Add uzdoom

PR: products/PackageHub!338

.gitmodules

@@ -26242,3 +26242,7 @@
 	path = openQA-devel-container
 	url =  ../../pool/openQA-devel-container
 	branch = leap-16.0
+[submodule "uzdoom"]
+	path = uzdoom
+	url = ../../pool/uzdoom
+	branch = leap-16.0

patchinfo.20251117131718442159.187004354831441/_patchinfo

@@ -0,0 +1,236 @@
+<patchinfo incident="packagehub-81">
+  <issue tracker="bnc" id="1250499">VUL-0: CVE-2025-10924: gimp: GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability</issue>
+  <issue tracker="bnc" id="1250497">VUL-0: CVE-2025-10922: gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability</issue>
+  <issue tracker="cve" id="2025-10922">VUL-0: CVE-2025-10922: gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability</issue>
+  <issue tracker="cve" id="2025-2760">VUL-0: CVE-2025-2760: gimp: integer overflow may lead to remote code execution</issue>
+  <issue tracker="bnc" id="1250501">VUL-0: CVE-2025-10925: gimp: GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability</issue>
+  <issue tracker="bnc" id="1241690">VUL-0: CVE-2025-2760: gimp: integer overflow may lead to remote code execution</issue>
+  <issue tracker="bnc" id="1250495">VUL-0: CVE-2025-10920: gimp: GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability</issue>
+  <issue tracker="cve" id="2025-10920">VUL-0: CVE-2025-10920: gimp: GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability</issue>
+  <issue tracker="cve" id="2025-10924">VUL-0: CVE-2025-10924: gimp: GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability</issue>
+  <issue tracker="cve" id="2025-10925">VUL-0: CVE-2025-10925: gimp: GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability</issue>
+  <packager>mgorse</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for gimp</summary>
+  <description>This update for gimp fixes the following issues:
+
+Changes in gimp:
+
+Update to 3.0.6:
+
+  - Security:
+
+    - During development, we received reports from the Zero Day
+      Initiative of potential security issues with some of our file
+      import plug-ins. While these issues are very unlikely to
+      occur with real files, developers like Jacob Boerema and Alx
+      Sa proactively improved security for those imports.
+      The resolved reports are:
+      - ZDI-CAN-27793
+      - ZDI-CAN-27823
+      - ZDI-CAN-27836
+      - ZDI-CAN-27878
+      - ZDI-CAN-27863
+      - ZDI-CAN-27684
+
+  - Core:
+
+    - Many false-positive build warnings have been cleaned out (and
+      proper issues fixed).
+    - Various crashes fixed.
+    - When creating a layer mask from the layer's alpha, but the
+      layer has no alpha, simply fill the mask with complete
+      opacity instead of a completely transparent layer.
+    - Various core infrastructure code reviewed, cleaned up,
+      refactored and improved, in drawable, layer and filter
+      handling code, tree view code, and more.
+    - GIMP_ICONS_LIKE_A_BOSS environment variable is not working
+      anymore (because "gtk-menu-images" and "gtk-button-images"
+      have been deprecated in GTK3 and removed in GTK4) and was
+      therefore removed.
+    - Lock Content now shows as an undo step.
+    - Add alpha channel for certain transforms.
+    - Add alpha channel on filter merge, when necessary.
+    - Filters can now be applied non-destructively on channels.
+    - Improved Photoshop brush support.
+    - After deleting a palette entry, the next entry is
+      automatically selected. This allows easily deleting several
+      entries in a row, among other usage.
+    - Resize image to layers irrespective to selections.
+    - Improved in-GUI release notes' demo script language:
+
+      - We can now set a button value to click it: "toolbox:text,
+        tool-options:outline=1, tool-options:outline-direction"
+      - Color selector's module names can be used as identifiers:
+        "color-editor,color-editor:CMYK=1,color-editor:total-ink-coverage"
+
+    - Fixed Alpha to Selection on single layers with no
