From d0b2a94624c975eb902c22202d1358b85ea8370ef353403456c2598e49db9ab2 Mon Sep 17 00:00:00 2001 From: Stefan Dirsch Date: Wed, 25 Oct 2023 10:54:37 +0000 Subject: [PATCH] - Update to version 23.2.2 * This release contains the fix for CVE-2023-5367 in today's security advisory: https://lists.x.org/archives/xorg-announce/2023-October/003430.html Xwayland does not support multiple protocol screens (Zaphod) and is thus not affected by CVE-2023-5380. * Additionally, there is a change in the default behaviour of Xwayland: Since version 23.2.0 Xwayland (via liboeffis) automatically tries to connect to the XDG Desktop Portal's RemoteDesktop interface to obtain the EI socket. That socket is used to send XTest events to the compositor. * However, the connection to the session-wide Portal is unsuitable when Xwayland is running in a nested compositor. Xwayland cannot tell whether it's running on a nested compositor and to keep backwards compatibility with Xwayland prior to 23.2.0, Xwayland must now be started with "-enable-ei-portal" to connect to the portal. * Compositors (who typically spawn Xwayland rootless) must now pass this option to get the same behaviour as 23.2.x. * Finally, Xwayland now uses libbsd-overlay instead of libbsd. OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xwayland?expand=0&rev=60 --- xwayland-23.2.1.tar.xz | 3 --- xwayland-23.2.1.tar.xz.sig | Bin 95 -> 0 bytes xwayland-23.2.2.tar.xz | 3 +++ xwayland-23.2.2.tar.xz.sig | Bin 0 -> 95 bytes xwayland.changes | 22 ++++++++++++++++++++++ xwayland.keyring | Bin 2290 -> 9007 bytes xwayland.spec | 2 +- 7 files changed, 26 insertions(+), 4 deletions(-) delete mode 100644 xwayland-23.2.1.tar.xz delete mode 100644 xwayland-23.2.1.tar.xz.sig create mode 100644 xwayland-23.2.2.tar.xz create mode 100644 xwayland-23.2.2.tar.xz.sig diff --git a/xwayland-23.2.1.tar.xz b/xwayland-23.2.1.tar.xz deleted file mode 100644 index 1c54e1d..0000000 --- a/xwayland-23.2.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:eebc2692c3aa80617d78428bc6ec7b91b254a98214d2a70e997098503cd6ef90 -size 1298128 diff --git a/xwayland-23.2.1.tar.xz.sig b/xwayland-23.2.1.tar.xz.sig deleted file mode 100644 index 90bbbd29ad828e17bc04dbe6401674e6641705cd6b82c1e06b94645660bb6729..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 95 zcmeB(WnmCxVvrS6WJ$l%_9@B!=wI)xO0gmZx%=e2T^(4NQn}XYGjMSVz(lUMFw8Uj vWyw$)`M0jTs=xE1aA*Glrh*p?3%*3{adlkmHvja^Jx`Hj~ANI2{rCOAKXW-%#fQcA;GtBqs v>735pc}(S8nQao|hpSsGS^iou%;7El-*;8o{k_i%&l@#m*K;iQ1{VMTtn(-A literal 0 HcmV?d00001 diff --git a/xwayland.changes b/xwayland.changes index d41e424..6750086 100644 --- a/xwayland.changes +++ b/xwayland.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Wed Oct 25 10:39:17 UTC 2023 - Stefan Dirsch + +- Update to version 23.2.2 + * This release contains the fix for CVE-2023-5367 in today's security + advisory: https://lists.x.org/archives/xorg-announce/2023-October/003430.html + Xwayland does not support multiple protocol screens (Zaphod) and is thus + not affected by CVE-2023-5380. + * Additionally, there is a change in the default behaviour of Xwayland: + Since version 23.2.0 Xwayland (via liboeffis) automatically tries to + connect to the XDG Desktop Portal's RemoteDesktop interface to obtain + the EI socket. That socket is used to send XTest events to the + compositor. + * However, the connection to the session-wide Portal is unsuitable when + Xwayland is running in a nested compositor. Xwayland cannot tell whether + it's running on a nested compositor and to keep backwards compatibility + with Xwayland prior to 23.2.0, Xwayland must now be started with + "-enable-ei-portal" to connect to the portal. + * Compositors (who typically spawn Xwayland rootless) must now pass this + option to get the same behaviour as 23.2.x. + * Finally, Xwayland now uses libbsd-overlay instead of libbsd. + ------------------------------------------------------------------- Wed Sep 20 08:53:56 UTC 2023 - Stefan Dirsch diff --git a/xwayland.keyring b/xwayland.keyring index 779646aeaa220dcaa9c0d20c9f1fe36b28f19e0e1810e2d79c584922fb1e1f83..ec70e4407eb3c4cc4108baa127b6a008f3ca4cda84d40981d3c62351648dd67f 100644 GIT binary patch literal 9007 zcmbVyN3ZMZa^;-A;>`(zImmzq%sFSx7(|Msn4|dXoBN#W=Xa0McB40-!KOql)mN+1 zD*oHQ-G8hgDds zR!B3j8(fy*c$xTWlZPF7PGrTIP&R9BhqjA^uNh@pb>6VYSsWkdLo zCZeKRn*z0R1D&d%H2+|Jlo<%uK2c% z~vFgChePg;*s_Mh=bP zsFp>H1%TM3lFf>qH;{mGgT6DjG}VYB8Zj3Gmi4QUvb4S8s~B~ zNZ^Y6g?