Packages changed: apparmor gnome-maps (48.3 -> 48.4) gtk4 (4.18.5 -> 4.18.6) kernel-firmware-iwlwifi (20250603 -> 20250609) kernel-firmware-mediatek (20250603 -> 20250606) libapparmor libass (0.17.3 -> 0.17.4) liblouis (3.33.0 -> 3.34.0) libopenmpt (0.7.13 -> 0.8.0) libportal libslirp (4.9.0+5 -> 4.9.1+1) mozc openSUSE-release (20250610 -> 20250611) openal-soft (1.24.2 -> 1.24.3~179) orca (48.1 -> 48.2) ovmf (202502 -> 202505) patterns-base python-argcomplete python-ptyprocess python-pycairo (1.26.1 -> 1.28.0) python-pyinotify python-pysmbc python-python-slugify python-pyzmq python-requests (2.32.3 -> 2.32.4) python311 (3.11.12 -> 3.11.13) python311-core (3.11.12 -> 3.11.13) rpm samba (4.22.1+git.393.a3fcbaec1e5 -> 4.22.2+git.396.c752843dcf4) simple-scan (46.0 -> 48.1) sqlite3 (3.49.2 -> 3.50.1) virtualbox virtualbox-kmp vsftpd xdp-tools (1.4.2 -> 1.5.5) === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang python3-apparmor - update dovecot24.diff - more permissions for dovecot 2.4 (boo#1243008) ==== gnome-maps ==== Version update (48.3 -> 48.4) Subpackages: gnome-maps-lang - Update to version 48.4: + Fix search result popover not fitting on small screen (phone) devices + Show correct place type description for places of type "office" that are tagged on an entire building in OpenStreetMap + Updated translations. ==== gtk4 ==== Version update (4.18.5 -> 4.18.6) Subpackages: gtk4-lang gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0 - Update to version 4.18.6: + Bugs fixed: - Wrong behavior of GdkKeymap on macOS - cups: NULL-terminate array of choices - Fix the android build - icontheme: Load the missing image icon from the theme + Updated translations. ==== kernel-firmware-iwlwifi ==== Version update (20250603 -> 20250609) - Update to version 20250609 (git commit 0d92efb540f4): * Revert "iwlwifi: add Bz/gl FW for core96-76 release" ==== kernel-firmware-mediatek ==== Version update (20250603 -> 20250606) - Update to version 20250606 (git commit 4f0106cf1943): * mediatek MT7922: update bluetooth firmware to 20250523103438 * mediatek MT7921: update bluetooth firmware to 20250523111333 * linux-firmware: update firmware for MT7922 WiFi device * linux-firmware: update firmware for MT7921 WiFi device ==== libapparmor ==== - update dovecot24.diff - more permissions for dovecot 2.4 (boo#1243008) ==== libass ==== Version update (0.17.3 -> 0.17.4) - Update to 0.17.4: * add new API to prune old events from memory - ass_prune_events for manual pruning - ass_configure_prune to set up automatic pruning * add ASS_OVERRIDE_BIT_BLUR flag * fontconfig: fix minor memory leaks in pathological font setups * coretext: fix build on older compilers or Mac OS X 10.5 * checkasm: fix build for older compilers * aarch64: fix assembly build on strict compilers due to oversized align * meson: improve ASM configuration on x86 Android * meson: align MSVC warnings and optimisations closer to gcc-like compilers * meson can now build all dev utility executables ==== liblouis ==== Version update (3.33.0 -> 3.34.0) Subpackages: liblouis-data liblouis20 python3-louis - Update to version 3.34.0: + This release brings significant improvements to various language tables, particularly for Classical/Biblical Hebrew where three main standards are now supported. We have a new table for Thai Grade 2 contracted braille, and substantial updates to Lithuanian braille tables. There are also improvements to Hungarian, Dutch, Norwegian, and Turkish tables. On the technical side, there's new support for building macOS universal binaries and the pre-built html and plain text documentation is no longer packaged with the released tarball. ==== libopenmpt ==== Version update (0.7.13 -> 0.8.0) - Update to 0.8.0: * [New] Can now read PumaTracker (PUMA) modules. * [New] Can now read Face The Music (FTM) modules. * [New] Can now read Future Composer (FC / FC13 / FC14 / SMOD) modules. * [New] Can now read Game Music Creator (GMC) modules. * [New] Can now read Chuck Biscuits / Black Artist (CBA) modules from the Expoze musicdisk by Heretics * [New] Can now read Real Tracker 2 (RTM) modules. * [New] Can now read Images Music System (IMS) modules. * [New] Can now read ChipTracker (MOD) modules. * [New] Can now read TCB Tracker (MOD) modules. * [New] Can now read EasyTrax (ETX) modules. * [New] Can now load UNIC Tracker v1 (UNIC) files. * [New] MED: Synthesized and hybrid instruments are now supported. * [New] GT2: Better support for old “envelopes”, in particular adding support for the previously missing tremor / tremolo / vibrato. * [New] NST: His Master’s Noise “Mupp” instruments are now supported, as well as command 7 “mega-arp”. * [New] libopenmpt: New APIs for determining whether order list entries or pattern indices have a special meaning: openmpt::module::is_order_skip_entry(), openmpt::module::is_pattern_skip_item(), openmpt::module::is_order_stop_entry(), openmpt::module::is_pattern_stop_item() (C++), and openmpt_module_is_order_skip_entry(), openmpt_module_is_pattern_skip_item(), openmpt_module_is_order_stop_entry(), openmpt_module_is_pattern_stop_item() (C). * [New] libopenmpt: New APIs for retrieving pattern time signature information: openmpt::module::get_pattern_rows_per_beat(), openmpt::module::get_pattern_rows_per_measure() (C++), and openmpt_module_get_pattern_rows_per_beat(), openmpt_module_get_pattern_rows_per_measure() (C). * [New] libopenmpt: New APIs for retrieving the restart / loop position: openmpt::module::get_restart_order(), openmpt::module::get_restart_row() (C++), and openmpt_module_get_restart_order(), openmpt_module_get_restart_row() (C). * [New] libopenmpt: New API for retrieving the playback time at a given order / row combination: openmpt::module::get_time_at_position() (C++), and openmpt_module_get_time_at_position() (C). * When formatting pattern data, effect letters in the volume column are now always formatted correctly, regardless of the module format. * IT: Various playback fixes. * IT: When using tone portamento to another sample after the previous sample’s sustain loop has been released, the new sample should also not play its sustain loop. * IT: When triggering an empty instrument note slot, completely ignore the pattern cell - do not reset the currently playing instrument’s envelopes, and also don’t process any effects - including global ones. * IT: Offset with instrument number but no note should play offset effect with previous note. * IT: Fixed various combinations of volume column and effect column portamento effects. * IT: Implemented a quirk in command Lxx that always executes a portamento down when no tone portamento has been set up before, sometimes causing the target note to be reached immediately, or sliding the note down very subtly. * IT: Envelope Carry should not be influenced by a previous note-off. * XM: When a key-off is encountered before auto-vibrato reaches full depth, the depth is reset. * S3M: Combined slides (Kxy / Lxy) are no longer run on the first tick of a row in files made with Scream Tracker. * MOD: Groo’s “The Ultimate Beeper” now plays like in ProTracker. * DTM: Portamentos are now also evaluated on the first tick of the row. * MO3: If multiple sample slots shared the same Ogg Vorbis sample, only one sample slot was loaded. * MED: Various playback fixes. * SymMOD: Files containing more than 127 channels are no longer rejected. * Better support for automatic slide commands (commands that keep sliding on following rows) in various formats. * The pattern channel limit was raised from 127 to 192 for some formats. * openmpt123: Multi-threaded encoding is enabled with libFLAC 1.5.0 or newer. * xmp-openmpt: Memory consumption during file loading has been reduced. ==== libportal ==== Subpackages: libportal-gtk3-1 libportal-gtk4-1 libportal1 typelib-1_0-Xdp-1_0 - Fix qt devel sub-packages Requires. - Use _multibuild for qt5 and qt6 so we can disable building the qt5 flavor in SLE16/SLFO and enable it in Leap 16. ==== libslirp ==== Version update (4.9.0+5 -> 4.9.1+1) - Update to version 4.9.1+1: * Mention how to get debugging prints * Release v4.9.1 * tcp: Fix starting the linger2 timer on socket shutdown * tcp: Reduce linger time to two minutes * tcp: on input during init, reset TCPT_KEEP to TCPTV_KEEP_INIT * tcp: on input, reset TCPT_KEEP to TCPTV_KEEP_IDLE rather than TCPTV_KEEPINTVL * Modified util.c to handle WSA function return values closer to specification. Explicit checks for INVALID_SOCKET and SOCKET_ERROR are made. * apple: Fix getting IPv4 DNS server address when IPv4 and IPv4 are interleaved * Do not link tests with libslirp.map ==== mozc ==== Subpackages: fcitx-mozc ibus-mozc ibus-mozc-candidate-window mozc-gui-tools - Replace usage of %jobs for reproducible builds (boo#1237231) ==== openSUSE-release ==== Version update (20250610 -> 20250611) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== openal-soft ==== Version update (1.24.2 -> 1.24.3~179) Subpackages: libopenal1 openal-soft-data - Use the @TAG@~@VERSION@ format specifier in obs_scm service - Update to git version 1.24.3+git7f56dcdf. This includes the port to Qt6 added as a patch previously and also other fixes that let this build in Leap 15.6. - Drop patch that's already included in this version: * 1132.patch - Use %cmake_build instead of %make_jobs - Add 1132.patch: port to Qt6 - Apply spec-cleaner -ki changes - Replaced deprecated ALSOFT_CONFIG CMake option with ALSOFT_INSTALL_UTILS - Update to version 1.24.3: * Fixed handling WASAPI enumerated device changes * Fixed a crash with UWP builds when __wargv is null * Fixed using AL_FORMAT_BFORMAT3D_I32 * Improved the bsinc resamplers' cutoff frequencies * Slightly reduced the aliasing noise in the cubic spline resampler * Added new bsinc48 and fast_bsinc48 resampler options. * Added support for using NFC filters with UHJ output. ==== orca ==== Version update (48.1 -> 48.2) Subpackages: orca-lang - Update to version 48.2: + Web: - Fix two instances of Orca failing to interrupt speech during navigation. - Handle structural navigation among headings with broken ARIA authoring. - Fix population of the enable-structural-navigation checkbox. + Flat Review: - Fall back to clicking on object when clicking on character fails. - Work around issue causing objects with "dead"/missing children to not be included in the collection of objects. + General: - Fix several unhandled exceptions. - Fix chattiness related to deleting selected text. - Include state expanded when generating braille for table rows. - Include ancestors when generating speech for focused combo boxes. + Updated translations. ==== ovmf ==== Version update (202502 -> 202505) Subpackages: qemu-ovmf-x86_64 - Update to edk2-stable202505 - New Features & Bug Fixes (https://github.com/tianocore/edk2/releases): - NetworkPkg/IScsiDxe:Fix for out of bound memory access for bz4207 (CVE-2024-38805) - Multiple packages: stop using