Packages changed: Mesa (25.0.2 -> 25.0.3) Mesa-drivers (25.0.2 -> 25.0.3) MicroOS-release (20250405 -> 20250411) NetworkManager bluez boost-base breeze6 c-ares (1.34.4 -> 1.34.5) cups-filters cyrus-sasl diffutils docker double-conversion (3.3.0 -> 3.3.1) ell (0.73 -> 0.76) ethtool (6.11 -> 6.14) ffmpeg-7 (7.1 -> 7.1.1) gawk (5.3.1 -> 5.3.2) gcc14 gdm giflib glib2 (2.84.0 -> 2.84.1) glib2-branding-openSUSE gnome-control-center gnome-keyring grub2 gtk4 (4.18.3 -> 4.18.4) harfbuzz (11.0.0 -> 11.0.1) hwinfo (23.4 -> 23.5) inih (58 -> 59) iproute2 (6.13 -> 6.14) kbd kernel-firmware-bluetooth (20250401 -> 20250408) kernel-firmware-i915 kernel-firmware-media (20250206 -> 20250408) kernel-firmware-mediatek kernel-firmware-mellanox (20250206 -> 20250408) kernel-firmware-network (20250219 -> 20250408) kernel-firmware-platform kernel-firmware-qcom (20250319 -> 20250408) kernel-firmware-realtek kernel-firmware-sound (20250331 -> 20250408) kernel-source (6.14.0 -> 6.14.1) libXpm libalternatives (1.2+30.a5431e9 -> 1.2+31.da24cd4) libconfig libcontainers-common (20240618 -> 20250409) libgpg-error (1.51 -> 1.53) libportal libsoup2 libunwind liburing (2.8 -> 2.9) llvm20 (20.1.0 -> 20.1.2) mjpegtools mozjs128 (128.8.1 -> 128.9.0) ncurses (6.5.20250329 -> 6.5.20250405) newt (0.52.24 -> 0.52.25) open-iscsi opencv openssh openvpn (2.6.10 -> 2.6.14) patterns-gnome (20241112 -> 20250310) podman (5.4.1 -> 5.4.2) polkit-default-privs (1550+20250225.49f846d -> 1550+20250407.fdb02a6) poppler (25.03.0 -> 25.04.0) poppler-qt6 (25.03.0 -> 25.04.0) python-MarkupSafe python-PyJWT python-alembic (1.15.1 -> 1.15.2) python-certifi (2024.8.30 -> 2025.1.31) qcoro-qt6 (0.11.0 -> 0.12.0) qt6-base (6.8.2 -> 6.9.0) qt6-declarative (6.8.2 -> 6.9.0) qt6-imageformats (6.8.2 -> 6.9.0) qt6-multimedia (6.8.2 -> 6.9.0) qt6-positioning (6.8.2 -> 6.9.0) qt6-qt5compat (6.8.2 -> 6.9.0) qt6-quick3d (6.8.2 -> 6.9.0) qt6-quicktimeline (6.8.2 -> 6.9.0) qt6-sensors (6.8.2 -> 6.9.0) qt6-shadertools (6.8.2 -> 6.9.0) qt6-speech (6.8.2 -> 6.9.0) qt6-svg (6.8.2 -> 6.9.0) qt6-tools (6.8.2 -> 6.9.0) qt6-virtualkeyboard (6.8.2 -> 6.9.0) qt6-wayland (6.8.2 -> 6.9.0) qt6-webchannel (6.8.2 -> 6.9.0) qt6-webengine (6.8.2 -> 6.9.0) qt6-webview (6.8.2 -> 6.9.0) runc (1.2.5 -> 1.2.6) sdbootutil (1+git20250404.20a1dfb -> 1+git20250410.9086124) selinux-policy (20250324 -> 20250410) serd shadow slang sndiff (0.2.1~0 -> 0.2.2~0) systemd (257.4 -> 257.5) u-boot-rpiarm64 (2025.01 -> 2025.04) vim webkit2gtk3 (2.48.0 -> 2.48.1) webkit2gtk4 (2.48.0 -> 2.48.1) wtmpdb (0.72.0+git20250305.10803fd -> 0.73.0+git20250408.edb8638) xorg-x11-server xz (5.6.4 -> 5.8.1) === Details === ==== Mesa ==== Version update (25.0.2 -> 25.0.3) Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1 - let Mesa-dri only require libvulkan1, libvulkan_lvp if build of vulkan drivers is enabled on this platform - let Mesa-dri also require libvulkan_lvp; fixes startup of Wayland sessions with Mesa 25.0.3 (boo#1240854) - U_clover-Don-t-include-libclc-headers.patch * don't break clover with libclc 20.1.0 update (boo#1240848) - Update to release 25.0.3 - -> https://docs.mesa3d.org/relnotes/25.0.3 - require llvm20/clang20 ==== Mesa-drivers ==== Version update (25.0.2 -> 25.0.3) Subpackages: Mesa-dri Mesa-gallium - let Mesa-dri only require libvulkan1, libvulkan_lvp if build of vulkan drivers is enabled on this platform - let Mesa-dri also require libvulkan_lvp; fixes startup of Wayland sessions with Mesa 25.0.3 (boo#1240854) - U_clover-Don-t-include-libclc-headers.patch * don't break clover with libclc 20.1.0 update (boo#1240848) - Update to release 25.0.3 - -> https://docs.mesa3d.org/relnotes/25.0.3 - require llvm20/clang20 ==== MicroOS-release ==== Version update (20250405 -> 20250411) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== NetworkManager ==== Subpackages: NetworkManager-bluetooth NetworkManager-tui NetworkManager-wwan libnm0 typelib-1_0-NM-1_0 - Remove '-Dhostname_persist=suse' compile option, as it's not needed anymore. The behaviours of this option are mainly: 1. stores hostname in /etc/HOSTNAME instead of /etc/hostname. 2. checks DHCLIENT_SET_HOSTNAME value in /etc/sysconfig/netowrk/dhcp to know whether the hostname is valid. These are not desired haviours anymore. ==== bluez ==== Subpackages: bluez-auto-enable-devices bluez-cups libbluetooth3 - to fix gcc-15 compile time errors, add bluez-5.79-c23.patch (from gentoo) and bluez-5.79-stdarg.patch ==== boost-base ==== Subpackages: boost-license1_87_0 libboost_filesystem1_87_0 libboost_thread1_87_0 - Remove requires of boost exception from boost coroutine (bsc#1240357) - boost-no-exception.patch: added ==== breeze6 ==== Subpackages: breeze6-cursors breeze6-decoration breeze6-style breeze6-wallpapers - Add patches to fix build: * 0001-Add-missing-includes.patch * 0002-kcursorgen-Add-QDebug-include.patch ==== c-ares ==== Version update (1.34.4 -> 1.34.5) - c-ares version 1.34.5 * CVE-2025-31498. A use-after-free bug has been uncovered in read_answers() that was introduced in v1.32.3 (bsc#1240955) - a531524a3d085fcd9a5e25d5f6cbdb953082c2b9.patch: upstreamed, removed ==== cups-filters ==== - add -std=gnu11 to CFLAGS to fix gcc15 compile time error, and to still allow build on Leap 15.6 ==== cyrus-sasl ==== Subpackages: cyrus-sasl-gssapi libsasl2-3 - add -std=gnu11 to CFLAGS to fix gcc15 compile time error, and to still allow build on Leap 15.6 ==== diffutils ==== - Fix failure (noticed in sdiff as fatal "realloc(): invalid next size") Original upstream report: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=77265 New patch: diff-fix-allocation-typo-leading-to-crashes.patch ==== docker ==== Subpackages: docker-buildx docker-rootless-extras - Update to docker-buildx v0.22.0. Upstream changelog: * Includes fixes for CVE-2025-0495. bsc#1239765 - Disable transparent SUSEConnect support for SLE-16. PED-12534 When this patchset was first added in 2013 (and rewritten over the years), there was no upstream way to easily provide SLE customers with a way to build container images based on SLE using the host subscription. However, with docker-buildx you can now define secrets for builds (this is not entirely transparent, but we can easily document this new requirement for SLE-16). Users should use RUN --mount=type=secret,id=SCCcredentials zypper -n ... in their Dockerfiles, and docker buildx build --secret id=SCCcredentials,src=/etc/zypp/credentials.d/SCCcredentials,type=file . when doing their builds. - Now that the only blocker for docker-buildx support was removed for SLE-16, enable docker-buildx for SLE-16 as well. PED-8905 - Don't use the new container-selinux conditional requires on SLE-12, as the RPM version there doesn't support it. Arguably the change itself is a bit suspect but we can fix that later. bsc#1237367 - Add backport for golang.org/x/oauth2 CVE-2025-22868 fix. bsc#1239185 + 0006-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch - Add backport for golang.org/x/crypto CVE-2025-22869 fix. bsc#1239322 + 0007-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch - Refresh patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch ==== double-conversion ==== Version update (3.3.0 -> 3.3.1) - update to 3.3.1: * Add _ITERATOR_DEBUG_LEVEL=2 and _DEBUG defines * Build system and CI tweaks * Add some missing headers ==== ell ==== Version update (0.73 -> 0.76) - Update to release 0.76 * Add support for NIST P-192/224/521 curve usage with ECDH, SHA-224-based checksums and HMACs. * Add support for SHA-3 series of hashing algorithms. * Add support for converting OID octets to strings. ==== ethtool ==== Version update (6.11 -> 6.14) - update to upstream release 6.14 * Feature: list PHYs (--show-phys) * Feature: target a specific PHY with some commands (--phy) * Feature: more attributes for C33 PSE (--show-pse, --set-pse) * Feature: source information for cable tests (--cable-test[-tdr]) * Feature: JSON output for module info (-m) * Feature: misc RSS hash info improvements (-x) * Feature: tsinfo hwtstamp provider (--{get,set}-hwtimestamp-cfg) * Fix: fix wrong auto-negotiation state (no option) * Fix: more explicit RSS context action (-n) * Fix: print PHY address as decimal (no option) * Fix: fix return value on flow hashing error (-N) * Fix: fix JSON output for IRQ coalescing * Fix: fix MDI-X info output (no option) * Misc: add '-j' alias for --json * Misc: provide AppStream metainfo XML ==== ffmpeg-7 ==== Version update (7.1 -> 7.1.1) Subpackages: libavcodec61 libavfilter10 libavformat61 libavutil59 libpostproc58 libswresample5 libswscale8 - Disable OpenVINO, too many dependencies for Factory ring1. - Update to release 7.1.1 * avformat/wavdec: Fix overflow of intermediate in block_align check * avformat/dvdvideodec: drop packets with unset PTS or DTS * avutil/timecode: Avoid fps overflow in av_timecode_get_smpte_from_framenum() * avcodec/mjpegdec: Disallow progressive bayer images * avformat/mov: don't unconditionally set all audio packets in fragments as key frames * avcodec/libx265: resolve build failure for libx265.so.n, n >= 213 - Delete ffmpeg-7-CVE-2025-22919.patch, ffmpeg-7-CVE-2025-0518.patch, ffmpeg-7-CVE-2025-1816.patch (merged) - Move BcntSync tag to the %else part where the mini package gets defined - Build with OpenVINO support in libavfilter - Add ffmpeg-7-CVE-2025-1816.patch: Backporting 0526535c from upstream, add missing constrains for num_parameters in audio_element_oub(). (CVE-2025-1816, bsc#1238728) ==== gawk ==== Version update (5.3.1 -> 5.3.2) - GNU awk 5.3.2: * pretty printer now produces fewer spurious newlines * -no-pie linker flag is no longer required * fix more subtle issues related to uninitialized array elements * Associative arrays should now not grow quite as fast as they used to * documentation updates ==== gcc14 ==== - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Add gcc14-pr119680.patch to fix cross-compiler builds with - -enable-host-pie. ==== gdm ==== Subpackages: gdm-schema gdm-xdm-integration gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0 - Disable X11 support on SLE: * SLFO will only support Wayland * This is required to avoid a fallback to X11 sessions which makes GDM crash * With this change gdm-exclude-61-gdm-rules-file.patch is not needed anymore ==== giflib ==== - Added patch: * giflib-bsc1240416.patch + fixing bsc#1240416: buffer overflow in function DumpScreen2RGB ==== glib2 ==== Version update (2.84.0 -> 2.84.1) Subpackages: glib2-tools libgio-2_0-0 libgirepository-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 typelib-1_0-GLib-2_0 typelib-1_0-GModule-2_0 typelib-1_0-GObject-2_0 typelib-1_0-Gio-2_0 - Update to version 2.84.1: + Fix test failure when building against gobject-introspection ≥1.83.4 + Bugs fixed: - 2.84.0 build failure on Linux: ../gio/gnetworkmonitornetlink.c:47:10: fatal error: netlink/netlink_route.h: No such file or directory - test failure with gobject-introspection 1.83.4: warning: element doc:format from state 3 is unknown, ignoring - gio/trash does not handle special characters well - `g_cancellable_connect()` documentation incorrect - g_cancellable_connect(): is it safe to unref cancellable from callback? - Crash with some registry key values in GWin32AppInfo - Memory sanitizer fixes - gobject: Be consistent in using atomic logic to handle the GParamSpecPool - gsettings: Port docs to gi-docgen format, add missing annotations and make various improvements - tests: Don't install runner scripts without installed_tests - docs: Document GSignalFlags members added after 2.0 - tests: Add a test for g_object_freeze_notify() being called too often - gfileinfo: Slightly expand docs for g_file_info_get_attribute_as_string() - gi: Dynamically set doc-format - tests: Various fixes to create temporary files in /tmp rather than the build directory - gdbusnameowning: Convert docs to gi-docgen linking syntax - giounix-private: Fix macro for checking for epoll_create1() - Fix LGPL in header - gutils: make documentation of g_set_prgname() clearer - docs: Add some detail - gspawn-win32: Fix potential integer overflows in argv handling - gvarianttype: Improve docs on type validation + Updated translations. ==== glib2-branding-openSUSE ==== - Update SLE version to 16. (bsc#1240822) ==== gnome-control-center ==== Subpackages: gnome-control-center-color gnome-control-center-goa - Recommend distribution-logos-openSUSE-icons; to ensure that the distribution icon is always displayed in the About section, even for minimal installations. - Add malcontent-control Recommends, pull in parental control (malcontent) support. ==== gnome-keyring ==== Subpackages: gnome-keyring-pam libgck-modules-gnome-keyring - Add gnome-keyring-register-login-keyring.patch: ensure login keyring is properly registered (glgo#GNOME/gnome-keyring!78). ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-common grub2-snapper-plugin - Add grub2-provide-edid.patch: Grub2 already retrieves the EDID from video adapters. Copy the raw data into the Linux kernel boot parameters, so that Linux can use this information. The necessary fields have been present in the boot parameters since at least commit f8eeaaf41803 ("[PATCH] Make the bzImage format self-terminating"), but never used. Within the kernel, the EDID data will be propagated to graphics drivers and finally to user space. (bsc#1240624) ==== gtk4 ==== Version update (4.18.3 -> 4.18.4) Subpackages: gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0 - Update to version 4.18.4: + Bugs fixed: - 4.18.3 regression: cursor doesn't update state when crossing window boundaries - Gtk.Video causes segfault inside VM with wayland backend - Win32: can't resize or move windows anymore - testsuite: Make reftest-compare use gsize instead of int - wayland: Force setting cursor on enter - Merge fixes from !8375 into 4.18 - inspector: Survive without installed schemas - builder: Fix a menu parsing issue - win32: Fix initial window state - vulkan: Do not create dmabuf target images if not enabled + Updated translations. ==== harfbuzz ==== Version update (11.0.0 -> 11.0.1) Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - Update to version 11.0.1: + The change in version 10.3.0 to apply “trak” table tracking values to glyph advances directly has been reverted as it required every font functions implementation to handle it, which breaks existing custom font functions. Tracking is instead back to being applied during shaping. + When directwrite integration is enabled, we now link to dwrite.dll instead of dynamically loading it. + A new experimental APIs for getting raw “CFF” and “CFF2” CharStrings. + We now provide manpages for the various command line utilities. Building manpages requires “help2man” and will be skipped if it is not present. + The command line utilities now set different return value for different kinds of failures. Details are provided in the manpages. + Various fixes and improvements to fontations font functions. + All shaping operations using the ot shaper have become memory allocation-free. + Glyph extents returned by hb-ot and hb-ft font functions are now rounded in stead of flooring/ceiling them, which also matches what other font libraries do. + Fix “AAT” deleted glyph marks interfering with fallback mark positioning. + Glyph outlines emboldening have been moved out of hb-ot and hb-ft font functions to the HarfBuzz font layer, so that it works with any font functions implementation. + Fix our fallback C++11 atomics integration, which seems to not be widely used. + Various testing fixes and improvements. + Various subsetting fixes and improvements. + Various other fixes and improvements. ==== hwinfo ==== Version update (23.4 -> 23.5) Subpackages: libhd23 - merge gh#openSUSE/hwinfo#155 - fix network card detection on aarch64 (bsc#1240648) - 23.5 ==== inih ==== Version update (58 -> 59) - Update to version 59 * INIReader: change variable visibility from private to protected * Add preprocessor exclusions when INI_ALLOW_MULTILINE=0 * Add INIReader Sections and Keys methods * If a line is longer than INI_MAX_LINE, consume input up to next newline * Performance improvements - Add service file to download source. ==== iproute2 ==== Version update (6.13 -> 6.14) - Update to release 6.14 * Add IPv6 flow label support to `ip route` and `ip rule` * Add `ip monitor maddress` support * ss: Display seq counters as decimal for mptcp subflows ==== kbd ==== Subpackages: libkbdfile1 libkeymap1 libkfont0 - Add kbd-2.7.1-reproducible-gzip.patch (bsc#1240348) ==== kernel-firmware-bluetooth ==== Version update (20250401 -> 20250408) - Update to version 20250408 (git commit c1a774f36657): * QCA: Add 8 bluetooth nvm files for WCN785x btusb * QCA: Update WCN785x btusb firmware to 2.0.0-00790-3 ==== kernel-firmware-i915 ==== - Update aliases from 6.15-rc1 ==== kernel-firmware-media ==== Version update (20250206 -> 20250408) - Update to version 20250408 (git commit c1a774f36657): * qcom: update firmware binary for SM8250 ==== kernel-firmware-mediatek ==== - Update aliases from 6.15-rc1 ==== kernel-firmware-mellanox ==== Version update (20250206 -> 20250408) - Update to version 20250408 (git commit c1a774f36657): * Mellanox: Add new mlxsw_spectrum firmware xx.2014.4012 ==== kernel-firmware-network ==== Version update (20250219 -> 20250408) - Update to version 20250408 (git commit c1a774f36657): * linux-firmware: add firmware for Aeonsemi AS21x1x 1G/2.5G/5G/10G Ethernet Phy ==== kernel-firmware-platform ==== - Update aliases from 6.15-rc1 ==== kernel-firmware-qcom ==== Version update (20250319 -> 20250408) - Update aliases from 6.15-rc1 - Update to version 20250408 (git commit c1a774f36657): * qcom:x1e80100: Iris Support for Lenovo T14s G6 Qualcomm platform * qcom:x1e80100: Support for Lenovo Yoga Slim 7 Snapdragon platform ==== kernel-firmware-realtek ==== - Update aliases from 6.15-rc1 ==== kernel-firmware-sound ==== Version update (20250331 -> 20250408) - Update to version 20250408 (git commit c1a774f36657): * mediatek: Add new mt8195 SOF firmware * mediatek: Add new mt8188 SOF firmware ==== kernel-source ==== Version update (6.14.0 -> 6.14.1) Subpackages: kernel-64kb kernel-default - Linux 6.14.1 (bsc#1012628). - serial: 8250_dma: terminate correct DMA in tx_dma_flush() (bsc#1012628). - serial: stm32: do not deassert RS485 RTS GPIO prematurely (bsc#1012628). - perf tools: Fix up some comments and code to properly use the event_source bus (bsc#1012628). - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1012628). - usb: xhci: Apply the link chain quirk on NEC isoc endpoints (bsc#1012628). - usb: xhci: Don't skip on Stopped - Length Invalid (bsc#1012628). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1012628). - net: usb: qmi_wwan: add Telit Cinterion FE990B composition (bsc#1012628). - net: usb: qmi_wwan: add Telit Cinterion FN990B composition (bsc#1012628). - tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (bsc#1012628). - tty: serial: 8250: Add Brainboxes XC devices (bsc#1012628). - tty: serial: 8250: Add some more device IDs (bsc#1012628). - counter: microchip-tcb-capture: Fix undefined counter channel state on probe (bsc#1012628). - counter: stm32-lptimer-cnt: fix error handling when enabling (bsc#1012628). - ALSA: hda/realtek: Bass speaker fixup for ASUS UM5606KA (bsc#1012628). - ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (bsc#1012628). - netfilter: socket: Lookup orig tuple for IPv6 SNAT (bsc#1012628). - cgroup/rstat: Fix forceidle time in cpu.stat (bsc#1012628). - atm: Fix NULL pointer dereference (bsc#1012628). - HID: hid-plantronics: Add mic mute mapping and generalize quirks (bsc#1012628). - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (bsc#1012628). - commit ca98696 - rpm/release-projects: Update the ALP projects again (bsc#1231293). - commit a2f9145 - Update config files (bsc#1225561). kvmsmall: CONFIG_9P_FS=y - commit bc32872 - series.conf: cleanup - update upstream reference and move to sorted section - patches.suse/PCI-Use-downstream-bridges-for-distributing-resources.patch - commit 5e7754e - Update config files: Enable CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER (bsc#1237220) - commit 8f3a404 - Update config files (bsc#1225561). kvmsmall: NVME_TARGET=m - commit ac8a4bc - Update config files (bsc#1225561). kvmsmall: CONFIG_DUMMY=m - commit f8502cb - Update config files. - commit 3291016 - Reapply "wifi: ath11k: restore country code during resume" (bsc#1207948). - wifi: ath11k: choose default PM policy for hibernation (bsc#1207948). - wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948). - wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948). - wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948). - wifi: ath11k: determine PM policy based on machine model (bsc#1207948). - commit cd433f2 - lockdown: fix kernel lockdown enforcement issue when secure boot is enabled (bsc#1237521). - commit b6b752b - Delete patches.suse/0001-Lock-down-x86_64-kernel-in-secure-boot-mode-in-subsy.patch. Refresh patches.suse/0001-initcall_blacklist-Does-not-allow-kernel_lockdown-be.patch. - commit 947e19d - Delete patches.suse/0002-security-Add-a-kernel-lockdown-flag-for-early-boot-s.patch. - commit 65907e7 - Delete patches.suse/0003-efi-Set-early-kernel-lock-down-flag-if-booted-in-sec.patch. - commit 73b42b9 - Delete patches.suse/0004-ACPI-Check-early-kernel-lockdown-flag-before-overlay.patch. - commit 8d7f4bb - Delete patches.suse/0005-kgdb-Check-early-kernel-lockdown-flag-before-using-k.patch. - commit 6631e22 ==== libXpm ==== - adding COPYING file to filelist (bsc#1240836) ==== libalternatives ==== Version update (1.2+30.a5431e9 -> 1.2+31.da24cd4) Subpackages: alts libalternatives1 - Update to version v1.2+31.da24cd4: * utils: better handle case of unknown option ==== libconfig ==== Subpackages: libconfig++11 libconfig11 - add -std=gnu11 to CFLAGS to fix gcc15 compile time error, and to still allow build on Leap 15.6 ==== libcontainers-common ==== Version update (20240618 -> 20250409) Subpackages: libcontainers-default-policy registries-conf-default - containers.conf default configuration modifications: * set runc as the default OCI runtime (bsc#1239088) * set nftables as the default firewall driver for netavark - New release 20250409 * bump bundled c/common to 0.59.1 * bump bundled c/image to 5.31.0 * bump bundled c/storage to 1.54.0 ==== libgpg-error ==== Version update (1.51 -> 1.53) - Update to 1.53: * Fix regression in 1.52. * Rebase libgpg-error-nobetasuffix.patch - Update to 1.52: * The KEY_WOW64_xxKEY flags can now be passed to the Registry read functions. [rE652328c786] * In the spawn functions care about closefrom/close call is interrupted. [T7478] * New simple string list API. [rE47097806f1] * New API for name value files. [rE7ec1f27b60] * Interface changes relative to the 1.51 release: - gpgrt_w32_reg_query_string NEW (Windows only). - gpgrt_strlist_t NEW type. - gpgrt_strlist_free NEW. - gpgrt_strlist_add NEW. - gpgrt_strlist_tokenize NEW. - gpgrt_strlist_copy NEW. - gpgrt_strlist_rev NEW. - gpgrt_strlist_prev NEW. - gpgrt_strlist_last NEW. - gpgrt_strlist_pop NEW. - gpgrt_strlist_find NEW. - GPGRT_STRLIST_APPEND NEW const. - GPGRT_STRLIST_WIPE NEW const. - gpgrt_nvc_t NEW type. - gpgrt_nve_t NEW type. - gpgrt_nvc_new NEW. - gpgrt_nvc_release NEW. - gpgrt_nvc_get_flag NEW. - gpgrt_nvc_add NEW. - gpgrt_nvc_set NEW. - gpgrt_nve_set NEW. - gpgrt_nvc_delete NEW. - gpgrt_nvc_lookup NEW. - gpgrt_nvc_parse NEW. - gpgrt_nvc_write NEW. - gpgrt_nve_next NEW. - gpgrt_nve_name NEW. - gpgrt_nve_value NEW. - gpgrt_nvc_get_string NEW. - gpgrt_nvc_get_bool NEW. - GPGRT_NVC_WIPE NEW const. - GPGRT_NVC_PRIVKEY NEW const. - GPGRT_NVC_SECTION NEW const. - GPGRT_NVC_MODIFIED NEW const. ==== libportal ==== Subpackages: libportal-gtk4-1 libportal1 - Add upstream change: * libportal-qt69.patch ==== libsoup2 ==== - Increase test timeout for all arches except x86_64 and run tests again should they fail the first time, the testsuite is flaky. - Increase test timeout on s390x. The http2-body-stream test can be slow and sometimes times out in our builds. ==== libunwind ==== - Add malloc-prototype.patch to fix gcc15 compile time error ==== liburing ==== Version update (2.8 -> 2.9) - Disable resize-rings.t as it is not very stable in OBS - Disable timeout.t on Leap 15.6/15.7 - Disable read-inc-file.t and timeout.t on Leap 16.0 - Add upstream patch to fix test on aarch64: * 923961c.patch - Update to 2.9: * Add support for ring resizing * Add support for registered waits * Test additions and improvements * Fix bug with certain ring setups with SQE128 