Packages changed: Mesa Mesa-drivers MozillaFirefox (145.0 -> 145.0.2) SDL3 (3.2.26 -> 3.2.28) bash (5.3.3 -> 5.3.8) clamav cyrus-sasl ed (1.22.2 -> 1.22.3) emacs fwupd (2.0.17 -> 2.0.18) gdb glslang (16.0.0 -> 16.1.0) gnome-control-center (49.2.1 -> 49.2.2) graphene gspell (1.14.1 -> 1.14.2) kernel-firmware-amdgpu (20251119 -> 20251201) kernel-firmware-bluetooth (20251111 -> 20251125) kernel-firmware-i915 (20251106 -> 20251125) kernel-firmware-intel (20251024 -> 20251129) kernel-firmware-iwlwifi (20251024 -> 20251123) kernel-firmware-media (20251018 -> 20251123) kernel-firmware-mediatek (20251119 -> 20251129) kernel-firmware-qcom (20251119 -> 20251125) kernel-firmware-sound (20251118 -> 20251121) kernel-source (6.17.9 -> 6.18.0) libX11 libarchive (3.8.1 -> 3.8.3) libdisplay-info libpng16 (1.6.50 -> 1.6.51) libvirt (11.9.0 -> 11.10.0) mozilla-nss (3.117 -> 3.118.1) nghttp2 (1.66.0 -> 1.68.0) openSUSE-release (20251127 -> 20251204) pam-config (2.13+git.20251105 -> 2.13+git.20251203) patterns-media pipewire (1.5.83 -> 1.5.84) postfix (3.10.5 -> 3.10.6) postgresql18 (18.0 -> 18.1) python-certifi (2025.10.5 -> 2025.11.12) python-psutil salt selinux-policy (20251111 -> 20251128) shaderc (2025.4 -> 2025.5) shadow smartmontools sqlite3 (3.50.4 -> 3.51.1) suse-module-tools (16.1.0 -> 16.1.1) systemd-presets-branding-openSUSE tmux (3.5a -> 3.6) wtmpdb (0.75.0+git20251009.a6f185a -> 0.75.0+git20251130.0d8fe7a) yast2-bootloader (5.0.27 -> 5.0.29) yast2-trans (84.87.20251120.56464525cf -> 84.87.20251125.b9a54cb9bd) zlib-ng-compat (2.2.5 -> 2.3.1) zypp-plugin (0.6.5 -> 0.6.6) === Details === ==== Mesa ==== Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1 - Build with VK_AMD_anti_lag vulkan extension support to allow AMD Anti-Lag to be used on AMD GPUs - Create new subpackage Mesa-vulkan-anti-lag for this new vulkan extension - Build with -Ddisplay-info=enabled to allow VK_EXT_hdr_metadata support for VK_KHR_display ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-libva Mesa-vulkan-device-select libvulkan_lvp - Build with VK_AMD_anti_lag vulkan extension support to allow AMD Anti-Lag to be used on AMD GPUs - Create new subpackage Mesa-vulkan-anti-lag for this new vulkan extension - Build with -Ddisplay-info=enabled to allow VK_EXT_hdr_metadata support for VK_KHR_display ==== MozillaFirefox ==== Version update (145.0 -> 145.0.2) Subpackages: MozillaFirefox-branding-upstream MozillaFirefox-translations-common - Mozilla Firefox 145.0.2 * Fixed an issue that prevented typing in Baidu’s search box when using Chinese IMEs on Windows. (bmo#2000479) - Mozilla Firefox 145.0.1 * Fixed: Fixed an issue causing breakage on sites using Three.js. (bmo#1995939) * Fixed: Fixed Web compatibility issues with Rogers. Rogers customers would see a broken iframe with "Firefox Can’t Open This Page" when viewing bills, rather than the billing info. (bmo#1996823) * Fixed: Fixed an issue in the Web Developer Tools preventing copy all or save all requests as HAR. (bmo#1995694) ==== SDL3 ==== Version update (3.2.26 -> 3.2.28) - Update to release 3.2.28 * Fixed a divide by zero with a zero sized blit in some cases * Fixed blitting bitmaps with a non-zero x offset * Fixed a crash in the Vulkan renderer when the window is minimized * Fixed the initial X11 window position in some environments * Fixed the channel mapping for surround sound on PulseAudio * Fixed the sensor axis ordering with the Linux Nintendo driver * Fixed Xbox 360 controller mappings on newer Linux kernels * Made Nintendo Switch controller initialization more robust * Fixed the paddle mapping for Steam Controllers ==== bash ==== Version update (5.3.3 -> 5.3.8) Subpackages: bash-lang bash-loadables bash-sh - Add upstream patches * Bash-5.3 Official patch 4 -- bash53-004 The Linux kernel reports incorrect sizes for files in /sys/block/*/uevent, leading bash to report a read error when the byte count does not agree with the file size from fstat(2). * Bash-5.3 Official patch 5 -- bash53-005 Restoring the default disposition in a subshell for a signal bash treats specially can cause a crash. * Bash-5.3 Official patch 6 -- bash53-006 When `globasciiranges' is enabled, glob patterns with ranges in bracket expressions can produce incorrect matches for character ranges whose start and end are non-ascii characters. * Bash-5.3 Official patch 7 -- bash53-007 No-fork command substitutions can perform redirections that act on the enclosing command as well. * Bash-5.3 Official patch 8 -- bash53-008 Bash tries to consume entire multibyte characters when looking for backslash escapes in $'...' strings, and treats too many characters as potentially beginning a multibyte character in UTF-8 locales. Being more selective about when to call mbrtowc() can lead to optimized string processing and script speedups. This patch also handles the unlikely situation of a locale encoding null wide characters with non-null bytes. - Remove patch boo1254087.patch now upstream with bash53-004 ==== clamav ==== Subpackages: libclamav12 libclammspack0 libfreshclam4 - Provide a better fix for boo#1249404 by disabling debug mode. - Build with older rust 1.87 for reproducible builds (boo#1249404) ==== cyrus-sasl ==== Subpackages: cyrus-sasl-crammd5 cyrus-sasl-digestmd5 cyrus-sasl-gssapi cyrus-sasl-plain libsasl2-3 libsasl2-3-32bit - Python3 error log upon importing pycurl (bsc#1233529) Remove senceless log message. * add remove-senceless-log.patch ==== ed ==== Version update (1.22.2 -> 1.22.3) - GNU ed 1.22.3: * The change to print the file name escaped when replaced into a shell command has been reverted * When '--unsafe-names' is not specified, only the control characters \a, \b, \t, \v, \f, \n, \r, \033, and \177 are now rejected in file names * 'make check' now checks file names with non-ASCII characters coded either in ISO-8859-1 or in UTF-8. * 'EXIT STATUS' now has its own section in the man page ==== emacs ==== Subpackages: emacs-el emacs-eln emacs-info emacs-nox etags - Avoid direct dependencies to X11 libraries for wayland port ==== fwupd ==== Version update (2.0.17 -> 2.0.18) Subpackages: fwupd-bash-completion fwupd-lang libfwupd3 typelib-1_0-Fwupd-2_0 - Update to version 2.0.18: + This release adds the following features: - Add a MOTD message for devices needing reboot after staged updates - Create the reboot-required file when a firmware update requires reboot - Record the system state for each composite emulation - Update USI docking station firmware without requiring a manual replug + This release fixes the following bugs: - Add a MTD device problem if the Intel SPI BIOS lock is set - Allow changing the child name when using PARENT_NAME_PREFIX - Allow UpdateCapsule to work on systems that do not support SecureBoot - Correctly parse the EFI_CAPSULE_RESULT_VARIABLE_HEADER - Fall back to the SMBIOS version for BIOS MTD devices - Fix a crash when trying to record an i2c emulation - Fixed Huddly upgrade problems with major version changes - Fix man page compatibility with apropos and whatis - Fix parsing USB BOS descriptors - Fix up the x86_64-specific capsule flags when deploying UEFI firmware - Improve firmware stream searching speed by a huge amount - Only convert the release uint32_t to device version format for UEFI devices - Only handle SIGINT in fwupdtool when required - Refactor the hypervisor and container detection to be usable from plugins - Set PlatformArchitecture as the CPU architecture for RISC-V machines - Use a sensible timeout when doing qc-s5gen2 HID requests + This release adds support for the following hardware: - HP Portable USB-C 4K HDMI Hub - Lenovo Legion Go 2 (as a HID device) - Synaptics HapticsPad - Rebase fwupd-bsc1130056-change-shim-path.patch ==== gdb ==== - Maintenance script qa.sh: * Fix grep: warning: stray \ before -. - Patches added: * avoid-crash-with-length.patch * correct-bounds-check-when-working-around-gas-dwarf-5.patch * fix-crash-in-f-typeprint.c.patch - Patches added (swo#33560, bsc#1251213): * bfd-elf-handle-prstatus-of-156-bytes-in-elf32_arm_na.patch * gdb-corefiles-fix-segfault-in-add_thread_silent.patch - Patches added (swo#32542, swo#33354): * change-return-value-of-_bfd_mmap_temporary.patch - Patches added (swo#33068, swo#33069): * gdb-fix-handling-of-aborted-inferior-call.patch - Patches added (swo#33620): * gdb-rust-fix-handling-of-unsigned-discriminant.patch - Patches added (swo#33444): * have-gdb.threadexitedevent-inherit-from-gdb.threadev.patch - Patches added (swo#33617): * mark-pascal-as-case-insensitive.patch - Patches added (testsuite): * check-gnatmake-version-in-gnat_version_compare.patch * gdb-testsuite-fix-build-id-check-in-gdb.python-py-mi.patch * gdb-testsuite-fix-gdb.mi-mi-sym-info.exp.patch * gdb-testsuite-fix-gdb.rust-methods.exp-on-i686-linux.patch * gdb-testsuite-fix-main-in-gdb.trace-mi-trace-frame-c.patch * gdb-testsuite-fix-possible-tcl-errors-in-gdb.threads.patch * gdb-testsuite-fix-sizeof-test-in-gdb.rust-simple.exp.patch * gdb-testsuite-fix-xfail-in-gdb.ada-array_of_variant..patch * gdb-testsuite-fix-xfail-in-gdb.ada-variant_record_fi.patch * gdb-testsuite-force-dwarf-in-gdb.pascal.patch * gdb-testsuite-rust-fix-for-empty-array.patch * gdb-testsuite-use-expect_build_id_in_core_file-a-bit.patch * gdb-testsuite-use-std-c99-in-gdb.base-callfuncs.exp.patch * gdb-testsuite-use-std-c99-in-gdb.base-nodebug.exp.patch * powerpc-mark-rtti-typeid-tests-as-expected-fail-befo.patch - Maintenance script import-patches.sh: * Use git instead of osc. - Maintenance script qa.sh: * Add PR32893 kfail. - Patch added (swo#32688): * gdb-testsuite-yet-another-attempt-to-fix-gdb.threads.patch - Maintenance script qa.sh: * Remove PR32688 kfail. - Work around recursively defined sle_version on openSUSE Leap 16.0 (bsc#1238724). ==== glslang ==== Version update (16.0.0 -> 16.1.0) - Update to release 16.1.0 * Avoid emitting OpCapability RuntimeDescriptorArray when unnecessary * Improve compilation speed when debug infomation is enabled * Support GL_EXT_shader_invocation_reorder * Add checks to coopMatMulAdd * Implement stringify operator * Add ES support for depth layout qualifier * Add debug info for hitObjectNV * Emit a DebugGlobalVariable instead of DebugLocalVariable for rayQueryEXT * Add debug info for constant variable * Improve debug line to point declaration * Fix bugs in buffer reference alignment * Reject string operands in binary and select ops * Support GL_EXT_shader_64bit_indexing * Support GLSL_EXT_uniform_buffer_unsized_array * Add semantic check for cooperative vector loads/stores * Improve the debug info name of opaque (sampler) types * Support IO mapping of combined samplers and acceleration structures * Fix bug in debug info for bool types inside SSBO/UBO * Fix bug in debug info for struct member names * Add methods for entry point and invert-y to C interface ==== gnome-control-center ==== Version update (49.2.1 -> 49.2.2) Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-lang gnome-control-center-user-faces gnome-control-center-users - Update to version 49.2.1: + Revert libgxdp updates. The libgxdp updates depend on changes in gsettings-desktop-schemas that are part of the GNOME 50 cycle. Revert the pinned ref to the one we had before, until we branch libgxdp for GNOME 49. ==== graphene ==== Subpackages: libgraphene-1_0-0 typelib-1_0-Graphene-1_0 - add no_fast-math_for_tests.patch * %check may fail for some architerture if the test use -ffast-math ==== gspell ==== Version update (1.14.1 -> 1.14.2) Subpackages: gspell-lang libgspell-1-3 - Update to version 1.14.2: + Publish tarballs from CI. ==== kernel-firmware-amdgpu ==== Version update (20251119 -> 20251201) - Update to version 20251201 (git commit 934bfe7e1e27): * Reapply "amdgpu: update SMU 14.0.3 firmware" * Revert "amdgpu: update SMU 14.0.3 firmware" * Revert "amdgpu: update GC 10.3.6 firmware" * Revert "amdgpu: update GC 11.5.1 firmware" - Update to version 20251125 (git commit 23568a4b9420): * Revert "amdgpu: update GC 11.0.1 firmware" - Update to version 20251121 (git commit ff6418d18552): * amdgpu: DMCUB updates for various ASICs ==== kernel-firmware-bluetooth ==== Version update (20251111 -> 20251125) - Update to version 20251125 (git commit 23568a4b9420): * QCA: Add Bluetooth firmware for WCN685x uart interface - Update to version 20251121 (git commit ff6418d18552): * rtl_bt: Update RTL8852B BT USB FW to 0x42D3_4E04 ==== kernel-firmware-i915 ==== Version update (20251106 -> 20251125) - Update to version 20251125 (git commit 23568a4b9420): * xe: Update GUC to v70.54.0 for BMG, PTL ==== kernel-firmware-intel ==== Version update (20251024 -> 20251129) - Update to version 20251129 (git commit 01006f5dea2d): * intel_vpu: Update NPU firmware ==== kernel-firmware-iwlwifi ==== Version update (20251024 -> 20251123) - Update to version 20251123 (git commit 9dba680579f4): * iwlwifi: add Sc/Wh FW for core98-181 release ==== kernel-firmware-media ==== Version update (20251018 -> 20251123) - Update to version 20251123 (git commit 9dba680579f4): * qcom: venus-5.4: update firmware binary for v5.4 * qcom: venus-5.4: remove unused firmware file ==== kernel-firmware-mediatek ==== Version update (20251119 -> 20251129) - Update to version 20251129 (git commit 01006f5dea2d): * linux-firmware: update firmware for MT7925 WiFi device * mediatek MT7925: update bluetooth firmware to 20251124093155 ==== kernel-firmware-qcom ==== Version update (20251119 -> 20251125) - Update to version 20251125 (git commit 23568a4b9420): * qcom: Add ADSP firmware for qcs6490-thundercomm-rubikpi3 ==== kernel-firmware-sound ==== Version update (20251118 -> 20251121) - Update to version 20251121 (git commit ff6418d18552): * ASoC: tas2781: Add more symbol links on SPI devices ==== kernel-source ==== Version update (6.17.9 -> 6.18.0) - Revert "rpm/config.sh: Use suse-kabi-tools" This reverts commit e17118487b4d4fbabdbd7af5f3a53d7baaa11825. Temporarily revert this as: * There is a high risk to break something in factory and I want to separate it from the 6.18 update. * ring0 does not have suse-kabi-tools (yet), so we see "nothing provides suse-kabi-tools". - commit 6ce3f15 - Refresh patches.suse/wifi-iwlwifi-Add-missing-firmware-info-for-bz-b0-mod.patch. Fix backport for 6.17. Upstream's IWL_BZ_UCODE_CORE_MAX has to be changed to 6.17's IWL_BZ_UCODE_API_MAX. Otherwise we get the fw strings like: "firmware" "=" "iwlwifi-bz-b0-fm-c0" "-" "IWL_BZ_UCODE_CORE_MAX" ".ucode"; instead of upstream's: "firmware" "=" "iwlwifi-bz-b0-fm-c0" "-c" "99" ".ucode"; - commit 24dd031 - update to 6.18 final - drop obsoleted patch - patches.rpmify/power-supply-use-ktime_divns-to-avoid-64-bit-divisio.patch (ad8cccc24887) - refresh configs (headers only) - commit 3b67758 - config: update and reenable armv6hl configs - options mirrored from armv7hl - commit 5d0d415 - config: update and reenable armv7hl configs - options mirrored from arm64 except - TI_PRUETH=m - RESET_ASPEED=m - commit 60f8c94 - config/riscv64: enable generic ASoC drivers CONFIG_SND_SIMPLE_CARD_UTILS=m CONFIG_SND_SIMPLE_CARD=m CONFIG_SND_AUDIO_GRAPH_CARD=m CONFIG_SND_AUDIO_GRAPH_CARD2=m CONFIG_SND_AUDIO_GRAPH_CARD2_CUSTOM_SAMPLE=m - commit 4722423 - Add dtb-spacemit SpacemiT boards include MilkV-Jupiter, Banana Pi F3 and Orange Pi RV2. - commit f2f396d - smb: client: fix incomplete backport in cfids_invalidation_worker() (bsc#1254096). - commit a337d5c - rpm/kernel-obs-build.spec.in: Add xt_addrtype module for docker Needed by docker meanwhile. - commit 1cd2f7d ==== libX11 ==== Subpackages: libX11-6 libX11-data libX11-xcb1 - Add libX11-ignore-incompatible-XkbMapNotify.patch: Fix mutter-x11-frames crash caused by keyboard layout change triggered by orca screen reader. (bsc#1253076) ==== libarchive ==== Version update (3.8.1 -> 3.8.3) - Update to 3.8.3: * lib: Create temporary files in the target directory (boo#1254340) * lha: Fix for an out-of-bounds buffer overrun when using p[H_LEVEL_OFFSET] (boo#1254341) * 7-zip: Fix a buffer overrun when reading truncated 7zip headers (boo#1254342) * lz4 and zstd: Support both lz4 and zstd data with leading skippable frames - update upstream signing key - update to 3.8.2: Security fixes: * 7zip: Fix out of boundary access * tar reader: fix checking the result of the strftime (CVE-2025-25724) Notable bugfixes: * bsdtar: Allow filename to have CRLF endings * lib: archive_read_data: handle sparse holes at end of file correctly * lib: improve filter process handling * lib: fix error checking in writing files * lib: handle possible errors from system calls * lib: avoid leaking file descriptors into subprocesses * lib: parse_date: handle dates in 2038 and beyond if time_t is big enough * RAR5 reader: fix multiple issues in extra field parsing function * RAR5 reader: early fail when file declares data for a dir entry * tar writer: fix replacing a regular file with a dir for ARCHIVE_EXTRACT_SAFE_WRITES * tar reader (Windows): check WCS pathname in header_gnutar before overwriting * tar reader: fix an infinite loop when parsing V headers * zip writer: fix a memory leak if write callback error early * zip writer: fix writing with ZSTD compression * zstd write filter: enable Zstandard's checksum feature ==== libdisplay-info ==== Subpackages: libdisplay-info-tools libdisplay-info3 - added -32bit package needed by Mesa's libvulkan driver packages ==== libpng16 ==== Version update (1.6.50 -> 1.6.51) Subpackages: libpng16-16 libpng16-16-x86-64-v3 - version update to 1.6.51 * Fixed CVE-2025-64505 (moderate severity): Heap buffer overflow in `png_do_quantize` via malformed palette index. (Reported by Samsung; analyzed by Fabio Gritti.) * Fixed CVE-2025-64506 (moderate severity): Heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled. (Reported by Samsung and ; analyzed by Fabio Gritti.) * Fixed CVE-2025-64720 (high severity): Buffer overflow in `png_image_read_composite` via incorrect palette premultiplication. (Reported by Samsung; analyzed by John Bowler.) * Fixed CVE-2025-65018 (high severity): Heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`. (Reported by .) * Fixed a memory leak in `png_set_quantize`. (Reported by Samsung; analyzed by Fabio Gritti.) * Removed the experimental and incomplete ERROR_NUMBERS code. (Contributed by Tobias Stoeckmann.) * Improved the RISC-V vector extension support; required RVV 1.0 or newer. (Contributed by Filip Wasil.) * Added GitHub Actions workflows for automated testing. * Performed various refactorings and cleanups. - fixes [bsc#1254157] [bsc#1254158] [bsc#1254159] [bsc#1254160] ==== libvirt ==== Version update (11.9.0 -> 11.10.0) Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-qemu libvirt-libs - Update to libvirt 11.10.0 - build: drop userfaultfd_sysctl option - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v11-10-0-2025-12-01 ==== mozilla-nss ==== Version update (3.117 -> 3.118.1) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-sysinit mozilla-nss-tools - update to NSS 3.118.1 * bmo#1999517 - pk11wrap selects incorrect slot for CKM_ML_KEM* - update to NSS 3.118 * bmo#1994866 - Remove four Commscope root certificates from NSS * bmo#1996036 - fix try pushes with --nspr-patch to actually apply the patch * bmo#1995512 - Support for NIST Curves compressed points * bmo#1985058 - Destroy certificate on error paths * bmo#1990242 - Move NSS DB password hash away from SHA-1 * bmo#1983313 - support secp384r1mlkem1024 * bmo#1991549 - vendor latest ML-KEM code from libcrux * bmo#1991549 - add mlk-kem-1024 tests * bmo#1996717 - use the correct directory for FStar_UInt_8_16_32_64.h in source consistency test * bmo#1766767 - Move scripts to python3 * bmo#1983313 - add mlkem1024 support in freebl * bmo#1983313 - support secp256r1mlkem768 * bmo#1983313 - Make mlkem768x25519 the default * bmo#1983320 - ML-DSA SGN and VFY