0001-checkpc-Do-not-define-Mail_fd-multiple-times.patch
removed since it's included in 3.9.0
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Implement support for CURLOPT_CAINFO_BLOB
- Added support for CURLOPT_SSLCERT_BLOB
- Refactor: Pass std::string_view by value instead of by const reference
- Add connection pool option (V3)
- fix: Calling empty callbacks
- fix: callback function pointer type mismatch in writeFunction
- 1.12.0 CI Fixes
- fix: Cmake config file
- fix: make is_same_v check constexpr in set_option_internal
- cpr::MultiPerform fixes - #1047 and #1186
- Bump actions/setup-python from 5 to 6
- Bump actions/checkout from 3 to 5
- Allow disabling PSL
- Make curl dependency management optional
- curl_container: allow calling GetContent without CurlHolder
- Bump stefanzweifel/git-auto-commit-action from 6 to 7
- Bump actions/upload-artifact from 4 to 5
- Bump actions/setup-python from 1 to 5
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
### Changed
- Internal timing operations now use 'clock()' on all platforms (previously this
was only used on Windows). This should result in more accurate timing in
verbose informational messages.
- Building Graphviz with expat < 2.2.8 is no longer supported on MinGW.
### Fixed
- 'diffimg' now notices failures when calling Ghostscript to convert PS images
to PNG and exits instead of continuing.
- 'dtstat' no longer reads/writes out of bounds memory on platforms where
'sizeof(int) < sizeof(size_t)'. This was a regression in Graphviz 7.0.1.
- Some incorrect variable types in the libcdt man page have been corrected.
- 'gvgen' no longer triggers Undefined Behavior when asked to generate a binary
tree with depth >= 32 (e.g. 'gvgen -t32').
- 'gvgen' no longer triggers Undefined Behavior when asked to generate a
hypercube with depth >= 32 (e.g. 'gvgen -h32').
- A null pointer dereference in edge pair analysis within the circo algorithm
has been fixed.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE-2025-30472.patch
removed since it's included in 3.1.10
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1.Changelog:
https://github.com/imageio/imageio/releases/tag/v2.37.2
2.The LICENSE_CHECKSUM changed as date of LICENSE Copyright changed.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Dropped 0001-libmpathutils-uxsock.c-Include-string.h-for-memcpy.patch and
0013-libdmmp-Makefile-Fix-KBUILD_BUILD_TIMESTAMP-usage.patch which are now
merged in the upstream.
Refreshed other patches for the new version.
Release Note:
https://github.com/opensvc/multipath-tools/blob/0.11.3/NEWS.md
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ChangeLog:
==========
build: avoid a warning when configured with --disable-multibuffer
bump version numbers and add a news item for the 8.7 release
display: regenerate the screen after a resize during a spell check
display: regenerate the screen only before and after waiting for input
display: upon resize, redraw the subwindows only when fully initialized
docs: add example of copy-to-clipboard-with-OSC52 to the sample nanorc
docs: mention that `execute` can pipe buffer or region to the command
gnulib: update to its current upstream state
moving: prevent a negative relative jump from going beyond top of buffer
new feature: execute a command without capturing the output
startup: register the handler for SIGWINCH much earlier
text: when blanking a line due to --autoindent, keep the mark in sync
tweaks: improve a few comments, drop one, and unwrap some lines
tweaks: improve the punctuation of one item in the sample nanorc
tweaks: replace a remaining double dash with a true emdash
tweaks: reshuffle some #ifdefs, and rename a function
tweaks: unwrap three lines, for esthetics
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
https://github.com/rakshasa/rtorrent/releases/tag/v0.16.2
Remove 0001-scripts-common.m4-Insert-spaces-in-shell-lists.patch as it was merged in upstream.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Remove 0001-scripts-common.m4-Insert-spaces-in-shell-lists.patch as it was merged in upstream.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
core:
* NSS Signatures: Tweak the logic that decides which firefox profile to use
* NSS Signatures: call PORT_GetError() only if the preceding CERT_PKIXVerifyCert() fails
* Splash: Performance improvements
* Fix crashes in malformed documents
glib:
* Fix ocsp check for signatures validation
* Fix warning when running glib-mkenums
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There are multiple vendors for yasm:
$ sqlite3 ./nvdcve_2-2.db "select distinct vendor, product from products where product = 'yasm';"
tortall|yasm
yasm_project|yasm
Both products refer to the same application
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There are some unrelated software called "links", which cases
false-positive CVEs to be reported by the CVE checker.
