exiv2: Upgrade to 0.27.6

Drop backported patches Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Khem Raj <raj.khem@gmail.com> 2023-01-17 11:27:49 -0800
committer: Khem Raj <raj.khem@gmail.com> 2023-01-21 10:02:02 -0800
commit: 00a7d4b284c1afccfa26021111384d2184b82e5b (patch)
tree: 8e404792fa559cb721da872c0d193f09ac82eb21
parent: e4a2dfb8d9402e549762d87e7e2df6d586a4530e (diff)
download: meta-openembedded-00a7d4b284c1afccfa26021111384d2184b82e5b.tar.gz
10 files changed, 19 insertions, 432 deletions
diff --git a/meta-oe/recipes-support/exiv2/exiv2/0001-Use-compiler-fcf-protection-only-if-compiler-arch-su.patch b/meta-oe/recipes-support/exiv2/exiv2/0001-Use-compiler-fcf-protection-only-if-compiler-arch-su.patch
deleted file mode 100644
index 96146a1957..0000000000
--- a/meta-oe/recipes-support/exiv2/exiv2/0001-Use-compiler-fcf-protection-only-if-compiler-arch-su.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 04d5f4805a86302a0e135a28d58a6c1ff6a68d52 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Andreas=20M=C3=BCller?= <schnitzeltony@gmail.com>
-Date: Thu, 30 Jul 2020 23:03:51 +0200
-Subject: [PATCH] Use compiler -fcf-protection only if compiler/arch supports
- it
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-There have been some PRs they were either rejected or some general suggestion
-for more flags suggested. So
-Upstream-Status: Pending
-Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
---
- cmake/compilerFlags.cmake | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-diff --git a/cmake/compilerFlags.cmake b/cmake/compilerFlags.cmake
-index 12caf42..455525e 100644
--- a/cmake/compilerFlags.cmake
-+++ b/cmake/compilerFlags.cmake
-@@ -26,7 +26,12 @@ if ( MINGW OR UNIX OR MSYS ) # MINGW, Linux, APPLE, CYGWIN
-         # This fails under Fedora, MinGW GCC 8.3.0 and CYGWIN/MSYS 9.3.0
-         if (NOT (MINGW OR CMAKE_HOST_SOLARIS OR CYGWIN OR MSYS) )
-             if (COMPILER_IS_GCC AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER_EQUAL 8.0)
-                add_compile_options(-fstack-clash-protection -fcf-protection)
-+                # Gcc does support -fcf-protection on few arches only
-+                CHECK_CXX_COMPILER_FLAG(-fcf-protection COMPILER_SUPPORTS_FCF_PROTECTION)
-+                if (COMPILER_SUPPORTS_FCF_PROTECTION)
-+                    add_compile_options(-fcf-protection)
-+                endif()
-+                add_compile_options(-fstack-clash-protection)
-             endif()
- 
-             if( (COMPILER_IS_GCC   AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER_EQUAL 5.0) # Not in GCC 4.8
-- 
-2.21.3
diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29457.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29457.patch
deleted file mode 100644
index e5d069487c..0000000000
--- a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29457.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 13e5a3e02339b746abcaee6408893ca2fd8e289d Mon Sep 17 00:00:00 2001
-From: Pydera <pydera@mailbox.org>
-Date: Thu, 8 Apr 2021 17:36:16 +0200
-Subject: [PATCH] Fix out of buffer access in #1529
---
- src/jp2image.cpp | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-diff --git a/src/jp2image.cpp b/src/jp2image.cpp
-index 88ab9b2d6..12025f966 100644
--- a/src/jp2image.cpp
-+++ b/src/jp2image.cpp
-@@ -776,9 +776,10 @@ static void boxes_check(size_t b,size_t m)
- #endif
-                 box.length = (uint32_t) (io_->size() - io_->tell() + 8);
-             }
-            if (box.length == 1)
-+            if (box.length < 8)
-             {
-                // FIXME. Special case. the real box size is given in another place.
-+                // box is broken, so there is nothing we can do here
-+                throw Error(kerCorruptedMetadata);
-             }
- 
-             // Read whole box : Box header + Box data (not fixed size - can be null).
diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29458.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29458.patch
deleted file mode 100644
index 285f6fe4ce..0000000000
--- a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29458.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 9b7a19f957af53304655ed1efe32253a1b11a8d0 Mon Sep 17 00:00:00 2001
-From: Kevin Backhouse <kevinbackhouse@github.com>
-Date: Fri, 9 Apr 2021 13:37:48 +0100
-Subject: [PATCH] Fix integer overflow.
---
- src/crwimage_int.cpp | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
-index aefaf22..2e3e507 100644
--- a/src/crwimage_int.cpp
-+++ b/src/crwimage_int.cpp
-@@ -559,7 +559,7 @@ namespace Exiv2 {
-     void CiffComponent::setValue(DataBuf buf)
-     {
-         if (isAllocated_) {
-            delete pData_;
-+            delete[] pData_;
-             pData_ = 0;
-             size_ = 0;
-         }
-@@ -1167,7 +1167,11 @@ namespace Exiv2 {
-                                                  pCrwMapping->crwDir_);
-         if (edX != edEnd || edY != edEnd || edO != edEnd) {
-             uint32_t size = 28;
-            if (cc && cc->size() > size) size = cc->size();
-+            if (cc) {
-+              if (cc->size() < size)
-+                throw Error(kerCorruptedMetadata);
-+              size = cc->size();
-+            }
-             DataBuf buf(size);
-             std::memset(buf.pData_, 0x0, buf.size_);
-             if (cc) std::memcpy(buf.pData_ + 8, cc->pData() + 8, cc->size() - 8);
-- 
-2.25.1
diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29463.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29463.patch
deleted file mode 100644
index 5ab64a7d3e..0000000000
--- a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29463.patch
+++ /dev/null
@@ -1,120 +0,0 @@
-From 783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b Mon Sep 17 00:00:00 2001
-From: Kevin Backhouse <kevinbackhouse@github.com>
-Date: Mon, 19 Apr 2021 18:06:00 +0100
-Subject: [PATCH] Improve bound checking in WebPImage::doWriteMetadata()
---
- src/webpimage.cpp | 41 ++++++++++++++++++++++++++++++-----------
- 1 file changed, 30 insertions(+), 11 deletions(-)
-diff --git a/src/webpimage.cpp b/src/webpimage.cpp
-index 4ddec544c..fee110bca 100644
--- a/src/webpimage.cpp
-+++ b/src/webpimage.cpp
-@@ -145,7 +145,7 @@ namespace Exiv2 {
-         DataBuf chunkId(WEBP_TAG_SIZE+1);
-         chunkId.pData_ [WEBP_TAG_SIZE] = '\0';
- 
-        io_->read(data, WEBP_TAG_SIZE * 3);
-+        readOrThrow(*io_, data, WEBP_TAG_SIZE * 3, Exiv2::kerCorruptedMetadata);
-         uint64_t filesize = Exiv2::getULong(data + WEBP_TAG_SIZE, littleEndian);
- 
-         /* Set up header */
-@@ -185,13 +185,20 @@ namespace Exiv2 {
-          case we have any exif or xmp data, also check
-          for any chunks with alpha frame/layer set */
-         while ( !io_->eof() && (uint64_t) io_->tell() < filesize) {
-            io_->read(chunkId.pData_, WEBP_TAG_SIZE);
-            io_->read(size_buff, WEBP_TAG_SIZE);
-            long size = Exiv2::getULong(size_buff, littleEndian);
-+            readOrThrow(*io_, chunkId.pData_, WEBP_TAG_SIZE, Exiv2::kerCorruptedMetadata);
-+            readOrThrow(*io_, size_buff, WEBP_TAG_SIZE, Exiv2::kerCorruptedMetadata);
-+            const uint32_t size_u32 = Exiv2::getULong(size_buff, littleEndian);
-+
-+            // Check that `size_u32` is safe to cast to `long`.
