Packages changed: MicroOS-release (20250217 -> 20250218) abseil-cpp fontconfig (2.15.0 -> 2.16.0) fwupd (2.0.5 -> 2.0.6) geoclue2 kernel-firmware-i915 (20250210 -> 20250217) kernel-firmware-sound (20250210 -> 20250217) liburing netavark (1.13.1 -> 1.14.0) openssh (9.9p1 -> 9.9p2) patterns-microos psmisc python-maturin (1.8.1 -> 1.8.2) skopeo (1.17.0 -> 1.18.0) woff2 xdg-desktop-portal (1.19.3 -> 1.19.4) xdg-desktop-portal-gnome (47.2 -> 47.3) yaml-cpp === Details === ==== MicroOS-release ==== Version update (20250217 -> 20250218) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== abseil-cpp ==== Subpackages: libabsl_2501_0_0 libabsl_lite_2501_0_0 - do not obsolete the shared libary package ==== fontconfig ==== Version update (2.15.0 -> 2.16.0) Subpackages: libfontconfig1 - update to 2.16.0: * Fix misleading-indentation warning * Deal with glob string properly * Allow comma as a delimiter in postscriptname and ignore it on matching * Refactor exclusive language logic into separate file * Use proper postscriptname for named instance if any * Remove redundant leaf assignment in fcfreetype.c * Ensure lock/unlock symmetry * Ensure config is locked during retry in FcConfigReference * Unlock on allocation failure in FcCacheInsert * Fix FcSerialize undefined behavior with null pointer usage * Fix undefined behavior issue on qsort call * Add cop.orth for Coptic language * Add got.orth for Gothic language * Fix a memory leak in fc-list/fc-query/fc-scan * mark _FcPatternIter as may_alias * Accept integer for pixelsize * Improve hinting detection for fonthashint object * Add FcConfigSetFontSetFilter * Fix some code found by SAST * Set FcTypeVoid if no valid types to convert * Fix a memory leak in _get_real_paths_from_prefix * Fix double slashes in path * More information when no writable cache directories * Fix test case for reproducible builds * Fix invalid escape character \s * Sort out bitmap related config files * Clean up .uuid files with fc-cache -f too - add fontconfig-autoconf269.patch to start leap build ==== fwupd ==== Version update (2.0.5 -> 2.0.6) Subpackages: libfwupd3 typelib-1_0-Fwupd-2_0 - Update to version 2.0.6: + This release adds the following features: - Add 'fwupdtool efiboot-hive' to allow setting the nmbl cmdline - Allow setting the inhibit reason from fwupdmgr - Allow USB-provided hidraw devices to use DS-20 descriptors + This release fixes the following bugs: - Correctly deploy the dbx on MSI hardware - Correctly extract the milestone from Lenovo version numbers - Do not add invalid CoSWID entities to fix a fuzzing hang - Fix Logitech HID++ child device detection - Get the correct internal network VID and PID from Redfish - Include the payload length in the Wacom scaler update start command - Only use emulated devices when using device-emulate - Reload the thunderbolt retimer version after the payload is deployed - Speed up startup by ~1% by limiting the precision of percentage updates - Support new version formats for future Huddly devices - Updating the Logitech Rallybar in a more reliable way + This release adds support for the following hardware: - HPE Gen10/Gen10+ devices using Redfish ==== geoclue2 ==== Subpackages: system-user-srvGeoClue typelib-1_0-Geoclue-2_0 - Move xdg/autostart filesto /usr/etc (boo#1237248). ==== kernel-firmware-i915 ==== Version update (20250210 -> 20250217) - Update to version 20250217 (git commit 487f2f2421ae): * i915: Update Xe3LPD DMC to v2.17 - Drop duplicated aliases ==== kernel-firmware-sound ==== Version update (20250210 -> 20250217) - Update to version 20250217 (git commit 487f2f2421ae): * ASoC: tas2781: Change regbin firmwares for single device - Drop duplicated aliases ==== liburing ==== - disable even more tests ==== netavark ==== Version update (1.13.1 -> 1.14.0) - Remove netavark-1.14.0.obscpio checked-in mistakenly. - Use recommended way to require latest rust—require cargo. - Update to version 1.14.0: * Release v1.14.0 * release notes for v1.14.0 * update release notes from v1.13.1 * run cargo update * Finalize firewalld port forwarding