Changelog for gimp-lang-2.8.22-lp151.5.9.1.noarch.rpm :

* Wed Dec 23 2020 Jia Zhaocong - Add gimp-bsc1073624-CVE-2017-17784.patch: Check input name is nul-terminated. (bsc#1073624 bgo#790784 CVE-2017-17784) Add gimp-bsc1073625-CVE-2017-17785.patch: Prevent heap overflow while parsing FLI files. (bsc#1073625 bgo#739133 CVE-2017-17785) Add gimp-bsc1073626-CVE-2017-17786.patch: Limit supported image types. (bsc#1073626 bgo#739134 CVE-2017-17786)
* Wed Dec 16 2020 Cliff Zhao - Add gimp-CVE-2017-17787.patch: We have to check that strings being read at fixed length are properly nul-terminated (bnc#1073628 CVE-2017-17787).
* Wed Dec 09 2020 Michael Gorse - Add gimp-fix-issue-3630-postscript-plugin-crashes.patch: gsapi_new_instance() now expects a pointer to a NULL-initialized pointer. Initialize \"void
*instance\" with NULL. Found by massimo (bsc#1178726, glgo#GNOME/GIMP#3630).
* Wed Aug 26 2020 Jia Zhaocong - Add gimp-bsc1073627-CVE-2017-17789.patch: Fix heap buffer overflow in PSP importer. Check if declared block length is valid before going further. (bsc#1073627, bgo#790849, CVE-2017-17789).
* Thu Mar 08 2018 Add gimp-gegl03-buildfix.patch: Port to gegl-03, patch taken from debian.- Following the above port, replace pkgconfig(gegl-0.2) with pkgconfig(gegl-0.3) BuildRequires and add libtool BuildRequires: and pass autoreconf as the above patch touches the buildsystem.
* Sun Jan 07 2018 Run spec-cleaner, modernize spec, drop Obsoletes for versions no longer supported.
* Sat Jan 06 2018 Don\'t build with webkit1, as it is no longer maintained and has plenty of security bugs. This disables the GIMP\'s built-in help browser; it will use an external browser when configured this way. This works around a number of security vulnerabilities in Webkit1:
* Wed May 31 2017 drop mypaint until it is in Factory.
* Fri May 12 2017 update to 2.8.22- drop upstream patches - now in the the source- drop gimp-fix-PDF-Import-filter-crash.patch- drop gimp-bgo773233-CVE-2007-3126.patch- conditionalize mypaint support- full change log:
* Sat Feb 25 2017 Build with libmypaint support.
* Tue Feb 21 2017 Add gimp-bgo773233-CVE-2007-3126.patch: Gimp 2.3.14 allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero (bgo#773233, CVE-2007-3126).- Add gimp-fix-PDF-Import-filter-crash.patch: Fix a crash in PDF Import filter when importing large image PDF or specifying high resolution (bgo#593576).
* Thu Feb 09 2017 Add conditional gimp-help-browser Obsoletes for Tumbleweed and Leap newer than 42.x.
* Wed Feb 08 2017 Remove --with-pic, this is only for static libs.- Trim description on non-main subpackages.
