Packages changed:
GraphicsMagick
Mesa
Mesa-drivers
at-spi2-core (2.56.0 -> 2.56.1)
btrfsprogs (6.12 -> 6.13)
ca-certificates-mozilla
clamav
container-selinux (2.235.0 -> 2.236.0)
emacs
expat (2.6.4 -> 2.7.1)
fwupd (2.0.6 -> 2.0.7)
gdm
ghostscript (10.04.0 -> 10.05.0)
gnome-console
gnome-control-center (48.0 -> 48.0+15)
gnome-mines (48.alpha -> 48.0)
grilo (0.3.16 -> 0.3.16+17)
grilo-plugins (0.3.16 -> 0.3.16+45)
grub2
gtk3 (3.24.49 -> 3.24.49+14)
gtk4 (4.18.2 -> 4.18.3)
kernel-firmware-amdgpu (20250322 -> 20250328)
kernel-firmware-bluetooth (20250318 -> 20250401)
kernel-firmware-intel (20250311 -> 20250331)
kernel-firmware-qcom
kernel-firmware-sound (20250321 -> 20250331)
kmod (34.1 -> 34.2)
lensfun
libbytesize (2.10 -> 2.11)
libdbusmenu-qt5
libdeflate (1.21 -> 1.23)
libdmtx (0.7.7 -> 0.7.8)
libei (1.4.0 -> 1.4.1)
libgnomesu (2.0.8 -> 2.0.9)
libical (3.0.18 -> 3.0.20)
libical-glib (3.0.18 -> 3.0.20)
libinput (1.28.0 -> 1.28.1)
libnotify (0.8.4 -> 0.8.6)
libpaper (2.2.5 -> 2.2.6)
libpeas
libxml2 (2.13.6 -> 2.13.7)
libxml2-python (2.13.6 -> 2.13.7)
libxmlb (0.3.21 -> 0.3.22)
m17n-lib (1.8.4 -> 1.8.5)
mozjs128 (128.7.0 -> 128.8.1)
mutter (48.0+5 -> 48.1)
ncurses (6.5.20250315 -> 6.5.20250329)
openSUSE-release (20250331 -> 20250402)
osinfo-db
projectM
python-kiwi (10.2.13 -> 10.2.16)
ristretto
rsync
sdbootutil (1+git20250327.9714cbd -> 1+git20250401.2eda714)
sddm
sddm-qt6
totem (43.1 -> 43.1+35)
vim (9.1.1244 -> 9.1.1258)
wireless-regdb (20231201 -> 20250220)
xdg-desktop-portal-gnome
yast2-trans (84.87.20250315.643f794333 -> 84.87.20250330.b9c44bed6b)
=== Details ===
==== GraphicsMagick ====
Subpackages: libGraphicsMagick++-Q16-12 libGraphicsMagick-Q16-3 libGraphicsMagick3-config
- security update
- added patches
fix CVE-2025-27795 [bsc#1239044], JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.
+ GraphicsMagick-CVE-2025-27795.patch
fix CVE-2025-27796 [bsc#1239043], WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation.
+ GraphicsMagick-CVE-2025-27796.patch
use return value of realloc function
+ GraphicsMagick-return-value.patch
==== Mesa ====
Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1
- don't apply revert_8c91624614c1f939974fe0d2d1a3baf83335cecb.patch
on s390x, which is not affected by that issue (different Mesa
version)
==== Mesa-drivers ====
Subpackages: Mesa-dri Mesa-gallium Mesa-libva libxatracker2
- don't apply revert_8c91624614c1f939974fe0d2d1a3baf83335cecb.patch
on s390x, which is not affected by that issue (different Mesa
version)
==== at-spi2-core ====
Version update (2.56.0 -> 2.56.1)
Subpackages: at-spi2-core-lang libatk-1_0-0 libatk-bridge-2_0-0 libatspi0 typelib-1_0-Atk-1_0 typelib-1_0-Atspi-2_0
- Update to version 2.56.1:
+ device-a11y-manager:
- Fix crash on dispose
- Check properly for the DBus backend presence
==== btrfsprogs ====
Version update (6.12 -> 6.13)
Subpackages: btrfsprogs-bash-completion btrfsprogs-udev-rules libbtrfs0 libbtrfsutil1
- update to 6.13
* mkfs:
* allow --sectorsize to be 2K for testing purposes of subpage mode (needs
the same block size supported by kernel)
* fix false error when no compression is requested and lzo is not compiled in
* convert: support 2K block size in the source filesystem
* defrag: new parameter -L/--level to specify compression levels (kernel 6.15),
also supports the realtime levels
* subvol delete: show names of recursively deleted child subvolumes
* qgroup show: use sysfs to detect up to date consistency status
* zoned mode: support zone capacity tracking
* other:
* CI new and updated workflows
* documentation updates
- spec: package btrfs-find-root unconditionally (bsc#1239992)
- Refresh patches: mkfs-default-features.patch (context)
==== ca-certificates-mozilla ====
- explit remove distruted certs, as the distrust does not get exported
correctly and the SSL certs are still trusted. (bsc#1240343)
- Entrust.net Premium 2048 Secure Server CA
- Entrust Root Certification Authority
- AffirmTrust Commercial
- AffirmTrust Networking
- AffirmTrust Premium
- AffirmTrust Premium ECC
- Entrust Root Certification Authority - G2
- Entrust Root Certification Authority - EC1
- GlobalSign Root E46
- GLOBALTRUST 2020
- remove-distrusted.patch: apply to certdata.txt
==== clamav ====
Subpackages: libclamav12 libclammspack0 libfreshclam3
- bsc#1239957: Build with PIE.
