Packages changed: Mesa (25.1.5 -> 25.1.6) Mesa-drivers (25.1.5 -> 25.1.6) MicroOS-release (20250718 -> 20250722) apparmor busybox busybox-links cockpit cockpit-podman (104 -> 107) curl (8.14.1 -> 8.15.0) fuse fuse3 (3.17.2 -> 3.17.3) gdk-pixbuf grub2 hyper-v kernel-source (6.15.6 -> 6.15.7) libapparmor libbpf (1.5.1 -> 1.6.1) libcddb libopenmpt (0.8.1 -> 0.8.2) libxml2 libxslt libyuv libzypp (17.37.11 -> 17.37.12) ncurses (6.5.20250712 -> 6.5.20250720) open-iscsi pciutils (3.13.0 -> 3.14.0) python-gpg (1.24.3 -> 2.0.0) python-jsonschema (4.24.0 -> 4.24.1) python-typing_extensions (4.14.0 -> 4.14.1) python313 python313-core sdbootutil (1+git20250716.b03c12f -> 1+git20250718.9f557f7) sqlite3 (3.50.2 -> 3.50.3) tbb (2022.1.0 -> 2022.2.0) update-bootloader (1.24 -> 1.25) vulkan-loader (1.4.313 -> 1.4.321) vulkan-tools (1.4.313 -> 1.4.321) xkeyboard-config yast2 (5.0.14 -> 5.0.15) zypper (1.14.92 -> 1.14.93) === Details === ==== Mesa ==== Version update (25.1.5 -> 25.1.6) Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1 - Customise drivers for loongarch64 - Update to release 25.1.6 - -> https://docs.mesa3d.org/relnotes/25.1.6 ==== Mesa-drivers ==== Version update (25.1.5 -> 25.1.6) Subpackages: Mesa-dri Mesa-gallium Mesa-vulkan-device-select libvulkan_lvp - Customise drivers for loongarch64 - Update to release 25.1.6 - -> https://docs.mesa3d.org/relnotes/25.1.6 ==== MicroOS-release ==== Version update (20250718 -> 20250722) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== apparmor ==== - add xkeyboard.diff to allow reading /usr/share/xkeyboard-config-2/ via abstractions/X (boo#1246743) - add kerberosclient-usrmerge.diff to allow reading /usr/etc/krb5.conf (boo#1246689) ==== busybox ==== - add placeholder variable and ignore applet logic to busybox.install - enable halt, poweroff, reboot commands (bsc#1243201) ==== busybox-links ==== Subpackages: busybox-coreutils busybox-diffutils busybox-grep busybox-gzip busybox-hostname busybox-sed busybox-xz - add filtering of ignored applets to busybox.install ==== cockpit ==== Subpackages: cockpit-bridge cockpit-networkmanager cockpit-packagekit cockpit-system cockpit-ws cockpit-ws-selinux - add 0001-cockpit-overview-support-SUSE_SUPPORT_PRODUCT-keys.patch - add 0002-cockpit-kdump-support-SLE-micro-6.2.patch - add 0003-branding-use-SUSE_SUPPORT_PRODUCT-and-SUSE_SUPPORT_P.patch to fix bsc#1241003 - update check_cockpit_users to only check for systemd support in /etc/nsswitch.conf bsc#1246408 - add a requirement on /usr/sbin/kdumptool for cockpit-kdump (bsc#1227402) - add libzypp-plugin-appdata dependency to cockpit-packagekit as this will generate the swcatalog which it depends on for calculating various cockpit packages - Show reboot nofication after updates in packagekit * Add 0009-packagekit-reboot-notification.patch ==== cockpit-podman ==== Version update (104 -> 107) - Update to 107 * Bug fixes * Translation updates ==== curl ==== Version update (8.14.1 -> 8.15.0) Subpackages: libcurl4 - Update to 8.15.0: * Changes: - TLS: remove support for Secure Transport and BearSSL * Bugfixes: - cf-socket: make socket data_pending a nop - configure: order LDAP after the SSL libraries - curl: improve non-blocking STDIN performance - curl_get_line: make sure lines end with newline - curl_path: make SFTP handle a path like /~ properly. - curlinfo: provide the 'digest' feature - digest: fix build with disabled digest auth - docs: note SSLS-EXPORT feature in -ssl-sessions doc - docs: reflect that delimiter-separated capath is only OpenSSL - docs: sync -tls-earlydata support w/ CURLOPT_SSL_OPTIONS - http/3: report handshake with version and cipher as for TCP connections - http2: do not delay RST send on aborted transfer - http_ntlm: protect against null deref - ldap: initial support for --with-ldap option - lib: address singleuse issues - lib: avoid reusing unclean connection - lib: drop two interim macros in favor of native libcurl API calls - lib: stop 'time()' debug overrides at the end of source in altsvc, hsts - lib: unify recv/send function signatures - memdebug.h: #undef 'fclose' before defining it - openssl: enable readahead - openssl: error on SSL_ERROR_SYSCALL - openssl: fix handling of buffered data - openssl: fix openssl engine use - openssl: fix pkcs11 provider available check - quic: implement CURLINFO_TLS_SSL_PTR - schannel: allow partial chains for manual peer verification - SCP/SFTP: avoid busy loop after EAGAIN - socks: fix query when filter context is null - tls: remove Curl_ssl false_start - tool_getparam: fix --ftp-pasv - tool_operate: fix return code when --retry is used but not triggered - top-complexity: lower max allowed complexity threshold to 90 - url: fix NULL deref with bad password when no user is provided - urlapi: use uppercase hex encoding - vtls: change send/recv signatures of tls backends - vtls: prefer ciphersuite to cipher in msgs - vtls: prefer rustls-ffi ciphersuite name API - xfer: manage pause bits * Remove patches upstream: - curl-fix--ftp-pasv.patch - fix-return-code-with-retry.patch ==== fuse ==== - Workaround gettext 0.25 behavioral changes and call autopoint as needed [boo#1246701] ==== fuse3 ==== Version update (3.17.2 -> 3.17.3) Subpackages: libfuse3-4 - Update to release 3.17.3 * Avoid possible double unmount on FUSE_DESTROY ==== gdk-pixbuf ==== Subpackages: gdk-pixbuf-query-loaders libgdk_pixbuf-2_0-0 typelib-1_0-GdkPixbuf-2_0 - Add gdk-pixbuf-fix-decoder-written-bytes-reporting.patch: Fix memory leak caused by wrong written bytes reported by decoder (bsc#1245227). ==== grub2 ==== Subpackages: grub2-common grub2-i386-efi grub2-i386-efi-bls grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi grub2-x86_64-efi-bls - Fix test -f and -s do not work properly over the network files served via tftp and http (bsc#1246157) (bsc#1246237) * 0001-test-Fix-f-test-on-files-over-network.patch * 0002-http-Return-HTTP-status-code-in-http_establish.patch * 0003-docs-Clarify-test-for-files-on-TFTP-and-HTTP.patch * 0004-tftp-Fix-hang-when-file-is-a-directory.patch ==== hyper-v ==== - fcopy: Fix irregularities with size of ring buffer (a4131a50) - fcopy: Fix incorrect file path conversion (0d86a8d6) ==== kernel-source ==== Version update (6.15.6 -> 6.15.7) - fs/proc: Use inode_get_dev() for device numbers in procmap_query (bsc#1246332). - commit 3e63d43 - Linux 6.15.7 (bsc#1012628). - eventpoll: don't decrement ep refcount while still holding the ep mutex (bsc#1012628). - drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (bsc#1012628). - ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode (bsc#1012628). - ASoC: Intel: SND_SOC_INTEL_SOF_BOARD_HELPERS select SND_SOC_ACPI_INTEL_MATCH (bsc#1012628). - ASoC: soc-acpi: add get_function_tplg_files ops (bsc#1012628). - ASoC: Intel: add sof_sdw_get_tplg_files ops (bsc#1012628). - ASoC: Intel: soc-acpi-intel-arl-match: set get_function_tplg_files ops (bsc#1012628). - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (bsc#1012628). - perf/core: Fix the WARN_ON_ONCE is out of lock protected region (bsc#1012628). - EDAC: Initialize EDAC features sysfs attributes (bsc#1012628). - irqchip/irq-msi-lib: Select CONFIG_GENERIC_MSI_IRQ (bsc#1012628). - sched/core: Fix migrate_swap() vs. hotplug (bsc#1012628). - objtool: Add missing endian conversion to read_annotate() (bsc#1012628). - perf: Revert to requiring CAP_SYS_ADMIN for uprobes (bsc#1012628). - ASoC: cs35l56: probe() should fail if the device ID is not recognized (bsc#1012628). - Bluetooth: hci_sync: Fix not disabling advertising instance (bsc#1012628). - Bluetooth: hci_core: Remove check of BDADDR_ANY in hci_conn_hash_lookup_big_state (bsc#1012628). - Bluetooth: hci_sync: Fix attempting to send HCI_Disconnect to BIS handle (bsc#1012628). - Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected (bsc#1012628). - pinctrl: amd: Clear GPIO debounce for suspend (bsc#1012628). - fix proc_sys_compare() handling of in-lookup dentries (bsc#1012628). - sched/deadline: Fix dl_server runtime calculation formula (bsc#1012628). - bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL (bsc#1012628). - arm64: poe: Handle spurious Overlay faults (bsc#1012628). - arm64/mm: Drop wrong writes into TCR2_EL1 (bsc#1012628). - net: phy: qcom: move the WoL function to shared library (bsc#1012628). - net: phy: qcom: qca808x: Fix WoL issue by utilizing at8031_set_wol() (bsc#1012628). - netlink: Fix wraparounds of sk->sk_rmem_alloc (bsc#1012628). - vsock: fix `vsock_proto` declaration (bsc#1012628). - tipc: Fix use-after-free in tipc_conn_close() (bsc#1012628). - tcp: Correct signedness in skb remaining space calculation (bsc#1012628). - vsock: Fix transport_{g2h,h2g} TOCTOU (bsc#1012628). - vsock: Fix transport_* TOCTOU (bsc#1012628). - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` (bsc#1012628). - net: airoha: Fix an error handling path in airoha_probe() (bsc#1012628). - module: Fix memory deallocation on error path in move_module() (bsc#1012628). - net: stmmac: Fix interrupt handling for level-triggered mode in DWC_XGMAC2 (bsc#1012628). - net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap (bsc#1012628). - net: phy: smsc: Force predictable MDI-X state on LAN87xx (bsc#1012628). - net: phy: smsc: Fix link failure in forced mode with Auto-MDIX (bsc#1012628). - atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1012628). - atm: clip: Fix memory leak of struct clip_vcc (bsc#1012628). - atm: clip: Fix infinite recursive call of clip_push() (bsc#1012628). - atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (bsc#1012628). - net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info (bsc#1012628). - net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1012628). - rxrpc: Fix bug due to prealloc collision (bsc#1012628). - crypto: s390/sha - Fix uninitialized variable in SHA-1 and SHA-2 (bsc#1012628). - rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1012628). - ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1012628). - x86/mce/amd: Add default names for MCA banks and blocks (bsc#1012628). - x86/mce/amd: Fix threshold limit reset (bsc#1012628). - x86/mce: Don't remove sysfs if thresholding sysfs init fails (bsc#1012628). - x86/mce: Ensure user polling settings are honored when restarting timer (bsc#1012628). - x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (bsc#1012628). ... changelog too long, skipping 245 lines ... - commit c5fb175 ==== libapparmor ==== - add xkeyboard.diff to allow reading /usr/share/xkeyboard-config-2/ via abstractions/X (boo#1246743) - add kerberosclient-usrmerge.diff to allow reading /usr/etc/krb5.conf (boo#1246689) ==== libbpf ==== Version update (1.5.1 -> 1.6.1) - update to 1.6.0: * add more control over BPF object lifetime with new preparation step (bpf_object__prepare() API) * libbpf will report symbolic error code (e.g., "-EINVAL") in addition to human-readable error description * bpf_prog_stream_read() API * BPF token support when attaching BPF trampoline-based BPF programs in bpf_program__set_attach_target() * BPF token support for BPF_BTF_GET_FD_BY_ID command * support multi-uprobe session (SEC("uprobe.session")) BPF programs * support unique_match option for multi-kprobe attachment * support creating and destroying qdisk with BPF_TC_QDISC flag; * bpf_program__attach_cgroup_opts() which enables more precise cgroup-based attachment ordering * automatically take advantage of memory-mappable kernel BTF (/sys/kernel/btf/vmlinux), if supported * emit_strings option for BTF dumper API, improving string-like data printing * add BPF program's func and line info accessors * BPF linker supports linking ELF object files coming from memory buffer and referenced by FD, in addition to file path-based APIs; * small improvements to BTF dedup to handle rare quirky corner cases produces by some compilers * add likely() and unlikely() convenience macros; * __arg_untrusted annotation for BPF global subprog arguments; * bpf_stream_printk() macro for working with BPF streams; * bpf_usdt_arg_size() API - update to 1.6.0: * fixing a possible crash when handling BPF arena global variable relocations - drop 0001-libbpf-Add-identical-pointer-detection-to-btf_dedup_.patch, which is now included ==== libcddb ==== - Tighten %files, don't glob so much. - Work with newer gettext-runtime. In gettext 0.24.1 the m4 files moved from /usr/share/aclocal/ to /usr/share/gettext/m4 ==== libopenmpt ==== Version update (0.8.1 -> 0.8.2) - Update to 0.8.2: * [Sec] Possible out-of-bounds sample data read in a specific combination of reverse sample playback + offset past sample loop. (r23711). * [Bug] Fixed pre-C++20 undefined behaviour due to left-shifting negative integer values. * Since libopenmpt 0.8.0, swapping between samples on the rear channels could introduce a click on the front channels. * IT: Volume column slides no longer propagate their effect memory to the regular effect column volume slides. * FC: Allow files with a sequence size of 0 to load (fixes a broken copy of cult.smod). ==== libxml2 ==== Subpackages: libxml2-2 libxml2-tools - security update - added patches CVE-2025-7425 [bsc#1246296], Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr + libxml2-CVE-2025-7425.patch ==== libxslt ==== Subpackages: libexslt0 libxslt-tools libxslt1 - security update - added patches CVE-2025-7424 [bsc#1246360], Type confusion in xmlNode.psvi between stylesheet and source nodes + libxslt-CVE-2025-7424.patch ==== libyuv ==== - Add fix-narrowing-conversion-initializer-errors-on-LoongArch64.patch Fix C++11 narrowing conversion errors when initializing __m128i constants with unsigned long long literals on LoongArch64 builds. ==== libzypp ==== Version update (17.37.11 -> 17.37.12) - Allow explicit request to probe an added repo's URL (bsc#1246466) - Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 (fixes #661) - version 17.37.12 (35) ==== ncurses ==== Version update (6.5.20250712 -> 6.5.20250720) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20250720 + further improve readability of header-files + add a consistency-check for termio(s)/tty headers, to help with cross-compiles (report by Stas Sergeev). + remove some unused configure-macros + add xterm+keypad to pccon+base -TD + trim trailing blanks from a few files (report by Stas Sergeev). ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0 - Update to version 2.1.11.suse+73.1723affc61eb: * README for rpm build directory * Fix issue with IPv6 adapter interfaces (#508, bsc#1240969) * fwparam_ppc.c: Fix the calloc-transposed-args issue (#504) * Makefile: fix "No rule to make target 'iscsiuio/Makefile.in" issue (#506) * Fix typo in initiator.c (#507) - Fixed some issues in this changes file * One date had incorrect format from 2014 * Two separator lines were formatted incrrectly ==== pciutils ==== Version update (3.13.0 -> 3.14.0) Subpackages: libpci3 - Update to 3.14.0: * New capabilities are decoded: VirtIO SharedMemory, Physical Layer 16 to 64 GT/s, Flit Mode, Device 3, Intel vendor- specific. * got definitions of new classes and capabilities from PCI Code and ID Assignment rev 1.18 * can be included from C++ programs * Updated pci.ids ==== python-gpg ==== Version update (1.24.3 -> 2.0.0) - Fix build on armv6 as well - use fdupes - fix 32 bit swig failures, adding gpgmepy-2.0.0-swig-32-bit.patch - Python bindings for GnuPG, based on gpgme, providing python*-gpg This is split from upstream gpgme from 2.0.0. - Rewrite building of the package using PEP517 compatible build system. - Do not pull revision info from GIT when autoconf is run. This removes the -unknown suffix after the version number. Fix also the version string in setup.py. [bsc#1244605] * Add python-gpgme-nobetasuffix.patch - Do not error out when copying duplicated files: [bsc#1244605] * Add python-gpgme-COPY_FILES.patch - wip, split upstream from gpgme since 2.0.0 ==== python-jsonschema ==== Version update (4.24.0 -> 4.24.1) - update to 4.24.1: * Unambiguously quote and escape properties in JSON path rendering by @kurtmckee in #1390 * Drop python<3.9 backports by @hackowitz-af in #1367 ==== python-typing_extensions ==== Version update (4.14.0 -> 4.14.1) - update to 4.14.1: * Fix usage of `typing_extensions.TypedDict` nested inside other types (e.g., `typing.Type[typing_extensions.TypedDict]`). This is not allowed by the type system but worked on older versions, so we maintain support. ==== python313 ==== - Fix gil/nogil package description, bsc#1246229 - Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705). - Add bsc1243155-sphinx-non-determinism.patch (bsc#1243155) to generate ids for audit_events using docname (reproducible builds). - Use one core to build doc. This will make sphinx doc build reproducible. bsc#1243155 ==== python313-core ==== Subpackages: libpython3_13-1_0 python313-base - Fix gil/nogil package description, bsc#1246229 - Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705). - Add bsc1243155-sphinx-non-determinism.patch (bsc#1243155) to generate ids for audit_events using docname (reproducible builds). - Use one core to build doc. This will make sphinx doc build reproducible. bsc#1243155 ==== sdbootutil ==== Version update (1+git20250716.b03c12f -> 1+git20250718.9f557f7) Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper sdbootutil-tukit - Update to version 1+git20250718.9f557f7: * MicroOS mounts encrypted /var in initrd ==== sqlite3 ==== Version update (3.50.2 -> 3.50.3) - Update to version 3.50.3: * Fix a possible memory error that can occur if a query is made against against FTS5 index that has been deliberately corrupted in a very specific way. * Fix the parser so that it ignored SQL comments in all places of a CREATE TRIGGER statement. This resolves a problem that was introduced by the introduction of the SQLITE_DBCONFIG_ENABLE_COMMENTS feature in version 3.49.0. * Fix an incorrect answer due to over-optimization of an AND operator. ==== tbb ==== Version update (2022.1.0 -> 2022.2.0) - Drop excessive gcc flags: add cf-prot.patch. - Update to version 2022.2.0: * Improved Hybrid CPU and NUMA Platforms API Support: Enhanced API availability for better compatibility with Hybrid CPU and NUMA platforms. * Refined Environment Setup: Replaced CPATH with C_INCLUDE_PATH and CPLUS_INCLUDE_PATH in environment setup to avoid unintended compiler warnings caused by globally applied include paths. ==== update-bootloader ==== Version update (1.24 -> 1.25) - merge gh#openSUSE/perl-bootloader#191 - avoid spurious warning messages when parsing /etc/default/grub (bsc#1246373, bsc#1245323) - 1.25 ==== vulkan-loader ==== Version update (1.4.313 -> 1.4.321) - Update to tag SDK-1.4.321.0 * Simplify portability enumeration variables. * Only call surface creation functions on supported drivers. * Add vkGetPhysicalDeviceSurfaceSupportKHR test when ICD does not support the surface extension. ==== vulkan-tools ==== Version update (1.4.313 -> 1.4.321) - Update to tag SDK-1.4.321.0 * cube: prefer Wayland over X11 when available ==== xkeyboard-config ==== - make %pretrans lua script more robust to avoid endless loops during package installation (boo#1246768) ==== yast2 ==== Version update (5.0.14 -> 5.0.15) - Do not try installing packages into the inst-sys during installation (bsc#1240867) - 5.0.15 ==== zypper ==== Version update (1.14.92 -> 1.14.93) Subpackages: zypper-needs-restarting - Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466) - Accept "show" as alias for "info" (bsc#1245985) - version 1.14.93