upstream 6.0.0

backport-CVE-2022-33068.patch

@@ -1,29 +0,0 @@
-From 62e803b36173fd096d7ad460dd1d1db9be542593 Mon Sep 17 00:00:00 2001
-From: Behdad Esfahbod <behdad@behdad.org>
-Date: Wed, 1 Jun 2022 07:38:21 -0600
-Subject: [PATCH] [sbix] Limit glyph extents
-
-Fixes https://github.com/harfbuzz/harfbuzz/issues/3557
----
- src/hb-ot-color-sbix-table.hh       |   6 ++++++
- test/fuzzing/fonts/sbix-extents.ttf | Bin 0 -> 582 bytes
- 2 files changed, 6 insertions(+)
- create mode 100644 test/fuzzing/fonts/sbix-extents.ttf
-
-diff --git a/src/hb-ot-color-sbix-table.hh b/src/hb-ot-color-sbix-table.hh
-index 9741ebd450..6efae43cda 100644
---- a/src/hb-ot-color-sbix-table.hh
-+++ b/src/hb-ot-color-sbix-table.hh
-@@ -298,6 +298,12 @@ struct sbix
- 
-       const PNGHeader &png = *blob->as<PNGHeader>();
- 
-+      if (png.IHDR.height >= 65536 | png.IHDR.width >= 65536)
-+      {
-+	hb_blob_destroy (blob);
-+	return false;
-+      }
-+
-       extents->x_bearing = x_offset;
-       extents->y_bearing = png.IHDR.height + y_offset;
-       extents->width     = png.IHDR.width;

backport-CVE-2023-25193.patch

@@ -5,23 +5,17 @@ Subject: [PATCH] [layout] Limit how far we skip when looking back
 
 See comments.
 ---
- src/hb-ot-layout-gsubgpos.hh | 14 +++++++++++++-
+ src/hb-ot-layout-gsubgpos.hh | 7 +++++++
- 1 file changed, 13 insertions(+), 1 deletion(-)
+ 1 file changed, 7 insertions(+)
 
 diff --git a/src/hb-ot-layout-gsubgpos.hh b/src/hb-ot-layout-gsubgpos.hh
-index c9750ff..b83f49e 100644
+index bf74672a1..8ca691805 100644
 --- a/src/hb-ot-layout-gsubgpos.hh
 +++ b/src/hb-ot-layout-gsubgpos.hh
-@@ -560,7 +560,19 @@ struct hb_ot_apply_context_t :
+@@ -578,6 +578,13 @@ struct hb_ot_apply_context_t :
-     bool prev (unsigned *unsafe_from = nullptr)
+       unsigned stop = num_items - 1;
-     {
+       if (c->buffer->flags & HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT)
-       assert (num_items > 0);
+         stop = 1 - 1;
--      while (idx > num_items - 1)
-+      /* The alternate condition below is faster at string boundaries,
-+       * but produces subpar "unsafe-to-concat" values. */
-+      unsigned stop = num_items - 1;
-+      if (c->buffer->flags & HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT)
-+	      stop = 1 - 1;
 +
 +      /* When looking back, limit how far we search; this function is mostly
 +       * used for looking back for base glyphs when attaching marks. If we
@@ -29,10 +23,9 @@ index c9750ff..b83f49e 100644
 +       * consecutive marks. */
 +      stop = (unsigned) hb_max ((int) stop, (int) idx - HB_MAX_CONTEXT_LENGTH);
 +
-+      while (idx > stop)
+       while (idx > stop)
        {
  	idx--;
- 	const hb_glyph_info_t &info = c->buffer->out_info[idx];
 -- 
-2.33.0
+2.20.1
 

harfbuzz.spec

@@ -1,13 +1,12 @@
 Name:           harfbuzz
-Version:        4.3.0
+Version:        6.0.0
-Release:        3
+Release:        1
 Summary:        A text shaping engine
 License:        MIT
 URL:            https://harfbuzz.github.io/
 Source0:        https://github.com/harfbuzz/harfbuzz/releases/download/%{version}/harfbuzz-%{version}.tar.xz
 
-Patch0001:	backport-CVE-2022-33068.patch
+Patch0001:	backport-CVE-2023-25193.patch
-Patch0002:	backport-CVE-2023-25193.patch
 
 BuildRequires:  gcc-c++ freetype-devel cairo-devel glib2-devel graphite2-devel
 BuildRequires:  gtk-doc libicu-devel gobject-introspection-devel make
@@ -71,6 +70,9 @@ make check
 %{_datadir}/gtk-doc/html/harfbuzz/*
 
 %changelog
+* Wed Feb 22 2023 liweiganga <liweiganga@uniontech.com> - 6.0.0-1
+- upstream to 6.0.0
+
 * Wed Feb 15 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 4.3.0-3
 - fix CVE-2023-25193