Opened 6 months ago
Closed 6 months ago
#18772 closed enhancement (fixed)
xwayland-23.2.2
| Reported by: | Bruce Dubbs | Owned by: | Bruce Dubbs |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.1 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version.
Change History (3)
comment:1 by , 6 months ago
| Priority: | normal → elevated |
|---|
comment:2 by , 6 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:3 by , 6 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at commits
d239c12a xwayland-23.2.2. bd70c0b4 xorg-server-21.1.9.
Security advisories updated.
Note:
See TracTickets
for help on using tickets.
This release contains the fix for CVE-2023-5367 in today's security advisory: https://lists.x.org/archives/xorg-announce/2023-October/003430.html Xwayland does not support multiple protocol screens (Zaphod) and is thus not affected by CVE-2023-5380.
Additionally, there is a change in the default behaviour of Xwayland: Since version 23.2.0 Xwayland (via liboeffis) automatically tries to connect to the XDG Desktop Portal's RemoteDesktop interface to obtain the EI socket. That socket is used to send XTest events to the compositor.
However, the connection to the session-wide Portal is unsuitable when Xwayland is running in a nested compositor. Xwayland cannot tell whether it's running on a nested compositor and to keep backwards compatibility with Xwayland prior to 23.2.0, Xwayland must now be started with "-enable-ei-portal" to connect to the portal.
Compositors (who typically spawn Xwayland rootless) must now pass this option to get the same behaviour as 23.2.x.
Finally, Xwayland now uses libbsd-overlay instead of libbsd.