Packages changed: Mesa (25.1.5 -> 25.1.6) Mesa-drivers (25.1.5 -> 25.1.6) MicroOS-release (20250718 -> 20250727) apparmor avahi avahi-glib2 busybox busybox-links checkpolicy (3.8.1 -> 3.9) cloud-init (25.1.1 -> 25.1.3) cockpit cockpit-podman (104 -> 107) curl (8.14.1 -> 8.15.0) docker dracut-pcr-signature (0.6+0 -> 0.6+2) firewalld fuse fuse3 (3.17.2 -> 3.17.3) fwupd (2.0.12 -> 2.0.13) gdk-pixbuf ghostscript-fonts grub2 gstreamer (1.26.3 -> 1.26.4) gstreamer-plugins-bad (1.26.3 -> 1.26.4) gstreamer-plugins-base (1.26.3 -> 1.26.4) harfbuzz (11.2.1 -> 11.3.2) hplip hyper-v kdump (2.1.0 -> 2.1.4) kernel-firmware-amdgpu (20250708 -> 20250718) kernel-firmware-bluetooth (20250707 -> 20250714) kernel-firmware-intel (20250603 -> 20250718) kernel-firmware-media (20250627 -> 20250717) kernel-firmware-mellanox (20250408 -> 20250717) kernel-firmware-network (20250627 -> 20250717) kernel-firmware-nvidia kernel-firmware-platform (20250627 -> 20250717) kernel-firmware-qcom (20250708 -> 20250714) kernel-firmware-qlogic (20250206 -> 20250717) kernel-firmware-realtek (20250630 -> 20250717) kernel-firmware-serial (20250627 -> 20250717) kernel-firmware-sound (20250627 -> 20250721) kernel-firmware-usb-network (20250206 -> 20250717) kernel-source (6.15.6 -> 6.15.8) libapparmor libbpf (1.5.1 -> 1.6.1) libcddb libdnf libopenmpt (0.8.1 -> 0.8.2) libostree (2025.3 -> 2025.4) libplist libselinux (3.8.1 -> 3.9) libselinux-bindings (3.8.1 -> 3.9) libsemanage (3.8.1 -> 3.9) libsepol (3.8.1 -> 3.9) libxml2 libxslt libyuv libzypp (17.37.11 -> 17.37.14) microos-tools (4.0+git17 -> 4.0+git19) mozilla-nss (3.112 -> 3.113) multipath-tools (0.11.0+183+suse.3973293 -> 0.11.0+184+suse.9bca786) ncurses (6.5.20250712 -> 6.5.20250720) open-iscsi openSUSE-build-key patterns-base patterns-microos pciutils (3.13.0 -> 3.14.0) pipewire (1.4.6 -> 1.4.7) pixman policycoreutils (3.8.1 -> 3.9) polkit-default-privs (1550+20250603.5d84a17 -> 1550+20250721.f1b71a3) poppler poppler-qt6 protobuf python-gpg (1.24.3 -> 2.0.0) python-jsonschema (4.24.0 -> 4.25.0) python-semanage (3.8.1 -> 3.9) python-typing_extensions (4.14.0 -> 4.14.1) python313 python313-core qemu rebootmgr (3.3+git20250512.b6e4e84 -> 3.3+git20250722.adf0149) sdbootutil (1+git20250716.b03c12f -> 1+git20250724.553d46c) sdl2-compat sqlite3 (3.50.2 -> 3.50.3) systemd sysuser-tools tbb (2022.1.0 -> 2022.2.0) transactional-update (5.0.6 -> 5.0.7) update-bootloader (1.24 -> 1.25) vulkan-loader (1.4.313 -> 1.4.321) vulkan-tools (1.4.313 -> 1.4.321) xkeyboard-config yast2 (5.0.13 -> 5.0.15) zypper (1.14.92 -> 1.14.93) === Details === ==== Mesa ==== Version update (25.1.5 -> 25.1.6) Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1 - Customise drivers for loongarch64 - Update to release 25.1.6 - -> https://docs.mesa3d.org/relnotes/25.1.6 ==== Mesa-drivers ==== Version update (25.1.5 -> 25.1.6) Subpackages: Mesa-dri Mesa-gallium Mesa-vulkan-device-select libvulkan_lvp - Customise drivers for loongarch64 - Update to release 25.1.6 - -> https://docs.mesa3d.org/relnotes/25.1.6 ==== MicroOS-release ==== Version update (20250718 -> 20250727) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== apparmor ==== - add xkeyboard.diff to allow reading /usr/share/xkeyboard-config-2/ via abstractions/X (boo#1246743) - add kerberosclient-usrmerge.diff to allow reading /usr/etc/krb5.conf (boo#1246689) ==== avahi ==== Subpackages: libavahi-client3 libavahi-common3 libavahi-core7 - Add patch submitted to upstream at to enable building with Qt6 and add that flavor: 0001-Enable-building-with-Qt6.patch - Disable building the Qt5 flavor in SLE16. ==== avahi-glib2 ==== - Add patch submitted to upstream at to enable building with Qt6 and add that flavor: 0001-Enable-building-with-Qt6.patch - Disable building the Qt5 flavor in SLE16. ==== busybox ==== - add placeholder variable and ignore applet logic to busybox.install - enable halt, poweroff, reboot commands (bsc#1243201) ==== busybox-links ==== Subpackages: busybox-coreutils busybox-diffutils busybox-grep busybox-gzip busybox-hostname busybox-sed busybox-xz - add filtering of ignored applets to busybox.install ==== checkpolicy ==== Version update (3.8.1 -> 3.9) - Update to version 3.9 * Add support for wildcard netifcon names * Abort on mismatched declarations * Introduce neveraudit types ==== cloud-init ==== Version update (25.1.1 -> 25.1.3) - Update to version 25.1.3 (bsc#1245403) + Forward port - cloud-init-no-openstack-guess.patch + docs: provide example3 for PAM and ssh_pwauth behavior (#27) + fix: Make hotplug socket writable only by root (#25) (CVE-2024-11584) + fix: Don't attempt to identify non-x86 OpenStack instances (LP: #2069607) (CVE-2024-6174) From 25.1.2 + fix: ensure MAAS datasource retries on failure (#6167) ==== cockpit ==== Subpackages: cockpit-bridge cockpit-networkmanager cockpit-packagekit cockpit-system cockpit-ws cockpit-ws-selinux - add 0001-cockpit-overview-support-SUSE_SUPPORT_PRODUCT-keys.patch - add 0002-cockpit-kdump-support-SLE-micro-6.2.patch - add 