-+            enforce(size_u32 <= static_cast<size_t>(std::numeric_limits<unsigned int>::max()),
-+                    Exiv2::kerCorruptedMetadata);
-+            const long size = static_cast<long>(size_u32);
-             DataBuf payload(size);
-            io_->read(payload.pData_, payload.size_);
-            byte c;
-            if ( payload.size_ % 2 ) io_->read(&c,1);
-+            readOrThrow(*io_, payload.pData_, payload.size_, Exiv2::kerCorruptedMetadata);
-+            if ( payload.size_ % 2 ) {
-+              byte c;
-+              readOrThrow(*io_, &c, 1, Exiv2::kerCorruptedMetadata);
-+            }
- 
-             /* Chunk with information about features
-              used in the file. */
-@@ -199,6 +206,7 @@ namespace Exiv2 {
-                 has_vp8x = true;
-             }
-             if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8X) && !has_size) {
-+                enforce(size >= 10, Exiv2::kerCorruptedMetadata);
-                 has_size = true;
-                 byte size_buf[WEBP_TAG_SIZE];
- 
-@@ -227,6 +235,7 @@ namespace Exiv2 {
-             }
- #endif
-             if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8) && !has_size) {
-+                enforce(size >= 10, Exiv2::kerCorruptedMetadata);
-                 has_size = true;
-                 byte size_buf[2];
- 
-@@ -244,11 +253,13 @@ namespace Exiv2 {
- 
-             /* Chunk with with lossless image data. */
-             if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8L) && !has_alpha) {
-+                enforce(size >= 5, Exiv2::kerCorruptedMetadata);
-                 if ((payload.pData_[4] & WEBP_VP8X_ALPHA_BIT) == WEBP_VP8X_ALPHA_BIT) {
-                     has_alpha = true;
-                 }
-             }
-             if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8L) && !has_size) {
-+                enforce(size >= 5, Exiv2::kerCorruptedMetadata);
-                 has_size = true;
-                 byte size_buf_w[2];
-                 byte size_buf_h[3];
-@@ -276,11 +287,13 @@ namespace Exiv2 {
- 
-             /* Chunk with animation frame. */
-             if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_ANMF) && !has_alpha) {
-+                enforce(size >= 6, Exiv2::kerCorruptedMetadata);
-                 if ((payload.pData_[5] & 0x2) == 0x2) {
-                     has_alpha = true;
-                 }
-             }
-             if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_ANMF) && !has_size) {
-+                enforce(size >= 12, Exiv2::kerCorruptedMetadata);
-                 has_size = true;
-                 byte size_buf[WEBP_TAG_SIZE];
- 
-@@ -309,16 +322,22 @@ namespace Exiv2 {
- 
-         io_->seek(12, BasicIo::beg);
-         while ( !io_->eof() && (uint64_t) io_->tell() < filesize) {
-            io_->read(chunkId.pData_, 4);
-            io_->read(size_buff, 4);
-+            readOrThrow(*io_, chunkId.pData_, 4, Exiv2::kerCorruptedMetadata);
-+            readOrThrow(*io_, size_buff, 4, Exiv2::kerCorruptedMetadata);
-+
-+            const uint32_t size_u32 = Exiv2::getULong(size_buff, littleEndian);
- 
-            long size = Exiv2::getULong(size_buff, littleEndian);
-+            // Check that `size_u32` is safe to cast to `long`.
-+            enforce(size_u32 <= static_cast<size_t>(std::numeric_limits<unsigned int>::max()),
-+                    Exiv2::kerCorruptedMetadata);
-+            const long size = static_cast<long>(size_u32);
- 
-             DataBuf payload(size);
-            io_->read(payload.pData_, size);
-+            readOrThrow(*io_, payload.pData_, size, Exiv2::kerCorruptedMetadata);
-             if ( io_->tell() % 2 ) io_->seek(+1,BasicIo::cur); // skip pad
- 
-             if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8X)) {
-+                enforce(size >= 1, Exiv2::kerCorruptedMetadata);
-                 if (has_icc){
-                     payload.pData_[0] |= WEBP_VP8X_ICC_BIT;
-                 } else {
diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29464.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29464.patch
deleted file mode 100644
index f0c482450c..0000000000
--- a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29464.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 61734d8842cb9cc59437463e3bac54d6231d9487 Mon Sep 17 00:00:00 2001
-From: Wang Mingyu <wangmy@fujitsu.com>
-Date: Tue, 18 May 2021 10:52:54 +0900
-Subject: [PATCH] modify
-Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
---
- src/jp2image.cpp | 14 +++++++++-----
- 1 file changed, 9 insertions(+), 5 deletions(-)
-diff --git a/src/jp2image.cpp b/src/jp2image.cpp
-index 52723a4..0ac4f50 100644
--- a/src/jp2image.cpp
-+++ b/src/jp2image.cpp
-@@ -643,11 +643,11 @@ static void boxes_check(size_t b,size_t m)
-     void Jp2Image::encodeJp2Header(const DataBuf& boxBuf,DataBuf& outBuf)
-     {
-         DataBuf output(boxBuf.size_ + iccProfile_.size_ + 100); // allocate sufficient space
-        int     outlen = sizeof(Jp2BoxHeader) ; // now many bytes have we written to output?