set not fully closing the ring after io_uring_queue_exit(3) had been called. * Various man page fixes and updates - Remove upstreamed patches: * 0001-test-init-mem-zero-the-ringbuf-memory.patch * 0001-test-rsrc_tags-use-correct-buffer-index-for-test.patch ==== llvm20 ==== Version update (20.1.0 -> 20.1.2) - Update to version 20.1.2. * This release contains bug-fixes for the LLVM 20.1.0 release. This release is API and ABI compatible with 20.1.0. - Rebase llvm-do-not-install-static-libraries.patch. ==== mjpegtools ==== Subpackages: libmjpegutils-2_2-0 libmpeg2encpp-2_2-0 libmplex2-2_2-0 - add patches from upstream to fix gcc15 compile time errors and some warnings: mjpegtools-gcc15.patch, mjpegtools-lto.patch, mjpegtools-c99-configure.patch - add patch mjpegtools-c++-17.patch (from gentoo) to silence std=c++17 warnings ==== mozjs128 ==== Version update (128.8.1 -> 128.9.0) - Update to version 128.9.0: + CVE-2025-3028, CVE-2025-3029, CVE-2025-3030. ==== ncurses ==== Version update (6.5.20250329 -> 6.5.20250405) Subpackages: libncurses6 ncurses-utils terminfo-base - Modify patch ncurses-5.9-ibm327x.dif * Add a further sclp entry for qemu s390 based systems - Add ncurses patch 20250405 + improve formatting/style of manpages (patches by Branden Robinson). + improve infocmp -E/-e fallback feature (report by Ville Rissanen): + prefix names with "ti_" if they begin with a digit, e.g., 9term + escape backslashes and double-quotes in description fields + modify infocmp -E/-e fallback feature to reduce stricter compiler warnings for the extended capability data. + add sclp -TD + add op to vt525 -TD + update contour -TD - The new sclp terminfo description entry if for s390 sclp terminal lines - Correct offsets of patches * ncurses-6.4.dif * ncurses-6.5-ghostty.dif - Modify patch ncurses-5.9-ibm327x.dif * Make use of dumb ==== newt ==== Version update (0.52.24 -> 0.52.25) - Update to 0.52.25: * improve Makefile (Ryan Carsten Schmidt) * fix "yes" in Spanish translation ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0 - Change SPEC file so that open-iscsi lock files always go in /run/lock/iscsi (bsc#1239107) - Update to version 2.1.11.suse+65.65365e1cdedb: * doc: fixup iscsiadm man page option for -r (#501) * Modify log function to print session id (#498) * Fix minor typo ("authenticaton") (#500) * Preparing for version 2.1.11 (#499) * iscsid: Rate limit session reopen log messages (#492) * IPv6 support for iBFT iSCSI boot (#493) * Improve iscsiadm command line parsing messages (#494) * More testing cleanup, and fix dprint test usage (#491) * Fix a typo in test/README (#486) * iscsid: Fix hang during login with scan=manual (#485) * fix 4 issues which are finded when building with clang 17 (#478) ==== opencv ==== - Make devel package conflicts between different flavors explicit. - Split into multiple flavors to support switch to Qt6 for openSUSE TW and Leap 16+: * Main (no-name) flavor builds with Qt5. * qt6 flavor builds with Qt6 * nogui flavor builds without Qt support. - Use ldconfig_scriptlets macro for post(un) scripts. ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - Disable seccomp_filter and rlimitsandbox sandbox for loongarch. seccomp_filter and rlimitsandbox not supported on loongarch64 yet. ==== openvpn ==== Version update (2.6.10 -> 2.6.14) Subpackages: openvpn-auth-pam-plugin - update to 2.6.14: * CVE-2025-2704: fix possible ASSERT() on OpenVPN servers using --tls-crypt-v2 * Linux DCO: repair source IP selection for --multihome - update to 2.6.13: * on non-windows clients (MacOS, Linux, Unix) send "release" string from uname() call as IV_PLAT_VER to server * Linux: pass --timeout=0 argument to systemd-ask-password, to avoid default timeout of 90 seconds * improve server-side handling of clients sending usernames or passwords longer than USER_PASS_LEN * purge proxy authentication credentials from memory after use - update to 2.6.12: * the fix for CVE-2024-5594 (refuse control channel messages with nonprintable characters) was too strict, breaking user configurations * Http-proxy: fix bug preventing proxy credentials caching - update to 2.6.11: * CVE-2024-5594: control channel: refuse control channel messages with nonprintable characters in them. Security scope: a malicious openvpn peer can send garbage to openvpn log, or cause high CPU load. * CVE-2024-28882: only call schedule_exit() once (on a given peer). Security scope: an authenticated client can make the server "keep the session" even when the server has been told to disconnect this client * Fix connect timeout when using SOCKS proxies * Add bracket in fingerprint message and do not warn about missing verification * Remove "experimental" denotation for --fast-io * Correctly document ifconfig_* variables passed to scripts * Documentation: make section levels consistent * Samples: Update sample configurations (remove compression & old cipher settings, add more informative comments) - update keyring, as the old one doesn't verify anymore (and attach an url) - remove openvpn-CVE-2024-28882.patch and openvpn-CVE-2024-5594.patch, as the latest version include fixes for the CVEs ==== patterns-gnome ==== Version update (20241112 -> 20250310) Subpackages: patterns-gnome-gnome_basic patterns-gnome-gnome_basis - Adaptation for SLES16: * Disable gnome_x11, gnome_multimedia and enable gnome_internet patterns * Always recommends NetworkManager and gnome_internet pattern. * no longer recommends gnome-shell-classic, pidgin, planner, totem packages and gnome_imaging, office and x11_yast patterns. * switch from gnome-terminal to GNOME Console * switch from gedit to GNOME Text Editor * switch from evince to Papers - Hardcode adobe-sourcecodepro and adwaita fonts to ensure always have default fonts installed, when recommends are disabled - No longer recommends gnome-desktop ==== podman ==== Version update (5.4.1 -> 5.4.2) - Update to version 5.4.2: * Bump to v5.4.2 * Add release notes for v5.4.2 * Fix a potential deadlock during `podman cp` * Improve the file format documentation of podman-import. * Revert "podman-import only supports gz and tar" * Bump buildah to v1.39.4 * libpod: do not