Packages changed: ImageMagick (7.1.2.7 -> 7.1.2.8) MozillaFirefox (144.0 -> 144.0.2) apache2 apache2-manual apache2-prefork apache2-utils brotli (1.1.0 -> 1.2.0) gegl gnome-calculator (49.1 -> 49.1.1) gnome-clocks gnome-console (49.0 -> 49.1) gom (0.5.4 -> 0.5.5) gtk-layer-shell (0.9.2 -> 0.10.0) leancrypto (1.5.1 -> 1.6.0) libxkbcommon (1.12.2 -> 1.12.3) loupe (49.0 -> 49.1) luajit mozjs140 openjph (0.24.2 -> 0.24.4) pam_mount (2.21 -> 2.22) === Details === ==== ImageMagick ==== Version update (7.1.2.7 -> 7.1.2.8) Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - version update to 7.1.2.8 * fixes GHSA-wpp4-vqfq-v4hp (CVE-2025-62594 [bsc#1252749]) ==== MozillaFirefox ==== Version update (144.0 -> 144.0.2) Subpackages: MozillaFirefox-branding-upstream MozillaFirefox-translations-common - Mozilla Firefox 144.0.2 * Fixed: Fixed an issue where the list of available locales in `about:settings` contained more locales than were downloaded or currently supported. (bmo#1994642) * Fixed: Fixed an issue where using the keyboard to open the Unified Search dropdown was inconsistent. The dropdown now expands properly, allowing users to select a search engine using the keyboard. (bmo#1979826) * Fixed: Fixed an issue where curated photo collections on Microsoft OneDrive's Photos “For You” page failed to load, showing a gray screen instead of content. Collections now display as expected. (bmo#1986533) * Fixed: Fixed a startup crash affecting Windows users with Avast or other security software installed. (bmo#1992678) * Fixed: Fixed an issue on macOS where the emoji picker shortcut and menu entry stopped working after switching between apps. (bmo#1980815) * Fixed: Fixed an issue on macOS where dragging images from Firefox into third-party apps like Preview could fail or behave unexpectedly. (bmo#1995345) * Fixed: Fixed performance and video playback issues on macOS 26 (Tahoe) that occurred when the system was under heavy load. (bmo#1995638) * Fixed: Fixed a browser hang on macOS 26 (Tahoe) that could occur when bookmark folders contained loops or repeated references to themselves. (bmo#1995621) * Fixed: Security fix. MFSA 2025-86 (bsc#1252815) * CVE-2025-12380 (bmo#1993113) Use-after-free in WebGPU internals triggered from a compromised child process - Removed upstreamed mozilla-bmo1990430.patch - fix miscompilation with gcc and using it for build (mozilla-bmo1990430.patch) ==== apache2 ==== - Re-introduce /usr/sbin/httpd - Links to start_apache2, which now contains the logic to dispatch to the appropriate MPM respecting sysconfig's decision. - Migrate from update-alternatives (bsc#1245830). - The APACHE_MPM environment variable now controls which MPM will be used. If an empty string is provided, the script-helpers file implements its own logic to pick an MPM from the currently installed ones. As at least one MPM is always required, this will work just fine. ==== apache2-manual ==== - Re-introduce /usr/sbin/httpd - Links to start_apache2, which now contains the logic to dispatch to the appropriate MPM respecting sysconfig's decision. - Migrate from update-alternatives (bsc#1245830). - The APACHE_MPM environment variable now controls which MPM will be used. If an empty string is provided, the script-helpers file implements its own logic to pick an MPM from the currently installed ones. As at least one MPM is always required, this will work just fine. ==== apache2-prefork ==== - Re-introduce /usr/sbin/httpd - Links to start_apache2, which now contains the logic to dispatch to the appropriate MPM respecting sysconfig's decision. - Migrate from update-alternatives (bsc#1245830). - The APACHE_MPM environment variable now controls which MPM will be used. If an empty string is provided, the script-helpers file implements its own logic to pick an MPM from the currently installed ones. As at least one MPM is always required, this will work just fine. ==== apache2-utils ==== - Re-introduce /usr/sbin/httpd - Links to start_apache2, which now contains the logic to dispatch to the appropriate MPM respecting sysconfig's decision. - Migrate from update-alternatives (bsc#1245830). - The APACHE_MPM environment variable now controls which MPM will be used. If an empty string is provided, the script-helpers file implements its own logic to pick an MPM from the currently installed ones. As at least one MPM is always required, this will work just fine. ==== brotli ==== Version update (1.1.0 -> 1.2.0) Subpackages: libbrotlicommon1 libbrotlicommon1-x86-64-v3 libbrotlidec1 libbrotlidec1-x86-64-v3 libbrotlienc1 libbrotlienc1-x86-64-v3 - Update to release 1.2 * python: added Decompressor::can_accept_more_data method and optional output_buffer_limit argument Decompressor::process; that allows mitigation of unexpectedly large output * decoder / encoder: static tables use "small" model (allows 2GiB+ binaries) ==== gegl ==== Subpackages: gegl-0_4 gegl-0_4-lang libgegl-0_4-0 typelib-1_0-Gegl-0_4 - Enable luajit on riscv64 ==== gnome-calculator ==== Version update (49.1 -> 49.1.1) Subpackages: gnome-calculator-lang gnome-shell-search-provider-gnome-calculator - Update to version 49.1.1: + Fixed variable usage with text-operators in function definition + Disable 32-bit unsigned right-shift on 32-bit architectures + Updated translations. ==== gnome-clocks ==== Subpackages: gnome-clocks-lang gnome-shell-search-provider-gnome-clocks - Replace appstream-glib with AppStream BuildRequires, meson setup checks for it, and it was already pulled in via other dependencies. ==== gnome-console ==== Version update (49.0 -> 49.1) Subpackages: gnome-console-lang - Update to version 49.1: + depot: set TERM by default on spawn + settings: infinite is represented by -1 + Updated translations. - Drop e7e8b62e7.patch: Fixed upstream. ==== gom ==== Version update (0.5.4 -> 0.5.5) - Update to version 0.5.5: + Fix some gi-doc annotations + Build system fixes + Improve unit tests - Drop the nobwrap.helper again: glycin 2.0.1 found a solution to avoid the bwrap when run inside CIs/BuildEnvironments. As such, we can run the test suite without the nobwrap.wrapper again. ==== gtk-layer-shell ==== Version update (0.9.2 -> 0.10.0) - Update to 0.10.0: * API: add gtk_layer_set_respect_close()/gtk_layer_get_respect_close() * Fix: ignore .closed event by default, #209 * Fix: protocol error on popup menu tooltop, #207 * Tests: support optionally running under Valgrind ==== leancrypto ==== Version update (1.5.1 -> 1.6.0) Subpackages: libleancrypto1 libleancrypto1-32bit - Update to 1.6.0: * ASN.1: use stack for small generator for small use cases * X.509: Updates required to support the shim boot loader * X.509: add lc_gmtime to convert Epoch to time format * ASN.1: added to Linux kernel (for 64 bit systems only) * Added AES-GCM and AES-XTS * Availability: remove assert() calls throughout the code - in case of a self test error, disable the algorithm. Instead of using assert, apply a centrally managed test manager that stores the test status. This implies that some initalization APIs like lc_hash_init, lc_sym_init, lc_hmac_init are changed such that they return an error code if self tests failed. Thus, the version is now changed as this is considered to be an ABI change. Although this sounds heavy, the test manager is relatively small and the runtime state should be smaller than the old approach considering the old approach uses one global 32 bit integer per self test to maintain the state. This is now replaced with a set of 32 bit atomic integers that hold a 3-bit field for each algorithm. This change also adds the API call of lc_rerun_one_selftest which allows triggering the reruning of a self test for one given algorithm. * FIPS: Rearchitect integrity test control value generator: The build process now uses the host’s objcopy to extract the ELF sections of interest into a separate file, use a build_machine compiled version of sha3-256sum to generate the digest of it and reinsert it into the leancrypto-fips.so. This now allows cross-compilation with FIPS integrity test support. There is no functional change to leancrypto though. * Significant reduction of compilation units by almost half by not having global, but per-test compiled C files. * Linux kernel: add /proc/leancrypto * FIPS: Add negative testing support * Add SHAKE-512 and XDRBG-512 support * FIPS: Add FIPS indicator which implies that libleancrypto.so has the same functionality as libleancrypto-fips.so with the exception that the latter performs an integrity test. * ARMv9: fix BTI for ML-DSA - Remove patch: * leancrypto-fix-aarch64-BTI.patch - Don't strip debug symbols ==== libxkbcommon ==== Version update (1.12.2 -> 1.12.3) Subpackages: libxkbcommon-x11-0 libxkbcommon0 libxkbregistry0 - Update to release 1.12.3 * Fixed `xkbcli keymap-dump` being kinda broken on Wayland because it would commit an XDG surface without a role object. * X11: Hardened against some malformed XKB responses with erroneous modifiers or LEDs counts. ==== loupe ==== Version update (49.0 -> 49.1) Subpackages: loupe-lang - Update to version 49.1: + Fixed: - The keyboard shortcut for 300 % (Ctrl + 3, 3) now zooms to 300% instead of 200 %. - editing: Don't enable option to trash and replace if moving to trash is not supported. - Replace appstream-glib with AppStream BuildRequires and command called in check section, use the more modern tool. ==== luajit ==== - riscv64-support.patch: update from LuaJIT/LuaJIT#1267 - loong64-support.patch: rediff ==== mozjs140 ==== - Add mozjs140-CVE-2025-62813.patch: Fix embedded lz4 against CVE-2025-62813 (boo#1252592). ==== openjph ==== Version update (0.24.2 -> 0.24.4) - Update to 0.24.4: * Fix an issue with ATK marker segment processing #224 - Update to 0.24.3: * Protect against illegally long QCD and QCC marker segments. ==== pam_mount ==== Version update (2.21 -> 2.22) Subpackages: libcryptmount0 - Update to release 2.22 * Add per-volume "ignoresource" option to pam_mount.conf.xml to ignore the origin device when testing for already-mountedness. * Fix GDM doing nothing after entering the password.