Import from CS git

2026-01-29 13:08:47 +00:00 · 2026-01-29 13:08:47 +00:00 · 7aeefe6bf1
commit 7aeefe6bf1
parent 928eeb76c6
2 changed files with 37 additions and 2 deletions
--- a/SOURCES/gimp-3.0.4-CVE-2025-14422.patch
+++ b/SOURCES/gimp-3.0.4-CVE-2025-14422.patch
@ -0,0 +1,31 @@
+diff -urNp a/plug-ins/common/file-pnm.c b/plug-ins/common/file-pnm.c
+--- a/plug-ins/common/file-pnm.c	2026-01-20 14:14:03.521350852 +0100
+++ b/plug-ins/common/file-pnm.c	2026-01-20 14:24:59.865358033 +0100
+@@ -706,6 +706,7 @@ pnm_load_raw (PNMScanner   *scan,
+ {
+   gint    bpc;
+   guchar *data, *bdata, *d, *b;
+  gsize   data_size;
+   gint    x, y, i;
+   gint    start, end, scanlines;
+   gint    fd;
+@@ -715,11 +716,17 @@ pnm_load_raw (PNMScanner   *scan,
+   else
+     bpc = 1;
+ 
+-  data = g_new (guchar, gimp_tile_height () * info->xres * info->np * bpc);
+  /* No overflow as long as gimp_tile_height() < 1365 = 2^(31 - 18) / 6 */
+  if (! g_size_checked_mul (&data_size, gimp_tile_height (), info->xres) ||
+      ! g_size_checked_mul (&data_size, data_size, info->np)             ||
+      ! g_size_checked_mul (&data_size, data_size, bpc))
+    CHECK_FOR_ERROR (FALSE, info->jmpbuf, _("Unsupported maximum value."));
+
+  data = g_new (guchar, data_size);
+ 
+   bdata = NULL;
+   if (bpc > 1)
+-    bdata = g_new (guchar, gimp_tile_height () * info->xres * info->np);
+    bdata = g_new (guchar, data_size);
+ 
+   fd = pnmscanner_fd (scan);
+ 
--- a/SPECS/gimp.spec
+++ b/SPECS/gimp.spec
@ -75,7 +75,7 @@ Summary:        GNU Image Manipulation Program
 Name:           gimp
 Epoch:          2
 Version:        2.8.22
-Release:        %{?prerelprefix}26%{dotprerel}%{dotgitrev}%{?dist}.3
+Release:        %{?prerelprefix}26%{dotprerel}%{dotgitrev}%{?dist}.4

 # Compute some version related macros.
 # Ugly, need to get quoting percent signs straight.
@ -221,7 +221,7 @@ Patch17: gimp-CVE-2025-48797.patch
 Patch18: gimp-CVE-2025-48798.patch
 Patch19: gimp-CVE-2025-5473.patch
 Patch20: gimp-3.0.4-CVE-2025-10920-10925-10934.patch
-
+Patch21: gimp-3.0.4-CVE-2025-14422.patch
 # use external help browser directly if help browser plug-in is not built
 Patch100:       gimp-2.8.6-external-help-browser.patch

@ -326,6 +326,7 @@ EOF
 %patch18 -p1 -b .CVE-2025-48798
 %patch19 -p1 -b .CVE-2025-5473
 %patch20 -p1 -b .CVE-2025-10920-10925-10934
+%patch21 -p1 -b .CVE-2025-14422

 %if ! %{with helpbrowser}
 %patch100 -p1 -b .external-help-browser
@ -665,6 +666,9 @@ make check
 %endif

 %changelog
+* Tue Jan 20 2026 Josef Ridky <jridky@redhat.com> - 2:2.8.22-26.4
+- fix CVE-2025-14422
+
 * Mon Nov 24 2025 Josef Ridky <jridky@redhat.com> - 2:2.8.22-26.3
 - fix CVE-2025-10920
 - fix CVE-2025-10921