[rpms/krita] epel10: - Fix rhbz#2481429, Update to 6.0.2.1

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

From: Than Ngo <than@redhat.com>
To: git-commits@fedoraproject.org
Subject: [rpms/krita] epel10:  - Fix rhbz#2481429, Update to 6.0.2.1
Date: Wed, 17 Jun 2026 09:19:00 GMT	[thread overview]
Message-ID: <178168794024.1.8834236169913585594.rpms-krita-c9eb0994add4@fedoraproject.org> (raw)

           A new commit has been pushed.

           Repo   : rpms/krita
           Branch : epel10
           Commit : c9eb0994add49ab6fd5a347c6ca2178d89376abd
           Author : Than Ngo <than@redhat.com>
           Date   : 2026-06-17T11:18:29+02:00
           Stats  : +65/-34 in 6 file(s)
           URL    : https://src.fedoraproject.org/rpms/krita/c/c9eb0994add49ab6fd5a347c6ca2178d89376abd?branch=epel10

           Log:
           - Fix rhbz#2481429, Update to 6.0.2.1

- Fix rhbz#2476573, CVE-2026-42144 krita: integer overflow in PNM size check bypasses memory guard

---
diff --git a/krita-6.0.0-appstream_validate.patch b/krita-6.0.0-appstream_validate.patch
deleted file mode 100644
index 654d668..0000000
--- a/krita-6.0.0-appstream_validate.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-diff -up a/krita/org.kde.krita.appdata.xml.me b/krita/org.kde.krita.appdata.xml
---- a/krita/org.kde.krita.appdata.xml	2024-12-11 12:32:50.719229357 +0100
-+++ b/krita/org.kde.krita.appdata.xml	2024-12-11 12:32:59.470425237 +0100
-@@ -590,21 +590,21 @@
-       <caption xml:lang="en-GB">Or the active <a href="https://krita-artists.org">Krita Artists community</a></caption>
-       <caption xml:lang="eo">Aŭ la aktiva <a href="https://krita-artists.org">Komunumo de Krita-Artistoj</a></caption>
-       <caption xml:lang="es">O al activo <a href="https://krita-artists.org">La comunidad de artistas de Krita</a></caption>
--      <caption xml:lang="eu">Edo <a href="https://krita-artists.org">Krita Artisten komunitatea</a> aktiboa</caption>
-+      <caption xml:lang="eu">Edo <a href="https://krita-artists.org">Krita Artisten komunitatea aktiboa</a></caption>
-       <caption xml:lang="fi">Tai aktiivinen <a href="https://krita-artists.org">Krita-taiteilijayhteisö</a></caption>
-       <caption xml:lang="fr">Ou l'active <a href="https://krita-artists.org">La communauté d'artistes de Krita</a></caption>
--      <caption xml:lang="gl">Ou á activa <a href="https://krita-artists.org">comunidade de artistas de KDE</a>.</caption>
--      <caption xml:lang="he">או ה־<a href="https://krita-artists.org">קהילת האומנים של Krita</a> הפעיל</caption>
-+      <caption xml:lang="gl">Ou á activa <a href="https://krita-artists.org">comunidade de artistas de KDE.</a></caption>
-+      <caption xml:lang="he">או ה־<a href="https://krita-artists.org">קהילת האומנים של Krita הפעיל</a></caption>
-       <caption xml:lang="hi">या सक्रिय <a href="https://krita-artists.org">क्रिता कलाकार समुदाय</a></caption>
--      <caption xml:lang="hu">vagy az aktív <a href="https://krita-artists.org">A Krita Művészek közössége</a> oldalunkhoz</caption>
--      <caption xml:lang="id">Atau <a href="https://krita-artists.org">Komunitas Pelukis Krita</a> yang aktif</caption>
-+      <caption xml:lang="hu">vagy az aktív <a href="https://krita-artists.org">A Krita Művészek közössége oldalunkhoz</a></caption>
-+      <caption xml:lang="id">yang aktif <a href="https://krita-artists.org">Komunitas Pelukis Krita yang aktif</a></caption>
-       <caption xml:lang="it">O l'attiva <a href="https://krita-artists.org">Comunità degli Artisti di Krita</a></caption>
-       <caption xml:lang="ja">または、活発な <a href="https://krita-artists.org">Krita アーティストコミュニティー</a></caption>
-       <caption xml:lang="ka">ან აქტიური <a href="https://krita-artists.org">Krita -ის ხელვნების საზოგადოება</a></caption>
-       <caption xml:lang="nl">Of het actieve <a href="https://krita-artists.org">Krita-artiestengemeenschap</a></caption>
-       <caption xml:lang="nn">Eller det populære <a href="https://krita-artists.org">forumet for Krita-kunstnarar</a></caption>
-       <caption xml:lang="pl">Lub aktywny <a href="https://krita-artists.org">Społeczność artystów Krity</a></caption>
--      <caption xml:lang="pt">Ou o <a href="https://krita-artists.org">Comunidade de Artistas do Krita</a> activo</caption>
-+      <caption xml:lang="pt">Ou o activo <a href="https://krita-artists.org">Comunidade de Artistas do Krita</a></caption>
-       <caption xml:lang="pt-BR">Ou o ativo <a href="https://krita-artists.org">Comunidade de artistas do Krita</a></caption>
-       <caption xml:lang="ru">Или активный <a href="https://krita-artists.org">Сообщество художников Krita</a></caption>
-       <caption xml:lang="sl">Ali aktivni <a href="https://krita-artists.org">Skupnost ustvarjalce Krita Artists</a></caption>

