* [PATCH] cairo: fix CVE patches assigned wrong CVE number
@ 2022-12-14 10:42 Quentin Schulz
2022-12-19 21:29 ` [OE-core] " Alexandre Belloni
0 siblings, 1 reply; 2+ messages in thread
From: Quentin Schulz @ 2022-12-14 10:42 UTC (permalink / raw)
To: openembedded-core, Quentin Schulz, Ross Burton; +Cc: Quentin Schulz
From: Quentin Schulz <quentin.schulz@theobroma-systems.com>
CVE-2019-6461 and CVE-2019-6462 are fixed, but the reporting is
incorrect as the patch for CVE-2019-6461 is actually for CVE-2019-6462
and vice-versa.
This swaps both files and edit the CVE field to report the correct
identifier.
Cc: Quentin Schulz <foss+yocto@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
---
.../cairo/cairo/CVE-2019-6461.patch | 21 +++++++++++----------
.../cairo/cairo/CVE-2019-6462.patch | 21 ++++++++++-----------
2 files changed, 21 insertions(+), 21 deletions(-)
diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
index 5232cf70c6..a2dba6cb20 100644
--- a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
+++ b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
@@ -1,19 +1,20 @@
-There is a potential infinite-loop in function _arc_error_normalized().
+There is an assertion in function _cairo_arc_in_direction().
CVE: CVE-2019-6461
Upstream-Status: Pending
Signed-off-by: Ross Burton <ross.burton@intel.com>
diff --git a/src/cairo-arc.c b/src/cairo-arc.c
-index 390397bae..f9249dbeb 100644
+index 390397bae..1bde774a4 100644
--- a/src/cairo-arc.c
+++ b/src/cairo-arc.c
-@@ -99,7 +99,7 @@ _arc_max_angle_for_tolerance_normalized (double tolerance)
- do {
- angle = M_PI / i++;
- error = _arc_error_normalized (angle);
-- } while (error > tolerance);
-+ } while (error > tolerance && error > __DBL_EPSILON__);
+@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr,
+ if (cairo_status (cr))
+ return;
- return angle;
- }
+- assert (angle_max >= angle_min);
++ if (angle_max < angle_min)
++ return;
+
+ if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) {
+ angle_max = fmod (angle_max - angle_min, 2 * M_PI);
diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch b/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
index 4e4598c5b5..e3a8d5a219 100644
--- a/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
+++ b/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
@@ -1,20 +1,19 @@
-There is an assertion in function _cairo_arc_in_direction().
+There is a potential infinite-loop in function _arc_error_normalized().
CVE: CVE-2019-6462
Upstream-Status: Pending
Signed-off-by: Ross Burton <ross.burton@intel.com>
diff --git a/src/cairo-arc.c b/src/cairo-arc.c
-index 390397bae..1bde774a4 100644
+index 390397bae..f9249dbeb 100644
--- a/src/cairo-arc.c
+++ b/src/cairo-arc.c
-@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr,
- if (cairo_status (cr))
- return;
+@@ -99,7 +99,7 @@ _arc_max_angle_for_tolerance_normalized (double tolerance)
+ do {
+ angle = M_PI / i++;
+ error = _arc_error_normalized (angle);
+- } while (error > tolerance);
++ } while (error > tolerance && error > __DBL_EPSILON__);
-- assert (angle_max >= angle_min);
-+ if (angle_max < angle_min)
-+ return;
-
- if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) {
- angle_max = fmod (angle_max - angle_min, 2 * M_PI);
+ return angle;
+ }
---
base-commit: a89bea9fed0005bc7d820a1fc6a9d6dd7c246c22
change-id: 20221214-cairo-cve-typo-fd0d89835d77
Best regards,
--
Quentin Schulz <quentin.schulz@theobroma-systems.com>
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [OE-core] [PATCH] cairo: fix CVE patches assigned wrong CVE number
2022-12-14 10:42 [PATCH] cairo: fix CVE patches assigned wrong CVE number Quentin Schulz
@ 2022-12-19 21:29 ` Alexandre Belloni
0 siblings, 0 replies; 2+ messages in thread
From: Alexandre Belloni @ 2022-12-19 21:29 UTC (permalink / raw)
To: Quentin Schulz
Cc: openembedded-core, Quentin Schulz, Ross Burton, Quentin Schulz
Hello Quentin,
I couldn't apply this patch but it still seems relevant. Can you rebase?
