Packages changed:
Mesa (25.1.5 -> 25.1.6)
Mesa-drivers (25.1.5 -> 25.1.6)
MicroOS-release (20250718 -> 20250722)
apparmor
busybox
busybox-links
cockpit
cockpit-podman (104 -> 107)
curl (8.14.1 -> 8.15.0)
fuse
fuse3 (3.17.2 -> 3.17.3)
gdk-pixbuf
grub2
hyper-v
kernel-source (6.15.6 -> 6.15.7)
libapparmor
libbpf (1.5.1 -> 1.6.1)
libcddb
libopenmpt (0.8.1 -> 0.8.2)
libxml2
libxslt
libyuv
libzypp (17.37.11 -> 17.37.12)
ncurses (6.5.20250712 -> 6.5.20250720)
open-iscsi
pciutils (3.13.0 -> 3.14.0)
python-gpg (1.24.3 -> 2.0.0)
python-jsonschema (4.24.0 -> 4.24.1)
python-typing_extensions (4.14.0 -> 4.14.1)
python313
python313-core
sdbootutil (1+git20250716.b03c12f -> 1+git20250718.9f557f7)
sqlite3 (3.50.2 -> 3.50.3)
tbb (2022.1.0 -> 2022.2.0)
update-bootloader (1.24 -> 1.25)
vulkan-loader (1.4.313 -> 1.4.321)
vulkan-tools (1.4.313 -> 1.4.321)
xkeyboard-config
yast2 (5.0.14 -> 5.0.15)
zypper (1.14.92 -> 1.14.93)
=== Details ===
==== Mesa ====
Version update (25.1.5 -> 25.1.6)
Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1
- Customise drivers for loongarch64
- Update to release 25.1.6
- ->
https://docs.mesa3d.org/relnotes/25.1.6
==== Mesa-drivers ====
Version update (25.1.5 -> 25.1.6)
Subpackages: Mesa-dri Mesa-gallium Mesa-vulkan-device-select libvulkan_lvp
- Customise drivers for loongarch64
- Update to release 25.1.6
- ->
https://docs.mesa3d.org/relnotes/25.1.6
==== MicroOS-release ====
Version update (20250718 -> 20250722)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== apparmor ====
- add xkeyboard.diff to allow reading /usr/share/xkeyboard-config-2/
via abstractions/X (boo#1246743)
- add kerberosclient-usrmerge.diff to allow reading
/usr/etc/krb5.conf (boo#1246689)
==== busybox ====
- add placeholder variable and ignore applet logic to busybox.install
- enable halt, poweroff, reboot commands (bsc#1243201)
==== busybox-links ====
Subpackages: busybox-coreutils busybox-diffutils busybox-grep busybox-gzip busybox-hostname busybox-sed busybox-xz
- add filtering of ignored applets to busybox.install
==== cockpit ====
Subpackages: cockpit-bridge cockpit-networkmanager cockpit-packagekit cockpit-system cockpit-ws cockpit-ws-selinux
- add 0001-cockpit-overview-support-SUSE_SUPPORT_PRODUCT-keys.patch
- add 0002-cockpit-kdump-support-SLE-micro-6.2.patch
- add 0003-branding-use-SUSE_SUPPORT_PRODUCT-and-SUSE_SUPPORT_P.patch to fix bsc#1241003
- update check_cockpit_users to only check for systemd support in /etc/nsswitch.conf bsc#1246408
- add a requirement on /usr/sbin/kdumptool for cockpit-kdump (bsc#1227402)
- add libzypp-plugin-appdata dependency to cockpit-packagekit as
this will generate the swcatalog which it depends on for calculating
various cockpit packages
- Show reboot nofication after updates in packagekit
* Add 0009-packagekit-reboot-notification.patch
==== cockpit-podman ====
Version update (104 -> 107)
- Update to 107
* Bug fixes
* Translation updates
==== curl ====
Version update (8.14.1 -> 8.15.0)
Subpackages: libcurl4
- Update to 8.15.0:
* Changes:
- TLS: remove support for Secure Transport and BearSSL
* Bugfixes:
- cf-socket: make socket data_pending a nop
- configure: order LDAP after the SSL libraries
- curl: improve non-blocking STDIN performance
- curl_get_line: make sure lines end with newline
- curl_path: make SFTP handle a path like /~ properly.
- curlinfo: provide the 'digest' feature
- digest: fix build with disabled digest auth
- docs: note SSLS-EXPORT feature in -ssl-sessions doc
- docs: reflect that delimiter-separated capath is only OpenSSL
- docs: sync -tls-earlydata support w/ CURLOPT_SSL_OPTIONS
- http/3: report handshake with version and cipher as for TCP connections
- http2: do not delay RST send on aborted transfer
- http_ntlm: protect against null deref
- ldap: initial support for --with-ldap option
- lib: address singleuse issues
- lib: avoid reusing unclean connection
- lib: drop two interim macros in favor of native libcurl API calls
- lib: stop 'time()' debug overrides at the end of source in altsvc, hsts
- lib: unify recv/send function signatures
- memdebug.h: #undef 'fclose' before defining it
- openssl: enable readahead
- openssl: error on SSL_ERROR_SYSCALL
- openssl: fix handling of buffered data
- openssl: fix openssl engine use
- openssl: fix pkcs11 provider available check
- quic: implement CURLINFO_TLS_SSL_PTR
- schannel: allow partial chains for manual peer verification
- SCP/SFTP: avoid busy loop after EAGAIN
- socks: fix query when filter context is null
- tls: remove Curl_ssl false_start
- tool_getparam: fix --ftp-pasv
- tool_operate: fix return code when --retry is used but not triggered
- top-complexity: lower max allowed complexity threshold to 90
- url: fix NULL deref with bad password when no user is provided
- urlapi: use uppercase hex encoding
- vtls: change send/recv signatures of tls backends
- vtls: prefer ciphersuite to cipher in msgs
- vtls: prefer rustls-ffi ciphersuite name API
- xfer: manage pause bits
* Remove patches upstream:
- curl-fix--ftp-pasv.patch
- fix-return-code-with-retry.patch
==== fuse ====
- Workaround gettext 0.25 behavioral changes
and call autopoint as needed [boo#1246701]
==== fuse3 ====
Version update (3.17.2 -> 3.17.3)
Subpackages: libfuse3-4
- Update to release 3.17.3
* Avoid possible double unmount on FUSE_DESTROY
==== gdk-pixbuf ====
Subpackages: gdk-pixbuf-query-loaders libgdk_pixbuf-2_0-0 typelib-1_0-GdkPixbuf-2_0
- Add gdk-pixbuf-fix-decoder-written-bytes-reporting.patch: Fix
memory leak caused by wrong written bytes reported by decoder
(bsc#1245227).
==== grub2 ====
Subpackages: grub2-common grub2-i386-efi grub2-i386-efi-bls grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi grub2-x86_64-efi-bls
- Fix test -f and -s do not work properly over the network files served via
tftp and http (bsc#1246157) (bsc#1246237)
* 0001-test-Fix-f-test-on-files-over-network.patch
* 0002-http-Return-HTTP-status-code-in-http_establish.patch
* 0003-docs-Clarify-test-for-files-on-TFTP-and-HTTP.patch
* 0004-tftp-Fix-hang-when-file-is-a-directory.patch
==== hyper-v ====
- fcopy: Fix irregularities with size of ring buffer (a4131a50)
- fcopy: Fix incorrect file path conversion (0d86a8d6)
==== kernel-source ====
Version update (6.15.6 -> 6.15.7)
- fs/proc: Use inode_get_dev() for device numbers in procmap_query
(bsc#1246332).
- commit 3e63d43
- Linux 6.15.7 (bsc#1012628).
- eventpoll: don't decrement ep refcount while still holding
the ep mutex (bsc#1012628).
- drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling
(bsc#1012628).
- ASoC: fsl_asrc: use internal measured ratio for non-ideal
ratio mode (bsc#1012628).
- ASoC: Intel: SND_SOC_INTEL_SOF_BOARD_HELPERS select
SND_SOC_ACPI_INTEL_MATCH (bsc#1012628).
- ASoC: soc-acpi: add get_function_tplg_files ops (bsc#1012628).
- ASoC: Intel: add sof_sdw_get_tplg_files ops (bsc#1012628).
- ASoC: Intel: soc-acpi-intel-arl-match: set
get_function_tplg_files ops (bsc#1012628).
- ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches
(bsc#1012628).
- perf/core: Fix the WARN_ON_ONCE is out of lock protected region
(bsc#1012628).
- EDAC: Initialize EDAC features sysfs attributes (bsc#1012628).
- irqchip/irq-msi-lib: Select CONFIG_GENERIC_MSI_IRQ
(bsc#1012628).
- sched/core: Fix migrate_swap() vs. hotplug (bsc#1012628).
- objtool: Add missing endian conversion to read_annotate()
(bsc#1012628).
- perf: Revert to requiring CAP_SYS_ADMIN for uprobes
(bsc#1012628).
