public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Than Ngo <than@redhat.com>
To: git-commits@fedoraproject.org
Subject: [rpms/krita] f44: - Fix rhbz#2481429, Update to 6.0.2.1
Date: Wed, 17 Jun 2026 07:59:09 GMT [thread overview]
Message-ID: <178168314942.1.1113568902712328028.rpms-krita-ba7f42593533@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/krita
Branch : f44
Commit : ba7f4259353352e9b666bf3d26164874d14adaf4
Author : Than Ngo <than@redhat.com>
Date : 2026-06-17T09:17:06+02:00
Stats : +54/-35 in 5 file(s)
URL : https://src.fedoraproject.org/rpms/krita/c/ba7f4259353352e9b666bf3d26164874d14adaf4?branch=f44
Log:
- Fix rhbz#2481429, Update to 6.0.2.1
- Fix rhbz#2476570, CVE-2026-42144: integer overflow in PNM size check bypasses memory guard
---
diff --git a/krita-6.0.0-appstream_validate.patch b/krita-6.0.0-appstream_validate.patch
deleted file mode 100644
index 654d668..0000000
--- a/krita-6.0.0-appstream_validate.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-diff -up a/krita/org.kde.krita.appdata.xml.me b/krita/org.kde.krita.appdata.xml
---- a/krita/org.kde.krita.appdata.xml 2024-12-11 12:32:50.719229357 +0100
-+++ b/krita/org.kde.krita.appdata.xml 2024-12-11 12:32:59.470425237 +0100
-@@ -590,21 +590,21 @@
- <caption xml:lang="en-GB">Or the active <a href="https://krita-artists.org">Krita Artists community</a></caption>
- <caption xml:lang="eo">Aŭ la aktiva <a href="https://krita-artists.org">Komunumo de Krita-Artistoj</a></caption>
- <caption xml:lang="es">O al activo <a href="https://krita-artists.org">La comunidad de artistas de Krita</a></caption>
-- <caption xml:lang="eu">Edo <a href="https://krita-artists.org">Krita Artisten komunitatea</a> aktiboa</caption>
-+ <caption xml:lang="eu">Edo <a href="https://krita-artists.org">Krita Artisten komunitatea aktiboa</a></caption>
- <caption xml:lang="fi">Tai aktiivinen <a href="https://krita-artists.org">Krita-taiteilijayhteisö</a></caption>
- <caption xml:lang="fr">Ou l'active <a href="https://krita-artists.org">La communauté d'artistes de Krita</a></caption>
-- <caption xml:lang="gl">Ou á activa <a href="https://krita-artists.org">comunidade de artistas de KDE</a>.</caption>
-- <caption xml:lang="he">או ה־<a href="https://krita-artists.org">קהילת האומנים של Krita</a> הפעיל</caption>
-+ <caption xml:lang="gl">Ou á activa <a href="https://krita-artists.org">comunidade de artistas de KDE.</a></caption>
-+ <caption xml:lang="he">או ה־<a href="https://krita-artists.org">קהילת האומנים של Krita הפעיל</a></caption>
- <caption xml:lang="hi">या सक्रिय <a href="https://krita-artists.org">क्रिता कलाकार समुदाय</a></caption>
-- <caption xml:lang="hu">vagy az aktív <a href="https://krita-artists.org">A Krita Művészek közössége</a> oldalunkhoz</caption>
-- <caption xml:lang="id">Atau <a href="https://krita-artists.org">Komunitas Pelukis Krita</a> yang aktif</caption>
-+ <caption xml:lang="hu">vagy az aktív <a href="https://krita-artists.org">A Krita Művészek közössége oldalunkhoz</a></caption>
-+ <caption xml:lang="id">yang aktif <a href="https://krita-artists.org">Komunitas Pelukis Krita yang aktif</a></caption>
- <caption xml:lang="it">O l'attiva <a href="https://krita-artists.org">Comunità degli Artisti di Krita</a></caption>
- <caption xml:lang="ja">または、活発な <a href="https://krita-artists.org">Krita アーティストコミュニティー</a></caption>
- <caption xml:lang="ka">ან აქტიური <a href="https://krita-artists.org">Krita -ის ხელვნების საზოგადოება</a></caption>
- <caption xml:lang="nl">Of het actieve <a href="https://krita-artists.org">Krita-artiestengemeenschap</a></caption>
- <caption xml:lang="nn">Eller det populære <a href="https://krita-artists.org">forumet for Krita-kunstnarar</a></caption>
- <caption xml:lang="pl">Lub aktywny <a href="https://krita-artists.org">Społeczność artystów Krity</a></caption>
-- <caption xml:lang="pt">Ou o <a href="https://krita-artists.org">Comunidade de Artistas do Krita</a> activo</caption>
-+ <caption xml:lang="pt">Ou o activo <a href="https://krita-artists.org">Comunidade de Artistas do Krita</a></caption>
- <caption xml:lang="pt-BR">Ou o ativo <a href="https://krita-artists.org">Comunidade de artistas do Krita</a></caption>
- <caption xml:lang="ru">Или активный <a href="https://krita-artists.org">Сообщество художников Krita</a></caption>
- <caption xml:lang="sl">Ali aktivni <a href="https://krita-artists.org">Skupnost ustvarjalce Krita Artists</a></caption>
diff --git a/krita-6.0.2.1-appstream_validate.patch b/krita-6.0.2.1-appstream_validate.patch
new file mode 100644
index 0000000..ee16483
--- /dev/null
+++ b/krita-6.0.2.1-appstream_validate.patch
@@ -0,0 +1,33 @@
+diff -up krita-6.0.2.1/krita/org.kde.krita.appdata.xml.me krita-6.0.2.1/krita/org.kde.krita.appdata.xml
+--- krita-6.0.2.1/krita/org.kde.krita.appdata.xml.me 2026-06-07 11:20:03.378116164 +0200
++++ krita-6.0.2.1/krita/org.kde.krita.appdata.xml 2026-06-07 11:25:58.833558620 +0200
+@@ -600,22 +600,22 @@
+ <caption xml:lang="en-GB">Or the active <a href="https://krita-artists.org">Krita Artists community</a></caption>
+ <caption xml:lang="eo">Aŭ la aktiva <a href="https://krita-artists.org">Komunumo de Krita-Artistoj</a></caption>
+ <caption xml:lang="es">O al activo <a href="https://krita-artists.org">La comunidad de artistas de Krita</a></caption>
+- <caption xml:lang="eu">Edo <a href="https://krita-artists.org">Krita Artisten komunitatea</a> aktiboa</caption>
++ <caption xml:lang="eu">Edo <a href="https://krita-artists.org">Krita Artisten komunitatea aktiboa</a></caption>
+ <caption xml:lang="fi">Tai aktiivinen <a href="https://krita-artists.org">Krita-taiteilijayhteisö</a></caption>
+ <caption xml:lang="fr">Ou l'active <a href="https://krita-artists.org">La communauté d'artistes de Krita</a></caption>
+- <caption xml:lang="ga">Nó an <a href="https://krita-artists.org">Pobal Ealaíontóirí Krita</a> gníomhach</caption>
+- <caption xml:lang="gl">Ou á activa <a href="https://krita-artists.org">comunidade de artistas de KDE</a>.</caption>
+- <caption xml:lang="he">או ה־<a href="https://krita-artists.org">קהילת האומנים של Krita</a> הפעיל</caption>
++ <caption xml:lang="ga">Nó an <a href="https://krita-artists.org">Pobal Ealaíontóirí Krita gníomhach</a></caption>
++ <caption xml:lang="gl">Ou á activa <a href="https://krita-artists.org">comunidade de artistas de KDE</a></caption>
++ <caption xml:lang="he">או ה־<a href="https://krita-artists.org">קהילת האומנים של Krita הפעיל</a></caption>
+ <caption xml:lang="hi">या सक्रिय <a href="https://krita-artists.org">क्रिता कलाकार समुदाय</a></caption>
+- <caption xml:lang="hu">vagy az aktív <a href="https://krita-artists.org">A Krita Művészek közössége</a> oldalunkhoz</caption>
+- <caption xml:lang="id">Atau <a href="https://krita-artists.org">Komunitas Pelukis Krita</a> yang aktif</caption>
++ <caption xml:lang="hu">vagy az aktív <a href="https://krita-artists.org">A Krita Művészek közössége oldalunkhoz</a></caption>
++ <caption xml:lang="id">Atau <a href="https://krita-artists.org">Komunitas Pelukis Krita yang aktif</a></caption>
+ <caption xml:lang="it">O l'attiva <a href="https://krita-artists.org">Comunità degli Artisti di Krita</a></caption>
+ <caption xml:lang="ja">または、活発な <a href="https://krita-artists.org">Krita アーティストコミュニティー</a></caption>
+ <caption xml:lang="ka">ან აქტიური <a href="https://krita-artists.org">Krita -ის ხელვნების საზოგადოება</a></caption>
+ <caption xml:lang="nl">Of het actieve <a href="https://krita-artists.org">Krita-artiestengemeenschap</a></caption>
+ <caption xml:lang="nn">Eller det populære <a href="https://krita-artists.org">forumet for Krita-kunstnarar</a></caption>
+ <caption xml:lang="pl">Lub aktywny <a href="https://krita-artists.org">Społeczność artystów Krity</a></caption>
+- <caption xml:lang="pt">Ou o <a href="https://krita-artists.org">Comunidade de Artistas do Krita</a> activo</caption>
++ <caption xml:lang="pt">Ou o <a href="https://krita-artists.org">Comunidade de Artistas do Krita activo</a></caption>
+ <caption xml:lang="pt-BR">Ou o ativo <a href="https://krita-artists.org">Comunidade de artistas do Krita</a></caption>
+ <caption xml:lang="ru">Или активный <a href="https://krita-artists.org">Сообщество художников Krita</a></caption>
+ <caption xml:lang="sk">Or the active <a href="https://krita-artists.org">Krita Artists community</a></caption>
diff --git a/krita-gmic-CVE-2026-42144.patch b/krita-gmic-CVE-2026-42144.patch
new file mode 100644
index 0000000..40b7f3c
--- /dev/null
+++ b/krita-gmic-CVE-2026-42144.patch
@@ -0,0 +1,12 @@
+diff -up krita-6.0.2.1/gmic-v3.7.4.1/src/CImg.h.me krita-6.0.2.1/gmic-v3.7.4.1/src/CImg.h
+--- krita-6.0.2.1/gmic-v3.7.4.1/src/CImg.h.me 2026-06-07 15:43:52.246693138 +0200
++++ krita-6.0.2.1/gmic-v3.7.4.1/src/CImg.h 2026-06-07 15:44:17.465262729 +0200
+@@ -57459,7 +57459,7 @@ namespace cimg_library {
+
+ if (filename) { // Check that dimensions specified in file does not exceed the buffer dimension
+ const cimg_int64 siz = cimg::fsize(filename);
+- if (W*H*D>siz)
++ if ((cimg_int64)W*H*D>siz)
+ throw CImgIOException(_cimg_instance
+ "load_pnm(): Specified image dimensions in file '%s' exceed file size.",
+ cimg_instance,
diff --git a/krita.spec b/krita.spec
index 0133e3e..461d2f2 100644
--- a/krita.spec
+++ b/krita.spec
@@ -7,8 +7,8 @@
%global gmic_version 3.7.4.1
Name: krita
-Version: 6.0.1
-Release: 7%{?dist}
+Version: 6.0.2.1
+Release: 1%{?dist}
Summary: Krita is a sketching and painting program
License: GPL-2.0-or-later
@@ -20,11 +20,12 @@ Source3: https://github.com/arximboldi/lager/archive/v%{lager_version}/la
Source4: https://github.com/vanyossi/gmic/releases/download/v%{gmic_version}/gmic-%{gmic_version}.tar.gz
## upstream patches
+Patch0: krita-gmic-CVE-2026-42144.patch
## downstream patches
#org.kde.krita.appdata.xml: failed to parse org.kde.krita.appdata.xml: Error on line 505 char 110: <caption> already set 'Atau' and tried to replace with ' yang aktif'
#org.kde.krita.appdata.xml: failed to parse org.kde.krita.appdata.xml: Error on line 514 char 120: <caption> already set 'xxOr the active' and tried to replace with 'xx'
-Patch: krita-6.0.0-appstream_validate.patch
+Patch: krita-6.0.2.1-appstream_validate.patch
Patch: krita-sip-abi-version.patch
# https://fedoraproject.org/wiki/Changes/EncourageI686LeafRemoval
@@ -233,6 +234,10 @@ desktop-file-validate %{buildroot}%{_kf6_datadir}/applications/org.kde.krita.des
%changelog
+* Wed Jun 17 2026 Than Ngo <than@redhat.com> - 6.0.2.1-1
+- Fix rhbz#2481429, Update to 6.0.2.1
+- Fix rhbz#2476570, CVE-2026-42144: integer overflow in PNM size check bypasses memory guard
+
* Fri Jun 05 2026 Python Maint <python-maint@redhat.com> - 6.0.1-7
- Rebuilt for Python 3.15
diff --git a/sources b/sources
index 1f16bd6..f7344a8 100644
--- a/sources
+++ b/sources
@@ -1,5 +1,5 @@
SHA512 (immer-0.9.1.tar.gz) = b001a23b503610ce989f68fee8136723b3b2cc788558a37a373aaa0347acf615a647b44759cda7f5ab4a6f9f15f46dcb9f22eac569310201d95161e8892e3619
SHA512 (zug-0.1.2.tar.gz) = ffe55f2c0f026da4c5384f4f2cc7fbd661f38d7dfc3ad50cccf8010f78df9c6a81a9bf4b157c5d85104dc9fcc13fb51fb2c93a86a7a6a7e0ae87d1f14b0d3155
SHA512 (gmic-3.7.4.1.tar.gz) = 16a4c171487a9295d18540b9b6d6291522d098696eaac373ca448040bfc5b04ff809fc1cc80216f8175eab2dd9b07eb25bb46be965ff77e5e32e34d8b2dfb4f8
-SHA512 (krita-6.0.1.tar.xz) = 2c00cb04675f8e936f300adbc121fe231edd64a2b1d5f9a16b4aa0fc60a54f4a7089ca332fb144426f9dea1d429b835f0cf1fa6e26c2f04fc6c73558a0eabad3
SHA512 (lager-0.1.3.tar.gz) = ac942a55c2cdc5cb8846534f772e13d9395d8762298978a0edfa84c6282fa83fa5105160ad65fff5170e6861568228ce9d20d1b44617b006ca3c4e57e1964d54
+SHA512 (krita-6.0.2.1.tar.xz) = ecdb1b0c95a74ebc20b0585ac65fd4a063a30f5f26eb3d6130422c91ed78f4a805ca06a08c400219fb16f86dca5ef0691418872f3d7833ab8f1ebc36c37bb2e1
reply other threads:[~2026-06-17 7:59 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178168314942.1.1113568902712328028.rpms-krita-ba7f42593533@fedoraproject.org \
--to=than@redhat.com \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox