Packages changed: AppStream (1.0.4 -> 1.0.5) AppStream-qt6 (1.0.4 -> 1.0.5) Mesa (25.0.4 -> 25.0.5) Mesa-drivers (25.0.4 -> 25.0.5) MicroOS-release (20250423 -> 20250503) PackageKit-Qt6 (1.1.1 -> 1.1.2) aaa_base (84.87+git20250410.71df276 -> 84.87+git20250429.1cad3bc) at-spi2-core (2.56.1 -> 2.56.2) augeas blog (2.34 -> 2.35) btrfsprogs busybox cockpit cockpit-tukit (0.1.2~git0.647b3e3 -> 0.1.3~git0.41f9fbc) container-selinux (2.236.0 -> 2.237.0) coreutils coreutils-systemd crypto-policies dhcp docker (27.5.1_ce -> 28.1.1_ce) ethtool firewalld fuse3 (3.17.1 -> 3.17.2) gcc14 (14.2.1+git11321 -> 14.2.1+git11702) gcc15 (15.0.1+git9352 -> 15.1.1+git9595) glib2-branding-openSUSE glslang (15.2.0 -> 15.3.0) gnome-shell gnutls grub2 gstreamer (1.26.0 -> 1.26.1) gstreamer-plugins-bad (1.26.0 -> 1.26.1) gstreamer-plugins-base (1.26.0 -> 1.26.1) gstreamer-plugins-good (1.26.0 -> 1.26.1) hwdata (0.393 -> 0.394) iptables jitterentropy (3.4.1 -> 3.6.3) kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k (20250227 -> 20250424) kernel-firmware-ath12k (20250206 -> 20250424) kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi (20250312 -> 20250423) kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media (20250422 -> 20250424) kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network kernel-source (6.14.3 -> 6.14.4) libavif (1.1.1 -> 1.2.1) libeconf (0.7.7 -> 0.7.8) libedit (20210910.3.1 -> 20250104.3.1) libgcrypt libgpg-error (1.54 -> 1.55) libnftnl libraw (0.21.3 -> 0.21.4) libsoup libsoup2 libssh libxkbcommon (1.8.1 -> 1.9.0) libzip libzypp (17.36.6 -> 17.36.7) lilv lua54 mozilla-nss (3.109 -> 3.110) ncurses (6.5.20250412 -> 6.5.20250426) nghttp2 (1.64.0 -> 1.65.0) open-vm-tools openssh (9.9p2 -> 10.0p2) openssh-askpass-gnome (9.9p2 -> 10.0p2) openssl-3 (3.2.4 -> 3.5.0) openssl (3.2.4 -> 3.5.0) python-MarkupSafe (2.1.5 -> 3.0.2) python-greenlet (3.1.1 -> 3.2.1) python313 (3.13.2 -> 3.13.3) python313-core (3.13.2 -> 3.13.3) qt6-declarative rpm runc (1.2.6 -> 1.3.0) sdbootutil (1+git20250421.7ffd25a -> 1+git20250430.f7d1ad1) selinux-policy (20250411 -> 20250429) sqlite3 webrtc-audio-processing-1 wtmpdb (0.73.0+git20250408.edb8638 -> 0.74.0+git20250424.2e93e77) zypper (1.14.88 -> 1.14.89) === Details === ==== AppStream ==== Version update (1.0.4 -> 1.0.5) - Update to 1.0.5 Features: * qt: Expose markup conversion utils * desktop-styles: Add android and iOS * validator: Check for xml:lang="en" being used on description template elements * validator: Flag cases of raw text in "description" elements * metadata: Add more known extensions into as_metadata_file_guess_style() Specification: * docs: Clarify that the style segment of a screenshot environment is optional * docs: Explain consequences of defining an icon for desktop-app metainfo * docs: Clarify that description content must be in p/li elements Bugfixes: * validator: mark as_validator_issue_tag_list static * docs: Add workaround for gi-docgen misnaming devhelp files * compose: Do not permit SVG images as screenshots * compose: Don't "forget" to scan remaining paths when re-encountering a dir * pool: Try explicit singular term match if we only have low-quality tokens * utils: Provide compatibility with Fedora icon tarballs when installing them * utils: Remove leftover g_chmod() * zstd-decompressor: Pass output/written data when decompression finished * utils: Expect a dash in icons file name * utils: Recognize .yml* and .yaml* file extension variants, and .zst extension * utils: Rename the appstream file when re-saving it on install ==== AppStream-qt6 ==== Version update (1.0.4 -> 1.0.5) - Update to 1.0.5 Features: * qt: Expose markup conversion utils * desktop-styles: Add android and iOS * validator: Check for xml:lang="en" being used on description template elements * validator: Flag cases of raw text in "description" elements * metadata: Add more known extensions into as_metadata_file_guess_style() Specification: * docs: Clarify that the style segment of a screenshot environment is optional * docs: Explain consequences of defining an icon for desktop-app metainfo * docs: Clarify that description content must be in p/li elements Bugfixes: * validator: mark as_validator_issue_tag_list static * docs: Add workaround for gi-docgen misnaming devhelp files * compose: Do not permit SVG images as screenshots * compose: Don't "forget" to scan remaining paths when re-encountering a dir * pool: Try explicit singular term match if we only have low-quality tokens * utils: Provide compatibility with Fedora icon tarballs when installing them * utils: Remove leftover g_chmod() * zstd-decompressor: Pass output/written data when decompression finished * utils: Expect a dash in icons file name * utils: Recognize .yml* and .yaml* file extension variants, and .zst extension * utils: Rename the appstream file when re-saving it on install ==== Mesa ==== Version update (25.0.4 -> 25.0.5) Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1 - Update to release 25.0.5 - -> https://docs.mesa3d.org/relnotes/25.0.5 ==== Mesa-drivers ==== Version update (25.0.4 -> 25.0.5) Subpackages: Mesa-dri Mesa-gallium Mesa-vulkan-device-select libvulkan_lvp - Update to release 25.0.5 - -> https://docs.mesa3d.org/relnotes/25.0.5 ==== MicroOS-release ==== Version update (20250423 -> 20250503) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== PackageKit-Qt6 ==== Version update (1.1.1 -> 1.1.2) - Update to 1.1.2 * offline: Make sure we allow for interactive authorization * Allow Transaction::setHints before the transaction has started * Fix check for PackageKit D-Bus specs * Add missing info enum values ==== aaa_base ==== Version update (84.87+git20250410.71df276 -> 84.87+git20250429.1cad3bc) - Update to version 84.87+git20250429.1cad3bc: * Remove alias "you" (boo#1242011) - Update to version 84.87+git20250425.1664836: * Fix bug boo#1241205 by adding missed endif * alias.bash: future-proof egrep/fgrep color aliases ==== at-spi2-core ==== Version update (2.56.1 -> 2.56.2) Subpackages: libatk-1_0-0 libatk-bridge-2_0-0 libatspi0 typelib-1_0-Atk-1_0 typelib-1_0-Atspi-2_0 - Update to version 2.56.2: + Fix the build with glib < 2.76. + a11y-manager-device: Fix unmap_keysym_modifier. ==== augeas ==== Subpackages: libaugeas0 libfa1 - Add patch, fix for bsc#1239909 / CVE-2025-2588: * CVE-2025-2588.patch ==== blog ==== Version update (2.34 -> 2.35) Subpackages: libblogger2 - Update to version 2.35 * Make s390 3215 console work that is use EPOLLOUT|EPOLLONESHOT to control if we can write to ttyS0 in nonblocking mode and if not reenable EPOLLOUT|EPOLLONESHOT. * At boot set for ttyS0 via vmcp API nonblocking MORE mode with `0 0'. It beeps but boots. - Remove patches now upstream * blog-3215.patch * blog-install.patch ==== btrfsprogs ==== Subpackages: btrfsprogs-udev-rules libbtrfs0 libbtrfsutil1 - Fix name clash of parse_range between common/parse-utils.c and libblkid.a from util-linux-2.41 (btrfsprogs-libblkid-static-lib-clash.patch). ==== busybox ==== - fix regression in hexdump that broke kernel build: * busybox-1.37.0-fix-regression-n2.patch - fix build/tests and hexdump on big endian systems (S390): * busybox-1.37.0-hexdump-fix-regression-for-uint16-on-big-endian-syst.patch * busybox-1.37.0-od-make-B-test-little-endian-only-add-variant-for-bi.patch * busybox-1.37.0-hexdump-add-tests-for-x-handle-little-big-endian-pro.patch ==== cockpit ==== Subpackages: cockpit-bridge cockpit-networkmanager cockpit-packagekit cockpit-selinux-policies cockpit-system cockpit-ws - Update 0007-Remove-DynamicUser-setting-as-these-conflict-with-re.patch Update the patch to set ProtectHome and PrivateTmp to yes as it is implied when DynamicUser is enabled. The patch is also now only applied on leap 15 where it is relevant ==== cockpit-tukit ==== Version update (0.1.2~git0.647b3e3 -> 0.1.3~git0.41f9fbc) - Update to version 0.1.3~git0.41f9fbc: * FEAT: add ci * FEAT: drop rome and use styelint and eslint * FIX: update makefile to support updated translation utils * FEAT: explicitly specify cockpit-tukit is only supported on transacional systems * use typescript types provided by upstream * drop 38.patch ==== container-selinux ==== Version update (2.236.0 -> 2.237.0) - Update to version 2.237.0: * bootc/install_t: allow transition to container_runtime_t * Allow containers to mask parts of their /proc ==== coreutils ==== - coreutils-i18n.patch: update gnulib mbchar+mbfile to the commit used by coreutils-9.7: https://git.sv.gnu.org/cgit/gnulib.git/commit/?id=41e7b7e0d mainly to pick up these commits: - c67c553e758 mbfile: Support pushback characters also right before EOF. - 87ee7ef66ee mbfile: Allow 2 pushback characters. ==== coreutils-systemd ==== - coreutils-i18n.patch: update gnulib mbchar+mbfile to