packages/gimp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:0c80445421b224d968ea0adb4cd3298e9ecc31b1
Branches Tags
packages:main
...
compare: packages:baab4a96c141263a0f7eb01b2368abff59a24d90
Branches Tags
packages:main

10 Commits
0c80445421 ... baab4a96c1

Author SHA1 Message Date
openeuler-ci-bot
baab4a96c1
!28 [sync] PR-27: Del useless buildrequire gdb 
From: @openeuler-sync-bot 
Reviewed-by: @wang--ge 
Signed-off-by: @wang--ge
 2023-12-07 08:27:10 +00:00
lyn1001
f13d23cebe Del useless buildrequire gdb 
(cherry picked from commit a4feec1cac7fb46eeb7b1556cbc8eff414399ecd)
 2023-12-07 15:21:09 +08:00
openeuler-ci-bot
a753cade60
!24 Fix CVE-2023-44442 and CVE-2023-44444 
From: @starlet-dx 
Reviewed-by: @wang--ge 
Signed-off-by: @wang--ge
 2023-12-04 09:43:04 +00:00
starlet-dx
8876dc7909 Fix CVE-2023-44442 and CVE-2023-44444 2023-12-04 17:07:18 +08:00
openeuler-ci-bot
c12db11cff
!15 [sync] PR-13: Fix CVE-2021-45463 
Merge pull request !15 from openeuler-sync-bot/sync-pr13-openEuler-20.03-LTS-SP2-to-openEuler-20.03-LTS-SP3
 2022-01-10 12:37:31 +00:00
starlet-dx
77d07ec002 Fix CVE-2021-45463 
(cherry picked from commit c7a4c0ec79bd78713bcf6222176813a92580b82c)
 2022-01-10 19:27:56 +08:00
openeuler-ci-bot
ffd6cf8d00 !8 rebuild for libwebp 
Merge pull request !8 from t.feng/openEuler-20.03-LTS
 2020-05-25 20:13:05 +08:00
t_feng
5c2e69d37f rebuild for libwebp 2020-05-19 10:52:52 +08:00
openeuler-ci-bot
370600195a !6 add gdb build require 
Merge pull request !6 from algorithmofdish/master
 2020-03-21 23:19:58 +08:00
h00465007
18bca065d5 add gdb build require 2020-03-21 19:21:25 +08:00
4 changed files with 234 additions and 1 deletions
Show Stats Expand all files Collapse all files

