[ANNOUNCE] xorg-server 21.1.17

Olivier Fourdan ofourdan at redhat.com
Tue Jun 17 14:12:52 UTC 2025 

This release contains the fixes for the issues reported in today's security
advisory: https://lists.x.org/archives/xorg/2025-June/062055.html

   * CVE-2025-49175
   * CVE-2025-49176
   * CVE-2025-49177
   * CVE-2025-49178
   * CVE-2025-49179
   * CVE-2025-49180

Additionally, this release includes a fix for CVE-2022-49737 which was
issued after the fix was merged back in 2022 and several other various fixes.

Alan Coopersmith (9):
       xkb: ensure XkbAllocNames sets num_rg to 0 on allocation failure
       xkb: Convert more sprintf calls to snprintf in xkbtext.c
       xkb: Add tbGetBufferString helper function
       pkgconfig files: Add URL
       dix-config.h: define HAVE_STRUCT_SOCKADDR_STORAGE for xtrans 1.6
       Xserver.man: remove X FireWall Proxy (xfwp) info
       Xserver.man: add Xwayland(1) to list of server-specific man pages
       Xserver.man: correct list of available authorization protocols
       XWin.man: fix typos in font change escapes

Enrico Weigelt, metux IT consult (1):
       xfree86: xf86helper: fix NULL dereference

José Expósito (1):
       xkb: Check that needed is > 0 in XkbResizeKeyActions

Martin Burggraf (1):
       xkb: correcting mathematical nonsense in XkbGeomFPText

Olivier Fourdan (8):
       render: Avoid 0 or less animated cursors
       os: Do not overflow the integer size with BigRequest
       xfixes: Check request length for SetClientDisconnectMode
       os: Account for bytes to ignore when sharing input buffer
       record: Check for overflow in RecordSanityCheckRegisterClients()
       randr: Check for overflow in RRChangeProviderProperty()
       xfree86: Check for RandR provider functions
       xserver 21.1.17

Peter Hutterer (5):
       mi: don't crash on miPointerGetPosition for disabled devices
       mi: guard miPointer functions against NULL dereferences
       Xi: disallow grabbing disabled devices
       dix: fix erroneous BUG_RETURN check
       dix: pick the right keyboard for focus FollowKeyboard

Tanguy Ortolo (1):
       xorg.conf.man: Complete the xorg.conf.5 manpage with Option "Disable"

tholin (1):
       dix: Hold input lock for AttachDevice()

git tag: xorg-server-21.1.17

https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-21.1.17.tar.gz
SHA256: 5b808335c09026a88dafd08e7e513b47e68183e3d6bd35d63db8cedaaa23af4b  xorg-server-21.1.17.tar.gz
SHA512: ceb637c841bfe7f6256a0a8a9753a546efc57724389942086cb80ff3d9f4ca28eb05cc5d148c143a14ff73a5b8b2ef8cd13f7abdf4f2c6e9787e664fcfe1b7bf  xorg-server-21.1.17.tar.gz
PGP:  https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-21.1.17.tar.gz.sig

https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-21.1.17.tar.xz
SHA256: a29441c21a55f4cd2c2d93d3a4ec24a4c15f053d55aea104f97da32f66efecd0  xorg-server-21.1.17.tar.xz
SHA512: 6f301c532b2ad6edfab76f21f8e88c4bd9d7df88c12e52caaed72a2c2084547c323fd29ff8769fe0c1cb230b483d4620bc3f382df80899c6b58d3c12431d62d0  xorg-server-21.1.17.tar.xz
PGP:  https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-21.1.17.tar.xz.sig
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x14706DBE1E4B4540.asc
Type: application/pgp-keys
Size: 2988 bytes
Desc: OpenPGP public key
URL: <https://lists.x.org/archives/xorg-announce/attachments/20250617/0ca977ee/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: OpenPGP digital signature
URL: <https://lists.x.org/archives/xorg-announce/attachments/20250617/0ca977ee/attachment-0001.sig>

More information about the xorg-announce mailing list