Resolves: #2104191 - fix CVE-2022-32990
This commit is contained in:
parent
954c9026bc
commit
923f3f4cba
31
gimp-CVE-2022-32990.patch
Normal file
31
gimp-CVE-2022-32990.patch
Normal file
@ -0,0 +1,31 @@
|
||||
From 22af0bcfe67c1c86381f33975ca7fdbde6b36b39 Mon Sep 17 00:00:00 2001
|
||||
From: Jacob Boerema <jgboerema@gmail.com>
|
||||
Date: Sun, 5 Jun 2022 15:38:24 -0400
|
||||
Subject: [PATCH] app: fix #8230 crash in gimp_layer_invalidate_boundary when
|
||||
channel is NULL
|
||||
|
||||
gimp_channel_is_empty returns FALSE if channel is NULL. This causes
|
||||
gimp_layer_invalidate_boundary to crash if the mask channel is NULL.
|
||||
|
||||
With a NULL channel gimp_channel_is_empty should return TRUE, just like
|
||||
the similar gimp_image_is_empty does, because returning FALSE here
|
||||
suggests we have a non empty channel.
|
||||
---
|
||||
app/core/gimpchannel.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/app/core/gimpchannel.c b/app/core/gimpchannel.c
|
||||
index 7b6a9851ae..502821ba58 100644
|
||||
--- a/app/core/gimpchannel.c
|
||||
+++ b/app/core/gimpchannel.c
|
||||
@@ -1827,7 +1827,7 @@ gimp_channel_boundary (GimpChannel *channel,
|
||||
gboolean
|
||||
gimp_channel_is_empty (GimpChannel *channel)
|
||||
{
|
||||
- g_return_val_if_fail (GIMP_IS_CHANNEL (channel), FALSE);
|
||||
+ g_return_val_if_fail (GIMP_IS_CHANNEL (channel), TRUE);
|
||||
|
||||
return GIMP_CHANNEL_GET_CLASS (channel)->is_empty (channel);
|
||||
}
|
||||
--
|
||||
GitLab
|
@ -246,6 +246,9 @@ Patch4: gimp-remove-lua.patch
|
||||
# CVE-2022-30067
|
||||
Patch5: gimp-CVE-2022-30067.patch
|
||||
|
||||
# CVE-2022-32990
|
||||
Patch6: gimp-CVE-2022-32990.patch
|
||||
|
||||
# use external help browser directly if help browser plug-in is not built
|
||||
Patch100: gimp-2.10.24-external-help-browser.patch
|
||||
|
||||
@ -349,6 +352,8 @@ EOF
|
||||
|
||||
%patch2 -p1 -b .font-default
|
||||
%patch4 -p1 -b .remove-lua
|
||||
%patch5 -p1 -b .CVE-2022-30067
|
||||
%patch6 -p1 -b .CVE-2022-32990
|
||||
|
||||
%if ! %{with helpbrowser}
|
||||
#%patch100 -p1 -b .external-help-browser
|
||||
@ -733,6 +738,7 @@ make check %{?_smp_mflags}
|
||||
%changelog
|
||||
* Mon Jul 18 2022 Josef Ridky <jridky@redhat.com> - 2:2.99.8-3
|
||||
- fix CVE-2022-30067
|
||||
- fix CVE-2022-32990
|
||||
|
||||
* Wed Mar 09 2022 Josef Ridky <jridky@redhat.com> - 2:2.99.8-2
|
||||
- Remove luajit requirement
|
||||
|
Loading…
Reference in New Issue
Block a user