Packages changed: MozillaFirefox (150.0.2 -> 151.0.1) cfitsio (4.6.3 -> 4.6.4) coreutils coreutils-systemd crypto-policies emacs-compat (30.1.0.1 -> 31.0.0.1) emacs-jinx (2.6 -> 2.8) evince (48.1+6 -> 48.4) evolution (3.60.1 -> 3.60.2) evolution-data-server (3.60.1 -> 3.60.2) evolution-ews (3.60.1 -> 3.60.2) file freerdp (3.24.2 -> 3.26.0) gedit (49.0 -> 50.0) ghostscript (10.07.0 -> 10.07.1) git gnome-software (50.1 -> 50.2) grub2 hplip (3.25.6 -> 3.26.4) hwinfo (25.2 -> 25.3) inkscape javapackages-tools jq kernel-source (7.0.9 -> 7.0.10) kirigami-addons6 (1.12.0 -> 1.12.1) libcaca (0.99.beta20 -> 0.99.beta20+git.1776622070.7c8e333) libgedit-amtk (5.9.2 -> 5.10.0) libgedit-gfls (0.3.1 -> 0.4.1) libgedit-gtksourceview (299.6.0 -> 299.7.0) libgit2 (1.9.3 -> 1.9.4) libqt5-qtbase (5.15.18+kde109 -> 5.15.19+kde96) libqt5-qtdeclarative (5.15.18+kde22 -> 5.15.19+kde23) libqt5-qtgraphicaleffects (5.15.18+kde0 -> 5.15.19+kde0) libqt5-qtquickcontrols2 (5.15.18+kde5 -> 5.15.19+kde5) libqt5-qtspeech (5.15.18+kde1 -> 5.15.19+kde1) libqt5-qtsvg (5.15.18+kde5 -> 5.15.19+kde5) libqt5-qttranslations (5.15.18+kde0 -> 5.15.19+kde0) libqt5-qtwayland (5.15.18+kde55 -> 5.15.19+kde55) libqt5-qtx11extras (5.15.18+kde0 -> 5.15.19+kde0) libqt5-qtxmlpatterns (5.15.18+kde0 -> 5.15.19+kde0) libsoup2 libstorage-ng (4.5.320 -> 4.5.328) libxmlb (0.3.25 -> 0.3.27) mozilla-nspr (4.38.2 -> 4.39) mozilla-nss (3.122.2 -> 3.123.1) openSUSE-release (20260520 -> 20260527) openssh pam (1.7.2 -> 1.7.2+git12) pam-full-src (1.7.2 -> 1.7.2+git12) patterns-base perl-XML-LibXML (2.0210 -> 2.0212) perl-XML-Parser (2.580.0 -> 2.590.0) plasma6-workspace poppler (26.02.0 -> 26.05.0) poppler-qt6 (26.02.0 -> 26.05.0) postfix (3.11.2 -> 3.11.3) publicsuffix (20251001 -> 20260513) python-certifi (2026.2.25 -> 2026.4.22) python-psutil python-requests (2.33.1 -> 2.34.2) rsync (3.4.1 -> 3.4.3) ruby4.0 (4.0.4 -> 4.0.5) selinux-policy (20260508 -> 20260522) shim-leap systemd texlive thin-provisioning-tools (1.2.1 -> 1.3.2) tmux (3.6a -> 3.6b) which (2.23 -> 2.25) xdp-tools xfce4-screenshooter yast2-security (5.0.5 -> 5.0.6) === Details === ==== MozillaFirefox ==== Version update (150.0.2 -> 151.0.1) Subpackages: MozillaFirefox-branding-upstream - Mozilla Firefox 151.0.1 * Fixed a crash experienced by users with Intel Raptor Lake CPUs. (bmo#1950764) * Fixed an issue on Windows where some websites using WebSerial to flash device firmware could fail unexpectedly. (bmo#2040754) - Mozilla Firefox 151.0 * https://www.firefox.com/en-US/firefox/151.0/releasenotes/ MFSA 2026-46 (bsc#1265212) * CVE-2026-8945 (bmo#2003171) Sandbox escape in Firefox and Firefox Focus for Android * CVE-2026-8946 (bmo#2029070) Incorrect boundary conditions in the Audio/Video: Web Codecs component * CVE-2026-8947 (bmo#2038439) Use-after-free in the DOM: Bindings (WebIDL) component * CVE-2026-8948 (bmo#2038803) Same-origin policy bypass in the DOM: Networking component * CVE-2026-8949 (bmo#1355639) Integer overflow in the Widget: Win32 component * CVE-2026-8950 (bmo#1965430) Same-origin policy bypass in the Networking: HTTP component * CVE-2026-8951 (bmo#2018513) Spoofing issue in the Toolbar component in Firefox for Android * CVE-2026-8952 (bmo#2021727) Privilege escalation in the Application Update component * CVE-2026-8953 (bmo#2029511) Sandbox escape due to use-after-free in the Disability Access APIs component * CVE-2026-8954 (bmo#2030747) Incorrect boundary conditions, integer overflow in the Audio/Video component * CVE-2026-8955 (bmo#2031064) Privilege escalation in the DOM: Workers component * CVE-2026-8956 (bmo#2032427) Integer overflow in the Networking: JAR component * CVE-2026-8957 (bmo#2033850) Privilege escalation in the Enterprise Policies component * CVE-2026-8958 (bmo#2034713) Information disclosure, sandbox escape in the Security: Process Sandboxing component * CVE-2026-8959 (bmo#2034754) Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component * CVE-2026-8960 (bmo#1940116) Spoofing issue in WebExtensions * CVE-2026-8961 (bmo#1962625) Spoofing issue in the Form Autofill component * CVE-2026-8962 (bmo#2004804) Mitigation bypass in the DOM: Security component * CVE-2026-8963 (bmo#2021222) Spoofing issue in the Web Speech component * CVE-2026-8964 (bmo#2025170) Spoofing issue in the Popup Blocker component * CVE-2026-8965 (bmo#2025740) Information disclosure in the DOM: Security component * CVE-2026-8966 (bmo#2025849) Information disclosure in the IP Protection component * CVE-2026-8967 (bmo#2027173) Information disclosure in the Graphics: WebGPU component * CVE-2026-8968 (bmo#2030467) Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component * CVE-2026-8969 (bmo#2031123) Mitigation bypass in the DOM: Security component * CVE-2026-8970 (bmo#2032174) Privilege escalation in the Security component * CVE-2026-8971 (bmo#2032604) Same-origin policy bypass in the Networking: JAR component * CVE-2026-8972 (bmo#2033275) Privilege escalation in the WebRTC: Audio/Video component * CVE-2026-8973 (bmo#1362365, bmo#1860538, bmo#1929005, bmo#1983353, bmo#1998526, bmo#2023271, bmo#2023943, bmo#2024244, bmo#2024260, bmo#2024443, bmo#2024665, bmo#2024774, bmo#2024916, bmo#2025346, bmo#2025357, bmo#2025406, bmo#2025434, bmo#2025488, bmo#2025496, bmo#2025942, bmo#2025947, bmo#2025968, bmo#2026279, bmo#2027159, bmo#2027239, bmo#2027276, bmo#2027308, bmo#2027310, bmo#2027324, bmo#2027329, bmo#2027363, bmo#2027381, bmo#2027382, bmo#2027383, bmo#2028274, bmo#2028884, bmo#2029060, bmo#2029065, bmo#2029068, bmo#2029281, bmo#2029293, bmo#2029297, bmo#2029303, bmo#2029439, bmo#2029448, bmo#2029703, bmo#2029720, bmo#2029721, bmo#2029723, bmo#2029770, bmo#2029771, bmo#2029782, bmo#2029818, bmo#2029885, bmo#2030100, bmo#2030379, bmo#2030385, bmo#2030979, bmo#2031119, bmo#2031122, bmo#2034119, bmo#2034791, bmo#2035209, bmo#2036666, bmo#2037986) Memory safety bugs fixed in Firefox 151 * CVE-2026-8974 (bmo#1784128, bmo#1883230, bmo#1983677, bmo#2022390, bmo#2023116, bmo#2023657, bmo#2024255, bmo#2024418, bmo#2024441, bmo#2024447, bmo#2024966, bmo#2025412, bmo#2025467, bmo#2025940, bmo#2025950, bmo#2025956, bmo#2026284, bmo#2027247, bmo#2027255, bmo#2027288, bmo#2027306, bmo#2027322, bmo#2027332, bmo#2027333, bmo#2028266, bmo#2028292, bmo#2028319, bmo#2028526, bmo#2028870, bmo#2028876, bmo#2028882, bmo#2029062, bmo#2029309, bmo#2029414, bmo#2029422, bmo#2029428, bmo#2029447, bmo#2029732, bmo#2029785, bmo#2029793, bmo#2029813, bmo#2029899, bmo#2031028, bmo#2031457, bmo#2032039, bmo#2033610, bmo#2033854, bmo#2034498, bmo#2034628, bmo#2034978, bmo#2035966, bmo#2036668, bmo#2036905, bmo#2036930) Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151 * CVE-2026-8975 (bmo#1860195, bmo#2029325, bmo#2029429, bmo#2029910, bmo#2035915, bmo#2038669, bmo#2038678) ... changelog too long, skipping 5 lines ... - removed obsolete mozilla-bmo531915.patch ==== cfitsio ==== Version update (4.6.3 -> 4.6.4) - Update to version 4.6.4: * This release includes patches to security vulnerabilities. * Input files iter_image.fits and vari.fits added for use in iter_image and iter_var example programs. * New configure/build options --enable-iterprogs for 'configure' and -DITERPROGS=ON for CMAKE. * Absolute paths for installation directories now supported in CMAKE builds. * Bug fixes for edge cases involving lossless compression of int-type images, and for float-types that cannot undergo lossy compression. * Bug fix for case of switching between HDUs of lossless and quantized compression. * Bug fix for applying histogram binning to image extensions. ==== coreutils ==== - coreutils-tee-fix-infloop-on-EAGAIN-and-short-write.patch: Add upstream patch (boo#1265378) * 'tee' no longer loops infinitely after writing all output if a write call sets errno to EAGAIN. [bug introduced in coreutils-9.11] * 'tee' no longer treats short writes as errors. [bug introduced in coreutils-9.11] ==== coreutils-systemd ==== - coreutils-tee-fix-infloop-on-EAGAIN-and-short-write.patch: Add upstream patch (boo#1265378) * 'tee' no longer loops infinitely after writing all output if a write call sets errno to EAGAIN. [bug introduced in coreutils-9.11] * 'tee' no longer treats short writes as errors. [bug introduced in coreutils-9.11] ==== crypto-policies ==== Subpackages: crypto-policies-scripts - Remove crypto-policies-Allow-sshd-in-FIPS-mode-using-DEFAULT.patch to allow X25519 as required for sntrup761x25519-sha512@openssh.com and sntrup761x25519-sha512 in the DEFAULT policy. (bsc#1259825) Rebase crypto-policies-Allow-openssl-other-policies-in-FIPS-mode.patch - Add PQC support for OpenSSH (bsc#1258311, bsc#1259825) * Enable sntrup761x25519-sha512 for OpenSSH by default * Add crypto-policies-OpenSSH-PQC.patch ==== emacs-compat ==== Version update (30.1.0.1 -> 31.0.0.1) - Rebase 0001-Add-install-target.patch against new upstream version - Update to version 31.0.0.1: * compat-31: Improve with-work-buffer implementation - Changes from version 31.0.0.0 * compat-28: New pcase pattern =cl-type=. * compat-29: Add =string-glyph-compose= and =string-glyph-decompose=. (gh#emacs-compat/compat#76) * compat-31: New macros =static-when= and =static-unless=. * compat-31: New functions =oddp= and =evenp=. * compat-31: New functions =minusp= and =plusp=. * compat-31: New macros =incf= and =decf=. * compat-31: New function =color-blend=. * compat-31: New function =completion-table-with-metadata=. * compat-31: New function =completion-list-candidate-at-point=. * compat-31: New macro =with-work-buffer=. * compat-31: New function =unbuttonize-region=. * compat-31: New extended function =seconds-to-string=. * compat-31: New function =hash-table-contains-p=. * compat-31: New function =remove-display-text-property=. * compat-31: New functions =drop-while=, =take-while=, =member-if=, =any=, =all=. * compat-31: New function =set-local=. * compat-31: New function =ensure-proper-list=. * compat-31: New error API functions =error-type-p=, =error-has-type-p=, =error-type= and =error-slot-value=. * Drop support for Emacs 24.x. Emacs 25.1 is required now. In case Emacs 24.x support is still needed, Compat 30 can be used. ==== emacs-jinx ==== Version update (2.6 -> 2.8) - Update to version 2.8: * Require Compat 31 * Exclude the appropriate faces/properties in git-commit-mode * Add support for minor modes to jinx-include-* and jinx-exclude-* variables. - Changes from version 2.7: * Improve mouse menu. ==== evince ==== Version update (48.1+6 -> 48.4) Subpackages: evince-plugin-pdfdocument libevdocument3-4 libevview3-3 typelib-1_0-EvinceDocument-3_0 typelib-1_0-EvinceView-3_0 - Update to version 48.4: + Just a versionbump, all changes already in place in our 48.2. Upstream needed to rerelease the tarballs, hence the bump. - Update to version 48.2: + shell: Quote strings in arguments used when calling ev_spawn ==== evolution ==== Version update (3.60.1 -> 3.60.2) Subpackages: evolution-plugin-spamassassin - Update to version 3.60.2: + Bug Fixes: - Truncated file stored in the (mail) cache - prefer-plain: Empty body when prefer plain with HTML and no plain text - Fails to import Chinese Outook PST file (charset) - Marcus Bains line is displayed on the wrong day - Inconsistent timezone for completed tasks - Mail: Call malloc_trim after folder sync and message list regen + Miscellaneous: - message-list: Remove redundant g_free call - test-web-view-jsc: Correct JavaScript variable initialization - e-message-popover: Make the label text selectable - Calendar: Use icaldurationtype_as_utc_seconds() for libical 4.x - ECategoriesSelector: chain-up finalize to parent - mail: Use E_OAUTH2_SERVICE_ERROR instead of abused G_IO_ERROR codes + Updated translations. ==== evolution-data-server ==== Version update (3.60.1 -> 3.60.2) Subpackages: libcamel-1_2-67 libebackend-1_2-11 libebook-1_2-21 libebook-contacts-1_2-5 libecal-2_0-3 libedata-book-1_2-27 libedata-cal-2_0-2 libedataserver-1_2-27 libedataserverui-1_2-4 - Update to version 3.60.2: + Bug Fixes: - IMAPx: Sent folder reverts to default with iCloud email and Quick Resync - Truncated file stored in the (mail) cache + Miscellaneous: - e-ms-oapxbc: . Simplify error handling in MS-OAPXBC OIDC extension . Fix error handling of broker response . Align D-Bus parameters with sso-mib . Add support for broker versions > 2.0.1 - Do not lock SExp object in data book/cal views start - e-book-meta-backend: Handle data: URI-s in PHOTO/LOGO - Calendar: Use icaldurationtype_as_utc_seconds() for libical 4.x - OAuth2: Use its own error domain and add camel_util_is_network_error() + Updated translations. ==== evolution-ews ==== Version update (3.60.1 -> 3.60.2) - Update to version 3.60.2: + Bug Fixes: - m365: . Skip Out of Office check for shared mailboxes . GOA account can delay OAuth2 support addition - Truncated file stored in the (mail) cache + Miscellaneous: - e-m365-connection: Ensure soup message body is filled on retry - Calendar: Use icaldurationtype_as_utc_seconds() for libical 4.x - OAuth2: Uses its own error domain ==== file ==== Subpackages: file-magic libmagic1 - Add patch file-5.47-s390x.patch from upstream commit Work around an endianess problem on s390x ==== freerdp ==== Version update (3.24.2 -> 3.26.0) Subpackages: libfreerdp3-3 librdtk0-0 libwinpr3-3 - Update to version 3.26.0: + CVE fixes: * 3 High ranking (no numbers assigned yet) + Bug and security fixes release + Changes: * cmake: Findyuv: Use correct pkgconfig name (#12666) * Remove deallocator attribute from rfx_message_free (#12681) * [winpr,utils] improve winpr/ntlm.h (#12677) * rdpecam-v4l: stop the capture thread when streaming is cleared (#12690) * fix(winpr,ncrypt): support PIV retired key slots for smartcard logon (#12684) * [core,instance] fix deprecation guards (#12691) * [ci,alt-arch] enable internal MD4, MD5 and RC4 (#12692) * Add VideoToolbox H.264 support for ffmpeg (#12694) * [client,common] add /args-from:file: syntax (#12697) * [ci,freebsd] update freebsd builds (#12698, #12700, #12701, #12702) * [client, android] UI modernization, SQLCipher and more (#12685, #12686, #12687, #12730, * #12731, #12736, #12737, #12688) * [cmake,deps] use alias target for sso-mib (#12706) * [core,settings] add auto reconnect triggered flag (#12709) * Force YUV420P when videotoolbox is used (#12711) * Release cleanups (#12712) * [gdi,gfx] fix bounds checks and proxy unit tests (#12713) * Improved input checks (#12714) * [winpr,utils] add unit tests for command line parser (#12716) * Cmdline fixes (#12717) * [codec,planar] fix bounds checks (#12718) * [client,common] add freerdp_client_settings_parse_command_line_argumeā€¦ (#12724) * [winpr,sspi] clean up ntlm code (#12732) - Update to version 3.25.0: + CVE fixes: * CVE-2026-40254 + Bug and security fixes release: * Experimental AV1 support has been added. This currently works only with FreeRDP based servers. * Most notably there is now support for [MS-RDPEWA] (FIDO2 redirection) * Android client received a (small) facelift * Improved SDL3 client drawing performance * Console output support for SDL3 (windows) and windows native client * RDP proxy now supports NSCodec and RFX modes. * RDP PRoxy now has smartcard emulation and SAM file support (via config file) * Smartcard KSP support for NLA authentication + Changes: * [winpr,wlog] add WLog_SetGlobalPrefix (#12497) * [channels,video] fix wrong cast (#12511) * [codec,openh264] reject encoder ABI mismatch on runtime-loaded library (#12510) * [client,sdl] create a copy of rdpPointer (#12512) * [codec,video] properly pass intermediate format (#12518) * [utils, signal] lazily initialize Windows CRITICAL_SECTION to match POSIX static mutex behavior (#12520) * winpr: improve libunwind backtraces (#12530) * [server,shadow] remember selected caps (#12528) * Zero credential data before free in NLA and NTLM context (#12532) * [server,proxy] ignore missing client in input channel (#12536) * [server,proxy] ignore rdpdr messages (#12537) * [winpr,sspi] improve kerberos logging (#12538) * Codec fixes (#12542) * [winpr,sspi] Fix context nullptr handling (#12543) * Dev 3.24.3 dev0 (#12545) * Fix memory leak in gdi_create_bitmap() on gdi_CreateBitmap failure (libfreerdp/gdi/graphics.c) (#12547) * Fix memory leak in vgids_read_do_fkt() on Stream_New failure (libfreerdp/emu/scard/smartcard_virtual_gids.c) (#12548) * Proxy config improve (#12549) * Proxy config improve (#12550) * [client,sdl] clamp cursor hotspot (#12553) * RFC: Research/av1 codec extension (#12527) * [winpr,kerberos] fix krb_log_context_encryption (#12555) * [client,sdl] fix global init return check (#12558) * Fix remote credential with windows11h2 (#12560) * Proxy scard auth improvements (#12561) * [winpr,sspi] guard krb5_get_etype_info (#12562) * [utils,smartcard] fix STATUS_BUFFER_TOO_SMALL (#12564) * [client,common] do not manipulate security settings for smartcard-logon (#12567) * [channels,audin] fix regression for microphone (#12570) * [client,sdl] add SDL_KMOD_MODE and SDL_KMOD_LEVEL5 (#12569) * Fix unbound strlen on slotDescription (#12571) * build: Update FindFFmpeg.cmake to support Apple frameworks with 'lib' prefix (#12565) * [channels,rdpewa] add WebAuthn virtual channel support (#12572) * [core] fix freerdp_get_nla_sspi_error always returning 0 on client (#12574) * [ci] enable rdpewa channel (#12576) * small refactoring (#12578) * Rdpewa unify notifications (#12581) * [client,sdl] fix crash when clicking 'cancel' on PIN popup (#12580) * [channels,drive] refine bounds checks (#12584) * fix: smartcard logon with ECC keys and minidriver-assigned container names (#12585) * Various papercuts (#12583) * fix: console output on Windows client (#12573) * [winpr,crt] dump stack on aligned memory errors (#12588) * [client,x11] keep scancode input for Ctrl/Alt/Super combinations in /kbd:unicode mode (#12590) * [codec,progressive] fix underflow guard in progressive_rfx_quant_sub (#12592) * fix: wfreerdp floatbar visibility (#12594) * [winpr,json] return a copy from WINPR_JSON_Print* (#12595) * [client,sdl] drop WITH_DEBUG_SDL_EVENTS (#12599) * Ncrypt and asn1 cleanup (#12604) * Video channel fix (#12593) * [codec,h264] fix media foundation backend (#12606) * fix(sdl): detect Hyprland and river in tryFallback() (#12608) * Proxy stress fixes (#12597) * Add new fuzzer tests (#12613) * fix(sdl): use SDL_Renderer instead of software surfaces (#12607) * fix(sdl): BFS neighbor walk pop/begin mismatch in addOrUpdateDisplay (#12614) * fix(sdl): promote first monitor as primary when subset excludes primary (#12618) * [ci,android] default to only aarch64 (#12622) ... changelog too long, skipping 19 lines ... * [codec,dsp] fix fencepost error in dsp_ima_clamp_step (#12655) ==== gedit ==== Version update (49.0 -> 50.0) - Update to version 50.0: + Copy the plugins from the gedit-plugins repository: Word Completion, Smart Spaces, Draw Spaces and Bookmarks. The gedit-plugins repository will be archived. + Guidelines: no LLM AI tools. + macOS: small build simplification. + Updated translations. ==== ghostscript ==== Version update (10.07.0 -> 10.07.1) Subpackages: ghostscript-x11 - Version upgrade to 10.07.1 See 'Recent Changes in Ghostscript' at Ghostscript upstream https://ghostscript.readthedocs.io/en/gs10.07.1/News.html * This release addresses a number of potential security issues. ==== git ==== Subpackages: git-core git-email git-gui git-web gitk perl-Git - Add requires for awk as it is used by /usr/share/bash-completion/completions/git ==== gnome-software ==== Version update (50.1 -> 50.2) Subpackages: gnome-software-plugin-packagekit - Update to version 50.2: + Fix duplicate web apps with the same URL showing as one entry + Fix hiding the Incompatible Software dialog + Updated translations. ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-arm64-efi-bls grub2-common grub2-snapper-plugin grub2-systemd-sleep-plugin - Add python-base BR ==== hplip ==== Version update (3.25.6 -> 3.26.4) Subpackages: hplip-base hplip-common hplip-cups hplip-driver-hpcups hplip-sane libhplip0 - Update to HPLIP 3.26.4 - Fix CVE-2026-8631 (bsc#1266023) - Fix CVE-2026-8632 (bsc#1266024) - Add support for the following new printers: * HP LaserJet Pro MFP 3106sdw * HP LaserJet Pro MFP 3105sdw * HP Envy 6500e series * HP Envy 6500 series * HP OfficeJet Pro 9730 Series * HP OfficeJet Pro 9730e Series * HP OfficeJet Pro 9720 Series * HP OfficeJet Pro 9720e Series * HP OfficeJet Pro 8130e All-in-One series * HP OfficeJet Pro 8130 All-in-One series * HP OfficeJet 8130e All-in-One series * HP OfficeJet 8130 All-in-One series * HP OfficeJet Pro 8120e All-in-One series * HP OfficeJet Pro 8120 All-in-One series * HP OfficeJet 8120e All-in-One series * HP OfficeJet 8120 All-in-One series * HP DeskJet Ink Advantage ultra 5800 All-in-One Printer series * HP DeskJet Ink Advantage ultra 5100 All-in-One Printer series * HP DeskJet 4300e All-in-One Printer series * HP DeskJet Ink Advantage 4300 All-in-One Printer series * HP DeskJet 4300 All-in-One Printer series * HP DeskJet 2900e All-in-One Printer series * HP DeskJet Ink Advantage 2900 All-in-One Printer series * HP DeskJet 2900 All-in-One Printer series - Adjust the version condition not to build scan_utils since %suse_version macro has been changed to 1610 in Leap 16.1 ==== hwinfo ==== Version update (25.2 -> 25.3) Subpackages: libhd25 - merge gh#openSUSE/hwinfo#178 - fix memory leaks in pci and pppoe modules (bsc#1265908) - avoid NULL pointer in ADD2LOG() call - 25.3 ==== inkscape ==== Subpackages: inkscape-extensions-extra inkscape-extensions-gimp - Add 98828255aa0c1212329236b3ff4ac7f41efb4a67.patch: Fix: support for poppler >= 26.05 font encoding change (boo#1265939) ==== javapackages-tools ==== Subpackages: javapackages-filesystem - Add missing python3-base requirements. - 'python-javapackages' subpackage for the primary Python interpreter should also provide 'python3-javapackages' symbol. ==== jq ==== Subpackages: libjq1 - Add patch CVE-2026-33948.patch (CVE-2026-33948, bsc#1262043) - Add patch CVE-2026-32316.patch (CVE-2026-32316, bsc#1262044) - Add patch CVE-2026-33947.patch (CVE-2026-33947, bsc#1262069) - Add patch CVE-2026-39956.patch (CVE-2026-39956, bsc#1262070) - Add patch CVE-2026-39979.patch (CVE-2026-39979, bsc#1262071) - Add patch CVE-2026-40164.patch (CVE-2026-40164, bsc#1262072) - Add patch CVE-2026-40612.patch (CVE-2026-40612, bsc#1265060) - Add patch CVE-2026-41256.patch (CVE-2026-41256, bsc#1265061) - Add patch CVE-2026-41257.patch (CVE-2026-41257, bsc#1265062) - Add patch CVE-2026-43894.patch (CVE-2026-43894, bsc#1265070) - Add patch CVE-2026-43895.patch (CVE-2026-43895, bsc#1265071) - Add patch CVE-2026-43896.patch (CVE-2026-43896, bsc#1265075) - Add patches CVE-2026-44777_0.patch and CVE-2026-44777_1.patch (CVE-2026-44777, bsc#1265076) ==== kernel-source ==== Version update (7.0.9 -> 7.0.10) Subpackages: kernel-64kb kernel-default - tracing: Avoid NULL return from hist_field_name() on truncation (git-fixes). - firmware: arm_ffa: Align RxTx buffer size before mapping (git-fixes). - commit bb95589 - Linux 7.0.10 (bsc#1012628). - blk-cgroup: wait for blkcg cleanup before initializing new disk (bsc#1012628). - md: suppress spurious superblock update error message for dm-raid (bsc#1012628). - fs/omfs: reject s_sys_blocksize smaller than OMFS_DIR_START (bsc#1012628). - fs/mbcache: cancel shrink work before destroying the cache (bsc#1012628). - md/raid1: fix the comparing region of interval tree (bsc#1012628). - fs: fix archiecture-specific compat_ftruncate64 (bsc#1012628). - drbd: Balance RCU calls in drbd_adm_dump_devices() (bsc#1012628). - loop: fix partition scan race between udev and loop_reread_partitions() (bsc#1012628). - block: fix zones_cond memory leak on zone revalidation error paths (bsc#1012628). - nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty() (bsc#1012628). - blk-cgroup: fix disk reference leak in blkcg_maybe_throttle_current() (bsc#1012628). - pstore/ram: fix resource leak when ioremap() fails (bsc#1012628). - erofs: include the trailing NUL in FS_IOC_GETFSLABEL (bsc#1012628). - md: fix array_state=clear sysfs deadlock (bsc#1012628). - ublk: reset per-IO canceled flag on each fetch (bsc#1012628). - blk-wbt: remove WARN_ON_ONCE from wbt_init_enable_default() (bsc#1012628). - erofs: handle 48-bit blocks/uniaddr for extra devices (bsc#1012628). - md: remove unused static md_wq workqueue (bsc#1012628). - md: wake raid456 reshape waiters before suspend (bsc#1012628). - dcache: permit dynamic_dname()s up to NAME_MAX (bsc#1012628). - btrfs: fix the inline compressed extent check in inode_need_compress() (bsc#1012628). - btrfs: fix deadlock between reflink and transaction commit when using flushoncommit (bsc#1012628). - btrfs: do not reject a valid running dev-replace (bsc#1012628). - OPP: debugfs: Use performance level if available to distinguish between rates (bsc#1012628). - OPP: Move break out of scoped_guard in dev_pm_opp_xlate_required_opp() (bsc#1012628). - ACPI: x86: cmos_rtc: Clean up address space handler driver (bsc#1012628). - ACPI: x86: cmos_rtc: Improve coordination with ACPI TAD driver (bsc#1012628). - devres: fix missing node debug info in devm_krealloc() (bsc#1012628). - thermal/drivers/spear: Fix error condition for reading st,thermal-flags (bsc#1012628). - debugfs: check for NULL pointer in debugfs_create_str() (bsc#1012628). - debugfs: fix placement of EXPORT_SYMBOL_GPL for debugfs_create_str() (bsc#1012628). - soundwire: debugfs: initialize firmware_file to empty string (bsc#1012628). - amd-pstate: Fix memory leak in amd_pstate_epp_cpu_init() (bsc#1012628). - amd-pstate: Update cppc_req_cached in fast_switch case (bsc#1012628). - cpufreq: Pass the policy to cpufreq_driver->adjust_perf() (bsc#1012628). - PCI: use generic driver_override infrastructure (bsc#1012628). - platform/wmi: use generic driver_override infrastructure (bsc#1012628). - vdpa: use generic driver_override infrastructure (bsc#1012628). - s390/cio: use generic driver_override infrastructure (bsc#1012628). - s390/ap: use generic driver_override infrastructure (bsc#1012628). - bus: fsl-mc: use generic driver_override infrastructure (bsc#1012628). - locking/mutex: Rename mutex_init_lockep() (bsc#1012628). - locking/mutex: Fix wrong comment for CONFIG_DEBUG_LOCK_ALLOC (bsc#1012628). - irqchip/irq-pic32-evic: Address warning related to wrong printf() formatter (bsc#1012628). - hrtimer: Avoid pointless reprogramming in __hrtimer_start_range_ns() (bsc#1012628). - hrtimer: Reduce trace noise in hrtimer_start() (bsc#1012628). - locking: Fix rwlock and spinlock lock context annotations (bsc#1012628). - signal: Fix the lock_task_sighand() annotation (bsc#1012628). - ww-mutex: Fix the ww_acquire_ctx function annotations (bsc#1012628). - perf/amd/ibs: Account interrupt for discarded samples (bsc#1012628). - perf/amd/ibs: Preserve PhyAddrVal bit when clearing PhyAddr MSR (bsc#1012628). - perf/amd/ibs: Avoid calling perf_allow_kernel() from the IBS NMI handler (bsc#1012628). - x86/tdx: Fix the typo in TDX_ATTR_MIGRTABLE (bsc#1012628). ... changelog too long, skipping 2041 lines ... - commit 17ac7c8 ==== kirigami-addons6 ==== Version update (1.12.0 -> 1.12.1) Subpackages: libKirigamiAddonsComponents6 libKirigamiAddonsStatefulApp6 libKirigamiApp6 - Update to 1.12.1 This is a minor release containing mostly bug fixes and small refactoring ==== libcaca ==== Version update (0.99.beta20 -> 0.99.beta20+git.1776622070.7c8e333) - Updated to version 0.99.beta20+git.1776622070.7c8e333: * Switched to typed Ruby wrapping. * Simplified caca_create_display call. * Do not used _caca_alloc2d in the Ruby extension. * Prevented Init_caca from being hidden. * Reverted 156781dd67d024dc067010ef8640d0b91c5c3356. * Switched from MiniTest to Minitest. * Prevented undefined behaviour in overflow check (CVE-2026-42046 bsc1264984). * Fixed a crash on 0 sized font in img2txt. * Fixed an error message in img2txt. * Fixed handling of zero sized image in img2txt. - Rewrited the SPEC file to correctly generate Python packages in all available versions. ==== libgedit-amtk ==== Version update (5.9.2 -> 5.10.0) Subpackages: libgedit-amtk-5-0 typelib-1_0-Amtk-5 - Update to version 5.10.0: + Change the definition of Amtk to "The Good Morning Toolkit". libgedit-amtk contains extra features for GTK 3, not only limited to the "Actions, Menus and Toolbars Kit". + Add AmtkTreeViewScrolledWindowSizing, an improved version imported from libgedit-gtksourceview. ==== libgedit-gfls ==== Version update (0.3.1 -> 0.4.1) - Update to version 0.4.1: + Fix a unit test on big-endian architectures. + Updated translations. - Changes from version 0.4.0: + New features: GflsBytesRegion, GflsBytesRegionBuilder and GflsEncodingConvert. + New features imported from libgedit-gtksourceview: GflsIconv. + GflsInputStream: import improved version from libgedit-gtksourceview. + Updated translations. ==== libgedit-gtksourceview ==== Version update (299.6.0 -> 299.7.0) Subpackages: typelib-1_0-GtkSource-300 - Update to version 299.7.0: + Completion framework: - Cherry-pick a few commits from GtkSourceView 4 to no longer use deprecated API and use gdk_window_move_to_rect(). - Move GtkSourceCompletionContainer to libgedit-amtk as AmtkTreeViewScrolledWindowSizing. - Some code refactorings. + File loading and saving: - Move some code to libgedit-gfls and depend on it: . GtkSourceIconv -> GflsIconv . GtkSourceInputStream -> GflsInputStream . Use gfls_encoding_try_convert() + Syntax highlightging: Improvements to the syntax highlighting of: markdown and yaml. + Other: - A new public function in GtkSourceBuffer. - Avoid some code duplication. + Updated translations. - Bump soname define. - Add pkgconfig(libgedit-amtk-5) and pkgconfig(libgedit-gfls-1) BuildRequires: New dependencies. ==== libgit2 ==== Version update (1.9.3 -> 1.9.4) - update to 1.9.4: * cmake: separate generated headers from translated headers * Avoid uninitialized variable warnings in gcc * fix: Recognize relative worktrees extension * fix(sha256): thread-safety bug in builtin SHA-256 ==== libqt5-qtbase ==== Version update (5.15.18+kde109 -> 5.15.19+kde96) Subpackages: libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 libqt5-qtbase-platformtheme-gtk3 - Update to version 5.15.19+kde96, rebased upstream: * Replace commercial license header with LGPL license header * Revert "Update to Harfbuzz 10.0.1" * QByteArray(View)::lastIndexOf: Guard against needle > haystack * Upgrade Harfbuzz to 11.1.0 * Update PCRE2 to 10.45 * Upgrade Harfbuzz to 11.0.0 * 3rdparty: update TinyCBOR to v0.6.1 * qmake: SBOM 5.15 qmake2cmake parsing fixes * Long live qstdlibdetection.h! * Fix build error in test when lttng tracing backend is enabled * QAbstractSlider: fix missing "emission" of SliderOrientationChange * tst_QAbstractSlider: add a check for sliderChange() "emission" * QStandardItem: add note about reimplementing data/setData() wrt. flags * tst_QPointer: make DerivedParent delete all children * Replace qFatal() statements with qWarning() in case of failed queries * Fix race condition with QTest::ignoreMessage * Add maybe_unused in benchmark to guard against nodiscard in the future * QDockWidgetLayout: mark the ctor explicit * QMdiSubwindow: fix UB (invalid member call) in ControlContainer::removeButtonsFromMenuBar() * tst_QGraphicsGridLayout: fix memleaks in setGeometry() * tst_QGraphicsGridLayout: fix memleak in spanAcrossEmptyRow() * SQLite: Update SQLite to v3.49.1 * tst_QMainWindow: fix unit'ed value in AddDockWidget * tst_QGraphicsGridLayout: fix memory leaks in columnCount() * tst_QGraphicsGridLayout: fix memleaks in spanningItem2x3() * tst_QGraphicsGridLayout: fix memleak in removeItem() * tst_QGraphicsGridLayout: fix memleak in spanningItem2x2() * tst_QGraphicsGridLayout: fix memleaks in addItem() * tst_QGraphicsGridLayout: remove unneeded delete in rowMaximumHeight() * tst_QGraphicsGridLayout: fix memory leaks in rowCount() * tst_QGraphicsGridLayout: fix memleaks in columnSpacing() * tst_QGraphicsLinearLayout: remove remaining memleaks in insertItem() * tst_QGraphicsLinearLayout: fix memleaks in defaultSpacing() * Add a benchmark for QTimeZone::utc * QPainterPath: detach and reset before streaming in * xcb: set _NET_STARTUP_ID at client leader window * Fix generation of the forward header for QFunctionPointer * qUtf16Printable: avoid creating a copy of a QString * QIcon: remove icon from cache if the cached engine fails to load * CommonStyle/QSlider: don't modify outline color * tst_QGraphicsWidget: fix memleak in shortcutsDeletion() * tst_QGraphicsLayout: fix memleaks in alternativeLayoutItems() * tst_QSplitter: fix memleak in replaceWidget() * tst_QGraphicsScene: fix memleaks in selectionChanged()/removeItem() * tst_QComboBox: ignore two warnings from setCompleter() in getSetCheck() * QComboBox: fix UB (signed overflow) in Private::recomputeSizeHint() * tst_QComboBox: fix memleak in task_QTBUG_56693_itemFontFromModel() * tst_QComboBox: fix memleaks in task_QTBUG_52027_mapCompleterIndex() * tst_QComboBox: fix memleak in task190205_setModelAdjustToContents() * tst_QComboBox: fix memleaks in setItemDelegate()/task253944_itemDelegateIsReset() * tst_QComboBox: fix memleak in getSetCheck() * tst_QTextEdit: fix UB (invalid downcast) in various functions * tst_QTextEdit: fix memleak in the MyPaintDevice helper * QLineEdit: fix UB (invalid downcast) in Private::removeAction() * SQLite: Update SQLite to v3.49.0 * tst_QTreeView: fix memleak in fetchUntilScreenFull() * QFileSystemModel: remove an unneeded const_cast * SQLite: Update SQLite to v3.48.0 * SQLite: Update SQLite to v3.47.2 * QXmlStreamReader: fix parsing of non-wellformed inputs * QGUTheme: add Pantheon to the list of GTK based desktop environments * tst_QWidget: fix a memleak in destroyedSignal() * tst_QGraphicsWidget: remove unneeded casts in setStyle() * tst_QGraphicsWidget: fix memleak in qgraphicswidget() * tst_QGraphicsWidget: remove unused object from qgraphicswidget() * tst_QGraphicsWidget: fix memleak in setStyle() * tst_QGraphicsWidget: fix memleak in implicitMouseGrabber() * tst_QGraphicsProxyWidget: fix memleak in forwardTouchEvent() * tst_QGraphicsLinearLayout: remove dead code (dump()) * tst_QGraphicsLinearLayout: fix memleaks in count()/insertIrem() * tst_QGraphicsLinearLayout: fix memleaks in itemAt() * tst_QGraphicsLinearLayout: fix memleaks in itemAt_visualOrder() * tst_QGraphicsLinearLayout: fix memleak in testStretch() * tst_QSplitter: don't leak the QSplitter from initTestCase() * tst_QGraphicsLinearLayout: fix memory leaks in removeAt()/removeItem() * Text widgets: document find() behavior with QRegularExpression * tst_QButtonGroup: fix memleak in task209485_removeFromGroupInEventHandler() * tst_QButtonGroup: fix memleak in keyNavigationPushButtons() * tst_QAbstractScrollArea: fix memleak in task214488_layoutDirection() * QTapGestureRecognizer: fix UB (invalid downcast) in recognize() * tst_QFrame: fix memleak in testPainting() * QXcbDrag: Fix UB (unaligned load) in handleFinished() * tst_QLayout: fix memleak in removeWidget() * tst_QGraphicsItem: properly init QGraphicsSceneDragDropEvent * tst_QGraphicsEffectSource: fix memleak in pixmapPadding() * tst_QGraphicsScene: fix memleaks in taskQTBUG_7863_paintIntoCacheWithTransparentParts() * tst_QGraphicsScene: fix memleak in taskQTBUG_5904_crashWithDeviceCoordinateCache() * tst_QGraphicsItem: fix memleaks in sceneEventFilter() * tst_QGraphicsItem: fix memory leaks in mapRectFromToParent() * QAbstractItemView: fix UB (invalid downcast) in Private::shouldAutoScroll() * tst_QHeaderView: fix UB (invalid downcast) in testStylePosition() * tst_QCalendarWidget: fix memleak in showPrevNext() * QWidgetWindow: fix UB (invalid downcast) in Private::handleDragEnterEvent() * QDateTime: code tidies * Fix UB in QTextStreamPrivate::putNumber() * Narrow some #if-ery on QT_BUILD_INTERNAL to test more normally * tst_QByteArray: check replace() doesn't replace the terminating 0 * QUrl: add a link in a code fragment ... changelog too long, skipping 50 lines ... - Make use of %{?build_ldflags} ==== libqt5-qtdeclarative ==== Version update (5.15.18+kde22 -> 5.15.19+kde23) - Update to version 5.15.19+kde23, rebased upstream: * Increase robustness of tag in Text component * Fix division by zero in QQuickSvgParser * Fix the build with tracing enabled * Fix divide