Packages changed: Mesa Mesa-drivers MicroOS-release (20260113 -> 20260121) aaa_base (84.87+git20251111.509a363 -> 84.87+git20260112.8f614f3) alsa (1.2.15.2 -> 1.2.15.3) aurorae6 (6.5.4 -> 6.5.5) avahi avahi-glib2 bluedevil6 (6.5.4 -> 6.5.5) breeze6 (6.5.4 -> 6.5.5) breeze6-gtk (6.5.4 -> 6.5.5) cockpit-tukit (0.1.5 -> 0.1.7~git0.61e54f1) discover6 (6.5.4 -> 6.5.5) dracut (059+suse.785.g17d177bb -> 059+suse.787.gfb86123e) exfatprogs (1.3.0 -> 1.3.1) ffmpeg-8 filesystem flatpak-kcm6 (6.5.4 -> 6.5.5) fuse3 fwupd gpsd (3.27.3 -> 3.27.5) harfbuzz irqbalance (1.9.4.77.git+d913f60 -> 1.9.5.0.git+cf76396) jeos-firstboot (1.5.8 -> 1.5.9) kactivitymanagerd6 (6.5.4 -> 6.5.5) kde-cli-tools6 (6.5.4 -> 6.5.5) kde-gtk-config6 (6.5.4 -> 6.5.5) kdecoration6 (6.5.4 -> 6.5.5) kdeplasma6-addons (6.5.4 -> 6.5.5) kernel-firmware-amdgpu (20260109 -> 20260116) kernel-firmware-bluetooth (20260109 -> 20260116) kernel-firmware-i915 (20260109 -> 20260114) kernel-firmware-iwlwifi (20251217 -> 20260116) kernel-firmware-mediatek (20260110 -> 20260114) kernel-firmware-network (20260106 -> 20260116) kernel-firmware-qcom (20260109 -> 20260114) kernel-source (6.18.5 -> 6.18.6) kf6-kguiaddons (6.22.0 -> 6.22.1) kf6-kuserfeedback kgamma6 (6.5.4 -> 6.5.5) kglobalacceld6 (6.5.4 -> 6.5.5) kinfocenter6 (6.5.4 -> 6.5.5) kmenuedit6 (6.5.4 -> 6.5.5) knighttime6 (6.5.4 -> 6.5.5) kpipewire6 (6.5.4 -> 6.5.5) kscreen6 (6.5.4 -> 6.5.5) kscreenlocker6 (6.5.4 -> 6.5.5) ksshaskpass6 (6.5.4 -> 6.5.5) ksystemstats6 (6.5.4 -> 6.5.5) kwayland-integration6 (6.5.4 -> 6.5.5) kwayland6 (6.5.4 -> 6.5.5) kwin6 (6.5.4 -> 6.5.5) layer-shell-qt6 (6.5.4 -> 6.5.5) libblockdev libcontainers-common (20250409 -> 20260112) libheif (1.21.1 -> 1.21.2) libkscreen6 (6.5.4 -> 6.5.5) libksysguard6 (6.5.4 -> 6.5.5) libplasma6 (6.5.4 -> 6.5.5) libpng16 (1.6.53 -> 1.6.54) libsndfile libvdpau libvpl (2.15.0 -> 2.16.0) llvm21 (21.1.7 -> 21.1.8) milou6 (6.5.4 -> 6.5.5) mozilla-nss (3.118.1 -> 3.119.1) multipath-tools (0.13.0+229+suse.dbac936f -> 0.14.0+207+suse.18c17be5) ncurses (6.6.20260103 -> 6.6.20260117) nghttp3 (1.13.1 -> 1.14.0) ngtcp2 (1.18.0 -> 1.19.0) openSUSE-build-key opus (1.6 -> 1.6.1) orc (0.4.41 -> 0.4.42) p11-kit (0.25.10 -> 0.26.1) pam-config (2.13+git.20251203 -> 2.14+git.20260120) pkcs11-helper (1.30.0 -> 1.31.0) plasma5support6 (6.5.4 -> 6.5.5) plasma6-activities (6.5.4 -> 6.5.5) plasma6-activities-stats (6.5.4 -> 6.5.5) plasma6-browser-integration (6.5.4 -> 6.5.5) plasma6-desktop (6.5.4 -> 6.5.5) plasma6-integration (6.5.4 -> 6.5.5) plasma6-nm (6.5.4 -> 6.5.5) plasma6-openSUSE plasma6-pa (6.5.4 -> 6.5.5) plasma6-print-manager (6.5.4 -> 6.5.5) plasma6-systemmonitor (6.5.4 -> 6.5.5) plasma6-workspace (6.5.4 -> 6.5.5) polkit-kde-agent-6 (6.5.4 -> 6.5.5) powerdevil6 (6.5.4 -> 6.5.5) python-jsonschema (4.25.1 -> 4.26.0) python-pyasn1 (0.6.1 -> 0.6.2) python-urllib3 (2.6.2 -> 2.6.3) qqc2-breeze-style6 (6.5.4 -> 6.5.5) sdbootutil (1+git20260108.be38224 -> 1+git20260115.cd41d07) sddm-kcm6 (6.5.4 -> 6.5.5) selinux-policy (20260108 -> 20260120) shadow (4.18.0 -> 4.19.2) spectacle (6.5.4 -> 6.5.5) sssd (2.11.1 -> 2.12.0) systemd-presets-branding-MicroOS systemsettings6 (6.5.4 -> 6.5.5) taglib transactional-update (5.1.0 -> 6.0.6) util-linux (2.41.2 -> 2.41.3) util-linux-systemd (2.41.2 -> 2.41.3) xdg-desktop-portal-kde6 (6.5.4 -> 6.5.5) xdm xkeyboard-config xorg-x11-server xwayland (24.1.8 -> 24.1.9) yast2 (5.0.18 -> 5.0.19) === Details === ==== Mesa ==== Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1 - includes the fixes for bsc#1245034, bsc#1241370, bsc#1241701 - includes the following patches: * U_0001-svga-add-svga_resource_create_with_modifiers-functio.patch * U_0002-svga-fix-printing-64-bit-value-for-32-bit-build.patch * U_gbm-fix-get_back_bo-failure-with-gbm_surface-and-imp.patch * U_egl-never-select-swrast-for-vmwgfx.patch - Enable Asahi DRI and Vulkan drivers for x86_64 and AArch64 ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-vulkan-device-select libvulkan_lvp - includes the fixes for bsc#1245034, bsc#1241370, bsc#1241701 - includes the following patches: * U_0001-svga-add-svga_resource_create_with_modifiers-functio.patch * U_0002-svga-fix-printing-64-bit-value-for-32-bit-build.patch * U_gbm-fix-get_back_bo-failure-with-gbm_surface-and-imp.patch * U_egl-never-select-swrast-for-vmwgfx.patch - Enable Asahi DRI and Vulkan drivers for x86_64 and AArch64 ==== MicroOS-release ==== Version update (20260113 -> 20260121) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== aaa_base ==== Version update (84.87+git20251111.509a363 -> 84.87+git20260112.8f614f3) - Update to version 84.87+git20260112.8f614f3: * add ghost entries for the removed dirs * Revert list directories above all normal files. - Update to version 84.87+git20251217.34fd7bc: * add tmpfiles template adm-backup.conf (jsc#PED-14803) * Revert ec7f00fa60f11d28b427f2e224822a7b81825806 * Fix old script to support copy mode as well * Support for XDG environment variables for the su, * adapted sugggestions * Patching nsswitch.conf only if it has not been generated by nsswitch-config (JIRA-#PED-13807). * Avoid nasty exceptions running tput ==== alsa ==== Version update (1.2.15.2 -> 1.2.15.3) - Update to alsa-lib 1.2.15.3: * seq: return back old snd_seq_drain_output behaviour for -EAGAIN ==== aurorae6 ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== avahi ==== Subpackages: libavahi-client3 libavahi-common3 libavahi-core7 - Add avahi-CVE-2025-68276.patch: Backport 0c013e2 from upstream, refuse to create wide-area record browsers when wide-area is off. (CVE-2025-68276, bsc#1256498) - Add avahi-CVE-2025-68471.patch: Backport 9c6eb53 from upstream, fix DoS bug by changing assert to return. (CVE-2025-68471, bsc#1256500) - Add avahi-CVE-2025-68468.patch: Backport f66be13 from upstream, fix DoS bug by removing incorrect assertion. (CVE-2025-68468, bsc#1256499) ==== avahi-glib2 ==== - Add avahi-CVE-2025-68276.patch: Backport 0c013e2 from upstream, refuse to create wide-area record browsers when wide-area is off. (CVE-2025-68276, bsc#1256498) - Add avahi-CVE-2025-68471.patch: Backport 9c6eb53 from upstream, fix DoS bug by changing assert to return. (CVE-2025-68471, bsc#1256500) - Add avahi-CVE-2025-68468.patch: Backport f66be13 from upstream, fix DoS bug by removing incorrect assertion. (CVE-2025-68468, bsc#1256499) ==== bluedevil6 ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== breeze6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: breeze6-cursors breeze6-decoration breeze6-style breeze6-wallpapers - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== breeze6-gtk ==== Version update (6.5.4 -> 6.5.5) Subpackages: gtk3-metatheme-breeze6 metatheme-breeze6-common - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== cockpit-tukit ==== Version update (0.1.5 -> 0.1.7~git0.61e54f1) - Update to version 0.1.7~git0.61e54f1: * Dependency updates * Translation updates * Fix non-x86 builds ==== discover6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: discover6-backend-flatpak discover6-backend-fwupd discover6-notifier - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * Fix for F5 refresh shortcut on the Updates page (kde#513765) * Fix hardcoded "Linux" in web search fallback ==== dracut ==== Version update (059+suse.785.g17d177bb -> 059+suse.787.gfb86123e) Subpackages: dracut-ima - Update to version 059+suse.787.gfb86123e: * fix(dracut.spec): switch to tmpfiles based file creation (jsc#PED-14786) ==== exfatprogs ==== Version update (1.3.0 -> 1.3.1) - Update to 1.3.1: Features: * fsck.exfat: support repairing the allocation bitmap size. Changes: * exfatprogs: temporarily disable building defrag.exfat due to reported data loss. Bug fixes: * libexfat: fix a NULL pointer dereference in read_file_dentry_set(). ==== ffmpeg-8 ==== Subpackages: libavcodec62 libavfilter11 libavformat62 libavutil60 libswresample6 libswscale9 - Enable some more codecs based on package availability and based on comparison with Fedora's ffmpeg package. ==== filesystem ==== - Own /usr/etc/security/pam_env.conf.d as aaa_base installs a base configuration there. ==== flatpak-kcm6 ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * preload wallpaper table (kde#511958) ==== fuse3 ==== Subpackages: libfuse3-4 - Add dependency from libfuse3-4 to fusermount3 program [boo#1256466] ==== fwupd ==== Subpackages: libfwupd3 typelib-1_0-Fwupd-2_0 - Add 0001-Allow-systemd-service-to-access-block-sr-cdrom-devic.patch: allow fwupd.service to interact with cdrom (boo#1256507) ==== gpsd ==== Version update (3.27.3 -> 3.27.5) - Update to version 3.27.5 * Correctly bump API Version to 16.1 cgps checks for matching API version. - Update to version 3.27.4 * Bump API Version to 16.1 ==== harfbuzz ==== Subpackages: libharfbuzz-gobject0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - Add harfbuzz-CVE-2026-22693.patch: fix a NULL pointer dereference (bsc#1246459 CVE-2026-22693). ==== irqbalance ==== Version update (1.9.4.77.git+d913f60 -> 1.9.5.0.git+cf76396) - Update to version 1.9.5.0.git+cf76396: * Update configure.ac/meson.build for irqbalance 1.9.5 * meson: force systemd-service installation with a seperate option * Fixed incorrect comparison in snprintf() in procinterrupts.c. * Added missing '/' and fixed message in procinterrupts.c. * Safer string handling in procinterrupts.c. ==== jeos-firstboot ==== Version update (1.5.8 -> 1.5.9) - Update to version 1.5.9: * Use snapper create on transactional systems again ==== kactivitymanagerd6 ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== kde-cli-tools6 ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * kioclient: Don't set appname (kde#512650) ==== kde-gtk-config6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: kde-gtk-config6-gtk3 - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== kdecoration6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: libkdecorations3-6 libkdecorations3private2 - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== kdeplasma6-addons ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * applets/weather: Fix pressure representation on tooltip (kde#514419) * applets/weather: check for a night icon before return an empty icon (kde#513069) * applets/notes: Fix cursor position on external data * Fix effects_cube translation * applets/weather: Fix visibility for zero degrees temperatures (kde#512871) ==== kernel-firmware-amdgpu ==== Version update (20260109 -> 20260116) - Update to version 20260116 (git commit c2912a665205): * amdgpu: DMCUB updates for various ASICs ==== kernel-firmware-bluetooth ==== Version update (20260109 -> 20260116) - Update to version 20260116 (git commit c2912a665205): * linux-firmware: Add firmware file for Intel ScorpiusGfp2 core * linux-firmware: Update firmware file for Intel Scorpius core * linux-firmware: Update firmware file for Intel BlazarIGfP core * linux-firmware: Update firmware file for Intel BlazarI core * linux-firmware: Update firmware file for Intel BlazarU-HrPGfP core * linux-firmware: Update firmware file for Intel BlazarU core - Update to version 20260116 (git commit 2b93c4fc3564): * rtl_bt: Update RTL8852BT/RTL8852BE-VT BT USB FW to 0x06EB_C65F ==== kernel-firmware-i915 ==== Version update (20260109 -> 20260114) - Update to version 20260114 (git commit e477bd5942f4): * xe: Add GSC 105.0.2.1301 for PTL ==== kernel-firmware-iwlwifi ==== Version update (20251217 -> 20260116) - Update to version 20260116 (git commit 2b93c4fc3564): * iwlwifi: add Bz/Sc FW for core102-56 release * iwlwifi: Add Hr/Gf firmware for core102-56 release * iwlwifi: update ty/So/Ma firmwares for core102-56 release ==== kernel-firmware-mediatek ==== Version update (20260110 -> 20260114) - Update to version 20260114 (git commit e477bd5942f4): * mediatek: rename MT8188 SCP firmware ==== kernel-firmware-network ==== Version update (20260106 -> 20260116) - Update to version 20260116 (git commit 2b93c4fc3564): * linux-firmware: Add firmware for airoha-npu-7583 driver ==== kernel-firmware-qcom ==== Version update (20260109 -> 20260114) - Update to version 20260114 (git commit e477bd5942f4): * qcom: Update DSP firmware for QCM6490 platform ==== kernel-source ==== Version update (6.18.5 -> 6.18.6) - Linux 6.18.6 (bsc#1012628). - NFSD: Fix permission check for read access to executable-only files (bsc#1012628). - nfsd: provide locking for v4_end_grace (bsc#1012628). - nfsd: use correct loop termination in nfsd4_revoke_states() (bsc#1012628). - nfsd: check that server is running in unlock_filesystem (bsc#1012628). - NFSD: net ref data still needs to be freed even if net hasn't startup (bsc#1012628). - NFSD: Remove NFSERR_EAGAIN (bsc#1012628). - atm: Fix dma_free_coherent() size (bsc#1012628). - net: 3com: 3c59x: fix possible null dereference in vortex_probe1() (bsc#1012628). - net: do not write to msg_get_inq in callee (bsc#1012628). - arm64: Fix cleared E0POE bit after cpu_suspend()/resume() (bsc#1012628). - bnxt_en: Fix NULL pointer crash in bnxt_ptp_enable during error cleanup (bsc#1012628). - btrfs: always detect conflicting inodes when logging inode refs (bsc#1012628). - mei: me: add nova lake point S DID (bsc#1012628). - rust_binder: remove spin_lock() in rust_shrink_free_page() (bsc#1012628). - lib/crypto: aes: Fix missing MMU protection for AES S-box (bsc#1012628). - counter: 104-quad-8: Fix incorrect return value in IRQ handler (bsc#1012628). - counter: interrupt-cnt: Drop IRQF_NO_THREAD flag (bsc#1012628). - tracing: Add recursion protection in kernel stack trace recording (bsc#1012628). - riscv: boot: Always make Image from vmlinux, not vmlinux.unstripped (bsc#1012628). - nouveau: don't attempt fwsec on sb on newer platforms (bsc#1012628). - Revert "drm/atomic-helper: Re-order bridge chain pre-enable and post-disable" (bsc#1012628). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (bsc#1012628). - arm64: dts: imx95: correct I3C2 pclk to IMX95_CLK_BUSWAKEUP (bsc#1012628). - drm/amd/display: Apply e4479aecf658 to dml (bsc#1012628). - drm/amdgpu: Fix query for VPE block_type and ip_count (bsc#1012628). - drm/atomic-helper: Export and namespace some functions (bsc#1012628). - drm/pl111: Fix error handling in pl111_amba_probe (bsc#1012628). - drm/tidss: Fix enable/disable order (bsc#1012628). - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (bsc#1012628). - gpio: rockchip: mark the GPIO controller as sleeping (bsc#1012628). - io_uring/io-wq: fix incorrect io_wq_for_each_worker() termination logic (bsc#1012628). - PCI: meson: Report that link is up while in ASPM L0s and L1 states (bsc#1012628). - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (bsc#1012628). - PM: hibernate: Fix crash when freeing invalid crypto compressor (bsc#1012628). - Revert "drm/mediatek: dsi: Fix DSI host and panel bridge pre-enable order" (bsc#1012628). - wifi: avoid kernel-infoleak from struct iw_point (bsc#1012628). - wifi: mac80211: restore non-chanctx injection behaviour (bsc#1012628). - libceph: prevent potential out-of-bounds reads in handle_auth_done() (bsc#1012628). - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (bsc#1012628). - libceph: make free_choose_arg_map() resilient to partial allocation (bsc#1012628). - libceph: return the handler error from mon_handle_auth_done() (bsc#1012628). - libceph: reset sparse-read state in osd_fault() (bsc#1012628). - libceph: make calc_target() set t->paused, not just clear it (bsc#1012628). - ublk: reorder tag_set initialization before queue allocation (bsc#1012628). - ALSA: hda: intel-dsp-config: Prefer legacy driver as fallback (bsc#1012628). - csky: fix csky_cmpxchg_fixup not working (bsc#1012628). - ARM: 9461/1: Disable HIGHPTE on PREEMPT_RT kernels (bsc#1012628). - alpha: don't reference obsolete termio struct for TC* constants (bsc#1012628). - dm-verity: disable recursive forward error correction (bsc#1012628). - dm-snapshot: fix 'scheduling while atomic' on real-time kernels (bsc#1012628). - NFSv4: ensure the open stateid seqid doesn't go backwards (bsc#1012628). - ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) (bsc#1012628). - NFS: Fix up the automount fs_context to use the correct cred (bsc#1012628). - ALSA: hda/realtek: Add support for ASUS UM3406GA (bsc#1012628). - drm/amd/display: shrink struct members (bsc#1012628). - smb/client: fix NT_STATUS_UNABLE_TO_FREE_VM value (bsc#1012628). - smb/client: fix NT_STATUS_DEVICE_DOOR_OPEN value (bsc#1012628). ... changelog too long, skipping 220 lines ... - commit e4ae677 ==== kf6-kguiaddons ==== Version update (6.22.0 -> 6.22.1) Subpackages: kf6-kguiaddons-imports libKF6GuiAddons6 - Update to 6.22.1 * Hotfix release - Changes since 6.22.0: * ksystemclipboard: Check m_thread in destructor (kde#514512) ==== kf6-kuserfeedback ==== Subpackages: kf6-kuserfeedback-imports libKF6UserFeedbackCore6 libKF6UserFeedbackWidgets6 - Replace usage of %{_smp_build_ncpus} for reproducible builds (boo#1237231) ==== kgamma6 ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== kglobalacceld6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: libKGlobalAccelD6-0 - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== kinfocenter6 ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== kmenuedit6 ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== knighttime6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: libKNightTime0 - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== kpipewire6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: kpipewire6-imports libKPipeWire6 libKPipeWireDmaBuf6 libKPipeWireRecord6 - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== kscreen6 ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== kscreenlocker6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: libKScreenLocker6 - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * 🍒greeter: fix hanging when unlocking via loginctl over KDE Connect (kde#506343,kde#505987) ==== ksshaskpass6 ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== ksystemstats6 ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== kwayland-integration6 ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== kwayland6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: libKWaylandClient6 - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== kwin6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: libkwin6 - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * useractions: use output order for "switch to screen i" shortcuts * useractions: use output order for "move window to screen i" shortcuts (kde#514465) * backends/wayland: fix the cursor hotspot with scaling * wayland/linuxdmabuf: drop buffers instead of deleting directly * Handle key repeat state from input method keys (kde#513637) * compositor: don't attempt to use cursor sizes other than the recommended one (kde#513810) * wayland/outputmanagement: reject clearly nonsensical positions * scene/workspacescene: ignore items with an opacity of zero (kde#513203) * core/sessions: don't take ownership of an fd that Qt will close (kde#513151) * Missing exported header file