Packages changed: Mesa (25.2.3 -> 25.2.4) Mesa-demo Mesa-drivers (25.2.3 -> 25.2.4) MozillaFirefox (143.0.1 -> 143.0.3) apache2 apache2-manual apache2-prefork apache2-utils gnome-chess (49.0 -> 49.2) kirigami-addons6 (1.9.0 -> 1.10.0) netpbm (11.11.0 -> 11.12.0) nfs-utils open-vm-tools (13.0.0 -> 13.0.5) openSUSE-release (20251001 -> 20251002) opencv perl-XML-LibXML pipewire (1.4.8+git4.8f35e18d1 -> 1.4.8+git68.636cbae9b) python-requests (2.32.4 -> 2.32.5) python-simplejson (3.20.1 -> 3.20.2) python311 python311-core rpcbind strace (6.16 -> 6.17) virglrenderer (1.0.1 -> 1.1.1) wsdd xmlsec1 (1.2.41 -> 1.2.42) yast2-auth-client (5.0.2 -> 5.0.3) === Details === ==== Mesa ==== Version update (25.2.3 -> 25.2.4) Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1 - Update to release 25.2.4 - -> https://docs.mesa3d.org/relnotes/25.2.4 ==== Mesa-demo ==== Subpackages: Mesa-demo-egl Mesa-demo-x - redefine %meson_build/%meson_install on Leap 15.6 in order to fix build ==== Mesa-drivers ==== Version update (25.2.3 -> 25.2.4) Subpackages: Mesa-dri Mesa-libva Mesa-vulkan-device-select libvulkan_lvp - Update to release 25.2.4 - -> https://docs.mesa3d.org/relnotes/25.2.4 ==== MozillaFirefox ==== Version update (143.0.1 -> 143.0.3) Subpackages: MozillaFirefox-branding-upstream MozillaFirefox-translations-common - Mozilla Firefox 143.0.3 https://www.firefox.com/en-US/firefox/143.0.3/releasenotes MFSA 2025-80 (bsc#1250678 * CVE-2025-11152 (bmo#1987246) Sandbox escape due to integer overflow in the Graphics: Canvas2D component * CVE-2025-11153 (bmo#1987481) JIT miscompilation in the JavaScript Engine: JIT component ==== apache2 ==== - httpd testsuite of svn revision 1928711, fixes the failure caused by libxml2 version update to 2.14 ==== apache2-manual ==== - httpd testsuite of svn revision 1928711, fixes the failure caused by libxml2 version update to 2.14 ==== apache2-prefork ==== - httpd testsuite of svn revision 1928711, fixes the failure caused by libxml2 version update to 2.14 ==== apache2-utils ==== - httpd testsuite of svn revision 1928711, fixes the failure caused by libxml2 version update to 2.14 ==== gnome-chess ==== Version update (49.0 -> 49.2) Subpackages: gnome-chess-lang - Update to version 49.2: + Actually for real this time fix: Opponent must be switched off and then to human for the opponent to be a human. - Update to version 49.1: + Bugs fixed: Opponent must be switched off and then to human for the opponent to be a human. + Updated translations. ==== kirigami-addons6 ==== Version update (1.9.0 -> 1.10.0) Subpackages: kirigami-addons6-lang libKirigamiAddonsStatefulApp6 - Update to 1.10.0 https://carlschwan.eu/2025/09/27/kirigami-addons-1.10.0/ * New: KirigamiApp component ==== netpbm ==== Version update (11.11.0 -> 11.12.0) Subpackages: libnetpbm11 - version update to 11.12.0 * pamtris: fix unrecognized command or crash on line with no command. Broken in Netpbm 10.85 (December 2018). * ppmcmap.h: fix C++ compilation. Broken at least since Netpbm 10.35 (August 2006). * Make ppmdfont.h work in C++ compile. Always broken (ppmdfont.h was new some time before Netpbm 10.35 (August 2006)). ==== nfs-utils ==== Subpackages: libnfsidmap1 nfs-client nfs-kernel-server - Drop rcnfs-client/rcnfs-server symlinks [jsc#PED-266] ==== open-vm-tools ==== Version update (13.0.0 -> 13.0.5) Subpackages: libvmtools0 open-vm-tools-desktop - Update to open-vm-tools 13.0.5 based on build 24915695. (boo#1250692): Please refer to the Release Notes at https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/ReleaseNotes.md. The granular changes that have gone into the open-vm-tools 13.0.5 release are in the ChangeLog at https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/open-vm-tools/ChangeLog. There are no new features in the open-vm-tools 13.0.5 release. This is primarily a maintenance release