Packages changed:
MozillaFirefox (141.0.2 -> 142.0.1)
SDL3 (3.2.20 -> 3.2.22)
busybox-links
certmonger (0.79.19 -> 0.79.20)
container-selinux (2.240.0 -> 2.241.0)
icewm (3.7.3 -> 3.9.0)
iso-codes (4.16.0 -> 4.18.0)
libcdr (0.1.7 -> 0.1.8)
libreoffice (25.2.5.2 -> 25.8.1.1)
libvirt (11.6.0 -> 11.7.0)
libvisio (0.1.7 -> 0.1.8)
mozilla-nss (3.113 -> 3.115.1)
openSUSE-release (20250902 -> 20250903)
python-cryptography
qt6-declarative
selinux-policy (20250812 -> 20250902)
wireplumber (0.5.10 -> 0.5.11)
zlib-ng-compat (2.2.4 -> 2.2.5)
=== Details ===
==== MozillaFirefox ====
Version update (141.0.2 -> 142.0.1)
Subpackages: MozillaFirefox-branding-upstream MozillaFirefox-translations-common
- Mozilla Firefox 142.0.1
* Dragging multiple non-adjacent tabs in horizontal tab strip mode
now correctly moves them together as a group. (bmo#1982933)
* Dragging multiple tabs no longer causes toolbar unresponsiveness
or visual glitches. (bmo#1984342)
* Fixed an issue where the text cursor appeared in the wrong
location. (bmo#1984045)
* Fixed a crash related to gamepad use, particularly on macOS
(bmno#1870379)
* Fixed an issue where the expand on hover feature in the sidebar
would sometimes stop working. (bmo#1982129)
* Fixed a crash in KDE Plasma when using certain custom window
decorations. (bmo#1984823)
- Mozilla Firefox 142
https://www.mozilla.org/en-US/firefox/142.0/releasenotes/
MFSA 2025-64 (bsc#1248162)
* CVE-2025-9179 (bmo#1979527)
Sandbox escape due to invalid pointer in the Audio/Video: GMP
component
* CVE-2025-9180 (bmo#1979782)
Same-origin policy bypass in the Graphics: Canvas2D component
* CVE-2025-9181 (bmo#1977130)
Uninitialized memory in the JavaScript Engine component
* CVE-2025-9186 (bmo#1445758)
Spoofing issue in the Address Bar component of Firefox Focus
for Android
* CVE-2025-9182 (bmo#1975837)
Denial-of-service due to out-of-memory in the Graphics:
WebRender component
* CVE-2025-9183 (bmo#1976102)
Spoofing issue in the Address Bar component
* CVE-2025-9187 (bmo#1825621, bmo#1970079, bmo#1976736,
bmo#1979072)
Memory safety bugs fixed in Firefox 142 and Thunderbird 142
* CVE-2025-9184 (bmo#1929482, bmo#1976376, bmo#1979163,
bmo#1979955)
Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird
ESR 140.2, Firefox 142 and Thunderbird 142
* CVE-2025-9185 (bmo#1970154, bmo#1976782, bmo#1977166)
Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR
128.14, Thunderbird ESR 128.14, Firefox ESR 140.2,
Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142
- Refresh mozilla-pgo.patch
- requires NSS 3.114
==== SDL3 ====
Version update (3.2.20 -> 3.2.22)
- Update to release 3.2.22
* A bunch of changes for non-Linux platforms only
==== busybox-links ====
Subpackages: busybox-coreutils busybox-diffutils busybox-ed busybox-gawk busybox-grep busybox-gzip busybox-procps busybox-psmisc busybox-sed busybox-sendmail busybox-which busybox-xz
- Add busybox-ether-wake replacing downstream ether-wake from
net-tools (boo#1249034).
- Provide support for net-tools-dummy-ether-wake (bsc#1242048).
==== certmonger ====
Version update (0.79.19 -> 0.79.20)
- Disable failing tests with NSS 3.115.1: 007-certsave-dbm
and 007-certsave-sql 025-casave-dbm
* patch disable_some_tests.patch
- Update to 0.79.20
* Fix type error in cm_tdbusm_get_vn
* Adjust parameter type for util_EVP_PKEY_id
* Update tests to be compatible with OpenSSL 3.2
* Switch BR from /usr/include/popt.h to popt-devel
* getcert: return 2 when trying to create a duplicate entry
* getcert: add NULL check to duplicate string compare
* Use correct object path for 'ca' property of request objects in D-Bus API
* Move shell_escape function to util.c
* Add more environment variables to be passed on to the notification command
* Translated using Weblate (Chinese (Simplified) (zh_CN))
* Translated using Weblate (Georgian)
* Translated using Weblate (Russian)
- Remove patches merged upstream
* 0001-Update-tests-to-be-compatible-with-OpenSSL-3.2.patch
* certmonger-c99-01.patch
* certmonger-c99-02.patch
- New patch
* add_some_missing_tests.patch
==== container-selinux ====
Version update (2.240.0 -> 2.241.0)
- Update to version 2.241.0:
* Allow domains that trans to container_runtime_t bpf:prog_run
==== icewm ====
Version update (3.7.3 -> 3.9.0)
Subpackages: icewm-config-upstream icewm-default icewm-lang icewm-lite
- Update to version 3.9.0:
* This release has a new dependency: libXcursor. The dependency
on libXpm is no longer required.
* Features:
- If a theme doesn't define a cursor, prefer the system Xcursor
theme.
- Add support for themed cursors to gdk-pixbuf without
requiring libXpm.
- Add support for Xcursor files as an alternative to XPM
cursors.
- Add new -kovered filter to icesh to test if a client is
covered.
* Fixes:
- When lseek on /proc/net/dev fails, avoid it for the future.
- Ensure that _NET_CLIENT_LIST_STACKING is always up-to-date.
- Correct red and blue colors in icesh for loadicon and
saveicon.
- When truncating a title in icesh, respect UTF-8 codepoint
boundaries.
* Changes: When the cursor X/Y-hotspot is absent in a XPM, smart
guess it.
* Updated translations.
- Replace pkgconfig(xpm) with pkgconfig(xcursor) BuildRequires
following upstream changes.
- Rebase patches with quilt.
==== iso-codes ====
Version update (4.16.0 -> 4.18.0)
- Update to version 4.18.0:
+ Replace FSF postal address with their website
+ Rename Chinese translations.
+ Updated translations.
- Changes from version 4.17.0:
+ Add letter 'g' to conversion script for Tatar
+ Regenerate cyrillic Tatar from latin Tatar
+ Update Romanian translation and remove most pre- and suffixes
+ Updated translations.
==== libcdr ====
Version update (0.1.7 -> 0.1.8)
- version update to 0.1.8
* fix build with ICU 75 and ICU 76
* Upgrade m4 macros from autoconf-archive.git v2023.02.20
* Fix crash appear with format CDR 14 and Gradients
==== libreoffice ====
Version update (25.2.5.2 -> 25.8.1.1)
Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-qt6 libreoffice-writer libreofficekit
- Update to 25.8.1.1:
* Release notes:
https://wiki.documentfoundation.org/Releases/25.8.0/RC1
https://wiki.documentfoundation.org/Releases/25.8.0/RC2
https://wiki.documentfoundation.org/Releases/25.8.0/RC3
https://wiki.documentfoundation.org/Releases/25.8.0/RC4
https://wiki.documentfoundation.org/Releases/25.8.1/RC1
- Update bundled libraries:
* pdfium-6764.tar.bz2 -> pdfium-7012.tar.bz2
* skia-m130-3c64459d5df2fa9794b277f0959ed8a92552bf4c.tar.xz -> skia-m136-28685d899b0a35894743e2cedad4c9f525e90e1e.tar.xz
==== libvirt ====
Version update (11.6.0 -> 11.7.0)
Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-qemu libvirt-libs
- Update to libvirt 11.7.0
- Many incremental improvements and bug fixes, see
https://libvirt.org/news.html#v11-7-0-2025-09-01
==== libvisio ====
Version update (0.1.7 -> 0.1.8)
- version update to 0.1.8
* tests: Fix build with libxml 2.12
* Add support for simple solid fill styles
* Add support for TextBackground from SheetStyle (tdf136564)
* Improve Arrowheads appearance (tdf#126402)
* Fix reading FillStyleLst and TextBkgnd from shape (tdf#154379)
* Add support to DrawingUnits types (tdf#154379)
* Visio5: Provide cellType to collector in readTextField
==== mozilla-nss ====
Version update (3.113 -> 3.115.1)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-sysinit mozilla-nss-tools
- update to NSS 3.115.1
* bmo#1982742 - restore support for finding certificates by decoded serial number.