diff --git a/krita-6.0.2.1-appstream_validate.patch b/krita-6.0.2.1-appstream_validate.patch
new file mode 100644
index 0000000..ee16483
--- /dev/null
+++ b/krita-6.0.2.1-appstream_validate.patch
@@ -0,0 +1,33 @@
+diff -up krita-6.0.2.1/krita/org.kde.krita.appdata.xml.me krita-6.0.2.1/krita/org.kde.krita.appdata.xml
+--- krita-6.0.2.1/krita/org.kde.krita.appdata.xml.me	2026-06-07 11:20:03.378116164 +0200
++++ krita-6.0.2.1/krita/org.kde.krita.appdata.xml	2026-06-07 11:25:58.833558620 +0200
+@@ -600,22 +600,22 @@
+       <caption xml:lang="en-GB">Or the active <a href="https://krita-artists.org">Krita Artists community</a></caption>
+       <caption xml:lang="eo">Aŭ la aktiva <a href="https://krita-artists.org">Komunumo de Krita-Artistoj</a></caption>
+       <caption xml:lang="es">O al activo <a href="https://krita-artists.org">La comunidad de artistas de Krita</a></caption>
+-      <caption xml:lang="eu">Edo <a href="https://krita-artists.org">Krita Artisten komunitatea</a> aktiboa</caption>
++      <caption xml:lang="eu">Edo <a href="https://krita-artists.org">Krita Artisten komunitatea aktiboa</a></caption>
+       <caption xml:lang="fi">Tai aktiivinen <a href="https://krita-artists.org">Krita-taiteilijayhteisö</a></caption>
+       <caption xml:lang="fr">Ou l'active <a href="https://krita-artists.org">La communauté d'artistes de Krita</a></caption>
+-      <caption xml:lang="ga">Nó an <a href="https://krita-artists.org">Pobal Ealaíontóirí Krita</a> gníomhach</caption>
+-      <caption xml:lang="gl">Ou á activa <a href="https://krita-artists.org">comunidade de artistas de KDE</a>.</caption>
+-      <caption xml:lang="he">או ה־<a href="https://krita-artists.org">קהילת האומנים של Krita</a> הפעיל</caption>
++      <caption xml:lang="ga">Nó an <a href="https://krita-artists.org">Pobal Ealaíontóirí Krita gníomhach</a></caption>
++      <caption xml:lang="gl">Ou á activa <a href="https://krita-artists.org">comunidade de artistas de KDE</a></caption>
++      <caption xml:lang="he">או ה־<a href="https://krita-artists.org">קהילת האומנים של Krita הפעיל</a></caption>
+       <caption xml:lang="hi">या सक्रिय <a href="https://krita-artists.org">क्रिता कलाकार समुदाय</a></caption>
+-      <caption xml:lang="hu">vagy az aktív <a href="https://krita-artists.org">A Krita Művészek közössége</a> oldalunkhoz</caption>
+-      <caption xml:lang="id">Atau <a href="https://krita-artists.org">Komunitas Pelukis Krita</a> yang aktif</caption>
++      <caption xml:lang="hu">vagy az aktív <a href="https://krita-artists.org">A Krita Művészek közössége oldalunkhoz</a></caption>
++      <caption xml:lang="id">Atau <a href="https://krita-artists.org">Komunitas Pelukis Krita yang aktif</a></caption>
+       <caption xml:lang="it">O l'attiva <a href="https://krita-artists.org">Comunità degli Artisti di Krita</a></caption>
+       <caption xml:lang="ja">または、活発な <a href="https://krita-artists.org">Krita アーティストコミュニティー</a></caption>
+       <caption xml:lang="ka">ან აქტიური <a href="https://krita-artists.org">Krita -ის ხელვნების საზოგადოება</a></caption>
+       <caption xml:lang="nl">Of het actieve <a href="https://krita-artists.org">Krita-artiestengemeenschap</a></caption>
+       <caption xml:lang="nn">Eller det populære <a href="https://krita-artists.org">forumet for Krita-kunstnarar</a></caption>
+       <caption xml:lang="pl">Lub aktywny <a href="https://krita-artists.org">Społeczność artystów Krity</a></caption>
+-      <caption xml:lang="pt">Ou o <a href="https://krita-artists.org">Comunidade de Artistas do Krita</a> activo</caption>
++      <caption xml:lang="pt">Ou o <a href="https://krita-artists.org">Comunidade de Artistas do Krita activo</a></caption>
+       <caption xml:lang="pt-BR">Ou o ativo <a href="https://krita-artists.org">Comunidade de artistas do Krita</a></caption>
+       <caption xml:lang="ru">Или активный <a href="https://krita-artists.org">Сообщество художников Krita</a></caption>
+       <caption xml:lang="sk">Or the active <a href="https://krita-artists.org">Krita Artists community</a></caption>

diff --git a/krita-gmic-CVE-2026-42144.patch b/krita-gmic-CVE-2026-42144.patch
new file mode 100644
index 0000000..40b7f3c
--- /dev/null
+++ b/krita-gmic-CVE-2026-42144.patch
@@ -0,0 +1,12 @@
+diff -up krita-6.0.2.1/gmic-v3.7.4.1/src/CImg.h.me krita-6.0.2.1/gmic-v3.7.4.1/src/CImg.h
+--- krita-6.0.2.1/gmic-v3.7.4.1/src/CImg.h.me	2026-06-07 15:43:52.246693138 +0200
++++ krita-6.0.2.1/gmic-v3.7.4.1/src/CImg.h	2026-06-07 15:44:17.465262729 +0200
+@@ -57459,7 +57459,7 @@ namespace cimg_library {
+ 
+       if (filename) { // Check that dimensions specified in file does not exceed the buffer dimension
+         const cimg_int64 siz = cimg::fsize(filename);
+-        if (W*H*D>siz)
++        if ((cimg_int64)W*H*D>siz)
+           throw CImgIOException(_cimg_instance
+                                 "load_pnm(): Specified image dimensions in file '%s' exceed file size.",
+                                 cimg_instance,

diff --git a/krita-sip-abi-version.patch b/krita-sip-abi-version.patch
new file mode 100644
index 0000000..da8bd77
--- /dev/null
+++ b/krita-sip-abi-version.patch
@@ -0,0 +1,11 @@
+--- a/cmake/modules/SIPMacros.cmake
++++ b/cmake/modules/SIPMacros.cmake
+@@ -152,7 +152,7 @@
+         endif()
+
+         if (QT_MAJOR_VERSION STREQUAL "6")
+-            set(abi_version "13.0")
++            set(abi_version "13.8")
+             set(sip_disabled_features "[\"Krita_Qt5\"]")
+         else()
+             set(abi_version "12.8")

diff --git a/krita.spec b/krita.spec
index ec595aa..f271ede 100644
--- a/krita.spec
+++ b/krita.spec
@@ -7,7 +7,7 @@
 %global gmic_version 3.7.4.1
 
