Packages changed:
abseil-cpp
amarok (3.2.1 -> 3.2.2)
fontconfig (2.15.0 -> 2.16.0)
fwupd (2.0.5 -> 2.0.6)
gdb (14.2 -> 15.2)
geoclue2
kernel-firmware-i915 (20250210 -> 20250217)
kernel-firmware-sound (20250210 -> 20250217)
libstorage-ng (4.5.234 -> 4.5.239)
liburing
nvidia-open-driver-G06-signed (570.86.16_k6.13.1_1 -> 570.86.16_k6.13.2_1)
openSUSE-release (20250217 -> 20250218)
openssh (9.9p1 -> 9.9p2)
patterns-media
psmisc
python-M2Crypto (0.43.0 -> 0.44.0)
python-contextvars
woff2
wol
xdg-desktop-portal (1.19.3 -> 1.19.4)
xdg-desktop-portal-gnome (47.2 -> 47.3)
yaml-cpp
yast2-samba-client (5.0.0 -> 5.0.1)
yast2-samba-server (5.0.0 -> 5.0.1)
yast2-trans (84.87.20250209.5d5ae60d41 -> 84.87.20250214.b4c23644e7)
zsh
=== Details ===
==== abseil-cpp ====
Subpackages: libabsl_2501_0_0 libabsl_lite_2501_0_0
- do not obsolete the shared libary package
==== amarok ====
Version update (3.2.1 -> 3.2.2)
- Update to 3.2.2
* https://blogs.kde.org/2025/02/15/amarok-3.2.2-released/
* Try to preserve collection browser order when adding tracks to playlist (kde#180404)
* Fix DAAP collection connections, browsing and playing (kde#498654)
* Fix first line of lyrics.ovh lyrics missing (kde#493882)
==== fontconfig ====
Version update (2.15.0 -> 2.16.0)
Subpackages: fontconfig-lang libfontconfig1
- update to 2.16.0:
* Fix misleading-indentation warning
* Deal with glob string properly
* Allow comma as a delimiter in postscriptname and ignore it on matching
* Refactor exclusive language logic into separate file
* Use proper postscriptname for named instance if any
* Remove redundant leaf assignment in fcfreetype.c
* Ensure lock/unlock symmetry
* Ensure config is locked during retry in FcConfigReference
* Unlock on allocation failure in FcCacheInsert
* Fix FcSerialize undefined behavior with null pointer usage
* Fix undefined behavior issue on qsort call
* Add cop.orth for Coptic language
* Add got.orth for Gothic language
* Fix a memory leak in fc-list/fc-query/fc-scan
* mark _FcPatternIter as may_alias
* Accept integer for pixelsize
* Improve hinting detection for fonthashint object
* Add FcConfigSetFontSetFilter
* Fix some code found by SAST
* Set FcTypeVoid if no valid types to convert
* Fix a memory leak in _get_real_paths_from_prefix
* Fix double slashes in path
* More information when no writable cache directories
* Fix test case for reproducible builds
* Fix invalid escape character \s
* Sort out bitmap related config files
* Clean up .uuid files with fc-cache -f too
- add fontconfig-autoconf269.patch to start leap build
==== fwupd ====
Version update (2.0.5 -> 2.0.6)
Subpackages: fwupd-bash-completion fwupd-lang libfwupd3 typelib-1_0-Fwupd-2_0
- Update to version 2.0.6:
+ This release adds the following features:
- Add 'fwupdtool efiboot-hive' to allow setting the nmbl cmdline
- Allow setting the inhibit reason from fwupdmgr
- Allow USB-provided hidraw devices to use DS-20 descriptors
+ This release fixes the following bugs:
- Correctly deploy the dbx on MSI hardware
- Correctly extract the milestone from Lenovo version numbers
- Do not add invalid CoSWID entities to fix a fuzzing hang
- Fix Logitech HID++ child device detection
- Get the correct internal network VID and PID from Redfish
- Include the payload length in the Wacom scaler update start command
- Only use emulated devices when using device-emulate
- Reload the thunderbolt retimer version after the payload is deployed
- Speed up startup by ~1% by limiting the precision of percentage updates
- Support new version formats for future Huddly devices
- Updating the Logitech Rallybar in a more reliable way
+ This release adds support for the following hardware:
- HPE Gen10/Gen10+ devices using Redfish
==== gdb ====
Version update (14.2 -> 15.2)
- Maintenance script qa.sh:
* Add PR32712 kfail.
- Mention changes in GDB 15:
* The MPX commands "show/set mpx bound" have been deprecated, as
Intel listed MPX as removed in 2019.
* GDB index now contains information about the main function.
* This speeds up startup when it is being used for some large
binaries.
* On hosts where threading is available, DWARF reading is now
done in the background, resulting in faster startup. This can
be controlled using "maint set dwarf synchronous".
* Changed commands:
* disassemble:
Attempting to use both the 'r' and 'b' flags with the
disassemble command will now give an error. Previously the
'b' flag would always override the 'r' flag.
* gcore, generate-core-file:
GDB now generates sparse core files, on systems that support
it.
* maintenance info line-table:
Add an EPILOGUE-BEGIN column to the output of the command.
It indicates if the line is considered the start of the
epilogue, and thus a point at which the frame can be
considered destroyed.
* set unwindonsignal on|off, show unwindonsignal:
These commands are now aliases for the new
set/show unwind-on-signal.
* target record-full:
This command now gives an error if any unexpected arguments
are found after the command.
* list .:
When using the command "list ." in a location that has no
debug information or no file loaded, GDB now says that there
is no debug information to print lines. This makes it more
obvious that there is no information, as opposed to implying
there is no inferior loaded.
* New commands:
* info missing-debug-handler:
List all the registered missing debug handlers.
* enable missing-debug-handler LOCUS HANDLER,
disable missing-debug-handler LOCUS HANDLER:
Enable or disable a missing debug handler with a name
matching the regular expression HANDLER, in LOCUS.
LOCUS can be 'global' to operate on global missing debug
handler, 'progspace' to operate on handlers within the
current program space, or can be a regular expression which
is matched against the filename of the primary executable in
each program space.
* maintenance info linux-lwps:
List all LWPs under control of the linux-nat target.
* set remote thread-options-packet,
show remote thread-options-packet:
Set/show the use of the thread options packet.
* set direct-call-timeout SECONDS, show direct-call-timeout,
set indirect-call-timeout SECONDS,
show indirect-call-timeout:
These new settings can be used to limit how long GDB will
wait for an inferior function call to complete. The direct
timeout is used for inferior function calls from e.g. 'call'
and 'print' commands, while the indirect timeout is used for
inferior function calls from within a conditional breakpoint
expression.
The default for the direct timeout is unlimited, while the
default for the indirect timeout is 30 seconds.
These timeouts will only have an effect for targets that are
operating in async mode. For non-async targets the timeouts
are ignored, GDB will wait indefinitely for an inferior
function to complete, unless interrupted by the user using
Ctrl-C.
* set unwind-on-timeout on|off, show unwind-on-timeout:
These commands control whether GDB should unwind the stack
when a timeout occurs during an inferior function call. The
default is off, in which case the inferior will remain in
the frame where the timeout occurred. When on, GDB will
unwind the stack removing the dummy frame that was added for
the inferior call, and restoring the inferior state to how
it was before the inferior call started.
* set unwind-on-signal on|off, show unwind-on-signal:
These new commands replaces the existing set/show
unwindonsignal. The old command is maintained as an alias.
* New features in the GDB remote stub, GDBserver:
* The --remote-debug and --event-loop-debug command line
options have been removed.
* The --debug command line option now takes an optional comma
separated list of components to emit debug for. The
currently supported components are: all, threads,
event-loop, and remote. If no components are given then
threads is assumed.
