diff --git a/app-in-plug-ins-fix-invalid-parameter-names-instead-of-rejecting-procedur.patch b/app-in-plug-ins-fix-invalid-parameter-names-instead-of-rejecting-procedur.patch new file mode 100644 index 0000000000000000000000000000000000000000..39eb78a58d66be81d12395205eddbb317942244c --- /dev/null +++ b/app-in-plug-ins-fix-invalid-parameter-names-instead-of-rejecting-procedur.patch @@ -0,0 +1,409 @@ +From 930742df5fdf961319d4d5d45dcc120ce58bed34 Mon Sep 17 00:00:00 2001 +From: konglidong +Date: Tue, 22 Feb 2022 15:44:34 +0800 +Subject: [PATCH] app: in plug-ins, fix invalid parameter names instead of + rejecting procedur + +--- + app/pdb/gimp-pdb-compat.c | 107 +++++++++++++++++++++++-------- + app/pdb/gimp-pdb-compat.h | 3 +- + app/plug-in/gimpplugin-message.c | 102 ++++++++++++++++++++++++++--- + app/plug-in/plug-in-rc.c | 2 +- + 4 files changed, 177 insertions(+), 37 deletions(-) + +diff --git a/app/pdb/gimp-pdb-compat.c b/app/pdb/gimp-pdb-compat.c +index 48266bb..cf99fe0 100644 +--- a/app/pdb/gimp-pdb-compat.c ++++ b/app/pdb/gimp-pdb-compat.c +@@ -32,6 +32,10 @@ + #include "gimppdb.h" + #include "gimp-pdb-compat.h" + ++/* local function prototypes */ ++ ++static gchar * gimp_pdb_compat_fix_param_name (const gchar *name); ++ + + /* public functions */ + +@@ -39,137 +43,143 @@ GParamSpec * + gimp_pdb_compat_param_spec (Gimp *gimp, + GimpPDBArgType arg_type, + const gchar *name, +- const gchar *desc) ++ const gchar *desc, ++ gboolean *name_valid) + { + GParamSpec *pspec = NULL; ++ gchar *real_name; + + g_return_val_if_fail (GIMP_IS_GIMP (gimp), NULL); + g_return_val_if_fail (name != NULL, NULL); + ++ real_name = gimp_pdb_compat_fix_param_name (name); ++ ++ if (name_valid) *name_valid = ! strcmp (name, real_name); ++ + switch (arg_type) + { + case GIMP_PDB_INT32: +- pspec = gimp_param_spec_int32 (name, name, desc, ++ pspec = gimp_param_spec_int32 (real_name, real_name, desc, + G_MININT32, G_MAXINT32, 0, + G_PARAM_READWRITE); + break; + + case GIMP_PDB_INT16: +- pspec = gimp_param_spec_int16 (name, name, desc, ++ pspec = gimp_param_spec_int16 (real_name, real_name, desc, + G_MININT16, G_MAXINT16, 0, + G_PARAM_READWRITE); + break; + + case GIMP_PDB_INT8: +- pspec = gimp_param_spec_int8 (name, name, desc, ++ pspec = gimp_param_spec_int8 (real_name, real_name, desc, + 0, G_MAXUINT8, 0, + G_PARAM_READWRITE); + break; + + case GIMP_PDB_FLOAT: +- pspec = g_param_spec_double (name, name, desc, ++ pspec = g_param_spec_double (real_name, real_name, desc, + -G_MAXDOUBLE, G_MAXDOUBLE, 0.0, + G_PARAM_READWRITE); + break; + + case GIMP_PDB_STRING: +- pspec = gimp_param_spec_string (name, name, desc, ++ pspec = gimp_param_spec_string (real_name, real_name, desc, + TRUE, TRUE, FALSE, + NULL, + G_PARAM_READWRITE); + break; + + case GIMP_PDB_INT32ARRAY: +- pspec = gimp_param_spec_int32_array (name, name, desc, ++ pspec = gimp_param_spec_int32_array (real_name, real_name, desc, + G_PARAM_READWRITE); + break; + + case GIMP_PDB_INT16ARRAY: +- pspec = gimp_param_spec_int16_array (name, name, desc, ++ pspec = gimp_param_spec_int16_array (real_name, real_name, desc, + G_PARAM_READWRITE); + break; + + case GIMP_PDB_INT8ARRAY: +- pspec = gimp_param_spec_int8_array (name, name, desc, ++ pspec = gimp_param_spec_int8_array (real_name, real_name, desc, + G_PARAM_READWRITE); + break; + + case GIMP_PDB_FLOATARRAY: +- pspec = gimp_param_spec_float_array (name, name, desc, ++ pspec = gimp_param_spec_float_array (real_name, real_name, desc, + G_PARAM_READWRITE); + break; + + case GIMP_PDB_STRINGARRAY: +- pspec = gimp_param_spec_string_array (name, name, desc, ++ pspec = gimp_param_spec_string_array (real_name, real_name, desc, + G_PARAM_READWRITE); + break; + + case GIMP_PDB_COLOR: +- pspec = gimp_param_spec_rgb (name, name, desc, ++ pspec = gimp_param_spec_rgb (real_name, real_name, desc, + TRUE, NULL, + G_PARAM_READWRITE); + break; + + case GIMP_PDB_ITEM: +- pspec = gimp_param_spec_item_id (name, name, desc, ++ pspec = gimp_param_spec_item_id (real_name, real_name, desc, + gimp, TRUE, + G_PARAM_READWRITE); + break; + + case GIMP_PDB_DISPLAY: +- pspec = gimp_param_spec_display_id (name, name, desc, ++ pspec = gimp_param_spec_display_id (real_name, real_name, desc, + gimp, TRUE, + G_PARAM_READWRITE); + break; + + case GIMP_PDB_IMAGE: +- pspec = gimp_param_spec_image_id (name, name, desc, ++ pspec = gimp_param_spec_image_id (real_name, real_name, desc, + gimp, TRUE, + G_PARAM_READWRITE); + break; + + case GIMP_PDB_LAYER: +- pspec = gimp_param_spec_layer_id (name, name, desc, ++ pspec = gimp_param_spec_layer_id (real_name, real_name, desc, + gimp, TRUE, + G_PARAM_READWRITE); + break; + + case GIMP_PDB_CHANNEL: +- pspec = gimp_param_spec_channel_id (name, name, desc, ++ pspec = gimp_param_spec_channel_id (real_name, real_name, desc, + gimp, TRUE, + G_PARAM_READWRITE); + break; + + case GIMP_PDB_DRAWABLE: +- pspec = gimp_param_spec_drawable_id (name, name, desc, ++ pspec = gimp_param_spec_drawable_id (real_name, real_name, desc, + gimp, TRUE, + G_PARAM_READWRITE); + break; + + case GIMP_PDB_SELECTION: +- pspec = gimp_param_spec_selection_id (name, name, desc, ++ pspec = gimp_param_spec_selection_id (real_name, real_name, desc, + gimp, TRUE, + G_PARAM_READWRITE); + break; + + case GIMP_PDB_COLORARRAY: +- pspec = gimp_param_spec_color_array (name, name, desc, ++ pspec = gimp_param_spec_color_array (real_name, real_name, desc, + G_PARAM_READWRITE); + break; + + case GIMP_PDB_VECTORS: +- pspec = gimp_param_spec_vectors_id (name, name, desc, ++ pspec = gimp_param_spec_vectors_id (real_name, real_name, desc, + gimp, TRUE, + G_PARAM_READWRITE); + break; + + case GIMP_PDB_PARASITE: +- pspec = gimp_param_spec_parasite (name, name, desc, ++ pspec = gimp_param_spec_parasite (real_name, real_name, desc, + G_PARAM_READWRITE); + break; + + case GIMP_PDB_STATUS: +- pspec = g_param_spec_enum (name, name, desc, ++ pspec = g_param_spec_enum (real_name, real_name, desc, + GIMP_TYPE_PDB_STATUS_TYPE, + GIMP_PDB_EXECUTION_ERROR, + G_PARAM_READWRITE); +@@ -180,9 +190,15 @@ gimp_pdb_compat_param_spec (Gimp *gimp, + } + + if (! pspec) +- g_warning ("%s: returning NULL for %s (%s)", +- G_STRFUNC, name, gimp_pdb_compat_arg_type_to_string (arg_type)); ++ { ++ g_warning ("%s: returning NULL for %s (%s)", ++ G_STRFUNC, ++ real_name, ++ gimp_pdb_compat_arg_type_to_string (arg_type)); ++ } + ++ g_free (real_name); ++ + return pspec; + } + +@@ -501,3 +517,44 @@ gimp_pdb_compat_procs_register (GimpPDB *pdb, + compat_procs[i].new_name); + } + } ++ ++/* private functions */ ++ ++/* Since GLib 2.63.3, invalid param-spec names are rejected upon creation. ++ * This impacts procedure parameters and return-values, which are stored as ++ * param-specs internally. Since this requirement wasn't previously enforced, ++ * keep supporting arbitrary parameter names in gimp-2. ++ * ++ * See issues #4392 and #4641. ++ */ ++static gchar * ++gimp_pdb_compat_fix_param_name (const gchar *name) ++{ ++ GString *new_name; ++ ++ new_name = g_string_new (NULL); ++ ++ /* First character must be a letter. */ ++ if ((name[0] < 'A' || name[0] > 'Z') && ++ (name[0] < 'a' || name[0] > 'z')) ++ { ++ g_string_append (new_name, "param-"); ++ } ++ ++ for (; *name; name++) ++ { ++ gchar c = *name; ++ ++ if ((c < 'A' || c > 'Z') && ++ (c < 'a' || c > 'z') && ++ (c < '0' || c > '9') && ++ c != '-' && c != '_') ++ { ++ c = '-'; ++ } ++ ++ g_string_append_c (new_name, c); ++ } ++ ++ return g_string_free (new_name, FALSE); ++} +diff --git a/app/pdb/gimp-pdb-compat.h b/app/pdb/gimp-pdb-compat.h +index 74c2695..7f12fdf 100644 +--- a/app/pdb/gimp-pdb-compat.h ++++ b/app/pdb/gimp-pdb-compat.h +@@ -22,7 +22,8 @@ + GParamSpec * gimp_pdb_compat_param_spec (Gimp *gimp, + GimpPDBArgType arg_type, + const gchar *name, +- const gchar *desc); ++ const gchar *desc, ++ gboolean *name_valid); + + GType gimp_pdb_compat_arg_type_to_gtype (GimpPDBArgType type); + GimpPDBArgType gimp_pdb_compat_arg_type_from_gtype (GType type); +diff --git a/app/plug-in/gimpplugin-message.c b/app/plug-in/gimpplugin-message.c +index cdbdb27..56a86bd 100644 +--- a/app/plug-in/gimpplugin-message.c ++++ b/app/plug-in/gimpplugin-message.c +@@ -844,24 +844,106 @@ gimp_plug_in_handle_proc_install (GimpPlugIn *plug_in, + + for (i = 0; i < proc_install->nparams; i++) + { +- GParamSpec *pspec = +- gimp_pdb_compat_param_spec (plug_in->manager->gimp, +- proc_install->params[i].type, +- proc_install->params[i].name, +- proc_install->params[i].description); ++ GParamSpec *pspec; ++ gboolean name_valid; ++ ++ pspec = gimp_pdb_compat_param_spec (plug_in->manager->gimp, ++ proc_install->params[i].type, ++ proc_install->params[i].name, ++ proc_install->params[i].description, ++ &name_valid); + + gimp_procedure_add_argument (procedure, pspec); ++ ++ if (pspec && ! name_valid) ++ { ++ switch (plug_in->manager->gimp->pdb_compat_mode) ++ { ++ case GIMP_PDB_COMPAT_ON: ++ break; ++ ++ case GIMP_PDB_COMPAT_WARN: ++ gimp_message (plug_in->manager->gimp, NULL, GIMP_MESSAGE_WARNING, ++ "Plug-in \"%s\"\n(%s)\n" ++ "attempted to install procedure \"%s\" " ++ "with invalid parameter name \"%s\".\n" ++ "This is deprecated.\n" ++ "The parameter name was changed to \"%s\".", ++ gimp_object_get_name (plug_in), ++ gimp_file_get_utf8_name (plug_in->file), ++ gimp_object_get_name (proc), ++ proc_install->params[i].name, ++ pspec->name); ++ break; ++ ++ case GIMP_PDB_COMPAT_OFF: ++ gimp_message (plug_in->manager->gimp, NULL, GIMP_MESSAGE_ERROR, ++ "Plug-in \"%s\"\n(%s)\n" ++ "attempted to install procedure \"%s\" " ++ "with invalid parameter name \"%s\".