- Eliminate some UTF-8 NBSP characters from the changes file.
==== container-selinux ====
Version update (2.235.0 -> 2.236.0)
- Update to version 2.236.0:
* Allow super privileged containers to use RealtimeKit for scheduling
* Add container_ro_file_t to the podman artifact store
==== emacs ====
Subpackages: emacs-el emacs-eln emacs-info emacs-nox etags
- Avoid override of delete-selection-mode in site-load.el (boo#1239926)
- Make libXPM loaded dynamically for gtk/wayland (boo#1239926, boo#1239927)
==== expat ====
Version update (2.6.4 -> 2.7.1)
Subpackages: libexpat1
- version update to 2.7.1
Bug fixes:
[#980] #989 Restore event pointer behavior from Expat 2.6.4
(that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
Other changes:
[#976] #977 Autotools: Integrate files "fuzz/xml_lpm_fuzzer.{cpp,proto}"
with Automake that were missing from 2.7.0 release tarballs
[#983] #984 Fix printf format specifiers for 32bit Emscripten
[#992] docs: Promote OpenSSF Best Practices self-certification
[#978] tests/benchmark: Resolve mistaken double close
[#986] Address compiler warnings
[#990] #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Infrastructure:
[#982] CI: Start running Perl XML::Parser integration tests
[#987] CI: Enforce Clang Static Analyzer clean code
[#991] CI: Re-enable warning clang-analyzer-valist.Uninitialized
for clang-tidy
[#981] CI: Cover compilation with musl
[#983] #984 CI: Cover compilation with 32bit Emscripten
[#976] #977 CI: Protect against fuzzer files missing from future
release archives
- version update to 2.7.0 (CVE-2024-8176 [bsc#1239618])
* Security fixes:
[#893] #973 CVE-2024-8176 -- Fix crash from chaining a large number
of entities caused by stack overflow by resolving use of
recursion, for all three uses of entities:
- general entities in character data ("&g1;")
- general entities in attribute values ("")
- parameter entities ("%p1;")
Known impact is (reliable and easy) denial of service:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
(Base Score: 7.5, Temporal Score: 7.2)
Please note that a layer of compression around XML can
significantly reduce the minimum attack payload size.
* Other changes:
[#935] #937 Autotools: Make generated CMake files look for
libexpat.@SO_MAJOR@.dylib on macOS
[#925] Autotools: Sync CMake templates with CMake 3.29
[#945] #962 #966 CMake: Drop support for CMake <3.13
[#942] CMake: Small fuzzing related improvements
[#921] docs: Add missing documentation of error code
XML_ERROR_NOT_STARTED that was introduced with 2.6.4
[#941] docs: Document need for C++11 compiler for use from C++
[#959] tests/benchmark: Fix a (harmless) TOCTTOU
[#944] Windows: Fix installer target location of file xmlwf.xml
for CMake
[#953] Windows: Address warning -Wunknown-warning-option
about -Wno-pedantic-ms-format from LLVM MinGW
[#971] Address Cppcheck warnings
[#969] #970 Mass-migrate links from http:// to https://
[#947] #958 ..
[#974] #975 Document changes since the previous release
[#974] #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
==== fwupd ====
Version update (2.0.6 -> 2.0.7)
Subpackages: fwupd-bash-completion fwupd-lang libfwupd3 typelib-1_0-Fwupd-2_0
- Update to version 2.0.7:
+ This release adds the following features:
- Allow calling 'fwupdtool security' with a fwupd version parameter
- A new plugin to update B&R DisplayPort receivers
- A new plugin to update Intel CVS cameras
- A new plugin to verify UEFI memory protection attributes
- A new quirk to signify that no additional ESP space is required
- Build additional Redfish instance IDs for Dell server hardware
- Implement the HPE proprietary Redfish firmware push method
- Support cabinet archives greater in size than 2GB
- Support for showing the SBOM release URL
- Support for UEFI capsule installation in the bootloader
+ This release fixes the following bugs:
- Always close USB file descriptors after starting the daemon
- Do not add a Redfish release date if set to 00:00:00Z
- Fix a critical warning when rescanning a device with no GUIDs
- Fix a small memory leak when emumerating Logitech Rallysystem devices
- Fix a tiny Redfish memory leak when writing firmware
- Fix building against pygobject 3.52
- Fix Logitech BulkController setup for new device firmware versions
- Fix scaler-only Wacom USB update deployment
- Fix updating the RMM component in the dell-kestrel dock
- Fix writing new EFI variables to workaround a kernel regression
- Make PCI NAME and SSVID_SSPID based modem-manager IDs visible
- Parse firmware before putting the device into bootloader mode
- Prepend the capsule header when using Capsule-on-Disk
- Put a memory limit on decoding LZMA streams when parsing firmware
- Retry claiming the fastboot interface for up to 2500ms
- Trigger dpaux rescan on drm changes correctly
- Use the metadata version format to set the version_lowest when required
+ This release adds support for the following hardware:
- Another HP wireless dongle
- Lenovo ThinkPad Thunderbolt 4 Smart Dock Gen2
- Lenovo USB-C Dual Display Travel Dock
- More EDL 5G modem devices
- Drop 8583.patch and 8588.patch: fixed upsrtream.
- Align meson call with current upstream supported parameters.
==== gdm ====
Subpackages: gdm-lang gdm-schema gdm-xdm-integration gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0
- No longer rm -vrf
%{buildroot}%{_datadir}/polkit-1/rules.d/20-gdm.rules, now that
boo#1239719 is resolved.
==== ghostscript ====
Version update (10.04.0 -> 10.05.0)
Subpackages: ghostscript-x11
- Version upgrade to 10.05.0
See 'Recent Changes in Ghostscript' at Ghostscript upstream
https://ghostscript.readthedocs.io/en/gs10.05.0/News.html
* This release addresses:
+ CVE-2025-27830 (bsc#1240074)
+ CVE-2025-27831 (bsc#1240075)
+ CVE-2025-27832 (bsc#1240077)
+ CVE-2025-27833 (bsc#1240078)
+ CVE-2025-27834 (bsc#1240079)
+ CVE-2025-27835 (bsc#1240080)
+ CVE-2025-27836 (bsc#1240081)
+ CVE-2025-27837 (bsc#1240082 - affects only Windows)
* The 10.05.0 release deprecates the non-standard operator
"selectdevice", all code should now be using the standard
"setpagedevice" operator. "selectdevice" will be removed
in the 10.06.0 release.
* We now support production of PDF/X-1a and PDF/X-4a
in addition to the existing support for PDF/X-3
* The usual round of bug fixes, compatibility changes,
and incremental improvements.
- In Ghostscript 10.05.0 the pdf2dsc utility is removed because
its PostScript program pdf2dsc.ps uses chunks of the old PDF
interpreter which is replaced with a new implementation
(in C instead of PostScript) in the 10.x series of Ghostscript
so pdf2dsc can no longer work as intended. For details see the
"Please restore PDF2DSC for preview-latex" mail thread e.g. on
https://mail.gnu.org/archive/html/auctex-devel/2025-03/threads.html
==== gnome-console ====
Subpackages: gnome-console-lang
- Replace appstream-glib with AppStream BuildRequires, use the
correct dependency, and pass tests=true to meson setup, run all
the tests available.
==== gnome-control-center ====
Version update (48.0 -> 48.0+15)
Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-lang gnome-control-center-user-faces gnome-control-center-users
- Update to version 48.0+15:
* printers: Run printer details response callback when closing
dialog.
* keyboard: fix duplicated search shortcut rows in launchers
group of shortcuts dialog.
* Updated translations.
==== gnome-mines ====
Version update (48.alpha -> 48.0)
Subpackages: gnome-mines-lang
- Update to version 48.0:
+ Updated translations.
==== grilo ====
Version update (0.3.16 -> 0.3.16+17)
Subpackages: grilo-lang libgrilo-0_3-0 libgrlnet-0_3-0 libgrlpls-0_3-0 typelib-1_0-Grl-0_3
- Update to version 0.3.16+17:
* pls: Fix thumbnail URI for remote files in Flatpak
* net: Fix possible regressions from GTask port (6c97aed)
* grilo-test-ui: Use new separate-src config for filesystem
* pls: Use fast-content-type on remote shares
* pls: Add thumbnails for remote files
* Correct 404 URIs to Tracker Ontology reference
* Updated translations.
- Switch to git checkout via source service, current head.
==== grilo-plugins ====
Version update (0.3.16 -> 0.3.16+45)
Subpackages: grilo-plugin-tracker grilo-plugins-lang
- Update to version 0.3.16+45:
* iptv: fix typo in the path of the icon
* iptv: add search support
* iptv: improve browsing support
* iptv: add logo
* plugins: add IPTV source
* raitv: Remove Rai.tv plugin
* lua-factory: Remove Apple Trailers plugin
* euronews: Update for recent site changes
* tests: Adapt to tracker-test-sandbox utility changes
* filesystem: Differentiate two error sources
- Switch to gitcheckout via source service, current head.
- Add localsearch, needed for tests.
==== grub2 ====
Subpackages: grub2-common grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-efi-bls grub2-x86_64-xen
- Fix grub-bls has broken builtin theme for SLE (bsc#1240090)
==== gtk3 ====
Version update (3.24.49 -> 3.24.49+14)
Subpackages: gtk3-data gtk3-immodule-amharic gtk3-immodule-inuktitut gtk3-immodule-thai gtk3-immodule-tigrigna gtk3-immodule-vietnamese gtk3-immodule-xim gtk3-lang gtk3-schema gtk3-tools libgtk-3-0 typelib-1_0-Gtk-3_0
- Update to version 3.24.49+14:
+ widget: Explicitly annotate visible's getter.
==== gtk4 ====
Version update (4.18.2 -> 4.18.3)
Subpackages: gtk4-lang gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0
- Update to version 4.18.3:
+ Bugs fixed:
- GtkTextView left and right margins
- Deadkeys using UFDD modifiers do not work under gtk4 apps
- Wrong position for input method when line number is enabled
- Uninitialized variable being used at
_gdk_win32_surface_compute_size
- Vulkan renderer: `vkCreateSwapchainKHR` errors on windows
when opening a popover for the first time
- GtkTextView double click select then drag not working
- Menu is does not open on mobile since translation is too long
- a11y: remove_from_accessible_relation: assertion
'GTK_IS_AT_CONTEXT (self)' failed
- window: Allow window resizing to always work
- columnview: Measure header for get_border
- vulkan: Fix copy/paste error
- widget: Explicitly annotate visible's getter
- build: Use accesskit-c 0.15
- Fixed MacOS GDK issue where calling main loop iterations in
some Cocoa event...
- widget: Explicitly annotate sensitive's getter
- Windows: Fix #warning not defined with MSVC
- Add more deprecations
- Emit inclusion warning only in normal use
- Fix Double-Free Issue in GTK Print Backend CPDB
- wayland: Avoid a warning without posix_fallocate
- print: Add more docs
- listbox: Don't explicitly show headers and model rows
- Test rapid cursor changes
- wayland: Avoid setting the same shape twice
- Drop an unused field
- build: Improve libintl function check
- gdkglcontext-win32-wgl.c: Apply scale for
glAddSwapHintRectWIN() (fix use on HiDPI)
- gtklistbase: Do not select invalid positions
- inspector: Persist some UI state
- gstsink: Set the actual buffer size
- menus: prefer standard shortcuts over action keys
- wayland: Stop using syscall() for memfds
- memoryformat: Remove unneeded GL header
- Improve BEPO compose sequence visuals
+ Updated translation.
==== kernel-firmware-amdgpu ====
Version update (20250322 -> 20250328)
- Update to version 20250328 (git commit 4bfa7c6351ab):
* amdgpu: update dcn 3.5 and dcn 3.5.1 firmware to 9.0.27.0
* amdgpu: update dcn 3.1.4 firmware to 8.0.78.0
==== kernel-firmware-bluetooth ====
Version update (20250318 -> 20250401)
- Update to version 20250401 (git commit d864697fd38a):
* rtl_bt: Update RTL8852BT/RTL8852BE-VT BT USB FW to 0x17E9_16ED
* Revert "rtl_bt: Update RTL8852BT/RTL8852BE-VT BT USB FW to 0x0471_70A6"
- Update to version 20250331 (git commit 0f7fe1e739bf):
* rtl_bt: Update RTL8852BT/RTL8852BE-VT BT USB FW to 0x0471_70A6
==== kernel-firmware-intel ====
Version update (20250311 -> 20250331)
- Update to version 20250331 (git commit 0f7fe1e739bf):
* intel_vpu: Update NPU firmware
==== kernel-firmware-qcom ====
- Update aliases
==== kernel-firmware-sound ====
Version update (20250321 -> 20250331)
- Update to version 20250331 (git commit 0f7fe1e739bf):
* cirrus: cs35l56: Correct filenames of SSID 103c8e1b and 103c8e1c
==== kmod ====
Version update (34.1 -> 34.2)
Subpackages: libkmod2
- Update to release 34.2
* libkmod: fix buffer-overflow in weakdep_to_char
- Delete unused 0001-build-resolve-build-failure-due-to-missing-include.patch
==== lensfun ====
Subpackages: lensfun-data liblensfun1
- Update lens database
- Add patch:
* lensfun-cmake4.patch
==== libbytesize ====
Version update (2.10 -> 2.11)
Subpackages: libbytesize-lang libbytesize1
- update to 2.11:
* remove dependency on python3-six and python2 crumbs
* Update translation files
* tests: remove unnecessary bash dependency
==== libdbusmenu-qt5 ====
- Add patch:
* 0001-Fix-build-with-CMake-4.patch
==== libdeflate ====
Version update (1.21 -> 1.23)
- update to 1.23:
* Fixed bug introduced in 1.20 where incorrect checksums could
be calculated if libdeflate was compiled with clang at -O0
and run on a CPU supporting AVX512.
