Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package harfbuzz for openSUSE:Factory checked in at 2026-01-28 15:07:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/harfbuzz (Old) and /work/SRC/openSUSE:Factory/.harfbuzz.new.1928 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "harfbuzz" Wed Jan 28 15:07:08 2026 rev:135 rq:1329300 version:12.3.2 Changes: -------- --- /work/SRC/openSUSE:Factory/harfbuzz/harfbuzz.changes 2026-01-26 10:44:57.702350745 +0100 +++ /work/SRC/openSUSE:Factory/.harfbuzz.new.1928/harfbuzz.changes 2026-01-28 15:08:02.996253257 +0100 @@ -1,0 +2,9 @@ +Sun Jan 25 11:36:30 UTC 2026 - Bjørn Lie <[email protected]> + +- Update to version 12.3.2: + + Fix padding gvar table during subsetting when the original font + uses long format and subset font using short format. + + Various fuzzing fixes. + + Fix NULL pointer deference when malloc fails. + +------------------------------------------------------------------- Old: ---- harfbuzz-12.3.1.obscpio New: ---- harfbuzz-12.3.2.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ harfbuzz.spec ++++++ --- /var/tmp/diff_new_pack.LweH1l/_old 2026-01-28 15:08:04.480314903 +0100 +++ /var/tmp/diff_new_pack.LweH1l/_new 2026-01-28 15:08:04.492315401 +0100 @@ -18,7 +18,7 @@ Name: harfbuzz -Version: 12.3.1 +Version: 12.3.2 Release: 0 Summary: An OpenType text shaping engine License: MIT ++++++ _service ++++++ --- /var/tmp/diff_new_pack.LweH1l/_old 2026-01-28 15:08:04.520316564 +0100 +++ /var/tmp/diff_new_pack.LweH1l/_new 2026-01-28 15:08:04.524316730 +0100 @@ -3,7 +3,7 @@ <service name="obs_scm" mode="manual"> <param name="scm">git</param> <param name="url">https://github.com/harfbuzz/harfbuzz.git</param> - <param name="revision">12.3.1</param> + <param name="revision">12.3.2</param> <param name="versionformat">@PARENT_TAG@+@TAG_OFFSET@</param> <param name="versionrewrite-pattern">v?(.*)\+0</param> <param name="versionrewrite-replacement">\1</param> ++++++ harfbuzz-12.3.1.obscpio -> harfbuzz-12.3.2.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/harfbuzz-12.3.1/NEWS new/harfbuzz-12.3.2/NEWS --- old/harfbuzz-12.3.1/NEWS 2026-01-20 22:59:40.000000000 +0100 +++ new/harfbuzz-12.3.2/NEWS 2026-01-24 13:09:52.000000000 +0100 @@ -1,3 +1,11 @@ +Overview of changes leading to 12.3.2 +Tuesday, January 24, 2026 +===================================== +- Fix padding `gvar` table during subsetting when the original font uses long + format and subset font using short format. +- Various fuzzing fixes. +- Fix NULL pointer deference when malloc fails. + Overview of changes leading to 12.3.1 Tuesday, January 20, 2026 ===================================== diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/harfbuzz-12.3.1/RELEASING.md new/harfbuzz-12.3.2/RELEASING.md --- old/harfbuzz-12.3.1/RELEASING.md 2026-01-20 22:59:40.000000000 +0100 +++ new/harfbuzz-12.3.2/RELEASING.md 2026-01-24 13:09:52.000000000 +0100 @@ -3,7 +3,7 @@ - [ ] Open gitk and review changes since last release. - [ ] Print all public API changes: - `git diff $(git describe | sed 's/-.*//').. src/*.h` + `git diff $(git describe --abbrev=0).. src/*.h` - [ ] Document them in NEWS. All API and API semantic changes should be clearly marked as API additions, API changes, or API deletions. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/harfbuzz-12.3.1/meson.build new/harfbuzz-12.3.2/meson.build --- old/harfbuzz-12.3.1/meson.build 2026-01-20 22:59:40.000000000 +0100 +++ new/harfbuzz-12.3.2/meson.build 2026-01-24 13:09:52.000000000 +0100 @@ -1,6 +1,6 @@ project('harfbuzz', ['c', 'cpp'], meson_version: '>= 0.60.0', - version: '12.3.1', + version: '12.3.2', default_options: [ 'cpp_eh=none', # Just to support msvc, we are passing -fno-exceptions also anyway # 'cpp_rtti=false', # Do NOT enable, wraps inherit it and ICU needs RTTI diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/harfbuzz-12.3.1/src/graph/gsubgpos-graph.hh new/harfbuzz-12.3.2/src/graph/gsubgpos-graph.hh --- old/harfbuzz-12.3.1/src/graph/gsubgpos-graph.hh 2026-01-20 22:59:40.000000000 +0100 +++ new/harfbuzz-12.3.2/src/graph/gsubgpos-graph.hh 2026-01-24 13:09:52.000000000 +0100 @@ -282,14 +282,12 @@ const hb_vector_t<hb_pair_t<unsigned, hb_vector_t<unsigned>>>& subtable_ids) { auto& v = c.graph.vertices_[this_index]; - Lookup* lookup = (Lookup*) v.obj.head; - unsigned shift = 0; for (const auto& p : subtable_ids) { unsigned insert_index = p.first + shift; unsigned pos_offset = p.second.length * OT::Offset16::static_size; - unsigned insert_offset = (char*) &lookup->subTable[insert_index] - (char*) lookup; + unsigned insert_offset = Lookup::min_size + insert_index * OT::Offset16::static_size; shift += p.second.length; for (auto& l : v.obj.all_links_writer ()) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/harfbuzz-12.3.1/src/graph/ligature-graph.hh new/harfbuzz-12.3.2/src/graph/ligature-graph.hh --- old/harfbuzz-12.3.1/src/graph/ligature-graph.hh 2026-01-20 22:59:40.000000000 +0100 +++ new/harfbuzz-12.3.2/src/graph/ligature-graph.hh 2026-01-24 13:09:52.000000000 +0100 @@ -448,6 +448,9 @@ if (coverage_idx == (unsigned) -1) return false; auto& coverage_v = c.graph.vertices_[coverage_idx]; + unsigned coverage_size = coverage_v.table_size (); + Coverage* coverage_table = (Coverage*) coverage_v.obj.head; + if (coverage_v.is_shared ()) { coverage_idx = c.graph.remap_child (this_index, coverage_idx); @@ -457,8 +460,6 @@ for (unsigned i : retained_indices.iter()) add_virtual_link(c, i, coverage_idx); - unsigned coverage_size = coverage_v.table_size (); - Coverage* coverage_table = (Coverage*) coverage_v.obj.head; auto new_coverage = + hb_zip (coverage_table->iter (), hb_range ()) | hb_filter ([&] (hb_pair_t<unsigned, unsigned> p) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/harfbuzz-12.3.1/src/hb-ot-cmap-table.hh new/harfbuzz-12.3.2/src/hb-ot-cmap-table.hh --- old/harfbuzz-12.3.1/src/hb-ot-cmap-table.hh 2026-01-20 22:59:40.000000000 +0100 +++ new/harfbuzz-12.3.2/src/hb-ot-cmap-table.hh 2026-01-24 13:09:52.000000000 +0100 @@ -1767,6 +1767,10 @@ ; SubtableUnicodesCache* cache = SubtableUnicodesCache::create(source_table); + + if (unlikely (!cache)) + return nullptr; + for (const EncodingRecord& _ : it) cache->set_for(&_); // populate the cache for this encoding record. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/harfbuzz-12.3.1/src/hb-ot-var-gvar-table.hh new/harfbuzz-12.3.2/src/hb-ot-var-gvar-table.hh --- old/harfbuzz-12.3.1/src/hb-ot-var-gvar-table.hh 2026-01-20 22:59:40.000000000 +0100 +++ new/harfbuzz-12.3.2/src/hb-ot-var-gvar-table.hh 2026-01-24 13:09:52.000000000 +0100 @@ -448,10 +448,18 @@ if (it->first == 0 && !(c->plan->flags & HB_SUBSET_FLAGS_NOTDEF_OUTLINE)) it++; unsigned int subset_data_size = 0; + unsigned padding_size = 0; for (auto &_ : it) { hb_codepoint_t old_gid = _.second; - subset_data_size += get_glyph_var_data_bytes (c->source_blob, glyph_count, old_gid).length; + unsigned glyph_data_size = get_glyph_var_data_bytes (c->source_blob, glyph_count, old_gid).length; + if (glyph_data_size % 2) + { + glyph_data_size++; + padding_size++; + } + + subset_data_size += glyph_data_size; } /* According to the spec: If the short format (Offset16) is used for offsets, @@ -480,6 +488,8 @@ /* This ordering relative to the shared tuples array, which puts the glyphVariationData last in the table, is required when HB_SUBSET_FLAGS_IFTB_REQUIREMENTS is set */ + if (long_offset) + subset_data_size -= padding_size; char *subset_data = c->serializer->allocate_size<char> (subset_data_size, false); if (!subset_data) return_trace (false); out->dataZ = subset_data - (char *) out; @@ -518,8 +528,16 @@ old_gid); hb_memcpy (subset_data, var_data_bytes.arrayZ, var_data_bytes.length); - subset_data += var_data_bytes.length; - glyph_offset += var_data_bytes.length; + unsigned glyph_data_size = var_data_bytes.length; + subset_data += glyph_data_size; + glyph_offset += glyph_data_size; + + if (!long_offset && (glyph_data_size % 2)) + { + *subset_data = 0; + subset_data++; + glyph_offset++; + } if (long_offset) ((HBUINT32 *) subset_offsets)[gid] = glyph_offset; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/harfbuzz-12.3.1/src/hb-version.h new/harfbuzz-12.3.2/src/hb-version.h --- old/harfbuzz-12.3.1/src/hb-version.h 2026-01-20 22:59:40.000000000 +0100 +++ new/harfbuzz-12.3.2/src/hb-version.h 2026-01-24 13:09:52.000000000 +0100 @@ -53,14 +53,14 @@ * * The micro component of the library version available at compile-time. */ -#define HB_VERSION_MICRO 1 +#define HB_VERSION_MICRO 2 /** * HB_VERSION_STRING: * * A string literal containing the library version available at compile-time. */ -#define HB_VERSION_STRING "12.3.1" +#define HB_VERSION_STRING "12.3.2" /** * HB_VERSION_ATLEAST: Binary files old/harfbuzz-12.3.1/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5920156651159552 and new/harfbuzz-12.3.2/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5920156651159552 differ Binary files old/harfbuzz-12.3.1/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-6005602106277888 and new/harfbuzz-12.3.2/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-6005602106277888 differ Binary files old/harfbuzz-12.3.1/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-6334512849289216 and new/harfbuzz-12.3.2/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-6334512849289216 differ Binary files old/harfbuzz-12.3.1/test/subset/data/expected/subset_gvar_padding/google_symbols_subset_test.default.all.ttf and new/harfbuzz-12.3.2/test/subset/data/expected/subset_gvar_padding/google_symbols_subset_test.default.all.ttf differ Binary files old/harfbuzz-12.3.1/test/subset/data/fonts/google_symbols_subset_test.ttf and new/harfbuzz-12.3.2/test/subset/data/fonts/google_symbols_subset_test.ttf differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/harfbuzz-12.3.1/test/subset/data/tests/subset_gvar_padding.tests new/harfbuzz-12.3.2/test/subset/data/tests/subset_gvar_padding.tests --- old/harfbuzz-12.3.1/test/subset/data/tests/subset_gvar_padding.tests 1970-01-01 01:00:00.000000000 +0100 +++ new/harfbuzz-12.3.2/test/subset/data/tests/subset_gvar_padding.tests 2026-01-24 13:09:52.000000000 +0100 @@ -0,0 +1,8 @@ +FONTS: +google_symbols_subset_test.ttf + +PROFILES: +default.txt + +SUBSETS: +* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/harfbuzz-12.3.1/test/subset/meson.build new/harfbuzz-12.3.2/test/subset/meson.build --- old/harfbuzz-12.3.1/test/subset/meson.build 2026-01-20 22:59:40.000000000 +0100 +++ new/harfbuzz-12.3.2/test/subset/meson.build 2026-01-24 13:09:52.000000000 +0100 @@ -85,6 +85,7 @@ 'colrv1_partial_instance', 'instantiate_gvar_padding', 'avar2_full_instance', + 'subset_gvar_padding', ] if get_option('experimental_api') ++++++ harfbuzz.obsinfo ++++++ --- /var/tmp/diff_new_pack.LweH1l/_old 2026-01-28 15:08:08.388477241 +0100 +++ /var/tmp/diff_new_pack.LweH1l/_new 2026-01-28 15:08:08.408478072 +0100 @@ -1,5 +1,5 @@ name: harfbuzz -version: 12.3.1 -mtime: 1768946380 -commit: abcb75a5d175c1375c6bed2184656e5738f88ffd +version: 12.3.2 +mtime: 1769256592 +commit: b42511e071162fe76102f613a6ccc009726c99af
