Packages changed:
MicroOS-release (20250623 -> 20250624)
cpio
docker
fwupd
glibc
gpg2 (2.5.7 -> 2.5.8)
kernel-firmware-amdgpu (20250620 -> 20250623)
kernel-firmware-brcm (20250603 -> 20250623)
kernel-firmware-iwlwifi
kernel-firmware-mediatek
kernel-firmware-network
kernel-firmware-platform
kernel-firmware-realtek
kernel-firmware-sound
kernel-source (6.15.2 -> 6.15.3)
kf6-kirigami
librepo (1.19.0 -> 1.20.0)
libusb-1_0 (1.0.28 -> 1.0.29)
libwacom (2.15.0 -> 2.16.1)
ncurses (6.5.20250614 -> 6.5.20250621)
python-maturin (1.8.7 -> 1.9.0)
python-urllib3 (2.4.0 -> 2.5.0)
python313 (3.13.3 -> 3.13.5)
python313-core (3.13.3 -> 3.13.5)
sddm
sddm-qt6
snappy
xdg-user-dirs
=== Details ===
==== MicroOS-release ====
Version update (20250623 -> 20250624)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== cpio ====
- Downgrade cpio-mt and rmt recommends to suggests (boo#1244434)
==== docker ====
Subpackages: docker-buildx docker-rootless-extras
[ This update is a no-op, only needed to work around unfortunate automated
packaging script behaviour on SLES. ]
- The following patches were removed in openSUSE in the Docker 28.1.1-ce
update, but the patch names were later renamed in a SLES-only update before
Docker 28.1.1-ce was submitted to SLES.
This causes the SLES build scripts to refuse the update because the patches
are not referenced in the changelog. There is no obvious place to put the
patch removals (the 28.1.1-ce update removing the patches chronologically
predates their renaming in SLES), so they are included here a dummy changelog
entry to work around the issue.
- 0007-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
- 0008-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
- Update to docker-buildx v0.25.0. Upstream changelog:
<
https://github.com/docker/buildx/releases/tag/v0.25.0>
==== fwupd ====
Subpackages: libfwupd3 typelib-1_0-Fwupd-2_0
- Fix %{_modulesloaddir}/fwupd-i2c.conf packaging
==== glibc ====
Subpackages: glibc-locale glibc-locale-base
- ppc64le-revert-power10-strcmp.patch: Revert optimized POWER10 strcmp,
strncmp implementations (CVE-2025-5745, CVE-2025-5702, bsc#1244184,
bsc#1244182, BZ #33060, BZ #33056)
- ppc64le-revert-power10-memcmp.patch: Revert optimized POWER10 memcmp
implementation (BZ #33059)
- Filter GLIBC_PRIVATE symbols again
- Drop ngpt provides
- Refine libc_nonshared.a workaround
- Enable Userspace Livepatching on ppc64le (jsc#PED-7395)
==== gpg2 ====
Version update (2.5.7 -> 2.5.8)
- Update to 2.5.8:
* gpg: Show revocation reason with a standard -k listing. [T7083]
* gpg: Emit a revocation reason as comment in a "pub" record.
[T7083]
* agent: Fix regression in 2.5.7 decrypting with a card based
cv25519 key. [T7676]
* scd:openpgp: Fix a regression in exporting card based ed25519 ssh
keys. [T7589]
* dirmngr: Do not require a keyserver for "gpg --fetch-key".
[T7693]
- Remove patch:
* gnupg-agent-fix-for-prefix-0x40-in-the-point-representation.patch
==== kernel-firmware-amdgpu ====
Version update (20250620 -> 20250623)
- Update to version 20250623 (git commit dbfe16e9e8ac):
* amdgpu: update dmcub fw for dcn401
==== kernel-firmware-brcm ====
Version update (20250603 -> 20250623)
- Update to version 20250623 (git commit dbfe16e9e8ac):
* brcm: Fix symlinks for Khadas VIM SDIO wifi config
==== kernel-firmware-iwlwifi ====
- Update aliases
==== kernel-firmware-mediatek ====
- Update aliases
==== kernel-firmware-network ====
- Update aliases
==== kernel-firmware-platform ====
- Update aliases
==== kernel-firmware-realtek ====
- Update aliases
==== kernel-firmware-sound ====
- Update aliases
==== kernel-source ====
Version update (6.15.2 -> 6.15.3)
- PCI: pciehp: Ignore belated Presence Detect Changed caused by
DPC (git-fixes).
- io_uring/sqpoll: don't put task_struct on tctx setup failure
(git-fixes).
- wifi: remove zero-length arrays (git-fixes).
- ptp: fix breakage after ptp_vclock_in_use() rework (git-fixes).
- commit 959cb8f
- Linux 6.15.3 (bsc#1012628).
- tools/x86/kcpuid: Fix error handling (bsc#1012628).
- x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in
mwait_idle_with_hints() and prefer_mwait_c1_over_halt()
(bsc#1012628).
- crypto: iaa - Do not clobber req->base.data (bsc#1012628).
- crypto: sun8i-ce-hash - fix error handling in
sun8i_ce_hash_run() (bsc#1012628).
- sched: Fix trace_sched_switch(.prev_state) (bsc#1012628).
- crypto: ecdsa - Fix enc/dec size reported by KEYCTL_PKEY_QUERY
(bsc#1012628).
- crypto: ecdsa - Fix NIST P521 key size reported by
KEYCTL_PKEY_QUERY (bsc#1012628).
- crypto: zynqmp-sha - Add locking (bsc#1012628).
- kunit: qemu_configs: sparc: Explicitly enable CONFIG_SPARC32=y
(bsc#1012628).
- kunit: qemu_configs: Disable faulting tests on 32-bit SPARC
(bsc#1012628).
- perf/x86/amd/uncore: Remove unused 'struct amd_uncore_ctx::node'
member (bsc#1012628).
- perf/x86/amd/uncore: Prevent UMC counters from saturating
(bsc#1012628).
- gfs2: replace sd_aspace with sd_inode (bsc#1012628).
- gfs2: gfs2_create_inode error handling fix (bsc#1012628).
- gfs2: Move gfs2_dinode_dealloc (bsc#1012628).
- gfs2: Move GIF_ALLOC_FAILED check out of gfs2_ea_dealloc
(bsc#1012628).
- gfs2: deallocate inodes in gfs2_create_inode (bsc#1012628).
- perf/core: Fix broken throttling when max_samples_per_tick=1
(bsc#1012628).
- crypto: sun8i-ce-cipher - fix error handling in
sun8i_ce_cipher_prepare() (bsc#1012628).
- crypto: sun8i-ss - do not use sg_dma_len before calling DMA
functions (bsc#1012628).
- powerpc: do not build ppc_save_regs.o always (bsc#1012628).
- powerpc/crash: Fix non-smp kexec preparation (bsc#1012628).
- sched/core: Tweak wait_task_inactive() to force dequeue
sched_delayed tasks (bsc#1012628).
- x86/microcode/AMD: Do not return error when microcode update
is not necessary (bsc#1012628).
- selftests: coredump: Properly initialize pointer (bsc#1012628).
- selftests: coredump: Fix test failure for slow machines
(bsc#1012628).
- selftests: coredump: Raise timeout to 2 minutes (bsc#1012628).
- crypto: sun8i-ce - undo runtime PM changes during driver removal
(bsc#1012628).
- blk-throttle: Fix wrong tg->[bytes/io]_disp update in
__tg_update_carryover() (bsc#1012628).
- x86/cpu: Sanitize CPUID(0x80000000) output (bsc#1012628).
- x86/insn: Fix opcode map (!REX2) superscript tags (bsc#1012628).
- brd: fix aligned_sector from brd_do_discard() (bsc#1012628).
- brd: fix discard end sector (bsc#1012628).
- kselftest: cpufreq: Get rid of double suspend in rtcwake case
(bsc#1012628).
- crypto: marvell/cesa - Handle zero-length skcipher requests
(bsc#1012628).
- crypto: marvell/cesa - Avoid empty transfer descriptor
(bsc#1012628).
- erofs: fix file handle encoding for 64-bit NIDs (bsc#1012628).
- erofs: avoid using multiple devices with different type
(bsc#1012628).
- powerpc/pseries/iommu: Fix kmemleak in TCE table userspace view
(bsc#1012628).
- btrfs: scrub: update device stats when an error is detected
(bsc#1012628).
- btrfs: scrub: fix a wrong error type when metadata bytenr
mismatches (bsc#1012628).
- btrfs: fix invalid data space release when truncating block
in NOCOW mode (bsc#1012628).
- btrfs: fix wrong start offset for delalloc space release during
mmap write (bsc#1012628).
- rcu/cpu_stall_cputime: fix the hardirq count for x86
architecture (bsc#1012628).
- crypto: lrw - Only add ecb if it is not already there
(bsc#1012628).
- crypto: xts - Only add ecb if it is not already there
(bsc#1012628).
- crypto: sun8i-ce - move fallback ahash_request to the end of
the struct (bsc#1012628).
- sched/fair: Fixup wake_up_sync() vs DELAYED_DEQUEUE
(bsc#1012628).
- kunit: Fix wrong parameter to kunit_deactivate_static_stub()
(bsc#1012628).
- gfs2: Move gfs2_trans_add_databufs (bsc#1012628).
- gfs2: Don't start unnecessary transactions during log flush
(bsc#1012628).
- crypto: api - Redo lookup on EEXIST (bsc#1012628).
- ACPICA: exserial: don't forget to handle FFixedHW opregions
for reading (bsc#1012628).
- ASoC: tas2764: Reinit cache on part reset (bsc#1012628).
- ASoC: tas2764: Enable main IRQs (bsc#1012628).
- ASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMP_DUMMY()
... changelog too long, skipping 1314 lines ...
- commit 5a8b80b
==== kf6-kirigami ====
Subpackages: kf6-kirigami-imports libKirigamiPlatform6
- Add upstream fix:
* 0001-Revert-Properly-Align-menubar-when-there-is-a-sideba.patch
==== librepo ====
Version update (1.19.0 -> 1.20.0)
- Update to 1.20.0:
* Fix and update lr_download_metadata API to enable parallel
downloading of repos
==== libusb-1_0 ====
Version update (1.0.28 -> 1.0.29)
- Update to version 1.0.29
* LIBUSB_API_VERSION bump for the new functions in 1.0.28
* Fix xusb regression displaying wrong error on claim failure.
==== libwacom ====
Version update (2.15.0 -> 2.16.1)
Subpackages: libwacom-data libwacom9
- update to 2.16.1
* New devices:
- Add six new tablet definitions
- Add Framework 12 touchscreen
- Add Dell Active Pen PN7320A stylus
* Bug fixes:
- Fix segfault after running list-local-devices
==== ncurses ====
Version update (6.5.20250614 -> 6.5.20250621)
Subpackages: libncurses6 ncurses-utils terminfo-base
- Add ncurses patch 20250621
+ revise loop in wins_nwstr, to ensure that non-spacing characters are
combined with the base spacing character (report by Karl Knechtel).
+ fixes for port using clang-cl or cl MSVC (report by Kirill Makurin).
+ improve test-packages:
+ convert debian*/copyright to DEP-5 format.
+ modify ".spec" test-files to work around timestamp-clamping in
recent Fedora releases.
==== python-maturin ====
Version update (1.8.7 -> 1.9.0)
- Update to 1.9.0
* Update pyproject-toml to 0.13.5
gh#PyO3/maturin#2645
* Fix clippy lints
gh#PyO3/maturin#2648
* ZipWriter requires a compression level of None for the stored
method
gh#PyO3/maturin#2644
* Implement PEP 639 Support
gh#PyO3/maturin#2647
* Don't go through Display for platform tag to policy
gh#PyO3/maturin#2652
* Add --compatibility pypi to avoid building for unsupported
architectures
gh#PyO3/maturin#2650
* Fix self bootstrap without Rust installed
gh#PyO3/maturin#2653
==== python-urllib3 ====
Version update (2.4.0 -> 2.5.0)
- Update to 2.5.0:
* Security issues
Pool managers now properly control redirects when retries is passed
(CVE-2025-50181, GHSA-pq67-6m6q-mj2v, bsc#1244925)
Redirects are now controlled by urllib3 in the Node.js runtime
(CVE-2025-50182, GHSA-48p4-8xcf-vxj5, bsc#1244924)
* Features
Added support for the compression.zstd module that is new in Python 3.14.
Added support for version 0.5 of hatch-vcs
* Bugfixes
Raised exception for HTTPResponse.shutdown on a connection already
released to the pool.
Fixed incorrect CONNECT statement when using an IPv6 proxy with
connection_from_host. Previously would not be wrapped in [].
==== python313 ====
Version update (3.13.3 -> 3.13.5)
- adjusted sofilename for "nogil" build correctly.
- Update to 3.13.5:
- Tests
- gh-135120: Add test.support.subTests().
- Library
- gh-133967: Do not normalize locale name ‘C.UTF-8’ to
‘en_US.UTF-8’.
- gh-135326: Restore support of integer-like objects with
__index__() in random.getrandbits().
- gh-135321: Raise a correct exception for values greater
than 0x7fffffff for the BINSTRING opcode in the C
implementation of pickle.
- gh-135276: Backported bugfixes in zipfile.Path from
zipp 3.23. Fixed .name, .stem and other basename-based
properties on Windows when working with a zipfile on disk.
