Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version=Tumbleweed&build=20250829 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: apache2-mod_php8 (8.4.11 -> 8.4.12) aws-lc (1.58.1 -> 1.59.0) kmod lightdm-gtk-greeter-branding-openSUSE net-tools nftables (1.1.4 -> 1.1.5) openSUSE-release (20250827 -> 20250829) pam pam-full-src patterns-xfce pcre2 (10.45 -> 10.46) php8 (8.4.11 -> 8.4.12) qt6-base (6.9.1 -> 6.9.2) qt6-declarative (6.9.1 -> 6.9.2) qt6-imageformats (6.9.1 -> 6.9.2) qt6-location (6.9.1 -> 6.9.2) qt6-multimedia (6.9.1 -> 6.9.2) qt6-networkauth (6.9.1 -> 6.9.2) qt6-positioning (6.9.1 -> 6.9.2) qt6-qt5compat (6.9.1 -> 6.9.2) qt6-quick3d (6.9.1 -> 6.9.2) qt6-quicktimeline (6.9.1 -> 6.9.2) qt6-sensors (6.9.1 -> 6.9.2) qt6-shadertools (6.9.1 -> 6.9.2) qt6-speech (6.9.1 -> 6.9.2) qt6-svg (6.9.1 -> 6.9.2) qt6-tools (6.9.1 -> 6.9.2) qt6-translations (6.9.1 -> 6.9.2) qt6-virtualkeyboard (6.9.1 -> 6.9.2) qt6-wayland (6.9.1 -> 6.9.2) qt6-webchannel (6.9.1 -> 6.9.2) qt6-webengine (6.9.1 -> 6.9.2) qt6-webview (6.9.1 -> 6.9.2) xfce4-session === Details === ==== apache2-mod_php8 ==== Version update (8.4.11 -> 8.4.12) - version update to 8.4.12 Core: Fixed GH-19169 build issue with C++17 and ZEND_STATIC_ASSERT macro. Fixed bug GH-19053 (Duplicate property slot with hooks and interface property). Fixed bug GH-19044 (Protected properties are not scoped according to their prototype). Fixed bug GH-18581 (Coerce numeric string keys from iterators when argument unpacking). Fixed OSS-Fuzz #434346548 (Failed assertion with throwing __toString in binary const expr). Fixed bug GH-19305 (Operands may be being released during comparison). Fixed bug GH-19303 (Unpacking empty packed array into uninitialized array causes assertion failure). Fixed bug GH-19306 (Generator can be resumed while fetching next value from delegated Generator). Fixed bug GH-19326 (Calling Generator::throw() on a running generator with a non-Generator delegate crashes). Fixed bug GH-19280 (Stale array iterator position on rehashing). Fixed bug GH-18736 (Circumvented type check with return by ref + finally). Fixed bug GH-19065 (Long match statement can segfault compiler during recursive SSA renaming). Calendar: Fixed bug GH-19371 (integer overflow in calendar.c). FTP: Fix theoretical issues with hrtime() not being available. GD: Fix incorrect comparison with result of php_stream_can_cast(). Hash: Fix crash on clone failure. Intl: Fix memleak on failure in collator_get_sort_key(). Fix return value on failure for resourcebundle count handler. LDAP: Fixed bug GH-18529 (additional inheriting of TLS int options). LibXML: Fixed bug GH-19098 (libxml<2.13 segmentation fault caused by php_libxml_node_free). MbString: Fixed bug GH-19397 (mb_list_encodings() can cause crashes on shutdown). Opcache: Reset global pointers to prevent use-after-free in zend_jit_status(). Fix issue with JIT restart and hooks. Fix crash with dynamic function defs in hooks during preload. OpenSSL: Fixed bug GH-18986 (OpenSSL backend: incorrect RAND_{load,write}_file() return value check). Fix error return check of EVP_CIPHER_CTX_ctrl(). Fixed bug GH-19428 (openssl_pkey_derive segfaults for DH derive with low key_length param). PDO Pgsql: Fixed dangling pointer access on _pdo_pgsql_trim_message helper. SOAP: Fixed bug GH-18640 (heap-use-after-free ext/soap/php_encoding.c:299:32 in soap_check_zval_ref). Sockets: Fix some potential crashes on incorrect argument value. Standard: Fixed OSS Fuzz #433303828 (Leak in failed unserialize() with opcache). Fix theoretical issues with hrtime() not being available. Fixed bug GH-19300 (Nested array_multisort invocation with error breaks). Windows: Free opened_path when opened_path_len >= MAXPATHLEN. ==== aws-lc ==== Version update (1.58.1 -> 1.59.0) Subpackages: libcrypto-awslc0 libssl-awslc0 - update to version 1.59.0: * Support other field for PKCS7 * Add CFI directives to armv8-mont * Add back RC4_options from decrepit * Apache httpd integration test * Fix clang-21 compile error * Fix MariaDB integration test * ML-KEM: Re-import mlkem-native * ML-KEM: import and enable x86_64 backend from mlkem-native * X509_REQ_verify for MLDSA44 and MLDSA87 * Remove BIT_INTERLEAVE support * ML-KEM: Fix mlkem-native importer.sh * Add CFI directives in md5-armv8.pl ==== kmod ==== Subpackages: libkmod2 - Revert the previous workaround ==== lightdm-gtk-greeter-branding-openSUSE ==== - Correct the background picture file path (bsc#1248096) ==== net-tools ==== - Drop old Fedora patch 0006-Allow-interface-stacking.patch. It provided a fix for CVE-2025-46836 (bsc#142461), but it was fixes by the upstream in 2025 in a different way. Revert interferring net-tools-CVE-2025-46836.patch back to the upstream version. - Fix stack buffer overflow in parse_hex (bsc#1248687, GHSA-h667-qrp8-gj58, net-tools-parse_hex-stack-overflow.patch). - Fix stack-based buffer overflow in proc_gen_fmt (bsc#1248687, GHSA-w7jq-cmw2-cq59, net-tools-proc_gen_fmt-buffer-overflow.patch). - Avoid unsafe memcpy in ifconfig (bsc#1248687, net-tools-ifconfig-avoid-unsafe-memcpy.patch). - Prevent overflow in ax25 and netrom (bsc#1248687, net-tools-ax25+netrom-overflow-1.patch, net-tools-ax25+netrom-overflow-2.patch). - Keep possibility to enter long interface names, even if they are not accepted by the kernel, because it was always possible up to CVE-2025-46836 fix. But issue a warning about an interface name concatenation (bsc#1248410, net-tools-ifconfig-long-name-warning.patch). ==== nftables ==== Version update (1.1.4 -> 1.1.5) Subpackages: libnftables1 python313-nftables - Update to release 1.1.5 * Revert JSON ruleset listing, restore set flags to display single item with array * Fix misleading "No buffer space available" error when kernel reports too many errors back to userspace. - Delete 0001-tools-add-a-systemd-unit-for-static-rulesets.patch, json.patch (merged) ==== openSUSE-release ==== Version update (20250827 -> 20250829) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== pam ==== - Update to 1.7.1+git (post-v1.7.1.patch) - disable unix_chkpwd by default, only used as fallback again - pam_modutil_get-overwrite-password-at-free.patch is included ==== pam-full-src ==== Subpackages: pam-extra pam-manpages - Update to 1.7.1+git (post-v1.7.1.patch) - disable unix_chkpwd by default, only used as fallback again - pam_modutil_get-overwrite-password-at-free.patch is included ==== patterns-xfce ==== Subpackages: patterns-xfce-xfce patterns-xfce-xfce_basis patterns-xfce-xfce_laptop - Move alsa-utils recommends from laptop_wayland to to basis_wayland patterns, as it's always used by labwc, not depending on laptop - Clean up superfluous entries in laptop_wayland patterns that are already included in the basis pattern; xfce4-battery-plugin is dropped as xfce4-power-manager already provides the functionality (and it's not used as default) ==== pcre2 ==== Version update (10.45 -> 10.46) Subpackages: libpcre2-16-0 libpcre2-32-0 libpcre2-8-0 libpcre2-posix3 - Update to 10.46: * CVE-2025-58050: heap-buffer-overflow read in match_ref due to missing boundary restoration in SCS (boo#1248832, boo#1248842) ==== php8 ==== Version update (8.4.11 -> 8.4.12) Subpackages: php8-ctype php8-dom php8-iconv php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter - version update to 8.4.12 Core: Fixed GH-19169 build issue with C++17 and ZEND_STATIC_ASSERT macro. Fixed bug GH-19053 (Duplicate property