rpms
/
harfbuzz
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i9-libreoffice
rpms:i10cs
rpms:cs10
rpms:i8c-beta
rpms:c8-beta
rpms:i9c-beta
rpms:c9-beta
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
...
pull from: rpms:i8c-beta
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i9-libreoffice
rpms:i10cs
rpms:cs10
rpms:i8c-beta
rpms:c8-beta
rpms:i9c-beta
rpms:c9-beta
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9

No commits in common. 'c9' and 'i8c-beta' have entirely different histories.
c9 ... i8c-beta

5 changed files with 48 additions and 226 deletions
Show Stats

2
.gitignore vendored
Unescape View File

@ -1 +1 @@
SOURCES/harfbuzz-2.7.4.tar.xz
SOURCES/harfbuzz-1.7.5.tar.bz2

2
.harfbuzz.metadata
Unescape View File

@ -1 +1 @@
a85339c716b0ff249e4afe0839ece611594cf648 SOURCES/harfbuzz-2.7.4.tar.xz
6ddc62df691d217c4da503115b3f2dd538d7b4bf SOURCES/harfbuzz-1.7.5.tar.bz2

30
SOURCES/CVE-2022-33068-sbix-Limit-glyph-extents.patch
Unescape View File

@ -1,30 +0,0 @@
From 62e803b36173fd096d7ad460dd1d1db9be542593 Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Wed, 1 Jun 2022 07:38:21 -0600
Subject: [PATCH 001/363] [sbix] Limit glyph extents
Fixes https://github.com/harfbuzz/harfbuzz/issues/3557
---
src/hb-ot-color-sbix-table.hh | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/hb-ot-color-sbix-table.hh b/src/hb-ot-color-sbix-table.hh
index 9741ebd45..6efae43cd 100644
--- a/src/hb-ot-color-sbix-table.hh
+++ b/src/hb-ot-color-sbix-table.hh
@@ -298,6 +298,12 @@ struct sbix
const PNGHeader &png = *blob->as<PNGHeader>();
+ if ((png.IHDR.height >= 65536) | (png.IHDR.width >= 65536))
+ {
+ hb_blob_destroy (blob);
+ return false;
+ }
+
extents->x_bearing = x_offset;
extents->y_bearing = png.IHDR.height + y_offset;
extents->width = png.IHDR.width;
--
2.36.1

20
SOURCES/CVE-2023-25193-Limit_how_far_we_skip_when_looking_back.patch
Unescape View File

@ -0,0 +1,20 @@
diff -urN harfbuzz-1.7.5.old/src/hb-ot-layout-gsubgpos-private.hh harfbuzz-1.7.5/src/hb-ot-layout-gsubgpos-private.hh
--- harfbuzz-1.7.5.old/src/hb-ot-layout-gsubgpos-private.hh 2018-01-27 07:43:07.000000000 +0530
+++ harfbuzz-1.7.5/src/hb-ot-layout-gsubgpos-private.hh 2023-09-25 12:18:00.277228938 +0530
@@ -368,7 +368,15 @@
inline bool prev (void)
{
assert (num_items > 0);
- while (idx >= num_items)
+ unsigned stop = num_items - 1;
+
+ /* When looking back, limit how far we search; this function is mostly
+ * used for looking back for base glyphs when attaching marks. If we
+ * don't limit, we can get O(n^2) behavior where n is the number of
+ * consecutive marks. */
+ stop = (unsigned) ((int) stop >= (int) idx - HB_MAX_CONTEXT_LENGTH ? stop : (int) idx - HB_MAX_CONTEXT_LENGTH);
+
+ while (idx > stop)
{
idx--;
const hb_glyph_info_t &info = c->buffer->out_info[idx];

