Packages changed: 7zip ImageMagick (7.1.2.8 -> 7.1.2.10) Mesa (25.3.0 -> 25.3.1) Mesa-drivers (25.3.0 -> 25.3.1) MozillaFirefox (145.0 -> 146.0) SDL3 (3.2.26 -> 3.2.28) alsa (1.2.14 -> 1.2.15) alsa-ucm-conf (1.2.14 -> 1.2.15) alsa-utils (1.2.14 -> 1.2.15) apache2 (2.4.65 -> 2.4.66) apache2-manual (2.4.65 -> 2.4.66) apache2-prefork (2.4.65 -> 2.4.66) apache2-utils (2.4.65 -> 2.4.66) aurorae6 (6.5.3 -> 6.5.4) bash (5.3.3 -> 5.3.9) bluedevil6 (6.5.3 -> 6.5.4) blueman (2.4.2 -> 2.4.6) breeze6 (6.5.3 -> 6.5.4) breeze6-gtk (6.5.3 -> 6.5.4) clamav container-selinux (2.243.0 -> 2.244.0) cyrus-sasl dbus-1 discover6 (6.5.3 -> 6.5.4) drkonqi6 (6.5.3 -> 6.5.4) e2fsprogs (1.47.2 -> 1.47.3) ed (1.22.2 -> 1.22.3) emacs flatpak-kcm6 (6.5.3 -> 6.5.4) fwupd (2.0.17 -> 2.0.18) gcc gdb glib2 (2.86.2 -> 2.86.3) glslang (16.0.0 -> 16.1.0) gnome-control-center (49.2.1 -> 49.2.2) gnome-remote-desktop (49.1 -> 49.2) graphene gspell (1.14.1 -> 1.14.2) gstreamer (1.26.8 -> 1.26.9) gstreamer-plugins-bad (1.26.8 -> 1.26.9) gstreamer-plugins-base (1.26.8 -> 1.26.9) gstreamer-plugins-good (1.26.8 -> 1.26.9) gstreamer-plugins-libav (1.26.8 -> 1.26.9) gstreamer-plugins-rs (1.26.8 -> 1.26.9) gstreamer-plugins-ugly (1.26.8 -> 1.26.9) ibus (1.5.32 -> 1.5.33) iproute2 (6.17 -> 6.18) kactivitymanagerd6 (6.5.3 -> 6.5.4) kde-cli-tools6 (6.5.3 -> 6.5.4) kde-gtk-config6 (6.5.3 -> 6.5.4) kdecoration6 (6.5.3 -> 6.5.4) kdeplasma6-addons (6.5.3 -> 6.5.4) kernel-firmware-amdgpu (20251119 -> 20251203) kernel-firmware-ath10k (20250206 -> 20251205) kernel-firmware-ath11k (20250829 -> 20251202) kernel-firmware-bluetooth (20251111 -> 20251202) kernel-firmware-i915 (20251106 -> 20251125) kernel-firmware-intel (20251024 -> 20251129) kernel-firmware-iwlwifi (20251024 -> 20251123) kernel-firmware-media (20251018 -> 20251123) kernel-firmware-mediatek (20251119 -> 20251129) kernel-firmware-qcom (20251119 -> 20251202) kernel-firmware-sound (20251118 -> 20251205) kernel-source (6.17.9 -> 6.18.0) kgamma6 (6.5.3 -> 6.5.4) kglobalacceld6 (6.5.3 -> 6.5.4) kinfocenter6 (6.5.3 -> 6.5.4) kmenuedit6 (6.5.3 -> 6.5.4) knighttime6 (6.5.3 -> 6.5.4) kpipewire6 (6.5.3 -> 6.5.4) krb5 (1.21.3 -> 1.22.1) kscreen6 (6.5.3 -> 6.5.4) kscreenlocker6 (6.5.3 -> 6.5.4) ksshaskpass6 (6.5.3 -> 6.5.4) ksystemstats6 (6.5.3 -> 6.5.4) kwayland-integration6 (6.5.3 -> 6.5.4) kwayland6 (6.5.3 -> 6.5.4) kwin6 (6.5.3 -> 6.5.4) kwin6-x11 (6.5.3 -> 6.5.4) layer-shell-qt6 (6.5.3 -> 6.5.4) leancrypto libX11 libarchive (3.8.1 -> 3.8.3) libcap libdisplay-info libdrm (2.4.129 -> 2.4.130) libeconf (0.8.1 -> 0.8.2) libinput (1.30.0 -> 1.30.1) libkscreen6 (6.5.3 -> 6.5.4) libksysguard6 (6.5.3 -> 6.5.4) libnftnl (1.3.0 -> 1.3.1) libnl3 (3.11.0 -> 3.12.0) libplasma6 (6.5.3 -> 6.5.4) libpng16 (1.6.50 -> 1.6.52) libstorage-ng (4.5.279 -> 4.5.280) libvirt (11.9.0 -> 11.10.0) libxkbcommon (1.12.3 -> 1.12.4) lilv (0.24.26 -> 0.26.2) linux-glibc-devel (6.17 -> 6.18) mariadb (11.8.3 -> 11.8.5) mdadm (4.4+30.g9a59bf51 -> 4.4+31.g541b40d3) milou6 (6.5.3 -> 6.5.4) mozilla-nspr (4.37 -> 4.38.2) mozilla-nss (3.117 -> 3.118.1) ncurses (6.5.20251123 -> 6.5.20251206) nftables (1.1.5 -> 1.1.6) nghttp2 (1.66.0 -> 1.68.0) nvidia-open-driver-G06-signed-cuda (580.105.08_k6.17.7_1 -> 580.105.08_k6.18.0_2) ocean-sound-theme6 (6.5.3 -> 6.5.4) openSUSE-release (20251127 -> 20251212) pam-config (2.13+git.20251105 -> 2.13+git.20251203) pam_kwallet6 (6.5.3 -> 6.5.4) patterns-media pipewire (1.5.83 -> 1.5.84) plasma5support6 (6.5.3 -> 6.5.4) plasma6-activities (6.5.3 -> 6.5.4) plasma6-activities-stats (6.5.3 -> 6.5.4) plasma6-browser-integration (6.5.3 -> 6.5.4) plasma6-desktop (6.5.3 -> 6.5.4) plasma6-disks (6.5.3 -> 6.5.4) plasma6-integration (6.5.3 -> 6.5.4) plasma6-nm (6.5.3 -> 6.5.4) plasma6-openSUSE plasma6-pa (6.5.3 -> 6.5.4) plasma6-print-manager (6.5.3 -> 6.5.4) plasma6-systemmonitor (6.5.3 -> 6.5.4) plasma6-thunderbolt (6.5.3 -> 6.5.4) plasma6-workspace (6.5.3 -> 6.5.4) polkit-kde-agent-6 (6.5.3 -> 6.5.4) poppler poppler-qt6 postfix (3.10.5 -> 3.10.6) powerdevil6 (6.5.3 -> 6.5.4) python-anyio (4.11.0 -> 4.12.0) python-argon2-cffi (23.1.0 -> 25.1.0) python-certifi (2025.10.5 -> 2025.11.12) python-cryptography python-greenlet (3.2.4 -> 3.3.0) python-psutil python-typing_extensions python-tzdata qqc2-breeze-style6 (6.5.3 -> 6.5.4) qt6-declarative qt6-webengine raspberrypi-firmware-config re2c (4.3 -> 4.3.1) readline (8.3.1 -> 8.3.3) rng-tools salt sdbootutil (1+git20251126.f7a46a1 -> 1+git20251211.b3d0304) sddm-kcm6 (6.5.3 -> 6.5.4) sdl12_compat (1.2.70 -> 1.2.72) sdl2-compat (2.32.58 -> 2.32.60) selinux-policy (20251111 -> 20251208) sensors serd (0.32.4 -> 0.32.6) shaderc (2025.4 -> 2025.5) shadow shim-leap (15.8 -> 16.1) smartmontools snapshot (49.0 -> 49.1) sord (0.16.18 -> 0.16.20) spectacle (6.5.3 -> 6.5.4) sqlite3 (3.50.4 -> 3.51.1) sratom (0.6.18 -> 0.6.20) strace (6.17 -> 6.18) suse-module-tools (16.1.0 -> 16.1.1) systemd-presets-branding-openSUSE systemd-presets-common-SUSE systemsettings6 (6.5.3 -> 6.5.4) tmux (3.5a -> 3.6a) u-boot-rpiarm64 (2025.04 -> 2025.10) usbmuxd (1.1.1+git69.523f700 -> 1.1.1+git72.3ded00c) vim (9.1.1918 -> 9.1.1966) vulkan-loader (1.4.328 -> 1.4.335) vulkan-tools (1.4.328 -> 1.4.335) wacomtablet-kcm6 (6.5.3 -> 6.5.4) webkit2gtk3 (2.50.2 -> 2.50.3) webkit2gtk4 (2.50.2 -> 2.50.3) wtmpdb (0.75.0+git20251009.a6f185a -> 0.75.0+git20251130.0d8fe7a) xdg-desktop-portal-kde6 (6.5.3 -> 6.5.4) xkbcomp (1.4.7 -> 1.5.0) yast2-bootloader (5.0.27 -> 5.0.29) yast2-trans (84.87.20251120.56464525cf -> 84.87.20251202.6c2698bf7a) zix (0.6.2 -> 0.8.0) zlib-ng-compat (2.2.5 -> 2.3.1) zypp-plugin (0.6.5 -> 0.6.6) === Details === ==== 7zip ==== - Do not use asm code on aarch64 until PAC/BTI/GCS fixed upstream ==== ImageMagick ==== Version update (7.1.2.8 -> 7.1.2.10) Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - version update to 7.1.2.10 * no upstream changelog, see https://github.com/ImageMagick/ImageMagick/compare/7.1.2-8..7.1.2-10 - fixes CVE-2025-65955 [bsc#1254435] ==== Mesa ==== Version update (25.3.0 -> 25.3.1) Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1 - Update to Mesa 25.3.1 - -> https://docs.mesa3d.org/relnotes/25.3.1 - Due to a lack of a 25.3.0 announcment, here are included the relavent entries here for that. - Users can expect the usual flurry of improvements across all drivers and components, including these new extensions & features highlighted by their developers (in no particular order): - The VDPAU state tracker has been removed. There are design issues with VDPAU, as well as limited support, which render other options like VAAPI and Vulkan Video better choices - Zink and NVK are now mandatory for OpenGL acceleration on recent nvidia GPUs. You can enable them at configure time by adding zink to - -gallium-drivers and nouveau to --vulkan-drivers or by setting both to auto on appropriate platforms. In 25.1, we began defaulting to Zink+NVK on Turing and later gpus when Zink+NVK was enabled at build time. In 25.3, the old driver no longer officially suports Turing or later. Users of these gpus without Zink+NVK installed at runtime will instead get software rendering. This affects most nvidia gpus from 2018 or later. - Some RADV_DEBUG options (nodynamicbounds,splitfma,nongg_gs,invariantgeom) are deprecated and will be removed in future Mesa releases. - The PowerVR Vulkan driver is now conformant to Vulkan 1.0 on BXS-4-64 and advertises Vulkan 1.2 support on selected GPUs (although, it isn't fully 1.2 conformant in this release). The driver is no longer considered to be experimental and, as such, can now be enabled via - Dvulkan-drivers=imagination. - enabled Vulkan driver ("imagination") for PowerVR GPUs on x86_64, aarch64 and riscv64; added libvulkan_powervr package - fixed build against s390x by removing "display-info" option - Build with VK_AMD_anti_lag vulkan extension support to allow AMD Anti-Lag to be used on AMD GPUs - Create new subpackage Mesa-vulkan-anti-lag for this new vulkan extension - Build with -Ddisplay-info=enabled to allow VK_EXT_hdr_metadata support for VK_KHR_display ==== Mesa-drivers ==== Version update (25.3.0 -> 25.3.1) Subpackages: Mesa-dri Mesa-libva Mesa-vulkan-device-select libvulkan_lvp - Update to Mesa 25.3.1 - -> https://docs.mesa3d.org/relnotes/25.3.1 - Due to a lack of a 25.3.0 announcment, here are included the relavent entries here for that. - Users can expect the usual flurry of improvements across all drivers and components, including these new extensions & features highlighted by their developers (in no particular order): - The VDPAU state tracker has been removed. There are design issues with VDPAU, as well as limited support, which render other options like VAAPI and Vulkan Video better choices - Zink and NVK are now mandatory for OpenGL acceleration on recent nvidia GPUs. You can enable them at configure time by adding zink to - -gallium-drivers and nouveau to --vulkan-drivers or by setting both to auto on appropriate platforms. In 25.1, we began defaulting to Zink+NVK on Turing and later gpus when Zink+NVK was enabled at build time. In 25.3, the old driver no longer officially suports Turing or later. Users of these gpus without Zink+NVK installed at runtime will instead get software rendering. This affects most nvidia gpus from 2018 or later. - Some RADV_DEBUG options (nodynamicbounds,splitfma,nongg_gs,invariantgeom) are deprecated and will be removed in future Mesa releases. - The PowerVR Vulkan driver is now conformant to Vulkan 1.0 on BXS-4-64 and advertises Vulkan 1.2 support on selected GPUs (although, it isn't fully 1.2 conformant in this release). The driver is no longer considered to be experimental and, as such, can now be enabled via - Dvulkan-drivers=imagination. - enabled Vulkan driver ("imagination") for PowerVR GPUs on x86_64, aarch64 and riscv64; added libvulkan_powervr package - fixed build against s390x by removing "display-info" option - Build with VK_AMD_anti_lag vulkan extension support to allow AMD Anti-Lag to be used on AMD GPUs - Create new subpackage Mesa-vulkan-anti-lag for this new vulkan extension - Build with -Ddisplay-info=enabled to allow VK_EXT_hdr_metadata support for VK_KHR_display ==== MozillaFirefox ==== Version update (145.0 -> 146.0) Subpackages: MozillaFirefox-branding-upstream - Mozilla Firefox 146.0 https://www.firefox.com/en-US/firefox/146.0/releasenotes/ MFSA 2025-92 (bsc#1254551) * CVE-2025-14321 (bmo#1992760) Use-after-free in the WebRTC: Signaling component * CVE-2025-14322 (bmo#1996473) Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component * CVE-2025-14323 (bmo#1996555) Privilege escalation in the DOM: Notifications component * CVE-2025-14324 (bmo#1996840) JIT miscompilation in the JavaScript Engine: JIT component * CVE-2025-14325 (bmo#1998050) JIT miscompilation in the JavaScript Engine: JIT component * CVE-2025-14326 (bmo#1840666) Use-after-free in the Audio/Video: GMP component * CVE-2025-14327 (bmo#1970743) Spoofing issue in the Downloads Panel component * CVE-2025-14328 (bmo#1996761) Privilege escalation in the Netmonitor component * CVE-2025-14329 (bmo#1997018) Privilege escalation in the Netmonitor component * CVE-2025-14330 (bmo#1997503) JIT miscompilation in the JavaScript Engine: JIT component * CVE-2025-14331 (bmo#2000218) Same-origin policy bypass in the Request Handling component * CVE-2025-14332 (bmo#1963153, bmo#1985058, bmo#1995637, bmo#1997118) Memory safety bugs fixed in Firefox 146 and Thunderbird 146 * CVE-2025-14333 (bmo#1966501, bmo#1997639) Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146 - requires NPSR 4.38.2 NSS 3.118 rust-cbindgen 0.29.1 - switched back using gcc - rebased patches - If clang_build is set, ensure to define CC and CXX accordingly. - Use clang19-devel on Leap. - Mozilla Firefox 145.0.2 * Fixed an issue that prevented typing in Baidu’s search box when using Chinese IMEs on Windows. (bmo#2000479) - Mozilla Firefox 145.0.1 * Fixed: Fixed an issue causing breakage on sites using Three.js. (bmo#1995939) * Fixed: Fixed Web compatibility issues with Rogers. Rogers customers would see a broken iframe with "Firefox Can’t Open This Page" when viewing bills, rather than the billing info. (bmo#1996823) * Fixed: Fixed an issue in the Web Developer Tools preventing copy all or save all requests as HAR. (bmo#1995694) ==== SDL3 ==== Version update (3.2.26 -> 3.2.28) - Update to release 3.2.28 * Fixed a divide by zero with a zero sized blit in some cases * Fixed blitting bitmaps with a non-zero x offset * Fixed a crash in the Vulkan renderer when the window is minimized * Fixed the initial X11 window position in some environments * Fixed the channel mapping for surround sound on PulseAudio * Fixed the sensor axis ordering with the Linux Nintendo driver * Fixed Xbox 360 controller mappings on newer Linux kernels * Made Nintendo Switch controller initialization more robust * Fixed the paddle mapping for Steam Controllers ==== alsa ==== Version update (1.2.14 -> 1.2.15) Subpackages: libasound2 libatopology2 - Backport upstream fixes, mainly for regressions (bsc#1254652): 0001-ucm-use-closefrom-instead-of-close_range.patch 0002-ucm-exec-fix-maxfd-used-warning.patch 0003-conf-merge-card-specific-contents-per-file-whole-aft.patch 0004-conf-fix-possible-memory-leak-in-config_file_open-er.patch 0005-Revert-conf-fix-load_for_all_cards-do-not-merge-the-.patch 0006-conf-USB-Audio-define-pcm-configuration-block-only-o.patch 0007-conf-HDA-Intel-define-pcm-configuration-block-only-o.patch - Update to alsa-lib 1.2.15: * documentation, coding style and configure fixes * error: add priority and interface strings to the log messages * snd_tlv_convert_to_dB: Fix mute handling for MINMAX_MUTE type * mixer: bag - fix bag_del_all implementation (missing free) * pcm: plugin - avoid 32-bit to 64-bit return value conversions * pcm route: suppress false positive warning for gcc 8+ * pcm: add a loop to snd_pcm_avail_delay() to avoid bogus delay values * rawmidi: Fix inactive stream definition and handling * seq: drain API fix, notiffy for pversion ioctl failure * topology: fix nibble warning in tplg_save_quoted() * lots of UCM and conf fixes and improvements For details, see: https://www.alsa-project.org/wiki/Changes_v1.2.14_v1.2.15#alsa-lib ==== alsa-ucm-conf ==== Version update (1.2.14 -> 1.2.15) - Update to alsa-ucm-conf 1.2.15: * USB-Audio: support for Steinberg UR22C, GoXLR, HP Thunderbolt Dock G2, Audient iD14 MK2, DualSense PS5 controller, Steinberg UR22mkII, Teufel CAGE PRO, MSI MAG B850M Mortar Wifi, Beacn Mic and Studio, Solid State Labs SSL 2, Behringer Flow8, Solid