diff --git a/gimp-3.0.6.tar.xz b/gimp-3.0.6.tar.xz deleted file mode 100644 index bfe7669..0000000 --- a/gimp-3.0.6.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:246c225383c72ef9f0dc7703b7d707084bbf177bd2900e94ce466a62862e296b -size 27197880 diff --git a/gimp-3.0.8.tar.xz b/gimp-3.0.8.tar.xz new file mode 100644 index 0000000..f26f6b3 --- /dev/null +++ b/gimp-3.0.8.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:feb498acc01b26827cff1ff95aa8fb82cdd6a60d7abf773cfcd19abeafca3386 +size 27277560 diff --git a/gimp-CVE-2025-14422.patch b/gimp-CVE-2025-14422.patch deleted file mode 100644 index 618ad4c..0000000 --- a/gimp-CVE-2025-14422.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 4ff2d773d58064e6130495de498e440f4a6d5edb Mon Sep 17 00:00:00 2001 -From: Alx Sa -Date: Sun, 23 Nov 2025 16:43:51 +0000 -Subject: [PATCH] plug-ins: Fix ZDI-CAN-28273 - -Resolves #15286 -Adds a check to the memory allocation -in pnm_load_raw () with g_size_checked_mul () -to see if the size would go out of bounds. -If so, we don't try to allocate and load the -image. ---- - plug-ins/common/file-pnm.c | 13 +++++++++++-- - 1 file changed, 11 insertions(+), 2 deletions(-) - -diff --git a/plug-ins/common/file-pnm.c b/plug-ins/common/file-pnm.c -index 32a33a4f35..9d349e967e 100644 ---- a/plug-ins/common/file-pnm.c -+++ b/plug-ins/common/file-pnm.c -@@ -674,7 +674,7 @@ load_image (GFile *file, - GError **error) - { - GInputStream *input; -- GeglBuffer *buffer; -+ GeglBuffer *buffer = NULL; - GimpImage * volatile image = NULL; - GimpLayer *layer; - char buf[BUFLEN + 4]; /* buffer for random things like scanning */ -@@ -708,6 +708,9 @@ load_image (GFile *file, - g_object_unref (input); - g_free (pnminfo); - -+ if (buffer) -+ g_object_unref (buffer); -+ - if (image) - gimp_image_delete (image); - -@@ -1060,6 +1063,7 @@ pnm_load_raw (PNMScanner *scan, - const Babl *format = NULL; - gint bpc; - guchar *data, *d; -+ gsize data_size; - gushort *s; - gint x, y, i; - gint start, end, scanlines; -@@ -1070,7 +1074,12 @@ pnm_load_raw (PNMScanner *scan, - bpc = 1; - - /* No overflow as long as gimp_tile_height() < 1365 = 2^(31 - 18) / 6 */ -- data = g_new (guchar, gimp_tile_height () * info->xres * info->np * bpc); -+ if (! g_size_checked_mul (&data_size, gimp_tile_height (), info->xres) || -+ ! g_size_checked_mul (&data_size, data_size, info->np) || -+ ! g_size_checked_mul (&data_size, data_size, bpc)) -+ CHECK_FOR_ERROR (FALSE, info->jmpbuf, _("Unsupported maximum value.")); -+ -+ data = g_new (guchar, data_size); - - input = pnmscanner_input (scan); - --- -2.52.0 - diff --git a/gimp-CVE-2025-14423.patch b/gimp-CVE-2025-14423.patch deleted file mode 100644 index 30c0bfc..0000000 --- a/gimp-CVE-2025-14423.patch +++ /dev/null @@ -1,103 +0,0 @@ -From 481cdbbb97746be1145ec3a633c567a68633c521 Mon Sep 17 00:00:00 2001 -From: Alx Sa -Date: Sun, 23 Nov 2025 04:22:49 +0000 -Subject: [PATCH] plug-ins: Fix ZDI-CAN-28311 - -Resolves #15292 -The IFF specification states that EHB format images -have exactly 32 colors in their palette. However, it -is possible for images in the wild to place an incorrect -palette size. This patch checks for this, and either limits -the palette size or breaks accordingly. ---- - plug-ins/common/file-iff.c | 32 ++++++++++++++++++++++---------- - 1 file changed, 22 insertions(+), 10 deletions(-) - -diff --git a/plug-ins/common/file-iff.c b/plug-ins/common/file-iff.c -index d144a96a4c..f0879470c2 100644 ---- a/plug-ins/common/file-iff.c -+++ b/plug-ins/common/file-iff.c -@@ -337,7 +337,7 @@ load_image (GFile *file, - width = bitMapHeader->w; - height = bitMapHeader->h; - nPlanes = bitMapHeader->nPlanes; -- row_length = (width + 15) / 16; -+ row_length = ((width + 15) / 16) * 2; - pixel_size = nPlanes / 8; - aspect_x = bitMapHeader->xAspect; - aspect_y = bitMapHeader->yAspect; -@@ -375,6 +375,18 @@ load_image (GFile *file, - { - /* EHB mode adds 32 more colors. Each are half the RGB values - * of the first 32 colors */ -+ if (palette_size < 32) -+ { -+ g_set_error (error, G_FILE_ERROR, -+ g_file_error_from_errno (errno), -+ _("Invalid ILBM colormap size")); -+ return NULL; -+ } -+ else if (palette_size > 32) -+ { -+ palette_size = 32; -+ } -+ - for (gint j = 0; j < palette_size * 2; j++) - { - gint offset_index = j + 32; -@@ -386,7 +398,7 @@ load_image (GFile *file, - gimp_cmap[offset_index * 3 + 2] = - colorMap->colorRegister[j].blue / 2; - } -- /* EHB mode always has 64 colors */ -+ /* EHB mode always has 64 colors in total */ - palette_size = 64; - } - } -@@ -447,7 +459,7 @@ load_image (GFile *file, - { - guchar *pixel_row; - -- pixel_row = g_malloc (width * pixel_size * sizeof (guchar)); -+ pixel_row = g_malloc0 (width * pixel_size); - - /* PBM uses one byte per pixel index */ - if (ILBM_imageIsPBM (true_image)) -@@ -459,7 +471,7 @@ load_image (GFile *file, - else - deleave_rgb_row (bitplanes, pixel_row, width, nPlanes, pixel_size); - -- bitplanes += (row_length * 2 * nPlanes); -+ bitplanes += (row_length * nPlanes); - - gegl_buffer_set (buffer, GEGL_RECTANGLE (0, y_height, width, 1), 0, - NULL, pixel_row, GEGL_AUTO_ROWSTRIDE); -@@ -528,7 +540,7 @@ deleave_ham_row (const guchar *gimp_cmap, - /* Deleave rows */ - for (gint i = 0; i < row_length; i++) - { -- for (gint j = 0; j < 8; j++) -+ for (gint j = 0; j < nPlanes; j++) - { - guint8 bitmask = (1 << (8 - j)) - (1 << (7 - j)); - guint8 control = 0; -@@ -590,11 +602,11 @@ deleave_ham_row (const guchar *gimp_cmap, - } - - static void --deleave_rgb_row (IFF_UByte *bitplanes, -- guchar *pixel_row, -- gint width, -- gint nPlanes, -- gint pixel_size) -+deleave_rgb_row (IFF_UByte *bitplanes, -+ guchar *pixel_row, -+ gint width, -+ gint nPlanes, -+ gint pixel_size) - { - gint row_length = ((width + 15) / 16) * 2; - gint current_pixel = 0; --- -2.52.0 - diff --git a/gimp-CVE-2025-14424.patch b/gimp-CVE-2025-14424.patch deleted file mode 100644 index 48483e5..0000000 --- a/gimp-CVE-2025-14424.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 5cc55d078b7fba995cef77d195fac325ee288ddd Mon Sep 17 00:00:00 2001 -From: Jacob Boerema -Date: Thu, 13 Nov 2025 18:26:51 -0500 -Subject: [PATCH] app: fix #15288 crash when loading malformed xcf - -ZDI-CAN-28376 vulnerability - -Add extra tests to not crash on a NULL g_class. ---- - app/core/gimpitemlist.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/app/core/gimpitemlist.c b/app/core/gimpitemlist.c -index 93dfc83427..5aeb4916d8 100644 ---- a/app/core/gimpitemlist.c -+++ b/app/core/gimpitemlist.c -@@ -345,7 +345,10 @@ gimp_item_list_named_new (GimpImage *image, - g_return_val_if_fail (GIMP_IS_IMAGE (image), NULL); - - for (iter = items; iter; iter = iter->next) -- g_return_val_if_fail (g_type_is_a (G_OBJECT_TYPE (iter->data), item_type), NULL); -+ { -+ g_return_val_if_fail (iter->data && ((GTypeInstance*) (iter->data))->g_class, NULL); -+ g_return_val_if_fail (g_type_is_a (G_OBJECT_TYPE (iter->data), item_type), NULL); -+ } - - if (! items) - { --- -2.52.0 - diff --git a/gimp-CVE-2025-14425.patch b/gimp-CVE-2025-14425.patch deleted file mode 100644 index f833a76..0000000 --- a/gimp-CVE-2025-14425.patch +++ /dev/null @@ -1,69 +0,0 @@ -From cd1c88a0364ad1444c06536731972a99bd8643fd Mon Sep 17 00:00:00 2001 -From: Alx Sa -Date: Wed, 12 Nov 2025 13:25:44 +0000 -Subject: [PATCH] plug-ins: Mitigate ZDI-CAN-28248 for JP2 images - -Resolves #15285 -Per the report, it's possible to exceed the size of the pixel buffer -with a high precision_scaled value, as we size it to the width * bpp. -This patch includes precision_scaled in the allocation calculation. -It also adds a g_size_checked_mul () check to ensure there's no -overflow, and moves the pixel and buffer memory freeing to occur -in the out section so that it always runs even on failure. ---- -diff -urp gimp-3.0.6.orig/plug-ins/common/file-jp2-load.c gimp-3.0.6/plug-ins/common/file-jp2-load.c ---- gimp-3.0.6.orig/plug-ins/common/file-jp2-load.c 2025-10-05 12:14:02.000000000 -0500 -+++ gimp-3.0.6/plug-ins/common/file-jp2-load.c 2026-01-16 13:01:30.366333187 -0600 -@@ -1045,14 +1045,15 @@ load_image (GimpProcedure *procedure - GimpColorProfile *profile = NULL; - GimpImage *gimp_image = NULL; - GimpLayer *layer; -+ GeglBuffer *buffer = NULL; -+ guchar *pixels = NULL; -+ gsize pixels_size; - GimpImageType image_type; - GimpImageBaseType base_type; - gint width; - gint height; - gint num_components; -- GeglBuffer *buffer; - gint i, j, k, it; -- guchar *pixels; - const Babl *file_format; - gint bpp; - GimpPrecision image_precision; -@@ -1318,7 +1319,15 @@ load_image (GimpProcedure *procedure - bpp = babl_format_get_bytes_per_pixel (file_format); - - buffer = gimp_drawable_get_buffer (GIMP_DRAWABLE (layer)); -- pixels = g_new0 (guchar, width * bpp); -+ -+ if (! g_size_checked_mul (&pixels_size, width, (bpp * (precision_scaled / 8)))) -+ { -+ g_set_error (error, GIMP_PLUG_IN_ERROR, 0, -+ _("Defined row size is too large in JP2 image '%s'."), -+ gimp_file_get_utf8_name (file)); -+ goto out; -+ } -+ pixels = g_new0 (guchar, pixels_size); - - for (i = 0; i < height; i++) - { -@@ -1344,13 +1353,13 @@ load_image (GimpProcedure *procedure - gegl_buffer_set (buffer, GEGL_RECTANGLE (0, i, width, 1), 0, - file_format, pixels, GEGL_AUTO_ROWSTRIDE); - } -- -- g_free (pixels); -- -- g_object_unref (buffer); - gimp_progress_update (1.0); - - out: -+ if (pixels) -+ g_free (pixels); -+ if (buffer) -+ g_object_unref (buffer); - if (profile) - g_object_unref (profile); - if (image) diff --git a/gimp-CVE-2025-15059.patch b/gimp-CVE-2025-15059.patch deleted file mode 100644 index 4aeac2e..0000000 --- a/gimp-CVE-2025-15059.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 03575ac8cbb0ef3103b0a15d6598475088dcc15e Mon Sep 17 00:00:00 2001 -From: Jacob Boerema -Date: Sat, 20 Dec 2025 10:10:48 -0500 -Subject: [PATCH] plug-ins: fix #15284 ZDI-CAN-28232 vulnerability in file-psp - -We were not checking whether channel types were valid for grayscale -images. Using a blue color channel caused an invalid computation of -the offset which could cause us to access an invalid memory location. - -Now we separate RGB from non-RGB images when checking which channels -are valid, and if not return with an error. ---- - plug-ins/common/file-psp.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c -index f00251c573..3f6970561f 100644 ---- a/plug-ins/common/file-psp.c -+++ b/plug-ins/common/file-psp.c -@@ -2171,11 +2171,12 @@ read_layer_block (FILE *f, - } - else - { -- if (channel_type > PSP_CHANNEL_BLUE) -+ if ((ia->base_type == GIMP_RGB && channel_type > PSP_CHANNEL_BLUE) || -+ (ia->base_type != GIMP_RGB && channel_type >= PSP_CHANNEL_RED)) - { - g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, -- _("Invalid channel type %d in channel information chunk"), -- channel_type); -+ _("Invalid channel type %d in channel information chunk"), -+ channel_type); - return NULL; - } - --- -2.51.0 - diff --git a/gimp.changes b/gimp.changes index 448e5b9..29a303e 100644 --- a/gimp.changes +++ b/gimp.changes @@ -1,3 +1,108 @@ +------------------------------------------------------------------- +Sun Jan 25 03:00:53 UTC 2026 - Marcus Rueckert + +- Update to 3.0.8 + - Font Loading Performance + - Improvements in start-up time for users with a large number + of fonts was backported from our 3.2 RC2 release. As a + result, we now wait to load images until fonts are + initialized - this prevents some occasional odd displays and + other issues when an XCF file tried to access a partially + loaded font. + - Assorted updates and fixes + - Daniel Plakhotich helped us identify an issue when exporting + a lossless WEBP image could be affected by lossy settings + (such as Quality being less than 100%). We’ve updated our + WEBP plug-in to prevent this from happening. + - Thanks to Jehan‘s efforts, the standard gimp-3.0 executable + can now be run with a --no-interface flag instead of + requiring users to call gimp-console-3.0 even on devices with + no display. The --show-debug-menu flag is now visible as + well. + - programmer_ceds improved our flatpak by adding safe guards to + show the correct configuration directory regardless of + whether XDG_CONFIG_HOME is defined on the user’s system. This + should make it much easier for flatpak users to install and + use third party plug-ins. + - We fixed a rare but possible crash when using the Equalize + filter on images with NaN values. Images that contain these + are usually created from scientific or mapping data, so + you’re unlikely to come across them in standard editing. + - Jeremy Bicha fixed an internal issue where the wrong version + number could be used when installing minor releases (such as + the 3.2 release candidates and upcoming 3.2 stable release). + - As noted in our 3.2RC2 news post, we have updated our SVG + import code to improve the rendered path. + - Further improvements have been made to our non-destructive + filter code to improve stability, especially when copying and + pasting layers and images with filters attached to them. Some + issues related to applying NDE filters on Quick Masks have + also been corrected. + - An unintended Search pop-up that appeared when typing while + the Channels dockable was selected has been turned off. + - When saving XCFs for GIMP 2.10 compatibility, we + unintentionally saved Grid color using the new color format. + This caused errors when reopening the XCF in 2.10. This + problem has now been fixed! If you encounter any other XCF + incompatibility, please let us know. + - Themes and UX + - The Navigation and Selection Editor dockables no longer show + a large bright texture when no image is actively selected. + This was especially noticeable on dark themes. + - When a layer has no active filters, the Fx column had the + same “checkbox” outline when hovered over as the lock column. + This led to confusion about clicking it to add filters. We + have removed the outline on hover as a small step to help + address this. + - Ondřej Míchal fixed alignment and cut-off issues with the + buttons on our Transform tool overlays. All buttons should + now be properly centered and visible. + - The options for filling layers with colors when resizing the + canvas will be turned off when not relevant (such as when you + set layers to not be resized). + - More GUI elements such as dialog header icons will now + respond to your icon size preferences. + - Ondřej Míchal has continued his work to update our UI with + the more usable Spin Scale widget. He has also updated the + widget itself to improve how it works for users and + developers alike. + - Security fixes + - Jacob Boerema and Gabriele Barbero continued to patch + potential security issues related to some of our file format + plug-ins. In addition to existing fixes mentioned in the + release candidate news posts, the following exploits are now + prevented: ZDI-CAN-28232 ZDI-CAN-28265 ZDI-CAN-28530 + ZDI-CAN-28591 ZDI-CAN-28599 + - Another potential issue related to ICO files with incorrect + metadata was reported by Dhiraj. It does not have a CVE + number yet, but it has been fixed for GIMP 3.0.8. Jacob + Boerema also fixed a potential issue with loading Creator + blocks in Paintshop Pro PSP images. + - API + - For plug-in and script developers, a few new public APIs were + backported to GIMP 3.0.8. gimp_cairo_surface_get_buffer () + allows you to retrieve a GEGL buffer from a Cairo surface + (such as a text layer). Note that this deprecates + gimp_cairo_surface_create_buffer (). + - gimp_config_set_xcf_version () and + gimp_config_get_xcf_version () can be used to specify a + particular XCF version for a configuration. This will allow + you to have that data serialized/deserialized for certain + versions of GIMP if there were differences (such as the Grid + colors mentioned above). + - Fixes were made for retrieving image metadata via scripting. + GimpMetadata is now a visible child of GExiv2Metadata, so you + can use standard gexiv2 functions to retrieve information + from it. + - Original thumbnail metadata is also now removed on export to + prevent potential issues when exporting into a new format. +- drop patches included in the update + gimp-CVE-2025-14422.patch (bsc#1255293 CVE-2025-14422) + gimp-CVE-2025-14423.patch (bsc#1255294 CVE-2025-14423) + gimp-CVE-2025-14424.patch (bsc#1255295 CVE-2025-14424) + gimp-CVE-2025-14425.patch (bsc#1255296 CVE-2025-14425) + gimp-CVE-2025-15059.patch (bsc#1255766 CVE-2025-15059) + ------------------------------------------------------------------- Fri Jan 16 17:52:35 UTC 2026 - Michael Gorse diff --git a/gimp.spec b/gimp.spec index c208c05..a4c6290 100644 --- a/gimp.spec +++ b/gimp.spec @@ -85,7 +85,7 @@ %define pkg_name gimp Name: gimp -Version: 3.0.6 +Version: 3.0.8 Release: 0 %global pkg_version %{version} Summary: The GNU Image Manipulation Program @@ -100,16 +100,6 @@ Source2: openSUSE.gpl Patch1: gimp-2.99.19-cm-system-monitor-profile-by-default.patch Patch2: gimp-2.99.19-external-help-browser.patch Patch3: gimp-2.99.19-no-phone-home-default.patch -# PATCH-FIX-UPSTREAM gimp-CVE-2025-15059.patch CVE-2025-15059 bsc#1255766 xwang@suse.com -- vulnerability in file-psp -Patch4: gimp-CVE-2025-15059.patch -# PATCH-FIX-UPSTREAM gimp-CVE-2025-14422.patch bsc#1255293 mgorse@suse.com -- fix an overflow in the pnm parser. -Patch5: gimp-CVE-2025-14422.patch -# PATCH-FIX-UPSTREAM gimp-CVE-2025-14423.patch bsc#1255294 mgorse@suse.com -- fix an overflow parsing LBM files. -Patch6: gimp-CVE-2025-14423.patch -# PATCH-FIX-UPSTREAM gimp-CVE-2025-14424.patch bsc#1255295 mgorse@suse.com -- fix a use after free in the XCF parser. -Patch7: gimp-CVE-2025-14424.patch -# PATCH-FIX-UPSTREAM gimp-CVE-2025-14425.patch bsc#1255296 mgorse@suse.com -- fix an overflow when reading jp2 files. -Patch8: gimp-CVE-2025-14425.patch %if %{with debug_in_build_gimp} BuildRequires: gdb %endif @@ -152,6 +142,7 @@ BuildRequires: /usr/bin/gtk-update-icon-cache BuildRequires: qoi-devel BuildRequires: xdg-utils BuildRequires: libbacktrace-devel +BuildRequires: pkgconfig(bash-completion) BuildRequires: pkgconfig(cfitsio) BuildRequires: pkgconfig(libjxl) >= %{libjxl_version} BuildRequires: pkgconfig(OpenEXR) >= %{OpenEXR_version} @@ -210,6 +201,7 @@ BuildRequires: python3 >= 3.6.0 BuildRequires: python3-gobject BuildRequires: typelib-1_0-Babl-0_1 >= %{babl_version} BuildRequires: typelib-1_0-Gegl-0_4 >= %{gegl_version} +BuildRequires: typelib-1_0-GExiv2-0_10 >= %{gexiv2_version} %requires_eq gegl-0_4 Requires: gjs # Explicitly declare the libgimp versions for upgrade purposes @@ -225,6 +217,7 @@ Requires: shared-mime-info Requires: xdg-utils Requires: typelib-1_0-Babl-0_1 >= %{babl_version} Requires: typelib-1_0-Gegl-0_4 >= %{gegl_version} +Requires: typelib-1_0-GExiv2-0_10 >= %{gexiv2_version} Recommends: %{name}-plugins-python3 = %{version} Recommends: iso-codes Suggests: AdobeICCProfiles @@ -481,6 +474,7 @@ install -m 644 -c macros.gimp \ %exclude %{_libdir}/gimp/3.0/plug-ins/file-aa %{_libdir}/girepository-1.0/Gimp-3.0.typelib %{_libdir}/girepository-1.0/GimpUi-3.0.typelib +%{_datadir}/bash-completion/completions/gimp-3.0 %files plugin-aa %{_libdir}/gimp/3.0/plug-ins/file-aa