Packages changed: MozillaFirefox (141.0.2 -> 142.0.1) SDL3 (3.2.20 -> 3.2.22) busybox-links certmonger (0.79.19 -> 0.79.20) container-selinux (2.240.0 -> 2.241.0) icewm (3.7.3 -> 3.9.0) iso-codes (4.16.0 -> 4.18.0) libcdr (0.1.7 -> 0.1.8) libreoffice (25.2.5.2 -> 25.8.1.1) libvirt (11.6.0 -> 11.7.0) libvisio (0.1.7 -> 0.1.8) mozilla-nss (3.113 -> 3.115.1) openSUSE-release (20250902 -> 20250903) python-cryptography qt6-declarative selinux-policy (20250812 -> 20250902) wireplumber (0.5.10 -> 0.5.11) zlib-ng-compat (2.2.4 -> 2.2.5) === Details === ==== MozillaFirefox ==== Version update (141.0.2 -> 142.0.1) Subpackages: MozillaFirefox-branding-upstream MozillaFirefox-translations-common - Mozilla Firefox 142.0.1 * Dragging multiple non-adjacent tabs in horizontal tab strip mode now correctly moves them together as a group. (bmo#1982933) * Dragging multiple tabs no longer causes toolbar unresponsiveness or visual glitches. (bmo#1984342) * Fixed an issue where the text cursor appeared in the wrong location. (bmo#1984045) * Fixed a crash related to gamepad use, particularly on macOS (bmno#1870379) * Fixed an issue where the expand on hover feature in the sidebar would sometimes stop working. (bmo#1982129) * Fixed a crash in KDE Plasma when using certain custom window decorations. (bmo#1984823) - Mozilla Firefox 142 https://www.mozilla.org/en-US/firefox/142.0/releasenotes/ MFSA 2025-64 (bsc#1248162) * CVE-2025-9179 (bmo#1979527) Sandbox escape due to invalid pointer in the Audio/Video: GMP component * CVE-2025-9180 (bmo#1979782) Same-origin policy bypass in the Graphics: Canvas2D component * CVE-2025-9181 (bmo#1977130) Uninitialized memory in the JavaScript Engine component * CVE-2025-9186 (bmo#1445758) Spoofing issue in the Address Bar component of Firefox Focus for Android * CVE-2025-9182 (bmo#1975837) Denial-of-service due to out-of-memory in the Graphics: WebRender component * CVE-2025-9183 (bmo#1976102) Spoofing issue in the Address Bar component * CVE-2025-9187 (bmo#1825621, bmo#1970079, bmo#1976736, bmo#1979072) Memory safety bugs fixed in Firefox 142 and Thunderbird 142 * CVE-2025-9184 (bmo#1929482, bmo#1976376, bmo#1979163, bmo#1979955) Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 * CVE-2025-9185 (bmo#1970154, bmo#1976782, bmo#1977166) Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 - Refresh mozilla-pgo.patch - requires NSS 3.114 ==== SDL3 ==== Version update (3.2.20 -> 3.2.22) - Update to release 3.2.22 * A bunch of changes for non-Linux platforms only ==== busybox-links ==== Subpackages: busybox-coreutils busybox-diffutils busybox-ed busybox-gawk busybox-grep busybox-gzip busybox-procps busybox-psmisc busybox-sed busybox-sendmail busybox-which busybox-xz - Add busybox-ether-wake replacing downstream ether-wake from net-tools (boo#1249034). - Provide support for net-tools-dummy-ether-wake (bsc#1242048). ==== certmonger ==== Version update (0.79.19 -> 0.79.20) - Disable failing tests with NSS 3.115.1: 007-certsave-dbm and 007-certsave-sql 025-casave-dbm * patch disable_some_tests.patch - Update to 0.79.20 * Fix type error in cm_tdbusm_get_vn * Adjust parameter type for util_EVP_PKEY_id * Update tests to be compatible with OpenSSL 3.2 * Switch BR from /usr/include/popt.h to popt-devel * getcert: return 2 when trying to create a duplicate entry * getcert: add NULL check to duplicate string compare * Use correct object path for 'ca' property of request objects in D-Bus API * Move shell_escape function to util.c * Add more environment variables to be passed on to the notification command * Translated using Weblate (Chinese (Simplified) (zh_CN)) * Translated using Weblate (Georgian) * Translated using Weblate (Russian) - Remove patches merged upstream * 0001-Update-tests-to-be-compatible-with-OpenSSL-3.2.patch * certmonger-c99-01.patch * certmonger-c99-02.patch - New patch * add_some_missing_tests.patch ==== container-selinux ==== Version update (2.240.0 -> 2.241.0) - Update to version 2.241.0: * Allow domains that trans to container_runtime_t bpf:prog_run ==== icewm ==== Version update (3.7.3 -> 3.9.0) Subpackages: icewm-config-upstream icewm-default icewm-lang icewm-lite - Update to version 3.9.0: * This release has a new dependency: libXcursor. The dependency on libXpm is no longer required. * Features: - If a theme doesn't define a cursor, prefer the system Xcursor theme. - Add support for themed cursors to gdk-pixbuf without requiring libXpm. - Add support for Xcursor files as an alternative to XPM cursors. - Add new -kovered filter to icesh to test if a client is covered. * Fixes: - When lseek on /proc/net/dev fails, avoid it for the future. - Ensure that _NET_CLIENT_LIST_STACKING is always up-to-date. - Correct red and blue colors in icesh for loadicon and saveicon. - When truncating a title in icesh, respect UTF-8 codepoint boundaries. * Changes: When the cursor X/Y-hotspot is absent in a XPM, smart guess it. * Updated translations. - Replace pkgconfig(xpm) with pkgconfig(xcursor) BuildRequires following upstream changes. - Rebase patches with quilt. ==== iso-codes ==== Version update (4.16.0 -> 4.18.0) - Update to version 4.18.0: + Replace FSF postal address with their website + Rename Chinese translations. + Updated translations. - Changes from version 4.17.0: + Add letter 'g' to conversion script for Tatar + Regenerate cyrillic Tatar from latin Tatar + Update Romanian translation and remove most pre- and suffixes + Updated translations. ==== libcdr ==== Version update (0.1.7 -> 0.1.8) - version update to 0.1.8 * fix build with ICU 75 and ICU 76 * Upgrade m4 macros from autoconf-archive.git v2023.02.20 * Fix crash appear with format CDR 14 and Gradients ==== libreoffice ==== Version update (25.2.5.2 -> 25.8.1.1) Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-qt6 libreoffice-writer libreofficekit - Update to 25.8.1.1: * Release notes: https://wiki.documentfoundation.org/Releases/25.8.0/RC1 https://wiki.documentfoundation.org/Releases/25.8.0/RC2 https://wiki.documentfoundation.org/Releases/25.8.0/RC3 https://wiki.documentfoundation.org/Releases/25.8.0/RC4 https://wiki.documentfoundation.org/Releases/25.8.1/RC1 - Update bundled libraries: * pdfium-6764.tar.bz2 -> pdfium-7012.tar.bz2 * skia-m130-3c64459d5df2fa9794b277f0959ed8a92552bf4c.tar.xz -> skia-m136-28685d899b0a35894743e2cedad4c9f525e90e1e.tar.xz ==== libvirt ==== Version update (11.6.0 -> 11.7.0) Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-qemu libvirt-libs - Update to libvirt 11.7.0 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v11-7-0-2025-09-01 ==== libvisio ==== Version update (0.1.7 -> 0.1.8) - version update to 0.1.8 * tests: Fix build with libxml 2.12 * Add support for simple solid fill styles * Add support for TextBackground from SheetStyle (tdf136564) * Improve Arrowheads appearance (tdf#126402) * Fix reading FillStyleLst and TextBkgnd from shape (tdf#154379) * Add support to DrawingUnits types (tdf#154379) * Visio5: Provide cellType to collector in readTextField ==== mozilla-nss ==== Version update (3.113 -> 3.115.1) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-sysinit mozilla-nss-tools - update to NSS 3.115.1 * bmo#1982742 - restore support for finding certificates by decoded serial number. * bmo#1984165 - avoid CKR_BUFFER_TO_SMALL error in trust lookups. - update to NSS 3.115 * bmo#1970304 - CID 1648399 - Resource leak in shlibsign.c * bmo#1981034 - CKA_SEED needs to be marked as a private attribute * bmo#1981518 - Fix bad syntax on Windows in softoken_gtest.cc * bmo#1974505 - Key private/public/secret keys by key type in softoken keydb * bmo#1980990 - add PK11_HPKE_GetSharedSecret to abi-check expected report * bmo#1980429 - remove NetscapeStepUpMatchesServerAuth from mozpkix TrustDomain * bmo#1927351 - Fixup ABI * bmo#1927351 - add ECH_SECRET and ECH_CONFIG to SSLKEYLOG for both client and server * bmo#1900841 - ECH fuzz target * bmo#1965331 - Implement PKCS #11 v3.2 FIPS indicator and validation objects * bmo#1978677 - remove expired explicitly distrusted DigiNotar lookalike root * bmo#1965329 - Implement PKCS #11 v3.2 functions - update to NSS 3.114 * bmo#1977376 - NSS 3.114 source distribution should include NSPR 4.37 * bmo#1970079 - Prevent leaks during pkcs12 decoding * bmo#1953731 - Remove redundant assert in p7local.c * bmo#1974515 - Bump nssckbi version to 2.80 * bmo#1961848 - Remove expired Baltimore CyberTrust Root * bmo#1972391 - Add TrustAsia Dedicated Roots to NSS * bmo#1974511 - Add SwissSign 2022 Roots to NSS * bmo#1836559 - Add backwards compatibility for CK_PKCS5_PBKD2_PARAMS * bmo#1965328 - Implement PKCS #11 v3.2 trust objects in softoken * bmo#1965328 - Implement PKCS #11 v3.2 trust objects - nss proper * bmo#1974331 - remove dead code in ssl3con.c * bmo#1934867 - DTLS (excl DTLS1.3) Changing Holddown timer logic * bmo#1974299 - Bump nssckbi version to 2.79 * bmo#1967826 - remove unneccessary assertion * bmo#1948485 - Update mechanisms for Softoken PCT * bmo#1974299 - convert Chunghwa Telecom ePKI Root removal to a distrust after * bmo#1973925 - Ensure ssl_HaveRecvBufLock and friends respect opt.noLocks * bmo#1973930 - use -O2 for asan build * bmo#1973187 - Fix leaking locks when toggling SSL_NO_LOCKS * bmo#1973105 - remove