Packages changed: 389-ds (3.1.3~git111.e953ee704 -> 3.2.0~git7.7c8a16c6b) ImageMagick (7.1.2.12 -> 7.1.2.13) Mesa Mesa-drivers MozillaFirefox (146.0.1 -> 147.0) aaa_base (84.87+git20251111.509a363 -> 84.87+git20260112.8f614f3) alsa (1.2.15.2 -> 1.2.15.3) alsa-ucm-conf (1.2.15.2 -> 1.2.15.3) amarok (3.3.1 -> 3.3.2) apache2-mod_php8 (8.4.16 -> 8.4.17) aurorae6 (6.5.4 -> 6.5.5) autoyast2 (5.0.7 -> 5.0.8) avahi avahi-glib2 bind bluedevil6 (6.5.4 -> 6.5.5) breeze6 (6.5.4 -> 6.5.5) breeze6-gtk (6.5.4 -> 6.5.5) discover6 (6.5.4 -> 6.5.5) dracut (059+suse.785.g17d177bb -> 059+suse.787.gfb86123e) drkonqi6 (6.5.4 -> 6.5.5) emacs ffmpeg-8 filesystem flatpak-kcm6 (6.5.4 -> 6.5.5) folks (0.15.9 -> 0.15.12) freerdp (3.20.0 -> 3.20.2) fuse3 fwupd gimp gnome-text-editor (49.0 -> 49.1) gpsd (3.27.3 -> 3.27.5) harfbuzz imlib2 (1.12.5 -> 1.12.6) irqbalance (1.9.4.77.git+d913f60 -> 1.9.5.0.git+cf76396) kactivitymanagerd6 (6.5.4 -> 6.5.5) kde-cli-tools6 (6.5.4 -> 6.5.5) kde-gtk-config6 (6.5.4 -> 6.5.5) kdecoration6 (6.5.4 -> 6.5.5) kdeplasma6-addons (6.5.4 -> 6.5.5) kernel-firmware-amdgpu (20260109 -> 20260116) kernel-firmware-bluetooth (20260109 -> 20260116) kernel-firmware-i915 (20260109 -> 20260114) kernel-firmware-iwlwifi (20251217 -> 20260116) kernel-firmware-mediatek (20260110 -> 20260114) kernel-firmware-network (20260106 -> 20260116) kernel-firmware-qcom (20260109 -> 20260114) kernel-source (6.18.5 -> 6.18.6) kf6-kguiaddons (6.22.0 -> 6.22.1) kf6-kuserfeedback kgamma6 (6.5.4 -> 6.5.5) kglobalacceld6 (6.5.4 -> 6.5.5) kinfocenter6 (6.5.4 -> 6.5.5) kmenuedit6 (6.5.4 -> 6.5.5) knighttime6 (6.5.4 -> 6.5.5) kpipewire6 (6.5.4 -> 6.5.5) kscreen6 (6.5.4 -> 6.5.5) kscreenlocker6 (6.5.4 -> 6.5.5) ksshaskpass6 (6.5.4 -> 6.5.5) ksystemstats6 (6.5.4 -> 6.5.5) kwayland-integration6 (6.5.4 -> 6.5.5) kwayland6 (6.5.4 -> 6.5.5) kwin6 (6.5.4 -> 6.5.5) kwin6-x11 (6.5.4 -> 6.5.5) layer-shell-qt6 (6.5.4 -> 6.5.5) libblockdev libgnomesu (2.0.9 -> 2.0.10) libgsf (1.14.54 -> 1.14.55) libheif (1.21.1 -> 1.21.2) libkscreen6 (6.5.4 -> 6.5.5) libksysguard6 (6.5.4 -> 6.5.5) libplasma6 (6.5.4 -> 6.5.5) libpng16 (1.6.53 -> 1.6.54) libsndfile libstorage-ng (4.5.284 -> 4.5.285) libvdpau libvirt (11.10.0 -> 12.0.0) libvpl (2.15.0 -> 2.16.0) llvm21 (21.1.7 -> 21.1.8) mailutils (3.17 -> 3.21) mdevctl milou6 (6.5.4 -> 6.5.5) mozilla-nss (3.118.1 -> 3.119.1) mozjs140 (140.6.0 -> 140.7.0) msgraph (0.3.3 -> 0.3.4) multipath-tools (0.13.0+229+suse.dbac936f -> 0.14.0+207+suse.18c17be5) myrlyn (0.9.9 -> 1.0.0) ncurses (6.6.20260103 -> 6.6.20260117) nghttp3 (1.13.1 -> 1.14.0) ngtcp2 (1.18.0 -> 1.19.0) nvidia-open-driver-G06-signed (580.119.02_k6.18.5_1 -> 580.126.09_k6.18.5_1) ocean-sound-theme6 (6.5.4 -> 6.5.5) openSUSE-build-key openSUSE-release (20260113 -> 20260121) opus (1.6 -> 1.6.1) orc (0.4.41 -> 0.4.42) ovmf (202508 -> 202511) p11-kit (0.25.10 -> 0.26.1) pam-config (2.13+git.20251203 -> 2.14+git.20260120) pam_kwallet6 (6.5.4 -> 6.5.5) php8 (8.4.16 -> 8.4.17) pkcs11-helper (1.30.0 -> 1.31.0) plasma5support6 (6.5.4 -> 6.5.5) plasma6-activities (6.5.4 -> 6.5.5) plasma6-activities-stats (6.5.4 -> 6.5.5) plasma6-browser-integration (6.5.4 -> 6.5.5) plasma6-desktop (6.5.4 -> 6.5.5) plasma6-disks (6.5.4 -> 6.5.5) plasma6-integration (6.5.4 -> 6.5.5) plasma6-nm (6.5.4 -> 6.5.5) plasma6-openSUSE plasma6-pa (6.5.4 -> 6.5.5) plasma6-print-manager (6.5.4 -> 6.5.5) plasma6-systemmonitor (6.5.4 -> 6.5.5) plasma6-thunderbolt (6.5.4 -> 6.5.5) plasma6-workspace (6.5.4 -> 6.5.5) polkit-kde-agent-6 (6.5.4 -> 6.5.5) postfix (3.10.6 -> 3.10.7) powerdevil6 (6.5.4 -> 6.5.5) python-Pillow (12.0.0 -> 12.1.0) python-pyasn1 (0.6.1 -> 0.6.2) python-requests-gssapi (1.3.0 -> 1.4.0) python-tinycss2 (1.4.0 -> 1.5.1) python-urllib3 (2.6.2 -> 2.6.3) qqc2-breeze-style6 (6.5.4 -> 6.5.5) ruby4.0 (4.0.0 -> 4.0.1) salt sdbootutil (1+git20260108.be38224 -> 1+git20260115.cd41d07) sddm-kcm6 (6.5.4 -> 6.5.5) selinux-policy (20260108 -> 20260120) sendmail shadow (4.18.0 -> 4.19.2) spectacle (6.5.4 -> 6.5.5) sssd (2.11.1 -> 2.12.0) syslogd systemsettings6 (6.5.4 -> 6.5.5) taglib texlive util-linux (2.41.2 -> 2.41.3) util-linux-systemd (2.41.2 -> 2.41.3) wacomtablet-kcm6 (6.5.4 -> 6.5.5) wavpack (5.8.1 -> 5.9.0) xdg-desktop-portal-kde6 (6.5.4 -> 6.5.5) xdm xkeyboard-config xorg-x11-server xwayland (24.1.8 -> 24.1.9) yast2 (5.0.18 -> 5.0.19) yast2-packager (5.0.10 -> 5.0.11) yast2-perl-bindings (5.0.4 -> 5.0.5) yast2-ruby-bindings (5.0.5 -> 5.0.6) yast2-storage-ng (5.0.38 -> 5.0.39) yast2-trans (84.87.20260110.bcca851389 -> 84.87.20260112.417521aa92) === Details === ==== 389-ds ==== Version update (3.1.3~git111.e953ee704 -> 3.2.0~git7.7c8a16c6b) Subpackages: lib389 libsvrcore0 - Update to version 3.2.0~git7.7c8a16c6b: * Issue 7152 - ns-slapd fails to shutdown when deferred memberof update is in progress (#7187) * Issue 6753 - Port ticket 548 test (#7101) * Issue 7172 - (2nd) Index ordering mismatch after upgrade (#7180) * Issue 7172 - Index ordering mismatch after upgrade (#7173) * Issue 7108 - Fix shutdown crash in entry cache destruction (#7163) * Issue - Revise paged result search locking * Issue 7096 - During replication online total init the function idl_id_is_in_idlist is not scaling with large database (#7145) * Bump version to 3.2.0 * Issue 7160 - Add lib389 version sync check to configure (#7165) * Issue 7166 - db_config_set asserts because of dynamic list (#7167) * Issue 6951 - Dynamic Certificate refresh phase 3 - Certificates switch (#7157) * Issue 7155 - build_candidate_list - Database error 11 with range search (#7156) * Make nss include paths platform-agnostic (#7159) * Issue 6753 - Port ticket47953 test to acl/misc_test.py using DSLdapObject (#7153) * Issue 6951 - Dynamic Certificate refresh phase 2 - Add/Modify/Delete support (#7140) * Issue 6753 - Port ticket47970 test to sasl/regression_test.py using DSLdapObject (#7146) * Issue 7150 - Compressed access log rotations skipped, accesslog-list out of sync (#7151) * Issue: 7147 - entrycache_eviction_test is failing (#7148) * Issue 1793 - RFE - Dynamic lists - UI and CLI updates * Issue 7119 - Fix DNA shared config replication test (#7143) * Issue 7081 - Repl Log Analysis - Implement data sampling with performance and timezone fixes (#7086) * Issue 1793 - RFE - Implement dynamic lists * Issue 7112 - dsctrl dblib bdb2mdb core dumps and won't allow conversion (#7144) * Issue 7053 - Remove memberof_del_dn_from_groups from MemberOf plugin (#7064) * Issue 7138 - test_cleanallruv_repl does not restart supplier3 (#7139) * Issue 6753 - Port ticket47921 test to indirect_cos_test using DSLdapObject (#7134) * Issue 7128 - memory corruption in alias entry plugin (#7131) * Issue 7091 - Duplicate local password policy entries listed (#7092) * Issue 7124 - BDB cursor race condition with transaction isolation (#7125) * Issue 6951 - Dynamic Certificate refresh phase 1 - Search support (#7117) * Issue 7132 - Keep alive entry updated too soon after an offline import (#7133) * Issue 7135 - Not enough space for tests on GH runner (#7136) * Issue 7121 - LeakSanitizer: various leaks during replication (#7122) * Issue 7115 - LeakSanitizer: leak in `slapd_bind_local_user()` (#7116) * Issue 7109 - AddressSanitizer: SEGV ldap/servers/slapd/csnset.c:302 in csnset_dup (#7114) * Issue 7119 - Harden DNA plugin locking for shared server list operations (#7120) * Issue 7084 - UI - schema - sorting attributes breaks expanded row * Issue 6753 - Port ticket47910 test to logconv_test using DSLdapObject (#7098) * Issue 6753 - Port ticket47920 test to ldap_controls_test using DSLdapObject (#7103) * Issue 7007 - Improve paged result search locking * Issue 7041 - Add WebUI test for group member management (#7111) * Issue 3555 - UI - Fix audit issue with npm - glob (#7107) * Issue 7089 - Fix dsconf certificate list (#7090) * Issue 7076, 6992, 6784, 6214 - Fix CI test failures (#7077) * Bump js-yaml from 4.1.0 to 4.1.1 in /src/cockpit/389-console (#7097) * Issue 7069 - Fix error reporting in HAProxy trusted IP parsing (#7094) * Issue 7049 - RetroCL plugin generates invalid LDIF * Issue 7055 - Online initialization of consumers fails with error -23 (#7075) * Issue 6753 - Remove ticket 47900 test (#7087) * Issue 6753 - Port ticket 49008 test (#7080) * Issue 7042 - Enable global_backend_lock when memberofallbackend is enabled (#7043) * Issue 7078 - audit json logging does not encode binary values * Issue 7069 - Add Subnet/CIDR Support for HAProxy Trusted IPs (#7070) * Issue 7056 - DSBLE0007 doesn't generate remediation steps for missing indexes * Issue 6660 - CLI, UI - Improve replication log analyzer usability (#7062) * Issue 7065 - A search filter containing a non normalized DN assertion does not return matching entries (#7068) * Issue 7071 - search filter (&(cn:dn:=groups)) no longer returns results * Issue 7073 - Add NDN cache size configuration and enforcement tests (#7074) * Issue 6753 - Removing ticket 47871 test and porting to DSLdapObject (#7045) * Issue 7041 - CLI/UI - memberOf - no way to add/remove specific group filters * Issue 6753 - Port ticket 48228 test (#7067) * Issue 7029 - Add test case to measure ndn cache performance impact (#7030) * Issue 7061 - CLI/UI - Improve error messages for dsconf localpwp list * Issue 7059 - UI - unable to upload pem file * Issue 7032 - The new ipahealthcheck test ipahealthcheck.ds.backends.BackendsCheck raises CRITICAL issue (#7036) * Issue 7047 - MemberOf plugin logs null attribute name on fixup task completion (#7048) * Issue 7044 - RFE - index sudoHost by default (#7046) * Issue 6846 - Attribute uniqueness is not enforced with modrdn (#7026) * Issue 6784 - Support of Entry cache pinned entries (#6785) * Issue 6979 - Improve the way to detect asynchronous operations in the access logs (#6980) * Issue 6753 - Port ticket 47931 test (#7038) * Issue 7035 - RFE - memberOf - adding scoping for specific groups * Issue - CLI/UI - Add option to delete all replication conflict entries * Issue 7033 - lib389 - basic plugin status not in JSON ==== ImageMagick ==== Version update (7.1.2.12 -> 7.1.2.13) Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - version update to 7.1.2.13 * no upstream changelog, see https://github.com/ImageMagick/ImageMagick/compare/7.1.2-12..7.1.2-13 - modified patches * ImageMagick-configuration-SUSE.patch (refreshed) ==== Mesa ==== Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1 - includes the fixes for bsc#1245034, bsc#1241370, bsc#1241701 - includes the following patches: * U_0001-svga-add-svga_resource_create_with_modifiers-functio.patch * U_0002-svga-fix-printing-64-bit-value-for-32-bit-build.patch * U_gbm-fix-get_back_bo-failure-with-gbm_surface-and-imp.patch * U_egl-never-select-swrast-for-vmwgfx.patch - Enable Asahi DRI and Vulkan drivers for x86_64 and AArch64 ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-libva Mesa-vulkan-device-select libvulkan_lvp - includes the fixes for bsc#1245034, bsc#1241370, bsc#1241701 - includes the following patches: * U_0001-svga-add-svga_resource_create_with_modifiers-functio.patch * U_0002-svga-fix-printing-64-bit-value-for-32-bit-build.patch * U_gbm-fix-get_back_bo-failure-with-gbm_surface-and-imp.patch * U_egl-never-select-swrast-for-vmwgfx.patch - Enable Asahi DRI and Vulkan drivers for x86_64 and AArch64 ==== MozillaFirefox ==== Version update (146.0.1 -> 147.0) Subpackages: MozillaFirefox-branding-upstream MozillaFirefox-translations-common - Mozilla Firefox 147.0 https://www.firefox.com/en-US/firefox/147.0/releasenotes MFSA 2026-01 (bsc#1256340) * CVE-2026-0877 (bmo#1999257) Mitigation bypass in the DOM: Security component * CVE-2026-0878 (bmo#2003989) Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component * CVE-2026-0879 (bmo#2004602) Sandbox escape due to incorrect boundary conditions in the Graphics component * CVE-2026-0880 (bmo#2005014) Sandbox escape due to integer overflow in the Graphics component * CVE-2026-0881 (bmo#2005845) Sandbox escape in the Messaging System component * CVE-2026-0882 (bmo#1924125) Use-after-free in the IPC component * CVE-2026-0883 (bmo#1989340) Information disclosure in the Networking component * CVE-2026-0884 (bmo#2003588) Use-after-free in the JavaScript Engine component * CVE-2026-0885 (bmo#2003607) Use-after-free in the JavaScript: GC component * CVE-2026-0886 (bmo#2005658) Incorrect boundary conditions in the Graphics component * CVE-2026-0887 (bmo#2006500) Clickjacking issue, information disclosure in the PDF Viewer component * CVE-2026-0888 (bmo#1985996) Information disclosure in the XML component * CVE-2026-0889 (bmo#1999084) Denial-of-service in the DOM: Service Workers component * CVE-2026-0890 (bmo#2005081) Spoofing issue in the DOM: Copy & Paste and Drag & Drop component * CVE-2026-0891 (bmo#1964722, bmo#2000981, bmo#2003100, bmo#2003278) Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147 * CVE-2026-0892 (bmo#1986912, bmo#1996718, bmo#1999633, bmo#2001081, bmo#2004443) Memory safety bugs fixed in Firefox 147 and Thunderbird 147 - requires NSS >= 3.119 - Added upstream patch mozilla-bmo2008777.patch to fix KDE crash (boo#1256513) ==== aaa_base ==== Version update (84.87+git20251111.509a363 -> 84.87+git20260112.8f614f3) Subpackages: aaa_base-extras - Update to version 84.87+git20260112.8f614f3: * add ghost entries for the removed dirs * Revert list directories above all normal files. - Update to version 84.87+git20251217.34fd7bc: * add tmpfiles template adm-backup.conf (jsc#PED-14803) * Revert ec7f00fa60f11d28b427f2e224822a7b81825806 * Fix old script to support copy mode as well * Support for XDG environment variables for the su, * adapted sugggestions * Patching nsswitch.conf only if it has not been generated by nsswitch-config (JIRA-#PED-13807). * Avoid nasty exceptions running tput ==== alsa ==== Version update (1.2.15.2 -> 1.2.15.3) Subpackages: libasound2 libatopology2 - Update to alsa-lib 1.2.15.3: * seq: return back old snd_seq_drain_output behaviour for -EAGAIN ==== alsa-ucm-conf ==== Version update (1.2.15.2 -> 1.2.15.3) - Update to alsa-ucm-conf 1.2.15.3: * Fixes for HDA-analog, sof-hda-dsp and USB-audio ==== amarok ==== Version update (3.3.1 -> 3.3.2) - Update to 3.3.2 https://blogs.kde.org/2026/01/18/amarok-3.3.2-released/ ==== apache2-mod_php8 ==== Version update (8.4.16 -> 8.4.17) - remove a patch, which breaks phar.phar [bsc#1256905] * php-sort-filelist-phar.patch (upstreamed) - modified patches * php-build-reproducible-phar.patch (refreshed) - version update to 8.4.17 Core: Fix OSS-Fuzz #465488618 (Wrong assumptions when dumping function signature with dynamic class const lookup default argument). Fixed bug GH-20695 (Assertion failure in normalize_value() when parsing malformed INI input via parse_ini_string()). Fixed bug GH-20714 (Uncatchable exception thrown in generator). Fixed bug GH-20352 (UAF in php_output_handler_free via re-entrant ob_start() during error deactivation). Bz2: Fixed bug GH-20620 (bzcompress overflow on large source size). DOM: Fixed bug GH-20722 (Null pointer dereference in DOM namespace node cloning via clone on malformed objects). Fixed bug GH-20444 (Dom\XMLDocument::C14N() seems broken compared to DOMDocument::C14N()). GD: Fixed bug GH-20622 (imagestring/imagestringup overflow). Intl: Fix leak in umsg_format_helper(). LDAP: Fix memory leak in ldap_set_options(). Mbstring: Fixed bug GH-20674 (mb_decode_mimeheader does not handle separator). PCNTL: Fixed bug with pcntl_getcpuaffinity() on solaris regarding invalid process ids handling. Phar: Fixed bug GH-20732 (Phar::LoadPhar undefined behavior when reading fails). Fix SplFileInfo::openFile() in write mode. Fix build on legacy OpenSSL 1.1.0 systems. Fixed bug #74154 (Phar extractTo creates empty files). POSIX: Fixed crash on posix groups to php array creation on macos. SPL: Fixed bug GH-20678 (resource created by GlobIterator crashes with fclose()). Sqlite3: Fixed bug GH-20699 (SQLite3Result fetchArray return array|false, null returned). Standard: Fix error check for proc_open() command. Fix memory leak in mail() when header key is numeric. Fixed bug GH-20582 (Heap Buffer Overflow in iptcembed). Zlib: Fix OOB gzseek() causing assertion failure. ==== aurorae6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: aurorae6-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== autoyast2 ==== Version update (5.0.7 -> 5.0.8) Subpackages: autoyast2-installation - Drop the libyui dependency (related to bsc#1254978) - 5.0.8 ==== avahi ==== Subpackages: avahi-lang libavahi-client3 libavahi-client3-32bit libavahi-common3 libavahi-common3-32bit libavahi-core7 - Add avahi-CVE-2025-68276.patch: Backport 0c013e2 from upstream, refuse to create wide-area record browsers when wide-area is off. (CVE-2025-68276, bsc#1256498) - Add avahi-CVE-2025-68471.patch: Backport 9c6eb53 from upstream, fix DoS bug by changing assert to return. (CVE-2025-68471, bsc#1256500) - Add avahi-CVE-2025-68468.patch: Backport f66be13 from upstream, fix DoS bug by removing incorrect assertion. (CVE-2025-68468, bsc#1256499) ==== avahi-glib2 ==== - Add avahi-CVE-2025-68276.patch: Backport 0c013e2 from upstream, refuse to create wide-area record browsers when wide-area is off. (CVE-2025-68276, bsc#1256498) - Add avahi-CVE-2025-68471.patch: Backport 9c6eb53 from upstream, fix DoS bug by changing assert to return. (CVE-2025-68471, bsc#1256500) - Add avahi-CVE-2025-68468.patch: Backport f66be13 from upstream, fix DoS bug by removing incorrect assertion. (CVE-2025-68468, bsc#1256499) ==== bind ==== Subpackages: bind-doc bind-utils - Remove packaging support for releases prior to SLES 15 SP4/Leap 15.4. - The builds have dependencies that are no longer met by these older releases. - Fix Sphinx processing of documentation on SLES/Leap 15. ==== bluedevil6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: bluedevil6-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== breeze6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: breeze6-cursors breeze6-decoration breeze6-style breeze6-style-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== breeze6-gtk ==== Version update (6.5.4 -> 6.5.5) Subpackages: gtk2-metatheme-breeze6 gtk3-metatheme-breeze6 gtk4-metatheme-breeze6 metatheme-breeze6-common - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== discover6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: discover6-backend-flatpak discover6-backend-fwupd discover6-backend-packagekit discover6-lang discover6-notifier - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * Fix for F5 refresh shortcut on the Updates page (kde#513765) * Fix hardcoded "Linux" in web search fallback ==== dracut ==== Version update (059+suse.785.g17d177bb -> 059+suse.787.gfb86123e) - Update to version 059+suse.787.gfb86123e: * fix(dracut.spec): switch to tmpfiles based file creation (jsc#PED-14786) ==== drkonqi6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: drkonqi6-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== emacs ==== Subpackages: emacs-el emacs-eln emacs-info emacs-nox etags * Add patch desktop.patch and then remove dependency on update-desktop-files (jsc#PED-15201) ==== ffmpeg-8 ==== Subpackages: libavcodec62 libavfilter11 libavformat62 libavutil60 libswresample6 libswscale9 - Enable some more codecs based on package availability and based on comparison with Fedora's ffmpeg package. ==== filesystem ==== - Own /usr/etc/security/pam_env.conf.d as aaa_base installs a base configuration there. ==== flatpak-kcm6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: flatpak-kcm6-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * preload wallpaper table (kde#511958) ==== folks ==== Version update (0.15.9 -> 0.15.12) Subpackages: folks-data folks-lang libfolks-eds26 libfolks26 - Update to version 0.15.12: + Major changes: backend: Adapt to evolution-data-server 3.59.1 API changes + Bugs fixed: - CI fixes - eds backend: Correct patch for evolution-data-server 3.59.1 API changes - meson: Set minimum GLib version to 2.80 ==== freerdp ==== Version update (3.20.0 -> 3.20.2) Subpackages: libfreerdp3-3 librdtk0-0 libwinpr3-3 - Update to version 3.20.2: + Patch release fixing a regression with gateway connections introduced with 3.20.1 [#]# What's Changed * Warnings and missing enumeration types (#12137) - Changes from version 3.20.1: + New years cleanup release. Fixes some issues reported and does a cleaning sweep to bring down warnings. Thanks to @ehdgks0627 doing some code review/testing we've uncovered the following (medium) vulnerabilities: * CVE-2026-22851 * CVE-2026-22852 * CVE-2026-22853 * CVE-2026-22854 * CVE-2026-22855 * CVE-2026-22856 * CVE-2026-22857 * CVE-2026-22858 * CVE-2026-22859 + These affect FreeRDP based clients only, with the exception of CVE-2026-22858 also affecting FreeRDP proxy. FreeRDP based servers are not affected. ==== fuse3 ==== Subpackages: libfuse3-4 - Add dependency from libfuse3-4 to fusermount3 program [boo#1256466] ==== fwupd ==== Subpackages: fwupd-bash-completion fwupd-lang libfwupd3 typelib-1_0-Fwupd-2_0 - Add 0001-Allow-systemd-service-to-access-block-sr-cdrom-devic.patch: allow fwupd.service to interact with cdrom (boo#1256507) ==== gimp ==== Subpackages: gimp-plugin-aa gimp-plugin-python3 libgimp-3_0-0 libgimpui-3_0-0 - Add CVE fixes: + gimp-CVE-2025-14422.patch (bsc#1255293 CVE-2025-14422) + gimp-CVE-2025-14423.patch (bsc#1255294 CVE-2025-14423) + gimp-CVE-2025-14424.patch (bsc#1255295 CVE-2025-14424) + gimp-CVE-2025-14425.patch (bsc#1255296 CVE-2025-14425) ==== gnome-text-editor ==== Version update (49.0 -> 49.1) Subpackages: gnome-text-editor-lang - Update to version 49.1: + Fix buffer invalidation when language changes + Fix UTF-8 handling in basename property getters + Improve dark theme styling to better match libadwaita + Build/CI updates + Updated translations. ==== gpsd ==== Version update (3.27.3 -> 3.27.5) - Update to version 3.27.5 * Correctly bump API Version to 16.1 cgps checks for matching API version. - Update to version 3.27.4 * Bump API Version to 16.1 ==== harfbuzz ==== Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - Add harfbuzz-CVE-2026-22693.patch: fix a NULL pointer dereference (bsc#1246459 CVE-2026-22693). ==== imlib2 ==== Version update (1.12.5 -> 1.12.6) Subpackages: imlib2-loaders libImlib2-1 - Update project URL - Update to 1.12.6: * XPM progress callback fix * gradient fixes * Y4M improvements to support more formats * resize image when imlib_view window is resized ==== irqbalance ==== Version update (1.9.4.77.git+d913f60 -> 1.9.5.0.git+cf76396) Subpackages: irqbalance-ui - Update to version 1.9.5.0.git+cf76396: * Update configure.ac/meson.build for irqbalance 1.9.5 * meson: force systemd-service installation with a seperate option * Fixed incorrect comparison in snprintf() in procinterrupts.c. * Added missing '/' and fixed message in procinterrupts.c. * Safer string handling in procinterrupts.c. ==== kactivitymanagerd6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: kactivitymanagerd6-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== kde-cli-tools6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: kde-cli-tools6-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * kioclient: Don't set appname (kde#512650) ==== kde-gtk-config6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: kde-gtk-config6-gtk3 - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== kdecoration6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: libkdecorations3-6 libkdecorations3-6-lang libkdecorations3private2 - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== kdeplasma6-addons ==== Version update (6.5.4 -> 6.5.5) Subpackages: kdeplasma6-addons-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * applets/weather: Fix pressure representation on tooltip (kde#514419) * applets/weather: check for a night icon before return an empty icon (kde#513069) * applets/notes: Fix cursor position on external data * Fix effects_cube translation * applets/weather: Fix visibility for zero degrees temperatures (kde#512871) ==== kernel-firmware-amdgpu ==== Version update (20260109 -> 20260116) - Update to version 20260116 (git commit c2912a665205): * amdgpu: DMCUB updates for various ASICs ==== kernel-firmware-bluetooth ==== Version update (20260109 -> 20260116) - Update to version 20260116 (git commit c2912a665205): * linux-firmware: Add firmware file for Intel ScorpiusGfp2 core * linux-firmware: Update firmware file for Intel Scorpius core * linux-firmware: Update firmware file for Intel BlazarIGfP core * linux-firmware: Update firmware file for Intel BlazarI core * linux-firmware: Update firmware file for Intel BlazarU-HrPGfP core * linux-firmware: Update firmware file for Intel BlazarU core - Update to version 20260116 (git commit 2b93c4fc3564): * rtl_bt: Update RTL8852BT/RTL8852BE-VT BT USB FW to 0x06EB_C65F ==== kernel-firmware-i915 ==== Version update (20260109 -> 20260114) - Update to version 20260114 (git commit e477bd5942f4): * xe: Add GSC 105.0.2.1301 for PTL ==== kernel-firmware-iwlwifi ==== Version update (20251217 -> 20260116) - Update to version 20260116 (git commit 2b93c4fc3564): * iwlwifi: add Bz/Sc FW for core102-56 release * iwlwifi: Add Hr/Gf firmware for core102-56 release * iwlwifi: update ty/So/Ma firmwares for core102-56 release ==== kernel-firmware-mediatek ==== Version update (20260110 -> 20260114) - Update to version 20260114 (git commit e477bd5942f4): * mediatek: rename MT8188 SCP firmware ==== kernel-firmware-network ==== Version update (20260106 -> 20260116) - Update to version 20260116 (git commit 2b93c4fc3564): * linux-firmware: Add firmware for airoha-npu-7583 driver ==== kernel-firmware-qcom ==== Version update (20260109 -> 20260114) - Update to version 20260114 (git commit e477bd5942f4): * qcom: Update DSP firmware for QCM6490 platform ==== kernel-source ==== Version update (6.18.5 -> 6.18.6) - Linux 6.18.6 (bsc#1012628). - NFSD: Fix permission check for read access to executable-only files (bsc#1012628). - nfsd: provide locking for v4_end_grace (bsc#1012628). - nfsd: use correct loop termination in nfsd4_revoke_states() (bsc#1012628). - nfsd: check that server is running in unlock_filesystem (bsc#1012628). - NFSD: net ref data still needs to be freed even if net hasn't startup (bsc#1012628). - NFSD: Remove NFSERR_EAGAIN (bsc#1012628). - atm: Fix dma_free_coherent() size (bsc#1012628). - net: 3com: 3c59x: fix possible null dereference in vortex_probe1() (bsc#1012628). - net: do not write to msg_get_inq in callee (bsc#1012628). - arm64: Fix cleared E0POE bit after cpu_suspend()/resume() (bsc#1012628). - bnxt_en: Fix NULL pointer crash in bnxt_ptp_enable during error cleanup (bsc#1012628). - btrfs: always detect conflicting inodes when logging inode refs (bsc#1012628). - mei: me: add nova lake point S DID (bsc#1012628). - rust_binder: remove spin_lock() in rust_shrink_free_page() (bsc#1012628). - lib/crypto: aes: Fix missing MMU protection for AES S-box (bsc#1012628). - counter: 104-quad-8: Fix incorrect return value in IRQ handler (bsc#1012628). - counter: interrupt-cnt: Drop IRQF_NO_THREAD flag (bsc#1012628). - tracing: Add recursion protection in kernel stack trace recording (bsc#1012628). - riscv: boot: Always make Image from vmlinux, not vmlinux.unstripped (bsc#1012628). - nouveau: don't attempt fwsec on sb on newer platforms (bsc#1012628). - Revert "drm/atomic-helper: Re-order bridge chain pre-enable and post-disable" (bsc#1012628). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (bsc#1012628). - arm64: dts: imx95: correct I3C2 pclk to IMX95_CLK_BUSWAKEUP (bsc#1012628). - drm/amd/display: Apply e4479aecf658 to dml (bsc#1012628). - drm/amdgpu: Fix query for VPE block_type and ip_count (bsc#1012628). - drm/atomic-helper: Export and namespace some functions (bsc#1012628). - drm/pl111: Fix error handling in pl111_amba_probe (bsc#1012628). - drm/tidss: Fix enable/disable order (bsc#1012628). - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (bsc#1012628). - gpio: rockchip: mark the GPIO controller as sleeping (bsc#1012628). - io_uring/io-wq: fix incorrect io_wq_for_each_worker() termination logic (bsc#1012628). - PCI: meson: Report that link is up while in ASPM L0s and L1 states (bsc#1012628). - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (bsc#1012628). - PM: hibernate: Fix crash when freeing invalid crypto compressor (bsc#1012628). - Revert "drm/mediatek: dsi: Fix DSI host and panel bridge pre-enable order" (bsc#1012628). - wifi: avoid kernel-infoleak from struct iw_point (bsc#1012628). - wifi: mac80211: restore non-chanctx injection behaviour (bsc#1012628). - libceph: prevent potential out-of-bounds reads in handle_auth_done() (bsc#1012628). - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (bsc#1012628). - libceph: make free_choose_arg_map() resilient to partial allocation (bsc#1012628). - libceph: return the handler error from mon_handle_auth_done() (bsc#1012628). - libceph: reset sparse-read state in osd_fault() (bsc#1012628). - libceph: make calc_target() set t->paused, not just clear it (bsc#1012628). - ublk: reorder tag_set initialization before queue allocation (bsc#1012628). - ALSA: hda: intel-dsp-config: Prefer legacy driver as fallback (bsc#1012628). - csky: fix csky_cmpxchg_fixup not working (bsc#1012628). - ARM: 9461/1: Disable HIGHPTE on PREEMPT_RT kernels (bsc#1012628). - alpha: don't reference obsolete termio struct for TC* constants (bsc#1012628). - dm-verity: disable recursive forward error correction (bsc#1012628). - dm-snapshot: fix 'scheduling while atomic' on real-time kernels (bsc#1012628). - NFSv4: ensure the open stateid seqid doesn't go backwards (bsc#1012628). - ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) (bsc#1012628). - NFS: Fix up the automount fs_context to use the correct cred (bsc#1012628). - ALSA: hda/realtek: Add support for ASUS UM3406GA (bsc#1012628). - drm/amd/display: shrink struct members (bsc#1012628). - smb/client: fix NT_STATUS_UNABLE_TO_FREE_VM value (bsc#1012628). - smb/client: fix NT_STATUS_DEVICE_DOOR_OPEN value (bsc#1012628). ... changelog too long, skipping 220 lines ... - commit e4ae677 ==== kf6-kguiaddons ==== Version update (6.22.0 -> 6.22.1) Subpackages: kf6-kguiaddons-imports libKF6GuiAddons6 - Update to 6.22.1 * Hotfix release - Changes since 6.22.0: * ksystemclipboard: Check m_thread in destructor (kde#514512) ==== kf6-kuserfeedback ==== Subpackages: kf6-kuserfeedback-imports kf6-kuserfeedback-lang libKF6UserFeedbackCore6 libKF6UserFeedbackWidgets6 - Replace usage of %{_smp_build_ncpus} for reproducible builds (boo#1237231) ==== kgamma6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: kgamma6-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== kglobalacceld6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: libKGlobalAccelD6-0 - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== kinfocenter6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: kinfocenter6-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== kmenuedit6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: kmenuedit6-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== knighttime6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: libKNightTime0 - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== kpipewire6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: kpipewire6-imports libKPipeWire6 libKPipeWire6-lang libKPipeWireDmaBuf6 libKPipeWireRecord6 - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== kscreen6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: kscreen6-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== kscreenlocker6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: kscreenlocker6-lang libKScreenLocker6 - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * 🍒greeter: fix hanging when unlocking via loginctl over KDE Connect (kde#506343,kde#505987) ==== ksshaskpass6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: ksshaskpass6-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== ksystemstats6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: ksystemstats6-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== kwayland-integration6 ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== kwayland6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: libKWaylandClient6 - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== kwin6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: kwin6-lang libkwin6 - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * useractions: use output order for "switch to screen i" shortcuts * useractions: use output order for "move window to screen i" shortcuts (kde#514465) * backends/wayland: fix the cursor hotspot with scaling * wayland/linuxdmabuf: drop buffers instead of deleting directly * Handle key repeat state from input method keys (kde#513637) * compositor: don't attempt to use cursor sizes other than the recommended one (kde#513810) * wayland/outputmanagement: reject clearly nonsensical positions * scene/workspacescene: ignore items with an opacity of zero (kde#513203) * core/sessions: don't take ownership of an fd that Qt will close (kde#513151) * Missing exported header file a11ykeyboardmonitor.h added * wayland: Fix sending wl_data_source::dnd_action(0) after drop (kde#512235) * rules: pass an activation token to the window rules KCM * xwayland: Fix keysniffing repeating keys (kde#510404) - Drop patches, now upstream: * 0001-core-sessions-don-t-take-ownership-of-an-fd-that-Qt-.patch ==== kwin6-x11 ==== Version update (6.5.4 -> 6.5.5) Subpackages: kwin6-x11-lang libkwin-x11-6 - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * OMLVideoSyncVsyncMonitorHelper: Unset current context before deletion * SGIVideoSyncVsyncMonitorHelper: Unset current context before deletion (kde#507677) * plugins/qpa: Fix build with Qt 6.11 and Qt 6.10.2 ==== layer-shell-qt6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: libLayerShellQtInterface6 - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== libblockdev ==== Subpackages: libbd_btrfs3 libbd_crypto3 libbd_fs3 libbd_loop3 libbd_lvm3 libbd_mdraid3 libbd_nvme3 libbd_part3 libbd_smart3 libbd_swap3 libbd_utils3 libblockdev3 - Remove dependency from dmraid (already removed upstream in 3.0) ==== libgnomesu ==== Version update (2.0.9 -> 2.0.10) Subpackages: libgnomesu-lang libgnomesu0 - Update to version 2.0.10: * Add support for pam_env module * Updated translations. ==== libgsf ==== Version update (1.14.54 -> 1.14.55) Subpackages: gsf-office-thumbnailer libgsf-1-114 libgsf-lang - Update to version 1.14.55: + Reduce stack usage. + Documentation fixes. ==== libheif ==== Version update (1.21.1 -> 1.21.2) Subpackages: gdk-pixbuf-loader-libheif libheif-aom libheif-dav1d libheif-ffmpeg libheif-jpeg libheif-openh264 libheif-openjpeg libheif-rav1e libheif-svtenc libheif1 - update to 1.21.2: * build script for JS/WASM now supports building with JPEG2000 and "ISO23001-17 Uncompressed" support. * image sequence SAI data now works when using the OpenH264 decoder plugin ==== libkscreen6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: libKF6Screen8 libKF6Screen8-lang libKF6ScreenDpms8 libkscreen6-plugin - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * Require passing tests * Fix hwdata location on FreeBSD * Remove references to no longer existing QScreen backend * Adjust test to removed qscreen backend * Remove testcase for qscreen backend * Remove testcase for xrandr 1.1 backend * Drop testQScreenBackend * Drop testModeSwitching * doctor: Add flipped rotation to help text * Add usage example for output.HDMI-2.brightness.10 ==== libksysguard6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: ksysguardsystemstats6-data libKSysGuardSystemStats2 libksysguard6-imports libksysguard6-lang libksysguard6-plugins - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== libplasma6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: libPlasma6 libPlasma6-lang libplasma6-components libplasma6-desktoptheme - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * Dialog: if we already flipped it to appear below, shift it upwards instead (kde#511188) * Fix hideOnWindowDeactivate in Dialog and AppletPopup (kde#511187) ==== libpng16 ==== Version update (1.6.53 -> 1.6.54) Subpackages: libpng16-16 libpng16-16-x86-64-v3 - version update to 1.6.54: * Fixed CVE-2026-22695 (medium severity): Heap buffer over-read in `png_image_read_direct_scaled. (Reported and fixed by Petr Simecek.) * Fixed CVE-2026-22801 (medium severity): Integer truncation causing heap buffer over-read in `png_image_write_*`. * Implemented various improvements in oss-fuzz. (Contributed by Philippe Antoine.) - fixes [bsc#1256526] and [bsc#1256525] ==== libsndfile ==== - No longer build with experimental flag passed to cmake, follow upstream default. - Fix memory leak in the mpeg_l3_encoder_init() function (CVE-2025-56226, bsc#1256702); currently we don't enable MP3, hence unaffected, but just to be sure for further enablement: libsndfile-CVE-2025-56226.patch sndfile-convert-CVE-2025-56226.patch ==== libstorage-ng ==== Version update (4.5.284 -> 4.5.285) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#1049 - updated dependency file for bindings - 4.5.285 ==== libvdpau ==== - Update to vdpauinfo 1.5 * AV1 Support added - supersedes U_Support-AV1.patch ==== libvirt ==== Version update (11.10.0 -> 12.0.0) Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-qemu libvirt-libs - Update to libvirt 12.0.0 - jsc#PED-14592, jsc#PED-14597, jsc#PED-14623, jsc#PED-15320 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v12-0-0-2026-01-15 ==== libvpl ==== Version update (2.15.0 -> 2.16.0) - Update to version 2.16.0 * Intel® VPL API 2.16 support, including new AI-assisted encoder APIs and documentation updates ==== llvm21 ==== Version update (21.1.7 -> 21.1.8) - Update to version 21.1.8. * This release contains bug-fixes for the LLVM 21.1.0 release. This release is API and ABI compatible with 21.1.0. - Rebase llvm-do-not-install-static-libraries.patch. ==== mailutils ==== Version update (3.17 -> 3.21) Subpackages: libmailutils9 - update to 3.21: * Optionally create intermediate directories when creating mailboxes. * New stream flag is introduced: MU_STREAM_INTERDIR. Used together with * MU_STREAM_CREAT, it instructs mailutils to create any missing intermediate directories, when creating file. * New configuration statement "homedir" declares the action to take if a user home directory does not exits. * The statement is used by imap4d, lmtpd, mda, and putmail utilities. * The option informs fileinto that it should create missing intermediate directories when creating a mailbox. * Variable expansions in configuration statements. * New commands in string expansions * Sieve: fix coredump on parsing "fileinto :permission" action. * Sieve: fix optimizer. * Library: fix parsing ls-compatible permission strings. * Library: fix mu_sieve_machine_clone function. * Configuration: use '\' to escape delimiters in some statements. * This affects statements whose arguments are colon- or comma- delimited strings, e.g. ldap.field-map. * ** Library: fix localized help output * Help entries now use the correct translation domain. The bug was originally reported and discussed in * Setting synchronization mode allows the user to keep messages in remote source mailbox, while downloading only recently received messages. The mode is defined via the "--sync" command line option or "sync" configuration statement. * ** The --reverse option removed * The option made little sense for movemail and was never used. * ** The --max-messages option * This options sets the maximum number of latest messages to process. * New Sieve test: uidnew * The "uidnew" test keeps track of the processed messages. It evaluates to true if the current message was not processed before. * filters: revise buffer requirements when requesting more input/output * libproto tests: link using the libtool archives * Fix testsuite (mda & mail) to work with arbitrary default mailbox type * Minor fix in handling of EHLO command in smtp client. * Improve docs. * Minor fix in mhn and related tests. * mail utility: use the "mailer" configuration capability. - update mailutils.keyring ==== mdevctl ==== - Fix up the source services files to function by updating the _service file and adding a _servicedata file. ==== milou6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: milou6-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== mozilla-nss ==== Version update (3.118.1 -> 3.119.1) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-sysinit mozilla-nss-tools - update to NSS 3.119.1 * bmo#2004866 - restore coreconf/Darwin.mk behavior for intel archs - update to NSS 3.119 * bmo#1983320 - Fix ml-dsa return value for SECKEY_PrivateKeyStrengthInBits. * bmo#1986352 - Make sure we don't accept ECH if the HRR cookie is ill-formatted. * bmo#2002246 - Add a pkcs12 fuzzer with crypto stubbed out. * bmo#2003314 - handle errors while setting sanitizers cflags in build. * bmo#1986912 - Ignore IVs for AES KW. * bmo#2003286 - Update Cryptofuzz version. * bmo#2001932 - Fix incorrect logic for SNI selection when ECH is available but disabled. * bmo#1975855 - fix forwarding of sqlite_libs in sqlite.gyp. * bmo#1999204 - fix CPU_ARCH setting for arm64 makefile builds. * bmo#1998094 - remove unused calcThreads variable from cmd/rsaperf. * bmo#1978348 - Solving the incorrect tests introduced by extending EKU. * bmo#1972054 - Memory leaks in pkcs12 and pkcs7 decoders. * bmo#1978348 - Extending parsing with Microsoft Document Signing EKU. * bmo#1978348 - Extending parsing with Adobe Document Signing EKU. * bmo#1978348 - Extending pkix parsing with document signing EKUs. * bmo#2000737 - fix compilation failure on ia32. * bmo#2000737 - use hardware x64 GCM in static builds. * bmo#2000737 - separate ppc sha512 library from ppc gcm library. * bmo#2000737 - simplify cross-compilation from build.sh. * bmo#1724353 - use clang's integrated assembler. * bmo#2000737 - remove unused MP_IS_LITTLE_ENDIAN defines. * bmo#2000737 - fix logic for disabling altivec in gyp builds. * bmo#1964722 - free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed. * bmo#1972825 - Add TLS interoperability tests with openssl and gnutls. * bmo#1314849 - Ensure we don't send a DTLS1.3 cookie after DTLS1.2 HelloVerifyRequest. * bmo#1965329 - add failure checks to pk11_mergeTrust() . * bmo#1999517 - pk11wrap selects incorrect slot for CKM_ML_KEM*. - Adjusted for changed naming scheme of tarballs for this release by upstream ==== mozjs140 ==== Version update (140.6.0 -> 140.7.0) - Update to version 140.7.0: + Security Vulnerabilities fixed in Firefox ESR 140.7 + See https://www.firefox.com/en-US/firefox/140.7.0/releasenotes/ ==== msgraph ==== Version update (0.3.3 -> 0.3.4) - Update to version 0.3.4: + Remove drive bundles duplicates + doc: Update URL to libsoup ==== multipath-tools ==== Version update (0.13.0+229+suse.dbac936f -> 0.14.0+207+suse.18c17be5) Subpackages: kpartx libmpath0 - Update to version 0.14.0+207+suse.18c17be5 - New features from upstream 0.14.0: * add support for automatically purging SCSI devices that become disconnected at the storage target (purge_disconnected option). See NEWS.md. - Bug fixes from upstream 0.14.0 (bsc#1257007, see NEWS.md for details): * Make sure multipathd registers keys all paths of a multipath map after mpathpersist registered a key for a map. * Fix `mpathpersist --report-capabilities` output. * Improve error handling when retrying REGISTER AND IGNORE. * Fix command descriptions in the multipathd man page. * Fix ISO C23 compatibility issue causing errors with new compilers. * Fix memory leak caused by not joining the "init unwinder" thread. * Fix memory leaks in kpartx. * Print the warning "setting scsi timeouts is unsupported for protocol" only once per protocol. * Make sure multipath-tools is compiled with the compiler flag `-fno-strict-aliasing`. (gh#opensvc/multipath-tools#130) - Other changes from upstream 0.14.0: * Add wrapper code for libudev to avoid potential issues with calling libudev from a multi-threaded program. * Clean up the code for freeing struct path and struct multipath objects. * Hardware table: add Seagate Exos and Nytro series. * Avoid joining threads twice with liburcu 0.14.0 and newer. * Remove the obsolete "hotplug" mode of kpartx. * CI updates. ==== myrlyn ==== Version update (0.9.9 -> 1.0.0) - Update to version 1.0.0: * Version bump to 1.0.0 * Document zypp history filters * Wider columns in zypp history * zypp history filters are working * New classes for zypp history filters * Use [OK] as the default dialog button * Suppress Qt bullshit messages that keep flooding the log * Add zypp history filter dialog * Add infrastructure for zypp history filters * Extend zypp history browser time line to today if the last activity date was just 10 or less days ago * Zypp history error handling * Fix (+/-) count conditions * Show (+/-) count in zypp history only for nontrivial transactions * Reasonable column widths in zypp history browser * Initial selection in zypp history browser * Added new zypp history browser to features in README.md * Show (+/-) count for commands in zypp history * Show --zypp-history in usage message as normal, not debugging option * Use standard columns in zypp history only for packages and patches * Fixed column spanning for parent items * Working zypp history browser navigation * Populated history events tree * First populated timeline (navigation) tree for the zypp history * First rough parsing tests ok * Add Ctrl+Shift+H shortcut to show zypp history * First new (still empty) ZyppHistoryBrowser, drop old YQPkgHistoryDialog * Code reorg + consistency * Handle incomplete zypp history files * New designer form for the zypp history browser * More zypp history test data * Add zypp history test data * Factor out ZyppHistoryEvents * Use a namespace for better organization * Lots of boring zypp history parser code * Parse zypp history command events * Filling ZyppHistoryParser with life * Filling ZyppHistoryParser with life * New class ZyppHistoryParser * New class ZyppHistory * Handle command line options with additional argument * Make sure at least one "search in" check box is checked when searching * Support searching in RPM recommends, too * Added tooltip for auto search default mode button * Right-align auto search default mode button * Enable switching the default auto search mode between "Starts With" and "Contains" * New icons * Allow no parent * Unneeded includes * Fixed script she-bang * Class rename MyrlynTranslator -> Translator * Generalize MyrlynTranslator * Re-imported latest QDirStat logger * Show special resolver modes (up/dup) in status line * Silenced left-over debug output * Support using ~/.config/openSUSE/myrlyn-sudo.conf * Fixed typo in .desktop file * Added Video LAN community repo (also serves libdvdcss) * Log the Qt environment * More HiDPI hints in .desktop files * Ensure the popup is centered * Commented out unavailable/redundant community repos on 16.x * No progress bar during post-transaction scripts * Actually use myrlyn-run0 in myrlyn-run0.desktop * Added systemd run0 support (#122 by @zeusgoose) * Updated docs: Stability and maturity * Added myrlyn-stable for Leap 15.6 from OBS home:shundhammer to downloads ==== ncurses ==== Version update (6.6.20260103 -> 6.6.20260117) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20260117 + add "alt_" to special key-prefix check for "djgpp" terminfo + provide a generated list of user-defined special keys (adapted from patch by Jakub Horky) -TD + rename vt100+keypad, etc., to vt100+keypad+sco, etc., to keep historical blocks while providing for renaming of vt220+keypad as vt100+keypad (prompted by patch by Jakub Horky) -TD + use vt100+keypad instead of vt220+keypad (patch by Jakub Horky) + use vt100+keypad in putty+keypad, replacing kpXX extension -TD + remove vt100+fnkeys-sco from putty -TD + fix link_test.c for configuration without extended colors by adjusting ifdefs and improving MKlib_gen.sh by checking for #if statements with only a 0 or 1 parameter. + fixes for "make check" (report by Brian Inglis): + adjust definition of USE_TRACEF + modify ncurses/wcwidth.h + modify makefile to add dependencies needed in shared library + modify makefile to work with libtool + separate ncurses/tty/lib_mvcur.c test-driver from routine checks + add a paragraph to user_caps.5 to mention extended capabilities which are not documented as part of ncurses. + use symbol DEFAULT_TERM_VAR for several cases where getenv("TERM") returns null pointer. + modify test/demo_new_pair.c to fix build with SmartOS (report by Thomas Klausner). - Port patch ncurses-6.6.dif ==== nghttp3 ==== Version update (1.13.1 -> 1.14.0) - Remove the unrecogninzed configure option --with-cunit and the cunit build dependency - Update to 1.14.0: * Fix header name validation on a platform where char is unsigned * nghttp3_http: Use int8_t for the lookup tables consistently * More use of designated initializers * Rework nghttp3_frame union to avoid potential UB * Rewrite nghttp3_get_varint * Port ngtcp2_ksl changes * Add nghttp3_recv_settings2 and deprecate nghttp3_recv_settings * tnode: Remove unused num_children * Refactor with compound literals * stream: Simplify settings entry assignment * Port ngtcp2 changes * Fix ENABLE_CONNECT_PROTOCOL setting handling * datalen must not be zero * Fix missing error handling * Remove unused tx.hstate from nghttp3_stream * Clarify field size limits ==== ngtcp2 ==== Version update (1.18.0 -> 1.19.0) Subpackages: libngtcp2-16 libngtcp2-16-32bit libngtcp2_crypto_gnutls8 libngtcp2_crypto_gnutls8-32bit - Update to 1.19.0: * ngtcp2_log: Add missing error codes * ngtcp2_str: Remove redundant assignment * Update RTT when the largest packet number is acked * ngtcp2_qlog: Add const qualifier to vec_pkt_type* * bbr: Remove CWND reduction on congestion event * bbr: More backups for spurious losses * Add ngtcp2_vec_drop * Rewrite get_uvarint * Rework ngtcp2_frame union to avoid potential UB * ksl: Rework key storage to avoid struct hack * acktr: Refactor ACK creation function * ngtcp2_ksl: Remove alignment enforcement for keys * Bump urlparse * Refactor with compound literals * Add libngtcp2 to pkg-config Requires.private * Revise libngtcp2 include dir setup * Export CMake target for ngtcp2_crypto_ossl(_static) ==== nvidia-open-driver-G06-signed ==== Version update (580.119.02_k6.18.5_1 -> 580.126.09_k6.18.5_1) - kernel-5.14.patch * fixes build for sle15-sp4 - update non-CUDA variant to version 580.126.09 (boo#1255858) ==== ocean-sound-theme6 ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== openSUSE-build-key ==== - import-openSUSE-build-key: implement importing all keys from /usr/lib/rpm/gnupg/keys ==== openSUSE-release ==== Version update (20260113 -> 20260121) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== opus ==== Version update (1.6 -> 1.6.1) - Update to version 1.6.1 * fixes several minor issues that were discovered since the 1.6 release. ==== orc ==== Version update (0.4.41 -> 0.4.42) - Update to version 0.4.42: + Initial 64-bit RISC-V support + Add 64-bit LoongArch support + Implement release and reuse of temporary registers for some targets + x86: Implement EVEX encoding and an opcode validation system + x86: Opcode refactor, improved constant handling and various other fixes + x86: add missing rounding operands for AVX and SSE + x86: Implement 64-bit single move constant load + includes: stop exporting the private compiler and OrcTarget definitions + Use hotdoc instead of gtk-doc to generate the documentation + ORC_DEBUG_FATAL environment variable allows abort on log messages of a certain level + Error message improvements and NEON backend clean-ups + Fix a few valgrind issues + Build: enable tools such as orcc and orc-bugreport by default + Various build fixes - Replace gtk-doc with python3-hotdoc BuildRequires following upstreams port. - Add fdupes BuildRequires and macro, remove duplicate files. - Package doc sub-package as noarch. ==== ovmf ==== Version update (202508 -> 202511) Subpackages: qemu-ovmf-x86_64 - Update to edk2-stable202511 - Patches (git log --oneline --date-order edk2-stable202505..edk2-stable202508): 46548b1ada MdeModulePkg: Update brotli submodule 9e4d3b3163 BaseTools: Update brotli submodule 6c6d4d2d52 MdePkg: Add PCI Express 7.0 Header Support c624a06aa3 ArmPkg,UefiCpuPkg: fix boot failure with LPA2 7446762732 MdePkg,UefiCpuPkg: fix wrong DS bit and add helper to check it 1c74842bd0 ArmPkg/Library: fix: Incorrect SectionLength Calculation. 49d4753385 MdeModulePkg: CoreDxe: Handle multilple MemoryAllocationModules a3a180e2bc MdeModulePkg: Update Brotli Compress to 1.2.0 6d82549396 BaseTools: Update Brotli Compress to 1.2.0 059332bda3 ArmPkg/Library: Fix for coverity issue OVERRUN 05b677c9de UefiCpuPkg/MtrrLib: Prevent MTRR usage with SEV guests b98ccecdec MdePkg: Add code to detect running as an SEV guest 8058a94f60 MdePkg: Add IPMI Mailbox Size Define b7d91dbe8a BaseTools/GenFW: RISC-V: Detect Zicfilp extension cb8c8c9285 FmpDevicePkg: GetImageInfo Add missing conditions 641bd54258 UefiCpuPkg/SmmCpuFeaturesLib: Add Standalone MM support for AMD family 2ff1029cc3 RedfishPkg: Add missing FreePool to fix memory leak issue 9b71501f6c NetworkPkg/SnpDxe: Fix Snp used uninitialized 94065db3dc MdeModulePkg: ArmFfaLib: Add FFA_YIELD handling ed79e67369 IntelFsp2Pkg: Add check if current OS support tkinter or not aba2b4e221 EmulatorPkg/Win/Host: Fix loaded DLL page protections 2509b4be74 ArmPlatformPkg: Update transfer list register usage before stack setup 05429cbe91 OvmfPkg: Expand EnrollDefaultKeys with Microsoft 2023 keys 98d1f8a6fd BaseTools: Remove DXE_SAL_DRIVER 41f7c0cd9e NetworkPkg: Remove DXE_SAL_DRIVER b089a6a445 EmbeddedPkg: Remove DXE_SAL_DRIVER 5467d6037d ArmVirtPkg: Remove DXE_SAL_DRIVER 8b00092e3f ArmPlatformPkg: Remove DXE_SAL_DRIVER 9e740df0bd ArmPkg: Remove DXE_SAL_DRIVER d36680ad13 SecurityPkg: Remove DXE_SAL_DRIVER c6e5c20cb9 MdePkg: Remove DXE_SAL_DRIVER 147e9a053e MdeModulePkg: Remove DXE_SAL_DRIVER 59c3e63fc6 OvmfPkg: Use FvLib from MdePkg 426da7fb1a IntelFsp2WrapperPkg: Rebase FSP-S and FSP-I if Image Base not match 29a66468cb MdePkg: Copy FvLib to MdePkg d145aef952 MdeModulePkg/Core/Dxe: Fix TPL inversion from DEBUG() message 302cc88ab3 NetworkPkg/SnpDxe: Update SnpDxe SNP_DRIVER struct out of DMA-able memory. a074649c60 CryptoPkg: Fix coverity warnings in CryptoPkg. c6cea09e9a SecurityPkg: Trace and return status are handled. ff0edeaaa8 StandaloneMmPkg/Core/Dispatcher: Use more generic MMRAM term in comment 64a1aca08f MdeModulePkg: Fix UEFI runtime driver loading after EndOfDxe 7ce19889f9 DynamicTablesPkg: Add the parser for EArchCommonObjTpm2DeviceInfo e29efd220d DynamicTablesPkg: PCIE SSDT Add root port devices 01d4c1d51c DynamicTablesPkg: Update PCIe config space object 8366881b06 DynamicTablesPkg: Add PCIe root port namespace object 76c5005ce8 DynamicTablesPkg: Add X64 libraries to meta files 0a3d688b1b DynamicTablesPkg: Enhance X64 PCIe SSDT _CRS generation cec2c6bbcc MdeModulePkg: Always Initialize Separate Exception Stacks 1d6f2f0d8d MdeModulePkg: CpuExceptionHandlerLibNull: Return Success On Null Func 34cd1aca46 UefiCpuPkg: MpInitLib: Fix Task Register Race Condition GP Fault e67f405713 UefiCpuPkg: Always Initialize Separate AP Exception Stacks f64b4065b7 UefiCpuPkg/CpuDxe: fix page table walk in confidential VM 44214c0cdf MdeModulePkg/AcpiTableDxe:Improving InitializeAcpiTableDxe behavior. 9f31aa33d8 MdeModulePkg:Completed InstallAcpiTableFromAcpiSiliconHob AddTableList c22d6957f4 MdeModulePkg/AcpiTableDxe:Fixed memory corruption issue 47dc9e310b IntelFsp2Pkg: Update GenYamlCfg script db4d323909 UefiCpuPkg/PeiMpLib: Only allocate ACPI NVS AP loop code buffer on S3 e494b25fe3 BaseTools:Remove deprecated ast.Str import for Python 3.14 compatibility 2241651b17 BaseTools: Add Quoting to Python Path on Windows 174933ebf6 IntelFsp2Pkg/GenCfgOpt.py: Fix line endings in Linux environments 0fa57975b0 MdePkg: Acpi66: Add defined IOVT Signature aeb27b18ce EmulatorPkg/BuildOptions: Add CLANGPDB DLINK_FLAGS flags to build options e49ec97d12 OvmfPkg/BuildOptions : Add CLANGPDB DLINK_FLAGS flags to build options ffa859492a StandaloneMmPkg/BuildOptions : Add CLANGPDB DLINK_FLAGS to build options 519ccd4d59 SecurityPkg/BuildOptions : Add CLANGPDB DLINK_FLAGS flags to build options 1527320ad2 CryptoPkg/BuildOptions : Add CLANGPDB DLINK_FLAGS flags to build options f80a406aa9 MdeModulePkg: CoreGetMemoryMap: Account for Unaccepted Entries 3731699a63 PrmPkg: Remove notes from Readme that do not apply 12a908e09c PrmPkg/Samples: Update INF files for GCC/CLANG c16e88e301 PrmPkg/Include: Fix GCC/CLANG PRM Module DLL Export issues 3980808abf BaseTools/Scripts: KEEP .prmexportdescriptor data sections 47b0261613 BaseTools/Source/C/GenFw: Add --image-version option 7a3bcd6684 BaseTools/Source/C/GenFw: Add no symbols check to --prm b5bab75e58 MdeModulePkg: DXE Core: Correct Usage of EFI_MEMORY_ATTRIBUTE_MASK 1e7a83cbb6 BaseTools/FMMT: Fix errors when operating the FV with CRC32 section c9eb3717b4 MdeModulePkg: ScsiDiskDxe: Query Write Protected State d428ca6fe2 MdePkg: ATAPI: Add ATA_CMD_MODE_SENSE6 Definition fe52108211 EmbeddedPkg/VirtualRealTimeClockLib: Use SOURCE_DATE_EPOCH fcc568ca6e BaseTools/build.py: set BUILD_TIME_EPOCH if not already in environment 5ca97bf64f BaseTools/build.py: language cleanup around CheckEnvVariable 9e815d789b ShellPkg/SmbiosView: Display Type 44 "Referenced Handle" field 28b7a6d5ea ShellPkg/SmbiosView: Display Type 2 Contained Objects info a0e8b71ee5 ShellPkg: Review SMBIOS 3.9 specification e27cfda33b OvmfPkg/IoMmuDxe: Fix 1M and 2M buffer handling 2522020ee1 UnitTestFrameworkPkg: Use 8MB stack for MSFT and CLANGPDB 597d061e09 MdeModulePkg/DxeCapsuleLibFmp:Added PCD for EmbeddedDriver Support 9c06ac56fb SecurityPkg: Tcg2StandaloneMmArm: Enable TPM FFA Instance to Register PPI 4883960e5e SecurityPkg: Tcg2AcpiFfa: Correct TPM Instance Validation ff96eb4c2c MdePkg: Restore ARM processor macro in CPER header faeee00490 MdeModulePkg/FvSimpleFileSystemDxe: Remove Iso639Language 56989e2d24 FatPkg/EnhancedFatDxe: Remove Iso639Language aace3eebd2 DynamicTablesPkg: Use abstract tokens in token generator f09ea5f672 ArmVirtPkg/KvmtoolCfgMgrDxe: Update DynamicPlatRepoLib usage 954ee29013 DynamicTablesPkg/FdtHwInfoParserLib: Add Arm IORT parser ba69c6d514 DynamicTablesPkg: FdtHwInfoParserLib: Generate GIC ITS group objects b0aac86c0d DynamicTablesPkg: Add helper to add array as a CmObj 12690ffbb8 DynamicTablesPkg: Add helper to add CmObj with given token ... changelog too long, skipping 306 lines ... - ovmf-Revert-Add-Stack-Cookie-Support-to-MSVC-and-GCC.patch ==== p11-kit ==== Version update (0.25.10 -> 0.26.1) Subpackages: libp11-kit0 libp11-kit0-32bit p11-kit-server p11-kit-tools - Update to 0.26.1: * trust: Ensure compatibility of CKA_NSS_TRUST and CKA_TRUST - Update to 0.26.0: * pkcs11: Update PKCS11 headers to version 3.2 * trust: Lookup DNs in reverse order (RFC4514 section 2.1) * Update translations ==== pam-config ==== Version update (2.13+git.20251203 -> 2.14+git.20260120) - Add libeconf to BuildRequires - Update to version 2.14+git.20260120: * Release version 2.14 * Explain custom pam-config modules in the man page * Enable the configurable fallback when called * Ensure we call fallback stacks * Ensure each configurable module uses it's own opt_sets * Only free configurable pam modules * Permit module behavior fallback * Replace libinih with libeconf * Ensure we don't duplicate custom configs * Cause custom configs to override built-ins * Dynamicaly load pam modules from configuration * Give pam modules priorities ==== pam_kwallet6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: pam_kwallet6-32bit pam_kwallet6-common - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== php8 ==== Version update (8.4.16 -> 8.4.17) Subpackages: php8-ctype php8-dom php8-iconv php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter - remove a patch, which breaks phar.phar [bsc#1256905] * php-sort-filelist-phar.patch (upstreamed) - modified patches * php-build-reproducible-phar.patch (refreshed) - version update to 8.4.17 Core: Fix OSS-Fuzz #465488618 (Wrong assumptions when dumping function signature with dynamic class const lookup default argument). Fixed bug GH-20695 (Assertion failure in normalize_value() when parsing malformed INI input via parse_ini_string()). Fixed bug GH-20714 (Uncatchable exception thrown in generator). Fixed bug GH-20352 (UAF in php_output_handler_free via re-entrant ob_start() during error deactivation). Bz2: Fixed bug GH-20620 (bzcompress overflow on large source size). DOM: Fixed bug GH-20722 (Null pointer dereference in DOM namespace node cloning via clone on malformed objects). Fixed bug GH-20444 (Dom\XMLDocument::C14N() seems broken compared to DOMDocument::C14N()). GD: Fixed bug GH-20622 (imagestring/imagestringup overflow). Intl: Fix leak in umsg_format_helper(). LDAP: Fix memory leak in ldap_set_options(). Mbstring: Fixed bug GH-20674 (mb_decode_mimeheader does not handle separator). PCNTL: Fixed bug with pcntl_getcpuaffinity() on solaris regarding invalid process ids handling. Phar: Fixed bug GH-20732 (Phar::LoadPhar undefined behavior when reading fails). Fix SplFileInfo::openFile() in write mode. Fix build on legacy OpenSSL 1.1.0 systems. Fixed bug #74154 (Phar extractTo creates empty files). POSIX: Fixed crash on posix groups to php array creation on macos. SPL: Fixed bug GH-20678 (resource created by GlobIterator crashes with fclose()). Sqlite3: Fixed bug GH-20699 (SQLite3Result fetchArray return array|false, null returned). Standard: Fix error check for proc_open() command. Fix memory leak in mail() when header key is numeric. Fixed bug GH-20582 (Heap Buffer Overflow in iptcembed). Zlib: Fix OOB gzseek() causing assertion failure. ==== pkcs11-helper ==== Version update (1.30.0 -> 1.31.0) - Fix test provider path - Update to 1.31.0: * reading: fix mutex handling for cond_wait, thanks to Gleb Popov. * mbed: initialize certificate early using mbedtls_x509_crt_init. * util: fix deserialize buffer overflow. thanks to Aarnav Bos. - Enable tests - Add patch Disable-interactive-tests.patch ==== plasma5support6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: libPlasma5Support6 libPlasma5Support6-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== plasma6-activities ==== Version update (6.5.4 -> 6.5.5) Subpackages: libPlasmaActivities7 plasma6-activities-imports - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== plasma6-activities-stats ==== Version update (6.5.4 -> 6.5.5) Subpackages: libPlasmaActivitiesStats1 - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * Properly escape single quotes in strings (kde#512562) ==== plasma6-browser-integration ==== Version update (6.5.4 -> 6.5.5) Subpackages: plasma6-browser-integration-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== plasma6-desktop ==== Version update (6.5.4 -> 6.5.5) Subpackages: plasma6-desktop-emojier plasma6-desktop-lang plasma6-kimpanel-ibus - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * CI: Add documentation build * applets/Kickoff: use Control as base for Badge (kde#514247) * containments/desktop: constrain delegate size by cell size (kde#508684) * [kcms/landingpage] Don't show unauthorized KCMs (kde#511381) * views/Desktop: Set applets property explicitly to list of strings (kde#511729) * containments/desktop: fix back button ==== plasma6-disks ==== Version update (6.5.4 -> 6.5.5) Subpackages: plasma6-disks-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== plasma6-integration ==== Version update (6.5.4 -> 6.5.5) Subpackages: plasma6-integration-plugin plasma6-integration-plugin-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== plasma6-nm ==== Version update (6.5.4 -> 6.5.5) Subpackages: plasma6-nm-lang plasma6-nm-openconnect plasma6-nm-openvpn plasma6-nm-pptp plasma6-nm-vpnc - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * Use correct URL for QR codes for WPA3 networks (kde#514026) * Escape special characters for QR code (kde#WiFipasswordswithsomespecialcharacterslike`;`cannowbe) ==== plasma6-openSUSE ==== Subpackages: plasma6-branding-openSUSE plasma6-sddm-theme-openSUSE plasma6-theme-openSUSE - Update to 6.5.5 ==== plasma6-pa ==== Version update (6.5.4 -> 6.5.5) Subpackages: plasma6-pa-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== plasma6-print-manager ==== Version update (6.5.4 -> 6.5.5) Subpackages: plasma6-print-manager-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * Delay deleting the KCupsRequest in MarkerLevelChecker (kde#514415) ==== plasma6-systemmonitor ==== Version update (6.5.4 -> 6.5.5) Subpackages: plasma6-systemmonitor-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * applicationstable: check quitEnabled for key presses (kde#510464) ==== plasma6-thunderbolt ==== Version update (6.5.4 -> 6.5.5) Subpackages: plasma6-thunderbolt-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - No code changes since 6.5.4 ==== plasma6-workspace ==== Version update (6.5.4 -> 6.5.5) Subpackages: plasma6-session plasma6-session-x11 plasma6-workspace-lang plasma6-workspace-libs sddm-qt6-branding-openSUSE - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * kcms/users: reset dialog state on close button press (kde#514088) * libnotificationmanager: prevent duplicate D-Bus service watcher additions (kde#489910) * Fix PanelConfigView being shown on the wrong screen in multi-monitor setups * applets/kicker: Escape ampersands in jumplist actions * servicerunner: score startswith matches higher than perfect matches * servicerunner: still consider keywords even when they are poor matches (kde#512399) * servicerunner: when a key starts with the search term, bump it (kde#512400) * wallpapers/image: Fix wallpaper previews not honoring aspect ratio for sourceSize (kde#512420) ==== polkit-kde-agent-6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: polkit-kde-agent-6-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== postfix ==== Version update (3.10.6 -> 3.10.7) - Don't fail strip on non-existing files (easy hack to fix 32bit builds). - fix (bsc#1256462) [Build 12.10] openQA test fails in mta: Failed to start postfix.service Remove postfix set-permisson from all spaces - Strip binaries - fix (bsc#1256462) [Build 12.10] openQA test fails in mta: Failed to start postfix.service Put postfix set-permisson into %post - (jsc#PED-14859) Fix packages for Immutable Mode - postfix - Put /etc/permissions.d/postfix.paranoid into the postfix-SUSE.tar.gz - fix postfix-SUSE.tar.gz, postfix.service: correct path for postalias from /sbin/postalias to /usr/sbin/postalias - update to 3.10.7 * This patch addresses build errors on recent Linux distributions. With the patch, Postfix builds will run the compiler with a backwards compatibility option that is supported by Gcc and Clang. For other compilers, an error message provides hints. - Add /var/spool/mail to the permissions.d drop-in. This directory used to be whitelisted globally in the permissions package but an update for the exim mail server changed that (bsc#1254597 bsc#1240755). - Reintroduce permissions.d/postfix-paranoid drop-in that was removed in r534. - postfix is unable to send mail by default (bsc#1253775) o Clean up the package * Get rid of config.postfix script to avoid unintentional changes of the configuration. The sysconfig files mail and postfix were removed also. * Deliver the original main.cf and master.cf * Remove a lot of deprecated stuff from the package. * Remove the ExecStartPre scripts to maintain the postmaps and the chroot environment. * A new ExecStartPre script manages the default alias map which is part of the default configuration of postfix. /sbin/postalias /etc/aliases * Do not use the permissions framework. A new ExecStartPre script takes care of the right permissions: /usr/sbin/postfix set-permissions * Remove mkpostfixcert * Get rid of berkley db converting scripts o Remove patches: * postfix-master.cf.patch * postfix-main.cf.patch * postfix-bdb-main.cf.patch ==== powerdevil6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: powerdevil6-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * applets: Fix authorized check for KCMs ==== python-Pillow ==== Version update (12.0.0 -> 12.1.0) - Update to 12.1.0 * Deprecations * Deprecate getdata(), in favour of new get_flattened_data() #9292 [@radarhere] * Documentation * Specify APNG duration type when opening #9368 [@radarhere] * Added release notes for #9350 #9366 [@radarhere] * Update ImageMorph documentation #9349 [@radarhere] * Docs: update major bump cadence #9334 [@hugovk] * Add release notes for #9070 #9320 [@radarhere] * Updated Ubuntu version #9306 [@radarhere] * Update macOS tested Pillow versions #9265 [@radarhere] * Dependencies * Update harfbuzz to 12.3.0 #9355 [@radarhere] * Update xz to 5.8.2 #9343 [@radarhere] * Updated libjpeg-turbo to 3.1.3 #9333 [@radarhere] * Updated zlib-ng to 2.3.2 #9324 [@radarhere] * Updated libpng to 1.6.53 #9325 [@radarhere] * Update actions/checkout action to v6 #9323 [@renovate[bot]] * Update dependency mypy to v1.19.0 #9322 [@renovate[bot]] * Updated libpng to 1.6.51 #9305 [@radarhere] * Updated brotli to 1.2.0 #9284 [@radarhere] * Update libimagequant to 4.4.1 #9301 [@radarhere] * Update zlib-ng to 2.3.1, except on manylinux2014 aarch64 #9312 [@radarhere] * Updated harfbuzz to 12.2.0 #9289 [@radarhere] * Update github-actions #9277 [@renovate[bot]] * Testing * Replace pre-commit with prek #9360 [@hugovk] * Test PyQt6 on Python 3.14 on Windows #9353 [@radarhere] * Test 32-bit Windows on Windows Server 2022 #9345 [@radarhere] * Correct variable type #9335 [@radarhere] * Fix ResourceWarnings in selftest.py #9332 [@hugovk] * Fix testing good P mode BMP images #9319 [@radarhere] * Test Python 3.15 pre-release #9331 [@hugovk] * Test ImageFont.ImageFont, in case freetype2 is not supported #9287 [@radarhere] * Add Fedora 43 #9290 [@radarhere] * Remove Fedora 41 #9260 [@radarhere] * Type hints * Add ImageFile context manager #9367 [@radarhere] * Assert fp is not None #8617 [@radarhere] * Added return type to ImageFile _close_fp() #9356 [@radarhere] * Use different variables for Image and ImageFile instances #9316 [@radarhere] * Correct variable type #9335 [@radarhere] * Improve type hints #9317 [@radarhere] * Use different variables for Image and ImageFile instances #9268 [@radarhere] * Added type hints #9269 [@radarhere] * Correct getitem return type #9264 [@radarhere] * Other changes * Simplify band splitting #9291 [@radarhere] * Support saving APNG float durations #9365 [@radarhere] * Allow 1 mode images in MorphOp #9348 [@radarhere] * Use minimum supported Python version for Lint #9364 [@radarhere] * Allow for duplicate font variation styles #9362 [@radarhere] * Call parent verify method #9357 [@radarhere] * Return LUT from LutBuilder build_default_lut() #9350 [@radarhere] * Simplify WebP code #9329 [@radarhere] * Use unsigned long for DWORD #9352 [@radarhere] * Cast to UINT32 before shifting bits #9347 [@radarhere] * [pre-commit.ci] pre-commit autoupdate #9318 [@pre-commit-ci[bot]] * Allow window ID to be passed to ImageGrab.grab() on macOS #9070 [@yankeguo] * Apply encoder options when saving multiple PNG frames #9300 [@radarhere] * Read all non-zero transparency from mode 1 PNG images as 255 #9282 [@radarhere] * Support writing IFD, SIGNED_RATIONAL and InkNames TIFF tags #9276 [@radarhere] * Remove unused modes #9275 [@radarhere] * Correct allocating new color to RGBA palette #9313 [@radarhere] * Close image on ImageFont exception #9304 [@radarhere] * Reapply "Use macos-latest for iOS arm64 simulator" #9259 [@radarhere] * Escape period in pre-commit-config #9036 [@radarhere] * Add Apache-2.0 notice to IcoImagePlugin #8947 [@stefan6419846] * [pre-commit.ci] pre-commit autoupdate #9288 [@pre-commit-ci[bot]] * Simplify code now that I;16* modes are the only IMAGING_TYPE_SPECIAL #9263 [@radarhere] * Remove BytesIO from DdsImagePlugin #9273 [@radarhere] * Fix ZeroDivisionError in DdsImagePlugin #9272 [@radarhere] * Fix warnings #9257 [@radarhere] ==== python-pyasn1 ==== Version update (0.6.1 -> 0.6.2) Subpackages: python311-pyasn1 python313-pyasn1 - Update to 0.6.2 (fixes CVE-2026-2141, bsc#1256331) * Fixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490). * Added support for Python 3.14. * Added SECURITY.md policy. * Migrated to pyproject.toml packaging. - fix broken changelog entries ==== python-requests-gssapi ==== Version update (1.3.0 -> 1.4.0) - Update to version 1.4.0: - Support GSSAPI channel bindings - Raise exceptions if CBs are requested but not available ==== python-tinycss2 ==== Version update (1.4.0 -> 1.5.1) - Update to 1.5.1 * Include parsing tests in source tarball - 1.5.0: * Support most of CSS Color Level 5 * Fix tokenizer crash on escaped Dimension units and Function names ==== python-urllib3 ==== Version update (2.6.2 -> 2.6.3) Subpackages: python311-urllib3 python313-urllib3 - Update to 2.6.3 * Fixed a high-severity security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (GHSA-38jv-5279-wg99) (bsc#1256331, CVE-2026-21441) * Started treating ``Retry-After`` times greater than 6 hours as 6 hours by default. (#3743) * Fixed ``urllib3.connection.VerifiedHTTPSConnection`` on Emscripten. (#3752) ==== qqc2-breeze-style6 ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== ruby4.0 ==== Version update (4.0.0 -> 4.0.1) Subpackages: libruby4_0-4_0 - Update to 4.0.1 This release includes a bugfix for spurious wakeup from Kernel#sleep when subprocess exits in another thread, along with other bugfixes. Please see the GitHub releases for further details. - Bug #21812: Kernel#sleep without arguments returns immediately when subprocess exits in another thread (regression in Ruby 4.0) - Ruby - Ruby Issue Tracking System - Bug #21828: An incorrect warning message related to benchmark is shown when using benchmark-ips - Ruby - Ruby Issue Tracking System - Bug #21811: Fix underflow in Array#pack - Ruby - Ruby Issue Tracking System - Bug #21814: 0.pow(2,-9999999999999999990) should be zero - Ruby - Ruby Issue Tracking System - Bug #21819: A Data object should be frozen even if it has no members - Ruby - Ruby Issue Tracking System https://github.com/ruby/ruby/compare/v4.0.0...v4.0.1 ==== salt ==== Subpackages: python311-salt salt-master salt-minion - Make syntax in httputil_test compatible with Python 3.6 - Fix KeyError in postgres module with PostgreSQL 17 (bsc#1254325) - Added: * fix-tornado-s-httputil_test-syntax-for-python-3.6.patch * backport-add-maintain-m-privilege-to-postgres-module.patch - Use internal deb classes instead of external aptsource lib - Speed up wheel key.finger call (bsc#1240532) - Add security patches (bsc#1254903,bsc#1254905,bsc#1254904) - Simplify and speed up utils.find_json function (bsc#1246130) - Added: * use-internal-salt.utils.pkg.deb-classes-instead-of-a.patch * speedup-wheel-key.finger-call-bsc-1240532-713.patch * fixes-for-security-issues-cve-2025-13836-cve-2025-67.patch * simplify-utils.json.find_json-function.patch - Extend warn_until period to 2027 - Added: * extend-fails-to-warnings-until-2027-742.patch ==== sdbootutil ==== Version update (1+git20260108.be38224 -> 1+git20260115.cd41d07) Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper - Update to version 1+git20260115.cd41d07: * sdbootutil: ignore devices that aren't listed in /etc/crypttab * Print message about debug log to stderr - Update to version 1+git20260114.371a8b3: * Create the /var/lib/sdbootutil directory during installation * Make fde-tools file optional ==== sddm-kcm6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: sddm-kcm6-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== selinux-policy ==== Version update (20260108 -> 20260120) Subpackages: selinux-policy-targeted - Update to version 20260120: * Allow bluetoothd to access alsa config (bsc#1255866) * Allow snapper_sdbootutil_plugin to set targets file context during 'mv' (bsc#1256419) ==== sendmail ==== Subpackages: libmilter1_0 - Correct group permission of /var/spool/clientmqueue to make sendmail work again (boo#1255437) - Support Immutable Mode (jsc#PED-14688) * Note that still sendmail is not part of SLES-16 and above ==== shadow ==== Version update (4.18.0 -> 4.19.2) Subpackages: libsubid5 login_defs shadow-pw-mgmt - Update to 4.19.2: Regression fixes usermod(8): * Revert an incorrect commit. See #1509 and #1510. - Update to 4.19.1: Regression fixes in chpasswd(8): * Don't reject leading '!' in password hashes or a hash consisting of "*". These were accidentally rejected in 4.19.0. See #1483 and #1486. * Don't reject a passwordless account ("" or "!"). See #1483 (comment) and #1505. - Update to 4.19.0: Breaking changes: * Remove support for escaped newlines in configuration files. It never worked correctly. b0a7ce5 (2025-12-05; "lib/, po/: Remove fgetsx() and fputsx()") * Some user names and group names are too dangerous and are rejected, even with --badname. 25aea74 (2025-12-25; "lib/chkname.c, src/: Strictly disallow really bad names") Future breaking changes: * SHA512 and SHA256 will be supported unconditionally in the next release. The build-time flag '--with-sha-crypt' will be removed. See #1452. Support: * Several years ago, there were talks about deprecating su(1) and login(1), back when this project was maintained as part of Debian. However, nothing was clearly stated, and there were doubts about the status of these programs. Let's clarify them now. * Our implementations of su(1) and login(1) are fully supported, and we don't have any plans to remove them. They are NOT deprecated. See #464. Deprecations: * groupmems(8) The program will be removed in a future release. See #1343. * logoutd(8) The program will be removed in the next release. See #999, and #1344. * DES This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See #1456 * MD5 This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See #1457 * login.defs(5): MD_CRYPT_ENAB This feature had been deprecated for decades. It will be removed in a future release. The command-line equivalents (-m, --md5) of this feature in chpasswd(8) and chgpasswd(8) will also be removed in a future release. See #1455. * login.defs(5): PASS_MAX_LEN This feature is ignored except for DES. Once DES is removed, it makes no sense keeping it. It may be removed in a future release. * Password aging Scientific research shows that periodic password expiration leads to predictable password patterns, and that even in a theoretical scenario where that wouldn't happen the gains in security are mathematically negligible. https://people.scs.carleton.ca/~paulv/papers/expiration-authorcopy.pdf * Modern security standards, such as NIST SP 800-63B-4 in the USA, prohibit periodic password expiration. https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver https://pages.nist.gov/800-63-FAQ/#q-b05 https://www.ncsc.gov.uk/collection/passwords/updating-your-approach#PasswordGuidance:UpdatingYourApproach-Don'tenforceregularpasswordexpiry * To align with these, we're deprecating the ability to periodically expire passwords. The specifics and long-term roadmap are currently being discussed, and we invite feedback from users, particularly from those in regulated environments. See #1432. * This deprecation includes the following programs and features: + expiry(1) + chage(1): - I,--inactive (also the interactive version) - m,--mindays (also the interactive version) - M,--maxdays (also the interactive version) - W,--warndays (also the interactive version) + passwd(1): - k,--keep-tokens - n,--mindays - x,--maxdays - i,--inactive - w,--warndays + useradd(8): - f,--inactive + usermod(8): - f,--inactive + login.defs(5): PASS_MIN_DAYS PASS_MAX_DAYS PASS_WARN_AGE + /etc/default/useradd: INACTIVE + shadow(5): sp_lstchg: Restrict to just the values 0 and empty. sp_min ... changelog too long, skipping 12 lines ... * shadow-login_defs-unused-by-pam.patch ==== spectacle ==== Version update (6.5.4 -> 6.5.5) Subpackages: spectacle-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== sssd ==== Version update (2.11.1 -> 2.12.0) Subpackages: libnfsidmap-sss libsss_certmap0 libsss_idmap0 sssd-krb5-common sssd-ldap - Update to release 2.12.0 * Fixed CVE-2025-11561 by disabling an2ln in the default implicitly created Kerberos configuration snippet, typically in /var/lib/sss/pubconf/krb5.include.d/localauth_plugin. * SSSD now allows using machine credentials from a trusted AD domain or Kerberos realm if no suitable domain-local credentials are available. * SSSD now supports authentication mechanism selection through PAM using a JSON-based protocol. This feature enables passwordless authentication mechanisms in GUI login environments that support the protocol (e.g. GNOME 50). * The generic SSSD LDAP provider (id_provider = ldap) now supports fetching subid ranges, a feature previously supported only by the IPA provider. * The default value of the `session_provider` option was changed to `none` (i.e. disabled) no matter what id_provider is used. - Delete 0002-krb5-disable-Kerberos-localauth-an2ln-plugin-for-AD-.patch (merged) ==== syslogd ==== Subpackages: klogd syslog-service - Avoid restarting klog.service and klogd.service in postun as both services should be started once (boo#1243035#c14) ==== systemsettings6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: systemsettings6-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * Retranslate QML on QEvent::LanguageChange ==== taglib ==== Subpackages: libtag2 libtag_c2 - Fix writing of Vorbis comment for FLAC in Ogg, add patches: * 0001-Do-not-warn-when-seeing-FLAC-picture-block-in-Ogg-fi.patch * 0002-Set-last-header-flag-in-FLAC-Metadata-block-type-fie.patch * 0003-Avoid-corrupting-an-invalid-FLAC-Ogg-file-without-Vo.patch * 0004-Fix-reading-of-last-page-in-ogg-stream.patch - Remove obsolete library dependency, obsolete with SOVERSION bump. - Remove long obsolete susehelp fragments, drop corresponding taglib.desktop file, remove deprecated update-desktop-file. ==== texlive ==== - Support Immutable Mode (jsc#PED-14907 and jsc#PED-14906) ==== util-linux ==== Version update (2.41.2 -> 2.41.3) Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 util-linux-lang - Fix filelist for systemd flavor. - update to 2.41.3 (bsc#1254666, CVE-2025-14104): * added bash-completion for lsfd, blkpr * added missing mount options for bash-completion * libfdisk: fix off-by-one in maximum last sector calculation within MS-DOS-style partition tables * login-utils: fix setpwnam() buffer use [CVE-2025-14104] * losetup: sort 'O' correctly for the mutual-exclusive check to work * lscpu: use maximum CPU speed from DMI, avoid duplicate version string * lscpu: add a few missing ARM CPU identifiers * lsfd: fix memory leak related to stat_error_class * umount: consider helper return status for success message * wdctl: remove -d option leftover * misc: fix memory leak in setpwnam() ==== util-linux-systemd ==== Version update (2.41.2 -> 2.41.3) Subpackages: lastlog2 liblastlog2-2 - Fix filelist for systemd flavor. - update to 2.41.3 (bsc#1254666, CVE-2025-14104): * added bash-completion for lsfd, blkpr * added missing mount options for bash-completion * libfdisk: fix off-by-one in maximum last sector calculation within MS-DOS-style partition tables * login-utils: fix setpwnam() buffer use [CVE-2025-14104] * losetup: sort 'O' correctly for the mutual-exclusive check to work * lscpu: use maximum CPU speed from DMI, avoid duplicate version string * lscpu: add a few missing ARM CPU identifiers * lsfd: fix memory leak related to stat_error_class * umount: consider helper return status for success message * wdctl: remove -d option leftover * misc: fix memory leak in setpwnam() ==== wacomtablet-kcm6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: wacomtablet-kcm6-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== wavpack ==== Version update (5.8.1 -> 5.9.0) Subpackages: libwavpack1 libwavpack1-x86-64-v3 - Update to version 5.9.0 * added: new feature to wvtag to copy tags from one WavPack file to another. * improved: minor tweaks to the new DNS (dynamic noise shaping) algorithm. * improved: better handling of specfic non-standard WAV and AIFF files. * fixed: issues related to encoding from an unknown length (e.g., pipes). * fixed: several fuzzer-revealed issues related to multithreading * fixed: potential buffer overruns in WavpackOpenRawDecoder(). ==== xdg-desktop-portal-kde6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: xdg-desktop-portal-kde6-lang - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== xdm ==== Subpackages: displaymanager-sysconfig - fix installation of authfiles directory for Immutable mode (jsc#PED-14915) ==== xkeyboard-config ==== Subpackages: xkeyboard-config-lang - move 'compiled' symlink to tmpfiles (boo#1256912) - fix installation of directory for compiled layouts for Immutable mode (jsc#PED-14831) ==== xorg-x11-server ==== Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra - fix installation of directory for compiled keyboard layouts for Immutable mode (jsc#PED-14914) ==== xwayland ==== Version update (24.1.8 -> 24.1.9) - Update to version 24.1.9 * This release contains the fixes for the issues reported in security advisory: https://lists.x.org/archives/xorg-announce/2025-October/003635.html + CVE-2025-62229 + CVE-2025-62230 + CVE-2025-62231 * Additionally, it contains a number of additional fixes: - supersedes the following patches * bsc1251958_CVE-2025-62229_0001-present-Fix-use-after-free-in-present_create_notifie.patch * bsc1251959_CVE-2025-62230_0001-xkb-Make-the-RT_XKBCLIENT-resource-private.patch * bsc1251959_CVE-2025-62230_0002-xkb-Free-the-XKB-resource-when-freeing-XkbInterest.patch * bsc1251960_CVE-2025-62231_0001-xkb-Prevent-overflow-in-XkbSetCompatMap.patch * U_glamor_Fix_dual_blend_on_GLES3.patch * U_randr_Do_not_leak_provider_property.patch * U_xwayland_Dispatch_tablet_tool_tip_events.patch - adjusted U_xwayland_Dont_run_key_behaviors_and_actions.patch ==== yast2 ==== Version update (5.0.18 -> 5.0.19) Subpackages: yast2-logs - Drop libyui dependency in SLES (related to bsc#1254978) - 5.0.19 ==== yast2-packager ==== Version update (5.0.10 -> 5.0.11) - Drop libyui dependency in SLES (related to bsc#1254978) - 5.0.11 ==== yast2-perl-bindings ==== Version update (5.0.4 -> 5.0.5) - Drop libyui dependency in SLES (related to bsc#1254978) - 5.0.5 ==== yast2-ruby-bindings ==== Version update (5.0.5 -> 5.0.6) - Drop libyui dependency in SLES (related to bsc#1254978) - 5.0.6 ==== yast2-storage-ng ==== Version update (5.0.38 -> 5.0.39) - Drop the yast2-ycp-ui-bindings dependency to avoid installing libyui in SLES (related to bsc#1254978) - 5.0.39 ==== yast2-trans ==== Version update (84.87.20260110.bcca851389 -> 84.87.20260112.417521aa92) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20260112.417521aa92: * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian)