diff options
Diffstat (limited to 'media-gfx/gimp/files')
| -rw-r--r-- | media-gfx/gimp/files/gimp-2.7.4-no-deprecation.patch | 36 | ||||
| -rw-r--r-- | media-gfx/gimp/files/gimp-2.8.10-clang.patch | 204 | ||||
| -rw-r--r-- | media-gfx/gimp/files/gimp-2.8.14-blend-center.patch | 30 | ||||
| -rw-r--r-- | media-gfx/gimp/files/gimp-2.8.22-cve-2017-17784.patch | 32 | ||||
| -rw-r--r-- | media-gfx/gimp/files/gimp-2.8.22-cve-2017-17785.patch | 161 | ||||
| -rw-r--r-- | media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-1.patch | 53 | ||||
| -rw-r--r-- | media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-2.patch | 31 | ||||
| -rw-r--r-- | media-gfx/gimp/files/gimp-2.8.22-cve-2017-17787.patch | 33 | ||||
| -rw-r--r-- | media-gfx/gimp/files/gimp-2.8.22-cve-2017-17788.patch | 29 | ||||
| -rw-r--r-- | media-gfx/gimp/files/gimp-2.8.22-cve-2017-17789.patch | 38 | ||||
| -rw-r--r-- | media-gfx/gimp/files/gimp-2.9.8-cve-2017-17784.patch | 30 |
11 files changed, 0 insertions, 677 deletions
diff --git a/media-gfx/gimp/files/gimp-2.7.4-no-deprecation.patch b/media-gfx/gimp/files/gimp-2.7.4-no-deprecation.patch deleted file mode 100644 index 66bd93d0d1aa..000000000000 --- a/media-gfx/gimp/files/gimp-2.7.4-no-deprecation.patch +++ /dev/null @@ -1,36 +0,0 @@ ---- configure.ac 2012-01-02 13:15:53.695067626 +0100 -+++ configure.ac 2012-01-02 13:21:49.161623684 +0100 -@@ -1943,33 +1943,6 @@ - AC_SUBST(MIME_TYPES) - - --######################### --# Disable deprecated APIs --######################### -- --CPPFLAGS="${CPPFLAGS} -DGIMP_DISABLE_DEPRECATED -DBABL_DISABLE_DEPRECATED -DGSEAL_ENABLE" -- --# Make sure not to disable deprecated APIs for unreleased versions. --# We must build without problems with future releases of libraries --# and disabling deprecated API risks breaking the build -- --if test "x$have_glib_2_31" != "xyes"; then -- CPPFLAGS="${CPPFLAGS} -DG_DISABLE_DEPRECATED" --fi -- --if test "x$have_gtk_2_26" != "xyes"; then -- CPPFLAGS="${CPPFLAGS} -DGDK_DISABLE_DEPRECATED -DGTK_DISABLE_DEPRECATED" --fi -- --if test "x$have_gdk_pixbuf_2_26" != "xyes"; then -- CPPFLAGS="${CPPFLAGS} -DGDK_PIXBUF_DISABLE_DEPRECATED" --fi -- --if test "x$have_pango_1_32" != "xyes"; then -- CPPFLAGS="${CPPFLAGS} -DPANGO_DISABLE_DEPRECATED" --fi -- -- - ############################ - # Require multihead safe API - ############################ diff --git a/media-gfx/gimp/files/gimp-2.8.10-clang.patch b/media-gfx/gimp/files/gimp-2.8.10-clang.patch deleted file mode 100644 index 065c66b36139..000000000000 --- a/media-gfx/gimp/files/gimp-2.8.10-clang.patch +++ /dev/null @@ -1,204 +0,0 @@ ---- app/Makefile.am -+++ app/Makefile.am -@@ -120,29 +120,29 @@ - - # FIXME: core should not depend on xcf - workaround_that_core_depends_on_xcf = \ -- -u $(SYMPREFIX)xcf_init -+ -Wl,-u,$(SYMPREFIX)xcf_init - - # FIXME: core should not depend on pdb - workaround_that_core_depends_on_pdb = \ -- -u $(SYMPREFIX)internal_procs_init \ -- -u $(SYMPREFIX)gimp_plug_in_manager_restore -+ -Wl,-u,$(SYMPREFIX)internal_procs_init \ -+ -Wl,-u,$(SYMPREFIX)gimp_plug_in_manager_restore - - # FIXME: plug-in should not depend on pdb - workaround_that_plug_in_depends_on_pdb = \ -- -u $(SYMPREFIX)gimp_pdb_compat_param_spec -+ -Wl,-u,$(SYMPREFIX)gimp_pdb_compat_param_spec - - # FIXME: file should not depend on plug-in - workaround_that_file_depends_on_plug_in = \ -- -u $(SYMPREFIX)plug_in_icc_profile_apply_rgb \ -- -u $(SYMPREFIX)gimp_image_map_config_get_type -+ -Wl,-u,$(SYMPREFIX)plug_in_icc_profile_apply_rgb \ -+ -Wl,-u,$(SYMPREFIX)gimp_image_map_config_get_type - - # core, vectors and gegl are on the same architectural layer, prevent - # the linker from panicing - calm_down_linker = \ -- -u $(SYMPREFIX)gimp_vectors_undo_get_type \ -- -u $(SYMPREFIX)gimp_vectors_mod_undo_get_type \ -- -u $(SYMPREFIX)gimp_vectors_prop_undo_get_type \ -- -u $(SYMPREFIX)gimp_curve_map_pixels -+ -Wl,-u,$(SYMPREFIX)gimp_vectors_undo_get_type \ -+ -Wl,-u,$(SYMPREFIX)gimp_vectors_mod_undo_get_type \ -+ -Wl,-u,$(SYMPREFIX)gimp_vectors_prop_undo_get_type \ -+ -Wl,-u,$(SYMPREFIX)gimp_curve_map_pixels - - AM_LDFLAGS = \ - $(munix) \ ---- app/Makefile.in -+++ app/Makefile.in -@@ -702,33 +702,33 @@ - - # FIXME: core should not depend on xcf - workaround_that_core_depends_on_xcf = \ -- -u $(SYMPREFIX)xcf_init -+ -Wl,-u,$(SYMPREFIX)xcf_init - - - # FIXME: core should not depend on pdb - workaround_that_core_depends_on_pdb = \ -- -u $(SYMPREFIX)internal_procs_init \ -- -u $(SYMPREFIX)gimp_plug_in_manager_restore -+ -Wl,-u,$(SYMPREFIX)internal_procs_init \ -+ -Wl,-u,$(SYMPREFIX)gimp_plug_in_manager_restore - - - # FIXME: plug-in should not depend on pdb - workaround_that_plug_in_depends_on_pdb = \ -- -u $(SYMPREFIX)gimp_pdb_compat_param_spec -+ -Wl,-u,$(SYMPREFIX)gimp_pdb_compat_param_spec - - - # FIXME: file should not depend on plug-in - workaround_that_file_depends_on_plug_in = \ -- -u $(SYMPREFIX)plug_in_icc_profile_apply_rgb \ -- -u $(SYMPREFIX)gimp_image_map_config_get_type -+ -Wl,-u,$(SYMPREFIX)plug_in_icc_profile_apply_rgb \ -+ -Wl,-u,$(SYMPREFIX)gimp_image_map_config_get_type - - - # core, vectors and gegl are on the same architectural layer, prevent - # the linker from panicing - calm_down_linker = \ -- -u $(SYMPREFIX)gimp_vectors_undo_get_type \ -- -u $(SYMPREFIX)gimp_vectors_mod_undo_get_type \ -- -u $(SYMPREFIX)gimp_vectors_prop_undo_get_type \ -- -u $(SYMPREFIX)gimp_curve_map_pixels -+ -Wl,-u,$(SYMPREFIX)gimp_vectors_undo_get_type \ -+ -Wl,-u,$(SYMPREFIX)gimp_vectors_mod_undo_get_type \ -+ -Wl,-u,$(SYMPREFIX)gimp_vectors_prop_undo_get_type \ -+ -Wl,-u,$(SYMPREFIX)gimp_curve_map_pixels - - AM_LDFLAGS = \ - $(munix) \ ---- app/tests/Makefile.am -+++ app/tests/Makefile.am -@@ -63,22 +63,22 @@ - # We need this due to circular dependencies, see more detailed - # comments about it in app/Makefile.am - AM_LDFLAGS = \ -- -u $(SYMPREFIX)xcf_init \ -- -u $(SYMPREFIX)base_init \ -- -u $(SYMPREFIX)internal_procs_init \ -- -u $(SYMPREFIX)gimp_plug_in_manager_restore \ -- -u $(SYMPREFIX)gimp_pdb_compat_param_spec \ -- -u $(SYMPREFIX)gui_init \ -- -u $(SYMPREFIX)plug_in_icc_profile_apply_rgb \ -- -u $(SYMPREFIX)gimp_image_map_config_get_type \ -- -u $(SYMPREFIX)gimp_vectors_undo_get_type \ -- -u $(SYMPREFIX)gimp_vectors_mod_undo_get_type \ -- -u $(SYMPREFIX)gimp_vectors_prop_undo_get_type \ -- -u $(SYMPREFIX)actions_init \ -- -u $(SYMPREFIX)gimp_error_dialog_new \ -- -u $(SYMPREFIX)menus_save \ -- -u $(SYMPREFIX)gimp_tools_save \ -- -u $(SYMPREFIX)gimp_curve_map_pixels -+ -Wl,-u,$(SYMPREFIX)xcf_init \ -+ -Wl,-u,$(SYMPREFIX)base_init \ -+ -Wl,-u,$(SYMPREFIX)internal_procs_init \ -+ -Wl,-u,$(SYMPREFIX)gimp_plug_in_manager_restore \ -+ -Wl,-u,$(SYMPREFIX)gimp_pdb_compat_param_spec \ -+ -Wl,-u,$(SYMPREFIX)gui_init \ -+ -Wl,-u,$(SYMPREFIX)plug_in_icc_profile_apply_rgb \ -+ -Wl,-u,$(SYMPREFIX)gimp_image_map_config_get_type \ -+ -Wl,-u,$(SYMPREFIX)gimp_vectors_undo_get_type \ -+ -Wl,-u,$(SYMPREFIX)gimp_vectors_mod_undo_get_type \ -+ -Wl,-u,$(SYMPREFIX)gimp_vectors_prop_undo_get_type \ -+ -Wl,-u,$(SYMPREFIX)actions_init \ -+ -Wl,-u,$(SYMPREFIX)gimp_error_dialog_new \ -+ -Wl,-u,$(SYMPREFIX)menus_save \ -+ -Wl,-u,$(SYMPREFIX)gimp_tools_save \ -+ -Wl,-u,$(SYMPREFIX)gimp_curve_map_pixels - - # Note that we have some duplicate entries here too to work around - # circular dependencies and systems on the same architectural layer as ---- app/tests/Makefile.in -+++ app/tests/Makefile.in -@@ -1221,22 +1221,22 @@ - # We need this due to circular dependencies, see more detailed - # comments about it in app/Makefile.am - AM_LDFLAGS = \ -- -u $(SYMPREFIX)xcf_init \ -- -u $(SYMPREFIX)base_init \ -- -u $(SYMPREFIX)internal_procs_init \ -- -u $(SYMPREFIX)gimp_plug_in_manager_restore \ -- -u $(SYMPREFIX)gimp_pdb_compat_param_spec \ -- -u $(SYMPREFIX)gui_init \ -- -u $(SYMPREFIX)plug_in_icc_profile_apply_rgb \ -- -u $(SYMPREFIX)gimp_image_map_config_get_type \ -- -u $(SYMPREFIX)gimp_vectors_undo_get_type \ -- -u $(SYMPREFIX)gimp_vectors_mod_undo_get_type \ -- -u $(SYMPREFIX)gimp_vectors_prop_undo_get_type \ -- -u $(SYMPREFIX)actions_init \ -- -u $(SYMPREFIX)gimp_error_dialog_new \ -- -u $(SYMPREFIX)menus_save \ -- -u $(SYMPREFIX)gimp_tools_save \ -- -u $(SYMPREFIX)gimp_curve_map_pixels -+ -Wl,-u,$(SYMPREFIX)xcf_init \ -+ -Wl,-u,$(SYMPREFIX)base_init \ -+ -Wl,-u,$(SYMPREFIX)internal_procs_init \ -+ -Wl,-u,$(SYMPREFIX)gimp_plug_in_manager_restore \ -+ -Wl,-u,$(SYMPREFIX)gimp_pdb_compat_param_spec \ -+ -Wl,-u,$(SYMPREFIX)gui_init \ -+ -Wl,-u,$(SYMPREFIX)plug_in_icc_profile_apply_rgb \ -+ -Wl,-u,$(SYMPREFIX)gimp_image_map_config_get_type \ -+ -Wl,-u,$(SYMPREFIX)gimp_vectors_undo_get_type \ -+ -Wl,-u,$(SYMPREFIX)gimp_vectors_mod_undo_get_type \ -+ -Wl,-u,$(SYMPREFIX)gimp_vectors_prop_undo_get_type \ -+ -Wl,-u,$(SYMPREFIX)actions_init \ -+ -Wl,-u,$(SYMPREFIX)gimp_error_dialog_new \ -+ -Wl,-u,$(SYMPREFIX)menus_save \ -+ -Wl,-u,$(SYMPREFIX)gimp_tools_save \ -+ -Wl,-u,$(SYMPREFIX)gimp_curve_map_pixels - - - # Note that we have some duplicate entries here too to work around ---- devel-docs/app/Makefile.am -+++ devel-docs/app/Makefile.am -@@ -62,10 +62,10 @@ - -UGTK_DISABLE_SINGLE_INCLUDES - - GTKDOC_LIBS = \ -- -u $(SYMPREFIX)xcf_init \ -- -u $(SYMPREFIX)internal_procs_init \ -- -u $(SYMPREFIX)gimp_coords_mix \ -- -u $(SYMPREFIX)gimp_plug_in_manager_restore \ -+ -Wl,-u,$(SYMPREFIX)xcf_init \ -+ -Wl,-u,$(SYMPREFIX)internal_procs_init \ -+ -Wl,-u,$(SYMPREFIX)gimp_coords_mix \ -+ -Wl,-u,$(SYMPREFIX)gimp_plug_in_manager_restore \ - $(top_builddir)/app/app.o \ - $(top_builddir)/app/batch.o \ - $(top_builddir)/app/errors.o \ ---- devel-docs/app/Makefile.in -+++ devel-docs/app/Makefile.in -@@ -511,10 +511,10 @@ - -UGTK_DISABLE_SINGLE_INCLUDES - - GTKDOC_LIBS = \ -- -u $(SYMPREFIX)xcf_init \ -- -u $(SYMPREFIX)internal_procs_init \ -- -u $(SYMPREFIX)gimp_coords_mix \ -- -u $(SYMPREFIX)gimp_plug_in_manager_restore \ -+ -Wl,-u,$(SYMPREFIX)xcf_init \ -+ -Wl,-u,$(SYMPREFIX)internal_procs_init \ -+ -Wl,-u,$(SYMPREFIX)gimp_coords_mix \ -+ -Wl,-u,$(SYMPREFIX)gimp_plug_in_manager_restore \ - $(top_builddir)/app/app.o \ - $(top_builddir)/app/batch.o \ - $(top_builddir)/app/errors.o \ diff --git a/media-gfx/gimp/files/gimp-2.8.14-blend-center.patch b/media-gfx/gimp/files/gimp-2.8.14-blend-center.patch deleted file mode 100644 index eba04df59aa2..000000000000 --- a/media-gfx/gimp/files/gimp-2.8.14-blend-center.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 97e55692ebad5897be334c81c133b6626b9b6920 Mon Sep 17 00:00:00 2001 -From: Michael Natterer <mitch@gimp.org> -Date: Wed, 26 Aug 2015 23:23:16 +0200 -Subject: app: the blend tool was rendering all gradients off-by-0.5 - -When calculating the color of a pixel, we want to calculate the color -at its center, not at its top-left corner. Found by Raymond Jennings. - -EDIT (by Sebastian Pipping <sping@gentoo.org>): - Cut away patch chunk for app/operations/gimpoperationblend.c - since 2.8.14 doesn't seem to have that file. - -diff --git a/app/core/gimpdrawable-blend.c b/app/core/gimpdrawable-blend.c -index af565d1..e4f92a1 100644 ---- a/app/core/gimpdrawable-blend.c -+++ b/app/core/gimpdrawable-blend.c -@@ -628,6 +628,10 @@ gradient_render_pixel (gdouble x, - RenderBlendData *rbd = render_data; - gdouble factor; - -+ /* we want to calculate the color at the pixel's center */ -+ x += 0.5; -+ y += 0.5; -+ - /* Calculate blending factor */ - - switch (rbd->gradient_type) --- -cgit v0.10.2 - diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17784.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17784.patch deleted file mode 100644 index c7df330409f8..000000000000 --- a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17784.patch +++ /dev/null @@ -1,32 +0,0 @@ -From c57f9dcf1934a9ab0cd67650f2dea18cb0902270 Mon Sep 17 00:00:00 2001 -From: Jehan <jehan@girinstud.io> -Date: Thu, 21 Dec 2017 12:25:32 +0100 -Subject: Bug 790784 - (CVE-2017-17784) heap overread in gbr parser / - load_image. - -We were assuming the input name was well formed, hence was -nul-terminated. As any data coming from external input, this has to be -thorougly checked. -Similar to commit 06d24a79af94837d615d0024916bb95a01bf3c59 but adapted -to older gimp-2-8 code. ---- - plug-ins/common/file-gbr.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/plug-ins/common/file-gbr.c b/plug-ins/common/file-gbr.c -index b028100..d3f01d9 100644 ---- a/plug-ins/common/file-gbr.c -+++ b/plug-ins/common/file-gbr.c -@@ -443,7 +443,8 @@ load_image (const gchar *filename, - { - gchar *temp = g_new (gchar, bn_size); - -- if ((read (fd, temp, bn_size)) < bn_size) -+ if ((read (fd, temp, bn_size)) < bn_size || -+ temp[bn_size - 1] != '\0') - { - g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, - _("Error in GIMP brush file '%s'"), --- -cgit v0.12 - diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17785.