SUSE-SU-2024:2776-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2024/suse-su-20242776-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:2776-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2024:2776-1
Related
Published
2024-08-06T12:33:59Z
Modified
2024-08-06T12:33:59Z
Summary
Security update for dri3proto, presentproto, wayland-protocols, xwayland
Details

This update for dri3proto, presentproto, wayland-protocols, xwayland fixes the following issues:

Changes in presentproto:

  • update to version 1.4 (patch generated from xorgproto-2024.1 sources)

Changes in wayland-protocols:

  • Update to version 1.36:

    • xdg-dialog: fix missing namespace in protocol name

  • Changes from version 1.35:

    • cursor-shape-v1: Does not advertises the list of supported cursors
    • xdg-shell: add missing enum attribute to setconstraintadjustment
    • xdg-shell: recommend against drawing decorations when tiled
    • tablet-v2: mark as stable
    • staging: add alpha-modifier protocol

  • Update to 1.36

    • Fix to the xdg dialog protocol
    • tablet-v2 protocol is now stable
    • alpha-modifier: new protocol
    • Bug fix to the cursor shape documentation
    • The xdg-shell protocol now also explicitly recommends against drawing decorations outside of the window geometry when tiled

  • Update to 1.34:

    • xdg-dialog: new protocol
    • xdg-toplevel-drag: new protocol
    • Fix typo in ext-foreign-toplevel-list-v1
    • tablet-v2: clarify that name/id events are optional
    • linux-drm-syncobj-v1: new protocol
    • linux-explicit-synchronization-v1: add linux-drm-syncobj note

  • Update to version 1.33:

    • xdg-shell: Clarify what a toplevel by default includes
    • linux-dmabuf: sync changes from unstable to stable
    • linux-dmabuf: require all planes to use the same modifier
    • presentation-time: stop referring to Linux/glibc
    • security-context-v1: Make sandbox engine names use reverse-DNS
    • xdg-decoration: remove ambiguous wording in configure event
    • xdg-decoration: fix configure event summary
    • linux-dmabuf: mark as stable
    • linux-dmabuf: add note about implicit sync
    • security-context-v1: Document what can be done with the open sockets
    • security-context-v1: Document out of band metadata for flatpak

Changes in dri3proto:

  • update to version 1.4 (patch generated from xorgproto-2024.1 sources)

Changes in xwayland:

  • Update to bugfix release 24.1.1 for the current stable 24.1 branch of Xwayland

    • xwayland: fix segment fault in xwl_glamor_gbm_init_main_dev
    • os: Explicitly include X11/Xmd.h for CARD32 definition to fix building on i686
    • present: On *BSD, epoll-shim is needed to emulate eventfd()
    • xwayland: Stop on first unmapped child
    • xwayland/window-buffers: Promote xwlwindowbuffer
    • xwayland/window-buffers: Add xwlwindowbuffer_release()
    • xwayland/glamor/gbm: Copy explicit sync code to GLAMOR/GBM
    • xwayland/window-buffers: Use synchronization from GLAMOR/GBM
    • xwayland/window-buffers: Do not always set syncpnts
    • xwayland/window-buffers: Move code to submit pixmaps
    • xwayland/window-buffers: Set syncpnts for all pixmaps
    • xwayland: Move xwl_window disposal to its own function
    • xwayland: Make sure we do not leak xwl_window on destroy
    • wayland/window-buffers: Move buffer disposal to its own function
    • xwayland/window-buffers: optionally force disposal
    • wayland: Force disposal of windows buffers for root on destroy
    • xwayland: Check for pointer in xwlseatleave_ptr()
    • xwayland: remove includedir from pkgconfig

  • disable DPMS on sle15 due to missing proto package

  • Update to feature release 24.1.0

    • This fixes a couple of regressions introduced in the previous release candidate versions along with a fix for XTEST emulation with EI.
      • xwayland: Send eideviceframe on devicescrolldiscrete
      • xwayland: Restore the ResizeWindow handler
      • xwayland: Handle rootful resize in ResizeWindow
      • xwayland: Move XRandR emulation to the ResizeWindow hook
      • xwayland: Use correct xwlwindow lookup function in xwlset_shape

  • eglstreams has been dropped

  • Update to bug fix relesae 23.2.7

    • m4: drop autoconf leftovers
    • xwayland: Send eideviceframe on devicescrolldiscrete
    • xwayland: Call drmFreeDevice for dma-buf default feedback
    • xwayland: Use drmDevicesEqual in xwldmabuffeedbacktranchedone
    • dri3: Free formats in cacheformatsand_modifiers
    • xwayland/glamor: Handle depth 15 in gbmformatfor_depth
    • Revert 'xwayland/glamor: Avoid implicit redirection with depth 32 parent windows'
    • xwayland: Check for outputs before lease devices
    • xwayland: Do not remove output on withdraw if leased

  • Update to 23.2.6

    • This is a quick bug fix release to address a regression introduced by the fix for CVE-2024-31083 in xwayland-23.2.5.

  • Security update 23.2.5

    This release contains the 3 security fixes that actually apply to Xwayland reported in the security advisory of April 3rd 2024

    • CVE-2024-31080
    • CVE-2024-31081
    • CVE-2024-31083

    Additionally, it also contains a couple of other fixes, a copy/paste error in the DeviceStateNotify event and a fix to enable buttons with pointer gestures for backward compatibility with legacy X11 clients.

  • Don't provide xorg-x11-server-source

    • xwayland sources are not meant for a generic server.
References

Affected packages

SUSE:Linux Enterprise Module for Development Tools 15 SP5 / dri3proto

Package

Name
dri3proto
Purl
pkg:rpm/suse/dri3proto&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2-150100.6.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "dri3proto-devel": "1.2-150100.6.3.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Development Tools 15 SP6 / dri3proto

Package

Name
dri3proto
Purl
pkg:rpm/suse/dri3proto&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2-150100.6.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "presentproto-devel": "1.3-150600.3.3.1",
            "dri3proto-devel": "1.2-150100.6.3.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Development Tools 15 SP6 / presentproto

Package

Name
presentproto
Purl
pkg:rpm/suse/presentproto&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3-150600.3.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "presentproto-devel": "1.3-150600.3.3.1",
            "dri3proto-devel": "1.2-150100.6.3.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Package Hub 15 SP6 / wayland-protocols

Package

Name
wayland-protocols
Purl
pkg:rpm/suse/wayland-protocols&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.36-150600.4.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "wayland-protocols-devel": "1.36-150600.4.3.1"
        }
    ]
}

SUSE:Linux Enterprise Workstation Extension 15 SP6 / xwayland

Package

Name
xwayland
Purl
pkg:rpm/suse/xwayland&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.1.1-150600.5.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "xwayland": "24.1.1-150600.5.3.1"
        }
    ]
}

openSUSE:Leap 15.5 / dri3proto

Package

Name
dri3proto
Purl
pkg:rpm/opensuse/dri3proto&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2-150100.6.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "dri3proto-devel": "1.2-150100.6.3.1"
        }
    ]
}

openSUSE:Leap 15.6 / dri3proto

Package

Name
dri3proto
Purl
pkg:rpm/opensuse/dri3proto&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2-150100.6.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "xwayland-devel": "24.1.1-150600.5.3.1",
            "presentproto-devel": "1.3-150600.3.3.1",
            "wayland-protocols-devel": "1.36-150600.4.3.1",
            "xwayland": "24.1.1-150600.5.3.1",
            "dri3proto-devel": "1.2-150100.6.3.1"
        }
    ]
}

openSUSE:Leap 15.6 / presentproto

Package

Name
presentproto
Purl
pkg:rpm/opensuse/presentproto&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3-150600.3.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "xwayland-devel": "24.1.1-150600.5.3.1",
            "presentproto-devel": "1.3-150600.3.3.1",
            "wayland-protocols-devel": "1.36-150600.4.3.1",
            "xwayland": "24.1.1-150600.5.3.1",
            "dri3proto-devel": "1.2-150100.6.3.1"
        }
    ]
}

openSUSE:Leap 15.6 / wayland-protocols

Package

Name
wayland-protocols
Purl
pkg:rpm/opensuse/wayland-protocols&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.36-150600.4.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "xwayland-devel": "24.1.1-150600.5.3.1",
            "presentproto-devel": "1.3-150600.3.3.1",
            "wayland-protocols-devel": "1.36-150600.4.3.1",
            "xwayland": "24.1.1-150600.5.3.1",
            "dri3proto-devel": "1.2-150100.6.3.1"
        }
    ]
}

openSUSE:Leap 15.6 / xwayland

Package

Name
xwayland
Purl
pkg:rpm/opensuse/xwayland&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.1.1-150600.5.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "xwayland-devel": "24.1.1-150600.5.3.1",
            "presentproto-devel": "1.3-150600.3.3.1",
            "wayland-protocols-devel": "1.36-150600.4.3.1",
            "xwayland": "24.1.1-150600.5.3.1",
            "dri3proto-devel": "1.2-150100.6.3.1"
        }
    ]
}