From dec6c2072097f57562f19e41ab4b96a9c231bf9323a56b5e165481d7c282dbcd Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Mon, 17 Nov 2025 14:18:29 +0100 Subject: [PATCH 1/3] Update submodules from pool/gimp#2 and create patchinfo.20251117131718442159.187004354831441/_patchinfo --- gimp | 2 +- .../_patchinfo | 237 ++++++++++++++++++ 2 files changed, 238 insertions(+), 1 deletion(-) create mode 100644 patchinfo.20251117131718442159.187004354831441/_patchinfo diff --git a/gimp b/gimp index aab3634..22c272b 160000 --- a/gimp +++ b/gimp @@ -1 +1 @@ -Subproject commit aab3634bbac2c2c2c03cc5919f0b551eebe7a842f931200cab6f955d703ab79c +Subproject commit 22c272bab6e1fc546758b1000d26e3dccb5b7de13da8d5007541cdd65214474d diff --git a/patchinfo.20251117131718442159.187004354831441/_patchinfo b/patchinfo.20251117131718442159.187004354831441/_patchinfo new file mode 100644 index 0000000..cb45d87 --- /dev/null +++ b/patchinfo.20251117131718442159.187004354831441/_patchinfo @@ -0,0 +1,237 @@ + + VUL-0: CVE-2025-10924: gimp: GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability + VUL-0: CVE-2025-10922: gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability + VUL-0: CVE-2025-10922: gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability + VUL-0: CVE-2025-2760: gimp: integer overflow may lead to remote code execution + VUL-0: CVE-2025-10925: gimp: GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability + VUL-0: CVE-2025-2760: gimp: integer overflow may lead to remote code execution + VUL-0: CVE-2025-10920: gimp: GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability + VUL-0: CVE-2025-10920: gimp: GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability + VUL-0: CVE-2025-10924: gimp: GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability + VUL-0: CVE-2025-10925: gimp: GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability + mgorse + important + security + Security update for gimp + This update for gimp fixes the following issues: + +Changes in gimp: + +Update to 3.0.6: + + - Security: + + - During development, we received reports from the Zero Day + Initiative of potential security issues with some of our file + import plug-ins. While these issues are very unlikely to + occur with real files, developers like Jacob Boerema and Alx + Sa proactively improved security for those imports. + The resolved reports are: + - ZDI-CAN-27793 + - ZDI-CAN-27823 + - ZDI-CAN-27836 + - ZDI-CAN-27878 + - ZDI-CAN-27863 + - ZDI-CAN-27684 + + - Core: + + - Many false-positive build warnings have been cleaned out (and + proper issues fixed). + - Various crashes fixed. + - When creating a layer mask from the layer's alpha, but the + layer has no alpha, simply fill the mask with complete + opacity instead of a completely transparent layer. + - Various core infrastructure code reviewed, cleaned up, + refactored and improved, in drawable, layer and filter + handling code, tree view code, and more. + - GIMP_ICONS_LIKE_A_BOSS environment variable is not working + anymore (because "gtk-menu-images" and "gtk-button-images" + have been deprecated in GTK3 and removed in GTK4) and was + therefore removed. + - Lock Content now shows as an undo step. + - Add alpha channel for certain transforms. + - Add alpha channel on filter merge, when necessary. + - Filters can now be applied non-destructively on channels. + - Improved Photoshop brush support. + - After deleting a palette entry, the next entry is + automatically selected. This allows easily deleting several + entries in a row, among other usage. + - Resize image to layers irrespective to selections. + - Improved in-GUI release notes' demo script language: + + - We can now set a button value to click it: "toolbox:text, + tool-options:outline=1, tool-options:outline-direction" + - Color selector's module names can be used as identifiers: + "color-editor,color-editor:CMYK=1,color-editor:total-ink-coverage" + + - Fixed Alpha to Selection on single layers with no + transparency. + - Various code is slowly ported to newer code, preparing for + GTK4 port (in an unplanned future step): + + - Using g_set_str() (optionally redefining it in our core + code to avoid bumping the GLib minimum