rpms/harfbuzz
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI harfbuzz-2.7.4-10.el9

Browse Source
This commit is contained in:
eabdullin 2024-04-30 15:40:10 +00:00
parent 5162bfe18a
commit f84a1c7d02
2 changed files with 31 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
SOURCES/CVE-2023-25193-Limit_how_far_we_skip_when_looking_back.patch Normal file
View File

@ -0,0 +1,20 @@
diff -urN harfbuzz-2.7.4.old/src/hb-ot-layout-gsubgpos.hh harfbuzz-2.7.4/src/hb-ot-layout-gsubgpos.hh
--- harfbuzz-2.7.4.old/src/hb-ot-layout-gsubgpos.hh 2020-12-27 05:31:18.000000000 +0530
+++ harfbuzz-2.7.4/src/hb-ot-layout-gsubgpos.hh 2023-09-09 18:11:07.014324408 +0530
@@ -468,7 +468,15 @@
bool prev ()
{
assert (num_items > 0);
- while (idx > num_items - 1)
+ unsigned stop = num_items - 1;
+
+ /* When looking back, limit how far we search; this function is mostly
+ * used for looking back for base glyphs when attaching marks. If we
+ * don't limit, we can get O(n^2) behavior where n is the number of
+ * consecutive marks. */
+ stop = (unsigned) hb_max ((int) stop, (int) idx - HB_MAX_CONTEXT_LENGTH);
+
+ while (idx > stop)
{
idx--;
const hb_glyph_info_t &info = c->buffer->out_info[idx];

12
SPECS/harfbuzz.spec
View File

@ -1,6 +1,6 @@
Name: harfbuzz Name: harfbuzz
Version: 2.7.4 Version: 2.7.4
Release: 8%{?dist} Release: 10%{?dist}
Summary: Text shaping library Summary: Text shaping library
License: MIT License: MIT
@ -9,6 +9,8 @@ Source0: https://github.com/harfbuzz/harfbuzz/releases/download/%{version
# Upstream patch https://github.com/harfbuzz/harfbuzz/issues/3557 # Upstream patch https://github.com/harfbuzz/harfbuzz/issues/3557
Patch0: CVE-2022-33068-sbix-Limit-glyph-extents.patch Patch0: CVE-2022-33068-sbix-Limit-glyph-extents.patch
# Upstream https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc#commitcomment-101335712
Patch1: CVE-2023-25193-Limit_how_far_we_skip_when_looking_back.patch
BuildRequires: cairo-devel BuildRequires: cairo-devel
BuildRequires: freetype-devel BuildRequires: freetype-devel
@ -42,6 +44,8 @@ This package contains Harfbuzz ICU support library.
%prep %prep
%autosetup -p1 %autosetup -p1
# rpminspect complained about invalid unicode characters like 0x202B and 0x202C
rm -f test/shaping/texts/in-house/shaper-arabic/script-arabic/language-persian/mehran.txt
%build %build
@ -91,6 +95,12 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
%{_libdir}/libharfbuzz-icu.so.* %{_libdir}/libharfbuzz-icu.so.*
%changelog %changelog
* Mon Sep 18 2023 Parag Nemade <pnemade AT redhat DOT com> - 2.7.4-10
- Resolves:RHEL-2268 Fix CI tests results
* Sat Sep 09 2023 Parag Nemade <pnemade AT redhat DOT com> - 2.7.4-9
- Resolves:RHEL-2268 CVE-2023-25193
* Mon Jul 18 2022 Parag Nemade <pnemade AT redhat DOT com> - 2.7.4-8 * Mon Jul 18 2022 Parag Nemade <pnemade AT redhat DOT com> - 2.7.4-8
- Resolves:rh#2103849 - Resolves:rh#2103849
- Update tests.yaml - Update tests.yaml