Packages changed: ImageMagick (7.1.2.23 -> 7.1.2.24) LibVNCServer Mesa (26.1.0 -> 26.1.1) Mesa-drivers (26.1.0 -> 26.1.1) apparmor at-spi2-core (2.60.3 -> 2.60.4) atkmm1_6 (2.28.4 -> 2.28.5) aws-lc (1.72.0 -> 5.0.0) bind (9.20.22 -> 9.20.23) docbook_4 fwupd gdm (50.0 -> 50.1) gjs (1.88.0 -> 1.88.0.g4) gnome-control-center (50.1 -> 50.2) gnome-session (50.0 -> 50.1) gnome-shell (50.1 -> 50.2) gnome-user-docs (50.0 -> 50.2) gnome-user-share (48.2 -> 48.3) graphviz (14.1.2 -> 15.0.0) gsasl (2.2.2 -> 2.2.3) gssdp (1.6.4 -> 1.6.5) gtk4 (4.22.4 -> 4.22.4+11) gupnp (1.6.9 -> 1.6.10) gupnp-av (0.14.4 -> 0.14.5) gvfs hwdata (0.406 -> 0.407) iso_ent kernel-firmware-amdgpu (20260514 -> 20260519) kernel-firmware-intel (20260505 -> 20260519) kernel-firmware-mediatek (20260423 -> 20260519) kernel-firmware-qcom (20260514 -> 20260519) kernel-firmware-sound (20260421 -> 20260519) less (692 -> 702) libadwaita (1.9.0 -> 1.9.1) libapparmor libcaca libdrm (2.4.133 -> 2.4.134) libgphoto2 (2.5.33 -> 2.5.34) libheif (1.21.2 -> 1.22.2) libjxl libjxl-gtk libphonenumber (9.0.29 -> 9.0.31) libsolv (0.7.37 -> 0.7.39) libsoup libsoup2 libunwind libwebp libxfce4windowing (4.20.5 -> 4.20.6) libzio (1.12 -> 1.14) libzypp (17.38.9 -> 17.38.11) live555 (2026.03.23 -> 2026.04.22) man mariadb (11.8.6 -> 11.8.7) nautilus (50.1 -> 50.2.2) nvidia-open-driver-G06-signed nvidia-open-driver-G07-signed (595.71.05_k7.0.10_2 -> 595.80_k7.0.10_2) nvidia-open-driver-G07-signed-cuda (595.71.05_k7.0.10_2 -> 610.43.02_k7.0.10_2) openSUSE-build-key openSUSE-release (20260527 -> 20260531) orca (50.1 -> 50.2) pipewire (1.6.5 -> 1.6.6) polkit-default-privs (1550+20260513.3b99372 -> 1550+20260528.62493d2) powerdevil6 python-ldap (3.4.5 -> 3.4.7) python-markdown-it-py (4.0.0 -> 4.2.0) python-pip (26.1 -> 26.1.1) qt6-base (6.11.0 -> 6.11.1) qt6-declarative (6.11.0 -> 6.11.1) qt6-imageformats (6.11.0 -> 6.11.1) qt6-location (6.11.0 -> 6.11.1) qt6-multimedia (6.11.0 -> 6.11.1) qt6-networkauth (6.11.0 -> 6.11.1) qt6-positioning (6.11.0 -> 6.11.1) qt6-qt5compat (6.11.0 -> 6.11.1) qt6-quick3d (6.11.0 -> 6.11.1) qt6-quicktimeline (6.11.0 -> 6.11.1) qt6-sensors (6.11.0 -> 6.11.1) qt6-shadertools (6.11.0 -> 6.11.1) qt6-speech (6.11.0 -> 6.11.1) qt6-svg (6.11.0 -> 6.11.1) qt6-tools (6.11.0 -> 6.11.1) qt6-translations (6.11.0 -> 6.11.1) qt6-virtualkeyboard (6.11.0 -> 6.11.1) qt6-wayland (6.11.0 -> 6.11.1) qt6-webchannel (6.11.0 -> 6.11.1) qt6-webengine (6.11.0 -> 6.11.1) qt6-webview (6.11.0 -> 6.11.1) quadrapassel (50.1 -> 50.2) rdma-core (61.0 -> 62.0) re2c (4.5 -> 4.5.1) salt samba (4.23.7+git.473.9487af01c24 -> 4.23.8+git.477.f78166bceed) selinux-policy (20260522 -> 20260526) sgml-skel talloc (2.4.3 -> 2.4.4) tdb (1.4.14 -> 1.4.15) tesseract-ocr unbound (1.25.0 -> 1.25.1) util-linux (2.41.3 -> 2.42.1) util-linux-systemd (2.41.3 -> 2.42.1) vorbis-tools xscreensaver (6.09 -> 6.15) === Details === ==== ImageMagick ==== Version update (7.1.2.23 -> 7.1.2.24) Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - in default security policy, allow reading from symbolic links [bsc#1265373] - modified patches * ImageMagick-configuration-SUSE.patch - version update to 7.1.2.24 * reject mtv files with zero columns or rows #8758 * reject tga files with zero columns or rows #8756 * reject cineon files with zero columns or rows #8754 * build(deps): bump ubuntu from 22.04 to 26.04 in /.devcontainer #8751 * reject farbfeld files with zero columns or rows #8750 * build(deps): bump caphyon/advinst-github-action from 2.0.2 to 2.0.3 #8742 * build(deps): bump github/codeql-action from 4.35.4 to 4.35.5 #8749 * Add profile_fuzzer for raw EXIF/XMP/IPTC/ICC parsing #8736 - fixes following GH security advisories: * GHSA-4v89-6mgq-6rgc * GHSA-8pj9-6897-74xc * GHSA-xcjm-wqff-m669 * GHSA-gm48-c7f2-v67p * GHSA-h36c-3666-h489 * GHSA-5v62-8fq6-cp9m * GHSA-9hqg-xf93-ghfw * GHSA-2hhq-c99x-492r * GHSA-6mwj-rp89-6j5j * GHSA-vgh5-r42g-4j44 ==== LibVNCServer ==== - added patches CVE-2026-44988: missing validation of rectangle width in tight gradient decoding can lead to server-triggered out-of-bounds write [bsc#1266459] * LibVNCServer-CVE-2026-44988.patch ==== Mesa ==== Version update (26.1.0 -> 26.1.1) Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1 - Update to 26.1.1 bugfix release - -> https://docs.mesa3d.org/relnotes/26.1.1 - refreshed n_drirc-disable-rgb10-for-chromium-on-amd.patch ==== Mesa-drivers ==== Version update (26.1.0 -> 26.1.1) Subpackages: Mesa-dri Mesa-libva Mesa-vulkan-device-select libvulkan_lvp - Update to 26.1.1 bugfix release - -> https://docs.mesa3d.org/relnotes/26.1.1 - refreshed n_drirc-disable-rgb10-for-chromium-on-amd.patch ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - add revert-plasmashell.diff - the profile changes caused strange problems (see SR 1355200). Revert for now to get the other fixes out. - add changes-since-v5.0.0.diff with all changes since the 5.0.0 release: - small fixes in parser and utils - lots of profile updates: - abstractions/nameservice (part of boo#1265394) - alsamixer (boo#1265452) - avahi-daemon (boo#1266041) - dig (boo#1265459) - fusermount3 (boo#1265951) - lsof - php-fpm (boo#1265864) - plasmashell - proftpd (boo#1265862) - Samba profiles (boo#1265865) - transmission-daemon (boo#1265863) - various dovecot profiles - add wg-quick.diff to fix wg-quick (boo#1265394) - add curl.diff to fix curl for usage with rpmdevtools (boo#1266273) - add who.diff to fix who (boo#1265860) - remove upstreamed patches (included in changes-since-v5.0.0.diff): - allow-read-slash.diff - lsusb.diff - postfix-profiles-slash.diff - syslog-ng-slashes.diff - wpa_supplicant.diff ==== at-spi2-core ==== Version update (2.60.3 -> 2.60.4) Subpackages: libatk-1_0-0 libatk-bridge-2_0-0 libatspi0 typelib-1_0-Atk-1_0 typelib-1_0-Atspi-2_0 - Update to version 2.60.4: + AtspiDeviceA11yManager: Make use of pid when returned by queryPointer + Fix deregistering application-specific event listeners ==== atkmm1_6 ==== Version update (2.28.4 -> 2.28.5) - Update to version 2.28.5: + Documentation: - Don't link to removed parts of gnome.org - Replace gtkmm.org by gtkmm.gnome.org - Remove obsolete FSF (Free Software Foundation) address - codegen/extradefs/generate_extra_defs_atk.cc: The license is GNU General Public License, version 2, as said in COPYING.tools. - README.win32.md: Mention Visual Studio 2026 - Visual Studio builds: Update build information + Meson build: - Require python3 >= 3.7. That's what Meson requires. - Require meson >= 0.60.0. - subprojects/atk.wrap points at at-spi2-core. GNOME/atk moved to GNOME/at-spi2-core long ago. - Use the Python installation that Meson uses. - Meson and NMake builds: Distinguish Visual Studio 2026 builds from Visual Studio 2022 builds. - NMake Makefiles: Consolidate items and improve flexibility. - NMake Makefiles: Make build process more robust. - NMake Makefiles: Update .m4 installation - Don't require the 'dot' command to build the documentation ==== aws-lc ==== Version update (1.72.0 -> 5.0.0) Subpackages: libcrypto-awslc0 libssl-awslc0 - Update to version 5.0.0: + Test key import in EVPTest a bit more extensively + Add OPENSSL_cleanse to zero stack secrets before return + Fix: Apply COHABITANT_HEADERS logic to location of tool binaries + Fix wherelen handling in BIO_ADDR_rawmake AF_UNIX path + Harden PKCS7 and OCSP error handling + Reject len < -1 in ASN1_mbstring_ncopy + Free existing union arm by current type in PKCS7_set_type + Ensure no trailing data for PKCS8 EVP_parse_private_key + Include trailing NUL in BIO_ADDR_rawaddress AF_UNIX length + Reject negative pass_len in PEM_ASN1_write_bio + Check parameters before comparing pqdsa public keys + Free existing responderId union arm in OCSP_RESPID setters + Release cipher_data on error path too for EVP_CTRL_INIT and EVP_CTRL_COPY + ci: declare contents: read on zig compiler workflow + Add new review workflow + Log versioning