* bmo#1984165 - avoid CKR_BUFFER_TO_SMALL error in trust lookups.
- update to NSS 3.115
* bmo#1970304 - CID 1648399 - Resource leak in shlibsign.c
* bmo#1981034 - CKA_SEED needs to be marked as a private attribute
* bmo#1981518 - Fix bad syntax on Windows in softoken_gtest.cc
* bmo#1974505 - Key private/public/secret keys by key type in softoken keydb
* bmo#1980990 - add PK11_HPKE_GetSharedSecret to abi-check expected report
* bmo#1980429 - remove NetscapeStepUpMatchesServerAuth from mozpkix TrustDomain
* bmo#1927351 - Fixup ABI
* bmo#1927351 - add ECH_SECRET and ECH_CONFIG to SSLKEYLOG for both client and server
* bmo#1900841 - ECH fuzz target
* bmo#1965331 - Implement PKCS #11 v3.2 FIPS indicator and validation objects
* bmo#1978677 - remove expired explicitly distrusted DigiNotar lookalike root
* bmo#1965329 - Implement PKCS #11 v3.2 functions
- update to NSS 3.114
* bmo#1977376 - NSS 3.114 source distribution should include NSPR 4.37
* bmo#1970079 - Prevent leaks during pkcs12 decoding
* bmo#1953731 - Remove redundant assert in p7local.c
* bmo#1974515 - Bump nssckbi version to 2.80
* bmo#1961848 - Remove expired Baltimore CyberTrust Root
* bmo#1972391 - Add TrustAsia Dedicated Roots to NSS
* bmo#1974511 - Add SwissSign 2022 Roots to NSS
* bmo#1836559 - Add backwards compatibility for CK_PKCS5_PBKD2_PARAMS
* bmo#1965328 - Implement PKCS #11 v3.2 trust objects in softoken
* bmo#1965328 - Implement PKCS #11 v3.2 trust objects - nss proper
* bmo#1974331 - remove dead code in ssl3con.c
* bmo#1934867 - DTLS (excl DTLS1.3) Changing Holddown timer logic
* bmo#1974299 - Bump nssckbi version to 2.79
* bmo#1967826 - remove unneccessary assertion
* bmo#1948485 - Update mechanisms for Softoken PCT
* bmo#1974299 - convert Chunghwa Telecom ePKI Root removal to a distrust after
* bmo#1973925 - Ensure ssl_HaveRecvBufLock and friends respect opt.noLocks
* bmo#1973930 - use -O2 for asan build
* bmo#1973187 - Fix leaking locks when toggling SSL_NO_LOCKS
* bmo#1973105 - remove out-of-function semicolon
* bmo#1963009 - Extend pkcs8 fuzz target
* bmo#1963008 - Extend pkcs7 fuzz target
* bmo#1908763 - Remove unused assignment to pageno
* bmo#1908762 - Remove unused assignment to nextChunk
* bmo#1973490 - don't run commands as part of shell `local` declarations
* bmo#1973490 - fix sanitizer setup
* bmo#1973187 - don't silence ssl_gtests output when running with coverage
* bmo#1967411 - Release docs and housekeeping
* bmo#1972768 - migrate to new linux tester pool
- rebase FIPS patches to adjust for upstream FIPS work
==== openSUSE-release ====
Version update (20250902 -> 20250903)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== python-cryptography ====
Subpackages: python311-cryptography python313-cryptography
- Add Make-unsafe-subinterpreter-support-available-via-cfg.patch
to allow ceph-mgr to load modules (boo#1248987)
==== qt6-declarative ====
Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsPlatform6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlMeta6 libQt6QmlModels6 libQt6QmlNetwork6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 libQt6QuickVectorImage6 libQt6QuickWidgets6 qt6-declarative-imports
- Disable LTO on armv6/7 as a workaround - boo#1249054
==== selinux-policy ====
Version update (20250812 -> 20250902)
Subpackages: selinux-policy-targeted
