Packages changed: Imath (3.2.1 -> 3.2.2) MicroOS-release (20251216 -> 20251228) aardvark-dns (1.16.0 -> 1.17.0) busybox container-selinux (2.244.0 -> 2.245.0) double-conversion (3.3.1 -> 3.4.0) dracut (059+suse.769.g693ea004 -> 059+suse.785.g17d177bb) flatpak (1.16.1 -> 1.16.2) fuse3 (3.17.4 -> 3.18.1) fwupd (2.0.18 -> 2.0.19) kernel-firmware-i915 (20251125 -> 20251217) kernel-firmware-intel kernel-firmware-iwlwifi (20251123 -> 20251217) kernel-firmware-platform kernel-firmware-qcom (20251202 -> 20251217) kernel-firmware-realtek (20251118 -> 20251217) kernel-firmware-sound (20251205 -> 20251217) kernel-source (6.18.1 -> 6.18.2) kernel-source (6.18.1 -> 6.18.2) libarchive (3.8.3 -> 3.8.4) libeconf (0.8.2 -> 0.8.3) libopenmpt (0.8.3 -> 0.8.4) libssh2_org lvm2 (2.03.29 -> 2.03.38) lvm2-device-mapper (2.03.29_1.02.203 -> 2.03.38_1.02.212) mpg123 (1.33.3 -> 1.33.4) multipath-tools (0.13.0+127+suse.37f9a4c9 -> 0.13.0+229+suse.dbac936f) ncurses (6.5.20251206 -> 6.5.20251213) netavark (1.16.1 -> 1.17.1) nghttp3 (1.12.0 -> 1.13.1) openexr (3.4.3 -> 3.4.4) opus (1.5.2 -> 1.6) passt (20250611.0293c6f -> 20251215.b40f5cd) permissions (1699_20251002 -> 1699_20251217) podman (5.6.2 -> 5.7.1) python-tornado6 (6.5 -> 6.5.4) qt6-base rsync samba (4.22.6+git.435.014e5eceb5d -> 4.23.4+git.428.6b48e7eba5b) sdbootutil (1+git20251211.b3d0304 -> 1+git20251218.1cd7294) selinux-policy (20251211 -> 20251219) tdb (1.4.13 -> 1.4.14) tevent (0.16.2 -> 0.17.1) timezone (2025b -> 2025c) userspace-rcu (0.14.0 -> 0.15.3) wayland-utils (1.2.0 -> 1.3.0) === Details === ==== Imath ==== Version update (3.2.1 -> 3.2.2) - version update to 3.2.2 * fix build problem with newer versions of cmake ==== MicroOS-release ==== Version update (20251216 -> 20251228) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== aardvark-dns ==== Version update (1.16.0 -> 1.17.0) - Update to version 1.17.0: * release v1.17.0 * release notes for v1.17.0 * update MSRV to 1.86 * run cargo update * fix download artifact action * [skip-ci] Update GitHub Artifact Actions * fix(deps): update rust crate clap to ~4.5.51 * rotate key of imgt for meta_task * rotate aws creds * fix(deps): update rust crate tokio to 1.48.0 * fix(deps): update rust crate clap to ~4.5.48 * fix(deps): update rust crate libc to 0.2.177 * Update nameservers when resolv.conf is modified. * chore(deps): update rust crate chrono to 0.4.42 * fix(deps): update rust crate log to 0.4.28 * update CI images * rpm: tests require socat instead of ncat now * test: replace ncat with socat * Packit: fetch copr rpm version from Cargo.toml * bump to v1.17.0-dev ==== busybox ==== - Fix tar hidden files via escape sequence (CVE-2025-46394, bsc#1241661) * 0001-archival-libarchive-sanitize-filenames-on-output-pre.patch - Fix HTTP request header injection in wget (CVE-2025-60876, bsc#1253245) * wget-don-t-allow-control-characters-in-url.patch - Set CONFIG_FIRST_SYSTEM_ID to 201 to avoid confclict (bsc#1236670) - Fix unshare -mrpf sh core dump on ppc64le (bsc#1249237) * 0001-nsenter-unshare-don-t-use-xvfork_parent_waits_and_ex.patch ==== container-selinux ==== Version update (2.244.0 -> 2.245.0) - Update to version 2.245.0: * bump to v2.245.0 * Fix typo in container_selinux(8) man page * Add new booleans to container_selinux(8) man page * Allow containers to access shared public content * Add support for Incus * Add ~/.local/share/containers/storage/overlay-containers to .fc (bsc#1253682) ==== double-conversion ==== Version update (3.3.1 -> 3.4.0) - update to 3.4.0 * Add pkg-config. * Add alias double-conversion::double-conversion. * Documentation improvements. * Minor code cleanups, avoiding spurious warnings. * Increase CMake minimum required version to 3.29. * Makefile improvements. * Bazel build improvements. ==== dracut ==== Version update (059+suse.769.g693ea004 -> 059+suse.785.g17d177bb) Subpackages: dracut-ima - Update to version 059+suse.785.g17d177bb: Fix and update testsuite (bsc#1254873): * test(FULL-SYSTEMD): ignore errors in systemd-vconsole-setup.service * test: move /failed to /run/failed as rootfs might be read-only * test(FULL-SYSTEMD): use poweroff to shut down test * test(FULL SYSTEMD): no need to include dbus to the target rootfs * test: make the size of all test drives 512 MB * fix(systemd): move installation of libkmod to udev-rules module * test: switch to virtio for the QEMU drive * test: switch to virtio for the QEMU drive * test: increase test VM memory from 512M to 1024M to avoid OOM killer * test: move more common test code to test-functions * test: upgrade to ext4 Other: * fix(systemd-networkd): install and enable systemd-networkd-resolve-hook.socket * fix(nfs): do not execute logic in nfs hooks if netroot is not nfs (bsc#1253960) ==== flatpak ==== Version update (1.16.1 -> 1.16.2) Subpackages: flatpak-selinux libflatpak0 system-user-flatpak - Update to version 1.16.2: + Enhancements: - Documentation improvements - Support the reinstall option on bundle installations - Enable the VA-API extension for Intel Xe GPUs - Documentation improvements - Add cancellation support for curl downloads + Bug fixes: - Provide an empty /run/host/font-dirs.xml during flatpak build - Fix various issues with flatpak mask and flatpak pin by reloading the repo configuration after changes done via the system helper - Fix an issue where the home directory would accidentally be accessible when a bad version of glib is in use, the app has access to a standard XDG directory, and that directory is not available on the system - flatpak-kill will no longer send SIGKILL to all processes in the current process group - Various bug fixes for the OCI support - Fix various memory leaks - Fix various crashes + Updated translations. - Drop cd80e843435df5ce70d9a2b6710098135ceb9085.patch: Fixed upstream. ==== fuse3 ==== Version update (3.17.4 -> 3.18.1) Subpackages: libfuse3-4 - Update to release 3.18.1 * Fix ABI break introduced by 3.18.0 - Update to release 3.18.0 * FUSE-over-uring communication * statx support * FUSE_NOTIFY_INC_EPOCH: New notification mechanism for epoch counters * Fixed double unmount on FUSE_DESTROY * Fixed junk readdirplus results when filesystem does not fill stat info ==== fwupd ==== Version update (2.0.18 -> 2.0.19) Subpackages: libfwupd3 typelib-1_0-Fwupd-2_0 - Update to version 2.0.19: + This release adds the following features: - Add two commands to fwupdtool to calculate and find CRCs - Allow systems to use the udev event source without using systemd + This release fixes the following bugs: - Always show the correct new firmware version in 'fwupdmgr get-history' - Fix an integer underflow when parsing a malicious PE file - Fix a regression when enumerating the dell-dock status component - Fix the fuzzer timeout when parsing a synaptics-rmi SBL container - Fix updating the Intel GPU FWDATA section - Respect 'fwupdmgr --force' when installing firmware + This release adds support for the following hardware: - Lenovo Sapphire Folio Keyboard ==== kernel-firmware-i915 ==== Version update (20251125 -> 20251217) - Update aliases for 6.19-rc1 - Update to version 20251217 (git commit c695356f6ea1): * xe: Update GUC to v70.55.3 for BMG, PTL ==== kernel-firmware-intel ==== - Update aliases for 6.19-rc1 ==== kernel-firmware-iwlwifi ==== Version update (20251123 -> 20251217) - Update to version 20251217 (git commit c695356f6ea1): * iwlwifi: add Bz/Sc FW for core101-82 release * iwlwifi: Add Sc/Gf firmware for core101-82 release * iwlwifi: update ty/So/Ma firmwares for core101-82 release * iwlwifi: update cc/Qu/QuZ firmwares for core101-82 release ==== kernel-firmware-platform ==== - Update aliases for 6.19-rc1 ==== kernel-firmware-qcom ==== Version update (20251202 -> 20251217) - Update to version 20251217 (git commit c695356f6ea1): * qcom: drop compatibility a640_zap.mdt symlink - Update to version 20251211 (git commit 6953ec7e9fea): * qcom: Add firmwares for sm8150 GPU * qcom: Add firmwares for sm8450 GPU * qcom: Add firmwares for sm8550 GPU * qcom: Add firmwares for sm8650 GPU * qcom: Add firmwares for sm8750 GPU ==== kernel-firmware-realtek ==== Version update (20251118 -> 20251217) - Update aliases for 6.19-rc1 - Update to version 20251217 (git commit c695356f6ea1): * rtw89: 8852b: update fw to v0.29.29.15 ==== kernel-firmware-sound ==== Version update (20251205 -> 20251217) - Update to version 20251217 (git commit c695356f6ea1): * cirrus: cs35l41: Update firmware and tuning for various HP laptops * cirrus: cs35l41: Add support for new HP Clipper laptop ==== kernel-source ==== Version update (6.18.1 -> 6.18.2) - Update patches.kernel.org/6.18.1-003-ext4-refresh-inline-data-size-before-write-ope.patch (bsc#1012628 CVE-2025-68264 bsc#1255380). - Update patches.kernel.org/6.18.1-004-ksmbd-ipc-fix-use-after-free-in-ipc_msg_send_r.patch (bsc#1012628 CVE-2025-68263 bsc#1255384). - Update patches.kernel.org/6.18.1-006-crypto-zstd-fix-double-free-in-per-CPU-stream-.patch (bsc#1012628 CVE-2025-68262 bsc#1255158). - Update patches.kernel.org/6.18.1-007-ext4-add-i_data_sem-protection-in-ext4_destroy.patch (bsc#1012628 CVE-2025-68261 bsc#1255164). - Update patches.kernel.org/6.18.1-008-rust_binder-fix-race-condition-on-death_list.patch (bsc#1012628 CVE-2025-68260 bsc#1255177). - Update patches.kernel.org/6.18.1-010-KVM-SVM-Don-t-skip-unrelated-instruction-if-IN.patch (bsc#1012628 CVE-2025-68259 bsc#1255199). - Update patches.kernel.org/6.18.1-025-comedi-multiq3-sanitize-config-options-in-mult.patch (bsc#1012628 CVE-2025-68258 bsc#1255182). - Update patches.kernel.org/6.18.1-026-comedi-check-device-s-attached-status-in-compa.patch (bsc#1012628 CVE-2025-68257 bsc#1255167). - Update patches.kernel.org/6.18.1-027-staging-rtl8723bs-fix-out-of-bounds-read-in-rt.patch (bsc#1012628 CVE-2025-68256 bsc#1255138). - Update patches.kernel.org/6.18.1-028-staging-rtl8723bs-fix-stack-buffer-overflow-in.patch (bsc#1012628 CVE-2025-68255). - Update patches.kernel.org/6.18.1-029-staging-rtl8723bs-fix-out-of-bounds-read-in-On.patch (bsc#1012628 CVE-2025-68254 bsc#1255140). - Update patches.kernel.org/6.18.2-517-net-sched-sch_cake-Fix-incorrect-qlen-reductio.patch (bsc#1012628 CVE-2025-68325). - Update patches.kernel.org/6.18.2-589-scsi-imm-Fix-use-after-free-bug-caused-by-unfi.patch (bsc#1012628 CVE-2025-68324). - Update patches.kernel.org/6.18.2-602-usb-typec-ucsi-fix-use-after-free-caused-by-ue.patch (bsc#1012628 CVE-2025-68323). suse-add-cves - commit 9447271 - netfilter: nf_conncount: fix leaked ct in error paths (git-fixes). - commit 05e3e3d - Update config files. - commit 1b7058f - Linux 6.18.2 (bsc#1012628). - smack: fix bug: SMACK64TRANSMUTE set on non-directory (bsc#1012628). - smack: deduplicate "does access rule request transmutation" (bsc#1012628). - smack: deduplicate xattr setting in smack_inode_init_security() (bsc#1012628). - smack: always "instantiate" inode in smack_inode_init_security() (bsc#1012628). - smack: fix bug: invalid label of unix socket file (bsc#1012628). - smack: fix bug: unprivileged task can create labels (bsc#1012628). - smack: fix bug: setting task label silently ignores input garbage (bsc#1012628). - gpu: host1x: Fix race in syncpt alloc/free (bsc#1012628). - accel/amdxdna: Fix an integer overflow in aie2_query_ctx_status_array() (bsc#1012628). - accel/amdxdna: Call dma_buf_vmap_unlocked() for imported object (bsc#1012628). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (bsc#1012628). - drm/panel: visionox-rm69299: Fix clock frequency for SHIFT6mq (bsc#1012628). - drm/panel: visionox-rm69299: Don't clear all mode flags (bsc#1012628). - accel/ivpu: Rework bind/unbind of imported buffers (bsc#1012628). - accel/ivpu: Fix page fault in ivpu_bo_unbind_all_bos_from_context() (bsc#1012628). - accel/ivpu: Fix DCT active percent format (bsc#1012628). - drm/vgem-fence: Fix potential deadlock on release (bsc#1012628). - bpf: Cleanup unused func args in rqspinlock implementation (bsc#1012628). - bpf: Fix sleepable context for async callbacks (bsc#1012628). - bpf: Fix handling maps with no BTF and non-constant offsets for the bpf_wq (bsc#1012628). - tools/nolibc: handle NULL wstatus argument to waitpid() (bsc#1012628). - USB: Fix descriptor count when handling invalid MBIM extended descriptor (bsc#1012628). - perf bpf_counter: Fix opening of "any"(-1) CPU events (bsc#1012628). - pinctrl: qcom: glymur: Drop unnecessary platform data from match table (bsc#1012628). - pinctrl: qcom: glymur: Fix the gpio and egpio pin functions (bsc#1012628). - ima: Attach CREDS_CHECK IMA hook to bprm_creds_from_file LSM hook (bsc#1012628). - pinctrl: renesas: rzg2l: Fix PMC restore (bsc#1012628). - clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle ... changelog too long, skipping 1022 lines ... - commit 114a3e8 ==== kernel-source ==== Version update (6.18.1 -> 6.18.2) - Update patches.kernel.org/6.18.1-003-ext4-refresh-inline-data-size-before-write-ope.patch (bsc#1012628 CVE-2025-68264 bsc#1255380). - Update patches.kernel.org/6.18.1-004-ksmbd-ipc-fix-use-after-free-in-ipc_msg_send_r.patch (bsc#1012628 CVE-2025-68263 bsc#1255384). - Update patches.kernel.org/6.18.1-006-crypto-zstd-fix-double-free-in-per-CPU-stream-.patch (bsc#1012628 CVE-2025-68262 bsc#1255158). - Update patches.kernel.org/6.18.1-007-ext4-add-i_data_sem-protection-in-ext4_destroy.patch (bsc#1012628 CVE-2025-68261 bsc#1255164). - Update patches.kernel.org/6.18.1-008-rust_binder-fix-race-condition-on-death_list.patch (bsc#1012628 CVE-2025-68260 bsc#1255177). - Update patches.kernel.org/6.18.1-010-KVM-SVM-Don-t-skip-unrelated-instruction-if-IN.patch (bsc#1012628 CVE-2025-68259 bsc#1255199). - Update patches.kernel.org/6.18.1-025-comedi-multiq3-sanitize-config-options-in-mult.patch (bsc#1012628 CVE-2025-68258 bsc#1255182). - Update patches.kernel.org/6.18.1-026-comedi-check-device-s-attached-status-in-compa.patch (bsc#1012628 CVE-2025-68257 bsc#1255167). - Update patches.kernel.org/6.18.1-027-staging-rtl8723bs-fix-out-of-bounds-read-in-rt.patch (bsc#1012628 CVE-2025-68256 bsc#1255138). - Update patches.kernel.org/6.18.1-028-staging-rtl8723bs-fix-stack-buffer-overflow-in.patch (bsc#1012628 CVE-2025-68255). - Update patches.kernel.org/6.18.1-029-staging-rtl8723bs-fix-out-of-bounds-read-in-On.patch (bsc#1012628 CVE-2025-68254 bsc#1255140). - Update patches.kernel.org/6.18.2-517-net-sched-sch_cake-Fix-incorrect-qlen-reductio.patch (bsc#1012628 CVE-2025-68325). - Update patches.kernel.org/6.18.2-589-scsi-imm-Fix-use-after-free-bug-caused-by-unfi.patch (bsc#1012628 CVE-2025-68324). - Update patches.kernel.org/6.18.2-602-usb-typec-ucsi-fix-use-after-free-caused-by-ue.patch (bsc#1012628 CVE-2025-68323). suse-add-cves - commit 9447271 - netfilter: nf_conncount: fix leaked ct in error paths (git-fixes). - commit 05e3e3d - Update config files. - commit 1b7058f - Linux 6.18.2 (bsc#1012628). - smack: fix bug: SMACK64TRANSMUTE set on non-directory (bsc#1012628). - smack: deduplicate "does access rule request transmutation" (bsc#1012628). - smack: deduplicate xattr setting in smack_inode_init_security() (bsc#1012628). - smack: always "instantiate" inode in smack_inode_init_security() (bsc#1012628). - smack: fix bug: invalid label of unix socket file (bsc#1012628). - smack: fix bug: unprivileged task can create labels (bsc#1012628). - smack: fix bug: setting task label silently ignores input garbage (bsc#1012628). - gpu: host1x: Fix race in syncpt alloc/free (bsc#1012628). - accel/amdxdna: Fix an integer overflow in aie2_query_ctx_status_array() (bsc#1012628). - accel/amdxdna: Call dma_buf_vmap_unlocked() for imported object (bsc#1012628). - accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (bsc#1012628). - drm/panel: visionox-rm69299: Fix clock frequency for SHIFT6mq (bsc#1012628). - drm/panel: visionox-rm69299: Don't clear all mode flags (bsc#1012628). - accel/ivpu: Rework bind/unbind of imported buffers (bsc#1012628). - accel/ivpu: Fix page fault in ivpu_bo_unbind_all_bos_from_context() (bsc#1012628). - accel/ivpu: Fix DCT active percent format (bsc#1012628). - drm/vgem-fence: Fix potential deadlock on release (bsc#1012628). - bpf: Cleanup unused func args in rqspinlock implementation (bsc#1012628). - bpf: Fix sleepable context for async callbacks (bsc#1012628). - bpf: Fix handling maps with no BTF and non-constant offsets for the bpf_wq (bsc#1012628). - tools/nolibc: handle NULL wstatus argument to waitpid() (bsc#1012628). - USB: Fix descriptor count when handling invalid MBIM extended descriptor (bsc#1012628). - perf bpf_counter: Fix opening of "any"(-1) CPU events (bsc#1012628). - pinctrl: qcom: glymur: Drop unnecessary platform data from match table (bsc#1012628). - pinctrl: qcom: glymur: Fix the gpio and egpio pin functions (bsc#1012628). - ima: Attach CREDS_CHECK IMA hook to bprm_creds_from_file LSM hook (bsc#1012628). - pinctrl: renesas: rzg2l: Fix PMC restore (bsc#1012628). - clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle ... changelog too long, skipping 1022 lines ... - commit 114a3e8 ==== libarchive ==== Version update (3.8.3 -> 3.8.4) - Update to 3.8.4: * bsdtar: Fix zero-length pattern issue * lib: Fix regression introduced in libarchive 3.8.2 when walking enterable but unreadable directories - add libarchive-3.8.4-tar-fix-tests.patch to fix tests ==== libeconf ==== Version update (0.8.2 -> 0.8.3) - Update to version 0.8.3: * improved Documentation (#246) ==== libopenmpt ==== Version update (0.8.3 -> 0.8.4) - Update to 0.8.4: * openmpt123: libsndfile float32 output was broken since 0.8.1. * [Bug] build/download_externals.txt was missing from makefile and msvc source archives. * PT36: Some MODs with samples larger than 64k inside PT36 containers were not read correctly. * IT: Files are no longer interpreted as ModPlug-made (thus disabling all compatibility settings) just because instrument extensions are found (no such files are currently known to exist in the wild). ==== libssh2_org ==== - use cmake build system so that cmake build files are generated, as needed by daggy ==== lvm2 ==== Version update (2.03.29 -> 2.03.38) Subpackages: liblvm2cmd2_03 - Update lvm2 from LVM2.2.03.29 to LVM2.2.03.38 * ** WHATS_NEW from 2.03.29 to 2.03.38 *** Version 2.03.38 - 15th December 2025 ==================================== Synchronize with udev after creating pool metadata spare volume. Conversion to thin-pool removes activation skipping from converted LVs. Configure now checks for xfs/xfs.h. Workaround for libblkid returning old FSLASTBLOCK immediately after resize. Enhance pvmove activation and deactivation. LV locks whole device tree using such locked LV. Version 2.03.37 - 21st November 2025 ==================================== Remove unsupported --blockdevice option from lvscan. Support output in list mode for all lvmconfig --typeconfig types with --list. Enhance shutdown performance of daemons using libdaemon. Update lvmdevices(8). Add --force option for lvmdevices --update. Add --listids, --delid, --addid options for manipulation by device_id to lvmdevices. Add missing synchronization for vdopool. Fix deadlock in lvmdbusd on SIGINT in lvm shell mode. Add VG attr character and pr field for persistent reservation status to vgs. Fix persistent reservations setting handling in vgmerge, vgsplit and vgimportclone. Add missing synchronization while converting cachevols. Warn on classic snapshot on raid creation and error on activation if missing. Translate udev device paths in lvmdbusd for test environments. Use source='udev' in lvmdbusd to monitor processed udev events. Symlink to /dev nodes when using alternative dev dir to trigger udev. Avoid passing uninitilized buffer in dmeventd to fix valgrind report. Improve lvmdbusd matching of udevd reported device paths. Version 2.03.36 - 24th October 2025 =================================== Fix uninitialized chunk_size_calc_policy in pool parameter functions. Fix approximate allocation for Raid with insufficient extents. Fix race in dmeventd remonitoring optimization (2.03.35). Use -real suffix for pvmove UUID. Add support pvmove segmentation allocation/pvmove_max_segmentation_size_mb. Allow creating _imeta with multiple segments. Fix driver_version() accepts NULL version buffer pointer. Fix invalid free() call in error path of _add_metadata_area_to_pv(). Avoid destroying aio context in forked process. Add lvs -o cache_promotions,cache_promotions fields. Update pvmove logic when moving i.e. raid legs. Display integrity info in lvdisplay. Increase storage size for internal filter chain. Add helper function display_mb_size(). Enhance code for adding and removing integrity to RAID volumes. Add code for basic validation of integrity segment. Use -real private suffix for integrity origin and meta volumes. Use -real private suffix for mirror and raid legs. Detect and use existing XFS quota mount options for lvresize --fs resize. Version 2.03.35 - 09th September 2025 ===================================== Fix unlocking devices file only after all PVs are processed. Avoid creating system.devices when deleting entries. Fix existing issues with persistent reservations. Fix possible report output format inconsistencies while processing PVs. Allow report options for pv/vg/lvdisplay only if used with -C|--columns. Fix vgsplit failing to split a VG with RAID+integrity or cache with cachevol. Fix --lockopt handling in lvmlockd when --nolocking is used. Optimize dmeventd when remonitoring active devices. Version 2.03.34 - 30th July 2025 ================================ Support dmeventd restart when there are no monitored devices. Dmeventd no longer calls 'action commands' on removed devices. Fix reader of VDO metadata on 32bit architecture. Fix lvmdevices --deldev/--delpvid to error out if devices file not writeable. Fix lvresize corruption in LV->crypt->FS stack if near crypt min size limit. Enhanced lvresize -r support for btrfs. Use glibc standard functions htoX, Xtoh functions for endian conversion. Fix structure copying within sanlock's release_rename(). Fix autoactivation on top of loop dev PVs to trigger once for change uevents. Add lvmlockd --lockopt repair to reinitialize corrupted sanlock leases. Fix support for lvcreate -T --setautoactivation. Add lvm.conf global/lvresize_fs_helper_executable. Enable lvm to use persistent reservations on a VG. Version 2.03.33 - 27th June 2025 ================================ Various spelling, grammar, formatting, test, and build script improvements. Override LC_NUMERIC locale if unsuitable for json_std report format. Repair raid arrays with transiently lost devices. Version 2.03.32 - 05th May 2025 =============================== Lvconvert vdopool conversion properly validates acceptable LVs. Accept thin pool data LV as cacheable LV. Allow using zram block devices (likely for testing). Fix lvresize when resizing COW snapshots already covering origin. Fix lvmdbusd read of executed lvm commands output. Fix construction of DM UUID for cachevol _cdata and _cmeta devices. Ignore PV claims from old metadata when then PV belongs to a new VG. Fix integrity metadata rounding. Accept --autobackup option in pvresize. Version 2.03.31 - 27th February 2025 ==================================== Reduce 'mandoc -T lint' reported issues for man pages. Restore support for LVM_SUPPRESS_FD_WARNINGS (2.03.24). Fix uncache and split cache restoring original state of volume. Extend use of lockopt skip to more scenarios. Enhance error path resolving in polling code. Disallow shared activation of LV with CoW snapshot. ... changelog too long, skipping 53 lines ... - fate-31841-02_man-add-support-for-btrfs.patch ==== lvm2-device-mapper ==== Version update (2.03.29_1.02.203 -> 2.03.38_1.02.212) Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - Update lvm2 from LVM2.2.03.29 to LVM2.2.03.38 * ** WHATS_NEW from 2.03.29 to 2.03.38 *** Version 2.03.38 - 15th December 2025 ==================================== Synchronize with udev after creating pool metadata spare volume. Conversion to thin-pool removes activation skipping from converted LVs. Configure now checks for xfs/xfs.h. Workaround for libblkid returning old FSLASTBLOCK immediately after resize. Enhance pvmove activation and deactivation. LV locks whole device tree using such locked LV. Version 2.03.37 - 21st November 2025 ==================================== Remove unsupported --blockdevice option from lvscan. Support output in list mode for all lvmconfig --typeconfig types with --list. Enhance shutdown performance of daemons using libdaemon. Update lvmdevices(8). Add --force option for lvmdevices --update. Add --listids, --delid, --addid options for manipulation by device_id to lvmdevices. Add missing synchronization for vdopool. Fix deadlock in lvmdbusd on SIGINT in lvm shell mode. Add VG attr character and pr field for persistent reservation status to vgs. Fix persistent reservations setting handling in vgmerge, vgsplit and vgimportclone. Add missing synchronization while converting cachevols. Warn on classic snapshot on raid creation and error on activation if missing. Translate udev device paths in lvmdbusd for test environments. Use source='udev' in lvmdbusd to monitor processed udev events. Symlink to /dev nodes when using alternative dev dir to trigger udev. Avoid passing uninitilized buffer in dmeventd to fix valgrind report. Improve lvmdbusd matching of udevd reported device paths. Version 2.03.36 - 24th October 2025 =================================== Fix uninitialized chunk_size_calc_policy in pool parameter functions. Fix approximate allocation for Raid with insufficient extents. Fix race in dmeventd remonitoring optimization (2.03.35). Use -real suffix for pvmove UUID. Add support pvmove segmentation allocation/pvmove_max_segmentation_size_mb. Allow creating _imeta with multiple segments. Fix driver_version() accepts NULL version buffer pointer. Fix invalid free() call in error path of _add_metadata_area_to_pv(). Avoid destroying aio context in forked process. Add lvs -o cache_promotions,cache_promotions fields. Update pvmove logic when moving i.e. raid legs. Display integrity info in lvdisplay. Increase storage size for internal filter chain. Add helper function display_mb_size(). Enhance code for adding and removing integrity to RAID volumes. Add code for basic validation of integrity segment. Use -real private suffix for integrity origin and meta volumes. Use -real private suffix for mirror and raid legs. Detect and use existing XFS quota mount options for lvresize --fs resize. Version 2.03.35 - 09th September 2025 ===================================== Fix unlocking devices file only after all PVs are processed. Avoid creating system.devices when deleting entries. Fix existing issues with persistent reservations. Fix possible report output format inconsistencies while processing PVs. Allow report options for pv/vg/lvdisplay only if used with -C|--columns. Fix vgsplit failing to split a VG with RAID+integrity or cache with cachevol. Fix --lockopt handling in lvmlockd when --nolocking is used. Optimize dmeventd when remonitoring active devices. Version 2.03.34 - 30th July 2025 ================================ Support dmeventd restart when there are no monitored devices. Dmeventd no longer calls 'action commands' on removed devices. Fix reader of VDO metadata on 32bit architecture. Fix lvmdevices --deldev/--delpvid to error out if devices file not writeable. Fix lvresize corruption in LV->crypt->FS stack if near crypt min size limit. Enhanced lvresize -r support for btrfs. Use glibc standard functions htoX, Xtoh functions for endian conversion. Fix structure copying within sanlock's release_rename(). Fix autoactivation on top of loop dev PVs to trigger once for change uevents. Add lvmlockd --lockopt repair to reinitialize corrupted sanlock leases. Fix support for lvcreate -T --setautoactivation. Add lvm.conf global/lvresize_fs_helper_executable. Enable lvm to use persistent reservations on a VG. Version 2.03.33 - 27th June 2025 ================================ Various spelling, grammar, formatting, test, and build script improvements. Override LC_NUMERIC locale if unsuitable for json_std report format. Repair raid arrays with transiently lost devices. Version 2.03.32 - 05th May 2025 =============================== Lvconvert vdopool conversion properly validates acceptable LVs. Accept thin pool data LV as cacheable LV. Allow using zram block devices (likely for testing). Fix lvresize when resizing COW snapshots already covering origin. Fix lvmdbusd read of executed lvm commands output. Fix construction of DM UUID for cachevol _cdata and _cmeta devices. Ignore PV claims from old metadata when then PV belongs to a new VG. Fix integrity metadata rounding. Accept --autobackup option in pvresize. Version 2.03.31 - 27th February 2025 ==================================== Reduce 'mandoc -T lint' reported issues for man pages. Restore support for LVM_SUPPRESS_FD_WARNINGS (2.03.24). Fix uncache and split cache restoring original state of volume. Extend use of lockopt skip to more scenarios. Enhance error path resolving in polling code. Disallow shared activation of LV with CoW snapshot. ... changelog too long, skipping 53 lines ... - fate-31841-02_man-add-support-for-btrfs.patch ==== mpg123 ==== Version update (1.33.3 -> 1.33.4) - Update to version 1.33.4 * mpg123: In terminal control, ignore 7-bit escape sequences to avoid spurious actions, e.g. when hitting cursor keys. * ports/cmake: Avoid possibly conflicting use of SIZEOF_OFF_T CMake variable when embedding mpg123 with other projects using cmake and different off_t semantics. ==== multipath-tools ==== Version update (0.13.0+127+suse.37f9a4c9 -> 0.13.0+229+suse.dbac936f) Subpackages: kpartx libmpath0 - Update to version 0.13.0+229+suse.dbac936f: * multipath-tools tests: adaptations for cmocka 2.0 (bsc#1255045, gh#opensvc/multipath-tools#129) * libmpathutil: use union for bitfield (bsc#1255285) * libmultipath: don't access path members in free_pgvec() (gh#opensvc/multipath-tools#128) - Include reviewed upstream fixes post 0.13.0: * more mpathpersist fixes * hwtable updates - Update to version 0.13.0+201+suse.821510bc: * CI: more GitHub workflow updates. No code changes. - Update to version 0.13.0+186+suse.9a8e81de: * CI: GitHub workflow updates. No code changes. ==== ncurses ==== Version update (6.5.20251206 -> 6.5.20251213) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20251213 + in-progress work to merge MinGW/Windows port. + add a null-pointer check in tic -c option. + add a limit-check in infocmp -i option (report/example by Yixuan Cao). ==== netavark ==== Version update (1.16.1 -> 1.17.1) - Update to version 1.17.1: * release v1.17.1 * release notes for v1.17.1 * bump mozim to v0.3.1 * release v1.17.0 * release notes for v1.17.0 * sync release notes from v1.16.1 * refactor(netlink): Generalize socket for multi-protocol support * run cargo update * test-dhcp: use /24 subnet for bridge * update serde and serde_json * varktables: remove use of private serde type * fix(deps): update rust crate iptables to 0.6.0 * fix(deps): update rust crate clap to ~4.5.51 * fix download artifact action * Upgrade to mozim 0.3.0 * rotating aws metadata task key * [skip-ci] Update GitHub Artifact Actions * rotate aws keys * fix(deps): update rust crate zbus to 5.12.0 * fix(deps): update rust crate tokio to 1.48.0 * chore(deps): update rust crate tempfile to 3.23.0 * fix(deps): update rust crate netlink-packet-core to 0.8.1 * fix(deps): update rust crate hyper-util to 0.1.17 * fix(deps): update rust crate serde_json to 1.0.144 * chore(deps): update rust crate tempfile to 3.22.0 * update netlink-package-{core, route} * fix(deps): update rust crate zbus to 5.11.0 * feat(dhcp): Send DHCPRELEASE on container teardown * bump MSRV to 1.86 * update tonic and prost to 0.14 * chore(deps): update rust crate chrono to 0.4.42 * fix(deps): update rust crate log to 0.4.28 * fix(deps): update rust crate zbus to 5.10.0 * Revert "[skip-ci] Update actions/download-artifact action to v5" * chore(deps): update rust crate tempfile to 3.21.0 * Packit: fetch copr rpm version from Cargo.toml * bridge: bind ip for aardvark-dns in unmanaged mode if gateway ip is not on the host * fix(deps): update rust crate serde_json to 1.0.143 * feat: Add firewall-reload command for nftables systems * test: coverage for firewalld's StrictForwardPorts configuration feature. * update nftables to v0.6.3 * fix(deps): update rust crate mozim to 0.2.7 * bump to v1.17.0-dev ==== nghttp3 ==== Version update (1.12.0 -> 1.13.1) - Update to 1.13.1: * Fix header name validation on a platform where char is unsigned - Update to 1.13.0: * Revert #395 partially * Replace POPCNT-based ispow2 with portable bitwise implementation to prevent illegal instruction crashes * doc: Recommend specifying rand callback * qpack: Optimize huffman decoding a bit * Remove unused enum values from nghttp3_stream_http_state * Qpack indexing strategy ==== openexr ==== Version update (3.4.3 -> 3.4.4) Subpackages: libIex-3_4-33 libIlmThread-3_4-33 libOpenEXR-3_4-33 libOpenEXRCore-3_4-33 - version update to 3.4.4 * OpenEXRCore: fix ILMTHREAD_THREADING_ENABLED checks * OpenEXRCore: avoid direct dependency on imath * Bump github/codeql-action from 4.31.2 to 4.31.3 * Add missing copywrite comments * Bump pypa/cibuildwheel from 3.2 to 3.3 * Bump github/codeql-action from 3.27.9 to 4.31.2 * Bump msys2/setup-msys2 from 2.27.0 to 2.29.0 * Bump actions/download-artifact from 4.1.8 to 6.0.0 * Bump ossf/scorecard-action from 2.4.0 to 2.4.3 * Bump pypa/cibuildwheel from 2.23 to 3.2 * Bump actions/cache from 4.2.0 to 4.3.0 * Bump actions/upload-artifact from 4 to 5 * Bump actions/checkout from 2.7.0 to 5.0.0 * Add recent CVEs to SECURITY.md * Bump sigstore/gh-action-sigstore-python from 3.0.0 to 3.1.0 * Bump actions/setup-python from 5.3.0 to 6.0.0 * Bump snyk/actions from 0.4.0 to 1.0.0 * Bump pypa/gh-action-pypi-publish from 1.12.3 to 1.13.0 * Imporve Bazel support * Converts asserts in internal_ht.cpp to if statement that throws an exception. * DWA: initialize linear/nonlinear tables at runtime * Update macos-13 to macos-15-intel * Properly set OpenEXR_error in legacy python API * B44: initialize exp/log tables at runtime ==== opus ==== Version update (1.5.2 -> 1.6) - Update to version 1.6 * A new wideband-to-fullband bandwidth extension (BWE) module. * Support for 96 kHz audio with Opus HD. * Significant improvement to Deep Redundancy (DRED). * A new 24-bit encoder/decoder API. * Fixed-point improvements. ==== passt ==== Version update (20250611.0293c6f -> 20251215.b40f5cd) Subpackages: passt-selinux - spec: drop restorecon trigger now that file context rules use regex (bsc#1246291) (https://archives.passt.top/passt-dev/20251016074045.562352-1-contact@danishpraka.sh/) - Update to version 20251215.b40f5cd: * tcp: Use less-than-MSS window on no queued data, or no data sent recently * conf, fwd: Move initialisation of auto port scanning out of conf() * tcp: Remove extra space from TCP_INFO debug messages (trivial) * pasta: Clean up waiting pasta child on failures * treewide: Introduce passt_exit() helper * tcp: Suppress new instance of cppcheck bug 14191 * pif: Correctly set scope_id for guest-side link local addresses * tcp: Correct timer expiry value in trace message * tcp_splice, flow: Add socket to epoll set before connect(), drop assert * fedora: Fix build on Fedora 43, selinux_requires_min not available on Copr builders * tcp: Skip redundant ACK on partial sendmsg() failure * tcp: Send a duplicate ACK also on complete sendmsg() failure * tcp: Allow exceeding the available sending buffer size in window advertisements * tcp: Don't limit window to less-than-MSS values, use zero instead * tcp: Acknowledge everything if it looks like bulk traffic, not interactive * tcp: Don't clear ACK_TO_TAP_DUE if we're advertising a zero-sized window * tcp: Adaptive interval based on RTT for socket-side acknowledgement checks * tcp: Limit advertised window to available, not total sending buffer size * tcp: Change usage factor of sending buffer in tcp_get_sndbuf() to 75% * tcp, util: Add function for scaling to linearly interpolated factor, use it * iov: Fix coding style of basic (non-IOV_TAIL) parts * tcp, udp: Pad batched frames for vhost-user modes to 60 bytes (802.3 minimum) * tcp, udp: Pad batched frames to 60 bytes (802.3 minimum) in non-vhost-user modes * udp: Fix coding style for comment to enum udp_iov_idx * tcp: Fix coding