[ANNOUNCE] xorg-server 21.1.17

[Olivier Fourdan]

This release contains the fixes for the issues reported in today's security
advisory: https://lists.x.org/archives/xorg/2025-June/062055.html

  * CVE-2025-49175
  * CVE-2025-49176
  * CVE-2025-49177
  * CVE-2025-49178
  * CVE-2025-49179
  * CVE-2025-49180

Additionally, this release includes a fix for CVE-2022-49737 which was
issued after the fix was merged back in 2022 and several other various fixes.

Alan Coopersmith (9):
      xkb: ensure XkbAllocNames sets num_rg to 0 on allocation failure
      xkb: Convert more sprintf calls to snprintf in xkbtext.c
      xkb: Add tbGetBufferString helper function
      pkgconfig files: Add URL
      dix-config.h: define HAVE_STRUCT_SOCKADDR_STORAGE for xtrans 1.6
      Xserver.man: remove X FireWall Proxy (xfwp) info
      Xserver.man: add Xwayland(1) to list of server-specific man pages
      Xserver.man: correct list of available authorization protocols
      XWin.man: fix typos in font change escapes

Enrico Weigelt, metux IT consult (1):
      xfree86: xf86helper: fix NULL dereference

José Expósito (1):
      xkb: Check that needed is > 0 in XkbResizeKeyActions

Martin Burggraf (1):
      xkb: correcting mathematical nonsense in XkbGeomFPText

Olivier Fourdan (8):
      render: Avoid 0 or less animated cursors
      os: Do not overflow the integer size with BigRequest
      xfixes: Check request length for SetClientDisconnectMode
      os: Account for bytes to ignore when sharing input buffer
      record: Check for overflow in RecordSanityCheckRegisterClients()
      randr: Check for overflow in RRChangeProviderProperty()
      xfree86: Check for RandR provider functions
      xserver 21.1.17

Peter Hutterer (5):
      mi: don't crash on miPointerGetPosition for disabled devices
      mi: guard miPointer functions against NULL dereferences
      Xi: disallow grabbing disabled devices
      dix: fix erroneous BUG_RETURN check
      dix: pick the right keyboard for focus FollowKeyboard

Tanguy Ortolo (1):
      xorg.conf.man: Complete the xorg.conf.5 manpage with Option "Disable"

tholin (1):
      dix: Hold input lock for AttachDevice()

git tag: xorg-server-21.1.17

https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-21.1.17.tar.gz
SHA256: 5b808335c09026a88dafd08e7e513b47e68183e3d6bd35d63db8cedaaa23af4b  
xorg-server-21.1.17.tar.gz
SHA512: 
ceb637c841bfe7f6256a0a8a9753a546efc57724389942086cb80ff3d9f4ca28eb05cc5d148c143a14ff73a5b8b2ef8cd13f7abdf4f2c6e9787e664fcfe1b7bf
  xorg-server-21.1.17.tar.gz
PGP:  
https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-21.1.17.tar.gz.sig

https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-21.1.17.tar.xz
SHA256: a29441c21a55f4cd2c2d93d3a4ec24a4c15f053d55aea104f97da32f66efecd0  
xorg-server-21.1.17.tar.xz
SHA512: 
6f301c532b2ad6edfab76f21f8e88c4bd9d7df88c12e52caaed72a2c2084547c323fd29ff8769fe0c1cb230b483d4620bc3f382df80899c6b58d3c12431d62d0
  xorg-server-21.1.17.tar.xz
PGP:  
https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-21.1.17.tar.xz.sig

OpenPGP_0x14706DBE1E4B4540.asc
Description: OpenPGP public key

OpenPGP_signature.asc
Description: OpenPGP digital signature