Packages changed: aws-lc (1.52.1 -> 1.54.0) cifs-utils (7.3 -> 7.4) crypto-policies cryptsetup (2.7.5 -> 2.8.0) curl evince (48.0 -> 48.1) ffmpeg-7 gcc15 (15.1.1+git9739 -> 15.1.1+git9866) glslang (15.3.0 -> 15.4.0) gpg2 grub2 gstreamer-plugins-bad kdump (2.0.18 -> 2.1.0) kernel-firmware-amdgpu (20250623 -> 20250627) kernel-firmware-bnx2 (20250206 -> 20250627) kernel-firmware-chelsio (20250206 -> 20250627) kernel-firmware-media (20250424 -> 20250627) kernel-firmware-network (20250603 -> 20250627) kernel-firmware-platform (20250520 -> 20250627) kernel-firmware-radeon (20250206 -> 20250627) kernel-firmware-serial (20250206 -> 20250627) kernel-firmware-sound (20250613 -> 20250627) kernel-source (6.15.3 -> 6.15.4) libev libnettle (3.10.1 -> 3.10.2) libvirt (11.4.0 -> 11.5.0) llvm20 (20.1.6 -> 20.1.7) ncurses (6.5.20250621 -> 6.5.20250628) numactl (2.0.19.13.g63e0223 -> 2.0.19.14.g690a72c) nvidia-open-driver-G06-signed-cuda (575.57.08_k6.15.3_1 -> 575.57.08_k6.15.4_1) openSUSE-release (20250627 -> 20250702) openldap2 (2.6.8 -> 2.6.10) openldap2-contrib-src (2.6.8 -> 2.6.10) patterns-base pipewire (1.4.5 -> 1.4.6) publicsuffix (20250520 -> 20250626) python-immutables python-ldap salt setools shaderc (2025.1 -> 2025.3) sqlite3 (3.50.1 -> 3.50.2) sudo (1.9.16p2 -> 1.9.17p1) systemd-presets-branding-openSUSE udisks2 yast2-pkg-bindings (5.0.5 -> 5.0.6) yast2-trans (84.87.20250622.8bb5f5631d -> 84.87.20250629.a95a3dcc68) === Details === ==== aws-lc ==== Version update (1.52.1 -> 1.54.0) - update to 1.54.0: * Rename SSL test files to match Scrutinice filter * Order tool output * Fix Console Test Suite Execution Locally * Re-remove afunix.h * Note a couple of typoed struct names that we'll leave alone * Document that EVP_PKEY_CTX_set_rsa_keygen_pubexp takes ownership * Remove sys headers from bio.h * rwlock race tests is not a GoogleTest executable * Add two new APIs to expose TLS 1.3 traffic secrets for kTLS * Intentionally redefine iovec in headers as CI - update to 1.53.1: * Add timeouts to PQ TLS Integ Tests * Split ssl handshake tests * Add password prompting support & EVP_read_pw_string * Impl BIO_ADDR_xxx functions * Update mlkem-native to v1 - update to 1.53.0: * Add build with hardened flag * Openssl tool output ordered * [SCRUTINICE] Remove redundant condition check * Support relro in delocator * Explicitly don't allow buffers aliasing in ctr-drbg implementation * Remove unused Windows afunix.h * Revert "Rework memory BIOs and implement BIO_seek (2nd try) (#2433)" * Use max_cert_list for TLSv1.3 NewSessionTicket * ML-KEM memory safety * Improve support for multilib-style distros in our test scripts * Fix Ru * Add hardened build back in * Fix OCSP integration test failures * Fix some theoretical missing earlyclobber markers in inline assembly * Simplify sshkdf and kbkdf * Run 3p module tests on python 3.13, add patch for 3.14 * Fix service indicator in HKDF, more paranoid zeroization, and simplify logic = make it so that the patch adapts to the version - exclude %{arm} as those are not suppported and don't build ==== cifs-utils ==== Version update (7.3 -> 7.4) Subpackages: wb-cifs-idmap-plugin - Update cifs-utils to 7.4 * mount.cifs: retry mount on -EINPROGRESS * cifs.upcall: correctly treat UPTARGET_UNSPECIFIED as UPTARGET_APP * cifs.upcall: fix memory leaks in check_service_ticket_exits() * cifs-utils: bump version to 7.4 * getcifsacl, setcifsacl: use for basename * cifscreds: use for basename ==== crypto-policies ==== Subpackages: crypto-policies-scripts - Allow openssl to load when using the DEFAULT policy, and also other policies, in FIPS mode. [bsc#1243830, bsc#1242233] * Add crypto-policies-Allow-openssl-other-policies-in-FIPS-mode.patch ==== cryptsetup ==== Version update (2.7.5 -> 2.8.0) Subpackages: cryptsetup-doc libcryptsetup12 - Update to 2.8.0: * Full release notes in: - https://cdn.kernel.org/pub/linux/utils/cryptsetup/v2.8/v2.8.0-ReleaseNotes * Introduce support for inline mode (use HW sectors