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17785.patch deleted file mode 100644 index 1f77d36ec6ca..000000000000 --- a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17785.patch +++ /dev/null @@ -1,161 +0,0 @@ -From 1882bac996a20ab5c15c42b0c5e8f49033a1af54 Mon Sep 17 00:00:00 2001 -From: Tobias Stoeckmann <tobias@stoeckmann.org> -Date: Sun, 29 Oct 2017 15:19:41 +0100 -Subject: Bug 739133 - (CVE-2017-17785) Heap overflow while parsing FLI files. - -It is possible to trigger a heap overflow while parsing FLI files. The -RLE decoder is vulnerable to out of boundary writes due to lack of -boundary checks. - -The variable "framebuf" points to a memory area which was allocated -with fli_header->width * fli_header->height bytes. The RLE decoder -therefore must never write beyond that limit. - -If an illegal frame is detected, the parser won't stop, which means -that the next valid sequence is properly parsed again. This should -allow GIMP to parse FLI files as good as possible even if they are -broken by an attacker or by accident. - -While at it, I changed the variable xc to be of type size_t, because -the multiplication of width and height could overflow a 16 bit type. - -Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> -(cherry picked from commit edb251a7ef1602d20a5afcbf23f24afb163de63b) ---- - plug-ins/file-fli/fli.c | 50 ++++++++++++++++++++++++++++++++++--------------- - 1 file changed, 35 insertions(+), 15 deletions(-) - -diff --git a/plug-ins/file-fli/fli.c b/plug-ins/file-fli/fli.c -index 313efeb..ffb651e 100644 ---- a/plug-ins/file-fli/fli.c -+++ b/plug-ins/file-fli/fli.c -@@ -25,6 +25,8 @@ - - #include "config.h" - -+#include <glib/gstdio.h> -+ - #include <string.h> - #include <stdio.h> - -@@ -461,23 +463,27 @@ void fli_read_brun(FILE *f, s_fli_header *fli_header, unsigned char *framebuf) - unsigned short yc; - unsigned char *pos; - for (yc=0; yc < fli_header->height; yc++) { -- unsigned short xc, pc, pcnt; -+ unsigned short pc, pcnt; -+ size_t n, xc; - pc=fli_read_char(f); - xc=0; - pos=framebuf+(fli_header->width * yc); -+ n=(size_t)fli_header->width * (fli_header->height-yc); - for (pcnt=pc; pcnt>0; pcnt--) { - unsigned short ps; - ps=fli_read_char(f); - if (ps & 0x80) { - unsigned short len; -- for (len=-(signed char)ps; len>0; len--) { -+ for (len=-(signed char)ps; len>0 && xc<n; len--) { - pos[xc++]=fli_read_char(f); - } - } else { - unsigned char val; -+ size_t len; -+ len=MIN(n-xc,ps); - val=fli_read_char(f); -- memset(&(pos[xc]), val, ps); -- xc+=ps; -+ memset(&(pos[xc]), val, len); -+ xc+=len; - } - } - } -@@ -564,25 +570,34 @@ void fli_read_lc(FILE *f, s_fli_header *fli_header, unsigned char *old_framebuf, - memcpy(framebuf, old_framebuf, fli_header->width * fli_header->height); - firstline = fli_read_short(f); - numline = fli_read_short(f); -+ if (numline > fli_header->height || fli_header->height-numline < firstline) -+ return; -+ - for (yc=0; yc < numline; yc++) { -- unsigned short xc, pc, pcnt; -+ unsigned short pc, pcnt; -+ size_t n, xc; - pc=fli_read_char(f); - xc=0; - pos=framebuf+(fli_header->width * (firstline+yc)); -+ n=(size_t)fli_header->width * (fli_header->height-firstline-yc); - for (pcnt=pc; pcnt>0; pcnt--) { - unsigned short ps,skip; - skip=fli_read_char(f); - ps=fli_read_char(f); -- xc+=skip; -+ xc+=MIN(n-xc,skip); - if (ps & 0x80) { - unsigned char val; -+ size_t len; - ps=-(signed char)ps; - val=fli_read_char(f); -- memset(&(pos[xc]), val, ps); -- xc+=ps; -+ len=MIN(n-xc,ps); -+ memset(&(pos[xc]), val, len); -+ xc+=len; - } else { -- fread(&(pos[xc]), ps, 1, f); -- xc+=ps; -+ size_t len; -+ len=MIN(n-xc,ps); -+ fread(&(pos[xc]), len, 1, f); -+ xc+=len; - } - } - } -@@ -689,7 +704,8 @@ void fli_read_lc_2(FILE *f, s_fli_header *fli_header, unsigned char *old_framebu - yc=0; - numline = fli_read_short(f); - for (lc=0; lc < numline; lc++) { -- unsigned short xc, pc, pcnt, lpf, lpn; -+ unsigned short pc, pcnt, lpf, lpn; -+ size_t n, xc; - pc=fli_read_short(f); - lpf=0; lpn=0; - while (pc & 0x8000) { -@@ -700,26 +716,30 @@ void fli_read_lc_2(FILE *f, s_fli_header *fli_header, unsigned char *old_framebu - } - pc=fli_read_short(f); - } -+ yc=MIN(yc, fli_header->height); - xc=0; - pos=framebuf+(fli_header->width * yc); -+ n=(size_t)fli_header->width * (fli_header->height-yc); - for (pcnt=pc; pcnt>0; pcnt--) { - unsigned short ps,skip; - skip=fli_read_char(f); - ps=fli_read_char(f); -- xc+=skip; -+ xc+=MIN(n-xc,skip); - if (ps & 0x80) { - unsigned char v1,v2; - ps=-(signed char)ps; - v1=fli_read_char(f); - v2=fli_read_char(f); -- while (ps>0) { -+ while (ps>0 && xc+1<n) { - pos[xc++]=v1; - pos[xc++]=v2; - ps--; - } - } else { -- fread(&(pos[xc]), ps, 2, f); -- xc+=ps << 1; -+ size_t len; -+ len=MIN((n-xc)/2,ps); -+ fread(&(pos[xc]), len, 2, f); -+ xc+=len << 1; - } - } - if (lpf) pos[xc]=lpn; --- -cgit v0.12 - diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-1.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-1.patch deleted file mode 100644 index 4047f7cb3c9f..000000000000 --- a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-1.patch +++ /dev/null @@ -1,53 +0,0 @@ -From ef9c821fff8b637a2178eab1c78cae6764c50e12 Mon Sep 17 00:00:00 2001 -From: Jehan <jehan@girinstud.io> -Date: Wed, 20 Dec 2017 13:02:38 +0100 -Subject: Bug 739134 - (CVE-2017-17786) Out of bounds read / heap overflow - in... -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -... TGA importer. - -Be more thorough on valid TGA RGB and RGBA images. -In particular current TGA plug-in can import RGBA as 32 bits (8 bits per -channel) and 16 bits (5 bits per color channel and 1 bit for alpha), and -RGB as 15 and 24 bits. -Maybe there exist more variants, but if they do exist, we simply don't -support them yet. - -Thanks to Hanno Böck for the report and a first patch attempt. - -(cherry picked from commit 674b62ad45b6579ec6d7923dc3cb1ef4e8b5498b) ---- - plug-ins/common/file-tga.c | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/plug-ins/common/file-tga.c b/plug-ins/common/file-tga.c -index aef9870..426acc2 100644 ---- a/plug-ins/common/file-tga.c -+++ b/plug-ins/common/file-tga.c -@@ -564,12 +564,16 @@ load_image (const gchar *filename, - } - break; - case TGA_TYPE_COLOR: -- if (info.bpp != 15 && info.bpp != 16 && -- info.bpp != 24 && info.bpp != 32) -+ if ((info.bpp != 15 && info.bpp != 16 && -+ info.bpp != 24 && info.bpp != 32) || -+ ((info.bpp == 15 || info.bpp == 24) && -+ info.alphaBits != 0) || -+ (info.bpp == 16 && info.alphaBits != 1) || -+ (info.bpp == 32 && info.alphaBits != 8)) - { -- g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u)", -+ g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u, alpha = %u)", - gimp_filename_to_utf8 (filename), -- info.imageType, info.bpp); -+ info.imageType, info.bpp, info.alphaBits); - return -1; - } - break; --- -cgit v0.12 - diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-2.