SUSE 5181 Published by

A perl-Image-ExifTool security update has been released for openSUSE Leap 15.2, SUSE Linux Enterprise 15 SP1, and SUSE Linux Enterprise 15 SP2.



openSUSE-SU-2021:0707-1: important: Security update for perl-Image-ExifTool


openSUSE Security Update: Security update for perl-Image-ExifTool
______________________________________________________________________________

Announcement ID: openSUSE-SU-2021:0707-1
Rating: important
References: #1185547
Cross-References: CVE-2021-22204
CVSS scores:
CVE-2021-22204 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:
openSUSE Leap 15.2
openSUSE Backports SLE-15-SP2
openSUSE Backports SLE-15-SP1
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for perl-Image-ExifTool fixes the following issues:

Update to version 12.25 fixes (boo#1185547 CVE-2021-22204)

* JPEG XL support is now official
* Added read support for Medical Research Council (MRC) image files
* Added ability to write a number of 3gp tags in video files
* Added a new Sony PictureProfile value (thanks Jos Roost)
* Added a new Sony LensType (thanks LibRaw)
* Added a new Nikon LensID (thanks Niels Kristian Bech Jensen)
* Added a new Canon LensType
* Decode more GPS information from Blackvue dashcam videos
* Decode a couple of new NikonSettings tags (thanks Warren Hatch)
* Decode a few new RIFF tags
* Improved Validate option to add minor warning if standard XMP is missing
xpacket wrapper
* Avoid decoding some large arrays in DNG images to improve performance
unless the -m option is used
* Patched bug that could give runtime warning when trying to write an
empty XMP structure
* Fixed decoding of ImageWidth/Height for JPEG XL images
* Fixed problem were Microsoft Xtra tags couldn't be deleted

version 12.24:

* Added a new PhaseOne RawFormat value (thanks LibRaw)
* Decode a new Sony tag (thanks Jos Roost)
* Decode a few new Panasonic and FujiFilm tags (thanks LibRaw and
Greybeard)
* Patched security vulnerability in DjVu reader
* Updated acdsee.config in distribution (thanks StarGeek)
* Recognize AutoCAD DXF files
* More work on experimental JUMBF read support
* More work on experimental JPEG XL read/write support

version 12.23:

* Added support for Olympus ORI files
* Added experimental read/write support for JPEG XL images
* Added experimental read support for JUMBF metadata in JPEG and Jpeg2000
images
* Added built-in support for parsing GPS track from Denver ACG-8050 videos
with the -ee option
* Added a some new Sony lenses (thanks Jos Roost and LibRaw)
* Changed priority of Samsung trailer tags so the first DepthMapImage
takes precedence when -a is not used
* Improved identification of M4A audio files
* Patched to avoid escaping ',' in "Binary data" message when
-struct is used
* Removed Unknown flag from MXF VideoCodingSchemeID tag
* Fixed -forcewrite=EXIF to apply to EXIF in binary header of EPS files
* API Changes:
+ Added BlockExtract option

version 12.22:

* Added a few new Sony LensTypes and a new SonyModelID (thanks Jos Roost
and LibRaw)
* Added Extra BaseName tag
* Added a new CanonModelID (thanks LibRaw)
* Decode timed GPS from unlisted programs in M2TS videos with the -ee3
option
* Decode more Sony rtmd tags
* Decode some tags for the Sony ILME-FX3 (thanks Jos Roost)
* Allow negative values to be written to XMP-aux:LensID
* Recognize HEVC video program in M2TS files
* Enhanced -b option so --b suppresses tags with binary data
* Improved flexibility when writing GPS coordinates:
+ Now pulls latitude and longitude from a combined GPSCoordinates string
+ Recognizes the full word "South" and "West" to write negative
coordinates
* Improved warning when trying to write an integer QuickTime date/time tag
and Time::Local is not available
* Convert GPSSpeed from mph to km/h in timed GPS from Garmin MP4 videos

version 12.21:

* Added a few new iOS QuickTime tags
* Decode a couple more Sony rtmd tags
* Patch to avoid possible "Use of uninitialized value" warning when
attempting to write QuickTime date/time tags with an invalid value
* Fixed problem writing Microsoft Xtra tags
* Fixed Windows daylight savings time patch for file times that was broken
in 12.19 (however directory times will not yet handle DST properly)

version 12.20:

* Added ability to write some Microsoft Xtra tags in MOV/MP4 videos
* Added two new Canon LensType values (thanks Norbert Wasser)
* Added a new Nikon LensID
* Fixed problem reading FITS comments that start before column 11

version 12.19:

* Added -list_dir option
* Added the "ls-l" Shortcut tag
* Extract Comment and History from FITS files
* Enhanced FilePermissions to include device type (similar to "ls -l")
* Changed the name of Apple ContentIdentifier tag to MediaGroupUUID
(thanks Neal Krawetz)
* Fixed a potential "substr outside of string" runtime error when reading
corrupted EXIF
* Fixed edge case where NikonScanIFD may not be copied properly when
copying MakerNotes to another file
* API Changes:
+ Added ability to read/write System tags of directories
+ Enhanced GetAllGroups() to support family 7 and take
optional ExifTool reference
+ Changed QuickTimeHandler option default to 1

version 12.18:

* Added a new SonyModelID
* Decode a number of Sony tags for the ILCE-1 (thanks Jos Roost)
* Decode a couple of new Canon tags (thanks LibRaw)
* Patched to read differently formatted UserData:Keywords as written by
iPhone
* Patched to tolerate out-of-order Nikon MakerNote IFD entries when
obtaining tags necessary for decryption
* Fixed a few possible Condition warnings for some NikonSettings tags

version 12.17:

* Added a new Canon FocusMode value
* Added a new FujiFilm FilmMode value
* Added a number of new XMP-crs tags (thanks Herb)
* Decode a new H264 MDPM tag
* Allow non-conforming lower-case XMP boolean "true" and "false" values to
be written, but only when print conversion is disabled
* Improved Validate option to warn about non-capitalized boolean XMP values
* Improved logic for setting GPSLatitude/LongitudeRef values when writing
* Changed -json and -php options so the -a option is implied even without
the -g option
* Avoid extracting audio/video data from AVI videos when -ee
-u is used
* Patched decoding of Canon ContinuousShootingSpeed for newer firmware
versions of the EOS-1DXmkIII
* Re-worked LensID patch of version 12.00 (github issue #51)
* Fixed a few typos in newly-added NikonSettings tags (thanks Herb)
* Fixed problem where group could not be specified for PNG-pHYs tags when
writing version 12.16:
* Extract another form of video subtitle text
* Enhanced -ee option with -ee2 and -ee3 to allow parsing of the H264
video stream in MP4 files
* Changed a Nikon FlashMode value
* Fixed problem that caused a failed DPX test on Strawberry Perl
* API Changes:
+ Enhanced ExtractEmbedded option

version 12.15:

* Added a couple of new Sony LensType values (thanks LibRaw and Jos Roost)
* Added a new Nikon FlashMode value (thanks Mike)
* Decode NikonSettings (thanks Warren Hatch)
* Decode thermal information from DJI RJPEG images
* Fixed extra newline in -echo3 and -echo4 outputs added in version 12.10
* Fixed out-of-memory problem when writing some very large PNG files under
Windows

version 12.14:

* Added support for 2 more types of timed GPS in video files (that makes
49 different formats now supported)
* Added validity check for PDF trailer dictionary Size
* Added a new Pentax LensType
* Extract metadata from Jpeg2000 Association box
* Changed -g:XX:YY and -G:XX:YY options to show empty strings for
non-existent groups
* Patched to issue warning and avoid writing date/time values with a zero
month or day number
* Patched to avoid runtime warnings if trying to set FileName to an empty
string
* Fixed issue that could cause GPS test number 12 to fail on some systems
* Fixed problem extracting XML as a block from Jpeg2000 images, and
extract XML tags in the XML group instead of XMP
- Update URL

update to 12.13:

* Add time zone automatically to most string-based QuickTime date/time
tags when writing unless the PrintConv option is disabled
* Added -i HIDDEN option to ignore files with names that start with "."
* Added a few new Nikon ShutterMode values (thanks Jan Skoda)
* Added ability to write Google GCamera MicroVideo XMP tags
* Decode a new Sony tag (thanks LibRaw)
* Changed behaviour when writing only pseudo tags to return an error and
avoid writing any other tags if writing FileName fails
* Print "X image files read" message even if only 1 file is read when at
least
one other file has failed the -if condition
* Added ability to geotag from DJI CSV log files
* Added a new CanonModelID
* Added a couple of new Sony LensType values (thanks LibRaw)
* Enhanced -csvDelim option to allow "\t", "\n", "\r" and "\\"
* Unescape "\b" and "\f" in imported JSON values
* Fixed bug introduced in 12.10 which generated a "Not an integer" warning
when attempting to shift some QuickTime date/time tags
* Fixed shared-write permission problem with -@ argfile when using
-stay_open and a filename containing special characters on Windows
* Added -csvDelim option
* Added new Canon and Olympus LensType values (thanks LibRaw)
* Added a warning if ICC_Profile is deleted from an image (github issue
#63)
* EndDir() function for -if option now works when -fileOrder is used
* Changed FileSize conversion to use binary prefixes since that is how the
conversion is currently done (eg. MiB instead of MB)
* Patched -csv option so columns aren't resorted when using -G option and
one
of the tags is missing from a file
* Fixed incompatiblity with Google Photos when writing
UserData:GPSCoordinates to MP4 videos
* Fixed problem where the tags available in a -p format string were
limited to the same as the -if[NUM] option when NUM was specified
* Fixed incorrect decoding of SourceFileIndex/SourceDirectoryIndex for
Ricoh models

Update to 12.10

* Added -validate test for proper TIFF magic number in JPEG EXIF header
* Added support for Nikon Z7 LensData version 0801
* Added a new XMP-GPano tag
* Decode ColorData for the Canon EOS 1DXmkIII
* Decode more tags for the Sony ILCE-7SM3
* Automatically apply QuickTimeUTC option for CR3 files
* Improved decoding of XAttrMDLabel from MacOS files
* Ignore time zones when writing date/time values and using the -d option
* Enhanced -echo3 and -echo4 options to allow exit status to be returned
* Changed -execute so the -q option no longer suppresses the "{ready}"
message when a synchronization number is used
* Added ability to copy CanonMakerNotes from CR3 images to other file types
* Added read support for ON1 presets file (.ONP)
* Added two new CanonModelID values
* Added trailing "/" when writing QuickTime:GPSCoordinates
* Added a number of new XMP-crs tags
* Added a new Sony LensType (thanks Jos Roost)
* Added a new Nikon Z lens (thanks LibRaw)
* Added a new Canon LensType
* Decode ColorData for Canon EOS R5/R6
* Decode a couple of new HEIF tags
* Decode FirmwareVersion for Canon M50
* Improved decoding of Sony CreativeStyle tags
* Improved parsing of Radiance files to recognize comments
* Renamed GIF AspectRatio tag to PixelAspectRatio
* Patched EndDir() feature so subdirectories are always processed when -r
is used (previously, EndDir() would end processing of a directory
completely)
* Avoid loading GoPro module unnecessarily when reading MP4 videos from
some other cameras
* Fixed problem with an incorrect naming of CodecID tags in some MKV videos
* Fixed verbose output to avoid "adding" messages for existing flattened
XMP tags
* Added a new Sony LensType
* Recognize Mac OS X xattr files
* Extract ThumbnailImage from MP4 videos of more dashcam models
* Improved decoding of a number of Sony tags
* Fixed problem where the special -if EndDir() function didn't work
properly for directories after the one in which it was initially called
* Patched to read DLL files which don't have a .rsrc section
* Patched to support new IGC date format when geotagging
* Patched to read DLL files with an invalid size in the header
* Added support for GoPro .360 videos
* Added some new Canon RF and Nikkor Z lenses
* Added some new Sony LensType and CreativeStyle values and decode some
ILCE-7C tags
* Added a number of new Olympus SceneMode values
* Added a new Nikon LensID
* Decode more timed metadata from Insta360 videos
* Decode timed GPS from videos of more Garmin dashcam models
* Decode a new GoPro video tag
* Reformat time-only EventTime values when writing and prevent arbitrary
strings from being written
* Patched to accept backslashes in SourceFile entries for -csv option

