pool/gimp
SHA256
19
0
Fork 4
Code Issues Pull Requests 1 Activity

Synch with factory #1

Manually merged
anag_factory merged 16 commits from mgorse/gimp:leap-16.1 into leap-16.1 2026-01-23 11:22:02 +01:00
Conversation 12 Commits 16 Files Changed 9 +569 -8
mgorse commented 2025-11-14 23:03:00 +01:00
Contributor
Copy Link

CVE fixes

CVE fixes
mgorse added 8 commits 2025-11-14 23:03:00 +01:00
Update the changelog to fillup the security fix history. (CVE-2025-2760, bsc#1241690) 215ad970f6 
OBS-URL: https://build.opensuse.org/package/show/graphics/gimp?expand=0&rev=93
Accepting request 1300479 from graphics 55775f7b05 
OBS-URL: https://build.opensuse.org/request/show/1300479
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gimp?expand=0&rev=155
- Add gimp-CVE-2025-10924.patch: Fix integer overflow while parsing e830296eae 
FF files. (CVE-2025-10924, bsc#1250499)

OBS-URL: https://build.opensuse.org/package/show/graphics/gimp?expand=0&rev=94
Accepting request 1307522 from home:qzhao:branches:graphics 4f27ad9d25 
1, Add gimp-CVE-2025-10925.patch: Fix GIMP ILBM file parsing stack-based buffer overflow remote code execution vulnerability. (CVE-2025-10925, ZDI-25-914, ZDI-CAN-27793, bsc#1250501); 2, Add gimp-CVE-2025-10922.patch: Fix GIMP DCM file parsing heap-based buffer overflow remote code execution vulnerability. (CVE-2025-10922, ZDI-25-911, ZDI-CAN-27863, bsc#1250497); 3, Add gimp-CVE-2025-10920.patch: Prevent overflow attack by checking if output >= max, not just output > max. (CVE-2025-10920, ZDI-25-909, ZDI-CAN-27684, bsc#1250495)

OBS-URL: https://build.opensuse.org/request/show/1307522
OBS-URL: https://build.opensuse.org/package/show/graphics/gimp?expand=0&rev=95
Accepting request 1307201 from graphics d9d6023463 
OBS-URL: https://build.opensuse.org/request/show/1307201
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gimp?expand=0&rev=156
Accepting request 1309048 from graphics 3bfee05c38 
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1309048
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gimp?expand=0&rev=157
- Update to 3.0.6 9f10d8d269 
OBS-URL: https://build.opensuse.org/package/show/graphics/gimp?expand=0&rev=96
Accepting request 1309404 from graphics 22c272bab6 
- Update to 3.0.6

OBS-URL: https://build.opensuse.org/request/show/1309404
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gimp?expand=0&rev=158
autogits_workflow_pr_bot requested review from legaldb 2025-11-14 23:03:15 +01:00
autogits_workflow_pr_bot requested review from packagehub-review 2025-11-14 23:03:16 +01:00
legaldb commented 2025-11-14 23:20:11 +01:00
Member
Copy Link

Legal reviewed as acceptable:

Accepted because previously reviewed under the same license (470261)
Legal reviewed as [acceptable](https://legaldb.suse.de/reviews/details/489403): ``` Accepted because previously reviewed under the same license (470261) ```
report.md
2.1 KiB
legaldb approved these changes 2025-11-14 23:20:11 +01:00
Dismissed
mgorse changed title from Synch with factory to WIP: Synch with factory 2025-11-17 16:24:29 +01:00
packagehub-review requested review from bigironman 2025-11-18 11:23:11 +01:00
packagehub-review requested review from lkocman-factory 2025-11-18 11:23:11 +01:00
packagehub-review requested review from maxlin_factory 2025-11-18 11:23:11 +01:00
packagehub-review requested review from smithfarm 2025-11-18 11:23:11 +01:00
packagehub-review commented 2025-11-18 11:23:12 +01:00
Member
Copy Link

Review by packagehub-review represents a group of reviewers: bigironman, lkocman-factory, maxlin_factory, smithfarm .

