2 files changed, 78 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/exiv2/exiv2/0001-CVE-2025-54080-fix.patch b/meta-oe/recipes-support/exiv2/exiv2/0001-CVE-2025-54080-fix.patch
new file mode 100644
index 0000000000..6a4c80f8a8
--- /dev/null
+++ b/meta-oe/recipes-support/exiv2/exiv2/0001-CVE-2025-54080-fix.patch
@@ -0,0 +1,77 @@
+From 6a0c63f1362dac8badfad5d2dcc55fb4ff04fc60 Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Tue, 29 Jul 2025 18:58:46 +0100
+Subject: [PATCH] CVE-2025-54080 fix
+Upstream-Status: Backport [https://github.com/Exiv2/exiv2/commit/e737332427711f15bcdc4e903203d6b7493eaec0]
+CVE: CVE-2025-54080
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/epsimage.cpp | 40 +++++++++++-----------------------------
+ 1 file changed, 11 insertions(+), 29 deletions(-)
+diff --git a/src/epsimage.cpp b/src/epsimage.cpp
+index 2e2241b69..bb4aa3303 100644
+--- a/src/epsimage.cpp
+++ b/src/epsimage.cpp
+@@ -241,6 +241,8 @@ void readWriteEpsMetadata(BasicIo& io, std::string& xmpPacket, NativePreviewList
+   uint32_t posTiff = 0;
+   uint32_t sizeTiff = 0;
+ 
+  ErrorCode errcode = write ? ErrorCode::kerImageWriteFailed : ErrorCode::kerFailedToReadImageData;
+
+   // check for DOS EPS
+   const bool dosEps =
+       (size >= dosEpsSignature.size() && memcmp(data, dosEpsSignature.data(), dosEpsSignature.size()) == 0);
+@@ -248,12 +250,8 @@ void readWriteEpsMetadata(BasicIo& io, std::string& xmpPacket, NativePreviewList
+ #ifdef DEBUG
+     EXV_DEBUG << "readWriteEpsMetadata: Found DOS EPS signature\n";
+ #endif
+-    if (size < 30) {
+-#ifndef SUPPRESS_WARNINGS
+-      EXV_WARNING << "Premature end of file after DOS EPS signature.\n";
+-#endif
+-      throw Error(write ? ErrorCode::kerImageWriteFailed : ErrorCode::kerFailedToReadImageData);
+-    }
+
+    enforce(size >= 30, errcode);
+     posEps = getULong(data + 4, littleEndian);
+     posEndEps = getULong(data + 8, littleEndian) + posEps;
+     posWmf = getULong(data + 12, littleEndian);
+@@ -285,29 +283,13 @@ void readWriteEpsMetadata(BasicIo& io, std::string& xmpPacket, NativePreviewList
+       if (write)
+         throw Error(ErrorCode::kerImageWriteFailed);
+     }
+-    if (posEps < 30 || posEndEps > size) {
+-#ifndef SUPPRESS_WARNINGS
+-      EXV_WARNING << "DOS EPS file has invalid position (" << posEps << ") or size (" << (posEndEps - posEps)
+-                  << ") for EPS section.\n";
+-#endif
+-      throw Error(write ? ErrorCode::kerImageWriteFailed : ErrorCode::kerFailedToReadImageData);
+-    }
+-    if (sizeWmf != 0 && (posWmf < 30 || posWmf + sizeWmf > size)) {
+-#ifndef SUPPRESS_WARNINGS
+-      EXV_WARNING << "DOS EPS file has invalid position (" << posWmf << ") or size (" << sizeWmf
+-                  << ") for WMF section.\n";
+-#endif
+-      if (write)
+-        throw Error(ErrorCode::kerImageWriteFailed);
+-    }
+-    if (sizeTiff != 0 && (posTiff < 30 || posTiff + sizeTiff > size)) {
+-#ifndef SUPPRESS_WARNINGS
+-      EXV_WARNING << "DOS EPS file has invalid position (" << posTiff << ") or size (" << sizeTiff
+-                  << ") for TIFF section.\n";
+-#endif
+-      if (write)
+-        throw Error(ErrorCode::kerImageWriteFailed);
+-    }
+    enforce(30 <= posEps, errcode);
+    enforce(sizeWmf == 0 || 30 <= posWmf, errcode);
+    enforce(sizeTiff == 0 || 30 <= posTiff, errcode);
+
+    enforce(posEps <= posEndEps && posEndEps <= size, errcode);
+    enforce(posWmf <= size && sizeWmf <= size - posWmf, errcode);
+    enforce(posTiff <= size && sizeTiff <= size - posTiff, errcode);
+   }
+ 
+   // check first line
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb
index 81e9954c1d..947d13208d 100644
--- a/meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb
+++ b/meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb
@@ -6,6 +6,7 @@ DEPENDS = "zlib expat brotli libinih"
 SRC_URI = "git://github.com/Exiv2/exiv2.git;protocol=https;branch=0.28.x \
           file://0001-Revert-fix-copy-constructors.patch \
+           file://0001-CVE-2025-54080-fix.patch \
           "
 SRCREV = "a6a79ef064f131ffd03c110acce2d3edb84ffa2e"
 S = "${WORKDIR}/git"

diff --git a/meta-oe/recipes-support/exiv2/exiv2/0001-CVE-2025-54080-fix.patch b/meta-oe/recipes-support/exiv2/exiv2/0001-CVE-2025-54080-fix.patch new file mode 100644 index 0000000000..6a4c80f8a8 --- /dev/null +++ b/meta-oe/recipes-support/exiv2/exiv2/0001-CVE-2025-54080-fix.patch