update to 12.06

* Added read support for Lyrics3 metadata (and fixed problem where APE
metadata may be ignored if Lyrics3 exists)
* Added a new Panasonic VideoBurstMode value
* Added a new Olympus MultipleExposureMode value
* Added a new Nikon LensID
* Added back conversions for XMP-dwc EventTime that were removed in 12.04
with a patch to allow time-only values
* Decode GIF AspectRatio
* Decode Olympus FocusBracketStepSize
* Extract PNG iDOT chunk in Binary format with the name AppleDataOffsets
* Process PNG images which do not start with mandatory IHDR chunk
* Added a new Panasonic SelfTimer value
* Decode a few more DPX tags
* Extract AIFF APPL tag as ApplicationData
* Fixed bug writing QuickTime ItemList 'gnre' Genre values
* Fixed an incorrect value for Panasonic VideoBurstResolution
* Fixed problem when applying a time shift to some invalid makernote
date/time values

update to 12.04:

* See /usr/share/doc/packages/perl-Image-ExifTool/Change

update to 11.50, see Image-ExifTool-11.50.tar.gz for details

Update to version 11.30:

* Add a new Sony/Minolta LensType.
* Decode streaming metadata from TomTom Bandit Action Cam MP4 videos.
* Decode Reconyx HF2 PRO maker notes.
* Decode ColorData for some new Canon models.
* Enhanced -geotag feature to set AmbientTemperature if available.
* Remove non-significant spaces from some DICOM values.
* Fix possible "'x' outside of string" error when reading corrupted EXIF.
* Fix incorrect write group for GeoTIFF tags.

Update to version 11.29

* See /usr/share/doc/packages/perl-Image-ExifTool/Changes

Update to version 11.27

* See /usr/share/doc/packages/perl-Image-ExifTool/Changes

Update to version 11.24

* See /usr/share/doc/packages/perl-Image-ExifTool/Changes

Update to version 11.11 (changes since 11.01):

* See /usr/share/doc/packages/perl-Image-ExifTool/Changes

Update to 11.01:

* Added a new ProfileCMMType
* Added a Validate warning about non-standard EXIF or XMP in PNG images
* Added a new Canon LensType
* Decode a couple more PanasonicRaw tags
* Patched to avoid adding tags to QuickTime videos with multiple 'mdat'
atoms --> avoids potential corruption of these videos!

Update to 11.00:

* Added read support for WTV and DVR-MS videos
* Added print conversions for some ASF date/time tags
* Added a new SonyModelID
* Decode a new PanasonicRaw tag
* Decode some new Sony RX100 VI tags
* Made Padding and OffsetSchema tags "unsafe" so they aren't copied by
default

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2021-707=1

- openSUSE Backports SLE-15-SP2:

zypper in -t patch openSUSE-2021-707=1

- openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2021-707=1


Package List:

- openSUSE Leap 15.2 (noarch):

exiftool-12.25-lp152.4.3.1
perl-File-RandomAccess-12.25-lp152.4.3.1
perl-Image-ExifTool-12.25-lp152.4.3.1

- openSUSE Backports SLE-15-SP2 (noarch):

exiftool-12.25-bp152.4.3.1
perl-File-RandomAccess-12.25-bp152.4.3.1
perl-Image-ExifTool-12.25-bp152.4.3.1

- openSUSE Backports SLE-15-SP1 (noarch):

exiftool-12.25-bp151.4.3.1
perl-File-RandomAccess-12.25-bp151.4.3.1
perl-Image-ExifTool-12.25-bp151.4.3.1

References:

  https://www.suse.com/security/cve/CVE-2021-22204.html
  https://bugzilla.suse.com/1185547