Packages changed: GraphicsMagick (1.3.45 -> 1.3.46) ImageMagick (7.1.2.10 -> 7.1.2.11) Imath (3.2.1 -> 3.2.2) MozillaFirefox (146.0 -> 146.0.1) alsa-ucm-conf apache2-mod_php8 (8.4.14 -> 8.4.16) babl (0.1.116 -> 0.1.118) busybox container-selinux (2.244.0 -> 2.245.0) double-conversion (3.3.1 -> 3.4.0) dracut (059+suse.769.g693ea004 -> 059+suse.785.g17d177bb) flatpak (1.16.1 -> 1.16.2) fuse3 (3.17.4 -> 3.18.1) fwupd (2.0.18 -> 2.0.19) gegl (0.4.64 -> 0.4.66) gnome-console (49.1 -> 49.2) gnome-maps (49.2 -> 49.3) gtk-vnc ibus kdepim-addons (25.08.2 -> 25.12.0) kernel-firmware-i915 (20251125 -> 20251217) kernel-firmware-intel kernel-firmware-iwlwifi (20251123 -> 20251217) kernel-firmware-platform kernel-firmware-qcom (20251202 -> 20251217) kernel-firmware-realtek (20251118 -> 20251217) kernel-firmware-sound (20251205 -> 20251217) kernel-source (6.18.1 -> 6.18.2) kernel-source (6.18.1 -> 6.18.2) libarchive (3.8.3 -> 3.8.4) libeconf (0.8.2 -> 0.8.3) libgit2 (1.9.1 -> 1.9.2) libgsf (1.14.53 -> 1.14.54) liblouis (3.35.0 -> 3.36.0) libopenmpt (0.8.3 -> 0.8.4) libssh2_org libstorage-ng (4.5.280 -> 4.5.281) libvirt localsearch (3.10.1 -> 3.10.2) lvm2 (2.03.29 -> 2.03.38) lvm2-device-mapper (2.03.29_1.02.203 -> 2.03.38_1.02.212) man mariadb mpg123 (1.33.3 -> 1.33.4) multipath-tools (0.13.0+127+suse.37f9a4c9 -> 0.13.0+229+suse.dbac936f) ncurses (6.5.20251206 -> 6.5.20251213) nghttp3 (1.12.0 -> 1.13.1) nvidia-settings (580.105.08 -> 580.119.02) okular openSUSE-release (20251216 -> 20251228) openexr (3.4.3 -> 3.4.4) opus (1.5.2 -> 1.6) permissions (1699_20251002 -> 1699_20251217) php8 (8.4.14 -> 8.4.16) postgresql18 (18.0 -> 18.1) python-tornado6 (6.5 -> 6.5.4) qt6-base quadrapassel (49.2.1 -> 49.2.3) quota re2c (4.3.1 -> 4.4) rlwrap (0.47.1 -> 0.48) rsync ruby3.4 (3.4.7 -> 3.4.8) samba (4.22.6+git.435.014e5eceb5d -> 4.23.4+git.428.6b48e7eba5b) sdbootutil (1+git20251211.b3d0304 -> 1+git20251218.1cd7294) selinux-policy (20251211 -> 20251219) sshfs (3.7.4a -> 3.7.5) syslogd tdb (1.4.13 -> 1.4.14) tevent (0.16.2 -> 0.17.1) timezone (2025b -> 2025c) userspace-rcu (0.14.0 -> 0.15.3) wayland-utils (1.2.0 -> 1.3.0) webkit2gtk3 (2.50.3 -> 2.50.4) webkit2gtk4 (2.50.3 -> 2.50.4) xdg-user-dirs-gtk (0.14 -> 0.16) yast2-trans (84.87.20251209.92c74828a8 -> 84.87.20251216.2a38b61ecc) === Details === ==== GraphicsMagick ==== Version update (1.3.45 -> 1.3.46) Subpackages: libGraphicsMagick++-Q16-12 libGraphicsMagick-Q16-3 libGraphicsMagick3-config - versino update to 1.3.46 * MSL: Use libxml2's SAX handlers for the MVG XML-based scripting implementation. This removes a lot of archaic cruft which might suffer from security issues. * JP2: Fix Jasper max_samples calculation to avoid DOS due to huge image dimensions. * JXL: Apply image dimension resource limits. Fix heap buffer write overflow while reading image. * SVG: Use libxml2's SAX handlers for the SVG renderer. This removes a lot of archaic cruft which might suffer from security issues. * WPG: Assure that the palette buffer is allocated and the current size (SourceForge bug #750). * ColorFloodfillImage(): For floodfill, return an error if a clip-mask is present. The problem is that the algorithm may not converge if a clip-mask is present. * ThumbnailImage(): Prevent a divide by zero crash. * other bug fixes - modified patches * GraphicsMagick-disable-insecure-coders.patch (refreshed) * GraphicsMagick-perl-linkage.patch (refreshed) - deleted patches * GraphicsMagick-CVE-2025-27795.patch (upstreamed) * GraphicsMagick-CVE-2025-27796.patch (upstreamed) * GraphicsMagick-CVE-2025-32460.patch (upstreamed) * GraphicsMagick-return-value.patch (upstreamed) ==== ImageMagick ==== Version update (7.1.2.10 -> 7.1.2.11) Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - version update to 7.1.2.11 * no upstream changelog, see https://github.com/ImageMagick/ImageMagick/compare/7.1.2-10..7.1.2-11 - modified patches * ImageMagick-library-installable-in-parallel.patch (refreshed) ==== Imath ==== Version update (3.2.1 -> 3.2.2) - version update to 3.2.2 * fix build problem with newer versions of cmake ==== MozillaFirefox ==== Version update (146.0 -> 146.0.1) Subpackages: MozillaFirefox-branding-upstream - Mozilla Firefox 146.0.1 https://www.firefox.com/en-US/firefox/146.0.1/releasenotes/ MFSA 2025-98 (boo#1255367) * CVE-2025-14860 (bmo#2000597) Use-after-free in the Disability Access APIs component * CVE-2025-14861 (bmo#1996570, bmo#1999700) Memory safety bugs fixed in Firefox 146.0. * Improved overall stability by fixing crashes related to browsing, graphics, and accessibility features. (bmo#2001160, bmo#1998185, bmo#1998188) * Fixed an issue where fingerprinting protection caused incorrect font rendering on popular websites. (bmo#2000429) * Fixed crashes related to media playback and GMP process shutdown. (bmo#2002697) * Fixed an issue where desktop profile shortcuts were being unintentionally removed when changing copied profile settings. (bmo#1998209) * Improved sidebar text contrast when using vertical tabs with certain themes. (bmo#2006091) * When restoring from a backup, the restore success message will appear over the new tab page instead of one of the tabs restored from a backup, to avoid cases where the restored tab canceled the restore success message. (bmo#2003307) ==== alsa-ucm-conf ==== - Backport upstream fixes (bsc#1255123): 0001-sof-soundwire-third-fix-for-multi-codec.patch 0002-ucm2-sof-soundwire-Simplify-cs42l45-configs.patch 0003-ucm2-codecs-rt722-add-condition-to-SetLED-for-mic.patch ==== apache2-mod_php8 ==== Version update (8.4.14 -> 8.4.16) - version update to 8.4.16 Core: Sync all boost.context files with release 1.86.0. Fixed bug GH-20435 (SensitiveParameter doesn't work for named argument passing to variadic parameter). Fixed bug GH-20286 (use-after-destroy during userland stream_close()). Bz2: Fix assertion failures resulting in crashes with stream filter object parameters. Date: Fix crashes when trying to instantiate uninstantiable classes via date static constructors. DOM: Fix memory leak when edge case is hit when registering xpath callback. Fixed bug GH-20395 (querySelector and querySelectorAll requires elements in $selectors to be lowercase). Fix missing NUL byte check on C14NFile(). Fibers: Fixed bug GH-20483 (ASAN stack overflow with fiber.stack_size INI small value). FTP: Fixed bug GH-20601 (ftp_connect overflow on timeout). GD: Fixed bug GH-20511 (imagegammacorrect out of range input/output values). Fixed bug GH-20602 (imagescale overflow with large height values). Intl: Fixed bug GH-20426 (Spoofchecker::setRestrictionLevel() error message suggests missing constants). LibXML: Fix some deprecations on newer libxml versions regarding input buffer/parser handling. MbString: Fixed bug GH-20491 (SLES15 compile error with mbstring oniguruma). Fixed bug GH-20492 (mbstring compile warning due to non-strings). MySQLnd: Fixed bug GH-20528 (Regression breaks mysql connexion using an IPv6 address enclosed in square brackets). Opcache: Fixed bug GH-20329 (opcache.file_cache broken with full interned string buffer). PDO: Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180) Phar: Fixed bug GH-20442 (Phar does not respect case-insensitiveness of __halt_compiler() when reading stub). Fix broken return value of fflush() for phar file entries. Fix assertion failure when fseeking a phar file out of bounds. PHPDBG: Fixed ZPP type violation in phpdbg_get_executable() and phpdbg_end_oplog(). SPL: Fixed bug GH-20614 (SplFixedArray incorrectly handles references in deserialization). Standard: Fix memory leak in array_diff() with custom type checks. Fixed bug GH-20583 (Stack overflow in http_build_query via deep structures). Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()). Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()). (CVE-2025-14178) Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize). (CVE-2025-14177) Tidy: Fixed bug GH-20374 (PHP with tidy and custom-tags). XML: Fixed bug GH-20439 (xml_set_default_handler() does not properly handle special characters in attributes when passing data to callback). Zip: Fix crash in property existence test. Don't truncate return value of zip_fread() with user sizes. Zlib: Fix assertion failures resulting in crashes with stream filter object parameters. - main package require wwwrun:www user as it assumes it in filelist [bsc#1255043] - version update to 8.4.15 Core: Fixed bug GH-19934 (CGI with auto_globals_jit=0 causes uouv). Fixed bug GH-20073 (Assertion failure in WeakMap offset operations on reference). Fixed bug GH-20085 (Assertion failure when combining lazy object get_properties exception with foreach loop). Fixed bug GH-19844 (Don't bail when closing resources on shutdown). Fixed bug GH-20177 (Accessing overridden private property in get_object_vars() triggers assertion error). Fixed bug GH-20270 (Broken parent hook call with named arguments). Fixed bug GH-20183 (Stale EG(opline_before_exception) pointer through eval). DOM: Partially fixed bug GH-16317 (DOM classes do not allow __debugInfo() overrides to work). Fixed bug GH-20281 (\Dom\Document::getElementById() is inconsistent after nodes are removed). Exif: Fix possible memory leak when tag is empty. FPM: Fixed bug GH-19974 (fpm_status_export_to_zval segfault for parallel execution). FTP: Fixed bug GH-20240 (FTP with SSL: ftp_fput(): Connection timed out on successful writes). GD: Fixed bug GH-20070 (Return type violation in imagefilter when an invalid filter is provided). Intl: Fix memory leak on error in locale_filter_matches(). LibXML: Fix not thread safe schema/relaxng calls. MySQLnd: Fixed bug GH-8978 (SSL certificate verification fails (port doubled)). Fixed bug GH-20122 (getColumnMeta() for JSON-column in MySQL). Opcache: Fixed bug GH-20081 (access to uninitialized vars in preload_load()). Fixed bug GH-20121 (JIT broken in ZTS builds on MacOS 15). Fixed bug GH-19875 (JIT 1205 segfault on large file compiled in subprocess). Fixed bug GH-20012 (heap buffer overflow in jit). Partially fixed bug GH-17733 (Avoid calling wrong function when reusing file caches across differing environments). PgSql: Fix memory leak when first string conversion fails. Fix segfaults when attempting to fetch row into a non-instantiable class name. Phar: Fix memory leak of argument in webPhar. Fix memory leak when setAlias() fails. Fix a bunch of memory leaks in phar_parse_zipfile() error handling. Fix file descriptor/memory leak when opening central fp fails. ... changelog too long, skipping 18 lines ... Fix arginfo/zpp violations when LIBXML_SCHEMAS_ENABLED is not available. ==== babl ==== Version update (0.1.116 -> 0.1.118) Subpackages: libbabl-0_1-0 typelib-1_0-Babl-0_1 - Added https://gitlab.gnome.org/GNOME/babl/-/commit/4efc8b827e008417c4995a93ae3310697318cfab.patch Ensure git is really an optional dependency. Can be removed with the next update. - Drop the buildrequires for git-core again - Add BuildRequires for git-core as the meson build now needs git - Update to 0.1.118: - build and portability fixes, babl is now relocatedable. ==== busybox ==== Subpackages: busybox-static - Fix tar hidden files via escape sequence (CVE-2025-46394, bsc#1241661) * 0001-archival-libarchive-sanitize-filenames-on-output-pre.patch - Fix HTTP request header injection in wget (CVE-2025-60876, bsc#1253245) * wget-don-t-allow-control-characters-in-url.patch - Set CONFIG_FIRST_SYSTEM_ID to 201 to avoid confclict (bsc#1236670) - Fix unshare -mrpf sh core dump on ppc64le (bsc#1249237) * 0001-nsenter-unshare-don-t-use-xvfork_parent_waits_and_ex.patch ==== container-selinux ==== Version update (2.244.0 -> 2.245.0) - Update to version 2.245.0: * bump to v2.245.0 * Fix typo in container_selinux(8) man page * Add new booleans to container_selinux(8) man page * Allow containers to access shared public content * Add support for Incus * Add ~/.local/share/containers/storage/overlay-containers to .fc (bsc#1253682) ==== double-conversion ==== Version update (3.3.1 -> 3.4.0) - update to 3.4.0 * Add pkg-config. * Add alias double-conversion::double-conversion. * Documentation improvements. * Minor code cleanups, avoiding spurious warnings. * Increase CMake minimum required version to 3.29. * Makefile improvements. * Bazel build improvements. ==== dracut ==== Version update (059+suse.769.g693ea004 -> 059+suse.785.g17d177bb) - Update to version 059+suse.785.g17d177bb: Fix and update testsuite (bsc#1254873): * test(FULL-SYSTEMD): ignore errors in systemd-vconsole-setup.service * test: move /failed to /run/failed as rootfs might be read-only * test(FULL-SYSTEMD): use poweroff to shut down test * test(FULL SYSTEMD): no need to include dbus to the target rootfs * test: make the size of all test drives 512 MB * fix(systemd): move installation of libkmod to udev-rules module * test: switch to virtio for the QEMU drive * test: switch to virtio for the QEMU drive * test: increase test VM memory from 512M to 1024M to avoid OOM killer * test: move more common test code to test-functions * test: upgrade to ext4 Other: * fix(systemd-networkd): install and enable systemd-networkd-resolve-hook.socket * fix(nfs): do not execute logic in nfs hooks if netroot is not nfs (bsc#1253960) ==== flatpak ==== Version update (1.16.1 -> 1.16.2) Subpackages: flatpak-remote-flathub flatpak-selinux libflatpak0 system-user-flatpak - Update to version 1.16.2: + Enhancements: - Documentation improvements - Support the reinstall option on bundle installations - Enable the VA-API extension for Intel Xe GPUs - Documentation improvements - Add cancellation support for curl downloads + Bug fixes: - Provide an empty /run/host/font-dirs.xml during flatpak build - Fix various issues with flatpak mask and flatpak pin by reloading the repo configuration after changes done via the system helper - Fix an issue where the home directory would accidentally be accessible when a bad version of glib is in use, the app has access to a standard XDG directory, and that directory is not available on the system - flatpak-kill will no longer send SIGKILL to all processes in the current process group - Various bug fixes for the OCI support - Fix various memory leaks - Fix various crashes + Updated translations. - Drop cd80e843435df5ce70d9a2b6710098135ceb9085.patch: Fixed upstream. ==== fuse3 ==== Version update (3.17.4 -> 3.18.1) Subpackages: libfuse3-4 - Update to release 3.18.1 * Fix ABI break introduced by 3.18.0 - Update to release 3.18.0 * FUSE-over-uring communication * statx support * FUSE_NOTIFY_INC_EPOCH: New notification mechanism for epoch counters * Fixed double unmount on FUSE_DESTROY * Fixed junk readdirplus results when filesystem does not fill stat info ==== fwupd ==== Version update (2.0.18 -> 2.0.19) Subpackages: fwupd-bash-completion libfwupd3 typelib-1_0-Fwupd-2_0 - Update to version 2.0.19: + This release adds the following features: - Add two commands to fwupdtool to calculate and find CRCs - Allow systems to use the udev event source without using systemd + This release fixes the following bugs: - Always show the correct new firmware version in 'fwupdmgr get-history' - Fix an integer underflow when parsing a malicious PE file - Fix a regression when enumerating the dell-dock status component - Fix the fuzzer timeout when parsing a synaptics-rmi SBL container - Fix updating the Intel GPU FWDATA section - Respect 'fwupdmgr --force' when installing firmware + This release adds support for the following hardware: - Lenovo Sapphire Folio Keyboard ==== gegl ==== Version update (0.4.64 -> 0.4.66) Subpackages: gegl-0_4 libgegl-0_4-0 typelib-1_0-Gegl-0_4 - Update to 0.4.66: - Core: - Improved relocability now also on linux. - Ops: - gif-load: don’t embed libnsgif directly - Dependencies: - libnsgif: support using distro provided lib. - ctx: synchronize with ctx-0.1.14 ==== gnome-console ==== Version update (49.1 -> 49.2) - Update to version 49.2: + Small fix for an an unfortunate crash. + Updated translations. ==== gnome-maps ==== Version update (49.2 -> 49.3) - Update to version 49.3: + Fix a bug causing a freeze when showing a route and moving the window between different screens in some occasions. + Update station icon for Great Britain National Rail stations avoiding truncating parts of the graphics. + Updated translations. ==== gtk-vnc ==== Subpackages: libgtk-vnc-2_0-0 libgvnc-1_0-0 libgvncpulse-1_0-0 - bsc#1251850 - removal of spice leads to regression in functionality, specifically for graphical console copy paste 001-src-introduce-a-vncclipboard.h-header-file.patch 002-Add-the-extended-clipboard-pseudo-encoding.patch 003-Implement-extended-clipboard-capability-negotiation.patch 004-Implement-client-to-server-clipboard-update-notification.patch 005-Flush-pending-clipboard-on-focus-in-event.patch 006-Implement-response-to-server-clipboard-REQUEST-action.patch 007-Implement-handling-of-server-clipboard-NOTIFY-action.patch 008-Complete-server-to-client-data-sync-PROVIDE.patch ==== ibus ==== Subpackages: libibus-1_0-5 typelib-1_0-IBus-1_0 - use return insted of exit in 20-ibus-plasma-setup.sh * such script is sourced not executed, when using exit other scripts in the same directory are not sourced anymore * fix boo#1255237 ==== kdepim-addons ==== Version update (25.08.2 -> 25.12.0) - Update to 25.12.0 * New feature release * For more details please see: * https://kde.org/announcements/gear/25.12.0/ - Changes since 25.11.80: * Add missing include * Fix build with corrosion 0.6 * Fix typo * We need to use check here too * Fix compile with 1.8.0 * Fix build for kaichat plugins * Adapt to new api * Use enum for propertyname - Update to 25.11.80 * New feature release - Too many changes to list here. - Update to 25.