2 files changed, 67 insertions, 1 deletions
diff --git a/meta-gnome/recipes-gimp/gimp/gimp/CVE-2022-30067.patch b/meta-gnome/recipes-gimp/gimp/gimp/CVE-2022-30067.patch
new file mode 100644
index 0000000000..fca1d16ac9
--- /dev/null
+++ b/meta-gnome/recipes-gimp/gimp/gimp/CVE-2022-30067.patch
@@ -0,0 +1,64 @@
+From ba698607ab24905d5e7fca24c11f6413c886a2a2 Mon Sep 17 00:00:00 2001
+From: Jacob Boerema <jgboerema@gmail.com>
+Date: Fri, 29 Apr 2022 16:40:32 -0400
+Subject: [PATCH] app: fix #8120 GIMP 2.10.30 crashed when allocate large
+ memory
+GIMP could crash if the information regarding old path properties read
+from XCF was incorrect. It did not check if xcf_old_path succeeded and
+kept trying to load more paths even if the last one failed to load.
+Instead we now stop loading paths as soon as that function fails.
+In case we have a failure here we also try to skip to the next property
+based on the size of the path property, in hopes that the only problem
+was this property.
+(cherry picked from commit 4f99f1fcfd892ead19831b5adcd38a99d71214b6)
+CVE: CVE-2022-30067
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gimp/-/commit/8cd6d05232795ac31076013db1c6be3dc67e8e09]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ app/xcf/xcf-load.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+diff --git a/app/xcf/xcf-load.c b/app/xcf/xcf-load.c
+index fe28d28..a178e40 100644
+--- a/app/xcf/xcf-load.c
+++ b/app/xcf/xcf-load.c
+@@ -1052,7 +1052,12 @@ xcf_load_image_props (XcfInfo   *info,
+           break;
+ 
+         case PROP_PATHS:
+-          xcf_load_old_paths (info, image);
+          {
+            goffset base = info->cp;
+
+            if (! xcf_load_old_paths (info, image))
+              xcf_seek_pos (info, base + prop_size, NULL);
+          }
+           break;
+ 
+         case PROP_USER_UNIT:
+@@ -2720,8 +2725,11 @@ xcf_load_old_paths (XcfInfo   *info,
+   xcf_read_int32 (info, &last_selected_row, 1);
+   xcf_read_int32 (info, &num_paths,         1);
+ 
+  GIMP_LOG (XCF, "Number of old paths: %u", num_paths);
+
+   while (num_paths-- > 0)
+-    xcf_load_old_path (info, image);
+    if (! xcf_load_old_path (info, image))
+      return FALSE;
+ 
+   active_vectors =
+     GIMP_VECTORS (gimp_container_get_child_by_index (gimp_image_get_vectors (image),
+@@ -2772,7 +2780,7 @@ xcf_load_old_path (XcfInfo   *info,
+     }
+   else if (version != 1)
+     {
+-      g_printerr ("Unknown path type. Possibly corrupt XCF file");
+      g_printerr ("Unknown path type (version: %u). Possibly corrupt XCF file.\n", version);
+ 
+       return FALSE;
+     }
diff --git a/meta-gnome/recipes-gimp/gimp/gimp_2.10.30.bb b/meta-gnome/recipes-gimp/gimp/gimp_2.10.30.bb
index a24fa993cf..3f3e56f6ec 100644
--- a/meta-gnome/recipes-gimp/gimp/gimp_2.10.30.bb
+++ b/meta-gnome/recipes-gimp/gimp/gimp_2.10.30.bb
@@ -43,7 +43,9 @@ REQUIRED_DISTRO_FEATURES = "x11"
 SHPV = "${@gnome_verdir("${PV}")}"
-SRC_URI = "https://download.gimp.org/pub/${BPN}/v${SHPV}/${BP}.tar.bz2"
+SRC_URI = "https://download.gimp.org/pub/${BPN}/v${SHPV}/${BP}.tar.bz2 \
+           file://CVE-2022-30067.patch \
+           "
 SRC_URI[sha256sum] = "88815daa76ed7d4277eeb353358bafa116cd2fcd2c861d95b95135c1d52b67dc"
 EXTRA_OECONF = "--disable-python \

diff --git a/meta-gnome/recipes-gimp/gimp/gimp/CVE-2022-30067.patch b/meta-gnome/recipes-gimp/gimp/gimp/CVE-2022-30067.patch new file mode 100644 index 0000000000..fca1d16ac9 --- /dev/null +++ b/meta-gnome/recipes-gimp/gimp/gimp/CVE-2022-30067.patch
@@ -0,0 +1,64 @@
		1	From ba698607ab24905d5e7fca24c11f6413c886a2a2 Mon Sep 17 00:00:00 2001
		2	From: Jacob Boerema <jgboerema@gmail.com>
		3	Date: Fri, 29 Apr 2022 16:40:32 -0400
		4	Subject: [PATCH] app: fix #8120 GIMP 2.10.30 crashed when allocate large
		5	memory
		6
		7	GIMP could crash if the information regarding old path properties read
		8	from XCF was incorrect. It did not check if xcf_old_path succeeded and
		9	kept trying to load more paths even if the last one failed to load.
