Packages changed:
 MozillaFirefox (140.0.2 -> 141.0)
 avahi
 avahi-glib2
 gdm
 ghostscript-fonts
 gstreamer (1.26.3 -> 1.26.4)
 gstreamer-plugins-bad (1.26.3 -> 1.26.4)
 gstreamer-plugins-base (1.26.3 -> 1.26.4)
 gstreamer-plugins-good (1.26.3 -> 1.26.4)
 gstreamer-plugins-libav (1.26.3 -> 1.26.4)
 gstreamer-plugins-ugly (1.26.3 -> 1.26.4)
 inkscape
 kernel-source (6.15.7 -> 6.15.8)
 libostree (2025.3 -> 2025.4)
 mozilla-nss (3.112 -> 3.113)
 mozjs128 (128.12.0 -> 128.13.0)
 openSUSE-release (20250725 -> 20250727)
 patterns-base
 patterns-gnome
 pixman
 poppler
 poppler-qt6
 python-Babel
 python-kiwi (10.2.28 -> 10.2.29)
 sdl2-compat
 sysuser-tools
 virtualbox (7.1.10 -> 7.1.12a)
 virtualbox-kmp (7.1.10_k6.15.7_1 -> 7.1.12a_k6.15.8_1)

=== Details ===

==== MozillaFirefox ====
Version update (140.0.2 -> 141.0)
Subpackages: MozillaFirefox-branding-upstream MozillaFirefox-translations-common

- Mozilla Firefox 141.0
 * https://www.mozilla.org/en-US/firefox/141.0/releasenotes/
 MFSA 2025-56 (bsc#1246664)
 * CVE-2025-8027 (bmo#1968423)
   JavaScript engine only wrote partial return value to stack
 * CVE-2025-8028 (bmo#1971581)
   Large branch table could lead to truncated instruction
 * CVE-2025-8041 (bmo#1670725)
   Incorrect URL truncation in Firefox for Android
 * CVE-2025-8042 (bmo#1791322)
   Sandboxed iframe could start downloads
 * CVE-2025-8029 (bmo#1928021)
   javascript: URLs executed on object and embed tags
 * CVE-2025-8036 (bmo#1960834)
   DNS rebinding circumvents CORS
 * CVE-2025-8037 (bmo#1964767)
   Nameless cookies shadow secure cookies
 * CVE-2025-8030 (bmo#1968414)
   Potential user-assisted code execution in “Copy as cURL” command
 * CVE-2025-8043 (bmo#1970209)
   Incorrect URL truncation
 * CVE-2025-8031 (bmo#1971719)
   Incorrect URL stripping in CSP reports
 * CVE-2025-8032 (bmo#1974407)
   XSLT documents could bypass CSP
 * CVE-2025-8038 (bmo#1808979)
   CSP frame-src was not correctly enforced for paths
 * CVE-2025-8039 (bmo#1970997)
   Search terms persisted in URL bar
 * CVE-2025-8033 (bmo#1973990)
   Incorrect JavaScript state machine for generators
 * CVE-2025-8044 (bmo#1933572, bmo#1971116)
   Memory safety bugs fixed in Firefox 141 and Thunderbird 141
 * CVE-2025-8034 (bmo#1970422, bmo#1970422, bmo#1970422, bmo#1970422)
   Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR
   128.13, Thunderbird ESR 128.13, Firefox ESR 140.1,
   Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
 * CVE-2025-8040 (bmo#1975058, bmo#1975058, bmo#1975998, bmo#1975998)
   Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird
   ESR 140.1, Firefox 141 and Thunderbird 141
 * CVE-2025-8035 (bmo#1975961, bmo#1975961, bmo#1975961)
   Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird
   ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox
   141 and Thunderbird 141
- requires NSS 3.113

==== avahi ====
Subpackages: avahi-lang libavahi-client3 libavahi-client3-32bit libavahi-common3 libavahi-common3-32bit libavahi-core7

- Add patch submitted to upstream at
 to enable building with Qt6 and add that flavor:
 0001-Enable-building-with-Qt6.patch
- Disable building the Qt5 flavor in SLE16.

