Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected], [email protected], 
[email protected]
Control: affects -1 + src:libreoffice
Control: affects -1 + src:graphite2
User: [email protected]
Usertags: pu

[ Reason ]
LibreOffice upstream says:

> sent to them. If that's applied then this core-side fix is needed
> to survive the subsequent graceful failure
>   -> https://gerrit.collaboraoffice.com/c/online/+/2102

for the graphite2 fix (see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139173)

Filing this now only since it bases on deb13u5 which was embargoed until
today...

[ Impact ]
This is most probably minor, since it would fail on
malformed stuff anyway and this just adds a graceful failure for this
but I think we should include it nevertheless if the explicitely mention
it

[ Tests ]
none.

[ Risks ]
Looks trivial.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Backport https://gerrit.collaboraoffice.com/c/online/+/2102 as mentioned
above (well, actually the LO part 
ofhttps://gerrit.libreoffice.org/c/core/+/205092)

[ Other info ]
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139173 is already in
p-u.

Debdiff attached. Didn't upload it yet this time to get a ACK or NACK
beforehand since it is minor.

Regards,

Rene
diff -Nru libreoffice-25.2.3/debian/changelog libreoffice-25.2.3/debian/changelog
--- libreoffice-25.2.3/debian/changelog	2026-05-25 13:04:39.000000000 +0200
+++ libreoffice-25.2.3/debian/changelog	2026-06-06 22:12:08.000000000 +0200
@@ -1,3 +1,11 @@
+libreoffice (4:25.2.3-2+deb13u6) trixie; urgency=medium
+
+  * debian/patches/check-for-hb_shape_full-failure.diff: add patch from
+    libreoffice-26-2 branch to gracefully handle hb_shape_full failure,
+    as can happen after the fix for CVE-2026-50593 in graphite2 
+
+ -- Rene Engelhard <[email protected]>  Sat, 06 Jun 2026 22:12:08 +0200
+
 libreoffice (4:25.2.3-2+deb13u5) trixie-security; urgency=medium
 
   * debian/patches/CVE-2026-*.diff: fix
diff -Nru libreoffice-25.2.3/debian/patches/check-for-hb_shape_full-failure.diff libreoffice-25.2.3/debian/patches/check-for-hb_shape_full-failure.diff
--- libreoffice-25.2.3/debian/patches/check-for-hb_shape_full-failure.diff	1970-01-01 01:00:00.000000000 +0100
+++ libreoffice-25.2.3/debian/patches/check-for-hb_shape_full-failure.diff	2026-06-06 22:04:23.000000000 +0200
@@ -0,0 +1,58 @@
+From 47ad587ae515df86b1149b36bf12edc1424c5b90 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <[email protected]>
+Date: Wed, 6 May 2026 15:37:30 +0100
+Subject: [PATCH] check for hb_shape_full failure
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Caol�n McNamara <[email protected]>
+Change-Id: I5fafcb7d592fb4c9091cb2bab64cb6ac47462d71
+Reviewed-on: https://gerrit.collaboraoffice.com/c/online/+/2102
+Reviewed-by: Miklos Vajna <[email protected]>
+(cherry picked from commit 22c19be8fae977a90f83a82d8acccd0b46c7cf20)
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/204946
+Tested-by: Jenkins
+Reviewed-by: Julien Nabet <[email protected]>
+---
+ vcl/source/gdi/CommonSalLayout.cxx | 17 ++++++++++-------
+ 1 file changed, 10 insertions(+), 7 deletions(-)
+
+diff --git a/vcl/source/gdi/CommonSalLayout.cxx b/vcl/source/gdi/CommonSalLayout.cxx
+index e6c376d1619a..51a60a945cee 100644
+--- a/vcl/source/gdi/CommonSalLayout.cxx
++++ b/vcl/source/gdi/CommonSalLayout.cxx
+@@ -204,10 +204,11 @@ public:
+         // The shapers that we want HarfBuzz to use, in the order of
+         // preference.
+         const char* const pHbShapers[] = { "graphite2", "ot", "fallback", nullptr };
+-        bool ok
+-            = hb_shape_full(pHbFont, m_pHbBuffer, maFeatures.data(), maFeatures.size(), pHbShapers);
+-        assert(ok);
+-        (void)ok;
++        if (!hb_shape_full(pHbFont, m_pHbBuffer, maFeatures.data(), maFeatures.size(), pHbShapers))
++        {
++            SAL_WARN("vcl.harfbuzz", "hb_shape_full failed");
++            hb_buffer_set_length(m_pHbBuffer, 0);
++        }
+ 
+         int nRunGlyphCount = hb_buffer_get_length(m_pHbBuffer);
+         hb_glyph_info_t* pHbGlyphInfos = hb_buffer_get_glyph_infos(m_pHbBuffer, nullptr);
+@@ -604,9 +605,11 @@ bool GenericSalLayout::LayoutText(vcl::text::ImplLayoutArgs& rArgs, const SalLay
+             // The shapers that we want HarfBuzz to use, in the order of
+             // preference.
+             const char*const pHbShapers[] = { "graphite2", "ot", "fallback", nullptr };
+-            bool ok = hb_shape_full(pHbFont, pHbBuffer, maFeatures.data(), maFeatures.size(), pHbShapers);
+-            assert(ok);
+-            (void) ok;
++            if (!hb_shape_full(pHbFont, pHbBuffer, maFeatures.data(), maFeatures.size(), pHbShapers))
++            {
++                SAL_WARN("vcl.harfbuzz", "hb_shape_full failed");
++                hb_buffer_set_length(pHbBuffer, 0);
++            }
+ 
+             // Populate glyph cluster remapping data
+             stClusterMapper.ShapeSubRun(pStr, nLength, aSubRun, pHbFont, maFeatures, oHbLanguage);
+-- 
+2.47.3
+
diff -Nru libreoffice-25.2.3/debian/patches/series libreoffice-25.2.3/debian/patches/series
--- libreoffice-25.2.3/debian/patches/series	2026-05-25 10:48:22.000000000 +0200
+++ libreoffice-25.2.3/debian/patches/series	2026-06-06 22:11:29.000000000 +0200
@@ -62,3 +62,4 @@
 CVE-2026-8356.diff
 CVE-2026-8357.diff
 CVE-2026-8358.diff
+check-for-hb_shape_full-failure.diff

Reply via email to