requirement). + - Start using GListModel in various pieces of code, in + particular getting rid of more and more usage of + GtkTreeView when possible (as it will be deprecated with + GTK4). + - New GimpRow class for all future row widgets. + - Use more of G_DECLARE_DERIVABLE_TYPE and + G_DECLARE_FINAL_TYPE where relevant. + - New GimpContainerListView using a GtkListBox. + - New GimpRowSeparator, GimpRowSettings, GimpRowFilter and + GimpRowDrawableFilter widgets. + + - (Experimental) GEX Format was updated. + - Palette import: + + - Set alpha value for image palette imports. + - Fix Lab & CMYK ACB palette import. + - Add palette format filters to import dialog, making it more + apparent what palette formats are supported, and giving the + ability to hide irrelevant files. + + - Improved filter actions' sensitivity to make sure they are + set insensitive when relevant. In particular filters which + cannot be run non-destructively (e.g. filters with aux + inputs, non-interactive filters and GEGL Graph) must be + insensitive when trying to run them on group layers. + - Fix bad axis centering on zoom out. + - Export better SVG when exporting paths. + + - Tools: + + - Text tool: make sure the default color is only changed when + the user confirms the color change. + - Foreground Selection tool: do not create a selection when no + strokes has been made. In particular this removes the + unnecessary delay which happened when switching to another + tool without actually stroking anything. + - All Transform tools: transform boundaries for preview is now + multi-layers aware. + - (Experimental) Seamless Clone tool: made to work again, + though it is still too slow to get out of Playground. + + - Graphical User Interface: + + - Various improvements to window management: + + - Keep-Above windows are set with the Utility hint. + - Utility windows are not made transient to a parent. + - Transient factory dialogs follow the active display, + ensuring that new image windows would not hide your toolbox + and dock windows. + + - Various CSS improvements for styling of the interface. Some + theme leaks were also fixed. + - New toggle button in Brushes and Fonts dockable, allowing + brush and font previews to optionally follow the color theme. + For instance, when using a dark theme, the brush and font + previews could be drawn on the theme background, using the + theme foreground colors. By default, these data previews are + still drawn as black on white. + - Palette grid is now drawn with the theme's background color. + - Consistent naming patterns on human-facing options (first + word only capitalized). + - About dialog: + + - We will now display the date and time of the last check in + a "Up to date as of <date> at <time>" string, differing + from the "Last checked on <date> at <time>" string. The + former will be used to indicate that GIMP is indeed + up-to-date whereas the latter when a new version was + released and that you should update. + - We now respect the system time/date format on macOS and + Windows. + + - The search popup won't pop up without an image. + - Better zoom step algorithm for data previews in container + popup (e.g. the brush popup in paint Tool Options). + - Disable animation in the Input Controller, Preferences and + Welcome dialogs for stack transition when animation are + disabled in system settings. + - Fixed crosshair hotspot on Windows (crosshair cursor for + brushes was offset with a non-100% display scale factor). + - Debug/CRITICAL dialog: + + - Make sure it is non-modal. + - Follow the theme mode under Windows. + + - While loading images, all widgets in the file dialog are made + insensitive, except for the Cancel button and the progress + bar. + - Both grid and list views can now zoom via scroll and zoom + gestures (it used to only work in list views). + - Pop an error message up on startup when GIO modules to read + HTTPS links are not found and that we therefore fail to load + the remote gimp_versions.json file. With the AppImage package + in particular, we depend on an environment daemon which + cannot be shipped in the package. So the next best thing is + to warn people and tell them what they should install to get + version checks. + - Welcome dialog: + + - The "Community Tutorials" link is now shown after the + "Documentation" link. + - The "Learn more" link in Release Notes tab leads to the + actual release news for this version. + + - Plug-ins: + + - PDF export: do not draw disabled layer masks. + - Jigsaw: the plug-in can now draw on transparent layers. + - Various file format fixes and improvements: JPEG 2000 import, + TIFF import, DDS import, SVG import, PSP import, FITS export, + ICNS import, Dicom import, WBMP import, Farbfeld import, XWD + import, ILBM import. + - Sphere Designer: use spin scale instead of spin entries (the + latter is unusable with little horizontal space). + - Animation Play: frames are shown again in the playback + progress bar. + - Vala Goat Exercise: ignoring C warning in this Vala plug-in + as it is generated code and we cannot control it. + - file-gih: brush pipe selection modes now have nice, + translatable names. + - Metadata viewer: port from GtkTreeView to GtkListBox. + - File Raw Data: reduce Raw Data load dialogue height by moving + to a 2-column layout. + - SVG import: it is now possible to break aspect ratio with + specific width/height arguments, when calling the PDB + procedure non-interactively (from other plug-ins). + - Print: when run through a portal print dialog, the "Image + Settings" will be exposed as a secondary dialog, outputted + after the portal dialog, instead of a tab on the main print + dialog (because it is not possible to tweak the print dialog + when it is created by a portal). This will bring back usable + workflow of printing with GIMP when run in a sandbox (e.g. + Flatpak or Snap). + - Recompose: fixed for YCbCr decomposed images. + - Fixed vulnerabilities: ZDI-CAN-27684, ZDI-CAN-27863, + ZDI-CAN-27878, ZDI-CAN-27836, ZDI-CAN-27823, ZDI-CAN-27793. + - C Source and HTML export can now be run non-interactively too + (e.g. from other plug-ins). + - Map Object: fix missing spin boxes. + - Small Tiles: fix display lag. + +- CVE-2025-10925: Fix GIMP ILBM file parsing stack-based buffer overflow remote code + execution vulnerability. (ZDI-25-914, ZDI-CAN-27793, bsc#1250501) + +- CVE-2025-10922: Fix GIMP DCM file parsing heap-based buffer overflow remote code + execution vulnerability. (ZDI-25-911, ZDI-CAN-27863, bsc#1250497) + +- CVE-2025-10920: Prevent overflow attack by checking if output >= max, not just + output > max. (ZDI-25-909, ZDI-CAN-27684, bsc#1250495) + +- CVE-2025-10924: Fix integer overflow while parsing FF files. (bsc#1250499) + +- CVE-2025-2760: A vulnerability allows remote attackers to execute arbitrary + code on affected installations of GIMP. The specific flaw exists + within parsing of XWD files. An integer overflow happens before + allocating a buffer. This fixed in GIMP 3.0.0. + https://www.gimp.org/news/2025/03/16/gimp-3-0-released + (bsc#1241690) + + gimp + + -- 2.51.1 From af2e21625e75cf762fc440743b7ef4f0f87c8c9e87ce83e7bf97092045862184 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Mon, 17 Nov 2025 14:45:29 +0100 Subject: [PATCH 2/3] Update patchinfo.20251117131718442159.187004354831441/_patchinfo remove seperate buildarch --- patchinfo.20251117131718442159.187004354831441/_patchinfo | 1 - 1 file changed, 1 deletion(-) diff --git a/patchinfo.20251117131718442159.187004354831441/_patchinfo b/patchinfo.20251117131718442159.187004354831441/_patchinfo index cb45d87..f24b100 100644 --- a/patchinfo.20251117131718442159.187004354831441/_patchinfo +++ b/patchinfo.20251117131718442159.187004354831441/_patchinfo @@ -233,5 +233,4 @@ Update to 3.0.6: (bsc#1241690) gimp - -- 2.51.1 From b904da424b0195728bcf73cbb403204eccfa1a4ce1c0e761337afbe49de2d168 Mon Sep 17 00:00:00 2001 From: AutoGits PR Review Bot Date: Fri, 16 Jan 2026 14:47:05 +0000 Subject: [PATCH 3/3] auto-created for gimp This commit was autocreated by AutoGits PR Review Bot referencing PRs: PR: pool/gimp!2 --- gimp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gimp b/gimp index 22c272b..fa630de 160000 --- a/gimp +++ b/gimp @@ -1 +1 @@ -Subproject commit 22c272bab6e1fc546758b1000d26e3dccb5b7de13da8d5007541cdd65214474d +Subproject commit fa630de895b97b845678e64b7c282db7f55f3124036ef774fe3aba117cd096dd -- 2.51.1