package/x11r7/xwayland: security bump to version 24.1.8

Fixes the following security issues:

- CVE-2025-49175: A flaw was found in the X Rendering extension's
    handling of animated cursors. If a client provides no cursors, the
    server assumes at least one is present, leading to an out-of-bounds
    read and potential crash.

For more information, see:
    - https://nvd.nist.gov/vuln/detail/CVE-2025-49175
    - https://gitlab.freedesktop.org/xorg/xserver/-/commit/0885e0b2

- CVE-2025-49176: A flaw was found in the Big Requests extension. The
    request length is multiplied by 4 before checking against the maximum
    allowed size, potentially causing an integer overflow and bypassing
    the size check.

For more information, see:
    - https://nvd.nist.gov/vuln/detail/CVE-2025-49176
    - https://gitlab.freedesktop.org/xorg/xserver/-/commit/03731b32

- CVE-2025-49177: A flaw was found in the XFIXES extension. The
    XFixesSetClientDisconnectMode handler does not validate the request
    length, allowing a client to read unintended memory from previous
    requests.

For more information, see:
    - https://nvd.nist.gov/vuln/detail/CVE-2025-49177
    - https://gitlab.freedesktop.org/xorg/xserver/-/commit/ab02fb96

- CVE-2025-49178: A flaw was found in the X server's request handling.
    Non-zero 'bytes to ignore' in a client's request can cause the server
    to skip processing another client's request, potentially leading to a
    denial of service.

For more information, see:
    - https://nvd.nist.gov/vuln/detail/CVE-2025-49178
    - https://gitlab.freedesktop.org/xorg/xserver/-/commit/d55c54ce

- CVE-2025-49179: A flaw was found in the X Record extension. The
    RecordSanityCheckRegisterClients function does not check for an
    integer overflow when computing request length, which allows a client
    to bypass length checks.

For more information, see:
    - https://nvd.nist.gov/vuln/detail/CVE-2025-49179
    - https://gitlab.freedesktop.org/xorg/xserver/-/commit/2bde9ca4

- CVE-2025-49180: A flaw was found in the RandR extension, where the
    RRChangeProviderProperty function does not properly validate input.
    This issue leads to an integer overflow when computing the total size
    to allocate.

For more information, see:
    - https://nvd.nist.gov/vuln/detail/CVE-2025-49180
    - https://gitlab.freedesktop.org/xorg/xserver/-/commit/3c3a4b76
    - https://gitlab.freedesktop.org/xorg/xserver/-/commit/0235121c

For more details on the version bump, see:
    - Security Advisory https://lists.x.org/archives/xorg/2025-June/062055.html
    - 24.1.7 https://lists.x.org/archives/xorg/2025-June/062057.html
    - 24.1.8 https://lists.x.org/archives/xorg/2025-June/062066.html

Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>

package/x11r7/xwayland/xwayland.hash

@@ -1,5 +1,5 @@
-# From https://lists.x.org/archives/xorg-announce/2025-February/003586.html
-sha256  737e612ca36bbdf415a911644eb7592cf9389846847b47fa46dc705bd754d2d7  xwayland-24.1.6.tar.xz
+# From https://lists.x.org/archives/xorg/2025-June/062066.html
+sha256  c8908d57c8ed9ceb8293c16ba7ad5af522efaf1ba7e51f9e4cf3c0774d199907  xwayland-24.1.8.tar.xz
 sha512  b6dcc87f5c4d880cb23216518171a704c2a501803ac2efd9d01760895d755a617cd82313c6516f27a888b0581c64d74e3f8db5c238e1ae0d13da6cc1a547c02f  xwayland-24.1.6.tar.xz
 
 # Locally calculated

package/x11r7/xwayland/xwayland.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-XWAYLAND_VERSION = 24.1.6
+XWAYLAND_VERSION = 24.1.8
 XWAYLAND_SOURCE = xwayland-$(XWAYLAND_VERSION).tar.xz
 XWAYLAND_SITE = https://xorg.freedesktop.org/archive/individual/xserver
 XWAYLAND_LICENSE = MIT