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-2.patch deleted file mode 100644 index 7177dd3c1f11..000000000000 --- a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-2.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 22e2571c25425f225abdb11a566cc281fca6f366 Mon Sep 17 00:00:00 2001 -From: Jehan <jehan@girinstud.io> -Date: Wed, 20 Dec 2017 13:26:26 +0100 -Subject: plug-ins: TGA 16-bit RGB (without alpha bit) is also valid. - -According to some spec on the web, 16-bit RGB is also valid. In this -case, the last bit is simply ignored (at least that's how it is -implemented right now). - -(cherry picked from commit 8ea316667c8a3296bce2832b3986b58d0fdfc077) ---- - plug-ins/common/file-tga.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/plug-ins/common/file-tga.c b/plug-ins/common/file-tga.c -index 426acc2..eb14a1d 100644 ---- a/plug-ins/common/file-tga.c -+++ b/plug-ins/common/file-tga.c -@@ -568,7 +568,8 @@ load_image (const gchar *filename, - info.bpp != 24 && info.bpp != 32) || - ((info.bpp == 15 || info.bpp == 24) && - info.alphaBits != 0) || -- (info.bpp == 16 && info.alphaBits != 1) || -+ (info.bpp == 16 && info.alphaBits != 1 && -+ info.alphaBits != 0) || - (info.bpp == 32 && info.alphaBits != 8)) - { - g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u, alpha = %u)", --- -cgit v0.12 - diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17787.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17787.patch deleted file mode 100644 index 654726388ea6..000000000000 --- a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17787.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 87ba505fff85989af795f4ab6a047713f4d9381d Mon Sep 17 00:00:00 2001 -From: Jehan <jehan@girinstud.io> -Date: Thu, 21 Dec 2017 12:49:41 +0100 -Subject: Bug 790853 - (CVE-2017-17787) heap overread in psp importer. - -As any external data, we have to check that strings being read at fixed -length are properly nul-terminated. - -(cherry picked from commit eb2980683e6472aff35a3117587c4f814515c74d) ---- - plug-ins/common/file-psp.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c -index 4cbafe3..e350e4d 100644 ---- a/plug-ins/common/file-psp.c -+++ b/plug-ins/common/file-psp.c -@@ -890,6 +890,12 @@ read_creator_block (FILE *f, - g_free (string); - return -1; - } -+ if (string[length - 1] != '\0') -+ { -+ g_message ("Creator keyword data not nul-terminated"); -+ g_free (string); -+ return -1; -+ } - switch (keyword) - { - case PSP_CRTR_FLD_TITLE: --- -cgit v0.12 - diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17788.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17788.patch deleted file mode 100644 index 2bf16b85e607..000000000000 --- a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17788.patch +++ /dev/null @@ -1,29 +0,0 @@ -From: Hanno Boeck <hanno@hboeck.de> -Date: Mon, 27 Nov 2017 00:37:29 +0100 -Subject: 790783 - buffer overread in XCF parser if version field... -Origin: https://git.gnome.org/browse/GIMP/commit/?id=702c4227e8b6169f781e4bb5ae4b5733f51ab126 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17788 -Bug-Debian: https://bugs.debian.org/885347 -Bug: https://bugzilla.gnome.org/show_bug.cgi?id=790783 - -...has no null terminator - -Check for the presence of '\0' before using atoi() on the version -string. Patch slightly modified (mitch). -[carnil: backport to gimp-2-8: affected code in xcf_load_invoker] ---- - app/xcf/xcf.