Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version=Tumbleweed&build=20260315 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: ImageMagick (7.1.2.15 -> 7.1.2.16) Mesa (26.0.1 -> 26.0.2) Mesa-drivers (26.0.1 -> 26.0.2) MozillaFirefox (148.0 -> 148.0.2) apache2-mod_php8 (8.4.18 -> 8.4.19) bind clamav (1.5.1 -> 1.5.2) curl (8.18.0 -> 8.19.0) flashrom (v1.7.0+git0.26b070db -> 1.7.0+git0.26b070db) gcc15 giflib grub2 kernel-source (6.19.6 -> 6.19.7) lapack lensfun libavif (1.3.0 -> 1.4.0) libdbusmenu-gtk2 libdbusmenu-gtk3 libpciaccess (0.18.1 -> 0.19) libplacebo (7.360.0 -> 7.360.1) libsolv (0.7.35 -> 0.7.36) libsrtp2 (2.7.0 -> 2.8.0) libstorage-ng (4.5.305 -> 4.5.307) libxslt libzypp (17.38.2 -> 17.38.4) llvm21 nfs-utils nghttp3 (1.14.0 -> 1.15.0) ngtcp2 (1.19.0 -> 1.21.0) open-iscsi openSUSE-build-key openSUSE-release (20260310 -> 20260315) openexr ovmf pam pam-full-src pavucontrol (6.1 -> 6.2) pcsc-cyberjack (3.99.5final.SP16 -> 3.99.5final.SP17) perl-Clone (0.470.0 -> 0.480.0) perl-LWP-Protocol-https (6.140.0 -> 6.150.0) perl-MIME-tools (5.515.0 -> 5.517.0) perl-Mail-AuthenticationResults (2.20250709 -> 2.20260216) perl-TimeDate (2.330.0 -> 2.340.0) php8 (8.4.18 -> 8.4.19) postfix (3.11.0 -> 3.11.1) python-Pillow python-gobject (3.56.0 -> 3.56.1) python-httpx python-tornado6 (6.5.4 -> 6.5.5) qt6-base sdbootutil (1+git20260303.90d816d -> 1+git20260313.ff5ea17) selinux-policy (20260310 -> 20260311) sg3_utils (1.48+9.ecc03bb -> 1.48+13.54da4276) systemd (259.3 -> 259.5) unbound xdg-utils (1.2.1 -> 1.2.0+20251025) zypper (1.14.94 -> 1.14.95) === Details === ==== ImageMagick ==== Version update (7.1.2.15 -> 7.1.2.16) Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - version update to 7.1.2.16 * Add overflow check to JXL write path #8591 * fix heap over-read in BilateralBlurImage with even-dimension kernels #8595 * Add overflow checks to PS3 write path #8590 * Add overflow check to sixel write path #8587 * Add overflow check to SGI write path #8588 * Add overflow checks to BMP/DIB write paths and DIB read path #8573 * fix NULL pointer dereference in HEIC NCLX color profile allocation #8585 * Fix double-free in SVG gradientTransform / transform parsing #8583 * Typo fix in coders/dng.c #8580 ==== Mesa ==== Version update (26.0.1 -> 26.0.2) Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1 - Update to 26.0.2 bugfix release - -> https://docs.mesa3d.org/relnotes/26.0.2 - adjusted logic for %suse_version bump with SLE16.1 Beta2 (jsc#PED-15825) ==== Mesa-drivers ==== Version update (26.0.1 -> 26.0.2) Subpackages: Mesa-dri Mesa-libva Mesa-vulkan-device-select libvulkan_lvp - Update to 26.0.2 bugfix release - -> https://docs.mesa3d.org/relnotes/26.0.2 - adjusted logic for %suse_version bump with SLE16.1 Beta2 (jsc#PED-15825) ==== MozillaFirefox ==== Version update (148.0 -> 148.0.2) Subpackages: MozillaFirefox-branding-upstream - Mozilla Firefox 148.0.2 * https://www.firefox.com/en-US/firefox/148.0.2/releasenotes MFSA 2026-19 (boo#) * CVE-2026-3846 (bmo#2018400) Same-origin policy bypass in the CSS Parsing and Computation component * CVE-2026-3847 (bmo#2017513, bmo#2017622, bmo#2019341) Memory safety bugs fixed in Firefox 148.0.2 * Fixed an issue where searches entered in the Firefox Home search field were incorrectly redirected to the address bar for some users who had disabled search handoff behavior via advanced settings. (bmo#2017049) * Fixed an issue where some web-based rich text editors stopped applying formatting, such as bold or italic. (bmo#2020927) * Fixed an issue where videos could autoplay unexpectedly on YouTube despite autoplay being blocked, particularly impacting screen reader users. (bmo#2020233) * Fixed an issue that caused some absolutely positioned elements meant to be centered, for example, using `margin: auto with inset: 0`, to appear left-aligned on initial load. (bmo#2017440) * Fixed an issue where the âSwitch to Tabâ suggestion in the address bar appeared blank for pages without a title. (bmo#2020341) ==== apache2-mod_php8 ==== Version update (8.4.18 -> 8.4.19) - version update to 8.4.19 Core: Fixed bug GH-21029 (zend_mm_heap corrupted on Aarch64, LTO builds). Fixed bug GH-20657 (Assertion failure in zend_lazy_object_get_info triggered by setRawValueWithoutLazyInitialization() and newLazyGhost()). Fixed bug GH-20504 (Assertion failure in zend_get_property_guard when accessing properties on Reflection LazyProxy via isset()). Fixed OSS-Fuzz #478009707 (Borked assign-op/inc/dec on untyped hooked property backing value). Fixed bug GH-21215 (Build fails with -std=). Fixed bug GH-13674 (Build system installs libtool wrappers when using slibtool). Curl: Fixed bug GH-21023 (CURLOPT_XFERINFOFUNCTION crash with a null callback). Don't truncate length. Date: Fixed bug GH-20936 (DatePeriod::__set_state() cannot handle null start). Fix timezone offset with seconds losing precision. DOM: Fixed bug GH-21077 (Accessing Dom\Node::baseURI can throw TypeError). Fixed bug GH-21097 (Accessing Dom\Node properties can can throw TypeError). MBString: Fixed bug GH-21223; mb_guess_encoding no longer crashes when passed huge list of candidate encodings (with 200,000+ entries). Opcache: Fixed bug GH-20718 ("Insufficient shared memory" when using JIT on Solaris). Fixed bug GH-21227 (Borked SCCP of array containing partial object). Fixed bug GH-21052 (Preloaded constant erroneously propagated to file-cached script). OpenSSL: Fix a bunch of leaks and error propagation. PCNTL: Fixed pcntl_setns() internal errors handling regarding errnos. Fixed cpuset leak in pcntl_setcpuaffinity on out-of-range CPU ID on NetBSD/Solaris platforms. Fixed pcntl_signal() signal table registering the callback first OS-wise before the internal list. Fixed pcntl_signal_dispatch() stale pointer and exception handling. PCRE: Fixed preg_match memory leak with invalid regexes. PDO_PGSQL: Fixed bug GH-21055 (connection attribute status typo for GSS negotiation). PGSQL: Fixed bug GH-21162 (pg_connect() memory leak on error). Sockets: Fixed bug GH-21161 (socket_set_option() crash with array 'addr' entry as null). Fixed possible addr length overflow with socket_connect() and AF_UNIX family sockets. Windows: Fixed compilation with clang (missing intrin.h include). ==== bind ==== Subpackages: bind-doc bind-utils - Update %suse_version checks for SLES 16.x (jsc#PED-15788) ==== clamav ==== Version update (1.5.1 -> 1.5.2) Subpackages: libclamav12 libclammspack0 libfreshclam4 - New version 1.5.2: * bsc#1259207, CVE-2026-20031: Fixed an error handling bug in the HTML file parser that may crash the program and cause a denial-of-service (DoS) condition. This issue was introduced in version 1.1.0. * Fixed a possible infinite loop when scanning some JPEG files by upgrading affected ClamAV dependency, a Rust image library. * The CVD verification process will now ignore certificate files in the CVD certs directory when the user lacks read permissions. * Freshclam: Fix CLD verification bug with PrivateMirror option. * Upgraded the Rust bytes dependency to a newer version to resolve RUSTSEC-2026-0007 advisory. * Fixed a possible crash caused by invalid pointer alignment on some platforms. * Minimal required Rust version is now 1.87. - bsc#1258072: Require main and library packages to be of the same version and release. Given that all the core functionality is in the libraries it makes little sense to update the main package alone. - jsc-PED-14819: Support transactional updates. - Fix testsuite error on SLE-15-SP6 by falling back to rust1.86. ==== curl ==== Version update (8.18.0 -> 8.19.0) Subpackages: libcurl4 - Update to 8.19.0: * Security fixes: - CVE-2026-1965: Bad reuse of HTTP Negotiate connection (bsc#1259362) - CVE-2026-3783: Token leak with redirect and netrc (bsc#1259363) - CVE-2026-3784: Wrong proxy connection reuse with credentials (bsc#1259364) - CVE-2026-3805: Use after free in SMB connection reuse (bsc#1259365) * Changes: - BUG-BOUNTY.md: we stop the bug-bounty end of Jan 2026 - cmake: add 'CURL_BUILD_EVERYTHING' option - mqtt: initial support for MQTTS - tool: support fractions for --limit-rate and --max-filesize - tool_cb_hdr: with -J, use the redirect name as a backup - vquic: drop support for OpenSSL-QUIC * Bugfixes: - altsvc: only accept 17 byte dates from files - asyn-ares: abort with OOM error when Curl_dnscache_mk_entry fails - build: move curl stat struct type to the curlx namespace - build: require POSIX 'strdup()' - build: tidy up and dedupe 'strdup' functions - cf-socket: ignore SOCK_CLOEXEC etc for socktype equality checks - cf-socket: use SOCK_CLOEXEC in socket_open when available - cmake: reference OpenSSL and ZLIB imported targets only when enabled - cmake: skip binutils ld hack if zlib/openssl target is not 'IMPORTED' - config2setopts: acknowledge OOM error from CURLOPT_MIMEPOST - curl: add -I and -i to -h important - curl_setup.h: simplify curl memory macro mappings - curlx: drop unused 'curlx_saferealloc()' - digest: escape double quotes and backslashes in realm and nonce - digest: fix memory leak in auth_create_digest_http_message() - digest: handle quotes in the path - easy: reset errorbuf on eyeballing success - easy: reset pausing when resetting request - ftp: replace a 'curlx_free()' with 'curlx_dyn_free()' - ftp: split ftp_state_use_port into sub functions - GOVERNANCE.md: Post-Daniel BDFL - gss: exclude verbose error logic from non-verbose builds - h2+h3: align stream close handling - hostip.c: fix leak of addrinfo - hostip6: remove debug-only code - hostip: fix unreachable code in rare build configuration - http/3: add description for known server error codes - http1: fix potential NULL dereference in 'Curl_h1_req_parse_read()' - http: only send bearer if auth is allowed - imap: add a check for Curl_meta_get() - imap: check 'imap_sendf()' printf masks at compile-time - imap: skip literals inside quoted strings - include: mask computed auth/proto bitmasks to 32 bits - lib: disable websockets early if no http - lib: make sigpipe handling more lazy - lib: reorder protocol functions to avoid forward declarations (email,ftp, misc, ssh) - lib: separate scheme info from protocol implementation - lib: use (u)int64_t instead of long long - mbedtls: guard TLS 1.3 + session tickets usage inside ifdef - mbedtls: no pinnedpubkey wo MBEDTLS_SSL_KEEP_PEER_CERTIFICATE - md4, md5: drop redundant forward declarations - md4, md5: replace custom types with 'uint32_t' - mimepost: allocate main struct on-demand - mk-ca-bundle.pl: drop support for obsolete/insecure fingerprint algos - mqtt: better too-big-message-check - mqtt: fix EOF handling - mqtt: verify Remaining Length for CONNACK and PUBACK - multi: avoid a theoretical 32-bit wrap - multi: probe for IPv6 functionality in multi_init() - noproxy: simplify, don't mix const non-const in strchr() - openldap: avoid forward declarations in ldaps code - openssl+ech: workaround for insecure handshakes - openssl: adapt to OpenSSL master adding const to more APIs - OpenSSL: check reuse of sessions for verify status - openssl: disable local keylog feature if built-in upstream - openssl: fix compiler warning with OpenSSL master - openssl: fix potential OOB read in debug/verbose logging - quiche: use PRIu64 for outputting the stream id - request.h: rename parameter 'buf' to 'req' in Curl_req_send - rtsp: fix assertion failure on zero-length RTP payload - rtspd: fix to check 'realloc()' result - setopt: refuse blobs with zero length - ssh: dedupe state change function - tftp: correct the filename length check - timeout handling: auto-detect effective timeout - tls: add new SSLSUPP flags for several options - tls: remove checks for DEFAULT - tool: enable header separation for HTTPS proxies - tool_cb_hdr: suppress header output when --out-null - tool_operate: reset the URL --url-query between --next - url: fix reuse of connections using HTTP Negotiate - urlapi: use U_CURLU_URLDECODE when toggling it off unsigned - urldata: byebye 'conn->hostname_resolve' - urldata: change 'keep_post' into three distinct bitfields - urldata: convert 'long' fields to fixed variable types - urldata: switch to uint* types - usercertinmem: use the correct cert BIO - vquic: handle SOCKEMSGSIZE correctly - vtls: dedupe common on-session-reuse logic - vtls: use ALPN http/1.0 & http/1.1 for HTTP/1.0 requests - VULN-DISCLOSURE-POLICY.md: push reports to the web form - VULN-DISCLOSURE-POLICY.md: use hackerone - x509asn1: make encodeOID stop on too long input * Remove now unrecognized option --with-openssl-quic * Rebase patches: - curl-disabled-redirect-protocol-message.patch - dont-mess-with-rpmoptflags.patch - libcurl-ocloexec.patch - Build with --enable-ntlm. Certain Exchange Server endpoints oddly permit NTLM but not Basic-type authentication. ==== flashrom ==== Version update (v1.7.0+git0.26b070db -> 1.7.0+git0.26b070db) - Simplify version rewrite to correctly strip leading v, avoiding "downgrade" from X.X.X to vX.X.X ==== gcc15 ==== - Update gcc15-Wtime_t-conversion.patch to allow conversions to/from uint32_t. Filter out -Wtime_t-conversion from flags to build D target library files. ==== giflib ==== - Added patch: * 0001-Avoid-potentuial-double-free-on-weird-images.patch + fixing bsc#1259502 (CVE-2026-23868): double-free result of a shallow copy can lead to memory corruption ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-arm64-efi-bls grub2-common grub2-snapper-plugin grub2-systemd-sleep-plugin - Fix LoaderConfigTimeout and LoaderConfigTimeoutOneshot (bsc#1259477) * grub2-bls-loader-config-timeout-fix.patch ==== kernel-source ==== Version update (6.19.6 -> 6.19.7) Subpackages: kernel-64kb kernel-default - Linux 6.19.7 (bsc#1012628). - perf/core: Fix refcount bug and potential UAF in perf_mmap (bsc#1012628). - drm/vmwgfx: Fix invalid kref_put callback in vmw_bo_dirty_release (bsc#1012628). - drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1012628). - debugobject: Make it work with deferred page initialization - again (bsc#1012628). - drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() (bsc#1012628). - KVM: arm64: Hide S1POE from guests when not supported by the host (bsc#1012628). - KVM: arm64: Fix ID register initialization for non-protected pKVM guests (bsc#1012628). - drm/fourcc: fix plane order for 10/12/16-bit YCbCr formats (bsc#1012628). - drm/tiny: sharp-memory: fix pointer error dereference (bsc#1012628). - irqchip/sifive-plic: Fix frozen interrupt due to affinity setting (bsc#1012628). - scsi: lpfc: Properly set WC for DPP mapping (bsc#1012628). - scsi: pm8001: Fix use-after-free in pm8001_queue_command() (bsc#1012628). - accel: ethosu: Fix shift overflow in cmd_to_addr() (bsc#1012628). - drm/imx: parallel-display: check return value of devm_drm_bridge_add() in imx_pd_probe() (bsc#1012628). - drm/bridge: synopsys: dw-dp: Check return value of devm_drm_bridge_add() in dw_dp_bind() (bsc#1012628). - ALSA: scarlett2: Fix DSP filter control array handling (bsc#1012628). - ALSA: usb-audio: Remove VALIDATE_RATES quirk for Focusrite devices (bsc#1012628). - ALSA: usb-audio: Add QUIRK_FLAG_SKIP_IFACE_SETUP (bsc#1012628). - gpio: shared: fix memory leaks (bsc#1012628). - x86/fred: Correct speculative safety in fred_extint() (bsc#1012628). - x86/bug: Handle __WARN_printf() trap in early_fixup_exception() (bsc#1012628). - x86/cfi: Fix CFI rewrite for odd alignments (bsc#1012628). - sched/fair: Rename cfs_rq::avg_load to cfs_rq::sum_weight (bsc#1012628). - sched/fair: Rename cfs_rq::avg_vruntime to ::sum_w_vruntime, and helper functions (bsc#1012628). - sched/fair: Introduce and use the vruntime_cmp() and vruntime_op() wrappers for wrapped-signed aritmetics (bsc#1012628). - sched/fair: Fix zero_vruntime tracking (bsc#1012628). - sched/fair: Only set slice protection at pick time (bsc#1012628). - sched/eevdf: Update se->vprot in reweight_entity() (bsc#1012628). - sched/fair: Fix lag clamp (bsc#1012628). - rseq: Clarify rseq registration rseq_size bound check comment (bsc#1012628). - perf/core: Fix invalid wait context in ctx_sched_in() (bsc#1012628). - accel/amdxdna: Remove buffer size check when creating command BO (bsc#1012628). - accel/amdxdna: Switch to always use chained command (bsc#1012628). - accel/amdxdna: Fix crash when destroying a suspended hardware context (bsc#1012628). - accel/amdxdna: Reduce log noise during process termination (bsc#1012628). - accel/amdxdna: Fix dead lock for suspend and resume (bsc#1012628). - accel/amdxdna: Fix suspend failure after enabling turbo mode (bsc#1012628). - accel/amdxdna: Fix command hang on suspended hardware context (bsc#1012628). - accel/amdxdna: Fix out-of-bounds memset in command slot handling (bsc#1012628). - accel/amdxdna: Prevent ubuf size overflow (bsc#1012628). - accel/amdxdna: Validate command buffer payload count (bsc#1012628). - drm/xe/wa: Steer RMW of MCR registers while building default LRC (bsc#1012628). - cgroup/cpuset: Fix incorrect change to effective_xcpus in partition_xcpus_del() (bsc#1012628). - cgroup/cpuset: Fix incorrect use of cpuset_update_tasks_cpumask() in update_cpumasks_hier() (bsc#1012628). - clk: scu/imx8qxp: do not register driver in probe() (bsc#1012628). - cxl: Move devm_cxl_add_nvdimm_bridge() to cxl_pmem.ko (bsc#1012628). - cxl: Fix race of nvdimm_bus object when creating nvdimm objects (bsc#1012628). - cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user_allowed() (bsc#1012628). - scsi: ufs: core: Move link recovery for hibern8 exit failure to wl_resume (bsc#1012628). - regulator: fp9931: Fix PM runtime reference leak in fp9931_hwmon_read() (bsc#1012628). - regulator: bq257xx: Fix device node reference leak in bq257xx_reg_dt_parse_gpio() (bsc#1012628). - irqchip/ls-extirq: Fix devm_of_iomap() error check ... changelog too long, skipping 501 lines ... - commit ac981d7 ==== lapack ==== Subpackages: libblas3 libcblas3 liblapack3 - Add %bcond_with{,out} alternatives and disable by default for SLFO. - Split baselibs.conf into two flavors, one for update-alternatives, one for dropping them. Decide in %prep which one to choose. ==== lensfun ==== Subpackages: lensfun-data liblensfun1 - Update lens databse ==== libavif ==== Version update (1.3.0 -> 1.4.0) - update to 1.4.0: * Added since 1.3.0 - Allow avifenc to read png or jpeg files through stdin using --stdin-format. - Support some Sample Transform schemes as defined in the version 1.2 of the AVIF specification. - Add an optional argument to the --depth flag of avifenc used to enable a bit depth extension scheme in the encoded file. - Add support for converting jpeg files with Apple style gain maps. - Add support for PNG cICP chunk when decoding PNG files. If a PNG file contains a cICP chunk and other color information chunks, such as iCCP (ICC profile), the other chunks are ignored as per the PNG Specification Third Edition Section 4.3. - Support reading Sample-Transform-based 16-bit AVIF files when avifDecoder::imageContentToDecode & AVIF_IMAGE_CONTENT_SAMPLE_TRANSFORMS is not zero. - Support Sample Transform derived image items with grid input image items. - Add --sato flag to avifdec to enable Sample Transforms support at decoding. - Add --grid option to avifgainmaputil. - Apply clean aperture crop, rotation and mirror when decoding to PNG or JPEG. Remove orientation information from Exif if present. - Add avif::RGBImageCleanup to the C++ API. * Changed since 1.3.0 - Set avifDecoder::image->depth to the same value after avifDecoderParse() as after avifDecoderNextImage() when the file to decode contains a 'sato' derived image item. - avifdec only enables Sample Transform decoding when --depth is set to 16. - Update dav1d.cmd/dav1d_android.sh/LocalDav1d.cmake: 1.5.3 - Update googletest.cmd/LocalGTest.cmake: v1.17.0 - Update libgav1.cmd: v0.20.0 - Update libjpeg.cmd/LocalJpeg.cmake: 3.1.3 - Update libyuv.cmd/LocalLibyuv.cmake: deeb764bb (1922) - Update libsharpyuv.cmd/LocalLibsharpyuv.cmake: v1.6.0 - Update libxml2.cmd/LocalLibXml2.cmake: v2.15.1 - Update aom.cmd/LocalAom.cmake: v3.13.1 - Update LocalAvm.cmake: research-v13.0.0 - Update rav1e.cmd/LocalRav1e.cmake: cargo-c v0.10.20, corrosion v0.6.1, rav1e v0.8.1 - Update svt.cmd/svt.sh/LocalSvt.cmake: v4.0.1 - Update zlibpng.cmd/LocalZlibpng.cmake: libpng 1.6.55, zlib 1.3.2 - Fix grayscale conversion when changing the bit depth. - Bump cmake_minimum_required from 3.13 to 3.22 - Associate transformative properties with alpha auxiliary image items. - Always forward the CICP color primaries, transfer characteristics, and matrix coefficients to the AV1 encoder, which writes them in the Sequence Header OBU, for compatibility with libraries that wrongly ignore the colr box. - Use a "quality to quantizer (QP)" mapping formula designed for AOM_TUNE_IQ. - Set tuning before applying the user-provided specific aom codec options. - Use AOM_TUNE_PSNR by default when encoding alpha with libaom because AOM_TUNE_SSIM causes ringing for alpha. - Use AOM_TUNE_IQ by default when encoding still non-RGB color samples with libaom v3.13.0 or later. - Converting an image containing a gain map using avifenc with the --grid flag now also splits the gain map into a grid. - In avifenc, set Exif orientation to 1 (no transformation) when converting JPEGs to AVIF. - Use all-intra encoding for a layered image if the total number of layers is 2 and the quality of the first layer is very low (q <= 10). * Removed since 1.3.0 - Remove ext/avm.cmd. - Remove the AVIF_ENABLE_EXPERIMENTAL_SAMPLE_TRANSFORM CMake flag. - Remove support for libaom versions up to 2.0.0 inclusive. - Un-export the private function avifImagePushProperty(). ==== libdbusmenu-gtk2 ==== - drop unneeded dependency on gnome-doc-utils (boo#1259023) ==== libdbusmenu-gtk3 ==== - drop unneeded dependency on gnome-doc-utils (boo#1259023) ==== libpciaccess ==== Version update (0.18.1 -> 0.19) - Update to version 0.19 * This release adds a new pci_device_is_boot_display() API, with support currently implemented only for Linux systems using sysfs. * It also adds a -Dinstall-scanpci option to the meson configuration for those who want to install this version of scanpci. * In addition, it corrects build issues on FreeBSD 15 and DragonFly, and fixes a long-standing bug if there were multiple users of libpciaccess in the same process and one called pci_system_cleanup before the others were done using pciaccess. ==== libplacebo ==== Version update (7.360.0 -> 7.360.1) - Update libplacebo to version 7.360.1. See details in: https://code.videolan.org/videolan/libplacebo/-/tags/v7.360.1 ==== libsolv ==== Version update (0.7.35 -> 0.7.36) Subpackages: libsolv-tools-base libsolv1 ruby-solv - respect the "default" attribute in environment optionlist in the comps parser - support suse namespace deps in boolean dependencies [bsc#1258193] - support for the Elbrus2000 (e2k) architecture - support language() suse namespace rewriting - bump version to 0.7.36 ==== libsrtp2 ==== Version update (2.7.0 -> 2.8.0) - Update to release 2.8 * Properly support null crypto and null auth scenario (fixes unencrypted SRTP failing with gstreamer's gstsrtp plugin). * The key derivation function was not compliant with the RFC6188 when dealing with AES192CM, which has been fixed. ==== libstorage-ng ==== Version update (4.5.305 -> 4.5.307) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - Translated using Weblate (Spanish) (bsc#1149754) - 4.5.307 - merge gh#openSUSE/libstorage-ng#1062 - use ssh control master in remote probing example - 4.5.306 ==== libxslt ==== Subpackages: libexslt0 libxslt-tools libxslt1 - Add libxslt-raise-max-parameters.patch to raise the number of MAX_PARAMETERS [bsc#1258990] ==== libzypp ==== Version update (17.38.2 -> 17.38.4) - Fix Product::referencePackage lookup (bsc#1259311) Use a provided autoproduct() as hint to the package name of the release package. It might be that not just multiple versions of the same release package provide the same product version, but also different release packages. - version 17.38.4 (35) - specfile: on fedora use %{_prefix}/share as zyppconfdir if %{_distconfdir} is undefined (fixes #693) This will set '-DZYPPCONFDIR=%{zyppconfdir}' for cmake. - Fall back to a writable location when precaching packages without root (bsc#1247948) - version 17.38.3 (35) ==== llvm21 ==== - Exclude bolt from update-alternatives: the runtime libraries are unversioned, so multiple versions of the package cannot coexist. ==== nfs-utils ==== Subpackages: libnfsidmap1 nfs-client nfs-kernel-server - Fix nfsrahead crash (bsc#1259595) - Add nfsrahead-quieten-misleading-error-for-non-NFS-block-devic.patch - Add nfsrahead-zero-initialise-device_info-struct.patch - Update to 2.8.6: https://mirrors.edge.kernel.org/pub/linux/utils/nfs-utils/2.8.6/2.8.6-Changelog * Fix access checks when mounting subdirectories in NFSv3 * support: Add a mini-library to extract and apply RPC credentials * mountd: Separate lookup of the exported directory and the mount path * mountd: Minor refactor of get_rootfh() * mountstats: Fix per-operation percentages with nconnect * nfsdclnts: fix display of stateids where the kernel doesn't provide the superblock * nfsrahead: enable event-driven mountinfo monitoring and skip non-NFS devices * Revert "nfsrahead: enable event-driven mountinfo monitoring" * gssd: add a helper to determine the set of encryption types to pass to limit_krb5_enctypes() * gssd: get the permitted enctypes from the krb5 library on startup * gssd: add enctypes_list_to_string() * gssd: remove the limit-to-legacy-enctypes option * conffile: fix discards const from pointer target * mount.nfs: fix discards const from pointer target * nfsrahead: enable event-driven mountinfo monitoring * nfsdctl: load modules on nl family resolution error * nfsdctl: remove unneeded newlines from xlog() format strings * nfsdctl: query netlink policy before sending the minthreads attribute to kernel * nfsdctl: only resolve netlink family names once * nfsdctl: unconditionally enable support for min-threads ==== nghttp3 ==== Version update (1.14.0 -> 1.15.0) - Update to 1.15.0: * Add nghttp3_conn_submit_request2 to set client-side scheduling hint * Make client-side scheduling incremental by default * Remove nghttp3_conn_submit_request2 * Introduce nghttp3_strlen_lit * Move aux objects into the individual frames * Add const to nghttp3_frame_settings.local_settings ==== ngtcp2 ==== Version update (1.19.0 -> 1.21.0) Subpackages: libngtcp2-16 libngtcp2_crypto_gnutls8 - Update tto 1.21.0: * Fix Initial/Handshake packet construction * bbr: Rework spurious loss handling based on the latest draft * Assert that nwrite is not larger than the provided buffer length * log: Remove unused ngtcp2_log_tx_cancel * Remove ngtcp2_datagram.rdata * Rename in6_addr to s6_addr * bbr: Add const