that addresses a security issue. This release resolves and includes the patch for CVE-2025-41244. For more information on this vulnerability and its impact on Broadcom products, see VMSA-2025-0015. A patch to address CVE-2025-41244 on earlier open-vm-tools releases is provided to the Linux community at CVE-2025-41244.patch. A minor enhancement has been made for Guest OS Customization. The DeployPkg plugin has been updated to use "systemctl reboot", if available. For a more complete list of issues addressed in this release, see the What's New and Resolved Issues section of the Release Notes. - Drop patch now contained in 13.0.5: 0001-GOSC-Update-Guest-OS-Customization-to-utilize-system.patch CVE-2025-41244-1240-1300-SDMP.patch - Fix (bsc#1250373 (CVE-2025-41244) - VUL-0: contains a local privilege escalation vulnerability. + Add patch: - CVE-2025-41244-1240-1300-SDMP.patch ==== openSUSE-release ==== Version update (20251001 -> 20251002) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== opencv ==== - Add 86df531.patch: FFmpeg 8.0 support (boo#1249045). ==== perl-XML-LibXML ==== - fix build with libxml2 2.14 - deleted patches * perl-XML-LibXML-fix-testsuite-with-libxml2-2.13.patch (adopted to 2.14) - added patches * perl-XML-LibXML-fix-testsuite-with-libxml2-2.14.patch ==== pipewire ==== Version update (1.4.8+git4.8f35e18d1 -> 1.4.8+git68.636cbae9b) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-lang pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Revert change that enables gsettings-pulse-schema. This creates a file conflict with libpulse-mainloop-glib0 because they both try to install the org.freedesktop.pulseaudio.gschema.xml file. - Update to version 1.4.8+git68.636cbae9b: * avahi: handle fd allocation errors * alsa: Use the minimum period size as headroom for SOF cards * adapter: fix Start of adapter * alsa: don't fail if 3 periods_min fails (boo#1250381) * spa: libcamera: source: fix typo in log message * spa: libcamera: source: query frame buffer planes just once * spa: libcamera: source: simplify `spa_libcamera_clear_buffers()` * spa: libcamera: source: keep `libcamera::FrameBufferAllocator` * spa: libcamera: source: clear buffers when format is changed * spa: libcamera: source: handle try-only format unset * spa: libcamera: source: do not emit param change if try-only * spa: libcamera: source: extract presence of `SPA_NODE_PARAM_FLAG_TEST_ONLY` * spa: libcamera: source: remove format config shortcut * spa: libcamera: source: set chunk flags on error * spa: libcamera: source: process requests on data loop * spa: libcamera: source: process all requests in the ring buffer * spa: libcamera: source: reset ring buffer when stopping * spa: libcamera: source: move request completion data to `impl` * spa: libcamera: source: store the request pointer in ring buffer * spa: libcamera: source: remove `impl::pendingRequests` * spa: libcamera: source: persistent requests <-> buffer association * spa: libcamera: source: allocBuffers(): more error checking * spa: libcamera: source: allocBuffers(): restore on failure * spa: libcamera: source: freeBuffers(): call when format is unset * spa: libcamera: source: freeBuffers(): split pending request removal * spa: libcamera: source: propagate error when setting format * spa: libcamera: source: port_set_format(): remove goto * spa: libcamera: source: use dynamic builder for controls * spa: libcamera: source: provide value labels if available * spa: libcamera: source: handle enum controls better * spa: libcamera: source: unify control range logic * spa: libcamera: source: ignore array controls * spa: libcamera: source: rework bool control type info * spa: libcamera: source: move control enumeration to loop * spa: libcamera: source: separate type info generation * spa: libcamera: manager: keep `libcamera::CameraManager` * spa: libcamera: manager: factor out hotplug event submission * spa: libcamera: source: create eventfd before starting camera * spa: libcamera: source: generate camera config right away * spa: libcamera: source: remove `SPA_PROP_device{,Name}` * spa: libcamera: source: do not close fd * spa: libcamera: source: remove unused `enum_fmt` member * spa: libcamera: source: prop_id_to_control(): do range check first * spa: libcamera: source: fix mapping of `libcamera::ColorSpace::TransferFunction::Linear` * spa: libcamera: source: simplify color space conversion * spa: libcamera: source: avoid iterator overrun when enumerating controls * spa: libcamera: manager: fix id allocation * spa: libcamera: use `nullptr` instead of `NULL` * spa: libcamera: use C++ style casts * spa: libcamera: use anon ns instead of `static` * spa: libcamera: device: remove empty line * spa: libcamera: source: inline `mmap_init()` * spa: libcamera: source: set "corrupted" flag if applicable * spa: libcamera: source: use `union` for transferring control value * spa: libcamera: source: simplify control mapping * spa: libcamera: source: do not make expensive queries multiple times * spa: libcamera: source: simplify format lookup * spa: libcamera: source: use enum types * spa: libcamera: source: handle camera acquire failure * spa: libcamera: inline `libcamera-utils.cpp` * spa: libcamera: clean up includes * spa: libcamera: use lock when acquiring `CameraManager` * spa: libcamera: add colorimetry support * libcamera: Default to auto-focus & auto-exposure - Stop passing gsettings-pulse-schema=disabled to meson setup, all buildependencies are in place already, follow upstream default, build gsettings schema support. ==== python-requests ==== Version update (2.32.4 -> 2.32.5) Subpackages: python311-requests python313-requests - Update to 2.32.5 * The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration. * Added support for Python 3.14. * Dropped support for Python 3.8 following its end of support. - Drop inject-default-ca-bundles.patch, fixed upstream - Drop revert-caching-default-sslcontext.patch, merged upstream - Update BuildRequires from setup.py ==== python-simplejson ==== Version update (3.20.1 -> 3.20.2) - Update to 3.20.2 * Add a test for the min and max floats * Disable speedups on GraalPy same as on PyPy * Update changelog and version for v3.20.2 ==== python311 ==== Subpackages: python311-curses python311-dbm python311-x86-64-v3 - Add gh139257-Support-docutils-0.22.patch to fix build with latest docutils (>=0.22) gh#python/cpython#139257 ==== python311-core ==== Subpackages: libpython3_11-1_0 libpython3_11-1_0-x86-64-v3 python311-base python311-base-x86-64-v3 - Add gh139257-Support-docutils-0.22.patch to fix build with latest docutils (>=0.22) gh#python/cpython#139257 ==== rpcbind ==== - Drop rcrpcbind symlink [jsc:PED-266] ==== strace ==== Version update (6.16 -> 6.17) - Update to strace 6.17 * Implemented decoding of file_getattr and file_setattr syscalls. * Implemented decoding of SO_INQ socket option. * Updated lists of BPF_*, BTN_*, BTRFS_*, DEVCONF_*, ETHTOOL_*, FALLOC_*, KEXEC_*, KEY_*, KVM_*, NETCONFA_*, NFT_*, PR_*, SCM_*, V4L2_*, and XDP_* constants. * Updated lists of ioctl commands from Linux 6.17. ==== virglrenderer ==== Version update (1.0.1 -> 1.1.1) - version update to 1.1.1 1.1.1 Venus * add support for . VK_EXT_blend_operation_advanced . VK_EXT_host_image_copy . VK_EXT_sample_locations . VK_KHR_acceleration_structure . VK_KHR_dynamic_rendering_local_read . VK_KHR_maintenance6 . VK_KHR_maintenance7 . VK_KHR_ray_query . VK_KHR_ray_tracing_maintenance1 . VK_KHR_ray_tracing_position_fetch . VK_KHR_ray_tracing_pipeline . allow to passthrough Vulkan 1.4 support * make virgl_render_server and venus work also without HAVE_MEMFD_CREATE virgl/vrend fixes and changes: * fix modifier query overflow * support R16G16B16X16_UNORM * don't use resource IDs when checking index buffer update requirement * actually propagate the MAX_VERTEX_OUTPUT_COMPONENTS for GLES>=3.0 * propagate the GL_MAX_stage_SHADER_STORAGE_BLOCKS for each stage * virgl: fix fd leak in resource map * Fix int-conversion fatal build error with GCC-14 * virgl: Add error messages to virgl_renderer_init() * vtest: perfetto tracing support * don't choke when the host driver re-uses OpenGL IDs Improve support on FreeBSD and Android DRM * fence: Clear last fence after submission * msm: . add new caps . update UAPI header . improve error msg . fix fence-sharing * amdgpu: . remove redundant SIZE_MAX checks . return original error code to guest from amdgpu_ccmd_bo_query_info() . relax error handling of libdrm API failures . handle dumb resources gracefully in amdgpu_ccmd_bo_query_info() 1.1.0 Support for amdgpu native contexts (Requires umerged changes to qemu, libdrm, and mesa Venus: * Enable support for new extensions: . EXT_attachment_feedback_loop_layout . VK_KHR_maintenance5 . VK_KHR_fragment_shading_rate support . VK_EXT_external_memory_acquire_unmodified . VK_KHR_format_feature_flags2 * Fixes and improvements: . Fix a prior ring wait seqno validation . handle ring fatal error more robustly . hide priority request logging behind debug build . lock device tracked object list . log more on ring fatal . only set ring thread prio if requested . optimize to avoid locking each encoder write . set forwarded nice priority for ring threads virgl/vrend: * create transient dmabuf in resource_map * fix "error: implicit declaration of function 'close'" for Windows * fix "fatal error: poll.h: No such file or directory" for Windows * Correct error value returned by virgl_fence_set_fd_locked() * virgl_protocol: Use parenthesis in macros * virgl_util: Add hash_table_search() * virgl_util: hide slow trace behind debug build * Require 4-byte alignment for all virglrenderer commands * consider drm_initialized too * Add XRGB2101010 support * Check whether we actually got a valid OpenGL/GLES context * Properly seperate the mirror_clamp feat reporting * Support R16G16B16X16_FLOAT as GBM buffer * Improve interaction between 24 bit formats used with GBM and OpenGL * clean up error reporting in vrend_renderer_init * conditionally build using gbm_bo_get_map_info() * fix incorrect limit sent for max samplers * reset dirty mask after binding samplers * stop clobbering the texture bindings * warn on missing sampler_view.texture * workaround non-conformant sampler view pattern * winsys_gbm: initialize pointer map_data before calling gbm_bo_map * decode: print error if format is not correct * shader: Never return out-of-range from varying_bit_from_semantic_and_index * shader: Remove unnecessary condition * util: Fix compiling set_dmabuf_name() using older kernel headers * renderer: Verify that the iov has enough space for the texture data Improve compatibility with MS Windows: * Fix resource_get_info_ext() failing for d3d resources * Fixed logical operation handling so that the logic-op function is updated whenever needed. * tgsi: fix "error: 'uint' undeclared" for Windows Add a fuzzer that sets up valid states to be able to test more code build changes: * Support Darwin hosts * Disable strict aliasing ==== wsdd ==== - Drop rcwsdd symlink [jsc#PED-266] ==== xmlsec1 ==== Version update (1.2.41 -> 1.2.42) Subpackages: libxmlsec1-1 libxmlsec1-nss1 libxmlsec1-openssl1 - version update to 1.2.42 * (xmlsec-openssl) Ensured that only certificates from XML file are returned after verification. * (xmlsec-core) Fixed includes to support latest LibXML2 / LibXSLT. * Several other small fixes (https://github.com/lsh123/xmlsec/commits/xmlsec-1_2_x). ==== yast2-auth-client ==== Version update (5.0.2 -> 5.0.3) - Add support of sssd Information Pipe (bsc#1246696) - 5.0.3