Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gimp for openSUSE:Factory checked in at 2025-10-08 18:12:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gimp (Old) and /work/SRC/openSUSE:Factory/.gimp.new.11973 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gimp" Wed Oct 8 18:12:31 2025 rev:158 rq:1309404 version:3.0.6 Changes: -------- --- /work/SRC/openSUSE:Factory/gimp/gimp.changes 2025-10-06 18:07:01.688508212 +0200 +++ /work/SRC/openSUSE:Factory/.gimp.new.11973/gimp.changes 2025-10-08 18:12:46.410008044 +0200 @@ -1,0 +2,187 @@ +Tue Oct 7 01:06:50 UTC 2025 - Marcus Rueckert <[email protected]> + +- switch from pkgconfig(appstream-glib) to pkgconfig(appstream) + +------------------------------------------------------------------- +Tue Oct 7 00:56:55 UTC 2025 - Marcus Rueckert <[email protected]> + +- Update to 3.0.6 + - Security: + - During development, we received reports from the Zero Day + Initiative of potential security issues with some of our file + import plug-ins. While these issues are very unlikely to + occur with real files, developers like Jacob Boerema and Alx + Sa proactively improved security for those imports. + The resolved reports are: + - ZDI-CAN-27793 + - ZDI-CAN-27823 + - ZDI-CAN-27836 + - ZDI-CAN-27878 + - ZDI-CAN-27863 + - ZDI-CAN-27684 + - Core: + - Many false-positive build warnings have been cleaned out (and + proper issues fixed). + - Various crashes fixed. + - When creating a layer mask from the layer's alpha, but the + layer has no alpha, simply fill the mask with complete + opacity instead of a completely transparent layer. + - Various core infrastructure code reviewed, cleaned up, + refactored and improved, in drawable, layer and filter + handling code, tree view code, and more. + - GIMP_ICONS_LIKE_A_BOSS environment variable is not working + anymore (because "gtk-menu-images" and "gtk-button-images" + have been deprecated in GTK3 and removed in GTK4) and was + therefore removed. + - Lock Content now shows as an undo step. + - Add alpha channel for certain transforms. + - Add alpha channel on filter merge, when necessary. + - Filters can now be applied non-destructively on channels. + - Improved Photoshop brush support. + - After deleting a palette entry, the next entry is + automatically selected. This allows easily deleting several + entries in a row, among other usage. + - Resize image to layers irrespective to selections. + - Improved in-GUI release notes' demo script language: + - We can now set a button value to click it: "toolbox:text, + tool-options:outline=1, tool-options:outline-direction" + - Color selector's module names can be used as identifiers: + "color-editor,color-editor:CMYK=1,color-editor:total-ink-coverage" + - Fixed Alpha to Selection on single layers with no + transparency. + - Various code is slowly ported to newer code, preparing for + GTK4 port (in an unplanned future step): + - Using g_set_str() (optionally redefining it in our core + code to avoid bumping the GLib minimum requirement). + - Start using GListModel in various pieces of code, in + particular getting rid of more and more usage of + GtkTreeView when possible (as it will be deprecated with + GTK4). + - New GimpRow class for all future row widgets. + - Use more of G_DECLARE_DERIVABLE_TYPE and + G_DECLARE_FINAL_TYPE where relevant. + - New GimpContainerListView using a GtkListBox. + - New GimpRowSeparator, GimpRowSettings, GimpRowFilter and + GimpRowDrawableFilter widgets. + - (Experimental) GEX Format was updated. + - Palette import: + - Set alpha value for image palette imports. + - Fix Lab & CMYK ACB palette import. + - Add palette format filters to import dialog, making it more + apparent what palette formats are supported, and giving the + ability to hide irrelevant files. + - Improved filter actions' sensitivity to make sure they are + set insensitive when relevant. In particular filters which + cannot be run non-destructively (e.g. filters with aux + inputs, non-interactive filters and GEGL Graph) must be + insensitive when trying to run them on group layers. + - Fix bad axis centering on zoom out. + - Export better SVG when exporting paths. + - Tools: + - Text tool: make sure the default color is only changed when + the user confirms