the commit used by coreutils-9.7: https://git.sv.gnu.org/cgit/gnulib.git/commit/?id=41e7b7e0d mainly to pick up these commits: - c67c553e758 mbfile: Support pushback characters also right before EOF. - 87ee7ef66ee mbfile: Allow 2 pushback characters. ==== crypto-policies ==== - Update crypto-policies-enable-SHA1-sigver-in-DEFAULT.patch ==== dhcp ==== Subpackages: dhcp-client - Add compile option '-std=gnu17' to fix build with gcc15. [bsc#1241472] ==== docker ==== Version update (27.5.1_ce -> 28.1.1_ce) Subpackages: docker-buildx docker-rootless-extras - Update to Docker 28.1.1-ce. See upstream changelog online at bsc#1242114 Includes upstream fixes: - CVE-2025-22872 bsc#1241830 - Remove long-outdated build handling for deprecated and unsupported devicemapper and AUFS storage drivers. AUFS was removed in v24, and devicemapper was removed in v25. - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch - Remove upstreamed patches: - 0006-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch - 0007-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch - cli-0001-docs-include-required-tools-in-source-tree.patch - Update to docker-buildx v0.23.0. Upstream changelog: ==== ethtool ==== - fix AppStream metainfo XML file * misc-fix-AppStream-metainfo-XML.patch ==== firewalld ==== Subpackages: python3-firewall - Split the package to build the firewalld-rpmmacros subpackage in a _multibuild flavor so that we can build it in Factory/i586 by itself instead of building the whole package, which has more dependencies (like python-PyQt6). ==== fuse3 ==== Version update (3.17.1 -> 3.17.2) Subpackages: libfuse3-4 - Updae to release 3.17.2 * Fixed initialization races related to buffer reallocation when large buf sizes are used (/proc/sys/fs/fuse/max_pages_limit). * A conn.want flag conversion fix for high-level applications. ==== gcc14 ==== Version update (14.2.1+git11321 -> 14.2.1+git11702) - Add gcc14-pr108900.patch to revert it, fixing libqt6webengine build. - Update to gcc-14 branch head, 3418d740b344e0ba38022f3be, git11702 * Remove gcc14-pr118780.patch now on the upstream branch - Fix build on s390x [bsc#1241549] ==== gcc15 ==== Version update (15.0.1+git9352 -> 15.1.1+git9595) Subpackages: libgcc_s1 libgfortran5 libgomp1 libstdc++6 - Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Build the COBOL frontend also for risc-v - Add loongarch64 to quadmath_arch ==== glib2-branding-openSUSE ==== - Update defaults to match current situation: + Remove banshee preference: banshee has not been shipped since 2016. + Add Loupe to the preferred applications for images + Do not use Eog by default. As it's alphabetically before Loupe, Eog would always win the way it was listed (when installed). + Explicitly set image/tiff to org.gnome.Loupe as Eog is no longer part of the default installations. ==== glslang ==== Version update (15.2.0 -> 15.3.0) - Update to release 15.3 * Fix crash calling coopMatLoadTensorNV on an array element * Implement GL_EXT_bfloat16 * Add missing error checks for bfloat16 math ==== gnome-shell ==== Subpackages: gnome-shell-calendar - Drop gnome-shell-executable-path-not-absolute.patch: The original patch did not work as expected, and assuming gsettings is in the bin dir of gnome-shell is not correct, so keep relative path (bsc#1241666). ==== gnutls ==== - Fix FIPS mode running on Tumbleweed [bsc#1237101] * When nettle or libhogweed are installed with glbic-hwcaps for x86_64-v3, some paths differ and we are unable to match the hmac file for the lib. * Add gnutls-FIPS-HMAC-x86_64-v3-opt.patch ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-common grub2-snapper-plugin - grub2-common: use fuse3 - Add support for boot assessment, needed by health-checker * grub2-bls-boot-counting.patch * grub2-bls-boot-assessment.patch * grub2-bls-boot-show-snapshot.patch * grub2-blscfg-fix-hang.patch * grub2-blscfg-set-efivars.patch - Fix reading bls fragments in file-system dependent order that is not predictable (bsc#1241046) * 0001-blscfg-read-fragments-in-order.patch - Fix PPC CAS reboot failure work when initiated via submenu (bsc#1241132) * 0001-Fix-PowerPC-CAS-reboot-to-evaluate-menu-context.patch ==== gstreamer ==== Version update (1.26.0 -> 1.26.1) Subpackages: libgstreamer-1_0-0 typelib-1_0-Gst-1_0 - Update to version 1.26.1: + Highlighted bugfixes: - awstranslate and speechmatics plugin improvements - decodebin3 fixes and urisourcebin/playbin3 stability improvements - Closed captions: CEA-708 generation and muxing fixes, and H.264/H.265 caption extractor fixes - dav1d AV1 decoder: RGB support, plus colorimetry, renegotiation and buffer pool handling fixes - Fix regression when rendering VP9 with alpha - H.265 decoder base class and caption inserter SPS/PPS handling fixes - hlssink3 and hlsmultivariantsink feature enhancements - Matroska v4 support in muxer, seeking fixes in demuxer - macOS: framerate guessing for cameras or capture devices where the OS reports silly framerates - MP4 demuxer uncompressed video handling improvements and sample table handling fixes - oggdemux: seeking improvements in streaming mode - unixfdsrc: fix gst_memory_resize warnings - Plugin loader fixes, especially for Windows - QML6 GL source renegotiation fixes - RTP and RTSP stability fixes - Thread-safety improvements for the Media Source Extension (MSE) library - v4l2videodec: fix A/V sync issues after decoding errors - Various improvements and fixes for the fragmented and non-fragmented MP4 muxers - Video encoder base class segment and buffer timestamp handling fixes - Video time code support for 119.88 fps and drop-frames-related conversion fixes - WebRTC: Retransmission entry creation fixes and better audio level header extension compatibility - YUV4MPEG encoder improvments - dots-viewer: make work locally without network access - gst-python: fix compatibility with PyGObject >= 3.52.0 - Cerbero: recipe updates, compatibility fixes for Python < 3.10; Windows Android cross-build improvements - Various bug fixes, build fixes, memory leak fixes, and other stability and reliability improvements + gstreamer: - Correctly handle whitespace paths when executing gst-plugin-scanner - Ensure properties are freed before (re)setting with g_value_dup_string() and during cleanup - cmake: Fix PKG_CONFIG_PATH formatting for Windows cross-builds - macos: Move macos function documentation to the .h so the introspection has the information - meson.build: test for and link against libatomic if it exists - pluginloader-win32: Fix helper executable path under devenv - pluginloader: fix pending_plugins Glist use-after-free issue - unixfdsrc: Complains about resize of memory area - tracers: dots: fix debug log ==== gstreamer-plugins-bad ==== Version update (1.26.0 -> 1.26.1) Subpackages: libgstadaptivedemux-1_0-0 libgstanalytics-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstinsertbin-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstmse-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Update to version 1.26.1: + Add missing Requires in pkg-config + Ensure properties are freed before (re)setting with g_value_dup_string() and during cleanup + Update docs + aja: Use the correct location of the AJA NTV2 SDK in the docs + alphacombine: De-couple flush-start/stop events handling + alphadecodebin: use a multiqueue instead of a couple of queues + avfvideosrc: Guess reasonable framerate values for some 3rd party devices + codecalpha: name both queues + d3d12converter: Fix cropping when automatic mipmap is enabled + dashsink: Make sure to use a non-NULL pad name when requesting a pad from splitmuxsink + docs: Fix GstWebRTCICE* class documentation + h264ccextractor, h265ccextractor: Handle gap with unknown pts + h265decoder, h265ccinserter: Fix broken SPS/PPS link + h265parser: Fix num_long_term_pics bound check + Segmentation fault in H265 decoder + h266decoder: fix leak parsing SEI messages + meson.build: test for and link against libatomic if it exists + mse: Improved Thread Safety of API + mse: Revert ownership transfer API change in gst_source_buffer_append_buffer() + tensordecoders: updating element classification + unixfd: Fix wrong memory size when offset > 0 + uvcsink: Respond to control requests with proper error handling + v4l2codecs: unref frame in all error paths of end_picture + va: Skip codecs that report maximum width or height lower than minimum + vapostproc: fix wrong video orientation after restarting the element + vavp9enc: fix mem leaks in _vp9_decide_profile + vkformat: fix build error + vtenc: Avoid deadlocking when changing properties on the fly + vulkan: fix memory leak at dynamic registering + webrtc: enhance rtx entry creation + webrtcbin: add missing warning for caps missmatch + ZDI-CAN-26596: New Vulnerability Report (Security) - Drop va-codecs-check-size.patch: Fixed upstream. - Drop cuda_nvdec conditional, builds fine for aarch64/armv7 now. ==== gstreamer-plugins-base ==== Version update (1.26.0 -> 1.26.1) Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 - Update to version 1.26.1: + Ensure properties are freed before (re)setting with g_value_dup_string() and during cleanup + alsadeviceprovider: Fix leak of Alsa longname + audioaggregator: fix error added in !8416 when chaining up + audiobasesink: Fix custom slaving driftsamples calculation and add custom audio clock slaving callback example + decodebin3: - Don't avoid parsebin even if we have a matching decoder - Doesn't plug parsebin for AAC from tsdemux + gl: eglimage: warn the reason of export failure + glcolorconvert: - Fix YUVA<->RGBA conversions - Regression when rendering alpha vp9 + gldownload: Unref glcontext after usage + meson.build: test for and link against libatomic if it exists + oggdemux: Don't push new packets if there is a pending seek + urisourcebin: - Make parsebin activation more reliable - Deadlock between parsebin and typefind + videoencoder: Use the correct segment and buffer timestamp in the chain function + videotimecode: Fix conversion of timecode to datetime with drop-frame timecodes and handle 119.88 fps correctly in all places ==== gstreamer-plugins-good ==== Version update (1.26.0 -> 1.26.1) - Update to version 1.26.1: + Ensure properties are freed before (re)setting with g_value_dup_string() and during cleanup + gst-plugins-good: Matroska mux v4 support + matroska-demux: Prevent corrupt cluster duplication + qml6glsrc: update buffer pool on renegotiation + qt6: Add a missing newline in unsupported platform message + qtdemux: - Fix stsc size check in qtdemux_merge_sample_table() - Next Iteration Of Uncompressed MP4 Decoder - Unref simple caps after use + rtspsrc: - Do not emit signal 'no-more-pads' too early - Don't error out on not-linked too early + rtpsession: - Do not push events while holding SESSION_LOCK - Deadlock when gst_rtp_session_send_rtcp () is forwarding eos + v4l2: drop frame for frames that cannot be decoded + v4l2videodec: AV unsync for streams with many frames that cannot be decoded + v4l2object: - Fix memory leak - Fix type mismatch when ioctl takes int + y4menc: - Fix Y41B format - Handle frames with GstVideoMeta ==== hwdata ==== Version update (0.393 -> 0.394) - Update to version 0.394: * Update pci and vendor ids ==== iptables ==== Subpackages: libip4tc2 libip6tc2 libxtables12 xtables-plugins - Remove legacy backend from SLES16 ==== jitterentropy ==== Version update (3.4.1 -> 3.6.3) - Update to 3.6.3: [bsc#1242050] * Correct time stamp processing on AIX * Use high-resolution time stamp on Apple Silicon * GCD power-up test: consider OSR * Remove patches fixed in the update: - jitterentropy-fix-a-stack-corruption-on-s390x.patch * Rebase patches: - jitterentropy-split-internal-header.patch - jitterentropy-with-debug.patch - Update to 3.6.2: * Fix RCT re-initialization in jent_read_entropy_safe * simplify test code * improve keyword portability - Update to 3.6.1: * Add more test code * Add support for SunPRO compiler * Fix compilation on OpenBSD by replacing sed with tr * internal timer: Add support for Apple * Various small fixes to compilation to imporve portability - Update to 3.6.0: * Remove bi-modal behavior of conditioning function * Make jent_read_entropy_safe safer by retrying the health test * Move the version information to make them available at compile time - Update to 3.5.0: * add distinction between intermittent and permanent health failure * add compile time option to allow configuring a mask to reduce the size of the time stamp used for the APT ==== kernel-firmware-amdgpu ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-ath10k ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-ath11k ==== Version update (20250227 -> 20250424) - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. - Update to version 20250424 (git commit c8af472e05cb): * ath11k: WCN6855 hw2.0: update board-2.bin * ath11k: IPQ5018 hw1.0: update to WLAN.HK.2.6.0.1-01300-QCAHKSWPL_SILICONZ-1 ==== kernel-firmware-ath12k ==== Version update (20250206 -> 20250424) - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. - Update to version 20250424 (git commit c8af472e05cb): * ath12k: WCN7850 hw2.0: update to WLAN.HMT.1.1.c5-00284-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 * ath12k: QCN9274 hw2.0: update board-2.bin ==== kernel-firmware-atheros ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-bluetooth ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-bnx2 ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-brcm ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-chelsio ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-dpaa2 ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-i915 ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-intel ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-iwlwifi ==== Version update (20250312 -> 20250423) - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. - Update to version 20250423 (git commit c67433231cbd): * iwlwifi: add Bz/gl FW for core95-82 release * iwlwifi: update ty/So/Ma firmwares for core95-82 release * iwlwifi: update cc/Qu/QuZ firmwares for core95-82 release - Update to version 20250422 (git commit 32f3227b67c0): * iwlwifi: add Bz-hr FW for core93-123 release ==== kernel-firmware-liquidio ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-marvell ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-media ==== Version update (20250422 -> 20250424) - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. - Update to version 20250424 (git commit c8af472e05cb): * qcom: vpu: update video firmware binary for SA8775p ==== kernel-firmware-mediatek ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-mellanox ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-mwifiex ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-network ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-nfp ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-nvidia ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-platform ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-prestera ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-qcom ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-qlogic ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-radeon ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-realtek ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-serial ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-sound ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-ti ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-ueagle ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-usb-network ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-source ==== Version update (6.14.3 -> 6.14.4) Subpackages: kernel-64kb kernel-default - Linux 6.14.4 (bsc#1012628). - scsi: hisi_sas: Enable force phy when SATA disk directly connected (bsc#1012628). - wifi: at76c50x: fix use after free access in at76_disconnect (bsc#1012628). - wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() (bsc#1012628). - wifi: mac80211: Purge vif txq in ieee80211_do_stop() (bsc#1012628). - wifi: brcmfmac: fix memory leak in brcmf_get_module_param (bsc#1012628). - wifi: wl1251: fix memory leak in wl1251_tx_work (bsc#1012628). - scsi: iscsi: Fix missing scsi_host_put() in error path (bsc#1012628). - scsi: smartpqi: Use is_kdump_kernel() to check for kdump (bsc#1012628). - md/raid10: fix missing discard IO accounting (bsc#1012628). - md/md-bitmap: fix stats collection for external bitmaps (bsc#1012628). - ASoC: dwc: always enable/disable i2s irqs (bsc#1012628). - ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() (bsc#1012628). - crypto: tegra - Fix IV usage for AES ECB (bsc#1012628). - ovl: remove unused forward declaration (bsc#1012628). - RDMA/bnxt_re: Fix budget handling of notification queue (bsc#1012628). - RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() (bsc#1012628). - RDMA/hns: Fix wrong maximum DMA segment size (bsc#1012628). - ALSA: hda/cirrus_scodec_test: Don't select dependencies (bsc#1012628). - ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (bsc#1012628). - ASoC: cs42l43: Reset clamp override on jack removal (bsc#1012628). - RDMA/core: Silence oversized kvmalloc() warning (bsc#1012628). - firmware: cs_dsp: test_bin_error: Fix uninitialized data used as fw version (bsc#1012628). - Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address (bsc#1012628). - Bluetooth: btrtl: Prevent potential NULL dereference (bsc#1012628). - Bluetooth: l2cap: Check encryption key size on incoming