and library names druing cmake build step + Tighten OCSP_parse_url URL parsing + Add SHRT_MAX caps to bound iteration and input lengths + Fix correctness findings from penpal testing + Document new versioning scheme and bump mainline to v5.0.0 + Decouple the FIPS version number from the AWS-LC version number + Bump the github-actions group with 2 updates + Bump time from 0.3.36 to 0.3.47 in /tests/ci/lambda + tool-openssl/s_client: default SNI to -connect host to match OpenSSL + Reject undersized buffer in pkey_dsa_sign + Drop obsolete test_pkey_rsa.rb hunk from Ruby 3.4 patch + Enable Windows 7 compat path on MinGW builds + Add getauxval availability detection with /proc/self/auxv fallback for uclibc targets + Prefer CRLs with specific IDP match + Fix manylinux1 build: O_CLOEXEC fallback in getauxval shim + Gate Linux specific code to fix compilation on AIX + BoringSSL: Harden nc_email name constraint checking + Fix python 3.13 patch + Make rustfmt optional for Rust bindings generation + Skip MariaDB socket conflict test unable to run as root + use /map: linker flag to avoid running a binary to capture the hash + Add inline documentation for API contracts + ML-DSA support as a TLS 1.3 signature scheme + Make FIPS compiler wrapper unconditional ==== bind ==== Version update (9.20.22 -> 9.20.23) Subpackages: bind-doc bind-utils - Upgrade to release 9.20.23 https://downloads.isc.org/isc/bind9/9.20.23/doc/arm/html/notes.html Security-Fixes: * Amplification vulnerabilities via self-pointed glue records. (CVE-2026-3592) [bsc#1265592] * server memory exhaustion during GSS-API TKEY negotiation. (CVE-2026-3039) [bsc#1265591] * Unbounded resend loop in BIND 9 resolver (CVE-2026-5950) [bsc#1265596] * SIG(0) validation during query flood may lead to undefined behavior. (CVE-2026-5947) [bsc#1265595] * Invalid handling of CLASS != IN. (CVE-2026-5946) [bsc#1265594] * Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation (CVE-2026-3593) [bsc#1265593] ==== docbook_4 ==== - jsc#PED-14844, bsc#1265199: Look for CATALOG.iso_ent in /usr/share/sgml instead of /var/lib/sgml. - Remove obsolete SGML_CONFIG_DIR aka /var/lib/sgml from Makefile. - Trim whitespace in .changes file. ==== fwupd ==== Subpackages: fwupd-bash-completion libfwupd3 typelib-1_0-Fwupd-2_0 - Add fwupd-bsc1217138-fallback-shim-path.patch to set the fallback shim path for SUSE/openSUSE (bsc#1217138) ==== gdm ==== Version update (50.0 -> 50.1) Subpackages: gdm-schema gdm-systemd gdm-xdm-integration libgdm1 typelib-1_0-Gdm-1_0 - Update to version 50.1: + Fixed issue where GDM failed to properly terminate conflicting graphical sessions started outside of GDM (e.g. ThinLinc, TigerVNC). GDM now queries logind directly to find and terminate all conflicting sessions + Fixed plymouth hanging indefinitely on headless systems or systems without monitors, which prevented the system from reaching graphical.target + Fixed XDG_DATA_DIRS construction to prevent gnome-shell from failing to find its files when /usr/share had higher precedence than /usr/local/share + Fixed bug where GDM would set XDG_SESSION_TYPE=wayland on X11 sessions + Updated translations. - Drop gdm-fix-duplicate-dirs.patch: Fixed upstream. - Add gdm-fix-duplicate-dirs.patch: launch-environment: Fix XDG_DATA_DIRS construction. ==== gjs ==== Version update (1.88.0 -> 1.88.0.g4) Subpackages: libgjs0 typelib-1_0-GjsPrivate-1_0 - Update to version 1.88.0.g4: + maint: Check for NULL before dereferencing error_out pointer + Gio: Restore old arg order of GjsDBusImplementation::handle-method-call + GObject: Fix bug in GObject.Value with flags type - Split out new gjs-tests subpackage, stop passing installed_tests=false to meson setup. Following this, add more typelibs to global exclude. - Add fdupes and libxml2-tools BuildRequires, remove duplicate files and add the optional xmllint dependency. ==== gnome-control-center ==== Version update (50.1 -> 50.2) Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-user-faces gnome-control-center-users - Update to version 50.2: + Device Security: Make labels fit in mobile width + Global Shortcuts: Relas app-id validation requirements + Notifications: Fix "Show Content" notification setting + System: Give "Software Updates" row a "button" accessible role + Wellbeing: Make lables fit into mobile width + Updated translations. - Update vendored libgxpd sub-project. ==== gnome-session ==== Version update (50.0 -> 50.1) - Update to version 50.1: + Fix double-free bug + Updated translations. - Drop gnome-session-fix-double-free-GError.patch: Fixed upstream. ==== gnome-shell ==== Version update (50.1 -> 50.2) Subpackages: gnome-extensions gnome-shell-calendar - Update to version 50.2: + Fix extending screenshot area selection to monitor edges + Fix faulty German translations of several date/time formats + Don't notify dash elements twice to screen reader + Add rate control to VA-API H.264 screencast pipelines + Fix showing “Install Updates” checkbox in power-off/restart dialog + Fix autorun notification for connected USB drives + Fix spinner resetting on each key press in overview search + Fix reapplying layout on `xkb-options` changes + Fix wiggle feedback on non-password auth failures + Open session/a11y menu on login screen on either button + Only show audio input icon when actually recording + Misc. bug fixes and cleanups + Updated translations. - Update vendored sub-project libgnome-volume-control. ==== gnome-user-docs ==== Version update (50.0 -> 50.2) - Update to version 50.2: + Updated translations. ==== gnome-user-share ==== Version update (48.2 -> 48.3) - Update to version 48.3: + Removed the translatable string of realm that caused client authentication errors with passwords + Updated translations. ==== graphviz ==== Version update (14.1.2 -> 15.0.0) Subpackages: libcdt6 libcgraph8 libgvc7 libpathplan4 libxdot4 - License change from EPL (Eclipse Public License) Version 1 to Version 2 - Drop libgraphviz6 construct. Looks like a helper dependency which, if ever used (I could not find any user), should be rather broken due to the stuck library version no 6 for years. - Update to 15.0.0 * The MinGW packages no longer have libgd-dependent components enabled. * **Breaking**: The `diffimg` utility has been removed. - Integrated mainline: D Fix-build-with-non-standard-python-binary.patch - Not needed anymore: D graphviz-smyrna-link_against_glu.patch ==== gsasl ==== Version update (2.2.2 -> 2.2.3) - Update to release 2.2.3 * DIGEST-MD5: Fix NULL pointer dereference in parser; (CVE-2026-48829); (bsc#1266371) * Support Dovecot 2.3 and 2.4 in tests/gsasl-dovecot-gssapi.sh * Update gnulib files and various minor fixes - Drop patch gsasl-const-correctness.patch (merged) ==== gssdp ==== Version update (1.6.4 -> 1.6.5) - Update to version 1.6.5: + Block corresponding TCP socket when allocating UDP socket ==== gtk4 ==== Version update (4.22.4 -> 4.22.4+11) Subpackages: gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0 - Update to version 4.22.4+11: + window: Fixup pointer focus when unmapping a popover + gpu: Trigger cache GC from dmabuf downloading code + Updated translations. ==== gupnp ==== Version update (1.6.9 -> 1.6.10) - Update to version 1.6.10: + Context: - Reuse allocated TCP socket from GSSDP Client for web server - Do not leak GError in ACL handler + Fix IPv6 host header validation - Temp disable tests, currently times out. ==== gupnp-av ==== Version update (0.14.4 -> 0.14.5) Subpackages: libgupnp-av-1_0-3 - Update to version 0.14.5: + Fix missing chain-up in SearchCriteriaParser ==== gvfs ==== Subpackages: gvfs-backend-afc gvfs-backend-goa gvfs-backend-gphoto gvfs-backend-samba gvfs-backends gvfs-fuse - Add gvfs-fix-udisks2-crash.patch: Fix crash of cancelled pending operation. (bsc#1261625, glgo#GNOME/gvfs!326) ==== hwdata ==== Version update (0.406 -> 0.407) - Update to version 0.407: * Update pci and