commit jhead for openSUSE:Factory

Sat, 12 Nov 2022 08:41:48 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package jhead for openSUSE:Factory checked 
in at 2022-11-12 17:41:16
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/jhead (Old)
 and      /work/SRC/openSUSE:Factory/.jhead.new.1597 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "jhead"

Sat Nov 12 17:41:16 2022 rev:29 rq:1035276 version:3.06.0.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/jhead/jhead.changes      2022-11-01 
13:42:39.759926225 +0100
+++ /work/SRC/openSUSE:Factory/.jhead.new.1597/jhead.changes    2022-11-12 
17:41:38.814338641 +0100
@@ -1,0 +2,8 @@
+Tue Nov  8 21:17:41 UTC 2022 - Jason Sikes <[email protected]>
+
+- Added jhead-CVE-2021-34055.patch
+  * Fix out of bounds write in ClearOrientation() due to unchecked error
+  * [bsc#1205167]
+  * CVE-2021-34055
+
+-------------------------------------------------------------------

New:
----
  jhead-CVE-2021-34055.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ jhead.spec ++++++
--- /var/tmp/diff_new_pack.8xnhGd/_old  2022-11-12 17:41:39.234341142 +0100
+++ /var/tmp/diff_new_pack.8xnhGd/_new  2022-11-12 17:41:39.242341189 +0100
@@ -31,6 +31,9 @@
 # PATCH FIX UPSTREAM arbitrary OS commands by placing them in a JPEG filename
 # 
https://github.com/Matthias-Wandel/jhead/commit/ec67262b8e5a4b05d8ad6898a09f1dc3fc032062
 Patch1:         jhead-CVE-2022-41751-2.patch
+# PATCH FIX UPSTREAM heap-buffer-overflow of exif.c in function Put16u
+# 
https://github.com/Matthias-Wandel/jhead/commit/f0a884210cc46830b176f71fd61569adc8f230a7
+Patch2:         jhead-CVE-2021-34055.patch
 Requires:       %{_bindir}/jpegtran
 Requires:       %{_bindir}/mogrify
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

++++++ jhead-CVE-2021-34055.patch ++++++
diff --git a/exif.c b/exif.c
index ba066b5..d250a8d 100755
--- a/exif.c
+++ b/exif.c
@@ -1005,7 +1005,7 @@ void Clear_EXIF ()
 // Process a EXIF marker
 // Describes all the drivel that most digital cameras include...
 //--------------------------------------------------------------------------
-void process_EXIF (unsigned char * ExifSection, int length)
+int process_EXIF (unsigned char * ExifSection, int length)
 {
     int FirstOffset;
     
@@ -1020,7 +1020,7 @@ void process_EXIF (unsigned char * ExifSection, int 
length)
         static uchar ExifHeader[] = "Exif\0\0";
         if (memcmp(ExifSection+2, ExifHeader,6)){
             ErrNonfatal("Incorrect Exif header",0,0);
-            return;
+            return 0;
         }
     }
 
@@ -1033,21 +1033,21 @@ void process_EXIF (unsigned char * ExifSection, int 
length)
             MotorolaOrder = 1;
         }else{
             ErrNonfatal("Invalid Exif alignment marker.",0,0);
-            return;
+            return 0;
         }
     }
 
     // Check the next value for correctness.
     if (Get16u(ExifSection+10) != 0x2a){
         ErrNonfatal("Invalid Exif start (1)",0,0);
-        return;
+        return 0;
     }
 
     FirstOffset = (int)Get32u(ExifSection+12);
     if (FirstOffset < 8 || FirstOffset > 16){
         if (FirstOffset < 16 || FirstOffset > length-16 || length < 16){
             ErrNonfatal("invalid offset for first Exif IFD value",0,0);
-            return;
+            return 0;
         }
         // Usually set to 8, but other values valid too.
         ErrNonfatal("Suspicious offset of first Exif IFD value",0,0);
@@ -1086,6 +1086,7 @@ void process_EXIF (unsigned char * ExifSection, int 
length)
             ImageInfo.FocalLength35mmEquiv = 
(int)(ImageInfo.FocalLength/ImageInfo.CCDWidth*36 + 0.5);
         }
     }
+       return 1;
 }
 
 
@@ -1235,6 +1236,7 @@ void create_EXIF(void)
 const char * ClearOrientation(void)
 {
     int a;
+
     if (NumOrientations == 0) return NULL;
 
     for (a=0;a<NumOrientations;a++){
diff --git a/jhead.h b/jhead.h
index 3d620d9..03987e2 100644
--- a/jhead.h
+++ b/jhead.h
@@ -163,7 +163,7 @@ void FileTimeAsString(char * TimeStr);
 // Prototypes for exif.c functions.
 int Exif2tm(struct tm * timeptr, char * ExifTime);
 void Clear_EXIF();
-void process_EXIF (unsigned char * CharBuf, int length);
+int process_EXIF (unsigned char * CharBuf, int length);
 void ShowImageInfo(int ShowFileInfo);
 void ShowConciseImageInfo(void);
 const char * ClearOrientation(void);
diff --git a/jpgfile.c b/jpgfile.c
index 097d2f1..8fe374b 100644
--- a/jpgfile.c
+++ b/jpgfile.c
@@ -286,7 +286,10 @@ int ReadJpegSections (FILE * infile, ReadMode_t ReadMode)
                 // There can be different section using the same marker.
                 if (ReadMode & READ_METADATA){
                     if (memcmp(Data+2, "Exif", 4) == 0){
-                        process_EXIF(Data, itemlen);
+                        if (!process_EXIF(Data, itemlen)){
+                            // malformatted exif sections, discard.
+                            free(Sections[--SectionsRead].Data);
+                                               }
                         break;
                     }else if (memcmp(Data+2, "http:", 5) == 0){
                         Sections[SectionsRead-1].Type = M_XMP; // Change tag 
for internal purposes.
diff --git a/makefile b/makefile
index b8a4d05..d0e4ff8 100644
--- a/makefile
+++ b/makefile
@@ -3,8 +3,8 @@
 #--------------------------------
 OBJ=obj
 SRC=.
-CFLAGS:=$(shell dpkg-buildflags --get CFLAGS)
-LDFLAGS:=$(shell dpkg-buildflags --get LDFLAGS)
+CFLAGS:=$(shell dpkg-buildflags --get CFLAGS) -fsanitize=address
+LDFLAGS:=$(shell dpkg-buildflags --get LDFLAGS) -fsanitize=address
 
 all: objdir jhead

Reply via email to