Bug#944327: fribidi: diff for NMU version 1.0.7-1.1

2019-11-10 Thread Salvatore Bonaccorso 
Hi!

On Sun, Nov 10, 2019 at 08:32:22AM +0200, Lior Kaplan wrote:
> Hi Salvatore,
> 
> As you already prepared a package, you can just upload it with no delay.
> 
> Thanks for the patch & help.
> 
> If you prefer we'd do the upload -let me know.

Thanks for feedback, I rescheduled it from the delayed/5 now so it can
enter the archive earlier.

Regards,
Salvatore

Bug#944327: fribidi: diff for NMU version 1.0.7-1.1

2019-11-09 Thread Lior Kaplan 
Hi Salvatore,

As you already prepared a package, you can just upload it with no delay.

Thanks for the patch & help.

If you prefer we'd do the upload -let me know.



On Fri, Nov 8, 2019 at 2:51 PM Salvatore Bonaccorso 
wrote:

> Control: tags 944327 + patch
> Control: tags 944327 + pending
>
> Dear maintainer(s),
>
> I've prepared an NMU for fribidi (versioned as 1.0.7-1.1) and
> uploaded it to DELAYED/5. Please feel free to tell me if I
> should delay it longer.
>
> A merge request is as well created at
> https://salsa.debian.org/debian/fribidi/merge_requests/2 .
>
> Regards,
> Salvatore
>

Bug#944327: fribidi: diff for NMU version 1.0.7-1.1

2019-11-08 Thread Salvatore Bonaccorso 
Control: tags 944327 + patch
Control: tags 944327 + pending

Dear maintainer(s),

I've prepared an NMU for fribidi (versioned as 1.0.7-1.1) and
uploaded it to DELAYED/5. Please feel free to tell me if I
should delay it longer.

A merge request is as well created at
https://salsa.debian.org/debian/fribidi/merge_requests/2 .

Regards,
Salvatore
diff -Nru fribidi-1.0.7/debian/changelog fribidi-1.0.7/debian/changelog
--- fribidi-1.0.7/debian/changelog	2019-10-03 06:03:43.0 +0200
+++ fribidi-1.0.7/debian/changelog	2019-11-08 13:36:50.0 +0100
@@ -1,3 +1,11 @@
+fribidi (1.0.7-1.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Truncate isolate_level to FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL (CVE-2019-18397)
+(Closes: #944327)
+
+ -- Salvatore Bonaccorso   Fri, 08 Nov 2019 13:36:50 +0100
+
 fribidi (1.0.7-1) unstable; urgency=medium
 
   * Imported Upstream version 1.0.7
diff -Nru fribidi-1.0.7/debian/patches/Truncate-isolate_level-to-FRIBIDI_BIDI_MAX_EXPLICIT_.diff fribidi-1.0.7/debian/patches/Truncate-isolate_level-to-FRIBIDI_BIDI_MAX_EXPLICIT_.diff
--- fribidi-1.0.7/debian/patches/Truncate-isolate_level-to-FRIBIDI_BIDI_MAX_EXPLICIT_.diff	1970-01-01 01:00:00.0 +0100
+++ fribidi-1.0.7/debian/patches/Truncate-isolate_level-to-FRIBIDI_BIDI_MAX_EXPLICIT_.diff	2019-11-08 13:36:50.0 +0100
@@ -0,0 +1,29 @@
+From: Dov Grobgeld 
+Date: Thu, 24 Oct 2019 09:37:29 +0300
+Subject: Truncate isolate_level to FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL
+Origin: https://github.com/fribidi/fribidi/commit/034c6e9a1d296286305f4cfd1e0072b879f52568
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-18397
+Bug-Debian: https://bugs.debian.org/944327
+
+---
+ lib/fribidi-bidi.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/lib/fribidi-bidi.c b/lib/fribidi-bidi.c
+index 6c843922685c..d38487852fe7 100644
+--- a/lib/fribidi-bidi.c
 b/lib/fribidi-bidi.c
+@@ -747,7 +747,9 @@ fribidi_get_par_embedding_levels_ex (
+ }
+ 
+ 	  RL_LEVEL (pp) = level;
+-  RL_ISOLATE_LEVEL (pp) = isolate_level++;
++  RL_ISOLATE_LEVEL (pp) = isolate_level;
++  if (isolate_level < FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL-1)
++  isolate_level++;
+   base_level_per_iso_level[isolate_level] = new_level;
+ 
+ 	  if (!FRIBIDI_IS_NEUTRAL (override))
+-- 
+2.24.0
+
diff -Nru fribidi-1.0.7/debian/patches/series fribidi-1.0.7/debian/patches/series
--- fribidi-1.0.7/debian/patches/series	2019-10-03 06:03:43.0 +0200
+++ fribidi-1.0.7/debian/patches/series	2019-11-08 13:36:50.0 +0100
@@ -1 +1,2 @@
 manpages.diff
+Truncate-isolate_level-to-FRIBIDI_BIDI_MAX_EXPLICIT_.diff