support * chore(deps): update rust crate once_cell to 1.20.3 * fix(deps): update rust crate rand to 0.9.0 * Add handling for firewalld's StrictForwardPorts setting * fix lint issues wirh rust 1.84 * chore(deps): update dependency containers/automation_images to v20250131 * chore(deps): update rust crate tempfile to 3.16.0 * rename macvlan_dhcp.rs to dhcp.rs * bridge: only allow dhcp with unmanaged mode * bridge: support DHCP ipam driver * fix(deps): update rust crate ipnet to 2.11.0 * fix(deps): update rust crate serde_json to 1.0.136 * fix(deps): update rust crate log to 0.4.24 * bridge: add vlan support * fix(deps): update rust crate tokio to 1.43.0 * fix(deps): update rust crate serde_json to 1.0.135 * New VM Images * fix(deps): update rust crate clap to ~4.5.23 * chore(deps): update rust crate tempfile to 3.15.0 * fix(deps): update rust crate nispor to 1.2.22 * fix(deps): update rust crate serde_json to 1.0.134 * fix(deps): update rust crate env_logger to 0.11.6 * Add container hostname to DHCP requests and use container id as client id * fix(deps): update rust crate mozim to 0.2.5 * generate protobuf in OUT_DIR * fix(deps): update rust crate tower to 0.5.2 * Cargo.lock: bump some versions * run cargo update * cargo: set rust-version * fix new rust 1.83 lint errors * OWNERS: remove edsantiago * setup: on av errors cleanup again * nftables: add daddr match to port forward jump rule * network: bridge: don't change forwarding sysctl for internal bridges * network: bridge: add support for unmanaged mode * test-dhcp: remove deprecated ifconfig/brctl commands * fix new rust 1.82 lint errors * update ci images * fix(deps): update rust crate serde_json to 1.0.133 * network: bridge: add support for host_interface_name option * network: add support for network-specific options * fix(deps): update rust crate ipnet to 2.10.1 * chore(deps): update rust crate tempfile to 3.14.0 * fix(deps): update rust crate tokio to 1.41.1 * fix(deps): update rust crate anyhow to 1.0.93 * fix(deps): update rust crate url to 2.5.3 * [skip-ci] RPM: cleanup changelog conditionals * fix(deps): update rust crate anyhow to 1.0.92 * Bump to 1.14.0-dev ==== openssh ==== Version update (9.9p1 -> 9.9p2) Subpackages: openssh-clients openssh-common openssh-server - Update to openssh 9.9p2: = Security * Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1 (inclusive) contained a logic error that allowed an on-path attacker (a.k.a MITM) to impersonate any server when the VerifyHostKeyDNS option is enabled. This option is off by default. * Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1 (inclusive) is vulnerable to a memory/CPU denial-of-service related to the handling of SSH2_MSG_PING packets. This condition may be mitigated using the existing PerSourcePenalties feature. Both vulnerabilities were discovered and demonstrated to be exploitable by the Qualys Security Advisory team. The openSSH team thanks them for their detailed review of OpenSSH. = Bugfixes * ssh(1), sshd(8): fix regression in Match directive that caused failures when predicates and their arguments were separated by '=' characters instead of whitespace (bz3739). * sshd(8): fix the "Match invalid-user" predicate, which was matching incorrectly in the initial pass of config evaluation. * ssh(1), sshd(8), ssh-keyscan(1): fix mlkem768x25519-sha256 key exchange on big-endian systems. * Fix a number of build problems on particular operating systems and configurations. - Remove patches that are already included in 9.9p2: * 0001-fix-utmpx-ifdef.patch * 0002-upstream-fix-regression-introduced-when-I-switched-the-Match.patch * 0003-upstream-fix-previous-change-to-ssh_config-Match_-which-broken-on.patch * 0004-upstream-fix-ML-KEM768x25519-KEX-on-big-endian-systems-spotted-by.patch * fix-CVE-2025-26465-and-CVE-2025-26466.patch - Fix a MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client and a DoS attack against OpenSSH's client and server (bsc#1237040, CVE-2025-26465, bsc#1237041, CVE-2025-26466): * fix-CVE-2025-26465-and-CVE-2025-26466.patch ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap - Add read-only-root-fs to base pattern ==== psmisc ==== - Looks like Factory and TW includes glibc-gconv-modules-extra at build time ==== python-maturin ==== Version update (1.8.1 -> 1.8.2) - update to 1.8.2: * Exclude packages not in the dependency tree when finding bindings in #2426 * Use uv automatically when running maturin develop inside uv- created virtualenv in #2433 * Consider abi3 minor version when resolving Python interpreters in #2437 * Handle archived dylibs on AIX in #2442 * Fix unnecessary rebuilds due to pyo3 config file modified time change in #2446 * Fix the name of the .data directory in the generated wheel in [#2449] * Update minimal manylinux version for loongarch64 in #2451 ==== skopeo ==== Version update (1.17.0 -> 1.18.0) - Update to version 1.18.0: * Bump Skopeo to v1.18.0 * Switch to the CNCF Code of Conduct * fix(deps): update module golang.org/x/term to v0.29.0 * fix(deps): update module github.com/containers/common to v0.62.0 * chore(deps): update dependency containers/automation_images to v20250131 * fix(deps): update module github.com/spf13/pflag to v1.0.6 * fix(deps): update module github.com/containers/image/v5 to v5.34.0 * RPM: include check section to silence rpmlint * RPM: cleanup gobuild macro for CentOS Stream * fix(deps): update module github.com/containers/storage to v1.57.1 * fix(deps): update module github.com/containers/storage to v1.57.0 * feat: Add `--retry-delay` Option * fix(deps): update module github.com/containers/common to v0.61.1 * fix(deps): update module github.com/containers/image/v5 to v5.33.1 * fix(deps): update module github.com/containers/storage to v1.56.1 * systemtest: update quay.io registry image * chore(deps): update dependency containers/automation_images to v20250107 (#2488) * fix(deps): update module golang.org/x/term to v0.28.0 * chore(deps): update dependency golangci/golangci-lint to v1.63.4 * chore(deps): update dependency golangci/golangci-lint to v1.63.3 * chore(deps): update dependency golangci/golangci-lint to v1.63.2 * fix(deps): update golang.org/x/exp digest to b2144cd * chore(deps): update module golang.org/x/net to v0.33.0 [security] * fix(deps): update module github.com/containers/ocicrypt to v1.2.1 * fix(deps): update module golang.org/x/term to v0.27.0 * Fix handling of errorShouldDisplayUsage * fix(deps): update golang.org/x/exp digest to 2d47ceb * Packit: remove rhel (epel) jobs * Packit: switch fedora copr targets to fedora-all * fix(deps): update module github.com/stretchr/testify to v1.10.0 * chore(deps): update dependency golangci/golangci-lint to v1.62.2 * Update an expected error message * fix(deps): update module github.com/masterminds/semver/v3 to v3.3.1 * chore(deps): update dependency golangci/golangci-lint to v1.62.0 * fix(deps): update module github.com/moby/sys/capability to v0.4.0 * Bump to c/Skopeo v1.18.0-dev ==== woff2 ==== Subpackages: libwoff2common1_0_2 libwoff2dec1_0_2 - Add patch to fix build with gcc15: + woff2-gcc15.patch ==== xdg-desktop-portal ==== Version update (1.19.3 -> 1.19.4) - Update to version 1.19.4: + New Features: Introduce the host app registry. This interface allows host system apps (i.e. apps not running under a sandboxing mechanism like Flatpak) register themselves with XDG Desktop Portal. This allows XDG Desktop Portal to use a proper app id, and desktop file, improving the interaction with portal backends. + Enhancements: Use a new internal script to simply running tests. + Bug Fixes: - Properly escape notification body in the Notification portal. - Fix various documentation links in the USB portal documentation page. ==== xdg-desktop-portal-gnome ==== Version update (47.2 -> 47.3) - Update to version 47.3: + Fix build against xdg-desktop-portal >= 1.19.1 + Fix initialization of X11 display. - Drop patches fixed upstream: + notification-Add-missing-GUnixFDList-argument.patch + notification-null-icon-pointer.patch ==== yaml-cpp ==== - added patches fix https://github.com/jbeder/yaml-cpp/commit/7b469b4220f96fb3d036cf68cd7bd30bd39e61d2 + yaml-cpp-gcc15.patch