Packages changed: ImageMagick (7.1.2.11 -> 7.1.2.12) Mesa (25.3.1 -> 25.3.3) Mesa-drivers (25.3.1 -> 25.3.3) curl (8.17.0 -> 8.18.0) ed (1.22.3 -> 1.22.4) gimp imlib2 (1.12.3 -> 1.12.5) kImageAnnotator-Qt5 (0.7.1 -> 0.7.2) kImageAnnotator-Qt6 (0.7.1 -> 0.7.2) kernel-firmware-bluetooth (20251228 -> 20260106) kernel-firmware-network (20250912 -> 20260106) kernel-firmware-platform kernel-firmware-qcom (20251228 -> 20260106) kernel-firmware-realtek libcloudproviders (0.3.6 -> 0.4.0) libdecor (0.2.2 -> 0.2.5) libdrm (2.4.130 -> 2.4.131) libevdev (1.13.5 -> 1.13.6) libgcrypt libheif (1.20.2 -> 1.21.1) libva (2.22.0 -> 2.23.0) libva-gl (2.22.0 -> 2.23.0) loupe (49.1 -> 49.2) mariadb ncurses (6.5.20251213 -> 6.6.20260103) openSUSE-release (20260106 -> 20260108) python-gevent rgb (1.1.0 -> 1.1.1) ruby4.0 systemd-presets-branding-openSUSE tree-sitter tslib (1.22 -> 1.24) xauth (1.1.4 -> 1.1.5) yast2 (5.0.17 -> 5.0.18) === Details === ==== ImageMagick ==== Version update (7.1.2.11 -> 7.1.2.12) Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - version update to 7.1.2.12 * no upstream changelog, see https://github.com/ImageMagick/ImageMagick/compare/7.1.2-11..7.1.2-12 * fixes CVE-2025-68618 [bsc#1255821] CVE-2025-68950 [bsc#1255822] CVE-2025-69204 [bsc#1255823] ==== Mesa ==== Version update (25.3.1 -> 25.3.3) Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1 - Update to Mesa 25.3.3 - -> https://docs.mesa3d.org/relnotes/25.3.3 - Update to Mesa 25.3.2 - -> https://docs.mesa3d.org/relnotes/25.3.2 ==== Mesa-drivers ==== Version update (25.3.1 -> 25.3.3) Subpackages: Mesa-dri Mesa-libva Mesa-vulkan-device-select libvulkan_lvp - Update to Mesa 25.3.3 - -> https://docs.mesa3d.org/relnotes/25.3.3 - Update to Mesa 25.3.2 - -> https://docs.mesa3d.org/relnotes/25.3.2 ==== curl ==== Version update (8.17.0 -> 8.18.0) Subpackages: libcurl4 - Update to 8.18.0: * Security fixes: - [bsc#1256105, CVE-2025-14017] ldap: call ldap_init() before setting the options - [bsc#1255731, CVE-2025-14524] curl_sasl: if redirected, require permission to use bearer - [bsc#1255734, CVE-2025-15224] libssh: require private key or user-agent for public key auth - [bsc#1255732, CVE-2025-14819] openssl: toggling CURLSSLOPT_NO_PARTIALCHAIN makes a different CA cache - [bsc#1255733, CVE-2025-15079] libssh: set both knownhosts options to the same file * Changes: - openssl: bump minimum OpenSSL version to 3.0.0 * Bugfixes: - alt-svc: more flexibility on same destination - altsvc: accept ma/persist per alternative entry - altsvc: make it one malloc instead of three per entry - asyn-ares: handle Curl_dnscache_mk_entry() OOM error - asyn-ares: remove hostname free on OOM - asyn-thrdd: fix Curl_async_getaddrinfo() on systems without getaddrinfo - asyn-thrdd: release rrname if ares_init_options fails - auth: always treat Curl_auth_ntlm_get() returning NULL as OOM - autotools: add nettle library detection via pkg-config (for GnuTLS) - autotools: drop autoconf <2.59 compatibility code (zz60-xc-ovr) - autotools: fix LargeFile feature display on Windows (after prev patch) - autotools: tidy-up 'if' expressions - build: add build-level 'CURL_DISABLE_TYPECHECK' options - build: exclude clang prereleases from compiler warning options - build: replace '-pedantic' with '-Wpedantic' when supported - build: set '-Wno-format-signedness' - build: tidy-up MSVC CRT warning suppression macros - ccsidcurl: make curl_mime_data_ccsid() use the converted size - cf-h1-proxy: support folded headers in CONNECT responses - cf-https-connect: allocate ctx at first in cf_hc_create() - cf-socket: drop feature check for 'IPV6_V6ONLY' on Windows - cf-socket: enable Win10 'TCP_KEEP*' options with old SDKs - cf-socket: limit use of 'TCP_KEEP*' to Windows 10.0.16299+ at runtime - cf-socket: return OOM error if socket() fails due to OOM - cf-socket: trace ignored errors - cfilters: make conn_forget_socket a private libssh function - checksrc.pl: detect assign followed by more than one space - cmake: adjust defaults for target platforms not supporting shared libs - cmake: define dependencies as 'IMPORTED' interface targets - cmake: delete unused file 'CMake/CMakeConfigurableFile.in' - cmake: disable 'CURL_CA_PATH' auto-detection if 'USE_APPLE_SECTRUST=ON' - cmake: fix 'ws2_32' reference in 'curl-config.cmake' - cmake: honor 'CURL_DISABLE_INSTALL' and 'CURL_ENABLE_EXPORT_TARGET' - cmake: replace deprecated 'OPENSSL_FOUND' with 'OpenSSL_FOUND' - cmake: replace deprecated 'PERL_FOUND' with 'Perl_FOUND' - cmake: save and restore 'CMAKE_MODULE_PATH' in 'curl-config.cmake' - cmake: set found status to OFF when not found (for compression deps) - code: minor indent fixes before closing braces - config-win32.h: delete obsolete, non-Windows comments - config-win32.h: drop unused/obsolete 'CURL_HAS_OPENLDAP_LDAPSDK' - config2setopts: add space in cookie header with multiple -b - config2setopts: bail out if curl_url_get() returns OOM - config2setopts: exit if curl_url_set() fails on OOM - configure: delete unused variable - conncache: silence '-Wnull-dereference' on gcc 14 RISC-V 64 - conncontrol: reuse handling - connect: reshuffle Curl_timeleft_ms to avoid 'redundant condition' - connection: attached transfer count - content_encoding: avoid strcpy - cookie. return proper error on OOM - cookie: allocate the main struct once cookie is fine - cookie: flush better - cookie: only keep and use the canonical cleaned up path - cookie: propagate errors better, cleanup the internal API - cookie: return error on OOM - cookie: when parsing a cookie header, delay all allocations until okay - cshutdn: acknowledge FD_SETSIZE for shutdown descriptors - curl: fix progress meter in parallel mode - curl_fopen: do not pass invalid mode flags to 'open()' on Windows - curl_gssapi: make sure Curl_gss_log_error() has an initialized buffer - curl_ntlm_core: fix DES_* symbols for some wolfSSL builds - curl_quiche: refuse headers with CR, LF or null bytes - curl_sasl: make Curl_sasl_decode_mech compare case insensitively - curl_setup.h: document more funcs flagged by '_CRT_SECURE_NO_WARNINGS' - curl_setup.h: drop stray '#undef stat' (Windows) - curl_setup.h: drop superfluous parenthesis from 'Curl_safefree' macro - curl_threads: don't do another malloc if the first fails - curl_trc: delete unused DoH remains - CURLINFO: remove 'get' and 'get the' from each short desc - CURLINFO_SCHEME/PROTOCOL: they return the "scheme" for a "transfer" - CURLINFO_TLS_SSL_PTR.md: remove CURLINFO_TLS_SESSION text - CURLMOPT_SOCKETFUNCTION.md: fix the callback argument use - CURLOPT_ACCEPT_ENCODING.md: warn about the expansion - CURLOPT_FOLLOWLOCATION.md: s/Authentication:/Authorization:/ - CURLOPT_HAPROXY_CLIENT_IP.md: emphasize reused connection use - CURLOPT_READFUNCTION.md: clarify the size of the buffer - CURLOPT_SSH_KEYFUNCTION.md: fix minor indent mistake in example - curlx/fopen: replace open CRT functions their with '_s' counterparts (Windows) - curlx/multibyte: stop setting macros for non-Windows - curlx/strerr: use 'strerror_s()' on Windows - curlx: add 'curlx_rename()', fix to support long filenames on Windows - curlx: curlx_strcopy() instead of strcpy() - curlx: limit use of system allocators to the minimum possible - curlx: replace 'mbstowcs'/'wcstombs' with '_s' counterparts (Windows) - curlx: replace 'sprintf' with 'snprintf' - curlx: use curl alloc in 'curlx_win32_stat()' (Windows) - curlx: use curlx allocators in non-memdebug builds (Windows) - DEPRECATE: add CMake <3.18 deprecation for April 2026 - digest: fix OWS and escaped quote handling ... changelog too long, skipping 207 lines ... * Remove patch curl-vtls-fix-CURLOPT_CAPATH-use.patch ==== ed ==== Version update (1.22.3 -> 1.22.4) - GNU ed 1.22.4: * 'make check' now skips the checking of file names with non-ASCII non-UTF-8 haracters on file systems where such characters are invalid. ==== gimp ==== Subpackages: gimp-plugin-aa gimp-plugin-python3 libgimp-3_0-0 libgimpui-3_0-0 - Add gimp-CVE-2025-15059.patch: vulnerability in file-psp (CVE-2025-15059, ZDI-CAN-28232, bsc#1255766). ==== imlib2 ==== Version update (1.12.3 -> 1.12.5) Subpackages: imlib2-loaders libImlib2-1 - Enable SVG - Disable HEIF on 15.6 - Fix changelog - Do not link modules with libImlib2.la - Update to 1.12.5: * autofoo: Optionally link modules with libImlib2.la * autofoo: Use pkg-config for libyuv if available * Y4M loader: add support for images with no framerate info * SVG loader: Suppress warning * imlib2_load/view: Show image alpha status too * imlib2_load/view: Add -h option for help * imlib2_conv: Optionally produce scaled image * imlib2_conv: Optionally render image on background before saving * savers: Add common save parameter handler * add HEIF saver * loaders: Fix gcc15 warnings * SVG loader: Handle .svgz too * image: Add optional alpha check requested by loaders * SVG loader: Check alpha in pixel data * imlib2_view: Optionally show crc32 of image data * add AVIF saver and loader * add QOI saver ==== kImageAnnotator-Qt5 ==== Version update (0.7.1 -> 0.7.2) - Update to 0.7.2 * Don't call XCloseDisplay on null object. * Revert Custom Scaling Handling for KDE / QT * Fix result images being rescaled on HDPI monitors ==== kImageAnnotator-Qt6 ==== Version update (0.7.1 -> 0.7.2) - Update to 0.7.2 * Don't call XCloseDisplay on null object. * Revert Custom Scaling Handling for KDE / QT * Fix result images being rescaled on HDPI monitors ==== kernel-firmware-bluetooth ==== Version update (20251228 -> 20260106) - Update to version 20260106 (git commit e272e0d1edce): * qca: Update Bluetooth WCN6750 1.1.3-00100 firmware to 1.1.3-00105 ==== kernel-firmware-network ==== Version update (20250912 -> 20260106) - Update to version 20260106 (git commit e272e0d1edce): * linux-firmware: add firmware for an8811hb 2.5G ethernet phy ==== kernel-firmware-platform ==== - Update aliases ==== kernel-firmware-qcom ==== Version update (20251228 -> 20260106) - Update to version 20260106 (git commit e272e0d1edce): * qcom: Update aic100 firmware files * firmware: Revert kernel_boot.elf due to license compliance issue ==== kernel-firmware-realtek ==== - Update aliases for more Realtek WiFi devices (bsc#1255777) ==== libcloudproviders ==== Version update (0.3.6 -> 0.4.0) - Update to version 0.4.0: + Add dependencies to the pkg-config file + Replace gtk-doc with gi-docgen + Require meson 1.9.0 + Plug tiny memory leaks and reduce memory footprint of the library - Drop gtk-doc BuildRequires following upstreams port. Stop building API docs. - Use ldconfig_scriptlets macro for post(un) handling. ==== libdecor ==== Version update (0.2.2 -> 0.2.5) Subpackages: libdecor-0-0 - update to 0.2.5: * libdecor: Fix set_visibility for SSD compositors * Don't commit frame when with no content set * Always apply limits no matter the window state * Only query border size when decorated ==== libdrm ==== Version update (2.4.130 -> 2.4.131) Subpackages: libdrm2 libdrm_amdgpu1 libdrm_intel1 libdrm_nouveau2 libdrm_radeon1 - update to 2.4.131 * support steam machine * avoid insecure getenv use ==== libevdev ==== Version update (1.13.5 -> 1.13.6) - update to 1.13.6: * include: sync event codes with kernel 6.18 ==== libgcrypt ==== Subpackages: libgcrypt20 libgcrypt20-32bit libgcrypt20-x86-64-v3 - enable the Kyber PQ KEM (boo#1256108) ==== libheif ==== Version update (1.20.2 -> 1.21.1) Subpackages: gdk-pixbuf-loader-libheif libheif-aom libheif-dav1d libheif-ffmpeg libheif-jpeg libheif-openh264 libheif-openjpeg libheif-rav1e libheif-svtenc libheif1 - update to 1.21.1: * This patch release only fixes a build error with some GCC versions because of a missing #include. - update to 1.21.0: * This release adds full support for reading and writing HEIF image sequences. libheif will now encode HEIF image sequences with all included codecs. * Since HEIF image sequences are very similar to MP4 videos, this new version is also capable of decoding most MP4 videos (without audio, of course). * heif-enc documentation for sequence encoding * API documentation for reading and writing sequences * Support for image sequences with alpha channels. For most codecs, the alpha channel will be stored in a separate, auxiliary, monochrome track. For ISO/IEC 23001-17 (uncompressed) streams, the alpha channel is stored in the main video track. * Support for sequence track edit lists to define the number of sequence repetitions (without actually repeating the video data). * New encoder plugin using x264 to write H.264-compressed video streams and images. * The FFmpeg decoder plugin will now decode both H.265 and H.264. * Support for HEIF text items and language properties. * CVEs fixed: CVE-2025-68431 ==== libva ==== Version update (2.22.0 -> 2.23.0) Subpackages: libva-drm2 libva-wayland2 libva-x11-2 libva2 - update to 2.23.0: * va: add VAProfileH264High422 * va: add av1 profile2 * va: correct the description of segment id map buffer for vp9e * va: encode segmentation map refine * va: add defintions for segment id block size * trace: support more format surface dump * trace:add vpp output surface dump support * trace: add Y410 support in dump surface * trace: add trace for vaDeriveImage * trace: add missing trace fields for VAProcPipelineParameterBuffer * doc: add backward compatibility declarison declaration * android: Remove unnecessary Android code * android: Include directories and generated header files in Android.bp * android: Update Android.bp to generate va_version.h and build only for x86_64 * android: Add Android.bp to replace mk files ==== libva-gl ==== Version update (2.22.0 -> 2.23.0) - update to 2.23.0: * va: add VAProfileH264High422 * va: add av1 profile2 * va: correct the description of segment id map buffer for vp9e * va: encode segmentation map refine * va: add defintions for segment id block size * trace: support more format surface dump * trace:add vpp output surface dump support * trace: add Y410 support in dump surface * trace: add trace for vaDeriveImage * trace: add missing trace fields for VAProcPipelineParameterBuffer * doc: add backward compatibility declarison declaration * android: Remove unnecessary Android code * android: Include directories and generated header files in Android.bp * android: Update Android.bp to generate va_version.h and build only for x86_64 * android: Add Android.bp to replace mk files ==== loupe ==== Version update (49.1 -> 49.2) Subpackages: loupe-lang - Update to version 49.2: + Fixed: - Check if the is-hidden property is available before reading it. - Considerably increased speed for listing other images in folders, especially for remote locations. This allows for switiching to other images to become available much quicker. - Fix panics, probably occuring when using an action like 'copy', and then closing the window. The crash causes all other windows to close. - Force gufo-exif version 0.3.1 to fix the missing beginning of user comments. - Showing wrong mime type in error message if the file ending for an image is wrong. - The creation date for images that don't provide a timezone was displayed as if the recorded date and time was in UTC. - Zooming in would not work via the zoom menu, if the resulting zoom state would still fit the image inside the window. + Changed: Track the location in source code of errors trying to get the root window. - Temp disable update of vendor tarball. Updated vendors currently breaks the build. ==== mariadb ==== Subpackages: libmariadbd19 mariadb-client mariadb-errormessages - make 'mysql-systemd-helper upgrade' selinux aware (bsc#1255024) ==== ncurses ==== Version update (6.5.20251213 -> 6.6.20260103) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20251231 + amend fix for Windows-style pathnames to eliminate "./" in comment generated by infocmp where not needed (report by Sven Joachim). + fix a few gcc 15.2 warnings for C23 + actually generate doc/html/announce.html (report by Branden Robinson) - Add ncurses patch 20260103 + cancel ncv in putty (patch by Jakub Horky) + add NQ to list of user-definable capabilities in user_caps(5) (patch by Jakub Horky) + update ncurses/wcwidth.c, for MinGW ports, from xterm. - Update to ncurses 6.6 (patch 20251230) + update announcement + corrected an ifdef needed for mouse support in MinGW/Windows + eliminate remaining duplicate code between MinGW/Windows drivers - Update to tack-1.11-20251210 * package/debian/changelog, package/tack.spec, tack.h: bump * edit.c: gcc warning 0 vs NULL * tackcfg.h: build-fix: term.h no longer exports termios.h definitions (Debian #1122485) * tack.h: use noreturn, if possible * tackgen.c, tack.c, pad.c, sync.c, output.c, modes.c, crum.c, edit.c, fun.c, init.c, menu.c, ansi.c, charset.c, color.c, control.c, tack.h: fixes for gcc15 -Wzero-as-null-pointer-constant - Port and rename patch ncurses-6.4.dif which is now ncurses-6.6.dif - Port patches * ncurses-5.9-ibm327x.dif * ncurses-6.5-ghostty.dif - Add ncurses patch 20251227 + make win32_curses.h obsolete in favor of nc_win32.h + modify MinGW32 configuration to account for its use of Windows-style pathnames in filesystem checks. + replace --enable-exp-win32 option with --enable-named-pipes - Add ncurses patch 20251220 > in-progress work to merge MinGW/Windows port. + eliminate EXP_WIN32_DRIVER with USE_NAMED_PIPES + change MS_TERMINAL to DEFAULT_TERM_VAR ==== openSUSE-release ==== Version update (20260106 -> 20260108) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== python-gevent ==== - Rework requirements: * Add missing setuptools for building * Remove obsolete requirements * Don't hard require optional requirements. See comments in setup.py - testrunner.py is no longer directly executable by default ==== rgb ==== Version update (1.1.0 -> 1.1.1) - Update to version 1.1.1 * Remove "All rights reserved" from Oracle copyright notices * showrgb.man: Use bold instead of italic for program name * Add --help and --version options * Improve man page formatting * Strip trailing whitespace from source files * rgb: Make color entries uniform ==== ruby4.0 ==== Subpackages: libruby4_0-4_0 - Enable valgrind support on riscv64 ==== systemd-presets-branding-openSUSE ==== - Modernize specfile - Update Supplements to new RPM format - Use RPM macros provided by systemd-presets-common-SUSE-devel ==== tree-sitter ==== Subpackages: libtree-sitter0_25 libtree-sitter0_25-x86-64-v3 - Modify tree-sitter-target.py to include not only parser.c, but also scanner.c, if available. ==== tslib ==== Version update (1.22 -> 1.24) - update to 1.24: * improved release procedure * debug fixes for 32bit systems * CMake and autoconf updates for newer versions * fixes for minor cppcheck errors * ts_conf test program fixes * new filter module: `module crop` * some build and security fixes * improved release procedure - updated keyring ==== xauth ==== Version update (1.1.4 -> 1.1.5) - update to 1.1.5: * man page: fix warnings from `mandoc -T lint` and `groff - rCHECKSTYLE=10` - add gpg validation ==== yast2 ==== Version update (5.0.17 -> 5.0.18) Subpackages: yast2-logs - save_y2logs: Do not use the legacy /var/lib/rpm database path (bsc#1254914) - 5.0.18