Packages changed:
brltty (6.7 -> 6.8)
container-selinux (2.238.0 -> 2.239.0)
djvulibre (3.5.28 -> 3.5.29)
hwinfo (24.0 -> 24.1)
inkscape (1.4.2+1 -> 1.4.2+37)
kirigami-addons6 (1.8.1 -> 1.9.0)
libgexiv2 (0.14.5 -> 0.14.6)
libgphoto2 (2.5.31 -> 2.5.32)
libheif (1.19.8 -> 1.20.1)
libreoffice
libsolv (0.7.33 -> 0.7.34)
libxml2
libzypp (17.37.9 -> 17.37.10)
openSUSE-release (20250707 -> 20250708)
poppler (25.04.0 -> 25.06.0)
poppler-qt6 (25.04.0 -> 25.06.0)
python-pycares (4.6.1 -> 4.9.0)
python-pyzmq (25.1.2 -> 27.0.0)
sendmail
systemd
vulkan-tools
wayland (1.23.1 -> 1.24.0)
yast2 (5.0.13 -> 5.0.14)
yast2-trans (84.87.20250629.a95a3dcc68 -> 84.87.20250707.95a4742e56)
=== Details ===
==== brltty ====
Version update (6.7 -> 6.8)
Subpackages: brltty-driver-at-spi2 brltty-driver-brlapi brltty-driver-speech-dispatcher brltty-driver-xwindow brltty-lang libbrlapi0_8 python3-brlapi system-user-brltty xbrlapi
- Update to version 6.8:
+ Too many changes; please read ChangeLog
- API version is now 0.8.6.
==== container-selinux ====
Version update (2.238.0 -> 2.239.0)
- Update to version 2.239.0:
* Allow containers to use hsa devices for ROCM
==== djvulibre ====
Version update (3.5.28 -> 3.5.29)
- version update to 3.5.29 [bsc#1245773] (CVE-2025-53367)
* various bug fixes
* additional tests for corrupted files
* fixes for clang warnings
- deleted patches
- djvulibre-CVE-2021-32490.patch (upstreamed)
- djvulibre-CVE-2021-32491.patch (upstreamed)
- djvulibre-CVE-2021-32492.patch (upstreamed)
- djvulibre-CVE-2021-32493.patch (upstreamed)
- djvulibre-CVE-2021-46310.patch (upstreamed)
- fixes CVE-2021-32490 [bsc#1185895]
CVE-2021-32491 [bsc#1185900]
CVE-2021-32492 [bsc#1185904]
CVE-2021-32493 [bsc#1185905]
CVE-2021-46310 [bsc#1214670]
==== hwinfo ====
Version update (24.0 -> 24.1)
Subpackages: libhd24
- merge gh#openSUSE/hwinfo#167
- fix usb network card detection (bsc#1245950)
- 24.1
==== inkscape ====
Version update (1.4.2+1 -> 1.4.2+37)
Subpackages: inkscape-extensions-extra inkscape-extensions-gimp inkscape-lang
- Update to version 1.4.2+37:
* Update macOS job for new runner infrastructure
* Fix includes in PDF input extensions
* Fix build against Poppler 25.06
* String fixes for Inkscape 1.4.3 (please keep until after the 1.4.2 release)
* Add policy checking for UI toolbars for focus
* Update macOS build pipeline to 0.81
* Rectangles are allows for Text on Path
* Add special paste section in context menu
* Reduce number of clipping paths created during PDF import
* Use Undo::maybeDone for swatch color slider
* Update the select toolbar when the bbox preference changes
* Fix crash when pattern transform is singular
* Page swapping shouldn't modify the size of the page through viewPort
* Enhance PDF Import: Remember font rendering settings
* Fix to pdf font preferences
* Fix crash when deleting a page with clones on it
* Allow multiline strings to expand in extension dialog
* Recursively unlock when dealign with item under cursor
* Fix issues with shape-inside having invalid references
* Avoid unchecked optional access in render_preview
* Make Action Section names translatable. Fix #5501
* Fix: Show Handles command not working on the mesh tool
* Fix crash on editing SVGs with text nodes
* Add color support for geometric pattern 'Abstract 1'
* Limit SVG preference to SVG opening extension only
* Fix Welcome Screen Keyboard Selector
* Hide LPETool in the default preference
* Fix control handle rendering with flipped canvas
* Lpe Simplify button converted to checkbox
* Hide Splash on Wayland when moving to Welcome
* Fix filter dialog crashing on Ctrl+Space
* Check for null text before setting to ustring.
