From 761b2b3afe7ac19667829cd0c1873dab0d8eacba Mon Sep 17 00:00:00 2001
From: Zhao Hang <wb-zh951434@alibaba-inc.com>
Date: Wed, 15 May 2024 16:07:28 +0800
Subject: [PATCH 1/2] update to harfbuzz-2.7.4-10.src.rpm

Signed-off-by: Zhao Hang <wb-zh951434@alibaba-inc.com>
---
 ...it_how_far_we_skip_when_looking_back.patch | 20 ++++++++++++++
 harfbuzz.spec                                 | 26 ++++++++-----------
 2 files changed, 31 insertions(+), 15 deletions(-)
 create mode 100644 CVE-2023-25193-Limit_how_far_we_skip_when_looking_back.patch

diff --git a/CVE-2023-25193-Limit_how_far_we_skip_when_looking_back.patch b/CVE-2023-25193-Limit_how_far_we_skip_when_looking_back.patch
new file mode 100644
index 0000000..dc2f326
--- /dev/null
+++ b/CVE-2023-25193-Limit_how_far_we_skip_when_looking_back.patch
@@ -0,0 +1,20 @@
+diff -urN harfbuzz-2.7.4.old/src/hb-ot-layout-gsubgpos.hh harfbuzz-2.7.4/src/hb-ot-layout-gsubgpos.hh
+--- harfbuzz-2.7.4.old/src/hb-ot-layout-gsubgpos.hh	2020-12-27 05:31:18.000000000 +0530
++++ harfbuzz-2.7.4/src/hb-ot-layout-gsubgpos.hh	2023-09-09 18:11:07.014324408 +0530
+@@ -468,7 +468,15 @@
+     bool prev ()
+     {
+       assert (num_items > 0);
+-      while (idx > num_items - 1)
++      unsigned stop = num_items - 1;
++
++      /* When looking back, limit how far we search; this function is mostly
++       * used for looking back for base glyphs when attaching marks. If we
++       * don't limit, we can get O(n^2) behavior where n is the number of
++       * consecutive marks. */
++      stop = (unsigned) hb_max ((int) stop, (int) idx - HB_MAX_CONTEXT_LENGTH);
++
++      while (idx > stop)
+       {
+ 	idx--;
+ 	const hb_glyph_info_t &info = c->buffer->out_info[idx];
diff --git a/harfbuzz.spec b/harfbuzz.spec
index cec4775..f0572a3 100644
--- a/harfbuzz.spec
+++ b/harfbuzz.spec
@@ -1,7 +1,6 @@
-%define anolis_release .0.1
 Name:           harfbuzz
 Version:        2.7.4
-Release:        8%{anolis_release}%{?dist}
+Release:        10%{?dist}
 Summary:        Text shaping library
 
 License:        MIT
@@ -10,6 +9,8 @@ Source0:        https://github.com/harfbuzz/harfbuzz/releases/download/%{version
 
 # Upstream patch https://github.com/harfbuzz/harfbuzz/issues/3557
 Patch0:         CVE-2022-33068-sbix-Limit-glyph-extents.patch
+# Upstream https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc#commitcomment-101335712
+Patch1:         CVE-2023-25193-Limit_how_far_we_skip_when_looking_back.patch
 
 BuildRequires:  cairo-devel
 BuildRequires:  freetype-devel
@@ -41,16 +42,10 @@ Requires:       %{name}%{?_isa} = %{version}-%{release}
 %description    icu
 This package contains Harfbuzz ICU support library.
 
-%package doc
-Summary: Documents for %{name}
-BuildArch: noarch
-Requires: %{name} = %{version}-%{release}
-
-%description  doc
-Doc pages for %{name}.
-
 %prep
 %autosetup -p1
+# rpminspect complained about invalid unicode characters like 0x202B and 0x202C
+rm -f test/shaping/texts/in-house/shaper-arabic/script-arabic/language-persian/mehran.txt
 
 
 %build
@@ -70,6 +65,7 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
 
 %files
 %license COPYING
+%doc NEWS AUTHORS README
 %{_libdir}/libharfbuzz.so.0*
 %{_libdir}/libharfbuzz-gobject.so.0*
 %{_libdir}/libharfbuzz-subset.so.0*
@@ -98,12 +94,12 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
 %files icu
 %{_libdir}/libharfbuzz-icu.so.*
 
-%files doc
-%doc NEWS AUTHORS README
-
 %changelog
-* Mon May 15 2023 Chang Gao <gc-taifu@linux.alibaba.com> -  2.7.4-8.0.1
-- Add doc subpack
+* Mon Sep 18 2023 Parag Nemade <pnemade AT redhat DOT com> - 2.7.4-10
+- Resolves:RHEL-2268 Fix CI tests results
+
+* Sat Sep 09 2023 Parag Nemade <pnemade AT redhat DOT com> - 2.7.4-9
+- Resolves:RHEL-2268 CVE-2023-25193
 
 * Mon Jul 18 2022 Parag Nemade <pnemade AT redhat DOT com> - 2.7.4-8
 - Resolves:rh#2103849
-- 
Gitee


From b0983aeccd1b9258d0746f10f3b5e80b48916664 Mon Sep 17 00:00:00 2001
From: "taifu.gc" <taifu.gc@alibaba-inc.com>
Date: Tue, 29 Nov 2022 21:16:49 +0800
Subject: [PATCH 2/2] Add doc sub pack

---
 harfbuzz.spec | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/harfbuzz.spec b/harfbuzz.spec
index f0572a3..3798b41 100644
--- a/harfbuzz.spec
+++ b/harfbuzz.spec
@@ -1,6 +1,7 @@
+%define anolis_release .0.1
 Name:           harfbuzz
 Version:        2.7.4
-Release:        10%{?dist}
+Release:        10%{anolis_release}%{?dist}
 Summary:        Text shaping library
 
 License:        MIT
@@ -42,6 +43,14 @@ Requires:       %{name}%{?_isa} = %{version}-%{release}
 %description    icu
 This package contains Harfbuzz ICU support library.
 
+%package doc
+Summary: Documents for %{name}
+BuildArch: noarch
+Requires: %{name} = %{version}-%{release}
+
+%description  doc
+Doc pages for %{name}.
+
 %prep
 %autosetup -p1
 # rpminspect complained about invalid unicode characters like 0x202B and 0x202C
@@ -65,7 +74,6 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
 
 %files
 %license COPYING
-%doc NEWS AUTHORS README
 %{_libdir}/libharfbuzz.so.0*
 %{_libdir}/libharfbuzz-gobject.so.0*
 %{_libdir}/libharfbuzz-subset.so.0*
@@ -94,7 +102,13 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
 %files icu
 %{_libdir}/libharfbuzz-icu.so.*
 
+%files doc
+%doc NEWS AUTHORS README
+
 %changelog
+* Wed May 15 2024 Chang Gao <gc-taifu@linux.alibaba.com> -  2.7.4-10.0.1
+- Add doc subpack
+
 * Mon Sep 18 2023 Parag Nemade <pnemade AT redhat DOT com> - 2.7.4-10
 - Resolves:RHEL-2268 Fix CI tests results
 
-- 
Gitee