-        int      inlen = sizeof(Jp2BoxHeader) ; // how many bytes have we read from boxBuf?
-+        long    outlen = sizeof(Jp2BoxHeader) ; // now many bytes have we written to output?
-+        long    inlen = sizeof(Jp2BoxHeader) ; // how many bytes have we read from boxBuf?
-         Jp2BoxHeader* pBox   = (Jp2BoxHeader*) boxBuf.pData_;
-        int32_t       length = getLong((byte*)&pBox->length, bigEndian);
-        int32_t       count  = sizeof (Jp2BoxHeader);
-+        uint32_t      length = getLong((byte*)&pBox->length, bigEndian);
-+        uint32_t      count  = sizeof (Jp2BoxHeader);
-         char*         p      = (char*) boxBuf.pData_;
-         bool          bWroteColor = false ;
- 
-@@ -664,6 +664,7 @@ static void boxes_check(size_t b,size_t m)
- #ifdef EXIV2_DEBUG_MESSAGES
-                 std::cout << "Jp2Image::encodeJp2Header subbox: "<< toAscii(subBox.type) << " length = " << subBox.length << std::endl;
- #endif
-+                enforce(subBox.length <= length - count, Exiv2::kerCorruptedMetadata);
-                 count        += subBox.length;
-                 newBox.type   = subBox.type;
-             } else {
-@@ -672,12 +673,13 @@ static void boxes_check(size_t b,size_t m)
-                 count = length;
-             }
- 
-            int32_t newlen = subBox.length;
-+            uint32_t newlen = subBox.length;
-             if ( newBox.type == kJp2BoxTypeColorHeader ) {
-                 bWroteColor = true ;
-                 if ( ! iccProfileDefined() ) {
-                     const char* pad   = "\x01\x00\x00\x00\x00\x00\x10\x00\x00\x05\x1cuuid";
-                     uint32_t    psize = 15;
-+                    enforce(newlen <= output.size_ - outlen, Exiv2::kerCorruptedMetadata);
-                     ul2Data((byte*)&newBox.length,psize      ,bigEndian);
-                     ul2Data((byte*)&newBox.type  ,newBox.type,bigEndian);
-                     ::memcpy(output.pData_+outlen                     ,&newBox            ,sizeof(newBox));
-@@ -686,6 +688,7 @@ static void boxes_check(size_t b,size_t m)
-                 } else {
-                     const char* pad   = "\0x02\x00\x00";
-                     uint32_t    psize = 3;
-+                    enforce(newlen <= output.size_ - outlen, Exiv2::kerCorruptedMetadata);
-                     ul2Data((byte*)&newBox.length,psize+iccProfile_.size_,bigEndian);
-                     ul2Data((byte*)&newBox.type,newBox.type,bigEndian);
-                     ::memcpy(output.pData_+outlen                     ,&newBox            ,sizeof(newBox)  );
-@@ -694,6 +697,7 @@ static void boxes_check(size_t b,size_t m)
-                     newlen = psize + iccProfile_.size_;
-                 }
-             } else {
-+                enforce(newlen <= output.size_ - outlen, Exiv2::kerCorruptedMetadata);
-                 ::memcpy(output.pData_+outlen,boxBuf.pData_+inlen,subBox.length);
-             }
- 
-- 
-2.25.1
diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29470.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29470.patch
deleted file mode 100644
index eedf9d79aa..0000000000
--- a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29470.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 6628a69c036df2aa036290e6cd71767c159c79ed Mon Sep 17 00:00:00 2001
-From: Kevin Backhouse <kevinbackhouse@github.com>
-Date: Wed, 21 Apr 2021 12:06:04 +0100
-Subject: [PATCH] Add more bounds checks in Jp2Image::encodeJp2Header
---
- src/jp2image.cpp | 3 +++
- 1 file changed, 3 insertions(+)
-diff --git a/src/jp2image.cpp b/src/jp2image.cpp
-index b424225..349a9f0 100644
--- a/src/jp2image.cpp
-+++ b/src/jp2image.cpp
-@@ -645,13 +645,16 @@ static void boxes_check(size_t b,size_t m)
-         DataBuf output(boxBuf.size_ + iccProfile_.size_ + 100); // allocate sufficient space
-         long    outlen = sizeof(Jp2BoxHeader) ; // now many bytes have we written to output?
-         long    inlen = sizeof(Jp2BoxHeader) ; // how many bytes have we read from boxBuf?
-+        enforce(sizeof(Jp2BoxHeader) <= static_cast<size_t>(output.size_), Exiv2::kerCorruptedMetadata);
-         Jp2BoxHeader* pBox   = (Jp2BoxHeader*) boxBuf.pData_;
-         uint32_t      length = getLong((byte*)&pBox->length, bigEndian);
-+        enforce(length <= static_cast<size_t>(output.size_), Exiv2::kerCorruptedMetadata);
-         uint32_t      count  = sizeof (Jp2BoxHeader);
-         char*         p      = (char*) boxBuf.pData_;
-         bool          bWroteColor = false ;
- 
-         while ( count < length || !bWroteColor ) {
-+            enforce(sizeof(Jp2BoxHeader) <= length - count, Exiv2::kerCorruptedMetadata);
-             Jp2BoxHeader* pSubBox = (Jp2BoxHeader*) (p+count) ;
- 
-             // copy data.  pointer could be into a memory mapped file which we will decode!
-- 
-2.25.1
diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29473.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29473.patch
deleted file mode 100644
index 4afedf8e59..0000000000
--- a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29473.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-From e6a0982f7cd9282052b6e3485a458d60629ffa0b Mon Sep 17 00:00:00 2001
-From: Kevin Backhouse <kevinbackhouse@github.com>
-Date: Fri, 23 Apr 2021 11:44:44 +0100
-Subject: [PATCH] Add bounds check in Jp2Image::doWriteMetadata().
---
- src/jp2image.cpp | 1 +
- 1 file changed, 1 insertion(+)
-diff --git a/src/jp2image.cpp b/src/jp2image.cpp
-index 1694fed27..ca8c9ddbb 100644
--- a/src/jp2image.cpp
-+++ b/src/jp2image.cpp
-@@ -908,6 +908,7 @@ static void boxes_check(size_t b,size_t m)
- 
-                 case kJp2BoxTypeUuid:
-                 {
-+                    enforce(boxBuf.size_ >= 24, Exiv2::kerCorruptedMetadata);
-                     if(memcmp(boxBuf.pData_ + 8, kJp2UuidExif, 16) == 0)
-                     {
- #ifdef EXIV2_DEBUG_MESSAGES
diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-3482.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-3482.patch
deleted file mode 100644
index e7c5e1b656..0000000000
--- a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-3482.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 22ea582c6b74ada30bec3a6b15de3c3e52f2b4da Mon Sep 17 00:00:00 2001
-From: Robin Mills <robin@clanmills.com>
-Date: Mon, 5 Apr 2021 20:33:25 +0100
-Subject: [PATCH] fix_1522_jp2image_exif_asan
---
- src/jp2image.cpp | 9 ++++++---
- 1 file changed, 6 insertions(+), 3 deletions(-)
-diff --git a/src/jp2image.cpp b/src/jp2image.cpp
-index eb31cea4a..88ab9b2d6 100644
--- a/src/jp2image.cpp
-+++ b/src/jp2image.cpp
-@@ -28,6 +28,7 @@
- #include "image.hpp"
- #include "image_int.hpp"
- #include "basicio.hpp"
-+#include "enforce.hpp"
- #include "error.hpp"
- #include "futils.hpp"
- #include "types.hpp"
-@@ -353,7 +354,7 @@ static void boxes_check(size_t b,size_t m)
-                             if (io_->error()) throw Error(kerFailedToReadImageData);
-                             if (bufRead != rawData.size_) throw Error(kerInputDataReadFailed);
- 
-                            if (rawData.size_ > 0)
-+                            if (rawData.size_ > 8) // "II*\0long"
-                             {
-                                 // Find the position of Exif header in bytes array.
-                                 long pos = (     (rawData.pData_[0]      == rawData.pData_[1])
-@@ -497,6 +498,7 @@ static void boxes_check(size_t b,size_t m)
-                 position   = io_->tell();
-                 box.length = getLong((byte*)&box.length, bigEndian);
-                 box.type = getLong((byte*)&box.type, bigEndian);
-+                enforce(box.length <= io_->size()-io_->tell() , Exiv2::kerCorruptedMetadata);
- 
-                 if (bPrint) {
-                     out << Internal::stringFormat("%8ld | %8ld | ", (size_t)(position - sizeof(box)),
-@@ -581,12 +583,13 @@ static void boxes_check(size_t b,size_t m)
-                                 throw Error(kerInputDataReadFailed);
- 
-                             if (bPrint) {
-                                out << Internal::binaryToString(makeSlice(rawData, 0, 40));
-+                                out << Internal::binaryToString(
-+                                        makeSlice(rawData, 0, rawData.size_>40?40:rawData.size_));
-                                 out.flush();
-                             }
-                             lf(out, bLF);
- 
-                            if (bIsExif && bRecursive && rawData.size_ > 0) {
-+                            if (bIsExif && bRecursive && rawData.size_ > 8) { // "II*\0long"
-                                 if ((rawData.pData_[0] == rawData.pData_[1]) &&
-                                     (rawData.pData_[0] == 'I' || rawData.pData_[0] == 'M')) {
-                                     BasicIo::AutoPtr p = BasicIo::AutoPtr(new MemIo(rawData.pData_, rawData.size_));
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
deleted file mode 100644
index 1380638ba7..0000000000
--- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
+++ /dev/null
@@ -1,30 +0,0 @@
-SUMMARY = "Exif, Iptc and XMP metadata manipulation library and tools"
-LICENSE = "GPL-2.0-only"
-LIC_FILES_CHKSUM = "file://COPYING;md5=625f055f41728f84a8d7938acc35bdc2"
-DEPENDS = "zlib expat"
-SRC_URI = "https://exiv2.org/releases/${BPN}-${PV}-Source.tar.gz"
-SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778"
-# Once patch is obsolete (project should be aware due to PRs), dos2unix can be removed either
-inherit dos2unix
-SRC_URI += "file://0001-Use-compiler-fcf-protection-only-if-compiler-arch-su.patch \
-            file://CVE-2021-29457.patch \
-            file://CVE-2021-29458.patch \
-            file://CVE-2021-29463.patch \
-            file://CVE-2021-29464.patch \
-            file://CVE-2021-29470.patch \
-            file://CVE-2021-29473.patch \
-            file://CVE-2021-3482.patch"
-S = "${WORKDIR}/${BPN}-${PV}-Source"
-inherit cmake gettext
-do_install:append:class-target() {
-    # reproducibility: remove build host path
-    sed -i ${D}${libdir}/cmake/exiv2/exiv2Config.cmake \
-        -e 's:${STAGING_DIR_HOST}::g'
-}
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.6.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.6.bb
new file mode 100644
index 0000000000..6ccd9fb266
--- /dev/null
+++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.6.bb
@@ -0,0 +1,19 @@
+SUMMARY = "Exif, Iptc and XMP metadata manipulation library and tools"
+LICENSE = "GPL-2.0-only"
+LIC_FILES_CHKSUM = "file://COPYING;md5=625f055f41728f84a8d7938acc35bdc2"
+DEPENDS = "zlib expat"
+SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source.tar.gz"
+SRC_URI[sha256sum] = "4c192483a1125dc59a3d70b30d30d32edace9e14adf52802d2f853abf72db8a6"
+# Once patch is obsolete (project should be aware due to PRs), dos2unix can be removed either
+# inherit dos2unix
+S = "${WORKDIR}/${BP}-Source"
+inherit cmake gettext
+do_install:append:class-target() {
+    # reproducibility: remove build host path
+    sed -i ${D}${libdir}/cmake/exiv2/exiv2Config.cmake \
+        -e 's:${STAGING_DIR_HOST}::g'
+}
author	Khem Raj <raj.khem@gmail.com>	2023-01-17 11:27:49 -0800
committer	Khem Raj <raj.khem@gmail.com>	2023-01-21 10:02:02 -0800
commit	00a7d4b284c1afccfa26021111384d2184b82e5b (patch)
tree	8e404792fa559cb721da872c0d193f09ac82eb21
parent	e4a2dfb8d9402e549762d87e7e2df6d586a4530e (diff)
download	meta-openembedded-00a7d4b284c1afccfa26021111384d2184b82e5b.tar.gz