220
SPECS/harfbuzz.spec
Unescape View File

@ -1,24 +1,22 @@
Name: harfbuzz
Version: 2.7.4
Release: 8%{?dist}
Version: 1.7.5
Release: 4%{?dist}
Summary: Text shaping library
License: MIT
URL: https://harfbuzz.github.io/
Source0: https://github.com/harfbuzz/harfbuzz/releases/download/%{version}/harfbuzz-%{version}.tar.xz
URL: http://freedesktop.org/wiki/Software/HarfBuzz
Source0: http://www.freedesktop.org/software/harfbuzz/release/harfbuzz-%{version}.tar.bz2
# Upstream patch https://github.com/harfbuzz/harfbuzz/issues/3557
Patch0: CVE-2022-33068-sbix-Limit-glyph-extents.patch
# https://github.com/harfbuzz/harfbuzz/issues/4147#issuecomment-1707674277
Patch1: CVE-2023-25193-Limit_how_far_we_skip_when_looking_back.patch
BuildRequires: cairo-devel
BuildRequires: freetype-devel
BuildRequires: glib2-devel
BuildRequires: gobject-introspection-devel
BuildRequires: libicu-devel
BuildRequires: graphite2-devel
BuildRequires: gtk-doc
BuildRequires: gcc-c++
BuildRequires: make
%description
HarfBuzz is an implementation of the OpenType Layout engine.
@ -42,222 +40,56 @@ This package contains Harfbuzz ICU support library.
%prep
%autosetup -p1
# rpminspect complained about invalid unicode characters like 0x202B and 0x202C
rm -f test/shaping/texts/in-house/shaper-arabic/script-arabic/language-persian/mehran.txt
%build
%configure --disable-static --with-graphite2 --with-gobject --enable-introspection
%{make_build}
%configure --disable-static --with-graphite2
# Remove lib64 rpath
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
make %{?_smp_mflags} V=1
%install
%{make_install}
make install DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
%ldconfig_scriptlets
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%ldconfig_scriptlets icu
%post icu -p /sbin/ldconfig
%postun icu -p /sbin/ldconfig
%files
%license COPYING
%doc NEWS AUTHORS README
%{_libdir}/libharfbuzz.so.0*
%{_libdir}/libharfbuzz-gobject.so.0*
%{_libdir}/libharfbuzz-subset.so.0*
%dir %{_libdir}/girepository-1.0
%{_libdir}/girepository-1.0/HarfBuzz-0.0.typelib
%{_libdir}/libharfbuzz.so.*
%files devel
%doc %{_datadir}/gtk-doc
%{_bindir}/hb-view
%{_bindir}/hb-ot-shape-closure
%{_bindir}/hb-shape
%{_bindir}/hb-subset
%{_includedir}/harfbuzz/
%{_libdir}/libharfbuzz.so
%{_libdir}/libharfbuzz-gobject.so
%{_libdir}/libharfbuzz-icu.so
%{_libdir}/libharfbuzz-subset.so
%{_libdir}/pkgconfig/harfbuzz.pc
%{_libdir}/pkgconfig/harfbuzz-gobject.pc
%{_libdir}/libharfbuzz-icu.so
%{_libdir}/pkgconfig/harfbuzz-icu.pc
%{_libdir}/pkgconfig/harfbuzz-subset.pc
%{_libdir}/cmake/harfbuzz/
%dir %{_datadir}/gir-1.0
%{_datadir}/gir-1.0/HarfBuzz-0.0.gir
%files icu
%{_libdir}/libharfbuzz-icu.so.*
%changelog
* Mon Jul 18 2022 Parag Nemade <pnemade AT redhat DOT com> - 2.7.4-8
- Resolves:rh#2103849
- Update tests.yaml
* Mon Jul 18 2022 Parag Nemade <pnemade AT redhat DOT com> - 2.7.4-7
- Resolves:rh#2103849 CVE-2022-33068
- Fix Covscan compiler warning for inclusion of parenthesis
- Update tests.yaml
* Fri Jul 15 2022 Parag Nemade <pnemade AT redhat DOT com> - 2.7.4-6
- Resolves:rh#2103849 CVE-2022-33068
harfbuzz: integer overflow in the component hb-ot-shape-fallback.c
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.7.4-5
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.7.4-4
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Fri Feb 5 2021 Marek Kasik <mkasik@redhat.com> - 2.7.4-3
- Build HarfBuzz with bootstrapped freetype
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sun Dec 27 20:48:11 IST 2020 Parag Nemade <pnemade AT redhat DOT com> - 2.7.4-1
- Update to 2.7.4 version (#1911046)
* Fri Dec 25 14:01:50 IST 2020 Parag Nemade <pnemade AT redhat DOT com> - 2.7.3-1
- Update to 2.7.3 version (#1910482)
* Sat Aug 29 2020 Parag Nemade <pnemade AT redhat DOT com> - 2.7.2-1
- Update to 2.7.2 version (#1873689)
* Thu Aug 20 2020 Parag Nemade <pnemade AT redhat DOT com> - 2.7.1-1
- Update to 2.7.1 version (#1860607)
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jun 23 2020 Parag Nemade <pnemade AT redhat DOT com> - 2.6.8-1
- Update to 2.6.8 version (#1849805)
* Thu Jun 04 2020 Parag Nemade <pnemade AT redhat DOT com> - 2.6.7-1
- Update to 2.6.7 version (#1843592)
* Fri May 15 2020 Pete Walter <pwalter@fedoraproject.org> - 2.6.6-2
- Rebuild for ICU 67
