Packages changed: AppStream (1.1.0 -> 1.1.1) Mesa (25.2.3 -> 25.2.4) Mesa-demo Mesa-drivers (25.2.3 -> 25.2.4) MicroOS-release (20251001 -> 20251005) SDL3 (3.2.22 -> 3.2.24) docker (28.4.0_ce -> 28.5.0_ce) frameworkintegration fwupd geoclue2 (2.7.2 -> 2.8.0) harfbuzz (11.5.1 -> 12.1.0) jq kernel-source kirigami-addons6 (1.9.0 -> 1.10.0) mokutil netavark (1.15.2 -> 1.16.1) open-vm-tools (13.0.0 -> 13.0.5) opencv p11-kit (0.25.5 -> 0.25.10) pam-config (2.13+git.20250827 -> 2.13+git.20251003) permissions (1699_20250120 -> 1699_20251002) pipewire (1.4.8+git4.8f35e18d1 -> 1.4.8+git68.636cbae9b) podman (5.6.1 -> 5.6.2) polkit-default-privs (1550+20250904.99b438e -> 1550+20251002.f34bfbd) pulseaudio python-requests (2.32.4 -> 2.32.5) runc (1.3.1 -> 1.3.2) sdbootutil (1+git20250917.7aab076 -> 1+git20251003.f402058) snapper xmlsec1 (1.2.41 -> 1.2.42) === Details === ==== AppStream ==== Version update (1.1.0 -> 1.1.1) Subpackages: libAppStreamQt3 libappstream5 - Update to version 1.1.1: + Features: Add option to disable man page creation + Bugfixes: - Add explicit UTF-8 tests to check for libfyaml's unicode handling - yaml: Drop implicit string quoting, make it explicit + Mscellaneous: qt: Drop support for Qt5 - Remove multibuild setup and drop all traces of qt5 from the spec file: Qt5 is no longer supported ==== Mesa ==== Version update (25.2.3 -> 25.2.4) Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1 - Update to release 25.2.4 - -> https://docs.mesa3d.org/relnotes/25.2.4 ==== Mesa-demo ==== Subpackages: Mesa-demo-egl Mesa-demo-x - redefine %meson_build/%meson_install on Leap 15.6 in order to fix build ==== Mesa-drivers ==== Version update (25.2.3 -> 25.2.4) Subpackages: Mesa-dri Mesa-vulkan-device-select libvulkan_lvp - Update to release 25.2.4 - -> https://docs.mesa3d.org/relnotes/25.2.4 ==== MicroOS-release ==== Version update (20251001 -> 20251005) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== SDL3 ==== Version update (3.2.22 -> 3.2.24) - Update to release 3.2.24 * Fixed a crash when enumerating Steam Controllers. * Fixed rumble strength on DualSense Edge and Bluetooth connected controllers. * Fixed the HP Deluxe Webcam KQ246AA being detected as joystick. * Fixed VMware not capturing the mouse when relative mode is enabled. * Increased the maximum color target bindings from 4 to 8 in the GPU API. * When using SDL_SetRenderLogicalPresentation(), letterboxing now uses the clear color instead of black. * Fixed crash at startup when redirecting X11 output over ssh. * Fixed a memory leak when using detached threads. ==== docker ==== Version update (28.4.0_ce -> 28.5.0_ce) Subpackages: docker-buildx docker-rootless-extras - Update to Docker 28.5.0-ce. See upstream changelog online at - Backport to re-add vendor.sum, fixing our builds. + 0007-Add-back-vendor.sum.patch - Rebased patches: * 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch * 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch * 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch * cli-0001-openSUSE-point-users-to-docker-buildx-package.patch * cli-0002-SECRETS-SUSE-default-to-DOCKER_BUILDKIT-0-for-docker.patch - Update to docker-buildx v0.29.0. Upstream changelog: ==== frameworkintegration ==== - Drop optional kpackage install handler support. AppStream 1.1.1 no longer supports Qt 5. ==== fwupd ==== Subpackages: libfwupd3 typelib-1_0-Fwupd-2_0 - Fix file list ==== geoclue2 ==== Version update (2.7.2 -> 2.8.0) - Delete 0001-ichnaea-include-ssid.patch, 0002-ichnaea-replace-user-agent.patch, 0003-user-agent-os-info.patch: upstreamed - Remove set default to BeaconDB: now default in upstream - Update to version 2.8.0: * Add comment for the Positon location service in default config * Include the SSID in queries to the Ichnaea server to support BeaconDB * Set User-Agent in web source queries and add OS info to it * Allow disabling WiFi source and static source during compilation * Show default Wifi URLs set on compile time in comments