Set the vendor/product pairs that were historically used with
CVEs for this software.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Switch back to fetch tarballs instead of the git repository.
The project has switched from appstream-glib to appstream as a dependency,
due to the prior isn't actively developed anymore[1].
This update also contains fixes for CVE-2025-10920, CVE-2025-10921, CVE-2025-10922,
CVE-2025-10923, CVE-2025-10924, CVE-2025-10925 and CVE-2025-10934.
[1]: c27096db9e
Release notes:
Core:
- Many false-positive build warnings have been cleaned out (and proper
issues fixed).
- Various crashes fixed.
- When creating a layer mask from the layer's alpha, but the layer has
no alpha, simply fill the mask with complete opacity instead of
a completely transparent layer.
- Various core infrastructure code reviewed, cleaned up, refactored
and improved, in drawable, layer and filter handling code, tree view
code, and more.
- GIMP_ICONS_LIKE_A_BOSS environment variable is not working anymore
(because "gtk-menu-images" and "gtk-button-images" have been
deprecated in GTK3 and removed in GTK4) and was therefore removed.
- Lock Content now shows as an undo step.
- Add alpha channel for certain transforms.
- Add alpha channel on filter merge, when necessary.
- Filters can now be applied non-destructively on channels.
- Improved Photoshop brush support.
- After deleting a palette entry, the next entry is automatically
selected. This allows easily deleting several entries in a row,
among other usage.
- Resize image to layers irrespective to selections.
- Improved in-GUI release notes' demo script language:
* We can now set a button value to click it:
"toolbox:text,
tool-options:outline=1,
tool-options:outline-direction"
* Color selector's module names can be used as identifiers:
"color-editor,color-editor:CMYK=1,color-editor:total-ink-coverage"
- Fixed Alpha to Selection on single layers with no transparency.
- Various code is slowly ported to newer code, preparing for GTK4 port
(in an unplanned future step):
* Using g_set_str() (optionally redefining it in our core code to
avoid bumping the GLib minimum requirement).
* Start using GListModel in various pieces of code, in particular
getting rid of more and more usage of GtkTreeView when possible
(as it will be deprecated with GTK4).
* New GimpRow class for all future row widgets.
* Use more of G_DECLARE_DERIVABLE_TYPE and G_DECLARE_FINAL_TYPE
where relevant.
* New GimpContainerListView using a GtkListBox.
* New GimpRowSeparator, GimpRowSettings, GimpRowFilter and
GimpRowDrawableFilter widgets.
- (Experimental) GEX Format was updated.
- Palette import:
* Set alpha value for image palette imports.
* Fix Lab & CMYK ACB palette import.
* Add palette format filters to import dialog, making it more
apparent what palette formats are supported, and giving the
ability to hide irrelevant files.
- Improved filter actions' sensitivity to make sure they are set
insensitive when relevant. In particular filters which cannot be run
non-destructively (e.g. filters with aux inputs, non-interactive
filters and GEGL Graph) must be insensitive when trying to run them
on group layers.
- Fix bad axis centering on zoom out.
- Export better SVG when exporting paths.
Tools:
- Text tool: make sure the default color is only changed when the user
confirms the color change.
- Foreground Selection tool: do not create a selection when no strokes
has been made. In particular this removes the unnecessary delay
which happened when switching to another tool without actually
stroking anything.
