xorg announce - Oct 2025 - [ANNOUNCE] xwayland 24.1.9

This release contains the fixes for the issues reported in today's security
advisory: https://lists.x.org/archives/xorg-announce/2025-October/003635.html

   * CVE-2025-62229
   * CVE-2025-62230
   * CVE-2025-62231

Additionally, it contains a number of additional fixes:

Alan Coopersmith (21):
       os: Use EVP APIs when building with OpenSSL 3
       meson: fix build if shmfence is enabled but dri3 & xwayland are not
       Xext/shm: avoid null dereference in ShmInitScreenPriv()
       Xext/sync: avoid null dereference if SysCounterGetPrivate() returns NULL
       Xext/sync: avoid null dereference in init_system_idle_counter()
       Xext/sync: Avoid dereference of invalid pointer if malloc() failed
       Xext/vidmode: avoid null dereference if VidModeCreateMode() allocation
fails
       Xext/xres: avoid null dereference in ProcXResQueryClients()
       Xext/xselinux: add fast path to ProcSELinuxListSelections()
       Xext/xselinux: avoid memory leak in SELinuxAtomToSID()
       Xext/xtest: avoid null dereference in ProcXTestFakeInput()
       Xi: avoid null dereference if wOtherInputMasks() returns NULL
       Xi: set value for led_values in CopySwapKbdFeedback()
       Xi: handle allocation failure in ProcXGetDeviceDontPropagateList()
       Xi: handle allocation failure in ProcXListInputDevices()
       Xi: handle allocation failure in add_master_func()
       dix: handle allocation failure in DeviceFocusEvent()
       dix: avoid null dereference if wOtherInputMasks() returns NULL
       dix: assert that size of buffers to swap is a multiple of the swap size
       dix: handle allocation failure in ChangeWindowDeviceCursor()
       dix: avoid memory leak in ProcListProperties()

Ian Forbes (1):
       xwayland: Try harder to find a top-level for root grabs

Icenowy Zheng (1):
       glamor: Fix dual blend on GLES3

Julian Orth (1):
       xwayland: Don't run key behaviors and actions

Michel D?nzer (3):
       xwayland: Take viewport scale into account for the input region
       xwayland: Add heuristic for WM windows based on reparenting
       xwayland: Ignore non-InputOutput children in window_get_client_toplevel

Mikhail Dmitrichenko (3):
       xwayland: Fix search of duplicate lease names
       os: avoid potential out-of-bounds access at logVHdrMessageVerb
       dix: avoid null ptr deref at doListFontsWithInfo

Nicolas Guichard (1):
       xwayland: Fix minimum wl_compositor protocol version

Olivier Fourdan (7):
       randr: Do not leak the provider property
       Revert "xwayland: Don't run key behaviors and actions"
       present: Fix use-after-free in present_create_notifies()
       xkb: Make the RT_XKBCLIENT resource private
       xkb: Free the XKB resource when freeing XkbInterest
       xkb: Prevent overflow in XkbSetCompatMap()
       Bump version to 24.1.9

Vlad Zahorodnii (1):
       xwayland: Dispatch tablet tool tip events after frame events

git tag: xwayland-24.1.9

https://xorg.freedesktop.org/archive/individual/xserver/xwayland-24.1.9.tar.xz
SHA256: f297af27a84508db9b80d1cbbcc69c3801da38eb64c72f3b5b50f582459afdd0 
xwayland-24.1.9.tar.xz
SHA512:
7438a572651dc77c1fd749879abccdc9a245c7b75143668d5561a8e99d41063f042a8eb3f9b931a2a12be1fc3cb9d197eee6794d0702a19e56c20f55acb35a26
xwayland-24.1.9.tar.xz
PGP: 
https://xorg.freedesktop.org/archive/individual/xserver/xwayland-24.1.9.tar.xz.sig
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x14706DBE1E4B4540.asc
Type: application/pgp-keys
Size: 2988 bytes
Desc: OpenPGP public key
URL:
<https://lists.x.org/archives/xorg-announce/attachments/20251028/0abe7dfc/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: OpenPGP digital signature
URL:
<https://lists.x.org/archives/xorg-announce/attachments/20251028/0abe7dfc/attachment.sig>