a11ykeyboardmonitor.h added * wayland: Fix sending wl_data_source::dnd_action(0) after drop (kde#512235) * rules: pass an activation token to the window rules KCM * xwayland: Fix keysniffing repeating keys (kde#510404) - Drop patches, now upstream: * 0001-core-sessions-don-t-take-ownership-of-an-fd-that-Qt-.patch ==== layer-shell-qt6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: libLayerShellQtInterface6 - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== libblockdev ==== Subpackages: libbd_crypto3 libbd_fs3 libbd_loop3 libbd_lvm3 libbd_mdraid3 libbd_nvme3 libbd_part3 libbd_smart3 libbd_swap3 libbd_utils3 libblockdev3 - Remove dependency from dmraid (already removed upstream in 3.0) ==== libcontainers-common ==== Version update (20250409 -> 20260112) Subpackages: libcontainers-default-policy registries-conf-default - New release 20260112 * bump bundled c/common to 0.64.1 * bump bundled c/image to 5.36.0 * bump bundled c/storage to 1.59.1 ==== libheif ==== Version update (1.21.1 -> 1.21.2) - update to 1.21.2: * build script for JS/WASM now supports building with JPEG2000 and "ISO23001-17 Uncompressed" support. * image sequence SAI data now works when using the OpenH264 decoder plugin ==== libkscreen6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: libKF6Screen8 libKF6ScreenDpms8 libkscreen6-plugin - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * Require passing tests * Fix hwdata location on FreeBSD * Remove references to no longer existing QScreen backend * Adjust test to removed qscreen backend * Remove testcase for qscreen backend * Remove testcase for xrandr 1.1 backend * Drop testQScreenBackend * Drop testModeSwitching * doctor: Add flipped rotation to help text * Add usage example for output.HDMI-2.brightness.10 ==== libksysguard6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: ksysguardsystemstats6-data libKSysGuardSystemStats2 libksysguard6-imports - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== libplasma6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: libPlasma6 libplasma6-components libplasma6-desktoptheme - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * Dialog: if we already flipped it to appear below, shift it upwards instead (kde#511188) * Fix hideOnWindowDeactivate in Dialog and AppletPopup (kde#511187) ==== libpng16 ==== Version update (1.6.53 -> 1.6.54) - version update to 1.6.54: * Fixed CVE-2026-22695 (medium severity): Heap buffer over-read in `png_image_read_direct_scaled. (Reported and fixed by Petr Simecek.) * Fixed CVE-2026-22801 (medium severity): Integer truncation causing heap buffer over-read in `png_image_write_*`. * Implemented various improvements in oss-fuzz. (Contributed by Philippe Antoine.) - fixes [bsc#1256526] and [bsc#1256525] ==== libsndfile ==== - No longer build with experimental flag passed to cmake, follow upstream default. - Fix memory leak in the mpeg_l3_encoder_init() function (CVE-2025-56226, bsc#1256702); currently we don't enable MP3, hence unaffected, but just to be sure for further enablement: libsndfile-CVE-2025-56226.patch sndfile-convert-CVE-2025-56226.patch ==== libvdpau ==== - Update to vdpauinfo 1.5 * AV1 Support added - supersedes U_Support-AV1.patch ==== libvpl ==== Version update (2.15.0 -> 2.16.0) - Update to version 2.16.0 * Intel® VPL API 2.16 support, including new AI-assisted encoder APIs and documentation updates ==== llvm21 ==== Version update (21.1.7 -> 21.1.8) - Update to version 21.1.8. * This release contains bug-fixes for the LLVM 21.1.0 release. This release is API and ABI compatible with 21.1.0. - Rebase llvm-do-not-install-static-libraries.patch. ==== milou6 ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== mozilla-nss ==== Version update (3.118.1 -> 3.119.1) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.119.1 * bmo#2004866 - restore coreconf/Darwin.mk behavior for intel archs - update to NSS 3.119 * bmo#1983320 - Fix ml-dsa return value for SECKEY_PrivateKeyStrengthInBits. * bmo#1986352 - Make sure we don't accept ECH if the HRR cookie is ill-formatted. * bmo#2002246 - Add a pkcs12 fuzzer with crypto stubbed out. * bmo#2003314 - handle errors while setting sanitizers cflags in build. * bmo#1986912 - Ignore IVs for AES KW. * bmo#2003286 - Update Cryptofuzz version. * bmo#2001932 - Fix incorrect logic for SNI selection when ECH is available but disabled. * bmo#1975855 - fix forwarding of sqlite_libs in sqlite.gyp. * bmo#1999204 - fix CPU_ARCH setting for arm64 makefile builds. * bmo#1998094 - remove unused calcThreads variable from cmd/rsaperf. * bmo#1978348 - Solving the incorrect tests introduced by extending EKU. * bmo#1972054 - Memory leaks in pkcs12 and pkcs7 decoders. * bmo#1978348 - Extending parsing with Microsoft Document Signing EKU. * bmo#1978348 - Extending parsing with Adobe Document Signing EKU. * bmo#1978348 - Extending pkix parsing with document signing EKUs. * bmo#2000737 - fix compilation failure on ia32. * bmo#2000737 - use hardware x64 GCM in static builds. * bmo#2000737 - separate ppc sha512 library from ppc gcm library. * bmo#2000737 - simplify cross-compilation from build.sh. * bmo#1724353 - use clang's integrated assembler. * bmo#2000737 - remove unused MP_IS_LITTLE_ENDIAN defines. * bmo#2000737 - fix logic for disabling altivec in gyp builds. * bmo#1964722 - free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed. * bmo#1972825 - Add TLS interoperability tests with openssl and gnutls. * bmo#1314849 - Ensure we don't send a DTLS1.3 cookie after DTLS1.2 HelloVerifyRequest. * bmo#1965329 - add failure checks to pk11_mergeTrust() . * bmo#1999517 - pk11wrap selects incorrect slot for CKM_ML_KEM*. - Adjusted for changed naming scheme of tarballs for this release by upstream ==== multipath-tools ==== Version update (0.13.0+229+suse.dbac936f -> 0.14.0+207+suse.18c17be5) Subpackages: kpartx libmpath0 - Update to version 0.14.0+207+suse.18c17be5 - New features from upstream 0.14.0: * add support for automatically purging SCSI devices that become disconnected at the storage target (purge_disconnected option). See NEWS.md. - Bug fixes from upstream 0.14.0 (bsc#1257007, see NEWS.md for details): * Make sure multipathd registers keys all paths of a multipath map after mpathpersist registered a key for a map. * Fix `mpathpersist --report-capabilities` output. * Improve error handling when retrying REGISTER AND IGNORE. * Fix command descriptions in the multipathd man page. * Fix ISO C23 compatibility issue causing errors with new compilers. * Fix memory leak caused by not joining the "init unwinder" thread. * Fix memory leaks in kpartx. * Print the warning "setting scsi timeouts is unsupported for protocol" only once per protocol. * Make sure multipath-tools is compiled with the compiler flag `-fno-strict-aliasing`. (gh#opensvc/multipath-tools#130) - Other changes from upstream 0.14.0: * Add wrapper code for libudev to avoid potential issues with calling libudev from a multi-threaded program. * Clean up the code for freeing struct path and struct multipath objects. * Hardware table: add Seagate Exos and Nytro series. * Avoid joining threads twice with liburcu 0.14.0 and newer. * Remove the obsolete "hotplug" mode of kpartx. * CI updates. ==== ncurses ==== Version update (6.6.20260103 -> 6.6.20260117) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20260117 + add "alt_" to special key-prefix check for "djgpp" terminfo + provide a generated list of user-defined special keys (adapted from patch by Jakub Horky) -TD + rename vt100+keypad, etc., to vt100+keypad+sco, etc., to keep historical blocks while providing for renaming of vt220+keypad as vt100+keypad (prompted by patch by Jakub Horky) -TD + use vt100+keypad instead of vt220+keypad (patch by Jakub Horky) + use vt100+keypad in putty+keypad, replacing kpXX extension -TD + remove vt100+fnkeys-sco from putty -TD + fix link_test.c for configuration without extended colors by adjusting ifdefs and improving MKlib_gen.sh by checking for #if statements with only a 0 or 1 parameter. + fixes for "make check" (report by Brian Inglis): + adjust definition of USE_TRACEF + modify ncurses/wcwidth.h + modify makefile to add dependencies needed in shared library + modify makefile to work with libtool + separate ncurses/tty/lib_mvcur.c test-driver from routine checks + add a paragraph to user_caps.5 to mention extended capabilities which are not documented as part of ncurses. + use symbol DEFAULT_TERM_VAR for several cases where getenv("TERM") returns null pointer. + modify test/demo_new_pair.c to fix build with SmartOS (report by Thomas Klausner). - Port patch ncurses-6.6.dif ==== nghttp3 ==== Version update (1.13.1 -> 1.14.0) - Remove the unrecogninzed configure option --with-cunit and the cunit build dependency - Update to 1.14.0: * Fix header name validation on a platform where char is unsigned * nghttp3_http: Use int8_t for the lookup tables consistently * More use of designated initializers * Rework nghttp3_frame union to avoid potential UB * Rewrite nghttp3_get_varint * Port ngtcp2_ksl changes * Add nghttp3_recv_settings2 and deprecate nghttp3_recv_settings * tnode: Remove unused num_children * Refactor with compound literals * stream: Simplify settings entry assignment * Port ngtcp2 changes * Fix ENABLE_CONNECT_PROTOCOL setting handling * datalen must not be zero * Fix missing error handling * Remove unused tx.hstate from nghttp3_stream * Clarify field size limits ==== ngtcp2 ==== Version update (1.18.0 -> 1.19.0) Subpackages: libngtcp2-16 libngtcp2_crypto_gnutls8 - Update to 1.19.0: * ngtcp2_log: Add missing error codes * ngtcp2_str: Remove redundant assignment * Update RTT when the largest packet number is acked * ngtcp2_qlog: Add const qualifier to vec_pkt_type* * bbr: Remove CWND reduction on congestion event * bbr: More backups for spurious losses * Add ngtcp2_vec_drop * Rewrite get_uvarint * Rework ngtcp2_frame union to avoid potential UB * ksl: Rework key storage to avoid struct hack * acktr: Refactor ACK creation function * ngtcp2_ksl: Remove alignment enforcement for keys * Bump urlparse * Refactor with compound literals * Add libngtcp2 to pkg-config Requires.private * Revise libngtcp2 include dir setup * Export CMake target for ngtcp2_crypto_ossl(_static) ==== openSUSE-build-key ==== - import-openSUSE-build-key: implement importing all keys from /usr/lib/rpm/gnupg/keys ==== opus ==== Version update (1.6 -> 1.6.1) - Update to version 1.6.1 * fixes several minor issues that were discovered since the 1.6 release. ==== orc ==== Version update (0.4.41 -> 0.4.42) - Update to version 0.4.42: + Initial 64-bit RISC-V support + Add 64-bit LoongArch support + Implement release and reuse of temporary registers for some targets + x86: Implement EVEX encoding and an opcode validation system + x86: Opcode refactor, improved constant handling and various other fixes + x86: add missing rounding operands for AVX and SSE + x86: Implement 64-bit single move constant load + includes: stop exporting the private compiler and OrcTarget definitions + Use hotdoc instead of gtk-doc to generate the documentation + ORC_DEBUG_FATAL environment variable allows abort on log messages of a certain level + Error message improvements and NEON backend clean-ups + Fix a few valgrind issues + Build: enable tools such as orcc and orc-bugreport by default + Various build fixes - Replace gtk-doc with python3-hotdoc BuildRequires following upstreams port. - Add fdupes BuildRequires and macro, remove duplicate files. - Package doc sub-package as noarch. ==== p11-kit ==== Version update (0.25.10 -> 0.26.1) Subpackages: libp11-kit0 p11-kit-tools - Update to 0.26.1: * trust: Ensure compatibility of CKA_NSS_TRUST and CKA_TRUST - Update to 0.26.0: * pkcs11: Update PKCS11 headers to version 3.2 * trust: Lookup DNs in reverse order (RFC4514 section 2.1) * Update translations ==== pam-config ==== Version update (2.13+git.20251203 -> 2.14+git.20260120) - Add libeconf to BuildRequires - Update to version 2.14+git.20260120: * Release version 2.14 * Explain custom pam-config modules in the man page * Enable the configurable fallback when called * Ensure we call fallback stacks * Ensure each configurable module uses it's own opt_sets * Only free configurable pam modules * Permit module behavior fallback * Replace libinih with libeconf * Ensure we don't duplicate custom configs * Cause custom configs to override built-ins * Dynamicaly load pam modules from configuration * Give pam modules priorities ==== pkcs11-helper ==== Version update (1.30.0 -> 1.31.0) - Fix test provider path - Update to 1.31.0: * reading: fix mutex handling for cond_wait, thanks to Gleb Popov. * mbed: initialize certificate early