Accepting request 1234402 from GNOME:Factory

OBS-URL: https://build.opensuse.org/request/show/1234402 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/harfbuzz?expand=0&rev=115
2025-01-02 18:19:45 +00:00 · 2025-01-02 18:19:45 +00:00 · 2a08477bcb
commit 2a08477bcb
parent 3b412098fb b57227830a
3 changed files with 70 additions and 0 deletions
--- a/harfbuzz-CVE-2024-56732.patch
+++ b/harfbuzz-CVE-2024-56732.patch
@ -0,0 +1,62 @@
+From 1767f99e2e2196c3fcae27db6d8b60098d3f6d26 Mon Sep 17 00:00:00 2001
+From: Behdad Esfahbod <behdad@behdad.org>
+Date: Sun, 10 Nov 2024 22:43:28 -0700
+Subject: [PATCH] [cairo] Guard hb_cairo_glyphs_from_buffer() against bad UTF-8
+
+Previously it was assuming valid UTF-8.
+---
+ src/hb-cairo.cc | 2 ++
+ src/hb-utf.hh   | 6 ++++--
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/hb-cairo.cc b/src/hb-cairo.cc
+index d8b582c49..4d22ae059 100644
+--- a/src/hb-cairo.cc
+++ b/src/hb-cairo.cc
+@@ -1000,6 +1000,7 @@ hb_cairo_glyphs_from_buffer (hb_buffer_t *buffer,
+ 	    end = start + hb_glyph[i].cluster - hb_glyph[i+1].cluster;
+ 	  else
+ 	    end = (const char *) hb_utf_offset_to_pointer<hb_utf8_t> ((const uint8_t *) start,
+								      (const uint8_t *) utf8, utf8_len,
+ 								      (signed) (hb_glyph[i].cluster - hb_glyph[i+1].cluster));
+ 	  (*clusters)[cluster].num_bytes = end - start;
+ 	  start = end;
+@@ -1020,6 +1021,7 @@ hb_cairo_glyphs_from_buffer (hb_buffer_t *buffer,
+ 	    end = start + hb_glyph[i].cluster - hb_glyph[i-1].cluster;
+ 	  else
+ 	    end = (const char *) hb_utf_offset_to_pointer<hb_utf8_t> ((const uint8_t *) start,
+								      (const uint8_t *) utf8, utf8_len,
+ 								      (signed) (hb_glyph[i].cluster - hb_glyph[i-1].cluster));
+ 	  (*clusters)[cluster].num_bytes = end - start;
+ 	  start = end;
+diff --git a/src/hb-utf.hh b/src/hb-utf.hh
+index 1120bd1cc..6db9bf2fd 100644
+--- a/src/hb-utf.hh
+++ b/src/hb-utf.hh
+@@ -458,19 +458,21 @@ struct hb_ascii_t
+ template <typename utf_t>
+ static inline const typename utf_t::codepoint_t *
+ hb_utf_offset_to_pointer (const typename utf_t::codepoint_t *start,
+			  const typename utf_t::codepoint_t *text,
+			  unsigned text_len,
+ 			  signed offset)
+ {
+   hb_codepoint_t unicode;
+ 
+   while (offset-- > 0)
+     start = utf_t::next (start,
+-			 start + utf_t::max_len,
+			 text + text_len,
+ 			 &unicode,
+ 			 HB_BUFFER_REPLACEMENT_CODEPOINT_DEFAULT);
+ 
+   while (offset++ < 0)
+     start = utf_t::prev (start,
+-			 start - utf_t::max_len,
+			 text,
+ 			 &unicode,
+ 			 HB_BUFFER_REPLACEMENT_CODEPOINT_DEFAULT);
+ 
+-- 
+2.47.1
+
--- a/harfbuzz.changes
+++ b/harfbuzz.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Dec 31 19:05:26 UTC 2024 - Michael Gorse <mgorse@suse.com>
+
+- Add harfbuzz-CVE-2024-56732.patch: guard
+  hb_cairo_glyphs_from_buffer() against bad UTF-8 (CVE-2024-56732).
+
 -------------------------------------------------------------------
 Tue Nov  5 08:44:15 UTC 2024 - Bjørn Lie <bjorn.lie@gmail.com>

--- a/harfbuzz.spec
+++ b/harfbuzz.spec
@ -25,6 +25,8 @@ License:        MIT
 URL:            https://www.freedesktop.org/wiki/Software/HarfBuzz
 Source0:        %{name}-%{version}.tar.zst
 Source99:       baselibs.conf
+# PAtCH-FIX-UPSTREAM harfbuzz-CVE-2024-56732.patch boo#1234880 mgorse@suse.com -- guard hb_cairo_glyphs_from_buffer() against bad UTF-8.
+Patch0:         harfbuzz-CVE-2024-56732.patch
 BuildRequires:  c++_compiler
 BuildRequires:  c_compiler
 BuildRequires:  meson