new file mode 100644
@@ -0,0 +1,43 @@
+From bde41fcab99f5def735bc4b0b8515f211eda98c0 Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Tue, 29 Jun 2021 23:32:59 +0100
+Subject: [PATCH] Prevent divide-by-zero crash.
+
+CVE: CVE-2021-34335
+Upstream-Status: Backport [https://github.com/Exiv2/exiv2/pull/1750/commits/f2d6d24ed74b2c5dbbbdc25bafd42ce9357978f8]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/minoltamn_int.cpp | 16 ++++++++++------
+ 1 file changed, 10 insertions(+), 6 deletions(-)
+
+diff --git a/src/minoltamn_int.cpp b/src/minoltamn_int.cpp
+index f5c0b41..77521fc 100644
+--- a/src/minoltamn_int.cpp
++++ b/src/minoltamn_int.cpp
+@@ -2179,16 +2179,20 @@ namespace Exiv2 {
+
+ if ( model == "ILCE-6000" && maxAperture == F1_8 ) try {
+ long focalLength = getKeyLong ("Exif.Photo.FocalLength" ,metadata);
+- long focalL35mm = getKeyLong ("Exif.Photo.FocalLengthIn35mmFilm",metadata);
+- long focalRatio = (focalL35mm*100)/focalLength;
+- if ( inRange(focalRatio,145,155) ) index = 2 ;
++ if (focalLength > 0) {
++ long focalL35mm = getKeyLong ("Exif.Photo.FocalLengthIn35mmFilm",metadata);
++ long focalRatio = (focalL35mm*100)/focalLength;
++ if ( inRange(focalRatio,145,155) ) index = 2 ;
++ }
+ } catch (...) {}
+
+ if ( model == "ILCE-6000" && maxApertures.find(maxAperture) != maxApertures.end() ) try {
+ long focalLength = getKeyLong ("Exif.Photo.FocalLength" ,metadata);
+- long focalL35mm = getKeyLong ("Exif.Photo.FocalLengthIn35mmFilm",metadata);
+- long focalRatio = (focalL35mm*100)/focalLength;
+- if ( inRange(focalRatio,145,155) ) index = 3 ;
++ if (focalLength > 0) {
++ long focalL35mm = getKeyLong ("Exif.Photo.FocalLengthIn35mmFilm",metadata);
++ long focalRatio = (focalL35mm*100)/focalLength;
++ if ( inRange(focalRatio,145,155) ) index = 3 ;
++ }
+ } catch (...) {}
+
+ if ( index > 0 ) {
new file mode 100644
@@ -0,0 +1,57 @@
+From fb3bfc509905b20cbde061ff3ec8be9d8a04e7c3 Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Wed, 30 Jun 2021 11:57:46 +0100
+Subject: [PATCH] Defensive coding to avoid 0x80000000/0xFFFFFFFF FPE.
+
+CVE: CVE-2021-34335
+Upstream-Status: Backport [https://github.com/Exiv2/exiv2/pull/1750/commits/2d8d44e47b1500030e5b249bffbaf1e80aa74815]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ include/exiv2/value.hpp | 6 +++---
+ src/tags_int.cpp | 2 +-
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/include/exiv2/value.hpp b/include/exiv2/value.hpp
+index 7ca57f3..f726f8c 100644
+--- a/include/exiv2/value.hpp
++++ b/include/exiv2/value.hpp
+@@ -1569,7 +1569,7 @@ namespace Exiv2 {
+ {
+ value_.clear();
+ long ts = TypeInfo::typeSize(typeId());
+- if (ts != 0)
++ if (ts > 0)
+ if (len % ts != 0) len = (len / ts) * ts;
+ for (long i = 0; i < len; i += ts) {
+ value_.push_back(getValue<T>(buf + i, byteOrder));
+@@ -1653,7 +1653,7 @@ namespace Exiv2 {
+ template<>
+ inline long ValueType<Rational>::toLong(long n) const
+ {
+- ok_ = (value_[n].second != 0 && INT_MIN < value_[n].first && value_[n].first < INT_MAX );
++ ok_ = (value_[n].second > 0 && INT_MIN < value_[n].first && value_[n].first < INT_MAX );
+ if (!ok_) return 0;
+ return value_[n].first / value_[n].second;
+ }
+@@ -1661,7 +1661,7 @@ namespace Exiv2 {
+ template<>
+ inline long ValueType<URational>::toLong(long n) const
+ {
+- ok_ = (value_[n].second != 0 && value_[n].first < LARGE_INT);
++ ok_ = (value_[n].second > 0 && value_[n].first < LARGE_INT);
+ if (!ok_) return 0;
+ return value_[n].first / value_[n].second;
+ }
+diff --git a/src/tags_int.cpp b/src/tags_int.cpp
+index 6f76a87..df05522 100644
+--- a/src/tags_int.cpp
++++ b/src/tags_int.cpp
+@@ -2228,7 +2228,7 @@ namespace Exiv2 {
+ std::ostream& printLong(std::ostream& os, const Value& value, const ExifData*)
+ {
+ Rational r = value.toRational();
+- if (r.second != 0) return os << static_cast<long>(r.first) / r.second;
++ if (r.second > 0) return os << static_cast<long>(r.first) / r.second;
+ return os << "(" << value << ")";
+ } // printLong
+
@@ -20,6 +20,8 @@ SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source
file://CVE-2021-34334-2.patch \
file://CVE-2021-34334-3.patch \
file://CVE-2021-34334-4.patch \
+ file://CVE-2021-34335-1.patch \
+ file://CVE-2021-34335-2.patch \
"
SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778"
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-34335 Pick the patches from the PR mentioned in the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- .../exiv2/exiv2/CVE-2021-34335-1.patch | 43 ++++++++++++++ .../exiv2/exiv2/CVE-2021-34335-2.patch | 57 +++++++++++++++++++ meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb | 2 + 3 files changed, 102 insertions(+) create mode 100644 meta-oe/recipes-support/exiv2/exiv2/CVE-2021-34335-1.patch create mode 100644 meta-oe/recipes-support/exiv2/exiv2/CVE-2021-34335-2.patch