vendor ids - Add missing "BuildRequires: make" ==== iso_ent ==== - jsc#PED-14844: Remove unnecessary systemd-tmpfile. - Specfile cleanup * Change Source0 URL to the redirect of the previous URL. * Convert ISOgrk5.gz to .zip (content unchanged) in order to clean up the %prep section. * Change URL to something more informative. * Drop unneeded sgml-skel BuildRequires. - Trim whitespace in .changes file. - Fix jsc#PED-14844 for immutable mode * No changes in tarball * Use %autosetup * Some code cleanup * Add systemd-tmpfile ==== kernel-firmware-amdgpu ==== Version update (20260514 -> 20260519) - Update to version 20260519 (git commit d962a6a309b7): * amdgpu: DMCUB updates for various ASICs ==== kernel-firmware-intel ==== Version update (20260505 -> 20260519) - Update to version 20260519 (git commit d962a6a309b7): * Add HP ISH firmware for Intel Panther Lake systems ==== kernel-firmware-mediatek ==== Version update (20260423 -> 20260519) - Update to version 20260519 (git commit d962a6a309b7): * linux-firmware: add firmware for MT7927 WiFi device ==== kernel-firmware-qcom ==== Version update (20260514 -> 20260519) - Update to version 20260519 (git commit d962a6a309b7): * qcom: add CDSP firmware for shikra platform ==== kernel-firmware-sound ==== Version update (20260421 -> 20260519) - Update to version 20260519 (git commit d962a6a309b7): * ASoC: tas2783: Add Firmware files for tas2783A projects * ti: Add PCM6240 firmware with multiple audio profiles support ==== less ==== Version update (692 -> 702) - Update to 702: * Add --hilite-target option and -DJ to color target line * Add --past-eof option * Add --end-prompt option * Add --emouse and --rmouse options, and horizontal mouse scrolling and dragging * Add -DT option to format tilde lines * Change OSC 8 link handling: replace LESS_OSC8_xxx with LESS_OSC8_OPEN_xxx. Remove %O from prompt expansion as no longer needed. Any use of environment variables LESS_OSC8_xxx need to be manually changed to use LESS_OSC8_OPEN_xxx * Add ?o to prompt strings, to detect whether an OSC 8 link is selected * When scrolling past end-of-file or before beginning-of-file, stop when exactly one line is left on screen. * Make -w/-W highlight lines when moving backward as well as forward * Display pattern in "Pattern not found" message * Allow m and M commands to take a numeric argument to specify the line to be marked * Allow ' command to take a numeric argument to specify the screen position on which to place the marked line. * Allow lesskey to map keypad ENTER with \kpe * Add "noaction" as a possible action in #line-edit section in a lesskey file * Support POSIX character classes with the built-in V8 regex library * Change | command to pipe just one line if the marked line is at the top of the screen * If OSC8 handler command begins with "-", suppress command echo, and if it begins with ctrl-P, suppress "done" message * Don't ask for confirmation when input is a binary file and stdout is redirected. Fixes infinite loop in that situation * Make early error messages go to stderr if stdout is redirected * Don't retry read after read error; fixes hang when attempting to read a directory or other unreadable file * Fix incorrect restoration of saved mark if not at top of screen * With --save-marks, don't save a mark that was cleared with ESC-m. * Fix buffer overflow when using malformed lesskey file * Fix unexpected scrolling past end of file * Fix bug when env var in LESSKEY_CONTENT partially matches env var defined in lesskey file * Fix bug when env var in lesskey file matches tail of env var used by less * Fix command parsing bug when one command is a substring of another. Also fixes --no-paste option * Fix incorrect display using --color to set character attributes without color, such as -DS-u * Fix crash when tags file contains invalid line number 0 * Fix build when tparm() doesn't use varargs * Fix prompt overflow when filtering with long prompt * Fix incorrect highlighting when change -i while filtering * Fix erroneous error mesage using --show-preproc-error with some shells * Fix erroneous highlighting when using a search pattern containing more than 5 pairs of parentheses with PCRE2 * When ^X interrupts F mode, discard pending keys as is done when ^C interrupts it * Fix bug in Windows where pressing any key during "waiting for data" would prevent a subsequent ^X from working. * Fix erroneous display in some situations when using LESS_LINES * Fix erroneous display after certain messages are displayed in a very narrow terminal * Don't init terminal if stdout is not a tty * Fix bug clicking OSC 8 link that crosses a screen line boundary - add upstream signing key and validate source signature ==== libadwaita ==== Version update (1.9.0 -> 1.9.1) Subpackages: libadwaita-1-0 typelib-1_0-Adw-1 - Update to version 1.9.1: + Use G_PARAM_STATIC_STRINGS where it wasn't used + Fix a build error in the example + AdwAboutDialog/AdwAboutWindow: - Speed up adding legal sections - Speed up adding credit sections + AdwAlertDialog: - Fix a crash when chaining up in response() - Fix the Since annotation on get_prefer_wide_layout() + AdwButtonRow: Fix availability annotation + AdwClampScrollable: Implement GtkScrollable.get_border() + AdwEntryRow: Fix clicking edit icon + AdwNavigationView: Fix swipe direction + AdwSidebar: - Set tab behavior to 'item' - Fix adding multiple sections at once - Fix a crash when removing multiple items at once + AdwStyleManager: - Use default timeout when talking to the settings portal - Fix gtk-application-prefer-dark-theme warnings with newer GTK + AdwTabView: Fix a deprecation + Stylesheet: Fix bottom padding with .navigation-sidebar + Updated translations. ==== libapparmor ==== - add revert-plasmashell.diff - the profile changes caused strange problems (see SR 1355200). Revert for now to get the other fixes out. - add changes-since-v5.0.0.diff with all changes since the 5.0.0 release: - small fixes in parser and utils - lots of profile updates: - abstractions/nameservice (part of boo#1265394) - alsamixer (boo#1265452) - avahi-daemon (boo#1266041) - dig (boo#1265459) - fusermount3 (boo#1265951) - lsof - php-fpm (boo#1265864) - plasmashell - proftpd (boo#1265862) - Samba profiles (boo#1265865) - transmission-daemon (boo#1265863) - various dovecot profiles - add wg-quick.diff to fix wg-quick (boo#1265394) - add curl.diff to fix curl for usage with rpmdevtools (boo#1266273) - add who.diff to fix who (boo#1265860) - remove upstreamed patches (included in changes-since-v5.0.0.diff): - allow-read-slash.diff - lsusb.diff - postfix-profiles-slash.diff - syslog-ng-slashes.diff - wpa_supplicant.diff ==== libcaca ==== - Improve the fix of CVE-2026-42046 for 32bit system. [Fix-32-bit-overflow-in-CVE-2026-42046-patch.patch, bsc#1264984, CVE-2026-42046] ==== libdrm ==== Version update (2.4.133 -> 2.4.134) Subpackages: libdrm2 libdrm_amdgpu1 libdrm_nouveau2 libdrm_radeon1 - update to 2.4.134 * Sync drm_fourcc.h with drm-next * meson: do not mark exynos/omap/tegra as disabled features * omap: stop including linux/types.h * add missing include to util_math.h * amdgpu/modetest: fix discards 'const' qualifier from pointer target type * ci: bump debian from bookworm to trixie * ci: fix indentation ==== libgphoto2 ==== Version update (2.5.33 -> 2.5.34) Subpackages: libgphoto2-6 libgphoto2_port12 - libgphoto2 2.5.34 release ptp2: * new Canon EOS SDRAM capture method added * new Nikon Z series property code list method added * Sony generation 2 vs 3 handling enhanced * Security issues fixed: * CVE-2026-40333: information disclosure and denial of service via unbounded reads in ptp unpack EOS events (bsc#1262445) * CVE-2026-40334: information disclosure and denial of service via missing null terminator ptp_unpack_Canon_FE (bsc#1262446) * CVE-2026-40335: information disclosure via out-of-bounds read in ptp_unpack_DPV (bsc#1262447) * CVE-2026-40336: memory leak in ptp_unpack_Sony_DPD() can lead to denial of service (bsc#1262448) * CVE-2026-40338: information disclosure and denial of service via out-of-bounds read in the PTP_DPFF_Enumeration case of ptp_unpack_Sony_DPD() (bsc#1262449) * CVE-2026-40339: information disclosure via out-of-bounds read in ptp_unpack_Sony_DPD() (bsc#1262450) * CVE-2026-40340: information disclosure and denial of service via out-of-bounds read in ptp_unpack_OI() (bsc#1262452) * CVE-2026-40341: denial of service via out-of-bounds read from untrusted USB devices in ptp_unpack_EOS_FocusInfoEx (bsc#1262454) * chdk: several bugfixes for liveview * configs: * nikon: flashready, infodisperrstatus added * sony: exposureprogram mode3, focusdistancemeters, shutter lag timing, focus indication, shutter type, drange optimizer added, silent mode * canon eos: remoterelease config values changed * panasonic: bulb added * leica: detect not yet listed leicas better in generic mode * added ids: * Sony: ILCE-1M2 * Nikon: CoolPix P1100, S3500, Z50_2, * Canon: EOS R1, R6 Mark III * Fuji Finepix S4200, X-E5, * Leica SL3 jd11: * allow TIFF / DNG export * needs libtiff library to work all: * some bugfixes * replaced various strcpy with strncpy translations: * updated gregorian, spanish * added arabic ==== libheif ==== Version update (1.21.2 -> 1.22.2) Subpackages: gdk-pixbuf-loader-libheif libheif-aom libheif-dav1d libheif-ffmpeg libheif-jpeg libheif-openh264 libheif-openjpeg libheif-rav1e libheif-svtenc libheif1 - version update to 1.22.2: * build issues with OpenJPEG plugin (#1813) * non-plain C in header (#1812) * CVE TBD (GHSA-r7qj-cg5r-r6vf) - Wrapped icef compressed-unit range check causes out-of-bounds read in uncompressed HEIF decoder * CVE TBD (GHSA-5hqq-636x-r3cr) - Out-of-bounds write in inline mask region API when source mask exceeds declared region - deleted patches * libheif-fix-tests-no-HEVC.patch (upstreamed) - fixes [bsc#1266281] [bsc#1266282] - added patches https://github.com/strukturag/libheif/commit/5780da88104270ef316c764c2c2945e0c43af624 * libheif-fix-tests-no-HEVC.patch - update to 1.22.0: * This is a large release with substantial new functionality, mainly focusing on generalized image formats (e.g., multi- spectral images) and a reworked implementation of ISO/IEC 23001-17 (lossless image codec). * HDR up to 64 bpp * Multi-component images with arbitrary component layouts (multi-spectral images, arbitrary non-visual data) * Filter-array (Bayer / mosaic) images, with debayering in color transformation pipeline * Metadata: chroma-sample location (cloc), sample non- uniformity (snuc), sensor bad-pixel map (sbpm), polarization pattern (splz) * heif-dec can now convert to WebP (thanks to @torusrxxx). * heif-enc can now accept input from WebP, HEIF, pure raw files (including floating point pixel data), and CMYK JPEG (converted to RGB). * TIFF input can now read many TIFF formats used in geospatial imaging, like: 16-bit, signed integers, float samples, tiled TIFFs, GeoTIFF overview images, CMYK JPEG, YCbCr-as-JPEG. TIFFs with image tiling and multi-resolution layers are now reproduced as HEIFs when converted. * PNG decoder/encoder: cICP, cLLI, and mDCV chunk support (#1697). * heif-dec: auto-correct option to fix known input errors (e.g. mismatched NCLX/VUI). * Image, Track, Sequence samples, image component GIMI content IDs * Embedding of Turtle (.ttl) metadata files; automatic parsing of GIMI content IDs from Turtle * AOM encoder plugin now auto-selects IQ tune mode * mini-box syntax updated to the current HEIF version 4 draft (thanks @bradh for the initial implementation) * unif brand (globally-unique-ID) support * OMAF (omnidirectional images): indicate ISO/IEC 23000-22 spherical/omnidirectional image projection * alpha bit-depth tracked through the color-conversion pipeline * CVE-2026-32738 (GHSA-7f2h-cmpf-v9ww) : Heap OOB Read / SEGV Crash via Zero samples_per_chunk in stsc (bsc#1265874) * CVE-2026-32739 (GHSA-j9g7-q9hv-gq8c) : Infinite Loop DoS in stts Sample Duration Lookup (bsc#1265875) * CVE-2026-32740 (GHSA-frfr-f3vg-2g6j) : Heap-Buffer-Overflow Write in Grid Tile Chroma Compositing (bsc#1265876) * CVE-2026-32741 (GHSA-j3w5-7whq-p37q) : heap buffer overflow in decode_mask_image() (bsc#1265877) * CVE-2026-32814 (GHSA-4m8r-34pg-rvwc) : Uninitialized Heap Memory Information Leak via Failed Grid Tiles (bsc#1265878) * CVE-2026-32882 (GHSA-hg7q-rjr2-8x46) : Heap Buffer OOB Read in overlay compositing due to wrong alpha stride (bsc#1265879) * CVE-2026-41069 (GHSA-p82x-fpmv-576r) : Out-of-bounds vector access leading to invalid dereference (bsc#1265979) * CVE-2026-41071 (GHSA-xj92-xjff-h8w3) : Heap buffer over-read in SampleAuxInfoReader via crafted HEIF sequence file with mismatched saiz sample count (bsc#1265980) * CVE-2026-47178 (GHSA-5x55-x5pf-9c6g) : Heap Out Of Bounds Write in unci subsystem (bsc#1265981) * CVE-2026-47247 (GHSA-2vh6-whr3-cmq3) : Heap Information Disclosure via Grid Image Gap + Uninitialized Pixel Plane Allocation (bsc#1265982) * CVE-2026-47251 (GHSA-p6q9-fhf2-vj9v) : Incomplete fix for (bsc#1265983) CVE-2026-3949: integer overflow bypass in vvdec_push_data2 * CVE-2026-47254 (GHSA-wqjg-4x9g-6cvg) : Heap Buffer Overflow in `Track::get_next_sample_raw_data()` -- OOB Chunk Vector Access (bsc#1265987) * CVE-2026-47709 (GHSA-4h72-vqgp-9376) : NULL pointer dereference in heif_image_handle_get_image_tiling for malformed unci image missing ispe (bsc#1265988) * CVE-2026-47714 (GHSA-h4wm-6wwf-qvhx) : Integer overflow in inline mask size calculation causes undersized buffer allocation (bsc#1265989) * CVE-2026-48029 (GHSA-6x5f-qchq-cxqv) : heap OOB read in ImageItem_Grid::decode_grid_tile via irot-induced tile- coordinate underflow (bsc#1265990) * (GHSA-95jx-g5vf-cpp8) : Integer Overflow in SampleAuxInfoReader Offset Calculation (bsc#1265992) * (GHSA-p4r6-6972-g26m) : Incorrect byte-count initialization in BitstreamRange constructor allows container-boundary check bypass (bsc#1265995) * (GHSA-jh2w-m72q-q595) : Out-of-bounds read and assertion- based DoS in EXIF parsing (find_exif_tag / read32) with short EXIF TIFF payload (bsc#1265996) * (GHSA-9h96-c44j-jpq9) : Heap buffer overflow via uint32_t stride overflow in image plane allocation (bsc#1265997) ... changelog too long, skipping 9 lines ... * libheif-CVE-2026-3950.patch ==== libjxl ==== - Add libjxl-CVE-2025-70103.patch: take EC into accound when checking required PNM inmput length (bsc#1266460 CVE-2025-70103). ==== libjxl-gtk ==== - Add libjxl-CVE-2025-70103.patch: take EC into accound when checking required PNM inmput length (bsc#1266460 CVE-2025-70103). ==== libphonenumber ==== Version update (9.0.29 -> 9.0.31) - update to 9.0.31: * Update alternate formatting data for country calling code(s): 84 * Update phone metadata for region code(s): AI, BO, DZ, ET, GE, GM, IN, TR, UG, VN * Update short number metadata for region code(s): IT * Update geocoding data for country calling code(s): 213 (en) * Update carrier data for country calling code(s): 34 (en), 43 (en), 84 (en), 90 (en), 220 (en), 251 (en), 256 (en), 354 (en), 591 (en), 1264 (en) - includes changes from 9.0.30: * Update alternate formatting data for country calling code(s): 91 * Update phone metadata for region code(s): CL, CZ, DE, IN, SG * Update geocoding data for country calling code(s): 91 (en) * Update carrier data for country calling code(s): 56 (en), 65 (en), 91 (en), 594 (en), 596 (en), 855 (en) ==== libsolv ==== Version update (0.7.37 -> 0.7.39) Subpackages: libsolv-tools-base libsolv1 ruby-solv - fix solv_chksum_free segfault when called with a NULL pointer - bump version to 0.7.39 - made repo_add_solv more robust against corrupt files [bsc#1265935] [CVE-2026-9149] - fix potential buffer overflow when verifying EdDSA signatures [bsc#1266039] [CVE-2026-48863] - added limit checks in multiple places to catch overflows - reduce