meta-openembedded: subtree update:4fe1065655..2449e5f07a
Alexander Kanavin (1):
remmina: make avahi support optional and off by default
Alexander Vickberg (1):
hostapd: fix building with CONFIG_TLS=internal
Andreas Müller (63):
mariadb: Fix configure
evolution-data-server: Backport upstream patch to fix configure on latest CMake
libgtop: tidy up recipe
xfce4-systemload-plugin: upgrade 1.3.0 -> 1.3.1 / introduce PACKAGECONFIGs
xfce4-clipman-plugin: upgrade 1.6.1 -> 1.6.2
xfce4-panel: upgrade 4.16.2 -> 4.16.3
fluidsynth: upgrade 2.2.0 -> 2.2.1
gparted: upgrade 1.2.0 -> 1.3.0
poppler: upgrade 21.04.0 -> 21.05.0
tracker: upgrade 2.3.6 -> 3.0.4
tracker-miners: upgrade 2.3.5 -> 3.0.5
nautilus: upgrade 3.36.3 -> 40.1
gnome-photos: upgrade 3.34.2 -> 40.0
file-roller: upgrade 3.36.3 -> 3.38.1
tepl: upgrade 4.4.0 -> 6.00.0
gedit: upgrade 3.36.2 -> 40.1
evince: upgrade 3.38.0 -> 40.1
gnome-calculator: upgrade 3.36.0 -> 40.1
gnome-system-monitor: upgrade 3.36.1 -> 40.1
dconf-editor: upgrade 3.38.2 -> 3.38.3
libwnck3: upgrade 3.36.0 -> 40.0
babl: upgrade 0.1.84 -> 0.1.86
gimp: upgrade 2.10.22 -> 2.10.24
gegl: add PACKAGECONFIG libraw and enable it by default
gegl: add poppler PCAKAGECONFIG and enable it by default
Revert "gimp: Disable svg icons on arm"
grilo-plugins: initial add 0.3.13
gnome-photos: rrecommend grilo-plugins
gnome-photos: Let all desktops add gnome-photos to their start menu
meta-gnome: remove upstream-version-is-even from inherit on 40.x version recipes
portaudio-v19: upgrade 19.6.0 -> 19.7.0
mousepad: upgrade 0.5.4 -> 0.5.5
network-manager-applet: upgrade 1.18.0 -> 1.22.0
nano: upgrade 5.6 -> 5.7
gnuplot: upgrade 5.2.8 -> 5.4.1
zsh: upgrade 5.4.2 -> 5.8
ttf-lohit: upgrade 2 -> 2.92.1
xrdp: upgrade 0.9.15 -> 0.9.16
snappy: upgrade 1.1.8 -> 1.1.9
redis: upgrade 6.2.2 -> 6.2.3
remmina: upgrade 1.4.11 -> 1.4.17
libpeas: upgrade 1.26.0 -> 1.30.0
modemmanager: upgrade 1.16.2 -> 1.16.4
mm-common: upgrade 1.0.2 -> 1.0.3
protobuf: upgrade 3.15.2 -> 3.17.0
qpdf: upgrade 10.2.0 -> 10.3.2
libmxml: upgrade 3.1 -> 3.2
libgusb: upgrade 0.3.5 -> 0.3.6
libeigen: upgrade 3.3.7 -> 3.3.9
giflib: upgrade 5.1.4 -> 5.2.1
fltk: upgrade 1.3.5 -> 1.3.6
botan: upgrade 2.14.0 -> 2.18.1
dialog: upgrade 1.3-20210319 -> 1.3-20210509
colord: upgrade 1.4.4 -> 1.4.5
flatbuffers: upgrade 1.12.0 -> 2.0.0
gtkwave: upgrade 3.3.108 -> 3.3.109 / move to gtk3 / tidy up recipe
hwdata: upgrade 0.346 -> 0.347
mime-support: upgrade 3.48 -> 3.62
mpv: upgrade 0.32.0 -> 0.33.1
renderdoc: upgrade 1.7 -> 1.13
xfce4-screenshooter: upgrade 1.9.8 -> 1.9.9
hunspell-dictionaries: use better names for dictionary files
gupnp: upgrade 1.2.4 -> 1.2.6
Andrej Kozemcak (1):
squid: upgrade 4.14 -> 4.15
Armin Kuster (6):
audit: migrate from meta-selinux
packagegroup-meta-oe: add audit to pkg grp
python3-scapy: move from meta-security
python3-scapy: add pkg to pkg grp
python3-scapy: drop from pkg grp
python3-scapy: drop this recipe
Ayoub Zaki (1):
evemu-tools: Add initial recipe
Bartosz Golaszewski (3):
python3-pycocotools: new package
python3-pydbus-manager: add runtime dependencies
python3-asyncio-glib: new package
Bruce Mitchell (1):
makedumpfile: Bump srcrev
Changqing Li (3):
python3-paho-mqtt: add package python3-paho-mqtt-examples
nmap: change shebang to python3
libgtop: fix do_compile error
Chen Qi (1):
mutter: add polkit to REQUIRED_DISTRO_FEATRUES
Daniel Ammann (1):
nyancat: add new package
Gianfranco (1):
vboxguestdrivers: upgrade 6.1.20 -> 6.1.22
Guy Morand (1):
qperf: add qperf recipe
Hongxu Jia (1):
cdrkit: add nativesdk support
Kai Kang (1):
thunar: 4.16.6 -> 4.16.8
Khem Raj (47):
liburing: Upgrade to 2.0
catch2: Upgrade to 2.13.6
mongodb: Update to 4.4.6-rc0
icewm: Upgrade to 2.3.3
python3-m2crypto: Pass correct ABI defines to swig
python3-lazy-object-proxy: Add missing dep on pip
python3-markdown: Remove
sdbus-c++-libsystemd: Avoid hard dependency on rsync
libmusicbrainz: Rework native and target pieces
abseil-cpp: Upgrade to lts_2021_03_24
grpc: Upgrade to 1.37.1
minicoredumper: Replace pthread_mutexattr_setrobust_np with pthread_mutexattr_setrobust
libupnp: Do not use _np versions of mutex APIs
mariadb: Upgrade to 10.5.10
apitrace: Upgrade to 0.10
evolution-data-server: Update to 3.40.1
mongodb: Do not use MINSIGSTKSZ
tbb: Fix build with GCC 11
breakpad: Fix type mismatch for SIGSTKSZ
packagegroup-meta-networking.bb: Add http-parser to packagegroup-meta-networking-support
nautilus: Exclude from builds
python3-m2crypto: Fix build on riscv and mips
googletest: Update to tip of trunk
libraw: Move from meta-qt5-extra to meta-oe
Revert "nautilus: Exclude from builds"
libcamera: Update to latest master tip
python3-haversine: Fix build with latest python/setuptools
opencv: Disable tbb on riscv/musl
rdma-core: Upgrade to 35.0
wireshark: Add zstd via packageconfig
dhcp-relay: Use recent config.guess and config.sub for bind
projucer: Update to latest master tip
opencv: Do not lock to gcc only compiler
minifi-cpp: Fix build with llvm C++ runtime
sdbus-cpp: Do not fetch googletest on the fly
python3-grpcio: Update to 1.38.0
heaptrack: Fix build with clang and llvm libunwind
grpc: Upgrade to 1.38.0
packagegroup-meta-oe: Add qperf package
dovecot: Fix build with llvm libunwind
mpich: Upgrade to 3.4.2
packagegroup-meta-oe: Add evemu-tools
vk-gl-cts: Fix O_TRUNC conflict with fcntl.h
dhcp-relay: Fix libtool files for internal bind build
mongodb: Change PV to 4.4.6
mongodb: Fix -Wc++11-narrowing warning on 32bit
mariadb: Include missing sys/type.h for ssize_t
Leon Anavi (81):
python3-pywbemtools: Upgrade 0.8.1 -> 0.9.0
python3-humanize: Upgrade 3.4.1 -> 3.5.0
python3-elementpath: Upgrade 2.2.1 -> 2.2.2
python3-typing-extensions: Upgrade 3.7.4.3 -> 3.10.0.0
python3-watchdog: Upgrade 2.0.3 -> 2.1.0
python3-greenlet: Upgrade 1.0.0 -> 1.1.0
python3-bitarray: Upgrade 2.0.1 -> 2.1.0
python3-websockets: Upgrade 8.1 -> 9.0.1
python3-babel: Upgrade 2.9.0 -> 2.9.1
python3-croniter: Upgrade 1.0.12 -> 1.0.13
python3-serpent: Upgrade 1.30.2 -> 1.40
python3-cerberus: Upgrade 1.3.3 -> 1.3.4
python3-aiohue: Upgrade 2.2.0 -> 2.3.0
python3-robotframework: Upgrade 4.0.1 -> 4.0.2
python3-sentry-sdk: Upgrade 1.0.0 -> 1.1.0
python3-aiohue: Upgrade 2.3.0 -> 2.3.1
python3-watchdog: Upgrade 2.1.0 -> 2.1.1
python3-itsdangerous: Upgrade 1.1.0 -> 2.0.0
python3-websocket-client: Upgrade 0.58.0 -> 0.59.0
python3-google-api-python-client: Upgrade 2.2.0 -> 2.4.0
python3-configargparse: Upgrade 1.4 -> 1.4.1
python3-click: Upgrade 7.1.2 -> 8.0.0
