import UBI harfbuzz-1.7.5-4.el8

2024-05-22 13:40:49 +00:00 · 2024-05-22 13:40:49 +00:00 · 914f23f8a8
commit 914f23f8a8
parent bdadbcfd9d
2 changed files with 30 additions and 3 deletions
--- a/SOURCES/CVE-2023-25193-Limit_how_far_we_skip_when_looking_back.patch
+++ b/SOURCES/CVE-2023-25193-Limit_how_far_we_skip_when_looking_back.patch
@ -0,0 +1,20 @@
+diff -urN harfbuzz-1.7.5.old/src/hb-ot-layout-gsubgpos-private.hh harfbuzz-1.7.5/src/hb-ot-layout-gsubgpos-private.hh
+--- harfbuzz-1.7.5.old/src/hb-ot-layout-gsubgpos-private.hh	2018-01-27 07:43:07.000000000 +0530
+++ harfbuzz-1.7.5/src/hb-ot-layout-gsubgpos-private.hh	2023-09-25 12:18:00.277228938 +0530
+@@ -368,7 +368,15 @@
+     inline bool prev (void)
+     {
+       assert (num_items > 0);
+-      while (idx >= num_items)
+      unsigned stop = num_items - 1;
+
+      /* When looking back, limit how far we search; this function is mostly
+       * used for looking back for base glyphs when attaching marks. If we
+       * don't limit, we can get O(n^2) behavior where n is the number of
+       * consecutive marks. */
+      stop = (unsigned) ((int) stop >= (int) idx - HB_MAX_CONTEXT_LENGTH ? stop : (int) idx - HB_MAX_CONTEXT_LENGTH);
+
+      while (idx > stop)
+       {
+ 	idx--;
+ 	const hb_glyph_info_t &info = c->buffer->out_info[idx];
--- a/SPECS/harfbuzz.spec
+++ b/SPECS/harfbuzz.spec
@ -1,12 +1,15 @@
 Name:           harfbuzz
 Version:        1.7.5
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        Text shaping library

 License:        MIT
 URL:            http://freedesktop.org/wiki/Software/HarfBuzz
 Source0:        http://www.freedesktop.org/software/harfbuzz/release/harfbuzz-%{version}.tar.bz2

+# https://github.com/harfbuzz/harfbuzz/issues/4147#issuecomment-1707674277
+Patch1:         CVE-2023-25193-Limit_how_far_we_skip_when_looking_back.patch
+
 BuildRequires:  cairo-devel
 BuildRequires:  freetype-devel
 BuildRequires:  glib2-devel
@ -36,8 +39,9 @@ Requires:       %{name}%{?_isa} = %{version}-%{release}
 This package contains Harfbuzz ICU support library.

 %prep
-%autosetup
-
+%autosetup -p1
+# rpminspect complained about invalid unicode characters like 0x202B and 0x202C
+rm -f test/shaping/texts/in-house/shaper-arabic/script-arabic/language-persian/mehran.txt

 %build
 %configure --disable-static --with-graphite2
@ -81,6 +85,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
 %{_libdir}/libharfbuzz-icu.so.*

 %changelog
+* Mon Sep 25 2023 Parag Nemade <pnemade AT redhat DOT com> - 1.7.5-4
+- Resolves:RHEL-8400 allows attackers to trigger O(n^2) growth via consecutive marks
+
 * Mon Feb 19 2018 Parag Nemade <pnemade AT redhat DOT com> - 1.7.5-3
 - Add BuildRequires: gcc-c++ as per packaging guidelines
 - Used %%autosetup