From 158197327b608b95ffa16e4964d3852137fa6fe0 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Nov 15 2022 07:04:33 +0000
Subject: import harfbuzz-2.7.4-8.el9


---

diff --git a/SOURCES/CVE-2022-33068-sbix-Limit-glyph-extents.patch b/SOURCES/CVE-2022-33068-sbix-Limit-glyph-extents.patch
new file mode 100644
index 0000000..c229a3c
--- /dev/null
+++ b/SOURCES/CVE-2022-33068-sbix-Limit-glyph-extents.patch
@@ -0,0 +1,30 @@
+From 62e803b36173fd096d7ad460dd1d1db9be542593 Mon Sep 17 00:00:00 2001
+From: Behdad Esfahbod <behdad@behdad.org>
+Date: Wed, 1 Jun 2022 07:38:21 -0600
+Subject: [PATCH 001/363] [sbix] Limit glyph extents
+
+Fixes https://github.com/harfbuzz/harfbuzz/issues/3557
+---
+ src/hb-ot-color-sbix-table.hh       |   6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/hb-ot-color-sbix-table.hh b/src/hb-ot-color-sbix-table.hh
+index 9741ebd45..6efae43cd 100644
+--- a/src/hb-ot-color-sbix-table.hh
++++ b/src/hb-ot-color-sbix-table.hh
+@@ -298,6 +298,12 @@ struct sbix
+ 
+       const PNGHeader &png = *blob->as<PNGHeader>();
+ 
++      if ((png.IHDR.height >= 65536) | (png.IHDR.width >= 65536))
++      {
++	hb_blob_destroy (blob);
++	return false;
++      }
++
+       extents->x_bearing = x_offset;
+       extents->y_bearing = png.IHDR.height + y_offset;
+       extents->width     = png.IHDR.width;
+-- 
+2.36.1
+
diff --git a/SPECS/harfbuzz.spec b/SPECS/harfbuzz.spec
index 8bc4b63..b89c156 100644
--- a/SPECS/harfbuzz.spec
+++ b/SPECS/harfbuzz.spec
@@ -1,12 +1,15 @@
 Name:           harfbuzz
 Version:        2.7.4
-Release:        5%{?dist}
+Release:        8%{?dist}
 Summary:        Text shaping library
 
 License:        MIT
 URL:            https://harfbuzz.github.io/
 Source0:        https://github.com/harfbuzz/harfbuzz/releases/download/%{version}/harfbuzz-%{version}.tar.xz
 
+# Upstream patch https://github.com/harfbuzz/harfbuzz/issues/3557
+Patch0:         CVE-2022-33068-sbix-Limit-glyph-extents.patch
+
 BuildRequires:  cairo-devel
 BuildRequires:  freetype-devel
 BuildRequires:  glib2-devel
@@ -88,6 +91,19 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
 %{_libdir}/libharfbuzz-icu.so.*
 
 %changelog
+* Mon Jul 18 2022 Parag Nemade <pnemade AT redhat DOT com> - 2.7.4-8
+- Resolves:rh#2103849
+- Update tests.yaml
+
+* Mon Jul 18 2022 Parag Nemade <pnemade AT redhat DOT com> - 2.7.4-7
+- Resolves:rh#2103849 CVE-2022-33068
+- Fix Covscan compiler warning for inclusion of parenthesis
+- Update tests.yaml
+
+* Fri Jul 15 2022 Parag Nemade <pnemade AT redhat DOT com> - 2.7.4-6
+- Resolves:rh#2103849 CVE-2022-33068
+  harfbuzz: integer overflow in the component hb-ot-shape-fallback.c
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.7.4-5
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688