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/25.08.3/ - Changes since 25.08.2: * Make it compile with last ktextaddons ==== kernel-firmware-i915 ==== Version update (20251125 -> 20251217) - Update aliases for 6.19-rc1 - Update to version 20251217 (git commit c695356f6ea1): * xe: Update GUC to v70.55.3 for BMG, PTL ==== kernel-firmware-intel ==== - Update aliases for 6.19-rc1 ==== kernel-firmware-iwlwifi ==== Version update (20251123 -> 20251217) - Update to version 20251217 (git commit c695356f6ea1): * iwlwifi: add Bz/Sc FW for core101-82 release * iwlwifi: Add Sc/Gf firmware for core101-82 release * iwlwifi: update ty/So/Ma firmwares for core101-82 release * iwlwifi: update cc/Qu/QuZ firmwares for core101-82 release ==== kernel-firmware-platform ==== - Update aliases for 6.19-rc1 ==== kernel-firmware-qcom ==== Version update (20251202 -> 20251217) - Update to version 20251217 (git commit c695356f6ea1): * qcom: drop compatibility a640_zap.mdt symlink - Update to version 20251211 (git commit 6953ec7e9fea): * qcom: Add firmwares for sm8150 GPU * qcom: Add firmwares for sm8450 GPU * qcom: Add firmwares for sm8550 GPU * qcom: Add firmwares for sm8650 GPU * qcom: Add firmwares for sm8750 GPU ==== kernel-firmware-realtek ==== Version update (20251118 -> 20251217) - Update aliases for 6.19-rc1 - Update to version 20251217 (git commit c695356f6ea1): * rtw89: 8852b: update fw to v0.29.29.15 ==== kernel-firmware-sound ==== Version update (20251205 -> 20251217) - Update to version 20251217 (git commit c695356f6ea1): * cirrus: cs35l41: Update firmware and tuning for various HP laptops * cirrus: cs35l41: Add support for new HP Clipper laptop ==== kernel-source ==== Version update (6.18.1 -> 6.18.2) - Update patches.kernel.org/6.18.1-003-ext4-refresh-inline-data-size-before-write-ope.patch (bsc#1012628 CVE-2025-68264 bsc#1255380). - Update patches.kernel.org/6.18.1-004-ksmbd-ipc-fix-use-after-free-in-ipc_msg_send_r.patch (bsc#1012628 CVE-2025-68263 bsc#1255384). - Update patches.kernel.org/6.18.1-006-crypto-zstd-fix-double-free-in-per-CPU-stream-.patch (bsc#1012628 CVE-2025-68262 bsc#1255158). - Update patches.kernel.org/6.18.1-007-ext4-add-i_data_sem-protection-in-ext4_destroy.patch (bsc#1012628 CVE-2025-68261 bsc#1255164). - Update patches.kernel.org/6.18.1-008-rust_binder-fix-race-condition-on-death_list.patch (bsc#1012628 CVE-2025-68260 bsc#1255177). - Update patches.kernel.org/6.18.1-010-KVM-SVM-Don-t-skip-unrelated-instruction-if-IN.patch (bsc#1012628 CVE-2025-68259 bsc#1255199). - Update patches.kernel.org/6.18.1-025-comedi-multiq3-sanitize-config-options-in-mult.patch (bsc#1012628 CVE-2025-68258 bsc#1255182). - Update patches.kernel.org/6.18.1-026-comedi-check-device-s-attached-status-in-compa.patch (bsc#1012628 CVE-2025-68257 bsc#1255167). - Update patches.kernel.org/6.18.1-027-staging-rtl8723bs-fix-out-of-bounds-read-in-rt.patch (bsc#1012628 CVE-2025-68256 bsc#1255138). - Update patches.kernel.org/6.18.1-028-staging-rtl8723bs-fix-stack-buffer-overflow-in.patch (bsc#1012628 CVE-2025-68255). - Update patches.kernel.org/6.18.1-029-staging-rtl8723bs-fix-out-of-bounds-read-in-On.patch (bsc#1012628 CVE-2025-68254 bsc#1255140). - Update patches.kernel.org/6.18.2-517-net-sched-sch_cake-Fix-incorrect-qlen-reductio.patch (bsc#1012628 CVE-2025-68325). - Update patches.kernel.org/6.18.2-589-scsi-imm-Fix-use-after-free-bug-caused-by-unfi.patch (bsc#1012628 CVE-2025-68324). - Update patches.kernel.org/6.18.2-602-usb-typec-ucsi-fix-use-after-free-caused-by-ue.patch (bsc#1012628 CVE-2025-68323). suse-add-cves - commit 9447271 - netfilter: nf_conncount: fix leaked ct in error paths (git-fixes). - commit 05e3e3d - Update config files. - commit 1b7058f - Linux 6.18.2 (bsc#1012628). - smack: fix bug: SMACK64TRANSMUTE set on non-directory (bsc#1012628). - smack: deduplicate "does access rule request transmutation" (bsc#1012628). - smack: deduplicate xattr setting in smack_inode_init_security() (bsc#1012628). - smack: always "instantiate" inode in smack_inode_init_security() (bsc#1012628). - smack: fix bug: invalid label of unix socket file (bsc#1012628). - smack: fix bug: unprivileged task can create labels (bsc#1012628). - smack: fix bug: setting task label silently ignores input garbage (bsc#1012628). - gpu: host1x: Fix race in syncpt alloc/free (bsc#1012628). - accel/amdxdna: Fix an integer overflow in aie2_query_ctx_status_array() (bsc#1012628). - accel/amdxdna: Call dma_buf_vmap_unlocked() for imported object (bsc#1012628). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (bsc#1012628). - drm/panel: visionox-rm69299: Fix clock frequency for SHIFT6mq (bsc#1012628). - drm/panel: visionox-rm69299: Don't clear all mode flags (bsc#1012628). - accel/ivpu: Rework bind/unbind of imported buffers (bsc#1012628). - accel/ivpu: Fix page fault in ivpu_bo_unbind_all_bos_from_context() (bsc#1012628). - accel/ivpu: Fix DCT active percent format (bsc#1012628). - drm/vgem-fence: Fix potential deadlock on release (bsc#1012628). - bpf: Cleanup unused func args in rqspinlock implementation (bsc#1012628). - bpf: Fix sleepable context for async callbacks (bsc#1012628). - bpf: Fix handling maps with no BTF and non-constant offsets for the bpf_wq (bsc#1012628). - tools/nolibc: handle NULL wstatus argument to waitpid() (bsc#1012628). - USB: Fix descriptor count when handling invalid MBIM extended descriptor (bsc#1012628). - perf bpf_counter: Fix opening of "any"(-1) CPU events (bsc#1012628). - pinctrl: qcom: glymur: Drop unnecessary platform data from match table (bsc#1012628). - pinctrl: qcom: glymur: Fix the gpio and egpio pin functions (bsc#1012628). - ima: Attach CREDS_CHECK IMA hook to bprm_creds_from_file LSM hook (bsc#1012628). - pinctrl: renesas: rzg2l: Fix PMC restore (bsc#1012628). - clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle ... changelog too long, skipping 1022 lines ... - commit 114a3e8 ==== kernel-source ==== Version update (6.18.1 -> 6.18.2) - Update patches.kernel.org/6.18.1-003-ext4-refresh-inline-data-size-before-write-ope.patch (bsc#1012628 CVE-2025-68264 bsc#1255380). - Update patches.kernel.org/6.18.1-004-ksmbd-ipc-fix-use-after-free-in-ipc_msg_send_r.patch (bsc#1012628 CVE-2025-68263 bsc#1255384). - Update patches.kernel.org/6.18.1-006-crypto-zstd-fix-double-free-in-per-CPU-stream-.patch (bsc#1012628 CVE-2025-68262 bsc#1255158). - Update patches.kernel.org/6.18.1-007-ext4-add-i_data_sem-protection-in-ext4_destroy.patch (bsc#1012628 CVE-2025-68261 bsc#1255164). - Update patches.kernel.org/6.18.1-008-rust_binder-fix-race-condition-on-death_list.patch (bsc#1012628 CVE-2025-68260 bsc#1255177). - Update patches.kernel.org/6.18.1-010-KVM-SVM-Don-t-skip-unrelated-instruction-if-IN.patch (bsc#1012628 CVE-2025-68259 bsc#1255199). - Update patches.kernel.org/6.18.1-025-comedi-multiq3-sanitize-config-options-in-mult.patch (bsc#1012628 CVE-2025-68258 bsc#1255182). - Update patches.kernel.org/6.18.1-026-comedi-check-device-s-attached-status-in-compa.patch (bsc#1012628 CVE-2025-68257 bsc#1255167). - Update patches.kernel.org/6.18.1-027-staging-rtl8723bs-fix-out-of-bounds-read-in-rt.patch (bsc#1012628 CVE-2025-68256 bsc#1255138). - Update patches.kernel.org/6.18.1-028-staging-rtl8723bs-fix-stack-buffer-overflow-in.patch (bsc#1012628 CVE-2025-68255). - Update patches.kernel.org/6.18.1-029-staging-rtl8723bs-fix-out-of-bounds-read-in-On.patch (bsc#1012628 CVE-2025-68254 bsc#1255140). - Update patches.kernel.org/6.18.2-517-net-sched-sch_cake-Fix-incorrect-qlen-reductio.patch (bsc#1012628 CVE-2025-68325). - Update patches.kernel.org/6.18.2-589-scsi-imm-Fix-use-after-free-bug-caused-by-unfi.patch (bsc#1012628 CVE-2025-68324). - Update patches.kernel.org/6.18.2-602-usb-typec-ucsi-fix-use-after-free-caused-by-ue.patch (bsc#1012628 CVE-2025-68323). suse-add-cves - commit 9447271 - netfilter: nf_conncount: fix leaked ct in error paths (git-fixes). - commit 05e3e3d - Update config files. - commit 1b7058f - Linux 6.18.2 (bsc#1012628). - smack: fix bug: SMACK64TRANSMUTE set on non-directory (bsc#1012628). - smack: deduplicate "does access rule request transmutation" (bsc#1012628). - smack: deduplicate xattr setting in smack_inode_init_security() (bsc#1012628). - smack: always "instantiate" inode in smack_inode_init_security() (bsc#1012628). - smack: fix bug: invalid label of unix socket file (bsc#1012628). - smack: fix bug: unprivileged task can create labels (bsc#1012628). - smack: fix bug: setting task label silently ignores input garbage (bsc#1012628). - gpu: host1x: Fix race in syncpt alloc/free (bsc#1012628). - accel/amdxdna: Fix an integer overflow in aie2_query_ctx_status_array() (bsc#1012628). - accel/amdxdna: Call dma_buf_vmap_unlocked() for imported object (bsc#1012628). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (bsc#1012628). - drm/panel: visionox-rm69299: Fix clock frequency for SHIFT6mq (bsc#1012628). - drm/panel: visionox-rm69299: Don't clear all mode flags (bsc#1012628). - accel/ivpu: Rework bind/unbind of imported buffers (bsc#1012628). - accel/ivpu: Fix page fault in ivpu_bo_unbind_all_bos_from_context() (bsc#1012628). - accel/ivpu: Fix DCT active percent format (bsc#1012628). - drm/vgem-fence: Fix potential deadlock on release (bsc#1012628). - bpf: Cleanup unused func args in rqspinlock implementation (bsc#1012628). - bpf: Fix sleepable context for async callbacks (bsc#1012628). - bpf: Fix handling maps with no BTF and non-constant offsets for the bpf_wq (bsc#1012628). - tools/nolibc: handle NULL wstatus argument to waitpid() (bsc#1012628). - USB: Fix descriptor count when handling invalid MBIM extended descriptor (bsc#1012628). - perf bpf_counter: Fix opening of "any"(-1) CPU events (bsc#1012628). - pinctrl: qcom: glymur: Drop unnecessary platform data from match table (bsc#1012628). - pinctrl: qcom: glymur: Fix the gpio and egpio pin functions (bsc#1012628). - ima: Attach CREDS_CHECK IMA hook to bprm_creds_from_file LSM hook (bsc#1012628). - pinctrl: renesas: rzg2l: Fix PMC restore (bsc#1012628). - clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle ... changelog too long, skipping 1022 lines ... - commit 114a3e8 ==== libarchive ==== Version update (3.8.3 -> 3.8.4) - Update to 3.8.4: * bsdtar: Fix zero-length pattern issue * lib: Fix regression introduced in libarchive 3.8.2 when walking enterable but unreadable directories - add libarchive-3.8.4-tar-fix-tests.patch to fix tests ==== libeconf ==== Version update (0.8.2 -> 0.8.3) - Update to version 0.8.3: * improved Documentation (#246) ==== libgit2 ==== Version update (1.9.1 -> 1.9.2) - update to 1.9.2: * A bug in the external SSH execution is fixed that could cause arbitrary command execution. Remote repository names were improperly sent to the shell without quoting. Arguments to the external SSH command are now sent parameterized. (boo#1255640) * A bug in SSH credential creation is fixed that could cause a buffer overflow. Public keys that are not NUL terminated were improperly zeroed. The given length of public keys is now honored. (boo#1255641) ==== libgsf ==== Version update (1.14.53 -> 1.14.54) Subpackages: gsf-office-thumbnailer libgsf-1-114 - Update to version 1.14.54: + Fix ABR is msole properties code. + Up thumbnailer's memory limit to 512MB. + Various build fixes. ==== liblouis ==== Version update (3.35.0 -> 3.36.0) Subpackages: liblouis-data liblouis20 python3-louis - Update to version 3.36.0: + This release brings various updates to braille tables, particularly for Slovakian and Norwegian in line with the respective changes to their the braille standards. There are new tables for Macedonian uncontracted braille and the long awaited table for English Grade 3 is finally here. On the technical side, there are modernized Python bindings and better support for building liblouis for environments such as Android. - Update python build/install macros for pyproject.toml. ==== libopenmpt ==== Version update (0.8.3 -> 0.8.4) - Update to 0.8.4: * openmpt123: libsndfile float32 output was broken since 0.8.1. * [Bug] build/download_externals.txt was missing from makefile and msvc source archives. * PT36: Some MODs with samples larger than 64k inside PT36 containers were not read correctly. * IT: Files are no longer interpreted as ModPlug-made (thus disabling all compatibility settings) just because instrument extensions are found (no such files are currently known to exist in the wild). ==== libssh2_org ==== - use cmake build system so that cmake build files are generated, as needed by daggy ==== libstorage-ng ==== Version update (4.5.280 -> 4.5.281) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#1044 - avoid manual memory management - added test case - 4.5.281 ==== libvirt ==== Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-qemu libvirt-libs - Deactive gluster backend, package is going away for being unmaintained. ==== localsearch ==== Version update (3.10.1 -> 3.10.2) - Update to version 3.10.2: + Fix possible errors if a directory is deleted while crawled + Improve handling of indexed folder configuration changes while the indexer is not running + Fix inconsistencies in "localsearch index" CLI utility that could lead to duplicates in the indexed folder settings + Fix pager not being closed after some CLI utilities exited with errors + Updated translations. ==== lvm2 ==== Version update (2.03.29 -> 2.03.38) Subpackages: liblvm2cmd2_03 - Update lvm2 from LVM2.2.03.29 to LVM2.2.03.38 * ** WHATS_NEW from 2.03.29 to 2.03.38 *** Version 2.03.38 - 15th December 2025 ==================================== Synchronize with udev after creating pool metadata spare volume. Conversion to thin-pool removes activation skipping from converted LVs. Configure now checks for xfs/xfs.h. Workaround for libblkid returning old FSLASTBLOCK immediately after resize. Enhance pvmove activation and deactivation. LV locks whole device tree using such locked LV. Version 2.03.37 - 21st November 2025 ==================================== Remove unsupported --blockdevice option from lvscan. Support output in list mode for all lvmconfig --typeconfig types with --list. Enhance shutdown performance of daemons using libdaemon. Update lvmdevices(8). Add --force option for lvmdevices --update. Add --listids, --delid, --addid options for manipulation by device_id to lvmdevices. Add missing synchronization for vdopool. Fix deadlock in lvmdbusd on SIGINT in lvm shell mode. Add VG attr character and pr field for persistent reservation status to vgs. Fix persistent reservations setting handling in vgmerge, vgsplit and vgimportclone. Add missing synchronization while converting cachevols. Warn on classic snapshot on raid creation and error on activation if missing. Translate udev device paths in lvmdbusd for test environments. Use source='udev' in lvmdbusd to monitor processed udev events. Symlink to /dev nodes when using alternative dev dir to trigger udev. Avoid passing uninitilized buffer in dmeventd to fix valgrind report. Improve lvmdbusd matching of udevd reported device paths. Version 2.03.36 - 24th October 2025 =================================== Fix uninitialized chunk_size_calc_policy in pool parameter functions. Fix approximate allocation for Raid with insufficient extents. Fix race in dmeventd remonitoring optimization (2.03.35). Use -real suffix for pvmove UUID. Add support pvmove segmentation allocation/pvmove_max_segmentation_size_mb. Allow creating _imeta with multiple segments. Fix driver_version() accepts NULL version buffer pointer. Fix invalid free() call in error path of _add_metadata_area_to_pv(). Avoid destroying aio context in forked process. Add lvs -o cache_promotions,cache_promotions fields. Update pvmove logic when moving i.e. raid legs. Display integrity info in lvdisplay. Increase storage size for internal filter chain. Add helper function display_mb_size(). Enhance code for adding and removing integrity to RAID volumes. Add code for basic validation of integrity segment. Use -real private suffix for integrity origin and meta volumes. Use -real private suffix for mirror and raid legs. Detect and use existing XFS quota mount options for lvresize --fs resize. Version 2.03.35 - 09th September 2025 ===================================== Fix unlocking devices file only after all PVs are processed. Avoid creating system.devices when deleting entries. Fix existing issues with persistent reservations. Fix possible report output format inconsistencies while processing PVs. Allow report options for pv/vg/lvdisplay only if used with -C|--columns. Fix vgsplit failing to split a VG with RAID+integrity or cache with cachevol. Fix --lockopt handling in lvmlockd when --nolocking is used. Optimize dmeventd when remonitoring active devices. Version 2.03.34 - 30th July 2025 ================================ Support dmeventd restart when there are no monitored devices. Dmeventd no longer calls 'action commands' on removed devices. Fix reader of VDO metadata on 32bit architecture. Fix lvmdevices --deldev/--delpvid to error out if devices file not writeable. Fix lvresize corruption in LV->crypt->FS stack if near crypt min size limit. Enhanced lvresize -r support for btrfs. Use glibc standard functions htoX, Xtoh functions for endian conversion. Fix structure copying within sanlock's release_rename(). Fix autoactivation on top of loop dev PVs to trigger once for change uevents. Add lvmlockd --lockopt repair to reinitialize corrupted sanlock leases. Fix support for lvcreate -T --setautoactivation. Add lvm.conf global/lvresize_fs_helper_executable. Enable lvm to use persistent reservations on a VG. Version 2.03.33 - 27th June 2025 ================================ Various spelling, grammar, formatting, test, and build script improvements. Override LC_NUMERIC locale if unsuitable for json_std report format. Repair raid arrays with transiently lost devices. Version 2.03.32 - 05th May 2025 =============================== Lvconvert vdopool conversion properly validates acceptable LVs. Accept thin pool data LV as cacheable LV. Allow using zram block devices (likely for testing). Fix lvresize when resizing COW snapshots already covering origin. Fix lvmdbusd read of executed lvm commands output. Fix construction of DM UUID for cachevol _cdata and _cmeta devices. Ignore PV claims from old metadata when then PV belongs to a new VG. Fix integrity metadata rounding. Accept --autobackup option in pvresize. Version 2.03.31 - 27th February 2025 ==================================== Reduce 'mandoc -T lint' reported issues for man pages. Restore support for LVM_SUPPRESS_FD_WARNINGS (2.03.24). Fix uncache and split cache restoring original state of volume. Extend use of lockopt skip to more scenarios. Enhance error path resolving in polling code. Disallow shared activation of LV with CoW snapshot. ... changelog too long, skipping 53 lines ... - fate-31841-02_man-add-support-for-btrfs.patch ==== lvm2-device-mapper ==== Version update (2.03.29_1.02.203 -> 2.03.38_1.02.212) Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - Update lvm2 from LVM2.2.03.29 to LVM2.2.03.38 * ** WHATS_NEW from 2.03.29 to 2.03.38 *** Version 2.03.38 - 15th December 2025 ==================================== Synchronize with udev after creating pool metadata spare volume. Conversion to thin-pool removes activation skipping from converted LVs. Configure now checks for xfs/xfs.h. Workaround for libblkid returning old FSLASTBLOCK immediately after resize. Enhance pvmove activation and deactivation. LV locks whole device tree using such locked LV. Version 2.03.37 - 21st November 2025 ==================================== Remove unsupported --blockdevice option from lvscan. Support output in list mode for all lvmconfig --typeconfig types with --list. Enhance shutdown performance of daemons using libdaemon. Update lvmdevices(8). Add --force option for lvmdevices --update. Add --listids, --delid, --addid options for manipulation by device_id to lvmdevices. Add missing synchronization for vdopool. Fix deadlock in lvmdbusd on SIGINT in lvm shell mode. Add VG attr character and pr field for persistent reservation status to vgs. Fix persistent reservations setting handling in vgmerge, vgsplit and vgimportclone. Add missing synchronization while converting cachevols. Warn on classic snapshot on raid creation and error on activation if missing. Translate udev device paths in lvmdbusd for test environments. Use source='udev' in lvmdbusd to monitor processed udev events. Symlink to /dev nodes when using alternative dev dir to trigger udev. Avoid passing uninitilized buffer in dmeventd to fix valgrind report. Improve lvmdbusd matching of udevd reported device paths. Version 2.03.36 - 24th October 2025 =================================== Fix uninitialized chunk_size_calc_policy in pool parameter functions. Fix approximate allocation for Raid with insufficient extents. Fix race in dmeventd remonitoring optimization (2.03.35). Use -real suffix for pvmove UUID. Add support pvmove segmentation allocation/pvmove_max_segmentation_size_mb. Allow creating _imeta with multiple segments. Fix driver_version() accepts NULL version buffer pointer. Fix invalid free() call in error path of _add_metadata_area_to_pv(). Avoid destroying aio context in forked process. Add lvs -o cache_promotions,cache_promotions fields. Update pvmove logic when moving i.e. raid legs. Display integrity info in lvdisplay. Increase storage size for internal filter chain. Add helper function display_mb_size(). Enhance code for adding and removing integrity to RAID volumes. Add code for basic validation of integrity segment. Use -real private suffix for integrity origin and meta volumes. Use -real private suffix for mirror and raid legs. Detect and use existing XFS quota mount options for lvresize --fs resize. Version 2.03.35 - 09th September 2025 ===================================== Fix unlocking devices file only after all PVs are processed. Avoid creating system.devices when deleting entries. Fix existing issues with persistent reservations. Fix possible report output format inconsistencies while processing PVs. Allow report options for pv/vg/lvdisplay only if used with -C|--columns. Fix vgsplit failing to split a VG with RAID+integrity or cache with cachevol. Fix --lockopt handling in lvmlockd when --nolocking is used. Optimize dmeventd when remonitoring active devices. Version 2.03.34 - 30th July 2025 ================================ Support dmeventd restart when there are no monitored devices. Dmeventd no longer calls 'action commands' on removed devices. Fix reader of VDO metadata on 32bit architecture. Fix lvmdevices --deldev/--delpvid to error out if devices file not writeable. Fix lvresize corruption in LV->crypt->FS stack if near crypt min size limit. Enhanced lvresize -r support for btrfs. Use glibc standard functions htoX, Xtoh functions for endian conversion. Fix structure copying within sanlock's release_rename(). Fix autoactivation on top of loop dev PVs to trigger once for change uevents. Add lvmlockd --lockopt repair to reinitialize corrupted sanlock leases. Fix support for lvcreate -T --setautoactivation. Add lvm.conf global/lvresize_fs_helper_executable. Enable lvm to use persistent reservations on a VG. Version 2.03.33 - 27th June 2025 ================================ Various spelling, grammar, formatting, test, and build script improvements. Override LC_NUMERIC locale if unsuitable for json_std report format. Repair raid arrays with transiently lost devices. Version 2.03.32 - 05th May 2025 =============================== Lvconvert vdopool conversion properly validates acceptable LVs. Accept thin pool data LV as cacheable LV. Allow using zram block devices (likely for testing). Fix lvresize when resizing COW snapshots already covering origin. Fix lvmdbusd read of executed lvm commands output. Fix construction of DM UUID for cachevol _cdata and _cmeta devices. Ignore PV claims from old metadata when then PV belongs to a new VG. Fix integrity metadata rounding. Accept --autobackup option in pvresize. Version 2.03.31 - 27th February 2025 ==================================== Reduce 'mandoc -T lint' reported issues for man pages. Restore support for LVM_SUPPRESS_FD_WARNINGS (2.03.24). Fix uncache and split cache restoring original state of volume. Extend use of lockopt skip to more scenarios. Enhance error path resolving in polling code. Disallow shared activation of LV with CoW snapshot. ... changelog too long, skipping 53 lines ... - fate-31841-02_man-add-support-for-btrfs.patch ==== man ==== - Extend tmpfiles template man-db.conf (jsc#PED-14862) * Create cache directories with systemd tmpfiles service ==== mariadb ==== Subpackages: libmariadbd19 mariadb-client mariadb-errormessages - Add missing pam configuration file for the shipped auth_pam.so plugin (bsc#1254485) * mysql.pamd ==== mpg123 ==== Version update (1.33.3 -> 1.33.4) Subpackages: libmpg123-0 mpg123-openal - Update to version 1.33.4 * mpg123: In terminal control, ignore 7-bit escape sequences to avoid spurious actions, e.g. when hitting cursor keys. * ports/cmake: Avoid possibly conflicting use of SIZEOF_OFF_T CMake variable when embedding mpg123 with other projects using cmake and different off_t semantics. ==== multipath-tools ==== Version update (0.13.0+127+suse.37f9a4c9 -> 0.13.0+229+suse.dbac936f) Subpackages: kpartx libmpath0 - Update to version 0.13.0+229+suse.dbac936f: * multipath-tools tests: adaptations for cmocka 2.0 (bsc#1255045, gh#opensvc/multipath-tools#129) * libmpathutil: use union for bitfield (bsc#1255285) * libmultipath: don't access path members in free_pgvec() (gh#opensvc/multipath-tools#128) - Include reviewed upstream fixes post 0.13.0: * more mpathpersist fixes * hwtable updates - Update to version 0.13.0+201+suse.821510bc: * CI: more GitHub workflow updates. No code changes. - Update to version 0.13.0+186+suse.9a8e81de: * CI: GitHub workflow updates. No code changes. ==== ncurses ==== Version update (6.5.20251206 -> 6.5.20251213) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20251213 + in-progress work to merge MinGW/Windows port. + add a null-pointer check in tic -c option. + add a limit-check in infocmp -i option (report/example by Yixuan Cao). ==== nghttp3 ==== Version update (1.12.0 -> 1.13.1) - Update to 1.13.1: * Fix header name validation on a platform where char is unsigned - Update to 1.13.0: * Revert #395 partially * Replace POPCNT-based ispow2 with portable bitwise implementation to prevent illegal instruction crashes * doc: Recommend specifying rand callback * qpack: Optimize huffman decoding a bit * Remove unused enum values from nghttp3_stream_http_state * Qpack indexing strategy ==== nvidia-settings ==== Version update (580.105.08 -> 580.119.02) - update to version 580.119.02 (boo#1254801) ==== okular ==== - Recommend a dingbats font for embedded forms ==== openSUSE-release ==== Version update (20251216 -> 20251228) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== openexr ==== Version update (3.4.3 -> 3.4.4) Subpackages: libIex-3_4-33 libIlmThread-3_4-33 libOpenEXR-3_4-33 libOpenEXRCore-3_4-33 - version update to 3.4.4 * OpenEXRCore: fix ILMTHREAD_THREADING_ENABLED checks * OpenEXRCore: avoid direct