From 657687d33827ed971b9a84bdda5494ccd0cf1388 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 27 Apr 2018 19:14:04 -0400 Subject: gnu: Add libmypaint. * gnu/packages/gimp.scm (libmypaint): New variable. --- gnu/packages/gimp.scm | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) (limited to 'gnu/packages/gimp.scm') diff --git a/gnu/packages/gimp.scm b/gnu/packages/gimp.scm index 2483885c95..6027821592 100644 --- a/gnu/packages/gimp.scm +++ b/gnu/packages/gimp.scm @@ -39,6 +39,7 @@ #:use-module (gnu packages pdf) #:use-module (gnu packages photo) #:use-module (gnu packages python) + #:use-module (gnu packages web) #:use-module (gnu packages xorg)) (define-public babl @@ -243,3 +244,31 @@ an image, allowing you to work with the transformed image inside GIMP. You can draw or apply filters in fourier space and get the modified image with an inverse fourier transform.") (license license:gpl3+))) + +(define-public libmypaint + (package + (name "libmypaint") + (version "1.3.0") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/mypaint/libmypaint/" + "releases/download/v" version "/libmypaint-" + version ".tar.xz")) + (sha256 + (base32 + "0wd6jk69vmhsq1mdw96v0fh7b28n3glkr5ca466zcq7agzaxj1va")))) + (build-system gnu-build-system) + (native-inputs + `(("intltool" ,intltool) + ("pkg-config" ,pkg-config))) + ;; As needed by 'libmypaint.pc'. + (propagated-inputs + `(("json-c" ,json-c) + ("gobject-introspection" ,gobject-introspection))) + (inputs + `(("glib" ,glib))) + (synopsis "Artistic brushes library") + (description "Libmypaint, also called \"brushlib\", is a library for making +brushstrokes which is used by MyPaint and GIMP.") + (home-page "http://mypaint.org") + (license license:isc))) -- cgit 1.4.1 From 4b5c056aeef246f331939f0093ff1a8fde268296 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 27 Apr 2018 19:56:13 -0400 Subject: gnu: Add mypaint-brushes. * gnu/packages/gimp.scm (mypaint-brushes): New variable. --- gnu/packages/gimp.scm | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'gnu/packages/gimp.scm') diff --git a/gnu/packages/gimp.scm b/gnu/packages/gimp.scm index 6027821592..0f27ceb44e 100644 --- a/gnu/packages/gimp.scm +++ b/gnu/packages/gimp.scm @@ -28,6 +28,7 @@ #:use-module (guix build-system glib-or-gtk) #:use-module (gnu packages) #:use-module (gnu packages algebra) + #:use-module (gnu packages autotools) #:use-module (gnu packages pkg-config) #:use-module (gnu packages glib) #:use-module (gnu packages gtk) @@ -272,3 +273,30 @@ inverse fourier transform.") brushstrokes which is used by MyPaint and GIMP.") (home-page "http://mypaint.org") (license license:isc))) + +(define-public mypaint-brushes + (package + (name "mypaint-brushes") + (version "1.3.0") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/Jehan/mypaint-brushes/" + "archive/v" version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "055j2rgkav2024zl6y5hxb2ra0vbx58607d6sz7ml2351r1bcjvh")))) + (build-system gnu-build-system) + (arguments + '(#:phases + (modify-phases %standard-phases + (add-after 'unpack 'bootstrap + (lambda _ (invoke "sh" "./autogen.sh")))))) + (native-inputs + `(("autoconf" ,autoconf) + ("automake" ,automake))) + (synopsis "Default brushes for MyPaint") + (description "This package provides the default set of brushes for +MyPaint.") + (home-page "https://github.com/Jehan/mypaint-brushes") + (license license:cc0))) -- cgit 1.4.1 From f62633ca2d4c6b3f3e54b56797dd07135571f372 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 27 Apr 2018 22:37:00 -0400 Subject: gnu: gegl: Update to 0.4. * gnu/packages/gimp.scm (gegl): Update to 0.4. [inputs]: Move babl and glib to propagated-inputs. [propagated-inputs]: Add json-glib. [arguments]: Re-enable the tests and remove the obsolete 'pre-build' phase. [source]: Use HTTPS URL. * gnu/packages/patches/gegl-CVE-2012-4433.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/gimp.scm | 36 ++------ gnu/packages/patches/gegl-CVE-2012-4433.patch | 117 -------------------------- 3 files changed, 9 insertions(+), 145 deletions(-) delete mode 100644 gnu/packages/patches/gegl-CVE-2012-4433.patch (limited to 'gnu/packages/gimp.scm') diff --git a/gnu/local.mk b/gnu/local.mk index a9a7e69aea..c7faab466a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -697,7 +697,6 @@ dist_patch_DATA = \ %D%/packages/patches/gd-CVE-2018-5711.patch \ %D%/packages/patches/gd-fix-tests-on-i686.patch \ %D%/packages/patches/gd-freetype-test-failure.patch \ - %D%/packages/patches/gegl-CVE-2012-4433.patch \ %D%/packages/patches/gemma-intel-compat.patch \ %D%/packages/patches/geoclue-config.patch \ %D%/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch \ diff --git a/gnu/packages/gimp.scm b/gnu/packages/gimp.scm index 0f27ceb44e..64fe04b4f9 100644 --- a/gnu/packages/gimp.scm +++ b/gnu/packages/gimp.scm @@ -77,43 +77,25 @@ provided, as well as a framework to add new color models and data types.") (define-public gegl (package (name "gegl") - (version "0.2.0") + (version "0.4.0") (source (origin (method url-fetch) - (uri (list (string-append "http://download.gimp.org/pub/gegl/" + (uri (list (string-append "https://download.gimp.org/pub/gegl/" (string-take version 3) "/" name "-" version ".tar.bz2"))) (sha256 (base32 - "09nlv06li9nrn74ifpm7223mxpg0s7cii702z72cpbwrjh6nlbnz")) - (patches (search-patches "gegl-CVE-2012-4433.patch")))) + "1ighk4z8nlqrzyj8w97s140hzj59564l3xv6fpzbr97m1zx2nkfh")))) (build-system gnu-build-system) (arguments - '(;; More than just the one test disabled below now fails; disable them - ;; all according to the rationale given below. - #:tests? #f - #:configure-flags '("LDFLAGS=-lm") - #:phases - (modify-phases %standard-phases - (add-before 'build 'pre-build - (lambda _ - ;; This test program seems to crash on exit. Specifically, whilst - ;; g_object_unreffing bufferA and bufferB - This seems to be a bug - ;; in the destructor. This is just a test program so will not have - ;; any wider effect, although might be hiding another problem. - ;; According to advice received on irc.gimp.org#gegl although 0.2.0 - ;; is the latest released version, any bug reports against it will - ;; be ignored. So we are on our own. - (substitute* "tools/img_cmp.c" - (("g_object_unref \\(buffer.\\);") "")) - - (substitute* "tests/compositions/Makefile" - (("/bin/sh") (which "sh"))) - #t))))) - (inputs + '(#:configure-flags '("LDFLAGS=-lm"))) + ;; These are propagated to satisfy 'gegl-0.4.pc'. + (propagated-inputs `(("babl" ,babl) ("glib" ,glib) - ("cairo" ,cairo) + ("json-glib" ,json-glib))) + (inputs + `(("cairo" ,cairo) ("pango" ,pango) ("libpng" ,libpng) ("libjpeg" ,libjpeg-8))) diff --git a/gnu/packages/patches/gegl-CVE-2012-4433.patch b/gnu/packages/patches/gegl-CVE-2012-4433.patch deleted file mode 100644 index 7352b78dba..0000000000 --- a/gnu/packages/patches/gegl-CVE-2012-4433.patch +++ /dev/null @@ -1,117 +0,0 @@ -From: Michael Gilbert -Date: Mon, 9 Sep 2013 17:34:32 +0200 -Subject: Fix_CVE-2012-4433 - -Multiple buffer overflow issues. - -Closes: #692435 ---- - operations/external/ppm-load.c | 62 ++++++++++++++++++++++++++++++++++++------ - 1 file changed, 53 insertions(+), 9 deletions(-) - -diff --git a/operations/external/ppm-load.c b/operations/external/ppm-load.c -index efe6d56..465096d 100644 ---- a/operations/external/ppm-load.c -+++ b/operations/external/ppm-load.c -@@ -36,6 +36,7 @@ gegl_chant_file_path (path, _("File"), "", _("Path of file to load.")) - #include "gegl-chant.h" - #include - #include -+#include - - typedef enum { - PIXMAP_ASCII = 51, -@@ -44,8 +45,8 @@ typedef enum { - - typedef struct { - map_type type; -- gint width; -- gint height; -+ glong width; -+ glong height; - gsize numsamples; /* width * height * channels */ - gsize bpc; /* bytes per channel */ - guchar *data; -@@ -82,12 +83,33 @@ ppm_load_read_header(FILE *fp, - } - - /* Get Width and Height */ -- img->width = strtol (header,&ptr,0); -- img->height = atoi (ptr); -- img->numsamples = img->width * img->height * CHANNEL_COUNT; -+ errno = 0; -+ img->width = strtol (header,&ptr,10); -+ if (errno) -+ { -+ g_warning ("Error reading width: %s", strerror(errno)); -+ return FALSE; -+ } -+ else if (img->width < 0) -+ { -+ g_warning ("Error: width is negative"); -+ return FALSE; -+ } -+ -+ img->height = strtol (ptr,&ptr,10); -+ if (errno) -+ { -+ g_warning ("Error reading height: %s", strerror(errno)); -+ return FALSE; -+ } -+ else if (img->width < 0) -+ { -+ g_warning ("Error: height is negative"); -+ return FALSE; -+ } - - fgets (header,MAX_CHARS_IN_ROW,fp); -- maxval = strtol (header,&ptr,0); -+ maxval = strtol (header,&ptr,10); - - if ((maxval != 255) && (maxval != 65535)) - { -@@ -109,6 +131,16 @@ ppm_load_read_header(FILE *fp, - g_warning ("%s: Programmer stupidity error", G_STRLOC); - } - -+ /* Later on, img->numsamples is multiplied with img->bpc to allocate -+ * memory. Ensure it doesn't overflow. */ -+ if (!img->width || !img->height || -+ G_MAXSIZE / img->width / img->height / CHANNEL_COUNT < img->bpc) -+ { -+ g_warning ("Illegal width/height: %ld/%ld", img->width, img->height); -+ return FALSE; -+ } -+ img->numsamples = img->width * img->height * CHANNEL_COUNT; -+ - return TRUE; - } - -@@ -229,12 +261,24 @@ process (GeglOperation *operation, - if (!ppm_load_read_header (fp, &img)) - goto out; - -- rect.height = img.height; -- rect.width = img.width; -- - /* Allocating Array Size */ -+ -+ /* Should use g_try_malloc(), but this causes crashes elsewhere because the -+ * error signalled by returning FALSE isn't properly acted upon. Therefore -+ * g_malloc() is used here which aborts if the requested memory size can't be -+ * allocated causing a controlled crash. */ - img.data = (guchar*) g_malloc (img.numsamples * img.bpc); - -+ /* No-op without g_try_malloc(), see above. */ -+ if (! img.data) -+ { -+ g_warning ("Couldn't allocate %" G_GSIZE_FORMAT " bytes, giving up.", ((gsize)img.numsamples * img.bpc)); -+ goto out; -+ } -+ -+ rect.height = img.height; -+ rect.width = img.width; -+ - switch (img.bpc) - { - case 1: -- cgit 1.4.1 From 08a752526df91de3a1779ccaa0946833618d775d Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sat, 28 Apr 2018 16:32:48 -0400 Subject: gnu: babl: Update to 0.1.46. * gnu/packages/gimp.scm (babl): Update to 0.1.46. --- gnu/packages/gimp.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/gimp.scm') diff --git a/gnu/packages/gimp.scm b/gnu/packages/gimp.scm index 64fe04b4f9..38343f2149 100644 --- a/gnu/packages/gimp.scm +++ b/gnu/packages/gimp.scm @@ -46,7 +46,7 @@ (define-public babl (package (name "babl") - (version "0.1.40") + (version "0.1.46") (source (origin (method url-fetch) (uri (list (string-append "https://download.gimp.org/pub/babl/" @@ -60,7 +60,7 @@ "/babl-" version ".tar.bz2"))) (sha256 (base32 - "08cdl6rcfvkhqsnhb214xzr0wbrv0956xzlrzqxcb1k1madgjanh")))) + "0nwyhvfca6m35wjcccvwca7fcihzgdfyc012qi703y5d3cxl1hmv")))) (build-system gnu-build-system) (home-page "http://gegl.org/babl/") (synopsis "Image pixel format conversion library") -- cgit 1.4.1 From 9eecf9bc13bd3746ce5a073c59920110c6cf3dd7 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Mon, 30 Apr 2018 16:29:36 -0400 Subject: gnu: gimp: Update to 2.10.0. * gnu/packages/gimp.scm (gimp): Update to 2.10.0. [inputs]: Add glib-networking, gexiv2, libmypaint, mypaint-brushes and poppler-data. [native-inputs]: Add glib:bin. [source]: Remove obsolete patches and use HTTPS URL. [home-page]: Use HTTPS URL. * gnu/packages/patches/gimp-CVE-2017-17784.patch, gnu/packages/patches/gimp-CVE-2017-17785.patch, gnu/packages/patches/gimp-CVE-2017-17786.patch, gnu/packages/patches/gimp-CVE-2017-17787.patch, gnu/packages/patches/gimp-CVE-2017-17789.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. --- gnu/local.mk | 5 - gnu/packages/gimp.scm | 24 ++-- gnu/packages/patches/gimp-CVE-2017-17784.patch | 41 ------ gnu/packages/patches/gimp-CVE-2017-17785.patch | 171 ------------------------- gnu/packages/patches/gimp-CVE-2017-17786.patch | 94 -------------- gnu/packages/patches/gimp-CVE-2017-17787.patch | 42 ------ gnu/packages/patches/gimp-CVE-2017-17789.patch | 48 ------- 7 files changed, 13 insertions(+), 412 deletions(-) delete mode 100644 gnu/packages/patches/gimp-CVE-2017-17784.patch delete mode 100644 gnu/packages/patches/gimp-CVE-2017-17785.patch delete mode 100644 gnu/packages/patches/gimp-CVE-2017-17786.patch delete mode 100644 gnu/packages/patches/gimp-CVE-2017-17787.patch delete mode 100644 gnu/packages/patches/gimp-CVE-2017-17789.patch (limited to 'gnu/packages/gimp.scm') diff --git a/gnu/local.mk b/gnu/local.mk index c7faab466a..e78e4c831f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -706,11 +706,6 @@ dist_patch_DATA = \ %D%/packages/patches/ghostscript-no-header-creationdate.patch \ %D%/packages/patches/ghostscript-runpath.patch \ %D%/packages/patches/giflib-make-reallocarray-private.patch \ - %D%/packages/patches/gimp-CVE-2017-17784.patch \ - %D%/packages/patches/gimp-CVE-2017-17785.patch \ - %D%/packages/patches/gimp-CVE-2017-17786.patch \ - %D%/packages/patches/gimp-CVE-2017-17787.patch \ - %D%/packages/patches/gimp-CVE-2017-17789.patch \ %D%/packages/patches/glib-networking-ssl-cert-file.patch \ %D%/packages/patches/glib-respect-datadir.patch \ %D%/packages/patches/glib-tests-timer.patch \ diff --git a/gnu/packages/gimp.scm b/gnu/packages/gimp.scm index 38343f2149..f2e020b560 100644 --- a/gnu/packages/gimp.scm +++ b/gnu/packages/gimp.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2016 Ricardo Wurmus ;;; Copyright © 2016, 2017 Efraim Flashner ;;; Copyright © 2018 Tobias Geerinckx-Rice +;;; Copyright © 2018 Leo Famulari ;;; ;;; This file is part of GNU Guix. ;;; @@ -115,23 +116,18 @@ buffers.") (define-public gimp (package (name "gimp") - (version "2.8.22") + (version "2.10.0") (source (origin (method url-fetch) - (uri (string-append "http://download.gimp.org/pub/gimp/v" + (uri (string-append "https://download.gimp.org/pub/gimp/v" (version-major+minor version) "/gimp-" version ".tar.bz2")) - (patches (search-patches "gimp-CVE-2017-17784.patch" - "gimp-CVE-2017-17785.patch" - "gimp-CVE-2017-17786.patch" - "gimp-CVE-2017-17787.patch" - "gimp-CVE-2017-17789.patch")) (sha256 (base32 - "12k3lp938qdc9cqj29scg55f3bb8iav2fysd29w0s49bqmfa71wi")))) + "1qkxaigbfkx26xym5nzrgfrmn97cbnhn63v1saaha2nbi3xrdk3z")))) (build-system gnu-build-system) (outputs '("out" - "doc")) ;5 MiB of gtk-doc HTML + "doc")) ;9 MiB of gtk-doc HTML (arguments '(#:configure-flags (list (string-append "--with-html-dir=" (assoc-ref %outputs "doc") @@ -155,21 +151,27 @@ buffers.") (inputs `(("babl" ,babl) ("glib" ,glib) + ("glib-networking" ,glib-networking) ("libtiff" ,libtiff) ("libjpeg" ,libjpeg-8) ("atk" ,atk) + ("gexiv2" ,gexiv2) ("gtk+" ,gtk+-2) + ("libmypaint" ,libmypaint) + ("mypaint-brushes" ,mypaint-brushes) ("exif" ,libexif) ; optional, EXIF + XMP support ("lcms" ,lcms) ; optional, color management ("librsvg" ,librsvg) ; optional, SVG support ("poppler" ,poppler) ; optional, PDF support + ("poppler-data" ,poppler-data) ("python" ,python-2) ; optional, Python support ("python2-pygtk" ,python2-pygtk) ; optional, Python support ("gegl" ,gegl))) (native-inputs - `(("pkg-config" ,pkg-config) + `(("glib:bin" ,glib "bin") ; for glib-compile-resources and gdbus-codegen + ("pkg-config" ,pkg-config) ("intltool" ,intltool))) - (home-page "http://gimp.org") + (home-page "https://www.gimp.org") (synopsis "GNU Image Manipulation Program") (description "GIMP is an application for image manipulation tasks such as photo diff --git a/gnu/packages/patches/gimp-CVE-2017-17784.patch b/gnu/packages/patches/gimp-CVE-2017-17784.patch deleted file mode 100644 index c791772fb5..0000000000 --- a/gnu/packages/patches/gimp-CVE-2017-17784.patch +++ /dev/null @@ -1,41 +0,0 @@ -Fix CVE-2017-17784: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17784 -https://bugzilla.gnome.org/show_bug.cgi?id=790784 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/gimp/commit/?id=c57f9dcf1934a9ab0cd67650f2dea18cb0902270 - -From c57f9dcf1934a9ab0cd67650f2dea18cb0902270 Mon Sep 17 00:00:00 2001 -From: Jehan -Date: Thu, 21 Dec 2017 12:25:32 +0100 -Subject: [PATCH] Bug 790784 - (CVE-2017-17784) heap overread in gbr parser / - load_image. - -We were assuming the input name was well formed, hence was -nul-terminated. As any data coming from external input, this has to be -thorougly checked. -Similar to commit 06d24a79af94837d615d0024916bb95a01bf3c59 but adapted -to older gimp-2-8 code. ---- - plug-ins/common/file-gbr.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/plug-ins/common/file-gbr.c b/plug-ins/common/file-gbr.c -index b028100bef..d3f01d9c56 100644 ---- a/plug-ins/common/file-gbr.c -+++ b/plug-ins/common/file-gbr.c -@@ -443,7 +443,8 @@ load_image (const gchar *filename, - { - gchar *temp = g_new (gchar, bn_size); - -- if ((read (fd, temp, bn_size)) < bn_size) -+ if ((read (fd, temp, bn_size)) < bn_size || -+ temp[bn_size - 1] != '\0') - { - g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, - _("Error in GIMP brush file '%s'"), --- -2.15.1 - diff --git a/gnu/packages/patches/gimp-CVE-2017-17785.patch b/gnu/packages/patches/gimp-CVE-2017-17785.patch deleted file mode 100644 index 939b01f214..0000000000 --- a/gnu/packages/patches/gimp-CVE-2017-17785.patch +++ /dev/null @@ -1,171 +0,0 @@ -Fix CVE-2017-17785: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17785 -https://bugzilla.gnome.org/show_bug.cgi?id=739133 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/gimp/commit/?id=1882bac996a20ab5c15c42b0c5e8f49033a1af54 - -From 1882bac996a20ab5c15c42b0c5e8f49033a1af54 Mon Sep 17 00:00:00 2001 -From: Tobias Stoeckmann -Date: Sun, 29 Oct 2017 15:19:41 +0100 -Subject: [PATCH] Bug 739133 - (CVE-2017-17785) Heap overflow while parsing FLI - files. - -It is possible to trigger a heap overflow while parsing FLI files. The -RLE decoder is vulnerable to out of boundary writes due to lack of -boundary checks. - -The variable "framebuf" points to a memory area which was allocated -with fli_header->width * fli_header->height bytes. The RLE decoder -therefore must never write beyond that limit. - -If an illegal frame is detected, the parser won't stop, which means -that the next valid sequence is properly parsed again. This should -allow GIMP to parse FLI files as good as possible even if they are -broken by an attacker or by accident. - -While at it, I changed the variable xc to be of type size_t, because -the multiplication of width and height could overflow a 16 bit type. - -Signed-off-by: Tobias Stoeckmann -(cherry picked from commit edb251a7ef1602d20a5afcbf23f24afb163de63b) ---- - plug-ins/file-fli/fli.c | 50 ++++++++++++++++++++++++++++++++++--------------- - 1 file changed, 35 insertions(+), 15 deletions(-) - -diff --git a/plug-ins/file-fli/fli.c b/plug-ins/file-fli/fli.c -index 313efeb977..ffb651e2af 100644 ---- a/plug-ins/file-fli/fli.c -+++ b/plug-ins/file-fli/fli.c -@@ -25,6 +25,8 @@ - - #include "config.h" - -+#include -+ - #include - #include - -@@ -461,23 +463,27 @@ void fli_read_brun(FILE *f, s_fli_header *fli_header, unsigned char *framebuf) - unsigned short yc; - unsigned char *pos; - for (yc=0; yc < fli_header->height; yc++) { -- unsigned short xc, pc, pcnt; -+ unsigned short pc, pcnt; -+ size_t n, xc; - pc=fli_read_char(f); - xc=0; - pos=framebuf+(fli_header->width * yc); -+ n=(size_t)fli_header->width * (fli_header->height-yc); - for (pcnt=pc; pcnt>0; pcnt--) { - unsigned short ps; - ps=fli_read_char(f); - if (ps & 0x80) { - unsigned short len; -- for (len=-(signed char)ps; len>0; len--) { -+ for (len=-(signed char)ps; len>0 && xcwidth * fli_header->height); - firstline = fli_read_short(f); - numline = fli_read_short(f); -+ if (numline > fli_header->height || fli_header->height-numline < firstline) -+ return; -+ - for (yc=0; yc < numline; yc++) { -- unsigned short xc, pc, pcnt; -+ unsigned short pc, pcnt; -+ size_t n, xc; - pc=fli_read_char(f); - xc=0; - pos=framebuf+(fli_header->width * (firstline+yc)); -+ n=(size_t)fli_header->width * (fli_header->height-firstline-yc); - for (pcnt=pc; pcnt>0; pcnt--) { - unsigned short ps,skip; - skip=fli_read_char(f); - ps=fli_read_char(f); -- xc+=skip; -+ xc+=MIN(n-xc,skip); - if (ps & 0x80) { - unsigned char val; -+ size_t len; - ps=-(signed char)ps; - val=fli_read_char(f); -- memset(&(pos[xc]), val, ps); -- xc+=ps; -+ len=MIN(n-xc,ps); -+ memset(&(pos[xc]), val, len); -+ xc+=len; - } else { -- fread(&(pos[xc]), ps, 1, f); -- xc+=ps; -+ size_t len; -+ len=MIN(n-xc,ps); -+ fread(&(pos[xc]), len, 1, f); -+ xc+=len; - } - } - } -@@ -689,7 +704,8 @@ void fli_read_lc_2(FILE *f, s_fli_header *fli_header, unsigned char *old_framebu - yc=0; - numline = fli_read_short(f); - for (lc=0; lc < numline; lc++) { -- unsigned short xc, pc, pcnt, lpf, lpn; -+ unsigned short pc, pcnt, lpf, lpn; -+ size_t n, xc; - pc=fli_read_short(f); - lpf=0; lpn=0; - while (pc & 0x8000) { -@@ -700,26 +716,30 @@ void fli_read_lc_2(FILE *f, s_fli_header *fli_header, unsigned char *old_framebu - } - pc=fli_read_short(f); - } -+ yc=MIN(yc, fli_header->height); - xc=0; - pos=framebuf+(fli_header->width * yc); -+ n=(size_t)fli_header->width * (fli_header->height-yc); - for (pcnt=pc; pcnt>0; pcnt--) { - unsigned short ps,skip; - skip=fli_read_char(f); - ps=fli_read_char(f); -- xc+=skip; -+ xc+=MIN(n-xc,skip); - if (ps & 0x80) { - unsigned char v1,v2; - ps=-(signed char)ps; - v1=fli_read_char(f); - v2=fli_read_char(f); -- while (ps>0) { -+ while (ps>0 && xc+1 -Date: Wed, 20 Dec 2017 13:02:38 +0100 -Subject: [PATCH] Bug 739134 - (CVE-2017-17786) Out of bounds read / heap - overflow in... -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -... TGA importer. - -Be more thorough on valid TGA RGB and RGBA images. -In particular current TGA plug-in can import RGBA as 32 bits (8 bits per -channel) and 16 bits (5 bits per color channel and 1 bit for alpha), and -RGB as 15 and 24 bits. -Maybe there exist more variants, but if they do exist, we simply don't -support them yet. - -Thanks to Hanno Böck for the report and a first patch attempt. - -(cherry picked from commit 674b62ad45b6579ec6d7923dc3cb1ef4e8b5498b) ---- - plug-ins/common/file-tga.c | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/plug-ins/common/file-tga.c b/plug-ins/common/file-tga.c -index aef98702d4..426acc2925 100644 ---- a/plug-ins/common/file-tga.c -+++ b/plug-ins/common/file-tga.c -@@ -564,12 +564,16 @@ load_image (const gchar *filename, - } - break; - case TGA_TYPE_COLOR: -- if (info.bpp != 15 && info.bpp != 16 && -- info.bpp != 24 && info.bpp != 32) -+ if ((info.bpp != 15 && info.bpp != 16 && -+ info.bpp != 24 && info.bpp != 32) || -+ ((info.bpp == 15 || info.bpp == 24) && -+ info.alphaBits != 0) || -+ (info.bpp == 16 && info.alphaBits != 1) || -+ (info.bpp == 32 && info.alphaBits != 8)) - { -- g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u)", -+ g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u, alpha = %u)", - gimp_filename_to_utf8 (filename), -- info.imageType, info.bpp); -+ info.imageType, info.bpp, info.alphaBits); - return -1; - } - break; --- -2.15.1 - -From 22e2571c25425f225abdb11a566cc281fca6f366 Mon Sep 17 00:00:00 2001 -From: Jehan -Date: Wed, 20 Dec 2017 13:26:26 +0100 -Subject: [PATCH] plug-ins: TGA 16-bit RGB (without alpha bit) is also valid. - -According to some spec on the web, 16-bit RGB is also valid. In this -case, the last bit is simply ignored (at least that's how it is -implemented right now). - -(cherry picked from commit 8ea316667c8a3296bce2832b3986b58d0fdfc077) ---- - plug-ins/common/file-tga.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/plug-ins/common/file-tga.c b/plug-ins/common/file-tga.c -index 426acc2925..eb14a1dadc 100644 ---- a/plug-ins/common/file-tga.c -+++ b/plug-ins/common/file-tga.c -@@ -568,7 +568,8 @@ load_image (const gchar *filename, - info.bpp != 24 && info.bpp != 32) || - ((info.bpp == 15 || info.bpp == 24) && - info.alphaBits != 0) || -- (info.bpp == 16 && info.alphaBits != 1) || -+ (info.bpp == 16 && info.alphaBits != 1 && -+ info.alphaBits != 0) || - (info.bpp == 32 && info.alphaBits != 8)) - { - g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u, alpha = %u)", --- -2.15.1 - diff --git a/gnu/packages/patches/gimp-CVE-2017-17787.patch b/gnu/packages/patches/gimp-CVE-2017-17787.patch deleted file mode 100644 index b5310d33d9..0000000000 --- a/gnu/packages/patches/gimp-CVE-2017-17787.patch +++ /dev/null @@ -1,42 +0,0 @@ -Fix CVE-2017-17787: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17787 -https://bugzilla.gnome.org/show_bug.cgi?id=790853 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/gimp/commit/?id=87ba505fff85989af795f4ab6a047713f4d9381d - -From 87ba505fff85989af795f4ab6a047713f4d9381d Mon Sep 17 00:00:00 2001 -From: Jehan -Date: Thu, 21 Dec 2017 12:49:41 +0100 -Subject: [PATCH] Bug 790853 - (CVE-2017-17787) heap overread in psp importer. - -As any external data, we have to check that strings being read at fixed -length are properly nul-terminated. - -(cherry picked from commit eb2980683e6472aff35a3117587c4f814515c74d) ---- - plug-ins/common/file-psp.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c -index 4cbafe37b1..e350e4d88d 100644 ---- a/plug-ins/common/file-psp.c -+++ b/plug-ins/common/file-psp.c -@@ -890,6 +890,12 @@ read_creator_block (FILE *f, - g_free (string); - return -1; - } -+ if (string[length - 1] != '\0') -+ { -+ g_message ("Creator keyword data not nul-terminated"); -+ g_free (string); -+ return -1; -+ } - switch (keyword) - { - case PSP_CRTR_FLD_TITLE: --- -2.15.1 - diff --git a/gnu/packages/patches/gimp-CVE-2017-17789.patch b/gnu/packages/patches/gimp-CVE-2017-17789.patch deleted file mode 100644 index 6dfa435fd0..0000000000 --- a/gnu/packages/patches/gimp-CVE-2017-17789.patch +++ /dev/null @@ -1,48 +0,0 @@ -Fix CVE-2017-17789: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17789 -https://bugzilla.gnome.org/show_bug.cgi?id=790849 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/gimp/commit/?id=01898f10f87a094665a7fdcf7153990f4e511d3f - -From 01898f10f87a094665a7fdcf7153990f4e511d3f Mon Sep 17 00:00:00 2001 -From: Jehan -Date: Wed, 20 Dec 2017 16:44:20 +0100 -Subject: [PATCH] Bug 790849 - (CVE-2017-17789) CVE-2017-17789 Heap buffer - overflow... - -... in PSP importer. -Check if declared block length is valid (i.e. within the actual file) -before going further. -Consider the file as broken otherwise and fail loading it. - -(cherry picked from commit 28e95fbeb5720e6005a088fa811f5bf3c1af48b8) ---- - plug-ins/common/file-psp.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c -index ac0fff78f0..4cbafe37b1 100644 ---- a/plug-ins/common/file-psp.c -+++ b/plug-ins/common/file-psp.c -@@ -1771,6 +1771,15 @@ load_image (const gchar *filename, - { - block_start = ftell (f); - -+ if (block_start + block_total_len > st.st_size) -+ { -+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, -+ _("Could not open '%s' for reading: %s"), -+ gimp_filename_to_utf8 (filename), -+ _("invalid block size")); -+ goto error; -+ } -+ - if (id == PSP_IMAGE_BLOCK) - { - if (block_number != 0) --- -2.15.1 - -- cgit 1.4.1 From b2086776f1466cdb8096eec0b75a52fcf169d7cd Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Wed, 23 May 2018 09:53:08 +0200 Subject: gnu: gimp-fourier: Fix build. * gnu/packages/gimp.scm (gimp-fourier)[arguments]: Copy gegl-0.4.pc to gegl-0.3.pc in the configure phase. [inputs]: Add gegl. --- gnu/packages/gimp.scm | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'gnu/packages/gimp.scm') diff --git a/gnu/packages/gimp.scm b/gnu/packages/gimp.scm index f2e020b560..08b2d2a43f 100644 --- a/gnu/packages/gimp.scm +++ b/gnu/packages/gimp.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2014, 2015 Ludovic Courtès -;;; Copyright © 2016 Ricardo Wurmus +;;; Copyright © 2016, 2018 Ricardo Wurmus ;;; Copyright © 2016, 2017 Efraim Flashner ;;; Copyright © 2018 Tobias Geerinckx-Rice ;;; Copyright © 2018 Leo Famulari @@ -196,7 +196,18 @@ that is extensible via a plugin system.") `(#:tests? #f ;no tests #:phases (modify-phases %standard-phases - (delete 'configure) + ;; FIXME: The gegl package only installs "gegl-0.4.pc", but + ;; "gimp-2.0.pc" requires "gegl-0.3.pc", so we just copy it. + (replace 'configure + (lambda* (#:key inputs #:allow-other-keys) + (mkdir-p "tmppkgconfig") + (copy-file (string-append (assoc-ref inputs "gegl") + "/lib/pkgconfig/gegl-0.4.pc") + "tmppkgconfig/gegl-0.3.pc") + (setenv "PKG_CONFIG_PATH" + (string-append "tmppkgconfig:" + (or (getenv "PKG_CONFIG_PATH") ""))) + #t)) (add-after 'unpack 'set-prefix (lambda* (#:key outputs #:allow-other-keys) ;; gimptool-2.0 does not allow us to install to any target @@ -215,6 +226,7 @@ that is extensible via a plugin system.") ("gimp" ,gimp) ;; needed by gimp-2.0.pc ("gdk-pixbuf" ,gdk-pixbuf) + ("gegl" ,gegl) ("cairo" ,cairo) ("glib" ,glib) ;; needed by gimpui-2.0.pc -- cgit 1.4.1 From 5686be393b6a784aec13422af73515bba88e2f9c Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Tue, 29 May 2018 23:02:02 +0200 Subject: gnu: mypaint-brushes: Fix build. * gnu/packages/gimp.scm (mypaint-brushes)[arguments]: Remove bootstrap phase; add "relax-dependency-version" phase. --- gnu/packages/gimp.scm | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'gnu/packages/gimp.scm') diff --git a/gnu/packages/gimp.scm b/gnu/packages/gimp.scm index 08b2d2a43f..15a90e103f 100644 --- a/gnu/packages/gimp.scm +++ b/gnu/packages/gimp.scm @@ -284,10 +284,14 @@ brushstrokes which is used by MyPaint and GIMP.") "055j2rgkav2024zl6y5hxb2ra0vbx58607d6sz7ml2351r1bcjvh")))) (build-system gnu-build-system) (arguments - '(#:phases + `(#:phases (modify-phases %standard-phases - (add-after 'unpack 'bootstrap - (lambda _ (invoke "sh" "./autogen.sh")))))) + (add-after 'unpack 'relax-dependency-version + (lambda _ + (substitute* "autogen.sh" + (("automake-1.13") "automake") + (("aclocal-1.13") "aclocal")) + #t))))) (native-inputs `(("autoconf" ,autoconf) ("automake" ,automake))) -- cgit 1.4.1 From e5bbfc7df0a99faa1bb1cf28114363205c166cef Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Tue, 29 May 2018 23:13:25 +0200 Subject: gnu: mypaint-brushes: Fetch source from git. * gnu/packages/gimp.scm (mypaint-brushes)[source]: Fetch source from git. --- gnu/packages/gimp.scm | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'gnu/packages/gimp.scm') diff --git a/gnu/packages/gimp.scm b/gnu/packages/gimp.scm index 15a90e103f..628d285e45 100644 --- a/gnu/packages/gimp.scm +++ b/gnu/packages/gimp.scm @@ -23,6 +23,7 @@ (define-module (gnu packages gimp) #:use-module (guix packages) #:use-module (guix download) + #:use-module (guix git-download) #:use-module (guix utils) #:use-module ((guix licenses) #:prefix license:) #:use-module (guix build-system gnu) @@ -275,13 +276,14 @@ brushstrokes which is used by MyPaint and GIMP.") (name "mypaint-brushes") (version "1.3.0") (source (origin - (method url-fetch) - (uri (string-append "https://github.com/Jehan/mypaint-brushes/" - "archive/v" version ".tar.gz")) - (file-name (string-append name "-" version ".tar.gz")) + (method git-fetch) + (uri (git-reference + (url "https://github.com/Jehan/mypaint-brushes.git") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) (sha256 (base32 - "055j2rgkav2024zl6y5hxb2ra0vbx58607d6sz7ml2351r1bcjvh")))) + "1iz89z6v2mp8j1lrf942k561s8311i3s34ap36wh4rybb2lq15m0")))) (build-system gnu-build-system) (arguments `(#:phases -- cgit 1.4.1