Security update for dri3proto, presentproto, wayland-protocols, xwayland

Announcement ID: SUSE-SU-2024:2776-1
Rating: moderate
References:
Cross-References:
CVSS scores:
  • CVE-2024-31080 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
  • CVE-2024-31081 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
  • CVE-2024-31083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
  • Development Tools Module 15-SP5
  • Development Tools Module 15-SP6
  • openSUSE Leap 15.5
  • openSUSE Leap 15.6
  • SUSE Linux Enterprise Desktop 15 SP5
  • SUSE Linux Enterprise Desktop 15 SP6
  • SUSE Linux Enterprise High Performance Computing 15 SP5
  • SUSE Linux Enterprise Real Time 15 SP5
  • SUSE Linux Enterprise Real Time 15 SP6
  • SUSE Linux Enterprise Server 15 SP5
  • SUSE Linux Enterprise Server 15 SP6
  • SUSE Linux Enterprise Server for SAP Applications 15 SP5
  • SUSE Linux Enterprise Server for SAP Applications 15 SP6
  • SUSE Linux Enterprise Workstation Extension 15 SP6
  • SUSE Package Hub 15 15-SP6

An update that solves three vulnerabilities, contains one feature and has two security fixes can now be installed.

Description:

This update for dri3proto, presentproto, wayland-protocols, xwayland fixes the following issues:

Changes in presentproto:

  • update to version 1.4 (patch generated from xorgproto-2024.1 sources)

Changes in wayland-protocols:

  • Update to version 1.36:

  • xdg-dialog: fix missing namespace in protocol name

  • Changes from version 1.35:

  • cursor-shape-v1: Does not advertises the list of supported cursors

  • xdg-shell: add missing enum attribute to set_constraint_adjustment
  • xdg-shell: recommend against drawing decorations when tiled
  • tablet-v2: mark as stable

  • staging: add alpha-modifier protocol

  • Update to 1.36

  • Fix to the xdg dialog protocol

  • tablet-v2 protocol is now stable
  • alpha-modifier: new protocol
  • Bug fix to the cursor shape documentation

  • The xdg-shell protocol now also explicitly recommends against drawing decorations outside of the window geometry when tiled

  • Update to 1.34:

  • xdg-dialog: new protocol

  • xdg-toplevel-drag: new protocol
  • Fix typo in ext-foreign-toplevel-list-v1
  • tablet-v2: clarify that name/id events are optional
  • linux-drm-syncobj-v1: new protocol

  • linux-explicit-synchronization-v1: add linux-drm-syncobj note

  • Update to version 1.33:

  • xdg-shell: Clarify what a toplevel by default includes

  • linux-dmabuf: sync changes from unstable to stable
  • linux-dmabuf: require all planes to use the same modifier
  • presentation-time: stop referring to Linux/glibc
  • security-context-v1: Make sandbox engine names use reverse-DNS
  • xdg-decoration: remove ambiguous wording in configure event
  • xdg-decoration: fix configure event summary
  • linux-dmabuf: mark as stable
  • linux-dmabuf: add note about implicit sync
  • security-context-v1: Document what can be done with the open sockets
  • security-context-v1: Document out of band metadata for flatpak

Changes in dri3proto:

  • update to version 1.4 (patch generated from xorgproto-2024.1 sources)

Changes in xwayland:

  • Update to bugfix release 24.1.1 for the current stable 24.1 branch of Xwayland

  • xwayland: fix segment fault in xwl_glamor_gbm_init_main_dev

  • os: Explicitly include X11/Xmd.h for CARD32 definition to fix building on i686
  • present: On *BSD, epoll-shim is needed to emulate eventfd()
  • xwayland: Stop on first unmapped child
  • xwayland/window-buffers: Promote xwl_window_buffer
  • xwayland/window-buffers: Add xwl_window_buffer_release()
  • xwayland/glamor/gbm: Copy explicit sync code to GLAMOR/GBM
  • xwayland/window-buffers: Use synchronization from GLAMOR/GBM
  • xwayland/window-buffers: Do not always set syncpnts
  • xwayland/window-buffers: Move code to submit pixmaps
  • xwayland/window-buffers: Set syncpnts for all pixmaps
  • xwayland: Move xwl_window disposal to its own function
  • xwayland: Make sure we do not leak xwl_window on destroy
  • wayland/window-buffers: Move buffer disposal to its own function
  • xwayland/window-buffers: optionally force disposal
  • wayland: Force disposal of windows buffers for root on destroy
  • xwayland: Check for pointer in xwl_seat_leave_ptr()

  • xwayland: remove includedir from pkgconfig

  • disable DPMS on sle15 due to missing proto package

  • Update to feature release 24.1.0

  • This fixes a couple of regressions introduced in the previous release candidate versions along with a fix for XTEST emulation with EI.
    • xwayland: Send ei_device_frame on device_scroll_discrete
    • xwayland: Restore the ResizeWindow handler
    • xwayland: Handle rootful resize in ResizeWindow
    • xwayland: Move XRandR emulation to the ResizeWindow hook
    • xwayland: Use correct xwl_window lookup function in xwl_set_shape

  • eglstreams has been dropped

  • Update to bug fix relesae 23.2.7

  • m4: drop autoconf leftovers
  • xwayland: Send ei_device_frame on device_scroll_discrete
  • xwayland: Call drmFreeDevice for dma-buf default feedback
  • xwayland: Use drmDevicesEqual in xwl_dmabuf_feedback_tranche_done
  • dri3: Free formats in cache_formats_and_modifiers
  • xwayland/glamor: Handle depth 15 in gbm_format_for_depth
  • Revert "xwayland/glamor: Avoid implicit redirection with depth 32 parent windows"
  • xwayland: Check for outputs before lease devices

  • xwayland: Do not remove output on withdraw if leased

  • Update to 23.2.6

  • This is a quick bug fix release to address a regression introduced by the fix for CVE-2024-31083 in xwayland-23.2.5.

  • Security update 23.2.5

This release contains the 3 security fixes that actually apply to Xwayland reported in the security advisory of April 3rd 2024

  • CVE-2024-31080
  • CVE-2024-31081
  • CVE-2024-31083

Additionally, it also contains a couple of other fixes, a copy/paste error in the DeviceStateNotify event and a fix to enable buttons with pointer gestures for backward compatibility with legacy X11 clients.

  • Don't provide xorg-x11-server-source
  • xwayland sources are not meant for a generic server.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.6
    zypper in -t patch SUSE-2024-2776=1 openSUSE-SLE-15.6-2024-2776=1
  • openSUSE Leap 15.5
    zypper in -t patch openSUSE-SLE-15.5-2024-2776=1
  • Development Tools Module 15-SP5
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-2776=1
  • Development Tools Module 15-SP6
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-2776=1
  • SUSE Package Hub 15 15-SP6
    zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-2776=1
  • SUSE Linux Enterprise Workstation Extension 15 SP6
    zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2024-2776=1

Package List:

  • openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
    • xwayland-devel-24.1.1-150600.5.3.1
    • xwayland-debuginfo-24.1.1-150600.5.3.1
    • xwayland-debugsource-24.1.1-150600.5.3.1
    • xwayland-24.1.1-150600.5.3.1
    • presentproto-devel-1.3-150600.3.3.1
  • openSUSE Leap 15.6 (noarch)
    • wayland-protocols-devel-1.36-150600.4.3.1
  • openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
    • dri3proto-devel-1.2-150100.6.3.1
  • openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
    • dri3proto-devel-1.2-150100.6.3.1
  • Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
    • dri3proto-devel-1.2-150100.6.3.1
  • Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
    • dri3proto-devel-1.2-150100.6.3.1
    • presentproto-devel-1.3-150600.3.3.1
  • SUSE Package Hub 15 15-SP6 (noarch)
    • wayland-protocols-devel-1.36-150600.4.3.1
  • SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64)
    • xwayland-debugsource-24.1.1-150600.5.3.1
    • xwayland-24.1.1-150600.5.3.1
    • xwayland-debuginfo-24.1.1-150600.5.3.1

References: