Packages changed: apparmor autoyast2 (5.0.3 -> 5.0.4) bash-completion ffmpeg-4 ffmpeg-7 gnutls (3.8.8 -> 3.8.9) grub2 kernel-firmware-realtek (20250206 -> 20250224) kmod (33 -> 34) libaccounts-glib (1.26 -> 1.27) libapparmor libvirt libwacom (2.12.2 -> 2.14.0) libx86emu (3.5 -> 3.7) libxmlb (0.3.19 -> 0.3.21) libzip (1.11.2 -> 1.11.3) openSUSE-release (20250224 -> 20250225) patterns-base patterns-desktop patterns-media patterns-server (20210330 -> 20250225) polkit-default-privs (1550+20250217.25d4aef -> 1550+20250225.49f846d) pulseaudio-qt6 (1.6.1 -> 1.7.0) qt6-tools salt sdbootutil (1+git20250221.19f7d1a -> 1+git20250225.b78f812) selinux-policy (20250221 -> 20250224) speech-dispatcher (0.12.0~rc4 -> 0.12.0) suitesparse tiff yast2-schema (5.0.1 -> 5.0.2) yast2-storage-ng (5.0.25 -> 5.0.27) yast2-trans (84.87.20250214.b4c23644e7 -> 84.87.20250221.72f607339a) === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang python3-apparmor - add py313-aa-notify.patch to adapt the last bits to python 3.13 ==== autoyast2 ==== Version update (5.0.3 -> 5.0.4) Subpackages: autoyast2-installation - Update the partitioning schema to support the pervasive encryption apqns and key type elements (jsc#PED-10950). - 5.0.4 ==== bash-completion ==== - Drop completions for kmod; kmod>=34 provides its own now. ==== ffmpeg-4 ==== Subpackages: libavcodec58_134 libavformat58_76 libavutil56_70 libpostproc55_9 libswresample3_9 libswscale5_9 - Add ffmpeg-7-CVE-2025-22921.patch: Backporting 7f9c7f98 from upstream, clear array length when freeing it. (CVE-2025-22921, bsc#1237382) - Add ffmpeg-7-CVE-2025-25473.patch: Backporting c08d3004 from upstream, clear FFFormatContext packet. When packet_buffer is used in mux.c, and if a muxing process fails at a point where packets remained in said queue. (CVE-2025-25473, bsc#1237351) - Add ffmpeg-7-CVE-2025-0518.patch: Backporting b5b6391d from upstream, fixes memory data leak when use sscanf(). (CVE-2025-0518, bsc#1236007) - Add ffmpeg-7-CVE-2025-22919.patch: Backporting 1446e37d from upstream, check for valid sample rate As the sample rate <= 0 is invalid. (CVE-2025-22919, bsc#1237371) - Add ffmpeg-4-CVE-2024-12361.patch: Backporting 4065ff69 from upstream, add check for av_packet_new_side_data() to avoid null pointer dereference if allocation fails. (CVE-2024-12361, bsc#1237358) ==== ffmpeg-7 ==== Subpackages: libavcodec61 libavfilter10 libavformat61 libavutil59 libpostproc58 libswresample5 libswscale8 - Add ffmpeg-7-CVE-2025-22921.patch: Backporting 7f9c7f98 from upstream, clear array length when freeing it. (CVE-2025-22921, bsc#1237382) - Add ffmpeg-7-CVE-2025-25473.patch: Backporting c08d3004 from upstream, clear FFFormatContext packet. When packet_buffer is used in mux.c, and if a muxing process fails at a point where packets remained in said queue. (CVE-2025-25473, bsc#1237351) - Add ffmpeg-7-CVE-2025-0518.patch: Backporting b5b6391d from upstream, fixes memory data leak when use sscanf(). (CVE-2025-0518, bsc#1236007) - Add ffmpeg-7-CVE-2025-22919.patch: Backporting 1446e37d from upstream, check for valid sample rate As the sample rate <= 0 is invalid. (CVE-2025-22919, bsc#1237371) ==== gnutls ==== Version update (3.8.8 -> 3.8.9) Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-32bit - Update to 3.8.9 - libgnutls: leancrypto was added as an interim option for PQC The library can now be built with leancrypto instead of liboqs for post-quantum cryptography (PQC), when configured with - -with-leancrypto option instead of --with-liboqs. - libgnutls: Experimental support for ML-DSA signature algorithm The library and certtool now support ML-DSA signature algorithm as defined in FIPS 204 and based on draft-ietf-lamps-dilithium-certificates-04. This feature is currently marked as experimental and can only be enabled when compiled with --with-leancrypto or --with-liboqs. Contributed by David Dudas. - libgnutls: Support for ML-KEM-1024 key encapsulation mechanism The support for ML-KEM post-quantum key encapsulation mechanisms has been extended to cover ML-KEM-1024, in addition to ML-KEM-768. MLKEM1024 is only offered as SecP384r1MLKEM1024 hybrid as per draft-kwiatkowski-tls-ecdhe-mlkem-03. - libgnutls: Fix potential DoS in handling certificates with numerous name constraints, as a follow-up of CVE-2024-12133 in libtasn1. The bundled copy of libtasn1 has also been updated to the latest 4.20.0 release to complete the fix. Reported by Bing Shi (#1553). [GNUTLS-SA-2025-02-07, CVSS: medium] [bsc#1236974, CVE-2024-12243 - Licensing information moved to REAMDE.md, COPYING, COPYING.LESSERv2 * Rebased gnutls-FIPS-140-3-references.patch * Rebased gnutls-FIPS-TLS_KDF_selftest.patch * Rebased gnutls-FIPS-jitterentropy.patch * Rebased gnutls-disable-flaky-test-dtls-resume.patch * Rebased gnutls-srp-test-SIGPIPE.patch * Rebased gnutls-3.5.11-skip-trust-store-tests.patch * Add gnutls-set-cligen-python-interp.patch * Add gnutls-skip-pqx-test.patch ==== grub2 ==== Subpackages: grub2-common grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-efi-bls grub2-x86_64-xen - Make SLFO/SLE-16 and openSUSE have identical package structures - Provide grub2--efi-bls for SLFO/SLE-16 ==== kernel-firmware-realtek ==== Version update (20250206 -> 20250224) - Update to version 20250224 (git commit 1a1470d90de2): * rtw89: 8852bt: update fw to v0.29.122.0 and BB parameter to 07 ==== kmod ==== Version update (33 -> 34) Subpackages: libkmod2 - Update to release 34 * modinfo now dlopens compression libraries, and only if needed. (insmod/modprobe exercises the kernel's built-in decompression anyway, so is unaffected). * depmod: add -m option for overriding the module directory at runtime. * depmod: deleted deprecated options --unresolved-error, --quiet, - root and --map. * rmmod: deleted deprecated option -w. * insmod: deleted deprecated options -p, -s. - Delete 0001-testsuite-fix-path-for-test-user.patch (obsolete) ==== libaccounts-glib ==== Version update (1.26 -> 1.27) - Update to 1.27 * Do not install python gobject introspection files by default. If they are needed, build with `-Dinstall-py-overrides=true`. * Lib: do not attempt to terminate the GTask twice * Fix memory leak on provider tags * Do not emit misleading enabled signals on account services * Fix incorrect cleanup in ag_account_finalize - Drop patches, merged upstream: * 0001-ag-account-fix-incorrect-cleanup-in-ag_account_final.patch * 0002-Build-Don-t-install-Python-overrides-by-default.patch * 0003-Lib-do-not-attempt-to-terminate-the-GTask-twice.patch * 0004-ag-provider-fix-memory-leak-on-provider-tags.patch * 0006-ag-account-do-not-emit-misleading-enabled-signals-on.patch ==== libapparmor ==== - add py313-aa-notify.patch to adapt the last bits to python 3.13 ==== libvirt ==== Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-libxl libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - Adjust downstream patch 'Add virt-create-rootfs utility' to only install virt-create-rootfs when building the LXC driver ==== libwacom ==== Version update (2.12.2 -> 2.14.0) Subpackages: libwacom-data libwacom9 - update to 2.14.0 * Extended Lenovo Yoga X1 Gen5 support, improved the Huion mini keydial (KD100) * Fixed missing Strip in the Huion Kamvas Pro 16 * Corrected entry for Elan 5515 * Fixed outdated properties for Lenovo Yoga 9 14IAP7 * Add support for Dial status LEDs * .tablet files shadow any ones with the same name * New XP Pen devices supported: Artist 22R Pro, 24 Pro, Deco Fun L, ACK05 Remote, Pro Pen 3E * New Lenovo device ssupported: Yoga 9 14IAP7, Active Pen 3 (2023), Digital Pen 2, X1 Fold 16 Gen1, Precision Pen 2 (2023) stylus * New ELAN devices supported: ELAN-2514 variant 04f3:2f9d, ELAN 9008 and 9009 (Asus Zenbook Duo UX8406MA 1200p), ELAN 2F2A and 41A1 (ZenBook Pro Duo UX8402VV) * New Wacom devices supported: HID 5214 (IdeaPad Flex 5 14ARE05 rev.81X2), HID 52C6 Pen. * New HP devices supported: Spectre x360, Elite Chromebook C1030 * Other devices supported: StarLite Mk V; HP Spectre x360 13-aw0020ng; Huion RTP-700, Huion KeyDial K20 * Database: support $XDG_CONFIG_HOME/libwacom as additional path * tools/clean_svg: allow passing in a .tablet file * tools/list-local-devices: print the vid/pid if available * tools/debug-device: print the device class too ==== libx86emu ==== Version update (3.5 -> 3.7) - merge gh#wfeldt/libx86emu#47 - fix building on non-x86 architectures - 3.7 - merge gh#wfeldt/libx86emu#46 - fix a buffer overflow in x86emu_log (bsc#1237557) - 3.6 - merge gh#wfeldt/libx86emu#44 - prim_ops: fix some indentation - merge gh#wfeldt/libx86emu#42 - Fix a bug in R/M 01 decoding - merge gh#wfeldt/libx86emu#41 - fix NEG remark typos ==== libxmlb ==== Version update (0.3.19 -> 0.3.21) Subpackages: libxmlb2 libxmlb2-x86-64-v3 - Update to 0.3.21 * Check for corrupt XbSiloNode values in a smarter way Changes in 0.3.20: * Do not always strip literal text * Do not assume .txt files are application/xml * Fix a crash when loading a corrupt XMLb store ==== libzip ==== Version update (1.11.2 -> 1.11.3) - update to 1.11.3: * Report read error for corrupted encrypted file data * Avoid unnecessary seeks when writing archive * Don't hardcode _Nullable support in zip.h to allow it to be used with different compilers ==== openSUSE-release ==== Version update (20250224 -> 20250225) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-x11 patterns-base-x11_enhanced - Only requires busybox on openSUSE MicroOS, not SL Micro. - Don't build apparmor pattern for SLFO. - Disable 32bit pattern on aarch64 and ppc64le. - Build selinux pattern everywhere and requires targeted policy on SLE. ==== patterns-desktop ==== Subpackages: patterns-desktop-books patterns-desktop-imaging patterns-desktop-mobile patterns-desktop-multimedia - Change pattern 'imaging' not forcibly to require X11: The world is moving on and wayland-only is a thing. - drop crda, obsolete since kernel 4.15 ==== patterns-media ==== Subpackages: patterns-media-rest_cd_core patterns-media-rest_dvd - drop crda, obsolete since kernel 4.15 ==== patterns-server ==== Version update (20210330 -> 20250225) Subpackages: patterns-server-dhcp_dns_server patterns-server-directory_server patterns-server-file_server patterns-server-kvm_server patterns-server-kvm_tools patterns-server-lamp_server patterns-server-mail_server patterns-server-printing patterns-server-xen_server - Do not require 389-ds on %ix86: it's not built for 32bit intel arch. - Adapt patterns for SLES 16.0. ==== polkit-default-privs ==== Version update (1550+20250217.25d4aef -> 1550+20250225.49f846d) - Update to version 1550+20250225.49f846d: * profiles: whitelist kio-admin (bsc#1229913) - Update to version 1550+20250224.8d1bf49: * profiles: whitelist apparmor-utils (bsc#1237329) ==== pulseaudio-qt6 ==== Version update (1.6.1 -> 1.7.0) - Update to 1.7.0 * Remove Qt 5 support * bump compiler setting to 6.0 * bump c++ to 20 * change all dptrs to unique_ptr * debug: correctly mark updates * card: don't mutate the container we iterate on * context: add support for loading and unloading modules * server: consider pipewire/wireplumber the default * Add missing license text - Drop the Qt 5 flavor (but keep the _multibuild setup) ==== qt6-tools ==== Subpackages: libQt6Designer6 libQt6Help6 libQt6UiTools6 qt6-tools-qdbus - Use clang 19 on Leap 15.6. The 15.6 update repo got a new llvm version which causes issues if both llvm 17 and 19 are present ==== salt ==== Subpackages: python311-salt salt-master salt-minion - Fix issue of using update-alternatives with alts - Fix virt_query outputter and add support for block devices - Make _auth calls visible with master stats - Repair mount.fstab_present always returning pending changes - Set virtual grain in Podman systemd container - Fix crash due wrong client reference on `SaltMakoTemplateLookup` - Enhace batch async and fix some detected issues - Added: * repair-virt_query-outputter-655.patch * make-_auth-calls-visible-with-master-stats-696.patch * repair-fstab_present-test-mode-702.patch * set-virtual-grain-in-podman-systemd-container-703.patch * fixed-file-client-private-attribute-reference-on-sal.patch * backport-batch-async-fixes-and-improvements-701.patch - Enhacement of Salt packaging * Use update-alternatives for all salt scripts * Use flexible dependencies for the subpackages * Make salt-minion to require flavored zypp-plugin * Make zyppnotify to use update-alternatives * Drop unused yumnotify plugin * Add dependency to python3-dnf-plugins-core for RHEL based - Fix tests failures after "repo.saltproject.io" deprecation - Added: * fix-tests-failures-after-repo.saltproject.io-depreca.patch ==== sdbootutil ==== Version update (1+git20250221.19f7d1a -> 1+git20250225.b78f812) Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper - Update to version 1+git20250225.b78f812: * Use also cryptenroll key to recover the volume key - Update to version 1+git20250225.292283f: * Support UUID references in crypttab - Update to version 1+git20250224.c9be3b6: * Do not use && when copying signature (bsc#1237505) ==== selinux-policy ==== Version update (20250221 -> 20250224) Subpackages: selinux-policy-targeted - Update to version 20250224: * Label /run/systemd/pcrlock.json systemd_pcrlock_var_lib_t * systemd_pcrlock_t needs to filetrans when recreating /var/lib/pcrlock.d * Allow snapper access to keys * Add rules for pcrlock (bsc#1233358) * allow snapper to call pcrlock and manage its files * allow unconfined_t to execute pcrlock * label rules for default systemd_pcrlock_var_lib_t locations * new interfaces: systemd_domtrans_pcrlock and systemd_pcrlock_exec * introduce systemd_pcrlock_var_lib_t and systemd_manage_pcrlock_files * Introduce interfaces snapper_manage_tmp_files and snapper_manage_tmp_dirs ==== speech-dispatcher ==== Version update (0.12.0~rc4 -> 0.12.0) Subpackages: libspeechd2 libspeechd_module0 python311-speechd speech-dispatcher-module-espeak - Update to version 0.12.0: * Add libspeechd-module library for making it simpler to create external spd modules. * Update CLDR to version 45, symbols from orca 45.2, and symbols from NVDA. * Also support loading symbols from home directory. ==== suitesparse ==== Subpackages: libamd3 libcamd3 libccolamd3 libcholmod5 libcolamd3 libsuitesparseconfig7 libumfpack6 - Modernize specfile ==== tiff ==== - Use python3-Sphinx instead of %{primary_python}-Sphinx based on recommendation from python maintainers. * Fixes build issue of man flavor on 15.6 ==== yast2-schema ==== Version update (5.0.1 -> 5.0.2) - Allow to specify pervasive encryption's APQNs and key type (jsc#PED-10950). - 5.0.2 ==== yast2-storage-ng ==== Version update (5.0.25 -> 5.0.27) - Discarded RAM disks as candidate for installation (gh#agama-project/agama#2042). - 5.0.27 - Added AutoYaST support for selecting the APQNs and pervasive encryption key type (jsc#PED-10950). - 5.0.26 ==== yast2-trans ==== Version update (84.87.20250214.b4c23644e7 -> 84.87.20250221.72f607339a) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20250221.72f607339a: * New POT for text domain 'base'. * New POT for text domain 'samba-client'.