by zero when processing invalid arcs * 2D Renderer: Make sure cachedMirroredPixmap is never dirty when painting * V4: Do not update proto usage before engine is fully initialized * Bump version to 5.15.19 ==== libqt5-qtgraphicaleffects ==== Version update (5.15.18+kde0 -> 5.15.19+kde0) - Update to version 5.15.19+kde0, rebased upstream: * Bump version to 5.15.19 ==== libqt5-qtquickcontrols2 ==== Version update (5.15.18+kde5 -> 5.15.19+kde5) Subpackages: libQt5QuickControls2-5 libQt5QuickTemplates2-5 - Update to version 5.15.19+kde5, rebased upstream: * Bump version to 5.15.19 ==== libqt5-qtspeech ==== Version update (5.15.18+kde1 -> 5.15.19+kde1) Subpackages: libQt5TextToSpeech5 libqt5-qtspeech-plugin-speechd - Update to version 5.15.19+kde1, rebased upstream: * Bump version to 5.15.19 ==== libqt5-qtsvg ==== Version update (5.15.18+kde5 -> 5.15.19+kde5) - Update to version 5.15.19+kde5, rebased upstream: * Bump version to 5.15.19 ==== libqt5-qttranslations ==== Version update (5.15.18+kde0 -> 5.15.19+kde0) - Update to version 5.15.19+kde0, rebased upstream: * Bump version to 5.15.19 ==== libqt5-qtwayland ==== Version update (5.15.18+kde55 -> 5.15.19+kde55) Subpackages: libQt5WaylandClient5 libQt5WaylandCompositor5 - Update to version 5.15.19+kde55, rebased upstream: * Bump version to 5.15.19 ==== libqt5-qtx11extras ==== Version update (5.15.18+kde0 -> 5.15.19+kde0) - Update to version 5.15.19+kde0, rebased upstream: * Bump version to 5.15.19 ==== libqt5-qtxmlpatterns ==== Version update (5.15.18+kde0 -> 5.15.19+kde0) Subpackages: libQt5XmlPatterns5 libqt5-qtxmlpatterns-imports - Update to version 5.15.19+kde0, rebased upstream: * Bump version to 5.15.19 ==== libsoup2 ==== - Add 35af2342.patch: tld-test: update after changes in the public suffix list: "*.bd" is no longer in the public suffix list so let's use ".jm" instead. ==== libstorage-ng ==== Version update (4.5.320 -> 4.5.328) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#1078 - update github actions - install git - 4.5.328 - merge gh#openSUSE/libstorage-ng#1077 - improve memory usage - 4.5.327 - merge gh#openSUSE/libstorage-ng#1076 - added checks - 4.5.326 - merge gh#openSUSE/libstorage-ng#1075 - added check - added test case - 4.5.325 - merge gh#openSUSE/libstorage-ng#1074 - make parted parser more robust - added test cases - 4.5.324 - Translated using Weblate (German) (bsc#1149754) - 4.5.323 - Translated using Weblate (Italian) (bsc#1149754) - Translated using Weblate (French) (bsc#1149754) - 4.5.322 - Translated using Weblate (Portuguese (Brazil)) (bsc#1149754) - 4.5.321 ==== libxmlb ==== Version update (0.3.25 -> 0.3.27) - Update to version 0.3.27: + New Features: Bump the required version of GLib to 2.68 + Bugfixes: - Do not construct an invalid silo when processing more than 30 attrs - Fix NULL pointer dereference when searching with NULL needle - Fix potential use-after-free when building the in() haystack - Fix stem() type-checking the wrong stack position - Handle NULL string opcodes in more functions - Limit operator recursion depth in xb_machine_parse_section - Limit the number of predicates and OR branches in each section - Prevent an infinite loop when parsing a corrupt silo - Reject XML with more than 65535 unique element names - Changes from version 0.3.26: + New Features: Parse CDATA as text + Bugfixes: - Add bounds check to prevent OOB read in token index lookup - Do not write an invalid silo when more than 63 attrs on one node - No inotify for illumos and Solaris - Prevent stack overflow from unbounded recursion in export ==== mozilla-nspr ==== Version update (4.38.2 -> 4.39) - update to versoin 4.39 * Improved error handling in PR_CreateThread on Windows * Cleanup and Type-cast fixes for prtime * Remove unused prstreams C++ wrapper from NSPR * Memory poisoning and Arena redzone fixes * Removed emacs/vim modelines and .cvsignore files * Added .editorconfig ==== mozilla-nss ==== Version update (3.122.2 -> 3.123.1) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-tools - update to NSS 3.123.1 * bmo#2033783 - reject DTLS 1.3 Server Hello after HVR without capping ss->vrange.max - update to NSS 3.123 * https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/AW6VHkn6E0o - disabled FIPS patches temporarily (need significant rebasing) ==== openSUSE-release ==== Version update (20260520 -> 20260527) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - Improve %prep LDAP regex to preserve subdirectories (e.g., ope- nbsd-compat/) and handle optional [ab]/ prefixes. ==== pam ==== Version update (1.7.2 -> 1.7.2+git12) - Update to version 1.7.2+git12: * pam_env: fix check for buffer size (#975) * pam.8: Drop self reference * pam_unix: always call unix_update if SELinux is enabled (obsoletes pam_unix-selinux.patch) * ci: use one-line syntax for the matrix strategy * ci: add logind jobs for all compilers to the build matrix * ci: add clang-19 jobs to the build matrix * po: update translations using Weblate (Greek) * ci: replace vendordir jobs with novendordir * ci/build.sh: add support for empty VENDORDIR * ci: apply Zizmor recommendations to workflow * ci: use matrix strategy to avoid code duplication * meson: do not undefine _FILE_OFFSET_BITS for 64-bit platforms ==== pam-full-src ==== Version update (1.7.2 -> 1.7.2+git12) Subpackages: pam-extra pam-manpages - Update to version 1.7.2+git12: * pam_env: fix check for buffer size (#975) * pam.8: Drop self reference * pam_unix: always call unix_update if SELinux is enabled (obsoletes pam_unix-selinux.patch) * ci: use one-line syntax for the matrix strategy * ci: add logind jobs for all compilers to the build matrix * ci: add clang-19 jobs to the build matrix * po: update translations using Weblate (Greek) * ci: replace vendordir jobs with novendordir * ci/build.sh: add support for empty VENDORDIR * ci: apply Zizmor recommendations to workflow * ci: use matrix strategy to avoid code duplication * meson: do not undefine _FILE_OFFSET_BITS for 64-bit platforms ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-x11 patterns-base-x11_enhanced - make kernel_livepatching pattern visible (bsc#1263084) - enable kernel livepatching for aarch64 in SLE16.1 and newer (jsc#PED-7906, bsc#1266306). ==== perl-XML-LibXML ==== Version update (2.0210 -> 2.0212) - Remove perl-XML-LibXML-fix-testsuite-with-libxml2-2.14.patch (fixed upstream) - updated to 2.0212 see /usr/share/doc/packages/perl-XML-LibXML/Changes 2.0212 2026-05-19 [BUG FIXES] - Ship POD files in the CPAN tarball. The per-class .pod files generated from docs/libxml.dbk were gitignored, and nothing in the dist chain was producing them, so recent tarballs shipped without POD. The .pod files are now tracked in git (bison-style), so `make dist` includes them via MANIFEST and the documentation reaches CPAN consumers again. Also eliminates the bootstrap problem of needing XML::LibXML installed to build XML::LibXML's docs, and silences the "kit incomplete" warning from `perl Makefile.PL` on a fresh checkout. [MAINTENANCE] - Add a `pod-drift` CI job that runs `make pod_docs` and fails on any diff, catching forgotten POD regenerations after edits to docs/libxml.dbk. - Move xmllibxmldocs.pl from example/ to scripts/. It is a maintenance tool that emits source files (POD), not a usage example of XML::LibXML; scripts/ already houses similar build/dev tooling. - Skip t/release-kwalitee.t outside a dist tarball. The Test::Kwalitee `has_meta_yml` check was failing under `make test` in author mode because META.yml is only generated by `make dist`. The test now skips cleanly when META.yml is absent and still runs the full 18-check suite under `make disttest` against the unpacked tarball. 2.0211 2026-05-19 [SECURITY / BUG FIXES] - Prevent out-of-bounds UTF-8 read in domParseChar by replacing it with libxml2's xmlValidateName. Truncated multi-byte sequences could cause heap reads past the NUL terminator across five DOM entry points (createElement, createAttribute, setNodeName, etc.). - GH #146, PR #149 CVE-2026-8177 bsc#1264715 - Enforce no_network even when a global externalEntityLoader is set. Previously XML_PARSE_NONET was silently ignored once a global callback was installed, enabling SSRF in multi-module applications that combine a third-party entity loader with no_network parsers. - GH #133, PR #143 - Prevent integer overflow in SAX CBuffer length tracking. Total character data exceeding INT_MAX (~2GB) overflowed the accumulator causing xmlMalloc to under-allocate and the subsequent memcpy to write past the buffer. - GH #135, PR #142 - Proper lifecycle management for externalEntityLoader: the global loader can now be cleared or replaced safely, the previous handler SV is no longer leaked, the returned value is a safe copy rather than the internal global SV, and per-parser ext_ent_handler state is separated from the global slot. - PR #138 - Add NULL checks after xmlMalloc returns in SAX CBuffer operations, converting OOM segfaults into catchable Perl exceptions. - GH #136, PR #140 - Add NULL check after xmlCopyNamespace in _domReconcileNs, matching the existing guard in _domReconcileNsAttr. - GH #137, PR #139 - Plug 11 memory leaks across XS/C code, including setBaseURI, URI/documentURI accessors, load_catalog, PSaxCharactersFlush, createAttributeNS, XPathContext::_find, _newForIO, _toStringC14N, lookupNamespacePrefix, _setNamespace, and the generic XPath extension function dispatcher. - GH #131, PR #132 - Handle Apple's local libxml2 patch where xmlSAX2ResolveEntity throws on a NULL URI, so t/13dtd.t no longer dies on macOS. - RT #2021, PR #102 - Skip t/50devel.t when mem_used() reports 0 bytes, which happens on Apple's libxml2 (system malloc bypasses the tracking wrappers). - RT #165193, PR #94 [IMPROVEMENTS] - Resolve Windows CI test failures and compiler warnings: use the file size (-s) for the byteConsumed test instead of a hardcoded 488 (CRLF inflates the file to 507 bytes), use Perl UV/PTR2UV in PmmRegistryName to avoid pointer truncation under Win64 LLP64, and use const xmlError* for xmlCtxtGetLastError to match the libxml2 2.12+ API. - PR #122 - Silence macOS build warnings cleanly by gating the libxml2 memory tracking API behind a HAVE_LIBXML_MEMORY_DEBUG feature macro. The deprecated calls are no longer compiled on systems where the API is gone (Apple SDK, libxml2 >= 2.14), mem_used is only exported when actually defined, and t/50devel.t skips with a clear reason. Also strip the bogus "-L/lib" entries Alien::Base::Wrapper injects into LDFLAGS on macOS. - PR #127 - Add a minimal hello-world HTML example (example/hello-world.pl) and add createInternalSubset("html", ...) to both HTML examples so they emit a proper declaration. - GH #66, PR #121 - Standardize XPath parameter naming to $xpath_expression throughout the DocBook source, matching the XML::LibXML::XPathExpression class name. - GH #64, PR #125 - Update outdated and dead references in README.md: point repository URLs at the canonical cpan-authors/XML-LibXML home, drop the defunct ActiveState mailing list, replace the long Windows nmake recipe with a Strawberry Perl note, refresh the macOS section, and bring the Package History up to date. ... changelog too long, skipping 54 lines ... references. ==== perl-XML-Parser ==== Version update (2.580.0 -> 2.590.0) - updated to 2.590.0 (2.59) see /usr/share/doc/packages/perl-XML-Parser/Changes 2.59 2026-05-20 (by Todd Rinaldo) Fixes: - PR #269 GH #268 Recognize blessed glob handles (e.g. IO::String) in Expat::parse. The input-detection logic already handled IO::Handle subclasses, unblessed GLOB refs, bare globs, and bareword filehandle names but missed blessed globs that don't inherit from IO::Handle (such as IO::String), silently stringifying them and feeding the stringification to ParseString. Add a Scalar::Util::reftype check so blessed GLOB references are treated like any other glob handle Maintenance: - Add IO::String to the cpanfile so CI exercises the blessed-glob-handle code path covered by PR #269 ==== plasma6-workspace ==== Subpackages: plasma6-session plasma6-session-x11 plasma6-workspace-libs sddm-qt6-branding-openSUSE - Add patch to fix expiration of notifications with Qt 6.11.1 (kde#520120): * 0001-libnotificationmanager-Return-something-of-the-corre.patch ==== poppler ==== Version update (26.02.0 -> 26.05.0) Subpackages: libpoppler-cpp3 libpoppler-glib8 poppler-tools - Update to version 26.05.0: + core: * Improve reconstruction of damaged files. Issue #1693 * PSOutputDev: Remove "pipe as filename" feature * PSOutputDev: Respect pre-existing PageSize policies. * Internal code improvements * Fix crashes in malformed documents + glib: Improve PopplerPage thread-safety + utils: * pdftotext: Add -remove-hyphens option * pdftotext: Do not abort on empty strings. + build system: Increase minimum required dependency versions to those of Ubuntu 24.04 - Changes from version 26.04.0: + core: * Splash: Improve knockout groups rendering. * Improve reconstruction of damaged files * Performance improvement in files with peculiar Form objects. * Fix memory leak if embedding png fails * Internal code improvements + qt5: Fix inverted continuation rect in performMultipleTextSearch + qt6: Fix inverted continuation rect in performMultipleTextSearch - Changes from version 26.03.0: + core: * Add compression support for stamp annotation images * NSS signature backend: Look for Firefox profiles also in XDG config directory * GPG signature backend: Fix marking of qualified keys * Simplify the form of some ink annotations * Speed improvements for some fixes * Internal code improvements + qt5: * Replace deprecated Qt::SystemLocaleDate * Fix wrong result bottom coordinate when searching across lines + qt6: Fix wrong result bottom coordinate when searching across lines + glib: Mark structure_element_iter_new as nullable + build system: Remove USE_FLOAT cmake option - Bump popper_sover to 160 following upstream changes. - Bump dependencies required versions in spec file to match versions in CMakeLists.txt ==== poppler-qt6 ==== Version update (26.02.0 -> 26.05.0) - Update to version 26.05.0: + core: * Improve reconstruction of damaged files. Issue #1693 * PSOutputDev: Remove "pipe as filename" feature * PSOutputDev: Respect pre-existing PageSize policies. * Internal code improvements * Fix crashes in malformed documents + glib: Improve PopplerPage thread-safety + utils: * pdftotext: Add -remove-hyphens option * pdftotext: Do not abort on empty strings. + build system: Increase minimum required dependency versions to those of Ubuntu 24.04 - Changes from version 26.04.0: + core: * Splash: Improve knockout groups rendering. * Improve reconstruction of damaged files * Performance improvement in files with peculiar Form objects. * Fix memory leak if embedding png fails * Internal code improvements + qt5: Fix inverted continuation rect in performMultipleTextSearch + qt6: Fix inverted continuation rect in performMultipleTextSearch - Changes from version 26.03.0: + core: * Add compression support for stamp annotation images * NSS signature backend: Look for Firefox profiles also in XDG config directory * GPG signature backend: Fix marking of qualified keys * Simplify the form of some ink annotations * Speed improvements for some fixes * Internal code improvements + qt5: * Replace deprecated Qt::SystemLocaleDate * Fix wrong result bottom coordinate when searching across lines + qt6: Fix wrong result bottom coordinate when searching across lines + glib: Mark structure_element_iter_new as nullable + build system: Remove USE_FLOAT cmake option - Bump popper_sover to 160 following upstream changes. - Bump dependencies required versions in spec file to match versions in CMakeLists.txt ==== postfix ==== Version update (3.11.2 -> 3.11.3) - update to 3.11.3 * Bitrot: builds with musl libc broke, because they were using an obsolete NO_SNPRINTF code path that had not been updated for Claude Code findings. * Two fixes for a signed integer overshift condition (a left shift into the sign bit). This "works" on contemporary CPUs, but may break in the future. One reported by Kamil Frankowicz, and one by Robert Sayre. * Viktor Dukhovni fixed an 'uninitialized value' error in the 'collate.pl' script. * Test code fixes by Viktor Dukhovni for a deprecation warning with OpenSSL 4.0, and for a race condition that caused a test script to fail. - AUDIT-0: postfix: move permissions from /etc to /usr/share/permissions (bsc#1264563) Apply proposed changes. ==== publicsuffix ==== Version update (20251001 -> 20260513) - Update to version 20260513: * add t3.storage.dev, t3.storageapi.dev for tigrisdata.com (#2818) * Remove nd.us subdomains (#2885) * Add Hostinger to public_suffix_list.dat (#2907) * Add *-zerops.zone (#2860) * Update README with important notice to use unaltered template for pr * Remove on.crisp.email (Crisp IM SAS) (#2896) * util: gTLD data autopull updates for 2026-04-30T16:18:08 UTC (#2888) * Fix grammar errors and typos (#2886) * Add Shanghai Oray domains to Private Domains (#2869) * Add deployagent.space and piebox.site (#2857) * Add atlassian-3p.com variants for untrusted content isolation (#2852) * Add fspages.org (#2866) * Add *.metaaiusercontent.com to Meta Platforms section (#2856) * Remove GOV.UK Platform as a Service entries (#2851) * Add claude.app to PRIVATE section (Anthropic) (#2815) * util: gTLD data autopull updates for 2026-04-15T16:04:01 UTC (#2855) * fix: outdated pr reference and small typo (#2844) * util: gTLD data autopull updates for 2026-04-10T15:53:10 UTC (#2845) * Add K2 Cloud domains to the PRIVATE section (#2838) * Add deployagent.com (#2830) * Add Northwest Nexus domains under private section (#2724) * Add vivenu shop domains to private section (#2796) * Remove PageXL entry from public_suffix_list.dat (#2842) * Fix typo in pull request template (#2839) * Add opentunnel.xyz to Public Suffix List (#2835) * Added sryze.cc to the list (#2777) * Add seprox.hooc.me (#2775) * add payload dev (#2824) * Add pplx.app (#2821) * Revise user count section in PR template * Add exe.xyz (#2810) * Add on.expo.app, staging.on.expo.app (#2790) * update *.triton.zone comment