Packages changed: MicroOS-release (20250902 -> 20250905) SDL3 (3.2.20 -> 3.2.22) aaa_base (84.87+git20250805.3069494 -> 84.87+git20250903.33e5ba4) boost-base busybox-links container-selinux (2.240.0 -> 2.241.0) docker (28.3.3_ce -> 28.4.0_ce) file iso-codes (4.16.0 -> 4.18.0) kernel-firmware-ath11k (20250820 -> 20250829) kernel-firmware-ath12k (20250808 -> 20250903) kernel-firmware-bluetooth (20250820 -> 20250903) kernel-firmware-i915 (20250730 -> 20250903) kernel-firmware-intel (20250825 -> 20250903) kernel-firmware-iwlwifi (20250818 -> 20250829) kernel-firmware-media (20250825 -> 20250903) kernel-firmware-mediatek (20250813 -> 20250903) kernel-firmware-qcom (20250820 -> 20250903) libxmlb (0.3.22 -> 0.3.23) mozilla-nss (3.113 -> 3.115.1) net-tools (2.10 -> 2.10+1) podman python-cryptography python-maturin (1.9.3 -> 1.9.4) qt6-declarative raspberrypi-firmware-dt (2023.11.21 -> 2025.05.14) runc (1.3.0 -> 1.3.1) sdbootutil (1+git20250820.077bd8b -> 1+git20250903.f5a076b) selinux-policy (20250812 -> 20250902) sof-firmware (2025.05 -> 2025.05.1) wireplumber (0.5.10 -> 0.5.11) zlib-ng-compat (2.2.4 -> 2.2.5) === Details === ==== MicroOS-release ==== Version update (20250902 -> 20250905) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== SDL3 ==== Version update (3.2.20 -> 3.2.22) - Update to release 3.2.22 * A bunch of changes for non-Linux platforms only ==== aaa_base ==== Version update (84.87+git20250805.3069494 -> 84.87+git20250903.33e5ba4) - Update to version 84.87+git20250903.33e5ba4: * Correct fix for boo#1247495 (boo#1248158) ==== boost-base ==== Subpackages: boost-license1_88_0 libboost_filesystem1_88_0 libboost_thread1_88_0 - require shared library package in versioned libboost_url-devel (bsc#1248645) ==== busybox-links ==== Subpackages: busybox-coreutils busybox-diffutils busybox-grep busybox-gzip busybox-hostname busybox-sed busybox-xz - Set net-tools conflict version properly. - Add busybox-ether-wake replacing downstream ether-wake from net-tools (boo#1249034). - Provide support for net-tools-dummy-ether-wake (bsc#1242048). ==== container-selinux ==== Version update (2.240.0 -> 2.241.0) - Update to version 2.241.0: * Allow domains that trans to container_runtime_t bpf:prog_run ==== docker ==== Version update (28.3.3_ce -> 28.4.0_ce) Subpackages: docker-buildx docker-rootless-extras - Update to docker-buildx v0.28.0. Upstream changelog: - Update to Docker 28.4.0-ce. See upstream changelog online at - Rebased patches: * 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch * 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch * 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch * cli-0001-openSUSE-point-users-to-docker-buildx-package.patch * cli-0002-SECRETS-SUSE-default-to-DOCKER_BUILDKIT-0-for-docker.patch ==== file ==== Subpackages: file-magic libmagic1 - Add patch file-5.46-tcgets2.patch from https://bugs.astron.com/view.php?id=678 but disable hunk 1 to avoid conflict with file-seccomp-ppc.patch This should fix bug boo#1249071 - Modify patch file-seccomp-ppc.patch that is use on all architectures ==== iso-codes ==== Version update (4.16.0 -> 4.18.0) - Update to version 4.18.0: + Replace FSF postal address with their website + Rename Chinese translations. + Updated translations. - Changes from version 4.17.0: + Add letter 'g' to conversion script for Tatar + Regenerate cyrillic Tatar from latin Tatar + Update Romanian translation and remove most pre- and suffixes + Updated translations. ==== kernel-firmware-ath11k ==== Version update (20250820 -> 20250829) - Update to version 20250829 (git commit 64596902d2db): * ath11k: Support WCN6855 hw2.1 with NFA firmware variant ==== kernel-firmware-ath12k ==== Version update (20250808 -> 20250903) - Update to version 20250903 (git commit 577ee67ffca2): * ath12k: WCN7850 hw2.0@ncm865: add to WLAN.IOE_HMT.1.1-00018-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1 ==== kernel-firmware-bluetooth ==== Version update (20250820 -> 20250903) - Update to version 20250903 (git commit c784990ba3d2): * rtl_bt: Update RTL8822C BT USB firmware to 0x2B66_D962 ==== kernel-firmware-i915 ==== Version update (20250730 -> 20250903) - Update to version 20250903 (git commit c784990ba3d2): * xe: Update GUC to v70.49.4 for BMG, LNL, PTL * i915: Update GUC to v70.49.4 for ADL-P, DG1, DG2, MTL, TGL ==== kernel-firmware-intel ==== Version update (20250825 -> 20250903) - Update to version 20250903 (git commit c784990ba3d2): * intel_vpu: Update NPU firmware - Update to version 20250829 (git commit 993ff19b553c): * Fix link entry for qat_895xcc.bin - Update to version 20250829 (git commit 64596902d2db): * Move QAT firmware to intel/ subdirectory * Revert "intel/ish: Add firmware for LENOVO THINKPAD X1 2-in-1 Gen 10" ==== kernel-firmware-iwlwifi ==== Version update (20250818 -> 20250829) - Update to version 20250829 (git commit 64596902d2db): * Move all iwlwifi top level files to intel/ directory ==== kernel-firmware-media ==== Version update (20250825 -> 20250903) - Update to version 20250903 (git commit 577ee67ffca2): * qcom: vpu: update firmware binaries to fix encoder drain handling ==== kernel-firmware-mediatek ==== Version update (20250813 -> 20250903) - Update to version 20250903 (git commit 577ee67ffca2): * linux-firmware: update firmware for MT7925 WiFi device * mediatek MT7925:update bluetooth firmware to 20250825220109 Update binary firmware for MT7925 BT devices. ==== kernel-firmware-qcom ==== Version update (20250820 -> 20250903) - Update to version 20250903 (git commit c784990ba3d2): * qcom: add ADSP firmware for qcs615 platform ==== libxmlb ==== Version update (0.3.22 -> 0.3.23) - Update to version 0.3.23: * Bugfixes: Do not reallocate the final silo blob when compiling to reduce peak RSS by about ~6%. ==== mozilla-nss ==== Version update (3.113 -> 3.115.1) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.115.1 * bmo#1982742 - restore support for finding certificates by decoded serial number. * bmo#1984165 - avoid CKR_BUFFER_TO_SMALL error in trust lookups. - update to NSS 3.115 * bmo#1970304 - CID 1648399 - Resource leak in shlibsign.c * bmo#1981034 - CKA_SEED needs to be marked as a private attribute * bmo#1981518 - Fix bad syntax on Windows in softoken_gtest.cc * bmo#1974505 - Key private/public/secret keys by key type in softoken keydb * bmo#1980990 - add PK11_HPKE_GetSharedSecret to abi-check expected report * bmo#1980429 - remove NetscapeStepUpMatchesServerAuth from mozpkix TrustDomain * bmo#1927351 - Fixup ABI * bmo#1927351 - add ECH_SECRET and ECH_CONFIG to SSLKEYLOG for both client and server * bmo#1900841 - ECH fuzz target * bmo#1965331 - Implement PKCS #11 v3.2 FIPS indicator and validation objects * bmo#1978677 - remove expired explicitly distrusted DigiNotar lookalike root * bmo#1965329 - Implement PKCS #11 v3.2 functions - update to NSS 3.114 * bmo#1977376 - NSS 3.114 source distribution should include NSPR 4.37 * bmo#1970079 - Prevent leaks during pkcs12 decoding * bmo#1953731 - Remove redundant assert in p7local.c * bmo#1974515 - Bump nssckbi version to 2.80 * bmo#1961848 - Remove expired Baltimore CyberTrust Root * bmo#1972391 - Add TrustAsia Dedicated Roots to NSS * bmo#1974511 - Add SwissSign 2022 Roots to NSS * bmo#1836559 - Add backwards compatibility for CK_PKCS5_PBKD2_PARAMS * bmo#1965328 - Implement PKCS #11 v3.2 trust objects in softoken * bmo#1965328 - Implement PKCS #11 v3.2 trust objects - nss proper * bmo#1974331 - remove dead code in ssl3con.c * bmo#1934867 - DTLS (excl DTLS1.3) Changing Holddown timer logic * bmo#1974299 - Bump nssckbi version to 2.79 * bmo#1967826 - remove unneccessary assertion * bmo#1948485 - Update mechanisms for Softoken PCT * bmo#1974299 - convert Chunghwa Telecom ePKI Root removal to a distrust after * bmo#1973925 - Ensure ssl_HaveRecvBufLock and friends respect opt.noLocks * bmo#1973930 - use -O2 for asan build * bmo#1973187 - Fix leaking locks when toggling SSL_NO_LOCKS * bmo#1973105 - remove out-of-function semicolon * bmo#1963009 - Extend pkcs8 fuzz target * bmo#1963008 - Extend pkcs7 fuzz target * bmo#1908763 - Remove unused assignment to pageno * bmo#1908762 - Remove unused assignment to nextChunk * bmo#1973490 - don't run commands as part of shell `local` declarations * bmo#1973490 - fix sanitizer setup * bmo#1973187 - don't silence ssl_gtests output when running with coverage * bmo#1967411 - Release docs and housekeeping * bmo#1972768 - migrate to new linux tester pool - rebase FIPS patches to adjust for upstream FIPS work ==== net-tools ==== Version update (2.10 -> 2.10+1) - Set net-tools conflict version properly. - Drop ether-wake binary in favor of wol. It was never part of the upstream net-tools, and we have ether-wake in busybox. Bump rpm version to 2.10.0.0.1 to make a seamless update possible (boo#1249034, drop 0001-Add-ether-wake-binary.patch). - Provide support for net-tools-dummy (bsc#1242048). - Remove net_tool Provides/Obsoletes for SuSE Linux 7 and SLES 7. ==== podman ==== - Do not recommend apparmor-parser and apparmor-abstractions: if the system is using apparmor, those packages will be present. If the system is selinux enabled, we don't want to recommend those packages just becuase we build support for apparmor into the package. ==== python-cryptography ==== - Add Make-unsafe-subinterpreter-support-available-via-cfg.patch to allow ceph-mgr to load modules (boo#1248987) ==== python-maturin ==== Version update (1.9.3 -> 1.9.4) - Update to 1.9.4 * downgrade manylinux version for riscv64 by @ffgan in #2709 * Fix calculation of platform tag for FreeBSD by @michael-o in #2711 * Add builtin sysconfigs for GraalPy by @msimacek in #2716 * Add use-base-python option to pyproject.toml by @SquidDev in #2717 * fix clippy warnings by @alex in #2724 * Fix Target::get_python_arch comment (#2712) by @michael-o in #2726 * Set PYO3_BUILD_EXTENSION_MODULE env var when building pyo3 extension modules by @alex in #2723 - regenerate vendor tarball to fix CVE-2025-58160 (bsc#1249011) ==== qt6-declarative ==== Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsPlatform6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlMeta6 libQt6QmlModels6 libQt6QmlNetwork6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 libQt6QuickVectorImage6 libQt6QuickWidgets6 qt6-declarative-imports - Disable LTO on armv6/7 as a workaround - boo#1249054 ==== raspberrypi-firmware-dt ==== Version update (2023.11.21 -> 2025.05.14) - Fix compatible for bcm2712 pinctrl * bcm2712-fix-compatible.patch - Slow down eMMC and WiFi interface for CM5 modules. * 0001-ARM-dts-bcm2712-Slow-down-eMMC-interface.patch - Remove DMA support from devices. No upstream support for it. * 0001-ARM-dts-bcm2712-Remove-DMA-support.patch - Make rp1_nexus node The interrupt controller - Fix sram@400000 reg mapping. - Update devicetree files to 6.12.y from vendor linux tree. - Refresh following patch which now includes RPi5 related files: * 0001-ARM-dts-bcm27xx-Use-better-name-for-spidev.patch - Remove upstream RPi5 devicetree file. We will use downstream version, which will bring us all of the overlays. * 0001-arm64-dts-broadcom-bcm2712-Add-RaspberryPi-5-support.patch - Add following patches. Firs one adjust RP1 devicetree bindings to the upstream device driver requirements. The second patch fixes possible device crash in s2idle. * 0001-dts-rp1-Wrap-RP1-node-into-nexus-node-as-expected-by.patch * 0002-ARM-dts-bcm2711-Fix-xHCI-power-domain.patch - Add bootloader nmmem configuration fixup overlay. Firmware will put start address and size of bootloader configuration information into $blconfig node, but it will use hard coded #address-cells=2 and #size-cells=1, which is not always true. This will make Linux driver to refuse to register region and because of this rpi-eeprom-update tool will not work. Add workaround which will properly populate reg=<> propery. Hopefully device firmware will be fixed.. - Add