Packages changed: Mesa (25.0.5 -> 25.1.3) Mesa-drivers (25.0.5 -> 25.1.3) MicroOS-release (20250606 -> 20250610) ModemManager (1.22.0 -> 1.24.0) docker editorconfig-core-c ell (0.76 -> 0.77) ffmpeg-4 flashrom fuse gcc15 gobject-introspection gpg2 ibus (1.5.31 -> 1.5.32) iputils (20250602 -> 20250605) kernel-firmware-amdgpu (20250509 -> 20250606) kernel-firmware-bluetooth (20250516 -> 20250603) kernel-firmware-brcm (20250516 -> 20250603) kernel-firmware-i915 (20250425 -> 20250603) kernel-firmware-intel (20250512 -> 20250603) kernel-firmware-iwlwifi (20250423 -> 20250603) kernel-firmware-mediatek (20250502 -> 20250603) kernel-firmware-network (20250408 -> 20250603) kernel-firmware-nvidia (20250206 -> 20250516) kernel-firmware-platform (20250516 -> 20250520) kernel-firmware-qcom (20250502 -> 20250603) kernel-source (6.15.0 -> 6.15.1) libbpf libcamera (0.5.0 -> 0.5.1) libqt5-qtbase libupnp (1.14.22 -> 1.14.23) mpg123 (1.32.10 -> 1.33.0) mutter (48.3 -> 48.3.1) netavark (1.15.0 -> 1.15.2) perl podman (5.5.0 -> 5.5.1) python-Mako python-requests qt6-declarative rust-keylime (0.2.7+1 -> 0.2.7+70) vulkan-tools wayland webkit2gtk3 webkit2gtk4 xdg-desktop-portal === Details === ==== Mesa ==== Version update (25.0.5 -> 25.1.3) Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1 - Update to release 25.1.3 - -> https://docs.mesa3d.org/relnotes/25.1.3 - Update to release 25.1.2 - -> https://docs.mesa3d.org/relnotes/25.1.2 - fix build on s390x - Update to release 25.1.1 - -> https://docs.mesa3d.org/relnotes/25.1.1 - supersedes the following patches * U_0001-radv-driconf-Add-radv_force_64k_sparse_alignment-con.patch * U_0002-driconf-Add-workarounds-for-DOOM-The-Dark-Ages.patch - U_0001-radv-driconf-Add-radv_force_64k_sparse_alignment-con.patch U_0002-driconf-Add-workarounds-for-DOOM-The-Dark-Ages.patch * fixes issues with DOOM: The Dark Ages - build d3d12 video driver only when %vdpau_d3d12 is set - enable panfrost vulkan driver on Leap 16.0 - Update to release 25.1.0 - -> https://docs.mesa3d.org/relnotes/25.1.0 - adjusted patches: * python36-buildfix1.patch * n_drirc-disable-rgb10-for-chromium-on-amd.patch, - supersedes the following patches: * python36-buildfix2.patch * u_intel-drop-annotations-from-spv2hex.patch * U_clover-Don-t-include-libclc-headers.patch - osmesa no longer available; it's considered redundant with EGL surfaceless ==== Mesa-drivers ==== Version update (25.0.5 -> 25.1.3) Subpackages: Mesa-dri Mesa-gallium Mesa-vulkan-device-select libvulkan_lvp - Update to release 25.1.3 - -> https://docs.mesa3d.org/relnotes/25.1.3 - Update to release 25.1.2 - -> https://docs.mesa3d.org/relnotes/25.1.2 - fix build on s390x - Update to release 25.1.1 - -> https://docs.mesa3d.org/relnotes/25.1.1 - supersedes the following patches * U_0001-radv-driconf-Add-radv_force_64k_sparse_alignment-con.patch * U_0002-driconf-Add-workarounds-for-DOOM-The-Dark-Ages.patch - U_0001-radv-driconf-Add-radv_force_64k_sparse_alignment-con.patch U_0002-driconf-Add-workarounds-for-DOOM-The-Dark-Ages.patch * fixes issues with DOOM: The Dark Ages - build d3d12 video driver only when %vdpau_d3d12 is set - enable panfrost vulkan driver on Leap 16.0 - Update to release 25.1.0 - -> https://docs.mesa3d.org/relnotes/25.1.0 - adjusted patches: * python36-buildfix1.patch * n_drirc-disable-rgb10-for-chromium-on-amd.patch, - supersedes the following patches: * python36-buildfix2.patch * u_intel-drop-annotations-from-spv2hex.patch * U_clover-Don-t-include-libclc-headers.patch - osmesa no longer available; it's considered redundant with EGL surfaceless ==== MicroOS-release ==== Version update (20250606 -> 20250610) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== ModemManager ==== Version update (1.22.0 -> 1.24.0) Subpackages: libmm-glib0 - Update to version 1.24.0: + API: - Add new TIMEOUT, PROTOCOL, and THROTTLED core errors - Add new MMCarrierLockError errors - Add new Messaging interface SetDefaultStorage method - Fix MM_BEARER_IP_FAMILY_ANY ABI break introduced in 1.20 - Add new Cell Broadcast API - Report sub-system vendor