qualifier ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0 - Update to version 2.1.11.suse+88.8e0635b3: * Make iface.example a doc file. (#526) * Updated SPEC file to deliver iface.example as a %doc file, no longer in the database directory. ==== openSUSE-build-key ==== - add the openSUSE post quantum key in /usr/lib/rpm/pqkeys/ ==== openSUSE-release ==== Version update (20260310 -> 20260315) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== openexr ==== Subpackages: libIex-3_4-33 libIlmThread-3_4-33 libOpenEXR-3_4-33 libOpenEXRCore-3_4-33 - added patches fix build with glibc 2.43 [bsc#1258747] * openexr-glibc-2.43.patch ==== ovmf ==== Subpackages: qemu-uefi-aarch64 - Deprecate the 2MB OVMF image (jsc#PED-12652) - Remove ovmf-x86_64 - Remove ovmf-x86_64-xen - Remove ovmf-OvmfPkg-Adjust-Memory-Layout-for-2MB-OVMF.patch - Add patch to fix truncation screen issue (bsc#1259122) - ovmf-MdeModulePkg-ConSplitterDxe-Set-default-ConOut-mode.patch - Add patch to fix crash on RISC-V without a TPM device: * ovmf-OvmfPkg-RiscVVirt-PlatformPei-Do-not-set-PcdTpmBaseA.patch ==== pam ==== - pam_unix-selinux.patch: always call unix_update if SELinux is enabled [bsc#1243242], [bsc#1259119] ==== pam-full-src ==== Subpackages: pam-extra pam-manpages - pam_unix-selinux.patch: always call unix_update if SELinux is enabled [bsc#1243242], [bsc#1259119] ==== pavucontrol ==== Version update (6.1 -> 6.2) - Update to version 6.2: + Add a checkbox to disable unavailable profiles. + Avoid inhibiting monitor source suspend. + Fix peak decay when monitor is suspended. + Add a build option to disable audio feedback. + Updated translations. - Update option passed to meson setup following upstream changes. - Add pkgconfig(libcanberra) BuildRequires: New dependency. ==== pcsc-cyberjack ==== Version update (3.99.5final.SP16 -> 3.99.5final.SP17) - update to 3.99.5 Service Pack 17 * Update to the Reiner-SCT repository cyberJack DriverPackage master f3674bb325fa3580aff1ce6e200e60a36ae38038 - update supplements device list - update the 40-cyberjack.rules ==== perl-Clone ==== Version update (0.470.0 -> 0.480.0) - updated to 0.480.0 (0.48) see /usr/share/doc/packages/perl-Clone/Changes 0.48 2026-03-02 16:02:00 atoomic - perf: optimize hot paths in Clone.xs - fix: replace subtest with SKIP/bare blocks to avoid Test2 warnings - fix: don't require MGf_DUP flag for ext magic duplication - fix: lower MAX_DEPTH to 4000 to prevent SEGV on CPAN smokers - fix: use platform-adaptive depth in t/10-deep_recursion.t for Windows - Fix t/10-deep_recursion.t for Windows - Fix C89 declaration-after-statement violations in Clone.xs - Fix deep recursion stack overflow on Windows - Fix cloning of Math::BigInt::GMP objects (fixes #16) - Fix cloning of threads::shared data structures (fixes #18) - Add thread safety test for Class::DBI-like patterns (fixes #14) - Add comprehensive documentation with examples and limitations - Improve README.md structure and installation instructions - Add DBI + DBD::SQLite as recommended test dependencies - Fix weakened reference cloning via deferred weakening (fixes #15) - Fix memory leak when cloning non-existent hash values (fixes #42) - Fix segfault when cloning DBI database handles (fixes #27) - Rewrite t/09-circular.t to fix SEGV on CPAN Testers (fixes #54) - Replace static recursion_depth with stack parameter - Fix C++ style comments in Clone.xs for C89 portability - Fix memory leak in Clone.xs (fixes #42) - Allow a MAX_DEPTH recursion of 32000 calls (fixes #19 aka RT97525) - Rename tests with more readable names - Remove TODO from cow test ==== perl-LWP-Protocol-https ==== Version update (6.140.0 -> 6.150.0) - updated to 6.150.0 (6.15) see /usr/share/doc/packages/perl-LWP-Protocol-https/Changes 6.15 2026-02-23 20:36:42Z - Make TLS enabled proxy work (proxy URL https:// not http://) (GH#89) (Steffen Ullrich) - switch from example.com to httpbin.org because of SSL certificate issues (GH#91) (Slaven ReziÄ) ==== perl-MIME-tools ==== Version update (5.515.0 -> 5.517.0) - updated to 5.517.0 (5.517) see /usr/share/doc/packages/perl-MIME-tools/ChangeLog 5.517 2026-02-10 Dianne Skoll <[email protected]> * VERSION 5.517 RELEASED * Add a missing test message file that was causing tests to fail. 5.516 2026-02-10 Dianne Skoll <[email protected]> * VERSION 5.516 RELEASED * Handle MIME parameters of the form param= better (ie, a parameter with no value at all.) It's treated the same as param="" rather than aborting the parse. * Diagnose additional types of malformed MIME as ambiguous. Specifically, an empty boundary parameters like boundary= or boundary="" is treated as ambiguous. Thanks to Stoiko Ivanov <[email protected]> for pointing out this missing case. ==== perl-Mail-AuthenticationResults ==== Version update (2.20250709 -> 2.20260216) - updated to 2.20260216 see /usr/share/doc/packages/perl-Mail-AuthenticationResults/Changes 2.20260216 2026-02-16 14:47:11+11:00 Australia/Melbourne - Added some helper methods which can be used to add commonly used children to an object. * $object->add_entry($key, $value); * $object->add_sub_entry($key, $value); * $object->add_comment($value); each returns the new object being added which can then be manipulated/added to as required. ==== perl-TimeDate ==== Version update (2.330.0 -> 2.340.0) - updated to 2.340.0 (2.34) see /usr/share/doc/packages/perl-TimeDate/Changes ==== php8 ==== Version update (8.4.18 -> 8.4.19) Subpackages: php8-ctype php8-dom php8-iconv php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter - version update to 8.4.19 Core: Fixed bug GH-21029 (zend_mm_heap corrupted on Aarch64, LTO builds). Fixed bug GH-20657 (Assertion failure in zend_lazy_object_get_info triggered by setRawValueWithoutLazyInitialization() and newLazyGhost()). Fixed bug GH-20504 (Assertion failure in zend_get_property_guard when accessing properties on Reflection LazyProxy via isset()). Fixed OSS-Fuzz #478009707 (Borked assign-op/inc/dec on untyped hooked property backing value). Fixed bug GH-21215 (Build fails with -std=). Fixed bug GH-13674 (Build system installs libtool wrappers when using slibtool). Curl: Fixed bug GH-21023 (CURLOPT_XFERINFOFUNCTION crash with a null callback). Don't truncate length. Date: Fixed bug GH-20936 (DatePeriod::__set_state() cannot handle null start). Fix timezone offset with seconds losing precision. DOM: Fixed bug GH-21077 (Accessing Dom\Node::baseURI can throw TypeError). Fixed bug GH-21097 (Accessing Dom\Node properties can can throw TypeError). MBString: Fixed bug GH-21223; mb_guess_encoding no longer crashes when passed huge list of candidate encodings (with 200,000+ entries). Opcache: Fixed bug GH-20718 ("Insufficient shared memory" when using JIT on Solaris). Fixed bug GH-21227 (Borked SCCP of array containing partial object). Fixed bug GH-21052 (Preloaded constant erroneously propagated to file-cached script). OpenSSL: Fix a bunch of leaks and error propagation. PCNTL: Fixed pcntl_setns() internal errors handling regarding errnos. Fixed cpuset leak in pcntl_setcpuaffinity on out-of-range CPU ID on NetBSD/Solaris platforms. Fixed pcntl_signal() signal table registering the callback first OS-wise before the internal list. Fixed pcntl_signal_dispatch() stale pointer and exception handling. PCRE: Fixed preg_match memory leak with invalid regexes. PDO_PGSQL: Fixed bug GH-21055 (connection attribute status typo for GSS negotiation). PGSQL: Fixed bug GH-21162 (pg_connect() memory leak on error). Sockets: Fixed bug GH-21161 (socket_set_option() crash with array 'addr' entry as null). Fixed possible addr length overflow with socket_connect() and AF_UNIX family sockets. Windows: Fixed compilation with clang (missing intrin.h include). ==== postfix ==== Version update (3.11.0 -> 3.11.1) - update to 3.11.1 * Bugfix (defect introduced: 20260219): alias_maps errors when default_database_type was not set in main.cf. * Bugfix (defect introduced: Postfix 3.0): buffer over-read when Postfix is configured with an enhanced status code not followed by other text. For example, "5.7.2" without text after the three-number code, in an access(5) table, header or body checks, or with "$rbl_code $rbl_text" in rbl_reply_maps or default_rbl_reply. These are all uncommon configurations. * Bugfix (defect introduced: Postfix 3.3): null pointer in nbdb_reindexd(8) because the "service_name" value was not propagated. * During Postfix start-up, avoid a spurious error message from nbdb_reindexd(8), when non_bdb_migration_level disables automatic re-indexing. ==== python-Pillow ==== - Reactivate tests 'test_stroke' and 'test_stroke_multiline' - Skip failed tests with libavif 1.4.0 in Factory/TW: 'TestFileAvif and (test_write_rgb or test_encoder_advanced_codec_options)' ==== python-gobject ==== Version update (3.56.0 -> 3.56.1) Subpackages: python311-gobject python311-gobject-Gdk python311-gobject-cairo python313-gobject python313-gobject-Gdk python313-gobject-cairo - Update URL - Update to version 3.56.1: + Fix `do_dispose` for floating objects + Updates and fixes for Windows documentation ==== python-httpx ==== - Add support-chardet6-client-autodetect.patch and support-chardet6-response-autodetect.patch (from gh#encode/httpx!3773) patches to overcome incompatibility with the new python-chardet >= 6.0 ==== python-tornado6 ==== Version update (6.5.4 -> 6.5.5) - Update to 6.5.5 (CVE-2026-31958, bsc#1259553) * ``multipart/form-data`` requests are now limited to 100 parts by default, to prevent a denial-of-service attack via very large requests with many parts. This limit is configurable via `tornado.httputil.ParseMultipartConfig`. Multipart parsing can also be disabled completely if not required for the application. Thanks to 0x-Apollyon and bekkaze for reporting this issue * The ``domain``, ``path``, and ``samesite`` arguments to `.RequestHandler.set_cookie` are now validated for illegal characters, which could be abused to inject other attributes on the cookie. Thanks to Dhiral Vyas (Praetorian) for reporting this issue. * Carriage return characters are no longer accepted in ``multipart/form-data`` headers. Thanks to sergeykochanov for reporting this issue. - add fix-tests-with-curl-8-19.patch to fix tests with curl 8.19 ==== qt6-base ==== Subpackages: libQt6Concurrent6 libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6OpenGLWidgets6 libQt6PrintSupport6 libQt6Sql6 libQt6Test6 libQt6WaylandClient6 libQt6Widgets6 libQt6WlShellIntegration6 libQt6Xml6 qt6-network-tls qt6-networkinformation-glib qt6-networkinformation-nm qt6-platformtheme-gtk3 qt6-printsupport-cups qt6-sql-mysql qt6-sql-sqlite qt6-wayland - Added patch to fix ignore broken unicode filenames without skipping the rest of the directory (QTBUG-142913) * 0001-Do-not-persist-unicode-error-state-across-dirents.patch - Just build with renderdoc on TW, since Leap 16.1 won't have it neither. - Also build without renderdoc on Leap 16 ==== sdbootutil ==== Version update (1+git20260303.90d816d -> 1+git20260313.ff5ea17) Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper - Update to version 1+git20260313.ff5ea17: * Support cmdline.d directory * Avoid update policy if no new hash * Requires libtss2-tcti-device0 * More explicit bootloader detection, honour sysconfig if set - Update to version 1+git20260311.73a155b: * Add ESP_FREE_SPACE config option * Merge both 710 components for grub2-bls * Allow partial unenrollment * Drop pcr-oracle * Edit crypttab options only for tracked devices * Fix bootloader PCR measurements for portable installations * Fix PCR predictions for grub2-bls without shim ==== selinux-policy ==== Version update (20260310 -> 20260311) Subpackages: selinux-policy-targeted - Update to version 20260311: * Allow redis_t to create netlink_rdma_socket * Allow systemd create symlinks in /run/varlink/registry * Support hooks in /run/systemd/resolve.hook * Allow virtlogd_t dac_override for virtlock (bsc#1253389) * Allow mdadm use modprobe (bsc#1257793) ==== sg3_utils ==== Version update (1.48+9.ecc03bb -> 1.48+13.54da4276) Subpackages: libsgutils2-1_48-2 - Update to version 1.48+13.54da4276: * Merge SLFO:Main code into factory ('ours' strategy, no code changes) - Update to version 1.48+11.e034865b: * rescan-scsi-bus.sh: Fix invocation of udevadm (boo#1258664) ==== systemd ==== Version update (259.3 -> 259.5) Subpackages: libsystemd0 libudev1 systemd-boot systemd-container udev - Import commit (merge of v259.5) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/e53173d15f11454a5770e7732e3eaed3105c11fc...58a9b1726da0e2c89665897ca7e107315b2389e0 - systemd-container: require libarchive instead of tar, since https://github.com/systemd/systemd/commit/a7c8f92d1f937113a279adbe62399f6f0773473f - systemd-update-helper: fix the clean-state command only removing $STATE_DIR/system instead of $STATE_DIR/. - systemd-update-helper: add --root option for testing convenience It allows the tests to redirect them under a temporary directory via --root instead of patching the script with sed. - Import commit e53173d15f11454a5770e7732e3eaed3105c11fc (merge of v259.4) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/1e9dbf558f2578c5f0a38a20cd93950de5d7b648...e53173d15f11454a5770e7732e3eaed3105c11fc - systemd-update-helper: fix incorrect skipping of systemctl disable during package removal (bsc#1245551) This bug was caused by stale dont-disable markers left over from a previous install transaction. Introduce a new command 'clean-state' for systemd-update-helper, which is called once via a %transfiletriggerin in the systemd package at the end of any transaction installing unit files, ensuring markers cannot persist across transactions. - systemd.spec: introduce %bcond_without docs to allow skipping man pages and devel-doc Add a new %bcond_without docs conditional that disables man page and HTML doc generation (-Dman, -Dhtml meson options) when building with --without docs. - systemd-update-helper: fix do_install_units() incorrectly returning 1 when no units need preset. ==== unbound ==== Subpackages: libunbound8 unbound-anchor - Update %suse_version checks for SLES 16.x (jsc#PED-15789) ==== xdg-utils ==== Version update (1.2.1 -> 1.2.0+20251025) Subpackages: xdg-utils-screensaver - Update to version 1.2.0+20251025: * Allow using -- with xdg-open * xdg-utils-common: update flatpak-info location * xdg-open: support toolbx * Added error catching in case parsing the .desktop file goes wrong * xdg-open: Keep filepaths and URIs apart, make sure that the uri to filepath fallback works for %U adn %u * xdg-open: Fix debug level evaluation in awk opener * xdg-open awk opener: fixed behviour when there are too few or too many file field codes * Implement proper debug levels for the new opener * Remove now uneccessary functions from xdg-open - No need for which anymore - Allow xdg-utils to be installed with busybox-which. This enables its installation in distrobox containers. (bsc#1254453) ==== zypper ==== Version update (1.14.94 -> 1.14.95) Subpackages: zypper-log zypper-needs-restarting - Report download progress for command line rpms (fixes #613) - Hint to '-vv ref' to see the mirrors used to download the metadata (bsc#1257882) - Service: Allow "zypper ls SERVICE ..." to test whether a service with this alias is defined (bsc#1252744) The command prints an abstract of all services passed on the command line. It returns 3-ZYPPER_EXIT_ERR_INVALID_ARGS if some argument does not name an existing service. - Keep repo data when updating the service settings (bsc#1252744) - info: Enhance pattern content table (bsc#1158038) Alternatives (multiple packages providing the same requirement) are now listed as a single entry in the content table. The entry shows either the installed package which satisfies the requirement or the requirement itself as type 'Provides'. Listing all potential alternatives was miss leading, especially if the alternatives were mutual exclusive. It looked like an installed pattern had not-installed requirements and it was not possible to install all requirements at the same time. - version 1.14.95