\n" ++ "This is not allowed.", ++ gimp_object_get_name (plug_in), ++ gimp_file_get_utf8_name (plug_in->file), ++ gimp_object_get_name (proc), ++ proc_install->params[i].name); ++ ++ g_object_unref (proc); ++ ++ return; ++ } ++ } + } + + for (i = 0; i < proc_install->nreturn_vals; i++) + { +- GParamSpec *pspec = +- gimp_pdb_compat_param_spec (plug_in->manager->gimp, +- proc_install->return_vals[i].type, +- proc_install->return_vals[i].name, +- proc_install->return_vals[i].description); ++ GParamSpec *pspec; ++ gboolean name_valid; ++ ++ pspec = gimp_pdb_compat_param_spec (plug_in->manager->gimp, ++ proc_install->return_vals[i].type, ++ proc_install->return_vals[i].name, ++ proc_install->return_vals[i].description, ++ &name_valid); + + gimp_procedure_add_return_value (procedure, pspec); ++ ++ if (pspec && ! name_valid) ++ { ++ switch (plug_in->manager->gimp->pdb_compat_mode) ++ { ++ case GIMP_PDB_COMPAT_ON: ++ break; ++ ++ case GIMP_PDB_COMPAT_WARN: ++ gimp_message (plug_in->manager->gimp, NULL, GIMP_MESSAGE_WARNING, ++ "Plug-in \"%s\"\n(%s)\n" ++ "attempted to install procedure \"%s\" " ++ "with invalid return-value name \"%s\".\n" ++ "This is deprecated.\n" ++ "The return-value name was changed to \"%s\".", ++ gimp_object_get_name (plug_in), ++ gimp_file_get_utf8_name (plug_in->file), ++ gimp_object_get_name (proc), ++ proc_install->return_vals[i].name, ++ pspec->name); ++ break; ++ ++ case GIMP_PDB_COMPAT_OFF: ++ gimp_message (plug_in->manager->gimp, NULL, GIMP_MESSAGE_ERROR, ++ "Plug-in \"%s\"\n(%s)\n" ++ "attempted to install procedure \"%s\" " ++ "with invalid return-value name \"%s\".\n" ++ "This is not allowed.", ++ gimp_object_get_name (plug_in), ++ gimp_file_get_utf8_name (plug_in->file), ++ gimp_object_get_name (proc), ++ proc_install->return_vals[i].name); ++ ++ g_object_unref (proc); ++ ++ return; ++ } ++ } + } + + /* Sanity check menu path */ +diff --git a/app/plug-in/plug-in-rc.c b/app/plug-in/plug-in-rc.c +index 87bd8e7..afb38ed 100644 +--- a/app/plug-in/plug-in-rc.c ++++ b/app/plug-in/plug-in-rc.c +@@ -784,7 +784,7 @@ plug_in_proc_arg_deserialize (GScanner *scanner, + + token = G_TOKEN_LEFT_PAREN; + +- pspec = gimp_pdb_compat_param_spec (gimp, arg_type, name, desc); ++ pspec = gimp_pdb_compat_param_spec (gimp, arg_type, name, desc, NULL); + + if (return_value) + gimp_procedure_add_return_value (procedure, pspec); +-- +2.27.0 + diff --git a/gimp.spec b/gimp.spec index 1b9988521ea2b7e56ed9e7dec9055330a3912bd4..ad7ca94ab7a2ad283eccad611d66272fa3861366 100644 --- a/gimp.spec +++ b/gimp.spec @@ -1,6 +1,6 @@ Name: gimp Version: 2.10.6 -Release: 9 +Release: 10 Epoch: 2 Summary: A versatile graphics manipulation package License: GPLv3+ and GPLv3 @@ -9,6 +9,7 @@ URL: http://www.gimp.org/ Source0: http://download.gimp.org/pub/gimp/v2.10/gimp-2.10.6.tar.bz2 Patch6000: backport-CVE-2018-12713.patch Patch6001: CVE-2021-45463.patch +Patch6002: app-in-plug-ins-fix-invalid-parameter-names-instead-of-rejecting-procedur.patch %global apiversion 2.0 %global textversion 20 @@ -255,6 +256,9 @@ make check %{?_smp_mflags} %{_mandir}/man*/* %changelog +* Wed Mar 02 2022 konglidong - 2:2.10.6-10 +- fix invalid parameter names instead of rejecting procedure + * Fri Jan 07 2022 yaoxin - 2:2.10.6-9 - Fix CVE-2021-45463