with additional hardware metadata space). * Finalize use of keyslot context API. * Make all keyslot context types fully self-contained. * Add --key-description and --new-key-description cryptsetup options. * Support more precise keyslot selection in reencryption initialization. * Allow reencryption to resume using token and volume keys. * Cryptsetup repair command now tries to check LUKS keyslot areas for corruption. * Opal2 SED: PSID keyfile is now expected to be 32 alphanumeric characters. * Opal2: Avoid the Erase method and use Secure Erase for locking range. * Opal2: Fix some error description (in debug only). * Opal2: Do not allow deferred deactivation. * Allow --reduce-device-size and --device-size combination for reencryption (encrypt) action. * Fix the userspace storage backend to support kernel "capi:" cipher specification format. * Disallow conversion from LUKS2 to LUKS1 if kernel "capi:" cipher specification is used. * Explicitly disallow kernel "capi:" cipher specification format for LUKS2 keyslot encryption. * Do not allow conversion of LUKS2 to LUKS1 if an unbound keyslot is present. * cryptsetup: Adjust the XTS key size for kernel "capi:" cipher specification. * Remove keyslot warning about possible failure due to low memory. * Do not limit Argon2 KDF memory cost on systems with more than 4GB of available memory. * Properly report out of memory error for cryptographic backends implementing Argon2. * Avoid KDF2 memory cost overflow on 32-bit platforms. * Do not use page size as a fallback for device block size. * veritysetup: Check hash device size in advance. * Print a better error message for unsupported LUKS2 AEAD device resize. * Optimize LUKS2 metadata writes. * veritysetup: support --error-as-corruption option. * Report all sizes in status and dump command output in the correct units. * Add --integrity-key-size option to cryptsetup. * Support trusted & encrypted keyrings for plain devices. * Support plain format resize with a keyring key. * TCRYPT: Clear mapping of system-encrypted partitions. * TCRYPT: Print all information from the decrypted metadata header in the tcryptDump command. * Always lock the volume key structure in memory. * Do not run direct-io read check on block devices. * Fix a possible segfault in deferred deactivation. * Exclude cipher allocation time from the cryptsetup benchmark. * Add Mbed-TLS optional crypto backend. * Fix the wrong preprocessor use of #ifdef for config.h processed by Meson. * Reorganize license files. The license text files are now in docs/licenses. The COPYING file in the root directory is the default license. * Remove cc-by-sa-4.0.txt as already shipped now in docs/licenses and named as COPYING.CC-BY-SA-4.0. * Libcryptsetup API extensions. The libcryptsetup API is backward compatible with all existing symbols. Due to the self-contained memory allocation, these symbols have the new version: - crypt_keyslot_context_init_by_passphrase; - crypt_keyslot_context_init_by_keyfile; - crypt_keyslot_context_init_by_token; - crypt_keyslot_context_init_by_volume_key; - crypt_keyslot_context_init_by_signed_key; - crypt_keyslot_context_init_by_keyring; - crypt_keyslot_context_init_by_vk_in_keyring; * New symbols: - crypt_format_inline - crypt_get_old_volume_key_size - crypt_reencrypt_init_by_keyslot_context - crypt_safe_memcpy * New defines: - CRYPT_ACTIVATE_HIGH_PRIORITY - CRYPT_ACTIVATE_ERROR_AS_CORRUPTION - CRYPT_ACTIVATE_INLINE_MODE - CRYPT_REENCRYPT_CREATE_NEW_DIGEST * New requirement flag: - CRYPT_REQUIREMENT_INLINE_HW_TAGS ==== curl ==== Subpackages: libcurl4 - Disable insecure NTLM authentication support [bsc#1245491, jsc#PED-12960] - split wcurl into a subpackage so that upgrade works (wcurl used to be a separate package) ==== evince ==== Version update (48.0 -> 48.1) Subpackages: evince-plugin-pdfdocument libevdocument3-4 libevview3-3 typelib-1_0-EvinceDocument-3_0 typelib-1_0-EvinceView-3_0 - Update to version 48.1: + general: Avoid potential