Details: https://nvd.nist.gov/vuln/detail/CVE-2022-30067
Pick patch that resolved the issue mentioned in the nvd report. Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../gimp/gimp/CVE-2022-30067.patch | 64 +++++++++++++++++++ meta-gnome/recipes-gimp/gimp/gimp_2.10.30.bb | 4 +- 2 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2022-30067.patch diff --git a/meta-gnome/recipes-gimp/gimp/gimp/CVE-2022-30067.patch b/meta-gnome/recipes-gimp/gimp/gimp/CVE-2022-30067.patch new file mode 100644 index 0000000000..fca1d16ac9 --- /dev/null +++ b/meta-gnome/recipes-gimp/gimp/gimp/CVE-2022-30067.patch @@ -0,0 +1,64 @@ +From ba698607ab24905d5e7fca24c11f6413c886a2a2 Mon Sep 17 00:00:00 2001 +From: Jacob Boerema <[email protected]> +Date: Fri, 29 Apr 2022 16:40:32 -0400 +Subject: [PATCH] app: fix #8120 GIMP 2.10.30 crashed when allocate large + memory + +GIMP could crash if the information regarding old path properties read +from XCF was incorrect. It did not check if xcf_old_path succeeded and +kept trying to load more paths even if the last one failed to load. + +Instead we now stop loading paths as soon as that function fails. +In case we have a failure here we also try to skip to the next property +based on the size of the path property, in hopes that the only problem +was this property. + +(cherry picked from commit 4f99f1fcfd892ead19831b5adcd38a99d71214b6) + +CVE: CVE-2022-30067 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gimp/-/commit/8cd6d05232795ac31076013db1c6be3dc67e8e09] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + app/xcf/xcf-load.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/app/xcf/xcf-load.c b/app/xcf/xcf-load.c +index fe28d28..a178e40 100644 +--- a/app/xcf/xcf-load.c ++++ b/app/xcf/xcf-load.c +@@ -1052,7 +1052,12 @@ xcf_load_image_props (XcfInfo *info, + break; + + case PROP_PATHS: +- xcf_load_old_paths (info, image); ++ { ++ goffset base = info->cp; ++ ++ if (! xcf_load_old_paths (info, image)) ++ xcf_seek_pos (info, base + prop_size, NULL); ++ } + break; + + case PROP_USER_UNIT: +@@ -2720,8 +2725,11 @@ xcf_load_old_paths (XcfInfo *info, + xcf_read_int32 (info, &last_selected_row, 1); + xcf_read_int32 (info, &num_paths, 1); + ++ GIMP_LOG (XCF, "Number of old paths: %u", num_paths); ++ + while (num_paths-- > 0) +- xcf_load_old_path (info, image); ++ if (! xcf_load_old_path (info, image)) ++ return FALSE; + + active_vectors = + GIMP_VECTORS (gimp_container_get_child_by_index (gimp_image_get_vectors (image), +@@ -2772,7 +2780,7 @@ xcf_load_old_path (XcfInfo *info, + } + else if (version != 1) + { +- g_printerr ("Unknown path type. Possibly corrupt XCF file"); ++ g_printerr ("Unknown path type (version: %u). Possibly corrupt XCF file.\n", version); + + return FALSE; + } diff --git a/meta-gnome/recipes-gimp/gimp/gimp_2.10.30.bb b/meta-gnome/recipes-gimp/gimp/gimp_2.10.30.bb index a24fa993cf..3f3e56f6ec 100644 --- a/meta-gnome/recipes-gimp/gimp/gimp_2.10.30.bb +++ b/meta-gnome/recipes-gimp/gimp/gimp_2.10.30.bb @@ -43,7 +43,9 @@ REQUIRED_DISTRO_FEATURES = "x11" SHPV = "${@gnome_verdir("${PV}")}" -SRC_URI = "https://download.gimp.org/pub/${BPN}/v${SHPV}/${BP}.tar.bz2"; +SRC_URI = "https://download.gimp.org/pub/${BPN}/v${SHPV}/${BP}.tar.bz2 \ + file://CVE-2022-30067.patch \ + " SRC_URI[sha256sum] = "88815daa76ed7d4277eeb353358bafa116cd2fcd2c861d95b95135c1d52b67dc" EXTRA_OECONF = "--disable-python \
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#121365): https://lists.openembedded.org/g/openembedded-devel/message/121365 Mute This Topic: https://lists.openembedded.org/mt/116159005/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