		10
		11	Instead we now stop loading paths as soon as that function fails.
		12	In case we have a failure here we also try to skip to the next property
		13	based on the size of the path property, in hopes that the only problem
		14	was this property.
		15
		16	(cherry picked from commit 4f99f1fcfd892ead19831b5adcd38a99d71214b6)
		17
		18	CVE: CVE-2022-30067
		19	Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gimp/-/commit/8cd6d05232795ac31076013db1c6be3dc67e8e09]
		20	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		21	---
		22	app/xcf/xcf-load.c \| 14 +++++++++++---
		23	1 file changed, 11 insertions(+), 3 deletions(-)
		24
		25	diff --git a/app/xcf/xcf-load.c b/app/xcf/xcf-load.c
		26	index fe28d28..a178e40 100644
		27	--- a/app/xcf/xcf-load.c
		28	+++ b/app/xcf/xcf-load.c
		29	@@ -1052,7 +1052,12 @@ xcf_load_image_props (XcfInfo *info,
		30	break;
		31
		32	case PROP_PATHS:
		33	- xcf_load_old_paths (info, image);
		34	+ {
		35	+ goffset base = info->cp;
		36	+
		37	+ if (! xcf_load_old_paths (info, image))
		38	+ xcf_seek_pos (info, base + prop_size, NULL);
		39	+ }
		40	break;
		41
		42	case PROP_USER_UNIT:
		43	@@ -2720,8 +2725,11 @@ xcf_load_old_paths (XcfInfo *info,
		44	xcf_read_int32 (info, &last_selected_row, 1);
		45	xcf_read_int32 (info, &num_paths, 1);
		46
		47	+ GIMP_LOG (XCF, "Number of old paths: %u", num_paths);
		48	+
		49	while (num_paths-- > 0)
		50	- xcf_load_old_path (info, image);
		51	+ if (! xcf_load_old_path (info, image))
		52	+ return FALSE;
		53
		54	active_vectors =
		55	GIMP_VECTORS (gimp_container_get_child_by_index (gimp_image_get_vectors (image),
		56	@@ -2772,7 +2780,7 @@ xcf_load_old_path (XcfInfo *info,
		57	}
		58	else if (version != 1)
		59	{
		60	- g_printerr ("Unknown path type. Possibly corrupt XCF file");
		61	+ g_printerr ("Unknown path type (version: %u). Possibly corrupt XCF file.\n", version);
		62
		63	return FALSE;
		64	}


diff --git a/meta-gnome/recipes-gimp/gimp/gimp_2.10.30.bb b/meta-gnome/recipes-gimp/gimp/gimp_2.10.30.bb index a24fa993cf..3f3e56f6ec 100644 --- a/meta-gnome/recipes-gimp/gimp/gimp_2.10.30.bb +++ b/meta-gnome/recipes-gimp/gimp/gimp_2.10.30.bb
@@ -43,7 +43,9 @@ REQUIRED_DISTRO_FEATURES = "x11"
43		43
44	SHPV = "${@gnome_verdir("${PV}")}"	44	SHPV = "${@gnome_verdir("${PV}")}"
45		45
46	SRC_URI = "https://download.gimp.org/pub/${BPN}/v${SHPV}/${BP}.tar.bz2"	46	SRC_URI = "https://download.gimp.org/pub/${BPN}/v${SHPV}/${BP}.tar.bz2 \
		47	file://CVE-2022-30067.patch \
		48	"
47	SRC_URI[sha256sum] = "88815daa76ed7d4277eeb353358bafa116cd2fcd2c861d95b95135c1d52b67dc"	49	SRC_URI[sha256sum] = "88815daa76ed7d4277eeb353358bafa116cd2fcd2c861d95b95135c1d52b67dc"
48		50
49	EXTRA_OECONF = "--disable-python \	51	EXTRA_OECONF = "--disable-python \