and product IDs in Firmware device IDs - Add new ID_MM_TTY_AT_PROBE_TRIES udev tag to control number of AT probes on a per-port basis for plugins that do not override generic probing logic. - Add new Cell Broadcast API + Core: - Improved handling of odd +CGDCONT responses - Add support for putting modems in low-power mode during suspend - Retry AT+CNUM a couple times if the SIM is busy - Fix probing of modems that only expect a single AT port - Reprobe modems on late port additions; ensures modems use the optimal control channel regardless of kernel/udev timing - Ignore FASTBOOT ports during probing - Better logging of user requests - Fix probing of single-port devices by starting support check on first port addition - Don't crash as often due to assumption that a primary modem port always exists - Add support for loading and setting initial EPS bearer settings - Quite a few memory leak fixes - Lay groundwork for Intel XMM7xxx RPC-based devices - restart AT probing if a port is stuck in PPP mode when modem is detected - Serialize core modem operations to prevent multiple D-Bus clients from interrupting each other's operations - Work around elogind sometimes not sending the PrepareForSleep signal - Add generic Qualcomm Firehose and Sahara firmware update support - Fix SIM unlock behavior being treated at SIM hot-swaps - Detect 4G & 5G modem capabilities with newer AT commands + Updated translations. ==== docker ==== Subpackages: docker-buildx docker-rootless-extras - Do not try to inject SUSEConnect secrets when in Rootless Docker mode, as Docker does not have permission to access the host zypper credentials in this mode (and unprivileged users cannot disable the feature using /etc/docker/suse-secrets-enable.) bsc#1240150 * 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch - Rebase patches: * 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch * 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch * 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch - Always clear SUSEConnect suse_* secrets when starting containers regardless of whether the daemon was built with SUSEConnect support. Not doing this causes containers from SUSEConnect-enabled daemons to fail to start when running with SUSEConnect-disabled (i.e. upstream) daemons. This was a long-standing issue with our secrets support but until recently this would've required migrating from SLE packages to openSUSE packages (which wasn't supported). However, as SLE Micro 6.x and SLES 16 will move away from in-built SUSEConnect support, this is now a practical issue users will run into. bsc#1244035 + 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch - Rearrange patches: - 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch + 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch - 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch + 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch - 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch + 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch - 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch + 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch - 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch + 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch [NOTE: This update was only ever released in SLES and Leap.] - Always clear SUSEConnect suse_* secrets when starting containers regardless of whether the daemon was built with SUSEConnect support. Not doing this causes containers from SUSEConnect-enabled daemons to fail to start when running with SUSEConnect-disabled (i.e. upstream) daemons. This was a long-standing issue with our secrets support but until recently this would've required migrating from SLE packages to openSUSE packages (which wasn't supported). However, as SLE Micro 6.x and SLES 16 will move away from in-built SUSEConnect support, this is now a practical issue users will run into. bsc#1244035 + 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch - Rearrange patches: - 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch + 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch - 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch + 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch - 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch + 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch - 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch + 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch - 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch + 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch - 0006-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch + 0007-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch - 0007-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch + 0008-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch ==== editorconfig-core-c ==== - Fix intermittent build failure (bsc#1243568): Add 0001-Generate-output-directories-before-building-manpages.patch: ==== ell ==== Version update (0.76 -> 0.77) - Update to version 0.77 * Add support for precheck feature for unit tests. * Add support for license variable for pkg-config. ==== ffmpeg-4 ==== Subpackages: libavcodec58_134 libavformat58_76 libavutil56_70 libpostproc55_9 libswresample3_9 libswscale5_9 - Add ffmpeg-4-CVE-2024-36618.patch: Backport 7a089ed8 from upstream, avformat/avidec: Fix integer overflow iff ULONG_MAX < INT64_MAX. (CVE-2024-36618, bsc#1234020) ==== flashrom ==== - Fix build error for Leap 16.0 ==== fuse ==== - Drop fuse-devel-static. - Modernize specfile. - Do not require installation of documentation for use of FUSE headers. ==== gcc15 ==== Subpackages: libatomic1 libgcc_s1 libgfortran5 libgomp1 libquadmath0 libstdc++6 - Revert pruning the set of cross-compilers that conflict with different versions from the set using update-alternatives. This causes endless headache with file conflicts with older GCC releases. ==== gobject-introspection ==== Subpackages: girepository-1_0 libgirepository-1_0-1 - Add explicit python3-setuptools BuildRequires: this was already used in the past, but was pulled in by python3-Mako. As meson explicitly tests for it, it's our responsibility it's there. ==== gpg2 ==== - Fix problems with decoding Curve25519 - Added patch * gnupg-agent-fix-for-prefix-0x40-in-the-point-representation.patch ==== ibus ==== Version update (1.5.31 -> 1.5.32) Subpackages: libibus-1_0-5 typelib-1_0-IBus-1_0 - Upstream update to 1.5.32 * Send FocusIn signal again after delayed FocusId property * Fix time lag of CandidatePanel in X11 * Update Unicode table with keysym * Wayland input-method protocol version 1 and 2 * https://github.com/ibus/ibus/wiki/WaylandDesktop * Additional Wayland input-method; XIM and GTK2, Key repeating, Compose * ibus start --type wayland new option * Compose feature updates * Bug fixes of Wayland features * Update simple.xml with xkeyboard-config 2.44 - Revert not to use systemd to launch ibus * Remove ibus-ui-gtk3-restart-via-systemd.patch - Remove patches merged by the upstream * ibus-gcc15-1.patch * ibus-gcc15-2.patch ==== iputils ==== Version update (20250602 -> 20250605) - Update to version 20250605 Fixing regression in ping. https://github.com/iputils/iputils/releases/tag/20250605 ==== kernel-firmware-amdgpu ==== Version update (20250509 -> 20250606) - Update to version 20250606 (git commit 4f0106cf1943): * amdgpu: DMCUB updates for various ASICs - Update to version 20250603 (git commit 3b75d677f898): * amdgpu: DMCUB updates for various ASICs - Update to version 20250516 (git commit 759c4acafb4a): * amdgpu: DMCUB updates for various ASICs ==== kernel-firmware-bluetooth ==== Version update (20250516 -> 20250603) - Update to version 20250603 (git commit 3b75d677f898): * linux-firmware: Update firmware file for Intel Pulsar core * linux-firmware: Update firmware file for Intel BlazarI core * linux-firmware: Update firmware file for Intel Quasar core * linux-firmware: Update firmware file for Intel Solar core * linux-firmware: Update firmware file for Intel Magnetar core * linux-firmware: Update firmware file for Intel BlazarU