interfaces * bmo#1988625 - Align FIPS interfaces count with array * bmo#1989477 - Ensure CKK_ML_KEM has derive CK_FALSE * bmo#1992128 - Add script for tagging an NSS release * bmo#1992128 - Remove the globals from nss-release-helper.py * bmo#1992128 - Add release helper command for generating the release index * bmo#1992128 - Add release helper command for generating a release note * bmo#1992128 - Add release helper command for freezing a branch ==== nghttp2 ==== Version update (1.66.0 -> 1.68.0) - Update to 1.68.0: * Increase glitch counter for unexpected builtin extension frames * Remove session_update_glitch_ratelim called from deep inside the chain * nghttpd: Make the supported groups configurable * Use SSL_CTX_set1_groups_list * nghttpx: Add groups option * nghttpx: Prefer ML-DSA certificate over ECDSA * nghttpx: Select ECDSA cert based on EVP_PKEY_base_id * nghttpx: Select certificate with BoringSSL * nghttpx: Select certificate with wolfSSL * nghttpx: Add the fast path when selecting a certificate * nghttpx: Select a certificate in a single pass * nghttpx: Support ML-DSA certificate selection with wolfSSL * nghttpx: Make servername_callback behavior consistent * nghttpx: Drop TLSv1.0 and TLSv1.1 support * nghttpx: Define NGHTTP2_CERT_TYPE as constexpr * src: Move sgi _daemonize to util::daemonize * examples: Consistent conditional macro comments * Bump ngtcp2 and its dependencies * src: Adopt nghttp3_conn_read_stream2 * src: Use std::ranges::begin and std::ranges::end consistently * h2load: Set QUIC window-bits to 24 by default * Fix typos in documentation: "or3xx" → "or 3xx" and missing space after period * nghttpx: Increase number of UDP packets to read * Optimize quic io * nghttpx: Remove unused ticket_keys from WorkerEvent * Bump ngtcp2 and its dependencies - Update to 1.67.1: * Remove session_update_glitch_ratelim called from deep inside the chain - Update to 1.67.0: * Port ngtcp2 map changes * src: Adopt IP_PMTUDISC_PROBE * Map seed * Use allocator-aware free in failure path * lib: Use nghttp2_mem_free * src: Rewrite util::is_hex_string * GHA: Run android workflow on branches event * Make error handling robust * Update doc * Add "glitch" counter * Make glitch counter configurable * tests: Swap the positions of expected and actual values * Bump ngtcp2 and its dependencies * Adopt ngtcp2 nghttp3 features * Adopt libngtcp2_crypto_libressl changes * src: Adopt designated initializers for ngtcp2_callbacks * src: Adopt designated initializers * src: constexpr fixup * src: Adopt NGTCP2_WRITE_STREAM_FLAG_PADDING * Test lib before building applications * Bump libbpf to v1.6.2 * Added nghttp3's pattern targets * Bump ngtcp2 to v1.15.1 ==== openSUSE-release ==== Version update (20251127 -> 20251204) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== pam-config ==== Version update (2.13+git.20251105 -> 2.13+git.20251203) - Update to version 2.13+git.20251203: * Make pam_unix_ng work together with pam_sss * pam_sss has no debug option ==== patterns-media ==== Subpackages: patterns-media-rest_cd_core patterns-media-rest_dvd - Do not explicitly add arabic-fonts and arphic-uming-fonts (boo#1249232). ==== pipewire ==== Version update (1.5.83 -> 1.5.84) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-lang pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Add patch from upstream to fix linking in older clients: * remove-mappable.patch - Update to version 1.5.84 (1.6 RC4): * This is the fourth 1.6 release candidate that is API and ABI compatible with previous 1.4.x, 1.2.x and 1.0.x releases. * Highlights - Capabilities were added to improve negotiation over links. - The audio resampler now has a configurable window function to better tune the resampler quality. A kaiser and blackman window was added and the default parameters were tuned. - Various small fixes and improvements. * PipeWire - Capabilities and PeerCapabilities were added to exchange key/value pairs between consumer and producer right after a link is made. This can be used to detect how the negotiation of formats and buffers should be done. * Modules - Avoid segfaults in RTP source. (#4970 (closed)) - The AVB module has seen some improvements. * Pulse-server - @NONE@ can now be used to clear the default sink/source. * SPA - Support longer convolver filenames and also support inline IRs. - The audio resampler window function is now selectable and configurable. A kaiser window and blackman window was added and the default qualities were tweaked to improve quality. - The filter-graph convolver latency is now set by default to something more sensible. (0 by default and N/2 for hilbert). (#4980 (closed)) * Bluetooth - Better xrun and error handling for iso streams. - The +CNUM reply was fixed. - The CIEC call status was fixed. (#1744 (closed)) - Add BAP context metadata to improve compatibility. - Improve compatibility with Creative Zen Hybrid Pro by releasing transports simultaneously. ==== postfix ==== Version update (3.10.5 -> 3.10.6) - update to 3.10.6 * Bugfix (defect introduced: Postfix 3.10, date: 20250117). Symptom: warning messages that smtp_tls_wrappermode requires "smtp_tls_security_level = encrypt". Root cause: support for "TLS-Required: no" broke client-side TLS wrappermode support, by downgrading a connection to TLS security level 'may'. The fix changes the downgrade level for wrappermode connections to 'encrypt'. Rationale: by design, TLS can be optional only for connections that use STARTTLS. The downgrade to unauthenticated 'encrypt' allows a sender to avoid an email delivery problem. Problem reported by Joshua Tyler Cochran. * New logging: the Postfix SMTP client will log a warning when an MX hostname does not match STS policy MX patterns, with "smtp_tls_enforce_sts_mx_patterns = yes" in Postfix, and with TLSRPT support enabled in a TLS policy plugin. It will log a successful match only when verbose logging is enabled. * Bugfix (defect introduced: Postfix 3.10, date: 20240902): SMTP client null pointer crash when an STS policy plugin sends no policy_string or no mx_pattern attributes. This can happen only during tests with a fake STS plugin. * Bugfix (defect introduced: Postfix 2.9, date: 20120307): segfault when a duplicate parameter name is given to "postconf -X" or "postconf -#'. * Documentation: removed incorrect text from the parameter description for smtp_cname_overrides_servername. File: proto/postconf.proto. ==== postgresql18 ==== Version update (18.0 -> 18.1) Subpackages: libpq5 postgresql18-contrib postgresql18-llvmjit postgresql18-server - Fix build with uring for post SLE15 code streams. - Use %product_libs_llvm_ver to determine the LLVM version. - Remove conditionals for obsolete PostgreSQL releases. - Update to 18.1: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/18.1/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. ==== python-certifi ==== Version update (2025.10.5 -> 2025.11.12) Subpackages: python311-certifi python313-certifi - Update to 2025.11.12 * Bump actions/download-artifact from 5.0.0 to 6.0.0 (#373) * Bump actions/upload-artifact from 4.6.2 to 5.0.0 (#374) ==== python-psutil ==== Subpackages: python311-psutil python313-psutil - Add upstream pytest9.patch to fix tests ==== salt ==== Subpackages: python311-salt salt-master salt-minion - Add minimum_auth_version to enforce security (CVE-2025-62349) - Backport security fixes for vendored tornado * BDSA-2024-3438 * BDSA-2024-3439 * BDSA-2024-9026 - Junos module yaml loader fix (CVE-2025-62348) - Added: * backport-3006.17-security-fixes-739.patch ==== selinux-policy ==== Version update (20251111 -> 20251128) Subpackages: selinux-policy-targeted - Update to version 20251128: * update support for polkit agent helper (bsc#1251931) * Allow system_mail_t read apache system content conditionally * Allow login_userdomain read lastlog * Allow sshd-net read and write to sshd vsock socket * Update ktls policy * Add comprehensive SELinux policy module for bwrap thumbnail generation * Revert "Allow thumb_t create permission in the user namespace" * Allow systemd-machined read svirt process state * Allow sshd_auth_t getopt/setopt on tcp_socket (bsc#1252992) * Allow sysadm access to TPM * Allow tlp get the attributes of the pidfs filesystem * Allow kmscon to read netlink_kobject_uevent_socket * Allow systemd-ssh-issue read kernel sysctls * fix: bz2279215 Allow speech-dispatcher access to user home/cache files * Allow create kerberos files in postgresql db home * Fix files_delete_boot_symlinks() to contain delete_lnk_files_pattern * Allow shell comamnds in locate systemd service (bsc#1246559) * Introduce initrc_nnp_daemon_domain interface * Label /var/lib/cosmic-greeter with xdm_var_lib_t * Allow setroubleshoot-fixit get attributes of xattr fs * Allow insights-client manage /etc symlinks * Allow insights-client get attributes of the rpm executable * Allow nfsidmapd search virt lib directories * Allow iotop stream connect to systemd-userdbd * Allow gnome-remote-desktop read sssd public files * Allow thumb_t stream connect to systemd-userdbd * Add auth_nnp_domtrans_chkpwd() * Allow bluez dbus API passing unix domain sockets * Allow bluez dbus api pass sockets over dbus * Dontaudit systemd-generator connect to sssd over a unix stream socket * Allow init watch/watch_reads systemd-machined user ptys - Syncing with upstream rawhide selinux-policy up to: * 874e36c884fc9e31ae12428338a38b14db65f554 - Update embedded container-selinux version to commit: * efdee4df4e98b5f5fe826b83db5ff4a9239e54bb (version 2.243.0) ==== shaderc ==== Version update (2025.4 -> 2025.5) - Update to release 2025.5 * No user-visible changes; just a new archive with changes to upstream's deployment scripts. ==== shadow ==== Subpackages: libsubid5 login_defs - Move chage, chfn, chsh, passwd and new?idmap into own pw-mgmt sub-package ==== smartmontools ==== - update-smart-drivedb: Provide support for