- Mar 22, 2018
-
-
- Mar 19, 2018
-
-
Michael Natterer authored
gimp_image_add_colormap_entry(): increment private->n_colors *before* calling gimp_image_colormap_set_palette_entry() so it actually adds an entry. (cherry picked from commit 28d9e43f)
-
- Mar 12, 2018
-
-
- Mar 11, 2018
-
-
- Mar 01, 2018
-
-
Dimitris Spingos authored
-
- Feb 25, 2018
-
-
-
-
Jehan authored
Fontconfig has a new slowness issue, this time apparently because of locked cache files, preventing a successful cache update. See: https://bugs.freedesktop.org/show_bug.cgi?id=99360 Furthermore the slowness apparently happens at every GIMP startup, and also even when GIMP closes according to various reports. So let's bump Fontconfig version (for Win32 builds only). Also let's not make it a recommendation anymore, but a requirement. That makes quite a few Win32-specific fontconfig bugs which have been fixed, and most are quite serious so this should not be considered as optional anymore, I guess. (cherry picked from commit 36625e08, and amended to adapt to gimp-2-8 configure)
-
- Feb 22, 2018
-
-
- Feb 11, 2018
-
- Feb 08, 2018
-
-
- Jan 08, 2018
-
-
- Jan 05, 2018
-
-
Piotr Drąg authored
-
Jehan authored
This reverts commit c57f9dcf. The CVE is still fixed but now in a different way. Commit 4fa0cd4d passes instead the accurate string length when using the string, hence making it work even when not NUL-terminated. This has the advantage of having the GBR file loaded in the end, despite such file format error. I am personally not persuaded this is the best path since a file with such an error may either be corrupted, or worse may have been constructed on purpose to be harmful, so rejecting it directly may be the safe choice. Nevertheless I may also be too doubtful and maybe trying to save a slightly corrupted file may be the nicest choice indeed.
-
The file formats GBR and PAT contain names which are supposed to be NUL-terminated within the files. If no such terminating NUL byte exists, the parsers of GBR and PAT trigger an out of boundary read during utf-8 conversion. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> (cherry picked from commit 4fa0cd4d)
-
(cherry picked from commit 657a754f)
-
- Dec 27, 2017
-
-
Jehan authored
Did a bit of archeology to get all the dates back. I didn't add any description. Not sure if we should bother that much for older versions (but most probably for upcoming version, would be useful). I also wanted to add URLs to the various news for each release, but appstream-util would fail, telling that hyperlinks are not allowed inside <p>. Unfortunately <release> tag cannot have a <url> child (nor a property) according to appstream docs. So for now, I'll just stick to date listing. (cherry picked from commit 3595ef9d)
-
- Dec 26, 2017
-
-
- Dec 25, 2017
-
-
- Dec 23, 2017
-
-
- Dec 22, 2017
-
-
-
It is possible to trigger a heap overflow while parsing FLI files. The RLE decoder is vulnerable to out of boundary writes due to lack of boundary checks. The variable "framebuf" points to a memory area which was allocated with fli_header->width * fli_header->height bytes. The RLE decoder therefore must never write beyond that limit. If an illegal frame is detected, the parser won't stop, which means that the next valid sequence is properly parsed again. This should allow GIMP to parse FLI files as good as possible even if they are broken by an attacker or by accident. While at it, I changed the variable xc to be of type size_t, because the multiplication of width and height could overflow a 16 bit type. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> (cherry picked from commit edb251a7)
-
- Dec 21, 2017
-
- Dec 20, 2017
-
-
Piotr Drąg authored
-
Jehan authored
... TGA importer. Be more thorough on valid TGA RGB and RGBA images. In particular current TGA plug-in can import RGBA as 32 bits (8 bits per channel) and 16 bits (5 bits per color channel and 1 bit for alpha), and RGB as 15 and 24 bits. Maybe there exist more variants, but if they do exist, we simply don't support them yet. Thanks to Hanno Böck for the report and a first patch attempt. (cherry picked from commit 674b62ad)
-
- Dec 02, 2017
-
-
- Nov 29, 2017
-
-
...selection on the canvas if the editor dialog is active do not copy to the clipboard the text selected, copy it instead when selected with keys <Shift>-left/right. (cherry picked from commit aa293ae9)
-
- Nov 28, 2017
-
-
Dimitris Spingos authored
-
- Oct 29, 2017
-
-
- Oct 25, 2017
-
- Oct 24, 2017
-
-
A malicious XMC file can contain an invalid TOC count, which could lead to an out of boundary write on 32 bit systems due to integer overflow. This error occurs during thumbnail creation. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> (cherry picked from commit 9a073508)
-