block, fix sorting for TritonDataCenter org (#2765) * removing mazeplay.com (#2797) * Add ms.show and ms.fun (#2791) * Add my.be to PRIVATE (#2792) * Cambodia (.kh): allow direct second-level registrations (#2740) * Add mybox shared domains to private section (#2774) * Add begetcdn.cloud (#2752) * Add drive-platform.com and drive-platform.io (#2788) * util: gTLD data autopull updates for 2026-02-18T15:51:43 UTC (#2786) * Added kdns.fr to the private section (#2755) * util: gTLD data autopull updates for 2026-02-15T15:24:49 UTC (#2776) * Add convex.cloud and convex.site regional domains (#2772) * Add Imagine domains to the list (#2762) * Add hue.vn to public suffix list for .vn ccTLD (#2756) * Add sandbox.deno.net (#2770) * -`.goo` util: gTLD data autopull updates for 2026-02-07T15:24:45 UTC (#2769) * add domains to Dynu.com section (#2750) * removing no longer in use joyent subdomain (#2757) * Fix sorting of MSFT section (#2763) * Add new public suffixes for US Government cloud Azure services (#2700) * remove 12chars block (#2760) * Add Keenetic KeenDNS domains (#2713) * util: gTLD data autopull updates for 2026-01-29T15:35:05 UTC (#2758) * Add crm.dev subdomains (#2734) * Add sol.site (#2746) * AWS Submissions to the Public Suffix List - Q4 2025 (#2656) * Add miren.app and miren.systems (#2749) * Add `corespeed.app` (#2743) * Add discourse.diy (#2748) * Add shiptoday to Public Suffix List (#2753) * Add spawnbase.app (#2742) * Add kiloapps.ai, kiloapps.io to PRIVATE section (#2701) * Add base44.app and base44-sandbox.com to Wix.com section (#2736) * Add eliv-api.kr (#2735) * util: gTLD data autopull updates for 2026-01-08T15:25:34 UTC (#2738) `.TOP` RO change * added *.bwcloud-os-instance.de (#2728) * Add deuxfleurs.eu and deuxfleurs.page (#2727) * Remove Authentick UG entry (#2692) * Remove skygearapp.com (#2691) * Remove TwoDNS entries (#2689) * Remove AVStack entries from public_suffix_list.dat (#2688) * Remove perso.sn (#2693) * Update contact information indevs.in (#2730) * FIXED #2619 / #2729 (#2732) * Add uk.cc, ec.cc, eu.cc, gu.cc, us.cc to PSL (#2645) * Add gv.uy to public suffix list (#2718) * Add ae.kg to Public Suffix List (#2711) * Add new public suffix entries for nett.to (#2722) * Add org.sk (#2720) * feat: add imagine domain to the list (#2714) * Update contact email for nyc.mn, add cn.st (#2675) * Add antagonist.cloud as a public suffix (#2585) * Update contact information for `forgeblocks.com` & `id.forgerock.io` (#2702) * Add int.apple and cloud infrastructure subdomains (#2699) * Add indevs.in to Public suffix list (#2709) * feat: add appwrite.network (#2710) * add sprites.app remove shw.io edgeapp.net (#2704) * Add magicpatterns.app and magicpatternsapp.com (#2698) * Remove platterp.us (#2695) * Remove storipress.app (#2694) * Remove en-root.fr (#2690) * Add hercules-dev.com hercules-app.com and onhercules.app to public_suffix_list.dat (#2619) * Add: ccwu.cc, cc.cd,us.ci, and update DNSHE entry (#2677) * Add sav.case to the Public Suffix List (#2624) * Adding co.scot, me.scot, and org.scot (#2683) * util: gTLD data autopull updates for 2025-12-06T15:17:26 UTC (#2686) ... changelog too long, skipping 44 lines ... * consolidate my projects into one section (#2616) ==== python-certifi ==== Version update (2026.2.25 -> 2026.4.22) Subpackages: python311-certifi python313-certifi - Add missing BR openssl for `/etc/ssl/ca-bundle.pem`. ==== python-psutil ==== Subpackages: python311-psutil python313-psutil - %check phase should run aside from %builddir to use extension from the main binary package (don't build during the %check phase). ==== python-requests ==== Version update (2.33.1 -> 2.34.2) Subpackages: python311-requests python313-requests - update to 2.34.2: * Moved `headers` input type back to `Mapping` to avoid invariance issues with `MutableMapping` and inferred dict types. Users calling `Request.headers.update()` may need to narrow typing in their code. * Widened `json` input type from `dict` and `list` to `Mapping` * and `Sequence`. * Changed `headers` input type to MutableMapping and removed `None` from `Request.headers` typing to improve handling for users. * `Response.reason` moved from `str | None` to `str` to improve handling for users. * Fixed a bug where some bodies with custom `__getattr__` implementations weren't being properly detected as Iterables. * Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue. * Digest Auth hashing algorithms have added `usedforsecurity=False` to clarify security considerations. * Requests added support for Python 3.15 based on beta1. * Requests added support for Python 3.14t. * ``Response.history`` no longer contains a reference to itself, preventing accidental looping when traversing the history list. * Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. * Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. ==== rsync ==== Version update (3.4.1 -> 3.4.3) - Fixed some warnings while building the rpm. - Added patches: - rsync-python-3.6-tests.patch: Small patch to support running tests on python 3.6+: - rsync-openat2-glibc-missing.patch: Small patch to build on kernels >= 5.6+ where openat2 is not defined in glibc. - Removed patches already upstream: - rsync-no-libattr.patch - rsync-CVE-2025-10158.patch - rsync-CVE-2026-41035.patch - rsync341-gcc15-bool.patch - Removed support for the unmaintained rsync-patches archive, which in turn removes support for SLP. These patches are not being shipped anymore. - Update to 3.4.3: - SECURITY FIXES: Six CVEs are fixed in this release. Three of the six (CVE-2026-29518, CVE-2026-43617, CVE-2026-43619) require non-default daemon configuration to reach: the first and third need use chroot = no for a module, the second needs daemon chroot = ... set in rsyncd.conf. Two (CVE-2026-43618, CVE-2026-43620) are reachable from a normal pull or a normal authenticated daemon connection. The sixth (CVE-2026-45232) is reachable only when RSYNC_PROXY is set and the proxy (or a MITM) returns a pathological response. Complete list of changes: https://download.samba.org/pub/rsync/NEWS#3.4.3 - CVE-2026-29518, bsc#1264511: Symlink-Race TOCTOU in Daemon (use chroot = no) TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot. An rsync daemon configured with "use chroot = no" was exposed to a time-of-check / time-of-use race on parent path components. - CVE-2026-43617, bsc#1264515: Authorization Bypass via Hostname Resolution Hostname/ACL bypass on an rsync daemon configured with daemon chroot = /X in rsyncd.conf when the chroot tree lacks DNS resolution support. The reverse-DNS lookup of the connecting client was performed after the daemon chroot had been entered; if /X did not contain the libc resolver fixtures (/etc/resolv.conf, /etc/nsswitch.conf, /etc/hosts, NSS service modules) the lookup failed and the connecting hostname was set to "UNKNOWN", causing hostname-based deny rules to silently fail open. IP-based ACLs are unaffected. The per-module use chroot setting is unrelated to this issue. The fix performs the lookup before entering the daemon chroot. - CVE-2026-43618, bsc#1264512: Integer Overflow Information Disclosure Integer overflow in the compressed-token decoder enabling remote memory disclosure to an authenticated daemon peer. Workaround for older releases: refuse options = compress in rsyncd.conf. - CVE-2026-43619, bsc#1264514: Symlink Race Condition via Path-Based Syscalls Symlink races on path-based system calls in "use chroot=no" daemon mode (generalisation of CVE-2026-29518). Earlier fixes for symlink races on the receiver's open() call missed the same race class on every other path-based system call: chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir and lstat. Default "use chroot = yes" is not exposed. - CVE-2026-43620, bsc#1264513: Out-of-Bounds Array Read via recv_files() Out-of-bounds read in the receiver's recv_files() enabling remote denial-of-service of any client pulling from a malicious server (incomplete fix of commit 797e17f). Workaround for older releases: --no-inc-recursive on the client. - CVE-2026-45232, bsc#1265296: Off-by-one stack OOB write in HTTP CONNECT proxy response parsing Off-by-one out-of-bounds stack write in the rsync client's HTTP CONNECT proxy handler (establish_proxy_connection() in socket.c). The fix detects the "buffer filled without finding \n" case explicitly by position and refuses the response with "proxy response line too long". - In addition to the six CVE fixes, this release adds defence-in-depth hardening on several adjacent paths. - BUG FIXES: - Fixed a regression introduced by the 3.4.0 secure_relative_open(). - Complete list of fixes in version 3.4.2: - https://download.samba.org/pub/rsync/NEWS#3.4.2 ==== ruby4.0 ==== Version update (4.0.4 -> 4.0.5) Subpackages: libruby4_0-4_0 - Update to 4.0.5 (boo#1265890 boo#1265891) - CVE-2026-46727: Use-after-free in pthread-based getaddrinfo timeout handler - Bug #22065: make rdoc fails with invalid byte sequence in US-ASCII on Ruby 4.0.4 under C locale - Ruby - Ruby Issue Tracking System ==== selinux-policy ==== Version update (20260508 -> 20260522) Subpackages: selinux-policy-targeted - Update to version 20260522: * Fix build by switching to corecmd_exec_bin_noattr() * Split using dirsrv_ and dirsrvadmin_ interfaces into separate blocks * Allow virtqemud execute kmod in the kmod domain * Allow qatlib map kernel modules * Allow sys_resource on execution of generic executables conditionally * Label bootloader-migrate-generator with coreos_bootloader_migrate_generator_exec_t * Label /run/coreos with coreos_installer_var_run_t * Add systemd_create_generator_unit_file() and systemd_write_generator_unit_file() * Allow virtnwfilterd_t r/w on packet_socket (bsc#1264273) * Update fstools swap interfaces with dir search * Allow go-fdo-server to read system information * Change README to openSUSE specific README * Add missing fc rule for org.gnome.DisplayManager (bsc#1264182) * config: make /etc/systemd/user same as /usr/lib/systemd/user * Do not audit iptables attempts to read other process state * Policy for go-fdo-server * Allow setroubleshoot_fixit_t to touch /.autorelabel and reboot * Allow init nnp domain transition do dirsrv_t and dirsrv_snmp_t * Allow NetworkManager_dispatcher_nvme_t check status of systemd services * Allow iptables_t read state of some processes * Label /dev/HID-SENSOR-.* with hid_sensor_device_t - Syncing with upstream rawhide selinux-policy up to: * 190ed3591e0004c395409dd62acea41c8a684fc1 - Update embedded container-selinux version to commit: * e659fc8858d2e34781cc1640ac1658ba484cb3f5 (v2.248.0) ==== shim-leap ==== - Modified the pretrans Lua script to work around the broken DB issue caused by buggy firmware when Secure Boot is disabled. It is impossible for the db to be empty while Secure Boot is enabled. If the db is empty, the installation behavior will be treated the same as when Secure Boot is disabled. We allow the shim installation process to continue and display a message reminding the user to add the appropriate certificate. (bsc#1259096) ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-boot systemd-container udev - Add a weak runtime dependency on libtss2-tcti-device0 to udev (bsc#1260357 bsc#1264224) - systemd.spec: drop deprecated meson options 'libidn' and 'libiptc' Remove -Dlibidn and -Dlibiptc from meson options as both have been fully deprecated by upstream and will be removed in a future release. The libidn library support was completely dropped in commit 429cbac508 and has been replaced by libidn2. OTOH, systemd-networkd and systemd-nspawn no longer support creating NAT rules via iptables/libiptc APIs; only nftables is now supported (see commit c3c42b30dd). - Import commit 1e45daa2fb423eb95ad00dcc389e03cfea8f86dc 1e45daa2fb vconsole-setup: skip setfont(8) when the console driver lacks font support (bsc#1212970) - Import commit 571d61da82f2654afacf52c620ceec3fbf220f6b 571d61da82 cryptsetup: avoid a segfault when a keyfile is passed along with a TPM device (bsc#1263117) 4e16626c0e mkosi: user and group bin needed for a test e5f2b85204 TEST-24-CRYPTSETUP: Use virtio-blk-pci 9bac241fc1 TEST-64-UDEV-STORAGE: Add missing scsi controllers 8581b451ed Revert "mkosi: Mark minimal images as Incremental=relaxed" 5a53f0c965 mkosi-tool/opensuse: add libtss2-tcti-device0 package - systemd.spec: drop ancient Obsoletes for pm-utils, suspend and systemd-analyze that predate 2020. ==== texlive ==== - Add perl(Parse::RecDescent) to perl-biber requirements (boo#1265577) ==== thin-provisioning-tools ==== Version update (1.2.1 -> 1.3.2) - Update to version 1.3.2: * Bump version to 1.3.2 * [doc] Update CHANGES * [thin_repair] Prevent out-of-bounds access from corrupted btree pointers * [thin_repair] Use saturating arithmetic to avoid integer overflow * [build] Update ratatui to address RUSTSEC-2026-0002 * [build] Bump rand to address RUSTSEC-2026-0097 * Bump version to 1.3.1 * [doc] Update CHANGES * [build] Update dependencies to latest patch releases * [space_map] Optimize zero-filling loops in Aggregator region lookup * [tests] Fix device name in the preparation script * [tests] Add tests for thin_ls mapped block counts * [tests] Update documentation for test files * [thin_ls] Optimize second pass by skipping unnecessary key parsing * [thin_ls] Read exclusive leaves multithreaded * [thin_ls] Read leaf nodes multithreaded * [thin_ls] Read internal nodes multithreaded * [thin_ls] Switch to Aggregator for upcoming parallelization * [utils] Add mutable accessor to HashVec * [space_map] Add specialized Aggregator that counts up to two * [space_map] Make Region type configurable via generics * [space_map] Relocate misplaced code documentation * [thin_ls] Print memory usage for performance analysis * [utils] Factor out memory profiling functions * [space_map] Factor out repair_space_map * Bump version to 1.3.0 * [doc] Update CHANGES * [build] Update dependencies to latest patch releases * [pdata] Avoid unnecessary error object construction * [btree] Factor out get_depth method * [btree_walker] Remove multithreaded read_nodes and use references * [thin_check] Handle data mappings outside the space map boundary * [btree_walker] Handle metadata blocks outside the space map boundary * [thin_check] Remove unused error logging * [space_map] Add comments to space_map/aggregator_load.rs * [space_map] Prevent panics from out-of-bounds access in Aggregator * [thin_check] Display number of free blocks using saturating arithmetic * [thin_check] Handle incomplete metadata dump * [thin_check] Do not read space maps while checking the metadata snap * [thin_check] Refactor space map comparison * [thin_explore] Migrate from tui to ratatui * [thin_check] Improve error messages by visiting the mapping tree first * Bump version to 1.3.0-rc.1 * [io_engine] Improve partial read handling in VectoredBlockIo * [io_engine] Pass down the error from IoEngine to the handler * [thin_check] Fix error when no devices are present * [all] Avoid manual implementation of .is_multiple_of() on unsigned types * [io_engine] Handle out of bounds reads in VectoredBlockIo * [space_map] Handle errors in reading bitmap blocks * [thin_check] Handle errors in reading mapping tree leaves * [thin_check] Replace Arc::try_unwrap() by into_inner() * [thin_check] Log additional memory usage info * [space_map] Implement get_nr_allocated() for Aggregator * [io_engine] Implement read_blocks for SyncIoEngine * [utils] Add AdjacentChunks to produce fixed-length consecutive runs * [aggregator] Avoid copying block numbers and cloning iterator items * [thin_check] Re-enable NEEDS_CHECK flag clearing * [thin_check] Repair space map leaks * [thin_check] Enable metadata space map checking in terms of Aggregator * [btree_walker] Introduce layer-based btree walker * [btree_walker] Expose the ValueCollector for building maps from Handlers * [btree] Decouple node check and unpack functions from the io Block * [space_map] Batch update the aggregator while loading the ref counts * [thin_check] Read and compare space maps * [utils] Add spawn_future() for concurrent execution * [space_map] Support loading data/metadata space maps into Aggregators * [btree] Derive Copy trait for NodeError * [thin_check] Use threads to speed up read_internal_nodes() * [thin_check] Rewrite read_internal_nodes() to use streaming read * [thin_check] Speed up summarize_tree * [thin_check] Improve performance of reading leaf nodes * [utils] Introduce RangedBitsetIter to iterate a specific range of bits * [space_map] Introduce Aggregator type * [space_map] Split SpaceMap trait into RefCount and SpaceMap * [io_engine] Implement AsyncIoEngine::read_blocks() for streaming read * [io_engine] Add BufferPool * [io_engine] Rewrite AsyncIoEngine to use tokio IoUring * [io_engine] Introduce io_engine/ring_pool.rs * [io_engine] Add documentation to io_engine/gaps.rs * [io_engine] Add some documentation to io_engine/utils.rs * [io_engine] Remove suggest_nr_threads() from IoEngine * [thin_check] Add get_memory_usage() * [pdata] A couple of trivial performance tweaks to unpacking a btree node * Bump version to 1.2.2 * [doc] Update CHANGES * [build] Update dependencies to latest patch releases * [build] Update dependencies' major/minor versions without code changes * [tests] Add era_invalidate --metadata-snapshot tests * [era_invalidate] Fix missing flag setting for --metadata-snapshot ==== tmux ==== Version update (3.6a -> 3.6b) - tmux 3.6b: * Remove images from the correct list when they are removed while in the alternate screen. ==== which ==== Version update (2.23 -> 2.25) - Update to 2.25: * Fix an out of bounds stack read ==== xdp-tools ==== - Remove redundant build environment * Since 1.5.4, upstream builds BPF objects directly with clang instead of LLC * Drop LLC from the xdp-tools build environment ==== xfce4-screenshooter ==== Subpackages: xfce4-screenshooter-lang xfce4-screenshooter-plugin - Rewrite wayland conditionals as bcond_with/bcond_without - Properly disable Wayland support in SLE15 ==== yast2-security ==== Version update (5.0.5 -> 5.0.6) - Change minimum UID from 500 to 1000 (bsc#1262458).