style for comment to enum tcp_iov_parts * tap: Pad non-batched frames to 802.3 minimum (60 bytes) if needed * test: Update Makefile to avoid failing on missing images * conf: Separate local mode for each IP version, don't enable disabled IP version * vu_common: Clarify prototype of vu_collect() * test: Expand tmux right status bar to fit pass/fail/skipped counter and time * tcp: Enable SO_KEEPALIVE if we see keep-alive segments from container / guest * seccomp: Fix build and operation on 32-bit musl targets * fwd: Preserve non-standard loopback address when splice forwarding * tcp: Always populate oaddr field for socket initiated flows * util: Rename sock_l4_dualstack() to sock_l4_dualstack_any() * tcp, udp: Bind outbound listening sockets by interface instead of address * tcp, udp: Remove fallback if creating dual stack socket fails * util: Fix setting of IPV6_V6ONLY socket option * udp: Move udp_sock_init() special case to its caller * udp: Unify some more inbound/outbound parts of udp_sock_init() * tcp: Merge tcp_ns_sock_init[46]() into tcp_sock_init_one() * util, flow, pif: Simplify sock_l4_sa() interface * inany: Let length of sockaddr_inany be implicit from the family * flow: Remove bogus @path field from flowside_sock_args * conf: More useful errors for kernels without SO_BINDTODEVICE * util: Extend sock_probe_mem() to sock_probe_features() * util: Correct error message on SO_BINDTODEVICE failure * tcp: Clamp the retry timeout * tcp: Update data retransmission timeout * tcp: Resend SYN for inbound connections * util: Introduce read_file() and read_file_integer() function * tcp: Rename "retrans" to "retries" * arp/ndp: don't send messages on uninitialized tap interface * test: Fix IPv6 address/prefix mismatch error * spec: use %selinux_requires_min macro, drop overlapping dependencies * fwd: Don't explicitly exclude reverse-direction TCP ports for UDP * fwd: Exclude ports based on prior mapping state * Revert "fwd: Update all port maps before applying exclusions" * udp: Use IP_FREEBIND for flow sockets as well as listening sockets * tcp: Properly remove sockets from epoll loop when connection is closed * seccomp.sh: Quote tr character ranges to prevent glob expansion * contrib/selinux: use regex instead of SELinux template * tcp, udp: Don't exclude ports in {tcp,udp}_port_rebind() * fwd: Update all port maps before applying exclusions * fwd: Check forwarding mode in fwd_scan_ports_*() rather than caller * fwd: Share port scanning logic between init and timer cases * fwd: Move port exclusion handling from procfs_scan_listen() to callers * fwd: Consolidate scans (not rebinds) in fwd.c * tcp, udp, fwd: Run all port scanning from a single timer * icmp: Remove vestiges of ICMP timer * passt: Move main event loop processing into passt_worker() * udp: Use epoll instance management for UDP flows * icmp: Use epoll instance management for ICMP flows * tcp, flow: Replace per-connection in_epoll flag with an epollid in flow_common * util: Move epoll registration out of sock_l4_sa() * epoll_ctl: Extract epoll operations * util: Simplify epoll_del() interface to take epollfd directly * icmp: let icmp use mac address from flowside structure * tap: change signature of function tap_push_l2h() * tcp: forward external source MAC address through tap interface * udp: forward external source MAC address through tap interface * flow: add MAC address of LAN local remote hosts to flow * arp/ndp: send ARP announcement / unsolicited NA when neigbour entry added * arp/ndp: respond with true MAC address of LAN local remote hosts * fwd: Add cache table for ARP/NDP contents * netlink: add subscription on changes in NDP/ARP table * Add reverse Christmas tree to CONTRIBUTING.md * fwd: Fix misspelling * test: Fix the escaping issue in memory/passt test * test: Update the threshold value for some perf tests * tap: Update some function comments for accuracy * passt: Rename EPOLL_EVENTS to NUM_EPOLL_EVENTS * Fix the wrong command in CONTRIBUTING.md * test: For missing static checkers, skip rather than failing tests * test: Add some missing quoting in exeter runner * test: Use ${} consistently in lib/exeter ... changelog too long, skipping 96 lines ... * Single line macro to load SELinux policies for better performance ==== permissions ==== Version update (1699_20251002 -> 1699_20251217) Subpackages: permctl permissions-config - Update to version 1699_20251217: * profiles: drop shadow related entries (bsc#1254844) ==== podman ==== Version update (5.6.2 -> 5.7.1) - Update to version 5.7.1: * Bump to v5.7.1 * Final release notes update for v5.7.1 * kube play: Fix fd leak when handling symlinks * Update release notes for v5.7.1 * avoid potential nil ptr deref in image rm * fix: check err returned by newGenericDecompressor * pkg/specgen/generate: Fix adding host devices on FreeBSD * Replace FindExecutablePeer with FindHelperBinary * [v5.7] Bump common to v0.66.1 * libpod: simplify resolveWorkDir() * libpod: fix workdir MkdirAll() all check * [v5.7] Bump Buildah to v1.42.2, runc to v1.3.4 * rootless_linux.c: use shortcut for system commands * SetupRootless handle case where conmon pid are not valid * preallocate paths in SetupRootless * fix noMoveProcess in SetupRootless * use return error handling in SetupRootless * pkg/machine: make mount units hook into local-fs * docs: fix redoc swagger URL * Bump Podman to v5.7.1-dev * Bump to v5.7.0 * Create release notes for v5.7.0 * hack/bats: port it to use the new remote support * test/system: fix broken podman_runtime * test/system: fix artifact test cleanup * test/system: merge artifact tests into single file * test/system: rework artifact created test * test/system: remove 701-artifact-created.bats * test/system: do not run artifact test in parallel * test/system: skip flaky restore test on debian * test/e2e: try to fix clean up after terminated build flake * [v5.7] Packit/TMT: remove podman-next repos from release branches * [v5.7] fix lint issues with github.com/cyphar/filepath-securejoin * [v5.7] Bump to runc v1.3.3 - CVE-2025-52881 * rotate aws meta_task keys * rotate aws key * Bump Podman to v5.7.0-dev * Bump to v5.7.0-rc3 * Update release notes for v5.7.0-rc3 * Fix cache misses when pulling WSL machine image * test: organize search tests with BeforeEach/AfterEach patterns * test: refactor search_test.go to use helper functions and PodmanExitCleanly * test: Replace external registry deps with mock server in search tests * Add tmt integration plan * Bump bundled krunkit from 1.1.0 to 1.1.1 * Allow RC Windows Installer to be built * Allow failures on WSL machine tests * Bump Podman to v5.7.0-dev * Bump to v5.7.0-rc2 * Add release notes for v5.7.0-rc2 * Bump bundled krunkit from 0.2.2 to 1.1.0 * Fix Windows Installer GH release * Add CreatedAt format option to podman artifact ls * Bump Podman to v5.7.0-dev * Bump to v5.7.0-rc1 * Add release notes for v5.7.0-rc1 * quadlet: add `cat` alias for `print` * Bump Buidah to v1.42.0 for Podman v5.7 * fix: failing tests * feat(quadlet: kube): support multiple Yaml entries * Warn on boltdb use * fix artifact inspect issues * feat(cmd): podman kube play support multiple arguments * cmd/podman: add replace flag to quadlet install * fix: typo in uidmap option doc * RPM: build with sequoia for F43+ * feat: add `--format` flag to artifact inspect * artifact: added CREATED column to artifact ls Fixes: #27314 * fix remote command parameters * Add a test for containers.conf runtime options * docs: introduce custom version selector in api.html * add test for container name without Pod name prefix feature * Allow artifact add to override org.opencontainers.image.title annotation * Vendor in latest go.podman.io/common * fileperms: newer Go 1.13+ octal literal format * Quadlet build - add support for IgnoreFile key * Add default runtime flags in config * remove libartifact from podman * chore: remove repetitive word in cmd/podman/README.md * add option to remove Pod name prefix in resulting container name * Add a new Windows installer supporting user scope * docs: initialize redoc via JS API * docs: generate Reference version list from json file * fix: system prune JSON unmarshalling error in remote client * [skip-ci] Update actions/setup-node action to v6 * docs: add missing manifest parameter to build API endpoints * Add BuildArg example into documentation * Add artifact quadlet unit type support * Fix flaky sysctl completion by handling /proc/sys errors gracefully * Run `make validatepr` * Update docs/source/markdown/podman-systemd.unit.5.md * Iterate through all machine providers in FindMachineByPort * Add local build API for direct filesystem builds on MacOS and Windows (only WSL) * fix(deps): update module golang.org/x/term to v0.36.0 * Update docs for StopTimeOut * SECURITY.md: point to container-libs * Update documentation to include BuildArg key * Test for multiple key/val arguments ... changelog too long, skipping 230 lines ... * compat: RepoTags and RepoDigest return [] and not null ==== python-tornado6 ==== Version update (6.5 -> 6.5.4) - Update to 6.5.4 * The in operator for HTTPHeaders was incorrectly case-sensitive, causing lookups to fail for headers with different casing than the original header name. This was a regression in version 6.5.3 and has been fixed to restore the intended case-insensitive behavior from version 6.5.2 and earlier. - Update to 6.5.3 (bsc#1254903, bsc#1254905, bsc#1254904) * Fixed a denial-of-service vulnerability involving quadratic computation when parsing multipart/form-data request bodies. CVE-2025-67726 Thanks to Finder16 for reporting this issue. * Fixed a denial-of-service vulnerability involving quadratic computation when parsing repeated HTTP headers. CVE-2025-67725. Thanks to Finder16 for reporting this issue. * Fixed a header injection and XSS vulnerability involving the reason argument to .RequestHandler.set_status and tornado.web.HTTPError. CVE-2025-67724. Thanks to Finder16 and Cheshire1225 for reporting this issue. * Several demo applications bundled with the Tornado repo (blog, chat, facebook) had an open redirect vulnerability which has been fixed. This is not covered by a CVE or security advisory since the demo applications are not included as a part of the Tornado package when installed, but developers who have copied code from these demos may which to review their own applications for open redirects. Thanks to J1vvoo for reporting this issue. * he s3server demo application contained some path traversal vulnerabilities. Since this demo application was not demonstrating any interesting aspects of Tornado, it has been deleted rather than being fixed. Thanks to J1vvoo for reporting this issue. - Update to 6.5.2 * Fixed a bug that resulted in WebSocket pings not being sent at the configured interval. * Improved logging for invalid Host headers. This was previously logged as an uncaught exception with a stack trace, now it is simply a 400 response (logged as a warning in the access log). * Restored the host argument to .HTTPServerRequest. This argument is deprecated and will be removed in the future, but its removal with no warning in 6.5.0 was a mistake. * Removed a debugging print statement that was left in the code. * Improved type hints for gen.multi. - Update to 6.5.1 * Fixed a bug in multipart/form-data parsing that could incorrectly reject filenames containing characters above U+00FF (i.e. most characters outside the Latin alphabet). ==== qt6-base ==== Subpackages: libQt6Concurrent6 libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6OpenGLWidgets6 libQt6PrintSupport6 libQt6Sql6 libQt6Test6 libQt6WaylandClient6 libQt6Widgets6 libQt6WlShellIntegration6 libQt6Xml6 qt6-network-tls qt6-networkinformation-glib qt6-networkinformation-nm qt6-printsupport-cups qt6-sql-sqlite qt6-wayland - Add patch to fix crash due to 0001-fix-slow-scrolling-on-wayland.patch (boo#1253651): * 0001-wayland-Fix-crash-in-QWaylandShmBackingStore-scroll.patch ==== rsync ==== - Security update (CVE-2025-10158, bsc#1254441): rsync: Out of bounds array access via negative index - Add rsync-CVE-2025-10158.patch ==== samba ==== Version update (4.22.6+git.435.014e5eceb5d -> 4.23.4+git.428.6b48e7eba5b) Subpackages: libldb2 samba-client samba-client-libs - samba-ad-dc-libs packages are missing a DLZ plugin for bind 9.20; (bso#15790); (bsc#1249058). - Update to 4.23.4 * Samba 4.22 breaks Time Machine; (bso#15926). * mdssvc doesn't support $time.iso dates before 1970; (bso#15947). * Fix winbind cache consistency; (bso#15963). * Assert failed: (dirfd != -1) || (smb_fname->base_name[0] == '/') in vfswrap_openat; (bso#15897). * ctdb can crash with inconsistent cluster lock configuration; (bso#15950). * samba-bgqd: rework man page; (bso#15809). * samba-bgqd can't find [printers] share; (bso#15936). * Winbind can hang forever in gssapi if there are network issues; (bso#15955). * libldb requires linking libreplace on Linux; (bso#15961). - Update to 4.23.3 * Spotlight search restriction for shares incomplete and default search searches in too many attributes; (bso#15927). * Searching for numbers doesn't work with Spotlight; (bso#15930). * rpcd_mdssvc may crash because name mangling is not initialized; (bso#15931). * Only increment lease epoch if a lease was granted; (bso#15933). * vfs_recycle does not update mtime; (bso#15940). * samba-log-parser fails with UnicodeDecodeError: 'utf-8' codec can't decode byte; (bso#15943). * Crash in ctdbd on failed updateip; (bso#15935). - Update to 4.23.2 * CVE-2025-10230: Command injection via WINS server hook script (bso#15903); (bsc#1251280). * CVE-2025-9640: uninitialized memory disclosure via vfs_streams_xattr; (bso#15885); (bsc#1251279). - Update to 4.23.1 * Incomplete bind configuration causes DLZ plugin to crash; (bso#15920). * winbind can crash at startup; (bso#15914). * vfs_ceph_new should not use ceph_ll_nonblocking_readv_writev for fsync_send; (bso#15919). * CTDB does not support PCP 7.0.0; (bso#15904). * CTDB_SOCKET can be used even when CTDB_TEST_MODE is not set; (bso#15921). - Update to 4.23.0 * samba.tests.safe_tarfile fails on Python 3.13 with additional security fixes for tarfile support; (bso#15911). * samba-4.21 fails to join AD when multiple DCs are returned; (bso#15905). * Uninitialized read leads to hanging rpcd_spoolss; (bso#15908). * Stack buffer overflow in samba3.smb2.dirlease.fileserver; (bso#15907). * Regression in gssproxy support in 4.23.rc1+; (bso#15902). * 'net ads group' failed to list domain groups; (bso#15900). * macOS Finder client DFS broken on 4.22.0; (bso#15843). * Self-signed certificates don't have X509v3 Subject Alternative Name for DNS; (bso#15899). * Improve handling of principals and realms in client tools; (bso#15893). * libquic build fixes; (bso#15896). * getpwuid does not shift to new DC when current DC is down; (bso#15844). * Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName; (bso#15876). ==== sdbootutil ==== Version update (1+git20251211.b3d0304 -> 1+git20251218.1cd7294) Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper sdbootutil-tukit - Update to version 1+git20251218.1cd7294: * Improve partition detection for multipath (boo#1254317) ==== selinux-policy ==== Version update (20251211 -> 20251219) Subpackages: selinux-policy-targeted - Update to version 20251219: * Allow 'mysql-systemd-helper upgrade' to work correctly (bsc#1255024) - Save previous file contexts in /run and ensure deletion (bsc#1245303) - Update to version 20251218: * Allow systemd_udev_trigger_generator_t use CAP_SYS_RESOURCE (bsc#1255079) - Update to version 20251217: * Allow snapper_tu_etc_plugin_t to connect to machined varlink socket (bsc#1254889) * Label amavis spool directory correctly (bsc#1254438) ==== tdb ==== Version update (1.4.13 -> 1.4.14) - Add config-sitearch.patch - Update to 1.4.14 * let tdbtool return error on failure; (bso#15890). ==== tevent ==== Version update (0.16.2 -> 0.17.1) - Add config-sitearch.patch - Update to 0.17.1 * Fix 1649525 Use of 32-bit time_t * Fix Coverity ID 1649524 Dereference before null check * Fix Coverity ID 1649526 Dereference before null check - Update to 0.17.0 * add tevent_context_set_wait_timeout() * add tevent_reset_immediate() ==== timezone ==== Version update (2025b -> 2025c) - Update to 2025c: * update Baja California DST rules in 1953, 1961-1975 * An unset TZ is no longer invalid when /etc/localtime is missing, and is abbreviated "UTC" not "-00". This reverts to 2024b behavior * tzset etc. are now more cautious about questionable TZ settings. * tzset etc. now treat ' ' like '_' in time zone abbreviations * tzfree now preserves errno, consistently with POSIX.1-2024 ‘free’. * zic has new options inspired by FreeBSD. ‘-D’ skips creation of output ancestor directories, ‘-m MODE’ sets output files’ mode, and ‘-u OWNER[:GROUP]’ sets output files’ owner and group. * multiple changes visible to developers ==== userspace-rcu ==== Version update (0.14.0 -> 0.15.3) - Update to 0.15.3 * Fix: Use bitfield static assert with GCC < 7.1.0 * Fix: Allow compile-time checks for GCC 5.1 * fix: __atomic_always_lock_free() not a constant expression on g++ < 5.1 * fix: urcu assert fallback for pre-C11 builds * doc: update uatomic-api for static assert * Add uatomic size static assert for 's390' * Add uatomic size static assert for 'sparc64' * Add uatomic size static assert for 'ppc' * Add uatomic size static assert for 'x86' * Add uatomic size static assert for 'generic' * Add uatomic size static assert * Use UATOMIC_HAS_ATOMIC_INT/LLONG in generic implementation * Add UATOMIC_HAS_ATOMIC_INT/LLONG for x86 * Add UATOMIC_HAS_ATOMIC_INT/LLONG for tile * Add UATOMIC_HAS_ATOMIC_INT/LLONG for sparc64 * Add UATOMIC_HAS_ATOMIC_INT/LLONG for s390 * Add UATOMIC_HAS_ATOMIC_INT/LLONG for riscv * Add UATOMIC_HAS_ATOMIC_INT/LLONG for ppc * Add UATOMIC_HAS_ATOMIC_INT/LLONG for nios2 * Add UATOMIC_HAS_ATOMIC_INT/LLONG for mips * Add UATOMIC_HAS_ATOMIC_INT/LLONG for m68k * Add UATOMIC_HAS_ATOMIC_INT/LLONG for loongarch * Add UATOMIC_HAS_ATOMIC_INT/LLONG for ia64 * Add UATOMIC_HAS_ATOMIC_INT/LLONG for hppa * Add UATOMIC_HAS_ATOMIC_INT/LLONG for 'gcc' arch * Add UATOMIC_HAS_ATOMIC_INT/LLONG for arm * Add UATOMIC_HAS_ATOMIC_INT/LLONG for alpha * Add UATOMIC_HAS_ATOMIC_INT/LLONG for aarch64 * Add UATOMIC_HAS_ATOMIC_INT/LLONG for atomic builtins * Add builtin atomics size static asserts * cleanup: use URCU_GCC_VERSION from compiler.h * fix: atomic builtins defines for type support * Move back CMM_LOAD/STORE_SHARED to volatile access * Add cmm_annotate_mem_acquire() to URCU_DEREFERENCE_USE_VOLATILE rcu_dereference * Use uatomic_load CMM_RELAXED in URCU_DEREFERENCE_USE_VOLATILE * Fix: Re-introduce URCU_DEREFERENCE_USE_VOLATILE read barrier depends for alpha * Tree-wide: Rename to uatomic_load/uatomic_store * src: Use __*__ for attribute names * API: Use __*__ for attribute names * Fix Changelog 0.15.1 date * uatomic/generic: Add missing #include * docs: Clarify that make is required to build the project * fix: add missing SPDX headers to urcu/uatomic/api.h * compiler.h: Remove caa_unqual_scalar_typeof * Fix compilation errors * Document cmm_cast_volatile * Honor URCU_DEREFERENCE_USE_VOLATILE * arm: Use atomic builtins for xchg if supported * Introduce _CMM_TOOLCHAIN_SUPPORT_C11_MM * Seperate uatomic and uatomic_mo * uatomic: Fix header guard comment * Fix: missing typename in URCU_FORCE_CAST * Allow building with GCC >= 13.3 on RISC-V * pointer.h: Fix the rcu_cmpxchg_pointer documentation * rculfhash: make cds_lfht_iter_get_node argument const * lfstack: make cds_lfs_empty argument const * wfcqueue: make cds_wfcq_empty arguments const * wfstack: make cds_wfs_empty argument const * cds_list: make cds_list_replace @old argument const * cds_list: make cds_list_empty const * Adjust shell script to allow Bash in other locations * futex.h: Indent preprocessor directives * futex.h: Use urcu_posix_assert to validate unused values * Use futex on OpenBSD * fix: handle EINTR correctly in get_cpu_mask_from_sysfs * Relicense src/compat-smp.h to MIT * uatomic/x86: Remove redundant memory barriers * cleanup: move rand_r compat code to tests * ppc: Document cache line size choice * Fix: change order of _cds_lfht_new_with_alloc parameters * Add support for custom memory allocators for rculfhash * ppc.h: use mftb on ppc * rcutorture: Check histogram of ages * docs: Add links to project resources * Fix: allow clang to build liburcu on RISC-V * Fix -Walloc-size * cleanup: use an enum for the error states of nr_cpus_mask * fix: add missing SPDX licensing tags * urcu/uatomic/riscv: Mark RISC-V as broken * Fix: urcu-bp: misaligned reader accesses * rculfhash: Only pass integral types to atomic builtins * LoongArch: Document that byte and short atomics are implemented with LL/SC * Add LoongArch support * Tests: Add test for byte/short atomics on addresses which are not word-aligned * Complete removal of urcu-signal flavor * doc/examples: Remove urcu-signal example * tests/common: Remove urcu-signal common test files * tests/benchmark: Remove urcu-signal benchmark tests * tests/regression: Remove urcu-signal regression tests * tests/unit: Remove urcu-signal unit tests * Fix: Add missing cmm_smp_mb() in deprecated urcu-signal * urcu/uatomic.h: Improve verbosity of static assert error messages * urcu/compiler: Add urcu_static_assert * Phase 1 of deprecating liburcu-signal * uatomic/generic: Fix redundant declaration warning * tests: Add tests for checking race conditions * Add cmm_emit_legacy_smp_mb() * urcu/annotate: Add CMM annotation ... changelog too long, skipping 36 lines ... * Add support for OpenBSD ==== wayland-utils ==== Version update (1.2.0 -> 1.3.0) - Update to 1.3.0 * add color-management-v1 support * switch to the stable tablet protocol * support tablet bustype and relative dials * add color-representation-v1 support