Date: Fri, 5 Apr 2024 10:41:11 +0200 From: Emmanuel Vadot <manu@bidouilliste.com> To: Jan Beich <jbeich@FreeBSD.org> Cc: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org Subject: Re: git: 77f72c463b90 - 2024Q1 - x11-servers/xwayland-devel: backport recent secfixes Message-ID: <20240405104111.9d9263dfe7ce99a01d620ab3@bidouilliste.com> In-Reply-To: <wmpd-fdbs-wny@FreeBSD.org> References: <202404040955.4349tDrM089062@gitrepo.freebsd.org> <20240404125743.1e52876a69053b726cb456e4@bidouilliste.com> <8r1t-ny0j-wny@FreeBSD.org> <20240404141239.35d54535539b66cd6336ee5b@bidouilliste.com> <7chd-l2ru-wny@FreeBSD.org> <20240404151554.04340786db8562e522f7b1a8@bidouilliste.com> <wmpd-fdbs-wny@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 04 Apr 2024 15:48:55 +0200 Jan Beich <jbeich@FreeBSD.org> wrote: > Emmanuel Vadot <manu@bidouilliste.com> writes: > > >> but also introduced a number of regressions that > >> don't exist in my port, all of which were documented in my reviews. > > > > What regressions ? I'm using xwayland for more than a year on my > > desktop instead of -devel and haven't seen a problem. > > Try diff xwayland{,-devel}/Makefile: > - Missing XSECURITY (ssh -X vs. ssh -Y; xorg-server parity per bug 221984) I admit that I'm a bit lost on this one, I did some test and here is what I found : - Using sway and xwayland (so without xcsecurity enabled) I can't ssh -X to a xorg host and run applications (DISPLAY is not set), but I can ssh -Y fine - If I enable xcsecurity for xwayland behavior is exactly the same (i.e. -X doesn't work, -Y does). - I've confirmed that -X works from another xorg host So what I did next was to recompile xorg-server with xcsecurity set to false. And to my surprise ssh -X from a xorg host to the one with the modified xorg-server still worked. xcsecurity was added in 2018 via PR 221984 which states that it fixes -X, and that doesn't seems to be the case, xcsecurity doesn't seems to be related to X11 forwarding but something for grouping client so they can't access to each other or something (see https://www.x.org/wiki/Development/Documentation/Security/#index2h2 for more info). xcsecurity is disabled by default in xorg-server upstream (in meson) and I think that we should do the same (granted that XACE works correctly). The TLDR is that this has nothing to do with X11 forwarding and that I think that not enabling this option in xwayland (and in -devel too) is a good thing, one of the benefit of wayland is to drop the old X11 crappy model. > - Missing XDMCP (xorg-server parity, maybe used with rootful Xwayland and GUI login managers) I've lost 2 hours looking at xcsecurity so unless you can prove to me that this option is good to have enabled (and explained what it does exactly) I won't look into it for now. > - Missing XTEST input emulation (XDG Portal API, required by GNOME, Plasma and maybe rootful Xwayland) > - Missing CSD for rootful (mainly for GNOME, optional even if preferred elsewhere) I do agree that both should be enabled, bapt@ started a patch and I've asked him to wait so I could have a look at XCSECURITY before. > - Broken on DragonFly due to forcing -Dsha1 (already default after I've fixed upstream bug years ago) > - Redundant -Dglamor, -Dipv6, -Dxkb_*, libEGL dependency Cheers, -- Emmanuel Vadot <manu@bidouilliste.com> <manu@freebsd.org>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20240405104111.9d9263dfe7ce99a01d620ab3>