Packages changed: AppStream (1.0.6 -> 1.1.0) MicroOS-release (20250925 -> 20250929) cockpit coreutils coreutils-systemd gdk-pixbuf ghostscript (10.05.1 -> 10.06.0) glycin-loaders (2.0.0 -> 2.0.2) kernel-source (6.16.8 -> 6.16.9) kpipewire6 libglycin (2.0.0 -> 2.0.2) libupnp (1.14.24 -> 1.14.25) llvm21 (21.1.1 -> 21.1.2) openSUSE-build-key plasma-branding-Kalpa (20250624 -> 20250926) plasma6-workspace podman (5.6.0 -> 5.6.1) python-psutil (7.0.0 -> 7.1.0) qt6-webengine selinux-policy (20250909 -> 20250926) setools shaderc spice-vdagent taglib (2.1 -> 2.1.1) xwayland === Details === ==== AppStream ==== Version update (1.0.6 -> 1.1.0) Subpackages: libAppStreamQt3 libappstream5 - Drop the nobwrap.helper again: glycin 2.0.1 found a solution to avoid the bwrap when run inside CIs/BuildEnvironments. As such, we can run the test suite without the nobwrap.wrapper again. - Update to 1.1.0 * Port YAML parsing to libfyaml * Port YAML emission to libfyaml * compose: Port to libfyaml * yaml: Reduce string copies when comparing main keys, compare lengths first * yaml: Reduce copies when filling locale tables and string list * compose: Add support for JPEG-XL * compose: Make the AscImage API more generic * compose: Seal away all GdkPixbuf and AscCanvas references from public API * validator: Fix possible double dereference of the same issue instance * tests: Pass tests with older versions of libfyaml * Fix a few double-free issues in error conditions * compose: Fix possible race condition when fetching pangrams * compose: Draw better background shapes and center text properly for font icons * parser: Guard against "tag" elements with NULL values * yaml: Allow duplicate keys when parsing data (speeds up parsing dramatically) * cache: Fix potential use-after-free issue when counting components ==== MicroOS-release ==== Version update (20250925 -> 20250929) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== cockpit ==== Subpackages: cockpit-bridge cockpit-networkmanager cockpit-packagekit cockpit-system cockpit-ws cockpit-ws-selinux - add requirement on python3-pcp if pcp is installed bsc#1239759 ==== coreutils ==== - coreutils-9.8-tail-large-num-of-files.patch: Add upstream patch: https://cgit.git.sv.gnu.org/cgit/coreutils.git/commit/?id=914972e80dbf82aac9ffe tail: fix tailing larger number of lines in regular files [rh#2398008] ==== coreutils-systemd ==== - coreutils-9.8-tail-large-num-of-files.patch: Add upstream patch: https://cgit.git.sv.gnu.org/cgit/coreutils.git/commit/?id=914972e80dbf82aac9ffe tail: fix tailing larger number of lines in regular files [rh#2398008] ==== gdk-pixbuf ==== Subpackages: gdk-pixbuf-query-loaders libgdk_pixbuf-2_0-0 typelib-1_0-GdkPixbuf-2_0 - Enable 'other' loaders, which includes ani, bmp, ico, pnm and xpm (boo#1250583) ==== ghostscript ==== Version update (10.05.1 -> 10.06.0) - Version upgrade to 10.06.0 See 'Recent Changes in Ghostscript' at Ghostscript upstream https://ghostscript.readthedocs.io/en/gs10.06.0/News.html * This release addresses CVEs: TBC * The 10.06.0 removes the non-standard operator "selectdevice" (cf. the entry below dated Tue Apr 1 09:56:06 UTC 2025) - ghostscript-10.06.0-Fix_32-bit_build.patch is the upstream commit https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/patch/?id=3c0be6e4fcffa63e4a5a1b0aec057cebc4d2562f to fix https://bugs.ghostscript.com/show_bug.cgi?id=708824 "ghostscript 10.06.0 compilation failure on 32-bit archs" - Switch over to libalternatives for ghostscript to provide a gs variant (bsc#1245896) ==== glycin-loaders ==== Version update (2.0.0 -> 2.0.2) - Update to version 2.0.2: This release contains the following new component versions: - glycin-heif 2.0.2 - glycin-jpeg2000 2.0.2 - glycin-jxl 2.0.2 - glycin-raw 2.0.2 - glycin-svg 2.0.2 - glycin-utils 4.0.2 - Loaders in 2.0.1 required specifying the loop_animation field explicitly, making it incompatible with previous glycin/libglycin versions. The loop_animation is no assumed to be false when not present, as originally intended. - Update to version 2.0.1: This release contains the following new component versions: - glycin-image-rs 2.0.1 - glycin-utils 4.0.1 - glycin 3.0.1 - libglycin 2.0.1 - libglycin-gtk4 2.0.1 - glycin/libglycin: Add API to disable animation looping. - glycin/sandbox: Detect if bwrap can't be used due to syscalls being blocked. This is an indication of running in an already sandboxed environment like libgnome-desktop thumbnailer or a CI. In this case we fall back to unsandboxed mode. - Close all unused FDs in fork. Before we were sharing all FDs that don't have CLOEXEC set. In Rust that's usually not a problem because that's set by default. But when used by C in libglycin this is much more unclear. This is an attempt at fixing Firefox issues. - There was no timeout spawned that would ensure that unused loaders are killed after they have been unused for the specified maximum retention time. - glycin/sandobx: Canonicalize fontconfig paths before passing to - -ro-bind-try as source because wrap fails on symlinks otherwise. - glycin: u16_to_u8 testcase on big endian machines - heif: Overwrite matrix coefficients (YCbCr) in CICP since currently RGB is forced and GSK gl and cairo don't support YCbCr. This fixes wrong colors in HEIC and AVIF images. ==== kernel-source ==== Version update (6.16.8 -> 6.16.9) - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (git-fixes). - commit 8d37b5f - Linux 6.16.9 (bsc#1012628). - cgroup: split cgroup_destroy_wq into 3 workqueues (bsc#1012628). - btrfs: fix invalid extref key setup when replaying dentry (bsc#1012628). - btrfs: zoned: fix incorrect ASSERT in btrfs_zoned_reserve_data_reloc_bg() (bsc#1012628). - perf maps: Ensure kmap is set up for all inserts (bsc#1012628). - wifi: wilc1000: avoid buffer overflow in WID string configuration (bsc#1012628). - nvme: fix PI insert on write (bsc#1012628). - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (bsc#1012628). - wifi: mt76: do not add non-sta wcid entries to the poll list (bsc#1012628). - wifi: mac80211: increase scan_ies_len for S1G (bsc#1012628). - wifi: mac80211: fix incorrect type for ret (bsc#1012628). - pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch (bsc#1012628). - smb: server: let smb_direct_writev() respect SMB_DIRECT_MAX_SEND_SGES (bsc#1012628). - um: virtio_uml: Fix use-after-free after put_device in probe (bsc#1012628). - um: Fix FD copy size in os_rcv_fd_msg() (bsc#1012628). - net/mlx5: Not returning mlx5_link_info table when speed is unknown (bsc#1012628). - dpaa2-switch: fix buffer pool seeding for control traffic (bsc#1012628). - net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR (bsc#1012628). - dpll: fix clock quality level reporting (bsc#1012628). - rxrpc: Fix unhandled errors in rxgk_verify_packet_integrity() (bsc#1012628). - rxrpc: Fix untrusted unsigned subtract (bsc#1012628). - octeon_ep: Validate the VF ID (bsc#1012628). - qed: Don't collect too many protection override GRC elements (bsc#1012628). - net: dst_metadata: fix IP_DF bit not extracted from tunnel headers (bsc#1012628). - bonding: set random address only when slaves already exist (bsc#1012628). - mptcp: set remote_deny_join_id0 on SYN recv (bsc#1012628). - selftests: mptcp: userspace pm: validate deny-join-id0 flag (bsc#1012628). - mptcp: tfo: record 'deny join id0' info (bsc#1012628). - selftests: mptcp: sockopt: fix error messages (bsc#1012628). - net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure (bsc#1012628). - ice: fix Rx page leak on multi-buffer frames (bsc#1012628). - i40e: remove redundant memory barrier when cleaning Tx descs (bsc#1012628). - ixgbe: initialize aci.lock before it's used (bsc#1012628). - ixgbe: destroy aci.lock later within ixgbe_remove path (bsc#1012628). - igc: don't fail igc_probe() on LED setup error (bsc#1012628). - doc/netlink: Fix typos in operation attributes (bsc#1012628). - net/mlx5e: Harden uplink netdev access against device unbind (bsc#1012628). - net/mlx5e: Add a miss level for ipsec crypto offload (bsc#1012628). - bonding: don't set oif to bond dev when getting NS target destination (bsc#1012628). - octeon_ep: fix VF MAC address lifecycle handling (bsc#1012628). - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1012628). - tls: make sure to abort the stream if headers are bogus (bsc#1012628). - Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" (bsc#1012628). - net: clear sk->sk_ino in sk_set_socket(sk, NULL) (bsc#1012628). - net: liquidio: fix overflow in octeon_init_instr_queue() (bsc#1012628). - cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1012628). - octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() (bsc#1012628). - ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer (bsc#1012628). - ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size (bsc#1012628). - zram: fix slot write race condition (bsc#1012628). - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (bsc#1012628). - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1012628). - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (bsc#1012628). - power: supply: bq27xxx: restrict no-battery detection to bq27000 (bsc#1012628). - Revert "sched_ext: Skip per-CPU tasks in scx_bpf_reenqueue_local()" (bsc#1012628). - btrfs: initialize inode::file_extent_tree after i_mode has been set (bsc#1012628). - dm-raid: don't set io_min and io_opt for raid1 (bsc#1012628). - dm-stripe: fix a possible integer overflow (bsc#1012628). - mm/gup: check ref_count instead of lru before migration (bsc#1012628). - mm: revert "mm/gup: clear the LRU flag of a page before adding ... changelog too long, skipping 229 lines ... - commit 7c002da ==== kpipewire6 ==== Subpackages: kpipewire6-imports libKPipeWire6 libKPipeWireDmaBuf6 libKPipeWireRecord6 - Add 0001-Fix-build-with-ffmpeg-8.0.patch: Fix build with ffmpeg 8.0 (boo#1249045). ==== libglycin ==== Version update (2.0.0 -> 2.0.2) - Update to version 2.0.2: This release contains the following new component versions: - glycin-heif 2.0.2 - glycin-jpeg2000 2.0.2 - glycin-jxl 2.0.2 - glycin-raw 2.0.2 - glycin-svg 2.0.2 - glycin-utils 4.0.2 - Loaders in 2.0.1 required specifying the loop_animation field explicitly, making it incompatible with previous glycin/libglycin versions. The loop_animation is no assumed to be false when not present, as originally intended. - Update to version 2.0.1: This release contains the following new component versions: - glycin-image-rs 2.0.1 - glycin-utils 4.0.1 - glycin 3.0.1 - libglycin 2.0.1 - libglycin-gtk4 2.0.1 - glycin/libglycin: Add API to disable animation looping. - glycin/sandbox: Detect if bwrap can't be used due to syscalls being blocked. This is an indication of running in an already sandboxed environment like libgnome-desktop thumbnailer or a CI. In this case we fall back to unsandboxed mode. - Close all unused FDs in fork. Before we were sharing all FDs that don't have CLOEXEC set. In Rust that's usually not a problem because that's set by default. But when used by C in libglycin this is much more unclear. This is an attempt at fixing Firefox issues. - There was no timeout spawned that would ensure that unused loaders are killed after they have been unused for the specified maximum retention time. - glycin/sandobx: Canonicalize fontconfig paths before passing to - -ro-bind-try as source because wrap fails on symlinks otherwise. - glycin: u16_to_u8 testcase on big endian machines - heif: Overwrite matrix coefficients (YCbCr) in CICP since currently RGB is forced and GSK gl and cairo don't support YCbCr. This fixes wrong colors in HEIC and AVIF images. ==== libupnp ==== Version update (1.14.24 -> 1.14.25) Subpackages: libixml11 libupnp17 - Update to release 1.14.25 * Handle multiple results of `getaddrinfo` ==== llvm21 ==== Version update (21.1.1 -> 21.1.2) - Update to version 21.1.2. * This release contains bug-fixes for the LLVM 21.1.0 release. This release is API and ABI compatible with 21.1.0. - Rebase llvm-do-not-install-static-libraries.patch. ==== openSUSE-build-key ==== - fix Backports 15 key is not packaged ==== plasma-branding-Kalpa ==== Version update (20250624 -> 20250926) - Bump version to 20250926 - Moved transactional-update-notifier override to functional location ==== plasma6-workspace ==== Subpackages: plasma6-session plasma6-workspace-libs - Add patch to fix crash caused by a qtdeclarative change (kde#509192, QTBUG-140018): * 0001-applets-mediacontroller-Workaround-for-common-crash-.patch ==== podman ==== Version update (5.6.0 -> 5.6.1) - Update to version 5.6.1: * Bump to v5.6.1 * Final release notes for v5.6.1 * update tests duo to CRUN#1767 to support both values * Fix a locking bug in that could cause a double-unlock * Add R! to systemd-tmpfiles script for all /tmp dirs * [v5.6] Bump c/buildah v1.41.4, c/storage 1.59.1, and ... * kube play: don't follow volume symlinks onto the host * Bump xz to v0.5.15 to pick up a CVE fix * Preliminary release notes for v5.6.1 * do not pass [no]copy as bind mounts options to runtime * do not pass volume-opt as bind mounts options to runtime * tests: Get rid of netcat on the host and use Bash's /dev/tcp * tests: Replace ncat for socat * test/e2e: actually start container in startContainer * fix(libpod): truncate long hostnames to correct maximum length * Add a release note for 5.6 Rosetta being disabled-by-default * windows: do not convert unconfined seccomp path * podman events: show network create/remove event with journald * Bump Podman to v5.6.1-dev ==== python-psutil ==== Version update (7.0.0 -> 7.1.0) - Update to 7.1.0 * 2581_, [Windows]: publish ARM64 wheels. (patch by Matthieu Darbois) * 2571_, [FreeBSD]: Dropped support for FreeBSD 8 and earlier. FreeBSD 8 was maintained from 2009 to 2013. * 2575_: introduced `dprint` CLI tool to format .yml and .md files. * 2473_, [macOS]: Fix build issue on macOS 11 and lower. * 2494_, [Windows]: All APIs dealing with paths, such as `Process.memory_maps()`_, `Process.exe()`_ and `Process.open_files()`_ does not properly handle UNC paths. Paths such as ``\\??\\C:\\Windows\\Temp`` and ``'\\Device\\HarddiskVolume1\\Windows\\Temp'`` are now converted to ``C:\\Windows\\Temp``. (patch by Ben Peddell) * 2506_, [Windows]: Windows service APIs had issues with unicode services using special characters in their name. * 2514_, [Linux]: `Process.cwd()`_ sometimes fail with `FileNotFoundError` due to a race condition. * 2526_, [Linux]: `Process.create_time()`_, which is used to univocally identify a process over time, is subject to system clock updates, and as such can lead to `Process.is_running()`_ returning a wrong result. A monotonic creation time is now used instead. (patch by Jonathan Kohler) * 2528_, [Linux]: `Process.children()`_ may raise ``PermissionError``. It will now raise `AccessDenied`_ instead. * 2540_, [macOS]: `boot_time()`_ is off by 45 seconds (C precision issue). * 2541_, 2570_, 2578_ [Linux], [macOS], [NetBSD]: `Process.create_time()`_ does not reflect system clock updates. * 2542_: if system clock is updated `Process.children()`_ and `Process.parent()`_ may not be able to return the right information. * 2545_: [Illumos]: Fix handling of MIB2_UDP_ENTRY in `net_connections()`_. * 2552_, [Windows]: `boot_time()`_ didn't take into account the time spent during suspend / hibernation. * 2560_, [Linux]: `Process.memory_maps()`_ may crash with `IndexError` on RISCV64 due to a malformed `/proc/{PID}/smaps` file. (patch by Julien Stephan) * 2586_, [macOS], [CRITICAL]: fixed different places in C code which can trigger a segfault. * 2604_, [Linux]: `virtual_memory()`_ "used" memory does not match recent versions of ``free`` CLI utility. (patch by Isaac K. Ko) * 2605_, [Linux]: `psutil.sensors_battery()` reports a negative amount for seconds left. * 2607_, [Windows]: ``WindowsService.description()`` method may fail with ``ERROR_NOT_FOUND``. Now it returns an empty string instead. * 2610:, [macOS], [CRITICAL]: fix `cpu_freq()`_ segfault on ARM architectures. * 2571_: dropped support for FreeBSD 8 and earlier. - Drop mem-used-bsc1181475.patch, fixed upstream ==== qt6-webengine ==== Subpackages: libQt6WebEngineCore6 libQt6WebEngineQuick6 libQt6WebEngineWidgets6 qt6-webengine-imports - Add upstream backport (boo#1249045) * qtwebengine_ffmpeg8.patch ==== selinux-policy ==== Version update (20250909 -> 20250926) Subpackages: selinux-policy-targeted - Update to version 20250926: * Add /opt/.snapshots to the snapper file context (bsc#1232226) * Zypper moves files in /var/tmp to /var/cache (bsc#1249052, bsc#1249435) ==== setools ==== - Fix test multibuild flavor - Change the test flavor so that it does not produce any RPMs, avoiding duplicate binaries across the setools and setools-test packages - Disable debuginfo generation for the test flavor, so that it does not break due to the missing files. ==== shaderc ==== - Edit 0001-Use-system-third-party-libs.patch to work with glslang 16 ==== spice-vdagent ==== - Add (xwayland and modalias(virtio:d00000003v*)) Supplements: we can not expect xorg-x11-server to always present anymore. ==== taglib ==== Version update (2.1 -> 2.1.1) - Update to version 2.1.1 * Map ID3v2.3 IPLS frames to both ID3v2.4 TIPL and TMCL to have a consistent behavior when using MusicBrainz tags * Fix missing include for wchar_t when using C bindings with MinGW. ==== xwayland ==== - Add upstream bugfix patches: * U_randr_Do_not_leak_provider_property.patch * U_xwayland_Dispatch_tablet_tool_tip_events.patch * U_glamor_Fix_dual_blend_on_GLES3.patch * U_xwayland_Dont_run_key_behaviors_and_actions.patch