@@ -0,0 +1,77 @@
		1	From 6a0c63f1362dac8badfad5d2dcc55fb4ff04fc60 Mon Sep 17 00:00:00 2001
		2	From: Kevin Backhouse <kevinbackhouse@github.com>
		3	Date: Tue, 29 Jul 2025 18:58:46 +0100
		4	Subject: [PATCH] CVE-2025-54080 fix
		5
		6	Upstream-Status: Backport [https://github.com/Exiv2/exiv2/commit/e737332427711f15bcdc4e903203d6b7493eaec0]
		7	CVE: CVE-2025-54080
		8	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		9	---
		10	src/epsimage.cpp \| 40 +++++++++++-----------------------------
		11	1 file changed, 11 insertions(+), 29 deletions(-)
		12
		13	diff --git a/src/epsimage.cpp b/src/epsimage.cpp
		14	index 2e2241b69..bb4aa3303 100644
		15	--- a/src/epsimage.cpp
		16	+++ b/src/epsimage.cpp
		17	@@ -241,6 +241,8 @@ void readWriteEpsMetadata(BasicIo& io, std::string& xmpPacket, NativePreviewList
		18	uint32_t posTiff = 0;
		19	uint32_t sizeTiff = 0;
		20
		21	+ ErrorCode errcode = write ? ErrorCode::kerImageWriteFailed : ErrorCode::kerFailedToReadImageData;
		22	+
		23	// check for DOS EPS
		24	const bool dosEps =
		25	(size >= dosEpsSignature.size() && memcmp(data, dosEpsSignature.data(), dosEpsSignature.size()) == 0);
		26	@@ -248,12 +250,8 @@ void readWriteEpsMetadata(BasicIo& io, std::string& xmpPacket, NativePreviewList
		27	#ifdef DEBUG
		28	EXV_DEBUG << "readWriteEpsMetadata: Found DOS EPS signature\n";
		29	#endif
		30	- if (size < 30) {
		31	-#ifndef SUPPRESS_WARNINGS
		32	- EXV_WARNING << "Premature end of file after DOS EPS signature.\n";
		33	-#endif
		34	- throw Error(write ? ErrorCode::kerImageWriteFailed : ErrorCode::kerFailedToReadImageData);
		35	- }
		36	+
		37	+ enforce(size >= 30, errcode);
		38	posEps = getULong(data + 4, littleEndian);
		39	posEndEps = getULong(data + 8, littleEndian) + posEps;
		40	posWmf = getULong(data + 12, littleEndian);
		41	@@ -285,29 +283,13 @@ void readWriteEpsMetadata(BasicIo& io, std::string& xmpPacket, NativePreviewList
		42	if (write)
		43	throw Error(ErrorCode::kerImageWriteFailed);
		44	}
		45	- if (posEps < 30 \|\| posEndEps > size) {
		46	-#ifndef SUPPRESS_WARNINGS
		47	- EXV_WARNING << "DOS EPS file has invalid position (" << posEps << ") or size (" << (posEndEps - posEps)
		48	- << ") for EPS section.\n";
		49	-#endif
		50	- throw Error(write ? ErrorCode::kerImageWriteFailed : ErrorCode::kerFailedToReadImageData);
		51	- }
		52	- if (sizeWmf != 0 && (posWmf < 30 \|\| posWmf + sizeWmf > size)) {
		53	-#ifndef SUPPRESS_WARNINGS
		54	- EXV_WARNING << "DOS EPS file has invalid position (" << posWmf << ") or size (" << sizeWmf
		55	- << ") for WMF section.\n";
		56	-#endif
		57	- if (write)
		58	- throw Error(ErrorCode::kerImageWriteFailed);
		59	- }
		60	- if (sizeTiff != 0 && (posTiff < 30 \|\| posTiff + sizeTiff > size)) {
		61	-#ifndef SUPPRESS_WARNINGS
		62	- EXV_WARNING << "DOS EPS file has invalid position (" << posTiff << ") or size (" << sizeTiff
		63	- << ") for TIFF section.\n";
		64	-#endif
		65	- if (write)
		66	- throw Error(ErrorCode::kerImageWriteFailed);
		67	- }
		68	+ enforce(30 <= posEps, errcode);
		69	+ enforce(sizeWmf == 0 \|\| 30 <= posWmf, errcode);
		70	+ enforce(sizeTiff == 0 \|\| 30 <= posTiff, errcode);
		71	+
		72	+ enforce(posEps <= posEndEps && posEndEps <= size, errcode);
		73	+ enforce(posWmf <= size && sizeWmf <= size - posWmf, errcode);
		74	+ enforce(posTiff <= size && sizeTiff <= size - posTiff, errcode);
		75	}
		76
		77	// check first line


diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb index 81e9954c1d..947d13208d 100644 --- a/meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb +++ b/meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb
@@ -6,6 +6,7 @@ DEPENDS = "zlib expat brotli libinih"
6		6
7	SRC_URI = "git://github.com/Exiv2/exiv2.git;protocol=https;branch=0.28.x \	7	SRC_URI = "git://github.com/Exiv2/exiv2.git;protocol=https;branch=0.28.x \
8	file://0001-Revert-fix-copy-constructors.patch \	8	file://0001-Revert-fix-copy-constructors.patch \
		9	file://0001-CVE-2025-54080-fix.patch \
9	"	10	"
10	SRCREV = "a6a79ef064f131ffd03c110acce2d3edb84ffa2e"	11	SRCREV = "a6a79ef064f131ffd03c110acce2d3edb84ffa2e"
11	S = "${WORKDIR}/git"	12	S = "${WORKDIR}/git"