- automatically generated by openSUSE-release-tools/pkglistgen
==== coreutils ====
- coreutils-9.7-sort-CVE-2025-5278.patch: Add upstream patch:
sort with key character offsets of SIZE_MAX, could induce
a read of 1 byte before an allocated heap buffer.
(CVE-2025-5278, bsc#1243767)
==== coreutils-systemd ====
- coreutils-9.7-sort-CVE-2025-5278.patch: Add upstream patch:
sort with key character offsets of SIZE_MAX, could induce
a read of 1 byte before an allocated heap buffer.
(CVE-2025-5278, bsc#1243767)
==== jeos-firstboot ====
Version update (1.5.5 -> 1.5.8)
- Update to version 1.5.8:
* Update files/usr/share/jeos-firstboot/jeos-firstboot-functions
* Use SUSE_PRETTY_NAME as product name to display if it exists (bsc#1245364)
* Use xterm-256color on WSL based hosts boo#1237756
==== kernel-source ====
Version update (6.15.4 -> 6.15.5)
- usb: typec: displayport: Fix potential deadlock (git-fixes).
- commit 478c062
- Linux 6.15.5 (bsc#1012628).
- cifs: Correctly set SMB1 SessionKey field in Session Setup
Request (bsc#1012628).
- cifs: Fix cifs_query_path_info() for Windows NT servers
(bsc#1012628).
- cifs: Fix encoding of SMB1 Session Setup NTLMSSP Request in
non-UNICODE mode (bsc#1012628).
- NFSv4: Always set NLINK even if the server doesn't support it
(bsc#1012628).
- NFSv4.2: fix listxattr to return selinux security label
(bsc#1012628).
- NFSv4.2: fix setattr caching of TIME_[MODIFY|ACCESS]_SET when
timestamps are delegated (bsc#1012628).
- mailbox: Not protect module_put with spin_lock_irqsave
(bsc#1012628).
- mfd: max77541: Fix wakeup source leaks on device unbind
(bsc#1012628).
- mfd: max14577: Fix wakeup source leaks on device unbind
(bsc#1012628).
- mfd: max77705: Fix wakeup source leaks on device unbind
(bsc#1012628).
- mfd: 88pm886: Fix wakeup source leaks on device unbind
(bsc#1012628).
- mfd: sprd-sc27xx: Fix wakeup source leaks on device unbind
(bsc#1012628).
- sunrpc: don't immediately retransmit on seqno miss
(bsc#1012628).
- hwmon: (isl28022) Fix current reading calculation (bsc#1012628).
- dm vdo indexer: don't read request structure after enqueuing
(bsc#1012628).
- leds: multicolor: Fix intensity setting while SW blinking
(bsc#1012628).
- fuse: fix race between concurrent setattrs from multiple nodes
(bsc#1012628).
- cxl/region: Add a dev_err() on missing target list entries
(bsc#1012628).
- cxl: core/region - ignore interleave granularity when ways=1
(bsc#1012628).
- NFSv4: xattr handlers should check for absent nfs filehandles
(bsc#1012628).
- hwmon: (pmbus/max34440) Fix support for max34451 (bsc#1012628).
- ksmbd: allow a filename to contain special characters on
SMB3.1.1 posix extension (bsc#1012628).
- ksmbd: provide zero as a unique ID to the Mac client
(bsc#1012628).
- rust: module: place cleanup_module() in .exit.text section
(bsc#1012628).
- rust: arm: fix unknown (to Clang) argument '-mno-fdpic'
(bsc#1012628).
- dmaengine: idxd: Check availability of workqueue allocated by
idxd wq driver before using (bsc#1012628).
- dmaengine: xilinx_dma: Set dma_device directions (bsc#1012628).
- PCI: dwc: Make link training more robust by setting
PORT_LOGIC_LINK_WIDTH to one lane (bsc#1012628).
- PCI: apple: Fix missing OF node reference in
apple_pcie_setup_port (bsc#1012628).
- PCI: imx6: Add workaround for errata ERR051624 (bsc#1012628).
- wifi: iwlwifi: mld: Move regulatory domain initialization
(bsc#1012628).
- nvme-tcp: fix I/O stalls on congested sockets (bsc#1012628).
- nvme-tcp: sanitize request list handling (bsc#1012628).
- md/md-bitmap: fix dm-raid max_write_behind setting
(bsc#1012628).
- amd/amdkfd: fix a kfd_process ref leak (bsc#1012628).
- drm/amdgpu/vcn5.0.1: read back register after written
(bsc#1012628).
- drm/amdgpu/vcn4: read back register after written (bsc#1012628).
- drm/amdgpu/vcn3: read back register after written (bsc#1012628).
- drm/amdgpu/vcn2.5: read back register after written
(bsc#1012628).
- bcache: fix NULL pointer in cache_set_flush() (bsc#1012628).
- drm/amdgpu: seq64 memory unmap uses uninterruptible lock
(bsc#1012628).
- drm/scheduler: signal scheduled fence when kill job
(bsc#1012628).
- iio: pressure: zpa2326: Use aligned_s64 for the timestamp
(bsc#1012628).
- bus: mhi: host: pci_generic: Add Telit FN920C04 modem support
(bsc#1012628).
- um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h
(bsc#1012628).
- um: use proper care when taking mmap lock during segfault
(bsc#1012628).
- 8250: microchip: pci1xxxx: Add PCIe Hot reset disable support
for Rev C0 and later devices (bsc#1012628).
- coresight: Only check bottom two claim bits (bsc#1012628).
- usb: dwc2: also exit clock_gating when stopping udc while
suspended (bsc#1012628).
- iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos
(bsc#1012628).
- iio: dac: adi-axi-dac: add cntrl chan check (bsc#1012628).
- iio: light: al3000a: Fix an error handling path in
al3000a_probe() (bsc#1012628).
- iio: adc: ad7606_spi: check error in ad7606B_sw_mode_config()
(bsc#1012628).
- iio: hid-sensor-prox: Add support for 16-bit report size
(bsc#1012628).
... changelog too long, skipping 375 lines ...
- commit 071950d
- update to NSS 3.112
* bmo#1963792 - Fix alias for mac workers on try
* bmo#1966786 - ensure all options can be configured with
SSL_OptionSet and SSL_OptionSetDefault
* bmo#1931930 - ABI/API break in ssl certificate processing
* bmo#1955971 - remove unnecessary assertion in
sec_asn1d_init_state_based_on_template.
* bmo#1965754 - update taskgraph to v14.2.1.
* bmo#1964358 - Workflow for automation of the release on GitHub
when pushing a tag
* bmo#1952860 - fix faulty assertions in SEC_ASN1DecoderUpdate
* bmo#1934877 - Renegotiations should use a fresh ECH GREASE buffer
* bmo#1951396 - update taskgraph to v14.1.1
* bmo#1962503 - Partial fix for ACVP build CI job
* bmo#1961827 - Initialize find in sftk_searchDatabase
* bmo#1963121 - Add clang-18 to extra builds
* bmo#1963044 - Fault tolerant git fetch for fuzzing
* bmo#1962556 - Tolerate intermittent failures in ssl_policy_pkix_ocsp
* bmo#1962770 - fix compiler warnings when DEBUG_ASN1D_STATES or
CMSDEBUG are set
* bmo#1961835 - fix content type tag check in
NSS_CMSMessage_ContainsCertsOrCrls.
* bmo#1963102 - Remove Cryptofuzz CI version check
- Modify bmo1962556.patch to catch OBS specific errors
==== nghttp2 ====
Version update (1.65.0 -> 1.66.0)
- Ship manpages together with binaries
- Ship documentation in previously dangling doc subpackage
- update to 1.66.0:
* Bump github.com/quic-go/quic-go to v0.50.0
* build(deps): bump golang.org/x/net from 0.35.0 to 0.37.0
* h2load: Check the return value from OBJ_nid2sn
* build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0
* Remove go toolchain
* build(deps): bump github.com/quic-go/quic-go from 0.50.0 to
0.50.1
* nghttpx: Close h1 connection on CONNECT failure
* doc:rubydomain: Fix build failure with rubydomain namespace
* Update integration tests
* quic: Use secure random generator for ngtcp2_rand
* Revert "quic: Use secure random generator for ngtcp2_rand"
* quic: Use secure random generator for ngtcp2_rand
* GHA: Replace macos-13 with macos-15
* build(deps): bump golang.org/x/net from 0.38.0 to 0.39.0
* Bump ngtcp2
* nghttpx: Refactor QUIC packet write
* h2load: Refactor QUIC packet write path
* nghttpx: Adopt std::span::first
* Rewrite util::quote_string
* Rewrite util::utos functions
* Rewrite util::decode_hex
* Make util::format_hex constexpr
* Remove util::inp_strlower in favor of util::tolower
* Refactor util::make_http_hostport and util::make_hostport
* Refine output iterator requirements
* Make base64 encoder/decoder constexpr
* Optimize util::utos
* Optimize util::format_hex
* Optimize util::utox
* Disallow array to substitute R &&
* Revert "nghttpx: No need to capitalize HTTP/1.1 field name"
* Refactor http2::capitalize
* Bump quic-go to v0.52.0
* nghttpx: Fix integral logging is always done in 64 bits
integer
- Build with HTTP/3 support
- Tidy up spec file
==== openssl-3 ====
Version update (3.5.0 -> 3.5.1)
Subpackages: libopenssl3
- Update to 3.5.1:
* Fix x509 application adds trusted use instead of rejected use.
[bsc#1243564, CVE-2025-4575]
- Remove patches:
* openssl-Fix-P384-on-P8-targets.patch
* openssl-CVE-2025-4575.patch
- Rebase patches:
* openssl-Allow-disabling-of-SHA1-signatures.patch
* openssl-FIPS-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
* openssl-FIPS-NO-DES-support.patch
- Fix a bogus warning caused by -Wfree-nonheap-object
* Add patch openssl-Fix-Wfree-nonheap-object-warning.patch
==== read-only-root-fs ====
Version update (1.0+git20250422.3e17744 -> 1.0+git20250708.3eed5de)
- Update to version 1.0+git20250708.3eed5de:
* writable-etc: Install findmnt instead of mountpoint
* CI: Omit volatile-overlay from the initrd
* Add basic CI
* Only remount when [/sysroot]/etc is ro (bsc#1246021)
- Update macros.selinux-policy to trigger a full relabel on transactional
systems upon module installation. This is rather expensive and will
hopefully be replaced by a more fine grained solution later on (bsc#1232753)