* The 'monitor set remote-debug' and 'monitor set
event-loop-debug' command have been removed.
* The 'monitor set debug 0|1' command has been extended to
take a component name, e.g.: 'monitor set debug COMPONENT
off|on'. Possible component names are: all, threads,
event-loop, and remote.
* Python API:
* New function gdb.notify_mi(NAME, DATA), that emits custom
GDB/MI async notification.
* New read/write attribute gdb.Value.bytes that contains a
bytes object holding the contents of this value.
... changelog too long, skipping 407 lines ...
- Add "BuildRequires: libgo23" to fix unresolved for factory.
==== geoclue2 ====
Subpackages: system-user-srvGeoClue typelib-1_0-Geoclue-2_0
- Move xdg/autostart filesto /usr/etc (boo#1237248).
==== kernel-firmware-i915 ====
Version update (20250210 -> 20250217)
- Update to version 20250217 (git commit 487f2f2421ae):
* i915: Update Xe3LPD DMC to v2.17
- Drop duplicated aliases
==== kernel-firmware-sound ====
Version update (20250210 -> 20250217)
- Update to version 20250217 (git commit 487f2f2421ae):
* ASoC: tas2781: Change regbin firmwares for single device
- Drop duplicated aliases
==== libstorage-ng ====
Version update (4.5.234 -> 4.5.239)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1
- Translated using Weblate (French) (bsc#1149754)
- 4.5.239
- Translated using Weblate (Japanese) (bsc#1149754)
- 4.5.238
- Translated using Weblate (Catalan) (bsc#1149754)
- 4.5.237
- Translated using Weblate (Slovak) (bsc#1149754)
- merge gh#openSUSE/libstorage-ng#1018
- updated pot and po files
- 4.5.236
- merge gh#openSUSE/libstorage-ng#1017
- use convenience function
- improved message of action
- updated history file
- 4.5.235
==== liburing ====
- disable even more tests
==== nvidia-open-driver-G06-signed ====
Version update (570.86.16_k6.13.1_1 -> 570.86.16_k6.13.2_1)
- In the module install path revert the order of the 'updates'
subdirectory and the package name & version. This satisfies
the kmp dependency checker (boo#1237308).
==== openSUSE-release ====
Version update (20250217 -> 20250218)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== openssh ====
Version update (9.9p1 -> 9.9p2)
Subpackages: openssh-clients openssh-common openssh-server
- Update to openssh 9.9p2:
= Security
* Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1
(inclusive) contained a logic error that allowed an on-path
attacker (a.k.a MITM) to impersonate any server when the
VerifyHostKeyDNS option is enabled. This option is off by
default.
* Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1
(inclusive) is vulnerable to a memory/CPU denial-of-service
related to the handling of SSH2_MSG_PING packets. This
condition may be mitigated using the existing
PerSourcePenalties feature.
Both vulnerabilities were discovered and demonstrated to be
exploitable by the Qualys Security Advisory team. The openSSH
team thanks them for their detailed review of OpenSSH.
= Bugfixes
* ssh(1), sshd(8): fix regression in Match directive that caused
failures when predicates and their arguments were separated by
'=' characters instead of whitespace (bz3739).
* sshd(8): fix the "Match invalid-user" predicate, which was
matching incorrectly in the initial pass of config evaluation.
* ssh(1), sshd(8), ssh-keyscan(1): fix mlkem768x25519-sha256 key
exchange on big-endian systems.
* Fix a number of build problems on particular operating systems
and configurations.
- Remove patches that are already included in 9.9p2:
* 0001-fix-utmpx-ifdef.patch
* 0002-upstream-fix-regression-introduced-when-I-switched-the-Match.patch
* 0003-upstream-fix-previous-change-to-ssh_config-Match_-which-broken-on.patch
* 0004-upstream-fix-ML-KEM768x25519-KEX-on-big-endian-systems-spotted-by.patch
* fix-CVE-2025-26465-and-CVE-2025-26466.patch
- Fix a MitM attack against OpenSSH's VerifyHostKeyDNS-enabled
client and a DoS attack against OpenSSH's client and server
(bsc#1237040, CVE-2025-26465, bsc#1237041, CVE-2025-26466):
* fix-CVE-2025-26465-and-CVE-2025-26466.patch
==== patterns-media ====
Subpackages: patterns-media-rest_cd_core patterns-media-rest_dvd
- Added grub2-x86_64-efi-bls for EFI-BLS bootloader.
==== psmisc ====
Subpackages: psmisc-lang
- Looks like Factory and TW includes glibc-gconv-modules-extra at build time
==== python-M2Crypto ====
Version update (0.43.0 -> 0.44.0)
- Fix spelling of BSD-2-Clause license.
- Add rpmlintrc … overflow of ignorable rpmlint warnings caused
me not to see the previous problem.
- Update to 0.44.0:
- fix(rsa): introduce internal cache for rsa.check_key()
(bsc#1236664, srht#mcepl/m2crypto#369)
- fix[authcookie]: modernize the module
- fix(_lib): add missing #include for windows
- ci: relax fedora crypto policy to legacy.
- enhance setup.py for macos compatibility
- prefer packaging.version over distutils.version
- fix segfault with openssl 3.4.0
- fix[ec]: raise ioerror instead when load_key_bio() cannot read
the file.
- doc: update installation instructions for windows.
- fix setting x509.verify_* variables
- fix building against openssl in non-standard location
- test_x509: use only x509_version_1 (0) as version for csr.
- The real license is BSD 2-Clause, not MIT.
==== python-contextvars ====
- Build package for multiple Python flavors on the SLE15 family
==== woff2 ====
Subpackages: libwoff2common1_0_2 libwoff2dec1_0_2
- Add patch to fix build with gcc15:
+ woff2-gcc15.patch
==== wol ====
Subpackages: wol-lang
- Added wol-gcc15.patch to fix build with gcc15.
==== xdg-desktop-portal ====
Version update (1.19.3 -> 1.19.4)
Subpackages: xdg-desktop-portal-lang
- Update to version 1.19.4:
+ New Features: Introduce the host app registry. This interface
allows host system apps (i.e. apps not running under a
sandboxing mechanism like Flatpak) register themselves with XDG
Desktop Portal. This allows XDG Desktop Portal to use a proper
app id, and desktop file, improving the interaction with portal
backends.
+ Enhancements: Use a new internal script to simply running
tests.
+ Bug Fixes:
- Properly escape notification body in the Notification portal.
- Fix various documentation links in the USB portal
documentation page.
==== xdg-desktop-portal-gnome ====
Version update (47.2 -> 47.3)
Subpackages: xdg-desktop-portal-gnome-lang
- Update to version 47.3:
+ Fix build against xdg-desktop-portal >= 1.19.1
+ Fix initialization of X11 display.
- Drop patches fixed upstream:
+ notification-Add-missing-GUnixFDList-argument.patch
+ notification-null-icon-pointer.patch
==== yaml-cpp ====
- added patches
fix https://github.com/jbeder/yaml-cpp/commit/7b469b4220f96fb3d036cf68cd7bd30bd39e61d2
+ yaml-cpp-gcc15.patch
==== yast2-samba-client ====
Version update (5.0.0 -> 5.0.1)
- Remove nscd-related code (bsc#1236308)
- 5.0.1
==== yast2-samba-server ====
Version update (5.0.0 -> 5.0.1)
- Remove nscd-related code (bsc#1236308)
- 5.0.1
==== yast2-trans ====
Version update (84.87.20250209.5d5ae60d41 -> 84.87.20250214.b4c23644e7)
Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu
- Update to version 84.87.20250214.b4c23644e7:
* Translated using Weblate (Slovak)
* Translated using Weblate (Slovak)
* Translated using Weblate (Slovak)
* Translated using Weblate (Slovak)
==== zsh ====
- Make it build with texinfo 7.1 (boo#1237196)