146
CVE-2021-45463.patch Normal file
View File

@ -0,0 +1,146 @@
From 4201cf60b15fc1883e2bb5d61ff42837576af4bf Mon Sep 17 00:00:00 2001
From: Jehan <jehan@girinstud.io>
Date: Sat, 18 Dec 2021 23:57:23 +0100
Subject: [PATCH] =?UTF-8?q?plug-ins:=20in=20file-gegl,=20use=20the=20accur?=
=?UTF-8?q?ate=20load/save=20GEGL=20operation=E2=80=A6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
… rather than generic "gegl:load" and "gegl:save".
In particular, it means using "gegl:rgbe-load|save" for RGBE images and
"gegl:exr-save" for EXR exporting.
Without this, we could encounter weird run cases where for instance, we
would detect a RGBE image through the file magic number in GIMP,
redirect the load to file-gegl, but "gegl:load" only relies on file
extension. So if the file extension was not ".hdr", "gegl:load" could
redirect to a different handler operation meant for another format,
hence break proper loading. If no extension was matched, it could even
redirect to a fallback handler, such as Image Magick.
This breaks loading or saving images which we would be otherwise able to
load/save. And it could also have some security implications. So let's
fix this by setting the accurate operations to use for each specific
file formats we want to support through the file-gegl plug-in.
Note: this is the gimp-2-10 version of commit e8a31ba4f2c (`master`
branch) adapted to the older 2.10 API.
---
plug-ins/common/file-gegl.c | 27 +++++++++++++++++++--------
1 file changed, 19 insertions(+), 8 deletions(-)
diff --git a/plug-ins/common/file-gegl.c b/plug-ins/common/file-gegl.c
index 48beffcd5e1..978c7e7315b 100644
--- a/plug-ins/common/file-gegl.c
+++ b/plug-ins/common/file-gegl.c
@@ -46,10 +46,12 @@ struct _FileFormat
const gchar *load_proc;
const gchar *load_blurb;
const gchar *load_help;
+ const gchar *load_op;
const gchar *save_proc;
const gchar *save_blurb;
const gchar *save_help;
+ const gchar *save_op;
};
@@ -60,8 +62,10 @@ static void run (const gchar *name,
gint *nreturn_vals,
GimpParam **return_vals);
static gint32 load_image (const gchar *filename,
+ const gchar *gegl_op,
GError **error);
static gboolean save_image (const gchar *filename,
+ const gchar *gegl_op,
gint32 image_ID,
gint32 drawable_ID,
GError **error);
@@ -77,11 +81,13 @@ static const FileFormat file_formats[] =
"file-load-rgbe",
"Load files in the RGBE file format",
- "This procedure loads images in the RGBE format, using gegl:load",
+ "This procedure loads images in the RGBE format, using gegl:rgbe-load",
+ "gegl:rgbe-load",
"file-save-rgbe",
"Saves files in the RGBE file format",
- "This procedure exports images in the RGBE format, using gegl:save"
+ "This procedure exports images in the RGBE format, using gegl:rgbe-save",
+ "gegl:rgbe-save",
},
{
N_("OpenEXR image"),
@@ -90,11 +96,12 @@ static const FileFormat file_formats[] =
"0,lelong,20000630",
/* no EXR loading (implemented in native GIMP plug-in) */
- NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
"file-exr-save",
"Saves files in the OpenEXR file format",
- "This procedure saves images in the OpenEXR format, using gegl:save"
+ "This procedure saves images in the OpenEXR format, using gegl:exr-save",
+ "gegl:exr-save"
}
};
@@ -216,7 +223,7 @@ run (const gchar *name,
if (format->load_proc && !strcmp (name, format->load_proc))
{
- image_ID = load_image (param[1].data.d_string, &error);
+ image_ID = load_image (param[1].data.d_string, format->load_op, &error);
if (image_ID != -1)
{
@@ -263,7 +270,9 @@ run (const gchar *name,
break;
}
- if (! save_image (param[3].data.d_string, image_ID, drawable_ID,
+ if (! save_image (param[3].data.d_string,
+ format->save_op,
+ image_ID, drawable_ID,
&error))
{
status = GIMP_PDB_EXECUTION_ERROR;
@@ -293,6 +302,7 @@ run (const gchar *name,
static gint32
load_image (const gchar *filename,
+ const gchar *gegl_op,
GError **error)
{
gint32 image_ID = -1;
@@ -315,7 +325,7 @@ load_image (const gchar *filename,
graph = gegl_node_new ();
source = gegl_node_new_child (graph,
- "operation", "gegl:load",
+ "operation", gegl_op,
"path", filename,
NULL);
sink = gegl_node_new_child (graph,
@@ -447,6 +457,7 @@ load_image (const gchar *filename,
static gboolean
save_image (const gchar *filename,
+ const gchar *gegl_op,
gint32 image_ID,
gint32 drawable_ID,
GError **error)
@@ -465,7 +476,7 @@ save_image (const gchar *filename,
"buffer", src_buf,
NULL);
sink = gegl_node_new_child (graph,
- "operation", "gegl:save",
+ "operation", gegl_op,
"path", filename,
NULL);

30
CVE-2023-44442.patch Normal file
View File

@ -0,0 +1,30 @@
From f131d4feacfd86825d255effd02cde15373e6fc3 Mon Sep 17 00:00:00 2001
From: Alx Sa <cmyk.student@gmail.com>
Date: Fri, 29 Sep 2023 20:39:29 +0000
Subject: plug-ins: Fix vulnerability in file-psd
Resolves #10101.
This patch adds a missing break statement after an error condition
is detected to prevent the code from continuing afterwards.
Origin:
https://gitlab.gnome.org/GNOME/gimp/-/commit/985c0a20e18b5b3b8a48ee9cb12287b1d5732d3d
---
plug-ins/file-psd/psd-util.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/plug-ins/file-psd/psd-util.c b/plug-ins/file-psd/psd-util.c
index f71a57bdd6..4b6507b5de 100644
--- a/plug-ins/file-psd/psd-util.c
+++ b/plug-ins/file-psd/psd-util.c
@@ -519,6 +519,7 @@ decode_packbits (const gchar *src,
{
IFDBG(2) g_debug ("Overrun in packbits replicate of %d chars", n - unpack_left);
error_code = 2;
+ break;
}
dat = *src;
for (; n > 0; --n)
--
2.30.2

34
CVE-2023-44444.patch Normal file
View File

@ -0,0 +1,34 @@
From 5203f996b5eb018fd08e8e99e42b28f42ef27533 Mon Sep 17 00:00:00 2001
From: Alx Sa <cmyk.student@gmail.com>
Date: Sat, 23 Sep 2023 02:16:24 +0000
Subject: plug-ins: Fix PSP vulnerability (ZDI-CAN-22097)
Resolves #10071.
When reading RLE compressed data, a buffer was allocated to 127 bytes.
However, it can potentially be used to read 128 bytes, leading to a
off-by-one vulnerability. This patch allocates 128 bytes to the buffer
to prevent this from occurring.
Origin:
https://gitlab.gnome.org/GNOME/gimp/-/commit/e1bfd87195e4fe60a92df70cde65464d032dd3c1
---
plug-ins/common/file-psp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c
index 33c6a2b607..f3aa00fdc0 100644
--- a/plug-ins/common/file-psp.c
+++ b/plug-ins/common/file-psp.c
@@ -1235,7 +1235,7 @@ read_channel_data (FILE *f,
q = pixels[0] + offset;
endq = q + npixels * bytespp;
- buf = g_malloc (127);
+ buf = g_malloc (128);
while (q < endq)
{
fread (&runcount, 1, 1, f);
--
2.30.2

25
gimp.spec
View File

@ -1,6 +1,6 @@
Name: gimp
Version: 2.10.6
Release: 6
Release: 11
Epoch: 2
Summary: A versatile graphics manipulation package
License: GPLv3+ and GPLv3
@ -8,6 +8,11 @@ URL: http://www.gimp.org/
Source0: http://download.gimp.org/pub/gimp/v2.10/gimp-2.10.6.tar.bz2
Patch6000: backport-CVE-2018-12713.patch
Patch6001: CVE-2021-45463.patch
# https://gitlab.gnome.org/GNOME/gimp/-/commit/985c0a20e18b5b3b8a48ee9cb12287b1d5732d3d
Patch6002: CVE-2023-44442.patch
# https://gitlab.gnome.org/GNOME/gimp/-/commit/e1bfd87195e4fe60a92df70cde65464d032dd3c1
Patch6003: CVE-2023-44444.patch
%global apiversion 2.0
%global textversion 20
@ -254,6 +259,24 @@ make check %{?_smp_mflags}
%{_mandir}/man*/*
%changelog
* Thu Dec 7 2023 liyanan <liyanan61@h-partners.com> - 2:2.10.6-11
- Del useless buildrequire gdb
* Mon Dec 04 2023 yaoxin <yao_xin001@hoperun.com> - 2:2.10.6-10
- Fix CVE-2023-44442 and CVE-2023-44444
* Fri Jan 07 2022 yaoxin <yaoxin30@huawei.com> - 2:2.10.6-9
- Fix CVE-2021-45463
* Tue May 19 2020 fengtao <fengtao40@huawei.com> - 2:2.10.6-8
- rebuild for libwebp-1.1.0
* Sat Mar 21 2020 hexiujun <hexiujun1@huawei.com> - 2:2.10.6-7
- Type:NA
- ID:NA
- SUG:NA
- DESC:add gdb build require
* Tue Mar 10 2020 songnannan <songnannan2@huawei.com> - 2:2.10.6-6
- delete the jasper