- gh-134151: email: Fix TypeError in
email.utils.decode_params() when sorting RFC 2231
continuations that contain an unnumbered section.
- gh-134152: email: Fix parsing of email message ID with
invalid domain.
- gh-127081: Fix libc thread safety issues with os by
replacing getlogin with getlogin_r re-entrant version.
- gh-131884: Fix formatting issues in json.dump() when both
indent and skipkeys are used.
- Core and Builtins
- gh-135171: Roll back changes to generator and list
comprehensions that went into 3.13.4 to fix gh-127682,
but which involved semantic and bytecode changes not
appropriate for a bugfix release.
- C API
- gh-134989: Fix Py_RETURN_NONE, Py_RETURN_TRUE and
Py_RETURN_FALSE macros in the limited C API 3.11 and
older: don’t treat Py_None, Py_True and Py_False as
immortal. Patch by Victor Stinner.
- gh-134989: Implement PyObject_DelAttr() and
PyObject_DelAttrString() as macros in the limited C API
3.12 and older. Patch by Victor Stinner.
- Substantially rewritten doc-py38-to-py36.patch patch to be more
flexible and covering even unexpected changes.
- Update to 3.13.4:
- Security
- gh-135034: Fixes multiple issues that allowed tarfile
extraction filters (filter="data" and filter="tar") to be
bypassed using crafted symlinks and hard links.
Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138
(bsc#1244059), CVE-2025-4330 (bsc#1244060), and
CVE-2025-4517 (bsc#1244032).
- gh-133767: Fix use-after-free in the “unicode-escape”
decoder with a non-“strict” error handler (CVE-2025-4516,
bsc#1243273).
- gh-128840: Short-circuit the processing of long IPv6
addresses early in ipaddress to prevent excessive memory
consumption and a minor denial-of-service.
- Library
- gh-134718: ast.dump() now only omits None and [] values if
they are default values.
- gh-128840: Fix parsing long IPv6 addresses with embedded
IPv4 address.
- gh-134696: Built-in HACL* and OpenSSL implementations of
hash function constructors now correctly accept the same
documented named arguments. For instance, md5() could be
previously invoked as md5(data=data) or md5(string=string)
depending on the underlying implementation but these calls
were not compatible. Patch by Bénédikt Tran.
- gh-134210: curses.window.getch() now correctly handles
signals. Patch by Bénédikt Tran.
- gh-80334: multiprocessing.freeze_support() now checks for
work on any “spawn” start method platform rather than only
on Windows.
- gh-114177: Fix asyncio to not close subprocess pipes which
would otherwise error out when the event loop is already
closed.
- gh-134152: Fixed UnboundLocalError that could occur during
email header parsing if an expected trailing delimiter is
missing in some contexts.
- gh-62184: Remove import of C implementation of io.FileIO
from Python implementation which has its own implementation
- gh-133982: Emit RuntimeWarning in the Python implementation
of io when the file-like object is not closed explicitly in
the presence of multiple I/O layers.
- gh-133890: The tarfile module now handles
UnicodeEncodeError in the same way as OSError when cannot
extract a member.
- gh-134097: Fix interaction of the new REPL and -X
showrefcount command line option.
- gh-133889: The generated directory listing page in
http.server.SimpleHTTPRequestHandler now only shows the
decoded path component of the requested URL, and not the
query and fragment.
- gh-134098: Fix handling paths that end with
a percent-encoded slash (%2f or %2F) in
http.server.SimpleHTTPRequestHandler.
- gh-134062: ipaddress: fix collisions in __hash__() for
IPv4Network and IPv6Network objects.
- gh-133745: In 3.13.3 we accidentally changed the signature
of the asyncio create_task() family of methods and how it
calls a custom task factory in a backwards incompatible
way. Since some 3rd party libraries have already made
changes to work around the issue that might break if
... changelog too long, skipping 194 lines ...
- gh-132535-rsrc-warn-test_timeout.patch
==== python313-core ====
Version update (3.13.3 -> 3.13.5)
Subpackages: libpython3_13-1_0 python313-base
- adjusted sofilename for "nogil" build correctly.
- Update to 3.13.5:
- Tests
- gh-135120: Add test.support.subTests().
- Library
- gh-133967: Do not normalize locale name ‘C.UTF-8’ to
‘en_US.UTF-8’.
- gh-135326: Restore support of integer-like objects with
__index__() in random.getrandbits().
- gh-135321: Raise a correct exception for values greater
than 0x7fffffff for the BINSTRING opcode in the C
implementation of pickle.
