pool/fribidi
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
30b9641c9f
fribidi/Truncate-isolate_level-to-FRIBIDI_BIDI_MAX_EXPLICIT_.diff
Takashi Iwai cb492132ad Accepting request 808288 from home:Kieltux:branches:M17N 
- Add no-config-h.diff - copied from Debian
  Remove HAVE_CONFIG_H from public API
- Add Truncate-isolate_level-to-FRIBIDI_BIDI_MAX_EXPLICIT_.diff -
  copied from Debian, CVE-2019-18397
  Truncate isolate_level to FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL
- Run spec-cleaner

The patch no-config-h.diff fixes building of some programs in OBS, e.g. Warmux.
CVE-2019-18397. I think the assumption in https://bugzilla.suse.com/show_bug.cgi?id=CVE-2019-18397 is wrong.

OBS-URL: https://build.opensuse.org/request/show/808288
OBS-URL: https://build.opensuse.org/package/show/M17N/fribidi?expand=0&rev=24
2020-05-25 07:09:38 +00:00

29 lines
966 B
Diff
Raw Blame History

From: Dov Grobgeld <dov.grobgeld@gmail.com>
Date: Thu, 24 Oct 2019 09:37:29 +0300
Subject: Truncate isolate_level to FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL
Origin: https://github.com/fribidi/fribidi/commit/034c6e9a1d296286305f4cfd1e0072b879f52568
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-18397
---
lib/fribidi-bidi.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lib/fribidi-bidi.c b/lib/fribidi-bidi.c
index 6c843922685c..d38487852fe7 100644
--- a/lib/fribidi-bidi.c
+++ b/lib/fribidi-bidi.c
@@ -747,7 +747,9 @@ fribidi_get_par_embedding_levels_ex (
}
RL_LEVEL (pp) = level;
- RL_ISOLATE_LEVEL (pp) = isolate_level++;
+ RL_ISOLATE_LEVEL (pp) = isolate_level;
+ if (isolate_level < FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL-1)
+ isolate_level++;
base_level_per_iso_level[isolate_level] = new_level;
if (!FRIBIDI_IS_NEUTRAL (override))
--
2.24.0
Reference in New Issue View Git Blame Copy Permalink