the new upstream GitHub repository. (smartmontools-update-smart-drivedb.patch, refactor smartmontools-drivedb_h-update.sh). - update-smart-drivedb: Do not overwrite files in /usr/share. Use /var/lib provided by --with-drivedbinstdir. - Add smartmontools-drivedb.h version 5894 from the branch 7.5. ==== sqlite3 ==== Version update (3.50.4 -> 3.51.1) Subpackages: libsqlite3-0 libsqlite3-0-x86-64-v3 sqlite3-tcl - Update to version 3.51.1: * Fix incorrect results from nested EXISTS queries caused by the optimization in item 6b in the 3.51.0 release. * Fix a latent bug in fts5vocab virtual table, exposed by new optimizations in the 3.51.0 release - Changes in version 3.51.0: * New macros in sqlite3.h: - SQLITE_SCM_BRANCH → the name of the branch from which the source code is taken. - SQLITE_SCM_TAGS → space-separated list of tags on the source code check-in. - SQLITE_SCM_DATETIME → ISO-8601 date and time of the source code check-in. * Two new JSON functions, jsonb_each() and jsonb_tree() work the same as the existing json_each() and json_tree() functions except that they return JSONB for the "value" column when the "type" is 'array' or 'object'. * The carray and percentile extensions are now built into the amalgamation, though they are disabled by default and must be activated at compile-time using the -DSQLITE_ENABLE_CARRAY and/or -DSQLITE_ENABLE_PERCENTILE options, respectively. * Enhancements to TCL Interface: - Add the -asdict flag to the eval command to have it set the row data as a dict instead of an array. - User-defined functions may now break to return an SQL NULL. * CLI enhancements: - Increase the precision of ".timer" to microseconds. - Enhance the "box" and "column" formatting modes to deal with double-wide characters. - The ".imposter" command provides read-only imposter tables that work with VACUUM and do not require the --unsafe-testing option. - Add the --ifexists option to the CLI command-line option and to the .open command. - Limit columns widths set by the ".width" command to 30,000 or less, as there is not good reason to have wider columns, but supporting wider columns provides opportunity to malefactors. * Performance enhancements: - Use fewer CPU cycles to commit a read transaction. - Early detection of joins that return no rows due to one or more of the tables containing no rows. - Avoid evaluation of scalar subqueries if the result of the subquery does not change the result of the overall expression. - Faster window function queries when using "BETWEEN :x FOLLOWING AND :y FOLLOWING" with a large :y. * Add the PRAGMA wal_checkpoint=NOOP; command and the SQLITE_CHECKPOINT_NOOP argument for sqlite3_wal_checkpoint_v2(). * Add the sqlite3_set_errmsg() API for use by extensions. * Add the sqlite3_db_status64() API, which works just like the existing sqlite3_db_status() API except that it returns 64-bit results. * Add the SQLITE_DBSTATUS_TEMPBUF_SPILL option to the sqlite3_db_status() and sqlite3_db_status64() interfaces. * In the session extension add the sqlite3changeset_apply_v3() interface. * For the built-in printf() and the format() SQL function, omit the leading '-' from negative floating point numbers if the '+' flag is omitted and the "#" flag is present and all displayed digits are '0'. Use '%#f' or similar to avoid outputs like '-0.00' and instead show just '0.00'. * Improved error messages generated by FTS5. * Enforce STRICT typing on computed columns. * Improved support for VxWorks * JavaScript/WASM now supports 64-bit WASM. The canonical builds continue to be 32-bit but creating one's own 64-bit build is now as simple as running "make". * Improved resistance to database corruption caused by an application breaking Posix advisory locks using close(). ==== suse-module-tools ==== Version update (16.1.0 -> 16.1.1) Subpackages: suse-module-tools-scriptlets - Update to version 16.1.1: * 80-hotplug-cpu-mem.rules: remount tmpfs on "online" uevents (bsc#1254264) ==== systemd-presets-branding-openSUSE ==== - enable firewalld.service by default (bsc#1237923) since the Agama installer does not do that (contrary to what the YaST installer used to do). ==== tmux ==== Version update (3.5a -> 3.6) - tmux 3.6: * Add seconds options for clock mode (issue 4697). * Make -v to source-file pass through to subsequent source-file commands (issue 4216). * Add selection-mode command to expilcitly set the selection mode in copy mode (issue 3842). * Save and restore images in alternate screen (issue 3732). * Improve handling of regional indicators and emoji modifiers (issue 3998). * Preserve marked pane with swap-window and move-window (issue 3443). * Set and check COLORTERM as a hint for RGB colour. * If tmux receives a palette request (OSC 4) in a pane and the palette entry has not been set, send a request to the most recently used client and forward any response instead (based on change from Tim Culverhouse, issue 4665). * Add -l flag to command-prompt to