- ASoC: cs35l56: probe() should fail if the device ID is not
recognized (bsc#1012628).
- Bluetooth: hci_sync: Fix not disabling advertising instance
(bsc#1012628).
- Bluetooth: hci_core: Remove check of BDADDR_ANY in
hci_conn_hash_lookup_big_state (bsc#1012628).
- Bluetooth: hci_sync: Fix attempting to send HCI_Disconnect to
BIS handle (bsc#1012628).
- Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as
connected (bsc#1012628).
- pinctrl: amd: Clear GPIO debounce for suspend (bsc#1012628).
- fix proc_sys_compare() handling of in-lookup dentries
(bsc#1012628).
- sched/deadline: Fix dl_server runtime calculation formula
(bsc#1012628).
- bnxt_en: eliminate the compile warning in bnxt_request_irq
due to CONFIG_RFS_ACCEL (bsc#1012628).
- arm64: poe: Handle spurious Overlay faults (bsc#1012628).
- arm64/mm: Drop wrong writes into TCR2_EL1 (bsc#1012628).
- net: phy: qcom: move the WoL function to shared library
(bsc#1012628).
- net: phy: qcom: qca808x: Fix WoL issue by utilizing
at8031_set_wol() (bsc#1012628).
- netlink: Fix wraparounds of sk->sk_rmem_alloc (bsc#1012628).
- vsock: fix `vsock_proto` declaration (bsc#1012628).
- tipc: Fix use-after-free in tipc_conn_close() (bsc#1012628).
- tcp: Correct signedness in skb remaining space calculation
(bsc#1012628).
- vsock: Fix transport_{g2h,h2g} TOCTOU (bsc#1012628).
- vsock: Fix transport_* TOCTOU (bsc#1012628).
- vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also
`transport_local` (bsc#1012628).
- net: airoha: Fix an error handling path in airoha_probe()
(bsc#1012628).
- module: Fix memory deallocation on error path in move_module()
(bsc#1012628).
- net: stmmac: Fix interrupt handling for level-triggered mode
in DWC_XGMAC2 (bsc#1012628).
- net: phy: smsc: Fix Auto-MDIX configuration when disabled by
strap (bsc#1012628).
- net: phy: smsc: Force predictable MDI-X state on LAN87xx
(bsc#1012628).
- net: phy: smsc: Fix link failure in forced mode with Auto-MDIX
(bsc#1012628).
- atm: clip: Fix potential null-ptr-deref in to_atmarpd()
(bsc#1012628).
- atm: clip: Fix memory leak of struct clip_vcc (bsc#1012628).
- atm: clip: Fix infinite recursive call of clip_push()
(bsc#1012628).
- atm: clip: Fix NULL pointer dereference in vcc_sendmsg()
(bsc#1012628).
- net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting
for skb_shared_info (bsc#1012628).
- net/sched: Abort __tc_modify_qdisc if parent class does not
exist (bsc#1012628).
- rxrpc: Fix bug due to prealloc collision (bsc#1012628).
- crypto: s390/sha - Fix uninitialized variable in SHA-1 and SHA-2
(bsc#1012628).
- rxrpc: Fix oops due to non-existence of prealloc backlog struct
(bsc#1012628).
- ipmi:msghandler: Fix potential memory corruption in
ipmi_create_user() (bsc#1012628).
- x86/mce/amd: Add default names for MCA banks and blocks
(bsc#1012628).
- x86/mce/amd: Fix threshold limit reset (bsc#1012628).
- x86/mce: Don't remove sysfs if thresholding sysfs init fails
(bsc#1012628).
- x86/mce: Ensure user polling settings are honored when
restarting timer (bsc#1012628).
- x86/mce: Make sure CMCI banks are cleared during shutdown on
Intel (bsc#1012628).
... changelog too long, skipping 245 lines ...