nvmem DeviceTree nodes - Add RaspberryPi 5 support ==== runc ==== Version update (1.3.0 -> 1.3.1) - Update to runc v1.3.1. Upstream changelog is available from - Fix runc 1.3.x builds on SLE-12 by enabling --std=gnu11. ==== sdbootutil ==== Version update (1+git20250820.077bd8b -> 1+git20250903.f5a076b) Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper sdbootutil-tukit - Update to version 1+git20250903.f5a076b: * Distiguish between path and id for boot entries ==== selinux-policy ==== Version update (20250812 -> 20250902) Subpackages: selinux-policy-targeted - Update to version 20250902: * Label /usr/lib/systemd/systemd-ssh-issue with systemd_ssh_issue_exec_t * Allow stalld map sysfs files * Allow NetworkManager-dispatcher-winbind get pidfs attributes * Allow openvpn create and use generic netlink socket * policy_capabilities: remove estimated from released versions * policy_capabilities: add stub for userspace_initial_context * add netlink_xperm policy capability and nlmsg permission definitions * policy_capabilities: add ioctl_skip_cloexec * selinux-policy: add allow rule for tuned_ppd_t * selinux-policy: add allow rule for switcheroo_control_t * Label /run/audit with auditd_var_run_t * Allow virtqemud start a vm which uses nbdkit * Add nbdkit_signal() and nbdkit_signull() interfaces * Fix insights_client interfaces names * Add insights_core and insights_client interfaces * dist/targeted/modules.conf: enable slrnpull module * Allow bootupd delete symlinks in the /boot directory * Allow systemd-coredumpd capabilities in the user namespace * Allow openvswitch read virtqemud process state - Syncing with upstream rawhide selinux-policy up to: * 17956d28c011c35560e75a7293ac5924df57a1ee - Update embedded container-selinux version to commit: * 5997aa524734886d35e187f52de2546f25c9f500 (version 2.241.0) ==== sof-firmware ==== Version update (2025.05 -> 2025.05.1) - version update to 2025.05.1: * SOF v2.13.1 DSP topologies. ==== wireplumber ==== Version update (0.5.10 -> 0.5.11) Subpackages: libwireplumber-0_5-0 - Update to version 0.5.11: * Additions & Enhancements: - Added modem manager module for tracking voice call status and voice call device profile selection hooks to improve phone call audio routing on mobile devices (!722, !729, #819) - Added MPRIS media player pause functionality that automatically pauses media playback when the audio target (e.g. headphones) is removed (!699, #764) - Added support for human-readable names and localization of settings in wireplumber.conf with wpctl displaying localized setting descriptions (!712) - Improved default node selection logic to use both session and route priorities when nodes have equal session priorities (!720) - Increased USB device priority in the ALSA monitor (!719) * Fixes: - Fixed multiple Lua runtime issues including type confusion bugs, stack overflow prevention, and SPA POD array/choice builders (!723, !728) - Fixed proxy object lifecycle management by properly clearing the OWNED_BY_PROXY flag when proxies are destroyed to prevent dangling pointers (!732) - Fixed state-routes handling to prevent saving unavailable routes and eliminate race conditions during profile switching (!730, #762) - Fixed some memory leaks in the script tester and the settings iterator (!727, !726) - Fixed a potential crash caused by module-loopback destroying itself when the pipewire connection is closed (#812) - Fixed profile saving behavior in wpctl set-profile command (#808) - Fixed GObject introspection closure annotation ==== zlib-ng-compat ==== Version update (2.2.4 -> 2.2.5) - Update to 2.2.5: * RiscV: chunkset_rvv: fix SIGSEGV in CHUNKCOPY #1889 * MSVC: Disable optimizations for AVX512 GET_CHUNK_MAG causing inflate failure #1884 * Fix building with runtime CPU detection disabled (native) [#1931] * Also check for ZMM support when detecting VPCLMULQDQ support [#1932] * Revert "Clean up insert_match() in deflate_medium" due to performance regression #1938