Packages changed: MozillaFirefox (143.0.3 -> 144.0) adaptec-firmware arphic-uming-fonts btrfsprogs (6.16.1 -> 6.17) git (2.51.0 -> 2.51.1) glu gnome-browser-connector gnome-console gnome-shell (49.0+17 -> 49.1) gnome-sudoku (49.1 -> 49.2) gnome-tour (49.0.openSUSE+git20251009.a4002c9 -> 49.0.openSUSE+git20251016.669c499) grub2 gstreamer (1.26.6 -> 1.26.7) gstreamer-plugins-bad (1.26.6 -> 1.26.7) gstreamer-plugins-base (1.26.6 -> 1.26.7) gstreamer-plugins-good (1.26.6 -> 1.26.7) gstreamer-plugins-libav (1.26.6 -> 1.26.7) gstreamer-plugins-rs (1.26.6+git20.e287e869 -> 1.26.7+git0.6ab75814) gstreamer-plugins-ugly (1.26.6 -> 1.26.7) kf6-kio (6.19.0 -> 6.19.1) kyotocabinet libsoup mcelog (206 -> 207) mozilla-nss (3.115.1 -> 3.117) mutter (49.0+68 -> 49.1) openSUSE-release (20251017 -> 20251018) orca (49.3 -> 49.4) pipewire (1.4.8+git68.636cbae9b -> 1.5.81) pixman poppler poppler-qt6 publicsuffix (20250904 -> 20251001) python-msgpack (1.1.1 -> 1.1.2) qalculate (5.7.0 -> 5.8.0) qt6-webengine samba (4.22.3+git.403.4e078bdb832 -> 4.22.5+git.431.dc5a539f124) selinux-policy (20251014 -> 20251016) simple-scan (49.0.1 -> 49.1) systemd-presets-common-SUSE util-linux (2.41.1 -> 2.41.2) util-linux-systemd (2.41.1 -> 2.41.2) wireplumber (0.5.11 -> 0.5.12) === Details === ==== MozillaFirefox ==== Version update (143.0.3 -> 144.0) Subpackages: MozillaFirefox-branding-upstream MozillaFirefox-translations-common - Mozilla Firefox 144.0 please check https://www.firefox.com/en-US/firefox/144.0/releasenotes for all news MFSA 2025-81 (bsc#1251263) * CVE-2025-11708 (bmo#1988931) Use-after-free in MediaTrackGraphImpl::GetInstance() * CVE-2025-11709 (bmo#1989127) Out of bounds read/write in a privileged process triggered by WebGL textures * CVE-2025-11710 (bmo#1989899) Cross-process information leaked due to malicious IPC messages * CVE-2025-11711 (bmo#1989978) Some non-writable Object properties could be modified * CVE-2025-11716 (bmo#1818679) Sandboxed iframes allowed links to open in external apps (Android only) * CVE-2025-11717 (bmo#1872601) The password edit screen was not hidden in Android card view * CVE-2025-11712 (bmo#1979536) An OBJECT tag type attribute overrode browser behavior on web resources without a content-type * CVE-2025-11718 (bmo#1980808) Address bar could be spoofed on Android using visibilitychange * CVE-2025-11713 (bmo#1986142) Potential user-assisted code execution in “Copy as cURL” command * CVE-2025-11719 (bmo#1991950) Use-after-free caused by the native messaging web extension API on Windows * CVE-2025-11720 (bmo#1979534, bmo#1984370) Spoofing risk in Android custom tabs * CVE-2025-11714 (bmo#1973699, bmo#1989945, bmo#1990970, bmo#1991040, bmo#1992113) Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 * CVE-2025-11715 (bmo#1983838, bmo#1987624, bmo#1988244, bmo#1988912, bmo#1989734, bmo#1990085, bmo#1991899) Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 * CVE-2025-11721 (bmo#1986816) Memory safety bug fixed in Firefox 144 and Thunderbird 144 - requires NSS >= 3.116 rust = 1.88 (upstream uses 1.89 already which is not available everywhere) - switched to clang build temporarily because of bmo#1990430 and use clang 20 max (21 fails to build) - stop building for i586 as it failing to build and Mozilla officially discontinues any 32bit support for Linux with 145 https://blog.mozilla.org/futurereleases/2025/09/05/firefox-32-bit-linux-support-to-end-in-2026/ ==== adaptec-firmware ==== - use %license tag [bsc#1252133] ==== arphic-uming-fonts ==== - use %license tag [bsc#1252137] - Stop marking arphic-uming as essential for CJK locales (and thus essential enough to be on the openSUSE DVD) ==== btrfsprogs ==== Version update (6.16.1 -> 6.17) Subpackages: btrfsprogs-bash-completion btrfsprogs-udev-rules libbtrfs0 libbtrfsutil1 - update to 6.17 * inspect list-chunks: more sorting keys, descending order * fi resize: add support for offline (unmounted) growing of single device * device stats: add support for offline (unmounted) reads * quota status: new command, overview what mode is enabled, tunables * fi commit-stats: new command, print various commit stats from sysfs (since kernel 6.1) * balance start: print warning and delay start if there's a missing device in the filesystem * mkfs: print zoned mode (native, emulated) * check: verify device bytes in super block item and in chunk tree * other * updated CI, new and updated tests * cleanups, refactoring * documentation updates ==== git ==== Version update (2.51.0 -> 2.51.1) Subpackages: git-core git-email git-gui git-web gitk perl-Git - Update to 2.51.1: - Fixes since Git 2.51.0 * The "do you still use it?" message given by a command that is deeply deprecated and allow us to suggest alternatives has been updated. * The compatObjectFormat extension is used to hide an incomplete feature that is not yet usable for any purpose other than developing the feature further. Document it as such to discourage its use by mere mortals. * Manual page for "gitk" is updated with the current maintainer's name. * Update the instructions for using GGG in the MyFirstContribution document to say that a GitHub PR could be made against `git/git` instead of `gitgitgadget/git`. * Clang-format update to let our control macros be formatted the way we had them traditionally, e.g., "for_each_string_list_item()" without space before the parentheses. * A few places where a size_t value was cast to curl_off_t without checking has been updated to use the existing helper function. * The start_delayed_progress() function in the progress eye-candy API did not clear its internal state, making an initial delay value larger than 1 second ineffective, which has been corrected. * Makefile tried to run multiple "cargo build" which would not work very well; serialize their execution to work around this problem. * Adjust to the way newer versions of cURL selectively enable tracing options, so that our tests can continue to work. * During interactive rebase, using 'drop' on a merge commit led to an error, which has been corrected. * "git refs migrate" to migrate the reflog entries from a refs backend to another had a handful of bugs squashed. * "git push" had a code path that led to BUG() but it should have been a die(), as it is a response to a usual but invalid end-user action to attempt pushing an object that does not exist. * Various bugs about rename handling in "ort" merge strategy have been fixed. * "git diff --no-index" run inside a subdirectory under control of a Git repository operated at the top of the working tree and stripped the prefix from the output, and oddballs like "-" (stdin) did not work correctly because of it. Correct the set-up by undoing what the set-up sequence did to cwd and prefix. * Various options to "git diff" that make comparison ignore certain aspects of the differences (like "space changes are ignored", "differences in lines that match these regular expressions are ignored") did not work well with "--name-only" and friends. * Under a race against another process that is repacking the repository, especially a partially cloned one, "git fetch" may mistakenly think some objects we do have are missing, which has been corrected. * "git repack --path-walk" lost objects in some corner cases, which has been corrected. cf. * Fixes multiple crashes around midx write-out codepaths. * A broken or malicious "git fetch" can say that it has the same object for many many times, and the upload-pack serving it can exhaust memory storing them redundantly, which has been corrected. * A corner case bug in "git log -L..." has been corrected. * Some among "git add -p" and friends ignored color.diff and/or color.ui configuration variables, which is an old regression, which has been corrected. * "git rebase -i" failed to clean-up the commit log message when the command commits the final one in a chain of "fixup" commands, which has been corrected. * Deal more gracefully with directory / file conflicts when the files backend is used for ref storage, by failing only the ones that are involved in the conflict while allowing others. ==== glu ==== - added missing LICENSE file (bsc#1252149) ==== gnome-browser-connector ==== - add unzip as a requires, otherwise the extensions can't get extracted ==== gnome-console ==== Subpackages: gnome-console-lang - Add e7e8b62e7.patch: settings: infinite is represented by -1 ==== gnome-shell ==== Version update (49.0+17 -> 49.1) Subpackages: gnome-extensions gnome-shell-calendar gnome-shell-lang - Update to version 49.1: + Fix freeze when dragging quick settings sliders on touch + Fix key focus on choice list on login screen + Fix animation glitch when cancelling overview search + Also send activation token for notifications without app + Unify warning styling in dialogs + Update keyboard indicator on modifier-only layout switches + Improve accessibility of screenshot UI + Improve Hindi bolnagri input with on-screen keyboard + Do not expire notifications that are about to show + Improve accessibility icons on login screen + Make media messages follow notification policy + Misc. bug fixes and cleanups + Updated translations. - No longer explicitly exclude Soup from the typelib scanner, and consequently no longer add typelib(Soup) = 3.0 requires. This was needed before GNOME 45, as gnome-shell had fallback code and we needed to help take the decision. ==== gnome-sudoku ==== Version update (49.1 -> 49.2) Subpackages: gnome-sudoku-lang - Update to verison 49.2: + Fix the grid not being keyboard focusable after the first game ==== gnome-tour ==== Version update (49.0.openSUSE+git20251009.a4002c9 -> 49.0.openSUSE+git20251016.669c499) Subpackages: gnome-tour-data gnome-tour-lang opensuse-welcome - Add custom lang package for opensuse-welcome. This will remove the indirect dependency on gnome-tour. bsc#1252077 ==== grub2 ==== Subpackages: grub2-common grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-efi-bls - make grub plugin compatible with snapper's plugin API (bsc#1246172) - clean up some unused code ==== gstreamer ==== Version update (1.26.6 -> 1.26.7) Subpackages: gstreamer-lang gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0 - Update to version 1.26.7: + Highlighted bugfixes in 1.26.7: - cea608overlay: improve handling of non-system memory - cuda: Fix runtime kernel compile with CUDA 13.0 - d3d12: Fix crop meta support in converter and passthrough handling in deinterlacer - fallbacksrc: source handling improvements; no-more-pads signal for streams-unaware parents - inter: add properties to fine tune the inner elements - qtdemux: surround sound channel layout handling fixes and performance improvements for GoPro videos - rtp: Add linear audio (L8, L16, L24) RTP payloaders / depayloaders - rtspsrc: Send RTSP keepalives in TCP/interleaved modes - rtpamrpay2: frame quality indicator flag related fixes - rtpbasepay2: reuse last PTS when possible, to work around problems with NVIDIA Jetson AV1 encoder - mpegtsmux, tsdemux: Opus audio handling fixes - threadshare: latency related improvements and many other fixes - matroskamux, tsmux, flvmux, cea608mux: Best pad determination fixes at EOS - unixfd: support buffers with a big payload - videorate unknown buffer duration assertion failure with variable framerates - editing services: Make GESTimeline respect SELECT_ELEMENT_TRACK signal discard decision; memory leak fixes - gobject-introspection annotation fixes - cerbero: Update meson to 1.9.0 to enable Xcode 26 compatibility - Various bug fixes, build fixes, memory leak fixes, and other stability and reliability improvements + gstreamer: - controller: Fix get_all() return type annotation - gst-launch: Do not assume error messages have a src element - multiqueue: Fix object reference handling in signal callbacks - netclientclock: Fix memory leak in error paths ==== gstreamer-plugins-bad ==== Version update (1.26.6 -> 1.26.7) Subpackages: gstreamer-plugins-bad-lang libgstadaptivedemux-1_0-0 libgstanalytics-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstinsertbin-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstmse-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstsctp-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Update to version 1.26.7: + cuda: Fix runtime kernel compile with CUDA 13.0 + d3d12convert: Fix crop meta support + d3d12deinterlace: Fix passthrough handling + gst: Fix a few small leaks + matroskamux: Properly check if pads are EOS in find_best_pad + tsdemux: Directly forward Opus AUs without opus_control_header + tsmux: Write a full Opus channel configuration if no matching Vorbis one is found + unixfd: Fix case of buffer with big payload + vacompositor: Correct scale-method properties + webrtc: nice: Fix a use-after-free and a mem leak + Fix all compiler warnings on Fedora + Fix issues with G_DISABLE_CHECKS & G_DISABLE_ASSERT ==== gstreamer-plugins-base ==== Version update (1.26.6 -> 1.26.7) Subpackages: gstreamer-plugins-base-lang libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0 - Update to version 1.26.7: + discoverer: Mark gst_discoverer_stream_info_list_free() as transfer full + riff: Add channel reorder maps for 3 and 7 channel audio + sdp: proper usage of gst_buffer_append + videorate: fix assert fail due to invalid buffer duration + Fix build error with glib < 2.68 ==== gstreamer-plugins-good ==== Version update (1.26.6 -> 1.26.7) Subpackages: gstreamer-plugins-good-gtk gstreamer-plugins-good-lang - Update to version 1.26.7: + matroskamux: Properly check if pads are EOS in find_best_pad + qtdemux: - Bad performance with GoPro videos containing FDSC metadata tracks - Fix open/seek perf for GoPro files with SOS track - Handle unsupported channel layout tags gracefully - Set channel-mask to 0 for unknown layout tags + rtspsrc: Send RTSP keepalives in TCP/interleaved modes + v4l2: - Add GstV4l2Error handling in gst_v4l2_get_capabilities - Fix memory leak for DRM caps negotiation + v4l2transform: reconfigure v4l2object only if respective caps changed + Fix issues with G_DISABLE_CHECKS & G_DISABLE_ASSERT ==== gstreamer-plugins-libav ==== Version update (1.26.6 -> 1.26.7) - Update to version 1.26.7: + Fix all compiler warnings on Fedora. ==== gstreamer-plugins-rs ==== Version update (1.26.6+git20.e287e869 -> 1.26.7+git0.6ab75814) - Rebase and re-enable patch: * fix-reproducibility.patch - Update to version 1.26.7+git0.6ab75814: * tracers: Fix inverted append logic when writing log files * threadshare: - examples: standalone: also handle buffer lists - Pad push_list: downgrade Pad flushing log level - sinks: fix / handle query() - backpressure: abort pending items on flush start - udpsink: fix panic recalculating latency from certain executors - audiotestsrc: . support more Audio formats . use AudioInfo . fix latency . act as a pseudo live source by default - runtime task: execute action in downward transition - example cleanups - udpsink: distinguish sync status for latency & report added latency - sink elements: implement `send_event` - dataqueue elements: report min and max latency * rtp: - Add linear audio (L8, L16, L24) RTP payloaders / depayloaders * rtp: basedepay: reuse last PTS, when possible * skia: Update to skia-safe 0.89 * mp4: Update to mp4-atom 0.9 * Update dependencies * webrtc: livekit: Drop connection lock after take() * onvifmetadatapay: copy metadata from source buffer * fallbacksrc: Fix custom source reuse case * add `rust-tls-native-roots` feature to the `reqwest` dep * rtpamrpay2: - Actually forward the frame quality indicator - Set frame quality indicator flag - Disable patch that doesn't apply: * fix-reproducibility.patch - Remove a section in a json file that references the gstelevenlabs plugin (a proprietary plugin that isn't built) so it's clear to the legal review bot that there isn't any proprietary code. - Add patch developed by amyspark in https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/2162 to fix the .pc reproducibility issues (boo#1237097) * 0001-cargo_wrapper-deduplicate-Libs_private.patch - Add patch to fix reproducibility of package build (boo#1237097) * fix-reproducibility.patch ==== gstreamer-plugins-ugly ==== Version update (1.26.6 -> 1.26.7) Subpackages: gstreamer-plugins-ugly-lang - Update to version 1.26.7: + No changes, stable bump only ==== kf6-kio ==== Version update (6.19.0 -> 6.19.1) Subpackages: kf6-kio-lang libKF6KIO6 - Update to 6.19.1 * Bump version for 6.19.1 release * Fix HTTP network error propagation * Forward all KIO error codes, not just ERR_ACCESS_DENIED * Delete network reply also when handling a redirection * CopyJob: Skip permission check if there is no UDS_ACCESS entry ==== kyotocabinet ==== - Add bug number bsc#1252197 ==== libsoup ==== Subpackages: libsoup-3_0-0 libsoup-lang typelib-1_0-Soup-3_0 - Update libsoup-CVE-2025-11021.patch: Add NULL check for soup_date_time_to_string() (bsc#1250562, CVE-2025-11021, glgo#GNOME/libsoup!483). ==== mcelog ==== Version update (206 -> 207) - Update to version 207: * mcelog: Add model-specific decoding for Diamond Rapids - Refresh patches according to mainline: M email.patch ==== mozilla-nss ==== Version update (3.115.1 -> 3.117) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-sysinit mozilla-nss-tools - update to NSS 3.117 * bmo#1992218 - fix memory leak in secasn1decode_unittest.cc * bmo#1988913 - Add OISTE roots * bmo#1976051 - Add runbook for certdata.txt changes * bmo#1991666 - dbtool: close databases before shutdown * bmo#1988046 - SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates * bmo#1956754 - don’t flush base64 when buffer is null * bmo#1989541 - Set use_pkcs5_pbkd2_params2_only=1 for fuzzing builds * bmo#1989480 - mozilla::pkix: recognize the qcStatements extension for QWACs * bmo#1980465 - Fix a big-endian-problematic cast in zlib calls * bmo#1962321 - Revert removing out/ directory after ossfuzz build * bmo#1988524 - Add Cryptofuzz to OSS-Fuzz build * bmo#1984704 - Add PKCS#11 trust tests * bmo#1983308 - final disable dsa patch cert.sh * bmo#1983320 - ml-dsa: move tls 1.3 to use streaming signatures * bmo#1983320 - ml-dsa: Prep Create a FindOidTagByString function * bmo#1983320 - ml-dsa: softoken changes * bmo#1983320 - ml-dsa: der key decode * bmo#1983320 - ml-dsa: Prep colapse the overuse of keyType outside of pk11wrap and cryptohi * bmo#1983320 - ml-dsa: Prep Create a CreateSignatureAlgorithmID function - update to NSS 3.116 * bmo#1983308 - disable DSA in NSS script tests * bmo#1983308 - Disabling of some algorithms: generic cert.sh * bmo#1981046 - Need to update to new mechanisms * bmo#1983320 - Add ML-DSA public key printing support in NSS command-line utilities * bmo#1986802 - note embedded scts before revocation checks are performed * bmo#1983320 - Add support for ML-DSA keys and mechanisms in PKCS#11 interface * bmo#1983320 - Add support for ML-DSA key type and public key structure * bmo#1983320 - Enable ML-DSA integration via OIDs support and SECMOD flag * bmo#1983308 - disable kyber * bmo#1965329 - Implement PKCS #11 v3.2 PQ functions (use verify signature) * bmo#1983308 - Disable dsa - gtests * bmo#1983313 - make group and scheme support in test tools generic * bmo#1983770 - Create GH workflow to automatically close PRs * bmo#1983308 - Disable dsa - base code * bmo#1983308 - Disabling of some algorithms: remove dsa from pk11_mode * bmo#1983308 - Disable seed and RC2 bug fixes * bmo#1982742 - restore support for finding certificates by decoded serial number * bmo#1984165 - avoid CKR_BUFFER_TO_SMALL error in trust lookups * bmo#1983399 - lib/softtoken/{sdb.c,sftkdbti.h}: Align sftkdb_known_attributes_size type * bmo#1965329 - Use PKCS #11 v3.2 KEM mechanisms and functions ==== mutter ==== Version update (49.0+68 -> 49.1) Subpackages: mutter-lang - Add mutter-fix-xwayland-dnd-crash.patch: Fix crash when dragging and dropping from an app running via xwayland - Update to version 49.1: + Fix various glitches during resize/move drags + Fix lost keyboard focus in overview with some devices + Fix popup constraint rule and work around broken clients + Require pointer interaction prior to allowing pointer warp + Fix GTK apps locking up after entering popover submenu + Fix presentation timings with commit-timing-v1 + Be more robust against clients providing bogus window geometry + Fix maximized windows extending under panel + Fix switching keyboard layout via xkb-options + Advertise explicit sync only for dmabufs screencasts + Fix multi-touch handling on X11 + Fix keyboard driven resize drags + Fix DND actions not working reliably in some X11 clients + Do not force pointer focus on popups + Fixes for cancelling and restoring sizes after drags + Fix windows reverting to previous size after client resizes + Fix pointer constraints for some fullscreen X11 clients + Fixed crashes + Plugged leak + Misc. bug fixes and cleanups + Updated translations. ==== openSUSE-release ==== Version update (20251017 -> 20251018) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== orca ==== Version update (49.3 -> 49.4) Subpackages: orca-lang - Update to version 49.4: + Web: Fix regression in which table navigation in a grid switches to focus mode. + Updated translations. ==== pipewire ==== Version update (1.4.8+git68.636cbae9b -> 1.5.81) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-lang pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 1.5.81 (1.6 RC1): * This is the first 1.6 release candidate that is API and ABI compatible with previous 1.4.x, 1.2.x and 1.0.x releases. * In addition to all the changes backported to 1.4.x, this release also contains some new features: - Highlights * The link negotiation code was refactored and improved. Applications now have more options for selecting the default values and restricting the available options. The default negotiation code will now attempt to better match the application suggested values. * The loop now has support for locking with priority inversion. Most of the code was updated to use the locks instead of invoke to get proper concurrent updates with the loop. The Thread loop functionality of locks, signal and wait was moved to the SPA loop. This guarantees better real-time behaviour because inter-thread synchronization does not have to pass eventfd/epoll. * The control stream parser was rewritten to be safe against concurrent updates while parsing, which can occur when parsing shared memory. It also has extra checks to avoid integer overflows and undefined behaviour. * MIDI 2.0 clip support was added to the tools. * Bluetooth ASHA (Audio Streaming for Hearing Aid) support was added. * The ALSA node setup was tweaked to provide low latency with the ALSA Firewire driver. * Better support for explicit sync. It is now possible to negotiate extra features to know if a consumer will signal the sync objects and implement a fallback using a reliable transport. * Many bug fixes and improvements. - PipeWire * Avoid process calls in disconnect in pw-stream. (#3314) * Disable PipeWire services for root. * The link negotiation was refactored and improved. Drivers now always have a lower priority in deciding the final format. * Backwards compatibility with the v0 protocol was removed. * pw-stream and pw-filter will now refuse to queue a buffer that was not dequeued before. * Object properties will now be updated on the global as well. * The priority of config overrides is correct now. (#4816) * Async links now correctly report 1 extra quantum of latency. * node.exclusive and the new port.exclusive flag are now enforced by PipeWire itself. * A new timer-queue helper was added to schedule timeouts. * node.terminal and node.physical properties are now copied to the ports to make it possible to create virtual sources and sinks for JACK applications. * Port properties will now be dynamically updated when the node properties they depend on are updated. * Passive leaf nodes are now handled better. Now they will also run when the peer is active. (#4915) * Reliable transport has been added for output ports. This can be used in some cases if the producer wants to ensure buffers are consumed by a consumer. (#4885) * Context properties now support rlimit. properties to configure rlimits. (#4047) - Modules * Close SyncObj fds. * module-combine-stream has better Latency reporting. * The JACK tunnel can now optionally connect ports. * module-loopback has better Latency reporting. * A Dolby Surround and Dolby Pro Logic II example filter config was added. * Filter-chain can now resample to a specific rate before running the filters. This is useful when the filter-graph needs to run at a specific rate. * Avahi-poll now uses the timer-queue to schedule timeouts. * Modules are ported to timer-queue instead of using timerfd directly for non-realtime timers. - SPA * The loop now has support for locking with priority inversion. Most of the code was updated to use the locks instead of invoke to get proper concurrent updates with the loop. The Thread loop functionality of locks, signal and wait was moved to the SPA loop. * UMP to Midi 1.0 conversion was improved, some UMP events are now converted to multiple Midi 1.0 messages. (#4839) * The POD filter was refactored and improved. It is now possible to use the default value of the output by specifying an invalid input default value. * The POD parser was made safe for concurrent updates of the memory it is parsing. This is important when the POD is in shared memory and the parser should not access invalid memory. * Some hardcoded channel limits were removed and now use the global channel limit. More things can dynamically adapt to this global limit. The max number of channels was then bumped to 128. * The POD builder is safe to use on shared memory now and tries to avoid many integer overflows. * Most debug functions are safe to be used on shared memory. * User specified Commands and Events are now possible. * The SPA_IO_CLOCK_FLAG_DISCONT was added to spa_io_clock to signal a discont in the clock due to clock change. * AC3, DTS, EAC3, TRUEHD and MPEGH now have helper parser functions. * H265 was added as a video format. (#4674) ... changelog too long, skipping 120 lines ... - Adapt to newer libcamera changes. ==== pixman ==== - Reenable LTO on riscv64 as gcc has been fixed ==== poppler ==== Subpackages: libpoppler-cpp2 libpoppler-glib8 libpoppler153 poppler-tools - security update - added patches CVE-2025-52885 [bsc#1251940], raw pointers can lead to dangling pointers when the vector is resized * poppler-CVE-2025-52885.patch ==== poppler-qt6 ==== - security update - added patches CVE-2025-52885 [bsc#1251940], raw pointers can lead to dangling pointers when the vector is resized * poppler-CVE-2025-52885.patch ==== publicsuffix ==== Version update (20250904 -> 20251001) - Update to version 20251001: * util: gTLD data autopull updates for 2025-10-01T15:18:26 UTC * Add, remove and update number of domains allowing subdomain registration ==== python-msgpack ==== Version update (1.1.1 -> 1.1.2) - Update to 1.1.2 * Update Cython to v3.1.4 * Update cibuildwheel to v3.2.0 * Drop Python 3.8 * Add Python 3.14 * Add windows-arm ==== qalculate ==== Version update (5.7.0 -> 5.8.0) Subpackages: libqalculate23 qalculate-data - Update to version 5.8.0 * Add output in scientific (sci), engineering (eng), ans simple notation as "to"-operator options. * Improve support (and fix segfault) for exponential notation in hexadecimal numbers. * Add TeX point, TeX scaled point, twip, and agate typography units, and change "ATA Pica" to "Johnson Pica" and "ATA Point" to "American Point". * Add darcy, kayser, lambert, foot-lambert, and cc units. * Add compton wavelength constants for muon, neutron, proton, and tau. * Update calculation of fraction of year (with day counting basis 0 and 1) to match method used in spreadsheets other than Gnumeric. * Change default quantile algorithm from 8 to 7. * Improve accuracy for intervals in solutions to equations when using interval arithmetic. * Show warning about default assumptions the first time an equation is solved. * Show warning symbol when calculate as you type expression results in a question. * Show warning and ask for confirmation when deactivating interval arithmetic. * Improve completion. * Add "save config" option (if disabled qalc.cfg is never automatically updated) and relocate qalc.history to $XDG_STATE_HOME. * Increase speed when calculating many expressions from file. * Automatically recalculate expression with current time every second. * Fix support for prompt string containing Unicode characters, control characters, and/or escape sequences. * Fix poolvar(), ttest(), cor(), dollarde() and dollarfr() functions. * Fix inequality with 1/f(x) on one side, e.g. "1/(x-2) ≤ 2". * Fix segfault with extremely small numbers and high number of bits in floating point conversion. * Fix crashes and freezes in some corner cases. * Fix value of Planck unit (was rounded to 7 decimals). * Fix negative time zone in date and time input. * Many minor bug fixes and feature enhancements. ==== qt6-webengine ==== Subpackages: libQt6WebEngineCore6 libQt6WebEngineQuick6 libQt6WebEngineWidgets6 qt6-webengine-imports - Add patches from webrtc's upstream to fix header includes in order to build with pipewire 1.5.81: * 0001-webrtc-IWYU-modules-video_capture.patch * 0002-webrtc-IWYU-modules-desktop_capture-and-modules-video_captu.patch ==== samba ==== Version update (4.22.3+git.403.4e078bdb832 -> 4.22.5+git.431.dc5a539f124) Subpackages: libldb2 libldb2-32bit python3-ldb samba-ad-dc-libs samba-client samba-client-32bit samba-client-libs samba-client-libs-32bit samba-dcerpc samba-gpupdate samba-ldb-ldap samba-libs samba-libs-python3 samba-python3 samba-winbind samba-winbind-libs samba-winbind-libs-32bit - Update to 4.22.5 * CVE-2025-10230: Command injection via WINS server hook script (bso#15903); (bsc#1251280). * CVE-2025-9640: uninitialized memory disclosure via vfs_streams_xattr; (bso#15885); (bsc#1251279). - Relax samba-gpupdate requirement for cepces, certmonger, and sscep to a recommends. They are only required if utilizing certificate auto enrollment (bsc#1249087). - Disable timeouts for smb.service so that possibly slow running ExecStartPre script 'update-samba-security-profile' doesn't cause service start to fail due to timeouts;(bsc#1249181). - Ensure semanage is pulled in as a requirement when samba in installed when selinux security access mechanism that is used; (bsc#1249180). - don't attempt to label paths that don't exist, also remove unecessary evaluation of semange & restorecon cmds;(bsc#1249179). - Update to 4.22.4 * netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with SysvolReady=0; (bso#14981). * getpwuid does not shift to new DC when current DC is down; (bso#15844). * Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName-; (bso#15876). * Unresponsive second DC can cause idmapping failure when using idmap_ad-; (bso#15881). * kinit command is failing with Missing cache Error; (bso#15840). * Figuring out the DC name from IP address fails and breaks fork_domain_child(); (bso#15891). * vfs_streams_depot fstatat broken; (bso#15816). * Delayed leader broadcast can block ctdb forever; (bso#15892). * Apparently there is a conflict between shadow_copy2 module and virusfilter (action quarantine); (bso#15663). * Fix handling of empty GPO link; (bso#15877). * SMB ACL inheritance doesn't work for files created; (bso#15880). ==== selinux-policy ==== Version update (20251014 -> 20251016) Subpackages: selinux-policy-targeted - Update to version 20251016: * fail2ban: bump module version * fail2ban: allow fail2ban to watch all log files and dirs (bsc#1251952) * fail2ban: fix typos in interface descriptions * fail2ban: tweak file context regex for /run/fail2ban * fail2ban: drop file context for old rc.d file * Allow wicket to manage its proc directories (bsc#1235731) * Allow NM to manage wicked pid files (bsc#1235731) * Allow NM to reach systemd unit files (bsc#1235731) ==== simple-scan ==== Version update (49.0.1 -> 49.1) Subpackages: simple-scan-lang - Update to version 49.1: + Updated translations. ==== systemd-presets-common-SUSE ==== - Drop default state of issue-generator.path and issue-generator.service: issue generator is being phased out and replaced by util-linux' agetty implementation. ==== util-linux ==== Version update (2.41.1 -> 2.41.2) Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 util-linux-lang - Include agetty netlink fixes from the final upstream commits (jsc#PED-8734, util-linux-lib-netlink.patch and util-linux-agetty-netlink.patch) and upstream fixes (util-linux-lib-netlink-fix1.patch, util-linux-lib-netlink-fix2.patch, util-linux-lib-netlink-fix3.patch and util-linux-agetty-netlink-fix4.patch). - Fix configs library use in agetty (replace util-linux-issuedir-usr-lib.patch by upstream util-linux-lib-configs-fix1.patch, add util-linux-lib-configs-fix2.patch, util-linux-lib-configs-fix3.patch, util-linux-lib-configs-fix4.patch, util-linux-lib-configs-fix5.patch and util-linux-lib-configs-fix6.patch). - Fix agetty erase of escape characters (relevant to bsc#1194818, util-linux-agetty-escape-erase.patch). - Own /usr/lib/issue.d directory. - Perform migration from issue-generator (jsc#PED-8734, fixes boo#1244446). - Drop util-linux-agetty-ssh-host-keys.patch. This feature is not used in MicroOS any more. - Remove Provides/Obsoletes for s390-32, upgrade from SLE11 SP1 is no more supported. - agetty: use /usr/lib/issue.d for backward compatibility (util-linux-issuedir-usr-lib.patch). - Fix address matching in agetty (boo#1247371, util-linux-lib-netlink.patch). - Update generated man pages (util-linux-man-generated.patch). - Add configs library and use it in agetty (gh#util-linux/util-linux#3752, util-linux-lib-configs.patch, util-linux-agetty-configs.patch). - Update to version 2.41.2: * bash-completion: * fix function name of enosys completion * add choom and coresched * blkid: correct an erroneous error message * findmnt: * (usage) add a needed equals sign before an optional argument * add missing newline in --raw, --pair and --list output formats * fsck.cramfs: check buffer size for memcpy() * getopt: document special symbols that should not be used as option characters * hardlink (man): add note note about ULFILEEQ_DEBUG= * libblkid: * Fix probe_ioctl_tp assigning BLKGETDISKSEQ as physical sector size * (ext) reduce false positive * improve UUID_SUB= description * lib/color-names: * fix stupid bugs * Fix color name canonicalization * libfdisk: * (script) improve separator usage in named-fields dump * (script) fix device name separator parsing * liblastlog2: markup fixes for man pages * libmount: don't report fsconfig errors with "nofail" * lib/path: avoid double free() for cpusets * lib (treewide): add ul_ prefix to functions with generic names * logger: * fix buffer overflow when read stdin * fix incorrect warning message when both --file and a message are specified * lsblk: * fix possible use-after-free * fix memory leak [coverity scan] * use md as fallback TYPE when md/level empty * lscpu: * New Arm C1 parts * Add NVIDIA Olympus arm64 core (jsc#PED-13683) * man: * Fixed incorrect ipcrm options * Replace RETURN VALUE with EXIT STATUS in section 1 * mkfs.cramfs: avoid uninitialized value [coverity scan] * more: temporarily ignore stdin when waiting for stderr * rev: add --zero option to --help output * setpriv: Improve getgroups() Portability * sfdisk: reject spurious arguments for - -reorder/--backup-pt-sectors * zramctl: * ignore ENOENT when setting max_comp_streams * fix MEM-USED column description * Misc: Add missing ;; to -m case (#1) * tests fixes * translation updates - Remove bash 5.3 hack for kill/decode. It is now fixed. - Mark test script/options as failing. It randomly fails on aarch64, arm7l and s390x inside OBS (needs research). ==== util-linux-systemd ==== Version update (2.41.1 -> 2.41.2) Subpackages: lastlog2 liblastlog2-2 - Include agetty netlink fixes from the final upstream commits (jsc#PED-8734, util-linux-lib-netlink.patch and util-linux-agetty-netlink.patch) and upstream fixes (util-linux-lib-netlink-fix1.patch, util-linux-lib-netlink-fix2.patch, util-linux-lib-netlink-fix3.patch and util-linux-agetty-netlink-fix4.patch). - Fix configs library use in agetty (replace util-linux-issuedir-usr-lib.patch by upstream util-linux-lib-configs-fix1.patch, add util-linux-lib-configs-fix2.patch, util-linux-lib-configs-fix3.patch, util-linux-lib-configs-fix4.patch, util-linux-lib-configs-fix5.patch and util-linux-lib-configs-fix6.patch). - Fix agetty erase of escape characters (relevant to bsc#1194818, util-linux-agetty-escape-erase.patch). - Own /usr/lib/issue.d directory. - Perform migration from issue-generator (jsc#PED-8734, fixes boo#1244446). - Drop util-linux-agetty-ssh-host-keys.patch. This feature is not used in MicroOS any more. - Remove Provides/Obsoletes for s390-32, upgrade from SLE11 SP1 is no more supported. - agetty: use /usr/lib/issue.d for backward compatibility (util-linux-issuedir-usr-lib.patch). - Fix address matching in agetty (boo#1247371, util-linux-lib-netlink.patch). - Update generated man pages (util-linux-man-generated.patch). - Add configs library and use it in agetty (gh#util-linux/util-linux#3752, util-linux-lib-configs.patch, util-linux-agetty-configs.patch). - Update to version 2.41.2: * bash-completion: * fix function name of enosys completion * add choom and coresched * blkid: correct an erroneous error message * findmnt: * (usage) add a needed equals sign before an optional argument * add missing newline in --raw, --pair and --list output formats * fsck.cramfs: check buffer size for memcpy() * getopt: document special symbols that should not be used as option characters * hardlink (man): add note note about ULFILEEQ_DEBUG= * libblkid: * Fix probe_ioctl_tp assigning BLKGETDISKSEQ as physical sector size * (ext) reduce false positive * improve UUID_SUB= description * lib/color-names: * fix stupid bugs * Fix color name canonicalization * libfdisk: * (script) improve separator usage in named-fields dump * (script) fix device name separator parsing * liblastlog2: markup fixes for man pages * libmount: don't report fsconfig errors with "nofail" * lib/path: avoid double free() for cpusets * lib (treewide): add ul_ prefix to functions with generic names * logger: * fix buffer overflow when read stdin * fix incorrect warning message when both --file and a message are specified * lsblk: * fix possible use-after-free * fix memory leak [coverity scan] * use md as fallback TYPE when md/level empty * lscpu: * New Arm C1 parts * Add NVIDIA Olympus arm64 core (jsc#PED-13683) * man: * Fixed incorrect ipcrm options * Replace RETURN VALUE with EXIT STATUS in section 1 * mkfs.cramfs: avoid uninitialized value [coverity scan] * more: temporarily ignore stdin when waiting for stderr * rev: add --zero option to --help output * setpriv: Improve getgroups() Portability * sfdisk: reject spurious arguments for - -reorder/--backup-pt-sectors * zramctl: * ignore ENOENT when setting max_comp_streams * fix MEM-USED column description * Misc: Add missing ;; to -m case (#1) * tests fixes * translation updates - Remove bash 5.3 hack for kill/decode. It is now fixed. - Mark test script/options as failing. It randomly fails on aarch64, arm7l and s390x inside OBS (needs research). ==== wireplumber ==== Version update (0.5.11 -> 0.5.12) Subpackages: libwireplumber-0_5-0 wireplumber-lang - Update to version 0.5.12: * Additions & Enhancements: - Added mono audio configuration support via node.features.audio.mono setting that can be changed at runtime with wpctl (!721) - Added automatic muting of ALSA devices when a running node is removed, helping prevent loud audio on speakers when headsets are unplugged (!734) - Added notifications API module for sending system notifications (!734) - Added comprehensive wpctl man page and documentation (!735, #825) - Enhanced object interest handling for PipeWire properties on session items (!738) * Fixes: - Fixed race condition during shutdown in the permissions portal module that could cause crashes in GDBus signal handling (!748). - Added device validity check in state-routes handling to prevent issues when devices are removed during async operations (!737, #844) - Fixed Log.critical undefined function error in device-info-cache (!733) - Improved device hook documentation and configuration (!736) - Add patch from upstream to avoid dispatcher errors in the log when registering/removing hooks that were already registered/removed before: * 0001-automute-alsa-routes.lua-Dont-register_remove-hooks-if.patch