- Update to version 20250902:
* Label /usr/lib/systemd/systemd-ssh-issue with systemd_ssh_issue_exec_t
* Allow stalld map sysfs files
* Allow NetworkManager-dispatcher-winbind get pidfs attributes
* Allow openvpn create and use generic netlink socket
* policy_capabilities: remove estimated from released versions
* policy_capabilities: add stub for userspace_initial_context
* add netlink_xperm policy capability and nlmsg permission definitions
* policy_capabilities: add ioctl_skip_cloexec
* selinux-policy: add allow rule for tuned_ppd_t
* selinux-policy: add allow rule for switcheroo_control_t
* Label /run/audit with auditd_var_run_t
* Allow virtqemud start a vm which uses nbdkit
* Add nbdkit_signal() and nbdkit_signull() interfaces
* Fix insights_client interfaces names
* Add insights_core and insights_client interfaces
* dist/targeted/modules.conf: enable slrnpull module
* Allow bootupd delete symlinks in the /boot directory
* Allow systemd-coredumpd capabilities in the user namespace
* Allow openvswitch read virtqemud process state
- Syncing with upstream rawhide selinux-policy up to:
* 17956d28c011c35560e75a7293ac5924df57a1ee
- Update embedded container-selinux version to commit:
* 5997aa524734886d35e187f52de2546f25c9f500 (version 2.241.0)
==== wireplumber ====
Version update (0.5.10 -> 0.5.11)
Subpackages: libwireplumber-0_5-0 wireplumber-lang
- Update to version 0.5.11:
* Additions & Enhancements:
- Added modem manager module for tracking voice call status and
voice call device profile selection hooks to improve phone
call audio routing on mobile devices (!722, !729, #819)
- Added MPRIS media player pause functionality that
automatically pauses media playback when the audio target
(e.g. headphones) is removed (!699, #764)
- Added support for human-readable names and localization of
settings in wireplumber.conf with wpctl displaying localized
setting descriptions (!712)
- Improved default node selection logic to use both session and
route priorities when nodes have equal session priorities
(!720)
- Increased USB device priority in the ALSA monitor (!719)
* Fixes:
- Fixed multiple Lua runtime issues including type confusion
bugs, stack overflow prevention, and SPA POD array/choice
builders (!723, !728)
- Fixed proxy object lifecycle management by properly clearing
the OWNED_BY_PROXY flag when proxies are destroyed to prevent
dangling pointers (!732)
- Fixed state-routes handling to prevent saving unavailable
routes and eliminate race conditions during profile switching
(!730, #762)
- Fixed some memory leaks in the script tester and the settings
iterator (!727, !726)
- Fixed a potential crash caused by module-loopback destroying
itself when the pipewire connection is closed (#812)
- Fixed profile saving behavior in wpctl set-profile command
(#808)
- Fixed GObject introspection closure annotation
==== zlib-ng-compat ====
Version update (2.2.4 -> 2.2.5)
- Update to 2.2.5:
* RiscV: chunkset_rvv: fix SIGSEGV in CHUNKCOPY #1889
* MSVC: Disable optimizations for AVX512 GET_CHUNK_MAG causing
inflate failure #1884
* Fix building with runtime CPU detection disabled (native)
[#1931]
* Also check for ZMM support when detecting VPCLMULQDQ support
[#1932]
* Revert "Clean up insert_match() in deflate_medium" due to
performance regression #1938
