Packages changed: MicroOS-release (20260305 -> 20260306) PackageKit (1.3.3 -> 1.3.4) avahi avahi-glib2 cpio exiv2 (0.28.3 -> 0.28.8) glib2-branding-openSUSE iso-codes (4.18.0 -> 4.20.1) jasper (4.2.8 -> 4.2.9) kbd libmodulemd (2.15.0 -> 2.15.2) libnotify (0.8.7 -> 0.8.8) openexr (3.4.5 -> 3.4.6) passt python-gobject (3.54.5 -> 3.56.0) python-oauthlib (3.2.2 -> 3.3.1) sonnet unzip vim (9.2.0045 -> 9.2.0110) xdg-desktop-portal (1.20.3 -> 1.21.0) === Details === ==== MicroOS-release ==== Version update (20260305 -> 20260306) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== PackageKit ==== Version update (1.3.3 -> 1.3.4) Subpackages: PackageKit-backend-dnf5 libpackagekit-glib2-18 typelib-1_0-PackageKitGlib-1_0 - Update to version 1.3.4: + This version introduces the new DNF5 backend for distributions that use DNF. + The "pkgctl" utility has been renamed to "pkgcli" to avoid a name clash with an Arch Linux-specific developer tool that has the same binary name. It is also now built by default. + Features: - Build pkgctl by default - pkgctl: Add manual page - pkgctl: Add basic bash-completion support - Rename the pkgctl utility to pkgcli - pkgcli: Autoremove unused dependencies by default - Changes to various backends: alpm, apt, dnf, dnf5, freebsd - Drop PackageKit-1.3.3-Initial-DNF5-Backend.patch: fixed upstream - BuildRequire pkgconfig(jansson): dependency needed for pkgcli. - Add docbook5-xsl-stylesheets BuildRequires: new dependency - Backport upstream patch to fix build: + 11c5f1f34f48b58ee10acec839dd01a31728704b.patch - Pass -dlegacy_tools=true to meson: build the legacy tools (pkcon/pkmon) for the time being. ==== avahi ==== Subpackages: libavahi-client3 libavahi-common3 libavahi-core7 - Use libalternative instead of update-alternatives in TW and SLFO (jsc#PED-14835). ==== avahi-glib2 ==== - Use libalternative instead of update-alternatives in TW and SLFO (jsc#PED-14835). ==== cpio ==== - Remove update-alternatives %post scripts for SLES 16.x future releases (jsc#PED-15643, bsc#1245890) ==== exiv2 ==== Version update (0.28.3 -> 0.28.8) - update to 0.28.8 (bsc#1259083, CVE-2026-25884, bsc#1259085, CVE-2026-27631, bsc#1259084, CVE-2026-27596): * [CVE-2026- 25884](https://github.com/Exiv2/exiv2/security/advisories/GHS A-9mxq-4j5g-5wrp) * [CVE-2026- 27596](https://github.com/Exiv2/exiv2/security/advisories/GHS A-3wgv-fg4w-75x7) * [CVE-2026- 27631](https://github.com/Exiv2/exiv2/security/advisories/GHS A-p2pw-7935-c73j) - Update to 0.28.7: * Reverts an ABI incompatibility that was accidentally introduced in v0.28.6; * Fixes two low-severity vulnerabilities: [CVE-2025-54080](https://github.com/Exiv2/exiv2/security/advisories/GHSA-496f-x7cq-cq39) [CVE-2025-55304](https://github.com/Exiv2/exiv2/security/advisories/GHSA-m54q-mm9w-fp6g) * Fixes a use-after-free vulnerability in `tiffcomposite_int.cpp`: [CVE-2025-26623](https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7) (CVE-2025-55304, bsc#1248963, CVE-2025-54080, bsc#1248962) ==== glib2-branding-openSUSE ==== - Make the key name and comments for org.gnome.settings-daemon.plugins.power Leap and SLE specific. - Make SUSE Mono font default for GNOME in SLE and Leap from 16.1 (jsc#PED-13370). ==== iso-codes ==== Version update (4.18.0 -> 4.20.1) - Update to version 4.20.1: + Install symlinks for obsolete .po filenames - Changes from version 4.20.0: + Switch from autotools to meson build system + The project is now fully compliant with version 3.3 of the REUSE specification + Updated translations. - Follow upstream, switch to meson build system: + Add meson remove pkgconfig BuildRequires + use meson/meson_build/meson_install macros instead of configure/make_build/make_install. ==== jasper ==== Version update (4.2.8 -> 4.2.9) - Update to 4.2.9: * Fix a bug in the JP2 encoder that caused incorrect