pool/gimp
SHA256
19
0
Fork 2
Code Issues Pull Requests 2 Activity

WIP: Synch with factory #1

Draft
mgorse wants to merge 8 commits from mgorse/gimp:leap-16.1 into leap-16.1
pull from: mgorse/gimp:leap-16.1
merge into: pool:leap-16.1
Conversation 3 Commits 8 Files Changed 4 +231 -8
4 changed files with 231 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
gimp-3.0.4.tar.xz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8caa2ec275bf09326575654ac276afc083f8491e7cca45d19cf29e696aecab25
size 27060240

3
gimp-3.0.6.tar.xz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:246c225383c72ef9f0dc7703b7d707084bbf177bd2900e94ce466a62862e296b
size 27197880

223
gimp.changes
View File

@@ -1,3 +1,220 @@
-------------------------------------------------------------------
Tue Oct 7 01:06:50 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- switch from pkgconfig(appstream-glib) to pkgconfig(appstream)
-------------------------------------------------------------------
Tue Oct 7 00:56:55 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Update to 3.0.6
- Security:
- During development, we received reports from the Zero Day
Initiative of potential security issues with some of our file
import plug-ins. While these issues are very unlikely to
occur with real files, developers like Jacob Boerema and Alx
Sa proactively improved security for those imports.
The resolved reports are:
- ZDI-CAN-27793
- ZDI-CAN-27823
- ZDI-CAN-27836
- ZDI-CAN-27878
- ZDI-CAN-27863
- ZDI-CAN-27684
- Core:
- Many false-positive build warnings have been cleaned out (and
proper issues fixed).
- Various crashes fixed.
- When creating a layer mask from the layer's alpha, but the
layer has no alpha, simply fill the mask with complete
opacity instead of a completely transparent layer.
- Various core infrastructure code reviewed, cleaned up,
refactored and improved, in drawable, layer and filter
handling code, tree view code, and more.
- GIMP_ICONS_LIKE_A_BOSS environment variable is not working
anymore (because "gtk-menu-images" and "gtk-button-images"
have been deprecated in GTK3 and removed in GTK4) and was
therefore removed.
- Lock Content now shows as an undo step.
- Add alpha channel for certain transforms.
- Add alpha channel on filter merge, when necessary.
- Filters can now be applied non-destructively on channels.
- Improved Photoshop brush support.
- After deleting a palette entry, the next entry is
automatically selected. This allows easily deleting several
entries in a row, among other usage.
- Resize image to layers irrespective to selections.
- Improved in-GUI release notes' demo script language:
- We can now set a button value to click it: "toolbox:text,
tool-options:outline=1, tool-options:outline-direction"
- Color selector's module names can be used as identifiers:
"color-editor,color-editor:CMYK=1,color-editor:total-ink-coverage"
- Fixed Alpha to Selection on single layers with no
transparency.
- Various code is slowly ported to newer code, preparing for
GTK4 port (in an unplanned future step):
- Using g_set_str() (optionally redefining it in our core
code to avoid bumping the GLib minimum requirement).
- Start using GListModel in various pieces of code, in
particular getting rid of more and more usage of
GtkTreeView when possible (as it will be deprecated with
GTK4).
- New GimpRow class for all future row widgets.
- Use more of G_DECLARE_DERIVABLE_TYPE and
G_DECLARE_FINAL_TYPE where relevant.
- New GimpContainerListView using a GtkListBox.
- New GimpRowSeparator, GimpRowSettings, GimpRowFilter and
GimpRowDrawableFilter widgets.
- (Experimental) GEX Format was updated.
- Palette import:
- Set alpha value for image palette imports.
- Fix Lab & CMYK ACB palette import.
- Add palette format filters to import dialog, making it more
apparent what palette formats are supported, and giving the
ability to hide irrelevant files.
- Improved filter actions' sensitivity to make sure they are
set insensitive when relevant. In particular filters which
cannot be run non-destructively (e.g. filters with aux
inputs, non-interactive filters and GEGL Graph) must be
insensitive when trying to run them on group layers.
- Fix bad axis centering on zoom out.
- Export better SVG when exporting paths.
- Tools:
- Text tool: make sure the default color is only changed when
the user confirms the color change.
- Foreground Selection tool: do not create a selection when no
strokes has been made. In particular this removes the
unnecessary delay which happened when switching to another
tool without actually stroking anything.
- All Transform tools: transform boundaries for preview is now
multi-layers aware.
- (Experimental) Seamless Clone tool: made to work again,
though it is still too slow to get out of Playground.
- Graphical User Interface:
- Various improvements to window management:
- Keep-Above windows are set with the Utility hint.
- Utility windows are not made transient to a parent.
- Transient factory dialogs follow the active display,
ensuring that new image windows would not hide your toolbox
and dock windows.
- Various CSS improvements for styling of the interface. Some
theme leaks were also fixed.
- New toggle button in Brushes and Fonts dockable, allowing
brush and font previews to optionally follow the color theme.
For instance, when using a dark theme, the brush and font
previews could be drawn on the theme background, using the
theme foreground colors. By default, these data previews are
still drawn as black on white.
- Palette grid is now drawn with the theme's background color.
