import exiv2-0.27.3-3.el8_4

SOURCES/exiv2-CVE-2021-31291.patch

@@ -0,0 +1,26 @@
+From 13e5a3e02339b746abcaee6408893ca2fd8e289d Mon Sep 17 00:00:00 2001
+From: Pydera <pydera@mailbox.org>
+Date: Thu, 8 Apr 2021 17:36:16 +0200
+Subject: [PATCH] Fix out of buffer access in #1529
+
+---
+ src/jp2image.cpp | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/jp2image.cpp b/src/jp2image.cpp
+index 88ab9b2d61..12025f9664 100644
+--- a/src/jp2image.cpp
++++ b/src/jp2image.cpp
+@@ -776,9 +776,10 @@ static void boxes_check(size_t b,size_t m)
+ #endif
+                 box.length = (uint32_t) (io_->size() - io_->tell() + 8);
+             }
+-            if (box.length == 1)
++            if (box.length < 8)
+             {
+-                // FIXME. Special case. the real box size is given in another place.
++                // box is broken, so there is nothing we can do here
++                throw Error(kerCorruptedMetadata);
+             }
+
+             // Read whole box : Box header + Box data (not fixed size - can be null).

SPECS/exiv2.spec

@@ -2,7 +2,7 @@
 Summary: Exif and Iptc metadata manipulation library
 Name:    exiv2
 Version: 0.27.3
-Release: 2%{?dist}
+Release: 3%{?dist}
 
 License: GPLv2+
 URL:     http://www.exiv2.org/
@@ -14,7 +14,7 @@ Source0: https://github.com/Exiv2/%{name}/archive/exiv2-%{version}.tar.gz
 # don't unconditionally use -fcf-protection flag, not supported on all archs
 # fedora already includes this on archs that do support it
 Patch100: exiv2-0.27.3-fcf-protection.patch
-
+Patch101: exiv2-CVE-2021-31291.patch
 
 BuildRequires: cmake
 BuildRequires: expat-devel
@@ -123,6 +123,10 @@ test -x %{buildroot}%{_libdir}/libexiv2.so
 
 
 %changelog
+* Thu Aug 05 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.3-3
+- Fix heap-based buffer overflow vulnerability in jp2image.cpp that may lead to DoS
+  Resolves: bz#1990355
+
 * Wed Oct 7 2020 Jan Grulich <jgrulich@redhat.com> - 0.27.3-2
 - Avoid duplicating Changelog file
   Resolves: bz#1880984