connection (bsc#1012628). - RDMA/bnxt_re: Remove unusable nq variable (bsc#1012628). - ipv6: add exception routes to GC list in rt6_insert_exception (bsc#1012628). - xen: fix multicall debug feature (bsc#1012628). - mlxbf-bootctl: use sysfs_emit_at() in secure_boot_fuse_state_show() (bsc#1012628). - wifi: iwlwifi: pcie: set state to no-FW before reset handshake (bsc#1012628). - Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" (bsc#1012628). - igc: fix PTM cycle trigger logic (bsc#1012628). - igc: increase wait time before retrying PTM (bsc#1012628). - igc: move ktime snapshot into PTM retry loop (bsc#1012628). - igc: handle the IGC_PTP_ENABLED flag correctly (bsc#1012628). - igc: cleanup PTP module if probe fails (bsc#1012628). - igc: add lock preventing multiple simultaneous PTM transactions (bsc#1012628). - perf tools: Remove evsel__handle_error_quirks() (bsc#1012628). - dt-bindings: soc: fsl: fsl,ls1028a-reset: Fix maintainer entry (bsc#1012628). - smc: Fix lockdep false-positive for IPPROTO_SMC (bsc#1012628). - test suite: use %zu to print size_t (bsc#1012628). - selftests: mincore: fix tmpfs mincore test failure (bsc#1012628). - pds_core: fix memory leak in pdsc_debugfs_add_qcq() (bsc#1012628). - ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll() (bsc#1012628). - net: mctp: Set SOCK_RCU_FREE (bsc#1012628). - net: hibmcge: fix incorrect pause frame statistics issue (bsc#1012628). - net: hibmcge: fix incorrect multicast filtering issue (bsc#1012628). - net: hibmcge: fix wrong mtu log issue (bsc#1012628). - net: hibmcge: fix not restore rx pause mac addr after reset issue (bsc#1012628). - block: fix resource leak in blk_register_queue() error path (bsc#1012628). - netlink: specs: ovs_vport: align with C codegen capabilities (bsc#1012628). - net: openvswitch: fix nested key length validation in the set() action (bsc#1012628). - can: rockchip_canfd: fix broken quirks checks (bsc#1012628). - net: ngbe: fix memory leak in ngbe_probe() error path (bsc#1012628). - octeontx2-pf: handle otx2_mbox_get_rsp errors (bsc#1012628). - net: ethernet: ti: am65-cpsw: fix port_np reference counting (bsc#1012628). - eth: bnxt: fix missing ring index trim on error path (bsc#1012628). - loop: aio inherit the ioprio of original request (bsc#1012628). - loop: stop using vfs_iter_{read,write} for buffered I/O (bsc#1012628). - nvmet: pci-epf: always fully initialize completion entries (bsc#1012628). ... changelog too long, skipping 328 lines ... - commit f04c2d4 ==== libavif ==== Version update (1.1.1 -> 1.2.1) - Disable tests due to restrictions in Factory/ring1. - Temporary deactivation of the generation of manual pages with pandoc due to restrictions in Factory/ring1. (https://build.opensuse.org/request/show/1272161#comment-2136811) - update to 1.2.1: * Added since 1.2.0 - Add support for outputting all frames of an image sequence in avifdec. - avifdec --index all sequence.avif out.png creates files named - out-xxxxxxxxxx.png where xxxxxxxxxx are the zero-padded frame indices. * Changed since 1.2.0 - Fix local libargparse dependency patch step on macOS 10.15 and earlier. - Patch local libyuv dependency for compatibility with gcc 10. - Use stricter C99 syntax to avoid related compilation issues. - Update svt.cmd/svt.sh/LocalSvt.cmake to v3.0.1. - update to 1.2.0: * Added since 1.1.1 - Turn on the gain map API. Remove the AVIF_ENABLE_EXPERIMENTAL_GAIN_MAP CMake flag. - Allow YCgCo_Re and YCgCo_Ro encoding/decoding and update the enum values to the latest CICP specification. Remove the AVIF_ENABLE_EXPERIMENTAL_YCGCO_R CMake flag. - Add the properties and numProperties fields to avifImage. They are filled by the avifDecoder instance with the properties unrecognized by libavif. They are written by the avifEncoder. - Add avif(Un)SignedFraction structs and avifDoubleTo(Un)SignedFraction utility functions. - Add 'avifgainmaputil' command line tool to installed apps. - Add avifCropRectRequiresUpsampling(). - Add experimental support for PixelInformationProperty syntax from HEIF 3rd Ed. Amd2 behind the compilation flag AVIF_ENABLE_EXPERIMENTAL_EXTENDED_PIXI. - Add experimental Sample Transform recipe BIT_DEPTH_EXTENSION_12B_8B_OVERLAP_4B. * Changed since 1.1.1 - avifenc: Allow large images to be encoded. - Fix empty CMAKE_CXX_FLAGS_RELEASE if -DAVIF_CODEC_AOM=LOCAL -DAVIF_LIBYUV=OFF is specified. #2365. - Rename AVIF_ENABLE_EXPERIMENTAL_METAV1 to AVIF_ENABLE_EXPERIMENTAL_MINI and update the experimental reduced header feature to the latest specification draft. Rename AVIF_HEADER_REDUCED to AVIF_HEADER_MINI. - Update the experimental Sample Transform feature behind the AVIF_ENABLE_EXPERIMENTAL_SAMPLE_TRANSFORM CMake flag to the latest specification draft. - Ignore gain maps with unsupported metadata. Handle gain maps with writer_version > 0 correctly. - Simplify gain map API: remove the enableParsingGainMapMetadata setting, now gain map metadata is always parsed if present and if this feature is compiled in. Replace enableDecodingGainMap and ignoreColorAndAlpha with a bit field to choose image content to decode. Remove gainMapPresent: users can check if decoder->image->gainMap != NULL instead. Remove avifGainMapMetadata and avifGainMapMetadataDouble structs. - Write an empty HandlerBox name field instead of "libavif" (saves 7 bytes). - Check for FileTypeBox precedence in avifParse(). - Do not write an alternative group with the same ID as an item. - Update aom.cmd/LocalAom.cmake: v3.12.0. The new codec-specific option tune=iq (image quality) is added in libaom v3.12.0. - Update parseAV2SequenceHeader() and avm.cmd: research-v9.0.0 - Update dav1d.cmd/dav1d_android.sh/LocalDav1d.cmake: 1.5.1 - Update libjpeg.cmd/LocalJpeg.cmake: v3.0.4 - Update libxml2.cmd/LocalLibXml2.cmake: v2.13.5 - Update libyuv.cmd: ccdf87034 (1903) - Update svt.cmd/svt.sh/LocalSvt.cmake to v3.0.0. When available, use EbSvtAv1EncConfiguration::lossless and ::level_of_parallelism in libavif. - Remove AVIF_ENABLE_GTEST CMake option. It's now implied by AVIF_GTEST=LOCAL/SYSTEM. - Deprecate avifEncoder's minQuantizer, maxQuantizer, minQuantizerAlpha, and maxQuantizerAlpha fields. quality and qualityAlpha should be used instead. Deprecate avifenc's --min, --max, --minalpha and --maxalpha flags. -q or --qcolor and --qalpha should be used instead. - For dependencies, the deprecated way of setting AVIF_LOCAL_* to ON is removed. Dependency options can now only be set to OFF/LOCAL/SYSTEM. - Change the default quality for alpha to be the same as the quality for color. - Allow decoding subsampled images with odd Clean Aperture dimensions or offsets. - Deprecate avifCropRectConvertCleanApertureBox() and avifCleanApertureBoxConvertCropRect(). Replace them with avifCropRectFromCleanApertureBox() and avifCleanApertureBoxFromCropRect(). - Write descriptive properties before transformative properties. - Reject non-essential transformative properties. - Treat avifenc --stdin as a regular positional file path argument. - Update man pages based on avifenc/dec's --help message. - android_jni: Support 16kb page size - android_jni: Set threads to 2 instead of CPU count - Fix overflows when dealing with alpha during YUV/RGB conversions and in avifRGBImageAllocatePixels(). - Make avifEncoder.headerFormat a flag combination for future features. - Rename AVIF_HEADER_FULL to AVIF_HEADER_DEFAULT. Deprecate AVIF_HEADER_FULL. - Fix decoding image sequences with non video tracks (such as audio or subtitles). - Fix type checking of auxiliary tracks: previously any auxiliary track was assumed to be alpha, even if it was a different type. If the aux type is absent, it is assumed to be alpha. - Add libargparse-ee74d1b53bd680748af14e737378de57e2a0a954.tar.gz - Add %check/tests - Add man pages ==== libeconf ==== Version update (0.7.7 -> 0.7.8) - Update to version 0.7.8: * Fix memory access if there are a comment character inside a comment. ==== libedit ==== Version update (20210910.3.1 -> 20250104.3.1) - update to 20250104: * all: sync with upstream source * doc/Makefile.am: fix regression. Name all manpage links as el_* (e.g. el_history.3) to avoid conflicts. * src/chartype.c: Add missing stdint.h * src/sys.h, src/reallocarr.c: Remove unused sys/cdefs.h include, to compile against musl libc * src/sys.h: Add __sun guard around sys/types.h in sys.h - drop libedit-20180525-manpage-conflicts.patch and libedit-hidden-symbols.patch: upstreamed - no need for autoreconf and it's BuildRequires: ==== libgcrypt ==== - Differentiate use of SHA1 in the service level indicator [jsc#PED-12227] * Include upstream SLI revamp and fips certification fixes * Add patches: - libgcrypt-fips-Introduce-an-internal-API-for-FIPS-service-indicator.patch - libgcrypt-fips-Introduce-GCRYCTL_FIPS_SERVICE_INDICATOR-and-the-macro.patch - libgcrypt-fips-kdf-Implement-new-FIPS-service-indicator-for-gcry_kdf_derive.patch - libgcrypt-fips-md-Implement-new-FIPS-service-indicator-for-gcry_md_hash_.patch - libgcrypt-fips-tests-Add-t-digest.patch - libgcrypt-fips-Change-the-internal-API-for-new-FIPS-service-indicator.patch - libgcrypt-fips-md-Implement-new-FIPS-service-indicator-for-gcry_md_open-API.patch - libgcrypt-fips-tests-Add-tests-for-md_open-write-read-close-for-t-digest.patch - libgcrypt-fips-mac-Implement-new-FIPS-service-indicator-for-gcry_mac_open.patch - libgcrypt-fips-cipher-Implement-new-FIPS-service-indicator-for-cipher_open.patch - libgcrypt-tests-fips-Add-gcry_mac_open-tests.patch - libgcrypt-tests-fips-Rename-t-fips-service-ind.patch - libgcrypt-tests-fips-Move-KDF-tests-to-t-fips-service-ind.patch - libgcrypt-tests-fips-Add-gcry_cipher_open-tests.patch - libgcrypt-fips-md-gcry_md_copy-should-care-about-FIPS-service-indicator.patch - libgcrypt-fips-cipher-Implement-FIPS-service-indicator-for-gcry_pk_hash_-API.patch - libgcrypt-fips-Introduce-GCRYCTL_FIPS_REJECT_NON_FIPS.patch - libgcrypt-Fix-the-previous-change.patch - libgcrypt-fips-Rejection-by-GCRYCTL_FIPS_REJECT_NON_FIPS-not-by-open-flags.patch - libgcrypt-fips-cipher-Add-behavior-not-to-reject-but-mark-non-compliant.patch - libgcrypt-fips-ecc-Add-rejecting-or-marking-for-gcry_pk_get_curve.patch - libgcrypt-tests-Add-more-tests-to-tests-t-fips-service-ind.patch - libgcrypt-fips-ecc-Check-DATA-in-gcry_pk_sign-verify-in-FIPS-mode.patch - libgcrypt-fips-cipher-Fix-memory-leak-for-gcry_pk_hash_sign.patch - libgcrypt-build-Improve-__thread-specifier-check.patch - libgcrypt-cipher-Check-and-mark-non-compliant-cipher-modes-in-the-SLI.patch - libgcrypt-cipher-Rename-_gcry_cipher_is_mode_fips_compliant.patch - libgcrypt-cipher-Don-t-differentiate-GCRY_CIPHER_MODE_CMAC-in-FIPS-mode.patch - libgcrypt-cipher-rsa-Mark-reject-SHA1-unknown-with-RSA-signature-generation.patch - libgcrypt-md-Fix-gcry_md_algo_info-to-mark-reject-under-FIPS-mode.patch - libgcrypt-md-Use-check_digest_algo_spec-in-_gcry_md_selftest.patch - libgcrypt-tests-Update-t-fips-service-ind-using-GCRY_MD_SHA256-for-KDF-tests.patch - libgcrypt-fips-cipher-Do-the-computation-when-marking-non-compliant.patch - libgcrypt-tests-Allow-tests-with-USE_RSA.patch - libgcrypt-cipher-Add-KAT-for-non-rfc6979-ECDSA-with-fixed-k.patch - libgcrypt-cipher-Differentiate-use-of-label-K-in-the-SLI.patch - libgcrypt-cipher-Differentiate-igninvflag-in-the-SLI.patch - libgcrypt-cipher-Differentiate-no-blinding-flag-in-the-SLI.patch - libgcrypt-fips-cipher-Add-GCRY_FIPS_FLAG_REJECT_PK_FLAGS.patch - libgcrypt-cipher-ecc-Fix-for-supplied-K.patch - libgcrypt-cipher-visibility-Differentiate-use-of-random-override-in-the-SLI.patch - libgcrypt-cipher-fips-Fix-for-random-override.patch - libgcrypt-md-Make-SHA-1-non-FIPS-internally-for-1.12-API.patch - libgcrypt-fips-Fix-GCRY_FIPS_FLAG_REJECT_MD.patch - libgcrypt-doc-Add-about-GCRYCTL_FIPS_SERVICE_INDICATOR.patch - libgcrypt-doc-Fix-syntax-error.patch * Rebase patches: - libgcrypt-FIPS-SLI-kdf-leylength.patch ==== libgpg-error ==== Version update (1.54 -> 1.55) - Update to 1.55: * Rewrite the extended length path handling under Windows. [T5754] * Add new test commands to the gpg-error tool. Allow command w/o dashes and reformat the help. [rEc002490a8f] * Silence warning from gcc 15. [T7621] ==== libnftnl ==== - Update signing key to 0x8C5F7146A1757A65E2422A94D70D1A666ACF2B21, which is currently used to sign the latest tarballs including version 1.2.9. ==== libraw ==== Version update (0.21.3 -> 0.21.4) - version update to 0.21.4 * additional checks in PhaseOne correction tag 0x412 processing * Do not apply canon metadata crop to DNG files * Make sure the profile_length is the same size as the allocated memory. * fix: remove duplicated supported camera * check split_col/split_row values in phase_one_correct * Prevent out-of-bounds read in fuji 0xf00c tag parser * prevent OOB reads in phase_one_correct - modified sources % baselibs.conf - fixes: * CVE-2025-43964 [bsc#1241584] * CVE-2025-43962 [bsc#1241585] * CVE-2025-43961 [bsc#1241643] * CVE-2025-43963 [bsc#1241642] ==== libsoup ==== Subpackages: libsoup-3_0-0 typelib-1_0-Soup-3_0 - Add libsoup-CVE-2025-32907.patch: correct merge of ranges (boo#1241222 CVE-2025-32907 glgo#GNOME/libsoup!452). ==== libsoup2 ==== - Add more CVE fixes: + c9083869.patch (boo#1241686 CVE-2025-46420) + libsoup-CVE-2025-32914.patch (boo#1241164 CVE-2025-32914) + libsoup-CVE-2025-32907.patch (boo#1241222 CVE-2025-32907) + libsoup-CVE-2025-46421.patch (boo#1241688 CVE-2025-46421) ==== libssh ==== Subpackages: libssh-config libssh4 - Fix build and tests with OpenSSH >= 10.0 * Use %make_build instead of naked make * Add patches: - libssh-CmakeLists-Fix-multiple-digit-major-version-for-OpenSSH.patch - libssh-misc-Fix-OpenSSH-banner-parsing.patch ==== libxkbcommon ==== Version update (1.8.1 -> 1.9.0) Subpackages: libxkbcommon-x11-0 libxkbcommon0 libxkbregistry0 - Update to release 1.9.0 * keysyms can now be written as just Unicode strings, including multi-keysyms. * Added support for new ``, `` and `` wildcard syntax in rules files. * Added support for a new escaping format for Unicode, `\u{NNNN}`. ==== libzip ==== - Fix libzip-devel dependencies. libzip-targets*.cmake create CMake targets for zipcmp, zipmerge and ziptool. ==== libzypp ==== Version update (17.36.6 -> 17.36.7) - fixed build with boost 1.88. - XmlReader: Fix detection of bad input streams (fixes #635) libxml2 2.14 potentially reads the complete stream, so it may have the 'eof' bit set. Which is not 'good' but also not 'bad'. - rpm: Fix detection of %triggerscript starts (bsc#1222044) - RepoindexFileReader: add more related attributes a service may set. Add optional attributes gpgcheck, repo_gpgcheck, pkg_gpgcheck, keeppackages, gpgkey, mirrorlist, and metalink with the same semantic as in a .repo file. - version 17.36.7 (35) ==== lilv ==== - Rework the way the preferred python flavor is used as prefix so it also works with Slowroll - Add BuildRequires for pkgconfig(zix) which was pulled in indirectly but is actually required since 0.24.22. - Generate the python subpackage with the python flavored prefix it's being used instead of always using python3 ==== lua54 ==== - Fix license: it is MIT, not GPL-3.0-or-later. ==== mozilla-nss ==== Version update (3.109 -> 3.110) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.110 * bmo#1930806 - FIPS changes need to be upstreamed: force ems policy * bmo#1954724 - Prevent excess allocations in sslBuffer_Grow * bmo#1953429 - Remove Crl templates from ASN1 fuzz target * bmo#1953429 - Remove CERT_CrlTemplate from ASN1 fuzz target * bmo#1952855 - Fix memory leak in NSS_CMSMessage_IsSigned * bmo#1930807 - NSS policy updates * bmo#1951161 - Improve locking in nssPKIObject_GetInstances * bmo#1951394 - Fix race in sdb_GetMetaData * bmo#1951800 - Fix member access within null pointer * bmo#1950077 - Increase smime fuzzer memory limit * bmo#1949677 - Enable resumption when using custom extensions * bmo#1952568 - change CN of server12 test certificate * bmo#1949118 - Part 2: Add missing check in NSS_CMSDigestContext_FinishSingle * bmo#1949118 - Part 1: Fix smime UBSan errors * bmo#1930806 - FIPS changes need to be upstreamed: updated key checks * bmo#1951491 - Don't build libpkix in static builds * bmo#1951395 - handle `-p all` in try syntax * bmo#1951346 - fix opt-make builds to actually be opt * bmo#1951346 - fix opt-static builds to actually be opt * bmo#1916439 - Remove extraneous assert - Removed upstreamed nss-fips-stricter-dh.patch - Added bmo1962556.patch to fix test failures - Rebased nss-fips-approved-crypto-non-ec.patch nss-fips-combined-hash-sign-dsa-ecdsa.patch ==== ncurses ==== Version update (6.5.20250412 -> 6.5.20250426) Subpackages: libncurses6 ncurses-utils terminfo-base - Modify patch ncurses-5.9-ibm327x.dif * sclp term: use ASCII Console key mapping and support home * ibm327x term: can do color and drawings but no cursor - Add ncurses patch 20250426 + expand note on extensions in curs_addch.3x + add illumos, sun-16color, sun-256color, sun-direct -TD + add wyse+cvis -TD - Add ncurses patch 20250419 + add note on scrolling and lower-right corner to waddch and wadd_wch manual pages. - Modify patch ncurses-5.9-ibm327x.dif * sclp term: more missed features like home/end/pageup/pagedown keys ==== nghttp2 ==== Version update (1.64.0 -> 1.65.0) - version update to 1.65.0 * Change clang-format options by @tatsuhiro-t in #2240 * build(deps): bump github.com/quic-go/quic-go from 0.46.0 to 0.47.0 by @dependabot in #2243 * build(deps): bump golang.org/x/net from 0.28.0 to 0.29.0 by @dependabot in #2244 * nghttp2_map: Port