python3-pysonos: Upgrade 0.0.43 -> 0.0.46
python3-rfc3339-validator: Upgrade 0.1.3 -> 0.1.4
python3-pymongo: Upgrade 3.11.3 -> 3.11.4
python3-alembic: Upgrade 1.5.8 -> 1.6.2
python3-deprecated: Add recipe
python3-pymisp: Upgrade 2.4.142 -> 2.4.143
python3-aiohue: Upgrade 2.3.1 -> 2.4.0
python3-pyroute2: Upgrade 0.5.18 -> 0.5.19
python3-matplotlib-inline: Add recipe
python3-ipython: Upgrade 7.22.0 -> 7.23.1
python3-sh: Upgrade 1.14.1 -> 1.14.2
python3-javaobj-py3: Upgrade 0.4.2 -> 0.4.3
python3-pyjwt: Upgrade 2.0.1 -> 2.1.0
python3-aiofiles: Upgrade 0.6.0 -> 0.7.0
python3-aiohue: Upgrade 2.4.0 -> 2.5.0
python3-cbor2: Upgrade 5.2.0 -> 5.3.0
python3-websockets: Upgrade 9.0.1 -> 9.0.2
python3-decorator: Upgrade 5.0.7 -> 5.0.9
python3-websocket-client: Upgrade 0.59.0 -> 1.0.0
python3-pysonos: Upgrade 0.0.46 -> 0.0.48
surf: Upgrade 2.0 -> 2.1
python3-pywbem: Upgrade 1.1.3 -> 1.2.0
python3-watchdog: Upgrade 2.1.1 -> 2.1.2
python3-click: Upgrade 8.0.0 -> 8.0.1
python3-pysonos: Upgrade 0.0.48 -> 0.0.49
python3-pytest-runner: Upgrade 5.3.0 -> 5.3.1
python3-xmlschema: Upgrade 1.6.1 -> 1.6.2
python3-websocket-client: Upgrade 1.0.0 -> 1.0.1
python3-alembic: Upgrade 1.6.2 -> 1.6.4
python3-sqlalchemy: Upgrade 1.4.11 -> 1.4.15
python3-flask-migrate: Upgrade 2.7.0 -> 3.0.0
python3-flask: Upgrade 1.1.2 -> 2.0.1
python3-flask-wtf: Upgrade 0.14.3 -> 0.15.1
python3-flask-socketio: Upgrade 5.0.1 -> 5.0.3
python3-werkzeug: Upgrade 1.0.1 -> 2.0.1
python3-bidict: Add recipe
python3-socketio: Upgrade 5.1.0 -> 5.3.0
python3-robotframework: Upgrade 4.0.2 -> 4.0.3
python3-flask-restful: Upgrade 0.3.8 -> 0.3.9
python3-pysonos: Upgrade 0.0.49 -> 0.0.50
python3-aenum: Upgrade 3.0.0 -> 3.1.0
python3-pyscaffold: Upgrade 4.0.1 -> 4.0.2
python3-urllib3: Upgrade 1.26.4 -> 1.26.5
python3-tqdm: Upgrade 4.60.0 -> 4.61.0
python3-flask: Extend RDEPENDS
python3-ecdsa: Upgrade 0.16.1 -> 0.17.0
python3-alembic: Upgrade 1.6.4 -> 1.6.5
python3-websockets: Upgrade 9.0.2 -> 9.1
python3-pyzmq: Upgrade 22.0.3 -> 22.1.0
python3-ntplib: Upgrade 0.3.4 -> 0.4.0
python3-humanize: Upgrade 3.5.0 -> 3.6.0
python3-astroid: Upgrade 2.5.6 -> 2.5.7
python3-netifaces: Upgrade 0.10.9 -> 0.11.0
python3-certifi: Upgrade 2020.12.5 -> 2021.5.30
python3-click-repl: Upgrade 0.1.6 -> 0.2.0
python3-google-api-python-client: Upgrade 2.4.0 -> 2.6.0
python3-pytest-helpers-namespace: Upgrade 2021.3.24 -> 2021.4.29
python3-ipython: Upgrade 7.23.1 -> 7.24.0
python3-ruamel-yaml: Upgrade 0.17.4 -> 0.17.7
LiweiSong (1):
pm-graph: parse separated cpu exec line
Martin Jansa (7):
ostree: switch from default master branch to main to fix do_fetch failure
snappy: explicity disable building tests and benchmark
libtinyxml2: restore building shared library
zsh: work around file-rdeps QA issues with usrmerge in DISTRO_FEATURES
snappy: fix native build with older gcc on host
p7zip: refresh patches with devtool to apply cleanly
gtkwave: set REQUIRED_DISTRO_FEATURES only to wayland
Nisha Parrakat (1):
p7zip: build and package lib7z.so needed for fastboot
Nuno Sá (2):
libiio: add serial backend support
libiio: mark libxml2 as depends for usb_backend
Robert Joslyn (1):
ctags: Use PACKAGECONFIG for build options
Romain Naour (4):
poke: add recipe for version 1.2
poke: add optional json-c dependency
