Projects
openEuler:22.03:LTS:LoongArch
harfbuzz
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 5
View file
_service:tar_scm_kernel_repo:harfbuzz.spec
Changed
@@ -1,6 +1,6 @@ Name: harfbuzz Version: 2.8.2 -Release: 3 +Release: 4 Summary: A text shaping engine License: MIT @@ -8,6 +8,8 @@ Source0: https://github.com/harfbuzz/harfbuzz/releases/download/2.8.2/%{name}-%{version}.tar.xz Patch0001: backport-CVE-2022-33068.patch +Patch0002: backport-0001-CVE-2023-25193.patch +Patch0003: backport-0002-CVE-2023-25193.patch BuildRequires: gcc-c++ freetype-devel cairo-devel glib2-devel graphite2-devel BuildRequires: gtk-doc libicu-devel gobject-introspection-devel @@ -71,6 +73,9 @@ %{_datadir}/gtk-doc/html/harfbuzz/* %changelog +* Wed Feb 15 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 2.8.2-4 +- fix CVE-2023-25193 + * Thu Jul 14 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 2.8.2-3 - fix CVE-2022-33068
View file
_service:tar_scm_kernel_repo:backport-0001-CVE-2023-25193.patch
Added
@@ -0,0 +1,37 @@ +From 56f11ec938260836387256225bc47665473e2bbe Mon Sep 17 00:00:00 2001 +From: Behdad Esfahbod <behdad@behdad.org> +Date: Fri, 18 Feb 2022 14:08:43 -0600 +Subject: [PATCH] [buffer] Add HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT + +--- + src/hb-buffer.h | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/hb-buffer.h b/src/hb-buffer.h +index 865ccb2..51b1760 100644 +--- a/src/hb-buffer.h ++++ b/src/hb-buffer.h +@@ -296,7 +296,10 @@ hb_buffer_guess_segment_properties (hb_buffer_t *buffer); + * flag indicating that a dotted circle should + * not be inserted in the rendering of incorrect + * character sequences (such at <0905 093E>). Since: 2.4 +- * ++ * @HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT: ++ * flag indicating that the @HB_GLYPH_FLAG_UNSAFE_TO_CONCAT ++ * glyph-flag should be produced by the shaper. By default ++ * it will not be produced since it incurs a cost. Since: REPLACEME + * Flags for #hb_buffer_t. + * + * Since: 0.9.20 +@@ -307,7 +310,8 @@ typedef enum { /*< flags >*/ + HB_BUFFER_FLAG_EOT = 0x00000002u, /* End-of-text */ + HB_BUFFER_FLAG_PRESERVE_DEFAULT_IGNORABLES = 0x00000004u, + HB_BUFFER_FLAG_REMOVE_DEFAULT_IGNORABLES = 0x00000008u, +- HB_BUFFER_FLAG_DO_NOT_INSERT_DOTTED_CIRCLE = 0x00000010u ++ HB_BUFFER_FLAG_DO_NOT_INSERT_DOTTED_CIRCLE = 0x00000010u, ++ HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT = 0x00000040u + } hb_buffer_flags_t; + + HB_EXTERN void +-- +2.27.0
View file
_service:tar_scm_kernel_repo:backport-0002-CVE-2023-25193.patch
Added
@@ -0,0 +1,38 @@ +From 85be877925ddbf34f74a1229f3ca1716bb6170dc Mon Sep 17 00:00:00 2001 +From: Behdad Esfahbod <behdad@behdad.org> +Date: Wed, 1 Feb 2023 20:00:43 -0700 +Subject: [PATCH] [layout] Limit how far we skip when looking back + +See comments. +--- + src/hb-ot-layout-gsubgpos.hh | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/src/hb-ot-layout-gsubgpos.hh b/src/hb-ot-layout-gsubgpos.hh +index c17bf92..712e307 100644 +--- a/src/hb-ot-layout-gsubgpos.hh ++++ b/src/hb-ot-layout-gsubgpos.hh +@@ -535,7 +535,19 @@ struct hb_ot_apply_context_t : + bool prev () + { + assert (num_items > 0); +- while (idx > num_items - 1) ++ /* The alternate condition below is faster at string boundaries, ++ * but produces subpar "unsafe-to-concat" values. */ ++ unsigned stop = num_items - 1; ++ if (c->buffer->flags & HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT) ++ stop = 1 - 1; ++ ++ /* When looking back, limit how far we search; this function is mostly ++ * used for looking back for base glyphs when attaching marks. If we ++ * don't limit, we can get O(n^2) behavior where n is the number of ++ * consecutive marks. */ ++ stop = (unsigned) hb_max ((int) stop, (int) idx - HB_MAX_CONTEXT_LENGTH); ++ ++ while (idx > stop) + { + idx--; + const hb_glyph_info_t &info = c->buffer->out_info[idx]; +-- +2.33.0 +
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.