ngtcp2 changes by @tatsuhiro-t in #2245 * h2load: Fix UDP datagram send/recv metric by @tatsuhiro-t in #2248 * build(deps): bump golang.org/x/net from 0.29.0 to 0.30.0 by @dependabot in #2252 * fix race condition on h1 connection close by @TuxInvader in #2249 * Gha ubuntu 24.04 by @tatsuhiro-t in #2254 * GHA: Run tests for i686-w64-mingw32 host by @tatsuhiro-t in #2255 * cmake: Fix c-ares v1.34.0 version detection failure by @tatsuhiro-t in #2256 * fix: -Wextra-semi errors in nghttp2_helper.h by @codebytere in #2258 * clang-format macros that do not need semicolon at the end by @tatsuhiro-t in #2259 * Remove extra semicolons by @tatsuhiro-t in #2260 * Bump ngtcp2 and its dependencies by @tatsuhiro-t in #2261 * Do not allow '@' in :authority or host field values by @tatsuhiro-t in #2262 * h2load: GRO buffer size should be 64KiB by @tatsuhiro-t in #2263 * Bump libbpf to v1.4.6 by @tatsuhiro-t in #2264 * Update nghttp2_check_authority doc by @tatsuhiro-t in #2265 ==== open-vm-tools ==== Subpackages: libvmtools0 - (bsc#1237147): Newer version of containerd do not have the directory /usr/share/go/1.x/contrib/src/github.com/containerd/containerd/api. Update detect-suse-location.patch to point to the directory /usr/share/go/1.x/contrib/src/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api to find the needed files and update the tasks.proto file to import from github.com/containerd/containerd/vendor/github.com/containerd/containerd/api ==== openssh ==== Version update (9.9p2 -> 10.0p2) Subpackages: openssh-clients openssh-common openssh-server - Add openssh-send-extra-term-env.patch, which appends a few environment variables useful for terminal identification to the default send and accept lists. - "Update" to openssh 10.0p2: - There was an issue during the packaging of 10.0p1 which made it identify itself as 10.0p2 so 10.0p1 is now considered identical to 10.0p2 and upstream won't release a separate 10.0p2 package. - Update to openssh 10.0p1: = Potentially-incompatible changes * This release removes support for the weak DSA signature algorithm, completing the deprecation process that began in 2015 (when DSA was disabled by default) and repeatedly warned over the last 12 months. * scp(1), sftp(1): pass "ControlMaster no" to ssh when invoked by scp & sftp. This disables implicit session creation by these tools when ControlMaster was set to yes/auto by configuration, which some users found surprising. This change will not prevent scp/sftp from using an existing multiplexing session if one had already been created. GHPR557 * This release has the version number 10.0 and announces itself as "SSH-2.0-OpenSSH_10.0". Software that naively matches versions using patterns like "OpenSSH_1*" may be confused by this. * sshd(8): this release removes the code responsible for the user authentication phase of the protocol from the per- connection sshd-session binary to a new sshd-auth binary. Splitting this code into a separate binary ensures that the crucial pre-authentication attack surface has an entirely disjoint address space from the code used for the rest of the connection. It also yields a small runtime memory saving as the authentication code will be unloaded after the authentication phase completes. This change should be largely invisible to users, though some log messages may now come from "sshd-auth" instead of "sshd-session". Downstream distributors of OpenSSH will need to package the sshd-auth binary. * sshd(8): this release disables finite field (a.k.a modp) Diffie-Hellman key exchange in sshd by default. Specifically, this removes the "diffie-hellman-group*" and "diffie-hellman-group-exchange-*" methods from the default KEXAlgorithms list. The client is unchanged and continues to support these methods by default. Finite field Diffie Hellman is slow and computationally expensive for the same security level as Elliptic Curve DH or PQ key agreement while offering no redeeming advantages. ECDH has been specified for the SSH protocol for 15 years and some form of ECDH has been the default key exchange in OpenSSH for the last 14 years. * sshd(8): this release removes the implicit fallback to compiled-in groups for Diffie-Hellman Group Exchange KEX when the moduli file exists but does not contain moduli within the client-requested range. The fallback behaviour remains for the case where the moduli file does not exist at all. This allows administrators more explicit control over which DH groups will be selected, but can lead to connection failures if the moduli file is edited incorrectly. bz#2793 = Security * sshd(8): fix the DisableForwarding directive, which was failing to disable X11 forwarding and agent forwarding as documented. X11 forwarding is disabled by default in the server and agent forwarding is off by default in the client. = New features * ssh(1): the hybrid post-quantum algorithm mlkem768x25519-sha256 is now used by default for key agreement. This algorithm is considered to be safe against attack by quantum computers, is guaranteed to be no less strong than the popular curve25519-sha256 algorithm, has been standardised by NIST and is considerably faster than the previous default. * ssh(1): prefer AES-GCM to AES-CTR mode when selecting a cipher for the connection. The default cipher preference list is now Chacha20/Poly1305, AES-GCM (128/256) followed by AES-CTR (128/192/256). * ssh(1): add %-token and environment variable expansion to the ssh_config SetEnv directive. * ssh(1): allow %-token and environment variable expansion in the ssh_config User directive, with the exception of %r and %C which would be self-referential. bz#3477 * ssh(1), sshd(8): add "Match version" support to ssh_config and sshd_config. Allows matching on the local version of OpenSSH, e.g. "Match version OpenSSH_10.*". * ssh(1): add support for "Match sessiontype" to ssh_config. Allows matching on the type of session initially requested, either "shell" for interactive sessions, "exec" for command execution sessions, "subsystem" for subsystem requests, such as sftp, or "none" for transport/forwarding-only sessions. * ssh(1): add support for "Match command ..." support to ssh_config, allowing matching on the remote command as specified on the command-line. * ssh(1): allow 'Match tagged ""' and 'Match command ""' to match empty tag and command values respectively. * sshd(8): allow glob(3) patterns to be used in sshd_config AuthorizedKeysFile and AuthorizedPrincipalsFile directives. bz2755 * sshd(1): support the VersionAddendum in the client, mirroring the option of the same name in the server; bz2745 * ssh-agent(1): the agent will now delete all loaded keys when signaled with SIGUSR1. This allows deletion of keys without having access to $SSH_AUTH_SOCK. * Portable OpenSSH, ssh-agent(1): support systemd-style socket activation in ssh-agent using the LISTEN_PID/LISTEN_FDS mechanism. Activated when these environment variables are set, ... changelog too long, skipping 116 lines ... * fix-nopie-flag.patch ==== openssh-askpass-gnome ==== Version update (9.9p2 -> 10.0p2) - "Update" to openssh 10.0p2: * No changes for askpass, see main package changelog for details. - Update to openssh 10.0p1: * No changes for askpass, see main package changelog for details. ==== openssl-3 ==== Version update (3.2.4 -> 3.5.0) Subpackages: libopenssl3 - Update to 3.5.0: * Changes: - Default encryption cipher for the req, cms, and smime applications changed from des-ede3-cbc to aes-256-cbc. - The default TLS supported groups list has been changed to include and prefer hybrid PQC KEM groups. Some practically unused groups were removed from the default list. - The default TLS keyshares have been changed to offer X25519MLKEM768 and and X25519. - All BIO_meth_get_*() functions were deprecated. * New features: - Support for server side QUIC (RFC 9000) - Support for 3rd party QUIC stacks including 0-RTT support - Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA) - A new configuration option no-tls-deprecated-ec to disable support for TLS groups deprecated in RFC8422 - A new configuration option enable-fips-jitter to make the FIPS provider to use the JITTER seed source - Support for central key generation in CMP - Support added for opaque symmetric key objects (EVP_SKEY) - Support for multiple TLS keyshares and improved TLS key establishment group configurability - API support for pipelining in provided cipher algorithms * Remove patches: - openssl-3-disable-hmac-hw-acceleration-with-engine-digest.patch - openssl-3-support-CPACF-sha3-shake-perf-improvement.patch - openssl-3-add-defines-CPACF-funcs.patch - openssl-3-fix-memleak-s390x_HMAC_CTX_copy.patch - openssl-3-add-xof-state-handling-s3_absorb.patch - openssl-3-fix-state-handling-sha3_absorb_s390x.patch - openssl-3-fix-s390x_shake_squeeze.patch - openssl-3-hw-acceleration-aes-xts-s390x.patch - openssl-3-support-EVP_DigestSqueeze-in-digest-prov-s390x.patch - openssl-3-fix-state-handling-keccak_final_s390x.patch - openssl-3-add-hw-acceleration-hmac.patch - openssl-3-fix-state-handling-sha3_final_s390x.patch - openssl-3-fix-hmac-digest-detection-s390x.patch - openssl-3-support-multiple-sha3_squeeze_s390x.patch - openssl-3-fix-sha3-squeeze-ppc64.patch - openssl-3-fix-s390x_sha3_absorb.patch - openssl-3-fix-state-handling-shake_final_s390x.patch - openssl-3-add_EVP_DigestSqueeze_api.patch - openssl-FIPS-enforce-security-checks-during-initialization.patch - openssl-FIPS-140-3-zeroization.patch - openssl-FIPS-Add-explicit-indicator-for-key-length.patch - openssl-FIPS-Mark-SHA1-as-nonapproved.patch - openssl-Remove-EC-curves.patch - openssl-FIPS-services-minimize.patch - openssl-Revert-Improve-FIPS-RSA-keygen-performance.patch - openssl-3-FIPS-GCM-Implement-explicit-indicator-for-IV-gen.patch - openssl-3-fix-quic_multistream_test.patch - openssl-3-jitterentropy-3.4.0.patch - openssl-Add-FIPS-indicator-parameter-to-HKDF.patch - openssl-FIPS-140-3-DRBG.patch - openssl-FIPS-Use-FFDHE2048-in-self-test.patch - openssl-FIPS-Use-digest_sign-digest_verify-in-self-test.patch - openssl-FIPS-signature-Add-indicator-for-PSS-salt-length.patch - openssl-pbkdf2-Set-indicator-if-pkcs5-param-disabled-checks.patch - openssl-FIPS-enforce-EMS-support.patch - openssl-Allow-disabling-of-SHA1-signatures.patch - openssl-3-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch * Rebased patches: - openssl-pkgconfig.patch - openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch - openssl-Add-Kernel-FIPS-mode-flag-support.patch - openssl-Force-FIPS.patch - openssl-disable-fipsinstall.patch - openssl-FIPS-embed-hmac.patch - openssl-Add-changes-to-ectest-and-eccurve.patch - openssl-Disable-explicit-ec.patch - openssl-skipped-tests-EC-curves.patch - openssl-FIPS-140-3-keychecks.patch - openssl-FIPS-early-KATS.patch - openssl-FIPS-limit-rsa-encrypt.patch - openssl-FIPS-Expose-a-FIPS-indicator.patch - openssl-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch - openssl-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch - openssl-pbkdf2-Set-minimum-password-length-of-8-bytes.patch - openssl-FIPS-RSA-disable-shake.patch - openssl-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch - openssl-FIPS-Enforce-error-state.patch - openssl-FIPS-Remove-X9.31-padding-from-FIPS-prov.patch - openssl-FIPS-enforce-EMS-support.patch - openssl-TESTS-Disable-default-provider-crypto-policies.patch - openssl-skip-quic-pairwise.patch * Add patches: - openssl-FIPS-Fix-encoder-decoder-negative-test.patch - openssl-FIPS-SUSE-FIPS-module-version.patch - openssl-FIPS-EC-disable-weak-curves.patch - openssl-FIPS-NO-DES-support.patch - openssl-FIPS-NO-DSA-Support.patch - openssl-FIPS-NO-Kmac.patch - openssl-FIPS-NO-PQ-ML-SLH-DSA.patch - openssl-shared-jitterentropy.patch - openssl-rh-allow-sha1-signatures.patch - openssl-disable-75-test_quicapi-test.patch - Changes between 3.3.0 and 3.4.0: * Changes: - Deprecation of TS_VERIFY_CTX_set_* functions and addition of ... changelog too long, skipping 96 lines ... - Support for using certificate profiles and extened delayed delivery in CMP ==== openssl ==== Version update (3.2.4 -> 3.5.0) - Update to 3.5.0 ==== python-MarkupSafe ==== Version update (2.1.5 -> 3.0.2) - Update to 3.0.2 * Fix compatibility when __str__ returns a str subclass. #472 * Build requires setuptools >= 70.1. #475 - Update to 3.0.1 * Address compiler warnings that became errors in GCC 14. #466 * Fix compatibility with proxy objects. #467 - Update to 3.0.0 * Support Python 3.13 and its experimental free-threaded build. #461 * Drop support for Python 3.7 and 3.8. * Use modern packaging metadata with pyproject.toml instead of setup.cfg. #348 * Change distutils imports to setuptools. #399 * Use deferred evaluation of annotations. #400 * Update signatures for Markup methods to match str signatures. Use positional-only arguments. #400 * Some str methods on Markup no longer escape their argument: strip, lstrip, rstrip, removeprefix, removesuffix, partition, and rpartition; replace only escapes its new argument. These methods are conceptually linked to search methods such as in, find, and index, which already do not escape their argument. #401 * The __version__ attribute is deprecated. Use feature detection, or importlib.metadata.version("markupsafe"), instead. #402 * Speed up escaping plain strings by 40%. #434 * Simplify speedups implementation. #437 ==== python-greenlet ==== Version update (3.1.1 -> 3.2.1) - Update to 3.2.1 * Fix a crash regression for Riscv64. See issue 443. - from version 3.2.0 * Remove support for Python 3.7 and 3.8. * Add untested, community supported implementation for RiscV 32. See PR 438. * Make greenlet build and run on Python 3.14a7. It will not build on earlier 3.14 alpha releases, and may not build on later 3.14 releases. * Packaging: Use PEP 639 license expressions and include license files. ==== python313 ==== Version update (3.13.2 -> 3.13.3) - Update to 3.13.3: - Tools/Demos - gh-131852: msgfmt no longer adds the POT-Creation-Date to generated .mo files for consistency with GNU msgfmt. - gh-85012: Correctly reset msgctxt when compiling messages in msgfmt. - gh-130025: The iOS testbed now correctly handles symlinks used as Python framework references. - Tests - gh-131050: test_ssl.test_dh_params is skipped if the underlying TLS library does not support finite-field ephemeral Diffie-Hellman. - gh-129200: Multiple iOS testbed runners can now be started at the same time without introducing an ambiguity over simulator ownership. - gh-130292: The iOS testbed will now run successfully on a machine that has not previously run Xcode tests (such as CI configurations). - gh-130293: The tests of terminal colorization are no longer sensitive to the value of the TERM variable in the testing environment. - gh-126332: Add unit tests for pyrepl. - Security - gh-131809: Update bundled libexpat to 2.7.1 - gh-131261: Upgrade to libexpat 2.7.0 - gh-127371: Avoid unbounded buffering for tempfile.SpooledTemporaryFile.writelines(). Previously, disk spillover was only checked after the lines iterator had been exhausted. This is now done after each line is written. - gh-121284: Fix bug in the folding of rfc2047 encoded-words when flattening an email message using a modern email policy. Previously when an encoded-word was too long for a line, it would be decoded, split across lines, and re-encoded. But commas and other special characters in the original text could be left unencoded and unquoted. This could theoretically be used to spoof header lines using a carefully constructed encoded-word if the resulting rendered email was transmitted or re-parsed. - Library - gh-132174: Fix function name in error message of _interpreters.run_string. - gh-132171: Fix crash of _interpreters.run_string on string subclasses. - gh-129204: Introduce new _PYTHON_SUBPROCESS_USE_POSIX_SPAWN environment variable knob in subprocess to control the use of os.posix_spawn(). - gh-132159: Do not shadow user arguments in generated __new__() by decorator warnings.deprecated. Patch by Xuehai Pan. - gh-132075: Fix possible use of socket address structures with uninitialized members. Now all structure members are initialized with zeroes by default. - gh-132002: Fix crash when deallocating contextvars.ContextVar with weird unahashable string names. - gh-131668: socket: Fix code parsing AF_BLUETOOTH socket addresses. - gh-131492: Fix a resource leak when constructing a gzip.GzipFile with a filename fails, for example when passing an invalid compresslevel. - gh-131325: Fix sendfile fallback implementation to drain data after writing to transport in asyncio. - gh-129843: Fix incorrect argument passing in warnings.warn_explicit(). - gh-131204: Use monospace font from System Font Stack for cross-platform support in difflib.HtmlDiff. - gh-130940: The PyConfig.use_system_logger attribute, introduced in Python 3.13.2, has been removed. The introduction of this attribute inadvertently introduced an ABI breakage on macOS and iOS. The use of the system logger is now enabled by default on iOS, and disabled by default on macOS. - gh-131045: Fix issue with __contains__, values, and pseudo-members for enum.Flag. - gh-130959: Fix pure-Python implementation of datetime.time.fromisoformat() to reject times with spaces in fractional part (for example, 12:34:56.400 +02:00), matching the C implementation. Patch by Michał Gorny. - gh-130637: Add validation for numeric response data in poplib.POP3.stat() method - gh-130461: Remove .. index:: directives from