cairo: fix CVE patches assigned wrong CVE number

CVE-2019-6461 and CVE-2019-6462 are fixed, but the reporting is incorrect as the patch for CVE-2019-6461 is actually for CVE-2019-6462 and vice-versa. This swaps both files and edit the CVE field to report the correct identifier. Cc: Quentin Schulz <foss+yocto@0leil.net> (From OE-Core rev: f12c2a5ac94cb29f473f3c7e335463c7fb6d8a6e) Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Quentin Schulz <quentin.schulz@theobroma-systems.com> 2023-01-02 15:39:34 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-01-06 12:03:47 +0000
commit: 99b4356b3507f204749124f89cf3217b45882031 (patch)
tree: 0aca2e49d9c079933d3b3d37f41ff809b3d3b176 /meta/recipes-graphics/cairo
parent: f71fe538c8823f00d7fb2c3d4e78e5b18a41b98b (diff)
download: poky-99b4356b3507f204749124f89cf3217b45882031.tar.gz
2 files changed, 46 insertions, 46 deletions
diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
index 0b7d9a0c36..a2dba6cb20 100644
--- a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
+++ b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
@@ -1,40 +1,20 @@
-CVE: CVE-2019-6461
+There is an assertion in function _cairo_arc_in_direction().
-Upstream-Status: Backport
-Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
-From ab2c5ee21e5f3d3ee4b3f67cfcd5811a4f99c3a0 Mon Sep 17 00:00:00 2001
-From: Heiko Lewin <hlewin@gmx.de>
-Date: Sun, 1 Aug 2021 11:16:03 +0000
-Subject: [PATCH] _arc_max_angle_for_tolerance_normalized: fix infinite loop
---
+CVE: CVE-2019-6461
- src/cairo-arc.c | 4 +++-
+Upstream-Status: Pending
- 1 file changed, 3 insertions(+), 1 deletion(-)
+Signed-off-by: Ross Burton <ross.burton@intel.com>
 diff --git a/src/cairo-arc.c b/src/cairo-arc.c
-index 390397bae..1c891d1a0 100644
+index 390397bae..1bde774a4 100644
 --- a/src/cairo-arc.c
 +++ b/src/cairo-arc.c
-@@ -90,16 +90,18 @@ _arc_max_angle_for_tolerance_normalized (double tolerance)
+@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t      *cr,
-        { M_PI / 11.0,  9.81410988043554039085e-09 },
+     if (cairo_status (cr))
-     };
+         return;
-     int table_size = ARRAY_LENGTH (table);
-+    const int max_segments = 1000; /* this value is chosen arbitrarily. this gives an error of about 1.74909e-20 */
 
-     for (i = 0; i < table_size; i++)
+-    assert (angle_max >= angle_min);
-        if (table[i].error < tolerance)
+    if (angle_max < angle_min)
-            return table[i].angle;
+       return;
 
-     ++i;
+     if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) {
-+
+        angle_max = fmod (angle_max - angle_min, 2 * M_PI);
-     do {
-        angle = M_PI / i++;
-        error = _arc_error_normalized (angle);
-    } while (error > tolerance);
-+    } while (error > tolerance && i < max_segments);
- 
-     return angle;
- }
-- 
-2.38.1
diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch b/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
index 4e4598c5b5..7c3209291b 100644
--- a/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
+++ b/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
@@ -1,20 +1,40 @@
-There is an assertion in function _cairo_arc_in_direction().
 CVE: CVE-2019-6462
-Upstream-Status: Pending
+Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
+Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
+From ab2c5ee21e5f3d3ee4b3f67cfcd5811a4f99c3a0 Mon Sep 17 00:00:00 2001
+From: Heiko Lewin <hlewin@gmx.de>
+Date: Sun, 1 Aug 2021 11:16:03 +0000
+Subject: [PATCH] _arc_max_angle_for_tolerance_normalized: fix infinite loop
+---
+ src/cairo-arc.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
 diff --git a/src/cairo-arc.c b/src/cairo-arc.c
-index 390397bae..1bde774a4 100644
+index 390397bae..1c891d1a0 100644
 --- a/src/cairo-arc.c
 +++ b/src/cairo-arc.c
-@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t      *cr,
+@@ -90,16 +90,18 @@ _arc_max_angle_for_tolerance_normalized (double tolerance)
-     if (cairo_status (cr))
+        { M_PI / 11.0,  9.81410988043554039085e-09 },
-         return;
+     };
+     int table_size = ARRAY_LENGTH (table);
+    const int max_segments = 1000; /* this value is chosen arbitrarily. this gives an error of about 1.74909e-20 */
 
-    assert (angle_max >= angle_min);
+     for (i = 0; i < table_size; i++)
-+    if (angle_max < angle_min)
+        if (table[i].error < tolerance)
-+       return;
+            return table[i].angle;
 
-     if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) {
+     ++i;
-        angle_max = fmod (angle_max - angle_min, 2 * M_PI);
+
+     do {
+        angle = M_PI / i++;
+        error = _arc_error_normalized (angle);
+-    } while (error > tolerance);
+    } while (error > tolerance && i < max_segments);
+ 
+     return angle;
+ }
+-- 
+2.38.1
author	Quentin Schulz <quentin.schulz@theobroma-systems.com>	2023-01-02 15:39:34 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-01-06 12:03:47 +0000
commit	99b4356b3507f204749124f89cf3217b45882031 (patch)
tree	0aca2e49d9c079933d3b3d37f41ff809b3d3b176 /meta/recipes-graphics/cairo
parent	f71fe538c8823f00d7fb2c3d4e78e5b18a41b98b (diff)
download	poky-99b4356b3507f204749124f89cf3217b45882031.tar.gz