diff options
| author | Liguros - Gitlab CI/CD [develop] <gitlab@liguros.net> | 2026-04-12 19:11:06 +0000 |
|---|---|---|
| committer | Liguros - Gitlab CI/CD [develop] <gitlab@liguros.net> | 2026-04-12 19:11:06 +0000 |
| commit | 1a1f5db8827d7864f74b2f19b88aadd126b462d0 (patch) | |
| tree | 1bb31895b92ab571db3841f81faf6632157225ca /media-gfx | |
| parent | 00756a7495ccc0455ef2adbeb2237a02f1aa2629 (diff) | |
| download | baldeagleos-repo-1a1f5db8827d7864f74b2f19b88aadd126b462d0.tar.gz baldeagleos-repo-1a1f5db8827d7864f74b2f19b88aadd126b462d0.tar.xz baldeagleos-repo-1a1f5db8827d7864f74b2f19b88aadd126b462d0.zip | |
Adding metadata
Diffstat (limited to 'media-gfx')
16 files changed, 110 insertions, 818 deletions
diff --git a/media-gfx/brscan5/Manifest b/media-gfx/brscan5/Manifest new file mode 100644 index 000000000000..f0af11ee055c --- /dev/null +++ b/media-gfx/brscan5/Manifest @@ -0,0 +1 @@ +DIST brscan5-1.5.1-0.amd64.deb 562206 BLAKE2B 40329fe646ea0800f6c16c2228ef8b38a5462b3161657ae577eed5641cbd351b428e7ce44656092a65903d758aae15f0bb42d91ea911461895dc7ef11058c80f SHA512 a281540611620e8d3682788b7917bca321da92882e06abe66baf34f337522ea01aa887efa9ff1bba4a59bb896d8b719eea4c6d976bcb219f13e652b353a16e8c diff --git a/media-gfx/brscan5/brscan5-1.5.1.0.ebuild b/media-gfx/brscan5/brscan5-1.5.1.0.ebuild new file mode 100644 index 000000000000..d3e71b113755 --- /dev/null +++ b/media-gfx/brscan5/brscan5-1.5.1.0.ebuild @@ -0,0 +1,89 @@ +# Copyright 1999-2026 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit unpacker udev + +DESCRIPTION="SANE driver for Brother scanners (brscan5)" +HOMEPAGE="https://support.brother.com/g/b/index.aspx" +SRC_URI="https://download.brother.com/welcome/dlf104033/${PN}-$(ver_rs 3 -).amd64.deb" +S="${WORKDIR}/opt/brother/scanner/brscan5" + +LICENSE="Brother" +SLOT="0" +KEYWORDS="~amd64" +RESTRICT="bindist mirror strip" + +RDEPEND=" + dev-libs/libusb:1 + media-gfx/sane-backends + net-dns/avahi[dbus] + sys-apps/dbus + virtual/libudev +" + +QA_PREBUILT="opt/brother/*" + +src_install() { + local brscan=/opt/brother/scanner/brscan5 + + # Install the full Brother scanner tree to /opt + insinto ${brscan} + doins -r * + + # Mark executables + fperms 0755 ${brscan}/{brsaneconfig5,brscan_cnetconfig,setupSaneScan5} + + # Mark libraries executable + find "${ED}"${brscan} -name '*.so*' -exec chmod 0755 {} + || die + + # Internal Brother libraries are dlopen'd by the SANE backend at runtime. + # Make them discoverable via ld.so.conf.d rather than symlinking into /usr/lib64. + insinto /etc/ld.so.conf.d + newins - 50-${PN}.conf <<< ${brscan} + + # SANE's dll backend searches only LIBDIR (/usr/lib64/sane/) for backend + # .so files via fopen(), ignoring the ld.so cache. This symlink is needed + # even with ld.so.conf.d above. + # https://gitlab.com/sane-project/backends/-/blob/1.4.0/backend/dll.c#L482 + dosym -r ${brscan}/libsane-brother5.so.1.0.7 \ + /usr/lib64/sane/libsane-brother5.so.1 + + # SANE dll.d configuration + insinto /etc/sane.d/dll.d + newins - ${PN} <<< brother5 + + # brscan5 configuration + insinto /etc/opt/brother/scanner/brscan5 + doins brscan5.ini + doins brsanenetdevice.cfg + + # User-facing binary symlink + dosym -r ${brscan}/brsaneconfig5 /usr/bin/brsaneconfig5 + + # udev rules (strip deprecated SYSFS entries, install with clean name) + sed -i '/SYSFS/d' udev-rules/NN-brother-mfp-brscan5-1.0.2-2.rules || die + udev_newrules udev-rules/NN-brother-mfp-brscan5-1.0.2-2.rules 40-${PN}.rules +} + +pkg_postinst() { + udev_reload + + # https://bugs.gentoo.org/961463 + ldconfig -X + + # HOSTNAME is "BRW" followed by MAC for wi-fi + # HOSTNAME is "BRN" followed by MAC for etherent + elog "Your scanner's HOSTNAME can be discovered via avahi:" + elog " avahi-browse -rt _scanner._tcp" + elog "To connect a network scanner using network discovery:" + elog " brsaneconfig5 -a name=SCANNER model=MODEL nodename=HOSTNAME.local" +} + +pkg_postrm() { + udev_reload + + # https://bugs.gentoo.org/961463 + ldconfig -X +} diff --git a/media-gfx/brscan5/metadata.xml b/media-gfx/brscan5/metadata.xml new file mode 100644 index 000000000000..db8500a91fb2 --- /dev/null +++ b/media-gfx/brscan5/metadata.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "https://liguros.gitlab.io/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>anthonyryan1@gmail.com</email> + <name>Anthony Ryan</name> + </maintainer> + <maintainer type="project"> + <email>proxy-maint@gentoo.org</email> + <name>Proxy Maintainers</name> + </maintainer> + <longdescription> + Brother brscan5 scanner driver for SANE. Required for USB-connected + Brother scanners and provides better quality scanning compared to + driverless (airscan) for many network-connected Brother devices. + </longdescription> + + <origin>gentoo-staging</origin> +</pkgmetadata>
