Recommended update of rust1.89, rust1.90

openSUSE-Leap-16.0-100 Recommended update of rust1.89, rust1.90 moderate SUSE SLFO 1.2 This update for rust 1.89 and 1.90 supplies both to SLES 16.0. This update ships rust1.89: Version 1.89.0 (2025-08-07) ========================== ## Language - Stabilize explicitly inferred const arguments (`feature(generic_arg_infer)`) - Add a warn-by-default `mismatched_lifetime_syntaxes` lint. This lint detects when the same lifetime is referred to by different syntax categories between function arguments and return values, which can be confusing to read, especially in unsafe code. This lint supersedes the warn-by-default `elided_named_lifetimes` lint. - Expand `unpredictable_function_pointer_comparisons` to also lint on function pointer comparisons in external macros - Make the `dangerous_implicit_autorefs` lint deny-by-default - Stabilize the avx512 target features - Stabilize `kl` and `widekl` target features for x86 - Stabilize `sha512`, `sm3` and `sm4` target features for x86 - Stabilize LoongArch target features `f`, `d`, `frecipe`, `lasx`, `lbt`, `lsx`, and `lvz` - Remove `i128` and `u128` from `improper_ctypes_definitions` - Stabilize `repr128` (`#[repr(u128)]`, `#[repr(i128)]`) - Allow `#![doc(test(attr(..)))]` everywhere - Extend temporary lifetime extension to also go through tuple struct and tuple variant constructors - `extern "C"` functions on the `wasm32-unknown-unknown` target now have a standards compliant ABI https://blog.rust-lang.org/2025/04/04/c-abi-changes-for-wasm32-unknown-unknown/ ## Compiler - Default to non-leaf frame pointers on aarch64-linux - Enable non-leaf frame pointers for Arm64EC Windows - Set Apple frame pointers by architecture ## Platform Support - Add new Tier-3 targets `loongarch32-unknown-none` and `loongarch32-unknown-none-softfloat` - `x86_64-apple-darwin` is in the process of being demoted to Tier 2 with host tools Refer to Rust's platform support page for more information on Rust's tiered platform support. [platform-support-doc]: https://doc.rust-lang.org/rustc/platform-support.html ## Libraries - Specify the base path for `file!` - Allow storing `format_args!()` in a variable - Add `#[must_use]` to `[T; N]::map` - Implement `DerefMut` for `Lazy{Cell,Lock}` - Implement `Default` for `array::IntoIter` - Implement `Clone` for `slice::ChunkBy` - Implement `io::Seek` for `io::Take` ## Stabilized APIs - `NonZero<char>` https://doc.rust-lang.org/stable/std/num/struct.NonZero.html - Many intrinsics for x86, not enumerated here - [AVX512 intrinsics - [`SHA512`, `SM3` and `SM4` intrinsics - `File::lock` https://doc.rust-lang.org/stable/std/fs/struct.File.html#method.lock - `File::lock_shared` https://doc.rust-lang.org/stable/std/fs/struct.File.html#method.lock_shared - `File::try_lock` https://doc.rust-lang.org/stable/std/fs/struct.File.html#method.try_lock - `File::try_lock_shared` https://doc.rust-lang.org/stable/std/fs/struct.File.html#method.try_lock_shared - `File::unlock` https://doc.rust-lang.org/stable/std/fs/struct.File.html#method.unlock - `NonNull::from_ref` https://doc.rust-lang.org/stable/std/ptr/struct.NonNull.html#method.from_ref - `NonNull::from_mut` https://doc.rust-lang.org/stable/std/ptr/struct.NonNull.html#method.from_mut - `NonNull::without_provenance` https://doc.rust-lang.org/stable/std/ptr/struct.NonNull.html#method.without_provenance - `NonNull::with_exposed_provenance` https://doc.rust-lang.org/stable/std/ptr/struct.NonNull.html#method.with_exposed_provenance - `NonNull::expose_provenance` https://doc.rust-lang.org/stable/std/ptr/struct.NonNull.html#method.expose_provenance - `OsString::leak` https://doc.rust-lang.org/stable/std/ffi/struct.OsString.html#method.leak - `PathBuf::leak` https://doc.rust-lang.org/stable/std/path/struct.PathBuf.html#method.leak - `Result::flatten` https://doc.rust-lang.org/stable/std/result/enum.Result.html#method.flatten - `std::os::linux::net::TcpStreamExt::quickack` https://doc.rust-lang.org/stable/std/os/linux/net/trait.TcpStreamExt.html#tymethod.quickack - `std::os::linux::net::TcpStreamExt::set_quickack` https://doc.rust-lang.org/stable/std/os/linux/net/trait.TcpStreamExt.html#tymethod.set_quickack These previously stable APIs are now stable in const contexts: - `<[T; N]>::as_mut_slice` https://doc.rust-lang.org/stable/std/primitive.array.html#method.as_mut_slice - `<[u8]>::eq_ignore_ascii_case` https://doc.rust-lang.org/stable/std/primitive.slice.html#impl-%5Bu8%5D/method.eq_ignore_ascii_case - `str::eq_ignore_ascii_case` https://doc.rust-lang.org/stable/std/primitive.str.html#impl-str/method.eq_ignore_ascii_case ## Cargo - `cargo fix` and `cargo clippy --fix` now default to the same Cargo target selection as other build commands. Previously it would apply to all targets (like binaries, examples, tests, etc.). The `--edition` flag still applies to all targets. - Stabilize doctest-xcompile. Doctests are now tested when cross-compiling. Just like other tests, it will use the [`runner` setting https://doc.rust-lang.org/cargo/reference/config.html#targettriplerunner to run the tests. If you need to disable tests for a target, you can use the ignore doctest attribute https://doc.rust-lang.org/rustdoc/write-documentation/documentation-tests.html#ignoring-targets to specify the targets to ignore. ## Rustdoc - On mobile, make the sidebar full width and linewrap. This makes long section and item names much easier to deal with on mobile. ## Compatibility Notes - Make `missing_fragment_specifier` an unconditional error - Enabling the `neon` target feature on `aarch64-unknown-none-softfloat` causes a warning because mixing code with and without that target feature is not properly supported by LLVM - Sized Hierarchy: Part I - Introduces a small breaking change affecting `?Sized` bounds on impls on recursive types which contain associated type projections. It is not expected to affect any existing published crates. Can be fixed by refactoring the involved types or opting into the `sized_hierarchy` unstable feature. See the FCP report for a code example. - The warn-by-default `elided_named_lifetimes` lint is [superseded by the warn-by-default `mismatched_lifetime_syntaxes` lint. - Error on recursive opaque types earlier in the type checker - Type inference side effects from requiring element types of array repeat expressions are `Copy` are now only available at the end of type checking - The deprecated accidentally-stable `std::intrinsics::{copy,copy_nonoverlapping,write_bytes}` are now proper intrinsics. There are no debug assertions guarding against UB, and they cannot be coerced to function pointers. - Remove long-deprecated `std::intrinsics::drop_in_place` - Make well-formedness predicates no longer coinductive - Remove hack when checking impl method compatibility - Remove unnecessary type inference due to built-in trait object impls - Lint against "stdcall", "fastcall", and "cdecl" on non-x86-32 targets - Future incompatibility warnings relating to the never type (`!`) are now reported in dependencies - Ensure `std::ptr::copy_*` intrinsics also perform the static self-init checks - `extern "C"` functions on the `wasm32-unknown-unknown` target now have a standards compliant ABI https://blog.rust-lang.org/2025/04/04/c-abi-changes-for-wasm32-unknown-unknown/ ## Internal Changes These changes do not affect any public interfaces of Rust, but they represent significant improvements to the performance or internals of rustc and related tools. - Correctly un-remap compiler sources paths with the `rustc-dev` component Version 1.90.0 (2025-09-18) =========================== # Language - Split up the `unknown_or_malformed_diagnostic_attributes` lint. This lint has been split up into four finer-grained lints, with `unknown_or_malformed_diagnostic_attributes` now being the lint group that contains these lints: 1. `unknown_diagnostic_attributes`: unknown to the current compiler 2. `misplaced_diagnostic_attributes`: placed on the wrong item 3. `malformed_diagnostic_attributes`: malformed attribute syntax or options 4. `malformed_diagnostic_format_literals`: malformed format string literal - Allow constants whose final value has references to mutable/external memory, but reject such constants as patterns - Allow volatile access to non-Rust memory, including address 0 # Compiler - Use `lld` by default on `x86_64-unknown-linux-gnu` - Tier 3 `musl` targets now link dynamically by default. Affected targets: - `mips64-unknown-linux-muslabi64` - `powerpc64-unknown-linux-musl` - `powerpc-unknown-linux-musl` - `powerpc-unknown-linux-muslspe` - `riscv32gc-unknown-linux-musl` - `s390x-unknown-linux-musl` - `thumbv7neon-unknown-linux-musleabihf` # Platform Support - Demote `x86_64-apple-darwin` to Tier 2 with host tools Refer to Rust's platform support page for more information on Rust's tiered platform support. # Libraries - Stabilize `u*::{checked,overflowing,saturating,wrapping}_sub_signed` - Allow comparisons between `CStr`, `CString`, and `Cow<CStr>` - Remove some unsized tuple impls since unsized tuples can't be constructed - Set `MSG_NOSIGNAL` for `UnixStream` - `proc_macro::Ident::new` now supports `$crate`. - Guarantee the pointer returned from `Thread::into_raw` has at least 8 bytes of alignment # Stabilized APIs - `u{n}::checked_sub_signed` https://doc.rust-lang.org/stable/std/primitive.usize.html#method.checked_sub_signed - `u{n}::overflowing_sub_signed` https://doc.rust-lang.org/stable/std/primitive.usize.html#method.overflowing_sub_signed - `u{n}::saturating_sub_signed` https://doc.rust-lang.org/stable/std/primitive.usize.html#method.saturating_sub_signed - `u{n}::wrapping_sub_signed` https://doc.rust-lang.org/stable/std/primitive.usize.html#method.wrapping_sub_signed) - `impl Copy for IntErrorKind` https://doc.rust-lang.org/stable/std/num/enum.IntErrorKind.html#impl-Copy-for-IntErrorKind - `impl Hash for IntErrorKind` https://doc.rust-lang.org/stable/std/num/enum.IntErrorKind.html#impl-Hash-for-IntErrorKind - `impl PartialEq<&CStr> for CStr` https://doc.rust-lang.org/stable/std/ffi/struct.CStr.html#impl-PartialEq%3C%26CStr%3E-for-CStr - `impl PartialEq<CString> for CStr` https://doc.rust-lang.org/stable/std/ffi/struct.CStr.html#impl-PartialEq%3CCString%3E-for-CStr - `impl PartialEq<Cow<CStr>> for CStr` https://doc.rust-lang.org/stable/std/ffi/struct.CStr.html#impl-PartialEq%3CCow%3C'_,+CStr%3E%3E-for-CStr - `impl PartialEq<&CStr> for CString` https://doc.rust-lang.org/stable/std/ffi/struct.CString.html#impl-PartialEq%3C%26CStr%3E-for-CString - `impl PartialEq<CStr> for CString` https://doc.rust-lang.org/stable/std/ffi/struct.CString.html#impl-PartialEq%3CCStr%3E-for-CString - `impl PartialEq<Cow<CStr>> for CString` https://doc.rust-lang.org/stable/std/ffi/struct.CString.html#impl-PartialEq%3CCow%3C'_,+CStr%3E%3E-for-CString - `impl PartialEq<&CStr> for Cow<CStr>` https://doc.rust-lang.org/stable/std/borrow/enum.Cow.html#impl-PartialEq%3C%26CStr%3E-for-Cow%3C'_,+CStr%3E - `impl PartialEq<CStr> for Cow<CStr>` https://doc.rust-lang.org/stable/std/borrow/enum.Cow.html#impl-PartialEq%3CCStr%3E-for-Cow%3C'_,+CStr%3E - `impl PartialEq<CString> for Cow<CStr>` https://doc.rust-lang.org/stable/std/borrow/enum.Cow.html#impl-PartialEq%3CCString%3E-for-Cow%3C'_,+CStr%3E These previously stable APIs are now stable in const contexts: - `<[T]>::reverse` https://doc.rust-lang.org/stable/std/primitive.slice.html#method.reverse - `f32::floor` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.floor - `f32::ceil` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.ceil - `f32::trunc` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.trunc - `f32::fract` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.fract - `f32::round` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.round - `f32::round_ties_even` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.round_ties_even - `f64::floor` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.floor - `f64::ceil` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.ceil - `f64::trunc` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.trunc - `f64::fract` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.fract - `f64::round` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.round - `f64::round_ties_even` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.round_ties_even # Cargo - Add `http.proxy-cainfo` config for proxy certs - Use `gix` for `cargo package` - feat(publish): Stabilize multi-package publishing # Rustdoc - Add ways to collapse all impl blocks. Previously the "Summary" button and "-" keyboard shortcut would never collapse `impl` blocks, now they do when shift is held - Display unsafe attributes with `unsafe()` wrappers # Compatibility Notes - Use `lld` by default on `x86_64-unknown-linux-gnu` See also <https://blog.rust-lang.org/2025/09/01/rust-lld-on-1.90.0-stable/>. - Make `core::iter::Fuse`'s `Default` impl construct `I::default()` internally as promised in the docs instead of always being empty - Set `MSG_NOSIGNAL` for `UnixStream` This may change program behavior but results in the same behavior as other primitives (e.g., stdout, network sockets). Programs relying on signals to terminate them should update handling of sockets to handle errors on write by exiting. - On Unix `std::env::home_dir` will use the fallback if the `HOME` environment variable is empty - We now reject unsupported `extern "{abi}"`s consistently in all positions. This primarily affects the use of implementing traits on an `extern "{abi}"` function pointer, like `extern "stdcall" fn()`, on a platform that doesn't support that, like aarch64-unknown-linux-gnu. Direct usage of these unsupported ABI strings by declaring or defining functions was already rejected, so this is only a change for consistency. - const-eval: error when initializing a static writes to that static - Check that the `proc_macro_derive` macro has correct arguments when applied to the crate root cargo1.89-1.89.0-160000.1.1.aarch64.rpm rust1.89-1.89.0-160000.1.1.aarch64.rpm rust1.89-src-1.89.0-160000.1.1.noarch.rpm cargo1.90-1.90.0-160000.1.1.aarch64.rpm rust1.90-1.90.0-160000.1.1.aarch64.rpm rust1.90-src-1.90.0-160000.1.1.noarch.rpm cargo1.89-1.89.0-160000.1.1.ppc64le.rpm rust1.89-1.89.0-160000.1.1.ppc64le.rpm cargo1.90-1.90.0-160000.1.1.ppc64le.rpm rust1.90-1.90.0-160000.1.1.ppc64le.rpm cargo1.89-1.89.0-160000.1.1.s390x.rpm rust1.89-1.89.0-160000.1.1.s390x.rpm cargo1.90-1.90.0-160000.1.1.s390x.rpm rust1.90-1.90.0-160000.1.1.s390x.rpm cargo1.89-1.89.0-160000.1.1.x86_64.rpm rust1.89-1.89.0-160000.1.1.x86_64.rpm cargo1.90-1.90.0-160000.1.1.x86_64.rpm rust1.90-1.90.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-101 Recommended update for az-cli-cmd moderate SUSE SLFO 1.2 This update for az-cli-cmd fixes the following issues: Changes in az-cli-cmd: - Update postun scriplet (bsc#1253743) - Do not run the postun scriptlet on upgrade as it will remove the just created command. az-cli-cmd-1.37.1-160000.1.1.noarch.rpm openSUSE-Leap-16.0-102 Security update for go1.25 important SUSE SLFO 1.2 This update for go1.25 fixes the following issues: Update to go1.25.5. Security issues fixed: - CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host certificate validation (bsc#1254431). - CVE-2025-61727: crypto/x509: excluded subdomain constraint doesn't preclude wildcard SAN (bsc#1254430). - CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress (bsc#1251253). - CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse (bsc#1251262). - CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs (bsc#1251256). - CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information (bsc#1251255). - CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys (bsc#1251260). - CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints (bsc#1251254). - CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion (bsc#1251259). - CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion (bsc#1251258). - CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map (bsc#1251261). - CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames (bsc#1251257). - CVE-2025-47910: net/http: CrossOriginProtection insecure bypass patterns not limited to exact matches (bsc#1249141). Other issues fixed and changes: - Version 1.25.5: * go#76245 mime: FormatMediaType and ParseMediaType not compatible across 1.24 to 1.25 * go#76360 os: on windows RemoveAll removing directories containing read-only files errors with unlinkat ... Access is denied, ReOpenFile error handling followup - Version 1.25.4: * go#75480 cmd/link: linker panic and relocation errors with complex generics inlining * go#75775 runtime: build fails when run via QEMU for linux/amd64 running on linux/arm64 * go#75790 crypto/internal/fips140/subtle: Go 1.25 subtle.xorBytes panic on MIPS * go#75832 net/url: ipv4 mapped ipv6 addresses should be valid in square brackets * go#75952 encoding/pem: regression when decoding blocks with leading garbage * go#75989 os: on windows RemoveAll removing directories containing read-only files errors with unlinkat ... Access is denied * go#76010 cmd/compile: any(func(){})==any(func(){}) does not panic but should * go#76029 pem/encoding: malformed line endings can cause panics - Version 1.25.3: * go#75861 crypto/x509: TLS validation fails for FQDNs with trailing dot * go#75777 spec: Go1.25 spec should be dated closer to actual release date - Version 1.25.2: * go#75111 os, syscall: volume handles with FILE_FLAG_OVERLAPPED fail when calling ReadAt * go#75116 os: Root.MkdirAll can return "file exists" when called concurrently on the same path * go#75139 os: Root.OpenRoot sets incorrect name, losing prefix of original root * go#75221 debug/pe: pe.Open fails on object files produced by llvm-mingw 21 * go#75255 cmd/compile: export to DWARF types only referenced through interfaces * go#75347 testing/synctest: test timeout with no runnable goroutines * go#75357 net: new test TestIPv4WriteMsgUDPAddrPortTargetAddrIPVersion fails on plan9 * go#75524 crypto/internal/fips140/rsa: requires a panic if self-tests fail * go#75537 context: Err can return non-nil before Done channel is closed * go#75539 net/http: internal error: connCount underflow * go#75595 cmd/compile: internal compiler error with GOEXPERIMENT=cgocheck2 on github.com/leodido/go-urn * go#75610 sync/atomic: comment for Uintptr.Or incorrectly describes return value * go#75669 runtime: debug.decoratemappings don't work as expected - Version 1.25.1: * go#74822 cmd/go: "get toolchain@latest" should ignore release candidates * go#74999 net: WriteMsgUDPAddrPort should accept IPv4-mapped IPv6 destination addresses on IPv4 UDP sockets * go#75008 os/exec: TestLookPath fails on plan9 after CL 685755 * go#75021 testing/synctest: bubble not terminating * go#75083 os: File.Seek doesn't set the correct offset with Windows overlapped handles - Packaging: migrate from update-alternatives to libalternatives (bsc#1245878). - Fix runtime condition for gcc/gcc7 dependency. - Use at least gcc 7 for all architectures (bsc#1254227). - Package svgpan.js to fix issues with "go tool pprof" (boo#1249985). - Drop unused gccgo bootstrap code in go1.22+ (bsc#1248082). go1.25-1.25.5-160000.1.1.aarch64.rpm go1.25-doc-1.25.5-160000.1.1.aarch64.rpm go1.25-libstd-1.25.5-160000.1.1.aarch64.rpm go1.25-race-1.25.5-160000.1.1.aarch64.rpm go1.25-1.25.5-160000.1.1.ppc64le.rpm go1.25-doc-1.25.5-160000.1.1.ppc64le.rpm go1.25-race-1.25.5-160000.1.1.ppc64le.rpm go1.25-1.25.5-160000.1.1.s390x.rpm go1.25-doc-1.25.5-160000.1.1.s390x.rpm go1.25-race-1.25.5-160000.1.1.s390x.rpm go1.25-1.25.5-160000.1.1.x86_64.rpm go1.25-doc-1.25.5-160000.1.1.x86_64.rpm go1.25-libstd-1.25.5-160000.1.1.x86_64.rpm go1.25-race-1.25.5-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-103 Security update for go1.24 important SUSE SLFO 1.2 This update for go1.24 fixes the following issues: Update to go1.24.11. Security issues fixed: - CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames (bsc#1251257). - CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map (bsc#1251261). - CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion (bsc#1251258). - CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion (bsc#1251259). - CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints (bsc#1251254). - CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys (bsc#1251260). - CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information (bsc#1251255). - CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs (bsc#1251256). - CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse (bsc#1251262). - CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress (bsc#1251253). - CVE-2025-61727: crypto/x509: excluded subdomain constraint doesn't preclude wildcard SAN (bsc#1254430). - CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host certificate validation (bsc#1254431). Other issues fixed and changes: - Version 1.24.11: * go#76378 internal/cpu: incorrect CPU features bit parsing on loong64 cause illegal instruction core dumps on LA364 cores - Version 1.24.10: * go#75831 net/url: ipv4 mapped ipv6 addresses should be valid in square brackets * go#75951 encoding/pem: regression when decoding blocks with leading garbage * go#76028 pem/encoding: malformed line endings can cause panics - Version 1.24.9: * go#75860 crypto/x509: TLS validation fails for FQDNs with trailing dot - Version 1.24.8: * go#75138 os: Root.OpenRoot sets incorrect name, losing prefix of original root * go#75220 debug/pe: pe.Open fails on object files produced by llvm-mingw 21 * go#75351 cmd/link: panic on riscv64 with CGO enabled due to empty container symbol * go#75356 net: new test TestIPv4WriteMsgUDPAddrPortTargetAddrIPVersion fails on plan9 * go#75359 os: new test TestOpenFileCreateExclDanglingSymlink fails on Plan 9 * go#75523 crypto/internal/fips140/rsa: requires a panic if self-tests fail * go#75538 net/http: internal error: connCount underflow * go#75594 cmd/compile: internal compiler error with GOEXPERIMENT=cgocheck2 on github.com/leodido/go-urn * go#75609 sync/atomic: comment for Uintptr.Or incorrectly describes return value - Version 1.24.7: * go#75007 os/exec: TestLookPath fails on plan9 after CL 685755 * go#74821 cmd/go: "get toolchain@latest" should ignore release candidates * go#74818 net: WriteMsgUDPAddrPort should accept IPv4-mapped IPv6 destination addresses on IPv4 UDP sockets - Packaging: migrate from update-alternatives to libalternatives (bsc#1245878). - Package svgpan.js to fix issues with "go tool pprof" (bsc#1249985). - Drop unused gccgo bootstrap code in go1.22+ (bsc#1248082). go1.24-1.24.11-160000.1.1.aarch64.rpm go1.24-doc-1.24.11-160000.1.1.aarch64.rpm go1.24-libstd-1.24.11-160000.1.1.aarch64.rpm go1.24-race-1.24.11-160000.1.1.aarch64.rpm go1.24-1.24.11-160000.1.1.ppc64le.rpm go1.24-doc-1.24.11-160000.1.1.ppc64le.rpm go1.24-race-1.24.11-160000.1.1.ppc64le.rpm go1.24-1.24.11-160000.1.1.s390x.rpm go1.24-doc-1.24.11-160000.1.1.s390x.rpm go1.24-race-1.24.11-160000.1.1.s390x.rpm go1.24-1.24.11-160000.1.1.x86_64.rpm go1.24-doc-1.24.11-160000.1.1.x86_64.rpm go1.24-libstd-1.24.11-160000.1.1.x86_64.rpm go1.24-race-1.24.11-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-104 Security update for keylime critical SUSE SLFO 1.2 This update for keylime fixes the following issues: Update to version 7.13.0+40. Security issues fixed: - CVE-2025-13609: possible agent identity takeover due to registrar allowing the registration of agents with duplicate UUIDs (bsc#1254199). - CVE-2025-1057: registrar denial-of-service due to backward incompatibility in database type handling (bsc#1237153). Other issues fixed and changes: - Version 7.13.0+40: * Include new attestation information fields (#1818) * Fix Database race conditions and SQLAlchemy 2.0 compatibility (#1823) * push-model: require HTTPS for authentication and attestation endpoints * Fix operational_state tracking in push mode attestations * templates: add push model authentication config options to 2.5 templates * Security: Hash authentication tokens in logs * Fix stale IMA policy cache in verification * Fix authentication behavior on failed attestations for push mode * Add shared memory infrastructure for multiprocess communication * Add agent authentication (challenge/response) protocol for push mode * Add agent-driven (push) attestation protocol with PULL mode regression fixes (#1814) * docs: Fix man page RST formatting for rst2man compatibility (#1813) * Apply limit on keylime-policy workers * tpm: fix ECC signature parsing to support variable-length coordinates * tpm: fix ECC P-521 credential activation with consistent marshaling * tpm: fix ECC P-521 coordinate validation * Remove deprecated disabled_signing_algorithms configuration option (#1804) * algorithms: add support for specific RSA algorithms * algorithms: add support for specific ECC curve algorithms * Created manpage for keylime-policy and edited manpages for keylime verifier, registrar, agent * Manpage for keylime agent * Manpage for keylime verifier * Manpage for keylime registrar * Use constants for timeout and max retries defaults * verifier: Use timeout from `request_timeout` config option * revocation_notifier: Use timeout setting from config file * tenant: Set timeout when getting version from agent * verify/evidence: SEV-SNP evidence type/verifier * verify/evidence: Add evidence type to request JSON - Version v7.13.0: * Avoid re-encoding certificate stored in DB * Revert "models: Do not re-encode certificate stored in DB" * Revert "registrar_agent: Use pyasn1 to parse PEM" * policy/sign: use print() when writing to /dev/stdout * registrar_agent: Use pyasn1 to parse PEM * models: Do not re-encode certificate stored in DB * mba: normalize vendor_db in EV_EFI_VARIABLE_AUTHORITY events * mb: support vendor_db as logged by newer shim versions * mb: support EV_EFI_HANDOFF_TABLES events on PCR1 * Remove unnecessary configuration values * cloud_verifier_tornado: handle exception in notify_error() * requests_client: close the session at the end of the resource manager * Manpage for keylime_tenant (#1786) * Add 2.5 templates including Push Model changes * Initial version of verify evidence API * db: Do not read pool size and max overflow for sqlite * Use context managers to close DB sessions * revocations: Try to send notifications on shutdown * verifier: Gracefully shutdown on signal * Use `fork` as `multiprocessing` start method * Fix inaccuracy in threat model and add reference to SBAT * Explain TPM properties and expand vTPM discussion * Fix invalid RST and update TOC * Expand threat model page to include adversarial model * Add --push-model option to avoid requests to agents * templates: duplicate str_to_version() in the adjust script * policy: fix mypy issues with rpm_repo * revocation_notifier: fix mypy issue by replacing deprecated call * Fix create_runtime_policy in python < 3.12 * Fix after review * fixed CONSTANT names C0103 errors * Extend meta_data field in verifierdb * docs: update issue templates * docs: add GitHub PR template with documentation reminders * tpm_util: fix quote signature extraction for ECDSA * registrar: Log API versions during startup * Remove excessive logging on exception * scripts: Fix coverage information downloading script - Version v7.12.1: * models: Add Base64Bytes type to read and write from the database * Simplify response check from registrar - Version v7.12.0: * API: Add /version endpoint to registrar * scripts: Download coverage data directly from Testing Farm * docs: Add separate documentation for each API version * scripts/create_runtime_policy.sh: fix path for the exclude list * docs: add documentation for keylime-policy * templates: Add the new agent.conf option 'api_versions' * Enable autocompletion using argcomplete * build(deps): bump codecov/codecov-action from 5.1.1 to 5.1.2 * Configure EPEL-10 repo in packit-ci.fmf * build(deps): bump codecov/codecov-action from 5.0.2 to 5.1.1 * build(deps): bump pypa/gh-action-pypi-publish from 1.12.0 to 1.12.3 * build(deps): bump docker/metadata-action from 5.5.1 to 5.6.1 * build(deps): bump docker/build-push-action from 6.9.0 to 6.10.0 * keylime-policy: improve error handling when provided a bad key (sign) * keylime-policy: exit with status 1 when the commands failed * keylime-policy: use Certificate() from models.base to validate certs * keylime-policy: check for valid cert file when using x509 backend (sign) * keylime-policy: fix help for "keylime-policy sign" verb * tenant: Correctly log number of tries when deleting * update TCTI environment variable usage * build(deps): bump codecov/codecov-action from 4.6.0 to 5.0.2 * keylime-policy: add `create measured-boot' subcommand * keylime-policy: add `sign runtime' subcommand * keylime-policy: add logger to use with the policy tool * installer.sh: Restore execution permission * installer: Fix string comparison * build(deps): bump docker/build-push-action from 6.7.0 to 6.9.0 * build(deps): bump codecov/codecov-action from 4.5.0 to 4.6.0 * build(deps): bump pypa/gh-action-pypi-publish from 1.11.0 to 1.12.0 * build(deps): bump actions/setup-python from 5.2.0 to 5.3.0 * installer.sh: updated EPEL, PEP668 Fix, logic fix * build(deps): bump pypa/gh-action-pypi-publish from 1.10.3 to 1.11.0 * build(deps): bump actions/checkout from 4.2.1 to 4.2.2 * postgresql support for docker using psycopg2 * installer.sh: update package list, add workaround for PEP 668 * build(deps): bump actions/checkout from 4.2.0 to 4.2.1 * keylime.conf: full removal * Drop pending SPDX-License-Identifier headers * create_runtime_policy: Validate algorithm from IMA measurement log * create-runtime-policy: Deal with SHA-256 and SM3_256 ambiguity * create_runtime_policy: drop commment with test data * create_runtime_policy: Use a common method to guess algorithm * keylime-policy: rename tool to keylime-policy instead of keylime_policy * keylime_policy: create runtime: remove --use-ima-measurement-list * keylime_policy: use consistent arg names for create_runtime_policy * build(deps): bump pypa/gh-action-pypi-publish from 1.10.2 to 1.10.3 * build(deps): bump actions/checkout from 4.1.7 to 4.2.0 * elchecking/example: workaround empty PK, KEK, db and dbx * elchecking: add handling for EV_EFI_PLATFORM_FIRMWARE_BLOB2 * create_runtime_policy: Fix log level for debug messages * build(deps): bump pypa/gh-action-pypi-publish from 1.10.1 to 1.10.2 * build(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.5 * pylintrc: Ignore too-many-positional-arguments check * keylime/web/base/controller: Move TypeAlias definition out of class * create_runtime_policy: Calculate digests in multiple threads * create_runtime_policy: Allow rootfs to be in any directory * keylime_policy: Calculate digests from each source separately * create_runtime_policy: Simplify boot_aggregate parsing * ima: Validate JSON when loading IMA Keyring from string * docs: include IDevID page also in the sidebar * docs: point to installation guide from RHEL and SLE Micro * build(deps): bump actions/setup-python from 5.1.1 to 5.2.0 * build(deps): bump pypa/gh-action-pypi-publish from 1.9.0 to 1.10.1 * change check_tpm_origin_check to a warning that does not prevent registration * docs: Fix Runtime Policy JSON schema to reflect the reality * Sets absolute path for files inside a rootfs dir * policy/create_runtime_policy: fix handling of empty lines in exclude list * keylime_policy: setting 'log_hash_alg' to 'sha1' (template-hash algo) * codestyle: Assign CERTIFICATE_PRIVATE_KEY_TYPES directly (pyright) * codestyle: convert bytearrays to bytes to get expected type (pyright) * codestyle: Use new variables after changing datatype (pyright) * cert_utils: add description why loading using cryptography might fail * ima: list names of the runtime policies * build(deps): bump docker/build-push-action from 6.6.1 to 6.7.0 * tox: Use python 3.10 instead of 3.6 * revocation_notifier: Use web_util to generate TLS context * mba: Add a skip custom policies option when loading mba. * build(deps): bump docker/build-push-action from 6.5.0 to 6.6.1 * build(deps): bump docker/metadata-action from 4.6.0 to 5.5.1 * cmd/keylime_policy: add tool to handle keylime policies * cert_utils: add is_x509_cert() * common/algorithms: transform Encrypt and Sign class into enums * common/algorithms: add method to calculate digest of a file * build(deps): bump docker/build-push-action from 4.2.1 to 6.5.0 * build(deps): bump docker/login-action from 3.2.0 to 3.3.0 * build(deps): bump docker/metadata-action from 4.6.0 to 5.5.1 * build(deps): bump docker/login-action from 3.2.0 to 3.3.0 * build(deps): bump docker/build-push-action from 6.4.1 to 6.5.0 * build(deps): bump docker/build-push-action from 4.2.1 to 6.4.1 * build(deps): bump docker/metadata-action from 4.6.0 to 5.5.1 * build(deps): bump pre-commit/action from 3.0.0 to 3.0.1 * tpm: Replace KDFs and ECDH implementations with python-cryptography * build(deps): bump codecov/codecov-action from 2.1.0 to 4.5.0 * build(deps): bump docker/login-action from 2.2.0 to 3.2.0 * build(deps): bump actions/setup-python from 2.3.4 to 5.1.1 * build(deps): bump actions/first-interaction * build(deps): bump actions/checkout from 2.7.0 to 4.1.7 * revocation_notifier: Explicitly add CA certificate bundle * Introduce new REST API framework and refactor registrar implementation * mba: Support named measured boot policies * tenant: add friendlier error message if mTLS CA is wrongly configured * ca_impl_openssl: Mark extensions as critical following RFC 5280 * Include Authority Key Identifier in KL-generated certs * verifier, tenant: make payload for agent completely optional keylime-config-7.13.0+40-160000.1.1.noarch.rpm keylime-firewalld-7.13.0+40-160000.1.1.noarch.rpm keylime-logrotate-7.13.0+40-160000.1.1.noarch.rpm keylime-registrar-7.13.0+40-160000.1.1.noarch.rpm keylime-tenant-7.13.0+40-160000.1.1.noarch.rpm keylime-tpm_cert_store-7.13.0+40-160000.1.1.noarch.rpm keylime-verifier-7.13.0+40-160000.1.1.noarch.rpm python313-keylime-7.13.0+40-160000.1.1.noarch.rpm openSUSE-Leap-16.0-105 Security update for ImageMagick important SUSE SLFO 1.2 This update for ImageMagick fixes the following issues: - CVE-2025-62594: unsigned underflow and division-by-zero can lead to OOB pointer arithmetic and process crash (bsc#1252749). - CVE-2025-57807: BlobStream Forward-Seek Under-Allocation (bsc#1249362). - CVE-2025-62171: incomplete fix for integer overflow in BMP Decoder (bsc#1252282). - CVE-2025-55298: format string bug vulnerability can lead to heap overflow (bsc#1248780). - CVE-2025-57803: 32-bit integer overflow can lead to heap out-of-bounds (OOB) write (bsc#1248784). - CVE-2025-55212: division-by-zero in ThumbnailImage() when passing a geometry string containing only a colon to `montage -geometry` (bsc#1248767). ImageMagick-7.1.2.0-160000.4.1.aarch64.rpm ImageMagick-config-7-SUSE-7.1.2.0-160000.4.1.noarch.rpm ImageMagick-devel-7.1.2.0-160000.4.1.aarch64.rpm ImageMagick-doc-7.1.2.0-160000.4.1.noarch.rpm ImageMagick-extra-7.1.2.0-160000.4.1.aarch64.rpm libMagick++-7_Q16HDRI5-7.1.2.0-160000.4.1.aarch64.rpm libMagick++-devel-7.1.2.0-160000.4.1.aarch64.rpm libMagickCore-7_Q16HDRI10-7.1.2.0-160000.4.1.aarch64.rpm libMagickWand-7_Q16HDRI10-7.1.2.0-160000.4.1.aarch64.rpm perl-PerlMagick-7.1.2.0-160000.4.1.aarch64.rpm ImageMagick-config-7-upstream-open-7.1.2.0-160000.4.1.noarch.rpm ImageMagick-config-7-upstream-limited-7.1.2.0-160000.4.1.noarch.rpm ImageMagick-config-7-upstream-secure-7.1.2.0-160000.4.1.noarch.rpm ImageMagick-config-7-upstream-websafe-7.1.2.0-160000.4.1.noarch.rpm ImageMagick-7.1.2.0-160000.4.1.ppc64le.rpm ImageMagick-devel-7.1.2.0-160000.4.1.ppc64le.rpm ImageMagick-extra-7.1.2.0-160000.4.1.ppc64le.rpm libMagick++-7_Q16HDRI5-7.1.2.0-160000.4.1.ppc64le.rpm libMagick++-devel-7.1.2.0-160000.4.1.ppc64le.rpm libMagickCore-7_Q16HDRI10-7.1.2.0-160000.4.1.ppc64le.rpm libMagickWand-7_Q16HDRI10-7.1.2.0-160000.4.1.ppc64le.rpm perl-PerlMagick-7.1.2.0-160000.4.1.ppc64le.rpm ImageMagick-7.1.2.0-160000.4.1.s390x.rpm ImageMagick-devel-7.1.2.0-160000.4.1.s390x.rpm ImageMagick-extra-7.1.2.0-160000.4.1.s390x.rpm libMagick++-7_Q16HDRI5-7.1.2.0-160000.4.1.s390x.rpm libMagick++-devel-7.1.2.0-160000.4.1.s390x.rpm libMagickCore-7_Q16HDRI10-7.1.2.0-160000.4.1.s390x.rpm libMagickWand-7_Q16HDRI10-7.1.2.0-160000.4.1.s390x.rpm perl-PerlMagick-7.1.2.0-160000.4.1.s390x.rpm ImageMagick-7.1.2.0-160000.4.1.x86_64.rpm ImageMagick-devel-7.1.2.0-160000.4.1.x86_64.rpm ImageMagick-extra-7.1.2.0-160000.4.1.x86_64.rpm libMagick++-7_Q16HDRI5-7.1.2.0-160000.4.1.x86_64.rpm libMagick++-devel-7.1.2.0-160000.4.1.x86_64.rpm libMagickCore-7_Q16HDRI10-7.1.2.0-160000.4.1.x86_64.rpm libMagickWand-7_Q16HDRI10-7.1.2.0-160000.4.1.x86_64.rpm perl-PerlMagick-7.1.2.0-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-106 Security update for grub2 important SUSE SLFO 1.2 This update for grub2 fixes the following issues: Changes in grub2: - CVE-2025-54771: Fixed grub_file_close() does not properly controls the fs refcount (bsc#1252931) - CVE-2025-54770: Fixed missing unregister call for net_set_vlan command may lead to use-after-free (bsc#1252930) - CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933) - CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934) - CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935) - CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932) - Bump upstream SBAT generation to 6 - Fix "sparse file not allowed" error after grub2-reboot (bsc#1245738) - Fix PowerPC network boot prefix to correctly locate grub.cfg (bsc#1249385) - turn off page flipping for i386-pc using VBE video backend (bsc#1245636) - Fix boot hangs in setting up serial console when ACPI SPCR table is present and redirection is disabled (bsc#1249088) - Fix timeout when loading initrd via http after PPC CAS reboot (bsc#1245953) - Skip mount point in grub_find_device function (bsc#1246231) - CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959) grub2-2.12-160000.3.1.aarch64.rpm grub2-arm64-efi-2.12-160000.3.1.noarch.rpm grub2-arm64-efi-bls-2.12-160000.3.1.noarch.rpm grub2-arm64-efi-debug-2.12-160000.3.1.noarch.rpm grub2-arm64-efi-extras-2.12-160000.3.1.noarch.rpm grub2-branding-upstream-2.12-160000.3.1.noarch.rpm grub2-common-2.12-160000.3.1.aarch64.rpm grub2-snapper-plugin-2.12-160000.3.1.noarch.rpm grub2-systemd-sleep-plugin-2.12-160000.3.1.noarch.rpm grub2-2.12-160000.3.1.ppc64le.rpm grub2-common-2.12-160000.3.1.ppc64le.rpm grub2-powerpc-ieee1275-2.12-160000.3.1.noarch.rpm grub2-powerpc-ieee1275-debug-2.12-160000.3.1.noarch.rpm grub2-powerpc-ieee1275-extras-2.12-160000.3.1.noarch.rpm grub2-2.12-160000.3.1.s390x.rpm grub2-common-2.12-160000.3.1.s390x.rpm grub2-s390x-emu-2.12-160000.3.1.s390x.rpm grub2-s390x-emu-debug-2.12-160000.3.1.s390x.rpm grub2-s390x-emu-extras-2.12-160000.3.1.noarch.rpm grub2-2.12-160000.3.1.x86_64.rpm grub2-common-2.12-160000.3.1.x86_64.rpm grub2-i386-pc-2.12-160000.3.1.noarch.rpm grub2-i386-pc-debug-2.12-160000.3.1.noarch.rpm grub2-i386-pc-extras-2.12-160000.3.1.noarch.rpm grub2-x86_64-efi-2.12-160000.3.1.noarch.rpm grub2-x86_64-efi-bls-2.12-160000.3.1.noarch.rpm grub2-x86_64-efi-debug-2.12-160000.3.1.noarch.rpm grub2-x86_64-efi-extras-2.12-160000.3.1.noarch.rpm grub2-x86_64-xen-2.12-160000.3.1.noarch.rpm grub2-x86_64-xen-debug-2.12-160000.3.1.noarch.rpm grub2-x86_64-xen-extras-2.12-160000.3.1.noarch.rpm openSUSE-Leap-16.0-107 Security update for openssl-3 important SUSE SLFO 1.2 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232) - CVE-2025-9231: Fixedk timing side-channel in SM2 algorithm on 64 bit ARM (bsc#1250233) - CVE-2025-9232: Fixed out-of-bounds read in HTTP client no_proxy handling (bsc#1250234) libopenssl-3-devel-3.5.0-160000.4.1.aarch64.rpm libopenssl-3-fips-provider-3.5.0-160000.4.1.aarch64.rpm libopenssl3-3.5.0-160000.4.1.aarch64.rpm openssl-3-3.5.0-160000.4.1.aarch64.rpm openssl-3-doc-3.5.0-160000.4.1.noarch.rpm libopenssl-3-devel-3.5.0-160000.4.1.ppc64le.rpm libopenssl-3-fips-provider-3.5.0-160000.4.1.ppc64le.rpm libopenssl3-3.5.0-160000.4.1.ppc64le.rpm openssl-3-3.5.0-160000.4.1.ppc64le.rpm libopenssl-3-devel-3.5.0-160000.4.1.s390x.rpm libopenssl-3-fips-provider-3.5.0-160000.4.1.s390x.rpm libopenssl3-3.5.0-160000.4.1.s390x.rpm openssl-3-3.5.0-160000.4.1.s390x.rpm libopenssl-3-devel-3.5.0-160000.4.1.x86_64.rpm libopenssl-3-fips-provider-3.5.0-160000.4.1.x86_64.rpm libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.4.1.x86_64.rpm libopenssl3-3.5.0-160000.4.1.x86_64.rpm libopenssl3-x86-64-v3-3.5.0-160000.4.1.x86_64.rpm openssl-3-3.5.0-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-108 Recommended update for openldap2_6 moderate SUSE SLFO 1.2 This update for openldap2_6 fixes the following issues: Changes in openldap2_6: - Add limited support for libldap-2.4 library compatibility (jsc#PED-13833) libldap-2-2.6.10+10-160000.3.1.aarch64.rpm libldap-data-2.6.10+10-160000.3.1.noarch.rpm libldap2-sap-compat-2.6.10+10-160000.3.1.aarch64.rpm openldap2_6-2.6.10+10-160000.3.1.aarch64.rpm openldap2_6-client-2.6.10+10-160000.3.1.aarch64.rpm openldap2_6-contrib-2.6.10+10-160000.3.1.aarch64.rpm openldap2_6-devel-2.6.10+10-160000.3.1.aarch64.rpm openldap2_6-doc-2.6.10+10-160000.3.1.noarch.rpm libldapcpp-devel-2.6.10+10-160000.3.1.aarch64.rpm libldapcpp0-2.6.10+10-160000.3.1.aarch64.rpm libldap-2-2.6.10+10-160000.3.1.ppc64le.rpm libldap2-sap-compat-2.6.10+10-160000.3.1.ppc64le.rpm openldap2_6-2.6.10+10-160000.3.1.ppc64le.rpm openldap2_6-client-2.6.10+10-160000.3.1.ppc64le.rpm openldap2_6-contrib-2.6.10+10-160000.3.1.ppc64le.rpm openldap2_6-devel-2.6.10+10-160000.3.1.ppc64le.rpm libldapcpp-devel-2.6.10+10-160000.3.1.ppc64le.rpm libldapcpp0-2.6.10+10-160000.3.1.ppc64le.rpm libldap-2-2.6.10+10-160000.3.1.s390x.rpm libldap2-sap-compat-2.6.10+10-160000.3.1.s390x.rpm openldap2_6-2.6.10+10-160000.3.1.s390x.rpm openldap2_6-client-2.6.10+10-160000.3.1.s390x.rpm openldap2_6-contrib-2.6.10+10-160000.3.1.s390x.rpm openldap2_6-devel-2.6.10+10-160000.3.1.s390x.rpm libldapcpp-devel-2.6.10+10-160000.3.1.s390x.rpm libldapcpp0-2.6.10+10-160000.3.1.s390x.rpm libldap-2-2.6.10+10-160000.3.1.x86_64.rpm libldap2-sap-compat-2.6.10+10-160000.3.1.x86_64.rpm openldap2_6-2.6.10+10-160000.3.1.x86_64.rpm openldap2_6-client-2.6.10+10-160000.3.1.x86_64.rpm openldap2_6-contrib-2.6.10+10-160000.3.1.x86_64.rpm openldap2_6-devel-2.6.10+10-160000.3.1.x86_64.rpm libldapcpp-devel-2.6.10+10-160000.3.1.x86_64.rpm libldapcpp0-2.6.10+10-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-109 Recommended update for freetype2 moderate SUSE SLFO 1.2 This update for freetype2 fixes the following issues: Changes in freetype2: - update to 2.13.3: - Do not build the ft2demos flavor in SLE16 where Qt5 will not be available freetype2-devel-2.13.3-160000.3.1.aarch64.rpm freetype2-profile-tti35-2.13.3-160000.3.1.noarch.rpm ftdump-2.13.3-160000.3.1.aarch64.rpm libfreetype6-2.13.3-160000.3.1.aarch64.rpm freetype2-devel-2.13.3-160000.3.1.ppc64le.rpm ftdump-2.13.3-160000.3.1.ppc64le.rpm libfreetype6-2.13.3-160000.3.1.ppc64le.rpm freetype2-devel-2.13.3-160000.3.1.s390x.rpm ftdump-2.13.3-160000.3.1.s390x.rpm libfreetype6-2.13.3-160000.3.1.s390x.rpm freetype2-devel-2.13.3-160000.3.1.x86_64.rpm ftdump-2.13.3-160000.3.1.x86_64.rpm libfreetype6-2.13.3-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-110 Recommended update for libnvme, nvme-cli important SUSE SLFO 1.2 This update for libnvme, nvme-cli fixes the following issues: Changes for libnvme: - linux: use EVP_PKEY_CTX_add1_hkdf_info only once in compat function (bsc#1246914) - nvme/linux: check for empty digest in gen_tls_identity() (bsc#1246914) - nvme/linux: add fallback implementation for nvme_insert_tls_key_compat() (bsc#1246914) - linux: fix HKDF TLS key derivation back to OpenSSL 3.0.8 (bsc#1246914) - libnvme: TLS PSK derivation fixes (bsc#1246914) - linux: rename __nvme_insert_tls_key_versioned() to __nvme_insert_tls_key() (bsc#1246914) - linux: rename __nvme_insert_tls_key() to __nvme_import_tls_key() (bsc#1246914) - test/psk: add testcase for TLS identity derivation (bsc#1246914) - linux: set errno when nvme_generate_tls_key_identity() fails (bsc#1246914) - tree: do not try to strdup NULL pointer (bsc#1247225) - tree: always set the host key (bsc#1246560) - tree: add routine to fetch subsys firmware rev (bsc#1240518) - tree: add routine to fetch subsys model (bsc#1240518) Changes for nvme-cli: - nvme: add --compat flag for 'gen-tls-key' and 'check-tls-key' (bsc#1246914) - netapp-ontapdev: update invalid device handling (bsc#1247017) - netapp-smdev: update invalid device handling (bsc#1247017) - nvme-print: display fw-rev in list-subsys output (bsc#1240518) - nvme-print: display model in list-subsys output (bsc#1240518) - netapp-ontapdev: add subsysname to regular output (bsc#1240518) - netapp-ontapdev: add subsysname to the verbose output (bsc#1240518) - Revert "nvme-print-json: display only verbose output" - nvme: check for valid output format (bsc#1237275) - nvme: make get-feature JSON output print everything (bsc#1237275) - nvme: make -v output consistent with -H output for nvme get-feature (bsc#1237275) - nvme: make -v output consistent with -H output for nvme get-property (bsc#1237275) - nvme-print-stdout: add details in list-ns verbose output (bsc#1237275) - nvme-print-stdout: add descriptions for nsze, ncap and nuse (bsc#1237275) - netapp-ontapdev: correct the basestr header (bsc#1237275) - netapp-smdev: update err msg for no smdevices (bsc#1237275) - netapp-ontapdev: update err msg for no ontapdevices (bsc#1237275) - netapp-smdev: update basestr header in verbose output (bsc#1237275) - netapp-ontapdev: update basestr headers in verbose output - netapp-smdev: add verbose output - netapp-smdev: remove redundant code - nvme-netapp: update err messages - netapp-ontapdev: fix JSON output for nsze and nuse - netapp-ontapdev: fix fw version handling - netapp-ontapdev: add verbose output libnvme-devel-1.11+17.g6d55624d-160000.1.1.aarch64.rpm libnvme-mi1-1.11+17.g6d55624d-160000.1.1.aarch64.rpm libnvme1-1.11+17.g6d55624d-160000.1.1.aarch64.rpm python3-libnvme-1.11+17.g6d55624d-160000.1.1.aarch64.rpm nvme-cli-2.11+29.g35e62868-160000.1.1.aarch64.rpm nvme-cli-bash-completion-2.11+29.g35e62868-160000.1.1.noarch.rpm nvme-cli-regress-script-2.11+29.g35e62868-160000.1.1.noarch.rpm nvme-cli-zsh-completion-2.11+29.g35e62868-160000.1.1.noarch.rpm libnvme-devel-1.11+17.g6d55624d-160000.1.1.ppc64le.rpm libnvme-mi1-1.11+17.g6d55624d-160000.1.1.ppc64le.rpm libnvme1-1.11+17.g6d55624d-160000.1.1.ppc64le.rpm python3-libnvme-1.11+17.g6d55624d-160000.1.1.ppc64le.rpm nvme-cli-2.11+29.g35e62868-160000.1.1.ppc64le.rpm libnvme-devel-1.11+17.g6d55624d-160000.1.1.s390x.rpm libnvme-mi1-1.11+17.g6d55624d-160000.1.1.s390x.rpm libnvme1-1.11+17.g6d55624d-160000.1.1.s390x.rpm python3-libnvme-1.11+17.g6d55624d-160000.1.1.s390x.rpm nvme-cli-2.11+29.g35e62868-160000.1.1.s390x.rpm libnvme-devel-1.11+17.g6d55624d-160000.1.1.x86_64.rpm libnvme-mi1-1.11+17.g6d55624d-160000.1.1.x86_64.rpm libnvme1-1.11+17.g6d55624d-160000.1.1.x86_64.rpm python3-libnvme-1.11+17.g6d55624d-160000.1.1.x86_64.rpm nvme-cli-2.11+29.g35e62868-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-111 Recommended update for nvidia-open-driver-G06-signed moderate SUSE SLFO 1.2 This update for nvidia-open-driver-G06-signed fixes the following issues: - readded kernel-6.18.patch still needed for cuda driver version 580.105.08 - update non-CUDA variant to version 580.119.02 (bsc#1254801) - fixed build against kernel 6.18 - introduced extra %gfx_aarch64_version and appropriate tarball/pci_id file in the hope that build service will no longer complain - update CUDA variant to 580.105.08 - back to 580.95.05 on aarch64, since userspace drivers have not been updated for this platform - update non-CUDA variant to version 580.105.08 (bsc#1252978) nvidia-open-driver-G06-signed-64kb-devel-580.119.02-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-check-580.119.02-160000.1.1.noarch.rpm nvidia-open-driver-G06-signed-default-devel-580.119.02-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-kmp-64kb-580.119.02_k6.12.0_160000.7-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-kmp-default-580.119.02_k6.12.0_160000.7-160000.1.1.aarch64.rpm nv-prefer-signed-open-driver-580.105.08-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-cuda-64kb-devel-580.105.08-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-cuda-check-580.105.08-160000.1.1.noarch.rpm nvidia-open-driver-G06-signed-cuda-default-devel-580.105.08-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-cuda-kmp-64kb-580.105.08_k6.12.0_160000.7-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-cuda-kmp-default-580.105.08_k6.12.0_160000.7-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-default-devel-580.119.02-160000.1.1.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-580.119.02_k6.12.0_160000.7-160000.1.1.x86_64.rpm nv-prefer-signed-open-driver-580.105.08-160000.1.1.x86_64.rpm nvidia-open-driver-G06-signed-cuda-default-devel-580.105.08-160000.1.1.x86_64.rpm nvidia-open-driver-G06-signed-cuda-kmp-default-580.105.08_k6.12.0_160000.7-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-112 Security update for qemu important SUSE SLFO 1.2 This update for qemu fixes the following issues: Update to version 10.0.7. Security issues fixed: - CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious guest user to crash the QEMU process on the host (bsc#1253002). - CVE-2025-11234: use-after-free in WebSocket handshake operations can be exploited by a malicious client with network access to the VNC WebSocket port to cause a denial-of-service (bsc#1250984). Other updates and bugfixes: - Version 10.0.7: * kvm: Fix kvm_vm_ioctl() and kvm_device_ioctl() return value * docs/devel: Update URL for make-pullreq script * target/arm: Fix assert on BRA. * hw/aspeed/{xdma, rtc, sdhci}: Fix endianness to DEVICE_LITTLE_ENDIAN * hw/core/machine: Provide a description for aux-ram-share property * hw/pci: Make msix_init take a uint32_t for nentries * block/io_uring: avoid potentially getting stuck after resubmit at the end of ioq_submit() * block-backend: Fix race when resuming queued requests * ui/vnc: Fix qemu abort when query vnc info * chardev/char-pty: Do not ignore chr_write() failures * hw/display/exynos4210_fimd: Account for zero length in fimd_update_memory_section() * hw/arm/armv7m: Disable reentrancy guard for v7m_sysreg_ns_ops MRs * hw/arm/aspeed: Fix missing SPI IRQ connection causing DMA interrupt failure * migration: Fix transition to COLO state from precopy * Full backport list: https://lore.kernel.org/qemu-devel/1765037524.347582.2700543.nullmailer@tls.msk.ru/ - Version 10.0.6: * linux-user/microblaze: Fix little-endianness binary * target/hppa: correct size bit parity for fmpyadd * target/i386: user: do not set up a valid LDT on reset * async: access bottom half flags with qatomic_read * target/i386: fix x86_64 pushw op * i386/tcg/smm_helper: Properly apply DR values on SMM entry / exit * i386/cpu: Prevent delivering SIPI during SMM in TCG mode * i386/kvm: Expose ARCH_CAP_FB_CLEAR when invulnerable to MDS * target/i386: Fix CR2 handling for non-canonical addresses * block/curl.c: Use explicit long constants in curl_easy_setopt calls * pcie_sriov: Fix broken MMIO accesses from SR-IOV VFs * target/riscv: rvv: Fix vslide1[up|down].vx unexpected result when XLEN2 and SEWd * target/riscv: Fix ssamoswap error handling * Full backport list: https://lore.kernel.org/qemu-devel/1761022287.744330.6357.nullmailer@tls.msk.ru/ - Version 10.0.5: * tests/functional/test_aarch64_sbsaref_freebsd: Fix the URL of the ISO image * tests/functional/test_ppc_bamboo: Replace broken link with working assets * physmem: Destroy all CPU AddressSpaces on unrealize * memory: New AS helper to serialize destroy+free * include/system/memory.h: Clarify address_space_destroy() behaviour * migration: Fix state transition in postcopy_start() error handling * target/riscv: rvv: Modify minimum VLEN according to enabled vector extensions * target/riscv: rvv: Replace checking V by checking Zve32x * target/riscv: Fix endianness swap on compressed instructions * hw/riscv/riscv-iommu: Fixup PDT Nested Walk * Full backport list: https://lore.kernel.org/qemu-devel/1759986125.676506.643525.nullmailer@tls.msk.ru/ - [openSUSE][RPM]: really fix *-virtio-gpu-pci dependency on ARM (bsc#1254286). - [openSUSE][RPM] spec: make glusterfs support conditional (bsc#1254494). qemu-10.0.7-160000.1.1.aarch64.rpm qemu-SLOF-10.0.7-160000.1.1.noarch.rpm qemu-accel-qtest-10.0.7-160000.1.1.aarch64.rpm qemu-arm-10.0.7-160000.1.1.aarch64.rpm qemu-audio-alsa-10.0.7-160000.1.1.aarch64.rpm qemu-audio-dbus-10.0.7-160000.1.1.aarch64.rpm qemu-audio-jack-10.0.7-160000.1.1.aarch64.rpm qemu-audio-oss-10.0.7-160000.1.1.aarch64.rpm qemu-audio-pa-10.0.7-160000.1.1.aarch64.rpm qemu-audio-pipewire-10.0.7-160000.1.1.aarch64.rpm qemu-audio-spice-10.0.7-160000.1.1.aarch64.rpm qemu-block-curl-10.0.7-160000.1.1.aarch64.rpm qemu-block-dmg-10.0.7-160000.1.1.aarch64.rpm qemu-block-iscsi-10.0.7-160000.1.1.aarch64.rpm qemu-block-nfs-10.0.7-160000.1.1.aarch64.rpm qemu-block-rbd-10.0.7-160000.1.1.aarch64.rpm qemu-block-ssh-10.0.7-160000.1.1.aarch64.rpm qemu-chardev-baum-10.0.7-160000.1.1.aarch64.rpm qemu-chardev-spice-10.0.7-160000.1.1.aarch64.rpm qemu-doc-10.0.7-160000.1.1.noarch.rpm qemu-extra-10.0.7-160000.1.1.aarch64.rpm qemu-guest-agent-10.0.7-160000.1.1.aarch64.rpm qemu-headless-10.0.7-160000.1.1.aarch64.rpm qemu-hw-display-qxl-10.0.7-160000.1.1.aarch64.rpm qemu-hw-display-virtio-gpu-10.0.7-160000.1.1.aarch64.rpm qemu-hw-display-virtio-gpu-pci-10.0.7-160000.1.1.aarch64.rpm qemu-hw-display-virtio-vga-10.0.7-160000.1.1.aarch64.rpm qemu-hw-s390x-virtio-gpu-ccw-10.0.7-160000.1.1.aarch64.rpm qemu-hw-usb-host-10.0.7-160000.1.1.aarch64.rpm qemu-hw-usb-redirect-10.0.7-160000.1.1.aarch64.rpm qemu-hw-usb-smartcard-10.0.7-160000.1.1.aarch64.rpm qemu-img-10.0.7-160000.1.1.aarch64.rpm qemu-ipxe-10.0.7-160000.1.1.noarch.rpm qemu-ivshmem-tools-10.0.7-160000.1.1.aarch64.rpm qemu-ksm-10.0.7-160000.1.1.aarch64.rpm qemu-lang-10.0.7-160000.1.1.noarch.rpm qemu-microvm-10.0.7-160000.1.1.noarch.rpm qemu-ppc-10.0.7-160000.1.1.aarch64.rpm qemu-pr-helper-10.0.7-160000.1.1.aarch64.rpm qemu-s390x-10.0.7-160000.1.1.aarch64.rpm qemu-seabios-10.0.71.16.3_3_g3d33c746-160000.1.1.noarch.rpm qemu-skiboot-10.0.7-160000.1.1.noarch.rpm qemu-spice-10.0.7-160000.1.1.aarch64.rpm qemu-tools-10.0.7-160000.1.1.aarch64.rpm qemu-ui-curses-10.0.7-160000.1.1.aarch64.rpm qemu-ui-dbus-10.0.7-160000.1.1.aarch64.rpm qemu-ui-gtk-10.0.7-160000.1.1.aarch64.rpm qemu-ui-opengl-10.0.7-160000.1.1.aarch64.rpm qemu-ui-spice-app-10.0.7-160000.1.1.aarch64.rpm qemu-ui-spice-core-10.0.7-160000.1.1.aarch64.rpm qemu-vgabios-10.0.71.16.3_3_g3d33c746-160000.1.1.noarch.rpm qemu-vhost-user-gpu-10.0.7-160000.1.1.aarch64.rpm qemu-x86-10.0.7-160000.1.1.aarch64.rpm qemu-linux-user-10.0.7-160000.1.1.aarch64.rpm qemu-10.0.7-160000.1.1.ppc64le.rpm qemu-accel-qtest-10.0.7-160000.1.1.ppc64le.rpm qemu-arm-10.0.7-160000.1.1.ppc64le.rpm qemu-audio-alsa-10.0.7-160000.1.1.ppc64le.rpm qemu-audio-dbus-10.0.7-160000.1.1.ppc64le.rpm qemu-audio-jack-10.0.7-160000.1.1.ppc64le.rpm qemu-audio-oss-10.0.7-160000.1.1.ppc64le.rpm qemu-audio-pa-10.0.7-160000.1.1.ppc64le.rpm qemu-audio-pipewire-10.0.7-160000.1.1.ppc64le.rpm qemu-audio-spice-10.0.7-160000.1.1.ppc64le.rpm qemu-block-curl-10.0.7-160000.1.1.ppc64le.rpm qemu-block-dmg-10.0.7-160000.1.1.ppc64le.rpm qemu-block-iscsi-10.0.7-160000.1.1.ppc64le.rpm qemu-block-nfs-10.0.7-160000.1.1.ppc64le.rpm qemu-block-rbd-10.0.7-160000.1.1.ppc64le.rpm qemu-block-ssh-10.0.7-160000.1.1.ppc64le.rpm qemu-chardev-baum-10.0.7-160000.1.1.ppc64le.rpm qemu-chardev-spice-10.0.7-160000.1.1.ppc64le.rpm qemu-extra-10.0.7-160000.1.1.ppc64le.rpm qemu-guest-agent-10.0.7-160000.1.1.ppc64le.rpm qemu-headless-10.0.7-160000.1.1.ppc64le.rpm qemu-hw-display-qxl-10.0.7-160000.1.1.ppc64le.rpm qemu-hw-display-virtio-gpu-10.0.7-160000.1.1.ppc64le.rpm qemu-hw-display-virtio-gpu-pci-10.0.7-160000.1.1.ppc64le.rpm qemu-hw-display-virtio-vga-10.0.7-160000.1.1.ppc64le.rpm qemu-hw-s390x-virtio-gpu-ccw-10.0.7-160000.1.1.ppc64le.rpm qemu-hw-usb-host-10.0.7-160000.1.1.ppc64le.rpm qemu-hw-usb-redirect-10.0.7-160000.1.1.ppc64le.rpm qemu-hw-usb-smartcard-10.0.7-160000.1.1.ppc64le.rpm qemu-img-10.0.7-160000.1.1.ppc64le.rpm qemu-ivshmem-tools-10.0.7-160000.1.1.ppc64le.rpm qemu-ksm-10.0.7-160000.1.1.ppc64le.rpm qemu-ppc-10.0.7-160000.1.1.ppc64le.rpm qemu-pr-helper-10.0.7-160000.1.1.ppc64le.rpm qemu-s390x-10.0.7-160000.1.1.ppc64le.rpm qemu-spice-10.0.7-160000.1.1.ppc64le.rpm qemu-tools-10.0.7-160000.1.1.ppc64le.rpm qemu-ui-curses-10.0.7-160000.1.1.ppc64le.rpm qemu-ui-dbus-10.0.7-160000.1.1.ppc64le.rpm qemu-ui-gtk-10.0.7-160000.1.1.ppc64le.rpm qemu-ui-opengl-10.0.7-160000.1.1.ppc64le.rpm qemu-ui-spice-app-10.0.7-160000.1.1.ppc64le.rpm qemu-ui-spice-core-10.0.7-160000.1.1.ppc64le.rpm qemu-vhost-user-gpu-10.0.7-160000.1.1.ppc64le.rpm qemu-x86-10.0.7-160000.1.1.ppc64le.rpm qemu-linux-user-10.0.7-160000.1.1.ppc64le.rpm qemu-10.0.7-160000.1.1.s390x.rpm qemu-accel-qtest-10.0.7-160000.1.1.s390x.rpm qemu-arm-10.0.7-160000.1.1.s390x.rpm qemu-audio-alsa-10.0.7-160000.1.1.s390x.rpm qemu-audio-dbus-10.0.7-160000.1.1.s390x.rpm qemu-audio-jack-10.0.7-160000.1.1.s390x.rpm qemu-audio-oss-10.0.7-160000.1.1.s390x.rpm qemu-audio-pa-10.0.7-160000.1.1.s390x.rpm qemu-audio-pipewire-10.0.7-160000.1.1.s390x.rpm qemu-audio-spice-10.0.7-160000.1.1.s390x.rpm qemu-block-curl-10.0.7-160000.1.1.s390x.rpm qemu-block-dmg-10.0.7-160000.1.1.s390x.rpm qemu-block-iscsi-10.0.7-160000.1.1.s390x.rpm qemu-block-nfs-10.0.7-160000.1.1.s390x.rpm qemu-block-rbd-10.0.7-160000.1.1.s390x.rpm qemu-block-ssh-10.0.7-160000.1.1.s390x.rpm qemu-chardev-baum-10.0.7-160000.1.1.s390x.rpm qemu-chardev-spice-10.0.7-160000.1.1.s390x.rpm qemu-extra-10.0.7-160000.1.1.s390x.rpm qemu-guest-agent-10.0.7-160000.1.1.s390x.rpm qemu-headless-10.0.7-160000.1.1.s390x.rpm qemu-hw-display-qxl-10.0.7-160000.1.1.s390x.rpm qemu-hw-display-virtio-gpu-10.0.7-160000.1.1.s390x.rpm qemu-hw-display-virtio-gpu-pci-10.0.7-160000.1.1.s390x.rpm qemu-hw-display-virtio-vga-10.0.7-160000.1.1.s390x.rpm qemu-hw-s390x-virtio-gpu-ccw-10.0.7-160000.1.1.s390x.rpm qemu-hw-usb-host-10.0.7-160000.1.1.s390x.rpm qemu-hw-usb-redirect-10.0.7-160000.1.1.s390x.rpm qemu-hw-usb-smartcard-10.0.7-160000.1.1.s390x.rpm qemu-img-10.0.7-160000.1.1.s390x.rpm qemu-ivshmem-tools-10.0.7-160000.1.1.s390x.rpm qemu-ksm-10.0.7-160000.1.1.s390x.rpm qemu-ppc-10.0.7-160000.1.1.s390x.rpm qemu-pr-helper-10.0.7-160000.1.1.s390x.rpm qemu-s390x-10.0.7-160000.1.1.s390x.rpm qemu-spice-10.0.7-160000.1.1.s390x.rpm qemu-tools-10.0.7-160000.1.1.s390x.rpm qemu-ui-curses-10.0.7-160000.1.1.s390x.rpm qemu-ui-dbus-10.0.7-160000.1.1.s390x.rpm qemu-ui-gtk-10.0.7-160000.1.1.s390x.rpm qemu-ui-opengl-10.0.7-160000.1.1.s390x.rpm qemu-ui-spice-app-10.0.7-160000.1.1.s390x.rpm qemu-ui-spice-core-10.0.7-160000.1.1.s390x.rpm qemu-vhost-user-gpu-10.0.7-160000.1.1.s390x.rpm qemu-x86-10.0.7-160000.1.1.s390x.rpm qemu-linux-user-10.0.7-160000.1.1.s390x.rpm qemu-10.0.7-160000.1.1.x86_64.rpm qemu-accel-qtest-10.0.7-160000.1.1.x86_64.rpm qemu-arm-10.0.7-160000.1.1.x86_64.rpm qemu-audio-alsa-10.0.7-160000.1.1.x86_64.rpm qemu-audio-dbus-10.0.7-160000.1.1.x86_64.rpm qemu-audio-jack-10.0.7-160000.1.1.x86_64.rpm qemu-audio-oss-10.0.7-160000.1.1.x86_64.rpm qemu-audio-pa-10.0.7-160000.1.1.x86_64.rpm qemu-audio-pipewire-10.0.7-160000.1.1.x86_64.rpm qemu-audio-spice-10.0.7-160000.1.1.x86_64.rpm qemu-block-curl-10.0.7-160000.1.1.x86_64.rpm qemu-block-dmg-10.0.7-160000.1.1.x86_64.rpm qemu-block-iscsi-10.0.7-160000.1.1.x86_64.rpm qemu-block-nfs-10.0.7-160000.1.1.x86_64.rpm qemu-block-rbd-10.0.7-160000.1.1.x86_64.rpm qemu-block-ssh-10.0.7-160000.1.1.x86_64.rpm qemu-chardev-baum-10.0.7-160000.1.1.x86_64.rpm qemu-chardev-spice-10.0.7-160000.1.1.x86_64.rpm qemu-extra-10.0.7-160000.1.1.x86_64.rpm qemu-guest-agent-10.0.7-160000.1.1.x86_64.rpm qemu-headless-10.0.7-160000.1.1.x86_64.rpm qemu-hw-display-qxl-10.0.7-160000.1.1.x86_64.rpm qemu-hw-display-virtio-gpu-10.0.7-160000.1.1.x86_64.rpm qemu-hw-display-virtio-gpu-pci-10.0.7-160000.1.1.x86_64.rpm qemu-hw-display-virtio-vga-10.0.7-160000.1.1.x86_64.rpm qemu-hw-s390x-virtio-gpu-ccw-10.0.7-160000.1.1.x86_64.rpm qemu-hw-usb-host-10.0.7-160000.1.1.x86_64.rpm qemu-hw-usb-redirect-10.0.7-160000.1.1.x86_64.rpm qemu-hw-usb-smartcard-10.0.7-160000.1.1.x86_64.rpm qemu-img-10.0.7-160000.1.1.x86_64.rpm qemu-ivshmem-tools-10.0.7-160000.1.1.x86_64.rpm qemu-ksm-10.0.7-160000.1.1.x86_64.rpm qemu-ppc-10.0.7-160000.1.1.x86_64.rpm qemu-pr-helper-10.0.7-160000.1.1.x86_64.rpm qemu-s390x-10.0.7-160000.1.1.x86_64.rpm qemu-spice-10.0.7-160000.1.1.x86_64.rpm qemu-tools-10.0.7-160000.1.1.x86_64.rpm qemu-ui-curses-10.0.7-160000.1.1.x86_64.rpm qemu-ui-dbus-10.0.7-160000.1.1.x86_64.rpm qemu-ui-gtk-10.0.7-160000.1.1.x86_64.rpm qemu-ui-opengl-10.0.7-160000.1.1.x86_64.rpm qemu-ui-spice-app-10.0.7-160000.1.1.x86_64.rpm qemu-ui-spice-core-10.0.7-160000.1.1.x86_64.rpm qemu-vhost-user-gpu-10.0.7-160000.1.1.x86_64.rpm qemu-vmsr-helper-10.0.7-160000.1.1.x86_64.rpm qemu-x86-10.0.7-160000.1.1.x86_64.rpm qemu-linux-user-10.0.7-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-113 Security update for the Linux Kernel important SUSE SLFO 1.2 The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50253: bpf: make sure skb->len != 0 when redirecting to a tunneling device (bsc#1249912). - CVE-2025-37916: pds_core: remove write-after-free of client_id (bsc#1243474). - CVE-2025-38084: mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431 bsc#1245498). - CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431 bsc#1245499). - CVE-2025-38321: smb: Log an error when close_all_cached_dirs fails (bsc#1246328). - CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256). - CVE-2025-39805: net: macb: fix unregister_netdev call order in macb_remove() (bsc#1249982). - CVE-2025-39819: fs/smb: Fix inconsistent refcnt update (bsc#1250176). - CVE-2025-39822: io_uring/kbuf: fix signedness in this_len calculation (bsc#1250034). - CVE-2025-39831: fbnic: Move phylink resume out of service_task and into open/close (bsc#1249977). - CVE-2025-39859: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog (bsc#1250252). - CVE-2025-39897: net: xilinx: axienet: Add error handling for RX metadata pointer retrieval (bsc#1250746). - CVE-2025-39917: bpf: Fix out-of-bounds dynptr write in bpf_crypto_crypt (bsc#1250723). - CVE-2025-39944: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() (bsc#1251120). - CVE-2025-39961: iommu/amd/pgtbl: Fix possible race while increase page table level (bsc#1251817). - CVE-2025-39980: nexthop: Forbid FDB status change while nexthop is in a group (bsc#1252063). - CVE-2025-39990: bpf: Check the helper function is valid in get_helper_proto (bsc#1252054). - CVE-2025-40001: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (bsc#1252303). - CVE-2025-40003: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work (bsc#1252301). - CVE-2025-40006: mm/hugetlb: fix folio is still mapped when deleted (bsc#1252342). - CVE-2025-40021: tracing: dynevent: Add a missing lockdown check on dynevent (bsc#1252681). - CVE-2025-40024: vhost: Take a reference on the task in struct vhost_task (bsc#1252686). - CVE-2025-40027: net/9p: fix double req put in p9_fd_cancelled (bsc#1252763). - CVE-2025-40031: tee: fix register_shm_helper() (bsc#1252779). - CVE-2025-40033: remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() (bsc#1252824). - CVE-2025-40038: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid (bsc#1252817). - CVE-2025-40047: io_uring/waitid: always prune wait queue entry in io_waitid_wait() (bsc#1252790). - CVE-2025-40053: net: dlink: handle copy_thresh allocation failure (bsc#1252808). - CVE-2025-40055: ocfs2: fix double free in user_cluster_connect() (bsc#1252821). - CVE-2025-40059: coresight: Fix incorrect handling for return value of devm_kzalloc (bsc#1252809). - CVE-2025-40064: smc: Fix use-after-free in __pnet_find_base_ndev() (bsc#1252845). - CVE-2025-40070: pps: fix warning in pps_register_cdev when register device fail (bsc#1252836). - CVE-2025-40074: tcp: convert to dev_net_rcu() (bsc#1252794). - CVE-2025-40075: tcp_metrics: use dst_dev_net_rcu() (bsc#1252795). - CVE-2025-40081: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (bsc#1252776). - CVE-2025-40083: net/sched: sch_qfq: Fix null-deref in agg_dequeue (bsc#1252912). - CVE-2025-40086: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds (bsc#1252923). - CVE-2025-40098: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() (bsc#1252917). - CVE-2025-40101: btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST (bsc#1252901). - CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919). - CVE-2025-40105: vfs: Don't leak disconnected dentries on umount (bsc#1252928). - CVE-2025-40133: mptcp: Call dst_release() in mptcp_active_enable() (bsc#1253328). - CVE-2025-40134: dm: fix NULL pointer dereference in __dm_suspend() (bsc#1253386). - CVE-2025-40135: ipv6: use RCU in ip6_xmit() (bsc#1253342). - CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409). - CVE-2025-40149: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock() (bsc#1253355). - CVE-2025-40153: mm: hugetlb: avoid soft lockup when mprotect to large memory area (bsc#1253408). - CVE-2025-40157: EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller (bsc#1253423). - CVE-2025-40158: ipv6: use RCU in ip6_output() (bsc#1253402). - CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253403). - CVE-2025-40168: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (bsc#1253427). - CVE-2025-40169: bpf: Reject negative offsets for ALU ops (bsc#1253416). - CVE-2025-40173: net/ip6_tunnel: Prevent perpetual tunnel growth (bsc#1253421). - CVE-2025-40175: idpf: cleanup remaining SKBs in PTP flows (bsc#1253426). - CVE-2025-40176: tls: wait for pending async decryptions if tls_strp_msg_hold fails (bsc#1253425). - CVE-2025-40178: pid: Add a judgment for ns null in pid_nr_ns (bsc#1253463). - CVE-2025-40185: ice: ice_adapter: release xa entry on adapter allocation failure (bsc#1253394). - CVE-2025-40201: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths (bsc#1253455). - CVE-2025-40203: listmount: don't call path_put() under namespace semaphore (bsc#1253457). The following non security issues were fixed: - ACPI: scan: Update honor list for RPMI System MSI (stable-fixes). - ACPICA: Update dsmethod.c to get rid of unused variable warning (stable-fixes). - Disable CONFIG_CPU5_WDT The cpu5wdt driver doesn't implement a proper watchdog interface and has many code issues. It only handles obscure and obsolete hardware. Stop building and supporting this driver (jsc#PED-14062). - Fix "drm/xe: Don't allow evicting of BOs in same VM in array of VM binds" (bsc#1252923) - KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (git-fixes). - KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing (git-fixes). - KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated (git-fixes). - KVM: s390: improve interrupt cpu for wakeup (bsc#1235463). - KVM: s390: kABI backport for 'last_sleep_cpu' (bsc#1252352). - KVM: x86/mmu: Return -EAGAIN if userspace deletes/moves memslot during prefault (git-fixes). - PCI/ERR: Update device error_state already after reset (stable-fixes). - PM: EM: Slightly reduce em_check_capacity_update() overhead (stable-fixes). - Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" (git-fixes). - Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" (git-fixes). - Update config files: enable zstd module decompression (jsc#PED-14115). - bpf/selftests: Fix test_tcpnotify_user (bsc#1253635). - btrfs: do not clear read-only when adding sprout device (bsc#1253238). - btrfs: do not update last_log_commit when logging inode due to a new name (git-fixes). - dm: fix queue start/stop imbalance under suspend/load/resume races (bsc#1253386) - drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream (stable-fixes). - drm/amd/display: update color on atomic commit time (stable-fixes). - drm/amd/display: update dpp/disp clock from smu clock table (stable-fixes). - drm/radeon: delete radeon_fence_process in is_signaled, no deadlock (stable-fixes). - hwmon: (lenovo-ec-sensors) Update P8 supprt (stable-fixes). - media: amphion: Delete v4l2_fh synchronously in .release() (stable-fixes). - mount: handle NULL values in mnt_ns_release() (bsc#1254308) - net/smc: Remove validation of reserved bits in CLC Decline (bsc#1252357). - net: phy: move realtek PHY driver to its own subdirectory (jsc#PED-14353). - net: phy: realtek: add defines for shadowed c45 standard registers (jsc#PED-14353). - net: phy: realtek: add helper RTL822X_VND2_C22_REG (jsc#PED-14353). - net: phy: realtek: change order of calls in C22 read_status() (jsc#PED-14353). - net: phy: realtek: clear 1000Base-T link partner advertisement (jsc#PED-14353). - net: phy: realtek: improve mmd register access for internal PHY's (jsc#PED-14353). - net: phy: realtek: read duplex and gbit master from PHYSR register (jsc#PED-14353). - net: phy: realtek: switch from paged to MMD ops in rtl822x functions (jsc#PED-14353). - net: phy: realtek: use string choices helpers (jsc#PED-14353). - net: xilinx: axienet: Fix IRQ coalescing packet count overflow (bsc#1250746) - net: xilinx: axienet: Fix RX skb ring management in DMAengine mode (bsc#1250746) - net: xilinx: axienet: Fix Tx skb circular buffer occupancy check in dmaengine xmit (bsc#1250746) - nvmet-auth: update sc_c in host response (git-fixes bsc#1249397). - nvmet-auth: update sc_c in target host hash calculation (git-fixes). - perf list: Add IBM z17 event descriptions (jsc#PED-13611). - platform/x86:intel/pmc: Update Arrow Lake telemetry GUID (git-fixes). - powercap: intel_rapl: Add support for Panther Lake platform (jsc#PED-13949). - pwm: pca9685: Use bulk write to atomicially update registers (stable-fixes). - r8169: add PHY c45 ops for MDIO_MMD_VENDOR2 registers (jsc#PED-14353). - r8169: add support for Intel Killer E5000 (jsc#PED-14353). - r8169: add support for RTL8125BP rev.b (jsc#PED-14353). - r8169: add support for RTL8125D rev.b (jsc#PED-14353). - r8169: adjust version numbering for RTL8126 (jsc#PED-14353). - r8169: align RTL8125 EEE config with vendor driver (jsc#PED-14353). - r8169: align RTL8125/RTL8126 PHY config with vendor driver (jsc#PED-14353). - r8169: align RTL8126 EEE config with vendor driver (jsc#PED-14353). - r8169: align WAKE_PHY handling with r8125/r8126 vendor drivers (jsc#PED-14353). - r8169: avoid duplicated messages if loading firmware fails and switch to warn level (jsc#PED-14353). - r8169: don't take RTNL lock in rtl_task() (jsc#PED-14353). - r8169: enable EEE at 2.5G per default on RTL8125B (jsc#PED-14353). - r8169: enable RTL8168H/RTL8168EP/RTL8168FP ASPM support (jsc#PED-14353). - r8169: fix inconsistent indenting in rtl8169_get_eth_mac_stats (jsc#PED-14353). - r8169: implement additional ethtool stats ops (jsc#PED-14353). - r8169: improve __rtl8169_set_wol (jsc#PED-14353). - r8169: improve initialization of RSS registers on RTL8125/RTL8126 (jsc#PED-14353). - r8169: improve rtl_set_d3_pll_down (jsc#PED-14353). - r8169: increase max jumbo packet size on RTL8125/RTL8126 (jsc#PED-14353). - r8169: remove leftover locks after reverted change (jsc#PED-14353). - r8169: remove original workaround for RTL8125 broken rx issue (jsc#PED-14353). - r8169: remove rtl_dash_loop_wait_high/low (jsc#PED-14353). - r8169: remove support for chip version 11 (jsc#PED-14353). - r8169: remove unused flag RTL_FLAG_TASK_RESET_NO_QUEUE_WAKE (jsc#PED-14353). - r8169: replace custom flag with disable_work() et al (jsc#PED-14353). - r8169: switch away from deprecated pcim_iomap_table (jsc#PED-14353). - r8169: use helper r8169_mod_reg8_cond to simplify rtl_jumbo_config (jsc#PED-14353). - ring-buffer: Update pages_touched to reflect persistent buffer content (git-fixes). - s390/mm: Fix __ptep_rdp() inline assembly (bsc#1253643). - sched/fair: Get rid of sched_domains_curr_level hack for tl->cpumask() (bsc#1246843). - sched/fair: Have SD_SERIALIZE affect newidle balancing (bsc#1248792). - sched/fair: Proportional newidle balance (bsc#1248792). - sched/fair: Proportional newidle balance -KABI (bsc#1248792). - sched/fair: Revert max_newidle_lb_cost bump (bsc#1248792). - sched/fair: Skip sched_balance_running cmpxchg when balance is not due (bsc#1248792). - sched/fair: Small cleanup to sched_balance_newidle() (bsc#1248792). - sched/fair: Small cleanup to update_newidle_cost() (bsc#1248792). - scsi: lpfc: Add capability to register Platform Name ID to fabric (bsc#1254119). - scsi: lpfc: Allow support for BB credit recovery in point-to-point topology (bsc#1254119). - scsi: lpfc: Ensure unregistration of rpis for received PLOGIs (bsc#1254119). - scsi: lpfc: Fix leaked ndlp krefs when in point-to-point topology (bsc#1254119). - scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI (bsc#1254119). - scsi: lpfc: Modify kref handling for Fabric Controller ndlps (bsc#1254119). - scsi: lpfc: Remove redundant NULL ptr assignment in lpfc_els_free_iocb() (bsc#1254119). - scsi: lpfc: Revise discovery related function headers and comments (bsc#1254119). - scsi: lpfc: Update lpfc version to 14.4.0.12 (bsc#1254119). - scsi: lpfc: Update various NPIV diagnostic log messaging (bsc#1254119). - selftests/run_kselftest.sh: Add `--skip` argument option (bsc#1254221). - smpboot: introduce SDTL_INIT() helper to tidy sched topology setup (bsc#1246843). - soc/tegra: fuse: speedo-tegra210: Update speedo IDs (git-fixes). - spi: tegra210-quad: Check hardware status on timeout (bsc#1253155) - spi: tegra210-quad: Fix timeout handling (bsc#1253155) - spi: tegra210-quad: Refactor error handling into helper functions (bsc#1253155) - spi: tegra210-quad: Update dummy sequence configuration (git-fixes) - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork (bsc#1250705). - wifi: ath11k: Add quirk entries for Thinkpad T14s Gen3 AMD (bsc#1254181). - wifi: mt76: do not add wcid entries to sta poll list during MCU reset (bsc#1254315). - wifi: mt76: introduce mt792x_config_mac_addr_list routine (bsc#1254315). - wifi: mt76: mt7925: Fix logical vs bitwise typo (bsc#1254315). - wifi: mt76: mt7925: Remove unnecessary if-check (bsc#1254315). - wifi: mt76: mt7925: Simplify HIF suspend handling to avoid suspend fail (bsc#1254315). - wifi: mt76: mt7925: add EHT control support based on the CLC data (bsc#1254315). - wifi: mt76: mt7925: add handler to hif suspend/resume event (bsc#1254315). - wifi: mt76: mt7925: add pci restore for hibernate (bsc#1254315). - wifi: mt76: mt7925: config the dwell time by firmware (bsc#1254315). - wifi: mt76: mt7925: extend MCU support for testmode (bsc#1254315). - wifi: mt76: mt7925: fix CLC command timeout when suspend/resume (bsc#1254315). - wifi: mt76: mt7925: fix missing hdr_trans_tlv command for broadcast wtbl (bsc#1254315). - wifi: mt76: mt7925: fix the unfinished command of regd_notifier before suspend (bsc#1254315). - wifi: mt76: mt7925: refine the txpower initialization flow (bsc#1254315). - wifi: mt76: mt7925: replace zero-length array with flexible-array member (bsc#1254315). - wifi: mt76: mt7925: update the channel usage when the regd domain changed (bsc#1254315). - wifi: mt76: mt7925e: fix too long of wifi resume time (bsc#1254315). - x86/smpboot: avoid SMT domain attach/destroy if SMT is not enabled (bsc#1246843). - x86/smpboot: moves x86_topology to static initialize and truncate (bsc#1246843). - x86/smpboot: remove redundant CONFIG_SCHED_SMT (bsc#1246843). kernel-devel-6.12.0-160000.8.1.noarch.rpm True kernel-macros-6.12.0-160000.8.1.noarch.rpm True kernel-source-6.12.0-160000.8.1.noarch.rpm True kernel-source-vanilla-6.12.0-160000.8.1.noarch.rpm True kernel-default-base-6.12.0-160000.8.1.160000.2.5.aarch64.rpm True dtb-allwinner-6.12.0-160000.8.1.aarch64.rpm True dtb-altera-6.12.0-160000.8.1.aarch64.rpm True dtb-amazon-6.12.0-160000.8.1.aarch64.rpm True dtb-amd-6.12.0-160000.8.1.aarch64.rpm True dtb-amlogic-6.12.0-160000.8.1.aarch64.rpm True dtb-apm-6.12.0-160000.8.1.aarch64.rpm True dtb-apple-6.12.0-160000.8.1.aarch64.rpm True dtb-arm-6.12.0-160000.8.1.aarch64.rpm True dtb-broadcom-6.12.0-160000.8.1.aarch64.rpm True dtb-cavium-6.12.0-160000.8.1.aarch64.rpm True dtb-exynos-6.12.0-160000.8.1.aarch64.rpm True dtb-freescale-6.12.0-160000.8.1.aarch64.rpm True dtb-hisilicon-6.12.0-160000.8.1.aarch64.rpm True dtb-lg-6.12.0-160000.8.1.aarch64.rpm True dtb-marvell-6.12.0-160000.8.1.aarch64.rpm True dtb-mediatek-6.12.0-160000.8.1.aarch64.rpm True dtb-nvidia-6.12.0-160000.8.1.aarch64.rpm True dtb-qcom-6.12.0-160000.8.1.aarch64.rpm True dtb-renesas-6.12.0-160000.8.1.aarch64.rpm True dtb-rockchip-6.12.0-160000.8.1.aarch64.rpm True dtb-socionext-6.12.0-160000.8.1.aarch64.rpm True dtb-sprd-6.12.0-160000.8.1.aarch64.rpm True dtb-xilinx-6.12.0-160000.8.1.aarch64.rpm True cluster-md-kmp-64kb-6.12.0-160000.8.1.aarch64.rpm True dlm-kmp-64kb-6.12.0-160000.8.1.aarch64.rpm True gfs2-kmp-64kb-6.12.0-160000.8.1.aarch64.rpm True kernel-64kb-6.12.0-160000.8.1.aarch64.rpm True kernel-64kb-devel-6.12.0-160000.8.1.aarch64.rpm True kernel-64kb-extra-6.12.0-160000.8.1.aarch64.rpm True kernel-64kb-optional-6.12.0-160000.8.1.aarch64.rpm True kselftests-kmp-64kb-6.12.0-160000.8.1.aarch64.rpm True ocfs2-kmp-64kb-6.12.0-160000.8.1.aarch64.rpm True cluster-md-kmp-default-6.12.0-160000.8.1.aarch64.rpm True dlm-kmp-default-6.12.0-160000.8.1.aarch64.rpm True gfs2-kmp-default-6.12.0-160000.8.1.aarch64.rpm True kernel-default-6.12.0-160000.8.1.aarch64.rpm True kernel-default-devel-6.12.0-160000.8.1.aarch64.rpm True kernel-default-extra-6.12.0-160000.8.1.aarch64.rpm True kernel-default-optional-6.12.0-160000.8.1.aarch64.rpm True kselftests-kmp-default-6.12.0-160000.8.1.aarch64.rpm True ocfs2-kmp-default-6.12.0-160000.8.1.aarch64.rpm True kernel-docs-6.12.0-160000.8.1.noarch.rpm True kernel-docs-html-6.12.0-160000.8.1.noarch.rpm True kernel-kvmsmall-6.12.0-160000.8.1.aarch64.rpm True kernel-kvmsmall-devel-6.12.0-160000.8.1.aarch64.rpm True kernel-obs-build-6.12.0-160000.8.1.aarch64.rpm True kernel-obs-qa-6.12.0-160000.8.1.aarch64.rpm True cluster-md-kmp-rt-6.12.0-160000.8.1.aarch64.rpm True dlm-kmp-rt-6.12.0-160000.8.1.aarch64.rpm True gfs2-kmp-rt-6.12.0-160000.8.1.aarch64.rpm True kernel-rt-6.12.0-160000.8.1.aarch64.rpm True kernel-rt-devel-6.12.0-160000.8.1.aarch64.rpm True kernel-rt-extra-6.12.0-160000.8.1.aarch64.rpm True kernel-rt-optional-6.12.0-160000.8.1.aarch64.rpm True kselftests-kmp-rt-6.12.0-160000.8.1.aarch64.rpm True ocfs2-kmp-rt-6.12.0-160000.8.1.aarch64.rpm True kernel-syms-6.12.0-160000.8.1.aarch64.rpm True kernel-default-base-6.12.0-160000.8.1.160000.2.5.ppc64le.rpm True cluster-md-kmp-default-6.12.0-160000.8.1.ppc64le.rpm True dlm-kmp-default-6.12.0-160000.8.1.ppc64le.rpm True gfs2-kmp-default-6.12.0-160000.8.1.ppc64le.rpm True kernel-default-6.12.0-160000.8.1.ppc64le.rpm True kernel-default-devel-6.12.0-160000.8.1.ppc64le.rpm True kernel-default-extra-6.12.0-160000.8.1.ppc64le.rpm True kernel-default-optional-6.12.0-160000.8.1.ppc64le.rpm True kselftests-kmp-default-6.12.0-160000.8.1.ppc64le.rpm True ocfs2-kmp-default-6.12.0-160000.8.1.ppc64le.rpm True kernel-kvmsmall-6.12.0-160000.8.1.ppc64le.rpm True kernel-kvmsmall-devel-6.12.0-160000.8.1.ppc64le.rpm True kernel-obs-build-6.12.0-160000.8.1.ppc64le.rpm True kernel-obs-qa-6.12.0-160000.8.1.ppc64le.rpm True kernel-syms-6.12.0-160000.8.1.ppc64le.rpm True cluster-md-kmp-default-6.12.0-160000.8.1.s390x.rpm True dlm-kmp-default-6.12.0-160000.8.1.s390x.rpm True gfs2-kmp-default-6.12.0-160000.8.1.s390x.rpm True kernel-default-6.12.0-160000.8.1.s390x.rpm True kernel-default-devel-6.12.0-160000.8.1.s390x.rpm True kernel-default-extra-6.12.0-160000.8.1.s390x.rpm True kernel-default-optional-6.12.0-160000.8.1.s390x.rpm True kselftests-kmp-default-6.12.0-160000.8.1.s390x.rpm True ocfs2-kmp-default-6.12.0-160000.8.1.s390x.rpm True kernel-obs-build-6.12.0-160000.8.1.s390x.rpm True kernel-obs-qa-6.12.0-160000.8.1.s390x.rpm True kernel-syms-6.12.0-160000.8.1.s390x.rpm True kernel-zfcpdump-6.12.0-160000.8.1.s390x.rpm True kernel-default-base-6.12.0-160000.8.1.160000.2.5.x86_64.rpm True cluster-md-kmp-default-6.12.0-160000.8.1.x86_64.rpm True dlm-kmp-default-6.12.0-160000.8.1.x86_64.rpm True gfs2-kmp-default-6.12.0-160000.8.1.x86_64.rpm True kernel-default-6.12.0-160000.8.1.x86_64.rpm True kernel-default-devel-6.12.0-160000.8.1.x86_64.rpm True kernel-default-extra-6.12.0-160000.8.1.x86_64.rpm True kernel-default-optional-6.12.0-160000.8.1.x86_64.rpm True kernel-default-vdso-6.12.0-160000.8.1.x86_64.rpm True kselftests-kmp-default-6.12.0-160000.8.1.x86_64.rpm True ocfs2-kmp-default-6.12.0-160000.8.1.x86_64.rpm True kernel-kvmsmall-6.12.0-160000.8.1.x86_64.rpm True kernel-kvmsmall-devel-6.12.0-160000.8.1.x86_64.rpm True kernel-kvmsmall-vdso-6.12.0-160000.8.1.x86_64.rpm True kernel-obs-build-6.12.0-160000.8.1.x86_64.rpm True kernel-obs-qa-6.12.0-160000.8.1.x86_64.rpm True cluster-md-kmp-rt-6.12.0-160000.8.1.x86_64.rpm True dlm-kmp-rt-6.12.0-160000.8.1.x86_64.rpm True gfs2-kmp-rt-6.12.0-160000.8.1.x86_64.rpm True kernel-rt-6.12.0-160000.8.1.x86_64.rpm True kernel-rt-devel-6.12.0-160000.8.1.x86_64.rpm True kernel-rt-extra-6.12.0-160000.8.1.x86_64.rpm True kernel-rt-optional-6.12.0-160000.8.1.x86_64.rpm True kernel-rt-vdso-6.12.0-160000.8.1.x86_64.rpm True kselftests-kmp-rt-6.12.0-160000.8.1.x86_64.rpm True ocfs2-kmp-rt-6.12.0-160000.8.1.x86_64.rpm True kernel-syms-6.12.0-160000.8.1.x86_64.rpm True openSUSE-Leap-16.0-115 Security update for fontforge low SUSE SLFO 1.2 This update for fontforge fixes the following issues: - CVE-2025-50949: Fixed memory leak in function DlgCreate8 (bsc#1252652). fontforge-20230101-160000.3.1.aarch64.rpm fontforge-devel-20230101-160000.3.1.aarch64.rpm fontforge-doc-20230101-160000.3.1.noarch.rpm fontforge-20230101-160000.3.1.ppc64le.rpm fontforge-devel-20230101-160000.3.1.ppc64le.rpm fontforge-20230101-160000.3.1.s390x.rpm fontforge-devel-20230101-160000.3.1.s390x.rpm fontforge-20230101-160000.3.1.x86_64.rpm fontforge-devel-20230101-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-116 Security update for mariadb important SUSE SLFO 1.2 This update for mariadb fixes the following issues: - Update to 11.8.5: * CVE-2025-13699: Fixed Directory Traversal Remote Code Execution Vulnerability (bsc#1254313) Other fixes: - Add %license tags to license files (bsc#1252162) - Add INSTALL_DOCREADMEDIR cmake flag to install readme and license files - Remove client plugin parsec.so, it is shipped by libmariadb_plugins (bsc#1243040, bsc#1254476) Updating mariadb might impact the database service. Do you want to proceed with the update? libmariadbd-devel-11.8.5-160000.1.1.aarch64.rpm libmariadbd19-11.8.5-160000.1.1.aarch64.rpm mariadb-11.8.5-160000.1.1.aarch64.rpm mariadb-bench-11.8.5-160000.1.1.aarch64.rpm mariadb-client-11.8.5-160000.1.1.aarch64.rpm mariadb-errormessages-11.8.5-160000.1.1.noarch.rpm mariadb-galera-11.8.5-160000.1.1.aarch64.rpm mariadb-rpm-macros-11.8.5-160000.1.1.aarch64.rpm mariadb-test-11.8.5-160000.1.1.aarch64.rpm mariadb-tools-11.8.5-160000.1.1.aarch64.rpm libmariadbd-devel-11.8.5-160000.1.1.ppc64le.rpm libmariadbd19-11.8.5-160000.1.1.ppc64le.rpm mariadb-11.8.5-160000.1.1.ppc64le.rpm mariadb-bench-11.8.5-160000.1.1.ppc64le.rpm mariadb-client-11.8.5-160000.1.1.ppc64le.rpm mariadb-galera-11.8.5-160000.1.1.ppc64le.rpm mariadb-rpm-macros-11.8.5-160000.1.1.ppc64le.rpm mariadb-test-11.8.5-160000.1.1.ppc64le.rpm mariadb-tools-11.8.5-160000.1.1.ppc64le.rpm libmariadbd-devel-11.8.5-160000.1.1.s390x.rpm libmariadbd19-11.8.5-160000.1.1.s390x.rpm mariadb-11.8.5-160000.1.1.s390x.rpm mariadb-bench-11.8.5-160000.1.1.s390x.rpm mariadb-client-11.8.5-160000.1.1.s390x.rpm mariadb-galera-11.8.5-160000.1.1.s390x.rpm mariadb-rpm-macros-11.8.5-160000.1.1.s390x.rpm mariadb-test-11.8.5-160000.1.1.s390x.rpm mariadb-tools-11.8.5-160000.1.1.s390x.rpm libmariadbd-devel-11.8.5-160000.1.1.x86_64.rpm libmariadbd19-11.8.5-160000.1.1.x86_64.rpm mariadb-11.8.5-160000.1.1.x86_64.rpm mariadb-bench-11.8.5-160000.1.1.x86_64.rpm mariadb-client-11.8.5-160000.1.1.x86_64.rpm mariadb-galera-11.8.5-160000.1.1.x86_64.rpm mariadb-rpm-macros-11.8.5-160000.1.1.x86_64.rpm mariadb-test-11.8.5-160000.1.1.x86_64.rpm mariadb-tools-11.8.5-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-117 Recommended update for wicked2nm moderate SUSE SLFO 1.2 This update for wicked2nm fixes the following issues: - Update to v1.4.0 * Activate only connections if present in the current system * Improve error output, exit codes and add flag to disable user hints * Add support for autoip-fallback wicked2nm-1.4.0-160000.1.1.aarch64.rpm wicked2nm-1.4.0-160000.1.1.ppc64le.rpm wicked2nm-1.4.0-160000.1.1.s390x.rpm wicked2nm-1.4.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-118 Security update for salt important SUSE SLFO 1.2 This update for salt fixes the following issues: Changes in salt: - Add minimum_auth_version to enforce security (CVE-2025-62349) - Backport security fixes for vendored tornado * BDSA-2024-3438 * BDSA-2024-3439 * BDSA-2024-9026 - Junos module yaml loader fix (CVE-2025-62348) - Require Python dependencies only for used Python version - Fix TLS and x509 modules for OSes with older cryptography module - Fix Salt for Python > 3.11 (bsc#1252285, bsc#1252244) - Fix payload signature verification on Tumbleweed (bsc#1251776) - Fix broken symlink on migration to Leap 16.0 (bsc#1250755) - Use versioned python interpreter for salt-ssh - Fix known_hosts error on gitfs (bsc#1250520, bsc#1227207) - Revert require M2Crypto >= 0.44.0 for SUSE Family distros - Improve SL Micro 6.2 detection with grains - Fix the tests failing on AlmaLinux 10 and other clones python313-salt-3006.0-160000.3.1.aarch64.rpm salt-3006.0-160000.3.1.aarch64.rpm salt-api-3006.0-160000.3.1.aarch64.rpm salt-bash-completion-3006.0-160000.3.1.noarch.rpm salt-cloud-3006.0-160000.3.1.aarch64.rpm salt-doc-3006.0-160000.3.1.aarch64.rpm salt-fish-completion-3006.0-160000.3.1.noarch.rpm salt-master-3006.0-160000.3.1.aarch64.rpm salt-minion-3006.0-160000.3.1.aarch64.rpm salt-proxy-3006.0-160000.3.1.aarch64.rpm salt-ssh-3006.0-160000.3.1.aarch64.rpm salt-standalone-formulas-configuration-3006.0-160000.3.1.aarch64.rpm salt-syndic-3006.0-160000.3.1.aarch64.rpm salt-transactional-update-3006.0-160000.3.1.aarch64.rpm salt-zsh-completion-3006.0-160000.3.1.noarch.rpm python313-salt-testsuite-3006.0-160000.3.1.aarch64.rpm python313-salt-3006.0-160000.3.1.ppc64le.rpm salt-3006.0-160000.3.1.ppc64le.rpm salt-api-3006.0-160000.3.1.ppc64le.rpm salt-cloud-3006.0-160000.3.1.ppc64le.rpm salt-doc-3006.0-160000.3.1.ppc64le.rpm salt-master-3006.0-160000.3.1.ppc64le.rpm salt-minion-3006.0-160000.3.1.ppc64le.rpm salt-proxy-3006.0-160000.3.1.ppc64le.rpm salt-ssh-3006.0-160000.3.1.ppc64le.rpm salt-standalone-formulas-configuration-3006.0-160000.3.1.ppc64le.rpm salt-syndic-3006.0-160000.3.1.ppc64le.rpm salt-transactional-update-3006.0-160000.3.1.ppc64le.rpm python313-salt-testsuite-3006.0-160000.3.1.ppc64le.rpm python313-salt-3006.0-160000.3.1.s390x.rpm salt-3006.0-160000.3.1.s390x.rpm salt-api-3006.0-160000.3.1.s390x.rpm salt-cloud-3006.0-160000.3.1.s390x.rpm salt-doc-3006.0-160000.3.1.s390x.rpm salt-master-3006.0-160000.3.1.s390x.rpm salt-minion-3006.0-160000.3.1.s390x.rpm salt-proxy-3006.0-160000.3.1.s390x.rpm salt-ssh-3006.0-160000.3.1.s390x.rpm salt-standalone-formulas-configuration-3006.0-160000.3.1.s390x.rpm salt-syndic-3006.0-160000.3.1.s390x.rpm salt-transactional-update-3006.0-160000.3.1.s390x.rpm python313-salt-testsuite-3006.0-160000.3.1.s390x.rpm python313-salt-3006.0-160000.3.1.x86_64.rpm salt-3006.0-160000.3.1.x86_64.rpm salt-api-3006.0-160000.3.1.x86_64.rpm salt-cloud-3006.0-160000.3.1.x86_64.rpm salt-doc-3006.0-160000.3.1.x86_64.rpm salt-master-3006.0-160000.3.1.x86_64.rpm salt-minion-3006.0-160000.3.1.x86_64.rpm salt-proxy-3006.0-160000.3.1.x86_64.rpm salt-ssh-3006.0-160000.3.1.x86_64.rpm salt-standalone-formulas-configuration-3006.0-160000.3.1.x86_64.rpm salt-syndic-3006.0-160000.3.1.x86_64.rpm salt-transactional-update-3006.0-160000.3.1.x86_64.rpm python313-salt-testsuite-3006.