diff options
author | Efraim Flashner <efraim@flashner.co.il> | 2019-11-09 21:03:19 +0200 |
---|---|---|
committer | Efraim Flashner <efraim@flashner.co.il> | 2019-11-09 21:07:10 +0200 |
commit | b8f0a3fdc8e9263a061e4a3ea79c85099b284b15 (patch) | |
tree | 0f3d0b2585684563cd455366a8b09ea4cea2c90e | |
parent | c6be161dbd3a8911c3dd59d8441a3baf2c440307 (diff) | |
download | guix-b8f0a3fdc8e9263a061e4a3ea79c85099b284b15.tar guix-b8f0a3fdc8e9263a061e4a3ea79c85099b284b15.tar.gz |
gnu: fribidi: Fix CVE-2019-18397.
* gnu/packages/fribidi.scm (fribidi): Replace with fribidi/fixed.
(fribidi/fixed): New variable.
* gnu/packages/patches/fribidi-CVE-2019-18397.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/fribidi.scm | 13 | ||||
-rw-r--r-- | gnu/packages/patches/fribidi-CVE-2019-18397.patch | 26 |
3 files changed, 38 insertions, 2 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 0f02c4b6be..dcb4546462 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -838,6 +838,7 @@ dist_patch_DATA = \ %D%/packages/patches/flint-ldconfig.patch \ %D%/packages/patches/foomatic-filters-CVE-2015-8327.patch \ %D%/packages/patches/foomatic-filters-CVE-2015-8560.patch \ + %D%/packages/patches/fribidi-CVE-2019-18397.patch \ %D%/packages/patches/freeimage-unbundle.patch \ %D%/packages/patches/fuse-overlapping-headers.patch \ %D%/packages/patches/gawk-shell.patch \ diff --git a/gnu/packages/fribidi.scm b/gnu/packages/fribidi.scm index dfd2a77c20..61aa6fd726 100644 --- a/gnu/packages/fribidi.scm +++ b/gnu/packages/fribidi.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2014 Marek Benc <merkur32@gmail.com> -;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2016, 2019 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr> ;;; ;;; This file is part of GNU Guix. @@ -22,10 +22,12 @@ #:use-module (guix packages) #:use-module (guix download) #:use-module (guix build-system gnu) - #:use-module (guix licenses)) + #:use-module (guix licenses) + #:use-module (gnu packages)) (define-public fribidi (package + (replacement fribidi/fixed) (name "fribidi") (version "1.0.5") (source @@ -45,3 +47,10 @@ Algorithm. This algorithm is used to properly display text in left-to-right or right-to-left ordering as necessary.") (home-page "https://github.com/fribidi/fribidi") (license lgpl2.1+))) + +(define fribidi/fixed + (package + (inherit fribidi) + (source + (origin (inherit (package-source fribidi)) + (patches (search-patches "fribidi-CVE-2019-18397.patch")))))) diff --git a/gnu/packages/patches/fribidi-CVE-2019-18397.patch b/gnu/packages/patches/fribidi-CVE-2019-18397.patch new file mode 100644 index 0000000000..aff1a669b2 --- /dev/null +++ b/gnu/packages/patches/fribidi-CVE-2019-18397.patch @@ -0,0 +1,26 @@ +https://github.com/fribidi/fribidi/commit/034c6e9a1d296286305f4cfd1e0072b879f52568.patch + +From 034c6e9a1d296286305f4cfd1e0072b879f52568 Mon Sep 17 00:00:00 2001 +From: Dov Grobgeld <dov.grobgeld@gmail.com> +Date: Thu, 24 Oct 2019 09:37:29 +0300 +Subject: [PATCH] Truncate isolate_level to FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL + +--- + lib/fribidi-bidi.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/lib/fribidi-bidi.c b/lib/fribidi-bidi.c +index 6c84392..d384878 100644 +--- a/lib/fribidi-bidi.c ++++ b/lib/fribidi-bidi.c +@@ -747,7 +747,9 @@ fribidi_get_par_embedding_levels_ex ( + } + + RL_LEVEL (pp) = level; +- RL_ISOLATE_LEVEL (pp) = isolate_level++; ++ RL_ISOLATE_LEVEL (pp) = isolate_level; ++ if (isolate_level < FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL-1) ++ isolate_level++; + base_level_per_iso_level[isolate_level] = new_level; + + if (!FRIBIDI_IS_NEUTRAL (override)) |