\ No newline at end of file diff --git a/media-gfx/gimp/files/gimp-2.10.38-ZDI-CAN-27823.patch b/media-gfx/gimp/files/gimp-2.10.38-ZDI-CAN-27823.patch deleted file mode 100644 index 95023eae1da5..000000000000 --- a/media-gfx/gimp/files/gimp-2.10.38-ZDI-CAN-27823.patch +++ /dev/null @@ -1,76 +0,0 @@ -https://bugs.gentoo.org/965334 -https://www.zerodayinitiative.com/advisories/ZDI-25-978/ -https://gitlab.gnome.org/GNOME/gimp/-/issues/14814 -https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2449 -https://gitlab.gnome.org/GNOME/gimp/-/commit/4eb106f2bff2d9b8e518aa455a884c6f38d70c6a - -From 345c79b73b1a6d0fbdc11ff86899a3d0a9c8c003 Mon Sep 17 00:00:00 2001 -From: Jacob Boerema <jgboerema@gmail.com> -Date: Wed, 3 Sep 2025 18:37:26 -0400 -Subject: [PATCH] plug-ins: fix ZDI-CAN-27823 - -GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution -Vulnerability. - -Check offset in colormap is valid before writing to it. - -Cherry-picked to 2.10 and modified to work correctly with this context: -ea68d87b66ec53e3cc5073993bd84ed96ce59590 -44ebcee901f25180b8b9b04f6d26474919557f0d ---- a/plug-ins/common/file-xwd.c -+++ b/plug-ins/common/file-xwd.c -@@ -183,7 +183,8 @@ static gint32 load_xwd_f2_d8_b8 (const gchar *filename, - static gint32 load_xwd_f2_d16_b16 (const gchar *filename, - FILE *ifp, - L_XWDFILEHEADER *xwdhdr, -- L_XWDCOLOR *xwdcolmap); -+ L_XWDCOLOR *xwdcolmap, -+ GError **error); - static gint32 load_xwd_f2_d24_b32 (const gchar *filename, - FILE *ifp, - L_XWDFILEHEADER *xwdhdr, -@@ -581,7 +582,7 @@ load_image (const gchar *filename, - } - else if ((depth <= 16) && (bpp == 16)) - { -- image_ID = load_xwd_f2_d16_b16 (filename, ifp, &xwdhdr, xwdcolmap); -+ image_ID = load_xwd_f2_d16_b16 (filename, ifp, &xwdhdr, xwdcolmap, error); - } - else if ((depth <= 24) && ((bpp == 24) || (bpp == 32))) - { -@@ -1543,7 +1544,8 @@ static gint32 - load_xwd_f2_d16_b16 (const gchar *filename, - FILE *ifp, - L_XWDFILEHEADER *xwdhdr, -- L_XWDCOLOR *xwdcolmap) -+ L_XWDCOLOR *xwdcolmap, -+ GError **error) - { - register guchar *dest, lsbyte_first; - gint width, height, linepad, i, j, c0, c1, ncols; -@@ -1606,9 +1608,20 @@ load_xwd_f2_d16_b16 (const gchar *filename, - greenval = (green * 255) / maxgreen; - for (blue = 0; blue <= maxblue; blue++) - { -+ guint32 offset = ((red << redshift) + (green << greenshift) + -+ (blue << blueshift)) * 3; -+ -+ if (offset+2 >= maxval) -+ { -+ g_set_error (error, GIMP_PLUG_IN_ERROR, 0, -+ _("Invalid colormap offset. Possibly corrupt image.")); -+ g_free (data); -+ g_free (ColorMap); -+ g_object_unref (buffer); -+ return -1; -+ } - blueval = (blue * 255) / maxblue; -- cm = ColorMap + ((red << redshift) + (green << greenshift) -- + (blue << blueshift)) * 3; -+ cm = ColorMap + offset; - *(cm++) = redval; - *(cm++) = greenval; - *cm = blueval; --- -2.51.2 - diff --git a/media-gfx/gimp/files/gimp-2.10.38-ZDI-CAN-27863.patch b/media-gfx/gimp/files/gimp-2.10.38-ZDI-CAN-27863.patch deleted file mode 100644 index 47d24434779c..000000000000 --- a/media-gfx/gimp/files/gimp-2.10.38-ZDI-CAN-27863.patch +++ /dev/null @@ -1,149 +0,0 @@ -https://bugs.gentoo.org/969286 -https://www.zerodayinitiative.com/advisories/ZDI-25-911/ -https://gitlab.gnome.org/GNOME/gimp/-/issues/14811 -https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2444 -https://gitlab.gnome.org/GNOME/gimp/-/commit/0f309f9a8d82f43fa01383bc5a5c41d28727d9e3 - -From ea423250c1f3dca4a1cea15e2644c5b04fda478b Mon Sep 17 00:00:00 2001 -From: Jacob Boerema <jgboerema@gmail.com> -Date: Wed, 3 Sep 2025 13:31:45 -0400 -Subject: [PATCH] plug-ins: fix dicom plug-in ZDI-CAN-27863 - -GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution -Vulnerability - -This adds more safety checks and sets actual GError's instead of just -calling gimp_quit. - -Cherry-picked from 3d909166463731e94dfe62042d76225ecfc4c1e4 - -Cherry-picked to 2.10 and modified to work correctly with this context: -6bca8c4f8970d976c731463f938ae39df3c3fd4c -72df7883ef503bc81a2e1498bfcb842dd97da221 ---- a/plug-ins/common/file-dicom.c -+++ b/plug-ins/common/file-dicom.c -@@ -330,6 +330,7 @@ load_image (const gchar *filename, - gint bits_stored = 0; - gint high_bit = 0; - guint8 *pix_buf = NULL; -+ guint64 pixbuf_size = 0; - gboolean is_signed = FALSE; - guint8 in_sequence = 0; - gboolean implicit_encoding = FALSE; -@@ -385,6 +386,7 @@ load_image (const gchar *filename, - guint16 ctx_us; - guint8 *value; - guint32 tag; -+ size_t actual_read; - - if (fread (&group_word, 1, 2, DICOM) == 0) - break; -@@ -489,15 +491,24 @@ load_image (const gchar *filename, - - if (element_length >= (G_MAXUINT - 6)) - { -- g_message ("'%s' seems to have an incorrect value field length.", -- gimp_filename_to_utf8 (filename)); -- gimp_quit (); -+ g_set_error (error, GIMP_PLUG_IN_ERROR, 0, -+ _("'%s' has an an incorrect value for field size. Possibly corrupt image."), -+ gimp_filename_to_utf8 (filename)); -+ g_free (dicominfo); -+ fclose (DICOM); -+ return -1; - } - - /* Read contents. Allocate a bit more to make room for casts to int - below. */ - value = g_new0 (guint8, element_length + 4); -- fread (value, 1, element_length, DICOM); -+ actual_read = fread (value, 1, element_length, DICOM); -+ if (actual_read < element_length) -+ { -+ g_warning ("Missing data: needed %u bytes, got %u. Possibly corrupt image.", -+ element_length, (guint32) actual_read); -+ element_length = actual_read; -+ } - - /* ignore everything inside of a sequence */ - if (in_sequence) -@@ -510,7 +521,7 @@ load_image (const gchar *filename, - if (big_endian && group_word != 0x0002) - ctx_us = GUINT16_SWAP_LE_BE (ctx_us); - -- g_debug ("group: %04x, element: %04x, length: %d", -+ g_debug ("group: %04x, element: %04x, length: %u", - group_word, element_word, element_length); - g_debug ("Value: %s", (char*)value); - /* Recognize some critical tags */ -@@ -644,6 +655,7 @@ load_image (const gchar *filename, - if (group_word == 0x7fe0 && element_word == 0x0010) - { - pix_buf = value; -+ pixbuf_size = element_length; - } - else - { -@@ -674,25 +686,50 @@ load_image (const gchar *filename, - } - } - -+ g_debug ("Bpp: %d, wxh: %u x %u, spp: %d\n", bpp, width, height, samples_per_pixel); -+ - if ((bpp != 8) && (bpp != 16)) - { -- g_message ("'%s' has a bpp of %d which GIMP cannot handle.", -- gimp_filename_to_utf8 (filename), bpp); -- gimp_quit (); -+ g_set_error (error, GIMP_PLUG_IN_ERROR, 0, -+ _("'%s' has a bpp of %d which GIMP cannot handle."), -+ gimp_filename_to_utf8 (filename), bpp); -+ g_free (pix_buf); -+ g_free (dicominfo); -+ fclose (DICOM); -+ return -1; - } - - if ((width > GIMP_MAX_IMAGE_SIZE) || (height > GIMP_MAX_IMAGE_SIZE)) - { -- g_message ("'%s' has a larger image size (%d x %d) than GIMP can handle.", -- gimp_filename_to_utf8 (filename), width, height); -- gimp_quit (); -+ g_set_error (error, GIMP_PLUG_IN_ERROR, 0, -+ _("'%s' has a larger image size (%d x %d) than GIMP can handle."), -+ gimp_filename_to_utf8 (filename), width, height); -+ g_free (pix_buf); -+ g_free (dicominfo); -+ fclose (DICOM); -+ return -1; - } - - if (samples_per_pixel > 3) - { -- g_message ("'%s' has samples per pixel of %d which GIMP cannot handle.", -- gimp_filename_to_utf8 (filename), samples_per_pixel); -- gimp_quit (); -+ g_set_error (error, GIMP_PLUG_IN_ERROR, 0, -+ _("'%s' has samples per pixel of %d which GIMP cannot handle."), -+ gimp_filename_to_utf8 (filename), samples_per_pixel); -+ g_free (pix_buf); -+ g_free (dicominfo); -+ fclose (DICOM); -+ return -1; -+ } -+ -+ if ((guint64) width * height * (bpp >> 3) * samples_per_pixel > pixbuf_size) -+ { -+ g_set_error (error, GIMP_PLUG_IN_ERROR, 0, -+ _("'%s' has not enough pixel data. Possibly corrupt image."), -+ gimp_filename_to_utf8 (filename)); -+ g_free (pix_buf); -+ g_free (dicominfo); -+ fclose (DICOM); -+ return -1; - } - - dicominfo->width = width; --- -2.52.0 - diff --git a/media-gfx/gimp/files/gimp-2.10.38-ZDI-CAN-28158.patch b/media-gfx/gimp/files/gimp-2.10.38-ZDI-CAN-28158.patch deleted file mode 100644 index 0d481e86f2f1..000000000000 --- a/media-gfx/gimp/files/gimp-2.10.38-ZDI-CAN-28158.patch +++ /dev/null @@ -1,28 +0,0 @@ -https://bugs.gentoo.org/969287 -https://gitlab.gnome.org/GNOME/gimp/-/issues/15287 -https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2569 -https://gitlab.gnome.org/GNOME/gimp/-/commit/112a5e038f0646eae5ae314988ec074433d2b365 - -From 90716a8407adc9c4683b556422594d4590e83b69 Mon Sep 17 00:00:00 2001 -From: Gabriele Barbero <barbero.gabriele03@gmail.com> -Date: Fri, 5 Dec 2025 19:13:01 +0100 -Subject: [PATCH] ZDI-CAN-28158: use g_malloc0 instead of g_malloc - -To avoid accessing uninitialized memory, replace calls to g_malloc with -g_malloc0 which initializes the allocated memory to zero. - -Cherry-picked from 112a5e038f0646eae5ae314988ec074433d2b365 ---- a/plug-ins/common/file-pnm.c -+++ b/plug-ins/common/file-pnm.c -@@ -571,7 +571,7 @@ load_image (GFile *file, - return -1; - - /* allocate the necessary structures */ -- pnminfo = g_new (PNMInfo, 1); -+ pnminfo = g_new0 (PNMInfo, 1); - - scan = NULL; - /* set error handling */ --- -2.52.0 - diff --git a/media-gfx/gimp/files/gimp-2.10.38-ZDI-CAN-28232.patch b/media-gfx/gimp/files/gimp-2.10.38-ZDI-CAN-28232.patch deleted file mode 100644 index b643f6094991..000000000000 --- a/media-gfx/gimp/files/gimp-2.10.38-ZDI-CAN-28232.patch +++ /dev/null @@ -1,34 +0,0 @@ -https://bugs.gentoo.org/969287 -https://www.zerodayinitiative.com/advisories/ZDI-25-1196/ -https://gitlab.gnome.org/GNOME/gimp/-/issues/15284 -https://gitlab.gnome.org/GNOME/gimp/-/commit/03575ac8cbb0ef3103b0a15d6598475088dcc15e - -From 112f04950ff06a0ccf548f9a7fd49bd63aaf8b58 Mon Sep 17 00:00:00 2001 -From: Jacob Boerema <jgboerema@gmail.com> -Date: Sat, 20 Dec 2025 10:10:48 -0500 -Subject: [PATCH] plug-ins: fix #15284 ZDI-CAN-28232 vulnerability in - file-psp - -We were not checking whether channel types were valid for grayscale -images. Using a blue color channel caused an invalid computation of -the offset which could cause us to access an invalid memory location. - -Now we separate RGB from non-RGB images when checking which channels -are valid, and if not return with an error. - -Cherry-picked from 03575ac8cbb0ef3103b0a15d6598475088dcc15e ---- a/plug-ins/common/file-psp.c -+++ b/plug-ins/common/file-psp.c -@@ -2020,7 +2020,8 @@ read_layer_block (FILE *f, - } - else - { -- if (channel_type > PSP_CHANNEL_BLUE) -+ if ((ia->base_type == GIMP_RGB && channel_type > PSP_CHANNEL_BLUE) || -+ (ia->base_type != GIMP_RGB && channel_type >= PSP_CHANNEL_RED)) - { - g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, - _("Invalid channel type %d in channel information chunk"), --- -2.52.0 - diff --git a/media-gfx/gimp/files/gimp-2.10.38-ZDI-CAN-28248.patch b/media-gfx/gimp/files/gimp-2.10.38-ZDI-CAN-28248.patch deleted file mode 100644 index 70ab57c39b97..000000000000 --- a/media-gfx/gimp/files/gimp-2.10.38-ZDI-CAN-28248.patch +++ /dev/null @@ -1,82 +0,0 @@ -https://bugs.gentoo.org/969287 -https://www.zerodayinitiative.com/advisories/ZDI-25-1139/ -https://gitlab.gnome.org/GNOME/gimp/-/issues/15285 -https://gitlab.gnome.org/GNOME/gimp/-/commit/cd1c88a0364ad1444c06536731972a99bd8643fd - -From e337ed744103c424cc4a069769bcb6328742566d Mon Sep 17 00:00:00 2001 -From: Alx Sa <cmyk.student@gmail.com> -Date: Wed, 12 Nov 2025 13:25:44 +0000 -Subject: [PATCH] plug-ins: Mitigate ZDI-CAN-28248 for JP2 images - -Resolves #15285 -Per the report, it's possible to exceed the size of the pixel buffer -with a high precision_scaled value, as we size it to the width * bpp. -This patch includes precision_scaled in the allocation calculation. -It also adds a g_size_checked_mul () check to ensure there's no -overflow, and moves the pixel and buffer memory freeing to occur -in the out section so that it always runs even on failure. - -Cherry-picked from cd1c88a0364ad1444c06536731972a99bd8643fd - -Cherry-picked to 2.10 and modified to work correctly with this context -6bca8c4f8970d976c731463f938ae39df3c3fd4c -19c57a9765ac3451c9cde94ccb06bec5ae06fbd8 ---- a/plug-ins/common/file-jp2-load.c -+++ b/plug-ins/common/file-jp2-load.c -@@ -1050,14 +1050,15 @@ load_image (const gchar *filename, - GimpColorProfile *profile; - gint32 image_ID; - gint32 layer_ID; -+ GeglBuffer *buffer = NULL; -+ guchar *pixels = NULL; -+ gsize pixels_size; - GimpImageType