packages/gimp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2021-45463

Browse Source 
(cherry picked from commit c7a4c0ec79bd78713bcf6222176813a92580b82c)
This commit is contained in:
starlet-dx 2022-01-07 16:37:02 +08:00 committed by openeuler-sync-bot
parent ffd6cf8d00
commit 77d07ec002
2 changed files with 151 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

146
CVE-2021-45463.patch Normal file
View File

@ -0,0 +1,146 @@
From 4201cf60b15fc1883e2bb5d61ff42837576af4bf Mon Sep 17 00:00:00 2001
From: Jehan <jehan@girinstud.io>
Date: Sat, 18 Dec 2021 23:57:23 +0100
Subject: [PATCH] =?UTF-8?q?plug-ins:=20in=20file-gegl,=20use=20the=20accur?=
=?UTF-8?q?ate=20load/save=20GEGL=20operation=E2=80=A6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
… rather than generic "gegl:load" and "gegl:save".
In particular, it means using "gegl:rgbe-load|save" for RGBE images and
"gegl:exr-save" for EXR exporting.
Without this, we could encounter weird run cases where for instance, we
would detect a RGBE image through the file magic number in GIMP,
redirect the load to file-gegl, but "gegl:load" only relies on file
extension. So if the file extension was not ".hdr", "gegl:load" could
redirect to a different handler operation meant for another format,
hence break proper loading. If no extension was matched, it could even
redirect to a fallback handler, such as Image Magick.
This breaks loading or saving images which we would be otherwise able to
load/save. And it could also have some security implications. So let's
fix this by setting the accurate operations to use for each specific
file formats we want to support through the file-gegl plug-in.
Note: this is the gimp-2-10 version of commit e8a31ba4f2c (`master`
branch) adapted to the older 2.10 API.
---
plug-ins/common/file-gegl.c | 27 +++++++++++++++++++--------
1 file changed, 19 insertions(+), 8 deletions(-)
diff --git a/plug-ins/common/file-gegl.c b/plug-ins/common/file-gegl.c
index 48beffcd5e1..978c7e7315b 100644
--- a/plug-ins/common/file-gegl.c
+++ b/plug-ins/common/file-gegl.c
@@ -46,10 +46,12 @@ struct _FileFormat
const gchar *load_proc;
const gchar *load_blurb;
const gchar *load_help;
+ const gchar *load_op;
const gchar *save_proc;
const gchar *save_blurb;
const gchar *save_help;
+ const gchar *save_op;
};
@@ -60,8 +62,10 @@ static void run (const gchar *name,
gint *nreturn_vals,
GimpParam **return_vals);
static gint32 load_image (const gchar *filename,
+ const gchar *gegl_op,
GError **error);
static gboolean save_image (const gchar *filename,
+ const gchar *gegl_op,
gint32 image_ID,
gint32 drawable_ID,
GError **error);
@@ -77,11 +81,13 @@ static const FileFormat file_formats[] =
"file-load-rgbe",
"Load files in the RGBE file format",
- "This procedure loads images in the RGBE format, using gegl:load",
+ "This procedure loads images in the RGBE format, using gegl:rgbe-load",
+ "gegl:rgbe-load",
"file-save-rgbe",
"Saves files in the RGBE file format",
- "This procedure exports images in the RGBE format, using gegl:save"
+ "This procedure exports images in the RGBE format, using gegl:rgbe-save",
+ "gegl:rgbe-save",
},
{
N_("OpenEXR image"),
@@ -90,11 +96,12 @@ static const FileFormat file_formats[] =
"0,lelong,20000630",
/* no EXR loading (implemented in native GIMP plug-in) */
- NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
"file-exr-save",
"Saves files in the OpenEXR file format",
- "This procedure saves images in the OpenEXR format, using gegl:save"
+ "This procedure saves images in the OpenEXR format, using gegl:exr-save",
+ "gegl:exr-save"
}
};
@@ -216,7 +223,7 @@ run (const gchar *name,
if (format->load_proc && !strcmp (name, format->load_proc))
{
- image_ID = load_image (param[1].data.d_string, &error);
+ image_ID = load_image (param[1].data.d_string, format->load_op, &error);
if (image_ID != -1)
{
@@ -263,7 +270,9 @@ run (const gchar *name,
break;
}
- if (! save_image (param[3].data.d_string, image_ID, drawable_ID,
+ if (! save_image (param[3].data.d_string,
+ format->save_op,
+ image_ID, drawable_ID,
&error))
{
status = GIMP_PDB_EXECUTION_ERROR;
@@ -293,6 +302,7 @@ run (const gchar *name,
static gint32
load_image (const gchar *filename,
+ const gchar *gegl_op,
GError **error)
{
gint32 image_ID = -1;
@@ -315,7 +325,7 @@ load_image (const gchar *filename,
graph = gegl_node_new ();
source = gegl_node_new_child (graph,
- "operation", "gegl:load",
+ "operation", gegl_op,
"path", filename,
NULL);
sink = gegl_node_new_child (graph,
@@ -447,6 +457,7 @@ load_image (const gchar *filename,
static gboolean
save_image (const gchar *filename,
+ const gchar *gegl_op,
gint32 image_ID,
gint32 drawable_ID,
GError **error)
@@ -465,7 +476,7 @@ save_image (const gchar *filename,
"buffer", src_buf,
NULL);
sink = gegl_node_new_child (graph,
- "operation", "gegl:save",
+ "operation", gegl_op,
"path", filename,
NULL);

6
gimp.spec
View File

@ -1,6 +1,6 @@
Name: gimp
Version: 2.10.6
Release: 8
Release: 9
Epoch: 2
Summary: A versatile graphics manipulation package
License: GPLv3+ and GPLv3
@ -8,6 +8,7 @@ URL: http://www.gimp.org/
Source0: http://download.gimp.org/pub/gimp/v2.10/gimp-2.10.6.tar.bz2
Patch6000: backport-CVE-2018-12713.patch
Patch6001: CVE-2021-45463.patch
%global apiversion 2.0
%global textversion 20
@ -254,6 +255,9 @@ make check %{?_smp_mflags}
%{_mandir}/man*/*
%changelog
* Fri Jan 07 2022 yaoxin <yaoxin30@huawei.com> - 2:2.10.6-9
- Fix CVE-2021-45463
* Tue May 19 2020 fengtao <fengtao40@huawei.com> - 2:2.10.6-8
- rebuild for libwebp-1.1.0