the uuid module documentation. These directives previously created entries in the general index for getnode() as well as the uuid1(), uuid3(), uuid4(), and uuid5() constructor functions. - gh-130379: The zipapp module now calculates the list of files to be added to the archive before creating the archive. This avoids accidentally including the target when it is being created in the source directory. - gh-130285: Fix corner case for random.sample() allowing the counts parameter to specify an empty population. So now, sample([], 0, counts=[]) and sample('abc', k=0, counts=[0, 0, 0]) both give the same result as sample([], 0). - gh-130250: Fix regression in traceback.print_last(). - gh-130230: Fix crash in pow() with only Decimal third argument. - gh-118761: Reverts a change in the previous release attempting to make some stdlib imports used within the subprocess module lazy as this was causing errors during ... changelog too long, skipping 175 lines ... (gh#python/cpython#132535). ==== python313-core ==== Version update (3.13.2 -> 3.13.3) Subpackages: libpython3_13-1_0 python313-base - Update to 3.13.3: - Tools/Demos - gh-131852: msgfmt no longer adds the POT-Creation-Date to generated .mo files for consistency with GNU msgfmt. - gh-85012: Correctly reset msgctxt when compiling messages in msgfmt. - gh-130025: The iOS testbed now correctly handles symlinks used as Python framework references. - Tests - gh-131050: test_ssl.test_dh_params is skipped if the underlying TLS library does not support finite-field ephemeral Diffie-Hellman. - gh-129200: Multiple iOS testbed runners can now be started at the same time without introducing an ambiguity over simulator ownership. - gh-130292: The iOS testbed will now run successfully on a machine that has not previously run Xcode tests (such as CI configurations). - gh-130293: The tests of terminal colorization are no longer sensitive to the value of the TERM variable in the testing environment. - gh-126332: Add unit tests for pyrepl. - Security - gh-131809: Update bundled libexpat to 2.7.1 - gh-131261: Upgrade to libexpat 2.7.0 - gh-127371: Avoid unbounded buffering for tempfile.SpooledTemporaryFile.writelines(). Previously, disk spillover was only checked after the lines iterator had been exhausted. This is now done after each line is written. - gh-121284: Fix bug in the folding of rfc2047 encoded-words when flattening an email message using a modern email policy. Previously when an encoded-word was too long for a line, it would be decoded, split across lines, and re-encoded. But commas and other special characters in the original text could be left unencoded and unquoted. This could theoretically be used to spoof header lines using a carefully constructed encoded-word if the resulting rendered email was transmitted or re-parsed. - Library - gh-132174: Fix function name in error message of _interpreters.run_string. - gh-132171: Fix crash of _interpreters.run_string on string subclasses. - gh-129204: Introduce new _PYTHON_SUBPROCESS_USE_POSIX_SPAWN environment variable knob in subprocess to control the use of os.posix_spawn(). - gh-132159: Do not shadow user arguments in generated __new__() by decorator warnings.deprecated. Patch by Xuehai Pan. - gh-132075: Fix possible use of socket address structures with uninitialized members. Now all structure members are initialized with zeroes by default. - gh-132002: Fix crash when deallocating contextvars.ContextVar with weird unahashable string names. - gh-131668: socket: Fix code parsing AF_BLUETOOTH socket addresses. - gh-131492: Fix a resource leak when constructing a gzip.GzipFile with a filename fails, for example when passing an invalid compresslevel. - gh-131325: Fix sendfile fallback implementation to drain data after writing to transport in asyncio. - gh-129843: Fix incorrect argument passing in warnings.warn_explicit(). - gh-131204: Use monospace font from System Font Stack for cross-platform support in difflib.HtmlDiff. - gh-130940: The PyConfig.use_system_logger attribute, introduced in Python 3.13.2, has been removed. The introduction of this attribute inadvertently introduced an ABI breakage on macOS and iOS. The use of the system logger is now enabled by default on iOS, and disabled by default on macOS. - gh-131045: Fix issue with __contains__, values, and pseudo-members for enum.Flag. - gh-130959: Fix pure-Python implementation of datetime.time.fromisoformat() to reject times with spaces in fractional part (for example, 12:34:56.400 +02:00), matching the C implementation. Patch by Michał Gorny. - gh-130637: Add validation for numeric response data in poplib.POP3.stat() method - gh-130461: Remove .. index:: directives from the uuid module documentation. These directives previously created entries in the general index for getnode() as well as the uuid1(), uuid3(), uuid4(), and uuid5() constructor functions. - gh-130379: The zipapp module now calculates the list of files to be added to the archive before creating the archive. This avoids accidentally including the target when it is being created in the source directory. - gh-130285: Fix corner case for random.sample() allowing the counts parameter to specify an empty population. So now, sample([], 0, counts=[]) and sample('abc', k=0, counts=[0, 0, 0]) both give the same result as sample([], 0). - gh-130250: Fix regression in traceback.print_last(). - gh-130230: Fix crash in pow() with only Decimal third argument. - gh-118761: Reverts a change in the previous release attempting to make some stdlib imports used within the subprocess module lazy as this was causing errors during ... changelog too long, skipping 175 lines ... (gh#python/cpython#132535). ==== qt6-declarative ==== Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsPlatform6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlMeta6 libQt6QmlModels6 libQt6QmlNetwork6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 libQt6QuickVectorImage6 libQt6QuickWidgets6 qt6-declarative-imports - Add 0001-do-not-re-resolve-iterator-value-types.patch We've resolved the value type in the type propagator. Trying to do it again in the code generator, after the iterator may have been adjusted, is quite wrong. If we resolve the list value type on a type that's not a list (anymore), then we get an invalid type, which subsequently crashes. ==== rpm ==== - print scriptlet messages in --runposttrans * needed to fix leaking tmp files [bsc#1218459] * updated patch: posttrans.diff - backport architecture check fix from upstream * new patch: archcheck.diff - backport empty password fix from upstream * new patch: emptypw.diff - backport buildsys specific prep fix from upstream * new patch: buildsysprep.diff - fix memory leak in str2locale [bsc#1241052] * updated patch: localetag.diff ==== runc ==== Version update (1.2.6 -> 1.3.0) - Update to runc v1.3.0. Upstream changelog is available from ==== sdbootutil ==== Version update (1+git20250421.7ffd25a -> 1+git20250430.f7d1ad1) Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper sdbootutil-tukit - Update to version 1+git20250430.f7d1ad1: * Update DA lockout message * jeos-firstboot-enroll: show errors as dialog - Update to version 1+git20250425.25d659b: * get-timeout for sd-boot return unsigned value * jeos-firstboot-enroll: drop unused variable * jeos-firstboot-enroll: continue if no enrollment (bsc#1236583) * jeos-firstboot-enroll: hide keyctl output * jeos-firstboot-enroll: add title and description - Update to version 1+git20250423.61ca94f: * Revert "Use filesystem order in grub2-bls" (bsc#1241046) - Update to version 1+git20250423.7e34390: * Check if TPM2 is in lockout (bsc#1241168) * Retry password when mismatch ==== selinux-policy ==== Version update (20250411 -> 20250429) Subpackages: selinux-policy-targeted - Update to version 20250429: * Allow cluster_t use NoNewPrivileges systemd hardening (bsc#1241921) * allows gssd_t to read nfs symlinks (bsc#1241042) * Label tpm2-measure.log with systemd_pcrlock_var_lib_t (bsc#1240887) ==== sqlite3 ==== - Add subpackage for the lemon parser generator. - Add patches: * sqlite-3.49.0-fix-lemon-missing-cflags.patch * sqlite-3.6.23-lemon-system-template.patch ==== webrtc-audio-processing-1 ==== - Add webrtc-audio-processing-1.3-gcc15.patch to fix gcc-15 compile time errors ==== wtmpdb ==== Version update (0.73.0+git20250408.edb8638 -> 0.74.0+git20250424.2e93e77) Subpackages: libwtmpdb0 - Update to version 0.74.0+git20250424.2e93e77: * Release version 0.74.0 * Fix varlink interface name (rebootmgr vs wtmpdb) * import: match login by tty if non-zero pid does not match ==== zypper ==== Version update (1.14.88 -> 1.14.89) Subpackages: zypper-needs-restarting - Updated translations (bsc#1230267) - version 1.14.89