Описание
Security update for dri3proto, presentproto, wayland-protocols, xwayland
This update for dri3proto, presentproto, wayland-protocols, xwayland fixes the following issues:
Changes in presentproto:
- update to version 1.4 (patch generated from xorgproto-2024.1 sources)
Changes in wayland-protocols:
-
Update to version 1.36:
- xdg-dialog: fix missing namespace in protocol name
-
Changes from version 1.35:
- cursor-shape-v1: Does not advertises the list of supported cursors
- xdg-shell: add missing enum attribute to set_constraint_adjustment
- xdg-shell: recommend against drawing decorations when tiled
- tablet-v2: mark as stable
- staging: add alpha-modifier protocol
-
Update to 1.36
- Fix to the xdg dialog protocol
- tablet-v2 protocol is now stable
- alpha-modifier: new protocol
- Bug fix to the cursor shape documentation
- The xdg-shell protocol now also explicitly recommends against drawing decorations outside of the window geometry when tiled
-
Update to 1.34:
- xdg-dialog: new protocol
- xdg-toplevel-drag: new protocol
- Fix typo in ext-foreign-toplevel-list-v1
- tablet-v2: clarify that name/id events are optional
- linux-drm-syncobj-v1: new protocol
- linux-explicit-synchronization-v1: add linux-drm-syncobj note
-
Update to version 1.33:
- xdg-shell: Clarify what a toplevel by default includes
- linux-dmabuf: sync changes from unstable to stable
- linux-dmabuf: require all planes to use the same modifier
- presentation-time: stop referring to Linux/glibc
- security-context-v1: Make sandbox engine names use reverse-DNS
- xdg-decoration: remove ambiguous wording in configure event
- xdg-decoration: fix configure event summary
- linux-dmabuf: mark as stable
- linux-dmabuf: add note about implicit sync
- security-context-v1: Document what can be done with the open sockets
- security-context-v1: Document out of band metadata for flatpak
Changes in dri3proto:
- update to version 1.4 (patch generated from xorgproto-2024.1 sources)
Changes in xwayland:
-
Update to bugfix release 24.1.1 for the current stable 24.1 branch of Xwayland
- xwayland: fix segment fault in
xwl_glamor_gbm_init_main_dev - os: Explicitly include X11/Xmd.h for CARD32 definition to fix building on i686
- present: On *BSD, epoll-shim is needed to emulate eventfd()
- xwayland: Stop on first unmapped child
- xwayland/window-buffers: Promote xwl_window_buffer
- xwayland/window-buffers: Add xwl_window_buffer_release()
- xwayland/glamor/gbm: Copy explicit sync code to GLAMOR/GBM
- xwayland/window-buffers: Use synchronization from GLAMOR/GBM
- xwayland/window-buffers: Do not always set syncpnts
- xwayland/window-buffers: Move code to submit pixmaps
- xwayland/window-buffers: Set syncpnts for all pixmaps
- xwayland: Move xwl_window disposal to its own function
- xwayland: Make sure we do not leak xwl_window on destroy
- wayland/window-buffers: Move buffer disposal to its own function
- xwayland/window-buffers: optionally force disposal
- wayland: Force disposal of windows buffers for root on destroy
- xwayland: Check for pointer in xwl_seat_leave_ptr()
- xwayland: remove includedir from pkgconfig
- xwayland: fix segment fault in
-
disable DPMS on sle15 due to missing proto package
-
Update to feature release 24.1.0
- This fixes a couple of regressions introduced in the previous release
candidate versions along with a fix for XTEST emulation with EI.
- xwayland: Send ei_device_frame on device_scroll_discrete
- xwayland: Restore the ResizeWindow handler
- xwayland: Handle rootful resize in ResizeWindow
- xwayland: Move XRandR emulation to the ResizeWindow hook
- xwayland: Use correct xwl_window lookup function in xwl_set_shape
- This fixes a couple of regressions introduced in the previous release
candidate versions along with a fix for XTEST emulation with EI.
-
eglstreams has been dropped
-
Update to bug fix relesae 23.2.7
- m4: drop autoconf leftovers
- xwayland: Send ei_device_frame on device_scroll_discrete
- xwayland: Call drmFreeDevice for dma-buf default feedback
- xwayland: Use drmDevicesEqual in xwl_dmabuf_feedback_tranche_done
- dri3: Free formats in cache_formats_and_modifiers
- xwayland/glamor: Handle depth 15 in gbm_format_for_depth
- Revert 'xwayland/glamor: Avoid implicit redirection with depth 32 parent windows'
- xwayland: Check for outputs before lease devices
- xwayland: Do not remove output on withdraw if leased
-
Update to 23.2.6
- This is a quick bug fix release to address a regression introduced by the fix for CVE-2024-31083 in xwayland-23.2.5.
-
Security update 23.2.5
This release contains the 3 security fixes that actually apply to Xwayland reported in the security advisory of April 3rd 2024
- CVE-2024-31080
- CVE-2024-31081
- CVE-2024-31083
Additionally, it also contains a couple of other fixes, a copy/paste error in the DeviceStateNotify event and a fix to enable buttons with pointer gestures for backward compatibility with legacy X11 clients.
-
Don't provide xorg-x11-server-source
- xwayland sources are not meant for a generic server.
Список пакетов
SUSE Linux Enterprise Module for Development Tools 15 SP5
SUSE Linux Enterprise Module for Development Tools 15 SP6
SUSE Linux Enterprise Module for Package Hub 15 SP6
SUSE Linux Enterprise Workstation Extension 15 SP6
openSUSE Leap 15.5
openSUSE Leap 15.6
Ссылки
- Link for SUSE-SU-2024:2776-1
- E-Mail link for SUSE-SU-2024:2776-1
- SUSE Security Ratings
- SUSE Bug 1219892
- SUSE Bug 1222309
- SUSE Bug 1222310
- SUSE Bug 1222312
- SUSE Bug 1222442
- SUSE CVE CVE-2024-31080 page
- SUSE CVE CVE-2024-31081 page
- SUSE CVE CVE-2024-31083 page
Описание
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
Затронутые продукты
Ссылки
- CVE-2024-31080
- SUSE Bug 1222309
- SUSE Bug 1222312
Описание
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
Затронутые продукты
Ссылки
- CVE-2024-31081
- SUSE Bug 1222310
- SUSE Bug 1222312
Описание
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
Затронутые продукты
Ссылки
- CVE-2024-31083
- SUSE Bug 1222312