Details: https://nvd.nist.gov/vuln/detail/CVE-2021-34335
Pick the patches from the PR mentioned in the nvd report. Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../exiv2/exiv2/CVE-2021-34335-1.patch | 43 ++++++++++++++ .../exiv2/exiv2/CVE-2021-34335-2.patch | 57 +++++++++++++++++++ meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb | 2 + 3 files changed, 102 insertions(+) create mode 100644 meta-oe/recipes-support/exiv2/exiv2/CVE-2021-34335-1.patch create mode 100644 meta-oe/recipes-support/exiv2/exiv2/CVE-2021-34335-2.patch diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-34335-1.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-34335-1.patch new file mode 100644 index 0000000000..055a7c5db0 --- /dev/null +++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-34335-1.patch @@ -0,0 +1,43 @@ +From bde41fcab99f5def735bc4b0b8515f211eda98c0 Mon Sep 17 00:00:00 2001 +From: Kevin Backhouse <[email protected]> +Date: Tue, 29 Jun 2021 23:32:59 +0100 +Subject: [PATCH] Prevent divide-by-zero crash. + +CVE: CVE-2021-34335 +Upstream-Status: Backport [https://github.com/Exiv2/exiv2/pull/1750/commits/f2d6d24ed74b2c5dbbbdc25bafd42ce9357978f8] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + src/minoltamn_int.cpp | 16 ++++++++++------ + 1 file changed, 10 insertions(+), 6 deletions(-) + +diff --git a/src/minoltamn_int.cpp b/src/minoltamn_int.cpp +index f5c0b41..77521fc 100644 +--- a/src/minoltamn_int.cpp ++++ b/src/minoltamn_int.cpp +@@ -2179,16 +2179,20 @@ namespace Exiv2 { + + if ( model == "ILCE-6000" && maxAperture == F1_8 ) try { + long focalLength = getKeyLong ("Exif.Photo.FocalLength" ,metadata); +- long focalL35mm = getKeyLong ("Exif.Photo.FocalLengthIn35mmFilm",metadata); +- long focalRatio = (focalL35mm*100)/focalLength; +- if ( inRange(focalRatio,145,155) ) index = 2 ; ++ if (focalLength > 0) { ++ long focalL35mm = getKeyLong ("Exif.Photo.FocalLengthIn35mmFilm",metadata); ++ long focalRatio = (focalL35mm*100)/focalLength; ++ if ( inRange(focalRatio,145,155) ) index = 2 ; ++ } + } catch (...) {} + + if ( model == "ILCE-6000" && maxApertures.find(maxAperture) != maxApertures.end() ) try { + long focalLength = getKeyLong ("Exif.Photo.FocalLength" ,metadata); +- long focalL35mm = getKeyLong ("Exif.Photo.FocalLengthIn35mmFilm",metadata); +- long focalRatio = (focalL35mm*100)/focalLength; +- if ( inRange(focalRatio,145,155) ) index = 3 ; ++ if (focalLength > 0) { ++ long focalL35mm = getKeyLong ("Exif.Photo.FocalLengthIn35mmFilm",metadata); ++ long focalRatio = (focalL35mm*100)/focalLength; ++ if ( inRange(focalRatio,145,155) ) index = 3 ; ++ } + } catch (...) {} + + if ( index > 0 ) { diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-34335-2.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-34335-2.patch new file mode 100644 index 0000000000..35d1e79d01 --- /dev/null +++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-34335-2.patch @@ -0,0 +1,57 @@ +From fb3bfc509905b20cbde061ff3ec8be9d8a04e7c3 Mon Sep 17 00:00:00 2001 +From: Kevin Backhouse <[email protected]> +Date: Wed, 30 Jun 2021 11:57:46 +0100 +Subject: [PATCH] Defensive coding to avoid 0x80000000/0xFFFFFFFF FPE. + +CVE: CVE-2021-34335 +Upstream-Status: Backport [https://github.com/Exiv2/exiv2/pull/1750/commits/2d8d44e47b1500030e5b249bffbaf1e80aa74815] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + include/exiv2/value.hpp | 6 +++--- + src/tags_int.cpp | 2 +- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/include/exiv2/value.hpp b/include/exiv2/value.hpp +index 7ca57f3..f726f8c 100644 +--- a/include/exiv2/value.hpp ++++ b/include/exiv2/value.hpp +@@ -1569,7 +1569,7 @@ namespace Exiv2 { + { + value_.clear(); + long ts = TypeInfo::typeSize(typeId()); +- if (ts != 0) ++ if (ts > 0) + if (len % ts != 0) len = (len / ts) * ts; + for (long i = 0; i < len; i += ts) { + value_.push_back(getValue<T>(buf + i, byteOrder)); +@@ -1653,7 +1653,7 @@ namespace Exiv2 { + template<> + inline long ValueType<Rational>::toLong(long n) const + { +- ok_ = (value_[n].second != 0 && INT_MIN < value_[n].first && value_[n].first < INT_MAX ); ++ ok_ = (value_[n].second > 0 && INT_MIN < value_[n].first && value_[n].first < INT_MAX ); + if (!ok_) return 0; + return value_[n].first / value_[n].second; + } +@@ -1661,7 +1661,7 @@ namespace Exiv2 { + template<> + inline long ValueType<URational>::toLong(long n) const + { +- ok_ = (value_[n].second != 0 && value_[n].first < LARGE_INT); ++ ok_ = (value_[n].second > 0 && value_[n].first < LARGE_INT); + if (!ok_) return 0; + return value_[n].first / value_[n].second; + } +diff --git a/src/tags_int.cpp b/src/tags_int.cpp +index 6f76a87..df05522 100644 +--- a/src/tags_int.cpp ++++ b/src/tags_int.cpp +@@ -2228,7 +2228,7 @@ namespace Exiv2 { + std::ostream& printLong(std::ostream& os, const Value& value, const ExifData*) + { + Rational r = value.toRational(); +- if (r.second != 0) return os << static_cast<long>(r.first) / r.second; ++ if (r.second > 0) return os << static_cast<long>(r.first) / r.second; + return os << "(" << value << ")"; + } // printLong + diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb index 339ce221dd..1c1c05dfaa 100644 --- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb +++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb @@ -20,6 +20,8 @@ SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source file://CVE-2021-34334-2.patch \ file://CVE-2021-34334-3.patch \ file://CVE-2021-34334-4.patch \ + file://CVE-2021-34335-1.patch \ + file://CVE-2021-34335-2.patch \ " SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#121988): https://lists.openembedded.org/g/openembedded-devel/message/121988 Mute This Topic: https://lists.openembedded.org/mt/116428185/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