slot with hooks and interface property). Fixed bug GH-19044 (Protected properties are not scoped according to their prototype). Fixed bug GH-18581 (Coerce numeric string keys from iterators when argument unpacking). Fixed OSS-Fuzz #434346548 (Failed assertion with throwing __toString in binary const expr). Fixed bug GH-19305 (Operands may be being released during comparison). Fixed bug GH-19303 (Unpacking empty packed array into uninitialized array causes assertion failure). Fixed bug GH-19306 (Generator can be resumed while fetching next value from delegated Generator). Fixed bug GH-19326 (Calling Generator::throw() on a running generator with a non-Generator delegate crashes). Fixed bug GH-19280 (Stale array iterator position on rehashing). Fixed bug GH-18736 (Circumvented type check with return by ref + finally). Fixed bug GH-19065 (Long match statement can segfault compiler during recursive SSA renaming). Calendar: Fixed bug GH-19371 (integer overflow in calendar.c). FTP: Fix theoretical issues with hrtime() not being available. GD: Fix incorrect comparison with result of php_stream_can_cast(). Hash: Fix crash on clone failure. Intl: Fix memleak on failure in collator_get_sort_key(). Fix return value on failure for resourcebundle count handler. LDAP: Fixed bug GH-18529 (additional inheriting of TLS int options). LibXML: Fixed bug GH-19098 (libxml<2.13 segmentation fault caused by php_libxml_node_free). MbString: Fixed bug GH-19397 (mb_list_encodings() can cause crashes on shutdown). Opcache: Reset global pointers to prevent use-after-free in zend_jit_status(). Fix issue with JIT restart and hooks. Fix crash with dynamic function defs in hooks during preload. OpenSSL: Fixed bug GH-18986 (OpenSSL backend: incorrect RAND_{load,write}_file() return value check). Fix error return check of EVP_CIPHER_CTX_ctrl(). Fixed bug GH-19428 (openssl_pkey_derive segfaults for DH derive with low key_length param). PDO Pgsql: Fixed dangling pointer access on _pdo_pgsql_trim_message helper. SOAP: Fixed bug GH-18640 (heap-use-after-free ext/soap/php_encoding.c:299:32 in soap_check_zval_ref). Sockets: Fix some potential crashes on incorrect argument value. Standard: Fixed OSS Fuzz #433303828 (Leak in failed unserialize() with opcache). Fix theoretical issues with hrtime() not being available. Fixed bug GH-19300 (Nested array_multisort invocation with error breaks). Windows: Free opened_path when opened_path_len >= MAXPATHLEN. ==== qt6-base ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6Concurrent6 libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6OpenGLWidgets6 libQt6PrintSupport6 libQt6Sql6 libQt6Test6 libQt6Widgets6 libQt6Xml6 qt6-network-tls qt6-networkinformation-glib qt6-networkinformation-nm qt6-platformtheme-gtk3 qt6-printsupport-cups qt6-sql-mysql qt6-sql-sqlite - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released - Drop patch, merged upstream: * 0001-Add-clamping-to-QColorTransferGenericFunction.patch ==== qt6-declarative ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsPlatform6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlMeta6 libQt6QmlModels6 libQt6QmlNetwork6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 libQt6QuickVectorImage6 libQt6QuickWidgets6 qt6-declarative-imports - Pass '-DQT_QML_NO_CACHEGEN:BOOL=TRUE' to CMake to make builds reproducible (related: boo#1248369) - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released - Drop patch, merged upstream: * 0001-qmlcachegen-fix-crash-on-unresolved-type-with-requir.patch ==== qt6-imageformats ==== Version update (6.9.1 -> 6.9.2) - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-location ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6Location6 - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-multimedia ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6Multimedia6 libQt6MultimediaQuick6 libQt6MultimediaWidgets6 libQt6Quick3DSpatialAudio6 libQt6SpatialAudio6 qt6-multimedia-imports - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-networkauth ==== Version update (6.9.1 -> 6.9.2) - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-positioning ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6Positioning6 libQt6PositioningQuick6 qt6-positioning-imports - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-qt5compat ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6Core5Compat6 qt6-qt5compat-imports - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-quick3d ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6Quick3D6 libQt6Quick3DAssetImport6 libQt6Quick3DAssetUtils6 libQt6Quick3DEffects6 libQt6Quick3DHelpers6 libQt6Quick3DHelpersImpl6 libQt6Quick3DParticleEffects6 libQt6Quick3DParticles6 libQt6Quick3DRuntimeRender6 libQt6Quick3DUtils6 libQt6Quick3DXr6 qt6-quick3d-imports - Pass '-DQT_QML_NO_CACHEGEN:BOOL=TRUE' to CMake to make builds reproducible (related: boo#1248369) - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-quicktimeline ==== Version update (6.9.1 -> 6.9.2) - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-sensors ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6Sensors6 - Pass '-DQT_QML_NO_CACHEGEN:BOOL=TRUE' to CMake to make builds reproducible (related: boo#1248369) - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-shadertools ==== Version update (6.9.1 -> 6.9.2) - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-speech ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6TextToSpeech6 qt6-texttospeech - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-svg ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6Svg6 libQt6SvgWidgets6 - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-tools ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6Designer6 libQt6UiTools6 qt6-tools-qdbus - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released - Drp patch, merged upstream: * 0001-QDoc-Sort-non-function-nodes-by-name-then-erase-duplicates.patch - Recommend installing qt6-translation for the -assistant, - designer and -linguist subpackages. ==== qt6-translations ==== Version update (6.9.1 -> 6.9.2) - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-virtualkeyboard ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6HunspellInputMethod6 libQt6VirtualKeyboard6 libQt6VirtualKeyboardQml6 qt6-virtualkeyboard-imports - Pass '-DQT_QML_NO_CACHEGEN:BOOL=TRUE' to CMake to make builds reproducible (related: boo#1248369) - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-wayland ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6WaylandClient6 libQt6WaylandCompositor6 libQt6WaylandEglClientHwIntegration6 libQt6WaylandEglCompositorHwIntegration6 libQt6WlShellIntegration6 - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-webchannel ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6WebChannel6 libQt6WebChannelQuick6 qt6-webchannel-imports - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== qt6-webengine ==== Version update (6.9.1 -> 6.9.2) Subpackages: libQt6WebEngineCore6 libQt6WebEngineQuick6 libQt6WebEngineWidgets6 qt6-webengine-imports - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released * Patched with security patches up to Chromium version up to 139.0.7258.67 ==== qt6-webview ==== Version update (6.9.1 -> 6.9.2) - Update to 6.9.2: * https://www.qt.io/blog/qt-6.9.2-released ==== xfce4-session ==== Subpackages: xfce4-session-lang - Yet more default key binding for Wayland labwc (bsc#1248802)
