exiv2: patch CVE-2021-34335

Details: https://nvd.nist.gov/vuln/detail/CVE-2021-34335

Pick the patches from the PR mentioned in the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>

meta-oe/recipes-support/exiv2/exiv2/CVE-2021-34335-1.patch

@@ -0,0 +1,43 @@
+From bde41fcab99f5def735bc4b0b8515f211eda98c0 Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Tue, 29 Jun 2021 23:32:59 +0100
+Subject: [PATCH] Prevent divide-by-zero crash.
+
+CVE: CVE-2021-34335
+Upstream-Status: Backport [https://github.com/Exiv2/exiv2/pull/1750/commits/f2d6d24ed74b2c5dbbbdc25bafd42ce9357978f8]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/minoltamn_int.cpp | 16 ++++++++++------
+ 1 file changed, 10 insertions(+), 6 deletions(-)
+
+diff --git a/src/minoltamn_int.cpp b/src/minoltamn_int.cpp
+index f5c0b41..77521fc 100644
+--- a/src/minoltamn_int.cpp
++++ b/src/minoltamn_int.cpp
+@@ -2179,16 +2179,20 @@ namespace Exiv2 {
+ 
+             if ( model == "ILCE-6000" && maxAperture == F1_8 ) try {
+                 long    focalLength = getKeyLong  ("Exif.Photo.FocalLength"      ,metadata);
+-                long    focalL35mm  = getKeyLong  ("Exif.Photo.FocalLengthIn35mmFilm",metadata);
+-                long    focalRatio  = (focalL35mm*100)/focalLength;
+-                if ( inRange(focalRatio,145,155) ) index = 2 ;
++                if (focalLength > 0) {
++                  long    focalL35mm  = getKeyLong  ("Exif.Photo.FocalLengthIn35mmFilm",metadata);
++                  long    focalRatio  = (focalL35mm*100)/focalLength;
++                  if ( inRange(focalRatio,145,155) ) index = 2 ;
++                }
+             } catch (...) {}
+ 
+             if ( model == "ILCE-6000" && maxApertures.find(maxAperture) != maxApertures.end() ) try {
+                 long    focalLength = getKeyLong  ("Exif.Photo.FocalLength"      ,metadata);
+-                long    focalL35mm  = getKeyLong  ("Exif.Photo.FocalLengthIn35mmFilm",metadata);
+-                long    focalRatio  = (focalL35mm*100)/focalLength;
+-                if ( inRange(focalRatio,145,155) ) index = 3 ;
++                if (focalLength > 0) {
++                  long    focalL35mm  = getKeyLong  ("Exif.Photo.FocalLengthIn35mmFilm",metadata);
++                  long    focalRatio  = (focalL35mm*100)/focalLength;
++                  if ( inRange(focalRatio,145,155) ) index = 3 ;
++                }
+             } catch (...) {}
+ 
+             if ( index > 0 ) {

meta-oe/recipes-support/exiv2/exiv2/CVE-2021-34335-2.patch

@@ -0,0 +1,57 @@
+From fb3bfc509905b20cbde061ff3ec8be9d8a04e7c3 Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Wed, 30 Jun 2021 11:57:46 +0100
+Subject: [PATCH] Defensive coding to avoid 0x80000000/0xFFFFFFFF FPE.
+
+CVE: CVE-2021-34335
+Upstream-Status: Backport [https://github.com/Exiv2/exiv2/pull/1750/commits/2d8d44e47b1500030e5b249bffbaf1e80aa74815]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ include/exiv2/value.hpp | 6 +++---
+ src/tags_int.cpp        | 2 +-
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/include/exiv2/value.hpp b/include/exiv2/value.hpp
+index 7ca57f3..f726f8c 100644
+--- a/include/exiv2/value.hpp
++++ b/include/exiv2/value.hpp
+@@ -1569,7 +1569,7 @@ namespace Exiv2 {
+     {
+         value_.clear();
+         long ts = TypeInfo::typeSize(typeId());
+-        if (ts != 0)
++        if (ts > 0)
+             if (len % ts != 0) len = (len / ts) * ts;
+         for (long i = 0; i < len; i += ts) {
+             value_.push_back(getValue<T>(buf + i, byteOrder));
+@@ -1653,7 +1653,7 @@ namespace Exiv2 {
+     template<>
+     inline long ValueType<Rational>::toLong(long n) const
+     {
+-        ok_ = (value_[n].second != 0 && INT_MIN < value_[n].first && value_[n].first < INT_MAX );
++        ok_ = (value_[n].second > 0 && INT_MIN < value_[n].first && value_[n].first < INT_MAX );
+         if (!ok_) return 0;
+         return value_[n].first / value_[n].second;
+     }
+@@ -1661,7 +1661,7 @@ namespace Exiv2 {
+     template<>
+     inline long ValueType<URational>::toLong(long n) const
+     {
+-        ok_ = (value_[n].second != 0 && value_[n].first < LARGE_INT);
++        ok_ = (value_[n].second > 0 && value_[n].first < LARGE_INT);
+         if (!ok_) return 0;
+         return value_[n].first / value_[n].second;
+     }
+diff --git a/src/tags_int.cpp b/src/tags_int.cpp
+index 6f76a87..df05522 100644
+--- a/src/tags_int.cpp
++++ b/src/tags_int.cpp
+@@ -2228,7 +2228,7 @@ namespace Exiv2 {
+     std::ostream& printLong(std::ostream& os, const Value& value, const ExifData*)
+     {
+         Rational r = value.toRational();
+-        if (r.second != 0) return os << static_cast<long>(r.first) / r.second;
++        if (r.second > 0) return os << static_cast<long>(r.first) / r.second;
+         return os << "(" << value << ")";
+     } // printLong
+ 

meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb

@@ -20,6 +20,8 @@ SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source
            file://CVE-2021-34334-2.patch \
            file://CVE-2021-34334-3.patch \
            file://CVE-2021-34334-4.patch \
+           file://CVE-2021-34335-1.patch \
+           file://CVE-2021-34335-2.patch \
            "
 SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778"