f1a23e
import fribidi-1.0.2-1.el7_7.1
Authored and Committed by 
centosrcm
4 years ago
SOURCES/fribidi-CVE-2019-18397.patch
ADDED
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
From 034c6e9a1d296286305f4cfd1e0072b879f52568 Mon Sep 17 00:00:00 2001
|
|
2
|
+
From: Dov Grobgeld <dov.grobgeld@gmail.com>
|
|
3
|
+
Date: Thu, 24 Oct 2019 09:37:29 +0300
|
|
4
|
+
Subject: [PATCH] Truncate isolate_level to FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL
|
|
5
|
+
|
|
6
|
+
---
|
|
7
|
+
lib/fribidi-bidi.c | 4 +++-
|
|
8
|
+
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
9
|
+
|
|
10
|
+
diff --git a/lib/fribidi-bidi.c b/lib/fribidi-bidi.c
|
|
11
|
+
index 6c84392..d384878 100644
|
|
12
|
+
--- a/lib/fribidi-bidi.c
|
|
13
|
+
+++ b/lib/fribidi-bidi.c
|
|
14
|
+
@@ -747,7 +747,9 @@ fribidi_get_par_embedding_levels_ex (
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
RL_LEVEL (pp) = level;
|
|
18
|
+
- RL_ISOLATE_LEVEL (pp) = isolate_level++;
|
|
19
|
+
+ RL_ISOLATE_LEVEL (pp) = isolate_level;
|
|
20
|
+
+ if (isolate_level < FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL-1)
|
|
21
|
+
+ isolate_level++;
|
|
22
|
+
base_level_per_iso_level[isolate_level] = new_level;
|
|
23
|
+
|
|
24
|
+
if (!FRIBIDI_IS_NEUTRAL (override))
|
|
25
|
+
--
|
|
26
|
+
2.23.0
|
|
27
|
+
|
SPECS/fribidi.spec
CHANGED
|
@@ -1,11 +1,12 @@
|
|
|
1
1
|
Summary: Library implementing the Unicode Bidirectional Algorithm
|
|
2
2
|
Name: fribidi
|
|
3
3
|
Version: 1.0.2
|
|
4
|
-
Release: 1%{?dist
|
|
4
|
+
Release: 1%{?dist}.1
|
|
5
5
|
URL: https://github.com/fribidi/fribidi/
|
|
6
6
|
Source: https://github.com//%{name}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.bz2
|
|
7
7
|
License: LGPLv2+ and UCD
|
|
8
8
|
Group: System Environment/Libraries
|
|
9
|
+
Patch1: %{name}-CVE-2019-18397.patch
|
|
9
10
|
|
|
10
11
|
%description
|
|
11
12
|
A library to handle bidirectional scripts (for example Hebrew, Arabic),
|
|
@@ -23,6 +24,7 @@ FriBidi.
|
|
|
23
24
|
|
|
24
25
|
%prep
|
|
25
26
|
%setup -q
|
|
27
|
+
%patch1 -p1
|
|
26
28
|
|
|
27
29
|
%build
|
|
28
30
|
%if 0%{?el5}
|
|
@@ -62,6 +64,10 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
|
|
|
62
64
|
%{_libdir}/pkgconfig/*.pc
|
|
63
65
|
|
|
64
66
|
%changelog
|
|
67
|
+
* Tue Dec 17 2019 Akira TAGOH <tagoh@redhat.com> - 1.0.2-1.1
|
|
68
|
+
- Security fix for CVE-2019-18397
|
|
69
|
+
Resolves: rhbz#1781224
|
|
70
|
+
|
|
65
71
|
* Fri May 04 2018 Caolán McNamara <caolanm@redhat.com> - 1.0.2-1
|
|
66
72
|
- Resolves: rhbz#1574858 latest version, --disable-docs because there's no c2man
|
|
67
73
|
|