[packages/harfbuzz] Rel 2; fixes security issue https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-xvjr-f2r9-

arekm arekm at pld-linux.org
Mon Jan 12 07:21:59 CET 2026 

commit 89106d143c3fef40e1f04b4f6cf5b57e57780d98
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Mon Jan 12 07:21:32 2026 +0100

    Rel 2; fixes security issue https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-xvjr-f2r9-c7ww

 harfbuzz.spec        |  4 +++-
 null-ptr-deref.patch | 25 +++++++++++++++++++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)
---
diff --git a/harfbuzz.spec b/harfbuzz.spec
index 7635e9b..5dda93a 100644
--- a/harfbuzz.spec
+++ b/harfbuzz.spec
@@ -9,11 +9,12 @@ Summary:	HarfBuzz - internationalized text shaping library
 Summary(pl.UTF-8):	HarfBuzz - biblioteka rysująca tekst z obsługą wielu języków
 Name:		harfbuzz
 Version:	12.3.0
-Release:	1
+Release:	2
 License:	MIT
 Group:		Libraries
 Source0:	https://github.com/harfbuzz/harfbuzz/releases/download/%{version}/%{name}-%{version}.tar.xz
 # Source0-md5:	1a61090b530e820c685911ac198a04bc
+Patch0:		null-ptr-deref.patch
 URL:		https://harfbuzz.github.io/
 BuildRequires:	cairo-devel >= 1.10.0
 BuildRequires:	chafa-devel >= 1.6.0
@@ -222,6 +223,7 @@ Dokumentacja API bibliotek HarfBuzz.
 
 %prep
 %setup -q
+%patch -P0 -p1
 
 %build
 %meson \
diff --git a/null-ptr-deref.patch b/null-ptr-deref.patch
new file mode 100644
index 0000000..81a02d6
--- /dev/null
+++ b/null-ptr-deref.patch
@@ -0,0 +1,25 @@
+From 1265ff8d990284f04d8768f35b0e20ae5f60daae Mon Sep 17 00:00:00 2001
+From: Behdad Esfahbod <behdad at behdad.org>
+Date: Fri, 9 Jan 2026 04:54:42 -0700
+Subject: [PATCH] [cmap] malloc fail test (#5710)
+
+Fixes https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-xvjr-f2r9-c7ww
+---
+ src/hb-ot-cmap-table.hh | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/hb-ot-cmap-table.hh b/src/hb-ot-cmap-table.hh
+index 32f705bb3c5..d08e66edaa2 100644
+--- a/src/hb-ot-cmap-table.hh
++++ b/src/hb-ot-cmap-table.hh
+@@ -1670,6 +1670,10 @@ struct SubtableUnicodesCache {
+   {
+     SubtableUnicodesCache* cache =
+         (SubtableUnicodesCache*) hb_malloc (sizeof(SubtableUnicodesCache));
++
++    if (unlikely (!cache))
++      return nullptr;
++
+     new (cache) SubtableUnicodesCache (source_table);
+     return cache;
+   }
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/harfbuzz.git/commitdiff/89106d143c3fef40e1f04b4f6cf5b57e57780d98

More information about the pld-cvs-commit mailing list