State Labs SSL 2+, Steinberg UR44, Behringer UCM204HD/404HD, RME Fireface UCX, Presonus Revelator IO44 * Fixes for configurations * Lots of Qualcomm updates * Intel SOF updates/fixes * Mediatek, Realtek, Tegra, AMD ACP updates For details, see: https://www.alsa-project.org/wiki/Changes_v1.2.14_v1.2.15#alsa-ucm-conf ==== alsa-utils ==== Version update (1.2.14 -> 1.2.15) - Update to alsa-utils 1.2.15: * alsactl lots of fixes, new -Y option to extract via key=value pairs * amidi: Ignore inactive MIDI ports as default at listing * add support for new log handler for aconnect, alsamixer, alsactl * aplay: reorganize format handling in begin_wave() * Revert "aplay: fix S24_LE wav header" * bat: Fix buffer time configuration For details, see: https://www.alsa-project.org/wiki/Changes_v1.2.14_v1.2.15#alsa-utils ==== apache2 ==== Version update (2.4.65 -> 2.4.66) - version update to 2.4.66 * ) SECURITY: CVE-2025-66200: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo (cve.mitre.org) mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. * ) SECURITY: CVE-2025-65082: Apache HTTP Server: CGI environment variable override (cve.mitre.org) Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through 2.4.65. * ) SECURITY: CVE-2025-59775: Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF (cve.mitre.org) Server-Side Request Forgery (SSRF) vulnerability  in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content * ) SECURITY: CVE-2025-58098: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... (cve.mitre.org) Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. * ) SECURITY: CVE-2025-55753: Apache HTTP Server: mod_md (ACME), unintended retry intervals (cve.mitre.org) An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: from 2.4.30 before 2.4.66. * ) mod_http2: Fix handling of 304 responses from mod_cache. * ) mod_http2/mod_proxy_http2: fix a bug in calculating the log2 value of integers, used in push diaries and proxy window size calculations. * ) mod_md: update to version 2.6.5 - New directive `MDInitialDelay`, controlling how longer to wait after a server restart before checking certificates for renewal. [Michael Kaufmann] - Hardening: when build with OpenSSL older than 1.0.2 or old libressl versions, the parsing of ASN.1 time strings did not do a length check. - Hardening: when reading back OCSP responses stored in the local JSON store, missing 'valid' key led to uninitialized values, resulting in wrong refresh behaviour. * ) mod_md: update to version 2.6.6 - Fix a small memory leak when using OpenSSL's BIGNUMs. - Fix reuse of curl easy handles by resetting them. * ) mod_http2: update to version 2.0.35 New directive `H2MaxStreamErrors` to control how much bad behaviour by clients is tolerated before the connection is closed. * ) mod_proxy_http2: add support for ProxyErrorOverride directive. * ) mpm_common: Add new ListenTCPDeferAccept directive that allows to specify the value set for the TCP_DEFER_ACCEPT socket option on listen sockets. * ) mod_ssl: Add SSLVHostSNIPolicy directive to control the virtual host compatibility policy. * ) mod_md: update to version 2.6.2 - Fix error retry delay calculation to not already doubling the wait on the first error. * ) mod_md: update to version 2.6.1 - Increasing default `MDRetryDelay` to 30 seconds to generate less bursty traffic on errored renewals for the ACME CA. This leads to error retries of 30s, 1 minute, 2, 4, etc. up to daily attempts. - Checking that configuring `MDRetryDelay` will result in a positive duration. A delay of 0 is not accepted. - Fix a bug in checking Content-Type of responses from the ACME server. - Added ACME ARI support (rfc9773) to the module. Enabled by default. New directive "MDRenewViaARI on|off" for controlling this. - Removing tailscale support. It has not been working for a long time as the company decided to change their APIs. Away with the dead code, documentation and tests. - Fixed a compilation issue with pre-industrial versions of libcurl. - httpd testsuite of svn revision 1929573 ==== apache2-manual ==== Version update (2.4.65 -> 2.4.66) - version update to 2.4.66 * ) SECURITY: CVE-2025-66200: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo (cve.mitre.org) mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. * ) SECURITY: CVE-2025-65082: Apache HTTP Server: CGI environment variable override (cve.mitre.org) Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through 2.4.65. * ) SECURITY: CVE-2025-59775: Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF (cve.mitre.org) Server-Side Request Forgery (SSRF) vulnerability  in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content * ) SECURITY: CVE-2025-58098: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... (cve.mitre.org) Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. * ) SECURITY: CVE-2025-55753: Apache HTTP Server: mod_md (ACME), unintended retry intervals (cve.mitre.org) An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: from 2.4.30 before 2.4.66. * ) mod_http2: Fix handling of 304 responses from mod_cache. * ) mod_http2/mod_proxy_http2: fix a bug in calculating the log2 value of integers, used in push diaries and proxy window size calculations. * ) mod_md: update to version 2.6.5 - New directive `MDInitialDelay`, controlling how longer to wait after a server restart before checking certificates for renewal. [Michael Kaufmann] - Hardening: when build with OpenSSL older than 1.0.2 or old libressl versions, the parsing of ASN.1 time strings did not do a length check. - Hardening: when reading back OCSP responses stored in the local JSON store, missing 'valid' key led to uninitialized values, resulting in wrong refresh behaviour. * ) mod_md: update to version 2.6.6 - Fix a small memory leak when using OpenSSL's BIGNUMs. - Fix reuse of curl easy handles by resetting them. * ) mod_http2: update to version 2.0.35 New directive `H2MaxStreamErrors` to control how much bad behaviour by clients is tolerated before the connection is closed. * ) mod_proxy_http2: add support for ProxyErrorOverride directive. * ) mpm_common: Add new ListenTCPDeferAccept directive that allows to specify the value set for the TCP_DEFER_ACCEPT socket option on listen sockets. * ) mod_ssl: Add SSLVHostSNIPolicy directive to control the virtual host compatibility policy. * ) mod_md: update to version 2.6.2 - Fix error retry delay calculation to not already doubling the wait on the first error. * ) mod_md: update to version 2.6.1 - Increasing default `MDRetryDelay` to 30 seconds to generate less bursty traffic on errored renewals for the ACME CA. This leads to error retries of 30s, 1 minute, 2, 4, etc. up to daily attempts. - Checking that configuring `MDRetryDelay` will result in a positive duration. A delay of 0 is not accepted. - Fix a bug in checking Content-Type of responses from the ACME server. - Added ACME ARI support (rfc9773) to the module. Enabled by default. New directive "MDRenewViaARI on|off" for controlling this. - Removing tailscale support. It has not been working for a long time as the company decided to change their APIs. Away with the dead code, documentation and tests. - Fixed a compilation issue with pre-industrial versions of libcurl. - httpd testsuite of svn revision 1929573 ==== apache2-prefork ==== Version update (2.4.65 -> 2.4.66) - version update to 2.4.66 * ) SECURITY: CVE-2025-66200: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo (cve.mitre.org) mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. * ) SECURITY: CVE-2025-65082: Apache HTTP Server: CGI environment variable override (cve.mitre.org) Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through 2.4.65. * ) SECURITY: CVE-2025-59775: Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF (cve.mitre.org) Server-Side Request Forgery (SSRF) vulnerability  in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content * ) SECURITY: CVE-2025-58098: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... (cve.mitre.org) Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. * ) SECURITY: CVE-2025-55753: Apache HTTP Server: mod_md (ACME), unintended retry intervals (cve.mitre.org) An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: from 2.4.30 before 2.4.66. * ) mod_http2: Fix handling of 304 responses from mod_cache. * ) mod_http2/mod_proxy_http2: fix a bug in calculating the log2 value of integers, used in push diaries and proxy window size calculations. * ) mod_md: update to version 2.6.5 - New directive `MDInitialDelay`, controlling how longer to wait after a server restart before checking certificates for renewal. [Michael Kaufmann] - Hardening: when build with OpenSSL older than 1.0.2 or old libressl versions, the parsing of ASN.1 time strings did not do a length check. - Hardening: when reading back OCSP responses stored in the local JSON store, missing 'valid' key led to uninitialized values, resulting in wrong refresh behaviour. * ) mod_md: update to version 2.6.6 - Fix a small memory leak when using OpenSSL's BIGNUMs. - Fix reuse of curl easy handles by resetting them. * ) mod_http2: update to version 2.0.35 New directive `H2MaxStreamErrors` to control how much bad behaviour by clients is tolerated before the connection is closed. * ) mod_proxy_http2: add support for ProxyErrorOverride directive. * ) mpm_common: Add new ListenTCPDeferAccept directive that allows to specify the value set for the TCP_DEFER_ACCEPT socket option on listen sockets. * ) mod_ssl: Add SSLVHostSNIPolicy directive to control the virtual host compatibility policy. * ) mod_md: update to version 2.6.2 - Fix error retry delay calculation to not already doubling the wait on the first error. * ) mod_md: update to version 2.6.1 - Increasing default `MDRetryDelay` to 30 seconds to generate less bursty traffic on errored renewals for the ACME CA. This leads to error retries of 30s, 1 minute, 2, 4, etc. up to daily attempts. - Checking that configuring `MDRetryDelay` will result in a positive duration. A delay of 0 is not accepted. - Fix a bug in checking Content-Type of responses from the ACME server. - Added ACME ARI support (rfc9773) to the module. Enabled by default. New directive "MDRenewViaARI on|off" for controlling this. - Removing tailscale support. It has not been working for a long time as the company decided to change their APIs. Away with the dead code, documentation and tests. - Fixed a compilation issue with pre-industrial versions of libcurl. - httpd testsuite of svn revision 1929573 ==== apache2-utils ==== Version update (2.4.65 -> 2.4.66) - version update to 2.4.66 * ) SECURITY: CVE-2025-66200: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo (cve.mitre.org) mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. * ) SECURITY: CVE-2025-65082: Apache HTTP Server: CGI environment variable override (cve.mitre.org) Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through 2.4.65. * ) SECURITY: CVE-2025-59775: Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF (cve.mitre.org) Server-Side Request Forgery (SSRF) vulnerability  in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content * ) SECURITY: CVE-2025-58098: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... (cve.mitre.org) Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. * ) SECURITY: CVE-2025-55753: Apache HTTP Server: mod_md (ACME), unintended retry intervals (cve.mitre.org) An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: from 2.4.30 before 2.4.66. * ) mod_http2: Fix handling of 304 responses from mod_cache. * ) mod_http2/mod_proxy_http2: fix a bug in calculating the log2 value of integers, used in push diaries and proxy window size calculations. * ) mod_md: update to version 2.6.5 - New directive `MDInitialDelay`, controlling how longer to wait after a server restart before checking certificates for renewal. [Michael Kaufmann] - Hardening: when build with OpenSSL older than 1.0.2 or old libressl versions, the parsing of ASN.1 time strings did not do a length check. - Hardening: when reading back OCSP responses stored in the local JSON store, missing 'valid' key led to uninitialized values, resulting in wrong refresh behaviour. * ) mod_md: update to version 2.6.6 - Fix a small memory leak when using OpenSSL's BIGNUMs. - Fix reuse of curl easy handles by resetting them. * ) mod_http2: update to version 2.0.35 New directive `H2MaxStreamErrors` to control how much bad behaviour by clients is tolerated before the connection is closed. * ) mod_proxy_http2: add support for ProxyErrorOverride directive. * ) mpm_common: Add new ListenTCPDeferAccept directive that allows to specify the value set for the TCP_DEFER_ACCEPT socket option on listen sockets. * ) mod_ssl: Add SSLVHostSNIPolicy directive to control the virtual host compatibility policy. * ) mod_md: update to version 2.6.2 - Fix error retry delay calculation to not already doubling the wait on the first error. * ) mod_md: update to version 2.6.1 - Increasing default `MDRetryDelay` to 30 seconds to generate less bursty traffic on errored renewals for the ACME CA. This leads to error retries of 30s, 1 minute, 2, 4, etc. up to daily attempts. - Checking that configuring `MDRetryDelay` will result in a positive duration. A delay of 0 is not accepted. - Fix a bug in checking Content-Type of responses from the ACME server. - Added ACME ARI support (rfc9773) to the module. Enabled by default. New directive "MDRenewViaARI on|off" for controlling this. - Removing tailscale support. It has not been working for a long time as the company decided to change their APIs. Away with the dead code, documentation and tests. - Fixed a compilation issue with pre-industrial versions of libcurl. - httpd testsuite of svn revision 1929573 ==== aurorae6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== bash ==== Version update (5.3.3 -> 5.3.9) Subpackages: bash-loadables bash-sh - Add upstream patch * Bash-5.3 Official patch 8 -- bash53-009 A SIGINT during a reverse i-search can cause a segmentation fault due to accessing data freed by a signal handler. - Add upstream patches * Bash-5.3 Official patch 4 -- bash53-004 The Linux kernel reports incorrect sizes for files in /sys/block/*/uevent, leading bash to report a read error when the byte count does not agree with the file size from fstat(2). * Bash-5.3 Official patch 5 -- bash53-005 Restoring the default disposition in a subshell for a signal bash treats specially can cause a crash. * Bash-5.3 Official patch 6 -- bash53-006 When `globasciiranges' is enabled, glob patterns with ranges in bracket expressions can produce incorrect matches for character ranges whose start and end are non-ascii characters. * Bash-5.3 Official patch 7 -- bash53-007 No-fork command substitutions can perform redirections that act on the enclosing command as well. * Bash-5.3 Official patch 8 -- bash53-008 Bash tries to consume entire multibyte characters when looking for backslash escapes in $'...' strings, and treats too many characters as potentially beginning a multibyte character in UTF-8 locales. Being more selective about when to call mbrtowc() can lead to optimized string processing and script speedups. This patch also handles the unlikely situation of a locale encoding null wide characters with non-null bytes. - Remove patch boo1254087.patch now upstream with bash53-004 ==== bluedevil6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * kcm: link the help (kde#484244) * kcm: Fix pair window not opening in plasma-settings (kde#512039) ==== blueman ==== Version update (2.4.2 -> 2.4.6) Subpackages: thunar-sendto-blueman - Update to version 2.4.6: * Handling for new StatusNotifierWatcher - Update to version 2.4.5: * Make connection notifications transient * StatusNotifierItem: announce children-display * Manager: Hide bt status switch when PowerManager is not available - Update to version 2.4.4: * Fix Rfcom plugin dbus signature * Set an initial selected device in blueman-sendto * AutoConnect: Store bluetooth address instead of object path * Applet: Handle UnknownObject DBus error (@tommie) * Make search button available after device list becomes empty (@astcri) * Fix Fatal LoadException * Terminate applet on manager termination if it was started by manager * AutoConnect: Automatically convert path to address * Add toggle to force symbolic statusicon - Update to version 2.4.3: * Fix issues with specific device names * Fix deadlock between applet and manager when double-clicking the tray icon ==== breeze6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: breeze6-cursors breeze6-decoration breeze6-style - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * Menu: Reduce margins to better match QQC2 style * Menu: Set ItemSpacing to 2 - Drop patches, now upstream: * 0001-Menu-Set-ItemSpacing-to-2.patch * 0002-Menu-Reduce-margins-to-better-match-QQC2-style.patch ==== breeze6-gtk ==== Version update (6.5.3 -> 6.5.4) Subpackages: gtk2-metatheme-breeze6 gtk3-metatheme-breeze6 gtk4-metatheme-breeze6 metatheme-breeze6-common - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== clamav ==== Subpackages: libclamav12 libclammspack0 libfreshclam4 - Provide a better fix for boo#1249404 by disabling debug mode. - Build with older rust 1.87 for reproducible builds (boo#1249404) ==== container-selinux ==== Version update (2.243.0 -> 2.244.0) - Update to version 2.244.0: * New release: v2.244.0 * TMT: ELN rootless user has changed * Introduce container_write_proc_files interface (bsc#1253469) ==== cyrus-sasl ==== Subpackages: cyrus-sasl-crammd5 cyrus-sasl-digestmd5 cyrus-sasl-gssapi cyrus-sasl-plain libsasl2-3 - Python3 error log upon importing pycurl (bsc#1233529) Remove senceless log message. * add remove-senceless-log.patch ==== dbus-1 ==== Subpackages: dbus-1-common dbus-1-tools libdbus-1-3 - dbus-1-daemon no longer provides dbus-service (bsc#1254491) - having eavesdropping enabled causes a warning to be logged with dbus-broker boo#1232563 * Adds feature-suse-disable-eavesdrop.patch - dbus-launch is actually now in the dbus-daemon package. - Package cleanup * Drop -x11 varient that is no longer needed * dbus-launch is now in the dbus-daemon package. * This also removes update alternatives for dbus-launch ==== discover6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: discover6-backend-flatpak discover6-backend-fwupd discover6-backend-packagekit discover6-notifier - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * flatpak: Fix Installation instance management (kde#511602) * flatpak: Simplify notifier * flatpak: Simplify flatpak notifier initialisation (kde#493686) * flatpak: fix flatpaktest on aarch64 * Fix headless updates * Use the same application action style on mobile as desktop ==== drkonqi6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== e2fsprogs ==== Version update (1.47.2 -> 1.47.3) Subpackages: libcom_err2 libext2fs2 - Update to 1.47.3: * Many fixes and more features for fuse2fs * Optimize ext2fs_extent_set_bmap() to avoid fragmenting the extent tree * Fix a bounding error in ext2fs_fallocate() which could cause it to allocate far more blocks than was requested * Fix debugfs's dirsearch command on big-endian systems. * Fix debugfs's dump and rdump commands to avoid looping forever when it runs across an I/O error or corrupt filesystem metadata. * Fix "e2fsck -n" to not abort when it trips across an EA inode which is not referenced by any inodes in the file system. * Fix "e2fsck -E unshare_blocks" to clear the shared_blocks flag when there are no shared blocks to clear ==== ed ==== Version update (1.22.2 -> 1.22.3) - GNU ed 1.22.3: * The change to print the file name escaped when replaced into a shell command has been reverted * When '--unsafe-names' is not specified, only the control characters \a, \b, \t, \v, \f, \n, \r, \033, and \177 are now rejected in file names * 'make check' now checks file names with non-ASCII characters coded either in ISO-8859-1 or in UTF-8. * 'EXIT STATUS' now has its own section in the man page ==== emacs ==== Subpackages: emacs-el emacs-eln emacs-info emacs-nox etags - Avoid direct dependencies to X11 libraries for wayland port ==== flatpak-kcm6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - No code changes since 6.5.3 ==== fwupd ==== Version update (2.0.17 -> 2.0.18) Subpackages: fwupd-bash-completion libfwupd3 typelib-1_0-Fwupd-2_0 - Update to version 2.0.18: + This release adds the following features: - Add a MOTD message for devices needing reboot after staged updates - Create the reboot-required file when a firmware update requires reboot - Record the system state for each composite emulation - Update USI docking station firmware without requiring a manual replug + This release fixes the following bugs: - Add a MTD device problem if the Intel SPI BIOS lock is set - Allow changing the child name when using PARENT_NAME_PREFIX - Allow UpdateCapsule to work on systems that do not support SecureBoot - Correctly parse the EFI_CAPSULE_RESULT_VARIABLE_HEADER - Fall back to the SMBIOS version for BIOS MTD devices - Fix a crash when trying to record an i2c emulation - Fixed Huddly upgrade problems with major version changes - Fix man page compatibility with apropos and whatis - Fix parsing USB BOS descriptors - Fix up the x86_64-specific capsule flags when deploying UEFI firmware - Improve firmware stream searching speed by a huge amount - Only convert the release uint32_t to device version format for UEFI devices - Only handle SIGINT in fwupdtool when required - Refactor the hypervisor and container detection to be usable from plugins - Set PlatformArchitecture as the CPU architecture for RISC-V machines - Use a sensible timeout when doing qc-s5gen2 HID requests + This release adds support for the following hardware: - HP Portable USB-C 4K HDMI Hub - Lenovo Legion Go 2 (as a HID device) - Synaptics HapticsPad - Rebase fwupd-bsc1130056-change-shim-path.patch ==== gcc ==== - Remove go/gofmt alternatives. [bsc#1245878] ==== gdb ==== - Maintenance script qa.sh: * Fix grep: warning: stray \ before -. - Patches added: * avoid-crash-with-length.patch * correct-bounds-check-when-working-around-gas-dwarf-5.patch * fix-crash-in-f-typeprint.c.patch - Patches added (swo#33560, bsc#1251213): * bfd-elf-handle-prstatus-of-156-bytes-in-elf32_arm_na.patch * gdb-corefiles-fix-segfault-in-add_thread_silent.patch - Patches added (swo#32542, swo#33354): * change-return-value-of-_bfd_mmap_temporary.patch - Patches added (swo#33068, swo#33069): * gdb-fix-handling-of-aborted-inferior-call.patch - Patches added (swo#33620): * gdb-rust-fix-handling-of-unsigned-discriminant.patch - Patches added (swo#33444): * have-gdb.threadexitedevent-inherit-from-gdb.threadev.patch - Patches added (swo#33617): * mark-pascal-as-case-insensitive.patch - Patches added (testsuite): * check-gnatmake-version-in-gnat_version_compare.patch * gdb-testsuite-fix-build-id-check-in-gdb.python-py-mi.patch * gdb-testsuite-fix-gdb.mi-mi-sym-info.exp.patch * gdb-testsuite-fix-gdb.rust-methods.exp-on-i686-linux.patch * gdb-testsuite-fix-main-in-gdb.trace-mi-trace-frame-c.patch * gdb-testsuite-fix-possible-tcl-errors-in-gdb.threads.patch * gdb-testsuite-fix-sizeof-test-in-gdb.rust-simple.exp.patch * gdb-testsuite-fix-xfail-in-gdb.ada-array_of_variant..patch * gdb-testsuite-fix-xfail-in-gdb.ada-variant_record_fi.patch * gdb-testsuite-force-dwarf-in-gdb.pascal.patch * gdb-testsuite-rust-fix-for-empty-array.patch * gdb-testsuite-use-expect_build_id_in_core_file-a-bit.patch * gdb-testsuite-use-std-c99-in-gdb.base-callfuncs.exp.patch * gdb-testsuite-use-std-c99-in-gdb.base-nodebug.exp.patch * powerpc-mark-rtti-typeid-tests-as-expected-fail-befo.patch - Maintenance script import-patches.sh: * Use git instead of osc. - Maintenance script qa.sh: * Add PR32893 kfail. - Patch added (swo#32688): * gdb-testsuite-yet-another-attempt-to-fix-gdb.threads.patch - Maintenance script qa.sh: * Remove PR32688 kfail. - Work around recursively defined sle_version on openSUSE Leap 16.0 (bsc#1238724). ==== glib2 ==== Version update (2.86.2 -> 2.86.3) Subpackages: glib2-tools libgio-2_0-0 libgirepository-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 libgthread-2_0-0 typelib-1_0-GIRepository-3_0 typelib-1_0-GLib-2_0 typelib-1_0-GModule-2_0 typelib-1_0-GObject-2_0 typelib-1_0-Gio-2_0 - Update to version 2.86.3: + Fix several security vulnerabilities of varying severity (see below for details): + Bugs fixed: - (CVE-2025-13601) (#YWH-PGM9867-134) Incorrect calculation of buffer size in g_escape_uri_string() - (#YWH-PGM9867-145) Buffer underflow on Glib through glib/gvariant via bytestring_parse() or string_parse() leads to OOB Write - GIO: Integer overflow in file attribute escaping - G_FILE_MONITOR_WATCH_HARD_LINK does not monitor files on Windows - gconvert: Error out if g_escape_uri_string() would overflow - gvariant-parser: Fix potential integer overflow parsing (byte)strings - gfileattribute: Fix integer overflow calculating escaping for byte strings ==== glslang ==== Version update (16.0.0 -> 16.1.0) - Update to release 16.1.0 * Avoid emitting OpCapability RuntimeDescriptorArray when unnecessary * Improve compilation speed when debug infomation is enabled * Support GL_EXT_shader_invocation_reorder * Add checks to coopMatMulAdd * Implement stringify operator * Add ES support for depth layout qualifier * Add debug info for hitObjectNV * Emit a DebugGlobalVariable instead of DebugLocalVariable for rayQueryEXT * Add debug info for constant variable * Improve debug line to point declaration * Fix bugs in buffer reference alignment * Reject string operands in binary and select ops * Support GL_EXT_shader_64bit_indexing * Support GLSL_EXT_uniform_buffer_unsized_array * Add semantic check for cooperative vector loads/stores * Improve the debug info name of opaque (sampler) types * Support IO mapping of combined samplers and acceleration structures * Fix bug in debug info for bool types inside SSBO/UBO * Fix bug in debug info for struct member names * Add methods for entry point and invert-y to C interface ==== gnome-control-center ==== Version update (49.2.1 -> 49.2.2) Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-user-faces gnome-control-center-users - Update to version 49.2.1: + Revert libgxdp updates. The libgxdp updates depend on changes in gsettings-desktop-schemas that are part of the GNOME 50 cycle. Revert the pinned ref to the one we had before, until we branch libgxdp for GNOME 49. ==== gnome-remote-desktop ==== Version update (49.1 -> 49.2) - Update to version 49.2: + Misc bug fixes + Fix crash ==== graphene ==== Subpackages: libgraphene-1_0-0 typelib-1_0-Graphene-1_0 - add no_fast-math_for_tests.patch * %check may fail for some architerture if the test use -ffast-math ==== gspell ==== Version update (1.14.1 -> 1.14.2) - Update to version 1.14.2: + Publish tarballs from CI. ==== gstreamer ==== Version update (1.26.8 -> 1.26.9) Subpackages: gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0 - Update to version 1.26.9: + Highlighted bugfixes in 1.26.9: - playback: playbin3 and decodebin3 stability fixes - Ancillary metadata handling fixes for AJA playout and Blackmagic Decklink capture cards - HLS and DASH adaptive streaming clients stability improvements - gst-play-1.0 will now print details of any missing plugins again - gtk4paintablesink: Add property to fine-tune reconfiguration behaviour on window-resize - NDI source: fix audio corruption for non-interleaved audio with stride padding - Add SMPTE ST291-1 ancillary metadata RTP payloader and depayloader - Add ST-2038 metadata combiner and extractor - webrtcsink: support hardware-accelerated encoders from the va VA-API plugin - spotifysrc: fix the Spotify integration by using Spotify's extended metadata endpoint - Python bindings cross compilation fixes - Various bug fixes, build fixes, memory leak fixes, and other stability and reliability improvements + gstreamer: - info: Force comparison to same types - queue: Use GST_PTR_FORMAT everywhere - streamcollection: Fix race condition between disconnecting notify proxy and notifications - value: Fix GstAllocationParams string serialisation on 32-bit architectures ==== gstreamer-plugins-bad ==== Version update (1.26.8 -> 1.26.9) Subpackages: libgstadaptivedemux-1_0-0 libgstanalytics-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstinsertbin-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstmse-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstsctp-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Update to version 1.26.9: + Add missing G_DECLS symbols to gstvkqueue and gstvkcommandqueue + ajasink, decklinkvideosrc: Fix some GstAncillaryMeta handling bugs + analyticsmeta: Initialize span to avoid undefined behavior + GstPlay: Fixed wrong initial position update interval configuration + id3tag: Fix resource leak + mpegtsmux: Avoid infinite recursion writing PCR packets + mxfdemux: Fix typo on mxf_ffv1_create_caps + mxfmux: Fix memset usage + mpegtsmux: segfaults when bitrate is configured lower than bitrate that's coming in + scte-section: fix missing cleanup on splice component parse failure + tsdemux: expose audio GstStream for DTS + va, unixfdsrc: keep dmabufs mapped + vkh265dec: Fix a typo + vkvideo-private: Replace GstBuffer with GstMemory array for video sessions + vtdec: Fix race condition in decoder draining. Fluster runs were unstable ==== gstreamer-plugins-base ==== Version update (1.26.8 -> 1.26.9) Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0 - Update to version 1.26.9: + allocators: drmdumb: Keep dmabuf mapped + alsadeviceprovider: Fix device name leak + audiovisualizer: Use break instead of goto for escape logic + decodebin3: - Clear previous collection on input - Consider certain meta caps in decodebin3 as raw format to avoid warnings + decodebin3: Protect again NULL dereference if input slot can't be mapped + glbasesrc: Add unlock handling for non-negotiated cases + glcolorconvert: Fix memory leak in _create_shader + gldownload: Keep dmabuf mapped + glfiltershader: Add missing unlock + glstereosplit: Add missing unlock for exceptional case + pbutils: Fix bit shifting when generate hevc mime codec string + rtpbaseaudiopay: Consider RESYNC flag as discontinuity too + rtpbasedepayload: Add missing unlock in error code path + uridecodebin3: - Add null check of play items in purge - Add missing unlock + urisourcebin: Fix initial values of min_byte_level and min_time_level variables + videoencoder: Fix warning of uninitialized buffer + gst-play-1.0: - Fix printing of missing plugin details - Add missing unlock for invalid track type ==== gstreamer-plugins-good ==== Version update (1.26.8 -> 1.26.9) Subpackages: gstreamer-plugins-good-gtk - Update to version 1.26.9: + adaptivedemux2: Fix a crash on rapid state changes, and startup busy waiting + hlsdemux2: - Keep streams with different names - Error out instead of asserting on negative stream time - Not all subtitles are present in track/collection. Usage of FORCE EXT-X-MEDIA field + v4l2allocator: Add KEEP_MAPPED flag to the allocated buffers + v4l2videoenc: Fix codec frame leak on error ==== gstreamer-plugins-libav ==== Version update (1.26.8 -> 1.26.9) - Update to version 1.26.9: + No changes, stable bump only ==== gstreamer-plugins-rs ==== Version update (1.26.8 -> 1.26.9) - Update to version 1.26.9: + analytics splitter/combiner: Remove the separate fields to events and buffer + audiornnoise: copy input metadatas to ouput buffer + closedcaption: - cctost2038anc: Support alignment - st2038ancdemux: Support alignment - st2038ancmux: Support frame alignment - st2038: Forward frame rate in caps where available - Add ST-2038 combiner and extractor element - st2038extractor: Some fixes - st2038combiner: Some fixes + gif: Update to gif 0.14 + gtk4: - Add property to control reconfigure on window-resize behavior - Fix compile warning + fmp4, mp4: Implement GstChildProxy for MP4Mux and FMP4Mux + fmp4: Update to dash-mpd 0.19 + ndisrcdemux: fix audio corruption with non-interleaved stride padding + net/quinn: Update web-transport-quinn and fix flaky QUIC test + rtp: Add SMPTE ST291-1 (ANC) RTP payloader and depayloader + spotify: bump librespot 0.8.0 + webrtcsink: Don't let recalculate_latency block tokio worker thread + webrtcsink: support va encoders + Update dependencies + meson: fix build when GTK is not present ==== gstreamer-plugins-ugly ==== Version update (1.26.8 -> 1.26.9) - Update to version 1.26.9: + mdemux: Remove unnecessary condition ==== ibus ==== Version update (1.5.32 -> 1.5.33) Subpackages: libibus-1_0-5 typelib-1_0-IBus-1_0 - Upstream update to 1.5.33 * Fix reset signal w/ GTK_IM_MODULE=ibus in Wayland * Provide preedit semantic APIs * Do not load en-US compose table by default * IBus 1.5.33 will insert "include %L" in your compose file automatically generated by old IBus versions * Implement IBusMessage * Improve BEPO compose sequence visuals * Update simple.xml with xkeyboard-config 2.45 * Update ibusunicodegen.h with Unicode 17.0.0 * Bug fixes for Wayland input-method * Fix PageUp/PageDown buttons with hiding candidate popup * Drop fix-candidate-does-not-hide-automatically.patch * Fix leaks and buffer overflows - Drop patches for unmaintained distributions * ibus-fix-Signal-does-not-exist.patch * ibus-socket-name-compatibility.patch ==== iproute2 ==== Version update (6.17 -> 6.18) Subpackages: iproute2-bash-completion - Update to release 6.18 * tc: add dualpi2 scheduler module * iplink: bond_slave: add support for actor_port_prio * ip: iplink_bridge: Support fdb_local_vlan_0 * ip/bond: add broadcast_neighbor support * netshaper: Add netshaper command ==== kactivitymanagerd6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== kde-cli-tools6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== kde-gtk-config6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: kde-gtk-config6-gtk3 - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== kdecoration6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: libkdecorations3-6 libkdecorations3private2 - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== kdeplasma6-addons ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== kernel-firmware-amdgpu ==== Version update (20251119 -> 20251203) - Update to version 20251203 (git commit a0f0e52138e5): * Revert "amdgpu: update GC 11.5.0 firmware" - Update to version 20251201 (git commit 934bfe7e1e27): * Reapply "amdgpu: update SMU 14.0.3 firmware" * Revert "amdgpu: update SMU 14.0.3 firmware" * Revert "amdgpu: update GC 10.3.6 firmware" * Revert "amdgpu: update GC 11.5.1 firmware" - Update to version 20251125 (git commit 23568a4b9420): * Revert "amdgpu: update GC 11.0.1 firmware" - Update to version 20251121 (git commit ff6418d18552): * amdgpu: DMCUB updates for various ASICs ==== kernel-firmware-ath10k ==== Version update (20250206 -> 20251205) - Update to version 20251205 (git commit 536cc58d9db1): * ath10k: WCN3990 hw1.0: update board-2.bin * ath10k: QCA9888 hw2.0: update board-2.bin * ath10k: QCA4019 hw1.0: update board-2.bin ==== kernel-firmware-ath11k ==== Version update (20250829 -> 20251202) - Update to version 20251202 (git commit 685171356137): * ath11k: QCA6698AQ hw2.1: update to WLAN.HSP.1.1-04866-QCAHSPSWPL_V1_V2_SILICONZ_IOE-1 * ath11k: QCA2066 hw2.1: update board-2.bin ==== kernel-firmware-bluetooth ==== Version update (20251111 -> 20251202) - Update to version 20251202 (git commit 685171356137): * linux-firmware: Update firmware file for Intel Scorpius core * linux-firmware: Update firmware file for Intel BlazarIGfP core * linux-firmware: Update firmware file for Intel BlazarI core * linux-firmware: Update firmware file for Intel BlazarU-HrPGfP core * linux-firmware: Update firmware file for Intel BlazarU core - Update to version 20251125 (git commit 23568a4b9420): * QCA: Add Bluetooth firmware for WCN685x uart interface - Update to version 20251121 (git commit ff6418d18552): * rtl_bt: Update RTL8852B BT USB FW to 0x42D3_4E04 ==== kernel-firmware-i915 ==== Version update (20251106 -> 20251125) - Update to version 20251125 (git commit 23568a4b9420): * xe: Update GUC to v70.54.0 for BMG, PTL ==== kernel-firmware-intel ==== Version update (20251024 -> 20251129) - Update to version 20251129 (git commit 01006f5dea2d): * intel_vpu: Update NPU firmware ==== kernel-firmware-iwlwifi ==== Version update (20251024 -> 20251123) - Update to version 20251123 (git commit 9dba680579f4): * iwlwifi: add Sc/Wh FW for core98-181 release ==== kernel-firmware-media ==== Version update (20251018 -> 20251123) - Update to version 20251123 (git commit 9dba680579f4): * qcom: venus-5.4: update firmware binary for v5.4 * qcom: venus-5.4: remove unused firmware file ==== kernel-firmware-mediatek ==== Version update (20251119 -> 20251129) - Update to version 20251129 (git commit 01006f5dea2d): * linux-firmware: update firmware for MT7925 WiFi device * mediatek MT7925: update bluetooth firmware to 20251124093155 ==== kernel-firmware-qcom ==== Version update (20251119 -> 20251202) - Update to version 20251202 (git commit 38c82f07a964): * qcom: update ADSP firmware for x1e80100 platform, change the license * qcom: reorder ADSP, CDSP firmware entries for qcs8300 in WHENCE - Update to version 20251125 (git commit 23568a4b9420): * qcom: Add ADSP firmware for qcs6490-thundercomm-rubikpi3 ==== kernel-firmware-sound ==== Version update (20251118 -> 20251205) - Update to version 20251205 (git commit 536cc58d9db1): * cirrus: cs35l41: Add support for new HP laptops - Update to version 20251121 (git commit ff6418d18552): * ASoC: tas2781: Add more symbol links on SPI devices ==== kernel-source ==== Version update (6.17.9 -> 6.18.0) Subpackages: kernel-64kb kernel-default - Reapply "rpm/config.sh: Use suse-kabi-tools" This reverts commit 6ce3f150389ee2831c4c0047296d6b64fc9054da. 1) 6.18 on its own is in factory. 2) suse-kabi-tools are in ring 1 already. - commit 371bdaf - Revert "rpm/config.sh: Use suse-kabi-tools" This reverts commit e17118487b4d4fbabdbd7af5f3a53d7baaa11825. Temporarily revert this as: * There is a high risk to break something in factory and I want to separate it from the 6.18 update. * ring0 does not have suse-kabi-tools (yet), so we see "nothing provides suse-kabi-tools". - commit 6ce3f15 - Refresh patches.suse/wifi-iwlwifi-Add-missing-firmware-info-for-bz-b0-mod.patch. Fix backport for 6.17. Upstream's IWL_BZ_UCODE_CORE_MAX has to be changed to 6.17's IWL_BZ_UCODE_API_MAX. Otherwise we get the fw strings like: "firmware" "=" "iwlwifi-bz-b0-fm-c0" "-" "IWL_BZ_UCODE_CORE_MAX" ".ucode"; instead of upstream's: "firmware" "=" "iwlwifi-bz-b0-fm-c0" "-c" "99" ".ucode"; - commit 24dd031 - update to 6.18 final - drop obsoleted patch - patches.rpmify/power-supply-use-ktime_divns-to-avoid-64-bit-divisio.patch (ad8cccc24887) - refresh configs (headers only) - commit 3b67758 - config: update and reenable armv6hl configs - options mirrored from armv7hl - commit 5d0d415 - config: update and reenable armv7hl configs - options mirrored from arm64 except - TI_PRUETH=m - RESET_ASPEED=m - commit 60f8c94 - config/riscv64: enable generic ASoC drivers CONFIG_SND_SIMPLE_CARD_UTILS=m CONFIG_SND_SIMPLE_CARD=m CONFIG_SND_AUDIO_GRAPH_CARD=m CONFIG_SND_AUDIO_GRAPH_CARD2=m CONFIG_SND_AUDIO_GRAPH_CARD2_CUSTOM_SAMPLE=m - commit 4722423 - Add dtb-spacemit SpacemiT boards include MilkV-Jupiter, Banana Pi F3 and Orange Pi RV2. - commit f2f396d - smb: client: fix incomplete backport in cfids_invalidation_worker() (bsc#1254096). - commit a337d5c - rpm/kernel-obs-build.spec.in: Add xt_addrtype module for docker Needed by docker meanwhile. - commit 1cd2f7d ==== kgamma6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== kglobalacceld6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: libKGlobalAccelD6-0 - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== kinfocenter6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== kmenuedit6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== knighttime6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: libKNightTime0 - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== kpipewire6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: kpipewire6-imports libKPipeWire6 libKPipeWireDmaBuf6 libKPipeWireRecord6 - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * PipewireSourceItem: handle explicit invalidation (kde#494138) ==== krb5 ==== Version update (1.21.3 -> 1.22.1) Subpackages: krb5-client - Fix memory leak; (bsc#1252989); Update patch 0009-UsrEtc-support.patch - Update to 1.22.1 * Fix a vulnerability in GSS MIC verification [CVE-2025-57736] - Changes in 1.22.0 User experience * The libdefaults configuration variable "request_timeout" can be set to limit the total timeout for KDC requests. When making a KDC request, the client will now wait indefinitely (or until the request timeout has elapsed) on a KDC which accepts a TCP connection, without contacting any additional KDCs. Clients will make fewer DNS queries in some configurations. * The realm configuration variable "sitename" can be set to cause the client to query site-specific DNS records when making KDC requests. Administrator experience * Principal aliases are supported in the DB2 and LMDB KDB modules and in the kadmin protocol. (The LDAP KDB module has supported aliases since release 1.7.) * UNIX domain sockets are supported for the Kerberos and kpasswd protocols. * systemd socket activation is supported for krb5kdc and kadmind. Developer experience * KDB modules can be be implemented in terms of other modules using the new krb5_db_load_module() function. * The profile library supports the modification of empty profiles and the copying of modified profiles, making it possible to construct an in-memory profile and pass it to krb5_init_context_profile(). * GSS-API applications can pass the GSS_C_CHANNEL_BOUND flag to gss_init_sec_context() to request strict enforcement of channel bindings by the acceptor. Protocol evolution * The PKINIT preauth module supports elliptic curve client certificates, ECDH key exchange, and the Microsoft paChecksum2 field. * The IAKERB implementation has been changed to comply with the most recent draft standard and to support realm discovery. * Message-Authenticator is supported in the RADIUS implementation used by the OTP kdcpreauth module. Code quality * Removed old-style function declarations, to accomodate compilers which have removed support for them. * Added OSS-Fuzz to the project's continuous integration infrastructure. * Rewrote the GSS per-message token parsing code for improved safety. - Updated patches: * 0001-ksu-pam-integration.patch * 0002-krb5-1.9-manpaths.patch * 0003-Adjust-build-configuration.patch * 0004-krb5-1.6.3-gssapi_improve_errormessages.patch * 0005-krb5-1.6.3-ktutil-manpage.patch * 0006-krb5-1.12-api.patch * 0007-SELinux-integration.patch * 0008-krb5-1.9-debuginfo.patch - Renamed patches: * 0011_usr_etc.patch -> 0009-UsrEtc-support.patch - Deleted patches: * 0009-Fix-three-memory-leaks.patch * 0010-CVE-2025-24528.patch ==== kscreen6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * Install .desktop file with PROGRAMS to ensure it ends up executable * kcm: make SpinBox sizing more compatible with other QQC2 styles ==== kscreenlocker6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: libKScreenLocker6 - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== ksshaskpass6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== ksystemstats6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== kwayland-integration6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== kwayland6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: libKWaylandClient6 - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== kwin6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: libkwin6 - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * inputmethod: send empty surrounding text when the input method is force activated (kde#512245) * scene: Fix computed painted area of transformed items with HiDPI (kde#510029) * plugins/trackmouse: Fix stuttering (kde#512767) * Fix wrong assumption about the tablet pad strip position * outputconfigurationstore: be more conservative with VGA displays (kde#512146) * A11yKeyboardMonitor: Fix KeyEvent being emitted too often when grabbing keys (kde#512189) * Start adding test for A11yKeyboardManager * backends/libinput: clamp tablet and touch coordinates to target output (kde#512672) * events: ignore XCB_FOCUS_OUT events by default (kde#509115) * x11window: support xrandr emulation (kde#501505) * wayland: Don't withdraw data offers when keyboard focus changes (kde#511509) * backends/virtual: Allow creating virtual outputs * plugins/qpa: Fix build with Qt 6.11 and Qt 6.10.2 * ci: Temporarily disable Qt 6.11 pipeline * plugins/windowview: Fix clear button * xwayland: Prevent more invalidated iterators * Use correct DBus interface for inhibiting sleep (kde#512276) * backends/drm: add missing thread include * activation: always allow activating child windows of the active one * backends/drm: don't do modesets if all pipelines are removed (kde#512097) * backends/drm: add missing layer repaints for night light changes (kde#511812) * scene/scene: schedule pending repaints for child items too (kde#511653) * scene/workspacescene: don't put non-opaque items on an underlay (kde#511491) ==== kwin6-x11 ==== Version update (6.5.3 -> 6.5.4) Subpackages: libkwin-x11-6 - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * plugins/blur: Remove contrast effect leftovers * plugins/blur: Fix contrast.frag (kde#510818) ==== layer-shell-qt6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: libLayerShellQtInterface6 - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== leancrypto ==== - Fix bsc#1254370, bsc#1253654 - AVX detection is wrong on older intel CPUs * Add leancrypto_avx_detect1.patch * Add leancrypto_avx_detect2.patch ==== libX11 ==== Subpackages: libX11-6 libX11-data libX11-xcb1 - Add libX11-ignore-incompatible-XkbMapNotify.patch: Fix mutter-x11-frames crash caused by keyboard layout change triggered by orca screen reader. (bsc#1253076) ==== libarchive ==== Version update (3.8.1 -> 3.8.3) - Update to 3.8.3: * lib: Create temporary files in the target directory (boo#1254340) * lha: Fix for an out-of-bounds buffer overrun when using p[H_LEVEL_OFFSET] (boo#1254341) * 7-zip: Fix a buffer overrun when reading truncated 7zip headers (boo#1254342) * lz4 and zstd: Support both lz4 and zstd data with leading skippable frames - update upstream signing key - update to 3.8.2: Security fixes: * 7zip: Fix out of boundary access * tar reader: fix checking the result of the strftime (CVE-2025-25724) Notable bugfixes: * bsdtar: Allow filename to have CRLF endings * lib: archive_read_data: handle sparse holes at end of file correctly * lib: improve filter process handling * lib: fix error checking in writing files * lib: handle possible errors from system calls * lib: avoid leaking file descriptors into subprocesses * lib: parse_date: handle dates in 2038 and beyond if time_t is big enough * RAR5 reader: fix multiple issues in extra field parsing function * RAR5 reader: early fail when file declares data for a dir entry * tar writer: fix replacing a regular file with a dir for ARCHIVE_EXTRACT_SAFE_WRITES * tar reader (Windows): check WCS pathname in header_gnutar before overwriting * tar reader: fix an infinite loop when parsing V headers * zip writer: fix a memory leak if write callback error early * zip writer: fix writing with ZSTD compression * zstd write filter: enable Zstandard's checksum feature ==== libcap ==== - Move utils to bindir and then provide symlinks under sbindir as needed by Steam (bsc#1252129) ==== libdisplay-info ==== Subpackages: libdisplay-info-tools libdisplay-info3 - added -32bit package needed by Mesa's libvulkan driver packages ==== libdrm ==== Version update (2.4.129 -> 2.4.130) Subpackages: libdrm2 libdrm_amdgpu1 libdrm_nouveau2 libdrm_radeon1 - Update to 2.4.130 * omap: fix omap_bo_size for tiled buffers * amdgpu: add env support for amdgpu.ids path * Support multiple paths in AMDGPU_ASIC_ID_TABLE_PATH envar * amdgpu: Fix envar name in documentation * Sync headers with drm-next * headers: drm: Sync virtgpu_drm.h with Linux v6.16 ==== libeconf ==== Version update (0.8.1 -> 0.8.2) - Update to version 0.8.2: * Cleanup man pages * Using ECONF_ARGUMENT_IS_NULL_VALUE instead of general error ==== libinput ==== Version update (1.30.0 -> 1.30.1) Subpackages: libinput-udev libinput10 - Update to release 1.30.1 * Fixed a regression in the tablet handling code for some tablets that send input events while being logically out of proximity. * Support for the INPUT_PROP_PRESSUREPAD property available in Linux kernel 6.18. ==== libkscreen6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: libKF6Screen8 libKF6ScreenDpms8 libkscreen6-plugin - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== libksysguard6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: ksysguardsystemstats6-data libKSysGuardSystemStats2 libksysguard6-imports libksysguard6-plugins - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * colorgrid: Fix using sensor colors (kde#513037) ==== libnftnl ==== Version update (1.3.0 -> 1.3.1) - Update to release 1.3.1 * Add `meta ibrhwaddr` support * Fix for NFTA_DEVICE_PREFIX with asterisk at the end of the string * New NFTNL_UDATA_TABLE_NFT{VER,BLD} to store build information in userdata * (For now) complete tunnel options support ==== libnl3 ==== Version update (3.11.0 -> 3.12.0) Subpackages: libnl-config libnl3-200 - Update to release 3.12 * xfrm: Add support for xfrm interface ID * Change vlan module to set QOS mapping flag * ip6_tnl: Add API to mark tunnels to "collect metadata" * encap: Add support for an IPv6/IPv4/ILA nexthop encapsulation ==== libplasma6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: libPlasma6 libplasma6-components libplasma6-desktoptheme - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * plasmaquick: Fix potential memory leaks in AppletQuickItem * Make PopupPlasmaWindow take focus (kde#511814) ==== libpng16 ==== Version update (1.6.50 -> 1.6.52) - version update to 1.6.52 * Fixed CVE-2025-66293 (high severity): Out-of-bounds read in `png_image_read_composite`. (Reported by flyfish101 .) * Fixed the Paeth filter handling in the RISC-V RVV implementation. (Reported by Filip Wasil; fixed by Liang Junzhao.) * Improved the performance of the RISC-V RVV implementation. (Contributed by Liang Junzhao.) * Added allocation failure fuzzing to oss-fuzz. (Contributed by Philippe Antoine.) - version update to 1.6.51 * Fixed CVE-2025-64505 (moderate severity): Heap buffer overflow in `png_do_quantize` via malformed palette index. (Reported by Samsung; analyzed by Fabio Gritti.) * Fixed CVE-2025-64506 (moderate severity): Heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled. (Reported by Samsung and ; analyzed by Fabio Gritti.) * Fixed CVE-2025-64720 (high severity): Buffer overflow in `png_image_read_composite` via incorrect palette premultiplication. (Reported by Samsung; analyzed by John Bowler.) * Fixed CVE-2025-65018 (high severity): Heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`. (Reported by .) * Fixed a memory leak in `png_set_quantize`. (Reported by Samsung; analyzed by Fabio Gritti.) * Removed the experimental and incomplete ERROR_NUMBERS code. (Contributed by Tobias Stoeckmann.) * Improved the RISC-V vector extension support; required RVV 1.0 or newer. (Contributed by Filip Wasil.) * Added GitHub Actions workflows for automated testing. * Performed various refactorings and cleanups. - fixes [bsc#1254157] [bsc#1254158] [bsc#1254159] [bsc#1254160] ==== libstorage-ng ==== Version update (4.5.279 -> 4.5.280) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#1043 - test with gcc and clang - 4.5.280 ==== libvirt ==== Version update (11.9.0 -> 11.10.0) Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-qemu libvirt-libs - Update to libvirt 11.10.0 - build: drop userfaultfd_sysctl option - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v11-10-0-2025-12-01 ==== libxkbcommon ==== Version update (1.12.3 -> 1.12.4) Subpackages: libxkbcommon-x11-0 libxkbcommon0 libxkbregistry0 - Update to release 1.12.4 * Fixed a segfault occurring in unlikely setups. ==== lilv ==== Version update (0.24.26 -> 0.26.2) - Update to 0.26.2 * Actually reload files if bundles are unloaded then reloaded * Add support for loading xsd:float literals, "INF", and "NaN" * Avoid warning about non-existent entries in LV2_PATH * Fix crash when duplicate plugins are discovered * Fix lilv_node_is_literal() with booleans * Refine command line tool interfaces and documentation * lv2bench: Add support for common features and options * lv2bench: Use more realistic real-time scheduling - Version 0.26.0 changes: * Add header warnings test * Add option to control indexing overhead for subject queries * Avoid over-use of yielding meson options * Cache LANG value and add option to override it * Fix Python tests * Fix build with dynmanifest support * Fix loading plugins that haven't been loaded yet as state * Fix loading plugins with invalid lv2:appliesTo properties as state * Fix potential memory leak in lilv_world_load_plugin_classes() * Fix potential memory leak in lilv_world_set_option() * Gracefully ignore and warn about non-directories in LV2_PATH * Improve loading performance when many plugin versions are found * Improve performance when loading and deleting state * Only consider manifest data when discovering related presets/etc * Print a warning when a property unexpectedly has several values * Reduce temporary node allocations during query operations ==== linux-glibc-devel ==== Version update (6.17 -> 6.18) - Update to kernel headers 6.18 ==== mariadb ==== Version update (11.8.3 -> 11.8.5) Subpackages: libmariadbd19 mariadb-client mariadb-errormessages - Update to 11.8.5: https://mariadb.com/docs/release-notes/community-server/11.8/11.8.5 https://mariadb.com/docs/release-notes/community-server/changelogs/11.8/11.8.5 https://mariadb.com/docs/release-notes/community-server/11.8/11.8.4 https://mariadb.com/docs/release-notes/community-server/changelogs/11.8/11.8.4 * fixes for the following security vulnerabilities: 11.8.5: none 11.8.4: none - Add %license tags to license files (boo#1252162) - Add INSTALL_DOCREADMEDIR cmake flag to install readme and license files - Remove client plugin parsec.so, it is shipped by libmariadb_plugins (boo#1243040, boo#1254476) - Refresh fix-pamdir.patch - Drop mariadb-fix-armv9.patch (included in upstream release) - Update skipped test list ==== mdadm ==== Version update (4.4+30.g9a59bf51 -> 4.4+31.g541b40d3) - Update to version 4.4+31.g541b40d3: * fix crash with homehost=none (bsc#1254541) ==== milou6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== mozilla-nspr ==== Version update (4.37 -> 4.38.2) - update to version 4.38.2 * Fixed a syntax error in test file parsetm.c, which was introduced in 4.38.1 (bmo#1999381) Changes in 4.38.1 * Incorrect time value produced by PR_ParseTimeString and PR_ParseTimeStringToExplodedTime if input string doesn't specify seconds. (bmo#1999105) Changes in 4.38 * Removed support for HPUX and _PR_POLL_WITH_SELECT (bmo#1965666, bmo#1965916) * Fixed a bug in pt_TCP_SendTo on macOS * Ensure parameter passed to isalpha() is unsigned char (bmo#375149) ==== mozilla-nss ==== Version update (3.117 -> 3.118.1) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-sysinit mozilla-nss-tools - update to NSS 3.118.1 * bmo#1999517 - pk11wrap selects incorrect slot for CKM_ML_KEM* - update to NSS 3.118 * bmo#1994866 - Remove four Commscope root certificates from NSS * bmo#1996036 - fix try pushes with --nspr-patch to actually apply the patch * bmo#1995512 - Support for NIST Curves compressed points * bmo#1985058 - Destroy certificate on error paths * bmo#1990242 - Move NSS DB password hash away from SHA-1 * bmo#1983313 - support secp384r1mlkem1024 * bmo#1991549 - vendor latest ML-KEM code from libcrux * bmo#1991549 - add mlk-kem-1024 tests * bmo#1996717 - use the correct directory for FStar_UInt_8_16_32_64.h in source consistency test * bmo#1766767 - Move scripts to python3 * bmo#1983313 - add mlkem1024 support in freebl * bmo#1983313 - support secp256r1mlkem768 * bmo#1983313 - Make mlkem768x25519 the default * bmo#1983320 - ML-DSA SGN and VFY interfaces * bmo#1988625 - Align FIPS interfaces count with array * bmo#1989477 - Ensure CKK_ML_KEM has derive CK_FALSE * bmo#1992128 - Add script for tagging an NSS release * bmo#1992128 - Remove the globals from nss-release-helper.py * bmo#1992128 - Add release helper command for generating the release index * bmo#1992128 - Add release helper command for generating a release note * bmo#1992128 - Add release helper command for freezing a branch ==== ncurses ==== Version update (6.5.20251123 -> 6.5.20251206) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20251206 + in-progress work to merge MinGW/Windows port. - Add missing dependency for libncurses_c++6 in ncurses-devel to avoid dangling symbolic links - Add ncurses patch 20251129 + in-progress work to merge MinGW/Windows port. ==== nftables ==== Version update (1.1.5 -> 1.1.6) Subpackages: libnftables1 python313-nftables - Update to release 1.1.6 * Complete lightweight tunnel template support, including vxlan, geneve and erspan. * Support for wildcards in netdev hooks. * Support to pass up bridge frame to the bridge device for local processing. ==== nghttp2 ==== Version update (1.66.0 -> 1.68.0) - Update to 1.68.0: * Increase glitch counter for unexpected builtin extension frames * Remove session_update_glitch_ratelim called from deep inside the chain * nghttpd: Make the supported groups configurable * Use SSL_CTX_set1_groups_list * nghttpx: Add groups option * nghttpx: Prefer ML-DSA certificate over ECDSA * nghttpx: Select ECDSA cert based on EVP_PKEY_base_id * nghttpx: Select certificate with BoringSSL * nghttpx: Select certificate with wolfSSL * nghttpx: Add the fast path when selecting a certificate * nghttpx: Select a certificate in a single pass * nghttpx: Support ML-DSA certificate selection with wolfSSL * nghttpx: Make servername_callback behavior consistent * nghttpx: Drop TLSv1.0 and TLSv1.1 support * nghttpx: Define NGHTTP2_CERT_TYPE as constexpr * src: Move sgi _daemonize to util::daemonize * examples: Consistent conditional macro comments * Bump ngtcp2 and its dependencies * src: Adopt nghttp3_conn_read_stream2 * src: Use std::ranges::begin and std::ranges::end consistently * h2load: Set QUIC window-bits to 24 by default * Fix typos in documentation: "or3xx" → "or 3xx" and missing space after period * nghttpx: Increase number of UDP packets to read * Optimize quic io * nghttpx: Remove unused ticket_keys from WorkerEvent * Bump ngtcp2 and its dependencies - Update to 1.67.1: * Remove session_update_glitch_ratelim called from deep inside the chain - Update to 1.67.0: * Port ngtcp2 map changes * src: Adopt IP_PMTUDISC_PROBE * Map seed * Use allocator-aware free in failure path * lib: Use nghttp2_mem_free * src: Rewrite util::is_hex_string * GHA: Run android workflow on branches event * Make error handling robust * Update doc * Add "glitch" counter * Make glitch counter configurable * tests: Swap the positions of expected and actual values * Bump ngtcp2 and its dependencies * Adopt ngtcp2 nghttp3 features * Adopt libngtcp2_crypto_libressl changes * src: Adopt designated initializers for ngtcp2_callbacks * src: Adopt designated initializers * src: constexpr fixup * src: Adopt NGTCP2_WRITE_STREAM_FLAG_PADDING * Test lib before building applications * Bump libbpf to v1.6.2 * Added nghttp3's pattern targets * Bump ngtcp2 to v1.15.1 ==== nvidia-open-driver-G06-signed-cuda ==== Version update (580.105.08_k6.17.7_1 -> 580.105.08_k6.18.0_2) - kernel-6.18.patch * fixed build against kernel 6.18 ==== ocean-sound-theme6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== openSUSE-release ==== Version update (20251127 -> 20251212) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== pam-config ==== Version update (2.13+git.20251105 -> 2.13+git.20251203) - Update to version 2.13+git.20251203: * Make pam_unix_ng work together with pam_sss * pam_sss has no debug option ==== pam_kwallet6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: pam_kwallet6-common - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== patterns-media ==== Subpackages: patterns-media-rest_cd_core patterns-media-rest_dvd - Add grub2-riscv64-efi-bls - Do not explicitly add arabic-fonts and arphic-uming-fonts (boo#1249232). ==== pipewire ==== Version update (1.5.83 -> 1.5.84) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Add patch from upstream to fix linking in older clients: * remove-mappable.patch - Update to version 1.5.84 (1.6 RC4): * This is the fourth 1.6 release candidate that is API and ABI compatible with previous 1.4.x, 1.2.x and 1.0.x releases. * Highlights - Capabilities were added to improve negotiation over links. - The audio resampler now has a configurable window function to better tune the resampler quality. A kaiser and blackman window was added and the default parameters were tuned. - Various small fixes and improvements. * PipeWire - Capabilities and PeerCapabilities were added to exchange key/value pairs between consumer and producer right after a link is made. This can be used to detect how the negotiation of formats and buffers should be done. * Modules - Avoid segfaults in RTP source. (#4970 (closed)) - The AVB module has seen some improvements. * Pulse-server - @NONE@ can now be used to clear the default sink/source. * SPA - Support longer convolver filenames and also support inline IRs. - The audio resampler window function is now selectable and configurable. A kaiser window and blackman window was added and the default qualities were tweaked to improve quality. - The filter-graph convolver latency is now set by default to something more sensible. (0 by default and N/2 for hilbert). (#4980 (closed)) * Bluetooth - Better xrun and error handling for iso streams. - The +CNUM reply was fixed. - The CIEC call status was fixed. (#1744 (closed)) - Add BAP context metadata to improve compatibility. - Improve compatibility with Creative Zen Hybrid Pro by releasing transports simultaneously. ==== plasma5support6 ==== Version update (6.5.3 -> 6.5.4) Subpackages: libPlasma5Support6 - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== plasma6-activities ==== Version update (6.5.3 -> 6.5.4) Subpackages: libPlasmaActivities7 plasma6-activities-imports - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== plasma6-activities-stats ==== Version update (6.5.3 -> 6.5.4) Subpackages: libPlasmaActivitiesStats1 - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== plasma6-browser-integration ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== plasma6-desktop ==== Version update (6.5.3 -> 6.5.4) Subpackages: plasma6-desktop-emojier - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * 🍒 Cherrypick fix for desktop icons moving to other monitor on plasmashell startup * kcms/tablet: Fix configuration for misbehaving devices (kde#508084) * kcms/tablet: Hide tooltip when dragging screen resize handle * kcms/tablet: Obtain a better number of buttons for certain pens (kde#511488) * kcms/tablet: Show driver warning message for pad-only devices too * kcms/tablet: Fix pen button mapping not working * [kcms/keyboard] Don't reconfigure on unrelated config changes * appiumtests: fix taskmanager_visiblelabeltest * appiumtests: fix taskmanagertest * appiumtests: fix desktoptest * appiumtests: fix bug472909test_wayland * appiumtests: fix kcm_keys_test * applets/kicker: fix premature "No matches" placeholder ==== plasma6-disks ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== plasma6-integration ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== plasma6-nm ==== Version update (6.5.3 -> 6.5.4) Subpackages: plasma6-nm-openconnect plasma6-nm-openvpn plasma6-nm-pptp plasma6-nm-vpnc - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * Explicitly escape HTML entities ==== plasma6-openSUSE ==== Subpackages: plasma6-branding-openSUSE plasma6-sddm-theme-openSUSE plasma6-theme-openSUSE - Update to 6.5.4 ==== plasma6-pa ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== plasma6-print-manager ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * kded: Fix marker-level checker for CUPS unknown levels (kde#512602) ==== plasma6-systemmonitor ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== plasma6-thunderbolt ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - No code changes since 6.5.3 ==== plasma6-workspace ==== Version update (6.5.3 -> 6.5.4) Subpackages: plasma6-session plasma6-session-x11 plasma6-workspace-libs sddm-qt6-branding-openSUSE - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * shell/panelview: Correct the geometry changed logic * shell/panelview: Fix race condition for panel sizing * applets/kicker: be more assertive about not having children * Fix build after bad backport * [devicenotifications] Decode udev strings as UTF-8 (kde#511558) * [devicenotifications] Avoid converting to QString and back for _ENC properties * [devicenotifications] Use QByteArrayView for decodePropertyValue * [applets/systemtray] Don't crash when we can't find data for a given source (kde#511866) * applets/clipboard: return to clipboard menu when history is cleared (kde#511026) * applets/kicker: don't emit queryFinished if still querying (kde#473174) * klipper: fix potential memory leak from action menu * klipper: make action menu a normal window (kde#510449) * shell: Harden PanelRulerView against screen changing due to geometry updates (kde#482916) * shell: Fix panel ruler positioning * applets/systemtray: Fix global activation shortcut not working (kde#483688) * wallpapers/image: Retain delegate preview while loading * components/containmentlayoutmanager: Fix potential memory leaks in AppletContainer * components/containmentlayoutmanager: Fix potential memory leak in ItemContainer * components/containmentlayoutmanager: Fix a potential leak in AppletsLayout ==== polkit-kde-agent-6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== poppler ==== Subpackages: libpoppler-cpp2 libpoppler-glib8 libpoppler153 poppler-tools - security update - added patches CVE-2025-11896 [bsc#1252337], infinite recursion leading to stack overflow due to object loop in PDF CMap * poppler-CVE-2025-11896.patch ==== poppler-qt6 ==== - security update - added patches CVE-2025-11896 [bsc#1252337], infinite recursion leading to stack overflow due to object loop in PDF CMap * poppler-CVE-2025-11896.patch ==== postfix ==== Version update (3.10.5 -> 3.10.6) - update to 3.10.6 * Bugfix (defect introduced: Postfix 3.10, date: 20250117). Symptom: warning messages that smtp_tls_wrappermode requires "smtp_tls_security_level = encrypt". Root cause: support for "TLS-Required: no" broke client-side TLS wrappermode support, by downgrading a connection to TLS security level 'may'. The fix changes the downgrade level for wrappermode connections to 'encrypt'. Rationale: by design, TLS can be optional only for connections that use STARTTLS. The downgrade to unauthenticated 'encrypt' allows a sender to avoid an email delivery problem. Problem reported by Joshua Tyler Cochran. * New logging: the Postfix SMTP client will log a warning when an MX hostname does not match STS policy MX patterns, with "smtp_tls_enforce_sts_mx_patterns = yes" in Postfix, and with TLSRPT support enabled in a TLS policy plugin. It will log a successful match only when verbose logging is enabled. * Bugfix (defect introduced: Postfix 3.10, date: 20240902): SMTP client null pointer crash when an STS policy plugin sends no policy_string or no mx_pattern attributes. This can happen only during tests with a fake STS plugin. * Bugfix (defect introduced: Postfix 2.9, date: 20120307): segfault when a duplicate parameter name is given to "postconf -X" or "postconf -#'. * Documentation: removed incorrect text from the parameter description for smtp_cname_overrides_servername. File: proto/postconf.proto. ==== powerdevil6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * guard against critical notification already closed * Include ddcutil version in crash reports ==== python-anyio ==== Version update (4.11.0 -> 4.12.0) - Update to 4.12.0: * Added support for asyncio's task call graphs on Python 3.14 and later when using AnyIO's task groups * Added an asynchronous implementation of the functools module * Added support for uvloop=True on Windows via the winloop implementation * Added support for use as a context manager to anyio.lowlevel.RunVar * Added __all__ declarations to public submodules (anyio.lowlevel etc.) * Added the ability to set the token count of a CapacityLimiter to zero * Added parameters case_sensitive and recurse_symlinks along with support for path-like objects to anyio.Path.glob() and anyio.Path.rglob() * Dropped sniffio as a direct dependency and added the get_available_backends() function * Fixed Process.stdin.send() not raising ClosedResourceError and BrokenResourceError on asyncio * Fixed Process.stdin.send() not checkpointing before writing data on asyncio * Fixed a race condition where cancelling a Future from BlockingPortal.start_task_soon() would sometimes not cancel the async function * Fixed the presence of the pytest plugin causing breakage with older versions of pytest (<= 6.1.2) * Fixed a rarely occurring RuntimeError: Set changed size during iteration while shutting down the process pool when using the asyncio backend - Skip a test that will break with pytest 9. ==== python-argon2-cffi ==== Version update (23.1.0 -> 25.1.0) - Update to 25.1.0 Added * Official support for Python 3.13 and 3.14. No code changes were necessary. Removed * Python 3.7 is not supported anymore. #186 Changed * argon2.PasswordHasher.check_needs_rehash() now also accepts bytes like the rest of the API. #174 * Improved parameter compatibility handling for Pyodide / WebAssembly environments. #190 - Remove Python 3.14 fro classifiers since the current version of setuptools doesn't recognize it. ==== python-certifi ==== Version update (2025.10.5 -> 2025.11.12) Subpackages: python311-certifi python313-certifi - Update to 2025.11.12 * Bump actions/download-artifact from 5.0.0 to 6.0.0 (#373) * Bump actions/upload-artifact from 4.6.2 to 5.0.0 (#374) ==== python-cryptography ==== Subpackages: python311-cryptography python313-cryptography - Only require pytest-subtests with pytest < 9. ==== python-greenlet ==== Version update (3.2.4 -> 3.3.0) - Update to 3.3.0 * Drop support for Python 3.9. * Switch to distributing manylinux_2_28 wheels instead of manylinux2014 wheels. Likewise, switch from musllinux_1_1 to 1_2. * Add initial support for free-threaded builds of CPython 3.14. Due to limitations, we do not distribute binary wheels for free-threaded CPython on Windows. (Free-threaded CPython 3.13 may work, but is untested and unsupported.) ==== python-psutil ==== Subpackages: python311-psutil python313-psutil - Only require pytest-subtests with pytest < 9. - Add upstream pytest9.patch to fix tests ==== python-typing_extensions ==== - add py314-fix-tests.patch to fix tests with python 3.14 ==== python-tzdata ==== - Only require pytest-subtests with pytest < 9. ==== qqc2-breeze-style6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== qt6-declarative ==== Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsPlatform6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsSynchronizer6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlMeta6 libQt6QmlModels6 libQt6QmlNetwork6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 libQt6QuickVectorImage6 libQt6QuickWidgets6 qt6-declarative-imports - Add patch to fix crashes in QML code (kde#512754, QTBUG-142331): * 0001-QtQml-Invalidate-fallback-lookups-after-each-call-fr.patch ==== qt6-webengine ==== Subpackages: libQt6WebEngineCore6 libQt6WebEngineQuick6 libQt6WebEngineWidgets6 qt6-webengine-imports - Build with gcc14 instead of gcc15 on aarch64 Tumbleweed as a workaround until we get a proper fix for boo#1251922 ==== raspberrypi-firmware-config ==== - Enable dwc2 overlay on pi0, pi1 and pi2 models. This is to properly enable USB hub to which in some cases the Ethernet controller is connected. See boo#1251192. Tested on: * RPi Zero 2 W Rev 1.0 * RPi 2 Model B Rev 1.1 amd Rev 1.2 ==== re2c ==== Version update (4.3 -> 4.3.1) - Update to version 4.3.1 Bugfix release * allow conditions that have no rules except for default rule, use unsigned character type in C/C++ examples) and most importantly #564 - fix broken end of input rule $ with captures – the latter bug was inadvertently introduced in version 4.3. ==== readline ==== Version update (8.3.1 -> 8.3.3) - Add upstream patches * readline83-002 If an application calls rl_save_prompt, which sets rl_prompt to NULL, without calling rl_set_prompt to set it to a new value, readline redisplay can dereference a NULL pointer. * readline83-003 A SIGINT during a reverse i-search can cause a segmentation fault due to accessing data freed by a signal handler. ==== rng-tools ==== - Drop rcrng-tools symlink [jsc#PED-266] ==== salt ==== Subpackages: python311-salt salt-master salt-minion - Add minimum_auth_version to enforce security (CVE-2025-62349) - Backport security fixes for vendored tornado * BDSA-2024-3438 * BDSA-2024-3439 * BDSA-2024-9026 - Junos module yaml loader fix (CVE-2025-62348) - Added: * backport-3006.17-security-fixes-739.patch ==== sdbootutil ==== Version update (1+git20251126.f7a46a1 -> 1+git20251211.b3d0304) Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper - Update to version 1+git20251211.b3d0304: * Set default entry when removing a kernel * Fix return value when image is set (boo#1254534) * Return error if the hash program is not installed ==== sddm-kcm6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== sdl12_compat ==== Version update (1.2.70 -> 1.2.72) - Update to release 1.2.72 * Allow building without glu.h by defining NO_SDL_GLU * Fixed centering the splash screen in UT2004 - glu is thus no longer a build requirement and downstream packages need to explicitly list it in their BulidRequires ==== sdl2-compat ==== Version update (2.32.58 -> 2.32.60) - Update to release 2.32.60 * Fixed crash at startup in Dwarf Fortress and Stellaris * Fixed mouse stuttering in Amiberry * Fixed the viewport not being reset when the window is resized ==== selinux-policy ==== Version update (20251111 -> 20251208) Subpackages: selinux-policy-targeted - Fix macros.selinux-policy to allow changing booleans when policy is not loaded. Previous logic was broken (bsc#1254395) - Update to version 20251208: * Introduce systemd_cryptsetup_generator_var_run_t file type (bsc#1244459) * Allow virtqemud_t to read/write device_t (bsc#1251789) * Introduce sap_service_transition_to_unconfined_user boolean * allow init to read sap symlinks * Allow SAP domain to relocation text in all files - Update embedded container-selinux version to commit: - 9017e1f8074db9b7ae026670b0e0216cf53f18d9 (version 2.244.0) - Update to version 20251128: * update support for polkit agent helper (bsc#1251931) * Allow system_mail_t read apache system content conditionally * Allow login_userdomain read lastlog * Allow sshd-net read and write to sshd vsock socket * Update ktls policy * Add comprehensive SELinux policy module for bwrap thumbnail generation * Revert "Allow thumb_t create permission in the user namespace" * Allow systemd-machined read svirt process state * Allow sshd_auth_t getopt/setopt on tcp_socket (bsc#1252992) * Allow sysadm access to TPM * Allow tlp get the attributes of the pidfs filesystem * Allow kmscon to read netlink_kobject_uevent_socket * Allow systemd-ssh-issue read kernel sysctls * fix: bz2279215 Allow speech-dispatcher access to user home/cache files * Allow create kerberos files in postgresql db home * Fix files_delete_boot_symlinks() to contain delete_lnk_files_pattern * Allow shell comamnds in locate systemd service (bsc#1246559) * Introduce initrc_nnp_daemon_domain interface * Label /var/lib/cosmic-greeter with xdm_var_lib_t * Allow setroubleshoot-fixit get attributes of xattr fs * Allow insights-client manage /etc symlinks * Allow insights-client get attributes of the rpm executable * Allow nfsidmapd search virt lib directories * Allow iotop stream connect to systemd-userdbd * Allow gnome-remote-desktop read sssd public files * Allow thumb_t stream connect to systemd-userdbd * Add auth_nnp_domtrans_chkpwd() * Allow bluez dbus API passing unix domain sockets * Allow bluez dbus api pass sockets over dbus * Dontaudit systemd-generator connect to sssd over a unix stream socket * Allow init watch/watch_reads systemd-machined user ptys - Syncing with upstream rawhide selinux-policy up to: * 874e36c884fc9e31ae12428338a38b14db65f554 - Update embedded container-selinux version to commit: * efdee4df4e98b5f5fe826b83db5ff4a9239e54bb (version 2.243.0) ==== sensors ==== Subpackages: libsensors4 - Don't use valgrind in qemu emulation - Drop rcFOO symlinks [jsc#PED-266] ==== serd ==== Version update (0.32.4 -> 0.32.6) - update to 0.32.6 * Avoid over-use of yielding meson options * Drop graphs when writing Turtle output * Eliminate recursion in the writer * Fix handling of bad predicates in anonymous blank nodes * Fix handling of some invalid EOF cases in lax mode * Fix indentation of named objects after anonymous objects * Fix indentation when ending anonymous nodes with many objects * Fix invalid characters in error messages * Fix reading numbers with no space before the final dot * Fix reading prefix names that start with "true." or "false." * Refuse to write incoherent statements * Remove project and version number from man page OS field * Write a blank line between statements and Turtle/TriG directives ==== shaderc ==== Version update (2025.4 -> 2025.5) - Update to release 2025.5 * No user-visible changes; just a new archive with changes to upstream's deployment scripts. ==== shadow ==== Subpackages: libsubid5 login_defs - Move chage, chfn, chsh, passwd and new?idmap into own pw-mgmt sub-package ==== shim-leap ==== Version update (15.8 -> 16.1) - shim-leap.spec: Always put openSUSE Secure Boot CA to target array Unlike shim.spec, shim-leap.spec does not have #needssslcertforbuild because our shim.efi is already signed by openSUSE key in openSUSE:Factory:secure-boot/shim. It causes that the _projectcert.crt can not be found by shim-leap which means the openSUSE CA can not be added to the target certificates array in pretrans Lua script. I can not directly add '# needssslcertforbuild' to shim-leap.spec because it will causes that shim.efi be signed by openSUSE key again. Let's always put openSUSE Secure Boot CA to target certificates array because the shim.efi already has openSUSE signature. (bsc#1254679) - Update shim version to 16.1: shim-16.1-lp156.4.1.aarch64.rpm shim-16.1-lp156.4.1.x86_64.rpm RPMs are coming from openSUSE secure-boot shim 15.6: https://build.opensuse.org/projects/openSUSE:Factory:secure-boot/packages/shim/repositories/15.6/binaries - Version: 16.1, "Aug 14 2025" - Include the bug fixes for bsc#1205588 - Add a pretrans script to verify that the necessary certificate is in the UEFI db. - Add DER format certificate files for the pretrans script to verify that the necessary certificate is in the UEFI db - openSUSE Secure Boot CA, 2013-2035 openSUSE_Secure_Boot_CA_2013.crt - SUSE Linux Enterprise Secure Boot CA, 2013-2035 SUSE_Linux_Enterprise_Secure_Boot_CA_2013.crt - Microsoft Corporation UEFI CA 2011, 2011-2026 Microsoft_Corporation_UEFI_CA_2011.crt - Microsoft UEFI CA 2023, 2023-2038 Microsoft_UEFI_CA_2023.crt ==== smartmontools ==== - update-smart-drivedb: Provide support for the new upstream GitHub repository. (smartmontools-update-smart-drivedb.patch, refactor smartmontools-drivedb_h-update.sh). - update-smart-drivedb: Do not overwrite files in /usr/share. Use /var/lib provided by --with-drivedbinstdir. - Add smartmontools-drivedb.h version 5894 from the branch 7.5. ==== snapshot ==== Version update (49.0 -> 49.1) - Update to version 49.1: + Fix camera portal usage for non-sandboxed app + Use static.gnome.org for screenshots in app metainfo + Updated translations. ==== sord ==== Version update (0.16.18 -> 0.16.20) - update to 0.16.20 * Add header warnings test * Add missing const qualifiers to API * Avoid over-use of yielding meson options * Update man pages ==== spectacle ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== sqlite3 ==== Version update (3.50.4 -> 3.51.1) Subpackages: libsqlite3-0 sqlite3-tcl - Update to version 3.51.1: * Fix incorrect results from nested EXISTS queries caused by the optimization in item 6b in the 3.51.0 release. * Fix a latent bug in fts5vocab virtual table, exposed by new optimizations in the 3.51.0 release - Changes in version 3.51.0: * New macros in sqlite3.h: - SQLITE_SCM_BRANCH → the name of the branch from which the source code is taken. - SQLITE_SCM_TAGS → space-separated list of tags on the source code check-in. - SQLITE_SCM_DATETIME → ISO-8601 date and time of the source code check-in. * Two new JSON functions, jsonb_each() and jsonb_tree() work the same as the existing json_each() and json_tree() functions except that they return JSONB for the "value" column when the "type" is 'array' or 'object'. * The carray and percentile extensions are now built into the amalgamation, though they are disabled by default and must be activated at compile-time using the -DSQLITE_ENABLE_CARRAY and/or -DSQLITE_ENABLE_PERCENTILE options, respectively. * Enhancements to TCL Interface: - Add the -asdict flag to the eval command to have it set the row data as a dict instead of an array. - User-defined functions may now break to return an SQL NULL. * CLI enhancements: - Increase the precision of ".timer" to microseconds. - Enhance the "box" and "column" formatting modes to deal with double-wide characters. - The ".imposter" command provides read-only imposter tables that work with VACUUM and do not require the --unsafe-testing option. - Add the --ifexists option to the CLI command-line option and to the .open command. - Limit columns widths set by the ".width" command to 30,000 or less, as there is not good reason to have wider columns, but supporting wider columns provides opportunity to malefactors. * Performance enhancements: - Use fewer CPU cycles to commit a read transaction. - Early detection of joins that return no rows due to one or more of the tables containing no rows. - Avoid evaluation of scalar subqueries if the result of the subquery does not change the result of the overall expression. - Faster window function queries when using "BETWEEN :x FOLLOWING AND :y FOLLOWING" with a large :y. * Add the PRAGMA wal_checkpoint=NOOP; command and the SQLITE_CHECKPOINT_NOOP argument for sqlite3_wal_checkpoint_v2(). * Add the sqlite3_set_errmsg() API for use by extensions. * Add the sqlite3_db_status64() API, which works just like the existing sqlite3_db_status() API except that it returns 64-bit results. * Add the SQLITE_DBSTATUS_TEMPBUF_SPILL option to the sqlite3_db_status() and sqlite3_db_status64() interfaces. * In the session extension add the sqlite3changeset_apply_v3() interface. * For the built-in printf() and the format() SQL function, omit the leading '-' from negative floating point numbers if the '+' flag is omitted and the "#" flag is present and all displayed digits are '0'. Use '%#f' or similar to avoid outputs like '-0.00' and instead show just '0.00'. * Improved error messages generated by FTS5. * Enforce STRICT typing on computed columns. * Improved support for VxWorks * JavaScript/WASM now supports 64-bit WASM. The canonical builds continue to be 32-bit but creating one's own 64-bit build is now as simple as running "make". * Improved resistance to database corruption caused by an application breaking Posix advisory locks using close(). ==== sratom ==== Version update (0.6.18 -> 0.6.20) - update to 0.6.20 * Avoid over-use of yielding meson options * Avoid use of scanf when reading MIDI events * Fix lint checks * Fix potential memory error when writing ambiguous relative paths * Improve code quality ==== strace ==== Version update (6.17 -> 6.18) - Update to strace 6.18 * Added -e kvm=vcpu+ option for kvm_run struct decoding. * Implemented decoding of FS_IOC_GETFSUUID, FS_IOC_GETFSSYSFSPATH, and FS_IOC_GETLBMD_CAP ioctl commands. * Implemented decoding of BPF_PROG_STREAM_READ_BY_FD bpf command. * Updated decoding of BPF_BTF_LOAD, BPF_MAP_CREATE, BPF_PROG_ATTACH, BPF_PROG_DETACH, BPF_PROG_LOAD, BPF_PROG_QUERY, and BPF_*_GET_*_ID bpf commands. * Updated decoding of bpf_map_info and bpf_prog_info structures. * Updated lists of AUDIT_*, BR_*, FF_*, IFLA_*, INPUT_PROP_*, IORING_*, KEXEC_FILE_*, KEY_*, KVM_CAP_*, NL80211_CMD_*, RWF_*, and TEE_* constants. ==== suse-module-tools ==== Version update (16.1.0 -> 16.1.1) Subpackages: suse-module-tools-scriptlets - Update to version 16.1.1: * 80-hotplug-cpu-mem.rules: remount tmpfs on "online" uevents (bsc#1254264) ==== systemd-presets-branding-openSUSE ==== - Enable chronyd.service by default: handle this as part of package installs, without relying on the installer (boo#1254778). - enable firewalld.service by default (bsc#1237923) since the Agama installer does not do that (contrary to what the YaST installer used to do). ==== systemd-presets-common-SUSE ==== - Enable polkit-agent-helper.socket (see [bsc#1251931] for details) - Enable account-utils socket units (see [bsc#1253052] for details) (newidmapd.socket, pwaccessd.socket, enable pwupdd.socket) - Enable cleanoldsepoldir.service to allow to run after boot it is part of root path move from /var/lib/selinux to /etc/selinux (bsc#1221342) ==== systemsettings6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== tmux ==== Version update (3.5a -> 3.6a) - tmux 3.6a: * A crash when linked against a libevent built with NDEBUG. * A build issue with utempter on FreeBSD. * Allow the mouse to enter copy mode when in the alternate screen again. * Fixes to scrollbars, particularly when used with a pane status line. * Correct handling of Unicode emoijs where the modifier precedes the modified character. * A crash and hang with malformed format strings. - tmux 3.6: * Add seconds options for clock mode (issue 4697). * Make -v to source-file pass through to subsequent source-file commands (issue 4216). * Add selection-mode command to expilcitly set the selection mode in copy mode (issue 3842). * Save and restore images in alternate screen (issue 3732). * Improve handling of regional indicators and emoji modifiers (issue 3998). * Preserve marked pane with swap-window and move-window (issue 3443). * Set and check COLORTERM as a hint for RGB colour. * If tmux receives a palette request (OSC 4) in a pane and the palette entry has not been set, send a request to the most recently used client and forward any response instead (based on change from Tim Culverhouse, issue 4665). * Add -l flag to command-prompt to disable splitting into multiple prompts (issue 4483). * Add buffer_full format variable (from Mohammad AlSaleh, issue 4630). * Introduce a new window option, tiled-layout-max-columns, which configures the maximum number of