From: Quentin Schulz <[email protected]> CVE-2019-6461 and CVE-2019-6462 are fixed, but the reporting is incorrect as the patch for CVE-2019-6461 is actually for CVE-2019-6462 and vice-versa.
This swaps both files and edit the CVE field to report the correct identifier. Cc: Quentin Schulz <[email protected]> Signed-off-by: Quentin Schulz <[email protected]> --- .../cairo/cairo/CVE-2019-6461.patch | 21 +++++++++++---------- .../cairo/cairo/CVE-2019-6462.patch | 21 ++++++++++----------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch index 5232cf70c6..a2dba6cb20 100644 --- a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch +++ b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch @@ -1,19 +1,20 @@ -There is a potential infinite-loop in function _arc_error_normalized(). +There is an assertion in function _cairo_arc_in_direction(). CVE: CVE-2019-6461 Upstream-Status: Pending Signed-off-by: Ross Burton <[email protected]> diff --git a/src/cairo-arc.c b/src/cairo-arc.c -index 390397bae..f9249dbeb 100644 +index 390397bae..1bde774a4 100644 --- a/src/cairo-arc.c +++ b/src/cairo-arc.c -@@ -99,7 +99,7 @@ _arc_max_angle_for_tolerance_normalized (double tolerance) - do { - angle = M_PI / i++; - error = _arc_error_normalized (angle); -- } while (error > tolerance); -+ } while (error > tolerance && error > __DBL_EPSILON__); +@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr, + if (cairo_status (cr)) + return; - return angle; - } +- assert (angle_max >= angle_min); ++ if (angle_max < angle_min) ++ return; + + if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) { + angle_max = fmod (angle_max - angle_min, 2 * M_PI); diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch b/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch index 4e4598c5b5..e3a8d5a219 100644 --- a/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch +++ b/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch @@ -1,20 +1,19 @@ -There is an assertion in function _cairo_arc_in_direction(). +There is a potential infinite-loop in function _arc_error_normalized(). CVE: CVE-2019-6462 Upstream-Status: Pending Signed-off-by: Ross Burton <[email protected]> diff --git a/src/cairo-arc.c b/src/cairo-arc.c -index 390397bae..1bde774a4 100644 +index 390397bae..f9249dbeb 100644 --- a/src/cairo-arc.c +++ b/src/cairo-arc.c -@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr, - if (cairo_status (cr)) - return; +@@ -99,7 +99,7 @@ _arc_max_angle_for_tolerance_normalized (double tolerance) + do { + angle = M_PI / i++; + error = _arc_error_normalized (angle); +- } while (error > tolerance); ++ } while (error > tolerance && error > __DBL_EPSILON__); -- assert (angle_max >= angle_min); -+ if (angle_max < angle_min) -+ return; - - if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) { - angle_max = fmod (angle_max - angle_min, 2 * M_PI); + return angle; + } --- base-commit: a89bea9fed0005bc7d820a1fc6a9d6dd7c246c22 change-id: 20221214-cairo-cve-typo-fd0d89835d77 Best regards, -- Quentin Schulz <[email protected]>
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#174552): https://lists.openembedded.org/g/openembedded-core/message/174552 Mute This Topic: https://lists.openembedded.org/mt/95663780/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