using mbedtls_x509_crt_init. * util: fix deserialize buffer overflow. thanks to Aarnav Bos. - Enable tests - Add patch Disable-interactive-tests.patch ==== plasma5support6 ==== Version update (6.5.4 -> 6.5.5) Subpackages: libPlasma5Support6 - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== plasma6-activities ==== Version update (6.5.4 -> 6.5.5) Subpackages: libPlasmaActivities7 plasma6-activities-imports - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== plasma6-activities-stats ==== Version update (6.5.4 -> 6.5.5) Subpackages: libPlasmaActivitiesStats1 - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * Properly escape single quotes in strings (kde#512562) ==== plasma6-browser-integration ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== plasma6-desktop ==== Version update (6.5.4 -> 6.5.5) Subpackages: plasma6-desktop-emojier - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * CI: Add documentation build * applets/Kickoff: use Control as base for Badge (kde#514247) * containments/desktop: constrain delegate size by cell size (kde#508684) * [kcms/landingpage] Don't show unauthorized KCMs (kde#511381) * views/Desktop: Set applets property explicitly to list of strings (kde#511729) * containments/desktop: fix back button ==== plasma6-integration ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== plasma6-nm ==== Version update (6.5.4 -> 6.5.5) Subpackages: plasma6-nm-openconnect plasma6-nm-openvpn - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * Use correct URL for QR codes for WPA3 networks (kde#514026) * Escape special characters for QR code (kde#WiFipasswordswithsomespecialcharacterslike`;`cannowbe) ==== plasma6-openSUSE ==== - Update to 6.5.5 ==== plasma6-pa ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== plasma6-print-manager ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * Delay deleting the KCupsRequest in MarkerLevelChecker (kde#514415) ==== plasma6-systemmonitor ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * applicationstable: check quitEnabled for key presses (kde#510464) ==== plasma6-workspace ==== Version update (6.5.4 -> 6.5.5) Subpackages: plasma6-session plasma6-workspace-libs - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * kcms/users: reset dialog state on close button press (kde#514088) * libnotificationmanager: prevent duplicate D-Bus service watcher additions (kde#489910) * Fix PanelConfigView being shown on the wrong screen in multi-monitor setups * applets/kicker: Escape ampersands in jumplist actions * servicerunner: score startswith matches higher than perfect matches * servicerunner: still consider keywords even when they are poor matches (kde#512399) * servicerunner: when a key starts with the search term, bump it (kde#512400) * wallpapers/image: Fix wallpaper previews not honoring aspect ratio for sourceSize (kde#512420) ==== polkit-kde-agent-6 ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== powerdevil6 ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * applets: Fix authorized check for KCMs ==== python-jsonschema ==== Version update (4.25.1 -> 4.26.0) - update to 4.26.0: * [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in [#1400] * [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in [#1405] * Bump astral-sh/setup-uv from 6.5.0 to 6.6.0 by @dependabot[bot] in #1406 * [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in [#1407] * [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in [#1413] * Bump astral-sh/setup-uv from 6.6.0 to 6.6.1 by @dependabot[bot] in #1412 * Bump pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0 by @dependabot[bot] in #1410 * Bump softprops/action-gh-release from 2.3.2 to 2.3.3 by @dependabot[bot] in #1409 * Bump actions/setup-python from 5 to 6 by @dependabot[bot] in [#1411] * validators: avoid urllib.request at import-time by @gudnimg in [#1416] * Bump astral-sh/setup-uv from 6.6.1 to 6.8.0 by @dependabot[bot] in #1417 * Bump softprops/action-gh-release from 2.3.3 to 2.3.4 by @dependabot[bot] in #1418 * [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in [#1415] * Bump softprops/action-gh-release from 2.3.4 to 2.4.1 by @dependabot[bot] in #1419 * Bump github/codeql-action from 3 to 4 by @dependabot[bot] in [#1420] * Bump astral-sh/setup-uv from 6.8.0 to 7.1.0 by @dependabot[bot] in #1421 * [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in [#1424] * Bump astral-sh/setup-uv from 7.1.0 to 7.1.1 by @dependabot[bot] in #1423 * [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in [#1425] * [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in [#1429] * [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in [#1431] * Bump softprops/action-gh-release from 2.4.1 to 2.4.2 by @dependabot[bot] in #1432 * Bump astral-sh/setup-uv from 7.1.1 to 7.1.2 by @dependabot[bot] in #1430 * [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in [#1434] * Bump astral-sh/setup-uv from 7.1.2 to 7.1.4 by @dependabot[bot] in #1435 * Bump actions/checkout from 5 to 6 by @dependabot[bot] in #1436 * [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in [#1437] * Bump softprops/action-gh-release from 2.4.2 to 2.5.0 by @dependabot[bot] in #1438 * [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in [#1439] * Document uuid format by @sim642 in #1440 * [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in [#1441] * Bump astral-sh/setup-uv from 7.1.4 to 7.1.6 by @dependabot[bot] in #1442 * [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in [#1443] ==== python-pyasn1 ==== Version update (0.6.1 -> 0.6.2) - Update to 0.6.2 (fixes CVE-2026-2141, bsc#1256331) * Fixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490). * Added support for Python 3.14. * Added SECURITY.md policy. * Migrated to pyproject.toml packaging. - fix broken changelog entries ==== python-urllib3 ==== Version update (2.6.2 -> 2.6.3) - Update to 2.6.3 * Fixed a high-severity security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (GHSA-38jv-5279-wg99) (bsc#1256331, CVE-2026-21441) * Started treating ``Retry-After`` times greater than 6 hours as 6 hours by default. (#3743) * Fixed ``urllib3.connection.VerifiedHTTPSConnection`` on Emscripten. (#3752) ==== qqc2-breeze-style6 ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== sdbootutil ==== Version update (1+git20260108.be38224 -> 1+git20260115.cd41d07) Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper sdbootutil-tukit - Update to version 1+git20260115.cd41d07: * sdbootutil: ignore devices that aren't listed in /etc/crypttab * Print message about debug log to stderr - Update to version 1+git20260114.371a8b3: * Create the /var/lib/sdbootutil directory during installation * Make fde-tools file optional ==== sddm-kcm6 ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== selinux-policy ==== Version update (20260108 -> 20260120) Subpackages: selinux-policy-targeted - Update to version 20260120: * Allow bluetoothd to access alsa config (bsc#1255866) * Allow snapper_sdbootutil_plugin to set targets file context during 'mv' (bsc#1256419) ==== shadow ==== Version update (4.18.0 -> 4.19.2) Subpackages: libsubid5 login_defs shadow-pw-mgmt - Update to 4.19.2: Regression fixes usermod(8): * Revert an incorrect commit. See #1509 and #1510. - Update to 4.19.1: Regression fixes in chpasswd(8): * Don't reject leading '!' in password hashes or a hash consisting of "*". These were accidentally rejected in 4.19.0. See #1483 and #1486. * Don't reject a passwordless account ("" or "!"). See #1483 (comment) and #1505. - Update to 4.19.0: Breaking changes: * Remove support for escaped newlines in configuration files. It never worked correctly. b0a7ce5 (2025-12-05; "lib/, po/: Remove fgetsx() and fputsx()") * Some user names and group names are too dangerous and are rejected, even with --badname. 25aea74 (2025-12-25; "lib/chkname.c, src/: Strictly disallow really bad names") Future breaking changes: * SHA512 and SHA256 will be supported unconditionally in the next release. The build-time flag '--with-sha-crypt' will be removed. See #1452. Support: * Several years ago, there were talks about deprecating su(1) and login(1), back when this project was maintained as part of Debian. However, nothing was clearly stated, and there were doubts about the status of these programs. Let's clarify them now. * Our implementations of su(1) and login(1) are fully supported, and we don't have any plans to remove them. They are NOT deprecated. See #464. Deprecations: * groupmems(8) The program will be removed in a future release. See #1343. * logoutd(8) The program will be removed in the next release. See #999, and #1344. * DES This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See #1456 * MD5 This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See #1457 * login.defs(5): MD_CRYPT_ENAB This feature had been deprecated for decades. It will be removed in a future release. The command-line equivalents (-m, --md5) of this feature in chpasswd(8) and chgpasswd(8) will also be removed in a future release. See #1455. * login.defs(5): PASS_MAX_LEN This feature is ignored except for DES. Once DES is removed, it makes no sense keeping it. It may be removed in a future release. * Password aging Scientific research shows that periodic password expiration leads to predictable password patterns, and that even in a theoretical scenario where that wouldn't happen the gains in security are mathematically negligible. https://people.scs.carleton.ca/~paulv/papers/expiration-authorcopy.pdf * Modern security standards, such as NIST SP 800-63B-4 in the USA, prohibit periodic password expiration. https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver https://pages.nist.gov/800-63-FAQ/#q-b05 https://www.ncsc.gov.uk/collection/passwords/updating-your-approach#PasswordGuidance:UpdatingYourApproach-Don'tenforceregularpasswordexpiry * To align with these, we're deprecating the ability to periodically expire passwords. The specifics and long-term roadmap are currently being discussed, and we invite feedback from users, particularly from those in regulated environments. See #1432. * This deprecation includes the following programs and features: + expiry(1) + chage(1): - I,--inactive (also the interactive version) - m,--mindays (also the interactive version) - M,--maxdays (also the interactive version) - W,--warndays (also the interactive version) + passwd(1): - k,--keep-tokens - n,--mindays - x,--maxdays - i,--inactive - w,--warndays + useradd(8): - f,--inactive + usermod(8): - f,--inactive + login.defs(5): PASS_MIN_DAYS PASS_MAX_DAYS PASS_WARN_AGE + /etc/default/useradd: INACTIVE + shadow(5): sp_lstchg: Restrict to just the values 0 and empty. sp_min ... changelog too long, skipping 12 lines ... * shadow-login_defs-unused-by-pam.patch ==== spectacle ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== sssd ==== Version update (2.11.1 -> 2.12.0) Subpackages: libsss_certmap0 libsss_idmap0 sssd-krb5-common sssd-ldap - Update to release 2.12.0 * Fixed CVE-2025-11561 by disabling an2ln in the default implicitly created Kerberos configuration snippet, typically in /var/lib/sss/pubconf/krb5.include.d/localauth_plugin. * SSSD now allows using machine credentials from a trusted AD domain or Kerberos realm if no suitable domain-local credentials are available. * SSSD now supports authentication mechanism selection through PAM using a JSON-based protocol. This feature enables passwordless authentication mechanisms in GUI login environments that support the protocol (e.g. GNOME 50). * The generic SSSD LDAP provider (id_provider = ldap) now supports fetching subid ranges, a feature previously supported only by the IPA provider. * The default value of the `session_provider` option was changed to `none` (i.e. disabled) no matter what id_provider is used. - Delete 0002-krb5-disable-Kerberos-localauth-an2ln-plugin-for-AD-.patch (merged) ==== systemd-presets-branding-MicroOS ==== - Re-number role/sub-distro preset to 87 (SUSE default is 95, openSUSE sub is 90, display managers will be 85 - systemd counts down regardless of directory) ==== systemsettings6 ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 * Retranslate QML on QEvent::LanguageChange ==== taglib ==== - Fix writing of Vorbis comment for FLAC in Ogg, add patches: * 0001-Do-not-warn-when-seeing-FLAC-picture-block-in-Ogg-fi.patch * 0002-Set-last-header-flag-in-FLAC-Metadata-block-type-fie.patch * 0003-Avoid-corrupting-an-invalid-FLAC-Ogg-file-without-Vo.patch * 0004-Fix-reading-of-last-page-in-ogg-stream.patch - Remove obsolete library dependency, obsolete with SOVERSION bump. - Remove long obsolete susehelp fragments, drop corresponding taglib.desktop file, remove deprecated