diff options
Diffstat (limited to 'media-gfx/jhead')
-rw-r--r-- | media-gfx/jhead/Manifest | 2 | ||||
-rw-r--r-- | media-gfx/jhead/files/jhead-3.06.0.1-CVE-2021-34055.patch | 108 | ||||
-rw-r--r-- | media-gfx/jhead/jhead-3.06.0.1-r1.ebuild | 27 |
3 files changed, 137 insertions, 0 deletions
diff --git a/media-gfx/jhead/Manifest b/media-gfx/jhead/Manifest index d4ccf572842a..f11e57a9a4f4 100644 --- a/media-gfx/jhead/Manifest +++ b/media-gfx/jhead/Manifest @@ -1,5 +1,7 @@ AUX jhead-3.04-mkstemp-fix-makefile.patch 1496 BLAKE2B 99266c5b86f94e6b173ae48e72990503fdb9d6d55e10f509e94d08fa0e821f25075868c8c6587b69c0299caac738b4872f46473236cf714eb5ed7ff0cacbf1f4 SHA512 f1f682a7b24e5e6e31125f80cae48e6c9e1af1e9f21b347784da0724a73e10082ff45b5bd36210883e8163048e3174efe927db95ceb660de821338ff77b05575 +AUX jhead-3.06.0.1-CVE-2021-34055.patch 3779 BLAKE2B dfecaac2276d5b9c3fb85f0826bf814f468ba18d78baa2b1a979393cc08d24d00c639462ef470f1c4d3c4889add34a89941798b896971e8b868538ea691af253 SHA512 8d586c3805574b9b2332ddda0693c93052cbf7bc4930694e485bd7a3d85a2255f86d5222d99da851d3d81491ad61ddca4810c23d528f41b1b0784145f4f50dd9 AUX jhead-3.06.0.1-mkstemp-fix-makefile.patch 1575 BLAKE2B a3f7defa7fdcb547d0f9ed2d06c690effabd4435769fadd26cc26c939dda7ec865eb4ff9ffaf5cd6e817caa759d1bcdb741c6b2105b32d1954703d595d0c16a0 SHA512 36b15c3b557be1bfbfffec5e821389cdf9fa9549d5d8b60d5e30edf4177b29f4f34895763f722b7e5b5510ff7f1b46f6c35f13345750a408f2d500ddd4687144 DIST jhead-3.06.0.1.tgz 1144608 BLAKE2B 100eaddd8585e8845e83c3eb24aefb0a0a2d477f0ee818c212cc39ad88f39cbac5532979dbe7ee8c4d7b9475fdf4cce4257679d996e4fae14ef1902ef2f8e5a2 SHA512 7804f4bab1b07eb08ed981364b3634b1c25e0657d57651871aede640254c33f9d2307ba7c9fb3bc81eb06b71ba5d27437275a3fe53859e9e9457e37e12545db9 +EBUILD jhead-3.06.0.1-r1.ebuild 642 BLAKE2B b1cf939ea41c702fd0eca14d0e091858b40349b50c4fe5407e1d1b652606492419bbb90ccdd8b8091799e2a3679b92e3cd9073dc8bec5eb4aeab19d0fc89f5e7 SHA512 cc33d1720dbb05e4ec188c7fa21eb4143750cb642c419cd5f337f4ebcc6dafc8410944ba28a23762df17a069d927f37a22a7d39aed5a87efb8168cbe6699ee30 EBUILD jhead-3.06.0.1.ebuild 595 BLAKE2B 56641f588987ecbe128221a18b70b7bca0e0192289e0bf555e7e38933cf8580e0d603cde973a4d0848060aaa9d59385701b257d96d98700c7fad9eb56d3b0568 SHA512 ebee7e4926f19c99bae4aa91a64f7441502e4fe030091a02a8685ad16badd7462bb97fcf4129843e8a03618e2f5f0c5cba364188f598d0bf1301308b2c11e326 MISC metadata.xml 351 BLAKE2B 2fa507a18a19bd866b01af6618c21a3f3b37bd250fb9cbf3a253ae9e94cb6dae961a5f337c083511d7e939380175c613864e087cb22c75b6e5662900168ebabe SHA512 9e77e681d0453ec4ee2ffb3888b3867f0445fb4617a68e36902e1ee37ac56e0d04576c3a20447ee1a8fece62896c119b24ab5073f37c8e62f1c2ec00cf82a8da diff --git a/media-gfx/jhead/files/jhead-3.06.0.1-CVE-2021-34055.patch b/media-gfx/jhead/files/jhead-3.06.0.1-CVE-2021-34055.patch new file mode 100644 index 000000000000..1669eb6f089f --- /dev/null +++ b/media-gfx/jhead/files/jhead-3.06.0.1-CVE-2021-34055.patch @@ -0,0 +1,108 @@ +From f4f57913fff5de97da347a22558bbb74a1166369 Mon Sep 17 00:00:00 2001 +From: matthias wandel <matthias@woodgears.ca> +Date: Wed, 1 Sep 2021 18:59:15 -0300 +Subject: [PATCH] If exif header is complete garbage, don't keep it. Fixes + issue 36 + +(cherry picked from commit c761620767ae72e5d61c697a73de262aebe0b591) +--- + exif.c | 12 +++++++----- + jhead.h | 2 +- + jpgfile.c | 5 ++++- + 3 files changed, 12 insertions(+), 7 deletions(-) + +diff --git a/exif.c b/exif.c +index ba066b5..d250a8d 100755 +--- a/exif.c ++++ b/exif.c +@@ -1005,7 +1005,7 @@ void Clear_EXIF () + // Process a EXIF marker + // Describes all the drivel that most digital cameras include... + //-------------------------------------------------------------------------- +-void process_EXIF (unsigned char * ExifSection, int length) ++int process_EXIF (unsigned char * ExifSection, int length) + { + int FirstOffset; + +@@ -1020,7 +1020,7 @@ void process_EXIF (unsigned char * ExifSection, int length) + static uchar ExifHeader[] = "Exif\0\0"; + if (memcmp(ExifSection+2, ExifHeader,6)){ + ErrNonfatal("Incorrect Exif header",0,0); +- return; ++ return 0; + } + } + +@@ -1033,21 +1033,21 @@ void process_EXIF (unsigned char * ExifSection, int length) + MotorolaOrder = 1; + }else{ + ErrNonfatal("Invalid Exif alignment marker.",0,0); +- return; ++ return 0; + } + } + + // Check the next value for correctness. + if (Get16u(ExifSection+10) != 0x2a){ + ErrNonfatal("Invalid Exif start (1)",0,0); +- return; ++ return 0; + } + + FirstOffset = (int)Get32u(ExifSection+12); + if (FirstOffset < 8 || FirstOffset > 16){ + if (FirstOffset < 16 || FirstOffset > length-16 || length < 16){ + ErrNonfatal("invalid offset for first Exif IFD value",0,0); +- return; ++ return 0; + } + // Usually set to 8, but other values valid too. + ErrNonfatal("Suspicious offset of first Exif IFD value",0,0); +@@ -1086,6 +1086,7 @@ void process_EXIF (unsigned char * ExifSection, int length) + ImageInfo.FocalLength35mmEquiv = (int)(ImageInfo.FocalLength/ImageInfo.CCDWidth*36 + 0.5); + } + } ++ return 1; + } + + +@@ -1235,6 +1236,7 @@ void create_EXIF(void) + const char * ClearOrientation(void) + { + int a; ++ + if (NumOrientations == 0) return NULL; + + for (a=0;a<NumOrientations;a++){ +diff --git a/jhead.h b/jhead.h +index 3d620d9..03987e2 100644 +--- a/jhead.h ++++ b/jhead.h +@@ -163,7 +163,7 @@ void FileTimeAsString(char * TimeStr); + // Prototypes for exif.c functions. + int Exif2tm(struct tm * timeptr, char * ExifTime); + void Clear_EXIF(); +-void process_EXIF (unsigned char * CharBuf, int length); ++int process_EXIF (unsigned char * CharBuf, int length); + void ShowImageInfo(int ShowFileInfo); + void ShowConciseImageInfo(void); + const char * ClearOrientation(void); +diff --git a/jpgfile.c b/jpgfile.c +index 097d2f1..af2d7bc 100644 +--- a/jpgfile.c ++++ b/jpgfile.c +@@ -286,7 +286,10 @@ int ReadJpegSections (FILE * infile, ReadMode_t ReadMode) + // There can be different section using the same marker.
+ if (ReadMode & READ_METADATA){
+ if (memcmp(Data+2, "Exif", 4) == 0){
+- process_EXIF(Data, itemlen);
++ if (!process_EXIF(Data, itemlen)){
++ // malformatted exif sections, discard.
++ free(Sections[--SectionsRead].Data);
++ }
+ break;
+ }else if (memcmp(Data+2, "http:", 5) == 0){
+ Sections[SectionsRead-1].Type = M_XMP; // Change tag for internal purposes.
+-- +2.39.2 + diff --git a/media-gfx/jhead/jhead-3.06.0.1-r1.ebuild b/media-gfx/jhead/jhead-3.06.0.1-r1.ebuild new file mode 100644 index 000000000000..b136a4af4247 --- /dev/null +++ b/media-gfx/jhead/jhead-3.06.0.1-r1.ebuild @@ -0,0 +1,27 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DESCRIPTION="Exif Jpeg camera setting parser and thumbnail remover" +HOMEPAGE="http://www.sentex.net/~mwandel/jhead" +SRC_URI="https://github.com/Matthias-Wandel/jhead/archive/refs/tags/${PV}.tar.gz -> ${P}.tgz" + +LICENSE="public-domain" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86" + +PATCHES=( + "${FILESDIR}/${P}-mkstemp-fix-makefile.patch" + "${FILESDIR}/${P}-CVE-2021-34055.patch" +) + +src_install() { + dobin ${PN} + dodoc *.txt + docinto html + dodoc *.html + doman ${PN}.1 + doheader ${PN}.h + dolib.so lib${PN}.so* +} |