Packages changed: abseil-cpp amarok (3.2.1 -> 3.2.2) fontconfig (2.15.0 -> 2.16.0) fwupd (2.0.5 -> 2.0.6) gdb (14.2 -> 15.2) geoclue2 kernel-firmware-i915 (20250210 -> 20250217) kernel-firmware-sound (20250210 -> 20250217) libstorage-ng (4.5.234 -> 4.5.239) liburing nvidia-open-driver-G06-signed (570.86.16_k6.13.1_1 -> 570.86.16_k6.13.2_1) openSUSE-release (20250217 -> 20250218) openssh (9.9p1 -> 9.9p2) patterns-media psmisc python-M2Crypto (0.43.0 -> 0.44.0) python-contextvars woff2 wol xdg-desktop-portal (1.19.3 -> 1.19.4) xdg-desktop-portal-gnome (47.2 -> 47.3) yaml-cpp yast2-samba-client (5.0.0 -> 5.0.1) yast2-samba-server (5.0.0 -> 5.0.1) yast2-trans (84.87.20250209.5d5ae60d41 -> 84.87.20250214.b4c23644e7) zsh === Details === ==== abseil-cpp ==== Subpackages: libabsl_2501_0_0 libabsl_lite_2501_0_0 - do not obsolete the shared libary package ==== amarok ==== Version update (3.2.1 -> 3.2.2) - Update to 3.2.2 * https://blogs.kde.org/2025/02/15/amarok-3.2.2-released/ * Try to preserve collection browser order when adding tracks to playlist (kde#180404) * Fix DAAP collection connections, browsing and playing (kde#498654) * Fix first line of lyrics.ovh lyrics missing (kde#493882) ==== fontconfig ==== Version update (2.15.0 -> 2.16.0) Subpackages: fontconfig-lang libfontconfig1 - update to 2.16.0: * Fix misleading-indentation warning * Deal with glob string properly * Allow comma as a delimiter in postscriptname and ignore it on matching * Refactor exclusive language logic into separate file * Use proper postscriptname for named instance if any * Remove redundant leaf assignment in fcfreetype.c * Ensure lock/unlock symmetry * Ensure config is locked during retry in FcConfigReference * Unlock on allocation failure in FcCacheInsert * Fix FcSerialize undefined behavior with null pointer usage * Fix undefined behavior issue on qsort call * Add cop.orth for Coptic language * Add got.orth for Gothic language * Fix a memory leak in fc-list/fc-query/fc-scan * mark _FcPatternIter as may_alias * Accept integer for pixelsize * Improve hinting detection for fonthashint object * Add FcConfigSetFontSetFilter * Fix some code found by SAST * Set FcTypeVoid if no valid types to convert * Fix a memory leak in _get_real_paths_from_prefix * Fix double slashes in path * More information when no writable cache directories * Fix test case for reproducible builds * Fix invalid escape character \s * Sort out bitmap related config files * Clean up .uuid files with fc-cache -f too - add fontconfig-autoconf269.patch to start leap build ==== fwupd ==== Version update (2.0.5 -> 2.0.6) Subpackages: fwupd-bash-completion fwupd-lang libfwupd3 typelib-1_0-Fwupd-2_0 - Update to version 2.0.6: + This release adds the following features: - Add 'fwupdtool efiboot-hive' to allow setting the nmbl cmdline - Allow setting the inhibit reason from fwupdmgr - Allow USB-provided hidraw devices to use DS-20 descriptors + This release fixes the following bugs: - Correctly deploy the dbx on MSI hardware - Correctly extract the milestone from Lenovo version numbers - Do not add invalid CoSWID entities to fix a fuzzing hang - Fix Logitech HID++ child device detection - Get the correct internal network VID and PID from Redfish - Include the payload length in the Wacom scaler update start command - Only use emulated devices when using device-emulate - Reload the thunderbolt retimer version after the payload is deployed - Speed up startup by ~1% by limiting the precision of percentage updates - Support new version formats for future Huddly devices - Updating the Logitech Rallybar in a more reliable way + This release adds support for the following hardware: - HPE Gen10/Gen10+ devices using Redfish ==== gdb ==== Version update (14.2 -> 15.2) - Maintenance script qa.sh: * Add PR32712 kfail. - Mention changes in GDB 15: * The MPX commands "show/set mpx bound" have been deprecated, as Intel listed MPX as removed in 2019. * GDB index now contains information about the main function. * This speeds up startup when it is being used for some large binaries. * On hosts where threading is available, DWARF reading is now done in the background, resulting in faster startup. This can be controlled using "maint set dwarf synchronous". * Changed commands: * disassemble: Attempting to use both the 'r' and 'b' flags with the disassemble command will now give an error. Previously the 'b' flag would always override the 'r' flag. * gcore, generate-core-file: GDB now generates sparse core files, on systems that support it. * maintenance info line-table: Add an EPILOGUE-BEGIN column to the output of the command. It indicates if the line is considered the start of the epilogue, and thus a point at which the frame can be considered destroyed. * set unwindonsignal on|off, show unwindonsignal: These commands are now aliases for the new set/show unwind-on-signal. * target record-full: This command now gives an error if any unexpected arguments are found after the command. * list .: When using the command "list ." in a location that has no debug information or no file loaded, GDB now says that there is no debug information to print lines. This makes it more obvious that there is no information, as opposed to implying there is no inferior loaded. * New commands: * info missing-debug-handler: List all the registered missing debug handlers. * enable missing-debug-handler LOCUS HANDLER, disable missing-debug-handler LOCUS HANDLER: Enable or disable a missing debug handler with a name matching the regular expression HANDLER, in LOCUS. LOCUS can be 'global' to operate on global missing debug handler, 'progspace' to operate on handlers within the current program space, or can be a regular expression which is matched against the filename of the primary executable in each program space. * maintenance info linux-lwps: List all LWPs under control of the linux-nat target. * set remote thread-options-packet, show remote thread-options-packet: Set/show the use of the thread options packet. * set direct-call-timeout SECONDS, show direct-call-timeout, set indirect-call-timeout SECONDS, show indirect-call-timeout: These new settings can be used to limit how long GDB will wait for an inferior function call to complete. The direct timeout is used for inferior function calls from e.g. 'call' and 'print' commands, while the indirect timeout is used for inferior function calls from within a conditional breakpoint expression. The default for the direct timeout is unlimited, while the default for the indirect timeout is 30 seconds. These timeouts will only have an effect for targets that are operating in async mode. For non-async targets the timeouts are ignored, GDB will wait indefinitely for an inferior function to complete, unless interrupted by the user using Ctrl-C. * set unwind-on-timeout on|off, show unwind-on-timeout: These commands control whether GDB should unwind the stack when a timeout occurs during an inferior function call. The default is off, in which case the inferior will remain in the frame where the timeout occurred. When on, GDB will unwind the stack removing the dummy frame that was added for the inferior call, and restoring the inferior state to how it was before the inferior call started. * set unwind-on-signal on|off, show unwind-on-signal: These new commands replaces the existing set/show unwindonsignal. The old command is maintained as an alias. * New features in the GDB remote stub, GDBserver: * The --remote-debug and --event-loop-debug command line options have been removed. * The --debug command line option now takes an optional comma separated list of components to emit debug for. The currently supported components are: all, threads, event-loop, and remote. If no components are given then threads is assumed. * The 'monitor set remote-debug' and 'monitor set event-loop-debug' command have been removed. * The 'monitor set debug 0|1' command has been extended to take a component name, e.g.: 'monitor set debug COMPONENT off|on'. Possible component names are: all, threads, event-loop, and remote. * Python API: * New function gdb.notify_mi(NAME, DATA), that emits custom GDB/MI async notification. * New read/write attribute gdb.Value.bytes that contains a bytes object holding the contents of this value. ... changelog too long, skipping 407 lines ... - Add "BuildRequires: libgo23" to fix unresolved for factory. ==== geoclue2 ==== Subpackages: system-user-srvGeoClue typelib-1_0-Geoclue-2_0 - Move xdg/autostart filesto /usr/etc (boo#1237248). ==== kernel-firmware-i915 ==== Version update (20250210 -> 20250217) - Update to version 20250217 (git commit 487f2f2421ae): * i915: Update Xe3LPD DMC to v2.17 - Drop duplicated aliases ==== kernel-firmware-sound ==== Version update (20250210 -> 20250217) - Update to version 20250217 (git commit 487f2f2421ae): * ASoC: tas2781: Change regbin firmwares for single device - Drop duplicated aliases ==== libstorage-ng ==== Version update (4.5.234 -> 4.5.239) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - Translated using Weblate (French) (bsc#1149754) - 4.5.239 - Translated using Weblate (Japanese) (bsc#1149754) - 4.5.238 - Translated using Weblate (Catalan) (bsc#1149754) - 4.5.237 - Translated using Weblate (Slovak) (bsc#1149754) - merge gh#openSUSE/libstorage-ng#1018 - updated pot and po files - 4.5.236 - merge gh#openSUSE/libstorage-ng#1017 - use convenience function - improved message of action - updated history file - 4.5.235 ==== liburing ==== - disable even more tests ==== nvidia-open-driver-G06-signed ==== Version update (570.86.16_k6.13.1_1 -> 570.86.16_k6.13.2_1) - In the module install path revert the order of the 'updates' subdirectory and the package name & version. This satisfies the kmp dependency checker (boo#1237308). ==== openSUSE-release ==== Version update (20250217 -> 20250218) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== openssh ==== Version update (9.9p1 -> 