core ==== kernel-firmware-brcm ==== Version update (20250516 -> 20250603) - Update to version 20250603 (git commit 3b75d677f898): * brcm: Add symlinks for Khadas VIM SDIO wifi config to AW-CM256SM.txt ==== kernel-firmware-i915 ==== Version update (20250425 -> 20250603) - Update aliases - Update to version 20250603 (git commit 3b75d677f898): * xe: Update GUC to v70.45.2 for BMG, LNL * i915: Update GUC to v70.45.2 for DG2 * xe: Update LNL GSC to v104.0.5.1429 ==== kernel-firmware-intel ==== Version update (20250512 -> 20250603) - Update to version 20250603 (git commit 3b75d677f898): * Intel IPU7: Add firmware binary files ==== kernel-firmware-iwlwifi ==== Version update (20250423 -> 20250603) - Update to version 20250603 (git commit 3b75d677f898): * iwlwifi: add Bz/gl FW for core96-76 release * iwlwifi: update ty/So/Ma firmwares for core96-76 release * iwlwifi: update cc/Qu/QuZ firmwares for core96-76 release * iwlwifi: update firmwares for 8000 series * iwlwifi: update 7265D firmware ==== kernel-firmware-mediatek ==== Version update (20250502 -> 20250603) - Update to version 20250603 (git commit 3b75d677f898): * mediatek MT7925: update bluetooth firmware to 20250526153203 * linux-firmware: update firmware for MT7925 WiFi device - Update to version 20250520 (git commit 341b9e805613): * mediatek: Add mt8196 VCP firmware ==== kernel-firmware-network ==== Version update (20250408 -> 20250603) - Update to version 20250603 (git commit 3b75d677f898): * ice: update wireless_edge package to 1.3.23.0 * ice: update comms package to 1.3.55.0 * ice: update package to 1.3.43.0 ==== kernel-firmware-nvidia ==== Version update (20250206 -> 20250516) - Add workaround for directory/symlink changes (bsc#1243843) - Update to version 20250516 (git commit 759c4acafb4a): * nvidia: add GSP-RM version 570.144 firmware images ==== kernel-firmware-platform ==== Version update (20250516 -> 20250520) - Update to version 20250520 (git commit 341b9e805613): * cnm: Add Chips&Media wave633c firmware for NXP i.MX9 ==== kernel-firmware-qcom ==== Version update (20250502 -> 20250603) - Update aliases - Update to version 20250603 (git commit 3b75d677f898): * qcom: add QUPv3 firmware for QCS8300 platform * qcom: sc8280xp: FW blob updates for X13s - Update to version 20250520 (git commit 341b9e805613): * Adjust QUPv3 driver name ==== kernel-source ==== Version update (6.15.0 -> 6.15.1) - Revert "percpu/x86: enable strict percpu checks via named AS qualifiers" (bsc#1244135). - commit e60198f - Linux 6.15.1 (bsc#1012628). - iommu: Handle yet another race around registration (bsc#1012628). - iommu: Avoid introducing more races (bsc#1012628). - coredump: hand a pidfd to the usermode coredump helper (bsc#1012628). - coredump: fix error handling for replace_fd() (bsc#1012628). - pidfs: move O_RDWR into pidfs_alloc_file() (bsc#1012628). - perf/arm-cmn: Add CMN S3 ACPI binding (bsc#1012628). - perf/arm-cmn: Initialise cmn->cpu earlier (bsc#1012628). - perf/arm-cmn: Fix REQ2/SNP2 mixup (bsc#1012628). - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1012628). - arm64: dts: ti: k3-j784s4-j742s2-main-common: Fix length of serdes_ln_ctrl (bsc#1012628). - arm64: dts: ti: k3-j722s-main: Disable "serdes_wiz0" and "serdes_wiz1" (bsc#1012628). - arm64: dts: ti: k3-j722s-evm: Enable "serdes_wiz0" and "serdes_wiz1" (bsc#1012628). - arm64: dts: ti: k3-j721e-sk: Add requiried voltage supplies for IMX219 (bsc#1012628). - arm64: dts: ti: k3-j721e-sk: Remove clock-names property from IMX219 overlay (bsc#1012628). - arm64: dts: ti: k3-j721e-sk: Add DT nodes for power regulators (bsc#1012628). - arm64: dts: ti: k3-am68-sk: Fix regulator hierarchy (bsc#1012628). - arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0 (bsc#1012628). - arm64: dts: ti: k3-am62x: Rename I2C switch to I2C mux in OV5640 overlay (bsc#1012628). - arm64: dts: ti: k3-am62x: Rename I2C switch to I2C mux in IMX219 overlay (bsc#1012628). - arm64: dts: ti: k3-am62x: Remove clock-names property from IMX219 overlay (bsc#1012628). - arm64: dts: ti: k3-am62p-j722s-common-main: Set eMMC clock parent to default (bsc#1012628). - arm64: dts: ti: k3-am62a-main: Set eMMC clock parent to default (bsc#1012628). - arm64: dts: ti: k3-am62-main: Set eMMC clock parent to default (bsc#1012628). - arm64: dts: qcom: x1e80100: Fix PCIe 3rd controller DBI size (bsc#1012628). - arm64: dts: qcom: x1e80100: Add GPU cooling (bsc#1012628). - arm64: dts: qcom: x1e80100: Apply consistent critical thermal shutdown (bsc#1012628). - arm64: dts: qcom: x1e80100: Fix video thermal zone (bsc#1012628). - arm64: dts: qcom: x1e80100-yoga-slim7x: mark l12b and l15b always-on (bsc#1012628). - arm64: dts: qcom: x1e80100-qcp: mark l12b and l15b always-on (bsc#1012628). - arm64: dts: qcom: x1e80100-qcp: Fix vreg_l2j_1p2 voltage (bsc#1012628). - arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Fix vreg_l2j_1p2 voltage (bsc#1012628). - arm64: dts: qcom: x1e80100-hp-x14: mark l12b and l15b always-on (bsc#1012628). - arm64: dts: qcom: x1e80100-hp-omnibook-x14: Fix vreg_l2j_1p2 voltage (bsc#1012628). - arm64: dts: qcom: x1e80100-hp-omnibook-x14: Enable SMB2360 0 and 1 (bsc#1012628). - arm64: dts: qcom: x1e80100-dell-xps13-9345: mark l12b and l15b always-on (bsc#1012628). - arm64: dts: qcom: x1e80100-asus-vivobook-s15: Fix vreg_l2j_1p2 voltage (bsc#1012628). - arm64: dts: qcom: x1e001de-devkit: mark l12b and l15b always-on (bsc#1012628). - arm64: dts: qcom: x1e001de-devkit: Fix vreg_l2j_1p2 voltage (bsc#1012628). - arm64: dts: qcom: sm8650: Add missing properties for cryptobam (bsc#1012628). - arm64: dts: qcom: sm8550: Add missing properties for cryptobam (bsc#1012628). - arm64: dts: qcom: sm8450: Add missing properties for cryptobam (bsc#1012628). - arm64: dts: qcom: sm8350: Fix typo in pil_camera_mem node (bsc#1012628). - arm64: dts: qcom: sa8775p: Remove cdsp compute-cb@10 (bsc#1012628). - arm64: dts: qcom: sa8775p: Remove extra entries from the iommus property (bsc#1012628). - arm64: dts: qcom: sa8775p: Add missing properties for cryptobam (bsc#1012628). - arm64: dts: qcom: ipq9574: Add missing properties for cryptobam (bsc#1012628). - arm64: dts: rockchip: Add missing SFC power-domains to rk3576 (bsc#1012628). - arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (bsc#1012628). - arm64: dts: socfpga: agilex5: fix gpio0 address (bsc#1012628). - commit 5623d06 - series.conf: cleanup - update upstream references and resort - patches.suse/Reapply-wifi-ath11k-restore-country-code-during-resu.patch - patches.suse/powerpc-boot-Fix-build-with-gcc-15.patch ... changelog too long, skipping 5 lines ... - commit e9df5e4 ==== libbpf ==== - Workaround kernel module size increase due to BTF deduplication issue since the introduction of TYPEOF_UNQUAL (poo#183503) * add 0001-libbpf-Add-identical-pointer-detection-to-btf_dedup_.patch ==== libcamera ==== Version update (0.5.0 -> 0.5.1) Subpackages: libcamera-base0_5 libcamera0_5 - Update to release 0.5.1 * Improvements have been made to the Raspberry Pi Camera Tuning Tools, and the geometry, matrix and vector class helpers have been expanded for greater reuse throughout the project. * The software ISP has a new Saturation control. ==== libqt5-qtbase ==== Subpackages: libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 - Add patch (CVE-2025-5455, boo#1243958) * CVE-2025-5455.patch ==== libupnp ==== Version update (1.14.22 -> 1.14.23) Subpackages: libixml11 libupnp17 - Update to release 1.14.23 * Improve SSDP initialization and error handling ==== mpg123 ==== Version update (1.32.10 -> 1.33.0) - Update to version 1.33.0 mpg123: * Fix printout of filenames at end (convert/limit text encoding). * Treat HTTP header encoding as unknown/ASCII and formally convert to UTF-8. * Make --continue mode work with --random. out123: * Finally give zero exit code when generating sounds, not indicating spurious failure. build: * Use CCASFLAGS for assembler tests, to enable builds that enable instruction sets that way. * PIC for compat libs (convenience libs used during build) only if building shared libs. compat: * Map strtok use to strtok_r or strtok_s (MS platforms), if possible. users only in control_generic and libout123 so far. Out123 itself uses mytok. * Enable build on PSP by merging in the hotfix of opmitting signal code. libmpg123: * API version 49 with added mpg123_open_handle64(), mpg123_open64(), and mpg123_open_fixed64() that are not subject to largefile renaming. This means you can still access internal I/O with MPG123_PORTABLE_API. The code has been there before, anyway. * With MPG123_PORTABLE_API, mpg123_open_handle() is hidden now (use mpg123_open_handle64() instead). * more silence on errors (sideband limit message) ==== mutter ==== Version update (48.3 -> 48.3.1) - Update to version 48.3.1: + Fix Xwayland windows becoming unresponsive to events + Fix drag and drop of tabs into tiled/maximized state ==== netavark ==== Version update (1.15.0 -> 1.15.2) - Update to version 1.15.2: * release v1.15.2 * release notes for v1.15.2 * dhcp_proxy: set timeout_sender only if required * cargo: bump mozim to 0.2.6 * release v1.15.1 * release notes for v1.15.1 * Revert "remove search domain from response" ==== perl ==== Subpackages: perl-base - do not change the current directory when cloning an open directory handle [bnc#1244079] [CVE-2025-40909] new patch: perl-dirdup.diff ==== podman ==== Version update (5.5.0 -> 5.5.1) - Update to version 5.5.1: * Bugfixes - Fixed a bug where containers mounting a volume to / could overmount important directories such as /proc causing start and/or runtime failures due to an issue with mount ordering (#26161). - Fixed a bug where Quadlet .pod units could fail to start due to their storage not being mounted (#26190). - Fixed a bug where containers joined to a network with DNS enabled would not include the host's search domains in their resolv.conf (#24713). - Fixed a bug where the --dns-opt option to podman create, podman run, and podman pod create would append options to the container's resolv.conf, instead of replacing them (#22399). - Fixed a bug where the podman kube play command would add an empty network alias for containers created with no name specified, causing Netavark to emit extraneous warnings. - Fixed a bug where the podman system df command would panic when one or more containers were created using a root filesystem (the --rootfs option to podman create and podman run) instead of from an image (#26224). - Fixed a bug where the log_tag field in containers.conf would override the --log-opt tag=value option to podman create and podman run (#26236). - Fixed a bug where the podman volume rm and podman volume inspect commands would incorrectly handle volume names containing the _ character when the SQLite database backend was in use (#26168). - Fixed a bug where the Podman remote client on Windows was unable to mount local folders into containers using overlay mounts (-v source:destination:O) (#25988). * API - Fixed a bug in the Libpod Create API for Containers where rlimits specified with a value of -1 were causing errors, instead of being interpreted as the maximum possible value (#24886). - Fixed a bug in the Compat Create API for Containers where specifying an entrypoint of [] (an empty array) was ignored, instead of setting an empty entrypoint (#26078). * Misc - Updated Buildah to v1.40.1 - Updated the containers/common library to v0.63.1 ==== python-Mako ==== - Switch to pyproject macros. ==== python-requests ==== - Add CVE-2024-47081.patch upstream patch, fixes netrc credential leak (gh#psf/requests#6965, CVE-2024-47081, bsc#1244039) ==== qt6-declarative ==== Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsPlatform6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlMeta6 libQt6QmlModels6 libQt6QmlNetwork6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 libQt6QuickVectorImage6 libQt6QuickWidgets6 qt6-declarative-imports - Add upstream fix (QTBUG-137196): * 0001-qmlcachegen-fix-crash-on-unresolved-type-with-requir.patch ==== rust-keylime ==== Version update (0.2.7+1 -> 0.2.7+70) - Update vendored crates (bsc#1243861, CVE-2024-12224) * idna 1.0.3 - Add Cargo_lock.patch to adjust versions