SUSE-SU-2024%3A2776-1
This update for dri3proto, presentproto, wayland-protocols, xwayland fixes the following issues: Changes in presentproto: * update to version 1.4 (patch generated from xorgproto-2024.1 sources) Changes in wayland-protocols: - Update to version 1.36: * xdg-dialog: fix missing namespace in protocol name - Changes from version 1.35: * cursor-shape-v1: Does not advertises the list of supported cursors * xdg-shell: add missing enum attribute to set_constraint_adjustment * xdg-shell: recommend against drawing decorations when tiled * tablet-v2: mark as stable * staging: add alpha-modifier protocol - Update to 1.36 * Fix to the xdg dialog protocol * tablet-v2 protocol is now stable * alpha-modifier: new protocol * Bug fix to the cursor shape documentation * The xdg-shell protocol now also explicitly recommends against drawing decorations outside of the window geometry when tiled - Update to 1.34: * xdg-dialog: new protocol * xdg-toplevel-drag: new protocol * Fix typo in ext-foreign-toplevel-list-v1 * tablet-v2: clarify that name/id events are optional * linux-drm-syncobj-v1: new protocol * linux-explicit-synchronization-v1: add linux-drm-syncobj note - Update to version 1.33: * xdg-shell: Clarify what a toplevel by default includes * linux-dmabuf: sync changes from unstable to stable * linux-dmabuf: require all planes to use the same modifier * presentation-time: stop referring to Linux/glibc * security-context-v1: Make sandbox engine names use reverse-DNS * xdg-decoration: remove ambiguous wording in configure event * xdg-decoration: fix configure event summary * linux-dmabuf: mark as stable * linux-dmabuf: add note about implicit sync * security-context-v1: Document what can be done with the open sockets * security-context-v1: Document out of band metadata for flatpak Changes in dri3proto: * update to version 1.4 (patch generated from xorgproto-2024.1 sources) Changes in xwayland: - Update to bugfix release 24.1.1 for the current stable 24.1 branch of Xwayland * xwayland: fix segment fault in `xwl_glamor_gbm_init_main_dev` * os: Explicitly include X11/Xmd.h for CARD32 definition to fix building on i686 * present: On *BSD, epoll-shim is needed to emulate eventfd() * xwayland: Stop on first unmapped child * xwayland/window-buffers: Promote xwl_window_buffer * xwayland/window-buffers: Add xwl_window_buffer_release() * xwayland/glamor/gbm: Copy explicit sync code to GLAMOR/GBM * xwayland/window-buffers: Use synchronization from GLAMOR/GBM * xwayland/window-buffers: Do not always set syncpnts * xwayland/window-buffers: Move code to submit pixmaps * xwayland/window-buffers: Set syncpnts for all pixmaps * xwayland: Move xwl_window disposal to its own function * xwayland: Make sure we do not leak xwl_window on destroy * wayland/window-buffers: Move buffer disposal to its own function * xwayland/window-buffers: optionally force disposal * wayland: Force disposal of windows buffers for root on destroy * xwayland: Check for pointer in xwl_seat_leave_ptr() * xwayland: remove includedir from pkgconfig - disable DPMS on sle15 due to missing proto package - Update to feature release 24.1.0 * This fixes a couple of regressions introduced in the previous release candidate versions along with a fix for XTEST emulation with EI. + xwayland: Send ei_device_frame on device_scroll_discrete + xwayland: Restore the ResizeWindow handler + xwayland: Handle rootful resize in ResizeWindow + xwayland: Move XRandR emulation to the ResizeWindow hook + xwayland: Use correct xwl_window lookup function in xwl_set_shape - eglstreams has been dropped - Update to bug fix relesae 23.2.7 * m4: drop autoconf leftovers * xwayland: Send ei_device_frame on device_scroll_discrete * xwayland: Call drmFreeDevice for dma-buf default feedback * xwayland: Use drmDevicesEqual in xwl_dmabuf_feedback_tranche_done * dri3: Free formats in cache_formats_and_modifiers * xwayland/glamor: Handle depth 15 in gbm_format_for_depth * Revert 'xwayland/glamor: Avoid implicit redirection with depth 32 parent windows' * xwayland: Check for outputs before lease devices * xwayland: Do not remove output on withdraw if leased - Update to 23.2.6 * This is a quick bug fix release to address a regression introduced by the fix for CVE-2024-31083 in xwayland-23.2.5. - Security update 23.2.5 This release contains the 3 security fixes that actually apply to Xwayland reported in the security advisory of April 3rd 2024 * CVE-2024-31080 * CVE-2024-31081 * CVE-2024-31083 Additionally, it also contains a couple of other fixes, a copy/paste error in the DeviceStateNotify event and a fix to enable buttons with pointer gestures for backward compatibility with legacy X11 clients. - Don't provide xorg-x11-server-source * xwayland sources are not meant for a generic server.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| wayland | ||
| xwayland | ||
| dri3proto | ||
| presentproto |
Timeline
- Aug 6, 2024 CVE Published
References
- https://bugzilla.suse.com/1222442 advisory
- https://www.suse.com/support/security/rating/ url
- https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_2776-1.json advisory
- https://www.suse.com/support/update/announcement/2024/suse-su-20242776-1/ advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-August/019222.html advisory
- https://bugzilla.suse.com/1219892 advisory
- https://bugzilla.suse.com/1222309 advisory
- https://bugzilla.suse.com/1222310 advisory
- https://bugzilla.suse.com/1222312 advisory
- https://www.suse.com/security/cve/CVE-2024-31080/ advisory
- https://www.suse.com/security/cve/CVE-2024-31081/ advisory
- https://www.suse.com/security/cve/CVE-2024-31083/ advisory