Packages changed: apache2-mod_php8 (8.4.11 -> 8.4.12) aws-lc (1.58.1 -> 1.59.0) kmod lightdm-gtk-greeter-branding-openSUSE net-tools nftables (1.1.4 -> 1.1.5) openSUSE-release (20250828 -> 20250829) pcre2 (10.45 -> 10.46) php8 (8.4.11 -> 8.4.12) qt6-base (6.9.1 -> 6.9.2) qt6-declarative (6.9.1 -> 6.9.2) qt6-imageformats (6.9.1 -> 6.9.2) qt6-location (6.9.1 -> 6.9.2) qt6-multimedia (6.9.1 -> 6.9.2) qt6-networkauth (6.9.1 -> 6.9.2) qt6-positioning (6.9.1 -> 6.9.2) qt6-qt5compat (6.9.1 -> 6.9.2) qt6-quick3d (6.9.1 -> 6.9.2) qt6-quicktimeline (6.9.1 -> 6.9.2) qt6-sensors (6.9.1 -> 6.9.2) qt6-shadertools (6.9.1 -> 6.9.2) qt6-speech (6.9.1 -> 6.9.2) qt6-svg (6.9.1 -> 6.9.2) qt6-tools (6.9.1 -> 6.9.2) qt6-translations (6.9.1 -> 6.9.2) qt6-virtualkeyboard (6.9.1 -> 6.9.2) qt6-wayland (6.9.1 -> 6.9.2) qt6-webchannel (6.9.1 -> 6.9.2) qt6-webengine (6.9.1 -> 6.9.2) qt6-webview (6.9.1 -> 6.9.2) === Details === ==== apache2-mod_php8 ==== Version update (8.4.11 -> 8.4.12) - version update to 8.4.12 Core: Fixed GH-19169 build issue with C++17 and ZEND_STATIC_ASSERT macro. Fixed bug GH-19053 (Duplicate property slot with hooks and interface property). Fixed bug GH-19044 (Protected properties are not scoped according to their prototype). Fixed bug GH-18581 (Coerce numeric string keys from iterators when argument unpacking). Fixed OSS-Fuzz #434346548 (Failed assertion with throwing __toString in binary const expr). Fixed bug GH-19305 (Operands may be being released during comparison). Fixed bug GH-19303 (Unpacking empty packed array into uninitialized array causes assertion failure). Fixed bug GH-19306 (Generator can be resumed while fetching next value from delegated Generator). Fixed bug GH-19326 (Calling Generator::throw() on a running generator with a non-Generator delegate crashes). Fixed bug GH-19280 (Stale array iterator position on rehashing). Fixed bug GH-18736 (Circumvented type check with return by ref + finally). Fixed bug GH-19065 (Long match statement can segfault compiler during recursive SSA renaming). Calendar: Fixed bug GH-19371 (integer overflow in calendar.c). FTP: Fix theoretical issues with hrtime() not being available. GD: Fix incorrect comparison with result of php_stream_can_cast(). Hash: Fix crash on clone failure. Intl: Fix memleak on failure in collator_get_sort_key(). Fix return value on failure for resourcebundle count handler. LDAP: Fixed bug GH-18529 (additional inheriting of TLS int options). LibXML: Fixed bug GH-19098 (libxml<2.13 segmentation fault caused by php_libxml_node_free). MbString: Fixed bug GH-19397 (mb_list_encodings() can cause crashes on shutdown). Opcache: Reset global pointers to prevent use-after-free in zend_jit_status(). Fix issue with JIT restart and hooks. Fix crash with dynamic function defs in hooks during preload. OpenSSL: Fixed bug GH-18986 (OpenSSL backend: incorrect RAND_{load,write}_file() return value check). Fix error return check of EVP_CIPHER_CTX_ctrl(). Fixed bug GH-19428 (openssl_pkey_derive segfaults for DH derive with low key_length param). PDO Pgsql: Fixed dangling pointer access on _pdo_pgsql_trim_message helper. SOAP: Fixed bug GH-18640 (heap-use-after-free ext/soap/php_encoding.c:299:32 in soap_check_zval_ref). Sockets: Fix some potential crashes on incorrect argument value. Standard: Fixed OSS Fuzz #433303828 (Leak in failed unserialize() with opcache). Fix theoretical issues with hrtime() not being available. Fixed bug GH-19300 (Nested array_multisort invocation with error breaks). Windows: Free opened_path when opened_path_len >= MAXPATHLEN. ==== aws-lc ==== Version update (1.58.1 -> 1.59.0) Subpackages: libcrypto-awslc0 libssl-awslc0 - update to version 1.59.0: * Support other field for PKCS7 * Add CFI directives to armv8-mont * Add back RC4_options from decrepit * Apache httpd integration test * Fix clang-21 compile error * Fix MariaDB integration test * ML-KEM: Re-import mlkem-native * ML-KEM: import and enable x86_64 backend from mlkem-native * X509_REQ_verify for MLDSA44 and MLDSA87 * Remove BIT_INTERLEAVE support * ML-KEM: Fix mlkem-native importer.sh * Add CFI directives in md5-armv8.pl ==== kmod ==== Subpackages: libkmod2 - Revert the previous workaround ==== lightdm-gtk-greeter-branding-openSUSE ==== - Correct the background picture file path (bsc#1248096) ==== net-tools ==== Subpackages: net-tools-lang - Drop old Fedora patch 0006-Allow-interface-stacking.patch. It provided a fix for CVE-2025-46836 (bsc#142461), but it was fixes by the upstream in 2025 in a different way. Revert interferring net-tools-CVE-2025-46836.patch back to