This release contains the fixes for the issues reported in today's security advisory: https://lists.x.org/archives/xorg/2025-June/062055.html
* CVE-2025-49175
* CVE-2025-49176
* CVE-2025-49177
* CVE-2025-49178
* CVE-2025-49179
* CVE-2025-49180
Additionally, this release includes several other various fixes.
Alan Coopersmith (5):
xkb: ensure XkbAllocNames sets num_rg to 0 on allocation failure
xkb: Convert more sprintf calls to snprintf in xkbtext.c
xkb: Add tbGetBufferString helper function
pkgconfig files: Add URL
dix-config.h: define HAVE_STRUCT_SOCKADDR_STORAGE for xtrans 1.6
José Expósito (1):
xkb: Check that needed is > 0 in XkbResizeKeyActions
Martin Burggraf (1):
xkb: correcting mathematical nonsense in XkbGeomFPText
Olivier Fourdan (7):
render: Avoid 0 or less animated cursors
os: Do not overflow the integer size with BigRequest
xfixes: Check request length for SetClientDisconnectMode
os: Account for bytes to ignore when sharing input buffer
record: Check for overflow in RecordSanityCheckRegisterClients()
randr: Check for overflow in RRChangeProviderProperty()
Bump version to 24.1.7
Peter Hutterer (5):
mi: don't crash on miPointerGetPosition for disabled devices
mi: guard miPointer functions against NULL dereferences
Xi: disallow grabbing disabled devices
dix: fix erroneous BUG_RETURN check
dix: pick the right keyboard for focus FollowKeyboard
git tag: xwayland-24.1.7
https://xorg.freedesktop.org/archive/individual/xserver/xwayland-24.1.7.tar.xz
SHA256: f7d97e248092878a3f7d3c68b25dab652bf970d9e6a17d30fbf457aaea139ccb
xwayland-24.1.7.tar.xz
SHA512:
b5c5d39619743bff328c178a7496f04e17b527d3d7d6f6f54b0d2804fed54dbae16b76eb8f3921ca2557fa50b85601e40f8a2c809dc3c1e896cc1c662f91e013
xwayland-24.1.7.tar.xz
PGP:
https://xorg.freedesktop.org/archive/individual/xserver/xwayland-24.1.7.tar.xz.sig
OpenPGP_0x14706DBE1E4B4540.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