that will allow the compilation of mbox crate - Update to version 0.2.7+70: * build(deps): bump wiremock from 0.6.2 to 0.6.3 * build(deps): bump uuid from 1.16.0 to 1.17.0 * lib: Introduce AgentIdentity structure * gitignore: Add *.swp and *.orig to be ignored * build(deps): bump clap from 4.5.38 to 4.5.39 * build(deps): bump tokio from 1.45.0 to 1.45.1 * Unify Push Model structures time formats to UTC (#1016) * Add Quote related structures to Keylime library * Remove configuration file trailing whitespaces (#1012) * keylime-agent.conf: add all accepted TPM encryption algs * tpm: add policy auth for EK to activate crendential * Enable non standard key sizes and curves for EK and AK * config: Use next_back() instead of last() for iterators * Update to tss-esapi v7.6.0 * Avoid duplicated call to ctx.create_ek * build(deps): bump clap from 4.5.23 to 4.5.38 * Add registration for Push Model client * build(deps): bump tokio from 1.44.2 to 1.45.0 * build(deps): bump chrono from 0.4.40 to 0.4.41 * build(deps): bump tempfile from 3.17.1 to 3.20.0 * Refactor code: move error, registration to lib * Move structure filling and URL selection code (#999) * build(deps): bump pest_derive from 2.7.15 to 2.8.0 * build(deps): bump pest from 2.7.15 to 2.8.0 * build(deps): bump libc from 0.2.169 to 0.2.172 * Add Evidence/Authentication messages to prototype * build(deps): bump uuid from 1.15.1 to 1.16.0 * build(deps): bump thiserror from 2.0.11 to 2.0.12 * build(deps): bump signal-hook from 0.3.17 to 0.3.18 * build(deps): bump log from 0.4.25 to 0.4.27 * build(deps): bump assert_cmd from 2.0.16 to 2.0.17 * build(deps): bump actix-web from 4.9.0 to 4.10.2 * build(deps): bump reqwest from 0.12.12 to 0.12.15 * build(deps): bump serde from 1.0.217 to 1.0.219 * Add unit tests for sessions.rs structures * Add auth(sessions) structures * Fix minor README.md issue (#988) * Define EvidenceHandling structures (#971) * Add mockoon test scenario * Add client certificates to push-attestation prototype * Cargo: bump url crate to version 2.5.4 * Add logging to the push attestation prototype * Do not use certificate on insecure mode * common: Move the EncryptedData structure from common to the library * common: Move AuthTag from common to the library * build(deps): bump openssl from 0.10.71 to 0.10.72 * common: Move Symmkey to library as crypto::symmkey * common: Remove unused constants and static values * build(deps): bump tokio from 1.43.0 to 1.44.2 * Refactor code: Include AgentIdentity structure * Push model prototype * Add support for ek certificate chain, stored in TPM NVRAM. * Recover key_class field and set it as "asymmetric" * Update push model structures to latest values * build(deps): bump serde_json from 1.0.138 to 1.0.140 * packit: Add identifier for each copr_build job * keylime-agent.conf: only mention ecdsa and rsassa for signing * build(deps): bump openssl from 0.10.70 to 0.10.71 * build(deps): bump uuid from 1.13.2 to 1.15.1 * Add capabilities_negotiation structures * packit: Add compatibility/api_version_compatibility test * build(deps): bump uuid from 1.11.0 to 1.13.2 * build(deps): bump serde_json from 1.0.135 to 1.0.138 * build(deps): bump thiserror from 2.0.9 to 2.0.11 * build(deps): bump tempfile from 3.14.0 to 3.17.1 * Allow agent to start as non-root * scripts: Fix coverage information downloading script * build(deps): bump openssl from 0.10.68 to 0.10.70 * build(deps): bump tokio from 1.42.0 to 1.43.0 ==== vulkan-tools ==== - Remove unused dependency on vulkan-volk ==== wayland ==== Subpackages: libwayland-client0 libwayland-cursor0 libwayland-egl1 libwayland-server0 - Skip tests in qemu emulation ==== webkit2gtk3 ==== Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 webkit2gtk-4_1-injected-bundles - Replace usage of %jobs for reproducible builds (boo#1237231) ==== webkit2gtk4 ==== Subpackages: libjavascriptcoregtk-6_0-1 libwebkitgtk-6_0-4 webkitgtk-6_0-injected-bundles - Replace usage of %jobs for reproducible builds (boo#1237231) ==== xdg-desktop-portal ==== - Rebase remove-furo-dep.patch.