commit: ecf038d30f5cae49c82bed3af187d62387ed8c1e Author: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org> AuthorDate: Mon Apr 10 02:48:08 2023 +0000 Commit: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org> CommitDate: Mon Apr 10 02:48:38 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ecf038d3
media-gfx/jhead: Add CVE-2021-34055 patch Bug: https://bugs.gentoo.org/879801 Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org> .../files/jhead-3.06.0.1-CVE-2021-34055.patch | 108 +++++++++++++++++++++ media-gfx/jhead/jhead-3.06.0.1-r1.ebuild | 27 ++++++ 2 files changed, 135 insertions(+) diff --git a/media-gfx/jhead/files/jhead-3.06.0.1-CVE-2021-34055.patch b/media-gfx/jhead/files/jhead-3.06.0.1-CVE-2021-34055.patch new file mode 100644 index 000000000000..1669eb6f089f --- /dev/null +++ b/media-gfx/jhead/files/jhead-3.06.0.1-CVE-2021-34055.patch @@ -0,0 +1,108 @@ +From f4f57913fff5de97da347a22558bbb74a1166369 Mon Sep 17 00:00:00 2001 +From: matthias wandel <[email protected]> +Date: Wed, 1 Sep 2021 18:59:15 -0300 +Subject: [PATCH] If exif header is complete garbage, don't keep it. Fixes + issue 36 + +(cherry picked from commit c761620767ae72e5d61c697a73de262aebe0b591) +--- + exif.c | 12 +++++++----- + jhead.h | 2 +- + jpgfile.c | 5 ++++- + 3 files changed, 12 insertions(+), 7 deletions(-) + +diff --git a/exif.c b/exif.c +index ba066b5..d250a8d 100755 +--- a/exif.c ++++ b/exif.c +@@ -1005,7 +1005,7 @@ void Clear_EXIF () + // Process a EXIF marker + // Describes all the drivel that most digital cameras include... + //-------------------------------------------------------------------------- +-void process_EXIF (unsigned char * ExifSection, int length) ++int process_EXIF (unsigned char * ExifSection, int length) + { + int FirstOffset; + +@@ -1020,7 +1020,7 @@ void process_EXIF (unsigned char * ExifSection, int length) + static uchar ExifHeader[] = "Exif\0\0"; + if (memcmp(ExifSection+2, ExifHeader,6)){ + ErrNonfatal("Incorrect Exif header",0,0); +- return; ++ return 0; + } + } + +@@ -1033,21 +1033,21 @@ void process_EXIF (unsigned char * ExifSection, int length) + MotorolaOrder = 1; + }else{ + ErrNonfatal("Invalid Exif alignment marker.",0,0); +- return; ++ return 0; + } + } + + // Check the next value for correctness. + if (Get16u(ExifSection+10) != 0x2a){ + ErrNonfatal("Invalid Exif start (1)",0,0); +- return; ++ return 0; + } + + FirstOffset = (int)Get32u(ExifSection+12); + if (FirstOffset < 8 || FirstOffset > 16){ + if (FirstOffset < 16 || FirstOffset > length-16 || length < 16){ + ErrNonfatal("invalid offset for first Exif IFD value",0,0); +- return; ++ return 0; + } + // Usually set to 8, but other values valid too. + ErrNonfatal("Suspicious offset of first Exif IFD value",0,0); +@@ -1086,6 +1086,7 @@ void process_EXIF (unsigned char * ExifSection, int length) + ImageInfo.FocalLength35mmEquiv = (int)(ImageInfo.FocalLength/ImageInfo.CCDWidth*36 + 0.5); + } + } ++ return 1; + } + + +@@ -1235,6 +1236,7 @@ void create_EXIF(void) + const char * ClearOrientation(void) + { + int a; ++ + if (NumOrientations == 0) return NULL; + + for (a=0;a<NumOrientations;a++){ +diff --git a/jhead.h b/jhead.h +index 3d620d9..03987e2 100644 +--- a/jhead.h ++++ b/jhead.h +@@ -163,7 +163,7 @@ void FileTimeAsString(char * TimeStr); + // Prototypes for exif.c functions. + int Exif2tm(struct tm * timeptr, char * ExifTime); + void Clear_EXIF(); +-void process_EXIF (unsigned char * CharBuf, int length); ++int process_EXIF (unsigned char * CharBuf, int length); + void ShowImageInfo(int ShowFileInfo); + void ShowConciseImageInfo(void); + const char * ClearOrientation(void); +diff --git a/jpgfile.c b/jpgfile.c +index 097d2f1..af2d7bc 100644 +--- a/jpgfile.c ++++ b/jpgfile.c +@@ -286,7 +286,10 @@ int ReadJpegSections (FILE * infile, ReadMode_t ReadMode) + // There can be different section using the same marker. + if (ReadMode & READ_METADATA){ + if (memcmp(Data+2, "Exif", 4) == 0){ +- process_EXIF(Data, itemlen); ++ if (!process_EXIF(Data, itemlen)){ ++ // malformatted exif sections, discard. ++ free(Sections[--SectionsRead].Data); ++ } + break; + }else if (memcmp(Data+2, "http:", 5) == 0){ + Sections[SectionsRead-1].Type = M_XMP; // Change tag for internal purposes. +-- +2.39.2 + diff --git a/media-gfx/jhead/jhead-3.06.0.1-r1.ebuild b/media-gfx/jhead/jhead-3.06.0.1-r1.ebuild new file mode 100644 index 000000000000..b136a4af4247 --- /dev/null +++ b/media-gfx/jhead/jhead-3.06.0.1-r1.ebuild @@ -0,0 +1,27 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DESCRIPTION="Exif Jpeg camera setting parser and thumbnail remover" +HOMEPAGE="http://www.sentex.net/~mwandel/jhead"; +SRC_URI="https://github.com/Matthias-Wandel/jhead/archive/refs/tags/${PV}.tar.gz -> ${P}.tgz" + +LICENSE="public-domain" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86" + +PATCHES=( + "${FILESDIR}/${P}-mkstemp-fix-makefile.patch" + "${FILESDIR}/${P}-CVE-2021-34055.patch" +) + +src_install() { + dobin ${PN} + dodoc *.txt + docinto html + dodoc *.html + doman ${PN}.1 + doheader ${PN}.h + dolib.so lib${PN}.so* +}