packagegroup-meta-oe: Add poke to packagegroup-meta-oe-devtools
libiec61850: Upgrade to 1.5.0
Ross Burton (3):
nss: disable -Werror
nss: remove -march vs -mcpu workaround
meta-gnome: add Cogl/Clutter from oe-core
Saul Wold (2):
opencv: remove tbb packageconfig for powerpc
sysdig: disable building for ppc
Stefan Ghinea (1):
thunar: fix CVE-2021-32563
Stefan Wiehler (3):
http-parser: add recipe
restinio: add recipe
restinio: fix license
Trevor Gamblin (6):
python3-django: upgrade 2.2.20 -> 2.2.22
python3-django: upgrade 3.2 -> 3.2.2
python3-django: upgrade 2.2.22 -> 2.2.23
python3-django: upgrade 3.2.2 -> 3.2.3
python3-ujson: fix ptests
python3-prettytable: add python3-sqlite3 for ptest
William A. Kennington III (1):
span-lite: upgrade 0.8.1 -> 0.9.2
Yi Zhao (1):
dhcp-relay: add recipe
wangmy (11):
uftrace: Fix a plthook crash on aarch64 with binutils2.35.1 and later versions on aarch64
exiv2: Fix CVE-2021-29457
exiv2: Fix CVE-2021-29458
exiv2: Fix CVE-2021-29463
exiv2: Fix CVE-2021-3482
exiv2: Fix CVE-2021-29464
exiv2: Fix CVE-2021-29470
exiv2: Fix CVE-2021-29473
libsdl: Fix CVE-2019-13616
trace-cmd: Conflict resolution
uftrace: upgrade 0.9.4 -> 0.10
zangrc (21):
ifenslave: upgrade 2.11 -> 2.12
lksctp-tools: upgrade 1.0.18 -> 1.0.19
nbdkit: upgrade 1.25.6 -> 1.25.7
tcpreplay: upgrade 4.3.3 -> 4.3.4
cloc: upgrade 1.88 -> 1.90
gensio: upgrade 2.2.4 -> 2.2.5
iwd: upgrade 1.13 -> 1.14
makedumpfile: upgrade 1.6.8 -> 1.6.9
postgresql: upgrade 13.2 -> 13.3
libencode-perl: upgrade 3.08 -> 3.10
python3-xlsxwriter: upgrade 1.4.0 -> 1.4.3
python3-itsdangerous: upgrade 2.0.0 -> 2.0.1
python3-protobuf: upgrade 3.14.0 -> 3.17.0
python3-pulsectl: upgrade 21.3.4 -> 21.5.17
python3-engineio: upgrade 3.13.0 -> 4.2.0
python3-can: upgrade 3.3.3 -> 3.3.4
gexiv2: upgrade 0.12.1 -> 0.12.2
gnome-autoar: upgrade 0.3.1 -> 0.3.2
gnome-bluetooth: upgrade 3.34.1 -> 3.34.5
libgweather: upgrade 3.36.1 -> 3.36.2
libstemmer: upgrade 2.0.0 -> 2.1.0
zhengruoqin (8):
libdivecomputer: upgrade 0.6.0 -> 0.7.0
libjcat: upgrade 0.1.6 -> 0.1.7
libxmlb: upgrade 0.3.0 -> 0.3.1
chrony: upgrade 4.0 -> 4.1
libqmi: upgrade 1.28.2 -> 1.28.4
libtinyxml2: upgrade 8.0.0 -> 8.1.0
libndp: upgrade 1.7 -> 1.8
valijson: upgrade 0.3 -> 0.4
Change-Id: I8a1f42af3063886d88a7c0c5c79a45dde55c34da
Signed-off-by: William A. Kennington III <wak@google.com>
diff --git a/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29457.patch b/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29457.patch
new file mode 100644
index 0000000..e5d0694
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29457.patch
@@ -0,0 +1,26 @@
+From 13e5a3e02339b746abcaee6408893ca2fd8e289d Mon Sep 17 00:00:00 2001
+From: Pydera <pydera@mailbox.org>
+Date: Thu, 8 Apr 2021 17:36:16 +0200
+Subject: [PATCH] Fix out of buffer access in #1529
+
+---
+ src/jp2image.cpp | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/jp2image.cpp b/src/jp2image.cpp
+index 88ab9b2d6..12025f966 100644
+--- a/src/jp2image.cpp
++++ b/src/jp2image.cpp
+@@ -776,9 +776,10 @@ static void boxes_check(size_t b,size_t m)
+ #endif
+ box.length = (uint32_t) (io_->size() - io_->tell() + 8);
+ }
+- if (box.length == 1)
++ if (box.length < 8)
+ {
+- // FIXME. Special case. the real box size is given in another place.