* Fri Feb 03 2017 update to 2.8.20- Core: - Avoid D-Bus error message when built without D-Bus support - fix OS X min required conditional in gimpimagewindow.c - Saving to existing and .xcf.gz files didn\'t truncate them and could lead to unnecessarily large files - Text layer created by gimp-text-fontname doesn\'t respect border when resized - avoid seeking when saving XCF files to prevent corruption with file network shares (fixed since 2014, but not mentioned in NEWS yet) GUI: - Flow on Paint Dynamics editor dialog: the \'y\' axis is indicating \'Rate\' instead \'Flow\' - Vertical ruler shows artifacts if the status bar isn\'t showing - Tablet stylus misbehaves when crossing the edge of a dock in multi-window-mode - Disable the new \"automatic window tabbing\" feature introduced on macOS Sierra - Improve the visiblity of slider handles with dark themes - Make it harder to switch to renaming if selecting already selected items in resource lists Tools: - make toggling to color picker mode of paint tools more robust Libgimp: - call gimp_file_entry_set_filename() with filename encoding Plug-ins: - Prevent the Python console from closing by the Escape key - Help browser does not launch on OS X - Filter \'Edge Detect/Difference of Gaussians\' returns empty image - only use -xobjective-c for compile commands - fix calls to write_file() routine to write to current directory - When printing, the images are composed onto a white background to prevent printing a black box instead of a transaprent image - Fix color visison deficiency display filters to apply gamma correction directly Updated Translations: - Catalan - Czech - Danish - Finnish - French - German - Greek - Hungarian - Icelandic - Italian - Polish - Portuguese - Slovak - Slovenian - Scottish Gaelic - Spanish - Swedish General: - Bug fixes
* Sun Jan 15 2017 Replace -devel BuildRequires for their pkgconfig version aligned with what configure looks for: - babl-devel for pkgconfig(babl). - gegl-devel for pkgconfig(gegl-0.2). - libpng-devel for pkgconfig(libpng). - libpoppler-glib-devel for pkgconfig(poppler-glib). - xorg-x11-libXfixes-devel for pkgconfig(xfixes). - xorg-x11-libXpm-devel for pkgconfig(xpm). - zlib-devel for pkgconfig(zlib).- Add an explicit pkgconfig(cairo-pdf) BuildRequires: configure checks for it (full pdf support).- Run spec-cleaner: drop obsolete clean, modernise macros.- No longer depend on libwebkit-devel for Tumbleweed and pass - -disable-webkit to configure for Tumbleweed.
* Sun Jul 31 2016 update to 2.8.18- Drop gimp-Multiple-Use-After-Free.patch - upstreamed +Core: - Initialize fontconfig cache in separate thread to keep GUI responsive on first startup - Properly recognize layer masks as deactivated, e.g. for moving layers - Create $XDG_DATA_HOME if it doesn\'t exist - (CVE-2016-4994) Multiple Use-After-Free when parsing XCF channel and layer properties - Fix progress access to prevent crash on rapid sequence of commands - Fix crash in gimp-gradient-segment-range-move +GUI: - Disable color picker buttons on OS X to prevent a GUI lockup - Disable \"new-style\" full-screen mode on OS X to prevent a crash - Pulsing progress bar in splash screen to indicate unknown durations - Fix gamut warning color for lcms display filter - Fix unbolding of bold font on edit - Prevent accidental renaming of wrong adjacent item +Installer: - Change compression settings to decrease size by 20% - Add Catalan, Danish, French, Dutch +Plug-ins: - Fix crash on sRGB JPEG image drag & drop - Fix ambiguous octal-escaped output of c-source - Fix KISS CEL export - Fix progress bar for file-compressor - Make Script-Fu regex match return proper character indexes for Unicode characters - Fix Script-Fu modulo for large numbers +General: - Documentation updates - Bug fixes - Translation updates
* Thu Jun 23 2016 Fix CVE-2016-4994 (boo#986021, bgo#767873): + Add gimp-Multiple-Use-After-Free.patch: Multiple Use-After-Free when parsing XCF channel and layer properties.
* Sat Dec 05 2015 Explcitly declare the libgimp version in Requires, so upgrades bring in the updated libraries as well. Makes the upgrade from 2.8.x > 2.8.16 seamless and avoids an error on start.
* Sat Nov 28 2015 update to version 2.8.16- fix a couple of rpmlint warnings +Core: - Seek much less when writing XCF - Don\'t seek past the end of the file when writing XCF - Windows: call SetDLLDirectory() for less DLL hell - Fix velocity parameter on .GIH brushes - Fix brokenness while transforming certain sets of linked layers +GUI: - Always show image tabs in single window mode - Fix switching of dock tabs by DND hovering - Don\'t make the scroll area for tags too small - Fixed a crash in the save dialog - Fix issue where ruler updates made things very slow on Windows +Plug-ins: - Fix several issues in the BMP plug-in - Make Gfig work with the new brush size behavior again - Fix font export in the PDF plug-in - Support layer groups in OpenRaster files - Fix loading of PSD files with layer groups + General: - OSX build system fixes - Bug fixes - Translation updates
* Wed Apr 08 2015 Replace liblcms-devel BuildRequires with pkgconfig(lcms2): gimp has been ported to lcms2 since version 2.8.8.