Fix CVE-2019-18397
Resolves: rhbz#1781218
This commit is contained in:
parent
2d8c8c6c2f
commit
edee4f6817
27
fribidi-CVE-2019-18397.patch
Normal file
27
fribidi-CVE-2019-18397.patch
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
From 034c6e9a1d296286305f4cfd1e0072b879f52568 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Dov Grobgeld <dov.grobgeld@gmail.com>
|
||||||
|
Date: Thu, 24 Oct 2019 09:37:29 +0300
|
||||||
|
Subject: [PATCH] Truncate isolate_level to FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL
|
||||||
|
|
||||||
|
---
|
||||||
|
lib/fribidi-bidi.c | 4 +++-
|
||||||
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/lib/fribidi-bidi.c b/lib/fribidi-bidi.c
|
||||||
|
index 6c84392..d384878 100644
|
||||||
|
--- a/lib/fribidi-bidi.c
|
||||||
|
+++ b/lib/fribidi-bidi.c
|
||||||
|
@@ -747,7 +747,9 @@ fribidi_get_par_embedding_levels_ex (
|
||||||
|
}
|
||||||
|
|
||||||
|
RL_LEVEL (pp) = level;
|
||||||
|
- RL_ISOLATE_LEVEL (pp) = isolate_level++;
|
||||||
|
+ RL_ISOLATE_LEVEL (pp) = isolate_level;
|
||||||
|
+ if (isolate_level < FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL-1)
|
||||||
|
+ isolate_level++;
|
||||||
|
base_level_per_iso_level[isolate_level] = new_level;
|
||||||
|
|
||||||
|
if (!FRIBIDI_IS_NEUTRAL (override))
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
Summary: Library implementing the Unicode Bidirectional Algorithm
|
Summary: Library implementing the Unicode Bidirectional Algorithm
|
||||||
Name: fribidi
|
Name: fribidi
|
||||||
Version: 1.0.7
|
Version: 1.0.7
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
URL: https://github.com/fribidi/fribidi/
|
URL: https://github.com/fribidi/fribidi/
|
||||||
Source: https://github.com/%{name}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.bz2
|
Source: https://github.com/%{name}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.bz2
|
||||||
License: LGPLv2+ and UCD
|
License: LGPLv2+ and UCD
|
||||||
@ -13,6 +13,7 @@ BuildRequires: meson
|
|||||||
%endif
|
%endif
|
||||||
Patch0: %{name}-drop-bundled-gnulib.patch
|
Patch0: %{name}-drop-bundled-gnulib.patch
|
||||||
Patch1: %{name}-automake.patch
|
Patch1: %{name}-automake.patch
|
||||||
|
Patch2: %{name}-CVE-2019-18397.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
A library to handle bidirectional scripts (for example Hebrew, Arabic),
|
A library to handle bidirectional scripts (for example Hebrew, Arabic),
|
||||||
@ -84,6 +85,10 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
|
|||||||
#%%{_mandir}/man3/*.gz
|
#%%{_mandir}/man3/*.gz
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Dec 11 2019 Akira TAGOH <tagoh@redhat.com> - 1.0.7-2
|
||||||
|
- Fix CVE-2019-18397
|
||||||
|
Resolves: rhbz#1781218
|
||||||
|
|
||||||
* Mon Sep 30 2019 Akira TAGOH <tagoh@redhat.com> - 1.0.7-1
|
* Mon Sep 30 2019 Akira TAGOH <tagoh@redhat.com> - 1.0.7-1
|
||||||
- New upstream release.
|
- New upstream release.
|
||||||
Resolves: rhbz#1756434
|
Resolves: rhbz#1756434
|
||||||
|
Loading…
Reference in New Issue
Block a user