dependency on imath * Bump github/codeql-action from 4.31.2 to 4.31.3 * Add missing copywrite comments * Bump pypa/cibuildwheel from 3.2 to 3.3 * Bump github/codeql-action from 3.27.9 to 4.31.2 * Bump msys2/setup-msys2 from 2.27.0 to 2.29.0 * Bump actions/download-artifact from 4.1.8 to 6.0.0 * Bump ossf/scorecard-action from 2.4.0 to 2.4.3 * Bump pypa/cibuildwheel from 2.23 to 3.2 * Bump actions/cache from 4.2.0 to 4.3.0 * Bump actions/upload-artifact from 4 to 5 * Bump actions/checkout from 2.7.0 to 5.0.0 * Add recent CVEs to SECURITY.md * Bump sigstore/gh-action-sigstore-python from 3.0.0 to 3.1.0 * Bump actions/setup-python from 5.3.0 to 6.0.0 * Bump snyk/actions from 0.4.0 to 1.0.0 * Bump pypa/gh-action-pypi-publish from 1.12.3 to 1.13.0 * Imporve Bazel support * Converts asserts in internal_ht.cpp to if statement that throws an exception. * DWA: initialize linear/nonlinear tables at runtime * Update macos-13 to macos-15-intel * Properly set OpenEXR_error in legacy python API * B44: initialize exp/log tables at runtime ==== opus ==== Version update (1.5.2 -> 1.6) - Update to version 1.6 * A new wideband-to-fullband bandwidth extension (BWE) module. * Support for 96 kHz audio with Opus HD. * Significant improvement to Deep Redundancy (DRED). * A new 24-bit encoder/decoder API. * Fixed-point improvements. ==== permissions ==== Version update (1699_20251002 -> 1699_20251217) Subpackages: permctl permissions-config - Update to version 1699_20251217: * profiles: drop shadow related entries (bsc#1254844) ==== php8 ==== Version update (8.4.14 -> 8.4.16) Subpackages: php8-ctype php8-dom php8-iconv php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter - version update to 8.4.16 Core: Sync all boost.context files with release 1.86.0. Fixed bug GH-20435 (SensitiveParameter doesn't work for named argument passing to variadic parameter). Fixed bug GH-20286 (use-after-destroy during userland stream_close()). Bz2: Fix assertion failures resulting in crashes with stream filter object parameters. Date: Fix crashes when trying to instantiate uninstantiable classes via date static constructors. DOM: Fix memory leak when edge case is hit when registering xpath callback. Fixed bug GH-20395 (querySelector and querySelectorAll requires elements in $selectors to be lowercase). Fix missing NUL byte check on C14NFile(). Fibers: Fixed bug GH-20483 (ASAN stack overflow with fiber.stack_size INI small value). FTP: Fixed bug GH-20601 (ftp_connect overflow on timeout). GD: Fixed bug GH-20511 (imagegammacorrect out of range input/output values). Fixed bug GH-20602 (imagescale overflow with large height values). Intl: Fixed bug GH-20426 (Spoofchecker::setRestrictionLevel() error message suggests missing constants). LibXML: Fix some deprecations on newer libxml versions regarding input buffer/parser handling. MbString: Fixed bug GH-20491 (SLES15 compile error with mbstring oniguruma). Fixed bug GH-20492 (mbstring compile warning due to non-strings). MySQLnd: Fixed bug GH-20528 (Regression breaks mysql connexion using an IPv6 address enclosed in square brackets). Opcache: Fixed bug GH-20329 (opcache.file_cache broken with full interned string buffer). PDO: Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180) Phar: Fixed bug GH-20442 (Phar does not respect case-insensitiveness of __halt_compiler() when reading stub). Fix broken return value of fflush() for phar file entries. Fix assertion failure when fseeking a phar file out of bounds. PHPDBG: Fixed ZPP type violation in phpdbg_get_executable() and phpdbg_end_oplog(). SPL: Fixed bug GH-20614 (SplFixedArray incorrectly handles references in deserialization). Standard: Fix memory leak in array_diff() with custom type checks. Fixed bug GH-20583 (Stack overflow in http_build_query via deep structures). Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()). Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()). (CVE-2025-14178) Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize). (CVE-2025-14177) Tidy: Fixed bug GH-20374 (PHP with tidy and custom-tags). XML: Fixed bug GH-20439 (xml_set_default_handler() does not properly handle special characters in attributes when passing data to callback). Zip: Fix crash in property existence test. Don't truncate return value of zip_fread() with user sizes. Zlib: Fix assertion failures resulting in crashes with stream filter object parameters. - main package require wwwrun:www user as it assumes it in filelist [bsc#1255043] - version update to 8.4.15 Core: Fixed bug GH-19934 (CGI with auto_globals_jit=0 causes uouv). Fixed bug GH-20073 (Assertion failure in WeakMap offset operations on reference). Fixed bug GH-20085 (Assertion failure when combining lazy object get_properties exception with foreach loop). Fixed bug GH-19844 (Don't bail when closing resources on shutdown). Fixed bug GH-20177 (Accessing overridden private property in get_object_vars() triggers assertion error). Fixed bug GH-20270 (Broken parent hook call with named arguments). Fixed bug GH-20183 (Stale EG(opline_before_exception) pointer through eval). DOM: Partially fixed bug GH-16317 (DOM classes do not allow __debugInfo() overrides to work). Fixed bug GH-20281 (\Dom\Document::getElementById() is inconsistent after nodes are removed). Exif: Fix possible memory leak when tag is empty. FPM: Fixed bug GH-19974 (fpm_status_export_to_zval segfault for parallel execution). FTP: Fixed bug GH-20240 (FTP with SSL: ftp_fput(): Connection timed out on successful writes). GD: Fixed bug GH-20070 (Return type violation in imagefilter when an invalid filter is provided). Intl: Fix memory leak on error in locale_filter_matches(). LibXML: Fix not thread safe schema/relaxng calls. MySQLnd: Fixed bug GH-8978 (SSL certificate verification fails (port doubled)). Fixed bug GH-20122 (getColumnMeta() for JSON-column in MySQL). Opcache: Fixed bug GH-20081 (access to uninitialized vars in preload_load()). Fixed bug GH-20121 (JIT broken in ZTS builds on MacOS 15). Fixed bug GH-19875 (JIT 1205 segfault on large file compiled in subprocess). Fixed bug GH-20012 (heap buffer overflow in jit). Partially fixed bug GH-17733 (Avoid calling wrong function when reusing file caches across differing environments). PgSql: Fix memory leak when first string conversion fails. Fix segfaults when attempting to fetch row into a non-instantiable class name. Phar: Fix memory leak of argument in webPhar. Fix memory leak when setAlias() fails. Fix a bunch of memory leaks in phar_parse_zipfile() error handling. Fix file descriptor/memory leak when opening central fp fails. ... changelog too long, skipping 18 lines ... Fix arginfo/zpp violations when LIBXML_SCHEMAS_ENABLED is not available. ==== postgresql18 ==== Version update (18.0 -> 18.1) Subpackages: libpq5 postgresql18-contrib postgresql18-llvmjit postgresql18-server - Fix build on aarch64 with upstream commit 0dceba2: * llvm-21-aarch64.patch - Fix build with uring for post SLE15 code streams. - Use %product_libs_llvm_ver to determine the LLVM version. - Remove conditionals for obsolete PostgreSQL releases. - Update to 18.1: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/18.1/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. ==== python-tornado6 ==== Version update (6.5 -> 6.5.4) - Update to 6.5.4 * The in operator for HTTPHeaders was incorrectly case-sensitive, causing lookups to fail for headers with different casing than the original header name. This was a regression in version 6.5.3 and has been fixed to restore the intended case-insensitive behavior from version 6.5.2 and earlier. - Update to 6.5.3 (bsc#1254903, bsc#1254905, bsc#1254904) * Fixed a denial-of-service vulnerability involving quadratic computation when parsing multipart/form-data request bodies. CVE-2025-67726 Thanks to Finder16 for reporting this issue. * Fixed a denial-of-service vulnerability involving quadratic computation when parsing repeated HTTP headers. CVE-2025-67725. Thanks to Finder16 for reporting this issue. * Fixed a header injection and XSS vulnerability involving the reason argument to .RequestHandler.set_status and tornado.web.HTTPError. CVE-2025-67724. Thanks to Finder16 and Cheshire1225 for reporting this issue. * Several demo applications bundled with the Tornado repo (blog, chat, facebook) had an open redirect vulnerability which has been fixed. This is not covered by a CVE or security advisory since the demo applications are not included as a part of the Tornado package when installed, but developers who have copied code from these demos may which to review their own applications for open redirects. Thanks to J1vvoo for reporting this issue. * he s3server demo application contained some path traversal vulnerabilities. Since this demo application was not demonstrating any interesting aspects of Tornado, it has been deleted rather than being fixed. Thanks to J1vvoo for reporting this issue. - Update to 6.5.2 * Fixed a bug that resulted in WebSocket pings not being sent at the configured interval. * Improved logging for invalid Host headers. This was previously logged as an uncaught exception with a stack trace, now it is simply a 400 response (logged as a warning in the access log). * Restored the host argument to .HTTPServerRequest. This argument is deprecated and will be removed in the future, but its removal with no warning in 6.5.0 was a mistake. * Removed a debugging print statement that was left in the code. * Improved type hints for gen.multi. - Update to 6.5.1 * Fixed a bug in multipart/form-data parsing that could incorrectly reject filenames containing characters above U+00FF (i.e. most characters outside the Latin alphabet). ==== qt6-base ==== Subpackages: libQt6Concurrent6 libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6OpenGLWidgets6 libQt6PrintSupport6 libQt6Sql6 libQt6Test6 libQt6WaylandClient6 libQt6Widgets6 libQt6WlShellIntegration6 libQt6Xml6 qt6-network-tls qt6-networkinformation-glib qt6-networkinformation-nm qt6-platformtheme-gtk3 qt6-printsupport-cups qt6-sql-mysql qt6-sql-sqlite qt6-wayland - Add patch to fix crash due to 0001-fix-slow-scrolling-on-wayland.patch (boo#1253651): * 0001-wayland-Fix-crash-in-QWaylandShmBackingStore-scroll.patch ==== quadrapassel ==== Version update (49.2.1 -> 49.2.3) - Update to version 49.2.3: + Fixed a bug where the pause button would not work by clicking + Updated translations. - Update to version 49.2.2: + Fixed incorrect margins for the statistics when the next block preview was disabled + Fixed focus for the main menu, enabling screen readers and keyboard navigation + The game now pauses when it loses focus (pauses when the main menu is shown) + Updated libgnome-games-support + Fixed a bug where on a new score, the player name entry wouldn't be focused if its rank was less than 10 + Updated translations. ==== quota ==== Subpackages: quota-nfs - Remove `PrivateDevices` systemd hardening from quotad.service because it needs access to block devices in /dev (bsc#1254310). ==== re2c ==== Version update (4.3.1 -> 4.4) - Update to version 4.4 * Added generalized end-of-input symbol $ (#525). This change may break old code with conflicitng end-of-input rules, as they now have position-based precedence. The broken cases were reported with -Wdeprecated-eof-rule since version 4.3. ==== rlwrap ==== Version update (0.47.1 -> 0.48) - Update to 0.48 * Bug fix - rlwrap would mess up history when compiled with readline-8.3 - --filter 'filter_commandline $with 3.4.8) Subpackages: libruby3_4-3_4 - Update to 3.4.8 - Bug #21629: Ruby-3.4.7 prints -Wdefault-const-init-field-unsafe warnings on clang / llvm 21 - Ruby - Ruby Issue Tracking System - Bug #21626: Backport WASI setjmp handler memory leak fixes - Ruby - Ruby Issue Tracking System - Bug #21631: Backport openssl gem bugfix releases - Ruby - Ruby Issue Tracking System - Bug #21632: Backport REXML CVE-2025-58767 fix - Ruby - Ruby Issue Tracking System - Bug #21644: Stack consistency error for the newrange INSN peephole optimization with chilled string - Ruby - Ruby Issue Tracking System - Bug #21668: Improve performance of UnicodeNormalize.canonical_ordering_one - Ruby - Ruby Issue Tracking System - Bug #21638: Ractor-local $DEBUG is not marked - Ruby - Ruby Issue Tracking System - Bug #21652: Marshal#dump documentation out-of-date/unclear regarding Data class - Ruby - Ruby Issue Tracking System - Bug #13671: Regexp with lookbehind and case-insensitivity raises RegexpError only on strings with certain characters - Ruby - Ruby Issue Tracking System - Bug #21625: Allow IO#wait_readable together with IO#ungetc even in text mode - Ruby - Ruby Issue Tracking System - Bug #21671: Rails CI raises Assertion Failed: rbimpl_rstring_getmem:RB_TYPE_P(str, RUBY_T_STRING): actual type: 26 with "-DENABLE_PATH_CHECK=0 -DRUBY_DEBUG=1" enabled - Ruby - Ruby Issue Tracking System - Update next stable version to 4.0 from 3.5 by hsbt · Pull Request #15146 - Bug #21679: Segfault when ruby calls pthread_detach in rb_getnameinfo - Ruby - Ruby Issue Tracking System - Bug #21694: Crash when looking up super method from BasicObject - Ruby - Ruby Issue Tracking System - Bug #21707: Destructuring assignment of SimpleDelegator wrapped array bug with YJIT - Ruby - Ruby Issue Tracking System - Bug #21265: Crash when proc from Symbol#to_proc called outside refinement scope - Ruby - Ruby Issue Tracking System - Bug #21703: RUBY_CRASH_REPORT does not work when shelling out in some cases - Ruby - Ruby Issue Tracking System - Bug #21666: Math.lgamma(-1).should == [infinity_value, 1] fails with Fedora glibc-2.42.9000-8.fc44 - Ruby - Ruby Issue Tracking System - Bug #21655: segfault when building 3.3.10 with GCC 15.2.1, regression from 3.3.9 - Ruby - Ruby Issue Tracking System - Bug #21680: Integer#digits bug starting from Ruby 3.1 - Ruby - Ruby Issue Tracking System - Bug #21705: UNIXServer.open(nil) segfaults on Windows - Ruby - Ruby Issue Tracking System - Bug #21648: [prism] ruby crashes for for * in [10]; end - Ruby - Ruby Issue Tracking System - Bug #21187: Strings concatenated with \ getting frozen with literal hashes (PRISM only) - Ruby - Ruby Issue Tracking System - Bug #21757: Splatted args array is mutated when passing unexpected kwargs - Ruby - Ruby Issue Tracking System - Bug #21772: ruby: YJIT has panicked StackOpnd(1) should be a heap object, but was ImmSymbol for VALUE(137647867319760) - Ruby - Ruby Issue Tracking System - Bug #21446: StackOverflow when changing visibility in reopened refinement - Ruby - Ruby Issue Tracking System - Bug #21779: Do not export functions from statically linked extensions - Ruby - Ruby Issue Tracking System - Bug #21266: YJIT GC safety crash with proc objects as block argument - Ruby - Ruby Issue Tracking System https://github.com/ruby/ruby/releases/tag/v3_4_8 ==== samba ==== Version update (4.22.6+git.435.014e5eceb5d -> 4.23.4+git.428.6b48e7eba5b) Subpackages: libldb2 python3-ldb samba-ad-dc-libs samba-client samba-client-libs samba-dcerpc samba-gpupdate samba-ldb-ldap samba-libs samba-libs-python3 samba-python3 samba-winbind samba-winbind-libs - samba-ad-dc-libs packages are missing a DLZ plugin for bind 9.20; (bso#15790); (bsc#1249058). - Update to 4.23.4 * Samba 4.22 breaks Time Machine; (bso#15926). * mdssvc doesn't support $time.iso dates before 1970; (bso#15947). * Fix winbind cache consistency; (bso#15963). * Assert failed: (dirfd != -1) || (smb_fname->base_name[0] == '/') in vfswrap_openat; (bso#15897). * ctdb can crash with inconsistent cluster lock configuration; (bso#15950). * samba-bgqd: rework man page; (bso#15809). * samba-bgqd can't find [printers] share; (bso#15936). * Winbind can hang forever in gssapi if there are network issues; (bso#15955). * libldb requires linking libreplace on Linux; (bso#15961). - Update to 4.23.3 * Spotlight search restriction for shares incomplete and default search searches in too many attributes; (bso#15927). * Searching for numbers doesn't work with Spotlight; (bso#15930). * rpcd_mdssvc may crash because name mangling is not initialized; (bso#15931). * Only increment lease epoch if a lease was granted; (bso#15933). * vfs_recycle does not update mtime; (bso#15940). * samba-log-parser fails with UnicodeDecodeError: 'utf-8' codec can't decode byte; (bso#15943). * Crash in ctdbd on failed updateip; (bso#15935). - Update to 4.23.2 * CVE-2025-10230: Command injection via WINS server hook script (bso#15903); (bsc#1251280). * CVE-2025-9640: uninitialized memory disclosure via vfs_streams_xattr; (bso#15885); (bsc#1251279). - Update to 4.23.1 * Incomplete bind configuration causes DLZ plugin to crash; (bso#15920). * winbind can crash at startup; (bso#15914). * vfs_ceph_new should not use ceph_ll_nonblocking_readv_writev for fsync_send; (bso#15919). * CTDB does not support PCP 7.0.0; (bso#15904). * CTDB_SOCKET can be used even when CTDB_TEST_MODE is not set; (bso#15921). - Update to 4.23.0 * samba.tests.safe_tarfile fails on Python 3.13 with additional security fixes for tarfile support; (bso#15911). * samba-4.21 fails to join AD when multiple DCs are returned; (bso#15905). * Uninitialized read leads to hanging rpcd_spoolss; (bso#15908). * Stack buffer overflow in samba3.smb2.dirlease.fileserver; (bso#15907). * Regression in gssproxy support in 4.23.rc1+; (bso#15902). * 'net ads group' failed to list domain groups; (bso#15900). * macOS Finder client DFS broken on 4.22.0; (bso#15843). * Self-signed certificates don't have X509v3 Subject Alternative Name for DNS; (bso#15899). * Improve handling of principals and realms in client tools; (bso#15893). * libquic build fixes; (bso#15896). * getpwuid does not shift to new DC when current DC is down; (bso#15844). * Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName; (bso#15876). ==== sdbootutil ==== Version update (1+git20251211.b3d0304 -> 1+git20251218.1cd7294) Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper - Update to version 1+git20251218.1cd7294: * Improve partition detection for multipath (boo#1254317) ==== selinux-policy ==== Version update (20251211 -> 20251219) Subpackages: selinux-policy-targeted - Update to version 20251219: * Allow 'mysql-systemd-helper upgrade' to work correctly (bsc#1255024) - Save previous file contexts in /run and ensure deletion (bsc#1245303) - Update to version 20251218: * Allow systemd_udev_trigger_generator_t use CAP_SYS_RESOURCE (bsc#1255079) - Update to version 20251217: * Allow snapper_tu_etc_plugin_t to connect to machined varlink socket (bsc#1254889) * Label amavis spool directory correctly (bsc#1254438) ==== sshfs ==== Version update (3.7.4a -> 3.7.5) - Update to 3.7.5: * Implement connect to vsock * use latest major version for actions/checkout * Fix memleak in cache after readlink * Fill stat info when returning cached data for readdir * ipv6 support for directport connection - reverts to original fork ==== syslogd ==== Subpackages: klogd syslog-service - Install tmpfile correctly as syslogd.conf (instead of sendmail.conf), - Fix tmpfile handling for transactional updates (jsc#PED-14864) ==== tdb ==== Version update (1.4.13 -> 1.4.14) Subpackages: libtdb1 python3-tdb - Add config-sitearch.patch - Update to 1.4.14 * let tdbtool return error on failure; (bso#15890). ==== tevent ==== Version update (0.16.2 -> 0.17.1) Subpackages: libtevent0 python3-tevent - Add config-sitearch.patch - Update to 0.17.1 * Fix 1649525 Use of 32-bit time_t * Fix Coverity ID 1649524 Dereference before null check * Fix Coverity ID 1649526 Dereference before null check - Update to 0.17.0 * add tevent_context_set_wait_timeout() * add tevent_reset_immediate() ==== timezone ==== Version update (2025b -> 2025c) Subpackages: tzselect - Update to 2025c: * update Baja California DST rules in 1953, 1961-1975 * An unset TZ is no longer invalid when /etc/localtime is missing, and is abbreviated "UTC" not "-00". This reverts to 2024b behavior * tzset etc. are now more cautious about questionable TZ settings. * tzset etc. now treat ' ' like '_' in time zone abbreviations * tzfree now preserves errno, consistently with POSIX.1-2024 ‘free’. * zic has new options inspired by FreeBSD. ‘-D’ skips creation of output ancestor directories, ‘-m MODE’ sets output files’ mode, and ‘-u OWNER[:GROUP]’ sets output files’ owner and group. * multiple changes visible to developers ==== userspace-rcu ==== Version update (0.14.0 -> 0.15.3) - Update to 0.15.3 * Fix: Use bitfield static assert with GCC < 7.1.0 * Fix: Allow compile-time checks for GCC 5.1 * fix: __atomic_always_lock_free() not a constant expression on g++ < 5.1 * fix: urcu assert fallback for pre-C11 builds * doc: update uatomic-api for static assert * Add uatomic size static assert for 's390' * Add uatomic size static assert for 'sparc64' * Add uatomic size static assert for 'ppc' * Add uatomic size static assert for 'x86' * Add uatomic size static assert for 'generic' * Add uatomic size static assert * Use UATOMIC_HAS_ATOMIC_INT/LLONG in generic implementation * Add UATOMIC_HAS_ATOMIC_INT/LLONG for x86 * Add UATOMIC_HAS_ATOMIC_INT/LLONG for tile * Add UATOMIC_HAS_ATOMIC_INT/LLONG for sparc64 * Add UATOMIC_HAS_ATOMIC_INT/LLONG for s390 * Add UATOMIC_HAS_ATOMIC_INT/LLONG for riscv * Add UATOMIC_HAS_ATOMIC_INT/LLONG for ppc * Add UATOMIC_HAS_ATOMIC_INT/LLONG for nios2 * Add UATOMIC_HAS_ATOMIC_INT/LLONG for mips * Add UATOMIC_HAS_ATOMIC_INT/LLONG for m68k * Add UATOMIC_HAS_ATOMIC_INT/LLONG for loongarch * Add UATOMIC_HAS_ATOMIC_INT/LLONG for ia64 * Add UATOMIC_HAS_ATOMIC_INT/LLONG for hppa * Add UATOMIC_HAS_ATOMIC_INT/LLONG for 'gcc' arch * Add UATOMIC_HAS_ATOMIC_INT/LLONG for arm * Add UATOMIC_HAS_ATOMIC_INT/LLONG for alpha * Add UATOMIC_HAS_ATOMIC_INT/LLONG for aarch64 * Add UATOMIC_HAS_ATOMIC_INT/LLONG for atomic builtins * Add builtin atomics size static asserts * cleanup: use URCU_GCC_VERSION from compiler.h * fix: atomic builtins defines for type support * Move back CMM_LOAD/STORE_SHARED to volatile access * Add cmm_annotate_mem_acquire() to URCU_DEREFERENCE_USE_VOLATILE rcu_dereference * Use uatomic_load CMM_RELAXED in URCU_DEREFERENCE_USE_VOLATILE * Fix: Re-introduce URCU_DEREFERENCE_USE_VOLATILE read barrier depends for alpha * Tree-wide: Rename to uatomic_load/uatomic_store * src: Use __*__ for attribute names * API: Use __*__ for attribute names * Fix Changelog 0.15.1 date * uatomic/generic: Add missing #include * docs: Clarify that make is required to build the project * fix: add missing SPDX headers to urcu/uatomic/api.h * compiler.h: Remove caa_unqual_scalar_typeof * Fix compilation errors * Document cmm_cast_volatile * Honor URCU_DEREFERENCE_USE_VOLATILE * arm: Use atomic builtins for xchg if supported * Introduce _CMM_TOOLCHAIN_SUPPORT_C11_MM * Seperate uatomic and uatomic_mo * uatomic: Fix header guard comment * Fix: missing typename in URCU_FORCE_CAST * Allow building with GCC >= 13.3 on RISC-V * pointer.h: Fix the rcu_cmpxchg_pointer documentation * rculfhash: make cds_lfht_iter_get_node argument const * lfstack: make cds_lfs_empty argument const * wfcqueue: make cds_wfcq_empty arguments const * wfstack: make cds_wfs_empty argument const * cds_list: make cds_list_replace @old argument const * cds_list: make cds_list_empty const * Adjust shell script to allow Bash in other locations * futex.h: Indent preprocessor directives * futex.h: Use urcu_posix_assert to validate unused values * Use futex on OpenBSD * fix: handle EINTR correctly in get_cpu_mask_from_sysfs * Relicense src/compat-smp.h to MIT * uatomic/x86: Remove redundant memory barriers * cleanup: move rand_r compat code to tests * ppc: Document cache line size choice * Fix: change order of _cds_lfht_new_with_alloc parameters * Add support for custom memory allocators for rculfhash * ppc.h: use mftb on ppc * rcutorture: Check histogram of ages * docs: Add links to project resources * Fix: allow clang to build liburcu on RISC-V * Fix -Walloc-size * cleanup: use an enum for the error states of nr_cpus_mask * fix: add missing SPDX licensing tags * urcu/uatomic/riscv: Mark RISC-V as broken * Fix: urcu-bp: misaligned reader accesses * rculfhash: Only pass integral types to atomic builtins * LoongArch: Document that byte and short atomics are implemented with LL/SC * Add LoongArch support * Tests: Add test for byte/short atomics on addresses which are not word-aligned * Complete removal of urcu-signal flavor * doc/examples: Remove urcu-signal example * tests/common: Remove urcu-signal common test files * tests/benchmark: Remove urcu-signal benchmark tests * tests/regression: Remove urcu-signal regression tests * tests/unit: Remove urcu-signal unit tests * Fix: Add missing cmm_smp_mb() in deprecated urcu-signal * urcu/uatomic.h: Improve verbosity of static assert error messages * urcu/compiler: Add urcu_static_assert * Phase 1 of deprecating liburcu-signal * uatomic/generic: Fix redundant declaration warning * tests: Add tests for checking race conditions * Add cmm_emit_legacy_smp_mb() * urcu/annotate: Add CMM annotation ... changelog too long, skipping 36 lines ... * Add support for OpenBSD ==== wayland-utils ==== Version update (1.2.0 -> 1.3.0) - Update to 1.3.0 * add color-management-v1 support * switch to the stable tablet protocol * support tablet bustype and relative dials * add color-representation-v1 support ==== webkit2gtk3 ==== Version update (2.50.3 -> 2.50.4) Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Update to version 2.50.4 (bsc#1255183 bsc#1255191 bsc#1255194 bsc#1255195 bsc#1255198 bsc#1255200): + Correctly handle the program name passed to the sleep disabler. + Ensure GStreamer is initialized before using the Quirks. + Fix several crashes and rendering issues. + Security fixes: CVE-2025-14174, CVE-2025-43501, CVE-2025-43529, CVE-2025-43531, CVE-2025-43535, CVE-2025-43536, CVE-2025-43541. - Add webkit2gtk3-a11y-fix-role-mapping.patch: fix a11y regression where AT-SPI roles were mapped incorrectly. ==== webkit2gtk4 ==== Version update (2.50.3 -> 2.50.4) Subpackages: libjavascriptcoregtk-6_0-1 libwebkitgtk-6_0-4 typelib-1_0-JavaScriptCore-6_0 typelib-1_0-WebKit-6_0 webkitgtk-6_0-injected-bundles - Update to version 2.50.4 (bsc#1255183 bsc#1255191 bsc#1255194 bsc#1255195 bsc#1255198 bsc#1255200): + Correctly handle the program name passed to the sleep disabler. + Ensure GStreamer is initialized before using the Quirks. + Fix several crashes and rendering issues. + Security fixes: CVE-2025-14174, CVE-2025-43501, CVE-2025-43529, CVE-2025-43531, CVE-2025-43535, CVE-2025-43536, CVE-2025-43541. - Add webkit2gtk3-a11y-fix-role-mapping.patch: fix a11y regression where AT-SPI roles were mapped incorrectly. ==== xdg-user-dirs-gtk ==== Version update (0.14 -> 0.16) - Update to version 0.16: + autostart: Add systemd service + Updated translations. ==== yast2-trans ==== Version update (84.87.20251209.92c74828a8 -> 84.87.20251216.2a38b61ecc) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20251216.2a38b61ecc: * Translated using Weblate (Hebrew)