import UBI harfbuzz-2.7.4-10.el9

2024-04-30 15:40:10 +00:00 · 2024-04-30 15:40:10 +00:00 · f84a1c7d02
commit f84a1c7d02
parent 5162bfe18a
2 changed files with 31 additions and 1 deletions
--- a/SOURCES/CVE-2023-25193-Limit_how_far_we_skip_when_looking_back.patch
+++ b/SOURCES/CVE-2023-25193-Limit_how_far_we_skip_when_looking_back.patch
@ -0,0 +1,20 @@
+diff -urN harfbuzz-2.7.4.old/src/hb-ot-layout-gsubgpos.hh harfbuzz-2.7.4/src/hb-ot-layout-gsubgpos.hh
+--- harfbuzz-2.7.4.old/src/hb-ot-layout-gsubgpos.hh	2020-12-27 05:31:18.000000000 +0530
+++ harfbuzz-2.7.4/src/hb-ot-layout-gsubgpos.hh	2023-09-09 18:11:07.014324408 +0530
+@@ -468,7 +468,15 @@
+     bool prev ()
+     {
+       assert (num_items > 0);
+-      while (idx > num_items - 1)
+      unsigned stop = num_items - 1;
+
+      /* When looking back, limit how far we search; this function is mostly
+       * used for looking back for base glyphs when attaching marks. If we
+       * don't limit, we can get O(n^2) behavior where n is the number of
+       * consecutive marks. */
+      stop = (unsigned) hb_max ((int) stop, (int) idx - HB_MAX_CONTEXT_LENGTH);
+
+      while (idx > stop)
+       {
+ 	idx--;
+ 	const hb_glyph_info_t &info = c->buffer->out_info[idx];
--- a/SPECS/harfbuzz.spec
+++ b/SPECS/harfbuzz.spec
@ -1,6 +1,6 @@
 Name:           harfbuzz
 Version:        2.7.4
-Release:        8%{?dist}
+Release:        10%{?dist}
 Summary:        Text shaping library

 License:        MIT
@ -9,6 +9,8 @@ Source0:        https://github.com/harfbuzz/harfbuzz/releases/download/%{version

 # Upstream patch https://github.com/harfbuzz/harfbuzz/issues/3557
 Patch0:         CVE-2022-33068-sbix-Limit-glyph-extents.patch
+# Upstream https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc#commitcomment-101335712
+Patch1:         CVE-2023-25193-Limit_how_far_we_skip_when_looking_back.patch

 BuildRequires:  cairo-devel
 BuildRequires:  freetype-devel
@ -42,6 +44,8 @@ This package contains Harfbuzz ICU support library.

 %prep
 %autosetup -p1
+# rpminspect complained about invalid unicode characters like 0x202B and 0x202C
+rm -f test/shaping/texts/in-house/shaper-arabic/script-arabic/language-persian/mehran.txt


 %build
@ -91,6 +95,12 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
 %{_libdir}/libharfbuzz-icu.so.*

 %changelog
+* Mon Sep 18 2023 Parag Nemade <pnemade AT redhat DOT com> - 2.7.4-10
+- Resolves:RHEL-2268 Fix CI tests results
+
+* Sat Sep 09 2023 Parag Nemade <pnemade AT redhat DOT com> - 2.7.4-9
+- Resolves:RHEL-2268 CVE-2023-25193
+
 * Mon Jul 18 2022 Parag Nemade <pnemade AT redhat DOT com> - 2.7.4-8
 - Resolves:rh#2103849
 - Update tests.yaml