heap overflow when allocating from n_pages + libview: - Confine monitor fix to affected gtk versions - Fix caret-color when using system dark mode - Make annotation popup window always opaque + shell/previwer: Set application ID to match with .desktop ==== ffmpeg-7 ==== Subpackages: libavcodec61 libavfilter10 libavformat61 libavutil59 libpostproc58 libswresample5 libswscale8 - Built with noopenh264, drop ffmpeg-dlopen-openh264.patch (jsc#PED-12607) ==== gcc15 ==== Version update (15.1.1+git9739 -> 15.1.1+git9866) Subpackages: cpp15 libasan8 libatomic1 libgcc_s1 libgccjit0 libgfortran5 libgomp1 libhwasan0 libitm1 liblsan0 libobjc4 libstdc++6 libstdc++6-pp libtsan2 libubsan1 - Update to GCC 15 branch head, 15.1.1+git9866 - Fix PR120827, ICE due to splitter emitting constant loads directly ==== glslang ==== Version update (15.3.0 -> 15.4.0) - Update to release 15.4 * Implement GL_NV_gpu_shader5 and enable GL_ARB_gpu_shader5 completely * Add the GLSL_QCOM_tile_shading support * Implement GL_EXT_float8_e5m2_e4m3 (bits for exponent/mantissa) * Add variadic function support for builtin functions * Add argument default values support for builtin functions * Add GL_ARM_tensors ==== gpg2 ==== Subpackages: dirmngr - fix build of qgpgme >= 2.0.0 [T7083] boo#1244605 add gnupg-2.5.8-re-add-revocation-reason.patch ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-common grub2-snapper-plugin grub2-systemd-sleep-plugin - Fix bls_bumpcounter breaking FDE (bsc#1243842) * grub2-blsbumpcounter-menu.patch ==== gstreamer-plugins-bad ==== Subpackages: libgstadaptivedemux-1_0-0 libgstanalytics-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstinsertbin-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstmse-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Move faad plugin to main package. ==== kdump ==== Version update (2.0.18 -> 2.1.0) - upgrade to version 2.1.0 * fix calibrate (no run-time changes) * man: update kdump(7) * add kdump-commandline.service (jsc#PED-12454) * kdumptool: introduce the commandline subcommand (jsc#PED-12454) * kdumptool calibrate: add per-cpu userspace requirements * Use FADUMP_COMMANDLINE_APPEND to detect explicit ip= configuration (bsc#1242134) - update calibrate values for SLFO (alp1600) ==== kernel-firmware-amdgpu ==== Version update (20250623 -> 20250627) - Update to version 20250627 (git commit f40eafe21683): * amdgpu: DMCUB updates for DCN401 ==== kernel-firmware-bnx2 ==== Version update (20250206 -> 20250627) - Update to version 20250627 (git commit f40eafe21683): * WHENCE: extract license texts ==== kernel-firmware-chelsio ==== Version update (20250206 -> 20250627) - Update to version 20250627 (git commit f40eafe21683): * WHENCE: extract license texts ==== kernel-firmware-media ==== Version update (20250424 -> 20250627) - Update to version 20250627 (git commit f40eafe21683): * WHENCE: extract license texts * qcom: update firmware binary for SM8550 - Update to version 20250624 (git commit b05fabcd6f2a): * qcom: venus-5.4: add the firmware binary for qcs615 ==== kernel-firmware-network ==== Version update (20250603 -> 20250627) - Update to version 20250627 (git commit f40eafe21683): * WHENCE: extract license texts ==== kernel-firmware-platform ==== Version update (20250520 -> 20250627) - Update to version 20250627 (git commit f40eafe21683): * WHENCE: expand the advansys license statement * WHENCE: some older AMD drivers are MIT licensed ==== kernel-firmware-radeon ==== Version update (20250206 -> 20250627) - Update to version 20250627 (git commit f40eafe21683): * WHENCE: some older AMD drivers are MIT licensed ==== kernel-firmware-serial ==== Version update (20250206 -> 20250627) - Update to version 20250627 (git commit f40eafe21683): * WHENCE: extract license texts ==== kernel-firmware-sound ==== Version update (20250613 -> 20250627) - Update to version 20250627 (git commit f40eafe21683): * WHENCE: extract license texts ==== kernel-source ==== Version update (6.15.3 -> 6.15.4) Subpackages: kernel-64kb kernel-default - io_uring: gate REQ_F_ISREG on !S_ANON_INODE as well (io_uring-regression). - commit 55e70a8 - Linux 6.15.4 (bsc#1012628). - alloc_tag: handle module codetag load errors as module load failures (bsc#1012628). - configfs: Do not override creating attribute file failure in populate_attrs() (bsc#1012628). - crypto: marvell/cesa - Do not chain submitted requests (bsc#1012628). - gfs2: move msleep to sleepable context (bsc#1012628). - sched/rt: Fix race in push_rt_task (bsc#1012628). - sched/fair: Adhere to place_entity() constraints (bsc#1012628). - crypto: qat - add shutdown handler to qat_c3xxx (bsc#1012628). - crypto: qat - add shutdown handler to qat_420xx (bsc#1012628). - crypto: qat - add shutdown handler to qat_4xxx (bsc#1012628). - crypto: qat - add shutdown handler to qat_c62x (bsc#1012628). - crypto: qat - add shutdown handler to qat_dh895xcc (bsc#1012628). - ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params() (bsc#1012628). - firmware: cs_dsp: Fix OOB memory read access in KUnit test (bsc#1012628). - ASoC: meson: meson-card-utils: use of_property_present() for DT parsing (bsc#1012628). - ASoC: amd: amd_sdw: Fix unlikely uninitialized variable use in create_sdw_dailinks() (bsc#1012628). - ASoC: amd: sof_amd_sdw: Fix unlikely uninitialized variable use in create_sdw_dailinks() (bsc#1012628). - io_uring: account drain memory to cgroup (bsc#1012628). - io_uring/kbuf: account ring io_buffer_list memory (bsc#1012628). - powerpc/pseries/msi: Avoid reading PCI device registers in reduced power states (bsc#1012628). - powerpc64/ftrace: fix clobbered r15 during livepatching (bsc#1012628). - powerpc/bpf: fix JIT code size calculation of bpf trampoline (bsc#1012628). - s390/pci: Fix __pcilg_mio_inuser() inline assembly (bsc#1012628). - s390/pci: Remove redundant bus removal and disable from zpci_release_device() (bsc#1012628). - s390/pci: Prevent self deletion in disable_slot() (bsc#1012628). - s390/pci: Allow re-add of a reserved but not yet removed device (bsc#1012628). - s390/pci: Serialize device addition and removal (bsc#1012628). - regulator: max20086: Fix MAX200086 chip id (bsc#1012628). - regulator: max20086: Change enable gpio to optional (bsc#1012628). - net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() (bsc#1012628). - net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() (bsc#1012628). - wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() (bsc#1012628). - wifi: mt76: mt7925: fix host interrupt register initialization (bsc#1012628). - anon_inode: use a proper mode internally (bsc#1012628). - anon_inode: explicitly block ->setattr() (bsc#1012628). - anon_inode: raise SB_I_NODEV and SB_I_NOEXEC (bsc#1012628). - fs: add S_ANON_INODE (bsc#1012628). - wifi: ath11k: fix rx completion meta data corruption (bsc#1012628). - wifi: rtw88: usb: Upload the firmware in bigger chunks (bsc#1012628). - wifi: ath11k: fix ring-buffer corruption (bsc#1012628). - NFSD: unregister filesystem in case genl_register_family() fails (bsc#1012628). - NFSD: fix race between nfsd registration and exports_proc (bsc#1012628). - NFSD: Implement FATTR4_CLONE_BLKSIZE attribute (bsc#1012628). - nfsd: fix access checking for NLM under XPRTSEC policies (bsc#1012628). - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request (bsc#1012628). - nfsd: Initialize ssc before laundromat_work to prevent NULL dereference (bsc#1012628). - SUNRPC: Prevent hang on NFS mount with xprtsec=[m]tls (bsc#1012628). - NFS: always probe for LOCALIO support asynchronously (bsc#1012628). - NFSv4: Don't check for OPEN feature support in v4.1 (bsc#1012628). - fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio() (bsc#1012628). - wifi: ath12k: fix ring-buffer corruption (bsc#1012628). - jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1012628). - svcrdma: Unregister the device if svc_rdma_accept() fails (bsc#1012628). - wifi: rtw88: usb: Reduce control message timeout to 500 ms (bsc#1012628). - wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 (bsc#1012628). - jfs: validate AG parameters in dbMount() to prevent crashes (bsc#1012628). - media: ov8856: suppress probe deferral errors (bsc#1012628). - media: ov5675: suppress probe deferral errors (bsc#1012628). - media: i2c: change lt6911uxe irq_gpio name to "hpd" (bsc#1012628). ... changelog too long, skipping 917 lines ... - commit 0952b8c ==== libev ==== - Add libevent-devel conflict - Split event.h to subpackage, it is an optional compatibility layer and we already ship the native libevent - this allows for removal of the conflict in libevent and further to allow building of packages requiring both libraries ==== libnettle ==== Version update (3.10.1 -> 3.10.2) Subpackages: libhogweed6 libnettle8 - update to 3.10.2: * Fix missing prototypes in getopt.h and getopt.c * For powerpc64, avoid using v9 (ISA v3.0) instructions lxvb16x, lxv and stxv in powerpc64/p8/ files. * For powerpc64, add configure check for __VSX__, and disable use of assembly if not defined. Nettle's powerpc64 assembly requires at least v7 (ISA v2.06) - drop libnettle-powerpc64-skip-AES-GCM-test.patch ==== libvirt ==== Version update (11.4.0 -> 11.5.0) Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-qemu libvirt-libs - Update to libvirt 11.5.0 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v11-5-0-2025-07-01 - qemu: Use numa-preplace instead of numad for numa placement advice bsc#1242979 ==== llvm20 ==== Version update (20.1.6 -> 20.1.7) - Update to version 20.1.7. * This release contains bug-fixes for the LLVM 20.1.0 release. This release is API and ABI compatible with 20.1.0. - Rebase llvm-do-not-install-static-libraries.patch. ==== ncurses ==== Version update (6.5.20250621 -> 6.5.20250628) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20250628 + fix a few compiler-warnings. + simplify include for wchar.h in Windows port by removing the platform ifdef's (report by Karl Knechtel). + regen Ada95/configure (report by Sven Joachim). ==== numactl ==== Version update (2.0.19.13.g63e0223 -> 2.0.19.14.g690a72c) Subpackages: libnuma1 - Update to version 2.0.19.14.g690a72c: * numastat command fails on LPAR which is not having node0 Patch is now upstream: https://github.com/numactl/numactl/pull/246 D 4abeee1aac20a7a2552870e0359b8df013ae9037.patch Patches are wrong or not needed anymore: https://github.com/numactl/numactl/pull/246 D 0001-Fixed-segfault-when-no-node-could-be-found-in-sysfs-.patch D numactl-clearcache-pie.patch ==== nvidia-open-driver-G06-signed-cuda ==== Version update (575.57.08_k6.15.3_1 -> 575.57.08_k6.15.4_1) - 0003-nv-dmabuf-Inline-dma_buf_attachment_is_dynamic.patch 0004-nvidia-uvm-Disable-SVA-support-for-6.16.patch * buildfixes against Kernel 6.16 picked up from https://github.com/CachyOS/CachyOS-PKGBUILDS.git - -> nvidia/nvidia-utils ==== openSUSE-release ==== Version update (20250627 -> 20250702) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== openldap2 ==== Version update (2.6.8 -> 2.6.10) Subpackages: libldap-data libldap2 openldap2-client - Update to release 2.6.10 * ldap.conf:TIMEOUT and NETWORK_TIMEOUT config directives now have the desired effect for TLS connections (previously ignored) * Reject attempts to modify cn=schema,cn=config objects * Fixed a slapo-nestgroup leak in nestgroup_memberFilter * Fixed a slapo-translucent regression with subordinate databases / and when requesting attributes * Adjusted slappw-argon2 defaults to be more secure * Added slapd microsecond timestamp format for local logging * Fixed libldap ldap_result behavior with LDAP_MSG_RECEIVED ==== openldap2-contrib-src ==== Version update (2.6.8 -> 2.6.10) - Update to release 2.6.10 * ldap.conf:TIMEOUT and NETWORK_TIMEOUT config directives now have the desired effect for TLS connections (previously ignored) * Reject attempts to modify cn=schema,cn=config objects * Fixed a slapo-nestgroup leak in nestgroup_memberFilter * Fixed a slapo-translucent regression with subordinate databases / and when requesting attributes * Adjusted slappw-argon2 defaults to be more secure * Added slapd microsecond timestamp format for local logging * Fixed libldap ldap_result behavior with LDAP_MSG_RECEIVED ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-x11 patterns-base-x11_enhanced - Add myrlyn to x11_enhanced Myrlyn replaces YaST software management code-o-o#leap/features#173 - Refine topics and descriptions of patterns (bsc#1243961). - Drop requirement on NetworkManager-wifi, it was merged back in NetworkManager in 2022. ==== pipewire ==== Version update (1.4.5 -> 1.4.6) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 1.4.6: * Highlights - Fix a crasher bug in filter-chain and one in the ALSA plugin. - Improve latency reporting in module-combine-stream. - Some smaller fixes and cleanups. * modules - Improve latency handling in module-combine-stream. (#4731) - Improve save activation/deactivation of the filter-graph in module-filter-chain to avoid crashes. (#4700, #4750) - Add an option to disable RAOP with a context.property. * SPA - Handle NULL io in alsa wakeup code. This can happen when there is negotiation happening. (#4734) - Enable interrupts after an ALSA error to keep the dataflow going. - Reset some stats better after an ALSA error. - Support the alsa.use-ucm property for the ALSA udev plugin. * pulse-server - Mark empty buffers. This improves some code paths in the mixer. * GStreamer - Fix a refcount issue in the device provider. ==== publicsuffix ==== Version update (20250520 -> 20250626) - Update to version 20250626: * update scaleway subdomains (#2503) * Update public_suffix_list.dat (#2508) * Update Adobe entries with aem.network for Adobe Experience Manager (#2505) * Add 4.at, my.at, my.de, *.nxa.eu, nx.gw (#2495) * util: gTLD data autopull updates for 2025-06-07T15:17:54 UTC (#2507) * TECCM-151074: Add webspace-host.com to PSL (#2504) * add *.mtls.run.app to public_suffix_list.dat (#2485) * Add https://lutra.ai (#2500) * Add `vercel.run` to the public suffix list (#2490) * request to add `tche.br` (#2487) * Update public_suffix_list.dat (#2498) * Add Cloudflare Subdomain Notice to README.md (#2497) * Add schuldock.de (#2492) * add kop.id (#2489) * Add icp0.io / icp1.io / caffeine.site / caffeine.website for Internet Computer domains (#2424) * Add iserv.host (#2461) * Add encr.app and lp.dev subdomains (#2450) * Add eliv-cdn.kr (#2479) * Add github.app to Public Suffix List (#2482) * removing cloud66.zone as it is redundant now (#2483) ==== python-immutables ==== - Switch to pyproject macros. - Actually run fdupes. ==== python-ldap ==== - Switch build system from setuptools to pyproject.toml * Add python-pip and python-wheel to BuildRequires * Replace %python_build with %pyproject_wheel * Replace %python_install with %pyproject_install ==== salt ==== Subpackages: python311-salt salt-master salt-minion - Prevent tests failures when pygit2 is not present - Added: * fix-tests-issues-in-salt-shaker-environments-721.patch ==== setools ==== Subpackages: python313-setools setools-console - Drop legacy %python_build and %python_install macros and switch to pyproject macros instead as requested by packaging team ==== shaderc ==== Version update (2025.1 -> 2025.3) - Update to release 2025.3 * Added a way to disable the glsc CLI executable. ==== sqlite3 ==== Version update (3.50.1 -> 3.50.2) Subpackages: libsqlite3-0 sqlite3-tcl - Update to 3.50.2: * Fix the concat_ws() SQL function so that it includes empty strings in the concatenation. * Avoid writing frames with no checksums into the wal file if a savepoint is rolled back after dirty pages have already been spilled into the wal file. * Fix the Bitvec object to avoid stack overflow when the database is within 60 pages of its maximum size. * Fix a problem with UPDATEs on fts5 tables that contain BLOB values. * Fix an issue with transitive IS constraints on a RIGHT JOIN. * Raise an error early if the number of aggregate terms in a query exceeds the maximum number of columns, to avoid downstream assertion faults. * Ensure that sqlite3_setlk_timeout() holds the database mutex. ==== sudo ==== Version update (1.9.16p2 -> 1.9.17p1) Subpackages: sudo-plugin-python - Update to 1.9.17p1 * Fix a possible local privilege escalation via the --host option [bsc#1245274, CVE-2025-32462] * Fix a possible local privilege Escalation via chroot option [bsc#1245275, CVE-2025-32463] - Update to 1.9.17 * Sudo now uses the NODEV macro consistently. Bug #1074. Fixed a bug where the ALL command in a sudoers rule would override a previous NOSETENV tag. Command tags are inherited from previous Cmnds in a Cmnd_Spec_List. There is a special case for the SETENV tag with the ALL command, where SETENV is implied if no explicit SETENV or NOSETENV tag is specified. This special case did not take into account that a NOSETENV tag that was inherited should override this behavior. * If sudo is run via ssh without a terminal and a password is required, it now suggest using ssh’s -t option. * Fixed the display of timeout values in the sudo -V output on systems without a C99-compliant snprintf() function. * Quieted a number of minor Coverity warnings. * Fixed a problem running sudo from a serial console on Linux when the command is run in a pseudo-terminal (the default). * Fixed a crash in sudo which could occur if there was a fatal error after the user was validated but before the command was actually run. * Fixed a number of man page style warnings. The “lint” make target in the docs directory will now run groff with warnings enabled if it is available. Bug #1075. * The ignore_dot sudoers setting is now on by default. There is now a - -disable-ignore-dot configure option to disable it. The - -with-ignore-dot configure option has been deprecated. * Fixed a problem with the pwfeedback option where an initial backspace would reduce the maximum length allowed for the password. GitHub issue #439. * Fixed minor grammar and spelling problems in the man pages. * Fixed a bug where a user could avoid entering a password for sudo -l command if they specified their own user or group name via the -u or - g options. * Avoid potential password guessing based on timing attacks on the strcmp() function on systems without PAM or a crypt() function where plaintext passwords are stored in the shadow password file. * Fixed a potential information leak where sudo -l command could be used to determine whether an executable exists in a directory that they do not have search access to. * Sudo uses TCSAFLUSH, not TCSADRAIN, when disabling echo once again. A long time ago sudo changed from using TCSAFLUSH to TCSADRAIN due to some systems having bugs related to TCSAFLUSH. That should no longer be a concern. Using TCSAFLUSH ensures that password input that has been received by the kernel, but not yet read by sudo, will be discarded and not echoed. * Added the SUDO_TTY environment variable if the user has a terminal. This can be used to find the user’s original tty device when sudo runs the command in its own pseudo-terminal. GitHub issue #447. * New Cantonese translation for sudo. ==== systemd-presets-branding-openSUSE ==== - enable switcheroo-control.service (boo#1244097) ==== udisks2 ==== Subpackages: libudisks2-0 libudisks2-0_btrfs udisks2-bash-completion - Moved /etc/udisks2/modules.conf.d/udisks2_lsm.conf and /etc/udisks2/udisks2.conf do /usr/etc. (patch usr_etc.patch) ==== yast2-pkg-bindings ==== Version update (5.0.5 -> 5.0.6) - Add support for the new libzypp install callbacks (bsc#1244319). - 5.0.6 ==== yast2-trans ==== Version update (84.87.20250622.8bb5f5631d -> 84.87.20250629.a95a3dcc68) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20250629.a95a3dcc68: * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (German) * Update translation files * Update translation files * New POT for text domain 'control'. * New POT for text domain 'bootloader'.