From da98d95f63c0a115229b44a9ef7145efc5fa9e9e Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Sat, 28 Feb 2026 21:24:27 +0100
Subject: [PATCH] exiv2: patch CVE-2021-37619

Details: https://nvd.nist.gov/vuln/detail/CVE-2021-37619

Pick the patch from the PR referenced by the NVD advisory.

Note that the regression test is not part of this patch,
as no patchtool could apply it in do_patch task.

The test patch was however manually applied during preparing
this patch, and all tests were executed successfully.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../exiv2/exiv2/CVE-2021-37619.patch          | 37 +++++++++++++++++++
 meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb |  1 +
 2 files changed, 38 insertions(+)
 create mode 100644 meta-oe/recipes-support/exiv2/exiv2/CVE-2021-37619.patch

diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-37619.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-37619.patch
new file mode 100644
index 0000000000..9faf778743
--- /dev/null
+++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-37619.patch
@@ -0,0 +1,37 @@
+From 0b74e631713d328a5f2bd1d9d26baf2e12b9da56 Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Wed, 30 Jun 2021 18:02:43 +0100
+Subject: [PATCH] fix: fix incorrect loop condition (#1752)
+
+* Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v
+
+* Fix incorrect loop condition.
+
+CVE: CVE-2021-37619
+Upstream-Status: Backport [https://github.com/Exiv2/exiv2/commit/86d0a1d5d9f6dc41013a6690408add974e59167c]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/jp2image.cpp | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/jp2image.cpp b/src/jp2image.cpp
+index 2da69f1..482ef63 100644
+--- a/src/jp2image.cpp
++++ b/src/jp2image.cpp
+@@ -658,12 +658,14 @@ static void boxes_check(size_t b,size_t m)
+         char*         p      = (char*) boxBuf.pData_;
+         bool          bWroteColor = false ;
+ 
+-        while ( count < length || !bWroteColor ) {
++        while ( count < length && !bWroteColor ) {
+             enforce(sizeof(Jp2BoxHeader) <= length - count, Exiv2::kerCorruptedMetadata);
+             Jp2BoxHeader* pSubBox = (Jp2BoxHeader*) (p+count) ;
+ 
+             // copy data.  pointer could be into a memory mapped file which we will decode!
+-            Jp2BoxHeader   subBox = *pSubBox ;
++            // pSubBox isn't always an aligned pointer, so use memcpy to do the copy.
++            Jp2BoxHeader   subBox;
++            memcpy(&subBox, pSubBox, sizeof(Jp2BoxHeader));
+             Jp2BoxHeader   newBox =  subBox;
+ 
+             if ( count < length ) {
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
index 213a47eed1..1bc42ea1fb 100644
--- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
+++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
@@ -25,6 +25,7 @@ SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source
            file://CVE-2021-37615-1.patch \
            file://CVE-2021-37615-2.patch \
            file://CVE-2021-37618.patch \
+           file://CVE-2021-37619.patch \
            "
 SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778"