Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version=Tumbleweed&build=20251007 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: apparmor (4.1.1 -> 4.1.2) aws-lc (1.61.2 -> 1.61.4) freerdp (3.17.0 -> 3.17.2) gimp gnome-shell (49.0+9 -> 49.0+17) libapparmor (4.1.1 -> 4.1.2) libdbusmenu-gtk2 libdbusmenu-gtk3 mpg123 (1.33.2 -> 1.33.3) mutter (49.0+43 -> 49.0+68) nvidia-open-driver-G06-signed (580.95.05_k6.17.0_1 -> 580.95.05_k6.17.0_2) openSUSE-release (20251005 -> 20251007) openjpeg2 (2.5.3 -> 2.5.4) opensuse-welcome-launcher pam_mount (2.20 -> 2.21) salt selinux-policy (20250926 -> 20251006) yast2-trans (84.87.20250928.a1cf0a56ce -> 84.87.20251004.03a20734b6) === Details === ==== apparmor ==== Version update (4.1.1 -> 4.1.2) Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - update to AppArmor 4.1.2 - several fixes (including boo#1246743) - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.1.2 for the detailed upstream changelog - remove upstream(ed) patches: - dovecot24.diff - xkeyboard.diff - add dovecot24-part2.diff: more dovecot 2.4 permissions (boo#1247470) ==== aws-lc ==== Version update (1.61.2 -> 1.61.4) Subpackages: libcrypto-awslc0 libssl-awslc0 - update to version 1.61.4: * Pin PyCA version in python integration tests * Check compiler for 'linux/random.h' - update to version 1.61.3: * Remove jitter entropy tests folder ==== freerdp ==== Version update (3.17.0 -> 3.17.2) Subpackages: libfreerdp3-3 librdtk0-0 libwinpr3-3 - Update to version 3.17.2: + Minor improvements and bugfix release. + Most notably resource usage (file handles) has been greatly reduced and static build pkg-config have been fixed. For users of xfreerdp RAILS/RemoteApp mode the switch to DesktopSession mode has been fixed (working UAC screen) - Changes from version 3.17.1 + Minor improvements and bugfix release. * most notably a memory leak was addressed * fixed header files missing C++ guards * xfreerdp as well as the SDL clients now support a system wide configuration file * Heimdal kerberos support was improved * builds with [MS-RDPEAR] now properly abort at configure if Heimdal is used (this configuration was never supported, so ensure nobody compiles it that way) - Add 11876.patch: properly set requires fields for pkgconfig and cmake files ==== gimp ==== Subpackages: gimp-plugin-aa gimp-plugin-python3 libgimp-3_0-0 libgimpui-3_0-0 - Add gimp-CVE-2025-10925.patch: Fix GIMP ILBM file parsing stack-based buffer overflow remote code execution vulnerability. (CVE-2025-10925, ZDI-25-914, ZDI-CAN-27793, bsc#1250501) - Add gimp-CVE-2025-10922.patch: Fix GIMP DCM file parsing heap-based buffer overflow remote code execution vulnerability. (CVE-2025-10922, ZDI-25-911, ZDI-CAN-27863, bsc#1250497) - Add gimp-CVE-2025-10920.patch: Prevent overflow attack by checking if output >= max, not just output > max. (CVE-2025-10920, ZDI-25-909, ZDI-CAN-27684, bsc#1250495) ==== gnome-shell ==== Version update (49.0+9 -> 49.0+17) Subpackages: gnome-extensions gnome-shell-calendar - Add gnome-shell-no-gnome-tour.patch: Do not ask to launch gnome-tour; openSUSE handles the logic in opensuse-welcome-launcher - Update to version 49.0+17: * st/theme-context: Warn instead of crashing on unsupported accent colors * panelMenu: Remove invalid last argument to PopupMenu constructor * notificationDamon: Always send the activation token * data: Do not bundle org.freedesktop.Application interface * data: Remove unused D-Bus interface * overviewControls: Ensure ws thumbnails are expanded before fading in * gdm/authPrompt: Fix key focus handling on choice list * Updated translations. ==== libapparmor ==== Version update (4.1.1 -> 4.1.2) - update to AppArmor 4.1.2 - several fixes (including boo#1246743) - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.1.2 for the detailed upstream changelog - remove upstream(ed) patches: - dovecot24.diff - xkeyboard.diff - add dovecot24-part2.diff: more dovecot 2.4 permissions (boo#1247470) ==== libdbusmenu-gtk2 ==== - Enable valgrind on riscv64 ==== libdbusmenu-gtk3 ==== - Enable valgrind on riscv64 ==== mpg123 ==== Version update (1.33.2 -> 1.33.3) Subpackages: libmpg123-0 mpg123-openal - Update to version 1.33.3 libmpg123: * Consolidate and more consistently use .rodata switch in macro. ==== mutter ==== Version update (49.0+43 -> 49.0+68) - Update to version 49.0+68: * window/wayland: Use constrained rect when deciding configuration * wayland/xdg-shell: - Create window after setting resources - Ensure applied window geometry is always non-empty - Make invalid geometry warning more descriptive * tests/wayland: - Add test for invalid geometry with subsurface - Add test case for client with invalid geometry * wayland/shell-surface: Assume geometry empty if no buffer attached * wayland/surface: Make state-applied logs more informative * tests: - Add test checking maximized window position on workspace changes - Add some tests for wl_keyboard behavior * core: Let key presses of special modifiers through * clutter/frame-clock: - Allow scheduling a clock tick despite a pending later tick - For FRR schedule_later update, use next_update_time_us * window: Fixup flagging META_MOVE_RESIZE_RECT_INVALID only when invalid * seat/native: Steal another error before returning in task * wayland: - Check modifier state from event prior to event delivery - Always send configure event after xdg_popup::reposition - Require pointer interaction prior to allowing pointer warp - Add helper to check the order of two serials - Check event type, use CLUTTER_KEY_STATE for modifiers during DnD * udev: Don't leak parent * prefs: Fallback cursor size to 24 when invalid value in settings * cursor-renderer/native: Sanity check texture size before allocating * clutter/gesture: Do not crash on unknown events * Updated translations. - Drop mutter-fix-modifiers.patch: Fixed upstream. ==== nvidia-open-driver-G06-signed ==== Version update (580.95.05_k6.17.0_1 -> 580.95.05_k6.17.0_2) - update non-CUDA variant to 580.95.05 ==== openSUSE-release ==== Version update (20251005 -> 20251007) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== openjpeg2 ==== Version update (2.5.3 -> 2.5.4) - Update to 2.5.4: * No API/ABI break compared to v2.5.3 Bug fixes: * opj_jp2_read_header: Check for error after parsing header. #1573 * pkgconfig: drop unused libraries from Libs.private #1591 * Fix CMake warning: Compatibility with CMake < 3.10 will be removed #1580 * Fixed ICC profile copy failure on write #1574 ==== opensuse-welcome-launcher ==== - Be less hacky about the fallback, but rather explicitly assign opensuse-welcome to KDE for now and switch GNOME to gnome-tour. - Require gnome-tour when gnome-session is installed. ==== pam_mount ==== Version update (2.20 -> 2.21) Subpackages: libcryptmount0 - Update to release 2.21 * Support for building with libHX 5.0 ==== salt ==== Subpackages: python311-salt salt-master salt-minion - Use versioned python interpreter for salt-ssh - Added: * use-versioned-python-interpreter-for-salt-ssh.patch - Fix known_hosts error on gitfs (bsc#1250520) (bsc#1227207) - Added: * allow-libgit2-to-guess-sysdir-homedir-successfully-b.patch ==== selinux-policy ==== Version update (20250926 -> 20251006) Subpackages: selinux-policy-targeted - Update to version 20251006: * Allow sshd_session_t write to wtmpdb * Support /usr/libexec/ssh as well as openssh folder * Set xenstored_use_store_type_domain boolean true(bsc#1247875) * Adjust guest and xguest users policy for sshd-session * Allow valkey-server create and use netlink_rdma_socket * Allow blueman get attributes of filesystems with extended attributes * Update files_search_base_file_types() * Allow geoclue get attributes of the /dev/shm filesystem * Allow apcupsd get attributes of the /dev/shm filesystem * Allow sshd-session read cockpit pid files * Allow nfs generator create and use netlink sockets * Conditionally allow virt guests to read certificates in user home directories * xenstored_t needs CAP_SYS_ADMIN for XENSTORETYPE=domain (bsc#1247875) * Allow nfs-generator create and use udp sockets * Allow kdump search kdumpctl_tmp_t directories * Allow init open and read user tmp files * Fix the systemd_logind_stream_connect() interface * Allow staff and sysadm execute iotop using sudo * Allow sudodomains connect to systemd-logind over a unix socket * /boot/efi is dosfs_t and kdump needs to access it (bsc#1249370) * Add default contexts for sshd-seesion * Define types for new openssh executables * Fix systemd_manage_unit_symlinks() interface definition * Support coreos installation methods * Add a new type for systemd-ssh-issue PID files * Allow gnome-remote-desktop connect to unreserved ports * Allow mdadm the CAP_SYS_PTRACE capability * Allow iptables manage its private fifo_files in /tmp * Allow auditd manage its private run dirs * Revert "Allow virt_domain write to virt_image_t files" - Syncing with upstream rawhide selinux-policy up to: * 415b33792f9ea17d816a9e2602cddf21c16e7255 - Update embedded container-selinux version to commit: * edfbda465d37deb2a831330a2c3c65b557e6dff5 (version 2.242.0) ==== yast2-trans ==== Version update (84.87.20250928.a1cf0a56ce -> 84.87.20251004.03a20734b6) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20251004.03a20734b6: * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (German) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Slovak) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * Update translation files * New POT for text domain 'bootloader'.