==== avahi-glib2 ====
Subpackages: libavahi-glib1 libavahi-gobject0 libavahi-ui-gtk3-0

- Add patch submitted to upstream at
 to enable building with Qt6 and add that flavor:
 0001-Enable-building-with-Qt6.patch
- Disable building the Qt5 flavor in SLE16.

==== gdm ====
Subpackages: gdm-lang gdm-schema gdm-xdm-integration gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0

- gdm-fingerprint.pamd: Fix inclusion of common-account instead
 of postlogin-account

==== ghostscript-fonts ====

- Remove the -converted subpackage that uses ttf-converter.
 Anyone using these fonts should actually use the
 urw-base35-fonts package.

==== gstreamer ====
Version update (1.26.3 -> 1.26.4)
Subpackages: gstreamer-lang gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0

- Update to version 1.26.4:
 + Highlighted bugfixes in 1.26.4:
 - adaptivedemux2: Fixed reverse playback
 - d3d12screencapture: Add support for monitor add/remove in
   device provider
 - rtmp2src: various fixes to make it play back AWS medialive
   streams
 - rtph265pay: add profile-id, tier-flag, and level-id to output
   rtp caps
 - vp9parse: Fix handling of spatial SVC decoding
 - vtenc: Fix negotiation failure with profile=main-422-10
 - gtk4paintablesink: Add YCbCr memory texture formats and other
   improvements
 - livekit: add room-timeout
 - mp4mux: add TAI timestamp muxing support
 - rtpbin2: fix various race conditions, plus other bug fixes
   and performance improvements
 - threadshare: add a ts-rtpdtmfsrc element, implement run-time
   input switching in ts-intersrc
 - webrtcsink: fix deadlock on error setting remote description
   and other fixes.
 - cerbero: WiX installer: fix missing props files in the MSI
   packages
 - smaller macOS/iOS package sizes
 - Various bug fixes, build fixes, memory leak fixes, and other
   stability and reliability improvements
 + gstreamer:
 - tracers: Fix deadlock in latency tracer
 - Fix various valgrind/test errors when GST_DEBUG is enabled
 - More valgrind and test fixes
 - Various ASAN fixes

==== gstreamer-plugins-bad ====
Version update (1.26.3 -> 1.26.4)
Subpackages: gstreamer-plugins-bad-lang libgstadaptivedemux-1_0-0 libgstanalytics-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstinsertbin-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstmse-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0

- Update to version 1.26.4:
 + avtp: crf: Setup socket during state change to ensure we handle
   failure
 + d3d12screencapture: Add support for monitor add/remove in
   device provider
 + mpegtsmux: fix double free caused by shared PMT descriptor
 + openh264: Ensure src_pic is initialized before use
 + rtmp2src: various fixes to make it play back AWS medialive
   streams
 + ssdobjectdetector: Use correct tensor data index for the scores
 + v4l2codecs: h265dec: Fix zero-copy of cropped window located at
   position 0,0
 + vp9parse: Fix handling of spatial SVC decoding
 + vp9parse: Revert "Always default to super-frame"
 + vtenc: Fix negotiation failure with profile=main-422-10
 + vulkan: Fix drawing too many triangles in fullscreenquad
 + vulkanfullscreenquad: add locks for synchronisation
 + Fix various valgrind/test errors when GST_DEBUG is enabled
 + More valgrind and test fixes
 + Various ASAN fixes

==== gstreamer-plugins-base ====
Version update (1.26.3 -> 1.26.4)
Subpackages: gstreamer-plugins-base-lang libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0

- Update to version 1.26.4:
 + Revert "streamsynchronizer: Consider streams having received
   stream-start as waiting"
 + alsa: free conf cache under valgrind
 + gst-device-monitor: Fix caps filter splitting
 + Fix various valgrind/test errors when GST_DEBUG is enabled
 + More valgrind and test fixes
 + Various ASAN fixes

==== gstreamer-plugins-good ====
Version update (1.26.3 -> 1.26.4)
Subpackages: gstreamer-plugins-good-gtk gstreamer-plugins-good-lang

- Remove BuildRequires: libQt5PlatformHeaders-devel which isn't
 needed anymore
- Update to version 1.26.4:
 + adaptivedemux2: Fixed reverse playback
 + matroskademux: Send tags after seeking
 + qtdemux: Fix incorrect FourCC used when iterating over sbgp
   atoms
 + qtdemux: Incorrect sibling type used in sbgp iteration loop
 + rtph265pay: add profile-id, tier-flag, and level-id to output
   rtp caps
 + rtpjpeg: fix copying of quant data if it spans memory segments
 + soup: Disable range requests when talking to Python's
   http.server
 + v4l2videodec: need replace acquired_caps on set_format success
 + Fix various valgrind/test errors when GST_DEBUG is enabled
 + More valgrind and test fixes
 + Various ASAN fixes

==== gstreamer-plugins-libav ====
Version update (1.26.3 -> 1.26.4)

- Update to version 1.26.4:
 + Various ASAN fixes

==== gstreamer-plugins-ugly ====
Version update (1.26.3 -> 1.26.4)
Subpackages: gstreamer-plugins-ugly-lang

- Update to version 1.26.4:
 + No changes, stable bump only.

==== inkscape ====
Subpackages: inkscape-extensions-extra inkscape-extensions-gimp inkscape-lang

- Extension manager needs Python module 'appdirs', add dependency
 for python313-appdirs to inkscape-extensions-extra

==== kernel-source ====
Version update (6.15.7 -> 6.15.8)

- Linux 6.15.8 (bsc#1012628).
- KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop
 poll hypercalls (bsc#1012628).
- smb: client: let smbd_post_send_iter() respect the peers
 max_send_size and transmit all data (bsc#1012628).
- drm/xe: Move page fault init after topology init (bsc#1012628).
- drm/xe/mocs: Initialize MOCS index early (bsc#1012628).
- sched/ext: Prevent update_locked_rq() calls with NULL rq
 (bsc#1012628).
- sched,freezer: Remove unnecessary warning in __thaw_task
 (bsc#1012628).
- cifs: Fix reading into an ITER_FOLIOQ from the smbdirect code
 (bsc#1012628).
- cifs: Fix the smbd_response slab to allow usercopy
 (bsc#1012628).
- smb: client: make use of common smbdirect_socket_parameters
 (bsc#1012628).
- smb: smbdirect: introduce smbdirect_socket_parameters
 (bsc#1012628).
- smb: client: make use of common smbdirect_socket (bsc#1012628).
- smb: smbdirect: add smbdirect_socket.h (bsc#1012628).
- smb: smbdirect: add smbdirect.h with public structures
 (bsc#1012628).
- smb: client: make use of common smbdirect_pdu.h (bsc#1012628).
- smb: smbdirect: add smbdirect_pdu.h with protocol definitions
 (bsc#1012628).
- rust: use `#[used(compiler)]` to fix build and `modpost`
 with Rust >= 1.89.0 (bsc#1012628).
- net: libwx: fix multicast packets received count (bsc#1012628).
- usb: dwc3: qcom: Don't leave BCR asserted (bsc#1012628).
- usb: hub: Don't try to recover devices lost during warm reset
 (bsc#1012628).
- usb: hub: Fix flushing of delayed work used for post resume
 purposes (bsc#1012628).
- usb: hub: Fix flushing and scheduling of delayed work that
 tunes runtime pm (bsc#1012628).
- usb: hub: fix detection of high tier USB3 devices behind
 suspended hubs (bsc#1012628).
- sched: Change nr_uninterruptible type to unsigned long
 (bsc#1012628).
- efivarfs: Fix memory leak of efivarfs_fs_info in fs_context
 error paths (bsc#1012628).
- libbpf: Fix handling of BPF arena relocations (bsc#1012628).
- drm/mediatek: only announce AFBC if really supported
 (bsc#1012628).
- drm/mediatek: Add wait_event_timeout when disabling plane
 (bsc#1012628).
- Revert "cgroup_freezer: cgroup_freezing: Check if not frozen"
 (bsc#1012628).
- rxrpc: Fix to use conn aborts for conn-wide failures
 (bsc#1012628).
- rxrpc: Fix transmission of an abort in response to an abort
 (bsc#1012628).
- rxrpc: Fix notification vs call-release vs recvmsg
 (bsc#1012628).
- rxrpc: Fix recv-recv race of completed call (bsc#1012628).
- rxrpc: Fix irq-disabled in local_bh_enable() (bsc#1012628).
- net/sched: Return NULL when htb_lookup_leaf encounters an
 empty rbtree (bsc#1012628).
- net: bridge: Do not offload IGMP/MLD messages (bsc#1012628).
- net: vlan: fix VLAN 0 refcount imbalance of toggling filtering
 during runtime (bsc#1012628).
- tls: always refresh the queue when reading sock (bsc#1012628).
- virtio-net: fix recursived rtnl_lock() during probe()
 (bsc#1012628).
- hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open
 to prevent IPv6 addrconf (bsc#1012628).
- Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU
 (bsc#1012628).
- drm/xe/pf: Resend PF provisioning after GT reset (bsc#1012628).
- drm/xe/pf: Prepare to stop SR-IOV support prior GT reset
 (bsc#1012628).
- drm/xe: Dont skip TLB invalidations on VF (bsc#1012628).
- netfilter: nf_conntrack: fix crash due to removal of
 uninitialised entry (bsc#1012628).
- net: fix segmentation after TCP/UDP fraglist GRO (bsc#1012628).
- ipv6: mcast: Delay put pmc->idev in mld_del_delrec()
 (bsc#1012628).
- net: airoha: fix potential use-after-free in airoha_npu_get()
 (bsc#1012628).
- net/mlx5: Correctly set gso_size when LRO is used (bsc#1012628).
- Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855
 GF variant without board ID (bsc#1012628).
- Bluetooth: hci_dev: replace 'quirks' integer by 'quirk_flags'
 bitmap (bsc#1012628).
- Bluetooth: hci_core: add missing braces when using macro
 parameters (bsc#1012628).
- Bluetooth: hci_core: fix typos in macros (bsc#1012628).
- Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout
 (bsc#1012628).
- Bluetooth: SMP: If an unallowed command is received consider
 it a failure (bsc#1012628).
- Bluetooth: hci_sync: fix connectable extended advertising when
 using static random address (bsc#1012628).
- Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()
 (bsc#1012628).
- riscv: traps_misaligned: properly sign extend value in
 misaligned load handler (bsc#1012628).
- riscv: Enable interrupt during exception handling (bsc#1012628).
   ... changelog too long, skipping 223 lines ...
- commit e03d052

