From 5e946a80dc14876ca1db1f27f3d95feac75e6076a874fb0cc4a2c572ac827600 Mon Sep 17 00:00:00 2001
From: Xiaoguang Wang <sun.wxg@gmail.com>
Date: Thu, 8 Jan 2026 10:56:22 +0800
Subject: [PATCH] CVE-2025-15059

---
 gimp-CVE-2025-15059.patch | 38 ++++++++++++++++++++++++++++++++++++++
 gimp.changes              |  6 ++++++
 gimp.spec                 |  2 ++
 3 files changed, 46 insertions(+)
 create mode 100644 gimp-CVE-2025-15059.patch

diff --git a/gimp-CVE-2025-15059.patch b/gimp-CVE-2025-15059.patch
new file mode 100644
index 0000000..4aeac2e
--- /dev/null
+++ b/gimp-CVE-2025-15059.patch
@@ -0,0 +1,38 @@
+From 03575ac8cbb0ef3103b0a15d6598475088dcc15e Mon Sep 17 00:00:00 2001
+From: Jacob Boerema <jgboerema@gmail.com>
+Date: Sat, 20 Dec 2025 10:10:48 -0500
+Subject: [PATCH] plug-ins: fix #15284 ZDI-CAN-28232 vulnerability in file-psp
+
+We were not checking whether channel types were valid for grayscale
+images. Using a blue color channel caused an invalid computation of
+the offset which could cause us to access an invalid memory location.
+
+Now we separate RGB from non-RGB images when checking which channels
+are valid, and if not return with an error.
+---
+ plug-ins/common/file-psp.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c
+index f00251c573..3f6970561f 100644
+--- a/plug-ins/common/file-psp.c
++++ b/plug-ins/common/file-psp.c
+@@ -2171,11 +2171,12 @@ read_layer_block (FILE      *f,
+                 }
+               else
+                 {
+-                  if (channel_type > PSP_CHANNEL_BLUE)
++                  if ((ia->base_type == GIMP_RGB && channel_type > PSP_CHANNEL_BLUE) ||
++                      (ia->base_type != GIMP_RGB && channel_type >= PSP_CHANNEL_RED))
+                     {
+                       g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
+-                                  _("Invalid channel type %d in channel information chunk"),
+-                                  channel_type);
++                                   _("Invalid channel type %d in channel information chunk"),
++                                   channel_type);
+                       return NULL;
+                     }
+ 
+-- 
+2.51.0
+
diff --git a/gimp.changes b/gimp.changes
index f5419d3..bac13fd 100644
--- a/gimp.changes
+++ b/gimp.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Jan  7 06:06:45 UTC 2026 - Xiaoguang Wang <xiaoguang.wang@suse.com>
+
+- Add gimp-CVE-2025-15059.patch: vulnerability in file-psp
+  (CVE-2025-15059, ZDI-CAN-28232, bsc#1255766).
+
 -------------------------------------------------------------------
 Mon May 19 06:52:00 UTC 2025 - Paolo Stivanin <info@paolostivanin.com>
 
diff --git a/gimp.spec b/gimp.spec
index 30b0c3e..91944ad 100644
--- a/gimp.spec
+++ b/gimp.spec
@@ -100,6 +100,8 @@ Source2:        openSUSE.gpl
 Patch1:         gimp-2.99.19-cm-system-monitor-profile-by-default.patch
 Patch2:         gimp-2.99.19-external-help-browser.patch
 Patch3:         gimp-2.99.19-no-phone-home-default.patch
+# PATCH-FIX-UPSTREAM gimp-CVE-2025-15059.patch CVE-2025-15059 bsc#1255766 xwang@suse.com -- vulnerability in file-psp
+Patch4:         gimp-CVE-2025-15059.patch
 %if %{with debug_in_build_gimp}
 BuildRequires:  gdb
 %endif
-- 
2.51.1