commit 6aabc63fdd81273b04b3cc7993e802c2c0a56084 Author: overweight <5324761+overweight@user.noreply.gitee.com> Date: Mon Sep 30 11:11:16 2019 -0400 Package init diff --git a/CVE-2019-1010238.patch b/CVE-2019-1010238.patch new file mode 100644 index 0000000..cc65b3d --- /dev/null +++ b/CVE-2019-1010238.patch @@ -0,0 +1,34 @@ +From 490f8979a260c16b1df055eab386345da18a2d54 Mon Sep 17 00:00:00 2001 +From: Matthias Clasen +Date: Wed, 10 Jul 2019 20:26:23 -0400 +Subject: [PATCH] bidi: Be safer against bad input + +Don't run off the end of an array that we +allocated to certain length. + +Closes: https://gitlab.gnome.org/GNOME/pango/issues/342 +--- + pango/pango-bidi-type.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/pango/pango-bidi-type.c b/pango/pango-bidi-type.c +index 3e46b66c..5c02dbbb 100644 +--- a/pango/pango-bidi-type.c ++++ b/pango/pango-bidi-type.c +@@ -181,8 +181,11 @@ pango_log2vis_get_embedding_levels (const gchar *text, + for (i = 0, p = text; p < text + length; p = g_utf8_next_char(p), i++) + { + gunichar ch = g_utf8_get_char (p); +- FriBidiCharType char_type; +- char_type = fribidi_get_bidi_type (ch); ++ FriBidiCharType char_type = fribidi_get_bidi_type (ch); ++ ++ if (i == n_chars) ++ break; ++ + bidi_types[i] = char_type; + ored_types |= char_type; + if (FRIBIDI_IS_STRONG (char_type)) +-- +2.22.0 + diff --git a/pango-1.43.0.tar.xz b/pango-1.43.0.tar.xz new file mode 100644 index 0000000..05c6657 Binary files /dev/null and b/pango-1.43.0.tar.xz differ diff --git a/pango.spec b/pango.spec new file mode 100644 index 0000000..eefabc3 --- /dev/null +++ b/pango.spec @@ -0,0 +1,88 @@ +Name: pango +Version: 1.43.0 +Release: 2 +Summary: A library for layout and rendering of text + +License: LGPLv2+ +URL: https://pango.gnome.org/ +Source0: https://ftp.gnome.org/pub/GNOME/sources/pango/1.43/pango-1.43.0.tar.xz + +Patch6000: CVE-2019-1010238.patch + +BuildRequires: pkgconfig(cairo) >= 1.12.10 fontconfig >= 2.11.91 pkgconfig(freetype2) >= 2.1.5 +BuildRequires: pkgconfig(fribidi) >= 1.0 pkgconfig(glib-2.0) >= 2.33.12 pkgconfig(harfbuzz) >= 1.4.2 +BuildRequires: pkgconfig(xft) >= 2.0.0 pkgconfig(libthai) >= 0.1.9 pkgconfig(gobject-introspection-1.0) +BuildRequires: cairo-gobject-devel gtk-doc meson help2man gcc gcc-c++ + +Requires: cairo >= 1.12.10 fontconfig >= 2.11.91 freetype >= 2.1.5 fribidi >= 1.0 +Requires: glib2 >= 2.33.12 harfbuzz >= 1.4.2 libXft >= 2.0.0 libthai >= 0.1.9 + +%description +Pango is a library for layout and rendering of text, with an emphasis +on internationalization. Pango can be used anywhere that text layout +is needed; however, most of the work on Pango so far has been done using +the GTK+ widget toolkit as a test platform. Pango forms the core of text +and font handling for GTK+-2.x. + +%package devel +Summary: Development environment for %{name} +Requires: %{name} = %{version}-%{release} freetype-devel >= 2.1.5 +Requires: glib2-devel >= 2.33.12 fontconfig-devel >= 2.11.91 cairo-devel >= 1.12.10 +Provides: %{name}-tests +Obsoletes: %{name}-tests + +%description devel +The %{name}-devel package contains libraries header files and tests for +the %{name}. + +%package_help + +%prep +%autosetup -n %{name}-%{version} -p1 + +%build +%meson -Denable_docs=true +%meson_build + +%install +%meson_install + +test -e %{buildroot}%{_libdir}/libpangoxft-1.0.so + +%post +/sbin/ldconfig + +%postun +/sbin/ldconfig + +%files +%doc README.md +%license COPYING +%{_bindir}/%{name}-list +%{_bindir}/%{name}-view +%{_libdir}/libpango*-1.0.so.* +%{_libdir}/girepository-1.0/Pango*-1.0.typelib + +%files devel +%{_includedir}/pango-1.0/pango/*.h +%{_libdir}/*.so +%{_libdir}/pkgconfig/pango*.pc +%{_datadir}/gir-1.0/*.gir +%{_datadir}/installed-tests/pango/*.test +%{_libexecdir}/installed-tests/pango/ + +%files help +%doc NEWS +%doc %{_datadir}/gtk-doc/html/pango +%{_mandir}/man1/pango-view.1.gz + +%changelog +* Wed Sep 25 2019 openEuler Buildteam - 1.43.0-2 +- Type:cves +- ID:CVE-2019-1010238 +- SUG:NA +- DESC:fix CVE-2019-1010238 + +* Sun Sep 15 2019 openEuler Buildteam - 1.43.0-1 +- Package Init +