Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version=Tumbleweed&build=20250905 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: 7zip (24.09 -> 25.01) MozillaFirefox (141.0.2 -> 142.0.1) SDL3 (3.2.20 -> 3.2.22) aaa_base (84.87+git20250805.3069494 -> 84.87+git20250903.33e5ba4) boost-base boost-extra busybox-links certmonger (0.79.19 -> 0.79.20) cnf (0.8.1~0 -> 0.9.0~0) container-selinux (2.240.0 -> 2.241.0) file icewm (3.7.3 -> 3.9.0) iso-codes (4.16.0 -> 4.18.0) kernel-firmware-ath11k (20250820 -> 20250829) kernel-firmware-ath12k (20250808 -> 20250903) kernel-firmware-bluetooth (20250820 -> 20250903) kernel-firmware-i915 (20250730 -> 20250903) kernel-firmware-intel (20250825 -> 20250903) kernel-firmware-iwlwifi (20250818 -> 20250829) kernel-firmware-media (20250825 -> 20250903) kernel-firmware-mediatek (20250813 -> 20250903) kernel-firmware-qcom (20250820 -> 20250903) libcdr (0.1.7 -> 0.1.8) libqt5-qtwebengine (5.15.18 -> 5.15.19) libreoffice (25.2.5.2 -> 25.8.1.1) libvirt (11.6.0 -> 11.7.0) libvisio (0.1.7 -> 0.1.8) libxmlb (0.3.22 -> 0.3.23) mozilla-nss (3.113 -> 3.115.1) net-tools (2.10 -> 2.10+1) openSUSE-release (20250902 -> 20250905) python-cryptography qt6-declarative raspberrypi-firmware-dt (2023.11.21 -> 2025.05.14) sdbootutil (1+git20250820.077bd8b -> 1+git20250903.f5a076b) selinux-policy (20250812 -> 20250902) wireplumber (0.5.10 -> 0.5.11) zlib-ng-compat (2.2.4 -> 2.2.5) === Details === ==== 7zip ==== Version update (24.09 -> 25.01) - Update to 25.01 (boo#1249130) * The code for handling symbolic links has been changed to provide greater security when extracting files from archives * Command line switch -snld20 can be used to bypass default security checks when creating symbolic links. - includes changes from 25.00: * bzip2 compression speed was increased by 15-40%. * deflate (zip/gz) compression speed was increased by 1-3%. * improved support for zip, cpio and fat archives. * CVE-2025-53816 : 7-Zip could work incorrectly for some incorrect RAR archives (boo#1246706) * CVE-2025-53817 : 7-Zip could crash for some incorrect COM (Compound File) archives (boo#1246707) ==== MozillaFirefox ==== Version update (141.0.2 -> 142.0.1) Subpackages: MozillaFirefox-branding-upstream - Mozilla Firefox 142.0.1 * Dragging multiple non-adjacent tabs in horizontal tab strip mode now correctly moves them together as a group. (bmo#1982933) * Dragging multiple tabs no longer causes toolbar unresponsiveness or visual glitches. (bmo#1984342) * Fixed an issue where the text cursor appeared in the wrong location. (bmo#1984045) * Fixed a crash related to gamepad use, particularly on macOS (bmno#1870379) * Fixed an issue where the expand on hover feature in the sidebar would sometimes stop working. (bmo#1982129) * Fixed a crash in KDE Plasma when using certain custom window decorations. (bmo#1984823) - Mozilla Firefox 142 https://www.mozilla.org/en-US/firefox/142.0/releasenotes/ MFSA 2025-64 (bsc#1248162) * CVE-2025-9179 (bmo#1979527) Sandbox escape due to invalid pointer in the Audio/Video: GMP component * CVE-2025-9180 (bmo#1979782) Same-origin policy bypass in the Graphics: Canvas2D component * CVE-2025-9181 (bmo#1977130) Uninitialized memory in the JavaScript Engine component * CVE-2025-9186 (bmo#1445758) Spoofing issue in the Address Bar component of Firefox Focus for Android * CVE-2025-9182 (bmo#1975837) Denial-of-service due to out-of-memory in the Graphics: WebRender component * CVE-2025-9183 (bmo#1976102) Spoofing issue in the Address Bar component * CVE-2025-9187 (bmo#1825621, bmo#1970079, bmo#1976736, bmo#1979072) Memory safety bugs fixed in Firefox 142 and Thunderbird 142 * CVE-2025-9184 (bmo#1929482, bmo#1976376, bmo#1979163, bmo#1979955) Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 * CVE-2025-9185 (bmo#1970154, bmo#1976782, bmo#1977166) Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 - Refresh mozilla-pgo.patch - requires NSS 3.114 ==== SDL3 ==== Version update (3.2.20 -> 3.2.22) - Update to release 3.2.22 * A bunch of changes for non-Linux platforms only ==== aaa_base ==== Version update (84.87+git20250805.3069494 -> 84.87+git20250903.33e5ba4) Subpackages: aaa_base-extras - Update to version 84.87+git20250903.33e5ba4: * Correct fix for boo#1247495 (boo#1248158) ==== boost-base ==== Subpackages: boost-license1_88_0 libboost_filesystem1_88_0 libboost_iostreams1_88_0 libboost_locale1_88_0 libboost_thread1_88_0 - require shared library package in versioned libboost_url-devel (bsc#1248645) ==== boost-extra ==== - require shared library package in versioned libboost_url-devel (bsc#1248645) ==== busybox-links ==== Subpackages: busybox-coreutils busybox-diffutils busybox-ed busybox-findutils busybox-gawk busybox-grep busybox-gzip busybox-procps busybox-psmisc busybox-sed busybox-sendmail busybox-which busybox-xz - Set net-tools conflict version properly. - Add busybox-ether-wake replacing downstream ether-wake from net-tools (boo#1249034). - Provide support for net-tools-dummy-ether-wake (bsc#1242048). ==== certmonger ==== Version update (0.79.19 -> 0.79.20) - Disable failing tests with NSS 3.115.1: 007-certsave-dbm and 007-certsave-sql 025-casave-dbm * patch disable_some_tests.patch - Update to 0.79.20 * Fix type error in cm_tdbusm_get_vn * Adjust parameter type for util_EVP_PKEY_id * Update tests to be compatible with OpenSSL 3.2 * Switch BR from /usr/include/popt.h to popt-devel * getcert: return 2 when trying to create a duplicate entry * getcert: add NULL check to duplicate string compare * Use correct object path for 'ca' property of request objects in D-Bus API * Move shell_escape function to util.c * Add more environment variables to be passed on to the notification command * Translated using Weblate (Chinese (Simplified) (zh_CN)) * Translated using Weblate (Georgian) * Translated using Weblate (Russian) - Remove patches merged upstream * 0001-Update-tests-to-be-compatible-with-OpenSSL-3.2.patch * certmonger-c99-01.patch * certmonger-c99-02.patch - New patch * add_some_missing_tests.patch ==== cnf ==== Version update (0.8.1~0 -> 0.9.0~0) Subpackages: cnf-bash - Update to version 0.9.0~0: * mark 0.9.0 version * Documented what configuration variables are relied on. * Change rust code to say 'dnf' instead of 'dnf4' * Fixed some grammar errors in README.md * (ci): run zypper dnf5 and dnf integration tests in a parallel * Added fish support. * Added instructions for .zsh * Updated documentation to mention dnf5 support * Updated documentation examples. * Check if zypper is installed. * Look for dnf5 repos in /etc/dnf/repos.d * Add CI tests for dnf4 * Updated documentation to mention dnf4 support * Adds support for dnf4. * Added CI tests for dnf5. * Rename docker images with -zypper suffix. * Allow manually triggering the ci tests. * Added fish support. * Added instructions for .zsh * Updated documentation to mention dnf5 support * Updated documentation examples. * Check if zypper is installed. * Look for dnf5 repos in /etc/dnf/repos.d * Use dnf5 if it's installed. * Translated using Weblate (Portuguese (Brazil)) ==== container-selinux ==== Version update (2.240.0 -> 2.241.0) - Update to version 2.241.0: * Allow domains that trans to container_runtime_t bpf:prog_run ==== file ==== Subpackages: file-magic libmagic1 - Add patch file-5.46-tcgets2.patch from https://bugs.astron.com/view.php?id=678 but disable hunk 1 to avoid conflict with file-seccomp-ppc.patch This should fix bug boo#1249071 - Modify patch file-seccomp-ppc.patch that is use <asm/termbits.h> on all architectures ==== icewm ==== Version update (3.7.3 -> 3.9.0) Subpackages: icewm-config-upstream icewm-default icewm-lite - Update to version 3.9.0: * This release has a new dependency: libXcursor. The dependency on libXpm is no longer required. * Features: - If a theme doesn't define a cursor, prefer the system Xcursor theme. - Add support for themed