columns in the tiled layout. * Add -k flag to display-popup which allows any key to dismiss the popup once the command has exited (from Meriel Luna Mittelbach, issue 4612). * Add a pane-border-lines "spaces" value to use spaces for pane borders (issue 4587). * Replace invalid UTF-8 characters with the placeholder instead of ignoring them (issue 4514). * Detect support for OSC 52 using the device attributes report (from James Holderness, issue 4539). * Add -E to run-shell to forward stderr as well as stdout (issue 4246). * Add an option variation-selector-always-wide to instruct tmux not to always interpret VS16 as a wide character and assume the terminal does likewise. * Add more features for boolean expressions in formats: 1) extend && and || to support arbitrarily many arguments and 2) add ! and !! for not and not-not (from David Mandelberg). * Do not mistake other DCS sequences for SIXEL sequences (from James Holderness, issue 4488). * Improve #? conditional expression in formats: add support for else if and default empty string if no else value (from David Mandelberg, issue 4451). * Add default-client-command to set the command used if tmux is run without a command; the default stays new-session (from David Mandelberg, issue 4422). * Add S-Up and S-Down to move windows in tree mode (from David Mandelberg, issue 4415). * Add mode 2031 support to automatically report dark or light theme. tmux will guess the theme from the background colour on terminals which do not themselves support the escape sequence (from Jonathan Slenders, issue 4353). * Add -M flag to capture-pane to use the copy mode screen (issue 4358). * Align index numbers in trees (from David Mandelberg, issue 4360). * Add display-message -C flag to update pane while message is displayed (from Vitaly Ostrosablin, issue 4363). * Make list-commands command show only one command if an argument is given (from Ilya Grigoriev, issue 4352). * Count line numbers correctly inside strings in configuration files (reported by Pedro Navarro, issue 4325). * Map bright black (colour 8) to white (7) if the background is black on terminals with only eight colours so the text is not invisible (from Dmytro Bagrii, issue 4322). * Add copy-mode-position-style and copy-mode-selection-style options for copy mode. * Add no-detach-on-destroy client option (issue 4242). * Add input-buffer-size option (from Ken Lau). * Add support for a scrollbar at the side of each pane. New options pane-scrollbars turn them on or off, pane-scrollbars-position sets the position (left or right), and pane-scrollbars-style to set the colours (from Michael Grant, issue 4221). * Add prompt-cursor-colour and prompt-cursor-style to set the style of the cursor in the command prompt and remove the emulated cursor (from Alexander Arch, issue 4170). * Add initial-repeat-time option to allow the first repeat time to be increased and later reduced (from David le Blanc, issue 4164). * Add copy-mode-position-format to configure the position indicator. * Add -y flag to disable confirmation prompts in modes (issue 4152). * Add -C and -P flags to the copy commands in copy mode: -C prevents the commands from sending the text to the clipboard and -P prevents them from adding the text as a paste buffer (issue 4153). * Preserve transparency and raster attribute dimensions when sending a SIXEL image, and avoid collapsing empty lines (issue 4149). ==== u-boot-rpiarm64 ==== Version update (2025.04 -> 2025.10) Subpackages: u-boot-rpiarm64-doc - Update to 2025.10: * Full changelog available at: https://source.denx.de/u-boot/u-boot/-/compare/v2025.04...v2025.07 https://source.denx.de/u-boot/u-boot/-/compare/v2025.07...v2025.10 - Patches rebased - Update u-boot.keyring ==== usbmuxd ==== Version update (1.1.1+git69.523f700 -> 1.1.1+git72.3ded00c) - Update to version 1.1.1+git72.3ded00c: - Allow specifying configuration directory to use - conf: Make sure to sanitize input for SavePairRecord command (bsc#1254302) - Refresh harden_usbmuxd.service.patch. ==== vim ==== Version update (9.1.1918 -> 9.1.1966) Subpackages: vim-data vim-data-common xxd - update to 9.1.1966: * patch 9.1.1966: MS-Windows: dark mode in gui is not supported * runtime(vim): Update base syntax, match full :help command * patch 9.1.1965: q can accidentally start recording at more prompt * patch 9.1.1964: Wrong display when using setline() at hit-enter prompt * patch 9.1.1963: diff: missing diff size limit for xdiff * runtime(julia): Update Julia runtime files * runtime(rust): use textwidth=100 for the Rust recommended style * runtime(doc): document change in Windows behavior for patch 9.1.1947 * patch 9.1.1962: filetype: Erlang application resource files are not recognized * patch 9.1.1961: :0tab behaves like :tab for :stag when 'swb' contains "newtab" * patch 9.1.1960: Wrong position of info popup * patch 9.1.1959: Wrong wrapping of long output using :echowindow * patch 9.1.1958: Wrong display with sign_unplace() and setline() in CursorMoved * patch 9.1.1957: filetype: bpftrace files are not recognized * runtime(odin): support underscore-separated numeric literals * runtime(doc): fix return value in 'exists' and 'exists_compiled()' * patch 9.1.1956: tests: test_sort.vim leaves swapfiles behind * patch 9.1.1955: sort() does not handle large numbers correctly * patch 9.1.1954: Setting a byte in a blob, accepts values outside 0-255 * patch 9.1.1953: gui_mch_set_titlebar_colors() is excessively called * runtime(swayconfig): separate identifier groups + cleanup * runtime(i3config): highlight identifiers separately * patch 9.1.1952: tests: need better tests for tf files * runtime(quarto): add missing loaded guard * runtime(python): Highlight t-strings * runtime(sml): Update syntax, improve special constant matching * runtime(hog): set undo_ftplugin correctly, delete trailing whitespace * patch 9.1.1951: tests: Test_windows_external_cmd_in_cwd() only run in huge builds * patch 9.1.1950: tests: Test_tagjump.vim leaves swapfiles behind * patch 9.1.1949: :stag does not use 'swichtbuf' option * runtime(doc): Update vim9.txt Section 1 * patch 9.1.1948: Windows: Vim adds current directory to search path * patch 9.1.1947: [security]: Windows: Vim may execute commands from current directory * patch 9.1.1946: Cannot open the help in the current window * patch 9.1.1945: tests: Test_getbufwintabinfo() leaves swapfiles behind * patch 9.1.1944: getwininfo() does not return if statusline is visible * runtime(doc): clarify the use of v:errormsg * patch 9.1.1943: Memory leak with :breakadd expr * runtime(lf): update syntax to support lf version r39 * runtime(vim): Update base syntax, match full :language command * patch 9.1.1942: Vim9: Assignment to read-only registers @: and @% is allowed * patch 9.1.1941: tests: Test_execute_register() leaves swapfile behind * patch 9.1.1940: clipboard registers "+" and "*" synced without "autoselect" * patch 9.1.1939: tests: test_matchfuzzy() leaves swapfiles behind * patch 9.1.1938: tests: excessive wait in Test_matchfuzzy_initialized * patch 9.1.1937: tests: Test_matchfuzzy_initialized() fails * patch 9.1.1936: filetype: Erlang lexical files are not recognized * patch 9.1.1935: filetype: not all Erlang files are recognized * runtime(doc): Update and clarify vim9.txt Section 3 * runtime(doc): Improve :help :catch command specification * runtime(netrw): fix undefined variable curwin in s:NetrwMenu() * patch 9.1.1934: filetype: not all starlark files are recognized * runtime(doc): Change termdebug_config debug value to v:true in terminal.txt * runtime(doc): Correct typo in usr_30.txt regarding softtabstop * runtime(doc): fix typo in "appendbufline()", builtin.txt * runtime(defaults): Update comment for reverting C comment strings * runtime(doc): Clarification in listener_add() doc * patch 9.1.1933: completion: complete_match() is not useful * patch 9.1.1932: OSC terminal response hard to detect * runtime(doc): remove outdated help about 'completeopt' "fuzzy" * translation: regenerate po/vim.pot after v9.1.1930 * patch 9.1.1931: completion: wrong item selected with fuzzy and noinsert * patch 9.1.1930: completion: 'completefuzzycollect' is too obscure * runtime(i3config/swayconfig): add all option for i3config only * patch 9.1.1929: completion: spell completion wrong with fuzzy * runtime(doc): Fix typo in "Jumping to Changes", usr_08.txt * patch 9.1.1928: xxd: exit_with_usage() can be simplified * patch 9.1.1927: Wayland: clipboard code too complex * Update link to XDG base specification in option.c comment * runtime(doc): Add environment variable expansion note to options * patch 9.1.1926: xdiff: Coverity warning with MAX_CNT/UINT_MAX usage * runtime(new-tutor): update vim-02-beginner following 48940d9 * patch 9.1.1925: make depend does not include osdef.h * runtime(tutor): Improve style for chapter 2 * runtime(tutor): Add Spanish translation for chapter 2 * runtime(tutor): Improve Spanish translation of chapter 1 * runtime(haskell): Add syntax test * runtime(vim): Update base syntax, match full :history command * patch 9.1.1924: 'commentstring' requires +folding feature * patch 9.1.1923: wrong error when assigning to read-only register * runtime(vim): Update base syntax, match :debug and :break* commands * runtime(compiler): set errorformat where missing * runtime(php): Update indent script to 1.76 (from 1.75) * runtime(haskell): allow spaces in backticked operators in syntax script * patch 9.1.1922: Wrong virtcol('$') with virtual text at EOL * patch 9.1.1921: xdiff: included xdiff code is outdated * patch 9.1.1920: tests: not enough testing for wildtrigger() pum redrawing * CI: Switch to macOS 26 runner * runtime(c): Update signal constants in syntax script ==== vulkan-loader ==== Version update (1.4.328 -> 1.4.335) - Update to tag SDK-1.4.335.0 * Stop layers with an invalid "type" field from being added * Normalize library paths queried from the OS * Fix two memory leaks ==== vulkan-tools ==== Version update (1.4.328 -> 1.4.335) - Update to release 1.4.335 * vulkaninfo: Support promoted structs in Profile JSON output - Add 0001-vulkaninfo-Fix-running-under-RenderDoc.patch ==== wacomtablet-kcm6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 ==== webkit2gtk3 ==== Version update (2.50.2 -> 2.50.3) Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Update to version 2.50.3 (bsc#1254473 bsc#1254498 bsc#1254509): + Fix seeking and looping of media elements that set the "loop" property. + Fix several crashes and rendering issues. + Security fixes: CVE-2025-13947, CVE-2025-43421, CVE-2025-43458, CVE-2025-66287. - Drop webkit2gtk3-undefined-symbol.patch: fixed upstream. - Use %limit_build. Also define %dwz_low_mem_die_limit and %dwz_max_die_limit, similar to what we have in wpewebkit. This should simplify the logic for limiting jobs and will hopefully help with intermittent build failures. ==== webkit2gtk4 ==== Version update (2.50.2 -> 2.50.3) Subpackages: libjavascriptcoregtk-6_0-1 libwebkitgtk-6_0-4 typelib-1_0-JavaScriptCore-6_0 typelib-1_0-WebKit-6_0 webkitgtk-6_0-injected-bundles - Update to version 2.50.3 (bsc#1254473 bsc#1254498 bsc#1254509): + Fix seeking and looping of media elements that set the "loop" property. + Fix several crashes and rendering issues. + Security fixes: CVE-2025-13947, CVE-2025-43421, CVE-2025-43458, CVE-2025-66287. - Drop webkit2gtk3-undefined-symbol.patch: fixed upstream. - Use %limit_build. Also define %dwz_low_mem_die_limit and %dwz_max_die_limit, similar to what we have in wpewebkit. This should simplify the logic for limiting jobs and will hopefully help with intermittent build failures. ==== wtmpdb ==== Version update (0.75.0+git20251009.a6f185a -> 0.75.0+git20251130.0d8fe7a) Subpackages: libwtmpdb0 - Update to version 0.75.0+git20251130.0d8fe7a: * wtmpdbd: add method Rotate to interface definition * wtmpdb last: fix --present option * last -x: apply --since and --until to split entries * last -x: show shutdown entries before reboot ones * Fix varlink definition for type WtmpdbEntry ==== xdg-desktop-portal-kde6 ==== Version update (6.5.3 -> 6.5.4) - Update to 6.5.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.4 - Changes since 6.5.3: * Update version for new release 6.5.4 * remotedesktop: honor the requested cursor mode * clipboard: Dont append data on when read results in EAGAIN (kde#512076) ==== xkbcomp ==== Version update (1.4.7 -> 1.5.0) - This releases contains the fixes for the issues reported in today's security advisory: https://lists.x.org/archives/xorg-announce/2025-December/003644.html * CVE-2018-15863 (bsc#1105832) * CVE-2018-15861 (bsc#1105832) * CVE-2018-15859 (bsc#1105832) * CVE-2018-15853 (bsc#1105832) Note that the year is not a typo, these CVEs have been reported previously for libxkbcommon but the same code exists in xkbcomp and required the same fixes. As a new feature in this version: xkbcomp now supports the meson build system in addition to autotools. autotools support may be removed in a future version. - switch to meson build ==== yast2-bootloader ==== Version update (5.0.27 -> 5.0.29) - Enable grub2-bls for arm and riscv64 (bnc#1253222). - Replacing dbus-uuidgen by systemd-machine-id-setup. - 5.0.29 - Added requirement dbus-1-tools because /usr/bin/dbus-uuidgen is needed by BLS (bnc#1253724). - 5.0.28 ==== yast2-trans ==== Version update (84.87.20251120.56464525cf -> 84.87.20251202.6c2698bf7a) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20251202.6c2698bf7a: * Update translation files * New POT for text domain 'rmt'. - Update to version 84.87.20251125.b9a54cb9bd: * Update translation files * Update translation files * New POT for text domain 'packager'. * New POT for text domain 'bootloader'. ==== zix ==== Version update (0.6.2 -> 0.8.0) - Update to 0.8.0 * Add ZIX_REALTIME and ZIX_NONBLOCKING attributes * Add warning suppression macros * Annotate count and size parameters of allocator API * Avoid "deprecated" POSIX functions on Windows * Avoid over-use of yielding meson options * Clean up attribute documentation * Gracefully handle failed allocation in path and filesystem functions * Reduce empty BTree memory requirements * Strengthen zix_file_equals() * Use getenv() instead of environ to avoid issues on FreeBSD ==== zlib-ng-compat ==== Version update (2.2.5 -> 2.3.1) - Remove WITH_RVV=OFF - Update to 2.3.1: * Changelog at https://github.com/zlib-ng/zlib-ng/releases/tag/2.3.1 ==== zypp-plugin ==== Version update (0.6.5 -> 0.6.6) - Fix link to libzypp plugins documentation: https://opensuse.github.io/libzypp/zypp-plugins.html - version 0.6.6