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - ---- a/app/xcf/xcf.c -+++ b/app/xcf/xcf.c -@@ -318,7 +318,8 @@ xcf_load_invoker (GimpProcedure *pr - { - info.file_version = 0; - } -- else if (id[9] == 'v') -+ else if (id[9] == 'v' && -+ id[13] == '\0') - { - info.file_version = atoi (id + 10); - } diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17789.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17789.patch deleted file mode 100644 index 3d63694f6790..000000000000 --- a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17789.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 01898f10f87a094665a7fdcf7153990f4e511d3f Mon Sep 17 00:00:00 2001 -From: Jehan <jehan@girinstud.io> -Date: Wed, 20 Dec 2017 16:44:20 +0100 -Subject: Bug 790849 - (CVE-2017-17789) CVE-2017-17789 Heap buffer overflow... - -... in PSP importer. -Check if declared block length is valid (i.e. within the actual file) -before going further. -Consider the file as broken otherwise and fail loading it. - -(cherry picked from commit 28e95fbeb5720e6005a088fa811f5bf3c1af48b8) ---- - plug-ins/common/file-psp.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c -index ac0fff7..4cbafe3 100644 ---- a/plug-ins/common/file-psp.c -+++ b/plug-ins/common/file-psp.c -@@ -1771,6 +1771,15 @@ load_image (const gchar *filename, - { - block_start = ftell (f); - -+ if (block_start + block_total_len > st.st_size) -+ { -+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, -+ _("Could not open '%s' for reading: %s"), -+ gimp_filename_to_utf8 (filename), -+ _("invalid block size")); -+ goto error; -+ } -+ - if (id == PSP_IMAGE_BLOCK) - { - if (block_number != 0) --- -cgit v0.12 - diff --git a/media-gfx/gimp/files/gimp-2.9.8-cve-2017-17784.patch b/media-gfx/gimp/files/gimp-2.9.8-cve-2017-17784.patch deleted file mode 100644 index e46703d3d3d4..000000000000 --- a/media-gfx/gimp/files/gimp-2.9.8-cve-2017-17784.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 06d24a79af94837d615d0024916bb95a01bf3c59 Mon Sep 17 00:00:00 2001 -From: Jehan <jehan@girinstud.io> -Date: Thu, 21 Dec 2017 12:15:34 +0100 -Subject: Bug 790784 - (CVE-2017-17784) heap overread in gbr parser / - load_image. - -We were assuming the input name was well formed, hence was -nul-terminated. As any data coming from external input, this has to be -thorougly checked. ---- - plug-ins/common/file-gbr.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/plug-ins/common/file-gbr.c b/plug-ins/common/file-gbr.c -index b8933e7..585e74a 100644 ---- a/plug-ins/common/file-gbr.c -+++ b/plug-ins/common/file-gbr.c -@@ -456,7 +456,8 @@ load_image (GFile *file, - - if (! g_input_stream_read_all (input, temp, size, - &bytes_read, NULL, error) || -- bytes_read != size) -+ bytes_read != size || -+ temp[size - 1] != '\0') - { - g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, - _("Error in GIMP brush file '%s'"), --- -cgit v0.12 - |