Webkit2GTK, Flatpak, Chromium, and more updates for Fedora

Fedora Linux 9311 Published 2026-04-14 07:22 by Philipp Esselbach

News

[SECURITY] Fedora 42 Update: webkitgtk-2.52.1-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-36594550b0
2026-04-14 01:07:38.489371+00:00
--------------------------------------------------------------------------------

Name : webkitgtk
Product : Fedora 42
Version : 2.52.1
Release : 1.fc42
URL : https://www.webkitgtk.org/
Summary : GTK web content engine library
Description :
WebKitGTK is the port of the WebKit web rendering engine to the
GTK platform.

--------------------------------------------------------------------------------
Update Information:

Update to 2.52.1.
Notable changes from 2.50 to 2.52:
Make text look like in other browsers by blending in linear color space.
Improved rendering performance by using a different tile size depending on
whether GPU rendering is enabled or not.
Improved composition scheduling to avoid blocking waiting for tile painting.
Improved performance of accelerated 2D canvas by recording operations for
batched replay.
Improved async scrolling when main thread is busy by avoiding locks and
rendering the scrollbars from the scrolling thread.
Enabled dynamic MSAA for accelerated 2D canvas rendering.
Improved text rendering performance
Videos with BT2100-PQ colorspace are now tone-mapped to SDR, ensuring colours do
not appear washed out.
Added support for the Audio Output Devices API.
Added API to handle WebXR permission requests.
Added API to query the immersive session status.
Added initial API for web extensions.
Additional changes from 2.52.0 to 2.52.1:
Reduce the amount of useless MPRIS notifications produced by MediaSesion when
the information about media being played is incomplete.
Add Sysprof marks for mouse events.
Fix MediaSession icon for iheart.com not being displayed.
Fix several crashes and rendering issues.
Translation updates: Georgian.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar 28 2026 Michael Catanzaro [mcatanzaro@gnome.org] - 2.52.1-1
- Update to 2.52.1
* Sat Mar 21 2026 Michael Catanzaro [mcatanzaro@gnome.org] - 2.52.0-1
- Update to 2.52.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2449069 - CVE-2025-43213 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449069
[ 2 ] Bug #2449073 - CVE-2025-43214 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449073
[ 3 ] Bug #2449086 - CVE-2025-43457 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449086
[ 4 ] Bug #2449089 - CVE-2025-43511 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449089
[ 5 ] Bug #2449092 - CVE-2025-46299 webkitgtk: Processing maliciously crafted web content may disclose internal states of the app [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449092
[ 6 ] Bug #2449095 - CVE-2026-20608 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449095
[ 7 ] Bug #2449098 - CVE-2026-20635 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449098
[ 8 ] Bug #2449102 - CVE-2026-20636 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449102
[ 9 ] Bug #2449105 - CVE-2026-20644 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449105
[ 10 ] Bug #2449108 - CVE-2026-20652 webkitgtk: A remote attacker may be able to cause a denial-of-service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449108
[ 11 ] Bug #2449111 - CVE-2026-20676 webkitgtk: A website may be able to track users through Safari web extensions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449111
[ 12 ] Bug #2450634 - webkitgtk-2.50.5: WebKitWebProcess repeated SIGABRT crashes (heap corruption), upstream fixed in 2.50.6+
https://bugzilla.redhat.com/show_bug.cgi?id=2450634
[ 13 ] Bug #2453064 - CVE-2026-20643 webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453064
[ 14 ] Bug #2453067 - CVE-2026-20664 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453067
[ 15 ] Bug #2453070 - CVE-2026-20665 webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453070
[ 16 ] Bug #2453073 - CVE-2026-20691 webkitgtk: A maliciously crafted webpage may be able to fingerprint the user [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453073
[ 17 ] Bug #2453076 - CVE-2026-28857 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453076
[ 18 ] Bug #2453079 - CVE-2026-28859 webkitgtk: A malicious website may be able to process restricted web content outside the sandbox [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453079
[ 19 ] Bug #2453082 - CVE-2026-28871 webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453082
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-36594550b0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: flatpak-1.16.6-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5286084b44
2026-04-14 00:58:48.183276+00:00
--------------------------------------------------------------------------------

Name : flatpak
Product : Fedora 43
Version : 1.16.6
Release : 1.fc43
URL : https://flatpak.org/
Summary : Application deployment framework for desktop apps
Description :
flatpak is a system for building, distributing and running sandboxed desktop
applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for
more information.

--------------------------------------------------------------------------------
Update Information:

Update to 1.16.6
Fixes for CVE-2026-34078, CVE-2026-34079, GHSA-2fxp-43j9-pwvc and
GHSA-89xm-3m96-w3jg
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 10 2026 Michael Catanzaro [mcatanzaro@redhat.com] - 1.16.6-1
- Update to 1.16.6
* Wed Apr 8 2026 David King [amigadave@amigadave.com] - 1.16.4-1
- Update to 1.16.4
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2456384 - CVE-2026-34078 flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2456384
[ 2 ] Bug #2456395 - CVE-2026-34079 flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2456395
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5286084b44' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: python-cryptography-46.0.7-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-95233f8a79
2026-04-14 00:58:48.183266+00:00
--------------------------------------------------------------------------------

Name : python-cryptography
Product : Fedora 43
Version : 46.0.7
Release : 1.fc43
URL : https://cryptography.io/en/latest/
Summary : PyCA's cryptography library
Description :
cryptography is a package designed to expose cryptographic primitives and
recipes to Python developers.

--------------------------------------------------------------------------------
Update Information:

Changelog
* Wed Apr 8 2026 Jeremy Cline [jeremycline@microsoft.com] - 46.0.7-1
- Update to 46.0.7
- SECURITY ISSUE: Fixed an issue where non-contiguous buffers could be
passed to APIs that accept Python buffers, which could lead to buffer
overflow. CVE-2026-39892
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Jeremy Cline [jeremycline@microsoft.com] - 46.0.7-1
- Update to 46.0.7
- SECURITY ISSUE: Fixed an issue where non-contiguous buffers could be
passed to APIs that accept Python buffers, which could lead to buffer
overflow. CVE-2026-39892
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2456352 - python-cryptography-46.0.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2456352
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-95233f8a79' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: chromium-147.0.7727.55-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-952f3c3d9e
2026-04-14 00:58:48.183271+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 43
Version : 147.0.7727.55
Release : 1.fc43
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 147.0.7727.55
Critical CVE-2026-5858: Heap buffer overflow in WebML
Critical CVE-2026-5859: Integer overflow in WebML
High CVE-2026-5860: Use after free in WebRTC
High CVE-2026-5861: Use after free in V8
High CVE-2026-5862: Inappropriate implementation in V8
High CVE-2026-5863: Inappropriate implementation in V8
High CVE-2026-5864: Heap buffer overflow in WebAudio
High CVE-2026-5865: Type Confusion in V8
High CVE-2026-5866: Use after free in Media
High CVE-2026-5867: Heap buffer overflow in WebML
High CVE-2026-5868: Heap buffer overflow in ANGLE
High CVE-2026-5869: Heap buffer overflow in WebML
High CVE-2026-5870: Integer overflow in Skia
High CVE-2026-5871: Type Confusion in V8
High CVE-2026-5872: Use after free in Blink
High CVE-2026-5873: Out of bounds read and write in V8
Medium CVE-2026-5874: Use after free in PrivateAI
Medium CVE-2026-5875: Policy bypass in Blink
Medium CVE-2026-5876: Side-channel information leakage in Navigation
Medium CVE-2026-5877: Use after free in Navigation
Medium CVE-2026-5878: Incorrect security UI in Blink
Medium CVE-2026-5879: Insufficient validation of untrusted input in ANGLE
Medium CVE-2026-5880: Incorrect security UI in browser UI
Medium CVE-2026-5881: Policy bypass in LocalNetworkAccess
Medium CVE-2026-5882: Incorrect security UI in Fullscreen
Medium CVE-2026-5883: Use after free in Media
Medium CVE-2026-5884: Insufficient validation of untrusted input in Media
Medium CVE-2026-5885: Insufficient validation of untrusted input in WebML
Medium CVE-2026-5886: Out of bounds read in WebAudio
Medium CVE-2026-5887: Insufficient validation of untrusted input in Downloads
Medium CVE-2026-5888: Uninitialized Use in WebCodecs
Medium CVE-2026-5889: Cryptographic Flaw in PDFium
Medium CVE-2026-5890: Race in WebCodecs
Medium CVE-2026-5891: Insufficient policy enforcement in browser UI
Medium CVE-2026-5892: Insufficient policy enforcement in PWAs
Medium CVE-2026-5893: Race in V8
Low CVE-2026-5894: Inappropriate implementation in PDF
Low CVE-2026-5895: Incorrect security UI in Omnibox
Low CVE-2026-5896: Policy bypass in Audio
Low CVE-2026-5897: Incorrect security UI in Downloads
Low CVE-2026-5898: Incorrect security UI in Omnibox
Low CVE-2026-5899: Incorrect security UI in History Navigation
Low CVE-2026-5900: Policy bypass in Downloads
Low CVE-2026-5901: Policy bypass in DevTools
Low CVE-2026-5902: Race in Media
Low CVE-2026-5903: Policy bypass in IFrameSandbox
Low CVE-2026-5904: Use after free in V8
Low CVE-2026-5905: Incorrect security UI in Permissions
Low CVE-2026-5906: Incorrect security UI in Omnibox
Low CVE-2026-5907: Insufficient data validation in Media
Low CVE-2026-5908: Integer overflow in Media
Low CVE-2026-5909: Integer overflow in Media
Low CVE-2026-5910: Integer overflow in Media
Low CVE-2026-5911: Policy bypass in ServiceWorkers
Low CVE-2026-5912: Integer overflow in WebRTC
Low CVE-2026-5913: Out of bounds read in Blink
Low CVE-2026-5914: Type Confusion in CSS
Low CVE-2026-5915: Insufficient validation of untrusted input in WebML
Low CVE-2026-5918: Inappropriate implementation in Navigation
Low CVE-2026-5919: Insufficient validation of untrusted input in WebSockets
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Than Ngo [than@redhat.com] - 147.0.7727.55-1
- Update to 147.0.7727.55
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2457163 - CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5894 chromium: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2457163
[ 2 ] Bug #2457164 - CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5894 chromium: various flaws [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2457164
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-952f3c3d9e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: webkitgtk-2.52.1-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-431948187d
2026-04-14 00:58:48.183190+00:00
--------------------------------------------------------------------------------

Name : webkitgtk
Product : Fedora 43
Version : 2.52.1
Release : 1.fc43
URL : https://www.webkitgtk.org/
Summary : GTK web content engine library
Description :
WebKitGTK is the port of the WebKit web rendering engine to the
GTK platform.

--------------------------------------------------------------------------------
Update Information:

Update to 2.52.1.
Notable changes from 2.50 to 2.52:
Make text look like in other browsers by blending in linear color space.
Improved rendering performance by using a different tile size depending on
whether GPU rendering is enabled or not.
Improved composition scheduling to avoid blocking waiting for tile painting.
Improved performance of accelerated 2D canvas by recording operations for
batched replay.
Improved async scrolling when main thread is busy by avoiding locks and
rendering the scrollbars from the scrolling thread.
Enabled dynamic MSAA for accelerated 2D canvas rendering.
Improved text rendering performance
Videos with BT2100-PQ colorspace are now tone-mapped to SDR, ensuring colours do
not appear washed out.
Added support for the Audio Output Devices API.
Added API to handle WebXR permission requests.
Added API to query the immersive session status.
Added initial API for web extensions.
Additional changes from 2.52.0 to 2.52.1:
Reduce the amount of useless MPRIS notifications produced by MediaSesion when
the information about media being played is incomplete.
Add Sysprof marks for mouse events.
Fix MediaSession icon for iheart.com not being displayed.
Fix several crashes and rendering issues.
Translation updates: Georgian.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar 28 2026 Michael Catanzaro [mcatanzaro@gnome.org] - 2.52.1-1
- Update to 2.52.1
* Sat Mar 21 2026 Michael Catanzaro [mcatanzaro@gnome.org] - 2.52.0-1
- Update to 2.52.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2449069 - CVE-2025-43213 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449069
[ 2 ] Bug #2449073 - CVE-2025-43214 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449073
[ 3 ] Bug #2449086 - CVE-2025-43457 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449086
[ 4 ] Bug #2449089 - CVE-2025-43511 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449089
[ 5 ] Bug #2449092 - CVE-2025-46299 webkitgtk: Processing maliciously crafted web content may disclose internal states of the app [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449092
[ 6 ] Bug #2449095 - CVE-2026-20608 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449095
[ 7 ] Bug #2449098 - CVE-2026-20635 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449098
[ 8 ] Bug #2449102 - CVE-2026-20636 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449102
[ 9 ] Bug #2449105 - CVE-2026-20644 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449105
[ 10 ] Bug #2449108 - CVE-2026-20652 webkitgtk: A remote attacker may be able to cause a denial-of-service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449108
[ 11 ] Bug #2449111 - CVE-2026-20676 webkitgtk: A website may be able to track users through Safari web extensions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449111
[ 12 ] Bug #2450634 - webkitgtk-2.50.5: WebKitWebProcess repeated SIGABRT crashes (heap corruption), upstream fixed in 2.50.6+
https://bugzilla.redhat.com/show_bug.cgi?id=2450634
[ 13 ] Bug #2453064 - CVE-2026-20643 webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453064
[ 14 ] Bug #2453067 - CVE-2026-20664 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453067
[ 15 ] Bug #2453070 - CVE-2026-20665 webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453070
[ 16 ] Bug #2453073 - CVE-2026-20691 webkitgtk: A maliciously crafted webpage may be able to fingerprint the user [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453073
[ 17 ] Bug #2453076 - CVE-2026-28857 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453076
[ 18 ] Bug #2453079 - CVE-2026-28859 webkitgtk: A malicious website may be able to process restricted web content outside the sandbox [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453079
[ 19 ] Bug #2453082 - CVE-2026-28871 webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453082
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-431948187d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: siril-1.4.2-3.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bef0050737
2026-04-13 21:06:00.498961+00:00
--------------------------------------------------------------------------------

Name : siril
Product : Fedora 44
Version : 1.4.2
Release : 3.fc44
URL : https://siril.org
Summary : Astronomical image processing software
Description :
Siril is an image processing tool specially tailored for noise reduction and
improving the signal/noise ratio of an image from multiple captures, as
required in astronomy. Siril can align automatically or manually, stack and
enhance pictures from various file formats, even images sequences (movies and
SER files)

--------------------------------------------------------------------------------
Update Information:

LibRaw 0.22.1 and rebuilds
Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0
oiiotool: Better type understanding with -i:ch= and other cleanup #5056
texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal
Lecocq) (3.1.12.0, 3.0.17.0)
IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0)
ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0)
bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0,
3.0.17.0)
heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64
#5095 (by Brecht Van Lommel)
ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0,
3.0.17.0)
jpeg: Improved safety and error reporting for jpeg and iptc #5081
jpeg2000: Suppress leak when reading with OpenJPH #5098
psd: Fixes against corrupt files with better validation #5089 (3.1.12.0,
3.0.17.0)
rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0)
tiff: Support GPS fields, and other metadata enhancements #5050
tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of
values passed to invert_photometric #5083, check for invalid bit depth in
palette images #5091
ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0)
fix: Fix UB-sanitizer warning about alignment #5097
fix: Catch exceptions in print-uncaught-messages destructor #5103
fix: Enhanced exception safety for our use of OpenColorIO #5114
fix: Fix possible fmt exceptions where we might have passed null string #5115
build: Test building with clang 22.1, fix warnings uncovered #5067
build: Improve security by pinning auto-build dependencies by hash #5076
build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0)
build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058
build(win): Embed manifest in OIIO executables to enable long path handling
#5066 (by Nathan Rusch)
ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0)
ci: For security, replace workflow substitutions with safer env substitutions
#5070
ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077
ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0,
3.0.17.0)
ci: Bump GitHub Actions to latest versions #5078 #5110 #5119
ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100
#5101 (3.1.12.0, 3.0.17.0)
ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0)
ci: Turn off nightly workflows for user forks #5042
tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075
#5079 #5099 #5112
docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza)
docs: Fix formatting examples for version macros #5073
docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0)
docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0,
3.0.17.0)
docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0)
admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0)
ci: Freetype adjustments #4999
Update to 5.1 (#2451401)
Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.4.2-3
- Libraw rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447841 - swayimg-.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447841
[ 2 ] Bug #2451401 - swayimg-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451401
[ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454235
[ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454464
[ 5 ] Bug #2455346 - LibRaw-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455346
[ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456557
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: vips-8.18.0-6.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bef0050737
2026-04-13 21:06:00.498961+00:00
--------------------------------------------------------------------------------

Name : vips
Product : Fedora 44
Version : 8.18.0
Release : 6.fc44
URL : https://www.libvips.org/
Summary : C/C++ library for processing large images
Description :
VIPS is an image processing library. It is good for very large images
(even larger than the amount of RAM in your machine), and for working
with color.

This package should be installed if you want to use a program compiled
against VIPS.

--------------------------------------------------------------------------------
Update Information:

LibRaw 0.22.1 and rebuilds
Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0
oiiotool: Better type understanding with -i:ch= and other cleanup #5056
texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal
Lecocq) (3.1.12.0, 3.0.17.0)
IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0)
ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0)
bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0,
3.0.17.0)
heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64
#5095 (by Brecht Van Lommel)
ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0,
3.0.17.0)
jpeg: Improved safety and error reporting for jpeg and iptc #5081
jpeg2000: Suppress leak when reading with OpenJPH #5098
psd: Fixes against corrupt files with better validation #5089 (3.1.12.0,
3.0.17.0)
rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0)
tiff: Support GPS fields, and other metadata enhancements #5050
tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of
values passed to invert_photometric #5083, check for invalid bit depth in
palette images #5091
ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0)
fix: Fix UB-sanitizer warning about alignment #5097
fix: Catch exceptions in print-uncaught-messages destructor #5103
fix: Enhanced exception safety for our use of OpenColorIO #5114
fix: Fix possible fmt exceptions where we might have passed null string #5115
build: Test building with clang 22.1, fix warnings uncovered #5067
build: Improve security by pinning auto-build dependencies by hash #5076
build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0)
build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058
build(win): Embed manifest in OIIO executables to enable long path handling
#5066 (by Nathan Rusch)
ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0)
ci: For security, replace workflow substitutions with safer env substitutions
#5070
ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077
ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0,
3.0.17.0)
ci: Bump GitHub Actions to latest versions #5078 #5110 #5119
ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100
#5101 (3.1.12.0, 3.0.17.0)
ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0)
ci: Turn off nightly workflows for user forks #5042
tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075
#5079 #5099 #5112
docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza)
docs: Fix formatting examples for version macros #5073
docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0)
docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0,
3.0.17.0)
docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0)
admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0)
ci: Freetype adjustments #4999
Update to 5.1 (#2451401)
Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Gwyn Ciesla [gwync@protonmail.com] - 8.18.0-6
- Libraw rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447841 - swayimg-.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447841
[ 2 ] Bug #2451401 - swayimg-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451401
[ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454235
[ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454464
[ 5 ] Bug #2455346 - LibRaw-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455346
[ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456557
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: flatpak-1.17.6-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-24eedfaa6c
2026-04-13 21:06:00.498969+00:00
--------------------------------------------------------------------------------

Name : flatpak
Product : Fedora 44
Version : 1.17.6
Release : 1.fc44
URL : https://flatpak.org/
Summary : Application deployment framework for desktop apps
Description :
flatpak is a system for building, distributing and running sandboxed desktop
applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for
more information.

--------------------------------------------------------------------------------
Update Information:

Update to 1.17.6
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 10 2026 Michael Catanzaro [mcatanzaro@gnome.org] - 1.17.6-1
- Update to 1.17.6
* Thu Apr 9 2026 Petr Schindler [pschindl@redhat.com] - 1.17.5-1
- Update to 1.17.5
* Wed Apr 8 2026 David King [amigadave@amigadave.com] - 1.17.4-1
- Update to 1.17.4 (#2456353)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2456353 - flatpak-1.17.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2456353
[ 2 ] Bug #2456956 - Flatpak 1.17.4 is not properly detected by steam runtime as being >= 1.12.0
https://bugzilla.redhat.com/show_bug.cgi?id=2456956
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-24eedfaa6c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: swayimg-5.1-2.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bef0050737
2026-04-13 21:06:00.498961+00:00
--------------------------------------------------------------------------------

Name : swayimg
Product : Fedora 44
Version : 5.1
Release : 2.fc44
URL : https://github.com/artemsen/swayimg
Summary : Lightweight image viewer for Wayland display servers
Description :
Swayimg is a lightweight image viewer for Wayland display servers.

--------------------------------------------------------------------------------
Update Information:

LibRaw 0.22.1 and rebuilds
Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0
oiiotool: Better type understanding with -i:ch= and other cleanup #5056
texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal
Lecocq) (3.1.12.0, 3.0.17.0)
IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0)
ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0)
bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0,
3.0.17.0)
heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64
#5095 (by Brecht Van Lommel)
ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0,
3.0.17.0)
jpeg: Improved safety and error reporting for jpeg and iptc #5081
jpeg2000: Suppress leak when reading with OpenJPH #5098
psd: Fixes against corrupt files with better validation #5089 (3.1.12.0,
3.0.17.0)
rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0)
tiff: Support GPS fields, and other metadata enhancements #5050
tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of
values passed to invert_photometric #5083, check for invalid bit depth in
palette images #5091
ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0)
fix: Fix UB-sanitizer warning about alignment #5097
fix: Catch exceptions in print-uncaught-messages destructor #5103
fix: Enhanced exception safety for our use of OpenColorIO #5114
fix: Fix possible fmt exceptions where we might have passed null string #5115
build: Test building with clang 22.1, fix warnings uncovered #5067
build: Improve security by pinning auto-build dependencies by hash #5076
build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0)
build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058
build(win): Embed manifest in OIIO executables to enable long path handling
#5066 (by Nathan Rusch)
ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0)
ci: For security, replace workflow substitutions with safer env substitutions
#5070
ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077
ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0,
3.0.17.0)
ci: Bump GitHub Actions to latest versions #5078 #5110 #5119
ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100
#5101 (3.1.12.0, 3.0.17.0)
ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0)
ci: Turn off nightly workflows for user forks #5042
tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075
#5079 #5099 #5112
docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza)
docs: Fix formatting examples for version macros #5073
docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0)
docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0,
3.0.17.0)
docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0)
admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0)
ci: Freetype adjustments #4999
Update to 5.1 (#2451401)
Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Gwyn Ciesla [gwync@protonmail.com] - 5.1-2
- Libraw rebuild
* Thu Mar 26 2026 Aleksei Bavshin [alebastr@fedoraproject.org] - 5.1-1
- Update to 5.1 (#2451401)
* Mon Mar 23 2026 Aleksei Bavshin [alebastr@fedoraproject.org] - 5.0-1
- Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447841 - swayimg-.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447841
[ 2 ] Bug #2451401 - swayimg-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451401
[ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454235
[ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454464
[ 5 ] Bug #2455346 - LibRaw-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455346
[ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456557
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: OpenImageIO2.5-2.5.19.1-10.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bef0050737
2026-04-13 21:06:00.498961+00:00
--------------------------------------------------------------------------------

Name : OpenImageIO2.5
Product : Fedora 44
Version : 2.5.19.1
Release : 10.fc44
URL : https://openimageio.org/
Summary : Library for reading and writing images
Description :
OpenImageIO is a library for reading and writing images, and a bunch of related
classes, utilities, and applications. Main features include:
- Extremely simple but powerful ImageInput and ImageOutput APIs for reading and
writing 2D images that is format agnostic.
- Format plugins for TIFF, JPEG/JFIF, OpenEXR, PNG, HDR/RGBE, Targa, JPEG-2000,
DPX, Cineon, FITS, BMP, ICO, RMan Zfile, Softimage PIC, DDS, SGI,
PNM/PPM/PGM/PBM.
- An ImageCache class that transparently manages a cache so that it can access
truly vast amounts of image data.

--------------------------------------------------------------------------------
Update Information:

LibRaw 0.22.1 and rebuilds
Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0
oiiotool: Better type understanding with -i:ch= and other cleanup #5056
texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal
Lecocq) (3.1.12.0, 3.0.17.0)
IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0)
ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0)
bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0,
3.0.17.0)
heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64
#5095 (by Brecht Van Lommel)
ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0,
3.0.17.0)
jpeg: Improved safety and error reporting for jpeg and iptc #5081
jpeg2000: Suppress leak when reading with OpenJPH #5098
psd: Fixes against corrupt files with better validation #5089 (3.1.12.0,
3.0.17.0)
rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0)
tiff: Support GPS fields, and other metadata enhancements #5050
tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of
values passed to invert_photometric #5083, check for invalid bit depth in
palette images #5091
ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0)
fix: Fix UB-sanitizer warning about alignment #5097
fix: Catch exceptions in print-uncaught-messages destructor #5103
fix: Enhanced exception safety for our use of OpenColorIO #5114
fix: Fix possible fmt exceptions where we might have passed null string #5115
build: Test building with clang 22.1, fix warnings uncovered #5067
build: Improve security by pinning auto-build dependencies by hash #5076
build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0)
build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058
build(win): Embed manifest in OIIO executables to enable long path handling
#5066 (by Nathan Rusch)
ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0)
ci: For security, replace workflow substitutions with safer env substitutions
#5070
ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077
ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0,
3.0.17.0)
ci: Bump GitHub Actions to latest versions #5078 #5110 #5119
ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100
#5101 (3.1.12.0, 3.0.17.0)
ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0)
ci: Turn off nightly workflows for user forks #5042
tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075
#5079 #5099 #5112
docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza)
docs: Fix formatting examples for version macros #5073
docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0)
docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0,
3.0.17.0)
docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0)
admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0)
ci: Freetype adjustments #4999
Update to 5.1 (#2451401)
Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Gwyn Ciesla [gwync@protonmail.com] - 2.5.19.1-10
- Libraw rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447841 - swayimg-.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447841
[ 2 ] Bug #2451401 - swayimg-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451401
[ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454235
[ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454464
[ 5 ] Bug #2455346 - LibRaw-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455346
[ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456557
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: luminance-hdr-2.6.1.1-89.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bef0050737
2026-04-13 21:06:00.498961+00:00
--------------------------------------------------------------------------------

Name : luminance-hdr
Product : Fedora 44
Version : 2.6.1.1
Release : 89.fc44
URL : http://qtpfsgui.sourceforge.net/
Summary : GUI that provides a complete workflow for HDR imaging
Description :
Luminance HDR is a graphical user interface (based on the Qt5 toolkit) that
provides a complete workflow for HDR imaging.

Supported HDR formats:

??? OpenEXR (extension: exr)
??? Radiance RGBE (extension: hdr)
??? Tiff formats: 16bit, 32bit (float) and LogLuv (extension: tiff)
??? Raw image formats (extension: various)
??? PFS native format (extension: pfs)

Supported LDR formats:

??? JPEG, PNG, PPM, PBM, TIFF, FITS

Supported features:

??? Create an HDR file from a set of images (JPEG, TIFF 8bit and 16bit, RAW) of
the same scene taken at different exposure settings
??? Save and load HDR files
??? Rotate and resize HDR files
??? Tonemap HDR images
??? Projective Transformations
??? Copy EXIF data between sets of images
??? Supports internationalization

Raw image formats are supported - and treated as HDR - thanks to LibRAW.

The code is in part based on the existing open source packages:

??? ???pfstools???, ???pfstmo??? and ???pfscalibration??? by Grzegorz Krawczyk and Rafal
Mantiuk
??? ???qpfstmo???, by Nicholas Phillips.

Without their contribution all of this would have not been possible.

--------------------------------------------------------------------------------
Update Information:

LibRaw 0.22.1 and rebuilds
Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0
oiiotool: Better type understanding with -i:ch= and other cleanup #5056
texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal
Lecocq) (3.1.12.0, 3.0.17.0)
IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0)
ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0)
bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0,
3.0.17.0)
heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64
#5095 (by Brecht Van Lommel)
ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0,
3.0.17.0)
jpeg: Improved safety and error reporting for jpeg and iptc #5081
jpeg2000: Suppress leak when reading with OpenJPH #5098
psd: Fixes against corrupt files with better validation #5089 (3.1.12.0,
3.0.17.0)
rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0)
tiff: Support GPS fields, and other metadata enhancements #5050
tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of
values passed to invert_photometric #5083, check for invalid bit depth in
palette images #5091
ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0)
fix: Fix UB-sanitizer warning about alignment #5097
fix: Catch exceptions in print-uncaught-messages destructor #5103
fix: Enhanced exception safety for our use of OpenColorIO #5114
fix: Fix possible fmt exceptions where we might have passed null string #5115
build: Test building with clang 22.1, fix warnings uncovered #5067
build: Improve security by pinning auto-build dependencies by hash #5076
build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0)
build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058
build(win): Embed manifest in OIIO executables to enable long path handling
#5066 (by Nathan Rusch)
ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0)
ci: For security, replace workflow substitutions with safer env substitutions
#5070
ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077
ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0,
3.0.17.0)
ci: Bump GitHub Actions to latest versions #5078 #5110 #5119
ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100
#5101 (3.1.12.0, 3.0.17.0)
ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0)
ci: Turn off nightly workflows for user forks #5042
tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075
#5079 #5099 #5112
docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza)
docs: Fix formatting examples for version macros #5073
docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0)
docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0,
3.0.17.0)
docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0)
admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0)
ci: Freetype adjustments #4999
Update to 5.1 (#2451401)
Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Gwyn Ciesla [gwync@protonmail.com] - 2.6.1.1-89
- Libraw rebuild
* Sat Mar 14 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 2.6.1.1-88
- The ninja backend is the default now; don???t bother specifying it
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447841 - swayimg-.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447841
[ 2 ] Bug #2451401 - swayimg-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451401
[ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454235
[ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454464
[ 5 ] Bug #2455346 - LibRaw-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455346
[ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456557
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: LibRaw-0.22.1-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bef0050737
2026-04-13 21:06:00.498961+00:00
--------------------------------------------------------------------------------

Name : LibRaw
Product : Fedora 44
Version : 0.22.1
Release : 1.fc44
URL : https://www.libraw.org
Summary : Library for reading RAW files obtained from digital photo cameras
Description :
LibRaw is a library for reading RAW files obtained from digital photo
cameras (CRW/CR2, NEF, RAF, DNG, and others).

LibRaw is based on the source codes of the dcraw utility, where part of
drawbacks have already been eliminated and part will be fixed in future.

--------------------------------------------------------------------------------
Update Information:

LibRaw 0.22.1 and rebuilds
Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0
oiiotool: Better type understanding with -i:ch= and other cleanup #5056
texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal
Lecocq) (3.1.12.0, 3.0.17.0)
IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0)
ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0)
bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0,
3.0.17.0)
heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64
#5095 (by Brecht Van Lommel)
ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0,
3.0.17.0)
jpeg: Improved safety and error reporting for jpeg and iptc #5081
jpeg2000: Suppress leak when reading with OpenJPH #5098
psd: Fixes against corrupt files with better validation #5089 (3.1.12.0,
3.0.17.0)
rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0)
tiff: Support GPS fields, and other metadata enhancements #5050
tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of
values passed to invert_photometric #5083, check for invalid bit depth in
palette images #5091
ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0)
fix: Fix UB-sanitizer warning about alignment #5097
fix: Catch exceptions in print-uncaught-messages destructor #5103
fix: Enhanced exception safety for our use of OpenColorIO #5114
fix: Fix possible fmt exceptions where we might have passed null string #5115
build: Test building with clang 22.1, fix warnings uncovered #5067
build: Improve security by pinning auto-build dependencies by hash #5076
build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0)
build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058
build(win): Embed manifest in OIIO executables to enable long path handling
#5066 (by Nathan Rusch)
ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0)
ci: For security, replace workflow substitutions with safer env substitutions
#5070
ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077
ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0,
3.0.17.0)
ci: Bump GitHub Actions to latest versions #5078 #5110 #5119
ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100
#5101 (3.1.12.0, 3.0.17.0)
ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0)
ci: Turn off nightly workflows for user forks #5042
tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075
#5079 #5099 #5112
docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza)
docs: Fix formatting examples for version macros #5073
docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0)
docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0,
3.0.17.0)
docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0)
admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0)
ci: Freetype adjustments #4999
Update to 5.1 (#2451401)
Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr 6 2026 Gwyn Ciesla [gwync@protonmail.com] - 0.22.1-1
- 0.22.1
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447841 - swayimg-.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447841
[ 2 ] Bug #2451401 - swayimg-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451401
[ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454235
[ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454464
[ 5 ] Bug #2455346 - LibRaw-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455346
[ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456557
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: kf6-kimageformats-6.24.0-3.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bef0050737
2026-04-13 21:06:00.498961+00:00
--------------------------------------------------------------------------------

Name : kf6-kimageformats
Product : Fedora 44
Version : 6.24.0
Release : 3.fc44
URL : https://invent.kde.org/frameworks/kimageformats
Summary : KDE Frameworks 6 Tier 1 addon with additional image plugins for QtGui
Description :
This framework provides additional image format plugins for QtGui. As
such it is not required for the compilation of any other software, but
may be a runtime requirement for Qt-based software to support certain
image formats.

--------------------------------------------------------------------------------
Update Information:

LibRaw 0.22.1 and rebuilds
Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0
oiiotool: Better type understanding with -i:ch= and other cleanup #5056
texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal
Lecocq) (3.1.12.0, 3.0.17.0)
IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0)
ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0)
bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0,
3.0.17.0)
heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64
#5095 (by Brecht Van Lommel)
ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0,
3.0.17.0)
jpeg: Improved safety and error reporting for jpeg and iptc #5081
jpeg2000: Suppress leak when reading with OpenJPH #5098
psd: Fixes against corrupt files with better validation #5089 (3.1.12.0,
3.0.17.0)
rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0)
tiff: Support GPS fields, and other metadata enhancements #5050
tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of
values passed to invert_photometric #5083, check for invalid bit depth in
palette images #5091
ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0)
fix: Fix UB-sanitizer warning about alignment #5097
fix: Catch exceptions in print-uncaught-messages destructor #5103
fix: Enhanced exception safety for our use of OpenColorIO #5114
fix: Fix possible fmt exceptions where we might have passed null string #5115
build: Test building with clang 22.1, fix warnings uncovered #5067
build: Improve security by pinning auto-build dependencies by hash #5076
build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0)
build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058
build(win): Embed manifest in OIIO executables to enable long path handling
#5066 (by Nathan Rusch)
ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0)
ci: For security, replace workflow substitutions with safer env substitutions
#5070
ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077
ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0,
3.0.17.0)
ci: Bump GitHub Actions to latest versions #5078 #5110 #5119
ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100
#5101 (3.1.12.0, 3.0.17.0)
ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0)
ci: Turn off nightly workflows for user forks #5042
tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075
#5079 #5099 #5112
docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza)
docs: Fix formatting examples for version macros #5073
docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0)
docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0,
3.0.17.0)
docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0)
admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0)
ci: Freetype adjustments #4999
Update to 5.1 (#2451401)
Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Gwyn Ciesla [gwync@protonmail.com] - 6.24.0-3
- Libraw rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447841 - swayimg-.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447841
[ 2 ] Bug #2451401 - swayimg-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451401
[ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454235
[ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454464
[ 5 ] Bug #2455346 - LibRaw-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455346
[ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456557
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: shotwell-33~alpha-9.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bef0050737
2026-04-13 21:06:00.498961+00:00
--------------------------------------------------------------------------------

Name : shotwell
Product : Fedora 44
Version : 33~alpha
Release : 9.fc44
URL : https://wiki.gnome.org/Apps/Shotwell
Summary : A photo organizer for the GNOME desktop
Description :
Shotwell is an easy-to-use, fast photo organizer designed for the GNOME
desktop. It allows you to import photos from your camera or disk, organize
them by date and subject matter, even ratings. It also offers basic photo
editing, like crop, red-eye correction, color adjustments, and straighten.
Shotwell's non-destructive photo editor does not alter your master photos,
making it easy to experiment and correct errors.

--------------------------------------------------------------------------------
Update Information:

LibRaw 0.22.1 and rebuilds
Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0
oiiotool: Better type understanding with -i:ch= and other cleanup #5056
texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal
Lecocq) (3.1.12.0, 3.0.17.0)
IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0)
ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0)
bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0,
3.0.17.0)
heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64
#5095 (by Brecht Van Lommel)
ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0,
3.0.17.0)
jpeg: Improved safety and error reporting for jpeg and iptc #5081
jpeg2000: Suppress leak when reading with OpenJPH #5098
psd: Fixes against corrupt files with better validation #5089 (3.1.12.0,
3.0.17.0)
rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0)
tiff: Support GPS fields, and other metadata enhancements #5050
tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of
values passed to invert_photometric #5083, check for invalid bit depth in
palette images #5091
ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0)
fix: Fix UB-sanitizer warning about alignment #5097
fix: Catch exceptions in print-uncaught-messages destructor #5103
fix: Enhanced exception safety for our use of OpenColorIO #5114
fix: Fix possible fmt exceptions where we might have passed null string #5115
build: Test building with clang 22.1, fix warnings uncovered #5067
build: Improve security by pinning auto-build dependencies by hash #5076
build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0)
build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058
build(win): Embed manifest in OIIO executables to enable long path handling
#5066 (by Nathan Rusch)
ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0)
ci: For security, replace workflow substitutions with safer env substitutions
#5070
ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077
ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0,
3.0.17.0)
ci: Bump GitHub Actions to latest versions #5078 #5110 #5119
ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100
#5101 (3.1.12.0, 3.0.17.0)
ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0)
ci: Turn off nightly workflows for user forks #5042
tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075
#5079 #5099 #5112
docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza)
docs: Fix formatting examples for version macros #5073
docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0)
docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0,
3.0.17.0)
docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0)
admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0)
ci: Freetype adjustments #4999
Update to 5.1 (#2451401)
Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Gwyn Ciesla [gwync@protonmail.com] - 33~alpha-9
- Libraw rebuild
* Wed Mar 25 2026 Jan Grulich [jgrulich@redhat.com] - 33~alpha-8
- Add configuration for release-monitoring
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447841 - swayimg-.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447841
[ 2 ] Bug #2451401 - swayimg-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451401
[ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454235
[ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454464
[ 5 ] Bug #2455346 - LibRaw-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455346
[ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456557
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: gthumb-3.12.10-7.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bef0050737
2026-04-13 21:06:00.498961+00:00
--------------------------------------------------------------------------------

Name : gthumb
Product : Fedora 44
Version : 3.12.10
Release : 7.fc44
URL : https://wiki.gnome.org/Apps/gthumb
Summary : Image viewer, editor, organizer
Description :
gthumb is an application for viewing, editing, and organizing
collections of images.

--------------------------------------------------------------------------------
Update Information:

LibRaw 0.22.1 and rebuilds
Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0
oiiotool: Better type understanding with -i:ch= and other cleanup #5056
texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal
Lecocq) (3.1.12.0, 3.0.17.0)
IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0)
ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0)
bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0,
3.0.17.0)
heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64
#5095 (by Brecht Van Lommel)
ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0,
3.0.17.0)
jpeg: Improved safety and error reporting for jpeg and iptc #5081
jpeg2000: Suppress leak when reading with OpenJPH #5098
psd: Fixes against corrupt files with better validation #5089 (3.1.12.0,
3.0.17.0)
rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0)
tiff: Support GPS fields, and other metadata enhancements #5050
tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of
values passed to invert_photometric #5083, check for invalid bit depth in
palette images #5091
ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0)
fix: Fix UB-sanitizer warning about alignment #5097
fix: Catch exceptions in print-uncaught-messages destructor #5103
fix: Enhanced exception safety for our use of OpenColorIO #5114
fix: Fix possible fmt exceptions where we might have passed null string #5115
build: Test building with clang 22.1, fix warnings uncovered #5067
build: Improve security by pinning auto-build dependencies by hash #5076
build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0)
build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058
build(win): Embed manifest in OIIO executables to enable long path handling
#5066 (by Nathan Rusch)
ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0)
ci: For security, replace workflow substitutions with safer env substitutions
#5070
ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077
ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0,
3.0.17.0)
ci: Bump GitHub Actions to latest versions #5078 #5110 #5119
ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100
#5101 (3.1.12.0, 3.0.17.0)
ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0)
ci: Turn off nightly workflows for user forks #5042
tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075
#5079 #5099 #5112
docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza)
docs: Fix formatting examples for version macros #5073
docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0)
docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0,
3.0.17.0)
docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0)
admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0)
ci: Freetype adjustments #4999
Update to 5.1 (#2451401)
Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Gwyn Ciesla [gwync@protonmail.com] - 1:3.12.10-7
- Libraw rebuild
* Wed Mar 25 2026 Jan Grulich [jgrulich@redhat.com] - 1:3.12.10-6
- Add configuration for release-monitoring
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447841 - swayimg-.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447841
[ 2 ] Bug #2451401 - swayimg-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451401
[ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454235
[ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454464
[ 5 ] Bug #2455346 - LibRaw-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455346
[ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456557
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: ImageMagick-7.1.2.13-2.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bef0050737
2026-04-13 21:06:00.498961+00:00
--------------------------------------------------------------------------------

Name : ImageMagick
Product : Fedora 44
Version : 7.1.2.13
Release : 2.fc44
URL : https://imagemagick.org/
Summary : An X application for displaying and manipulating images
Description :
ImageMagick is an image display and manipulation tool for the X
Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF,
and Photo CD image formats. It can resize, rotate, sharpen, color
reduce, or add special effects to an image, and when finished you can
either save the completed work in the original format or a different
one. ImageMagick also includes command line programs for creating
animated or transparent .gifs, creating composite images, creating
thumbnail images, and more.

ImageMagick is one of your choices if you need a program to manipulate
and display images. If you want to develop your own applications
which use ImageMagick code or APIs, you need to install
ImageMagick-devel as well.

--------------------------------------------------------------------------------
Update Information:

LibRaw 0.22.1 and rebuilds
Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0
oiiotool: Better type understanding with -i:ch= and other cleanup #5056
texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal
Lecocq) (3.1.12.0, 3.0.17.0)
IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0)
ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0)
bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0,
3.0.17.0)
heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64
#5095 (by Brecht Van Lommel)
ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0,
3.0.17.0)
jpeg: Improved safety and error reporting for jpeg and iptc #5081
jpeg2000: Suppress leak when reading with OpenJPH #5098
psd: Fixes against corrupt files with better validation #5089 (3.1.12.0,
3.0.17.0)
rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0)
tiff: Support GPS fields, and other metadata enhancements #5050
tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of
values passed to invert_photometric #5083, check for invalid bit depth in
palette images #5091
ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0)
fix: Fix UB-sanitizer warning about alignment #5097
fix: Catch exceptions in print-uncaught-messages destructor #5103
fix: Enhanced exception safety for our use of OpenColorIO #5114
fix: Fix possible fmt exceptions where we might have passed null string #5115
build: Test building with clang 22.1, fix warnings uncovered #5067
build: Improve security by pinning auto-build dependencies by hash #5076
build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0)
build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058
build(win): Embed manifest in OIIO executables to enable long path handling
#5066 (by Nathan Rusch)
ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0)
ci: For security, replace workflow substitutions with safer env substitutions
#5070
ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077
ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0,
3.0.17.0)
ci: Bump GitHub Actions to latest versions #5078 #5110 #5119
ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100
#5101 (3.1.12.0, 3.0.17.0)
ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0)
ci: Turn off nightly workflows for user forks #5042
tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075
#5079 #5099 #5112
docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza)
docs: Fix formatting examples for version macros #5073
docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0)
docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0,
3.0.17.0)
docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0)
admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0)
ci: Freetype adjustments #4999
Update to 5.1 (#2451401)
Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Gwyn Ciesla [gwync@protonmail.com] - 1:7.1.2.13-2
- Libraw rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447841 - swayimg-.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447841
[ 2 ] Bug #2451401 - swayimg-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451401
[ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454235
[ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454464
[ 5 ] Bug #2455346 - LibRaw-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455346
[ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456557
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: rawtherapee-5.12-8.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bef0050737
2026-04-13 21:06:00.498961+00:00
--------------------------------------------------------------------------------

Name : rawtherapee
Product : Fedora 44
Version : 5.12
Release : 8.fc44
URL : http://www.rawtherapee.com/
Summary : Raw image processing software
Description :
Rawtherapee is a RAW image processing software. It gives full control over
many parameters to enhance the raw picture before finally exporting it
to some common image format.

--------------------------------------------------------------------------------
Update Information:

LibRaw 0.22.1 and rebuilds
Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0
oiiotool: Better type understanding with -i:ch= and other cleanup #5056
texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal
Lecocq) (3.1.12.0, 3.0.17.0)
IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0)
ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0)
bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0,
3.0.17.0)
heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64
#5095 (by Brecht Van Lommel)
ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0,
3.0.17.0)
jpeg: Improved safety and error reporting for jpeg and iptc #5081
jpeg2000: Suppress leak when reading with OpenJPH #5098
psd: Fixes against corrupt files with better validation #5089 (3.1.12.0,
3.0.17.0)
rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0)
tiff: Support GPS fields, and other metadata enhancements #5050
tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of
values passed to invert_photometric #5083, check for invalid bit depth in
palette images #5091
ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0)
fix: Fix UB-sanitizer warning about alignment #5097
fix: Catch exceptions in print-uncaught-messages destructor #5103
fix: Enhanced exception safety for our use of OpenColorIO #5114
fix: Fix possible fmt exceptions where we might have passed null string #5115
build: Test building with clang 22.1, fix warnings uncovered #5067
build: Improve security by pinning auto-build dependencies by hash #5076
build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0)
build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058
build(win): Embed manifest in OIIO executables to enable long path handling
#5066 (by Nathan Rusch)
ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0)
ci: For security, replace workflow substitutions with safer env substitutions
#5070
ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077
ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0,
3.0.17.0)
ci: Bump GitHub Actions to latest versions #5078 #5110 #5119
ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100
#5101 (3.1.12.0, 3.0.17.0)
ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0)
ci: Turn off nightly workflows for user forks #5042
tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075
#5079 #5099 #5112
docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza)
docs: Fix formatting examples for version macros #5073
docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0)
docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0,
3.0.17.0)
docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0)
admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0)
ci: Freetype adjustments #4999
Update to 5.1 (#2451401)
Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Gwyn Ciesla [gwync@protonmail.com] - 5.12-8
- Libraw rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447841 - swayimg-.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447841
[ 2 ] Bug #2451401 - swayimg-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451401
[ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454235
[ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454464
[ 5 ] Bug #2455346 - LibRaw-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455346
[ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456557
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: kf5-kimageformats-5.116.0-8.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bef0050737
2026-04-13 21:06:00.498961+00:00
--------------------------------------------------------------------------------

Name : kf5-kimageformats
Product : Fedora 44
Version : 5.116.0
Release : 8.fc44
URL : https://invent.kde.org/frameworks/kimageformats
Summary : KDE Frameworks 5 Tier 1 addon with additional image plugins for QtGui
Description :
This framework provides additional image format plugins for QtGui. As
such it is not required for the compilation of any other software, but
may be a runtime requirement for Qt-based software to support certain
image formats.

--------------------------------------------------------------------------------
Update Information:

LibRaw 0.22.1 and rebuilds
Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0
oiiotool: Better type understanding with -i:ch= and other cleanup #5056
texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal
Lecocq) (3.1.12.0, 3.0.17.0)
IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0)
ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0)
bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0,
3.0.17.0)
heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64
#5095 (by Brecht Van Lommel)
ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0,
3.0.17.0)
jpeg: Improved safety and error reporting for jpeg and iptc #5081
jpeg2000: Suppress leak when reading with OpenJPH #5098
psd: Fixes against corrupt files with better validation #5089 (3.1.12.0,
3.0.17.0)
rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0)
tiff: Support GPS fields, and other metadata enhancements #5050
tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of
values passed to invert_photometric #5083, check for invalid bit depth in
palette images #5091
ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0)
fix: Fix UB-sanitizer warning about alignment #5097
fix: Catch exceptions in print-uncaught-messages destructor #5103
fix: Enhanced exception safety for our use of OpenColorIO #5114
fix: Fix possible fmt exceptions where we might have passed null string #5115
build: Test building with clang 22.1, fix warnings uncovered #5067
build: Improve security by pinning auto-build dependencies by hash #5076
build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0)
build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058
build(win): Embed manifest in OIIO executables to enable long path handling
#5066 (by Nathan Rusch)
ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0)
ci: For security, replace workflow substitutions with safer env substitutions
#5070
ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077
ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0,
3.0.17.0)
ci: Bump GitHub Actions to latest versions #5078 #5110 #5119
ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100
#5101 (3.1.12.0, 3.0.17.0)
ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0)
ci: Turn off nightly workflows for user forks #5042
tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075
#5079 #5099 #5112
docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza)
docs: Fix formatting examples for version macros #5073
docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0)
docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0,
3.0.17.0)
docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0)
admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0)
ci: Freetype adjustments #4999
Update to 5.1 (#2451401)
Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Gwyn Ciesla [gwync@protonmail.com] - 5.116.0-8
- Libraw rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447841 - swayimg-.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447841
[ 2 ] Bug #2451401 - swayimg-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451401
[ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454235
[ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454464
[ 5 ] Bug #2455346 - LibRaw-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455346
[ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456557
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: photoqt-5.2-3.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bef0050737
2026-04-13 21:06:00.498961+00:00
--------------------------------------------------------------------------------

Name : photoqt
Product : Fedora 44
Version : 5.2
Release : 3.fc44
URL : http://photoqt.org/
Summary : A fast Qt image viewer
Description :
PhotoQt is a fast and highly configurable image viewer with a simple and
nice interface.

--------------------------------------------------------------------------------
Update Information:

LibRaw 0.22.1 and rebuilds
Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0
oiiotool: Better type understanding with -i:ch= and other cleanup #5056
texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal
Lecocq) (3.1.12.0, 3.0.17.0)
IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0)
ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0)
bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0,
3.0.17.0)
heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64
#5095 (by Brecht Van Lommel)
ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0,
3.0.17.0)
jpeg: Improved safety and error reporting for jpeg and iptc #5081
jpeg2000: Suppress leak when reading with OpenJPH #5098
psd: Fixes against corrupt files with better validation #5089 (3.1.12.0,
3.0.17.0)
rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0)
tiff: Support GPS fields, and other metadata enhancements #5050
tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of
values passed to invert_photometric #5083, check for invalid bit depth in
palette images #5091
ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0)
fix: Fix UB-sanitizer warning about alignment #5097
fix: Catch exceptions in print-uncaught-messages destructor #5103
fix: Enhanced exception safety for our use of OpenColorIO #5114
fix: Fix possible fmt exceptions where we might have passed null string #5115
build: Test building with clang 22.1, fix warnings uncovered #5067
build: Improve security by pinning auto-build dependencies by hash #5076
build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0)
build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058
build(win): Embed manifest in OIIO executables to enable long path handling
#5066 (by Nathan Rusch)
ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0)
ci: For security, replace workflow substitutions with safer env substitutions
#5070
ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077
ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0,
3.0.17.0)
ci: Bump GitHub Actions to latest versions #5078 #5110 #5119
ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100
#5101 (3.1.12.0, 3.0.17.0)
ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0)
ci: Turn off nightly workflows for user forks #5042
tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075
#5079 #5099 #5112
docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza)
docs: Fix formatting examples for version macros #5073
docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0)
docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0,
3.0.17.0)
docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0)
admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0)
ci: Freetype adjustments #4999
Update to 5.1 (#2451401)
Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Gwyn Ciesla [gwync@protonmail.com] - 5.2-3
- Libraw rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447841 - swayimg-.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447841
[ 2 ] Bug #2451401 - swayimg-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451401
[ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454235
[ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454464
[ 5 ] Bug #2455346 - LibRaw-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455346
[ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456557
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: kf5-libkdcraw-23.08.5-7.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bef0050737
2026-04-13 21:06:00.498961+00:00
--------------------------------------------------------------------------------

Name : kf5-libkdcraw
Product : Fedora 44
Version : 23.08.5
Release : 7.fc44
URL : https://invent.kde.org/graphics/libkdcraw
Summary : A C++ interface around LibRaw library
Description :
Libkdcraw is a C++ interface around LibRaw library used to decode RAW
picture files. More information about LibRaw can be found at
http://www.libraw.org.

--------------------------------------------------------------------------------
Update Information:

LibRaw 0.22.1 and rebuilds
Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0
oiiotool: Better type understanding with -i:ch= and other cleanup #5056
texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal
Lecocq) (3.1.12.0, 3.0.17.0)
IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0)
ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0)
bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0,
3.0.17.0)
heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64
#5095 (by Brecht Van Lommel)
ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0,
3.0.17.0)
jpeg: Improved safety and error reporting for jpeg and iptc #5081
jpeg2000: Suppress leak when reading with OpenJPH #5098
psd: Fixes against corrupt files with better validation #5089 (3.1.12.0,
3.0.17.0)
rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0)
tiff: Support GPS fields, and other metadata enhancements #5050
tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of
values passed to invert_photometric #5083, check for invalid bit depth in
palette images #5091
ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0)
fix: Fix UB-sanitizer warning about alignment #5097
fix: Catch exceptions in print-uncaught-messages destructor #5103
fix: Enhanced exception safety for our use of OpenColorIO #5114
fix: Fix possible fmt exceptions where we might have passed null string #5115
build: Test building with clang 22.1, fix warnings uncovered #5067
build: Improve security by pinning auto-build dependencies by hash #5076
build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0)
build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058
build(win): Embed manifest in OIIO executables to enable long path handling
#5066 (by Nathan Rusch)
ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0)
ci: For security, replace workflow substitutions with safer env substitutions
#5070
ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077
ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0,
3.0.17.0)
ci: Bump GitHub Actions to latest versions #5078 #5110 #5119
ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100
#5101 (3.1.12.0, 3.0.17.0)
ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0)
ci: Turn off nightly workflows for user forks #5042
tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075
#5079 #5099 #5112
docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza)
docs: Fix formatting examples for version macros #5073
docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0)
docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0,
3.0.17.0)
docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0)
admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0)
ci: Freetype adjustments #4999
Update to 5.1 (#2451401)
Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Gwyn Ciesla [gwync@protonmail.com] - 23.08.5-7
- Libraw rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447841 - swayimg-.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447841
[ 2 ] Bug #2451401 - swayimg-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451401
[ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454235
[ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454464
[ 5 ] Bug #2455346 - LibRaw-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455346
[ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456557
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: freeimage-3.19.0-0.31.svn1909.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bef0050737
2026-04-13 21:06:00.498961+00:00
--------------------------------------------------------------------------------

Name : freeimage
Product : Fedora 44
Version : 3.19.0
Release : 0.31.svn1909.fc44
URL : http://freeimage.sourceforge.net/
Summary : Multi-format image decoder library
Description :
FreeImage is a library for developers who would like to support popular
graphics image formats like PNG, BMP, JPEG, TIFF and others as needed by
today's multimedia applications.

--------------------------------------------------------------------------------
Update Information:

LibRaw 0.22.1 and rebuilds
Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0
oiiotool: Better type understanding with -i:ch= and other cleanup #5056
texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal
Lecocq) (3.1.12.0, 3.0.17.0)
IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0)
ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0)
bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0,
3.0.17.0)
heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64
#5095 (by Brecht Van Lommel)
ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0,
3.0.17.0)
jpeg: Improved safety and error reporting for jpeg and iptc #5081
jpeg2000: Suppress leak when reading with OpenJPH #5098
psd: Fixes against corrupt files with better validation #5089 (3.1.12.0,
3.0.17.0)
rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0)
tiff: Support GPS fields, and other metadata enhancements #5050
tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of
values passed to invert_photometric #5083, check for invalid bit depth in
palette images #5091
ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0)
fix: Fix UB-sanitizer warning about alignment #5097
fix: Catch exceptions in print-uncaught-messages destructor #5103
fix: Enhanced exception safety for our use of OpenColorIO #5114
fix: Fix possible fmt exceptions where we might have passed null string #5115
build: Test building with clang 22.1, fix warnings uncovered #5067
build: Improve security by pinning auto-build dependencies by hash #5076
build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0)
build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058
build(win): Embed manifest in OIIO executables to enable long path handling
#5066 (by Nathan Rusch)
ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0)
ci: For security, replace workflow substitutions with safer env substitutions
#5070
ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077
ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0,
3.0.17.0)
ci: Bump GitHub Actions to latest versions #5078 #5110 #5119
ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100
#5101 (3.1.12.0, 3.0.17.0)
ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0)
ci: Turn off nightly workflows for user forks #5042
tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075
#5079 #5099 #5112
docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza)
docs: Fix formatting examples for version macros #5073
docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0)
docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0,
3.0.17.0)
docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0)
admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0)
ci: Freetype adjustments #4999
Update to 5.1 (#2451401)
Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Gwyn Ciesla [gwync@protonmail.com] - 3.19.0-0.31.svn1909
- Libraw rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447841 - swayimg-.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447841
[ 2 ] Bug #2451401 - swayimg-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451401
[ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454235
[ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454464
[ 5 ] Bug #2455346 - LibRaw-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455346
[ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456557
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: OpenImageIO-3.1.12.0-2.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bef0050737
2026-04-13 21:06:00.498961+00:00
--------------------------------------------------------------------------------

Name : OpenImageIO
Product : Fedora 44
Version : 3.1.12.0
Release : 2.fc44
URL : https://openimageio.org/
Summary : Library for reading and writing images
Description :
OpenImageIO is a library for reading and writing images, and a bunch of related
classes, utilities, and applications. Main features include:
- Extremely simple but powerful ImageInput and ImageOutput APIs for reading and
writing 2D images that is format agnostic.
- Format plugins for TIFF, JPEG/JFIF, OpenEXR, PNG, HDR/RGBE, Targa, JPEG-2000,
DPX, Cineon, FITS, BMP, ICO, RMan Zfile, Softimage PIC, DDS, SGI,
PNM/PPM/PGM/PBM.
- An ImageCache class that transparently manages a cache so that it can access
truly vast amounts of image data.

--------------------------------------------------------------------------------
Update Information:

LibRaw 0.22.1 and rebuilds
Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0
oiiotool: Better type understanding with -i:ch= and other cleanup #5056
texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal
Lecocq) (3.1.12.0, 3.0.17.0)
IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0)
ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0)
bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0,
3.0.17.0)
heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64
#5095 (by Brecht Van Lommel)
ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0,
3.0.17.0)
jpeg: Improved safety and error reporting for jpeg and iptc #5081
jpeg2000: Suppress leak when reading with OpenJPH #5098
psd: Fixes against corrupt files with better validation #5089 (3.1.12.0,
3.0.17.0)
rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0)
tiff: Support GPS fields, and other metadata enhancements #5050
tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of
values passed to invert_photometric #5083, check for invalid bit depth in
palette images #5091
ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0)
fix: Fix UB-sanitizer warning about alignment #5097
fix: Catch exceptions in print-uncaught-messages destructor #5103
fix: Enhanced exception safety for our use of OpenColorIO #5114
fix: Fix possible fmt exceptions where we might have passed null string #5115
build: Test building with clang 22.1, fix warnings uncovered #5067
build: Improve security by pinning auto-build dependencies by hash #5076
build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0)
build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058
build(win): Embed manifest in OIIO executables to enable long path handling
#5066 (by Nathan Rusch)
ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0)
ci: For security, replace workflow substitutions with safer env substitutions
#5070
ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077
ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0,
3.0.17.0)
ci: Bump GitHub Actions to latest versions #5078 #5110 #5119
ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100
#5101 (3.1.12.0, 3.0.17.0)
ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0)
ci: Turn off nightly workflows for user forks #5042
tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075
#5079 #5099 #5112
docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza)
docs: Fix formatting examples for version macros #5073
docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0)
docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0,
3.0.17.0)
docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0)
admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0)
ci: Freetype adjustments #4999
Update to 5.1 (#2451401)
Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Gwyn Ciesla [gwync@protonmail.com] - 1:3.1.12.0-2
- Libraw rebuild
* Sat Apr 4 2026 Richard Shaw [hobbes1069@gmail.com] - 1:3.1.12.0-1
- Update to 3.1.12.0.
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447841 - swayimg-.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447841
[ 2 ] Bug #2451401 - swayimg-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451401
[ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454235
[ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454464
[ 5 ] Bug #2455346 - LibRaw-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455346
[ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456557
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: nomacs-3.22.0-5.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bef0050737
2026-04-13 21:06:00.498961+00:00
--------------------------------------------------------------------------------

Name : nomacs
Product : Fedora 44
Version : 3.22.0
Release : 5.fc44
URL : http://nomacs.org
Summary : Lightweight image viewer
Description :
nomacs is image viewer based on Qt5 library.
nomacs is small, fast and able to handle the most common image formats.
Additionally it is possible to synchronize multiple viewers
running on the same computer or via LAN is possible.
It allows to compare images and spot the differences
e.g. schemes of architects to show the progress).

--------------------------------------------------------------------------------
Update Information:

LibRaw 0.22.1 and rebuilds
Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0
oiiotool: Better type understanding with -i:ch= and other cleanup #5056
texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal
Lecocq) (3.1.12.0, 3.0.17.0)
IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0)
ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0)
bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0,
3.0.17.0)
heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64
#5095 (by Brecht Van Lommel)
ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0,
3.0.17.0)
jpeg: Improved safety and error reporting for jpeg and iptc #5081
jpeg2000: Suppress leak when reading with OpenJPH #5098
psd: Fixes against corrupt files with better validation #5089 (3.1.12.0,
3.0.17.0)
rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0)
tiff: Support GPS fields, and other metadata enhancements #5050
tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of
values passed to invert_photometric #5083, check for invalid bit depth in
palette images #5091
ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0)
fix: Fix UB-sanitizer warning about alignment #5097
fix: Catch exceptions in print-uncaught-messages destructor #5103
fix: Enhanced exception safety for our use of OpenColorIO #5114
fix: Fix possible fmt exceptions where we might have passed null string #5115
build: Test building with clang 22.1, fix warnings uncovered #5067
build: Improve security by pinning auto-build dependencies by hash #5076
build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0)
build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058
build(win): Embed manifest in OIIO executables to enable long path handling
#5066 (by Nathan Rusch)
ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0)
ci: For security, replace workflow substitutions with safer env substitutions
#5070
ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077
ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0,
3.0.17.0)
ci: Bump GitHub Actions to latest versions #5078 #5110 #5119
ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100
#5101 (3.1.12.0, 3.0.17.0)
ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0)
ci: Turn off nightly workflows for user forks #5042
tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075
#5079 #5099 #5112
docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza)
docs: Fix formatting examples for version macros #5073
docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0)
docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0,
3.0.17.0)
docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0)
admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0)
ci: Freetype adjustments #4999
Update to 5.1 (#2451401)
Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Gwyn Ciesla [gwync@protonmail.com] - 3.22.0-5
- Libraw rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447841 - swayimg-.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447841
[ 2 ] Bug #2451401 - swayimg-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451401
[ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454235
[ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454464
[ 5 ] Bug #2455346 - LibRaw-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455346
[ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456557
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: libpasraw-1.3.0-22.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bef0050737
2026-04-13 21:06:00.498961+00:00
--------------------------------------------------------------------------------

Name : libpasraw
Product : Fedora 44
Version : 1.3.0
Release : 22.fc44
URL : https://github.com/pchev/libpasraw
Summary : Pascal interface to libraw
Description :
Provides shared library to interface Pascal program with libraw.

--------------------------------------------------------------------------------
Update Information:

LibRaw 0.22.1 and rebuilds
Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0
oiiotool: Better type understanding with -i:ch= and other cleanup #5056
texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal
Lecocq) (3.1.12.0, 3.0.17.0)
IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0)
ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0)
bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0,
3.0.17.0)
heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64
#5095 (by Brecht Van Lommel)
ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0,
3.0.17.0)
jpeg: Improved safety and error reporting for jpeg and iptc #5081
jpeg2000: Suppress leak when reading with OpenJPH #5098
psd: Fixes against corrupt files with better validation #5089 (3.1.12.0,
3.0.17.0)
rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0)
tiff: Support GPS fields, and other metadata enhancements #5050
tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of
values passed to invert_photometric #5083, check for invalid bit depth in
palette images #5091
ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0)
fix: Fix UB-sanitizer warning about alignment #5097
fix: Catch exceptions in print-uncaught-messages destructor #5103
fix: Enhanced exception safety for our use of OpenColorIO #5114
fix: Fix possible fmt exceptions where we might have passed null string #5115
build: Test building with clang 22.1, fix warnings uncovered #5067
build: Improve security by pinning auto-build dependencies by hash #5076
build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0)
build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058
build(win): Embed manifest in OIIO executables to enable long path handling
#5066 (by Nathan Rusch)
ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0)
ci: For security, replace workflow substitutions with safer env substitutions
#5070
ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077
ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0,
3.0.17.0)
ci: Bump GitHub Actions to latest versions #5078 #5110 #5119
ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100
#5101 (3.1.12.0, 3.0.17.0)
ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0)
ci: Turn off nightly workflows for user forks #5042
tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075
#5079 #5099 #5112
docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza)
docs: Fix formatting examples for version macros #5073
docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0)
docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0,
3.0.17.0)
docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0)
admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0)
ci: Freetype adjustments #4999
Update to 5.1 (#2451401)
Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.3.0-22
- Libraw rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447841 - swayimg-.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447841
[ 2 ] Bug #2451401 - swayimg-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451401
[ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454235
[ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454464
[ 5 ] Bug #2455346 - LibRaw-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455346
[ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456557
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: libkdcraw-26.03.80-2.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bef0050737
2026-04-13 21:06:00.498961+00:00
--------------------------------------------------------------------------------

Name : libkdcraw
Product : Fedora 44
Version : 26.03.80
Release : 2.fc44
URL : https://invent.kde.org/graphics/libkdcraw
Summary : A C++ interface around LibRaw library
Description :
Libkdcraw is a C++ interface around LibRaw library used to decode RAW
picture files. More information about LibRaw can be found at
http://www.libraw.org.

--------------------------------------------------------------------------------
Update Information:

LibRaw 0.22.1 and rebuilds
Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0
oiiotool: Better type understanding with -i:ch= and other cleanup #5056
texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal
Lecocq) (3.1.12.0, 3.0.17.0)
IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0)
ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0)
bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0,
3.0.17.0)
heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64
#5095 (by Brecht Van Lommel)
ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0,
3.0.17.0)
jpeg: Improved safety and error reporting for jpeg and iptc #5081
jpeg2000: Suppress leak when reading with OpenJPH #5098
psd: Fixes against corrupt files with better validation #5089 (3.1.12.0,
3.0.17.0)
rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0)
tiff: Support GPS fields, and other metadata enhancements #5050
tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of
values passed to invert_photometric #5083, check for invalid bit depth in
palette images #5091
ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0)
fix: Fix UB-sanitizer warning about alignment #5097
fix: Catch exceptions in print-uncaught-messages destructor #5103
fix: Enhanced exception safety for our use of OpenColorIO #5114
fix: Fix possible fmt exceptions where we might have passed null string #5115
build: Test building with clang 22.1, fix warnings uncovered #5067
build: Improve security by pinning auto-build dependencies by hash #5076
build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0)
build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058
build(win): Embed manifest in OIIO executables to enable long path handling
#5066 (by Nathan Rusch)
ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0)
ci: For security, replace workflow substitutions with safer env substitutions
#5070
ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077
ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0,
3.0.17.0)
ci: Bump GitHub Actions to latest versions #5078 #5110 #5119
ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100
#5101 (3.1.12.0, 3.0.17.0)
ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0)
ci: Turn off nightly workflows for user forks #5042
tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075
#5079 #5099 #5112
docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza)
docs: Fix formatting examples for version macros #5073
docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0)
docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0,
3.0.17.0)
docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0)
admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0)
ci: Freetype adjustments #4999
Update to 5.1 (#2451401)
Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Gwyn Ciesla [gwync@protonmail.com] - 26.03.80-2
- Libraw rebuild
* Mon Mar 16 2026 Steve Cossette [farchord@gmail.com] - 26.03.80-1
- 26.03.80
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447841 - swayimg-.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447841
[ 2 ] Bug #2451401 - swayimg-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451401
[ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454235
[ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454464
[ 5 ] Bug #2455346 - LibRaw-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455346
[ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456557
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: kstars-3.8.0-6.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bef0050737
2026-04-13 21:06:00.498961+00:00
--------------------------------------------------------------------------------

Name : kstars
Product : Fedora 44
Version : 3.8.0
Release : 6.fc44
URL : http://edu.kde.org/kstars
Summary : Desktop Planetarium
Description :
KStars is a Desktop Planetarium. It provides an accurate graphical
simulation of the night sky, from any location on Earth, at any date and
time. The display includes up to 100 million stars, 13,000 deep-sky objects,
all 8 planets, the Sun and Moon, and thousands of comets and asteroids.

--------------------------------------------------------------------------------
Update Information:

LibRaw 0.22.1 and rebuilds
Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0
oiiotool: Better type understanding with -i:ch= and other cleanup #5056
texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal
Lecocq) (3.1.12.0, 3.0.17.0)
IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0)
ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0)
bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0,
3.0.17.0)
heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64
#5095 (by Brecht Van Lommel)
ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0,
3.0.17.0)
jpeg: Improved safety and error reporting for jpeg and iptc #5081
jpeg2000: Suppress leak when reading with OpenJPH #5098
psd: Fixes against corrupt files with better validation #5089 (3.1.12.0,
3.0.17.0)
rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0)
tiff: Support GPS fields, and other metadata enhancements #5050
tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of
values passed to invert_photometric #5083, check for invalid bit depth in
palette images #5091
ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0)
fix: Fix UB-sanitizer warning about alignment #5097
fix: Catch exceptions in print-uncaught-messages destructor #5103
fix: Enhanced exception safety for our use of OpenColorIO #5114
fix: Fix possible fmt exceptions where we might have passed null string #5115
build: Test building with clang 22.1, fix warnings uncovered #5067
build: Improve security by pinning auto-build dependencies by hash #5076
build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0)
build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058
build(win): Embed manifest in OIIO executables to enable long path handling
#5066 (by Nathan Rusch)
ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0)
ci: For security, replace workflow substitutions with safer env substitutions
#5070
ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077
ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0,
3.0.17.0)
ci: Bump GitHub Actions to latest versions #5078 #5110 #5119
ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100
#5101 (3.1.12.0, 3.0.17.0)
ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0)
ci: Turn off nightly workflows for user forks #5042
tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075
#5079 #5099 #5112
docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza)
docs: Fix formatting examples for version macros #5073
docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0)
docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0,
3.0.17.0)
docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0)
admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0)
ci: Freetype adjustments #4999
Update to 5.1 (#2451401)
Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Gwyn Ciesla [gwync@protonmail.com] - 1:3.8.0-6
- Libraw rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447841 - swayimg-.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447841
[ 2 ] Bug #2451401 - swayimg-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451401
[ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454235
[ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454464
[ 5 ] Bug #2455346 - LibRaw-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455346
[ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456557
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: elementary-photos-8.0.1-6.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bef0050737
2026-04-13 21:06:00.498961+00:00
--------------------------------------------------------------------------------

Name : elementary-photos
Product : Fedora 44
Version : 8.0.1
Release : 6.fc44
URL : https://github.com/elementary/photos
Summary : Photo manager and viewer from elementary
Description :
The elementary continuation of Shotwell, originally written by Yorba
Foundation.

--------------------------------------------------------------------------------
Update Information:

LibRaw 0.22.1 and rebuilds
Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0
oiiotool: Better type understanding with -i:ch= and other cleanup #5056
texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal
Lecocq) (3.1.12.0, 3.0.17.0)
IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0)
ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0)
bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0,
3.0.17.0)
heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64
#5095 (by Brecht Van Lommel)
ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0,
3.0.17.0)
jpeg: Improved safety and error reporting for jpeg and iptc #5081
jpeg2000: Suppress leak when reading with OpenJPH #5098
psd: Fixes against corrupt files with better validation #5089 (3.1.12.0,
3.0.17.0)
rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0)
tiff: Support GPS fields, and other metadata enhancements #5050
tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of
values passed to invert_photometric #5083, check for invalid bit depth in
palette images #5091
ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0)
fix: Fix UB-sanitizer warning about alignment #5097
fix: Catch exceptions in print-uncaught-messages destructor #5103
fix: Enhanced exception safety for our use of OpenColorIO #5114
fix: Fix possible fmt exceptions where we might have passed null string #5115
build: Test building with clang 22.1, fix warnings uncovered #5067
build: Improve security by pinning auto-build dependencies by hash #5076
build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0)
build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058
build(win): Embed manifest in OIIO executables to enable long path handling
#5066 (by Nathan Rusch)
ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0)
ci: For security, replace workflow substitutions with safer env substitutions
#5070
ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077
ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0,
3.0.17.0)
ci: Bump GitHub Actions to latest versions #5078 #5110 #5119
ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100
#5101 (3.1.12.0, 3.0.17.0)
ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0)
ci: Turn off nightly workflows for user forks #5042
tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075
#5079 #5099 #5112
docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza)
docs: Fix formatting examples for version macros #5073
docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0)
docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0,
3.0.17.0)
docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0)
admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0)
ci: Freetype adjustments #4999
Update to 5.1 (#2451401)
Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Gwyn Ciesla [gwync@protonmail.com] - 8.0.1-6
- Libraw rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447841 - swayimg-.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447841
[ 2 ] Bug #2451401 - swayimg-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451401
[ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454235
[ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454464
[ 5 ] Bug #2455346 - LibRaw-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455346
[ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456557
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: efl-1.28.1-6.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bef0050737
2026-04-13 21:06:00.498961+00:00
--------------------------------------------------------------------------------

Name : efl
Product : Fedora 44
Version : 1.28.1
Release : 6.fc44
URL : http://enlightenment.org/
Summary : Collection of Enlightenment libraries
Description :
EFL is a collection of libraries for handling many common tasks a
developer may have such as data structures, communication, rendering,
widgets and more.

--------------------------------------------------------------------------------
Update Information:

LibRaw 0.22.1 and rebuilds
Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0
oiiotool: Better type understanding with -i:ch= and other cleanup #5056
texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal
Lecocq) (3.1.12.0, 3.0.17.0)
IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0)
ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0)
bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0,
3.0.17.0)
heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64
#5095 (by Brecht Van Lommel)
ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0,
3.0.17.0)
jpeg: Improved safety and error reporting for jpeg and iptc #5081
jpeg2000: Suppress leak when reading with OpenJPH #5098
psd: Fixes against corrupt files with better validation #5089 (3.1.12.0,
3.0.17.0)
rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0)
tiff: Support GPS fields, and other metadata enhancements #5050
tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of
values passed to invert_photometric #5083, check for invalid bit depth in
palette images #5091
ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0)
fix: Fix UB-sanitizer warning about alignment #5097
fix: Catch exceptions in print-uncaught-messages destructor #5103
fix: Enhanced exception safety for our use of OpenColorIO #5114
fix: Fix possible fmt exceptions where we might have passed null string #5115
build: Test building with clang 22.1, fix warnings uncovered #5067
build: Improve security by pinning auto-build dependencies by hash #5076
build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0)
build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058
build(win): Embed manifest in OIIO executables to enable long path handling
#5066 (by Nathan Rusch)
ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0)
ci: For security, replace workflow substitutions with safer env substitutions
#5070
ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077
ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0,
3.0.17.0)
ci: Bump GitHub Actions to latest versions #5078 #5110 #5119
ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100
#5101 (3.1.12.0, 3.0.17.0)
ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0)
ci: Turn off nightly workflows for user forks #5042
tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075
#5079 #5099 #5112
docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza)
docs: Fix formatting examples for version macros #5073
docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0)
docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0,
3.0.17.0)
docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0)
admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0)
ci: Freetype adjustments #4999
Update to 5.1 (#2451401)
Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.28.1-6
- Libraw rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447841 - swayimg-.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447841
[ 2 ] Bug #2451401 - swayimg-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451401
[ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454235
[ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454464
[ 5 ] Bug #2455346 - LibRaw-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455346
[ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456557
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: dtk6gui-6.7.32-5.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bef0050737
2026-04-13 21:06:00.498961+00:00
--------------------------------------------------------------------------------

Name : dtk6gui
Product : Fedora 44
Version : 6.7.32
Release : 5.fc44
URL : https://github.com/linuxdeepin/dtkgui
Summary : Deepin Toolkit, gui module for DDE look and feel
Description :
Deepin Tool Kit (DtkGui) is the development graphical user interface of all
C++/Qt Developer work on Deepin.

--------------------------------------------------------------------------------
Update Information:

LibRaw 0.22.1 and rebuilds
Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0
oiiotool: Better type understanding with -i:ch= and other cleanup #5056
texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal
Lecocq) (3.1.12.0, 3.0.17.0)
IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0)
ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0)
bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0,
3.0.17.0)
heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64
#5095 (by Brecht Van Lommel)
ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0,
3.0.17.0)
jpeg: Improved safety and error reporting for jpeg and iptc #5081
jpeg2000: Suppress leak when reading with OpenJPH #5098
psd: Fixes against corrupt files with better validation #5089 (3.1.12.0,
3.0.17.0)
rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0)
tiff: Support GPS fields, and other metadata enhancements #5050
tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of
values passed to invert_photometric #5083, check for invalid bit depth in
palette images #5091
ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0)
fix: Fix UB-sanitizer warning about alignment #5097
fix: Catch exceptions in print-uncaught-messages destructor #5103
fix: Enhanced exception safety for our use of OpenColorIO #5114
fix: Fix possible fmt exceptions where we might have passed null string #5115
build: Test building with clang 22.1, fix warnings uncovered #5067
build: Improve security by pinning auto-build dependencies by hash #5076
build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0)
build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058
build(win): Embed manifest in OIIO executables to enable long path handling
#5066 (by Nathan Rusch)
ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0)
ci: For security, replace workflow substitutions with safer env substitutions
#5070
ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077
ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0,
3.0.17.0)
ci: Bump GitHub Actions to latest versions #5078 #5110 #5119
ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100
#5101 (3.1.12.0, 3.0.17.0)
ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0)
ci: Turn off nightly workflows for user forks #5042
tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075
#5079 #5099 #5112
docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza)
docs: Fix formatting examples for version macros #5073
docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0)
docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0,
3.0.17.0)
docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0)
admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0)
ci: Freetype adjustments #4999
Update to 5.1 (#2451401)
Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Gwyn Ciesla [gwync@protonmail.com] - 6.7.32-5
- Libraw rebuild
* Thu Apr 2 2026 Jan Grulich [jgrulich@redhat.com] - 6.7.32-4
- Rebuild (qt6)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447841 - swayimg-.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447841
[ 2 ] Bug #2451401 - swayimg-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451401
[ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454235
[ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454464
[ 5 ] Bug #2455346 - LibRaw-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455346
[ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456557
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: dtkgui-5.7.30-4.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bef0050737
2026-04-13 21:06:00.498961+00:00
--------------------------------------------------------------------------------

Name : dtkgui
Product : Fedora 44
Version : 5.7.30
Release : 4.fc44
URL : https://github.com/linuxdeepin/dtkgui
Summary : Deepin dtkgui
Description :
Dtkgui is the GUI module for DDE look and feel.

--------------------------------------------------------------------------------
Update Information:

LibRaw 0.22.1 and rebuilds
Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0
oiiotool: Better type understanding with -i:ch= and other cleanup #5056
texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal
Lecocq) (3.1.12.0, 3.0.17.0)
IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0)
ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0)
bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0,
3.0.17.0)
heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64
#5095 (by Brecht Van Lommel)
ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0,
3.0.17.0)
jpeg: Improved safety and error reporting for jpeg and iptc #5081
jpeg2000: Suppress leak when reading with OpenJPH #5098
psd: Fixes against corrupt files with better validation #5089 (3.1.12.0,
3.0.17.0)
rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0)
tiff: Support GPS fields, and other metadata enhancements #5050
tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of
values passed to invert_photometric #5083, check for invalid bit depth in
palette images #5091
ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0)
fix: Fix UB-sanitizer warning about alignment #5097
fix: Catch exceptions in print-uncaught-messages destructor #5103
fix: Enhanced exception safety for our use of OpenColorIO #5114
fix: Fix possible fmt exceptions where we might have passed null string #5115
build: Test building with clang 22.1, fix warnings uncovered #5067
build: Improve security by pinning auto-build dependencies by hash #5076
build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0)
build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058
build(win): Embed manifest in OIIO executables to enable long path handling
#5066 (by Nathan Rusch)
ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0)
ci: For security, replace workflow substitutions with safer env substitutions
#5070
ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077
ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0,
3.0.17.0)
ci: Bump GitHub Actions to latest versions #5078 #5110 #5119
ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100
#5101 (3.1.12.0, 3.0.17.0)
ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0)
ci: Turn off nightly workflows for user forks #5042
tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075
#5079 #5099 #5112
docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza)
docs: Fix formatting examples for version macros #5073
docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0)
docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0,
3.0.17.0)
docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0)
admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0)
ci: Freetype adjustments #4999
Update to 5.1 (#2451401)
Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Gwyn Ciesla [gwync@protonmail.com] - 5.7.30-4
- Libraw rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447841 - swayimg-.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447841
[ 2 ] Bug #2451401 - swayimg-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451401
[ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454235
[ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454464
[ 5 ] Bug #2455346 - LibRaw-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455346
[ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456557
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: geeqie-2.7-2.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bef0050737
2026-04-13 21:06:00.498961+00:00
--------------------------------------------------------------------------------

Name : geeqie
Product : Fedora 44
Version : 2.7
Release : 2.fc44
URL : https://www.geeqie.org
Summary : Image browser and viewer
Description :
Geeqie has been forked from the GQview project with the goal of picking up
development and integrating patches. It is an image viewer for browsing
through graphics files. Its many features include single click file viewing,
support for external editors, previewing images using thumbnails, and zoom.

--------------------------------------------------------------------------------
Update Information:

LibRaw 0.22.1 and rebuilds
Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0
oiiotool: Better type understanding with -i:ch= and other cleanup #5056
texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal
Lecocq) (3.1.12.0, 3.0.17.0)
IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0)
ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0)
bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0,
3.0.17.0)
heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64
#5095 (by Brecht Van Lommel)
ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0,
3.0.17.0)
jpeg: Improved safety and error reporting for jpeg and iptc #5081
jpeg2000: Suppress leak when reading with OpenJPH #5098
psd: Fixes against corrupt files with better validation #5089 (3.1.12.0,
3.0.17.0)
rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0)
tiff: Support GPS fields, and other metadata enhancements #5050
tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of
values passed to invert_photometric #5083, check for invalid bit depth in
palette images #5091
ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0)
fix: Fix UB-sanitizer warning about alignment #5097
fix: Catch exceptions in print-uncaught-messages destructor #5103
fix: Enhanced exception safety for our use of OpenColorIO #5114
fix: Fix possible fmt exceptions where we might have passed null string #5115
build: Test building with clang 22.1, fix warnings uncovered #5067
build: Improve security by pinning auto-build dependencies by hash #5076
build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0)
build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058
build(win): Embed manifest in OIIO executables to enable long path handling
#5066 (by Nathan Rusch)
ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0)
ci: For security, replace workflow substitutions with safer env substitutions
#5070
ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077
ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0,
3.0.17.0)
ci: Bump GitHub Actions to latest versions #5078 #5110 #5119
ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100
#5101 (3.1.12.0, 3.0.17.0)
ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0)
ci: Turn off nightly workflows for user forks #5042
tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075
#5079 #5099 #5112
docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza)
docs: Fix formatting examples for version macros #5073
docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0)
docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0,
3.0.17.0)
docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0)
admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0)
ci: Freetype adjustments #4999
Update to 5.1 (#2451401)
Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Gwyn Ciesla [gwync@protonmail.com] - 2.7-2
- Libraw rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447841 - swayimg-.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447841
[ 2 ] Bug #2451401 - swayimg-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451401
[ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454235
[ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454464
[ 5 ] Bug #2455346 - LibRaw-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455346
[ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456557
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: gegl04-0.4.70-2.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bef0050737
2026-04-13 21:06:00.498961+00:00
--------------------------------------------------------------------------------

Name : gegl04
Product : Fedora 44
Version : 0.4.70
Release : 2.fc44
URL : https://www.gegl.org/
Summary : Graph based image processing framework
Description :
GEGL (Generic Graphics Library) is a graph based image processing framework.
GEGLs original design was made to scratch GIMP's itches for a new
compositing and processing core. This core is being designed to have
minimal dependencies and a simple well defined API.

--------------------------------------------------------------------------------
Update Information:

LibRaw 0.22.1 and rebuilds
Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0
oiiotool: Better type understanding with -i:ch= and other cleanup #5056
texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal
Lecocq) (3.1.12.0, 3.0.17.0)
IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0)
ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0)
bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0,
3.0.17.0)
heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64
#5095 (by Brecht Van Lommel)
ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0,
3.0.17.0)
jpeg: Improved safety and error reporting for jpeg and iptc #5081
jpeg2000: Suppress leak when reading with OpenJPH #5098
psd: Fixes against corrupt files with better validation #5089 (3.1.12.0,
3.0.17.0)
rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0)
tiff: Support GPS fields, and other metadata enhancements #5050
tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of
values passed to invert_photometric #5083, check for invalid bit depth in
palette images #5091
ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0)
fix: Fix UB-sanitizer warning about alignment #5097
fix: Catch exceptions in print-uncaught-messages destructor #5103
fix: Enhanced exception safety for our use of OpenColorIO #5114
fix: Fix possible fmt exceptions where we might have passed null string #5115
build: Test building with clang 22.1, fix warnings uncovered #5067
build: Improve security by pinning auto-build dependencies by hash #5076
build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0)
build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058
build(win): Embed manifest in OIIO executables to enable long path handling
#5066 (by Nathan Rusch)
ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0)
ci: For security, replace workflow substitutions with safer env substitutions
#5070
ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077
ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0,
3.0.17.0)
ci: Bump GitHub Actions to latest versions #5078 #5110 #5119
ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100
#5101 (3.1.12.0, 3.0.17.0)
ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0)
ci: Turn off nightly workflows for user forks #5042
tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075
#5079 #5099 #5112
docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza)
docs: Fix formatting examples for version macros #5073
docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0)
docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0,
3.0.17.0)
docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0)
admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0)
ci: Freetype adjustments #4999
Update to 5.1 (#2451401)
Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Gwyn Ciesla [gwync@protonmail.com] - 0.4.70-2
- Libraw rebuild
* Mon Mar 30 2026 Nils Philippsen [nils@tiptoe.de] - 0.4.70-1
- Update to 0.4.70
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447841 - swayimg-.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447841
[ 2 ] Bug #2451401 - swayimg-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451401
[ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454235
[ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454464
[ 5 ] Bug #2455346 - LibRaw-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455346
[ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456557
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: entangle-3.0-17.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bef0050737
2026-04-13 21:06:00.498961+00:00
--------------------------------------------------------------------------------

Name : entangle
Product : Fedora 44
Version : 3.0
Release : 17.fc44
URL : https://entangle-photo.org/
Summary : Tethered shooting & control of digital cameras
Description :
Entangle is an application which uses GTK and libgphoto2 to provide a
graphical interface for tethered photography with digital cameras.

It includes control over camera shooting and configuration settings
and 'hands off' shooting directly from the controlling computer.

--------------------------------------------------------------------------------
Update Information:

LibRaw 0.22.1 and rebuilds
Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0
oiiotool: Better type understanding with -i:ch= and other cleanup #5056
texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal
Lecocq) (3.1.12.0, 3.0.17.0)
IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0)
ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0)
bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0,
3.0.17.0)
heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64
#5095 (by Brecht Van Lommel)
ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0,
3.0.17.0)
jpeg: Improved safety and error reporting for jpeg and iptc #5081
jpeg2000: Suppress leak when reading with OpenJPH #5098
psd: Fixes against corrupt files with better validation #5089 (3.1.12.0,
3.0.17.0)
rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0)
tiff: Support GPS fields, and other metadata enhancements #5050
tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of
values passed to invert_photometric #5083, check for invalid bit depth in
palette images #5091
ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0)
fix: Fix UB-sanitizer warning about alignment #5097
fix: Catch exceptions in print-uncaught-messages destructor #5103
fix: Enhanced exception safety for our use of OpenColorIO #5114
fix: Fix possible fmt exceptions where we might have passed null string #5115
build: Test building with clang 22.1, fix warnings uncovered #5067
build: Improve security by pinning auto-build dependencies by hash #5076
build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0)
build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058
build(win): Embed manifest in OIIO executables to enable long path handling
#5066 (by Nathan Rusch)
ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0)
ci: For security, replace workflow substitutions with safer env substitutions
#5070
ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077
ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0,
3.0.17.0)
ci: Bump GitHub Actions to latest versions #5078 #5110 #5119
ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100
#5101 (3.1.12.0, 3.0.17.0)
ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0)
ci: Turn off nightly workflows for user forks #5042
tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075
#5079 #5099 #5112
docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza)
docs: Fix formatting examples for version macros #5073
docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0)
docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0,
3.0.17.0)
docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0)
admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0)
ci: Freetype adjustments #4999
Update to 5.1 (#2451401)
Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Gwyn Ciesla [gwync@protonmail.com] - 3.0-17
- Libraw rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447841 - swayimg-.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447841
[ 2 ] Bug #2451401 - swayimg-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451401
[ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454235
[ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454464
[ 5 ] Bug #2455346 - LibRaw-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455346
[ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456557
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: deepin-image-viewer-5.8.2-21.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bef0050737
2026-04-13 21:06:00.498961+00:00
--------------------------------------------------------------------------------

Name : deepin-image-viewer
Product : Fedora 44
Version : 5.8.2
Release : 21.fc44
URL : https://github.com/linuxdeepin/deepin-image-viewer
Summary : Deepin Image Viewer
Description :
Deepin Image Viewer.

--------------------------------------------------------------------------------
Update Information:

LibRaw 0.22.1 and rebuilds
Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0
oiiotool: Better type understanding with -i:ch= and other cleanup #5056
texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal
Lecocq) (3.1.12.0, 3.0.17.0)
IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0)
ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0)
bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0,
3.0.17.0)
heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64
#5095 (by Brecht Van Lommel)
ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0,
3.0.17.0)
jpeg: Improved safety and error reporting for jpeg and iptc #5081
jpeg2000: Suppress leak when reading with OpenJPH #5098
psd: Fixes against corrupt files with better validation #5089 (3.1.12.0,
3.0.17.0)
rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0)
tiff: Support GPS fields, and other metadata enhancements #5050
tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of
values passed to invert_photometric #5083, check for invalid bit depth in
palette images #5091
ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0)
fix: Fix UB-sanitizer warning about alignment #5097
fix: Catch exceptions in print-uncaught-messages destructor #5103
fix: Enhanced exception safety for our use of OpenColorIO #5114
fix: Fix possible fmt exceptions where we might have passed null string #5115
build: Test building with clang 22.1, fix warnings uncovered #5067
build: Improve security by pinning auto-build dependencies by hash #5076
build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0)
build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058
build(win): Embed manifest in OIIO executables to enable long path handling
#5066 (by Nathan Rusch)
ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0)
ci: For security, replace workflow substitutions with safer env substitutions
#5070
ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077
ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0,
3.0.17.0)
ci: Bump GitHub Actions to latest versions #5078 #5110 #5119
ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100
#5101 (3.1.12.0, 3.0.17.0)
ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0)
ci: Turn off nightly workflows for user forks #5042
tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075
#5079 #5099 #5112
docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza)
docs: Fix formatting examples for version macros #5073
docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0)
docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0,
3.0.17.0)
docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0)
admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0)
ci: Freetype adjustments #4999
Update to 5.1 (#2451401)
Update to 5.0 (#2447841)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Gwyn Ciesla [gwync@protonmail.com] - 5.8.2-21
- Libraw rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447841 - swayimg-.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447841
[ 2 ] Bug #2451401 - swayimg-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451401
[ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454235
[ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454464
[ 5 ] Bug #2455346 - LibRaw-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455346
[ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456557
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

Bind, Gst-Plugins-Bad, Xdg-Dbus-Proxy updates for Debian

Gstreamer, Firefox, Go, and more updates for RHEL

Webkit2GTK, Flatpak, Chromium, and more updates for Fedora

[SECURITY] Fedora 42 Update: webkitgtk-2.52.1-1.fc42

[SECURITY] Fedora 43 Update: flatpak-1.16.6-1.fc43

[SECURITY] Fedora 43 Update: python-cryptography-46.0.7-1.fc43

[SECURITY] Fedora 43 Update: chromium-147.0.7727.55-1.fc43

[SECURITY] Fedora 43 Update: webkitgtk-2.52.1-1.fc43

[SECURITY] Fedora 44 Update: siril-1.4.2-3.fc44

[SECURITY] Fedora 44 Update: vips-8.18.0-6.fc44

[SECURITY] Fedora 44 Update: flatpak-1.17.6-1.fc44

[SECURITY] Fedora 44 Update: swayimg-5.1-2.fc44

[SECURITY] Fedora 44 Update: OpenImageIO2.5-2.5.19.1-10.fc44

[SECURITY] Fedora 44 Update: luminance-hdr-2.6.1.1-89.fc44

[SECURITY] Fedora 44 Update: LibRaw-0.22.1-1.fc44

[SECURITY] Fedora 44 Update: kf6-kimageformats-6.24.0-3.fc44

[SECURITY] Fedora 44 Update: shotwell-33~alpha-9.fc44

[SECURITY] Fedora 44 Update: gthumb-3.12.10-7.fc44

[SECURITY] Fedora 44 Update: ImageMagick-7.1.2.13-2.fc44

[SECURITY] Fedora 44 Update: rawtherapee-5.12-8.fc44

[SECURITY] Fedora 44 Update: kf5-kimageformats-5.116.0-8.fc44

[SECURITY] Fedora 44 Update: photoqt-5.2-3.fc44

[SECURITY] Fedora 44 Update: kf5-libkdcraw-23.08.5-7.fc44

[SECURITY] Fedora 44 Update: freeimage-3.19.0-0.31.svn1909.fc44

[SECURITY] Fedora 44 Update: OpenImageIO-3.1.12.0-2.fc44

[SECURITY] Fedora 44 Update: nomacs-3.22.0-5.fc44

[SECURITY] Fedora 44 Update: libpasraw-1.3.0-22.fc44

[SECURITY] Fedora 44 Update: libkdcraw-26.03.80-2.fc44

[SECURITY] Fedora 44 Update: kstars-3.8.0-6.fc44

[SECURITY] Fedora 44 Update: elementary-photos-8.0.1-6.fc44

[SECURITY] Fedora 44 Update: efl-1.28.1-6.fc44

[SECURITY] Fedora 44 Update: dtk6gui-6.7.32-5.fc44

[SECURITY] Fedora 44 Update: dtkgui-5.7.30-4.fc44

[SECURITY] Fedora 44 Update: geeqie-2.7-2.fc44

[SECURITY] Fedora 44 Update: gegl04-0.4.70-2.fc44

[SECURITY] Fedora 44 Update: entangle-3.0-17.fc44

[SECURITY] Fedora 44 Update: deepin-image-viewer-5.8.2-21.fc44

Windows

Linux

macOS

Community