Hello Quentin, I couldn't apply this patch but it still seems relevant. Can you rebase?
On 14/12/2022 11:42:16+0100, Quentin Schulz wrote: > From: Quentin Schulz <[email protected]> > > CVE-2019-6461 and CVE-2019-6462 are fixed, but the reporting is > incorrect as the patch for CVE-2019-6461 is actually for CVE-2019-6462 > and vice-versa. > > This swaps both files and edit the CVE field to report the correct > identifier. > > Cc: Quentin Schulz <[email protected]> > Signed-off-by: Quentin Schulz <[email protected]> > --- > .../cairo/cairo/CVE-2019-6461.patch | 21 > +++++++++++---------- > .../cairo/cairo/CVE-2019-6462.patch | 21 > ++++++++++----------- > 2 files changed, 21 insertions(+), 21 deletions(-) > > diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch > b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch > index 5232cf70c6..a2dba6cb20 100644 > --- a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch > +++ b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch > @@ -1,19 +1,20 @@ > -There is a potential infinite-loop in function _arc_error_normalized(). > +There is an assertion in function _cairo_arc_in_direction(). > > CVE: CVE-2019-6461 > Upstream-Status: Pending > Signed-off-by: Ross Burton <[email protected]> > > diff --git a/src/cairo-arc.c b/src/cairo-arc.c > -index 390397bae..f9249dbeb 100644 > +index 390397bae..1bde774a4 100644 > --- a/src/cairo-arc.c > +++ b/src/cairo-arc.c > -@@ -99,7 +99,7 @@ _arc_max_angle_for_tolerance_normalized (double tolerance) > - do { > - angle = M_PI / i++; > - error = _arc_error_normalized (angle); > -- } while (error > tolerance); > -+ } while (error > tolerance && error > __DBL_EPSILON__); > +@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr, > + if (cairo_status (cr)) > + return; > > - return angle; > - } > +- assert (angle_max >= angle_min); > ++ if (angle_max < angle_min) > ++ return; > + > + if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) { > + angle_max = fmod (angle_max - angle_min, 2 * M_PI); > diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch > b/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch > index 4e4598c5b5..e3a8d5a219 100644 > --- a/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch > +++ b/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch > @@ -1,20 +1,19 @@ > -There is an assertion in function _cairo_arc_in_direction(). > +There is a potential infinite-loop in function _arc_error_normalized(). > > CVE: CVE-2019-6462 > Upstream-Status: Pending > Signed-off-by: Ross Burton <[email protected]> > > diff --git a/src/cairo-arc.c b/src/cairo-arc.c > -index 390397bae..1bde774a4 100644 > +index 390397bae..f9249dbeb 100644 > --- a/src/cairo-arc.c > +++ b/src/cairo-arc.c > -@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr, > - if (cairo_status (cr)) > - return; > +@@ -99,7 +99,7 @@ _arc_max_angle_for_tolerance_normalized (double tolerance) > + do { > + angle = M_PI / i++; > + error = _arc_error_normalized (angle); > +- } while (error > tolerance); > ++ } while (error > tolerance && error > __DBL_EPSILON__); > > -- assert (angle_max >= angle_min); > -+ if (angle_max < angle_min) > -+ return; > - > - if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) { > - angle_max = fmod (angle_max - angle_min, 2 * M_PI); > + return angle; > + } > > --- > base-commit: a89bea9fed0005bc7d820a1fc6a9d6dd7c246c22 > change-id: 20221214-cairo-cve-typo-fd0d89835d77 > > Best regards, > -- > Quentin Schulz <[email protected]> > > > -- Alexandre Belloni, co-owner and COO, Bootlin Embedded Linux and Kernel engineering https://bootlin.com
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#174835): https://lists.openembedded.org/g/openembedded-core/message/174835 Mute This Topic: https://lists.openembedded.org/mt/95663780/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
