File jhead-CVE-2022-41751-3.patch of Package jhead.17839

Index: jhead-3.06.0.1/jhead.c
===================================================================
--- jhead-3.06.0.1.orig/jhead.c
+++ jhead-3.06.0.1/jhead.c
@@ -766,9 +766,9 @@ static int DoAutoRotate(const char * Fil
                 sprintf(RotateCommand,"jpegtran -trim -%s -outfile \"%s\" \"%s\"",
                     Argument, ThumbTempName_out, ThumbTempName_in);
 
-                // Disallow characters in the command that could be used to execute arbitrary
+                // Disallow characters in the filenames that could be used to execute arbitrary
                 // shell commands with system() below.
-                if (strpbrk(RotateCommand, "\";'&|`$")) {
+                if (strpbrk(FileName, "\";'&|`$")) {
                     ErrNonfatal("Command has invalid characters.", 0, 0);
                     unlink(ThumbTempName_in);
                     return FALSE;