the size of the language id cache - fixed Debian canon selection - fixed dbpath detection in repo_rpmdb_librpm - reduced stack usage in repo page compression (needed for musl) - bump version to 0.7.38 ==== libsoup ==== Subpackages: libsoup-3_0-0 typelib-1_0-Soup-3_0 - Add libsoup-CVE-2026-4271.patch: Protect message io while reading and writing (bsc#1259767, CVE-2026-4271, glgo#GNOME/libsoup#496). ==== libsoup2 ==== - Add libsoup2-CVE-2026-1801.patch: Use CRLF as line boundary when parsing chunk encoding data (bsc#1257649 CVE-2026-1801 glgo#GNOME/libsoup#481). ==== libunwind ==== - Add fix-s390x-tests.diff (part of #1002) to fix endless loop on s390x in Gtest-trace and Ltest-trace ==== libwebp ==== Subpackages: libsharpyuv0 libwebp-tools libwebp7 libwebpdemux2 libwebpmux3 - Drop build dependency on giflib and glut, those are only used for example programs anyway. - Add libwebp-s390x-0e5f4ee.diff to fix python-Pillow on s390x (https://github.com/python-pillow/Pillow/issues/8831) - Fix build on code 15 by forcing gcc 14 ==== libxfce4windowing ==== Version update (4.20.5 -> 4.20.6) Subpackages: libxfce4windowing-0-0 libxfce4windowing-lang libxfce4windowingui-0-0 - Revert change regarding the -lang package. - Update to version 4.20.6 * Add xfw_screen_get_monitor_for_gdk_monitor() * Add missing "New in 4.20.6" docs section * Add missing chain up to parent class * I18n: Update po/LINGUAS list * XfwMonitor: Fix (xdg_)output_done event handling * XfwMonitor: Fix typo and initialize class member * Ignore workarea/workspace count mismatches * Fix incorrect max to clamp workspace number to * Implement workspace geometry for wayland * Add XfwWorkspace:geometry property * Fix missing workspace signal connections in test program * Add test program to enumerate workspaces * Fix X11 workspace geometry and layout getting out of date * Fix incorrect col & row ordering for Wayland workspace coordinates * Fix width -> height typo for XfwWorkspaceX11 geometry * Add fallback monitor on X11 if XRandR doesn't report anything * Don't depend on wayland-scanner and wayland-protocols * XfwWindowWayland: Connect to XfwScreen::monitor-added * XfwWindowWayland: Connect to XfwScreen::monitor-removed * Translation Updates ==== libzio ==== Version update (1.12 -> 1.14) - Update to version 1.14 * Fix signed octal magic character for lzma - Update to version 1.13 * Avoid signed/unsigned comparison in magic() ==== libzypp ==== Version update (17.38.9 -> 17.38.11) - Fix potential crash on malformed or malicious repository metadata (fixes #740) - version 17.38.11 (35) - Repo metadata: discard entries referring to a location outside the repo (bsc#1259802, CVE-2026-25707) Mirroring those data locally would refer to a location outside the repo's local cache directory. Those data entries are reported and discarded. - zypp.conf: Allow [env] section to add environment variables. This feature is designed to enable environment-specific settings or debugging options over an extended period. See zypp.conf(5). - version 17.38.10 (35) ==== live555 ==== Version update (2026.03.23 -> 2026.04.22) Subpackages: libBasicUsageEnvironment2 libUsageEnvironment3 libgroupsock33 - Update to version 2026.04.22 (CVE-2026-41470, boo#1265856): + Added extra checking to the handling of the RTSP server's "PLAY", "PAUSE", "TEARDOWN", and "SET_PARAMETER" commands, to ensure that, if the session is authenticated, then a proper authentication check is done before these commands are handled. This protects against the use of a 'stolen' RTSP session id to send these commands. (Note, however, that if the session is not authenticated (i.e., no username,password is needed), then no such protection is possible.) - Changes from version 2026-04-01: + Updated the way that the RTSP server generates successive RTSP 'session ids' to make it less likely that an attacker could guess a session id. + Updated the RTSP server implementation to make it possible for a client to request both interleaved (i.e., RTP/RTCP-over-TCP) and non-interleaved (i.e., RTP/RTCP-over-UDP) delivery within the same session. ==== man ==== - Change patch man-db-2.7.1-zio.dif to avoid Heisenbug (boo#1262477) ==== mariadb ==== Version update (11.8.6 -> 11.8.7) Subpackages: libmariadbd19 mariadb-client mariadb-errormessages - Update to 11.8.7: https://mariadb.com/docs/release-notes/community-server/11.8/11.8.7 https://mariadb.com/docs/release-notes/community-server/changelogs/11.8/11.8.7 * fixes for the following security vulnerabilities: 11.8.7: CVE-2026-44173 CVE-2026-44172 CVE-2026-44171 CVE-2026-44170 CVE-2026-44169 CVE-2026-44168 - Update spec for removal of README-wsrep file - Add test pam modules in mariadb-test package - Add new mariadb-migrate-config-file utility in mariadb-tools package - Refresh 0001-MDEV-38874-Make-tests-pass-after-2030.patch - Drop MDEV-38811.patch * Included in upstream release ==== nautilus ==== Version update (50.1 -> 50.2.2) Subpackages: gnome-shell-search-provider-nautilus libnautilus-extension4 - Update to version 50.2.2: + Bugfixes: Fix app chooser breaking translation domains - Update to version 50.2: + Enhancements: - Flush search results based on time instead of file count - Allow opening multiple files with different extensions + Fixed regressions: Added search entry to applicaton chooser + Bugfixes: - Fix app staying in the background after properties windows are closed - Fix possible crash with properties window - Fix thumbnails not appearing in remote locations - Fix fallback icons not changing size with zoom level - Fix duplicate conflict dialog when moving files across volumes - Handle trailing '.' character for FAT volumes - Fix search recursion for directories with no ID - Fix off-by-one insertion of bookmarks - Fix templates unique naming with a file extension - Fix a thin line of checker pattern appearing in thumbnails - Fix opening files with nautilus itself - Avoid potential crash in list view + Cleanups: - Don't create trash monitor when not needed - Correctly clear name-cell callbacks on disposal + Updated translations. ==== nvidia-open-driver-G06-signed ==== - linux-7.0.patch * adjust driver to changes of screen_info with Kernel 7.0, which broke the driver completely (boo#1263825); see also https://forums.developer.nvidia.com/t/linux-driver-595-71-05-still-tries-to-use-screen-info-struct-which-was-refactored-in-7-0-kernel/370825 ==== nvidia-open-driver-G07-signed ==== Version update (595.71.05_k7.0.10_2 -> 595.80_k7.0.10_2) Subpackages: nvidia-open-driver-G07-signed-kmp-64kb nvidia-open-driver-G07-signed-kmp-default - linux-7.0.patch * adjust driver to changes of screen_info with Kernel 7.0, which broke the driver completely (boo#1263825); see also https://forums.developer.nvidia.com/t/linux-driver-595-71-05-still-tries-to-use-screen-info-struct-which-was-refactored-in-7-0-kernel/370825 - update non-CUDA variant to 595.80 (boo#1266660) - update CUDA variant to 610.43.02 - kernel-5.14.patch not needed; removed therefore ==== nvidia-open-driver-G07-signed-cuda ==== Version update (595.71.05_k7.0.10_2 -> 610.43.02_k7.0.10_2) Subpackages: nvidia-open-driver-G07-signed-cuda-kmp-64kb nvidia-open-driver-G07-signed-cuda-kmp-default - linux-7.0.patch * adjust driver to changes of screen_info with Kernel 7.0, which broke the driver completely (boo#1263825); see also https://forums.developer.nvidia.com/t/linux-driver-595-71-05-still-tries-to-use-screen-info-struct-which-was-refactored-in-7-0-kernel/370825 - update non-CUDA variant to 595.80 (boo#1266660) - update CUDA variant to 610.43.02 - kernel-5.14.patch not needed; removed therefore ==== openSUSE-build-key ==== - extended to openSUSE 4096bit RSA key for 4 more years. gpg-pubkey-29b700a4-6a17fa38.asc ==== openSUSE-release ==== Version update (20260527 -> 20260531) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== orca ==== Version update (50.1 -> 50.2) - Update to version 50.2: + Web: - Fix repetition of previous line when leaving blockquotes. - Handle traceback triggered by Chromium crash. - Fix double-presentation when flat-reviewing Chromium content. + Preferences: - Fix table-navigation-enabled state for app settings. - Fix orphaned key grab. + Updated translations. ==== pipewire ==== Version update (1.6.5 -> 1.6.6) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 1.6.6 * This is a bugfix release that is API and ABI compatible with the previous 1.6.x releases. * Highlights - Fix a bug in the server code that could leave snap clients without sound. (#5270 (closed)) - Relax LADSPA path loading again, absolute paths are only blocked in unsafe cases. - Fix a volume restore issue in filter-graph when using custom volume controls. - Small fixes and improvements. * PipeWire - Fix the meta permission check on metadata. - Make sure we don't accept too many fds. - Fix potential race with buffer allocation and Suspend. (#3547) * SPA - Relax LADSPA path loading. Absolute paths are allowed when loading modules from a config file. They are now only blocked when loading the pulse ladspa modules and filter-chains in nodes because those can load ladspa plugins in other processes. (#5222 (closed)) - Fix a regression in the dither noise that was silent when no input was available. (#5260 (closed)) - Fix volume initialization in filter-graph. (#5192 (closed)) * Pulse-server - Fix a bug in the server code that could leave snap clients without sound. (#5270 (closed)) - Be more careful with the stream suspend messages and only send them when the stream is monitoring. (#5273 (closed)) - Fix monitor mode in pavucontrol. * Tools - Fix midifile SysEx writing in pw-cat and ensure the header is written correctly on close. - Make sure pw-cat does not try to convert Midi to UMP. ==== polkit-default-privs ==== Version update (1550+20260513.3b99372 -> 1550+20260528.62493d2) - Update to version 1550+20260528.62493d2: * profiles: add qsnapper (bsc#1261537) ==== powerdevil6 ==== - Pass '-DQT_QML_NO_CACHEGEN:BOOL=TRUE' to CMake to make builds reproducible (related: boo#1248369) ==== python-ldap ==== Version update (3.4.5 -> 3.4.7) - update to 3.4.7: * No code changes, correcting for the fact that the previous release artifacts uploaded to PyPI contained unintended files. * ``attrlist`` parameter is now properly checked before use, avoiding memory errors due to type mismatches * Fixed errors with requestName/requestValue in ``extop.dds`` * ``ldif`` and ``ldap.schema`` modules now actively close sockets as they're finished with them ==== python-markdown-it-py ==== Version update (4.0.0 -> 4.2.0) - Update to 4.2.0: * Add make_fence_rule() factory for configurable fence markers * Add --stdin option to CLI * Add typing to Scanner * Fix quadratic complexity in fragments_join / text_join * Allow plugins to register inline terminator characters * Add gfm-like2 preset with task lists, alerts, and single-tilde strikethrough ==== python-pip ==== Version update (26.1 -> 26.1.1) Subpackages: python311-pip python313-pip - Update to 26.1.1: - Fix issue where uninstallation left behind empty directories. Revert the removal of the adjacent __pycache__ directory when a .py file is removed. (#13973) ==== qt6-base ==== Version update (6.11.0 -> 6.11.1) Subpackages: libQt6Concurrent6 libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6OpenGLWidgets6 libQt6PrintSupport6 libQt6Sql6 libQt6Test6 libQt6WaylandClient6 libQt6Widgets6 libQt6WlShellIntegration6 libQt6Xml6 qt6-network-tls qt6-networkinformation-connman qt6-networkinformation-glib qt6-networkinformation-nm qt6-platformtheme-gtk3 qt6-printsupport-cups qt6-sql-mysql qt6-sql-sqlite qt6-wayland - Update to 6.11.1 https://www.qt.io/blog/qt-6.11.1-released - Drop patches, merged upstream: * 0001-Do-not-persist-unicode-error-state-across-dirents.patch * 0001-Ensure-custom-types-are-normalized.patch * 0001-freetype-Handle-failing-glyph-rendering.patch ==== qt6-declarative ==== Version update (6.11.0 -> 6.11.1) Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsPlatform6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsStyleKit6 libQt6LabsSynchronizer6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlMeta6 libQt6QmlModels6 libQt6QmlNetwork6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 libQt6QuickVectorImage6 libQt6QuickWidgets6 qt6-declarative-imports - Add upstream fix (kde#520252) * 0001-QQmlTableInstanceModel-refactor-QModelIndex-calculat.patch - Update to 6.11.1 https://www.qt.io/blog/qt-6.11.1-released ==== qt6-imageformats ==== Version update (6.11.0 -> 6.11.1) - Update to 6.11.1 https://www.qt.io/blog/qt-6.11.1-released ==== qt6-location ==== Version update (6.11.0 -> 6.11.1) Subpackages: libQt6Location6 - Update to 6.11.1 https://www.qt.io/blog/qt-6.11.1-released ==== qt6-multimedia ==== Version update (6.11.0 -> 6.11.1) Subpackages: libQt6Multimedia6 libQt6MultimediaQuick6 libQt6MultimediaWidgets6 libQt6Quick3DSpatialAudio6 libQt6SpatialAudio6 qt6-multimedia-imports - Update to 6.11.1 https://www.qt.io/blog/qt-6.11.1-released ==== qt6-networkauth ==== Version update (6.11.0 -> 6.11.1) - Update to 6.11.1 https://www.qt.io/blog/qt-6.11.1-released ==== qt6-positioning ==== Version update (6.11.0 -> 6.11.1) Subpackages: libQt6Positioning6 libQt6PositioningQuick6 qt6-positioning-imports - Update to 6.11.1 https://www.qt.io/blog/qt-6.11.1-released ==== qt6-qt5compat ==== Version update (6.11.0 -> 6.11.1) Subpackages: libQt6Core5Compat6 qt6-qt5compat-imports - Update to 6.11.1 https://www.qt.io/blog/qt-6.11.1-released ==== qt6-quick3d ==== Version update (6.11.0 -> 6.11.1) Subpackages: libQt6Quick3D6 libQt6Quick3DAssetImport6 libQt6Quick3DAssetUtils6 libQt6Quick3DEffects6 libQt6Quick3DHelpers6 libQt6Quick3DHelpersImpl6 libQt6Quick3DParticleEffects6 libQt6Quick3DParticles6 libQt6Quick3DRuntimeRender6 libQt6Quick3DUtils6 libQt6Quick3DXr6 qt6-quick3d-imports - Update to 6.11.1 https://www.qt.io/blog/qt-6.11.1-released ==== qt6-quicktimeline ==== Version update (6.11.0 -> 6.11.1) - Update to 6.11.1 https://www.qt.io/blog/qt-6.11.1-released ==== qt6-sensors ==== Version update (6.11.0 -> 6.11.1) Subpackages: libQt6Sensors6 - Update to 6.11.1 https://www.qt.io/blog/qt-6.11.1-released ==== qt6-shadertools ==== Version update (6.11.0 -> 6.11.1) - Update to 6.11.1 https://www.qt.io/blog/qt-6.11.1-released ==== qt6-speech ==== Version update (6.11.0 -> 6.11.1) Subpackages: libQt6TextToSpeech6 qt6-texttospeech - Update to 6.11.1 https://www.qt.io/blog/qt-6.11.1-released ==== qt6-svg ==== Version update (6.11.0 -> 6.11.1) Subpackages: libQt6Svg6 libQt6SvgWidgets6 - Update to 6.11.1 https://www.qt.io/blog/qt-6.11.1-released - Drop patch, merged upstream: * 0001-Test-types-of-nodes-before-downcasting-them.patch ==== qt6-tools ==== Version update (6.11.0 -> 6.11.1) Subpackages: libQt6Designer6 libQt6UiTools6 qt6-tools-qdbus - Update to 6.11.1 https://www.qt.io/blog/qt-6.11.1-released - Drop patch: * 0003-QDoc-Swap-forever-for-while-true.patch * 0004-QDoc-Disable-Qt-keyword-macros.patch ==== qt6-translations ==== Version update (6.11.0 -> 6.11.1) - Update to 6.11.1 https://www.qt.io/blog/qt-6.11.1-released ==== qt6-virtualkeyboard ==== Version update (6.11.0 -> 6.11.1) Subpackages: libQt6HunspellInputMethod6 libQt6VirtualKeyboard6 libQt6VirtualKeyboardQml6 qt6-virtualkeyboard-imports - Update to 6.11.1 https://www.qt.io/blog/qt-6.11.1-released ==== qt6-wayland ==== Version update (6.11.0 -> 6.11.1) - Update to 6.11.1 https://www.qt.io/blog/qt-6.11.1-released ==== qt6-webchannel ==== Version update (6.11.0 -> 6.11.1) Subpackages: libQt6WebChannel6 libQt6WebChannelQuick6 qt6-webchannel-imports - Update to 6.11.1 https://www.qt.io/blog/qt-6.11.1-released ==== qt6-webengine ==== Version update (6.11.0 -> 6.11.1) Subpackages: libQt6WebEngineCore6 libQt6WebEngineQuick6 libQt6WebEngineWidgets6 