out-of-function semicolon * bmo#1963009 - Extend pkcs8 fuzz target * bmo#1963008 - Extend pkcs7 fuzz target * bmo#1908763 - Remove unused assignment to pageno * bmo#1908762 - Remove unused assignment to nextChunk * bmo#1973490 - don't run commands as part of shell `local` declarations * bmo#1973490 - fix sanitizer setup * bmo#1973187 - don't silence ssl_gtests output when running with coverage * bmo#1967411 - Release docs and housekeeping * bmo#1972768 - migrate to new linux tester pool - rebase FIPS patches to adjust for upstream FIPS work ==== openSUSE-release ==== Version update (20250902 -> 20250903) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== python-cryptography ==== Subpackages: python311-cryptography python313-cryptography - Add Make-unsafe-subinterpreter-support-available-via-cfg.patch to allow ceph-mgr to load modules (boo#1248987) ==== qt6-declarative ==== Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsPlatform6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlMeta6 libQt6QmlModels6 libQt6QmlNetwork6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 libQt6QuickVectorImage6 libQt6QuickWidgets6 qt6-declarative-imports - Disable LTO on armv6/7 as a workaround - boo#1249054 ==== selinux-policy ==== Version update (20250812 -> 20250902) Subpackages: selinux-policy-targeted - Update to version 20250902: * Label /usr/lib/systemd/systemd-ssh-issue with systemd_ssh_issue_exec_t * Allow stalld map sysfs files * Allow NetworkManager-dispatcher-winbind get pidfs attributes * Allow openvpn create and use generic netlink socket * policy_capabilities: remove estimated from released versions * policy_capabilities: add stub for userspace_initial_context * add netlink_xperm policy capability and nlmsg permission definitions * policy_capabilities: add ioctl_skip_cloexec * selinux-policy: add allow rule for tuned_ppd_t * selinux-policy: add allow rule for switcheroo_control_t * Label /run/audit with auditd_var_run_t * Allow virtqemud start a vm which uses nbdkit * Add nbdkit_signal() and nbdkit_signull() interfaces * Fix insights_client interfaces names * Add insights_core and insights_client interfaces * dist/targeted/modules.conf: enable slrnpull module * Allow bootupd delete symlinks in the /boot directory * Allow systemd-coredumpd capabilities in the user namespace * Allow openvswitch read virtqemud process state - Syncing with upstream rawhide selinux-policy up to: * 17956d28c011c35560e75a7293ac5924df57a1ee - Update embedded container-selinux version to commit: * 5997aa524734886d35e187f52de2546f25c9f500 (version 2.241.0) ==== wireplumber ==== Version update (0.5.10 -> 0.5.11) Subpackages: libwireplumber-0_5-0 wireplumber-lang - Update to version 0.5.11: * Additions & Enhancements: - Added modem manager module for tracking voice call status and voice call device profile selection hooks to improve phone call audio routing on mobile devices (!722, !729, #819) - Added MPRIS media player pause functionality that automatically pauses media playback when the audio target (e.g. headphones) is removed (!699, #764) - Added support for human-readable names and localization of settings in wireplumber.conf with wpctl displaying localized setting descriptions (!712) - Improved default node selection logic to use both session and route priorities when nodes have equal session priorities (!720) - Increased USB device priority in the ALSA monitor (!719) * Fixes: - Fixed multiple Lua runtime issues including type confusion bugs, stack overflow prevention, and SPA POD array/choice builders (!723, !728) - Fixed proxy object lifecycle management by properly clearing the OWNED_BY_PROXY flag when proxies are destroyed to prevent dangling pointers (!732) - Fixed state-routes handling to prevent saving unavailable routes and eliminate race conditions during profile switching (!730, #762) - Fixed some memory leaks in the script tester and the settings iterator (!727, !726) - Fixed a potential crash caused by module-loopback destroying itself when the pipewire connection is closed (#812) - Fixed profile saving behavior in wpctl set-profile command (#808) - Fixed GObject introspection closure annotation ==== zlib-ng-compat ==== Version update (2.2.4 -> 2.2.5) - Update to 2.2.5: * RiscV: chunkset_rvv: fix SIGSEGV in CHUNKCOPY #1889 * MSVC: Disable optimizations for AVX512 GET_CHUNK_MAG causing inflate failure #1884 * Fix building with runtime CPU detection disabled (native) [#1931] * Also check for ZMM support when detecting VPCLMULQDQ support [#1932] * Revert "Clean up insert_match() in deflate_medium" due to performance regression #1938