This release contains two important bugfixes:

- libseat could end up not servicing seat enable/disable events if they
  were received immediately after a response, leading to the session
  deadlocking in a deactivated state.

- Some protocol strings lacked validation of the NULL termination
  requirement.

  In seatd, this could lead to reading a fixed bit of stack memory past
  the end of the string as being part of it. seatd memory does not
  contain any secrets, and the resulting garbage string just leads to an
  early error.

  In libseat, a malicious seatd server could cause heap memory
  corruption in the display server using it, but doing so requires
  extensive pre-existing control of the system, such as controlling the
  display server execution and its environment, having filesystem
  access and having the ability to execute a malicious binary.

In addition, it contains the version number bump which had sadly failed
to make its way into the 0.9.0 tag.

Kenny Levinsen (7):
      Bump version to 0.9.0
      libseat/seatd: Remove read_and_execute
      libseat/seatd: Read remaining events after processing responses
      libseat/seatd: Cleanup of request error handling
      libseat/seatd: Set EINVAL if target session is invalid
      libseat/seatd: Set backend error if poll fails
      Bump version to 0.9.1

Martin Michaelis (2):
      seatd: Add validation of device path libseat/seatd: Add validation of seat_name
      seatd: Add strict message size comparison