask for them to be enabled.
 Another way to view this is that you enabled all those options without
consulting anyone, why would you you might ask, it's your port ? Well
yes but since this port is forced to be used by everyone enabling
option and dependencies should be a concensus between multiple users.
 For some, (like XSECURITY) you've explained in the commit message so
that's good at least. Other like CSD was enabled without anything in
the commit message except that this was an update, this is not good.

> >> - Broken on DragonFly due to forcing -Dsha1 (already default after I've fixed upstream bug years ago)

 I don't care about Dragonfly, they are grown ups and can manage their
own ports.

> >> - Redundant -Dglamor, -Dipv6, -Dxkb_*, libEGL dependency

 I'll fix those if that's the case.

> >
> > Those feature are not present as well in non of the Xwayland used in production
> > in linux distributions.
> How did you check? I see
> * -Dxcsecurity=true (XCSECURITY) in Arch, Fedora, Alpine, Gentoo recipes
> * libXdmcp (XDMCP) being used on Fedora and Gentoo 
> * libei (XTEST) being used on Fedora and Gentoo
> * libdecor (CSD) being used on Fedora
> > They are in development, and that is what -devel is for, you can test in
> > advance, but this is not needed for production
> That's reasonable if not for the above bugs shrugged off under
> "works for me" blanket aka "maintainer's discretion".

 Lol, very bold of you to say this as all your ports forced on others
follow your views.

 I think that you should fork the ports tree to JanPorts, do your stuff
there and for the FreeBSD ports tree please start engaging discussion
with the community, you are not alone.


> > Even linux distros are not including those patches, beside them being more
> > mainstream for Wayland than we are.
> Do you mean HiDPI patches? Plasma and Hyprland implemented their own
> scaling while the rest rely on buggy workarounds. I'll probably drop
> the patches if I can't manage to rebase after upstream rootful HiDPI.
> To reduce POLA violation this was postponed until 2024Q2 branches.
> IIRC, one Arch-based distro included HiDPI patches and old version of
> Hyprland used to bundle those via Nix flake.

Emmanuel Vadot <> <>