From 03e75c267a476a65891dfd949ba2bf40082f0cfe Mon Sep 17 00:00:00 2001
From: Parag Nemade <pnemade@fedoraproject.org>
Date: Mon, 18 Jul 2022 11:16:26 +0530
Subject: [PATCH] Resolves:rh#2103849 CVE-2022-33068

Fix Covscan compiler warning for inclusion of parenthesis
Update tests.yaml
---
 CVE-2022-33068-sbix-Limit-glyph-extents.patch |  2 +-
 harfbuzz.spec                                 |  7 ++++++-
 tests/smoke/runtest.sh                        | 14 +++++++++++++-
 tests/tests.yml                               |  7 ++++++-
 4 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/CVE-2022-33068-sbix-Limit-glyph-extents.patch b/CVE-2022-33068-sbix-Limit-glyph-extents.patch
index b52a8c0..c229a3c 100644
--- a/CVE-2022-33068-sbix-Limit-glyph-extents.patch
+++ b/CVE-2022-33068-sbix-Limit-glyph-extents.patch
@@ -16,7 +16,7 @@ index 9741ebd45..6efae43cd 100644
  
        const PNGHeader &png = *blob->as<PNGHeader>();
  
-+      if (png.IHDR.height >= 65536 | png.IHDR.width >= 65536)
++      if ((png.IHDR.height >= 65536) | (png.IHDR.width >= 65536))
 +      {
 +	hb_blob_destroy (blob);
 +	return false;
diff --git a/harfbuzz.spec b/harfbuzz.spec
index 30946dc..56783d7 100644
--- a/harfbuzz.spec
+++ b/harfbuzz.spec
@@ -1,6 +1,6 @@
 Name:           harfbuzz
 Version:        2.7.4
-Release:        6%{?dist}
+Release:        7%{?dist}
 Summary:        Text shaping library
 
 License:        MIT
@@ -91,6 +91,11 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
 %{_libdir}/libharfbuzz-icu.so.*
 
 %changelog
+* Mon Jul 18 2022 Parag Nemade <pnemade AT redhat DOT co> - 2.7.4-7
+- Resolves:rh#2103849 CVE-2022-33068
+- Fix Covscan compiler warning for inclusion of parenthesis
+- Update tests.yaml
+
 * Fri Jul 15 2022 Parag Nemade <pnemade AT redhat DOT com> - 2.7.4-6
 - Resolves:rh#2103849 CVE-2022-33068
   harfbuzz: integer overflow in the component hb-ot-shape-fallback.c
diff --git a/tests/smoke/runtest.sh b/tests/smoke/runtest.sh
index 65e1ad1..b8492d6 100644
--- a/tests/smoke/runtest.sh
+++ b/tests/smoke/runtest.sh
@@ -1,4 +1,5 @@
 #!/bin/bash
+set -e
 cd ../source
 
 echo "---Start autogen.sh---"
@@ -6,4 +7,15 @@ NOCONFIGURE=1 ./autogen.sh
 echo "---End autogen.sh---"
 echo "--------------------"
 
-find . -type f -exec sed -i 's/env python/python3/g' {} \; && ./configure --disable-static --with-graphite2 && echo "--------------------"; echo "---Start make check---"; make check; echo "---End make check---"
+./configure --disable-static --with-graphite2 --with-gobject --enable-introspection
+echo "--------------------"
+echo "---Start make check---"
+make check
+retval=$?
+echo $retval
+if [ $retval -ne 0 ]; then
+        echo "make check failed"
+else
+        echo "make check completed sucessfully"
+fi
+echo "---End make check---"
diff --git a/tests/tests.yml b/tests/tests.yml
index c52c2d5..ff7105d 100644
--- a/tests/tests.yml
+++ b/tests/tests.yml
@@ -4,7 +4,12 @@
   - classic
   roles:
   - role: standard-test-source
- 
+  tasks:
+    - name: Enable EPEL repository
+      shell: dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
+      args:
+        warn: false
+
 - hosts: localhost
   tags:
   - classic