 Name:           krita
-Version:        6.0.1
+Version:        6.0.2.1
 Release:        1%{?dist}
 
 Summary:        Krita is a sketching and painting program
@@ -20,11 +20,13 @@ Source3:        https://github.com/arximboldi/lager/archive/v%{lager_version}/la
 Source4:        https://github.com/vanyossi/gmic/releases/download/v%{gmic_version}/gmic-%{gmic_version}.tar.gz
 
 ## upstream patches
+Patch: krita-gmic-CVE-2026-42144.patch
 
 ## downstream patches
 #org.kde.krita.appdata.xml: failed to parse org.kde.krita.appdata.xml: Error on line 505 char 110: <caption> already set 'Atau' and tried to replace with ' yang aktif'
 #org.kde.krita.appdata.xml: failed to parse org.kde.krita.appdata.xml: Error on line 514 char 120: <caption> already set 'xxOr the active' and tried to replace with 'xx'
-Patch: krita-6.0.0-appstream_validate.patch
+Patch: krita-6.0.2.1-appstream_validate.patch
+Patch: krita-sip-abi-version.patch
 
 # https://fedoraproject.org/wiki/Changes/EncourageI686LeafRemoval
 ExcludeArch:    %{ix86}
@@ -232,6 +234,10 @@ desktop-file-validate %{buildroot}%{_kf6_datadir}/applications/org.kde.krita.des
 
 
 %changelog
+* Wed Jun 17 2026 Than Ngo <than@redhat.com> - 6.0.2.1-1
+- Fix rhbz#2481429, Update to 6.0.2.1
+- Fix rhbz#2476573, CVE-2026-42144 krita: integer overflow in PNM size check bypasses memory guard 
+
 * Mon Mar 30 2026 Than Ngo <than@redhat.com> - 6.0.1-1
 - Update krita to 6.0.1 and lager to 0.1.3
 

diff --git a/sources b/sources
index 1f16bd6..f7344a8 100644
--- a/sources
+++ b/sources
@@ -1,5 +1,5 @@
 SHA512 (immer-0.9.1.tar.gz) = b001a23b503610ce989f68fee8136723b3b2cc788558a37a373aaa0347acf615a647b44759cda7f5ab4a6f9f15f46dcb9f22eac569310201d95161e8892e3619
 SHA512 (zug-0.1.2.tar.gz) = ffe55f2c0f026da4c5384f4f2cc7fbd661f38d7dfc3ad50cccf8010f78df9c6a81a9bf4b157c5d85104dc9fcc13fb51fb2c93a86a7a6a7e0ae87d1f14b0d3155
 SHA512 (gmic-3.7.4.1.tar.gz) = 16a4c171487a9295d18540b9b6d6291522d098696eaac373ca448040bfc5b04ff809fc1cc80216f8175eab2dd9b07eb25bb46be965ff77e5e32e34d8b2dfb4f8
-SHA512 (krita-6.0.1.tar.xz) = 2c00cb04675f8e936f300adbc121fe231edd64a2b1d5f9a16b4aa0fc60a54f4a7089ca332fb144426f9dea1d429b835f0cf1fa6e26c2f04fc6c73558a0eabad3
 SHA512 (lager-0.1.3.tar.gz) = ac942a55c2cdc5cb8846534f772e13d9395d8762298978a0edfa84c6282fa83fa5105160ad65fff5170e6861568228ce9d20d1b44617b006ca3c4e57e1964d54
+SHA512 (krita-6.0.2.1.tar.xz) = ecdb1b0c95a74ebc20b0585ac65fd4a063a30f5f26eb3d6130422c91ed78f4a805ca06a08c400219fb16f86dca5ef0691418872f3d7833ab8f1ebc36c37bb2e1

                 reply	other threads:[~2026-06-17  9:19 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=178168794024.1.8834236169913585594.rpms-krita-c9eb0994add4@fedoraproject.org \
    --to=than@redhat.com \
    --cc=git-commits@fedoraproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox