diff --git a/backport-CVE-2022-33068.patch b/backport-CVE-2022-33068.patch deleted file mode 100644 index 2a87e75900ae0547ff838cc3fbc30fa504722ee0..0000000000000000000000000000000000000000 --- a/backport-CVE-2022-33068.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 62e803b36173fd096d7ad460dd1d1db9be542593 Mon Sep 17 00:00:00 2001 -From: Behdad Esfahbod -Date: Wed, 1 Jun 2022 07:38:21 -0600 -Subject: [PATCH] [sbix] Limit glyph extents - -Fixes https://github.com/harfbuzz/harfbuzz/issues/3557 ---- - src/hb-ot-color-sbix-table.hh | 6 ++++++ - test/fuzzing/fonts/sbix-extents.ttf | Bin 0 -> 582 bytes - 2 files changed, 6 insertions(+) - create mode 100644 test/fuzzing/fonts/sbix-extents.ttf - -diff --git a/src/hb-ot-color-sbix-table.hh b/src/hb-ot-color-sbix-table.hh -index 9741ebd450..6efae43cda 100644 ---- a/src/hb-ot-color-sbix-table.hh -+++ b/src/hb-ot-color-sbix-table.hh -@@ -298,6 +298,12 @@ struct sbix - - const PNGHeader &png = *blob->as(); - -+ if (png.IHDR.height >= 65536 | png.IHDR.width >= 65536) -+ { -+ hb_blob_destroy (blob); -+ return false; -+ } -+ - extents->x_bearing = x_offset; - extents->y_bearing = png.IHDR.height + y_offset; - extents->width = png.IHDR.width; diff --git a/backport-CVE-2023-25193.patch b/backport-CVE-2023-25193.patch index 679bda245a1044e7d8f1616266e40bc2a48cff4f..675fafd855671a9ac9fab4a25648b518e4cfc944 100644 --- a/backport-CVE-2023-25193.patch +++ b/backport-CVE-2023-25193.patch @@ -5,23 +5,17 @@ Subject: [PATCH] [layout] Limit how far we skip when looking back See comments. --- - src/hb-ot-layout-gsubgpos.hh | 14 +++++++++++++- - 1 file changed, 13 insertions(+), 1 deletion(-) + src/hb-ot-layout-gsubgpos.hh | 7 +++++++ + 1 file changed, 7 insertions(+) diff --git a/src/hb-ot-layout-gsubgpos.hh b/src/hb-ot-layout-gsubgpos.hh -index c9750ff..b83f49e 100644 +index bf74672a1..8ca691805 100644 --- a/src/hb-ot-layout-gsubgpos.hh +++ b/src/hb-ot-layout-gsubgpos.hh -@@ -560,7 +560,19 @@ struct hb_ot_apply_context_t : - bool prev (unsigned *unsafe_from = nullptr) - { - assert (num_items > 0); -- while (idx > num_items - 1) -+ /* The alternate condition below is faster at string boundaries, -+ * but produces subpar "unsafe-to-concat" values. */ -+ unsigned stop = num_items - 1; -+ if (c->buffer->flags & HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT) -+ stop = 1 - 1; +@@ -578,6 +578,13 @@ struct hb_ot_apply_context_t : + unsigned stop = num_items - 1; + if (c->buffer->flags & HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT) + stop = 1 - 1; + + /* When looking back, limit how far we search; this function is mostly + * used for looking back for base glyphs when attaching marks. If we @@ -29,10 +23,9 @@ index c9750ff..b83f49e 100644 + * consecutive marks. */ + stop = (unsigned) hb_max ((int) stop, (int) idx - HB_MAX_CONTEXT_LENGTH); + -+ while (idx > stop) + while (idx > stop) { idx--; - const hb_glyph_info_t &info = c->buffer->out_info[idx]; -- -2.33.0 +2.20.1 diff --git a/harfbuzz-4.3.0.tar.xz b/harfbuzz-6.0.0.tar.xz similarity index 57% rename from harfbuzz-4.3.0.tar.xz rename to harfbuzz-6.0.0.tar.xz index ff35d3cbb235af474ccd97e097450b56444b2810..75aff2ad11237ecfd950f0499bb773a63d4244c2 100644 Binary files a/harfbuzz-4.3.0.tar.xz and b/harfbuzz-6.0.0.tar.xz differ diff --git a/harfbuzz.spec b/harfbuzz.spec index 3643faa9a57cffeadddf12617288a00f57371115..75f45bf1d6d094d6877430078597e8c6f7f7bd20 100644 --- a/harfbuzz.spec +++ b/harfbuzz.spec @@ -1,13 +1,12 @@ Name: harfbuzz -Version: 4.3.0 -Release: 3 +Version: 6.0.0 +Release: 1 Summary: A text shaping engine License: MIT URL: https://harfbuzz.github.io/ Source0: https://github.com/harfbuzz/harfbuzz/releases/download/%{version}/harfbuzz-%{version}.tar.xz -Patch0001: backport-CVE-2022-33068.patch -Patch0002: backport-CVE-2023-25193.patch +Patch0001: backport-CVE-2023-25193.patch BuildRequires: gcc-c++ freetype-devel cairo-devel glib2-devel graphite2-devel BuildRequires: gtk-doc libicu-devel gobject-introspection-devel make @@ -71,6 +70,9 @@ make check %{_datadir}/gtk-doc/html/harfbuzz/* %changelog +* Wed Feb 22 2023 liweiganga - 6.0.0-1 +- upstream to 6.0.0 + * Wed Feb 15 2023 zhouwenpei - 4.3.0-3 - fix CVE-2023-25193