the upstream version. - Fix stack buffer overflow in parse_hex (bsc#1248687, GHSA-h667-qrp8-gj58, net-tools-parse_hex-stack-overflow.patch). - Fix stack-based buffer overflow in proc_gen_fmt (bsc#1248687, GHSA-w7jq-cmw2-cq59, net-tools-proc_gen_fmt-buffer-overflow.patch). - Avoid unsafe memcpy in ifconfig (bsc#1248687, net-tools-ifconfig-avoid-unsafe-memcpy.patch). - Prevent overflow in ax25 and netrom (bsc#1248687, net-tools-ax25+netrom-overflow-1.patch, net-tools-ax25+netrom-overflow-2.patch). - Keep possibility to enter long interface names, even if they are not accepted by the kernel, because it was always possible up to CVE-2025-46836 fix. But issue a warning about an interface name concatenation (bsc#1248410, net-tools-ifconfig-long-name-warning.patch). ==== nftables ==== Version update (1.1.4 -> 1.1.5) Subpackages: libnftables1 python313-nftables - Update to release 1.1.5 * Revert JSON ruleset listing, restore set flags to display single item with array * Fix misleading "No buffer space available" error when kernel reports too many errors back to userspace. - Delete 0001-tools-add-a-systemd-unit-for-static-rulesets.patch, json.patch (merged) ==== openSUSE-release ==== Version update (20250828 -> 20250829) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== pcre2 ==== Version update (10.45 -> 10.46) Subpackages: libpcre2-16-0 libpcre2-32-0 libpcre2-8-0 libpcre2-8-0-32bit libpcre2-posix3 - Update to 10.46: * CVE-2025-58050: heap-buffer-overflow read in match_ref due to missing boundary restoration in SCS (boo#1248832, boo#1248842) ==== php8 ==== Version update (8.4.11 -> 8.4.12) Subpackages: php8-ctype php8-dom php8-iconv php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter - version update to 8.4.12 Core: Fixed GH-19169 build issue with C++17 and ZEND_STATIC_ASSERT macro. Fixed bug GH-19053 (Duplicate property slot with hooks and interface property). Fixed bug GH-19044 (Protected properties are not scoped according to their prototype). Fixed bug GH-18581 (Coerce numeric string keys from iterators when argument unpacking). Fixed OSS-Fuzz #434346548 (Failed assertion with throwing __toString in binary const expr). Fixed bug GH-19305 (Operands may be being released during comparison). Fixed bug GH-19303 (Unpacking empty packed array into uninitialized array causes assertion failure). Fixed bug GH-19306 (Generator can be resumed while fetching next value from delegated Generator). Fixed bug GH-19326 (Calling Generator::throw() on a running generator with a non-Generator delegate crashes). Fixed bug GH-19280 (Stale array iterator position on rehashing). Fixed bug GH-18736 (Circumvented type check with return by ref + finally). Fixed bug GH-19065 (Long match statement can segfault compiler during recursive SSA renaming). Calendar: Fixed bug GH-19371 (integer overflow in calendar.c). FTP: Fix theoretical issues with hrtime() not being available. GD: Fix incorrect comparison with result of php_stream_can_cast(). Hash: Fix crash on clone failure. Intl: Fix memleak on failure in collator_get_sort_key(). Fix return value on failure for resourcebundle count handler. LDAP: Fixed bug GH-18529 (additional inheriting of TLS int options). LibXML: Fixed bug GH-19098 (libxml<2.13 segmentation fault caused by php_libxml_node_free). MbString: Fixed bug GH-19397 (mb_list_encodings() can cause crashes on shutdown). Opcache: Reset global pointers to prevent use-after-free in zend_jit_status(). Fix issue with JIT restart and hooks. Fix crash with dynamic function defs in hooks during preload. OpenSSL: Fixed bug GH-18986 (OpenSSL backend: incorrect RAND_{load,write}_file() return value check). Fix error return check of EVP_CIPHER_CTX_ctrl(). Fixed bug GH-19428 (openssl_pkey_derive segfaults for DH derive with low key_length param). PDO Pgsql: Fixed dangling pointer access on _pdo_pgsql_trim_message helper. SOAP: Fixed bug GH-18640 (heap-use-after-free ext/soap/php_encoding.c:299:32 in soap_check_zval_ref). Sockets: Fix some potential crashes on incorrect argument value. Standard: Fixed OSS Fuzz #433303828 (Leak in failed unserialize() with opcache). Fix theoretical issues with hrtime() not being available. Fixed bug GH-19300 (Nested array_multisort invocation with error breaks). Windows: Free opened_path when opened_path_len >= MAXPATHLEN. ==== qt6-base ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6Concurrent6 libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6OpenGLWidgets6 libQt6PrintSupport6 libQt6Sql6 libQt6Test6 libQt6Widgets6 libQt6Xml6 qt6-network-tls qt6-networkinformation-glib qt6-networkinformation-nm qt6-platformtheme-gtk3 qt6-printsupport-cups qt6-sql-mysql qt6-sql-sqlite - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released - Drop patch, merged upstream: * 0001-Add-clamping-to-QColorTransferGenericFunction.patch ==== qt6-declarative ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsPlatform6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlMeta6 libQt6QmlModels6 libQt6QmlNetwork6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 libQt6QuickVectorImage6 libQt6QuickWidgets6 qt6-declarative-imports - Pass '-DQT_QML_NO_CACHEGEN:BOOL=TRUE' to CMake to make builds reproducible (related: boo#1248369) - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released - Drop patch, merged upstream: * 0001-qmlcachegen-fix-crash-on-unresolved-type-with-requir.patch ==== qt6-imageformats ==== Version update (6.9.1 -> 6.9.2) - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-location ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6Location6 - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-multimedia ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6Multimedia6 libQt6MultimediaQuick6 libQt6MultimediaWidgets6 libQt6Quick3DSpatialAudio6 libQt6SpatialAudio6 qt6-multimedia-imports - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-networkauth ==== Version update (6.9.1 -> 6.9.2) - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-positioning ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6Positioning6 libQt6PositioningQuick6 qt6-positioning-imports - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-qt5compat ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6Core5Compat6 qt6-qt5compat-imports - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-quick3d ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6Quick3D6 libQt6Quick3DAssetImport6 libQt6Quick3DAssetUtils6 libQt6Quick3DEffects6 libQt6Quick3DHelpers6 libQt6Quick3DHelpersImpl6 libQt6Quick3DParticleEffects6 libQt6Quick3DParticles6 libQt6Quick3DRuntimeRender6 libQt6Quick3DUtils6 libQt6Quick3DXr6 qt6-quick3d-imports - Pass '-DQT_QML_NO_CACHEGEN:BOOL=TRUE' to CMake to make builds reproducible (related: boo#1248369) - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-quicktimeline ==== Version update (6.9.1 -> 6.9.2) - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-sensors ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6Sensors6 - Pass '-DQT_QML_NO_CACHEGEN:BOOL=TRUE' to CMake to make builds reproducible (related: boo#1248369) - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-shadertools ==== Version update (6.9.1 -> 6.9.2) - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-speech ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6TextToSpeech6 qt6-texttospeech - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-svg ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6Svg6 libQt6SvgWidgets6 - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-tools ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6Designer6 libQt6UiTools6 qt6-tools-qdbus - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released - Drp patch, merged upstream: * 0001-QDoc-Sort-non-function-nodes-by-name-then-erase-duplicates.patch - Recommend installing qt6-translation for the -assistant, - designer and -linguist subpackages. ==== qt6-translations ==== Version update (6.9.1 -> 6.9.2) - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-virtualkeyboard ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6HunspellInputMethod6 libQt6VirtualKeyboard6 libQt6VirtualKeyboardQml6 qt6-virtualkeyboard-imports - Pass '-DQT_QML_NO_CACHEGEN:BOOL=TRUE' to CMake to make builds reproducible (related: boo#1248369) - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-wayland ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6WaylandClient6 libQt6WaylandCompositor6 libQt6WaylandEglClientHwIntegration6 libQt6WaylandEglCompositorHwIntegration6 libQt6WlShellIntegration6 - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-webchannel ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6WebChannel6 libQt6WebChannelQuick6 qt6-webchannel-imports - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-webengine ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6WebEngineCore6 libQt6WebEngineQuick6 libQt6WebEngineWidgets6 qt6-webengine-imports - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released * Patched with security patches up to Chromium version up to 139.0.7258.67 ==== qt6-webview ==== Version update (6.9.1 -> 6.9.2) - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released