diff --git a/meta-oe/recipes-support/exiv2/exiv2/0001-Use-compiler-fcf-protection-only-if-compiler-arch-su.patch b/meta-oe/recipes-support/exiv2/exiv2/0001-Use-compiler-fcf-protection-only-if-compiler-arch-su.patch deleted file mode 100644 index 96146a1957..0000000000 --- a/meta-oe/recipes-support/exiv2/exiv2/0001-Use-compiler-fcf-protection-only-if-compiler-arch-su.patch +++ /dev/null
@@ -1,40 +0,0 @@
1	From 04d5f4805a86302a0e135a28d58a6c1ff6a68d52 Mon Sep 17 00:00:00 2001
2	From: =?UTF-8?q?Andreas=20M=C3=BCller?= <schnitzeltony@gmail.com>
3	Date: Thu, 30 Jul 2020 23:03:51 +0200
4	Subject: [PATCH] Use compiler -fcf-protection only if compiler/arch supports
5	it
6	MIME-Version: 1.0
7	Content-Type: text/plain; charset=UTF-8
8	Content-Transfer-Encoding: 8bit
9
10	There have been some PRs they were either rejected or some general suggestion
11	for more flags suggested. So
12
13	Upstream-Status: Pending
14
15	Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
16	---
17	cmake/compilerFlags.cmake \| 7 ++++++-
18	1 file changed, 6 insertions(+), 1 deletion(-)
19
20	diff --git a/cmake/compilerFlags.cmake b/cmake/compilerFlags.cmake
21	index 12caf42..455525e 100644
22	--- a/cmake/compilerFlags.cmake
23	+++ b/cmake/compilerFlags.cmake
24	@@ -26,7 +26,12 @@ if ( MINGW OR UNIX OR MSYS ) # MINGW, Linux, APPLE, CYGWIN
25	# This fails under Fedora, MinGW GCC 8.3.0 and CYGWIN/MSYS 9.3.0
26	if (NOT (MINGW OR CMAKE_HOST_SOLARIS OR CYGWIN OR MSYS) )
27	if (COMPILER_IS_GCC AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER_EQUAL 8.0)
28	- add_compile_options(-fstack-clash-protection -fcf-protection)
29	+ # Gcc does support -fcf-protection on few arches only
30	+ CHECK_CXX_COMPILER_FLAG(-fcf-protection COMPILER_SUPPORTS_FCF_PROTECTION)
31	+ if (COMPILER_SUPPORTS_FCF_PROTECTION)
32	+ add_compile_options(-fcf-protection)
33	+ endif()
34	+ add_compile_options(-fstack-clash-protection)
35	endif()
36
37	if( (COMPILER_IS_GCC AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER_EQUAL 5.0) # Not in GCC 4.8
38	--
39	2.21.3
40


diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29457.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29457.patch deleted file mode 100644 index e5d069487c..0000000000 --- a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29457.patch +++ /dev/null
@@ -1,26 +0,0 @@
1	From 13e5a3e02339b746abcaee6408893ca2fd8e289d Mon Sep 17 00:00:00 2001
2	From: Pydera <pydera@mailbox.org>
3	Date: Thu, 8 Apr 2021 17:36:16 +0200
4	Subject: [PATCH] Fix out of buffer access in #1529
5
6	---
7	src/jp2image.cpp \| 5 +++--
8	1 file changed, 3 insertions(+), 2 deletions(-)
9
10	diff --git a/src/jp2image.cpp b/src/jp2image.cpp
11	index 88ab9b2d6..12025f966 100644
12	--- a/src/jp2image.cpp
13	+++ b/src/jp2image.cpp
14	@@ -776,9 +776,10 @@ static void boxes_check(size_t b,size_t m)
15	#endif
16	box.length = (uint32_t) (io_->size() - io_->tell() + 8);
17	}
18	- if (box.length == 1)
19	+ if (box.length < 8)
20	{
21	- // FIXME. Special case. the real box size is given in another place.
22	+ // box is broken, so there is nothing we can do here
23	+ throw Error(kerCorruptedMetadata);
24	}
25
26	// Read whole box : Box header + Box data (not fixed size - can be null).


diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29458.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29458.patch deleted file mode 100644 index 285f6fe4ce..0000000000 --- a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29458.patch +++ /dev/null
@@ -1,37 +0,0 @@
1	From 9b7a19f957af53304655ed1efe32253a1b11a8d0 Mon Sep 17 00:00:00 2001
2	From: Kevin Backhouse <kevinbackhouse@github.com>
3	Date: Fri, 9 Apr 2021 13:37:48 +0100
4	Subject: [PATCH] Fix integer overflow.
5	---
6	src/crwimage_int.cpp \| 8 ++++++--
7	1 file changed, 6 insertions(+), 2 deletions(-)
8
9	diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
10	index aefaf22..2e3e507 100644
11	--- a/src/crwimage_int.cpp
12	+++ b/src/crwimage_int.cpp
13	@@ -559,7 +559,7 @@ namespace Exiv2 {
14	void CiffComponent::setValue(DataBuf buf)
15	{
16	if (isAllocated_) {
17	- delete pData_;
18	+ delete[] pData_;
19	pData_ = 0;
20	size_ = 0;
21	}
22	@@ -1167,7 +1167,11 @@ namespace Exiv2 {
23	pCrwMapping->crwDir_);
24	if (edX != edEnd \|\| edY != edEnd \|\| edO != edEnd) {
25	uint32_t size = 28;
26	- if (cc && cc->size() > size) size = cc->size();
27	+ if (cc) {
28	+ if (cc->size() < size)
29	+ throw Error(kerCorruptedMetadata);
30	+ size = cc->size();
31	+ }
32	DataBuf buf(size);
33	std::memset(buf.pData_, 0x0, buf.size_);
34	if (cc) std::memcpy(buf.pData_ + 8, cc->pData() + 8, cc->size() - 8);
35	--
36	2.25.1
37


diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29463.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29463.patch deleted file mode 100644 index 5ab64a7d3e..0000000000 --- a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29463.patch +++ /dev/null
@@ -1,120 +0,0 @@
1	From 783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b Mon Sep 17 00:00:00 2001
2	From: Kevin Backhouse <kevinbackhouse@github.com>
3	Date: Mon, 19 Apr 2021 18:06:00 +0100
4	Subject: [PATCH] Improve bound checking in WebPImage::doWriteMetadata()
5
6	---
7	src/webpimage.cpp \| 41 ++++++++++++++++++++++++++++++-----------
8	1 file changed, 30 insertions(+), 11 deletions(-)
9
10	diff --git a/src/webpimage.cpp b/src/webpimage.cpp
11	index 4ddec544c..fee110bca 100644
12	--- a/src/webpimage.cpp
13	+++ b/src/webpimage.cpp
14	@@ -145,7 +145,7 @@ namespace Exiv2 {
15	DataBuf chunkId(WEBP_TAG_SIZE+1);
16	chunkId.pData_ [WEBP_TAG_SIZE] = '\0';
17
18	- io_->read(data, WEBP_TAG_SIZE * 3);
19	+ readOrThrow(io_, data, WEBP_TAG_SIZE 3, Exiv2::kerCorruptedMetadata);
20	uint64_t filesize = Exiv2::getULong(data + WEBP_TAG_SIZE, littleEndian);
21
22	/* Set up header */
23	@@ -185,13 +185,20 @@ namespace Exiv2 {
24	case we have any exif or xmp data, also check
25	for any chunks with alpha frame/layer set */
26	while ( !io_->eof() && (uint64_t) io_->tell() < filesize) {
27	- io_->read(chunkId.pData_, WEBP_TAG_SIZE);
28	- io_->read(size_buff, WEBP_TAG_SIZE);
29	- long size = Exiv2::getULong(size_buff, littleEndian);
30	+ readOrThrow(*io_, chunkId.pData_, WEBP_TAG_SIZE, Exiv2::kerCorruptedMetadata);
31	+ readOrThrow(*io_, size_buff, WEBP_TAG_SIZE, Exiv2::kerCorruptedMetadata);
32	+ const uint32_t size_u32 = Exiv2::getULong(size_buff, littleEndian);
33	+
34	+ // Check that `size_u32` is safe to cast to `long`.
