summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorQuentin Schulz <quentin.schulz@theobroma-systems.com>2023-01-02 15:39:34 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2023-01-06 12:03:47 +0000
commit99b4356b3507f204749124f89cf3217b45882031 (patch)
tree0aca2e49d9c079933d3b3d37f41ff809b3d3b176 /meta
parentf71fe538c8823f00d7fb2c3d4e78e5b18a41b98b (diff)
downloadpoky-99b4356b3507f204749124f89cf3217b45882031.tar.gz
cairo: fix CVE patches assigned wrong CVE number
CVE-2019-6461 and CVE-2019-6462 are fixed, but the reporting is incorrect as the patch for CVE-2019-6461 is actually for CVE-2019-6462 and vice-versa. This swaps both files and edit the CVE field to report the correct identifier. Cc: Quentin Schulz <foss+yocto@0leil.net> (From OE-Core rev: f12c2a5ac94cb29f473f3c7e335463c7fb6d8a6e) Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch46
-rw-r--r--meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch46
2 files changed, 46 insertions, 46 deletions
diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
index 0b7d9a0c36..a2dba6cb20 100644
--- a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
+++ b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
@@ -1,40 +1,20 @@
1CVE: CVE-2019-6461 1There is an assertion in function _cairo_arc_in_direction().
2Upstream-Status: Backport
3Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
4
5From ab2c5ee21e5f3d3ee4b3f67cfcd5811a4f99c3a0 Mon Sep 17 00:00:00 2001
6From: Heiko Lewin <hlewin@gmx.de>
7Date: Sun, 1 Aug 2021 11:16:03 +0000
8Subject: [PATCH] _arc_max_angle_for_tolerance_normalized: fix infinite loop
9 2
10--- 3CVE: CVE-2019-6461
11 src/cairo-arc.c | 4 +++- 4Upstream-Status: Pending
12 1 file changed, 3 insertions(+), 1 deletion(-) 5Signed-off-by: Ross Burton <ross.burton@intel.com>
13 6
14diff --git a/src/cairo-arc.c b/src/cairo-arc.c 7diff --git a/src/cairo-arc.c b/src/cairo-arc.c
15index 390397bae..1c891d1a0 100644 8index 390397bae..1bde774a4 100644
16--- a/src/cairo-arc.c 9--- a/src/cairo-arc.c
17+++ b/src/cairo-arc.c 10+++ b/src/cairo-arc.c
18@@ -90,16 +90,18 @@ _arc_max_angle_for_tolerance_normalized (double tolerance) 11@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr,
19 { M_PI / 11.0, 9.81410988043554039085e-09 }, 12 if (cairo_status (cr))
20 }; 13 return;
21 int table_size = ARRAY_LENGTH (table);
22+ const int max_segments = 1000; /* this value is chosen arbitrarily. this gives an error of about 1.74909e-20 */
23 14
24 for (i = 0; i < table_size; i++) 15- assert (angle_max >= angle_min);
25 if (table[i].error < tolerance) 16+ if (angle_max < angle_min)
26 return table[i].angle; 17+ return;
27 18
28 ++i; 19 if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) {
29+ 20 angle_max = fmod (angle_max - angle_min, 2 * M_PI);
30 do {
31 angle = M_PI / i++;
32 error = _arc_error_normalized (angle);
33- } while (error > tolerance);
34+ } while (error > tolerance && i < max_segments);
35
36 return angle;
37 }
38--
392.38.1
40
diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch b/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
index 4e4598c5b5..7c3209291b 100644
--- a/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
+++ b/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
@@ -1,20 +1,40 @@
1There is an assertion in function _cairo_arc_in_direction().
2
3CVE: CVE-2019-6462 1CVE: CVE-2019-6462
4Upstream-Status: Pending 2Upstream-Status: Backport
5Signed-off-by: Ross Burton <ross.burton@intel.com> 3Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
4
5From ab2c5ee21e5f3d3ee4b3f67cfcd5811a4f99c3a0 Mon Sep 17 00:00:00 2001
6From: Heiko Lewin <hlewin@gmx.de>
7Date: Sun, 1 Aug 2021 11:16:03 +0000
8Subject: [PATCH] _arc_max_angle_for_tolerance_normalized: fix infinite loop
9
10---
11 src/cairo-arc.c | 4 +++-
12 1 file changed, 3 insertions(+), 1 deletion(-)
6 13
7diff --git a/src/cairo-arc.c b/src/cairo-arc.c 14diff --git a/src/cairo-arc.c b/src/cairo-arc.c
8index 390397bae..1bde774a4 100644 15index 390397bae..1c891d1a0 100644
9--- a/src/cairo-arc.c 16--- a/src/cairo-arc.c
10+++ b/src/cairo-arc.c 17+++ b/src/cairo-arc.c
11@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr, 18@@ -90,16 +90,18 @@ _arc_max_angle_for_tolerance_normalized (double tolerance)
12 if (cairo_status (cr)) 19 { M_PI / 11.0, 9.81410988043554039085e-09 },
13 return; 20 };
21 int table_size = ARRAY_LENGTH (table);
22+ const int max_segments = 1000; /* this value is chosen arbitrarily. this gives an error of about 1.74909e-20 */
14 23
15- assert (angle_max >= angle_min); 24 for (i = 0; i < table_size; i++)
16+ if (angle_max < angle_min) 25 if (table[i].error < tolerance)
17+ return; 26 return table[i].angle;
18 27
19 if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) { 28 ++i;
20 angle_max = fmod (angle_max - angle_min, 2 * M_PI); 29+
30 do {
31 angle = M_PI / i++;
32 error = _arc_error_normalized (angle);
33- } while (error > tolerance);
34+ } while (error > tolerance && i < max_segments);
35
36 return angle;
37 }
38--
392.38.1
40