gimp: patch CVE-2025-2761

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2761

Pick the patch from the relevant upstream bug[1].

[1]: https://gitlab.gnome.org/GNOME/gimp/-/issues/13073

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>

meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-2761.patch

@@ -0,0 +1,34 @@
+From 658a8a07b831b82bd9e9592c18f21e4d4d7392af Mon Sep 17 00:00:00 2001
+From: Alx Sa <cmyk.student@gmail.com>
+Date: Mon, 10 Mar 2025 04:07:44 +0000
+Subject: [PATCH] plug-ins: Fix ZDI-CAN-25100 for FLI plug-in
+
+Resolves #13073
+This patch adds a check to make sure we're not
+writing beyond the bounds of the "pos" array.
+This is the same check that we do earlier when
+writing pos[xc++], but it was left off of the last
+write command. Since "n" will be 0 if we get to the
+end of the array, it prevents us from writing beyond
+that.
+
+CVE: CVE-2025-2761
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gimp/-/commit/0806bc76ca74543d20e1307ccf6aebd26395c56c]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ plug-ins/file-fli/fli.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/plug-ins/file-fli/fli.c b/plug-ins/file-fli/fli.c
+index c2e28e4..209b5ec 100644
+--- a/plug-ins/file-fli/fli.c
++++ b/plug-ins/file-fli/fli.c
+@@ -1026,7 +1026,7 @@ fli_read_lc_2 (FILE          *f,
+               xc += len << 1;
+             }
+         }
+-      if (lpf)
++      if (lpf && xc < n)
+         pos[xc] = lpn;
+       yc++;
+     }

meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb

@@ -53,6 +53,7 @@ SRC_URI = "https://download.gimp.org/pub/${BPN}/v${SHPV}/${BP}.tar.bz2 \
            file://CVE-2025-15059.patch \
            file://CVE-2025-2760-1.patch \
            file://CVE-2025-2760-2.patch \
+           file://CVE-2025-2761.patch \
            "
 SRC_URI[sha256sum] = "50a845eec11c8831fe8661707950f5b8446e35f30edfb9acf98f85c1133f856e"