Packages changed: brltty (6.7 -> 6.8) container-selinux (2.238.0 -> 2.239.0) djvulibre (3.5.28 -> 3.5.29) hwinfo (24.0 -> 24.1) inkscape (1.4.2+1 -> 1.4.2+37) kirigami-addons6 (1.8.1 -> 1.9.0) libgexiv2 (0.14.5 -> 0.14.6) libgphoto2 (2.5.31 -> 2.5.32) libheif (1.19.8 -> 1.20.1) libreoffice libsolv (0.7.33 -> 0.7.34) libxml2 libzypp (17.37.9 -> 17.37.10) openSUSE-release (20250707 -> 20250708) poppler (25.04.0 -> 25.06.0) poppler-qt6 (25.04.0 -> 25.06.0) python-pycares (4.6.1 -> 4.9.0) python-pyzmq (25.1.2 -> 27.0.0) sendmail systemd vulkan-tools wayland (1.23.1 -> 1.24.0) yast2 (5.0.13 -> 5.0.14) yast2-trans (84.87.20250629.a95a3dcc68 -> 84.87.20250707.95a4742e56) === Details === ==== brltty ==== Version update (6.7 -> 6.8) Subpackages: brltty-driver-at-spi2 brltty-driver-brlapi brltty-driver-speech-dispatcher brltty-driver-xwindow brltty-lang libbrlapi0_8 python3-brlapi system-user-brltty xbrlapi - Update to version 6.8: + Too many changes; please read ChangeLog - API version is now 0.8.6. ==== container-selinux ==== Version update (2.238.0 -> 2.239.0) - Update to version 2.239.0: * Allow containers to use hsa devices for ROCM ==== djvulibre ==== Version update (3.5.28 -> 3.5.29) - version update to 3.5.29 [bsc#1245773] (CVE-2025-53367) * various bug fixes * additional tests for corrupted files * fixes for clang warnings - deleted patches - djvulibre-CVE-2021-32490.patch (upstreamed) - djvulibre-CVE-2021-32491.patch (upstreamed) - djvulibre-CVE-2021-32492.patch (upstreamed) - djvulibre-CVE-2021-32493.patch (upstreamed) - djvulibre-CVE-2021-46310.patch (upstreamed) - fixes CVE-2021-32490 [bsc#1185895] CVE-2021-32491 [bsc#1185900] CVE-2021-32492 [bsc#1185904] CVE-2021-32493 [bsc#1185905] CVE-2021-46310 [bsc#1214670] ==== hwinfo ==== Version update (24.0 -> 24.1) Subpackages: libhd24 - merge gh#openSUSE/hwinfo#167 - fix usb network card detection (bsc#1245950) - 24.1 ==== inkscape ==== Version update (1.4.2+1 -> 1.4.2+37) Subpackages: inkscape-extensions-extra inkscape-extensions-gimp inkscape-lang - Update to version 1.4.2+37: * Update macOS job for new runner infrastructure * Fix includes in PDF input extensions * Fix build against Poppler 25.06 * String fixes for Inkscape 1.4.3 (please keep until after the 1.4.2 release) * Add policy checking for UI toolbars for focus * Update macOS build pipeline to 0.81 * Rectangles are allows for Text on Path * Add special paste section in context menu * Reduce number of clipping paths created during PDF import * Use Undo::maybeDone for swatch color slider * Update the select toolbar when the bbox preference changes * Fix crash when pattern transform is singular * Page swapping shouldn't modify the size of the page through viewPort * Enhance PDF Import: Remember font rendering settings * Fix to pdf font preferences * Fix crash when deleting a page with clones on it * Allow multiline strings to expand in extension dialog * Recursively unlock when dealign with item under cursor * Fix issues with shape-inside having invalid references * Avoid unchecked optional access in render_preview * Make Action Section names translatable. Fix #5501 * Fix: Show Handles command not working on the mesh tool * Fix crash on editing SVGs with text nodes * Add color support for geometric pattern 'Abstract 1' * Limit SVG preference to SVG opening extension only * Fix Welcome Screen Keyboard Selector * Hide LPETool in the default preference * Fix control handle rendering with flipped canvas * Lpe Simplify button converted to checkbox * Hide Splash on Wayland when moving to Welcome * Fix filter dialog crashing on Ctrl+Space * Check for null text before setting to ustring. * Snap package: Fix file permissions * Fix a crash when converting a to in an SVG 2 spec example. * Don't turn an invalid SPItem bounding box into a valid one if there is a filter. * Update windows installed library list ==== kirigami-addons6 ==== Version update (1.8.1 -> 1.9.0) Subpackages: kirigami-addons6-lang libKirigamiAddonsStatefulApp6 - Update to 1.9.0 https://carlschwan.eu/2025/07/06/kirigami-addons-1.9.0/ * Finished the addition of the file and folder form delegate * Minor fixes and improvements ==== libgexiv2 ==== Version update (0.14.5 -> 0.14.6) - Update to version 0.14.6: + Fix get_tag_multiple for tags that have LangAlt and contain "," + Fix a memory leak when calling open_* multiple times on the same Metadata object ==== libgphoto2 ==== Version update (2.5.31 -> 2.5.32) Subpackages: libgphoto2-6 libgphoto2-6-lang libgphoto2_port12 - libgphoto2 2.5.32 release quicktake1x0: * New Apple Quicktake (serial camera) driver pentax: * Added Pentax K1II, K3III * sync with pktriggercord fixes ptp2: * Big code and (canon eos) debug outout cleanups by Axel W * --summary output format changed to be more condensed * Canon EOS: imageformat output changed * Canon: added disablemodedial * Canon: keepdeviceon send less often to speed up * Sony: Now officially documented by Sony. Changes imported from the documentation. * Sony: support newer sony property format * Sony: added capturemode, focalposition, magnifysetting, spotfocusarea, * Sony: fixed crash in movie option * Panasonic: bugfixes * Fuji: configurations added, af drive manual, availableshots, graineffect, rawcompression * Fuji: bugfixes * Nikon: support 32bit properties * Added ids: - Canon EOS R100, R3, R8, R50, G7 X Mark 3, - Sony Alpha A6100, ZV-E10, A6700, NEX-5N, SLT A99V, ILCE-9M3, ILX-LR1 - Nikon Zf, Z6 III - Olympus OM-1Mark2 - Fuji X-H2S, X100V1, GFX100 II - Ricoh GR III - Leica Q3, M11 Monochrome ports/usb: * added more Android support (passing in filedescriptor) ports/serial: * some fixes, needed for quicktake all: * IOLIBS and CAMLIBS now runtime configurable * Builds use silent rules by default now * Meson buildsupport, parallel to automake * print-camera-list can now print camera list in JSON format * added new functions: gp_setting_set_get_func, gp_setting_set_set_func for user defined settings setters * added new port functions: gp_port_usb_set_sys_device, gp_port_usb_get_sys_device used for Android translations: * added georgian, friulian, polish, romanian, ukrainian, chinese, brazilian - remove libgphoto2-c99.patch: upstream ==== libheif ==== Version update (1.19.8 -> 1.20.1) Subpackages: gdk-pixbuf-loader-libheif libheif-aom libheif-dav1d libheif-ffmpeg libheif-jpeg libheif-openjpeg libheif-rav1e libheif-svtenc libheif1 - update to 1.20.1: - Fixes a bug in decoder plugin loading. - Changes from 1.20.0: - Sequences: - API for reading and writing image sequences. You can read and write sequences for all codecs (not just H.265 / AV1, but also JPEG-2000, ISO-23001-17 uncompressed, ...). Currently only intra-coded sequences are supported. - API for reading and writing metadata sequences. The metadata tracks can contain any raw timed data. - Support for SAI (sample auxiliary information). Timed samples (from image sequences or metadata) can have auxiliary data attached. Currently we support TAI timestamps and GIMI content description IDs. - Support for track references. - The API for sequences is described here: https://github.com/strukturag/libheif/wiki/Reading-and-Writing-Sequences - New command line tool heif-view to show HEIF sequences (requires libSDL). - Other new features: - You can specify a security limit for the maximum total memory libheif may use for decoding. This is easier to handle than specifying limits on the maximum image size or single memory allocations. - Support for TAI timestamps (in images and