35	+ enforce(size_u32 <= static_cast<size_t>(std::numeric_limits<unsigned int>::max()),
36	+ Exiv2::kerCorruptedMetadata);
37	+ const long size = static_cast<long>(size_u32);
38	DataBuf payload(size);
39	- io_->read(payload.pData_, payload.size_);
40	- byte c;
41	- if ( payload.size_ % 2 ) io_->read(&c,1);
42	+ readOrThrow(*io_, payload.pData_, payload.size_, Exiv2::kerCorruptedMetadata);
43	+ if ( payload.size_ % 2 ) {
44	+ byte c;
45	+ readOrThrow(*io_, &c, 1, Exiv2::kerCorruptedMetadata);
46	+ }
47
48	/* Chunk with information about features
49	used in the file. */
50	@@ -199,6 +206,7 @@ namespace Exiv2 {
51	has_vp8x = true;
52	}
53	if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8X) && !has_size) {
54	+ enforce(size >= 10, Exiv2::kerCorruptedMetadata);
55	has_size = true;
56	byte size_buf[WEBP_TAG_SIZE];
57
58	@@ -227,6 +235,7 @@ namespace Exiv2 {
59	}
60	#endif
61	if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8) && !has_size) {
62	+ enforce(size >= 10, Exiv2::kerCorruptedMetadata);
63	has_size = true;
64	byte size_buf[2];
65
66	@@ -244,11 +253,13 @@ namespace Exiv2 {
67
68	/* Chunk with with lossless image data. */
69	if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8L) && !has_alpha) {
70	+ enforce(size >= 5, Exiv2::kerCorruptedMetadata);
71	if ((payload.pData_[4] & WEBP_VP8X_ALPHA_BIT) == WEBP_VP8X_ALPHA_BIT) {
72	has_alpha = true;
73	}
74	}
75	if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8L) && !has_size) {
76	+ enforce(size >= 5, Exiv2::kerCorruptedMetadata);
77	has_size = true;
78	byte size_buf_w[2];
79	byte size_buf_h[3];
80	@@ -276,11 +287,13 @@ namespace Exiv2 {
81
82	/* Chunk with animation frame. */
83	if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_ANMF) && !has_alpha) {
84	+ enforce(size >= 6, Exiv2::kerCorruptedMetadata);
85	if ((payload.pData_[5] & 0x2) == 0x2) {
86	has_alpha = true;
87	}
88	}
89	if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_ANMF) && !has_size) {
90	+ enforce(size >= 12, Exiv2::kerCorruptedMetadata);
91	has_size = true;
92	byte size_buf[WEBP_TAG_SIZE];
93
94	@@ -309,16 +322,22 @@ namespace Exiv2 {
95
96	io_->seek(12, BasicIo::beg);
97	while ( !io_->eof() && (uint64_t) io_->tell() < filesize) {
98	- io_->read(chunkId.pData_, 4);
99	- io_->read(size_buff, 4);
100	+ readOrThrow(*io_, chunkId.pData_, 4, Exiv2::kerCorruptedMetadata);
101	+ readOrThrow(*io_, size_buff, 4, Exiv2::kerCorruptedMetadata);
102	+
103	+ const uint32_t size_u32 = Exiv2::getULong(size_buff, littleEndian);
104
105	- long size = Exiv2::getULong(size_buff, littleEndian);
106	+ // Check that `size_u32` is safe to cast to `long`.
107	+ enforce(size_u32 <= static_cast<size_t>(std::numeric_limits<unsigned int>::max()),
108	+ Exiv2::kerCorruptedMetadata);
109	+ const long size = static_cast<long>(size_u32);
110
111	DataBuf payload(size);
112	- io_->read(payload.pData_, size);
113	+ readOrThrow(*io_, payload.pData_, size, Exiv2::kerCorruptedMetadata);
114	if ( io_->tell() % 2 ) io_->seek(+1,BasicIo::cur); // skip pad
115
116	if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8X)) {
117	+ enforce(size >= 1, Exiv2::kerCorruptedMetadata);
118	if (has_icc){
119	payload.pData_[0] \|= WEBP_VP8X_ICC_BIT;
120	} else {


diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29464.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29464.patch deleted file mode 100644 index f0c482450c..0000000000 --- a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29464.patch +++ /dev/null
@@ -1,72 +0,0 @@
1	From 61734d8842cb9cc59437463e3bac54d6231d9487 Mon Sep 17 00:00:00 2001
2	From: Wang Mingyu <wangmy@fujitsu.com>
3	Date: Tue, 18 May 2021 10:52:54 +0900
4	Subject: [PATCH] modify
5
6	Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
7	---
8	src/jp2image.cpp \| 14 +++++++++-----
9	1 file changed, 9 insertions(+), 5 deletions(-)
10
11	diff --git a/src/jp2image.cpp b/src/jp2image.cpp
12	index 52723a4..0ac4f50 100644
13	--- a/src/jp2image.cpp
14	+++ b/src/jp2image.cpp
15	@@ -643,11 +643,11 @@ static void boxes_check(size_t b,size_t m)
16	void Jp2Image::encodeJp2Header(const DataBuf& boxBuf,DataBuf& outBuf)
17	{
18	DataBuf output(boxBuf.size_ + iccProfile_.size_ + 100); // allocate sufficient space
19	- int outlen = sizeof(Jp2BoxHeader) ; // now many bytes have we written to output?