- All Transform tools: transform boundaries for preview is now
multi-layers aware.
- (Experimental) Seamless Clone tool: made to work again, though it is
still too slow to get out of Playground.
Graphical User Interface:
- Various improvements to window management:
* Keep-Above windows are set with the Utility hint.
* Utility windows are not made transient to a parent.
* Transient factory dialogs follow the active display, ensuring that
new image windows would not hide your toolbox and dock windows.
- Various CSS improvements for styling of the interface. Some theme
leaks were also fixed.
- New toggle button in Brushes and Fonts dockable, allowing brush and
font previews to optionally follow the color theme. For instance,
when using a dark theme, the brush and font previews could be drawn
on the theme background, using the theme foreground colors. By
default, these data previews are still drawn as black on white.
- Palette grid is now drawn with the theme's background color.
- Consistent naming patterns on human-facing options (first word only
capitalized).
- About dialog:
* We will now display the date and time of the last
check in a "Up to date as of <date> at <time>" string, differing
from the "Last checked on <date> at <time>" string. The former
will be used to indicate that GIMP is indeed up-to-date whereas
the latter when a new version was released and that you should
update.
* We now respect the system time/date format on macOS and Windows.
- The search popup won't pop up without an image.
- Better zoom step algorithm for data previews in container popup
(e.g. the brush popup in paint Tool Options).
- Disable animation in the Input Controller, Preferences and Welcome
dialogs for stack transition when animation are disabled in system
settings.
- Fixed crosshair hotspot on Windows (crosshair cursor for brushes was
offset with a non-100% display scale factor).
- Debug/CRITICAL dialog:
* Make sure it is non-modal.
* Follow the theme mode under Windows.
- While loading images, all widgets in the file dialog are made
insensitive, except for the Cancel button and the progress bar.
- Both grid and list views can now zoom via scroll and zoom gestures
(it used to only work in list views).
- Pop an error message up on startup when GIO modules to read HTTPS
links are not found and that we therefore fail to load the remote
gimp_versions.json file. With the AppImage package in particular, we
depend on an environment daemon which cannot be shipped in the
package. So the next best thing is to warn people and tell them what
they should install to get version checks.
- Welcome dialog:
* The "Community Tutorials" link is now shown after the
"Documentation" link.
* The "Learn more" link in Release Notes tab leads to the actual
release news for this version.
Plug-ins:
- PDF export: do not draw disabled layer masks.
- Jigsaw: the plug-in can now draw on transparent layers.
- Various file format fixes and improvements: JPEG 2000 import, TIFF
import, DDS import, SVG import, PSP import, FITS export, ICNS
import, Dicom import, WBMP import, Farbfeld import, XWD import, ILBM
import.
- Sphere Designer: use spin scale instead of spin entries (the latter
is unusable with little horizontal space).
- Animation Play: frames are shown again in the playback progress bar.
- Vala Goat Exercise: ignoring C warning in this Vala plug-in as it is
generated code and we cannot control it.
- file-gih: brush pipe selection modes now have nice, translatable
names.
- Metadata viewer: port from GtkTreeView to GtkListBox.
- File Raw Data: reduce Raw Data load dialogue height by moving to a
2-column layout.
- SVG import: it is now possible to break aspect ratio with specific
width/height arguments, when calling the PDB procedure
non-interactively (from other plug-ins).
- Print: when run through a portal print dialog, the "Image Settings"
will be exposed as a secondary dialog, outputted after the portal
dialog, instead of a tab on the main print dialog (because it is not
possible to tweak the print dialog when it is created by a portal).
This will bring back usable workflow of printing with GIMP when run
in a sandbox (e.g. Flatpak or Snap).
- Recompose: fixed for YCbCr decomposed images.
- Fixed vulnerabilities: ZDI-CAN-27684, ZDI-CAN-27863, ZDI-CAN-27878,
ZDI-CAN-27836, ZDI-CAN-27823, ZDI-CAN-27793.
- C Source and HTML export can now be run non-interactively too (e.g.
from other plug-ins).
- Map Object: fix missing spin boxes.
- Small Tiles: fix display lag.
API:
- libgimpui:
* new function: gimp_prop_toggle_new()
* updated widget default for GimpChoice in GimpProcedureDialog: when
the number of choices is below 3, a radio frame is used, and a
combo box otherwise (it used to always be a combo box).
* GimpExportProcedureDialog: comment text area will be made
(in)sensitive depending on the checked state of "Save Comment"
option.
* Use arrows for GimpSpinScale cursors.
* GimpColorScales: no decimal for u8 RGB color selector. This change
will help further distinguish between the 0...100 and 0..255 views
in the Color Selectors.
* Internal color drags now use a "application/x-geglcolor" target
since "application/x-color" is standard and should not be used for
our more powerful color formats.
- libgimp:
* new enum type: GimpTRCType
* gimp_file_save() sets the XCF or exported files accordingly.
* Metadata:
+ Favor existing image comment instead of always loading comment
from metadata.
+ Fix handling of "charset=" in comments.
+ Better heuristic to choose the comment to export, especially
when it has been edited in the export dialog comment field.
+ XMP modification date format fix and Exif.Image.DateTime
metadata has been modernized, also adding the timezone.
- PDB/libgimp:
* Allow nullable sample points and guide types for some
functions.
* GeglParamFilePath can now be passed across the wire.
- macOS: improve dock icon flashing issue.
Build:
- CI scripts synced to latest `master` state.
- Windows file format association list is now generated at build time,
avoiding discrepancies.
- Build scripts are made POSIX-compliant for better portability across
platforms.
- New nightly Snap package.
- New nightly Aarch64 flatpak.
- Core code ported from appstream-glib to libappstream.
- Windows installer now uses the latest InnoSetup again.
- New option -Dwin-debugging=dwarf to generate DWARF symbols on
Windows (defaults to CodeView symbols).
- Compilation should work again fine with older librsvg (before the
Rust port).
- release-stats.sh script updated to generate text directly pastable
into our release news.
- CI:
* Linux builds ported from unmaintained Kaniko to Buildah.
* Colored output and .pdb support for builds of dependency using
CMake.
* Ability to apply remote patches on dependency builds.
* New job "branches-check" to warn about dead branches.
* Our Debian jobs are now built with GCC again (the CLang builds are
switched to weekly scheduled jobs).
- Clean out deprecation warnings on GLib and GTK/GDK based on our
minimum requirement of these dependencies thanks to
GLIB_VERSION_MIN_REQUIRED() and GLIB_VERSION_MAX_ALLOWED() macros
(and equivalent GDK macros).
- We now build Exiv2 ourselves on Windows as a temporary workaround to
issue #12626.
- Improved packages binary caching with ORAS for Flatpak.
- AppImage: we now depend on Debian Trixie.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
they were sent for meta-security long time ago in 2021:
https://lists.yoctoproject.org/g/yocto/message/54470
but never merged there, now there are lief, docopt, rich, asttokens
already in meta-python and checksec-py depends on lief version, e.g.
976d530867
is needed to fixcompatibility with newer lief currently in meta-python
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2015-3243
The issue is about file permissions: by default rsyslog creates world-readable
files. In case a log message contains some sensitive information, then that's
exposed to every user on the system.
However the rsyslog.conf file that is shipped with the recipe solves it: it
already sets non-world-readable default permissions on all files, so this
vulnerability is fixed in the default OE recipe.
See also this package in OpenSuse[1], where it is solved the same way.
[1]: https://build.opensuse.org/requests/619439/changes (rsyslog.conf.in)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When tests are enabled additional C++ code is compiled and clang does
not like the code.
Cc: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
