Red Hat’s Peter Hutterer announced the release today of xkbcomp 1.5, the CLI utility used for compiling X Keyboard Extension (XBD) keyboard descriptions for the X.Org Server. Driving this new xkbcomp release are fixes for four security issues.
These four security issues originate from within code originally inside the libxkbcommon library and back in 2018 was flagged with four CVEs. Those security issues included endless recursion resulting in a crash and three null pointer dereference issues leading to possible crashes.
Those 2018 security patches to libxkbcommon are now applied to the xkbcomp codebase for addressing those C issues. More details for those interested in today’s X.Org Security Advisory resulting in the xkbcomp 1.5 release can be found via the Xorg-announce mailing list.
Besides these four 2018 CVE fixes, xkbcomp 1.5 also has added support for the Meson build system and other minor fixes collected over the past two years or so since the prior 1.4 point release.
