3 changed files with 2 additions and 79 deletions
--- a/backport-CVE-2024-56732.patch
+++ b/backport-CVE-2024-56732.patch
@ -1,59 +0,0 @@
 From 1767f99e2e2196c3fcae27db6d8b60098d3f6d26 Mon Sep 17 00:00:00 2001
 From: Behdad Esfahbod <behdad@behdad.org>
 Date: Sun, 10 Nov 2024 22:43:28 -0700
 Subject: [PATCH] [cairo] Guard hb_cairo_glyphs_from_buffer() against bad UTF-8
 Previously it was assuming valid UTF-8.
 ---
 src/hb-cairo.cc | 2 ++
 src/hb-utf.hh   | 6 ++++--
 2 files changed, 6 insertions(+), 2 deletions(-)
 diff --git a/src/hb-cairo.cc b/src/hb-cairo.cc
 index d8b582c4908..4d22ae059ff 100644
 --- a/src/hb-cairo.cc
 +++ b/src/hb-cairo.cc
@@ -1000,6 +1000,7 @@ hb_cairo_glyphs_from_buffer (hb_buffer_t *buffer,
 	    end = start + hb_glyph[i].cluster - hb_glyph[i+1].cluster;
 	  else
 	    end = (const char *) hb_utf_offset_to_pointer<hb_utf8_t> ((const uint8_t *) start,
 +								      (const uint8_t *) utf8, utf8_len,
 								      (signed) (hb_glyph[i].cluster - hb_glyph[i+1].cluster));
 	  (*clusters)[cluster].num_bytes = end - start;
 	  start = end;
@@ -1020,6 +1021,7 @@ hb_cairo_glyphs_from_buffer (hb_buffer_t *buffer,
 	    end = start + hb_glyph[i].cluster - hb_glyph[i-1].cluster;
 	  else
 	    end = (const char *) hb_utf_offset_to_pointer<hb_utf8_t> ((const uint8_t *) start,
 +								      (const uint8_t *) utf8, utf8_len,
 								      (signed) (hb_glyph[i].cluster - hb_glyph[i-1].cluster));
 	  (*clusters)[cluster].num_bytes = end - start;
 	  start = end;
 diff --git a/src/hb-utf.hh b/src/hb-utf.hh
 index 1120bd1cccf..6db9bf2fd79 100644
 --- a/src/hb-utf.hh
 +++ b/src/hb-utf.hh
@@ -458,19 +458,21 @@ struct hb_ascii_t
 template <typename utf_t>
 static inline const typename utf_t::codepoint_t *
 hb_utf_offset_to_pointer (const typename utf_t::codepoint_t *start,
 +			  const typename utf_t::codepoint_t *text,
 +			  unsigned text_len,
 			  signed offset)
 {
   hb_codepoint_t unicode;
   while (offset-- > 0)
     start = utf_t::next (start,
 -			 start + utf_t::max_len,
 +			 text + text_len,
 			 &unicode,
 			 HB_BUFFER_REPLACEMENT_CODEPOINT_DEFAULT);
   while (offset++ < 0)
     start = utf_t::prev (start,
 -			 start - utf_t::max_len,
 +			 text,
 			 &unicode,
 			 HB_BUFFER_REPLACEMENT_CODEPOINT_DEFAULT);
--- a/harfbuzz-4.3.0.tar.xz
+++ b/harfbuzz-4.3.0.tar.xz
--- a/harfbuzz.spec
+++ b/harfbuzz.spec
@ -1,13 +1,11 @@
 Name:           harfbuzz
-Version:        8.3.0
+Version:        4.3.0
-Release:        2
+Release:        1
 Summary:        A text shaping engine
 License:        MIT
 URL:            https://harfbuzz.github.io/
 Source0:        https://github.com/harfbuzz/harfbuzz/releases/download/%{version}/harfbuzz-%{version}.tar.xz
 Patch6000:      backport-CVE-2024-56732.patch
 BuildRequires:  gcc-c++ freetype-devel cairo-devel glib2-devel graphite2-devel
 BuildRequires:  gtk-doc libicu-devel gobject-introspection-devel make
 Provides:       harfbuzz-icu
@ -55,7 +53,6 @@ make check
 %{_libdir}/libharfbuzz-icu.so.*
 %dir %{_libdir}/girepository-1.0
 %{_libdir}/girepository-1.0/HarfBuzz-0.0.typelib
 %{_libdir}/libharfbuzz-cairo.so.0*
 %files devel
 %{_bindir}/*
@ -71,21 +68,6 @@ make check
 %{_datadir}/gtk-doc/html/harfbuzz/*
 %changelog
 * Mon Dec 30 2024 zhangpan <zhnagpan103@h-partners.com> - 8.3.0-2
 - fix CVE-2024-56732
 * Wed Nov 22 2023 wangqia <wangqia@uniontech.com> - 8.3.0-1
 - Update to 8.3.0
 * Wed Feb 22 2023 liweiganga <liweiganga@uniontech.com> - 6.0.0-1
 - upstream to 6.0.0
 * Wed Feb 15 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 4.3.0-3
 - fix CVE-2023-25193
 * Thu Jul 14 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 4.3.0-2
 - fix CVE-2022-33068
 * Mon Jun 20 2022 lin zhang <lin.zhang@turbolinux.com.cn> - 4.3.0-1
 - update to 4.3.0