From 6434e4328bf04dc3f06c2ab238ed08572eba6d3b Mon Sep 17 00:00:00 2001
From: alperak <alperyasinak1@gmail.com>
Date: Fri, 12 Jul 2024 11:06:41 +0300
Subject: exiv2: Upgrade 0.28.2 to 0.28.3 for CVE fix

Release Notes:

* https://github.com/Exiv2/exiv2/issues/3008
* https://github.com/Exiv2/exiv2/milestone/14?closed=1

This release also fixes a low-severity security issue in asfvideo.cpp:

* [CVE-2024-39695](https://github.com/Exiv2/exiv2/security/advisories/GHSA-38rv-8x93-pvrh): out-of-bounds read in AsfVideo::streamProperties.

This vulnerability is in a new feature (ASF video) that was added in version 0.28.0, so earlier versions of Exiv2 are not affected.

Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9f4361418d58941d058fb94a3671b9d0904b6300)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-oe/recipes-support/exiv2/exiv2_0.28.2.bb | 11 -----------
 meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb | 11 +++++++++++
 2 files changed, 11 insertions(+), 11 deletions(-)
 delete mode 100644 meta-oe/recipes-support/exiv2/exiv2_0.28.2.bb
 create mode 100644 meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb

diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.28.2.bb b/meta-oe/recipes-support/exiv2/exiv2_0.28.2.bb
deleted file mode 100644
index faae247998..0000000000
--- a/meta-oe/recipes-support/exiv2/exiv2_0.28.2.bb
+++ /dev/null
@@ -1,11 +0,0 @@
-SUMMARY = "Exif, Iptc and XMP metadata manipulation library and tools"
-LICENSE = "GPL-2.0-only"
-LIC_FILES_CHKSUM = "file://COPYING;md5=625f055f41728f84a8d7938acc35bdc2"
-
-DEPENDS = "zlib expat brotli libinih"
-
-SRC_URI = "git://github.com/Exiv2/exiv2.git;protocol=https;branch=0.28.x"
-SRCREV = "04207b9c39bf7b3b1a7144f7ed4e4f16b4f29ef6"
-S = "${WORKDIR}/git"
-
-inherit cmake gettext
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb
new file mode 100644
index 0000000000..3e33ab7953
--- /dev/null
+++ b/meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb
@@ -0,0 +1,11 @@
+SUMMARY = "Exif, Iptc and XMP metadata manipulation library and tools"
+LICENSE = "GPL-2.0-only"
+LIC_FILES_CHKSUM = "file://COPYING;md5=625f055f41728f84a8d7938acc35bdc2"
+
+DEPENDS = "zlib expat brotli libinih"
+
+SRC_URI = "git://github.com/Exiv2/exiv2.git;protocol=https;branch=0.28.x"
+SRCREV = "a6a79ef064f131ffd03c110acce2d3edb84ffa2e"
+S = "${WORKDIR}/git"
+
+inherit cmake gettext
-- 
cgit v1.2.3-54-g00ecf