Packages changed: AppStream MozillaFirefox bolt (0.9.8 -> 0.9.9) clamav container-selinux (2.237.0 -> 2.238.0) gnome-desktop (44.1 -> 44.3) gnome-software (48.1 -> 48.2) gpg2 (2.5.6 -> 2.5.7) ibus-libpinyin (1.16.1 -> 1.16.3) iproute2 (6.14 -> 6.15) iputils (20240905 -> 20250602) less libp11 (0.4.13 -> 0.4.14) libpinyin (2.10.1 -> 2.10.2) libssh libstorage-ng (4.5.257 -> 4.5.258) libunwind libupnp (1.14.20 -> 1.14.22) libzmf libzypp (17.37.2 -> 17.37.3) ncurses (6.5.20250524 -> 6.5.20250531) ntfs-3g_ntfsprogs openSUSE-build-key openSUSE-release (20250602 -> 20250604) openblas_openmp openblas_pthreads perl-Crypt-OpenSSL-RSA (0.33 -> 0.350.0) perl-IO-HTML (1.004 -> 1.4.0) perl-IO-Socket-SSL (2.89.0 -> 2.90.0) perl-Net-Patricia (1.22 -> 1.230.0) polkit-default-privs (1550+20250514.1208790 -> 1550+20250603.5d84a17) postfix protobuf-c (1.5.1 -> 1.5.2) salt sdbootutil (1+git20250505.f4890e9 -> 1+git20250529.307d6ff) systemd (257.5 -> 257.6) wpa_supplicant xfce4-genmon-plugin (4.2.1 -> 4.3.0) yast2-trans (84.87.20250525.2f65251268 -> 84.87.20250601.6e39b4d951) === Details === ==== AppStream ==== Subpackages: AppStream-lang libAppStreamQt3 libappstream5 - Make qt6 the default qt flavor and qt5 the flavor built separately and disable the qt5 flavor in SLE16 where we don't want to have Qt5 libraries. ==== MozillaFirefox ==== Subpackages: MozillaFirefox-branding-upstream MozillaFirefox-translations-common - Fix %{progdir}/crashhelper packaging ==== bolt ==== Version update (0.9.8 -> 0.9.9) - update to 0.9.9: * Several CI improvements and fixes * Fixed memory leak in boltctl * The unused codes were removed from daemon * Fixed a NULL syspath variable causes SIGSEGV ==== clamav ==== Subpackages: libclamav12 libclammspack0 libfreshclam3 - bsc#1243565: Add clamav-freshclam_test.patch to fix a race condition between the mockup servers started by different test cases in freshclam_test.py. ==== container-selinux ==== Version update (2.237.0 -> 2.238.0) - Update to version 2.238.0: * label /run/sysctl.d correctly on creation ==== gnome-desktop ==== Version update (44.1 -> 44.3) Subpackages: gnome-desktop-lang libgnome-desktop-3-20 libgnome-desktop-3_0-common libgnome-desktop-4-2 typelib-1_0-GnomeBG-4_0 typelib-1_0-GnomeDesktop-4_0 - Update to version 44.3: + Stop using ratio character for time in the wall-clock. + Fix variable initialization. + Only parse XML files as slideshows. + Updated translations. ==== gnome-software ==== Version update (48.1 -> 48.2) Subpackages: gnome-software-lang gnome-software-plugin-packagekit - Update to version 48.2: + Improve memory fragmentation after checking for updates. + Updated translations. ==== gpg2 ==== Version update (2.5.6 -> 2.5.7) Subpackages: dirmngr gpg2-lang - Update to 2.5.7: * gpg: Allow updating a SHA-1 key certification w/o using the --force-sign-key option. [T7663] * gpg: The group key flag has now been fully implemented. [rG8833a34bf0] * gpg: Make combination of show-only-fpr-mbox and show-unusable-uid work. [rGd5a4a2dc89] * gpg: Do not allow compressed key packets on import. [T7014] * gpgsm: Allow an empty subject DN also during import. [T7171] * agent: Recover the old behavior with max-cache-ttl=0. [T6681] * agent: Fix ECC key on smartcard for composite KEM with PQC. [T7648] * scd: Fix a harmless read buffer over-read in a function used by PKCS#15 cards. [T7662] * gpg-mail-tube,wks: Support templates for mail content. [T7381] * Use the KEM interface of Libgcrypt for encryption/decryption. [T7649] - Remove patches: * gnupg-agent-Recover-the-old-behavior-with-max-cache-ttl-0.patch * gnupg-dirmngr-Don-t-install-expired-sks-certificate.patch - Update gpg2.keyring ==== ibus-libpinyin ==== Version update (1.16.1 -> 1.16.3) - Update to version 1.16.3: * fix cloud input ==== iproute2 ==== Version update (6.14 -> 6.15) Subpackages: iproute2-bash-completion - Update to release 6.15 * tc_util: Add support for 64-bit hardware packets counter * iprule: Allow specifying ports in hexadecimal notation * iprule: Add port mask support * iprule: Add DSCP mask support ==== iputils ==== Version update (20240905 -> 20250602) - Update to version 20250602 Security release, fixes CVE-2025-47268 and CVE-2025-48964. https://github.com/iputils/iputils/releases/tag/20250602 - Remove html man page (required to avoid a build failure) - Remove patches from this release (iputils-CVE-2025-47268.patch, 