packages/harfbuzz
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!53 upstream to 6.0.0

Browse Source 
From: @leeffo 
Reviewed-by: @weidongkl 
Signed-off-by: @weidongkl
This commit is contained in:
openeuler-ci-bot 2023-02-23 02:24:01 +00:00 committed by Gitee
commit 45945b437b
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
4 changed files with 15 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
backport-CVE-2022-33068.patch
View File

@ -1,29 +0,0 @@
From 62e803b36173fd096d7ad460dd1d1db9be542593 Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Wed, 1 Jun 2022 07:38:21 -0600
Subject: [PATCH] [sbix] Limit glyph extents
Fixes https://github.com/harfbuzz/harfbuzz/issues/3557
---
src/hb-ot-color-sbix-table.hh | 6 ++++++
test/fuzzing/fonts/sbix-extents.ttf | Bin 0 -> 582 bytes
2 files changed, 6 insertions(+)
create mode 100644 test/fuzzing/fonts/sbix-extents.ttf
diff --git a/src/hb-ot-color-sbix-table.hh b/src/hb-ot-color-sbix-table.hh
index 9741ebd450..6efae43cda 100644
--- a/src/hb-ot-color-sbix-table.hh
+++ b/src/hb-ot-color-sbix-table.hh
@@ -298,6 +298,12 @@ struct sbix
const PNGHeader &png = *blob->as<PNGHeader>();
+ if (png.IHDR.height >= 65536 | png.IHDR.width >= 65536)
+ {
+ hb_blob_destroy (blob);
+ return false;
+ }
+
extents->x_bearing = x_offset;
extents->y_bearing = png.IHDR.height + y_offset;
extents->width = png.IHDR.width;

25
backport-CVE-2023-25193.patch
View File

@ -5,23 +5,17 @@ Subject: [PATCH] [layout] Limit how far we skip when looking back
See comments.
---
src/hb-ot-layout-gsubgpos.hh | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
src/hb-ot-layout-gsubgpos.hh | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/hb-ot-layout-gsubgpos.hh b/src/hb-ot-layout-gsubgpos.hh
index c9750ff..b83f49e 100644
index bf74672a1..8ca691805 100644
--- a/src/hb-ot-layout-gsubgpos.hh
+++ b/src/hb-ot-layout-gsubgpos.hh
@@ -560,7 +560,19 @@ struct hb_ot_apply_context_t :
bool prev (unsigned *unsafe_from = nullptr)
{
assert (num_items > 0);
- while (idx > num_items - 1)
+ /* The alternate condition below is faster at string boundaries,
+ * but produces subpar "unsafe-to-concat" values. */
+ unsigned stop = num_items - 1;
+ if (c->buffer->flags & HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT)
+ stop = 1 - 1;
@@ -578,6 +578,13 @@ struct hb_ot_apply_context_t :
unsigned stop = num_items - 1;
if (c->buffer->flags & HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT)
stop = 1 - 1;
+
+ /* When looking back, limit how far we search; this function is mostly
+ * used for looking back for base glyphs when attaching marks. If we
@ -29,10 +23,9 @@ index c9750ff..b83f49e 100644
+ * consecutive marks. */
+ stop = (unsigned) hb_max ((int) stop, (int) idx - HB_MAX_CONTEXT_LENGTH);
+
+ while (idx > stop)
while (idx > stop)
{
idx--;
const hb_glyph_info_t &info = c->buffer->out_info[idx];
--
2.33.0
2.20.1

BIN
harfbuzz-4.3.0.tar.xz → harfbuzz-6.0.0.tar.xz
View File

Binary file not shown.

10
harfbuzz.spec
View File

@ -1,13 +1,12 @@
Name: harfbuzz
Version: 4.3.0
Release: 3
Version: 6.0.0
Release: 1
Summary: A text shaping engine
License: MIT
URL: https://harfbuzz.github.io/
Source0: https://github.com/harfbuzz/harfbuzz/releases/download/%{version}/harfbuzz-%{version}.tar.xz
Patch0001: backport-CVE-2022-33068.patch
Patch0002: backport-CVE-2023-25193.patch
Patch0001: backport-CVE-2023-25193.patch
BuildRequires: gcc-c++ freetype-devel cairo-devel glib2-devel graphite2-devel
BuildRequires: gtk-doc libicu-devel gobject-introspection-devel make
@ -71,6 +70,9 @@ make check
%{_datadir}/gtk-doc/html/harfbuzz/*
%changelog
* Wed Feb 22 2023 liweiganga <liweiganga@uniontech.com> - 6.0.0-1
- upstream to 6.0.0
* Wed Feb 15 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 4.3.0-3
- fix CVE-2023-25193