Packages changed: Mesa (25.3.0 -> 25.3.1) Mesa-drivers (25.3.0 -> 25.3.1) MicroOS-release (20251127 -> 20251212) SDL3 (3.2.26 -> 3.2.28) alsa (1.2.14 -> 1.2.15) aurorae6 (6.5.3 -> 6.5.4) bash (5.3.3 -> 5.3.9) bluedevil6 (6.5.3 -> 6.5.4) breeze6 (6.5.3 -> 6.5.4) breeze6-gtk (6.5.3 -> 6.5.4) cockpit conmon container-selinux (2.243.0 -> 2.244.0) cyrus-sasl dbus-1 discover6 (6.5.3 -> 6.5.4) distrobox (1.8.2.1 -> 1.8.2.2) docker e2fsprogs (1.47.2 -> 1.47.3) flatpak-kcm6 (6.5.3 -> 6.5.4) fwupd (2.0.17 -> 2.0.18) gcc glib2 (2.86.2 -> 2.86.3) glslang (16.0.0 -> 16.1.0) graphene gstreamer (1.26.8 -> 1.26.9) gstreamer-plugins-bad (1.26.8 -> 1.26.9) gstreamer-plugins-base (1.26.8 -> 1.26.9) iproute2 (6.17 -> 6.18) kactivitymanagerd6 (6.5.3 -> 6.5.4) kde-cli-tools6 (6.5.3 -> 6.5.4) kde-gtk-config6 (6.5.3 -> 6.5.4) kdecoration6 (6.5.3 -> 6.5.4) kdeplasma6-addons (6.5.3 -> 6.5.4) kernel-firmware-amdgpu (20251119 -> 20251203) kernel-firmware-ath10k (20250206 -> 20251205) kernel-firmware-ath11k (20250829 -> 20251202) kernel-firmware-bluetooth (20251111 -> 20251202) kernel-firmware-i915 (20251106 -> 20251125) kernel-firmware-intel (20251024 -> 20251129) kernel-firmware-iwlwifi (20251024 -> 20251123) kernel-firmware-media (20251018 -> 20251123) kernel-firmware-mediatek (20251119 -> 20251129) kernel-firmware-qcom (20251119 -> 20251202) kernel-firmware-sound (20251118 -> 20251205) kernel-source (6.17.9 -> 6.18.0) keylime (7.12.1 -> 7.13.0+40) kgamma6 (6.5.3 -> 6.5.4) kglobalacceld6 (6.5.3 -> 6.5.4) kinfocenter6 (6.5.3 -> 6.5.4) kmenuedit6 (6.5.3 -> 6.5.4) knighttime6 (6.5.3 -> 6.5.4) kpipewire6 (6.5.3 -> 6.5.4) krb5 (1.21.3 -> 1.22.1) kscreen6 (6.5.3 -> 6.5.4) kscreenlocker6 (6.5.3 -> 6.5.4) ksshaskpass6 (6.5.3 -> 6.5.4) ksystemstats6 (6.5.3 -> 6.5.4) kwayland-integration6 (6.5.3 -> 6.5.4) kwayland6 (6.5.3 -> 6.5.4) kwin6 (6.5.3 -> 6.5.4) layer-shell-qt6 (6.5.3 -> 6.5.4) leancrypto libX11 libarchive (3.8.1 -> 3.8.3) libcap libdisplay-info libdrm (2.4.129 -> 2.4.130) libeconf (0.8.1 -> 0.8.2) libinput (1.30.0 -> 1.30.1) libkscreen6 (6.5.3 -> 6.5.4) libksysguard6 (6.5.3 -> 6.5.4) libnftnl (1.3.0 -> 1.3.1) libnl3 (3.11.0 -> 3.12.0) libplasma6 (6.5.3 -> 6.5.4) libpng16 (1.6.50 -> 1.6.52) libxkbcommon (1.12.3 -> 1.12.4) lilv (0.24.26 -> 0.26.2) mdadm (4.4+30.g9a59bf51 -> 4.4+31.g541b40d3) milou6 (6.5.3 -> 6.5.4) mozilla-nspr (4.37 -> 4.38.2) mozilla-nss (3.117 -> 3.118.1) ncurses (6.5.20251123 -> 6.5.20251206) nftables (1.1.5 -> 1.1.6) nghttp2 (1.66.0 -> 1.68.0) pam-config (2.13+git.20251105 -> 2.13+git.20251203) pipewire (1.5.83 -> 1.5.84) plasma5support6 (6.5.3 -> 6.5.4) plasma6-activities (6.5.3 -> 6.5.4) plasma6-activities-stats (6.5.3 -> 6.5.4) plasma6-browser-integration (6.5.3 -> 6.5.4) plasma6-desktop (6.5.3 -> 6.5.4) plasma6-integration (6.5.3 -> 6.5.4) plasma6-nm (6.5.3 -> 6.5.4) plasma6-openSUSE plasma6-pa (6.5.3 -> 6.5.4) plasma6-print-manager (6.5.3 -> 6.5.4) plasma6-systemmonitor (6.5.3 -> 6.5.4) plasma6-workspace (6.5.3 -> 6.5.4) polkit-kde-agent-6 (6.5.3 -> 6.5.4) poppler poppler-qt6 powerdevil6 (6.5.3 -> 6.5.4) python-alembic (1.15.2 -> 1.17.2) python-certifi (2025.10.5 -> 2025.11.12) python-cryptography python-greenlet (3.2.4 -> 3.3.0) python-lark (1.2.2 -> 1.3.1) python-psutil python-referencing python-typing_extensions qqc2-breeze-style6 (6.5.3 -> 6.5.4) qt6-declarative qt6-webengine raspberrypi-firmware-config readline (8.3.1 -> 8.3.3) runc (1.3.3 -> 1.4.0) sdbootutil (1+git20251126.f7a46a1 -> 1+git20251211.b3d0304) sddm-kcm6 (6.5.3 -> 6.5.4) sdl2-compat (2.32.58 -> 2.32.60) selinux-policy (20251111 -> 20251208) sensors serd (0.32.4 -> 0.32.6) shaderc (2025.4 -> 2025.5) shadow shim-leap (15.8 -> 16.1) sord (0.16.18 -> 0.16.20) spectacle (6.5.3 -> 6.5.4) sqlite3 (3.50.4 -> 3.51.1) sratom (0.6.18 -> 0.6.20) steam-devices (20240522+git.e2971e4 -> 20251018+git.4d7e6c1) suse-module-tools (16.1.0 -> 16.1.1) systemd-presets-branding-MicroOS systemd-presets-common-SUSE systemsettings6 (6.5.3 -> 6.5.4) transactional-update-notifier u-boot-rpiarm64 (2025.04 -> 2025.10) vim (9.1.1918 -> 9.1.1966) vulkan-loader (1.4.328 -> 1.4.335) vulkan-tools (1.4.328 -> 1.4.335) wtmpdb (0.75.0+git20251009.a6f185a -> 0.75.0+git20251130.0d8fe7a) xdg-desktop-portal-kde6 (6.5.3 -> 6.5.4) xkbcomp (1.4.7 -> 1.5.0) zix (0.6.2 -> 0.8.0) zlib-ng-compat (2.2.5 -> 2.3.1) === Details === ==== Mesa ==== Version update (25.3.0 -> 25.3.1) Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1 - Update to Mesa 25.3.1 - -> https://docs.mesa3d.org/relnotes/25.3.1 - Due to a lack of a 25.3.0 announcment, here are included the relavent entries here for that. - Users can expect the usual flurry of improvements across all drivers and components, including these new extensions & features highlighted by their developers (in no particular order): - The VDPAU state tracker has been removed. There are design issues with VDPAU, as well as limited support, which render other options like VAAPI and Vulkan Video better choices - Zink and NVK are now mandatory for OpenGL acceleration on recent nvidia GPUs. You can enable them at configure time by adding zink to - -gallium-drivers and nouveau to --vulkan-drivers or by setting both to auto on appropriate platforms. In 25.1, we began defaulting to Zink+NVK on Turing and later gpus when Zink+NVK was enabled at build time. In 25.3, the old driver no longer officially suports Turing or later. Users of these gpus without Zink+NVK installed at runtime will instead get software rendering. This affects most nvidia gpus from 2018 or later. - Some RADV_DEBUG options (nodynamicbounds,splitfma,nongg_gs,invariantgeom) are deprecated and will be removed in future Mesa releases. - The PowerVR Vulkan driver is now conformant to Vulkan 1.0 on BXS-4-64 and advertises Vulkan 1.2 support on selected GPUs (although, it isn't fully 1.2 conformant in this release). The driver is no longer considered to be experimental and, as such, can now be enabled via - Dvulkan-drivers=imagination. - enabled Vulkan driver ("imagination") for PowerVR GPUs on x86_64, aarch64 and riscv64; added libvulkan_powervr package - fixed build against s390x by removing "display-info" option - Build with VK_AMD_anti_lag vulkan extension support to allow AMD Anti-Lag to be used on AMD GPUs - Create new subpackage Mesa-vulkan-anti-lag for this new vulkan extension - Build with -Ddisplay-info=enabled to allow VK_EXT_hdr_metadata support for VK_KHR_display ==== Mesa-drivers ==== Version update (25.3.0 -> 25.3.1) Subpackages: Mesa-dri Mesa-vulkan-device-select libvulkan_lvp - Update to Mesa 25.3.1 - -> https://docs.mesa3d.org/relnotes/25.3.1 - Due to a lack of a 25.3.0 announcment, here are included the relavent entries here for that. - Users can expect the usual flurry of improvements across all drivers and components, including these new extensions & features highlighted by their developers (in no particular order): - The VDPAU state tracker has been removed. There are design issues with VDPAU, as well as limited support, which render other options like VAAPI and Vulkan Video better choices - Zink and NVK are now mandatory for OpenGL acceleration on recent nvidia GPUs. You can enable them at configure time by adding zink to - -gallium-drivers and nouveau to --vulkan-drivers or by setting both to auto on appropriate platforms. In 25.1, we began defaulting to Zink+NVK on Turing and later gpus when Zink+NVK was enabled at build time. In 25.3, the old driver no longer officially suports Turing or later. Users of these gpus without Zink+NVK installed at runtime will instead get software rendering. This affects most nvidia gpus from 2018 or later. - Some RADV_DEBUG options (nodynamicbounds,splitfma,nongg_gs,invariantgeom) are deprecated and will be removed in future Mesa releases. - The PowerVR Vulkan driver is now conformant to Vulkan 1.0 on BXS-4-64 and advertises Vulkan 1.2 support on selected GPUs (although, it isn't fully 1.2 conformant in this release). The driver is no longer considered to be experimental and, as such, can now be enabled via - Dvulkan-drivers=imagination. - enabled Vulkan driver ("imagination") for PowerVR GPUs on x86_64, aarch64 and riscv64; added libvulkan_powervr package - fixed build against s390x by removing "display-info" option - Build with VK_AMD_anti_lag vulkan extension support to allow AMD Anti-Lag to be used on AMD GPUs - Create new subpackage Mesa-vulkan-anti-lag for this new vulkan extension - Build with -Ddisplay-info=enabled to allow VK_EXT_hdr_metadata support for VK_KHR_display ==== MicroOS-release ==== Version update (20251127 -> 20251212) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== SDL3 ==== Version update (3.2.26 -> 3.2.28) - Update to release 3.2.28 * Fixed a divide by zero with a zero sized blit in some cases * Fixed blitting bitmaps with a non-zero x offset * Fixed a crash in the Vulkan renderer when the window is minimized * Fixed the initial X11 window position in some environments * Fixed the channel mapping for surround sound on PulseAudio * Fixed the sensor axis ordering with the Linux Nintendo driver * Fixed Xbox 360 controller mappings on newer Linux kernels * Made Nintendo Switch controller initialization more robust * Fixed the paddle mapping for Steam Controllers ==== alsa ==== Version update (1.2.14 -> 1.2.15) - Backport upstream fixes, mainly for regressions (bsc#1254652): 0001-ucm-use-closefrom-instead-of-close_range.patch 0002-ucm-exec-fix-maxfd-used-warning.patch 0003-conf-merge-card-specific-contents-per-file-whole-aft.patch 0004-conf-fix-possible-memory-leak-in-config_file_open-er.patch 0005-Revert-conf-fix-load_for_all_cards-do-not-merge-the-.patch 0006-conf-USB-Audio-define-pcm-configuration-block-only-o.patch 0007-conf-HDA-Intel-define-pcm-configuration-block-only-o.patch - Update to alsa-lib 1.2.15: * documentation, coding style and configure fixes * error: add priority and interface strings to the log messages * snd_tlv_convert_to_dB: Fix mute handling for MINMAX_MUTE type * mixer: bag - fix bag_del_all implementation (missing free) * pcm: plugin - avoid 32-bit to 64-bit return value conversions * pcm route: suppress false positive warning for gcc 8+ * pcm: add a loop to snd_pcm_avail_delay() to avoid bogus delay values * rawmidi: Fix inactive stream definition and handling * seq: drain API fix, notiffy for pversion ioctl failure * topology: fix nibble warning in tplg_save_quoted() * lots of UCM and conf fixes and improvements For details, see: https://www.alsa-project.org/wiki/Changes_v1.2.14_v1.2.15#alsa-lib ==== aurorae6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== bash ==== Version update (5.3.3 -> 5.3.9) Subpackages: bash-sh - Add upstream patch * Bash-5.3 Official patch 8 -- bash53-009 A SIGINT during a reverse i-search can cause a segmentation fault due to accessing data freed by a signal handler. - Add upstream patches * Bash-5.3 Official patch 4 -- bash53-004 The Linux kernel reports incorrect sizes for files in /sys/block/*/uevent, leading bash to report a read error when the byte count does not agree with the file size from fstat(2). * Bash-5.3 Official patch 5 -- bash53-005 Restoring the default disposition in a subshell for a signal bash treats specially can cause a crash. * Bash-5.3 Official patch 6 -- bash53-006 When `globasciiranges' is enabled, glob patterns with ranges in bracket expressions can produce incorrect matches for character ranges whose start and end are non-ascii characters. * Bash-5.3 Official patch 7 -- bash53-007 No-fork command substitutions can perform redirections that act on the enclosing command as well. * Bash-5.3 Official patch 8 -- bash53-008 Bash tries to consume entire multibyte characters when looking for backslash escapes in $'...' strings, and treats too many characters as potentially beginning a multibyte character in UTF-8 locales. Being more selective about when to call mbrtowc() can lead to optimized string processing and script speedups. This patch also handles the unlikely situation of a locale encoding null wide characters with non-null bytes. - Remove patch boo1254087.patch now upstream with bash53-004 ==== bluedevil6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * kcm: link the help (kde#484244) * kcm: Fix pair window not opening in plasma-settings (kde#512039) ==== breeze6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: breeze6-cursors breeze6-decoration breeze6-style breeze6-wallpapers - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * Menu: Reduce margins to better match QQC2 style * Menu: Set ItemSpacing to 2 - Drop patches, now upstream: * 0001-Menu-Set-ItemSpacing-to-2.patch * 0002-Menu-Reduce-margins-to-better-match-QQC2-style.patch ==== breeze6-gtk ==== Version update (6.5.3 -> 6.5.4) Subpackages: gtk3-metatheme-breeze6 metatheme-breeze6-common - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== cockpit ==== Subpackages: cockpit-bridge cockpit-networkmanager cockpit-packagekit cockpit-system cockpit-ws cockpit-ws-selinux - Update SELinux module dir as macro to allow root path move from /var/lib/selinux to /etc/selinux (bsc#1221342) ==== conmon ==== - Build with distro flags ==== container-selinux ==== Version update (2.243.0 -> 2.244.0) - Update to version 2.244.0: * New release: v2.244.0 * TMT: ELN rootless user has changed * Introduce container_write_proc_files interface (bsc#1253469) ==== cyrus-sasl ==== Subpackages: cyrus-sasl-gssapi libsasl2-3 - Python3 error log upon importing pycurl (bsc#1233529) Remove senceless log message. * add remove-senceless-log.patch ==== dbus-1 ==== Subpackages: dbus-1-common dbus-1-tools libdbus-1-3 - dbus-1-daemon no longer provides dbus-service (bsc#1254491) - having eavesdropping enabled causes a warning to be logged with dbus-broker boo#1232563 * Adds feature-suse-disable-eavesdrop.patch - dbus-launch is actually now in the dbus-daemon package. - Package cleanup * Drop -x11 varient that is no longer needed * dbus-launch is now in the dbus-daemon package. * This also removes update alternatives for dbus-launch ==== discover6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: discover6-backend-flatpak discover6-backend-fwupd discover6-notifier - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * flatpak: Fix Installation instance management (kde#511602) * flatpak: Simplify notifier * flatpak: Simplify flatpak notifier initialisation (kde#493686) * flatpak: fix flatpaktest on aarch64 * Fix headless updates * Use the same application action style on mobile as desktop ==== distrobox ==== Version update (1.8.2.1 -> 1.8.2.2) Subpackages: distrobox-bash-completion - Update to 1.8.2.2: * docs: update command for GNOME installation by @amnexya in https://github.com/89luca89/distrobox/pull/1873 * Fix typo in nested Podman instructions by @atimeofday in https://github.com/89luca89/distrobox/pull/1879 * docs: note that Podman and Distrobox are now pre-installed on SteamOS 3.5+ by @kavishgr in https://github.com/89luca89/distrobox/pull/1881 * docs: clarify distrobox-host-exec behavior by @jaluoma in https://github.com/89luca89/distrobox/pull/1882 * docs: fix reference to #28 in README.md by @dottorblaster in https://github.com/89luca89/distrobox/pull/1891 * init: fix stat syntax error in rootful detection by @john-holt4 in https://github.com/89luca89/distrobox/pull/1907 * docs: fix mdlint issues in compatibility matrix by @dottorblaster in https://github.com/89luca89/distrobox/pull/1908 * create: fix failing to create containers from images that print to stdout with no input by @bsutherland333 in https://github.com/89luca89/distrobox/pull/1912 * docs: systemd unit example to mount root as a shared mount by @yehorb in https://github.com/89luca89/distrobox/pull/1911 * assemble: /dev/null stdin for distrobox enter execs by @dottorblaster and @balanza in https://github.com/89luca89/distrobox/pull/1915 * feat: set compopt filenames for --file in bash completion by @yedayak in https://github.com/89luca89/distrobox/pull/1916 * enter: preserve SHELL with unshared groups by @Kamorst in https://github.com/89luca89/distrobox/pull/1917 * fix: don't use --pty with buggy su implementations by @Kamorst in https://github.com/89luca89/distrobox/pull/1919 * init: restrict find pattern to libcuda so it doesn't pick up non-NVIDIA libs by @miaulightouch in https://github.com/89luca89/distrobox/pull/1918 * create: direct stderr to /dev/null to prevent incorrect eval by @dottorblaster and @inc0 in https://github.com/89luca89/distrobox/pull/1920 * chore(version): bump to 1.8.2.2 by @dottorblaster in https://github.com/89luca89/distrobox/pull/1921 ==== docker ==== Subpackages: docker-buildx docker-rootless-extras - Add Requires containers-selinux on systems with selinux-policy installed. bsc#1252672 ==== e2fsprogs ==== Version update (1.47.2 -> 1.47.3) Subpackages: libcom_err2 libext2fs2 - Update to 1.47.3: * Many fixes and more features for fuse2fs * Optimize ext2fs_extent_set_bmap() to avoid fragmenting the extent tree * Fix a bounding error in ext2fs_fallocate() which could cause it to allocate far more blocks than was requested * Fix debugfs's dirsearch command on big-endian systems. * Fix debugfs's dump and rdump commands to avoid looping forever when it runs across an I/O error or corrupt filesystem metadata. * Fix "e2fsck -n" to not abort when it trips across an EA inode which is not referenced by any inodes in the file system. * Fix "e2fsck -E unshare_blocks" to clear the shared_blocks flag when there are no shared blocks to clear ==== flatpak-kcm6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - No code changes since 6.5.3 ==== fwupd ==== Version update (2.0.17 -> 2.0.18) Subpackages: libfwupd3 typelib-1_0-Fwupd-2_0 - Update to version 2.0.18: + This release adds the following features: - Add a MOTD message for devices needing reboot after staged updates - Create the reboot-required file when a firmware update requires reboot - Record the system state for each composite emulation - Update USI docking station firmware without requiring a manual replug + This release fixes the following bugs: - Add a MTD device problem if the Intel SPI BIOS lock is set - Allow changing the child name when using PARENT_NAME_PREFIX - Allow UpdateCapsule to work on systems that do not support SecureBoot - Correctly parse the EFI_CAPSULE_RESULT_VARIABLE_HEADER - Fall back to the SMBIOS version for BIOS MTD devices - Fix a crash when trying to record an i2c emulation - Fixed Huddly upgrade problems with major version changes - Fix man page compatibility with apropos and whatis - Fix parsing USB BOS descriptors - Fix up the x86_64-specific capsule flags when deploying UEFI firmware - Improve firmware stream searching speed by a huge amount - Only convert the release uint32_t to device version format for UEFI devices - Only handle SIGINT in fwupdtool when required - Refactor the hypervisor and container detection to be usable from plugins - Set PlatformArchitecture as the CPU architecture for RISC-V machines - Use a sensible timeout when doing qc-s5gen2 HID requests + This release adds support for the following hardware: - HP Portable USB-C 4K HDMI Hub - Lenovo Legion Go 2 (as a HID device) - Synaptics HapticsPad - Rebase fwupd-bsc1130056-change-shim-path.patch ==== gcc ==== - Remove go/gofmt alternatives. [bsc#1245878] ==== glib2 ==== Version update (2.86.2 -> 2.86.3) Subpackages: glib2-tools libgio-2_0-0 libgirepository-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 typelib-1_0-GLib-2_0 typelib-1_0-GModule-2_0 typelib-1_0-GObject-2_0 typelib-1_0-Gio-2_0 - Update to version 2.86.3: + Fix several security vulnerabilities of varying severity (see below for details): + Bugs fixed: - (CVE-2025-13601) (#YWH-PGM9867-134) Incorrect calculation of buffer size in g_escape_uri_string() - (#YWH-PGM9867-145) Buffer underflow on Glib through glib/gvariant via bytestring_parse() or string_parse() leads to OOB Write - GIO: Integer overflow in file attribute escaping - G_FILE_MONITOR_WATCH_HARD_LINK does not monitor files on Windows - gconvert: Error out if g_escape_uri_string() would overflow - gvariant-parser: Fix potential integer overflow parsing (byte)strings - gfileattribute: Fix integer overflow calculating escaping for byte strings ==== glslang ==== Version update (16.0.0 -> 16.1.0) - Update to release 16.1.0 * Avoid emitting OpCapability RuntimeDescriptorArray when unnecessary * Improve compilation speed when debug infomation is enabled * Support GL_EXT_shader_invocation_reorder * Add checks to coopMatMulAdd * Implement stringify operator * Add ES support for depth layout qualifier * Add debug info for hitObjectNV * Emit a DebugGlobalVariable instead of DebugLocalVariable for rayQueryEXT * Add debug info for constant variable * Improve debug line to point declaration * Fix bugs in buffer reference alignment * Reject string operands in binary and select ops * Support GL_EXT_shader_64bit_indexing * Support GLSL_EXT_uniform_buffer_unsized_array * Add semantic check for cooperative vector loads/stores * Improve the debug info name of opaque (sampler) types * Support IO mapping of combined samplers and acceleration structures * Fix bug in debug info for bool types inside SSBO/UBO * Fix bug in debug info for struct member names * Add methods for entry point and invert-y to C interface ==== graphene ==== - add no_fast-math_for_tests.patch * %check may fail for some architerture if the test use -ffast-math ==== gstreamer ==== Version update (1.26.8 -> 1.26.9) Subpackages: libgstreamer-1_0-0 - Update to version 1.26.9: + Highlighted bugfixes in 1.26.9: - playback: playbin3 and decodebin3 stability fixes - Ancillary metadata handling fixes for AJA playout and Blackmagic Decklink capture cards - HLS and DASH adaptive streaming clients stability improvements - gst-play-1.0 will now print details of any missing plugins again - gtk4paintablesink: Add property to fine-tune reconfiguration behaviour on window-resize - NDI source: fix audio corruption for non-interleaved audio with stride padding - Add SMPTE ST291-1 ancillary metadata RTP payloader and depayloader - Add ST-2038 metadata combiner and extractor - webrtcsink: support hardware-accelerated encoders from the va VA-API plugin - spotifysrc: fix the Spotify integration by using Spotify's extended metadata endpoint - Python bindings cross compilation fixes - Various bug fixes, build fixes, memory leak fixes, and other stability and reliability improvements + gstreamer: - info: Force comparison to same types - queue: Use GST_PTR_FORMAT everywhere - streamcollection: Fix race condition between disconnecting notify proxy and notifications - value: Fix GstAllocationParams string serialisation on 32-bit architectures ==== gstreamer-plugins-bad ==== Version update (1.26.8 -> 1.26.9) Subpackages: libgstphotography-1_0-0 libgstplay-1_0-0 - Update to version 1.26.9: + Add missing G_DECLS symbols to gstvkqueue and gstvkcommandqueue + ajasink, decklinkvideosrc: Fix some GstAncillaryMeta handling bugs + analyticsmeta: Initialize span to avoid undefined behavior + GstPlay: Fixed wrong initial position update interval configuration + id3tag: Fix resource leak + mpegtsmux: Avoid infinite recursion writing PCR packets + mxfdemux: Fix typo on mxf_ffv1_create_caps + mxfmux: Fix memset usage + mpegtsmux: segfaults when bitrate is configured lower than bitrate that's coming in + scte-section: fix missing cleanup on splice component parse failure + tsdemux: expose audio GstStream for DTS + va, unixfdsrc: keep dmabufs mapped + vkh265dec: Fix a typo + vkvideo-private: Replace GstBuffer with GstMemory array for video sessions + vtdec: Fix race condition in decoder draining. Fluster runs were unstable ==== gstreamer-plugins-base ==== Version update (1.26.8 -> 1.26.9) Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 - Update to version 1.26.9: + allocators: drmdumb: Keep dmabuf mapped + alsadeviceprovider: Fix device name leak + audiovisualizer: Use break instead of goto for escape logic + decodebin3: - Clear previous collection on input - Consider certain meta caps in decodebin3 as raw format to avoid warnings + decodebin3: Protect again NULL dereference if input slot can't be mapped + glbasesrc: Add unlock handling for non-negotiated cases + glcolorconvert: Fix memory leak in _create_shader + gldownload: Keep dmabuf mapped + glfiltershader: Add missing unlock + glstereosplit: Add missing unlock for exceptional case + pbutils: Fix bit shifting when generate hevc mime codec string + rtpbaseaudiopay: Consider RESYNC flag as discontinuity too + rtpbasedepayload: Add missing unlock in error code path + uridecodebin3: - Add null check of play items in purge - Add missing unlock + urisourcebin: Fix initial values of min_byte_level and min_time_level variables + videoencoder: Fix warning of uninitialized buffer + gst-play-1.0: - Fix printing of missing plugin details - Add missing unlock for invalid track type ==== iproute2 ==== Version update (6.17 -> 6.18) - Update to release 6.18 * tc: add dualpi2 scheduler module * iplink: bond_slave: add support for actor_port_prio * ip: iplink_bridge: Support fdb_local_vlan_0 * ip/bond: add broadcast_neighbor support * netshaper: Add netshaper command ==== kactivitymanagerd6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== kde-cli-tools6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== kde-gtk-config6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: kde-gtk-config6-gtk3 - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== kdecoration6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: libkdecorations3-6 libkdecorations3private2 - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== kdeplasma6-addons ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== kernel-firmware-amdgpu ==== Version update (20251119 -> 20251203) - Update to version 20251203 (git commit a0f0e52138e5): * Revert "amdgpu: update GC 11.5.0 firmware" - Update to version 20251201 (git commit 934bfe7e1e27): * Reapply "amdgpu: update SMU 14.0.3 firmware" * Revert "amdgpu: update SMU 14.0.3 firmware" * Revert "amdgpu: update GC 10.3.6 firmware" * Revert "amdgpu: update GC 11.5.1 firmware" - Update to version 20251125 (git commit 23568a4b9420): * Revert "amdgpu: update GC 11.0.1 firmware" - Update to version 20251121 (git commit ff6418d18552): * amdgpu: DMCUB updates for various ASICs ==== kernel-firmware-ath10k ==== Version update (20250206 -> 20251205) - Update to version 20251205 (git commit 536cc58d9db1): * ath10k: WCN3990 hw1.0: update board-2.bin * ath10k: QCA9888 hw2.0: update board-2.bin * ath10k: QCA4019 hw1.0: update board-2.bin ==== kernel-firmware-ath11k ==== Version update (20250829 -> 20251202) - Update to version 20251202 (git commit 685171356137): * ath11k: QCA6698AQ hw2.1: update to WLAN.HSP.1.1-04866-QCAHSPSWPL_V1_V2_SILICONZ_IOE-1 * ath11k: QCA2066 hw2.1: update board-2.bin ==== kernel-firmware-bluetooth ==== Version update (20251111 -> 20251202) - Update to version 20251202 (git commit 685171356137): * linux-firmware: Update firmware file for Intel Scorpius core * linux-firmware: Update firmware file for Intel BlazarIGfP core * linux-firmware: Update firmware file for Intel BlazarI core * linux-firmware: Update firmware file for Intel BlazarU-HrPGfP core * linux-firmware: Update firmware file for Intel BlazarU core - Update to version 20251125 (git commit 23568a4b9420): * QCA: Add Bluetooth firmware for WCN685x uart interface - Update to version 20251121 (git commit ff6418d18552): * rtl_bt: Update RTL8852B BT USB FW to 0x42D3_4E04 ==== kernel-firmware-i915 ==== Version update (20251106 -> 20251125) - Update to version 20251125 (git commit 23568a4b9420): * xe: Update GUC to v70.54.0 for BMG, PTL ==== kernel-firmware-intel ==== Version update (20251024 -> 20251129) - Update to version 20251129 (git commit 01006f5dea2d): * intel_vpu: Update NPU firmware ==== kernel-firmware-iwlwifi ==== Version update (20251024 -> 20251123) - Update to version 20251123 (git commit 9dba680579f4): * iwlwifi: add Sc/Wh FW for core98-181 release ==== kernel-firmware-media ==== Version update (20251018 -> 20251123) - Update to version 20251123 (git commit 9dba680579f4): * qcom: venus-5.4: update firmware binary for v5.4 * qcom: venus-5.4: remove unused firmware file ==== kernel-firmware-mediatek ==== Version update (20251119 -> 20251129) - Update to version 20251129 (git commit 01006f5dea2d): * linux-firmware: update firmware for MT7925 WiFi device * mediatek MT7925: update bluetooth firmware to 20251124093155 ==== kernel-firmware-qcom ==== Version update (20251119 -> 20251202) - Update to version 20251202 (git commit 38c82f07a964): * qcom: update ADSP firmware for x1e80100 platform, change the license * qcom: reorder ADSP, CDSP firmware entries for qcs8300 in WHENCE - Update to version 20251125 (git commit 23568a4b9420): * qcom: Add ADSP firmware for qcs6490-thundercomm-rubikpi3 ==== kernel-firmware-sound ==== Version update (20251118 -> 20251205) - Update to version 20251205 (git commit 536cc58d9db1): * cirrus: cs35l41: Add support for new HP laptops - Update to version 20251121 (git commit ff6418d18552): * ASoC: tas2781: Add more symbol links on SPI devices ==== kernel-source ==== Version update (6.17.9 -> 6.18.0) Subpackages: kernel-64kb kernel-default - Reapply "rpm/config.sh: Use suse-kabi-tools" This reverts commit 6ce3f150389ee2831c4c0047296d6b64fc9054da. 1) 6.18 on its own is in factory. 2) suse-kabi-tools are in ring 1 already. - commit 371bdaf - Revert "rpm/config.sh: Use suse-kabi-tools" This reverts commit e17118487b4d4fbabdbd7af5f3a53d7baaa11825. Temporarily revert this as: * There is a high risk to break something in factory and I want to separate it from the 6.18 update. * ring0 does not have suse-kabi-tools (yet), so we see "nothing provides suse-kabi-tools". - commit 6ce3f15 - Refresh patches.suse/wifi-iwlwifi-Add-missing-firmware-info-for-bz-b0-mod.patch. Fix backport for 6.17. Upstream's IWL_BZ_UCODE_CORE_MAX has to be changed to 6.17's IWL_BZ_UCODE_API_MAX. Otherwise we get the fw strings like: "firmware" "=" "iwlwifi-bz-b0-fm-c0" "-" "IWL_BZ_UCODE_CORE_MAX" ".ucode"; instead of upstream's: "firmware" "=" "iwlwifi-bz-b0-fm-c0" "-c" "99" ".ucode"; - commit 24dd031 - update to 6.18 final - drop obsoleted patch - patches.rpmify/power-supply-use-ktime_divns-to-avoid-64-bit-divisio.patch (ad8cccc24887) - refresh configs (headers only) - commit 3b67758 - config: update and reenable armv6hl configs - options mirrored from armv7hl - commit 5d0d415 - config: update and reenable armv7hl configs - options mirrored from arm64 except - TI_PRUETH=m - RESET_ASPEED=m - commit 60f8c94 - config/riscv64: enable generic ASoC drivers CONFIG_SND_SIMPLE_CARD_UTILS=m CONFIG_SND_SIMPLE_CARD=m CONFIG_SND_AUDIO_GRAPH_CARD=m CONFIG_SND_AUDIO_GRAPH_CARD2=m CONFIG_SND_AUDIO_GRAPH_CARD2_CUSTOM_SAMPLE=m - commit 4722423 - Add dtb-spacemit SpacemiT boards include MilkV-Jupiter, Banana Pi F3 and Orange Pi RV2. - commit f2f396d - smb: client: fix incomplete backport in cfids_invalidation_worker() (bsc#1254096). - commit a337d5c - rpm/kernel-obs-build.spec.in: Add xt_addrtype module for docker Needed by docker meanwhile. - commit 1cd2f7d ==== keylime ==== Version update (7.12.1 -> 7.13.0+40) Subpackages: keylime-config keylime-firewalld keylime-logrotate keylime-registrar keylime-tenant keylime-tpm_cert_store keylime-verifier python313-keylime - Update to version 7.13.0+40 (CVE-2025-13609, bsc#1254199): * Fix registrar duplicate UUID vulnerability (#1825) * [Automatic] Update Keylime base image 2025-12-01 * Include new attestation information fields (#1818) * Fix Database race conditions and SQLAlchemy 2.0 compatibility (#1823) * ci: add push model tests to the packit plan * push-model: require HTTPS for authentication and attestation endpoints * Fix operational_state tracking in push mode attestations * templates: add push model authentication config options to 2.5 templates * Improve test coverage for authentication components * Security: Hash authentication tokens in logs * Fix stale IMA policy cache in verification * Fix authentication behavior on failed attestations for push mode * Add shared memory infrastructure for multiprocess communication * Add agent authentication (challenge/response) protocol for push mode * Convert CRLF to LF line endings in attestation_controller.py * Add agent-driven (push) attestation protocol with PULL mode regression fixes (#1814) * [Automatic] Update Keylime base image (2025-11-01) (#1816) * docs: Fix man page RST formatting for rst2man compatibility (#1813) * tests: Enable more tests in CI * Apply limit on keylime-policy workers * tpm: fix ECC signature parsing to support variable-length coordinates * tpm: fix ECC P-521 credential activation with consistent marshaling * tpm: fix ECC P-521 coordinate validation * tests: Test keylime-policy both for filelist-ext.xml match and mismatch (#1806) * [Automatic] Update Keylime base image 2025-10-01 * Remove deprecated disabled_signing_algorithms configuration option (#1804) * algorithms: add support for specific RSA algorithms * algorithms: add support for specific ECC curve algorithms * Update manages based on review feedback * Created manpage for keylime-policy and edited manpages for keylime verifier, registrar, agent * Manpage for keylime agent * Manpage for keylime verifier * Manpage for keylime registrar * Use constants for timeout and max retries defaults * tests: Add unit tests for the timeout configuration * verifier: Use timeout from `request_timeout` config option * revocation_notifier: Use timeout setting from config file * tenant: Set timeout when getting version from agent * verify/evidence: SEV-SNP evidence type/verifier * verify/evidence: Add evidence type to request JSON - Update to version v7.13.0: * Bump version to 7.13.0 * Avoid re-encoding certificate stored in DB * Revert "models: Do not re-encode certificate stored in DB" * Revert "registrar_agent: Use pyasn1 to parse PEM" * CI: Enable test add-agent-with-malformed-ek-cert * [Automatic] Update Keylime base image 2025-09-01 * policy/sign: use print() when writing to /dev/stdout * registrar_agent: Use pyasn1 to parse PEM * models: Do not re-encode certificate stored in DB * mba: normalize vendor_db in EV_EFI_VARIABLE_AUTHORITY events * Fix minor typo (exponantial->exponential) * mb: support vendor_db as logged by newer shim versions * mb: support EV_EFI_HANDOFF_TABLES events on PCR1 * Remove unnecessary configuration values * cloud_verifier_tornado: handle exception in notify_error() * requests_client: close the session at the end of the resource manager * Manpage for keylime_tenant (#1786) * Add 2.5 templates including Push Model changes * [Automatic] Update Keylime base image 2025-08-01 * Initial version of verify evidence API * packit: Enable connection leak test in CI * db: Do not read pool size and max overflow for sqlite * Use context managers to close DB sessions * revocations: Try to send notifications on shutdown * verifier: Gracefully shutdown on signal * [Automatic] Update Keylime base image 2025-07-01 * Use `fork` as `multiprocessing` start method * Fix inaccuracy in threat model and add reference to SBAT * Explain TPM properties and expand vTPM discussion * Misc formatting fixes * Add diagrams and tweak formatting * Fix formatting issues * Fix invalid RST and update TOC * Expand threat model page to include adversarial model * CI: Enable CONTAINER_ENGINE to allow other engines * Add --push-model option to avoid requests to agents * [Automatic] Update Keylime base image 2025-06-04 * docker: Remove tpm2-tools compilation from base image * tests: fix rpm repo tests from create-runtime-policy * tests: skip measured-boot related tests for s390x and ppc64le * templates: duplicate str_to_version() in the adjust script * policy: fix mypy issues with rpm_repo * revocation_notifier: fix mypy issue by replacing deprecated call * Fix create_runtime_policy in python < 3.12 * [Automatic] Update Keylime base image 2025-06-02 * Fix after review * fixed CONSTANT names C0103 errors * [Automatic] Update Keylime base image 2025-05-02 * [Automatic] Update Keylime base image 2025-04-04 * [Automatic] Update Keylime base image 2025-04-01 * Extend meta_data field in verifierdb * docs: update issue templates * docs: add GitHub PR template with documentation reminders * [Automatic] Update Keylime base image 2025-03-10 * tpm_util: fix quote signature extraction for ECDSA * packit: Add compatibility/api_version_compatibility test * registrar: Log API versions during startup * lint: Fix mypy warnings * Remove excessive logging on exception * tests: change test_mba_parsing to not need keylime installed * scripts: Fix coverage information downloading script ==== kgamma6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== kglobalacceld6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: libKGlobalAccelD6-0 - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== kinfocenter6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== kmenuedit6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== knighttime6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: libKNightTime0 - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== kpipewire6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: kpipewire6-imports libKPipeWire6 libKPipeWireDmaBuf6 libKPipeWireRecord6 - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * PipewireSourceItem: handle explicit invalidation (kde#494138) ==== krb5 ==== Version update (1.21.3 -> 1.22.1) - Fix memory leak; (bsc#1252989); Update patch 0009-UsrEtc-support.patch - Update to 1.22.1 * Fix a vulnerability in GSS MIC verification [CVE-2025-57736] - Changes in 1.22.0 User experience * The libdefaults configuration variable "request_timeout" can be set to limit the total timeout for KDC requests. When making a KDC request, the client will now wait indefinitely (or until the request timeout has elapsed) on a KDC which accepts a TCP connection, without contacting any additional KDCs. Clients will make fewer DNS queries in some configurations. * The realm configuration variable "sitename" can be set to cause the client to query site-specific DNS records when making KDC requests. Administrator experience * Principal aliases are supported in the DB2 and LMDB KDB modules and in the kadmin protocol. (The LDAP KDB module has supported aliases since release 1.7.) * UNIX domain sockets are supported for the Kerberos and kpasswd protocols. * systemd socket activation is supported for krb5kdc and kadmind. Developer experience * KDB modules can be be implemented in terms of other modules using the new krb5_db_load_module() function. * The profile library supports the modification of empty profiles and the copying of modified profiles, making it possible to construct an in-memory profile and pass it to krb5_init_context_profile(). * GSS-API applications can pass the GSS_C_CHANNEL_BOUND flag to gss_init_sec_context() to request strict enforcement of channel bindings by the acceptor. Protocol evolution * The PKINIT preauth module supports elliptic curve client certificates, ECDH key exchange, and the Microsoft paChecksum2 field. * The IAKERB implementation has been changed to comply with the most recent draft standard and to support realm discovery. * Message-Authenticator is supported in the RADIUS implementation used by the OTP kdcpreauth module. Code quality * Removed old-style function declarations, to accomodate compilers which have removed support for them. * Added OSS-Fuzz to the project's continuous integration infrastructure. * Rewrote the GSS per-message token parsing code for improved safety. - Updated patches: * 0001-ksu-pam-integration.patch * 0002-krb5-1.9-manpaths.patch * 0003-Adjust-build-configuration.patch * 0004-krb5-1.6.3-gssapi_improve_errormessages.patch * 0005-krb5-1.6.3-ktutil-manpage.patch * 0006-krb5-1.12-api.patch * 0007-SELinux-integration.patch * 0008-krb5-1.9-debuginfo.patch - Renamed patches: * 0011_usr_etc.patch -> 0009-UsrEtc-support.patch - Deleted patches: * 0009-Fix-three-memory-leaks.patch * 0010-CVE-2025-24528.patch ==== kscreen6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * Install .desktop file with PROGRAMS to ensure it ends up executable * kcm: make SpinBox sizing more compatible with other QQC2 styles ==== kscreenlocker6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: libKScreenLocker6 - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== ksshaskpass6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== ksystemstats6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== kwayland-integration6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== kwayland6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: libKWaylandClient6 - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== kwin6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: libkwin6 - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * inputmethod: send empty surrounding text when the input method is force activated (kde#512245) * scene: Fix computed painted area of transformed items with HiDPI (kde#510029) * plugins/trackmouse: Fix stuttering (kde#512767) * Fix wrong assumption about the tablet pad strip position * outputconfigurationstore: be more conservative with VGA displays (kde#512146) * A11yKeyboardMonitor: Fix KeyEvent being emitted too often when grabbing keys (kde#512189) * Start adding test for A11yKeyboardManager * backends/libinput: clamp tablet and touch coordinates to target output (kde#512672) * events: ignore XCB_FOCUS_OUT events by default (kde#509115) * x11window: support xrandr emulation (kde#501505) * wayland: Don't withdraw data offers when keyboard focus changes (kde#511509) * backends/virtual: Allow creating virtual outputs * plugins/qpa: Fix build with Qt 6.11 and Qt 6.10.2 * ci: Temporarily disable Qt 6.11 pipeline * plugins/windowview: Fix clear button * xwayland: Prevent more invalidated iterators * Use correct DBus interface for inhibiting sleep (kde#512276) * backends/drm: add missing thread include * activation: always allow activating child windows of the active one * backends/drm: don't do modesets if all pipelines are removed (kde#512097) * backends/drm: add missing layer repaints for night light changes (kde#511812) * scene/scene: schedule pending repaints for child items too (kde#511653) * scene/workspacescene: don't put non-opaque items on an underlay (kde#511491) ==== layer-shell-qt6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: libLayerShellQtInterface6 - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== leancrypto ==== - Fix bsc#1254370, bsc#1253654 - AVX detection is wrong on older intel CPUs * Add leancrypto_avx_detect1.patch * Add leancrypto_avx_detect2.patch ==== libX11 ==== Subpackages: libX11-6 libX11-data libX11-xcb1 - Add libX11-ignore-incompatible-XkbMapNotify.patch: Fix mutter-x11-frames crash caused by keyboard layout change triggered by orca screen reader. (bsc#1253076) ==== libarchive ==== Version update (3.8.1 -> 3.8.3) - Update to 3.8.3: * lib: Create temporary files in the target directory (boo#1254340) * lha: Fix for an out-of-bounds buffer overrun when using p[H_LEVEL_OFFSET] (boo#1254341) * 7-zip: Fix a buffer overrun when reading truncated 7zip headers (boo#1254342) * lz4 and zstd: Support both lz4 and zstd data with leading skippable frames - update upstream signing key - update to 3.8.2: Security fixes: * 7zip: Fix out of boundary access * tar reader: fix checking the result of the strftime (CVE-2025-25724) Notable bugfixes: * bsdtar: Allow filename to have CRLF endings * lib: archive_read_data: handle sparse holes at end of file correctly * lib: improve filter process handling * lib: fix error checking in writing files * lib: handle possible errors from system calls * lib: avoid leaking file descriptors into subprocesses * lib: parse_date: handle dates in 2038 and beyond if time_t is big enough * RAR5 reader: fix multiple issues in extra field parsing function * RAR5 reader: early fail when file declares data for a dir entry * tar writer: fix replacing a regular file with a dir for ARCHIVE_EXTRACT_SAFE_WRITES * tar reader (Windows): check WCS pathname in header_gnutar before overwriting * tar reader: fix an infinite loop when parsing V headers * zip writer: fix a memory leak if write callback error early * zip writer: fix writing with ZSTD compression * zstd write filter: enable Zstandard's checksum feature ==== libcap ==== - Move utils to bindir and then provide symlinks under sbindir as needed by Steam (bsc#1252129) ==== libdisplay-info ==== - added -32bit package needed by Mesa's libvulkan driver packages ==== libdrm ==== Version update (2.4.129 -> 2.4.130) Subpackages: libdrm2 libdrm_amdgpu1 - Update to 2.4.130 * omap: fix omap_bo_size for tiled buffers * amdgpu: add env support for amdgpu.ids path * Support multiple paths in AMDGPU_ASIC_ID_TABLE_PATH envar * amdgpu: Fix envar name in documentation * Sync headers with drm-next * headers: drm: Sync virtgpu_drm.h with Linux v6.16 ==== libeconf ==== Version update (0.8.1 -> 0.8.2) - Update to version 0.8.2: * Cleanup man pages * Using ECONF_ARGUMENT_IS_NULL_VALUE instead of general error ==== libinput ==== Version update (1.30.0 -> 1.30.1) - Update to release 1.30.1 * Fixed a regression in the tablet handling code for some tablets that send input events while being logically out of proximity. * Support for the INPUT_PROP_PRESSUREPAD property available in Linux kernel 6.18. ==== libkscreen6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: libKF6Screen8 libKF6ScreenDpms8 libkscreen6-plugin - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== libksysguard6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: ksysguardsystemstats6-data libKSysGuardSystemStats2 libksysguard6-imports - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * colorgrid: Fix using sensor colors (kde#513037) ==== libnftnl ==== Version update (1.3.0 -> 1.3.1) - Update to release 1.3.1 * Add `meta ibrhwaddr` support * Fix for NFTA_DEVICE_PREFIX with asterisk at the end of the string * New NFTNL_UDATA_TABLE_NFT{VER,BLD} to store build information in userdata * (For now) complete tunnel options support ==== libnl3 ==== Version update (3.11.0 -> 3.12.0) Subpackages: libnl-config libnl3-200 - Update to release 3.12 * xfrm: Add support for xfrm interface ID * Change vlan module to set QOS mapping flag * ip6_tnl: Add API to mark tunnels to "collect metadata" * encap: Add support for an IPv6/IPv4/ILA nexthop encapsulation ==== libplasma6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: libPlasma6 libplasma6-components libplasma6-desktoptheme - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * plasmaquick: Fix potential memory leaks in AppletQuickItem * Make PopupPlasmaWindow take focus (kde#511814) ==== libpng16 ==== Version update (1.6.50 -> 1.6.52) - version update to 1.6.52 * Fixed CVE-2025-66293 (high severity): Out-of-bounds read in `png_image_read_composite`. (Reported by flyfish101 .) * Fixed the Paeth filter handling in the RISC-V RVV implementation. (Reported by Filip Wasil; fixed by Liang Junzhao.) * Improved the performance of the RISC-V RVV implementation. (Contributed by Liang Junzhao.) * Added allocation failure fuzzing to oss-fuzz. (Contributed by Philippe Antoine.) - version update to 1.6.51 * Fixed CVE-2025-64505 (moderate severity): Heap buffer overflow in `png_do_quantize` via malformed palette index. (Reported by Samsung; analyzed by Fabio Gritti.) * Fixed CVE-2025-64506 (moderate severity): Heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled. (Reported by Samsung and ; analyzed by Fabio Gritti.) * Fixed CVE-2025-64720 (high severity): Buffer overflow in `png_image_read_composite` via incorrect palette premultiplication. (Reported by Samsung; analyzed by John Bowler.) * Fixed CVE-2025-65018 (high severity): Heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`. (Reported by .) * Fixed a memory leak in `png_set_quantize`. (Reported by Samsung; analyzed by Fabio Gritti.) * Removed the experimental and incomplete ERROR_NUMBERS code. (Contributed by Tobias Stoeckmann.) * Improved the RISC-V vector extension support; required RVV 1.0 or newer. (Contributed by Filip Wasil.) * Added GitHub Actions workflows for automated testing. * Performed various refactorings and cleanups. - fixes [bsc#1254157] [bsc#1254158] [bsc#1254159] [bsc#1254160] ==== libxkbcommon ==== Version update (1.12.3 -> 1.12.4) Subpackages: libxkbcommon-x11-0 libxkbcommon0 libxkbregistry0 - Update to release 1.12.4 * Fixed a segfault occurring in unlikely setups. ==== lilv ==== Version update (0.24.26 -> 0.26.2) - Update to 0.26.2 * Actually reload files if bundles are unloaded then reloaded * Add support for loading xsd:float literals, "INF", and "NaN" * Avoid warning about non-existent entries in LV2_PATH * Fix crash when duplicate plugins are discovered * Fix lilv_node_is_literal() with booleans * Refine command line tool interfaces and documentation * lv2bench: Add support for common features and options * lv2bench: Use more realistic real-time scheduling - Version 0.26.0 changes: * Add header warnings test * Add option to control indexing overhead for subject queries * Avoid over-use of yielding meson options * Cache LANG value and add option to override it * Fix Python tests * Fix build with dynmanifest support * Fix loading plugins that haven't been loaded yet as state * Fix loading plugins with invalid lv2:appliesTo properties as state * Fix potential memory leak in lilv_world_load_plugin_classes() * Fix potential memory leak in lilv_world_set_option() * Gracefully ignore and warn about non-directories in LV2_PATH * Improve loading performance when many plugin versions are found * Improve performance when loading and deleting state * Only consider manifest data when discovering related presets/etc * Print a warning when a property unexpectedly has several values * Reduce temporary node allocations during query operations ==== mdadm ==== Version update (4.4+30.g9a59bf51 -> 4.4+31.g541b40d3) - Update to version 4.4+31.g541b40d3: * fix crash with homehost=none (bsc#1254541) ==== milou6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== mozilla-nspr ==== Version update (4.37 -> 4.38.2) - update to version 4.38.2 * Fixed a syntax error in test file parsetm.c, which was introduced in 4.38.1 (bmo#1999381) Changes in 4.38.1 * Incorrect time value produced by PR_ParseTimeString and PR_ParseTimeStringToExplodedTime if input string doesn't specify seconds. (bmo#1999105) Changes in 4.38 * Removed support for HPUX and _PR_POLL_WITH_SELECT (bmo#1965666, bmo#1965916) * Fixed a bug in pt_TCP_SendTo on macOS * Ensure parameter passed to isalpha() is unsigned char (bmo#375149) ==== mozilla-nss ==== Version update (3.117 -> 3.118.1) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.118.1 * bmo#1999517 - pk11wrap selects incorrect slot for CKM_ML_KEM* - update to NSS 3.118 * bmo#1994866 - Remove four Commscope root certificates from NSS * bmo#1996036 - fix try pushes with --nspr-patch to actually apply the patch * bmo#1995512 - Support for NIST Curves compressed points * bmo#1985058 - Destroy certificate on error paths * bmo#1990242 - Move NSS DB password hash away from SHA-1 * bmo#1983313 - support secp384r1mlkem1024 * bmo#1991549 - vendor latest ML-KEM code from libcrux * bmo#1991549 - add mlk-kem-1024 tests * bmo#1996717 - use the correct directory for FStar_UInt_8_16_32_64.h in source consistency test * bmo#1766767 - Move scripts to python3 * bmo#1983313 - add mlkem1024 support in freebl * bmo#1983313 - support secp256r1mlkem768 * bmo#1983313 - Make mlkem768x25519 the default * bmo#1983320 - ML-DSA SGN and VFY interfaces * bmo#1988625 - Align FIPS interfaces count with array * bmo#1989477 - Ensure CKK_ML_KEM has derive CK_FALSE * bmo#1992128 - Add script for tagging an NSS release * bmo#1992128 - Remove the globals from nss-release-helper.py * bmo#1992128 - Add release helper command for generating the release index * bmo#1992128 - Add release helper command for generating a release note * bmo#1992128 - Add release helper command for freezing a branch ==== ncurses ==== Version update (6.5.20251123 -> 6.5.20251206) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20251206 + in-progress work to merge MinGW/Windows port. - Add missing dependency for libncurses_c++6 in ncurses-devel to avoid dangling symbolic links - Add ncurses patch 20251129 + in-progress work to merge MinGW/Windows port. ==== nftables ==== Version update (1.1.5 -> 1.1.6) Subpackages: libnftables1 python313-nftables - Update to release 1.1.6 * Complete lightweight tunnel template support, including vxlan, geneve and erspan. * Support for wildcards in netdev hooks. * Support to pass up bridge frame to the bridge device for local processing. ==== nghttp2 ==== Version update (1.66.0 -> 1.68.0) - Update to 1.68.0: * Increase glitch counter for unexpected builtin extension frames * Remove session_update_glitch_ratelim called from deep inside the chain * nghttpd: Make the supported groups configurable * Use SSL_CTX_set1_groups_list * nghttpx: Add groups option * nghttpx: Prefer ML-DSA certificate over ECDSA * nghttpx: Select ECDSA cert based on EVP_PKEY_base_id * nghttpx: Select certificate with BoringSSL * nghttpx: Select certificate with wolfSSL * nghttpx: Add the fast path when selecting a certificate * nghttpx: Select a certificate in a single pass * nghttpx: Support ML-DSA certificate selection with wolfSSL * nghttpx: Make servername_callback behavior consistent * nghttpx: Drop TLSv1.0 and TLSv1.1 support * nghttpx: Define NGHTTP2_CERT_TYPE as constexpr * src: Move sgi _daemonize to util::daemonize * examples: Consistent conditional macro comments * Bump ngtcp2 and its dependencies * src: Adopt nghttp3_conn_read_stream2 * src: Use std::ranges::begin and std::ranges::end consistently * h2load: Set QUIC window-bits to 24 by default * Fix typos in documentation: "or3xx" → "or 3xx" and missing space after period * nghttpx: Increase number of UDP packets to read * Optimize quic io * nghttpx: Remove unused ticket_keys from WorkerEvent * Bump ngtcp2 and its dependencies - Update to 1.67.1: * Remove session_update_glitch_ratelim called from deep inside the chain - Update to 1.67.0: * Port ngtcp2 map changes * src: Adopt IP_PMTUDISC_PROBE * Map seed * Use allocator-aware free in failure path * lib: Use nghttp2_mem_free * src: Rewrite util::is_hex_string * GHA: Run android workflow on branches event * Make error handling robust * Update doc * Add "glitch" counter * Make glitch counter configurable * tests: Swap the positions of expected and actual values * Bump ngtcp2 and its dependencies * Adopt ngtcp2 nghttp3 features * Adopt libngtcp2_crypto_libressl changes * src: Adopt designated initializers for ngtcp2_callbacks * src: Adopt designated initializers * src: constexpr fixup * src: Adopt NGTCP2_WRITE_STREAM_FLAG_PADDING * Test lib before building applications * Bump libbpf to v1.6.2 * Added nghttp3's pattern targets * Bump ngtcp2 to v1.15.1 ==== pam-config ==== Version update (2.13+git.20251105 -> 2.13+git.20251203) - Update to version 2.13+git.20251203: * Make pam_unix_ng work together with pam_sss * pam_sss has no debug option ==== pipewire ==== Version update (1.5.83 -> 1.5.84) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Add patch from upstream to fix linking in older clients: * remove-mappable.patch - Update to version 1.5.84 (1.6 RC4): * This is the fourth 1.6 release candidate that is API and ABI compatible with previous 1.4.x, 1.2.x and 1.0.x releases. * Highlights - Capabilities were added to improve negotiation over links. - The audio resampler now has a configurable window function to better tune the resampler quality. A kaiser and blackman window was added and the default parameters were tuned. - Various small fixes and improvements. * PipeWire - Capabilities and PeerCapabilities were added to exchange key/value pairs between consumer and producer right after a link is made. This can be used to detect how the negotiation of formats and buffers should be done. * Modules - Avoid segfaults in RTP source. (#4970 (closed)) - The AVB module has seen some improvements. * Pulse-server - @NONE@ can now be used to clear the default sink/source. * SPA - Support longer convolver filenames and also support inline IRs. - The audio resampler window function is now selectable and configurable. A kaiser window and blackman window was added and the default qualities were tweaked to improve quality. - The filter-graph convolver latency is now set by default to something more sensible. (0 by default and N/2 for hilbert). (#4980 (closed)) * Bluetooth - Better xrun and error handling for iso streams. - The +CNUM reply was fixed. - The CIEC call status was fixed. (#1744 (closed)) - Add BAP context metadata to improve compatibility. - Improve compatibility with Creative Zen Hybrid Pro by releasing transports simultaneously. ==== plasma5support6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: libPlasma5Support6 - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== plasma6-activities ==== Version update (6.5.3 -> 6.5.4) Subpackages: libPlasmaActivities7 plasma6-activities-imports - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== plasma6-activities-stats ==== Version update (6.5.3 -> 6.5.4) Subpackages: libPlasmaActivitiesStats1 - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== plasma6-browser-integration ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== plasma6-desktop ==== Version update (6.5.3 -> 6.5.4) Subpackages: plasma6-desktop-emojier - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * 🍒 Cherrypick fix for desktop icons moving to other monitor on plasmashell startup * kcms/tablet: Fix configuration for misbehaving devices (kde#508084) * kcms/tablet: Hide tooltip when dragging screen resize handle * kcms/tablet: Obtain a better number of buttons for certain pens (kde#511488) * kcms/tablet: Show driver warning message for pad-only devices too * kcms/tablet: Fix pen button mapping not working * [kcms/keyboard] Don't reconfigure on unrelated config changes * appiumtests: fix taskmanager_visiblelabeltest * appiumtests: fix taskmanagertest * appiumtests: fix desktoptest * appiumtests: fix bug472909test_wayland * appiumtests: fix kcm_keys_test * applets/kicker: fix premature "No matches" placeholder ==== plasma6-integration ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== plasma6-nm ==== Version update (6.5.3 -> 6.5.4) Subpackages: plasma6-nm-openconnect plasma6-nm-openvpn - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * Explicitly escape HTML entities ==== plasma6-openSUSE ==== - Update to 6.5.4 ==== plasma6-pa ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== plasma6-print-manager ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * kded: Fix marker-level checker for CUPS unknown levels (kde#512602) ==== plasma6-systemmonitor ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== plasma6-workspace ==== Version update (6.5.3 -> 6.5.4) Subpackages: plasma6-session plasma6-workspace-libs - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * shell/panelview: Correct the geometry changed logic * shell/panelview: Fix race condition for panel sizing * applets/kicker: be more assertive about not having children * Fix build after bad backport * [devicenotifications] Decode udev strings as UTF-8 (kde#511558) * [devicenotifications] Avoid converting to QString and back for _ENC properties * [devicenotifications] Use QByteArrayView for decodePropertyValue * [applets/systemtray] Don't crash when we can't find data for a given source (kde#511866) * applets/clipboard: return to clipboard menu when history is cleared (kde#511026) * applets/kicker: don't emit queryFinished if still querying (kde#473174) * klipper: fix potential memory leak from action menu * klipper: make action menu a normal window (kde#510449) * shell: Harden PanelRulerView against screen changing due to geometry updates (kde#482916) * shell: Fix panel ruler positioning * applets/systemtray: Fix global activation shortcut not working (kde#483688) * wallpapers/image: Retain delegate preview while loading * components/containmentlayoutmanager: Fix potential memory leaks in AppletContainer * components/containmentlayoutmanager: Fix potential memory leak in ItemContainer * components/containmentlayoutmanager: Fix a potential leak in AppletsLayout ==== polkit-kde-agent-6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== poppler ==== Subpackages: libpoppler-cpp2 libpoppler153 - security update - added patches CVE-2025-11896 [bsc#1252337], infinite recursion leading to stack overflow due to object loop in PDF CMap * poppler-CVE-2025-11896.patch ==== poppler-qt6 ==== - security update - added patches CVE-2025-11896 [bsc#1252337], infinite recursion leading to stack overflow due to object loop in PDF CMap * poppler-CVE-2025-11896.patch ==== powerdevil6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * guard against critical notification already closed * Include ddcutil version in crash reports ==== python-alembic ==== Version update (1.15.2 -> 1.17.2) - Update to 1.17.2 * [feature] [operations] Added Operations.implementation_for.replace parameter to Operations.implementation_for(), allowing replacement of existing operation implementations. This allows for existing operations such as CreateTableOp to be extended directly. * [bug] [mssql] Fixed issue in SQL Server dialect where the DROP that's automatically emitted for existing default constraints during an ALTER COLUMN needs to take place before not just the modification of the column's default, but also before the column's type is changed. ==== python-certifi ==== Version update (2025.10.5 -> 2025.11.12) - Update to 2025.11.12 * Bump actions/download-artifact from 5.0.0 to 6.0.0 (#373) * Bump actions/upload-artifact from 4.6.2 to 5.0.0 (#374) ==== python-cryptography ==== - Only require pytest-subtests with pytest < 9. ==== python-greenlet ==== Version update (3.2.4 -> 3.3.0) - Update to 3.3.0 * Drop support for Python 3.9. * Switch to distributing manylinux_2_28 wheels instead of manylinux2014 wheels. Likewise, switch from musllinux_1_1 to 1_2. * Add initial support for free-threaded builds of CPython 3.14. Due to limitations, we do not distribute binary wheels for free-threaded CPython on Windows. (Free-threaded CPython 3.13 may work, but is untested and unsupported.) ==== python-lark ==== Version update (1.2.2 -> 1.3.1) - Update to 1.3.1 * Bugfix: Restore support for custom input, alongside text and TextSlice by @erezsh in (#1562) * Keep sdist in sync with git (include all files in source build, including docs, tests and examples) by @chanicpanic in (#1561) - from version 1.3.0 * Lark can now parse in sections of strings, using TextSlice, as a faster alternative to creating a "copy-slice" with s[i:j]. * Added support to match on Tree instances * When serializing a Lark instance, added the option to include the grammar object (before compilation). * Added convenience method Tree.find_token() * Bugfix of an edge case in Earley related to representation of ambiguity. * Bugfixes in the standalone parser related to imports * Bugfix in indenter - now dedents always contain line information * Various small bugfixes (see PR list below) - from version 1.2.2 * Bugfix: Earley now respects ambiguity='resolve' again. (#1444) - Drop py314-functools-partial.patch, merged upstream ==== python-psutil ==== - Only require pytest-subtests with pytest < 9. - Add upstream pytest9.patch to fix tests ==== python-referencing ==== - Only require pytest-subtests with pytest < 9. ==== python-typing_extensions ==== - add py314-fix-tests.patch to fix tests with python 3.14 ==== qqc2-breeze-style6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== qt6-declarative ==== Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsPlatform6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsSynchronizer6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlMeta6 libQt6QmlModels6 libQt6QmlNetwork6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 libQt6QuickVectorImage6 libQt6QuickWidgets6 qt6-declarative-imports - Add patch to fix crashes in QML code (kde#512754, QTBUG-142331): * 0001-QtQml-Invalidate-fallback-lookups-after-each-call-fr.patch ==== qt6-webengine ==== Subpackages: libQt6WebEngineCore6 libQt6WebEngineQuick6 libQt6WebEngineWidgets6 qt6-webengine-imports - Build with gcc14 instead of gcc15 on aarch64 Tumbleweed as a workaround until we get a proper fix for boo#1251922 ==== raspberrypi-firmware-config ==== - Enable dwc2 overlay on pi0, pi1 and pi2 models. This is to properly enable USB hub to which in some cases the Ethernet controller is connected. See boo#1251192. Tested on: * RPi Zero 2 W Rev 1.0 * RPi 2 Model B Rev 1.1 amd Rev 1.2 ==== readline ==== Version update (8.3.1 -> 8.3.3) - Add upstream patches * readline83-002 If an application calls rl_save_prompt, which sets rl_prompt to NULL, without calling rl_set_prompt to set it to a new value, readline redisplay can dereference a NULL pointer. * readline83-003 A SIGINT during a reverse i-search can cause a segmentation fault due to accessing data freed by a signal handler. ==== runc ==== Version update (1.3.3 -> 1.4.0) - Add libpathrs build option to allow builds to switch to libpathrs. In future we will switch to enabling this by default for Tumbleweed and Leap >= 16. - Update to runc v1.4.0. Upstream changelog is available from . ==== sdbootutil ==== Version update (1+git20251126.f7a46a1 -> 1+git20251211.b3d0304) Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper sdbootutil-tukit - Update to version 1+git20251211.b3d0304: * Set default entry when removing a kernel * Fix return value when image is set (boo#1254534) * Return error if the hash program is not installed ==== sddm-kcm6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== sdl2-compat ==== Version update (2.32.58 -> 2.32.60) - Update to release 2.32.60 * Fixed crash at startup in Dwarf Fortress and Stellaris * Fixed mouse stuttering in Amiberry * Fixed the viewport not being reset when the window is resized ==== selinux-policy ==== Version update (20251111 -> 20251208) Subpackages: selinux-policy-targeted - Fix macros.selinux-policy to allow changing booleans when policy is not loaded. Previous logic was broken (bsc#1254395) - Update to version 20251208: * Introduce systemd_cryptsetup_generator_var_run_t file type (bsc#1244459) * Allow virtqemud_t to read/write device_t (bsc#1251789) * Introduce sap_service_transition_to_unconfined_user boolean * allow init to read sap symlinks * Allow SAP domain to relocation text in all files - Update embedded container-selinux version to commit: - 9017e1f8074db9b7ae026670b0e0216cf53f18d9 (version 2.244.0) - Update to version 20251128: * update support for polkit agent helper (bsc#1251931) * Allow system_mail_t read apache system content conditionally * Allow login_userdomain read lastlog * Allow sshd-net read and write to sshd vsock socket * Update ktls policy * Add comprehensive SELinux policy module for bwrap thumbnail generation * Revert "Allow thumb_t create permission in the user namespace" * Allow systemd-machined read svirt process state * Allow sshd_auth_t getopt/setopt on tcp_socket (bsc#1252992) * Allow sysadm access to TPM * Allow tlp get the attributes of the pidfs filesystem * Allow kmscon to read netlink_kobject_uevent_socket * Allow systemd-ssh-issue read kernel sysctls * fix: bz2279215 Allow speech-dispatcher access to user home/cache files * Allow create kerberos files in postgresql db home * Fix files_delete_boot_symlinks() to contain delete_lnk_files_pattern * Allow shell comamnds in locate systemd service (bsc#1246559) * Introduce initrc_nnp_daemon_domain interface * Label /var/lib/cosmic-greeter with xdm_var_lib_t * Allow setroubleshoot-fixit get attributes of xattr fs * Allow insights-client manage /etc symlinks * Allow insights-client get attributes of the rpm executable * Allow nfsidmapd search virt lib directories * Allow iotop stream connect to systemd-userdbd * Allow gnome-remote-desktop read sssd public files * Allow thumb_t stream connect to systemd-userdbd * Add auth_nnp_domtrans_chkpwd() * Allow bluez dbus API passing unix domain sockets * Allow bluez dbus api pass sockets over dbus * Dontaudit systemd-generator connect to sssd over a unix stream socket * Allow init watch/watch_reads systemd-machined user ptys - Syncing with upstream rawhide selinux-policy up to: * 874e36c884fc9e31ae12428338a38b14db65f554 - Update embedded container-selinux version to commit: * efdee4df4e98b5f5fe826b83db5ff4a9239e54bb (version 2.243.0) ==== sensors ==== - Don't use valgrind in qemu emulation - Drop rcFOO symlinks [jsc#PED-266] ==== serd ==== Version update (0.32.4 -> 0.32.6) - update to 0.32.6 * Avoid over-use of yielding meson options * Drop graphs when writing Turtle output * Eliminate recursion in the writer * Fix handling of bad predicates in anonymous blank nodes * Fix handling of some invalid EOF cases in lax mode * Fix indentation of named objects after anonymous objects * Fix indentation when ending anonymous nodes with many objects * Fix invalid characters in error messages * Fix reading numbers with no space before the final dot * Fix reading prefix names that start with "true." or "false." * Refuse to write incoherent statements * Remove project and version number from man page OS field * Write a blank line between statements and Turtle/TriG directives ==== shaderc ==== Version update (2025.4 -> 2025.5) - Update to release 2025.5 * No user-visible changes; just a new archive with changes to upstream's deployment scripts. ==== shadow ==== Subpackages: libsubid5 login_defs - Move chage, chfn, chsh, passwd and new?idmap into own pw-mgmt sub-package ==== shim-leap ==== Version update (15.8 -> 16.1) - shim-leap.spec: Always put openSUSE Secure Boot CA to target array Unlike shim.spec, shim-leap.spec does not have #needssslcertforbuild because our shim.efi is already signed by openSUSE key in openSUSE:Factory:secure-boot/shim. It causes that the _projectcert.crt can not be found by shim-leap which means the openSUSE CA can not be added to the target certificates array in pretrans Lua script. I can not directly add '# needssslcertforbuild' to shim-leap.spec because it will causes that shim.efi be signed by openSUSE key again. Let's always put openSUSE Secure Boot CA to target certificates array because the shim.efi already has openSUSE signature. (bsc#1254679) - Update shim version to 16.1: shim-16.1-lp156.4.1.aarch64.rpm shim-16.1-lp156.4.1.x86_64.rpm RPMs are coming from openSUSE secure-boot shim 15.6: https://build.opensuse.org/projects/openSUSE:Factory:secure-boot/packages/shim/repositories/15.6/binaries - Version: 16.1, "Aug 14 2025" - Include the bug fixes for bsc#1205588 - Add a pretrans script to verify that the necessary certificate is in the UEFI db. - Add DER format certificate files for the pretrans script to verify that the necessary certificate is in the UEFI db - openSUSE Secure Boot CA, 2013-2035 openSUSE_Secure_Boot_CA_2013.crt - SUSE Linux Enterprise Secure Boot CA, 2013-2035 SUSE_Linux_Enterprise_Secure_Boot_CA_2013.crt - Microsoft Corporation UEFI CA 2011, 2011-2026 Microsoft_Corporation_UEFI_CA_2011.crt - Microsoft UEFI CA 2023, 2023-2038 Microsoft_UEFI_CA_2023.crt ==== sord ==== Version update (0.16.18 -> 0.16.20) - update to 0.16.20 * Add header warnings test * Add missing const qualifiers to API * Avoid over-use of yielding meson options * Update man pages ==== spectacle ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== sqlite3 ==== Version update (3.50.4 -> 3.51.1) - Update to version 3.51.1: * Fix incorrect results from nested EXISTS queries caused by the optimization in item 6b in the 3.51.0 release. * Fix a latent bug in fts5vocab virtual table, exposed by new optimizations in the 3.51.0 release - Changes in version 3.51.0: * New macros in sqlite3.h: - SQLITE_SCM_BRANCH → the name of the branch from which the source code is taken. - SQLITE_SCM_TAGS → space-separated list of tags on the source code check-in. - SQLITE_SCM_DATETIME → ISO-8601 date and time of the source code check-in. * Two new JSON functions, jsonb_each() and jsonb_tree() work the same as the existing json_each() and json_tree() functions except that they return JSONB for the "value" column when the "type" is 'array' or 'object'. * The carray and percentile extensions are now built into the amalgamation, though they are disabled by default and must be activated at compile-time using the -DSQLITE_ENABLE_CARRAY and/or -DSQLITE_ENABLE_PERCENTILE options, respectively. * Enhancements to TCL Interface: - Add the -asdict flag to the eval command to have it set the row data as a dict instead of an array. - User-defined functions may now break to return an SQL NULL. * CLI enhancements: - Increase the precision of ".timer" to microseconds. - Enhance the "box" and "column" formatting modes to deal with double-wide characters. - The ".imposter" command provides read-only imposter tables that work with VACUUM and do not require the --unsafe-testing option. - Add the --ifexists option to the CLI command-line option and to the .open command. - Limit columns widths set by the ".width" command to 30,000 or less, as there is not good reason to have wider columns, but supporting wider columns provides opportunity to malefactors. * Performance enhancements: - Use fewer CPU cycles to commit a read transaction. - Early detection of joins that return no rows due to one or more of the tables containing no rows. - Avoid evaluation of scalar subqueries if the result of the subquery does not change the result of the overall expression. - Faster window function queries when using "BETWEEN :x FOLLOWING AND :y FOLLOWING" with a large :y. * Add the PRAGMA wal_checkpoint=NOOP; command and the SQLITE_CHECKPOINT_NOOP argument for sqlite3_wal_checkpoint_v2(). * Add the sqlite3_set_errmsg() API for use by extensions. * Add the sqlite3_db_status64() API, which works just like the existing sqlite3_db_status() API except that it returns 64-bit results. * Add the SQLITE_DBSTATUS_TEMPBUF_SPILL option to the sqlite3_db_status() and sqlite3_db_status64() interfaces. * In the session extension add the sqlite3changeset_apply_v3() interface. * For the built-in printf() and the format() SQL function, omit the leading '-' from negative floating point numbers if the '+' flag is omitted and the "#" flag is present and all displayed digits are '0'. Use '%#f' or similar to avoid outputs like '-0.00' and instead show just '0.00'. * Improved error messages generated by FTS5. * Enforce STRICT typing on computed columns. * Improved support for VxWorks * JavaScript/WASM now supports 64-bit WASM. The canonical builds continue to be 32-bit but creating one's own 64-bit build is now as simple as running "make". * Improved resistance to database corruption caused by an application breaking Posix advisory locks using close(). ==== sratom ==== Version update (0.6.18 -> 0.6.20) - update to 0.6.20 * Avoid over-use of yielding meson options * Avoid use of scanf when reading MIDI events * Fix lint checks * Fix potential memory error when writing ambiguous relative paths * Improve code quality ==== steam-devices ==== Version update (20240522+git.e2971e4 -> 20251018+git.4d7e6c1) - Update to version 20251018+git.4d7e6c1: * Add Nintendo Switch Joy-Cons * Add Hori HORIPAD STEAM * Add Xbox One Elite 2 Controller * Add EdgeTX / OpenTX controllers in gamepad mode * Add PowerA Fusion Fightpad for Nintendo Switch * Add Razer Wolverine V2 Pro * Add Hori Alpha for PS5 ==== suse-module-tools ==== Version update (16.1.0 -> 16.1.1) Subpackages: suse-module-tools-scriptlets - Update to version 16.1.1: * 80-hotplug-cpu-mem.rules: remount tmpfs on "online" uevents (bsc#1254264) ==== systemd-presets-branding-MicroOS ==== - - Enable chronyd.service by default (boo#1254778). - enable firewalld.service by default (bsc#1237923) since the Agama installer does not do that (contrary to what the YaST installer used to do). ==== systemd-presets-common-SUSE ==== - Enable polkit-agent-helper.socket (see [bsc#1251931] for details) - Enable account-utils socket units (see [bsc#1253052] for details) (newidmapd.socket, pwaccessd.socket, enable pwupdd.socket) - Enable cleanoldsepoldir.service to allow to run after boot it is part of root path move from /var/lib/selinux to /etc/selinux (bsc#1221342) ==== systemsettings6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== transactional-update-notifier ==== - Fix requires for dbus daemon ==== u-boot-rpiarm64 ==== Version update (2025.04 -> 2025.10) Subpackages: u-boot-rpiarm64-doc - Update to 2025.10: * Full changelog available at: https://source.denx.de/u-boot/u-boot/-/compare/v2025.04...v2025.07 https://source.denx.de/u-boot/u-boot/-/compare/v2025.07...v2025.10 - Patches rebased - Update u-boot.keyring ==== vim ==== Version update (9.1.1918 -> 9.1.1966) Subpackages: vim-data-common vim-small - update to 9.1.1966: * patch 9.1.1966: MS-Windows: dark mode in gui is not supported * runtime(vim): Update base syntax, match full :help command * patch 9.1.1965: q can accidentally start recording at more prompt * patch 9.1.1964: Wrong display when using setline() at hit-enter prompt * patch 9.1.1963: diff: missing diff size limit for xdiff * runtime(julia): Update Julia runtime files * runtime(rust): use textwidth=100 for the Rust recommended style * runtime(doc): document change in Windows behavior for patch 9.1.1947 * patch 9.1.1962: filetype: Erlang application resource files are not recognized * patch 9.1.1961: :0tab behaves like :tab for :stag when 'swb' contains "newtab" * patch 9.1.1960: Wrong position of info popup * patch 9.1.1959: Wrong wrapping of long output using :echowindow * patch 9.1.1958: Wrong display with sign_unplace() and setline() in CursorMoved * patch 9.1.1957: filetype: bpftrace files are not recognized * runtime(odin): support underscore-separated numeric literals * runtime(doc): fix return value in 'exists' and 'exists_compiled()' * patch 9.1.1956: tests: test_sort.vim leaves swapfiles behind * patch 9.1.1955: sort() does not handle large numbers correctly * patch 9.1.1954: Setting a byte in a blob, accepts values outside 0-255 * patch 9.1.1953: gui_mch_set_titlebar_colors() is excessively called * runtime(swayconfig): separate identifier groups + cleanup * runtime(i3config): highlight identifiers separately * patch 9.1.1952: tests: need better tests for tf files * runtime(quarto): add missing loaded guard * runtime(python): Highlight t-strings * runtime(sml): Update syntax, improve special constant matching * runtime(hog): set undo_ftplugin correctly, delete trailing whitespace * patch 9.1.1951: tests: Test_windows_external_cmd_in_cwd() only run in huge builds * patch 9.1.1950: tests: Test_tagjump.vim leaves swapfiles behind * patch 9.1.1949: :stag does not use 'swichtbuf' option * runtime(doc): Update vim9.txt Section 1 * patch 9.1.1948: Windows: Vim adds current directory to search path * patch 9.1.1947: [security]: Windows: Vim may execute commands from current directory * patch 9.1.1946: Cannot open the help in the current window * patch 9.1.1945: tests: Test_getbufwintabinfo() leaves swapfiles behind * patch 9.1.1944: getwininfo() does not return if statusline is visible * runtime(doc): clarify the use of v:errormsg * patch 9.1.1943: Memory leak with :breakadd expr * runtime(lf): update syntax to support lf version r39 * runtime(vim): Update base syntax, match full :language command * patch 9.1.1942: Vim9: Assignment to read-only registers @: and @% is allowed * patch 9.1.1941: tests: Test_execute_register() leaves swapfile behind * patch 9.1.1940: clipboard registers "+" and "*" synced without "autoselect" * patch 9.1.1939: tests: test_matchfuzzy() leaves swapfiles behind * patch 9.1.1938: tests: excessive wait in Test_matchfuzzy_initialized * patch 9.1.1937: tests: Test_matchfuzzy_initialized() fails * patch 9.1.1936: filetype: Erlang lexical files are not recognized * patch 9.1.1935: filetype: not all Erlang files are recognized * runtime(doc): Update and clarify vim9.txt Section 3 * runtime(doc): Improve :help :catch command specification * runtime(netrw): fix undefined variable curwin in s:NetrwMenu() * patch 9.1.1934: filetype: not all starlark files are recognized * runtime(doc): Change termdebug_config debug value to v:true in terminal.txt * runtime(doc): Correct typo in usr_30.txt regarding softtabstop * runtime(doc): fix typo in "appendbufline()", builtin.txt * runtime(defaults): Update comment for reverting C comment strings * runtime(doc): Clarification in listener_add() doc * patch 9.1.1933: completion: complete_match() is not useful * patch 9.1.1932: OSC terminal response hard to detect * runtime(doc): remove outdated help about 'completeopt' "fuzzy" * translation: regenerate po/vim.pot after v9.1.1930 * patch 9.1.1931: completion: wrong item selected with fuzzy and noinsert * patch 9.1.1930: completion: 'completefuzzycollect' is too obscure * runtime(i3config/swayconfig): add all option for i3config only * patch 9.1.1929: completion: spell completion wrong with fuzzy * runtime(doc): Fix typo in "Jumping to Changes", usr_08.txt * patch 9.1.1928: xxd: exit_with_usage() can be simplified * patch 9.1.1927: Wayland: clipboard code too complex * Update link to XDG base specification in option.c comment * runtime(doc): Add environment variable expansion note to options * patch 9.1.1926: xdiff: Coverity warning with MAX_CNT/UINT_MAX usage * runtime(new-tutor): update vim-02-beginner following 48940d9 * patch 9.1.1925: make depend does not include osdef.h * runtime(tutor): Improve style for chapter 2 * runtime(tutor): Add Spanish translation for chapter 2 * runtime(tutor): Improve Spanish translation of chapter 1 * runtime(haskell): Add syntax test * runtime(vim): Update base syntax, match full :history command * patch 9.1.1924: 'commentstring' requires +folding feature * patch 9.1.1923: wrong error when assigning to read-only register * runtime(vim): Update base syntax, match :debug and :break* commands * runtime(compiler): set errorformat where missing * runtime(php): Update indent script to 1.76 (from 1.75) * runtime(haskell): allow spaces in backticked operators in syntax script * patch 9.1.1922: Wrong virtcol('$') with virtual text at EOL * patch 9.1.1921: xdiff: included xdiff code is outdated * patch 9.1.1920: tests: not enough testing for wildtrigger() pum redrawing * CI: Switch to macOS 26 runner * runtime(c): Update signal constants in syntax script ==== vulkan-loader ==== Version update (1.4.328 -> 1.4.335) - Update to tag SDK-1.4.335.0 * Stop layers with an invalid "type" field from being added * Normalize library paths queried from the OS * Fix two memory leaks ==== vulkan-tools ==== Version update (1.4.328 -> 1.4.335) - Update to release 1.4.335 * vulkaninfo: Support promoted structs in Profile JSON output - Add 0001-vulkaninfo-Fix-running-under-RenderDoc.patch ==== wtmpdb ==== Version update (0.75.0+git20251009.a6f185a -> 0.75.0+git20251130.0d8fe7a) Subpackages: libwtmpdb0 - Update to version 0.75.0+git20251130.0d8fe7a: * wtmpdbd: add method Rotate to interface definition * wtmpdb last: fix --present option * last -x: apply --since and --until to split entries * last -x: show shutdown entries before reboot ones * Fix varlink definition for type WtmpdbEntry ==== xdg-desktop-portal-kde6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * remotedesktop: honor the requested cursor mode * clipboard: Dont append data on when read results in EAGAIN (kde#512076) ==== xkbcomp ==== Version update (1.4.7 -> 1.5.0) - This releases contains the fixes for the issues reported in today's security advisory: https://lists.x.org/archives/xorg-announce/2025-December/003644.html * CVE-2018-15863 (bsc#1105832) * CVE-2018-15861 (bsc#1105832) * CVE-2018-15859 (bsc#1105832) * CVE-2018-15853 (bsc#1105832) Note that the year is not a typo, these CVEs have been reported previously for libxkbcommon but the same code exists in xkbcomp and required the same fixes. As a new feature in this version: xkbcomp now supports the meson build system in addition to autotools. autotools support may be removed in a future version. - switch to meson build ==== zix ==== Version update (0.6.2 -> 0.8.0) - Update to 0.8.0 * Add ZIX_REALTIME and ZIX_NONBLOCKING attributes * Add warning suppression macros * Annotate count and size parameters of allocator API * Avoid "deprecated" POSIX functions on Windows * Avoid over-use of yielding meson options * Clean up attribute documentation * Gracefully handle failed allocation in path and filesystem functions * Reduce empty BTree memory requirements * Strengthen zix_file_equals() * Use getenv() instead of environ to avoid issues on FreeBSD ==== zlib-ng-compat ==== Version update (2.2.5 -> 2.3.1) - Remove WITH_RVV=OFF - Update to 2.3.1: * Changelog at https://github.com/zlib-ng/zlib-ng/releases/tag/2.3.1