9.9p2) Subpackages: openssh-clients openssh-common openssh-server - Update to openssh 9.9p2: = Security * Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1 (inclusive) contained a logic error that allowed an on-path attacker (a.k.a MITM) to impersonate any server when the VerifyHostKeyDNS option is enabled. This option is off by default. * Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1 (inclusive) is vulnerable to a memory/CPU denial-of-service related to the handling of SSH2_MSG_PING packets. This condition may be mitigated using the existing PerSourcePenalties feature. Both vulnerabilities were discovered and demonstrated to be exploitable by the Qualys Security Advisory team. The openSSH team thanks them for their detailed review of OpenSSH. = Bugfixes * ssh(1), sshd(8): fix regression in Match directive that caused failures when predicates and their arguments were separated by '=' characters instead of whitespace (bz3739). * sshd(8): fix the "Match invalid-user" predicate, which was matching incorrectly in the initial pass of config evaluation. * ssh(1), sshd(8), ssh-keyscan(1): fix mlkem768x25519-sha256 key exchange on big-endian systems. * Fix a number of build problems on particular operating systems and configurations. - Remove patches that are already included in 9.9p2: * 0001-fix-utmpx-ifdef.patch * 0002-upstream-fix-regression-introduced-when-I-switched-the-Match.patch * 0003-upstream-fix-previous-change-to-ssh_config-Match_-which-broken-on.patch * 0004-upstream-fix-ML-KEM768x25519-KEX-on-big-endian-systems-spotted-by.patch * fix-CVE-2025-26465-and-CVE-2025-26466.patch - Fix a MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client and a DoS attack against OpenSSH's client and server (bsc#1237040, CVE-2025-26465, bsc#1237041, CVE-2025-26466): * fix-CVE-2025-26465-and-CVE-2025-26466.patch ==== patterns-media ==== Subpackages: patterns-media-rest_cd_core patterns-media-rest_dvd - Added grub2-x86_64-efi-bls for EFI-BLS bootloader. ==== psmisc ==== Subpackages: psmisc-lang - Looks like Factory and TW includes glibc-gconv-modules-extra at build time ==== python-M2Crypto ==== Version update (0.43.0 -> 0.44.0) - Fix spelling of BSD-2-Clause license. - Add rpmlintrc … overflow of ignorable rpmlint warnings caused me not to see the previous problem. - Update to 0.44.0: - fix(rsa): introduce internal cache for rsa.check_key() (bsc#1236664, srht#mcepl/m2crypto#369) - fix[authcookie]: modernize the module - fix(_lib): add missing #include for windows - ci: relax fedora crypto policy to legacy. - enhance setup.py for macos compatibility - prefer packaging.version over distutils.version - fix segfault with openssl 3.4.0 - fix[ec]: raise ioerror instead when load_key_bio() cannot read the file. - doc: update installation instructions for windows. - fix setting x509.verify_* variables - fix building against openssl in non-standard location - test_x509: use only x509_version_1 (0) as version for csr. - The real license is BSD 2-Clause, not MIT. ==== python-contextvars ==== - Build package for multiple Python flavors on the SLE15 family ==== woff2 ==== Subpackages: libwoff2common1_0_2 libwoff2dec1_0_2 - Add patch to fix build with gcc15: + woff2-gcc15.patch ==== wol ==== Subpackages: wol-lang - Added wol-gcc15.patch to fix build with gcc15. ==== xdg-desktop-portal ==== Version update (1.19.3 -> 1.19.4) Subpackages: xdg-desktop-portal-lang - Update to version 1.19.4: + New Features: Introduce the host app registry. This interface allows host system apps (i.e. apps not running under a sandboxing mechanism like Flatpak) register themselves with XDG Desktop Portal. This allows XDG Desktop Portal to use a proper app id, and desktop file, improving the interaction with portal backends. + Enhancements: Use a new internal script to simply running tests. + Bug Fixes: - Properly escape notification body in the Notification portal. - Fix various documentation links in the USB portal documentation page. ==== xdg-desktop-portal-gnome ==== Version update (47.2 -> 47.3) Subpackages: xdg-desktop-portal-gnome-lang - Update to version 47.3: + Fix build against xdg-desktop-portal >= 1.19.1 + Fix initialization of X11 display. - Drop patches fixed upstream: + notification-Add-missing-GUnixFDList-argument.patch + notification-null-icon-pointer.patch ==== yaml-cpp ==== - added patches fix https://github.com/jbeder/yaml-cpp/commit/7b469b4220f96fb3d036cf68cd7bd30bd39e61d2 + yaml-cpp-gcc15.patch ==== yast2-samba-client ==== Version update (5.0.0 -> 5.0.1) - Remove nscd-related code (bsc#1236308) - 5.0.1 ==== yast2-samba-server ==== Version update (5.0.0 -> 5.0.1) - Remove nscd-related code (bsc#1236308) - 5.0.1 ==== yast2-trans ==== Version update (84.87.20250209.5d5ae60d41 -> 84.87.20250214.b4c23644e7) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20250214.b4c23644e7: * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) ==== zsh ==== - Make it build with texinfo 7.1 (boo#1237196)