Request 1120261: Submit xwayland - openSUSE Build Service

This request supersedes: request 1120228 (Show diff)

Overview

Request 1120261 accepted

- Update to version 23.2.2
* This release contains the fix for CVE-2023-5367 and CVE-2023-5574
in today's security advisory:
https://lists.x.org/archives/xorg-announce/2023-October/003430.html
Xwayland does not support multiple protocol screens (Zaphod) and is thus
not affected by CVE-2023-5380.
* Additionally, there is a change in the default behaviour of Xwayland:
Since version 23.2.0 Xwayland (via liboeffis) automatically tries to
connect to the XDG Desktop Portal's RemoteDesktop interface to obtain
the EI socket. That socket is used to send XTest events to the
compositor.
* However, the connection to the session-wide Portal is unsuitable when
Xwayland is running in a nested compositor. Xwayland cannot tell whether
it's running on a nested compositor and to keep backwards compatibility
with Xwayland prior to 23.2.0, Xwayland must now be started with
"-enable-ei-portal" to connect to the portal.
* Compositors (who typically spawn Xwayland rootless) must now pass this
option to get the same behaviour as 23.2.x.
* Finally, Xwayland now uses libbsd-overlay instead of libbsd.

Created by sndirsch 7 months ago
In state accepted
Supersedes 1120228

Submit xwayland

Comments for request 1120261 0

Login required, please login in order to comment

Request History

sndirsch created request 7 months ago

- Update to version 23.2.2
* This release contains the fix for CVE-2023-5367 and CVE-2023-5574
in today's security advisory:
https://lists.x.org/archives/xorg-announce/2023-October/003430.html
Xwayland does not support multiple protocol screens (Zaphod) and is thus
not affected by CVE-2023-5380.
* Additionally, there is a change in the default behaviour of Xwayland:
Since version 23.2.0 Xwayland (via liboeffis) automatically tries to
connect to the XDG Desktop Portal's RemoteDesktop interface to obtain
the EI socket. That socket is used to send XTest events to the
compositor.
* However, the connection to the session-wide Portal is unsuitable when
Xwayland is running in a nested compositor. Xwayland cannot tell whether
it's running on a nested compositor and to keep backwards compatibility
with Xwayland prior to 23.2.0, Xwayland must now be started with
"-enable-ei-portal" to connect to the portal.
* Compositors (who typically spawn Xwayland rootless) must now pass this
option to get the same behaviour as 23.2.x.
* Finally, Xwayland now uses libbsd-overlay instead of libbsd.

factory-auto added opensuse-review-team as a reviewer 7 months ago

Please review sources

factory-auto accepted review 7 months ago

Check script succeeded

anag+factory set openSUSE:Factory:Staging:D as a staging project 7 months ago

Being evaluated by staging project "openSUSE:Factory:Staging:D"

anag+factory accepted review 7 months ago

Picked "openSUSE:Factory:Staging:D"

licensedigger accepted review 7 months ago

ok

darix accepted review 7 months ago

Accepted review for by_group opensuse-review-team request 1120261 from user anag+factory

anag+factory accepted review 7 months ago

Staging Project openSUSE:Factory:Staging:D got accepted.

anag+factory approved review 7 months ago

Staging Project openSUSE:Factory:Staging:D got accepted.

anag+factory accepted request 7 months ago

Staging Project openSUSE:Factory:Staging:D got accepted.

openSUSE Build Service is sponsored by