Package: release.debian.org Severity: normal Tags: trixie X-Debbugs-Cc: [email protected], [email protected], [email protected] Control: affects -1 + src:libreoffice Control: affects -1 + src:graphite2 User: [email protected] Usertags: pu
[ Reason ] LibreOffice upstream says: > sent to them. If that's applied then this core-side fix is needed > to survive the subsequent graceful failure > -> https://gerrit.collaboraoffice.com/c/online/+/2102 for the graphite2 fix (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139173) Filing this now only since it bases on deb13u5 which was embargoed until today... [ Impact ] This is most probably minor, since it would fail on malformed stuff anyway and this just adds a graceful failure for this but I think we should include it nevertheless if the explicitely mention it [ Tests ] none. [ Risks ] Looks trivial. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Backport https://gerrit.collaboraoffice.com/c/online/+/2102 as mentioned above (well, actually the LO part ofhttps://gerrit.libreoffice.org/c/core/+/205092) [ Other info ] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139173 is already in p-u. Debdiff attached. Didn't upload it yet this time to get a ACK or NACK beforehand since it is minor. Regards, Rene
diff -Nru libreoffice-25.2.3/debian/changelog libreoffice-25.2.3/debian/changelog --- libreoffice-25.2.3/debian/changelog 2026-05-25 13:04:39.000000000 +0200 +++ libreoffice-25.2.3/debian/changelog 2026-06-06 22:12:08.000000000 +0200 @@ -1,3 +1,11 @@ +libreoffice (4:25.2.3-2+deb13u6) trixie; urgency=medium + + * debian/patches/check-for-hb_shape_full-failure.diff: add patch from + libreoffice-26-2 branch to gracefully handle hb_shape_full failure, + as can happen after the fix for CVE-2026-50593 in graphite2 + + -- Rene Engelhard <[email protected]> Sat, 06 Jun 2026 22:12:08 +0200 + libreoffice (4:25.2.3-2+deb13u5) trixie-security; urgency=medium * debian/patches/CVE-2026-*.diff: fix diff -Nru libreoffice-25.2.3/debian/patches/check-for-hb_shape_full-failure.diff libreoffice-25.2.3/debian/patches/check-for-hb_shape_full-failure.diff --- libreoffice-25.2.3/debian/patches/check-for-hb_shape_full-failure.diff 1970-01-01 01:00:00.000000000 +0100 +++ libreoffice-25.2.3/debian/patches/check-for-hb_shape_full-failure.diff 2026-06-06 22:04:23.000000000 +0200 @@ -0,0 +1,58 @@ +From 47ad587ae515df86b1149b36bf12edc1424c5b90 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <[email protected]> +Date: Wed, 6 May 2026 15:37:30 +0100 +Subject: [PATCH] check for hb_shape_full failure +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Caol�n McNamara <[email protected]> +Change-Id: I5fafcb7d592fb4c9091cb2bab64cb6ac47462d71 +Reviewed-on: https://gerrit.collaboraoffice.com/c/online/+/2102 +Reviewed-by: Miklos Vajna <[email protected]> +(cherry picked from commit 22c19be8fae977a90f83a82d8acccd0b46c7cf20) +Reviewed-on: https://gerrit.libreoffice.org/c/core/+/204946 +Tested-by: Jenkins +Reviewed-by: Julien Nabet <[email protected]> +--- + vcl/source/gdi/CommonSalLayout.cxx | 17 ++++++++++------- + 1 file changed, 10 insertions(+), 7 deletions(-) + +diff --git a/vcl/source/gdi/CommonSalLayout.cxx b/vcl/source/gdi/CommonSalLayout.cxx +index e6c376d1619a..51a60a945cee 100644 +--- a/vcl/source/gdi/CommonSalLayout.cxx ++++ b/vcl/source/gdi/CommonSalLayout.cxx +@@ -204,10 +204,11 @@ public: + // The shapers that we want HarfBuzz to use, in the order of + // preference. + const char* const pHbShapers[] = { "graphite2", "ot", "fallback", nullptr }; +- bool ok +- = hb_shape_full(pHbFont, m_pHbBuffer, maFeatures.data(), maFeatures.size(), pHbShapers); +- assert(ok); +- (void)ok; ++ if (!hb_shape_full(pHbFont, m_pHbBuffer, maFeatures.data(), maFeatures.size(), pHbShapers)) ++ { ++ SAL_WARN("vcl.harfbuzz", "hb_shape_full failed"); ++ hb_buffer_set_length(m_pHbBuffer, 0); ++ } + + int nRunGlyphCount = hb_buffer_get_length(m_pHbBuffer); + hb_glyph_info_t* pHbGlyphInfos = hb_buffer_get_glyph_infos(m_pHbBuffer, nullptr); +@@ -604,9 +605,11 @@ bool GenericSalLayout::LayoutText(vcl::text::ImplLayoutArgs& rArgs, const SalLay + // The shapers that we want HarfBuzz to use, in the order of + // preference. + const char*const pHbShapers[] = { "graphite2", "ot", "fallback", nullptr }; +- bool ok = hb_shape_full(pHbFont, pHbBuffer, maFeatures.data(), maFeatures.size(), pHbShapers); +- assert(ok); +- (void) ok; ++ if (!hb_shape_full(pHbFont, pHbBuffer, maFeatures.data(), maFeatures.size(), pHbShapers)) ++ { ++ SAL_WARN("vcl.harfbuzz", "hb_shape_full failed"); ++ hb_buffer_set_length(pHbBuffer, 0); ++ } + + // Populate glyph cluster remapping data + stClusterMapper.ShapeSubRun(pStr, nLength, aSubRun, pHbFont, maFeatures, oHbLanguage); +-- +2.47.3 + diff -Nru libreoffice-25.2.3/debian/patches/series libreoffice-25.2.3/debian/patches/series --- libreoffice-25.2.3/debian/patches/series 2026-05-25 10:48:22.000000000 +0200 +++ libreoffice-25.2.3/debian/patches/series 2026-06-06 22:11:29.000000000 +0200 @@ -62,3 +62,4 @@ CVE-2026-8356.diff CVE-2026-8357.diff CVE-2026-8358.diff +check-for-hb_shape_full-failure.diff

