Packages changed: MicroOS-release (20250805 -> 20250806) SDL3 (3.2.18 -> 3.2.20) at-spi2-core (2.56.3 -> 2.56.4) busybox busybox-links container-selinux (2.239.0 -> 2.240.0) firewalld ghostscript (10.05.0 -> 10.05.1) google-noto-coloremoji-fonts (20240424 -> 20250622) gpg2 (2.5.9 -> 2.5.11) jasper (4.2.5 -> 4.2.8) libaom (3.11.0 -> 3.12.1) libpng16 (1.6.44 -> 1.6.50) libwebp (1.5.0 -> 1.6.0) lua53 lua54 pinentry pinentry-gui poppler (25.07.0 -> 25.08.0) poppler-qt6 (25.07.0 -> 25.08.0) python-maturin (1.9.1 -> 1.9.3) sdbootutil (1+git20250731.055e2fe -> 1+git20250804.8dccab3) systemd tiff vmaf === Details === ==== MicroOS-release ==== Version update (20250805 -> 20250806) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== SDL3 ==== Version update (3.2.18 -> 3.2.20) - Update to release 3.2.20 * Fixed a crash when passing large invalid coordinates to SDL_BlitSurfaceScaled() * Fixed doubled mouse wheel events on X11 * Fixed doubled SDL_EVENT_GAMEPAD_ADDED events for controllers with automatic gamepad mappings ==== at-spi2-core ==== Version update (2.56.3 -> 2.56.4) Subpackages: libatk-1_0-0 libatk-bridge-2_0-0 libatspi0 typelib-1_0-Atk-1_0 - Update to version 2.56.4: + Fix key grabs when num lock or caps lock are on under Wayland. + atk-bridge: Don't crash when requesting a plug if not activated. + Add sanity checks for child indices received via DBus. - Drop patches fixed upstream: + at-spi2-core-grab-memory-leak.patch + at-spi2-core-key-grabs.patch + at-spi2-core-plug-crash.patch ==== busybox ==== - revert the change to busybox.install.patch below. The logic will be needed only in busybox-links package when generating file lists. - fix mkdir path to point to /usr/bin instead of /bin ==== busybox-links ==== Subpackages: busybox-coreutils busybox-diffutils busybox-grep busybox-gzip busybox-hostname busybox-sed busybox-xz - fix generation of file lists via Dockerfile - add copy of busybox.links from the container to catch changes to busybox config ==== container-selinux ==== Version update (2.239.0 -> 2.240.0) - Update to version 2.240.0: * Dontaudit dac_override for iptables_t * dropping rootless-docker_iptables.patch is upstream * Don't allow containers by default setexec setfscreate * Containers need to use hsa devices for ROCM ==== firewalld ==== Subpackages: python313-firewall - Call autopoint when building against gettext-runtime 0.25 or newer. (boo#1246967) ==== ghostscript ==== Version update (10.05.0 -> 10.05.1) - Version upgrade to 10.05.1 See 'Recent Changes in Ghostscript' at Ghostscript upstream https://ghostscript.readthedocs.io/en/gs10.05.1/News.html * This release addresses CVEs: + CVE-2025-46646 + CVE-2025-48708 (bsc#1243701) * The 10.05.1 patch release addresses: + An overflow issue in Freetype on platforms where long is a 4 byte (rather than 8 byte) type (Microsoft Windows, for example) causing corrupted glyph rendering at higher resolutions + An issue with embedded files, affecting Zugferd format PDF creation. + Broken logic in PDF Optional Content processing + Potential slow down due to searching for identifiable font files + A small number of extreme edge case segmentation faults. ==== google-noto-coloremoji-fonts ==== Version update (20240424 -> 20250622) - Update to v2.048 * Unicode 16.0 update ==== gpg2 ==== Version update (2.5.9 -> 2.5.11) - Update to 2.5.11: * gpg: Fix a segv in key signing with notations introduced in 2.5.10 * agent: Fix for smartcard decryption with Brainpool keys - includes changes from 2.5.10: * gpg: Add a notation with version information to signatures * gpgv: New option --print-notation * gpgsm: Fix caching of the trustlist's flags * agent: Fix for smartcard decryption returning x-coordinate only * agent: Another fix for a regression with unknown curves and ssh * dirmngr: Implement command KS_DEL for ldap servers - fail build upon test failures ==== jasper ==== Version update (4.2.5 -> 4.2.8) - Update to 4.2.8: * Fixed a bug in the JPC decoder that could cause bad memory accesses if the debug level is set sufficiently high (#402, #403). - Update to 4.2.7: * Added some missing range checking on several coding parameters in the JPC encoder (#401). - Update to 4.2.6: * Added a check for a missing color component in the jas_image_chclrspc function (#400). * Fixed a minor build problem related to the use of -Wstrict-prototypes with Clang. ==== libaom ==== Version update (3.11.0 -> 3.12.1) - Update to version 3.12.1: * This release includes new codec interfaces, compression efficiency and perceptual improvements, speedup and memory optimizations, and bug fixes. - See https://aomedia.googlesource.com/aom/+/refs/tags/v3.12.1/CHANGELOG for detailed changes since version 3.11.0 - Updated patches ==== libpng16 ==== Version update (1.6.44 -> 1.6.50) - version update to 1.6.50: * Improved the detection of the RVV Extension on the RISC-V platform. (Contributed by Filip Wasil) * Replaced inline ASM with C intrinsics in the RVV code. (Contributed by Filip Wasil) * Fixed a decoder defect in which unknown chunks trailing IDAT, set to go through the unknown chunk handler, incorrectly triggered out-of-place IEND errors. (Contributed by John Bowler) * Fixed the CMake file for cross-platform builds that require `libm`. - version update to 1.6.49: * Added SIMD-optimized code for the RISC-V Vector Extension (RVV). (Contributed by Manfred Schlaegl, Dragos Tiselice and Filip Wasil) * Added various fixes and improvements to the build scripts and to the sample code. - version update to 1.6.48: * Fixed the floating-point version of the mDCv setter `png_set_mDCv`. (Reported by Mohit Bakshi; fixed by John Bowler) * Added #error directives to discourage the inclusion of private libpng implementation header files in PNG-supporting applications. * Added the CMake build option `PNG_LIBCONF_HEADER`, to be used as an alternative to `DFA_XTRA`. * Removed the Travis CI configuration files, with heartfelt thanks for their generous support of our project over the past five years! - version update to 1.6.47: * Modified the behaviour of colorspace chunks in order to adhere to the new precedence rules formulated in the latest draft of the PNG Specification. (Contributed by John Bowler) * Fixed a latent bug in `png_write_iCCP`. This would have been a read-beyond-end-of-malloc vulnerability, introduced early in the libpng-1.6.0 development, yet (fortunately!) it was inaccessible before the above-mentioned modification of the colorspace precedence rules, due to pre-existing colorspace checks. (Reported by Bob Friesenhahn; fixed by John Bowler) - version update to 1.6.46: * Added support for the mDCV and cLLI chunks. (Contributed by John Bowler) * Fixed a build issue affecting C89 compilers. This was a regression introduced in libpng-1.6.45. (Contributed by John Bowler) * Added makefile.c89, specifically for testing C89 compilers. * Cleaned up contrib/pngminus: corrected an old typo, removed an old workaround, and updated the CMake file. - version update to 1.6.45: * Added support for the cICP chunk. (Contributed by Lucas Chollet and John Bowler) * Adjusted and improved various checks in colorspace calculations. (Contributed by John Bowler) * Rearranged the write order of colorspace chunks for better conformance with the PNG v3 draft specification. (Contributed by John Bowler) * Raised the minimum required CMake version from 3.6 to 3.14. * Forked off a development branch for libpng version 1.8. ==== libwebp ==== Version update (1.5.0 -> 1.6.0) Subpackages: libsharpyuv0 libwebp7 libwebpdemux2 libwebpmux3 - Update to release 1.6.0 * API changes: libwebp: WebPValidateDecoderConfig * Additional x86 (AVX2, SSE2), general optimizations and compression improvements for lossless * `-mt` returns same results as single-threaded lossless * Tool updates: * cwebp can restrict the use of `-resize` with `-resize_mode` ==== lua53 ==== - interpreter should only provide, not conflict lua symbol (bsc#1247521) ==== lua54 ==== - interpreter should only provide, not conflict lua symbol (bsc#1247521) ==== pinentry ==== - Fix build of :gui flavor on openSUSE Leap 15.6 (Qt6 needs higher C++ standard) - drop obsolete texinfo macros ==== pinentry-gui ==== - Fix build of :gui flavor on openSUSE Leap 15.6 (Qt6 needs higher C++ standard) - drop obsolete texinfo macros ==== poppler ==== Version update (25.07.0 -> 25.08.0) - version update to 25.08.0 + core: * FormWidgetSignature::signDocumentWithAppearance: add imagePath parameter * Fix parsing Distinguished Names that end with a hex string * Fix crashes in malformed documents + glib: * Add poppler_page_render_transparent_selection() * Add missing since to the documentation - fixes CVE-2025-50420 [bsc#1247590] ==== poppler-qt6 ==== Version update (25.07.0 -> 25.08.0) - version update to 25.08.0 + core: * FormWidgetSignature::signDocumentWithAppearance: add imagePath parameter * Fix parsing Distinguished Names that end with a hex string * Fix crashes in malformed documents + glib: * Add poppler_page_render_transparent_selection() * Add missing since to the documentation - fixes CVE-2025-50420 [bsc#1247590] ==== python-maturin ==== Version update (1.9.1 -> 1.9.3) - Update to 1.9.3 * Add support for RISC-V architecture in manylinux gh#PyO3/maturin#2694 * pyproject.toml: bump setuptools for PEP 639 gh#PyO3/maturin#2698 * Fix PEP 639 support for source distributions gh#PyO3/maturin#2704 * Fix relative README rewrite in source distributions gh#PyO3/maturin#2705 - Update to 1.9.2 * Respect PEP 621 dynamic fields when merging Cargo.toml metadata gh#PyO3/maturin#2672 * Only use all_features=true in sdist when local path dependencies exist gh#PyO3/maturin#2674 * auditwheel: add manylinux_2_26 policy gh#PyO3/maturin#2677 * Use user-specified library search paths in RUSTFLAGS in auditwheel gh#PyO3/maturin#2676 * pyproject.toml: add license-files gh#PyO3/maturin#2690 * Update manylinux/musllinux policies to the latest main gh#PyO3/maturin#2693 * Fix PEP 639 implementation, use License-Expression over License gh#PyO3/maturin#2695 ==== sdbootutil ==== Version update (1+git20250731.055e2fe -> 1+git20250804.8dccab3) Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper sdbootutil-tukit - Update to version 1+git20250804.8dccab3: * crypttab: do not add/remove parameters for ignored entries ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-boot systemd-experimental udev - Move run0 from the experimental sub-package to the main package - Import commit 835af70f4e4fab4746319145d9fdb1a01e33f4c8 835af70f4e core/cgroup: Properly handle aborting a pending freeze operation 1f96f9da13 detect-virt: add bare-metal support for GCE (bsc#1244449) - Update pam.systemd-run0 (in the experimental sub-package) - Build the experimental package for the mini flavor too Some tools in the experimental sub-package cannot be disabled at compile time. Previously, these tools were manually deleted after installation to prevent rpmbuild from reporting unpackaged files. However, as the number of such tools continues to grow, it's simpler to include them in the mini-experimental sub-package. ==== tiff ==== - bsc#1243503: Fix TIFFMergeFieldInfo() read_count=write_count=0 + tiff-4.7.0-bsc1243503.patch - security update: * CVE-2025-8176 [bsc#1247108] Fix heap use-after-free in tools/tiffmedian.c + tiff-CVE-2025-8176.patch * CVE-2025-8177 [bsc#1247106] Fix possible buffer overflow in tools/thumbnail.c:setrow() + tiff-CVE-2025-8177.patch ==== vmaf ==== - Move vmaf utilities to their own subpackage [boo#1247607] - Make specfile compliant with POSIX sh