Packages changed: Mesa (25.1.5 -> 25.1.6) Mesa-drivers (25.1.5 -> 25.1.6) MozillaFirefox (140.0.2 -> 141.0) apache2 (2.4.63 -> 2.4.65) apache2-manual (2.4.63 -> 2.4.65) apache2-prefork (2.4.63 -> 2.4.65) apache2-utils (2.4.63 -> 2.4.65) apparmor avahi avahi-glib2 aws-lc (1.54.0 -> 1.56.0) busybox busybox-links ceph checkpolicy (3.8.1 -> 3.9) ctags curl (8.14.1 -> 8.15.0) dracut-pcr-signature (0.6+0 -> 0.6+2) emacs firewalld fuse fuse3 (3.17.2 -> 3.17.3) fwupd (2.0.12 -> 2.0.13) gdk-pixbuf gdm ghostscript-fonts gpgme (1.24.3 -> 2.0.0) grub2 gstreamer (1.26.3 -> 1.26.4) gstreamer-plugins-bad (1.26.3 -> 1.26.4) gstreamer-plugins-base (1.26.3 -> 1.26.4) gstreamer-plugins-good (1.26.3 -> 1.26.4) gstreamer-plugins-libav (1.26.3 -> 1.26.4) gstreamer-plugins-ugly (1.26.3 -> 1.26.4) gupnp harfbuzz (11.2.1 -> 11.3.2) hplip inkscape kdump (2.1.0 -> 2.1.4) kernel-firmware-amdgpu (20250708 -> 20250718) kernel-firmware-bluetooth (20250707 -> 20250714) kernel-firmware-intel (20250603 -> 20250718) kernel-firmware-media (20250627 -> 20250717) kernel-firmware-mellanox (20250408 -> 20250717) kernel-firmware-network (20250627 -> 20250717) kernel-firmware-nvidia kernel-firmware-platform (20250627 -> 20250717) kernel-firmware-qcom (20250708 -> 20250714) kernel-firmware-qlogic (20250206 -> 20250717) kernel-firmware-realtek (20250630 -> 20250717) kernel-firmware-serial (20250627 -> 20250717) kernel-firmware-sound (20250627 -> 20250721) kernel-firmware-usb-network (20250206 -> 20250717) kernel-source (6.15.6 -> 6.15.8) libapparmor libbpf (1.5.1 -> 1.6.1) libcddb libopenmpt (0.8.1 -> 0.8.2) libostree (2025.3 -> 2025.4) libplist libquicktime libreoffice (25.2.4.3 -> 25.2.5.2) libselinux (3.8.1 -> 3.9) libselinux-bindings (3.8.1 -> 3.9) libsemanage (3.8.1 -> 3.9) libsepol (3.8.1 -> 3.9) libstorage-ng (4.5.263 -> 4.5.266) libxml2 libxslt libyui (4.7.5 -> 4.7.6) libyui-ncurses (4.7.5 -> 4.7.6) libyui-ncurses-pkg (4.7.5 -> 4.7.6) libyui-qt (4.7.5 -> 4.7.6) libyui-qt-graph (4.7.5 -> 4.7.6) libyui-qt-pkg (4.7.5 -> 4.7.6) libyuv libzypp (17.37.11 -> 17.37.14) lttng-ust microos-tools (4.0+git17 -> 4.0+git19) mozilla-nss (3.112 -> 3.113) mozjs128 (128.12.0 -> 128.13.0) multipath-tools (0.11.0+183+suse.3973293 -> 0.11.0+184+suse.9bca786) ncompress ncurses (6.5.20250712 -> 6.5.20250720) nvidia-settings (570.153.02 -> 570.172.08) open-iscsi openSUSE-build-key openSUSE-release (20250718 -> 20250727) orca patterns-base patterns-gnome patterns-xfce pciutils (3.13.0 -> 3.14.0) perl-Authen-SASL perl-libwww-perl (6.780.0 -> 6.790.0) pipewire (1.4.6 -> 1.4.7) pixman policycoreutils (3.8.1 -> 3.9) polkit-default-privs (1550+20250603.5d84a17 -> 1550+20250721.f1b71a3) poppler poppler-qt6 protobuf python-Automat (24.8.1 -> 25.4.16) python-Babel python-anyio (4.8.0 -> 4.9.0) python-lxml (5.4.0 -> 6.0.0) python-semanage (3.8.1 -> 3.9) python-typing_extensions (4.14.0 -> 4.14.1) python311 python311-core python313 python313-core qemu qgpgme (1.24.3 -> 2.0.0) sdbootutil (1+git20250716.b03c12f -> 1+git20250724.553d46c) sdl2-compat sqlite3 (3.50.2 -> 3.50.3) sshfs systemd sysuser-tools tbb (2022.1.0 -> 2022.2.0) thunar (4.20.3 -> 4.20.4) unbound update-bootloader (1.24 -> 1.25) vulkan-loader (1.4.313 -> 1.4.321) vulkan-tools (1.4.313 -> 1.4.321) xf86-video-voodoo xfce4-screensaver (4.18.3 -> 4.20.0) xkeyboard-config yast2 (5.0.13 -> 5.0.15) yast2-control-center (5.0.1 -> 5.0.2) yast2-iscsi-client (5.0.8 -> 5.0.9) yast2-packager (5.0.6 -> 5.0.8) yast2-ruby-bindings (5.0.4 -> 5.0.5) yast2-storage-ng (5.0.33 -> 5.0.34) yast2-trans (84.87.20250710.2e450abe00 -> 84.87.20250721.46ecd273d2) zypper (1.14.92 -> 1.14.93) === Details === ==== Mesa ==== Version update (25.1.5 -> 25.1.6) Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1 - Customise drivers for loongarch64 - Update to release 25.1.6 - -> https://docs.mesa3d.org/relnotes/25.1.6 ==== Mesa-drivers ==== Version update (25.1.5 -> 25.1.6) Subpackages: Mesa-dri Mesa-gallium Mesa-libva Mesa-vulkan-device-select libvulkan_lvp - Customise drivers for loongarch64 - Update to release 25.1.6 - -> https://docs.mesa3d.org/relnotes/25.1.6 ==== MozillaFirefox ==== Version update (140.0.2 -> 141.0) Subpackages: MozillaFirefox-branding-upstream - Mozilla Firefox 141.0 * https://www.mozilla.org/en-US/firefox/141.0/releasenotes/ MFSA 2025-56 (bsc#1246664) * CVE-2025-8027 (bmo#1968423) JavaScript engine only wrote partial return value to stack * CVE-2025-8028 (bmo#1971581) Large branch table could lead to truncated instruction * CVE-2025-8041 (bmo#1670725) Incorrect URL truncation in Firefox for Android * CVE-2025-8042 (bmo#1791322) Sandboxed iframe could start downloads * CVE-2025-8029 (bmo#1928021) javascript: URLs executed on object and embed tags * CVE-2025-8036 (bmo#1960834) DNS rebinding circumvents CORS * CVE-2025-8037 (bmo#1964767) Nameless cookies shadow secure cookies * CVE-2025-8030 (bmo#1968414) Potential user-assisted code execution in “Copy as cURL” command * CVE-2025-8043 (bmo#1970209) Incorrect URL truncation * CVE-2025-8031 (bmo#1971719) Incorrect URL stripping in CSP reports * CVE-2025-8032 (bmo#1974407) XSLT documents could bypass CSP * CVE-2025-8038 (bmo#1808979) CSP frame-src was not correctly enforced for paths * CVE-2025-8039 (bmo#1970997) Search terms persisted in URL bar * CVE-2025-8033 (bmo#1973990) Incorrect JavaScript state machine for generators * CVE-2025-8044 (bmo#1933572, bmo#1971116) Memory safety bugs fixed in Firefox 141 and Thunderbird 141 * CVE-2025-8034 (bmo#1970422, bmo#1970422, bmo#1970422, bmo#1970422) Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 * CVE-2025-8040 (bmo#1975058, bmo#1975058, bmo#1975998, bmo#1975998) Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 * CVE-2025-8035 (bmo#1975961, bmo#1975961, bmo#1975961) Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 - requires NSS 3.113 ==== apache2 ==== Version update (2.4.63 -> 2.4.65) - version update to 2.4.65 * ) SECURITY: CVE-2025-54090: Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64 (cve.mitre.org) A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue. * Refresh patches: - apache-test-application-xml-type.patch - apache-test-turn-off-variables-in-ssl-var-lookup.patch - apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch - apache2-LimitRequestFieldSize-limits-headers.patch * Update to 2.4.64. * CVE-2025-53020: Apache HTTP Server: HTTP/2 DoS by Memory Increase * CVE-2025-49812: Apache HTTP Server: mod_ssl TLS upgrade attack * CVE-2025-49630: Apache HTTP Server: mod_proxy_http2 denial of service * CVE-2025-23048: Apache HTTP Server: mod_ssl access control bypass with session resumption * CVE-2024-47252: Apache HTTP Server: mod_ssl error log variable escaping * CVE-2024-43394: Apache HTTP Server: SSRF on Windows due to UNC paths * CVE-2024-43204: Apache HTTP Server: SSRF with mod_headers setting Content-Type header * CVE-2024-42516: Apache HTTP Server: HTTP response splitting * mod_proxy_ajp: Use iobuffersize set on worker level for the IO buffer size. * mod_ssl: Drop $SSLKEYLOGFILE handling internally for OpenSSL 3.5 builds which enable it in libssl natively. * mod_asis: Fix the log level of the message AH01236. * mod_session_dbd: ensure format used with SessionDBDCookieName and SessionDBDCookieName2 are correct. * mod_headers: 'RequestHeader set|edit|edit_r Content-Type X' could inadvertently modify the Content-Type _response_ header. Applies to Content-Type only and likely to only affect static file responses. * mod_ssl: Remove warning over potential uninitialised value for ssl protocol prior to protocol selection. * mod_proxy: Reuse ProxyRemote connections when possible, like prior to 2.4.59. * mod_systemd: Add systemd socket activation support. * mod_systemd: Log the SELinux context at startup if available and enabled. * mod_http2: update to version 2.0.32 The code setting the connection window size was set wrong, preventing `H2WindowSize` to work. * mod_http2: update to version 2.0.30 - Fixed bug in handling over long response headers. When the 64 KB limit of nghttp2 was exceeded, the request was not reset and the client was left hanging, waiting for it. Now the stream is reset. - Added new directive `H2MaxHeaderBlockLen` to set the limit on response header sizes. - Fixed handling of Timeout vs. KeepAliveTimeout when first request on a connection was reset. * mod_lua: Fix memory handling in LuaOutputFilter. * mod_proxy_http2: revert r1912193 for detecting broken backend connections as this interferes with backend selection who a node is unresponsive. * mod_proxy_balancer: Fix a regression that caused stickysession keys no longer be recognized if they are provided as query parameter in the URL. * mod_md: update to version 2.5.2 - Fixed TLS-ALPN-01 challenges when multiple `MDPrivateKeys` are specified with EC keys before RSA ones. - Fixed missing newlines in the status page output. * mod_dav: Add API to expose DavBasePath setting. * mod_md: update to version 2.5.1 - Added support for ACME profiles with new directives MDProfile and MDProfileMandatory. - When installing a custom CA file via `MDCACertificateFile`, also set the libcurl option CURLSSLOPT_NO_REVOKE that suppresses complains by Schannel (when curl is linked with it) about missing CRL/OCSP in certificates. - Fixed handling of corrupted httpd.json and added test 300_30 for it. File is removed on error and written again. Fixes #369. - Added explanation in log for how to proceed when md_store.json could not be parsed and prevented the server start. - restored fixed to #336 and #337 which got lost in a sync with Apache svn - Add Issue Name/Uris to certificate information in md-status handler - MDomains with static certificate files have MDRenewMode "manual", unless "always" is configured. * core: Report invalid Options= argument when parsing AllowOverride directives. * scoreboard/mod_http2: record durations of HTTP/2 requests. ==== apache2-manual ==== Version update (2.4.63 -> 2.4.65) - version update to 2.4.65 * ) SECURITY: CVE-2025-54090: Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64 (cve.mitre.org) A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue. * Refresh patches: - apache-test-application-xml-type.patch - apache-test-turn-off-variables-in-ssl-var-lookup.patch - apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch - apache2-LimitRequestFieldSize-limits-headers.patch * Update to 2.4.64. * CVE-2025-53020: Apache HTTP Server: HTTP/2 DoS by Memory Increase * CVE-2025-49812: Apache HTTP Server: mod_ssl TLS upgrade attack * CVE-2025-49630: Apache HTTP Server: mod_proxy_http2 denial of service * CVE-2025-23048: Apache HTTP Server: mod_ssl access control bypass with session resumption * CVE-2024-47252: Apache HTTP Server: mod_ssl error log variable escaping * CVE-2024-43394: Apache HTTP Server: SSRF on Windows due to UNC paths * CVE-2024-43204: Apache HTTP Server: SSRF with mod_headers setting Content-Type header * CVE-2024-42516: Apache HTTP Server: HTTP response splitting * mod_proxy_ajp: Use iobuffersize set on worker level for the IO buffer size. * mod_ssl: Drop $SSLKEYLOGFILE handling internally for OpenSSL 3.5 builds which enable it in libssl natively. * mod_asis: Fix the log level of the message AH01236. * mod_session_dbd: ensure format used with SessionDBDCookieName and SessionDBDCookieName2 are correct. * mod_headers: 'RequestHeader set|edit|edit_r Content-Type X' could inadvertently modify the Content-Type _response_ header. Applies to Content-Type only and likely to only affect static file responses. * mod_ssl: Remove warning over potential uninitialised value for ssl protocol prior to protocol selection. * mod_proxy: Reuse ProxyRemote connections when possible, like prior to 2.4.59. * mod_systemd: Add systemd socket activation support. * mod_systemd: Log the SELinux context at startup if available and enabled. * mod_http2: update to version 2.0.32 The code setting the connection window size was set wrong, preventing `H2WindowSize` to work. * mod_http2: update to version 2.0.30 - Fixed bug in handling over long response headers. When the 64 KB limit of nghttp2 was exceeded, the request was not reset and the client was left hanging, waiting for it. Now the stream is reset. - Added new directive `H2MaxHeaderBlockLen` to set the limit on response header sizes. - Fixed handling of Timeout vs. KeepAliveTimeout when first request on a connection was reset. * mod_lua: Fix memory handling in LuaOutputFilter. * mod_proxy_http2: revert r1912193 for detecting broken backend connections as this interferes with backend selection who a node is unresponsive. * mod_proxy_balancer: Fix a regression that caused stickysession keys no longer be recognized if they are provided as query parameter in the URL. * mod_md: update to version 2.5.2 - Fixed TLS-ALPN-01 challenges when multiple `MDPrivateKeys` are specified with EC keys before RSA ones. - Fixed missing newlines in the status page output. * mod_dav: Add API to expose DavBasePath setting. * mod_md: update to version 2.5.1 - Added support for ACME profiles with new directives MDProfile and MDProfileMandatory. - When installing a custom CA file via `MDCACertificateFile`, also set the libcurl option CURLSSLOPT_NO_REVOKE that suppresses complains by Schannel (when curl is linked with it) about missing CRL/OCSP in certificates. - Fixed handling of corrupted httpd.json and added test 300_30 for it. File is removed on error and written again. Fixes #369. - Added explanation in log for how to proceed when md_store.json could not be parsed and prevented the server start. - restored fixed to #336 and #337 which got lost in a sync with Apache svn - Add Issue Name/Uris to certificate information in md-status handler - MDomains with static certificate files have MDRenewMode "manual", unless "always" is configured. * core: Report invalid Options= argument when parsing AllowOverride directives. * scoreboard/mod_http2: record durations of HTTP/2 requests. ==== apache2-prefork ==== Version update (2.4.63 -> 2.4.65) - version update to 2.4.65 * ) SECURITY: CVE-2025-54090: Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64 (cve.mitre.org) A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue. * Refresh patches: - apache-test-application-xml-type.patch - apache-test-turn-off-variables-in-ssl-var-lookup.patch - apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch - apache2-LimitRequestFieldSize-limits-headers.patch * Update to 2.4.64. * CVE-2025-53020: Apache HTTP Server: HTTP/2 DoS by Memory Increase * CVE-2025-49812: Apache HTTP Server: mod_ssl TLS upgrade attack * CVE-2025-49630: Apache HTTP Server: mod_proxy_http2 denial of service * CVE-2025-23048: Apache HTTP Server: mod_ssl access control bypass with session resumption * CVE-2024-47252: Apache HTTP Server: mod_ssl error log variable escaping * CVE-2024-43394: Apache HTTP Server: SSRF on Windows due to UNC paths * CVE-2024-43204: Apache HTTP Server: SSRF with mod_headers setting Content-Type header * CVE-2024-42516: Apache HTTP Server: HTTP response splitting * mod_proxy_ajp: Use iobuffersize set on worker level for the IO buffer size. * mod_ssl: Drop $SSLKEYLOGFILE handling internally for OpenSSL 3.5 builds which enable it in libssl natively. * mod_asis: Fix the log level of the message AH01236. * mod_session_dbd: ensure format used with SessionDBDCookieName and SessionDBDCookieName2 are correct. * mod_headers: 'RequestHeader set|edit|edit_r Content-Type X' could inadvertently modify the Content-Type _response_ header. Applies to Content-Type only and likely to only affect static file responses. * mod_ssl: Remove warning over potential uninitialised value for ssl protocol prior to protocol selection. * mod_proxy: Reuse ProxyRemote connections when possible, like prior to 2.4.59. * mod_systemd: Add systemd socket activation support. * mod_systemd: Log the SELinux context at startup if available and enabled. * mod_http2: update to version 2.0.32 The code setting the connection window size was set wrong, preventing `H2WindowSize` to work. * mod_http2: update to version 2.0.30 - Fixed bug in handling over long response headers. When the 64 KB limit of nghttp2 was exceeded, the request was not reset and the client was left hanging, waiting for it. Now the stream is reset. - Added new directive `H2MaxHeaderBlockLen` to set the limit on response header sizes. - Fixed handling of Timeout vs. KeepAliveTimeout when first request on a connection was reset. * mod_lua: Fix memory handling in LuaOutputFilter. * mod_proxy_http2: revert r1912193 for detecting broken backend connections as this interferes with backend selection who a node is unresponsive. * mod_proxy_balancer: Fix a regression that caused stickysession keys no longer be recognized if they are provided as query parameter in the URL. * mod_md: update to version 2.5.2 - Fixed TLS-ALPN-01 challenges when multiple `MDPrivateKeys` are specified with EC keys before RSA ones. - Fixed missing newlines in the status page output. * mod_dav: Add API to expose DavBasePath setting. * mod_md: update to version 2.5.1 - Added support for ACME profiles with new directives MDProfile and MDProfileMandatory. - When installing a custom CA file via `MDCACertificateFile`, also set the libcurl option CURLSSLOPT_NO_REVOKE that suppresses complains by Schannel (when curl is linked with it) about missing CRL/OCSP in certificates. - Fixed handling of corrupted httpd.json and added test 300_30 for it. File is removed on error and written again. Fixes #369. - Added explanation in log for how to proceed when md_store.json could not be parsed and prevented the server start. - restored fixed to #336 and #337 which got lost in a sync with Apache svn - Add Issue Name/Uris to certificate information in md-status handler - MDomains with static certificate files have MDRenewMode "manual", unless "always" is configured. * core: Report invalid Options= argument when parsing AllowOverride directives. * scoreboard/mod_http2: record durations of HTTP/2 requests. ==== apache2-utils ==== Version update (2.4.63 -> 2.4.65) - version update to 2.4.65 * ) SECURITY: CVE-2025-54090: Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64 (cve.mitre.org) A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue. * Refresh patches: - apache-test-application-xml-type.patch - apache-test-turn-off-variables-in-ssl-var-lookup.patch - apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch - apache2-LimitRequestFieldSize-limits-headers.patch * Update to 2.4.64. * CVE-2025-53020: Apache HTTP Server: HTTP/2 DoS by Memory Increase * CVE-2025-49812: Apache HTTP Server: mod_ssl TLS upgrade attack * CVE-2025-49630: Apache HTTP Server: mod_proxy_http2 denial of service * CVE-2025-23048: Apache HTTP Server: mod_ssl access control bypass with session resumption * CVE-2024-47252: Apache HTTP Server: mod_ssl error log variable escaping * CVE-2024-43394: Apache HTTP Server: SSRF on Windows due to UNC paths * CVE-2024-43204: Apache HTTP Server: SSRF with mod_headers setting Content-Type header * CVE-2024-42516: Apache HTTP Server: HTTP response splitting * mod_proxy_ajp: Use iobuffersize set on worker level for the IO buffer size. * mod_ssl: Drop $SSLKEYLOGFILE handling internally for OpenSSL 3.5 builds which enable it in libssl natively. * mod_asis: Fix the log level of the message AH01236. * mod_session_dbd: ensure format used with SessionDBDCookieName and SessionDBDCookieName2 are correct. * mod_headers: 'RequestHeader set|edit|edit_r Content-Type X' could inadvertently modify the Content-Type _response_ header. Applies to Content-Type only and likely to only affect static file responses. * mod_ssl: Remove warning over potential uninitialised value for ssl protocol prior to protocol selection. * mod_proxy: Reuse ProxyRemote connections when possible, like prior to 2.4.59. * mod_systemd: Add systemd socket activation support. * mod_systemd: Log the SELinux context at startup if available and enabled. * mod_http2: update to version 2.0.32 The code setting the connection window size was set wrong, preventing `H2WindowSize` to work. * mod_http2: update to version 2.0.30 - Fixed bug in handling over long response headers. When the 64 KB limit of nghttp2 was exceeded, the request was not reset and the client was left hanging, waiting for it. Now the stream is reset. - Added new directive `H2MaxHeaderBlockLen` to set the limit on response header sizes. - Fixed handling of Timeout vs. KeepAliveTimeout when first request on a connection was reset. * mod_lua: Fix memory handling in LuaOutputFilter. * mod_proxy_http2: revert r1912193 for detecting broken backend connections as this interferes with backend selection who a node is unresponsive. * mod_proxy_balancer: Fix a regression that caused stickysession keys no longer be recognized if they are provided as query parameter in the URL. * mod_md: update to version 2.5.2 - Fixed TLS-ALPN-01 challenges when multiple `MDPrivateKeys` are specified with EC keys before RSA ones. - Fixed missing newlines in the status page output. * mod_dav: Add API to expose DavBasePath setting. * mod_md: update to version 2.5.1 - Added support for ACME profiles with new directives MDProfile and MDProfileMandatory. - When installing a custom CA file via `MDCACertificateFile`, also set the libcurl option CURLSSLOPT_NO_REVOKE that suppresses complains by Schannel (when curl is linked with it) about missing CRL/OCSP in certificates. - Fixed handling of corrupted httpd.json and added test 300_30 for it. File is removed on error and written again. Fixes #369. - Added explanation in log for how to proceed when md_store.json could not be parsed and prevented the server start. - restored fixed to #336 and #337 which got lost in a sync with Apache svn - Add Issue Name/Uris to certificate information in md-status handler - MDomains with static certificate files have MDRenewMode "manual", unless "always" is configured. * core: Report invalid Options= argument when parsing AllowOverride directives. * scoreboard/mod_http2: record durations of HTTP/2 requests. ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - add xkeyboard.diff to allow reading /usr/share/xkeyboard-config-2/ via abstractions/X (boo#1246743) - add kerberosclient-usrmerge.diff to allow reading /usr/etc/krb5.conf (boo#1246689) ==== avahi ==== Subpackages: libavahi-client3 libavahi-common3 libavahi-core7 - Add patch submitted to upstream at to enable building with Qt6 and add that flavor: 0001-Enable-building-with-Qt6.patch - Disable building the Qt5 flavor in SLE16. ==== avahi-glib2 ==== Subpackages: libavahi-glib1 libavahi-gobject0 libavahi-ui-gtk3-0 - Add patch submitted to upstream at to enable building with Qt6 and add that flavor: 0001-Enable-building-with-Qt6.patch - Disable building the Qt5 flavor in SLE16. ==== aws-lc ==== Version update (1.54.0 -> 1.56.0) - update to version 1.56.0: * Export BIO_f_md for consumers * Remove obsolete python main patch * Remove redundant conditions * Implement pkcs8 cli * Export BF_cfb64_encrypt * Add pkey command to CLI tool * Improve OpenSSL compatibility * Fix PKCS12 Error Code * Use SP 800-56Arev3 Section 5.6.2.1.4.b instead of ECDSA PCT method * Minimize the nginx patch even further * Add LC contributors to allowlist * Align -help return codes in tool-openssl CLI to match Openssl * Dynamically link AWS-LC in cpython integration tests * Add missing x509 CI to list of tests * docs: Add FIPS documentation to BUILDING.md and README.md * Implement SSL_CTX_set_client_hello_cb for ClientHello callback * tool-openssl: Fix warning 'strnlen' specified bound 4096 exceeds source size 128 * Pull in SSL_get_negotiated_group and TLSEXT_nid_unknown from upstream * Document non-support of TLS 1.3 - update to version 1.55.0: * Add SSL_CTRL defines for SSL_*_tlsext_status_type * Implement HMAC over SHA3 truncated variants * Temporarily allowlist the webhook actors to AWS-LC * Rework memory BIOs and implement BIO_seek * s2n-bignum: Add prefix header to _s2n_bignum_internal.h ==== busybox ==== Subpackages: busybox-static - add placeholder variable and ignore applet logic to busybox.install - enable halt, poweroff, reboot commands (bsc#1243201) ==== busybox-links ==== Subpackages: busybox-coreutils busybox-diffutils busybox-ed busybox-findutils busybox-gawk busybox-grep busybox-gzip busybox-procps busybox-psmisc busybox-sed busybox-sendmail busybox-which busybox-xz - add filtering of ignored applets to busybox.install ==== ceph ==== Subpackages: librados2 librbd1 - Drop cryptopp as potential dependency [jsc#PED-13011] and use gnutls as upstream seastar. * Remove cryptopp and use gnutls instead. * Add ceph-replace-CryptoPP-calls-with-GnuTLS.patch ==== checkpolicy ==== Version update (3.8.1 -> 3.9) - Update to version 3.9 * Add support for wildcard netifcon names * Abort on mismatched declarations * Introduce neveraudit types ==== ctags ==== - Only Require: alts when using libalternatives, no need for scriplets ==== curl ==== Version update (8.14.1 -> 8.15.0) Subpackages: libcurl4 - Update to 8.15.0: * Changes: - TLS: remove support for Secure Transport and BearSSL * Bugfixes: - cf-socket: make socket data_pending a nop - configure: order LDAP after the SSL libraries - curl: improve non-blocking STDIN performance - curl_get_line: make sure lines end with newline - curl_path: make SFTP handle a path like /~ properly. - curlinfo: provide the 'digest' feature - digest: fix build with disabled digest auth - docs: note SSLS-EXPORT feature in -ssl-sessions doc - docs: reflect that delimiter-separated capath is only OpenSSL - docs: sync -tls-earlydata support w/ CURLOPT_SSL_OPTIONS - http/3: report handshake with version and cipher as for TCP connections - http2: do not delay RST send on aborted transfer - http_ntlm: protect against null deref - ldap: initial support for --with-ldap option - lib: address singleuse issues - lib: avoid reusing unclean connection - lib: drop two interim macros in favor of native libcurl API calls - lib: stop 'time()' debug overrides at the end of source in altsvc, hsts - lib: unify recv/send function signatures - memdebug.h: #undef 'fclose' before defining it - openssl: enable readahead - openssl: error on SSL_ERROR_SYSCALL - openssl: fix handling of buffered data - openssl: fix openssl engine use - openssl: fix pkcs11 provider available check - quic: implement CURLINFO_TLS_SSL_PTR - schannel: allow partial chains for manual peer verification - SCP/SFTP: avoid busy loop after EAGAIN - socks: fix query when filter context is null - tls: remove Curl_ssl false_start - tool_getparam: fix --ftp-pasv - tool_operate: fix return code when --retry is used but not triggered - top-complexity: lower max allowed complexity threshold to 90 - url: fix NULL deref with bad password when no user is provided - urlapi: use uppercase hex encoding - vtls: change send/recv signatures of tls backends - vtls: prefer ciphersuite to cipher in msgs - vtls: prefer rustls-ffi ciphersuite name API - xfer: manage pause bits * Remove patches upstream: - curl-fix--ftp-pasv.patch - fix-return-code-with-retry.patch ==== dracut-pcr-signature ==== Version update (0.6+0 -> 0.6+2) - Update to version 0.6+2 (bsc#1246322): * Extract the token from os-release - Update to version 0.6+1: * Fix typo in service description ==== emacs ==== Subpackages: emacs-el emacs-eln emacs-info emacs-nox etags - Remove ctags.1 that's unused with libalternatives - Requires: alts, not used in scriptlets - Move .gnu-emacs to /usr/etc/skel/ ==== firewalld ==== Subpackages: firewalld-bash-completion - Adding Python multiversion support, will enable firewalld pkg to provide Python libraries compatible with all supported Python versions. ==== fuse ==== Subpackages: libfuse2 - Workaround gettext 0.25 behavioral changes and call autopoint as needed [boo#1246701] ==== fuse3 ==== Version update (3.17.2 -> 3.17.3) Subpackages: libfuse3-4 - Update to release 3.17.3 * Avoid possible double unmount on FUSE_DESTROY ==== fwupd ==== Version update (2.0.12 -> 2.0.13) Subpackages: fwupd-bash-completion libfwupd3 typelib-1_0-Fwupd-2_0 - Update to version 2.0.13: + This release adds the following features: - Add a daemon config option to ignore efivars free space - Add support for glob-aware version comparison requirements - Allow targeting specific regions in FMAP when using flashrom - Detect static variables and magic numbers during code review - Remove the unused hailuck and rts54hid plugins + This release fixes the following bugs: - Align MTD erase up to the erasesize as necessary - Allow parsing IGSC OptionROM when using fwupdtool - Allow removing private flags from UEFI capsule devices in quirks - Do not copy the vendor for Intel reference ME firmware - Do not use an interactive console if stdout is redirected - Fix the UEFI self-test when the capsule splash is disabled - Get better device information when using PCI-backed MTD devices - Get the Intel GPU SKU and SVN when using BMG hardware - Make MBIM modem devices emulatable - Make sure fwupdtool.exe is available in the Windows PATH - Only show the 'Full Disk Encryption Detected' warning when required - Set all QCDM modem devices to raw mode when updating - Show all devices for fwupdtool get-devices --show-all --force - Show correct dbx version if non-Microsoft entries are present - Show KEK device attributes in fwupdmgr - Use an alternate GUID when the Intel GPU is in recovery mode - Use the kernel netlink hotplug socket when there is no Udev - Various small changes to speed up startup by 60% and lower RSS by 40% + This release adds support for the following hardware: - HP USB-C 100W G6 Dock - Logitech Bulk Controller pheripherals - More MediaTek scaler devices ==== gdk-pixbuf ==== Subpackages: gdk-pixbuf-query-loaders gdk-pixbuf-thumbnailer libgdk_pixbuf-2_0-0 typelib-1_0-GdkPixbuf-2_0 - Add gdk-pixbuf-fix-decoder-written-bytes-reporting.patch: Fix memory leak caused by wrong written bytes reported by decoder (bsc#1245227). ==== gdm ==== Subpackages: gdm-schema gdm-xdm-integration gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0 - gdm-fingerprint.pamd: Fix inclusion of common-account instead of postlogin-account ==== ghostscript-fonts ==== - Remove the -converted subpackage that uses ttf-converter. Anyone using these fonts should actually use the urw-base35-fonts package. ==== gpgme ==== Version update (1.24.3 -> 2.0.0) - Update to 2.0.0: * The C++ bindings, the Qt bindings, and the Python bindings were split off of gpgme * New function gpgme_op_random_bytes to get cryptographically strong random bytes from gpg * New function gpgme_op_random_value to get a cryptographically strong unsigned integer random value * New decrypt flag to skip the actual decryption so that information about the recipients can be retrieved. * New flag for key generate to mark a (sub)key as group owned * If the key passed to gpgme_signers_add was retrieved with an exact pattern (fingerprint with '!' suffix), the requested subkey is used for signing. This reflects the behaviour of gpg but is a minor semantic change * The timestamp and expires fields in gpgme_subkey_t, gpgme_key_sig, and gpgme_new_signature_t are changed from signed long to unsigned long to better cope with 32bit time_t implementations. These fields should in reality never see an error value (-1). * Removed the gpgme_attr_t enums and their functions which were deprecated since 2003D. [rMd54d6eaa64] * Removed the never implemented or announced GPGME_EXPORT_MODE_NOUID flags * Removed the entire trustlist feature which worked anyway only for a short period in 2003 - drop requirements from devel that are autogenerated - drop gpgme-suse-nobetasuffix.patch - drop gpgme-fix-python-install.patch ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-arm64-efi-bls grub2-common grub2-snapper-plugin grub2-systemd-sleep-plugin - Fix test -f and -s do not work properly over the network files served via tftp and http (bsc#1246157) (bsc#1246237) * 0001-test-Fix-f-test-on-files-over-network.patch * 0002-http-Return-HTTP-status-code-in-http_establish.patch * 0003-docs-Clarify-test-for-files-on-TFTP-and-HTTP.patch * 0004-tftp-Fix-hang-when-file-is-a-directory.patch ==== gstreamer ==== Version update (1.26.3 -> 1.26.4) Subpackages: gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0 - Update to version 1.26.4: + Highlighted bugfixes in 1.26.4: - adaptivedemux2: Fixed reverse playback - d3d12screencapture: Add support for monitor add/remove in device provider - rtmp2src: various fixes to make it play back AWS medialive streams - rtph265pay: add profile-id, tier-flag, and level-id to output rtp caps - vp9parse: Fix handling of spatial SVC decoding - vtenc: Fix negotiation failure with profile=main-422-10 - gtk4paintablesink: Add YCbCr memory texture formats and other improvements - livekit: add room-timeout - mp4mux: add TAI timestamp muxing support - rtpbin2: fix various race conditions, plus other bug fixes and performance improvements - threadshare: add a ts-rtpdtmfsrc element, implement run-time input switching in ts-intersrc - webrtcsink: fix deadlock on error setting remote description and other fixes. - cerbero: WiX installer: fix missing props files in the MSI packages - smaller macOS/iOS package sizes - Various bug fixes, build fixes, memory leak fixes, and other stability and reliability improvements + gstreamer: - tracers: Fix deadlock in latency tracer - Fix various valgrind/test errors when GST_DEBUG is enabled - More valgrind and test fixes - Various ASAN fixes ==== gstreamer-plugins-bad ==== Version update (1.26.3 -> 1.26.4) Subpackages: libgstadaptivedemux-1_0-0 libgstanalytics-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstinsertbin-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstmse-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Update to version 1.26.4: + avtp: crf: Setup socket during state change to ensure we handle failure + d3d12screencapture: Add support for monitor add/remove in device provider + mpegtsmux: fix double free caused by shared PMT descriptor + openh264: Ensure src_pic is initialized before use + rtmp2src: various fixes to make it play back AWS medialive streams + ssdobjectdetector: Use correct tensor data index for the scores + v4l2codecs: h265dec: Fix zero-copy of cropped window located at position 0,0 + vp9parse: Fix handling of spatial SVC decoding + vp9parse: Revert "Always default to super-frame" + vtenc: Fix negotiation failure with profile=main-422-10 + vulkan: Fix drawing too many triangles in fullscreenquad + vulkanfullscreenquad: add locks for synchronisation + Fix various valgrind/test errors when GST_DEBUG is enabled + More valgrind and test fixes + Various ASAN fixes ==== gstreamer-plugins-base ==== Version update (1.26.3 -> 1.26.4) Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0 - Update to version 1.26.4: + Revert "streamsynchronizer: Consider streams having received stream-start as waiting" + alsa: free conf cache under valgrind + gst-device-monitor: Fix caps filter splitting + Fix various valgrind/test errors when GST_DEBUG is enabled + More valgrind and test fixes + Various ASAN fixes ==== gstreamer-plugins-good ==== Version update (1.26.3 -> 1.26.4) Subpackages: gstreamer-plugins-good-gtk - Remove BuildRequires: libQt5PlatformHeaders-devel which isn't needed anymore - Update to version 1.26.4: + adaptivedemux2: Fixed reverse playback + matroskademux: Send tags after seeking + qtdemux: Fix incorrect FourCC used when iterating over sbgp atoms + qtdemux: Incorrect sibling type used in sbgp iteration loop + rtph265pay: add profile-id, tier-flag, and level-id to output rtp caps + rtpjpeg: fix copying of quant data if it spans memory segments + soup: Disable range requests when talking to Python's http.server + v4l2videodec: need replace acquired_caps on set_format success + Fix various valgrind/test errors when GST_DEBUG is enabled + More valgrind and test fixes + Various ASAN fixes ==== gstreamer-plugins-libav ==== Version update (1.26.3 -> 1.26.4) - Update to version 1.26.4: + Various ASAN fixes ==== gstreamer-plugins-ugly ==== Version update (1.26.3 -> 1.26.4) - Update to version 1.26.4: + No changes, stable bump only. ==== gupnp ==== - Disable test on loongarch. The test cannot be completed on loongarch64 due to architectural limitations. ==== harfbuzz ==== Version update (11.2.1 -> 11.3.2) Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - Update to version 11.3.2: + Fix build with non-compliant C++11 compilers that don't recognize the "and" keyword. - Changes from version 11.3.1: + Fix crasher in the glyph_v_origin function introduced in 11.3.0. - Changes from version 11.3.0: + Speed up handling fonts with very large number of variations. + Speed up getting horizontal and vertical glyph advances by up to 24%. + Significantly speed up vertical text shaping. + Various documentation improvements. + Various build improvements. + Various subsetting improvements. + Various improvements to Rust font functions (fontations integration) and shaper (HarfRust integration). + Rename harfruzz option and shaper to harfrust following upstream rename. + Implement hb_face_reference_blob() for DirectWrite font functions. ==== hplip ==== Subpackages: hplip-hpijs hplip-sane hplip-udev-rules - Fix ReDoS issue in HPLIP's SLP parser (bsc#1245358) * add Fix-ReDoS-issue-in-HPLIP-s-SLP-parser.patch ==== inkscape ==== Subpackages: inkscape-extensions-extra inkscape-extensions-gimp - Extension manager needs Python module 'appdirs', add dependency for python313-appdirs to inkscape-extensions-extra ==== kdump ==== Version update (2.1.0 -> 2.1.4) - upgrade to version 2.1.4 * work around failing calibration on aarch64 * support for kernel flavour-specific calibration * specific calibration for aarch64 -64kb kernels (jsc#PED-12971) * use KDUMP_NET_TIMEOUT as sftp/ftp timeout - update calibrate values - upgrade to version 2.1.1 * check for reserved memory on load for better error reporting * update man page * set KDUMP_CPUS to 1 on XEN (bsc#1244289) * load.sh clean up * use eval for PRESCRIPT, POSTSCRIPT and TRANSFER * sftp: fix key-based authentication * fix and improve calibrate build - update calibrate values ==== kernel-firmware-amdgpu ==== Version update (20250708 -> 20250718) - Update to version 20250718 (git commit a5fbfa20d1bd): * amdgpu: update dmcub fw for various DCN version - Update to version 20250716 (git commit 1b1a9d871442): * amdgpu: Update GC 11.5.1 microcode ==== kernel-firmware-bluetooth ==== Version update (20250707 -> 20250714) - Update to version 20250714 (git commit ecdbd2b8af04): * linux-firmware: Update firmware file for Intel Solar core * linux-firmware: Update firmware file for Intel BlazarU core * linux-firmware: Update firmware file for Intel BlazarI core ==== kernel-firmware-intel ==== Version update (20250603 -> 20250718) - Update to version 20250718 (git commit a5fbfa20d1bd): * intel_vpu: Update NPU firmware ==== kernel-firmware-media ==== Version update (20250627 -> 20250717) - Update to version 20250717 (git commit 6fc20e018cca): * WHENCE: extract more license statements ==== kernel-firmware-mellanox ==== Version update (20250408 -> 20250717) - Update to version 20250717 (git commit 6fc20e018cca): * WHENCE: extract more license statements ==== kernel-firmware-network ==== Version update (20250627 -> 20250717) - Update to version 20250717 (git commit 6fc20e018cca): * WHENCE: extract more license statements ==== kernel-firmware-nvidia ==== - Remove stale *.rpmmoved directories (bsc#1244458) ==== kernel-firmware-platform ==== Version update (20250627 -> 20250717) - Update to version 20250717 (git commit 6fc20e018cca): * WHENCE: extract more license statements ==== kernel-firmware-qcom ==== Version update (20250708 -> 20250714) - Remove stale *.rpmmoved directories (bsc#1244458) - Update to version 20250714 (git commit ecdbd2b8af04): * qcom: Update gpu firmwares of QCS615 chipset ==== kernel-firmware-qlogic ==== Version update (20250206 -> 20250717) - Update to version 20250717 (git commit 6fc20e018cca): * WHENCE: extract more license statements ==== kernel-firmware-realtek ==== Version update (20250630 -> 20250717) - Update to version 20250717 (git commit 6fc20e018cca): * WHENCE: extract more license statements - Update to version 20250715 (git commit 04c379b552c7): * rtw89: 8852b: update fw to v0.29.128.0 * rtw89: 8852bt: update fw to v0.29.127.0 * rtw89: 8922a: add regd fw element with version R72-R6 * rtw89: 8852c: add regd fw element with version R72-R57 * rtw89: 8922a: update BB parameter V49 ==== kernel-firmware-serial ==== Version update (20250627 -> 20250717) - Update to version 20250717 (git commit 6fc20e018cca): * WHENCE: extract more license statements ==== kernel-firmware-sound ==== Version update (20250627 -> 20250721) - Update to version 20250721 (git commit d89120bb80fc): * cirrus: cs35l41: Add Firmware for various ASUS commercial Laptops using CS35L41 HDA * cirrus: cs35l41: Update Firmware for Dell Oasis * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various Dell laptops * qcom: Add Audio topology for QCS6490 RB3Gen2 ==== kernel-firmware-usb-network ==== Version update (20250206 -> 20250717) - Update to version 20250717 (git commit 6fc20e018cca): * WHENCE: extract more license statements ==== kernel-source ==== Version update (6.15.6 -> 6.15.8) Subpackages: kernel-64kb kernel-default - Linux 6.15.8 (bsc#1012628). - KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls (bsc#1012628). - smb: client: let smbd_post_send_iter() respect the peers max_send_size and transmit all data (bsc#1012628). - drm/xe: Move page fault init after topology init (bsc#1012628). - drm/xe/mocs: Initialize MOCS index early (bsc#1012628). - sched/ext: Prevent update_locked_rq() calls with NULL rq (bsc#1012628). - sched,freezer: Remove unnecessary warning in __thaw_task (bsc#1012628). - cifs: Fix reading into an ITER_FOLIOQ from the smbdirect code (bsc#1012628). - cifs: Fix the smbd_response slab to allow usercopy (bsc#1012628). - smb: client: make use of common smbdirect_socket_parameters (bsc#1012628). - smb: smbdirect: introduce smbdirect_socket_parameters (bsc#1012628). - smb: client: make use of common smbdirect_socket (bsc#1012628). - smb: smbdirect: add smbdirect_socket.h (bsc#1012628). - smb: smbdirect: add smbdirect.h with public structures (bsc#1012628). - smb: client: make use of common smbdirect_pdu.h (bsc#1012628). - smb: smbdirect: add smbdirect_pdu.h with protocol definitions (bsc#1012628). - rust: use `#[used(compiler)]` to fix build and `modpost` with Rust >= 1.89.0 (bsc#1012628). - net: libwx: fix multicast packets received count (bsc#1012628). - usb: dwc3: qcom: Don't leave BCR asserted (bsc#1012628). - usb: hub: Don't try to recover devices lost during warm reset (bsc#1012628). - usb: hub: Fix flushing of delayed work used for post resume purposes (bsc#1012628). - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm (bsc#1012628). - usb: hub: fix detection of high tier USB3 devices behind suspended hubs (bsc#1012628). - sched: Change nr_uninterruptible type to unsigned long (bsc#1012628). - efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths (bsc#1012628). - libbpf: Fix handling of BPF arena relocations (bsc#1012628). - drm/mediatek: only announce AFBC if really supported (bsc#1012628). - drm/mediatek: Add wait_event_timeout when disabling plane (bsc#1012628). - Revert "cgroup_freezer: cgroup_freezing: Check if not frozen" (bsc#1012628). - rxrpc: Fix to use conn aborts for conn-wide failures (bsc#1012628). - rxrpc: Fix transmission of an abort in response to an abort (bsc#1012628). - rxrpc: Fix notification vs call-release vs recvmsg (bsc#1012628). - rxrpc: Fix recv-recv race of completed call (bsc#1012628). - rxrpc: Fix irq-disabled in local_bh_enable() (bsc#1012628). - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1012628). - net: bridge: Do not offload IGMP/MLD messages (bsc#1012628). - net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (bsc#1012628). - tls: always refresh the queue when reading sock (bsc#1012628). - virtio-net: fix recursived rtnl_lock() during probe() (bsc#1012628). - hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf (bsc#1012628). - Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (bsc#1012628). - drm/xe/pf: Resend PF provisioning after GT reset (bsc#1012628). - drm/xe/pf: Prepare to stop SR-IOV support prior GT reset (bsc#1012628). - drm/xe: Dont skip TLB invalidations on VF (bsc#1012628). - netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (bsc#1012628). - net: fix segmentation after TCP/UDP fraglist GRO (bsc#1012628). - ipv6: mcast: Delay put pmc->idev in mld_del_delrec() (bsc#1012628). - net: airoha: fix potential use-after-free in airoha_npu_get() (bsc#1012628). - net/mlx5: Correctly set gso_size when LRO is used (bsc#1012628). - Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID (bsc#1012628). - Bluetooth: hci_dev: replace 'quirks' integer by 'quirk_flags' bitmap (bsc#1012628). - Bluetooth: hci_core: add missing braces when using macro parameters (bsc#1012628). - Bluetooth: hci_core: fix typos in macros (bsc#1012628). - Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (bsc#1012628). - Bluetooth: SMP: If an unallowed command is received consider it a failure (bsc#1012628). - Bluetooth: hci_sync: fix connectable extended advertising when using static random address (bsc#1012628). - Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (bsc#1012628). - riscv: traps_misaligned: properly sign extend value in misaligned load handler (bsc#1012628). - riscv: Enable interrupt during exception handling (bsc#1012628). ... changelog too long, skipping 568 lines ... - commit c5fb175 ==== libapparmor ==== - add xkeyboard.diff to allow reading /usr/share/xkeyboard-config-2/ via abstractions/X (boo#1246743) - add kerberosclient-usrmerge.diff to allow reading /usr/etc/krb5.conf (boo#1246689) ==== libbpf ==== Version update (1.5.1 -> 1.6.1) - update to 1.6.0: * add more control over BPF object lifetime with new preparation step (bpf_object__prepare() API) * libbpf will report symbolic error code (e.g., "-EINVAL") in addition to human-readable error description * bpf_prog_stream_read() API * BPF token support when attaching BPF trampoline-based BPF programs in bpf_program__set_attach_target() * BPF token support for BPF_BTF_GET_FD_BY_ID command * support multi-uprobe session (SEC("uprobe.session")) BPF programs * support unique_match option for multi-kprobe attachment * support creating and destroying qdisk with BPF_TC_QDISC flag; * bpf_program__attach_cgroup_opts() which enables more precise cgroup-based attachment ordering * automatically take advantage of memory-mappable kernel BTF (/sys/kernel/btf/vmlinux), if supported * emit_strings option for BTF dumper API, improving string-like data printing * add BPF program's func and line info accessors * BPF linker supports linking ELF object files coming from memory buffer and referenced by FD, in addition to file path-based APIs; * small improvements to BTF dedup to handle rare quirky corner cases produces by some compilers * add likely() and unlikely() convenience macros; * __arg_untrusted annotation for BPF global subprog arguments; * bpf_stream_printk() macro for working with BPF streams; * bpf_usdt_arg_size() API - update to 1.6.0: * fixing a possible crash when handling BPF arena global variable relocations - drop 0001-libbpf-Add-identical-pointer-detection-to-btf_dedup_.patch, which is now included ==== libcddb ==== - Tighten %files, don't glob so much. - Work with newer gettext-runtime. In gettext 0.24.1 the m4 files moved from /usr/share/aclocal/ to /usr/share/gettext/m4 ==== libopenmpt ==== Version update (0.8.1 -> 0.8.2) - Update to 0.8.2: * [Sec] Possible out-of-bounds sample data read in a specific combination of reverse sample playback + offset past sample loop. (r23711). * [Bug] Fixed pre-C++20 undefined behaviour due to left-shifting negative integer values. * Since libopenmpt 0.8.0, swapping between samples on the rear channels could introduce a click on the front channels. * IT: Volume column slides no longer propagate their effect memory to the regular effect column volume slides. * FC: Allow files with a sequence size of 0 to load (fixes a broken copy of cult.smod). ==== libostree ==== Version update (2025.3 -> 2025.4) Subpackages: libostree-1-1 - Update to version 2025.4: + ostree-prepare-root: remove duplicate transient directory + Add root.transient-ro ==== libplist ==== - Fix build with cython 3.1+: * Add patch 0001-cython-Fix-build-with-cython-3.1.patch ==== libquicktime ==== - Enable faad2 support. ==== libreoffice ==== Version update (25.2.4.3 -> 25.2.5.2) Subpackages: libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-en libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-qt6 libreoffice-writer libreofficekit - Update to 25.2.5.2: * Release notes: https://wiki.documentfoundation.org/Releases/25.2.5/RC1 https://wiki.documentfoundation.org/Releases/25.2.5/RC2 - Remove patch, no longer required: * fix_build_with_poppler_25.05.patch ==== libselinux ==== Version update (3.8.1 -> 3.9) Subpackages: libselinux1 selinux-tools - Update to version 3.9 * Fix local literal fcontext definitions priority * Fix order for path substitutions * Limit fcontext regex path length ==== libselinux-bindings ==== Version update (3.8.1 -> 3.9) - Update to version 3.9 * Fix local literal fcontext definitions priority * Fix order for path substitutions * Limit fcontext regex path length ==== libsemanage ==== Version update (3.8.1 -> 3.9) Subpackages: libsemanage-conf libsemanage2 - Update to version 3.9 * Improved POSIX compliance (added semanage_basename) * Add relabel_store config option * Add semanage_handle_create_with_path * Add relabel_store config option to semanage.conf ==== libsepol ==== Version update (3.8.1 -> 3.9) - Update to version 3.9 * Add new 'netif_wildcard' policy capability * Allow multiple policycap statements * Support genfs_seclabel_wildcard * Introduce neveraudit types ==== libstorage-ng ==== Version update (4.5.263 -> 4.5.266) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#1030 - extended logging in testsuite - 4.5.266 - Translated using Weblate (Kabyle) (bsc#1149754) - 4.5.265 - Translated using Weblate (Zulu) (bsc#1149754) - Translated using Weblate (Chinese (Taiwan) (zh_TW)) (bsc#1149754) - Translated using Weblate (Chinese (China) (zh_CN)) (bsc#1149754) - Translated using Weblate (Xhosa) (bsc#1149754) - Translated using Weblate (Walloon) (bsc#1149754) - Translated using Weblate (Vietnamese) (bsc#1149754) - Translated using Weblate (Ukrainian) (bsc#1149754) - Translated using Weblate (Turkish) (bsc#1149754) - Translated using Weblate (Thai) (bsc#1149754) - Translated using Weblate (Tamil) (bsc#1149754) - Translated using Weblate (Swedish) (bsc#1149754) - Translated using Weblate (Slovenian) (bsc#1149754) - Translated using Weblate (Slovak) (bsc#1149754) - Translated using Weblate (Russian) (bsc#1149754) - Translated using Weblate (Romanian) (bsc#1149754) - Translated using Weblate (Portuguese (Brazil)) (bsc#1149754) - Translated using Weblate (Portuguese) (bsc#1149754) - Translated using Weblate (Polish) (bsc#1149754) - Translated using Weblate (Punjabi) (bsc#1149754) - Translated using Weblate (Dutch) (bsc#1149754) - Translated using Weblate (Norwegian Bokmål) (bsc#1149754) - Translated using Weblate (Marathi) (bsc#1149754) - Translated using Weblate (Macedonian) (bsc#1149754) - Translated using Weblate (Lithuanian) (bsc#1149754) - Translated using Weblate (Kurdish) (bsc#1149754) - Translated using Weblate (Korean) (bsc#1149754) - Translated using Weblate (Khmer (Central)) (bsc#1149754) - Translated using Weblate (Georgian) (bsc#1149754) - Translated using Weblate (Japanese) (bsc#1149754) - Translated using Weblate (Italian) (bsc#1149754) - Translated using Weblate (Indonesian) (bsc#1149754) - Translated using Weblate (Hungarian) (bsc#1149754) - Translated using Weblate (Croatian) (bsc#1149754) - Translated using Weblate (Hindi) (bsc#1149754) - Translated using Weblate (Hebrew) (bsc#1149754) - Translated using Weblate (Gujarati) (bsc#1149754) - Translated using Weblate (Galician) (bsc#1149754) - Translated using Weblate (Finnish) (bsc#1149754) - Translated using Weblate (Estonian) (bsc#1149754) - Translated using Weblate (Spanish) (bsc#1149754) - Translated using Weblate (English (United Kingdom)) (bsc#1149754) - Translated using Weblate (Greek) (bsc#1149754) - Translated using Weblate (German) (bsc#1149754) - Translated using Weblate (Danish) (bsc#1149754) - Translated using Weblate (Welsh) (bsc#1149754) - Translated using Weblate (Czech) (bsc#1149754) - Translated using Weblate (Catalan) (bsc#1149754) - Translated using Weblate (Bosnian) (bsc#1149754) - Translated using Weblate (Bengali) (bsc#1149754) - Translated using Weblate (Bulgarian) (bsc#1149754) - Translated using Weblate (Arabic) (bsc#1149754) - Translated using Weblate (Afrikaans) (bsc#1149754) - Translated using Weblate (French) (bsc#1149754) - merge gh#openSUSE/libstorage-ng#1029 - fixed sysfs name and path for numeric named MD RAIDs (bsc#1246331) - coding style - 4.5.264 ==== libxml2 ==== Subpackages: libxml2-2 libxml2-tools - security update - added patches CVE-2025-7425 [bsc#1246296], Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr + libxml2-CVE-2025-7425.patch ==== libxslt ==== Subpackages: libexslt0 libxslt-tools libxslt1 - security update - added patches CVE-2025-7424 [bsc#1246360], Type confusion in xmlNode.psvi between stylesheet and source nodes + libxslt-CVE-2025-7424.patch ==== libyui ==== Version update (4.7.5 -> 4.7.6) - Allow building with CMake 4.0 * Bump cmake_minumum_required to 3.10, which matches what most other modules in libyui use (3.5 is the minimum required to be supportable by CMake 4.0( * Remove CMP0046, as CMake 4.0 no longer supports it. The OLD mode in any case was a workaround for 'badly written CMakeLists.txt', as it just instructed cmake to ignore non-existing dependenices listed in add_dependencies. This package does not rely on non-existing dependencies and builds perfectly without this policy. - 4.7.6 ==== libyui-ncurses ==== Version update (4.7.5 -> 4.7.6) - Allow building with CMake 4.0 * Bump cmake_minumum_required to 3.10, which matches what most other modules in libyui use (3.5 is the minimum required to be supportable by CMake 4.0( * Remove CMP0046, as CMake 4.0 no longer supports it. The OLD mode in any case was a workaround for 'badly written CMakeLists.txt', as it just instructed cmake to ignore non-existing dependenices listed in add_dependencies. This package does not rely on non-existing dependencies and builds perfectly without this policy. - 4.7.6 ==== libyui-ncurses-pkg ==== Version update (4.7.5 -> 4.7.6) - Allow building with CMake 4.0 * Bump cmake_minumum_required to 3.10, which matches what most other modules in libyui use (3.5 is the minimum required to be supportable by CMake 4.0( * Remove CMP0046, as CMake 4.0 no longer supports it. The OLD mode in any case was a workaround for 'badly written CMakeLists.txt', as it just instructed cmake to ignore non-existing dependenices listed in add_dependencies. This package does not rely on non-existing dependencies and builds perfectly without this policy. - 4.7.6 ==== libyui-qt ==== Version update (4.7.5 -> 4.7.6) - Allow building with CMake 4.0 * Bump cmake_minumum_required to 3.10, which matches what most other modules in libyui use (3.5 is the minimum required to be supportable by CMake 4.0( * Remove CMP0046, as CMake 4.0 no longer supports it. The OLD mode in any case was a workaround for 'badly written CMakeLists.txt', as it just instructed cmake to ignore non-existing dependenices listed in add_dependencies. This package does not rely on non-existing dependencies and builds perfectly without this policy. - 4.7.6 ==== libyui-qt-graph ==== Version update (4.7.5 -> 4.7.6) - Allow building with CMake 4.0 * Bump cmake_minumum_required to 3.10, which matches what most other modules in libyui use (3.5 is the minimum required to be supportable by CMake 4.0( * Remove CMP0046, as CMake 4.0 no longer supports it. The OLD mode in any case was a workaround for 'badly written CMakeLists.txt', as it just instructed cmake to ignore non-existing dependenices listed in add_dependencies. This package does not rely on non-existing dependencies and builds perfectly without this policy. - 4.7.6 ==== libyui-qt-pkg ==== Version update (4.7.5 -> 4.7.6) - Allow building with CMake 4.0 * Bump cmake_minumum_required to 3.10, which matches what most other modules in libyui use (3.5 is the minimum required to be supportable by CMake 4.0( * Remove CMP0046, as CMake 4.0 no longer supports it. The OLD mode in any case was a workaround for 'badly written CMakeLists.txt', as it just instructed cmake to ignore non-existing dependenices listed in add_dependencies. This package does not rely on non-existing dependencies and builds perfectly without this policy. - 4.7.6 ==== libyuv ==== - Add fix-narrowing-conversion-initializer-errors-on-LoongArch64.patch Fix C++11 narrowing conversion errors when initializing __m128i constants with unsigned long long literals on LoongArch64 builds. ==== libzypp ==== Version update (17.37.11 -> 17.37.14) - During installation indicate the backend being used (bsc#1246038) If some package actually needs to know, it should test for ZYPP_CLASSIC_RPMTRANS being set in the environment. Otherwise the transaction is driven by librpm. - version 17.37.14 (35) - Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459) - Verbose log libproxy results if PX_DEBUG=1 is set. - BuildRequires: cmake >= 3.17. - version 17.37.13 (35) - Allow explicit request to probe an added repo's URL (bsc#1246466) - Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 (fixes #661) - version 17.37.12 (35) ==== lttng-ust ==== - Enable build for loongarch64 ==== microos-tools ==== Version update (4.0+git17 -> 4.0+git19) - Update to version 4.0+git19: * Add zypp-single-rpmtrans files to spec file * Use single rpmtrans with libzypp by default ==== mozilla-nss ==== Version update (3.112 -> 3.113) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-tools - update to NSS 3.113 * bmo#1963792 - Fix alias for mac workers on try. * bmo#198090 - Part 1: Use AES in the SDR (NSS) r=simonf,nss-reviewers,rrelyea * bmo#1968764 - Bump nssckbi version to 2.78. * bmo#1967548 - Turn off Websites Trust Bit for Chunghwa Telecom ePKI Root in FF 141. * bmo#1965556 - fix frame pointers in intel-gcm.s. * bmo#1971510 - Typo in release notes for NSS 101.4. * bmo#1968665 - Improve nss-release-helper.py. * bmo#1930800 - shlibsign is broken in System FIPS mode. * bmo#1954612 - Need up update NSS for PKCS 3.1: Move IPSEC to 3.1 * bmo#1965327 - PKCS #11 v3.2 header files. ==== mozjs128 ==== Version update (128.12.0 -> 128.13.0) - Update to version 128.13.0: + CVE-2025-8027: JavaScript engine only wrote partial return value to stack + CVE-2025-8028: Large branch table could lead to truncated instruction + CVE-2025-8029: javascript: URLs executed on object and embed tags + CVE-2025-8030: Potential user-assisted code execution in “Copy as cURL” command + CVE-2025-8031: Incorrect URL stripping in CSP reports + CVE-2025-8032: XSLT documents could bypass CSP + CVE-2025-8033: Incorrect JavaScript state machine for generators + CVE-2025-8034: Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 + CVE-2025-8035: Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 ==== multipath-tools ==== Version update (0.11.0+183+suse.3973293 -> 0.11.0+184+suse.9bca786) Subpackages: kpartx libmpath0 - Update to version 0.11.0+184+suse.9bca786: * tests: fix tests when built against cmocka 1.1.8 or newer (gh#openSUSE/multipath-tools#19) ==== ncompress ==== - Fix changelogs ==== ncurses ==== Version update (6.5.20250712 -> 6.5.20250720) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20250720 + further improve readability of header-files + add a consistency-check for termio(s)/tty headers, to help with cross-compiles (report by Stas Sergeev). + remove some unused configure-macros + add xterm+keypad to pccon+base -TD + trim trailing blanks from a few files (report by Stas Sergeev). ==== nvidia-settings ==== Version update (570.153.02 -> 570.172.08) - update to version 570.172.08 (boo#1246327) - update to version 570.169 (boo#1244614) ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0 - Update to version 2.1.11.suse+73.1723affc61eb: * README for rpm build directory * Fix issue with IPv6 adapter interfaces (#508, bsc#1240969) * fwparam_ppc.c: Fix the calloc-transposed-args issue (#504) * Makefile: fix "No rule to make target 'iscsiuio/Makefile.in" issue (#506) * Fix typo in initiator.c (#507) - Fixed some issues in this changes file * One date had incorrect format from 2014 * Two separator lines were formatted incrrectly ==== openSUSE-build-key ==== - obsolete gpg-pubkey-ded64f3b, the openSUSE buildservice global key which was used mistakenly for repository signing. ==== openSUSE-release ==== Version update (20250718 -> 20250727) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== orca ==== - Add orca-large-set-oom.patch: fix possible out-of-memory when presenting gtk 4 list items (glgo#GNOME/orca#560). ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-x11 patterns-base-x11_enhanced - Drop xsetmode and xsetpointer from x11_raspberrypi (boo#1246921) ==== patterns-gnome ==== Subpackages: patterns-gnome-gnome patterns-gnome-gnome_basic patterns-gnome-gnome_basis patterns-gnome-gnome_games patterns-gnome-gnome_imaging patterns-gnome-gnome_internet patterns-gnome-gnome_multimedia patterns-gnome-gnome_office patterns-gnome-gnome_utilities patterns-gnome-gnome_x11 patterns-gnome-gnome_yast patterns-gnome-sw_management_gnome - Explicitly recommends Google Noto Arabic fonts in GNOME (bsc#1246323). ==== patterns-xfce ==== Subpackages: patterns-xfce-xfce patterns-xfce-xfce_basis patterns-xfce-xfce_laptop - Use brignessctl for brigtness control on Xfce/Wayland Laptops code-o-o#leap/features#218 - Add missing MozillaFirefox to xfce_basis_wayland - Add greetd and gtkgreet as a minimal Display Manager solution. These are pulled by new greetd-gtkgreet-xfce-wayland which runs gtkgreet with cage and starts startxfce --wayland ==== pciutils ==== Version update (3.13.0 -> 3.14.0) Subpackages: libpci3 - Update to 3.14.0: * New capabilities are decoded: VirtIO SharedMemory, Physical Layer 16 to 64 GT/s, Flit Mode, Device 3, Intel vendor- specific. * got definitions of new classes and capabilities from PCI Code and ID Assignment rev 1.18 * can be included from C++ programs * Updated pci.ids ==== perl-Authen-SASL ==== - security update - added patches CVE-2025-40918 [bsc#1246623], insecurely generated client nonce + perl-Authen-SASL-CVE-2025-40918.patch ==== perl-libwww-perl ==== Version update (6.780.0 -> 6.790.0) - updated to 6.790.0 (6.79) see /usr/share/doc/packages/perl-libwww-perl/Changes 6.79 2025-06-27 22:43:32Z - Remove example references to malicious domain (GH#476) (Devin Dooley) - Documentation updates for mirror (GH#470) (Julien Fiegehenn) - Allow underscores in headers not to be removed in lwp-request (GH#443) (@JohnHughesAtlantech and Olaf Alders) ==== pipewire ==== Version update (1.4.6 -> 1.4.7) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 1.4.7: * Highlights - Improve latency handling in echo-cancel. - Don't leak SyncObj fds in client-node. - Improve the adaptive resampler performance. - Some more fixes and improvements. * modules - Set module-echo-cancel latency correctly. - Avoid extra latency in echo-cancel by dropping samples when one end is paused. - Don't leak SyncObj fds in client-node. (#4807) * SPA - Actually enable echo cancellation when using webrtc 2.0 - Improve ALSA driver resampling setup and follower adaptive resampling. - Fix an off-by-one in the delay filter. - Improve the adaptive resampler performance. * bluetooth - Improve compatibility with some JBL flip and change models. * GStreamer - Add some format validations. ==== pixman ==== - Disable LTO on riscv64 due to gcc bug 110812 ==== policycoreutils ==== Version update (3.8.1 -> 3.9) Subpackages: policycoreutils-python-utils python313-policycoreutils - Update to version 3.9 * setfiles: Add -U option to modify user and role portions * semodule: Add [-g PATH |--config=PATH] for an alternate path for the semanage config * Updated usr_etc.patch - Moved /etc/sestatus.conf to /usr/etc. - This patch is upstream: https://github.com/SELinuxProject/selinux/pull/415 ==== polkit-default-privs ==== Version update (1550+20250603.5d84a17 -> 1550+20250721.f1b71a3) - Update to version 1550+20250721.f1b71a3: * profiles: dnf5daemon-server execute_trusted_transaction (bsc#1245451) ==== poppler ==== Subpackages: libpoppler-cpp2 libpoppler-glib8 libpoppler151 poppler-tools - Do not build the qt5 flavor in SLE16. ==== poppler-qt6 ==== - Do not build the qt5 flavor in SLE16. ==== protobuf ==== Subpackages: libprotobuf-lite31_1_0 libprotobuf31_1_0 libutf8_range-31_1_0 - Cherry-pick protobuf-fix-google-imports.patch to fix import issues of reverse-dependency packages within the google namespace (bsc#1244918) ==== python-Automat ==== Version update (24.8.1 -> 25.4.16) - update to 25.4.16: * documentation update * allow python 3.13 ==== python-Babel ==== - Add reproducible.patch to normalize date in .po (boo#1047218) ==== python-anyio ==== Version update (4.8.0 -> 4.9.0) - Inject multibuild to break a build loop. - Update to 4.9.0: * Added async support for temporary file handling (#344; PR by @11kkw) * Added 4 new fixtures for the AnyIO pytest plugin: * free_tcp_port_factory: session scoped fixture returning a callable that generates unused TCP port numbers * free_udp_port_factory: session scoped fixture returning a callable that generates unused UDP port numbers * free_tcp_port: function scoped fixture that invokes the free_tcp_port_factory fixture to generate a free TCP port number * free_udp_port: function scoped fixture that invokes the free_udp_port_factory fixture to generate a free UDP port number * Added stdin argument to anyio.run_process() akin to what anyio.open_process(), asyncio.create_subprocess(), trio.run_process(), and subprocess.run() already accept (PR by @jmehnle) * Added the info property to anyio.Path on Python 3.14 * Changed anyio.getaddrinfo() to ignore (invalid) IPv6 name resolution results when IPv6 support is disabled in Python * Changed EndOfStream raised from MemoryObjectReceiveStream.receive() to leave out the AttributeError from the exception chain which was merely an implementation detail and caused some confusion * Fixed traceback formatting growing quadratically with level of TaskGroup nesting on asyncio due to exception chaining when raising ExceptionGroups in TaskGroup.__aexit__ (#863; PR by @tapetersen) * Fixed anyio.Path.iterdir() making a blocking call in Python 3.13 (#873; PR by @cbornet and @agronholm) * Fixed connect_tcp() producing cyclic references in tracebacks when raising exceptions (#809; PR by @graingert) * Fixed anyio.to_thread.run_sync() needlessly holding on to references of the context, function, arguments and others until the next work item on asyncio (PR by @Wankupi) ==== python-lxml ==== Version update (5.4.0 -> 6.0.0) - Update to 6.0.0: * ``lxml.html.diff`` is faster and provides structurally better diffs. * The factories ``Element`` and ``ElementTree`` can now be used in type hints. * Parsing from ``memoryview`` and other buffers is supported to allow zero-copy parsing. * ``lxml.html.builder`` was missing several HTML5 tag names. * ``CDATA`` can now be written into the incremental ``xmlfile()`` writer. * A new parser option ``decompress=False`` was added that controls the automatic input decompression when using libxml2 2.15.0 or later. * The set of compile time / runtime supported libxml2 feature names is available as ``etree.LIBXML_COMPILED_FEATURES`` and ``etree.LIBXML_FEATURES``. * Predicates in ``.find*()`` could mishandle tag indices if a default namespace is provided. * The ``head`` and ``body`` properties of ``lxml.html`` elements failed if no such element was found. They now return ``None`` instead. * Tag names provided by code (API, not data) that are longer than ``INT_MAX`` could be truncated or mishandled in other ways. * ``.text_content()`` on ``lxml.html`` elements accidentally returned a "smart string" without additional information. It now returns a plain string. * Support for Python < 3.8 was removed. * Parsing directly from zlib (or lzma) compressed data is now considered an optional feature in lxml. * The ``Schematron`` class is deprecated and will become non-functional in a future lxml version. * Built using Cython 3.1.2. * The debug methods ``MemDebug.dump()`` and ``MemDebug.show()`` were removed completely. - Use pyproject macros to build and install. - Dropped patch skip-test-under-libxml2-2.11.1.patch, no longer required. ==== python-semanage ==== Version update (3.8.1 -> 3.9) - Update to version 3.9 * Improved POSIX compliance (added semanage_basename) * Add relabel_store config option * Add semanage_handle_create_with_path * Add relabel_store config option to semanage.conf ==== python-typing_extensions ==== Version update (4.14.0 -> 4.14.1) - update to 4.14.1: * Fix usage of `typing_extensions.TypedDict` nested inside other types (e.g., `typing.Type[typing_extensions.TypedDict]`). This is not allowed by the type system but worked on older versions, so we maintain support. ==== python311 ==== Subpackages: python311-curses python311-dbm - Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705). - Use one core to build doc. This will make sphinx doc build reproducible. bsc#1243155 ==== python311-core ==== Subpackages: libpython3_11-1_0 python311-base - Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705). - Use one core to build doc. This will make sphinx doc build reproducible. bsc#1243155 ==== python313 ==== Subpackages: python313-curses python313-dbm python313-tk - Fix gil/nogil package description, bsc#1246229 - Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705). - Add bsc1243155-sphinx-non-determinism.patch (bsc#1243155) to generate ids for audit_events using docname (reproducible builds). - Use one core to build doc. This will make sphinx doc build reproducible. bsc#1243155 ==== python313-core ==== Subpackages: libpython3_13-1_0 python313-base - Fix gil/nogil package description, bsc#1246229 - Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705). - Add bsc1243155-sphinx-non-determinism.patch (bsc#1243155) to generate ids for audit_events using docname (reproducible builds). - Use one core to build doc. This will make sphinx doc build reproducible. bsc#1243155 ==== qemu ==== Subpackages: qemu-arm qemu-audio-spice qemu-block-curl qemu-block-nfs qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-img qemu-ipxe qemu-ksm qemu-pr-helper qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios - Fix bsc#1246566: * [roms] seabios: include "pciinit: don't misalign large BARs" (bsc#1246566) ==== qgpgme ==== Version update (1.24.3 -> 2.0.0) - Add requirements to gpgmepp to -devel packages to avoid breaking plasma-pass, and correctness - disable 32-bit libraries for Qt6 flavor - enable Qt5 for Kf5 kwallet boo#1244605 - initial version, upstream split the language bindings from 2.0.0 ==== sdbootutil ==== Version update (1+git20250716.b03c12f -> 1+git20250724.553d46c) Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper - Update to version 1+git20250724.553d46c: * measure-pcr-validator: fail if the file is missing * measure-pcr-validator.service: Run after initrd-root-device.target * measure-pcr-validator.service: Fix failure handling * Clean the default snapshot in Tumbleweed * Improve volume key extraction - Update to version 1+git20250722.bf18f3b: * Measure kernel in PCR4 for grub2-bls if secure-boot - Update to version 1+git20250718.9f557f7: * MicroOS mounts encrypted /var in initrd ==== sdl2-compat ==== - Change license to Zlib ==== sqlite3 ==== Version update (3.50.2 -> 3.50.3) Subpackages: libsqlite3-0 sqlite3-tcl - Update to version 3.50.3: * Fix a possible memory error that can occur if a query is made against against FTS5 index that has been deliberately corrupted in a very specific way. * Fix the parser so that it ignored SQL comments in all places of a CREATE TRIGGER statement. This resolves a problem that was introduced by the introduction of the SQLITE_DBCONFIG_ENABLE_COMMENTS feature in version 3.49.0. * Fix an incorrect answer due to over-optimization of an AND operator. ==== sshfs ==== - Don't globstar files in shared directory _bindir. - build the man page ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-boot systemd-container systemd-experimental udev - systemd-testsuite: fix Requires to systemd-ukify - systemd-update-helper: fix regression introduced when support for package renaming/splitting was added (bsc#1245551) The cleanup of the flags in /run/systemd/rpm was previously handled in the %pretrans/%posttrans sections of the systemd main package. However, this method was ineffective if systemd was not part of the transaction. The cleanup is now run in %transfiletriggerin instead. - Add sub-package for ukify binary. move ukify from experimental package to a dedicated sub package. ==== sysuser-tools ==== - disable the buildroot virus scanning, as it needs the vscan user this package provides. (bsc#1246878) ==== tbb ==== Version update (2022.1.0 -> 2022.2.0) - Drop excessive gcc flags: add cf-prot.patch. - Update to version 2022.2.0: * Improved Hybrid CPU and NUMA Platforms API Support: Enhanced API availability for better compatibility with Hybrid CPU and NUMA platforms. * Refined Environment Setup: Replaced CPATH with C_INCLUDE_PATH and CPLUS_INCLUDE_PATH in environment setup to avoid unintended compiler warnings caused by globally applied include paths. ==== thunar ==== Version update (4.20.3 -> 4.20.4) Subpackages: libthunarx-3-0 thunar-lang - Update to 4.20.4 * Improve file add/remove checks for ThunarFolder (#1649) * Properly update view after hidden file rename * Always reload ThunarFiles on change notice (#1650) * Directly notify after file reload (#1650) * Set initial state of "Restore" button (#1663) * Fix quoting when running shell scripts in a terminal (#1661) * Avoid use-after-free in rename dialog when file is changed * Fix a GFile leak in _thunar_io_jobs_rename * Fix use-after-free in thunar_renamer_dialog_response (#1458) * Fix use-after-free on exit with search tabs open (#1593) * Translation Updates ==== unbound ==== Subpackages: libunbound8 unbound-anchor - Remove leftover dependency on sudo (not required) See also: boo#1215628 ==== update-bootloader ==== Version update (1.24 -> 1.25) - merge gh#openSUSE/perl-bootloader#191 - avoid spurious warning messages when parsing /etc/default/grub (bsc#1246373, bsc#1245323) - 1.25 ==== vulkan-loader ==== Version update (1.4.313 -> 1.4.321) - Update to tag SDK-1.4.321.0 * Simplify portability enumeration variables. * Only call surface creation functions on supported drivers. * Add vkGetPhysicalDeviceSurfaceSupportKHR test when ICD does not support the surface extension. ==== vulkan-tools ==== Version update (1.4.313 -> 1.4.321) - Update to tag SDK-1.4.321.0 * cube: prefer Wayland over X11 when available ==== xf86-video-voodoo ==== - add '--install' option to 'autoreconf --force' to fix build on TW ==== xfce4-screensaver ==== Version update (4.18.3 -> 4.20.0) - Update to version 4.20.0 * Add meson build * build: Automate copyright year management * build: Guard config.h include with HAVE_CONFIG_H * build: Remove X-XFCE-{Autostart,Bugzilla}-* from desktop files * build: Install docbook.css * build: Replace xdt-csource with glib-compile-resources * build: Remove xscreensaver migration * build: Remove --with-xscreensaverdir option * build: Rename xfce4-screensavers.menu from .in * prefs: Enable fullscreen-inhibit by default * lock-plug: Fix possible null dereference * lock-plug: Fix possible null dereference * configure.py: Properly init settings when opening dialog * configure.py: Fix unquoted command tokens * slideshow: Increase timeout to switch image a bit * build: Add missing dep flags * I18n: Update po/LINGUAS list * Exit early in unsupported windowing environments * Apply .clang-format file * Preliminary cleanup * Sort includes * clang-format: Add file * wayland: manager: Fix activated/deactivated signal emission * wayland: Use ext-idle-notify protocol * wayland: Make sure text entry of unlock dialog is grabbed * wayland: Use ext-session-lock protocol * Remove -x11 suffix from file names that do not contain an X11 impl * wayland: Use WleGtkSocket and WleGtkPlug from libwlembed * Guard X11 code paths at buildtime and runtime * Add GSListener abstract class and X11 impl * Rename GSListener to GSListenerDBus * Get screen dimensions from GDK instead of X11-specific APIs * Use %lu or %lX to print or scan X11 window ID * prefs-dialog: Use a placeholder for the socket in the glade file * lock-plug: Derive from GObject and make GtkPlug a class member * Use GtkSocket/GtkPlug instead of GtkDrawingArea/GSThemeWindow * build: Use AM_DISTCHECK_CONFIGURE_FLAGS * build: Use XDT_CHECK_PACKAGE and XDT_CHECK_OPTIONAL_FEATURE * build: Various cleanups * build: Check for libxext * build: Remove check for sigaction * Remove DPMS support * Remove xfce4-screensaver-gl-helper * Revert "Exit early in non-X11 environments" * Translation Updates - Add 0001-relax_versions.diff to accept some elder packages on Leap 15.6, which are still sufficient. - Update to version 4.18.4 * Exit early in non-X11 environments * Fix return codes in main() functions * prefs-dialog: Remove subtitle * Revert "prefs-dialog: Remove subtitle" * prefs-dialog: Remove subtitle * xfce-bg: Update default fallback wallpaper * xfce-bg: Default to XFCE_BG_PLACEMENT_ZOOMED when image-style is missing * Fix blurry avatar when UI scale > 1 * Fix blurry background when UI scale > 1 * I18n: Update po/LINGUAS list * prefs-dialog: Fix GtkTreePath leaks * I18n: Update po/LINGUAS list * lock-plug: Fix GVariant leak when switching user * lock-plug: Fix GVariant leak * Fix GSMonitor leak when screensaver fails to start * lock-plug: Fix GtkBuilder leak * prefs-dialog: Fix string leak * Fix string leaks in xfce_bg_load_from_xfconf * Fix string leak in get_themes_menu * lock-plug: Fix string leak * Fix string leak in xfce_bg_load_from_xfconf * Added image cropping to the slideshow screensaver * lock-plug: Use consistent keymap for capslock detection * lock-plug: Silence gdk-pixbuf warning * listener: Fix fullscreen inhibit * gcc-analyzer: Fix -Wanalyzer-possible-null-argument * gcc-analyzer: Fix -Wanalyzer-null-dereference * build: clang: Fix -Wsingle-bit-bitfield-constant-conversion * slideshow: Do not load image if window size is invalid * lock-plug: Draw background in constructed() * Revert "lock-plug: Delay background drawing at startup" * Use same debug function everywhere * lock-plug: Delay background drawing at startup * xfce4-screensaver-preferences.desktop: Add Keywords * Rename directory file to desktop for gettext detection * Add .py extension to xfce4-screensaver-configure for gettext detection * xfce4-screensaver-dialog: Restore "Password:" filter * xfce4-screensaver-dialog: Remove custom status text mapper * gs-lock-plug: Improve utf8 string check in show_status_text * I18n: Update po/LINGUAS list * build: Switch from intltool to gettext * Skip including crypt.h on FreeBSD * Translation Updates ==== xkeyboard-config ==== - make %pretrans lua script more robust to avoid endless loops during package installation (boo#1246768) ==== yast2 ==== Version update (5.0.13 -> 5.0.15) Subpackages: yast2-logs - Do not try installing packages into the inst-sys during installation (bsc#1240867) - 5.0.15 - Improved checking TPM2 device. (bsc#1245247) - 5.0.14 ==== yast2-control-center ==== Version update (5.0.1 -> 5.0.2) Subpackages: yast2-control-center-qt - Allow building using CMake 4.0 by bumping the minimum for cmake to 3.5.(boo#1239788). - 5.0.2 ==== yast2-iscsi-client ==== Version update (5.0.8 -> 5.0.9) - Ensure to hide passwords (bsc#1246833) - 5.0.9 - Do not filter netcard cards by iscsioffload feature as for example it is not present in qede/qedi devices (bsc#1236433). ==== yast2-packager ==== Version update (5.0.6 -> 5.0.8) - Fix Internal Error: Encoding::CompatibilityError when adding SLE-HA as add-on product (bsc#1245555) - 5.0.8 - Prevent a crash if a repo doesn't have a baseurl, but possibly a mirrorlist instead (bsc#1244040) - 5.0.7 ==== yast2-ruby-bindings ==== Version update (5.0.4 -> 5.0.5) - Allow building using CMake 4.0 by bumping the minimum for cmake to 3.5 (boo#1239788). - 5.0.5 ==== yast2-storage-ng ==== Version update (5.0.33 -> 5.0.34) - Fixed an error when encrypting a disk that originally contains partitions (bsc#1246970, related to bsc#1246939) - 5.0.34 ==== yast2-trans ==== Version update (84.87.20250710.2e450abe00 -> 84.87.20250721.46ecd273d2) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20250721.46ecd273d2: * Translated using Weblate (Georgian) * Translated using Weblate (Ukrainian) * Update translation files * New POT for text domain 'base'. * Update translation files * New POT for text domain 'control'. ==== zypper ==== Version update (1.14.92 -> 1.14.93) Subpackages: zypper-log zypper-needs-restarting - Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466) - Accept "show" as alias for "info" (bsc#1245985) - version 1.14.93