From ac068bc058b815aabc17f5401a43d4f72b96a104 Mon Sep 17 00:00:00 2001
From: Parag Nemade <pnemade@fedoraproject.org>
Date: Mon, 25 Sep 2023 13:11:08 +0530
Subject: [PATCH] Resolves:RHEL-8400 allows attackers to trigger O(n^2) growth
 via consecutive marks

---
 harfbuzz.spec   | 13 ++++++++++---
 tests/tests.yml | 14 --------------
 2 files changed, 10 insertions(+), 17 deletions(-)

diff --git a/harfbuzz.spec b/harfbuzz.spec
index 8b58020..caeedbf 100644
--- a/harfbuzz.spec
+++ b/harfbuzz.spec
@@ -1,12 +1,15 @@
 Name:           harfbuzz
 Version:        1.7.5
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        Text shaping library
 
 License:        MIT
 URL:            http://freedesktop.org/wiki/Software/HarfBuzz
 Source0:        http://www.freedesktop.org/software/harfbuzz/release/harfbuzz-%{version}.tar.bz2
 
+# https://github.com/harfbuzz/harfbuzz/issues/4147#issuecomment-1707674277
+Patch1:         CVE-2023-25193-Limit_how_far_we_skip_when_looking_back.patch
+
 BuildRequires:  cairo-devel
 BuildRequires:  freetype-devel
 BuildRequires:  glib2-devel
@@ -36,8 +39,9 @@ Requires:       %{name}%{?_isa} = %{version}-%{release}
 This package contains Harfbuzz ICU support library.
 
 %prep
-%autosetup
-
+%autosetup -p1
+# rpminspect complained about invalid unicode characters like 0x202B and 0x202C
+rm -f test/shaping/texts/in-house/shaper-arabic/script-arabic/language-persian/mehran.txt
 
 %build
 %configure --disable-static --with-graphite2
@@ -81,6 +85,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
 %{_libdir}/libharfbuzz-icu.so.*
 
 %changelog
+* Mon Sep 25 2023 Parag Nemade <pnemade AT redhat DOT com> - 1.7.5-4
+- Resolves:RHEL-8400 allows attackers to trigger O(n^2) growth via consecutive marks
+
 * Mon Feb 19 2018 Parag Nemade <pnemade AT redhat DOT com> - 1.7.5-3
 - Add BuildRequires: gcc-c++ as per packaging guidelines
 - Used %%autosetup
diff --git a/tests/tests.yml b/tests/tests.yml
index bae54a2..094f2c5 100644
--- a/tests/tests.yml
+++ b/tests/tests.yml
@@ -5,19 +5,6 @@
   roles:
   - role: standard-test-source
  
-- hosts: localhost
-  tags:
-  - classic
-  tasks:
-  - name: Copy epel repo file to remote machine
-    copy:
-      src: "{{ playbook_dir }}/epel.repo"
-      dest: /etc/yum.repos.d/
-  - name: Copy epel gpg file to remote machine
-    copy:
-      src: "{{ playbook_dir }}/RPM-GPG-KEY-EPEL-8"
-      dest: /etc/pki/rpm-gpg/
- 
 - hosts: localhost
   tags:
   - classic
@@ -32,7 +19,6 @@
     - gcc-c++
     - make
     - python3-devel
-    - ragel
     - libtool
     - gtk-doc
     - cairo-devel