[OE-core] [PATCH v2] cairo: fix CVE patches assigned wrong CVE number

Mon, 02 Jan 2023 06:40:02 -0800 

From: Quentin Schulz <[email protected]>

CVE-2019-6461 and CVE-2019-6462 are fixed, but the reporting is
incorrect as the patch for CVE-2019-6461 is actually for CVE-2019-6462
and vice-versa.

This swaps both files and edit the CVE field to report the correct
identifier.

Cc: Quentin Schulz <[email protected]>
Signed-off-by: Quentin Schulz <[email protected]>
---
Changes in v2:
- Rebased on top of master
- Link to v1: 
https://lore.kernel.org/r/[email protected]
---
 .../cairo/cairo/CVE-2019-6461.patch                | 46 ++++++----------------
 .../cairo/cairo/CVE-2019-6462.patch                | 46 ++++++++++++++++------
 2 files changed, 46 insertions(+), 46 deletions(-)

diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch 
b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
index 0b7d9a0c36..a2dba6cb20 100644
--- a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
+++ b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
@@ -1,40 +1,20 @@
-CVE: CVE-2019-6461
-Upstream-Status: Backport
-Signed-off-by: Quentin Schulz <[email protected]>
-
-From ab2c5ee21e5f3d3ee4b3f67cfcd5811a4f99c3a0 Mon Sep 17 00:00:00 2001
-From: Heiko Lewin <[email protected]>
-Date: Sun, 1 Aug 2021 11:16:03 +0000
-Subject: [PATCH] _arc_max_angle_for_tolerance_normalized: fix infinite loop
+There is an assertion in function _cairo_arc_in_direction().
 
----
- src/cairo-arc.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
+CVE: CVE-2019-6461
+Upstream-Status: Pending
+Signed-off-by: Ross Burton <[email protected]>
 
 diff --git a/src/cairo-arc.c b/src/cairo-arc.c
-index 390397bae..1c891d1a0 100644
+index 390397bae..1bde774a4 100644
 --- a/src/cairo-arc.c
 +++ b/src/cairo-arc.c
-@@ -90,16 +90,18 @@ _arc_max_angle_for_tolerance_normalized (double tolerance)
-       { M_PI / 11.0,  9.81410988043554039085e-09 },
-     };
-     int table_size = ARRAY_LENGTH (table);
-+    const int max_segments = 1000; /* this value is chosen arbitrarily. this 
gives an error of about 1.74909e-20 */
+@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t     *cr,
+     if (cairo_status (cr))
+         return;
  
-     for (i = 0; i < table_size; i++)
-       if (table[i].error < tolerance)
-           return table[i].angle;
+-    assert (angle_max >= angle_min);
++    if (angle_max < angle_min)
++       return;
  
-     ++i;
-+
-     do {
-       angle = M_PI / i++;
-       error = _arc_error_normalized (angle);
--    } while (error > tolerance);
-+    } while (error > tolerance && i < max_segments);
- 
-     return angle;
- }
--- 
-2.38.1
-
+     if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) {
+       angle_max = fmod (angle_max - angle_min, 2 * M_PI);
diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch 
b/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
index 4e4598c5b5..7c3209291b 100644
--- a/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
+++ b/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
@@ -1,20 +1,40 @@
-There is an assertion in function _cairo_arc_in_direction().
-
 CVE: CVE-2019-6462
-Upstream-Status: Pending
-Signed-off-by: Ross Burton <[email protected]>
+Upstream-Status: Backport
+Signed-off-by: Quentin Schulz <[email protected]>
+
+From ab2c5ee21e5f3d3ee4b3f67cfcd5811a4f99c3a0 Mon Sep 17 00:00:00 2001
+From: Heiko Lewin <[email protected]>
+Date: Sun, 1 Aug 2021 11:16:03 +0000
+Subject: [PATCH] _arc_max_angle_for_tolerance_normalized: fix infinite loop
+
+---
+ src/cairo-arc.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
 
 diff --git a/src/cairo-arc.c b/src/cairo-arc.c
-index 390397bae..1bde774a4 100644
+index 390397bae..1c891d1a0 100644
 --- a/src/cairo-arc.c
 +++ b/src/cairo-arc.c
-@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t     *cr,
-     if (cairo_status (cr))
-         return;
+@@ -90,16 +90,18 @@ _arc_max_angle_for_tolerance_normalized (double tolerance)
+       { M_PI / 11.0,  9.81410988043554039085e-09 },
+     };
+     int table_size = ARRAY_LENGTH (table);
++    const int max_segments = 1000; /* this value is chosen arbitrarily. this 
gives an error of about 1.74909e-20 */
  
--    assert (angle_max >= angle_min);
-+    if (angle_max < angle_min)
-+       return;
+     for (i = 0; i < table_size; i++)
+       if (table[i].error < tolerance)
+           return table[i].angle;
  
-     if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) {
-       angle_max = fmod (angle_max - angle_min, 2 * M_PI);
+     ++i;
++
+     do {
+       angle = M_PI / i++;
+       error = _arc_error_normalized (angle);
+-    } while (error > tolerance);
++    } while (error > tolerance && i < max_segments);
+ 
+     return angle;
+ }
+-- 
+2.38.1
+

---
base-commit: 3a8654b860fa98f94e80c3c3fff359ffed14bbe7
change-id: 20221214-cairo-cve-typo-fd0d89835d77

Best regards,
-- 
Quentin Schulz <[email protected]>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#175316): 
https://lists.openembedded.org/g/openembedded-core/message/175316
Mute This Topic: https://lists.openembedded.org/mt/96007428/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to