exiv2: patch CVE-2026-25884

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25884

Backport the commits referenced by the NVD advisory.

Note that the regression tests are not included in this test. The
patch contains binary data, which cannot be applied with any of
the PATCHTOOLs in do_patch task.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>

meta-oe/recipes-support/exiv2/exiv2/CVE-2026-25884.patch

@@ -0,0 +1,25 @@
+From cfbe7e48cbfa63b88b3dcf9d99272330f8349c4f Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Sat, 31 Jan 2026 15:31:55 +0000
+Subject: [PATCH] Fix out-of-bounds read.
+
+CVE: CVE-2026-25884
+Upstream-Status: Backport [https://github.com/Exiv2/exiv2/commit/5b8f1f4d92b8f27a5a80e0c3d3eb9dce7620d9f1]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/crwimage_int.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
+index 570de75..8791dbd 100644
+--- a/src/crwimage_int.cpp
++++ b/src/crwimage_int.cpp
+@@ -812,7 +812,7 @@ namespace Exiv2 {
+                                     Image&         image,
+                                     ByteOrder      /*byteOrder*/)
+     {
+-        std::string s(reinterpret_cast<const char*>(ciffComponent.pData()));
++        auto s = std::string(reinterpret_cast<const char*>(ciffComponent.pData()), ciffComponent.size());
+         image.setComment(s);
+     } // CrwMap::decode0x0805
+ 

meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb

@@ -32,6 +32,7 @@ SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source
            file://CVE-2021-37621-2.patch \
            file://CVE-2021-37622-1.patch \
            file://CVE-2021-37622-2.patch \
+           file://CVE-2026-25884.patch \
            "
 SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778"