Packages changed: LibVNCServer (0.9.14 -> 0.9.15) apparmor (4.1.0 -> 4.1.1) aws-lc binutils busybox-links ceph (16.2.15.84+gb9c09b69575 -> 18.2.7) curl git kernel-source kmod libapparmor (4.1.0 -> 4.1.1) libssh (0.11.1 -> 0.11.2) libyui (4.7.4 -> 4.7.5) libyui-ncurses (4.7.4 -> 4.7.5) libyui-ncurses-pkg (4.7.4 -> 4.7.5) libyui-qt (4.7.4 -> 4.7.5) libyui-qt-graph (4.7.4 -> 4.7.5) libyui-qt-pkg (4.7.4 -> 4.7.5) lilv (0.24.24 -> 0.24.26) numactl open-vm-tools (12.5.2 -> 13.0.0) openSUSE-release (20250626 -> 20250627) perl-XML-LibXML plymouth python-kiwi (10.2.25 -> 10.2.26) salt util-linux (2.41 -> 2.41.1) util-linux-systemd (2.41 -> 2.41.1) vsftpd === Details === ==== LibVNCServer ==== Version update (0.9.14 -> 0.9.15) - Update to 0.9.15 https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.15 * internal code structure cleanup * UTF-8 clipboard handling improvements * HTTP server support for multithreaded VNC servers * Fixed building with OpenSSL >= 3.0.0 - Rebase patches - Fix devel package dependencies. The libraries have public link targets that must be present when LibVNCServer-devel is installed - Add upstream change to fix build failures with CMake 4: * 0001-CMake-require-at-least-CMake-3.5.patch - Spec refresh ==== apparmor ==== Version update (4.1.0 -> 4.1.1) Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang python3-apparmor - update to ApppArmor 4.1.1 - unix-chkpwd: allow dac_read_search (boo#1241678) - extend mesa, wutmp and nameservice abstractions - utils: add support for priority rule prefix - various bugfixes - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.1.1 for the detailed upstream changelog ==== aws-lc ==== - adapt soname.patch to also give a version to libcrypto (fixes boo#1244562) - bump soversion to actual aws-lc version ==== binutils ==== Subpackages: libctf-nobfd0 libctf0 - pr33029.patch: Fix crash in assembler with -gdawrf-5 ==== busybox-links ==== Subpackages: busybox-coreutils busybox-diffutils busybox-ed busybox-gawk busybox-grep busybox-gzip busybox-procps busybox-psmisc busybox-sed busybox-sendmail busybox-which busybox-xz - Blacklist creating links for halt, reboot, shutdown commands to avoid accidental use in a fully booted system (bsc#1243201) ==== ceph ==== Version update (16.2.15.84+gb9c09b69575 -> 18.2.7) Subpackages: librados2 librbd1 - Disable ceph-mgr-cephadm in ring1 - Added cephadm-fix-get_cluster_count_when_data_dir_is_missing.patch - Add ceph-rocksdb-gcc15.patch - Add ceph-volume-fix-importlib.metadata-compat.patch - Added ceph-mgr-python-avoid-pyo3-errors.patch - Added ceph-mgr-do-not-require-NOTIFY_TYPES-in-python-modules.patch - Added ceph-mgr-workaround-numpy-28271.patch - Update to 18.2.7 (Reef): + RADOS * FileStore is not supported in Reef. * RocksDB has been upgraded to version 7.9.2. * There have been significant improvements to RocksDB iteration overhead and performance. * The `perf dump` and `perf schema` commands have been deprecated in favor of the new `counter dump` and `counter schema` commands. * Cache tiering is now deprecated. * A new feature, the "read balancer", is now available, which allows users to balance primary PGs per pool on their clusters. * A POOL_APP_NOT_ENABLED health warning will now be reported if the application is not enabled for the pool whether the pool is in use or not. * The get_pool_is_selfmanaged_snaps_mode C++ API has been deprecated due to being prone to false negative results. Its safer replacement is pool_is_in_selfmanaged_snaps_mode. * A new command, `ceph osd rm-pg-upmap-primary-all`, has been added that allows users to clear all pg-upmap-primary mappings in the osdmap when desired. * A bug related to IPv6 support is now fixed. + RGW * Bucket resharding is now supported for multi-site configurations. * There have been significant improvements to the stability and consistency of multi-site replication. * Compression is now supported for objects uploaded with Server-Side Encryption. * S3 multipart uploads using Server-Side Encryption now replicate correctly in a multi-site deployment. * New tools have been added to `radosgw-admin` for identifying and correcting issues with versioned bucket indexes. + Dashboard * There is a new Dashboard page with improved layout. Active alerts and some important charts are now displayed inside cards. * An overview page for RGW to show the overall status of RGW components. * Added management support for RGW Multi-site and CephFS Subvolumes and groups. * Fixed several issues in Ceph dashboard on Rook-backed clusters, and improved the user experience on the Rook environment. + RBD * Support for layered client-side encryption has been added. * When diffing against the beginning of time (fromsnapname == NULL) in fast-diff mode (whole_object == true with fast-diff image feature enabled and valid), diff-iterate is now guaranteed to execute locally if exclusive lock is available. This brings a dramatic performance improvement for QEMU live disk synchronization and backup use cases. * The option --image-id has been added to `rbd children` CLI command, so it can be run for images in the trash. * The try-netlink mapping option for rbd-nbd has become the default and is now deprecated. + Telemetry * Users can now opt in to participate in a leaderboard in the telemetry public dashboards. + CEPHFS * MDS now evicts clients which are not advancing their request tids. + mgr * For clusters with multiple CephFS file systems, all the snap-schedule commands now expect the ‘--fs’ argument. * Refine the orchestrator availability check to prevent against crashes in the prometheus module during startup. + ceph-volume * A bug related to cryptsetup version handling has been fixed. - Switched to managing the spec directly with a pristine source and set of patches - Removed ceph-test - Removed checkin scripts - Added ceph-mgr-stop-using-deprecated-api-to-initialize-python.patch - Added ceph-mgr-set-argv-for-python.patch - Added ceph-mgr-add-site-packages-paths.patch - Added ceph-librbd-fix-atomic-shared-pointer.patch - Added ceph-cmake-ensure-git-exists-before-executing-it.patch - Added ceph-build-fix-fmt-version-check.patch - Added ceph-tracing-fix-c-type-errors-in-librados-tracing.patch - Added ceph-pybind-fix-c-type-errors-in-cython-generated-python-bindings.patch ==== curl ==== Subpackages: libcurl4 - Build with experimental OpenSSL based QUIC support to enable --http3 ==== git ==== Subpackages: git-core git-email git-gui git-web gitk perl-Git - Fix git-gui citool SHA256 repo handling: refreshed 0002-git-gui-Add-support-of-SHA256-repo.patch ==== kernel-source ==== - Refresh patches.suse/drm-amd-display-Add-debugging-message-for-brightness.patch. - Refresh patches.suse/drm-amd-display-Fix-default-DC-and-AC-levels.patch. Update upstream info. - commit 0b2be4d - video: screen_info: Relocate framebuffers behind PCI bridges (bsc#1240696). Update to upstream version (v3). - commit 28b2fa0 - Remove host-memcpy-hack.h This might have been usefult at some point but we have more things that depend on specific library versions today. - commit 0396c23 - Remove compress-vmlinux.sh /usr/lib/rpm/brp-suse.d/brp-99-compress-vmlinux was added in pesign-obs-integration during SLE12 RC. This workaround can be removed. - commit 19caac0 - Remove try-disable-staging-driver The config for linux-next is autogenerated from master config, and defaults filled for missing options. This is unlikely to enable any staging driver in the first place. - commit a6f21ed - Delete patches.suse/Revert-percpu-x86-enable-strict-percpu-checks-via-na.patch. Fixes accepted to libbpf: https://build.suse.de/requests/379919 https://build.suse.de/requests/379920 https://build.opensuse.org/requests/1283405 - commit c3b942c - sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (git-fixes). - commit 1a6b27d - Rename to patches.rpmify/powerpc-boot-Fix-build-with-gcc-15.patch. Ie. fix also kernel-vanilla. - commit b84d501 ==== kmod ==== Subpackages: libkmod2 - Fix testsuite on Leap 16.0 (bsc#1240126) * Revert-build-check-for-__xstat-declarations.patch ==== libapparmor ==== Version update (4.1.0 -> 4.1.1) - update to ApppArmor 4.1.1 - unix-chkpwd: allow dac_read_search (boo#1241678) - extend mesa, wutmp and nameservice abstractions - utils: add support for priority rule prefix - various bugfixes - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.1.1 for the detailed upstream changelog ==== libssh ==== Version update (0.11.1 -> 0.11.2) Subpackages: libssh-config libssh4 - Update to version 0.11.2 * Security: * CVE-2025-4877 - Write beyond bounds in binary to base64 conversion (bsc#1245309) * CVE-2025-4878 - Use of uninitialized variable in privatekey_from_file() (bsc#1245310) * CVE-2025-5318 - Likely read beyond bounds in sftp server handle management (bsc#1245311) * CVE-2025-5351 - Double free in functions exporting keys (bsc#1245312) * CVE-2025-5372 - ssh_kdf() returns a success code on certain failures (bsc#1245314) * CVE-2025-5449 - Likely read beyond bounds in sftp server message decoding (bsc#1245316) * CVE-2025-5987 - Invalid return code for chacha20 poly1305 with OpenSSL (bsc#1245317) * Compatibility * Fixed compatibility with CPM.cmake * Compatibility with OpenSSH 10.0 * Tests compatibility with new Dropbear releases * Removed p11-kit remoting from the pkcs11 testsuite * Bugfixes * Implement missing packet filter for DH GEX * Properly process the SSH2_MSG_DEBUG message * Allow escaping quotes in quoted arguments to ssh configuration * Do not fail with unknown match keywords in ssh configuration * Process packets before selecting signature algorithm during authentication * Do not fail hard when the SFTP status message is not sent by noncompliant servers - Removed libssh-CmakeLists-Fix-multiple-digit-major-version-for-OpenSSH.patch - Removed libssh-misc-Fix-OpenSSH-banner-parsing.patch ==== libyui ==== Version update (4.7.4 -> 4.7.5) - Do not build the qt packages (libyui-qt, libyui-qt-graph, libyui-qt-pkg and libyui-qt-rest-api) in SLE16 since Qt5 won't be available there. - 4.7.5 ==== libyui-ncurses ==== Version update (4.7.4 -> 4.7.5) - Do not build the qt packages (libyui-qt, libyui-qt-graph, libyui-qt-pkg and libyui-qt-rest-api) in SLE16 since Qt5 won't be available there. - 4.7.5 ==== libyui-ncurses-pkg ==== Version update (4.7.4 -> 4.7.5) - Do not build the qt packages (libyui-qt, libyui-qt-graph, libyui-qt-pkg and libyui-qt-rest-api) in SLE16 since Qt5 won't be available there. - 4.7.5 ==== libyui-qt ==== Version update (4.7.4 -> 4.7.5) - Do not build the qt packages (libyui-qt, libyui-qt-graph, libyui-qt-pkg and libyui-qt-rest-api) in SLE16 since Qt5 won't be available there. - 4.7.5 ==== libyui-qt-graph ==== Version update (4.7.4 -> 4.7.5) - Do not build the qt packages (libyui-qt, libyui-qt-graph, libyui-qt-pkg and libyui-qt-rest-api) in SLE16 since Qt5 won't be available there. - 4.7.5 ==== libyui-qt-pkg ==== Version update (4.7.4 -> 4.7.5) - Do not build the qt packages (libyui-qt, libyui-qt-graph, libyui-qt-pkg and libyui-qt-rest-api) in SLE16 since Qt5 won't be available there. - 4.7.5 ==== lilv ==== Version update (0.24.24 -> 0.24.26) - Update to version 0.24.26: * Add lint option with project metadata and code quality tests * Avoid use of VLAs in lv2apply * Clean up and isolate platform-specific code * Fix C++ test build on MacOS * Fix library current_version on MacOS * Fix test suite when TMPDIR has no trailing slash * Fully separate library code from programs * Improve const correctness * Replace more platform-specific code with use of zix ==== numactl ==== Subpackages: libnuma1 - Fix Node0 does not exist (bsc#1244492) A 4abeee1aac20a7a2552870e0359b8df013ae9037.patch ==== open-vm-tools ==== Version update (12.5.2 -> 13.0.0) Subpackages: libvmtools0 open-vm-tools-desktop - Update to open-vm-tools 13.0.0 based on build 24696409. (boo#1245169): There are no new features in the