image_type; - GimpImageBaseType base_type; - gint width; - gint height; - gint num_components; -- GeglBuffer *buffer; - gint i, j, k, it; -- guchar *pixels; - const Babl *file_format; - gint bpp; - GimpPrecision image_precision; -@@ -1298,7 +1299,16 @@ load_image (const gchar *filename, - bpp = babl_format_get_bytes_per_pixel (file_format); - - buffer = gimp_drawable_get_buffer (layer_ID); -- pixels = g_new0 (guchar, width * bpp); -+ -+ if (! g_size_checked_mul (&pixels_size, width, (bpp * (precision_scaled / 8)))) -+ { -+ g_set_error (error, GIMP_PLUG_IN_ERROR, 0, -+ _("Defined row size is too large in JP2 image '%s'."), -+ gimp_filename_to_utf8 (filename)); -+ goto out; -+ } -+ pixels = g_new0 (guchar, pixels_size); -+ - - for (i = 0; i < height; i++) - { -@@ -1324,13 +1334,13 @@ load_image (const gchar *filename, - gegl_buffer_set (buffer, GEGL_RECTANGLE (0, i, width, 1), 0, - file_format, pixels, GEGL_AUTO_ROWSTRIDE); - } -- -- g_free (pixels); -- -- g_object_unref (buffer); - gimp_progress_update (1.0); - - out: -+ if (pixels) -+ g_free (pixels); -+ if (buffer) -+ g_object_unref (buffer); - if (profile) - g_object_unref (profile); - if (image) --- -2.52.0 - diff --git a/media-gfx/gimp/files/gimp-2.10.38-ZDI-CAN-28265.patch b/media-gfx/gimp/files/gimp-2.10.38-ZDI-CAN-28265.patch deleted file mode 100644 index 59cad581aa02..000000000000 --- a/media-gfx/gimp/files/gimp-2.10.38-ZDI-CAN-28265.patch +++ /dev/null @@ -1,40 +0,0 @@ -https://bugs.gentoo.org/969287 -https://gitlab.gnome.org/GNOME/gimp/-/issues/15293 -https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2597 -https://gitlab.gnome.org/GNOME/gimp/-/commit/68b27dfb1cbd9b3f22d7fa624dbab8647ee5f275 - -From 8092982213651dcab8b6b76730d0d2a7c147a448 Mon Sep 17 00:00:00 2001 -From: Jacob Boerema <jgboerema@gmail.com> -Date: Thu, 15 Jan 2026 10:12:07 -0500 -Subject: [PATCH] plug-ins: fix #15293 security issue ZDI-CAN-28265 - -Just like we did in commit 4eb106f2bff2d9b8e518aa455a884c6f38d70c6a -we need to make sure that the offset in the colormap is valid before -using it, before using it to compute the RGB values. - -Cherry-picked from 68b27dfb1cbd9b3f22d7fa624dbab8647ee5f275 - -Cherry-picked to 2.10 and modified to work correctly with this context: -44ebcee901f25180b8b9b04f6d26474919557f0d ---- a/plug-ins/common/file-xwd.c -+++ b/plug-ins/common/file-xwd.c -@@ -1637,7 +1637,15 @@ load_xwd_f2_d16_b16 (const gchar *filename, - - for (j = 0; j < ncols; j++) - { -- cm = ColorMap + xwdcolmap[j].l_pixel * 3; -+ goffset offset = xwdcolmap[j].l_pixel * 3; -+ -+ if (offset+2 >= maxval) -+ { -+ g_set_error (error, GIMP_PLUG_IN_ERROR, 0, -+ _("Invalid colormap offset. Possibly corrupt image.")); -+ return -1; -+ } -+ cm = ColorMap + offset; - *(cm++) = (xwdcolmap[j].l_red >> 8); - *(cm++) = (xwdcolmap[j].l_green >> 8); - *cm = (xwdcolmap[j].l_blue >> 8); --- -2.52.0 - diff --git a/media-gfx/gimp/files/gimp-2.10.38-ZDI-CAN-28273.patch b/media-gfx/gimp/files/gimp-2.10.38-ZDI-CAN-28273.patch deleted file mode 100644 index 9b7f3256b2c5..000000000000 --- a/media-gfx/gimp/files/gimp-2.10.38-ZDI-CAN-28273.patch +++ /dev/null @@ -1,64 +0,0 @@ -https://bugs.gentoo.org/969287 -https://www.zerodayinitiative.com/advisories/ZDI-CAN-28273/ -https://gitlab.gnome.org/GNOME/gimp/-/issues/15286 -https://gitlab.gnome.org/GNOME/gimp/-/commit/4ff2d773d58064e6130495de498e440f4a6d5edb - -From 62389832a62f6df8a1fca9cbd197b5441b0e32f5 Mon Sep 17 00:00:00 2001 -From: Alx Sa <cmyk.student@gmail.com> -Date: Sun, 23 Nov 2025 16:43:51 +0000 -Subject: [PATCH] plug-ins: Fix ZDI-CAN-28273 - -Resolves #15286 -Adds a check to the memory allocation -in pnm_load_raw () with g_size_checked_mul () -to see if the size would go out of bounds. -If so, we don't try to allocate and load the -image. - -Cherry-picked from 4ff2d773d58064e6130495de498e440f4a6d5edb ---- a/plug-ins/common/file-pnm.c -+++ b/plug-ins/common/file-pnm.c -@@ -554,7 +554,7 @@ load_image (GFile *file, - GError **error) - { - GInputStream *input; -- GeglBuffer *buffer; -+ GeglBuffer *buffer = NULL; - gint32 volatile image_ID = -1; - gint32 layer_ID; - char buf[BUFLEN + 4]; /* buffer for random things like scanning */ -@@ -584,6 +584,9 @@ load_image (GFile *file, - g_object_unref (input); - g_free (pnminfo); - -+ if (buffer) -+ g_object_unref (buffer); -+ - if (image_ID != -1) - gimp_image_delete (image_ID); - -@@ -819,6 +822,7 @@ pnm_load_raw (PNMScanner *scan, - GInputStream *input; - gint bpc; - guchar *data, *d; -+ gsize data_size; - gushort *s; - gint x, y, i; - gint start, end, scanlines; -@@ -829,7 +833,12 @@ pnm_load_raw (PNMScanner *scan, - bpc = 1; - - /* No overflow as long as gimp_tile_height() < 1365 = 2^(31 - 18) / 6 */ -- data = g_new (guchar, gimp_tile_height () * info->xres * info->np * bpc); -+ if (! g_size_checked_mul (&data_size, gimp_tile_height (), info->xres) || -+ ! g_size_checked_mul (&data_size, data_size, info->np) || -+ ! g_size_checked_mul (&data_size, data_size, bpc)) -+ CHECK_FOR_ERROR (FALSE, info->jmpbuf, _("Unsupported maximum value.")); -+ -+ data = g_new (guchar, data_size); - - input = pnmscanner_input (scan); - --- -2.52.0 - diff --git a/media-gfx/gimp/files/gimp-2.10.38-ZDI-CAN-28591.patch b/media-gfx/gimp/files/gimp-2.10.38-ZDI-CAN-28591.patch deleted file mode 100644 index 9f09e703d871..000000000000 --- a/media-gfx/gimp/files/gimp-2.10.38-ZDI-CAN-28591.patch +++ /dev/null @@ -1,88 +0,0 @@ -https://bugs.gentoo.org/969287 -https://gitlab.gnome.org/GNOME/gimp/-/issues/15554 -https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2586 -https://gitlab.gnome.org/GNOME/gimp/-/commit/57712677007793118388c5be6fb8231f22a2b341 - -From df7e93ad6223caa3d5d2d9cfc1a5019dcba3cde3 Mon Sep 17 00:00:00 2001 -From: Alx Sa <cmyk.student@gmail.com> -Date: Wed, 31 Dec 2025 14:45:15 +0000 -Subject: [PATCH] plug-ins: Add OoB check for loading XWD - -Resolves #15554 -This patch adds a check for if our pointer arithmetic -exceeds the memory allocated for the dest array. If so, -we throw an error rather than access memory outside -the bounds. - -Cherry-picked from 57712677007793118388c5be6fb8231f22a2b341 ---- a/plug-ins/common/file-xwd.c -+++ b/plug-ins/common/file-xwd.c -@@ -2116,6 +2116,7 @@ load_xwd_f1_d24_b1 (const gchar *filename, - gulong redmask, greenmask, bluemask; - guint redshift, greenshift, blueshift; - gulong g; -+ guint32 maxval; - guchar redmap[256], greenmap[256], bluemap[256]; - guchar bit_reverse[256]; - guchar *xwddata, *xwdin, *data; -@@ -2206,7 +2207,8 @@ load_xwd_f1_d24_b1 (const gchar *filename, - &layer_ID, &buffer); - - tile_height = gimp_tile_height (); -- data = g_malloc (tile_height * width * bytes_per_pixel); -+ data = g_malloc (tile_height * width * bytes_per_pixel); -+ maxval = tile_height * width * bytes_per_pixel; - - ncols = xwdhdr->l_colormap_entries; - if (xwdhdr->l_ncolors < ncols) -@@ -2231,6 +2233,8 @@ load_xwd_f1_d24_b1 (const gchar *filename, - - for (tile_start = 0; tile_start < height; tile_start += tile_height) - { -+ guint current_dest = 0; -+ - memset (data, 0, width*tile_height*bytes_per_pixel); - - tile_end = tile_start + tile_height - 1; -@@ -2254,7 +2258,18 @@ load_xwd_f1_d24_b1 (const gchar *filename, - else /* 3 bytes per pixel */ - { - fromright = xwdhdr->l_pixmap_depth-1-plane; -- dest += 2 - fromright/8; -+ -+ current_dest += 2 - fromright / 8; -+ if (current_dest < maxval) -+ { -+ dest += 2 - fromright / 8; -+ } -+ else -+ { -+ err = 1; -+ break; -+ } -+ - outmask = (1 << (fromright % 8)); - } - -@@ -2309,7 +2324,17 @@ load_xwd_f1_d24_b1 (const gchar *filename, - - if (g & inmask) - *dest |= outmask; -- dest += bytes_per_pixel; -+ -+ current_dest += bytes_per_pixel; -+ if (current_dest < maxval) -+ { -+ dest += bytes_per_pixel; -+ } -+ else -+ { -+ err = 1; -+ break; -+ } - - inmask >>= 1; - } --- -2.52.0 - diff --git a/media-gfx/gimp/files/gimp-2.10.38-ZDI-CAN-28599.patch b/media-gfx/gimp/files/gimp-2.10.38-ZDI-CAN-28599.patch deleted file mode 100644 index 13520ca29dbf..000000000000 --- a/media-gfx/gimp/files/gimp-2.10.38-ZDI-CAN-28599.patch +++ /dev/null @@ -1,89 +0,0 @@ -https://gitlab.gnome.org/GNOME/gimp/-/issues/15555 -https://gitlab.gnome.org/GNOME/gimp/-/commit/c54bf22acb04b83ae38ed50add58f300e898dd81 - -From e7d10ae2d8c2d96dd838fdec754eaf255e1d1d97 Mon Sep 17 00:00:00 2001 -From: Alx Sa <cmyk.student@gmail.com> -Date: Fri, 26 Dec 2025 15:49:45 +0000 -Subject: [PATCH] plug-ins: Add more fread () checks in ICO loading - -Resolves #15555 - -This patch adds some guards for ico_read_int8 (), -which was used for loading palettes and maps -without