cursors to gdk-pixbuf without requiring libXpm. - Add support for Xcursor files as an alternative to XPM cursors. - Add new -kovered filter to icesh to test if a client is covered. * Fixes: - When lseek on /proc/net/dev fails, avoid it for the future. - Ensure that _NET_CLIENT_LIST_STACKING is always up-to-date. - Correct red and blue colors in icesh for loadicon and saveicon. - When truncating a title in icesh, respect UTF-8 codepoint boundaries. * Changes: When the cursor X/Y-hotspot is absent in a XPM, smart guess it. * Updated translations. - Replace pkgconfig(xpm) with pkgconfig(xcursor) BuildRequires following upstream changes. - Rebase patches with quilt. ==== iso-codes ==== Version update (4.16.0 -> 4.18.0) - Update to version 4.18.0: + Replace FSF postal address with their website + Rename Chinese translations. + Updated translations. - Changes from version 4.17.0: + Add letter 'g' to conversion script for Tatar + Regenerate cyrillic Tatar from latin Tatar + Update Romanian translation and remove most pre- and suffixes + Updated translations. ==== kernel-firmware-ath11k ==== Version update (20250820 -> 20250829) - Update to version 20250829 (git commit 64596902d2db): * ath11k: Support WCN6855 hw2.1 with NFA firmware variant ==== kernel-firmware-ath12k ==== Version update (20250808 -> 20250903) - Update to version 20250903 (git commit 577ee67ffca2): * ath12k: WCN7850 hw2.0@ncm865: add to WLAN.IOE_HMT.1.1-00018-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1 ==== kernel-firmware-bluetooth ==== Version update (20250820 -> 20250903) - Update to version 20250903 (git commit c784990ba3d2): * rtl_bt: Update RTL8822C BT USB firmware to 0x2B66_D962 ==== kernel-firmware-i915 ==== Version update (20250730 -> 20250903) - Update to version 20250903 (git commit c784990ba3d2): * xe: Update GUC to v70.49.4 for BMG, LNL, PTL * i915: Update GUC to v70.49.4 for ADL-P, DG1, DG2, MTL, TGL ==== kernel-firmware-intel ==== Version update (20250825 -> 20250903) - Update to version 20250903 (git commit c784990ba3d2): * intel_vpu: Update NPU firmware - Update to version 20250829 (git commit 993ff19b553c): * Fix link entry for qat_895xcc.bin - Update to version 20250829 (git commit 64596902d2db): * Move QAT firmware to intel/ subdirectory * Revert "intel/ish: Add firmware for LENOVO THINKPAD X1 2-in-1 Gen 10" ==== kernel-firmware-iwlwifi ==== Version update (20250818 -> 20250829) - Update to version 20250829 (git commit 64596902d2db): * Move all iwlwifi top level files to intel/ directory ==== kernel-firmware-media ==== Version update (20250825 -> 20250903) - Update to version 20250903 (git commit 577ee67ffca2): * qcom: vpu: update firmware binaries to fix encoder drain handling ==== kernel-firmware-mediatek ==== Version update (20250813 -> 20250903) - Update to version 20250903 (git commit 577ee67ffca2): * linux-firmware: update firmware for MT7925 WiFi device * mediatek MT7925:update bluetooth firmware to 20250825220109 Update binary firmware for MT7925 BT devices. ==== kernel-firmware-qcom ==== Version update (20250820 -> 20250903) - Update to version 20250903 (git commit c784990ba3d2): * qcom: add ADSP firmware for qcs615 platform ==== libcdr ==== Version update (0.1.7 -> 0.1.8) - version update to 0.1.8 * fix build with ICU 75 and ICU 76 * Upgrade m4 macros from autoconf-archive.git v2023.02.20 * Fix crash appear with format CDR 14 and Gradients ==== libqt5-qtwebengine ==== Version update (5.15.18 -> 5.15.19) - Change the way we pin to ffmpeg-7: set maximum versions for the libav* buildrequires insteaf of hardcoding ffmpeg-7-*devel. This allows OBS to still shortcut through the mini packages. - Update to version 5.15.19: * Bump version to 5.15.19 * qmake: Fix qmake2cmake parsing issue for 5.15 SBOM * Update Chromium (patched with security updates up to 135.0.7049.95): * [Backport] CVE-2024-10229: Inappropriate implementation in Extensions * [Backport] CVE-2024-10827: Use after free in Serial * [Backport] Security bug 378701682 * [Backport] CVE-2024-12694: Use after free in Compositing * [Backport] Security bug 382135228 * [Backport] Security bug 384565015 * [Backport] CVE-2025-0436: Integer overflow in Skia * [Backport] CVE-2024-11477 / Security bug 383772517 * [Backport] CVE-2025-0996: Inappropriate implementation in Browser UI * [Backport] CVE-2025-1426: Heap buffer overflow in GPU * [Backport] Security bug 396481096 * [Backport] CVE-2025-0762: Use after free in DevTools * [Backport] CVE-2025-0999: Heap buffer overflow in V8 * [Backport] CVE-2024-55549: Fix UAF related to excluded namespaces * [Backport] CVE-2025-24855 Fix use-after-free of XPath context node * [backport] CVE-2025-1919 * [Backport] CVE-2025-2783: Incorrect handle provided in unspecified circumstances in Mojo on Windows * [backport] CVE-2025-24201 * [backport] CVE-2025-2136 * [Backport] Security bug 399002829 * [Backport] Security bug 396460489 * [Backport] CVE-2025-3619 * Various python fixes - Drop patches: * python3.12-imp.patch * python3.12-six.patch * python3.13-pipes.patch - Don't try to build with ffmpeg >= 8 on factory ==== libreoffice ==== Version update (25.2.5.2 -> 25.8.1.1) Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-en libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-qt6 libreoffice-writer libreofficekit - Update to 25.8.1.1: * Release notes: https://wiki.documentfoundation.org/Releases/25.8.0/RC1 https://wiki.documentfoundation.org/Releases/25.8.0/RC2 https://wiki.documentfoundation.org/Releases/25.8.0/RC3 https://wiki.documentfoundation.org/Releases/25.8.0/RC4 https://wiki.documentfoundation.org/Releases/25.8.1/RC1 - Update bundled libraries: * pdfium-6764.tar.bz2 -> pdfium-7012.tar.bz2 * skia-m130-3c64459d5df2fa9794b277f0959ed8a92552bf4c.tar.xz -> skia-m136-28685d899b0a35894743e2cedad4c9f525e90e1e.tar.xz ==== libvirt ==== Version update (11.6.0 -> 11.7.0) Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-qemu libvirt-libs - Update to libvirt 11.7.0 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v11-7-0-2025-09-01 ==== libvisio ==== Version update (0.1.7 -> 0.1.8) - version update to 0.1.8 * tests: Fix build with libxml 2.12 * Add support for simple solid fill styles * Add support for TextBackground from SheetStyle (tdf136564) * Improve Arrowheads appearance (tdf#126402) * Fix reading FillStyleLst and TextBkgnd from shape (tdf#154379) * Add support to DrawingUnits types (tdf#154379) * Visio5: Provide cellType to collector in readTextField ==== libxmlb ==== Version update (0.3.22 -> 0.3.23) - Update to version 0.3.23: * Bugfixes: Do not reallocate the final silo blob when compiling to reduce peak RSS by about ~6%. ==== mozilla-nss ==== Version update (3.113 -> 3.115.1) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-sysinit mozilla-nss-tools - update to NSS 3.115.1 * bmo#1982742 - restore support for finding certificates by decoded serial number. * bmo#1984165 - avoid CKR_BUFFER_TO_SMALL error in trust lookups. - update to NSS 3.115 * bmo#1970304 - CID 1648399 - Resource leak in shlibsign.c * bmo#1981034 - CKA_SEED needs to be marked as a private attribute * bmo#1981518 - Fix bad syntax on Windows in softoken_gtest.cc * bmo#1974505 - Key private/public/secret keys by key type in softoken keydb * bmo#1980990 - add PK11_HPKE_GetSharedSecret to abi-check expected report * bmo#1980429 - remove NetscapeStepUpMatchesServerAuth from mozpkix TrustDomain * bmo#1927351 - Fixup ABI * bmo#1927351 - add ECH_SECRET and ECH_CONFIG to SSLKEYLOG for both client and server * bmo#1900841 - ECH fuzz target * bmo#1965331 - Implement PKCS #11 v3.2 FIPS indicator and validation objects * bmo#1978677 - remove expired explicitly distrusted DigiNotar lookalike root * bmo#1965329 - Implement PKCS #11 v3.2 functions - update to NSS 3.114 * bmo#1977376 - NSS 3.114 source distribution should include NSPR 4.37 * bmo#1970079 - Prevent leaks during pkcs12 decoding * bmo#1953731 - Remove redundant assert in p7local.c * bmo#1974515 - Bump nssckbi version to 2.80 * bmo#1961848 - Remove expired Baltimore CyberTrust Root * bmo#1972391 - Add TrustAsia Dedicated Roots to NSS * bmo#1974511 - Add SwissSign 2022 Roots to NSS * bmo#1836559 - Add backwards compatibility for CK_PKCS5_PBKD2_PARAMS * bmo#1965328 - Implement PKCS #11 v3.2 trust objects in softoken * bmo#1965328 - Implement PKCS #11 v3.2 trust objects - nss proper * bmo#1974331 - remove dead code in ssl3con.c * bmo#1934867 - DTLS (excl DTLS1.3) Changing Holddown timer logic * bmo#1974299 - Bump nssckbi version to 2.79 * bmo#1967826 - remove unneccessary assertion * bmo#1948485 - Update mechanisms for Softoken PCT * bmo#1974299 - convert Chunghwa Telecom ePKI Root removal to a distrust after * bmo#1973925 - Ensure ssl_HaveRecvBufLock and friends respect opt.noLocks * bmo#1973930 - use -O2 for asan build * bmo#1973187 - Fix leaking locks when toggling SSL_NO_LOCKS * bmo#1973105 - remove out-of-function semicolon * bmo#1963009 - Extend pkcs8 fuzz target * bmo#1963008 - Extend pkcs7 fuzz target * bmo#1908763 - Remove unused assignment to pageno * bmo#1908762 - Remove unused assignment to nextChunk * bmo#1973490 - don't run commands as part of shell `local` declarations * bmo#1973490 - fix sanitizer setup * bmo#1973187 - don't silence ssl_gtests output when running with coverage * bmo#1967411 - Release docs and housekeeping * bmo#1972768 - migrate to new linux tester pool - rebase FIPS patches to adjust for upstream FIPS work ==== net-tools ==== Version update (2.10 -> 2.10+1) - Set net-tools conflict version properly. - Drop ether-wake binary in favor of wol. It was never part of the upstream net-tools, and we have ether-wake in busybox. Bump rpm version to 2.10.0.0.1 to make a seamless update possible (boo#1249034, drop 0001-Add-ether-wake-binary.patch). - Provide support for net-tools-dummy (bsc#1242048). - Remove net_tool Provides/Obsoletes for SuSE Linux 7 and SLES 7. ==== openSUSE-release ==== Version update (20250902 -> 20250905) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== python-cryptography ==== Subpackages: python311-cryptography python313-cryptography - Add Make-unsafe-subinterpreter-support-available-via-cfg.patch to allow ceph-mgr to load modules (boo#1248987) ==== qt6-declarative ==== Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsPlatform6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlMeta6 libQt6QmlModels6 libQt6QmlNetwork6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 libQt6QuickVectorImage6 libQt6QuickWidgets6 qt6-declarative-imports - Disable LTO on armv6/7 as a workaround - boo#1249054 ==== raspberrypi-firmware-dt ==== Version update (2023.11.21 -> 2025.05.14) - Fix compatible for bcm2712 pinctrl * bcm2712-fix-compatible.patch - Slow down eMMC and WiFi interface for CM5 modules. * 0001-ARM-dts-bcm2712-Slow-down-eMMC-interface.patch - Remove DMA support from devices. No upstream support for it. * 0001-ARM-dts-bcm2712-Remove-DMA-support.patch - Make rp1_nexus node The interrupt controller - Fix sram@400000 reg mapping. - Update devicetree files to 6.12.y from vendor linux tree. - Refresh following patch which now includes RPi5 related files: * 0001-ARM-dts-bcm27xx-Use-better-name-for-spidev.patch - Remove upstream RPi5 devicetree file. We will use downstream version, which will bring us all of the overlays. * 0001-arm64-dts-broadcom-bcm2712-Add-RaspberryPi-5-support.patch - Add following patches. Firs one adjust RP1 devicetree bindings to the upstream device driver requirements. The second patch fixes possible device crash in s2idle. * 0001-dts-rp1-Wrap-RP1-node-into-nexus-node-as-expected-by.patch * 0002-ARM-dts-bcm2711-Fix-xHCI-power-domain.patch - Add bootloader nmmem configuration fixup overlay. Firmware will put start address and size of bootloader configuration information into $blconfig node, but it will use hard coded #address-cells=2 and #size-cells=1, which is not always true. This will make Linux driver to refuse to register region and because of this rpi-eeprom-update tool will not work. Add workaround which will properly populate reg=<> propery. Hopefully device firmware will be fixed.. - Add nvmem DeviceTree nodes - Add RaspberryPi 5 support ==== sdbootutil ==== Version update (1+git20250820.077bd8b -> 1+git20250903.f5a076b) Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper - Update to version 1+git20250903.f5a076b: * Distiguish between path and id for boot entries ==== selinux-policy ==== Version update (20250812 -> 20250902) Subpackages: selinux-policy-targeted - Update to version 20250902: * Label /usr/lib/systemd/systemd-ssh-issue with systemd_ssh_issue_exec_t * Allow stalld map sysfs files * Allow NetworkManager-dispatcher-winbind get pidfs attributes * Allow openvpn create and use generic netlink socket * policy_capabilities: remove estimated from released versions * policy_capabilities: add stub for userspace_initial_context * add netlink_xperm policy capability and nlmsg permission definitions * policy_capabilities: add ioctl_skip_cloexec * selinux-policy: add allow rule for tuned_ppd_t * selinux-policy: add allow rule for switcheroo_control_t * Label /run/audit with auditd_var_run_t * Allow virtqemud start a vm which uses nbdkit * Add nbdkit_signal() and nbdkit_signull() interfaces * Fix insights_client interfaces names * Add insights_core and insights_client interfaces * dist/targeted/modules.conf: enable slrnpull module * Allow bootupd delete symlinks in the /boot directory * Allow systemd-coredumpd capabilities in the user namespace * Allow openvswitch read virtqemud process state - Syncing with upstream rawhide selinux-policy up to: * 17956d28c011c35560e75a7293ac5924df57a1ee - Update embedded container-selinux version to commit: * 5997aa524734886d35e187f52de2546f25c9f500 (version 2.241.0) ==== wireplumber ==== Version update (0.5.10 -> 0.5.11) Subpackages: libwireplumber-0_5-0 - Update to version 0.5.11: * Additions & Enhancements: - Added modem manager module for tracking voice call status and voice call device profile selection hooks to improve phone call audio routing on mobile devices (!722, !729, #819) - Added MPRIS media player pause functionality that automatically pauses media playback when the audio target (e.g. headphones) is removed (!699, #764) - Added support for human-readable names and localization of settings in wireplumber.conf with wpctl displaying localized setting descriptions (!712) - Improved default node selection logic to use both session and route priorities when nodes have equal session priorities (!720) - Increased USB device priority in the ALSA monitor (!719) * Fixes: - Fixed multiple Lua runtime issues including type confusion bugs, stack overflow prevention, and SPA POD array/choice builders (!723, !728) - Fixed proxy object lifecycle management by properly clearing the OWNED_BY_PROXY flag when proxies are destroyed to prevent dangling pointers (!732) - Fixed state-routes handling to prevent saving unavailable routes and eliminate race conditions during profile switching (!730, #762) - Fixed some memory leaks in the script tester and the settings iterator (!727, !726) - Fixed a potential crash caused by module-loopback destroying itself when the pipewire connection is closed (#812) - Fixed profile saving behavior in wpctl set-profile command (#808) - Fixed GObject introspection closure annotation ==== zlib-ng-compat ==== Version update (2.2.4 -> 2.2.5) - Update to 2.2.5: * RiscV: chunkset_rvv: fix SIGSEGV in CHUNKCOPY #1889 * MSVC: Disable optimizations for AVX512 GET_CHUNK_MAG causing inflate failure #1884 * Fix building with runtime CPU detection disabled (native) [#1931] * Also check for ZMM support when detecting VPCLMULQDQ support [#1932] * Revert "Clean up insert_match() in deflate_medium" due to performance regression #1938
