This update for feh on Leap 42.1 fixes this security issue:

- CVE-2017-7875: In wallpaper.c in feh if a malicious client pretended to be the E17 window manager, it was possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free (bsc#1034567).

This update for feh on Leap 42.2 to version 2.18.3 fixes several issues.

This security issue was fixed on Leap 42.2:

- CVE-2017-7875: In wallpaper.c in feh if a malicious client pretended to be the E17 window manager, it was possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free (bsc#1034567).

These non-security issue was fixed on Leap 42.2:

- boo#955576: added jpegexiforient
- Fixed image-specific format specifiers not being updated correctly in thumbnail mode window titles
- Fixed memory leak when closing images opened from thumbnail mode
- Fixed a possible out of bounds read caused by an unterminated string when using --output to save images in long paths
- Fixed out of bounds read/write when handling empty or broken caption files.
- Fixed memory leak when saving a filelist or image whose target filename already exists.
- Fixed image-specific format specifiers not being updated correctly
- New key binding: ! - zoom_fill (zoom to fill window, may cut off image parts
- Disable EXIF-based auto rotation by default
- Added --auto-rotate option to enable auto rotation
- Added feh-makefile_app.patch -- fix install location of icons
- Install feh icon (both 48x48 and scalable SVG) to /usr/share/icons when running "make install app=1"
- Fixed --sort not being respected after the first reload when used in conjunction with --reload
- All key actions can now also be bound to a button by specifying them in .config/feh/buttons. However, note that button actions can not be bound to keys.
- Rename "menu" key action to "toggle_menu", "prev" to "prev_img" and "next" to "next_img". The old names are still supported, but no longer documented.
- feh now also sets the X11 _NET_WM_PID and WM_CLIENT_MACHINE window properties
- Fixed compilation on systems where HOST_NAME_MAX is not defined
- Also support in-place editing for images loaded via libcurl or imagemagick. Results will not be written back to disk in this case.
- Fixed crash when trying to rotate a JPEG image without having jpegtran / jpegexiforient installed
- Handle failing fork() calls gracefully
- Fixed invalid key/button definitions mis-assigning keys/buttons to other actions
- Added sort mode --sort dirname to sort images by directory instead of by name.
- Added navigation keys next_dir (]) and prev_dir ([) to jump to the first image of the nex/previous directory
- Fixed toggle_filenames key displaying wrong file numbers in multiwindow mode
- Rescale image when resizing a window and --scale-down or --geometry is active.
- Fixed --keep-zoom-vp not keeping the viewport x/y offsets
- Fixed w (size_to_image) key not updating window size when --scale-down or --geometry is active
- Added --insecure option to disable HTTPS certificate checks
- Added --no-recursive option to disable recursive directory expansion.
- Improve --scale-down in tiling environments.
- --action and --action[1..9] now support action titles
- -f / --filelist: Do not print useless error message when a correct filelist file is specified
- -f / --filelist: Fix bug in "-" / "/dev/stdin" handling affecting feh running in ksh and possibly other environments
- Add --xinerama-index option for background setting
- When removing the last image in slidsehow mode, stay on the last (previously second-to-last) image
- Allow --sort and --randomize to override each other (most recently specified option wins) instead of always preferring --sort
- Thumbnail mode: Mark image as processed when executing an action (--action) by clicking on an image
- It is now possible to override feh's idea of the active xinerama screen using the --xinerama-index option
- Removed (undocumented) feature allowing to override feh's idea of the active xinerama screen by setting the XINERAMA_SCREEN environment variable
- Removed obsolete gpg macro