On 14/12/2022 11:42:16+0100, Quentin Schulz wrote:
> From: Quentin Schulz <quentin.schulz@theobroma-systems.com>
>
> CVE-2019-6461 and CVE-2019-6462 are fixed, but the reporting is
> incorrect as the patch for CVE-2019-6461 is actually for CVE-2019-6462
> and vice-versa.
>
> This swaps both files and edit the CVE field to report the correct
> identifier.
>
> Cc: Quentin Schulz <foss+yocto@0leil.net>
> Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
> ---
> .../cairo/cairo/CVE-2019-6461.patch | 21 +++++++++++----------
> .../cairo/cairo/CVE-2019-6462.patch | 21 ++++++++++-----------
> 2 files changed, 21 insertions(+), 21 deletions(-)
>
> diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
> index 5232cf70c6..a2dba6cb20 100644
> --- a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
> +++ b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
> @@ -1,19 +1,20 @@
> -There is a potential infinite-loop in function _arc_error_normalized().
> +There is an assertion in function _cairo_arc_in_direction().
>
> CVE: CVE-2019-6461
> Upstream-Status: Pending
> Signed-off-by: Ross Burton <ross.burton@intel.com>
>
> diff --git a/src/cairo-arc.c b/src/cairo-arc.c
> -index 390397bae..f9249dbeb 100644
> +index 390397bae..1bde774a4 100644
> --- a/src/cairo-arc.c
> +++ b/src/cairo-arc.c
> -@@ -99,7 +99,7 @@ _arc_max_angle_for_tolerance_normalized (double tolerance)
> - do {
> - angle = M_PI / i++;
> - error = _arc_error_normalized (angle);
> -- } while (error > tolerance);
> -+ } while (error > tolerance && error > __DBL_EPSILON__);
> +@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr,
> + if (cairo_status (cr))
> + return;
>
> - return angle;
> - }
> +- assert (angle_max >= angle_min);
> ++ if (angle_max < angle_min)
> ++ return;
> +
> + if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) {
> + angle_max = fmod (angle_max - angle_min, 2 * M_PI);
> diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch b/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
> index 4e4598c5b5..e3a8d5a219 100644
> --- a/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
> +++ b/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
> @@ -1,20 +1,19 @@
> -There is an assertion in function _cairo_arc_in_direction().
> +There is a potential infinite-loop in function _arc_error_normalized().
>
> CVE: CVE-2019-6462
> Upstream-Status: Pending
> Signed-off-by: Ross Burton <ross.burton@intel.com>
>
> diff --git a/src/cairo-arc.c b/src/cairo-arc.c
> -index 390397bae..1bde774a4 100644
> +index 390397bae..f9249dbeb 100644
> --- a/src/cairo-arc.c
> +++ b/src/cairo-arc.c
> -@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr,
> - if (cairo_status (cr))
> - return;
> +@@ -99,7 +99,7 @@ _arc_max_angle_for_tolerance_normalized (double tolerance)
> + do {
> + angle = M_PI / i++;
> + error = _arc_error_normalized (angle);
> +- } while (error > tolerance);
> ++ } while (error > tolerance && error > __DBL_EPSILON__);
>
> -- assert (angle_max >= angle_min);
> -+ if (angle_max < angle_min)
> -+ return;
> -
> - if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) {
> - angle_max = fmod (angle_max - angle_min, 2 * M_PI);
> + return angle;
> + }
>
> ---
> base-commit: a89bea9fed0005bc7d820a1fc6a9d6dd7c246c22
> change-id: 20221214-cairo-cve-typo-fd0d89835d77
>
> Best regards,
> --
> Quentin Schulz <quentin.schulz@theobroma-systems.com>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#174552): https://lists.openembedded.org/g/openembedded-core/message/174552
> Mute This Topic: https://lists.openembedded.org/mt/95663780/3617179
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alexandre.belloni@bootlin.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
--
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-12-19 21:29 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-12-14 10:42 [PATCH] cairo: fix CVE patches assigned wrong CVE number Quentin Schulz
2022-12-19 21:29 ` [OE-core] " Alexandre Belloni
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.