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-119 Security update for sssd important SUSE SLFO 1.2 This update for sssd fixes the following issues: - CVE-2025-11561: Fixed default Kerberos configuration allowing privilege escalation on AD-joined Linux systems (bsc#1244325) libipa_hbac-devel-2.9.5-160000.3.1.aarch64.rpm libipa_hbac0-2.9.5-160000.3.1.aarch64.rpm libnfsidmap-sss-2.9.5-160000.3.1.aarch64.rpm libsss_certmap-devel-2.9.5-160000.3.1.aarch64.rpm libsss_certmap0-2.9.5-160000.3.1.aarch64.rpm libsss_idmap-devel-2.9.5-160000.3.1.aarch64.rpm libsss_idmap0-2.9.5-160000.3.1.aarch64.rpm libsss_nss_idmap-devel-2.9.5-160000.3.1.aarch64.rpm libsss_nss_idmap0-2.9.5-160000.3.1.aarch64.rpm python3-ipa_hbac-2.9.5-160000.3.1.aarch64.rpm python3-sss-murmur-2.9.5-160000.3.1.aarch64.rpm python3-sss_nss_idmap-2.9.5-160000.3.1.aarch64.rpm python3-sssd-config-2.9.5-160000.3.1.aarch64.rpm sssd-2.9.5-160000.3.1.aarch64.rpm sssd-ad-2.9.5-160000.3.1.aarch64.rpm sssd-cifs-idmap-plugin-2.9.5-160000.3.1.aarch64.rpm sssd-dbus-2.9.5-160000.3.1.aarch64.rpm sssd-ipa-2.9.5-160000.3.1.aarch64.rpm sssd-kcm-2.9.5-160000.3.1.aarch64.rpm sssd-krb5-2.9.5-160000.3.1.aarch64.rpm sssd-krb5-common-2.9.5-160000.3.1.aarch64.rpm sssd-ldap-2.9.5-160000.3.1.aarch64.rpm sssd-proxy-2.9.5-160000.3.1.aarch64.rpm sssd-tools-2.9.5-160000.3.1.aarch64.rpm sssd-winbind-idmap-2.9.5-160000.3.1.aarch64.rpm libipa_hbac-devel-2.9.5-160000.3.1.ppc64le.rpm libipa_hbac0-2.9.5-160000.3.1.ppc64le.rpm libnfsidmap-sss-2.9.5-160000.3.1.ppc64le.rpm libsss_certmap-devel-2.9.5-160000.3.1.ppc64le.rpm libsss_certmap0-2.9.5-160000.3.1.ppc64le.rpm libsss_idmap-devel-2.9.5-160000.3.1.ppc64le.rpm libsss_idmap0-2.9.5-160000.3.1.ppc64le.rpm libsss_nss_idmap-devel-2.9.5-160000.3.1.ppc64le.rpm libsss_nss_idmap0-2.9.5-160000.3.1.ppc64le.rpm python3-ipa_hbac-2.9.5-160000.3.1.ppc64le.rpm python3-sss-murmur-2.9.5-160000.3.1.ppc64le.rpm python3-sss_nss_idmap-2.9.5-160000.3.1.ppc64le.rpm python3-sssd-config-2.9.5-160000.3.1.ppc64le.rpm sssd-2.9.5-160000.3.1.ppc64le.rpm sssd-ad-2.9.5-160000.3.1.ppc64le.rpm sssd-cifs-idmap-plugin-2.9.5-160000.3.1.ppc64le.rpm sssd-dbus-2.9.5-160000.3.1.ppc64le.rpm sssd-ipa-2.9.5-160000.3.1.ppc64le.rpm sssd-kcm-2.9.5-160000.3.1.ppc64le.rpm sssd-krb5-2.9.5-160000.3.1.ppc64le.rpm sssd-krb5-common-2.9.5-160000.3.1.ppc64le.rpm sssd-ldap-2.9.5-160000.3.1.ppc64le.rpm sssd-proxy-2.9.5-160000.3.1.ppc64le.rpm sssd-tools-2.9.5-160000.3.1.ppc64le.rpm sssd-winbind-idmap-2.9.5-160000.3.1.ppc64le.rpm libipa_hbac-devel-2.9.5-160000.3.1.s390x.rpm libipa_hbac0-2.9.5-160000.3.1.s390x.rpm libnfsidmap-sss-2.9.5-160000.3.1.s390x.rpm libsss_certmap-devel-2.9.5-160000.3.1.s390x.rpm libsss_certmap0-2.9.5-160000.3.1.s390x.rpm libsss_idmap-devel-2.9.5-160000.3.1.s390x.rpm libsss_idmap0-2.9.5-160000.3.1.s390x.rpm libsss_nss_idmap-devel-2.9.5-160000.3.1.s390x.rpm libsss_nss_idmap0-2.9.5-160000.3.1.s390x.rpm python3-ipa_hbac-2.9.5-160000.3.1.s390x.rpm python3-sss-murmur-2.9.5-160000.3.1.s390x.rpm python3-sss_nss_idmap-2.9.5-160000.3.1.s390x.rpm python3-sssd-config-2.9.5-160000.3.1.s390x.rpm sssd-2.9.5-160000.3.1.s390x.rpm sssd-ad-2.9.5-160000.3.1.s390x.rpm sssd-cifs-idmap-plugin-2.9.5-160000.3.1.s390x.rpm sssd-dbus-2.9.5-160000.3.1.s390x.rpm sssd-ipa-2.9.5-160000.3.1.s390x.rpm sssd-kcm-2.9.5-160000.3.1.s390x.rpm sssd-krb5-2.9.5-160000.3.1.s390x.rpm sssd-krb5-common-2.9.5-160000.3.1.s390x.rpm sssd-ldap-2.9.5-160000.3.1.s390x.rpm sssd-proxy-2.9.5-160000.3.1.s390x.rpm sssd-tools-2.9.5-160000.3.1.s390x.rpm sssd-winbind-idmap-2.9.5-160000.3.1.s390x.rpm libipa_hbac-devel-2.9.5-160000.3.1.x86_64.rpm libipa_hbac0-2.9.5-160000.3.1.x86_64.rpm libnfsidmap-sss-2.9.5-160000.3.1.x86_64.rpm libsss_certmap-devel-2.9.5-160000.3.1.x86_64.rpm libsss_certmap0-2.9.5-160000.3.1.x86_64.rpm libsss_idmap-devel-2.9.5-160000.3.1.x86_64.rpm libsss_idmap0-2.9.5-160000.3.1.x86_64.rpm libsss_nss_idmap-devel-2.9.5-160000.3.1.x86_64.rpm libsss_nss_idmap0-2.9.5-160000.3.1.x86_64.rpm python3-ipa_hbac-2.9.5-160000.3.1.x86_64.rpm python3-sss-murmur-2.9.5-160000.3.1.x86_64.rpm python3-sss_nss_idmap-2.9.5-160000.3.1.x86_64.rpm python3-sssd-config-2.9.5-160000.3.1.x86_64.rpm sssd-2.9.5-160000.3.1.x86_64.rpm sssd-ad-2.9.5-160000.3.1.x86_64.rpm sssd-cifs-idmap-plugin-2.9.5-160000.3.1.x86_64.rpm sssd-dbus-2.9.5-160000.3.1.x86_64.rpm sssd-ipa-2.9.5-160000.3.1.x86_64.rpm sssd-kcm-2.9.5-160000.3.1.x86_64.rpm sssd-krb5-2.9.5-160000.3.1.x86_64.rpm sssd-krb5-common-2.9.5-160000.3.1.x86_64.rpm sssd-ldap-2.9.5-160000.3.1.x86_64.rpm sssd-proxy-2.9.5-160000.3.1.x86_64.rpm sssd-tools-2.9.5-160000.3.1.x86_64.rpm sssd-winbind-idmap-2.9.5-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-121 Security update of valkey critical SUSE SLFO 1.2 This update for valkey fixes the following issues: Update to 8.0.6: - Security fixes: - CVE-2025-49844: Fixed that a Lua script may lead to remote code execution (bsc#1250995) - CVE-2025-46817: Fixed that a Lua script may lead to integer overflow and potential RCE (bsc#1250995) - CVE-2025-46818: Fixed that a Lua script can be executed in the context of another user (bsc#1250995) - CVE-2025-46819: Fixed LUA out-of-bound read (bsc#1250995) - Bug fixes: * Fix accounting for dual channel RDB bytes in replication stats (#2614) * Fix EVAL to report unknown error when empty error table is provided (#2229) * Fix use-after-free when active expiration triggers hashtable to shrink (#2257) * Fix MEMORY USAGE to account for embedded keys (#2290) * Fix memory leak when shrinking a hashtable without entries (#2288) * Prevent potential assertion in active defrag handling large allocations (#2353) * Prevent bad memory access when NOTOUCH client gets unblocked (#2347) * Converge divergent shard-id persisted in nodes.conf to primary's shard id (#2174) * Fix client tracking memory overhead calculation (#2360) * Fix RDB load per slot memory pre-allocation when loading from RDB snapshot (#2466) * Don't use AVX2 instructions if the CPU doesn't support it (#2571) * Fix bug where active defrag may be unable to defrag sparsely filled pages (#2656) Changes from 8.0.5: https://github.com/valkey-io/valkey/releases/tag/8.0.5 valkey-8.0.6-160000.1.1.aarch64.rpm valkey-compat-redis-8.0.6-160000.1.1.noarch.rpm valkey-devel-8.0.6-160000.1.1.aarch64.rpm valkey-8.0.6-160000.1.1.ppc64le.rpm valkey-devel-8.0.6-160000.1.1.ppc64le.rpm valkey-8.0.6-160000.1.1.s390x.rpm valkey-devel-8.0.6-160000.1.1.s390x.rpm valkey-8.0.6-160000.1.1.x86_64.rpm valkey-devel-8.0.6-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-122 Recommended update for maven-parent, maven-invoker, maven-filtering, maven-file-management, maven-doxia-sitetools, maven-doxia, maven-dependency-tree, maven-dependency-analyzer, maven-artifact-transfer, maven-archiver, xom, maven-plugin-tools, objectweb-asm, plexus-xml, plexus-velocity, plexus-sec-dispatcher, velocity-engine, plexus-languages, plexus-io, plexus-interpolation, plexus-interactivity, plexus-i18n, plexus-compiler, plexus-classworlds, plexus-cipher, plexus-build-api, maven, maven-resolver, xmvn moderate SUSE SLFO 1.2 This update for maven-parent, maven-invoker, maven-filtering, maven-file-management, maven-doxia-sitetools, maven-doxia, maven-dependency-tree, maven-dependency-analyzer, maven-artifact-transfer, maven-archiver, xom, maven-plugin-tools, plexus-xml, plexus-velocity, plexus-sec-dispatcher, velocity-engine, plexus-languages, plexus-io, plexus-interpolation, plexus-interactivity, plexus-i18n, plexus-compiler, plexus-classworlds, plexus-cipher, plexus-build-api, maven, maven-resolver, xmvn fixes the following issues: Changes in maven-parent: - Upgrade to Apache Maven parent POM version 45 * New features and improvements + Use a standard tag template for releases * Bug Fixes + Use spotless / palantirJavaFormat - 2.56.0 for all JDKs * Build + Allow manually executing release-drafter - Upgrade to Apache Maven parent POM version 44 * Breaking changes + Move snapshot repositories in a profile + Check test code by checkstyle * New features and improvements + Move snapshot repositories in a profile + Introduce property maven.site.path.suffix to allow override site path + Use v@{project.version} as tag template for releases + import KEYS history from svn + Add licenseText to modello + Update site descriptor to 2.0 + Check test code by checkstyle + Add issues templates + Accept all line endings with spotless + Enable automatic formatter when not on CI * Bug Fixes + Fix asf.yaml syntax + Skip render empty taglist report Changes in maven-invoker: - Add dependency on objectweb-asm to build with sisu 0.9.0.M4 Changes in maven-filtering: - Bogus dependency on plexus-xml (https://github.com/apache/maven-filtering/issues/286) - Upgrade to version 3.4.0 * Changes + Bump apache/maven-gh-actions-shared from 3 to 4 + Bump org.apache.maven.shared:maven-shared-components from 41 + MSHARED-1412: Allow to customize Interpolator used by filter - Add dependency on objectweb-asm to build with sisu 0.9.0.M4 Changes in maven-file-management: - Update to upstream version 3.2.0 * New features and improvements + Enable GitHub Issues + Add Release Drafter + MSHARED-1203: no longer need to shell out to create a symbolic link + Java 7 can detect symbolic links * Maintenance + Update site descriptor + Skip generating of xml reader and writer for FileSet + Use version of modello-maven-plugin from parent + Add PR Automation and Stale actions + MSHARED-1448: Refresh download page + remove duplicate tests and unneeded code + fix JUnit dependencies + MSHARED-1265: use JUnit assumptions + MSHARED-1203: use JUnit @TempDir + MSHARED-1264: Convert to JUnit5 + Add GitHub Actions setup and Dependabot * Dependency updates + Bump commons-io:commons-io from 2.18.0 to 2.19.0 + Bump org.apache.maven.shared:maven-shared-components from 43 to 44 + MSHARED-1380: Bump commons-io:commons-io from 2.17.0 to 2.18.0 + MSHARED-1381: Bump org.apache.maven.shared:maven-shared-components from 42 to 43 + MSHARED-1380: Bump commons-io:commons-io from 2.16.1 to 2.17.0 + MSHARED-1380: Bump commons-io:commons-io from 2.13.0 to 2.16.1 + MSHARED-1381: Upgrade parent pom to 42 + Bump apache/maven-gh-actions-shared from 3 to 4 + Bump org.junit:junit-bom from 5.10.1 to 5.10.2 + Bump org.junit:junit-bom from 5.10.0 to 5.10.1 + Bump org.junit:junit-bom from 5.9.3 to 5.10.0 + MSHARED-1266: upgrade commons-io 2.11.0 --> 2.13.0 + update to parent pom 39 Changes in maven-doxia-sitetools: - Add dependency on objectweb-asm to build with sisu 0.9.0.M4 Changes in maven-doxia: - Add dependency on objectweb-asm to build with sisu 0.9.0.M4 Changes in maven-dependency-tree: - Add dependency on objectweb-asm to build with sisu 0.9.0.M4 Changes in maven-dependency-analyzer: - Upgrade to upstream version 1.16.0 * New features and improvements + Enable GitHub Issues * Bug Fixes + MSHARED-47: Don't flag xml-apis:xml-apis as undeclared * Maintenance + Remove unneeded suppression * Dependency updates + Bump org.apache.maven.shared:maven-shared-components from 43 to 44 + Bump org.ow2.asm:asm from 9.7.1 to 9.8 + Bump org.assertj:assertj-bom from 3.27.2 to 3.27.3 + Bump org.assertj:assertj-bom from 3.26.3 to 3.27.2 Changes in maven-artifact-transfer: + allow building against maven 4.x and maven-resolver 2.x Changes in maven-archiver: - Upgrade to maven-archiver 3.6.5 * New features and improvements + add Java-Version entry to default MANIFEST.MF * Bug Fixes + avoid negative entry time: upgrade plexus-archiver + don't limit outputTimestamp to zip (MS DOS) range * Documentation updates + remove extra newline in code blocks + reformat descriptor description to match usual Modello-generated ones + document Java-Version entry added in #298 * Maintenance + Update site descriptor to 2.0.0 * Dependency updates + Bump org.assertj:assertj-core from 3.27.3 to 3.27.6 + Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.1 - Upgrade to maven-archiver 3.6.4 * New features and improvements + improve Reproducible Builds javadoc + Fall back on SOURCE_DATE_EPOCH if it exists * Bug Fixes + Treat empty Automatic-Module-Name as no Automatic-Module-Name at all * Maintenance + Enable GitHub Issues * Dependency updates + Bump org.apache.maven.shared:maven-shared-components from 43 to 45 + Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28 + Bump org.assertj:assertj-core from 3.26.0 to 3.27.3 Changes in xom: - Make build recipe compatible with POSIX sh. Use %autosetup. Changes in maven-plugin-tools: - Upgrade to upstream version 3.15.2 * Documentation updates + Fix run-on sentence + Update document to use Guice constructor injection + MNGSITE-529: Rename "Goals" to "Plugin Documentation" * Maintenance + Update site descriptors to 2.0 + Add support for Maven 4 PluginDescriptor.getRequiredJavaVersion() method + Cleanups dependencies + Use injection instead of Component annotation + Begin converting this plugin to Guice constructor injection + refactor: Replace Plexus AbstractLogEnabled with SLF4J + Use properties for versions in components.xml + JDK 25 build fix + MPLUGIN-543: Update to Parent 44 + Add release drafter + Add PR Automation action * Dependency updates + Bump org.jsoup:jsoup from 1.18.1 to 1.19.1 + Bump org.codehaus.plexus:plexus-testing from 1.4.0 to 1.6.1 + Bump org.codehaus.plexus:plexus-velocity from 2.2.0 to 2.3.0 + Bump net.bytebuddy:byte-buddy from 1.15.5 to 1.17.8 + Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.3 + Bump org.codehaus.plexus:plexus-java from 1.3.0 to 1.5.0 + Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.19.0 + Bump org.codehaus.plexus:plexus-classworlds from 2.8.0 to 2.9.0 + Bump org.assertj:assertj-core from 3.26.3 to 3.27.6 + Bump org.codehaus.plexus:plexus-utils from 4.0.1 to 4.0.2 + Bump asmVersion from 9.7.1 to 9.9 + Bump org.apache.velocity:velocity-engine-core from 2.4 to 2.4.1 + Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 + Bump maven3Version from 3.9.9 to 3.9.11 + Bump org.codehaus.plexus:plexus-xml from 3.0.1 to 3.0.2 + Bump org.apache.maven:maven-parent from 44 to 45 + Bump antVersion from 1.10.14 to 1.10.15 Changes in maven-plugin-tools: - Upgrade to upstream version 3.15.2 * Documentation updates + Fix run-on sentence + Update document to use Guice constructor injection + MNGSITE-529: Rename "Goals" to "Plugin Documentation" * Maintenance + Update site descriptors to 2.0 + Add support for Maven 4 PluginDescriptor.getRequiredJavaVersion() method + Cleanups dependencies + Use injection instead of Component annotation + Begin converting this plugin to Guice constructor injection + refactor: Replace Plexus AbstractLogEnabled with SLF4J + Use properties for versions in components.xml + JDK 25 build fix + MPLUGIN-543: Update to Parent 44 + Add release drafter + Add PR Automation action * Dependency updates + Bump org.jsoup:jsoup from 1.18.1 to 1.19.1 + Bump org.codehaus.plexus:plexus-testing from 1.4.0 to 1.6.1 + Bump org.codehaus.plexus:plexus-velocity from 2.2.0 to 2.3.0 + Bump net.bytebuddy:byte-buddy from 1.15.5 to 1.17.8 + Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.3 + Bump org.codehaus.plexus:plexus-java from 1.3.0 to 1.5.0 + Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.19.0 + Bump org.codehaus.plexus:plexus-classworlds from 2.8.0 to 2.9.0 + Bump org.assertj:assertj-core from 3.26.3 to 3.27.6 + Bump org.codehaus.plexus:plexus-utils from 4.0.1 to 4.0.2 + Bump asmVersion from 9.7.1 to 9.9 + Bump org.apache.velocity:velocity-engine-core from 2.4 to 2.4.1 + Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 + Bump maven3Version from 3.9.9 to 3.9.11 + Bump org.codehaus.plexus:plexus-xml from 3.0.1 to 3.0.2 + Bump org.apache.maven:maven-parent from 44 to 45 + Bump antVersion from 1.10.14 to 1.10.15 Changes in maven-plugin-tools: - Add the maven-plugin-report-plugin to the _multibuild file - Initial packaging of the maven-plugin-report-plugin 3.15.2 Changes in maven-plugin-tools: - Upgrade to upstream version 3.15.2 * Documentation updates + Fix run-on sentence + Update document to use Guice constructor injection + MNGSITE-529: Rename "Goals" to "Plugin Documentation" * Maintenance + Update site descriptors to 2.0 + Add support for Maven 4 PluginDescriptor.getRequiredJavaVersion() method + Cleanups dependencies + Use injection instead of Component annotation + Begin converting this plugin to Guice constructor injection + refactor: Replace Plexus AbstractLogEnabled with SLF4J + Use properties for versions in components.xml + JDK 25 build fix + MPLUGIN-543: Update to Parent 44 + Add release drafter + Add PR Automation action * Dependency updates + Bump org.jsoup:jsoup from 1.18.1 to 1.19.1 + Bump org.codehaus.plexus:plexus-testing from 1.4.0 to 1.6.1 + Bump org.codehaus.plexus:plexus-velocity from 2.2.0 to 2.3.0 + Bump net.bytebuddy:byte-buddy from 1.15.5 to 1.17.8 + Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.3 + Bump org.codehaus.plexus:plexus-java from 1.3.0 to 1.5.0 + Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.19.0 + Bump org.codehaus.plexus:plexus-classworlds from 2.8.0 to 2.9.0 + Bump org.assertj:assertj-core from 3.26.3 to 3.27.6 + Bump org.codehaus.plexus:plexus-utils from 4.0.1 to 4.0.2 + Bump asmVersion from 9.7.1 to 9.9 + Bump org.apache.velocity:velocity-engine-core from 2.4 to 2.4.1 + Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 + Bump maven3Version from 3.9.9 to 3.9.11 + Bump org.codehaus.plexus:plexus-xml from 3.0.1 to 3.0.2 + Bump org.apache.maven:maven-parent from 44 to 45 + Bump antVersion from 1.10.14 to 1.10.15 Changes in plexus-xml: - Update to upstream version 3.0.2 * Dependency updates + Bump org.codehaus.plexus:plexus from 19 to 20 + Bump org.codehaus.plexus:plexus from 18 to 19 + Bump org.codehaus.plexus:plexus-utils from 4.0.1 to 4.0.2 * Maintenance + Cleanup tests and drop dependency to plexus-utils Changes in plexus-velocity: - Update to version 2.3.0 * New features and improvements + Use internal Nullable annotation, allow drop sisu-inject from runtime dependencies * Maintenance + Add LICENSE file to project, fix build badge + Enhance site information + Use plexus-testing instead of direct sisu InjectedTest * Dependency updates + Override version of commons-lang3 to avoid reporting of security issues + Bump org.codehaus.plexus:plexus from 20 to 24 + Bump org.eclipse.sisu:org.eclipse.sisu.inject from 0.9.0.M3 to 0.9.0.M4 - Update to version 2.2.1 * Dependency updates + Bump org.apache.velocity:velocity-engine-core from 2.4 to 2.4.1 + Bump org.apache.velocity:velocity-engine-core from 2.3 to 2.4 + Bump org.eclipse.sisu:org.eclipse.sisu.inject from 0.9.0.M2 to 0.9.0.M3 + Bump org.codehaus.plexus:plexus from 19 to 20 + Bump org.codehaus.plexus:plexus from 18 to 19 + Bump org.codehaus.plexus:plexus from 17 to 18 + Bump org.codehaus.plexus:plexus from 16 to 17 + Bump release-drafter/release-drafter from 5 to 6 - Add dependency on objectweb-asm to build with sisu 0.9.0.M4 Changes in plexus-sec-dispatcher: - Add dependency on objectweb-asm to build with sisu 0.9.0.M4 Changes in velocity-engine: - Version 2.4.1: * Fixes + Finding the topmost method when introspecting a class should stop at the first static or accessible method found (Fixes VELOCITY-983) + Direct evaluation of VTL code via RuntimeInstance.evaluate() should update the current rendering template information for local velocimacros to be visible in string literals interpolation (Fixes VELOCITY-944) Changes in plexus-languages: - Upgrade to upstream version 1.5.0 * New features and improvements + Read only first 8 bytes of class in JavaClassfileVersion + Bump org.ow2.asm:asm from 9.6 to 9.7 - JDK 23 support + Bump org.ow2.asm:asm from 9.7 to 9.7.1 - JDK 24 support + Bump org.ow2.asm:asm from 9.7.1 to 9.8 * Maintenance + Project cleanups + Rename resources of test data + Bump release-drafter/release-drafter from 5 to 6 + Reuse plexus-pom action for CI + Disable deploy job on GitHub + Added CI for JDK 24-ea Changes in plexus-io: - Upgrade to version 3.5.1 * New features and improvements + Fix performance problem by caching unix group and user names * Dependency updates + Bump org.codehaus.plexus:plexus-testing from 1.3.0 to 1.4.0 + Bump org.codehaus.plexus:plexus from 16 to 18 + Bump org.eclipse.sisu:org.eclipse.sisu.inject from 0.9.0.M2 to 0.9.0.M3 + Bump org.codehaus.plexus:plexus-xml from 3.0.0 to 3.0.1 + Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1 + Bump commons-io:commons-io from 2.15.1 to 2.16.1 - Add dependency on objectweb-asm to build with sisu 0.9.0.M4 Changes in plexus-interpolation: - Upgrade to version 1.28 * New features and improvements + Fix #16: StringSearchInterpolator does not cache answers. + Add FeedbackingValueSource + Pass delimiter information to ValueSource + Apply spotless re-formatting Changes in plexus-interactivity: - Upgrade to version 1.4 * Changes + Bump org.jline:jline-reader from 3.25.1 to 3.29.0 + Bump org.eclipse.sisu:org.eclipse.sisu.inject from 0.9.0.M2 to 0.9.0.M3 + Apply spotless re-formatting + Bump org.codehaus.plexus:plexus from 16 to 20 + Bump release-drafter/release-drafter from 5 to 6 - Add dependency on objectweb-asm to build with sisu 0.9.0.M4 Changes in plexus-i18n: - Upgrade to 1.0.0 * no changelog provided by upstream Changes in plexus-compiler: - Upgrade to upstream release 2.15.0 * New features and improvements + Allow to override useUnsharedTable compiler argument + Lazy providers and better error reporting + Only use "-release" parameter with javac 9+ + Correctly determine the version of the underlying javac tool + Use a TreeSet instead of HashSet to get consistent ordering of results * Bug Fixes + Cleanup dependencies + Path.relativize() may throw exception if source and build directories are on different Windows drives + Fix ECJ not using annotation processor when defined via processorpath + Report "Error occurred during initialization of VM" as error * Maintenance + Bump project version to 2.15.0-SNAPSHOT + Use LocalRepositoryManager for resolving artifacts paths in tests - Add dependency on objectweb-asm to build with sisu 0.9.0.M4 Changes in plexus-classworlds: - Upgrade to version 2.9.9 * New features and improvements + refine ConfigurationParser * Dependency updates + Bump org.codehaus.plexus:plexus from 19 to 20 + Bump org.codehaus.plexus:plexus from 18 to 19 + Bump org.codehaus.plexus:plexus from 17 to 18 + Bump org.apache.maven.plugins:maven-dependency-plugin from 3.7.1 to 3.8.1 + Bump org.apache.maven.plugins:maven-dependency-plugin from 3.7.0 to 3.7.1 + Bump org.apache.maven.plugins:maven-dependency-plugin from 3.6.1 to 3.7.0 * Maintenance + Apply spotless re-formatting + Align site.xml with used schema (2.0.0) + Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.0 to 4.0.2 + Bump org.apache.logging.log4j:log4j-api from 2.20.0 to 2.23.1 + Bump org.apache.ant:ant from 1.10.13 to 1.10.14 + Bump org.codehaus.plexus:plexus from 16 to 17 Changes in plexus-cipher: - Add dependency on objectweb-asm to build with sisu 0.9.0.M4 Changes in plexus-build-api: - Add dependency on objectweb-asm to build with sisu 0.9.0.M4 Changes in maven: + Set Guice class loading to CHILD: avoid using terminally deprecated methods. Default Guice class loading uses a terminally deprecated JDK memory-access classes. - Upgrade to upstream version 3.9.11 * New features and improvements + Augment version range resolution used repositories * Bug Fixes + Deduplicate filtered dependency graph + Move ensure in boundaries of project lock * Maintenance + [MNGSITE-393] - remove references to Maven 2 + Update CONTRIBUTING after GitHub issues enabled + Enable Github Issues + [MNG-8763] - Remove name from site bannerLeft * Build + Pin GitHub action versions by hash + Build the project by JDK 21 as default + Use Maven 3.9.10 for build on GitHub - Upgrade to upstream version 3.9.10 * Bug + MNG-8096: Inconsistent dependency resolution behaviour for concurrent multi-module build can cause failures + MNG-8169: MINGW support requires --add-opens java.base/java.lang=ALL-UNNAMED + MNG-8170: Maven 3.9.8 contains weird native library for Jansi on Windows/arm64 + MNG-8211: Maven should fail builds that use CI Friendly versions but have no values set + MNG-8248: WARNING: A restricted method in java.lang.System has been called + MNG-8256: ProjectDependencyGraph bug: in case of filtering, non-direct module links are lost + MNG-8315: Failure of mvn.cmd if a .mvn directory is located at drive root + MNG-8396: Maven takes forever to resume + MNG-8711: "Duplicate artifact" in LifecycleDependencyResolver * Improvement + MNG-8370: Introduce maven.repo.local.head + MNG-8399: JDK 24+ issues warning about usage of sun.misc.Unsafe + MNG-8707: Add methods to remove compile and test source roots + MNG-8712: improve dependency version explanation: it's a requirement, not always effective version + MNG-8717: Remove maven-plugin-plugin:addPluginArtifactMetadata from default binding + MNG-8722: Use a single standalone version of asm + MNG-8731: Use https for xsi:schemaLocation in generated descriptors + MNG-8734: Simplify scripting like "get project version" cases * Task + MNG-8728: Bump Eclipse Sisu from 0.9.0.M3 to 0.9.0.M4 and use Java 24 on CI - Link also the objectweb-asm/asm to the lib directory + MNG-8177: Warning Changes in maven-resolver: - Update to upstream version 1.9.24 * New features and improvements + Metadata type out of coordinates + RFC9457 implementation + Intern context strings * Maintenance + Align plexus-util version with Maven + Align guice version with Maven + Enable Github Issues (1.9.x branch) - Build also maven-resolver-supplier package in separate spec file - Add dependency on objectweb-asm to build with sisu 0.9.0.M4 - Update to upstream version 1.9.23 * Bug + MRESOLVER-659: NPE in trusted checksum post processor if * Improvement + MRESOLVER-680: Disable checksum by default for .sigstore.json as well + MRESOLVER-703: HTTP transport should expose config for max redirects - Upgrade to upstream version 1.9.22 * Bug + MRESOLVER-572: Resolver-Supplier unusable in OSGi runtimes + MRESOLVER-574: Invalid Cookie set under proxy conditions + MRESOLVER-586: In typical setups, DefaultArtifact copies the same maps over and over again + MRESOLVER-587: Memory consumption improvements * New Feature + MRESOLVER-571: Import o.e.aether packages with the exact same version in OSGi metadata * Improvement + MRESOLVER-570: Remove excessive strictness of OSGi dependency metadata * Task + MRESOLVER-576: Allow co-release of Resolver 1.x and 2.x - Upgrade to upstream version 1.9.20 * Bug + MRESOLVER-483: PreorderNodeListGenerator bug: may print trailing ":" + MRESOLVER-522: File locking threads not entering critical region were "oversleeping" + MRESOLVER-547: BF collector always copies artifacts, even when it should not * Improvement + MRESOLVER-536: Skip setting last modified time when FS does not support it - Add dependency on plexus-xml where relevant * this will be needed for smooth upgrade to plexus-utils 4.0.0 - Upgrade to upstream version 1.9.18 * Bug + MRESOLVER-372: Sporadic AccessDeniedEx on Windows + MRESOLVER-441: Undo FileUtils changes that altered non-Windows execution path * Improvement + MRESOLVER-396: Native transport should retry on HTTP 429 (Retry-After) * Task + MRESOLVER-397: Deprecate Guice modules + MRESOLVER-405: Get rid of component name string literals, make them constants and reusable + MRESOLVER-433: Expose configuration for inhibiting Expect-Continue handshake in 1.x + MRESOLVER-435: Refresh download page + MRESOLVER-437: Resolver should not override given HTTP transport default use of expect-continue handshake - Upgrade to upstream version 1.9.15 * Bug + MRESOLVER-373: Remove lock upgrading code + MRESOLVER-375: Several key aspects are broken in provided and trusted checksum feature + MRESOLVER-376: StackOverflowError at BfDependencyCollector.processDependency + MRESOLVER-380: Lock diagnostic: attempted lock step is recorded, but on failed attempt is not removed + MRESOLVER-393: Transport HTTP does not retain last modified as sent by remote end * Improvement + MRESOLVER-220: Modify signaling for unsupported operations + MRESOLVER-382: Define local outgoing (bind) address + MRESOLVER-385: Reduce default value for aether.connector.http.connectionMaxTtl * Task + MRESOLVER-378: Update parent POM to 40 + MRESOLVER-381: Undo MRESOLVER-373 as it was fixed by other means + MRESOLVER-386: Make all injected ctors public, deprecate all def ctors + MRESOLVER-388: Transport HTTP old codec proper override - Upgrade to upstream version 1.9.12 * Bug + [MRESOLVER-371] Unjustified WARNING log added by MRESOLVER-364 + [MRESOLVER-361] Unreliable TCP and retries on upload + [MRESOLVER-357] ConflictResolver STANDARD verbosity misbehaves + [MRESOLVER-352] Duplicate METADATA_DOWNLOADING event is being sent * Improvement + [MRESOLVER-360] disable checksum by default for .sigstore in addition to .asc * New Feature + [MRESOLVER-370] Lock factory should dump lock states on failure + [MRESOLVER-353] Make aether.checksums.algorithms settable per remote repository * Task + [MRESOLVER-366] Upgrade build plugins + [MRESOLVER-364] Revert MRESOLVER-132 + [MRESOLVER-359] Make build be explicit about build time requirements + [MRESOLVER-356] Remove Guava (is unused) + [MRESOLVER-354] Document expected checksums - Upgrade to upstream version 1.9.8 * Bug + [MRESOLVER-345] Conflict resolution in verbose mode is sensitive to version ordering + [MRESOLVER-348] SslConfig httpSecurityMode change is not detected + [MRESOLVER-339] Preemptive Auth broken when default ports used + [MRESOLVER-325] [REGRESSION] Suddenly seeing I/O errors under windows aborting the build + [MRESOLVER-330] Static name mapper is unusable with file-lock factory + [MRESOLVER-314] Getting "IllegalArgumentException: Comparison method violates its general contract!" + [MRESOLVER-316] DF collector enters endless loop when collecting org.webjars.npm:musquette:1.1.1 + [MRESOLVER-298] javax.inject should be provided or optional + [MRESOLVER-305] Evaluate blocked repositories also when retrieving metadata + [MRESOLVER-309] PrefixesRemoteRepositoryFilterSource aborts the build while it should not + [MRESOLVER-313] Artifact file permissions are 0600 and not implicitly set by umask + [MRESOLVER-296] FileProcessor.write( File, InputStream ) is defunct + [MRESOLVER-292] Documented and used param names mismatch + [MRESOLVER-294] Fix JapiCmp configuration and document it + [MRESOLVER-285] File locking on Windows knows to misbehave + [MRESOLVER-246] m-deploy-p will create hashes for hashes + [MRESOLVER-265] Discrepancy between produced and recognized checksums + [MRESOLVER-241] Resolver checksum calculation should be driven by layout + [MRESOLVER-242] When no remote checksums provided by layout, transfer inevitably fails/warns + [MRESOLVER-250] Usage of descriptors map in DataPool prevents gargabe collection * New Feature + [MRESOLVER-32] Support parallel artifact/metadata uploads + [MRESOLVER-319] Support parallel deploy + [MRESOLVER-297] Chained LRM + [MRESOLVER-167] Support forcing specific repositories for artifacts + [MRESOLVER-268] Apply artifact checksum verification for any resolved artifact + [MRESOLVER-274] Introduce Remote Repository Filter feature + [MRESOLVER-275] Introduce trusted checksums source + [MRESOLVER-276] Resolver post-processor + [MRESOLVER-278] BREAKING: Introduce RepositorySystem shutdown hooks + [MRESOLVER-236] Make it possible to resolve .asc on a 'fail' respository. * Improvement + [MRESOLVER-346] Too eager locking + [MRESOLVER-347] Better connection pool configuration (reuse, max TTL, maxPerRoute) + [MRESOLVER-349] Adapter when locking should "give up and retry" + [MRESOLVER-350] Get rid of commons-lang dependency + [MRESOLVER-327] Make tranport-http obey system properties regarding proxy settings + [MRESOLVER-340] Make WebDAV "dance" disabled by default + [MRESOLVER-341] Add option for preemptive PUT Auth + [MRESOLVER-315] Implement preemptive authentication feature for transport-http + [MRESOLVER-328] The transport-http should be able to ignore cert errors + [MRESOLVER-337] Real cause when artifact not found with repository filtering + [MRESOLVER-287] Get rid of deprecated finalize methods + [MRESOLVER-317] Improvements for BF collector + [MRESOLVER-318] Cleanup redundant code and centralize executor handling + [MRESOLVER-303] Make checksum detection reusable + [MRESOLVER-290] Improve file handling resolver wide + [MRESOLVER-7] Download dependency POMs in parallel in BF collector + [MRESOLVER-266] Simplify adapter creation and align configuration for it + [MRESOLVER-269] Allow more compact storage of provided checksums + [MRESOLVER-273] Create more compact File locking layout/mapper + [MRESOLVER-284] BREAKING: Some Sisu parameters needs to be bound + [MRESOLVER-286] Improve basic connector closed state handling + [MRESOLVER-240] Using breadth-first approach to resolve Maven dependencies + [MRESOLVER-247] Avoid unnecessary dependency resolution by a Skip solution based on BFS + [MRESOLVER-248] Make DF and BF collector implementations coexist * Task + [MRESOLVER-326] Resolver transport-http should retry on failures + [MRESOLVER-331] Make DefaultTrackingFileManager write directly to tracking files + [MRESOLVER-333] Distinguish better resolver errors for artifact availability + [MRESOLVER-320] Investigate slower resolving speeds as reported by users + [MRESOLVER-291] Undo MRESOLVER-284 + [MRESOLVER-279] Simplify and improve trusted checksum sources + [MRESOLVER-281] Update configurations page with new elements + [MRESOLVER-282] Drop PartialFile + [MRESOLVER-230] Make supported checksum algorithms extensible + [MRESOLVER-231] Extend “smart checksum” feature + [MRESOLVER-234] Introduce “provided” checksums feature + [MRESOLVER-237] Make all checksum mismatches handled same + [MRESOLVER-239] Update and sanitize dependencies + [MRESOLVER-244] Deprecate FileTransformer API + [MRESOLVER-245] Isolate Hazelcast tests * Dependency upgrade + [MRESOLVER-311] Upgrade Parent to 39 + [MRESOLVER-293] Update dependencies, align with Maven + [MRESOLVER-272] Update parent POM to 37, remove plugin version overrides, update bnd + [MRESOLVER-280] Upgrade invoker, install, deploy, require maven 3.8.4+ + [MRESOLVER-251] Upgrade Redisson to 3.17.5 + [MRESOLVER-249] Update Hazelcast to 5.1.1 in named-locks-hazelcast module - Add an alias for the wagon connector - Build against the standalone JavaEE modules unconditionally - Remove the javax.annotation:javax.annotation-api dependency on distribution versions that do not incorporate the JavaEE modules - Add the glassfish-annotation-api jar to the build classpath - Upgrade to upstream version 1.7.3 * Bug + [MRESOLVER-96] - Dependency Injection fails after upgrading to Maven 3.6.2 + [MRESOLVER-153] - resolver-status.properties file is corrupted due to concurrent writes + [MRESOLVER-171] - Resolver fails when compiled on Java 9+ an run on Java 8 due to JDK API breakage + [MRESOLVER-189] - Using semaphore-redisson followed by rwlock-redisson on many parallel build of the same project triggers redisson error * New Feature + [MRESOLVER-90] - HTML content in POM: Maven should validate content before storing in local repo + [MRESOLVER-145] - Introduce more SyncContext implementations * Improvement + [MRESOLVER-103] - Replace deprecated HttpClient classes + [MRESOLVER-104] - maven-resolver-demo-maven-plugin uses reserved artifactId + [MRESOLVER-147] - Upgrade to Java 8 + [MRESOLVER-148] - Use vanilla Guice 4 instead of forked Guice 3 + [MRESOLVER-156] - Active dependency management for Google Guice/Guava + [MRESOLVER-168] - add DEBUG message when downloading an artifact from repositories + [MRESOLVER-193] - Properly type lock key names in Redis + [MRESOLVER-197] - Minors improvements (umbrella) + [MRESOLVER-204] - Add a SessionData#computeIfAbsent method + [MRESOLVER-214] - Remove clirr configuration * Task + [MRESOLVER-141] - Review index-based access to collections + [MRESOLVER-151] - Enforce a checksum policy to be provided explicitly + [MRESOLVER-152] - Perform null checks when interface contracts require it + [MRESOLVER-154] - Move SyncContextFactory interface to SPI module + [MRESOLVER-155] - Make TrackingFileManager member of DefaultUpdateCheckManager + [MRESOLVER-158] - Simplify SimpleDigest class + [MRESOLVER-159] - Mark singleton components as Sisu Singletons + [MRESOLVER-160] - Deprecate ServiceLocator + [MRESOLVER-162] - Restore binary compatibility broken by MRESOLVER-154 + [MRESOLVER-170] - Deprecate org.eclipse.aether.spi.log + [MRESOLVER-172] - Make TrackingFileManager shared singleton component + [MRESOLVER-173] - Drop deprecated AetherModule + [MRESOLVER-174] - Use all bindings in UTs and tests + [MRESOLVER-175] - Drop SyncContextFactory delegates in favor of a selector approach + [MRESOLVER-177] - Move pre-/post-processing of metadata from ResolveTask to DefaultMetadataResolver + [MRESOLVER-183] - Don't require optional dependencies for Redisson + [MRESOLVER-184] - Destroy Redisson semaphores if not used anymore + [MRESOLVER-186] - Update Maven version in Resolver Demo Snippets + [MRESOLVER-188] - Improve documentation on using the named locks with redis/hazelcast (umbrella) + [MRESOLVER-190] - [Regression] Revert MRESOLVER-184 + [MRESOLVER-191] - Document how to analyze lock issues + [MRESOLVER-196] - Document named locks configuration options + [MRESOLVER-219] - Implement NamedLock with advisory file locking + [MRESOLVER-227] - Refactor NamedLockFactorySelector to a managed component + [MRESOLVER-232] - Make SimpleNamedLockFactorySelector logic reusable * Sub-task + [MRESOLVER-198] - Replace assert by simpler but equivalent calls + [MRESOLVER-199] - Java 8 improvements + [MRESOLVER-200] - Simplify conditions with the same result and avoid extra validations + [MRESOLVER-201] - Make variables final whenever possible + [MRESOLVER-202] - Use isEmpty() instead length() <= 0 * Dependency upgrade + [MRESOLVER-185] - Upgrade Redisson to 3.15.6 * Change of API and incompatible with maven-resolver < 1.7 - Upgrade to upstream version 1.6.3 * Bug + [MRESOLVER-153] - resolver-status.properties file is corrupted due to concurrent writes + [MRESOLVER-171] - Resolver fails when compiled on Java 9+ and run on Java 8 due to JDK API breakage * Improvement + [MRESOLVER-168] - add DEBUG message when downloading an artifact from repositories * Task + [MRESOLVER-177] - Move pre-/post-processing of metadata from ResolveTask to DefaultMetadataResolver * Needed for maven 3.8.4 - Do not build/run the tests against the legacy guava20 package - Upgrade to upstream version 1.6.2 * Sub-task + [MRESOLVER-139] - Make SimpleDigest use SHA-1 or MD5 only + [MRESOLVER-140] - Default to SHA-1 and MD5 hashing algorithms * Bug + [MRESOLVER-25] - Resume support is broken under high concurrency + [MRESOLVER-114] - ArtifactNotFoundExceptions when building in parallel + [MRESOLVER-129] - Exclusion has no setters + [MRESOLVER-137] - Make OSGi bundles reproducible + [MRESOLVER-138] - MRESOLVER-56 introduces severe performance regression * New Feature + [MRESOLVER-109] - AndDependencySelector should override toString + [MRESOLVER-115] - Make checksum algorithms configurable + [MRESOLVER-123] - Provide a global locking sync context by default + [MRESOLVER-131] - Introduce a Redisson-based SyncContextFactory + [MRESOLVER-165] - Add support for mirror selector on external:http:* + [MRESOLVER-166] - Add support for blocked repositories/mirrors * Improvement + [MRESOLVER-56] - Support SHA-256 and SHA-512 as checksums + [MRESOLVER-116] - Add page with all supported configuration options + [MRESOLVER-125] - Use type conversions returning primitives + [MRESOLVER-127] - Don't use boolean for property 'aether.updateCheckManager.sessionState' + [MRESOLVER-136] - Migrate from maven-bundle-plugin to bnd-maven-plugin * Task + [MRESOLVER-119] - Turn log messages to SLF4J placeholders + [MRESOLVER-130] - Move GlobalSyncContextFactory to a separate module + [MRESOLVER-132] - Remove synchronization in TrackingFileManager * Dependency upgrade + [MRESOLVER-105] - Update Plexus Components + [MRESOLVER-106] - Update HttpComponents + [MRESOLVER-107] - Update Wagon Provider API to 3.4.0 + [MRESOLVER-108] - Update mockito-core to 2.28.2 + [MRESOLVER-117] - Upgrade SLF4J to 1.7.30 + [MRESOLVER-118] - Upgrade Sisu Components to 0.3.4 * Needed for maven 3.8.x - Set buildshell to bash for "<<<". - Upgrade to upstream version 1.4.2 * Bug: + MRESOLVER-38 – SOE/OOME in DefaultDependencyNode.accept * Improvements: + MRESOLVER-93 – PathRecordingDependencyVisitor to handle 3 cycles + MRESOLVER-102 – make build Reproducible - Upgrade to upstream version 1.4.1 * Task + [MRESOLVER-92] - Revert MRESOLVER-7 * Bug + [MRESOLVER-86] - ResolveArtifactMojo from resolver example uses plugin repositories to resolve dependencies * New Feature + [MRESOLVER-10] - New 'TransitiveDependencyManager' supporting transitive dependency management + [MRESOLVER-33] - New 'DefaultDependencyManager' managing dependencies on all levels supporting transitive dependency management * Improvement + [MRESOLVER-7] - Download dependency POMs in parallel + [MRESOLVER-84] - Add support for "release" qualifier + [MRESOLVER-87] - Refresh examples to use maven-resolver artifacts for demo + [MRESOLVER-88] - Code style cleanup to use Java 7 features - Initial packaging of maven-resolver 1.3.1 - Generate and customize the ant build files Changes in maven-resolver: - Update to upstream version 1.9.24 * New features and improvements + Metadata type out of coordinates + RFC9457 implementation + Intern context strings * Maintenance + Align plexus-util version with Maven + Align guice version with Maven + Enable Github Issues (1.9.x branch) - Build also maven-resolver-supplier package in separate spec file - Add dependency on objectweb-asm to build with sisu 0.9.0.M4 - Update to upstream version 1.9.23 * Bug + MRESOLVER-659: NPE in trusted checksum post processor if * Improvement + MRESOLVER-680: Disable checksum by default for .sigstore.json as well + MRESOLVER-703: HTTP transport should expose config for max redirects Changes in xmvn: - Add dependency on objectweb-asm to build with sisu 0.9.0.M4 Changes in objectweb-asm: - Upgrade to version 9.9 * new Opcodes.V26 constant for Java 26 * new mapInvokeDynamicMethodName method in Remapper. Old method deprecated. New Remapper constructor, with an api parameter. * bug fixes + 318028: Textifier misinterprets ACC_SUPER of inner classes as ACC_SYNCHRONIZED + 318032: FIPS 140-3 and SerialVersionUIDAdder's SHA-1 Use + 318034: Many ASM contents lack API detection. - Upgrade to version 9.8 * new Opcodes.V25 constant for Java 25 * bug fixes + Fix one more copy operation on DUP2 + 318015: Valid bytecode for jvm, but failed to pass the CheckClassAdapter. + `ASMifier` should print calls to `valueOf` instead of deprecated constructors of primitive wrappers Changes in plexus-archiver: - Upgrade to upstream version 4.10.2 * New features and improvements + Utilize VT if possible * Bug Fixes + check minimum timestamp: avoid negative Zip 5455 Extended Timestamp * Maintenance + Cleanups of using deprecated methods + symLinks:Enhance the compatibility of regen.sh + Apply spotless re-formatting - Add dependency on objectweb-asm to build with sisu 0.9.0.M4 Changes in maven-surefire: - Upgrade to 3.5.4 * New features and improvements + Name the shutdown hook + Implement fail-fast behavior for JUnit Platform provider + Create a single LauncherSession for invocations of JUnitPlatformProvider * Bug Fixes * SUREFIRE-2298: fix xml output with junit 5 nested classes (fix integration with Cucumber and Archunit) * Maintenance + feat: enable prevent branch protection rules + Get rid of plexus-annotations + Remove maven-changes-plugin + Enable GitHub Issues - Add dependency on objectweb-asm to build with sisu 0.9.0.M4 - Upgrade to 3.5.3 * Bug + SUREFIRE-1643: JUnit 5 in parallel execution mode confuses Surefire reports + SUREFIRE-1737: Disabling the JUnit5Xml30StatelessReporter has no effect + SUREFIRE-1751: Surefire report shows flaky tests as failures + SUREFIRE-2289: FailsafeSummary.toRunResult throws a raw exception Changes in maven-compiler-plugin: - Upgrade to upstream release 3.14.1 * New features and improvements + Improve DeltaList behavior for large projects + Allow to not use --module-version for the Java compiler * Bug Fixes + Add generatedSourcesPath back to the maven project + MCOMPILER-538: Do not add target/generated-sources/annotations to the source roots * Dependency updates + Enforce asm version used here, to not depend on brittle transitive + Bump mavenVersion from 3.9.9 to 3.9.11 + Bump org.apache.maven.plugins:maven-plugins from 43 to 45 + Bump org.codehaus.plexus:plexus-java from 1.4.0 to 1.5.0 Changes in maven-javadoc-plugin: - Upgrade to upstream version 3.12.0 * Breaking changes + remove fix mojo + detectOfflineLinks is now false per default for all jar mojo issue #1258 * Bug Fixes + Fix legacyMode + Fix package {...} does not exist in legacyMode + Ensure UTF-8 charset is used to avoid IllegalArgumentException: Null charset name + Remove Javadoc 1.4+ / -1.1 switch related warning * Maintenance + protect 3.8.x branch + feat: enable prevent branch protection rules - Upgrade to upstream version 3.11.3 * Removed + Remove workaround for long patched CVE in javadoc * New features and improvements + Issue #369 Support --no-fonts option per default for jdk 23+ * Bug Fixes + Make the legacyMode consistent (Filter out all of the module-info.java files in legacy mode, do not use --source-path in legacy mode) + MJAVADOC-826: Don't try to modify project source roots * Documentation updates + Correct javadoc-no-fork description on index-page + MNGSITE-529: Rename "Goals" to "Plugin Documentation" + (doc) Close links tag in links parameter javadoc example * Maintenance + Be consistent about data encoding when copying files + Clean up JavadocUtilTest + Use Java 7 relativization instead of hand-rolled code + Rephrase source code fix interactive messages for clarity + Reduce non-debug logging + Delete duplicate @throws clause + Use Java 7 relativization instead of our hand-rolled code + Clean up comments and argument names + Issue #378 Cleanup of code related to old non supported Java version + Cure deprecation warning + MJAVADOC-773: deprecate toRelative + Issue #373 Fix JDK 23 build + Fix aggregate Javadoc typo + Enable GH issues + MJAVADOC-825: Prefer NullPointerExceptions for null arguments - Add dependency on objectweb-asm to build with sisu 0.9.0.M4 Changes in maven-assembly-plugin: Update to version 3.7.1 * Bug + MASSEMBLY-1020: Cannot invoke "java.io.File.isFile()" because "this.inputFile" is null + MASSEMBLY-1021: Nullpointer in assembly:single when upgrading to 3.7.0 + MASSEMBLY-1022: Unresolved artifacts should be not processed - Changes of 3.7.0 * Bug + MASSEMBLY-967: maven-assembly-plugin doesn't add target/class artifacts in generated jarfat but META-INF/MANIFEST.MF seems to be correct + MASSEMBLY-994: Items from unpacked dependency are not refreshed + MASSEMBLY-998: Transitive dependencies are not properly excluded as of 3.1.1 + MASSEMBLY-1008: Assembly plugin handles scopes wrongly + MASSEMBLY-1018: Fix examples about useStrictFiltering * New Feature + MASSEMBLY-992: Facility to define assembly descriptor in body of POM * Improvement + MASSEMBLY-1007: Upgrade maven-plugin parent to 41 + MASSEMBLY-1016: clarify and fix plugin system requirements history + MASSEMBLY-1017: Don't use deprecated methods in code * Task + MASSEMBLY-991: XSDs for 2.2.0 missing from Maven Project Web Site + MASSEMBLY-1000: ITs - cleanups, refresh plugins versions + MASSEMBLY-1003: Remove unused remoteRepositories + MASSEMBLY-1004: Remove ignored and deprecated parameter - useJvmChmod + MASSEMBLY-1010: Use IOUtils from commons-io instead of plexus + MASSEMBLY-1013: Code cleanups Changes in maven-bundle-plugin: - remove patch that is fixed in maven-archiver Changes in maven-dependency-plugin: - Upgrade to version 3.9.0 * New features and improvements + Use Resolver API in go-offline for dependencies resolving + Use Resolver API in go-offline for plugins resolving + Fixes #1522, add render-dependencies mojo + Use Resolver API in resolve-plugin + MDEP-964: unconditionally ignore dependencies known to be loaded by reflection + Update maven-dependency-analyzer to support Java24 + MDEP-972: copy-dependencies: copy signatures alongside artifacts + MDEP-776: Warn when multiple dependencies have the same file name + MDEP-966: Migrate AnalyzeDepMgt to Sisu + MDEP-957: By default, don't report slf4j-simple as unused * Bug Fixes + ProjectBuildingRequest should not be modified + Fix: markersDirectory is not working when unpack goal is executed from command line + Fix broken link for analyze-exclusions-mojo on usage-page + MDEP-839: Avoid extra blank lines in file + Update collect URL + MDEP-689: Fixes ignored dependency filtering in go-offline goal + MDEP-960: Repair silent logging * Documentation updates + MDEP-933: Document dependency tree output formats + Add additional comment to clarify the minimal supported version of outputing dependency tree in JSON fromat. + MNGSITE-529: Rename "Goals" to "Plugin Documentation" + Unix file separators * Maintenance + Simplify usage of RepositoryManager and DependencyResolver + Use Resolver API in copy and unpack + Update site descriptor to 2.0.0 + Enable prevent branch protection rules + Fix [MDEP-931: Replace PrintWriter with Writer in AbstractSerializing Visitor and subclasses + Cleanups dependencies + Copy edit parameter descriptions + Small Javadoc clarifications + MDEP-967: Change info to debug logging in AbstractFromConfigurationMojo + fix: remove duplicate maven-resolver-api and maven-resolver-util dependencies in pom.xml + Enable GH issues + Remove redundant/unneeded code + Add PR Automation and Stale actions + Keep files in temporary directory to be deleted after test + Drop unnecessary call + Avoid deprecated ArtifactFactory + MDEP-966: Convert remaining Mojos to Guice injection + MDEP-966: Convert Analyze Mojos to Guice constructor injection + MDEP-966: Prefer Guice injection + MDEP-966: Migrate TreeMojo/CopyMojo/AnalyzeExclusionsMojo/ /UnpackMojo/CopyDependenciesMojo from Plexus to Sisu Guice + MDEP-966: @component --> @Inject for DisplayAncestorsMojo + Fixing flaky test in TestCopyDependenciesMojo + MNG-2961: Remove workaround for fixed bug * Build + Build by Maven 4 * Dependency updates + Bump Maven in dependencies to 3.9.11 + Bump commons-io:commons-io from 2.16.1 to 2.20.0 + Bump jettyVersion from 9.4.56.v20240826 to 9.4.58.v20250814 + Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.19.0 + Bump org.apache.maven.plugins:maven-plugins from 43 to 45 + Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0 + Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.1 + Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 + Bump org.jsoup:jsoup from 1.18.1 to 1.21.2 + MDEP-963: Bump org.apache.maven.shared:maven-dependency-analyzer from 1.15.0 to 1.15.1 Changes in maven-invoker-plugin: - Upgrade to upstream version 3.9.1 * Documentation updates + Add note about cloneProjectsTo being required for filtering * Maintenance + Use constant 3.6.3 in prerequisites/maven as minimal Maven version + Enable GH Issues + MNGSITE-529: Rename "Goals" to "Plugin Documentation" + Switch to Guice constructor injection + Specify UTF-8 when reading build log + Make utility class static * Build + Enable build by Maven 4 on GitHub * Dependency updates + Bump commons-beanutils:commons-beanutils from 1.9.4 to 1.11.0 + Bump commons-codec:commons-codec from 1.17.1 to 1.18.0 + Bump commons-io:commons-io from 2.18.0 to 2.19.0 + Bump mavenVersion from 3.6.3 to 3.9.10 + Bump org.apache.groovy:groovy-bom from 4.0.24 to 4.0.27 + Bump org.apache.maven.plugins:maven-plugins from 43 to 45 + Bump org.assertj:assertj-core from 3.26.3 to 3.27.3 + Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28 Changes in plexus-archiver: - Upgrade to upstream version 4.10.2 * New features and improvements + Utilize VT if possible * Bug Fixes + check minimum timestamp: avoid negative Zip 5455 Extended Timestamp * Maintenance + Cleanups of using deprecated methods + symLinks:Enhance the compatibility of regen.sh + Apply spotless re-formatting jaxb-api-4.0.0-160000.1.1.noarch.rpm jaxb-api-javadoc-4.0.0-160000.1.1.noarch.rpm maven-archiver-3.6.5-160000.1.1.noarch.rpm maven-archiver-javadoc-3.6.5-160000.1.1.noarch.rpm maven-artifact-transfer-0.13.1-160000.3.1.noarch.rpm maven-artifact-transfer-javadoc-0.13.1-160000.3.1.noarch.rpm maven-assembly-plugin-3.7.1-160000.1.1.noarch.rpm maven-assembly-plugin-javadoc-3.7.1-160000.1.1.noarch.rpm maven-bundle-plugin-5.1.9-160000.3.1.noarch.rpm maven-bundle-plugin-javadoc-5.1.9-160000.3.1.noarch.rpm maven-compiler-plugin-3.14.1-160000.1.1.noarch.rpm maven-compiler-plugin-javadoc-3.14.1-160000.1.1.noarch.rpm maven-compiler-plugin-bootstrap-3.14.1-160000.1.1.noarch.rpm maven-dependency-analyzer-1.16.0-160000.1.1.noarch.rpm maven-dependency-analyzer-javadoc-1.16.0-160000.1.1.noarch.rpm maven-dependency-tree-3.2.1-160000.3.1.noarch.rpm maven-dependency-tree-javadoc-3.2.1-160000.3.1.noarch.rpm maven-doxia-core-2.0.0-160000.3.1.noarch.rpm maven-doxia-javadoc-2.0.0-160000.3.1.noarch.rpm maven-doxia-module-apt-2.0.0-160000.3.1.noarch.rpm maven-doxia-module-fml-2.0.0-160000.3.1.noarch.rpm maven-doxia-module-xdoc-2.0.0-160000.3.1.noarch.rpm maven-doxia-module-xhtml5-2.0.0-160000.3.1.noarch.rpm maven-doxia-sink-api-2.0.0-160000.3.1.noarch.rpm maven-doxia-test-docs-2.0.0-160000.3.1.noarch.rpm maven-doxia-sitetools-2.0.0-160000.3.1.noarch.rpm maven-doxia-sitetools-javadoc-2.0.0-160000.3.1.noarch.rpm maven-file-management-3.2.0-160000.1.1.noarch.rpm maven-file-management-javadoc-3.2.0-160000.1.1.noarch.rpm maven-filtering-3.4.0-160000.1.1.noarch.rpm maven-filtering-javadoc-3.4.0-160000.1.1.noarch.rpm maven-invoker-3.3.0-160000.3.1.noarch.rpm maven-invoker-javadoc-3.3.0-160000.3.1.noarch.rpm maven-invoker-plugin-3.9.1-160000.1.1.noarch.rpm maven-invoker-plugin-javadoc-3.9.1-160000.1.1.noarch.rpm maven-jar-plugin-3.5.0-160000.1.1.noarch.rpm maven-jar-plugin-javadoc-3.5.0-160000.1.1.noarch.rpm maven-jar-plugin-bootstrap-3.5.0-160000.1.1.noarch.rpm maven-javadoc-plugin-3.12.0-160000.1.1.noarch.rpm maven-javadoc-plugin-javadoc-3.12.0-160000.1.1.noarch.rpm maven-javadoc-plugin-bootstrap-3.12.0-160000.1.1.noarch.rpm maven-3.9.11-160000.1.1.aarch64.rpm maven-javadoc-3.9.11-160000.1.1.noarch.rpm maven-lib-3.9.11-160000.1.1.aarch64.rpm maven-parent-45-160000.1.1.noarch.rpm maven-plugin-plugin-bootstrap-3.15.2-160000.1.1.noarch.rpm maven-plugin-plugin-3.15.2-160000.1.1.noarch.rpm maven-plugin-plugin-javadoc-3.15.2-160000.1.1.noarch.rpm maven-plugin-report-plugin-3.15.2-160000.1.1.noarch.rpm maven-plugin-report-plugin-javadoc-3.15.2-160000.1.1.noarch.rpm maven-plugin-annotations-3.15.2-160000.1.1.noarch.rpm maven-plugin-tools-annotations-3.15.2-160000.1.1.noarch.rpm maven-plugin-tools-ant-3.15.2-160000.1.1.noarch.rpm maven-plugin-tools-api-3.15.2-160000.1.1.noarch.rpm maven-plugin-tools-beanshell-3.15.2-160000.1.1.noarch.rpm maven-plugin-tools-generators-3.15.2-160000.1.1.noarch.rpm maven-plugin-tools-java-3.15.2-160000.1.1.noarch.rpm maven-plugin-tools-javadoc-3.15.2-160000.1.1.noarch.rpm maven-plugin-tools-model-3.15.2-160000.1.1.noarch.rpm maven-script-ant-3.15.2-160000.1.1.noarch.rpm maven-script-beanshell-3.15.2-160000.1.1.noarch.rpm maven-resolver-supplier-1.9.24-160000.1.1.noarch.rpm maven-resolver-supplier-javadoc-1.9.24-160000.1.1.noarch.rpm maven-resolver-1.9.24-160000.1.1.noarch.rpm maven-resolver-api-1.9.24-160000.1.1.noarch.rpm maven-resolver-connector-basic-1.9.24-160000.1.1.noarch.rpm maven-resolver-impl-1.9.24-160000.1.1.noarch.rpm maven-resolver-javadoc-1.9.24-160000.1.1.noarch.rpm maven-resolver-named-locks-1.9.24-160000.1.1.noarch.rpm maven-resolver-spi-1.9.24-160000.1.1.noarch.rpm maven-resolver-test-util-1.9.24-160000.1.1.noarch.rpm maven-resolver-transport-classpath-1.9.24-160000.1.1.noarch.rpm maven-resolver-transport-file-1.9.24-160000.1.1.noarch.rpm maven-resolver-transport-http-1.9.24-160000.1.1.noarch.rpm maven-resolver-transport-wagon-1.9.24-160000.1.1.noarch.rpm maven-resolver-util-1.9.24-160000.1.1.noarch.rpm maven-failsafe-plugin-bootstrap-3.5.4-160000.1.1.noarch.rpm maven-surefire-3.5.4-160000.1.1.noarch.rpm maven-surefire-javadoc-3.5.4-160000.1.1.noarch.rpm maven-surefire-plugin-bootstrap-3.5.4-160000.1.1.noarch.rpm maven-surefire-provider-junit-3.5.4-160000.1.1.noarch.rpm maven-surefire-provider-testng-3.5.4-160000.1.1.noarch.rpm maven-surefire-report-parser-3.5.4-160000.1.1.noarch.rpm maven-surefire-report-plugin-bootstrap-3.5.4-160000.1.1.noarch.rpm maven-failsafe-plugin-3.5.4-160000.1.1.noarch.rpm maven-surefire-plugin-3.5.4-160000.1.1.noarch.rpm maven-surefire-plugins-javadoc-3.5.4-160000.1.1.noarch.rpm maven-surefire-report-plugin-3.5.4-160000.1.1.noarch.rpm maven-surefire-provider-junit5-3.5.4-160000.1.1.noarch.rpm maven-surefire-provider-junit5-javadoc-3.5.4-160000.1.1.noarch.rpm objectweb-asm-9.9-160000.1.1.noarch.rpm objectweb-asm-javadoc-9.9-160000.1.1.noarch.rpm plexus-archiver-4.10.2-160000.1.1.noarch.rpm plexus-archiver-javadoc-4.10.2-160000.1.1.noarch.rpm plexus-build-api-1.2.0-160000.3.1.noarch.rpm plexus-build-api-javadoc-1.2.0-160000.3.1.noarch.rpm plexus-cipher-2.1.0-160000.3.1.noarch.rpm plexus-cipher-javadoc-2.1.0-160000.3.1.noarch.rpm plexus-classworlds-2.9.0-160000.1.1.noarch.rpm plexus-classworlds-javadoc-2.9.0-160000.1.1.noarch.rpm plexus-compiler-2.15.0-160000.1.1.noarch.rpm plexus-compiler-extras-2.15.0-160000.1.1.noarch.rpm plexus-compiler-javadoc-2.15.0-160000.1.1.noarch.rpm plexus-i18n-1.0.0-160000.1.1.noarch.rpm plexus-i18n-javadoc-1.0.0-160000.1.1.noarch.rpm plexus-interactivity-api-1.4-160000.1.1.noarch.rpm plexus-interactivity-javadoc-1.4-160000.1.1.noarch.rpm plexus-interpolation-1.28-160000.1.1.noarch.rpm plexus-interpolation-javadoc-1.28-160000.1.1.noarch.rpm plexus-io-3.5.1-160000.1.1.noarch.rpm plexus-io-javadoc-3.5.1-160000.1.1.noarch.rpm plexus-languages-1.5.0-160000.1.1.noarch.rpm plexus-languages-javadoc-1.5.0-160000.1.1.noarch.rpm plexus-sec-dispatcher-2.0-160000.3.1.noarch.rpm plexus-sec-dispatcher-javadoc-2.0-160000.3.1.noarch.rpm plexus-velocity-2.3.0-160000.1.1.noarch.rpm plexus-velocity-javadoc-2.3.0-160000.1.1.noarch.rpm plexus-xml-3.0.2-160000.1.1.noarch.rpm plexus-xml-javadoc-3.0.2-160000.1.1.noarch.rpm velocity-engine-core-2.4.1-160000.1.1.noarch.rpm velocity-engine-core-javadoc-2.4.1-160000.1.1.noarch.rpm velocity-custom-parser-example-2.4.1-160000.1.1.noarch.rpm velocity-engine-examples-2.4.1-160000.1.1.noarch.rpm velocity-engine-javadoc-2.4.1-160000.1.1.noarch.rpm velocity-engine-parent-2.4.1-160000.1.1.noarch.rpm velocity-engine-scripting-2.4.1-160000.1.1.noarch.rpm xmvn-4.3.0-160000.3.1.aarch64.rpm xmvn-minimal-4.3.0-160000.3.1.aarch64.rpm xmvn-connector-4.3.0-160000.3.1.noarch.rpm xmvn-connector-javadoc-4.3.0-160000.3.1.noarch.rpm xmvn-mojo-4.3.0-160000.3.1.noarch.rpm xmvn-mojo-javadoc-4.3.0-160000.3.1.noarch.rpm xmvn-parent-4.3.0-160000.3.1.noarch.rpm xmvn-api-4.3.0-160000.3.1.noarch.rpm xmvn-core-4.3.0-160000.3.1.noarch.rpm xmvn-install-4.3.0-160000.3.1.noarch.rpm xmvn-resolve-4.3.0-160000.3.1.noarch.rpm xmvn-subst-4.3.0-160000.3.1.noarch.rpm xmvn-tools-javadoc-4.3.0-160000.3.1.noarch.rpm xom-1.3.9-160000.3.1.noarch.rpm xom-demo-1.3.9-160000.3.1.noarch.rpm xom-javadoc-1.3.9-160000.3.1.noarch.rpm maven-3.9.11-160000.1.1.ppc64le.rpm maven-lib-3.9.11-160000.1.1.ppc64le.rpm xmvn-4.3.0-160000.3.1.ppc64le.rpm xmvn-minimal-4.3.0-160000.3.1.ppc64le.rpm maven-3.9.11-160000.1.1.s390x.rpm maven-lib-3.9.11-160000.1.1.s390x.rpm xmvn-4.3.0-160000.3.1.s390x.rpm xmvn-minimal-4.3.0-160000.3.1.s390x.rpm maven-3.9.11-160000.1.1.x86_64.rpm maven-lib-3.9.11-160000.1.1.x86_64.rpm xmvn-4.3.0-160000.3.1.x86_64.rpm xmvn-minimal-4.3.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-123 Recommended update for elemental-register, elemental-toolkit, elemental-system-agent, elemental moderate SUSE SLFO 1.2 This update for elemental-register, elemental-toolkit, elemental-system-agent, elemental fixes the following issues: Changes in elemental-register: - Upgrade to v1.8.0: Add policycoreutils-python-utils (bsc#1240623) Include an empty /etc/machine-id file (bsc#1239623) elemental-register-1.8.0-160000.1.1.aarch64.rpm elemental-support-1.8.0-160000.1.1.aarch64.rpm elemental-toolkit-2.3.1-160000.1.1.aarch64.rpm elemental-system-agent-0.3.13-160000.1.1.aarch64.rpm elemental-2.3.0-160000.1.1.noarch.rpm elemental-updater-2.3.0-160000.1.1.noarch.rpm elemental-toolkit-2.3.1-160000.1.1.ppc64le.rpm elemental-system-agent-0.3.13-160000.1.1.ppc64le.rpm elemental-toolkit-2.3.1-160000.1.1.s390x.rpm elemental-system-agent-0.3.13-160000.1.1.s390x.rpm elemental-register-1.8.0-160000.1.1.x86_64.rpm elemental-support-1.8.0-160000.1.1.x86_64.rpm elemental-toolkit-2.3.1-160000.1.1.x86_64.rpm elemental-system-agent-0.3.13-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-124 Recommended update for libzypp critical SUSE SLFO 1.2 This update for libzypp fixes the following issues: Changes in libzypp: - runposttrans: strip root prefix from tmppath (bsc#1250343) - fixup! Make ld.so ignore the subarch packages during install (bsc#1246912) - version 17.37.18 libzypp-17.37.18-160000.1.1.aarch64.rpm libzypp-devel-17.37.18-160000.1.1.aarch64.rpm libzypp-devel-doc-17.37.18-160000.1.1.aarch64.rpm libzypp-17.37.18-160000.1.1.ppc64le.rpm libzypp-devel-17.37.18-160000.1.1.ppc64le.rpm libzypp-devel-doc-17.37.18-160000.1.1.ppc64le.rpm libzypp-17.37.18-160000.1.1.s390x.rpm libzypp-devel-17.37.18-160000.1.1.s390x.rpm libzypp-devel-doc-17.37.18-160000.1.1.s390x.rpm libzypp-17.37.18-160000.1.1.x86_64.rpm libzypp-devel-17.37.18-160000.1.1.x86_64.rpm libzypp-devel-doc-17.37.18-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-125 Recommended update for valgrind moderate SUSE SLFO 1.2 This update for valgrind fixes the following issues: - update to 3.25.1: * Incorrect NAN-boxing for float registers in RISC-V * close_range syscalls started failing with 3.25.0 * mount syscall param filesystemtype may be NULL * FILE DESCRIPTORS banner shows when closing some inherited fds * FreeBSD: missing syscall wrappers for fchroot and setcred * Double close causes SEGV * The valgrind gdbserver now supports the GDB remote protocol packet 'x addr,len' (available in GDB release greater than or equal to 16). * Valgrind now supports zstd compressed debug sections. * The Linux Test Project (ltp) is integrated in the testsuite try 'make ltpchecks' * Added RISCV64 support for Linux. Specifically for the RV64GC instruction set. * Numerous bug fixes for Illumos, in particular fixed a Valgrind crash whenever a signal handler was called. * The --track-fds=yes and --track-fds=all options now treat all inherited file descriptors the same as 0, 1, 2 * A new option --modify-fds=high can be used together with --track-fds=yes to create new file descriptors with the highest possible number (and then decreasing) instead of always using the lowest possible number * There is a change to warnings about calls to pthread_cond_signal and pthread_cond_broadcast when the associated mutex is unlocked. - Add support for IBM z17 (jsc#PED-13403) valgrind-3.25.1-160000.1.1.aarch64.rpm valgrind-devel-3.25.1-160000.1.1.aarch64.rpm valgrind-client-headers-3.25.1-160000.1.1.noarch.rpm valgrind-3.25.1-160000.1.1.ppc64le.rpm valgrind-devel-3.25.1-160000.1.1.ppc64le.rpm valgrind-3.25.1-160000.1.1.s390x.rpm valgrind-32bit-3.25.1-160000.1.1.s390x.rpm valgrind-devel-3.25.1-160000.1.1.s390x.rpm valgrind-3.25.1-160000.1.1.x86_64.rpm valgrind-32bit-3.25.1-160000.1.1.x86_64.rpm valgrind-devel-3.25.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-126 Recommended update for lz4 moderate SUSE SLFO 1.2 This update for lz4 fixes the following issues: - align rpm changelog with sle15 and do not ignore test suite result liblz4-1-1.10.0-160000.3.1.aarch64.rpm liblz4-devel-1.10.0-160000.3.1.aarch64.rpm lz4-1.10.0-160000.3.1.aarch64.rpm liblz4-1-1.10.0-160000.3.1.ppc64le.rpm liblz4-devel-1.10.0-160000.3.1.ppc64le.rpm lz4-1.10.0-160000.3.1.ppc64le.rpm liblz4-1-1.10.0-160000.3.1.s390x.rpm liblz4-devel-1.10.0-160000.3.1.s390x.rpm lz4-1.10.0-160000.3.1.s390x.rpm liblz4-1-1.10.0-160000.3.1.x86_64.rpm liblz4-1-x86-64-v3-1.10.0-160000.3.1.x86_64.rpm liblz4-devel-1.10.0-160000.3.1.x86_64.rpm lz4-1.10.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-127 Security update for avahi moderate SUSE SLFO 1.2 This update for avahi fixes the following issues: - CVE-2024-52615: Fixed DNS spoofing (bsc#1233421) avahi-0.8-160000.3.1.aarch64.rpm avahi-autoipd-0.8-160000.3.1.aarch64.rpm avahi-compat-howl-devel-0.8-160000.3.1.aarch64.rpm avahi-compat-mDNSResponder-devel-0.8-160000.3.1.aarch64.rpm avahi-lang-0.8-160000.3.1.noarch.rpm avahi-utils-0.8-160000.3.1.aarch64.rpm libavahi-client3-0.8-160000.3.1.aarch64.rpm libavahi-common3-0.8-160000.3.1.aarch64.rpm libavahi-core7-0.8-160000.3.1.aarch64.rpm libavahi-devel-0.8-160000.3.1.aarch64.rpm libavahi-libevent1-0.8-160000.3.1.aarch64.rpm libdns_sd-0.8-160000.3.1.aarch64.rpm libhowl0-0.8-160000.3.1.aarch64.rpm python313-avahi-0.8-160000.3.1.aarch64.rpm libavahi-qt6-1-0.8-160000.3.1.aarch64.rpm libavahi-qt6-devel-0.8-160000.3.1.aarch64.rpm avahi-utils-gtk-0.8-160000.3.1.aarch64.rpm libavahi-glib-devel-0.8-160000.3.1.aarch64.rpm libavahi-glib1-0.8-160000.3.1.aarch64.rpm libavahi-gobject-devel-0.8-160000.3.1.aarch64.rpm libavahi-gobject0-0.8-160000.3.1.aarch64.rpm libavahi-ui-gtk3-0-0.8-160000.3.1.aarch64.rpm python3-avahi-gtk-0.8-160000.3.1.aarch64.rpm typelib-1_0-Avahi-0_6-0.8-160000.3.1.aarch64.rpm avahi-0.8-160000.3.1.ppc64le.rpm avahi-autoipd-0.8-160000.3.1.ppc64le.rpm avahi-compat-howl-devel-0.8-160000.3.1.ppc64le.rpm avahi-compat-mDNSResponder-devel-0.8-160000.3.1.ppc64le.rpm avahi-utils-0.8-160000.3.1.ppc64le.rpm libavahi-client3-0.8-160000.3.1.ppc64le.rpm libavahi-common3-0.8-160000.3.1.ppc64le.rpm libavahi-core7-0.8-160000.3.1.ppc64le.rpm libavahi-devel-0.8-160000.3.1.ppc64le.rpm libavahi-libevent1-0.8-160000.3.1.ppc64le.rpm libdns_sd-0.8-160000.3.1.ppc64le.rpm libhowl0-0.8-160000.3.1.ppc64le.rpm python313-avahi-0.8-160000.3.1.ppc64le.rpm libavahi-qt6-1-0.8-160000.3.1.ppc64le.rpm libavahi-qt6-devel-0.8-160000.3.1.ppc64le.rpm avahi-utils-gtk-0.8-160000.3.1.ppc64le.rpm libavahi-glib-devel-0.8-160000.3.1.ppc64le.rpm libavahi-glib1-0.8-160000.3.1.ppc64le.rpm libavahi-gobject-devel-0.8-160000.3.1.ppc64le.rpm libavahi-gobject0-0.8-160000.3.1.ppc64le.rpm libavahi-ui-gtk3-0-0.8-160000.3.1.ppc64le.rpm python3-avahi-gtk-0.8-160000.3.1.ppc64le.rpm typelib-1_0-Avahi-0_6-0.8-160000.3.1.ppc64le.rpm avahi-0.8-160000.3.1.s390x.rpm avahi-autoipd-0.8-160000.3.1.s390x.rpm avahi-compat-howl-devel-0.8-160000.3.1.s390x.rpm avahi-compat-mDNSResponder-devel-0.8-160000.3.1.s390x.rpm avahi-utils-0.8-160000.3.1.s390x.rpm libavahi-client3-0.8-160000.3.1.s390x.rpm libavahi-common3-0.8-160000.3.1.s390x.rpm libavahi-core7-0.8-160000.3.1.s390x.rpm libavahi-devel-0.8-160000.3.1.s390x.rpm libavahi-libevent1-0.8-160000.3.1.s390x.rpm libdns_sd-0.8-160000.3.1.s390x.rpm libhowl0-0.8-160000.3.1.s390x.rpm python313-avahi-0.8-160000.3.1.s390x.rpm libavahi-qt6-1-0.8-160000.3.1.s390x.rpm libavahi-qt6-devel-0.8-160000.3.1.s390x.rpm avahi-utils-gtk-0.8-160000.3.1.s390x.rpm libavahi-glib-devel-0.8-160000.3.1.s390x.rpm libavahi-glib1-0.8-160000.3.1.s390x.rpm libavahi-gobject-devel-0.8-160000.3.1.s390x.rpm libavahi-gobject0-0.8-160000.3.1.s390x.rpm libavahi-ui-gtk3-0-0.8-160000.3.1.s390x.rpm python3-avahi-gtk-0.8-160000.3.1.s390x.rpm typelib-1_0-Avahi-0_6-0.8-160000.3.1.s390x.rpm avahi-0.8-160000.3.1.x86_64.rpm avahi-autoipd-0.8-160000.3.1.x86_64.rpm avahi-compat-howl-devel-0.8-160000.3.1.x86_64.rpm avahi-compat-mDNSResponder-devel-0.8-160000.3.1.x86_64.rpm avahi-utils-0.8-160000.3.1.x86_64.rpm libavahi-client3-0.8-160000.3.1.x86_64.rpm libavahi-common3-0.8-160000.3.1.x86_64.rpm libavahi-core7-0.8-160000.3.1.x86_64.rpm libavahi-devel-0.8-160000.3.1.x86_64.rpm libavahi-libevent1-0.8-160000.3.1.x86_64.rpm libdns_sd-0.8-160000.3.1.x86_64.rpm libhowl0-0.8-160000.3.1.x86_64.rpm python313-avahi-0.8-160000.3.1.x86_64.rpm libavahi-qt6-1-0.8-160000.3.1.x86_64.rpm libavahi-qt6-devel-0.8-160000.3.1.x86_64.rpm avahi-utils-gtk-0.8-160000.3.1.x86_64.rpm libavahi-glib-devel-0.8-160000.3.1.x86_64.rpm libavahi-glib1-0.8-160000.3.1.x86_64.rpm libavahi-gobject-devel-0.8-160000.3.1.x86_64.rpm libavahi-gobject0-0.8-160000.3.1.x86_64.rpm libavahi-ui-gtk3-0-0.8-160000.3.1.x86_64.rpm python3-avahi-gtk-0.8-160000.3.1.x86_64.rpm typelib-1_0-Avahi-0_6-0.8-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-128 Security update for MozillaFirefox important SUSE SLFO 1.2 This update for MozillaFirefox fixes the following issues: Changes in MozillaFirefox: Firefox Extended Support Release 140.6.0 ESR was released: * Fixed: Various security fixes. MFSA 2025-94 (bsc#1254551): * CVE-2025-14321: Use-after-free in the WebRTC: Signaling component * CVE-2025-14322: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component * CVE-2025-14323: Privilege escalation in the DOM: Notifications component * CVE-2025-14324: JIT miscompilation in the JavaScript Engine: JIT component * CVE-2025-14325: JIT miscompilation in the JavaScript Engine: JIT component * CVE-2025-14328: Privilege escalation in the Netmonitor component * CVE-2025-14329: Privilege escalation in the Netmonitor component * CVE-2025-14330: JIT miscompilation in the JavaScript Engine: JIT component * CVE-2025-14331: Same-origin policy bypass in the Request Handling component * CVE-2025-14333: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146 MozillaFirefox-140.6.0-160000.1.1.aarch64.rpm MozillaFirefox-branding-upstream-140.6.0-160000.1.1.aarch64.rpm MozillaFirefox-devel-140.6.0-160000.1.1.noarch.rpm MozillaFirefox-translations-common-140.6.0-160000.1.1.aarch64.rpm MozillaFirefox-translations-other-140.6.0-160000.1.1.aarch64.rpm MozillaFirefox-140.6.0-160000.1.1.ppc64le.rpm MozillaFirefox-branding-upstream-140.6.0-160000.1.1.ppc64le.rpm MozillaFirefox-translations-common-140.6.0-160000.1.1.ppc64le.rpm MozillaFirefox-translations-other-140.6.0-160000.1.1.ppc64le.rpm MozillaFirefox-140.6.0-160000.1.1.s390x.rpm MozillaFirefox-branding-upstream-140.6.0-160000.1.1.s390x.rpm MozillaFirefox-translations-common-140.6.0-160000.1.1.s390x.rpm MozillaFirefox-translations-other-140.6.0-160000.1.1.s390x.rpm MozillaFirefox-140.6.0-160000.1.1.x86_64.rpm MozillaFirefox-branding-upstream-140.6.0-160000.1.1.x86_64.rpm MozillaFirefox-translations-common-140.6.0-160000.1.1.x86_64.rpm MozillaFirefox-translations-other-140.6.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-129 Security update for python-tornado6 important SUSE SLFO 1.2 This update for python-tornado6 fixes the following issues: - CVE-2025-67724: unescaped `reason` argument used in HTTP headers and in HTML default error pages can be used by attackers to launch header injection or XSS attacks (bsc#1254903). - CVE-2025-67725: quadratic complexity of string concatenation operations used by the `HTTPHeaders.add` method can lead o DoS when processing a maliciously crafted HTTP request (bsc#1254905). - CVE-2025-67726: quadratic complexity algorithm used in the `_parseparam` function of `httputil.py` can lead to DoS when processing maliciously crafted parameters in a `Content-Disposition` header (bsc#1254904). python313-tornado6-6.5-160000.3.1.aarch64.rpm python313-tornado6-6.5-160000.3.1.ppc64le.rpm python313-tornado6-6.5-160000.3.1.s390x.rpm python313-tornado6-6.5-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-13 Recommended update for rust-bindgen moderate SUSE SLFO 1.2 This update for rust-bindgen fixes the following issues: Update to version 0.71.1: * Unbreak shell completion and --version without header * Add version field to `bindgen` as a dependency * docs(book): fix inconsistent use of Clang versions * docs(book): fix package name for the extra Clang tools * Use `KyleMayes/install-llvm-action` to install LLVM * Use `macos-latest` on CI * Fix regression spotted at #3027 * Bless all the tests * Update the `--merge-extern-blocks` tests * Test the `unsafe_extern_blocks` feature * Add support for unsafe extern blocks * Fix some markdown * Expose the name of the inner type of an alias * Add FieldInfo::field_type_name * Wrap the array representation of opaque types in a #[repr(C)] struct * example test for item discovery callback (new_item_found) * expose discovered composite types and aliases to parse callbacks * Improve debug str generator * Fix `manual_let_else` and `single_match_else` lint * Fix `explicit_iter_loop` lint * Fix `if_not_else` lint * Fix `map_unwrap_or` lint * Fix `cast_lossless` lint * Fix a lot of `unused_qualifications` lints * Bump some dependencies * Consolidate clippy configuration * automate MSRV in CI * consolidate versions in one place * sort dependencies * Linting semicolons * Inline more format args, spelink * Applied clippy cloned->copied, and cleanup * Make RustEdition public * Test the `literal_cstr` feature with different editions * Add support for edition 2024 * Introduce `--rust-edition` * Make nightly target compatible with every other target * Use `Display` for `Builder::generate` errors * Clippify, and hide some lints in test output * Inline format args * Use v2 cargo resolver * a few more lints * avoid compiler warning * Automatic support for C-String literals * Bump to 2021 edition * Update the help message for `--rust-target` * Ignore the `layout.h` test * Make clippy happy :) * Remove deprecated targets * Add constructors to `RustTarget` * Represent Rust versions with integers * Make `RustTarget` parsing more permissive * Recognize inline namespaces using clang's dedicated API for that * Add test of macro-generated inline namespace * Install libtinfo5 from jammy-updates * Add `raw_ref_macros` feature * Handle version and shell completions * Let clap handle missing headers * abstract away the control-flow for applying args * delete duplicated default logic for `--anon-fields-prefix` * Formatted `CONTRIBUTING.md`. - Passes `markdownlint` (mostly) - Removed `$` from shell instructions, as to be more copy/paste friendly - Annotated code-like things with backticks. - Annotated all shell blocks with `sh` to format nicely on GitHub.com. * make `RegexSet` non-public * Move CLI options to `bindgen` * Set edition for `bindgen-integration` * Use workspace inheritance for dependencies * Changelog: Move --with-attribute-custom to unreleased * Restrict release workflow to pushes * Use `field_visibility` callback for new-type aliases * Wrap __library.get calls for variables if wrap_unsafe_ops * Add test showing bad behavior for non-functions * Wrap libloading::Library::new call in unsafe if --wrap-unsafe-ops * update small typo * Docs: Fix example code error * Require libclang 9.0 or newer Adds a check for the loaded libclang version and logs a warning if the version is unsupported. * Add additional helpers to bitfield data structure * Update CHANGELOG.md * Stabilize `--wrap-static-fns` * Update CHANGELOG.md * Use `\r\n\r\n` on Windows * Add support for custom attributes * update to use annotate-snippets 0.11.4 * update to annotate-snippets 0.10.2 * ir: Dig into atomic types. * Explain how to generate documentation for system headers * Only publish on crates.io if the workflow event is called `'Release'` * Update cargo-dist config rust-bindgen-0.71.1-160000.1.1.aarch64.rpm rust-bindgen-0.71.1-160000.1.1.ppc64le.rpm rust-bindgen-0.71.1-160000.1.1.s390x.rpm rust-bindgen-0.71.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-130 Security update for libmicrohttpd important SUSE SLFO 1.2 This update for libmicrohttpd fixes the following issues: - CVE-2025-62689: Fixed heap-based buffer overflow through a specially crafted packet (bsc#1253178) - CVE-2025-59777: Fixed NULL pointer dereference through a specially crafted packet (bsc#1253177) libmicrohttpd-devel-1.0.1-160000.3.1.aarch64.rpm libmicrohttpd12-1.0.1-160000.3.1.aarch64.rpm libmicrohttpd-devel-1.0.1-160000.3.1.ppc64le.rpm libmicrohttpd12-1.0.1-160000.3.1.ppc64le.rpm libmicrohttpd-devel-1.0.1-160000.3.1.s390x.rpm libmicrohttpd12-1.0.1-160000.3.1.s390x.rpm libmicrohttpd-devel-1.0.1-160000.3.1.x86_64.rpm libmicrohttpd12-1.0.1-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-131 Security update for libpng16 important SUSE SLFO 1.2 This update for libpng16 fixes the following issues: - CVE-2025-64505: heap buffer over-read in `png_do_quantize` when processing PNG files malformed palette indices (bsc#1254157). - CVE-2025-64506: heap buffer over-read in `png_write_image_8bit` when processing 8-bit input with `convert_to_8bit` enabled (bsc#1254158). - CVE-2025-64720: out-of-bounds read in `png_image_read_composite` when processing palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled (bsc#1254159). - CVE-2025-65018: heap buffer overflow in `png_image_finish_read` when processing specially crafted 16-bit interlaced PNGs with 8-bit output format (bsc#1254160). - CVE-2025-66293: out-of-bounds read of the `png_sRGB_base` array when processing palette PNG images with partial transparency and gamma correction (bsc#1254480). libpng16-16-1.6.44-160000.3.1.aarch64.rpm libpng16-compat-devel-1.6.44-160000.3.1.aarch64.rpm libpng16-devel-1.6.44-160000.3.1.aarch64.rpm libpng16-tools-1.6.44-160000.3.1.aarch64.rpm libpng16-16-1.6.44-160000.3.1.ppc64le.rpm libpng16-compat-devel-1.6.44-160000.3.1.ppc64le.rpm libpng16-devel-1.6.44-160000.3.1.ppc64le.rpm libpng16-tools-1.6.44-160000.3.1.ppc64le.rpm libpng16-16-1.6.44-160000.3.1.s390x.rpm libpng16-compat-devel-1.6.44-160000.3.1.s390x.rpm libpng16-devel-1.6.44-160000.3.1.s390x.rpm libpng16-tools-1.6.44-160000.3.1.s390x.rpm libpng16-16-1.6.44-160000.3.1.x86_64.rpm libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64.rpm libpng16-compat-devel-1.6.44-160000.3.1.x86_64.rpm libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64.rpm libpng16-devel-1.6.44-160000.3.1.x86_64.rpm libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64.rpm libpng16-tools-1.6.44-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-132 Security update for glib2 important SUSE SLFO 1.2 This update for glib2 fixes the following issues: Update to version 2.84.4. Security issues fixed: - CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote filesystem attribute values can lead to denial-of-service (bsc#1254878). - CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()` functions when processing attacker-influenced data may lead to crash or code execution (bsc#1254662). - CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a large number of unacceptable characters may lead to crash or code execution (bsc#1254297). - CVE-2025-7039: integer overflow when creating temporary files may lead to an out-of-bounds memory access that can be used for path traversal or exposure of sensitive content in a temporary file (bsc#1249055). Other issues fixed and changes: - Fix GFile leak in `g_local_file_set_display_name` during error handling. - Fix incorrect output parameter handling in closure helper of `g_settings_bind_with_mapping_closures`. - `gfileutils`: fix computation of temporary file name. - Fix GFile leak in `g_local_file_set_display_name()`. - `gthreadpool`: catch `pool_spawner` creation failure. - `gio/filenamecompleter`: fix leaks. - `gfilenamecompleter`: fix `g_object_unref()` of undefined value. gio-branding-upstream-2.84.4-160000.1.1.noarch.rpm glib2-devel-2.84.4-160000.1.1.aarch64.rpm glib2-devel-static-2.84.4-160000.1.1.aarch64.rpm glib2-lang-2.84.4-160000.1.1.noarch.rpm glib2-tests-devel-2.84.4-160000.1.1.aarch64.rpm glib2-tools-2.84.4-160000.1.1.aarch64.rpm libgio-2_0-0-2.84.4-160000.1.1.aarch64.rpm libgirepository-2_0-0-2.84.4-160000.1.1.aarch64.rpm libglib-2_0-0-2.84.4-160000.1.1.aarch64.rpm libgmodule-2_0-0-2.84.4-160000.1.1.aarch64.rpm libgobject-2_0-0-2.84.4-160000.1.1.aarch64.rpm libgthread-2_0-0-2.84.4-160000.1.1.aarch64.rpm typelib-1_0-GIRepository-3_0-2.84.4-160000.1.1.aarch64.rpm typelib-1_0-GLib-2_0-2.84.4-160000.1.1.aarch64.rpm typelib-1_0-GLibUnix-2_0-2.84.4-160000.1.1.aarch64.rpm typelib-1_0-GModule-2_0-2.84.4-160000.1.1.aarch64.rpm typelib-1_0-GObject-2_0-2.84.4-160000.1.1.aarch64.rpm typelib-1_0-Gio-2_0-2.84.4-160000.1.1.aarch64.rpm glib2-doc-2.84.4-160000.1.1.aarch64.rpm glib2-devel-2.84.4-160000.1.1.ppc64le.rpm glib2-devel-static-2.84.4-160000.1.1.ppc64le.rpm glib2-tests-devel-2.84.4-160000.1.1.ppc64le.rpm glib2-tools-2.84.4-160000.1.1.ppc64le.rpm libgio-2_0-0-2.84.4-160000.1.1.ppc64le.rpm libgirepository-2_0-0-2.84.4-160000.1.1.ppc64le.rpm libglib-2_0-0-2.84.4-160000.1.1.ppc64le.rpm libgmodule-2_0-0-2.84.4-160000.1.1.ppc64le.rpm libgobject-2_0-0-2.84.4-160000.1.1.ppc64le.rpm libgthread-2_0-0-2.84.4-160000.1.1.ppc64le.rpm typelib-1_0-GIRepository-3_0-2.84.4-160000.1.1.ppc64le.rpm typelib-1_0-GLib-2_0-2.84.4-160000.1.1.ppc64le.rpm typelib-1_0-GLibUnix-2_0-2.84.4-160000.1.1.ppc64le.rpm typelib-1_0-GModule-2_0-2.84.4-160000.1.1.ppc64le.rpm typelib-1_0-GObject-2_0-2.84.4-160000.1.1.ppc64le.rpm typelib-1_0-Gio-2_0-2.84.4-160000.1.1.ppc64le.rpm glib2-doc-2.84.4-160000.1.1.ppc64le.rpm glib2-devel-2.84.4-160000.1.1.s390x.rpm glib2-devel-static-2.84.4-160000.1.1.s390x.rpm glib2-tests-devel-2.84.4-160000.1.1.s390x.rpm glib2-tools-2.84.4-160000.1.1.s390x.rpm libgio-2_0-0-2.84.4-160000.1.1.s390x.rpm libgirepository-2_0-0-2.84.4-160000.1.1.s390x.rpm libglib-2_0-0-2.84.4-160000.1.1.s390x.rpm libgmodule-2_0-0-2.84.4-160000.1.1.s390x.rpm libgobject-2_0-0-2.84.4-160000.1.1.s390x.rpm libgthread-2_0-0-2.84.4-160000.1.1.s390x.rpm typelib-1_0-GIRepository-3_0-2.84.4-160000.1.1.s390x.rpm typelib-1_0-GLib-2_0-2.84.4-160000.1.1.s390x.rpm typelib-1_0-GLibUnix-2_0-2.84.4-160000.1.1.s390x.rpm typelib-1_0-GModule-2_0-2.84.4-160000.1.1.s390x.rpm typelib-1_0-GObject-2_0-2.84.4-160000.1.1.s390x.rpm typelib-1_0-Gio-2_0-2.84.4-160000.1.1.s390x.rpm glib2-doc-2.84.4-160000.1.1.s390x.rpm glib2-devel-2.84.4-160000.1.1.x86_64.rpm glib2-devel-static-2.84.4-160000.1.1.x86_64.rpm glib2-tests-devel-2.84.4-160000.1.1.x86_64.rpm glib2-tools-2.84.4-160000.1.1.x86_64.rpm libgio-2_0-0-2.84.4-160000.1.1.x86_64.rpm libgirepository-2_0-0-2.84.4-160000.1.1.x86_64.rpm libglib-2_0-0-2.84.4-160000.1.1.x86_64.rpm libgmodule-2_0-0-2.84.4-160000.1.1.x86_64.rpm libgobject-2_0-0-2.84.4-160000.1.1.x86_64.rpm libgthread-2_0-0-2.84.4-160000.1.1.x86_64.rpm typelib-1_0-GIRepository-3_0-2.84.4-160000.1.1.x86_64.rpm typelib-1_0-GLib-2_0-2.84.4-160000.1.1.x86_64.rpm typelib-1_0-GLibUnix-2_0-2.84.4-160000.1.1.x86_64.rpm typelib-1_0-GModule-2_0-2.84.4-160000.1.1.x86_64.rpm typelib-1_0-GObject-2_0-2.84.4-160000.1.1.x86_64.rpm typelib-1_0-Gio-2_0-2.84.4-160000.1.1.x86_64.rpm glib2-doc-2.84.4-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-133 Recommended update for virt-manager important SUSE SLFO 1.2 This update for virt-manager fixes the following issues: - Unable to create an SEV-SNP enabled guest with virt-manager This simplifies the code from what used to be required for sev while adding initial tdx support (bsc#1252105). - Add support for creating TDX guests in virt-install (jsc#PED-9265) virt-install-5.0.0-160000.4.1.noarch.rpm virt-manager-5.0.0-160000.4.1.noarch.rpm virt-manager-common-5.0.0-160000.4.1.noarch.rpm openSUSE-Leap-16.0-134 Security update for hawk2 important SUSE SLFO 1.2 This update for hawk2 fixes the following issues: - Bump ruby gem rack to 3.1.18 (bsc#1251939). - Bump ruby gem uri to 1.0.4. - Fix the mtime in manifest.json (bsc#1230275). - Make builds determinitstic (bsc#1230275). - Bump rails version from 8.0.2 to 8.0.2.1 (bsc#1248100). - Require openssl explicitly (bsc#1247899). hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.aarch64.rpm hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le.rpm hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.s390x.rpm hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-135 Security update for python-uv important SUSE SLFO 1.2 This update for python-uv fixes the following issues: - CVE-2025-62518: astral-tokio-tar: Fixed boundary parsing issue allowing attackers to smuggle additional archive entries (bsc#1252399) - CVE-2025-58160: tracing-subscriber: Fixed log pollution (bsc#1249011) python313-uv-0.7.18-160000.3.1.aarch64.rpm python313-uv-bash-completion-0.7.18-160000.3.1.noarch.rpm python313-uv-fish-completion-0.7.18-160000.3.1.noarch.rpm python313-uv-zsh-completion-0.7.18-160000.3.1.noarch.rpm python313-uv-0.7.18-160000.3.1.ppc64le.rpm python313-uv-0.7.18-160000.3.1.s390x.rpm python313-uv-0.7.18-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-136 Security update for squid important SUSE SLFO 1.2 This update for squid fixes the following issues: - CVE-2025-62168: failure to redact HTTP authentication credentials in error handling leads to the disclosure of credentials a trusted client uses to authenticate (bsc#1252281). - CVE-2025-59362: SNMP message processing component of Squid Cache can lead to stack-based buffer overflow (bsc#1250627). squid-6.12-160000.3.1.aarch64.rpm squid-6.12-160000.3.1.ppc64le.rpm squid-6.12-160000.3.1.s390x.rpm squid-6.12-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-137 Recommended update for hyper-v moderate SUSE SLFO 1.2 This update for hyper-v fixes the following issues: - fcopy: Fix irregularities with size of ring buffer - fcopy: Fix incorrect file path conversion - enable debug logs for hv_kvp_daemon (bsc#1244154) - update route parsing in kvp daemon - reduce resource usage in hv_kvp_daemon - reduce resouce usage in hv_get_dns_info helper - hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well - terminate fcopy daemon if read from uio fails - change permissions of NetworkManager configuration file - fix a complier warning in the fcopy uio daemon - remove obsolete kvptest.ps1.txt which failed since a decade - remove obsolete rpm postinstall code for SLE11SP2 hyper-v-9-160000.3.1.aarch64.rpm hyper-v-9-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-138 Security update for gpg2 important SUSE SLFO 1.2 This update for gpg2 fixes the following issues: - CVE-2025-68973: out-of-bounds write when processing specially crafted input in the armor parser can lead to memory corruption (bsc#1255715). Other security fixes: - gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures (bsc#1256246). - gpg: Error out on unverified output for non-detached signatures (bsc#1256244). - gpg: Deprecate the option --not-dash-escaped (bsc#1256390). dirmngr-2.5.5-160000.3.1.aarch64.rpm gpg2-2.5.5-160000.3.1.aarch64.rpm gpg2-lang-2.5.5-160000.3.1.noarch.rpm gpg2-tpm-2.5.5-160000.3.1.aarch64.rpm dirmngr-2.5.5-160000.3.1.ppc64le.rpm gpg2-2.5.5-160000.3.1.ppc64le.rpm gpg2-tpm-2.5.5-160000.3.1.ppc64le.rpm dirmngr-2.5.5-160000.3.1.s390x.rpm gpg2-2.5.5-160000.3.1.s390x.rpm gpg2-tpm-2.5.5-160000.3.1.s390x.rpm dirmngr-2.5.5-160000.3.1.x86_64.rpm gpg2-2.5.5-160000.3.1.x86_64.rpm gpg2-tpm-2.5.5-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-139 Security update for apache2 moderate SUSE SLFO 1.2 This update for apache2 fixes the following issues: - CVE-2025-55753: Fixed mod_md (ACME), unintended retry intervals (bsc#1254511) - CVE-2025-58098: Fixed Server Side Includes adds query string to #exec cmd (bsc#1254512) - CVE-2025-65082: Fixed CGI environment variable override (bsc#1254514) - CVE-2025-66200: Fixed mod_userdir+suexec bypass via AllowOverride FileInfo (bsc#1254515) apache2-2.4.63-160000.3.1.aarch64.rpm apache2-event-2.4.63-160000.3.1.aarch64.rpm apache2-worker-2.4.63-160000.3.1.aarch64.rpm apache2-prefork-2.4.63-160000.3.1.aarch64.rpm apache2-utils-2.4.63-160000.3.1.aarch64.rpm apache2-devel-2.4.63-160000.3.1.aarch64.rpm apache2-manual-2.4.63-160000.3.1.noarch.rpm apache2-2.4.63-160000.3.1.ppc64le.rpm apache2-event-2.4.63-160000.3.1.ppc64le.rpm apache2-worker-2.4.63-160000.3.1.ppc64le.rpm apache2-prefork-2.4.63-160000.3.1.ppc64le.rpm apache2-utils-2.4.63-160000.3.1.ppc64le.rpm apache2-devel-2.4.63-160000.3.1.ppc64le.rpm apache2-2.4.63-160000.3.1.s390x.rpm apache2-event-2.4.63-160000.3.1.s390x.rpm apache2-worker-2.4.63-160000.3.1.s390x.rpm apache2-prefork-2.4.63-160000.3.1.s390x.rpm apache2-utils-2.4.63-160000.3.1.s390x.rpm apache2-devel-2.4.63-160000.3.1.s390x.rpm apache2-2.4.63-160000.3.1.x86_64.rpm apache2-event-2.4.63-160000.3.1.x86_64.rpm apache2-worker-2.4.63-160000.3.1.x86_64.rpm apache2-prefork-2.4.63-160000.3.1.x86_64.rpm apache2-utils-2.4.63-160000.3.1.x86_64.rpm apache2-devel-2.4.63-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-14 Recommended update for agama-products, agama-web-ui, agama, rubygem-agama-yast moderate SUSE SLFO 1.2 This update for agama-products, agama-web-ui, agama, rubygem-agama-yast fixes the following issues: Changes in agama-web-ui: - Use the JavaScript/TypeScript parser to extract strings for translation - Preserve installer options values after successful submission (bsc#1249636). - Fixed the check about which DASDs can be formatted (bsc#1243795). Changes in agama: - Do not log errors when retrieving NetworkManager secrets to prevent leaking them (bsc#1251898). Changes in rubygem-agama-yast: - Fixed an error in the calculation of partitions when several MD RAIDs are created (bsc#1253145). agama-products-opensuse-17+427.52990b794-160000.5.1.noarch.rpm agama-products-sle-17+427.52990b794-160000.5.1.noarch.rpm agama-web-ui-17+430.2f49499cf-160000.8.1.noarch.rpm agama-17+427.52990b794-160000.6.1.aarch64.rpm agama-autoinstall-17+427.52990b794-160000.6.1.aarch64.rpm agama-cli-17+427.52990b794-160000.6.1.aarch64.rpm agama-cli-bash-completion-17+427.52990b794-160000.6.1.noarch.rpm agama-cli-fish-completion-17+427.52990b794-160000.6.1.noarch.rpm agama-cli-zsh-completion-17+427.52990b794-160000.6.1.noarch.rpm agama-openapi-17+427.52990b794-160000.6.1.aarch64.rpm agama-scripts-17+427.52990b794-160000.6.1.aarch64.rpm ruby3.4-rubygem-agama-yast-17.devel437.3b5eef886-160000.1.1.aarch64.rpm agama-yast-17.devel437.3b5eef886-160000.1.1.aarch64.rpm agama-17+427.52990b794-160000.6.1.ppc64le.rpm agama-autoinstall-17+427.52990b794-160000.6.1.ppc64le.rpm agama-cli-17+427.52990b794-160000.6.1.ppc64le.rpm agama-openapi-17+427.52990b794-160000.6.1.ppc64le.rpm agama-scripts-17+427.52990b794-160000.6.1.ppc64le.rpm ruby3.4-rubygem-agama-yast-17.devel437.3b5eef886-160000.1.1.ppc64le.rpm agama-yast-17.devel437.3b5eef886-160000.1.1.ppc64le.rpm agama-17+427.52990b794-160000.6.1.s390x.rpm agama-autoinstall-17+427.52990b794-160000.6.1.s390x.rpm agama-cli-17+427.52990b794-160000.6.1.s390x.rpm agama-openapi-17+427.52990b794-160000.6.1.s390x.rpm agama-scripts-17+427.52990b794-160000.6.1.s390x.rpm ruby3.4-rubygem-agama-yast-17.devel437.3b5eef886-160000.1.1.s390x.rpm agama-yast-17.devel437.3b5eef886-160000.1.1.s390x.rpm agama-17+427.52990b794-160000.6.1.x86_64.rpm agama-autoinstall-17+427.52990b794-160000.6.1.x86_64.rpm agama-cli-17+427.52990b794-160000.6.1.x86_64.rpm agama-openapi-17+427.52990b794-160000.6.1.x86_64.rpm agama-scripts-17+427.52990b794-160000.6.1.x86_64.rpm ruby3.4-rubygem-agama-yast-17.devel437.3b5eef886-160000.1.1.x86_64.rpm agama-yast-17.devel437.3b5eef886-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-140 Security update for curl moderate SUSE SLFO 1.2 This update for curl fixes the following issues: This update for curl fixes the following issues: - CVE-2025-14017: broken TLS options for threaded LDAPS (bsc#1256105). - CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731). - CVE-2025-14819: libssh global knownhost override (bsc#1255732). - CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733). - CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734). curl-8.14.1-160000.4.1.aarch64.rpm curl-fish-completion-8.14.1-160000.4.1.noarch.rpm curl-zsh-completion-8.14.1-160000.4.1.noarch.rpm libcurl-devel-8.14.1-160000.4.1.aarch64.rpm libcurl-devel-doc-8.14.1-160000.4.1.noarch.rpm libcurl4-8.14.1-160000.4.1.aarch64.rpm curl-8.14.1-160000.4.1.ppc64le.rpm libcurl-devel-8.14.1-160000.4.1.ppc64le.rpm libcurl4-8.14.1-160000.4.1.ppc64le.rpm curl-8.14.1-160000.4.1.s390x.rpm libcurl-devel-8.14.1-160000.4.1.s390x.rpm libcurl4-8.14.1-160000.4.1.s390x.rpm curl-8.14.1-160000.4.1.x86_64.rpm libcurl-devel-8.14.1-160000.4.1.x86_64.rpm libcurl4-8.14.1-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-141 Security update for haproxy moderate SUSE SLFO 1.2 This update for haproxy fixes the following issues: - CVE-2025-11230: issue in the mjson JSON decoder leads to excessive resource consumption when processing numbers with large exponents (bsc#1250983). haproxy-3.2.0+git0.e134140d2-160000.3.1.aarch64.rpm haproxy-3.2.0+git0.e134140d2-160000.3.1.ppc64le.rpm haproxy-3.2.0+git0.e134140d2-160000.3.1.s390x.rpm haproxy-3.2.0+git0.e134140d2-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-142 Recommended update for openvswitch moderate SUSE SLFO 1.2 This update for openvswitch fixes the following issues: - Update OVN to 25.03.2 * Bug fixes * Dynamic Routing: + Add the option "dynamic-routing-redistribute-local-only" to Logical Routers and Logical Router Ports which refines the way in which chassis-specific Advertised_Routes (e.g., for NAT and LB IPs) are advertised. + Add the option "dynamic-routing-vrf-id" to Logical Routers which allows CMS to specify the Linux routing table id for a given vrf. * Add ovn-nbctl lsp-add-router-port which will create router port on specified LS. * Add ovn-nbctl lsp-add-localnet-port which will create localnet port on specified LS. - Update OVN to 25.03.1 * Bug fixes - Update Openvswitch to 3.5.2 * Bug fixes libopenvswitch-3_5-0-3.5.2-160000.3.1.aarch64.rpm libovn-25_03-0-25.03.2-160000.3.1.aarch64.rpm openvswitch-3.5.2-160000.3.1.aarch64.rpm openvswitch-devel-3.5.2-160000.3.1.aarch64.rpm openvswitch-doc-3.5.2-160000.3.1.noarch.rpm openvswitch-ipsec-3.5.2-160000.3.1.aarch64.rpm openvswitch-pki-3.5.2-160000.3.1.aarch64.rpm openvswitch-test-3.5.2-160000.3.1.aarch64.rpm openvswitch-vtep-3.5.2-160000.3.1.aarch64.rpm ovn-25.03.2-160000.3.1.aarch64.rpm ovn-central-25.03.2-160000.3.1.aarch64.rpm ovn-devel-25.03.2-160000.3.1.aarch64.rpm ovn-doc-25.03.2-160000.3.1.noarch.rpm ovn-docker-25.03.2-160000.3.1.aarch64.rpm ovn-host-25.03.2-160000.3.1.aarch64.rpm ovn-vtep-25.03.2-160000.3.1.aarch64.rpm python3-openvswitch-3.5.2-160000.3.1.aarch64.rpm libopenvswitch-3_5-0-3.5.2-160000.3.1.ppc64le.rpm libovn-25_03-0-25.03.2-160000.3.1.ppc64le.rpm openvswitch-3.5.2-160000.3.1.ppc64le.rpm openvswitch-devel-3.5.2-160000.3.1.ppc64le.rpm openvswitch-ipsec-3.5.2-160000.3.1.ppc64le.rpm openvswitch-pki-3.5.2-160000.3.1.ppc64le.rpm openvswitch-test-3.5.2-160000.3.1.ppc64le.rpm openvswitch-vtep-3.5.2-160000.3.1.ppc64le.rpm ovn-25.03.2-160000.3.1.ppc64le.rpm ovn-central-25.03.2-160000.3.1.ppc64le.rpm ovn-devel-25.03.2-160000.3.1.ppc64le.rpm ovn-docker-25.03.2-160000.3.1.ppc64le.rpm ovn-host-25.03.2-160000.3.1.ppc64le.rpm ovn-vtep-25.03.2-160000.3.1.ppc64le.rpm python3-openvswitch-3.5.2-160000.3.1.ppc64le.rpm libopenvswitch-3_5-0-3.5.2-160000.3.1.s390x.rpm libovn-25_03-0-25.03.2-160000.3.1.s390x.rpm openvswitch-3.5.2-160000.3.1.s390x.rpm openvswitch-devel-3.5.2-160000.3.1.s390x.rpm openvswitch-ipsec-3.5.2-160000.3.1.s390x.rpm openvswitch-pki-3.5.2-160000.3.1.s390x.rpm openvswitch-test-3.5.2-160000.3.1.s390x.rpm openvswitch-vtep-3.5.2-160000.3.1.s390x.rpm ovn-25.03.2-160000.3.1.s390x.rpm ovn-central-25.03.2-160000.3.1.s390x.rpm ovn-devel-25.03.2-160000.3.1.s390x.rpm ovn-docker-25.03.2-160000.3.1.s390x.rpm ovn-host-25.03.2-160000.3.1.s390x.rpm ovn-vtep-25.03.2-160000.3.1.s390x.rpm python3-openvswitch-3.5.2-160000.3.1.s390x.rpm libopenvswitch-3_5-0-3.5.2-160000.3.1.x86_64.rpm libovn-25_03-0-25.03.2-160000.3.1.x86_64.rpm openvswitch-3.5.2-160000.3.1.x86_64.rpm openvswitch-devel-3.5.2-160000.3.1.x86_64.rpm openvswitch-ipsec-3.5.2-160000.3.1.x86_64.rpm openvswitch-pki-3.5.2-160000.3.1.x86_64.rpm openvswitch-test-3.5.2-160000.3.1.x86_64.rpm openvswitch-vtep-3.5.2-160000.3.1.x86_64.rpm ovn-25.03.2-160000.3.1.x86_64.rpm ovn-central-25.03.2-160000.3.1.x86_64.rpm ovn-devel-25.03.2-160000.3.1.x86_64.rpm ovn-docker-25.03.2-160000.3.1.x86_64.rpm ovn-host-25.03.2-160000.3.1.x86_64.rpm ovn-vtep-25.03.2-160000.3.1.x86_64.rpm python3-openvswitch-3.5.2-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-143 Security update for tomcat important SUSE SLFO 1.2 This update for tomcat fixes the following issues: - Update to Tomcat 9.0.111 - Security fixes: - CVE-2025-55752: directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753). - CVE-2025-55754: improper neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat (bsc#1252905). - CVE-2025-61795: temporary copies during the processing of multipart upload can lead to a denial of service (bsc#1252756). tomcat-9.0.111-160000.1.1.noarch.rpm tomcat-admin-webapps-9.0.111-160000.1.1.noarch.rpm tomcat-docs-webapp-9.0.111-160000.1.1.noarch.rpm tomcat-el-3_0-api-9.0.111-160000.1.1.noarch.rpm tomcat-embed-9.0.111-160000.1.1.noarch.rpm tomcat-javadoc-9.0.111-160000.1.1.noarch.rpm tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch.rpm tomcat-jsvc-9.0.111-160000.1.1.noarch.rpm tomcat-lib-9.0.111-160000.1.1.noarch.rpm tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch.rpm tomcat-webapps-9.0.111-160000.1.1.noarch.rpm openSUSE-Leap-16.0-144 Security update for bind important SUSE SLFO 1.2 This update for bind fixes the following issues: - Upgrade to release 9.20.15 Security Fixes: * CVE-2025-40778: Fixed cache poisoning attacks with unsolicited RRs (bsc#1252379) * CVE-2025-40780: Fixed cache poisoning due to weak PRNG (bsc#1252380) * CVE-2025-8677: Fixed resource exhaustion via malformed DNSKEY handling (bsc#1252378) New Features: * Add dnssec-policy keys configuration check to named-checkconf. * Add a new option `manual-mode` to dnssec-policy. * Add a new option `servfail-until-ready` to response-policy zones. * Support for parsing HHIT and BRID records has been added. * Support for parsing DSYNC records has been added. Removed Features: * Deprecate the `tkey-gssapi-credential` statement. * Obsolete the `tkey-domain` statement. Feature Changes: * Add deprecation warnings for RSASHA1, RSASHA1-NSEC3SHA1, and DS digest type 1. Bug Fixes: * Missing DNSSEC information when CD bit is set in query. * rndc sign during ZSK rollover will now replace signatures. * Use signer name when disabling DNSSEC algorithms. * Preserve cache when reload fails and reload the server again. * Prevent spurious SERVFAILs for certain 0-TTL resource records. * Fix unexpected termination if catalog-zones had undefined `default-primaries`. * Stale RRsets in a CNAME chain were not always refreshed. * Add RPZ extended DNS error for zones with a CNAME override policy configured. * Fix dig +keepopen option. * Log dropped or slipped responses in the query-errors category. * Fix synth-from-dnssec not working in some scenarios. * Clean enough memory when adding new ADB names/entries under memory pressure. * Prevent spurious validation failures. * Ensure file descriptors 0-2 are in use before using libuv [bsc#1230649] bind-9.20.15-160000.1.1.aarch64.rpm bind-doc-9.20.15-160000.1.1.noarch.rpm bind-modules-bdbhpt-9.20.15-160000.1.1.aarch64.rpm bind-modules-generic-9.20.15-160000.1.1.aarch64.rpm bind-modules-ldap-9.20.15-160000.1.1.aarch64.rpm bind-modules-mysql-9.20.15-160000.1.1.aarch64.rpm bind-modules-perl-9.20.15-160000.1.1.aarch64.rpm bind-modules-sqlite3-9.20.15-160000.1.1.aarch64.rpm bind-utils-9.20.15-160000.1.1.aarch64.rpm bind-9.20.15-160000.1.1.ppc64le.rpm bind-modules-bdbhpt-9.20.15-160000.1.1.ppc64le.rpm bind-modules-generic-9.20.15-160000.1.1.ppc64le.rpm bind-modules-ldap-9.20.15-160000.1.1.ppc64le.rpm bind-modules-mysql-9.20.15-160000.1.1.ppc64le.rpm bind-modules-perl-9.20.15-160000.1.1.ppc64le.rpm bind-modules-sqlite3-9.20.15-160000.1.1.ppc64le.rpm bind-utils-9.20.15-160000.1.1.ppc64le.rpm bind-9.20.15-160000.1.1.s390x.rpm bind-modules-bdbhpt-9.20.15-160000.1.1.s390x.rpm bind-modules-generic-9.20.15-160000.1.1.s390x.rpm bind-modules-ldap-9.20.15-160000.1.1.s390x.rpm bind-modules-mysql-9.20.15-160000.1.1.s390x.rpm bind-modules-perl-9.20.15-160000.1.1.s390x.rpm bind-modules-sqlite3-9.20.15-160000.1.1.s390x.rpm bind-utils-9.20.15-160000.1.1.s390x.rpm bind-9.20.15-160000.1.1.x86_64.rpm bind-modules-bdbhpt-9.20.15-160000.1.1.x86_64.rpm bind-modules-generic-9.20.15-160000.1.1.x86_64.rpm bind-modules-ldap-9.20.15-160000.1.1.x86_64.rpm bind-modules-mysql-9.20.15-160000.1.1.x86_64.rpm bind-modules-perl-9.20.15-160000.1.1.x86_64.rpm bind-modules-sqlite3-9.20.15-160000.1.1.x86_64.rpm bind-utils-9.20.15-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-145 Recommended update for apparmor important SUSE SLFO 1.2 This update for apparmor fixes the following issues: Changes in apparmor: - allow writing /tmp/doveconf.