+wDBu0gOw#;{t7JWdaG#GY*C_^HMWb+|qxH5>Ax8^`IK@u9zF)65xQ^GzX z{F;=MaeTp17>!Xf=16pab1IoR6iIX{j&lZ`WfP7$1Wv95PQ)3J`G^D@DI({(JStZV zSGCTtZ!eCeSK%O4fOfd5!5BrnQiYlaM6tqY*ye}exMA>7m_gCjU>03D-F*j{5sHxC zOA}Se4A(2SvOp$@njJyyo!DejumK7BSZ|ts{-WvU zho1jCI|I%~OS^KE`w*Q!s5+ldM#Z<>!n=rP1EIJ38q(@^x!IL_-p#j{0WV2y+SWh~ zB%q*h6J?+=zQT27P$fP7qU!OtgZ;lTl>;P4_+RKsIg!Jao+5^R%6dGUz!aZg!aJ&I zf~o-6OPHS7k>L*cqSol3wRzYv-il_xRq6GcqnN+z#!Y&LOJC7PO;RgGlr-3e(E=zf zV+7WRv!&<14WF&ti!F5Mnt1wQTbU-7#_ZuBOIGjE?4off5_nLPF4sr+5>{xUd40y&~QDIl#~PFoU*aa?irNC z%z$Tpk*RwGUIS(oNf%O>JjeP)Z-HY~qPWs;)`^=q z^VIw?9%L<-)$w^Vm1r%B{$+z$B++njXs7H_f@qHq$uPjfi2F3YM!_XZ5k_Jg@@f=RqG_#$3s>=+-`Pp*FRpV-h^3LrtdtjGsSkSvD2{wu3)0J7x-O{i7RD#QX$C6o z#rM|0&Ui>_>OM;G^8jyx!V(~5M)1Xn1&g8x(*(+C7s1{m5 zVg-(2+P`uqedo^OpXnX=E5CE(ed&z~X>KDJ{nkg?j5vsDq?~x&!7MPn8^+=lkriZ; zpCsHkdc*VT3jvxb)xQEp6bZz;X~=MIGP%aiv|i&w&!kk`(=8r!URGb3SMB;RPPo5X zPlDXH5(HKom3wF3KV@u3&;vriYu!1zdNR6`Fb~6vf(kYnJfOdo_NojV)}8EY{d~{4 z7{LI*&?IR7Wu${+dgguVEOYd(_9@?#=vS;99m-DmP=sQ^LDOPv^I}Ef-B^WMZxwI^ zJWO83=>27ap(4PW!YIDM@JYUX(7PFA5>L1m+Vw(~fsb$Ip{FT5k_!%m?Q&s78UZsI ziFv***`yhLVr8Lf=OWLh2-TTXyoT?VGduP+y{{alLjGBsQFy#ehOE%iz+ewxAZt~g z_(Y(Jbax@wl_gL?W_`$r`m2S?Ip(gHP0~s3UW+boTm61tn*^IF`Wkyo1FW`_%kZ_z z95^^@-^jhOM9-wr*B6n1rwFNe$U>7^D=cQ6=VW|@*Qfkc_Z>z!fEnXj)y9~+;=G`7x1L;|>AgWEAl~~GJHRx!BBu8gYRy*OJawiN zA8_1cRNF57Il}pa(5bv$Mf%vjZTM)&x&B&}&DCjo(vk~IZ>I2_bC(`N*QvPT4|M;P zSTSG=;_T5X*Fp7ekxxwuK2p8Q&=p9@7214Yw8X)fKl~bgk-w@`HbgsC>ey1P-$ciiNDtO+XDVZSsWg@MK{mK3!`rGFPJgD9@b2L=v_GK0 z00tRQA?L~(RKHk+JFrHk`9V>_n5Y*wM0%<(4F|10)Ut3e6(&5>r7s@57-O!V(E?;_ zK<&L5KJ)#hXoMy5y2E`ht@^-|&RBM#a4_5_<_RxGRd)JWN) zeT_8~hlx0^=+~t3FDi=Bp4F070^&>JZ+`7s{+#* zg)&7u|Bm=Poxw-)Gvbf$N9(Gc4dS3GEnFpj#NmtYq6PDu1U6mkm~f9Ah0?E( z2?ci}wLJa7qEII2$}Xud22_OXV&@YM`e48gjO9D|45AWB+h=`e<_E(-iJ0IghZzZK zX+UVA>P04A{=zSnXbSY{4w>BH@}`s!{hd56Uv^3~%UMr-QxV;TsFGxvp7+3UbnOVZ zp6=#!