update-desktop-file. ==== transactional-update ==== Version update (5.1.0 -> 6.0.6) Subpackages: dracut-transactional-update transactional-update-zypp-config tukit tukit-snapper-plugin tukitd - Version 6.0.6: - t-u: Use pattern to download correct libtukit[0-9]+ for selfupdate - Version 6.0.5 - t-u: FIPS - use package's own command to set up [bsc#1256446] - Version 6.0.4 - t-u: Remove "kdump" command [gh#openSUSE/transactional-update#119] - Select output channel of snapshot deletion message [bsc#1256446] - Version 6.0.3 - Only try logging to journald when socket exists; would lead to messages about missing stream fds otherwise, which happened when running in combustion's chroot environment - Version 6.0.2 Don't print reboot hints as errors to prevent failed openQA test - t-u: Add new "warning" log level - t-u: Adjust log level of reboot hints - Version 6.0.1 Adjustments to avoid logging with error log level to the journal when there is no actual error - tukit: Adjust selinux_restorecon log levels - t-u: Print grub-mkconfig output to stdout - Temporarily disable default soft-reboot again to unblock other projects while systemd 258 (required for correct console switching used during the openQA tests) isn't ready yet. - Version 6.0.0 - Bump major version number to fix self-update due to new .so library version in 5.5.0 - t-u: Fix syntax error introduced in 5.5.1 [boo#1254253] - Fix dbus dependency - Version 5.5.1 - t-u: Fix hanging t-u process when files were changed in /var - t-u: Don't ask for key import during self-update [bsc#1239721] - t-u: Fix stray output of "/etc" - Version 5.5.0 - t-u: The "run" command will return the exit status of the command now and if it is non-zero, the snapshot will be discarded. The --keep option or wrapping the command into a bash script can be used if the command is expected to return with a specific non-zero return code. [bsc#1216504] [gh#openSUSE/transactional-update#134] [gh#openSUSE/transactional-update#135] - t-u / tukit: The --keep option will close the snapshot now also in error case, but not set it as default or remove the in-progress attribute; with this change the snapshot can be used as a base for another snapshot when the changes are verified as good. - C API: rename loglevel to tukit_loglevel (API change) - C API: removed the experimental status - Rework logging to support syslog / journald: - Also log to journald when calling t-u manually - Introduce logging for libtukit: By default it will log syslog / journald. This will finally make it possible to see what happened during manual tukit calls or via the API - Add option to specify desired logging mechanisms ("console", "syslog") via tukit and API - Fixed --discard option on rw systems - Support SELinux outside /var/lib/selinux [jsc#PED-12492] - sync-etc-state: Detect changes in xattrs with null bytes - tukit: Added forgotten short option -k for tukit --keep - t-u: Fix shellcheck hints - README.md: Updated link to Salt executor - Enable soft-reboot by default again - Increase so version number because of the incompatible changes from above ==== util-linux ==== Version update (2.41.2 -> 2.41.3) Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - Fix filelist for systemd flavor. - update to 2.41.3 (bsc#1254666, CVE-2025-14104): * added bash-completion for lsfd, blkpr * added missing mount options for bash-completion * libfdisk: fix off-by-one in maximum last sector calculation within MS-DOS-style partition tables * login-utils: fix setpwnam() buffer use [CVE-2025-14104] * losetup: sort 'O' correctly for the mutual-exclusive check to work * lscpu: use maximum CPU speed from DMI, avoid duplicate version string * lscpu: add a few missing ARM CPU identifiers * lsfd: fix memory leak related to stat_error_class * umount: consider helper return status for success message * wdctl: remove -d option leftover * misc: fix memory leak in setpwnam() ==== util-linux-systemd ==== Version update (2.41.2 -> 2.41.3) Subpackages: lastlog2 liblastlog2-2 - Fix filelist for systemd flavor. - update to 2.41.3 (bsc#1254666, CVE-2025-14104): * added bash-completion for lsfd, blkpr * added missing mount options for bash-completion * libfdisk: fix off-by-one in maximum last sector calculation within MS-DOS-style partition tables * login-utils: fix setpwnam() buffer use [CVE-2025-14104] * losetup: sort 'O' correctly for the mutual-exclusive check to work * lscpu: use maximum CPU speed from DMI, avoid duplicate version string * lscpu: add a few missing ARM CPU identifiers * lsfd: fix memory leak related to stat_error_class * umount: consider helper return status for success message * wdctl: remove -d option leftover * misc: fix memory leak in setpwnam() ==== xdg-desktop-portal-kde6 ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.5.5 - Changes since 6.5.4: * Update version for new release 6.5.5 ==== xdm ==== Subpackages: displaymanager-sysconfig - fix installation of authfiles directory for Immutable mode (jsc#PED-14915) ==== xkeyboard-config ==== - move 'compiled' symlink to tmpfiles (boo#1256912) - fix installation of directory for compiled layouts for Immutable mode (jsc#PED-14831) ==== xorg-x11-server ==== Subpackages: xorg-x11-server-Xvfb - fix installation of directory for compiled keyboard layouts for Immutable mode (jsc#PED-14914) ==== xwayland ==== Version update (24.1.8 -> 24.1.9) - Update to version 24.1.9 * This release contains the fixes for the issues reported in security advisory: https://lists.x.org/archives/xorg-announce/2025-October/003635.html + CVE-2025-62229 + CVE-2025-62230 + CVE-2025-62231 * Additionally, it contains a number of additional fixes: - supersedes the following patches * bsc1251958_CVE-2025-62229_0001-present-Fix-use-after-free-in-present_create_notifie.patch * bsc1251959_CVE-2025-62230_0001-xkb-Make-the-RT_XKBCLIENT-resource-private.patch * bsc1251959_CVE-2025-62230_0002-xkb-Free-the-XKB-resource-when-freeing-XkbInterest.patch * bsc1251960_CVE-2025-62231_0001-xkb-Prevent-overflow-in-XkbSetCompatMap.patch * U_glamor_Fix_dual_blend_on_GLES3.patch * U_randr_Do_not_leak_provider_property.patch * U_xwayland_Dispatch_tablet_tool_tip_events.patch - adjusted U_xwayland_Dont_run_key_behaviors_and_actions.patch ==== yast2 ==== Version update (5.0.18 -> 5.0.19) - Drop libyui dependency in SLES (related to bsc#1254978) - 5.0.19