==== libostree ====
Version update (2025.3 -> 2025.4)
Subpackages: libostree-1-1

- Update to version 2025.4:
 + ostree-prepare-root: remove duplicate transient directory
 + Add root.transient-ro

==== mozilla-nss ====
Version update (3.112 -> 3.113)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-tools

- update to NSS 3.113
 * bmo#1963792 - Fix alias for mac workers on try.
 * bmo#198090 - Part 1: Use AES in the SDR (NSS) r=simonf,nss-reviewers,rrelyea
 * bmo#1968764 - Bump nssckbi version to 2.78.
 * bmo#1967548 - Turn off Websites Trust Bit for Chunghwa Telecom ePKI Root in FF 141.
 * bmo#1965556 - fix frame pointers in intel-gcm.s.
 * bmo#1971510 - Typo in release notes for NSS 101.4.
 * bmo#1968665 - Improve nss-release-helper.py.
 * bmo#1930800 - shlibsign is broken in System FIPS mode.
 * bmo#1954612 - Need up update NSS for PKCS 3.1: Move IPSEC to 3.1
 * bmo#1965327 - PKCS #11 v3.2 header files.

==== mozjs128 ====
Version update (128.12.0 -> 128.13.0)

- Update to version 128.13.0:
 + CVE-2025-8027: JavaScript engine only wrote partial return
   value to stack
 + CVE-2025-8028: Large branch table could lead to truncated
   instruction
 + CVE-2025-8029: javascript: URLs executed on object and embed
   tags
 + CVE-2025-8030: Potential user-assisted code execution in “Copy
   as cURL” command
 + CVE-2025-8031: Incorrect URL stripping in CSP reports
 + CVE-2025-8032: XSLT documents could bypass CSP
 + CVE-2025-8033: Incorrect JavaScript state machine for
   generators
 + CVE-2025-8034: Memory safety bugs fixed in Firefox ESR 115.26,
   Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1,
   Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
 + CVE-2025-8035: Memory safety bugs fixed in Firefox ESR 128.13,
   Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR
   140.1, Firefox 141 and Thunderbird 141

==== openSUSE-release ====
Version update (20250725 -> 20250727)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd

- automatically generated by openSUSE-release-tools/pkglistgen

==== patterns-base ====
Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-x11 patterns-base-x11_enhanced

- Drop xsetmode and xsetpointer from x11_raspberrypi (boo#1246921)

==== patterns-gnome ====
Subpackages: patterns-gnome-gnome patterns-gnome-gnome_basic patterns-gnome-gnome_basis patterns-gnome-gnome_games patterns-gnome-gnome_imaging patterns-gnome-gnome_internet patterns-gnome-gnome_multimedia patterns-gnome-gnome_office patterns-gnome-gnome_utilities patterns-gnome-gnome_x11 patterns-gnome-gnome_yast patterns-gnome-sw_management_gnome

- Explicitly recommends Google Noto Arabic fonts in GNOME
 (bsc#1246323).

==== pixman ====

- Disable LTO on riscv64 due to gcc bug 110812

==== poppler ====
Subpackages: libpoppler-cpp2 libpoppler-glib8 libpoppler151 poppler-tools

- Do not build the qt5 flavor in SLE16.

==== poppler-qt6 ====

- Do not build the qt5 flavor in SLE16.

==== python-Babel ====

- Add reproducible.patch to normalize date in .po (boo#1047218)

==== python-kiwi ====
Version update (10.2.28 -> 10.2.29)

- Bump version: 10.2.28 → 10.2.29
- Fix return from repart stage
 If we return from the repart stage it's important to wait
 for the root device to appear. This is because the device
 setup from udev might still be held back due to a former
 lock on the device. This means if we return fast after
 locking for example when check_repart_possible() quickly
 finds out that it's not possible, then udev has not yet
 got the time to create the device nodes.
 This Fixes #2863

==== sdl2-compat ====

- Change license to Zlib

==== sysuser-tools ====

- disable the buildroot virus scanning, as it needs the vscan user
 this package provides. (bsc#1246878)

==== virtualbox ====
Version update (7.1.10 -> 7.1.12a)

- Update to release 7.1.12
 * VMM: Fixed issue when running a nested VM caused Guru
   Meditation for outer VM
 * NAT: Fixed issue when VMs with long names were unable to start
 * Linux host: Fixed possible kernel panic when using bridged
   networking with a network interface handled by the ixgbe
   driver on newer kernels
 * Recording: Fixed issue when Windows Guest Machine was unable
   to start when recording was enabled in Display Settings
 * Support for Linux 6.16
 * Linux Guest Additions (LGA): Fixed issue when 'rcvboxadd
   status-kernel' was reporting incorrect status when guest was
   running kernel 3.10 series and older
 * LGA: Fixed issue when VBoxClient was unable to start if guest
   was running kernel 2.6 series and older
 * LGA: Fixed issue which caused a warning in system log due to
   incorrect udev rule
- Delete kernel-6.16-READ-WRITE.patch, kernel-6.16-from_timer.patch,
 kernel-6.16-page-index.patch

==== virtualbox-kmp ====
Version update (7.1.10_k6.15.7_1 -> 7.1.12a_k6.15.8_1)

- Update to release 7.1.12
 * VMM: Fixed issue when running a nested VM caused Guru
   Meditation for outer VM
 * NAT: Fixed issue when VMs with long names were unable to start
 * Linux host: Fixed possible kernel panic when using bridged
   networking with a network interface handled by the ixgbe
   driver on newer kernels
 * Recording: Fixed issue when Windows Guest Machine was unable
   to start when recording was enabled in Display Settings
 * Support for Linux 6.16
 * Linux Guest Additions (LGA): Fixed issue when 'rcvboxadd
   status-kernel' was reporting incorrect status when guest was
   running kernel 3.10 series and older
 * LGA: Fixed issue when VBoxClient was unable to start if guest
   was running kernel 2.6 series and older
 * LGA: Fixed issue which caused a warning in system log due to
   incorrect udev rule
- Delete kernel-6.16-READ-WRITE.patch, kernel-6.16-from_timer.patch,
 kernel-6.16-page-index.patch

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.