From d13cf29a0408c45ad82d097ad3e99c4b8ef6779d Mon Sep 17 00:00:00 2001
From: zhanglu <zhanglu37@huawei.com>
Date: Sun, 12 Jan 2020 12:10:25 +0800
Subject: [PATCH 1/2] fix cve

---
 CVE-2019-18397.patch | 25 +++++++++++++++++++++++++
 fribidi.spec         |  6 +++++-
 2 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2019-18397.patch

diff --git a/CVE-2019-18397.patch b/CVE-2019-18397.patch
new file mode 100644
index 0000000..157eb18
--- /dev/null
+++ b/CVE-2019-18397.patch
@@ -0,0 +1,25 @@
+From 034c6e9a1d296286305f4cfd1e0072b879f52568 Mon Sep 17 00:00:00 2001
+From: Dov Grobgeld <dov.grobgeld@gmail.com>
+Date: Thu, 24 Oct 2019 09:37:29 +0300
+Subject: [PATCH] Truncate isolate_level to FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL
+
+---
+ lib/fribidi-bidi.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/lib/fribidi-bidi.c b/lib/fribidi-bidi.c
+index 6c84392..d384878 100644
+--- a/lib/fribidi-bidi.c
++++ b/lib/fribidi-bidi.c
+@@ -747,7 +747,9 @@ fribidi_get_par_embedding_levels_ex (
+             }
+ 
+ 	  RL_LEVEL (pp) = level;
+-          RL_ISOLATE_LEVEL (pp) = isolate_level++;
++          RL_ISOLATE_LEVEL (pp) = isolate_level;
++          if (isolate_level < FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL-1)
++              isolate_level++;
+           base_level_per_iso_level[isolate_level] = new_level;
+ 
+ 	  if (!FRIBIDI_IS_NEUTRAL (override))
+
diff --git a/fribidi.spec b/fribidi.spec
index 72ff269..1129c23 100644
--- a/fribidi.spec
+++ b/fribidi.spec
@@ -1,12 +1,13 @@
 Name:           fribidi
 Version:        1.0.5
-Release:        3
+Release:        4
 Summary:        Library implementing the Unicode Bidirectional Algorithm
 License:        LGPLv2+ and UCD
 URL:            https://github.com/fribidi/fribidi/
 Source:         https://github.com/%{name}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.bz2
 
 BuildRequires:  gcc automake autoconf libtool
+Patch6000       CVE-2019-18397.patch
 
 %description
 A library to handle bidirectional scripts (for example Hebrew, Arabic),
@@ -53,6 +54,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
 %{_mandir}/man3/*.gz
 
 %changelog
+* Sun Jan 12 2020 zhangrui <zhangrui182@huawei.com> - 1.0.5-4
+- fix CVE-2019-18397
+
 * Fri Jan 10 2020 zhangrui <zhangrui182@huawei.com> - 1.0.5-3
 - Remove unnecessary patch
 
-- 
Gitee


From dcb6bfc4abf4e2180c788f2f86cff432f1d03e11 Mon Sep 17 00:00:00 2001
From: zhanglu <zhanglu37@huawei.com>
Date: Sun, 12 Jan 2020 12:41:02 +0800
Subject: [PATCH 2/2] fix cve

---
 fribidi.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fribidi.spec b/fribidi.spec
index 1129c23..cbb57ef 100644
--- a/fribidi.spec
+++ b/fribidi.spec
@@ -7,7 +7,7 @@ URL:            https://github.com/fribidi/fribidi/
 Source:         https://github.com/%{name}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.bz2
 
 BuildRequires:  gcc automake autoconf libtool
-Patch6000       CVE-2019-18397.patch
+Patch6000:      CVE-2019-18397.patch
 
 %description
 A library to handle bidirectional scripts (for example Hebrew, Arabic),
-- 
Gitee