sequences) has been promoted from experimental to stable. - FFMPEG plugin now supports HDR decoding - Header files are now split into individual headers by topic. However, it should still be backwards compatible with heif.h being a catch-all covering the old content. For new functionality (sequences, TAI), you will need to include the specific headers. - All struct names of the API are now also typedefs. - add build requires for brotli which it looks for since 1.18 - prepare building heif-view ==== libreoffice ==== Subpackages: libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-qt6 libreoffice-writer libreofficekit - Add fix_build_with_poppler_25.05.patch: Fix build with current poppler. ==== libsolv ==== Version update (0.7.33 -> 0.7.34) Subpackages: libsolv-tools-base libsolv1 ruby-solv - add support for product-obsoletes() provides in the product autopackage generation code - bump version to 0.7.34 ==== libxml2 ==== Subpackages: libxml2-2 libxml2-tools - security update - added patches CVE-2025-49794 [bsc#1244554], heap use after free (UAF) can lead to Denial of service (DoS) CVE-2025-49796 [bsc#1244557], type confusion may lead to Denial of service (DoS) + libxml2-CVE-2025-49794,49796.patch CVE-2025-49795 [bsc#1244555], null pointer dereference may lead to Denial of service (DoS) + libxml2-CVE-2025-49795.patch - security update fix CVE-2025-6170 [bsc#1244700], stack buffer overflow may lead to a crash fix CVE-2025-6021 [bsc#1244580], Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 + libxml2-CVE-2025-6170,6021.patch ==== libzypp ==== Version update (17.37.9 -> 17.37.10) - BuildRequires: %{libsolv_devel_package} >= 0.7.34 (bsc#1243486) Newer rpm versions no longer allow a ':' in rpm package names or obsoletes. So injecting an Obsoletes: product:oldproductname < oldproductversion into the -release package to indicate a product rename is no longer possible. Since libsolv-0.7.34 you can and should use: Provides: product-obsoletes(oldproductname) < oldproductversion in the -release package. libsolv will then inject the appropriate Obsoletes into the Product. - version 17.37.10 (35) ==== openSUSE-release ==== Version update (20250707 -> 20250708) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== poppler ==== Version update (25.04.0 -> 25.06.0) Subpackages: libpoppler-cpp2 libpoppler-glib8 poppler-tools - version update to 25.06.0 [bsc#1245625] (CVE-2025-52886) Release 25.06.0: core: * Fix writing dates back to file * Internal code improvements * Fix crashes in malformed documents glib: * Add the ink annotation type * Add missing autopointers definitions utils: * pdfsig: Add assert-signer feature * pdfsig: Return error code on error Release 25.05.0: core: * Fix re-fetching after xref reconstruction. Issue #1584 * Fix compilation with ENABLE_ZLIB_UNCOMPRESS=ON * Various annotation improvements. Issues #642, #1558, #1055 * CairoFontEngine: invalidate broken embedded fonts. Issue #1453 * Splash: Performance improvements * Internal code improvements glib: * Small signature improvements - modified patches % reduce-boost-required-version.patch (refreshed) % reduce-libtiff-required-version.patch (refreshed) ==== poppler-qt6 ==== Version update (25.04.0 -> 25.06.0) - version update to 25.06.0 [bsc#1245625] (CVE-2025-52886) Release 25.06.0: core: * Fix writing dates back to file * Internal code improvements * Fix crashes in malformed documents glib: * Add the ink annotation type * Add missing autopointers definitions utils: * pdfsig: Add assert-signer feature * pdfsig: Return error code on error Release 25.05.0: core: * Fix re-fetching after xref reconstruction. Issue #1584 * Fix compilation with ENABLE_ZLIB_UNCOMPRESS=ON * Various annotation improvements. Issues #642, #1558, #1055 * CairoFontEngine: invalidate broken embedded fonts. Issue #1453 * Splash: Performance improvements * Internal code improvements glib: * Small signature improvements - modified patches % reduce-boost-required-version.patch (refreshed) % reduce-libtiff-required-version.patch (refreshed) ==== python-pycares ==== Version update (4.6.1 -> 4.9.0) - Update to 4.9.0 (fixes CVE-2025-48945, bsc#1244691) * Create dependabot configuration by @bdraco in #226 * build(deps): bump pypa/cibuildwheel from 2.22.0 to 2.23.3 by @dependabot in #227 * Pin Python version to 3.13.3 to avoid Windows build error by @saghul in #235 * Fix shutdown race by @bdraco in #236 * Add support for windows arm64 by @finnagin in #233 - Update to 4.8.0 * Cancel previous CI jobs on pull request update by @bdraco in #222 * Update bundled c-ares to v1.34.5 by @bdraco in #221 * Add ARES_FLAG_NO_DFLT_SVR and ARES_FLAG_EDNS to API by @bdraco in #224 - Update to 4.7.0 * Update c-ares to 1.29.0 to add reinit support to Channel by @bdraco in #219 * Add event thread support by @bdraco in #220 ==== python-pyzmq ==== Version update (25.1.2 -> 27.0.0) - Update to 27.0.0 * The Cython backend has been rewritten using Cython 3’s pure Python mode. * The build system has been rewritten to use CMake via scikit-build-core instead of setuptools * Bundled libzmq is updated to 4.3.5, which changes its license from LGPL to MPL. * Many smaller changes, see upstream chngelog ==== sendmail ==== Subpackages: libmilter1_0 - ran /usr/lib/obs/service/source_validators/helpers/fix_changelog to fixup changes to current standard. ==== systemd ==== Subpackages: libsystemd0 libsystemd0-32bit libudev1 systemd-32bit systemd-boot systemd-container systemd-experimental systemd-lang udev - Move the workaround which consists in converting /var/lib/machines as a separate subvolume in cases where it was incorrectly created inside a snapshot. Relocating the workaround from the systemd-container sub-package to the main package ensures it's applied on old systems where it's still needed [1] even if the systemd-container sub-package is not installed. This change should allow us to eventually drop the workaround in the future. [1] The workaround is required on legacy installations (those made more than eight years ago) where /var was not a separate subvolume. - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. ==== vulkan-tools ==== - Add cmake.patch ==== wayland ==== Version update (1.23.1 -> 1.24.0) Subpackages: libwayland-client0 libwayland-cursor0 libwayland-egl1 libwayland-server0 - Update to release 1.24 * A new wl_fixes interface to add a request to destroy a wl_registry object. * A new wl_keyboard.key repeated state, to allow compositors to take over the responsibility of repeating keys, which is useful for remote desktop. * wl_display_dispatch_queue_timeout() and wl_display_dispatch_timeout(), to set a timeout when dispatching events. * wl_shm_buffer_ref() and wl_shm_buffer_unref(), to access wl_shm_buffer underlying storage after the protocol object has been destroyed (e.g. when a client is shutting down). * wl_proxy_get_interface() and wl_resource_get_interface(), to fetch the wl_interface of an object. * wl_resource_post_error_vargs(), as an alternative to wl_resource_post_error() when the compositor already has a va_list. ==== yast2 ==== Version update (5.0.13 -> 5.0.14) Subpackages: yast2-logs - Improved checking TPM2 device. (bsc#1245247) - 5.0.14 ==== yast2-trans ==== Version update (84.87.20250629.a95a3dcc68 -> 84.87.20250707.95a4742e56) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20250707.95a4742e56: * Translated using Weblate (Indonesian) * Update translation files * New POT for text domain 'iscsi-client'. * Translated using Weblate (Ukrainian)