Do not use standard review interface to review on behalf of the group.
To accept the review on behalf of the group, create the following comment: @packagehub-review: approve.
To request changes on behalf of the group, create the following comment: @packagehub-review: decline followed with lines justifying the decision.
Future edits of the comments are ignored, a new comment is required to change the review state.

Review by packagehub-review represents a group of reviewers: bigironman, lkocman-factory, maxlin_factory, smithfarm . Do **not** use standard review interface to review on behalf of the group. To accept the review on behalf of the group, create the following comment: `@packagehub-review: approve`. To request changes on behalf of the group, create the following comment: `@packagehub-review: decline` followed with lines justifying the decision. Future edits of the comments are ignored, a new comment is required to change the review state.
mgorse added 6 commits 2026-01-13 03:40:27 +01:00
Update changelog to recored security fix ID in previous update (CVE-2025-10922, ZDI-CAN-27863, bsc#1250497). ce6e29626d 
OBS-URL: https://build.opensuse.org/package/show/graphics/gimp?expand=0&rev=97
Accepting request 1320136 from graphics 3324d5eeb5 
Update changelog to recored security fix ID in previous update (CVE-2025-10922, ZDI-CAN-27863, bsc#1250497). (forwarded request 1320107 from qzhao)

OBS-URL: https://build.opensuse.org/request/show/1320136
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gimp?expand=0&rev=159
- Relax the gtk3_version requirement so that Leap 16.0 can build 2749e8cf55 
OBS-URL: https://build.opensuse.org/package/show/graphics/gimp?expand=0&rev=98
Accepting request 1325440 from graphics e821964374 
OBS-URL: https://build.opensuse.org/request/show/1325440
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gimp?expand=0&rev=160
- Add gimp-CVE-2025-15059.patch: vulnerability in file-psp 47f3048964 
(CVE-2025-15059, ZDI-CAN-28232, bsc#1255766).

OBS-URL: https://build.opensuse.org/package/show/graphics/gimp?expand=0&rev=99
Accepting request 1325843 from graphics fa630de895 
OBS-URL: https://build.opensuse.org/request/show/1325843
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gimp?expand=0&rev=161
mgorse dismissed legaldb's review 2026-01-13 03:40:27 +01:00
Reason:

New commits pushed, approval review dismissed automatically according to repository settings

autogits_workflow_pr_bot requested review from legaldb 2026-01-13 03:41:00 +01:00
packagehub-review commented 2026-01-13 03:41:44 +01:00
Member
Copy Link

Review by packagehub-review represents a group of reviewers: bigironman, lkocman-factory, maxlin_factory, smithfarm .

Do not use standard review interface to review on behalf of the group.
To accept the review on behalf of the group, create the following comment: @packagehub-review: approve.
To request changes on behalf of the group, create the following comment: @packagehub-review: decline followed with lines justifying the decision.
Future edits of the comments are ignored, a new comment is required to change the review state.

Review by packagehub-review represents a group of reviewers: bigironman, lkocman-factory, maxlin_factory, smithfarm . Do **not** use standard review interface to review on behalf of the group. To accept the review on behalf of the group, create the following comment: `@packagehub-review: approve`. To request changes on behalf of the group, create the following comment: `@packagehub-review: decline` followed with lines justifying the decision. Future edits of the comments are ignored, a new comment is required to change the review state.
mgorse changed title from WIP: Synch with factory to Synch with factory 2026-01-13 03:44:12 +01:00
legaldb commented 2026-01-13 04:00:25 +01:00
Member
Copy Link

Legal reviewed as acceptable:

Accepted because of no significant difference (496445)
Legal reviewed as [acceptable](https://legaldb.suse.de/reviews/details/497350): ``` Accepted because of no significant difference (496445) ```
report.md
2.3 KiB
legaldb approved these changes 2026-01-13 04:00:26 +01:00
Dismissed
mgorse added 2 commits 2026-01-20 21:33:38 +01:00
- Add CVE fixes: 8a8cfef6d6 
+ gimp-CVE-2025-14422.patch (bsc#1255293 CVE-2025-14422)
  + gimp-CVE-2025-14423.patch (bsc#1255294 CVE-2025-14423)
  + gimp-CVE-2025-14424.patch (bsc#1255295 CVE-2025-14424)
  + gimp-CVE-2025-14425.patch (bsc#1255296 CVE-2025-14425)

OBS-URL: https://build.opensuse.org/package/show/graphics/gimp?expand=0&rev=100
Accepting request 1327775 from graphics 539373922d 
OBS-URL: https://build.opensuse.org/request/show/1327775
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gimp?expand=0&rev=162
mgorse dismissed legaldb's review 2026-01-20 21:33:38 +01:00
Reason:

New commits pushed, approval review dismissed automatically according to repository settings

autogits_workflow_pr_bot requested review from legaldb 2026-01-20 21:34:10 +01:00
packagehub-review commented 2026-01-20 21:40:43 +01:00
Member
Copy Link

Review by packagehub-review represents a group of reviewers: bigironman, lkocman-factory, maxlin_factory, smithfarm .

Do not use standard review interface to review on behalf of the group.
To accept the review on behalf of the group, create the following comment: @packagehub-review: approve.
To request changes on behalf of the group, create the following comment: @packagehub-review: decline followed with lines justifying the decision.
Future edits of the comments are ignored, a new comment is required to change the review state.

Review by packagehub-review represents a group of reviewers: bigironman, lkocman-factory, maxlin_factory, smithfarm . Do **not** use standard review interface to review on behalf of the group. To accept the review on behalf of the group, create the following comment: `@packagehub-review: approve`. To request changes on behalf of the group, create the following comment: `@packagehub-review: decline` followed with lines justifying the decision. Future edits of the comments are ignored, a new comment is required to change the review state.
legaldb commented 2026-01-20 21:49:07 +01:00
Member
Copy Link

Legal reviewed as acceptable:

Accepted because of no significant difference (498294)
Legal reviewed as [acceptable](https://legaldb.suse.de/reviews/details/498847): ``` Accepted because of no significant difference (498294) ```
report.md
2.3 KiB
legaldb approved these changes 2026-01-20 21:49:08 +01:00
maxlin_factory commented 2026-01-23 11:11:26 +01:00
Member
Copy Link

@packagehub-review: approve

@packagehub-review: approve
packagehub-review approved these changes 2026-01-23 11:17:36 +01:00
packagehub-review left a comment
Member
Copy Link

maxlin_factory approved a review on behalf of packagehub-review

maxlin_factory approved a review on behalf of packagehub-review
packagehub-review removed review request for bigironman 2026-01-23 11:17:37 +01:00
packagehub-review removed review request for lkocman-factory 2026-01-23 11:17:37 +01:00
packagehub-review removed review request for maxlin_factory 2026-01-23 11:17:37 +01:00
packagehub-review removed review request for smithfarm 2026-01-23 11:17:37 +01:00
anag_factory manually merged commit 539373922d into leap-16.1 2026-01-23 11:22:02 +01:00
autogits_workflow_pr_bot commented 2026-01-23 11:22:25 +01:00
Member
Copy Link

This PR is merged via the associated Project PR.

This PR is merged via the associated Project PR.
Sign in to join this conversation.
Reviewers
No Reviewers
legaldb
packagehub-review
Labels
Clear labels
legaldb
Critical Priority
Critical legaldb priority
Archived
legaldb
High Priority
2
High legaldb priority
legaldb
Normal Priority
1
Normal legaldb priority
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
adamm_super adrianSuSE autobuild-owner autobuild-review autogits_workflow_pr_bot bigironman dirkmueller eroca factory_bot gitea_test legaldb lkocman-factory maxlin_factory opensuse-review packagehub-review smithfarm
No Assignees
5 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: pool/gimp#1
Delete Branch "mgorse/gimp:leap-16.1"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?