verifying that it returned the same number -of bytes as what it tried to read in. - -Cherry-picked from c54bf22acb04b83ae38ed50add58f300e898dd81 ---- a/plug-ins/file-ico/ico-load.c -+++ b/plug-ins/file-ico/ico-load.c -@@ -69,7 +69,9 @@ ico_read_int32 (FILE *fp, - total = count; - if (count > 0) - { -- ico_read_int8 (fp, (guint8 *) data, count * 4); -+ if (ico_read_int8 (fp, (guint8 *) data, count * 4) != (count * 4)) -+ return FALSE; -+ - for (i = 0; i < count; i++) - data[i] = GUINT32_FROM_LE (data[i]); - } -@@ -88,7 +90,9 @@ ico_read_int16 (FILE *fp, - total = count; - if (count > 0) - { -- ico_read_int8 (fp, (guint8 *) data, count * 2); -+ if (ico_read_int8 (fp, (guint8 *) data, count * 2) != (count * 2)) -+ return FALSE; -+ - for (i = 0; i < count; i++) - data[i] = GUINT16_FROM_LE (data[i]); - } -@@ -109,8 +113,8 @@ ico_read_int8 (FILE *fp, - while (count > 0) - { - bytes = fread ((gchar *) data, sizeof (gchar), count, fp); -- if (bytes <= 0) /* something bad happened */ -- break; -+ if (bytes != count) /* something bad happened */ -+ return -1; - - count -= bytes; - data += bytes; -@@ -481,16 +485,31 @@ ico_read_icon (FILE *fp, - data.used_clrs, data.bpp)); - - palette = g_new0 (guint32, data.used_clrs); -- ico_read_int8 (fp, (guint8 *) palette, data.used_clrs * 4); -+ if (ico_read_int8 (fp, -+ (guint8 *) palette, -+ data.used_clrs * 4) != (data.used_clrs * 4)) -+ { -+ D(("skipping image: too large\n")); -+ return FALSE; -+ } -+ - } - - xor_map = ico_alloc_map (w, h, data.bpp, &length); -- ico_read_int8 (fp, xor_map, length); -+ if (ico_read_int8 (fp, xor_map, length) != length) -+ { -+ D(("skipping image: too large\n")); -+ return FALSE; -+ } - D((" length of xor_map: %i\n", length)); - - /* Read in and_map. It's padded out to 32 bits per line: */ - and_map = ico_alloc_map (w, h, 1, &length); -- ico_read_int8 (fp, and_map, length); -+ if (! ico_read_int8 (fp, and_map, length) != length) -+ { -+ D(("skipping image: too large\n")); -+ return FALSE; -+ } - D((" length of and_map: %i\n", length)); - - dest_vec = (guint32 *) buf; --- -2.52.0 - diff --git a/media-gfx/gimp/files/gimp-2.10.38-fix-psp-overflow.patch b/media-gfx/gimp/files/gimp-2.10.38-fix-psp-overflow.patch deleted file mode 100644 index 20805a356f53..000000000000 --- a/media-gfx/gimp/files/gimp-2.10.38-fix-psp-overflow.patch +++ /dev/null @@ -1,46 +0,0 @@ -https://gitlab.gnome.org/GNOME/gimp/-/issues/15732 -https://gitlab.gnome.org/GNOME/gimp/-/commit/d9d0f5b4e642dd5b101e70728042027d568bb01d - -From 12eb87a32d70556fb413c0741ed38fd89fc96447 Mon Sep 17 00:00:00 2001 -From: Jacob Boerema <jgboerema@gmail.com> -Date: Fri, 23 Jan 2026 11:35:50 -0500 -Subject: [PATCH] plug-ins: Fix #15732 PSP File Parsing Integer - Overflow... - -Leading to Heap Corruption - -An integer overflow vulnerability has been identified in the PSP -(Paint Shop Pro) file parser of GIMP. The issue occurs in the -read_creator_block() function, where the Creator metadata block is -processed. Specifically, a 32-bit length value read from the file is -used directly for memory allocation without proper validation. -Trigger -> when length is set to 0xFFFFFFFF - -To fix this, we check that using that length doesn't exceed the end -of the creator block. If it does, we return with an error message. - -Cherry-picked from d9d0f5b4e642dd5b101e70728042027d568bb01d ---- a/plug-ins/common/file-psp.c -+++ b/plug-ins/common/file-psp.c -@@ -983,7 +983,17 @@ read_creator_block (FILE *f, - } - keyword = GUINT16_FROM_LE (keyword); - length = GUINT32_FROM_LE (length); -- switch (keyword) -+ -+ if ((goffset) ftell (f) + length > (goffset) data_start + total_len) -+ { -+ /* FIXME: After string freeze is over, we should consider changing -+ * this error message to be a bit more descriptive. */ -+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, -+ _("Error reading creator keyword data")); -+ return -1; -+ } -+ -+ switch (keyword) - { - case PSP_CRTR_FLD_TITLE: - case PSP_CRTR_FLD_ARTIST: --- -2.52.0 - diff --git a/media-gfx/gimp/files/gimp-3.2.0-respect-NM.patch b/media-gfx/gimp/files/gimp-3.2.0-respect-NM.patch deleted file mode 100644 index 72bb733e17fb..000000000000 --- a/media-gfx/gimp/files/gimp-3.2.0-respect-NM.patch +++ /dev/null @@ -1,73 +0,0 @@ -https://bugs.gentoo.org/968162 -https://gitlab.gnome.org/GNOME/gimp/-/commit/4828b2d3f7950efe1d3b72be60ad33dd896f433d -https://gitlab.gnome.org/GNOME/gimp/-/commit/21851685364e0dde80df1d42d3c97495ef8ee1d8 - -From 4828b2d3f7950efe1d3b72be60ad33dd896f433d Mon Sep 17 00:00:00 2001 -From: Alfred Wingate <parona@protonmail.com> -Date: Sun, 15 Mar 2026 20:13:06 +0200 -Subject: [PATCH 1/2] tools: allow use of NM env variable - -Bug: https://bugs.gentoo.org/968162 -Signed-off-by: Alfred Wingate <parona@protonmail.com> ---- a/libgimp/meson.build -+++ b/libgimp/meson.build -@@ -628,6 +628,8 @@ else - endif - - if not platform_osx and host_cpu_family != 'x86' -+ nm = find_program('nm', required: false) -+ - # Verify .def files for Windows linking. - # We check this on non-Windows platform (Debian) on CI, and on Windows itself. - custom_target('check-def-files', -@@ -653,6 +655,7 @@ if not platform_osx and host_cpu_family != 'x86' - libgimpthumb, - libgimpwidgets - ], -+ env: nm.found() ? { 'NM': nm.full_path() } : {}, - output: [ 'check-def-files', ], - command: [ - python, meson.project_source_root() / 'tools' / 'defcheck.py', meson.project_source_root(), ---- a/tools/defcheck.py -+++ b/tools/defcheck.py -@@ -31,7 +31,7 @@ Needs the tool "nm", "objdump" or "dumpbin" to work - - import os, sys, subprocess, shutil - --from os import path -+from os import getenv, path - - def_files = ( - "libgimpbase/gimpbase.def", -@@ -55,7 +55,7 @@ if len(sys.argv) > 1: - sys.exit (-1) - - libextension = ".so" --command = "nm --defined-only --extern-only " -+command = getenv("NM", default="nm") + " --defined-only --extern-only " - libprefix = "lib" - platform_linux = True - --- -GitLab - - -From 21851685364e0dde80df1d42d3c97495ef8ee1d8 Mon Sep 17 00:00:00 2001 -From: Alfred Wingate <parona@protonmail.com> -Date: Sun, 15 Mar 2026 20:13:49 +0200 -Subject: [PATCH 2/2] tools: include error message to ease debugging - -Signed-off-by: Alfred Wingate <parona@protonmail.com> ---- a/tools/defcheck.py -+++ b/tools/defcheck.py -@@ -102,6 +102,7 @@ for df in def_files: - status, nm = subprocess.getstatusoutput (command + libname) - if status != 0: - print("trouble reading {} - has it been compiled?".format(libname)) -+ print(nm) - have_errors = -1 - continue - --- -GitLab - diff --git a/media-gfx/qrca/qrca-25.12.3-r1.ebuild b/media-gfx/qrca/qrca-25.12.3-r2.ebuild index 928ef2d5ae9d..068ac766e3dc 100644 --- a/media-gfx/qrca/qrca-25.12.3-r1.ebuild +++ b/media-gfx/qrca/qrca-25.12.3-r2.ebuild @@ -39,7 +39,7 @@ DEPEND=" networkmanager? ( >=kde-frameworks/networkmanager-qt-${KFMIN}:6 ) " RDEPEND="${DEPEND} - >=dev-qt/qtmultimedia-${QTMIN}:6[qml] + >=dev-qt/qtmultimedia-${QTMIN}:6[qml,v4l] >=kde-frameworks/kconfig-${KFMIN}:6[qml] >=kde-frameworks/prison-${KFMIN}:6[qml] " diff --git a/media-gfx/qrca/qrca-25.12.3.ebuild b/media-gfx/qrca/qrca-25.12.3.ebuild deleted file mode 100644 index df1c19e8927a..000000000000 --- a/media-gfx/qrca/qrca-25.12.3.ebuild +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright 2025-2026 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -ECM_TEST="true" -KDE_ORG_CATEGORY="utilities" -KFMIN=6.19.0 -QTMIN=6.10.1 -inherit ecm gear.kde.org xdg - -DESCRIPTION="Simple barcode scanner and QR code generator" -HOMEPAGE="https://apps.kde.org/qrca/" - -LICENSE="GPL-3+" -SLOT="0" -KEYWORDS="~amd64 ~arm64 ~ppc64 ~riscv ~x86" -IUSE="networkmanager" - -DEPEND=" - dev-libs/kirigami-addons:6 - >=dev-qt/qtbase-${QTMIN}:6[gui,widgets] - >=dev-qt/qtdeclarative-${QTMIN}:6 - >=dev-qt/qtmultimedia-${QTMIN}:6 - >=dev-qt/qtsvg-${QTMIN}:6 - >=kde-frameworks/kconfig-${KFMIN}:6 - >=kde-frameworks/kcontacts-${KFMIN}:6 - >=kde-frameworks/kcoreaddons-${KFMIN}:6 - >=kde-frameworks/kcrash-${KFMIN}:6 - >=kde-frameworks/kdbusaddons-${KFMIN}:6 - >=kde-frameworks/ki18n-${KFMIN}:6 - >=kde-frameworks/kio-${KFMIN}:6 - >=kde-frameworks/kirigami-${KFMIN}:6 - >=kde-frameworks/knotifications-${KFMIN}:6 - >=kde-frameworks/kservice-${KFMIN}:6 - >=kde-frameworks/kwidgetsaddons-${KFMIN}:6 - >=kde-frameworks/kxmlgui-${KFMIN}:6 - >=kde-frameworks/prison-${KFMIN}:6 - networkmanager? ( >=kde-frameworks/networkmanager-qt-${KFMIN}:6 ) -" -RDEPEND="${DEPEND}" - -src_configure() { - local mycmakeargs=( - $(cmake_use_find_package networkmanager KF6NetworkManagerQt) - ) - ecm_src_configure -} |