in the default config * Add BeaconDB URLs to comments in the default config * Add a separate GeoIP location source: + Add an 'ip' config section with selectable backend methods: - ichnaea, gmaps, reallyfreegeoip + Allow overriding URL and accuracy in ip methods with values from config + Use BeaconDB as the backup GeoIP URL, if URLs are not defined in ip or web source configs + Remove the GeoIP functionality from the web source, it now only handles queries with Wifi and 3G data * Install sysusers.d file for the geoclue user * Use BeaconDB as the compiled-in default server for locate and submit queries in the web source * Forward xdp location start errors in the GClueSimple API * Stricter NMEA coordinate parsing: Ignore NMEA coordinates without degree digits, reject coordinates with incorrect range etc. * where-am-i: Output accuracy without unnecessary decimals * Don't crash when running without enabled location sources but warn that location is not available * Fix crash on removing a modem without location capabilities * Make SOUP_STATUS_OK as the only successful response code from Ichnaea servers * Gracefully handle empty response from Ichnaea server * Add more details for network-nmea in the manpage ==== harfbuzz ==== Version update (11.5.1 -> 12.1.0) Subpackages: libharfbuzz-gobject0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - Update to version 12.1.0: + Build fixes with GCC 15 on some 32 bit platforms. + Fix misaligned pointer use. + New API, hb_ot_layout_lookup_collect_glyph_alternates(), to collect glyph substitutions from single and alternate substitution lookups in one call, instead of getting substitutions one by one using hb_ot_layout_lookup_get_glyph_alternates(). + New API: +hb_ot_layout_lookup_collect_glyph_alternates() - Update to version 12.0.0: + The major feature of this release is that the Variable Composites / Components (VARC table) addition to the ISO OpenFontFormat has graduated from experimental, and is now enabled by default. It can be disabled at compile time by defining the HB_NO_VAR_COMPOSITESz macro. + VARC table is a new way to store glyph outlines, that allows for better shape reuse, and can reduce font file size for Chinese, Japanese, Korean, and some other scripts drastically. Some font design tools provide a similar feature to designers, known as "smart components". This technology brings the same idea to the compiled font file. + The Fontra font editor already supports this technology. Note that this new format involves just the HarfBuzz draw API and does not affect shaping. + Correctly handle markFilteringSet lookup field during subsetting. + Deduplicate features during subsetting. + Disable “more” buffer messages that give more verbose output when using buffer messages callbacks, as it has a performance overhead. Users/tools that need the more verbose messages should define HB_BUFFER_MESSAGE_MORE to 1 when building HarfBuzz. + Shaping and instancing optimizations. + Fix subsetting issues when building with GCC 12. ==== jq ==== Subpackages: libjq1 - Enable valgrind on riscv64 ==== kernel-source ==== Subpackages: kernel-64kb kernel-default - Revert "crypto: testmgr - desupport SHA-1 for FIPS 140" (bsc#1250804). - commit 190326b ==== kirigami-addons6 ==== Version update (1.9.0 -> 1.10.0) Subpackages: libKirigamiAddonsStatefulApp6 - Update to 1.10.0 https://carlschwan.eu/2025/09/27/kirigami-addons-1.10.0/ * New: KirigamiApp component ==== mokutil ==== - Enable build on riscv64 ==== netavark ==== Version update (1.15.2 -> 1.16.1) - setting update to false in cargo_vendor_service as it updates the dependencies to the latest version in the vendor files that leads to build failures in netavark. Because, the upstream code was written for with the older version of dependencies - Update to version 1.16.1: * release v1.16.1 * release notes for v1.16.1 * Revert "[skip-ci] Update actions/download-artifact action to v5" * update nftables to v0.6.3 * release v1.16.0 * release