[ANNOUNCE] xorg-server 21.1.16

Olivier Fourdan ofourdan at redhat.com
Tue Feb 25 19:04:41 UTC 2025 

This release contains the fix for the issue reported in today's security
advisory: https://lists.x.org/archives/xorg-announce/2025-February/003584.html

  * CVE-2025-26594
  * CVE-2025-26595
  * CVE-2025-26596
  * CVE-2025-26597
  * CVE-2025-26598
  * CVE-2025-26599
  * CVE-2025-26600
  * CVE-2025-26601

Additionally, it also contains several other fixes, see below:

Alan Coopersmith (7):
       os: NextDPMSTimeout: mark intentional fallthroughs in switch
       xfree86: avoid memory leak on realloc failure
       Xi: avoid NULL pointer dereference if GetXTestDevice returns NULL
       render: avoid NULL pointer dereference if PictureFindVisual returns NULL
       dix: fix button offset when generating DeviceButtonStateNotify events
       dix: limit checks to MAX_VALUATORS when generating Xi events
       modesetting: avoid memory leak when ms_present_check_unflip() returns FALSE

Daniel Kahn Gillmor (1):
       autotools: enable static use of Nettle for SHA1

Doug Brown (1):
       dri2: Protect against dri2ClientPrivate assertion failures

Olivier Fourdan (18):
       glamor: Fix possible double-free
       os: Fix NULL pointer dereference
       xkb: Always use MAP_LENGTH keymap size
       os/connection: Make sure partial is initialized
       test: Fix xsync test
       Cursor: Refuse to free the root cursor
       xkb: Fix buffer overflow in XkbVModMaskText()
       xkb: Fix computation of XkbSizeKeySyms
       xkb: Fix buffer overflow in XkbChangeTypesOfKey()
       Xi: Fix barrier device search
       composite: Handle failure to redirect in compRedirectWindow()
       composite: initialize border clip even when pixmap alloc fails
       dix: Dequeue pending events on frozen device on removal
       sync: Do not let sync objects uninitialized
       sync: Check values before applying changes
       sync: Do not fail SyncAddTriggerToSyncObject()
       sync: Apply changes last in SyncChangeAlarmAttributes()
       xserver 21.1.16

Patrik Jakobsson (1):
       modesetting: Fix dirty updates for sw rotation

Peter Hutterer (3):
       dix: don't push the XKB state to a non-existing master keyboard
       Xi: when removing a master search for a disabled paired device
       dix: keep a ref to the rootCursor

Tj (1):
       xfree86: fbdevhw: fix pci detection on recent Linux

git tag: xorg-server-21.1.16

https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-21.1.16.tar.gz
SHA256: 59fa52b63f6f8747ee2c4716decb29ced249c4c574e2a18c96b7d3b1420f7fd9  xorg-server-21.1.16.tar.gz
SHA512: d0cd176e4c7273b6870999a3d008ed282fd5609acb2e0919c16447af3a5b2228d8592424388a8ace67acf216cdfae3a2d52f7a7ba81f6071467c61d57f32f314  xorg-server-21.1.16.tar.gz
PGP:  https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-21.1.16.tar.gz.sig

https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-21.1.16.tar.xz
SHA256: b14a116d2d805debc5b5b2aac505a279e69b217dae2fae2dfcb62400471a9970  xorg-server-21.1.16.tar.xz
SHA512: 38fd4232a293a497d13f8b57e85e84cf6a531453a7d8d5de1a77d67ceaf8714d5770951a8a21f1b3f519e83be1fc0926dce269846e75a8b11aa1062dd507f67d  xorg-server-21.1.16.tar.xz
PGP:  https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-21.1.16.tar.xz.sig
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x14706DBE1E4B4540.asc
Type: application/pgp-keys
Size: 2988 bytes
Desc: OpenPGP public key
URL: <https://lists.x.org/archives/xorg/attachments/20250225/f76ff0d7/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: OpenPGP digital signature
URL: <https://lists.x.org/archives/xorg/attachments/20250225/f76ff0d7/attachment-0001.sig>

More information about the xorg mailing list