EmbeddedPkg libfdt - Adding support for TPM over FF-A on ARM platforms - SecurityPkg: Prevent invalid DBX from being set - SecurityPkg: Out of bound read in HashPeImageByType() - Adding support for MM Communicate v3 - BaseTools: Disable VS2019/2022 ARM/AARCH64 Stack Cookies - Introduce Redfish Platform Wanted Device Lib - HobLib: Add two new APIs in HobLib - Patches (git log --oneline --date-order edk2-stable202502..edk2-stable202505): 6951dfe7d5 OvmfPkg/VirtCommunicationDxe: add IoLib to VirtMmCommunication.inf 2e5b357a1f SecurityPkg/Tpm2InstanceLibFfa: Fix constructor wrong name 5ea30a061c MdeModulePkg/HiiDatabaseDxe: Fix BlockSize length b3a2f7ff24 NetworkPkg/IScsiDxe:Fix for out of bound memory access for bz4207 (CVE-2024-38805) 607c58ef01 .github: Compare collaborator GitHub ID's in single case 399a40e5cb ArmVirtPkg: Fix dsc include ordering b2db39cefe MdeModulePkg: Correct Usb Mouse Z for absolute pointer. fc215474c4 UefiCpuPkg: Enable the IPI vectors on LoongArch 7cea938ac5 UefiCpuPkg: Fix a bug about MP init on LoongArch 43e29830ef BaseTools: Fix Macro Expansion on Machine Architecture for Components 5bc52de687 MdeModulePkg: DebugImageInfoTable: Fix Array Maintenance 867fad874a MdeModulePkg: Fix Image Memory Protection Applying 28653a1c8a UefiCpuPkg/PiSmmCpuDxeSmm: Fix SMRAM memory leak during S3 resume d6101acb08 MdeModulePkg: Shortcircuit GCD Dumping Logic if Not Printing 2cff8743ce MdeModulePkg/Spi: Solving potential null ptr deref. in SpiNorFlashJedecSfdp 02ec228654 BaseTools: Change arm align value from 32 to 64 77b199b7b9 BaseTools: Update tools_def for aarch64 dca5d26bc5 UefiCpuPkg/MpInitLib: Fix SNP AP creation when using known APIC IDs dd8c272555 MdeModulePkg/AcpiTableDxe: Add function for extract ACPI table from HOB. 225bf1277c RedfishPkg/RedfishExDxe: call platform device wanted lib b2c4294c49 RedfishPkg: introduce platform wanted device lib 31fc56c70a ArmFfaLib: Replace SMCCC_VERSION check with FF-A version check 9948a30645 MdePkg/IndustryStandard: fix PASID supported bit 8aad683e59 ArmVirtPkg,DynamicTablesPkg,EmbeddedPkg,OvmfPkg: use MdePkg BaseFdtLib 37652b830e ArmVirtPkg/ArmVirtCloudHv: add missing PrePiLib dependency/resolution a862c07a3a MdePkg/BaseFdtLib: add FdtGetPropertyW wrapper cc52f88e61 MdePkg/BaseFdtLib: add FdtSubnodeOffset prototype e25331fc45 MdePkg,UefiPayloadPkg: clean up BaseFdtLib API confusion e1dee2bcfa MdeModulePkg SpiBus: Use correct GUID defdccd4ae ShellPkg: Add PCIe extended capability aa32d2cfc2 MdePkg: Add additional PCIe extended capabilities 98351bb0d9 NetworkPkg: Add PCD for HTTP transfer buffer size d985bd4b97 BaseTools: Scripts: efi_debugging.py: search for EFI_SYSTEM_TABLE_POINTER 55b4688157 BaseTools/Conf: Enable GCC preprocessor line-markers for VFR bf99048365 BaseTools: Add support for GCC preprocessor line directives 091bd7958b ReadMe.rst: Update pipeline badges for new pipelines 7664c0b4a6 DynamicTablesPkg: Fix incorrect WSMT table size 5ccb5fff02 MdeModulePkg: DxeCore: Set Image Protections Through GCD 6c6d6f42db MdeModulePkg: DxeCore: Lower Image Protection Print to Verbose Log Level 856bdc8eec OvmfPkg/CcExitLib: Use the proper register when filtering MSRs 956ef6cd8b ArmPkg/ArmScmiDxe: Use array indexing to access adjacent buffers c6db76402c MdeModulePkg BmDriverHealth.c: Support dump the driver name 135e07c6e5 DeviceManagerUiLib:Update DeviceManager form data when the form opens. 864cc900ab DisplayEngineDxe: Fix length when displaying menu string 7711e8a167 DynamicTablesPkg: Add Dbg2Generator Hostbased test d8d47a0ae6 DynamicTablesPkg: Add support for non-serial DBG2 devices 42c6deb6f8 DynamicTablesPkg/AcpiDbg2Lib.inf: Add support for X64 Build 8910f722c9 OvmfPkg/VirtMmCommunicationDxe: stop on init failure 4846ac933f ArmVirtPkg: set PcdQemuVarsRequire 9af96e21d8 OvmfPkg: add PcdQemuVarsRequire cd6f84b70c ArmVirtPkg/ArmVirtQemu: add QEMU_PV_VARS option 44989944a0 OvmfPkg/OvmfPkgX64: add QEMU_PV_VARS option 9dd47eeea1 OvmfPkg: add new VirtMmCommunicationDxe driver d198c80157 OvmfPkg: add IndustryStandard/QemuUefiVars.h d85ee54d53 OvmfPkg/HardwareInfoLib: add support for qemu vars device 26fb5edff3 MdeModulePkg/ArmFfaLib: Add depex on gEfiPeiMemoryDiscoveredPpiGuid 002d69ad9e OvmfPkg: Update ubuntu VM image to 24.04 06746e4b06 EmulatorPkg: Update ubuntu VM image to 24.04 e944c98e1b ArmVirtPkg: Update ubuntu VM image to 24.04 1ac795ea6c .azurepipelines: Update ubuntu VM image to 24.04 b833c2f3a6 .pytool: Update pipeline filename instructions ab3a451b1b OvmfPkg: Update pipeline filenames b9f565f8c9 EmulatorPkg: Update pipeline filenames 1566205a40 ArmVirtPkg: Rename Linux pipeline file a0d785a560 .azurepipelines: Update pipeline filenames d3b2ee2df3 ShellPkg: Updated Memory Form Factor definition per SMBIOS 3.8.0 1c4c85a003 MdePkg/Library: Remove unused gEfiDevicePathProtocolGuid be4ae9a97d MdePkg/Include/Ppi: Add back gEdkiiPeiMpServices2PpiGuid 3c79bd38e0 UefiCpuPkg: Add back gEdkiiPeiMpServices2PpiGuid 63e4713c48 OvmfPkg: switch 4M builds to full openssl 30c754d853 OvmfPkg: move openssl/tls library config to .dsc.inc file f96d38f432 ArmPkg/ArmScmiDxe: Fix SCMI param overwrite in multi-transaction scenario 8406e672e8 MdePkg: Updated Memory Form Factor definition per SMBIOS 3.8.0 99a5f388df UefiPayloadPkg: Fix a typo in SMM base 238dfc54d0 UefiPayloadPkg: Add MemoryTypeInformation HOB 19c6189f54 UefiPayloadPkg: Fix SMM build failure 003873db21 MdeModulePkg: PiSmmIpl: Fix physical address dereferencing 2e85d12685 CryptoPkg: Resolve CodeQL Errors 62390a89c5 MdePkg: Fix typos in PerformanceLib.h 5e5ca20bf7 Maintainers.txt: Add Kun Qin as reviewer for ARM-FFA folders in SecurityPkg 548c29129c SecurityPkg: Tpm2InstanceLibFfa: Introduce Tpm2InstanceLib over FF-A 86d5680817 SecurityPkg: Tpm2DeviceLibFfa: Introduce TPM device library over FF-A df77417d39 SecurityPkg: Tpm2ServiceFfa: Introduce TPM over FF-A Definitions 7d297e370e SecurityPkg: Tcg2AcpiFfa: Add Tcg2Acpi for FFA enabled ARM platforms 219c3bac05 SecurityPkg: SmmTcg2PhysicalPresenceLib: Add ARM platforms implementation ec5d8ad35f SecurityPkg: Tcg2StandaloneMmArm: Add Tcg2StandaloneMm for ARM platforms f89ae9ca2a SecurityPkg: PhysicalPresenceData: Add a GUID used for ACPI functions ... changelog too long, skipping 263 lines ... - ovmf-Revert-Add-Stack-Cookie-Support-to-MSVC-and-GCC.patch ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-x11 patterns-base-x11_enhanced - Add cockpit-packages to sw_management Recommends for SLES 16.0 (bsc#1240517). ==== python-argcomplete ==== - Remove executable bit on files installed outside of the path. (bsc#1244435) ==== python-ptyprocess ==== Subpackages: python311-ptyprocess python313-ptyprocess - Switch to pyproject macros. - No more greedy globs in %files. ==== python-pycairo ==== Version update (1.26.1 -> 1.28.0) Subpackages: python311-pycairo python313-pycairo - Update to 1.28.0: * Changes: + Remove hypothesis test dependency + Release the input buffer passed to ImageSurface.create_for_data() when calling Surface.finish() already, not just when the underlying surface is destroyed + Return a PathDataType (int subtype) instead of int with Path.__iter__() + Emit a DeprecationWarning in case ImageSurface.get_data() is called on an already finished surface. + Emit a DeprecationWarning for the undocumented num_glyphs parameter in Context.glyph_extents(), Context.glyph_path(), Context.show_glyphs(), ScaledFont.glyph_extents() * Fixes: + Remove the executable bit from cairo/__init__.py + Remove usage of removed typing.ByteString to fix compatibility with Python 3.14.0a1 + Drop support for Python 3.8 + Port PEP517/wheel build from setuptools to meson-python. + meson: install the package metadata to .dist-info/METADATA instead of .egg-info ==== python-pyinotify ==== Subpackages: python311-pyinotify python313-pyinotify - Switch to pyproject macros. ==== python-pysmbc ==== - Convert to pip-based build ==== python-python-slugify ==== - Switch to pyproject macros. ==== python-pyzmq ==== - Switch to pyproject macros. ==== python-requests ==== Version update (2.32.3 -> 2.32.4) Subpackages: python311-requests python313-requests - update to 2.32.4: * CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file * Numerous documentation improvements * Added support for pypy 3.11 for Linux and macOS. * Dropped support for pypy 3.9 following its end of support. - drop CVE-2024-47081.patch (merged upstream) ==== python311 ==== Version update (3.11.12 -> 3.11.13) Subpackages: python311-curses python311-dbm python311-x86-64-v3 - Update to 3.11.13: - Security - gh-135034: Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links. Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138 (bsc#1244059), CVE-2025-4330 (bsc#1244060), and CVE-2025-4517 (bsc#1244032). - gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non-“strict” error handler (CVE-2025-4516, bsc#1243273). - gh-128840: Short-circuit the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service. - Library - gh-128840: Fix parsing long IPv6 addresses with embedded IPv4 address. - gh-134062: ipaddress: fix collisions in __hash__() for IPv4Network and IPv6Network objects. - gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output according to RFC 3596, §2.5. Patch by Bénédikt Tran. - bpo-43633: Improve the textual representation of IPv4-mapped IPv6 addresses (RFC 4291 Sections 2.2, 2.5.5.2) in ipaddress. Patch by Oleksandr Pavliuk. - Remove upstreamed patches: - gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch - CVE-2025-4516-DecodeError-handler.patch ==== python311-core ==== Version update (3.11.12 -> 3.11.13) Subpackages: libpython3_11-1_0 libpython3_11-1_0-x86-64-v3 python311-base python311-base-x86-64-v3 - Update to 3.11.13: - Security - gh-135034: Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links. Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138 (bsc#1244059), CVE-2025-4330 (bsc#1244060), and CVE-2025-4517 (bsc#1244032). - gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non-“strict” error handler (CVE-2025-4516, bsc#1243273). - gh-128840: Short-circuit the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service. - Library - gh-128840: Fix parsing long IPv6 addresses with embedded IPv4 address. - gh-134062: ipaddress: fix collisions in __hash__() for IPv4Network and IPv6Network objects. - gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output according to RFC 3596, §2.5. Patch by Bénédikt Tran. - bpo-43633: Improve the textual representation of IPv4-mapped IPv6 addresses (RFC 4291 Sections 2.2, 2.5.5.2) in ipaddress. Patch by Oleksandr Pavliuk. - Remove upstreamed patches: - gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch - CVE-2025-4516-DecodeError-handler.patch ==== rpm ==== Subpackages: librpmbuild10 - use the pubkey modification time instead of the creation time as the release number, as it was with older rpm versions * new patch: pgpreleasemtime.diff ==== samba ==== Version update (4.22.1+git.393.a3fcbaec1e5 -> 4.22.2+git.396.c752843dcf4) Subpackages: libldb2 libldb2-32bit python3-ldb samba-ad-dc-libs samba-client samba-client-32bit samba-client-libs samba-client-libs-32bit samba-dcerpc samba-gpupdate samba-ldb-ldap samba-libs samba-libs-python3 samba-python3 samba-winbind samba-winbind-libs samba-winbind-libs-32bit - Update to 4.22.2 * (CVE-2025-0620) [SECURITY] CVE-2025-0620: smbd doesn't pick up group membership changes when re-authenticating an expired SMB session; (bso#15707); (bsc#1244136). * Profile sync fails due to Directory Leases; (bso#15861). * net ad join fails with "Failed to join domain: failed to create kerberos keytab"; (bso#15727). * dcerpcd not able to bind to listening port; (bso#15851). * vfs_ceph_snapshots fails to list snapshots for entries at any level beyond share root; (bso#15819). * CTDB does not put nodes running NFS into grace on graceful shutdown; (bso#15858). ==== simple-scan ==== Version update (46.0 -> 48.1) Subpackages: simple-scan-lang - Update to version 48.1: + Always tag JPEG-compressed PDF output as 8-bit RGB. + Use "view-more-symbolic" for the "Scan Options" button icon. + Add a test if the post-processing script path is empty (boo#1244036). + Fix the docker image name of the Arch Linux Distribution. + Update Ubuntu documentation. + metainfo: Fix wrong developer id. + Correct issue tracker URL. + Update minimum Meson version to 0.46. + Use RDNN app ID. + Updated translations. ==== sqlite3 ==== Version update (3.49.2 -> 3.50.1) Subpackages: libsqlite3-0 libsqlite3-0-x86-64-v3 sqlite3-tcl - Update to 3.50 (3.50.1): * Improved handling and robust output of control characters * sqlite3_rsync no longer requires WAL mode and needs less bandwidth * Bug fixes and optimized JSON handling * Performance optimizations and developer visible fixes ==== virtualbox ==== - fix build against 6.16, add: * kernel-6.16-READ-WRITE.patch * kernel-6.16-from_timer.patch * kernel-6.16-page-index.patch ==== virtualbox-kmp ==== - fix build against 6.16, add: * kernel-6.16-READ-WRITE.patch * kernel-6.16-from_timer.patch * kernel-6.16-page-index.patch ==== vsftpd ==== - Apply "terminate-peers-on-quit.patch" to introduce the new internal PRIV_SOCK_QUIT command which vsftpd sends to privileged parent processes to properly shut down the TLS connection in case we've received QUIT from the session client. This change avoids misleading error messages in the servers log file. [bsc#1199250] ==== xdp-tools ==== Version update (1.4.2 -> 1.5.5) - Update to v1.5.5 - added xdp-forward for forwarding traffic between interfaces - libxdp: options-based API for more flexible af_xdp umem and socket creation - libxdp: added support for af_xdp tx metadata - xdp-bench: improved reliability by removing packet header location assumptions - xdp-bench: new program for redirect benchmarking - xdp-trafficgen: support for specifying udp packet size - xdp-trafficgen: probe command can now target a specific interface - xdp-trafficgen: auto-load dummy xdp program to ensure packet sending - xdp-dump: increased max supported cpus to 512 - xdp-loader: allow loading xdp programs that modify the packet pointer - utils: improved pps statistics accuracy in xdp_sample - utils: correctly print statistics summary on signal interruption in xdp_sample - xdp-trafficgen: fix failure to exit after packet transmission loop - libxdp: fix incorrect xdp_umem_reg setsockopt size - libxdp: ensure correct error propagation by returning -errno - utils: fix incorrect packet count calculation in xdp_sample - Drop fix-clang20-build.patch since upstream remedy is included since v1.5.4