* in more dovecot profiles update to AppArmor 4.1.2: - several fixes (including boo#1246743) - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.1.2 for the detailed upstream changelog - more dovecot 2.4 permissions (boo#1247470) apache2-mod_apparmor-4.1.2-160000.1.1.aarch64.rpm apparmor-abstractions-4.1.2-160000.1.1.noarch.rpm apparmor-docs-4.1.2-160000.1.1.noarch.rpm apparmor-parser-4.1.2-160000.1.1.aarch64.rpm apparmor-parser-lang-4.1.2-160000.1.1.noarch.rpm apparmor-profiles-4.1.2-160000.1.1.noarch.rpm apparmor-utils-4.1.2-160000.1.1.noarch.rpm apparmor-utils-lang-4.1.2-160000.1.1.noarch.rpm pam_apparmor-4.1.2-160000.1.1.aarch64.rpm perl-apparmor-4.1.2-160000.1.1.aarch64.rpm python3-apparmor-4.1.2-160000.1.1.aarch64.rpm ruby-apparmor-4.1.2-160000.1.1.aarch64.rpm libapparmor-devel-4.1.2-160000.1.1.aarch64.rpm libapparmor1-4.1.2-160000.1.1.aarch64.rpm apache2-mod_apparmor-4.1.2-160000.1.1.ppc64le.rpm apparmor-parser-4.1.2-160000.1.1.ppc64le.rpm pam_apparmor-4.1.2-160000.1.1.ppc64le.rpm perl-apparmor-4.1.2-160000.1.1.ppc64le.rpm python3-apparmor-4.1.2-160000.1.1.ppc64le.rpm ruby-apparmor-4.1.2-160000.1.1.ppc64le.rpm libapparmor-devel-4.1.2-160000.1.1.ppc64le.rpm libapparmor1-4.1.2-160000.1.1.ppc64le.rpm apache2-mod_apparmor-4.1.2-160000.1.1.s390x.rpm apparmor-parser-4.1.2-160000.1.1.s390x.rpm pam_apparmor-4.1.2-160000.1.1.s390x.rpm perl-apparmor-4.1.2-160000.1.1.s390x.rpm python3-apparmor-4.1.2-160000.1.1.s390x.rpm ruby-apparmor-4.1.2-160000.1.1.s390x.rpm libapparmor-devel-4.1.2-160000.1.1.s390x.rpm libapparmor1-4.1.2-160000.1.1.s390x.rpm apache2-mod_apparmor-4.1.2-160000.1.1.x86_64.rpm apparmor-parser-4.1.2-160000.1.1.x86_64.rpm pam_apparmor-4.1.2-160000.1.1.x86_64.rpm perl-apparmor-4.1.2-160000.1.1.x86_64.rpm python3-apparmor-4.1.2-160000.1.1.x86_64.rpm ruby-apparmor-4.1.2-160000.1.1.x86_64.rpm libapparmor-devel-4.1.2-160000.1.1.x86_64.rpm libapparmor1-4.1.2-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-146 Security update for MozillaFirefox important SUSE SLFO 1.2 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.7.0 ESR (bsc#1256340). - MFSA 2026-03 (bsc#1256340) * CVE-2026-0877: Mitigation bypass in the DOM: Security component * CVE-2026-0878: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component * CVE-2026-0879: Sandbox escape due to incorrect boundary conditions in the Graphics component * CVE-2026-0880: Sandbox escape due to integer overflow in the Graphics component * CVE-2026-0882: Use-after-free in the IPC component * CVE-2025-14327: Spoofing issue in the Downloads Panel component * CVE-2026-0883: Information disclosure in the Networking component * CVE-2026-0884: Use-after-free in the JavaScript Engine component * CVE-2026-0885: Use-after-free in the JavaScript: GC component * CVE-2026-0886: Incorrect boundary conditions in the Graphics component * CVE-2026-0887: Clickjacking issue, information disclosure in the PDF Viewer component * CVE-2026-0890: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component * CVE-2026-0891: Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147 MozillaFirefox-140.7.0-160000.1.1.aarch64.rpm MozillaFirefox-branding-upstream-140.7.0-160000.1.1.aarch64.rpm MozillaFirefox-devel-140.7.0-160000.1.1.noarch.rpm MozillaFirefox-translations-common-140.7.0-160000.1.1.aarch64.rpm MozillaFirefox-translations-other-140.7.0-160000.1.1.aarch64.rpm MozillaFirefox-140.7.0-160000.1.1.ppc64le.rpm MozillaFirefox-branding-upstream-140.7.0-160000.1.1.ppc64le.rpm MozillaFirefox-translations-common-140.7.0-160000.1.1.ppc64le.rpm MozillaFirefox-translations-other-140.7.0-160000.1.1.ppc64le.rpm MozillaFirefox-140.7.0-160000.1.1.s390x.rpm MozillaFirefox-branding-upstream-140.7.0-160000.1.1.s390x.rpm MozillaFirefox-translations-common-140.7.0-160000.1.1.s390x.rpm MozillaFirefox-translations-other-140.7.0-160000.1.1.s390x.rpm MozillaFirefox-140.7.0-160000.1.1.x86_64.rpm MozillaFirefox-branding-upstream-140.7.0-160000.1.1.x86_64.rpm MozillaFirefox-translations-common-140.7.0-160000.1.1.x86_64.rpm MozillaFirefox-translations-other-140.7.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-147 Recommended update for suse-migration-services important SUSE SLFO 1.2 This update for suse-migration-services fixes the following issues: - Bump to version: 2.1.29 * Fix mount_system unit * Run ssh precheck only for SLE16 target The check for the ssh default settings change should only be performed for migrations to SLE16 * Only generate wicked xml if service is the active network * Fix unit link check and no use of path.join * Fixed migration live image package requires * Update setup_host_network service * Fix backup processing * Fix log handler setup * Drop and backup /etc/sysconfig/network * Skip migration if wicked is not the default network config service * Add package_installed method * Backup drop_path data * Check if package exists prior drop * Fixed use of suse version macros * drop README_QA.rst * Update conditional requires per review * Consolidate project documentation * Fixed spec file regarding wicked2nm - Bump to version: 2.1.28 * Fix update_version helper * Fix mount_system * Fix order of reboot service * Improve dracut logging * Drop wicked component after nm migration * Move script package to the main migration provider * Add DropComponents class * Fixed spec file: + suse-migration-container-pam-config.service was not installed * Create systemd.link files for biosdevname (bsc#1253963) * Create lib file for common network-prereq tasks * update PAM configurations to use pam_unix.so SLE16 no longer provides compat links for pam_unix_*.so. Fix the configuration for tools that are still using those compat links so they don't break after migration (PED-13640) * Omit cio_ignore kernel commandline on zkvm (bsc#1250003) - Bump to version: 2.1.27 * Refactor mount_system service * Fix order of reboot service * Add support for wicked2nm in container workflow * Fix unit test for solver test case * Fixes for btrfs_snapshot_pre_migration suse-migration-scripts-2.1.29-160000.1.1.noarch.rpm openSUSE-Leap-16.0-148 Security update for erlang moderate SUSE SLFO 1.2 This update for erlang fixes the following issues: Update the ssh component to the latest in the maint-27 branch. Security issues fixed: - CVE-2025-48040: ssh: overly tolerant handling of data received from unauthenticated users when processing key exchange messages may lead to excessive resource consumption (bsc#1249472). - CVE-2025-48039: ssh: unverified paths from authenticated SFTP users may lead to excessive resource consumption (bsc#1249469). - CVE-2025-48038: ssh: unverified file handles from authenticated SFTP users may lead to excessive resource consumption (bsc#1249470). erlang-27.1.3-160000.3.1.aarch64.rpm erlang-debugger-27.1.3-160000.3.1.aarch64.rpm erlang-debugger-src-27.1.3-160000.3.1.aarch64.rpm erlang-dialyzer-27.1.3-160000.3.1.aarch64.rpm erlang-dialyzer-src-27.1.3-160000.3.1.aarch64.rpm erlang-diameter-27.1.3-160000.3.1.aarch64.rpm erlang-diameter-src-27.1.3-160000.3.1.aarch64.rpm erlang-doc-27.1.3-160000.3.1.aarch64.rpm erlang-epmd-27.1.3-160000.3.1.aarch64.rpm erlang-et-27.1.3-160000.3.1.aarch64.rpm erlang-et-src-27.1.3-160000.3.1.aarch64.rpm erlang-jinterface-27.1.3-160000.3.1.aarch64.rpm erlang-jinterface-src-27.1.3-160000.3.1.aarch64.rpm erlang-observer-27.1.3-160000.3.1.aarch64.rpm erlang-observer-src-27.1.3-160000.3.1.aarch64.rpm erlang-reltool-27.1.3-160000.3.1.aarch64.rpm erlang-reltool-src-27.1.3-160000.3.1.aarch64.rpm erlang-src-27.1.3-160000.3.1.aarch64.rpm erlang-wx-27.1.3-160000.3.1.aarch64.rpm erlang-wx-src-27.1.3-160000.3.1.aarch64.rpm erlang-27.1.3-160000.3.1.ppc64le.rpm erlang-debugger-27.1.3-160000.3.1.ppc64le.rpm erlang-debugger-src-27.1.3-160000.3.1.ppc64le.rpm erlang-dialyzer-27.1.3-160000.3.1.ppc64le.rpm erlang-dialyzer-src-27.1.3-160000.3.1.ppc64le.rpm erlang-diameter-27.1.3-160000.3.1.ppc64le.rpm erlang-diameter-src-27.1.3-160000.3.1.ppc64le.rpm erlang-doc-27.1.3-160000.3.1.ppc64le.rpm erlang-epmd-27.1.3-160000.3.1.ppc64le.rpm erlang-et-27.1.3-160000.3.1.ppc64le.rpm erlang-et-src-27.1.3-160000.3.1.ppc64le.rpm erlang-jinterface-27.1.3-160000.3.1.ppc64le.rpm erlang-jinterface-src-27.1.3-160000.3.1.ppc64le.rpm erlang-observer-27.1.3-160000.3.1.ppc64le.rpm erlang-observer-src-27.1.3-160000.3.1.ppc64le.rpm erlang-reltool-27.1.3-160000.3.1.ppc64le.rpm erlang-reltool-src-27.1.3-160000.3.1.ppc64le.rpm erlang-src-27.1.3-160000.3.1.ppc64le.rpm erlang-wx-27.1.3-160000.3.1.ppc64le.rpm erlang-wx-src-27.1.3-160000.3.1.ppc64le.rpm erlang-27.1.3-160000.3.1.s390x.rpm erlang-debugger-27.1.3-160000.3.1.s390x.rpm erlang-debugger-src-27.1.3-160000.3.1.s390x.rpm erlang-dialyzer-27.1.3-160000.3.1.s390x.rpm erlang-dialyzer-src-27.1.3-160000.3.1.s390x.rpm erlang-diameter-27.1.3-160000.3.1.s390x.rpm erlang-diameter-src-27.1.3-160000.3.1.s390x.rpm erlang-epmd-27.1.3-160000.3.1.s390x.rpm erlang-et-27.1.3-160000.3.1.s390x.rpm erlang-et-src-27.1.3-160000.3.1.s390x.rpm erlang-jinterface-27.1.3-160000.3.1.s390x.rpm erlang-jinterface-src-27.1.3-160000.3.1.s390x.rpm erlang-observer-27.1.3-160000.3.1.s390x.rpm erlang-observer-src-27.1.3-160000.3.1.s390x.rpm erlang-reltool-27.1.3-160000.3.1.s390x.rpm erlang-reltool-src-27.1.3-160000.3.1.s390x.rpm erlang-src-27.1.3-160000.3.1.s390x.rpm erlang-wx-27.1.3-160000.3.1.s390x.rpm erlang-wx-src-27.1.3-160000.3.1.s390x.rpm erlang-27.1.3-160000.3.1.x86_64.rpm erlang-debugger-27.1.3-160000.3.1.x86_64.rpm erlang-debugger-src-27.1.3-160000.3.1.x86_64.rpm erlang-dialyzer-27.1.3-160000.3.1.x86_64.rpm erlang-dialyzer-src-27.1.3-160000.3.1.x86_64.rpm erlang-diameter-27.1.3-160000.3.1.x86_64.rpm erlang-diameter-src-27.1.3-160000.3.1.x86_64.rpm erlang-doc-27.1.3-160000.3.1.x86_64.rpm erlang-epmd-27.1.3-160000.3.1.x86_64.rpm erlang-et-27.1.3-160000.3.1.x86_64.rpm erlang-et-src-27.1.3-160000.3.1.x86_64.rpm erlang-jinterface-27.1.3-160000.3.1.x86_64.rpm erlang-jinterface-src-27.1.3-160000.3.1.x86_64.rpm erlang-observer-27.1.3-160000.3.1.x86_64.rpm erlang-observer-src-27.1.3-160000.3.1.x86_64.rpm erlang-reltool-27.1.3-160000.3.1.x86_64.rpm erlang-reltool-src-27.1.3-160000.3.1.x86_64.rpm erlang-src-27.1.3-160000.3.1.x86_64.rpm erlang-wx-27.1.3-160000.3.1.x86_64.rpm erlang-wx-src-27.1.3-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-149 Security update for alloy important SUSE SLFO 1.2 This update for alloy fixes the following issues: Upgrade to version 1.12.1. Security issues fixed: - CVE-2025-47911: golang.org/x/net/html: quadratic complexity algorithms used when parsing untrusted HTML documents (bsc#1251509). - CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially crafted input (bsc#1251716). - CVE-2025-47913: golang.org/x/crypto: early client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253609). Other updates and bugfixes: - Version 1.12.1: * Bugfixes - update to Beyla 2.7.10. - Version 1.12.0: * Breaking changes - `prometheus.exporter.blackbox`, `prometheus.exporter.snmp` and `prometheus.exporter.statsd` now use the component ID instead of the hostname as their instance label in their exported metrics. * Features - (Experimental) Add an `otelcol.receiver.cloudflare` component to receive logs pushed by Cloudflare's LogPush jobs. - (Experimental) Additions to experimental `database_observability.mysql` component: - `explain_plans` - collector now changes schema before returning the connection to the pool. - collector now passes queries more permissively. - enable `explain_plans` collector by default - (Experimental) Additions to experimental `database_observability.postgres` component: - `explain_plans` - added the explain plan collector. - collector now passes queries more permissively. - `query_samples` - add user field to wait events within `query_samples` collector. - rework the query samples collector to buffer per-query execution state across scrapes and emit finalized entries. - process turned idle rows to calculate finalization times precisely and emit first seen idle rows. - `query_details` - escape queries coming from `pg_stat_statements` with quotes. - enable `explain_plans` collector by default. - safely generate `server_id` when UDP socket used for database connection. - add table registry and include "validated" in parsed table name logs. - Add `otelcol.exporter.googlecloudpubsub` community component to export metrics, traces, and logs to Google Cloud Pub/Sub topic. - Add `structured_metadata_drop` stage for `loki.process` to filter structured metadata. - Send remote config status to the remote server for the `remotecfg` service. - Send effective config to the remote server for the `remotecfg` service. - Add a `stat_statements` configuration block to the `prometheus.exporter.postgres` component to enable selecting both the query ID and the full SQL statement. The new block includes one option to enable statement selection, and another to configure the maximum length of the statement text. - Add truncate stage for `loki.process` to truncate log entries, label values, and `structured_metadata` values. - Add `u_probe_links` & `load_probe` configuration fields to alloy `pyroscope.ebpf` to extend configuration of the `opentelemetry-ebpf-profiler` to allow uprobe profiling and dynamic probing. - Add `verbose_mode` configuration fields to `alloy pyroscope.ebpf` to be enable `ebpf-profiler` verbose mode. - Add `file_match` block to `loki.source.file` for built-in file discovery using glob patterns. - Add a regex argument to the `structured_metadata` stage in `loki.process` to extract labels matching a regular expression. - OpenTelemetry Collector dependencies upgraded from v0.134.0 to v0.139.0. - See the upstream [core](https://github.com/open-telemetry/opentelemetry-collector/blob/v0.139.0/CHANGELOG.md) and [contrib](https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/v0.139.0/CHANGELOG.md) changelogs for more details. - A new `mimir.alerts.kubernetes` component which discovers AlertmanagerConfig Kubernetes resources and loads them into a Mimir instance. - Mark `stage.windowsevent` block in the `loki.process` component as GA. * Enhancements - Add per-application rate limiting with the strategy attribute in the `faro.receiver` component, to prevent one application from consuming the rate limit quota of others. - Add support of tls in components `loki.source.(awsfirehose|gcplog|heroku|api)` and `prometheus.receive_http` and `pyroscope.receive_http`. - Remove `SendSIGKILL=no` from unit files and recommendations. - Reduce memory overhead of `prometheus.remote_write`'s WAL by lowering the size of the allocated series storage. - Reduce lock wait/contention on the `labelstore.LabelStore` by removing unecessary usage from `prometheus.relabel`. - `prometheus.exporter.postgres` dependency has been updated to v0.18.1. - Update Beyla component to 2.7.8. - Support delimiters in `stage.luhn`. - `pyroscope.java`: update `async-profiler` to 4.2. - `prometheus.exporter.unix`: Add an arp config block to configure the ARP collector. - `prometheus.exporter.snowflake` dependency has been updated to 20251016132346-6d442402afb2. - `loki.source.podlogs` now supports `preserve_discovered_labels` parameter to preserve discovered pod metadata labels for use by downstream components. - Rework underlying framework of Alloy UI to use Vite instead of Create React App. - Use POST requests for remote config requests to avoid hitting http2 header limits. - `loki.source.api` during component shutdown will now reject all the inflight requests with status code 503 after `graceful_shutdown_timeout` has expired. - `kubernetes.discovery`: Add support for attaching namespace metadata. - Add `meta_cache_address` to `beyla.ebpf` component. * Bugfixes - Stop `loki.source.kubernetes` discarding log lines with duplicate timestamps. - Fix direction of arrows for pyroscope components in UI graph. - Only log EOF errors for syslog port investigations in `loki.source.syslog` as Debug, not Warn. - Fix `prometheus.exporter.process` ignoring the `remove_empty_groups` argument. - Fix issues with "unknown series ref when trying to add exemplar" from `prometheus.remote_write` by allowing series ref links to be updated if they change. - Fix `loki.source.podlogs` component to register the Kubernetes field index for `spec.nodeName` when node filtering is enabled, preventing "Index with name `field:spec.nodeName` does not exist" errors. - Fix issue in `loki.source.file` where scheduling files could take too long. - Fix `loki.write` no longer includes internal labels __. - Fix missing native histograms custom buckets (NHCB) samples from `prometheus.remote_write`. - `otelcol.receiver.prometheus` now supports mixed histograms if `prometheus.scrape` has `honor_metadata` set to true. - `loki.source.file` has better support for non-UTF-8 encoded files. - Fix the `loki.write` endpoint block's `enable_http2` attribute to actually affect the client. - Optionally remove trailing newlines before appending entries in `stage.multiline`. - `loki.source.api` no longer drops request when relabel rules drops a specific stream. alloy-1.12.1-160000.1.1.aarch64.rpm alloy-1.12.1-160000.1.1.ppc64le.rpm alloy-1.12.1-160000.1.1.s390x.rpm alloy-1.12.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-15 Recommended update for aws-cli-cmd important SUSE SLFO 1.2 This update for aws-cli-cmd fixes the following issues: - Disable security context for shared volume For sharing the home directory with the container the security context needs to be disabled to allow this shared mount. For details about this setting as well as approval on the approach please visit bsc#1252390 aws-cli-cmd-1.36.1-160000.3.1.noarch.rpm openSUSE-Leap-16.0-150 Security update for cpp-httplib critical SUSE SLFO 1.2 This update for cpp-httplib fixes the following issues: - CVE-2025-66570: IP spoofing, log poisoning, and authorization bypass via header shadowing due to acceptance and parsing of client-controlled injected HTTP headers in incoming requests (bsc#1254734). - CVE-2025-66577: access and error log poisoning with spoofed client IPs due to unconditional acceptance of client-controlled `X-Forwarded-For` and `X-Real-IP` headers (bsc#1254735). cpp-httplib-devel-0.22.0-160000.3.1.aarch64.rpm libcpp-httplib0_22-0.22.0-160000.3.1.aarch64.rpm cpp-httplib-devel-0.22.0-160000.3.1.ppc64le.rpm libcpp-httplib0_22-0.22.0-160000.3.1.ppc64le.rpm cpp-httplib-devel-0.22.0-160000.3.1.s390x.rpm libcpp-httplib0_22-0.22.0-160000.3.1.s390x.rpm cpp-httplib-devel-0.22.0-160000.3.1.x86_64.rpm libcpp-httplib0_22-0.22.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-151 Security update for docker critical SUSE SLFO 1.2 This update for docker fixes the following issues: Changes in docker: - Update to Docker 28.5.1-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/28/#2851> - Update to Docker 28.5.0-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/28/#2850> - Update to docker-buildx v0.29.0. Upstream changelog: <https://github.com/docker/buildx/releases/tag/v0.29.0> - Remove git-core recommends on SLE. Most SLE systems have installRecommends=yes by default and thus end up installing git with Docker. bsc#1250508 This feature is mostly intended for developers ("docker build git://") so most users already have the dependency installed, and the error when git is missing is fairly straightforward (so they can easily figure out what they need to install). - Update to docker-buildx v0.28.0. Upstream changelog: <https://github.com/docker/buildx/releases/tag/v0.28.0> - Update to Docker 28.4.0-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/28/#2840> * Fixes a nil pointer panic in "docker push". bsc#1248373 - Update warnings and errors related to "docker buildx ..." so that they reference our openSUSE docker-buildx packages. - Enable building docker-buildx for SLE15 systems with SUSEConnect secret injection enabled. PED-12534 PED-8905 bsc#1247594 As docker-buildx does not support our SUSEConnect secret injection (and some users depend "docker build" working transparently), patch the docker CLI so that "docker build" will no longer automatically call "docker buildx build", effectively making DOCKER_BUILDKIT=0 the default configuration. Users can manually use "docker buildx ..." commands or set DOCKER_BUILDKIT=1 in order to opt-in to using docker-buildx. Users can silence the "docker build" warning by setting DOCKER_BUILDKIT=0 explicitly. In order to inject SCC credentials with docker-buildx, users should use RUN --mount=type=secret,id=SCCcredentials zypper -n ... in their Dockerfiles, and docker buildx build --secret id=SCCcredentials,src=/etc/zypp/credentials.d/SCCcredentials,type=file . when doing their builds. - Update to Docker 28.3.3-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/28/#2833> CVE-2025-54388 bsc#1247367 - Update to docker-buildx v0.26.1. Upstream changelog: <https://github.com/docker/buildx/releases/tag/v0.26.1> - Update to docker-buildx v0.26.0. Upstream changelog: <https://github.com/docker/buildx/releases/tag/v0.26.0> Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update? docker-28.5.1_ce-160000.4.1.aarch64.rpm docker-bash-completion-28.5.1_ce-160000.4.1.noarch.rpm docker-buildx-0.29.0-160000.4.1.aarch64.rpm docker-fish-completion-28.5.1_ce-160000.4.1.noarch.rpm docker-rootless-extras-28.5.1_ce-160000.4.1.noarch.rpm docker-zsh-completion-28.5.1_ce-160000.4.1.noarch.rpm docker-28.5.1_ce-160000.4.1.ppc64le.rpm docker-buildx-0.29.0-160000.4.1.ppc64le.rpm docker-28.5.1_ce-160000.4.1.s390x.rpm docker-buildx-0.29.0-160000.4.1.s390x.rpm docker-28.5.1_ce-160000.4.1.x86_64.rpm docker-buildx-0.29.0-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-152 Recommended update for scap-security-guide critical SUSE SLFO 1.2 This update for scap-security-guide fixes the following issues: - updated to 0.1.79 (jsc#ECO-3319) * Add rhcos4 Profile for BSI Grundschutz * Create SLE15 general profile * Fix crypto policy settings in RHEL CIS profiles * Remove deprecated CIS OpenShift 1.4.0 and 1.5.0 profiles * Remove OCP STIG V1R1 * Remove OCP STIG V2R1 * Various updates for SLE 12/15 - updated to 0.1.78 (jsc#ECO-3319) * Enable SCE content for problematic rules that can traverse the whole filesystem * Remove unnecessary Jinja2 macros in control files * Update RHEL 8 STIG to V2R4 and RHEL 9 STIG to V2R5 * Add Debian 13 profile for ANSSI BP 28 (enhanced) * Create SLEM5 General profile * Create SL Micro 6 product and general profile * Update SLE15 STIG version to V2R5 * Update SLE12 STIG version to V3R3 * Update SLEM5 STIG version to V1R2 scap-security-guide-0.1.79-160000.1.1.noarch.rpm scap-security-guide-debian-0.1.79-160000.1.1.noarch.rpm scap-security-guide-redhat-0.1.79-160000.1.1.noarch.rpm scap-security-guide-ubuntu-0.1.79-160000.1.1.noarch.rpm openSUSE-Leap-16.0-153 Security update for cargo-c moderate SUSE SLFO 1.2 This update for cargo-c fixes the following issues: - CVE-2025-4574: crossbeam-channel: Fixed double-free on drop in Channel::discard_all_messages (bsc#1243179) - CVE-2025-58160: tracing-subscriber: Fixed log pollution (bsc#1249012) - CVE-2024-12224: idna: Fixed improper validation of Punycode labels (bsc#1243851) Other fixes: - Fixed _service file to have proper versioning - Update to version 0.10.15~git0.3e178d5: * Bump actions/download-artifact from 4 to 5 * Update implib requirement from 0.3.5 to 0.4.0 * Add rlib to the targets when building tests * Allow disabling emission of library version constants in header files * Bump to cargo 0.90 * Fix static_libraries swallowing sequence of -framework flags * Fix non-POSIX paths in Libdir under Windows * Bump actions-rs-plus/clippy-check from 2.2.1 to 2.3.0 * Fix clippy lints * Bump cargo-0.89, object-0.37.1, cbindgen-0.29 cargo-c-0.10.15-160000.1.1.aarch64.rpm cargo-c-0.10.15-160000.1.1.ppc64le.rpm cargo-c-0.10.15-160000.1.1.s390x.rpm cargo-c-0.10.15-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-154 Recommended update for selinux-policy critical SUSE SLFO 1.2 This update for selinux-policy fixes the following issues: Changes in selinux-policy: Update to version 20250627+git345.3965b24b0: * Allow 'mysql-systemd-helper upgrade' to work correctly (bsc#1255024) Update to version 20250627+git343.b66ec7135: * Allow snapper_tu_etc_plugin_t to connect to machined varlink socket (bsc#1254889) Update to version 20250627+git341.4beeb2d65: * Allow virtlogd_t dac_override (bsc#1253389) * Introduce systemd_cryptsetup_generator_var_run_t file type (bsc#1244459) * Allow virtqemud_t to read/write device_t (bsc#1251789) * update support for polkit agent helper (bsc#1251931) * Allow system_mail_t read apache system content conditionally * Allow login_userdomain read lastlog * Allow sshd-net read and write to sshd vsock socket * Update ktls policy * Add comprehensive SELinux policy module for bwrap thumbnail generation * Revert "Allow thumb_t create permission in the user namespace" * Allow systemd-machined read svirt process state * Allow sshd_auth_t getopt/setopt on tcp_socket (bsc#1252992) * Allow sysadm access to TPM * Allow tlp get the attributes of the pidfs filesystem * Allow kmscon to read netlink_kobject_uevent_socket * Allow systemd-ssh-issue read kernel sysctls * fix: bz2279215 Allow speech-dispatcher access to user home/cache files * Allow create kerberos files in postgresql db home * Fix files_delete_boot_symlinks() to contain delete_lnk_files_pattern * Allow shell comamnds in locate systemd service (bsc#1246559) * Introduce initrc_nnp_daemon_domain interface * Label /var/lib/cosmic-greeter with xdm_var_lib_t * Allow setroubleshoot-fixit get attributes of xattr fs * Allow insights-client manage /etc symlinks * Allow insights-client get attributes of the rpm executable * Allow nfsidmapd search virt lib directories * Allow iotop stream connect to systemd-userdbd * Allow snapper_sdbootutil_plugin_t manage unlabeled_t files,dirs,symlinks (bsc#1252993) * Allow gnome-remote-desktop read sssd public files * Allow thumb_t stream connect to systemd-userdbd * Add auth_nnp_domtrans_chkpwd() * Allow sshd_auth_t getopt/setopt on tcp_socket (bsc#1252992) * Allow bluez dbus API passing unix domain sockets * Allow bluez dbus api pass sockets over dbus * Dontaudit systemd-generator connect to sssd over a unix stream socket * Allow init watch/watch_reads systemd-machined user ptys * Introduce sap_service_transition_to_unconfined_user boolean * allow init to read sap symlinks * Allow SAP domain to relocation text in all files - Fix macros.selinux-policy to allow changing booleans when policy is not loaded. Previous logic was broken (bsc#1254395) Update to version 20250627+git293.3432d4834: * Allow pcscd_t to search cgroup (bsc#1253098) * Fix syntax error in userdomain.if * Allow nnp_transition for OpenSMTPD (bsc#1252431) * Allow ras-mc-ctl get attributes of the kmod executable * Define file equivalency for /var/opt * Allow virtnodedev_t the perfmon capability * Allow nut_upsdrvctl_t the sys_ptrace capability * Label /usr/lib/systemd/user/graphical-session-pre.target with xdm_unit_file_t * Allow snapper sdbootutil plugin read emmc devices (bsc#1231354) * Allow pcrlock to delete pid entries * Allow systemd_pcrlock_t to manage its pid files * Mark snapper_sdbootutil_plugin_t as permissive * Drop unnamed filetrans, should be done upstream (bsc#1241964) * Label pcrlock pid file correctly (bsc#1241964) * Allow snapper sdbootutil plugin send msg to system bus (bsc#1241964) * snapper takes output from stdout/err, allow pcrlock to write * Add tpm2_getcap permissions to snapper sdbootutil (bsc#1244573) * Allow snapper sdbootutil plugin to read snapper data and conf * Allow snapper sdbootutil plugin to grep /proc/stat (bsc#1241964) * Replace snapper tmp file access for pcrlock (bsc#1241964) * Allow snapper sdbootutil read kernel module dirs (bsc#1241964) * Allow snapper sdbootutil plugin use bootctl (bsc#1241964) * Allow snapper sdbootutil plugin to list and read sysfs (bsc#1241964) * Allow snapper sdbootutil sys_admin (bsc#1241964) * Allow snapper sdbootutils plugin to findmnt (bsc#1241964) * Allow snapper sdbootutil plugin rw tpm (bsc#1233358) * Move manage dos permissions and dontaudit execmem to snapper sdbootutils plugin (bsc#1241964) * Move snapper domtrans to sdbootutil to plugin (bsc#1241964) * Revert snapper access to keys, move to sdbootutils plugin policy (bsc#1241964) * Add initial seperate policy for sdbootutil called by snapper (bsc#1233358) * Allow sort in snapper_grub_plugin_t read cpu.max (bsc#1252095) * systemd-sysctl: allow rw on binfm_misc_fs_t to set binfmt_misc status * Allow cupsd to manage cupsd_rw_etc_t lnk_files * Set temporary no-stub resolv.conf file from NetworkManager as net_conf_t * Allow spamc read aliases file * Mark configfs_t as mountpoint (bsc#1246080) * Allow systemd-machined watch cgroup files * Allow sshd-auth read generic proc files * Allow sshd-auth read and write user domain ptys * Allow logwatch read and write sendmail unix stream sockets * Allow logwatch domain transition on rpm execution * Allow thumb_t mounton its private tmpfs files * Allow thumb_t create permission in the user namespace * Allow corenet_unconfined_type name_bind to icmp_socket * Allow systemd-networkd to manage systemd_networkd_var_lib_t files * Allow sshd-session get attributes of sshd vsock socket selinux-policy-20250627+git345.3965b24b0-160000.1.1.noarch.rpm selinux-policy-devel-20250627+git345.3965b24b0-160000.1.1.noarch.rpm selinux-policy-doc-20250627+git345.3965b24b0-160000.1.1.noarch.rpm selinux-policy-minimum-20250627+git345.3965b24b0-160000.1.1.noarch.rpm selinux-policy-sandbox-20250627+git345.3965b24b0-160000.1.1.noarch.rpm selinux-policy-targeted-20250627+git345.3965b24b0-160000.1.1.noarch.rpm openSUSE-Leap-16.0-155 Security update for rust1.91, rust1.92 moderate SUSE SLFO 1.2 This update for rust1.91 and rust1.92 fixes the following issues: Rust is shipped in 1.91.0 version. Please see https://github.com/rust-lang/rust/releases/tag/1.91.0 for changes. Rust is shipped in 1.92.0 version. Please see https://github.com/rust-lang/rust/releases/tag/1.92.0 for changes. cargo1.91-1.91.0-160000.1.1.aarch64.rpm rust1.91-1.91.0-160000.1.1.aarch64.rpm rust1.91-src-1.91.0-160000.1.1.noarch.rpm cargo1.92-1.92.0-160000.1.1.aarch64.rpm rust1.92-1.92.0-160000.1.1.aarch64.rpm rust1.92-src-1.92.0-160000.1.1.noarch.rpm cargo1.91-1.91.0-160000.1.1.ppc64le.rpm rust1.91-1.91.0-160000.1.1.ppc64le.rpm cargo1.92-1.92.0-160000.1.1.ppc64le.rpm rust1.92-1.92.0-160000.1.1.ppc64le.rpm cargo1.91-1.91.0-160000.1.1.s390x.rpm rust1.91-1.91.0-160000.1.1.s390x.rpm cargo1.92-1.92.0-160000.1.1.s390x.rpm rust1.92-1.92.0-160000.1.1.s390x.rpm cargo1.91-1.91.0-160000.1.1.x86_64.rpm rust1.91-1.91.0-160000.1.1.x86_64.rpm cargo1.92-1.92.0-160000.1.1.x86_64.rpm rust1.92-1.92.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-156 Security update for webkit2gtk3 important SUSE SLFO 1.2 This update for webkit2gtk3 fixes the following issues: Update to version 2.50.4. Security issues fixed: - CVE-2025-13502: processing of maliciously crafted payloads by the GLib remote inspector server may lead to a UIProcess crash due to an out-of-bounds read and an integer underflow (bsc#1254208). - CVE-2025-13947: use of the file drag-and-drop mechanism may lead to remote information disclosure due to a lack of verification of the origins of drag operations (bsc#1254473). - CVE-2025-14174: processing maliciously crafted web content may lead to memory corruption due to improper validation (bsc#1255497). - CVE-2025-43272: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1250439). - CVE-2025-43342: processing maliciously crafted web content may lead to an unexpected process crash due to a correctness issue and missing checks (bsc#1250440). - CVE-2025-43343: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1251975). - CVE-2025-43356: a website may be able to access sensor information without user consent due to improper cache handling (bsc#1250441). - CVE-2025-43368: processing maliciously crafted web content may lead to an unexpected process crash due to a use-after-free issue (bsc#1250442). - CVE-2025-43392: websites may exfiltrate image data cross-origin due to issues with cache handling (bsc#1254165). - CVE-2025-43419: processing maliciously crafted web content may lead to memory corruption due to improper memory handling (bsc#1254166). - CVE-2025-43421: processing maliciously crafted web content may lead to an unexpected process crash due to enabled array allocation sinking (bsc#1254167). - CVE-2025-43425: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1254168). - CVE-2025-43427: processing maliciously crafted web content may lead to an unexpected process crash due to issues with state management (bsc#1254169). - CVE-2025-43429: processing maliciously crafted web content may lead to an unexpected process crash due to a buffer overflow issue (bsc#1254174). - CVE-2025-43430: processing maliciously crafted web content may lead to an unexpected process crash due to issues with state management (bsc#1254172). - CVE-2025-43431: processing maliciously crafted web content may lead to memory corruption due to improper memory handling (bsc#1254170). - CVE-2025-43432: processing maliciously crafted web content may lead to an unexpected process crash due to a use-after-free issue (bsc#1254171). - CVE-2025-43434: processing maliciously crafted web content may lead to an unexpected process crash due to a use-after-free issue (bsc#1254179). - CVE-2025-43440: processing maliciously crafted web content may lead to an unexpected process crash due to missing checks (bsc#1254177). - CVE-2025-43443: processing maliciously crafted web content may lead to an unexpected process crash due to missing checks (bsc#1254176). - CVE-2025-43458: processing maliciously crafted web content may lead to an unexpected process crash due to issues with state management (bsc#1254498). - CVE-2025-43501: processing maliciously crafted web content may lead to an unexpected process crash due to a buffer overflow issue (bsc#1255194). - CVE-2025-43529: processing maliciously crafted web content may lead to arbitrary code execution due to a use-after-free issue (bsc#1255198). - CVE-2025-43531: processing maliciously crafted web content may lead to an unexpected process crash due to a race condition (bsc#1255183). - CVE-2025-43535: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1255195). - CVE-2025-43536: processing maliciously crafted web content may lead to an unexpected process crash due to a use-after-free issue (bsc#1255200). - CVE-2025-43541: processing maliciously crafted web content may lead to an unexpected process crash due to type confusion (bsc#1255191). - CVE-2025-66287: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1254509). Other issues fixed and changes: - Version 2.50.4: * Correctly handle the program name passed to the sleep disabler. * Ensure GStreamer is initialized before using the Quirks. * Fix several crashes and rendering issues. - Version 2.50.3: * Fix seeking and looping of media elements that set the "loop" property. * Fix several crashes and rendering issues. - Version 2.50.2: * Prevent unsafe URI schemes from participating in media playback. * Make jsc_value_array_buffer_get_data() function introspectable. * Fix logging in to Google accounts that have a WebAuthn second factor configured. * Fix loading webkit://gpu when there are no threads configured for GPU rendering. * Fix rendering gradiants that use the CSS hue interpolation method. * Fix pasting image data from the clipboard. * Fix font-family selection when the font name contains spaces. * Fix the build with standard C libraries that lack execinfo.h, like Musl or uClibc. * Fix capturing canvas snapshots in the Web Inspector. * Fix several crashes and rendering issues. - Version 2.50.1: * Improve text rendering performance. * Fix audio playback broken on instagram. * Fix rendering of layers with fractional transforms. * Fix the build with ENABLE(VIDEO) disabled. * Fix the build in s390x. * Fix several crashes and rendering issues. - Version 2.50.0: * Improved rendering performance by recording each layer once and replaying every dirty region in different worker threads. * Enable damage propagation to the UI process by default. * CSS property font-variant-emoji is now enabled by default. * Font synthesis properties (bold/italic) are now properly handled. * Ensure web view is focused on tap gesture. * Added new API to get the theme color of a WebKitWebView. - Version 2.49.90: * Add support for font collection / fragment identifiers. * Fix web process deadlock on exit. * Fix stuttering when playing WebP animations * Fix CSS animations with cubic-bezier timing function. * Do not start the MemoryPressureMonitor if it’s disabled * Fix several crashes and rendering issues. * Updated translations. - Version 2.48.6: * Fix emojis incorrectly rendered in their text variant. * Add support for font collection / fragment identifiers. * Fix web process deadlock on exit. * Fix stuttering when playing WebP animations. * Fix CSS animations with cubic-bezier timing function. * Do not start the MemoryPressureMonitor if it's disabled. * Fix several crashes and rendering issues. - Fix a11y regression where AT-SPI roles were mapped incorrectly. - Disable skia on ppc64le. WebKitGTK-4.1-lang-2.50.4-160000.1.1.noarch.rpm libjavascriptcoregtk-4_1-0-2.50.4-160000.1.1.aarch64.rpm libwebkit2gtk-4_1-0-2.50.4-160000.1.1.aarch64.rpm typelib-1_0-JavaScriptCore-4_1-2.50.4-160000.1.1.aarch64.rpm typelib-1_0-WebKit2-4_1-2.50.4-160000.1.1.aarch64.rpm typelib-1_0-WebKit2WebExtension-4_1-2.50.4-160000.1.1.aarch64.rpm webkit-jsc-4.1-2.50.4-160000.1.1.aarch64.rpm webkit2gtk-4_1-injected-bundles-2.50.4-160000.1.1.aarch64.rpm webkit2gtk3-devel-2.50.4-160000.1.1.aarch64.rpm webkit2gtk3-minibrowser-2.50.4-160000.1.1.aarch64.rpm WebKitGTK-4.0-lang-2.50.4-160000.1.1.noarch.rpm libjavascriptcoregtk-4_0-18-2.50.4-160000.1.1.aarch64.rpm libwebkit2gtk-4_0-37-2.50.4-160000.1.1.aarch64.rpm typelib-1_0-JavaScriptCore-4_0-2.50.4-160000.1.1.aarch64.rpm typelib-1_0-WebKit2-4_0-2.50.4-160000.1.1.aarch64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.50.4-160000.1.1.aarch64.rpm webkit-jsc-4-2.50.4-160000.1.1.aarch64.rpm webkit2gtk-4_0-injected-bundles-2.50.4-160000.1.1.aarch64.rpm webkit2gtk3-soup2-devel-2.50.4-160000.1.1.aarch64.rpm webkit2gtk3-soup2-minibrowser-2.50.4-160000.1.1.aarch64.rpm WebKitGTK-6.0-lang-2.50.4-160000.1.1.noarch.rpm libjavascriptcoregtk-6_0-1-2.50.4-160000.1.1.aarch64.rpm libwebkitgtk-6_0-4-2.50.4-160000.1.1.aarch64.rpm typelib-1_0-JavaScriptCore-6_0-2.50.4-160000.1.1.aarch64.rpm typelib-1_0-WebKit-6_0-2.50.4-160000.1.1.aarch64.rpm typelib-1_0-WebKitWebProcessExtension-6_0-2.50.4-160000.1.1.aarch64.rpm webkit-jsc-6.0-2.50.4-160000.1.1.aarch64.rpm webkit2gtk4-devel-2.50.4-160000.1.1.aarch64.rpm webkit2gtk4-minibrowser-2.50.4-160000.1.1.aarch64.rpm webkitgtk-6_0-injected-bundles-2.50.4-160000.1.1.aarch64.rpm libjavascriptcoregtk-4_1-0-2.50.4-160000.1.1.ppc64le.rpm libwebkit2gtk-4_1-0-2.50.4-160000.1.1.ppc64le.rpm typelib-1_0-JavaScriptCore-4_1-2.50.4-160000.1.1.ppc64le.rpm typelib-1_0-WebKit2-4_1-2.50.4-160000.1.1.ppc64le.rpm typelib-1_0-WebKit2WebExtension-4_1-2.50.4-160000.1.1.ppc64le.rpm webkit-jsc-4.1-2.50.4-160000.1.1.ppc64le.rpm webkit2gtk-4_1-injected-bundles-2.50.4-160000.1.1.ppc64le.rpm webkit2gtk3-devel-2.50.4-160000.1.1.ppc64le.rpm webkit2gtk3-minibrowser-2.50.4-160000.1.1.ppc64le.rpm libjavascriptcoregtk-4_0-18-2.50.4-160000.1.1.ppc64le.rpm libwebkit2gtk-4_0-37-2.50.4-160000.1.1.ppc64le.rpm typelib-1_0-JavaScriptCore-4_0-2.50.4-160000.1.1.ppc64le.rpm typelib-1_0-WebKit2-4_0-2.50.4-160000.1.1.ppc64le.rpm typelib-1_0-WebKit2WebExtension-4_0-2.50.4-160000.1.1.ppc64le.rpm webkit-jsc-4-2.50.4-160000.1.1.ppc64le.rpm webkit2gtk-4_0-injected-bundles-2.50.4-160000.1.1.ppc64le.rpm webkit2gtk3-soup2-devel-2.50.4-160000.1.1.ppc64le.rpm webkit2gtk3-soup2-minibrowser-2.50.4-160000.1.1.ppc64le.rpm libjavascriptcoregtk-6_0-1-2.50.4-160000.1.1.ppc64le.rpm libwebkitgtk-6_0-4-2.50.4-160000.1.1.ppc64le.rpm typelib-1_0-JavaScriptCore-6_0-2.50.4-160000.1.1.ppc64le.rpm typelib-1_0-WebKit-6_0-2.50.4-160000.1.1.ppc64le.rpm typelib-1_0-WebKitWebProcessExtension-6_0-2.50.4-160000.1.1.ppc64le.rpm webkit-jsc-6.0-2.50.4-160000.1.1.ppc64le.rpm webkit2gtk4-devel-2.50.4-160000.1.1.ppc64le.rpm webkit2gtk4-minibrowser-2.50.4-160000.1.1.ppc64le.rpm webkitgtk-6_0-injected-bundles-2.50.4-160000.1.1.ppc64le.rpm libjavascriptcoregtk-4_1-0-2.50.4-160000.1.1.s390x.rpm libwebkit2gtk-4_1-0-2.50.4-160000.1.1.s390x.rpm typelib-1_0-JavaScriptCore-4_1-2.50.4-160000.1.1.s390x.rpm typelib-1_0-WebKit2-4_1-2.50.4-160000.1.1.s390x.rpm typelib-1_0-WebKit2WebExtension-4_1-2.50.4-160000.1.1.s390x.rpm webkit-jsc-4.1-2.50.4-160000.1.1.s390x.rpm webkit2gtk-4_1-injected-bundles-2.50.4-160000.1.1.s390x.rpm webkit2gtk3-devel-2.50.4-160000.1.1.s390x.rpm webkit2gtk3-minibrowser-2.50.4-160000.1.1.s390x.rpm libjavascriptcoregtk-4_0-18-2.50.4-160000.1.1.s390x.rpm libwebkit2gtk-4_0-37-2.50.4-160000.1.1.s390x.rpm typelib-1_0-JavaScriptCore-4_0-2.50.4-160000.1.1.s390x.rpm typelib-1_0-WebKit2-4_0-2.50.4-160000.1.1.s390x.rpm typelib-1_0-WebKit2WebExtension-4_0-2.50.4-160000.1.1.s390x.rpm webkit-jsc-4-2.50.4-160000.1.1.s390x.rpm webkit2gtk-4_0-injected-bundles-2.50.4-160000.1.1.s390x.rpm webkit2gtk3-soup2-devel-2.50.4-160000.1.1.s390x.rpm webkit2gtk3-soup2-minibrowser-2.50.4-160000.1.1.s390x.rpm libjavascriptcoregtk-6_0-1-2.50.4-160000.1.1.s390x.rpm libwebkitgtk-6_0-4-2.50.4-160000.1.1.s390x.rpm typelib-1_0-JavaScriptCore-6_0-2.50.4-160000.1.1.s390x.rpm typelib-1_0-WebKit-6_0-2.50.4-160000.1.1.s390x.rpm typelib-1_0-WebKitWebProcessExtension-6_0-2.50.4-160000.1.1.s390x.rpm webkit-jsc-6.0-2.50.4-160000.1.1.s390x.rpm webkit2gtk4-devel-2.50.4-160000.1.1.s390x.rpm webkit2gtk4-minibrowser-2.50.4-160000.1.1.s390x.rpm webkitgtk-6_0-injected-bundles-2.50.4-160000.1.1.s390x.rpm libjavascriptcoregtk-4_1-0-2.50.4-160000.1.1.x86_64.rpm libwebkit2gtk-4_1-0-2.50.4-160000.1.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_1-2.50.4-160000.1.1.x86_64.rpm typelib-1_0-WebKit2-4_1-2.50.4-160000.1.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_1-2.50.4-160000.1.1.x86_64.rpm webkit-jsc-4.1-2.50.4-160000.1.1.x86_64.rpm webkit2gtk-4_1-injected-bundles-2.50.4-160000.1.1.x86_64.rpm webkit2gtk3-devel-2.50.4-160000.1.1.x86_64.rpm webkit2gtk3-minibrowser-2.50.4-160000.1.1.x86_64.rpm libjavascriptcoregtk-4_0-18-2.50.4-160000.1.1.x86_64.rpm libwebkit2gtk-4_0-37-2.50.4-160000.1.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.50.4-160000.1.1.x86_64.rpm typelib-1_0-WebKit2-4_0-2.50.4-160000.1.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.50.4-160000.1.1.x86_64.rpm webkit-jsc-4-2.50.4-160000.1.1.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.50.4-160000.1.1.x86_64.rpm webkit2gtk3-soup2-devel-2.50.4-160000.1.1.x86_64.rpm webkit2gtk3-soup2-minibrowser-2.50.4-160000.1.1.x86_64.rpm libjavascriptcoregtk-6_0-1-2.50.4-160000.1.1.x86_64.rpm libwebkitgtk-6_0-4-2.50.4-160000.1.1.x86_64.rpm typelib-1_0-JavaScriptCore-6_0-2.50.4-160000.1.1.x86_64.rpm typelib-1_0-WebKit-6_0-2.50.4-160000.1.1.x86_64.rpm typelib-1_0-WebKitWebProcessExtension-6_0-2.50.4-160000.1.1.x86_64.rpm webkit-jsc-6.0-2.50.4-160000.1.1.x86_64.rpm webkit2gtk4-devel-2.50.4-160000.1.1.x86_64.rpm webkit2gtk4-minibrowser-2.50.4-160000.1.1.x86_64.rpm webkitgtk-6_0-injected-bundles-2.50.4-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-157 Recommended update for samba important SUSE SLFO 1.2 This update for samba fixes the following issues: Changes in samba: - samba-ad-dc-libs packages are missing a DLZ plugin for bind 9.20; (bsc#1249058). - Adjust README.SUSE to reflect the new preferred location for '[printers]' share; (bsc#1254665). - Fix Samba printers reporting invalid sid during print jobs; (bsc#1234210); (bsc#1254926) ctdb-4.22.6+git.456.11475143caf-160000.1.1.aarch64.rpm ctdb-pcp-pmda-4.22.6+git.456.11475143caf-160000.1.1.aarch64.rpm ldb-tools-4.22.6+git.456.11475143caf-160000.1.1.aarch64.rpm libldb-devel-4.22.6+git.456.11475143caf-160000.1.1.aarch64.rpm libldb2-4.22.6+git.456.11475143caf-160000.1.1.aarch64.rpm python3-ldb-4.22.6+git.456.11475143caf-160000.1.1.aarch64.rpm samba-4.22.6+git.456.11475143caf-160000.1.1.aarch64.rpm samba-ad-dc-4.22.6+git.456.11475143caf-160000.1.1.aarch64.rpm samba-ad-dc-libs-4.22.6+git.456.11475143caf-160000.1.1.aarch64.rpm samba-ceph-4.22.6+git.456.11475143caf-160000.1.1.aarch64.rpm samba-client-4.22.6+git.456.11475143caf-160000.1.1.aarch64.rpm samba-client-libs-4.22.6+git.456.11475143caf-160000.1.1.aarch64.rpm samba-dcerpc-4.22.6+git.456.11475143caf-160000.1.1.aarch64.rpm samba-devel-4.22.6+git.456.11475143caf-160000.1.1.aarch64.rpm samba-doc-4.22.6+git.456.11475143caf-160000.1.1.noarch.rpm samba-dsdb-modules-4.22.6+git.456.11475143caf-160000.1.1.aarch64.rpm samba-gpupdate-4.22.6+git.456.11475143caf-160000.1.1.aarch64.rpm samba-ldb-ldap-4.22.6+git.456.11475143caf-160000.1.1.aarch64.rpm samba-libs-4.22.6+git.456.11475143caf-160000.1.1.aarch64.rpm samba-libs-python3-4.22.6+git.456.11475143caf-160000.1.1.aarch64.rpm samba-python3-4.22.6+git.456.11475143caf-160000.1.1.aarch64.rpm samba-test-4.22.6+git.456.11475143caf-160000.1.1.aarch64.rpm samba-tool-4.22.6+git.456.11475143caf-160000.1.1.aarch64.rpm samba-winbind-4.22.6+git.456.11475143caf-160000.1.1.aarch64.rpm samba-winbind-libs-4.22.6+git.456.11475143caf-160000.1.1.aarch64.rpm ctdb-4.22.6+git.456.11475143caf-160000.1.1.ppc64le.rpm ctdb-pcp-pmda-4.22.6+git.456.11475143caf-160000.1.1.ppc64le.rpm ldb-tools-4.22.6+git.456.11475143caf-160000.1.1.ppc64le.rpm libldb-devel-4.22.6+git.456.11475143caf-160000.1.1.ppc64le.rpm libldb2-4.22.6+git.456.11475143caf-160000.1.1.ppc64le.rpm python3-ldb-4.22.6+git.456.11475143caf-160000.1.1.ppc64le.rpm samba-4.22.6+git.456.11475143caf-160000.1.1.ppc64le.rpm samba-ad-dc-4.22.6+git.456.11475143caf-160000.1.1.ppc64le.rpm samba-ad-dc-libs-4.22.6+git.456.11475143caf-160000.1.1.ppc64le.rpm samba-client-4.22.6+git.456.11475143caf-160000.1.1.ppc64le.rpm samba-client-libs-4.22.6+git.456.11475143caf-160000.1.1.ppc64le.rpm samba-dcerpc-4.22.6+git.456.11475143caf-160000.1.1.ppc64le.rpm samba-devel-4.22.6+git.456.11475143caf-160000.1.1.ppc64le.rpm samba-dsdb-modules-4.22.6+git.456.11475143caf-160000.1.1.ppc64le.rpm samba-gpupdate-4.22.6+git.456.11475143caf-160000.1.1.ppc64le.rpm samba-ldb-ldap-4.22.6+git.456.11475143caf-160000.1.1.ppc64le.rpm samba-libs-4.22.6+git.456.11475143caf-160000.1.1.ppc64le.rpm samba-libs-python3-4.22.6+git.456.11475143caf-160000.1.1.ppc64le.rpm samba-python3-4.22.6+git.456.11475143caf-160000.1.1.ppc64le.rpm samba-test-4.22.6+git.456.11475143caf-160000.1.1.ppc64le.rpm samba-tool-4.22.6+git.456.11475143caf-160000.1.1.ppc64le.rpm samba-winbind-4.22.6+git.456.11475143caf-160000.1.1.ppc64le.rpm samba-winbind-libs-4.22.6+git.456.11475143caf-160000.1.1.ppc64le.rpm ctdb-4.22.6+git.456.11475143caf-160000.1.1.s390x.rpm ctdb-pcp-pmda-4.22.6+git.456.11475143caf-160000.1.1.s390x.rpm ldb-tools-4.22.6+git.456.11475143caf-160000.1.1.s390x.rpm libldb-devel-4.22.6+git.456.11475143caf-160000.1.1.s390x.rpm libldb2-4.22.6+git.456.11475143caf-160000.1.1.s390x.rpm python3-ldb-4.22.6+git.456.11475143caf-160000.1.1.s390x.rpm samba-4.22.6+git.456.11475143caf-160000.1.1.s390x.rpm samba-ad-dc-4.22.6+git.456.11475143caf-160000.1.1.s390x.rpm samba-ad-dc-libs-4.22.6+git.456.11475143caf-160000.1.1.s390x.rpm samba-client-4.22.6+git.456.11475143caf-160000.1.1.s390x.rpm samba-client-libs-4.22.6+git.456.11475143caf-160000.1.1.s390x.rpm samba-dcerpc-4.22.6+git.456.11475143caf-160000.1.1.s390x.rpm samba-devel-4.22.6+git.456.11475143caf-160000.1.1.s390x.rpm samba-dsdb-modules-4.22.6+git.456.11475143caf-160000.1.1.s390x.rpm samba-gpupdate-4.22.6+git.456.11475143caf-160000.1.1.s390x.rpm samba-ldb-ldap-4.22.6+git.456.11475143caf-160000.1.1.s390x.rpm samba-libs-4.22.6+git.456.11475143caf-160000.1.1.s390x.rpm samba-libs-python3-4.22.6+git.456.11475143caf-160000.1.1.s390x.rpm samba-python3-4.22.6+git.456.11475143caf-160000.1.1.s390x.rpm samba-test-4.22.6+git.456.11475143caf-160000.1.1.s390x.rpm samba-tool-4.22.6+git.456.11475143caf-160000.1.1.s390x.rpm samba-winbind-4.22.6+git.456.11475143caf-160000.1.1.s390x.rpm samba-winbind-libs-4.22.6+git.456.11475143caf-160000.1.1.s390x.rpm ctdb-4.22.6+git.456.11475143caf-160000.1.1.x86_64.rpm ctdb-pcp-pmda-4.22.6+git.456.11475143caf-160000.1.1.x86_64.rpm ldb-tools-4.22.6+git.456.11475143caf-160000.1.1.x86_64.rpm libldb-devel-4.22.6+git.456.11475143caf-160000.1.1.x86_64.rpm libldb2-4.22.6+git.456.11475143caf-160000.1.1.x86_64.rpm python3-ldb-4.22.6+git.456.11475143caf-160000.1.1.x86_64.rpm samba-4.22.6+git.456.11475143caf-160000.1.1.x86_64.rpm samba-ad-dc-4.22.6+git.456.11475143caf-160000.1.1.x86_64.rpm samba-ad-dc-libs-4.22.6+git.456.11475143caf-160000.1.1.x86_64.rpm samba-ceph-4.22.6+git.456.11475143caf-160000.1.1.x86_64.rpm samba-client-4.22.6+git.456.11475143caf-160000.1.1.x86_64.rpm samba-client-libs-4.22.6+git.456.11475143caf-160000.1.1.x86_64.rpm samba-dcerpc-4.22.6+git.456.11475143caf-160000.1.1.x86_64.rpm samba-devel-4.22.6+git.456.11475143caf-160000.1.1.x86_64.rpm samba-dsdb-modules-4.22.6+git.456.11475143caf-160000.1.1.x86_64.rpm samba-gpupdate-4.22.6+git.456.11475143caf-160000.1.1.x86_64.rpm samba-ldb-ldap-4.22.6+git.456.11475143caf-160000.1.1.x86_64.rpm samba-libs-4.22.6+git.456.11475143caf-160000.1.1.x86_64.rpm samba-libs-python3-4.22.6+git.456.11475143caf-160000.1.1.x86_64.rpm samba-python3-4.22.6+git.456.11475143caf-160000.1.1.x86_64.rpm samba-test-4.22.6+git.456.11475143caf-160000.1.1.x86_64.rpm samba-tool-4.22.6+git.456.11475143caf-160000.1.1.x86_64.rpm samba-winbind-4.22.6+git.456.11475143caf-160000.1.1.x86_64.rpm samba-winbind-libs-4.22.6+git.456.11475143caf-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-158 Security update of open-vm-tools important SUSE SLFO 1.2 This update for open-vm-tools fixes the following issues: Update to open-vm-tools 13.0.5 based on build 24915695. (boo#1250692): Please refer to the Release Notes at https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/ReleaseNotes.md. The granular changes that have gone into the open-vm-tools 13.0.5 release are in the ChangeLog at https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/open-vm-tools/ChangeLog. There are no new features in the open-vm-tools 13.0.5 release. This is primarily a maintenance release that addresses a security issue. This release resolves and includes the patch for CVE-2025-41244. For more information on this vulnerability and its impact on Broadcom products, see VMSA-2025-0015. A minor enhancement has been made for Guest OS Customization. The DeployPkg plugin has been updated to use "systemctl reboot", if available. For a more complete list of issues addressed in this release, see the What's New and Resolved Issues section of the Release Notes. libvmtools-devel-13.0.5-160000.1.1.aarch64.rpm libvmtools0-13.0.5-160000.1.1.aarch64.rpm open-vm-tools-13.0.5-160000.1.1.aarch64.rpm open-vm-tools-containerinfo-13.0.5-160000.1.1.aarch64.rpm open-vm-tools-desktop-13.0.5-160000.1.1.aarch64.rpm open-vm-tools-sdmp-13.0.5-160000.1.1.aarch64.rpm libvmtools-devel-13.0.5-160000.1.1.x86_64.rpm libvmtools0-13.0.5-160000.1.1.x86_64.rpm open-vm-tools-13.0.5-160000.1.1.x86_64.rpm open-vm-tools-containerinfo-13.0.5-160000.1.1.x86_64.rpm open-vm-tools-desktop-13.0.5-160000.1.1.x86_64.rpm open-vm-tools-salt-minion-13.0.5-160000.1.1.x86_64.rpm open-vm-tools-sdmp-13.0.5-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-159 Recommended update for s390-tools important SUSE SLFO 1.2 This update for s390-tools fixes the following issues: Upgrade s390-tools to 2.40 (jsc#PED-14586): - Add new tools / libraries: * Add project-wide .clang-tidy configuration * libutil: Introduce util_time for time related functionality * libutil: Introduce zsh/bash autocompletion tooling based on util_opt * pvinfo: Tool to display Secure Execution system information * pvverify: Tool to verify host-key documents - Changes of existing tools: * cpumf: Implement zsh and bash autocompletion * dasdfmt: Implement zsh and bash autocompletion * dbginfo.sh: Add NetworkManager and netplan * dbginfo.sh: Add kvm_stat * dbginfo.sh: Adding stp time information * dbginfo.sh: Simplify procfs collection * hyptop: Add physical information row * hyptop: Calculate sample time delta for physical partition * hyptop: Replace long option names using _ with - for consistency For example: --cpu_types -> --cpu-types (Options with _ are still supported for backward compatibility) * libekmfweb: Add function to validate a certificate against the identity key * netboot: Add longer kernel command lines support * udev/rules.d: Make virtio-blk devices non-rotational * udev/rules.d: Set default io scheduler to 'none' for virtio-blk * ziomon: Add support to sample device symlinks (/dev/disk/...) * ziorep_config: Add fcp-lun details to -M option output * ziorep_config: Add port_id and failed attributes to -A option output * netboot: Install on non-s390 architectures - Bug Fixes: * lib(ekmfweb|kmipclient): Use ln without -r * s390-tools: Fix various compilation issues with musl libc * zipl/boot: Fix unused loadparm when SCLP line-mode console is absent Upgrade s390-tools to version 2.39 (jsc#PED-10303): - Changes of existing tools: * chpstat: Add options to select IEC units for scaling (SI units are default) * chzdev: Introduce --no-module-load option * cpi: Disable CPI for SEL guests by default * dbginfo.sh: Enhance logging on timeout triggered * iucvterm: Install symlink for lsiucvallow.8 man page * lshwc: Add command line flag to specify individual counters * lspai: Add command line flag for delta values * lspai: Add command line flag for short counter names * lspai: Add command line flag to specify individual counters * lspai: Add command line flags for all cpus * lspai: Add command line flags for hexadecimal output * man: Use CR for constant width font * pvimg: Add '--image-key' option * zdev: Allow dynamic control of module load * zipl/boot: Fix EBCDIC code page 500 conversion and decrease size by 200 bytes * zipl: Add support of heterogeneous mirrors (remove technical limitations on mirrored targets, thus allowing mirrored devices consist of partitions at different offsets on disks of different types and geometry). * zkey: Add support for generating and importing exportable secure keys - Bug Fixes: * chpstat: Fix scaling of DPU utilization calculation * zdev/dracut: Prevent loading of unused kernel modules * zdev: Fix double device configuration on DPM systems * zdev: Fix double device configuration with rd.dasd * zipl_helper.device-mapper: Fix segfault in an error path libekmfweb1-2.40.0-160000.1.1.s390x.rpm libekmfweb1-devel-2.40.0-160000.1.1.s390x.rpm libkmipclient1-2.40.0-160000.1.1.s390x.rpm libkmipclient1-devel-2.40.0-160000.1.1.s390x.rpm osasnmpd-2.40.0-160000.1.1.s390x.rpm s390-tools-2.40.0-160000.1.1.s390x.rpm s390-tools-chreipl-fcp-mpath-2.40.0-160000.1.1.s390x.rpm s390-tools-genprotimg-data-2.40.0-160000.1.1.noarch.rpm s390-tools-hmcdrvfs-2.40.0-160000.1.1.s390x.rpm s390-tools-zdsfs-2.40.0-160000.1.1.s390x.rpm s390-tools-2.40.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-16 Recommended update for az-cli-cmd important SUSE SLFO 1.2 This update for az-cli-cmd fixes the following issues: Changes in az-cli-cmd: Version 1.37.0: - Drop dependencies that do not appear needed. Not referenced in the sources of azure-cli upstream. (bsc#1253140) - Change the deriviation chain by adding the az-sdk container as a base - Remove the executable script if it exists prior to generation of a new wrapper by flake-ctl. Otherwise flake-ctl complains about the existence of the script and we get an error during package update. - Disable security context for shared volume For sharing the home directory with the container the security context needs to be disabled to allow this shared mount. For details about this setting as well as approval on the approach please visit bsc#1252390 az-cli-cmd-1.37.0-160000.1.1.noarch.rpm openSUSE-Leap-16.0-160 Recommended update for resource-agents moderate SUSE SLFO 1.2 This update for resource-agents fixes the following issues: - Fix: OCF Resource Agents for vsftpd failure: No PID found (bsc#1249819) ldirectord-4.16.0+git90.968ad701-160000.2.1.aarch64.rpm resource-agents-4.16.0+git90.968ad701-160000.2.1.aarch64.rpm resource-agents-zfs-4.16.0+git90.968ad701-160000.2.1.aarch64.rpm ldirectord-4.16.0+git90.968ad701-160000.2.1.ppc64le.rpm resource-agents-4.16.0+git90.968ad701-160000.2.1.ppc64le.rpm resource-agents-zfs-4.16.0+git90.968ad701-160000.2.1.ppc64le.rpm ldirectord-4.16.0+git90.968ad701-160000.2.1.s390x.rpm resource-agents-4.16.0+git90.968ad701-160000.2.1.s390x.rpm resource-agents-zfs-4.16.0+git90.968ad701-160000.2.1.s390x.rpm ldirectord-4.16.0+git90.968ad701-160000.2.1.x86_64.rpm resource-agents-4.16.0+git90.968ad701-160000.2.1.x86_64.rpm resource-agents-zfs-4.16.0+git90.968ad701-160000.2.1.x86_64.rpm openSUSE-Leap-16.0-161 Security update for podman important SUSE SLFO 1.2 This update for podman fixes the following issues: - CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1252376). - CVE-2025-9566: kube play command may overwrite host files (bsc#1249154). podman-5.4.2-160000.3.1.aarch64.rpm podman-docker-5.4.2-160000.3.1.noarch.rpm podman-remote-5.4.2-160000.3.1.aarch64.rpm podmansh-5.4.2-160000.3.1.aarch64.rpm podman-5.4.2-160000.3.1.ppc64le.rpm podman-remote-5.4.2-160000.3.1.ppc64le.rpm podmansh-5.4.2-160000.3.1.ppc64le.rpm podman-5.4.2-160000.3.1.s390x.rpm podman-remote-5.4.2-160000.3.1.s390x.rpm podmansh-5.4.2-160000.3.1.s390x.rpm podman-5.4.2-160000.3.1.x86_64.rpm podman-remote-5.4.2-160000.3.1.x86_64.rpm podmansh-5.4.2-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-162 Recommended update for suse-module-tools important SUSE SLFO 1.2 This update for suse-module-tools fixes the following issues: - Update to version 16.0.64: * udev rules: write block queue attributes only if necessary (bsc#1254928) - Update to version 16.0.63: * 80-hotplug-cpu-mem.rules: remount tmpfs on "online" uevents (bsc#1254264) * udev: use systemd service to remount tmpfs (bsc#1253679) - Update to version 16.0.62: * spec file: remove %udev_rules_update call (bsc#1250664) - Update to version 16.0.61: * weak-modules2: skip livepatch dir when checking for unresolved symbols (bsc#1250655) suse-module-tools-16.0.64-160000.1.1.aarch64.rpm suse-module-tools-scriptlets-16.0.64-160000.1.1.aarch64.rpm suse-module-tools-16.0.64-160000.1.1.ppc64le.rpm suse-module-tools-scriptlets-16.0.64-160000.1.1.ppc64le.rpm suse-module-tools-16.0.64-160000.1.1.s390x.rpm suse-module-tools-scriptlets-16.0.64-160000.1.1.s390x.rpm suse-module-tools-16.0.64-160000.1.1.x86_64.rpm suse-module-tools-scriptlets-16.0.64-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-163 Recommended update for mdadm important SUSE SLFO 1.2 This update for mdadm fixes the following issues: - fix crash with homehost=none (bsc#1254541) - mdcheck: workaround for bash 5.3 bug (bsc#1254087) mdadm-4.4+31.g541b40d3-160000.1.1.aarch64.rpm mdadm-doc-4.4+31.g541b40d3-160000.1.1.aarch64.rpm mdadm-4.4+31.g541b40d3-160000.1.1.ppc64le.rpm mdadm-doc-4.4+31.g541b40d3-160000.1.1.ppc64le.rpm mdadm-4.4+31.g541b40d3-160000.1.1.s390x.rpm mdadm-doc-4.4+31.g541b40d3-160000.1.1.s390x.rpm mdadm-4.4+31.g541b40d3-160000.1.1.x86_64.rpm mdadm-doc-4.4+31.g541b40d3-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-164 Security update for libpcap low SUSE SLFO 1.2 This update for libpcap fixes the following issues: - CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds read and write (bsc#1255765). libpcap-devel-1.10.5-160000.4.1.aarch64.rpm libpcap-devel-static-1.10.5-160000.4.1.aarch64.rpm libpcap1-1.10.5-160000.4.1.aarch64.rpm libpcap-devel-1.10.5-160000.4.1.ppc64le.rpm libpcap-devel-static-1.10.5-160000.4.1.ppc64le.rpm libpcap1-1.10.5-160000.4.1.ppc64le.rpm libpcap-devel-1.10.5-160000.4.1.s390x.rpm libpcap-devel-static-1.10.5-160000.4.1.s390x.rpm libpcap1-1.10.5-160000.4.1.s390x.rpm libpcap-devel-1.10.5-160000.4.1.x86_64.rpm libpcap-devel-static-1.10.5-160000.4.1.x86_64.rpm libpcap1-1.10.5-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-165 Security update for libheif moderate SUSE SLFO 1.2 This update for libheif fixes the following issues: - CVE-2025-68431: heap buffer over-read in `HeifPixelImage::overlay()` via crafted HEIF file that exercises the overlay image item path (bsc#1255735). gdk-pixbuf-loader-libheif-1.19.7-160000.3.1.aarch64.rpm libheif-aom-1.19.7-160000.3.1.aarch64.rpm libheif-dav1d-1.19.7-160000.3.1.aarch64.rpm libheif-devel-1.19.7-160000.3.1.aarch64.rpm libheif-ffmpeg-1.19.7-160000.3.1.aarch64.rpm libheif-jpeg-1.19.7-160000.3.1.aarch64.rpm libheif-openjpeg-1.19.7-160000.3.1.aarch64.rpm libheif-rav1e-1.19.7-160000.3.1.aarch64.rpm libheif-svtenc-1.19.7-160000.3.1.aarch64.rpm libheif1-1.19.7-160000.3.1.aarch64.rpm gdk-pixbuf-loader-libheif-1.19.7-160000.3.1.ppc64le.rpm libheif-aom-1.19.7-160000.3.1.ppc64le.rpm libheif-dav1d-1.19.7-160000.3.1.ppc64le.rpm libheif-devel-1.19.7-160000.3.1.ppc64le.rpm libheif-ffmpeg-1.19.7-160000.3.1.ppc64le.rpm libheif-jpeg-1.19.7-160000.3.1.ppc64le.rpm libheif-openjpeg-1.19.7-160000.3.1.ppc64le.rpm libheif-rav1e-1.19.7-160000.3.1.ppc64le.rpm libheif1-1.19.7-160000.3.1.ppc64le.rpm gdk-pixbuf-loader-libheif-1.19.7-160000.3.1.s390x.rpm libheif-aom-1.19.7-160000.3.1.s390x.rpm libheif-dav1d-1.19.7-160000.3.1.s390x.rpm libheif-devel-1.19.7-160000.3.1.s390x.rpm libheif-ffmpeg-1.19.7-160000.3.1.s390x.rpm libheif-jpeg-1.19.7-160000.3.1.s390x.rpm libheif-openjpeg-1.19.7-160000.3.1.s390x.rpm libheif-rav1e-1.19.7-160000.3.1.s390x.rpm libheif1-1.19.7-160000.3.1.s390x.rpm gdk-pixbuf-loader-libheif-1.19.7-160000.3.1.x86_64.rpm libheif-aom-1.19.7-160000.3.1.x86_64.rpm libheif-dav1d-1.19.7-160000.3.1.x86_64.rpm libheif-devel-1.19.7-160000.3.1.x86_64.rpm libheif-ffmpeg-1.19.7-160000.3.1.x86_64.rpm libheif-jpeg-1.19.7-160000.3.1.x86_64.rpm libheif-openjpeg-1.19.7-160000.3.1.x86_64.rpm libheif-rav1e-1.19.7-160000.3.1.x86_64.rpm libheif-svtenc-1.19.7-160000.3.1.x86_64.rpm libheif1-1.19.7-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-166 Security update for go1.24 important SUSE SLFO 1.2 This update for go1.24 fixes the following issues: Update to go1.24.12 (released 2026-01-15) (bsc#1236217) Security fixes: - CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level (bsc#1256821). - CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc#1256820). - CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution (bsc#1256819). - CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm (bsc#1256817). - CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives (bsc#1256816). - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818). Other fixes: * go#76408 crypto/tls: earlyTrafficSecret should use ClientHelloInner if ECH enabled * go#76624 os: on Unix, Readdirnames skips directory entries with zero inodes * go#76760 runtime: stack split at bad time in os/signal with Go 1.25.4 windows 386 * go#76796 runtime: race detector crash on ppc64le * go#76966 cmd/compile/internal/ssa: Compile.func1(): panic during sccp while compiling <function>: runtime error: index out of range go1.24-1.24.12-160000.1.1.aarch64.rpm go1.24-doc-1.24.12-160000.1.1.aarch64.rpm go1.24-libstd-1.24.12-160000.1.1.aarch64.rpm go1.24-race-1.24.12-160000.1.1.aarch64.rpm go1.24-1.24.12-160000.1.1.ppc64le.rpm go1.24-doc-1.24.12-160000.1.1.ppc64le.rpm go1.24-race-1.24.12-160000.1.1.ppc64le.rpm go1.24-1.24.12-160000.1.1.s390x.rpm go1.24-doc-1.24.12-160000.1.1.s390x.rpm go1.24-race-1.24.12-160000.1.1.s390x.rpm go1.24-1.24.12-160000.1.1.x86_64.rpm go1.24-doc-1.24.12-160000.1.1.x86_64.rpm go1.24-libstd-1.24.12-160000.1.1.x86_64.rpm go1.24-race-1.24.12-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-167 Recommended update for emacs moderate SUSE SLFO 1.2 This update for emacs fixes the following issues: - Remove dependency on update-desktop-files (jsc#PED-15201) - Avoid direct dependencies to X11 libraries for wayland port - Enable valgrind support on riscv64 - Update to GNU Emacs version 30.2 * Mainly a bug fix version - Remove ctags.1 that's unused with libalternatives - Requires: alts, not used in scriptlets - Move .gnu-emacs to /usr/etc/skel/ emacs-30.2-160000.1.1.aarch64.rpm emacs-el-30.2-160000.1.1.noarch.rpm emacs-eln-30.2-160000.1.1.aarch64.rpm emacs-games-30.2-160000.1.1.aarch64.rpm emacs-info-30.2-160000.1.1.noarch.rpm emacs-nox-30.2-160000.1.1.aarch64.rpm emacs-x11-30.2-160000.1.1.aarch64.rpm etags-30.2-160000.1.1.aarch64.rpm emacs-30.2-160000.1.1.ppc64le.rpm emacs-eln-30.2-160000.1.1.ppc64le.rpm emacs-games-30.2-160000.1.1.ppc64le.rpm emacs-nox-30.2-160000.1.1.ppc64le.rpm emacs-x11-30.2-160000.1.1.ppc64le.rpm etags-30.2-160000.1.1.ppc64le.rpm emacs-30.2-160000.1.1.s390x.rpm emacs-eln-30.2-160000.1.1.s390x.rpm emacs-games-30.2-160000.1.1.s390x.rpm emacs-nox-30.2-160000.1.1.s390x.rpm emacs-x11-30.2-160000.1.1.s390x.rpm etags-30.2-160000.1.1.s390x.rpm emacs-30.2-160000.1.1.x86_64.rpm emacs-eln-30.2-160000.1.1.x86_64.rpm emacs-games-30.2-160000.1.1.x86_64.rpm emacs-nox-30.2-160000.1.1.x86_64.rpm emacs-x11-30.2-160000.1.1.x86_64.rpm etags-30.2-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-168 Recommended update for supportutils-plugin-trento, trento-agent, trento-web, trento-wanda, trento-checks, mcp-server-trento moderate SUSE SLFO 1.2 This update for supportutils-plugin-trento, trento-agent, trento-web, trento-wanda, trento-checks, mcp-server-trento fixes the following issues: Changes in trento-agent: - Release 3.0.0 ## What's Changed * Release version 3.0.0 (#514) @nelsonkopliku * specify C locale for command execution (#511) @gereonvey * Bump trento-contracts dependency (#494) @gagandeepb * Update mockery to 2.53.2 (#485) @balanza * Bump go 1.25 (#480) @balanza * Bump golangci-lint (#481) @balanza * Bump workbench version (#474) @balanza * Add link to contribution (#477) @EMaksy * Improve agent docs for auto build (#475) @EMaksy * Bump workbench version (#467) @balanza * Update table of contents in the Readme (#465) @EMaksy * Discovery cluster offline host (#464) @balanza * Convert Markdown documentation to Adoc (#459) @EMaksy * Update mockery usage (#453) @nelsonkopliku * Replace logrus logger with built-in log/slogs (#449) @balanza * Implement FS usage gatherer (#440) @janvhs * Add Architecture Discovery (#448) @janvhs * Update workbench dependency (#450) @arbulu89 * Remove support for the 64 Bit ARM (aarch64/arm64) (#445) @janvhs ### Features * Add managed field to crm_mon group (#457) @arbulu89 * Systemd units discovery (#455) @nelsonkopliku ### Bug Fixes * Handle zypper versioncmp exit codes 11 and 12 (#495) @arbulu89 * Fix link and references for adoc documents (#462) @EMaksy * Fix missing log references (#452) @nelsonkopliku * Fix log-level usage (#443) @nelsonkopliku ### Maintenance * Sync both stable and rolling in obs (#466) @vicenteqa * Use adoc in spec file docs (#468) @arbulu89 * Use latest version of endorama/asdf-parse-tool-versions to avoid using deprecated set-output command in gh actions. (#458) @vicenteqa ### Dependencies <details> <summary>37 changes</summary> * Bump actions/checkout from 5 to 6 (#513) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump endorama/asdf-parse-tool-versions from 1.4.0 to 1.4.1 (#512) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump golang.org/x/mod from 0.29.0 to 0.30.0 (#509) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump golang.org/x/sync from 0.17.0 to 0.18.0 (#507) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump golangci/golangci-lint-action from 8 to 9 (#508) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump google.golang.org/protobuf from 1.36.8 to 1.36.10 (#505) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/spf13/viper from 1.20.1 to 1.21.0 (#506) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (#488) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/spf13/pflag from 1.0.7 to 1.0.10 (#489) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/setup-go from 5 to 6 (#490) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/spf13/afero from 1.14.0 to 1.15.0 (#493) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump golang.org/x/mod from 0.27.0 to 0.29.0 (#501) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump stefanzweifel/git-auto-commit-action from 6 to 7 (#502) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump isbang/compose-action from 2.3.0 to 2.4.1 (#503) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump endorama/asdf-parse-tool-versions from 1.3.4 to 1.4.0 (#504) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump workbench to c94b3ce (#500) @arbulu89 * Bump workbench dependency (#497) @arbulu89 * Bump actions/cache from 4.2.4 to 4.3.0 (#496) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump golangci/golangci-lint-action from 6 to 8 (#427) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/hashicorp/go-plugin from 1.6.3 to 1.7.0 (#473) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/stretchr/testify from 1.11.0 to 1.11.1 (#484) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/stretchr/testify from 1.10.0 to 1.11.0 (#483) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/coreos/go-systemd/v22 from 22.5.0 to 22.6.0 (#479) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump google.golang.org/protobuf from 1.36.7 to 1.36.8 (#478) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/vektra/mockery/v2 from 2.53.4 to 2.53.5 (#476) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/checkout from 4 to 5 (#472) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump golang.org/x/mod from 0.26.0 to 0.27.0 (#471) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/cache from 4.2.3 to 4.2.4 (#470) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump google.golang.org/protobuf from 1.36.6 to 1.36.7 (#469) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/spf13/pflag from 1.0.6 to 1.0.7 (#463) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump stefanzweifel/git-auto-commit-action from 5 to 6 (#451) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump golang.org/x/mod from 0.25.0 to 0.26.0 (#460) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump golang.org/x/sync from 0.15.0 to 0.16.0 (#461) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump isbang/compose-action from 2.2.0 to 2.3.0 (#456) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump workbench reference to latest updates (#454) @nelsonkopliku * Bump golang.org/x/mod from 0.24.0 to 0.25.0 (#447) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump golang.org/x/sync from 0.14.0 to 0.15.0 (#446) @[dependabot[bot]](https://github.com/apps/dependabot) </details> **Full Changelog**: https://github.com/trento-project/agent/compare/2.5.0...3.0.0 - Release 2.5.0 ## What's Changed * Update CI (#442) @stefanotorresi * Use absolute command paths (#421) @balanza * update installation script and readme instructions (#439) @stefanotorresi * Handle context cancellation in dir scan gatherer (#382) @balanza * Fix CI job names (#429) @stefanotorresi * Streamline CI workflow (#428) @stefanotorresi * Update packaging and service files for SLES 16 (#425) @janvhs * Add `sudoers` gatherer (#404) @balanza * Update permissions of agent.yaml (#407) @janvhs * Add gatherer to retrieve facts from `global.ini` configuration (#395) @balanza * Update agent to golang 1.23 (#391) @balanza * Handle context cancellation in systemd gatherer (#390) @balanza * Handle context cancellation in fact gatherers (#384) @balanza * Add healthcheck to prevent flacky tests (#371) @balanza * Implement context cancellation for command based gatherers (#379) @balanza * Test command termination error (#378) @balanza * Handle context cancellation in `corosync-cmapctl` gatherer (#376) @balanza * Better document the config example (#335) @stefanotorresi * update license notice (#372) @stefanotorresi * Add tests on built binaries (#362) @balanza * Context propagation in facts gathering flow (#360) @balanza ### Features * Add expiration check to facts gathering request (#441) @arbulu89 * Add CODEOWNERS (#437) @nelsonkopliku * Listen discovery requests (#424) @arbulu89 * Run operations (#422) @arbulu89 * Support aws imds v2 (#423) @nelsonkopliku * Generic event handler and messaging (#420) @arbulu89 * Identify current instance SAP instances (#418) @arbulu89 * RabbitMQ Supports SSL Config (#406) @CDimonaco * Handle context in plugins (#361) @balanza * Customize node exporter target (#356) @arbulu89 ### Bug Fixes * Use discoveries as list instead of map to guarantee order (#436) @arbulu89 * Support aws imds v2 (#423) @nelsonkopliku * Identify j2ee instances as application instances (#416) @arbulu89 ### Maintenance * Generic event handler and messaging (#420) @arbulu89 * Upgrade github actions runner ubuntu version (#405) @arbulu89 ### Dependencies <details> <summary>28 changes</summary> * Bump github.com/vektra/mockery/v2 from 2.53.3 to 2.53.4 (#438) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/spf13/viper from 1.20.0 to 1.20.1 (#434) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/hashicorp/go-plugin from 1.6.2 to 1.6.3 (#433) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump golang.org/x/mod from 0.23.0 to 0.24.0 (#432) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/prometheus-community/pro-bing from 0.6.1 to 0.7.0 (#431) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump golang.org/x/sync from 0.11.0 to 0.14.0 (#430) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/spf13/afero from 1.12.0 to 1.14.0 (#426) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/hashicorp/go-hclog from 1.5.0 to 1.6.3 (#367) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/cache from 4.2.2 to 4.2.3 (#412) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/clbanning/mxj/v2 from 2.5.7 to 2.7.0 (#241) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/spf13/cobra from 1.8.1 to 1.9.1 (#398) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump google.golang.org/protobuf from 1.36.2 to 1.36.6 (#415) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/vektra/mockery/v2 from 2.40.1 to 2.53.3 (#411) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/cache from 4.2.0 to 4.2.2 (#400) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump contracts library to 0.2.0 (#399) @CDimonaco * Bump github.com/spf13/pflag from 1.0.5 to 1.0.6 (#389) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#374) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump isbang/compose-action from 2.0.2 to 2.2.0 (#385) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/prometheus-community/pro-bing from 0.5.0 to 0.6.1 (#386) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/spf13/cobra from 1.7.0 to 1.8.1 (#375) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/prometheus-community/pro-bing from 0.3.0 to 0.5.0 (#368) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/moby/sys/mountinfo from 0.6.2 to 0.7.2 (#370) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/spf13/viper from 1.16.0 to 1.19.0 (#363) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/spf13/afero from 1.9.5 to 1.12.0 (#364) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump google.golang.org/protobuf from 1.31.0 to 1.36.2 (#365) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump golang.org/x/sync from 0.6.0 to 0.10.0 (#357) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/hashicorp/go-plugin from 1.5.1 to 1.6.2 (#352) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/cache from 4.1.1 to 4.2.0 (#358) @[dependabot[bot]](https://github.com/apps/dependabot) </details> **Full Changelog**: https://github.com/trento-project/agent/compare/2.4.0...2.5.0 Changes in trento-web: - Release 3.0.0 ## What's Changed * Release version 3.0.0 (#3929) @nelsonkopliku * Refine cluster start/stop policy (#3914) @balanza * Revert "Bump posthog-js from 1.297.0 to 1.297.3 in /assets (#3923)" (#3925) @gagandeepb * Storybook deps update (#3918) @gagandeepb * Add Nav Menu Scrollbar (#3791) @jagabomb * CI: Refine conditional logic (#3905) @balanza * CI: Conditionally run jobs (#3893) @balanza * Fix js flaky tests (#3887) @vicenteqa * Remove clusters unused functions (#3892) @arbulu89 * Host reboot button always enable (#3891) @balanza * increase timeout for flaky test analysis job (#3888) @vicenteqa * Update README.adoc (#3872) @ajaeger * Fix reboot operation (#3870) @balanza * Bump eslint from 8.57.0 to 9.38.0 in /assets (#3838) @balanza * Stabilize e2e test (#3850) @balanza * Upgrade React to v19 (#3833) @balanza * Split static analysis between js and elixir (#3842) @balanza * Make PATs opaque tokens (#3821) @nelsonkopliku * Revert "Bump @faker-js/faker from 9.4.0 to 10.1.0 in /assets" (#3829) @balanza * [TRNT-3845] Tag endpoints for MCP (#3800) @antgamdia * Add host reboot button (#3768) @balanza * Preserve cluster status on host registration (#3823) @balanza * Improve alerting settings test coverage (#3788) @vicenteqa * Add personal access tokens feature e2e tests (#3794) @arbulu89 * Fixes nodejs references in CI workflow (#3804) @gagandeepb * [TRNT-3845] Fix personal access token openapi warning (#3796) @arbulu89 * Makes npm version constraints flexible (#3789) @gagandeepb * Fix Flaky test - Activity log should reset pagination when filters changed (#3784) @vicenteqa * Update saml certificates (#3781) @nelsonkopliku * Enable host boot operation (#3771) @balanza * Update trento docs link in layout (#3772) @arbulu89 * [TRNT-3845] Run API documentation linter in CI (#3774) @antgamdia * Add host reboot operation policy on sap system (#3767) @balanza * Add cluster host start/stop ops to activity log (#3706) @balanza * Adds support/compatibility with Elixir 1.18, Erlang/OTP 27 and Nodejs 22 (#3722) @gagandeepb * Add host reboot operation policy (#3723) @balanza * Fix failure rate calculation e2e flaky tests (#3753) @vicenteqa * Prepare documentation for auto build process (#3733) @EMaksy * Fix 'change refresh rate' flaky test in activity log test suite (#3751) @vicenteqa * Fix flaky test activity log start refresh ticker (#3750) @vicenteqa * Refactors dispatch functions and their usage (#3715) @gagandeepb * Improve flaky tests e2e summary (#3718) @vicenteqa * Fix flaky test totp login cases for Users test suite (#3716) @vicenteqa * Fix flaky test - Link to known clusters in SAP Systems Overview (#3713) @vicenteqa * Add activity log entry for ClusterHostStatusChanged event (#3712) @balanza * Fix flaky test for Hana cluster details forbidden actions (#3710) @vicenteqa * Cluster host start/stop operations user policy (#3700) @balanza * Add cluster start and stop operations to the controller (#3691) @balanza * Add database operations redux saga part (#3698) @arbulu89 * Fix version usage in page_controller (#3696) @arbulu89 * fix release workflow (#3662) @stefanotorresi * Convert markdown docs to adoc (#3601) @EMaksy * Rescue on discovery exceptions (#3659) @skrech * Run flaky test analysis every day (#3657) @nelsonkopliku * Fix Flaky test in activity log page when selecting every different refresh rate. (#3653) @vicenteqa * Expect offline flag from discovery (#3647) @balanza * Add cluster status field to host projection (#3631) @balanza * Fix Host OpenApi spec (#3635) @balanza * Discovery offline host message (#3630) @balanza * Rename RegisterClusterHost into RegisterOnlineClusterHost (#3629) @balanza * Handle offline host in cluster (#3623) @balanza * Set dynamic validation for checks amount e2e test (#3609) @vicenteqa * Added e2e tests for alerting (#3570) @skrech * Update Scenario Fixtures to Include Architecture (#3597) @janvhs * Add Architecture to HostInfoBox (#3592) @janvhs * Filter checks catalog (#3593) @janvhs * Architecture based checks execution (#3590) @janvhs * Arch discovery (#3553) @janvhs * Increase timeout for Cypress tests execution flaky tests analysis (#3576) @vicenteqa * SAP instance start/stop policy (#3565) @arbulu89 * Fix settings tests before each failure (#3560) @vicenteqa * Bump storybook from 8.4.6 to 9.0.5 in /assets (#3555) @balanza * Enable operations in production (#3558) @arbulu89 * Show error when fail to fetch data from SUSE Manager (#3551) @balanza * Fix start/stop AgentHeartbeat logic in before/after Each hooks in e2e tests (#3537) @vicenteqa * Table top margin (#3517) @arbulu89 ### Features * Build containers on deploy-demo from wanda (#3901) @nelsonkopliku * Avoid PAT collision in test (#3895) @nelsonkopliku * Simplify reboot operation policy to only check current host cluster (#3889) @arbulu89 * Fix cluster hosts operations state (#3880) @arbulu89 * Handle database stop when system replication is not enabled (#3862) @arbulu89 * Fix sap system stop operation policy for scs instance type (#3860) @arbulu89 * Remove abilities from token claims (#3775) @nelsonkopliku * Add OAS server url variable (#3827) @arbulu89 * Token introspect endpoint (#3785) @nelsonkopliku * Cluster discovery handle empty node history (#3818) @arbulu89 * Forbid cluster maintenance change all offline (#3820) @arbulu89 * Personal access tokens activity log (#3817) @arbulu89 * Openapi `All` specification (#3811) @arbulu89 * Token introspection (#3778) @nelsonkopliku * Show and revoke personal access token in user edition view (#3808) @arbulu89 * Add deprecated flag to operation and schemas (#3809) @arbulu89 * Personal access tokens profile frontend (#3793) @arbulu89 * [TRNT-3845] Run linters on the API spec and fix the errors (controllers: routes) (#3764) @antgamdia * UI Personal access tokens modals (#3790) @arbulu89 * PAT authentication (#3777) @nelsonkopliku * Revoke Personal Access Tokens (#3749) @nelsonkopliku * Retrieve user Personal Access Tokens (#3745) @nelsonkopliku * Personal Access Token creation (#3739) @nelsonkopliku * [TRNT-3845] Run linters on the API spec and fix the errors (controllers: unprocessable_entity) (#3762) @antgamdia * [TRNT-3845] Run linters on the API spec and fix the errors (controllers: properties) (#3763) @antgamdia * Polish openapi spec (#3676) @nelsonkopliku * SAP system start/stop policy (#3721) @arbulu89 * Analytics Eula Modal (#3701) @jagabomb * Add cluster host start/stop to the trento UI (#3705) @balanza * Database start/stop policy (#3719) @arbulu89 * Make system/database operations self-exclusive and disable some options (#3717) @arbulu89 * Add database and site operation buttons (#3702) @arbulu89 * System replication stopped instances (#3708) @arbulu89 * Add disabled option to operations button (#3704) @arbulu89 * Database start/stop activity logging (#3697) @arbulu89 * SAP and databases start/stop operation modal (#3695) @arbulu89 * Database start/stop operations user policies (#3683) @arbulu89 * SMLM settings save/change correlation (#3640) @gagandeepb * Request database operation (#3680) @arbulu89 * Analytics Add Version Code (#3625) @jagabomb * Add system replication details (#3669) @arbulu89 * Show host cluster status (#3664) @balanza * SAP system start/stop frontend saga request (#3658) @arbulu89 * SAP start/stop operation activity log (#3656) @arbulu89 * Start/stop SAP system user policy (#3652) @arbulu89 * SAP system operation route (#3644) @arbulu89 * Sort system replication tier (#3637) @arbulu89 * Move replication status to back to primary (#3627) @arbulu89 * Advanced system replication fields (#3626) @arbulu89 * Correlation of heartbeat entries after API key regeneration (#3606) @gagandeepb * Enforce pacemaker operation policy to rely on discovered state (#3620) @nelsonkopliku * Enable/disable pacemaker systemd ops based on current state (#3614) @nelsonkopliku * Cluster resource operations (#3615) @arbulu89 * Handle crmmon group managed (#3616) @arbulu89 * Resources table frontend (#3608) @arbulu89 * Request host discovery on pacemaker ops (#3613) @nelsonkopliku * Handle systemd units host discovery (#3610) @nelsonkopliku * Expose cluster resources (#3605) @arbulu89 * Correlation of operations activity log entries (#3600) @gagandeepb * Fix SAP instance cluster maintenance authorization (#3580) @arbulu89 * Add pacemaker ops to activity log (#3602) @nelsonkopliku * Request pacemaker enable UI (#3586) @nelsonkopliku * Add chevron collapsible table (#3598) @arbulu89 * Alerting Settings events in the ActivityLog (#3596) @skrech * Activity log correlation for deregistration entries (#3554) @gagandeepb * Update running operations refresh (#3591) @arbulu89 * App instance operation activity log (#3585) @arbulu89 * Add a cumulative photofinish demo scenario (#3594) @nelsonkopliku * Alerting settings schema/model (#3461) @skrech * Add accept operation modal (#3588) @nelsonkopliku * Request SAP instance operation (#3577) @arbulu89 * Improve cluster controller policy related test (#3583) @nelsonkopliku * SAP instance start/stop user policy (#3582) @arbulu89 * Pacemaker enable disable policy (#3581) @nelsonkopliku * Request pacemaker enable/disable (#3578) @nelsonkopliku * Add operations button to SAP instance in table (#3575) @arbulu89 * Add transparent prop to operations button (#3566) @arbulu89 * Add SAP instance start/stop modal (#3561) @arbulu89 * SAP system operation request (#3550) @arbulu89 * Split host and cluster operation requested activity logging (#3539) @arbulu89 * Harden saptune operation policy (#3535) @nelsonkopliku * Request cluster discovery on operation complete event (#3538) @arbulu89 * Cluster maintenance change backend (#3532) @arbulu89 * Show relevant saptune solution options (#3533) @nelsonkopliku * Cluster maintenance operation frontend (#3529) @arbulu89 * Update host saptune status on SAP instances de/registration (#3514) @arbulu89 * Add `forwardRef` to button component (#3528) @arbulu89 * Add fixed witdh to relevant patches synopsis (#3521) @arbulu89 * Add CODEOWNERS (#3518) @nelsonkopliku * Analytics Settings UI with Collection to Posthog (#3449) @jagabomb * Add the ability to request a saptune solution change (#3488) @nelsonkopliku * Expose cluster resource parent api (#3482) @arbulu89 ### Bug Fixes * Add AUTH_SERVER_URL to wanda container (#3858) @nelsonkopliku * Updated HTTPoison to 2.2.3 (#3783) @skrech * Handle host_not_registered error in saptune event handler (#3773) @arbulu89 * Handle null node attributes nodes list (#3709) @arbulu89 * Fix malformed discovery event causing an error (#3663) @skrech * Fix SAP instance cluster maintenance authorization (#3580) @arbulu89 * Fixes for Analytics Events (#3530) @jagabomb ### Maintenance * Use gh action concurrency (#3911) @nelsonkopliku * Remove unused CI env variable (#3910) @nelsonkopliku * Build containers on deploy-demo from wanda (#3901) @nelsonkopliku * Regenerate package lock (#3879) @nelsonkopliku * Remove unnecessary env variable from wanda (#3869) @nelsonkopliku * Fix photofinish permissions (#3861) @nelsonkopliku * CI Improvements (#3816) @gagandeepb * Implements nodejs matrix strategy (#3798) @gagandeepb * [TRNT-3845] Enable API docs linter in CI (#3797) @antgamdia * Use latest version of endorama/asdf-parse-tool-versions to avoid using deprecated set-output command in gh actions. (#3622) @vicenteqa * Fix operation resource type mapping (#3621) @nelsonkopliku * Removal of unused dependency (#3599) @gagandeepb * More ci improvements (#3569) @stefanotorresi * More ci fixes (#3516) @stefanotorresi * Unify cluster details header code in new component (#3486) @arbulu89 ### Dependencies <details> <summary>136 changes</summary> * Bump posthog-js from 1.297.0 to 1.297.3 in /assets (#3923) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump esbuild from 0.25.12 to 0.27.0 in /assets (#3920) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump html-webpack-plugin from 5.6.4 to 5.6.5 in /assets (#3924) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/checkout from 5 to 6 (#3915) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump posthog-js from 1.290.0 to 1.297.0 in /assets (#3913) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump glob from 10.4.5 to 10.5.0 in /assets (#3908) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump chromaui/action from 13.3.3 to 13.3.4 (#3909) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump eslint-plugin-jest from 29.0.1 to 29.1.0 in /assets (#3882) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump js-yaml from 4.1.0 to 4.1.1 in /test/e2e (#3906) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump js-yaml in /assets (#3907) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump dawidd6/action-ansible-playbook from 4 to 5 (#3824) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump docker/metadata-action from 5.8.0 to 5.9.0 (#3863) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump chromatic from 13.1.2 to 13.3.3 in /assets (#3874) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump esbuild from 0.25.9 to 0.25.12 in /assets (#3866) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump react-select from 5.9.0 to 5.10.2 in /assets (#3867) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump redux-saga from 1.3.0 to 1.4.2 in /assets (#3839) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump chromaui/action from 13.3.2 to 13.3.3 (#3854) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump semver from 7.7.2 to 7.7.3 in /assets (#3856) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump react-router from 7.8.1 to 7.9.5 in /assets (#3855) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @babel/preset-env from 7.28.0 to 7.28.5 in /assets (#3851) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump react-hot-toast from 2.5.1 to 2.6.0 in /assets (#3836) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump babel-jest from 30.0.5 to 30.2.0 in /assets (#3835) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @messageformat/runtime from 3.0.1 to 3.0.2 in /assets (#3853) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @babel/preset-react from 7.27.1 to 7.28.5 in /assets (#3847) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @babel/core from 7.28.3 to 7.28.5 in /assets (#3840) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/download-artifact from 5 to 6 (#3844) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump chromaui/action from 13.3.1 to 13.3.2 (#3843) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/upload-artifact from 4 to 5 (#3846) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump tailwindcss from 3.4.16 to 3.4.18 in /assets (#3837) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/setup-node from 4 to 6 (#3826) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump stefanzweifel/git-auto-commit-action from 6 to 7 (#3831) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump docker/login-action from 3.5.0 to 3.6.0 (#3806) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump chromaui/action from 13.1.5 to 13.3.1 (#3834) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump isbang/compose-action from 2.3.0 to 2.4.1 (#3825) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @faker-js/faker from 9.4.0 to 10.1.0 in /assets (#3828) @[dependabot[bot]](https://github.com/apps/dependabot) * Remove `canvas` from prod deps in ./assets (#3803) @skrech * Bump tar-fs from 2.1.3 to 2.1.4 in /assets (#3801) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump chromaui/action from 13.1.4 to 13.1.5 (#3776) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump axios from 1.11.0 to 1.12.2 in /assets (#3770) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/setup-node from 4 to 5 (#3754) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/github-script from 7 to 8 (#3756) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump chromaui/action from 13.1.3 to 13.1.4 (#3752) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump html-webpack-plugin from 5.6.3 to 5.6.4 in /assets (#3740) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump jest-environment-jsdom from 30.0.4 to 30.0.5 in /assets (#3738) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump jest from 30.0.4 to 30.0.5 in /assets (#3736) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump canvas from 3.1.2 to 3.2.0 in /assets (#3735) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump posthog-js from 1.227.0 to 1.260.1 in /assets (#3734) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump eslint-plugin-import from 2.31.0 to 2.32.0 in /assets (#3732) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump chart.js from 4.4.7 to 4.5.0 in /assets (#3731) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @storybook/addon-docs from 9.1.0 to 9.1.2 in /assets (#3730) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @headlessui/react from 2.2.5 to 2.2.7 in /assets (#3729) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @babel/core from 7.28.0 to 7.28.3 in /assets (#3728) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump postcss-import from 16.1.0 to 16.1.1 in /assets (#3727) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump brace-expansion in /test/e2e (#3726) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/download-artifact from 4 to 5 (#3703) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @date-fns/utc from 2.1.0 to 2.1.1 in /assets (#3692) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump esbuild from 0.25.6 to 0.25.9 in /assets (#3725) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump react-router from 7.6.3 to 7.8.1 in /assets (#3724) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump docker/metadata-action from 5.7.0 to 5.8.0 (#3693) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump tmp from 0.2.1 to 0.2.4 in /test/e2e (#3707) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/checkout from 4 to 5 (#3720) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump docker/login-action from 3.4.0 to 3.5.0 (#3699) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @storybook/addon-docs from 9.0.17 to 9.1.0 in /assets (#3689) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump chromaui/action from 13.1.2 to 13.1.3 (#3690) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump eslint-plugin-storybook from 9.0.18 to 9.1.0 in /assets (#3688) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump babel-loader from 9.2.1 to 10.0.0 in /assets (#3685) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump rc-input-number from 9.3.0 to 9.5.0 in /assets (#3684) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump eslint-plugin-storybook from 9.0.9 to 9.0.18 in /assets (#3681) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump papaparse from 5.4.1 to 5.5.3 in /assets (#3682) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump postcss from 8.4.49 to 8.5.6 in /assets (#3679) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @babel/preset-env from 7.26.0 to 7.28.0 in /assets (#3674) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump eslint-plugin-jest from 28.9.0 to 29.0.1 in /assets (#3673) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump eslint-plugin-react from 7.37.2 to 7.37.5 in /assets (#3671) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump autoprefixer from 10.4.20 to 10.4.21 in /assets (#3672) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump axios from 1.10.0 to 1.11.0 in /assets (#3665) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @headlessui/react from 2.2.0 to 2.2.5 in /assets (#3667) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump chromatic from 11.25.0 to 13.1.2 in /assets (#3666) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @storybook/react from 9.0.17 to 9.0.18 in /assets (#3661) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump babel-jest from 29.7.0 to 30.0.5 in /assets (#3660) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump form-data and @cypress/request in /test/e2e (#3655) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump form-data from 4.0.0 to 4.0.4 in /assets (#3654) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @storybook/addon-docs from 9.0.9 to 9.0.17 in /assets (#3651) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump eslint-config-prettier from 9.1.0 to 10.1.8 in /assets (#3650) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump axios from 1.9.0 to 1.10.0 in /assets (#3648) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @storybook/react from 9.0.16 to 9.0.17 in /assets (#3649) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @babel/preset-react from 7.26.3 to 7.27.1 in /assets (#3645) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump esbuild from 0.25.0 to 0.25.6 in /assets (#3646) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump jest-environment-jsdom from 29.7.0 to 30.0.4 in /assets (#3641) @[dependabot[bot]](https://github.com/apps/dependabot) * Fix jest expectations (#3643) @nelsonkopliku * Bump jest from 29.7.0 to 30.0.4 in /assets (#3642) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump react-router-dom from 6.28.0 to 7.6.3 in /assets (#3604) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump rc-tooltip from 6.3.1 to 6.4.0 in /assets (#3639) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @storybook/react from 9.0.5 to 9.0.16 in /assets (#3638) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump react-error-boundary from 4.1.2 to 6.0.0 in /assets (#3636) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump react-chartjs-2 from 5.2.0 to 5.3.0 in /assets (#3634) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump react-accessible-treeview from 2.10.0 to 2.11.2 in /assets (#3632) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump dawidd6/action-ansible-playbook from 3 to 4 (#3574) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump react-markdown from 9.0.1 to 10.1.0 in /assets (#3572) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump chromaui/action from 13.1.0 to 13.1.2 (#3617) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump isbang/compose-action from 2.2.0 to 2.3.0 (#3611) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump chromaui/action from 13.0.1 to 13.1.0 (#3612) @[dependabot[bot]](https://github.com/apps/dependabot) * Removal of unused dependency (#3599) @gagandeepb * Bump chromaui/action from 13.0.0 to 13.0.1 (#3584) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump chromaui/action from 12.2.0 to 13.0.0 (#3579) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump stefanzweifel/git-auto-commit-action from 5 to 6 (#3564) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump eslint-plugin-storybook from 0.11.1 to 9.0.9 in /assets (#3568) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @storybook/addon-docs from 9.0.5 to 9.0.9 in /assets (#3567) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump chromaui/action from 12.1.1 to 12.2.0 (#3559) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump chromaui/action from 12.1.0 to 12.1.1 (#3557) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump dflook/terraform-new-workspace from 1 to 2 (#3544) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump dflook/terraform-destroy-workspace from 1 to 2 (#3545) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump dflook/terraform-apply from 1 to 2 (#3546) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump dflook/terraform-output from 1 to 2 (#3547) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump chromaui/action from 12.0.0 to 12.1.0 (#3549) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @testing-library/user-event from 14.5.2 to 14.6.1 in /assets (#3534) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump chromaui/action from 11.28.3 to 12.0.0 (#3525) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump rc-input from 1.7.1 to 1.8.0 in /assets (#3531) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump fishery from 2.2.2 to 2.3.1 in /assets (#3526) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @storybook/addon-webpack5-compiler-babel from 3.0.3 to 3.0.6 in /assets (#3524) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump chromaui/action from 11.28.2 to 11.28.3 (#3522) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump remark-gfm from 4.0.0 to 4.0.1 in /assets (#3520) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump jaxxstorm/action-install-gh-release from 1.14.0 to 2.1.0 (#3519) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @storybook/preview-api from 8.4.7 to 8.6.14 in /assets (#3511) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump chromaui/action from 11.25.2 to 11.28.2 (#3464) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump esbuild and tsx in /test/e2e (#3452) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @babel/runtime from 7.23.2 to 7.27.0 in /assets (#3453) @[dependabot[bot]](https://github.com/apps/dependabot) * Add CODEOWNERS (#3518) @nelsonkopliku * Bump @babel/helpers from 7.20.7 to 7.26.10 in /test/e2e (#3384) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump docker/metadata-action from 5.6.1 to 5.7.0 (#3342) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump docker/login-action from 3.3.0 to 3.4.0 (#3386) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @babel/runtime from 7.20.7 to 7.26.10 in /test/e2e (#3383) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump serialize-javascript from 6.0.1 to 6.0.2 in /assets (#3324) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump dawidd6/action-ansible-playbook from 2 to 3 (#3287) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump isbang/compose-action from 2.1.0 to 2.2.0 (#3264) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump undici from 5.28.5 to 5.29.0 in /test/e2e (#3505) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump axios from 1.7.9 to 1.9.0 in /assets (#3475) @[dependabot[bot]](https://github.com/apps/dependabot) </details> **Full Changelog**: https://github.com/trento-project/web/compare/2.5.0...3.0.0 - Release 2.5.0 ## What's Changed * Test flakiness analysis for backend. (#3483) @vicenteqa * Fix PR env pre-flight check for forks (#3497) @stefanotorresi * Edit ansible inventory in CI (#3474) @balanza * Reorder start ordering (#3485) @gagandeepb * Add checks execution with custom values test e2e (#3476) @EMaksy * Increase timeout for SUSE Multi Linux Manager API (#3435) @balanza * PO Refactor checks execution & other tests dependant on wanda (#3471) @vicenteqa * Checks customization e2e (#3460) @EMaksy * Add a GenericError for displaying non-recoverable errors (#3459) @janvhs * Fix margins (#3446) @janvhs * Using checks in pr env (#3456) @nelsonkopliku * Apply PO pattern to Settings test suite (#3442) @vicenteqa * Apply PO Pattern to Saptune-SSO-SUMA test suites (#3428) @vicenteqa * Apply PageObject pattern sap systems overview e2e tests (#3408) @vicenteqa * Allow Usage Of Podman (#3400) @janvhs * Run regression and integration e2e tests always in CI (#3411) @arbulu89 * Identify clustered sap instances (#3397) @arbulu89 * Use custom function to check if data is loaded (#3405) @arbulu89 * Apply page object pattern Sap System Details tests. (#3392) @vicenteqa * Apply page object pattern to hosts overview tests (#3389) @vicenteqa * Review & fix users e2e tests flakiness (#3378) @vicenteqa * Rename current_value to default_value (#3380) @nelsonkopliku * Apply PO Pattern host details e2e tests. (#3348) @vicenteqa * Add Trento documentation to navigation bar (#3294) @janvhs * Apply po pattern home tests (#3344) @vicenteqa * Refactor checkable warning message (#3332) @EMaksy * Apply PageObject pattern to Hana DB Details E2E tests (#3330) @vicenteqa * Apply PageObject pattern Hana Cluster Details E2E tests (#3300) @vicenteqa * Create checkable warning messages (#3313) @EMaksy * Saptune solution apply endpoint (#3305) @arbulu89 * Apply PageObject pattern to databases overview tests. (#3281) @vicenteqa * Apply PageObject pattern Clusters Overview tests. (#3266) @vicenteqa * Apply PageObject pattern 'activity log' e2e tests (#3259) @vicenteqa * Add check customization ability (#3258) @nelsonkopliku * Fix Jest warnings on FE tests (#3254) @vicenteqa * Apply page object pattern to 'about' and 'check catalog' tests (#3248) @vicenteqa * Fixes typo (#3245) @gagandeepb * Fix for nil values in severity (#3244) @gagandeepb * Add page object structure for User creation tests (#3219) @vicenteqa * add job conditional to ensure secret availability (#3234) @stefanotorresi * move some workflow env variables to GHA variables (#3233) @stefanotorresi * Refactor activity log settings (#3223) @nelsonkopliku * update license notice (#3226) @stefanotorresi * Pin Chromatic action (#3227) @balanza * Revert "Add e2e test for hana scale up cost optimized scenario" (#3213) @arbulu89 * Remove SUMA feature flag (#3205) @janvhs * Improve e2e tests on Activity log (#3200) @balanza * Fixup #3198 (#3199) @balanza * Add a PR comment when a preview environment is created (#3198) @balanza * Show password toggle on login (#3191) @balanza * Fix activity log e2e test (#3179) @nelsonkopliku * Add info tooltip for metadata search (#3186) @balanza * Activity log autorefresh e2e (#3169) @nelsonkopliku * Add sap hana scale up cost optimized and performance optimized discovery (#3152) @EMaksy ### Features * Reset modal options on cancel (#3504) @arbulu89 * SMTP allows talking to unauthenticated servers (#3489) @skrech * Add cluster maintenance change modal (#3487) @arbulu89 * Request saptune discovery when saptune solution apply operation is completed (#3443) @arbulu89 * Add wanda to ci for e2e (#3455) @EMaksy * Log checks selected as connection activity (#3450) @nelsonkopliku * Implements newly defined severity level conditions (#3445) @gagandeepb * Log user coming from messages (#3440) @nelsonkopliku * Backend for User Analytics Settings (#3372) @jagabomb * Parse current instance field (#3416) @arbulu89 * Support AWS without metadata scenarios (#3412) @nelsonkopliku * Log checks customizations activities (#3424) @nelsonkopliku * Handle unmounted clustered sap instance (#3422) @arbulu89 * Expose cluster sap instances frontend (#3410) @arbulu89 * Discovery HANA+ASCS/ERS ers clusters (#3394) @arbulu89 * Use operation forbidden modal in host details (#3381) @arbulu89 * Add OperationForbiddenModal (#3331) @arbulu89 * Operation policy messages (#3364) @arbulu89 * Operation user authorization frontend (#3369) @arbulu89 * Operation user authorization (#3368) @arbulu89 * Add hostname field to activity log metadata for operation entries (#3377) @arbulu89 * Checks customization modal save (#3352) @EMaksy * Fetch running operation on page load (#3355) @arbulu89 * Activity log severity levels UI (#3306) @gagandeepb * Operation completed activity log (#3360) @arbulu89 * Add modified check pill in checks execution results an detail (#3358) @nelsonkopliku * Log operation requested in activity log (#3354) @arbulu89 * Rabbitmq explicit ssl support (#3353) @CDimonaco * Add operations button host view (#3345) @arbulu89 * Add boolean input for checks customization modal (#3310) @EMaksy * Running operations redux (#3339) @arbulu89 * Request and process operation events (#3333) @arbulu89 * Add operations messaging queue (#3320) @arbulu89 * Actions button (#3319) @arbulu89 * Saptune solution apply modal (#3311) @arbulu89 * Add reset customization cta inside modal (#3323) @nelsonkopliku * Wire up check customization reset (#3309) @nelsonkopliku * Add reset customization cta (#3308) @nelsonkopliku * Add operations policy plug (#3304) @arbulu89 * Foundation for Basic Analytics Implementation (#3301) @jagabomb * Operation policies (#3293) @arbulu89 * Adjust checks selection route (#3299) @nelsonkopliku * Parameterized ecto payload (#3286) @arbulu89 * Improve read models associations (#3284) @arbulu89 * Activity log severity levels filter (#3285) @gagandeepb * Add Checks customization modal (#3277) @EMaksy * Add parent cluster resource (#3276) @arbulu89 * Load checks selection with customizations (#3278) @nelsonkopliku * Add modified pill for customized checks (#3274) @nelsonkopliku * Rename suse manager labeling (#3279) @arbulu89 * Use embeds software updates (#3275) @arbulu89 * Add check customization call to action in checks selection (#3256) @nelsonkopliku * Adds Encapsulation for Dashboard Page (#3242) @jagabomb * Refactor checks_catalog ui test (#3247) @EMaksy * Expose abilities as jwt claims (#3240) @nelsonkopliku * Activity log severity levels (#3222) @gagandeepb * Add hana scale up scenario as selection in checks catalog (#3210) @EMaksy * Add job for flaky e2e tests detection (#3215) @vicenteqa * Cypress E2E Tests parallelization (#3208) @vicenteqa * Hana Scale up cost opt checks in the trento console (#3206) @EMaksy * Add e2e test for hana scale up cost optimized scenario (#3184) @EMaksy * Redact users in activity log (#3195) @nelsonkopliku * Limit user access in activity log filters (#3183) @nelsonkopliku * Add new ability permitting access to users in activity log (#3180) @nelsonkopliku * Activity log autorefresh (#3161) @nelsonkopliku * Use prometheus targets (#3165) @arbulu89 * Activity Log search by metadata (#3056) @nelsonkopliku * ActivityLog searching by metadata BE implementation (#3059) @gagandeepb * Replaces Empty Favicon with Trento Logo (#3144) @jagabomb ### Bug Fixes * Bugfix for web as it fails to start when no IPV6 is available (#3490) @EMaksy * Show tooltip only when hoovered over the start execution button (#3470) @EMaksy * Relax timeouts (#3477) @janvhs * Fix references to activity log settings (#3463) @nelsonkopliku * Deduplicate targets for ascs cluster checks executions (#3447) @nelsonkopliku * Fix width on Select (#3418) @janvhs * Fix Save button after saving a check in the checks customization modal (#3417) @EMaksy * Fix database profile payload validation (#3398) @arbulu89 * Enable reset customization when check is customized (#3328) @nelsonkopliku * Update `date-fns` to 4.1.0 and DateFilter refactoring (#3312) @skrech * Use embeds software updates (#3275) @arbulu89 * Fix cluster json view adapt_v1 function (#3273) @arbulu89 * Fix discovery dispatch accumulating errors (#3272) @arbulu89 * Remaps specific activity log type unconditionally to warning (#3271) @gagandeepb * Fix selected cluster type ui in Checks catalog view (#3229) @EMaksy * change base image and update dependencies (#3232) @stefanotorresi * Update community container image to use fixed versions from leap15.6 (#3217) @arbulu89 * Upgrade tzdata to 1.1.2 to avoid error log (#3216) @arbulu89 * Handle ApplicationInstanceMoved event in deregistration (#3125) @arbulu89 * Allow the scheduled execution to check also ascs/ers clusters (#3156) @nelsonkopliku ### Maintenance * Version bump automation (#3509) @stefanotorresi * Add menu position to operations button (#3503) @arbulu89 * Automate changelog generation (#3496) @stefanotorresi * Remove legacy catalog list coming from `runner` implementation (#3494) @nelsonkopliku * add .editorconfig (#3492) @stefanotorresi * Fix wanda initdb permissions (#3479) @nelsonkopliku * Recreate and not remove checks container in PR env ci (#3458) @arbulu89 * Add wanda to ci for e2e (#3455) @EMaksy * Use rolling checks image in demo (#3451) @nelsonkopliku * Differentiate checks execution requested label (#3441) @nelsonkopliku * Minor adjustments to check customization (#3439) @nelsonkopliku * Fix year range (#3426) @nelsonkopliku * Fix operation_completed activity log severity level (#3371) @arbulu89 * Remove unnecessary div (#3370) @nelsonkopliku * Upgrade github actions runner ubuntu version (#3361) @arbulu89 * Center severity icon in table cell (#3363) @nelsonkopliku * Fix: Verify mocks in settings_test.ex (#3359) @skrech * Rename ActionsButton to OperationsButton (#3329) @arbulu89 * Update `date-fns` to 4.1.0 and DateFilter refactoring (#3312) @skrech * Fix operations policy get_params usage (#3321) @arbulu89 * Reduce modal padding (#3292) @nelsonkopliku * Adds Encapsulation for Dashboard Page (#3242) @jagabomb * Cost opt e2e (#3212) @arbulu89 * Order users query (#3196) @nelsonkopliku * Use different clear icon (#3190) @nelsonkopliku * Pin k3s version in CI workflow (#3185) @stefanotorresi * Fix Activity Log type filter width (#3164) @nelsonkopliku * Upgrade to Headless UI 2 (#3140) @dottorblaster * Omit an unnecessary query when requesting cluster checks execution (#3159) @nelsonkopliku * Replaces Empty Favicon with Trento Logo (#3144) @jagabomb ### Dependencies <details> <summary>39 changes</summary> * Bump posthog-js from 1.53.2 to 1.227.0 in /assets (#3362) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump trento contracts 0.2.0 (#3343) @CDimonaco * Bump serialize-javascript from 6.0.1 to 6.0.2 in /assets (#3296) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump esbuild from 0.24.0 to 0.25.0 in /assets (#3295) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump chromaui/action from 11.25.1 to 11.25.2 (#3265) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump react-hot-toast from 2.4.1 to 2.5.1 in /assets (#3250) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @faker-js/faker from 9.3.0 to 9.4.0 in /assets (#3249) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump chromaui/action from 11.25.0 to 11.25.1 (#3253) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @babel/preset-react from 7.25.9 to 7.26.3 in /assets (#3209) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump react-select from 5.8.3 to 5.9.0 in /assets (#3201) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/setup-python from 4 to 5 (#3220) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump chromatic from 11.22.2 to 11.25.0 in /assets (#3237) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump chromaui/action from 11.22.2 to 11.25.0 (#3238) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump undici from 5.28.4 to 5.28.5 in /test/e2e (#3243) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump isbang/compose-action from 2.0.2 to 2.1.0 (#3241) @[dependabot[bot]](https://github.com/apps/dependabot) * Update gen_rmq to cdimonaco/gen_rmq version 5 (#3246) @CDimonaco * Bump chromatic from 11.20.0 to 11.22.2 in /assets (#3221) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump qrcode.react from 4.1.0 to 4.2.0 in /assets (#3202) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump nanoid from 3.3.7 to 3.3.8 in /assets (#3207) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump docker/metadata-action from 5.5.1 to 5.6.1 (#3155) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @faker-js/faker from 9.2.0 to 9.3.0 in /assets (#3194) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @heroicons/react from 2.1.5 to 2.2.0 in /assets (#3192) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @babel/plugin-transform-modules-commonjs from 7.25.9 to 7.26.3 in /assets (#3189) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @testing-library/react from 16.0.1 to 16.1.0 in /assets (#3193) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump rc-input from 1.6.3 to 1.7.1 in /assets (#3171) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @storybook/preview-api from 8.4.6 to 8.4.7 in /assets (#3188) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump eslint-plugin-storybook from 0.11.0 to 0.11.1 in /assets (#3187) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump rc-tooltip from 6.2.1 to 6.3.1 in /assets (#3178) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump tailwindcss from 3.4.15 to 3.4.16 in /assets (#3182) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump axios from 1.7.7 to 1.7.9 in /assets (#3181) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump chromatic from 11.19.0 to 11.20.0 in /assets (#3177) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump chart.js from 4.4.6 to 4.4.7 in /assets (#3170) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump chartjs-plugin-zoom from 2.0.1 to 2.2.0 in /assets (#3174) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump tailwindcss from 3.4.14 to 3.4.15 in /assets (#3151) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump cross-spawn from 7.0.3 to 7.0.6 in /test/e2e (#3154) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @storybook/test from 8.4.2 to 8.4.6 in /assets (#3166) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump jaxxstorm/action-install-gh-release from 1.13.0 to 1.14.0 (#3163) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump chromatic from 11.18.0 to 11.19.0 in /assets (#3162) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump @storybook/preview-api from 8.4.2 to 8.4.6 in /assets (#3168) @[dependabot[bot]](https://github.com/apps/dependabot) </details> **Full Changelog**: https://github.com/trento-project/web/compare/2.4.0...2.5.0 Changes in trento-wanda: - Release 2.0.0 ## What's Changed * Release version 2.0.0 (#667) @nelsonkopliku * Remove unneeded references to jwt libraries and environment variables (#662) @nelsonkopliku * [TRNT-3845] Add missing examples in API spec (#657) @antgamdia * [TRNT-3845] Tag endpoints for MCP (#650) @antgamdia * [TRNT-3845] Enable API docs linter in CI (#648) @antgamdia * [TRNT-3845] Run API documentation linter in CI (#645) @antgamdia * Add host reboot operation (#640) @balanza * Fixes reference to md (#639) @gagandeepb * Elixir 1.18 and Erlang/OTP 27 (#638) @gagandeepb * Prepare wanda docs for autobuild (#637) @EMaksy * Add cluster start/stop operations to registry (#633) @balanza * Convert md docs to adoc (#630) @EMaksy * Update the env to include the architecture of a host (#627) @janvhs * Filter operations by status (#626) @arbulu89 * Add Docs for the fs_usage-Gatherer (#625) @janvhs * Enable operations in produdction (#621) @arbulu89 * Clustermaintenancechange (#616) @arbulu89 ### Features * Require AUTH_SERVER_URL only when token authentication is enabled (#664) @nelsonkopliku * Token introspection auth (#658) @nelsonkopliku * Add oas server url configuration option (#656) @arbulu89 * Openapi all spec (#653) @arbulu89 * Add deprecated flag to operation and schemas (#651) @arbulu89 * [TRNT-3845] Run linters on the API spec and fix the errors (controller) (#642) @antgamdia * [TRNT-3845] Run linters on the API spec and fix the errors (schemas) (#641) @antgamdia * [TRNT-3845] Combine API specs in a single file with improved feedback loop (#634) @antgamdia * [TRNT-3845] Make "api-bc-check" CI step check API against PR's target instead of main (#643) @antgamdia * Add database start/stop operations (#632) @arbulu89 * Add SAP system start/stop operations (#629) @arbulu89 * Add enable/disable pacemaker operations spec (#622) @nelsonkopliku * Add SAP instance start/stop operations (#619) @arbulu89 ### Bug Fixes * Add deprecated flag to operation and schemas (#651) @arbulu89 ### Maintenance * CI improvements (#663) @gagandeepb * Revert temporary changes (#661) @nelsonkopliku * Sync both stable and rolling versions in OBS (#631) @vicenteqa * use latest version of get latest tag action (#628) @vicenteqa * Fix CI obs image tarball creation (#624) @arbulu89 * Fix deps cache key in CI (#615) @nelsonkopliku ### Dependencies <details> <summary>11 changes</summary> * Bump actions/checkout from 5 to 6 (#666) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump stefanzweifel/git-auto-commit-action from 6 to 7 (#654) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/upload-artifact from 4 to 5 (#659) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump endorama/asdf-parse-tool-versions from 1.3.4 to 1.4.0 (#660) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/setup-node from 4 to 6 (#655) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/checkout from 4 to 5 (#636) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump stefanzweifel/git-auto-commit-action from 5 to 6 (#623) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump phoenix from 1.7.19 to 1.7.21 (#600) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump phoenix_ecto from 4.6.3 to 4.6.4 (#613) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump plug_cowboy from 2.7.2 to 2.7.3 (#580) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump credo from 1.7.11 to 1.7.12 (#614) @[dependabot[bot]](https://github.com/apps/dependabot) </details> **Full Changelog**: https://github.com/trento-project/wanda/compare/1.5.0...2.0.0 - Release 1.5.0 ## What's Changed * Check vendor deps on CI (#594) @balanza * Update build dependency requirements (again) (#597) @stefanotorresi * Fix typo in rust package alias (#596) @stefanotorresi * Add gatherer docs (#588) @balanza * Bump RHAI rustler (#591) @balanza * Operations messaging with web (#577) @arbulu89 * Multiple amqp consumer publisher (#575) @arbulu89 * Adjust doc (#571) @nelsonkopliku * Refactor customization opt out flag (#569) @nelsonkopliku * relax rust requirement to allow for patch updates (#557) @stefanotorresi * change base image and update dependencies (#545) @stefanotorresi * update license notice (#546) @stefanotorresi * Add hexadecimal value hint to id section (#542) @arbulu89 * Fix docs description in Evaluation Scope (#539) @EMaksy * Update specification.md (#538) @EMaksy ### Features * Add CODEOWNERS (#612) @nelsonkopliku * Add saptune change solution operation to the catalog (#608) @nelsonkopliku * Propagate user in messages (#604) @nelsonkopliku * Publish checks customization messages (#602) @nelsonkopliku * Receive operator execution reports (#599) @arbulu89 * Send operator execution request to agents (#595) @arbulu89 * Expose resolved original values (#592) @nelsonkopliku * Add boolean to accepted value types (#590) @nelsonkopliku * Add support to updating checks customizations (#587) @nelsonkopliku * Rabbitmq explicit ssl support (#586) @CDimonaco * Using custom values in checks executions (#584) @nelsonkopliku * Improve api routes (#573) @nelsonkopliku * Reset check customization (#572) @nelsonkopliku * Set operation as aborted (#562) @arbulu89 * Checks selection (#563) @nelsonkopliku * Add customization auth policy (#566) @nelsonkopliku * Retrieve customizations for a specific execution group (#564) @nelsonkopliku * Enrich catalog operation data (#559) @arbulu89 * Customize check action (#561) @nelsonkopliku * Add check customization capabilities (#556) @nelsonkopliku * Refactor check loading (#560) @nelsonkopliku * Checks customizability detection (#558) @nelsonkopliku * Operations controller (#554) @arbulu89 * Operations timeout (#551) @arbulu89 * Operations registry (#549) @arbulu89 * Extract abilities from token so they can be matched for authorization (#552) @nelsonkopliku * Add customizable key to disable checks customization for certain checks (#550) @EMaksy * Save operations in the database (#547) @arbulu89 * Create and use enum modules (#548) @arbulu89 * Operations orchestration skeleton (#543) @arbulu89 ### Bug Fixes * Add ipv6 bug fix (#607) @EMaksy * Deduplicate execution targets (#605) @nelsonkopliku ### Maintenance * Update CI (#611) @stefanotorresi * Adjust amqp configs (#603) @nelsonkopliku * Bump rust toolchain (#593) @nelsonkopliku * Upgrade github actions runner ubuntu version (#585) @arbulu89 * Move json view tests to correct folder (#553) @arbulu89 * Create and use enum modules (#548) @arbulu89 * Update dockerfiles to use correct elixir/erlang versions (#544) @arbulu89 ### Dependencies <details> <summary>16 changes</summary> * Bump docker/metadata-action from 5.6.1 to 5.7.0 (#583) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump docker/login-action from 3.3.0 to 3.4.0 (#598) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump telemetry_poller from 1.1.0 to 1.2.0 (#601) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump ex_doc from 0.37.1 to 0.38.1 (#610) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump ranch from 2.1.0 to 2.2.0 (#574) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump trento contracts to 0.2.0 (#582) @CDimonaco * Bump ex_doc from 0.37.0 to 0.37.1 (#570) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump ranch from 1.8.0 to 2.1.0 (#565) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump ex_doc from 0.36.1 to 0.37.0 (#567) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump postgrex from 0.19.3 to 0.20.0 (#568) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump phoenix from 1.7.14 to 1.7.18 (#537) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump ecto from 3.12.4 to 3.12.5 (#534) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump dialyxir from 1.4.4 to 1.4.5 (#530) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump postgrex from 0.19.2 to 0.19.3 (#529) @[dependabot[bot]](https://github.com/apps/dependabot) * Update gen_rmq to cdimonaco/gen_rmq version 5 (#555) @CDimonaco * Bump docker/metadata-action from 5.5.1 to 5.6.1 (#531) @[dependabot[bot]](https://github.com/apps/dependabot) </details> **Full Changelog**: https://github.com/trento-project/wanda/compare/1.4.0...1.5.0 Changes in trento-checks: - Release 1.2.0 - Release 1.2.0 # Changelog ## [1.2.0](https://github.com/trento-project/checks/tree/1.2.0) (2025-11-28) [Full Changelog](https://github.com/trento-project/checks/compare/1.1.0...1.2.0) **Implemented enhancements:** - Fix token authentication enabled env variable name [\#52](https://github.com/trento-project/checks/pull/52) ([nelsonkopliku](https://github.com/nelsonkopliku)) **Merged pull requests:** - Revert "Improve checks development experience $\#35$" [\#51](https://github.com/trento-project/checks/pull/51) ([balanza](https://github.com/balanza)) - Second set of checks from backlog of classic perf-opt HANA [\#50](https://github.com/trento-project/checks/pull/50) ([ksanjeet](https://github.com/ksanjeet)) - Fix adoc link [\#45](https://github.com/trento-project/checks/pull/45) ([EMaksy](https://github.com/EMaksy)) - Convert Markdwon to Adoc [\#44](https://github.com/trento-project/checks/pull/44) ([EMaksy](https://github.com/EMaksy)) - Release 1.1.0 ## What's Changed * Add checks checker by @dottorblaster in https://github.com/trento-project/checks/pull/22 * Add hana scenario for hana_scale up cluster type by @EMaksy in https://github.com/trento-project/checks/pull/23 * update license notice by @stefanotorresi in https://github.com/trento-project/checks/pull/24 * bump BCI version to 15.6 by @stefanotorresi in https://github.com/trento-project/checks/pull/25 * Update saptune checks with better remediation links (jsc#TRNT-3432) by @angelabriel in https://github.com/trento-project/checks/pull/26 * Add customziable false key by @EMaksy in https://github.com/trento-project/checks/pull/27 * Refactor customizability flag by @nelsonkopliku in https://github.com/trento-project/checks/pull/30 * Adjust docs by @nelsonkopliku in https://github.com/trento-project/checks/pull/31 * Upgrade github actions runner ubuntu version by @arbulu89 in https://github.com/trento-project/checks/pull/32 * Updated Group, Abstract, Remediation and References by @ksanjeet in https://github.com/trento-project/checks/pull/36 * New Check for HANA_CALL_TIMEOUT Configuration by @ksanjeet in https://github.com/trento-project/checks/pull/28 * new angi related checks 0B2F82 31ADCA E1F2C3 E215A6 E4D1B4 EA12BC EB24D1 by @ksanjeet in https://github.com/trento-project/checks/pull/29 * fixed reference for check 442182 by @ksanjeet in https://github.com/trento-project/checks/pull/37 * Added metadata for cost optimized for existing checks by @ksanjeet in https://github.com/trento-project/checks/pull/38 * Change tlint CLI interface by @janvhs in https://github.com/trento-project/checks/pull/41 * Checks from backlog related to SAPHana and SAPHanaTopology resources by @ksanjeet in https://github.com/trento-project/checks/pull/40 * remove checks-checker workflow by @stefanotorresi in https://github.com/trento-project/checks/pull/42 * Improve checks development experience by @balanza in https://github.com/trento-project/checks/pull/35 * fix broken references by @stefanotorresi in https://github.com/trento-project/checks/pull/43 **Full Changelog**: https://github.com/trento-project/checks/compare/1.0.0...1.1.0 Changes in mcp-server-trento: - Release 1.0.0 ## What's Changed * Bump version 1.0.0 (#83) @nelsonkopliku * Revert release (#82) @nelsonkopliku * bump version 1.0.0 (#80) @nelsonkopliku * Revert release (#78) @nelsonkopliku * bump version 1.0.0 (#77) @nelsonkopliku * fix get_version_from_git.sh (#76) @nelsonkopliku * Revert release (#75) @nelsonkopliku * Release version 1.0.0 (#74) @nelsonkopliku * [TRNT-3946] Improve user documentation (#62) @antgamdia * [TRNT-3946] Add missing INSECURE_SKIP_TLS_VERIFY to default config (#72) @antgamdia * Aligns golang version (#53) @gagandeepb * [TRNT-3854] Add OBS workflows (#41) @antgamdia * [TRNT-3845] Add asciidoc-linter and fix issues (#26) @antgamdia * [TRNT-3850] Remove unused OAuth logic (#21) @antgamdia * Fix for autobuild (#17) @EMaksy * [TRNT-3844] Add initial MCP server code (#7) @antgamdia ### Features * Sync both stable and rolling obs projects (#79) @nelsonkopliku * [TRNT-3946] Replace header name "Authorization" (#69) @antgamdia * [TRTN-3845] Improve handling of paths (#67) @antgamdia * [TRNT-3845] Use autodiscovery of Trento API endpoints (#59) @antgamdia * [TRNT-3854] Rename binaries (#66) @antgamdia * [TRNT-3854] Rename rpm binary to `mcp-server-trento` (#61) @antgamdia * [TRNT-3845] Delete hardcoded API docs (#24) @antgamdia * [TRNT-3854] Add opional health check server (#57) @antgamdia * [TRNT-3854] Delete local helm chart (#51) @antgamdia * [TRNT-3854] Improve config file and include it in packaging (#52) @antgamdia * [TRNT-3845] Support multiple API docs (#54) @antgamdia * [TRNT-3854] Rename pkg in OBS (#45) @antgamdia * [TRNT-3854] Allow passing configuration in multiple ways (#43) @antgamdia * [TRNT-3854] Download OAS file from HTTP (#46) @antgamdia * [TRNT-3853] Redirect library log traces to our logger (#29) @antgamdia * [TRNT-3854] Add initial release workflows (#42) @antgamdia * [TRNT-3854] Prepare CI for more steps (#38) @antgamdia * [TRNT-3853] Use asdf versions in the scripts and CI (#25) @antgamdia * [TRNT-3854] Add packaging folder (#40) @antgamdia * [TRNT-3854] Update dockerfile and makefile (#37) @antgamdia * [TRNT-3850] Use modelcontextprotocol/go-sdk (#16) @antgamdia * [TRNT-3853] Use API-key based authentication (#14) @antgamdia * [TRNT-3850] Add initial unit tests (#10) @antgamdia * [TRNT-3850] Improve existing mcp server logic (#9) @antgamdia * [TRNT-3850] Use the evcc-io/openapi-mcp fork instead (#8) @antgamdia * [TRNT-3844] Add initial MCP server code (#1) @antgamdia ### Bug Fixes * [TRNT-4097] Fix timeouts (#81) @antgamdia * [TRNT-4079] Use custom http client for tool execution (#73) @antgamdia * [TRNT-3853] Use per-mcp-session API tokens (#58) @antgamdia * [TRNT-3853] Increase timeouts (#30) @antgamdia * [TRNT-3853] Fix container push (#34) @antgamdia ### Dependencies <details> <summary>21 changes</summary> * Bump golangci/golangci-lint-action from 8 to 9 (#70) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/checkout from 5 to 6 (#71) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/modelcontextprotocol/go-sdk from 1.0.0 to 1.1.0 (#68) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/download-artifact from 5 to 6 (#65) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/upload-artifact from 4 to 5 (#64) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump apache/skywalking-eyes from 0.7.0 to 0.8.0 (#63) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump stefanzweifel/git-auto-commit-action from 6 to 7 (#60) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/modelcontextprotocol/go-sdk from 0.7.0 to 1.0.0 (#56) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/modelcontextprotocol/go-sdk from 0.6.0 to 0.7.0 (#50) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/evcc-io/openapi-mcp from 0.5.1 to 0.6.0 (#48) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/checkout from 4 to 5 (#44) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/modelcontextprotocol/go-sdk from 0.4.0 to 0.5.0 (#36) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/evcc-io/openapi-mcp from 0.5.0 to 0.5.1 (#33) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/modelcontextprotocol/go-sdk from 0.3.1 to 0.4.0 (#32) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/setup-go from 5 to 6 (#31) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (#20) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/getkin/kin-openapi from 0.132.0 to 0.133.0 (#19) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/mark3labs/mcp-go from 0.37.0 to 0.38.0 (#18) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/checkout from 4 to 5 (#15) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/download-artifact from 4 to 5 (#13) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/mark3labs/mcp-go from 0.36.0 to 0.37.0 (#11) @[dependabot[bot]](https://github.com/apps/dependabot) </details> **Full Changelog**: https://github.com/trento-project/mcp-server/compare/...1.0.0 - Release 1.0.0 ## What's Changed * bump version 1.0.0 (#80) @nelsonkopliku ### Features * Sync both stable and rolling obs projects (#79) @nelsonkopliku **Full Changelog**: https://github.com/trento-project/mcp-server/compare/0.1.0...1.0.0 - Release 0.1.0 ## What's Changed * Revert release (#78) @nelsonkopliku * bump version 1.0.0 (#77) @nelsonkopliku * fix get_version_from_git.sh (#76) @nelsonkopliku * Revert release (#75) @nelsonkopliku * Release version 1.0.0 (#74) @nelsonkopliku * [TRNT-3946] Improve user documentation (#62) @antgamdia * [TRNT-3946] Add missing INSECURE_SKIP_TLS_VERIFY to default config (#72) @antgamdia * Aligns golang version (#53) @gagandeepb * [TRNT-3854] Add OBS workflows (#41) @antgamdia * [TRNT-3845] Add asciidoc-linter and fix issues (#26) @antgamdia * [TRNT-3850] Remove unused OAuth logic (#21) @antgamdia * Fix for autobuild (#17) @EMaksy * [TRNT-3844] Add initial MCP server code (#7) @antgamdia ### Features * [TRNT-3946] Replace header name "Authorization" (#69) @antgamdia * [TRTN-3845] Improve handling of paths (#67) @antgamdia * [TRNT-3845] Use autodiscovery of Trento API endpoints (#59) @antgamdia * [TRNT-3854] Rename binaries (#66) @antgamdia * [TRNT-3854] Rename rpm binary to `mcp-server-trento` (#61) @antgamdia * [TRNT-3845] Delete hardcoded API docs (#24) @antgamdia * [TRNT-3854] Add opional health check server (#57) @antgamdia * [TRNT-3854] Delete local helm chart (#51) @antgamdia * [TRNT-3854] Improve config file and include it in packaging (#52) @antgamdia * [TRNT-3845] Support multiple API docs (#54) @antgamdia * [TRNT-3854] Rename pkg in OBS (#45) @antgamdia * [TRNT-3854] Allow passing configuration in multiple ways (#43) @antgamdia * [TRNT-3854] Download OAS file from HTTP (#46) @antgamdia * [TRNT-3853] Redirect library log traces to our logger (#29) @antgamdia * [TRNT-3854] Add initial release workflows (#42) @antgamdia * [TRNT-3854] Prepare CI for more steps (#38) @antgamdia * [TRNT-3853] Use asdf versions in the scripts and CI (#25) @antgamdia * [TRNT-3854] Add packaging folder (#40) @antgamdia * [TRNT-3854] Update dockerfile and makefile (#37) @antgamdia * [TRNT-3850] Use modelcontextprotocol/go-sdk (#16) @antgamdia * [TRNT-3853] Use API-key based authentication (#14) @antgamdia * [TRNT-3850] Add initial unit tests (#10) @antgamdia * [TRNT-3850] Improve existing mcp server logic (#9) @antgamdia * [TRNT-3850] Use the evcc-io/openapi-mcp fork instead (#8) @antgamdia * [TRNT-3844] Add initial MCP server code (#1) @antgamdia ### Bug Fixes * [TRNT-4079] Use custom http client for tool execution (#73) @antgamdia * [TRNT-3853] Use per-mcp-session API tokens (#58) @antgamdia * [TRNT-3853] Increase timeouts (#30) @antgamdia * [TRNT-3853] Fix container push (#34) @antgamdia ### Dependencies <details> <summary>21 changes</summary> * Bump golangci/golangci-lint-action from 8 to 9 (#70) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/checkout from 5 to 6 (#71) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/modelcontextprotocol/go-sdk from 1.0.0 to 1.1.0 (#68) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/download-artifact from 5 to 6 (#65) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/upload-artifact from 4 to 5 (#64) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump apache/skywalking-eyes from 0.7.0 to 0.8.0 (#63) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump stefanzweifel/git-auto-commit-action from 6 to 7 (#60) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/modelcontextprotocol/go-sdk from 0.7.0 to 1.0.0 (#56) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/modelcontextprotocol/go-sdk from 0.6.0 to 0.7.0 (#50) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/evcc-io/openapi-mcp from 0.5.1 to 0.6.0 (#48) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/checkout from 4 to 5 (#44) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/modelcontextprotocol/go-sdk from 0.4.0 to 0.5.0 (#36) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/evcc-io/openapi-mcp from 0.5.0 to 0.5.1 (#33) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/modelcontextprotocol/go-sdk from 0.3.1 to 0.4.0 (#32) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/setup-go from 5 to 6 (#31) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (#20) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/getkin/kin-openapi from 0.132.0 to 0.133.0 (#19) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/mark3labs/mcp-go from 0.37.0 to 0.38.0 (#18) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/checkout from 4 to 5 (#15) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump actions/download-artifact from 4 to 5 (#13) @[dependabot[bot]](https://github.com/apps/dependabot) * Bump github.com/mark3labs/mcp-go from 0.36.0 to 0.37.0 (#11) @[dependabot[bot]](https://github.com/apps/dependabot) </details> **Full Changelog**: https://github.com/trento-project/mcp-server/compare/...0.1.0 - Release 1.0.0 ## What's Changed * bump version 1.0.0 (#77) @nelsonkopliku * fix get_version_from_git.sh (#76) @nelsonkopliku **Full Changelog**: https://github.com/trento-project/mcp-server/compare/0.1.0...1.0.0 Changes in supportutils-plugin-trento: Release 3.0.0 ## What's Changed * Release version 3.0.0 (#13) @nelsonkopliku **Full Changelog**: https://github.com/trento-project/support/compare/2.5.2...3.0.0 Release 2.5.2 ## What's Changed * fix missing log_cmd function (#10) @stefanotorresi * README remove md and replace with adoc (#9) @EMaksy **Full Changelog**: https://github.com/trento-project/support/compare/2.5.1...2.5.2 - Release 2.5.1 **Full Changelog**: https://github.com/trento-project/support/compare/2.5...2.5.1 trento-web-3.0.0-160000.1.1.aarch64.rpm trento-wanda-2.0.0-160000.1.1.aarch64.rpm trento-checks-1.2.0-160000.1.1.noarch.rpm supportutils-plugin-trento-3.0.0-160000.1.1.noarch.rpm trento-agent-3.0.0-160000.1.1.ppc64le.rpm trento-web-3.0.0-160000.1.1.ppc64le.rpm trento-wanda-2.0.0-160000.1.1.ppc64le.rpm mcp-server-trento-1.0.0-160000.1.1.ppc64le.rpm trento-agent-3.0.0-160000.1.1.s390x.rpm trento-web-3.0.0-160000.1.1.s390x.rpm trento-wanda-2.0.0-160000.1.1.s390x.rpm mcp-server-trento-1.0.0-160000.1.1.s390x.rpm trento-agent-3.0.0-160000.1.1.x86_64.rpm trento-web-3.0.0-160000.1.1.x86_64.rpm trento-wanda-2.0.0-160000.1.1.x86_64.rpm mcp-server-trento-1.0.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-169 Security update for buildah important SUSE SLFO 1.2 This update for buildah fixes the following issues: - CVE-2025-47914: golang.org/x/crypto/ssh/agent: Fixed non validated message size causing a panic due to an out of bounds read (bsc#1254054) - CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253598) - CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1253096) Other fixes: - Updated to version 1.39.5. buildah-1.39.5-160000.1.1.aarch64.rpm buildah-1.39.5-160000.1.1.ppc64le.rpm buildah-1.39.5-160000.1.1.s390x.rpm buildah-1.39.5-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-17 Recommended update for python-kiwi moderate SUSE SLFO 1.2 This update for python-kiwi fixes the following issues: Version 10.2.33. - Run grub mkconfig with os-prober disabled Set GRUB_DISABLE_OS_PROBER=true to the caller environment such that it gets consumed via /etc/grub.d/30_os-prober This Fixes #2883 - Fixed typo in documentation Invalid XML syntax, missing end tag. This Fixes #2882 - References #2474 and #2475 poweroff instead of halt on oem shutdown - Fix rawhide integration test The package shim-ia32 got dropped - Add test for profiled overlays kiwi supports overlay files per profile, but we didn't had a proper integration test for it. This commit adds one - Mount proc when needed Using cp -a might lookup in proc/self/.. under certain conditions. Make sure to mount proc for config/function that might trigger this condition. This Fixes #2876 - Update test-image-custom-partitions test build Fix patch files to match with new dracut module dirs - Update dracut version compat runtime check Update check_dracut_module_versions_compatible_to_kiwi to match with new dracut module dirs which have changed due to recommended dracut module ordering for out-of-tree modules. - Fix dracut Makefile install target module dir names have changed due to recommended dracut module ordering for out-of-tree modules. - Update pacman spec to dract changed module dirs Follow up change for the fix of the recommended dracut module ordering for out-of-tree modules. - Update spec file due to dract changed module dirs Follow up change for the fix of the recommended dracut module ordering for out-of-tree modules. - Follow the recommended dracut module ordering for out-of-tree modules In dracut release v108 or later the recommended ordering for out out of tree modules is 50-59 range. The following is a section from dracut documentation: > Not using the 50-59 range for out of tree dracut modules will likely > lead to unintended errors in the initramfs generation process as your > dracut module will either run too early or too late in the generation process. > You have been warned. - Fix agama integration test Disable no longer existing agama-auto.service - Fixed agama integration test nothing provides agama-auto anymore - Update SLFO integration test Make sure ps tool is installed - Fix exclude list for live image builds When specifying a filesystem attribute for a live image build, the rootfs gets build directly into this filesystem instead of being a squashfs wraped ext4 which is the default layout for compatibility reasons. In this direct filesystem mode the exclude list was not passed along to the filesystem creation and causes unwanted metadata to be part of the final image. This Fixes #2873 - Fix test-image-custom-partitions integration test Same fix as for the Tumbleweed test now also applied to the Leap test. Patching of the new root device did no longer apply - Fix test-image-custom-partitions integration test Patching of the new root device did no longer apply - fix: resize for raid device, ensure vars like kiwi_RaidDev are loaded before setting disk variable - Do not clobber initialize method There was a method named initialize defined and implemented differently in the dracut modules kiwi-lib and kiwi-repart. kiwi-lib is expected to be shared code across all kiwi dracut modules. However if one module redefines a method of the same name which is used in another module and expected to work differently there, this is evil. This commit cleans up the name conflict and names the kiwi library init function as lib_initialize. All dracut code that is expected to make use of this method has been adopted too. - Skip kiwi-repart module in install ISOs In case the kiwi-repart module is explicitly requested in a dracut.conf file and the image is also configured to build an install ISO image this leads the install ISO to contain the kiwi-repart module as well which is unwanted. This commit explicitly omits the kiwi-repart when creating the initrd for the install image - Skip repart when booting install/live iso - Update leap test-image-disk integration test Add test for alternative volume ID in install ISO - Consolidate device lock into its own method Add set_device_lock method which uses udevadm lock preferable but also supports an flock fallback in case there is no lock command provided via systemd/udev - Fix bug in shell condition The shell code test ... || warn A; warn B will always print the warning for B despite the test result. This lead to the warning message "Settings from the kiwi description will be ignored" to be printed always. This commit fixes it with a clean if/then condition - Fix documentation rendering There was an indentation bug which caused the docs to render wrong. This commit fixes it - solver/repository: Handle zstd-compressed metadata files `_create_solvables` assumes metadata files are gzip-compressed, but modern Fedora ones are not, they are zstd-compressed. - uri: If we fail to resolve the metalink URI, log it It's rather useful to know *what* the URI is when something goes wrong, after all. Signed-off-by: Adam Williamson <awilliam@redhat.com> - Fix repartitioning with parted parted does locking itself already. Wrapping it in udevadm lock results in a deadlock, breaking boot. - Update test-image-disk-simple integration test Update slfo/test-image-disk-simple. Add more space for flake testing and add a user to test flakes for non root - Catch potential exceptions from pathlib.Path.mkdir Creating a directory can fail, we should catch this error instead of ending up in a stack trace dracut-kiwi-lib-10.2.33-160000.1.1.aarch64.rpm dracut-kiwi-live-10.2.33-160000.1.1.aarch64.rpm dracut-kiwi-oem-dump-10.2.33-160000.1.1.aarch64.rpm dracut-kiwi-oem-repart-10.2.33-160000.1.1.aarch64.rpm dracut-kiwi-overlay-10.2.33-160000.1.1.aarch64.rpm dracut-kiwi-verity-10.2.33-160000.1.1.aarch64.rpm kiwi-bash-completion-10.2.33-160000.1.1.noarch.rpm kiwi-man-pages-10.2.33-160000.1.1.aarch64.rpm kiwi-systemdeps-10.2.33-160000.1.1.aarch64.rpm kiwi-systemdeps-bootloaders-10.2.33-160000.1.1.aarch64.rpm kiwi-systemdeps-containers-10.2.33-160000.1.1.aarch64.rpm kiwi-systemdeps-containers-wsl-10.2.33-160000.1.1.aarch64.rpm kiwi-systemdeps-core-10.2.33-160000.1.1.aarch64.rpm kiwi-systemdeps-disk-images-10.2.33-160000.1.1.aarch64.rpm kiwi-systemdeps-filesystems-10.2.33-160000.1.1.aarch64.rpm kiwi-systemdeps-image-validation-10.2.33-160000.1.1.aarch64.rpm kiwi-systemdeps-iso-media-10.2.33-160000.1.1.aarch64.rpm python3-kiwi-10.2.33-160000.1.1.aarch64.rpm dracut-kiwi-lib-10.2.33-160000.1.1.ppc64le.rpm dracut-kiwi-live-10.2.33-160000.1.1.ppc64le.rpm dracut-kiwi-oem-dump-10.2.33-160000.1.1.ppc64le.rpm dracut-kiwi-oem-repart-10.2.33-160000.1.1.ppc64le.rpm dracut-kiwi-overlay-10.2.33-160000.1.1.ppc64le.rpm dracut-kiwi-verity-10.2.33-160000.1.1.ppc64le.rpm kiwi-man-pages-10.2.33-160000.1.1.ppc64le.rpm kiwi-systemdeps-10.2.33-160000.1.1.ppc64le.rpm kiwi-systemdeps-bootloaders-10.2.33-160000.1.1.ppc64le.rpm kiwi-systemdeps-containers-10.2.33-160000.1.1.ppc64le.rpm kiwi-systemdeps-containers-wsl-10.2.33-160000.1.1.ppc64le.rpm kiwi-systemdeps-core-10.2.33-160000.1.1.ppc64le.rpm kiwi-systemdeps-disk-images-10.2.33-160000.1.1.ppc64le.rpm kiwi-systemdeps-filesystems-10.2.33-160000.1.1.ppc64le.rpm kiwi-systemdeps-image-validation-10.2.33-160000.1.1.ppc64le.rpm kiwi-systemdeps-iso-media-10.2.33-160000.1.1.ppc64le.rpm python3-kiwi-10.2.33-160000.1.1.ppc64le.rpm dracut-kiwi-lib-10.2.33-160000.1.1.s390x.rpm dracut-kiwi-live-10.2.33-160000.1.1.s390x.rpm dracut-kiwi-oem-dump-10.2.33-160000.1.1.s390x.rpm dracut-kiwi-oem-repart-10.2.33-160000.1.1.s390x.rpm dracut-kiwi-overlay-10.2.33-160000.1.1.s390x.rpm dracut-kiwi-verity-10.2.33-160000.1.1.s390x.rpm kiwi-man-pages-10.2.33-160000.1.1.s390x.rpm kiwi-systemdeps-10.2.33-160000.1.1.s390x.rpm kiwi-systemdeps-bootloaders-10.2.33-160000.1.1.s390x.rpm kiwi-systemdeps-containers-10.2.33-160000.1.1.s390x.rpm kiwi-systemdeps-containers-wsl-10.2.33-160000.1.1.s390x.rpm kiwi-systemdeps-core-10.2.33-160000.1.1.s390x.rpm kiwi-systemdeps-disk-images-10.2.33-160000.1.1.s390x.rpm kiwi-systemdeps-filesystems-10.2.33-160000.1.1.s390x.rpm kiwi-systemdeps-image-validation-10.2.33-160000.1.1.s390x.rpm kiwi-systemdeps-iso-media-10.2.33-160000.1.1.s390x.rpm python3-kiwi-10.2.33-160000.1.1.s390x.rpm dracut-kiwi-lib-10.2.33-160000.1.1.x86_64.rpm dracut-kiwi-live-10.2.33-160000.1.1.x86_64.rpm dracut-kiwi-oem-dump-10.2.33-160000.1.1.x86_64.rpm dracut-kiwi-oem-repart-10.2.33-160000.1.1.x86_64.rpm dracut-kiwi-overlay-10.2.33-160000.1.1.x86_64.rpm dracut-kiwi-verity-10.2.33-160000.1.1.x86_64.rpm kiwi-man-pages-10.2.33-160000.1.1.x86_64.rpm kiwi-pxeboot-10.2.33-160000.1.1.x86_64.rpm kiwi-systemdeps-10.2.33-160000.1.1.x86_64.rpm kiwi-systemdeps-bootloaders-10.2.33-160000.1.1.x86_64.rpm kiwi-systemdeps-containers-10.2.33-160000.1.1.x86_64.rpm kiwi-systemdeps-containers-wsl-10.2.33-160000.1.1.x86_64.rpm kiwi-systemdeps-core-10.2.33-160000.1.1.x86_64.rpm kiwi-systemdeps-disk-images-10.2.33-160000.1.1.x86_64.rpm kiwi-systemdeps-filesystems-10.2.33-160000.1.1.x86_64.rpm kiwi-systemdeps-image-validation-10.2.33-160000.1.1.x86_64.rpm kiwi-systemdeps-iso-media-10.2.33-160000.1.1.x86_64.rpm python3-kiwi-10.2.33-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-170 Security update for python313 moderate SUSE SLFO 1.2 This update for python313 fixes the following issues: - Update to 3.13.11: - Security - CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997) - CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400) - CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401) - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory (EOCD) not checked by the 'zipfile' module (bsc#1251305) - gh-137836: Add support of the “plaintext” element, RAWTEXT elements “xmp”, “iframe”, “noembed” and “noframes”, and optionally RAWTEXT element “noscript” in html.parser.HTMLParser. - gh-136063: email.message: ensure linear complexity for legacy HTTP parameters parsing. Patch by Bénédikt Tran. - CVE-2025-6075: Fixed performance issues caused by user-controller os.path.expandvars() (bsc#1252974) - Library - gh-140797: Revert changes to the undocumented re.Scanner class. Capturing groups are still allowed for backward compatibility, although using them can lead to incorrect result. They will be forbidden in future Python versions. - gh-142206: The resource tracker in the multiprocessing module now uses the original communication protocol, as in Python 3.14.0 and below, by default. This avoids issues with upgrading Python while it is running. (Note that such ‘in-place’ upgrades are not tested.) The tracker remains compatible with subprocesses that use new protocol (that is, subprocesses using Python 3.13.10, 3.14.1 and 3.15). - Core and Builtins - gh-142218: Fix crash when inserting into a split table dictionary with a non str key that matches an existing key. - Update to 3.13.10: - Tools/Demos - gh-141442: The iOS testbed now correctly handles test arguments that contain spaces. - Tests - gh-140482: Preserve and restore the state of stty echo as part of the test environment. - gh-140082: Update python -m test to set FORCE_COLOR=1 when being run with color enabled so that unittest which is run by it with redirected output will output in color. - gh-136442: Use exitcode 1 instead of 5 if unittest.TestCase.setUpClass() raises an exception - Library - gh-74389: When the stdin being used by a subprocess.Popen instance is closed, this is now ignored in subprocess.Popen.communicate() instead of leaving the class in an inconsistent state. - gh-87512: Fix subprocess.Popen.communicate() timeout handling on Windows when writing large input. Previously, the timeout was ignored during stdin writing, causing the method to block indefinitely if the child process did not consume input quickly. The stdin write is now performed in a background thread, allowing the timeout to be properly enforced. - gh-141473: When subprocess.Popen.communicate() was called with input and a timeout and is called for a second time after a TimeoutExpired exception before the process has died, it should no longer hang. - gh-59000: Fix pdb breakpoint resolution for class methods when the module defining the class is not imported. - gh-141570: Support file-like object raising OSError from fileno() in color detection (_colorize.can_colorize()). This can occur when sys.stdout is redirected. - gh-141659: Fix bad file descriptor errors from _posixsubprocess on AIX. - gh-141497: ipaddress: ensure that the methods IPv4Network.hosts() and IPv6Network.hosts() always return an iterator. - gh-140938: The statistics.stdev() and statistics.pstdev() functions now raise a ValueError when the input contains an infinity or a NaN. - gh-124111: Updated Tcl threading configuration in _tkinter to assume that threads are always available in Tcl 9 and later. - gh-137109: The os.fork and related forking APIs will no longer warn in the common case where Linux or macOS platform APIs return the number of threads in a process and find the answer to be 1 even when a os.register_at_fork() after_in_parent= callback (re)starts a thread. - gh-141314: Fix assertion failure in io.TextIOWrapper.tell() when reading files with standalone carriage return (\r) line endings. - gh-141311: Fix assertion failure in io.BytesIO.readinto() and undefined behavior arising when read position is above capcity in io.BytesIO. - gh-141141: Fix a thread safety issue with base64.b85decode(). Contributed by Benel Tayar. - gh-140911: collections: Ensure that the methods UserString.rindex() and UserString.index() accept collections.UserString instances as the sub argument. - gh-140797: The undocumented re.Scanner class now forbids regular expressions containing capturing groups in its lexicon patterns. Patterns using capturing groups could previously lead to crashes with segmentation fault. Use non-capturing groups (?:…) instead. - gh-140815: faulthandler now detects if a frame or a code object is invalid or freed. Patch by Victor Stinner. - gh-100218: Correctly set errno when socket.if_nametoindex() or socket.if_indextoname() raise an OSError. Patch by Bénédikt Tran. - gh-140875: Fix handling of unclosed character references (named and numerical) followed by the end of file in html.parser.HTMLParser with convert_charrefs=False. - gh-140734: multiprocessing: fix off-by-one error when checking the length of a temporary socket file path. Patch by Bénédikt Tran. - gh-140874: Bump the version of pip bundled in ensurepip to version 25.3 - gh-140691: In urllib.request, when opening a FTP URL fails because a data connection cannot be made, the control connection’s socket is now closed to avoid a ResourceWarning. - gh-103847: Fix hang when cancelling process created by asyncio.create_subprocess_exec() or asyncio.create_subprocess_shell(). Patch by Kumar Aditya. - gh-140590: Fix arguments checking for the functools.partial.__setstate__() that may lead to internal state corruption and crash. Patch by Sergey Miryanov. - gh-140634: Fix a reference counting bug in os.sched_param.__reduce__(). - gh-140633: Ignore AttributeError when setting a module’s __file__ attribute when loading an extension module packaged as Apple Framework. - gh-140593: xml.parsers.expat: Fix a memory leak that could affect users with ElementDeclHandler() set to a custom element declaration handler. Patch by Sebastian Pipping. - gh-140607: Inside io.RawIOBase.read(), validate that the count of bytes returned by io.RawIOBase.readinto() is valid (inside the provided buffer). - gh-138162: Fix logging.LoggerAdapter with merge_extra=True and without the extra argument. - gh-140474: Fix memory leak in array.array when creating arrays from an empty str and the u type code. - gh-140272: Fix memory leak in the clear() method of the dbm.gnu database. - gh-140041: Fix import of ctypes on Android and Cygwin when ABI flags are present. - gh-139905: Add suggestion to error message for typing.Generic subclasses when cls.__parameters__ is missing due to a parent class failing to call super().__init_subclass__() in its __init_subclass__. - gh-139845: Fix to not print KeyboardInterrupt twice in default asyncio REPL. - gh-139783: Fix inspect.getsourcelines() for the case when a decorator is followed by a comment or an empty line. - gh-70765: http.server: fix default handling of HTTP/0.9 requests in BaseHTTPRequestHandler. Previously, BaseHTTPRequestHandler.parse_request() incorrectly waited for headers in the request although those are not supported in HTTP/0.9. Patch by Bénédikt Tran. - gh-139391: Fix an issue when, on non-Windows platforms, it was not possible to gracefully exit a python -m asyncio process suspended by Ctrl+Z and later resumed by fg other than with kill. - gh-101828: Fix 'shift_jisx0213', 'shift_jis_2004', 'euc_jisx0213' and 'euc_jis_2004' codecs truncating null chars as they were treated as part of multi-character sequences. - gh-139246: fix: paste zero-width in default repl width is wrong. - gh-90949: Add SetAllocTrackerActivationThreshold() and SetAllocTrackerMaximumAmplification() to xmlparser objects to prevent use of disproportional amounts of dynamic memory from within an Expat parser. Patch by Bénédikt Tran. - gh-139065: Fix trailing space before a wrapped long word if the line length is exactly width in textwrap. - gh-138993: Dedent credits text. - gh-138859: Fix generic type parameterization raising a TypeError when omitting a ParamSpec that has a default which is not a list of types. - gh-138775: Use of python -m with base64 has been fixed to detect input from a terminal so that it properly notices EOF. - gh-98896: Fix a failure in multiprocessing resource_tracker when SharedMemory names contain colons. Patch by Rani Pinchuk. - gh-75989: tarfile.TarFile.extractall() and tarfile.TarFile.extract() now overwrite symlinks when extracting hardlinks. (Contributed by Alexander Enrique Urieles Nieto in gh-75989.) - gh-83424: Allows creating a ctypes.CDLL without name when passing a handle as an argument. - gh-136234: Fix asyncio.WriteTransport.writelines() to be robust to connection failure, by using the same behavior as write(). - gh-136057: Fixed the bug in pdb and bdb where next and step can’t go over the line if a loop exists in the line. - gh-135307: email: Fix exception in set_content() when encoding text and max_line_length is set to 0 or None (unlimited). - gh-134453: Fixed subprocess.Popen.communicate() input= handling of memoryview instances that were non-byte shaped on POSIX platforms. Those are now properly cast to a byte shaped view instead of truncating the input. Windows platforms did not have this bug. - gh-102431: Clarify constraints for “logical” arguments in methods of decimal.Context. - IDLE - gh-96491: Deduplicate version number in IDLE shell title bar after saving to a file. - Documentation - gh-141994: xml.sax.handler: Make Documentation of xml.sax.handler.feature_external_ges warn of opening up to external entity attacks. Patch by Sebastian Pipping. - gh-140578: Remove outdated sencence in the documentation for multiprocessing, that implied that concurrent.futures.ThreadPoolExecutor did not exist. - Core and Builtins - gh-142048: Fix quadratically increasing garbage collection delays in free-threaded build. - gh-141930: When importing a module, use Python’s regular file object to ensure that writes to .pyc files are complete or an appropriate error is raised. - gh-120158: Fix inconsistent state when enabling or disabling monitoring events too many times. - gh-141579: Fix sys.activate_stack_trampoline() to properly support the perf_jit backend. Patch by Pablo Galindo. - gh-141312: Fix the assertion failure in the __setstate__ method of the range iterator when a non-integer argument is passed. Patch by Sergey Miryanov. - gh-140939: Fix memory leak when bytearray or bytes is formated with the %*b format with a large width that results in %a MemoryError. - gh-140530: Fix a reference leak when raise exc from cause fails. Patch by Bénédikt Tran. - gh-140576: Fixed crash in tokenize.generate_tokens() in case of specific incorrect input. Patch by Mikhail Efimov. - gh-140551: Fixed crash in dict if dict.clear() is called at the lookup stage. Patch by Mikhail Efimov and Inada Naoki. - gh-140471: Fix potential buffer overflow in ast.AST node initialization when encountering malformed _fields containing non-str. - gh-140406: Fix memory leak when an object’s __hash__() method returns an object that isn’t an int. - gh-140306: Fix memory leaks in cross-interpreter channel operations and shared namespace handling. - gh-140301: Fix memory leak of PyConfig in subinterpreters. - gh-140000: Fix potential memory leak when a reference cycle exists between an instance of typing.TypeAliasType, typing.TypeVar, typing.ParamSpec, or typing.TypeVarTuple and its __name__ attribute. Patch by Mikhail Efimov. - gh-139748: Fix reference leaks in error branches of functions accepting path strings or bytes such as compile() and os.system(). Patch by Bénédikt Tran. - gh-139516: Fix lambda colon erroneously start format spec in f-string in tokenizer. - gh-139640: Fix swallowing some syntax warnings in different modules if they accidentally have the same message and are emitted from the same line. Fix duplicated warnings in the finally block. - gh-137400: Fix a crash in the free threading build when disabling profiling or tracing across all threads with PyEval_SetProfileAllThreads() or PyEval_SetTraceAllThreads() or their Python equivalents threading.settrace_all_threads() and threading.setprofile_all_threads(). - gh-133400: Fixed Ctrl+D (^D) behavior in _pyrepl module to match old pre-3.13 REPL behavior. - C API - gh-140042: Removed the sqlite3_shutdown call that could cause closing connections for sqlite when used with multiple sub interpreters. - gh-140487: Fix Py_RETURN_NOTIMPLEMENTED in limited C API 3.11 and older: don’t treat Py_NotImplemented as immortal. Patch by Victor Stinner. - Update to 3.13.9: - Library - gh-139783: Fix inspect.getsourcelines() for the case when a decorator is followed by a comment or an empty line. - Update to 3.13.8: - Tools/Demos - gh-139330: SBOM generation tool didn’t cross-check the version and checksum values against the Modules/expat/refresh.sh script, leading to the values becoming out-of-date during routine updates. - gh-137873: The iOS test runner has been simplified, resolving some issues that have been observed using the runner in GitHub Actions and Azure Pipelines test environments. - Tests - gh-139208: Fix regrtest --fast-ci --verbose: don’t ignore the --verbose option anymore. Patch by Victor Stinner. - Security - gh-139400: xml.parsers.expat: Make sure that parent Expat parsers are only garbage-collected once they are no longer referenced by subparsers created by ExternalEntityParserCreate(). Patch by Sebastian Pipping. - gh-139283: sqlite3: correctly handle maximum number of rows to fetch in Cursor.fetchmany and reject negative values for Cursor.arraysize. Patch by Bénédikt Tran. - gh-135661: Fix CDATA section parsing in html.parser.HTMLParser according to the HTML5 standard: ] ]> and ]] > no longer end the CDATA section. Add private method _set_support_cdata() which can be used to specify how to parse <[CDATA[ — as a CDATA section in foreign content (SVG or MathML) or as a bogus comment in the HTML namespace. - Library - gh-139312: Upgrade bundled libexpat to 2.7.3 - gh-139289: Do a real lazy-import on rlcompleter in pdb and restore the existing completer after importing rlcompleter. - gh-139210: Fix use-after-free when reporting unknown event in xml.etree.ElementTree.iterparse(). Patch by Ken Jin. - gh-138860: Lazy import rlcompleter in pdb to avoid deadlock in subprocess. - gh-112729: Fix crash when calling _interpreters.create when the process is out of memory. - gh-139076: Fix a bug in the pydoc module that was hiding functions in a Python module if they were implemented in an extension module and the module did not have __all__. - gh-138998: Update bundled libexpat to 2.7.2 - gh-130567: Fix possible crash in locale.strxfrm() due to a platform bug on macOS. - gh-138779: Support device numbers larger than 2**63-1 for the st_rdev field of the os.stat_result structure. - gh-128636: Fix crash in PyREPL when os.environ is overwritten with an invalid value for mac - gh-88375: Fix normalization of the robots.txt rules and URLs in the urllib.robotparser module. No longer ignore trailing ?. Distinguish raw special characters ?, = and & from the percent-encoded ones. - gh-138515: email is added to Emscripten build. - gh-111788: Fix parsing errors in the urllib.robotparser module. Don’t fail trying to parse weird paths. Don’t fail trying to decode non-UTF-8 robots.txt files. - gh-138432: zoneinfo.reset_tzpath() will now convert any os.PathLike objects it receives into strings before adding them to TZPATH. It will raise TypeError if anything other than a string is found after this conversion. If given an os.PathLike object that represents a relative path, it will now raise ValueError instead of TypeError, and present a more informative error message. - gh-138008: Fix segmentation faults in the ctypes module due to invalid argtypes. Patch by Dung Nguyen. - gh-60462: Fix locale.strxfrm() on Solaris (and possibly other platforms). - gh-138204: Forbid expansion of shared anonymous memory maps on Linux, which caused a bus error. - gh-138010: Fix an issue where defining a class with a @warnings.deprecated-decorated base class may not invoke the correct __init_subclass__() method in cases involving multiple inheritance. Patch by Brian Schubert. - gh-138133: Prevent infinite traceback loop when sending CTRL^C to Python through strace. - gh-134869: Fix an issue where pressing Ctrl+C during tab completion in the REPL would leave the autocompletion menu in a corrupted state. - gh-137317: inspect.signature() now correctly handles classes that use a descriptor on a wrapped __init__() or __new__() method. Contributed by Yongyu Yan. - gh-137754: Fix import of the zoneinfo module if the C implementation of the datetime module is not available. - gh-137490: Handle ECANCELED in the same way as EINTR in signal.sigwaitinfo() on NetBSD. - gh-137477: Fix inspect.getblock(), inspect.getsourcelines() and inspect.getsource() for generator expressions. - gh-137017: Fix threading.Thread.is_alive to remain True until the underlying OS thread is fully cleaned up. This avoids false negatives in edge cases involving thread monitoring or premature threading.Thread.is_alive calls. - gh-136134: SMTP.auth_cram_md5() now raises an SMTPException instead of a ValueError if Python has been built without MD5 support. In particular, SMTP clients will not attempt to use this method even if the remote server is assumed to support it. Patch by Bénédikt Tran. - gh-136134: IMAP4.login_cram_md5 now raises an IMAP4.error if CRAM-MD5 authentication is not supported. Patch by Bénédikt Tran. - gh-135386: Fix opening a dbm.sqlite3 database for reading from read-only file or directory. - gh-126631: Fix multiprocessing forkserver bug which prevented __main__ from being preloaded. - gh-123085: In a bare call to importlib.resources.files(), ensure the caller’s frame is properly detected when importlib.resources is itself available as a compiled module only (no source). - gh-118981: Fix potential hang in multiprocessing.popen_spawn_posix that can happen when the child proc dies early by closing the child fds right away. - gh-78319: UTF8 support for the IMAP APPEND command has been made RFC compliant. - bpo-38735: Fix failure when importing a module from the root directory on unix-like platforms with sys.pycache_prefix set. - bpo-41839: Allow negative priority values from os.sched_get_priority_min() and os.sched_get_priority_max() functions. - Core and Builtins - gh-134466: Don’t run PyREPL in a degraded environment where setting termios attributes is not allowed. - gh-71810: Raise OverflowError for (-1).to_bytes() for signed conversions when bytes count is zero. Patch by Sergey B Kirpichev. - gh-105487: Remove non-existent __copy__(), __deepcopy__(), and __bases__ from the __dir__() entries of types.GenericAlias. - gh-134163: Fix a hang when the process is out of memory inside an exception handler. - gh-138479: Fix a crash when a generic object’s __typing_subst__ returns an object that isn’t a tuple. - gh-137576: Fix for incorrect source code being shown in tracebacks from the Basic REPL when PYTHONSTARTUP is given. Patch by Adam Hartz. - gh-132744: Certain calls now check for runaway recursion and respect the system recursion limit. - C API - gh-87135: Attempting to acquire the GIL after runtime finalization has begun in a different thread now causes the thread to hang rather than terminate, which avoids potential crashes or memory corruption caused by attempting to terminate a thread that is running code not specifically designed to support termination. In most cases this hanging is harmless since the process will soon exit anyway. While not officially marked deprecated until 3.14, PyThread_exit_thread is no longer called internally and remains solely for interface compatibility. Its behavior is inconsistent across platforms, and it can only be used safely in the unlikely case that every function in the entire call stack has been designed to support the platform-dependent termination mechanism. It is recommended that users of this function change their design to not require thread termination. In the unlikely case that thread termination is needed and can be done safely, users may migrate to calling platform-specific APIs such as pthread_exit (POSIX) or _endthreadex (Windows) directly. - Build - gh-135734: Python can correctly be configured and built with ./configure --enable-optimizations --disable-test-modules. Previously, the profile data generation step failed due to PGO tests where immortalization couldn’t be properly suppressed. - Update to 3.13.7: - gh-137583: Fix a deadlock introduced in 3.13.6 when a call to ssl.SSLSocket.recv was blocked in one thread, and then another method on the object (such as ssl.SSLSocket.send) was subsequently called in another thread. - gh-137044: Return large limit values as positive integers instead of negative integers in resource.getrlimit(). Accept large values and reject negative values (except RLIM_INFINITY) for limits in resource.setrlimit(). - gh-136914: Fix retrieval of doctest.DocTest.lineno for objects decorated with functools.cache() or functools.cached_property. - gh-131788: Make ResourceTracker.send from multiprocessing re-entrant safe - gh-136155: We are now checking for fatal errors in EPUB builds in CI. - gh-137400: Fix a crash in the free threading build when disabling profiling or tracing across all threads with PyEval_SetProfileAllThreads() or PyEval_SetTraceAllThreads() or their Python equivalents threading.settrace_all_threads() and threading.setprofile_all_threads(). - Update to 3.13.6: - Security - gh-135661: Fix parsing start and end tags in html.parser.HTMLParser according to the HTML5 standard. - gh-102555: Fix comment parsing in html.parser.HTMLParser according to the HTML5 standard. - CVE-2025-6069: Fix quadratic complexity in processing specially crafted input in html.parser.HTMLParser. End-of-file errors are now handled according to the HTML5 specs – comments and declarations are automatically closed, tags are ignored (gh-135462, bsc#1244705). - CVE-2025-8194: tarfile now validates archives to ensure member offsets are non-negative. (gh-130577, bsc#1247249). - gh-118350: Fix support of escapable raw text mode (elements “textarea” and “title”) in html.parser.HTMLParser. - Core and Builtins - gh-58124: Fix name of the Python encoding in Unicode errors of the code page codec: use “cp65000” and “cp65001” instead of “CP_UTF7” and “CP_UTF8” which are not valid Python code names. Patch by Victor Stinner. - gh-137314: Fixed a regression where raw f-strings incorrectly interpreted escape sequences in format specifications. Raw f-strings now properly preserve literal backslashes in format specs, matching the behavior from Python 3.11. For example, rf"{obj:\xFF}" now correctly produces '\\xFF' instead of 'ÿ'. Patch by Pablo Galindo. - gh-136541: Fix some issues with the perf trampolines on x86-64 and aarch64. The trampolines were not being generated correctly for some cases, which could lead to the perf integration not working correctly. Patch by Pablo Galindo. - gh-109700: Fix memory error handling in PyDict_SetDefault(). - gh-78465: Fix error message for cls.__new__(cls, ...) where cls is not instantiable builtin or extension type (with tp_new set to NULL). - gh-135871: Non-blocking mutex lock attempts now return immediately when the lock is busy instead of briefly spinning in the free threading build. - gh-135607: Fix potential weakref races in an object’s destructor on the free threaded build. - gh-135496: Fix typo in the f-string conversion type error (“exclamanation” -> “exclamation”). - gh-130077: Properly raise custom syntax errors when incorrect syntax containing names that are prefixes of soft keywords is encountered. Patch by Pablo Galindo. - gh-135148: Fixed a bug where f-string debug expressions (using =) would incorrectly strip out parts of strings containing escaped quotes and # characters. Patch by Pablo Galindo. - gh-133136: Limit excess memory usage in the free threading build when a large dictionary or list is resized and accessed by multiple threads. - gh-132617: Fix dict.update() modification check that could incorrectly raise a “dict mutated during update” error when a different dictionary was modified that happens to share the same underlying keys object. - gh-91153: Fix a crash when a bytearray is concurrently mutated during item assignment. - gh-127971: Fix off-by-one read beyond the end of a string in string search. - gh-125723: Fix crash with gi_frame.f_locals when generator frames outlive their generator. Patch by Mikhail Efimov. - Library - gh-132710: If possible, ensure that uuid.getnode() returns the same result even across different processes. Previously, the result was constant only within the same process. Patch by Bénédikt Tran. - gh-137273: Fix debug assertion failure in locale.setlocale() on Windows. - gh-137257: Bump the version of pip bundled in ensurepip to version 25.2 - gh-81325: tarfile.TarFile now accepts a path-like when working on a tar archive. (Contributed by Alexander Enrique Urieles Nieto in gh-81325.) - gh-130522: Fix unraisable TypeError raised during interpreter shutdown in the threading module. - gh-136549: Fix signature of threading.excepthook(). - gh-136523: Fix wave.Wave_write emitting an unraisable when open raises. - gh-52876: Add missing keepends (default True) parameter to codecs.StreamReaderWriter.readline() and codecs.StreamReaderWriter.readlines(). - gh-85702: If zoneinfo._common.load_tzdata is given a package without a resource a zoneinfo.ZoneInfoNotFoundError is raised rather than a PermissionError. Patch by Victor Stinner. - gh-134759: Fix UnboundLocalError in email.message.Message.get_payload() when the payload to decode is a bytes object. Patch by Kliment Lamonov. - gh-136028: Fix parsing month names containing “İ” (U+0130, LATIN CAPITAL LETTER I WITH DOT ABOVE) in time.strptime(). This affects locales az_AZ, ber_DZ, ber_MA and crh_UA. - gh-135995: In the palmos encoding, make byte 0x9b decode to › (U+203A - SINGLE RIGHT-POINTING ANGLE QUOTATION MARK). - gh-53203: Fix time.strptime() for %c and %x formats on locales byn_ER, wal_ET and lzh_TW, and for %X format on locales ar_SA, bg_BG and lzh_TW. - gh-91555: An earlier change, which was introduced in 3.13.4, has been reverted. It disabled logging for a logger during handling of log messages for that logger. Since the reversion, the behaviour should be as it was before 3.13.4. - gh-135878: Fixes a crash of types.SimpleNamespace on free threading builds, when several threads were calling its __repr__() method at the same time. - gh-135836: Fix IndexError in asyncio.loop.create_connection() that could occur when non-OSError exception is raised during connection and socket’s close() raises OSError. - gh-135836: Fix IndexError in asyncio.loop.create_connection() that could occur when the Happy Eyeballs algorithm resulted in an empty exceptions list during connection attempts. - gh-135855: Raise TypeError instead of SystemError when _interpreters.set___main___attrs() is passed a non-dict object. Patch by Brian Schubert. - gh-135815: netrc: skip security checks if os.getuid() is missing. Patch by Bénédikt Tran. - gh-135640: Address bug where it was possible to call xml.etree.ElementTree.ElementTree.write() on an ElementTree object with an invalid root element. This behavior blanked the file passed to write if it already existed. - gh-135444: Fix asyncio.DatagramTransport.sendto() to account for datagram header size when data cannot be sent. - gh-135497: Fix os.getlogin() failing for longer usernames on BSD-based platforms. - gh-135487: Fix reprlib.Repr.repr_int() when given integers with more than sys.get_int_max_str_digits() digits. Patch by Bénédikt Tran. - gh-135335: multiprocessing: Flush stdout and stderr after preloading modules in the forkserver. - gh-135244: uuid: when the MAC address cannot be determined, the 48-bit node ID is now generated with a cryptographically-secure pseudo-random number generator (CSPRNG) as per RFC 9562, §6.10.3. This affects uuid1(). - gh-135069: Fix the “Invalid error handling” exception in encodings.idna.IncrementalDecoder to correctly replace the ‘errors’ parameter. - gh-134698: Fix a crash when calling methods of ssl.SSLContext or ssl.SSLSocket across multiple threads. - gh-132124: On POSIX-compliant systems, multiprocessing.util.get_temp_dir() now ignores TMPDIR (and similar environment variables) if the path length of AF_UNIX socket files exceeds the platform-specific maximum length when using the forkserver start method. Patch by Bénédikt Tran. - gh-133439: Fix dot commands with trailing spaces are mistaken for multi-line SQL statements in the sqlite3 command-line interface. - gh-132969: Prevent the ProcessPoolExecutor executor thread, which remains running when shutdown(wait=False), from attempting to adjust the pool’s worker processes after the object state has already been reset during shutdown. A combination of conditions, including a worker process having terminated abormally, resulted in an exception and a potential hang when the still-running executor thread attempted to replace dead workers within the pool. - gh-130664: Support the '_' digit separator in formatting of the integral part of Decimal’s. Patch by Sergey B Kirpichev. - gh-85702: If zoneinfo._common.load_tzdata is given a package without a resource a ZoneInfoNotFoundError is raised rather than a IsADirectoryError. - gh-130664: Handle corner-case for Fraction’s formatting: treat zero-padding (preceding the width field by a zero ('0') character) as an equivalent to a fill character of '0' with an alignment type of '=', just as in case of float’s. - Tools/Demos - gh-135968: Stubs for strip are now provided as part of an iOS install. - Tests - gh-135966: The iOS testbed now handles the app_packages folder as a site directory. - gh-135494: Fix regrtest to support excluding tests from --pgo tests. Patch by Victor Stinner. - gh-135489: Show verbose output for failing tests during PGO profiling step with –enable-optimizations. - Documentation - gh-135171: Document that the iterator for the leftmost for clause in the generator expression is created immediately. - Build - gh-135497: Fix the detection of MAXLOGNAME in the configure.ac script. python313-3.13.11-160000.1.1.aarch64.rpm python313-curses-3.13.11-160000.1.1.aarch64.rpm python313-dbm-3.13.11-160000.1.1.aarch64.rpm python313-idle-3.13.11-160000.1.1.aarch64.rpm python313-tk-3.13.11-160000.1.1.aarch64.rpm libpython3_13-1_0-3.13.11-160000.1.1.aarch64.rpm python313-base-3.13.11-160000.1.1.aarch64.rpm python313-devel-3.13.11-160000.1.1.aarch64.rpm python313-testsuite-3.13.11-160000.1.1.aarch64.rpm python313-tools-3.13.11-160000.1.1.aarch64.rpm python313-doc-3.13.11-160000.1.1.aarch64.rpm python313-doc-devhelp-3.13.11-160000.1.1.aarch64.rpm python313-3.13.11-160000.1.1.ppc64le.rpm python313-curses-3.13.11-160000.1.1.ppc64le.rpm python313-dbm-3.13.11-160000.1.1.ppc64le.rpm python313-idle-3.13.11-160000.1.1.ppc64le.rpm python313-tk-3.13.11-160000.1.1.ppc64le.rpm libpython3_13-1_0-3.13.11-160000.1.1.ppc64le.rpm python313-base-3.13.11-160000.1.1.ppc64le.rpm python313-devel-3.13.11-160000.1.1.ppc64le.rpm python313-testsuite-3.13.11-160000.1.1.ppc64le.rpm python313-tools-3.13.11-160000.1.1.ppc64le.rpm python313-doc-3.13.11-160000.1.1.ppc64le.rpm python313-doc-devhelp-3.13.11-160000.1.1.ppc64le.rpm python313-nogil-3.13.11-160000.1.1.ppc64le.rpm python313-nogil-curses-3.13.11-160000.1.1.ppc64le.rpm python313-nogil-dbm-3.13.11-160000.1.1.ppc64le.rpm python313-nogil-idle-3.13.11-160000.1.1.ppc64le.rpm python313-nogil-tk-3.13.11-160000.1.1.ppc64le.rpm libpython3_13t1_0-3.13.11-160000.1.1.ppc64le.rpm python313-nogil-base-3.13.11-160000.1.1.ppc64le.rpm python313-nogil-devel-3.13.11-160000.1.1.ppc64le.rpm python313-nogil-testsuite-3.13.11-160000.1.1.ppc64le.rpm python313-nogil-tools-3.13.11-160000.1.1.ppc64le.rpm python313-3.13.11-160000.1.1.s390x.rpm python313-curses-3.13.11-160000.1.1.s390x.rpm python313-dbm-3.13.11-160000.1.1.s390x.rpm python313-idle-3.13.11-160000.1.1.s390x.rpm python313-tk-3.13.11-160000.1.1.s390x.rpm libpython3_13-1_0-3.13.11-160000.1.1.s390x.rpm python313-base-3.13.11-160000.1.1.s390x.rpm python313-devel-3.13.11-160000.1.1.s390x.rpm python313-testsuite-3.13.11-160000.1.1.s390x.rpm python313-tools-3.13.11-160000.1.1.s390x.rpm python313-doc-3.13.11-160000.1.1.s390x.rpm python313-doc-devhelp-3.13.11-160000.1.1.s390x.rpm python313-nogil-3.13.11-160000.1.1.s390x.rpm python313-nogil-curses-3.13.11-160000.1.1.s390x.rpm python313-nogil-dbm-3.13.11-160000.1.1.s390x.rpm python313-nogil-idle-3.13.11-160000.1.1.s390x.rpm python313-nogil-tk-3.13.11-160000.1.1.s390x.rpm libpython3_13t1_0-3.13.11-160000.1.1.s390x.rpm python313-nogil-base-3.13.11-160000.1.1.s390x.rpm python313-nogil-devel-3.13.11-160000.1.1.s390x.rpm python313-nogil-testsuite-3.13.11-160000.1.1.s390x.rpm python313-nogil-tools-3.13.11-160000.1.1.s390x.rpm python313-3.13.11-160000.1.1.x86_64.rpm python313-curses-3.13.11-160000.1.1.x86_64.rpm python313-dbm-3.13.11-160000.1.1.x86_64.rpm python313-idle-3.13.11-160000.1.1.x86_64.rpm python313-tk-3.13.11-160000.1.1.x86_64.rpm python313-x86-64-v3-3.13.11-160000.1.1.x86_64.rpm libpython3_13-1_0-3.13.11-160000.1.1.x86_64.rpm libpython3_13-1_0-x86-64-v3-3.13.11-160000.1.1.x86_64.rpm python313-base-3.13.11-160000.1.1.x86_64.rpm python313-base-x86-64-v3-3.13.11-160000.1.1.x86_64.rpm python313-devel-3.13.11-160000.1.1.x86_64.rpm python313-testsuite-3.13.11-160000.1.1.x86_64.rpm python313-tools-3.13.11-160000.1.1.x86_64.rpm python313-doc-3.13.11-160000.1.1.x86_64.rpm python313-doc-devhelp-3.13.11-160000.1.1.x86_64.rpm python313-nogil-3.13.11-160000.1.1.x86_64.rpm python313-nogil-curses-3.13.11-160000.1.1.x86_64.rpm python313-nogil-dbm-3.13.11-160000.1.1.x86_64.rpm python313-nogil-idle-3.13.11-160000.1.1.x86_64.rpm python313-nogil-tk-3.13.11-160000.1.1.x86_64.rpm libpython3_13t1_0-3.13.11-160000.1.1.x86_64.rpm python313-nogil-base-3.13.11-160000.1.1.x86_64.rpm python313-nogil-devel-3.13.11-160000.1.1.x86_64.rpm python313-nogil-testsuite-3.13.11-160000.1.1.x86_64.rpm python313-nogil-tools-3.13.11-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-171 Security update for rabbitmq-server moderate SUSE SLFO 1.2 This update for rabbitmq-server fixes the following issues: Changes in rabbitmq-server: Update to 4.1.5: * Highlights - Khepri, an alternative schema data store developed to replace Mnesia, has matured and is now fully supported (it previously was an experimental feature) - AMQP 1.0 is now a core protocol that is always enabled. Its plugin is now a no-op that only exists to simplify upgrades. - The AMQP 1.0 implementation is now significantly more efficient: its peak throughput is more than double than that of 3.13.x on some workloads - Efficient sub-linear quorum queue recovery on node startup using checkpoints - Quorum queues now support priorities (but not exactly the same way as classic queues) - AMQP 1.0 clients now can manage topologies similarly to how AMQP 0-9-1 clients do it - The AMQP 1.0 convention (address format) used for interacting with with AMQP 0-9-1 entities is now easier to reason about - Mirroring (replication) of classic queues was removed after several years of deprecation. For replicated messaging data types, use quorum queues and/or streams. Non-replicated classic queues remain and their development continues - Classic queue storage efficiency improvements, in particular recovery time and storage of multi-MiB messages - Nodes with multiple enabled plugins and little on disk data to recover now start up to 20-30% faster - New exchange type: Local Random Exchange - Quorum queue log reads are now offloaded to channels (sessions, connections). - Initial Support for AMQP 1.0 Filter Expressions - Feature Flags Quality of Life Improvements - rabbitmqadmin v2 * Breaking Changes - Before a client connection can negotiate a maximum frame size (frame_max), it must authenticate successfully. Before the authenticated phase, a special lower frame_max value is used. - With this release, the value was increased from the original 4096 bytes to 8192 to accommodate larger JWT tokens. - amqplib is a popular client library that has been using a low frame_max default of 4096. Its users must upgrade to a compatible version (starting with 0.10.7) or explicitly use a higher frame_max. amqplib versions older than 0.10.7 will not be able to connect to RabbitMQ 4.1.0 and later versions due to the initial AMQP 0-9-1 maximum frame size increase covered above. - The default MQTT Maximum Packet Size changed from 256 MiB to 16 MiB. - The following rabbitmq.conf settings are unsupported: - cluster_formation.etcd.ssl_options.fail_if_no_peer_cert - cluster_formation.etcd.ssl_options.dh - cluster_formation.etcd.ssl_options.dhfile - Classic Queues is Now a Non-Replicated Queue Type - Quorum Queues Now Have a Default Redelivery Limit - Up to RabbitMQ 3.13, when an AMQP 0.9.1 client (re-)published a message to RabbitMQ, RabbitMQ interpreted the - AMQP 0.9.1 x-death header in the published message's basic_message.content.properties.headers field. - RabbitMQ 4.x will not interpret this x-death header anymore when clients (re-)publish a message. - CQv1 Storage Implementation was Removed - Settings cluster_formation.randomized_startup_delay_range.