This release contains the fix for the issue reported in today's security advisory: https://lists.x.org/archives/xorg-announce/2025-February/003584.html
* CVE-2025-26594
* CVE-2025-26595
* CVE-2025-26596
* CVE-2025-26597
* CVE-2025-26598
* CVE-2025-26599
* CVE-2025-26600
* CVE-2025-26601
Additionally, it also contains several other fixes, see below:
Alan Coopersmith (7):
os: NextDPMSTimeout: mark intentional fallthroughs in switch
xfree86: avoid memory leak on realloc failure
Xi: avoid NULL pointer dereference if GetXTestDevice returns NULL
render: avoid NULL pointer dereference if PictureFindVisual returns NULL
dix: fix button offset when generating DeviceButtonStateNotify events
dix: limit checks to MAX_VALUATORS when generating Xi events
modesetting: avoid memory leak when ms_present_check_unflip() returns
FALSE
Daniel Kahn Gillmor (1):
autotools: enable static use of Nettle for SHA1
Doug Brown (1):
dri2: Protect against dri2ClientPrivate assertion failures
Olivier Fourdan (18):
glamor: Fix possible double-free
os: Fix NULL pointer dereference
xkb: Always use MAP_LENGTH keymap size
os/connection: Make sure partial is initialized
test: Fix xsync test
Cursor: Refuse to free the root cursor
xkb: Fix buffer overflow in XkbVModMaskText()
xkb: Fix computation of XkbSizeKeySyms
xkb: Fix buffer overflow in XkbChangeTypesOfKey()
Xi: Fix barrier device search
composite: Handle failure to redirect in compRedirectWindow()
composite: initialize border clip even when pixmap alloc fails
dix: Dequeue pending events on frozen device on removal
sync: Do not let sync objects uninitialized
sync: Check values before applying changes
sync: Do not fail SyncAddTriggerToSyncObject()
sync: Apply changes last in SyncChangeAlarmAttributes()
xserver 21.1.16
Patrik Jakobsson (1):
modesetting: Fix dirty updates for sw rotation
Peter Hutterer (3):
dix: don't push the XKB state to a non-existing master keyboard
Xi: when removing a master search for a disabled paired device
dix: keep a ref to the rootCursor
Tj (1):
xfree86: fbdevhw: fix pci detection on recent Linux
git tag: xorg-server-21.1.16
https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-21.1.16.tar.gz
SHA256: 59fa52b63f6f8747ee2c4716decb29ced249c4c574e2a18c96b7d3b1420f7fd9
xorg-server-21.1.16.tar.gz
SHA512:
d0cd176e4c7273b6870999a3d008ed282fd5609acb2e0919c16447af3a5b2228d8592424388a8ace67acf216cdfae3a2d52f7a7ba81f6071467c61d57f32f314
xorg-server-21.1.16.tar.gz
PGP:
https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-21.1.16.tar.gz.sig
https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-21.1.16.tar.xz
SHA256: b14a116d2d805debc5b5b2aac505a279e69b217dae2fae2dfcb62400471a9970
xorg-server-21.1.16.tar.xz
SHA512:
38fd4232a293a497d13f8b57e85e84cf6a531453a7d8d5de1a77d67ceaf8714d5770951a8a21f1b3f519e83be1fc0926dce269846e75a8b11aa1062dd507f67d
xorg-server-21.1.16.tar.xz
PGP:
https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-21.1.16.tar.xz.sig
OpenPGP_0x14706DBE1E4B4540.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
