From e669a65e9832cbb3ca7c49e3776752f85047a15784b2c1bcccf231fd34606fe0 Mon Sep 17 00:00:00 2001
From: Robert Frohl <rfrohl@noreply.src.opensuse.org>
Date: Tue, 3 Feb 2026 13:04:17 +0100
Subject: [PATCH] Update submodules from pool/gimp#6 and create
 patchinfo.20260203102131310899.93181000773252/_patchinfo

---
 gimp                                          |   2 +-
 .../_patchinfo                                | 117 ++++++++++++++++++
 2 files changed, 118 insertions(+), 1 deletion(-)
 create mode 100644 patchinfo.20260203102131310899.93181000773252/_patchinfo

diff --git a/gimp b/gimp
index 5393739..d7bae19 160000
--- a/gimp
+++ b/gimp
@@ -1 +1 @@
-Subproject commit 539373922daa71662b16777ee4d099782ada2761529bfb6ad6b88d66b9a7a9ad
+Subproject commit d7bae19de05557a72782941663569b6eb24cc8a746ae635eaeeb928e16dcd1c8
diff --git a/patchinfo.20260203102131310899.93181000773252/_patchinfo b/patchinfo.20260203102131310899.93181000773252/_patchinfo
new file mode 100644
index 0000000..478df52
--- /dev/null
+++ b/patchinfo.20260203102131310899.93181000773252/_patchinfo
@@ -0,0 +1,117 @@
+<patchinfo>
+  <issue tracker="cve" id="2025-15059"/>
+  <issue tracker="cve" id="2025-14422"/>
+  <issue tracker="cve" id="2025-14424"/>
+  <issue tracker="bnc" id="1255766">VUL-0: CVE-2025-15059: gimp: GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability</issue>
+  <issue tracker="bnc" id="1255294">VUL-0: CVE-2025-14423: gimp: LBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability</issue>
+  <issue tracker="cve" id="2025-14425"/>
+  <issue tracker="cve" id="2025-14423"/>
+  <issue tracker="bnc" id="1255293">VUL-0: CVE-2025-14422: gimp: PNM File Parsing Integer Overflow Remote Code Execution Vulnerability</issue>
+  <issue tracker="bnc" id="1255295">VUL-0: CVE-2025-14424: gimp: XCF File Parsing Use-After-Free Remote Code Execution Vulnerability</issue>
+  <issue tracker="bnc" id="1255296">VUL-0: CVE-2025-14425: gimp: JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability</issue>
+  <packager>mgorse</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for gimp</summary>
+  <description>This update for gimp fixes the following issues:
+
+Changes in gimp:
+
+- Update to 3.0.8
+  - Font Loading Performance
+    - Improvements in start-up time for users with a large number
+      of fonts was backported from our 3.2 RC2 release. As a
+      result, we now wait to load images until fonts are
+      initialized - this prevents some occasional odd displays and
+      other issues when an XCF file tried to access a partially
+      loaded font.
+  - Assorted updates and fixes
+    - Daniel Plakhotich helped us identify an issue when exporting
+      a lossless WEBP image could be affected by lossy settings
+      (such as Quality being less than 100%). We’ve updated our
+      WEBP plug-in to prevent this from happening.
+    - Thanks to Jehan‘s efforts, the standard gimp-3.0 executable
+      can now be run with a --no-interface flag instead of
+      requiring users to call gimp-console-3.0 even on devices with
+      no display. The --show-debug-menu flag is now visible as
+      well.
+    - programmer_ceds improved our flatpak by adding safe guards to
+      show the correct configuration directory regardless of
+      whether XDG_CONFIG_HOME is defined on the user’s system. This
+      should make it much easier for flatpak users to install and
+      use third party plug-ins.
+    - We fixed a rare but possible crash when using the Equalize
+      filter on images with NaN values. Images that contain these
+      are usually created from scientific or mapping data, so
+      you’re unlikely to come across them in standard editing.
+    - Jeremy Bicha fixed an internal issue where the wrong version
+      number could be used when installing minor releases (such as
+      the 3.2 release candidates and upcoming 3.2 stable release).
+    - As noted in our 3.2RC2 news post, we have updated our SVG
+      import code to improve the rendered path.
+    - Further improvements have been made to our non-destructive
+      filter code to improve stability, especially when copying and
+      pasting layers and images with filters attached to them. Some
+      issues related to applying NDE filters on Quick Masks have
+      also been corrected.
+    - An unintended Search pop-up that appeared when typing while
+      the Channels dockable was selected has been turned off.
+    - When saving XCFs for GIMP 2.10 compatibility, we
+      unintentionally saved Grid color using the new color format.
+      This caused errors when reopening the XCF in 2.10. This
+      problem has now been fixed! If you encounter any other XCF
+      incompatibility, please let us know.
+  - Themes and UX
+    - The Navigation and Selection Editor dockables no longer show
+      a large bright texture when no image is actively selected.
+      This was especially noticeable on dark themes.
+    - When a layer has no active filters, the Fx column had the
+      same “checkbox” outline when hovered over as the lock column.
+      This led to confusion about clicking it to add filters. We
+      have removed the outline on hover as a small step to help
+      address this.
+    - Ondřej Míchal fixed alignment and cut-off issues with the
+      buttons on our Transform tool overlays. All buttons should
+      now be properly centered and visible.
+    - The options for filling layers with colors when resizing the
+      canvas will be turned off when not relevant (such as when you
+      set layers to not be resized).
+    - More GUI elements such as dialog header icons will now
+      respond to your icon size preferences.
+    - Ondřej Míchal has continued his work to update our UI with
+      the more usable Spin Scale widget. He has also updated the
+      widget itself to improve how it works for users and
+      developers alike.
+  - Security fixes
+    - Jacob Boerema and Gabriele Barbero continued to patch
+      potential security issues related to some of our file format
+      plug-ins. In addition to existing fixes mentioned in the
+      release candidate news posts, the following exploits are now
+      prevented: ZDI-CAN-28232 ZDI-CAN-28265 ZDI-CAN-28530
+      ZDI-CAN-28591 ZDI-CAN-28599
+    - Another potential issue related to ICO files with incorrect
+      metadata was reported by Dhiraj. It does not have a CVE
+      number yet, but it has been fixed for GIMP 3.0.8. Jacob
+      Boerema also fixed a potential issue with loading Creator
+      blocks in Paintshop Pro PSP images.
+  - API
+    - For plug-in and script developers, a few new public APIs were
+      backported to GIMP 3.0.8. gimp_cairo_surface_get_buffer ()
+      allows you to retrieve a GEGL buffer from a Cairo surface
+      (such as a text layer). Note that this deprecates
+      gimp_cairo_surface_create_buffer ().
+    - gimp_config_set_xcf_version () and
+      gimp_config_get_xcf_version () can be used to specify a
+      particular XCF version for a configuration. This will allow
+      you to have that data serialized/deserialized for certain
+      versions of GIMP if there were differences (such as the Grid
+      colors mentioned above).
+    - Fixes were made for retrieving image metadata via scripting.
+      GimpMetadata is now a visible child of GExiv2Metadata, so you
+      can use standard gexiv2 functions to retrieve information
+      from it.
+    - Original thumbnail metadata is also now removed on export to
+      prevent potential issues when exporting into a new format.
+</description>
+  <package>gimp</package>
+</patchinfo>
-- 
2.51.1