Packages changed: AppStream (1.0.4 -> 1.0.5) AppStream-qt6 (1.0.4 -> 1.0.5) Box2D Mesa (25.0.4 -> 25.0.5) Mesa-drivers (25.0.4 -> 25.0.5) aaa_base (84.87+git20250425.1664836 -> 84.87+git20250429.1cad3bc) ayatana-ido (0.10.2 -> 0.10.4) blog (2.34 -> 2.35) busybox container-selinux (2.236.0 -> 2.237.0) cyrus-imapd firewalld gcc15 (15.0.1+git9352 -> 15.1.1+git9595) gimp gnome-music (48.beta+25 -> 48.beta+31) gnutls grub2 hwdata (0.393 -> 0.394) jitterentropy (3.4.1 -> 3.6.3) libavif (1.1.1 -> 1.2.1) libgpg-error (1.54 -> 1.55) libheif (1.19.7 -> 1.19.8) liblogging libnftnl libsoup libsoup2 libzypp (17.36.6 -> 17.36.7) mariadb ncurses (6.5.20250412 -> 6.5.20250426) openSUSE-release (20250428 -> 20250501) openssl-3 (3.2.4 -> 3.5.0) openssl (3.2.4 -> 3.5.0) python-MarkupSafe (2.1.5 -> 3.0.2) python-greenlet (3.1.1 -> 3.2.1) python-pycares (4.6.0 -> 4.6.1) python-pylsqpack (0.3.19 -> 0.3.20) sdbootutil (1+git20250425.25d659b -> 1+git20250430.f7d1ad1) selinux-policy (20250411 -> 20250429) sqlite3 texlive webrtc-audio-processing-1 wtmpdb (0.73.0+git20250408.edb8638 -> 0.74.0+git20250424.2e93e77) yast2-journal (5.0.1 -> 5.0.2) yast2-trans (84.87.20250416.5cd9324ae2 -> 84.87.20250422.c1fec29547) zypper (1.14.88 -> 1.14.89) === Details === ==== AppStream ==== Version update (1.0.4 -> 1.0.5) Subpackages: AppStream-lang libappstream5 - Update to 1.0.5 Features: * qt: Expose markup conversion utils * desktop-styles: Add android and iOS * validator: Check for xml:lang="en" being used on description template elements * validator: Flag cases of raw text in "description" elements * metadata: Add more known extensions into as_metadata_file_guess_style() Specification: * docs: Clarify that the style segment of a screenshot environment is optional * docs: Explain consequences of defining an icon for desktop-app metainfo * docs: Clarify that description content must be in p/li elements Bugfixes: * validator: mark as_validator_issue_tag_list static * docs: Add workaround for gi-docgen misnaming devhelp files * compose: Do not permit SVG images as screenshots * compose: Don't "forget" to scan remaining paths when re-encountering a dir * pool: Try explicit singular term match if we only have low-quality tokens * utils: Provide compatibility with Fedora icon tarballs when installing them * utils: Remove leftover g_chmod() * zstd-decompressor: Pass output/written data when decompression finished * utils: Expect a dash in icons file name * utils: Recognize .yml* and .yaml* file extension variants, and .zst extension * utils: Rename the appstream file when re-saving it on install ==== AppStream-qt6 ==== Version update (1.0.4 -> 1.0.5) - Update to 1.0.5 Features: * qt: Expose markup conversion utils * desktop-styles: Add android and iOS * validator: Check for xml:lang="en" being used on description template elements * validator: Flag cases of raw text in "description" elements * metadata: Add more known extensions into as_metadata_file_guess_style() Specification: * docs: Clarify that the style segment of a screenshot environment is optional * docs: Explain consequences of defining an icon for desktop-app metainfo * docs: Clarify that description content must be in p/li elements Bugfixes: * validator: mark as_validator_issue_tag_list static * docs: Add workaround for gi-docgen misnaming devhelp files * compose: Do not permit SVG images as screenshots * compose: Don't "forget" to scan remaining paths when re-encountering a dir * pool: Try explicit singular term match if we only have low-quality tokens * utils: Provide compatibility with Fedora icon tarballs when installing them * utils: Remove leftover g_chmod() * zstd-decompressor: Pass output/written data when decompression finished * utils: Expect a dash in icons file name * utils: Recognize .yml* and .yaml* file extension variants, and .zst extension * utils: Rename the appstream file when re-saving it on install ==== Box2D ==== - Drop BuildRequires: glew-devel as it is not used for build ==== Mesa ==== Version update (25.0.4 -> 25.0.5) Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1 - Update to release 25.0.5 - -> https://docs.mesa3d.org/relnotes/25.0.5 ==== Mesa-drivers ==== Version update (25.0.4 -> 25.0.5) Subpackages: Mesa-dri Mesa-gallium Mesa-libva Mesa-vulkan-device-select libvulkan_lvp libxatracker2 - Update to release 25.0.5 - -> https://docs.mesa3d.org/relnotes/25.0.5 ==== aaa_base ==== Version update (84.87+git20250425.1664836 -> 84.87+git20250429.1cad3bc) Subpackages: aaa_base-extras - Update to version 84.87+git20250429.1cad3bc: * Remove alias "you" (boo#1242011) ==== ayatana-ido ==== Version update (0.10.2 -> 0.10.4) - Update to version 0.10.4: * src/idoscalemenuitem.c: Disable menu item selection * src/idoscalemenuitem.c: Add ability to close the menu when the slider's value changes. - Update to version 0.10.3: * src/idoswitchmenuitem.c: Allow the switch to display an accelerator. ==== blog ==== Version update (2.34 -> 2.35) Subpackages: libblogger2 - Update to version 2.35 * Make s390 3215 console work that is use EPOLLOUT|EPOLLONESHOT to control if we can write to ttyS0 in nonblocking mode and if not reenable EPOLLOUT|EPOLLONESHOT. * At boot set for ttyS0 via vmcp API nonblocking MORE mode with `0 0'. It beeps but boots. - Remove patches now upstream * blog-3215.patch * blog-install.patch ==== busybox ==== Subpackages: busybox-static - fix regression in hexdump that broke kernel build: * busybox-1.37.0-fix-regression-n2.patch - fix build/tests and hexdump on big endian systems (S390): * busybox-1.37.0-hexdump-fix-regression-for-uint16-on-big-endian-syst.patch * busybox-1.37.0-od-make-B-test-little-endian-only-add-variant-for-bi.patch * busybox-1.37.0-hexdump-add-tests-for-x-handle-little-big-endian-pro.patch ==== container-selinux ==== Version update (2.236.0 -> 2.237.0) - Update to version 2.237.0: * bootc/install_t: allow transition to container_runtime_t * Allow containers to mask parts of their /proc ==== cyrus-imapd ==== Subpackages: cyradm libcyrus0 perl-Cyrus-Annotator perl-Cyrus-IMAP perl-Cyrus-SIEVE-managesieve - CVE-2025-23394: cyrus-imapd: daily-backup.sh allows escalation from cyrus to root (bsc#1241536) Adapt backup-cyrus.service to run as user cyrus:mail ==== firewalld ==== Subpackages: firewalld-bash-completion firewalld-lang python3-firewall - Split the package to build the firewalld-rpmmacros subpackage in a _multibuild flavor so that we can build it in Factory/i586 by itself instead of building the whole package, which has more dependencies (like python-PyQt6). ==== gcc15 ==== Version update (15.0.1+git9352 -> 15.1.1+git9595) Subpackages: cpp15 gcc15-locale libasan8 libatomic1 libgcc_s1 libgcc_s1-32bit libgccjit0 libgfortran5 libgomp1 libhwasan0 libitm1 liblsan0 libobjc4 libquadmath0 libstdc++6 libstdc++6-32bit libstdc++6-locale libstdc++6-pp libstdc++6-pp-32bit libtsan2 libubsan1 - Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Build the COBOL frontend also for risc-v - Add loongarch64 to quadmath_arch ==== gimp ==== Subpackages: gimp-plugin-aa gimp-plugin-python3 libgimp-3_0-0 libgimpui-3_0-0 - Added libheif-aom dependency to AVIF support (boo#1241553). ==== gnome-music ==== Version update (48.beta+25 -> 48.beta+31) Subpackages: gnome-music-lang - Update to version 48.beta+31: + Remove useless GIRepository import. + Updated translations. ==== gnutls ==== Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-32bit - Fix FIPS mode running on Tumbleweed [bsc#1237101] * When nettle or libhogweed are installed with