From c9f37a3931154101bd7c0c5b05df8bb832961da6 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Aug 16 2021 09:16:29 +0000
Subject: import exiv2-0.27.0-4.el7_8


---

diff --git a/SOURCES/exiv2-CVE-2021-31291.patch b/SOURCES/exiv2-CVE-2021-31291.patch
new file mode 100644
index 0000000..6799adf
--- /dev/null
+++ b/SOURCES/exiv2-CVE-2021-31291.patch
@@ -0,0 +1,26 @@
+From 13e5a3e02339b746abcaee6408893ca2fd8e289d Mon Sep 17 00:00:00 2001
+From: Pydera <pydera@mailbox.org>
+Date: Thu, 8 Apr 2021 17:36:16 +0200
+Subject: [PATCH] Fix out of buffer access in #1529
+
+---
+ src/jp2image.cpp | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/jp2image.cpp b/src/jp2image.cpp
+index 07afef0..a75d9fb 100644
+--- a/src/jp2image.cpp
++++ b/src/jp2image.cpp
+@@ -753,9 +753,10 @@ namespace Exiv2
+ #endif
+                 box.length = (uint32_t) (io_->size() - io_->tell() + 8);
+             }
+-            if (box.length == 1)
++            if (box.length < 8)
+             {
+-                // FIXME. Special case. the real box size is given in another place.
++                // box is broken, so there is nothing we can do here
++                throw Error(kerCorruptedMetadata);
+             }
+
+             // Read whole box : Box header + Box data (not fixed size - can be null).
diff --git a/SPECS/exiv2.spec b/SPECS/exiv2.spec
index 06a2d5f..6acfa8c 100644
--- a/SPECS/exiv2.spec
+++ b/SPECS/exiv2.spec
@@ -2,7 +2,7 @@
 Summary: Exif and Iptc metadata manipulation library
 Name:    exiv2
 Version: 0.27.0
-Release: 3%{?dist}
+Release: 4%{?dist}
 
 License: GPLv2+
 URL:     http://www.exiv2.org/
@@ -21,6 +21,7 @@ Patch69: 0069-xmpsdk-Fix-compile-warnings-in-ExpatAdapter.cpp.patch
 Patch79: 0079-Fixes-in-.pc-file-for-being-compatible-with-more-dis.patch
 
 Patch100: exiv2-validation-of-size-and-offset-to-avoid-crash.patch
+Patch101: exiv2-CVE-2021-31291.patch
 
 %if 0%{?rhel} == 7
 BuildRequires: llvm-toolset-7-cmake
@@ -133,6 +134,10 @@ test -x %{buildroot}%{_libdir}/libexiv2.so
 
 
 %changelog
+* Thu Aug 05 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.0-4
+- Fix heap-based buffer overflow vulnerability in jp2image.cpp that may lead to DoS
+  Resolves: bz#1990352
+
 * Tue Feb 18 2020 Jan Grulich <jgrulich@redhat.com> - 0.27.0-3
 - Validate relationship of the total size to the offset to avoid crash
   Resolves: bz#1775695