+      transparency.
+    - Various code is slowly ported to newer code, preparing for
+      GTK4 port (in an unplanned future step):
+
+      - Using g_set_str() (optionally redefining it in our core
+        code to avoid bumping the GLib minimum requirement).
+      - Start using GListModel in various pieces of code, in
+        particular getting rid of more and more usage of
+        GtkTreeView when possible (as it will be deprecated with
+        GTK4).
+      - New GimpRow class for all future row widgets.
+      - Use more of G_DECLARE_DERIVABLE_TYPE and
+        G_DECLARE_FINAL_TYPE where relevant.
+      - New GimpContainerListView using a GtkListBox.
+      - New GimpRowSeparator, GimpRowSettings, GimpRowFilter and
+        GimpRowDrawableFilter widgets.
+
+    - (Experimental) GEX Format was updated.
+    - Palette import:
+
+      - Set alpha value for image palette imports.
+      - Fix Lab &amp; CMYK ACB palette import.
+      - Add palette format filters to import dialog, making it more
+        apparent what palette formats are supported, and giving the
+        ability to hide irrelevant files.
+
+    - Improved filter actions' sensitivity to make sure they are
+      set insensitive when relevant. In particular filters which
+      cannot be run non-destructively (e.g. filters with aux
+      inputs, non-interactive filters and GEGL Graph) must be
+      insensitive when trying to run them on group layers.
+    - Fix bad axis centering on zoom out.
+    - Export better SVG when exporting paths.
+
+  - Tools:
+
+    - Text tool: make sure the default color is only changed when
+      the user confirms the color change.
+    - Foreground Selection tool: do not create a selection when no
+      strokes has been made. In particular this removes the
+      unnecessary delay which happened when switching to another
+      tool without actually stroking anything.
+    - All Transform tools: transform boundaries for preview is now
+      multi-layers aware.
+    - (Experimental) Seamless Clone tool: made to work again,
+      though it is still too slow to get out of Playground.
+
+  - Graphical User Interface:
+
+    - Various improvements to window management:
+
+      - Keep-Above windows are set with the Utility hint.
+      - Utility windows are not made transient to a parent.
+      - Transient factory dialogs follow the active display,
+        ensuring that new image windows would not hide your toolbox
+        and dock windows.
+
+    - Various CSS improvements for styling of the interface. Some
+      theme leaks were also fixed.
+    - New toggle button in Brushes and Fonts dockable, allowing
+      brush and font previews to optionally follow the color theme.
+      For instance, when using a dark theme, the brush and font
+      previews could be drawn on the theme background, using the
+      theme foreground colors. By default, these data previews are
+      still drawn as black on white.
+    - Palette grid is now drawn with the theme's background color.
+    - Consistent naming patterns on human-facing options (first
+      word only capitalized).
+    - About dialog:
+
+      - We will now display the date and time of the last check in
+        a "Up to date as of &lt;date&gt; at &lt;time&gt;" string, differing
+        from the "Last checked on &lt;date&gt; at &lt;time&gt;" string. The
+        former will be used to indicate that GIMP is indeed
+        up-to-date whereas the latter when a new version was
+        released and that you should update.
+      - We now respect the system time/date format on macOS and
+        Windows.
+
+    - The search popup won't pop up without an image.
+    - Better zoom step algorithm for data previews in container
+      popup (e.g. the brush popup in paint Tool Options).
+    - Disable animation in the Input Controller, Preferences and
+      Welcome dialogs for stack transition when animation are
+      disabled in system settings.
+    - Fixed crosshair hotspot on Windows (crosshair cursor for
+      brushes was offset with a non-100% display scale factor).
+    - Debug/CRITICAL dialog:
+
+      - Make sure it is non-modal.
+      - Follow the theme mode under Windows.
+
+    - While loading images, all widgets in the file dialog are made
+      insensitive, except for the Cancel button and the progress
+      bar.
+    - Both grid and list views can now zoom via scroll and zoom
+      gestures (it used to only work in list views).
+    - Pop an error message up on startup when GIO modules to read
+      HTTPS links are not found and that we therefore fail to load
+      the remote gimp_versions.json file. With the AppImage package
+      in particular, we depend on an environment daemon which
+      cannot be shipped in the package. So the next best thing is
+      to warn people and tell them what they should install to get
+      version checks.
+    - Welcome dialog:
+
+      - The "Community Tutorials" link is now shown after the
+        "Documentation" link.
+      - The "Learn more" link in Release Notes tab leads to the
+        actual release news for this version.
+
+  - Plug-ins:
+
+    - PDF export: do not draw disabled layer masks.
+    - Jigsaw: the plug-in can now draw on transparent layers.
+    - Various file format fixes and improvements: JPEG 2000 import,
+      TIFF import, DDS import, SVG import, PSP import, FITS export,
+      ICNS import, Dicom import, WBMP import, Farbfeld import, XWD
+      import, ILBM import.
+    - Sphere Designer: use spin scale instead of spin entries (the
+      latter is unusable with little horizontal space).
+    - Animation Play: frames are shown again in the playback
+      progress bar.
+    - Vala Goat Exercise: ignoring C warning in this Vala plug-in
+      as it is generated code and we cannot control it.
+    - file-gih: brush pipe selection modes now have nice,
+      translatable names.
+    - Metadata viewer: port from GtkTreeView to GtkListBox.
+    - File Raw Data: reduce Raw Data load dialogue height by moving
+      to a 2-column layout.
+    - SVG import: it is now possible to break aspect ratio with
+      specific width/height arguments, when calling the PDB
+      procedure non-interactively (from other plug-ins).
+    - Print: when run through a portal print dialog, the "Image
+      Settings" will be exposed as a secondary dialog, outputted
+      after the portal dialog, instead of a tab on the main print
+      dialog (because it is not possible to tweak the print dialog
+      when it is created by a portal). This will bring back usable
+      workflow of printing with GIMP when run in a sandbox (e.g.
+      Flatpak or Snap).
+    - Recompose: fixed for YCbCr decomposed images.
+    - Fixed vulnerabilities: ZDI-CAN-27684, ZDI-CAN-27863,
+      ZDI-CAN-27878, ZDI-CAN-27836, ZDI-CAN-27823, ZDI-CAN-27793.
+    - C Source and HTML export can now be run non-interactively too
+      (e.g. from other plug-ins).
+    - Map Object: fix missing spin boxes.
+    - Small Tiles: fix display lag.
+
+- CVE-2025-10925: Fix GIMP ILBM file parsing stack-based buffer overflow remote code
+  execution vulnerability. (ZDI-25-914, ZDI-CAN-27793, bsc#1250501)
+
+- CVE-2025-10922: Fix GIMP DCM file parsing heap-based buffer overflow remote code
+  execution vulnerability.  (ZDI-25-911, ZDI-CAN-27863, bsc#1250497)
+
+- CVE-2025-10920: Prevent overflow attack by checking if output &gt;= max, not just
+  output &gt; max. (ZDI-25-909, ZDI-CAN-27684, bsc#1250495)
+
+- CVE-2025-10924: Fix integer overflow while parsing FF files. (bsc#1250499)
+
+- CVE-2025-2760: A vulnerability allows remote attackers to execute arbitrary
+  code on affected installations of GIMP. The specific flaw exists
+  within parsing of XWD files. An integer overflow happens before
+  allocating a buffer. This fixed in GIMP 3.0.0.
+  https://www.gimp.org/news/2025/03/16/gimp-3-0-released
+  (bsc#1241690)
+</description>
+  <package>gimp</package>
+</patchinfo>

patchinfo.20260106152825813077.93181000773252/_patchinfo

@@ -0,0 +1,12 @@
+<patchinfo incident="packagehub-85">
+  <issue tracker="bnc" id="1254975">niri doesn't set the right portal notification proxy</issue>
+  <packager>mantarimay</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for niri</summary>
+  <description>This update for niri fixes the following issues:
+
+- Fixed portal notification proxy (boo#1254975)
+</description>
+  <package>niri</package>
+</patchinfo>

patchinfo.20260115101101937926.93181000773252/_patchinfo

@@ -0,0 +1,22 @@
+<patchinfo incident="packagehub-83">
+  <issue tracker="jsc" id="PED-1942">feature request for adding ipvlan support to wicked for SLES15</issue>
+  <packager>cfconrad</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for wicked</summary>
+  <description>This update for wicked fixes the following issues:
+
+Changes in wicked:
+
+- Update to version 0.6.78
+  - man: small fixes in wireless manpage (gh#opensuse/wicked#1053)
+  - rtnetlink: fix RTM_NEWLINK name resolution in debug (gh#opensuse/wicked#1052)
+  - Add support for IPVLAN/IPVTAP (jsc#PED-1942, gh#opensuse/wicked#1050, gh#opensuse/wicked#1051)
+  - fsm: remove children reference array from worker (gh#opensuse/wicked#1049)
+  - ifxml: migrate and generate lower configs/policies (gh#opensuse/wicked#1048)
+  - fsm: use refcount and array macros in worker and policy (gh#opensuse/wicked#1047)
+  - route: use refcounted array and fix error leaks (gh#opensuse/wicked#1046)
+  - utils: add support for refcounted objects in generic array (gh#openSUSE/wicked#1045)
+</description>
+  <package>wicked</package>
+</patchinfo>

patchinfo.20260116150132416590.93181000773252/_patchinfo

@@ -1,4 +1,4 @@
-<patchinfo>
+<patchinfo incident="packagehub-82">
   <issue tracker="cve" id="2025-58190"/>
   <issue tracker="bnc" id="1241814">VUL-0: CVE-2025-22872: go-sendxmpp: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction</issue>
   <issue tracker="cve" id="2025-22872">VUL-0: CVE-2025-22872: TRACKERBUG: golang.org/x/net/html: tags incorrectly interpreted by tokenizer can lead to content being placed in the wrong scope during</issue>
@@ -92,4 +92,4 @@ Changes in go-sendxmpp:
 </description>
   <package>go-sendxmpp</package>
   <seperate_build_arch/>
-</patchinfo>
+</patchinfo>

patchinfo.20260119100234029640.93181000773252/_patchinfo

@@ -0,0 +1,13 @@
+<patchinfo incident="packagehub-84">
+  <issue tracker="cve" id="2025-63757"/>
+  <issue tracker="bnc" id="1255392">VUL-0: CVE-2025-63757: ffmpeg,ffmpeg-4: ffmpeg: accumulation of filtered pixel values can lead to an integer overflow</issue>
+  <packager>jonathankang</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for ffmpeg-4</summary>
+  <description>This update for ffmpeg-4 fixes the following issues:
+
+- CVE-2025-63757: Fixed swscale/output: Fix integer overflow in yuv2ya16_X_c_template() (bsc#1255392).
+</description>
+  <package>ffmpeg-4</package>
+</patchinfo>

patchinfo.20260120143234408409.93181000773252/_patchinfo

@@ -0,0 +1,15 @@
+<patchinfo incident="packagehub-86">
+  <issue tracker="cve" id="2025-68616">VUL-0: CVE-2025-68616: python-weasyprint: server-side request forgery (SSRF) protection bypass via HTTP redirects allows access to internal network resources</issue>
+  <issue tracker="bnc" id="1256936">VUL-0: CVE-2025-68616: python-weasyprint: server-side request forgery (SSRF) protection bypass via HTTP redirects allows access to internal network resources</issue>
+  <packager>dgarcia</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for python-weasyprint</summary>
+  <description>This update for python-weasyprint fixes the following issues:
+
+Changes in python-weasyprint:
+
+- CVE-2025-68616: Fixed a server-side request forgery in default fetcher (boo#1256936).
+</description>
+  <package>python-weasyprint</package>
+</patchinfo>

patchinfo.20260126192907763486.93181000773252/_patchinfo

@@ -0,0 +1,12 @@
+<patchinfo>
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for uzdoom</summary>
+  <description>This update for uzdoom fixes the following issues:
+
+Introduces uzdoom.
+
+</description>
+  <package>uzdoom</package>
+</patchinfo>