0001-Fix-ping-man-page-syntax-error.patch) - Fix bsc#1243284 - ping on s390x prints invalid ttl * Add iputils-invalid-ttl-s390x.patch * Fix ipv4 ttl value when using SOCK_DGRAM on big endian systems ==== less ==== - Extend detection and preview for "Java archive data" (eg. .jar), "Android package" (eg. .apk) and "ASCII cpio archive" (eg. .obscpio) in lessopen.sh - Fix rpm preprocessing: Remove escaped quotes from $TMPF_pre in lessopen.sh ==== libp11 ==== Version update (0.4.13 -> 0.4.14) - Update to 0.4.14: * Added the "pkcs11prov" provider for OpenSSL 3.x (Małgorzata Olszówka) * Added generic keypair generation interface and engine ctrl command (Rafael Junio da Cruz) * Added static engine support (Lucas Mülling) * Added PKCS11_FORCE_CLEANUP env variable to force cleanup on exit and stop memory leaks with certain PKCS#11 modules (Małgorzata Olszówka) * Fixed a number of resource leaks (Małgorzata Olszówka, Hazem Zaghloul, Michał Trojnara) * Fixed C_OpenSession error handling (Rafael Junio da Cruz) * Fixed handling of uninitialized tokens (Michał Trojnara) * Removed support for OpenSSL older than 1.0.2 (Michał Trojnara) - Create new subpackage openssl-provider-libp11 - Removed patch fix-wrong-non-static-lib.patch ==== libpinyin ==== Version update (2.10.1 -> 2.10.2) Subpackages: libpinyin-data libpinyin15 libzhuyin15 - Update to version 2.10.2: * fix memory leaks ==== libssh ==== Subpackages: libssh-config libssh4 - Fix hang in torture_session test (bsc#1243799) * Add patch libssh-tests-Fix-an-issue-where-torture_session-request-a-SIGTERM-too-early.patch ==== libstorage-ng ==== Version update (4.5.257 -> 4.5.258) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - Translated using Weblate (Kabyle) (bsc#1149754) - 4.5.258 ==== libunwind ==== - 0001-Fix-unw_is_signal_frame-for-RISC-V.patch: Fix unw_is_signal_frame for RISC-V ==== libupnp ==== Version update (1.14.20 -> 1.14.22) Subpackages: libixml11 libupnp17 - Update to release 1.4.22 * Resolve FTBFS on musl - Update to release 1.4.21 * IXML fuzzer fixes * Bind SSDP UDP response to port 1900 ==== libzmf ==== - Removed patch: * 0001-automake-Conditional-installation-of-PNG-and-JS-file.patch + Replaced by better solution - Added patch: * 0001-Install-all-files-generated-by-doxygen.patch + Install all doxygen-generated files regardless of their file type. This makes the doxygen installation more robust and less dependent on doxygen internals. - Modified patch: * 0001-automake-Conditional-installation-of-PNG-and-JS-file.patch + test -f cannot be used with wildcards, since they are expanded - Call autoreconf because configure script uses hardcoded automake-1.15 - for compilation with Doxygen 1.14 add patch 0001-automake-Conditional-installation-of-PNG-and-JS-file.patch ==== libzypp ==== Version update (17.37.2 -> 17.37.3) - Do not warn about no mirrors if mirrorlist was switched on automatically. (bsc#1243901) - Relax permission of cached packages to 0644 & ~umask (bsc#1243887) - version 17.37.3 (35) ==== ncurses ==== Version update (6.5.20250524 -> 6.5.20250531) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20250531 + improve logic in misc/run_tic.in for constructing symbolic link when $DESTDIR is set. ==== ntfs-3g_ntfsprogs ==== Subpackages: libntfs-3g89 ntfs-3g ntfsprogs - Migrate away from update-alternatives (bsc#1240095). - Upon installation of the newer packages, the old alternatives are purged from the system. ==== openSUSE-build-key ==== - added gpg-pubkey-287a0027-682477e3.asc: New RSA 4k Backports for SLE 16.x series. ==== openSUSE-release ==== Version update (20250602 -> 20250604) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== openblas_openmp ==== - For SLES16 target POWER9 instead of POWER8 which fixes the issue with the reported sgemm testsuite fails. [bsc#1239545] ==== openblas_pthreads ==== - For SLES16 target POWER9 instead of POWER8 which fixes the issue with the reported sgemm testsuite fails. [bsc#1239545] ==== perl-Crypt-OpenSSL-RSA ==== Version update (0.33 -> 0.350.0) - updated to 0.350.0 (0.35) see /usr/share/doc/packages/perl-Crypt-OpenSSL-RSA/Changes 0.35 May 7 2025 - Disable PKCS#1 v1.5 padding. It's not practical to mitigate marvin attacks so we will instead disable this and require alternatives to address the issue. - Resolves #42 - CVE-2024-2467. 0.34 May 5 2025 - Production release. 0.34_03 May 4 2025 - Fix bug in rsa_crypt. Need to pass NULL 0.34_02 May 4 2025 - t/rsa.t needs to tolerate sha1 being disabled on rhel. 0.34_01 May 3 2025 - docs - plaintext = decrypt(cyphertext) - #44 - Fix issue when libz is not linked on AIX - #50 - Correct openssl version may not be found - #52 - Out of memory on openssl 1.1.1w hpux - #47 - Update FSF address and LGPL name in LICENSE - #55 - stop using AutoLoader - #48 - Whirlpool is missing the header - Move github repo to cpan-authors - Fully support openSSL 3.x API ==== perl-IO-HTML ==== Version update (1.004 -> 1.4.0) - Normalize CPAN version See https://github.com/openSUSE/cpanspec/issues/47 for details ==== perl-IO-Socket-SSL ==== Version update (2.89.0 -> 2.90.0) - updated to 2.90.0 (2.090) see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes 2.090 2025/06/03 - fix OCSP live test after Let's Encrypt has disabled OCSP support #169 - public_suffix now preserves trailing dot #167 ==== perl-Net-Patricia ==== Version update (1.22 -> 1.230.0) - Remove no-libnsl.diff, fixed upstream https://rt.cpan.org/Ticket/Display.html?id=124088 Add cpanspec.yml used by cpanspec to autogenerate the spec - updated to 1.230.0 (1.23) see /usr/share/doc/packages/perl-Net-Patricia/Changes ==== polkit-default-privs ==== Version update (1550+20250514.1208790 -> 1550+20250603.5d84a17) - Update to version 1550+20250603.5d84a17: * profiles: add ModemManager CellBroadcast action (bsc#1243684) ==== postfix ==== - Fix place of pam file - [Build 20250527] postfix mail delivery fails (bsc#1243886) - move /var/spool/mail/ to separate package (bsc#1179574) Revert last bad change - Adapt rpmlint ==== protobuf-c ==== Version update (1.5.1 -> 1.5.2) - Update to release 1.5.2 * Chase compatibility issues with Google protobuf 30.0-rc1 * protoc-gen-c: Explicitly construct strings where needed for protobuf 30.x ==== salt ==== Subpackages: python311-salt salt-master salt-minion - Fix Ubuntu 24.04 edge-case test failures - Added: * fix-ubuntu-24.04-specific-failures-716.patch ==== sdbootutil ==== Version update (1+git20250505.f4890e9 -> 1+git20250529.307d6ff) Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper - Update to version 1+git20250529.307d6ff: * Remove noarch for main package * Copy measure-pcr-prediction if missing in ESP * Compile and install uhmac * Use uhmac instead of openssl for HMAC * uhmac: add Rust tool for HMAC * Re-enable riscv64 arch * Support non-secure boot installations * Rework removable media detection * jeos-firstboot-enroll: fix typo in msgbox * Measure GPT of the disk with ESP, not the disk with root * jeos-firstboot-enroll: show final error message ==== systemd ==== Version update (257.5 -> 257.6) Subpackages: libsystemd0 libsystemd0-32bit libudev1 systemd-32bit systemd-boot systemd-container systemd-experimental systemd-lang udev - Import commit c929295b4c1fb3cd6b9963bc7588fbc3e597ab86 (merge of v257.6) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/8e9840a2897e36ae3f926f8d10a2b0d7e4102c67...c929295b4c1fb3cd6b9963bc7588fbc3e597ab86 ==== wpa_supplicant ==== - Update build config: * Disable support for Wired equivalent privacy (WEP) * Enable 802.11r-2008 (Fast BSS Transition) * Enable 802.11ax support - Build wpa_gui with qt6 instead of qt5 - Add patch from hostap upstream to port wpa_gui to use qt6: * 0001-wpa_gui-Port-to-Qt6.patch ==== xfce4-genmon-plugin ==== Version update (4.2.1 -> 4.3.0) Subpackages: xfce4-genmon-plugin-lang ==== yast2-trans ==== Version update (84.87.20250525.2f65251268 -> 84.87.20250601.6e39b4d951) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20250601.6e39b4d951: * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Kabyle) * Added translation using Weblate (Kabyle) * Translated using Weblate (Ukrainian) * Translated using Weblate (Russian) * Translated using Weblate (Kabyle) * Translated using Weblate (Kabyle) * Added translation using Weblate (Kabyle) * Translated using Weblate (Kabyle) * Added translation using Weblate (Kabyle) * Translated using Weblate (Kabyle) * Added translation using Weblate (Kabyle) * Translated using Weblate (Kabyle) * Added translation using Weblate (Kabyle) * Translated using Weblate (Ukrainian) * Translated using Weblate (Slovak) * Translated using Weblate (Russian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Catalan) * Translated using Weblate (Kabyle) * Translated using Weblate (Spanish) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian)