rpms/gimp
5
0
Fork 0
Code Issues Pull Requests Releases Activity

import gimp-2.99.8-3.el9

Browse Source
This commit is contained in:
CentOS Sources 2022-09-27 09:11:50 -04:00 committed by root
parent 2e0df0acf8
commit 742fd41fab
3 changed files with 104 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
SOURCES/gimp-CVE-2022-30067.patch Normal file
View File

@ -0,0 +1,60 @@
From 4f99f1fcfd892ead19831b5adcd38a99d71214b6 Mon Sep 17 00:00:00 2001
From: Jacob Boerema <jgboerema@gmail.com>
Date: Fri, 29 Apr 2022 16:40:32 -0400
Subject: [PATCH] app: fix #8120 GIMP 2.10.30 crashed when allocate large
memory
GIMP could crash if the information regarding old path properties read
from XCF was incorrect. It did not check if xcf_old_path succeeded and
kept trying to load more paths even if the last one failed to load.
Instead we now stop loading paths as soon as that function fails.
In case we have a failure here we also try to skip to the next property
based on the size of the path property, in hopes that the only problem
was this property.
---
app/xcf/xcf-load.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/app/xcf/xcf-load.c b/app/xcf/xcf-load.c
index ac9c4ea248..67bc766390 100644
--- a/app/xcf/xcf-load.c
+++ b/app/xcf/xcf-load.c
@@ -1168,7 +1168,12 @@ xcf_load_image_props (XcfInfo *info,
break;
case PROP_PATHS:
- xcf_load_old_paths (info, image);
+ {
+ goffset base = info->cp;
+
+ if (! xcf_load_old_paths (info, image))
+ xcf_seek_pos (info, base + prop_size, NULL);
+ }
break;
case PROP_USER_UNIT:
@@ -3035,8 +3040,11 @@ xcf_load_old_paths (XcfInfo *info,
xcf_read_int32 (info, &last_selected_row, 1);
xcf_read_int32 (info, &num_paths, 1);
+ GIMP_LOG (XCF, "Number of old paths: %u", num_paths);
+
while (num_paths-- > 0)
- xcf_load_old_path (info, image);
+ if (! xcf_load_old_path (info, image))
+ return FALSE;
active_vectors =
GIMP_VECTORS (gimp_container_get_child_by_index (gimp_image_get_vectors (image),
@@ -3087,7 +3095,7 @@ xcf_load_old_path (XcfInfo *info,
}
else if (version != 1)
{
- g_printerr ("Unknown path type. Possibly corrupt XCF file");
+ g_printerr ("Unknown path type (version: %u). Possibly corrupt XCF file.\n", version);
g_free (name);
return FALSE;
--
GitLab

31
SOURCES/gimp-CVE-2022-32990.patch Normal file
View File

@ -0,0 +1,31 @@
From 22af0bcfe67c1c86381f33975ca7fdbde6b36b39 Mon Sep 17 00:00:00 2001
From: Jacob Boerema <jgboerema@gmail.com>
Date: Sun, 5 Jun 2022 15:38:24 -0400
Subject: [PATCH] app: fix #8230 crash in gimp_layer_invalidate_boundary when
channel is NULL
gimp_channel_is_empty returns FALSE if channel is NULL. This causes
gimp_layer_invalidate_boundary to crash if the mask channel is NULL.
With a NULL channel gimp_channel_is_empty should return TRUE, just like
the similar gimp_image_is_empty does, because returning FALSE here
suggests we have a non empty channel.
---
app/core/gimpchannel.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/app/core/gimpchannel.c b/app/core/gimpchannel.c
index 7b6a9851ae..502821ba58 100644
--- a/app/core/gimpchannel.c
+++ b/app/core/gimpchannel.c
@@ -1827,7 +1827,7 @@ gimp_channel_boundary (GimpChannel *channel,
gboolean
gimp_channel_is_empty (GimpChannel *channel)
{
- g_return_val_if_fail (GIMP_IS_CHANNEL (channel), FALSE);
+ g_return_val_if_fail (GIMP_IS_CHANNEL (channel), TRUE);
return GIMP_CHANNEL_GET_CLASS (channel)->is_empty (channel);
}
--
GitLab

17
SPECS/gimp.spec
View File

@ -88,8 +88,8 @@ Summary: GNU Image Manipulation Program
Name: gimp Name: gimp
Epoch: 2 Epoch: 2
Version: 2.99.8 Version: 2.99.8
%global rel 2 %global rel 3
Release: %{?prerelprefix}%{rel}%{dotprerel}%{dotgitrev}%{?dist}.1 Release: %{?prerelprefix}%{rel}%{dotprerel}%{dotgitrev}%{?dist}
# Compute some version related macros. # Compute some version related macros.
# Ugly, need to get quoting percent signs straight. # Ugly, need to get quoting percent signs straight.
@ -243,6 +243,12 @@ Patch3: gimp-2.10.18-no-phone-home-default.patch
# no luajit available in RHEL-9 # no luajit available in RHEL-9
Patch4: gimp-remove-lua.patch Patch4: gimp-remove-lua.patch
# CVE-2022-30067
Patch5: gimp-CVE-2022-30067.patch
# CVE-2022-32990
Patch6: gimp-CVE-2022-32990.patch
# use external help browser directly if help browser plug-in is not built # use external help browser directly if help browser plug-in is not built
Patch100: gimp-2.10.24-external-help-browser.patch Patch100: gimp-2.10.24-external-help-browser.patch
@ -346,6 +352,8 @@ EOF
%patch2 -p1 -b .font-default %patch2 -p1 -b .font-default
%patch4 -p1 -b .remove-lua %patch4 -p1 -b .remove-lua
%patch5 -p1 -b .CVE-2022-30067
%patch6 -p1 -b .CVE-2022-32990
%if ! %{with helpbrowser} %if ! %{with helpbrowser}
#%patch100 -p1 -b .external-help-browser #%patch100 -p1 -b .external-help-browser
@ -728,8 +736,9 @@ make check %{?_smp_mflags}
%endif %endif
%changelog %changelog
* Wed Mar 16 2022 Josef Ridky <jridky@redhat.com> - 2:2.99.8-2.1 * Mon Jul 18 2022 Josef Ridky <jridky@redhat.com> - 2:2.99.8-3
- Bump spec for RHEL-9.0.0 build - fix CVE-2022-30067
- fix CVE-2022-32990
* Wed Mar 09 2022 Josef Ridky <jridky@redhat.com> - 2:2.99.8-2 * Wed Mar 09 2022 Josef Ridky <jridky@redhat.com> - 2:2.99.8-2
- Remove luajit requirement - Remove luajit requirement