#Pss)N2bH4f@q*~ATXNW%zk5-G^j}h%${aU$+hoIjtzo+Y#vOqAVb6g$x5S% z+&sM9Wu7 zO6EbIt2wxNNuUCRlQX4^T!Z8A;D-6*W0a@!oOQ`Dr;%FjPBRx=y)kq|@&M89akb^eGQ%I4wlNE6mnFTEqVzodq5zn>x1Tf4W=o=`YfB?^ z>T~@DgA1k8jZR2*`ML{{U}(n`vM1W<&KO7`{EU^#lS3FNr11Omk0usF_C*5CW9STh zc4=gO9QoHZSnr5W!IO$xInK{0$W{Sof1kz82@T*}=G5AbhS5k}9TmN&r0r=>i+76a zEWfec(BtvyL_}&4zT&Dmq)L!^m}8q91)c4j^-tB+vM*T_4U;apkRcoC}L3vE|-PMW39QQ=pMni-q(D zz}G1MGGPr|!w8|Q-wPhR=VfLSH+&Q1&%~Hty%9(egg<6E$=5AFlpo0V2bA>5x;;Fx z2F9(gxz&RX^!s;&Tc)9pUnU4x@Sc|zUmh5I-X;VF+PGQS1`*#hz$!DuRGTf)Zsc^_ zBV6uPt=@rxRw|TriHtRjDWQ8y@cIGp{?iK%^L!>Z!0m-w$AZg_Vi(-`7p6W8W=M9wpfiS7yuhEz17P+S% zdEtd)KHQ`45wDA8!)^LFOb!6UC`CYTIUaA!yZziw*4y<^(%W-tuGA--$|-@t1iET} z0Id9U1N;z)PUry|bbF{Tg1wJTkI1X)=HaFZO9-h#8k#=}cijdLu8`?hVKKy9)U`SA z@d=d0JQ6x;p@#Pd!q=RCnZTx``&r~y{7u~={sGu@B2PWKz$3>51kpA858-ojz+b}c(X3VYdH9SwvXUz()PDzH73=xi3(V@E%opaA^saNxO{7WDW@d^%1yLg; z!6TMcDwsU1XnhYJO}?t3k7Q3@=T0@RfUJI_K6qvPWBUWaI`2;FM=KKz#@eu0&l)WIVE(A#>Tzr4VA%rZ5epdqWl8$aPZqEsOz%{{F(C;(oq8j(S9Jny49xR-gVQKo87 zmrmqR00lSOi~zNSdi|A={t4hPg~;CkcQ~_R{cY~7B1g94g*R1&Ua3^J0I4_>O`gE% z3hndW+HC7qt%`6I_R`v~p829AeJ>%Vj-lb5{hGgs^e+fyjrJ2Fwyc+?XH%GK=kmAn`Mf4uN70Bx%L zCK4NA)DzR+5gsLhdLtworz?i}>cJOCp6hNkJK2f&nG?4OkvY5x59vk~og?E%=0Jkr z9MK2GqJJO^?e?oKaLW{JPiVzyefQ~~a7N}^iI%?T3p`f3oWMo~Zc zuwPyw;&;9n?lMQS9mcZWINXyK;60Zs;f}(zqCZSH>*lu!R;_w7msrA7sU^J+W?;{O?})R>of@C~_!W z7MYW}l1(?lXg$|FhL7AfWIVqcG>cMNkSvbxZNese-@^fJ4$Yi#@wD%`sE#GH(*L`k zA4c#yoC!qso3xbo5Y+Y?z=2<>`BA?@GlVfv`=J@s-@B=cjN(q)!!0g68`M8)%6!G2 zdjk>KEsr8J@<%MN(v|&HowX+><@&4Y7vzlZa4zle6$#KHuD#HnmYOF`?~+fpbsR3| zEuGj4GQr7-j~mtliiB#B;e2%a-^1BqCHP*V{L}^J9IKC@JgN=8mYbb&NdN`A#Q3-el45?ByrV>&o*X9?}^XnS!zD}=gqe%O#CrHo$gxXowT;H z15o0&c$B>##I}>%JyP{{_l}CkQrjlC-({~)0+3ya^6>|eQZ@bjCKAi_hnR8EX~N{I zzY*HvZP6y{Pvxh*7jRTJ#D+V)4oLb5wpVqFEiOZ_OF8Bp29SCWhh|&*q@_g8@0=$& zcRPRXK3h5Z&t8c+gL_40+?$<$uF3AxXdS#+K_J)Np4K7Q{i!+wrujxtft&444C%&a z3*&cnic{kjf?mpLjZdA$T=uity;oEAH@s_OE8i*L5QO{N878^aSw^yO_!mOih|bt2 z6zPZxcG#c|8DveE0y`D$407YGDd>P!$}Fw1N#eyuxj^(WB=7p`R#Vt@#nIj^JoM0n z=a7f~w4u05vZqwq2X*n_XXoh;@Bn>(o*vdaxRr}?X;`PI5{xh%4;LMKrOGTG5KEP#a$QssZ!e@~)~kss61zO1%EWt2$UMm2q#g?