Fix CVE-2019-18397

Resolves: rhbz#1781218
This commit is contained in:
Akira TAGOH 2019-12-11 13:51:20 +09:00
parent 2d8c8c6c2f
commit edee4f6817
2 changed files with 33 additions and 1 deletions

View File

@ -0,0 +1,27 @@
From 034c6e9a1d296286305f4cfd1e0072b879f52568 Mon Sep 17 00:00:00 2001
From: Dov Grobgeld <dov.grobgeld@gmail.com>
Date: Thu, 24 Oct 2019 09:37:29 +0300
Subject: [PATCH] Truncate isolate_level to FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL
---
lib/fribidi-bidi.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lib/fribidi-bidi.c b/lib/fribidi-bidi.c
index 6c84392..d384878 100644
--- a/lib/fribidi-bidi.c
+++ b/lib/fribidi-bidi.c
@@ -747,7 +747,9 @@ fribidi_get_par_embedding_levels_ex (
}
RL_LEVEL (pp) = level;
- RL_ISOLATE_LEVEL (pp) = isolate_level++;
+ RL_ISOLATE_LEVEL (pp) = isolate_level;
+ if (isolate_level < FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL-1)
+ isolate_level++;
base_level_per_iso_level[isolate_level] = new_level;
if (!FRIBIDI_IS_NEUTRAL (override))
--
2.23.0

View File

@ -1,7 +1,7 @@
Summary: Library implementing the Unicode Bidirectional Algorithm Summary: Library implementing the Unicode Bidirectional Algorithm
Name: fribidi Name: fribidi
Version: 1.0.7 Version: 1.0.7
Release: 1%{?dist} Release: 2%{?dist}
URL: https://github.com/fribidi/fribidi/ URL: https://github.com/fribidi/fribidi/
Source: https://github.com/%{name}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.bz2 Source: https://github.com/%{name}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.bz2
License: LGPLv2+ and UCD License: LGPLv2+ and UCD
@ -13,6 +13,7 @@ BuildRequires: meson
%endif %endif
Patch0: %{name}-drop-bundled-gnulib.patch Patch0: %{name}-drop-bundled-gnulib.patch
Patch1: %{name}-automake.patch Patch1: %{name}-automake.patch
Patch2: %{name}-CVE-2019-18397.patch
%description %description
A library to handle bidirectional scripts (for example Hebrew, Arabic), A library to handle bidirectional scripts (for example Hebrew, Arabic),
@ -84,6 +85,10 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
#%%{_mandir}/man3/*.gz #%%{_mandir}/man3/*.gz
%changelog %changelog
* Wed Dec 11 2019 Akira TAGOH <tagoh@redhat.com> - 1.0.7-2
- Fix CVE-2019-18397
Resolves: rhbz#1781218
* Mon Sep 30 2019 Akira TAGOH <tagoh@redhat.com> - 1.0.7-1 * Mon Sep 30 2019 Akira TAGOH <tagoh@redhat.com> - 1.0.7-1
- New upstream release. - New upstream release.
Resolves: rhbz#1756434 Resolves: rhbz#1756434