mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-23 21:17:11 -05:00
gnu: fribidi: Fix CVE-2019-18397.
* gnu/packages/fribidi.scm (fribidi): Replace with fribidi/fixed. (fribidi/fixed): New variable. * gnu/packages/patches/fribidi-CVE-2019-18397.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it.
This commit is contained in:
parent
c6be161dbd
commit
b8f0a3fdc8
3 changed files with 38 additions and 2 deletions
|
@ -838,6 +838,7 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/flint-ldconfig.patch \
|
||||
%D%/packages/patches/foomatic-filters-CVE-2015-8327.patch \
|
||||
%D%/packages/patches/foomatic-filters-CVE-2015-8560.patch \
|
||||
%D%/packages/patches/fribidi-CVE-2019-18397.patch \
|
||||
%D%/packages/patches/freeimage-unbundle.patch \
|
||||
%D%/packages/patches/fuse-overlapping-headers.patch \
|
||||
%D%/packages/patches/gawk-shell.patch \
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
;;; GNU Guix --- Functional package management for GNU
|
||||
;;; Copyright © 2014 Marek Benc <merkur32@gmail.com>
|
||||
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
|
||||
;;; Copyright © 2016, 2019 Efraim Flashner <efraim@flashner.co.il>
|
||||
;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
|
||||
;;;
|
||||
;;; This file is part of GNU Guix.
|
||||
|
@ -22,10 +22,12 @@ (define-module (gnu packages fribidi)
|
|||
#:use-module (guix packages)
|
||||
#:use-module (guix download)
|
||||
#:use-module (guix build-system gnu)
|
||||
#:use-module (guix licenses))
|
||||
#:use-module (guix licenses)
|
||||
#:use-module (gnu packages))
|
||||
|
||||
(define-public fribidi
|
||||
(package
|
||||
(replacement fribidi/fixed)
|
||||
(name "fribidi")
|
||||
(version "1.0.5")
|
||||
(source
|
||||
|
@ -45,3 +47,10 @@ (define-public fribidi
|
|||
or right-to-left ordering as necessary.")
|
||||
(home-page "https://github.com/fribidi/fribidi")
|
||||
(license lgpl2.1+)))
|
||||
|
||||
(define fribidi/fixed
|
||||
(package
|
||||
(inherit fribidi)
|
||||
(source
|
||||
(origin (inherit (package-source fribidi))
|
||||
(patches (search-patches "fribidi-CVE-2019-18397.patch"))))))
|
||||
|
|
26
gnu/packages/patches/fribidi-CVE-2019-18397.patch
Normal file
26
gnu/packages/patches/fribidi-CVE-2019-18397.patch
Normal file
|
@ -0,0 +1,26 @@
|
|||
https://github.com/fribidi/fribidi/commit/034c6e9a1d296286305f4cfd1e0072b879f52568.patch
|
||||
|
||||
From 034c6e9a1d296286305f4cfd1e0072b879f52568 Mon Sep 17 00:00:00 2001
|
||||
From: Dov Grobgeld <dov.grobgeld@gmail.com>
|
||||
Date: Thu, 24 Oct 2019 09:37:29 +0300
|
||||
Subject: [PATCH] Truncate isolate_level to FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL
|
||||
|
||||
---
|
||||
lib/fribidi-bidi.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/fribidi-bidi.c b/lib/fribidi-bidi.c
|
||||
index 6c84392..d384878 100644
|
||||
--- a/lib/fribidi-bidi.c
|
||||
+++ b/lib/fribidi-bidi.c
|
||||
@@ -747,7 +747,9 @@ fribidi_get_par_embedding_levels_ex (
|
||||
}
|
||||
|
||||
RL_LEVEL (pp) = level;
|
||||
- RL_ISOLATE_LEVEL (pp) = isolate_level++;
|
||||
+ RL_ISOLATE_LEVEL (pp) = isolate_level;
|
||||
+ if (isolate_level < FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL-1)
|
||||
+ isolate_level++;
|
||||
base_level_per_iso_level[isolate_level] = new_level;
|
||||
|
||||
if (!FRIBIDI_IS_NEUTRAL (override))
|
Loading…
Reference in a new issue