Open Build Service

_service:tar_scm_kernel_repo:harfbuzz.spec Changed

_service:tar_scm_kernel_repo:backport-0001-CVE-2023-25193.patch Added

@@ -0,0 +1,37 @@
+From 56f11ec938260836387256225bc47665473e2bbe Mon Sep 17 00:00:00 2001
+From: Behdad Esfahbod <behdad@behdad.org>
+Date: Fri, 18 Feb 2022 14:08:43 -0600
+Subject: [PATCH] [buffer] Add HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT
+
+---
+ src/hb-buffer.h | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/hb-buffer.h b/src/hb-buffer.h
+index 865ccb2..51b1760 100644
+--- a/src/hb-buffer.h
++++ b/src/hb-buffer.h
+@@ -296,7 +296,10 @@ hb_buffer_guess_segment_properties (hb_buffer_t *buffer);
+  *                      flag indicating that a dotted circle should
+  *                      not be inserted in the rendering of incorrect
+  *                      character sequences (such at <0905 093E>). Since: 2.4
+- *
++ * @HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT:
++ *                      flag indicating that the @HB_GLYPH_FLAG_UNSAFE_TO_CONCAT
++ *                      glyph-flag should be produced by the shaper. By default
++ *                      it will not be produced since it incurs a cost. Since: REPLACEME
+  * Flags for #hb_buffer_t.
+  *
+  * Since: 0.9.20
+@@ -307,7 +310,8 @@ typedef enum { /*< flags >*/
+   HB_BUFFER_FLAG_EOT				= 0x00000002u, /* End-of-text */
+   HB_BUFFER_FLAG_PRESERVE_DEFAULT_IGNORABLES	= 0x00000004u,
+   HB_BUFFER_FLAG_REMOVE_DEFAULT_IGNORABLES	= 0x00000008u,
+-  HB_BUFFER_FLAG_DO_NOT_INSERT_DOTTED_CIRCLE	= 0x00000010u
++  HB_BUFFER_FLAG_DO_NOT_INSERT_DOTTED_CIRCLE	= 0x00000010u,
++  HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT	= 0x00000040u
+ } hb_buffer_flags_t;
+ 
+ HB_EXTERN void
+-- 
+2.27.0

_service:tar_scm_kernel_repo:backport-0002-CVE-2023-25193.patch Added

@@ -0,0 +1,38 @@
+From 85be877925ddbf34f74a1229f3ca1716bb6170dc Mon Sep 17 00:00:00 2001
+From: Behdad Esfahbod <behdad@behdad.org>
+Date: Wed, 1 Feb 2023 20:00:43 -0700
+Subject: [PATCH] [layout] Limit how far we skip when looking back
+
+See comments.
+---
+ src/hb-ot-layout-gsubgpos.hh | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/src/hb-ot-layout-gsubgpos.hh b/src/hb-ot-layout-gsubgpos.hh
+index c17bf92..712e307 100644
+--- a/src/hb-ot-layout-gsubgpos.hh
++++ b/src/hb-ot-layout-gsubgpos.hh
+@@ -535,7 +535,19 @@ struct hb_ot_apply_context_t :
+     bool prev ()
+     {
+       assert (num_items > 0);
+-      while (idx > num_items - 1)
++      /* The alternate condition below is faster at string boundaries,
++       * but produces subpar "unsafe-to-concat" values. */
++      unsigned stop = num_items - 1;
++      if (c->buffer->flags & HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT)
++	      stop = 1 - 1;
++
++      /* When looking back, limit how far we search; this function is mostly
++       * used for looking back for base glyphs when attaching marks. If we
++       * don't limit, we can get O(n^2) behavior where n is the number of
++       * consecutive marks. */
++      stop = (unsigned) hb_max ((int) stop, (int) idx - HB_MAX_CONTEXT_LENGTH);
++
++      while (idx > stop)
+       {
+ 	idx--;
+ 	const hb_glyph_info_t &info = c->buffer->out_info[idx];
+-- 
+2.33.0
+

Changes of Revision 5