* Fixed build error when using -mno-evex512 with clang 18+ or
gcc 14+.
* Increased the minimum CMake version to 3.10.
* Further optimized the x86 CRC code.
* The CMake-based build system now implements a workaround for
gcc being paired with a too-old binutils version.
This can prevent build errors.
==== libdmtx ====
Version update (0.7.7 -> 0.7.8)
- update to 0.7.8:
* cmake build fixes
* dmtxRegion: add deterministic findNext variant
* Adding reader programming feature.
==== libei ====
Version update (1.4.0 -> 1.4.1)
- Update to release 1.4.1
* The ei_touchscreen version listed in the protocol was bumped
to version 2.
==== libgnomesu ====
Version update (2.0.8 -> 2.0.9)
Subpackages: libgnomesu-lang libgnomesu0
- Update to version 2.0.9:
* Remove legacy malloc/realloc workarounds.
==== libical ====
Version update (3.0.18 -> 3.0.20)
- update to 3.0.20:
* Clean up the byte-swapping macros
* Fix a testcase in libical-glib when using 64-bit on a 32-bit
system
- update to 3.0.19:
* Fix for changes to the libicu 75 API
* Add vcpkg manifest-mode support
* Improved berkeley-db discovery on Mac with homebrew
* Improved libicu discrovery on Mac with homebrew
* Properly set DYLD_LIBRARY_PATH on Mac for libical-ical tests
* Resolved known limitation: Negative values are now also
supported for `BYMONTHDAY` and `BYYEARDAY`.
* Add support for RDATE;VALUE=PERIOD
* Fix time conversion to time_t for times before epoch
* Allow `icalcomponent_foreach_recurrence` to receive
`DATE`-only `start` and `end` params.
* Fix the calculation of an event's duration if `DTSTART` is a
`DATE`-only value.
* Fix `icaltime_span_new()` - ignore the case where DTEND is
unset and require it to be set by the caller instead.
* Various fixes for fuzzer issues
==== libical-glib ====
Version update (3.0.18 -> 3.0.20)
- update to 3.0.20:
* Clean up the byte-swapping macros
* Fix a testcase in libical-glib when using 64-bit on a 32-bit
system
- update to 3.0.19:
* Fix for changes to the libicu 75 API
* Add vcpkg manifest-mode support
* Improved berkeley-db discovery on Mac with homebrew
* Improved libicu discrovery on Mac with homebrew
* Properly set DYLD_LIBRARY_PATH on Mac for libical-ical tests
* Resolved known limitation: Negative values are now also
supported for `BYMONTHDAY` and `BYYEARDAY`.
* Add support for RDATE;VALUE=PERIOD
* Fix time conversion to time_t for times before epoch
* Allow `icalcomponent_foreach_recurrence` to receive
`DATE`-only `start` and `end` params.
* Fix the calculation of an event's duration if `DTSTART` is a
`DATE`-only value.
* Fix `icaltime_span_new()` - ignore the case where DTEND is
unset and require it to be set by the caller instead.
* Various fixes for fuzzer issues
==== libinput ====
Version update (1.28.0 -> 1.28.1)
Subpackages: libinput-udev libinput10
- Update to release 1.28.1
* After unplugging and re-plugging a tablet device, proximity
events toggled the tip on/off due to an uninitialized (== zero)
pressure range. Repeatedly unplugging also eventually triggered
an bug notification.
* The `debug-events` diagnosis command failed to print pinch
angle and rotation.
==== libnotify ====
Version update (0.8.4 -> 0.8.6)
Subpackages: libnotify-tools libnotify4 typelib-1_0-Notify-0_7
- Update to version 0.8.6:
+ Revert usage of autopointers
+ notify-send:
- wait timeout variable should be int, not long
- Utilize app_icon property rather than icon-name
+ test: make tests run with `meson test`
+ notify: constructor should set app-icon property, not icon-name
+ Revert updating of meson stylesheet URL
- Add docbook5-xsl-stylesheets, now needed for manpages.
==== libpaper ====
Version update (2.2.5 -> 2.2.6)
Subpackages: libpaper-tools libpaper2
- update to 2.2.6:
* This release involves no code changes, but lots of tidying
up. The library is now versioned on Windows, and build fixes
avoid problems on macOS.
==== libpeas ====
Subpackages: libpeas-1_0-0 libpeas-gtk-1_0-0 libpeas-lang typelib-1_0-Peas-1_0
- Disable python loader for now: peas uses GIRepostiory 1.0, which
conflicts with pygobject 3.52 using GIRepository 2.0 (part of
boo#1239952).
==== libxml2 ====
Version update (2.13.6 -> 2.13.7)
Subpackages: libxml2-2 libxml2-tools
- Update to version 2.13.7:
+ Regressions:
- tree: Fix xmlTextMerge with NULL args
- io: Fix `compressed` flag for uncompressed stdin
- parser: Fix parsing of DTD content
==== libxml2-python ====
Version update (2.13.6 -> 2.13.7)
- Update to version 2.13.7:
+ Regressions:
- tree: Fix xmlTextMerge with NULL args
- io: Fix `compressed` flag for uncompressed stdin
- parser: Fix parsing of DTD content
==== libxmlb ====
Version update (0.3.21 -> 0.3.22)
Subpackages: libxmlb2 libxmlb2-x86-64-v3
- update to 0.3.22:
* Add support for COLLAPSE_EMPTY when exporting an
XbBuilderNode (Richard Hughes)
* Store the expected file size in the header to detect
truncation (Richard Hughes)
* Check the strtab has a trailing NUL byte
* Fix an issue when exporting a silo using COLLAPSE_EMPTY
* Fix calling text() on an empty element
==== m17n-lib ====
Version update (1.8.4 -> 1.8.5)
- update to 1.8.5:
* This release is just for bug fixing.
* Enable anthy-unicode
* Use UTF-8 instead of EUC-JP in example/mimx-anthy.c
* configure.ac: fix incorrect bashism
==== mozjs128 ====
Version update (128.7.0 -> 128.8.1)
- Update to version 128.8.1:
+ CVE-2025-2857: Incorrect handle could lead to sandbox escapes.
- Changes from version 128.8.0:
+ Various security fixes: CVE-2024-43097, CVE-2025-1930,
CVE-2025-1931, CVE-2025-1932, CVE-2025-1933, CVE-2025-1934,
CVE-2025-1935, CVE-2025-1936.
==== mutter ====
Version update (48.0+5 -> 48.1)
Subpackages: mutter-lang
- Update to version 48.1:
+ Fixed occasional screen freezes
+ Fix tablet tool cursor sizes when set via the cursor shape
protocol
+ Fix hiding the cursor when using the cursor shape protocl
+ Fall back to the default color mode when a HDR monitor looses
HDR capabilities
+ Disable HDR support with non-atomic (legacy) KMS drivers
+ Fix the cursor shape protocol when being used with tablets
+ Immediately update cursors on theme and size changes
+ Avoid cursor stuttering when cursor set via the cursor shape
protocol
+ Handle DnD cursor feedback in compositor
+ Fixed crashes
+ Misc. bug fixes and cleanups
- Update to version 48.0+38:
* cursor-sprite/xcursor: Add a cache for the XCursor images
* backends/cursor: Propagate cursor theme and size pref changes
* cursor-renderer/native: Handle when kms_cursor_manager is NULL
* tests: Add a11y mouse keys test
* tests/utils: Add helper to wait for stage update
* tests: Add uinput based virtual input device factory method
* dbus-templates/logind: Open fds as nonblocking
* seat-impl: Split initialization in two steps
* wayland: Handle NULL backend in handle_release_points
* wayland: Refactor handle_release_points helper out of
_dec_use_count
* compositor: Ensure to freeze DnD surface actor during failed
animation
* clutter/frame-clock: Don't accidentally reschedule-now
* Revert "kms/impl-device: Always catch pending KMS update in
_schedule_process"
* onscreen/native: Account for all posted frames
* onscreen/native: Include connector in some debug logs
* clutter/frame-clock: Add more debug logging
* clutter/frame-clock: Set frame clock state via helper
* monitor-manager: Don't apply configurations with unsupported
color modes
* monitor-manager: Split out helper to check monitor availability
* monitor: Add helper to check whether a color mode is supported
* monitor-config-utils: Add monitors config copy function
* wayland: Bail early if cursor shape doesn't change
* wayland: Fix thinko in cursor_shape_manager.get_tablet_tool_v2
* wayland: Fix thinko in shape protocol implementation with
tablet tools
* kms/device: Add SUPPORTS_COLOR_MODES flag and use it to guard
HDR/color
* kms/impl-device/simple: Add support for missing KMS properties
* kms/impl-device/simple: Add support for KMS blobs
* wayland: Allow changing from a cursor shape to a NULL surface
* cursor: Move sprite preparation into sprite classes
* tests: Disconnect dangling signal handlers
* Fix mutter crash from should_constraint_be_enabled()
* test-client: Ignore GdkX11 deprecations
* frames: Ignore GdkX11 deprecations
- Drop 0001-cursor-Unify-prepare_func-for-shape-cursors.patch:
Fixed upstream.
