diff --git a/SOURCES/pango-fixes-bidi-crash.patch b/SOURCES/pango-fixes-bidi-crash.patch new file mode 100644 index 0000000..890cf92 --- /dev/null +++ b/SOURCES/pango-fixes-bidi-crash.patch @@ -0,0 +1,29 @@ +commit 490f8979a260c16b1df055eab386345da18a2d54 +Author: Matthias Clasen +Date: Wed Jul 10 20:26:23 2019 -0400 + + bidi: Be safer against bad input + + Don't run off the end of an array that we + allocated to certain length. + + Closes: https://gitlab.gnome.org/GNOME/pango/issues/342 + +diff --git a/pango/pango-bidi-type.c b/pango/pango-bidi-type.c +index 3e46b66c..5c02dbbb 100644 +--- a/pango/pango-bidi-type.c ++++ b/pango/pango-bidi-type.c +@@ -181,8 +181,11 @@ pango_log2vis_get_embedding_levels (const gchar *text, + for (i = 0, p = text; p < text + length; p = g_utf8_next_char(p), i++) + { + gunichar ch = g_utf8_get_char (p); +- FriBidiCharType char_type; +- char_type = fribidi_get_bidi_type (ch); ++ FriBidiCharType char_type = fribidi_get_bidi_type (ch); ++ ++ if (i == n_chars) ++ break; ++ + bidi_types[i] = char_type; + ored_types |= char_type; + if (FRIBIDI_IS_STRONG (char_type)) diff --git a/SOURCES/pango-fixes-get-variations-crash.patch b/SOURCES/pango-fixes-get-variations-crash.patch new file mode 100644 index 0000000..ca96086 --- /dev/null +++ b/SOURCES/pango-fixes-get-variations-crash.patch @@ -0,0 +1,31 @@ +commit ad92e199f221499c19f22dce7a16e7d770ad3ae7 +Author: Carsten Pfeiffer +Date: Fri Aug 10 16:06:20 2018 +0200 + + Fix crash in pango_fc_font_key_get_variations() when key is null + +diff --git a/pango/pangofc-shape.c b/pango/pangofc-shape.c +index a59ca67c..53269d73 100644 +--- a/pango/pangofc-shape.c ++++ b/pango/pangofc-shape.c +@@ -380,8 +380,10 @@ _pango_fc_shape (PangoFont *font, + fc_font->is_hinted ? ft_face->size->metrics.x_ppem : 0, + fc_font->is_hinted ? ft_face->size->metrics.y_ppem : 0); + +- variations = pango_fc_font_key_get_variations (key); +- if (variations) ++ if (key) ++ { ++ variations = pango_fc_font_key_get_variations (key); ++ if (variations) + { + guint n_variations; + hb_variation_t *hb_variations; +@@ -391,6 +393,7 @@ _pango_fc_shape (PangoFont *font, + + g_free (hb_variations); + } ++ } + + hb_buffer = acquire_buffer (&free_buffer); + diff --git a/SPECS/pango.spec b/SPECS/pango.spec index 9742626..a808b54 100644 --- a/SPECS/pango.spec +++ b/SPECS/pango.spec @@ -1,4 +1,4 @@ -%global glib2_version 2.33.12 +%global glib2_version 2.56.1 %global freetype_version 2.1.5 %global fontconfig_version 2.11.91 %global cairo_version 1.12.10 @@ -9,12 +9,14 @@ Name: pango Version: 1.42.4 -Release: 1%{?dist} +Release: 5%{?dist} Summary: System for layout and rendering of internationalized text License: LGPLv2+ URL: http://www.pango.org Source0: http://download.gnome.org/sources/%{name}/1.42/%{name}-%{version}.tar.xz +Patch0: pango-fixes-get-variations-crash.patch +Patch1: pango-fixes-bidi-crash.patch BuildRequires: pkgconfig(cairo) >= %{cairo_version} BuildRequires: pkgconfig(freetype2) >= %{freetype_version} @@ -75,6 +77,8 @@ the functionality of the installed %{name} package. %prep %setup -q -n pango-%{version} +%patch0 -p1 -b .crash +%patch1 -p1 -b .bidi %build @@ -128,6 +132,20 @@ fi %changelog +* Tue Aug 20 2019 Peng Wu - 1.42.4-5 +- Fixes crash in pango_fc_font_key_get_variations when key is null + +* Fri Aug 16 2019 Peng Wu - 1.42.4-4 +- Fixes bidi crash +- Security fix for CVE-2019-1010238 +- Resolves: #1738461 + +* Mon Dec 17 2018 Ray Strode - 1.42.4-3 +- rebuild + +* Fri Dec 14 2018 Ray Strode - 1.42.4-2 +- rebuild + * Fri Aug 31 2018 Peng Wu - 1.42.4-1 - Update to 1.42.4