- gh-135276: Backported bugfixes in zipfile.Path from
zipp 3.23. Fixed .name, .stem and other basename-based
properties on Windows when working with a zipfile on disk.
- gh-134151: email: Fix TypeError in
email.utils.decode_params() when sorting RFC 2231
continuations that contain an unnumbered section.
- gh-134152: email: Fix parsing of email message ID with
invalid domain.
- gh-127081: Fix libc thread safety issues with os by
replacing getlogin with getlogin_r re-entrant version.
- gh-131884: Fix formatting issues in json.dump() when both
indent and skipkeys are used.
- Core and Builtins
- gh-135171: Roll back changes to generator and list
comprehensions that went into 3.13.4 to fix gh-127682,
but which involved semantic and bytecode changes not
appropriate for a bugfix release.
- C API
- gh-134989: Fix Py_RETURN_NONE, Py_RETURN_TRUE and
Py_RETURN_FALSE macros in the limited C API 3.11 and
older: don’t treat Py_None, Py_True and Py_False as
immortal. Patch by Victor Stinner.
- gh-134989: Implement PyObject_DelAttr() and
PyObject_DelAttrString() as macros in the limited C API
3.12 and older. Patch by Victor Stinner.
- Substantially rewritten doc-py38-to-py36.patch patch to be more
flexible and covering even unexpected changes.
- Update to 3.13.4:
- Security
- gh-135034: Fixes multiple issues that allowed tarfile
extraction filters (filter="data" and filter="tar") to be
bypassed using crafted symlinks and hard links.
Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138
(bsc#1244059), CVE-2025-4330 (bsc#1244060), and
CVE-2025-4517 (bsc#1244032).
- gh-133767: Fix use-after-free in the “unicode-escape”
decoder with a non-“strict” error handler (CVE-2025-4516,
bsc#1243273).
- gh-128840: Short-circuit the processing of long IPv6
addresses early in ipaddress to prevent excessive memory
consumption and a minor denial-of-service.
- Library
- gh-134718: ast.dump() now only omits None and [] values if
they are default values.
- gh-128840: Fix parsing long IPv6 addresses with embedded
IPv4 address.
- gh-134696: Built-in HACL* and OpenSSL implementations of
hash function constructors now correctly accept the same
documented named arguments. For instance, md5() could be
previously invoked as md5(data=data) or md5(string=string)
depending on the underlying implementation but these calls
were not compatible. Patch by Bénédikt Tran.
- gh-134210: curses.window.getch() now correctly handles
signals. Patch by Bénédikt Tran.
- gh-80334: multiprocessing.freeze_support() now checks for
work on any “spawn” start method platform rather than only
on Windows.
- gh-114177: Fix asyncio to not close subprocess pipes which
would otherwise error out when the event loop is already
closed.
- gh-134152: Fixed UnboundLocalError that could occur during
email header parsing if an expected trailing delimiter is
missing in some contexts.
- gh-62184: Remove import of C implementation of io.FileIO
from Python implementation which has its own implementation
- gh-133982: Emit RuntimeWarning in the Python implementation
of io when the file-like object is not closed explicitly in
the presence of multiple I/O layers.
- gh-133890: The tarfile module now handles
UnicodeEncodeError in the same way as OSError when cannot
extract a member.
- gh-134097: Fix interaction of the new REPL and -X
showrefcount command line option.
- gh-133889: The generated directory listing page in
http.server.SimpleHTTPRequestHandler now only shows the
decoded path component of the requested URL, and not the
query and fragment.
- gh-134098: Fix handling paths that end with
a percent-encoded slash (%2f or %2F) in
http.server.SimpleHTTPRequestHandler.
- gh-134062: ipaddress: fix collisions in __hash__() for
IPv4Network and IPv6Network objects.
- gh-133745: In 3.13.3 we accidentally changed the signature
of the asyncio create_task() family of methods and how it
calls a custom task factory in a backwards incompatible
way. Since some 3rd party libraries have already made
changes to work around the issue that might break if
... changelog too long, skipping 194 lines ...
- gh-132535-rsrc-warn-test_timeout.patch
==== sddm ====
- Change patch to start plymouth-quit.service explicitly
(boo#1245076):
* sddm-service-handle-plymouth.patch
==== sddm-qt6 ====
Subpackages: sddm-greeter-qt6
- Change patch to start plymouth-quit.service explicitly
(boo#1245076):
* sddm-service-handle-plymouth.patch
==== snappy ====
- Fix build with googletest 1.17.0 by using C++17, boo#1244989
==== xdg-user-dirs ====
- Drop obsolete update-desktop-files BuildRequires and macro.
