Accepting request 630646 from home:sreeves1:branches:GNOME:Factory

- Add pango-emoji-bsc1103877.patch: Fix denial of service
  when parsing emoji (bsc#1103877, CVE-2018-15120)

OBS-URL: https://build.opensuse.org/request/show/630646
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/pango?expand=0&rev=194

pango-emoji-bsc1103877.patch

@@ -0,0 +1,17 @@
+Index: pango-1.42.3/pango/pango-emoji.c
+===================================================================
+--- pango-1.42.3.orig/pango/pango-emoji.c
++++ pango-1.42.3/pango/pango-emoji.c
+@@ -253,6 +253,12 @@ _pango_emoji_iter_next (PangoEmojiIter *
+     if (iter->is_emoji == PANGO_EMOJI_TYPE_IS_EMOJI (current_emoji_type))
+     {
+       iter->is_emoji = !PANGO_EMOJI_TYPE_IS_EMOJI (current_emoji_type);
++
++      /* Make sure we make progress.  Weird sequences, like a VC15 followed
++       * by VC16, can trick us into stalling otherwise. */
++      if (iter->start == iter->end)
++        iter->end = g_utf8_next_char (iter->end);
++
+       return TRUE;
+     }
+   }

pango.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Sat Aug 18 00:01:23 UTC 2018 - sreeves@suse.com
+
+- Add pango-emoji-bsc1103877.patch: Fix denial of service
+  when parsing emoji (bsc#1103877, CVE-2018-15120)
+
 -------------------------------------------------------------------
 Mon Jul 30 19:40:05 UTC 2018 - bjorn.lie@gmail.com
 

pango.spec

@@ -26,6 +26,8 @@ URL:            http://www.pango.org/
 Source0:        https://download.gnome.org/sources/pango/1.42/%{name}-%{version}.tar.xz
 Source2:        macros.pango
 Source99:       baselibs.conf
+#PATCH-FIX-UPSTREAM pango-emoji-bsc1103877.patch sreeves@suse.com -- Fix CVE-2018-15120 denial of service parsing emoji
+Patch0:         pango-emoji-bsc1103877.patch
 
 BuildRequires:  gcc-c++
 BuildRequires:  gtk-doc
@@ -119,6 +121,7 @@ to develop applications that require these.
 
 %prep
 %setup -q
+%patch0 -p1
 
 %build
 %meson \