(NTCX5HPs@yo1! zuOaz6uHQmgty`l3!bppz0At37Nz`v`d1>gU5o-#@FMYIPL3mynl3kl!STBm@Juhq5 zTcIOvic{^(KLPZM#cwNHR)xdzPYo|;N%FpJHZ}AZHhHq#ZU0)HqU+a3B4LxH4$Qo_ zfZ0AOml@?iTom8PVjy;CU@-P8Zq6`!C>)5ZbBzn*{54QCyNjiCj7&+*g{EkbyAPdK znFuuX!2FIlUexczL=%@!OrH2{4>lqdHvN3Bv{c)dule$=0g*4?|HRb%&?7&&N2k}6 zEq)EW$pO?d@9GdG_jqB4ZPb$^%_d_#JUIcM?tXSL>B(2$D2TxLh$3bgamtgG-rC3s zz^!-2=q9S8Ll-s$S!GBSX4bO2<3Q5GP=s67YzeaI_)jMWCBHi0%#k~%Lr4Ho zjn7wKrs@_b#}D)nxMw?Cx5_2$gO43}az8(@va?z3f^zqA_cH@lcRvc@d*B!wU=Jm^CW8NX!ddsUnnFx@~>7z_N=j7{7T0s_2iir~p3 z4v8hrNo1gXQuWuc7h4749@15kD3NTa!&bwI#-rNPr^^SIA=~!ub4!dDw)ETSAI2&c6FuiJAtYOqoPa~QXm@GS?4}`& zncV0$Vu7U^7+#Wy`+p*RllD=Ezoswxz6>N_>3 z6RDgaIm0I&KtNYqYbB)`hmhbMem#XBg{Cy*QDbzzI zLE%)gd*C5muRjk4QC^-DwIHgu9xVncECdElf+ev$NCcc00)~o$;SeYW3;}^>)Ko$K>xQ60rkzs zmpTO5?O(TC1O-q03t+l*-C-A$JVU9pzqn?{8w3{jOmqcu;e5wCF5&{O2vl3=pO4DW zSuu@d(L8rqV0ZlNj5Z8`@B+nu17}q zn6T?2@WP?BThpA?pB%i<>onh85!J5)han{Fr2AlClRKSZJMi~Q9lZ)LFF6JyCe(t% z?et%D90j6V5xe=yubBkTX<#^YK92vT1HViP&_zM^hEKV#1tZMZ? zIEXKC8PkZRdF=`-eTn+~#E$&`j2tNru(H=ktY$j0`?SME+bu8kPVU_lF2K+`jMe-@ zeceDbasgCk_;^``DA>2B^YwtcupR#dzduibCcqjkitSx9fvRwkQw{{s>W0*`)3*St zIM3mTXf*m!gCUJz9(N<_)mZFI74|Q@_i%d$xcmD5ziBf}04CKV2j!iO!8Vr-{>u zA6TY00T$iQ%`AZPBB5L{q$(pss1VzN(yamWe_26hXgH86mDy>3Qk!V=Qj3B)uyC;S zb5ft)1>K0LYIw!FjF89-#AfyAwf7$bo}8N)Q>lbEm0666LDITY{O65C-<@xCowl8?kjmJyfE9W(Vk-DuP{#4aw{=%ao{ zH6(OPAcaS~#N^tRQ%agiSL&xK^KuPmG%X`*OSO*PS-){X;qFLp7fj_&>;nHuao}0qQa2vedE9`ySRePKmrgL@3x!6ItDMAb|O|jZN7Mg z&jBoxQy%rBl11epzkawhg30N3>Ppi^ICHv-5gO^w)NKR(%9FKXNgGXOJ&D3M4hcAi zQv4$_2_X>&=v>i1p8jT}FPOFNp(y8)%UtJ_b zE_1FSIXVI`R;c5rm(F;fDsHyQ)Cc}DcaFYF4mq)*s6BNA8-`bTYihQvBUWYcJ6Uw7 zechEBM}Fv?_na7$*=mlplx$dNNMprt{qc61ep^CsQ0s9vCLGg?@+Lo-q>G{-4XUfj zc9-_eES9Dk*vCgLqn5&t>DPP&wYrWmrVHzp4LvSd9i}-$#dfxd^xu6}!}}k1ZUewj vt*#$DQmn13rEN3ngOPaUa7HT+VBN8in$o^-+4qXsse56bPVOF)tqT7EY5IJt diff --git a/xwayland.spec b/xwayland.spec index e5a45b1..1e89290 100644 --- a/xwayland.spec +++ b/xwayland.spec @@ -24,7 +24,7 @@ %endif Name: xwayland -Version: 23.2.1 +Version: 23.2.2 Release: 0 URL: http://xorg.freedesktop.org Summary: Xwayland Xserver