diff --git a/harfbuzz-8.4.0-sast.patch b/harfbuzz-8.4.0-sast.patch new file mode 100644 index 0000000000000000000000000000000000000000..e899ba4a5cd071c2b3f70e7791299735ccfebc28 --- /dev/null +++ b/harfbuzz-8.4.0-sast.patch @@ -0,0 +1,44 @@ +diff -urN harfbuzz-8.4.0.old/src/hb-cff-interp-dict-common.hh harfbuzz-8.4.0/src/hb-cff-interp-dict-common.hh +--- harfbuzz-8.4.0.old/src/hb-cff-interp-dict-common.hh 2024-03-29 20:03:04.000000000 +0530 ++++ harfbuzz-8.4.0/src/hb-cff-interp-dict-common.hh 2024-08-16 14:53:09.265168054 +0530 +@@ -84,7 +84,7 @@ + + enum Nibble { DECIMAL=10, EXP_POS, EXP_NEG, RESERVED, NEG, END }; + +- char buf[32]; ++ char buf[32] = {0}; + unsigned char byte = 0; + for (unsigned i = 0, count = 0; count < ARRAY_LENGTH (buf); ++i, ++count) + { +diff -urN harfbuzz-8.4.0.old/test/api/test-font.c harfbuzz-8.4.0/test/api/test-font.c +--- harfbuzz-8.4.0.old/test/api/test-font.c 2024-03-29 20:03:04.000000000 +0530 ++++ harfbuzz-8.4.0/test/api/test-font.c 2024-08-16 14:53:09.266168070 +0530 +@@ -417,7 +417,7 @@ + font2 = hb_font_create_sub_font (font1); + hb_font_destroy (font1); + ffuncs2 = hb_font_funcs_create (); +- hb_font_funcs_set_nominal_glyphs_func (ffuncs1, nominal_glyphs_func, NULL, NULL); ++ hb_font_funcs_set_nominal_glyphs_func (ffuncs2, nominal_glyphs_func, NULL, NULL); + hb_font_set_funcs (font2, ffuncs2, NULL, NULL); + hb_font_funcs_destroy (ffuncs2); + +diff -urN harfbuzz-8.4.0.old/util/hb-subset.cc harfbuzz-8.4.0/util/hb-subset.cc +--- harfbuzz-8.4.0.old/util/hb-subset.cc 2024-03-29 20:03:04.000000000 +0530 ++++ harfbuzz-8.4.0/util/hb-subset.cc 2024-08-16 14:53:09.267168086 +0530 +@@ -792,6 +792,7 @@ + g_set_error (error, G_OPTION_ERROR, G_OPTION_ERROR_FAILED, + "Failed reading file `%s': %s", + arg, strerror (errno)); ++ fclose(fp); + return false; + } + g_string_append_c (gs, '\0'); +@@ -812,6 +813,8 @@ + + g_string_free (gs, false); + ++ fclose(fp); ++ + return true; + } + diff --git a/harfbuzz-8.1.1.tar.xz b/harfbuzz-8.4.0.tar.xz similarity index 66% rename from harfbuzz-8.1.1.tar.xz rename to harfbuzz-8.4.0.tar.xz index 22211df644b6dfdc7d6449500253025bca7d4a90..4e47c203227e089f85f9b8d74f8f8e2d84d15dec 100644 Binary files a/harfbuzz-8.1.1.tar.xz and b/harfbuzz-8.4.0.tar.xz differ diff --git a/harfbuzz.spec b/harfbuzz.spec index 20b14ba7f74e195b4a4525b49fa57ad8f85b4331..608837dd9e3cbccffe6d0b13de81f73a1b1d37c1 100644 --- a/harfbuzz.spec +++ b/harfbuzz.spec @@ -1,6 +1,6 @@ %define anolis_release 1 Name: harfbuzz -Version: 8.1.1 +Version: 8.4.0 Release: %{anolis_release}%{?dist} Summary: Text shaping library @@ -8,6 +8,8 @@ License: MIT URL: https://harfbuzz.github.io/ Source0: https://github.com/harfbuzz/harfbuzz/releases/download/%{version}/harfbuzz-%{version}.tar.xz +Patch0: harfbuzz-8.4.0-sast.patch + BuildRequires: pkgconfig(cairo) >= 1.8.0 BuildRequires: pkgconfig(cairo-ft) BuildRequires: pkgconfig(chafa) >= 1.6.0 @@ -57,7 +59,7 @@ export CXXFLAGS="${CXXFLAGS/-fexceptions /}" # experimental api introduced in 6.0.0 for cjk writing systems # https://github.com/harfbuzz/harfbuzz/releases/tag/6.0.0 -%meson -Dgraphite2=enabled -Dexperimental_api=true +%meson -Dgraphite2=enabled %meson_build %install @@ -117,6 +119,9 @@ export CXXFLAGS="${CXXFLAGS/-fexceptions /}" %{abidir}/libharfbuzz-icu.dump %changelog +* Tue Feb 18 2025 Xiaoping Liu - 8.4.0-1 +- Refer to CentOS Stream harfbuzz-8.4.0-5 (tdawson@redhat.com) + * Thu Aug 03 2023 Funda Wang - 8.1.1-1 - New version 8.1.1