* Snap package: Fix file permissions
* Fix a crash when converting a <textPath> to <text> in an SVG 2 spec example.
* Don't turn an invalid SPItem bounding box into a valid one if there is a filter.
* Update windows installed library list
==== kirigami-addons6 ====
Version update (1.8.1 -> 1.9.0)
Subpackages: kirigami-addons6-lang libKirigamiAddonsStatefulApp6
- Update to 1.9.0
https://carlschwan.eu/2025/07/06/kirigami-addons-1.9.0/
* Finished the addition of the file and folder form delegate
* Minor fixes and improvements
==== libgexiv2 ====
Version update (0.14.5 -> 0.14.6)
- Update to version 0.14.6:
+ Fix get_tag_multiple for tags that have LangAlt and contain ","
+ Fix a memory leak when calling open_* multiple times on the
same Metadata object
==== libgphoto2 ====
Version update (2.5.31 -> 2.5.32)
Subpackages: libgphoto2-6 libgphoto2-6-lang libgphoto2_port12
- libgphoto2 2.5.32 release
quicktake1x0:
* New Apple Quicktake (serial camera) driver
pentax:
* Added Pentax K1II, K3III
* sync with pktriggercord fixes
ptp2:
* Big code and (canon eos) debug outout cleanups by Axel W
* --summary output format changed to be more condensed
* Canon EOS: imageformat output changed
* Canon: added disablemodedial
* Canon: keepdeviceon send less often to speed up
* Sony: Now officially documented by Sony. Changes imported from the documentation.
* Sony: support newer sony property format
* Sony: added capturemode, focalposition, magnifysetting, spotfocusarea,
* Sony: fixed crash in movie option
* Panasonic: bugfixes
* Fuji: configurations added, af drive manual, availableshots, graineffect, rawcompression
* Fuji: bugfixes
* Nikon: support 32bit properties
* Added ids:
- Canon EOS R100, R3, R8, R50, G7 X Mark 3,
- Sony Alpha A6100, ZV-E10, A6700, NEX-5N, SLT A99V, ILCE-9M3, ILX-LR1
- Nikon Zf, Z6 III
- Olympus OM-1Mark2
- Fuji X-H2S, X100V1, GFX100 II
- Ricoh GR III
- Leica Q3, M11 Monochrome
ports/usb:
* added more Android support (passing in filedescriptor)
ports/serial:
* some fixes, needed for quicktake
all:
* IOLIBS and CAMLIBS now runtime configurable
* Builds use silent rules by default now
* Meson buildsupport, parallel to automake
* print-camera-list can now print camera list in JSON format
* added new functions: gp_setting_set_get_func, gp_setting_set_set_func
for user defined settings setters
* added new port functions: gp_port_usb_set_sys_device,
gp_port_usb_get_sys_device used for Android
translations:
* added georgian, friulian, polish, romanian, ukrainian, chinese, brazilian
- remove libgphoto2-c99.patch: upstream
==== libheif ====
Version update (1.19.8 -> 1.20.1)
Subpackages: gdk-pixbuf-loader-libheif libheif-aom libheif-dav1d libheif-ffmpeg libheif-jpeg libheif-openjpeg libheif-rav1e libheif-svtenc libheif1
- update to 1.20.1:
- Fixes a bug in decoder plugin loading.
- Changes from 1.20.0:
- Sequences:
- API for reading and writing image sequences. You can read and
write sequences for all codecs (not just H.265 / AV1, but
also JPEG-2000, ISO-23001-17 uncompressed, ...). Currently
only intra-coded sequences are supported.
- API for reading and writing metadata sequences. The metadata
tracks can contain any raw timed data.
- Support for SAI (sample auxiliary information). Timed samples
(from image sequences or metadata) can have auxiliary data
attached. Currently we support TAI timestamps and GIMI
content description IDs.
- Support for track references.
- The API for sequences is described here:
https://github.com/strukturag/libheif/wiki/Reading-and-Writing-Sequences
- New command line tool heif-view to show HEIF sequences
(requires libSDL).
- Other new features:
- You can specify a security limit for the maximum total memory
libheif may use for decoding. This is easier to handle than
specifying limits on the maximum image size or single memory
allocations.
- Support for TAI timestamps (in images and sequences) has been
promoted from experimental to stable.
- FFMPEG plugin now supports HDR decoding
- Header files are now split into individual headers by topic.
However, it should still be backwards compatible with heif.h
being a catch-all covering the old content. For new
functionality (sequences, TAI), you will need to include the
specific headers.
- All struct names of the API are now also typedefs.
- add build requires for brotli which it looks for since 1.18
- prepare building heif-view
==== libreoffice ====
Subpackages: libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-qt6 libreoffice-writer libreofficekit
- Add fix_build_with_poppler_25.05.patch: Fix build with current
poppler.
==== libsolv ====
Version update (0.7.33 -> 0.7.34)
Subpackages: libsolv-tools-base libsolv1 ruby-solv
- add support for product-obsoletes() provides in the product
autopackage generation code
- bump version to 0.7.34
==== libxml2 ====
Subpackages: libxml2-2 libxml2-tools
- security update
- added patches
CVE-2025-49794 [bsc#1244554], heap use after free (UAF) can lead to Denial of service (DoS)
CVE-2025-49796 [bsc#1244557], type confusion may lead to Denial of service (DoS)
+ libxml2-CVE-2025-49794,49796.patch
CVE-2025-49795 [bsc#1244555], null pointer dereference may lead to Denial of service (DoS)
+ libxml2-CVE-2025-49795.patch
- security update
fix CVE-2025-6170 [bsc#1244700], stack buffer overflow may lead to a crash
fix CVE-2025-6021 [bsc#1244580], Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2
+ libxml2-CVE-2025-6170,6021.patch
==== libzypp ====
Version update (17.37.9 -> 17.37.10)
- BuildRequires: %{libsolv_devel_package} >= 0.7.34 (bsc#1243486)
Newer rpm versions no longer allow a ':' in rpm package names or
obsoletes. So injecting an
Obsoletes: product:oldproductname < oldproductversion
into the -release package to indicate a product rename is no longer
possible.
Since libsolv-0.7.34 you can and should use:
Provides: product-obsoletes(oldproductname) < oldproductversion
in the -release package. libsolv will then inject the appropriate
Obsoletes into the Product.
- version 17.37.10 (35)
==== openSUSE-release ====
Version update (20250707 -> 20250708)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== poppler ====
Version update (25.04.0 -> 25.06.0)
Subpackages: libpoppler-cpp2 libpoppler-glib8 poppler-tools
- version update to 25.06.0 [bsc#1245625] (CVE-2025-52886)
Release 25.06.0:
core:
* Fix writing dates back to file
* Internal code improvements
* Fix crashes in malformed documents
glib:
* Add the ink annotation type
* Add missing autopointers definitions
utils:
* pdfsig: Add assert-signer feature
* pdfsig: Return error code on error
Release 25.05.0:
core:
* Fix re-fetching after xref reconstruction. Issue #1584
* Fix compilation with ENABLE_ZLIB_UNCOMPRESS=ON
* Various annotation improvements. Issues #642, #1558, #1055
* CairoFontEngine: invalidate broken embedded fonts. Issue #1453
* Splash: Performance improvements
* Internal code improvements
glib:
* Small signature improvements
- modified patches
% reduce-boost-required-version.patch (refreshed)
% reduce-libtiff-required-version.patch (refreshed)
==== poppler-qt6 ====
Version update (25.04.0 -> 25.06.0)
- version update to 25.06.0 [bsc#1245625] (CVE-2025-52886)
Release 25.06.0:
core:
* Fix writing dates back to file
* Internal code improvements
* Fix crashes in malformed documents
glib:
* Add the ink annotation type
* Add missing autopointers definitions
utils:
* pdfsig: Add assert-signer feature
* pdfsig: Return error code on error