notes for v1.16.0 * sync release notes from 1.15 branch * fix new lint warnings on rust 1.89 * [skip-ci] Update actions/checkout action to v5 * [skip-ci] Update actions/download-artifact action to v5 * fix(deps): update rust crate tokio to 1.47.1 * fix(deps): update rust crate clap to ~4.5.42 * fix(deps): update rust crate serde_json to 1.0.142 * fix(deps): update rust crate tokio to 1.47.0 * fix(deps): update rust crate hyper-util to 0.1.16 * exec_netns macro: update comment * test: add new test program for connection checks * add .cargo/config.toml to runs tests via unshare -rn * fix(deps): update rust crate rand to 0.9.2 * fix(deps): update rust crate serde_json to 1.0.141 * fix(deps): update rust crate zbus to 5.9.0 * log default route mtu * get_mtu_from_iface_attributes: return error without mtu * make get_default_route_interface return the full LinkMessage * bridge: early break out of loop * change exec_netns macro to return result * Set bridge MTU to match default route. * fix(deps): update rust crate zbus to 5.8.0 * fix(deps): update rust crate hyper-util to 0.1.15 * fix(deps): update rust crate tokio to 1.46.1 * fix(deps): update rust crate tokio to 1.46.0 * fix new rust 1.88 lint errors * fix(deps): update rust crate clap to ~4.5.40 * fix(deps): update rust crate hyper-util to 0.1.14 * make more use of NetavarkError * drop DhcpProxy error type from NetavarkError * update nix to v0.30.1 * fix(deps): update rust crate clap to ~4.5.39 * fix(deps): update rust crate zbus to 5.7.1 * write bridge sysctl to config file * extract systemd path check to core_utils * move sysctl code into separate module * wrap sysctl name in error * drop sysctl dependency * update MSRV to v1.83 * dhcp_proxy: set timeout_sender only if required * cargo: bump mozim to 0.2.6 * fix(deps): update rust crate hyper-util to 0.1.13 * Revert "remove search domain from response" * fix(deps): update rust crate tokio to 1.45.1 * update netlink-packet-route to v0.23.0 * update nix to v0.30.1 * remove unused nispor from Cargo.toml * fix(deps): update rust crate zbus to 5.7.1 * fix(deps): update rust crate hyper-util to 0.1.12 * rpm: update description * bump to v1.16.0-dev * fix(deps): update rust crate zbus to 5.7.0 ==== open-vm-tools ==== Version update (13.0.0 -> 13.0.5) Subpackages: libvmtools0 - Update to open-vm-tools 13.0.5 based on build 24915695. (boo#1250692): Please refer to the Release Notes at https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/ReleaseNotes.md. The granular changes that have gone into the open-vm-tools 13.0.5 release are in the ChangeLog at https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/open-vm-tools/ChangeLog. There are no new features in the open-vm-tools 13.0.5 release. This is primarily a maintenance release that addresses a security issue. This release resolves and includes the patch for CVE-2025-41244. For more information on this vulnerability and its impact on Broadcom products, see VMSA-2025-0015. A patch to address CVE-2025-41244 on earlier open-vm-tools releases is provided to the Linux community at CVE-2025-41244.patch. A minor enhancement has been made for Guest OS Customization. The DeployPkg plugin has been updated to use "systemctl reboot", if available. For a more complete list of issues addressed in this release, see the What's New and Resolved Issues section of the Release Notes. - Drop patch now contained in 13.0.5: 0001-GOSC-Update-Guest-OS-Customization-to-utilize-system.patch CVE-2025-41244-1240-1300-SDMP.patch - Fix (bsc#1250373 (CVE-2025-41244) - VUL-0: contains a local privilege escalation vulnerability. + Add patch: - CVE-2025-41244-1240-1300-SDMP.patch ==== opencv ==== - Add 86df531.patch: FFmpeg 8.0 support (boo#1249045). ==== p11-kit ==== Version update (0.25.5 -> 0.25.10) Subpackages: libp11-kit0 p11-kit-tools - Update to 0.25.10: * rpc: Add module configuration option to specify server address [#707] * rpc: Fix empty array attribute handling [#704] * server: Remove libsystemd dependency for socket activation [#685] * Avoid segfault if p11_library_init_impl/p11_library_uninit are called multiple times [#682] * Add zsh completions [#674] * pkcs11: Update pkcs11.h to version 3.1 [#671] * pkcs11: Add IBM specific mechanisms [#669] * server: Check SHELL if (and only if) neither --sh nor --csh is specified [#661] * trust: Don't create file names longer then 255 [#659] * trust: Sort paths for reproducible extract [#656] * Build and test fixes [#647, #653, #654, #657, #660, #667, #673, #681, #683, #688, #694] * Update translations [#663, #701] * Build fixes from tarball with Meson [#714] * subprojects/pkcs11-json: Update git submodule [PR#719] * Disable zsh completions See fullchangelog at: https://github.com/p11-glue/p11-kit/releases ==== pam-config ==== Version update (2.13+git.20250827 -> 2.13+git.20251003) - Update to version 2.13+git.20251003: * pam_sss: add all possible options * Add support for 12 and 13 options ==== permissions ==== Version update (1699_20250120 -> 1699_20251002) Subpackages: permctl permissions-config - Update to version 1699_20251002: * profiles: add OpenSMTPD setuid/setgid binaries (bsc#1247781) * profiles: drop starter-suid since Singularity is no longer packaged ==== pipewire ==== Version update (1.4.8+git4.8f35e18d1 -> 1.4.8+git68.636cbae9b) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Revert change that enables gsettings-pulse-schema. This creates a file conflict with libpulse-mainloop-glib0 because they both try to install the org.freedesktop.pulseaudio.gschema.xml file. - Update to version 1.4.8+git68.636cbae9b: * avahi: handle fd allocation errors * alsa: Use the minimum period size as headroom for SOF cards * adapter: fix Start of adapter * alsa: don't fail if 3 periods_min fails (boo#1250381) * spa: libcamera: source: fix typo in log message * spa: libcamera: source: query frame buffer planes just once * spa: libcamera: source: simplify `spa_libcamera_clear_buffers()` * spa: libcamera: source: keep `libcamera::FrameBufferAllocator` * spa: libcamera: source: clear buffers when format is changed * spa: libcamera: source: handle try-only format unset * spa: libcamera: source: do not emit param change if try-only * spa: libcamera: source: extract presence of `SPA_NODE_PARAM_FLAG_TEST_ONLY` * spa: libcamera: source: remove format config shortcut * spa: libcamera: source: set chunk flags on error * spa: libcamera: source: process requests on data loop * spa: libcamera: source: process all requests in the ring buffer * spa: libcamera: source: reset ring buffer when stopping * spa: libcamera: source: move request completion data to `impl` * spa: libcamera: source: store the request pointer in ring buffer * spa: libcamera: source: remove `impl::pendingRequests` * spa: libcamera: source: persistent requests <-> buffer association * spa: libcamera: source: allocBuffers(): more error checking * spa: libcamera: source: allocBuffers(): restore on failure * spa: libcamera: source: freeBuffers(): call when format is unset * spa: libcamera: source: freeBuffers(): split pending request removal * spa: libcamera: source: propagate error when setting format * spa: libcamera: source: port_set_format(): remove goto * spa: libcamera: source: use dynamic builder for controls * spa: libcamera: source: provide value labels if available * spa: libcamera: source: handle enum controls better * spa: libcamera: source: unify control range logic * spa: libcamera: source: ignore array controls * spa: libcamera: source: rework bool control type info * spa: libcamera: source: move control enumeration to loop * spa: libcamera: source: separate type info generation * spa: libcamera: manager: keep `libcamera::CameraManager` * spa: libcamera: manager: factor out hotplug event submission * spa: libcamera: source: create eventfd before starting camera * spa: libcamera: source: generate camera config right away * spa: libcamera: source: remove `SPA_PROP_device{,Name}` * spa: libcamera: source: do not close fd * spa: libcamera: source: remove unused `enum_fmt` member * spa: libcamera: source: prop_id_to_control(): do range check first * spa: libcamera: source: fix mapping of `libcamera::ColorSpace::TransferFunction::Linear` * spa: libcamera: source: simplify color space conversion * spa: libcamera: source: avoid iterator overrun when enumerating controls * spa: libcamera: manager: fix id allocation * spa: libcamera: use `nullptr` instead of `NULL` * spa: libcamera: use C++ style casts * spa: libcamera: use anon ns instead of `static` * spa: libcamera: device: remove empty line * spa: libcamera: source: inline `mmap_init()` * spa: libcamera: source: set "corrupted" flag if applicable * spa: libcamera: source: use `union` for transferring control value * spa: libcamera: source: simplify control mapping * spa: libcamera: source: do not make expensive queries multiple times * spa: libcamera: source: simplify format lookup * spa: libcamera: source: use enum types * spa: libcamera: source: handle camera acquire failure * spa: libcamera: inline `libcamera-utils.cpp` * spa: libcamera: clean up includes * spa: libcamera: use lock when acquiring `CameraManager` * spa: libcamera: add colorimetry support * libcamera: Default to auto-focus & auto-exposure - Stop passing gsettings-pulse-schema=disabled to meson setup, all buildependencies are in place already, follow upstream default, build gsettings schema support. ==== podman ==== Version update (5.6.1 -> 5.6.2) - Update to version 5.6.2: * Bump to v5.6.2 * Release notes for v5.6.2 * Vendor buildah@v1.41.5 * Handle SIGPIPE to prevent machine stuck in Starting state * Bump Podman to v5.6.2-dev - Add symlink to catatonit in /usr/libexec/podman (bsc#1248988) ==== polkit-default-privs ==== Version update (1550+20250904.99b438e -> 1550+20251002.f34bfbd) - Update to version 1550+20251002.f34bfbd: * profiles: add systemd-machined v258 register-machine action (bsc#1250893) * profiles: add systemd-homed v258 manage-signing-keys action (bsc#1250884) * profiles: add systemd-resolved v258 addition (bsc#1250880) ==== pulseaudio ==== Subpackages: libpulse-mainloop-glib0 libpulse0 pulseaudio-setup pulseaudio-utils - Move org.freedesktop.pulseaudio.gschema.xml file to pulseaudio-module-gsettings where it belongs. ==== python-requests ==== Version update (2.32.4 -> 2.32.5) - Update to 2.32.5 * The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration. * Added support for Python 3.14. * Dropped support for Python 3.8 following its end of support. - Drop inject-default-ca-bundles.patch, fixed upstream - Drop revert-caching-default-sslcontext.patch, merged upstream - Update BuildRequires from setup.py ==== runc ==== Version update (1.3.1 -> 1.3.2) - Update to runc v1.3.2. Upstream changelog is available from - Includes an important fix for the CPUSet translation for cgroupv2. ==== sdbootutil ==== Version update (1+git20250917.7aab076 -> 1+git20251003.f402058) Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper sdbootutil-tukit - Update to version 1+git20251003.f402058: * Do not mount /run/media in the chroot * Normalize how to hide errors * Ask the volume key only if --measure-pcr is set * Abort any updating inside a transaction * Bindmount /var/lib/systemd for tukit * Revert "Do not ask the password while in a transaction" * Only update PCR 15 if --measure-pcr is set * Do not ask the password while in a transaction * Add parameter for code tracing ==== snapper ==== Subpackages: libsnapper8 - detect correct path of btrfs binary on Debian and derivatives (gh#openSUSE/snapper#1057) ==== xmlsec1 ==== Version update (1.2.41 -> 1.2.42) Subpackages: libxmlsec1-1 libxmlsec1-openssl1 - version update to 1.2.42 * (xmlsec-openssl) Ensured that only certificates from XML file are returned after verification. * (xmlsec-core) Fixed includes to support latest LibXML2 / LibXSLT. * Several other small fixes (https://github.com/lsh123/xmlsec/commits/xmlsec-1_2_x).