* Tue May 12 2020 Parag Nemade <pnemade AT redhat DOT com> - 2.6.6-1
- Update to 2.6.6 version (#1834887)
* Wed Mar 18 2020 Parag Nemade <pnemade AT redhat DOT com> - 2.6.4-4
- Use make_build and make_install macros
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Nov 01 2019 Pete Walter <pwalter@fedoraproject.org> - 2.6.4-2
- Rebuild for ICU 65
* Wed Oct 30 2019 Parag Nemade <pnemade AT redhat DOT com> - 2.6.4-1
- Update to 2.6.4 version (#1766762)
* Tue Oct 29 2019 Parag Nemade <pnemade AT redhat DOT com> - 2.6.3-1
- Update to 2.6.3 version (#1766396)
* Tue Oct 01 2019 Parag Nemade <pnemade AT redhat DOT com> - 2.6.2-1
- Update to 2.6.2 version (#1757207)
* Wed Sep 18 2019 Kalev Lember <klember@redhat.com> - 2.6.1-2
- Build with --with-gobject --enable-introspection (#1737186)
- Tighten soname globs
* Fri Aug 23 2019 Parag Nemade <pnemade AT redhat DOT com> - 2.6.1-1
- Update to 2.6.1 version (#1744835)
* Sat Aug 17 2019 Parag Nemade <pnemade AT redhat DOT com> - 2.6.0-1
- Update to 2.6.0 version (#1742730)
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Jul 12 2019 Adam Williamson <awilliam@redhat.com> - 2.5.3-2
- Revert the offending commit to avoid RHBZ #1689037
* Thu Jun 27 2019 Parag Nemade <pnemade AT redhat DOT com> - 2.5.3-1
- Update to 2.5.3 version (#1724317)
* Fri Jun 21 2019 Parag Nemade <pnemade AT redhat DOT com> - 2.5.2-1
- Update to 2.5.2 version (#1722623)
* Sat Jun 01 2019 Parag Nemade <pnemade AT redhat DOT com> - 2.5.1-1
- Update to 2.5.1 version (#1716024)
* Sun May 26 2019 Parag Nemade <pnemade AT redhat DOT com> - 2.5.0-1
- Update to 2.5.0 version (#1713797)
* Fri Apr 12 2019 Parag Nemade <pnemade AT redhat DOT com> - 2.4.0-1
- Update to 2.4.0 version (#1693940)
* Thu Jan 31 2019 Parag Nemade <pnemade AT redhat DOT com> - 2.3.1-1
- Update to 2.3.1 version (#1671165)
* Wed Jan 23 2019 Pete Walter <pwalter@fedoraproject.org> - 2.1.3-2
- Rebuild for ICU 63
* Fri Nov 23 2018 Parag Nemade <pnemade AT redhat DOT com> - 2.1.3-1
- Update to 2.1.3 version
* Thu Nov 08 2018 Parag Nemade <pnemade AT redhat DOT com> - 2.1.1-1
- Update to 2.1.1 version
* Sun Nov 04 2018 Parag Nemade <pnemade AT redhat DOT com> - 2.1.0-1
- Update to 2.1.0 version
* Thu Nov 01 2018 Parag Nemade <pnemade AT redhat DOT com> - 2.0.2-1
- Update to 2.0.2 version
* Sun Oct 28 2018 Parag Nemade <pnemade AT redhat DOT com> - 2.0.1-1
- Update to 2.0.1 version
* Sat Oct 27 2018 Parag Nemade <pnemade AT redhat DOT com> - 2.0.0-1
- Update to 2.0.0 version
* Fri Sep 07 2018 Parag Nemade <pnemade AT redhat DOT com> - 1.8.8-1
- Update to 1.8.8 version
* Thu Aug 09 2018 Parag Nemade <pnemade AT redhat DOT com> - 1.8.7-1
- Update to 1.8.7 version (#1613591)
* Thu Aug 02 2018 Parag Nemade <pnemade AT redhat DOT com> - 1.8.5-1
- Update to 1.8.5 version (#1611028)
* Wed Jul 18 2018 Parag Nemade <pnemade AT redhat DOT com> - 1.8.4-1
- Update to 1.8.4 version (#1601890)
* Fri Jul 13 2018 Parag Nemade <pnemade AT redhat DOT com> - 1.8.3-1
- Update to 1.8.3 version (#1600306)
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jul 10 2018 Pete Walter <pwalter@fedoraproject.org> - 1.8.2-2
- Rebuild for ICU 62
* Tue Jul 03 2018 Parag Nemade <pnemade AT redhat DOT com> - 1.8.2-1
- Update to 1.8.2 version (#1597679)
* Thu Jun 14 2018 Parag Nemade <pnemade AT redhat DOT com> - 1.8.1-1
- Update to 1.8.1 version (#1590575)
* Wed Jun 06 2018 Parag Nemade <pnemade AT redhat DOT com> - 1.8.0-1
- Update to 1.8.0 version (#1587987)
* Wed Jun 06 2018 Parag Nemade <pnemade AT redhat DOT com> - 1.7.7-1
- Update to 1.7.7 version (#1552962)
* Mon Apr 30 2018 Pete Walter <pwalter@fedoraproject.org> - 1.7.6-2
- Rebuild for ICU 61.1
* Fri Mar 29 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 1.7.5-4
- Rebuilt for MSVSphere 8.10 beta
* Thu Mar 08 2018 Parag Nemade <pnemade AT redhat DOT com> - 1.7.6-1
- Update to 1.7.6 version (#1552962)
- Added new lib libharfbuzz-subset by upstream
- Added harfbuzz cmake file
- Added hb-subset binary file
* Mon Sep 25 2023 Parag Nemade <pnemade AT redhat DOT com> - 1.7.5-4
- Resolves:RHEL-8400 allows attackers to trigger O(n^2) growth via consecutive marks
* Mon Feb 19 2018 Parag Nemade <pnemade AT redhat DOT com> - 1.7.5-3
- Add BuildRequires: gcc-c++ as per packaging guidelines

Write Preview
Loading…
Cancel
Save