open-vm-tools 13.0.0 release. This is primarily a maintenance release that addresses a few issues, including: - The vm-support script has been updated to collect the open-vm-tools log files from the Linux guest and information from the systemd journal. - Github pull requests has been integrated and issues fixed. Please see the Resolved Issues section of the Release Notes. For a more complete list of issues resolved in this release, see the Resolved Issues section of the Release Notes. For complete details, see: https://github.com/vmware/open-vm-tools/releases/tag/stable-13.0.0 Release Notes are available at: https://github.com/vmware/open-vm-tools/blob/stable-13.0.0/ReleaseNotes.md The granular changes that have gone into the 13.0.0 release are in the ChangeLog at: https://github.com/vmware/open-vm-tools/blob/stable-13.0.0/open-vm-tools/ChangeLog - Add patch: 0001-GOSC-Update-Guest-OS-Customization-to-utilize-system.patch Currently the "telinit 6" command is used to reboot a Linux VM following Guest OS Customization. As the classic Linux init system, SysVinit, is deprecated in favor of a newer init system, systemd, the telinit command may not be available on the base Linux OS. This change adds support to Guest OS Customization for the systemd init system. If the modern init system, systemd, is available, then a "systemctl reboot" command will be used to trigger reboot. Otherwise, the "telinit 6" command will be used assuming the traditional init system, SysVinit, is still available. - Drop patch now contained in 13.0.0: open-vm-tools-12.5.0-gcc15.patch - Ran /usr/lib/obs/service/source_validators/helpers/fix_changelog to fix changes file where source validator was failing. ==== openSUSE-release ==== Version update (20250626 -> 20250627) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== perl-XML-LibXML ==== - Get fully determistic builds, even with --nocheck (boo#1227364) ==== plymouth ==== Subpackages: libply-splash-core5 libply-splash-graphics5 libply5 plymouth-dracut plymouth-lang plymouth-plugin-label plymouth-plugin-two-step plymouth-scripts plymouth-theme-bgrt plymouth-theme-spinner ==== python-kiwi ==== Version update (10.2.25 -> 10.2.26) - Bump version: 10.2.25 → 10.2.26 - Fix shim lookup for arm on SUSE Add missing search path for shim binary on arm based SUSE systems. Also update the tumbleweed/test-image-live-disk integration test for arm to build with secure boot enabled to actually test a secure boot enabled ISO build. This Fixes #2842 ==== salt ==== Subpackages: python311-salt salt-master salt-minion - Several fixes for security issues (bsc#1244561, CVE-2024-38822) (bsc#1244564, CVE-2024-38823) (bsc#1244565, CVE-2024-38824) (bsc#1244566, CVE-2024-38825) (bsc#1244567, CVE-2025-22240) (bsc#1244568, CVE-2025-22236) (bsc#1244570, CVE-2025-22241) (bsc#1244571, CVE-2025-22237) (bsc#1244572, CVE-2025-22238) (bsc#1244574, CVE-2025-22239) (bsc#1244575, CVE-2025-22242) * Request server hardening * Prevent traversal in local_cache::save_minions * Add test and fix for file_recv cve * Fix traversal in gitfs find_file * Fix traversal in salt.utils.virt * Fix traversal in pub_ret * Reasonable failures when pillars timeout * Make send_req_async wait longer * Remove token to prevent decoding errors * Fix checking of non-url style git remotes * Allow subdirs in GitFS find_file check - Added: * several-fixes-for-security-issues.patch ==== util-linux ==== Version update (2.41 -> 2.41.1) Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 util-linux-lang - Update to version 2.41.1: * cfdisk: fix memory leak and possible NULL dereference * fdisk: fix possible memory leak * findmnt: fix -k option parsing regression (boo#1242705, drop util-linux-libblkid-econf-parse.patch) * hardlink: fix performance regression * include/cctype: fix string comparison * libblkid: * Fix crash while parsing config with libeconf * befs fix underflow * avoid strcasecmp() for ASCII-only strings * libblkid/src/topology/dm: fix fscanf return value check to match expected number of parsed items * libmount: * (subdir) restrict for real mounts only * (subdir) remove unused code * avoid calling memset() unnecessarily * fix --no-canonicalize regression (boo#1244251, drop libmount-fix-no-canonicalize-regression.patch) * lsblk: * use ID_PART_ENTRY_SCHEME as fallback for PTTYPE * avoid strcasecmp() for ASCII-only strings * lscpu: * fix possible buffer overflow in cpuinfo parser * Fix loongarch op-mode output with recent kernel * lsfd: * scan the protocol field of /proc/net/packet as a hex number * fix the description for PACKET.PROTOCOL column * lsns: * enhance compilation without USE_NS_GET_API * fix undefined reference to add_namespace_for_nsfd #3483 * more: * fix broken ':!command' command key * fix implicit previous shell_line execution #3508 * tests: (test_mkfds::mapped-packet-socket) add a new parameter, protocol * treewide: * add ul_ to parse_timestamp() function name (drop util-linux-rename-common-symbols-4.patch) * add ul_ to parse_switch() function name (drop util-linux-rename-common-symbols-3.patch) * add ul_ to parse_size() function name (drop util-linux-rename-common-symbols-2.patch) * add ul_ to parse_range() function name (drop util-linux-rename-common-symbols-1.patch) * fix optional arguments usage * avoid strcasecmp() for ASCII-only strings * Wipefs: improve --all descriptions for whole-disks * Misc: Do not call exit() on code ending in shared libraries * Other fixes. For complete list see https://kernel.org/pub/linux/utils/util-linux/v2.41/v2.41.1-ReleaseNotes - Fix problem with uname26 listed twice. ==== util-linux-systemd ==== Version update (2.41 -> 2.41.1) Subpackages: lastlog2 liblastlog2-2 - Update to version 2.41.1: * cfdisk: fix memory leak and possible NULL dereference * fdisk: fix possible memory leak * findmnt: fix -k option parsing regression (boo#1242705, drop util-linux-libblkid-econf-parse.patch) * hardlink: fix performance regression * include/cctype: fix string comparison * libblkid: * Fix crash while parsing config with libeconf * befs fix underflow * avoid strcasecmp() for ASCII-only strings * libblkid/src/topology/dm: fix fscanf return value check to match expected number of parsed items * libmount: * (subdir) restrict for real mounts only * (subdir) remove unused code * avoid calling memset() unnecessarily * fix --no-canonicalize regression (boo#1244251, drop libmount-fix-no-canonicalize-regression.patch) * lsblk: * use ID_PART_ENTRY_SCHEME as fallback for PTTYPE * avoid strcasecmp() for ASCII-only strings * lscpu: * fix possible buffer overflow in cpuinfo parser * Fix loongarch op-mode output with recent kernel * lsfd: * scan the protocol field of /proc/net/packet as a hex number * fix the description for PACKET.PROTOCOL column * lsns: * enhance compilation without USE_NS_GET_API * fix undefined reference to add_namespace_for_nsfd #3483 * more: * fix broken ':!command' command key * fix implicit previous shell_line execution #3508 * tests: (test_mkfds::mapped-packet-socket) add a new parameter, protocol * treewide: * add ul_ to parse_timestamp() function name (drop util-linux-rename-common-symbols-4.patch) * add ul_ to parse_switch() function name (drop util-linux-rename-common-symbols-3.patch) * add ul_ to parse_size() function name (drop util-linux-rename-common-symbols-2.patch) * add ul_ to parse_range() function name (drop util-linux-rename-common-symbols-1.patch) * fix optional arguments usage * avoid strcasecmp() for ASCII-only strings * Wipefs: improve --all descriptions for whole-disks * Misc: Do not call exit() on code ending in shared libraries * Other fixes. For complete list see https://kernel.org/pub/linux/utils/util-linux/v2.41/v2.41.1-ReleaseNotes - Fix problem with uname26 listed twice. ==== vsftpd ==== - vsftpd-2.3.5-conf.patch adds a reference to our bug tracker to the installed vsftpd.conf. Updated that URL to point to the proper Bugzilla. [bsc#1182473]