==== ncurses ====
Version update (6.5.20250315 -> 6.5.20250329)
Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen
- Add ncurses patch 20250329
+ add XM/xm to ms-terminal, to enable mouse with experimental Windows
driver -TD
+ add -x option to infocmp in MKfallback.sh
+ improve experimental Windows driver by restoring the scroll buffer
and console mode, e.g., when reset_prog_mode or endwin is called
(patch by Daniel Starke).
+ add a buffer-limit check in postprocess_termcap (report/testcase by
Yifan Zhang).
- Add ncurses patch 20250322
+ add a null pointer check in mouse-initialization, for the
experimental Windows driver (patch by Daniel Starke).
+ improve makefile dependency in Ada95/src
+ add note in user_caps.5 addressing a quibble about dates.
==== openSUSE-release ====
Version update (20250331 -> 20250402)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== osinfo-db ====
- bsc#1240121 - [SLEMicro6.2] osinfo-db: Add support for slem6.2 to
the database
add-slem6.2-support.patch
- bsc#1240338 - virt-manager: Windows Server 2025 is not
automatically detected and missing from manual selection
add-Windows-Server-2025.patch
==== projectM ====
- Fix build on aarch64
==== python-kiwi ====
Version update (10.2.13 -> 10.2.16)
- Bump version: 10.2.15 → 10.2.16
- Support sourcetype setting on the commandline
Allow to specifiy the sourcetype(metalink|baseurl|mirrorlist)
also on the commandline via --set-repo/--add-repo options. So
far this was only possible as part of the kiwi description file
- Bump version: 10.2.14 → 10.2.15
- Fix gh-pages deployment
poetry install was not called, thus sphinx was not present
- Bump version: 10.2.13 → 10.2.14
- Drop use of travis-sphinx
According to the documentation of peaceiris/actions-gh-pages
the sphinx-build output can be directly consumed to publish
to github pages
- Allow stderr data in CommandProcess
Enhance poll_show_progress() method to allow polling on
stderr data too. The new parameter with_stderr is used
together with the dnf5 package manager. dnf5 has changed
in a way that a lot of useful information during the
install of packages is printed to stderr. From my perspective
a clear regression to former behavior but we can fix this
in kiwi to poll on both channels. This Fixes #2748
- Support arch attribute for section
Allow to setup users per arch. This Fixes #2737
- Add Debian_12_update repo for testing with typer
Even though we will add support for the typer Cli with kiwi-11
I want our integration test images to be able to build with the
open PR #2751. Debian 12 is the only target in the support matrix
which uses a too old veryion of typer. Therefore to be able to
test this target I built a newer version of typer in an update
repo for Debian 12 and added it to the integration test
description
- Fixed python3_sitelib for debbuild in OBS
- Fixed test-image-agama
Service setup-systemd-proxy-env.path no longer exists
- Explicitly request shadow-utils
Make sure shadow-utils gets installed for rawhide
integration tests
- Drop test-image-suse-on-dnf test
This was just a "can this work" test but has no real
relevance for users since nobody would use dnf to build
a suse image, there is also no help when it does not
work. So let's drop this test build
- distutils sysconfig is deprecated
Move to sysconfig module
- Make integration tests to build outside of OBS
Update and extend all integration tests such that they also
build outside of the Open Build Service. Along with the changes
on the descriptions a simple build-tests.sh script was added
to drive the build process. The build is based on the kiwi
boxbuild plugin in container mode to build the tests
from a given build-tests directory. A new chapter to document
how to Build the Build Tests is also provided and referenced
on the github main page.
==== ristretto ====
Subpackages: ristretto-lang
- Recommend webp-pixbuf-loader for WebP support
==== rsync ====
- Add rsync341-gcc15-bool.patch to fix gcc15 compile time error
==== sdbootutil ====
Version update (1+git20250327.9714cbd -> 1+git20250401.2eda714)
Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper
- Update to version 1+git20250401.2eda714:
* Shift only the matching component
* Rework free-space allocator algorithm
* Clarify when the initrd is generated
* Add the kernel version for measurement order
* Keep original prediction for pcrlock aligment
* Check array size for emptiness
* Refactor debug output
* Reclaim free space when updating entries
* spec: Update bootloader if it is recognized
* Limit variations up to 8 for a component
* Add priority field in entry list
* Make snapshot_ids ordered by importance
* Convert echo to info
* In virtual environment drop PCR0
- Update to version 1+git20250328.f1d4885:
* Fallback to file config when bootctl fails
* Remove TODO file
* Declare local variable
* Print colors when in terminal
* Do not load the config file when variable is set
* Uset btrfs instead of snapper for set default snapshot
* Drop unused entries parameter
* Improve boot loader detection
==== sddm ====
Subpackages: sddm-branding-openSUSE sddm-greeter-qt5
- Add patch:
* 0001-CMake-Raise-required-version-to-3.5.patch
==== sddm-qt6 ====
Subpackages: sddm-greeter-qt6
- Add patch:
* 0001-CMake-Raise-required-version-to-3.5.patch
==== totem ====
Version update (43.1 -> 43.1+35)
Subpackages: totem-lang totem-plugins totem-video-thumbnailer
- Update to version 43.1+35:
* thumbnailer:
- Bump memory usage limit
- Print actually set resource limits
- Propagate verbose to resource monitor
- Work-around OpenBLAS thread usage
* gst: Use playbin's convert-frame feature again
* build:
- Fix meson deprecation warning about the use of
ExternalProgram.path
- Fix meson deprecating warning about the use of
meson.source_root
- Fix meson deprecation warning about the use of
dependency.get_pkgconfig_variable
* Add branding colors
* open-directory: Don't abort if failed to create XdpPortal
instance
- Drop apple-trailers and vimeo plugins, no longer supported.
- Drop d16d9ad1d2b214996639e4f01c4515b611fb2739.patch: Fixed
upstream.
==== vim ====
Version update (9.1.1244 -> 9.1.1258)
Subpackages: vim-data vim-data-common xxd
- Update to version 9.1.1258:
* patch 9.1.1258: regexp: max \U and \%U value is limited by
INT_MAX
* patch 9.1.1257:
- Mixing vim_strsize() with mb_ptr2cells() in pum_redraw()
- runtime(lf): add lf r34 keywords to syntax script
* patch 9.1.1256:
- if_python: duplicate tuple data entries
- runtime(vim): Update base-syntax, match tuples
* patch 9.1.1255: missing test condition for 'pummaxwidth'
setting
* patch 9.1.1254: need more tests for the comment plugin
* patch 9.1.1253:
- abort when closing window with attached quickfix data
- runtime(doc): non-portable sed regex in Makefile for
pi_netrw.txt rule
* patch 9.1.1252: typos in code and docs related to 'diffopt'
"inline:"
* patch 9.1.1251: if_python: build error with tuples and dynamic
python
* patch 9.1.1250: cannot set the maximum popup menu width
* patch 9.1.1249:
- tests: no test that 'listchars' "eol" doesn't affect "gM"
- runtime(doc): group python interface related items in
todo.txt
* patch 9.1.1248: compile error when building without
FEAT_QUICKFIX
* patch 9.1.1247: fragile setup to get (preferred) keys from
key_name_entry
* patch 9.1.1246: coverity complains about some changes in
v9.1.1243
* patch 9.1.1245: need some more tests for curly braces
evaluation
==== wireless-regdb ====
Version update (20231201 -> 20250220)
- Update to version 20250220 (boo#1240356):
* Update regulatory info for Oman (OM)
* Update regulatory rules for Iran (IR) on both 2.4 and 5Ghz for 2021
* Update regulatory info for Cayman Islands (KY) for 2024
* Update regulatory rules for Austria (AT)
* Permit 320 MHz bandwidth in 6 GHz band in ETSI/CEPT
* Update regulatory rules for Armenia (AM) on 2.4 and 5 GHz
* Update regulatory info for Azerbaijan (AZ) on 6GHz for 2024
==== xdg-desktop-portal-gnome ====
Subpackages: xdg-desktop-portal-gnome-lang
- Bump libgxdp commit to e68375c7ace to fix initialization under
X11. (bsc#1240057)
==== yast2-trans ====
Version update (84.87.20250315.643f794333 -> 84.87.20250330.b9c44bed6b)
Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu
- Update to version 84.87.20250330.b9c44bed6b:
* Translated using Weblate (Esperanto)