glbic-hwcaps for x86_64-v3, some paths differ and we are unable to match the hmac file for the lib. * Add gnutls-FIPS-HMAC-x86_64-v3-opt.patch ==== grub2 ==== Subpackages: grub2-common grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-efi-bls grub2-x86_64-xen - grub2-common: use fuse3 ==== hwdata ==== Version update (0.393 -> 0.394) - Update to version 0.394: * Update pci and vendor ids ==== jitterentropy ==== Version update (3.4.1 -> 3.6.3) Subpackages: libjitterentropy3 libjitterentropy3-32bit - Update to 3.6.3: [bsc#1242050] * Correct time stamp processing on AIX * Use high-resolution time stamp on Apple Silicon * GCD power-up test: consider OSR * Remove patches fixed in the update: - jitterentropy-fix-a-stack-corruption-on-s390x.patch * Rebase patches: - jitterentropy-split-internal-header.patch - jitterentropy-with-debug.patch - Update to 3.6.2: * Fix RCT re-initialization in jent_read_entropy_safe * simplify test code * improve keyword portability - Update to 3.6.1: * Add more test code * Add support for SunPRO compiler * Fix compilation on OpenBSD by replacing sed with tr * internal timer: Add support for Apple * Various small fixes to compilation to imporve portability - Update to 3.6.0: * Remove bi-modal behavior of conditioning function * Make jent_read_entropy_safe safer by retrying the health test * Move the version information to make them available at compile time - Update to 3.5.0: * add distinction between intermittent and permanent health failure * add compile time option to allow configuring a mask to reduce the size of the time stamp used for the APT ==== libavif ==== Version update (1.1.1 -> 1.2.1) - Disable tests due to restrictions in Factory/ring1. - Temporary deactivation of the generation of manual pages with pandoc due to restrictions in Factory/ring1. (https://build.opensuse.org/request/show/1272161#comment-2136811) - update to 1.2.1: * Added since 1.2.0 - Add support for outputting all frames of an image sequence in avifdec. - avifdec --index all sequence.avif out.png creates files named - out-xxxxxxxxxx.png where xxxxxxxxxx are the zero-padded frame indices. * Changed since 1.2.0 - Fix local libargparse dependency patch step on macOS 10.15 and earlier. - Patch local libyuv dependency for compatibility with gcc 10. - Use stricter C99 syntax to avoid related compilation issues. - Update svt.cmd/svt.sh/LocalSvt.cmake to v3.0.1. - update to 1.2.0: * Added since 1.1.1 - Turn on the gain map API. Remove the AVIF_ENABLE_EXPERIMENTAL_GAIN_MAP CMake flag. - Allow YCgCo_Re and YCgCo_Ro encoding/decoding and update the enum values to the latest CICP specification. Remove the AVIF_ENABLE_EXPERIMENTAL_YCGCO_R CMake flag. - Add the properties and numProperties fields to avifImage. They are filled by the avifDecoder instance with the properties unrecognized by libavif. They are written by the avifEncoder. - Add avif(Un)SignedFraction structs and avifDoubleTo(Un)SignedFraction utility functions. - Add 'avifgainmaputil' command line tool to installed apps. - Add avifCropRectRequiresUpsampling(). - Add experimental support for PixelInformationProperty syntax from HEIF 3rd Ed. Amd2 behind the compilation flag AVIF_ENABLE_EXPERIMENTAL_EXTENDED_PIXI. - Add experimental Sample Transform recipe BIT_DEPTH_EXTENSION_12B_8B_OVERLAP_4B. * Changed since 1.1.1 - avifenc: Allow large images to be encoded. - Fix empty CMAKE_CXX_FLAGS_RELEASE if -DAVIF_CODEC_AOM=LOCAL -DAVIF_LIBYUV=OFF is specified. #2365. - Rename AVIF_ENABLE_EXPERIMENTAL_METAV1 to AVIF_ENABLE_EXPERIMENTAL_MINI and update the experimental reduced header feature to the latest specification draft. Rename AVIF_HEADER_REDUCED to AVIF_HEADER_MINI. - Update the experimental Sample Transform feature behind the AVIF_ENABLE_EXPERIMENTAL_SAMPLE_TRANSFORM CMake flag to the latest specification draft. - Ignore gain maps with unsupported metadata. Handle gain maps with writer_version > 0 correctly. - Simplify gain map API: remove the enableParsingGainMapMetadata setting, now gain map metadata is always parsed if present and if this feature is compiled in. Replace enableDecodingGainMap and ignoreColorAndAlpha with a bit field to choose image content to decode. Remove gainMapPresent: users can check if decoder->image->gainMap != NULL instead. Remove avifGainMapMetadata and avifGainMapMetadataDouble structs. - Write an empty HandlerBox name field instead of "libavif" (saves 7 bytes). - Check for FileTypeBox precedence in avifParse(). - Do not write an alternative group with the same ID as an item. - Update aom.cmd/LocalAom.cmake: v3.12.0. The new codec-specific option tune=iq (image quality) is added in libaom v3.12.0. - Update parseAV2SequenceHeader() and avm.cmd: research-v9.0.0 - Update dav1d.cmd/dav1d_android.sh/LocalDav1d.cmake: 1.5.1 - Update libjpeg.cmd/LocalJpeg.cmake: v3.0.4 - Update libxml2.cmd/LocalLibXml2.cmake: v2.13.5 - Update libyuv.cmd: ccdf87034 (1903) - Update svt.cmd/svt.sh/LocalSvt.cmake to v3.0.0. When available, use EbSvtAv1EncConfiguration::lossless and ::level_of_parallelism in libavif. - Remove AVIF_ENABLE_GTEST CMake option. It's now implied by AVIF_GTEST=LOCAL/SYSTEM. - Deprecate avifEncoder's minQuantizer, maxQuantizer, minQuantizerAlpha, and maxQuantizerAlpha fields. quality and qualityAlpha should be used instead. Deprecate avifenc's --min, --max, --minalpha and --maxalpha flags. -q or --qcolor and --qalpha should be used instead. - For dependencies, the deprecated way of setting AVIF_LOCAL_* to ON is removed. Dependency options can now only be set to OFF/LOCAL/SYSTEM. - Change the default quality for alpha to be the same as the quality for color. - Allow decoding subsampled images with odd Clean Aperture dimensions or offsets. - Deprecate avifCropRectConvertCleanApertureBox() and avifCleanApertureBoxConvertCropRect(). Replace them with avifCropRectFromCleanApertureBox() and avifCleanApertureBoxFromCropRect(). - Write descriptive properties before transformative properties. - Reject non-essential transformative properties. - Treat avifenc --stdin as a regular positional file path argument. - Update man pages based on avifenc/dec's --help message. - android_jni: Support 16kb page size - android_jni: Set threads to 2 instead of CPU count - Fix overflows when dealing with alpha during YUV/RGB conversions and in avifRGBImageAllocatePixels(). - Make avifEncoder.headerFormat a flag combination for future features. - Rename AVIF_HEADER_FULL to AVIF_HEADER_DEFAULT. Deprecate AVIF_HEADER_FULL. - Fix decoding image sequences with non video tracks (such as audio or subtitles). - Fix type checking of auxiliary tracks: previously any auxiliary track was assumed to be alpha, even if it was a different type. If the aux type is absent, it is assumed to be alpha. - Add libargparse-ee74d1b53bd680748af14e737378de57e2a0a954.tar.gz - Add %check/tests - Add man pages ==== libgpg-error ==== Version update (1.54 -> 1.55) Subpackages: libgpg-error0 libgpg-error0-32bit - Update to 1.55: * Rewrite the extended length path handling under Windows. [T5754] * Add new test commands to the gpg-error tool. Allow command w/o dashes and reformat the help. [rEc002490a8f] * Silence warning from gcc 15. [T7621] ==== libheif ==== Version update (1.19.7 -> 1.19.8) Subpackages: gdk-pixbuf-loader-libheif libheif-aom libheif-dav1d libheif-ffmpeg libheif-jpeg libheif-openjpeg libheif-rav1e libheif-svtenc libheif1 - update to 1.19.8: * Set essential flag for transformative properties as required by MIAF. This fixes the display of AVIF images with transformations encoded by libheif in Chrome, which checks whether this flag is set. This mainly affected images encoded by ImageMagick. * If the environment variable LIBHEIF_SECURITY_LIMITS is set to OFF, libheif will not check any security limits. This can be used if a user works with large images and the application software does not allow to adjust the libheif security limits. * Resolved processing 16-bit JPEG-2000 ==== liblogging ==== - Compile with gcc15 instead of gcc14 * gcc14 is not availalbe in the Leap16 codestream ==== libnftnl ==== - Update signing key to 0x8C5F7146A1757A65E2422A94D70D1A666ACF2B21, which is currently used to sign the latest tarballs including version 1.2.9. ==== libsoup ==== Subpackages: libsoup-3_0-0 libsoup-lang typelib-1_0-Soup-3_0 - Add libsoup-CVE-2025-32907.patch: correct merge of ranges (boo#1241222 CVE-2025-32907 glgo#GNOME/libsoup!452). ==== libsoup2 ==== Subpackages: libsoup-2_4-1 libsoup2-lang - Add more CVE fixes: + c9083869.patch (boo#1241686 CVE-2025-46420) + libsoup-CVE-2025-32914.patch (boo#1241164 CVE-2025-32914) + libsoup-CVE-2025-32907.patch (boo#1241222 CVE-2025-32907) + libsoup-CVE-2025-46421.patch (boo#1241688 CVE-2025-46421) ==== libzypp ==== Version update (17.36.6 -> 17.36.7) - fixed build with boost 1.88. - XmlReader: Fix detection of bad input streams (fixes #635) libxml2 2.14 potentially reads the complete stream, so it may have the 'eof' bit set. Which is not 'good' but also not 'bad'. - rpm: Fix detection of %triggerscript starts (bsc#1222044) - RepoindexFileReader: add more related attributes a service may set. Add optional attributes gpgcheck, repo_gpgcheck, pkg_gpgcheck, keeppackages, gpgkey, mirrorlist, and metalink with the same semantic as in a .repo file. - version 17.36.7 (35) ==== mariadb ==== Subpackages: libmariadbd19 mariadb-client mariadb-errormessages - Fix galera condition in SLFO - Fix exclude list for galera-related files when galera is disabled ==== ncurses ==== Version update (6.5.20250412 -> 6.5.20250426) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20250426 + expand note on extensions in curs_addch.3x + add illumos, sun-16color, sun-256color, sun-direct -TD + add wyse+cvis -TD - Add ncurses patch 20250419 + add note on scrolling and lower-right corner to waddch and wadd_wch manual pages. - Modify patch ncurses-5.9-ibm327x.dif * sclp term: more missed features like home/end/pageup/pagedown keys ==== openSUSE-release ==== Version update (20250428 -> 20250501) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== openssl-3 ==== Version update (3.2.4 -> 3.5.0) Subpackages: libopenssl3 libopenssl3-32bit libopenssl3-x86-64-v3 - Update to 3.5.0: * Changes: - Default encryption cipher for the req, cms, and smime applications changed from des-ede3-cbc to aes-256-cbc. - The default TLS supported groups list has been changed to include and prefer hybrid PQC KEM groups. Some practically unused groups were removed from the default list. - The default TLS keyshares have been changed to offer X25519MLKEM768 and and X25519. - All BIO_meth_get_*() functions were deprecated. * New features: - Support for server side QUIC (RFC 9000) - Support for 3rd party QUIC stacks including 0-RTT support - Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA) - A new configuration option no-tls-deprecated-ec to disable support for TLS groups deprecated in RFC8422 - A new configuration option enable-fips-jitter to make the FIPS provider to use the JITTER seed source - Support for central key generation in CMP - Support added for opaque symmetric key objects (EVP_SKEY) - Support for multiple TLS keyshares and improved TLS key establishment group configurability - API support for pipelining in provided cipher algorithms * Remove patches: - openssl-3-disable-hmac-hw-acceleration-with-engine-digest.patch - openssl-3-support-CPACF-sha3-shake-perf-improvement.patch - openssl-3-add-defines-CPACF-funcs.patch - openssl-3-fix-memleak-s390x_HMAC_CTX_copy.patch - openssl-3-add-xof-state-handling-s3_absorb.patch - openssl-3-fix-state-handling-sha3_absorb_s390x.patch - openssl-3-fix-s390x_shake_squeeze.patch - openssl-3-hw-acceleration-aes-xts-s390x.patch - openssl-3-support-EVP_DigestSqueeze-in-digest-prov-s390x.patch - openssl-3-fix-state-handling-keccak_final_s390x.patch - openssl-3-add-hw-acceleration-hmac.patch - openssl-3-fix-state-handling-sha3_final_s390x.patch - openssl-3-fix-hmac-digest-detection-s390x.patch - openssl-3-support-multiple-sha3_squeeze_s390x.patch - openssl-3-fix-sha3-squeeze-ppc64.patch - openssl-3-fix-s390x_sha3_absorb.patch - openssl-3-fix-state-handling-shake_final_s390x.patch - openssl-3-add_EVP_DigestSqueeze_api.patch - openssl-FIPS-enforce-security-checks-during-initialization.patch - openssl-FIPS-140-3-zeroization.patch - openssl-FIPS-Add-explicit-indicator-for-key-length.patch - openssl-FIPS-Mark-SHA1-as-nonapproved.patch - openssl-Remove-EC-curves.patch - openssl-FIPS-services-minimize.patch - openssl-Revert-Improve-FIPS-RSA-keygen-performance.patch - openssl-3-FIPS-GCM-Implement-explicit-indicator-for-IV-gen.patch - openssl-3-fix-quic_multistream_test.patch - openssl-3-jitterentropy-3.4.0.patch - openssl-Add-FIPS-indicator-parameter-to-HKDF.patch - openssl-FIPS-140-3-DRBG.patch - openssl-FIPS-Use-FFDHE2048-in-self-test.patch - openssl-FIPS-Use-digest_sign-digest_verify-in-self-test.patch - openssl-FIPS-signature-Add-indicator-for-PSS-salt-length.patch - openssl-pbkdf2-Set-indicator-if-pkcs5-param-disabled-checks.patch - openssl-FIPS-enforce-EMS-support.patch - openssl-Allow-disabling-of-SHA1-signatures.patch - openssl-3-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch * Rebased patches: - openssl-pkgconfig.patch - openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch - openssl-Add-Kernel-FIPS-mode-flag-support.patch - openssl-Force-FIPS.patch - openssl-disable-fipsinstall.patch - openssl-FIPS-embed-hmac.patch - openssl-Add-changes-to-ectest-and-eccurve.patch - openssl-Disable-explicit-ec.patch - openssl-skipped-tests-EC-curves.patch - openssl-FIPS-140-3-keychecks.patch - openssl-FIPS-early-KATS.patch - openssl-FIPS-limit-rsa-encrypt.patch - openssl-FIPS-Expose-a-FIPS-indicator.patch - openssl-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch - openssl-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch - openssl-pbkdf2-Set-minimum-password-length-of-8-bytes.patch - openssl-FIPS-RSA-disable-shake.patch - openssl-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch - openssl-FIPS-Enforce-error-state.patch - openssl-FIPS-Remove-X9.31-padding-from-FIPS-prov.patch - openssl-FIPS-enforce-EMS-support.patch - openssl-TESTS-Disable-default-provider-crypto-policies.patch - openssl-skip-quic-pairwise.patch * Add patches: - openssl-FIPS-Fix-encoder-decoder-negative-test.patch - openssl-FIPS-SUSE-FIPS-module-version.patch - openssl-FIPS-EC-disable-weak-curves.patch - openssl-FIPS-NO-DES-support.patch - openssl-FIPS-NO-DSA-Support.patch - openssl-FIPS-NO-Kmac.patch - openssl-FIPS-NO-PQ-ML-SLH-DSA.patch - openssl-shared-jitterentropy.patch - openssl-rh-allow-sha1-signatures.patch - openssl-disable-75-test_quicapi-test.patch - Changes between 3.3.0 and 3.4.0: * Changes: - Deprecation of TS_VERIFY_CTX_set_* functions and addition of ... changelog too long, skipping 96 lines ... - Support for using certificate profiles and extened delayed delivery in CMP ==== openssl ==== Version update (3.2.4 -> 3.5.0) - Update to 3.5.0 ==== python-MarkupSafe ==== Version update (2.1.5 -> 3.0.2) - Update to 3.0.2 * Fix compatibility when __str__ returns a str subclass. #472 * Build requires setuptools >= 70.1. #475 - Update to 3.0.1 * Address compiler warnings that became errors in GCC 14. #466 * Fix compatibility with proxy objects. #467 - Update to 3.0.0 * Support Python 3.13 and its experimental free-threaded build. #461 * Drop support for Python 3.7 and 3.8. * Use modern packaging metadata with pyproject.toml instead of setup.cfg. #348 * Change distutils imports to setuptools. #399 * Use deferred evaluation of annotations. #400 * Update signatures for Markup methods to match str signatures. Use positional-only arguments. #400 * Some str methods on Markup no longer escape their argument: strip, lstrip, rstrip, removeprefix, removesuffix, partition, and rpartition; replace only escapes its new argument. These methods are conceptually linked to search methods such as in, find, and index, which already do not escape their argument. #401 * The __version__ attribute is deprecated. Use feature detection, or importlib.metadata.version("markupsafe"), instead. #402 * Speed up escaping plain strings by 40%. #434 * Simplify speedups implementation. #437 ==== python-greenlet ==== Version update (3.1.1 -> 3.2.1) - Update to 3.2.1 * Fix a crash regression for Riscv64. See issue 443. - from version 3.2.0 * Remove support for Python 3.7 and 3.8. * Add untested, community supported implementation for RiscV 32. See PR 438. * Make greenlet build and run on Python 3.14a7. It will not build on earlier 3.14 alpha releases, and may not build on later 3.14 releases. * Packaging: Use PEP 639 license expressions and include license files. ==== python-pycares ==== Version update (4.6.0 -> 4.6.1) - update to 4.6.1: * Fix missing attribute type information for errno ==== python-pylsqpack ==== Version update (0.3.19 -> 0.3.20) - update to 0.3.20: * update ls-qpack to 2.6.1 ==== sdbootutil ==== Version update (1+git20250425.25d659b -> 1+git20250430.f7d1ad1) Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper - Update to version 1+git20250430.f7d1ad1: * Update DA lockout message * jeos-firstboot-enroll: show errors as dialog ==== selinux-policy ==== Version update (20250411 -> 20250429) Subpackages: selinux-policy-targeted - Update to version 20250429: * Allow cluster_t use NoNewPrivileges systemd hardening (bsc#1241921) * allows gssd_t to read nfs symlinks (bsc#1241042) * Label tpm2-measure.log with systemd_pcrlock_var_lib_t (bsc#1240887) ==== sqlite3 ==== Subpackages: libsqlite3-0 libsqlite3-0-x86-64-v3 sqlite3-tcl - Add subpackage for the lemon parser generator. - Add patches: * sqlite-3.49.0-fix-lemon-missing-cflags.patch * sqlite-3.6.23-lemon-system-template.patch ==== texlive ==== - Add source-asymptote-liblsp.dif: fix some missing #include statements (boo#1241475) ==== webrtc-audio-processing-1 ==== - Add webrtc-audio-processing-1.3-gcc15.patch to fix gcc-15 compile time errors ==== wtmpdb ==== Version update (0.73.0+git20250408.edb8638 -> 0.74.0+git20250424.2e93e77) Subpackages: libwtmpdb0 - Update to version 0.74.0+git20250424.2e93e77: * Release version 0.74.0 * Fix varlink interface name (rebootmgr vs wtmpdb) * import: match login by tty if non-zero pid does not match ==== yast2-journal ==== Version update (5.0.1 -> 5.0.2) - Fixed regexp for changed 'journalctl --list-boots' output: Now taking daylight savings time on/off into account (bsc#1241904) - 5.0.2 ==== yast2-trans ==== Version update (84.87.20250416.5cd9324ae2 -> 84.87.20250422.c1fec29547) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20250422.c1fec29547: * Translated using Weblate (Polish) ==== zypper ==== Version update (1.14.88 -> 1.14.89) Subpackages: zypper-log zypper-needs-restarting - Updated translations (bsc#1230267) - version 1.14.89