20	- int inlen = sizeof(Jp2BoxHeader) ; // how many bytes have we read from boxBuf?
21	+ long outlen = sizeof(Jp2BoxHeader) ; // now many bytes have we written to output?
22	+ long inlen = sizeof(Jp2BoxHeader) ; // how many bytes have we read from boxBuf?
23	Jp2BoxHeader* pBox = (Jp2BoxHeader*) boxBuf.pData_;
24	- int32_t length = getLong((byte*)&pBox->length, bigEndian);
25	- int32_t count = sizeof (Jp2BoxHeader);
26	+ uint32_t length = getLong((byte*)&pBox->length, bigEndian);
27	+ uint32_t count = sizeof (Jp2BoxHeader);
28	char* p = (char*) boxBuf.pData_;
29	bool bWroteColor = false ;
30
31	@@ -664,6 +664,7 @@ static void boxes_check(size_t b,size_t m)
32	#ifdef EXIV2_DEBUG_MESSAGES
33	std::cout << "Jp2Image::encodeJp2Header subbox: "<< toAscii(subBox.type) << " length = " << subBox.length << std::endl;
34	#endif
35	+ enforce(subBox.length <= length - count, Exiv2::kerCorruptedMetadata);
36	count += subBox.length;
37	newBox.type = subBox.type;
38	} else {
39	@@ -672,12 +673,13 @@ static void boxes_check(size_t b,size_t m)
40	count = length;
41	}
42
43	- int32_t newlen = subBox.length;
44	+ uint32_t newlen = subBox.length;
45	if ( newBox.type == kJp2BoxTypeColorHeader ) {
46	bWroteColor = true ;
47	if ( ! iccProfileDefined() ) {
48	const char* pad = "\x01\x00\x00\x00\x00\x00\x10\x00\x00\x05\x1cuuid";
49	uint32_t psize = 15;
50	+ enforce(newlen <= output.size_ - outlen, Exiv2::kerCorruptedMetadata);
51	ul2Data((byte*)&newBox.length,psize ,bigEndian);
52	ul2Data((byte*)&newBox.type ,newBox.type,bigEndian);
53	::memcpy(output.pData_+outlen ,&newBox ,sizeof(newBox));
54	@@ -686,6 +688,7 @@ static void boxes_check(size_t b,size_t m)
55	} else {
56	const char* pad = "\0x02\x00\x00";
57	uint32_t psize = 3;
58	+ enforce(newlen <= output.size_ - outlen, Exiv2::kerCorruptedMetadata);
59	ul2Data((byte*)&newBox.length,psize+iccProfile_.size_,bigEndian);
60	ul2Data((byte*)&newBox.type,newBox.type,bigEndian);
61	::memcpy(output.pData_+outlen ,&newBox ,sizeof(newBox) );
62	@@ -694,6 +697,7 @@ static void boxes_check(size_t b,size_t m)
63	newlen = psize + iccProfile_.size_;
64	}
65	} else {
66	+ enforce(newlen <= output.size_ - outlen, Exiv2::kerCorruptedMetadata);
67	::memcpy(output.pData_+outlen,boxBuf.pData_+inlen,subBox.length);
68	}
69
70	--
71	2.25.1
72


diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29470.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29470.patch deleted file mode 100644 index eedf9d79aa..0000000000 --- a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29470.patch +++ /dev/null
@@ -1,32 +0,0 @@
1	From 6628a69c036df2aa036290e6cd71767c159c79ed Mon Sep 17 00:00:00 2001
2	From: Kevin Backhouse <kevinbackhouse@github.com>
3	Date: Wed, 21 Apr 2021 12:06:04 +0100
4	Subject: [PATCH] Add more bounds checks in Jp2Image::encodeJp2Header
5	---
6	src/jp2image.cpp \| 3 +++
7	1 file changed, 3 insertions(+)
8
9	diff --git a/src/jp2image.cpp b/src/jp2image.cpp
10	index b424225..349a9f0 100644
11	--- a/src/jp2image.cpp
12	+++ b/src/jp2image.cpp
13	@@ -645,13 +645,16 @@ static void boxes_check(size_t b,size_t m)
14	DataBuf output(boxBuf.size_ + iccProfile_.size_ + 100); // allocate sufficient space
15	long outlen = sizeof(Jp2BoxHeader) ; // now many bytes have we written to output?
16	long inlen = sizeof(Jp2BoxHeader) ; // how many bytes have we read from boxBuf?
17	+ enforce(sizeof(Jp2BoxHeader) <= static_cast<size_t>(output.size_), Exiv2::kerCorruptedMetadata);
18	Jp2BoxHeader* pBox = (Jp2BoxHeader*) boxBuf.pData_;
19	uint32_t length = getLong((byte*)&pBox->length, bigEndian);
20	+ enforce(length <= static_cast<size_t>(output.size_), Exiv2::kerCorruptedMetadata);
21	uint32_t count = sizeof (Jp2BoxHeader);
22	char* p = (char*) boxBuf.pData_;
23	bool bWroteColor = false ;
24
25	while ( count < length \|\| !bWroteColor ) {
26	+ enforce(sizeof(Jp2BoxHeader) <= length - count, Exiv2::kerCorruptedMetadata);
27	Jp2BoxHeader* pSubBox = (Jp2BoxHeader*) (p+count) ;
28
29	// copy data. pointer could be into a memory mapped file which we will decode!
30	--
31	2.25.1
32


diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29473.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29473.patch deleted file mode 100644 index 4afedf8e59..0000000000 --- a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29473.patch +++ /dev/null
@@ -1,21 +0,0 @@
1	From e6a0982f7cd9282052b6e3485a458d60629ffa0b Mon Sep 17 00:00:00 2001
2	From: Kevin Backhouse <kevinbackhouse@github.com>
3	Date: Fri, 23 Apr 2021 11:44:44 +0100
4	Subject: [PATCH] Add bounds check in Jp2Image::doWriteMetadata().
5
6	---
7	src/jp2image.cpp \| 1 +
8	1 file changed, 1 insertion(+)
9
10	diff --git a/src/jp2image.cpp b/src/jp2image.cpp
11	index 1694fed27..ca8c9ddbb 100644
12	--- a/src/jp2image.cpp
13	+++ b/src/jp2image.cpp
14	@@ -908,6 +908,7 @@ static void boxes_check(size_t b,size_t m)
15
16	case kJp2BoxTypeUuid:
17	{
18	+ enforce(boxBuf.size_ >= 24, Exiv2::kerCorruptedMetadata);
19	if(memcmp(boxBuf.pData_ + 8, kJp2UuidExif, 16) == 0)
20	{
21	#ifdef EXIV2_DEBUG_MESSAGES


diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-3482.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-3482.patch deleted file mode 100644 index e7c5e1b656..0000000000 --- a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-3482.patch +++ /dev/null
@@ -1,54 +0,0 @@
1	From 22ea582c6b74ada30bec3a6b15de3c3e52f2b4da Mon Sep 17 00:00:00 2001
2	From: Robin Mills <robin@clanmills.com>
3	Date: Mon, 5 Apr 2021 20:33:25 +0100
4	Subject: [PATCH] fix_1522_jp2image_exif_asan
5
6	---
7	src/jp2image.cpp \| 9 ++++++---
8	1 file changed, 6 insertions(+), 3 deletions(-)
9
10	diff --git a/src/jp2image.cpp b/src/jp2image.cpp
11	index eb31cea4a..88ab9b2d6 100644
12	--- a/src/jp2image.cpp
13	+++ b/src/jp2image.cpp
14	@@ -28,6 +28,7 @@
15	#include "image.hpp"
16	#include "image_int.hpp"
17	#include "basicio.hpp"
18	+#include "enforce.hpp"
19	#include "error.hpp"
20	#include "futils.hpp"
21	#include "types.hpp"
22	@@ -353,7 +354,7 @@ static void boxes_check(size_t b,size_t m)
23	if (io_->error()) throw Error(kerFailedToReadImageData);
24	if (bufRead != rawData.size_) throw Error(kerInputDataReadFailed);
25
26	- if (rawData.size_ > 0)
27	+ if (rawData.size_ > 8) // "II*\0long"
28	{
29	// Find the position of Exif header in bytes array.
30	long pos = ( (rawData.pData_[0] == rawData.pData_[1])
31	@@ -497,6 +498,7 @@ static void boxes_check(size_t b,size_t m)
32	position = io_->tell();
33	box.length = getLong((byte*)&box.length, bigEndian);
34	box.type = getLong((byte*)&box.type, bigEndian);
35	+ enforce(box.length <= io_->size()-io_->tell() , Exiv2::kerCorruptedMetadata);
36
37	if (bPrint) {
38	out << Internal::stringFormat("%8ld \| %8ld \| ", (size_t)(position - sizeof(box)),
39	@@ -581,12 +583,13 @@ static void boxes_check(size_t b,size_t m)
40	throw Error(kerInputDataReadFailed);
41
42	if (bPrint) {
43	- out << Internal::binaryToString(makeSlice(rawData, 0, 40));
44	+ out << Internal::binaryToString(
45	+ makeSlice(rawData, 0, rawData.size_>40?40:rawData.size_));
46	out.flush();
47	}
48	lf(out, bLF);
49
50	- if (bIsExif && bRecursive && rawData.size_ > 0) {
51	+ if (bIsExif && bRecursive && rawData.size_ > 8) { // "II*\0long"
52	if ((rawData.pData_[0] == rawData.pData_[1]) &&
53	(rawData.pData_[0] == 'I' \|\| rawData.pData_[0] == 'M')) {
54	BasicIo::AutoPtr p = BasicIo::AutoPtr(new MemIo(rawData.pData_, rawData.size_));


diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb deleted file mode 100644 index 1380638ba7..0000000000 --- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb +++ /dev/null
@@ -1,30 +0,0 @@
1	SUMMARY = "Exif, Iptc and XMP metadata manipulation library and tools"
2	LICENSE = "GPL-2.0-only"
3	LIC_FILES_CHKSUM = "file://COPYING;md5=625f055f41728f84a8d7938acc35bdc2"
4
5	DEPENDS = "zlib expat"
6
7	SRC_URI = "https://exiv2.org/releases/${BPN}-${PV}-Source.tar.gz"
8	SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778"
9
10	# Once patch is obsolete (project should be aware due to PRs), dos2unix can be removed either
11	inherit dos2unix
12	SRC_URI += "file://0001-Use-compiler-fcf-protection-only-if-compiler-arch-su.patch \
13	file://CVE-2021-29457.patch \
14	file://CVE-2021-29458.patch \
15	file://CVE-2021-29463.patch \
16	file://CVE-2021-29464.patch \
17	file://CVE-2021-29470.patch \
18	file://CVE-2021-29473.patch \
19	file://CVE-2021-3482.patch"
20
21	S = "${WORKDIR}/${BPN}-${PV}-Source"
22
23	inherit cmake gettext
24
25	do_install:append:class-target() {
26	# reproducibility: remove build host path
27	sed -i ${D}${libdir}/cmake/exiv2/exiv2Config.cmake \
28	-e 's:${STAGING_DIR_HOST}::g'
29	}
30


diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.6.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.6.bb new file mode 100644 index 0000000000..6ccd9fb266 --- /dev/null +++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.6.bb
@@ -0,0 +1,19 @@
		1	SUMMARY = "Exif, Iptc and XMP metadata manipulation library and tools"
		2	LICENSE = "GPL-2.0-only"
		3	LIC_FILES_CHKSUM = "file://COPYING;md5=625f055f41728f84a8d7938acc35bdc2"
		4
		5	DEPENDS = "zlib expat"
		6
		7	SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source.tar.gz"
		8	SRC_URI[sha256sum] = "4c192483a1125dc59a3d70b30d30d32edace9e14adf52802d2f853abf72db8a6"
		9	# Once patch is obsolete (project should be aware due to PRs), dos2unix can be removed either
		10	# inherit dos2unix
		11	S = "${WORKDIR}/${BP}-Source"
		12
		13	inherit cmake gettext
		14
		15	do_install:append:class-target() {
		16	# reproducibility: remove build host path
		17	sed -i ${D}${libdir}/cmake/exiv2/exiv2Config.cmake \
		18	-e 's:${STAGING_DIR_HOST}::g'
		19	}