++ // box is broken, so there is nothing we can do here
++ throw Error(kerCorruptedMetadata);
+ }
+
+ // Read whole box : Box header + Box data (not fixed size - can be null).
diff --git a/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29458.patch b/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29458.patch
new file mode 100644
index 0000000..285f6fe
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29458.patch
@@ -0,0 +1,37 @@
+From 9b7a19f957af53304655ed1efe32253a1b11a8d0 Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Fri, 9 Apr 2021 13:37:48 +0100
+Subject: [PATCH] Fix integer overflow.
+---
+ src/crwimage_int.cpp | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
+index aefaf22..2e3e507 100644
+--- a/src/crwimage_int.cpp
++++ b/src/crwimage_int.cpp
+@@ -559,7 +559,7 @@ namespace Exiv2 {
+ void CiffComponent::setValue(DataBuf buf)
+ {
+ if (isAllocated_) {
+- delete pData_;
++ delete[] pData_;
+ pData_ = 0;
+ size_ = 0;
+ }
+@@ -1167,7 +1167,11 @@ namespace Exiv2 {
+ pCrwMapping->crwDir_);
+ if (edX != edEnd || edY != edEnd || edO != edEnd) {
+ uint32_t size = 28;
+- if (cc && cc->size() > size) size = cc->size();
++ if (cc) {
++ if (cc->size() < size)
++ throw Error(kerCorruptedMetadata);
++ size = cc->size();
++ }
+ DataBuf buf(size);
+ std::memset(buf.pData_, 0x0, buf.size_);
+ if (cc) std::memcpy(buf.pData_ + 8, cc->pData() + 8, cc->size() - 8);
+--
+2.25.1
+
diff --git a/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29463.patch b/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29463.patch
new file mode 100644
index 0000000..5ab64a7
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29463.patch
@@ -0,0 +1,120 @@
+From 783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Mon, 19 Apr 2021 18:06:00 +0100
+Subject: [PATCH] Improve bound checking in WebPImage::doWriteMetadata()
+
+---
+ src/webpimage.cpp | 41 ++++++++++++++++++++++++++++++-----------
+ 1 file changed, 30 insertions(+), 11 deletions(-)
+
+diff --git a/src/webpimage.cpp b/src/webpimage.cpp
+index 4ddec544c..fee110bca 100644
+--- a/src/webpimage.cpp
++++ b/src/webpimage.cpp
+@@ -145,7 +145,7 @@ namespace Exiv2 {
+ DataBuf chunkId(WEBP_TAG_SIZE+1);
+ chunkId.pData_ [WEBP_TAG_SIZE] = '\0';
+
+- io_->read(data, WEBP_TAG_SIZE * 3);
++ readOrThrow(*io_, data, WEBP_TAG_SIZE * 3, Exiv2::kerCorruptedMetadata);
+ uint64_t filesize = Exiv2::getULong(data + WEBP_TAG_SIZE, littleEndian);
+
+ /* Set up header */
+@@ -185,13 +185,20 @@ namespace Exiv2 {
+ case we have any exif or xmp data, also check
+ for any chunks with alpha frame/layer set */
+ while ( !io_->eof() && (uint64_t) io_->tell() < filesize) {
+- io_->read(chunkId.pData_, WEBP_TAG_SIZE);
+- io_->read(size_buff, WEBP_TAG_SIZE);
+- long size = Exiv2::getULong(size_buff, littleEndian);
++ readOrThrow(*io_, chunkId.pData_, WEBP_TAG_SIZE, Exiv2::kerCorruptedMetadata);
++ readOrThrow(*io_, size_buff, WEBP_TAG_SIZE, Exiv2::kerCorruptedMetadata);
++ const uint32_t size_u32 = Exiv2::getULong(size_buff, littleEndian);
++
++ // Check that `size_u32` is safe to cast to `long`.
