Bug 28921 - pango 1.48.4 fixes various bugs
Summary: pango 1.48.4 fixes various bugs
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2021-05-14 23:13 CEST by David Walser
Modified: 2021-05-19 21:32 CEST (History)
3 users (show)

See Also:
Source RPM: pango-1.48.1-1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-05-14 23:13:27 CEST 
Update coming once the build system catches up.

Advisory:
----------------------------------------

The pango package has been updated to version 1.48.4 to fix memory leaks,
overflows, and other issues.

References:
https://gitlab.gnome.org/GNOME/pango/-/blob/386639c3b118cc973f714eb485877f480391f31f/NEWS
Comment 1 David Walser 2021-05-15 02:49:06 CEST 
Updated packages in core/updates_testing:
----------------------------------------
pango-1.48.4-1.mga8
pango-tests-1.48.4-1.mga8
libpango1.0_0-1.48.4-1.mga8
libpango1.0-devel-1.48.4-1.mga8
libpango-gir1.0-1.48.4-1.mga8

from pango-1.48.4-1.mga8.src.rpm

Assignee: bugsquad => qa-bugs

Comment 2 Len Lawrence 2021-05-15 19:17:26 CEST 
mga8, x64

Could not find any information on vulnerabilities or PoC so went ahead with the update.  pango-tests supplies a suite of test scripts and libexec files such as /usr/share/installed-tests/pango/testscript.test and /usr/libexec/installed-tests/pango/testscript but no help with usage.  It looks like pango is normally run as a backend to handle various types of fonts across an international spectrum in native scripts, examples of output at 
https://pango.gnome.org/ScriptGallery.  There is a pango-view application for rendering *.txt files but no examples are available.

$ urpmq --whatrequires lib64pango1.0_0 | sort -u > pango.list
finds 535 applications or libraries including firefox, atril, bluefish, darktable, hexchat, lilypond and pango-tests.  lilypond sounds the most promising:

$ strace -o lilypond.trace lilypond --png -o factotum factotum.ly
$ eom factotum.png
shows a musical stave with a lyric underneath.
$ grep pango lilypond.trace
openat(AT_FDCWD, "/lib64/libpangoft2-1.0.so.0", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib64/libpango-1.0.so.0", O_RDONLY|O_CLOEXEC) = 3
read(6, "ngo-font-physical-fonts pango-fo"..., 4096) = 1789
read(5, "pango font\")\n    (,ly:paper-book"..., 4096) = 4096

Taking that as confirmation that pango works OK.
If any useful information turns up the OK can be withdrawn in favour of further testing.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => tarazed25

Comment 3 Thomas Andrews 2021-05-19 19:08:51 CEST 
Validating. Advisory in Comment 0.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2021-05-19 20:17:13 CEST

Keywords: (none) => advisory

Comment 4 Mageia Robot 2021-05-19 21:32:28 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGAA-2021-0115.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.