- commit c5fb175
==== libapparmor ====
- add xkeyboard.diff to allow reading /usr/share/xkeyboard-config-2/
via abstractions/X (boo#1246743)
- add kerberosclient-usrmerge.diff to allow reading
/usr/etc/krb5.conf (boo#1246689)
==== libbpf ====
Version update (1.5.1 -> 1.6.1)
- update to 1.6.0:
* add more control over BPF object lifetime with new preparation step
(bpf_object__prepare() API)
* libbpf will report symbolic error code (e.g., "-EINVAL") in addition to
human-readable error description
* bpf_prog_stream_read() API
* BPF token support when attaching BPF trampoline-based BPF programs in
bpf_program__set_attach_target()
* BPF token support for BPF_BTF_GET_FD_BY_ID command
* support multi-uprobe session (SEC("uprobe.session")) BPF programs
* support unique_match option for multi-kprobe attachment
* support creating and destroying qdisk with BPF_TC_QDISC flag;
* bpf_program__attach_cgroup_opts() which enables more precise cgroup-based
attachment ordering
* automatically take advantage of memory-mappable kernel BTF
(/sys/kernel/btf/vmlinux), if supported
* emit_strings option for BTF dumper API, improving string-like data printing
* add BPF program's func and line info accessors
* BPF linker supports linking ELF object files coming from memory buffer and
referenced by FD, in addition to file path-based APIs;
* small improvements to BTF dedup to handle rare quirky corner cases produces
by some compilers
* add likely() and unlikely() convenience macros;
* __arg_untrusted annotation for BPF global subprog arguments;
* bpf_stream_printk() macro for working with BPF streams;
* bpf_usdt_arg_size() API
- update to 1.6.0:
* fixing a possible crash when handling BPF arena global variable relocations
- drop 0001-libbpf-Add-identical-pointer-detection-to-btf_dedup_.patch, which
is now included
==== libcddb ====
- Tighten %files, don't glob so much.
- Work with newer gettext-runtime. In gettext 0.24.1 the m4 files
moved from /usr/share/aclocal/ to /usr/share/gettext/m4
==== libopenmpt ====
Version update (0.8.1 -> 0.8.2)
- Update to 0.8.2:
* [Sec] Possible out-of-bounds sample data read in a specific
combination of reverse sample playback + offset past sample
loop. (r23711).
* [Bug] Fixed pre-C++20 undefined behaviour due to left-shifting
negative integer values.
* Since libopenmpt 0.8.0, swapping between samples on the rear
channels could introduce a click on the front channels.
* IT: Volume column slides no longer propagate their effect
memory to the regular effect column volume slides.
* FC: Allow files with a sequence size of 0 to load (fixes a
broken copy of cult.smod).
==== libxml2 ====
Subpackages: libxml2-2 libxml2-tools
- security update
- added patches
CVE-2025-7425 [bsc#1246296], Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr
+ libxml2-CVE-2025-7425.patch
==== libxslt ====
Subpackages: libexslt0 libxslt-tools libxslt1
- security update
- added patches
CVE-2025-7424 [bsc#1246360], Type confusion in xmlNode.psvi between stylesheet and source nodes
+ libxslt-CVE-2025-7424.patch
==== libyuv ====
- Add fix-narrowing-conversion-initializer-errors-on-LoongArch64.patch
Fix C++11 narrowing conversion errors when initializing __m128i constants
with unsigned long long literals on LoongArch64 builds.
==== libzypp ====
Version update (17.37.11 -> 17.37.12)
- Allow explicit request to probe an added repo's URL
(bsc#1246466)
- Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 (fixes #661)
- version 17.37.12 (35)
==== ncurses ====
Version update (6.5.20250712 -> 6.5.20250720)
Subpackages: libncurses6 ncurses-utils terminfo-base
- Add ncurses patch 20250720
+ further improve readability of header-files
+ add a consistency-check for termio(s)/tty headers, to help with
cross-compiles (report by Stas Sergeev).
+ remove some unused configure-macros
+ add xterm+keypad to pccon+base -TD
+ trim trailing blanks from a few files (report by Stas Sergeev).
==== open-iscsi ====
Subpackages: iscsiuio libopeniscsiusr0
- Update to version 2.1.11.suse+73.1723affc61eb:
* README for rpm build directory
* Fix issue with IPv6 adapter interfaces (#508, bsc#1240969)
* fwparam_ppc.c: Fix the calloc-transposed-args issue (#504)
* Makefile: fix "No rule to make target 'iscsiuio/Makefile.in" issue (#506)
* Fix typo in initiator.c (#507)
- Fixed some issues in this changes file
* One date had incorrect format from 2014
* Two separator lines were formatted incrrectly
==== pciutils ====
Version update (3.13.0 -> 3.14.0)
Subpackages: libpci3
- Update to 3.14.0:
* New capabilities are decoded: VirtIO SharedMemory, Physical
Layer 16 to 64 GT/s, Flit Mode, Device 3, Intel vendor-
specific.
* <lib/header.h> got definitions of new classes and capabilities
from PCI Code and ID Assignment rev 1.18
* <lib/pci.h> can be included from C++ programs
* Updated pci.ids
==== python-gpg ====
Version update (1.24.3 -> 2.0.0)
- Fix build on armv6 as well
- use fdupes
- fix 32 bit swig failures, adding gpgmepy-2.0.0-swig-32-bit.patch
- Python bindings for GnuPG, based on gpgme, providing python*-gpg
This is split from upstream gpgme from 2.0.0.
- Rewrite building of the package using PEP517 compatible build system.
- Do not pull revision info from GIT when autoconf is run. This
removes the -unknown suffix after the version number. Fix also
the version string in setup.py. [bsc#1244605]
* Add python-gpgme-nobetasuffix.patch
- Do not error out when copying duplicated files: [bsc#1244605]
* Add python-gpgme-COPY_FILES.patch
- wip, split upstream from gpgme since 2.0.0
==== python-jsonschema ====
Version update (4.24.0 -> 4.24.1)
- update to 4.24.1:
* Unambiguously quote and escape properties in JSON path rendering
by @kurtmckee in #1390
* Drop python<3.9 backports by @hackowitz-af in #1367
==== python-typing_extensions ====
Version update (4.14.0 -> 4.14.1)
- update to 4.14.1:
* Fix usage of `typing_extensions.TypedDict` nested inside
other types (e.g., `typing.Type[typing_extensions.TypedDict]`).
This is not allowed by the type system but worked on older
versions, so we maintain support.
==== python313 ====
- Fix gil/nogil package description, bsc#1246229
- Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst
case quadratic complexity when processing certain crafted
malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705).
- Add bsc1243155-sphinx-non-determinism.patch (bsc#1243155) to
generate ids for audit_events using docname (reproducible
builds).
- Use one core to build doc. This will make sphinx doc build
reproducible.
bsc#1243155
==== python313-core ====
Subpackages: libpython3_13-1_0 python313-base
- Fix gil/nogil package description, bsc#1246229
- Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst
case quadratic complexity when processing certain crafted
malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705).
- Add bsc1243155-sphinx-non-determinism.patch (bsc#1243155) to
generate ids for audit_events using docname (reproducible
builds).
- Use one core to build doc. This will make sphinx doc build
reproducible.
bsc#1243155
==== sdbootutil ====
Version update (1+git20250716.b03c12f -> 1+git20250718.9f557f7)
Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper sdbootutil-tukit
- Update to version 1+git20250718.9f557f7:
* MicroOS mounts encrypted /var in initrd
==== sqlite3 ====
Version update (3.50.2 -> 3.50.3)
- Update to version 3.50.3:
* Fix a possible memory error that can occur if a query is made
against against FTS5 index that has been deliberately corrupted
in a very specific way.
* Fix the parser so that it ignored SQL comments in all places of
a CREATE TRIGGER statement. This resolves a problem that was
introduced by the introduction of the
SQLITE_DBCONFIG_ENABLE_COMMENTS feature in version 3.49.0.
* Fix an incorrect answer due to over-optimization of an AND
operator.
==== tbb ====
Version update (2022.1.0 -> 2022.2.0)
- Drop excessive gcc flags: add cf-prot.patch.
- Update to version 2022.2.0:
* Improved Hybrid CPU and NUMA Platforms API Support: Enhanced
API availability for better compatibility with Hybrid CPU and
NUMA platforms.
* Refined Environment Setup: Replaced CPATH with C_INCLUDE_PATH
and CPLUS_INCLUDE_PATH in environment setup to avoid
unintended compiler warnings caused by globally applied
include paths.
==== update-bootloader ====
Version update (1.24 -> 1.25)
- merge gh#openSUSE/perl-bootloader#191
- avoid spurious warning messages when parsing /etc/default/grub
(bsc#1246373, bsc#1245323)
- 1.25
==== vulkan-loader ====
Version update (1.4.313 -> 1.4.321)
- Update to tag SDK-1.4.321.0
* Simplify portability enumeration variables.
* Only call surface creation functions on supported drivers.
* Add vkGetPhysicalDeviceSurfaceSupportKHR test when ICD does not
support the surface extension.
==== vulkan-tools ====
Version update (1.4.313 -> 1.4.321)
- Update to tag SDK-1.4.321.0
* cube: prefer Wayland over X11 when available
==== xkeyboard-config ====
- make %pretrans lua script more robust to avoid endless loops
during package installation (boo#1246768)
==== yast2 ====
Version update (5.0.14 -> 5.0.15)
- Do not try installing packages into the inst-sys during
installation (bsc#1240867)
- 5.0.15
==== zypper ====
Version update (1.14.92 -> 1.14.93)
Subpackages: zypper-needs-restarting
- Fix addrepo to handle explicit --check and --no-check requests
(bsc#1246466)
- Accept "show" as alias for "info" (bsc#1245985)
- version 1.14.93