the color change. + - Foreground Selection tool: do not create a selection when no + strokes has been made. In particular this removes the + unnecessary delay which happened when switching to another + tool without actually stroking anything. + - All Transform tools: transform boundaries for preview is now + multi-layers aware. + - (Experimental) Seamless Clone tool: made to work again, + though it is still too slow to get out of Playground. + - Graphical User Interface: + - Various improvements to window management: + - Keep-Above windows are set with the Utility hint. + - Utility windows are not made transient to a parent. + - Transient factory dialogs follow the active display, + ensuring that new image windows would not hide your toolbox + and dock windows. + - Various CSS improvements for styling of the interface. Some + theme leaks were also fixed. + - New toggle button in Brushes and Fonts dockable, allowing + brush and font previews to optionally follow the color theme. + For instance, when using a dark theme, the brush and font + previews could be drawn on the theme background, using the + theme foreground colors. By default, these data previews are + still drawn as black on white. + - Palette grid is now drawn with the theme's background color. + - Consistent naming patterns on human-facing options (first + word only capitalized). + - About dialog: + - We will now display the date and time of the last check in + a "Up to date as of <date> at <time>" string, differing + from the "Last checked on <date> at <time>" string. The + former will be used to indicate that GIMP is indeed + up-to-date whereas the latter when a new version was + released and that you should update. + - We now respect the system time/date format on macOS and + Windows. + - The search popup won't pop up without an image. + - Better zoom step algorithm for data previews in container + popup (e.g. the brush popup in paint Tool Options). + - Disable animation in the Input Controller, Preferences and + Welcome dialogs for stack transition when animation are + disabled in system settings. + - Fixed crosshair hotspot on Windows (crosshair cursor for + brushes was offset with a non-100% display scale factor). + - Debug/CRITICAL dialog: + - Make sure it is non-modal. + - Follow the theme mode under Windows. + - While loading images, all widgets in the file dialog are made + insensitive, except for the Cancel button and the progress + bar. + - Both grid and list views can now zoom via scroll and zoom + gestures (it used to only work in list views). + - Pop an error message up on startup when GIO modules to read + HTTPS links are not found and that we therefore fail to load + the remote gimp_versions.json file. With the AppImage package + in particular, we depend on an environment daemon which + cannot be shipped in the package. So the next best thing is + to warn people and tell them what they should install to get + version checks. + - Welcome dialog: + - The "Community Tutorials" link is now shown after the + "Documentation" link. + - The "Learn more" link in Release Notes tab leads to the + actual release news for this version. + - Plug-ins: + - PDF export: do not draw disabled layer masks. + - Jigsaw: the plug-in can now draw on transparent layers. + - Various file format fixes and improvements: JPEG 2000 import, + TIFF import, DDS import, SVG import, PSP import, FITS export, + ICNS import, Dicom import, WBMP import, Farbfeld import, XWD + import, ILBM import. + - Sphere Designer: use spin scale instead of spin entries (the + latter is unusable with little horizontal space). + - Animation Play: frames are shown again in the playback + progress bar. + - Vala Goat Exercise: ignoring C warning in this Vala plug-in + as it is generated code and we cannot control it. + - file-gih: brush pipe selection modes now have nice, + translatable names. + - Metadata viewer: port from GtkTreeView to GtkListBox. + - File Raw Data: reduce Raw Data load dialogue height by moving + to a 2-column layout. + - SVG import: it is now possible to break aspect ratio with + specific width/height arguments, when calling the PDB + procedure non-interactively (from other plug-ins). + - Print: when run through a portal print dialog, the "Image + Settings" will be exposed as a secondary dialog, outputted + after the portal dialog, instead of a tab on the main print + dialog (because it is not possible to tweak the print dialog + when it is created by a portal). This will bring back usable + workflow of printing with GIMP when run in a sandbox (e.g. + Flatpak or Snap). + - Recompose: fixed for YCbCr decomposed images. + - Fixed vulnerabilities: ZDI-CAN-27684, ZDI-CAN-27863, + ZDI-CAN-27878, ZDI-CAN-27836, ZDI-CAN-27823, ZDI-CAN-27793. + - C Source and HTML export can now be run non-interactively too + (e.g. from other plug-ins). + - Map Object: fix missing spin boxes. + - Small Tiles: fix display lag. +- drop patches included in release: + gimp-CVE-2025-10920.patch + gimp-CVE-2025-10922.patch + gimp-CVE-2025-10924.patch + gimp-CVE-2025-10925.patch + +------------------------------------------------------------------- Old: ---- gimp-3.0.4.tar.xz gimp-CVE-2025-10920.patch gimp-CVE-2025-10922.patch gimp-CVE-2025-10924.patch gimp-CVE-2025-10925.patch New: ---- gimp-3.0.6.tar.xz ----------(Old B)---------- Old:- drop patches included in release: gimp-CVE-2025-10920.patch gimp-CVE-2025-10922.patch Old: gimp-CVE-2025-10920.patch gimp-CVE-2025-10922.patch gimp-CVE-2025-10924.patch Old: gimp-CVE-2025-10922.patch gimp-CVE-2025-10924.patch gimp-CVE-2025-10925.patch Old: gimp-CVE-2025-10924.patch gimp-CVE-2025-10925.patch ----------(Old E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gimp.spec ++++++ --- /var/tmp/diff_new_pack.clS6MP/_old 2025-10-08 18:12:47.254043273 +0200 +++ /var/tmp/diff_new_pack.clS6MP/_new 2025-10-08 18:12:47.258043440 +0200 @@ -35,7 +35,7 @@ %bcond_with debug_in_build_gimp %define alsa_version 1.0.0 -%define appstream_glib_version 0.7.7 +%define appstream_version 0.16.1 %define atk_version 2.4.0 %define babl_version 0.1.114 %define cairo_version 1.14.0 @@ -49,7 +49,7 @@ %define gegl_version 0.4.62 %define gexiv2_version 0.14.0 %define glib_version 2.70.0 -%define gtk3_version 3.24.48 +%define gtk3_version 3.24.51 %define gudev_version 167 %define harfbuzz_version 2.8.2 %define lcms2_version 2.8 @@ -85,7 +85,7 @@ %define pkg_name gimp Name: gimp -Version: 3.0.4 +Version: 3.0.6 Release: 0 %global pkg_version %{version} Summary: The GNU Image Manipulation Program @@ -100,14 +100,6 @@ Patch1: gimp-2.99.19-cm-system-monitor-profile-by-default.patch Patch2: gimp-2.99.19-external-help-browser.patch Patch3: gimp-2.99.19-no-phone-home-default.patch -# PATCH-FIX-UPSTREAM gimp-CVE-2025-10924.patch CVE-2025-10924 bsc#1250499 [email protected] -- Fix integer overflow while parsing FF files -Patch4: gimp-CVE-2025-10924.patch -# PATCH-FIX-UPSTREAM gimp-CVE-2025-10920.patch CVE-2025-10920 ZDI-25-909 ZDI-CAN-27684 bsc#1250495 [email protected] -- Prevent overflow attack by checking if output >= max, not just output > max. -Patch5: gimp-CVE-2025-10920.patch -# PATCH-FIX-UPSTREAM gimp-CVE-2025-10922.patch CVE-2025-10922 ZDI-25-911 ZDI-CAN-27863 bsc#1250497 [email protected] -- Fix GIMP DCM file parsing heap-based buffer overflow remote code execution vulnerability. -Patch6: gimp-CVE-2025-10922.patch -# PATCH-FIX-UPSTREAM gimp-CVE-2025-10925.patch CVE-2025-10925 ZDI-25-914 ZDI-CAN-27793 bsc#1250501 [email protected] -- Fix GIMP ILBM file parsing stack-based buffer overflow remote code execution vulnerability. -Patch7: gimp-CVE-2025-10925.patch %if %{with debug_in_build_gimp} BuildRequires: gdb %endif @@ -154,7 +146,7 @@ BuildRequires: pkgconfig(libjxl) >= %{libjxl_version} BuildRequires: pkgconfig(OpenEXR) >= %{OpenEXR_version} BuildRequires: pkgconfig(alsa) >= %{alsa_version} -BuildRequires: pkgconfig(appstream-glib) >= %{appstream_glib_version} +BuildRequires: pkgconfig(appstream) >= %{appstream_version} BuildRequires: pkgconfig(atk) >= %{atk_version} BuildRequires: pkgconfig(babl-0.1) >= %{babl_version} BuildRequires: pkgconfig(bzip2) @@ -508,7 +500,7 @@ %if %{with python_plugin} %files plugin-python3 -f plugins-python.list -%{_libdir}/gimp/3.0/environ/python.env +#{_libdir}/gimp/3.0/environ/python.env %endif %files vala ++++++ gimp-3.0.4.tar.xz -> gimp-3.0.6.tar.xz ++++++ /work/SRC/openSUSE:Factory/gimp/gimp-3.0.4.tar.xz /work/SRC/openSUSE:Factory/.gimp.new.11973/gimp-3.0.6.tar.xz differ: char 25, line 1