Release 25.05.0:
core:
* Fix re-fetching after xref reconstruction. Issue #1584
* Fix compilation with ENABLE_ZLIB_UNCOMPRESS=ON
* Various annotation improvements. Issues #642, #1558, #1055
* CairoFontEngine: invalidate broken embedded fonts. Issue #1453
* Splash: Performance improvements
* Internal code improvements
glib:
* Small signature improvements
- modified patches
% reduce-boost-required-version.patch (refreshed)
% reduce-libtiff-required-version.patch (refreshed)
==== python-pycares ====
Version update (4.6.1 -> 4.9.0)
- Update to 4.9.0 (fixes CVE-2025-48945, bsc#1244691)
* Create dependabot configuration by @bdraco in #226
* build(deps): bump pypa/cibuildwheel from 2.22.0 to 2.23.3
by @dependabot in #227
* Pin Python version to 3.13.3 to avoid Windows build error by @saghul in #235
* Fix shutdown race by @bdraco in #236
* Add support for windows arm64 by @finnagin in #233
- Update to 4.8.0
* Cancel previous CI jobs on pull request update by @bdraco in #222
* Update bundled c-ares to v1.34.5 by @bdraco in #221
* Add ARES_FLAG_NO_DFLT_SVR and ARES_FLAG_EDNS to API by @bdraco in #224
- Update to 4.7.0
* Update c-ares to 1.29.0 to add reinit support to Channel by @bdraco in #219
* Add event thread support by @bdraco in #220
==== python-pyzmq ====
Version update (25.1.2 -> 27.0.0)
- Update to 27.0.0
* The Cython backend has been rewritten using Cython 3’s pure Python
mode.
* The build system has been rewritten to use CMake via scikit-build-core
instead of setuptools
* Bundled libzmq is updated to 4.3.5, which changes its license from
LGPL to MPL.
* Many smaller changes, see upstream chngelog
==== sendmail ====
Subpackages: libmilter1_0
- ran /usr/lib/obs/service/source_validators/helpers/fix_changelog
to fixup changes to current standard.
==== systemd ====
Subpackages: libsystemd0 libsystemd0-32bit libudev1 systemd-32bit systemd-boot systemd-container systemd-experimental systemd-lang udev
- Move the workaround which consists in converting /var/lib/machines as a
separate subvolume in cases where it was incorrectly created inside a
snapshot.
Relocating the workaround from the systemd-container sub-package to the main
package ensures it's applied on old systems where it's still needed [1] even
if the systemd-container sub-package is not installed.
This change should allow us to eventually drop the workaround in the future.
[1] The workaround is required on legacy installations (those made more than
eight years ago) where /var was not a separate subvolume.
- triggers.systemd: skip update of hwdb, journal-catalog if executed during
an offline update.
==== vulkan-tools ====
- Add cmake.patch
==== wayland ====
Version update (1.23.1 -> 1.24.0)
Subpackages: libwayland-client0 libwayland-cursor0 libwayland-egl1 libwayland-server0
- Update to release 1.24
* A new wl_fixes interface to add a request to destroy a
wl_registry object.
* A new wl_keyboard.key repeated state, to allow compositors to
take over the responsibility of repeating keys, which is
useful for remote desktop.
* wl_display_dispatch_queue_timeout() and
wl_display_dispatch_timeout(), to set a timeout when
dispatching events.
* wl_shm_buffer_ref() and wl_shm_buffer_unref(), to access
wl_shm_buffer underlying storage after the protocol object
has been destroyed (e.g. when a client is shutting down).
* wl_proxy_get_interface() and wl_resource_get_interface(), to
fetch the wl_interface of an object.
* wl_resource_post_error_vargs(), as an alternative to
wl_resource_post_error() when the compositor already has a
va_list.
==== yast2 ====
Version update (5.0.13 -> 5.0.14)
Subpackages: yast2-logs
- Improved checking TPM2 device. (bsc#1245247)
- 5.0.14
==== yast2-trans ====
Version update (84.87.20250629.a95a3dcc68 -> 84.87.20250707.95a4742e56)
Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu
- Update to version 84.87.20250707.95a4742e56:
* Translated using Weblate (Indonesian)
* Update translation files
* New POT for text domain 'iscsi-client'.
* Translated using Weblate (Ukrainian)