++ enforce(size_u32 <= static_cast<size_t>(std::numeric_limits<unsigned int>::max()),
++ Exiv2::kerCorruptedMetadata);
++ const long size = static_cast<long>(size_u32);
+ DataBuf payload(size);
+- io_->read(payload.pData_, payload.size_);
+- byte c;
+- if ( payload.size_ % 2 ) io_->read(&c,1);
++ readOrThrow(*io_, payload.pData_, payload.size_, Exiv2::kerCorruptedMetadata);
++ if ( payload.size_ % 2 ) {
++ byte c;
++ readOrThrow(*io_, &c, 1, Exiv2::kerCorruptedMetadata);
++ }
+
+ /* Chunk with information about features
+ used in the file. */
+@@ -199,6 +206,7 @@ namespace Exiv2 {
+ has_vp8x = true;
+ }
+ if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8X) && !has_size) {
++ enforce(size >= 10, Exiv2::kerCorruptedMetadata);
+ has_size = true;
+ byte size_buf[WEBP_TAG_SIZE];
+
+@@ -227,6 +235,7 @@ namespace Exiv2 {
+ }
+ #endif
+ if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8) && !has_size) {
++ enforce(size >= 10, Exiv2::kerCorruptedMetadata);
+ has_size = true;
+ byte size_buf[2];
+
+@@ -244,11 +253,13 @@ namespace Exiv2 {
+
+ /* Chunk with with lossless image data. */
+ if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8L) && !has_alpha) {
++ enforce(size >= 5, Exiv2::kerCorruptedMetadata);
+ if ((payload.pData_[4] & WEBP_VP8X_ALPHA_BIT) == WEBP_VP8X_ALPHA_BIT) {
+ has_alpha = true;
+ }
+ }
+ if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8L) && !has_size) {
++ enforce(size >= 5, Exiv2::kerCorruptedMetadata);
+ has_size = true;
+ byte size_buf_w[2];
+ byte size_buf_h[3];
+@@ -276,11 +287,13 @@ namespace Exiv2 {
+
+ /* Chunk with animation frame. */
+ if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_ANMF) && !has_alpha) {
++ enforce(size >= 6, Exiv2::kerCorruptedMetadata);
+ if ((payload.pData_[5] & 0x2) == 0x2) {
+ has_alpha = true;
+ }
+ }
+ if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_ANMF) && !has_size) {
++ enforce(size >= 12, Exiv2::kerCorruptedMetadata);
+ has_size = true;
+ byte size_buf[WEBP_TAG_SIZE];
+
+@@ -309,16 +322,22 @@ namespace Exiv2 {
+
+ io_->seek(12, BasicIo::beg);
+ while ( !io_->eof() && (uint64_t) io_->tell() < filesize) {
+- io_->read(chunkId.pData_, 4);
+- io_->read(size_buff, 4);
++ readOrThrow(*io_, chunkId.pData_, 4, Exiv2::kerCorruptedMetadata);
++ readOrThrow(*io_, size_buff, 4, Exiv2::kerCorruptedMetadata);
++
++ const uint32_t size_u32 = Exiv2::getULong(size_buff, littleEndian);
+
+- long size = Exiv2::getULong(size_buff, littleEndian);
++ // Check that `size_u32` is safe to cast to `long`.
++ enforce(size_u32 <= static_cast<size_t>(std::numeric_limits<unsigned int>::max()),
++ Exiv2::kerCorruptedMetadata);
++ const long size = static_cast<long>(size_u32);
+
+ DataBuf payload(size);
+- io_->read(payload.pData_, size);
++ readOrThrow(*io_, payload.pData_, size, Exiv2::kerCorruptedMetadata);
+ if ( io_->tell() % 2 ) io_->seek(+1,BasicIo::cur); // skip pad
+
+ if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8X)) {
++ enforce(size >= 1, Exiv2::kerCorruptedMetadata);
+ if (has_icc){
+ payload.pData_[0] |= WEBP_VP8X_ICC_BIT;
+ } else {
diff --git a/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29464.patch b/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29464.patch
new file mode 100644
index 0000000..f0c4824
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29464.patch
@@ -0,0 +1,72 @@
+From 61734d8842cb9cc59437463e3bac54d6231d9487 Mon Sep 17 00:00:00 2001
+From: Wang Mingyu <wangmy@fujitsu.com>
+Date: Tue, 18 May 2021 10:52:54 +0900
+Subject: [PATCH] modify
+
+Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
+---
+ src/jp2image.cpp | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/src/jp2image.cpp b/src/jp2image.cpp
+index 52723a4..0ac4f50 100644
+--- a/src/jp2image.cpp
++++ b/src/jp2image.cpp
+@@ -643,11 +643,11 @@ static void boxes_check(size_t b,size_t m)
+ void Jp2Image::encodeJp2Header(const DataBuf& boxBuf,DataBuf& outBuf)
+ {
+ DataBuf output(boxBuf.size_ + iccProfile_.size_ + 100); // allocate sufficient space
+- int outlen = sizeof(Jp2BoxHeader) ; // now many bytes have we written to output?
+- int inlen = sizeof(Jp2BoxHeader) ; // how many bytes have we read from boxBuf?
++ long outlen = sizeof(Jp2BoxHeader) ; // now many bytes have we written to output?
++ long inlen = sizeof(Jp2BoxHeader) ; // how many bytes have we read from boxBuf?
+ Jp2BoxHeader* pBox = (Jp2BoxHeader*) boxBuf.pData_;
+- int32_t length = getLong((byte*)&pBox->length, bigEndian);
+- int32_t count = sizeof (Jp2BoxHeader);
++ uint32_t length = getLong((byte*)&pBox->length, bigEndian);
++ uint32_t count = sizeof (Jp2BoxHeader);
+ char* p = (char*) boxBuf.pData_;
+ bool bWroteColor = false ;
+
+@@ -664,6 +664,7 @@ static void boxes_check(size_t b,size_t m)
+ #ifdef EXIV2_DEBUG_MESSAGES
+ std::cout << "Jp2Image::encodeJp2Header subbox: "<< toAscii(subBox.type) << " length = " << subBox.length << std::endl;
+ #endif
++ enforce(subBox.length <= length - count, Exiv2::kerCorruptedMetadata);
+ count += subBox.length;
+ newBox.type = subBox.type;
+ } else {
+@@ -672,12 +673,13 @@ static void boxes_check(size_t b,size_t m)
+ count = length;
+ }
+
+- int32_t newlen = subBox.length;
++ uint32_t newlen = subBox.length;
+ if ( newBox.type == kJp2BoxTypeColorHeader ) {
+ bWroteColor = true ;
+ if ( ! iccProfileDefined() ) {
+ const char* pad = "\x01\x00\x00\x00\x00\x00\x10\x00\x00\x05\x1cuuid";
+ uint32_t psize = 15;
++ enforce(newlen <= output.size_ - outlen, Exiv2::kerCorruptedMetadata);
+ ul2Data((byte*)&newBox.length,psize ,bigEndian);
+ ul2Data((byte*)&newBox.type ,newBox.type,bigEndian);
+ ::memcpy(output.pData_+outlen ,&newBox ,sizeof(newBox));
+@@ -686,6 +688,7 @@ static void boxes_check(size_t b,size_t m)
+ } else {
+ const char* pad = "\0x02\x00\x00";
+ uint32_t psize = 3;
++ enforce(newlen <= output.size_ - outlen, Exiv2::kerCorruptedMetadata);
+ ul2Data((byte*)&newBox.length,psize+iccProfile_.size_,bigEndian);
+ ul2Data((byte*)&newBox.type,newBox.type,bigEndian);
+ ::memcpy(output.pData_+outlen ,&newBox ,sizeof(newBox) );
+@@ -694,6 +697,7 @@ static void boxes_check(size_t b,size_t m)
+ newlen = psize + iccProfile_.size_;
+ }
+ } else {
++ enforce(newlen <= output.size_ - outlen, Exiv2::kerCorruptedMetadata);
+ ::memcpy(output.pData_+outlen,boxBuf.pData_+inlen,subBox.length);
+ }
+
+--
+2.25.1
+
diff --git a/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29470.patch b/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29470.patch
new file mode 100644
index 0000000..eedf9d7
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29470.patch
@@ -0,0 +1,32 @@
+From 6628a69c036df2aa036290e6cd71767c159c79ed Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Wed, 21 Apr 2021 12:06:04 +0100
+Subject: [PATCH] Add more bounds checks in Jp2Image::encodeJp2Header
+---
+ src/jp2image.cpp | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/jp2image.cpp b/src/jp2image.cpp
+index b424225..349a9f0 100644
+--- a/src/jp2image.cpp
++++ b/src/jp2image.cpp
+@@ -645,13 +645,16 @@ static void boxes_check(size_t b,size_t m)
+ DataBuf output(boxBuf.size_ + iccProfile_.size_ + 100); // allocate sufficient space
+ long outlen = sizeof(Jp2BoxHeader) ; // now many bytes have we written to output?
+ long inlen = sizeof(Jp2BoxHeader) ; // how many bytes have we read from boxBuf?
++ enforce(sizeof(Jp2BoxHeader) <= static_cast<size_t>(output.size_), Exiv2::kerCorruptedMetadata);
+ Jp2BoxHeader* pBox = (Jp2BoxHeader*) boxBuf.pData_;
+ uint32_t length = getLong((byte*)&pBox->length, bigEndian);
++ enforce(length <= static_cast<size_t>(output.size_), Exiv2::kerCorruptedMetadata);
+ uint32_t count = sizeof (Jp2BoxHeader);
+ char* p = (char*) boxBuf.pData_;
+ bool bWroteColor = false ;
+
+ while ( count < length || !bWroteColor ) {
++ enforce(sizeof(Jp2BoxHeader) <= length - count, Exiv2::kerCorruptedMetadata);
+ Jp2BoxHeader* pSubBox = (Jp2BoxHeader*) (p+count) ;
+
+ // copy data. pointer could be into a memory mapped file which we will decode!