0003-branding-use-SUSE_SUPPORT_PRODUCT-and-SUSE_SUPPORT_P.patch to fix bsc#1241003 - update check_cockpit_users to only check for systemd support in /etc/nsswitch.conf bsc#1246408 - add a requirement on /usr/sbin/kdumptool for cockpit-kdump (bsc#1227402) - add libzypp-plugin-appdata dependency to cockpit-packagekit as this will generate the swcatalog which it depends on for calculating various cockpit packages - Show reboot nofication after updates in packagekit * Add 0009-packagekit-reboot-notification.patch ==== cockpit-podman ==== Version update (104 -> 107) - Update to 107 * Bug fixes * Translation updates ==== curl ==== Version update (8.14.1 -> 8.15.0) Subpackages: libcurl4 - Update to 8.15.0: * Changes: - TLS: remove support for Secure Transport and BearSSL * Bugfixes: - cf-socket: make socket data_pending a nop - configure: order LDAP after the SSL libraries - curl: improve non-blocking STDIN performance - curl_get_line: make sure lines end with newline - curl_path: make SFTP handle a path like /~ properly. - curlinfo: provide the 'digest' feature - digest: fix build with disabled digest auth - docs: note SSLS-EXPORT feature in -ssl-sessions doc - docs: reflect that delimiter-separated capath is only OpenSSL - docs: sync -tls-earlydata support w/ CURLOPT_SSL_OPTIONS - http/3: report handshake with version and cipher as for TCP connections - http2: do not delay RST send on aborted transfer - http_ntlm: protect against null deref - ldap: initial support for --with-ldap option - lib: address singleuse issues - lib: avoid reusing unclean connection - lib: drop two interim macros in favor of native libcurl API calls - lib: stop 'time()' debug overrides at the end of source in altsvc, hsts - lib: unify recv/send function signatures - memdebug.h: #undef 'fclose' before defining it - openssl: enable readahead - openssl: error on SSL_ERROR_SYSCALL - openssl: fix handling of buffered data - openssl: fix openssl engine use - openssl: fix pkcs11 provider available check - quic: implement CURLINFO_TLS_SSL_PTR - schannel: allow partial chains for manual peer verification - SCP/SFTP: avoid busy loop after EAGAIN - socks: fix query when filter context is null - tls: remove Curl_ssl false_start - tool_getparam: fix --ftp-pasv - tool_operate: fix return code when --retry is used but not triggered - top-complexity: lower max allowed complexity threshold to 90 - url: fix NULL deref with bad password when no user is provided - urlapi: use uppercase hex encoding - vtls: change send/recv signatures of tls backends - vtls: prefer ciphersuite to cipher in msgs - vtls: prefer rustls-ffi ciphersuite name API - xfer: manage pause bits * Remove patches upstream: - curl-fix--ftp-pasv.patch - fix-return-code-with-retry.patch ==== docker ==== Subpackages: docker-buildx docker-rootless-extras - Update to docker-buildx v0.26.1. Upstream changelog: - Update to docker-buildx v0.26.0. Upstream changelog: ==== dracut-pcr-signature ==== Version update (0.6+0 -> 0.6+2) - Update to version 0.6+2 (bsc#1246322): * Extract the token from os-release - Update to version 0.6+1: * Fix typo in service description ==== firewalld ==== - Adding Python multiversion support, will enable firewalld pkg to provide Python libraries compatible with all supported Python versions. ==== fuse ==== - Workaround gettext 0.25 behavioral changes and call autopoint as needed [boo#1246701] ==== fuse3 ==== Version update (3.17.2 -> 3.17.3) Subpackages: libfuse3-4 - Update to release 3.17.3 * Avoid possible double unmount on FUSE_DESTROY ==== fwupd ==== Version update (2.0.12 -> 2.0.13) Subpackages: libfwupd3 typelib-1_0-Fwupd-2_0 - Update to version 2.0.13: + This release adds the following features: - Add a daemon config option to ignore efivars free space - Add support for glob-aware version comparison requirements - Allow targeting specific regions in FMAP when using flashrom - Detect static variables and magic numbers during code review - Remove the unused hailuck and rts54hid plugins + This release fixes the following bugs: - Align MTD erase up to the erasesize as necessary - Allow parsing IGSC OptionROM when using fwupdtool - Allow removing private flags from UEFI capsule devices in quirks - Do not copy the vendor for Intel reference ME firmware - Do not use an interactive console if stdout is redirected - Fix the UEFI self-test when the capsule splash is disabled - Get better device information when using PCI-backed MTD devices - Get the Intel GPU SKU and SVN when using BMG hardware - Make MBIM modem devices emulatable - Make sure fwupdtool.exe is available in the Windows PATH - Only show the 'Full Disk Encryption Detected' warning when required - Set all QCDM modem devices to raw mode when updating - Show all devices for fwupdtool get-devices --show-all --force - Show correct dbx version if non-Microsoft entries are present - Show KEK device attributes in fwupdmgr - Use an alternate GUID when the Intel GPU is in recovery mode - Use the kernel netlink hotplug socket when there is no Udev - Various small changes to speed up startup by 60% and lower RSS by 40% + This release adds support for the following hardware: - HP USB-C 100W G6 Dock - Logitech Bulk Controller pheripherals - More MediaTek scaler devices ==== gdk-pixbuf ==== Subpackages: gdk-pixbuf-query-loaders libgdk_pixbuf-2_0-0 typelib-1_0-GdkPixbuf-2_0 - Add gdk-pixbuf-fix-decoder-written-bytes-reporting.patch: Fix memory leak caused by wrong written bytes reported by decoder (bsc#1245227). ==== ghostscript-fonts ==== - Remove the -converted subpackage that uses ttf-converter. Anyone using these fonts should actually use the urw-base35-fonts package. ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-common grub2-snapper-plugin - Fix test -f and -s do not work properly over the network files served via tftp and http (bsc#1246157) (bsc#1246237) * 0001-test-Fix-f-test-on-files-over-network.patch * 0002-http-Return-HTTP-status-code-in-http_establish.patch * 0003-docs-Clarify-test-for-files-on-TFTP-and-HTTP.patch * 0004-tftp-Fix-hang-when-file-is-a-directory.patch ==== gstreamer ==== Version update (1.26.3 -> 1.26.4) Subpackages: libgstreamer-1_0-0 - Update to version 1.26.4: + Highlighted bugfixes in 1.26.4: - adaptivedemux2: Fixed reverse playback - d3d12screencapture: Add support for monitor add/remove in device provider - rtmp2src: various fixes to make it play back AWS medialive streams - rtph265pay: add profile-id, tier-flag, and level-id to output rtp caps - vp9parse: Fix handling of spatial SVC decoding - vtenc: Fix negotiation failure with profile=main-422-10 - gtk4paintablesink: Add YCbCr memory texture formats and other improvements - livekit: add room-timeout - mp4mux: add TAI timestamp muxing support - rtpbin2: fix various race conditions, plus other bug fixes and performance improvements - threadshare: add a ts-rtpdtmfsrc element, implement run-time input switching in ts-intersrc - webrtcsink: fix deadlock on error setting remote description and other fixes. - cerbero: WiX installer: fix missing props files in the MSI packages - smaller macOS/iOS package sizes - Various bug fixes, build fixes, memory leak fixes, and other stability and reliability improvements + gstreamer: - tracers: Fix deadlock in latency tracer - Fix various valgrind/test errors when GST_DEBUG is enabled - More valgrind and test fixes - Various ASAN fixes ==== gstreamer-plugins-bad ==== Version update (1.26.3 -> 1.26.4) Subpackages: libgstphotography-1_0-0 libgstplay-1_0-0 - Update to version 1.26.4: + avtp: crf: Setup socket during state change to ensure we handle failure + d3d12screencapture: Add support for monitor add/remove in device provider + mpegtsmux: fix double free caused by shared PMT descriptor + openh264: Ensure src_pic is initialized before use + rtmp2src: various fixes to make it play back AWS medialive streams + ssdobjectdetector: Use correct tensor data index for the scores + v4l2codecs: h265dec: Fix zero-copy of cropped window located at position 0,0 + vp9parse: Fix handling of spatial SVC decoding + vp9parse: Revert "Always default to super-frame" + vtenc: Fix negotiation failure with profile=main-422-10 + vulkan: Fix drawing too many triangles in fullscreenquad + vulkanfullscreenquad: add locks for synchronisation + Fix various valgrind/test errors when GST_DEBUG is enabled + More valgrind and test fixes + Various ASAN fixes ==== gstreamer-plugins-base ==== Version update (1.26.3 -> 1.26.4) Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 - Update to version 1.26.4: + Revert "streamsynchronizer: Consider streams having received stream-start as waiting" + alsa: free conf cache under valgrind + gst-device-monitor: Fix caps filter splitting + Fix various valgrind/test errors when GST_DEBUG is enabled + More valgrind and test fixes + Various ASAN fixes ==== harfbuzz ==== Version update (11.2.1 -> 11.3.2) Subpackages: libharfbuzz-gobject0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - Update to version 11.3.2: + Fix build with non-compliant C++11 compilers that don't recognize the "and" keyword. - Changes from version 11.3.1: + Fix crasher in the glyph_v_origin function introduced in 11.3.0. - Changes from version 11.3.0: + Speed up handling fonts with very large number of variations. + Speed up getting horizontal and vertical glyph advances by up to 24%. + Significantly speed up vertical text shaping. + Various documentation improvements. + Various build improvements. + Various subsetting improvements. + Various improvements to Rust font functions (fontations integration) and shaper (HarfRust integration). + Rename harfruzz option and shaper to harfrust following upstream rename. + Implement hb_face_reference_blob() for DirectWrite font functions. ==== hplip ==== Subpackages: hplip-hpijs hplip-udev-rules - Fix ReDoS issue in HPLIP's SLP parser (bsc#1245358) * add Fix-ReDoS-issue-in-HPLIP-s-SLP-parser.patch ==== hyper-v ==== - fcopy: Fix irregularities with size of ring buffer (a4131a50) - fcopy: Fix incorrect file path conversion (0d86a8d6) ==== kdump ==== Version update (2.1.0 -> 2.1.4) - upgrade to version 2.1.4 * work around failing calibration on aarch64 * support for kernel flavour-specific calibration * specific calibration for aarch64 -64kb kernels (jsc#PED-12971) * use KDUMP_NET_TIMEOUT as sftp/ftp timeout - update calibrate values - upgrade to version 2.1.1 * check for reserved memory on load for better error reporting * update man page * set KDUMP_CPUS to 1 on XEN (bsc#1244289) * load.sh clean up * use eval for PRESCRIPT, POSTSCRIPT and TRANSFER * sftp: fix key-based authentication * fix and improve calibrate build - update calibrate values ==== kernel-firmware-amdgpu ==== Version update (20250708 -> 20250718) - Update to version 20250718 (git commit a5fbfa20d1bd): * amdgpu: update dmcub fw for various DCN version - Update to version 20250716 (git commit 1b1a9d871442): * amdgpu: Update GC 11.5.1 microcode ==== kernel-firmware-bluetooth ==== Version update (20250707 -> 20250714) - Update to version 20250714 (git commit ecdbd2b8af04): * linux-firmware: Update firmware file for Intel Solar core * linux-firmware: Update firmware file for Intel BlazarU core * linux-firmware: Update firmware file for Intel BlazarI core ==== kernel-firmware-intel ==== Version update (20250603 -> 20250718) - Update to version 20250718 (git commit a5fbfa20d1bd): * intel_vpu: Update NPU firmware ==== kernel-firmware-media ==== Version update (20250627 -> 20250717) - Update to version 20250717 (git commit 6fc20e018cca): * WHENCE: extract more license statements ==== kernel-firmware-mellanox ==== Version update (20250408 -> 20250717) - Update to version 20250717 (git commit 6fc20e018cca): * WHENCE: extract more license statements ==== kernel-firmware-network ==== Version update (20250627 -> 20250717) - Update to version 20250717 (git commit 6fc20e018cca): * WHENCE: extract more license statements ==== kernel-firmware-nvidia ==== - Remove stale *.rpmmoved directories (bsc#1244458) ==== kernel-firmware-platform ==== Version update (20250627 -> 20250717) - Update to version 20250717 (git commit 6fc20e018cca): * WHENCE: extract more license statements ==== kernel-firmware-qcom ==== Version update (20250708 -> 20250714) - Remove stale *.rpmmoved directories (bsc#1244458) - Update to version 20250714 (git commit ecdbd2b8af04): * qcom: Update gpu firmwares of QCS615 chipset ==== kernel-firmware-qlogic ==== Version update (20250206 -> 20250717) - Update to version 20250717 (git commit 6fc20e018cca): * WHENCE: extract more license statements ==== kernel-firmware-realtek ==== Version update (20250630 -> 20250717) - Update to version 20250717 (git commit 6fc20e018cca): * WHENCE: extract more license statements - Update to version 20250715 (git commit 04c379b552c7): * rtw89: 8852b: update fw to v0.29.128.0 * rtw89: 8852bt: update fw to v0.29.127.0 * rtw89: 8922a: add regd fw element with version R72-R6 * rtw89: 8852c: add regd fw element with version R72-R57 * rtw89: 8922a: update BB parameter V49 ==== kernel-firmware-serial ==== Version update (20250627 -> 20250717) - Update to version 20250717 (git commit 6fc20e018cca): * WHENCE: extract more license statements ==== kernel-firmware-sound ==== Version update (20250627 -> 20250721) - Update to version 20250721 (git commit d89120bb80fc): * cirrus: cs35l41: Add Firmware for various ASUS commercial Laptops using CS35L41 HDA * cirrus: cs35l41: Update Firmware for Dell Oasis * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various Dell laptops * qcom: Add Audio topology for QCS6490 RB3Gen2 ==== kernel-firmware-usb-network ==== Version update (20250206 -> 20250717) - Update to version 20250717 (git commit 6fc20e018cca): * WHENCE: extract more license statements ==== kernel-source ==== Version update (6.15.6 -> 6.15.8) Subpackages: kernel-64kb kernel-default - Linux 6.15.8 (bsc#1012628). - KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls (bsc#1012628). - smb: client: let smbd_post_send_iter() respect the peers max_send_size and transmit all data (bsc#1012628). - drm/xe: Move page fault init after topology init (bsc#1012628). - drm/xe/mocs: Initialize MOCS index early (bsc#1012628). - sched/ext: Prevent update_locked_rq() calls with NULL rq (bsc#1012628). - sched,freezer: Remove unnecessary warning in __thaw_task (bsc#1012628). - cifs: Fix reading into an ITER_FOLIOQ from the smbdirect code (bsc#1012628). - cifs: Fix the smbd_response slab to allow usercopy (bsc#1012628). - smb: client: make use of common smbdirect_socket_parameters (bsc#1012628). - smb: smbdirect: introduce smbdirect_socket_parameters (bsc#1012628). - smb: client: make use of common smbdirect_socket (bsc#1012628). - smb: smbdirect: add smbdirect_socket.h (bsc#1012628). - smb: smbdirect: add smbdirect.h with public structures (bsc#1012628). - smb: client: make use of common smbdirect_pdu.h (bsc#1012628). - smb: smbdirect: add smbdirect_pdu.h with protocol definitions (bsc#1012628). - rust: use `#[used(compiler)]` to fix build and `modpost` with Rust >= 1.89.0 (bsc#1012628). - net: libwx: fix multicast packets received count (bsc#1012628). - usb: dwc3: qcom: Don't leave BCR asserted (bsc#1012628). - usb: hub: Don't try to recover devices lost during warm reset (bsc#1012628). - usb: hub: Fix flushing of delayed work used for post resume purposes (bsc#1012628). - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm (bsc#1012628). - usb: hub: fix detection of high tier USB3 devices behind suspended hubs (bsc#1012628). - sched: Change nr_uninterruptible type to unsigned long (bsc#1012628). - efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths (bsc#1012628). - libbpf: Fix handling of BPF arena relocations (bsc#1012628). - drm/mediatek: only announce AFBC if really supported (bsc#1012628). - drm/mediatek: Add wait_event_timeout when disabling plane (bsc#1012628). - Revert "cgroup_freezer: cgroup_freezing: Check if not frozen" (bsc#1012628). - rxrpc: Fix to use conn aborts for conn-wide failures (bsc#1012628). - rxrpc: Fix transmission of an abort in response to an abort (bsc#1012628). - rxrpc: Fix notification vs call-release vs recvmsg (bsc#1012628). - rxrpc: Fix recv-recv race of completed call (bsc#1012628). - rxrpc: Fix irq-disabled in local_bh_enable() (bsc#1012628). - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1012628). - net: bridge: Do not offload IGMP/MLD messages (bsc#1012628). - net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (bsc#1012628). - tls: always refresh the queue when reading sock (bsc#1012628). - virtio-net: fix recursived rtnl_lock() during probe() (bsc#1012628). - hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf (bsc#1012628). - Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (bsc#1012628). - drm/xe/pf: Resend PF provisioning after GT reset (bsc#1012628). - drm/xe/pf: Prepare to stop SR-IOV support prior GT reset (bsc#1012628). - drm/xe: Dont skip TLB invalidations on VF (bsc#1012628). - netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (bsc#1012628). - net: fix segmentation after TCP/UDP fraglist GRO (bsc#1012628). - ipv6: mcast: Delay put pmc->idev in mld_del_delrec() (bsc#1012628). - net: airoha: fix potential use-after-free in airoha_npu_get() (bsc#1012628). - net/mlx5: Correctly set gso_size when LRO is used (bsc#1012628). - Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID (bsc#1012628). - Bluetooth: hci_dev: replace 'quirks' integer by 'quirk_flags' bitmap (bsc#1012628). - Bluetooth: hci_core: add missing braces when using macro parameters (bsc#1012628). - Bluetooth: hci_core: fix typos in macros (bsc#1012628). - Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (bsc#1012628). - Bluetooth: SMP: If an unallowed command is received consider it a failure (bsc#1012628). - Bluetooth: hci_sync: fix connectable extended advertising when using static random address (bsc#1012628). - Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (bsc#1012628). - riscv: traps_misaligned: properly sign extend value in misaligned load handler (bsc#1012628). - riscv: Enable interrupt during exception handling (bsc#1012628). ... changelog too long, skipping 568 lines ... - commit c5fb175 ==== libapparmor ==== - add xkeyboard.diff to allow reading /usr/share/xkeyboard-config-2/ via abstractions/X (boo#1246743) - add kerberosclient-usrmerge.diff to allow reading /usr/etc/krb5.conf (boo#1246689) ==== libbpf ==== Version update (1.5.1 -> 1.6.1) - update to 1.6.0: * add more control over BPF object lifetime with new preparation step (bpf_object__prepare() API) * libbpf will report symbolic error code (e.g., "-EINVAL") in addition to human-readable error description * bpf_prog_stream_read() API * BPF token support when attaching BPF trampoline-based BPF programs in bpf_program__set_attach_target() * BPF token support for BPF_BTF_GET_FD_BY_ID command * support multi-uprobe session (SEC("uprobe.session")) BPF programs * support unique_match option for multi-kprobe attachment * support creating and destroying qdisk with BPF_TC_QDISC flag; * bpf_program__attach_cgroup_opts() which enables more precise cgroup-based attachment ordering * automatically take advantage of memory-mappable kernel BTF (/sys/kernel/btf/vmlinux), if supported * emit_strings option for BTF dumper API, improving string-like data printing * add BPF program's func and line info accessors * BPF linker supports linking ELF object files coming from memory buffer and referenced by FD, in addition to file path-based APIs; * small improvements to BTF dedup to handle rare quirky corner cases produces by some compilers * add likely() and unlikely() convenience macros; * __arg_untrusted annotation for BPF global subprog arguments; * bpf_stream_printk() macro for working with BPF streams; * bpf_usdt_arg_size() API - update to 1.6.0: * fixing a possible crash when handling BPF arena global variable relocations - drop 0001-libbpf-Add-identical-pointer-detection-to-btf_dedup_.patch, which is now included ==== libcddb ==== - Tighten %files, don't glob so much. - Work with newer gettext-runtime. In gettext 0.24.1 