Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package harfbuzz for openSUSE:Factory checked in at 2026-01-18 22:18:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/harfbuzz (Old) and /work/SRC/openSUSE:Factory/.harfbuzz.new.1928 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "harfbuzz" Sun Jan 18 22:18:33 2026 rev:133 rq:1327784 version:12.3.0 Changes: -------- --- /work/SRC/openSUSE:Factory/harfbuzz/harfbuzz.changes 2025-12-30 12:00:50.125721389 +0100 +++ /work/SRC/openSUSE:Factory/.harfbuzz.new.1928/harfbuzz.changes 2026-01-18 22:19:08.744303059 +0100 @@ -1,0 +2,6 @@ +Fri Jan 16 20:31:35 UTC 2026 - Michael Gorse <[email protected]> + +- Add harfbuzz-CVE-2026-22693.patch: fix a NULL pointer dereference + (bsc#1246459 CVE-2026-22693). + +------------------------------------------------------------------- New: ---- harfbuzz-CVE-2026-22693.patch ----------(New B)---------- New: - Add harfbuzz-CVE-2026-22693.patch: fix a NULL pointer dereference (bsc#1246459 CVE-2026-22693). ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ harfbuzz.spec ++++++ --- /var/tmp/diff_new_pack.bCN53M/_old 2026-01-18 22:19:09.956352860 +0100 +++ /var/tmp/diff_new_pack.bCN53M/_new 2026-01-18 22:19:09.956352860 +0100 @@ -1,7 +1,7 @@ # # spec file for package harfbuzz # -# Copyright (c) 2025 SUSE LLC and contributors +# Copyright (c) 2026 SUSE LLC and contributors # Copyright (c) 2024 Andreas Stieger <[email protected]> # # All modifications and additions to the file contributed by third parties @@ -25,6 +25,8 @@ URL: https://www.freedesktop.org/wiki/Software/HarfBuzz Source0: %{name}-%{version}.tar.zst Source99: baselibs.conf +# PATCH-FIX-UPSTREAM harfbuzz-CVE-2026-22693.patch bsc#1246459 [email protected] -- fix a NULL pointer dereference. +Patch0: harfbuzz-CVE-2026-22693.patch BuildRequires: c++_compiler BuildRequires: c_compiler ++++++ harfbuzz-CVE-2026-22693.patch ++++++ >From 1265ff8d990284f04d8768f35b0e20ae5f60daae Mon Sep 17 00:00:00 2001 From: Behdad Esfahbod <[email protected]> Date: Fri, 9 Jan 2026 04:54:42 -0700 Subject: [PATCH] [cmap] malloc fail test (#5710) Fixes https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-xvjr-f2r9-c7ww --- src/hb-ot-cmap-table.hh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/hb-ot-cmap-table.hh b/src/hb-ot-cmap-table.hh index 32f705bb3..d08e66eda 100644 --- a/src/hb-ot-cmap-table.hh +++ b/src/hb-ot-cmap-table.hh @@ -1670,6 +1670,10 @@ struct SubtableUnicodesCache { { SubtableUnicodesCache* cache = (SubtableUnicodesCache*) hb_malloc (sizeof(SubtableUnicodesCache)); + + if (unlikely (!cache)) + return nullptr; + new (cache) SubtableUnicodesCache (source_table); return cache; } -- 2.52.0