qt6-webengine-imports - Add upstream fix (QTBUG-145344) * 0001-Fix-AMD-VA-API-flickering-on-Wayland-by-allowing-mul.patch - Update to 6.11.1 https://www.qt.io/blog/qt-6.11.1-released Based on Chromium version: 140.0.7339.264 Patched with security patches up to Chromium version: 148.0.7778.96 - Update build dependencies ==== qt6-webview ==== Version update (6.11.0 -> 6.11.1) - Update to 6.11.1 https://www.qt.io/blog/qt-6.11.1-released ==== quadrapassel ==== Version update (50.1 -> 50.2) - Update to version 50.2: + Fixed the game not getting saved when the window was closed + Updated libgnome-games-support + Updated translations. ==== rdma-core ==== Version update (61.0 -> 62.0) Subpackages: libefa1 libhns1 libibverbs libibverbs1 libionic1 libmana1 libmlx4-1 libmlx5-1 librdmacm1 rdma-ndd - use ldconfig_scriptlets - remove dependency on main package from libibverbs to avoid systemd being pulled in by valkey - Update to rdma-core v62.0 - https://github.com/linux-rdma/rdma-core/releases/tag/v62.0 - Fix bad link in v61.0 changelog entry ==== re2c ==== Version update (4.5 -> 4.5.1) - Fix License tag to SUSE-Public-Domain (the previous LicenseRef-SUSE-Public-Domain form was invalid and caused the Factory submission to be declined) - Spec cleanup: * Add missing BuildRequires: make * Drop spurious executable permission from the bundled examples/*/__run_all.sh helper scripts - Update to version 4.5.1 * Add missing include files to the distribution (#573). ==== salt ==== Subpackages: python311-salt salt-master salt-minion - Add 'show_changes' arg to 'file.append/file.prepend" states - Added: * add-show_changes-to-file.append-and-file.prepend-sta.patch ==== samba ==== Version update (4.23.7+git.473.9487af01c24 -> 4.23.8+git.477.f78166bceed) Subpackages: libldb2 python3-ldb samba-ad-dc-libs samba-client samba-client-libs samba-dcerpc samba-gpupdate samba-ldb-ldap samba-libs samba-libs-python3 samba-python3 samba-winbind samba-winbind-libs - Update to 4.23.8 * CVE-2026-4480: Fix Unauthenticated Remote Code Execution; (bso#16033); (bsc#1261161). * CVE-2026-4408: Fix Remote Code Execution in SAMR;(bso#16034); (bsc#1261163). * CVE-2026-3238: Fix unauthenticated udp packet crashes AD DC nbt server; (bso#16012); (bsc#1261160). * CVE-2026-3012: Fix CVE-2026-3012 group policy certificate enrollment using http:// without validation;(bso#16003); (bsc#1261159). * CVE-2026-1933: Fix missing access check on reparse point operations; (bso#15992); (bsc#1261188). * CVE-2026-2340: vfs_worm does not block directory modification; (bso#15997); (bsc#1261158). * CVE-2026-40170: thirdparty ngtcp2 needs to be updated; (bso#16059). * Winbind can change Ownership Of / To A User Who has Homedir / In passwd; (bso#16073). ==== selinux-policy ==== Version update (20260522 -> 20260526) Subpackages: selinux-policy-targeted - Update to version 20260526: * Dontaudit apcupsd dac_override (bsc#1261232) * Allow virtqemud_t to call and transition into udev ==== sgml-skel ==== - jsc#PED-14847: Remove unneeded dir /var/lib/sgml - Specfile cleanup * Use %autosetup instead of %setup. * List files in _bindir explicitly instead of globbing. - Trim whitespace in .changes file. ==== talloc ==== Version update (2.4.3 -> 2.4.4) Subpackages: libtalloc2 python3-talloc - Update to 2.4.4 * lib: Add talloc_realloc_zero() * lib: docs: talloc: fix a wrong cd command * lib:talloc: Remove obsolete web page ==== tdb ==== Version update (1.4.14 -> 1.4.15) Subpackages: libtdb1 python3-tdb - Update to 1.4.15 * Fix parse_hex during `tdbtool storehex` * Remove obsolete web page * tdbtorture: Fix CID 1034816: proper calloc usage ==== tesseract-ocr ==== Subpackages: libtesseract5 tesseract-ocr-common - Modernize spec file: * Drop unused BuildRequires: chrpath (no chrpath calls in spec, no RPATH munging needed) * Drop libtool's --with-gnu-ld configure flag (autodetected on Linux, no functional effect) * Enable parallel build by splitting `make all training doc` into two %make_build invocations (matches upstream CI); the libtool convenience-library race only triggers when those targets are mixed in one make * Strip absolute -L/usr/lib(64) paths from tesseract.pc (fixes rpmlint pkgconfig-invalid-libs-dir error) ==== unbound ==== Version update (1.25.0 -> 1.25.1) Subpackages: libunbound8 unbound-anchor - Update to 1.25.1: * CVE-2026-33278, bsc#1265587: Possible remote code execution during DNSSEC validation * CVE-2026-42944, bsc#1265578: Heap overflow and crash with multiple nsid, cookie, padding EDNS options * CVE-2026-42959, bsc#1265586: Crash during DNSSEC validation of malicious content * CVE-2026-32792, bsc#1265583: Packet of death with DNSCrypt * CVE-2026-40622, bsc#1265581: "Ghost domain name" variant * CVE-2026-41292, bsc#1265580: Parsing a long list of incoming EDNS options degrades performance * CVE-2026-42534, bsc#1265585: Jostle logic bypass degrades resolution performance * CVE-2026-42923, bsc#1265589: Degradation of service with unbounded NSEC3 hash calculations * CVE-2026-42960, bsc#1265588: Possible cache poisoning attack while following delegation * CVE-2026-44390, bsc#1265584: Unbounded name compression in certain cases causes degradation of service * CVE-2026-44608, bsc#1265582: Use after free and crash in RPZ code. - Disable quic support for non tumbleweed distros ==== util-linux ==== Version update (2.41.3 -> 2.42.1) Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - Update to version 2.42.1: * agetty: Always call chdir after chroot * bits: * use getline() to avoid stdin input truncation * prevent unsigned integer underflow and long-lived loop * cfdisk: fix memory leak of original_layout table * chrt: * Fix confusing error messages when priority argument is required * Only show current scheduling policy when pid is given * pass correct integer types to printf * column: fix missing out-of-bounds check in table reordering * dmesg: fix out-of-bounds read when parsing malformed kmsg file * eject: tolerate ILLEGAL REQUEST on ALLOW_MEDIUM_REMOVAL * fdisk: fix trailing whitespace in user reply from readline completion * flock: re-enable the initial shell selection logic * hardlink: avoid format string error for dev_t * ipcutils: use memset explicitly to fill bpf_attr with zero * irqtop/lsirq: Handle EOF in get_irqinfo * last: fix phantom detection for unset loginuid and X11 sessions * libblkid: * Fix typo in probe_zfs * Fix type access in zfs_extract_guid_name * Fix debug OOB read in zfs_process_value * Fix parse_dev debug output * Ignore secondary LUKS2 header in blkid_do_safeprobe() * reiserfs add block size validation for reiser4 * erofs validate blkszbits before checksum calculation * exfs avoid 32-bit overflow in rextsize validation * solaris use 64-bit for partition offset calculations * bsd use 64-bit for partition offset calculations * mac use 64-bit for partition offset calculations * dos use 64-bit for partition offset calculations * udf avoid 32-bit overflow in offset calculations * vfat avoid 32-bit overflow in offset calculations * ubi fix probe return values * f2fs tighten log_blocksize validation * nilfs fix byte order and block size validation * gpt fix wiper offset to use sector size * udf cap descriptor sequence iteration count * bcache add missing NULL check * bsd read enough data to cover disklabel struct * befs improve bounds checking in B+ tree search * ntfs improve integer overflow checks * introduce sysfs_devno_is_dm_hidden() for pre-open check * liblastlog2: wait on busy SQLite connections * libmount: * return btrfs rootfs from get_btrfs_fs_root() * use match_source for mountinfo comparison * libuser: * fix misleading error message * login: * Clean up PAM resources on error path * login-utils/auth: * Drop pam_setcred * lsclocks: * add missing newline character in option description * lsfd: * use memset explicitly to fill bpf_attr with zero * mkfs.cramfs: * Consider -i only once * Add -p padding only once * Improve file size check * mkswap: * Fix --file chmod(2) check when file exists * more: * align MORE_SHELL_LINES semantics with less(1) * newgrp: * Correctly handle getline error * nsenter: * Fix AT_HANDLE_FID on musl * script: * fix "--" separator when used as option argument * fix command and command_norm memory leaks * fix backward compatibility for options after non-option args * strutils: * fix printf formats * su: * Clean up PAM resources on all error paths * fix grammar on man page * revert "su pass arguments after to shell" (obsoletes util-linux-su-revert-su-pass-arguments.patch) * tests: (lsfd/*) make UDPLite related test cases skippable * write: * cleanup indentation and whitespace * use mem2strcpy() for utmp strings * always use utmp as fallback * write, mesg: * add S_ISCHR() check for terminal device paths * Misc: * Fix build with libeconf (obsoletes util-linux-fix-build-with-libeconf.patch) * Update translations. - Swith NTFS mounttype from the default "ntfs3" to "ntfs" (boo#1264688). - Add missing python-rpm-macros BR - Rename TS_OPT_misc_setarch_known_fail to TS_OPT_setarch_setarch_known_fail to follow move of setarch test - Temporarily disable following test that do not work properly ... changelog too long, skipping 89 lines ... - Make uuidd compatible with immutable mode (jsc#PED-16165). ==== util-linux-systemd ==== Version update (2.41.3 -> 2.42.1) Subpackages: lastlog2 liblastlog2-2 - Update to version 2.42.1: * agetty: Always call chdir after chroot * bits: * use getline() to avoid stdin input truncation * prevent unsigned integer underflow and long-lived loop * cfdisk: fix memory leak of original_layout table * chrt: * Fix confusing error messages when priority argument is required * Only show current scheduling policy when pid is given * pass correct integer types to printf * column: fix missing out-of-bounds check in table reordering * dmesg: fix out-of-bounds read when parsing malformed kmsg file * eject: tolerate ILLEGAL REQUEST on ALLOW_MEDIUM_REMOVAL * fdisk: fix trailing whitespace in user reply from readline completion * flock: re-enable the initial shell selection logic * hardlink: avoid format string error for dev_t * ipcutils: use memset explicitly to fill bpf_attr with zero * irqtop/lsirq: Handle EOF in get_irqinfo * last: fix phantom detection for unset loginuid and X11 sessions * libblkid: * Fix typo in probe_zfs * Fix type access in zfs_extract_guid_name * Fix debug OOB read in zfs_process_value * Fix parse_dev debug output * Ignore secondary LUKS2 header in blkid_do_safeprobe() * reiserfs add block size validation for reiser4 * erofs validate blkszbits before checksum calculation * exfs avoid 32-bit overflow in rextsize validation * solaris use 64-bit for partition offset calculations * bsd use 64-bit for partition offset calculations * mac use 64-bit for partition offset calculations * dos use 64-bit for partition offset calculations * udf avoid 32-bit overflow in offset calculations * vfat avoid 32-bit overflow in offset calculations * ubi fix probe return values * f2fs tighten log_blocksize validation * nilfs fix byte order and block size validation * gpt fix wiper offset to use sector size * udf cap descriptor sequence iteration count * bcache add missing NULL check * bsd read enough data to cover disklabel struct * befs improve bounds checking in B+ tree search * ntfs improve integer overflow checks * introduce sysfs_devno_is_dm_hidden() for pre-open check * liblastlog2: wait on busy SQLite connections * libmount: * return btrfs rootfs from get_btrfs_fs_root() * use match_source for mountinfo comparison * libuser: * fix misleading error message * login: * Clean up PAM resources on error path * login-utils/auth: * Drop pam_setcred * lsclocks: * add missing newline character in option description * lsfd: * use memset explicitly to fill bpf_attr with zero * mkfs.cramfs: * Consider -i only once * Add -p padding only once * Improve file size check * mkswap: * Fix --file chmod(2) check when file exists * more: * align MORE_SHELL_LINES semantics with less(1) * newgrp: * Correctly handle getline error * nsenter: * Fix AT_HANDLE_FID on musl * script: * fix "--" separator when used as option argument * fix command and command_norm memory leaks * fix backward compatibility for options after non-option args * strutils: * fix printf formats * su: * Clean up PAM resources on all error paths * fix grammar on man page * revert "su pass arguments after to shell" (obsoletes util-linux-su-revert-su-pass-arguments.patch) * tests: (lsfd/*) make UDPLite related test cases skippable * write: * cleanup indentation and whitespace * use mem2strcpy() for utmp strings * always use utmp as fallback * write, mesg: * add S_ISCHR() check for terminal device paths * Misc: * Fix build with libeconf (obsoletes util-linux-fix-build-with-libeconf.patch) * Update translations. - Swith NTFS mounttype from the default "ntfs3" to "ntfs" (boo#1264688). - Add missing python-rpm-macros BR - Rename TS_OPT_misc_setarch_known_fail to TS_OPT_setarch_setarch_known_fail to follow move of setarch test - Temporarily disable following test that do not work properly ... changelog too long, skipping 89 lines ... - Make uuidd compatible with immutable mode (jsc#PED-16165). ==== vorbis-tools ==== - Fix buffer underflow in the `ogg123` utility in function `remotethread` of `remote.c` (CVE-2026-34253, bsc#1265361): 0001-Do-not-assume-fgets-result-is-non-empty.patch 0002-ogg123-Handle-EOF-error-in-remote-interface.patch ==== xscreensaver ==== Version update (6.09 -> 6.15) Subpackages: xscreensaver-data xscreensaver-lang - update to 6.15: * New hacks: worldpieces, bestill, bubblecolors, darktransit, downfall, driftclouds, goldenapollian, noxfire, prococean, rigrekt, trainmandala, trizm and universeball. * mapscroller shows the name of the nearest major city, and has an updated list of available map tile servers. * Higher resolution Earth imagery in glplanet, dymaxionmap, sphereeversion, cubocteversion and platonicfolding. * X11: xscreensaver-settings has a search field. * X11: Excised the last remnants of XLFD-style font parsing. * macOS, iOS: Text in right-to-left languages is rendered properly. * Android: Most things display text properly. - changes from 6.14.1: * macOS: the new shader savers were crashing at startup. - changes from 6.14: * Added the ability to run shadertoy.com programs as screen savers. * New shader-based savers: alienbeacon, batteredplanet, elementalring, fluxcore, gimbalharmonics, hexplasma, logarithmiccircles, neongravity, neontriangulator, protophore, selfreflect, skyline, stardome, starnest, stripeytorus, synthwavecity, topologica and truchetzoom. * Better label wrapping in carousel and photopile. * Fixed glslideshow preferences and title display. * X11: Decrufted PAM, including /etc/pam.d/xscreensaver. - changes from 6.13: * Added a number of historical full chess games to endgame. * Rewrote glslideshow to add more image-transition effects. * Hacks that display images and their filenames will display their titles instead, if the image originated in an RSS feed. * X11: Wayland fixes. - changes from 6.12: * X11: DPMS works on Wayland. * X11: Fading uses GL now which should be more performant. - changes from 6.11: * X11: Now supports Wayland (blanking only, not locking). * X11: More reliable and timely DPMS activation. * X11: Dead keys work in password input. * X11: Fixed a couple of minor Y2038 bugs. - changes from 6.10: * New hacks: dumpsterfire, hopffibration, platonicfolding and klondike. * Rewrote the VT100 emulator for apple2 and phosphor. * BSOD supports systemd and bitlocker. - Add 35 new screensavers to xscreensaver-data-extra.list. - Package the new xshadertoy engine binary and man page (used by the shadertoy-based savers) in the data-extra subpackage. - Rebase xscreensaver-disable-upgrade-nagging-message.patch.