These patches are about a number of CVEs files against the application:
CVE-2025-63649, CVE-2025-63650, CVE-2025-63651, CVE-2025-63652, CVE-2025-63653, CVE-2025-63655,
CVE-2025-63656, CVE-2025-63657 and CVE-2025-63658.
These patches are taken from a pull request[1] that is referenced in the relevant bug report[2].
The patches don't target specific CVEs on separately, but they fix a number of CVEs altogether.
Based on upstream analysis (in the linked issue) a number of these CVEs are duplicates of each
other and/or not exploitable. The valid CVEs are fixed by these patches.
I haven't added specific CVE info to the patches, one hand because of the above, it is hard to
separate the patches by CVE, and secondarily because NVD tracks these CVEs with incorrect version
info: NVD considers 1.8.6 fully fixed, even though the patches are only in the master branch,
untagged at this time. After updating the recipe to 1.8.6+, the vulnerabilites will disappear
from the CVE report due to this.
[1]: https://github.com/monkey/monkey/pull/434
[2]: https://github.com/monkey/monkey/issues/426
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
- add patches to fix compilation
- add runtime dependency for python3-pycairo
Overview of Changes from GIMP 3.2.2 to GIMP 3.2.4
=================================================
Core:
- The "edit-fill-*" actions will now behave accordingly on specific
cases. E.g. it will skip layers which can't be filled (content-lock
layers and link layers) and it will fill the expected way
non-rasterized text and vector layers.
- Images opened through command lines are not considered stray images
anymore on exit when run without a GUI (scripts, etc.).
- We improved the support of the process temporary folder, so that we
can avoid clashes when several users run GIMP on a same computer.
Furthermore the temporary folder is now deleted at startup (unless
it is not empty, which it should be).
- XCF opened as layers will now always create new layers named as in
the source XCF, even if the source XCF had only a single layer.
- The "layers-resize" now only works on raster layers.
- The "Layers to Image Size" and "Resize Layer to Selection" actions
will only work on raster layers too.
Tool
- Text tool:
* When editing text, prioritize our global actions when a
shortcut matches, before sending the hit keys to the IME (Input
Method Engine). Otherwise some IME may consume our keys and block
custom shortcuts (e.g. Alt+key events are often used to trigger
special characters on macOS or Windows and may block core
actions).
* Prevent font size jumping to 0 when using shortcuts on selected
text.
- Selection tools: when moving a floating layer or selection,
temporarily disable the marching ants outline. Among other reasons,
it improves performance.
- Select by Color tool: optimized processing when working in Intersect
mode.
- Crop tool: non-raster layers are not rasterized anymore.
- Text tool: on-canvas GUI is now properly positioned when rotating
the canvas.
Plug-Ins:
- Improve import of: APNG, PAA, PNG, DDS, PSP, PNM, PSD, JIF, PVR
texture, TIM, XWD, SFW, ORA.
- Improved PDF export.
- file-compressor: improved error messaging.
- New Windows WIA scanner plug-in, replacing the now deprecated TWAIN
scanner plug-in (which is not shipped in our Windows packages
anymore as it depends on dropped 32-bit Windows platform).
- Script-Fu: several deprecated functions now cleaned out from
scripts.
- Filmstrip: the created image will now have the dirty flag set.
API:
- libgimp/PDB:
* libgimp/PDB functions gimp_context_set_line_width_unit() and
gimp_vector_layer_set_stroke_width_unit() now accept pixel as input unit.
* Improved error handling in gimp_temp_file().
* New function: gimp_resources_loaded()
- libgimp:
* A function gimp_env_exit() was added, but same as gimp_env_init(),
it is not declared in public headers and should never be used by
plug-ins. It is considered private.
* gimp_quit() function is deprecated.
- PDB:
* (gimp-quit) procedure (without libgimp wrapper) is deprecated.
Translations:
- New Lao translation.
Build:
- Many build warnings are being cleaned out.
- New jobs are being set up with -Werror progressively as we weed out
existing build warnings.
- The issue bot will now run and create reports when specific jobs
fail.
- New rules to generate Markdown versions of our man pages for the
website.
Overview of Changes from GIMP 3.2.0 to GIMP 3.2.2
=================================================
Core:
- We removed support for a separate folder for loading 32-bit binaries
on 64-bit Windows. This was being used for core plug-ins for the
TWAIN plug-in only.
- Various fixes related to the new non-destructive layer types, or to
non-destructive layer effects.
- More robust handling of Procreate and SwatchBooker palettes.
- Fix scaling paths when importing SVG as paths.
- We now support reading the documentation being installed in the user
config directory in the `help/` subdirectory.
- Histogram dialog: the unique color count feature now takes into
account any selection.
Graphical User Interface:
- Theme fixes.
- Various text fixed for better localization.
- Display the "Tab" shortcut for the "Hide Docks" action, even though
it is not a real global shortcut (it only works on the canvas).
- Metadata Rotation import dialog: you can now click the preview for
Original and Rotated images in the Metadata Rotation Import Dialog,
and have it open the image rotated as shown in the preview.
Plug-Ins:
- Tile: carry over the source image's profile to the newly created
image.
- Improve support of: FITS, TIM, PAA, ICNS, PVR, SFW, JIF, PSP, PSD
Translations:
- Serbian Cyrillic now has upstream support in InnoSetup (in their
"Unofficial" list still, which means it is less verified). Our
installer now has Serbian Cyrillic localization too.
Build:
- NM environment variable is now used in priority for the `nm` tool
used for the build. This check is stored from configure-time
environment.
- Windows x86 32-bit pipeline has now been decommissioned from our CI.
This implies that 32-bit builds won't be available anymore in our
Windows installer, just as was already the case on the Windows Store.
- Meson build:
* New boolean option -Dtwain-unmaintained: this puts our TWAIN
plug-in behind a disabled-by-default flag, because this plug-in
only made sense in 32-bit. The next step will be to replace it by
a WIA plug-in.
* Option -Dwin32-32bits-dll-folder removed.
- GIMP can now be built fully without patches on macOS. The in-house
macOS build is slowly moving to become our main CI for this OS and
for making the release DMGs.
- Snap: enable MIDI (Alsa) support.
- AppImage: enable "Send by email".
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
SRC_URI[md5sum] has been deprecated and replace it with
SRC_URI[sha256sum] for proper integrity verification.
Signed-off-by: Haiqing Bai <haiqing.bai@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Drop patches that were merged in this release.
Changelog:
- --get-exif , --get-all-exif added
- --reverse modifier option added for fileoperations commands
- kill -USR2 can now stop --capture-movie
- updated translations
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Set ac_cv_prog_cc_c23=no to prevent autoconf from detecting C23
compiler support, avoiding potential build failures as the package
is not yet fully ported to support C23 standard.
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Set ac_cv_prog_cc_c23=no to prevent autoconf from detecting C23
compiler support, avoiding potential build failures as the package
is not yet fully ported to support C23 standard.
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Keep the knob disabled by default, as it will need
c runtime to provide profiling runtime, which is not
compiled into compiler-rt by default. So it ends up
with build failures e.g.
| aarch64-yoe-linux-ld.lld: error: cannot open /mnt/b/yoe/master/kas-build/tmp/work/cortexa72-yoe-linux/liboauth2/2.2.0/recipe-sysroot/usr/lib/clang/22.1.3/lib/aarch64-yoe-linux/libclang_rt.profile.a: No such file or directory
| aarch64-yoe-linux-clang: error: linker command failed with exit code 1 (use -v to see invocation)
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
It has one change over last release
84fa99d3ba
Fixes build errors e.g.
| CMake Error at cmake/VersionFromGit.cmake:59 (message):
| [VersionFromGit] Failed to execute Git: fatal: No names found, cannot
| describe anything.
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The meson_options.txt sets authentication-scheme to 'pam' and
session-manager to 'systemd' by default, which requires libpam
and systemd at build time. Add them to DEPENDS to fix the
configuration failures:
../sources/xfce4-screensaver-4.20.2/meson.build:167:20: ERROR: C shared or static library 'pam' not found
../sources/xfce4-screensaver-4.20.2/meson.build:265:26: ERROR: Dependency "libsystemd" not found, tried pkgconfig
Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changes:
- Drop 0001-Fix-build-with-gcc-15.patch (merged upstream).
- Add 0001-fix-the-hardcoded-legacy-helper-path.patch: replace the
hardcoded "/lib/drbd" path in add_lib_drbd_to_path() with the
build-configured DRBD_LEGACY_LIB_DIR derived from LIBDIR
- Remove sed fixup for the now-absent ocf.ra@.service.
- Install new upstream 50-drbd.preset into systemd system-preset
Signed-off-by: Haiqing Bai <haiqing.bai@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
It has fixes for C23 and Clang-22 added also fixes/workarounds for
libstdc++-14 combinations with different versions of gcc and clang.
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Set ac_cv_prog_cc_c23=no to prevent autoconf from detecting C23
compiler support, avoiding potential build failures as the package
is not yet fully ported to support C23 standard.
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
systemd_system_unitdir was accidentally used as the destination for
the user systemd unit, which means it overwrites the system unit.
Correct it to systemd_user_unitdir to fix starting with the system
unit.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Add a recommendation for a sans serif font to print text on images. But
fswebcam works fine without a font to save only plain images.
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Some recipes (like fswebcam) need gd with support of fontconfig to really
work. Otherwise font selection is not that easy.
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Running "dlt-example-user 'test'",
Check "dlt-control -j localhost", will not get application description:
APID:LOG-
Expected:
APID:LOG- Test Application for Logging
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
- HTTP/2 support added via the nghttp2 library
(credits to Heiko Zimmermann) — noted as experimental, so
testing carefully before enabling on production servers is
recommended.
- mbed TLS updated from 4.0.0 to 4.1.0.
- ssi-cgi removed — the release notes suggest using
Hiawatha's XSLT support as a more advanced alternative.
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