* were Removed - Several Disk I/O-Related Metrics were Removed - Default Maximum Message Size Reduced to 16 MiB - RabbitMQ 3.13 rabbitmq.conf setting rabbitmq_amqp1_0.default_vhost is unsupported in RabbitMQ 4.0. - RabbitMQ 3.13 rabbitmq.conf settings mqtt.default_user, mqtt.default_password, and amqp1_0.default_user are unsupported in RabbitMQ 4.0. - Starting with Erlang 26, client side TLS peer certificate chain verification settings are enabled by default in most contexts: from federation links to shovels to TLS-enabled LDAP client connections. - RabbitMQ Shovels will be able connect to a RabbitMQ 4.0 node via AMQP 1.0 only when the Shovel runs on a RabbitMQ node >= 3.13.7. * See https://github.com/rabbitmq/rabbitmq-server/releases/tag/v4.0.1 * and https://github.com/rabbitmq/rabbitmq-server/releases/tag/v4.1.0 for more info - Restore SLES logrotate file, (bsc#1246091) erlang-rabbitmq-client-4.1.5-160000.1.1.aarch64.rpm rabbitmq-server-4.1.5-160000.1.1.aarch64.rpm rabbitmq-server-bash-completion-4.1.5-160000.1.1.noarch.rpm rabbitmq-server-plugins-4.1.5-160000.1.1.aarch64.rpm rabbitmq-server-zsh-completion-4.1.5-160000.1.1.noarch.rpm erlang-rabbitmq-client-4.1.5-160000.1.1.ppc64le.rpm rabbitmq-server-4.1.5-160000.1.1.ppc64le.rpm rabbitmq-server-plugins-4.1.5-160000.1.1.ppc64le.rpm erlang-rabbitmq-client-4.1.5-160000.1.1.s390x.rpm rabbitmq-server-4.1.5-160000.1.1.s390x.rpm rabbitmq-server-plugins-4.1.5-160000.1.1.s390x.rpm erlang-rabbitmq-client-4.1.5-160000.1.1.x86_64.rpm rabbitmq-server-4.1.5-160000.1.1.x86_64.rpm rabbitmq-server-plugins-4.1.5-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-172 Security update for libpng16 moderate SUSE SLFO 1.2 This update for libpng16 fixes the following issues: - CVE-2026-22695: Fixed heap buffer over-read in png_image_finish_read (bsc#1256525). - CVE-2026-22801: Fixed integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526). libpng16-16-1.6.44-160000.4.1.aarch64.rpm libpng16-compat-devel-1.6.44-160000.4.1.aarch64.rpm libpng16-devel-1.6.44-160000.4.1.aarch64.rpm libpng16-tools-1.6.44-160000.4.1.aarch64.rpm libpng16-16-1.6.44-160000.4.1.ppc64le.rpm libpng16-compat-devel-1.6.44-160000.4.1.ppc64le.rpm libpng16-devel-1.6.44-160000.4.1.ppc64le.rpm libpng16-tools-1.6.44-160000.4.1.ppc64le.rpm libpng16-16-1.6.44-160000.4.1.s390x.rpm libpng16-compat-devel-1.6.44-160000.4.1.s390x.rpm libpng16-devel-1.6.44-160000.4.1.s390x.rpm libpng16-tools-1.6.44-160000.4.1.s390x.rpm libpng16-16-1.6.44-160000.4.1.x86_64.rpm libpng16-16-x86-64-v3-1.6.44-160000.4.1.x86_64.rpm libpng16-compat-devel-1.6.44-160000.4.1.x86_64.rpm libpng16-compat-devel-x86-64-v3-1.6.44-160000.4.1.x86_64.rpm libpng16-devel-1.6.44-160000.4.1.x86_64.rpm libpng16-devel-x86-64-v3-1.6.44-160000.4.1.x86_64.rpm libpng16-tools-1.6.44-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-173 Security update for gdk-pixbuf important SUSE SLFO 1.2 This update for gdk-pixbuf fixes the following issues: - CVE-2025-7345: heap buffer overflow in gdk-pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib g_base64_encode_step (bsc#1246114). - CVE-2025-6199: uninitialized memory could lead to leak arbitrary memory contents (bsc#1245227). gdk-pixbuf-devel-2.42.12-160000.3.1.aarch64.rpm gdk-pixbuf-lang-2.42.12-160000.3.1.noarch.rpm gdk-pixbuf-query-loaders-2.42.12-160000.3.1.aarch64.rpm gdk-pixbuf-thumbnailer-2.42.12-160000.3.1.aarch64.rpm libgdk_pixbuf-2_0-0-2.42.12-160000.3.1.aarch64.rpm typelib-1_0-GdkPixbuf-2_0-2.42.12-160000.3.1.aarch64.rpm typelib-1_0-GdkPixdata-2_0-2.42.12-160000.3.1.aarch64.rpm gdk-pixbuf-devel-2.42.12-160000.3.1.ppc64le.rpm gdk-pixbuf-query-loaders-2.42.12-160000.3.1.ppc64le.rpm gdk-pixbuf-thumbnailer-2.42.12-160000.3.1.ppc64le.rpm libgdk_pixbuf-2_0-0-2.42.12-160000.3.1.ppc64le.rpm typelib-1_0-GdkPixbuf-2_0-2.42.12-160000.3.1.ppc64le.rpm typelib-1_0-GdkPixdata-2_0-2.42.12-160000.3.1.ppc64le.rpm gdk-pixbuf-devel-2.42.12-160000.3.1.s390x.rpm gdk-pixbuf-query-loaders-2.42.12-160000.3.1.s390x.rpm gdk-pixbuf-thumbnailer-2.42.12-160000.3.1.s390x.rpm libgdk_pixbuf-2_0-0-2.42.12-160000.3.1.s390x.rpm typelib-1_0-GdkPixbuf-2_0-2.42.12-160000.3.1.s390x.rpm typelib-1_0-GdkPixdata-2_0-2.42.12-160000.3.1.s390x.rpm gdk-pixbuf-devel-2.42.12-160000.3.1.x86_64.rpm gdk-pixbuf-query-loaders-2.42.12-160000.3.1.x86_64.rpm gdk-pixbuf-thumbnailer-2.42.12-160000.3.1.x86_64.rpm libgdk_pixbuf-2_0-0-2.42.12-160000.3.1.x86_64.rpm typelib-1_0-GdkPixbuf-2_0-2.42.12-160000.3.1.x86_64.rpm typelib-1_0-GdkPixdata-2_0-2.42.12-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-174 Security update for go1.25 important SUSE SLFO 1.2 This update for go1.25 fixes the following issues: Update to go1.25.6 (released 2026-01-15) (bsc#1244485) Security fixes: - CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level (bsc#1256821). - CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc#1256820). - CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution (bsc#1256819). - CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm (bsc#1256817). - CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives (bsc#1256816). - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818). Other fixes: * go#76392 os: package initialization hangs is Stdin is blocked * go#76409 crypto/tls: earlyTrafficSecret should use ClientHelloInner if ECH enabled * go#76620 os: on Unix, Readdirnames skips directory entries with zero inodes * go#76761 runtime: stack split at bad time in os/signal with Go 1.25.4 windows 386 * go#76776 runtime: race detector crash on ppc64le * go#76967 cmd/compile/internal/ssa: Compile.func1(): panic during sccp while compiling <function>: runtime error: index out of range * go#76973 errors: errors.Join behavior changed in 1.25 go1.25-1.25.6-160000.1.1.aarch64.rpm go1.25-doc-1.25.6-160000.1.1.aarch64.rpm go1.25-libstd-1.25.6-160000.1.1.aarch64.rpm go1.25-race-1.25.6-160000.1.1.aarch64.rpm go1.25-1.25.6-160000.1.1.ppc64le.rpm go1.25-doc-1.25.6-160000.1.1.ppc64le.rpm go1.25-race-1.25.6-160000.1.1.ppc64le.rpm go1.25-1.25.6-160000.1.1.s390x.rpm go1.25-doc-1.25.6-160000.1.1.s390x.rpm go1.25-race-1.25.6-160000.1.1.s390x.rpm go1.25-1.25.6-160000.1.1.x86_64.rpm go1.25-doc-1.25.6-160000.1.1.x86_64.rpm go1.25-libstd-1.25.6-160000.1.1.x86_64.rpm go1.25-race-1.25.6-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-175 Security update for python-virtualenv moderate SUSE SLFO 1.2 This update for python-virtualenv fixes the following issues: - CVE-2026-22702: Fixed local attacker can redirect file operations via TOCTOU race condition (bsc#1256458). python313-virtualenv-20.29.3-160000.3.1.noarch.rpm openSUSE-Leap-16.0-176 Security update for python-marshmallow moderate SUSE SLFO 1.2 This update for python-marshmallow fixes the following issues: - CVE-2025-68480: Fixed possible DoS when using Schema.load(data, many=True) (bsc#1255473). python-marshmallow-doc-3.20.2-160000.3.1.noarch.rpm python313-marshmallow-3.20.2-160000.3.1.noarch.rpm openSUSE-Leap-16.0-177 Security update for python-urllib3 moderate SUSE SLFO 1.2 This update for python-urllib3 fixes the following issues: - CVE-2026-21441: Fixed excessive resource consumption during decompression of data in HTTP redirect responses (bsc#1256331). python313-urllib3-2.5.0-160000.3.1.noarch.rpm openSUSE-Leap-16.0-178 Security update for python-pyasn1 important SUSE SLFO 1.2 This update for python-pyasn1 fixes the following issues: - CVE-2026-23490: Fixed Denial-of-Service issue that may lead to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets (bsc#1256902) python313-pyasn1-0.6.1-160000.3.1.noarch.rpm openSUSE-Leap-16.0-179 Security update for busybox important SUSE SLFO 1.2 This update for busybox fixes the following issues: Security fixes: - CVE-2025-60876: HTTP request header injection in wget (bsc#1253245). - CVE-2025-46394: Fixed tar hidden files via escape sequence (bsc#1241661). Other fixes: - Set CONFIG_FIRST_SYSTEM_ID to 201 to avoid confclict (bsc#1236670) - Fix unshare -mrpf sh core dump on ppc64le (bsc#1249237) busybox-1.37.0-160000.4.1.aarch64.rpm busybox-static-1.37.0-160000.4.1.aarch64.rpm busybox-warewulf3-1.37.0-160000.4.1.aarch64.rpm busybox-1.37.0-160000.4.1.ppc64le.rpm busybox-static-1.37.0-160000.4.1.ppc64le.rpm busybox-1.37.0-160000.4.1.s390x.rpm busybox-static-1.37.0-160000.4.1.s390x.rpm busybox-1.37.0-160000.4.1.x86_64.rpm busybox-static-1.37.0-160000.4.1.x86_64.rpm busybox-warewulf3-1.37.0-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-180 Security update for bind important SUSE SLFO 1.2 This update for bind fixes the following issues: Upgrade to release 9.20.18: - CVE-2025-13878: Fixed incorrect length checks for BRID and HHIT records (bsc#1256997) Feature Changes: * Add more information to the rndc recursing output about fetches. * Reduce the number of outgoing queries. * Provide more information when memory allocation fails. Bug Fixes: * Make DNSSEC key rollovers more robust. * Fix a catalog zone issue, where member zones could fail to load. * Allow glue in delegations with QTYPE=ANY. * Fix slow speed when signing a large delegation zone with NSEC3 opt-out. * Reconfiguring an NSEC3 opt-out zone to NSEC caused the zone to be invalid. * Fix a possible catalog zone issue during reconfiguration. * Fix the charts in the statistics channel. * Adding NSEC3 opt-out records could leave invalid records in chain. * Fix spurious timeouts while resolving names. * Fix bug where zone switches from NSEC3 to NSEC after retransfer. * AMTRELAY type 0 presentation format handling was wrong. * Fix parsing bug in remote-servers with key or TLS. * Fix DoT reconfigure/reload bug in the resolver. * Skip unsupported algorithms when looking for a signing key. * Fix dnssec-keygen key collision checking for KEY RRtype keys. * dnssec-verify now uses exit code 1 when failing due to illegal options. * Prevent assertion failures of dig when a server is specified before the -b option. * Skip buffer allocations if not logging. bind-9.20.18-160000.1.1.aarch64.rpm bind-doc-9.20.18-160000.1.1.noarch.rpm bind-modules-bdbhpt-9.20.18-160000.1.1.aarch64.rpm bind-modules-generic-9.20.18-160000.1.1.aarch64.rpm bind-modules-ldap-9.20.18-160000.1.1.aarch64.rpm bind-modules-mysql-9.20.18-160000.1.1.aarch64.rpm bind-modules-perl-9.20.18-160000.1.1.aarch64.rpm bind-modules-sqlite3-9.20.18-160000.1.1.aarch64.rpm bind-utils-9.20.18-160000.1.1.aarch64.rpm bind-9.20.18-160000.1.1.ppc64le.rpm bind-modules-bdbhpt-9.20.18-160000.1.1.ppc64le.rpm bind-modules-generic-9.20.18-160000.1.1.ppc64le.rpm bind-modules-ldap-9.20.18-160000.1.1.ppc64le.rpm bind-modules-mysql-9.20.18-160000.1.1.ppc64le.rpm bind-modules-perl-9.20.18-160000.1.1.ppc64le.rpm bind-modules-sqlite3-9.20.18-160000.1.1.ppc64le.rpm bind-utils-9.20.18-160000.1.1.ppc64le.rpm bind-9.20.18-160000.1.1.s390x.rpm bind-modules-bdbhpt-9.20.18-160000.1.1.s390x.rpm bind-modules-generic-9.20.18-160000.1.1.s390x.rpm bind-modules-ldap-9.20.18-160000.1.1.s390x.rpm bind-modules-mysql-9.20.18-160000.1.1.s390x.rpm bind-modules-perl-9.20.18-160000.1.1.s390x.rpm bind-modules-sqlite3-9.20.18-160000.1.1.s390x.rpm bind-utils-9.20.18-160000.1.1.s390x.rpm bind-9.20.18-160000.1.1.x86_64.rpm bind-modules-bdbhpt-9.20.18-160000.1.1.x86_64.rpm bind-modules-generic-9.20.18-160000.1.1.x86_64.rpm bind-modules-ldap-9.20.18-160000.1.1.x86_64.rpm bind-modules-mysql-9.20.18-160000.1.1.x86_64.rpm bind-modules-perl-9.20.18-160000.1.1.x86_64.rpm bind-modules-sqlite3-9.20.18-160000.1.1.x86_64.rpm bind-utils-9.20.18-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-182 Recommended update for dracut moderate SUSE SLFO 1.2 This update for dracut fixes the following issues: - Fix and update testsuite (bsc#1254873): * test (FULL-SYSTEMD): + ignore errors in systemd-vconsole-setup.service + use poweroff to shut down test + no need to include dbus to the target rootfs * test: move /failed to /run/failed as rootfs might be read-only * test: make the size of all test drives 512 MB * fix (systemd): move installation of libkmod to udev-rules module * test: switch to virtio for the QEMU drive * test: increase test VM memory from 512M to 1024M to avoid OOM killer * test: move more common test code to test-functions * test: upgrade to ext4 - fix (nfs): do not execute logic in nfs hooks if netroot is not nfs (bsc#1253960) - fix (kernel-modules-extra): remove stray \ before / (bsc#1253029) dracut-059+suse.717.g75494a30-160000.1.1.aarch64.rpm dracut-extra-059+suse.717.g75494a30-160000.1.1.aarch64.rpm dracut-fips-059+suse.717.g75494a30-160000.1.1.aarch64.rpm dracut-ima-059+suse.717.g75494a30-160000.1.1.aarch64.rpm dracut-tools-059+suse.717.g75494a30-160000.1.1.aarch64.rpm dracut-059+suse.717.g75494a30-160000.1.1.ppc64le.rpm dracut-extra-059+suse.717.g75494a30-160000.1.1.ppc64le.rpm dracut-fips-059+suse.717.g75494a30-160000.1.1.ppc64le.rpm dracut-ima-059+suse.717.g75494a30-160000.1.1.ppc64le.rpm dracut-tools-059+suse.717.g75494a30-160000.1.1.ppc64le.rpm dracut-059+suse.717.g75494a30-160000.1.1.s390x.rpm dracut-extra-059+suse.717.g75494a30-160000.1.1.s390x.rpm dracut-fips-059+suse.717.g75494a30-160000.1.1.s390x.rpm dracut-ima-059+suse.717.g75494a30-160000.1.1.s390x.rpm dracut-tools-059+suse.717.g75494a30-160000.1.1.s390x.rpm dracut-059+suse.717.g75494a30-160000.1.1.x86_64.rpm dracut-extra-059+suse.717.g75494a30-160000.1.1.x86_64.rpm dracut-fips-059+suse.717.g75494a30-160000.1.1.x86_64.rpm dracut-ima-059+suse.717.g75494a30-160000.1.1.x86_64.rpm dracut-tools-059+suse.717.g75494a30-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-183 Recommended update for supportutils important SUSE SLFO 1.2 This update for supportutils fixes the following issues: - Optimized lsof usage and honors OPTION_OFILES (bsc#1232351) - Run in containers without errors (bsc#1245667) - Removed pmap PID from memory.txt (bsc#1246011) - Added missing /proc/pagetypeinfo to memory.txt (bsc#1246025) - Improved database perforce with kGraft patching (bsc#1249657) - Using last boot for journalctl for optimization (bsc#1250224) - Fixed extraction failures (bsc#1252318) - Update supportconfig.conf path in docs (bsc#1254425) - drm_sub_info: Catch error when dir doesn't exist - Replace remaining `egrep` with `grep -E` - Add process affinity to slert logs - Reintroduce cgroup statistics (and v2) - Minor changes to basic-health-check: improve information level - Collect important machine health counters - powerpc: collect hot-pluggable PCI and PHB slots - podman: collect podman disk usage - Exclude binary files in crondir - kexec/kdump: collect everything under /sys/kernel/kexec dir - Use short-iso for journalctl supportutils-3.2.12.2-160000.1.1.noarch.rpm openSUSE-Leap-16.0-184 Recommended update for pciutils important SUSE SLFO 1.2 This update for pciutils fixes the following issues: - pciutils.spec: Add a strict dependency to libpci. (bsc#1252338) Mixing different versions of pciutils and libpci could result in a segmentation fault due to incompatible ABI. libpci3-3.13.0-160000.3.1.aarch64.rpm pciutils-3.13.0-160000.3.1.aarch64.rpm pciutils-devel-3.13.0-160000.3.1.aarch64.rpm libpci3-3.13.0-160000.3.1.ppc64le.rpm pciutils-3.13.0-160000.3.1.ppc64le.rpm pciutils-devel-3.13.0-160000.3.1.ppc64le.rpm libpci3-3.13.0-160000.3.1.s390x.rpm pciutils-3.13.0-160000.3.1.s390x.rpm pciutils-devel-3.13.0-160000.3.1.s390x.rpm libpci3-3.13.0-160000.3.1.x86_64.rpm pciutils-3.13.0-160000.3.1.x86_64.rpm pciutils-devel-3.13.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-185 Security update for python-jaraco.context important SUSE SLFO 1.2 This update for python-jaraco.context fixes the following issues: - CVE-2026-23949: Fixed malicious tar archives may lead to path traversal (bsc#1256954). python313-jaraco.context-5.3.0-160000.3.1.noarch.rpm openSUSE-Leap-16.0-186 Recommended update for man moderate SUSE SLFO 1.2 This update for man fixes the following issues: - Do not masked out the already existing %ghost file entry - Extend tmpfiles template man-db.conf (jsc#PED-14862) * Create cache directories with systemd tmpfiles service - Update to man-db 2.13.1: * Update various manual page translation * Fix various minor formatting issues in manual pages. * Tolerate additional spaces in preprocessor strings. * Fix check for generated source files in out-of-tree builds. * Fix building with the `musl` C library. * Recognize another Ukrainian translation of the `NAME` section. * Increase the maximum size of the `NAME` section from 8192 to 16384 bytes. - Port patches - Avoid latest gettextize as it breaks build now - If a section is specified do not show the list (bsc#1240874) - Wait 15 seconds instead of 7 instead for a choice - Explicit mention `export' instead of `set' for MAN_POSIXLY_CORRECT man-2.13.1-160000.1.1.aarch64.rpm man-2.13.1-160000.1.1.ppc64le.rpm man-2.13.1-160000.1.1.s390x.rpm man-2.13.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-188 Recommended update for ibus important SUSE SLFO 1.2 This update for ibus fixes the following issues: - Upstream update to 1.5.33: * Fix reset signal w/ GTK_IM_MODULE=ibus in Wayland * Provide preedit semantic APIs * Do not load en-US compose table by default * IBus 1.5.33 will insert "include %L" in your compose file automatically generated by old IBus versions * Implement IBusMessage * Improve BEPO compose sequence visuals * Update simple.xml with xkeyboard-config 2.45 * Update ibusunicodegen.h with Unicode 17.0.0 * Bug fixes for Wayland input-method * Fix PageUp/PageDown buttons with hiding candidate popup * Fix leaks and buffer overflows - Drop patches for unmaintained distributions - Fix: Barcode scanner input gets jumbled when ibus is running and an application written in certain frameworks has focus (bsc#1252250): * After libX11 is fixed about the XIM jumbled input issues, too quick focus change can causes a freeze with barcode reader * Fix the synchronous "ProcessKeyEvent" D-Bus method in ibus-x11 * Add ibus_input_context_set_post_process_key_event() and ibus_input_context_post_process_key_event() ibus-1.5.33-160000.1.1.aarch64.rpm ibus-devel-1.5.33-160000.1.1.aarch64.rpm ibus-dict-emoji-1.5.33-160000.1.1.noarch.rpm ibus-gtk-1.5.33-160000.1.1.aarch64.rpm ibus-gtk3-1.5.33-160000.1.1.aarch64.rpm ibus-lang-1.5.33-160000.1.1.noarch.rpm libibus-1_0-5-1.5.33-160000.1.1.aarch64.rpm typelib-1_0-IBus-1_0-1.5.33-160000.1.1.aarch64.rpm ibus-gtk4-1.5.33-160000.1.1.aarch64.rpm ibus-1.5.33-160000.1.1.ppc64le.rpm ibus-devel-1.5.33-160000.1.1.ppc64le.rpm ibus-gtk-1.5.33-160000.1.1.ppc64le.rpm ibus-gtk3-1.5.33-160000.1.1.ppc64le.rpm libibus-1_0-5-1.5.33-160000.1.1.ppc64le.rpm typelib-1_0-IBus-1_0-1.5.33-160000.1.1.ppc64le.rpm ibus-gtk4-1.5.33-160000.1.1.ppc64le.rpm ibus-1.5.33-160000.1.1.s390x.rpm ibus-devel-1.5.33-160000.1.1.s390x.rpm ibus-gtk-1.5.33-160000.1.1.s390x.rpm ibus-gtk3-1.5.33-160000.1.1.s390x.rpm libibus-1_0-5-1.5.33-160000.1.1.s390x.rpm typelib-1_0-IBus-1_0-1.5.33-160000.1.1.s390x.rpm ibus-gtk4-1.5.33-160000.1.1.s390x.rpm ibus-1.5.33-160000.1.1.x86_64.rpm ibus-devel-1.5.33-160000.1.1.x86_64.rpm ibus-gtk-1.5.33-160000.1.1.x86_64.rpm ibus-gtk3-1.5.33-160000.1.1.x86_64.rpm libibus-1_0-5-1.5.33-160000.1.1.x86_64.rpm typelib-1_0-IBus-1_0-1.5.33-160000.1.1.x86_64.rpm ibus-gtk4-1.5.33-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-189 Recommended update for mariadb moderate SUSE SLFO 1.2 This update for mariadb fixes the following issues: Changes in mariadb: - make 'mysql-systemd-helper upgrade' selinux aware (bsc#1255024) Updating mariadb might impact the database service. Do you want to proceed with the update? libmariadbd-devel-11.8.5-160000.2.1.aarch64.rpm libmariadbd19-11.8.5-160000.2.1.aarch64.rpm mariadb-11.8.5-160000.2.1.aarch64.rpm mariadb-bench-11.8.5-160000.2.1.aarch64.rpm mariadb-client-11.8.5-160000.2.1.aarch64.rpm mariadb-errormessages-11.8.5-160000.2.1.noarch.rpm mariadb-galera-11.8.5-160000.2.1.aarch64.rpm mariadb-rpm-macros-11.8.5-160000.2.1.aarch64.rpm mariadb-test-11.8.5-160000.2.1.aarch64.rpm mariadb-tools-11.8.5-160000.2.1.aarch64.rpm libmariadbd-devel-11.8.5-160000.2.1.ppc64le.rpm libmariadbd19-11.8.5-160000.2.1.ppc64le.rpm mariadb-11.8.5-160000.2.1.ppc64le.rpm mariadb-bench-11.8.5-160000.2.1.ppc64le.rpm mariadb-client-11.8.5-160000.2.1.ppc64le.rpm mariadb-galera-11.8.5-160000.2.1.ppc64le.rpm mariadb-rpm-macros-11.8.5-160000.2.1.ppc64le.rpm mariadb-test-11.8.5-160000.2.1.ppc64le.rpm mariadb-tools-11.8.5-160000.2.1.ppc64le.rpm libmariadbd-devel-11.8.5-160000.2.1.s390x.rpm libmariadbd19-11.8.5-160000.2.1.s390x.rpm mariadb-11.8.5-160000.2.1.s390x.rpm mariadb-bench-11.8.5-160000.2.1.s390x.rpm mariadb-client-11.8.5-160000.2.1.s390x.rpm mariadb-galera-11.8.5-160000.2.1.s390x.rpm mariadb-rpm-macros-11.8.5-160000.2.1.s390x.rpm mariadb-test-11.8.5-160000.2.1.s390x.rpm mariadb-tools-11.8.5-160000.2.1.s390x.rpm libmariadbd-devel-11.8.5-160000.2.1.x86_64.rpm libmariadbd19-11.8.5-160000.2.1.x86_64.rpm mariadb-11.8.5-160000.2.1.x86_64.rpm mariadb-bench-11.8.5-160000.2.1.x86_64.rpm mariadb-client-11.8.5-160000.2.1.x86_64.rpm mariadb-galera-11.8.5-160000.2.1.x86_64.rpm mariadb-rpm-macros-11.8.5-160000.2.1.x86_64.rpm mariadb-test-11.8.5-160000.2.1.x86_64.rpm mariadb-tools-11.8.5-160000.2.1.x86_64.rpm openSUSE-Leap-16.0-19 Recommended update for go1.25-openssl moderate SUSE SLFO 1.2 This update for go1.25-openssl fixes the following issues: go1.25-openssl is added to SLES 16.0 go1.25-openssl-1.25.1-160000.1.1.aarch64.rpm go1.25-openssl-doc-1.25.1-160000.1.1.aarch64.rpm go1.25-openssl-race-1.25.1-160000.1.1.aarch64.rpm go1.25-openssl-1.25.1-160000.1.1.ppc64le.rpm go1.25-openssl-doc-1.25.1-160000.1.1.ppc64le.rpm go1.25-openssl-race-1.25.1-160000.1.1.ppc64le.rpm go1.25-openssl-1.25.1-160000.1.1.s390x.rpm go1.25-openssl-doc-1.25.1-160000.1.1.s390x.rpm go1.25-openssl-race-1.25.1-160000.1.1.s390x.rpm go1.25-openssl-1.25.1-160000.1.1.x86_64.rpm go1.25-openssl-doc-1.25.1-160000.1.1.x86_64.rpm go1.25-openssl-race-1.25.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-192 Recommended update for runc important SUSE SLFO 1.2 This update for runc fixes the following issues: Changes in runc: - Update to runc v1.3.4. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.3.4>. bsc#1254362 runc-1.3.4-160000.1.1.aarch64.rpm runc-1.3.4-160000.1.1.ppc64le.rpm runc-1.3.4-160000.1.1.s390x.rpm runc-1.3.4-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-193 Security update for avahi moderate SUSE SLFO 1.2 This update for avahi fixes the following issues: - CVE-2025-68276: Fixed refuse to create wide-area record browsers when wide-area is off (bsc#1256498) - CVE-2025-68471: Fixed DoS bug by changing assert to return (bsc#1256500) - CVE-2025-68468: Fixed DoS bug by removing incorrect assertion (bsc#1256499) avahi-0.8-160000.4.1.aarch64.rpm avahi-autoipd-0.8-160000.4.1.aarch64.rpm avahi-compat-howl-devel-0.8-160000.4.1.aarch64.rpm avahi-compat-mDNSResponder-devel-0.8-160000.4.1.aarch64.rpm avahi-lang-0.8-160000.4.1.noarch.rpm avahi-utils-0.8-160000.4.1.aarch64.rpm libavahi-client3-0.8-160000.4.1.aarch64.rpm libavahi-common3-0.8-160000.4.1.aarch64.rpm libavahi-core7-0.8-160000.4.1.aarch64.rpm libavahi-devel-0.8-160000.4.1.aarch64.rpm libavahi-libevent1-0.8-160000.4.1.aarch64.rpm libdns_sd-0.8-160000.4.1.aarch64.rpm libhowl0-0.8-160000.4.1.aarch64.rpm python313-avahi-0.8-160000.4.1.aarch64.rpm libavahi-qt6-1-0.8-160000.4.1.aarch64.rpm libavahi-qt6-devel-0.8-160000.4.1.aarch64.rpm avahi-utils-gtk-0.8-160000.4.1.aarch64.rpm libavahi-glib-devel-0.8-160000.4.1.aarch64.rpm libavahi-glib1-0.8-160000.4.1.aarch64.rpm libavahi-gobject-devel-0.8-160000.4.1.aarch64.rpm libavahi-gobject0-0.8-160000.4.1.aarch64.rpm libavahi-ui-gtk3-0-0.8-160000.4.1.aarch64.rpm python3-avahi-gtk-0.8-160000.4.1.aarch64.rpm typelib-1_0-Avahi-0_6-0.8-160000.4.1.aarch64.rpm avahi-0.8-160000.4.1.ppc64le.rpm avahi-autoipd-0.8-160000.4.1.ppc64le.rpm avahi-compat-howl-devel-0.8-160000.4.1.ppc64le.rpm avahi-compat-mDNSResponder-devel-0.8-160000.4.1.ppc64le.rpm avahi-utils-0.8-160000.4.1.ppc64le.rpm libavahi-client3-0.8-160000.4.1.ppc64le.rpm libavahi-common3-0.8-160000.4.1.ppc64le.rpm libavahi-core7-0.8-160000.4.1.ppc64le.rpm libavahi-devel-0.8-160000.4.1.ppc64le.rpm libavahi-libevent1-0.8-160000.4.1.ppc64le.rpm libdns_sd-0.8-160000.4.1.ppc64le.rpm libhowl0-0.8-160000.4.1.ppc64le.rpm python313-avahi-0.8-160000.4.1.ppc64le.rpm libavahi-qt6-1-0.8-160000.4.1.ppc64le.rpm libavahi-qt6-devel-0.8-160000.4.1.ppc64le.rpm avahi-utils-gtk-0.8-160000.4.1.ppc64le.rpm libavahi-glib-devel-0.8-160000.4.1.ppc64le.rpm libavahi-glib1-0.8-160000.4.1.ppc64le.rpm libavahi-gobject-devel-0.8-160000.4.1.ppc64le.rpm libavahi-gobject0-0.8-160000.4.1.ppc64le.rpm libavahi-ui-gtk3-0-0.8-160000.4.1.ppc64le.rpm python3-avahi-gtk-0.8-160000.4.1.ppc64le.rpm typelib-1_0-Avahi-0_6-0.8-160000.4.1.ppc64le.rpm avahi-0.8-160000.4.1.s390x.rpm avahi-autoipd-0.8-160000.4.1.s390x.rpm avahi-compat-howl-devel-0.8-160000.4.1.s390x.rpm avahi-compat-mDNSResponder-devel-0.8-160000.4.1.s390x.rpm avahi-utils-0.8-160000.4.1.s390x.rpm libavahi-client3-0.8-160000.4.1.s390x.rpm libavahi-common3-0.8-160000.4.1.s390x.rpm libavahi-core7-0.8-160000.4.1.s390x.rpm libavahi-devel-0.8-160000.4.1.s390x.rpm libavahi-libevent1-0.8-160000.4.1.s390x.rpm libdns_sd-0.8-160000.4.1.s390x.rpm libhowl0-0.8-160000.4.1.s390x.rpm python313-avahi-0.8-160000.4.1.s390x.rpm libavahi-qt6-1-0.8-160000.4.1.s390x.rpm libavahi-qt6-devel-0.8-160000.4.1.s390x.rpm avahi-utils-gtk-0.8-160000.4.1.s390x.rpm libavahi-glib-devel-0.8-160000.4.1.s390x.rpm libavahi-glib1-0.8-160000.4.1.s390x.rpm libavahi-gobject-devel-0.8-160000.4.1.s390x.rpm libavahi-gobject0-0.8-160000.4.1.s390x.rpm libavahi-ui-gtk3-0-0.8-160000.4.1.s390x.rpm python3-avahi-gtk-0.8-160000.4.1.s390x.rpm typelib-1_0-Avahi-0_6-0.8-160000.4.1.s390x.rpm avahi-0.8-160000.4.1.x86_64.rpm avahi-autoipd-0.8-160000.4.1.x86_64.rpm avahi-compat-howl-devel-0.8-160000.4.1.x86_64.rpm avahi-compat-mDNSResponder-devel-0.8-160000.4.1.x86_64.rpm avahi-utils-0.8-160000.4.1.x86_64.rpm libavahi-client3-0.8-160000.4.1.x86_64.rpm libavahi-common3-0.8-160000.4.1.x86_64.rpm libavahi-core7-0.8-160000.4.1.x86_64.rpm libavahi-devel-0.8-160000.4.1.x86_64.rpm libavahi-libevent1-0.8-160000.4.1.x86_64.rpm libdns_sd-0.8-160000.4.1.x86_64.rpm libhowl0-0.8-160000.4.1.x86_64.rpm python313-avahi-0.8-160000.4.1.x86_64.rpm libavahi-qt6-1-0.8-160000.4.1.x86_64.rpm libavahi-qt6-devel-0.8-160000.4.1.x86_64.rpm avahi-utils-gtk-0.8-160000.4.1.x86_64.rpm libavahi-glib-devel-0.8-160000.4.1.x86_64.rpm libavahi-glib1-0.8-160000.4.1.x86_64.rpm libavahi-gobject-devel-0.8-160000.4.1.x86_64.rpm libavahi-gobject0-0.8-160000.4.1.x86_64.rpm libavahi-ui-gtk3-0-0.8-160000.4.1.x86_64.rpm python3-avahi-gtk-0.8-160000.4.1.x86_64.rpm typelib-1_0-Avahi-0_6-0.8-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-194 Recommended update for cloud-netconfig moderate SUSE SLFO 1.2 This update for cloud-netconfig fixes the following issues: - Update to version 1.16: * Fix query of default CLOUD_NETCONFIG_MANAGE (bsc#1253223) * Fix variable names in the README cloud-netconfig-azure-1.16-160000.1.1.noarch.rpm cloud-netconfig-ec2-1.16-160000.1.1.noarch.rpm cloud-netconfig-gce-1.16-160000.1.1.noarch.rpm openSUSE-Leap-16.0-198 Security update for php8 moderate SUSE SLFO 1.2 This update for php8 fixes the following issues: Version update to 8.4.16: Security fixes: - CVE-2025-14177: getimagesize() function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode (bsc#1255710). - CVE-2025-14178: heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE (bsc#1255711). - CVE-2025-14180: null pointer dereference in pdo_parse_params() function when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled (bsc#1255712). Other fixes: - php8 contains Directories owned by wwwrun but does not require User. (bsc#1255043) php8-8.4.16-160000.1.1.aarch64.rpm php8-bcmath-8.4.16-160000.1.1.aarch64.rpm php8-bz2-8.4.16-160000.1.1.aarch64.rpm php8-calendar-8.4.16-160000.1.1.aarch64.rpm php8-cli-8.4.16-160000.1.1.aarch64.rpm php8-ctype-8.4.16-160000.1.1.aarch64.rpm php8-curl-8.4.16-160000.1.1.aarch64.rpm php8-dba-8.4.16-160000.1.1.aarch64.rpm php8-devel-8.4.16-160000.1.1.aarch64.rpm php8-dom-8.4.16-160000.1.1.aarch64.rpm php8-enchant-8.4.16-160000.1.1.aarch64.rpm php8-exif-8.4.16-160000.1.1.aarch64.rpm php8-ffi-8.4.16-160000.1.1.aarch64.rpm php8-fileinfo-8.4.16-160000.1.1.aarch64.rpm php8-ftp-8.4.16-160000.1.1.aarch64.rpm php8-gd-8.4.16-160000.1.1.aarch64.rpm php8-gettext-8.4.16-160000.1.1.aarch64.rpm php8-gmp-8.4.16-160000.1.1.aarch64.rpm php8-iconv-8.4.16-160000.1.1.aarch64.rpm php8-intl-8.4.16-160000.1.1.aarch64.rpm php8-ldap-8.4.16-160000.1.1.aarch64.rpm php8-mbstring-8.4.16-160000.1.1.aarch64.rpm php8-mysql-8.4.16-160000.1.1.aarch64.rpm php8-odbc-8.4.16-160000.1.1.aarch64.rpm php8-opcache-8.4.16-160000.1.1.aarch64.rpm php8-openssl-8.4.16-160000.1.1.aarch64.rpm php8-pcntl-8.4.16-160000.1.1.aarch64.rpm php8-pdo-8.4.16-160000.1.1.aarch64.rpm php8-pgsql-8.4.16-160000.1.1.aarch64.rpm php8-phar-8.4.16-160000.1.1.aarch64.rpm php8-posix-8.4.16-160000.1.1.aarch64.rpm php8-readline-8.4.16-160000.1.1.aarch64.rpm php8-shmop-8.4.16-160000.1.1.aarch64.rpm php8-snmp-8.4.16-160000.1.1.aarch64.rpm php8-soap-8.4.16-160000.1.1.aarch64.rpm php8-sockets-8.4.16-160000.1.1.aarch64.rpm php8-sodium-8.4.16-160000.1.1.aarch64.rpm php8-sqlite-8.4.16-160000.1.1.aarch64.rpm php8-sysvmsg-8.4.16-160000.1.1.aarch64.rpm php8-sysvsem-8.4.16-160000.1.1.aarch64.rpm php8-sysvshm-8.4.16-160000.1.1.aarch64.rpm php8-tidy-8.4.16-160000.1.1.aarch64.rpm php8-tokenizer-8.4.16-160000.1.1.aarch64.rpm php8-xmlreader-8.4.16-160000.1.1.aarch64.rpm php8-xmlwriter-8.4.16-160000.1.1.aarch64.rpm php8-xsl-8.4.16-160000.1.1.aarch64.rpm php8-zip-8.4.16-160000.1.1.aarch64.rpm php8-zlib-8.4.16-160000.1.1.aarch64.rpm apache2-mod_php8-8.4.16-160000.1.1.aarch64.rpm php8-embed-8.4.16-160000.1.1.aarch64.rpm php8-fastcgi-8.4.16-160000.1.1.aarch64.rpm php8-fpm-8.4.16-160000.1.1.aarch64.rpm php8-fpm-apache-8.4.16-160000.1.1.noarch.rpm php8-test-8.4.16-160000.1.1.aarch64.rpm php8-8.4.16-160000.1.1.ppc64le.rpm php8-bcmath-8.4.16-160000.1.1.ppc64le.rpm php8-bz2-8.4.16-160000.1.1.ppc64le.rpm php8-calendar-8.4.16-160000.1.1.ppc64le.rpm php8-cli-8.4.16-160000.1.1.ppc64le.rpm php8-ctype-8.4.16-160000.1.1.ppc64le.rpm php8-curl-8.4.16-160000.1.1.ppc64le.rpm php8-dba-8.4.16-160000.1.1.ppc64le.rpm php8-devel-8.4.16-160000.1.1.ppc64le.rpm php8-dom-8.4.16-160000.1.1.ppc64le.rpm php8-enchant-8.4.16-160000.1.1.ppc64le.rpm php8-exif-8.4.16-160000.1.1.ppc64le.rpm php8-ffi-8.4.16-160000.1.1.ppc64le.rpm php8-fileinfo-8.4.16-160000.1.1.ppc64le.rpm php8-ftp-8.4.16-160000.1.1.ppc64le.rpm php8-gd-8.4.16-160000.1.1.ppc64le.rpm php8-gettext-8.4.16-160000.1.1.ppc64le.rpm php8-gmp-8.4.16-160000.1.1.ppc64le.rpm php8-iconv-8.4.16-160000.1.1.ppc64le.rpm php8-intl-8.4.16-160000.1.1.ppc64le.rpm php8-ldap-8.4.16-160000.1.1.ppc64le.rpm php8-mbstring-8.4.16-160000.1.1.ppc64le.rpm php8-mysql-8.4.16-160000.1.1.ppc64le.rpm php8-odbc-8.4.16-160000.1.1.ppc64le.rpm php8-opcache-8.4.16-160000.1.1.ppc64le.rpm php8-openssl-8.4.16-160000.1.1.ppc64le.rpm php8-pcntl-8.4.16-160000.1.1.ppc64le.rpm php8-pdo-8.4.16-160000.1.1.ppc64le.rpm php8-pgsql-8.4.16-160000.1.1.ppc64le.rpm php8-phar-8.4.16-160000.1.1.ppc64le.rpm php8-posix-8.4.16-160000.1.1.ppc64le.rpm php8-readline-8.4.16-160000.1.1.ppc64le.rpm php8-shmop-8.4.16-160000.1.1.ppc64le.rpm php8-snmp-8.4.16-160000.1.1.ppc64le.rpm php8-soap-8.4.16-160000.1.1.ppc64le.rpm php8-sockets-8.4.16-160000.1.1.ppc64le.rpm php8-sodium-8.4.16-160000.1.1.ppc64le.rpm php8-sqlite-8.4.16-160000.1.1.ppc64le.rpm php8-sysvmsg-8.4.16-160000.1.1.ppc64le.rpm php8-sysvsem-8.4.16-160000.1.1.ppc64le.rpm php8-sysvshm-8.4.16-160000.1.1.ppc64le.rpm php8-tidy-8.4.16-160000.1.1.ppc64le.rpm php8-tokenizer-8.4.16-160000.1.1.ppc64le.rpm php8-xmlreader-8.4.16-160000.1.1.ppc64le.rpm php8-xmlwriter-8.4.16-160000.1.1.ppc64le.rpm php8-xsl-8.4.16-160000.1.1.ppc64le.rpm php8-zip-8.4.16-160000.1.1.ppc64le.rpm php8-zlib-8.4.16-160000.1.1.ppc64le.rpm apache2-mod_php8-8.4.16-160000.1.1.ppc64le.rpm php8-embed-8.4.16-160000.1.1.ppc64le.rpm php8-fastcgi-8.4.16-160000.1.1.ppc64le.rpm php8-fpm-8.4.16-160000.1.1.ppc64le.rpm php8-test-8.4.16-160000.1.1.ppc64le.rpm php8-8.4.16-160000.1.1.s390x.rpm php8-bcmath-8.4.16-160000.1.1.s390x.rpm php8-bz2-8.4.16-160000.1.1.s390x.rpm php8-calendar-8.4.16-160000.1.1.s390x.rpm php8-cli-8.4.16-160000.1.1.s390x.rpm php8-ctype-8.4.16-160000.1.1.s390x.rpm php8-curl-8.4.16-160000.1.1.s390x.rpm php8-dba-8.4.16-160000.1.1.s390x.rpm php8-devel-8.4.16-160000.1.1.s390x.rpm php8-dom-8.4.16-160000.1.1.s390x.rpm php8-enchant-8.4.16-160000.1.1.s390x.rpm php8-exif-8.4.16-160000.1.1.s390x.rpm php8-ffi-8.4.16-160000.1.1.s390x.rpm php8-fileinfo-8.4.16-160000.1.1.s390x.rpm php8-ftp-8.4.16-160000.1.1.s390x.rpm php8-gd-8.4.16-160000.1.1.s390x.rpm php8-gettext-8.4.16-160000.1.1.s390x.rpm php8-gmp-8.4.16-160000.1.1.s390x.rpm php8-iconv-8.4.16-160000.1.1.s390x.rpm php8-intl-8.4.16-160000.1.1.s390x.rpm php8-ldap-8.4.16-160000.1.1.s390x.rpm php8-mbstring-8.4.16-160000.1.1.s390x.rpm php8-mysql-8.4.16-160000.1.1.s390x.rpm php8-odbc-8.4.16-160000.1.1.s390x.rpm php8-opcache-8.4.16-160000.1.1.s390x.rpm php8-openssl-8.4.16-160000.1.1.s390x.rpm php8-pcntl-8.4.16-160000.1.1.s390x.rpm php8-pdo-8.4.16-160000.1.1.s390x.rpm php8-pgsql-8.4.16-160000.1.1.s390x.rpm php8-phar-8.4.16-160000.1.1.s390x.rpm php8-posix-8.4.16-160000.1.1.s390x.rpm php8-readline-8.4.16-160000.1.1.s390x.rpm php8-shmop-8.4.16-160000.1.1.s390x.rpm php8-snmp-8.4.16-160000.1.1.s390x.rpm php8-soap-8.4.16-160000.1.1.s390x.rpm php8-sockets-8.4.16-160000.1.1.s390x.rpm php8-sodium-8.4.16-160000.1.1.s390x.rpm php8-sqlite-8.4.16-160000.1.1.s390x.rpm php8-sysvmsg-8.4.16-160000.1.1.s390x.rpm php8-sysvsem-8.4.16-160000.1.1.s390x.rpm php8-sysvshm-8.4.16-160000.1.1.s390x.rpm php8-tidy-8.4.16-160000.1.1.s390x.rpm php8-tokenizer-8.4.16-160000.1.1.s390x.rpm php8-xmlreader-8.4.16-160000.1.1.s390x.rpm php8-xmlwriter-8.4.16-160000.1.1.s390x.rpm php8-xsl-8.4.16-160000.1.1.s390x.rpm php8-zip-8.4.16-160000.1.1.s390x.rpm php8-zlib-8.4.16-160000.1.1.s390x.rpm apache2-mod_php8-8.4.16-160000.1.1.s390x.rpm php8-embed-8.4.16-160000.1.1.s390x.rpm php8-fastcgi-8.4.16-160000.1.1.s390x.rpm php8-fpm-8.4.16-160000.1.1.s390x.rpm php8-test-8.4.16-160000.1.1.s390x.rpm php8-8.4.16-160000.1.1.x86_64.rpm php8-bcmath-8.4.16-160000.1.1.x86_64.rpm php8-bz2-8.4.16-160000.1.1.x86_64.rpm php8-calendar-8.4.16-160000.1.1.x86_64.rpm php8-cli-8.4.16-160000.1.1.x86_64.rpm php8-ctype-8.4.16-160000.1.1.x86_64.rpm php8-curl-8.4.16-160000.1.1.x86_64.rpm php8-dba-8.4.16-160000.1.1.x86_64.rpm php8-devel-8.4.16-160000.1.1.x86_64.rpm php8-dom-8.4.16-160000.1.1.x86_64.rpm php8-enchant-8.4.16-160000.1.1.x86_64.rpm php8-exif-8.4.16-160000.1.1.x86_64.rpm php8-ffi-8.4.16-160000.1.1.x86_64.rpm php8-fileinfo-8.4.16-160000.1.1.x86_64.rpm php8-ftp-8.4.16-160000.1.1.x86_64.rpm php8-gd-8.4.16-160000.1.1.x86_64.rpm php8-gettext-8.4.16-160000.1.1.x86_64.rpm php8-gmp-8.4.16-160000.1.1.x86_64.rpm php8-iconv-8.4.16-160000.1.1.x86_64.rpm php8-intl-8.4.16-160000.1.1.x86_64.rpm php8-ldap-8.4.16-160000.1.1.x86_64.rpm php8-mbstring-8.4.16-160000.1.1.x86_64.rpm php8-mysql-8.4.16-160000.1.1.x86_64.rpm php8-odbc-8.4.16-160000.1.1.x86_64.rpm php8-opcache-8.4.16-160000.1.1.x86_64.rpm php8-openssl-8.4.16-160000.1.1.x86_64.rpm php8-pcntl-8.4.16-160000.1.1.x86_64.rpm php8-pdo-8.4.16-160000.1.1.x86_64.rpm php8-pgsql-8.4.16-160000.1.1.x86_64.rpm php8-phar-8.4.16-160000.1.1.x86_64.rpm php8-posix-8.4.16-160000.1.1.x86_64.rpm php8-readline-8.4.16-160000.1.1.x86_64.rpm php8-shmop-8.4.16-160000.1.1.x86_64.rpm php8-snmp-8.4.16-160000.1.1.x86_64.rpm php8-soap-8.4.16-160000.1.1.x86_64.rpm php8-sockets-8.4.16-160000.1.1.x86_64.rpm php8-sodium-8.4.16-160000.1.1.x86_64.rpm php8-sqlite-8.4.16-160000.1.1.x86_64.rpm php8-sysvmsg-8.4.16-160000.1.1.x86_64.rpm php8-sysvsem-8.4.16-160000.1.1.x86_64.rpm php8-sysvshm-8.4.16-160000.1.1.x86_64.rpm php8-tidy-8.4.16-160000.1.1.x86_64.rpm php8-tokenizer-8.4.16-160000.1.1.x86_64.rpm php8-xmlreader-8.4.16-160000.1.1.x86_64.rpm php8-xmlwriter-8.4.16-160000.1.1.x86_64.rpm php8-xsl-8.4.16-160000.1.1.x86_64.rpm php8-zip-8.4.16-160000.1.1.x86_64.rpm php8-zlib-8.4.16-160000.1.1.x86_64.rpm apache2-mod_php8-8.4.16-160000.1.1.x86_64.rpm php8-embed-8.4.16-160000.1.1.x86_64.rpm php8-fastcgi-8.4.16-160000.1.1.x86_64.rpm php8-fpm-8.4.16-160000.1.1.x86_64.rpm php8-test-8.4.16-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-199 Recommended update for supportutils-plugin-ha-sap moderate SUSE SLFO 1.2 This update for supportutils-plugin-ha-sap fixes the following issues: - fix typo in the definition of INSTANCE_TRACE_DIR - fix calling of getParameter.py - skip unused files from the collection of sudo files and sort the result supportutils-plugin-ha-sap-0.0.8+git.1761561174.0434cd5-160000.1.1.noarch.rpm openSUSE-Leap-16.0-2 Recommended update of flake-pilot moderate SUSE SLFO 1.2 This update for flake-pilot fixes the following issues: Update version to 3.1.22. - Fixes to use flakes as normal user Running a flake is a container based instance provisioning and startup. Some part of this process requires root permissions for example mounting the container instance store for the provisioning step. This commit fixes the required calls to be properly managed by sudo. - seed from entropy - Fix assignment of random sequence number We should use a seed for the sequence as described in https://rust-random.github.io/book/guide-seeding.html#a-simple-number In addition the logic when a random sequence number should be used was wrong and needed a fix regarding resume and attach type flakes which must not use a random sequence - Pass --init option for resume type flakes In resume mode a sleep command is used to keep the container open. However, without the --init option there is no signal handling available. This commit fixes it - Revert "kill prior remove when using %remove flag" This reverts commit 06c7d4aa71f74865dfecba399fd08cc2fde2e1f2. no hard killing needed with the event loop entrypoint - Fixed CVE-2025-55159 slab: incorrect bounds check Update to slab 0.4.11 to fix the mentioned CVE. This Fixes bsc#1248004 - Apply clippy fixes - Create sequence number for the same invocation If a flake which is not a resume or attach flake is called twice with the same invocation arguments an error message is displayed to give this invocation a new name via the @NAME runtime option. This commit makes this more comfortable and automatically assigns a random sequence number for the call if no @NAME is given. - kill prior remove when using %remove flag In case the container instance should be removed via the %remove flag, send a kill first, followed by a force remove. The reason for this is because we use a never ending sleep command as entry point for resume type containers. If they should be removed the standard signal send on podman rm will not stop the sleep and after a period of 10 seconds podman sends a kill signal itself. We can speedup this process as we know the entry point command and send the kill signal first followed by the remove which saves us some wait time spent in podman otherwise. - Fix clippy hints variables can be used directly in the format! string - Prune old images after load Make sure no <none> image references stay in the registry flake-pilot-3.1.22-160000.1.1.aarch64.rpm flake-pilot-firecracker-3.1.22-160000.1.1.aarch64.rpm flake-pilot-firecracker-dracut-netstart-3.1.22-160000.1.1.noarch.rpm flake-pilot-firecracker-guestvm-tools-3.1.22-160000.1.1.aarch64.rpm flake-pilot-podman-3.1.22-160000.1.1.aarch64.rpm flake-pilot-3.1.22-160000.1.1.ppc64le.rpm flake-pilot-firecracker-3.1.22-160000.1.1.ppc64le.rpm flake-pilot-firecracker-guestvm-tools-3.1.22-160000.1.1.ppc64le.rpm flake-pilot-podman-3.1.22-160000.1.1.ppc64le.rpm flake-pilot-3.1.22-160000.1.1.s390x.rpm flake-pilot-firecracker-3.1.22-160000.1.1.s390x.rpm flake-pilot-firecracker-guestvm-tools-3.1.22-160000.1.1.s390x.rpm flake-pilot-podman-3.1.22-160000.1.1.s390x.rpm flake-pilot-3.1.22-160000.1.1.x86_64.rpm flake-pilot-firecracker-3.1.22-160000.1.1.x86_64.rpm flake-pilot-firecracker-guestvm-tools-3.1.22-160000.1.1.x86_64.rpm flake-pilot-podman-3.1.22-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-20 Recommended update for selinux-policy critical SUSE SLFO 1.2 This update for selinux-policy fixes the following issues: Changes in selinux-policy: Update to version 20250627+git239.fcbf2d509: * fail2ban: bump module version * fail2ban: allow fail2ban to watch all log files and dirs (bsc#1251952) * fail2ban: fix typos in interface descriptions * fail2ban: tweak file context regex for /run/fail2ban * fail2ban: drop file context for old rc.d file * Allow wicket to manage its proc directories (bsc#1235731) * Allow NM to manage wicked pid files (bsc#1235731) * Allow NM to reach systemd unit files (bsc#1235731) * Make wicked script backwards compatible (bsc#1251923) * Allow snapper grub plugin to domtrans to bootloader_t (bsc#1251862) * Allow salt_t transition to rpm_script_t (bsc#1250696) * grub snapper plugin is now named 00-grub (bsc#1251793) * Assign alts_exec_t exec_file attribute (bsc#1250974) * Add equivalency between /srv/tomcat and /var/lib/tomcat (bsc#1251227) * Allow sshd_session_t write to wtmpdb * Support /usr/libexec/ssh as well as openssh folder * Set xenstored_use_store_type_domain boolean true(bsc#1247875) * Adjust guest and xguest users policy for sshd-session * Allow valkey-server create and use netlink_rdma_socket * Allow blueman get attributes of filesystems with extended attributes * Update files_search_base_file_types() * Introduce unconfined wicked_script_t (bsc#1205770, bsc#1250661) * Allow geoclue get attributes of the /dev/shm filesystem * Allow apcupsd get attributes of the /dev/shm filesystem * Allow sshd-session read cockpit pid files * Add /opt/.snapshots to the snapper file context (bsc#1232226) * Allow nfs generator create and use netlink sockets * Conditionally allow virt guests to read certificates in user home directories * xenstored_t needs CAP_SYS_ADMIN for XENSTORETYPE=domain (bsc#1247875) * Allow nfs-generator create and use udp sockets * Allow kdump search kdumpctl_tmp_t directories * Allow init open and read user tmp files * Fix the systemd_logind_stream_connect() interface * Allow staff and sysadm execute iotop using sudo * Allow sudodomains connect to systemd-logind over a unix socket * /boot/efi is dosfs_t and kdump needs to access it (bsc#1249370) * Add default contexts for sshd-seesion * Define types for new openssh executables * Fix systemd_manage_unit_symlinks() interface definition * Support coreos installation methods * Add a new type for systemd-ssh-issue PID files * Allow gnome-remote-desktop connect to unreserved ports * Zypper moves files in /var/tmp to /var/cache (bsc#1249052, bsc#1249435) * Allow mdadm the CAP_SYS_PTRACE capability * Allow iptables manage its private fifo_files in /tmp * Allow auditd manage its private run dirs * Revert "Allow virt_domain write to virt_image_t files" * Allow gdm create /etc/.pwd.lock with a file transition * Allow gdm bind a socket in the /run/systemd/userdbd directory * Allow nsswitch_domain connect to xdm over a unix domain socket * Allow systemd homed getattr all tmpfs files (bsc#1240883) * Allow systemd (PID 1) create lastlog entries * Allow systemd_homework_t transition pid files to lvm_var_run_t (bsc#1240883) * Allow gnome-remote-desktop speak with tabrmd over dbus (bsc#1244573) * Allow nm-dispatcher iscsi and sendmail plugins get pidfs attributes * Allow systemd-oomd watch tmpfs dirs * Allow chronyc the setgid and setuid capabilities * Label /usr/lib/systemd/systemd-ssh-issue with systemd_ssh_issue_exec_t * Allow stalld map sysfs files * Allow NetworkManager-dispatcher-winbind get pidfs attributes * Allow openvpn create and use generic netlink socket * policy_capabilities: remove estimated from released versions * policy_capabilities: add stub for userspace_initial_context * add netlink_xperm policy capability and nlmsg permission definitions * policy_capabilities: add ioctl_skip_cloexec * selinux-policy: add allow rule for tuned_ppd_t * selinux-policy: add allow rule for switcheroo_control_t * Label /run/audit with auditd_var_run_t * Allow virtqemud start a vm which uses nbdkit * Add nbdkit_signal() and nbdkit_signull() interfaces * Fix insights_client interfaces names * Add insights_core and insights_client interfaces * Fix selinux-autorelabel-generator label after upstream changes * Revert "Remove the mysql module sources" * Revert "Allow rasdaemon write access to sysfs (bsc#1229587)" * Reset postfix.fc to upstream, add alias instead * dist/targeted/modules.conf: enable slrnpull module * Allow bootupd delete symlinks in the /boot directory * Allow systemd-coredumpd capabilities in the user namespace * Allow openvswitch read virtqemud process state * Allow systemd-networkd to create leases directory * Apply generator template to selinux-autorelabel generator * Support virtqemud handle hotplug hostdev devices * Allow virtstoraged create qemu /var/run files * Allow unconfined_domain_type cap2_userns capabilities * Label /usr/libexec/postfix/tlsproxy with postfix_smtp_exec_t * Remove the mysql module sources * dist/targeted/modules.conf: Enable kmscon module (bsc#1238137) * Update kmscon policy module to kmscon version 9 (bsc#1238137) * Allow login to getattr pidfs * Allow systemd to map files under /sys * systemd: drop duplicate init_nnp_daemon_domain lines * Fix typo * Allow logwatch stream connect to opensmtpd * Allow geoclue read NetworkManager pid files * Allow unconfined user a file transition for creating sudo log directory * Allow virtqemud read/write inherited dri devices * Allow xdm_t create user namespaces * Update policy for login_userdomain * Add ppd_base_profile to file transition to get tuned_rw_etc_t type * Update policy for bootupd * Allow logwatch work with opensmtpd * Update dovecot policy for dovecot 2.4.1 * Allow ras-mc-ctl write to sysfs files * Allow anaconda-generator get attributes of all filesystems * Add the rhcd_rw_fifo_files() interface * Allow systemd-coredump the sys_chroot capability * Allow hostapd write to socket files in /tmp * Recognize /var/home as an alternate path for /home * Label /var/lib/lastlog with lastlog_t * Allow virtqemud write to sysfs files * Allow irqbalance search sssd lib directories * Allow samba-dcerpcd send sigkills to passwd * Allow systemd-oomd watch dbus pid sock files * Allow some confined users read and map generic log files * Allow login_userdomain watch the /run/log/journal directory * Allow login_userdomain dbus chat with tuned-ppd * Allow login_userdomain dbus chat with switcheroo-control * Allow userdomain to connect to systemd-oomd over a unix socket * Add insights_client_delete_lib_dirs() interface * Allow virtqemud_t use its private tmpfs files (bsc#1242998) * Allow virtqemud_t setattr to /dev/userfaultfd (bsc#1242998) * Allow virtqemud_t read and write /dev/ptmx (bsc#1242998) * Extend virtqemud_t tcp_socket permissions (bsc#1242998) * Allow virtqemud_t to read and write generic pty (bsc#1242998) * Allow systemd-importd create and unlink init pid socket * Allow virtqemud handle virt_content_t chr files * Allow svirt read virtqemud fifo files * All sblim-sfcbd the dac_read_search capability * Allow sblim domain read systemd session files * Allow sblim-sfcbd execute dnsdomainname * Confine nfs-server generator * Allow systemd-timedated start/stop timemaster services * Allow "hostapd_cli ping" run as a systemd service * Allow power-profiles-daemon get attributes of filesystems with extended attributes * Allow 'oomctl dump' to interact with systemd-oomd * Basic functionality for systemd-oomd * Basic enablement for systemd-oomd * Allow samba-bgqd send to smbd over a unix datagram socket * Update kernel_secretmem_use() * Add the file/watch_mountns permission * Update systemd-generators policy * Allow plymouthd_t read proc files of systemd_passwd_agent (bsc#1245470) * Allow insights-client file transition for files in /var/tmp * Allow tuned-ppd manage tuned log files * Allow systemd-coredump mount on tmpfs filesystems * Update sssd_dontaudit_read_public_files() * Allow zram-generator raw read fixed disk device * Add fs_write_cgroup_dirs() and fs_setattr_cgroup_dirs() interfaces selinux-policy-20250627+git239.fcbf2d509-160000.1.1.noarch.rpm selinux-policy-devel-20250627+git239.fcbf2d509-160000.1.1.noarch.rpm selinux-policy-doc-20250627+git239.fcbf2d509-160000.1.1.noarch.rpm selinux-policy-minimum-20250627+git239.fcbf2d509-160000.1.1.noarch.rpm selinux-policy-sandbox-20250627+git239.fcbf2d509-160000.1.1.noarch.rpm selinux-policy-targeted-20250627+git239.fcbf2d509-160000.1.1.noarch.rpm openSUSE-Leap-16.0-200 Recommended update for ulp-macros moderate SUSE SLFO 1.2 This update for ulp-macros fixes the following issues: Changes in ulp-macros: - Add macro that checks if a certain package is the most recent one. ulp-macros-1.0-160000.3.1.noarch.rpm openSUSE-Leap-16.0-201 Recommended update for xom, xmlunit, modello, junit5, jna, javapackages-tools, xz-java, sisu, slf4j, jline3, j2objc-annotations, jackson-databind, icu4j, guava, google-guice, google-gson, geronimo-specs, exec-maven-plugin, bouncycastle, byte-buddy, byaccj, apache-commons-logging, apache-commons-cli, apache-commons-codec, apache-commons-daemon, apache-commons-dbcp, apache-commons-beanutils, ant, auto moderate SUSE SLFO 1.2 This update for xom, xmlunit, modello, junit5, jna, javapackages-tools, xz-java, sisu, slf4j, jline3, j2objc-annotations, jackson-databind, icu4j, guava, google-guice, google-gson, geronimo-specs, exec-maven-plugin, bouncycastle, byte-buddy, byaccj, apache-commons-logging, apache-commons-cli, apache-commons-codec, apache-commons-daemon, apache-commons-dbcp, apache-commons-beanutils, ant, auto fixes the following issues: Changes in xom: - Make build recipe compatible with POSIX sh. Use %autosetup. Changes in xmlunit: - Upgrade to 2.11.0 * XMLUnit 2.x is a complete rewrite of XMLUnit and actually doesn't share any code with XMLUnit for Java 1.x. * Some goals for XMLUnit 2.x: + create .NET and Java versions that are compatible in design while trying to be idiomatic for each platform + remove all static configuration (the old XMLUnit class setter methods) + focus on the parts that are useful for testing - XPath - (Schema) validation - comparisons + be independent of any test framework * XMLUnit 1.x is no longer maintained - Use diretly the xalan-j2 jar instead of the jaxp_transform_impl alternative (bsc#1245931 and bsc#1245914) * In cases of ATTR_NAME_NOT_FOUND and CHILD_NODE_NOT_FOUND differences the value used to be the local name of the missing attribute or node. * New assertXpathEvaluatesTo overloads in XMLAssert and a new QualifiedName class can be used to assert the stringified result of an XPath expression is actually a qualified name Changes in modello: - Upgrade to upstream version 2.5.1 * New features and improvements + Improve and add exceptions for singular method + Fix Snakeyaml + Restore singular method behavior like was in version 2.4.0 * Maintenance + Partially migrate to JUnit 5 + Apply spotless re-formatting + Update build, get rid of legacy, fix CLI + Use distributionManagement from parent pom - Fix the modello script classpath to be able to run the velocity generator. - Upgrade to upstream version 2.3.0 Changes in modello: - Add -Dguice_custom_class_loading=CHILD option to the command-line launcher in order to avoid the following warnings with OpenJDK >= 24 : WARNING: A terminally deprecated method in sun.misc.Unsafe has been called WARNING: sun.misc.Unsafe::staticFieldBase has been called by com.google.inject.internal.aop.HiddenClassDefiner WARNING: Please consider reporting this to the maintainers of class com.google.inject.internal.aop.HiddenClassDefiner WARNING: sun.misc.Unsafe::staticFieldBase will be removed in a future release - Upgrade to upstream version 2.5.1 * New features and improvements + Improve and add exceptions for singular method + Fix Snakeyaml + Restore singular method behavior like was in version 2.4.0 * Maintenance + Partially migrate to JUnit 5 + Apply spotless re-formatting + Update build, get rid of legacy, fix CLI + Use distributionManagement from parent pom - Add dependency on objectweb-asm to build with sisu 0.9.0.M4 - Fix the modello script classpath to be able to run the velocity generator. Changes in junit5: - Fix errors in aggregator.pom and in ant build system that prevent successful builds with upcoming Maven 4 - Generate a non-modular javadoc Changes in jna: + do not put module-info.class in multirelease directories Changes in javapackages-tools: - Require findutils for working build-classpath (bsc#1245969) - Upgrade to upstream version 6.4.1 * Changes + Revert "jpackage_script: Remove unneeded backslashes" + Initial implementation of %jp_binding macro + Replace invalid $ escape in regex Changes in xz-java: + Do not put the module-info.class into multirelease directory + If building with Java 8 only, specify in the manifest the Automatic-Module-Name, so that it can be recognized as modular jar even in that configuration Changes in sisu: - Initial packaging of the Sisu Extenders with version 0.9.0.M4 - Upgrade to upstream milestone 0.9.0.M4 * Most important change + ASM is "demoted" to plain dependency, hence, consumer is able to override/update it the usual "Maven way". This applies to all components: inject, plexus and sisu-maven-plugin as well. + Historically, Sisu shaded in ASM just like Guice did. Later Sisu started shipping "main" JAR with shaded ASM but also "no_asm" classified artifact without ASM (just like Guice did with "classes" classified JAR). Starting from this version, Sisu does not shade ASM anymore, it is "demoted" to transitive dependency. * Changes + Disable shallow clones for sonarcloud analysis + Remove spurious asserts + Post release cleanup + Fix jacoco + code coverage + Enable code coverage again for all modules + Use default property for the jacoco agent + Add documentation on Plexus Configurator API + Remove about.html as only relevant for Eclipse plugins + Document Lifecycle support + Call TypeAwareExpressionEvaluator.evaluate(String,Class) if available + Pass strict flag also via "discoverComponents" + Embed/relocate ASM via m-shade-p + Update to ASM 9.8 + Increase coverage + Align subproject names (and naming) + Build infra updates + Reproducible + Fix sisu-maven-plugin + Lax array converter + Update dependencies + Publishing to Central - Build with bootstrap version of maven-plugins. This allows to be built early, since it will become a crucial plugin with Maven 4. Changes in sisu: - Upgrade to upstream milestone 0.9.0.M4 * Most important change + ASM is "demoted" to plain dependency, hence, consumer is able to override/update it the usual "Maven way". This applies to all components: inject, plexus and sisu-maven-plugin as well. + Historically, Sisu shaded in ASM just like Guice did. Later Sisu started shipping "main" JAR with shaded ASM but also "no_asm" classified artifact without ASM (just like Guice did with "classes" classified JAR). Starting from this version, Sisu does not shade ASM anymore, it is "demoted" to transitive dependency. * Changes + Disable shallow clones for sonarcloud analysis + Remove spurious asserts + Post release cleanup + Fix jacoco + code coverage + Enable code coverage again for all modules + Use default property for the jacoco agent + Add documentation on Plexus Configurator API + Remove about.html as only relevant for Eclipse plugins + Document Lifecycle support + Call TypeAwareExpressionEvaluator.evaluate(String,Class) if available + Pass strict flag also via "discoverComponents" + Embed/relocate ASM via m-shade-p + Update to ASM 9.8 + Increase coverage + Align subproject names (and naming) + Build infra updates + Reproducible + Fix sisu-maven-plugin + Lax array converter + Update dependencies + Publishing to Central Changes in jline3: - Update to upstream version 3.30.6 * New features and improvements + Improve console variable expansion (fixes #1370) + ConsoleEngineImpl: change method and field visibilities + Allow ConsoleEngineImpl subclasses access to VariableReferenceCompleter + feat: add reusable POSIX commands to builtins module + feat: support slurp command to be renamed + feat: Extend InputRC with method/s to directly read ~/.inputrc & /etc/inputrc + Allow system commands to be renamed. * Bug Fixes + Fix macOS hang in pipe operations by removing PTY terminal usage + enhancement: only compute suggestions in the Nano editor if something has changed + fix: refactor TerminalProvider methods to use inputEncoding/outputEncoding parameters + Fix System.out not working after closing dumb terminal + Optimize Display performance and fix terminal capability usage * Dependency updates + chore: Bump groovy.version from 4.0.27 to 4.0.28 + chore: Bump com.palantir.javaformat:palantir-java-format from 2.67.00 to 2.73.0 + chore: Bump junit.version from 5.12.2 to 5.13.4 + chore: Bump org.graalvm.sdk:graal-sdk from 24.2.1 to 24.2.2 + chore: Bump com.google.jimfs:jimfs from 1.3.0 to 1.3.1 + chore: Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.5.0 to 3.6.1 + chore: Bump on-headers and compression in /website + chore: Bump org.codehaus.gmavenplus:gmavenplus-plugin from 4.2.0 to 4.2.1 + chore: Bump org.apache.maven.plugins:maven-clean-plugin from 3.4.1 to 3.5.0 + chore: Bump org.codehaus.mojo:build-helper-maven-plugin from 3.6.0 to 3.6.1 + chore: Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.7 to 3.2.8 + chore: Bump eu.maveniverse.maven.njord:extension from 0.6.2 to 0.7.5 * Documentation updates + docs: Link to Nano Customization from Builtins doc page + docs: Add Capability.enter_ca_mode and Capability.exit_ca_mode tip * Maintenance + Remove double docs/docs in edit links on jline.org (fixes# 1309) + chore: make downcall handles static final - Build the ffm support in Factory, since we have now the java >= 22 - Update to upstream version 3.30.4 * New features and improvements + add pluggable completion to Nano editor (fixes #1194) + enhanced MouseSupport to handle multiple mouse event formats (SGR, URXVT, SGR-Pixels) + add getCurrentMouseTracking to Terminal interface + add ability to get terminal default foreground and background colors + add password masking support for dumb terminals (fixes #1172) + add line numbers and current line marker to secondary prompt (fix for #1151) + Add support for separate encodings for stdin, stdout, and stderr + Make prompts work in non-fullscreen mode * Bug Fixes + use a fallback classloader suitable for java Modules or OSGi environments (fixes #1185) + NPE in Status#resize when supported is false (fixes #1191) + nano editor exiting when pressing Ctrl+Space (fixes #1200) + parse error of system default /usr/share/nano/*.nanorc + Terminal.trackMouse(MouseTracking.Off) (fixes #1189) + Make command execution order consistent in SystemRegistryImpl + handle invalid entries in history files gracefully + Properly fill screen lines with spaces when width is increased in ScreenTerminal + cursor position after Status.update() + improve script file detection and execution in Groovy REPL, fixes #1139 + ensure proper cleanup of pump threads in terminal implementations + add history line width check in ScreenTerminal.setSize() (fixes #1206) + console-ui example: catch UserInterruptException in place of IOError + Ctrl+Space handling on Windows terminals + Update LineReaderImpl to use new readMouseEvent signature with lastBinding parameter + enhance nanorc loading and introduce a ClasspathResourceUtil utility + missing close in PosixSysTerminal. + Jansi AnsiConsole broken color detection in uber jars + SyntaxHighlighter glob pattern handling for non-default file systems * Documentation + Integrate website into main repository + improve JLineNativeLoader documentation and references + fix readme + Add comprehensive Javadoc to jline-builtins module + improve Javadoc in console module + add comprehensive Javadoc to org.jline.style package + add comprehensive Javadoc to JLine Terminal and Reader + Add missing DISABLE_EVENT_EXPANSION JavaDoc (fixes #1218) + Make sure snippets compile + Corrected the maven central link + correct PicocliJLineExample snippet name in library-integration.md + validate code snippets during build time instead of runtime + add missing @SInCE 3.30.0 annotations to new methods in Terminal + integrate GitHub wiki content into website documentation + Improve website build system and documentation management + fix javadoc redirect URL issue + Add picocli links to library integration + Mention InputRC on Builtins + doc: update version to 3.30.0 and add Javadoc integration + integrate ConsoleUI documentation into website + add syntax highlighting example classes for documentation + Expand DISABLE_EVENT_EXPANSION JavaDoc (re. #1238) + Link to documentation website earlier in README (see #1240) + Link to Pty4j on Terminal - Rewrite to use Ant to build. This prevents potential cycles with upcoming Maven 4 Changes in j2objc-annotations: - Update to version 3.0.0 * no structured changelog available * this version is a modular jar needed by guava Changes in jackson-databind: - Fix "Not fully interpolated version" error with Maven 4 Changes in icu4j: + detect java version up to 25 when running ant Changes in guava: - Upgrade to guava 33.4.8 * Changes of version 33.4.8 + util.concurrent: Removed our VarHandle code from guava-android. While the code was never used at runtime under Android, it was causing problems under the Android Gradle Plugin with a minSdkVersion below 26. To continue to avoid sun.misc.Unsafe under the JVM, guava-android will now always use AtomicReferenceFieldUpdater when run there. * Changes of version 33.4.7 + Modified the guava module's dependency on failureaccess to be transitive. Also, modified the guava-testlib module to make its dependency on guava transitive, to remove its dependency on failureaccess, and to add a dependency (transitive) on junit. + util.concurrent: Modified our fast paths to ensure that they continue to work when run through optimizers, such as those commonly used by Android apps. This fixes problems that some users may have seen since Guava 33.4.5. + util.concurrent: Changed the guava-android copy of AbstractFuture to try VarHandle before Unsafe, eliminating a warning under newer JDKs. * Changes of version 33.4.6 + Removed the extra copy of each class from the Guava jar. The extra copies were an accidental addition from the modularization work in Guava 33.4.5. + Fixed annotation-related warnings when using Guava in modular builds. The most common such warning is Cannot find annotation method 'value()' in type 'DoNotMock': .... * Changes of version 33.4.5 + Changed the Guava jar (plus guava-testlib and failureaccess jars) to be a modular jar. + Changed various classes to stop using sun.misc.Unsafe under Java 9+. ° Note that, if you use guava-android on the JVM (instead of using guava-jre), Guava will still try to use sun.misc.Unsafe. We will do further work on this in the future. + Belatedly updated the Public Suffix List data. * Changes of version 33.4.4 + Migrated from Checker Framework annotations to JSpecify annotations. + Made our usages of nullness annotations available in our GWT artifact. GWT users will need to upgrade to GWT 2.12.1, which makes GWT as tolerant of Java 8 type-use annotations as it is of other annotations. * Changes of version 33.4.3 + Migrated from @CheckForNull to the Checker Framework @Nullable. Most tools recognize both annotations, so we expect this to be a no-op in almost all cases. This release removes our dependency on JSR-305. * Changes of version 33.4.2 + Changed @ParametricNullness into a no-op for Kotlin and IntelliJ. Before now, it was forcing many usages of type variables to have platform types, which meant that Kotlin couldn't check those usages for nullness errors. With this change, Kotlin can detect more errors. * Changes of version 33.4.1 + Replaced our custom @ElementTypesAreNonnullByDefault annotations with the JSpecify @NullMarked annotation. * Changes of version 33.4.0 + Exposed additional Java 8 APIs to Android users. + base: Deprecated Charsets constants in favor of StandardCharsets. We will not remove the constants, but we recommend using StandardCharsets for consistency. + base: Added ToStringHelper.omitEmptyValues(). + collect: Added an optimized copyOf method to TreeRangeMap. + collect.testing: Fixed @Require annotations so that features implied by absent features are not also required to be absent. + io: Changed ByteSink and CharSink to no longer call flush() in some cases before close(). This is a no-op for well-behaved streams, which internally flush their data as part of closing. However, we have discovered some stream implementations that have overridden close() to do nothing, including not to flush some buffered data. If this change causes problems, the simplest fix is usually to change the close() override to at least call flush(). + net: Added HttpHeaders.ALT_SVC and MediaType.CBOR. * Changes of version 33.3.1 + Added j2objc-annotations to the Gradle runtime classpath to stop producing an Android Gradle Plugin error. * Changes of version 33.3.0 + base: Removed @Beta from the Duration overload of Suppliers.memoizeWithExpiration. + cache: Added CacheBuilder Duration overloads to guava-android. + collect: Removed @Beta from the guava-android Collector APIs. + collect: Added ImmutableMultimap.builderWithExpectedKeys and ImmutableMultimap.Builder.expectedValuesPerKey. + graph: Improved Graphs.hasCycle to avoid causing StackOverflowError for long paths. + net: Added text/markdown to MediaType. + net: Deprecated HttpHeaders constant for Sec-Ch-UA-Form-Factor in favor of Sec-Ch-UA-Form-Factors to follow the latest spec. + testing: Changed some test libraries to throw AssertionError (instead of the more specific AssertionFailedError) in some cases. + we are folding the failureaccess into the main guava.jar, so we don't have a special module for it. Changes in google-guice: - Fix build with Java 25 Changes in google-gson: - Rewrite the build system for ant to avoid potential build cycles with upcoming Maven 4 Changes in geronimo-specs: - Do not use update-alternatives Changes in exec-maven-plugin: - Upgrade to upstream version 3.5.1 - Changes of 3.5.1 * Bug Fixes + Add ClassLoader support for ASM ClassWriter * Maintenance + Fix ITs for Maven 4 rc-3 + Document how to use env vars in commandlineArgs - Changes of 3.5.0 * New features and improvements + Add toolchain java path to environment variables in ExecMojo * Bug Fixes + #322, enable to control the exec:java interaction with JVM classloader more finely * Maintenance + Update site descriptor to 2.0.0 + Toolchains manual improvements + Manage version of maven-toolchains-plugin - Changes of 3.4.1 * Bug Fixes + Environment variable Path should be used as case-insensitive + fix: NPE because declared MavenSession field hides field of superclass * Maintenance + Remove redundant spotless configuration * Build + Use Maven4 enabled with GH Action + Use shared release drafter GH Action - Chages of 3.4.0 * New features and improvements + Allow <includePluginDependencies> to be specified for the exec:exec goal * Bug Fixes + Do not get UPPERCASE env vars * Maintenance + Remove Log4j 1.2.x from ITs * Build + Use Maven 3.9.7 and 4.0.0-beta-3 - Changes of 3.3.0 * New features and improvements + Add option to include runtime and provided - Changes of 3.2.0 * New features and improvements + Enable to exec:java runnables and not only mains with loosely coupled injections + Try to get rid of legacy API which can break starting with java 17 * Bug Fixes + Fix #401 - Maven v4 compatibility * Maintenance + ITs improvement + Fix documentation formatting, add menu items for new examples + Execute mexec-137 also on unix family + Remove unused test * Build + Bump release-drafter/release-drafter from 5 to 6 - Changes of 3.1.1 * New features and improvements + Remove unused killAfter options + [#391] Cope with Thread::stop being unavailable in JDK 20+ + Only prefix program output with thread name when running with multiple threads + [#389] Add option 'blockSystemExit' to 'java' mojo + Require Maven 3.6.3+ + Ensure maven.properties can be forwarded to system properties for exec:java * Bug Fixes + Fix #158 - Fix non ascii character handling + [#323] exec arguments missing * Maintenance + Code cleanups - use newer JDK features + Enable spotless for code formatting + Require Maven 3.6.3+ + ITs cleanups + Use Resolver Api for dependency resolving * Build + Workaround for concurrent access to local repository on Windows by ITs + Use Maven 3.9.4, 3.8.8 in GitHub build - Changes of 3.1.0 * New features and improvements + Require Maven 3.2.5 + Support stream inheritance for the forked process, fixes #71 * Bug Fixes + Fix NullPointerException when using plugin dependencies in version 1.6.0 + preload common pool - issue #198 + fix handling of LongModulePathArgument and LongClassPathArgument + Do not drop environment variables that contain '=' in their value, or have no value. + Empty argument tag should add empty string instead of null + Fixes #160, ensure the java classloader is a child first one and supports to excludes some gathered classpath element to solve manually conflicts * Maintenance + Get rid of maven-artifact-transfer from dependencies + Cleanup project site + Cleanup project + Fix build badge for current CI system + Enforce JAVA_HOME for ITs + Drop Invokable interface + Remove unused class + Remove unused class and profile to build it + Remove unused imports + Remove unused fields + Bump sniffed signatures + fix issue with IBM semu 11 + [DEPS] remove unused logging dependencies. + Fixed message: Removed duplicate space + Fix spelling in error msg (occured -> occurred) * Build + Testing with Maven 3.2.5 and 3.8.6 + use shared gh action from ASF + use Temurin JDK Changes in bouncycastle: - Update to 1.82: * Defects Fixed: - SNOVA and MAYO are now correctly added to the JCA provider module-info file. - TLS: Avoid nonce reuse error in JCE AEAD workaround for pre-Java7. - BCJSSE: Session binding map is now shared across all stages of the session lifecycle (SunJSSE compatibility). - The CMCEPrivateKeyParameters#reconstructPublicKey method was returning an empty byte array. It now returns an encoding of the public key. - CBZip2InputStream no longer auto-closes at end-of-contents. - The BC CertPath implementation was eliminating certificates on the bases of the Key-ID. This is not in accordance with RFC 4158. - Support for the previous set of libOQS Falcon OIDs has been restored. - The BC CipherInputStream could throw an exception if asked to handle an AEAD stream consisting of the MAC only. - Some KeyAgreement classes were missing in the Java 11 class hierarchy. - Fix typo in a constant name in the HPKE class and deprecate the old constant. - Fuzzing analysis has been done on the OpenPGP API and additional code has been added to prevent escaping exceptions. * Additional Features and Functionality: - SHA3Digest, CSHAKE, TupleHash, KMAC now provide support for Memoable and EncodableService. - BCJSSE: Added support for integrity-only cipher suites in TLS 1.3 per RFC 9150. - BCJSSE: Added support for system properties "jdk.tls.{client,server}.maxInboundCertificateChainLength" - BCJSSE: Added support for ML-DSA signature schemes in TLS 1.3 per draft-ietf-tls-mldsa-00. - The Composite post-quantum signatures implementation has been updated to the latest draft (07) draft-ietf-lamps-pq-composite-sigs. - "_PREHASH" implementations are now provided for all composite signatures to allow the hash of the date to be used instead of the actual data in signature calculation. - The gradle build can now be used to generate an Bill of Materials (BOM) file. - It is now possible to configure the SignerInfoVerifierBuilder used by the SignedMailValidator class. - The Ascon family of algorithms has been updated with the latest published changes. - Composite signature keys can now be constructed from the individual keys of the algorithms composing the composite. - PGPSecretKey, PGPSignatureGenerator now support version 6. - Further optimisation work has been done on ML-KEM public key validation. - Zeroization of passwords in the JCA PKCS12 key store has been improved. - The "org.bouncycastle.drbg.effective_256bits_entropy" property has been added for platforms where the entropy source is not producing 1 full bit of entropy per bit and additional bits are required (default value 282). - OpenPGPKeyGenerator now allows for the use of empty UserIDs (version 4 compatibility). - The HQC KEM has been updated with the latest draft updates. * Additional Notes: - The legacy post-quantum package has now been removed. - Update to 1.81: * Defects Fixed: - A potention NullPointerException in the KEM KDF KemUtil class has been removed. - Overlapping input/output buffers in doFinal could result in data corruption. - Fixed Grain-128AEAD decryption incorrectly handle MAC verification. - Add configurable header validation to prevent malicious header injection in PGP cleartext signed messages; Fix signature packet encoding issues in PGPSignature.join() and embedded signatures while phasing out legacy format. - Fixed ParallelHash initialization stall when using block size B=0. - The PRF from the PBKDF2 function was been lost when PBMAC1 was initialized from protectionAlgorithm. This has been fixed. - The lowlevel DigestFactory was cloning MD5 when being asked to clone SHA1. * Additional Features and Functionality: - XWing implementation updated to draft-connolly-cfrg-xwing-kem/07/ - Further support has been added for generation and use of PGP V6 keys - Additional validation has been added for armored headers in Cleartext Signed Messages. - The PQC signature algorithm proposal Mayo has been added to the low-level API and the BCPQC provider. - The PQC signature algorithm proposal Snova has been added to the low-level API and the BCPQC provider. - Support for ChaCha20-Poly1305 has been added to the CMS/SMIME APIs. - The Falcon implementation has been updated to the latest draft. - Support has been added for generating keys which encode as seed-only and expanded-key-only for ML-KEM and ML-DSA private keys. - Private key encoding of ML-DSA and ML-KEM private keys now follows the latest IETF draft. - The Ascon family of algorithms has been updated to the initial draft of SP 800-232. Some additional optimisation work has been done. - Support for ML-DSA's external-mu calculation and signing has been added to the BC provider. - CMS now supports ML-DSA for SignedData generation. - Introduce high-level OpenPGP API for message creation/consumption and certificate evaluation. - Added JDK21 KEM API implementation for HQC algorithm. - BCJSSE: Strip trailing dot from hostname for SNI, endpointID checks. - BCJSSE: Draft support for ML-KEM updated (draft-connolly-tls-mlkem-key-agreement-05). - BCJSSE: Draft support for hybrid ECDHE-MLKEM (draft-ietf-tls-ecdhe-mlkem-00). - BCJSSE: Optionally prefer TLS 1.3 server's supported_groups order (BCSSLParameters.useNamedGroupsOrder). Changes in byte-buddy: - Fix build with maven 4 - Update to v1.17.6 * Changes of v1.17.6 + Add convenience wrapper for ResettableClassFileTransformer that implicitly delegates to correct transformer method. + Add filter for deduplicate fields and methods in class file. + Add missing static requirement of Spotbugs annotations to module descriptors. + Add LazinessMode for TypePool and add convenience support to AgentBuilder. + Fix source jars for multi-version release to contain duplicated source. - Update to v1.17.5 * Changes of v1.17.5 + Update ASM to version 9.8 to support Java 25 using ASM reader and writer. + Include AnnotationRemoval visitor for removing or replacing annotations. - Update to v1.17.4 * Changes of v1.17.4 + Add SafeVarargs plugin. + Fix OSGi declaration for byte-buddy-agent. - Update to v1.17.3 * Changes of v1.17.3 + Fix bug in ASM to Class File API bridge handling tableswitch instructions. + Add plugin for adding SafeVarargs annotations. + Further generify MemberSubstitution API. - Update to v1.17.2 * Changes of v1.17.2 + Update Class File API integration to include support for several omitted byte codes. + Adjust attach API emulation for OpenJ9 to not create subfolder if temporary folder is set explicitly. - Update to v1.17.1 * Changes of v1.17.1 + Fix bug in MemberSubstitution were argument indices were resolved by one digit off. + Update Class File API integration to avoid that parameter annotations are lost. Changes in byaccj: - add -std=gnu11 to CFLAGS to fix gcc15 compile time error, and to still allow build on SLE / Leap 15 Changes in apache-commons-logging: - Upgrade to 1.3.5 * Fixed Bugs + Javadoc is missing its Overview page. + Remove -nouses directive from maven-bundle-plugin. OSGi package imports now state 'uses' definitions for package imports, this doesn't affect JPMS (from org.apache.commons:commons-parent:80). * Changes + Bump org.apache.commons:commons-parent from 72 to 81 #285, #287, #295, #298, #303, #310, #339. + Bump org.apache.commons:commons-lang3 from 3.16.0 to 3.17.0 #288 [test]. + Bump log4j2.version from 2.23.1 to 2.24.3 #292, #299, #319, #328. * Removed: + Remove "cobertura" plugin use JaCoco, Cobertura is unmaintained. + LOGGING-193: Update Log4j 2 OSGi imports #268. + Fix PMD UnnecessaryFullyQualifiedName in SimpleLog. + Fix NullPointerException in SimpleLog#write(Object) on null Changes in apache-commons-cli: - Update to 1.10.0 * New Features + CLI-339: Help formatter extension in the new package #314. + CommandLine.Builder implements Supplier<CommandLine>. + DefaultParser.Builder implements Supplier<DefaultParser>. + CLI-340: Add CommandLine.getParsedOptionValues() #334. + CLI-333: org.apache.commons.cli.Option.Builder implements Supplier<Option>. * Fixed Bugs + Deprecate CommandLine.Builder() in favor of CommandLine.builder(). + Deprecate DeprecatedAttributes.Builder() in favor of DeprecatedAttributes.builder(). + Refactor default parser test #294. + Port to JUnit 5. + Generics for Converter should use Exception not Throwable. + Pick up maven-antrun-plugin version from parent POM org.apache:apache. + Javadoc is missing its Overview page. + Get mockito version from parent pom (#351). + Remove -nouses directive from maven-bundle-plugin. OSGi package imports now state 'uses' definitions for package imports, this doesn't affect JPMS (from org.apache.commons:commons-parent:80). + Deprecate PatternOptionBuilder.PatternOptionBuilder(). + CLI-341: HelpFormatter infinite loop with 0 width input. + CLI-349: Fail faster with a more precise NullPointerException: Option.processValue() throws NullPointerException when passed null value with value separator configured. + CLI-344: Fail faster with a more precise NullPointerException: DefaultParser.parse() throws NullPointerException when options parameter is null. + CLI-347: Options.addOptionGroup(OptionGroup) does not remove required options from requiredOpts list. + org.apache.commons.cli.Option.Builder.get() should throw IllegalStateException instead of IllegalArgumentException. + org.apache.commons.cli.Option.processValue(String) should throw IllegalStateException instead of IllegalArgumentException. + org.apache.commons.cli.OptionBuilder.create() should throw IllegalStateException instead of IllegalArgumentException. * Updates + Bump org.apache.commons:commons-parent from 72 to 85 #302, #304, #310, #315, #320, #327, #371. + [test] Bump commons-io:commons-io from 2.16.1 to 2.20.0 #309, #337. + [test] Bump org.apache.commons:commons-text from 1.12.0 to 1.14.0 #344. + Update site documentation to https://maven.apache.org/xsd/xdoc-2.0.xsd. + CLI-334: Fix Javadoc pathing #280. + CLI-335: Updated properties documentation #285. + CLI-336: Deprecation not always reported #284. Changes in apache-commons-codec: - Update to 1.18.0 * New features + Add Base32.Builder.setHexDecodeTable(boolean). + Add Base32.Builder.setHexEncodeTable(boolean). * Changes + Bump org.apache.commons:commons-parent from 78 to 79. - Includes changes from 1.17.2 * Fixed Bugs + Rewrite DaitchMokotoffSoundex.soundex(String) using String.join(). + CODEC-324: Use Resource.class to load resources, rather than its class loader #353. + Deprecate CharSequenceUtils.CharSequenceUtils(). + Deprecate Sha2Crypt.Sha2Crypt(). * Changes + Bump org.apache.commons:commons-lang3 from 3.14.0 to 3.17.0 #296, #305, #313. + Bump org.apache.commons:commons-parent from 71 to 78 #310, #312, #319, #323, #326, #333. + [test] Bump commons-io:commons-io from 2.16.1 to 2.18.0 #318, #341. + Bump org.codehaus.mojo:taglist-maven-plugin from 3.1.0 to 3.2.1 #332. Changes in apache-commons-daemon: - Upgrade to 1.4.1 * Bug Fixes: + several issues around Java OS and header files location detection. + Correct several log messages where an incorrect placeholder led to truncation of the inserted values. * New Features + Add protection to avoid high CPU usage for applications running in JVM mode that do not wait for the stop method to be called before the start method returns. Fixes DAEMON-460. + The minimum Java version has been increased to Java 8 Changes in apache-commons-dbcp: - Do not provide the hibernate_jdbc_cache alternative Changes in apache-commons-beanutils: - Updated to 1.9.3 - Fixed Bugs: * BEANUTILS-433: Update dependency from JUnit 3.8.1 to 4.12. * BEANUTILS-469: Update commons-logging from 1.1.1 to 1.2. * BEANUTILS-490: Update Java requirement from Java 5 to 6. * BEANUTILS-492: IndexedPropertyDescriptor tests now pass on Java 8. - update to 1.8.3 and rename to apache- to follow the upstream Changes in auto: - Force annotation processing, since it is needed with Java 25 xmlunit-1.6-160000.3.1.noarch.rpm xmlunit-javadoc-1.6-160000.3.1.noarch.rpm modello-2.5.1-160000.1.1.noarch.rpm modello-javadoc-2.5.1-160000.1.1.noarch.rpm modello-test-2.5.1-160000.1.1.noarch.rpm modello-maven-plugin-2.5.1-160000.1.1.noarch.rpm modello-maven-plugin-javadoc-2.5.1-160000.1.1.noarch.rpm junit5-5.10.2-160000.3.1.noarch.rpm junit5-bom-5.10.2-160000.3.1.noarch.rpm junit5-guide-5.10.2-160000.3.1.noarch.rpm junit5-javadoc-5.10.2-160000.3.1.noarch.rpm junit5-minimal-5.10.2-160000.3.1.noarch.rpm junit5-minimal-javadoc-5.10.2-160000.3.1.noarch.rpm jna-5.13.0-160000.3.1.aarch64.rpm jna-contrib-5.13.0-160000.3.1.noarch.rpm jna-javadoc-5.13.0-160000.3.1.noarch.rpm javapackages-filesystem-6.4.1-160000.1.1.aarch64.rpm javapackages-tools-6.4.1-160000.1.1.aarch64.rpm javapackages-ivy-6.4.1-160000.1.1.noarch.rpm javapackages-local-6.4.1-160000.1.1.noarch.rpm python313-javapackages-6.4.1-160000.1.1.noarch.rpm xz-java-1.10-160000.3.1.noarch.rpm xz-java-javadoc-1.10-160000.3.1.noarch.rpm sisu-inject-0.9.0.M4-160000.1.1.noarch.rpm sisu-javadoc-0.9.0.M4-160000.1.1.noarch.rpm sisu-plexus-0.9.0.M4-160000.1.1.noarch.rpm sisu-mojos-0.9.0.M4-160000.1.1.noarch.rpm sisu-mojos-javadoc-0.9.0.M4-160000.1.1.noarch.rpm sisu-inject-extender-0.9.0.M4-160000.1.1.noarch.rpm sisu-plexus-extender-0.9.0.M4-160000.1.1.noarch.rpm jcl-over-slf4j-1.7.36-160000.3.1.noarch.rpm jul-to-slf4j-1.7.36-160000.3.1.noarch.rpm log4j-over-slf4j-1.7.36-160000.3.1.noarch.rpm slf4j-1.7.36-160000.3.1.noarch.rpm slf4j-ext-1.7.36-160000.3.1.noarch.rpm slf4j-javadoc-1.7.36-160000.3.1.noarch.rpm slf4j-jcl-1.7.36-160000.3.1.noarch.rpm slf4j-jdk14-1.7.36-160000.3.1.noarch.rpm slf4j-manual-1.7.36-160000.3.1.noarch.rpm slf4j-reload4j-1.7.36-160000.3.1.noarch.rpm slf4j-sources-1.7.36-160000.3.1.noarch.rpm jline3-3.30.6-160000.1.1.aarch64.rpm jline3-builtins-3.30.6-160000.1.1.noarch.rpm jline3-console-3.30.6-160000.1.1.noarch.rpm jline3-console-ui-3.30.6-160000.1.1.noarch.rpm jline3-curses-3.30.6-160000.1.1.noarch.rpm jline3-jansi-3.30.6-160000.1.1.aarch64.rpm jline3-jansi-core-3.30.6-160000.1.1.noarch.rpm jline3-javadoc-3.30.6-160000.1.1.noarch.rpm jline3-native-3.30.6-160000.1.1.aarch64.rpm jline3-reader-3.30.6-160000.1.1.noarch.rpm jline3-remote-telnet-3.30.6-160000.1.1.noarch.rpm jline3-style-3.30.6-160000.1.1.noarch.rpm jline3-terminal-3.30.6-160000.1.1.noarch.rpm jline3-terminal-jansi-3.30.6-160000.1.1.noarch.rpm jline3-terminal-jna-3.30.6-160000.1.1.noarch.rpm jline3-terminal-jni-3.30.6-160000.1.1.noarch.rpm jspecify-1.0.0-160000.1.1.noarch.rpm jspecify-javadoc-1.0.0-160000.1.1.noarch.rpm j2objc-annotations-3.0.0-160000.1.1.noarch.rpm j2objc-annotations-javadoc-3.0.0-160000.1.1.noarch.rpm jackson-databind-2.17.3-160000.3.1.noarch.rpm jackson-databind-javadoc-2.17.3-160000.3.1.noarch.rpm icu4j-73.1-160000.4.1.noarch.rpm icu4j-charset-73.1-160000.4.1.noarch.rpm icu4j-javadoc-73.1-160000.4.1.noarch.rpm icu4j-localespi-73.1-160000.4.1.noarch.rpm guava-33.4.8-160000.1.1.noarch.rpm guava-javadoc-33.4.8-160000.1.1.noarch.rpm guava-testlib-33.4.8-160000.1.1.noarch.rpm google-guice-6.0.0-160000.4.1.noarch.rpm google-guice-javadoc-6.0.0-160000.4.1.noarch.rpm guice-assistedinject-6.0.0-160000.4.1.noarch.rpm guice-bom-6.0.0-160000.4.1.noarch.rpm guice-extensions-6.0.0-160000.4.1.noarch.rpm guice-grapher-6.0.0-160000.4.1.noarch.rpm guice-jmx-6.0.0-160000.4.1.noarch.rpm guice-jndi-6.0.0-160000.4.1.noarch.rpm guice-parent-6.0.0-160000.4.1.noarch.rpm guice-servlet-6.0.0-160000.4.1.noarch.rpm guice-throwingproviders-6.0.0-160000.4.1.noarch.rpm google-gson-2.8.9-160000.3.1.noarch.rpm google-gson-javadoc-2.8.9-160000.3.1.noarch.rpm geronimo-annotation-1_0-api-1.2-160000.3.1.noarch.rpm geronimo-j2ee-connector-1_5-api-1.2-160000.3.1.noarch.rpm geronimo-jaf-1_0_2-api-1.2-160000.3.1.noarch.rpm geronimo-jaf-1_1-api-1.2-160000.3.1.noarch.rpm geronimo-jaxrpc-1_1-api-1.2-160000.3.1.noarch.rpm geronimo-jms-1_1-api-1.2-160000.3.1.noarch.rpm geronimo-jpa-3_0-api-1.2-160000.3.1.noarch.rpm geronimo-jta-1_0_1B-api-1.2-160000.3.1.noarch.rpm geronimo-jta-1_1-api-1.2-160000.3.1.noarch.rpm geronimo-qname-1_1-api-1.2-160000.3.1.noarch.rpm geronimo-saaj-1_1-api-1.2-160000.3.1.noarch.rpm geronimo-servlet-2_4-api-1.2-160000.3.1.noarch.rpm geronimo-servlet-2_5-api-1.2-160000.3.1.noarch.rpm exec-maven-plugin-3.5.1-160000.1.1.noarch.rpm exec-maven-plugin-javadoc-3.5.1-160000.1.1.noarch.rpm bouncycastle-1.82-160000.1.1.noarch.rpm bouncycastle-javadoc-1.82-160000.1.1.noarch.rpm bouncycastle-jmail-1.82-160000.1.1.noarch.rpm bouncycastle-mail-1.82-160000.1.1.noarch.rpm bouncycastle-pg-1.82-160000.1.1.noarch.rpm bouncycastle-pkix-1.82-160000.1.1.noarch.rpm bouncycastle-tls-1.82-160000.1.1.noarch.rpm bouncycastle-util-1.82-160000.1.1.noarch.rpm byte-buddy-1.17.6-160000.1.1.noarch.rpm byte-buddy-agent-1.17.6-160000.1.1.noarch.rpm byte-buddy-javadoc-1.17.6-160000.1.1.noarch.rpm byte-buddy-maven-plugin-1.17.6-160000.1.1.noarch.rpm byaccj-1.15-160000.3.1.aarch64.rpm apache-commons-logging-1.3.5-160000.1.1.noarch.rpm apache-commons-cli-1.10.0-160000.1.1.noarch.rpm apache-commons-cli-javadoc-1.10.0-160000.1.1.noarch.rpm apache-commons-codec-1.18.0-160000.1.1.noarch.rpm apache-commons-codec-javadoc-1.18.0-160000.1.1.noarch.rpm apache-commons-daemon-1.4.1-160000.1.1.aarch64.rpm apache-commons-daemon-javadoc-1.4.1-160000.1.1.noarch.rpm apache-commons-daemon-jsvc-1.4.1-160000.1.1.aarch64.rpm apache-commons-dbcp-2.1.1-160000.3.1.noarch.rpm apache-commons-dbcp-javadoc-2.1.1-160000.3.1.noarch.rpm apache-commons-beanutils-1.11.0-160000.3.1.noarch.rpm apache-commons-beanutils-javadoc-1.11.0-160000.3.1.noarch.rpm ant-1.10.15-160000.3.1.noarch.rpm ant-jmf-1.10.15-160000.3.1.noarch.rpm ant-scripts-1.10.15-160000.3.1.noarch.rpm ant-swing-1.10.15-160000.3.1.noarch.rpm ant-antlr-1.10.15-160000.3.1.noarch.rpm ant-apache-bcel-1.10.15-160000.3.1.noarch.rpm ant-apache-bsf-1.10.15-160000.3.1.noarch.rpm ant-apache-log4j-1.10.15-160000.3.1.noarch.rpm ant-apache-oro-1.10.15-160000.3.1.noarch.rpm ant-apache-regexp-1.10.15-160000.3.1.noarch.rpm ant-apache-resolver-1.10.15-160000.3.1.noarch.rpm ant-apache-xalan2-1.10.15-160000.3.1.noarch.rpm ant-commons-logging-1.10.15-160000.3.1.noarch.rpm ant-commons-net-1.10.15-160000.3.1.noarch.rpm ant-imageio-1.10.15-160000.3.1.noarch.rpm ant-jakartamail-1.10.15-160000.3.1.noarch.rpm ant-javamail-1.10.15-160000.3.1.noarch.rpm ant-jdepend-1.10.15-160000.3.1.noarch.rpm ant-jsch-1.10.15-160000.3.1.noarch.rpm ant-manual-1.10.15-160000.3.1.noarch.rpm ant-testutil-1.10.15-160000.3.1.noarch.rpm ant-xz-1.10.15-160000.3.1.noarch.rpm ant-junit-1.10.15-160000.3.1.noarch.rpm ant-junit5-1.10.15-160000.3.1.noarch.rpm auto-1.6.1-160000.3.1.noarch.rpm auto-common-1.6.1-160000.3.1.noarch.rpm auto-javadoc-1.6.1-160000.3.1.noarch.rpm auto-service-1.6.1-160000.3.1.noarch.rpm auto-service-aggregator-1.6.1-160000.3.1.noarch.rpm auto-service-annotations-1.6.1-160000.3.1.noarch.rpm auto-value-1.6.1-160000.3.1.noarch.rpm auto-value-annotations-1.6.1-160000.3.1.noarch.rpm auto-value-parent-1.6.1-160000.3.1.noarch.rpm jna-5.13.0-160000.3.1.ppc64le.rpm javapackages-filesystem-6.4.1-160000.1.1.ppc64le.rpm javapackages-tools-6.4.1-160000.1.1.ppc64le.rpm jline3-3.30.6-160000.1.1.ppc64le.rpm jline3-jansi-3.30.6-160000.1.1.ppc64le.rpm jline3-native-3.30.6-160000.1.1.ppc64le.rpm byaccj-1.15-160000.3.1.ppc64le.rpm apache-commons-daemon-1.4.1-160000.1.1.ppc64le.rpm apache-commons-daemon-jsvc-1.4.1-160000.1.1.ppc64le.rpm jna-5.13.0-160000.3.1.s390x.rpm javapackages-filesystem-6.4.1-160000.1.1.s390x.rpm javapackages-tools-6.4.1-160000.1.1.s390x.rpm jline3-3.30.6-160000.1.1.s390x.rpm jline3-jansi-3.30.6-160000.1.1.s390x.rpm jline3-native-3.30.6-160000.1.1.s390x.rpm byaccj-1.15-160000.3.1.s390x.rpm apache-commons-daemon-1.4.1-160000.1.1.s390x.rpm apache-commons-daemon-jsvc-1.4.1-160000.1.1.s390x.rpm jna-5.13.0-160000.3.1.x86_64.rpm javapackages-filesystem-6.4.1-160000.1.1.x86_64.rpm javapackages-tools-6.4.1-160000.1.1.x86_64.rpm jline3-3.30.6-160000.1.1.x86_64.rpm jline3-jansi-3.30.6-160000.1.1.x86_64.rpm jline3-native-3.30.6-160000.1.1.x86_64.rpm byaccj-1.15-160000.3.1.x86_64.rpm apache-commons-daemon-1.4.1-160000.1.1.x86_64.rpm apache-commons-daemon-jsvc-1.4.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-202 Security update for cockpit-subscriptions moderate SUSE SLFO 1.2 This update for cockpit-subscriptions fixes the following issues: Update to version 12.1: - CVE-2025-64718: js-yaml: fixed prototype pollution in merge (bsc#1255425). cockpit-subscriptions-12.1-160000.1.1.noarch.rpm openSUSE-Leap-16.0-203 Security update for ImageMagick important SUSE SLFO 1.2 This update for ImageMagick fixes the following issues: - CVE-2025-65955: Fixed use-after-free/double-free in ImageMagick (bsc#1254435) - CVE-2025-66628: Fixed Integer Overflow leading to out of bounds read in ImageMagick (32-bit only) (bsc#1254820) - CVE-2025-68618: Fixed that reading a malicious SVG file may result in a DoS attack (bsc#1255821) - CVE-2025-68950: Fixed check for circular references in mvg files may lead to stack overflow (bsc#1255822) - CVE-2025-69204: Fixed an integer overflow can lead to a DoS attack (bsc#1255823) ImageMagick-7.1.2.0-160000.5.1.aarch64.rpm ImageMagick-config-7-SUSE-7.1.2.0-160000.5.1.noarch.rpm ImageMagick-devel-7.1.2.0-160000.5.1.aarch64.rpm ImageMagick-doc-7.1.2.0-160000.5.1.noarch.rpm ImageMagick-extra-7.1.2.0-160000.5.1.aarch64.rpm libMagick++-7_Q16HDRI5-7.1.2.0-160000.5.1.aarch64.rpm libMagick++-devel-7.1.2.0-160000.5.1.aarch64.rpm libMagickCore-7_Q16HDRI10-7.1.2.0-160000.5.1.aarch64.rpm libMagickWand-7_Q16HDRI10-7.1.2.0-160000.5.1.aarch64.rpm perl-PerlMagick-7.1.2.0-160000.5.1.aarch64.rpm ImageMagick-config-7-upstream-open-7.1.2.0-160000.5.1.noarch.rpm ImageMagick-config-7-upstream-limited-7.1.2.0-160000.5.1.noarch.rpm ImageMagick-config-7-upstream-secure-7.1.2.0-160000.5.1.noarch.rpm ImageMagick-config-7-upstream-websafe-7.1.2.0-160000.5.1.noarch.rpm ImageMagick-7.1.2.0-160000.5.1.ppc64le.rpm ImageMagick-devel-7.1.2.0-160000.5.1.ppc64le.rpm ImageMagick-extra-7.1.2.0-160000.5.1.ppc64le.rpm libMagick++-7_Q16HDRI5-7.1.2.0-160000.5.1.ppc64le.rpm libMagick++-devel-7.1.2.0-160000.5.1.ppc64le.rpm libMagickCore-7_Q16HDRI10-7.1.2.0-160000.5.1.ppc64le.rpm libMagickWand-7_Q16HDRI10-7.1.2.0-160000.5.1.ppc64le.rpm perl-PerlMagick-7.1.2.0-160000.5.1.ppc64le.rpm ImageMagick-7.1.2.0-160000.5.1.s390x.rpm ImageMagick-devel-7.1.2.0-160000.5.1.s390x.rpm ImageMagick-extra-7.1.2.0-160000.5.1.s390x.rpm libMagick++-7_Q16HDRI5-7.1.2.0-160000.5.1.s390x.rpm libMagick++-devel-7.1.2.0-160000.5.1.s390x.rpm libMagickCore-7_Q16HDRI10-7.1.2.0-160000.5.1.s390x.rpm libMagickWand-7_Q16HDRI10-7.1.2.0-160000.5.1.s390x.rpm perl-PerlMagick-7.1.2.0-160000.5.1.s390x.rpm ImageMagick-7.1.2.0-160000.5.1.x86_64.rpm ImageMagick-devel-7.1.2.0-160000.5.1.x86_64.rpm ImageMagick-extra-7.1.2.0-160000.5.1.x86_64.rpm libMagick++-7_Q16HDRI5-7.1.2.0-160000.5.1.x86_64.rpm libMagick++-devel-7.1.2.0-160000.5.1.x86_64.rpm libMagickCore-7_Q16HDRI10-7.1.2.0-160000.5.1.x86_64.rpm libMagickWand-7_Q16HDRI10-7.1.2.0-160000.5.1.x86_64.rpm perl-PerlMagick-7.1.2.0-160000.5.1.x86_64.rpm openSUSE-Leap-16.0-204 Security update for python-FontTools moderate SUSE SLFO 1.2 This update for python-FontTools fixes the following issues: - CVE-2025-66034: Fixed arbitrary file write vulnerability that could lead to remote code execution (bsc#1254366). python313-FontTools-4.53.1-160000.3.1.noarch.rpm openSUSE-Leap-16.0-206 Recommended update for grub2 important SUSE SLFO 1.2 This update for grub2 fixes the following issues: - Optimize PBKDF2 to reduce the decryption time (bsc#1248516) * lib/crypto: Introduce new HMAC functions to reuse buffers * lib/pbkdf2: Optimize PBKDF2 by reusing HMAC handle * kern/misc: Implement faster grub_memcpy() for aligned buffers grub2-2.12-160000.4.1.aarch64.rpm grub2-arm64-efi-2.12-160000.4.1.noarch.rpm grub2-arm64-efi-bls-2.12-160000.4.1.noarch.rpm grub2-arm64-efi-debug-2.12-160000.4.1.noarch.rpm grub2-arm64-efi-extras-2.12-160000.4.1.noarch.rpm grub2-branding-upstream-2.12-160000.4.1.noarch.rpm grub2-common-2.12-160000.4.1.aarch64.rpm grub2-snapper-plugin-2.12-160000.4.1.noarch.rpm grub2-systemd-sleep-plugin-2.12-160000.4.1.noarch.rpm grub2-2.12-160000.4.1.ppc64le.rpm grub2-common-2.12-160000.4.1.ppc64le.rpm grub2-powerpc-ieee1275-2.12-160000.4.1.noarch.rpm grub2-powerpc-ieee1275-debug-2.12-160000.4.1.noarch.rpm grub2-powerpc-ieee1275-extras-2.12-160000.4.1.noarch.rpm grub2-2.12-160000.4.1.s390x.rpm grub2-common-2.12-160000.4.1.s390x.rpm grub2-s390x-emu-2.12-160000.4.1.s390x.rpm grub2-s390x-emu-debug-2.12-160000.4.1.s390x.rpm grub2-s390x-emu-extras-2.12-160000.4.1.noarch.rpm grub2-2.12-160000.4.1.x86_64.rpm grub2-common-2.12-160000.4.1.x86_64.rpm grub2-i386-pc-2.12-160000.4.1.noarch.rpm grub2-i386-pc-debug-2.12-160000.4.1.noarch.rpm grub2-i386-pc-extras-2.12-160000.4.1.noarch.rpm grub2-x86_64-efi-2.12-160000.4.1.noarch.rpm grub2-x86_64-efi-bls-2.12-160000.4.1.noarch.rpm grub2-x86_64-efi-debug-2.12-160000.4.1.noarch.rpm grub2-x86_64-efi-extras-2.12-160000.4.1.noarch.rpm grub2-x86_64-xen-2.12-160000.4.1.noarch.rpm grub2-x86_64-xen-debug-2.12-160000.4.1.noarch.rpm grub2-x86_64-xen-extras-2.12-160000.4.1.noarch.rpm openSUSE-Leap-16.0-207 Security update for python-h2 moderate SUSE SLFO 1.2 This update for python-h2 fixes the following issues: - CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers (bsc#1248737) python313-h2-4.2.0-160000.3.1.noarch.rpm openSUSE-Leap-16.0-208 Security update for xkbcomp low SUSE SLFO 1.2 This update for xkbcomp fixes the following issues: - CVE-2018-15863, CVE-2018-15861, CVE-2018-15859, CVE-2018-15853: Fixed multiple memory handling and correctness issues (bsc#1105832) xkbcomp-1.4.7-160000.3.1.aarch64.rpm xkbcomp-devel-1.4.7-160000.3.1.aarch64.rpm xkbcomp-1.4.7-160000.3.1.ppc64le.rpm xkbcomp-devel-1.4.7-160000.3.1.ppc64le.rpm xkbcomp-1.4.7-160000.3.1.s390x.rpm xkbcomp-devel-1.4.7-160000.3.1.s390x.rpm xkbcomp-1.4.7-160000.3.1.x86_64.rpm xkbcomp-devel-1.4.7-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-209 Security update for ucode-amd important SUSE SLFO 1.2 This update for ucode-amd fixes the following issues: Changes in ucode-amd: - Update to version 20251203 (git commit a0f0e52138e5): * linux-firmware: Update amd-ucode copyright information * linux-firmware: Update AMD cpu microcode - Update to version 20251113 (git commit fb0dbcd30118): * linux-firmware: Update AMD cpu microcode - Update to version 20251031 (git commit 04b323bb64f9): * linux-firmware: Update AMD cpu microcode - Update to version 20251028 (git commit 4f72031fc195): * linux-firmware: Update AMD cpu microcode - Update to version 20251024 (git commit 9b899c779b8a): * amd-ucode: Fix minimum revisions in README - Update to version 20250730 (git commit 910c19074091): * linux-firmware: Update AMD cpu microcode ucode-amd-20251203-160000.1.1.noarch.rpm openSUSE-Leap-16.0-21 Recommended update for ovmf important SUSE SLFO 1.2 This update for ovmf fixes the following issues: - Enable iSCSI boot support by default (bsc#1245454) * OvmfPkg: Add NETWORK_ISCSI_DEFAULT_ENABLE build flag * Add build flag NETWORK_ISCSI_DEFAULT_ENABLE for x64 OVMF to enable iSCSI boot support by default - Update firmware descriptors to remove tab whitespace (bsc#1247847) * Replace tab whitespace with spaces in 50-ovmf-x86_64-sev.json * Replace tab whitespace with spaces in 50-ovmf-x86_64-sev-snp.json - Update firmware descriptors for SEV-SNP and TDX (bsc#1247847) * Add 50-ovmf-x86_64-sev-snp.json to support the 'amd-sev-snp' feature. * Remove the sev-snp feature from 50-ovmf-x86_64-sev.json. * Update the device in 60-ovmf-x86_64-tdx.json from 'pflash' to 'memory'. ovmf-202502-160000.3.1.aarch64.rpm ovmf-tools-202502-160000.3.1.aarch64.rpm qemu-ovmf-ia32-202502-160000.3.1.noarch.rpm qemu-ovmf-x86_64-202502-160000.3.1.noarch.rpm qemu-uefi-aarch32-202502-160000.3.1.noarch.rpm qemu-uefi-aarch64-202502-160000.3.1.noarch.rpm qemu-uefi-riscv64-202502-160000.3.1.noarch.rpm ovmf-202502-160000.3.1.x86_64.rpm ovmf-tools-202502-160000.3.1.x86_64.rpm qemu-ovmf-x86_64-debug-202502-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-210 Security update for python-python-multipart important SUSE SLFO 1.2 This update for python-python-multipart fixes the following issues: - CVE-2026-24486: Fixed non-default configuration options can lead to path traversal (bsc#1257301). python313-python-multipart-0.0.20-160000.3.1.noarch.rpm openSUSE-Leap-16.0-211 Security update for java-21-openjdk important SUSE SLFO 1.2 This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.10+7 (January 2026 CPU) Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI (bsc#1257034). - CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX (bsc#1257036). - CVE-2026-21933: Fixed Oracle Java SE component Networking (bsc#1257037). - CVE-2026-21945: Fixed Oracle Java SE component Security (bsc#1257038). Other fixes: - Do not depend on update-desktop-files (jsc#PED-14507, jsc#PED-15217). java-21-openjdk-21.0.10.0-160000.1.1.aarch64.rpm java-21-openjdk-demo-21.0.10.0-160000.1.1.aarch64.rpm java-21-openjdk-devel-21.0.10.0-160000.1.1.aarch64.rpm java-21-openjdk-headless-21.0.10.0-160000.1.1.aarch64.rpm java-21-openjdk-javadoc-21.0.10.0-160000.1.1.noarch.rpm java-21-openjdk-jmods-21.0.10.0-160000.1.1.aarch64.rpm java-21-openjdk-src-21.0.10.0-160000.1.1.aarch64.rpm java-21-openjdk-21.0.10.0-160000.1.1.ppc64le.rpm java-21-openjdk-demo-21.0.10.0-160000.1.1.ppc64le.rpm java-21-openjdk-devel-21.0.10.0-160000.1.1.ppc64le.rpm java-21-openjdk-headless-21.0.10.0-160000.1.1.ppc64le.rpm java-21-openjdk-jmods-21.0.10.0-160000.1.1.ppc64le.rpm java-21-openjdk-src-21.0.10.0-160000.1.1.ppc64le.rpm java-21-openjdk-21.0.10.0-160000.1.1.s390x.rpm java-21-openjdk-demo-21.0.10.0-160000.1.1.s390x.rpm java-21-openjdk-devel-21.0.10.0-160000.1.1.s390x.rpm java-21-openjdk-headless-21.0.10.0-160000.1.1.s390x.rpm java-21-openjdk-jmods-21.0.10.0-160000.1.1.s390x.rpm java-21-openjdk-src-21.0.10.0-160000.1.1.s390x.rpm java-21-openjdk-21.0.10.0-160000.1.1.x86_64.rpm java-21-openjdk-demo-21.0.10.0-160000.1.1.x86_64.rpm java-21-openjdk-devel-21.0.10.0-160000.1.1.x86_64.rpm java-21-openjdk-headless-21.0.10.0-160000.1.1.x86_64.rpm java-21-openjdk-jmods-21.0.10.0-160000.1.1.x86_64.rpm java-21-openjdk-src-21.0.10.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-212 Security update for python-urllib3 important SUSE SLFO 1.2 This update for python-urllib3 fixes the following issues: - CVE-2025-66471: Fixed excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867) - CVE-2025-66418: Fixed resource exhaustion via unbounded number of links in the decompression chain (bsc#1254866) python313-urllib3-2.5.0-160000.4.1.noarch.rpm openSUSE-Leap-16.0-213 Recommended update for pipewire important SUSE SLFO 1.2 This update for pipewire fixes the following issues: Changes in pipewire: - Fix libcamera working by removing a systemd restriction (boo#1217690) gstreamer-plugin-pipewire-1.4.6-160000.3.1.aarch64.rpm libpipewire-0_3-0-1.4.6-160000.3.1.aarch64.rpm pipewire-1.4.6-160000.3.1.aarch64.rpm pipewire-alsa-1.4.6-160000.3.1.aarch64.rpm pipewire-devel-1.4.6-160000.3.1.aarch64.rpm pipewire-doc-1.4.6-160000.3.1.aarch64.rpm pipewire-jack-1.4.6-160000.3.1.aarch64.rpm pipewire-lang-1.4.6-160000.3.1.noarch.rpm pipewire-libjack-0_3-1.4.6-160000.3.1.aarch64.rpm pipewire-libjack-0_3-devel-1.4.6-160000.3.1.aarch64.rpm pipewire-module-x11-0_3-1.4.6-160000.3.1.aarch64.rpm pipewire-modules-0_3-1.4.6-160000.3.1.aarch64.rpm pipewire-pulseaudio-1.4.6-160000.3.1.aarch64.rpm pipewire-spa-plugins-0_2-1.4.6-160000.3.1.aarch64.rpm pipewire-spa-plugins-0_2-jack-1.4.6-160000.3.1.aarch64.rpm pipewire-spa-tools-1.4.6-160000.3.1.aarch64.rpm pipewire-tools-1.4.6-160000.3.1.aarch64.rpm gstreamer-plugin-pipewire-1.4.6-160000.3.1.ppc64le.rpm libpipewire-0_3-0-1.4.6-160000.3.1.ppc64le.rpm pipewire-1.4.6-160000.3.1.ppc64le.rpm pipewire-alsa-1.4.6-160000.3.1.ppc64le.rpm pipewire-devel-1.4.6-160000.3.1.ppc64le.rpm pipewire-doc-1.4.6-160000.3.1.ppc64le.rpm pipewire-jack-1.4.6-160000.3.1.ppc64le.rpm pipewire-libjack-0_3-1.4.6-160000.3.1.ppc64le.rpm pipewire-libjack-0_3-devel-1.4.6-160000.3.1.ppc64le.rpm pipewire-module-x11-0_3-1.4.6-160000.3.1.ppc64le.rpm pipewire-modules-0_3-1.4.6-160000.3.1.ppc64le.rpm pipewire-pulseaudio-1.4.6-160000.3.1.ppc64le.rpm pipewire-spa-plugins-0_2-1.4.6-160000.3.1.ppc64le.rpm pipewire-spa-plugins-0_2-jack-1.4.6-160000.3.1.ppc64le.rpm pipewire-spa-tools-1.4.6-160000.3.1.ppc64le.rpm pipewire-tools-1.4.6-160000.3.1.ppc64le.rpm gstreamer-plugin-pipewire-1.4.6-160000.3.1.s390x.rpm libpipewire-0_3-0-1.4.6-160000.3.1.s390x.rpm pipewire-1.4.6-160000.3.1.s390x.rpm pipewire-alsa-1.4.6-160000.3.1.s390x.rpm pipewire-devel-1.4.6-160000.3.1.s390x.rpm pipewire-doc-1.4.6-160000.3.1.s390x.rpm pipewire-jack-1.4.6-160000.3.1.s390x.rpm pipewire-libjack-0_3-1.4.6-160000.3.1.s390x.rpm pipewire-libjack-0_3-devel-1.4.6-160000.3.1.s390x.rpm pipewire-module-x11-0_3-1.4.6-160000.3.1.s390x.rpm pipewire-modules-0_3-1.4.6-160000.3.1.s390x.rpm pipewire-pulseaudio-1.4.6-160000.3.1.s390x.rpm pipewire-spa-plugins-0_2-1.4.6-160000.3.1.s390x.rpm pipewire-spa-plugins-0_2-jack-1.4.6-160000.3.1.s390x.rpm pipewire-spa-tools-1.4.6-160000.3.1.s390x.rpm pipewire-tools-1.4.6-160000.3.1.s390x.rpm gstreamer-plugin-pipewire-1.4.6-160000.3.1.x86_64.rpm libpipewire-0_3-0-1.4.6-160000.3.1.x86_64.rpm pipewire-1.4.6-160000.3.1.x86_64.rpm pipewire-alsa-1.4.6-160000.3.1.x86_64.rpm pipewire-devel-1.4.6-160000.3.1.x86_64.rpm pipewire-doc-1.4.6-160000.3.1.x86_64.rpm pipewire-jack-1.4.6-160000.3.1.x86_64.rpm pipewire-libjack-0_3-1.4.6-160000.3.1.x86_64.rpm pipewire-libjack-0_3-devel-1.4.6-160000.3.1.x86_64.rpm pipewire-module-x11-0_3-1.4.6-160000.3.1.x86_64.rpm pipewire-modules-0_3-1.4.6-160000.3.1.x86_64.rpm pipewire-pulseaudio-1.4.6-160000.3.1.x86_64.rpm pipewire-spa-plugins-0_2-1.4.6-160000.3.1.x86_64.rpm pipewire-spa-plugins-0_2-jack-1.4.6-160000.3.1.x86_64.rpm pipewire-spa-tools-1.4.6-160000.3.1.x86_64.rpm pipewire-tools-1.4.6-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-214 Recommended update for cloud-init important SUSE SLFO 1.2 This update for cloud-init fixes the following issues: Changes in cloud-init: - Fix dependency replace -serial with -pyserial - Drop unneeded test dependency on httpretty, fixed long ago * https://github.com/canonical/cloud-init/pull/1720 - Update to version 25.1.3 (bsc#1245401 , CVE-2024-6174, bsc#1245403, CVE-2024-11584) cloud-init-25.1.3-160000.2.1.aarch64.rpm cloud-init-config-suse-25.1.3-160000.2.1.aarch64.rpm cloud-init-doc-25.1.3-160000.2.1.aarch64.rpm cloud-init-25.1.3-160000.2.1.ppc64le.rpm cloud-init-config-suse-25.1.3-160000.2.1.ppc64le.rpm cloud-init-doc-25.1.3-160000.2.1.ppc64le.rpm cloud-init-25.1.3-160000.2.1.s390x.rpm cloud-init-config-suse-25.1.3-160000.2.1.s390x.rpm cloud-init-doc-25.1.3-160000.2.1.s390x.rpm cloud-init-25.1.3-160000.2.1.x86_64.rpm cloud-init-config-suse-25.1.3-160000.2.1.x86_64.rpm cloud-init-doc-25.1.3-160000.2.1.x86_64.rpm openSUSE-Leap-16.0-215 Security update for postgresql16 important SUSE SLFO 1.2 This update for postgresql16 fixes the following issues: Security fixes: - CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts (bsc#1253332) - CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer (bsc#1253333) Other fixes: - Upgrade to 16.11 postgresql16-16.11-160000.1.1.aarch64.rpm postgresql16-contrib-16.11-160000.1.1.aarch64.rpm postgresql16-devel-16.11-160000.1.1.aarch64.rpm postgresql16-docs-16.11-160000.1.1.noarch.rpm postgresql16-llvmjit-16.11-160000.1.1.aarch64.rpm postgresql16-llvmjit-devel-16.11-160000.1.1.aarch64.rpm postgresql16-plperl-16.11-160000.1.1.aarch64.rpm postgresql16-plpython-16.11-160000.1.1.aarch64.rpm postgresql16-pltcl-16.11-160000.1.1.aarch64.rpm postgresql16-server-16.11-160000.1.1.aarch64.rpm postgresql16-server-devel-16.11-160000.1.1.aarch64.rpm postgresql16-test-16.11-160000.1.1.aarch64.rpm postgresql16-16.11-160000.1.1.ppc64le.rpm postgresql16-contrib-16.11-160000.1.1.ppc64le.rpm postgresql16-devel-16.11-160000.1.1.ppc64le.rpm postgresql16-llvmjit-16.11-160000.1.1.ppc64le.rpm postgresql16-llvmjit-devel-16.11-160000.1.1.ppc64le.rpm postgresql16-plperl-16.11-160000.1.1.ppc64le.rpm postgresql16-plpython-16.11-160000.1.1.ppc64le.rpm postgresql16-pltcl-16.11-160000.1.1.ppc64le.rpm postgresql16-server-16.11-160000.1.1.ppc64le.rpm postgresql16-server-devel-16.11-160000.1.1.ppc64le.rpm postgresql16-test-16.11-160000.1.1.ppc64le.rpm postgresql16-16.11-160000.1.1.s390x.rpm postgresql16-contrib-16.11-160000.1.1.s390x.rpm postgresql16-devel-16.11-160000.1.1.s390x.rpm postgresql16-llvmjit-16.11-160000.1.1.s390x.rpm postgresql16-llvmjit-devel-16.11-160000.1.1.s390x.rpm postgresql16-plperl-16.11-160000.1.1.s390x.rpm postgresql16-plpython-16.11-160000.1.1.s390x.rpm postgresql16-pltcl-16.11-160000.1.1.s390x.rpm postgresql16-server-16.11-160000.1.1.s390x.rpm postgresql16-server-devel-16.11-160000.1.1.s390x.rpm postgresql16-test-16.11-160000.1.1.s390x.rpm postgresql16-16.11-160000.1.1.x86_64.rpm postgresql16-contrib-16.11-160000.1.1.x86_64.rpm postgresql16-devel-16.11-160000.1.1.x86_64.rpm postgresql16-llvmjit-16.11-160000.1.1.x86_64.rpm postgresql16-llvmjit-devel-16.11-160000.1.1.x86_64.rpm postgresql16-plperl-16.11-160000.1.1.x86_64.rpm postgresql16-plpython-16.11-160000.1.1.x86_64.rpm postgresql16-pltcl-16.11-160000.1.1.x86_64.rpm postgresql16-server-16.11-160000.1.1.x86_64.rpm postgresql16-server-devel-16.11-160000.1.1.x86_64.rpm postgresql16-test-16.11-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-216 Security update for postgresql17 and postgresql18 important SUSE SLFO 1.2 This update for postgresql17 and postgresql18 fixes the following issues: Changes in postgresql17, postgresql18: Update to 17.7: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/17.7/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. Postgresql is shipped in version 18.1. pgvector was updated to 0.8.1 to support postgresql18. pgaudit was updated to support postgresql18. postgresql-18-160000.1.1.noarch.rpm postgresql-contrib-18-160000.1.1.noarch.rpm postgresql-devel-18-160000.1.1.noarch.rpm postgresql-docs-18-160000.1.1.noarch.rpm postgresql-llvmjit-18-160000.1.1.noarch.rpm postgresql-llvmjit-devel-18-160000.1.1.noarch.rpm postgresql-plperl-18-160000.1.1.noarch.rpm postgresql-plpython-18-160000.1.1.noarch.rpm postgresql-pltcl-18-160000.1.1.noarch.rpm postgresql-server-18-160000.1.1.noarch.rpm postgresql-server-devel-18-160000.1.1.noarch.rpm postgresql-test-18-160000.1.1.noarch.rpm postgresql17-17.7-160000.1.1.aarch64.rpm postgresql17-contrib-17.7-160000.1.1.aarch64.rpm postgresql17-devel-17.7-160000.1.1.aarch64.rpm postgresql17-docs-17.7-160000.1.1.noarch.rpm postgresql17-llvmjit-17.7-160000.1.1.aarch64.rpm postgresql17-llvmjit-devel-17.7-160000.1.1.aarch64.rpm postgresql17-plperl-17.7-160000.1.1.aarch64.rpm postgresql17-plpython-17.7-160000.1.1.aarch64.rpm postgresql17-pltcl-17.7-160000.1.1.aarch64.rpm postgresql17-server-17.7-160000.1.1.aarch64.rpm postgresql17-server-devel-17.7-160000.1.1.aarch64.rpm postgresql17-test-17.7-160000.1.1.aarch64.rpm libecpg6-18.1-160000.1.2.aarch64.rpm libpq5-18.1-160000.1.2.aarch64.rpm postgresql18-18.1-160000.1.2.aarch64.rpm postgresql18-contrib-18.1-160000.1.2.aarch64.rpm postgresql18-devel-18.1-160000.1.2.aarch64.rpm postgresql18-docs-18.1-160000.1.2.noarch.rpm postgresql18-llvmjit-18.1-160000.1.2.aarch64.rpm postgresql18-llvmjit-devel-18.1-160000.1.2.aarch64.rpm postgresql18-plperl-18.1-160000.1.2.aarch64.rpm postgresql18-plpython-18.1-160000.1.2.aarch64.rpm postgresql18-pltcl-18.1-160000.1.2.aarch64.rpm postgresql18-server-18.1-160000.1.2.aarch64.rpm postgresql18-server-devel-18.1-160000.1.2.aarch64.rpm postgresql18-test-18.1-160000.1.2.aarch64.rpm postgresql18-devel-mini-18.1-160000.1.1.aarch64.rpm postgresql13-pgaudit-1.5.3-160000.3.1.aarch64.rpm postgresql14-pgaudit-1.6.3-160000.3.1.aarch64.rpm postgresql15-pgaudit-1.7.1-160000.3.1.aarch64.rpm postgresql16-pgaudit-16.1-160000.3.1.aarch64.rpm postgresql17-pgaudit-17.1-160000.3.1.aarch64.rpm postgresql18-pgaudit-18.0-160000.3.1.aarch64.rpm postgresql13-pgvector-0.8.1-160000.1.1.aarch64.rpm postgresql14-pgvector-0.8.1-160000.1.1.aarch64.rpm postgresql15-pgvector-0.8.1-160000.1.1.aarch64.rpm postgresql16-pgvector-0.8.1-160000.1.1.aarch64.rpm postgresql17-pgvector-0.8.1-160000.1.1.aarch64.rpm postgresql18-pgvector-0.8.1-160000.1.1.aarch64.rpm postgresql17-17.7-160000.1.1.ppc64le.rpm postgresql17-contrib-17.7-160000.1.1.ppc64le.rpm postgresql17-devel-17.7-160000.1.1.ppc64le.rpm postgresql17-llvmjit-17.7-160000.1.1.ppc64le.rpm postgresql17-llvmjit-devel-17.7-160000.1.1.ppc64le.rpm postgresql17-plperl-17.7-160000.1.1.ppc64le.rpm postgresql17-plpython-17.7-160000.1.1.ppc64le.rpm postgresql17-pltcl-17.7-160000.1.1.ppc64le.rpm postgresql17-server-17.7-160000.1.1.ppc64le.rpm postgresql17-server-devel-17.7-160000.1.1.ppc64le.rpm postgresql17-test-17.7-160000.1.1.ppc64le.rpm libecpg6-18.1-160000.1.2.ppc64le.rpm libpq5-18.1-160000.1.2.ppc64le.rpm postgresql18-18.1-160000.1.2.ppc64le.rpm postgresql18-contrib-18.1-160000.1.2.ppc64le.rpm postgresql18-devel-18.1-160000.1.2.ppc64le.rpm postgresql18-llvmjit-18.1-160000.1.2.ppc64le.rpm postgresql18-llvmjit-devel-18.1-160000.1.2.ppc64le.rpm postgresql18-plperl-18.1-160000.1.2.ppc64le.rpm postgresql18-plpython-18.1-160000.1.2.ppc64le.rpm postgresql18-pltcl-18.1-160000.1.2.ppc64le.rpm postgresql18-server-18.1-160000.1.2.ppc64le.rpm postgresql18-server-devel-18.1-160000.1.2.ppc64le.rpm postgresql18-test-18.1-160000.1.2.ppc64le.rpm postgresql18-devel-mini-18.1-160000.1.1.ppc64le.rpm postgresql13-pgaudit-1.5.3-160000.3.1.ppc64le.rpm postgresql14-pgaudit-1.6.3-160000.3.1.ppc64le.rpm postgresql15-pgaudit-1.7.1-160000.3.1.ppc64le.rpm postgresql16-pgaudit-16.1-160000.3.1.ppc64le.rpm postgresql17-pgaudit-17.1-160000.3.1.ppc64le.rpm postgresql18-pgaudit-18.0-160000.3.1.ppc64le.rpm postgresql13-pgvector-0.8.1-160000.1.1.ppc64le.rpm postgresql14-pgvector-0.8.1-160000.1.1.ppc64le.rpm postgresql15-pgvector-0.8.1-160000.1.1.ppc64le.rpm postgresql16-pgvector-0.8.1-160000.1.1.ppc64le.rpm postgresql17-pgvector-0.8.1-160000.1.1.ppc64le.rpm postgresql18-pgvector-0.8.1-160000.1.1.ppc64le.rpm postgresql17-17.7-160000.1.1.s390x.rpm postgresql17-contrib-17.7-160000.1.1.s390x.rpm postgresql17-devel-17.7-160000.1.1.s390x.rpm postgresql17-llvmjit-17.7-160000.1.1.s390x.rpm postgresql17-llvmjit-devel-17.7-160000.1.1.s390x.rpm postgresql17-plperl-17.7-160000.1.1.s390x.rpm postgresql17-plpython-17.7-160000.1.1.s390x.rpm postgresql17-pltcl-17.7-160000.1.1.s390x.rpm postgresql17-server-17.7-160000.1.1.s390x.rpm postgresql17-server-devel-17.7-160000.1.1.s390x.rpm postgresql17-test-17.7-160000.1.1.s390x.rpm libecpg6-18.1-160000.1.2.s390x.rpm libpq5-18.1-160000.1.2.s390x.rpm postgresql18-18.1-160000.1.2.s390x.rpm postgresql18-contrib-18.1-160000.1.2.s390x.rpm postgresql18-devel-18.1-160000.1.2.s390x.rpm postgresql18-llvmjit-18.1-160000.1.2.s390x.rpm postgresql18-llvmjit-devel-18.1-160000.1.2.s390x.rpm postgresql18-plperl-18.1-160000.1.2.s390x.rpm postgresql18-plpython-18.1-160000.1.2.s390x.rpm postgresql18-pltcl-18.1-160000.1.2.s390x.rpm postgresql18-server-18.1-160000.1.2.s390x.rpm postgresql18-server-devel-18.1-160000.1.2.s390x.rpm postgresql18-test-18.1-160000.1.2.s390x.rpm postgresql18-devel-mini-18.1-160000.1.1.s390x.rpm postgresql13-pgaudit-1.5.3-160000.3.1.s390x.rpm postgresql14-pgaudit-1.6.3-160000.3.1.s390x.rpm postgresql15-pgaudit-1.7.1-160000.3.1.s390x.rpm postgresql16-pgaudit-16.1-160000.3.1.s390x.rpm postgresql17-pgaudit-17.1-160000.3.1.s390x.rpm postgresql18-pgaudit-18.0-160000.3.1.s390x.rpm postgresql13-pgvector-0.8.1-160000.1.1.s390x.rpm postgresql14-pgvector-0.8.1-160000.1.1.s390x.rpm postgresql15-pgvector-0.8.1-160000.1.1.s390x.rpm postgresql16-pgvector-0.8.1-160000.1.1.s390x.rpm postgresql17-pgvector-0.8.1-160000.1.1.s390x.rpm postgresql18-pgvector-0.8.1-160000.1.1.s390x.rpm postgresql17-17.7-160000.1.1.x86_64.rpm postgresql17-contrib-17.7-160000.1.1.x86_64.rpm postgresql17-devel-17.7-160000.1.1.x86_64.rpm postgresql17-llvmjit-17.7-160000.1.1.x86_64.rpm postgresql17-llvmjit-devel-17.7-160000.1.1.x86_64.rpm postgresql17-plperl-17.7-160000.1.1.x86_64.rpm postgresql17-plpython-17.7-160000.1.1.x86_64.rpm postgresql17-pltcl-17.7-160000.1.1.x86_64.rpm postgresql17-server-17.7-160000.1.1.x86_64.rpm postgresql17-server-devel-17.7-160000.1.1.x86_64.rpm postgresql17-test-17.7-160000.1.1.x86_64.rpm libecpg6-18.1-160000.1.2.x86_64.rpm libpq5-18.1-160000.1.2.x86_64.rpm postgresql18-18.1-160000.1.2.x86_64.rpm postgresql18-contrib-18.1-160000.1.2.x86_64.rpm postgresql18-devel-18.1-160000.1.2.x86_64.rpm postgresql18-llvmjit-18.1-160000.1.2.x86_64.rpm postgresql18-llvmjit-devel-18.1-160000.1.2.x86_64.rpm postgresql18-plperl-18.1-160000.1.2.x86_64.rpm postgresql18-plpython-18.1-160000.1.2.x86_64.rpm postgresql18-pltcl-18.1-160000.1.2.x86_64.rpm postgresql18-server-18.1-160000.1.2.x86_64.rpm postgresql18-server-devel-18.1-160000.1.2.x86_64.rpm postgresql18-test-18.1-160000.1.2.x86_64.rpm postgresql18-devel-mini-18.1-160000.1.1.x86_64.rpm postgresql13-pgaudit-1.5.3-160000.3.1.x86_64.rpm postgresql14-pgaudit-1.6.3-160000.3.1.x86_64.rpm postgresql15-pgaudit-1.7.1-160000.3.1.x86_64.rpm postgresql16-pgaudit-16.1-160000.3.1.x86_64.rpm postgresql17-pgaudit-17.1-160000.3.1.x86_64.rpm postgresql18-pgaudit-18.0-160000.3.1.x86_64.rpm postgresql13-pgvector-0.8.1-160000.1.1.x86_64.rpm postgresql14-pgvector-0.8.1-160000.1.1.x86_64.rpm postgresql15-pgvector-0.8.1-160000.1.1.x86_64.rpm postgresql16-pgvector-0.8.1-160000.1.1.x86_64.rpm postgresql17-pgvector-0.8.1-160000.1.1.x86_64.rpm postgresql18-pgvector-0.8.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-217 Security update for elemental-register, elemental-toolkit important SUSE SLFO 1.2 This update for elemental-register, elemental-toolkit fixes the following issues: elemental-register was updated to 1.8.1: Changes on top of v1.8.1: * Update headers to 2026 * Update questions to include SL Micro 6.2 Update to v1.8.1: * Install yip config files in before-install step * Bump github.com/rancher-sandbox/go-tpm and its dependencies This includes few CVE fixes: * bsc#1241826 (CVE-2025-22872) * bsc#1241857 (CVE-2025-22872) * bsc#1251511 (CVE-2025-47911) * bsc#1251679 (CVE-2025-58190) elemental-toolkit was updated to v2.3.2: * Bump golang.org/x/crypto library This includes few CVE fixes: * bsc#1241826 (CVE-2025-22872) * bsc#1241857 (CVE-2025-22872) * bsc#1251511 (CVE-2025-47911) * bsc#1251679 (CVE-2025-58190) * bsc#1253581 (CVE-2025-47913) * bsc#1253901 (CVE-2025-58181) * bsc#1254079 (CVE-2025-47914) elemental-register-1.8.1-160000.1.1.aarch64.rpm elemental-support-1.8.1-160000.1.1.aarch64.rpm elemental-toolkit-2.3.2-160000.1.1.aarch64.rpm elemental-toolkit-2.3.2-160000.1.1.ppc64le.rpm elemental-toolkit-2.3.2-160000.1.1.s390x.rpm elemental-register-1.8.1-160000.1.1.x86_64.rpm elemental-support-1.8.1-160000.1.1.x86_64.rpm elemental-toolkit-2.3.2-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-218 Security update for glibc important SUSE SLFO 1.2 This update for glibc fixes the following issues: Security fixes: - CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282). - CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766). - CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822). - CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005). Other fixes: - NPTL: Optimize trylock for high cache contention workloads (bsc#1256436) glibc-2.40-160000.3.1.aarch64.rpm glibc-devel-2.40-160000.3.1.aarch64.rpm glibc-devel-static-2.40-160000.3.1.aarch64.rpm glibc-extra-2.40-160000.3.1.aarch64.rpm glibc-gconv-modules-extra-2.40-160000.3.1.aarch64.rpm glibc-html-2.40-160000.3.1.noarch.rpm glibc-i18ndata-2.40-160000.3.1.noarch.rpm glibc-info-2.40-160000.3.1.noarch.rpm glibc-lang-2.40-160000.3.1.noarch.rpm glibc-locale-2.40-160000.3.1.aarch64.rpm glibc-locale-base-2.40-160000.3.1.aarch64.rpm glibc-profile-2.40-160000.3.1.aarch64.rpm glibc-utils-2.40-160000.3.1.aarch64.rpm cross-ppc64le-glibc-devel-2.40-160000.3.1.noarch.rpm cross-riscv64-glibc-devel-2.40-160000.3.1.noarch.rpm cross-s390x-glibc-devel-2.40-160000.3.1.noarch.rpm glibc-2.40-160000.3.1.ppc64le.rpm glibc-devel-2.40-160000.3.1.ppc64le.rpm glibc-devel-static-2.40-160000.3.1.ppc64le.rpm glibc-extra-2.40-160000.3.1.ppc64le.rpm glibc-gconv-modules-extra-2.40-160000.3.1.ppc64le.rpm glibc-locale-2.40-160000.3.1.ppc64le.rpm glibc-locale-base-2.40-160000.3.1.ppc64le.rpm glibc-profile-2.40-160000.3.1.ppc64le.rpm glibc-utils-2.40-160000.3.1.ppc64le.rpm cross-aarch64-glibc-devel-2.40-160000.3.1.noarch.rpm glibc-2.40-160000.3.1.s390x.rpm glibc-devel-2.40-160000.3.1.s390x.rpm glibc-devel-static-2.40-160000.3.1.s390x.rpm glibc-extra-2.40-160000.3.1.s390x.rpm glibc-gconv-modules-extra-2.40-160000.3.1.s390x.rpm glibc-locale-2.40-160000.3.1.s390x.rpm glibc-locale-base-2.40-160000.3.1.s390x.rpm glibc-profile-2.40-160000.3.1.s390x.rpm glibc-utils-2.40-160000.3.1.s390x.rpm glibc-2.40-160000.3.1.x86_64.rpm glibc-devel-2.40-160000.3.1.x86_64.rpm glibc-devel-static-2.40-160000.3.1.x86_64.rpm glibc-extra-2.40-160000.3.1.x86_64.rpm glibc-gconv-modules-extra-2.40-160000.3.1.x86_64.rpm glibc-locale-2.40-160000.3.1.x86_64.rpm glibc-locale-base-2.40-160000.3.1.x86_64.rpm glibc-profile-2.40-160000.3.1.x86_64.rpm glibc-utils-2.40-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-219 Security update for java-17-openjdk important SUSE SLFO 1.2 This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.18+8 (January 2026 CPU) Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI (bsc#1257034). - CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX (bsc#1257036). - CVE-2026-21933: Fixed Oracle Java SE component Networking (bsc#1257037). - CVE-2026-21945: Fixed Oracle Java SE component Security (bsc#1257038). Other fixes: - OpenJDK rendering blue borders when it should not, due to missing the fix for JDK-6304250 from upstream (bsc#1255446). - Do not depend on update-desktop-files (jsc#PED-14507, jsc#PED-15216). java-17-openjdk-17.0.18.0-160000.1.1.aarch64.rpm java-17-openjdk-demo-17.0.18.0-160000.1.1.aarch64.rpm java-17-openjdk-devel-17.0.18.0-160000.1.1.aarch64.rpm java-17-openjdk-headless-17.0.18.0-160000.1.1.aarch64.rpm java-17-openjdk-javadoc-17.0.18.0-160000.1.1.noarch.rpm java-17-openjdk-jmods-17.0.18.0-160000.1.1.aarch64.rpm java-17-openjdk-src-17.0.18.0-160000.1.1.aarch64.rpm java-17-openjdk-17.0.18.0-160000.1.1.ppc64le.rpm java-17-openjdk-demo-17.0.18.0-160000.1.1.ppc64le.rpm java-17-openjdk-devel-17.0.18.0-160000.1.1.ppc64le.rpm java-17-openjdk-headless-17.0.18.0-160000.1.1.ppc64le.rpm java-17-openjdk-jmods-17.0.18.0-160000.1.1.ppc64le.rpm java-17-openjdk-src-17.0.18.0-160000.1.1.ppc64le.rpm java-17-openjdk-17.0.18.0-160000.1.1.s390x.rpm java-17-openjdk-demo-17.0.18.0-160000.1.1.s390x.rpm java-17-openjdk-devel-17.0.18.0-160000.1.1.s390x.rpm java-17-openjdk-headless-17.0.18.0-160000.1.1.s390x.rpm java-17-openjdk-jmods-17.0.18.0-160000.1.1.s390x.rpm java-17-openjdk-src-17.0.18.0-160000.1.1.s390x.rpm java-17-openjdk-17.0.18.0-160000.1.1.x86_64.rpm java-17-openjdk-demo-17.0.18.0-160000.1.1.x86_64.rpm java-17-openjdk-devel-17.0.18.0-160000.1.1.x86_64.rpm java-17-openjdk-headless-17.0.18.0-160000.1.1.x86_64.rpm java-17-openjdk-jmods-17.0.18.0-160000.1.1.x86_64.rpm java-17-openjdk-src-17.0.18.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-22 Security update for samba critical SUSE SLFO 1.2 This update for samba fixes the following issues: Update to 4.22.5: * CVE-2025-10230: Command injection via WINS server hook script (bsc#1251280). * CVE-2025-9640: uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279). - Relax samba-gpupdate requirement for cepces, certmonger, and sscep to a recommends. They are only required if utilizing certificate auto enrollment (bsc#1249087). - Disable timeouts for smb.service so that possibly slow running ExecStartPre script 'update-samba-security-profile' doesn't cause service start to fail due to timeouts (bsc#1249181). - Ensure semanage is pulled in as a requirement when samba in installed when selinux security access mechanism that is used (bsc#1249180). - don't attempt to label paths that don't exist, also remove unecessary evaluation of semange & restorecon cmds (bsc#1249179). Update to 4.22.4: * netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with SysvolReady=0 * getpwuid does not shift to new DC when current DC is down * Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName- * Unresponsive second DC can cause idmapping failure when using idmap_ad- * kinit command is failing with Missing cache Error. * Figuring out the DC name from IP address fails and breaks fork_domain_child(). * vfs_streams_depot fstatat broken. * Delayed leader broadcast can block ctdb forever. * Apparently there is a conflict between shadow_copy2 module and virusfilter (action quarantine). * Fix handling of empty GPO link. * SMB ACL inheritance doesn't work for files created. - adjust gpgme build dependency for future-proofing ctdb-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm ctdb-pcp-pmda-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm ldb-tools-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm libldb-devel-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm libldb2-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm python3-ldb-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-ad-dc-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-ad-dc-libs-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-ceph-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-client-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-client-libs-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-dcerpc-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-devel-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-doc-4.22.5+git.431.dc5a539f124-160000.1.1.noarch.rpm samba-dsdb-modules-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-gpupdate-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-ldb-ldap-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-libs-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-libs-python3-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-python3-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-test-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-tool-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-winbind-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-winbind-libs-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm ctdb-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm ctdb-pcp-pmda-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm ldb-tools-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm libldb-devel-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm libldb2-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm python3-ldb-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-ad-dc-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-ad-dc-libs-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-client-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-client-libs-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-dcerpc-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-devel-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-dsdb-modules-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-gpupdate-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-ldb-ldap-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-libs-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-libs-python3-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-python3-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-test-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-tool-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-winbind-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-winbind-libs-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm ctdb-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm ctdb-pcp-pmda-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm ldb-tools-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm libldb-devel-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm libldb2-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm python3-ldb-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-ad-dc-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-ad-dc-libs-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-client-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-client-libs-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-dcerpc-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-devel-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-dsdb-modules-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-gpupdate-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-ldb-ldap-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-libs-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-libs-python3-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-python3-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-test-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-tool-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-winbind-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-winbind-libs-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm ctdb-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm ctdb-pcp-pmda-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm ldb-tools-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm libldb-devel-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm libldb2-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm python3-ldb-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-ad-dc-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-ad-dc-libs-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-ceph-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-client-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-client-libs-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-dcerpc-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-devel-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-dsdb-modules-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-gpupdate-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-ldb-ldap-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-libs-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-libs-python3-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-python3-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-test-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-tool-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-winbind-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-winbind-libs-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-220 Recommended update for samba important SUSE SLFO 1.2 This update for samba fixes the following issues: - Fix mistake in README.SUSE /var/spool/samba to /var/samba/spool (bsc#1254665) - Update to 4.22.7: * Samba 4.22 breaks Time Machine; * Searching for numbers doesn't work with Spotlight; * mdssvc doesn't support $time.iso dates before 1970; * Fix winbind cache consistency; * vfs_recycle does not update mtime; * Assert failed: (dirfd != -1) || (smb_fname to base_name[0] == '/') in vfswrap_openat; * ctdb can crash with inconsistent cluster lock configuration; * samba-bgqd: rework man page; * samba-bgqd can't find [printers] share (bsc#1254586); * Winbind can hang forever in gssapi if there are network issues; * libldb requires linking libreplace on Linux; * Crash in ctdbd on failed updateip; ctdb-4.22.7+git.460.b680c782b85-160000.1.1.aarch64.rpm ctdb-pcp-pmda-4.22.7+git.460.b680c782b85-160000.1.1.aarch64.rpm ldb-tools-4.22.7+git.460.b680c782b85-160000.1.1.aarch64.rpm libldb-devel-4.22.7+git.460.b680c782b85-160000.1.1.aarch64.rpm libldb2-4.22.7+git.460.b680c782b85-160000.1.1.aarch64.rpm python3-ldb-4.22.7+git.460.b680c782b85-160000.1.1.aarch64.rpm samba-4.22.7+git.460.b680c782b85-160000.1.1.aarch64.rpm samba-ad-dc-4.22.7+git.460.b680c782b85-160000.1.1.aarch64.rpm samba-ad-dc-libs-4.22.7+git.460.b680c782b85-160000.1.1.aarch64.rpm samba-ceph-4.22.7+git.460.b680c782b85-160000.1.1.aarch64.rpm samba-client-4.22.7+git.460.b680c782b85-160000.1.1.aarch64.rpm samba-client-libs-4.22.7+git.460.b680c782b85-160000.1.1.aarch64.rpm samba-dcerpc-4.22.7+git.460.b680c782b85-160000.1.1.aarch64.rpm samba-devel-4.22.7+git.460.b680c782b85-160000.1.1.aarch64.rpm samba-doc-4.22.7+git.460.b680c782b85-160000.1.1.noarch.rpm samba-dsdb-modules-4.22.7+git.460.b680c782b85-160000.1.1.aarch64.rpm samba-gpupdate-4.22.7+git.460.b680c782b85-160000.1.1.aarch64.rpm samba-ldb-ldap-4.22.7+git.460.b680c782b85-160000.1.1.aarch64.rpm samba-libs-4.22.7+git.460.b680c782b85-160000.1.1.aarch64.rpm samba-libs-python3-4.22.7+git.460.b680c782b85-160000.1.1.aarch64.rpm samba-python3-4.22.7+git.460.b680c782b85-160000.1.1.aarch64.rpm samba-test-4.22.7+git.460.b680c782b85-160000.1.1.aarch64.rpm samba-tool-4.22.7+git.460.b680c782b85-160000.1.1.aarch64.rpm samba-winbind-4.22.7+git.460.b680c782b85-160000.1.1.aarch64.rpm samba-winbind-libs-4.22.7+git.460.b680c782b85-160000.1.1.aarch64.rpm ctdb-4.22.7+git.460.b680c782b85-160000.1.1.ppc64le.rpm ctdb-pcp-pmda-4.22.7+git.460.b680c782b85-160000.1.1.ppc64le.rpm ldb-tools-4.22.7+git.460.b680c782b85-160000.1.1.ppc64le.rpm libldb-devel-4.22.7+git.460.b680c782b85-160000.1.1.ppc64le.rpm libldb2-4.22.7+git.460.b680c782b85-160000.1.1.ppc64le.rpm python3-ldb-4.22.7+git.460.b680c782b85-160000.1.1.ppc64le.rpm samba-4.22.7+git.460.b680c782b85-160000.1.1.ppc64le.rpm samba-ad-dc-4.22.7+git.460.b680c782b85-160000.1.1.ppc64le.rpm samba-ad-dc-libs-4.22.7+git.460.b680c782b85-160000.1.1.ppc64le.rpm samba-client-4.22.7+git.460.b680c782b85-160000.1.1.ppc64le.rpm samba-client-libs-4.22.7+git.460.b680c782b85-160000.1.1.ppc64le.rpm samba-dcerpc-4.22.7+git.460.b680c782b85-160000.1.1.ppc64le.rpm samba-devel-4.22.7+git.460.b680c782b85-160000.1.1.ppc64le.rpm samba-dsdb-modules-4.22.7+git.460.b680c782b85-160000.1.1.ppc64le.rpm samba-gpupdate-4.22.7+git.460.b680c782b85-160000.1.1.ppc64le.rpm samba-ldb-ldap-4.22.7+git.460.b680c782b85-160000.1.1.ppc64le.rpm samba-libs-4.22.7+git.460.b680c782b85-160000.1.1.ppc64le.rpm samba-libs-python3-4.22.7+git.460.b680c782b85-160000.1.1.ppc64le.rpm samba-python3-4.22.7+git.460.b680c782b85-160000.1.1.ppc64le.rpm samba-test-4.22.7+git.460.b680c782b85-160000.1.1.ppc64le.rpm samba-tool-4.22.7+git.460.b680c782b85-160000.1.1.ppc64le.rpm samba-winbind-4.22.7+git.460.b680c782b85-160000.1.1.ppc64le.rpm samba-winbind-libs-4.22.7+git.460.b680c782b85-160000.1.1.ppc64le.rpm ctdb-4.22.7+git.460.b680c782b85-160000.1.1.s390x.rpm ctdb-pcp-pmda-4.22.7+git.460.b680c782b85-160000.1.1.s390x.rpm ldb-tools-4.22.7+git.460.b680c782b85-160000.1.1.s390x.rpm libldb-devel-4.22.7+git.460.b680c782b85-160000.1.1.s390x.rpm libldb2-4.22.7+git.460.b680c782b85-160000.1.1.s390x.rpm python3-ldb-4.22.7+git.460.b680c782b85-160000.1.1.s390x.rpm samba-4.22.7+git.460.b680c782b85-160000.1.1.s390x.rpm samba-ad-dc-4.22.7+git.460.b680c782b85-160000.1.1.s390x.rpm samba-ad-dc-libs-4.22.7+git.460.b680c782b85-160000.1.1.s390x.rpm samba-client-4.22.7+git.460.b680c782b85-160000.1.1.s390x.rpm samba-client-libs-4.22.7+git.460.b680c782b85-160000.1.1.s390x.rpm samba-dcerpc-4.22.7+git.460.b680c782b85-160000.1.1.s390x.rpm samba-devel-4.22.7+git.460.b680c782b85-160000.1.1.s390x.rpm samba-dsdb-modules-4.22.7+git.460.b680c782b85-160000.1.1.s390x.rpm samba-gpupdate-4.22.7+git.460.b680c782b85-160000.1.1.s390x.rpm samba-ldb-ldap-4.22.7+git.460.b680c782b85-160000.1.1.s390x.rpm samba-libs-4.22.7+git.460.b680c782b85-160000.1.1.s390x.rpm samba-libs-python3-4.22.7+git.460.b680c782b85-160000.1.1.s390x.rpm samba-python3-4.22.7+git.460.b680c782b85-160000.1.1.s390x.rpm samba-test-4.22.7+git.460.b680c782b85-160000.1.1.s390x.rpm samba-tool-4.22.7+git.460.b680c782b85-160000.1.1.s390x.rpm samba-winbind-4.22.7+git.460.b680c782b85-160000.1.1.s390x.rpm samba-winbind-libs-4.22.7+git.460.b680c782b85-160000.1.1.s390x.rpm ctdb-4.22.7+git.460.b680c782b85-160000.1.1.x86_64.rpm ctdb-pcp-pmda-4.22.7+git.460.b680c782b85-160000.1.1.x86_64.rpm ldb-tools-4.22.7+git.460.b680c782b85-160000.1.1.x86_64.rpm libldb-devel-4.22.7+git.460.b680c782b85-160000.1.1.x86_64.rpm libldb2-4.22.7+git.460.b680c782b85-160000.1.1.x86_64.rpm python3-ldb-4.22.7+git.460.b680c782b85-160000.1.1.x86_64.rpm samba-4.22.7+git.460.b680c782b85-160000.1.1.x86_64.rpm samba-ad-dc-4.22.7+git.460.b680c782b85-160000.1.1.x86_64.rpm samba-ad-dc-libs-4.22.7+git.460.b680c782b85-160000.1.1.x86_64.rpm samba-ceph-4.22.7+git.460.b680c782b85-160000.1.1.x86_64.rpm samba-client-4.22.7+git.460.b680c782b85-160000.1.1.x86_64.rpm samba-client-libs-4.22.7+git.460.b680c782b85-160000.1.1.x86_64.rpm samba-dcerpc-4.22.7+git.460.b680c782b85-160000.1.1.x86_64.rpm samba-devel-4.22.7+git.460.b680c782b85-160000.1.1.x86_64.rpm samba-dsdb-modules-4.22.7+git.460.b680c782b85-160000.1.1.x86_64.rpm samba-gpupdate-4.22.7+git.460.b680c782b85-160000.1.1.x86_64.rpm samba-ldb-ldap-4.22.7+git.460.b680c782b85-160000.1.1.x86_64.rpm samba-libs-4.22.7+git.460.b680c782b85-160000.1.1.x86_64.rpm samba-libs-python3-4.22.7+git.460.b680c782b85-160000.1.1.x86_64.rpm samba-python3-4.22.7+git.460.b680c782b85-160000.1.1.x86_64.rpm samba-test-4.22.7+git.460.b680c782b85-160000.1.1.x86_64.rpm samba-tool-4.22.7+git.460.b680c782b85-160000.1.1.x86_64.rpm samba-winbind-4.22.7+git.460.b680c782b85-160000.1.1.x86_64.rpm samba-winbind-libs-4.22.7+git.460.b680c782b85-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-221 Security update for gpg2 important SUSE SLFO 1.2 This update for gpg2 fixes the following issues: - CVE-2026-24882: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys (bsc#1257396). - CVE-2026-24883: denial of service due to long signature packet length causing parse_signature to return success with sig->data[] set to a NULL value (bsc#1257395). - gpg.fail/filename: GnuPG Accepts Path Separators and Path Traversals in Literal Data "Filename" Field (bsc#1256389). dirmngr-2.5.5-160000.4.1.aarch64.rpm gpg2-2.5.5-160000.4.1.aarch64.rpm gpg2-lang-2.5.5-160000.4.1.noarch.rpm gpg2-tpm-2.5.5-160000.4.1.aarch64.rpm dirmngr-2.5.5-160000.4.1.ppc64le.rpm gpg2-2.5.5-160000.4.1.ppc64le.rpm gpg2-tpm-2.5.5-160000.4.1.ppc64le.rpm dirmngr-2.5.5-160000.4.1.s390x.rpm gpg2-2.5.5-160000.4.1.s390x.rpm gpg2-tpm-2.5.5-160000.4.1.s390x.rpm dirmngr-2.5.5-160000.4.1.x86_64.rpm gpg2-2.5.5-160000.4.1.x86_64.rpm gpg2-tpm-2.5.5-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-222 Security update for openvpn important SUSE SLFO 1.2 This update for openvpn fixes the following issues: - CVE-2025-13086: Fixed improper validation of source IP addresses in OpenVPN that could lead to DoS (bsc#1254486). openvpn-2.6.10-160000.3.1.aarch64.rpm openvpn-auth-pam-plugin-2.6.10-160000.3.1.aarch64.rpm openvpn-devel-2.6.10-160000.3.1.aarch64.rpm openvpn-down-root-plugin-2.6.10-160000.3.1.aarch64.rpm openvpn-2.6.10-160000.3.1.ppc64le.rpm openvpn-auth-pam-plugin-2.6.10-160000.3.1.ppc64le.rpm openvpn-devel-2.6.10-160000.3.1.ppc64le.rpm openvpn-down-root-plugin-2.6.10-160000.3.1.ppc64le.rpm openvpn-2.6.10-160000.3.1.s390x.rpm openvpn-auth-pam-plugin-2.6.10-160000.3.1.s390x.rpm openvpn-devel-2.6.10-160000.3.1.s390x.rpm openvpn-down-root-plugin-2.6.10-160000.3.1.s390x.rpm openvpn-2.6.10-160000.3.1.x86_64.rpm openvpn-auth-pam-plugin-2.6.10-160000.3.1.x86_64.rpm openvpn-devel-2.6.10-160000.3.1.x86_64.rpm openvpn-down-root-plugin-2.6.10-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-223 Security update for jasper moderate SUSE SLFO 1.2 This update for jasper fixes the following issues: Update to 4.2.8: - CVE-2025-8837: Fixed a bug in the JPC decoder that could cause bad memory accesses if the debug level is set sufficiently high (bsc#1247901). - CVE-2025-8836: Added some missing range checking on several coding parameters in the JPC encoder (bsc#1247902). - CVE-2025-8835: Added a check for a missing color component in the jas_image_chclrspc function (bsc#1247904). jasper-4.2.8-160000.1.1.aarch64.rpm libjasper-devel-4.2.8-160000.1.1.aarch64.rpm libjasper7-4.2.8-160000.1.1.aarch64.rpm jasper-4.2.8-160000.1.1.ppc64le.rpm libjasper-devel-4.2.8-160000.1.1.ppc64le.rpm libjasper7-4.2.8-160000.1.1.ppc64le.rpm jasper-4.2.8-160000.1.1.s390x.rpm libjasper-devel-4.2.8-160000.1.1.s390x.rpm libjasper7-4.2.8-160000.1.1.s390x.rpm jasper-4.2.8-160000.1.1.x86_64.rpm libjasper-devel-4.2.8-160000.1.1.x86_64.rpm libjasper7-4.2.8-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-224 Security update for unbound moderate SUSE SLFO 1.2 This update for unbound fixes the following issues: Update to 1.24.1: - CVE-2025-11411: Fixed possible domain hijacking attack (bsc#1252525). libunbound8-1.24.1-160000.1.1.aarch64.rpm python3-unbound-1.24.1-160000.1.1.aarch64.rpm unbound-1.24.1-160000.1.1.aarch64.rpm unbound-anchor-1.24.1-160000.1.1.aarch64.rpm unbound-devel-1.24.1-160000.1.1.aarch64.rpm unbound-munin-1.24.1-160000.1.1.noarch.rpm libunbound8-1.24.1-160000.1.1.ppc64le.rpm python3-unbound-1.24.1-160000.1.1.ppc64le.rpm unbound-1.24.1-160000.1.1.ppc64le.rpm unbound-anchor-1.24.1-160000.1.1.ppc64le.rpm unbound-devel-1.24.1-160000.1.1.ppc64le.rpm libunbound8-1.24.1-160000.1.1.s390x.rpm python3-unbound-1.24.1-160000.1.1.s390x.rpm unbound-1.24.1-160000.1.1.s390x.rpm unbound-anchor-1.24.1-160000.1.1.s390x.rpm unbound-devel-1.24.1-160000.1.1.s390x.rpm libunbound8-1.24.1-160000.1.1.x86_64.rpm python3-unbound-1.24.1-160000.1.1.x86_64.rpm unbound-1.24.1-160000.1.1.x86_64.rpm unbound-anchor-1.24.1-160000.1.1.x86_64.rpm unbound-devel-1.24.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-225 Security update for alloy important SUSE SLFO 1.2 This update for alloy fixes the following issues: Update to 1.12.2: Security fixes: - CVE-2025-68156: github.com/expr-lang/expr/builtin: Fixed potential DoS via unbounded recursion (bsc#1255333): - CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: github.com/opencontainers/runc: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1255074) Other fixes: - Add missing configuration parameter deployment_name_from_replicaset to k8sattributes processor (5b90a9d) (@dehaansa) - database_observability: Fix schema_details collector to fetch column definitions with case sensitive table names (#4872) (560dff4) (@jharvey10, @fridgepoet) - deps: Update jose2go to 1.7.0 (#4858) (dfdd341) (@jharvey10) - deps: Update npm dependencies [backport] (#5201) (8e06c26) (@jharvey10) - Ensure the squid exporter wrapper properly brackets ipv6 addresses [backport] (#5205) (e329cc6) (@dehaansa) - Preserve meta labels in loki.source.podlogs (#5097) (ab4b21e) (@kalleep) - Prevent panic in import.git when update fails [backport] (#5204) (c82fbae) (@dehaansa, @jharvey10) - show correct fallback alloy version instead of v1.13.0 (#5110) (b72be99) (@dehaansa, @jharvey10) alloy-1.12.2-160000.1.1.aarch64.rpm alloy-1.12.2-160000.1.1.ppc64le.rpm alloy-1.12.2-160000.1.1.s390x.rpm alloy-1.12.2-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-226 Security update for udisks2 moderate SUSE SLFO 1.2 This update for udisks2 fixes the following issues: - CVE-2025-8067: Fixed a missing bounds check that could lead to out-of-bounds read in udisks daemon (bsc#1248502). libudisks2-0-2.10.1-160000.3.1.aarch64.rpm libudisks2-0-devel-2.10.1-160000.3.1.aarch64.rpm libudisks2-0_btrfs-2.10.1-160000.3.1.aarch64.rpm libudisks2-0_lsm-2.10.1-160000.3.1.aarch64.rpm libudisks2-0_lvm2-2.10.1-160000.3.1.aarch64.rpm typelib-1_0-UDisks-2_0-2.10.1-160000.3.1.aarch64.rpm udisks2-2.10.1-160000.3.1.aarch64.rpm udisks2-bash-completion-2.10.1-160000.3.1.noarch.rpm udisks2-docs-2.10.1-160000.3.1.noarch.rpm udisks2-lang-2.10.1-160000.3.1.noarch.rpm udisks2-zsh-completion-2.10.1-160000.3.1.noarch.rpm libudisks2-0-2.10.1-160000.3.1.ppc64le.rpm libudisks2-0-devel-2.10.1-160000.3.1.ppc64le.rpm libudisks2-0_btrfs-2.10.1-160000.3.1.ppc64le.rpm libudisks2-0_lsm-2.10.1-160000.3.1.ppc64le.rpm libudisks2-0_lvm2-2.10.1-160000.3.1.ppc64le.rpm typelib-1_0-UDisks-2_0-2.10.1-160000.3.1.ppc64le.rpm udisks2-2.10.1-160000.3.1.ppc64le.rpm libudisks2-0-2.10.1-160000.3.1.s390x.rpm libudisks2-0-devel-2.10.1-160000.3.1.s390x.rpm libudisks2-0_btrfs-2.10.1-160000.3.1.s390x.rpm libudisks2-0_lsm-2.10.1-160000.3.1.s390x.rpm libudisks2-0_lvm2-2.10.1-160000.3.1.s390x.rpm typelib-1_0-UDisks-2_0-2.10.1-160000.3.1.s390x.rpm udisks2-2.10.1-160000.3.1.s390x.rpm libudisks2-0-2.10.1-160000.3.1.x86_64.rpm libudisks2-0-devel-2.10.1-160000.3.1.x86_64.rpm libudisks2-0_btrfs-2.10.1-160000.3.1.x86_64.rpm libudisks2-0_lsm-2.10.1-160000.3.1.x86_64.rpm libudisks2-0_lvm2-2.10.1-160000.3.1.x86_64.rpm typelib-1_0-UDisks-2_0-2.10.1-160000.3.1.x86_64.rpm udisks2-2.10.1-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-227 Security update for libsoup important SUSE SLFO 1.2 This update for libsoup fixes the following issues: - CVE-2025-11021: Fixed out-of-bounds read in Cookie Date Handling of libsoup HTTP Library (bsc#1250562). - CVE-2026-0719: Fixed stack-based buffer overflow in NTLM authentication can lead to arbitrary code execution (bsc#1256399). - CVE-2026-0716: Fixed improper bounds handling may allow out-of-bounds read (bsc#1256418). libsoup-3_0-0-3.6.5-160000.3.1.aarch64.rpm libsoup-devel-3.6.5-160000.3.1.aarch64.rpm libsoup-lang-3.6.5-160000.3.1.noarch.rpm typelib-1_0-Soup-3_0-3.6.5-160000.3.1.aarch64.rpm libsoup-3_0-0-3.6.5-160000.3.1.ppc64le.rpm libsoup-devel-3.6.5-160000.3.1.ppc64le.rpm typelib-1_0-Soup-3_0-3.6.5-160000.3.1.ppc64le.rpm libsoup-3_0-0-3.6.5-160000.3.1.s390x.rpm libsoup-devel-3.6.5-160000.3.1.s390x.rpm typelib-1_0-Soup-3_0-3.6.5-160000.3.1.s390x.rpm libsoup-3_0-0-3.6.5-160000.3.1.x86_64.rpm libsoup-devel-3.6.5-160000.3.1.x86_64.rpm typelib-1_0-Soup-3_0-3.6.5-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-228 Security update for java-25-openjdk important SUSE SLFO 1.2 This update for java-25-openjdk fixes the following issues: Update to upstream tag jdk-25.0.2+10 (January 2026 CPU) Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI (bsc#1257034). - CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX (bsc#1257036). - CVE-2026-21933: Fixed Oracle Java SE component Networking (bsc#1257037). - CVE-2026-21945: Fixed Oracle Java SE component Security (bsc#1257038). Other fixes: - Do not depend on update-desktop-files (jsc#PED-14507, jsc#PED-15221). java-25-openjdk-25.0.2.0-160000.1.1.aarch64.rpm java-25-openjdk-demo-25.0.2.0-160000.1.1.aarch64.rpm java-25-openjdk-devel-25.0.2.0-160000.1.1.aarch64.rpm java-25-openjdk-headless-25.0.2.0-160000.1.1.aarch64.rpm java-25-openjdk-javadoc-25.0.2.0-160000.1.1.noarch.rpm java-25-openjdk-jmods-25.0.2.0-160000.1.1.aarch64.rpm java-25-openjdk-src-25.0.2.0-160000.1.1.aarch64.rpm java-25-openjdk-25.0.2.0-160000.1.1.ppc64le.rpm java-25-openjdk-demo-25.0.2.0-160000.1.1.ppc64le.rpm java-25-openjdk-devel-25.0.2.0-160000.1.1.ppc64le.rpm java-25-openjdk-headless-25.0.2.0-160000.1.1.ppc64le.rpm java-25-openjdk-jmods-25.0.2.0-160000.1.1.ppc64le.rpm java-25-openjdk-src-25.0.2.0-160000.1.1.ppc64le.rpm java-25-openjdk-25.0.2.0-160000.1.1.s390x.rpm java-25-openjdk-demo-25.0.2.0-160000.1.1.s390x.rpm java-25-openjdk-devel-25.0.2.0-160000.1.1.s390x.rpm java-25-openjdk-headless-25.0.2.0-160000.1.1.s390x.rpm java-25-openjdk-jmods-25.0.2.0-160000.1.1.s390x.rpm java-25-openjdk-src-25.0.2.0-160000.1.1.s390x.rpm java-25-openjdk-25.0.2.0-160000.1.1.x86_64.rpm java-25-openjdk-demo-25.0.2.0-160000.1.1.x86_64.rpm java-25-openjdk-devel-25.0.2.0-160000.1.1.x86_64.rpm java-25-openjdk-headless-25.0.2.0-160000.1.1.x86_64.rpm java-25-openjdk-jmods-25.0.2.0-160000.1.1.x86_64.rpm java-25-openjdk-src-25.0.2.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-229 Security update for python-filelock moderate SUSE SLFO 1.2 This update for python-filelock fixes the following issues: - CVE-2025-68146: TOCTOU race condition may allow local attackers to corrupt or truncate arbitrary user files (bsc#1255244). - CVE-2026-22701: TOCTOU race condition in the SoftFileLock implementation (bsc#1256457). python313-filelock-3.18.0-160000.3.1.noarch.rpm openSUSE-Leap-16.0-23 Security update for tiff important SUSE SLFO 1.2 This update for tiff fixes the following issues: tiff was updated to 4.7.1: * Software configuration changes: * Define HAVE_JPEGTURBO_DUAL_MODE_8_12 and LERC_STATIC in tif_config.h. * CMake: define WORDS_BIGENDIAN via tif_config.h * doc/CMakeLists.txt: remove useless cmake_minimum_required() * CMake: fix build with LLVM/Clang 17 (fixes issue #651) * CMake: set CMP0074 new policy * Set LINKER_LANGUAGE for C targets with C deps * Export tiffxx cmake target (fixes issue #674) * autogen.sh: Enable verbose wget. * configure.ac: Syntax updates for Autoconf 2.71 * autogen.sh: Re-implement based on autoreconf. Failure to update config.guess/config.sub does not return error (fixes issue #672) * CMake: fix CMake 4.0 warning when minimum required version is < 3.10. * CMake: Add build option tiff-static (fixes issue #709) Library changes: * Add TIFFOpenOptionsSetWarnAboutUnknownTags() for explicit control about emitting warnings for unknown tags. No longer emit warnings about unknown tags by default * tif_predict.c: speed-up decompression in some cases. * Bug fixes: * tif_fax3: For fax group 3 data if no EOL is detected, reading is retried without synchronisation for EOLs. (fixes issue #54) * Updating TIFFMergeFieldInfo() with read_count=write_count=0 for FIELD_IGNORE. Updating TIFFMergeFieldInfo() with read_count=write_count=0 for FIELD_IGNORE. Improving handling when field_name = NULL. (fixes issue #532) * tiff.h: add COMPRESSION_JXL_DNG_1_7=52546 as used for JPEGXL compression in the DNG 1.7 specification * TIFFWriteDirectorySec: Increment string length for ASCII tags for codec tags defined with FIELD_xxx bits, as it is done for FIELD_CUSTOM tags. (fixes issue #648) * Do not error out on a tag whose tag count value is zero, just issue a warning. Fix parsing a private tag 0x80a6 (fixes issue #647) * TIFFDefaultTransferFunction(): give up beyond td_bitspersample = 24 Fixes https://github.com/OSGeo/gdal/issues/10875) * tif_getimage.c: Remove unnecessary calls to TIFFRGBAImageOK() (fixes issue #175) * Fix writing a Predictor=3 file with non-native endianness * _TIFFVSetField(): fix potential use of unallocated memory (out-of-bounds * read / nullptr dereference) in case of out-of-memory situation when dealing with custom tags (fixes issue #663) * tif_fax3.c: Error out for CCITT fax encoding if SamplesPerPixel is not equal 1 and PlanarConfiguration = Contiguous (fixes issue #26) * tif_fax3.c: error out after a number of times end-of-line or unexpected bad code words have been reached. (fixes issue #670) * Fix memory leak in TIFFSetupStrips() (fixes issue #665) * tif_zip.c: Provide zlib allocation functions. Otherwise for zlib built with -DZ_SOLO inflating will fail. * Fix memory leak in _TIFFSetDefaultCompressionState. (fixes issue #676) * tif_predict.c: Don’t overwrite input buffer of TIFFWriteScanline() if "prediction" is enabled. Use extra working buffer in PredictorEncodeRow(). (fixes issue #5) * tif_getimage.c: update some integer overflow checks (fixes issue #79) * tif_getimage.c: Fix buffer underflow crash for less raster rows at TIFFReadRGBAImageOriented() (fixes issue #704, bsc#1250413, CVE-2025-9900) * TIFFReadRGBAImage(): several fixes to avoid buffer overflows. * Correct passing arguments to TIFFCvtIEEEFloatToNative() and TIFFCvtIEEEDoubleToNative() if HAVE_IEEEFP is not defined. (fixes issue #699) * LZWDecode(): avoid nullptr dereference when trying to read again after EOI marker has been found with remaining output bytes (fixes issue #698) * TIFFSetSubDirectory(): check _TIFFCheckDirNumberAndOffset() return. * TIFFUnlinkDirectory() and TIFFWriteDirectorySec(): clear tif_rawcp when clearing tif_rawdata (fixes issue #711) * JPEGEncodeRaw(): error out if a previous scanline failed to be written, to avoid out-of-bounds access (fixes issue #714) * tif_jpeg: Fix bug in JPEGDecodeRaw() if JPEG_LIB_MK1_OR_12BIT is defined for 8/12bit dual mode, introduced in libjpeg-turbo 2.2, which was actually released as 3.0. Fixes issue #717 * add assert for TIFFReadCustomDirectory infoarray check. * ppm2tiff: Fix bug in pack_words trailing bytes, where last two bytes of each line were written wrongly. (fixes issue #467) * fax2ps: fix regression of commit 28c38d648b64a66c3218778c4745225fe3e3a06d where TIFFTAG_FAXFILLFUNC is being used rather than an output buffer (fixes issue #649) * tiff2pdf: Check TIFFTAG_TILELENGTH and TIFFTAGTILEWIDTH (fixes issue #650) * tiff2pdf: check h_samp and v_samp for range 1 to 4 to avoid division by zero. Fixes issue #654 * tiff2pdf: avoid null pointer dereference. (fixes issue #741) * Improve non-secure integer overflow check (comparison of division result with multiplicant) at compiler optimisation in tiffcp, rgb2ycbcr and tiff2rgba. Fixes issue #546 * tiff2rgba: fix some "a partial expression can generate an overflow before it is assigned to a broader type" warnings. (fixes issue #682) * tiffdither/tiffmedian: Don't skip the first line of the input image. (fixes issue #703) * tiffdither: avoid out-of-bounds read identified in issue #733 * tiffmedian: error out if TIFFReadScanline() fails (fixes issue #707) * tiffmedian: close input file. (fixes issue #735) * thumbail: avoid potential out of bounds access (fixes issue #715) * tiffcrop: close open TIFF files and release allocated buffers before exiting in case of error to avoid memory leaks. (fixes issue #716) * tiffcrop: fix double-free and memory leak exposed by issue #721 * tiffcrop: avoid buffer overflow. (fixes issue #740) * tiffcrop: avoid nullptr dereference. (fixes issue #734) * tiffdump: Fix coverity scan issue CID 1373365: Passing tainted expression *datamem to PrintData, which uses it as a divisor or modulus. * tiff2ps: check return of TIFFGetFiled() for TIFFTAG_STRIPBYTECOUNTS and TIFFTAG_TILEBYTECOUNTS to avoid NULL pointer dereference. (fixes issue #718) * tiffcmp: fix memory leak when second file cannot be opened. (fixes issue #718 and issue #729) * tiffcp: fix setting compression level for lossless codecs. (fixes issue #730) * raw2tiff: close input file before exit (fixes issue #742) Tools changes: * tiffinfo: add a -W switch to warn about unknown tags. * tiffdither: process all pages in input TIFF file. * Documentation: * TIFFRGBAImage.rst note added for incorrect saving of images with TIFF orientation from 5 (LeftTop) to 8 (LeftBottom) in the raster. * TIFFRGBAImage.rst note added about un-associated alpha handling (fixes issue #67) * Update "Defining New TIFF Tags" description. (fixes issue #642) * Fix return type of TIFFReadEncodedTile() * Update the documentation to reflect deprecated typedefs. * TIFFWriteDirectory.rst: Clarify TIFFSetWriteOffset() only sets offset for image data and not for IFD data. * Update documentation on re-entrancy and thread safety. * Remove dead links to no more existing Awaresystems web-site. * Updating BigTIFF specification and some miscelaneous editions. * Replace some last links and remove last todos. * Added hints for correct allocation of TIFFYCbCrtoRGB structure and its associated buffers. (fixes issue #681) * Added chapter to "Using the TIFF Library" with links to handling multi-page TIFF and custom directories. (fixes issue #43) * update TIFFOpen.rst with the return values of mapproc and unmapproc. (fixes issue #12) Security issues fixed: * CVE-2025-8961: Fix segmentation fault via main function of tiffcrop utility [bsc#1248117] * CVE-2025-8534: Fix null pointer dereference in function PS_Lvl2page [bsc#1247582] * CVE-2025-9165: Fix local execution manipulation can lead to memory leak [bsc#1248330] * CVE-2024-13978: Fix null pointer dereference in tiff2pdf [bsc#1247581] * CVE-2025-8176: Fix heap use-after-free in tools/tiffmedian.c [bsc#1247108] * CVE-2025-8177: Fix possible buffer overflow in tools/thumbnail.c:setrow() [bsc#1247106] - Fix TIFFMergeFieldInfo() read_count=write_count=0 (bsc#1243503) libtiff-devel-4.7.1-160000.1.1.aarch64.rpm libtiff6-4.7.1-160000.1.1.aarch64.rpm tiff-4.7.1-160000.1.1.aarch64.rpm libtiff-devel-docs-4.7.1-160000.1.1.noarch.rpm tiff-docs-4.7.1-160000.1.1.noarch.rpm libtiff-devel-4.7.1-160000.1.1.ppc64le.rpm libtiff6-4.7.1-160000.1.1.ppc64le.rpm tiff-4.7.1-160000.1.1.ppc64le.rpm libtiff-devel-4.7.1-160000.1.1.s390x.rpm libtiff6-4.7.1-160000.1.1.s390x.rpm tiff-4.7.1-160000.1.1.s390x.rpm libtiff-devel-4.7.1-160000.1.1.x86_64.rpm libtiff6-4.7.1-160000.1.1.x86_64.rpm tiff-4.7.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-230 Security update for the Linux Kernel important SUSE SLFO 1.2 The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38704: rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408). - CVE-2025-39880: ceph: fix race condition validating r_parent before applying state (bsc#1250388). - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046). - CVE-2025-40042: tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (bsc#1252861). - CVE-2025-40123: bpf: Enforce expected_attach_type for tailcall compatibility (bsc#1253365). - CVE-2025-40130: scsi: ufs: core: Fix data race in CPU latency PM QoS request handling - CVE-2025-40160: xen/events: Cleanup find_virq() return codes (bsc#1253400). - CVE-2025-40167: ext4: detect invalid INLINE_DATA + EXTENTS flag combination (bsc#1253458). - CVE-2025-40170: net: use dst_dev_rcu() in sk_setup_caps() (bsc#1253413). - CVE-2025-40179: ext4: verify orphan file size is not too big (bsc#1253442). - CVE-2025-40190: ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623). - CVE-2025-40214: af_unix: Initialise scc_index in unix_add_edge() (bsc#1254961). - CVE-2025-40215: xfrm: delete x->tunnel as we delete x (bsc#1254959). - CVE-2025-40218: mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (bsc#1254964). - CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520). - CVE-2025-40231: vsock: fix lock inversion in vsock_assign_transport() (bsc#1254815). - CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813). - CVE-2025-40237: fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809). - CVE-2025-40238: net/mlx5: Fix IPsec cleanup over MPV device (bsc#1254871). - CVE-2025-40239: net: phy: micrel: always set shared->phydev for LAN8814 (bsc#1254868). - CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075). - CVE-2025-40246: xfs: fix out of bounds memory read error in symlink repair (bsc#1254861). - CVE-2025-40248: vsock: Ignore signal/timeout on connect() if already established (bsc#1254864). - CVE-2025-40250: net/mlx5: Clean up only new IRQ glue on request_irq() failure (bsc#1254854). - CVE-2025-40251: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (bsc#1254856). - CVE-2025-40252: net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (bsc#1254849). - CVE-2025-40254: net: openvswitch: remove never-working support for setting nsh fields (bsc#1254852). - CVE-2025-40255: net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156). - CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843). - CVE-2025-40264: be2net: pass wrb_params in case of OS2BMC (bsc#1254835). - CVE-2025-40268: cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082). - CVE-2025-40271: fs/proc: fix uaf in proc_readdir_de() (bsc#1255297). - CVE-2025-40274: KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying (bsc#1254830). - CVE-2025-40276: drm/panthor: Flush shmem writes before mapping buffers CPU-uncached (bsc#1254824). - CVE-2025-40278: net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (bsc#1254825). - CVE-2025-40279: net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (bsc#1254846). - CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847). - CVE-2025-40292: virtio-net: fix received length check in big packets (bsc#1255175). - CVE-2025-40293: iommufd: Don't overflow during division for dirty tracking (bsc#1255179). - CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255187). - CVE-2025-40319: bpf: Sync pending IRQ work before freeing ring buffer (bsc#1254794). - CVE-2025-40328: smb: client: fix potential UAF in smb2_close_cached_fid() (bsc#1254624). - CVE-2025-40330: bnxt_en: Shutdown FW DMA in bnxt_shutdown() (bsc#1254616). - CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615). - CVE-2025-40338: ASoC: Intel: avs: Do not share the name pointer between components (bsc#1255273). - CVE-2025-40346: arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (bsc#1255318). - CVE-2025-40347: net: enetc: fix the deadlock of enetc_mdio_lock (bsc#1255262). - CVE-2025-40350: net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (bsc#1255260). - CVE-2025-40355: sysfs: check visibility before changing group attribute ownership (bsc#1255261). - CVE-2025-40357: net/smc: fix general protection fault in __smc_diag_dump (bsc#1255097). - CVE-2025-40359: perf/x86/intel: Fix KASAN global-out-of-bounds warning (bsc#1255087). - CVE-2025-40362: ceph: fix multifs mds auth caps issue (bsc#1255103). - CVE-2025-68171: x86/fpu: Ensure XFD state on signal delivery (bsc#1255255). - CVE-2025-68197: bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (bsc#1255242). - CVE-2025-68198: crash: fix crashkernel resource shrink (bsc#1255243). - CVE-2025-68202: sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223). - CVE-2025-68206: netfilter: nft_ct: add seqadj extension for natted connections (bsc#1255142). - CVE-2025-68208: bpf: account for current allocated stack depth in widen_imprecise_scalars() (bsc#1255227). - CVE-2025-68209: mlx5: Fix default values in create CQ (bsc#1255230). - CVE-2025-68215: ice: fix PTP cleanup on driver removal in error path (bsc#1255226). - CVE-2025-68239: binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272). - CVE-2025-68259: KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (bsc#1255199). - CVE-2025-68264: ext4: refresh inline data size before write operations (bsc#1255380). - CVE-2025-68283: libceph: replace BUG_ON with bounds check for map->max_osd (bsc#1255379). - CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377). - CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401). - CVE-2025-68293: mm/huge_memory: fix NULL pointer deference when splitting folio (bsc#1255150). - CVE-2025-68301: net: atlantic: fix fragment overflow handling in RX path (bsc#1255120). - CVE-2025-68302: net: sxgbe: fix potential NULL dereference in sxgbe_rx() (bsc#1255121). - CVE-2025-68317: io_uring/zctx: check chained notif contexts (bsc#1255354). - CVE-2025-68340: team: Move team device type change at the end of team_port_add (bsc#1255507). - CVE-2025-68353: net: vxlan: prevent NULL deref in vxlan_xmit_one (bsc#1255533). - CVE-2025-68363: bpf: Check skb->transport_header is set in bpf_skb_check_mtu (bsc#1255552). - CVE-2025-68378: bpf: Refactor stack map trace depth calculation into helper function (bsc#1255614). - CVE-2025-68736: landlock: Optimize file path walks and prepare for audit support (bsc#1255698). - CVE-2025-68742: bpf: Fix invalid prog->stats access when update_effective_progs fails (bsc#1255707). - CVE-2025-68744: bpf: Free special fields when update [lru_,]percpu_hash maps (bsc#1255709). - CVE-2025-71096: RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (bsc#1256606). The following non security issues were fixed: - KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672). - Set HZ=1000 for ppc64 default configuration (jsc#PED-14344) - bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433). - btrfs: handle aligned EOF truncation correctly for subpage cases (bsc#1253238). - cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434). - cifs: update dstaddr whenever channel iface is updated (git-fixes). - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - cpuset: fix warning when disabling remote partition (bsc#1256794). - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - netdevsim: print human readable IP address (bsc#1255071). - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - sched: Increase sched_tick_remote timeout (bsc#1254510). - selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346). - selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349). - selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349). - serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes). - supported.conf: Mark lan 743x supported (jsc#PED-14571) - tick/sched: Limit non-timekeeper CPUs calling jiffies update (bsc#1254477). - wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes). - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495). - x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495). - x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256495). - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495). kernel-devel-6.12.0-160000.9.1.noarch.rpm True kernel-macros-6.12.0-160000.9.1.noarch.rpm True kernel-source-6.12.0-160000.9.1.noarch.rpm True kernel-source-vanilla-6.12.0-160000.9.1.noarch.rpm True kernel-default-base-6.12.0-160000.9.1.160000.2.6.aarch64.rpm True dtb-allwinner-6.12.0-160000.9.1.aarch64.rpm True dtb-altera-6.12.0-160000.9.1.aarch64.rpm True dtb-amazon-6.12.0-160000.9.1.aarch64.rpm True dtb-amd-6.12.0-160000.9.1.aarch64.rpm True dtb-amlogic-6.12.0-160000.9.1.aarch64.rpm True dtb-apm-6.12.0-160000.9.1.aarch64.rpm True dtb-apple-6.12.0-160000.9.1.aarch64.rpm True dtb-arm-6.12.0-160000.9.1.aarch64.rpm True dtb-broadcom-6.12.0-160000.9.1.aarch64.rpm True dtb-cavium-6.12.0-160000.9.1.aarch64.rpm True dtb-exynos-6.12.0-160000.9.1.aarch64.rpm True dtb-freescale-6.12.0-160000.9.1.aarch64.rpm True dtb-hisilicon-6.12.0-160000.9.1.aarch64.rpm True dtb-lg-6.12.0-160000.9.1.aarch64.rpm True dtb-marvell-6.12.0-160000.9.1.aarch64.rpm True dtb-mediatek-6.12.0-160000.9.1.aarch64.rpm True dtb-nvidia-6.12.0-160000.9.1.aarch64.rpm True dtb-qcom-6.12.0-160000.9.1.aarch64.rpm True dtb-renesas-6.12.0-160000.9.1.aarch64.rpm True dtb-rockchip-6.12.0-160000.9.1.aarch64.rpm True dtb-socionext-6.12.0-160000.9.1.aarch64.rpm True dtb-sprd-6.12.0-160000.9.1.aarch64.rpm True dtb-xilinx-6.12.0-160000.9.1.aarch64.rpm True cluster-md-kmp-64kb-6.12.0-160000.9.1.aarch64.rpm True dlm-kmp-64kb-6.12.0-160000.9.1.aarch64.rpm True gfs2-kmp-64kb-6.12.0-160000.9.1.aarch64.rpm True kernel-64kb-6.12.0-160000.9.1.aarch64.rpm True kernel-64kb-devel-6.12.0-160000.9.1.aarch64.rpm True kernel-64kb-extra-6.12.0-160000.9.1.aarch64.rpm True kernel-64kb-optional-6.12.0-160000.9.1.aarch64.rpm True kselftests-kmp-64kb-6.12.0-160000.9.1.aarch64.rpm True ocfs2-kmp-64kb-6.12.0-160000.9.1.aarch64.rpm True cluster-md-kmp-azure-6.12.0-160000.9.1.aarch64.rpm True dlm-kmp-azure-6.12.0-160000.9.1.aarch64.rpm True gfs2-kmp-azure-6.12.0-160000.9.1.aarch64.rpm True kernel-azure-6.12.0-160000.9.1.aarch64.rpm True kernel-azure-devel-6.12.0-160000.9.1.aarch64.rpm True kernel-azure-extra-6.12.0-160000.9.1.aarch64.rpm True kernel-azure-optional-6.12.0-160000.9.1.aarch64.rpm True kselftests-kmp-azure-6.12.0-160000.9.1.aarch64.rpm True ocfs2-kmp-azure-6.12.0-160000.9.1.aarch64.rpm True cluster-md-kmp-default-6.12.0-160000.9.1.aarch64.rpm True dlm-kmp-default-6.12.0-160000.9.1.aarch64.rpm True gfs2-kmp-default-6.12.0-160000.9.1.aarch64.rpm True kernel-default-6.12.0-160000.9.1.aarch64.rpm True kernel-default-devel-6.12.0-160000.9.1.aarch64.rpm True kernel-default-extra-6.12.0-160000.9.1.aarch64.rpm True kernel-default-optional-6.12.0-160000.9.1.aarch64.rpm True kselftests-kmp-default-6.12.0-160000.9.1.aarch64.rpm True ocfs2-kmp-default-6.12.0-160000.9.1.aarch64.rpm True kernel-docs-6.12.0-160000.9.1.noarch.rpm True kernel-docs-html-6.12.0-160000.9.1.noarch.rpm True kernel-kvmsmall-6.12.0-160000.9.1.aarch64.rpm True kernel-kvmsmall-devel-6.12.0-160000.9.1.aarch64.rpm True kernel-obs-build-6.12.0-160000.9.1.aarch64.rpm True kernel-obs-qa-6.12.0-160000.9.1.aarch64.rpm True cluster-md-kmp-rt-6.12.0-160000.9.1.aarch64.rpm True dlm-kmp-rt-6.12.0-160000.9.1.aarch64.rpm True gfs2-kmp-rt-6.12.0-160000.9.1.aarch64.rpm True kernel-rt-6.12.0-160000.9.1.aarch64.rpm True kernel-rt-devel-6.12.0-160000.9.1.aarch64.rpm True kernel-rt-extra-6.12.0-160000.9.1.aarch64.rpm True kernel-rt-optional-6.12.0-160000.9.1.aarch64.rpm True kselftests-kmp-rt-6.12.0-160000.9.1.aarch64.rpm True ocfs2-kmp-rt-6.12.0-160000.9.1.aarch64.rpm True kernel-syms-6.12.0-160000.9.1.aarch64.rpm True kernel-default-base-6.12.0-160000.9.1.160000.2.6.ppc64le.rpm True cluster-md-kmp-default-6.12.0-160000.9.1.ppc64le.rpm True dlm-kmp-default-6.12.0-160000.9.1.ppc64le.rpm True gfs2-kmp-default-6.12.0-160000.9.1.ppc64le.rpm True kernel-default-6.12.0-160000.9.1.ppc64le.rpm True kernel-default-devel-6.12.0-160000.9.1.ppc64le.rpm True kernel-default-extra-6.12.0-160000.9.1.ppc64le.rpm True kernel-default-optional-6.12.0-160000.9.1.ppc64le.rpm True kselftests-kmp-default-6.12.0-160000.9.1.ppc64le.rpm True ocfs2-kmp-default-6.12.0-160000.9.1.ppc64le.rpm True kernel-kvmsmall-6.12.0-160000.9.1.ppc64le.rpm True kernel-kvmsmall-devel-6.12.0-160000.9.1.ppc64le.rpm True kernel-obs-build-6.12.0-160000.9.1.ppc64le.rpm True kernel-obs-qa-6.12.0-160000.9.1.ppc64le.rpm True kernel-syms-6.12.0-160000.9.1.ppc64le.rpm True cluster-md-kmp-default-6.12.0-160000.9.1.s390x.rpm True dlm-kmp-default-6.12.0-160000.9.1.s390x.rpm True gfs2-kmp-default-6.12.0-160000.9.1.s390x.rpm True kernel-default-6.12.0-160000.9.1.s390x.rpm True kernel-default-devel-6.12.0-160000.9.1.s390x.rpm True kernel-default-extra-6.12.0-160000.9.1.s390x.rpm True kernel-default-optional-6.12.0-160000.9.1.s390x.rpm True kselftests-kmp-default-6.12.0-160000.9.1.s390x.rpm True ocfs2-kmp-default-6.12.0-160000.9.1.s390x.rpm True kernel-obs-build-6.12.0-160000.9.1.s390x.rpm True kernel-obs-qa-6.12.0-160000.9.1.s390x.rpm True kernel-syms-6.12.0-160000.9.1.s390x.rpm True kernel-zfcpdump-6.12.0-160000.9.1.s390x.rpm True kernel-default-base-6.12.0-160000.9.1.160000.2.6.x86_64.rpm True cluster-md-kmp-azure-6.12.0-160000.9.1.x86_64.rpm True dlm-kmp-azure-6.12.0-160000.9.1.x86_64.rpm True gfs2-kmp-azure-6.12.0-160000.9.1.x86_64.rpm True kernel-azure-6.12.0-160000.9.1.x86_64.rpm True kernel-azure-devel-6.12.0-160000.9.1.x86_64.rpm True kernel-azure-extra-6.12.0-160000.9.1.x86_64.rpm True kernel-azure-optional-6.12.0-160000.9.1.x86_64.rpm True kernel-azure-vdso-6.12.0-160000.9.1.x86_64.rpm True kselftests-kmp-azure-6.12.0-160000.9.1.x86_64.rpm True ocfs2-kmp-azure-6.12.0-160000.9.1.x86_64.rpm True cluster-md-kmp-default-6.12.0-160000.9.1.x86_64.rpm True dlm-kmp-default-6.12.0-160000.9.1.x86_64.rpm True gfs2-kmp-default-6.12.0-160000.9.1.x86_64.rpm True kernel-default-6.12.0-160000.9.1.x86_64.rpm True kernel-default-devel-6.12.0-160000.9.1.x86_64.rpm True kernel-default-extra-6.12.0-160000.9.1.x86_64.rpm True kernel-default-optional-6.12.0-160000.9.1.x86_64.rpm True kernel-default-vdso-6.12.0-160000.9.1.x86_64.rpm True kselftests-kmp-default-6.12.0-160000.9.1.x86_64.rpm True ocfs2-kmp-default-6.12.0-160000.9.1.x86_64.rpm True kernel-kvmsmall-6.12.0-160000.9.1.x86_64.rpm True kernel-kvmsmall-devel-6.12.0-160000.9.1.x86_64.rpm True kernel-kvmsmall-vdso-6.12.0-160000.9.1.x86_64.rpm True kernel-obs-build-6.12.0-160000.9.1.x86_64.rpm True kernel-obs-qa-6.12.0-160000.9.1.x86_64.rpm True cluster-md-kmp-rt-6.12.0-160000.9.1.x86_64.rpm True dlm-kmp-rt-6.12.0-160000.9.1.x86_64.rpm True gfs2-kmp-rt-6.12.0-160000.9.1.x86_64.rpm True kernel-rt-6.12.0-160000.9.1.x86_64.rpm True kernel-rt-devel-6.12.0-160000.9.1.x86_64.rpm True kernel-rt-extra-6.12.0-160000.9.1.x86_64.rpm True kernel-rt-optional-6.12.0-160000.9.1.x86_64.rpm True kernel-rt-vdso-6.12.0-160000.9.1.x86_64.rpm True kselftests-kmp-rt-6.12.0-160000.9.1.x86_64.rpm True ocfs2-kmp-rt-6.12.0-160000.9.1.x86_64.rpm True kernel-syms-6.12.0-160000.9.1.x86_64.rpm True openSUSE-Leap-16.0-232 Security update for python-wheel important SUSE SLFO 1.2 This update for python-wheel fixes the following issues: - CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification (bsc#1257100). python313-wheel-0.45.1-160000.3.1.noarch.rpm openSUSE-Leap-16.0-233 Security update for dpdk moderate SUSE SLFO 1.2 This update for dpdk fixes the following issues: Update to version 24.11.4. Security issues fixed: - CVE-2025-23259: issue in the Poll Mode Driver (PMD) allows an attacker on a VM in the system to leak information and cause a denial of service on the network interface (bsc#1254161). Other issues fixed: - Remove obsolete build option -Denable_kmods. - Add "which" as a build requirement. - Drop pesign and needssslcertforbuild because we don't build a kmp anymore (bsc#1247389). dpdk-24.11.4-160000.1.1.aarch64.rpm dpdk-devel-24.11.4-160000.1.1.aarch64.rpm dpdk-devel-static-24.11.4-160000.1.1.aarch64.rpm dpdk-doc-24.11.4-160000.1.1.noarch.rpm dpdk-examples-24.11.4-160000.1.1.aarch64.rpm dpdk-tools-24.11.4-160000.1.1.noarch.rpm libdpdk-25-24.11.4-160000.1.1.aarch64.rpm dpdk-24.11.4-160000.1.1.ppc64le.rpm dpdk-devel-24.11.4-160000.1.1.ppc64le.rpm dpdk-devel-static-24.11.4-160000.1.1.ppc64le.rpm dpdk-examples-24.11.4-160000.1.1.ppc64le.rpm libdpdk-25-24.11.4-160000.1.1.ppc64le.rpm dpdk-24.11.4-160000.1.1.x86_64.rpm dpdk-devel-24.11.4-160000.1.1.x86_64.rpm dpdk-devel-static-24.11.4-160000.1.1.x86_64.rpm dpdk-examples-24.11.4-160000.1.1.x86_64.rpm libdpdk-25-24.11.4-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-234 Optional update for zbar low SUSE SLFO 1.2 This update for zbar fixes the following issues: Changes in zbar: - Do not build with Qt in openSUSE Tumbleweed and SLE16. libzbar-devel-0.23.93-160000.3.1.aarch64.rpm libzbar0-0.23.93-160000.3.1.aarch64.rpm python3-zbar-0.23.93-160000.3.1.aarch64.rpm zbar-0.23.93-160000.3.1.aarch64.rpm zbar-lang-0.23.93-160000.3.1.noarch.rpm libzbar-devel-0.23.93-160000.3.1.ppc64le.rpm libzbar0-0.23.93-160000.3.1.ppc64le.rpm python3-zbar-0.23.93-160000.3.1.ppc64le.rpm zbar-0.23.93-160000.3.1.ppc64le.rpm libzbar-devel-0.23.93-160000.3.1.s390x.rpm libzbar0-0.23.93-160000.3.1.s390x.rpm python3-zbar-0.23.93-160000.3.1.s390x.rpm zbar-0.23.93-160000.3.1.s390x.rpm libzbar-devel-0.23.93-160000.3.1.x86_64.rpm libzbar0-0.23.93-160000.3.1.x86_64.rpm python3-zbar-0.23.93-160000.3.1.x86_64.rpm zbar-0.23.93-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-235 Security update for glib2 important SUSE SLFO 1.2 This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). - CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049). gio-branding-upstream-2.84.4-160000.2.1.noarch.rpm glib2-devel-2.84.4-160000.2.1.aarch64.rpm glib2-devel-static-2.84.4-160000.2.1.aarch64.rpm glib2-lang-2.84.4-160000.2.1.noarch.rpm glib2-tests-devel-2.84.4-160000.2.1.aarch64.rpm glib2-tools-2.84.4-160000.2.1.aarch64.rpm libgio-2_0-0-2.84.4-160000.2.1.aarch64.rpm libgirepository-2_0-0-2.84.4-160000.2.1.aarch64.rpm libglib-2_0-0-2.84.4-160000.2.1.aarch64.rpm libgmodule-2_0-0-2.84.4-160000.2.1.aarch64.rpm libgobject-2_0-0-2.84.4-160000.2.1.aarch64.rpm libgthread-2_0-0-2.84.4-160000.2.1.aarch64.rpm typelib-1_0-GIRepository-3_0-2.84.4-160000.2.1.aarch64.rpm typelib-1_0-GLib-2_0-2.84.4-160000.2.1.aarch64.rpm typelib-1_0-GLibUnix-2_0-2.84.4-160000.2.1.aarch64.rpm typelib-1_0-GModule-2_0-2.84.4-160000.2.1.aarch64.rpm typelib-1_0-GObject-2_0-2.84.4-160000.2.1.aarch64.rpm typelib-1_0-Gio-2_0-2.84.4-160000.2.1.aarch64.rpm glib2-doc-2.84.4-160000.2.1.aarch64.rpm glib2-devel-2.84.4-160000.2.1.ppc64le.rpm glib2-devel-static-2.84.4-160000.2.1.ppc64le.rpm glib2-tests-devel-2.84.4-160000.2.1.ppc64le.rpm glib2-tools-2.84.4-160000.2.1.ppc64le.rpm libgio-2_0-0-2.84.4-160000.2.1.ppc64le.rpm libgirepository-2_0-0-2.84.4-160000.2.1.ppc64le.rpm libglib-2_0-0-2.84.4-160000.2.1.ppc64le.rpm libgmodule-2_0-0-2.84.4-160000.2.1.ppc64le.rpm libgobject-2_0-0-2.84.4-160000.2.1.ppc64le.rpm libgthread-2_0-0-2.84.4-160000.2.1.ppc64le.rpm typelib-1_0-GIRepository-3_0-2.84.4-160000.2.1.ppc64le.rpm typelib-1_0-GLib-2_0-2.84.4-160000.2.1.ppc64le.rpm typelib-1_0-GLibUnix-2_0-2.84.4-160000.2.1.ppc64le.rpm typelib-1_0-GModule-2_0-2.84.4-160000.2.1.ppc64le.rpm typelib-1_0-GObject-2_0-2.84.4-160000.2.1.ppc64le.rpm typelib-1_0-Gio-2_0-2.84.4-160000.2.1.ppc64le.rpm glib2-doc-2.84.4-160000.2.1.ppc64le.rpm glib2-devel-2.84.4-160000.2.1.s390x.rpm glib2-devel-static-2.84.4-160000.2.1.s390x.rpm glib2-tests-devel-2.84.4-160000.2.1.s390x.rpm glib2-tools-2.84.4-160000.2.1.s390x.rpm libgio-2_0-0-2.84.4-160000.2.1.s390x.rpm libgirepository-2_0-0-2.84.4-160000.2.1.s390x.rpm libglib-2_0-0-2.84.4-160000.2.1.s390x.rpm libgmodule-2_0-0-2.84.4-160000.2.1.s390x.rpm libgobject-2_0-0-2.84.4-160000.2.1.s390x.rpm libgthread-2_0-0-2.84.4-160000.2.1.s390x.rpm typelib-1_0-GIRepository-3_0-2.84.4-160000.2.1.s390x.rpm typelib-1_0-GLib-2_0-2.84.4-160000.2.1.s390x.rpm typelib-1_0-GLibUnix-2_0-2.84.4-160000.2.1.s390x.rpm typelib-1_0-GModule-2_0-2.84.4-160000.2.1.s390x.rpm typelib-1_0-GObject-2_0-2.84.4-160000.2.1.s390x.rpm typelib-1_0-Gio-2_0-2.84.4-160000.2.1.s390x.rpm glib2-doc-2.84.4-160000.2.1.s390x.rpm glib2-devel-2.84.4-160000.2.1.x86_64.rpm glib2-devel-static-2.84.4-160000.2.1.x86_64.rpm glib2-tests-devel-2.84.4-160000.2.1.x86_64.rpm glib2-tools-2.84.4-160000.2.1.x86_64.rpm libgio-2_0-0-2.84.4-160000.2.1.x86_64.rpm libgirepository-2_0-0-2.84.4-160000.2.1.x86_64.rpm libglib-2_0-0-2.84.4-160000.2.1.x86_64.rpm libgmodule-2_0-0-2.84.4-160000.2.1.x86_64.rpm libgobject-2_0-0-2.84.4-160000.2.1.x86_64.rpm libgthread-2_0-0-2.84.4-160000.2.1.x86_64.rpm typelib-1_0-GIRepository-3_0-2.84.4-160000.2.1.x86_64.rpm typelib-1_0-GLib-2_0-2.84.4-160000.2.1.x86_64.rpm typelib-1_0-GLibUnix-2_0-2.84.4-160000.2.1.x86_64.rpm typelib-1_0-GModule-2_0-2.84.4-160000.2.1.x86_64.rpm typelib-1_0-GObject-2_0-2.84.4-160000.2.1.x86_64.rpm typelib-1_0-Gio-2_0-2.84.4-160000.2.1.x86_64.rpm glib2-doc-2.84.4-160000.2.1.x86_64.rpm openSUSE-Leap-16.0-236 Security update for wireshark moderate SUSE SLFO 1.2 This update for wireshark fixes the following issues: Update to Wireshark 4.4.13: - CVE-2025-11626: MONGO dissector infinite loop (bsc#1251933). - CVE-2025-13499: Kafka dissector crash (bsc#1254108). - CVE-2025-13945: HTTP3 dissector crash (bsc#1254471). - CVE-2025-13946: MEGACO dissector infinite loop (bsc#1254472). - CVE-2025-9817: SSH dissector crash (bsc#1249090). - CVE-2026-0959: IEEE 802.11 dissector crash (bsc#1256734). - CVE-2026-0961: BLF file parser crash (bsc#1256738). - CVE-2026-0962: SOME/IP-SD dissector crash (bsc#1256739). Full changelog: https://www.wireshark.org/docs/relnotes/wireshark-4.4.13.html libwireshark18-4.4.13-160000.1.1.aarch64.rpm libwiretap15-4.4.13-160000.1.1.aarch64.rpm libwsutil16-4.4.13-160000.1.1.aarch64.rpm wireshark-4.4.13-160000.1.1.aarch64.rpm wireshark-devel-4.4.13-160000.1.1.aarch64.rpm wireshark-ui-qt-4.4.13-160000.1.1.aarch64.rpm libwireshark18-4.4.13-160000.1.1.ppc64le.rpm libwiretap15-4.4.13-160000.1.1.ppc64le.rpm libwsutil16-4.4.13-160000.1.1.ppc64le.rpm wireshark-4.4.13-160000.1.1.ppc64le.rpm wireshark-devel-4.4.13-160000.1.1.ppc64le.rpm wireshark-ui-qt-4.4.13-160000.1.1.ppc64le.rpm libwireshark18-4.4.13-160000.1.1.s390x.rpm libwiretap15-4.4.13-160000.1.1.s390x.rpm libwsutil16-4.4.13-160000.1.1.s390x.rpm wireshark-4.4.13-160000.1.1.s390x.rpm wireshark-devel-4.4.13-160000.1.1.s390x.rpm wireshark-ui-qt-4.4.13-160000.1.1.s390x.rpm libwireshark18-4.4.13-160000.1.1.x86_64.rpm libwiretap15-4.4.13-160000.1.1.x86_64.rpm libwsutil16-4.4.13-160000.1.1.x86_64.rpm wireshark-4.4.13-160000.1.1.x86_64.rpm wireshark-devel-4.4.13-160000.1.1.x86_64.rpm wireshark-ui-qt-4.4.13-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-237 Security update for openssl-3 important SUSE SLFO 1.2 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2025-11187: Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (bsc#1256829). - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830). - CVE-2025-15468: NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (bsc#1256831). - CVE-2025-15469: "openssl dgst" one-shot codepath silently truncates inputs >16MB (bsc#1256832). - CVE-2025-66199: TLS 1.3 CompressedCertificate excessive memory allocation (bsc#1256833). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). Other fixes: - Enable livepatching support for ppc64le (bsc#1257274). libopenssl-3-devel-3.5.0-160000.5.1.aarch64.rpm libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64.rpm libopenssl3-3.5.0-160000.5.1.aarch64.rpm openssl-3-3.5.0-160000.5.1.aarch64.rpm openssl-3-doc-3.5.0-160000.5.1.noarch.rpm libopenssl-3-devel-3.5.0-160000.5.1.ppc64le.rpm libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le.rpm libopenssl3-3.5.0-160000.5.1.ppc64le.rpm openssl-3-3.5.0-160000.5.1.ppc64le.rpm libopenssl-3-devel-3.5.0-160000.5.1.s390x.rpm libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x.rpm libopenssl3-3.5.0-160000.5.1.s390x.rpm openssl-3-3.5.0-160000.5.1.s390x.rpm libopenssl-3-devel-3.5.0-160000.5.1.x86_64.rpm libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64.rpm libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64.rpm libopenssl3-3.5.0-160000.5.1.x86_64.rpm libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64.rpm openssl-3-3.5.0-160000.5.1.x86_64.rpm openSUSE-Leap-16.0-238 Recommended update for uriparser moderate SUSE SLFO 1.2 This update for uriparser fixes the following issues: Changes in uriparser: - Use Qt6's qhelpgenerator instead of Qt5's and fix its usage since Qt5 was being BuildRequired but qch docs weren't being generated. liburiparser1-0.9.8-160000.3.1.aarch64.rpm uriparser-0.9.8-160000.3.1.aarch64.rpm uriparser-devel-0.9.8-160000.3.1.aarch64.rpm uriparser-doc-0.9.8-160000.3.1.aarch64.rpm liburiparser1-0.9.8-160000.3.1.ppc64le.rpm uriparser-0.9.8-160000.3.1.ppc64le.rpm uriparser-devel-0.9.8-160000.3.1.ppc64le.rpm uriparser-doc-0.9.8-160000.3.1.ppc64le.rpm liburiparser1-0.9.8-160000.3.1.s390x.rpm uriparser-0.9.8-160000.3.1.s390x.rpm uriparser-devel-0.9.8-160000.3.1.s390x.rpm uriparser-doc-0.9.8-160000.3.1.s390x.rpm liburiparser1-0.9.8-160000.3.1.x86_64.rpm uriparser-0.9.8-160000.3.1.x86_64.rpm uriparser-devel-0.9.8-160000.3.1.x86_64.rpm uriparser-doc-0.9.8-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-239 Recommended update for mariadb moderate SUSE SLFO 1.2 This update for mariadb fixes the following issues: Changes in mariadb: - Fix incomplete SELinux labels during database update (bsc#1255024) Updating mariadb might impact the database service. Do you want to proceed with the update? libmariadbd-devel-11.8.5-160000.3.1.aarch64.rpm libmariadbd19-11.8.5-160000.3.1.aarch64.rpm mariadb-11.8.5-160000.3.1.aarch64.rpm mariadb-bench-11.8.5-160000.3.1.aarch64.rpm mariadb-client-11.8.5-160000.3.1.aarch64.rpm mariadb-errormessages-11.8.5-160000.3.1.noarch.rpm mariadb-galera-11.8.5-160000.3.1.aarch64.rpm mariadb-rpm-macros-11.8.5-160000.3.1.aarch64.rpm mariadb-test-11.8.5-160000.3.1.aarch64.rpm mariadb-tools-11.8.5-160000.3.1.aarch64.rpm libmariadbd-devel-11.8.5-160000.3.1.ppc64le.rpm libmariadbd19-11.8.5-160000.3.1.ppc64le.rpm mariadb-11.8.5-160000.3.1.ppc64le.rpm mariadb-bench-11.8.5-160000.3.1.ppc64le.rpm mariadb-client-11.8.5-160000.3.1.ppc64le.rpm mariadb-galera-11.8.5-160000.3.1.ppc64le.rpm mariadb-rpm-macros-11.8.5-160000.3.1.ppc64le.rpm mariadb-test-11.8.5-160000.3.1.ppc64le.rpm mariadb-tools-11.8.5-160000.3.1.ppc64le.rpm libmariadbd-devel-11.8.5-160000.3.1.s390x.rpm libmariadbd19-11.8.5-160000.3.1.s390x.rpm mariadb-11.8.5-160000.3.1.s390x.rpm mariadb-bench-11.8.5-160000.3.1.s390x.rpm mariadb-client-11.8.5-160000.3.1.s390x.rpm mariadb-galera-11.8.5-160000.3.1.s390x.rpm mariadb-rpm-macros-11.8.5-160000.3.1.s390x.rpm mariadb-test-11.8.5-160000.3.1.s390x.rpm mariadb-tools-11.8.5-160000.3.1.s390x.rpm libmariadbd-devel-11.8.5-160000.3.1.x86_64.rpm libmariadbd19-11.8.5-160000.3.1.x86_64.rpm mariadb-11.8.5-160000.3.1.x86_64.rpm mariadb-bench-11.8.5-160000.3.1.x86_64.rpm mariadb-client-11.8.5-160000.3.1.x86_64.rpm mariadb-galera-11.8.5-160000.3.1.x86_64.rpm mariadb-rpm-macros-11.8.5-160000.3.1.x86_64.rpm mariadb-test-11.8.5-160000.3.1.x86_64.rpm mariadb-tools-11.8.5-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-24 Security update for libxslt important SUSE SLFO 1.2 This update for libxslt fixes the following issues: Changes in libxslt: - CVE-2025-11731: Fixed type confusion in exsltFuncResultCompfunction leading to denial of service (bsc#1251979) - CVE-2025-10911: Fixed use-after-free with key data stored cross-RVT (bsc#1250553) libexslt0-1.1.43-160000.3.1.aarch64.rpm libxslt-devel-1.1.43-160000.3.1.aarch64.rpm libxslt-tools-1.1.43-160000.3.1.aarch64.rpm libxslt1-1.1.43-160000.3.1.aarch64.rpm libexslt0-1.1.43-160000.3.1.ppc64le.rpm libxslt-devel-1.1.43-160000.3.1.ppc64le.rpm libxslt-tools-1.1.43-160000.3.1.ppc64le.rpm libxslt1-1.1.43-160000.3.1.ppc64le.rpm libexslt0-1.1.43-160000.3.1.s390x.rpm libxslt-devel-1.1.43-160000.3.1.s390x.rpm libxslt-tools-1.1.43-160000.3.1.s390x.rpm libxslt1-1.1.43-160000.3.1.s390x.rpm libexslt0-1.1.43-160000.3.1.x86_64.rpm libxslt-devel-1.1.43-160000.3.1.x86_64.rpm libxslt-tools-1.1.43-160000.3.1.x86_64.rpm libxslt1-1.1.43-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-240 Recommended update for az-cli-cmd low SUSE SLFO 1.2 This update for az-cli-cmd fixes the following issues: - Update package summary (bsc#1253491) az-cli-cmd-1.37.1-160000.2.1.noarch.rpm openSUSE-Leap-16.0-241 Recommended update for agama moderate SUSE SLFO 1.2 This update for agama fixes the following issues: Changes in agama: - Do not export DASD settings if they are null (bsc#1257489). agama-17+461.2289ec0b6-160000.7.1.aarch64.rpm agama-autoinstall-17+461.2289ec0b6-160000.7.1.aarch64.rpm agama-cli-17+461.2289ec0b6-160000.7.1.aarch64.rpm agama-cli-bash-completion-17+461.2289ec0b6-160000.7.1.noarch.rpm agama-cli-fish-completion-17+461.2289ec0b6-160000.7.1.noarch.rpm agama-cli-zsh-completion-17+461.2289ec0b6-160000.7.1.noarch.rpm agama-openapi-17+461.2289ec0b6-160000.7.1.aarch64.rpm agama-scripts-17+461.2289ec0b6-160000.7.1.aarch64.rpm agama-17+461.2289ec0b6-160000.7.1.ppc64le.rpm agama-autoinstall-17+461.2289ec0b6-160000.7.1.ppc64le.rpm agama-cli-17+461.2289ec0b6-160000.7.1.ppc64le.rpm agama-openapi-17+461.2289ec0b6-160000.7.1.ppc64le.rpm agama-scripts-17+461.2289ec0b6-160000.7.1.ppc64le.rpm agama-17+461.2289ec0b6-160000.7.1.s390x.rpm agama-autoinstall-17+461.2289ec0b6-160000.7.1.s390x.rpm agama-cli-17+461.2289ec0b6-160000.7.1.s390x.rpm agama-openapi-17+461.2289ec0b6-160000.7.1.s390x.rpm agama-scripts-17+461.2289ec0b6-160000.7.1.s390x.rpm agama-17+461.2289ec0b6-160000.7.1.x86_64.rpm agama-autoinstall-17+461.2289ec0b6-160000.7.1.x86_64.rpm agama-cli-17+461.2289ec0b6-160000.7.1.x86_64.rpm agama-openapi-17+461.2289ec0b6-160000.7.1.x86_64.rpm agama-scripts-17+461.2289ec0b6-160000.7.1.x86_64.rpm openSUSE-Leap-16.0-242 Security update for cups critical SUSE SLFO 1.2 This update for cups fixes the following issues: Update to version 2.4.16. Security issues fixed: - CVE-2025-61915: local denial-of-service via cupsd.conf update and related issues (bsc#1253783). - CVE-2025-58436: slow client communication leads to a possible DoS attack (bsc#1244057). - CVE-2025-58364: unsafe deserialization and validation of printer attributes can cause a null dereference (bsc#1249128). - CVE-2025-58060: authentication bypass with AuthType Negotiate (bsc#1249049). Other updates and bugfixes: - Version upgrade to 2.4.16: * 'cupsUTF8ToCharset' didn't validate 2-byte UTF-8 sequences, potentially reading past the end of the source string (Issue #1438) * The web interface did not support domain usernames fully (Issue #1441) * Fixed an infinite loop issue in the GTK+ print dialog (Issue #1439 boo#1254353) * Fixed stopping scheduler on unknown directive in configuration (Issue #1443) * Fixed packages for Immutable Mode (jsc#PED-14775 from epic jsc#PED-14688) - Version upgrade to 2.4.15: * Fixed potential crash in 'cups-driverd' when there are duplicate PPDs (Issue #1355) * Fixed error recovery when scanning for PPDs in 'cups-driverd' (Issue #1416) - Version upgrade to 2.4.14. - Version upgrade to 2.4.13: * Added 'print-as-raster' printer and job attributes for forcing rasterization (Issue #1282) * Updated documentation (Issue #1086) * Updated IPP backend to try a sanitized user name if the printer/server does not like the value (Issue #1145) * Updated the scheduler to send the "printer-added" or "printer-modified" events whenever an IPP Everywhere PPD is installed (Issue #1244) * Updated the scheduler to send the "printer-modified" event whenever the system default printer is changed (Issue #1246) * Fixed a memory leak in 'httpClose' (Issue #1223) * Fixed missing commas in 'ippCreateRequestedArray' (Issue #1234) * Fixed subscription issues in the scheduler and D-Bus notifier (Issue #1235) * Fixed media-default reporting for custom sizes (Issue #1238) * Fixed support for IPP/PPD options with periods or underscores (Issue #1249) * Fixed parsing of real numbers in PPD compiler source files (Issue #1263) * Fixed scheduler freezing with zombie clients (Issue #1264) * Fixed support for the server name in the ErrorLog filename (Issue #1277) * Fixed job cleanup after daemon restart (Issue #1315) * Fixed handling of buggy DYMO USB printer serial numbers (Issue #1338) * Fixed unreachable block in IPP backend (Issue #1351) * Fixed memory leak in _cupsConvertOptions (Issue #1354) - Version upgrade to 2.4.12: * GnuTLS follows system crypto policies now (Issue #1105) * Added `NoSystem` SSLOptions value (Issue #1130) * Now we raise alert for certificate issues (Issue #1194) * Added Kyocera USB quirk (Issue #1198) * The scheduler now logs a job's debugging history if the backend fails (Issue #1205) * Fixed a potential timing issue with `cupsEnumDests` (Issue #1084) * Fixed a potential "lost PPD" condition in the scheduler (Issue #1109) * Fixed a compressed file error handling bug (Issue #1070) * Fixed a bug in the make-and-model whitespace trimming code (Issue #1096) * Fixed a removal of IPP Everywhere permanent queue if installation failed (Issue #1102) * Fixed `ServerToken None` in scheduler (Issue #1111) * Fixed invalid IPP keyword values created from PPD option names (Issue #1118) * Fixed handling of "media" and "PageSize" in the same print request (Issue #1125) * Fixed client raster printing from macOS (Issue #1143) * Fixed the default User-Agent string. * Fixed a recursion issue in `ippReadIO`. * Fixed handling incorrect radix in `scan_ps()` (Issue #1188) * Fixed validation of dateTime values with time zones more than UTC+11 (Issue #1201) * Fixed attributes returned by the Create-Xxx-Subscriptions requests (Issue #1204) * Fixed `ippDateToTime` when using a non GMT/UTC timezone (Issue #1208) * Fixed `job-completed` event notifications for jobs that are cancelled before started (Issue #1209) * Fixed DNS-SD discovery with `ippfind` (Issue #1211) cups-2.4.16-160000.1.1.aarch64.rpm cups-client-2.4.16-160000.1.1.aarch64.rpm cups-config-2.4.16-160000.1.1.aarch64.rpm cups-ddk-2.4.16-160000.1.1.aarch64.rpm cups-devel-2.4.16-160000.1.1.aarch64.rpm libcups2-2.4.16-160000.1.1.aarch64.rpm libcupsimage2-2.4.16-160000.1.1.aarch64.rpm cups-2.4.16-160000.1.1.ppc64le.rpm cups-client-2.4.16-160000.1.1.ppc64le.rpm cups-config-2.4.16-160000.1.1.ppc64le.rpm cups-ddk-2.4.16-160000.1.1.ppc64le.rpm cups-devel-2.4.16-160000.1.1.ppc64le.rpm libcups2-2.4.16-160000.1.1.ppc64le.rpm libcupsimage2-2.4.16-160000.1.1.ppc64le.rpm cups-2.4.16-160000.1.1.s390x.rpm cups-client-2.4.16-160000.1.1.s390x.rpm cups-config-2.4.16-160000.1.1.s390x.rpm cups-ddk-2.4.16-160000.1.1.s390x.rpm cups-devel-2.4.16-160000.1.1.s390x.rpm libcups2-2.4.16-160000.1.1.s390x.rpm libcupsimage2-2.4.16-160000.1.1.s390x.rpm cups-2.4.16-160000.1.1.x86_64.rpm cups-client-2.4.16-160000.1.1.x86_64.rpm cups-config-2.4.16-160000.1.1.x86_64.rpm cups-ddk-2.4.16-160000.1.1.x86_64.rpm cups-devel-2.4.16-160000.1.1.x86_64.rpm libcups2-2.4.16-160000.1.1.x86_64.rpm libcupsimage2-2.4.16-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-243 Security update for golang-github-prometheus-prometheus important SUSE SLFO 1.2 This update for golang-github-prometheus-prometheus fixes the following issues: Update to version 3.5.0: Security issues fixed: - CVE-2025-13465: prototype pollution in the _.unset and _.omit functions can lead to deletion of methods from global (bsc#1257329). - CVE-2025-12816: interpretation conflict vulnerability allowing bypassing cryptographic verifications (bsc#1255588). Other updates and bugfixes: - Update to 3.5.0 (jsc#PED-13824): * [FEATURE] Remote-write: Add support for Azure Workload Identity as an authentication method for the receiver. * [FEATURE] PromQL: Add first_over_time(...) and ts_of_first_over_time(...) behind feature flag. * [FEATURE] Federation: Add support for native histograms with custom buckets (NHCB). * [ENHANCEMENT] PromQL: Add warn-level annotations for counter reset conflicts in certain histogram operations. * [ENHANCEMENT] UI: Add scrape interval and scrape timeout to targets page. - Update to 3.4.0: * Add unified AWS service discovery for ec2, lightsail and ecs services. * [FEATURE] Native histograms are now a stable, but optional feature. * [FEATURE] UI: Show detailed relabeling steps for each discovered target. * [ENHANCEMENT] Alerting: Add "unknown" state for alerting rules that haven't been evaluated yet. * [BUGFIX] Scrape: Fix a bug where scrape cache would not be cleared on startup. - Update to 3.3.0: * [FEATURE] Spring Boot 3.3 includes support for the Prometheus Client 1.x. * [ENHANCEMENT] Dependency management for Dropwizard Metrics has been removed. - Update to 3.2.0: * [FEATURE] OAuth2: support jwt-bearer grant-type (RFC7523 3.1). * [ENHANCEMENT] PromQL: Reconcile mismatched NHCB bounds in Add and Sub. * [BUGFIX] TSDB: Native Histogram Custom Bounds with a NaN threshold are now rejected. - Update to 3.1.0: * [FEATURE] Remote-write 2 (receiving): Update to 2.0-rc.4 spec. "created timestamp" (CT) is now called "start timestamp" (ST). * [BUGFIX] Mixin: Add static UID to the remote-write dashboard. - Update to 3.0.1: * [BUGFIX] Promql: Make subqueries left open. * [BUGFIX] Fix memory leak when query log is enabled. * [BUGFIX] Support utf8 names on /v1/label/:name/values endpoint. - Update to 3.0.0: * [CHANGE] Deprecated feature flags removed. * [FEATURE] New UI. * [FEATURE] Remote Write 2.0. * [FEATURE] OpenTelemetry Support. * [FEATURE] UTF-8 support is now stable and enabled by default. * [FEATURE] OTLP Ingestion. * [FEATURE] Native Histograms. * [BUGFIX] PromQL: Fix count_values for histograms. * [BUGFIX] TSDB: Fix race on stale values in headAppender. * [BUGFIX] UI: Fix selector / series formatting for empty metric names. - Update to 2.55.0: * [FEATURE] PromQL: Add `last_over_time` function. * [FEATURE] Agent: Add `prometheus_agent_build_info` metric. * [ENHANCEMENT] PromQL: Optimise `group()` and `group by()`. * [ENHANCEMENT] TSDB: Reduce memory usage when loading blocks. * [BUGFIX] Scrape: Fix a bug where a target could be scraped multiple times. - Update to 2.54.0: * [CHANGE] Remote-Write: highest_timestamp_in_seconds and queue_highest_sent_timestamp_seconds metrics now initialized to 0. * [CHANGE] API: Split warnings from info annotations in API response. * [FEATURE] Remote-Write: Version 2.0 experimental, plus metadata in WAL via feature flag. * [FEATURE] PromQL: add limitk() and limit_ratio() aggregation operators. * [ENHANCEMENT] PromQL: Accept underscores in literal numbers. * [ENHANCEMENT] PromQL: float literal numbers and durations are now interchangeable (experimental). * [ENHANCEMENT] PromQL (experimental native histograms): Optimize histogram_count and histogram_sum functions. * [BUGFIX] PromQL: Fix various issues with native histograms. * [BUGFIX] TSDB: Fix race on stale values in headAppender. * [BUGFIX] OTLP receiver: Allow colons in non-standard units. golang-github-prometheus-prometheus-3.5.0-160000.1.1.aarch64.rpm golang-github-prometheus-prometheus-3.5.0-160000.1.1.ppc64le.rpm golang-github-prometheus-prometheus-3.5.0-160000.1.1.s390x.rpm golang-github-prometheus-prometheus-3.5.