- Consistent naming patterns on human-facing options (first
word only capitalized).
- About dialog:
- We will now display the date and time of the last check in
a "Up to date as of <date> at <time>" string, differing
from the "Last checked on <date> at <time>" string. The
former will be used to indicate that GIMP is indeed
up-to-date whereas the latter when a new version was
released and that you should update.
- We now respect the system time/date format on macOS and
Windows.
- The search popup won't pop up without an image.
- Better zoom step algorithm for data previews in container
popup (e.g. the brush popup in paint Tool Options).
- Disable animation in the Input Controller, Preferences and
Welcome dialogs for stack transition when animation are
disabled in system settings.
- Fixed crosshair hotspot on Windows (crosshair cursor for
brushes was offset with a non-100% display scale factor).
- Debug/CRITICAL dialog:
- Make sure it is non-modal.
- Follow the theme mode under Windows.
- While loading images, all widgets in the file dialog are made
insensitive, except for the Cancel button and the progress
bar.
- Both grid and list views can now zoom via scroll and zoom
gestures (it used to only work in list views).
- Pop an error message up on startup when GIO modules to read
HTTPS links are not found and that we therefore fail to load
the remote gimp_versions.json file. With the AppImage package
in particular, we depend on an environment daemon which
cannot be shipped in the package. So the next best thing is
to warn people and tell them what they should install to get
version checks.
- Welcome dialog:
- The "Community Tutorials" link is now shown after the
"Documentation" link.
- The "Learn more" link in Release Notes tab leads to the
actual release news for this version.
- Plug-ins:
- PDF export: do not draw disabled layer masks.
- Jigsaw: the plug-in can now draw on transparent layers.
- Various file format fixes and improvements: JPEG 2000 import,
TIFF import, DDS import, SVG import, PSP import, FITS export,
ICNS import, Dicom import, WBMP import, Farbfeld import, XWD
import, ILBM import.
- Sphere Designer: use spin scale instead of spin entries (the
latter is unusable with little horizontal space).
- Animation Play: frames are shown again in the playback
progress bar.
- Vala Goat Exercise: ignoring C warning in this Vala plug-in
as it is generated code and we cannot control it.
- file-gih: brush pipe selection modes now have nice,
translatable names.
- Metadata viewer: port from GtkTreeView to GtkListBox.
- File Raw Data: reduce Raw Data load dialogue height by moving
to a 2-column layout.
- SVG import: it is now possible to break aspect ratio with
specific width/height arguments, when calling the PDB
procedure non-interactively (from other plug-ins).
- Print: when run through a portal print dialog, the "Image
Settings" will be exposed as a secondary dialog, outputted
after the portal dialog, instead of a tab on the main print
dialog (because it is not possible to tweak the print dialog
when it is created by a portal). This will bring back usable
workflow of printing with GIMP when run in a sandbox (e.g.
Flatpak or Snap).
- Recompose: fixed for YCbCr decomposed images.
- Fixed vulnerabilities: ZDI-CAN-27684, ZDI-CAN-27863,
ZDI-CAN-27878, ZDI-CAN-27836, ZDI-CAN-27823, ZDI-CAN-27793.
- C Source and HTML export can now be run non-interactively too
(e.g. from other plug-ins).
- Map Object: fix missing spin boxes.
- Small Tiles: fix display lag.
- drop patches included in release:
gimp-CVE-2025-10920.patch
gimp-CVE-2025-10922.patch
gimp-CVE-2025-10924.patch
gimp-CVE-2025-10925.patch
-------------------------------------------------------------------
Sat Sep 27 05:21:18 UTC 2025 - Cliff Zhao <qzhao@suse.com>
- Add gimp-CVE-2025-10925.patch:
Fix GIMP ILBM file parsing stack-based buffer overflow remote code
execution vulnerability.
(CVE-2025-10925, ZDI-25-914, ZDI-CAN-27793, bsc#1250501)
-------------------------------------------------------------------
Sat Sep 27 03:12:55 UTC 2025 - Cliff Zhao <qzhao@suse.com>
- Add gimp-CVE-2025-10922.patch:
Fix GIMP DCM file parsing heap-based buffer overflow remote code
execution vulnerability.
(CVE-2025-10922, ZDI-25-911, ZDI-CAN-27863, bsc#1250497)
-------------------------------------------------------------------
Sat Sep 27 02:46:19 UTC 2025 - Cliff Zhao <qzhao@suse.com>
- Add gimp-CVE-2025-10920.patch:
Prevent overflow attack by checking if output >= max, not just
output > max.
(CVE-2025-10920, ZDI-25-909, ZDI-CAN-27684, bsc#1250495)
-------------------------------------------------------------------
Thu Sep 25 10:29:33 UTC 2025 - Alynx Zhou <alynx.zhou@suse.com>
- Add gimp-CVE-2025-10924.patch: Fix integer overflow while parsing
FF files. (CVE-2025-10924, bsc#1250499)
-------------------------------------------------------------------
Mon May 19 06:52:00 UTC 2025 - Paolo Stivanin <info@paolostivanin.com>
@@ -105,6 +322,12 @@ Mon Feb 10 16:35:33 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- drop upstream patches:
33ab56f55406cc3cbe3cc7c0627340da1c1f2d6a.patch
gdb.patch
- A vulnerability allows remote attackers to execute arbitrary
code on affected installations of GIMP. The specific flaw exists
within parsing of XWD files. An integer overflow happens before
allocating a buffer. This fixed in GIMP 3.0.0.
https://www.gimp.org/news/2025/03/16/gimp-3-0-released
(CVE-2025-2760, bsc#1241690)
-------------------------------------------------------------------
Wed Feb 5 08:39:04 UTC 2025 - Bjørn Lie <bjorn.lie@gmail.com>

10
gimp.spec
View File

@@ -35,7 +35,7 @@
%bcond_with debug_in_build_gimp
%define alsa_version 1.0.0
%define appstream_glib_version 0.7.7
%define appstream_version 0.16.1
%define atk_version 2.4.0
%define babl_version 0.1.114
%define cairo_version 1.14.0
@@ -49,7 +49,7 @@
%define gegl_version 0.4.62
%define gexiv2_version 0.14.0
%define glib_version 2.70.0
%define gtk3_version 3.24.48
%define gtk3_version 3.24.51
%define gudev_version 167
%define harfbuzz_version 2.8.2
%define lcms2_version 2.8
@@ -85,7 +85,7 @@
%define pkg_name gimp
Name: gimp
Version: 3.0.4
Version: 3.0.6
Release: 0
%global pkg_version %{version}
Summary: The GNU Image Manipulation Program
@@ -146,7 +146,7 @@ BuildRequires: pkgconfig(cfitsio)
BuildRequires: pkgconfig(libjxl) >= %{libjxl_version}
BuildRequires: pkgconfig(OpenEXR) >= %{OpenEXR_version}
BuildRequires: pkgconfig(alsa) >= %{alsa_version}
BuildRequires: pkgconfig(appstream-glib) >= %{appstream_glib_version}
BuildRequires: pkgconfig(appstream) >= %{appstream_version}
BuildRequires: pkgconfig(atk) >= %{atk_version}
BuildRequires: pkgconfig(babl-0.1) >= %{babl_version}
BuildRequires: pkgconfig(bzip2)
@@ -500,7 +500,7 @@ install -m 644 -c macros.gimp \
%if %{with python_plugin}
%files plugin-python3 -f plugins-python.list
%{_libdir}/gimp/3.0/environ/python.env
#{_libdir}/gimp/3.0/environ/python.env
%endif
%files vala