exiv2: patch CVE-2021-32815

Details: https://nvd.nist.gov/vuln/detail/CVE-2021-32815 Pick the patch from the PR mentioned in he nvd report. This patch is a combination of 3 commits, which are so small, that it is still very readable in this form also. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
author: Gyorgy Sarvari <skandigraun@gmail.com> 2025-11-22 20:31:26 +0100
committer: Gyorgy Sarvari <skandigraun@gmail.com> 2025-11-30 15:13:57 +0100
commit: 0f89f581111598b4adefa249ceac11efe68e034b (patch)
tree: 44c7b8838e613624c2620cff885682011d21d36f
parent: 19fb28a912850f517f83b72690abfcbb19ff49c7 (diff)
download: meta-openembedded-0f89f581111598b4adefa249ceac11efe68e034b.tar.gz
2 files changed, 37 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-32815.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-32815.patch
new file mode 100644
index 0000000000..238e1cfb84
--- /dev/null
+++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-32815.patch
@@ -0,0 +1,36 @@
+From 14fc89433d22f56fa3ec973d802e9316a268deab Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Wed, 23 Jun 2021 22:39:31 +0100
+Subject: [PATCH] Don't crash if s > size.
+CVE: CVE-2021-32815
+Upstream-Status: Backport [https://github.com/Exiv2/exiv2/pull/1739/commits/0c17eb33c0a7fad1796ce23b8bbc32067f511aed
+https://github.com/Exiv2/exiv2/pull/1739/commits/04466168b87dedff4ec09c09e9c23f2334ba1734
+https://github.com/Exiv2/exiv2/pull/1739/commits/c79d83f25fdd09218697d482211a61db87ce5333]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/crwimage_int.cpp | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
+index 2e3e507..0232867 100644
+--- a/src/crwimage_int.cpp
+++ b/src/crwimage_int.cpp
+@@ -1226,9 +1226,12 @@ namespace Exiv2 {
+         for (ExifData::const_iterator i = b; i != e; ++i) {
+             if (i->ifdId() != ifdId) continue;
+             const uint16_t s = i->tag()*2 + static_cast<uint16_t>(i->size());
+-            assert(s <= size);
+-            if (len < s) len = s;
+-            i->copy(buf.pData_ + i->tag()*2, byteOrder);
+            if (s <= size) {
+                if (len < s) len = s;
+                i->copy(buf.pData_ + i->tag()*2, byteOrder);
+            } else {
+                EXV_ERROR << "packIfdId out-of-bounds error: s = " << std::dec << s << "\n";
+            }
+         }
+         // Round the size to make it even.
+         buf.size_ = len + len%2;
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
index 389d8da921..2807cb8948 100644
--- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
+++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
@@ -15,6 +15,7 @@ SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source
           file://CVE-2021-3482.patch \
           file://CVE-2021-29623.patch \
           file://CVE-2021-32617.patch \
+           file://CVE-2021-32815.patch \
           "
 SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778"
author	Gyorgy Sarvari <skandigraun@gmail.com>	2025-11-22 20:31:26 +0100
committer	Gyorgy Sarvari <skandigraun@gmail.com>	2025-11-30 15:13:57 +0100
commit	0f89f581111598b4adefa249ceac11efe68e034b (patch)
tree	44c7b8838e613624c2620cff885682011d21d36f
parent	19fb28a912850f517f83b72690abfcbb19ff49c7 (diff)
download	meta-openembedded-0f89f581111598b4adefa249ceac11efe68e034b.tar.gz

diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-32815.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-32815.patch new file mode 100644 index 0000000000..238e1cfb84 --- /dev/null +++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-32815.patch
@@ -0,0 +1,36 @@
		1	From 14fc89433d22f56fa3ec973d802e9316a268deab Mon Sep 17 00:00:00 2001
		2	From: Kevin Backhouse <kevinbackhouse@github.com>
		3	Date: Wed, 23 Jun 2021 22:39:31 +0100
		4	Subject: [PATCH] Don't crash if s > size.
		5
		6	CVE: CVE-2021-32815
		7
		8	Upstream-Status: Backport [https://github.com/Exiv2/exiv2/pull/1739/commits/0c17eb33c0a7fad1796ce23b8bbc32067f511aed
		9	https://github.com/Exiv2/exiv2/pull/1739/commits/04466168b87dedff4ec09c09e9c23f2334ba1734
		10	https://github.com/Exiv2/exiv2/pull/1739/commits/c79d83f25fdd09218697d482211a61db87ce5333]
		11
		12	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		13	---
		14	src/crwimage_int.cpp \| 9 ++++++---
		15	1 file changed, 6 insertions(+), 3 deletions(-)
		16
		17	diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
		18	index 2e3e507..0232867 100644
		19	--- a/src/crwimage_int.cpp
		20	+++ b/src/crwimage_int.cpp
		21	@@ -1226,9 +1226,12 @@ namespace Exiv2 {
		22	for (ExifData::const_iterator i = b; i != e; ++i) {
		23	if (i->ifdId() != ifdId) continue;
		24	const uint16_t s = i->tag()*2 + static_cast<uint16_t>(i->size());
		25	- assert(s <= size);
		26	- if (len < s) len = s;
		27	- i->copy(buf.pData_ + i->tag()*2, byteOrder);
		28	+ if (s <= size) {
		29	+ if (len < s) len = s;
		30	+ i->copy(buf.pData_ + i->tag()*2, byteOrder);
		31	+ } else {
		32	+ EXV_ERROR << "packIfdId out-of-bounds error: s = " << std::dec << s << "\n";
		33	+ }
		34	}
		35	// Round the size to make it even.
		36	buf.size_ = len + len%2;


diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb index 389d8da921..2807cb8948 100644 --- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb +++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
@@ -15,6 +15,7 @@ SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source
15	file://CVE-2021-3482.patch \	15	file://CVE-2021-3482.patch \
16	file://CVE-2021-29623.patch \	16	file://CVE-2021-29623.patch \
17	file://CVE-2021-32617.patch \	17	file://CVE-2021-32617.patch \
		18	file://CVE-2021-32815.patch \
18	"	19	"
19	SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778"	20	SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778"
20		21