Packages changed: Mesa (25.0.2 -> 25.0.3) Mesa-drivers (25.0.2 -> 25.0.3) MicroOS-release (20250405 -> 20250409) bluez boost-base breeze6 c-ares (1.34.4 -> 1.34.5) cups-filters diffutils double-conversion (3.3.0 -> 3.3.1) ell (0.73 -> 0.76) ffmpeg-7 (7.1 -> 7.1.1) gawk (5.3.1 -> 5.3.2) gdm giflib glib2 (2.84.0 -> 2.84.1) gnome-control-center gnome-keyring grub2 gtk4 (4.18.3 -> 4.18.4) harfbuzz (11.0.0 -> 11.0.1) hwinfo (23.4 -> 23.5) inih (58 -> 59) kbd kernel-source (6.14.0 -> 6.14.1) libXpm libconfig libportal libsoup2 libunwind llvm20 (20.1.0 -> 20.1.2) mozjs128 (128.8.1 -> 128.9.0) newt (0.52.24 -> 0.52.25) open-iscsi opencv openssh openvpn (2.6.10 -> 2.6.14) patterns-gnome (20241112 -> 20250310) podman (5.4.1 -> 5.4.2) polkit-default-privs (1550+20250225.49f846d -> 1550+20250407.fdb02a6) poppler (25.03.0 -> 25.04.0) poppler-qt6 (25.03.0 -> 25.04.0) python-alembic (1.15.1 -> 1.15.2) python-certifi (2024.8.30 -> 2025.1.31) qcoro-qt6 (0.11.0 -> 0.12.0) qt6-base (6.8.2 -> 6.9.0) qt6-declarative (6.8.2 -> 6.9.0) qt6-imageformats (6.8.2 -> 6.9.0) qt6-multimedia (6.8.2 -> 6.9.0) qt6-positioning (6.8.2 -> 6.9.0) qt6-qt5compat (6.8.2 -> 6.9.0) qt6-quick3d (6.8.2 -> 6.9.0) qt6-quicktimeline (6.8.2 -> 6.9.0) qt6-sensors (6.8.2 -> 6.9.0) qt6-shadertools (6.8.2 -> 6.9.0) qt6-speech (6.8.2 -> 6.9.0) qt6-svg (6.8.2 -> 6.9.0) qt6-tools (6.8.2 -> 6.9.0) qt6-virtualkeyboard (6.8.2 -> 6.9.0) qt6-wayland (6.8.2 -> 6.9.0) qt6-webchannel (6.8.2 -> 6.9.0) qt6-webengine (6.8.2 -> 6.9.0) qt6-webview (6.8.2 -> 6.9.0) sdbootutil (1+git20250404.20a1dfb -> 1+git20250407.f84e1da) selinux-policy (20250324 -> 20250403) slang sndiff (0.2.1~0 -> 0.2.2~0) vim webkit2gtk3 (2.48.0 -> 2.48.1) webkit2gtk4 (2.48.0 -> 2.48.1) wtmpdb (0.72.0+git20250305.10803fd -> 0.73.0+git20250408.edb8638) xorg-x11-server === Details === ==== Mesa ==== Version update (25.0.2 -> 25.0.3) Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1 - let Mesa-dri only require libvulkan1, libvulkan_lvp if build of vulkan drivers is enabled on this platform - let Mesa-dri also require libvulkan_lvp; fixes startup of Wayland sessions with Mesa 25.0.3 (boo#1240854) - U_clover-Don-t-include-libclc-headers.patch * don't break clover with libclc 20.1.0 update (boo#1240848) - Update to release 25.0.3 - -> https://docs.mesa3d.org/relnotes/25.0.3 - require llvm20/clang20 ==== Mesa-drivers ==== Version update (25.0.2 -> 25.0.3) Subpackages: Mesa-dri Mesa-gallium - let Mesa-dri only require libvulkan1, libvulkan_lvp if build of vulkan drivers is enabled on this platform - let Mesa-dri also require libvulkan_lvp; fixes startup of Wayland sessions with Mesa 25.0.3 (boo#1240854) - U_clover-Don-t-include-libclc-headers.patch * don't break clover with libclc 20.1.0 update (boo#1240848) - Update to release 25.0.3 - -> https://docs.mesa3d.org/relnotes/25.0.3 - require llvm20/clang20 ==== MicroOS-release ==== Version update (20250405 -> 20250409) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== bluez ==== Subpackages: bluez-auto-enable-devices bluez-cups libbluetooth3 - to fix gcc-15 compile time errors, add bluez-5.79-c23.patch (from gentoo) and bluez-5.79-stdarg.patch ==== boost-base ==== Subpackages: boost-license1_87_0 libboost_filesystem1_87_0 libboost_thread1_87_0 - Remove requires of boost exception from boost coroutine (bsc#1240357) - boost-no-exception.patch: added ==== breeze6 ==== Subpackages: breeze6-cursors breeze6-decoration breeze6-style breeze6-wallpapers - Add patches to fix build: * 0001-Add-missing-includes.patch * 0002-kcursorgen-Add-QDebug-include.patch ==== c-ares ==== Version update (1.34.4 -> 1.34.5) - c-ares version 1.34.5 * CVE-2025-31498. A use-after-free bug has been uncovered in read_answers() that was introduced in v1.32.3 (bsc#1240955) - a531524a3d085fcd9a5e25d5f6cbdb953082c2b9.patch: upstreamed, removed ==== cups-filters ==== - add -std=gnu11 to CFLAGS to fix gcc15 compile time error, and to still allow build on Leap 15.6 ==== diffutils ==== - Fix failure (noticed in sdiff as fatal "realloc(): invalid next size") Original upstream report: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=77265 New patch: diff-fix-allocation-typo-leading-to-crashes.patch ==== double-conversion ==== Version update (3.3.0 -> 3.3.1) - update to 3.3.1: * Add _ITERATOR_DEBUG_LEVEL=2 and _DEBUG defines * Build system and CI tweaks * Add some missing headers ==== ell ==== Version update (0.73 -> 0.76) - Update to release 0.76 * Add support for NIST P-192/224/521 curve usage with ECDH, SHA-224-based checksums and HMACs. * Add support for SHA-3 series of hashing algorithms. * Add support for converting OID octets to strings. ==== ffmpeg-7 ==== Version update (7.1 -> 7.1.1) Subpackages: libavcodec61 libavfilter10 libavformat61 libavutil59 libpostproc58 libswresample5 libswscale8 - Disable OpenVINO, too many dependencies for Factory ring1. - Update to release 7.1.1 * avformat/wavdec: Fix overflow of intermediate in block_align check * avformat/dvdvideodec: drop packets with unset PTS or DTS * avutil/timecode: Avoid fps overflow in av_timecode_get_smpte_from_framenum() * avcodec/mjpegdec: Disallow progressive bayer images * avformat/mov: don't unconditionally set all audio packets in fragments as key frames * avcodec/libx265: resolve build failure for libx265.so.n, n >= 213 - Delete ffmpeg-7-CVE-2025-22919.patch, ffmpeg-7-CVE-2025-0518.patch, ffmpeg-7-CVE-2025-1816.patch (merged) - Move BcntSync tag to the %else part where the mini package gets defined - Build with OpenVINO support in libavfilter - Add ffmpeg-7-CVE-2025-1816.patch: Backporting 0526535c from upstream, add missing constrains for num_parameters in audio_element_oub(). (CVE-2025-1816, bsc#1238728) ==== gawk ==== Version update (5.3.1 -> 5.3.2) - GNU awk 5.3.2: * pretty printer now produces fewer spurious newlines * -no-pie linker flag is no longer required * fix more subtle issues related to uninitialized array elements * Associative arrays should now not grow quite as fast as they used to * documentation updates ==== gdm ==== Subpackages: gdm-schema gdm-xdm-integration gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0 - Disable X11 support on SLE: * SLFO will only support Wayland * This is required to avoid a fallback to X11 sessions which makes GDM crash * With this change gdm-exclude-61-gdm-rules-file.patch is not needed anymore ==== giflib ==== - Added patch: * giflib-bsc1240416.patch + fixing bsc#1240416: buffer overflow in function DumpScreen2RGB ==== glib2 ==== Version update (2.84.0 -> 2.84.1) Subpackages: glib2-tools libgio-2_0-0 libgirepository-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 typelib-1_0-GLib-2_0 typelib-1_0-GModule-2_0 typelib-1_0-GObject-2_0 typelib-1_0-Gio-2_0 - Update to version 2.84.1: + Fix test failure when building against gobject-introspection ≥1.83.4 + Bugs fixed: - 2.84.0 build failure on Linux: ../gio/gnetworkmonitornetlink.c:47:10: fatal error: netlink/netlink_route.h: No such file or directory - test failure with gobject-introspection 1.83.4: warning: element doc:format from state 3 is unknown, ignoring - gio/trash does not handle special characters well - `g_cancellable_connect()` documentation incorrect - g_cancellable_connect(): is it safe to unref cancellable from callback? - Crash with some registry key values in GWin32AppInfo - Memory sanitizer fixes - gobject: Be consistent in using atomic logic to handle the GParamSpecPool - gsettings: Port docs to gi-docgen format, add missing annotations and make various improvements - tests: Don't install runner scripts without installed_tests - docs: Document GSignalFlags members added after 2.0 - tests: Add a test for g_object_freeze_notify() being called too often - gfileinfo: Slightly expand docs for g_file_info_get_attribute_as_string() - gi: Dynamically set doc-format - tests: Various fixes to create temporary files in /tmp rather than the build directory - gdbusnameowning: Convert docs to gi-docgen linking syntax - giounix-private: Fix macro for checking for epoll_create1() - Fix LGPL in header - gutils: make documentation of g_set_prgname() clearer - docs: Add some detail - gspawn-win32: Fix potential integer overflows in argv handling - gvarianttype: Improve docs on type validation + Updated translations. ==== gnome-control-center ==== Subpackages: gnome-control-center-color gnome-control-center-goa - Add malcontent-control Recommends, pull in parental control (malcontent) support. ==== gnome-keyring ==== Subpackages: gnome-keyring-pam libgck-modules-gnome-keyring - Add gnome-keyring-register-login-keyring.patch: ensure login keyring is properly registered (glgo#GNOME/gnome-keyring!78). ==== grub2 ==== Subpackages: grub2-common grub2-i386-efi grub2-i386-efi-bls grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi grub2-x86_64-efi-bls - Add grub2-provide-edid.patch: Grub2 already retrieves the EDID from video adapters. Copy the raw data into the Linux kernel boot parameters, so that Linux can use this information. The necessary fields have been present in the boot parameters since at least commit f8eeaaf41803 ("[PATCH] Make the bzImage format self-terminating"), but never used. Within the kernel, the EDID data will be propagated to graphics drivers and finally to user space. (bsc#1240624) ==== gtk4 ==== Version update (4.18.3 -> 4.18.4) Subpackages: gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0 - Update to version 4.18.4: + Bugs fixed: - 4.18.3 regression: cursor doesn't update state when crossing window boundaries - Gtk.Video causes segfault inside VM with wayland backend - Win32: can't resize or move windows anymore - testsuite: Make reftest-compare use gsize instead of int - wayland: Force setting cursor on enter - Merge fixes from !8375 into 4.18 - inspector: Survive without installed schemas - builder: Fix a menu parsing issue - win32: Fix initial window state - vulkan: Do not create dmabuf target images if not enabled + Updated translations. ==== harfbuzz ==== Version update (11.0.0 -> 11.0.1) Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - Update to version 11.0.1: + The change in version 10.3.0 to apply “trak” table tracking values to glyph advances directly has been reverted as it required every font functions implementation to handle it, which breaks existing custom font functions. Tracking is instead back to being applied during shaping. + When directwrite integration is enabled, we now link to dwrite.dll instead of dynamically loading it. + A new experimental APIs for getting raw “CFF” and “CFF2” CharStrings. + We now provide manpages for the various command line utilities. Building manpages requires “help2man” and will be skipped if it is not present. + The command line utilities now set different return value for different kinds of failures. Details are provided in the manpages. + Various fixes and improvements to fontations font functions. + All shaping operations using the ot shaper have become memory allocation-free. + Glyph extents returned by hb-ot and hb-ft font functions are now rounded in stead of flooring/ceiling them, which also matches what other font libraries do. + Fix “AAT” deleted glyph marks interfering with fallback mark positioning. + Glyph outlines emboldening have been moved out of hb-ot and hb-ft font functions to the HarfBuzz font layer, so that it works with any font functions implementation. + Fix our fallback C++11 atomics integration, which seems to not be widely used. + Various testing fixes and improvements. + Various subsetting fixes and improvements. + Various other fixes and improvements. ==== hwinfo ==== Version update (23.4 -> 23.5) Subpackages: libhd23 - merge gh#openSUSE/hwinfo#155 - fix network card detection on aarch64 (bsc#1240648) - 23.5 ==== inih ==== Version update (58 -> 59) - Update to version 59 * INIReader: change variable visibility from private to protected * Add preprocessor exclusions when INI_ALLOW_MULTILINE=0 * Add INIReader Sections and Keys methods * If a line is longer than INI_MAX_LINE, consume input up to next newline * Performance improvements - Add service file to download source. ==== kbd ==== Subpackages: libkbdfile1 libkeymap1 libkfont0 - Add kbd-2.7.1-reproducible-gzip.patch (bsc#1240348) ==== kernel-source ==== Version update (6.14.0 -> 6.14.1) - Linux 6.14.1 (bsc#1012628). - serial: 8250_dma: terminate correct DMA in tx_dma_flush() (bsc#1012628). - serial: stm32: do not deassert RS485 RTS GPIO prematurely (bsc#1012628). - perf tools: Fix up some comments and code to properly use the event_source bus (bsc#1012628). - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1012628). - usb: xhci: Apply the link chain quirk on NEC isoc endpoints (bsc#1012628). - usb: xhci: Don't skip on Stopped - Length Invalid (bsc#1012628). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1012628). - net: usb: qmi_wwan: add Telit Cinterion FE990B composition (bsc#1012628). - net: usb: qmi_wwan: add Telit Cinterion FN990B composition (bsc#1012628). - tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (bsc#1012628). - tty: serial: 8250: Add Brainboxes XC devices (bsc#1012628). - tty: serial: 8250: Add some more device IDs (bsc#1012628). - counter: microchip-tcb-capture: Fix undefined counter channel state on probe (bsc#1012628). - counter: stm32-lptimer-cnt: fix error handling when enabling (bsc#1012628). - ALSA: hda/realtek: Bass speaker fixup for ASUS UM5606KA (bsc#1012628). - ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (bsc#1012628). - netfilter: socket: Lookup orig tuple for IPv6 SNAT (bsc#1012628). - cgroup/rstat: Fix forceidle time in cpu.stat (bsc#1012628). - atm: Fix NULL pointer dereference (bsc#1012628). - HID: hid-plantronics: Add mic mute mapping and generalize quirks (bsc#1012628). - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (bsc#1012628). - commit ca98696 - rpm/release-projects: Update the ALP projects again (bsc#1231293). - commit a2f9145 - Update config files (bsc#1225561). kvmsmall: CONFIG_9P_FS=y - commit bc32872 - series.conf: cleanup - update upstream reference and move to sorted section - patches.suse/PCI-Use-downstream-bridges-for-distributing-resources.patch - commit 5e7754e - Update config files: Enable CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER (bsc#1237220) - commit 8f3a404 - Update config files (bsc#1225561). kvmsmall: NVME_TARGET=m - commit ac8a4bc - Update config files (bsc#1225561). kvmsmall: CONFIG_DUMMY=m - commit f8502cb - Update config files. - commit 3291016 - Reapply "wifi: ath11k: restore country code during resume" (bsc#1207948). - wifi: ath11k: choose default PM policy for hibernation (bsc#1207948). - wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948). - wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948). - wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948). - wifi: ath11k: determine PM policy based on machine model (bsc#1207948). - commit cd433f2 - lockdown: fix kernel lockdown enforcement issue when secure boot is enabled (bsc#1237521). - commit b6b752b - Delete patches.suse/0001-Lock-down-x86_64-kernel-in-secure-boot-mode-in-subsy.patch. Refresh patches.suse/0001-initcall_blacklist-Does-not-allow-kernel_lockdown-be.patch. - commit 947e19d - Delete patches.suse/0002-security-Add-a-kernel-lockdown-flag-for-early-boot-s.patch. - commit 65907e7 - Delete patches.suse/0003-efi-Set-early-kernel-lock-down-flag-if-booted-in-sec.patch. - commit 73b42b9 - Delete patches.suse/0004-ACPI-Check-early-kernel-lockdown-flag-before-overlay.patch. - commit 8d7f4bb - Delete patches.suse/0005-kgdb-Check-early-kernel-lockdown-flag-before-using-k.patch. - commit 6631e22 ==== libXpm ==== - adding COPYING file to filelist (bsc#1240836) ==== libconfig ==== Subpackages: libconfig++11 libconfig11 - add -std=gnu11 to CFLAGS to fix gcc15 compile time error, and to still allow build on Leap 15.6 ==== libportal ==== Subpackages: libportal-gtk4-1 libportal1 - Add upstream change: * libportal-qt69.patch ==== libsoup2 ==== - Increase test timeout for all arches except x86_64 and run tests again should they fail the first time, the testsuite is flaky. ==== libunwind ==== - Add malloc-prototype.patch to fix gcc15 compile time error ==== llvm20 ==== Version update (20.1.0 -> 20.1.2) - Update to version 20.1.2. * This release contains bug-fixes for the LLVM 20.1.0 release. This release is API and ABI compatible with 20.1.0. - Rebase llvm-do-not-install-static-libraries.patch. ==== mozjs128 ==== Version update (128.8.1 -> 128.9.0) - Update to version 128.9.0: + CVE-2025-3028, CVE-2025-3029, CVE-2025-3030. ==== newt ==== Version update (0.52.24 -> 0.52.25) - Update to 0.52.25: * improve Makefile (Ryan Carsten Schmidt) * fix "yes" in Spanish translation ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0 - Change SPEC file so that open-iscsi lock files always go in /run/lock/iscsi (bsc#1239107) - Update to version 2.1.11.suse+65.65365e1cdedb: * doc: fixup iscsiadm man page option for -r (#501) * Modify log function to print session id (#498) * Fix minor typo ("authenticaton") (#500) * Preparing for version 2.1.11 (#499) * iscsid: Rate limit session reopen log messages (#492) * IPv6 support for iBFT iSCSI boot (#493) * Improve iscsiadm command line parsing messages (#494) * More testing cleanup, and fix dprint test usage (#491) * Fix a typo in test/README (#486) * iscsid: Fix hang during login with scan=manual (#485) * fix 4 issues which are finded when building with clang 17 (#478) ==== opencv ==== - Make devel package conflicts between different flavors explicit. - Split into multiple flavors to support switch to Qt6 for openSUSE TW and Leap 16+: * Main (no-name) flavor builds with Qt5. * qt6 flavor builds with Qt6 * nogui flavor builds without Qt support. - Use ldconfig_scriptlets macro for post(un) scripts. ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - Disable seccomp_filter and rlimitsandbox sandbox for loongarch. seccomp_filter and rlimitsandbox not supported on loongarch64 yet. ==== openvpn ==== Version update (2.6.10 -> 2.6.14) Subpackages: openvpn-auth-pam-plugin - update to 2.6.14: * CVE-2025-2704: fix possible ASSERT() on OpenVPN servers using --tls-crypt-v2 * Linux DCO: repair source IP selection for --multihome - update to 2.6.13: * on non-windows clients (MacOS, Linux, Unix) send "release" string from uname() call as IV_PLAT_VER to server * Linux: pass --timeout=0 argument to systemd-ask-password, to avoid default timeout of 90 seconds * improve server-side handling of clients sending usernames or passwords longer than USER_PASS_LEN * purge proxy authentication credentials from memory after use - update to 2.6.12: * the fix for CVE-2024-5594 (refuse control channel messages with nonprintable characters) was too strict, breaking user configurations * Http-proxy: fix bug preventing proxy credentials caching - update to 2.6.11: * CVE-2024-5594: control channel: refuse control channel messages with nonprintable characters in them. Security scope: a malicious openvpn peer can send garbage to openvpn log, or cause high CPU load. * CVE-2024-28882: only call schedule_exit() once (on a given peer). Security scope: an authenticated client can make the server "keep the session" even when the server has been told to disconnect this client * Fix connect timeout when using SOCKS proxies * Add bracket in fingerprint message and do not warn about missing verification * Remove "experimental" denotation for --fast-io * Correctly document ifconfig_* variables passed to scripts * Documentation: make section levels consistent * Samples: Update sample configurations (remove compression & old cipher settings, add more informative comments) - update keyring, as the old one doesn't verify anymore (and attach an url) - remove openvpn-CVE-2024-28882.patch and openvpn-CVE-2024-5594.patch, as the latest version include fixes for the CVEs ==== patterns-gnome ==== Version update (20241112 -> 20250310) Subpackages: patterns-gnome-gnome_basic patterns-gnome-gnome_basis - Adaptation for SLES16: * Disable gnome_x11, gnome_multimedia and enable gnome_internet patterns * Always recommends NetworkManager and gnome_internet pattern. * no longer recommends gnome-shell-classic, pidgin, planner, totem packages and gnome_imaging, office and x11_yast patterns. * switch from gnome-terminal to GNOME Console * switch from gedit to GNOME Text Editor * switch from evince to Papers - Hardcode adobe-sourcecodepro and adwaita fonts to ensure always have default fonts installed, when recommends are disabled - No longer recommends gnome-desktop ==== podman ==== Version update (5.4.1 -> 5.4.2) - Update to version 5.4.2: * Bump to v5.4.2 * Add release notes for v5.4.2 * Fix a potential deadlock during `podman cp` * Improve the file format documentation of podman-import. * Revert "podman-import only supports gz and tar" * Bump buildah to v1.39.4 * libpod: do not cover idmapped mountpoint * test: Fix runc error message * oci: report empty exec path as ENOENT * test: adapt tests new crun error messages * test: remove duplicate test * cirrus: test only on f41/rawhide * CI: use z1d instance for windows machine testing * New images 2025-03-24 * test/e2e: use go net.Dial() ov nc * test: use ncat over nc * New images 2025-03-12 * RPM: Add riscv64 to ExclusiveArch-es * Fix HealthCheck log destination, count, and size defaults * Win installer test: hardcode latest GH release ID * Packit: Fix action script for fetching upstream commit * Bump to v5.4.2-dev ==== polkit-default-privs ==== Version update (1550+20250225.49f846d -> 1550+20250407.fdb02a6) - Update to version 1550+20250407.fdb02a6: * profiles: power-profiles-daemon (bsc#1240862) * build(deps): bump actions/checkout from 3 to 4 * Add dependabot checks for Github actions * Add flake8 CI workflow ==== poppler ==== Version update (25.03.0 -> 25.04.0) Subpackages: libpoppler-cpp2 libpoppler-glib8 - version update to 25.04.0 core: * Properly verify adbe.pkcs7.sha1 signatures * Improve errors on signing failure * Allow empty outline titles * Fix error in Distinguished Name parsing * Fix build with Android API < 29 * Fix parsing Level PG document string * Internal code improvements * Fix crashes in malformed documents utils: * pdfcairo: Fix document unit for SVG output cpp: * Add document::form_type * Add document::has_javascript build system: * cmake: Use modern Python3 cmake module - fixes CVE-2025-32365 [bsc#1240881] CVE-2025-32364 [bsc#1240880] ==== poppler-qt6 ==== Version update (25.03.0 -> 25.04.0) - version update to 25.04.0 core: * Properly verify adbe.pkcs7.sha1 signatures * Improve errors on signing failure * Allow empty outline titles * Fix error in Distinguished Name parsing * Fix build with Android API < 29 * Fix parsing Level PG document string * Internal code improvements * Fix crashes in malformed documents utils: * pdfcairo: Fix document unit for SVG output cpp: * Add document::form_type * Add document::has_javascript build system: * cmake: Use modern Python3 cmake module - fixes CVE-2025-32365 [bsc#1240881] CVE-2025-32364 [bsc#1240880] ==== python-alembic ==== Version update (1.15.1 -> 1.15.2) - Update to 1.15.2 * Fixed issue where the "modified_name" of :class:`.AlterColumnOp` would not be considered when rendering op directives for autogenerate. While autogenerate cannot detect changes in column name, this would nonetheless impact approaches that made use of this attribute in rewriter recipes. Pull request courtesy lenvk. ==== python-certifi ==== Version update (2024.8.30 -> 2025.1.31) - Update to 2025.1.31 * Added certs - Subject: CN=D-TRUST BR Root CA 2 2023 O=D-Trust GmbH - Subject: CN=D-TRUST EV Root CA 2 2023 O=D-Trust GmbH * Removed certs - Subject: CN=SwissSign Silver CA - G2 O=SwissSign AG - from version 2024.12.14 * Upload attestations to PyPI * Added 3.13 classifier (#322) * Test against 3.13 final * Added certs - Subject: CN=GLOBALTRUST 2020 O=e-commerce monitoring GmbH * Removed certs - Subject: CN=SecureSign RootCA11 O=Japan Certification Services, Inc. - Subject: CN=Entrust Root Certification Authority - G4 O=Entrust, Inc. OU=See www.entrust.net/legal-terms/(c) 2015 Entrust, Inc. - for authorized use only - Subject: CN=Security Communication RootCA3 O=SECOM Trust Systems CO.,LTD. ==== qcoro-qt6 ==== Version update (0.11.0 -> 0.12.0) Subpackages: libQCoro6Core0 libQCoro6DBus0 - Update to 0.12.0 * README: fix typo in QNetworkReply example * Don't discard result from QFile::open * Add return value conversion for QCoroTask * fix: disable language-extension-token warning * Don't set CMAKE_CXX_FLAGS, use target properties instead * Fix infinite recursion with debug builds on libstdc++ * Fix build with Qt dev * Don't leak compile definitions from interface libraries * Add missing includes ==== qt6-base ==== Version update (6.8.2 -> 6.9.0) Subpackages: libQt6Concurrent6 libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6OpenGLWidgets6 libQt6PrintSupport6 libQt6Sql6 libQt6Test6 libQt6Widgets6 libQt6Xml6 qt6-network-tls qt6-networkinformation-glib qt6-networkinformation-nm qt6-printsupport-cups qt6-sql-sqlite - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released - Drop patches, merged upstream: * 0001-QLocale-try-to-survive-being-created-during-applicat.patch * 0001-QSystemLocale-bail-out-if-accessed-post-destruction.patch * 0001-QLibraryInfo-speed-up-checking-if-qt-etc-qt.conf-res.patch ==== qt6-declarative ==== Version update (6.8.2 -> 6.9.0) Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsPlatform6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlMeta6 libQt6QmlModels6 libQt6QmlNetwork6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 libQt6QuickVectorImage6 libQt6QuickWidgets6 qt6-declarative-imports - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== qt6-imageformats ==== Version update (6.8.2 -> 6.9.0) - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== qt6-multimedia ==== Version update (6.8.2 -> 6.9.0) Subpackages: libQt6Multimedia6 libQt6MultimediaQuick6 libQt6Quick3DSpatialAudio6 libQt6SpatialAudio6 qt6-multimedia-imports - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== qt6-positioning ==== Version update (6.8.2 -> 6.9.0) Subpackages: libQt6Positioning6 libQt6PositioningQuick6 qt6-positioning-imports - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== qt6-qt5compat ==== Version update (6.8.2 -> 6.9.0) Subpackages: libQt6Core5Compat6 qt6-qt5compat-imports - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== qt6-quick3d ==== Version update (6.8.2 -> 6.9.0) Subpackages: libQt6Quick3D6 libQt6Quick3DAssetImport6 libQt6Quick3DAssetUtils6 libQt6Quick3DEffects6 libQt6Quick3DHelpers6 libQt6Quick3DHelpersImpl6 libQt6Quick3DParticleEffects6 libQt6Quick3DParticles6 libQt6Quick3DRuntimeRender6 libQt6Quick3DUtils6 libQt6Quick3DXr6 qt6-quick3d-imports - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== qt6-quicktimeline ==== Version update (6.8.2 -> 6.9.0) - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== qt6-sensors ==== Version update (6.8.2 -> 6.9.0) Subpackages: libQt6Sensors6 - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== qt6-shadertools ==== Version update (6.8.2 -> 6.9.0) - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== qt6-speech ==== Version update (6.8.2 -> 6.9.0) Subpackages: libQt6TextToSpeech6 qt6-texttospeech - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== qt6-svg ==== Version update (6.8.2 -> 6.9.0) - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== qt6-tools ==== Version update (6.8.2 -> 6.9.0) Subpackages: libQt6UiTools6 qt6-tools-qdbus - Fix desktop files - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== qt6-virtualkeyboard ==== Version update (6.8.2 -> 6.9.0) Subpackages: libQt6HunspellInputMethod6 libQt6VirtualKeyboard6 qt6-virtualkeyboard-imports - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== qt6-wayland ==== Version update (6.8.2 -> 6.9.0) Subpackages: libQt6WaylandClient6 libQt6WaylandCompositor6 libQt6WaylandEglClientHwIntegration6 libQt6WaylandEglCompositorHwIntegration6 libQt6WlShellIntegration6 - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released - Drop patches, merged upstream: * 0001-update-wayland_xml-to-version-1_23_0.patch * fix-taskbar.patch ==== qt6-webchannel ==== Version update (6.8.2 -> 6.9.0) Subpackages: libQt6WebChannel6 libQt6WebChannelQuick6 qt6-webchannel-imports - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== qt6-webengine ==== Version update (6.8.2 -> 6.9.0) Subpackages: libQt6WebEngineCore6 libQt6WebEngineQuick6 libQt6WebEngineWidgets6 qt6-webengine-imports - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released - Drop patches, merged upstream: * 0001-Build-system-remove-libxml2-compilation-test.patch * qtwebengine-ffmpeg-playback-fix.patch - Add patch: * qtwebengine-pipewire-1.4.patch ==== qt6-webview ==== Version update (6.8.2 -> 6.9.0) - Update to 6.9.0: * https://www.qt.io/blog/qt-6.9-released ==== sdbootutil ==== Version update (1+git20250404.20a1dfb -> 1+git20250407.f84e1da) Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper sdbootutil-tukit - Update to version 1+git20250407.f84e1da: * Drop PCR2 if in virtual machine * Add have_slot function * Get boot time from /proc/stat (boo#1240851) ==== selinux-policy ==== Version update (20250324 -> 20250403) Subpackages: selinux-policy-targeted - Update to version 20250403: * Allow hyper-v's fcopy_uio_daemon to run as unconfined_service_t (bsc#1239593) * Allow switcheroo-control dbus chat with xdm * Fix typo in calling unconfined_dbus_chat for switcheroo-control * Allow sysadm_t to write to /dev/kmsg * Allow init_t nnp domain transition to pcscd_t * Fix the genfscon statement for pidfs filesystem * Allow tuned-ppd dbus chat with xdm * Update INSTALL to describe necessary steps to build it * Rename the default policy to fedora-selinux * Update COPYING to the latest version of GPLv2 * Allow traceroute_t bind rawip sockets to unreserved ports * Revert "Allow traceroute_t bind rawip sockets to unreserved ports" * Change the bootc system generator name to bootc-systemd-generator * Correct path for SAP HDB binary * additional path for SAP binaries * dontaudit access to /etc/passwd for power-profiles-daemon (bsc#1237534) * allow power-profiles-daemon to watch sysfs directories (bsc#1237534) * add dev_watch_sysfs_dirs interface * Allow mpd use the io_uring API * Confine tuned-ppd * Add the switcheroo module * Label wine's windows libraries as textrel_shlib_t * Allow systemd domains write global pressure stall information * Add label and interfaces for kernel PSI files * Update bootupd policy * Update ktls policy * Add policy for systemd-bootc-generator * Allow blueman the kill capability * Add context for plymouth debug log files * Allow rlimit inheritance for domains transitioning to local_login_t * Update insights-core policy * Allow insights-core map all non-security files * Allow insights-core map audit config and log files * Allow insights-client manage insights_client_var_log_t files - Syncing with upstream rawhide selinux-policy up to: * 041d36f8d8c03e651c1e52b6221770db1e9237c6 - Update embedded container-selinux version to commit: * 4244f856ea34d20edb903a6ff28667400a4b6c18 (version 2.236.0) ==== slang ==== - Drop pcre module, it hasn't been ported to pcre2 yet. ==== sndiff ==== Version update (0.2.1~0 -> 0.2.2~0) - Update to version 0.2.2~0: * Update to v0.2.2 * Automatic detection of snapshots * Add list command ==== vim ==== Subpackages: vim-data-common vim-small - add -std=gnu11 to CFLAGS to fix gcc15 compile time error, and to still allow build on Leap 15.6 ==== webkit2gtk3 ==== Version update (2.48.0 -> 2.48.1) Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 webkit2gtk-4_1-injected-bundles - Update to version 2.48.1: + Limit the data stored in session state. + Remove the empty area below the title bar in Web Inspector when not docked. + Fix the build with GST_DISABLE_GST_DEBUG. + Fix the build with GStreamer < 1.20. + Fix the build with video disabled. + Fix the build with clang 20. - Add 8bee9eb9.patch: fix the build on non-x86 architectures. ==== webkit2gtk4 ==== Version update (2.48.0 -> 2.48.1) Subpackages: libjavascriptcoregtk-6_0-1 libwebkitgtk-6_0-4 webkitgtk-6_0-injected-bundles - Update to version 2.48.1: + Limit the data stored in session state. + Remove the empty area below the title bar in Web Inspector when not docked. + Fix the build with GST_DISABLE_GST_DEBUG. + Fix the build with GStreamer < 1.20. + Fix the build with video disabled. + Fix the build with clang 20. - Add 8bee9eb9.patch: fix the build on non-x86 architectures. ==== wtmpdb ==== Version update (0.72.0+git20250305.10803fd -> 0.73.0+git20250408.edb8638) Subpackages: libwtmpdb0 - Update to version 0.73.0+git20250408.edb8638: * Release version 0.73.0 * expand accepted time format options * use documented -t short option for last --until * hurd: avoid PATH_MAX * hurd: compat for lack of CLOCK_BOOTTIME ==== xorg-x11-server ==== Subpackages: xorg-x11-server-Xvfb - Add u_xf86-Accept-devices-with-the-kernel-s-vesadrm-driver.patch: Enables Xorg to make use of the kernel's vesadrm driver. Taken from upstream. See the MR at https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1879. (bsc#1240624) - Add u_xf86-Accept-devices-with-the-kernel-s-efidrm-driver.patch: Enables Xorg to make use of the kernel's efidrm driver. Taken from upstream. See the MR at https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1879. (bsc#1240624)