debian/0000775000000000000000000000000013074064650007175 5ustar debian/dirs0000664000000000000000000000003413067461500010053 0ustar usr/bin usr/share/doc/jhead debian/compat0000664000000000000000000000000213067461500010370 0ustar 9 debian/source/0000775000000000000000000000000013067461500010472 5ustar debian/source/format0000664000000000000000000000001413067461500011700 0ustar 3.0 (quilt) debian/control0000664000000000000000000000145513067461500010602 0ustar Source: jhead Section: graphics Priority: optional Maintainer: Ludovic Rousseau Build-Depends: debhelper (>> 9) Standards-Version: 3.9.3 Homepage: http://www.sentex.net/~mwandel/jhead/ Package: jhead Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libjpeg-progs Suggests: imagemagick Description: manipulate the non-image part of Exif compliant JPEG files jhead is a command line driven utility for extracting digital camera settings from the Exif format files used by many digital cameras. It handles the various confusing ways these can be expressed, and displays them as F-stop, shutter speed, etc. It is also able to reduce the size of digital camera JPEGs without loss of information, by deleting integral thumbnails that digital cameras put into the Exif header. debian/watch0000664000000000000000000000017113067461500010222 0ustar version=2 http://www.sentex.net/~mwandel/jhead/ (?:.*/)?jhead-?_?([\d+\.]+|\d+)(\.tar|\.tgz)(\.gz|\.bz2|) debian uupdate debian/patches/0000775000000000000000000000000013067461500010621 5ustar debian/patches/25_makefile0000664000000000000000000000040713067461500012630 0ustar Description: install binary in /usr/bin instead of /usr/local/bin Author: Ludovic Rousseau --- a/makefile +++ b/makefile @@ -20,4 +20,4 @@ rm -f $(objs) jhead install: - cp jhead ${DESTDIR}/usr/local/bin/ + cp jhead ${DESTDIR}/usr/bin/ debian/patches/31_CVE-2016-38220000664000000000000000000000176413067461500012456 0ustar Description: CVE-2016-3822: Fix possible out of bounds access Origin: https://android.googlesource.com/platform/external/jhead/+/bae671597d47b9e5955c4cb742e468cebfd7ca6b Bug-Debian: http://bugs.debian.org/858213 Author: Marco Nelissen Reviewed-by: Salvatore Bonaccorso Last-Update: 2017-03-31 --- a/exif.c +++ b/exif.c @@ -9,6 +9,7 @@ #include "jhead.h" #include +#include static unsigned char * DirWithThumbnailPtrs; static double FocalplaneXRes; @@ -527,7 +528,7 @@ unsigned OffsetVal; OffsetVal = Get32u(DirEntry+8); // If its bigger than 4 bytes, the dir entry contains an offset. - if (OffsetVal+ByteCount > ExifLength){ + if (OffsetVal > UINT32_MAX - ByteCount || OffsetVal+ByteCount > ExifLength){ // Bogus pointer offset and / or bytecount value ErrNonfatal("Illegal value pointer for tag %04x in Exif", Tag,0); continue; debian/patches/series0000664000000000000000000000007213067461500012035 0ustar 26_makefile 25_makefile 27_documentation 31_CVE-2016-3822 debian/patches/27_documentation0000664000000000000000000000327313067461500013732 0ustar Description: remove documentation of -n Author: James R. Van Zandt Bug-Debian: http://bugs.debian.org/691607 --- a/jhead.1 +++ b/jhead.1 @@ -121,13 +121,7 @@ This option causes files to be renamed and/ or mmoved using the date information from the Exif header "DateTimeOriginal" field. If the file is not an Exif file, or the DateTimeOriginal does not contain a valid -value, the file date is used. Renaming is by default restricted to -files whose names consist largely of digits. This effectively restricts -renaming to files that have not already been manually renamed, as the -default sequential names from digital cameras consist largely of digits. -Use the -.B \-n -option to force renaming of all files. If the new name contains a '/', +value, the file date is used. If the new name contains a '/', this will be interpreted as a new path, and the file will be moved accordingly. --- a/jhead.c +++ b/jhead.c @@ -1251,8 +1251,7 @@ " '%%i' will include a sequence number, starting from 1. You can\n" " You can specify '%%03i' for example to get leading zeros.\n" " This feature is useful for ordering files from multiple digicams to\n" - " sequence of taking. Only renames files whose names are mostly\n" - " numerical (as assigned by digicam)\n" + " sequence of taking.\n" " The '.jpg' is automatically added to the end of the name. If the\n" " destination name already exists, a letter or digit is added to \n" " the end of the name to make it unique.\n" debian/patches/26_makefile0000664000000000000000000000072013067461500012627 0ustar Description: Use flags set by dpkg-buildflags to enable automatic hardening Author: Ludovic Rousseau --- a/makefile +++ b/makefile @@ -11,10 +11,10 @@ $(OBJ)/exif.o $(OBJ)/iptc.o $(OBJ)/gpsinfo.o $(OBJ)/makernote.o $(OBJ)/%.o:$(SRC)/%.c - ${CC} $(CFLAGS) -c $< -o $@ + ${CC} $(CFLAGS) $(CPPFLAGS) -c $< -o $@ jhead: $(objs) jhead.h - ${CC} -o jhead $(objs) -lm + ${CC} $(LDFLAGS) -o jhead $(objs) -lm clean: rm -f $(objs) jhead debian/manpages0000664000000000000000000000001013067461500010677 0ustar jhead.1 debian/copyright0000664000000000000000000000131613067461500011126 0ustar This package was debianized by Dave Baker on Sun, 30 Dec 2001 16:17:45 -0500. It was downloaded from http://www.sentex.net/~mwandel/jhead/ Upstream Author: Matthias Wandel Copyright: This text taken verbatim from the readme.txt: Jhead is public domain software - that is, you can do whatever you want with it, and include it software that is licensesed under the GNU or the BSD license, or whatever other licence you chose, including proprietary closed source licenses. Although not part of the liscense, I do expect common courtesy, please. If you do integrate the code into some software of yours, I'd appreciate knowing about it though debian/rules0000775000000000000000000000003513067461500010250 0ustar #!/usr/bin/make -f %: dh $@ debian/docs0000664000000000000000000000001313067461500010037 0ustar readme.txt debian/changelog0000664000000000000000000003307713074064650011061 0ustar jhead (1:2.97-1+deb8u1build0.14.04.1) trusty-security; urgency=medium * fake sync from Debian -- Steve Beattie Thu, 13 Apr 2017 23:18:16 -0700 jhead (1:2.97-1+deb8u1) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2016-3822: Fix possible out of bounds access (Closes: #858213) -- Salvatore Bonaccorso Fri, 31 Mar 2017 16:10:08 +0200 jhead (1:2.97-1) unstable; urgency=low * New upstream release -- Ludovic Rousseau Sat, 16 Mar 2013 14:45:00 +0100 jhead (1:2.96-2) unstable; urgency=low * Fix "documentation still hints at old "-nf" renaming functionality" Apply attached patch (Closes: #691607) -- Ludovic Rousseau Sun, 28 Oct 2012 10:28:57 +0100 jhead (1:2.96-1) unstable; urgency=low * New upstream release * debian/patches/26_makefile: Use flags set by dpkg-buildflags to enable automatic hardening * debian/compat: update from 7 to 9 to enable automatic hardening -- Ludovic Rousseau Sat, 28 Jul 2012 09:25:22 +0200 jhead (1:2.95-1) unstable; urgency=low * New upstream release * Fix "jhead -cmd 'jpegtran -progressive &i > &o' P1080931.JPG remove Date/Time Original exif tag and others" fixed upstream (Closes: #662110) * debian/control: Standards-Version: 3.9.2 -> 3.9.3. No change needed. -- Ludovic Rousseau Sat, 24 Mar 2012 11:50:13 +0100 jhead (1:2.93-1) unstable; urgency=low * New upstream release * debian/patches/25_makefile: new patch * debian/control: remove Build-Depends: quilt since we use source format "3.0 (quilt)" * debian/control: Standards-Version: 3.9.1 -> 3.9.2. no change needed. -- Ludovic Rousseau Sun, 04 Dec 2011 17:09:13 +0100 jhead (1:2.90-3) unstable; urgency=low * Fix "Can't run mogrify from graphicsmagick." add a Suggests: imagemagick (Closes: #463225) * debian/rules: use a minimal version * Standards-Version: 3.8.4 -> 3.9.1. No change needed. -- Ludovic Rousseau Sun, 27 Mar 2011 20:22:56 +0200 jhead (1:2.90-2) unstable; urgency=low * debian/patches/24_jhead.1: Fix "confusing manpage" (Closes: #570608) -- Ludovic Rousseau Sun, 21 Feb 2010 16:15:40 +0100 jhead (1:2.90-1) unstable; urgency=low * New upstream release * debian/patches/* removed. They are now included upstream. * debian/patches/23_jhead.1: fix manpage-has-errors-from-man usr/share/man/man1/jhead.1.gz 54: warning: macro `&'' not defined * debian/control: Standards-Version: 3.8.3 -> 3.8.4. no change needed -- Ludovic Rousseau Fri, 05 Feb 2010 18:54:04 +0100 jhead (1:2.88-2) unstable; urgency=low * debian/control: add Depends: ${misc:Depends} W: jhead source: debhelper-but-no-misc-depends jhead * debian/patches/21_jhead.c: fix a spelling typo * debian/patches/22_jhead.1: fix hyphen-used-as-minus-sign -- Ludovic Rousseau Sun, 03 Jan 2010 17:03:59 +0100 jhead (1:2.88-1) unstable; urgency=low * New upstream release - debian/patches/30_buffer_overflow: patch included upstream * debian/control: Standards-Version: 3.8.1 -> 3.8.3. No change needed. * Move to "3.0 (quilt)" source format * Use an epoch number since 2.88 < 2.875 * debian/patches/20_jhead.1: use DEP-3 format -- Ludovic Rousseau Sun, 29 Nov 2009 18:28:42 +0100 jhead (2.875-2) unstable; urgency=low * Fix "segmentation fault on corrupt input file" patch from upstream debian/patches/30_buffer_overflow (Closes: #530401) -- Ludovic Rousseau Sun, 31 May 2009 17:36:13 +0200 jhead (2.875-1) unstable; urgency=low * New upstream release - Fix "document Nonfatal Error: Illegal subdirectory link" the error message is now explicit that the erorr is in EXIF data and not the file system (Closes: #525724) * update from debhelper 4 to 7 * Standards-Version: 3.7.3 -> 3.8.1 - add support of noopt, nostrip and parallel= in DEB_BUILD_OPTIONS -- Ludovic Rousseau Thu, 30 Apr 2009 19:59:57 +0200 jhead (2.87-1) unstable; urgency=low * New upstream release - Closes: #517990: jhead: -ce broken (fix released in 2.87) -- Ludovic Rousseau Sat, 07 Mar 2009 14:10:41 +0100 jhead (2.86-2) unstable; urgency=low * debian/patches/20_jhead.1: Closes: #515659 "jhead: Manpage error in '-te' example" * use quilt again -- Ludovic Rousseau Wed, 18 Feb 2009 15:55:26 +0000 jhead (2.86-1) unstable; urgency=low * New upstream release * remove patches 01_makefile, 07_jhead.1, 08_jhead.1, 09_long_int, 10_jhead.1 since they are now included upstream * do not use quilt anymore (no patch needed) -- Ludovic Rousseau Sun, 15 Feb 2009 14:45:20 +0100 jhead (2.85-1) unstable; urgency=low * New upstream release - Closes: #504194 "CVE-2008-4640: insecure file handling" * debian/patches/11_jhead.c.dpatch: removed since included upstream * debian/*: change from dpatch to quilt -- Ludovic Rousseau Thu, 06 Nov 2008 21:51:09 +0100 jhead (2.84-2) unstable; urgency=high * urgency high since it fixes a security RC bug: CVE-2008-4641 * debian/patches/11_jhead.c.dpatch: Closes: #503645: jhead: CVE-2008-4641 command injection via filename and insecure file handling -- Ludovic Rousseau Fri, 31 Oct 2008 19:53:26 +0100 jhead (2.84-1) unstable; urgency=high * New upstream release - Closes: #502353 "Security issues fixed in 2.84" - Fix CVE-2008-4575: "Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) possibly other unspecified vectors." * debian/patches/05_jhead.1.dpatch: removed since applied upstream * debian/patches/10_jhead.1.dpatch: update since not all from 05_jhead.1.dpatch has been included upstream -- Ludovic Rousseau Thu, 16 Oct 2008 21:13:02 +0200 jhead (2.82-1) unstable; urgency=low * New upstream release * debian/patches/09_long_int.dpatch: avoid some compiler warnings * debian/patches/10_jhead.1.dpatch: avoid a lintian warning -- Ludovic Rousseau Sat, 24 May 2008 14:01:01 +0200 jhead (2.80-1) unstable; urgency=low * New upstream realease - remove debian/patches/06_jhead_c.dpatch: included upstream * debian/control: add the Homepage: field * debian/patches/0{5,7,8}_jhead.1.dpatch add dpatch description * debian/control: Standards-Version: 3.7.2 -> 3.7.3 -- Ludovic Rousseau Thu, 06 Dec 2007 22:04:01 +0100 jhead (2.70-2) unstable; urgency=low * debian/patches/07_jhead.1.dpatch: Closes: #435072: "jhead: date+time format for -da needs / separator" * debian/patches/08_jhead.1.dpatch: Closes: #435073: "jhead: -da example in man page reverses the dates" -- Ludovic Rousseau Sun, 12 Aug 2007 13:14:44 +0200 jhead (2.70-1) unstable; urgency=low * New upstream realease - Closes: #425990: "Please provide new upstream release" -- Ludovic Rousseau Fri, 25 May 2007 16:25:47 +0200 jhead (2.60-4) unstable; urgency=low * debian/patches/06_jhead_c.dpatch: change "yyyy:mmm:dd" in "yyyy:mm:dd" Closes: #404527: "jhead: typo in error message for option -ts" -- Ludovic Rousseau Tue, 26 Dec 2006 10:23:05 +0100 jhead (2.60-3) unstable; urgency=low * debian/patches/05_jhead.1.dpatch: update. Closes: #400534: jhead: Typos in man page -- Ludovic Rousseau Tue, 28 Nov 2006 21:43:01 +0100 jhead (2.60-2) unstable; urgency=low * debian/patches/05_jhead.1.dpatch: update. Closes: #379516: jhead: Example in man page has mistakes -- Ludovic Rousseau Tue, 1 Aug 2006 22:33:49 +0200 jhead (2.60-1) unstable; urgency=low * New upstream realease * debian/patches/05_jhead.1.dpatch - Closes: #367580: jhead: man page typo: "thumbail" -> "thumbnail" - Closes: #367581: jhead: Typo in man page: "Regnerate" -> "Regenerate" - Closes: #367582: jhead: Typo in readme.txt: "Liscence" -> "Licence" - Closes: #367587: jhead: Documentation of -rt is confused. -- Ludovic Rousseau Wed, 17 May 2006 23:28:13 +0200 jhead (2.50-1) unstable; urgency=low * rename upstream version 2.5 in 2.50 since 2.5 < 2.44 according to Debian Installer -- Ludovic Rousseau Sun, 26 Feb 2006 17:46:24 +0100 jhead (2.5-1) unstable; urgency=low * New upstream version - debian/patches/02_jhead.1.dpatch: patch included upstream - debian/patches/03_jhead.c.dpatch: patch included upstream * debian/patches/04_cast.dpatch: the compilation failed because of a cast * debian/compat: 3 -> 4 -- Ludovic Rousseau Sun, 26 Feb 2006 17:21:48 +0100 jhead (2.44-1) unstable; urgency=low * New upstream version * debian/patches/02_jhead.1.dpatch: include a patch. Closes: #329704 "Typo fix: "freindly" --> "friendly" in the man page" * debian/control: Standards-Version: 3.6.1 -> 3.6.2: no change * debian/patches/03_jhead.c.dpatch: keep the access rights of the original file. Closes: #330242 "jhead -ce changes file permissions" -- Ludovic Rousseau Sun, 9 Oct 2005 00:17:14 +0200 jhead (2.41-1) unstable; urgency=low * New upstream release - Closes: #284541 "zophImport: gets camera model wrong" * debian/patches/02_jhead.1.dpatch: Closes: #314640 "Typo in manual page (of->or)" -- Ludovic Rousseau Fri, 17 Jun 2005 20:00:42 +0200 jhead (2.4-1) unstable; urgency=low * New upstream release -- Ludovic Rousseau Fri, 17 Jun 2005 16:28:38 +0200 jhead (2.3-2) unstable; urgency=low * debian/control: add Depends: libjpeg-progs Closes: #292617 "missing dependency (libjpeg-progs)" -- Ludovic Rousseau Fri, 28 Jan 2005 12:09:19 +0100 jhead (2.3-1) unstable; urgency=low * New upstream release - Closes: #290571 "New upstream release" - Closes: #274055 "Shouldn't touch read-only files" -- Ludovic Rousseau Sat, 15 Jan 2005 16:42:52 +0100 jhead (2.2-1) unstable; urgency=low * New upstream release * debian/copyright: update to sync the copyright statement with upstream readme.txt -- Ludovic Rousseau Wed, 14 Jul 2004 14:34:43 +0200 jhead (2.1-4) unstable; urgency=low * debian/patches/03_jhead.1.dpatch: some typos corrections for jhead.1 Closes: #244627 -- Ludovic Rousseau Mon, 19 Apr 2004 16:32:14 +0200 jhead (2.1-3) unstable; urgency=low * debian/patches/02_usage.html.dpatch: correct usage.html, Closes: #162340 - s/Jpeg/JPEG/ - s/exif/Exif/ - s/ImageMagic/ImageMagick/ - s/dos/DOS/ * debian/patches/03_jhead.1.dpatch: correct jhead.1, Closes: #233002 - s/Jpeg/JPEG/ - s/exif/Exif/ - and some other mistakes -- Ludovic Rousseau Fri, 20 Feb 2004 15:20:34 +0100 jhead (2.1-2) unstable; urgency=low * debian/control: change maintainer :-) * acknowledge my own NMU: Closes: #162026, #202794, #161801, #189049, #188514, #162234 -- Ludovic Rousseau Sun, 1 Feb 2004 17:25:59 +0100 jhead (2.1-1) unstable; urgency=low * New maintainer. Thanks to Dave Baker. * New upstream release - Closes: #162026 "New upstream available..." - Closes: #202794 "new release 2.0 available" - Closes: #161801 "enhanced file renaming" * debian/copyright: - update copyright from upstream readme.txt - use upstream email format as in readme.txt. Closes: #189049 "Upstream author objects to have his email address listed in the documentation." * debian/docs: include changes.txt in the package. Closes: #188514 * debian/control: Standards-Version: 3.5.2 -> 3.6.1 * debian/jhead.sgml: - removed since upstream distribute a manpage - so no need to patch jhead.sgml anymore, Closes: #162234 "manpage omits some options" -- Ludovic Rousseau Sun, 1 Feb 2004 16:37:09 +0100 jhead (1.8-2) unstable; urgency=low * Typos corrected in usage.html and man page. (Closes: #160289) -- Dave Baker Tue, 24 Sep 2002 22:42:03 -0400 jhead (1.8-1) unstable; urgency=low * New upstream release (Closes: #151062) * Preliminary package for new binary - documentation (not included in upstream source) has not yet been updated. -- Dave Baker Tue, 6 Aug 2002 09:29:53 -0400 jhead (1.6-2) unstable; urgency=low * Bugfix - added "-f Makefile" to debian/rules to avoid using original "makefile" from upstream which doesn't do all that we need it to. Closes: #132353 -- Dave Baker Mon, 4 Feb 2002 13:51:23 -0500 jhead (1.6-1) unstable; urgency=low * New upstream release (Closes: #131048) -- Dave Baker Sat, 26 Jan 2002 21:25:21 -0500 jhead (1.5.5-1) unstable; urgency=low * New upstream release -- Dave Baker Wed, 9 Jan 2002 12:35:57 -0500 jhead (1.5-2) unstable; urgency=low * Updated debian/copyright file with text from readme.txt (not webpage) that I think more accurately expresses the author's wishes. * Makefile changes, Added 'upstream' URL to description. -- Dave Baker Fri, 5 Jan 2002 00:29:47 -0500 jhead (1.5-1) unstable; urgency=low * Initial Release. * Closes: #127228 (ITP announcement) -- Dave Baker Sun, 30 Dec 2001 16:17:45 -0500