Packages changed: 7zip (24.09 -> 25.01) boost-base boost-extra busybox-links cnf (0.8.1~0 -> 0.9.0~0) file libqt5-qtwebengine (5.15.18 -> 5.15.19) libxmlb (0.3.22 -> 0.3.23) net-tools (2.10 -> 2.10+1) === Details === ==== 7zip ==== Version update (24.09 -> 25.01) - Update to 25.01 (boo#1249130) * The code for handling symbolic links has been changed to provide greater security when extracting files from archives * Command line switch -snld20 can be used to bypass default security checks when creating symbolic links. - includes changes from 25.00: * bzip2 compression speed was increased by 15-40%. * deflate (zip/gz) compression speed was increased by 1-3%. * improved support for zip, cpio and fat archives. * CVE-2025-53816 : 7-Zip could work incorrectly for some incorrect RAR archives (boo#1246706) * CVE-2025-53817 : 7-Zip could crash for some incorrect COM (Compound File) archives (boo#1246707) ==== boost-base ==== Subpackages: boost-license1_88_0 libboost_filesystem1_88_0 libboost_filesystem1_88_0-x86-64-v3 libboost_iostreams1_88_0 libboost_iostreams1_88_0-x86-64-v3 libboost_locale1_88_0 libboost_locale1_88_0-x86-64-v3 libboost_thread1_88_0 libboost_thread1_88_0-x86-64-v3 - require shared library package in versioned libboost_url-devel (bsc#1248645) ==== boost-extra ==== Subpackages: libboost_python-py3-1_88_0 libboost_python-py3-1_88_0-x86-64-v3 - require shared library package in versioned libboost_url-devel (bsc#1248645) ==== busybox-links ==== Subpackages: busybox-coreutils busybox-diffutils busybox-ed busybox-gawk busybox-grep busybox-gzip busybox-procps busybox-psmisc busybox-sed busybox-sendmail busybox-which busybox-xz - Set net-tools conflict version properly. ==== cnf ==== Version update (0.8.1~0 -> 0.9.0~0) Subpackages: cnf-bash cnf-locale - Update to version 0.9.0~0: * mark 0.9.0 version * Documented what configuration variables are relied on. * Change rust code to say 'dnf' instead of 'dnf4' * Fixed some grammar errors in README.md * (ci): run zypper dnf5 and dnf integration tests in a parallel * Added fish support. * Added instructions for .zsh * Updated documentation to mention dnf5 support * Updated documentation examples. * Check if zypper is installed. * Look for dnf5 repos in /etc/dnf/repos.d * Add CI tests for dnf4 * Updated documentation to mention dnf4 support * Adds support for dnf4. * Added CI tests for dnf5. * Rename docker images with -zypper suffix. * Allow manually triggering the ci tests. * Added fish support. * Added instructions for .zsh * Updated documentation to mention dnf5 support * Updated documentation examples. * Check if zypper is installed. * Look for dnf5 repos in /etc/dnf/repos.d * Use dnf5 if it's installed. * Translated using Weblate (Portuguese (Brazil)) ==== file ==== Subpackages: file-magic libmagic1 - Add patch file-5.46-tcgets2.patch from https://bugs.astron.com/view.php?id=678 but disable hunk 1 to avoid conflict with file-seccomp-ppc.patch This should fix bug boo#1249071 - Modify patch file-seccomp-ppc.patch that is use on all architectures ==== libqt5-qtwebengine ==== Version update (5.15.18 -> 5.15.19) - Change the way we pin to ffmpeg-7: set maximum versions for the libav* buildrequires insteaf of hardcoding ffmpeg-7-*devel. This allows OBS to still shortcut through the mini packages. - Update to version 5.15.19: * Bump version to 5.15.19 * qmake: Fix qmake2cmake parsing issue for 5.15 SBOM * Update Chromium (patched with security updates up to 135.0.7049.95): * [Backport] CVE-2024-10229: Inappropriate implementation in Extensions * [Backport] CVE-2024-10827: Use after free in Serial * [Backport] Security bug 378701682 * [Backport] CVE-2024-12694: Use after free in Compositing * [Backport] Security bug 382135228 * [Backport] Security bug 384565015 * [Backport] CVE-2025-0436: Integer overflow in Skia * [Backport] CVE-2024-11477 / Security bug 383772517 * [Backport] CVE-2025-0996: Inappropriate implementation in Browser UI * [Backport] CVE-2025-1426: Heap buffer overflow in GPU * [Backport] Security bug 396481096 * [Backport] CVE-2025-0762: Use after free in DevTools * [Backport] CVE-2025-0999: Heap buffer overflow in V8 * [Backport] CVE-2024-55549: Fix UAF related to excluded namespaces * [Backport] CVE-2025-24855 Fix use-after-free of XPath context node * [backport] CVE-2025-1919 * [Backport] CVE-2025-2783: Incorrect handle provided in unspecified circumstances in Mojo on Windows * [backport] CVE-2025-24201 * [backport] CVE-2025-2136 * [Backport] Security bug 399002829 * [Backport] Security bug 396460489 * [Backport] CVE-2025-3619 * Various python fixes - Drop patches: * python3.12-imp.patch * python3.12-six.patch * python3.13-pipes.patch - Don't try to build with ffmpeg >= 8 on factory ==== libxmlb ==== Version update (0.3.22 -> 0.3.23) Subpackages: libxmlb2 libxmlb2-x86-64-v3 - Update to version 0.3.23: * Bugfixes: Do not reallocate the final silo blob when compiling to reduce peak RSS by about ~6%. ==== net-tools ==== Version update (2.10 -> 2.10+1) Subpackages: net-tools-lang - Set net-tools conflict version properly. - Drop ether-wake binary in favor of wol. It was never part of the upstream net-tools, and we have ether-wake in busybox. Bump rpm version to 2.10.0.0.1 to make a seamless update possible (boo#1249034, drop 0001-Add-ether-wake-binary.patch). - Provide support for net-tools-dummy (bsc#1242048). - Remove net_tool Provides/Obsoletes for SuSE Linux 7 and SLES 7.