cover idmapped mountpoint * test: Fix runc error message * oci: report empty exec path as ENOENT * test: adapt tests new crun error messages * test: remove duplicate test * cirrus: test only on f41/rawhide * CI: use z1d instance for windows machine testing * New images 2025-03-24 * test/e2e: use go net.Dial() ov nc * test: use ncat over nc * New images 2025-03-12 * RPM: Add riscv64 to ExclusiveArch-es * Fix HealthCheck log destination, count, and size defaults * Win installer test: hardcode latest GH release ID * Packit: Fix action script for fetching upstream commit * Bump to v5.4.2-dev ==== polkit-default-privs ==== Version update (1550+20250225.49f846d -> 1550+20250407.fdb02a6) - Update to version 1550+20250407.fdb02a6: * profiles: power-profiles-daemon (bsc#1240862) * build(deps): bump actions/checkout from 3 to 4 * Add dependabot checks for Github actions * Add flake8 CI workflow ==== poppler ==== Version update (25.03.0 -> 25.04.0) Subpackages: libpoppler-cpp2 libpoppler-glib8 - version update to 25.04.0 core: * Properly verify adbe.pkcs7.sha1 signatures * Improve errors on signing failure * Allow empty outline titles * Fix error in Distinguished Name parsing * Fix build with Android API < 29 * Fix parsing Level PG document string * Internal code improvements * Fix crashes in malformed documents utils: * pdfcairo: Fix document unit for SVG output cpp: * Add document::form_type * Add document::has_javascript build system: * cmake: Use modern Python3 cmake module - fixes CVE-2025-32365 [bsc#1240881] CVE-2025-32364 [bsc#1240880] ==== poppler-qt6 ==== Version update (25.03.0 -> 25.04.0) - version update to 25.04.0 core: * Properly verify adbe.pkcs7.sha1 signatures * Improve errors on signing failure * Allow empty outline titles * Fix error in Distinguished Name parsing * Fix build with Android API < 29 * Fix parsing Level PG document string * Internal code improvements * Fix crashes in malformed documents utils: * pdfcairo: Fix document unit for SVG output cpp: * Add document::form_type * Add document::has_javascript build system: * cmake: Use modern Python3 cmake module - fixes CVE-2025-32365 [bsc#1240881] CVE-2025-32364 [bsc#1240880] ==== python-MarkupSafe ==== - Make the dist-info name case-insensitive - Lowercase metadata directory name. ==== python-PyJWT ==== - Just use a wildcard for the dist-info metadata to make it properly work on all setuptools versions. - Wrap the metadata directory name in a distro-based conditional - Lowercase metadata directory name. ==== python-alembic ==== Version update (1.15.1 -> 1.15.2) - Update to 1.15.2 * Fixed issue where the "modified_name" of :class:`.AlterColumnOp` would not be considered when rendering op directives for autogenerate. While autogenerate cannot detect changes in column name, this would nonetheless impact approaches that made use of this attribute in rewriter recipes. Pull request courtesy lenvk. ==== python-certifi ==== Version update (2024.8.30 -> 2025.1.31) - Update to 2025.1.31 * Added certs - Subject: CN=D-TRUST BR Root CA 2 2023 O=D-Trust GmbH - Subject: CN=D-TRUST EV Root CA 2 2023 O=D-Trust GmbH * Removed certs - Subject: CN=SwissSign Silver CA - G2 O=SwissSign AG - from version 2024.12.14 * Upload attestations to PyPI * Added 3.13 classifier (#322) * Test against 3.13 final * Added certs - Subject: CN=GLOBALTRUST 2020 O=e-commerce monitoring GmbH * Removed certs - Subject: CN=SecureSign RootCA11 O=Japan Certification Services, Inc. - Subject: CN=Entrust Root Certification Authority - G4 O=Entrust, Inc. OU=See www.entrust.net/legal-terms/(c) 2015 Entrust, Inc. - for authorized use only - Subject: CN=Security Communication RootCA3 O=SECOM Trust Systems CO.,LTD. ==== qcoro-qt6 ==== Version update (0.11.0 -> 0.12.0) Subpackages: libQCoro6Core0 libQCoro6DBus0 - Update to 0.12.0 * README: fix typo in QNetworkReply example * Don't discard result from QFile::open * Add return value conversion for QCoroTask * fix: disable language-extension-token warning * Don't set CMAKE_CXX_FLAGS, use target properties instead * Fix infinite recursion with debug builds on libstdc++ * Fix build with Qt dev * Don't leak compile definitions from interface libraries * Add missing includes ==== qt6-base ==== Version update (6.8.2 -> 6.9.0) Subpackages: libQt6Concurrent6 libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6OpenGLWidgets6 libQt6PrintSupport6 libQt6Sql6 libQt6Test6 libQt6Widgets6 libQt6Xml6 qt6-network-tls qt6-networkinformation-glib qt6-networkinformation-nm qt6-printsupport-cups qt6-sql-sqlite - Add patch to rename a variable that was being shadowed and which made apps that use -Werror=shadow and include this header fail to build. Submitted upstream at https://codereview.qt-project.org/c/qt/qtbase/+/638284 : * 0001-Rename-variable-being-shadowed.patch - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released - Drop patches, merged upstream: * 0001-QLocale-try-to-survive-being-created-during-applicat.patch * 0001-QSystemLocale-bail-out-if-accessed-post-destruction.patch * 0001-QLibraryInfo-speed-up-checking-if-qt-etc-qt.conf-res.patch ==== qt6-declarative ==== Version update (6.8.2 -> 6.9.0) Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsPlatform6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlMeta6 libQt6QmlModels6 libQt6QmlNetwork6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 libQt6QuickVectorImage6 libQt6QuickWidgets6 qt6-declarative-imports - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== qt6-imageformats ==== Version update (6.8.2 -> 6.9.0) - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== qt6-multimedia ==== Version update (6.8.2 -> 6.9.0) Subpackages: libQt6Multimedia6 libQt6MultimediaQuick6 libQt6Quick3DSpatialAudio6 libQt6SpatialAudio6 qt6-multimedia-imports - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== qt6-positioning ==== Version update (6.8.2 -> 6.9.0) Subpackages: libQt6Positioning6 libQt6PositioningQuick6 qt6-positioning-imports - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== qt6-qt5compat ==== Version update (6.8.2 -> 6.9.0) Subpackages: libQt6Core5Compat6 qt6-qt5compat-imports - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== qt6-quick3d ==== Version update (6.8.2 -> 6.9.0) Subpackages: libQt6Quick3D6 libQt6Quick3DAssetImport6 libQt6Quick3DAssetUtils6 libQt6Quick3DEffects6 libQt6Quick3DHelpers6 libQt6Quick3DHelpersImpl6 libQt6Quick3DParticleEffects6 libQt6Quick3DParticles6 libQt6Quick3DRuntimeRender6 libQt6Quick3DUtils6 libQt6Quick3DXr6 qt6-quick3d-imports - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== qt6-quicktimeline ==== Version update (6.8.2 -> 6.9.0) - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== qt6-sensors ==== Version update (6.8.2 -> 6.9.0) Subpackages: libQt6Sensors6 - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== qt6-shadertools ==== Version update (6.8.2 -> 6.9.0) - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== qt6-speech ==== Version update (6.8.2 -> 6.9.0) Subpackages: libQt6TextToSpeech6 qt6-texttospeech - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== qt6-svg ==== Version update (6.8.2 -> 6.9.0) - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== qt6-tools ==== Version update (6.8.2 -> 6.9.0) Subpackages: libQt6UiTools6 qt6-tools-qdbus - Fix desktop files - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== qt6-virtualkeyboard ==== Version update (6.8.2 -> 6.9.0) Subpackages: libQt6HunspellInputMethod6 libQt6VirtualKeyboard6 qt6-virtualkeyboard-imports - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== qt6-wayland ==== Version update (6.8.2 -> 6.9.0) Subpackages: libQt6WaylandClient6 libQt6WaylandCompositor6 libQt6WaylandEglClientHwIntegration6 libQt6WaylandEglCompositorHwIntegration6 libQt6WlShellIntegration6 - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released - Drop patches, merged upstream: * 0001-update-wayland_xml-to-version-1_23_0.patch * fix-taskbar.patch ==== qt6-webchannel ==== Version update (6.8.2 -> 6.9.0) Subpackages: libQt6WebChannel6 libQt6WebChannelQuick6 qt6-webchannel-imports - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== qt6-webengine ==== Version update (6.8.2 -> 6.9.0) Subpackages: libQt6WebEngineCore6 libQt6WebEngineQuick6 libQt6WebEngineWidgets6 qt6-webengine-imports - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released - Drop patches, merged upstream: * 0001-Build-system-remove-libxml2-compilation-test.patch * qtwebengine-ffmpeg-playback-fix.patch - Add patch: * qtwebengine-pipewire-1.4.patch ==== qt6-webview ==== Version update (6.8.2 -> 6.9.0) - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== runc ==== Version update (1.2.5 -> 1.2.6) - Update to runc v1.2.6. Upstream changelog is available from . ==== sdbootutil ==== Version update (1+git20250404.20a1dfb -> 1+git20250410.9086124) Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper sdbootutil-tukit - Update to version 1+git20250410.9086124: * Simplify code calling mount_chroot * Support transactional systems without overlayfs on /etc * Remove unnecessary umount_etc - Update to version 1+git20250409.7ec17ae: * Call cleanup when snapshots change (boo#1240932) * Add cleanup command to drop broken boot entries * Document --all parameter * Sync the bootloader also in MicroOS - Update to version 1+git20250407.f84e1da: * Drop PCR2 if in virtual machine * Add have_slot function * Get boot time from /proc/stat (boo#1240851) ==== selinux-policy ==== Version update (20250324 -> 20250410) Subpackages: selinux-policy-targeted - Update to version 20250410: * Allow login to podman container from tty (bsc#1238709) * Add an rpmbuild test to the gitlab-ci - Add ugly workaround for semodule removal issues (bsc#1221342 bsc#1238062 bsc#1230643 bsc#1230938) Can be dropped when PED-12491 is done. - Update to version 20250403: * Allow hyper-v's fcopy_uio_daemon to run as unconfined_service_t (bsc#1239593) * Allow switcheroo-control dbus chat with xdm * Fix typo in calling unconfined_dbus_chat for switcheroo-control * Allow sysadm_t to write to /dev/kmsg * Allow init_t nnp domain transition to pcscd_t * Fix the genfscon statement for pidfs filesystem * Allow tuned-ppd dbus chat with xdm * Update INSTALL to describe necessary steps to build it * Rename the default policy to fedora-selinux * Update COPYING to the latest version of GPLv2 * Allow traceroute_t bind rawip sockets to unreserved ports * Revert "Allow traceroute_t bind rawip sockets to unreserved ports" * Change the bootc system generator name to bootc-systemd-generator * Correct path for SAP HDB binary * additional path for SAP binaries * dontaudit access to /etc/passwd for power-profiles-daemon (bsc#1237534) * allow power-profiles-daemon to watch sysfs directories (bsc#1237534) * add dev_watch_sysfs_dirs interface * Allow mpd use the io_uring API * Confine tuned-ppd * Add the switcheroo module * Label wine's windows libraries as textrel_shlib_t * Allow systemd domains write global pressure stall information * Add label and interfaces for kernel PSI files * Update bootupd policy * Update ktls policy * Add policy for systemd-bootc-generator * Allow blueman the kill capability * Add context for plymouth debug log files * Allow rlimit inheritance for domains transitioning to local_login_t * Update insights-core policy * Allow insights-core map all non-security files * Allow insights-core map audit config and log files * Allow insights-client manage insights_client_var_log_t files - Syncing with upstream rawhide selinux-policy up to: * 041d36f8d8c03e651c1e52b6221770db1e9237c6 - Update embedded container-selinux version to commit: * 4244f856ea34d20edb903a6ff28667400a4b6c18 (version 2.236.0) ==== serd ==== - Fix Leap build ==== shadow ==== Subpackages: libsubid5 login_defs - shadow-util-linux.patch: util-linux-2.41 introduced new variable: LOGIN_ENV_SAFELIST. Recognize it and update dependencies. The patch includes gh/shadow-maint/shadow/pull#1248. - shadow-login_defs-check-login_defs.lst: Make the util-linux.spec multibuild file compatible with quilt. Make it working with new quilt. ==== slang ==== - Drop pcre module, it hasn't been ported to pcre2 yet. ==== sndiff ==== Version update (0.2.1~0 -> 0.2.2~0) - Update to version 0.2.2~0: * Update to v0.2.2 * Automatic detection of snapshots * Add list command ==== systemd ==== Version update (257.4 -> 257.5) Subpackages: libsystemd0 libudev1 systemd-boot systemd-experimental udev - Import commit c10a66fb4dd34b86d42fa92501bd88db63df479a (merge of v257.5) This merge includes the following fix: 9b52c10986 test-network: replace symlink to 99-default.link with a copy d7577221b8 man/pstore.conf: pstore.conf template is not always installed in /etc 62071a984d man: coredump.conf template is not always installed in /etc (bsc#1237496) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/f133e5974e69708d7491d4823780690c913f7bda...c10a66fb4dd34b86d42fa92501bd88db63df479a ==== u-boot-rpiarm64 ==== Version update (2025.01 -> 2025.04) Subpackages: u-boot-rpiarm64-doc - Update to 2025.04: * Full changelog available at: https://source.denx.de/u-boot/u-boot/-/compare/v2025.01...v2025.04 - Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2025.04 * Patches added: 0016-Kconfig-add-btrfs-to-standard-boot.patch - Disable boards which fail to build: * avnetultra96rev1 * xilinxzynqmpvirt * xilinxzynqmpzcu102rev10 ==== vim ==== Subpackages: vim-data-common vim-small - add -std=gnu11 to CFLAGS to fix gcc15 compile time error, and to still allow build on Leap 15.6 ==== webkit2gtk3 ==== Version update (2.48.0 -> 2.48.1) Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 webkit2gtk-4_1-injected-bundles - Update to version 2.48.1 (boo#1240958 boo#1240961 boo#1240962 boo#1240963 boo#1240964): + Limit the data stored in session state. + Remove the empty area below the title bar in Web Inspector when not docked. + Fix the build with GST_DISABLE_GST_DEBUG. + Fix the build with GStreamer < 1.20. + Fix the build with video disabled. + Fix the build with clang 20. + Security fixes: CVE-2024-54551, CVE-2025-24208, CVE-2025-24209, CVE-2025-24213, CVE-2025-24216, CVE-2025-24264, CVE-2025-30427. - Add 8bee9eb9.patch: fix the build on non-x86 architectures. ==== webkit2gtk4 ==== Version update (2.48.0 -> 2.48.1) Subpackages: libjavascriptcoregtk-6_0-1 libwebkitgtk-6_0-4 webkitgtk-6_0-injected-bundles - Update to version 2.48.1 (boo#1240958 boo#1240961 boo#1240962 boo#1240963 boo#1240964): + Limit the data stored in session state. + Remove the empty area below the title bar in Web Inspector when not docked. + Fix the build with GST_DISABLE_GST_DEBUG. + Fix the build with GStreamer < 1.20. + Fix the build with video disabled. + Fix the build with clang 20. + Security fixes: CVE-2024-54551, CVE-2025-24208, CVE-2025-24209, CVE-2025-24213, CVE-2025-24216, CVE-2025-24264, CVE-2025-30427. - Add 8bee9eb9.patch: fix the build on non-x86 architectures. ==== wtmpdb ==== Version update (0.72.0+git20250305.10803fd -> 0.73.0+git20250408.edb8638) Subpackages: libwtmpdb0 - Update to version 0.73.0+git20250408.edb8638: * Release version 0.73.0 * expand accepted time format options * use documented -t short option for last --until * hurd: avoid PATH_MAX * hurd: compat for lack of CLOCK_BOOTTIME ==== xorg-x11-server ==== Subpackages: xorg-x11-server-Xvfb - Add u_xf86-Accept-devices-with-the-kernel-s-vesadrm-driver.patch: Enables Xorg to make use of the kernel's vesadrm driver. Taken from upstream. See the MR at https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1879. (bsc#1240624) - Add u_xf86-Accept-devices-with-the-kernel-s-efidrm-driver.patch: Enables Xorg to make use of the kernel's efidrm driver. Taken from upstream. See the MR at https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1879. (bsc#1240624) ==== xz ==== Version update (5.6.4 -> 5.8.1) Subpackages: liblzma5 - Update to 5.8.1: * Multithreaded .xz decoder (lzma_stream_decoder_mt()): - Fix a bug that could at least result in a crash with invalid input. (bsc#1240414, CVE-2025-31115) - Fix a performance bug: Only one thread was used if the whole input file was provided at once to lzma_code(), the output buffer was big enough, timeout was disabled, and LZMA_FINISH was used. There are no bug reports about this, thus it's possible that no real-world application was affected. * Avoid even with C11/C17 compilers. This fixes the build with Oracle Developer Studio 12.6 on Solaris 10 when the compiler is in C11 mode (the header doesn't exist). * Autotools: Restore compatibility with GNU make versions older than 4.0 by creating the package using GNU gettext 0.23.1 infrastructure instead of 0.24. * Update Croatian translation. - 5.8.0 changelog: * liblzma on 32/64-bit x86: When possible, use SSE2 intrinsics instead of memcpy() in the LZMA/LZMA2 decoder. In typical cases, this may reduce decompression time by 0-5 %. However, when built against musl libc, over 15 % time reduction was observed with highly compressed files. * CMake: Make the feature test macros match the Autotools-based build on NetBSD, Darwin, and mingw-w64. * Update the Croatian, Italian, Portuguese, and Romanian translations. * Update the German, Italian, Korean, Romanian, Serbian, and Ukrainian man page translations. - Summary of changes in the 5.7.x development releases: * Mark the following LZMA Utils script aliases as deprecated: lzcmp, lzdiff, lzless, lzmore, lzgrep, lzegrep, and lzfgrep. * liblzma: - Improve LZMA/LZMA2 encoder speed on 64-bit PowerPC (both endiannesses) and those 64-bit RISC-V processors that support fast unaligned access. - Add low-level APIs for RISC-V, ARM64, and x86 BCJ filters to lzma/bcj.h. These are primarily for erofs-utils. - x86/x86-64/E2K CLMUL CRC code was rewritten. - Use the CRC32 instructions on LoongArch. * xz: - Synchronize the output file and its directory using fsync() before deleting the input file. No syncing is done when xz isn't going to delete the input file. - Add --no-sync to disable the sync-before-delete behavior. - Make --single-stream imply --keep. * xz, xzdec, lzmainfo: When printing messages, replace non-printable characters with question marks. * xz and xzdec on Linux: Support Landlock ABI versions 5 and 6. * CMake: Revise the configuration variables and some of their options, and document them in the file INSTALL. CMake support is no longer experimental. (It was already not experimental when building for native Windows.) * Add build-aux/license-check.sh.