GIMP issueshttps://gitlab.gnome.org/GNOME/gimp/-/issues2021-10-21T12:06:11Zhttps://gitlab.gnome.org/GNOME/gimp/-/issues/3996Coverity scan support2021-10-21T12:06:11ZGhost UserCoverity scan supportMany big projects use some Coverity scan tools. I think coverity.com is free for open source project and so many big projects use it.
Would you mind adding a Coverity scan to GIMP?
https://scan.coverity.com/projects/linux
https://sca...Many big projects use some Coverity scan tools. I think coverity.com is free for open source project and so many big projects use it.
Would you mind adding a Coverity scan to GIMP?
https://scan.coverity.com/projects/linux
https://scan.coverity.com/projects/freebsd
https://scan.coverity.com/projects/libreoffice
I think it might highlight some random crashes as well as other defects.https://gitlab.gnome.org/GNOME/gimp/-/issues/6347GPG signatures for source validation2022-04-12T15:32:07ZNicoGPG signatures for source validationAs we all know, today more than ever before, it is crucial to be able to trust our computing environments. One of the main difficulties that package maintainers of GNU/Linux distributions face, is the difficulty to verify the authenticit...As we all know, today more than ever before, it is crucial to be able to trust our computing environments. One of the main difficulties that package maintainers of GNU/Linux distributions face, is the difficulty to verify the authenticity and the integrity of the source code. With GPG signatures it is possible for packagers to verify source code releases quickly and easily.
In order to securely package your software I am kindly requesting GPG signatures for the source tarballs. If you are not yet familiar with secure source code signing I suggest using [GPGit](https://github.com/NicoHood/gpgit) which automates the process of secure source code signing and also has a quick start guide on GPG for learning how to use it manually.
Thanks in advance.Futurehttps://gitlab.gnome.org/GNOME/gimp/-/issues/8789GIMP couldn't open the PNG with large XMP metadata2024-02-12T16:08:57ZSenlinOSGIMP couldn't open the PNG with large XMP metadataGIMP 2.99.12 (flatpak) / All GIMP
I got a PNG picture and GIMP couldn't open it.
<br />Terminal: libpng error: iTXt: chunk data is too large
Firefox browser can view it.
<br />I specially downloaded Krita, and Krita can open it.
Sampl...GIMP 2.99.12 (flatpak) / All GIMP
I got a PNG picture and GIMP couldn't open it.
<br />Terminal: libpng error: iTXt: chunk data is too large
Firefox browser can view it.
<br />I specially downloaded Krita, and Krita can open it.
Sample download: https://gitlab.com/senlinos/my-lfs/-/raw/main/ChunkDataLargePNG.7zhttps://gitlab.gnome.org/GNOME/gimp/-/issues/10377OpenSSL 3.1.4.0 vulnerability detection Microsoft Defender GIMP 2.10.362024-03-12T12:36:47ZRobert ReadmanOpenSSL 3.1.4.0 vulnerability detection Microsoft Defender GIMP 2.10.36### Environment/Versions
- GIMP version: GIMP 2.10.36
- Package: gimp-2.10.36-setup.exe
- Operating System: Windows 10 Pro x64 64-bit winver 19045.3693
### Description of the bug
Microsoft Defender detects Openssl 3.1.4.0 vulnerable f...### Environment/Versions
- GIMP version: GIMP 2.10.36
- Package: gimp-2.10.36-setup.exe
- Operating System: Windows 10 Pro x64 64-bit winver 19045.3693
### Description of the bug
Microsoft Defender detects Openssl 3.1.4.0 vulnerable for CVE-2023-5678 CVSS3.7 CVSS Version 3.
The files detected are the following four.
c:\program files\gimp 2\bin\libcrypto-3-x64.dll
c:\program files\gimp 2\bin\libssl-3-x64.dll
c:\program files\gimp 2\32\bin\libcrypto-3.dll
c:\program files\gimp 2\32\bin\libssl-3.dll
Reproduction steps:
Checking the files, they are in fact 3.1.4.0
CVE-2023-5678 Vulnerable versions
Openssl versions 3.1.0 (including) up to 3.1.5 (excluding)
Expected result:
version 3.1.5
See https://www.openssl.org/news/vulnerabilities.html
Fixed in OpenSSL 3.1.5 (git commit) (Affected since 3.1.0)
Gitcommit
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6
Action Result:
version 3.1.4 detected. upgrade .dll's to 3.1.52.10.38