the m4 files moved from /usr/share/aclocal/ to /usr/share/gettext/m4 ==== libdnf ==== Subpackages: libdnf-repo-config-zypp libdnf2 - adjust gpgme requirement for future-proofing ==== libopenmpt ==== Version update (0.8.1 -> 0.8.2) - Update to 0.8.2: * [Sec] Possible out-of-bounds sample data read in a specific combination of reverse sample playback + offset past sample loop. (r23711). * [Bug] Fixed pre-C++20 undefined behaviour due to left-shifting negative integer values. * Since libopenmpt 0.8.0, swapping between samples on the rear channels could introduce a click on the front channels. * IT: Volume column slides no longer propagate their effect memory to the regular effect column volume slides. * FC: Allow files with a sequence size of 0 to load (fixes a broken copy of cult.smod). ==== libostree ==== Version update (2025.3 -> 2025.4) Subpackages: libostree-1-1 - Update to version 2025.4: + ostree-prepare-root: remove duplicate transient directory + Add root.transient-ro ==== libplist ==== - Fix build with cython 3.1+: * Add patch 0001-cython-Fix-build-with-cython-3.1.patch ==== libselinux ==== Version update (3.8.1 -> 3.9) Subpackages: libselinux1 selinux-tools - Update to version 3.9 * Fix local literal fcontext definitions priority * Fix order for path substitutions * Limit fcontext regex path length ==== libselinux-bindings ==== Version update (3.8.1 -> 3.9) - Update to version 3.9 * Fix local literal fcontext definitions priority * Fix order for path substitutions * Limit fcontext regex path length ==== libsemanage ==== Version update (3.8.1 -> 3.9) Subpackages: libsemanage-conf libsemanage2 - Update to version 3.9 * Improved POSIX compliance (added semanage_basename) * Add relabel_store config option * Add semanage_handle_create_with_path * Add relabel_store config option to semanage.conf ==== libsepol ==== Version update (3.8.1 -> 3.9) - Update to version 3.9 * Add new 'netif_wildcard' policy capability * Allow multiple policycap statements * Support genfs_seclabel_wildcard * Introduce neveraudit types ==== libxml2 ==== Subpackages: libxml2-2 libxml2-tools - security update - added patches CVE-2025-7425 [bsc#1246296], Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr + libxml2-CVE-2025-7425.patch ==== libxslt ==== Subpackages: libexslt0 libxslt-tools libxslt1 - security update - added patches CVE-2025-7424 [bsc#1246360], Type confusion in xmlNode.psvi between stylesheet and source nodes + libxslt-CVE-2025-7424.patch ==== libyuv ==== - Add fix-narrowing-conversion-initializer-errors-on-LoongArch64.patch Fix C++11 narrowing conversion errors when initializing __m128i constants with unsigned long long literals on LoongArch64 builds. ==== libzypp ==== Version update (17.37.11 -> 17.37.14) - During installation indicate the backend being used (bsc#1246038) If some package actually needs to know, it should test for ZYPP_CLASSIC_RPMTRANS being set in the environment. Otherwise the transaction is driven by librpm. - version 17.37.14 (35) - Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459) - Verbose log libproxy results if PX_DEBUG=1 is set. - BuildRequires: cmake >= 3.17. - version 17.37.13 (35) - Allow explicit request to probe an added repo's URL (bsc#1246466) - Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 (fixes #661) - version 17.37.12 (35) ==== microos-tools ==== Version update (4.0+git17 -> 4.0+git19) Subpackages: selinux-autorelabel - Update to version 4.0+git19: * Add zypp-single-rpmtrans files to spec file * Use single rpmtrans with libzypp by default ==== mozilla-nss ==== Version update (3.112 -> 3.113) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.113 * bmo#1963792 - Fix alias for mac workers on try. * bmo#198090 - Part 1: Use AES in the SDR (NSS) r=simonf,nss-reviewers,rrelyea * bmo#1968764 - Bump nssckbi version to 2.78. * bmo#1967548 - Turn off Websites Trust Bit for Chunghwa Telecom ePKI Root in FF 141. * bmo#1965556 - fix frame pointers in intel-gcm.s. * bmo#1971510 - Typo in release notes for NSS 101.4. * bmo#1968665 - Improve nss-release-helper.py. * bmo#1930800 - shlibsign is broken in System FIPS mode. * bmo#1954612 - Need up update NSS for PKCS 3.1: Move IPSEC to 3.1 * bmo#1965327 - PKCS #11 v3.2 header files. ==== multipath-tools ==== Version update (0.11.0+183+suse.3973293 -> 0.11.0+184+suse.9bca786) Subpackages: kpartx libmpath0 - Update to version 0.11.0+184+suse.9bca786: * tests: fix tests when built against cmocka 1.1.8 or newer (gh#openSUSE/multipath-tools#19) ==== ncurses ==== Version update (6.5.20250712 -> 6.5.20250720) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20250720 + further improve readability of header-files + add a consistency-check for termio(s)/tty headers, to help with cross-compiles (report by Stas Sergeev). + remove some unused configure-macros + add xterm+keypad to pccon+base -TD + trim trailing blanks from a few files (report by Stas Sergeev). ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0 - Update to version 2.1.11.suse+73.1723affc61eb: * README for rpm build directory * Fix issue with IPv6 adapter interfaces (#508, bsc#1240969) * fwparam_ppc.c: Fix the calloc-transposed-args issue (#504) * Makefile: fix "No rule to make target 'iscsiuio/Makefile.in" issue (#506) * Fix typo in initiator.c (#507) - Fixed some issues in this changes file * One date had incorrect format from 2014 * Two separator lines were formatted incrrectly ==== openSUSE-build-key ==== - obsolete gpg-pubkey-ded64f3b, the openSUSE buildservice global key which was used mistakenly for repository signing. ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11 - Drop xsetmode and xsetpointer from x11_raspberrypi (boo#1246921) ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap - Drop ghostscript-fonts-std-converted from kde pattern - Added systemd-presets-branding-Kalpa to kde pattern ==== pciutils ==== Version update (3.13.0 -> 3.14.0) Subpackages: libpci3 - Update to 3.14.0: * New capabilities are decoded: VirtIO SharedMemory, Physical Layer 16 to 64 GT/s, Flit Mode, Device 3, Intel vendor- specific. * got definitions of new classes and capabilities from PCI Code and ID Assignment rev 1.18 * can be included from C++ programs * Updated pci.ids ==== pipewire ==== Version update (1.4.6 -> 1.4.7) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 1.4.7: * Highlights - Improve latency handling in echo-cancel. - Don't leak SyncObj fds in client-node. - Improve the adaptive resampler performance. - Some more fixes and improvements. * modules - Set module-echo-cancel latency correctly. - Avoid extra latency in echo-cancel by dropping samples when one end is paused. - Don't leak SyncObj fds in client-node. (#4807) * SPA - Actually enable echo cancellation when using webrtc 2.0 - Improve ALSA driver resampling setup and follower adaptive resampling. - Fix an off-by-one in the delay filter. - Improve the adaptive resampler performance. * bluetooth - Improve compatibility with some JBL flip and change models. * GStreamer - Add some format validations. ==== pixman ==== - Disable LTO on riscv64 due to gcc bug 110812 ==== policycoreutils ==== Version update (3.8.1 -> 3.9) Subpackages: policycoreutils-python-utils python313-policycoreutils - Update to version 3.9 * setfiles: Add -U option to modify user and role portions * semodule: Add [-g PATH |--config=PATH] for an alternate path for the semanage config * Updated usr_etc.patch - Moved /etc/sestatus.conf to /usr/etc. - This patch is upstream: https://github.com/SELinuxProject/selinux/pull/415 ==== polkit-default-privs ==== Version update (1550+20250603.5d84a17 -> 1550+20250721.f1b71a3) - Update to version 1550+20250721.f1b71a3: * profiles: dnf5daemon-server execute_trusted_transaction (bsc#1245451) ==== poppler ==== Subpackages: libpoppler-cpp2 libpoppler151 - Do not build the qt5 flavor in SLE16. ==== poppler-qt6 ==== - Do not build the qt5 flavor in SLE16. ==== protobuf ==== Subpackages: libprotobuf-lite31_1_0 libutf8_range-31_1_0 - Cherry-pick protobuf-fix-google-imports.patch to fix import issues of reverse-dependency packages within the google namespace (bsc#1244918) ==== python-gpg ==== Version update (1.24.3 -> 2.0.0) - Fixup of previous commit to really fix the build on armv6 - Fix build on armv6 as well - use fdupes - fix 32 bit swig failures, adding gpgmepy-2.0.0-swig-32-bit.patch - Python bindings for GnuPG, based on gpgme, providing python*-gpg This is split from upstream gpgme from 2.0.0. - Rewrite building of the package using PEP517 compatible build system. - Do not pull revision info from GIT when autoconf is run. This removes the -unknown suffix after the version number. Fix also the version string in setup.py. [bsc#1244605] * Add python-gpgme-nobetasuffix.patch - Do not error out when copying duplicated files: [bsc#1244605] * Add python-gpgme-COPY_FILES.patch - wip, split upstream from gpgme since 2.0.0 ==== python-jsonschema ==== Version update (4.24.0 -> 4.25.0) - update to 4.25.0: * Add support for the iri and iri-reference formats to the format-nongpl extra by @jkowalleck in #1388 - update to 4.24.1: * Unambiguously quote and escape properties in JSON path rendering by @kurtmckee in #1390 * Drop python<3.9 backports by @hackowitz-af in #1367 ==== python-semanage ==== Version update (3.8.1 -> 3.9) - Update to version 3.9 * Improved POSIX compliance (added semanage_basename) * Add relabel_store config option * Add semanage_handle_create_with_path * Add relabel_store config option to semanage.conf ==== python-typing_extensions ==== Version update (4.14.0 -> 4.14.1) - update to 4.14.1: * Fix usage of `typing_extensions.TypedDict` nested inside other types (e.g., `typing.Type[typing_extensions.TypedDict]`). This is not allowed by the type system but worked on older versions, so we maintain support. ==== python313 ==== - Fix gil/nogil package description, bsc#1246229 - Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705). - Add bsc1243155-sphinx-non-determinism.patch (bsc#1243155) to generate ids for audit_events using docname (reproducible builds). - Use one core to build doc. This will make sphinx doc build reproducible. bsc#1243155 ==== python313-core ==== Subpackages: libpython3_13-1_0 python313-base - Fix gil/nogil package description, bsc#1246229 - Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705). - Add bsc1243155-sphinx-non-determinism.patch (bsc#1243155) to generate ids for audit_events using docname (reproducible builds). - Use one core to build doc. This will make sphinx doc build reproducible. bsc#1243155 ==== qemu ==== - Fix bsc#1246566: * [roms] seabios: include "pciinit: don't misalign large BARs" (bsc#1246566) ==== rebootmgr ==== Version update (3.3+git20250512.b6e4e84 -> 3.3+git20250722.adf0149) - Update to version 3.3+git20250722.adf0149: * rebootmgrctl: don't exit with negativ error codes ==== sdbootutil ==== Version update (1+git20250716.b03c12f -> 1+git20250724.553d46c) Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper sdbootutil-tukit - Update to version 1+git20250724.553d46c: * measure-pcr-validator: fail if the file is missing * measure-pcr-validator.service: Run after initrd-root-device.target * measure-pcr-validator.service: Fix failure handling * Clean the default snapshot in Tumbleweed * Improve volume key extraction - Update to version 1+git20250722.bf18f3b: * Measure kernel in PCR4 for grub2-bls if secure-boot - Update to version 1+git20250718.9f557f7: * MicroOS mounts encrypted /var in initrd ==== sdl2-compat ==== - Change license to Zlib ==== sqlite3 ==== Version update (3.50.2 -> 3.50.3) - Update to version 3.50.3: * Fix a possible memory error that can occur if a query is made against against FTS5 index that has been deliberately corrupted in a very specific way. * Fix the parser so that it ignored SQL comments in all places of a CREATE TRIGGER statement. This resolves a problem that was introduced by the introduction of the SQLITE_DBCONFIG_ENABLE_COMMENTS feature in version 3.49.0. * Fix an incorrect answer due to over-optimization of an AND operator. ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-boot systemd-experimental udev - systemd-testsuite: fix Requires to systemd-ukify - systemd-update-helper: fix regression introduced when support for package renaming/splitting was added (bsc#1245551) The cleanup of the flags in /run/systemd/rpm was previously handled in the %pretrans/%posttrans sections of the systemd main package. However, this method was ineffective if systemd was not part of the transaction. The cleanup is now run in %transfiletriggerin instead. - Add sub-package for ukify binary. move ukify from experimental package to a dedicated sub package. ==== sysuser-tools ==== - disable the buildroot virus scanning, as it needs the vscan user this package provides. (bsc#1246878) ==== tbb ==== Version update (2022.1.0 -> 2022.2.0) - Drop excessive gcc flags: add cf-prot.patch. - Update to version 2022.2.0: * Improved Hybrid CPU and NUMA Platforms API Support: Enhanced API availability for better compatibility with Hybrid CPU and NUMA platforms. * Refined Environment Setup: Replaced CPATH with C_INCLUDE_PATH and CPLUS_INCLUDE_PATH in environment setup to avoid unintended compiler warnings caused by globally applied include paths. ==== transactional-update ==== Version update (5.0.6 -> 5.0.7) Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit tukit-snapper-plugin tukitd - Add journalmount.patch to bind mount systemd journal only when available - Version 5.0.7 - Add sysext compatibility [bsc#1246140] - Fix soft-reboot with btrfs subvolume based /etc - Sync /etc layers also on soft-reboot - Bind mount /run/systemd/journal to allow log calls [gh#openSUSE/transactional-update#149] - Use rootlesskit instead of fakeroot for tests - Small coding style fixes - Temporarily disabling the testsuite because it doesn't run in the build environment so far ==== update-bootloader ==== Version update (1.24 -> 1.25) - merge gh#openSUSE/perl-bootloader#191 - avoid spurious warning messages when parsing /etc/default/grub (bsc#1246373, bsc#1245323) - 1.25 ==== vulkan-loader ==== Version update (1.4.313 -> 1.4.321) - Update to tag SDK-1.4.321.0 * Simplify portability enumeration variables. * Only call surface creation functions on supported drivers. * Add vkGetPhysicalDeviceSurfaceSupportKHR test when ICD does not support the surface extension. ==== vulkan-tools ==== Version update (1.4.313 -> 1.4.321) - Update to tag SDK-1.4.321.0 * cube: prefer Wayland over X11 when available ==== xkeyboard-config ==== - make %pretrans lua script more robust to avoid endless loops during package installation (boo#1246768) ==== yast2 ==== Version update (5.0.13 -> 5.0.15) - Do not try installing packages into the inst-sys during installation (bsc#1240867) - 5.0.15 - Improved checking TPM2 device. (bsc#1245247) - 5.0.14 ==== zypper ==== Version update (1.14.92 -> 1.14.93) Subpackages: zypper-needs-restarting - Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466) - Accept "show" as alias for "info" (bsc#1245985) - version 1.14.93