diff mbox series

[meta-gnome,kirkstone,1/2] gimp: patch CVE-2022-30067

Message ID 20251106192535.2538484-1-skandigraun@gmail.com
State New
Headers show
Series [meta-gnome,kirkstone,1/2] gimp: patch CVE-2022-30067 | expand

Commit Message

Gyorgy Sarvari Nov. 6, 2025, 7:25 p.m. UTC 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-30067

Pick patch that resolved the issue mentioned in the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../gimp/gimp/CVE-2022-30067.patch            | 64 +++++++++++++++++++
 meta-gnome/recipes-gimp/gimp/gimp_2.10.30.bb  |  4 +-
 2 files changed, 67 insertions(+), 1 deletion(-)
 create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2022-30067.patch
diff mbox series

Patch

diff --git a/meta-gnome/recipes-gimp/gimp/gimp/CVE-2022-30067.patch b/meta-gnome/recipes-gimp/gimp/gimp/CVE-2022-30067.patch
new file mode 100644
index 0000000000..fca1d16ac9
--- /dev/null
+++ b/meta-gnome/recipes-gimp/gimp/gimp/CVE-2022-30067.patch
@@ -0,0 +1,64 @@ 
+From ba698607ab24905d5e7fca24c11f6413c886a2a2 Mon Sep 17 00:00:00 2001
+From: Jacob Boerema <jgboerema@gmail.com>
+Date: Fri, 29 Apr 2022 16:40:32 -0400
+Subject: [PATCH] app: fix #8120 GIMP 2.10.30 crashed when allocate large
+ memory
+
+GIMP could crash if the information regarding old path properties read
+from XCF was incorrect. It did not check if xcf_old_path succeeded and
+kept trying to load more paths even if the last one failed to load.
+
+Instead we now stop loading paths as soon as that function fails.
+In case we have a failure here we also try to skip to the next property
+based on the size of the path property, in hopes that the only problem
+was this property.
+
+(cherry picked from commit 4f99f1fcfd892ead19831b5adcd38a99d71214b6)
+
+CVE: CVE-2022-30067
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gimp/-/commit/8cd6d05232795ac31076013db1c6be3dc67e8e09]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ app/xcf/xcf-load.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/app/xcf/xcf-load.c b/app/xcf/xcf-load.c
+index fe28d28..a178e40 100644
+--- a/app/xcf/xcf-load.c
++++ b/app/xcf/xcf-load.c
+@@ -1052,7 +1052,12 @@ xcf_load_image_props (XcfInfo   *info,
+           break;
+ 
+         case PROP_PATHS:
+-          xcf_load_old_paths (info, image);
++          {
++            goffset base = info->cp;
++
++            if (! xcf_load_old_paths (info, image))
++              xcf_seek_pos (info, base + prop_size, NULL);
++          }
+           break;
+ 
+         case PROP_USER_UNIT:
+@@ -2720,8 +2725,11 @@ xcf_load_old_paths (XcfInfo   *info,
+   xcf_read_int32 (info, &last_selected_row, 1);
+   xcf_read_int32 (info, &num_paths,         1);
+ 
++  GIMP_LOG (XCF, "Number of old paths: %u", num_paths);
++
+   while (num_paths-- > 0)
+-    xcf_load_old_path (info, image);
++    if (! xcf_load_old_path (info, image))
++      return FALSE;
+ 
+   active_vectors =
+     GIMP_VECTORS (gimp_container_get_child_by_index (gimp_image_get_vectors (image),
+@@ -2772,7 +2780,7 @@ xcf_load_old_path (XcfInfo   *info,
+     }
+   else if (version != 1)
+     {
+-      g_printerr ("Unknown path type. Possibly corrupt XCF file");
++      g_printerr ("Unknown path type (version: %u). Possibly corrupt XCF file.\n", version);
+ 
+       return FALSE;
+     }
diff --git a/meta-gnome/recipes-gimp/gimp/gimp_2.10.30.bb b/meta-gnome/recipes-gimp/gimp/gimp_2.10.30.bb
index a24fa993cf..3f3e56f6ec 100644
--- a/meta-gnome/recipes-gimp/gimp/gimp_2.10.30.bb
+++ b/meta-gnome/recipes-gimp/gimp/gimp_2.10.30.bb
@@ -43,7 +43,9 @@  REQUIRED_DISTRO_FEATURES = "x11"
 
 SHPV = "${@gnome_verdir("${PV}")}"
 
-SRC_URI = "https://download.gimp.org/pub/${BPN}/v${SHPV}/${BP}.tar.bz2"
+SRC_URI = "https://download.gimp.org/pub/${BPN}/v${SHPV}/${BP}.tar.bz2 \
+           file://CVE-2022-30067.patch \
+           "
 SRC_URI[sha256sum] = "88815daa76ed7d4277eeb353358bafa116cd2fcd2c861d95b95135c1d52b67dc"
 
 EXTRA_OECONF = "--disable-python \