+--
+2.25.1
+
diff --git a/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29473.patch b/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29473.patch
new file mode 100644
index 0000000..4afedf8
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29473.patch
@@ -0,0 +1,21 @@
+From e6a0982f7cd9282052b6e3485a458d60629ffa0b Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Fri, 23 Apr 2021 11:44:44 +0100
+Subject: [PATCH] Add bounds check in Jp2Image::doWriteMetadata().
+
+---
+ src/jp2image.cpp | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/jp2image.cpp b/src/jp2image.cpp
+index 1694fed27..ca8c9ddbb 100644
+--- a/src/jp2image.cpp
++++ b/src/jp2image.cpp
+@@ -908,6 +908,7 @@ static void boxes_check(size_t b,size_t m)
+
+ case kJp2BoxTypeUuid:
+ {
++ enforce(boxBuf.size_ >= 24, Exiv2::kerCorruptedMetadata);
+ if(memcmp(boxBuf.pData_ + 8, kJp2UuidExif, 16) == 0)
+ {
+ #ifdef EXIV2_DEBUG_MESSAGES
diff --git a/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-3482.patch b/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-3482.patch
new file mode 100644
index 0000000..e7c5e1b
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-3482.patch
@@ -0,0 +1,54 @@
+From 22ea582c6b74ada30bec3a6b15de3c3e52f2b4da Mon Sep 17 00:00:00 2001
+From: Robin Mills <robin@clanmills.com>
+Date: Mon, 5 Apr 2021 20:33:25 +0100
+Subject: [PATCH] fix_1522_jp2image_exif_asan
+
+---
+ src/jp2image.cpp | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/src/jp2image.cpp b/src/jp2image.cpp
+index eb31cea4a..88ab9b2d6 100644
+--- a/src/jp2image.cpp
++++ b/src/jp2image.cpp
+@@ -28,6 +28,7 @@
+ #include "image.hpp"
+ #include "image_int.hpp"
+ #include "basicio.hpp"
++#include "enforce.hpp"
+ #include "error.hpp"
+ #include "futils.hpp"
+ #include "types.hpp"
+@@ -353,7 +354,7 @@ static void boxes_check(size_t b,size_t m)
+ if (io_->error()) throw Error(kerFailedToReadImageData);
+ if (bufRead != rawData.size_) throw Error(kerInputDataReadFailed);
+
+- if (rawData.size_ > 0)
++ if (rawData.size_ > 8) // "II*\0long"
+ {
+ // Find the position of Exif header in bytes array.
+ long pos = ( (rawData.pData_[0] == rawData.pData_[1])
+@@ -497,6 +498,7 @@ static void boxes_check(size_t b,size_t m)
+ position = io_->tell();
+ box.length = getLong((byte*)&box.length, bigEndian);
+ box.type = getLong((byte*)&box.type, bigEndian);
++ enforce(box.length <= io_->size()-io_->tell() , Exiv2::kerCorruptedMetadata);
+
+ if (bPrint) {
+ out << Internal::stringFormat("%8ld | %8ld | ", (size_t)(position - sizeof(box)),
+@@ -581,12 +583,13 @@ static void boxes_check(size_t b,size_t m)
+ throw Error(kerInputDataReadFailed);
+
+ if (bPrint) {
+- out << Internal::binaryToString(makeSlice(rawData, 0, 40));
++ out << Internal::binaryToString(
++ makeSlice(rawData, 0, rawData.size_>40?40:rawData.size_));
+ out.flush();
+ }
+ lf(out, bLF);
+
+- if (bIsExif && bRecursive && rawData.size_ > 0) {
++ if (bIsExif && bRecursive && rawData.size_ > 8) { // "II*\0long"
+ if ((rawData.pData_[0] == rawData.pData_[1]) &&
+ (rawData.pData_[0] == 'I' || rawData.pData_[0] == 'M')) {
+ BasicIo::AutoPtr p = BasicIo::AutoPtr(new MemIo(rawData.pData_, rawData.size_));
diff --git a/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
index ed1e8de..d5d9e62 100644
--- a/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
+++ b/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
@@ -9,7 +9,14 @@
# Once patch is obsolete (project should be aware due to PRs), dos2unix can be removed either
inherit dos2unix
-SRC_URI += "file://0001-Use-compiler-fcf-protection-only-if-compiler-arch-su.patch"
+SRC_URI += "file://0001-Use-compiler-fcf-protection-only-if-compiler-arch-su.patch \
+ file://CVE-2021-29457.patch \
+ file://CVE-2021-29458.patch \
+ file://CVE-2021-29463.patch \
+ file://CVE-2021-29464.patch \
+ file://CVE-2021-29470.patch \
+ file://CVE-2021-29473.patch \
+ file://CVE-2021-3482.patch"
S = "${WORKDIR}/${BPN}-${PV}-Source"