handling of opacity components in some cases. (#392) ==== kbd ==== Subpackages: libkbdfile1 libkeymap1 libkfont0 - Implement setfont --quiet to suppress warning from systemd-vconsole-setup (boo#1212970, kbd-setfont-quiet.patch). ==== libmodulemd ==== Version update (2.15.0 -> 2.15.2) - Update to version 2.15.2: + module_index test now passes if RPM library is built without bzip2 or xx compression support and libmodulemd is configured to support decompression using the RPM library. - Changes from version 2.15.1: + A new g_variant_store: assertion 'data != NULL' failed warning added to GLib 2.84.1 when processing modulemd YAML documents with /data/xmd field with an empty flow map ({}) value was fixed. + Building documentation now works with GLib 2.80.1 at the expense of missing cross links from libmodulemd to GLib. If it still fails you, you can disable building the documentation with -Dwith_docs=false meson option. + A number of warnings printed by recent Meson was reduced. - Add 89d4afb3.patch: tests: Adapt to glib 2.87.0 - Add e33ecf1c.patch: tests: Adapt to pygobject 3.55.0 - Drop upstream merged patches: + 29c339a3.patch + 9d280909.patch + glib-2.80.2-glibdoc-path.patch ==== libnotify ==== Version update (0.8.7 -> 0.8.8) Subpackages: libnotify4 typelib-1_0-Notify-0_7 - Update to version 0.8.8: + This release contains various fixes to have better handing for icons, addressing issues due to recent changes, as well with improvements and new features for notify-send. + Added a fully-functional notify-send test suite, thus we encourage distributors to run the tests through meson. + notification-hints: Define notification hints with constant values + notification: - Use better URI parsing for icons - Improve property changes notifications - Replace actions added with an existing name - Fail on invalid action invocation - Simplify the logic to support the legacy hints names - Use the icon as icon-name, not as app-icon - Improve reading images when inside a portal + notify-send: - Support parsing hex byte hints - Set both the image path and the app-icon - Add an option to override the app-icon on notification - Add support to write the notification ID to a FD - Add support to write the activated action to a FD - Add support to write the activation token to a FD + tests: Add exensive notify-send test suite and coverage check + Bugs fixed: - The closed signal only fires once - Icon handling requires call to notify_get_server_info - Drop pkgconfig(gtk+-3.0) BuildRequires: No longer needed. ==== openexr ==== Version update (3.4.5 -> 3.4.6) Subpackages: libIex-3_4-33 libIlmThread-3_4-33 libOpenEXR-3_4-33 libOpenEXRCore-3_4-33 - version update to 3.4.6 * :bug: A limit of ``UINT_MAX`` deep samples per pixel is now enforced, which prevents an integer overflow when using the `CompositeDeepScanLine` API to combine multiple deep parts. * :bug: `IlmThread` now builds properl with glibc 2.43. * :wrench: In `IlmThreadPool`, replace deprecated `std::atomic_load / std::atomic_exchange` overloads for `std::shared_ptr` with the C++20 `std::atomic>` interface when available. * :bug: The ``ZIP`` and ``ZIPS`` Compressor objects had incorrect compression types set, although the ill effects were miminal as the value is seldom used. * :bug: Enable SSE2 on 32-bit x86 builds to fix test failures - fixes CVE-2026-27622 (bsc#1259177) ==== passt ==== Subpackages: passt-selinux - spec: Adhere to new `suse_version` convention for SLES16.X (jsc#PED-15779) ==== python-gobject ==== Version update (3.54.5 -> 3.56.0) Subpackages: python313-gobject python313-gobject-Gdk python313-gobject-cairo - Update to version 3.56.0: + Handle caller-allocated fixed-size C-Arrays + Fix reading array length on big-endian + Invoke `do_constructed` for object constructed by GObject directly + events: fix main context iteration without thread default - Update to version 3.55.3: + Add typing annotations to `GLib` and `GObject` overrides + Do not allow `__slots__` in GObject subclasses + Documentation updates + overrides/GLib: Add wrappers for `GLibUnix` split + Fix leak in object initialization + asyncio support without EventLoopPolicy + Fix crash in string/array marshalling + Update class type on wrapper destruction - Changes from version 3.55.2: + Use cache logic for field/property/constant/signal closure marshalling + Refactor struct and object marshaller code + Remove wrappers for `GLib.OptionContext` and `GLib.OptionGroup` + Fix issue when Python objects are garbage collected + Windows build failure with Python 3.13 + Refactoring - Changes from version 3.55.1: + Enable `-Wswitch-enum` compiler option + Pass `GIArgument` as value argument + Support unichar properties + Minimum supported Python version is 3.10 + docs: Add conda and pixi to getting started + Fix a few memory leaks, refactorings and cleanup + docs: Website updates + Add backwards compatibility for `Gdk.PaintableFlags.SIZE`/`CONTENTS` + Fix missing instance variables when objects are garbage collected + Use a (temporary) object to make sure `do_dispose()` is called + Call `do_constructed()` at the end of object initialization - Changes from version 3.55.0: + Most notable changes are the removal of toggle references. If you use python weakrefs to track PyGObjects, you should change that to `GObject.Object.weak_ref()`. + An environment variable `PYGI_OVERRIDES_PATH` can be set to add additional override paths (especially for testing). + Remove `GLib.options` module + Support generic parameters for `Gio.ListStore` + Cleanup: replace arguments in cache objects by functions + Always sink floating objects + Excempt GioPlatform namespaces from require_version check + (backwards compat) Expose platform symbols through Gio module + Update pythoncapi-compat + Add PYGI_OVERRIDES_PATH environment variable + Provide the intended GioUnix API, even on older GLib + Code refactorings + Remove `pygtkcompat` completely + Array improvements + Fix memory leak when array construction fails + Unify properties handling + Replace toggle references ==== python-oauthlib ==== Version update (3.2.2 -> 3.3.1) - Update to 3.3.1 OAuth2.0 Client: * #906: fix regression of expires_in parsing when float in string. - from version 3.3.0 OAuth2.0 Provider: * OIDC: #879 Changed in how ui_locales is parsed * RFC8628: Added OAuth2.0 Device Authorization Grant support * PKCE: #876, #893 Fixed `create_code_verifier` length * OIDC: Pre-configured OIDC server to use Refresh Token by default OAuth2.0 Common: * OAuth2Error: Allow 0 to be a valid state OAuth2.0 Client: * #745: expires_at is forced to be an int * #899: expires_at clarification General: * Removed Python 3.5, 3.6, 3.7 support * #859, #883: Added Python 3.12, 3.13 Support * Added dependency-review GitHub Action * Updated various references of license (SPDX identifier..) * Added GitHub Action for lint, replaced bandy with ruff, removed isort... * Migrated to GitHub Actions from Travis * Added Security Policy - Drop support for older Python versions - Drop Make-UtilsTests.test_filter_params-Python-3.13-compatible.patch, merged upstream - Remove unneeded workaround to recompile Python sources - Switch build system from setuptools to pyproject.toml * Add python-pip and python-wheel to BuildRequires * Replace %python_build with %pyproject_wheel * Replace %python_install with %pyproject_install * Update name for dist directory in %files section ==== sonnet ==== Subpackages: libKF5SonnetCore5 libKF5SonnetUi5 - Added sonnet-spellcheckdecorator.patch (kde#492444 boo#1256892). ==== unzip ==== - Remove update-alternatives %post scripts for SLES 16.x future releases (jsc#PED-15658, jsc#PED-15659, bsc#1245929, bsc#1245930) ==== vim ==== Version update (9.2.0045 -> 9.2.0110) Subpackages: vim-data-common vim-small - update to version 9.2.0110: * patch 9.2.0110: No support for terminal synchronization mode * patch 9.2.0109: VIM_BACKTICK is always defined except for tiny builds * patch 9.2.0108: byteidx_common() and f_utf16idx() call ptr2len() twice * patch 9.2.0107: tests: Test_statuslineopt() is flaky * patch 9.2.0106: memory leak in expand_findfunc() * patch 9.2.0105: memory leak in heredoc_get() in src/evalvars.c * patch 9.2.0104: popup: flickering on opaque popups with overlapping text * patch 9.2.0103: missing FEAT_MENU guard for w_winbar_height in window.c * patch 9.2.0102: 'listchars' "leadtab" not used in :list * patch 9.2.0101: statusline drawing issue for multi-lines * patch 9.2.0100: Using reserved keyword new as function argument * patch 9.2.0099: compiler warning about unused variable * patch 9.2.0098: Coverity: Error handling issue in win_init() * runtime(syntax-tests): regenerate dump files (after v9.2.0093) * patch 9.2.0097: Memory leak in qf_push_dir() * patch 9.2.0096: has() function is slow due to linear feature scan * patch 9.2.0095: keypad keys may shadow normal keys * translation: regenerate po/vim.pot after v9.2.0093 * patch 9.2.0094: popup: concealed text causes incorrect truncation * patch 9.2.0093: Not possible to have window-local highlighting groups * patch 9.2.0092: control flow commands using '|' fail inside a {} block * runtime(nickel): Add filetype plugin with com, cms settings * patch 9.2.0091: missing out-of-memory checks in quickfix.c * runtime(po): Update syntax script * runtime(doc): Tweak doc style in options.txt * patch 9.2.0090: "leadtab" behavior inconsistent on line with only TABs * patch 9.2.0089: netrw: does not take port into account in hostname validation * translation: regenerate po/vim.pot after v9.2.0088 * runtime(osc52): Omit paste from the osc52 provider when g:osc52_disable_paste is enabled * patch 9.2.0088: cannot display tabs for indentation * patch 9.2.0087: popup: redrawing can be improved when moving popups * patch 9.2.0086: Coverity complains that ScreenLines can be NULL * patch 9.2.0085: tests: test_clientserver.vim is flaky * runtime(xkb): Include a simple xkb ftplugin * translation: regenerate po/vim.pot after v9.2.0083 * patch 9.2.0084: Vim9: isn_get_calltype() can be improved * patch 9.2.0083: Cannot have a mutli-line statusline * patch 9.2.0082: Patch v9.2.0052 was wrong * patch 9.2.0081: Failed "z=" does not reset 'nospell' setting * runtime(julia): Update julia ftplugin * patch 9.2.0080: popup: a few redrawing problems * runtime(vim): Update base syntax, improve :syntax group list arg matching * patch 9.2.0079: memory leak in eval_dict() * patch 9.2.0078: [security]: stack-buffer-overflow in build_stl_str_hl() * patch 9.2.0077: [security]: Crash when recovering a corrupted swap file * patch 9.2.0076: [security]: buffer-overflow in terminal handling * patch 9.2.0075: [security]: Buffer underflow with emacs tag file * patch 9.2.0074: [security]: Crash with overlong emacs tag file * patch 9.2.0073: [security]: possible command injection using netrw * patch 9.2.0072: inside_block() uses wrong index in loop * patch 9.2.0071: Vim9: lambda function deleted on re-sourcing * patch 9.2.0070: tests: various tests leave swapfiles around * runtime(env): add ftplugin for env filetype * patch 9.2.0069: highlight: incorrect string length and redundant code * patch 9.2.0068: Inefficient use of list_append_string() * patch 9.2.0067: memory leak in dict_extend_func() * patch 9.2.0066: memory leak in build_drop_cmd() * patch 9.2.0065: memory leak in invoke_sync_listeners() * patch 9.2.0064: popup: opacity feature causes flickering * patch 9.2.0063: memory leak in type_name_list_or_dict() * patch 9.2.0062: Using the wrong field with DAP channel mode * patch 9.2.0061: Not possible to know when a session will be loaded * patch 9.2.0060: No support for the DAP channel mode * patch 9.2.0059: memory leak in fill_assert_error * patch 9.2.0058: Compile error in did_set_previewpopup() * patch 9.2.0057: memory leak in exe_newdict() * patch 9.2.0056: memory leak in ex_substitute * patch 9.2.0055: memory leak in ExpandFromContext() * patch 9.2.0054: eval_addblob() is inefficient * patch 9.2.0053: Vims list concatenation is inefficient * patch 9.2.0052: Wayland: hiding lower half of command line in tiny vim * patch 9.2.0051: 'previewpopup' is missing features available in 'completepopup' * patch 9.2.0050: WM_SETFOCUS not handled immediately * patch 9.2.0049: Vim9: typename() wrong for lists/dicts/tuples with shared references * patch 9.2.0048: MS-Windows: ConPTY not yet preferred * patch 9.2.0047: Vim9: Comment parsing error with lambda * runtime(sshconfig): Add 3 additional keywords to syntax script * patch 9.2.0046: filetype: neon files are not recoginzed ==== xdg-desktop-portal ==== Version update (1.20.3 -> 1.21.0) - Update to version 1.21.0: + New Features: - Add the has_current_page and has_selected_pages options to the Print Portal - Allow running the tests with Valgrind's memcheck - Add the ConfigureShortcuts method to the Global Shortcuts Portal - Send activation tokens in the actiavated and deactiavated signals on the Global Shortcuts Portal - Add a new reduced motion setting to the Settings Portal - Support linyaps applications - Add missing cell broadcast severities to the Notification Portal + Enhancements: - Code cleanup - Code refactoring - Documentation improvements - New and updated translations - Improve various permission dialog texts - Release procedure clarifications - Updates to ASAN suppressions - Make XdpAppInfo more testable - Use the new PIDFD_GET_PID_NAMESPACE ioctl to get the pidns - Improvements to the heuristics to translate a path in the sandbox to a path on the host - Improve the mocking of the GeoClue service - Make the camera permissions per-App on the host again - Clean up permissions and desktop IDs usage - Improve PID translations for host Apps - Show an appropriate error when access to remote documents fails - Require a valid AppID from apps in RequestBackground to enable autostart - Require a valid AppID from apps to use the Global Shortcuts Portal - Test and document Notification Portal backward compatibilities - Improve the heuristic to detect the App ID for host apps - Add Merge Requirements documentation - Initialize the Secret Portal asynchronously to avoid blocking when the secret service is not available - Do not allow requesting a zero capability from the Input Capture Portal - Require GLib version 2.76 and drop the related compatibility code + Bug Fixes: - Fix a crash when loading information from Flatpak apps - Fix fd handling to prevent EBADF errors - Add a fallback code path for GLib older than 2.76 - Don't require a .desktop file for Flatpak and Snap apps - Fix a crash when calling GlobalShortcuts.BindShortcuts with an empty list - Fix a crash when passing Request token handles which contain - - Fix tests on systems without access to /proc/cmdline - Stop accidentally running pytests of subprojects - Give up trying to unmount an existing fuse mount when shutting down the Document Portal - Fix compilation on Debian Testing, caused by a wrong cast - Fix ownership of pidfd for XdpAppInfos - Fix uninitialized variables - Do not give access to read-only USB devices when read-write access was requested - Do not kill PID 0 and handle races properly - Fix forwarding the available-source-types and available-cursor-modes from the backend - Ensure valid WAYLAND_DISPLAY/DISPLAY by launching after the graphical session target