package/x11r7/xserver_xorg-server: security bump to version 21.1.18

Fixes the following security issues:

- CVE-2025-49175: A flaw was found in the X Rendering extension's
  handling of animated cursors. If a client provides no cursors, the
  server assumes at least one is present, leading to an out-of-bounds
  read and potential crash.

For more information, see:
  - https://nvd.nist.gov/vuln/detail/CVE-2025-49175
  - https://gitlab.freedesktop.org/xorg/xserver/-/commit/0885e0b2

- CVE-2025-49176: A flaw was found in the Big Requests extension. The
  request length is multiplied by 4 before checking against the maximum
  allowed size, potentially causing an integer overflow and bypassing
  the size check.

For more information, see:
  - https://nvd.nist.gov/vuln/detail/CVE-2025-49176
  - https://gitlab.freedesktop.org/xorg/xserver/-/commit/03731b32

- CVE-2025-49177: A flaw was found in the XFIXES extension. The
  XFixesSetClientDisconnectMode handler does not validate the request
  length, allowing a client to read unintended memory from previous
  requests.

For more information, see:
  - https://nvd.nist.gov/vuln/detail/CVE-2025-49177
  - https://gitlab.freedesktop.org/xorg/xserver/-/commit/ab02fb96

- CVE-2025-49178: A flaw was found in the X server's request handling.
  Non-zero 'bytes to ignore' in a client's request can cause the server
  to skip processing another client's request, potentially leading to a
  denial of service.

For more information, see:
  - https://nvd.nist.gov/vuln/detail/CVE-2025-49178
  - https://gitlab.freedesktop.org/xorg/xserver/-/commit/d55c54ce

- CVE-2025-49179: A flaw was found in the X Record extension. The
  RecordSanityCheckRegisterClients function does not check for an
  integer overflow when computing request length, which allows a client
  to bypass length checks.

For more information, see:
  - https://nvd.nist.gov/vuln/detail/CVE-2025-49179
  - https://gitlab.freedesktop.org/xorg/xserver/-/commit/2bde9ca4

- CVE-2025-49180: A flaw was found in the RandR extension, where the
  RRChangeProviderProperty function does not properly validate input.
  This issue leads to an integer overflow when computing the total size
  to allocate.

For more information, see:
  - https://nvd.nist.gov/vuln/detail/CVE-2025-49180
  - https://gitlab.freedesktop.org/xorg/xserver/-/commit/3c3a4b76
  - https://gitlab.freedesktop.org/xorg/xserver/-/commit/0235121c

For more details on the version bump, see:
  - Security Advisory https://lists.x.org/archives/xorg/2025-June/062055.html
  - 21.1.17 https://lists.x.org/archives/xorg/2025-June/062056.html
  - 21.1.18 https://lists.x.org/archives/xorg/2025-June/062066.html

Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>

package/x11r7/xserver_xorg-server/xserver_xorg-server.hash

@@ -1,5 +1,5 @@
-# From https://lists.x.org/archives/xorg-announce/2025-February/003585.html
-sha256  59fa52b63f6f8747ee2c4716decb29ced249c4c574e2a18c96b7d3b1420f7fd9  xorg-server-21.1.16.tar.gz
+# From https://lists.x.org/archives/xorg/2025-June/062065.html
+sha256  c8591ceb70b177440062406542fe52ba60212f217f27f8f802dd20373ca9e74b  xorg-server-21.1.18.tar.gz
 sha512  d0cd176e4c7273b6870999a3d008ed282fd5609acb2e0919c16447af3a5b2228d8592424388a8ace67acf216cdfae3a2d52f7a7ba81f6071467c61d57f32f314  xorg-server-21.1.16.tar.gz
 # Locally calculated
 sha256  4cc0447a22635c7b2f1a93fec4aa94f1970fadeb72a063de006b51cf4963a06f  COPYING

package/x11r7/xserver_xorg-server/xserver_xorg-server.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-XSERVER_XORG_SERVER_VERSION = 21.1.16
+XSERVER_XORG_SERVER_VERSION = 21.1.18
 XSERVER_XORG_SERVER_SOURCE = xorg-server-$(XSERVER_XORG_SERVER_VERSION).tar.gz
 XSERVER_XORG_SERVER_SITE = https://xorg.freedesktop.org/archive/individual/xserver
 XSERVER_XORG_SERVER_LICENSE = MIT