diff options
author | Quentin Schulz <quentin.schulz@theobroma-systems.com> | 2023-01-02 15:39:34 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-01-06 12:03:47 +0000 |
commit | 99b4356b3507f204749124f89cf3217b45882031 (patch) | |
tree | 0aca2e49d9c079933d3b3d37f41ff809b3d3b176 /meta | |
parent | f71fe538c8823f00d7fb2c3d4e78e5b18a41b98b (diff) | |
download | poky-99b4356b3507f204749124f89cf3217b45882031.tar.gz |
cairo: fix CVE patches assigned wrong CVE number
CVE-2019-6461 and CVE-2019-6462 are fixed, but the reporting is
incorrect as the patch for CVE-2019-6461 is actually for CVE-2019-6462
and vice-versa.
This swaps both files and edit the CVE field to report the correct
identifier.
Cc: Quentin Schulz <foss+yocto@0leil.net>
(From OE-Core rev: f12c2a5ac94cb29f473f3c7e335463c7fb6d8a6e)
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch | 46 | ||||
-rw-r--r-- | meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch | 46 |
2 files changed, 46 insertions, 46 deletions
diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch index 0b7d9a0c36..a2dba6cb20 100644 --- a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch +++ b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch | |||
@@ -1,40 +1,20 @@ | |||
1 | CVE: CVE-2019-6461 | 1 | There is an assertion in function _cairo_arc_in_direction(). |
2 | Upstream-Status: Backport | ||
3 | Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com> | ||
4 | |||
5 | From ab2c5ee21e5f3d3ee4b3f67cfcd5811a4f99c3a0 Mon Sep 17 00:00:00 2001 | ||
6 | From: Heiko Lewin <hlewin@gmx.de> | ||
7 | Date: Sun, 1 Aug 2021 11:16:03 +0000 | ||
8 | Subject: [PATCH] _arc_max_angle_for_tolerance_normalized: fix infinite loop | ||
9 | 2 | ||
10 | --- | 3 | CVE: CVE-2019-6461 |
11 | src/cairo-arc.c | 4 +++- | 4 | Upstream-Status: Pending |
12 | 1 file changed, 3 insertions(+), 1 deletion(-) | 5 | Signed-off-by: Ross Burton <ross.burton@intel.com> |
13 | 6 | ||
14 | diff --git a/src/cairo-arc.c b/src/cairo-arc.c | 7 | diff --git a/src/cairo-arc.c b/src/cairo-arc.c |
15 | index 390397bae..1c891d1a0 100644 | 8 | index 390397bae..1bde774a4 100644 |
16 | --- a/src/cairo-arc.c | 9 | --- a/src/cairo-arc.c |
17 | +++ b/src/cairo-arc.c | 10 | +++ b/src/cairo-arc.c |
18 | @@ -90,16 +90,18 @@ _arc_max_angle_for_tolerance_normalized (double tolerance) | 11 | @@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr, |
19 | { M_PI / 11.0, 9.81410988043554039085e-09 }, | 12 | if (cairo_status (cr)) |
20 | }; | 13 | return; |
21 | int table_size = ARRAY_LENGTH (table); | ||
22 | + const int max_segments = 1000; /* this value is chosen arbitrarily. this gives an error of about 1.74909e-20 */ | ||
23 | 14 | ||
24 | for (i = 0; i < table_size; i++) | 15 | - assert (angle_max >= angle_min); |
25 | if (table[i].error < tolerance) | 16 | + if (angle_max < angle_min) |
26 | return table[i].angle; | 17 | + return; |
27 | 18 | ||
28 | ++i; | 19 | if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) { |
29 | + | 20 | angle_max = fmod (angle_max - angle_min, 2 * M_PI); |
30 | do { | ||
31 | angle = M_PI / i++; | ||
32 | error = _arc_error_normalized (angle); | ||
33 | - } while (error > tolerance); | ||
34 | + } while (error > tolerance && i < max_segments); | ||
35 | |||
36 | return angle; | ||
37 | } | ||
38 | -- | ||
39 | 2.38.1 | ||
40 | |||
diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch b/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch index 4e4598c5b5..7c3209291b 100644 --- a/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch +++ b/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch | |||
@@ -1,20 +1,40 @@ | |||
1 | There is an assertion in function _cairo_arc_in_direction(). | ||
2 | |||
3 | CVE: CVE-2019-6462 | 1 | CVE: CVE-2019-6462 |
4 | Upstream-Status: Pending | 2 | Upstream-Status: Backport |
5 | Signed-off-by: Ross Burton <ross.burton@intel.com> | 3 | Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com> |
4 | |||
5 | From ab2c5ee21e5f3d3ee4b3f67cfcd5811a4f99c3a0 Mon Sep 17 00:00:00 2001 | ||
6 | From: Heiko Lewin <hlewin@gmx.de> | ||
7 | Date: Sun, 1 Aug 2021 11:16:03 +0000 | ||
8 | Subject: [PATCH] _arc_max_angle_for_tolerance_normalized: fix infinite loop | ||
9 | |||
10 | --- | ||
11 | src/cairo-arc.c | 4 +++- | ||
12 | 1 file changed, 3 insertions(+), 1 deletion(-) | ||
6 | 13 | ||
7 | diff --git a/src/cairo-arc.c b/src/cairo-arc.c | 14 | diff --git a/src/cairo-arc.c b/src/cairo-arc.c |
8 | index 390397bae..1bde774a4 100644 | 15 | index 390397bae..1c891d1a0 100644 |
9 | --- a/src/cairo-arc.c | 16 | --- a/src/cairo-arc.c |
10 | +++ b/src/cairo-arc.c | 17 | +++ b/src/cairo-arc.c |
11 | @@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr, | 18 | @@ -90,16 +90,18 @@ _arc_max_angle_for_tolerance_normalized (double tolerance) |
12 | if (cairo_status (cr)) | 19 | { M_PI / 11.0, 9.81410988043554039085e-09 }, |
13 | return; | 20 | }; |
21 | int table_size = ARRAY_LENGTH (table); | ||
22 | + const int max_segments = 1000; /* this value is chosen arbitrarily. this gives an error of about 1.74909e-20 */ | ||
14 | 23 | ||
15 | - assert (angle_max >= angle_min); | 24 | for (i = 0; i < table_size; i++) |
16 | + if (angle_max < angle_min) | 25 | if (table[i].error < tolerance) |
17 | + return; | 26 | return table[i].angle; |
18 | 27 | ||
19 | if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) { | 28 | ++i; |
20 | angle_max = fmod (angle_max - angle_min, 2 * M_PI); | 29 | + |
30 | do { | ||
31 | angle = M_PI / i++; | ||
32 | error = _arc_error_normalized (angle); | ||
33 | - } while (error > tolerance); | ||
34 | + } while (error > tolerance && i < max_segments); | ||
35 | |||
36 | return angle; | ||
37 | } | ||
38 | -- | ||
39 | 2.38.1 | ||
40 | |||