disable splitting into multiple prompts (issue 4483). * Add buffer_full format variable (from Mohammad AlSaleh, issue 4630). * Introduce a new window option, tiled-layout-max-columns, which configures the maximum number of columns in the tiled layout. * Add -k flag to display-popup which allows any key to dismiss the popup once the command has exited (from Meriel Luna Mittelbach, issue 4612). * Add a pane-border-lines "spaces" value to use spaces for pane borders (issue 4587). * Replace invalid UTF-8 characters with the placeholder instead of ignoring them (issue 4514). * Detect support for OSC 52 using the device attributes report (from James Holderness, issue 4539). * Add -E to run-shell to forward stderr as well as stdout (issue 4246). * Add an option variation-selector-always-wide to instruct tmux not to always interpret VS16 as a wide character and assume the terminal does likewise. * Add more features for boolean expressions in formats: 1) extend && and || to support arbitrarily many arguments and 2) add ! and !! for not and not-not (from David Mandelberg). * Do not mistake other DCS sequences for SIXEL sequences (from James Holderness, issue 4488). * Improve #? conditional expression in formats: add support for else if and default empty string if no else value (from David Mandelberg, issue 4451). * Add default-client-command to set the command used if tmux is run without a command; the default stays new-session (from David Mandelberg, issue 4422). * Add S-Up and S-Down to move windows in tree mode (from David Mandelberg, issue 4415). * Add mode 2031 support to automatically report dark or light theme. tmux will guess the theme from the background colour on terminals which do not themselves support the escape sequence (from Jonathan Slenders, issue 4353). * Add -M flag to capture-pane to use the copy mode screen (issue 4358). * Align index numbers in trees (from David Mandelberg, issue 4360). * Add display-message -C flag to update pane while message is displayed (from Vitaly Ostrosablin, issue 4363). * Make list-commands command show only one command if an argument is given (from Ilya Grigoriev, issue 4352). * Count line numbers correctly inside strings in configuration files (reported by Pedro Navarro, issue 4325). * Map bright black (colour 8) to white (7) if the background is black on terminals with only eight colours so the text is not invisible (from Dmytro Bagrii, issue 4322). * Add copy-mode-position-style and copy-mode-selection-style options for copy mode. * Add no-detach-on-destroy client option (issue 4242). * Add input-buffer-size option (from Ken Lau). * Add support for a scrollbar at the side of each pane. New options pane-scrollbars turn them on or off, pane-scrollbars-position sets the position (left or right), and pane-scrollbars-style to set the colours (from Michael Grant, issue 4221). * Add prompt-cursor-colour and prompt-cursor-style to set the style of the cursor in the command prompt and remove the emulated cursor (from Alexander Arch, issue 4170). * Add initial-repeat-time option to allow the first repeat time to be increased and later reduced (from David le Blanc, issue 4164). * Add copy-mode-position-format to configure the position indicator. * Add -y flag to disable confirmation prompts in modes (issue 4152). * Add -C and -P flags to the copy commands in copy mode: -C prevents the commands from sending the text to the clipboard and -P prevents them from adding the text as a paste buffer (issue 4153). * Preserve transparency and raster attribute dimensions when sending a SIXEL image, and avoid collapsing empty lines (issue 4149). ==== wtmpdb ==== Version update (0.75.0+git20251009.a6f185a -> 0.75.0+git20251130.0d8fe7a) Subpackages: libwtmpdb0 - Update to version 0.75.0+git20251130.0d8fe7a: * wtmpdbd: add method Rotate to interface definition * wtmpdb last: fix --present option * last -x: apply --since and --until to split entries * last -x: show shutdown entries before reboot ones * Fix varlink definition for type WtmpdbEntry ==== yast2-bootloader ==== Version update (5.0.27 -> 5.0.29) - Enable grub2-bls for arm and riscv64 (bnc#1253222). - Replacing dbus-uuidgen by systemd-machine-id-setup. - 5.0.29 - Added requirement dbus-1-tools because /usr/bin/dbus-uuidgen is needed by BLS (bnc#1253724). - 5.0.28 ==== yast2-trans ==== Version update (84.87.20251120.56464525cf -> 84.87.20251125.b9a54cb9bd) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20251125.b9a54cb9bd: * Update translation files * Update translation files * New POT for text domain 'packager'. * New POT for text domain 'bootloader'. ==== zlib-ng-compat ==== Version update (2.2.5 -> 2.3.1) - Remove WITH_RVV=OFF - Update to 2.3.1: * Changelog at https://github.com/zlib-ng/zlib-ng/releases/tag/2.3.1 ==== zypp-plugin ==== Version update (0.6.5 -> 0.6.6) - Fix link to libzypp plugins documentation: https://opensuse.github.io/libzypp/zypp-plugins.html - version 0.6.6