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-244 Security update for libxml2 moderate SUSE SLFO 1.2 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `<include>` directives (bsc#1256805). libxml2-2-2.13.8-160000.3.1.aarch64.rpm libxml2-devel-2.13.8-160000.3.1.aarch64.rpm libxml2-doc-2.13.8-160000.3.1.noarch.rpm libxml2-tools-2.13.8-160000.3.1.aarch64.rpm python313-libxml2-2.13.8-160000.3.1.aarch64.rpm libxml2-2-2.13.8-160000.3.1.ppc64le.rpm libxml2-devel-2.13.8-160000.3.1.ppc64le.rpm libxml2-tools-2.13.8-160000.3.1.ppc64le.rpm python313-libxml2-2.13.8-160000.3.1.ppc64le.rpm libxml2-2-2.13.8-160000.3.1.s390x.rpm libxml2-devel-2.13.8-160000.3.1.s390x.rpm libxml2-tools-2.13.8-160000.3.1.s390x.rpm python313-libxml2-2.13.8-160000.3.1.s390x.rpm libxml2-2-2.13.8-160000.3.1.x86_64.rpm libxml2-devel-2.13.8-160000.3.1.x86_64.rpm libxml2-tools-2.13.8-160000.3.1.x86_64.rpm python313-libxml2-2.13.8-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-245 Recommended update for doxygen moderate SUSE SLFO 1.2 This update for doxygen fixes the following issues: - drop %suse_update_desktop_file usage - modified sources: * doxywizard.desktop doxygen-1.14.0-160000.3.1.aarch64.rpm doxywizard-1.14.0-160000.3.1.aarch64.rpm doxygen-1.14.0-160000.3.1.ppc64le.rpm doxywizard-1.14.0-160000.3.1.ppc64le.rpm doxygen-1.14.0-160000.3.1.s390x.rpm doxywizard-1.14.0-160000.3.1.s390x.rpm doxygen-1.14.0-160000.3.1.x86_64.rpm doxywizard-1.14.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-246 Security update for python-maturin moderate SUSE SLFO 1.2 This update for python-maturin fixes the following issues: - CVE-2025-58160: tracing-subscriber: Fixed log pollution (bsc#1249011) python313-maturin-1.8.7-160000.3.1.aarch64.rpm python313-maturin-1.8.7-160000.3.1.ppc64le.rpm python313-maturin-1.8.7-160000.3.1.s390x.rpm python313-maturin-1.8.7-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-247 Security update for cockpit-subscriptions important SUSE SLFO 1.2 This update for cockpit-subscriptions fixes the following issues: - CVE-2025-13465: prototype pollution in the _.unset and _.omit functions can lead to deletion of methods from global prototypes (bsc#1257324). cockpit-subscriptions-12.1-160000.2.1.noarch.rpm openSUSE-Leap-16.0-248 Security update for cockpit important SUSE SLFO 1.2 This update for cockpit fixes the following issues: - CVE-2025-13465: prototype pollution in the _.unset and _.omit functions can lead to deletion of methods from global prototypes (bsc#1257324). cockpit-340-160000.4.1.aarch64.rpm cockpit-bridge-340-160000.4.1.noarch.rpm cockpit-devel-340-160000.4.1.aarch64.rpm cockpit-doc-340-160000.4.1.noarch.rpm cockpit-firewalld-340-160000.4.1.noarch.rpm cockpit-kdump-340-160000.4.1.noarch.rpm cockpit-networkmanager-340-160000.4.1.noarch.rpm cockpit-packagekit-340-160000.4.1.noarch.rpm cockpit-selinux-340-160000.4.1.noarch.rpm cockpit-storaged-340-160000.4.1.noarch.rpm cockpit-system-340-160000.4.1.noarch.rpm cockpit-ws-340-160000.4.1.aarch64.rpm cockpit-ws-selinux-340-160000.4.1.aarch64.rpm cockpit-340-160000.4.1.ppc64le.rpm cockpit-devel-340-160000.4.1.ppc64le.rpm cockpit-ws-340-160000.4.1.ppc64le.rpm cockpit-ws-selinux-340-160000.4.1.ppc64le.rpm cockpit-340-160000.4.1.s390x.rpm cockpit-devel-340-160000.4.1.s390x.rpm cockpit-ws-340-160000.4.1.s390x.rpm cockpit-ws-selinux-340-160000.4.1.s390x.rpm cockpit-340-160000.4.1.x86_64.rpm cockpit-devel-340-160000.4.1.x86_64.rpm cockpit-ws-340-160000.4.1.x86_64.rpm cockpit-ws-selinux-340-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-249 Security update for cockpit-packages important SUSE SLFO 1.2 This update for cockpit-packages fixes the following issues: - CVE-2025-13465: prototype pollution in the _.unset and _.omit functions can lead to deletion of methods from global (bsc#1257325). cockpit-packages-3-160000.3.1.noarch.rpm openSUSE-Leap-16.0-25 Recommended update for pesign-obs-integration moderate SUSE SLFO 1.2 This update for pesign-obs-integration fixes the following issues: - pesign-obs-integration fails build when no signed binary is produced (bsc#1248618) pesign-obs-integration-10.2+git20250219.c99462c-160000.3.1.aarch64.rpm pesign-obs-integration-10.2+git20250219.c99462c-160000.3.1.ppc64le.rpm pesign-obs-integration-10.2+git20250219.c99462c-160000.3.1.s390x.rpm pesign-obs-integration-10.2+git20250219.c99462c-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-250 Security update for libsoup important SUSE SLFO 1.2 This update for libsoup fixes the following issues: - CVE-2026-1536: HTTP header injection or response splitting via CRLF injection in the Content-Disposition header (bsc#1257440). - CVE-2026-1761: incorrect length calculation when parsing of multipart HTTP responses can lead to a stack-based buffer overflow (bsc#1257598). libsoup-3_0-0-3.6.5-160000.4.1.aarch64.rpm libsoup-devel-3.6.5-160000.4.1.aarch64.rpm libsoup-lang-3.6.5-160000.4.1.noarch.rpm typelib-1_0-Soup-3_0-3.6.5-160000.4.1.aarch64.rpm libsoup-3_0-0-3.6.5-160000.4.1.ppc64le.rpm libsoup-devel-3.6.5-160000.4.1.ppc64le.rpm typelib-1_0-Soup-3_0-3.6.5-160000.4.1.ppc64le.rpm libsoup-3_0-0-3.6.5-160000.4.1.s390x.rpm libsoup-devel-3.6.5-160000.4.1.s390x.rpm typelib-1_0-Soup-3_0-3.6.5-160000.4.1.s390x.rpm libsoup-3_0-0-3.6.5-160000.4.1.x86_64.rpm libsoup-devel-3.6.5-160000.4.1.x86_64.rpm typelib-1_0-Soup-3_0-3.6.5-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-251 Recommended update for libpfm moderate SUSE SLFO 1.2 This update for libpfm fixes the following issues: - s390: Add counter definition for IBM z17 (jsc#PED-13665) libpfm-devel-4.13.0-160000.3.1.aarch64.rpm libpfm-devel-static-4.13.0-160000.3.1.aarch64.rpm libpfm4-4.13.0-160000.3.1.aarch64.rpm python313-libpfm-4.13.0-160000.3.1.aarch64.rpm libpfm-devel-4.13.0-160000.3.1.ppc64le.rpm libpfm-devel-static-4.13.0-160000.3.1.ppc64le.rpm libpfm4-4.13.0-160000.3.1.ppc64le.rpm python313-libpfm-4.13.0-160000.3.1.ppc64le.rpm libpfm-devel-4.13.0-160000.3.1.s390x.rpm libpfm-devel-static-4.13.0-160000.3.1.s390x.rpm libpfm4-4.13.0-160000.3.1.s390x.rpm python313-libpfm-4.13.0-160000.3.1.s390x.rpm libpfm-devel-4.13.0-160000.3.1.x86_64.rpm libpfm-devel-static-4.13.0-160000.3.1.x86_64.rpm libpfm4-4.13.0-160000.3.1.x86_64.rpm python313-libpfm-4.13.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-252 Recommended update for systemd important SUSE SLFO 1.2 This update for systemd fixes the following issues: - terminal-util: stop doing 0/upper bound check in tty_is_vc() (bsc#1255326) - core/dbus-manager: propagate meaningful dbus errors from EnqueueMarkedJobs - Name libsystemd-{shared,core} based on the major version of systemd and the package release number (bsc#1228081, bsc#1256427) - systemd-update-helper: clean up the flags immediately after they have been consumed. - systemd.spec: don't reexecute PID1 on transactional updates. - Drop most of the workarounds contained in the fixlets. - Drop %filetriggers build flag. It was introduced to ease backport of Base:System to SLE distros where file-triggers were unreliable but that is no longer the case on the latest SLE distros. - Fix: systemd Tainted: unmerged-bin (bsc#1228728, bsc#1251981) - timer: rebase last_trigger timestamp if needed - timer: rebase the next elapse timestamp only if timer didn't already run - main: switch explicitly to tty1 on soft-reboot (bsc#1231986) - terminal-util: modernize vtnr_from_tty() a bit - units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356) - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre (bsc#1248501) - core/cgroup: Properly handle aborting a pending freeze operation - detect-virt: add bare-metal support for GCE (bsc#1244449) - uki.conf is used by the ukify tool to create an Unified Kernel Image[...] - Make sure that the ordering trick used to update the udev package as close as as possible to the update of the systemd package also works with zypper. - Fix: Snapshot 20240730 - unbootable after transactional-update dup (bsc#1228659) * We also need to add "Suggests: udev", which serves the same purpose as "OrderWithRequires: udev" but is part of the repository metadata. It should therefore hint zypper to install systemd and udev as close together as possible - Fix systemd-network recommending libidn2-devel (bsc#1234765) libsystemd0-257.10-160000.1.1.aarch64.rpm True libudev1-257.10-160000.1.1.aarch64.rpm True systemd-257.10-160000.1.1.aarch64.rpm True systemd-boot-257.10-160000.1.1.aarch64.rpm True systemd-container-257.10-160000.1.1.aarch64.rpm True systemd-devel-257.10-160000.1.1.aarch64.rpm True systemd-doc-257.10-160000.1.1.noarch.rpm True systemd-experimental-257.10-160000.1.1.aarch64.rpm True systemd-homed-257.10-160000.1.1.aarch64.rpm True systemd-journal-remote-257.10-160000.1.1.aarch64.rpm True systemd-lang-257.10-160000.1.1.noarch.rpm True systemd-networkd-257.10-160000.1.1.aarch64.rpm True systemd-portable-257.10-160000.1.1.aarch64.rpm True systemd-resolved-257.10-160000.1.1.aarch64.rpm True systemd-testsuite-257.10-160000.1.1.aarch64.rpm True udev-257.10-160000.1.1.aarch64.rpm True libsystemd0-257.10-160000.1.1.ppc64le.rpm True libudev1-257.10-160000.1.1.ppc64le.rpm True systemd-257.10-160000.1.1.ppc64le.rpm True systemd-container-257.10-160000.1.1.ppc64le.rpm True systemd-devel-257.10-160000.1.1.ppc64le.rpm True systemd-experimental-257.10-160000.1.1.ppc64le.rpm True systemd-homed-257.10-160000.1.1.ppc64le.rpm True systemd-journal-remote-257.10-160000.1.1.ppc64le.rpm True systemd-networkd-257.10-160000.1.1.ppc64le.rpm True systemd-portable-257.10-160000.1.1.ppc64le.rpm True systemd-resolved-257.10-160000.1.1.ppc64le.rpm True systemd-testsuite-257.10-160000.1.1.ppc64le.rpm True udev-257.10-160000.1.1.ppc64le.rpm True libsystemd0-257.10-160000.1.1.s390x.rpm True libudev1-257.10-160000.1.1.s390x.rpm True systemd-257.10-160000.1.1.s390x.rpm True systemd-container-257.10-160000.1.1.s390x.rpm True systemd-devel-257.10-160000.1.1.s390x.rpm True systemd-experimental-257.10-160000.1.1.s390x.rpm True systemd-homed-257.10-160000.1.1.s390x.rpm True systemd-journal-remote-257.10-160000.1.1.s390x.rpm True systemd-networkd-257.10-160000.1.1.s390x.rpm True systemd-portable-257.10-160000.1.1.s390x.rpm True systemd-resolved-257.10-160000.1.1.s390x.rpm True systemd-testsuite-257.10-160000.1.1.s390x.rpm True udev-257.10-160000.1.1.s390x.rpm True libsystemd0-257.10-160000.1.1.x86_64.rpm True libudev1-257.10-160000.1.1.x86_64.rpm True systemd-257.10-160000.1.1.x86_64.rpm True systemd-boot-257.10-160000.1.1.x86_64.rpm True systemd-container-257.10-160000.1.1.x86_64.rpm True systemd-devel-257.10-160000.1.1.x86_64.rpm True systemd-experimental-257.10-160000.1.1.x86_64.rpm True systemd-homed-257.10-160000.1.1.x86_64.rpm True systemd-journal-remote-257.10-160000.1.1.x86_64.rpm True systemd-networkd-257.10-160000.1.1.x86_64.rpm True systemd-portable-257.10-160000.1.1.x86_64.rpm True systemd-resolved-257.10-160000.1.1.x86_64.rpm True systemd-testsuite-257.10-160000.1.1.x86_64.rpm True udev-257.10-160000.1.1.x86_64.rpm True openSUSE-Leap-16.0-253 Recommended update for nvidia-open-driver-G06-signed moderate SUSE SLFO 1.2 This update for nvidia-open-driver-G06-signed fixes the following issues: - fixes build for sle15-sp4 - update non-CUDA variant to version 580.126.09 (bsc#1255858) nvidia-open-driver-G06-signed-64kb-devel-580.126.09-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-check-580.126.09-160000.1.1.noarch.rpm nvidia-open-driver-G06-signed-default-devel-580.126.09-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-kmp-64kb-580.126.09_k6.12.0_160000.9-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-kmp-default-580.126.09_k6.12.0_160000.9-160000.1.1.aarch64.rpm nv-prefer-signed-open-driver-580.105.08-160000.1.2.aarch64.rpm nvidia-open-driver-G06-signed-cuda-64kb-devel-580.105.08-160000.1.2.aarch64.rpm nvidia-open-driver-G06-signed-cuda-check-580.105.08-160000.1.2.noarch.rpm nvidia-open-driver-G06-signed-cuda-default-devel-580.105.08-160000.1.2.aarch64.rpm nvidia-open-driver-G06-signed-cuda-kmp-64kb-580.105.08_k6.12.0_160000.9-160000.1.2.aarch64.rpm nvidia-open-driver-G06-signed-cuda-kmp-default-580.105.08_k6.12.0_160000.9-160000.1.2.aarch64.rpm nvidia-open-driver-G06-signed-default-devel-580.126.09-160000.1.1.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-580.126.09_k6.12.0_160000.9-160000.1.1.x86_64.rpm nv-prefer-signed-open-driver-580.105.08-160000.1.2.x86_64.rpm nvidia-open-driver-G06-signed-cuda-default-devel-580.105.08-160000.1.2.x86_64.rpm nvidia-open-driver-G06-signed-cuda-kmp-default-580.105.08_k6.12.0_160000.9-160000.1.2.x86_64.rpm openSUSE-Leap-16.0-254 Security update for xorg-x11-server important SUSE SLFO 1.2 This update for xorg-x11-server fixes the following issues: - CVE-2025-62229: Fixed use-after-free in XPresentNotify structures creation (bsc#1251958). - CVE-2025-62230: Fixed use-after-free in Xkb client resource removal (bsc#1251959). - CVE-2025-62231: Fixed value overflow in Xkb extension XkbSetCompatMap() (bsc#1251960). xorg-x11-server-21.1.15-160000.3.1.aarch64.rpm xorg-x11-server-Xvfb-21.1.15-160000.3.1.aarch64.rpm xorg-x11-server-extra-21.1.15-160000.3.1.aarch64.rpm xorg-x11-server-sdk-21.1.15-160000.3.1.aarch64.rpm xorg-x11-server-source-21.1.15-160000.3.1.aarch64.rpm xorg-x11-server-wrapper-21.1.15-160000.3.1.aarch64.rpm xorg-x11-server-21.1.15-160000.3.1.ppc64le.rpm xorg-x11-server-Xvfb-21.1.15-160000.3.1.ppc64le.rpm xorg-x11-server-extra-21.1.15-160000.3.1.ppc64le.rpm xorg-x11-server-sdk-21.1.15-160000.3.1.ppc64le.rpm xorg-x11-server-source-21.1.15-160000.3.1.ppc64le.rpm xorg-x11-server-wrapper-21.1.15-160000.3.1.ppc64le.rpm xorg-x11-server-21.1.15-160000.3.1.s390x.rpm xorg-x11-server-Xvfb-21.1.15-160000.3.1.s390x.rpm xorg-x11-server-extra-21.1.15-160000.3.1.s390x.rpm xorg-x11-server-sdk-21.1.15-160000.3.1.s390x.rpm xorg-x11-server-source-21.1.15-160000.3.1.s390x.rpm xorg-x11-server-wrapper-21.1.15-160000.3.1.s390x.rpm xorg-x11-server-21.1.15-160000.3.1.x86_64.rpm xorg-x11-server-Xvfb-21.1.15-160000.3.1.x86_64.rpm xorg-x11-server-extra-21.1.15-160000.3.1.x86_64.rpm xorg-x11-server-sdk-21.1.15-160000.3.1.x86_64.rpm xorg-x11-server-source-21.1.15-160000.3.1.x86_64.rpm xorg-x11-server-wrapper-21.1.15-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-255 Recommended update for dejavu-fonts moderate SUSE SLFO 1.2 This update for dejavu-fonts fixes the following issues: Changes in dejavu-fonts: - use %license tag [bsc#1252142] dejavu-fonts-2.37-160000.3.1.noarch.rpm openSUSE-Leap-16.0-256 Security update for python-pip low SUSE SLFO 1.2 This update for python-pip fixes the following issues: - CVE-2026-1703: files may be extracted outside the installation directory when installing and extracting maliciously crafted wheel archives (bsc#1257599). python313-pip-25.0.1-160000.3.1.noarch.rpm python313-pip-wheel-25.0.1-160000.3.1.noarch.rpm openSUSE-Leap-16.0-257 Security update for openjpeg2 low SUSE SLFO 1.2 This update for openjpeg2 fixes the following issues: - CVE-2023-39327: Fixed malicious files can cause a large loop that continuously prints warning messages on the terminal (bsc#1227412). libopenjp2-7-2.5.3-160000.3.1.aarch64.rpm openjpeg2-2.5.3-160000.3.1.aarch64.rpm openjpeg2-devel-2.5.3-160000.3.1.aarch64.rpm openjpeg2-devel-doc-2.5.3-160000.3.1.noarch.rpm libopenjp2-7-2.5.3-160000.3.1.ppc64le.rpm openjpeg2-2.5.3-160000.3.1.ppc64le.rpm openjpeg2-devel-2.5.3-160000.3.1.ppc64le.rpm libopenjp2-7-2.5.3-160000.3.1.s390x.rpm openjpeg2-2.5.3-160000.3.1.s390x.rpm openjpeg2-devel-2.5.3-160000.3.1.s390x.rpm libopenjp2-7-2.5.3-160000.3.1.x86_64.rpm libopenjp2-7-x86-64-v3-2.5.3-160000.3.1.x86_64.rpm openjpeg2-2.5.3-160000.3.1.x86_64.rpm openjpeg2-devel-2.5.3-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-259 Security update for python-aiohttp, python-Brotli important SUSE SLFO 1.2 This update for python-aiohttp, python-Brotli fixes the following issues: Changes in python-aiohttp: - CVE-2025-69228: Fixed denial of service through large payloads (bsc#1256022). - CVE-2025-69226: Fixed brute-force leak of internal static file path components (bsc#1256020). - CVE-2025-69224: Fixed unicode processing of header values could cause parsing discrepancies (bsc#1256018). - CVE-2025-69223: Fixed aiohttp HTTP Parser auto_decompress feature susceptible to zip bomb (bsc#1256017). - CVE-2025-69227: Fixed DoS when bypassing asserts (bsc#1256021). - CVE-2025-69225: Fixed unicode match groups in regexes for ASCII protocol elements (bsc#1256019). - CVE-2025-69229: Fixed DoS through chunked messages (bsc#1256023). - CVE-2025-53643: Fixed request smuggling due to incorrect parsing of chunked trailer section (bsc#1246517). Changes in python-Brotli: - Add max length decompression (bsc#1254867, bsc#1256017). python313-aiohttp-3.11.16-160000.3.1.aarch64.rpm python313-Brotli-1.1.0-160000.3.1.aarch64.rpm python313-aiohttp-3.11.16-160000.3.1.ppc64le.rpm python313-Brotli-1.1.0-160000.3.1.ppc64le.rpm python313-aiohttp-3.11.16-160000.3.1.s390x.rpm python313-Brotli-1.1.0-160000.3.1.s390x.rpm python313-aiohttp-3.11.16-160000.3.1.x86_64.rpm python313-Brotli-1.1.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-26 Recommended update for dracut important SUSE SLFO 1.2 This update for dracut fixes the following issues: - Additional fixes for PXE boot with filled-in NBFT (bsc#1238848): * fix (74nvmf): make sure autoconnect script is run at least once * fix (74nvmf): only set netroot if it's yet empty dracut-059+suse.700.g40f7c5c4-160000.1.1.aarch64.rpm dracut-extra-059+suse.700.g40f7c5c4-160000.1.1.aarch64.rpm dracut-fips-059+suse.700.g40f7c5c4-160000.1.1.aarch64.rpm dracut-ima-059+suse.700.g40f7c5c4-160000.1.1.aarch64.rpm dracut-tools-059+suse.700.g40f7c5c4-160000.1.1.aarch64.rpm dracut-059+suse.700.g40f7c5c4-160000.1.1.ppc64le.rpm dracut-extra-059+suse.700.g40f7c5c4-160000.1.1.ppc64le.rpm dracut-fips-059+suse.700.g40f7c5c4-160000.1.1.ppc64le.rpm dracut-ima-059+suse.700.g40f7c5c4-160000.1.1.ppc64le.rpm dracut-tools-059+suse.700.g40f7c5c4-160000.1.1.ppc64le.rpm dracut-059+suse.700.g40f7c5c4-160000.1.1.s390x.rpm dracut-extra-059+suse.700.g40f7c5c4-160000.1.1.s390x.rpm dracut-fips-059+suse.700.g40f7c5c4-160000.1.1.s390x.rpm dracut-ima-059+suse.700.g40f7c5c4-160000.1.1.s390x.rpm dracut-tools-059+suse.700.g40f7c5c4-160000.1.1.s390x.rpm dracut-059+suse.700.g40f7c5c4-160000.1.1.x86_64.rpm dracut-extra-059+suse.700.g40f7c5c4-160000.1.1.x86_64.rpm dracut-fips-059+suse.700.g40f7c5c4-160000.1.1.x86_64.rpm dracut-ima-059+suse.700.g40f7c5c4-160000.1.1.x86_64.rpm dracut-tools-059+suse.700.g40f7c5c4-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-260 Security update for rust1.93 moderate SUSE SLFO 1.2 This update for rust1.93 fixes the following issues: Rust is shipped in 1.93.0 version. Please see https://github.com/rust-lang/rust/releases/tag/1.93.0 for changes. cargo1.93-1.93.0-160000.1.1.aarch64.rpm rust1.93-1.93.0-160000.1.1.aarch64.rpm rust1.93-src-1.93.0-160000.1.1.noarch.rpm cargo1.93-1.93.0-160000.1.1.ppc64le.rpm rust1.93-1.93.0-160000.1.1.ppc64le.rpm cargo1.93-1.93.0-160000.1.1.s390x.rpm rust1.93-1.93.0-160000.1.1.s390x.rpm cargo1.93-1.93.0-160000.1.1.x86_64.rpm rust1.93-1.93.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-261 Security update for kepler moderate SUSE SLFO 1.2 This update for kepler fixes the following issues: Update to version 0.11.3. Security issues fixed: - CVE-2025-47911: golang.org/x/net/html: quadratic complexity algorithms used when parsing untrusted HTML documents (bsc#1251427). - CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially crafted input (bsc#1251632). Other updates and bugfixes: - Version 0.11.2: * Fix: Fix node power metrics for Virtual Machines. * Fix: Resolve an issue with pod energy metrics when a container has no usage. - Version 0.11.1: * Fix: Added missing serviceaccount in the Helm chart. - Version 0.11.0: * Feature: Added support for platform power metrics (AC). * Feature: Introduced experimental support for trained power models. * Fix: Improved the accuracy of power estimation for Virtual Machines. * Breaking Change: Metrics related to `kepler_vm_` have been refactored. - Version 0.10.1: * Feature: Added support for the ARM64 architecture. * Fix: Addressed issues when running on Virtual Machines without RAPL. * Fix: Includes several other bug fixes and stability improvements. - Version 0.10.0: * Breaking Change: This is a major rewrite with significant architectural changes. * Breaking Change: Legacy versions (0.9.0 and earlier) are now frozen, with no new features or bug fixes. * Breaking Change: The configuration format has been updated. * Breaking Change: The Kepler Model Server is not compatible with this version and above. * Feature: New modular architecture for better extensibility. * Feature: Enhanced performance and accuracy with dynamic detection of RAPL zones. * Feature: Reduced security requirements, no longer needing CAP_SYS_ADMIN or CAP_BPF capabilities. * Fix: Significantly reduced resource usage. - Version 0.9.0: * Note: This is the final legacy release. * Feature: Added support for GPU power monitoring. * Feature: Introduced a model server for training power models. - Version 0.8.2: * Fix: Addressed a bug in RAPL power calculation on multi-socket systems. - Version 0.8.1: * Fix: This version includes multiple bug fixes and stability improvements. - Version 0.8.0: * Feature: Introduced a new estimator framework. * Breaking Change: The API is backward incompatible with previous versions. - Version 0.7.12: * Fix: This version includes multiple bug fixes and stability improvements. kepler-0.11.3-160000.1.1.aarch64.rpm kepler-0.11.3-160000.1.1.ppc64le.rpm kepler-0.11.3-160000.1.1.s390x.rpm kepler-0.11.3-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-262 Recommended update for python-wxPython moderate SUSE SLFO 1.2 This update for python-wxPython fixes the following issues: - Update to python-wxPython version 4.2.3: * Fix test issues with wx.lib.introspect (#2717) * Add support for building on Windows ARM64 (#2521) * Incorporate many improvements to type stubs (#2665) * Fix building documentation with latest sphinx (#2672) * Build smaller architecture-specific wheels on macOS instead of large universal2 wheels * Calculate scroll based on child's relative position to scrolledpanel in wx.lib.scrolledpanel * Fix float -> int conversion issues in wx.lib.fancytext (#2703) * Replace deprecated NumPy type aliases * Use wx.StaticText in wx.lib.agw.hyperlink (#2686) * Implement partial support for pyproject.toml and other build process improvements * Remove use of six and most Python 2 compatibility code * Fix wxWidgets build on OpenSUSE (#558, #1067, #2422, #2532) * Fix more int conversions in wx.lib.agw.flatnotebook * Make build output reproducible * Enable overridding wx.Sizer.InformFirstDirection() (#2452) * Implement __iter__ for wxList iterator classes (fixes Python 3.13.1 issue) * Fix wx.lib.mixins.rubberband not clearing DC on redraw * Support implementing CreateBitmapBundle for custom ArtProvider * Fix float/int conversion issues in wx.lib.ogl * Include usage of wxMemoryFSHandler in webview demo * Fix crash when accessing wx.stc.StyledTextCtrl.DropTarget.Data (#2043) * Fix AuiManager pane minimizing issue * Add range field to wx.lib.agw.pygauge.PyGauge format string (#2583) * Fix pickling of wx.RealPoint (#2644) * Avoid calling FlatMenu Destroy() in a finally block (#2630) * Update wxApp.IsDisplayAvailable to work on Wayland * Fix InspectionTool crashes due to bad perspective string errors * Drop support for Python 3.8 (EOL) * Add CreateAccessible for Windows only * Added check condition to AuiManager LoadPerspective() * Fix RecursionError in platebtn bitmap getters * Add Python implementation of GetPaths (#1944) * Support Wayland GTK backend in Window.GetHandle * Refactor python only pdfviewer to support displaying pdf files where not all pages have the same size * Improve support when specifying a pre-existing toolbar as the target for the restore icon when minimizing a pane in agw.aui * Multiple bugfixes in pure python aui * pdfviewer: Add support for pymupdf renaming python313-wxPython-4.2.3-160000.1.1.aarch64.rpm python313-wxPython-4.2.3-160000.1.1.ppc64le.rpm python313-wxPython-4.2.3-160000.1.1.s390x.rpm python313-wxPython-4.2.3-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-263 Recommended update for llvm15 moderate SUSE SLFO 1.2 This update for llvm15 fixes the following issues: - Adding patch to fix build issues with glibc 2.42 (bnc#1247576). - Disable ASLR during build to make libomp.so generation reproducible (bnc#1199076). - Replace usage of %jobs for reproducible builds (bnc#1237231). - Adding patch to fix build with GCC 15. clang15-15.0.7-160000.3.1.aarch64.rpm clang15-devel-15.0.7-160000.3.1.aarch64.rpm clang15-doc-15.0.7-160000.3.1.noarch.rpm libLLVM15-15.0.7-160000.3.1.aarch64.rpm libLTO15-15.0.7-160000.3.1.aarch64.rpm libclang-cpp15-15.0.7-160000.3.1.aarch64.rpm libomp15-devel-15.0.7-160000.3.1.aarch64.rpm lld15-15.0.7-160000.3.1.aarch64.rpm llvm15-15.0.7-160000.3.1.aarch64.rpm llvm15-devel-15.0.7-160000.3.1.aarch64.rpm llvm15-doc-15.0.7-160000.3.1.noarch.rpm llvm15-gold-15.0.7-160000.3.1.aarch64.rpm llvm15-libc++-devel-15.0.7-160000.3.1.aarch64.rpm llvm15-libc++1-15.0.7-160000.3.1.aarch64.rpm llvm15-libc++abi-devel-15.0.7-160000.3.1.aarch64.rpm llvm15-libc++abi1-15.0.7-160000.3.1.aarch64.rpm llvm15-libclang13-15.0.7-160000.3.1.aarch64.rpm llvm15-opt-viewer-15.0.7-160000.3.1.noarch.rpm llvm15-polly-15.0.7-160000.3.1.aarch64.rpm llvm15-polly-devel-15.0.7-160000.3.1.aarch64.rpm llvm15-vim-plugins-15.0.7-160000.3.1.noarch.rpm python3-clang15-15.0.7-160000.3.1.noarch.rpm clang15-15.0.7-160000.3.1.ppc64le.rpm clang15-devel-15.0.7-160000.3.1.ppc64le.rpm libLLVM15-15.0.7-160000.3.1.ppc64le.rpm libLTO15-15.0.7-160000.3.1.ppc64le.rpm libclang-cpp15-15.0.7-160000.3.1.ppc64le.rpm libomp15-devel-15.0.7-160000.3.1.ppc64le.rpm lld15-15.0.7-160000.3.1.ppc64le.rpm llvm15-15.0.7-160000.3.1.ppc64le.rpm llvm15-devel-15.0.7-160000.3.1.ppc64le.rpm llvm15-gold-15.0.7-160000.3.1.ppc64le.rpm llvm15-libclang13-15.0.7-160000.3.1.ppc64le.rpm llvm15-polly-15.0.7-160000.3.1.ppc64le.rpm llvm15-polly-devel-15.0.7-160000.3.1.ppc64le.rpm clang15-15.0.7-160000.3.1.s390x.rpm clang15-devel-15.0.7-160000.3.1.s390x.rpm libLLVM15-15.0.7-160000.3.1.s390x.rpm libLTO15-15.0.7-160000.3.1.s390x.rpm libclang-cpp15-15.0.7-160000.3.1.s390x.rpm lld15-15.0.7-160000.3.1.s390x.rpm llvm15-15.0.7-160000.3.1.s390x.rpm llvm15-devel-15.0.7-160000.3.1.s390x.rpm llvm15-gold-15.0.7-160000.3.1.s390x.rpm llvm15-libclang13-15.0.7-160000.3.1.s390x.rpm llvm15-polly-15.0.7-160000.3.1.s390x.rpm llvm15-polly-devel-15.0.7-160000.3.1.s390x.rpm clang15-15.0.7-160000.3.1.x86_64.rpm clang15-devel-15.0.7-160000.3.1.x86_64.rpm libLLVM15-15.0.7-160000.3.1.x86_64.rpm libLTO15-15.0.7-160000.3.1.x86_64.rpm libclang-cpp15-15.0.7-160000.3.1.x86_64.rpm liblldb15-15.0.7-160000.3.1.x86_64.rpm libomp15-devel-15.0.7-160000.3.1.x86_64.rpm lld15-15.0.7-160000.3.1.x86_64.rpm lldb15-15.0.7-160000.3.1.x86_64.rpm lldb15-devel-15.0.7-160000.3.1.x86_64.rpm llvm15-15.0.7-160000.3.1.x86_64.rpm llvm15-devel-15.0.7-160000.3.1.x86_64.rpm llvm15-gold-15.0.7-160000.3.1.x86_64.rpm llvm15-libc++-devel-15.0.7-160000.3.1.x86_64.rpm llvm15-libc++1-15.0.7-160000.3.1.x86_64.rpm llvm15-libc++abi-devel-15.0.7-160000.3.1.x86_64.rpm llvm15-libc++abi1-15.0.7-160000.3.1.x86_64.rpm llvm15-libclang13-15.0.7-160000.3.1.x86_64.rpm llvm15-polly-15.0.7-160000.3.1.x86_64.rpm llvm15-polly-devel-15.0.7-160000.3.1.x86_64.rpm python3-lldb15-15.0.7-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-264 Recommended update for sysconfig important SUSE SLFO 1.2 This update for sysconfig fixes the following issues: - Merged changes applied via obs system - Drop rcnetwork symlink (jsc#PED-266) - Change to create the sysconfig.config-network fillup template from common and netconfig components at build time, so it contains all variables again, instead to fillup /etc/sysconfig/network/config using multiple templates at installation time (bsc#1249210). - codespell run for all repository files and changes file - spec: fix no-binary rpmlint error and use noarch - netconfig: conditionally disable nis on Leap-16.x (bsc#1248236) - spec: fix zero-perms-ghost rpmlint warning (bsc#1237595). - spec: fix name-repeated-in-summary rpmlint warning - spec: fix obsolete-suse-version-check rpmlint warning removing unused and obsolete udevdir definition. - netconfig: fix non-executable-script rpmlint error by removing shebang from functions.netconfig library file. sysconfig-0.90.3-160000.1.1.noarch.rpm sysconfig-netconfig-0.90.3-160000.1.1.noarch.rpm openSUSE-Leap-16.0-265 Recommended update for container-suseconnect moderate SUSE SLFO 1.2 This update for container-suseconnect fixes the following issues: - Update to version 2.5.6: * Change the version logic * Fix FIPS environment variable in CI * Test in fips mode container-suseconnect-2.5.6-160000.1.1.aarch64.rpm container-suseconnect-2.5.6-160000.1.1.ppc64le.rpm container-suseconnect-2.5.6-160000.1.1.s390x.rpm container-suseconnect-2.5.6-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-266 Recommended update for rpmlint moderate SUSE SLFO 1.2 This update for rpmlint fixes the following issues: Changes in rpmlint: - Update to version 2.7.0+git20260122.f813669b: * systemd-tmpfiles: migrate texlive (bsc#1256841) * systemd-tmpfiles: whitelist sendmail spool directory (bsc#1256160) * permissions-whitelist: add exim drop-in file (bsc#1240755) rpmlint-2.7.0+git20260122.f813669b-160000.1.1.noarch.rpm rpmlint-strict-2.7.0+git20260122.f813669b-160000.1.1.noarch.rpm openSUSE-Leap-16.0-267 Recommended update for agama-web-ui moderate SUSE SLFO 1.2 This update for agama-web-ui fixes the following issues: Changes in agama-web-ui: - Fixed missing translations (error cases for software repos, iSCSI, DASD; bsc#1250059) agama-web-ui-17+467.8c5a31dc6-160000.9.1.noarch.rpm openSUSE-Leap-16.0-268 Recommended update for syslinux moderate SUSE SLFO 1.2 This update for syslinux fixes the following issues: - NASM (3.00+) requires explicit size hints (bsc#1257495) - Fix gcc-15 compile time errors during (re-)build of gpxelinux.0 syslinux-4.04-160000.3.1.x86_64.rpm syslinux-debuginfo-x86_64-4.04-160000.3.1.aarch64.rpm syslinux-debuginfo-x86_64-4.04-160000.3.1.ppc64le.rpm syslinux-debuginfo-x86_64-4.04-160000.3.1.s390x.rpm syslinux-x86_64-4.04-160000.3.1.aarch64.rpm syslinux-x86_64-4.04-160000.3.1.ppc64le.rpm syslinux-x86_64-4.04-160000.3.1.s390x.rpm openSUSE-Leap-16.0-269 Security update for go1.25 critical SUSE SLFO 1.2 This update for go1.25 fixes the following issues: Update to version 1.25.7. Security issues fixed: - CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling (bsc#1257692). - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818). Other updates and bugfixes: - version update to 1.25.7: * go#75844 cmd/compile: OOM killed on linux/arm64 * go#77323 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs * go#77425 crypto/tls: CL 737700 broke session resumption on macOS go1.25-1.25.7-160000.1.1.aarch64.rpm go1.25-doc-1.25.7-160000.1.1.aarch64.rpm go1.25-libstd-1.25.7-160000.1.1.aarch64.rpm go1.25-race-1.25.7-160000.1.1.aarch64.rpm go1.25-1.25.7-160000.1.1.ppc64le.rpm go1.25-doc-1.25.7-160000.1.1.ppc64le.rpm go1.25-race-1.25.7-160000.1.1.ppc64le.rpm go1.25-1.25.7-160000.1.1.s390x.rpm go1.25-doc-1.25.7-160000.1.1.s390x.rpm go1.25-race-1.25.7-160000.1.1.s390x.rpm go1.25-1.25.7-160000.1.1.x86_64.rpm go1.25-doc-1.25.7-160000.1.1.x86_64.rpm go1.25-libstd-1.25.7-160000.1.1.x86_64.rpm go1.25-race-1.25.7-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-27 Recommended update for wpa_supplicant moderate SUSE SLFO 1.2 This update for wpa_supplicant fixes the following issues: - Build wpa_gui with qt6 instead of obsolete qt5 - Update build config: * Enable 802.11ax support wpa_supplicant-2.11-160000.3.1.aarch64.rpm wpa_supplicant-gui-2.11-160000.3.1.aarch64.rpm wpa_supplicant-2.11-160000.3.1.ppc64le.rpm wpa_supplicant-gui-2.11-160000.3.1.ppc64le.rpm wpa_supplicant-2.11-160000.3.1.s390x.rpm wpa_supplicant-gui-2.11-160000.3.1.s390x.rpm wpa_supplicant-2.11-160000.3.1.x86_64.rpm wpa_supplicant-gui-2.11-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-270 Security update for go1.24 critical SUSE SLFO 1.2 This update for go1.24 fixes the following issues: Update to version 1.24.13. Security issues fixed: - CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling (bsc#1257692). - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818). - CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc1256820). Other updates and bugfixes: - version update to 1.24.13: * go#77323 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs * go#77424 crypto/tls: CL 737700 broke session resumption on macOS go1.24-1.24.13-160000.1.1.aarch64.rpm go1.24-doc-1.24.13-160000.1.1.aarch64.rpm go1.24-libstd-1.24.13-160000.1.1.aarch64.rpm go1.24-race-1.24.13-160000.1.1.aarch64.rpm go1.24-1.24.13-160000.1.1.ppc64le.rpm go1.24-doc-1.24.13-160000.1.1.ppc64le.rpm go1.24-race-1.24.13-160000.1.1.ppc64le.rpm go1.24-1.24.13-160000.1.1.s390x.rpm go1.24-doc-1.24.13-160000.1.1.s390x.rpm go1.24-race-1.24.13-160000.1.1.s390x.rpm go1.24-1.24.13-160000.1.1.x86_64.rpm go1.24-doc-1.24.13-160000.1.1.x86_64.rpm go1.24-libstd-1.24.13-160000.1.1.x86_64.rpm go1.24-race-1.24.13-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-271 Recommended update for python-kiwi important SUSE SLFO 1.2 This update for python-kiwi fixes the following issues: - Fixed ramdisk sysroot generator (bsc#1254116) Do not use a custom _dev name and stick with the UUID representation of the disk image in RAM after deployment. Former versions of udev did not create a by-uuid device representation which now seems to have changed. This then leads to the device name RamDisk_rootfs not being created the and respective .device unit times out. In addition the timer unit for the standard device representation changed to infinity. - Delete workflows conflicting with upstream - Fixed spec file requires (bsc#1253637) The package requirement for binutils was set to TW (equal or greater than 1650) only but is also required for SLES16/Leap16 which is 1600 This commit fixes the condition to match with all required distributions dracut-kiwi-lib-10.2.33-160000.2.1.aarch64.rpm dracut-kiwi-live-10.2.33-160000.2.1.aarch64.rpm dracut-kiwi-oem-dump-10.2.33-160000.2.1.aarch64.rpm dracut-kiwi-oem-repart-10.2.33-160000.2.1.aarch64.rpm dracut-kiwi-overlay-10.2.33-160000.2.1.aarch64.rpm dracut-kiwi-verity-10.2.33-160000.2.1.aarch64.rpm kiwi-bash-completion-10.2.33-160000.2.1.noarch.rpm kiwi-man-pages-10.2.33-160000.2.1.aarch64.rpm kiwi-systemdeps-10.2.33-160000.2.1.aarch64.rpm kiwi-systemdeps-bootloaders-10.2.33-160000.2.1.aarch64.rpm kiwi-systemdeps-containers-10.2.33-160000.2.1.aarch64.rpm kiwi-systemdeps-containers-wsl-10.2.33-160000.2.1.aarch64.rpm kiwi-systemdeps-core-10.2.33-160000.2.1.aarch64.rpm kiwi-systemdeps-disk-images-10.2.33-160000.2.1.aarch64.rpm kiwi-systemdeps-filesystems-10.2.33-160000.2.1.aarch64.rpm kiwi-systemdeps-image-validation-10.2.33-160000.2.1.aarch64.rpm kiwi-systemdeps-iso-media-10.2.33-160000.2.1.aarch64.rpm python3-kiwi-10.2.33-160000.2.1.aarch64.rpm dracut-kiwi-lib-10.2.33-160000.2.1.ppc64le.rpm dracut-kiwi-live-10.2.33-160000.2.1.ppc64le.rpm dracut-kiwi-oem-dump-10.2.33-160000.2.1.ppc64le.rpm dracut-kiwi-oem-repart-10.2.33-160000.2.1.ppc64le.rpm dracut-kiwi-overlay-10.2.33-160000.2.1.ppc64le.rpm dracut-kiwi-verity-10.2.33-160000.2.1.ppc64le.rpm kiwi-man-pages-10.2.33-160000.2.1.ppc64le.rpm kiwi-systemdeps-10.2.33-160000.2.1.ppc64le.rpm kiwi-systemdeps-bootloaders-10.2.33-160000.2.1.ppc64le.rpm kiwi-systemdeps-containers-10.2.33-160000.2.1.ppc64le.rpm kiwi-systemdeps-containers-wsl-10.2.33-160000.2.1.ppc64le.rpm kiwi-systemdeps-core-10.2.33-160000.2.1.ppc64le.rpm kiwi-systemdeps-disk-images-10.2.33-160000.2.1.ppc64le.rpm kiwi-systemdeps-filesystems-10.2.33-160000.2.1.ppc64le.rpm kiwi-systemdeps-image-validation-10.2.33-160000.2.1.ppc64le.rpm kiwi-systemdeps-iso-media-10.2.33-160000.2.1.ppc64le.rpm python3-kiwi-10.2.33-160000.2.1.ppc64le.rpm dracut-kiwi-lib-10.2.33-160000.2.1.s390x.rpm dracut-kiwi-live-10.2.33-160000.2.1.s390x.rpm dracut-kiwi-oem-dump-10.2.33-160000.2.1.s390x.rpm dracut-kiwi-oem-repart-10.2.33-160000.2.1.s390x.rpm dracut-kiwi-overlay-10.2.33-160000.2.1.s390x.rpm dracut-kiwi-verity-10.2.33-160000.2.1.s390x.rpm kiwi-man-pages-10.2.33-160000.2.1.s390x.rpm kiwi-systemdeps-10.2.33-160000.2.1.s390x.rpm kiwi-systemdeps-bootloaders-10.2.33-160000.2.1.s390x.rpm kiwi-systemdeps-containers-10.2.33-160000.2.1.s390x.rpm kiwi-systemdeps-containers-wsl-10.2.33-160000.2.1.s390x.rpm kiwi-systemdeps-core-10.2.33-160000.2.1.s390x.rpm kiwi-systemdeps-disk-images-10.2.33-160000.2.1.s390x.rpm kiwi-systemdeps-filesystems-10.2.33-160000.2.1.s390x.rpm kiwi-systemdeps-image-validation-10.2.33-160000.2.1.s390x.rpm kiwi-systemdeps-iso-media-10.2.33-160000.2.1.s390x.rpm python3-kiwi-10.2.33-160000.2.1.s390x.rpm dracut-kiwi-lib-10.2.33-160000.2.1.x86_64.rpm dracut-kiwi-live-10.2.33-160000.2.1.x86_64.rpm dracut-kiwi-oem-dump-10.2.33-160000.2.1.x86_64.rpm dracut-kiwi-oem-repart-10.2.33-160000.2.1.x86_64.rpm dracut-kiwi-overlay-10.2.33-160000.2.1.x86_64.rpm dracut-kiwi-verity-10.2.33-160000.2.1.x86_64.rpm kiwi-man-pages-10.2.33-160000.2.1.x86_64.rpm kiwi-pxeboot-10.2.33-160000.2.1.x86_64.rpm kiwi-systemdeps-10.2.33-160000.2.1.x86_64.rpm kiwi-systemdeps-bootloaders-10.2.33-160000.2.1.x86_64.rpm kiwi-systemdeps-containers-10.2.33-160000.2.1.x86_64.rpm kiwi-systemdeps-containers-wsl-10.2.33-160000.2.1.x86_64.rpm kiwi-systemdeps-core-10.2.33-160000.2.1.x86_64.rpm kiwi-systemdeps-disk-images-10.2.33-160000.2.1.x86_64.rpm kiwi-systemdeps-filesystems-10.2.33-160000.2.1.x86_64.rpm kiwi-systemdeps-image-validation-10.2.33-160000.2.1.x86_64.rpm kiwi-systemdeps-iso-media-10.2.33-160000.2.1.x86_64.rpm python3-kiwi-10.2.33-160000.2.1.x86_64.rpm openSUSE-Leap-16.0-272 Recommended update for pacemaker important SUSE SLFO 1.2 This update for pacemaker fixes the following issues: - tools: Prevent crm_verify from stating configuration is "invalid" if it only has warnings (bsc#1250349) - various: Avoid warnings about a negative value for `stonith-watchdog-timeout` (bsc#1246622) - libcrmcommon: * Increase poll() timeout to 5s for liveness checks on sub-daemons (bsc#1239533) * Add retries on connect to avoid fatal errors when sub-daemons communicate - libpacemaker: * Do not retry on ECONNREFUSED in tools. * Fix memory leak in pcmk__group_apply_location() - daemons: Fix a bug iterating in get_op_total_timeout - libcrmservice: consider a monitor pending if LoadUnit receives no reply from systemd (bsc#1232276) pacemaker-3.0.0+20250218.64cd85422c-160000.3.1.aarch64.rpm pacemaker-cli-3.0.0+20250218.64cd85422c-160000.3.1.aarch64.rpm pacemaker-cts-3.0.0+20250218.64cd85422c-160000.3.1.noarch.rpm pacemaker-devel-3.0.0+20250218.64cd85422c-160000.3.1.aarch64.rpm pacemaker-libs-3.0.0+20250218.64cd85422c-160000.3.1.aarch64.rpm pacemaker-remote-3.0.0+20250218.64cd85422c-160000.3.1.aarch64.rpm pacemaker-schemas-3.0.0+20250218.64cd85422c-160000.3.1.noarch.rpm python3-pacemaker-3.0.0+20250218.64cd85422c-160000.3.1.noarch.rpm pacemaker-3.0.0+20250218.64cd85422c-160000.3.1.ppc64le.rpm pacemaker-cli-3.0.0+20250218.64cd85422c-160000.3.1.ppc64le.rpm pacemaker-devel-3.0.0+20250218.64cd85422c-160000.3.1.ppc64le.rpm pacemaker-libs-3.0.0+20250218.64cd85422c-160000.3.1.ppc64le.rpm pacemaker-remote-3.0.0+20250218.64cd85422c-160000.3.1.ppc64le.rpm pacemaker-3.0.0+20250218.64cd85422c-160000.3.1.s390x.rpm pacemaker-cli-3.0.0+20250218.64cd85422c-160000.3.1.s390x.rpm pacemaker-devel-3.0.0+20250218.64cd85422c-160000.3.1.s390x.rpm pacemaker-libs-3.0.0+20250218.64cd85422c-160000.3.1.s390x.rpm pacemaker-remote-3.0.0+20250218.64cd85422c-160000.3.1.s390x.rpm pacemaker-3.0.0+20250218.64cd85422c-160000.3.1.x86_64.rpm pacemaker-cli-3.0.0+20250218.64cd85422c-160000.3.1.x86_64.rpm pacemaker-devel-3.0.0+20250218.64cd85422c-160000.3.1.x86_64.rpm pacemaker-libs-3.0.0+20250218.64cd85422c-160000.3.1.x86_64.rpm pacemaker-remote-3.0.0+20250218.64cd85422c-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-274 Recommended update for gfxboot moderate SUSE SLFO 1.2 This update for gfxboot fixes the following issues: - fix invalid operand size for movsx instructions (bsc#1257495) - translated using Weblate (bsc#1149754) gfxboot-4.5.104-160000.1.1.x86_64.rpm gfxboot-branding-KDE-4.5.104-160000.1.1.x86_64.rpm gfxboot-branding-upstream-4.5.104-160000.1.1.x86_64.rpm gfxboot-devel-4.5.104-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-275 Recommended update for librcd, librcc moderate SUSE SLFO 1.2 This update for librcd, librcc fixes the following issues: This syncs the RPM changelogs to not vary dates between timezones. librcd-devel-0.1.14-160000.4.1.aarch64.rpm librcd0-0.1.14-160000.4.1.aarch64.rpm librcc-devel-0.2.13-160000.4.1.aarch64.rpm librcc0-0.2.13-160000.4.1.aarch64.rpm rcc-runtime-0.2.13-160000.4.1.aarch64.rpm librcd-devel-0.1.14-160000.4.1.ppc64le.rpm librcd0-0.1.14-160000.4.1.ppc64le.rpm librcc-devel-0.2.13-160000.4.1.ppc64le.rpm librcc0-0.2.13-160000.4.1.ppc64le.rpm rcc-runtime-0.2.13-160000.4.1.ppc64le.rpm librcd-devel-0.1.14-160000.4.1.s390x.rpm librcd0-0.1.14-160000.4.1.s390x.rpm librcc-devel-0.2.13-160000.4.1.s390x.rpm librcc0-0.2.13-160000.4.1.s390x.rpm rcc-runtime-0.2.13-160000.4.1.s390x.rpm librcd-devel-0.1.14-160000.4.1.x86_64.rpm librcd0-0.1.14-160000.4.1.x86_64.rpm librcc-devel-0.2.13-160000.4.1.x86_64.rpm librcc0-0.2.13-160000.4.1.x86_64.rpm rcc-runtime-0.2.13-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-276 Recommended update for image-janitor moderate SUSE SLFO 1.2 This update for image-janitor fixes the following issues: Changes in image-janitor: - Release 0.2.0 with configuration files packaged image-janitor-0.2.0-160000.1.1.aarch64.rpm image-janitor-0.2.0-160000.1.1.ppc64le.rpm image-janitor-0.2.0-160000.1.1.s390x.rpm image-janitor-0.2.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-277 Recommended update for ghostscript-fonts moderate SUSE SLFO 1.2 This update for ghostscript-fonts fixes the following issues: - Remove the -converted subpackage that uses ttf-converter. ghostscript-fonts-9.06-160000.3.1.noarch.rpm ghostscript-fonts-other-9.06-160000.3.1.noarch.rpm ghostscript-fonts-std-9.06-160000.3.1.noarch.rpm openSUSE-Leap-16.0-278 Security update for patch low SUSE SLFO 1.2 This update for patch fixes the following issues: - CVE-2021-45261: invalid pointer via another_hunk function can cause a denial-of-service (bsc#1194037). patch-2.7.6-160000.3.1.aarch64.rpm patch-2.7.6-160000.3.1.ppc64le.rpm patch-2.7.6-160000.3.1.s390x.rpm patch-2.7.6-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-279 Recommended update for pcr-oracle important SUSE SLFO 1.2 This update for pcr-oracle fixes the following issues: - Update to 0.5.9: * Fix event skipping due to double increment * Add '--persistent-srk' to make SRK persistent (bsc#1248516) - Enable build on %{arm} as it is required by sdbootutil - Update to 0.5.8: * Fix unsealing failure when using non default PCR bank * Extra checks for TPM self-test (bsc#1249079) pcr-oracle-0.5.9-160000.1.1.aarch64.rpm pcr-oracle-0.5.9-160000.1.1.ppc64le.rpm pcr-oracle-0.5.9-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-28 Recommended update for gnome-shell moderate SUSE SLFO 1.2 This update for gnome-shell fixes the following issues: - Avoid error log when can't load calendars (bsc#1247037). - Fix taking interactive screenshots via D-Bus. - Fix pointer scaling glitches in magnifier. - Fix drawing glitch in sliders in RTL locales. - Misc. bug fixes and cleanups. - Updated translations. gnome-extensions-48.4-160000.1.1.aarch64.rpm gnome-shell-48.4-160000.1.1.aarch64.rpm gnome-shell-calendar-48.4-160000.1.1.aarch64.rpm gnome-shell-devel-48.4-160000.1.1.aarch64.rpm gnome-shell-lang-48.4-160000.1.1.noarch.rpm gnome-extensions-48.4-160000.1.1.ppc64le.rpm gnome-shell-48.4-160000.1.1.ppc64le.rpm gnome-shell-calendar-48.4-160000.1.1.ppc64le.rpm gnome-shell-devel-48.4-160000.1.1.ppc64le.rpm gnome-extensions-48.4-160000.1.1.s390x.rpm gnome-shell-48.4-160000.1.1.s390x.rpm gnome-shell-calendar-48.4-160000.1.1.s390x.rpm gnome-shell-devel-48.4-160000.1.1.s390x.rpm gnome-extensions-48.4-160000.1.1.x86_64.rpm gnome-shell-48.4-160000.1.1.x86_64.rpm gnome-shell-calendar-48.4-160000.1.1.x86_64.rpm gnome-shell-devel-48.4-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-281 Recommended update for gnuplot moderate SUSE SLFO 1.2 This update for gnuplot fixes the following issues: Update to gnuplot 6.0.3: * NEW backport "contourfill {at base} {fs {no}border}" * NEW backport "save changes <filename>" This variant saves only the differences between the current state and the state at the start of the session. * NEW backport "plot <data> ... if (filter_condition)" Input lines that satisfy the if condition are processed as usual. Lines that fail are essentially ignored. * NEW backport watchpoint label improvements from 6.1 Each watch target can have its own label, generated by a user function * CHANGE 3D polygon objects can have per-object fill border properties. The restriction that all 3D polygons share a single set of properties from "set pm3d" remains true for "splot with polygons". * CHANGE multiplot mousing and replot improvements back-ported from version 6.1 * CHANGE wxt: remove --with-wx-multithreaded configuration option * CHANGE restrictions on watchpoint function target removed; any function is OK * CHANGE "with hsteps" takes default width from "set boxwidth" * CHANGE column(0) returns an integer (not complex) value * FIX Support for combined hidden3d + pm3d depthorder back-ported from 6.1 This allows placing contours on a depth-sorted pm3d surface Bug 2762 * FIX "with yerrorbars" error bar span should not affect OUTRANGE Bug 2749 * FIX qt: opaque key caused incorrect interactive toggling Bug 2761 * FIX 6.0.2 regression in "splot ... using 1:2:3:4 lc palette" Bug 2784 * FIX placement of category labels along x-axis of boxplots Bug 2789 * FIX qt, cairo: "set colorbox invert" produced empty colorbox * FIX placement of minor tics along logscale axis with narrow range Bug 2765 * FIX OK to have missing corners in an image from a sparse matrix Bug 2791 * FIX error handling for various cases involving function blocks Bug 2797 - Build with qt6 instead of qt5 gnuplot-6.0.3-160000.1.1.aarch64.rpm gnuplot-doc-6.0.3-160000.1.1.noarch.rpm gnuplot-6.0.3-160000.1.1.ppc64le.rpm gnuplot-6.0.3-160000.1.1.s390x.rpm gnuplot-6.0.3-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-282 Recommended update for docbook-dsssl-stylesheets moderate SUSE SLFO 1.2 This update for docbook-dsssl-stylesheets fixes the following issue: - Using LEGALNOTICE.htm as %license (bsc#1252143). docbook-dsssl-stylesheets-1.79-160000.3.1.noarch.rpm openSUSE-Leap-16.0-283 Recommended update for clamav moderate SUSE SLFO 1.2 This update for clamav fixes the following issues: - Provide a better fix for boo#1249404 by disabling debug mode. - Build with older rust 1.87 for reproducible builds (bsc#1249404) - Add work around for symbol removals in version 1.5.0 and 1.5.1. - New version: 1.5.1: * Fixed a significant performance issue when scanning some PE files. * Fixed an issue recording file entries from a ZIP archive central directory which resulted in "Heuristics.Limits.Exceeded.MaxFiles" alerts when using the ClamScan --alert-exceeds-max command line option or ClamD AlertExceedsMax config file option. * Improved performance when scanning TNEF email attachments. * Fixed an issue with recording metadata for OOXML office documents. * Fixed an issue with signature matches for VBA in OLE2 office documents. * Loosened overly restrictive rules for embedded file identification and increased the limit for finding PE files embedded in other PE files. * Fixed an issue with extracting some RAR archives embedded in other files. * Fixed an issue with calculating fuzzy hashes affecting some images by updating the version for several Rust library dependencies. - Add json-c-json-c-0.18-20240915.tar.gz and link it statically into libclamav on SLE-12, because version 0.12 is too old. - New version 1.5.0: * Added checks to determine if an OLE2-based Microsoft Office document is encrypted. * Added the ability to record URIs found in HTML and PDFs if the generate-JSON-metadata feature is enabled. * Added regex support for the clamd.conf OnAccessExcludePath config option. * Added CVD signing/verification with external .sign files. * Freshclam, ClamD, ClamScan, and Sigtool: Added an option to enable FIPS-like limits disabling MD5 and SHA1 from being used for verifying digital signatures or for being used to trust a file when checking for false positives * ClamD: Added an option to disable select administrative commands including SHUTDOWN, RELOAD, STATS and VERSION. * libclamav: Added extended hashing functions with a "flags" parameter that allows the caller to choose if they want to bypass FIPS hash algorithm limits. - Use macros for library versions - Remove service symlinks: rcclamd, rcfreshclam, rcclamav-milter, and clamonacc. - Use rust 1.86 for SLE-12 and SLE-15-SP2. - Add an option to toggle SHUTDOWN, RELOAD, STATS and VERSION (bsc#1240363). clamav-1.5.1-160000.1.1.aarch64.rpm clamav-devel-1.5.1-160000.1.1.aarch64.rpm clamav-docs-html-1.5.1-160000.1.1.noarch.rpm clamav-milter-1.5.1-160000.1.1.aarch64.rpm libclamav12-1.5.1-160000.1.1.aarch64.rpm libclammspack0-1.5.1-160000.1.1.aarch64.rpm libfreshclam4-1.5.1-160000.1.1.aarch64.rpm clamav-1.5.1-160000.1.1.ppc64le.rpm clamav-devel-1.5.1-160000.1.1.ppc64le.rpm clamav-milter-1.5.1-160000.1.1.ppc64le.rpm libclamav12-1.5.1-160000.1.1.ppc64le.rpm libclammspack0-1.5.1-160000.1.1.ppc64le.rpm libfreshclam4-1.5.1-160000.1.1.ppc64le.rpm clamav-1.5.1-160000.1.1.s390x.rpm clamav-devel-1.5.1-160000.1.1.s390x.rpm clamav-milter-1.5.1-160000.1.1.s390x.rpm libclamav12-1.5.1-160000.1.1.s390x.rpm libclammspack0-1.5.1-160000.1.1.s390x.rpm libfreshclam4-1.5.1-160000.1.1.s390x.rpm clamav-1.5.1-160000.1.1.x86_64.rpm clamav-devel-1.5.1-160000.1.1.x86_64.rpm clamav-milter-1.5.1-160000.1.1.x86_64.rpm libclamav12-1.5.1-160000.1.1.x86_64.rpm libclammspack0-1.5.1-160000.1.1.x86_64.rpm libfreshclam4-1.5.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-284 Security update for openCryptoki moderate SUSE SLFO 1.2 This update for openCryptoki fixes the following issues: Upgrade openCryptoki to 3.26 (jsc#PED-14609) Security fixes: - CVE-2026-22791: supplying malformed compressed EC public key can lead to heap corruption or denial-of-service (bsc#1256673). - CVE-2026-23893: Privilege Escalation or Data Exposure via Symlink Following (bsc#1257116). Other fixes: * Soft: Add support for RSA keys up to 16K bits. * CCA: Add support for RSA keys up to 8K bits (requires CCA v8.4 or v7.6 or later). * p11sak: Add support for generating RSA keys up to 16K bits. * Soft/ICA: Add support for SHA512/224 and SHA512/256 key derivation mechanism (CKM_SHA512_224_KEY_DERIVATION and CKM_SHA512_256_KEY_DERIVATION). * Soft/ICA/CCA/EP11: Add support for SHA-HMAC key types CKK_SHAxxx_HMAC and key gen mechanisms CKM_SHAxxx_KEY_GEN. * p11sak: Add support for SHA-HMAC key types and key generation. * p11sak: Add support for key wrap and unwrap commands to export and import private and secret keys by means of key wrapping/unwrapping with various key wrapping mechanism. * p11kmip: Add support for using an HSM-protected TLS client key via a PKCS#11 provider. * p11sak: Add support for exporting non-sensitive private keys to password protected PEM files. * Add support for canceling an operation via NULL mechanism pointer at C_XxxInit() call as an alternative to C_SessionCancel() (PKCS#11 v3.0). * EP11: Add support for pairing friendly BLS12-381 EC curve for sign/verify using CKM_IBM_ECDSA_OTHER and signature/public key aggregation using CKM_IBM_EC_AGGREGATE. * p11sak: Add support for generating BLS12-381 EC keys. * EP11: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms (requires an EP11 host library v4.2 or later, and a CEX8P crypto card with firmware v9.6 or later on IBM z17, and v8.39 or later on IBM z16). * CCA: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms (requires CCA v8.4 or later). * Soft: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms (requires OpenSSL 3.5 or later, or the OQS-provider must be configured). * p11sak: Add support for IBM-specific ML-DSA and ML-KEM key types. * Bug fixes. openCryptoki-3.26.0-160000.1.1.aarch64.rpm openCryptoki-64bit-3.26.0-160000.1.1.aarch64.rpm openCryptoki-devel-3.26.0-160000.1.1.aarch64.rpm openCryptoki-3.26.0-160000.1.1.ppc64le.rpm openCryptoki-64bit-3.26.0-160000.1.1.ppc64le.rpm openCryptoki-devel-3.26.0-160000.1.1.ppc64le.rpm openCryptoki-3.26.0-160000.1.1.s390x.rpm openCryptoki-64bit-3.26.0-160000.1.1.s390x.rpm openCryptoki-devel-3.26.0-160000.1.1.s390x.rpm openCryptoki-3.26.0-160000.1.1.x86_64.rpm openCryptoki-64bit-3.26.0-160000.1.1.x86_64.rpm openCryptoki-devel-3.26.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-285 Recommended update for mksusecd moderate SUSE SLFO 1.2 This update for mksusecd fixes the following issues: - add --tmp-dir option to let users use an alternative tmp dir (bsc#1249804) - update documentation - support applying ISO changes in DUDs (jsc#PED-13262) - minor suse blog corrections - add provides mkmedia to spec file - add --apply-dud option to apply DUDs directly to install media (jsc#PED-13262) - adjust package dependencies - update mkmedia man page - rename mksusecd (the tool, not the package) to mkmedia - add missing doc link - suse blog - mksusecd: add --initrd-config option - fix online and network image generation - fix rar unpacking function - verifymedia: report if data partition does not have a volume id (bsc#1247230) - also check dracut config for volume label (live root) (bsc#1247230) - mksusecd: do not default to creating a .signature file on rh style media - mksusecd man page update - prefix boot options with '-' to remove them - mksusecd: fix --micro and --nano image generation - s390x: boot options are now merged with parmfile content, not replacing it - add package requires: file, cpio - add mnt/umnt helper tools for easy initrd unpacking - add blog post to documentation - fix crypto setup - add --luks option to influence LUKS entrypted volume - initrd can be missing with '--pico' option - fix --add-entry for live / multi linux media (bsc#1243075) - create rh media in rh hybrid mode as default - add option to control efi image fs visibility - verifymedia: check also alternative grub config for live option - mksusecd: fix multi linux media signing (bsc#1243125) - several bug fixes (bsc#1243125) mksusecd-4.3-160000.1.1.aarch64.rpm mksusecd-4.3-160000.1.1.ppc64le.rpm mksusecd-4.3-160000.1.1.s390x.rpm mksusecd-4.3-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-286 Security update for fontforge important SUSE SLFO 1.2 This update for fontforge fixes the following issues: Update to version 20251009. Security issues fixed: - CVE-2025-15279: remote code execution via heap-based buffer overflow in BMP file parsing (bsc#1256013). - CVE-2025-15269: remote code execution via use-after-free in SFD file parsing (bsc#1256032). - CVE-2025-15275: arbitrary code execution via SFD file parsing buffer overflow (bsc#1256025). - CVE-2025-50949: memory leak in function DlgCreate8 (bsc#1252652). Other updates and bugfixes: - fix multiple crashes in Multiple Masters. - fix crash for content over 32767 characters in GDraw multiline text field. - fix crash on Up/Down - fix crash in Metrics View. - fix UFO crash for empty contours. - fix crash issue in allmarkglyphs. - Version update to 20251009: * Update documentation for py scripts (#5180) * Update GitHub CI runners (#5328) * Update po files from Croudin sources. (#5330) * Use consistent Python in MacOS GitHub runner (#5331) * Fix CI for Windows GitHub runner (#5335) * Fix lookup flags parsing (#5338) * Fixes (#5332): glyph file names uXXXXX (#5333) * make harmonization robust and avoid zero handles after harmonization (#5262) * Quiet strict prototypes warnings. (#5313) * Fix crash in parsegvar() due to insufficient buffer (#5339) * Handle failed iconv conversion. Unhandled execution path was UB, causing a segfault for me (#5329) * Fix CMake function _get_git_version() (#5342) * Don't require individual tuple encapsulation in fontforge.font.bitmapSizes setter (#5138) * nltransform of anchor points (#5345) * Fix generateFontPostHook being called instead of generateFontPreHook (#5226) * Always set usDefaultChar to 0 (.notdef) (#5242) * add font attributes, method to Python docs (#5353) * fix segfault triggered by Python del c[i:j] (#5352) * Autoselect internal WOFF2 format (#5346) * Fix typos in the FAQ (#5355) * add font.style_set_names attribute to Python API (#5354) * Bulk tester (#5365) * Fix Splinefont shell invocation (#5367) * Fix the lists of Windows language IDs (#5359) * Support suplementary planes in SFD (emojis etc.) (#5364) * Remove psaltnames for multi-code-point names (#5305) * doc: added missing sudo to installation instructions (#5300) * Fix data corruption on SFD reading (#5380) * Compare vertical metrics check when generating TTC (#5372) * Treat FT_PIXEL_MODE_MONO as 2 grey levels (#5379) * Don't attempt to copy anchors into NULL font (#5405) * Fix export of supplementary plane characters in font name to TTF (#5396) * Defer crowdin update to the end of the pipeline (#5409) * Fix generated feature file bugs (#5384) * crowdin: update to java 17 (#5447) * Remove assert from Python script processor (#5410) * Use sysconfig for Python module locations (#5423) * Use PyConfig API on Python 3.8 (#5404) * Fix resource leak in unParseTTInstrs (#5476) * Only install GUI-specific files if ENABLE_GUI is set (#5451) * add math device tables to Python API (#5348) * Update CI runner to macOS 13 (#5482) * Allow hyphen and special characters in Feature File glyph names (#5358) * Fix Python font.appendSFNTName() function (#5494) * Update mm.c (#5386) * Warning rollup (probably some hidden bugs!) from clang trunk (#5492) * Fix function PyFFFont_addSmallCaps. (#5519) * Make SmallCaps() create symbols (#5517) * Segfault fix and complete implementation of "Don't generate FFTM tables" (#5509) * Modernize fixed pitch flag computation (#5506) * fix memleak in function utf7toutf8_copy (#5495) * Avoid crashes in Python scripts when objects are accessed in invalid state (#5483) * Fix CI for Ubuntu 24 (#5531) * Bump GitHub CI runner to Ubuntu 22 (#5551) * Fix memory corruption in SFUnicodeRanges() (#5537) * Add contour draw option to H.Metrics. (#5496) * Fix scaling of references in CharView (#5558) * Fix TTF validation on load for fixed pitch fonts (#5562) * Performance fixes for GSUB/GPOS dumps (#5547) * Simple GTK-based dialog with CSS appearance support (#5546) * Support Harfbuzz in Metrics View (#5522) * Update po files from crowdin translations (#5575) * Be more clever about label text in gtextfield (#5583) * Add minimal support for GDEF version 1.3 (#5584) * Sanitize messages from python (#5589) * Fix a crash caused by deleting a glyph with vertical kerning pairs. (#5592) * THEME -> GUI_THEME (#5596) * Update po translations from Crowdin (#5593) * Upgrade to Unicode 16.0.0 (#5594) * Fix Linux AppImage (#5599) * Upgrade to Unicode 17.0.0 and extend the language and script lists (#5618) * Remove X11 and non-Cairo drawing backends (#5612) * Add macOS dependency setup script (#5563) * Fix hotkeys in BitmapView (#5626) * Manually install Inno Setup 6 (#5621) * Remove cv->back_img_out_of_date and cv->backimgs (#5625) * fix spelling "bt" -> "but" (#5636) * Fix typos in Python module docs (#5634) - Version update to 20230101+git59.770356c9b: * Add contour draw option to H.Metrics. (#5496) * Fix memory corruption in SFUnicodeRanges() (#5537) * Bump GitHub CI runner to Ubuntu 22 (#5551) * Fix CI for Ubuntu 24 (#5531) * Avoid crashes in Python scripts when objects are accessed in invalid state (#5483) * fix memleak in function utf7toutf8_copy (#5495) * Modernize fixed pitch flag computation (#5506) * Segfault fix and complete implementation of "Don't generate FFTM tables" (#5509) * Make SmallCaps() translate symbols, too. Update documentation accordingly. (#5517) * Fix function PyFFFont_addSmallCaps. (#5519) * Warning rollup (probably some hidden bugs!) from clang trunk (#5492) * Update mm.c (#5386) * fix memleak in function DlgCreate8 (#5491) * Fix Python font.appendSFNTName() function (#5494) * Allow hyphen and special characters in Feature File glyph names (#5358) * Update CI runner to macOS 13 (#5482) * add math device tables to Python API (#5348) * Only install GUI-specific files if ENABLE_GUI is set (#5451) * Fix resource leak in unParseTTInstrs (#5476) * Use PyConfig API on Python 3.8 (#5404) * Use sysconfig for Python module locations (#5423) * More crowdin fix * Python script shall trigger no asserts (#5410) * crowdin: update to java 17 (#5447) * try fix crowdin * Fix generated feature file bugs (#5384) * Defer crowdin update to the end of the pipeline (#5409) * Fix export of supplementary plane characters in font name to TTF (#5396) * Don't attempt to copy anchors into NULL font (#5405) * Treat FT_PIXEL_MODE_MONO as 2 grey levels (#5379) * Compare vertical metrics check when generating TTC (#5372) * Fix data corruption on SFD reading (#5380) * doc: added missing sudo to installation instructions (#5300) * Remove `psaltnames` for multi-code-point names (#5305) * Support suplementary planes in SFD (emojis etc.) (#5364) * Fix the lists of Windows language IDs (#5359) * fix splinefont shell command injection (#5367) * Bulk tester (#5365) * add `font.style_set_names` attribute to Python API (#5354) * Fix typos in the FAQ (#5355) * Autoselect internal WOFF2 format (#5346) * fix segfault triggered by Python `del c[i:j]` (#5352) * add `font` attributes, method to Python docs (#5353) * Always set `usDefaultChar` to 0 (.notdef) (#5242) * Fix generateFontPostHook being called instead of generateFontPreHook (#5226) * nltransform of anchor points (#5345) * Don't require individual tuple encapsulation in fontforge.font.bitmapSizes setter (#5138) * Fix CMake function _get_git_version() (#5342) * Handle failed iconv conversion. Unhandled execution path was UB, causing a segfault for me (#5329) * Fix crash in parsegvar() due to insufficient buffer (#5339) * Quiet strict prototypes warnings. (#5313) * harmonizing can now no longer produce zero handles, the computation of harmonization is now numerically robust (#5262) * Fix glyph file names uXXXXX (#5333) * Fix lookup flags parsing (#5338) * Duplicate libfontforge.dll for "py" and "pyhook" tests. (#5335) * Use consistent Python in MacOS GitHub runner (#5331) * Update po files from Croudin sources after fixing problems * Fix GinHub CI runners (#5328) fontforge-20251009-160000.1.1.aarch64.rpm fontforge-devel-20251009-160000.1.1.aarch64.rpm fontforge-doc-20251009-160000.1.1.noarch.rpm fontforge-20251009-160000.1.1.ppc64le.rpm fontforge-devel-20251009-160000.1.1.ppc64le.rpm fontforge-20251009-160000.1.1.s390x.rpm fontforge-devel-20251009-160000.1.1.s390x.rpm fontforge-20251009-160000.1.1.x86_64.rpm fontforge-devel-20251009-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-287 Security update for nodejs22 important SUSE SLFO 1.2 This update for nodejs22 fixes the following issues: Update to 22.22.0: - CVE-2025-55130: file system permissions bypass via crafted symlinks (bsc#1256569). - CVE-2025-55131: timeout-based race conditions allow for allocations that contain leftover data from previous operations and lead to exposure of in-process secrets (bsc#1256570). - CVE-2025-55132: a file's access and modification timestamps can be changed via `futimes()` even when the process has only read permissions (bsc#1256571). - CVE-2025-59465: malformed HTTP/2 HEADERS frame with invalid HPACK data can cause a crash due to an unhandled error (bsc#1256573). - CVE-2025-59466: uncatchable "Maximum call stack size exceeded" error when `async_hooks.createHook()` is enabled can lead to crash (bsc#1256574). - CVE-2026-21637: synchronous exceptions thrown during certain callbacks bypass the standard TLS error handling paths and can cause a denial of service (bsc#1256576). - CVE-2026-22036: undici: unbounded decompression chain in HTTP responses via Content-Encoding may lead to resource exhaustion (bsc#1256848). For full changelog, please see https://nodejs.org/en/blog corepack22-22.22.0-160000.1.1.aarch64.rpm nodejs22-22.22.0-160000.1.1.aarch64.rpm nodejs22-devel-22.22.0-160000.1.1.aarch64.rpm nodejs22-docs-22.22.0-160000.1.1.noarch.rpm npm22-22.22.0-160000.1.1.aarch64.rpm corepack22-22.22.0-160000.1.1.ppc64le.rpm nodejs22-22.22.0-160000.1.1.ppc64le.rpm nodejs22-devel-22.22.0-160000.1.1.ppc64le.rpm npm22-22.22.0-160000.1.1.ppc64le.rpm corepack22-22.22.0-160000.1.1.s390x.rpm nodejs22-22.22.0-160000.1.1.s390x.rpm nodejs22-devel-22.22.0-160000.1.1.s390x.rpm npm22-22.22.0-160000.1.1.s390x.rpm corepack22-22.22.0-160000.1.1.x86_64.rpm nodejs22-22.22.0-160000.1.1.x86_64.rpm nodejs22-devel-22.22.0-160000.1.1.x86_64.rpm npm22-22.22.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-288 Optional update for nodejs24 moderate SUSE SLFO 1.2 This update for nodejs24 fixes the following issues: nodejs24 is added in version 24.12.0. corepack24-24.13.0-160000.1.1.aarch64.rpm nodejs24-24.13.0-160000.1.1.aarch64.rpm nodejs24-devel-24.13.0-160000.1.1.aarch64.rpm nodejs24-docs-24.13.0-160000.1.1.noarch.rpm npm24-24.13.0-160000.1.1.aarch64.rpm corepack24-24.13.0-160000.1.1.ppc64le.rpm nodejs24-24.13.0-160000.1.1.ppc64le.rpm nodejs24-devel-24.13.0-160000.1.1.ppc64le.rpm npm24-24.13.0-160000.1.1.ppc64le.rpm corepack24-24.13.0-160000.1.1.s390x.rpm nodejs24-24.13.0-160000.1.1.s390x.rpm nodejs24-devel-24.13.0-160000.1.1.s390x.rpm npm24-24.13.0-160000.1.1.s390x.rpm corepack24-24.13.0-160000.1.1.x86_64.rpm nodejs24-24.13.0-160000.1.1.x86_64.rpm nodejs24-devel-24.13.0-160000.1.1.x86_64.rpm npm24-24.13.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-289 Optional update for go1.26 moderate SUSE SLFO 1.2 This update for go1.26 fixes the following issues: This update adds go1.26. go1.26-1.26rc3-160000.1.1.aarch64.rpm go1.26-doc-1.26rc3-160000.1.1.aarch64.rpm go1.26-libstd-1.26rc3-160000.1.1.aarch64.rpm go1.26-race-1.26rc3-160000.1.1.aarch64.rpm go1.26-1.26rc3-160000.1.1.ppc64le.rpm go1.26-doc-1.26rc3-160000.1.1.ppc64le.rpm go1.26-race-1.26rc3-160000.1.1.ppc64le.rpm go1.26-1.26rc3-160000.1.1.s390x.rpm go1.26-doc-1.26rc3-160000.1.1.s390x.rpm go1.26-race-1.26rc3-160000.1.1.s390x.rpm go1.26-1.26rc3-160000.1.1.x86_64.rpm go1.26-doc-1.26rc3-160000.1.1.x86_64.rpm go1.26-libstd-1.26rc3-160000.1.1.x86_64.rpm go1.26-race-1.26rc3-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-29 Security update for expat important SUSE SLFO 1.2 This update for expat fixes the following issues: - CVE-2025-59375: Fixed large dynamic memory allocations via a small document submitted for parsing (bsc#1249584) expat-2.7.1-160000.3.1.aarch64.rpm libexpat-devel-2.7.1-160000.3.1.aarch64.rpm libexpat1-2.7.1-160000.3.1.aarch64.rpm expat-2.7.1-160000.3.1.ppc64le.rpm libexpat-devel-2.7.1-160000.3.1.ppc64le.rpm libexpat1-2.7.1-160000.3.1.ppc64le.rpm expat-2.7.1-160000.3.1.s390x.rpm libexpat-devel-2.7.1-160000.3.1.s390x.rpm libexpat1-2.7.1-160000.3.1.s390x.rpm expat-2.7.1-160000.3.1.x86_64.rpm libexpat-devel-2.7.1-160000.3.1.x86_64.rpm libexpat1-2.7.1-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-290 Security update for golang-github-prometheus-prometheus critical SUSE SLFO 1.2 This update for golang-github-prometheus-prometheus fixes the following issues: - CVE-2026-25547: Fixed an unbounded brace range expansion leading to excessive CPU and memory consumption. (bsc#1257841) - CVE-2026-1615: Fixed arbitrary code injection due to unsafe evaluation of user-supplied JSON Path expressions in jsonpath. (bsc#1257897) - CVE-2025-61140: Fixed a function vulnerable to prototype pollution in jsonpath. (bsc#1257442) golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64.rpm golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le.rpm golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x.rpm golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64.rpm openSUSE-Leap-16.0-291 Security update for cockpit-machines, cockpit important SUSE SLFO 1.2 This update for cockpit-machines, cockpit fixes the following issues: - CVE-2025-13465: Update the lodash dependencie to avoid prototype pollution. (bsc#1257324) Changes in cockpit-machines: - Update to 346 * 346 - Performance improvements - Translation updates * 345 - New virtual machines don't get SPICE graphics anymore - Support for network port forwarding - Bug fixes and translation updates - Update to 344 * 344 - Port forwarding for user session VMs - "Shutdown and restart" action - Faster startup * 343 - Memory usage now shows numbers reported by the guest (RHEL-116731) - Update to 342 * 342 - Bug fixes and translation updates * 341 - Improved UX for Disks and Network interface tables - Bug fixes and translation updates * 340 - Use exclusive VNC connections with "Remote resizing" - Update to 339 * 339 - Serial consoles now keep their content and stay alive - No longer copies qemu.conf values into VM definitions * 338 - Translation and dependency updates - Detachable VNC console - Update to 337 * 337 - Bug fixes and translation updates * 336 - Graphical VNC and serial consoles improvements - Control VNC console resizing and scaling - Bug fixes and translation updates * 335 - Bug fixes and translation updates * 334 - Bug fixes and translation updates Changes in cockpit: - Update to 354 * changes since 351 - 354 * Convert documentation to AsciiDoc * Work around Firefox 146/147 bug (rhbz#2422331) * Bug fixes - 353 * Networking: Suggest prefix length and gateway address * Bug fixes and translation updates - 352 * Shown a warning if the last shutdown/reboot was unclean * Bug fixes and translation updates - Update to 351 * Changes since 349 - 351 * Firewall ports can be deleted individually - 350 * networking: fix renaming of bridges and other groups (RHEL-117883) * bridge: fix OpenSSH_10.2p1 host key detection - Update to 349 * Changes since 346 - 349 * Package manifests: add any test * Bug fixes and translation updates - 348 * Bug fixes and translation updates - 347 * Site-specific branding support - Update to 346 * Changes since 344 - 346 * Support branding Cockpit pages * Storage: Support for Stratis "V2" pools - 345 * Translation and dependency updates * Shorter IPv6 addresses * IPv6 addresses for WireGuard - Update to 344 * Changes since 340 - 344 * Bug fixes and translation updates - 343 * login: Improve error message for unsupported shells * cockpit: Handle file access issues with files in machines.d * Translation updates - 342 * systemd: ensure update() is called at least once for tuned-dialog * Translation updates - 341 * services: show link to podman page for quadlets * Bug fixes and translation updates cockpit-machines-346-160000.1.1.noarch.rpm cockpit-354-160000.1.1.aarch64.rpm cockpit-bridge-354-160000.1.1.noarch.rpm cockpit-devel-354-160000.1.1.aarch64.rpm cockpit-doc-354-160000.1.1.noarch.rpm cockpit-firewalld-354-160000.1.1.noarch.rpm cockpit-kdump-354-160000.1.1.noarch.rpm cockpit-networkmanager-354-160000.1.1.noarch.rpm cockpit-packagekit-354-160000.1.1.noarch.rpm cockpit-selinux-354-160000.1.1.noarch.rpm cockpit-storaged-354-160000.1.1.noarch.rpm cockpit-system-354-160000.1.1.noarch.rpm cockpit-ws-354-160000.1.1.aarch64.rpm cockpit-ws-selinux-354-160000.1.1.aarch64.rpm cockpit-354-160000.1.1.ppc64le.rpm cockpit-devel-354-160000.1.1.ppc64le.rpm cockpit-ws-354-160000.1.1.ppc64le.rpm cockpit-ws-selinux-354-160000.1.1.ppc64le.rpm cockpit-354-160000.1.1.s390x.rpm cockpit-devel-354-160000.1.1.s390x.rpm cockpit-ws-354-160000.1.1.s390x.rpm cockpit-ws-selinux-354-160000.1.1.s390x.rpm cockpit-354-160000.1.1.x86_64.rpm cockpit-devel-354-160000.1.1.x86_64.rpm cockpit-ws-354-160000.1.1.x86_64.rpm cockpit-ws-selinux-354-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-292 Security update for wicked2nm important SUSE SLFO 1.2 This update for wicked2nm fixes the following issues: - Update to version 1.4.1 - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257908). wicked2nm-1.4.1-160000.1.1.aarch64.rpm wicked2nm-1.4.1-160000.1.1.ppc64le.rpm wicked2nm-1.4.1-160000.1.1.s390x.rpm wicked2nm-1.4.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-293 Recommended update for LibVNCServer moderate SUSE SLFO 1.2 This update for LibVNCServer fixes the following issues: - Fix devel package dependencies (bsc#1247887) LibVNCServer-devel-0.9.14-160000.3.1.aarch64.rpm libvncclient1-0.9.14-160000.3.1.aarch64.rpm libvncserver1-0.9.14-160000.3.1.aarch64.rpm LibVNCServer-devel-0.9.14-160000.3.1.ppc64le.rpm libvncclient1-0.9.14-160000.3.1.ppc64le.rpm libvncserver1-0.9.14-160000.3.1.ppc64le.rpm LibVNCServer-devel-0.9.14-160000.3.1.s390x.rpm libvncclient1-0.9.14-160000.3.1.s390x.rpm libvncserver1-0.9.14-160000.3.1.s390x.rpm LibVNCServer-devel-0.9.14-160000.3.1.x86_64.rpm libvncclient1-0.9.14-160000.3.1.x86_64.rpm libvncserver1-0.9.14-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-294 Security update for docker moderate SUSE SLFO 1.2 This update for docker fixes the following issues: - CVE-2025-58181: not validating the number of mechanisms can cause unlimited memory consumption (bsc#1253904). Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update? docker-28.5.1_ce-160000.5.1.aarch64.rpm docker-bash-completion-28.5.1_ce-160000.5.1.noarch.rpm docker-buildx-0.29.0-160000.5.1.aarch64.rpm docker-fish-completion-28.5.1_ce-160000.5.1.noarch.rpm docker-rootless-extras-28.5.1_ce-160000.5.1.noarch.rpm docker-zsh-completion-28.5.1_ce-160000.5.1.noarch.rpm docker-28.5.1_ce-160000.5.1.ppc64le.rpm docker-buildx-0.29.0-160000.5.1.ppc64le.rpm docker-28.5.1_ce-160000.5.1.s390x.rpm docker-buildx-0.29.0-160000.5.1.s390x.rpm docker-28.5.1_ce-160000.5.1.x86_64.rpm docker-buildx-0.29.0-160000.5.1.x86_64.rpm openSUSE-Leap-16.0-295 Recommended update for ibmtss moderate SUSE SLFO 1.2 This update for ibmtss fixes the following issues: - Remove test data: certs and keys (bsc#1239985) ibmtss-2.4.1-160000.3.1.aarch64.rpm ibmtss-base-2.4.1-160000.3.1.noarch.rpm ibmtss-devel-2.4.1-160000.3.1.aarch64.rpm libibmtss2-2.4.1-160000.3.1.aarch64.rpm ibmtss-2.4.1-160000.3.1.ppc64le.rpm ibmtss-devel-2.4.1-160000.3.1.ppc64le.rpm libibmtss2-2.4.1-160000.3.1.ppc64le.rpm ibmtss-2.4.1-160000.3.1.s390x.rpm ibmtss-devel-2.4.1-160000.3.1.s390x.rpm libibmtss2-2.4.1-160000.3.1.s390x.rpm ibmtss-2.4.1-160000.3.1.x86_64.rpm ibmtss-devel-2.4.1-160000.3.1.x86_64.rpm libibmtss2-2.4.1-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-296 Security update for cockpit-repos important SUSE SLFO 1.2 This update for cockpit-repos fixes the following issues: Update to version 4.7. Security issues fixed: - CVE-2025-13465: prototype pollution in the _.unset and _.omit functions can lead to deletion of methods from global (bsc#1257325). - CVE-2025-64718: js-yaml prototype pollution in merge (bsc#1255425). Other updates and bugfixes: - version update to 4.7 * Translation updates - version update to 4.6: * Translation updates * Dependency updates * Fix translations pot file not being update - version update to 4.5: * Dependency updates - version update to 4.4: * Translation updates * Dependency updates cockpit-repos-4.7-160000.1.1.noarch.rpm openSUSE-Leap-16.0-299 Security update for MozillaFirefox moderate SUSE SLFO 1.2 This update for MozillaFirefox fixes the following issues: Changes in MozillaFirefox: Firefox Extended Support Release 140.7.1 ESR was released: * Fixed: Security fix. MFSA 2026-10 (bsc#1258231): * CVE-2026-2447: Heap buffer overflow in libvpx. MozillaFirefox-140.7.1-160000.1.1.aarch64.rpm MozillaFirefox-branding-upstream-140.7.1-160000.1.1.aarch64.rpm MozillaFirefox-devel-140.7.1-160000.1.1.noarch.rpm MozillaFirefox-translations-common-140.7.1-160000.1.1.aarch64.rpm MozillaFirefox-translations-other-140.7.1-160000.1.1.aarch64.rpm MozillaFirefox-140.7.1-160000.1.1.ppc64le.rpm MozillaFirefox-branding-upstream-140.7.1-160000.1.1.ppc64le.rpm MozillaFirefox-translations-common-140.7.1-160000.1.1.ppc64le.rpm MozillaFirefox-translations-other-140.7.1-160000.1.1.ppc64le.rpm MozillaFirefox-140.7.1-160000.1.1.s390x.rpm MozillaFirefox-branding-upstream-140.7.1-160000.1.1.s390x.rpm MozillaFirefox-translations-common-140.7.1-160000.1.1.s390x.rpm MozillaFirefox-translations-other-140.7.1-160000.1.1.s390x.rpm MozillaFirefox-140.7.1-160000.1.1.x86_64.rpm MozillaFirefox-branding-upstream-140.7.1-160000.1.1.x86_64.rpm MozillaFirefox-translations-common-140.7.1-160000.1.1.x86_64.rpm MozillaFirefox-translations-other-140.7.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-3 Recommended update of python-instance-billing-flavor-check moderate SUSE SLFO 1.2 This update for python-instance-billing-flavor-check fixes the following issues: - Build fix for SLE 16 and later (bsc#1250110) python-instance-billing-flavor-check-1.0.1-160000.3.1.aarch64.rpm python-instance-billing-flavor-check-1.0.1-160000.3.1.ppc64le.rpm python-instance-billing-flavor-check-1.0.1-160000.3.1.s390x.rpm python-instance-billing-flavor-check-1.0.1-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-30 Security update for openexr moderate SUSE SLFO 1.2 This update for openexr fixes the following issues: - CVE-2025-64181: Fixed use of uninitialized memory in function generic_unpack() (bsc#1253233) libIex-3_2-31-3.2.2-160000.3.1.aarch64.rpm libIlmThread-3_2-31-3.2.2-160000.3.1.aarch64.rpm libOpenEXR-3_2-31-3.2.2-160000.3.1.aarch64.rpm libOpenEXRCore-3_2-31-3.2.2-160000.3.1.aarch64.rpm libOpenEXRUtil-3_2-31-3.2.2-160000.3.1.aarch64.rpm openexr-3.2.2-160000.3.1.aarch64.rpm openexr-devel-3.2.2-160000.3.1.aarch64.rpm openexr-doc-3.2.2-160000.3.1.noarch.rpm libIex-3_2-31-3.2.2-160000.3.1.ppc64le.rpm libIlmThread-3_2-31-3.2.2-160000.3.1.ppc64le.rpm libOpenEXR-3_2-31-3.2.2-160000.3.1.ppc64le.rpm libOpenEXRCore-3_2-31-3.2.2-160000.3.1.ppc64le.rpm libOpenEXRUtil-3_2-31-3.2.2-160000.3.1.ppc64le.rpm openexr-3.2.2-160000.3.1.ppc64le.rpm openexr-devel-3.2.2-160000.3.1.ppc64le.rpm libIex-3_2-31-3.2.2-160000.3.1.s390x.rpm libIlmThread-3_2-31-3.2.2-160000.3.1.s390x.rpm libOpenEXR-3_2-31-3.2.2-160000.3.1.s390x.rpm libOpenEXRCore-3_2-31-3.2.2-160000.3.1.s390x.rpm libOpenEXRUtil-3_2-31-3.2.2-160000.3.1.s390x.rpm openexr-3.2.2-160000.3.1.s390x.rpm openexr-devel-3.2.2-160000.3.1.s390x.rpm libIex-3_2-31-3.2.2-160000.3.1.x86_64.rpm libIex-3_2-31-x86-64-v3-3.2.2-160000.3.1.x86_64.rpm libIlmThread-3_2-31-3.2.2-160000.3.1.x86_64.rpm libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.3.1.x86_64.rpm libOpenEXR-3_2-31-3.2.2-160000.3.1.x86_64.rpm libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.3.1.x86_64.rpm libOpenEXRCore-3_2-31-3.2.2-160000.3.1.x86_64.rpm libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.3.1.x86_64.rpm libOpenEXRUtil-3_2-31-3.2.2-160000.3.1.x86_64.rpm libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.3.1.x86_64.rpm openexr-3.2.2-160000.3.1.x86_64.rpm openexr-devel-3.2.2-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-300 Security update for python313 important SUSE SLFO 1.2 This update for python313 fixes the following issues: Update to version 3.13.12. Security issues fixed: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters (bsc#1257029). - CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046). - CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel (bsc#1257031). - CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042). - CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in `BytesGenerator` (bsc#1257181). Other updates and bugfixes: - Update to version 3.13.12. - Library - gh-144380: Improve performance of io.BufferedReader line iteration by ~49%. - gh-144169: Fix three crashes when non-string keyword arguments are supplied to objects in the ast module. - gh-144100: Fixed a crash in ctypes when using a deprecated POINTER(str) type in argtypes. Instead of aborting, ctypes now raises a proper Python exception when the pointer target type is unresolved. - gh-144050: Fix stat.filemode() in the pure-Python implementation to avoid misclassifying invalid mode values as block devices. - gh-144023: Fixed validation of file descriptor 0 in posix functions when used with follow_symlinks parameter. - gh-143999: Fix an issue where inspect.getgeneratorstate() and inspect.getcoroutinestate() could fail for generators wrapped by types.coroutine() in the suspended state. - gh-143706: Fix multiprocessing forkserver so that sys.argv is correctly set before __main__ is preloaded. Previously, sys.argv was empty during main module import in forkserver child processes. This fixes a regression introduced in 3.13.8 and 3.14.1. Root caused by Aaron Wieczorek, test provided by Thomas Watson, thanks! - gh-143638: Forbid reentrant calls of the pickle.Pickler and pickle.Unpickler methods for the C implementation. Previously, this could cause crash or data corruption, now concurrent calls of methods of the same object raise RuntimeError. - gh-78724: Raise RuntimeError's when user attempts to call methods on half-initialized Struct objects, For example, created by Struct.__new__(Struct). Patch by Sergey B Kirpichev. - gh-143602: Fix a inconsistency issue in write() that leads to unexpected buffer overwrite by deduplicating the buffer exports. - gh-143547: Fix sys.unraisablehook() when the hook raises an exception and changes sys.unraisablehook(): hold a strong reference to the old hook. Patch by Victor Stinner. - gh-143378: Fix use-after-free crashes when a BytesIO object is concurrently mutated during write() or writelines(). - gh-143346: Fix incorrect wrapping of the Base64 data in plistlib._PlistWriter when the indent contains a mix of tabs and spaces. - gh-143310: tkinter: fix a crash when a Python list is mutated during the conversion to a Tcl object (e.g., when setting a Tcl variable). Patch by Benedikt Tran. - gh-143309: Fix a crash in os.execve() on non-Windows platforms when given a custom environment mapping which is then mutated during parsing. Patch by Benedikt Tran. - gh-143308: pickle: fix use-after-free crashes when a PickleBuffer is concurrently mutated by a custom buffer callback during pickling. Patch by Benedikt Tran and Aaron Wieczorek. - gh-143237: Fix support of named pipes in the rotating logging handlers. - gh-143249: Fix possible buffer leaks in Windows overlapped I/O on error handling. - gh-143241: zoneinfo: fix infinite loop in ZoneInfo.from_file when parsing a malformed TZif file. Patch by Fatih Celik. - gh-142830: sqlite3: fix use-after-free crashes when the connection's callbacks are mutated during a callback execution. Patch by Benedikt Tran. - gh-143200: xml.etree.ElementTree: fix use-after-free crashes in __getitem__() and __setitem__() methods of Element when the element is concurrently mutated. Patch by Benedikt Tran. - gh-142195: Updated timeout evaluation logic in subprocess to be compatible with deterministic environments like Shadow where time moves exactly as requested. - gh-143145: Fixed a possible reference leak in ctypes when constructing results with multiple output parameters on error. - gh-122431: Corrected the error message in readline.append_history_file() to state that nelements must be non-negative instead of positive. - gh-143004: Fix a potential use-after-free in collections.Counter.update() when user code mutates the Counter during an update. - gh-143046: The asyncio REPL no longer prints copyright and version messages in the quiet mode (-q). Patch by Bartosz Slawecki. - gh-140648: The asyncio REPL now respects the -I flag (isolated mode). Previously, it would load and execute PYTHONSTARTUP even if the flag was set. Contributed by Bartosz Slawecki. - gh-142991: Fixed socket operations such as recvfrom() and sendto() for FreeBSD divert(4) socket. - gh-143010: Fixed a bug in mailbox where the precise timing of an external event could result in the library opening an existing file instead of a file it expected to create. - gh-142881: Fix concurrent and reentrant call of atexit.unregister(). - gh-112127: Fix possible use-after-free in atexit.unregister() when the callback is unregistered during comparison. - gh-142783: Fix zoneinfo use-after-free with descriptor _weak_cache. a descriptor as _weak_cache could cause crashes during object creation. The fix ensures proper reference counting for descriptor-provided objects. - gh-142754: Add the ownerDocument attribute to xml.dom.minidom elements and attributes created by directly instantiating the Element or Attr class. Note that this way of creating nodes is not supported; creator functions like xml.dom.Document.documentElement() should be used instead. - gh-142784: The asyncio REPL now properly closes the loop upon the end of interactive session. Previously, it could cause surprising warnings. Contributed by Bartosz Slawecki. - gh-142555: array: fix a crash in a[i] = v when converting i to an index via i.__index__ or i.__float__ mutates the array. - gh-142594: Fix crash in TextIOWrapper.close() when the underlying buffer's closed property calls detach(). - gh-142451: hmac: Ensure that the HMAC.block_size attribute is correctly copied by HMAC.copy. Patch by Benedikt Tran. - gh-142495: collections.defaultdict now prioritizes __setitem__() when inserting default values from default_factory. This prevents race conditions where a default value would overwrite a value set before default_factory returns. - gh-142651: unittest.mock: fix a thread safety issue where Mock.call_count may return inaccurate values when the mock is called concurrently from multiple threads. - gh-142595: Added type check during initialization of the decimal module to prevent a crash in case of broken stdlib. Patch by Sergey B Kirpichev. - gh-142517: The non-compat32 email policies now correctly handle refolding encoded words that contain bytes that can not be decoded in their specified character set. Previously this resulted in an encoding exception during folding. - gh-112527: The help text for required options in argparse no longer extended with "(default: None)". - gh-142315: Pdb can now run scripts from anonymous pipes used in process substitution. Patch by Bartosz Slawecki. - gh-142282: Fix winreg.QueryValueEx() to not accidentally read garbage buffer under race condition. - gh-75949: Fix argparse to preserve | separators in mutually exclusive groups when the usage line wraps due to length. - gh-68552: MisplacedEnvelopeHeaderDefect and Missing header name defects are now correctly passed to the handle_defect method of policy in FeedParser. - gh-142006: Fix a bug in the email.policy.default folding algorithm which incorrectly resulted in a doubled newline when a line ending at exactly max_line_length was followed by an unfoldable token. - gh-105836: Fix asyncio.run_coroutine_threadsafe() leaving underlying cancelled asyncio task running. - gh-139971: pydoc: Ensure that the link to the online documentation of a stdlib module is correct. - gh-139262: Some keystrokes can be swallowed in the new PyREPL on Windows, especially when used together with the ALT key. Fix by Chris Eibl. - gh-138897: Improved license/copyright/credits display in the REPL: now uses a pager. - gh-79986: Add parsing for References and In-Reply-To headers to the email library that parses the header content as lists of message id tokens. This prevents them from being folded incorrectly. - gh-109263: Starting a process from spawn context in multiprocessing no longer sets the start method globally. - gh-90871: Fixed an off by one error concerning the backlog parameter in create_unix_server(). Contributed by Christian Harries. - gh-133253: Fix thread-safety issues in linecache. - gh-132715: Skip writing objects during marshalling once a failure has occurred. - gh-127529: Correct behavior of asyncio.selector_events.BaseSelectorEventLoop._accept_connection() in handling ConnectionAbortedError in a loop. This improves performance on OpenBSD. - IDLE - gh-143774: Better explain the operation of Format / Format Paragraph. - Core and Builtins - gh-144307: Prevent a reference leak in module teardown at interpreter finalization. - gh-144194: Fix error handling in perf jitdump initialization on memory allocation failure. - gh-141805: Fix crash in set when objects with the same hash are concurrently added to the set after removing an element with the same hash while the set still contains elements with the same hash. - gh-143670: Fixes a crash in ga_repr_items_list function. - gh-143377: Fix a crash in _interpreters.capture_exception() when the exception is incorrectly formatted. Patch by Benedikt Tran. - gh-143189: Fix crash when inserting a non-str key into a split table dictionary when the key matches an existing key in the split table but has no corresponding value in the dict. - gh-143228: Fix use-after-free in perf trampoline when toggling profiling while threads are running or during interpreter finalization with daemon threads active. The fix uses reference counting to ensure trampolines are not freed while any code object could still reference them. Pach by Pablo Galindo - gh-142664: Fix a use-after-free crash in memoryview.__hash__ when the __hash__ method of the referenced object mutates that object or the view. Patch by Benedikt Tran. - gh-142557: Fix a use-after-free crash in bytearray.__mod__ when the bytearray is mutated while formatting the %-style arguments. Patch by Benedikt Tran. - gh-143195: Fix use-after-free crashes in bytearray.hex() and memoryview.hex() when the separator's __len__() mutates the original object. Patch by Benedikt Tran. - gh-143135: Set sys.flags.inspect to 1 when PYTHONINSPECT is 0. Previously, it was set to 0 in this case. - gh-143003: Fix an overflow of the shared empty buffer in bytearray.extend() when __length_hint__() returns 0 for non-empty iterator. - gh-143006: Fix a possible assertion error when comparing negative non-integer float and int with the same number of bits in the integer part. - gh-142776: Fix a file descriptor leak in import.c - gh-142829: Fix a use-after-free crash in contextvars.Context comparison when a custom __eq__ method modifies the context via set(). - gh-142766: Clear the frame of a generator when generator.close() is called. - gh-142737: Tracebacks will be displayed in fallback mode even if io.open() is lost. Previously, this would crash the interpreter. Patch by Bartosz Slawecki. - gh-142554: Fix a crash in divmod() when _pylong.int_divmod() does not return a tuple of length two exactly. Patch by Benedikt Tran. - gh-142560: Fix use-after-free in bytearray search-like methods (find(), count(), index(), rindex(), and rfind()) by marking the storage as exported which causes reallocation attempts to raise BufferError. For contains(), split(), and rsplit() the buffer protocol is used for this. - gh-142343: Fix SIGILL crash on m68k due to incorrect assembly constraint. - gh-141732: Ensure the __repr__() for ExceptionGroup and BaseExceptionGroup does not change when the exception sequence that was original passed in to its constructor is subsequently mutated. - gh-100964: Fix reference cycle in exhausted generator frames. Patch by Savannah Ostrowski. - gh-140373: Correctly emit PY_UNWIND event when generator object is closed. Patch by Mikhail Efimov. - gh-138568: Adjusted the built-in help() function so that empty inputs are ignored in interactive mode. - gh-127773: Do not use the type attribute cache for types with incompatible MRO. - C API - gh-142571: PyUnstable_CopyPerfMapFile() now checks that opening the file succeeded before flushing. - Build - gh-142454: When calculating the digest of the JIT stencils input, sort the hashed files by filenames before adding their content to the hasher. This ensures deterministic hash input and hence deterministic hash, independent on filesystem order. - gh-141808: When running make clean-retain-profile, keep the generated JIT stencils. That way, the stencils are not generated twice when Profile-guided optimization (PGO) is used. It also allows distributors to supply their own pre-built JIT stencils. - gh-138061: Ensure reproducible builds by making JIT stencil header generation deterministic. python313-3.13.12-160000.1.1.aarch64.rpm python313-curses-3.13.12-160000.1.1.aarch64.rpm python313-dbm-3.13.12-160000.1.1.aarch64.rpm python313-idle-3.13.12-160000.1.1.aarch64.rpm python313-tk-3.13.12-160000.1.1.aarch64.rpm libpython3_13-1_0-3.13.12-160000.1.1.aarch64.rpm python313-base-3.13.12-160000.1.1.aarch64.rpm python313-devel-3.13.12-160000.1.1.aarch64.rpm python313-testsuite-3.13.12-160000.1.1.aarch64.rpm python313-tools-3.13.12-160000.1.1.aarch64.rpm python313-doc-3.13.12-160000.1.1.aarch64.rpm python313-doc-devhelp-3.13.12-160000.1.1.aarch64.rpm python313-3.13.12-160000.1.1.ppc64le.rpm python313-curses-3.13.12-160000.1.1.ppc64le.rpm python313-dbm-3.13.12-160000.1.1.ppc64le.rpm python313-idle-3.13.12-160000.1.1.ppc64le.rpm python313-tk-3.13.12-160000.1.1.ppc64le.rpm libpython3_13-1_0-3.13.12-160000.1.1.ppc64le.rpm python313-base-3.13.12-160000.1.1.ppc64le.rpm python313-devel-3.13.12-160000.1.1.ppc64le.rpm python313-testsuite-3.13.12-160000.1.1.ppc64le.rpm python313-tools-3.13.12-160000.1.1.ppc64le.rpm python313-doc-3.13.12-160000.1.1.ppc64le.rpm python313-doc-devhelp-3.13.12-160000.1.1.ppc64le.rpm python313-nogil-3.13.12-160000.1.1.ppc64le.rpm python313-nogil-curses-3.13.12-160000.1.1.ppc64le.rpm python313-nogil-dbm-3.13.12-160000.1.1.ppc64le.rpm python313-nogil-idle-3.13.12-160000.1.1.ppc64le.rpm python313-nogil-tk-3.13.12-160000.1.1.ppc64le.rpm libpython3_13t1_0-3.13.12-160000.1.1.ppc64le.rpm python313-nogil-base-3.13.12-160000.1.1.ppc64le.rpm python313-nogil-devel-3.13.12-160000.1.1.ppc64le.rpm python313-nogil-testsuite-3.13.12-160000.1.1.ppc64le.rpm python313-nogil-tools-3.13.12-160000.1.1.ppc64le.rpm python313-3.13.12-160000.1.1.s390x.rpm python313-curses-3.13.12-160000.1.1.s390x.rpm python313-dbm-3.13.12-160000.1.1.s390x.rpm python313-idle-3.13.12-160000.1.1.s390x.rpm python313-tk-3.13.12-160000.1.1.s390x.rpm libpython3_13-1_0-3.13.12-160000.1.1.s390x.rpm python313-base-3.13.12-160000.1.1.s390x.rpm python313-devel-3.13.12-160000.1.1.s390x.rpm python313-testsuite-3.13.12-160000.1.1.s390x.rpm python313-tools-3.13.12-160000.1.1.s390x.rpm python313-doc-3.13.12-160000.1.1.s390x.rpm python313-doc-devhelp-3.13.12-160000.1.1.s390x.rpm python313-nogil-3.13.12-160000.1.1.s390x.rpm python313-nogil-curses-3.13.12-160000.1.1.s390x.rpm python313-nogil-dbm-3.13.12-160000.1.1.s390x.rpm python313-nogil-idle-3.13.12-160000.1.1.s390x.rpm python313-nogil-tk-3.13.12-160000.1.1.s390x.rpm libpython3_13t1_0-3.13.12-160000.1.1.s390x.rpm python313-nogil-base-3.13.12-160000.1.1.s390x.rpm python313-nogil-devel-3.13.12-160000.1.1.s390x.rpm python313-nogil-testsuite-3.13.12-160000.1.1.s390x.rpm python313-nogil-tools-3.13.12-160000.1.1.s390x.rpm python313-3.13.12-160000.1.1.x86_64.rpm python313-curses-3.13.12-160000.1.1.x86_64.rpm python313-dbm-3.13.12-160000.1.1.x86_64.rpm python313-idle-3.13.12-160000.1.1.x86_64.rpm python313-tk-3.13.12-160000.1.1.x86_64.rpm python313-x86-64-v3-3.13.12-160000.1.1.x86_64.rpm libpython3_13-1_0-3.13.12-160000.1.1.x86_64.rpm libpython3_13-1_0-x86-64-v3-3.13.12-160000.1.1.x86_64.rpm python313-base-3.13.12-160000.1.1.x86_64.rpm python313-base-x86-64-v3-3.13.12-160000.1.1.x86_64.rpm python313-devel-3.13.12-160000.1.1.x86_64.rpm python313-testsuite-3.13.12-160000.1.1.x86_64.rpm python313-tools-3.13.12-160000.1.1.x86_64.rpm python313-doc-3.13.12-160000.1.1.x86_64.rpm python313-doc-devhelp-3.13.12-160000.1.1.x86_64.rpm python313-nogil-3.13.12-160000.1.1.x86_64.rpm python313-nogil-curses-3.13.12-160000.1.1.x86_64.rpm python313-nogil-dbm-3.13.12-160000.1.1.x86_64.rpm python313-nogil-idle-3.13.12-160000.1.1.x86_64.rpm python313-nogil-tk-3.13.12-160000.1.1.x86_64.rpm libpython3_13t1_0-3.13.12-160000.1.1.x86_64.rpm python313-nogil-base-3.13.12-160000.1.1.x86_64.rpm python313-nogil-devel-3.13.12-160000.1.1.x86_64.rpm python313-nogil-testsuite-3.13.12-160000.1.1.x86_64.rpm python313-nogil-tools-3.13.12-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-302 Optional update for nvidia-open-driver-G07-signed moderate SUSE SLFO 1.2 This update for nvidia-open-driver-G07-signed fixes the following issues: The G07 opensource NVidia driver is being added. (jsc#PED-15510) nvidia-open-driver-G07-signed-64kb-devel-590.48.01-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-check-590.48.01-160000.1.1.noarch.rpm nvidia-open-driver-G07-signed-default-devel-590.48.01-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-kmp-64kb-590.48.01_k6.12.0_160000.9-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-kmp-default-590.48.01_k6.12.0_160000.9-160000.1.1.aarch64.rpm nv-prefer-signed-open-driver-G07-590.48.01-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-cuda-64kb-devel-590.48.01-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-cuda-check-590.48.01-160000.1.1.noarch.rpm nvidia-open-driver-G07-signed-cuda-default-devel-590.48.01-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-cuda-kmp-64kb-590.48.01_k6.12.0_160000.9-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-cuda-kmp-default-590.48.01_k6.12.0_160000.9-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-default-devel-590.48.01-160000.1.1.x86_64.rpm nvidia-open-driver-G07-signed-kmp-default-590.48.01_k6.12.0_160000.25-160000.1.1.x86_64.rpm nv-prefer-signed-open-driver-G07-590.48.01-160000.1.1.x86_64.rpm nvidia-open-driver-G07-signed-cuda-default-devel-590.48.01-160000.1.1.x86_64.rpm nvidia-open-driver-G07-signed-cuda-kmp-default-590.48.01_k6.12.0_160000.25-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-303 Recommended update for zypper, libzypp, libsolv, zypp-plugin important SUSE SLFO 1.2 This update for zypper, libzypp, libsolv, zypp-plugin fixes the following issues: Changes in zypper: - upgrade version to 1.14.94: * Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines. * Changes to support building against restructured libzypp in stack build (bsc#1230267) Changes in libzypp: - upgrade version to 17.38.2: * Prepare a legacy /etc/zypp/zypp.conf to be installed on old distros. See the ZYPP.CONF(5) man page for details. * Fix runtime check for broken rpm --runposttrans (bsc#1257068) - upgrade version to 17.38.1: * Avoid libcurl-mini4 when building as it does not support ftp protocol. * Translation: updated .pot file. - upgrade version to 17.38.0: * zypp.conf: follow the UAPI configuration file specification (PED-14658) In short terms it means we will no longer ship an /etc/zypp/zypp.conf, but store our own defaults in /usr/etc/zypp/zypp.conf. The systems administrator may choose to keep a full copy in /etc/zypp/zypp.conf ignoring our config file settings completely, or the preferred way - to overwrite specific settings via /etc/zypp/zypp.conf.d/*.conf overlay files. See the ZYPP.CONF(5) man page for details. * cmake: correctly detect rpm6 * Use 'zypp.tmp' as temp directory component to ease setting up SELinux policies (bsc#1249435) * zyppng: Update Provider to current MediaCurl2 download approach, drop Metalink Changes in libsolv: - bump version to 0.7.35: * fixed rare crash in the handling of allowuninstall in combination with forcebest updates * new pool_satisfieddep_map feature to test if a set of packages satisfies a dependency Changes in zypp-plugin: - upgrade version 0.6.6: * Fix link to libzypp plugins documentation: https://opensuse.github.io/libzypp/zypp-plugins.html zypper-1.14.94-160000.1.1.aarch64.rpm True zypper-aptitude-1.14.94-160000.1.1.noarch.rpm True zypper-log-1.14.94-160000.1.1.noarch.rpm True zypper-needs-restarting-1.14.94-160000.1.1.noarch.rpm True libzypp-17.38.2-160000.1.1.aarch64.rpm True libzypp-devel-17.38.2-160000.1.1.aarch64.rpm True libzypp-devel-doc-17.38.2-160000.1.1.aarch64.rpm True libsolv-demo-0.7.35-160000.1.1.aarch64.rpm True libsolv-devel-0.7.35-160000.1.1.aarch64.rpm True libsolv-devel-static-0.7.35-160000.1.1.aarch64.rpm True libsolv-tools-0.7.35-160000.1.1.aarch64.rpm True libsolv-tools-base-0.7.35-160000.1.1.aarch64.rpm True libsolv1-0.7.35-160000.1.1.aarch64.rpm True perl-solv-0.7.35-160000.1.1.aarch64.rpm True python313-solv-0.7.35-160000.1.1.aarch64.rpm True ruby-solv-0.7.35-160000.1.1.aarch64.rpm True python313-zypp-plugin-0.6.6-160000.1.1.noarch.rpm True zypper-1.14.94-160000.1.1.ppc64le.rpm True libzypp-17.38.2-160000.1.1.ppc64le.rpm True libzypp-devel-17.38.2-160000.1.1.ppc64le.rpm True libzypp-devel-doc-17.38.2-160000.1.1.ppc64le.rpm True libsolv-demo-0.7.35-160000.1.1.ppc64le.rpm True libsolv-devel-0.7.35-160000.1.1.ppc64le.rpm True libsolv-devel-static-0.7.35-160000.1.1.ppc64le.rpm True libsolv-tools-0.7.35-160000.1.1.ppc64le.rpm True libsolv-tools-base-0.7.35-160000.1.1.ppc64le.rpm True libsolv1-0.7.35-160000.1.1.ppc64le.rpm True perl-solv-0.7.35-160000.1.1.ppc64le.rpm True python313-solv-0.7.35-160000.1.1.ppc64le.rpm True ruby-solv-0.7.35-160000.1.1.ppc64le.rpm True zypper-1.14.94-160000.1.1.s390x.rpm True libzypp-17.38.2-160000.1.1.s390x.rpm True libzypp-devel-17.38.2-160000.1.1.s390x.rpm True libzypp-devel-doc-17.38.2-160000.1.1.s390x.rpm True libsolv-demo-0.7.35-160000.1.1.s390x.rpm True libsolv-devel-0.7.35-160000.1.1.s390x.rpm True libsolv-devel-static-0.7.35-160000.1.1.s390x.rpm True libsolv-tools-0.7.35-160000.1.1.s390x.rpm True libsolv-tools-base-0.7.35-160000.1.1.s390x.rpm True libsolv1-0.7.35-160000.1.1.s390x.rpm True perl-solv-0.7.35-160000.1.1.s390x.rpm True python313-solv-0.7.35-160000.1.1.s390x.rpm True ruby-solv-0.7.35-160000.1.1.s390x.rpm True zypper-1.14.94-160000.1.1.x86_64.rpm True libzypp-17.38.2-160000.1.1.x86_64.rpm True libzypp-devel-17.38.2-160000.1.1.x86_64.rpm True libzypp-devel-doc-17.38.2-160000.1.1.x86_64.rpm True libsolv-demo-0.7.35-160000.1.1.x86_64.rpm True libsolv-devel-0.7.35-160000.1.1.x86_64.rpm True libsolv-devel-static-0.7.35-160000.1.1.x86_64.rpm True libsolv-tools-0.7.35-160000.1.1.x86_64.rpm True libsolv-tools-base-0.7.35-160000.1.1.x86_64.rpm True libsolv1-0.7.35-160000.1.1.x86_64.rpm True perl-solv-0.7.35-160000.1.1.x86_64.rpm True python313-solv-0.7.35-160000.1.1.x86_64.rpm True ruby-solv-0.7.35-160000.1.1.x86_64.rpm True openSUSE-Leap-16.0-304 Security update for docker-stable moderate SUSE SLFO 1.2 This update for docker-stable fixes the following issues: - Enable SELinux in default daemon.json config (--selinux-enabled). This has no practical impact on non-SELinux systems (bsc#1252290). - Remove git-core recommends on SLE. Most SLE systems have installRecommends=yes by default and thus end up installing git with Docker (bsc#1250508). - Include historical changelog data from before the docker-stable fork. This includes CVE numbers for security tracking reasons (bsc#1250596). docker-stable-24.0.9_ce-160000.3.1.aarch64.rpm docker-stable-bash-completion-24.0.9_ce-160000.3.1.noarch.rpm docker-stable-buildx-0.25.0-160000.3.1.aarch64.rpm docker-stable-fish-completion-24.0.9_ce-160000.3.1.noarch.rpm docker-stable-rootless-extras-24.0.9_ce-160000.3.1.noarch.rpm docker-stable-zsh-completion-24.0.9_ce-160000.3.1.noarch.rpm docker-stable-24.0.9_ce-160000.3.1.ppc64le.rpm docker-stable-buildx-0.25.0-160000.3.1.ppc64le.rpm docker-stable-24.0.9_ce-160000.3.1.s390x.rpm docker-stable-buildx-0.25.0-160000.3.1.s390x.rpm docker-stable-24.0.9_ce-160000.3.1.x86_64.rpm docker-stable-buildx-0.25.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-305 Recommended update for lvm2 important SUSE SLFO 1.2 This update for lvm2 fixes the following issues: - L3: LVM_SUPPRESS_FD_WARNINGS is no longer effective (bsc#1257661) * libdaemon: fix suppressing stray fd warnings liblvm2cmd2_03-2.03.29-160000.3.1.aarch64.rpm lvm2-2.03.29-160000.3.1.aarch64.rpm lvm2-devel-2.03.29-160000.3.1.aarch64.rpm lvm2-testsuite-2.03.29-160000.3.1.aarch64.rpm device-mapper-2.03.29_1.02.203-160000.3.1.aarch64.rpm device-mapper-devel-2.03.29_1.02.203-160000.3.1.aarch64.rpm libdevmapper-event1_03-2.03.29_1.02.203-160000.3.1.aarch64.rpm libdevmapper1_03-2.03.29_1.02.203-160000.3.1.aarch64.rpm lvm2-lockd-2.03.29-160000.3.1.aarch64.rpm liblvm2cmd2_03-2.03.29-160000.3.1.ppc64le.rpm lvm2-2.03.29-160000.3.1.ppc64le.rpm lvm2-devel-2.03.29-160000.3.1.ppc64le.rpm lvm2-testsuite-2.03.29-160000.3.1.ppc64le.rpm device-mapper-2.03.29_1.02.203-160000.3.1.ppc64le.rpm device-mapper-devel-2.03.29_1.02.203-160000.3.1.ppc64le.rpm libdevmapper-event1_03-2.03.29_1.02.203-160000.3.1.ppc64le.rpm libdevmapper1_03-2.03.29_1.02.203-160000.3.1.ppc64le.rpm lvm2-lockd-2.03.29-160000.3.1.ppc64le.rpm liblvm2cmd2_03-2.03.29-160000.3.1.s390x.rpm lvm2-2.03.29-160000.3.1.s390x.rpm lvm2-devel-2.03.29-160000.3.1.s390x.rpm lvm2-testsuite-2.03.29-160000.3.1.s390x.rpm device-mapper-2.03.29_1.02.203-160000.3.1.s390x.rpm device-mapper-devel-2.03.29_1.02.203-160000.3.1.s390x.rpm libdevmapper-event1_03-2.03.29_1.02.203-160000.3.1.s390x.rpm libdevmapper1_03-2.03.29_1.02.203-160000.3.1.s390x.rpm lvm2-lockd-2.03.29-160000.3.1.s390x.rpm liblvm2cmd2_03-2.03.29-160000.3.1.x86_64.rpm lvm2-2.03.29-160000.3.1.x86_64.rpm lvm2-devel-2.03.29-160000.3.1.x86_64.rpm lvm2-testsuite-2.03.29-160000.3.1.x86_64.rpm device-mapper-2.03.29_1.02.203-160000.3.1.x86_64.rpm device-mapper-devel-2.03.29_1.02.203-160000.3.1.x86_64.rpm libdevmapper-event1_03-2.03.29_1.02.203-160000.3.1.x86_64.rpm libdevmapper1_03-2.03.29_1.02.203-160000.3.1.x86_64.rpm lvm2-lockd-2.03.29-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-306 Optional update for migrate-sles-to-sles4sap moderate SUSE SLFO 1.2 This update for migrate-sles-to-sles4sap fixes the following issues: This ships the migrate-sles-to-sles4sap tool to migrate SLES to SLES 4 SAP. (jsc#PED-13724) migrate-sles-to-sles4sap-15.1.2-160000.1.1.noarch.rpm openSUSE-Leap-16.0-307 Security update for postgresql14 important SUSE SLFO 1.2 This update for postgresql14 fixes the following issues: Update to version 14.21. Security issues fixed: - CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory (bsc#1258008). - CVE-2026-2004: intarray missing validation of type of input to selectivity estimator could lead to arbitrary code execution (bsc#1258009). - CVE-2026-2005: buffer overrun in contrib/pgcrypto's PGP decryption functions could lead to arbitrary code execution (bsc#1258010). - CVE-2026-2006: inadequate validation of multibyte character lengths could lead to arbitrary code execution (bsc#1258011). - CVE-2025-12817: missing check for CREATE privileges on the schema in CREATE STATISTICS (bsc#1253332). - CVE-2025-12818: integer overflow in allocation-size calculations within libpq (bsc#1253333). postgresql14-14.21-160000.1.1.aarch64.rpm postgresql14-contrib-14.21-160000.1.1.aarch64.rpm postgresql14-devel-14.21-160000.1.1.aarch64.rpm postgresql14-docs-14.21-160000.1.1.noarch.rpm postgresql14-llvmjit-14.21-160000.1.1.aarch64.rpm postgresql14-llvmjit-devel-14.21-160000.1.1.aarch64.rpm postgresql14-plperl-14.21-160000.1.1.aarch64.rpm postgresql14-plpython-14.21-160000.1.1.aarch64.rpm postgresql14-pltcl-14.21-160000.1.1.aarch64.rpm postgresql14-server-14.21-160000.1.1.aarch64.rpm postgresql14-server-devel-14.21-160000.1.1.aarch64.rpm postgresql14-test-14.21-160000.1.1.aarch64.rpm postgresql14-14.21-160000.1.1.ppc64le.rpm postgresql14-contrib-14.21-160000.1.1.ppc64le.rpm postgresql14-devel-14.21-160000.1.1.ppc64le.rpm postgresql14-llvmjit-14.21-160000.1.1.ppc64le.rpm postgresql14-llvmjit-devel-14.21-160000.1.1.ppc64le.rpm postgresql14-plperl-14.21-160000.1.1.ppc64le.rpm postgresql14-plpython-14.21-160000.1.1.ppc64le.rpm postgresql14-pltcl-14.21-160000.1.1.ppc64le.rpm postgresql14-server-14.21-160000.1.1.ppc64le.rpm postgresql14-server-devel-14.21-160000.1.1.ppc64le.rpm postgresql14-test-14.21-160000.1.1.ppc64le.rpm postgresql14-14.21-160000.1.1.s390x.rpm postgresql14-contrib-14.21-160000.1.1.s390x.rpm postgresql14-devel-14.21-160000.1.1.s390x.rpm postgresql14-llvmjit-14.21-160000.1.1.s390x.rpm postgresql14-llvmjit-devel-14.21-160000.1.1.s390x.rpm postgresql14-plperl-14.21-160000.1.1.s390x.rpm postgresql14-plpython-14.21-160000.1.1.s390x.rpm postgresql14-pltcl-14.21-160000.1.1.s390x.rpm postgresql14-server-14.21-160000.1.1.s390x.rpm postgresql14-server-devel-14.21-160000.1.1.s390x.rpm postgresql14-test-14.21-160000.1.1.s390x.rpm postgresql14-14.21-160000.1.1.x86_64.rpm postgresql14-contrib-14.21-160000.1.1.x86_64.rpm postgresql14-devel-14.21-160000.1.1.x86_64.rpm postgresql14-llvmjit-14.21-160000.1.1.x86_64.rpm postgresql14-llvmjit-devel-14.21-160000.1.1.x86_64.rpm postgresql14-plperl-14.21-160000.1.1.x86_64.rpm postgresql14-plpython-14.21-160000.1.1.x86_64.rpm postgresql14-pltcl-14.21-160000.1.1.x86_64.rpm postgresql14-server-14.21-160000.1.1.x86_64.rpm postgresql14-server-devel-14.21-160000.1.1.x86_64.rpm postgresql14-test-14.21-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-308 Security update for postgresql15 important SUSE SLFO 1.2 This update for postgresql15 fixes the following issues: Update to version 15.16. Security issues fixed: - CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory (bsc#1258008). - CVE-2026-2004: intarray missing validation of type of input to selectivity estimator could lead to arbitrary code execution (bsc#1258009). - CVE-2026-2005: buffer overrun in contrib/pgcrypto's PGP decryption functions could lead to arbitrary code execution (bsc#1258010). - CVE-2026-2006: inadequate validation of multibyte character lengths could lead to arbitrary code execution (bsc#1258011). - CVE-2025-12817: missing check for CREATE privileges on the schema in CREATE STATISTICS (bsc#1253332). - CVE-2025-12818: integer overflow in allocation-size calculations within libpq (bsc#1253333). postgresql15-15.16-160000.1.1.aarch64.rpm postgresql15-contrib-15.16-160000.1.1.aarch64.rpm postgresql15-devel-15.16-160000.1.1.aarch64.rpm postgresql15-docs-15.16-160000.1.1.noarch.rpm postgresql15-llvmjit-15.16-160000.1.1.aarch64.rpm postgresql15-llvmjit-devel-15.16-160000.1.1.aarch64.rpm postgresql15-plperl-15.16-160000.1.1.aarch64.rpm postgresql15-plpython-15.16-160000.1.1.aarch64.rpm postgresql15-pltcl-15.16-160000.1.1.aarch64.rpm postgresql15-server-15.16-160000.1.1.aarch64.rpm postgresql15-server-devel-15.16-160000.1.1.aarch64.rpm postgresql15-test-15.16-160000.1.1.aarch64.rpm postgresql15-15.16-160000.1.1.ppc64le.rpm postgresql15-contrib-15.16-160000.1.1.ppc64le.rpm postgresql15-devel-15.16-160000.1.1.ppc64le.rpm postgresql15-llvmjit-15.16-160000.1.1.ppc64le.rpm postgresql15-llvmjit-devel-15.16-160000.1.1.ppc64le.rpm postgresql15-plperl-15.16-160000.1.1.ppc64le.rpm postgresql15-plpython-15.16-160000.1.1.ppc64le.rpm postgresql15-pltcl-15.16-160000.1.1.ppc64le.rpm postgresql15-server-15.16-160000.1.1.ppc64le.rpm postgresql15-server-devel-15.16-160000.1.1.ppc64le.rpm postgresql15-test-15.16-160000.1.1.ppc64le.rpm postgresql15-15.16-160000.1.1.s390x.rpm postgresql15-contrib-15.16-160000.1.1.s390x.rpm postgresql15-devel-15.16-160000.1.1.s390x.rpm postgresql15-llvmjit-15.16-160000.1.1.s390x.rpm postgresql15-llvmjit-devel-15.16-160000.1.1.s390x.rpm postgresql15-plperl-15.16-160000.1.1.s390x.rpm postgresql15-plpython-15.16-160000.1.1.s390x.rpm postgresql15-pltcl-15.16-160000.1.1.s390x.rpm postgresql15-server-15.16-160000.1.1.s390x.rpm postgresql15-server-devel-15.16-160000.1.1.s390x.rpm postgresql15-test-15.16-160000.1.1.s390x.rpm postgresql15-15.16-160000.1.1.x86_64.rpm postgresql15-contrib-15.16-160000.1.1.x86_64.rpm postgresql15-devel-15.16-160000.1.1.x86_64.rpm postgresql15-llvmjit-15.16-160000.1.1.x86_64.rpm postgresql15-llvmjit-devel-15.16-160000.1.1.x86_64.rpm postgresql15-plperl-15.16-160000.1.1.x86_64.rpm postgresql15-plpython-15.16-160000.1.1.x86_64.rpm postgresql15-pltcl-15.16-160000.1.1.x86_64.rpm postgresql15-server-15.16-160000.1.1.x86_64.rpm postgresql15-server-devel-15.16-160000.1.1.x86_64.rpm postgresql15-test-15.16-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-309 Optional update for ansible-trento moderate SUSE SLFO 1.2 This update for ansible-trento fixes the following issues: Adds ansible-trento to the distribution. ansible-trento-1.0.0-160000.1.1.noarch.rpm openSUSE-Leap-16.0-31 Recommended update for x3270 moderate SUSE SLFO 1.2 This update for x3270 fixes the following issues: Changes in x3270: - Upgrade to version 4.4ga6 x3270-4.4-160000.1.1.aarch64.rpm x3270-4.4-160000.1.1.ppc64le.rpm x3270-4.4-160000.1.1.s390x.rpm x3270-4.4-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-310 Recommended update for openssl-3 low SUSE SLFO 1.2 This update for openssl-3 fixes the following issues: - removed test patches because they are not needed. libopenssl-3-devel-3.5.0-160000.6.1.aarch64.rpm libopenssl-3-fips-provider-3.5.0-160000.6.1.aarch64.rpm libopenssl3-3.5.0-160000.6.1.aarch64.rpm openssl-3-3.5.0-160000.6.1.aarch64.rpm openssl-3-doc-3.5.0-160000.6.1.noarch.rpm libopenssl-3-devel-3.5.0-160000.6.1.ppc64le.rpm libopenssl-3-fips-provider-3.5.0-160000.6.1.ppc64le.rpm libopenssl3-3.5.0-160000.6.1.ppc64le.rpm openssl-3-3.5.0-160000.6.1.ppc64le.rpm libopenssl-3-devel-3.5.0-160000.6.1.s390x.rpm libopenssl-3-fips-provider-3.5.0-160000.6.1.s390x.rpm libopenssl3-3.5.0-160000.6.1.s390x.rpm openssl-3-3.5.0-160000.6.1.s390x.rpm libopenssl-3-devel-3.5.0-160000.6.1.x86_64.rpm libopenssl-3-fips-provider-3.5.0-160000.6.1.x86_64.rpm libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.6.1.x86_64.rpm libopenssl3-3.5.0-160000.6.1.x86_64.rpm libopenssl3-x86-64-v3-3.5.0-160000.6.1.x86_64.rpm openssl-3-3.5.0-160000.6.1.x86_64.rpm openSUSE-Leap-16.0-311 Recommended update for crmsh important SUSE SLFO 1.2 This update for crmsh fixes the following issues: - Update to version 5.0.0+20260126.316aa9fa: * Dev: options: Change 'force' option to be session-only (bsc#1254892) * Fix: sbd: Allow setting -1 to stonith-watchdog-timeout (bsc#1257143) * Fix: qdevice: Make sure stonith-watchdog-timeout is 2 times of SBD_WATCHDOG_TIMEOUT (bsc#1254571) * Fix: migration: Avoid exception inside thread * Dev: sbd: Remove sbd configuration directories while removing cluster node crmsh-5.0.0+20260126.316aa9fa-160000.1.1.noarch.rpm crmsh-scripts-5.0.0+20260126.316aa9fa-160000.1.1.noarch.rpm crmsh-test-5.0.0+20260126.316aa9fa-160000.1.1.noarch.rpm openSUSE-Leap-16.0-312 Security update for autogen low SUSE SLFO 1.2 This update for autogen fixes the following issues: - CVE-2025-8746: Fixed improper input validation and memory bounds checking when processing certain malformed configuration files (bsc#1247921) autogen-5.18.16-160000.3.1.aarch64.rpm autoopts-5.18.16-160000.3.1.aarch64.rpm libopts25-5.18.16-160000.3.1.aarch64.rpm autogen-5.18.16-160000.3.1.ppc64le.rpm autoopts-5.18.16-160000.3.1.ppc64le.rpm libopts25-5.18.16-160000.3.1.ppc64le.rpm autogen-5.18.16-160000.3.1.s390x.rpm autoopts-5.18.16-160000.3.1.s390x.rpm libopts25-5.18.16-160000.3.1.s390x.rpm autogen-5.18.16-160000.3.1.x86_64.rpm autoopts-5.18.16-160000.3.1.x86_64.rpm libopts25-5.18.16-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-313 Security update for python-urllib3_1 moderate SUSE SLFO 1.2 This update for python-urllib3_1 fixes the following issues: - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867). - CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain (bsc#1254866). - CVE-2026-21441: excessive resource consumption during decompression of data in HTTP redirect responses (bsc#1256331). python313-urllib3_1-1.26.20-160000.3.1.noarch.rpm openSUSE-Leap-16.0-314 Recommended update for gcc15 moderate SUSE SLFO 1.2 This update for gcc15 fixes the following issues: Update to GCC 15.2 release * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Fixes PR120714, RISC-V: incorrect frame pointer CFA address for stack-clash protection loops cpp15-15.2.0+git10201-160000.1.1.aarch64.rpm gcc15-15.2.0+git10201-160000.1.1.aarch64.rpm gcc15-PIE-15.2.0+git10201-160000.1.1.aarch64.rpm gcc15-ada-15.2.0+git10201-160000.1.1.aarch64.rpm gcc15-c++-15.2.0+git10201-160000.1.1.aarch64.rpm gcc15-d-15.2.0+git10201-160000.1.1.aarch64.rpm gcc15-fortran-15.2.0+git10201-160000.1.1.aarch64.rpm gcc15-go-15.2.0+git10201-160000.1.1.aarch64.rpm gcc15-info-15.2.0+git10201-160000.1.1.noarch.rpm gcc15-locale-15.2.0+git10201-160000.1.1.aarch64.rpm gcc15-m2-15.2.0+git10201-160000.1.1.aarch64.rpm gcc15-obj-c++-15.2.0+git10201-160000.1.1.aarch64.rpm gcc15-objc-15.2.0+git10201-160000.1.1.aarch64.rpm libada15-15.2.0+git10201-160000.1.1.aarch64.rpm libasan8-15.2.0+git10201-160000.1.1.aarch64.rpm libatomic1-15.2.0+git10201-160000.1.1.aarch64.rpm libgcc_s1-15.2.0+git10201-160000.1.1.aarch64.rpm libgccjit0-15.2.0+git10201-160000.1.1.aarch64.rpm libgccjit0-devel-gcc15-15.2.0+git10201-160000.1.1.aarch64.rpm libgdruntime6-15.2.0+git10201-160000.1.1.aarch64.rpm libgfortran5-15.2.0+git10201-160000.1.1.aarch64.rpm libgo24-15.2.0+git10201-160000.1.1.aarch64.rpm libgomp1-15.2.0+git10201-160000.1.1.aarch64.rpm libgphobos6-15.2.0+git10201-160000.1.1.aarch64.rpm libhwasan0-15.2.0+git10201-160000.1.1.aarch64.rpm libitm1-15.2.0+git10201-160000.1.1.aarch64.rpm liblsan0-15.2.0+git10201-160000.1.1.aarch64.rpm libm2cor20-15.2.0+git10201-160000.1.1.aarch64.rpm libm2iso20-15.2.0+git10201-160000.1.1.aarch64.rpm libm2log20-15.2.0+git10201-160000.1.1.aarch64.rpm libm2min20-15.2.0+git10201-160000.1.1.aarch64.rpm libm2pim20-15.2.0+git10201-160000.1.1.aarch64.rpm libobjc4-15.2.0+git10201-160000.1.1.aarch64.rpm libstdc++6-15.2.0+git10201-160000.1.1.aarch64.rpm libstdc++6-devel-gcc15-15.2.0+git10201-160000.1.1.aarch64.rpm libstdc++6-locale-15.2.0+git10201-160000.1.1.aarch64.rpm libstdc++6-pp-15.2.0+git10201-160000.1.1.aarch64.rpm libtsan2-15.2.0+git10201-160000.1.1.aarch64.rpm libubsan1-15.2.0+git10201-160000.1.1.aarch64.rpm gcc15-testresults-15.2.0+git10201-160000.1.1.aarch64.rpm cross-riscv64-gcc15-bootstrap-15.2.0+git10201-160000.1.1.aarch64.rpm cross-riscv64-gcc15-15.2.0+git10201-160000.1.1.aarch64.rpm cross-s390x-gcc15-bootstrap-15.2.0+git10201-160000.1.1.aarch64.rpm cross-s390x-gcc15-15.2.0+git10201-160000.1.1.aarch64.rpm cross-ppc64le-gcc15-bootstrap-15.2.0+git10201-160000.1.1.aarch64.rpm cross-ppc64le-gcc15-15.2.0+git10201-160000.1.1.aarch64.rpm cross-hppa-gcc15-bootstrap-15.2.0+git10201-160000.1.1.aarch64.rpm cross-arm-gcc15-15.2.0+git10201-160000.1.1.aarch64.rpm cross-avr-gcc15-bootstrap-15.2.0+git10201-160000.1.1.aarch64.rpm cross-pru-gcc15-bootstrap-15.2.0+git10201-160000.1.1.aarch64.rpm cross-x86_64-gcc15-15.2.0+git10201-160000.1.1.aarch64.rpm cross-ppc64-gcc15-15.2.0+git10201-160000.1.1.aarch64.rpm cross-arm-none-gcc15-bootstrap-15.2.0+git10201-160000.1.1.aarch64.rpm cross-riscv64-elf-gcc15-bootstrap-15.2.0+git10201-160000.1.1.aarch64.rpm cross-rx-gcc15-bootstrap-15.2.0+git10201-160000.1.1.aarch64.rpm cross-bpf-gcc15-15.2.0+git10201-160000.1.1.aarch64.rpm cpp15-15.2.0+git10201-160000.1.1.ppc64le.rpm gcc15-15.2.0+git10201-160000.1.1.ppc64le.rpm gcc15-PIE-15.2.0+git10201-160000.1.1.ppc64le.rpm gcc15-ada-15.2.0+git10201-160000.1.1.ppc64le.rpm gcc15-c++-15.2.0+git10201-160000.1.1.ppc64le.rpm gcc15-fortran-15.2.0+git10201-160000.1.1.ppc64le.rpm gcc15-go-15.2.0+git10201-160000.1.1.ppc64le.rpm gcc15-locale-15.2.0+git10201-160000.1.1.ppc64le.rpm gcc15-m2-15.2.0+git10201-160000.1.1.ppc64le.rpm gcc15-obj-c++-15.2.0+git10201-160000.1.1.ppc64le.rpm gcc15-objc-15.2.0+git10201-160000.1.1.ppc64le.rpm libada15-15.2.0+git10201-160000.1.1.ppc64le.rpm libasan8-15.2.0+git10201-160000.1.1.ppc64le.rpm libatomic1-15.2.0+git10201-160000.1.1.ppc64le.rpm libgcc_s1-15.2.0+git10201-160000.1.1.ppc64le.rpm libgccjit0-15.2.0+git10201-160000.1.1.ppc64le.rpm libgccjit0-devel-gcc15-15.2.0+git10201-160000.1.1.ppc64le.rpm libgfortran5-15.2.0+git10201-160000.1.1.ppc64le.rpm libgo24-15.2.0+git10201-160000.1.1.ppc64le.rpm libgomp1-15.2.0+git10201-160000.1.1.ppc64le.rpm libitm1-15.2.0+git10201-160000.1.1.ppc64le.rpm liblsan0-15.2.0+git10201-160000.1.1.ppc64le.rpm libm2cor20-15.2.0+git10201-160000.1.1.ppc64le.rpm libm2iso20-15.2.0+git10201-160000.1.1.ppc64le.rpm libm2log20-15.2.0+git10201-160000.1.1.ppc64le.rpm libm2min20-15.2.0+git10201-160000.1.1.ppc64le.rpm libm2pim20-15.2.0+git10201-160000.1.1.ppc64le.rpm libobjc4-15.2.0+git10201-160000.1.1.ppc64le.rpm libquadmath0-15.2.0+git10201-160000.1.1.ppc64le.rpm libquadmath0-devel-gcc15-15.2.0+git10201-160000.1.1.ppc64le.rpm libstdc++6-15.2.0+git10201-160000.1.1.ppc64le.rpm libstdc++6-devel-gcc15-15.2.0+git10201-160000.1.1.ppc64le.rpm libstdc++6-locale-15.2.0+git10201-160000.1.1.ppc64le.rpm libstdc++6-pp-15.2.0+git10201-160000.1.1.ppc64le.rpm libtsan2-15.2.0+git10201-160000.1.1.ppc64le.rpm libubsan1-15.2.0+git10201-160000.1.1.ppc64le.rpm gcc15-testresults-15.2.0+git10201-160000.1.1.ppc64le.rpm cross-aarch64-gcc15-bootstrap-15.2.0+git10201-160000.1.1.ppc64le.rpm cross-aarch64-gcc15-15.2.0+git10201-160000.1.1.ppc64le.rpm cross-riscv64-gcc15-bootstrap-15.2.0+git10201-160000.1.1.ppc64le.rpm cross-riscv64-gcc15-15.2.0+git10201-160000.1.1.ppc64le.rpm cross-s390x-gcc15-bootstrap-15.2.0+git10201-160000.1.1.ppc64le.rpm cross-s390x-gcc15-15.2.0+git10201-160000.1.1.ppc64le.rpm cross-hppa-gcc15-bootstrap-15.2.0+git10201-160000.1.1.ppc64le.rpm cross-arm-gcc15-15.2.0+git10201-160000.1.1.ppc64le.rpm cross-avr-gcc15-bootstrap-15.2.0+git10201-160000.1.1.ppc64le.rpm cross-pru-gcc15-bootstrap-15.2.0+git10201-160000.1.1.ppc64le.rpm cross-x86_64-gcc15-15.2.0+git10201-160000.1.1.ppc64le.rpm cross-arm-none-gcc15-bootstrap-15.2.0+git10201-160000.1.1.ppc64le.rpm cross-riscv64-elf-gcc15-bootstrap-15.2.0+git10201-160000.1.1.ppc64le.rpm cross-rx-gcc15-bootstrap-15.2.0+git10201-160000.1.1.ppc64le.rpm cross-bpf-gcc15-15.2.0+git10201-160000.1.1.ppc64le.rpm cpp15-15.2.0+git10201-160000.1.1.s390x.rpm gcc15-15.2.0+git10201-160000.1.1.s390x.rpm gcc15-PIE-15.2.0+git10201-160000.1.1.s390x.rpm gcc15-ada-15.2.0+git10201-160000.1.1.s390x.rpm gcc15-c++-15.2.0+git10201-160000.1.1.s390x.rpm gcc15-d-15.2.0+git10201-160000.1.1.s390x.rpm gcc15-fortran-15.2.0+git10201-160000.1.1.s390x.rpm gcc15-go-15.2.0+git10201-160000.1.1.s390x.rpm gcc15-locale-15.2.0+git10201-160000.1.1.s390x.rpm gcc15-m2-15.2.0+git10201-160000.1.1.s390x.rpm gcc15-obj-c++-15.2.0+git10201-160000.1.1.s390x.rpm gcc15-objc-15.2.0+git10201-160000.1.1.s390x.rpm libada15-15.2.0+git10201-160000.1.1.s390x.rpm libasan8-15.2.0+git10201-160000.1.1.s390x.rpm libatomic1-15.2.0+git10201-160000.1.1.s390x.rpm libgcc_s1-15.2.0+git10201-160000.1.1.s390x.rpm libgccjit0-15.2.0+git10201-160000.1.1.s390x.rpm libgccjit0-devel-gcc15-15.2.0+git10201-160000.1.1.s390x.rpm libgdruntime6-15.2.0+git10201-160000.1.1.s390x.rpm libgfortran5-15.2.0+git10201-160000.1.1.s390x.rpm libgo24-15.2.0+git10201-160000.1.1.s390x.rpm libgomp1-15.2.0+git10201-160000.1.1.s390x.rpm libgphobos6-15.2.0+git10201-160000.1.1.s390x.rpm libitm1-15.2.0+git10201-160000.1.1.s390x.rpm liblsan0-15.2.0+git10201-160000.1.1.s390x.rpm libm2cor20-15.2.0+git10201-160000.1.1.s390x.rpm libm2iso20-15.2.0+git10201-160000.1.1.s390x.rpm libm2log20-15.2.0+git10201-160000.1.1.s390x.rpm libm2min20-15.2.0+git10201-160000.1.1.s390x.rpm libm2pim20-15.2.0+git10201-160000.1.1.s390x.rpm libobjc4-15.2.0+git10201-160000.1.1.s390x.rpm libstdc++6-15.2.0+git10201-160000.1.1.s390x.rpm libstdc++6-devel-gcc15-15.2.0+git10201-160000.1.1.s390x.rpm libstdc++6-locale-15.2.0+git10201-160000.1.1.s390x.rpm libstdc++6-pp-15.2.0+git10201-160000.1.1.s390x.rpm libtsan2-15.2.0+git10201-160000.1.1.s390x.rpm libubsan1-15.2.0+git10201-160000.1.1.s390x.rpm gcc15-testresults-15.2.0+git10201-160000.1.1.s390x.rpm cross-aarch64-gcc15-bootstrap-15.2.0+git10201-160000.1.1.s390x.rpm cross-aarch64-gcc15-15.2.0+git10201-160000.1.1.s390x.rpm cross-riscv64-gcc15-bootstrap-15.2.0+git10201-160000.1.1.s390x.rpm cross-riscv64-gcc15-15.2.0+git10201-160000.1.1.s390x.rpm cross-ppc64le-gcc15-bootstrap-15.2.0+git10201-160000.1.1.s390x.rpm cross-ppc64le-gcc15-15.2.0+git10201-160000.1.1.s390x.rpm cross-hppa-gcc15-bootstrap-15.2.0+git10201-160000.1.1.s390x.rpm cross-arm-gcc15-15.2.0+git10201-160000.1.1.s390x.rpm cross-avr-gcc15-bootstrap-15.2.0+git10201-160000.1.1.s390x.rpm cross-pru-gcc15-bootstrap-15.2.0+git10201-160000.1.1.s390x.rpm cross-x86_64-gcc15-15.2.0+git10201-160000.1.1.s390x.rpm cross-ppc64-gcc15-15.2.0+git10201-160000.1.1.s390x.rpm cross-arm-none-gcc15-bootstrap-15.2.0+git10201-160000.1.1.s390x.rpm cross-riscv64-elf-gcc15-bootstrap-15.2.0+git10201-160000.1.1.s390x.rpm cross-rx-gcc15-bootstrap-15.2.0+git10201-160000.1.1.s390x.rpm cross-bpf-gcc15-15.2.0+git10201-160000.1.1.s390x.rpm cpp15-15.2.0+git10201-160000.1.1.x86_64.rpm gcc15-15.2.0+git10201-160000.1.1.x86_64.rpm gcc15-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm gcc15-PIE-15.2.0+git10201-160000.1.1.x86_64.rpm gcc15-ada-15.2.0+git10201-160000.1.1.x86_64.rpm gcc15-ada-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm gcc15-c++-15.2.0+git10201-160000.1.1.x86_64.rpm gcc15-c++-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm gcc15-d-15.2.0+git10201-160000.1.1.x86_64.rpm gcc15-d-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm gcc15-fortran-15.2.0+git10201-160000.1.1.x86_64.rpm gcc15-fortran-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm gcc15-go-15.2.0+git10201-160000.1.1.x86_64.rpm gcc15-go-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm gcc15-locale-15.2.0+git10201-160000.1.1.x86_64.rpm gcc15-m2-15.2.0+git10201-160000.1.1.x86_64.rpm gcc15-m2-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm gcc15-obj-c++-15.2.0+git10201-160000.1.1.x86_64.rpm gcc15-obj-c++-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm gcc15-objc-15.2.0+git10201-160000.1.1.x86_64.rpm gcc15-objc-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm libada15-15.2.0+git10201-160000.1.1.x86_64.rpm libada15-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm libasan8-15.2.0+git10201-160000.1.1.x86_64.rpm libasan8-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm libatomic1-15.2.0+git10201-160000.1.1.x86_64.rpm libatomic1-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm libgcc_s1-15.2.0+git10201-160000.1.1.x86_64.rpm libgcc_s1-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm libgccjit0-15.2.0+git10201-160000.1.1.x86_64.rpm libgccjit0-devel-gcc15-15.2.0+git10201-160000.1.1.x86_64.rpm libgdruntime6-15.2.0+git10201-160000.1.1.x86_64.rpm libgdruntime6-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm libgfortran5-15.2.0+git10201-160000.1.1.x86_64.rpm libgfortran5-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm libgo24-15.2.0+git10201-160000.1.1.x86_64.rpm libgo24-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm libgomp1-15.2.0+git10201-160000.1.1.x86_64.rpm libgomp1-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm libgphobos6-15.2.0+git10201-160000.1.1.x86_64.rpm libgphobos6-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm libhwasan0-15.2.0+git10201-160000.1.1.x86_64.rpm libitm1-15.2.0+git10201-160000.1.1.x86_64.rpm libitm1-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm liblsan0-15.2.0+git10201-160000.1.1.x86_64.rpm libm2cor20-15.2.0+git10201-160000.1.1.x86_64.rpm libm2cor20-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm libm2iso20-15.2.0+git10201-160000.1.1.x86_64.rpm libm2iso20-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm libm2log20-15.2.0+git10201-160000.1.1.x86_64.rpm libm2log20-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm libm2min20-15.2.0+git10201-160000.1.1.x86_64.rpm libm2min20-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm libm2pim20-15.2.0+git10201-160000.1.1.x86_64.rpm libm2pim20-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm libobjc4-15.2.0+git10201-160000.1.1.x86_64.rpm libobjc4-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm libquadmath0-15.2.0+git10201-160000.1.1.x86_64.rpm libquadmath0-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm libquadmath0-devel-gcc15-15.2.0+git10201-160000.1.1.x86_64.rpm libquadmath0-devel-gcc15-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm libstdc++6-15.2.0+git10201-160000.1.1.x86_64.rpm libstdc++6-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm libstdc++6-devel-gcc15-15.2.0+git10201-160000.1.1.x86_64.rpm libstdc++6-devel-gcc15-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm libstdc++6-locale-15.2.0+git10201-160000.1.1.x86_64.rpm libstdc++6-pp-15.2.0+git10201-160000.1.1.x86_64.rpm libstdc++6-pp-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm libtsan2-15.2.0+git10201-160000.1.1.x86_64.rpm libubsan1-15.2.0+git10201-160000.1.1.x86_64.rpm libubsan1-32bit-15.2.0+git10201-160000.1.1.x86_64.rpm gcc15-testresults-15.2.0+git10201-160000.1.1.x86_64.rpm cross-aarch64-gcc15-bootstrap-15.2.0+git10201-160000.1.1.x86_64.rpm cross-aarch64-gcc15-15.2.0+git10201-160000.1.1.x86_64.rpm cross-riscv64-gcc15-bootstrap-15.2.0+git10201-160000.1.1.x86_64.rpm cross-riscv64-gcc15-15.2.0+git10201-160000.1.1.x86_64.rpm cross-s390x-gcc15-bootstrap-15.2.0+git10201-160000.1.1.x86_64.rpm cross-s390x-gcc15-15.2.0+git10201-160000.1.1.x86_64.rpm cross-ppc64le-gcc15-bootstrap-15.2.0+git10201-160000.1.1.x86_64.rpm cross-ppc64le-gcc15-15.2.0+git10201-160000.1.1.x86_64.rpm cross-hppa-gcc15-bootstrap-15.2.0+git10201-160000.1.1.x86_64.rpm cross-arm-gcc15-15.2.0+git10201-160000.1.1.x86_64.rpm cross-avr-gcc15-bootstrap-15.2.0+git10201-160000.1.1.x86_64.rpm cross-pru-gcc15-bootstrap-15.2.0+git10201-160000.1.1.x86_64.rpm cross-ppc64-gcc15-15.2.0+git10201-160000.1.1.x86_64.rpm cross-arm-none-gcc15-bootstrap-15.2.0+git10201-160000.1.1.x86_64.rpm cross-riscv64-elf-gcc15-bootstrap-15.2.0+git10201-160000.1.1.x86_64.rpm cross-rx-gcc15-bootstrap-15.2.0+git10201-160000.1.1.x86_64.rpm cross-nvptx-gcc15-15.2.0+git10201-160000.1.1.x86_64.rpm cross-nvptx-newlib15-devel-15.2.0+git10201-160000.1.1.x86_64.rpm cross-amdgcn-gcc15-15.2.0+git10201-160000.1.1.x86_64.rpm cross-amdgcn-newlib15-devel-15.2.0+git10201-160000.1.1.x86_64.rpm cross-bpf-gcc15-15.2.0+git10201-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-315 Security update for 7zip moderate SUSE SLFO 1.2 This update for 7zip fixes the following issues: - Update to 25.01 (boo#1249130) * The code for handling symbolic links has been changed to provide greater security when extracting files from archives * Command line switch -snld20 can be used to bypass default security checks when creating symbolic links. - Update to 25.00: * bzip2 compression speed was increased by 15-40%. * deflate (zip/gz) compression speed was increased by 1-3%. * improved support for zip, cpio and fat archives. * CVE-2025-53816: Fixed input manipulation leading to heap buffer overflow (bsc#1246706) * CVE-2025-53817: Fixed null pointer dereference leading to denial of service (bsc#1246707) 7zip-25.01-160000.1.1.aarch64.rpm 7zip-25.01-160000.1.1.ppc64le.rpm 7zip-25.01-160000.1.1.s390x.rpm 7zip-25.01-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-316 Recommended update for SAPHanaSR-angi moderate SUSE SLFO 1.2 This update for SAPHanaSR-angi fixes the following issues: - Version bump to 1.3.0: * Technology preview - Support for XSA standalone node in Mx-setup (one master, one XSA worker) * improve logging to SAP HANA trace file (bsc#1257746) * improve HANA 'stop' logging (bsc#1257747) * improve srHook attribute logging (bsc#1257744) * stop lost slave workers, if master nameserver node crashed before promoting the secondary * fix stop status for lost slave worker (bsc#1257747) * SAPHanaSR-alert-fencing could now restart a node without using cluster infrastructure * new man page: + SAPHanaSR-ScaleOut-XSA.7 * update man pages: + ocf_suse_SAPHanaFilesystem.7 + SAPHanaController-scale-out.7 + SAPHanaController-scale-up.7 + SAPHanaSR-alert-fencing.8 + SAPHanaSR-angi-scenarios.7 + SAPHanaSR-angi.7 + SAPHanaSR-hookHelper.8 + SAPHanaSR-ScaleOut.7 + SAPHanaSR-ScaleOut_basic_cluster.7 + SAPHanaSR-showAttr.8 + SAPHanaSR_basic_cluster.7 + SAPHanaSR_maintenance_examples.7 + SAPHanaSR_upgrade_to_angi.7 + susHanaSR.py.7 * update man pages - copyright date only: + ocf_suse_SAPHanaController.7 + ocf_suse_SAPHanaTopology.7 + SAPHanaSR-manageProvider.8 + SAPHanaSR-replay-archive.8 + SAPHanaSR-show-hadr-runtimes.8 + SAPHanaSR-showAttr_properties.5 + SAPHanaSR-upgrade-to-angi-demo.8 + SAPHanaSR.7 + susChkSrv.py.7 + susCostOpt.py.7 + susHanaSrMultiTarget.py.7 + susTkOver.py.7 - change required crmsh version from 4.4.0 to 4.4.2+20250526.46896f4 SAPHanaSR-angi-1.3.0-160000.1.1.noarch.rpm openSUSE-Leap-16.0-317 Security update for containerized-data-importer important SUSE SLFO 1.2 This update for containerized-data-importer fixes the following issues: Update to version 1.64.0. Security issues fixed: - CVE-2024-28180: improper handling of highly compressed data (bsc#1235204). - CVE-2024-45338: denial of service due to non-linear parsing of case-insensitive content (bsc#1235365). - CVE-2025-22868: unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239205). containerized-data-importer-api-1.64.0-160000.1.1.x86_64.rpm containerized-data-importer-cloner-1.64.0-160000.1.1.x86_64.rpm containerized-data-importer-controller-1.64.0-160000.1.1.x86_64.rpm containerized-data-importer-importer-1.64.0-160000.1.1.x86_64.rpm containerized-data-importer-manifests-1.64.0-160000.1.1.x86_64.rpm containerized-data-importer-operator-1.64.0-160000.1.1.x86_64.rpm containerized-data-importer-uploadproxy-1.64.0-160000.1.1.x86_64.rpm containerized-data-importer-uploadserver-1.64.0-160000.1.1.x86_64.rpm obs-service-cdi_containers_meta-1.64.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-318 Recommended update for syslogd moderate SUSE SLFO 1.2 This update for syslogd fixes the following issues: Changes in syslogd: - Avoid restarting klog.service and klogd.service in postun as both services should be started once (boo#1243035#c14) - Install tmpfile correctly as syslogd.conf (instead of sendmail.conf), - Fix tmpfile handling for transactional updates (jsc#PED-14864) - Drop last sysvinit Requirement/Provide (PED-13698) - Add -std=gnu89 to compile flags to fix gcc-15 errors klogd-1.5.1-160000.3.1.aarch64.rpm syslog-service-2.0-160000.3.1.noarch.rpm syslogd-1.5.1-160000.3.1.aarch64.rpm klogd-1.5.1-160000.3.1.ppc64le.rpm syslogd-1.5.1-160000.3.1.ppc64le.rpm klogd-1.5.1-160000.3.1.s390x.rpm syslogd-1.5.1-160000.3.1.s390x.rpm klogd-1.5.1-160000.3.1.x86_64.rpm syslogd-1.5.1-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-319 Security update for kubevirt important SUSE SLFO 1.2 This update for kubevirt fixes the following issues: Update to version 1.7.0 (bsc#1257128). Security issues fixed: - CVE-2025-64435: logic flaw in the virt-controller can lead to incorrect status updates and potentially causing a DoS (bsc#1253189). - CVE-2024-45310: kubevirt vendored github.com/opencontainers/runc/libcontainer/utils: runc can be tricked into creating empty files/directories on host (bsc#1257422). - CVE-2025-22872: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction (bsc#1241772). - CVE-2025-64432: fail to correctly validate certain fields in the client TLS certificate may allow an attacker to bypass existing RBAC controls (bsc#1253181). - CVE-2025-64433: improper symlink handling can allow to read arbitrary files (bsc#1253185). - CVE-2025-64434: compromising virt-handler instance can lead to impersonate virt-api and execute privileged operations (bsc#1253186). - CVE-2025-64437: mishandling of symlinks can lead to compromising the CIA (bsc#1253194). - CVE-2025-64324: a logic bug that allows an attacker to read and write arbitrary files owned by more privileged users (bsc#1253748). Other updates and bugfixes: - Upstream now uses stateless firmware for CoCo VMs. kubevirt-container-disk-1.7.0-160000.1.1.aarch64.rpm kubevirt-manifests-1.7.0-160000.1.1.aarch64.rpm kubevirt-pr-helper-conf-1.7.0-160000.1.1.aarch64.rpm kubevirt-sidecar-shim-1.7.0-160000.1.1.aarch64.rpm kubevirt-tests-1.7.0-160000.1.1.aarch64.rpm kubevirt-virt-api-1.7.0-160000.1.1.aarch64.rpm kubevirt-virt-controller-1.7.0-160000.1.1.aarch64.rpm kubevirt-virt-exportproxy-1.7.0-160000.1.1.aarch64.rpm kubevirt-virt-exportserver-1.7.0-160000.1.1.aarch64.rpm kubevirt-virt-handler-1.7.0-160000.1.1.aarch64.rpm kubevirt-virt-launcher-1.7.0-160000.1.1.aarch64.rpm kubevirt-virt-operator-1.7.0-160000.1.1.aarch64.rpm kubevirt-virt-synchronization-controller-1.7.0-160000.1.1.aarch64.rpm kubevirt-virtctl-1.7.0-160000.1.1.aarch64.rpm obs-service-kubevirt_containers_meta-1.7.0-160000.1.1.aarch64.rpm kubevirt-container-disk-1.7.0-160000.1.1.x86_64.rpm kubevirt-manifests-1.7.0-160000.1.1.x86_64.rpm kubevirt-pr-helper-conf-1.7.0-160000.1.1.x86_64.rpm kubevirt-sidecar-shim-1.7.0-160000.1.1.x86_64.rpm kubevirt-tests-1.7.0-160000.1.1.x86_64.rpm kubevirt-virt-api-1.7.0-160000.1.1.x86_64.rpm kubevirt-virt-controller-1.7.0-160000.1.1.x86_64.rpm kubevirt-virt-exportproxy-1.7.0-160000.1.1.x86_64.rpm kubevirt-virt-exportserver-1.7.0-160000.1.1.x86_64.rpm kubevirt-virt-handler-1.7.0-160000.1.1.x86_64.rpm kubevirt-virt-launcher-1.7.0-160000.1.1.x86_64.rpm kubevirt-virt-operator-1.7.0-160000.1.1.x86_64.rpm kubevirt-virt-synchronization-controller-1.7.0-160000.1.1.x86_64.rpm kubevirt-virtctl-1.7.0-160000.1.1.x86_64.rpm obs-service-kubevirt_containers_meta-1.7.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-32 Recommended update for autofs important SUSE SLFO 1.2 This update for autofs fixes the following issues: Changes in autofs: - Modified NetworkManager-autofs: (bsc#1250091) * don't reload autofs.service on loopback interface changes * add --no-block option to request asynchronous behavior autofs-5.1.9-160000.4.1.aarch64.rpm autofs-5.1.9-160000.4.1.ppc64le.rpm autofs-5.1.9-160000.4.1.s390x.rpm autofs-5.1.9-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-320 Recommended update for open-vm-tools moderate SUSE SLFO 1.2 This update for open-vm-tools fixes the following issues: - update to 13.0.10 based on build 25056151: (boo#1257357): * There are no new features in the open-vm-tools 13.0.10 release. * This is primarily a maintenance release that addresses a fix. * A minor enhancement has been made for Guest OS Customization. * The DeployPkg plugin has been updated to handle a new cloud-init error code that signals a recoverable error and allow cloud-init to finish running. libvmtools-devel-13.0.10-160000.1.1.aarch64.rpm libvmtools0-13.0.10-160000.1.1.aarch64.rpm open-vm-tools-13.0.10-160000.1.1.aarch64.rpm open-vm-tools-containerinfo-13.0.10-160000.1.1.aarch64.rpm open-vm-tools-desktop-13.0.10-160000.1.1.aarch64.rpm open-vm-tools-sdmp-13.0.10-160000.1.1.aarch64.rpm libvmtools-devel-13.0.10-160000.1.1.x86_64.rpm libvmtools0-13.0.10-160000.1.1.x86_64.rpm open-vm-tools-13.0.10-160000.1.1.x86_64.rpm open-vm-tools-containerinfo-13.0.10-160000.1.1.x86_64.rpm open-vm-tools-desktop-13.0.10-160000.1.1.x86_64.rpm open-vm-tools-salt-minion-13.0.10-160000.1.1.x86_64.rpm open-vm-tools-sdmp-13.0.10-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-321 Security update for libsoup2 important SUSE SLFO 1.2 This update for libsoup2 fixes the following issues: - CVE-2026-1761: incorrect length calculation when parsing of multipart HTTP responses can lead to a stack-based buffer overflow (bsc#1257598). libsoup-2_4-1-2.74.3-160000.3.1.aarch64.rpm libsoup2-devel-2.74.3-160000.3.1.aarch64.rpm libsoup2-lang-2.74.3-160000.3.1.noarch.rpm typelib-1_0-Soup-2_4-2.74.3-160000.3.1.aarch64.rpm libsoup-2_4-1-2.74.3-160000.3.1.ppc64le.rpm libsoup2-devel-2.74.3-160000.3.1.ppc64le.rpm typelib-1_0-Soup-2_4-2.74.3-160000.3.1.ppc64le.rpm libsoup-2_4-1-2.74.3-160000.3.1.s390x.rpm libsoup2-devel-2.74.3-160000.3.1.s390x.rpm typelib-1_0-Soup-2_4-2.74.3-160000.3.1.s390x.rpm libsoup-2_4-1-2.74.3-160000.3.1.x86_64.rpm libsoup2-devel-2.74.3-160000.3.1.x86_64.rpm typelib-1_0-Soup-2_4-2.74.3-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-322 Recommended update for fde-tools important SUSE SLFO 1.2 This update for fde-tools fixes the following issues: - Add support for persistent SRK (bsc#1248516) - Add fde-tools.conf to create /var/log/fde with tmpfiles.d (jsc#PED-14754) - Build with distro flags fde-firstboot-0.7.3-160000.3.1.noarch.rpm fde-tools-0.7.3-160000.3.1.aarch64.rpm fde-tools-bash-completion-0.7.3-160000.3.1.noarch.rpm fde-tpm-helper-0.7.3-160000.3.1.noarch.rpm fde-tpm-helper-rpm-macros-0.7.3-160000.3.1.noarch.rpm fde-tools-0.7.3-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-323 Recommended update for google-guest-configs important SUSE SLFO 1.2 This update for google-guest-configs fixes the following issues: - Install NetworkManager disptacher for SLE-16 and newer only - Add NetworkManager-devel to BuildRequires - Install NetworkManager dispatcher script (bsc#1254266) google-guest-configs-20241205.00-160000.3.1.noarch.rpm openSUSE-Leap-16.0-324 Recommended update for build important SUSE SLFO 1.2 This update for build fixes the following issues: - pbuild: support for _manifest files - VM builds: fix export of mtime out of the build env - config: * tumbleweed syncing * slfo 1.2 updates * Re-create SLE 15 SP7 config (bsc#1251920) - oci-archive: * Support package list introspection * Support sbom generation - Docker.pm: Also handle 'zypper update' - obs-docker-support: Pass --no-refresh to zypper - fail if PKGID can not be queried - Add a workaround to fix builds on debian aarch64 with old systemd versions - Add gzip retry for the sidestore downloads - Revert VCS indenting change to fix reproducible builds - Helm: Use bool type for 'deprecated' - Distribution config updates - rpm: take package name from filename if no name is defined - ARM: qemu emulation uses -cpu max now - Add BuildFlags for changelogfulltimestamps - Fixes for lookaside store download - Create a symlink in /etc/localtime before calling zic - createarchive: implement fallback for old tar versions - Be more strict about the weird [qualifier] dependency extension - Implement bcond_override_default - Make substitutedeps work on the expanded dependencies - Docker: support COPY --from=image - Support an experimental "BuildFlags: cgroup2" - Support an experimental #!BuildTargetStage directive - Support "BuildFlags: rpm-nodebugmagic" - mkosi: Don't include preinstall packages - mkosi: Don't attempt to publish directory artifacts - Fix excluding /dev, /sys, etc. from preinstallimages - Set the source mtime to the commit timestamp for git (boo#1248776) - calculate goname for fedora assets - Make spec2changelog more resiliant to 3rd party spefiles - pbuild: * Fix url construction in remoteurl handling * Fix xz decompression - rpm: * Allow to set extra macros when parsing a specfile * genbuildrequs: set HOME before querying the specfile build-20260202-160000.1.1.noarch.rpm build-initvm-aarch64-20260202-160000.1.1.noarch.rpm build-mkbaselibs-20260202-160000.1.1.noarch.rpm build-mkdrpms-20260202-160000.1.1.noarch.rpm build-initvm-powerpc64le-20260202-160000.1.1.noarch.rpm build-initvm-s390x-20260202-160000.1.1.noarch.rpm build-initvm-x86_64-20260202-160000.1.1.noarch.rpm openSUSE-Leap-16.0-325 Security update for the Linux Kernel important SUSE SLFO 1.2 The SUSE Linux Enterprise 16.0 and SL MIxro 6.2 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-40147: blk-throttle: fix access race during throttle policy activation (bsc#1253344). - CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842). - CVE-2025-40259: scsi: sg: Do not sleep in atomic context (bsc#1254845). - CVE-2025-40261: nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (bsc#1254839). - CVE-2025-40363: net: ipv6: fix field-spanning memcpy warning in AH output (bsc#1255102). - CVE-2025-68174: amd/amdkfd: enhance kfd process check in switch partition (bsc#1255327). - CVE-2025-68178: blk-cgroup: fix possible deadlock while configuring policy (bsc#1255266). - CVE-2025-68188: tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (bsc#1255269). - CVE-2025-68200: bpf: Add bpf_prog_run_data_pointers() (bsc#1255241). - CVE-2025-68211: ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (bsc#1255319). - CVE-2025-68218: nvme-multipath: fix lockdep WARN due to partition scan work (bsc#1255245). - CVE-2025-68227: mptcp: Fix proto fallback detection with BPF (bsc#1255216). - CVE-2025-68241: ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (bsc#1255157). - CVE-2025-68245: net: netpoll: fix incorrect refcount handling causing incorrect cleanup (bsc#1255268). - CVE-2025-68261: ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164). - CVE-2025-68296: drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128). - CVE-2025-68297: ceph: fix crash in process_v2_sparse_read() for encrypted directories (bsc#1255403). - CVE-2025-68320: lan966x: Fix sleeping in atomic context (bsc#1255172). - CVE-2025-68325: net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (bsc#1255417). - CVE-2025-68337: jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482). - CVE-2025-68341: veth: reduce XDP no_direct return section to fix race (bsc#1255506). - CVE-2025-68348: block: fix memory leak in __blkdev_issue_zero_pages (bsc#1255694). - CVE-2025-68349: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (bsc#1255544). - CVE-2025-68356: gfs2: Prevent recursive memory reclaim (bsc#1255593). - CVE-2025-68359: btrfs: fix double free of qgroup record after failure to add delayed ref head (bsc#1255542). - CVE-2025-68360: wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (bsc#1255536). - CVE-2025-68361: erofs: limit the level of fs stacking for file-backed mounts (bsc#1255526). - CVE-2025-68366: nbd: defer config unlock in nbd_genl_connect (bsc#1255622). - CVE-2025-68367: macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (bsc#1255547). - CVE-2025-68368: md: init bioset in mddev_init (bsc#1255527). - CVE-2025-68372: nbd: defer config put in recv_work (bsc#1255537). - CVE-2025-68374: md: fix rcu protection in md_wakeup_thread (bsc#1255530). - CVE-2025-68376: coresight: ETR: Fix ETR buffer use-after-free issue (bsc#1255529). - CVE-2025-68379: RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (bsc#1255695). - CVE-2025-68735: drm/panthor: Prevent potential UAF in group creation (bsc#1255811). - CVE-2025-68741: scsi: qla2xxx: Fix improper freeing of purex item (bsc#1255703). - CVE-2025-68743: mshv: Fix create memory region overlap check (bsc#1255708). - CVE-2025-68764: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (bsc#1255930). - CVE-2025-68768: inet: frags: add inet_frag_queue_flush() (bsc#1256579). - CVE-2025-68770: bnxt_en: Fix XDP_TX path (bsc#1256584). - CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582). - CVE-2025-68775: net/handshake: duplicate handshake cancellations leak socket (bsc#1256665). - CVE-2025-68776: net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (bsc#1256659). - CVE-2025-68784: xfs: fix a UAF problem in xattr repair (bsc#1256793). - CVE-2025-68788: fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638). - CVE-2025-68792: tpm2-sessions: Fix out of range indexing in name_size (bsc#1256656). - CVE-2025-68795: ethtool: Avoid overflowing userspace buffer on stats query (bsc#1256688). - CVE-2025-68798: perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689). - CVE-2025-68799: caif: fix integer underflow in cffrml_receive() (bsc#1256643). - CVE-2025-68800: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (bsc#1256646). - CVE-2025-68801: mlxsw: spectrum_router: Fix neighbour use-after-free (bsc#1256653). - CVE-2025-68803: NFSD: NFSv4 file creation neglects setting ACL (bsc#1256770). - CVE-2025-68811: svcrdma: use rc_pageoff for memcpy byte offset (bsc#1256677). - CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641). - CVE-2025-68814: io_uring: fix filename leak in __io_openat_prep() (bsc#1256651). - CVE-2025-68815: net/sched: ets: Remove drr class from the active list if it changes to strict (bsc#1256680). - CVE-2025-68816: net/mlx5: fw_tracer, Validate format string parameters (bsc#1256674). - CVE-2025-68820: ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754). - CVE-2025-68821: fuse: fix readahead reclaim deadlock (bsc#1256667). - CVE-2025-71064: net: hns3: using the num_tqps in the vf driver to apply for resources (bsc#1256654). - CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645). - CVE-2025-71077: tpm: Cap the number of PCR banks (bsc#1256613). - CVE-2025-71080: ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (bsc#1256608). - CVE-2025-71084: RDMA/cm: Fix leaking the multicast GID table reference (bsc#1256622). - CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623). - CVE-2025-71087: iavf: fix off-by-one issues in iavf_config_rss_reg() (bsc#1256628). - CVE-2025-71088: mptcp: fallback earlier on simult connection (bsc#1256630). - CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612). - CVE-2025-71091: team: fix check for port enabled in team_queue_override_port_prio_changed() (bsc#1256773). - CVE-2025-71093: e1000: fix OOB in e1000_tbi_should_accept() (bsc#1256777). - CVE-2025-71094: net: usb: asix: ax88772: Increase phy_name size (bsc#1256597). - CVE-2025-71095: net: stmmac: fix the crash issue for zero copy XDP_TX action (bsc#1256605). - CVE-2025-71097: ipv4: Fix reference count leak when using error routes with nexthop objects (bsc#1256607). - CVE-2025-71098: ip6_gre: make ip6gre_header() robust (bsc#1256591). - CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726). - CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744). - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779). - CVE-2025-71123: ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757). - CVE-2025-71126: mptcp: avoid deadlock on fallback while reinjecting (bsc#1256755). - CVE-2025-71132: smc91x: fix broken irq-context in PREEMPT_RT (bsc#1256737). - CVE-2025-71133: RDMA/irdma: avoid invalid read in irdma_net_event (bsc#1256733). - CVE-2025-71135: md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (bsc#1256761). - CVE-2025-71137: octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (bsc#1256760). - CVE-2025-71148: net/handshake: restore destructor on submit failure (bsc#1257159). - CVE-2025-71149: io_uring/poll: correctly handle io_poll_add() return value on update (bsc#1257164). - CVE-2025-71156: gve: defer interrupt enabling until NAPI registration (bsc#1257167). - CVE-2025-71157: RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (bsc#1257168). - CVE-2026-22976: net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (bsc#1257035). - CVE-2026-22977: net: sock: fix hardened usercopy panic in sock_recv_errqueue (bsc#1257053). - CVE-2026-22981: idpf: detach and close netdevs while handling a reset (bsc#1257225). - CVE-2026-22982: net: mscc: ocelot: Fix crash when adding interface under a lag (bsc#1257179). - CVE-2026-22984: libceph: prevent potential out-of-bounds reads in handle_auth_done() (bsc#1257217). - CVE-2026-22986: gpiolib: fix race condition for gdev->srcu (bsc#1257276). - CVE-2026-22990: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (bsc#1257221). - CVE-2026-22991: libceph: make free_choose_arg_map() resilient to partial allocation (bsc#1257220). - CVE-2026-22992: libceph: return the handler error from mon_handle_auth_done() (bsc#1257218). - CVE-2026-22993: idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (bsc#1257180). - CVE-2026-22996: net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv. - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236). - CVE-2026-23000: net/mlx5e: Fix crash on profile change rollback failure (bsc#1257234). - CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232). - CVE-2026-23005: x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (bsc#1257245). - CVE-2026-23011: ipv4: ip_gre: make ipgre_header() robust (bsc#1257207). The following non security issues were fixed: - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes). - Add bugnumber to an existing hv_netvsc change (bsc#1257473). - Fix locking issue introduced by a CVE backport (bsc#1256975 bsc#1254977). - Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) - arm64: Update config files. Disable DEVPORT (bsc#1256792) - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569). - btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes). - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes). - drm/imagination: Wait for FW trace update command completion (git-fixes). - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes). - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309). - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087). - net: mana: Fix incorrect speed reported by debugfs (bsc#1255232). - net: mana: Support HW link state events (bsc#1253049). - nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015). - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes). - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). - sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459). - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864). - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864). - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156). - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346). - slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes). - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154). - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - smb: improve directory cache reuse for readdir operations (bsc#1252712). - tsm-mr: Add TVM Measurement Register support (bsc#1257504). - tsm-mr: Add tsm-mr sample code (bsc#1257504). - virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504). - virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504). - virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504). - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes). - x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504). - x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504). kernel-devel-6.12.0-160000.26.1.noarch.rpm True kernel-macros-6.12.0-160000.26.1.noarch.rpm True kernel-source-6.12.0-160000.26.1.noarch.rpm True kernel-source-vanilla-6.12.0-160000.26.1.noarch.rpm True kernel-default-base-6.12.0-160000.26.1.160000.2.7.aarch64.rpm True dtb-allwinner-6.12.0-160000.26.1.aarch64.rpm True dtb-altera-6.12.0-160000.26.1.aarch64.rpm True dtb-amazon-6.12.0-160000.26.1.aarch64.rpm True dtb-amd-6.12.0-160000.26.1.aarch64.rpm True dtb-amlogic-6.12.0-160000.26.1.aarch64.rpm True dtb-apm-6.12.0-160000.26.1.aarch64.rpm True dtb-apple-6.12.0-160000.26.1.aarch64.rpm True dtb-arm-6.12.0-160000.26.1.aarch64.rpm True dtb-broadcom-6.12.0-160000.26.1.aarch64.rpm True dtb-cavium-6.12.0-160000.26.1.aarch64.rpm True dtb-exynos-6.12.0-160000.26.1.aarch64.rpm True dtb-freescale-6.12.0-160000.26.1.aarch64.rpm True dtb-hisilicon-6.12.0-160000.26.1.aarch64.rpm True dtb-lg-6.12.0-160000.26.1.aarch64.rpm True dtb-marvell-6.12.0-160000.26.1.aarch64.rpm True dtb-mediatek-6.12.0-160000.26.1.aarch64.rpm True dtb-nvidia-6.12.0-160000.26.1.aarch64.rpm True dtb-qcom-6.12.0-160000.26.1.aarch64.rpm True dtb-renesas-6.12.0-160000.26.1.aarch64.rpm True dtb-rockchip-6.12.0-160000.26.1.aarch64.rpm True dtb-socionext-6.12.0-160000.26.1.aarch64.rpm True dtb-sprd-6.12.0-160000.26.1.aarch64.rpm True dtb-xilinx-6.12.0-160000.26.1.aarch64.rpm True cluster-md-kmp-64kb-6.12.0-160000.26.1.aarch64.rpm True dlm-kmp-64kb-6.12.0-160000.26.1.aarch64.rpm True gfs2-kmp-64kb-6.12.0-160000.26.1.aarch64.rpm True kernel-64kb-6.12.0-160000.26.1.aarch64.rpm True kernel-64kb-devel-6.12.0-160000.26.1.aarch64.rpm True kernel-64kb-extra-6.12.0-160000.26.1.aarch64.rpm True kernel-64kb-optional-6.12.0-160000.26.1.aarch64.rpm True kselftests-kmp-64kb-6.12.0-160000.26.1.aarch64.rpm True ocfs2-kmp-64kb-6.12.0-160000.26.1.aarch64.rpm True cluster-md-kmp-azure-6.12.0-160000.26.1.aarch64.rpm True dlm-kmp-azure-6.12.0-160000.26.1.aarch64.rpm True gfs2-kmp-azure-6.12.0-160000.26.1.aarch64.rpm True kernel-azure-6.12.0-160000.26.1.aarch64.rpm True kernel-azure-devel-6.12.0-160000.26.1.aarch64.rpm True kernel-azure-extra-6.12.0-160000.26.1.aarch64.rpm True kernel-azure-optional-6.12.0-160000.26.1.aarch64.rpm True kselftests-kmp-azure-6.12.0-160000.26.1.aarch64.rpm True ocfs2-kmp-azure-6.12.0-160000.26.1.aarch64.rpm True cluster-md-kmp-default-6.12.0-160000.26.1.aarch64.rpm True dlm-kmp-default-6.12.0-160000.26.1.aarch64.rpm True gfs2-kmp-default-6.12.0-160000.26.1.aarch64.rpm True kernel-default-6.12.0-160000.26.1.aarch64.rpm True kernel-default-devel-6.12.0-160000.26.1.aarch64.rpm True kernel-default-extra-6.12.0-160000.26.1.aarch64.rpm True kernel-default-optional-6.12.0-160000.26.1.aarch64.rpm True kselftests-kmp-default-6.12.0-160000.26.1.aarch64.rpm True ocfs2-kmp-default-6.12.0-160000.26.1.aarch64.rpm True kernel-docs-6.12.0-160000.26.1.noarch.rpm True kernel-docs-html-6.12.0-160000.26.1.noarch.rpm True kernel-kvmsmall-6.12.0-160000.26.1.aarch64.rpm True kernel-kvmsmall-devel-6.12.0-160000.26.1.aarch64.rpm True kernel-obs-build-6.12.0-160000.26.1.aarch64.rpm True kernel-obs-qa-6.12.0-160000.26.1.aarch64.rpm True cluster-md-kmp-rt-6.12.0-160000.26.1.aarch64.rpm True dlm-kmp-rt-6.12.0-160000.26.1.aarch64.rpm True gfs2-kmp-rt-6.12.0-160000.26.1.aarch64.rpm True kernel-rt-6.12.0-160000.26.1.aarch64.rpm True kernel-rt-devel-6.12.0-160000.26.1.aarch64.rpm True kernel-rt-extra-6.12.0-160000.26.1.aarch64.rpm True kernel-rt-optional-6.12.0-160000.26.1.aarch64.rpm True kselftests-kmp-rt-6.12.0-160000.26.1.aarch64.rpm True ocfs2-kmp-rt-6.12.0-160000.26.1.aarch64.rpm True kernel-syms-6.12.0-160000.26.1.aarch64.rpm True kernel-default-base-6.12.0-160000.26.1.160000.2.7.ppc64le.rpm True cluster-md-kmp-default-6.12.0-160000.26.1.ppc64le.rpm True dlm-kmp-default-6.12.0-160000.26.1.ppc64le.rpm True gfs2-kmp-default-6.12.0-160000.26.1.ppc64le.rpm True kernel-default-6.12.0-160000.26.1.ppc64le.rpm True kernel-default-devel-6.12.0-160000.26.1.ppc64le.rpm True kernel-default-extra-6.12.0-160000.26.1.ppc64le.rpm True kernel-default-optional-6.12.0-160000.26.1.ppc64le.rpm True kselftests-kmp-default-6.12.0-160000.26.1.ppc64le.rpm True ocfs2-kmp-default-6.12.0-160000.26.1.ppc64le.rpm True kernel-kvmsmall-6.12.0-160000.26.1.ppc64le.rpm True kernel-kvmsmall-devel-6.12.0-160000.26.1.ppc64le.rpm True kernel-obs-build-6.12.0-160000.26.1.ppc64le.rpm True kernel-obs-qa-6.12.0-160000.26.1.ppc64le.rpm True kernel-syms-6.12.0-160000.26.1.ppc64le.rpm True cluster-md-kmp-default-6.12.0-160000.26.1.s390x.rpm True dlm-kmp-default-6.12.0-160000.26.1.s390x.rpm True gfs2-kmp-default-6.12.0-160000.26.1.s390x.rpm True kernel-default-6.12.0-160000.26.1.s390x.rpm True kernel-default-devel-6.12.0-160000.26.1.s390x.rpm True kernel-default-extra-6.12.0-160000.26.1.s390x.rpm True kernel-default-optional-6.12.0-160000.26.1.s390x.rpm True kselftests-kmp-default-6.12.0-160000.26.1.s390x.rpm True ocfs2-kmp-default-6.12.0-160000.26.1.s390x.rpm True kernel-obs-build-6.12.0-160000.26.1.s390x.rpm True kernel-obs-qa-6.12.0-160000.26.1.s390x.rpm True kernel-syms-6.12.0-160000.26.1.s390x.rpm True kernel-zfcpdump-6.12.0-160000.26.1.s390x.rpm True kernel-default-base-6.12.0-160000.26.1.160000.2.7.x86_64.rpm True cluster-md-kmp-azure-6.12.0-160000.26.1.x86_64.rpm True dlm-kmp-azure-6.12.0-160000.26.1.x86_64.rpm True gfs2-kmp-azure-6.12.0-160000.26.1.x86_64.rpm True kernel-azure-6.12.0-160000.26.1.x86_64.rpm True kernel-azure-devel-6.12.0-160000.26.1.x86_64.rpm True kernel-azure-extra-6.12.0-160000.26.1.x86_64.rpm True kernel-azure-optional-6.12.0-160000.26.1.x86_64.rpm True kernel-azure-vdso-6.12.0-160000.26.1.x86_64.rpm True kselftests-kmp-azure-6.12.0-160000.26.1.x86_64.rpm True ocfs2-kmp-azure-6.12.0-160000.26.1.x86_64.rpm True cluster-md-kmp-default-6.12.0-160000.26.1.x86_64.rpm True dlm-kmp-default-6.12.0-160000.26.1.x86_64.rpm True gfs2-kmp-default-6.12.0-160000.26.1.x86_64.rpm True kernel-default-6.12.0-160000.26.1.x86_64.rpm True kernel-default-devel-6.12.0-160000.26.1.x86_64.rpm True kernel-default-extra-6.12.0-160000.26.1.x86_64.rpm True kernel-default-optional-6.12.0-160000.26.1.x86_64.rpm True kernel-default-vdso-6.12.0-160000.26.1.x86_64.rpm True kselftests-kmp-default-6.12.0-160000.26.1.x86_64.rpm True ocfs2-kmp-default-6.12.0-160000.26.1.x86_64.rpm True kernel-kvmsmall-6.12.0-160000.26.1.x86_64.rpm True kernel-kvmsmall-devel-6.12.0-160000.26.1.x86_64.rpm True kernel-kvmsmall-vdso-6.12.0-160000.26.1.x86_64.rpm True kernel-obs-build-6.12.0-160000.26.1.x86_64.rpm True kernel-obs-qa-6.12.0-160000.26.1.x86_64.rpm True cluster-md-kmp-rt-6.12.0-160000.26.1.x86_64.rpm True dlm-kmp-rt-6.12.0-160000.26.1.x86_64.rpm True gfs2-kmp-rt-6.12.0-160000.26.1.x86_64.rpm True kernel-rt-6.12.0-160000.26.1.x86_64.rpm True kernel-rt-devel-6.12.0-160000.26.1.x86_64.rpm True kernel-rt-extra-6.12.0-160000.26.1.x86_64.rpm True kernel-rt-optional-6.12.0-160000.26.1.x86_64.rpm True kernel-rt-vdso-6.12.0-160000.26.1.x86_64.rpm True kselftests-kmp-rt-6.12.0-160000.26.1.x86_64.rpm True ocfs2-kmp-rt-6.12.0-160000.26.1.x86_64.rpm True kernel-syms-6.12.0-160000.26.1.x86_64.rpm True openSUSE-Leap-16.0-327 Recommended update for aaa_base important SUSE SLFO 1.2 This update for aaa_base fixes the following issues: - Update to version 84.87+git20260210.ecce285: * For boo#1257875 get intrinsic DEFAULT_WM back * DIR_COLORS: add vt220 and .jxl - Update to version 84.87+git20260112.8f614f3: * add ghost entries for the removed dirs * Revert list directories above all normal files. - Update to version 84.87+git20251217.34fd7bc: * add tmpfiles template adm-backup.conf (jsc#PED-14803) * Fix old script to support copy mode as well * Support for XDG environment variables for the su, * adapted sugggestions * Patching nsswitch.conf only if it has not been generated by nsswitch-config (jsc#PED-13807). * Avoid nasty exceptions running tput - Update to version 84.87+git20251111.509a363: * Avoid escape sequences on dump terminal of s390 - Update to version 84.87+git20251111.16d9d43: * Set XDG environment variables consistently without trailing slash - Update to version 84.87+git20251110.af063e6: * Avoid escape sequences on dump terminal of s390 * Set erase character from kbs entry of terminfo - Update to version 84.87+git20251030.441f926: * Add systemd to /etc/nsswitch.conf (bsc#1250513) * Add group-directories-first option * prevent normal users from accessing dmesg (bsc#1249686) * Use explicit defaults for XDG environment variables - Update to version 84.87+git20250903.33e5ba4: * Correct fix for (bsc#1247495, bsc#1248158) - Update to version 84.87+git20250805.3069494: * Remove initviocons for tcsh as well and * Update csh.login * Add missing quoting and remove unneeded uses of eval - Update to version 84.87+git20250801.f305627: * Remove sysconfig.language (bsc#1247286) - Update to version 84.87+git20250801.b2fa3fe: * Allow /etc/locale.conf to have no newline aaa_base-84.87+git20260210.ecce285-160000.1.1.aarch64.rpm aaa_base-extras-84.87+git20260210.ecce285-160000.1.1.aarch64.rpm aaa_base-malloccheck-84.87+git20260210.ecce285-160000.1.1.aarch64.rpm aaa_base-wsl-84.87+git20260210.ecce285-160000.1.1.aarch64.rpm aaa_base-yama-enable-ptrace-84.87+git20260210.ecce285-160000.1.1.aarch64.rpm aaa_base-84.87+git20260210.ecce285-160000.1.1.ppc64le.rpm aaa_base-extras-84.87+git20260210.ecce285-160000.1.1.ppc64le.rpm aaa_base-malloccheck-84.87+git20260210.ecce285-160000.1.1.ppc64le.rpm aaa_base-wsl-84.87+git20260210.ecce285-160000.1.1.ppc64le.rpm aaa_base-yama-enable-ptrace-84.87+git20260210.ecce285-160000.1.1.ppc64le.rpm aaa_base-84.87+git20260210.ecce285-160000.1.1.s390x.rpm aaa_base-extras-84.87+git20260210.ecce285-160000.1.1.s390x.rpm aaa_base-malloccheck-84.87+git20260210.ecce285-160000.1.1.s390x.rpm aaa_base-wsl-84.87+git20260210.ecce285-160000.1.1.s390x.rpm aaa_base-yama-enable-ptrace-84.87+git20260210.ecce285-160000.1.1.s390x.rpm aaa_base-84.87+git20260210.ecce285-160000.1.1.x86_64.rpm aaa_base-extras-84.87+git20260210.ecce285-160000.1.1.x86_64.rpm aaa_base-malloccheck-84.87+git20260210.ecce285-160000.1.1.x86_64.rpm aaa_base-wsl-84.87+git20260210.ecce285-160000.1.1.x86_64.rpm aaa_base-yama-enable-ptrace-84.87+git20260210.ecce285-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-328 Security update for haproxy moderate SUSE SLFO 1.2 This update for haproxy fixes the following issues: - Update to version 3.2.12+git0.6011f448e - CVE-2026-26081: Fixed a DOS vulnerability in QUIC. (bsc#1257976) - CVE-2026-26080: Fixed a DOS vulnerability in QUIC. (bsc#1257976) haproxy-3.2.12+git0.6011f448e-160000.1.1.aarch64.rpm haproxy-3.2.12+git0.6011f448e-160000.1.1.ppc64le.rpm haproxy-3.2.12+git0.6011f448e-160000.1.1.s390x.rpm haproxy-3.2.12+git0.6011f448e-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-329 Security update for fluidsynth important SUSE SLFO 1.2 This update for fluidsynth fixes the following issues: - CVE-2025-56225: NULL pointer deference when loading and invalid MIDI file (bsc#1256435). fluidsynth-2.3.5-160000.3.1.aarch64.rpm fluidsynth-devel-2.3.5-160000.3.1.aarch64.rpm libfluidsynth3-2.3.5-160000.3.1.aarch64.rpm fluidsynth-2.3.5-160000.3.1.ppc64le.rpm fluidsynth-devel-2.3.5-160000.3.1.ppc64le.rpm libfluidsynth3-2.3.5-160000.3.1.ppc64le.rpm fluidsynth-2.3.5-160000.3.1.s390x.rpm fluidsynth-devel-2.3.5-160000.3.1.s390x.rpm libfluidsynth3-2.3.5-160000.3.1.s390x.rpm fluidsynth-2.3.5-160000.3.1.x86_64.rpm fluidsynth-devel-2.3.5-160000.3.1.x86_64.rpm libfluidsynth3-2.3.5-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-33 Security update for ongres-scram important SUSE SLFO 1.2 This update for ongres-scram fixes the following issues: - CVE-2025-59432: Fixed timing attack vulnerability in SCRAM Authentication (bsc#1250399) ongres-scram-3.1-160000.3.1.noarch.rpm ongres-scram-client-3.1-160000.3.1.noarch.rpm ongres-scram-javadoc-3.1-160000.3.1.noarch.rpm openSUSE-Leap-16.0-330 Security update for python-azure-core important SUSE SLFO 1.2 This update for python-azure-core fixes the following issues: - CVE-2026-21226: Fixed deserialization of untrusted data which may allow an authorized attacker to execute code over a network. (bsc#1257703) python313-azure-core-1.32.0-160000.3.1.noarch.rpm openSUSE-Leap-16.0-331 Recommended update for maven, maven-archiver, maven-dependency-plugin, maven-dependency-analyzer, maven-compiler-plugin, maven-assembly-plugin, byte-buddy, bouncycastle, apache-parent, maven-parent, maven-resolver, maven-resources-plugin, objectweb-asm, truth, xmlunit, xz-java moderate SUSE SLFO 1.2 This update for maven, maven-archiver, maven-dependency-plugin, maven-dependency-analyzer, maven-compiler-plugin, maven-assembly-plugin, byte-buddy, bouncycastle, apache-parent, maven-parent, maven-resolver, maven-resources-plugin, objectweb-asm, truth, xmlunit, xz-java fixes the following issues: Changes in maven: Specify required maven-resolver version since the maven-resolver-provider requires methods added in 1.9.25 Upgrade to upstream version 3.9.12 * New features and improvements + Apply resolver changes and improvements + Update formatting of prerequisites-requirements error to improve readability + Allow a Maven plugin to require a Java version + Use MavenRepositorySystem in ProjectBuildingHelper instead of deprecated RepositorySystem + Make maven.config use UTF8 + Simplify prefix resolution * Bug Fixes + Add default implementation for new method in MavenPluginManager + Repository layout should be used in MavenRepositorySystem + Fix plugin prefix resolution when metadata is not available from repository + Improve source root modification warning message + Bug: bad cache isolation between two sessions + Set Guice class loading to CHILD - avoid using terminally deprecated methods + Avoid parsing MAVEN_OPTS (3.9.x) * Documentation updates + clarify repository vs deployment repository + add maintained branches * Maintenance + Add IntelliJ icon + Build by JDK 25 + Deprecate org.apache.maven.repository.RepositorySystem in 3.9.x * Build + Bump actions/download-artifact from 5.0.0 to 6.0.0 + Bump actions/upload-artifact from 4.6.2 to 5.0.0 * Dependency updates + Bump actions/cache from 4.2.3 to 5.0.0 + Bump resolverVersion from 1.9.24 to 1.9.25 + Bump actions/checkout from 5.0.0 to 6.0.1 + Bump actions/setup-java from 5.0.0 to 5.1.0 + Bump commons-cli:commons-cli from 1.9.0 to 1.11.0 + Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29 + Bump commons-io:commons-io from 2.19.0 to 2.21.0 + Bump xmlunitVersion from 2.10.3 to 2.11.0 + Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.24 to 1.26 + Bump org.ow2.asm:asm from 9.8 to 9.9 + Bump com.google.guava:guava from 33.4.8-jre to 33.5.0-jre Changes in maven-archiver: - Upgrade to maven-archiver 3.6.6 * New features and improvements + Backport sorting of properties to maven archiver 3.x * Maintenance + Convert to MARKDOWN with doxia-converter + Add more timestamp tests * Dependency updates + Bump Maven to 3.9.12 + Bump org.codehaus.plexus:plexus-archiver from 4.10.2 to 4.10.4 + Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29 Changes in maven-dependency-plugin: - Upgrade to version 3.9.0 * New features and improvements + Use Resolver API in go-offline for dependencies resolving + Use Resolver API in go-offline for plugins resolving + Fixes #1522, add render-dependencies mojo + Use Resolver API in resolve-plugin + MDEP-964: unconditionally ignore dependencies known to be loaded by reflection + Update maven-dependency-analyzer to support Java24 + MDEP-972: copy-dependencies: copy signatures alongside artifacts + MDEP-776: Warn when multiple dependencies have the same file name + MDEP-966: Migrate AnalyzeDepMgt to Sisu + MDEP-957: By default, don't report slf4j-simple as unused * Bug Fixes + ProjectBuildingRequest should not be modified + Fix: markersDirectory is not working when unpack goal is executed from command line + Fix broken link for analyze-exclusions-mojo on usage-page + MDEP-839: Avoid extra blank lines in file + Update collect URL + MDEP-689: Fixes ignored dependency filtering in go-offline goal + MDEP-960: Repair silent logging * Documentation updates + MDEP-933: Document dependency tree output formats + Add additional comment to clarify the minimal supported version of outputing dependency tree in JSON fromat. + MNGSITE-529: Rename "Goals" to "Plugin Documentation" + Unix file separators * Maintenance + Simplify usage of RepositoryManager and DependencyResolver + Use Resolver API in copy and unpack + Update site descriptor to 2.0.0 + Enable prevent branch protection rules + Fix [MDEP-931: Replace PrintWriter with Writer in AbstractSerializing Visitor and subclasses + Cleanups dependencies + Copy edit parameter descriptions + Small Javadoc clarifications + MDEP-967: Change info to debug logging in AbstractFromConfigurationMojo + fix: remove duplicate maven-resolver-api and maven-resolver-util dependencies in pom.xml + Enable GH issues + Remove redundant/unneeded code + Add PR Automation and Stale actions + Keep files in temporary directory to be deleted after test + Drop unnecessary call + Avoid deprecated ArtifactFactory + MDEP-966: Convert remaining Mojos to Guice injection + MDEP-966: Convert Analyze Mojos to Guice constructor injection + MDEP-966: Prefer Guice injection + MDEP-966: Migrate TreeMojo/CopyMojo/AnalyzeExclusionsMojo/ /UnpackMojo/CopyDependenciesMojo from Plexus to Sisu Guice + MDEP-966: @component --> @Inject for DisplayAncestorsMojo + Fixing flaky test in TestCopyDependenciesMojo + MNG-2961: Remove workaround for fixed bug * Build + Build by Maven 4 * Dependency updates + Bump Maven in dependencies to 3.9.11 + Bump commons-io:commons-io from 2.16.1 to 2.20.0 + Bump jettyVersion from 9.4.56.v20240826 to 9.4.58.v20250814 + Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.19.0 + Bump org.apache.maven.plugins:maven-plugins from 43 to 45 + Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0 + Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.1 + Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 + Bump org.jsoup:jsoup from 1.18.1 to 1.21.2 + MDEP-963: Bump org.apache.maven.shared:maven-dependency-analyzer from 1.15.0 to 1.15.1 Changes in maven-dependency-analyzer: - Upgrade to upstream version 1.17.0 * New features and improvements + Recognize classes used in web.xml as main classes + Introduced a DependencyClassesProvider service * Maintenance + Update site descriptor to 2.0 + Fix badges in README + Exclude slf4j 2.x and mockito 5.x from dependabot + feat: enable prevent branch protection rules + Catch exceptions on all paths + Add Apache 2.0 LICENSE file + Handle corrupt constant pools + Remove redundant code + move default to end * Build + Build on GH also by Maven 4 * Dependency updates + Bump org.assertj:assertj-bom from 3.27.3 to 3.27.7 + Bump org.apache.maven.shared:maven-shared-components from 44 to 47 + Bump mavenVersion from 3.9.9 to 3.9.12 + Bump org.ow2.asm:asm from 9.8 to 9.9.1 + Update Invoker Plugin and Plugin tools to support Java 25 + Bump org.assertj:assertj-bom from 3.26.3 to 3.27.3 Changes in maven-compiler-plugin: - Upgrade to upsteam release 3.15.0 * Bug Fixes + Fix Java 25 compatibility during integration tests + MCOMPILER-540: useIncrementalCompilation=false may add generated sources to the sources list * Maintenance + Bump org.apache.maven.plugins:maven-plugins from 45 to 46 + Remove declaration of "plexus-snapshots" repository + Works only with Maven 4.0.0 rc4 + Enable Java 25 and Maven 4 in CI * Dependency updates + Bump maven-plugin-testing-harness to 3.5.0 + Bump plexusCompilerVersion from 2.15.0 to 2.16.2 + Bump org.apache.maven.plugins:maven-plugins from 46 to 47 + Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.2 + Bump org.ow2.asm:asm from 9.8 to 9.9.1 + Bump mavenVersion from 3.9.11 to 3.9.12 Changes in maven-assembly-plugin: - Update to version 3.8.0 * Bug Fixes + MASSEMBLY-1030: Manifest entries from archive configuration are not added in final MANIFEST + MASSEMBLY-1029: Use minimal level for model validation * Documentation updates + MNGSITE-529: Rename "Goals" to "Plugin Documentation" * Maintenance + chore: migrate junit3/4 to junit5 + feat: enable prevent branch protection rules + Enable Github Issues * Dependency updates + MASSEMBLY-1028: Bump org.apache.maven:maven-archiver from 3.6.1 to 3.6.2 + Bump org.apache.maven:maven-archiver from 3.6.2 to 3.6.5 + MASSEMBLY-1027: Bump commons-io:commons-io from 2.15.1 to 2.16.0 + Bump commons-io:commons-io from 2.16.0 to 2.21.0 + Bump Maven to 3.9.11. Prerequisite still 3.6.3 + Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 + Bump org.codehaus.plexus:plexus-io from 3.4.2 to 3.6.0 + Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.29 + Bump org.codehaus.plexus:plexus-archiver from 4.9.2 to 4.10.4 + Bump com.github.luben:zstd-jni from 1.5.5-11 to 1.5.7-6 + Bump m-invoker-p to 3.9.1 for Java 25 + Bump org.apache.maven.plugins:maven-plugins from 41 to 45 + Bump org.apache.commons:commons-compress from 1.26.1 to 1.28.0 + Bump commons-fileupload:commons-fileupload from 1.5 to 1.6.0 in /src/it/projects/bugs/massembly-580 + Bump org.codehaus.plexus:plexus-archiver from to 4.10.0 + Bump org.apache.maven.shared:maven-common-artifact-filters from 3.3.2 to 3.4.0 + Bump org.apache.maven.shared:maven-filtering from 3.3.2 to 3.4.0 + Bump org.hamcrest:hamcrest from 2.2 to 3.0 Changes in byte-buddy: - Update to v1.18.3 * Changes of v1.18.3 + Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available. + Add additional safety when processing class files with illegally formed parameters. + Update to latest ASM. * Changes of v1.18.2 + Support modifiers for value classes in Valhalla builds. + Improve use of build cache in Gradle. - Update to v1.18.1 * Changes of v1.18.1 + Fix generated module-info to include new package. * Changes of v1.18.0 + Add support for module-info class files and ModuleDescriptions. + Allow for manipulating module information using the ByteBuddy API. * Changes of v1.17.8 + Avoid use of types that are deprecated as of Java 26. + Include ASM 9.9 that offers ASM support for Java 26. + Make sure that generated code internal to Byte Buddy supports CDS if available. + Update version of ASM to JDK Class File API bridge to fix some minor bugs related to type annotations. * Changes of v1.17.7 + Specify correct JVM environment for Android builds when using the Gradle plugin. + Avoid recomputing the size of a parameter list for performance reasons after measuring the significant impact. + Correct validation of JVM names to avoid breaking when Java names are not allowed while JVM names are, with Kotlin and others. - Require for build objectweb-asm >= 9.8 for Opcodes.V25 Changes in bouncycastle: - Update to 1.83: * Defects Fixed: - Attempting to check a password on a stripped PGP would throw an exception. Checking the password on such a key will now always return false. - Fixed an issue in KangarooTwelve where premature absorption caused erroneous 168-byte padding; absorption is now delayed so correct final-byte padding is applied. - BCJSSE: Fix supported_versions creation for renegotiation handshake. - (D)TLS: Reneg info now oly offered with pre-1.3. * Additional Features and Functionality: - A generic "COMPOSITE" algorithm name has been added as a JCA Signature algorithm. The algorithm will identify the composite signature to use from the composite key passed in. - The composite signatures implementation has been updated to the final draft and now follows the submitted standard. - Support for the generation and use as trust anchors has been added for certificate signatures with id-alg-unsigned as the signature type. - Support for CMP direct POP for encryption keys using challenge/response has been added to the CMP/CRMF APIs. - Support for SupportedCurves attribute to the BC provider - BCJSSE: Added support for SLH-DSA signature schemes in TLS 1.3 per draft-reddy-tls-slhdsa-01. - Support has been added for the Java 25 KDF API (current algorithms, PBKDF2, SCRYPT, and HKDF). - Support for composite signatures is now included in CMS and timestamping. - It is now possible to disable the Lenstra check in RSA where the public key is not available via the system/security property "org.bouncycastle.rsa.no_lenstra_check". Changes in apache-parent: - Update to 37: * New features and improvements + Disable parallel PUT on release - Update to 36: * Breaking changes + Update minimum maven version to match current stable version (3.6.3 -> 3.9) + Introduce javaVersion property for maven.compiler.* configuration + Switch JDK >= 9 to only use maven.compiler.release * New features and improvements + Add default specification and implementation for javadoc and source manifest entries * Documentation updates + Clarify how to use Apache Snapshot repository + activate Fluido skin's anchorJs * Maintenance + Avoid - WARNING: Use of the three-letter time zone ID ... on JDK 25 for RAT plugin + feat: enable prevent branch protection rules Changes in maven-parent: - Upgrade to Apache Maven parent POM version 47 * Dependency updates + Bump parent to 37 + Bump org.junit:junit-bom from 5.14.1 to 5.14.2 - Upgrade to Apache Maven parent POM version 46 * Breaking changes + Require Maven 3.6.3+ from plugins + Update rat plugin configuration + Use spotless 3 when running on JDK >= 17 + Drop Doxia Tools parent pom * New features and improvements + MPOM-387: Exclude test scope from enforcedBytecodeVersion + feat: activate Fluido skin's anchorJs + Enhance target JDK definition for JDK >= 9 + Always render a GitHub ribbon on the right-hand side * Maintenance + MPOM-277: Move maven-invoker-plugin configuration to one place + Remove doxia-tools from documentations + feat: enable prevent branch protection rules + Add Apache 2.0 LICENSE file Changes in maven-resolver: - Update to upstream version 1.9.25 * New features and improvements + Add scope support for trusted checksums + Name mappers cleanup and new GAECV mapper + Proper metadata locking support + Ability to augment metadata nature for version range request * Bug Fixes + TrackingFileManager changes + Maven filters daemon friendly + Remove hack from Basic connector + Fix locking issues * Documentation updates + Updated the documentation to reflect the current list of name mappers * Maintenance + Mild backport: support same properties as Resolver 2.x + Maven resolver lockrepro + Bugfix: Java 25 broke test * Dependency updates + Bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.23.1 to 0.25.0 + Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.24 to 1.26 + Bump commons-codec:commons-codec from 1.18.0 to 1.20.0 + Bump org.redisson:redisson from 3.50.0 to 3.52.0 + Bump com.google.guava:guava from 33.4.8-jre to 33.5.0-jre + Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 + Bump jettyVersion from 9.4.57.v20241219 to 9.4.58.v20250814 + Bump mavenVersion from 3.9.10 to 3.9.11 Changes in maven-resolver: - Update to upstream version 1.9.25 * New features and improvements + Add scope support for trusted checksums + Name mappers cleanup and new GAECV mapper + Proper metadata locking support + Ability to augment metadata nature for version range request * Bug Fixes + TrackingFileManager changes + Maven filters daemon friendly + Remove hack from Basic connector + Fix locking issues * Documentation updates + Updated the documentation to reflect the current list of name mappers * Maintenance + Mild backport: support same properties as Resolver 2.x + Maven resolver lockrepro + Bugfix: Java 25 broke test * Dependency updates + Bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.23.1 to 0.25.0 + Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.24 to 1.26 + Bump commons-codec:commons-codec from 1.18.0 to 1.20.0 + Bump org.redisson:redisson from 3.50.0 to 3.52.0 + Bump com.google.guava:guava from 33.4.8-jre to 33.5.0-jre + Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 + Bump jettyVersion from 9.4.57.v20241219 to 9.4.58.v20250814 + Bump mavenVersion from 3.9.10 to 3.9.11 Changes in maven-resources-plugin: - Upgrade to version 3.4.0 * New features and improvements + Enable GitHub Issues * Documentation updates + MNGSITE-529: Rename "Goals" to "Plugin Documentation" + MRESOURCES-299: Be more accurate on using filtering element + Don't bother with very old versions * Maintenance + Migrate site to Doxia 2 + PlexusFileUtils Refaster recipes + Add PR Automation action + Improve release-drafter configuration + Add dependency to slf4j-simple for test scope + Use try with resources in integration test + reduce dependency scope of plexus-utils and commons-io * Dependency updates + Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.20.0 + Bump org.apache.maven.resolver:maven-resolver-api from 1.6.3 to 1.9.24 + Bump Maven to 3.9.11 while keep prerequisites on 3.6.3 + MRESOURCES-304: Bump org.codehaus.plexus:plexus-interpolation from 1.26 to 1.27 + Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.29 + Bump m-invoker-p to 3.9.1 + Bump org.apache.maven.plugins:maven-plugins from 39 to 45 + Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 + MRESOURCES-302: Bump commons-io:commons-io from 2.11.0 to 2.16.0 + Bump commons-io:commons-io from 2.16.0 to 2.20.0 + MRESOURCES-303: Bump org.apache.maven.shared:maven-filtering from 3.3.1 to 3.3.2 + Bump org.apache.maven.shared:maven-filtering from 3.3.2 to 3.4.0 + MRESOURCES-305: Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 4.0.0 + Bump apache/maven-gh-actions-shared from 3 to 4 + MRESOURCES-171: ISO8859-1 properties files get changed into + MRESOURCES-210: copy-resources erases file permissions + MRESOURCES-236: Copying of files with permissions broken + MRESOURCES-257: property from list element in pom model + MRESOURCES-251: Upgrade plexus-interpolation 1.26 + MRESOURCES-252: Add m2e lifecycle Metadata to plugin + MRESOURCES-256: make build Reproducible + MRESOURCES-258: Only overwrite filtered resources when + MRESOURCES-249: Upgrade maven-plugins parent to version 32 + MRESOURCES-255: Upgrade plexus-utils 3.3.0 + MRESOURCES-261: Make Maven 3.1.0 the minimum version + MRESOURCES-263: Update to maven-filtering 3.2.0 Changes in objectweb-asm: - Upgrade to version 9.9.1 * bug fixes + 318036: OutOfMemoryError when reading invalid class + 318037: Version ranges too wide on Import-Package Changes in truth: - Force annotation processing, since it is needed with Java 25 Changes in xmlunit: - Upgrade to 2.11.0 * XMLUnit 2.x is a complete rewrite of XMLUnit and actually doesn't share any code with XMLUnit for Java 1.x. * Some goals for XMLUnit 2.x: + create .NET and Java versions that are compatible in design while trying to be idiomatic for each platform + remove all static configuration (the old XMLUnit class setter methods) + focus on the parts that are useful for testing - XPath - (Schema) validation - comparisons + be independent of any test framework * XMLUnit 1.x is no longer maintained - Use directly the xalan-j2 jar instead of the jaxp_transform_impl Changes in xz-java: - Upgrade to version 1.11 * Fix a data corruption bug when encoding with the rarely-used option LZMA2Options.MODE_UNCOMPRESSED. To trigger the bug, a write call must cross an offset that is a multiple of 65536 bytes. For example, one write of 70000 bytes or two write calls of 50000 bytes each would trigger the bug. The bug isn't triggered if there are ten write calls of 8192 bytes each followed by one 123-byte write. * If encoding to a .xz file, a decoder would catch the issue because the integrity check wouldn't match. * The binaries of 1.10 in the Maven Central require Java 8 and contain optimized classes for Java >= 9 as multi-release JAR. They were built with OpenJDK 21.0.9 on GNU/Linux and can be reproduced using the following command: SOURCE_DATE_EPOCH=1763575020 TZ=UTC0 ant maven maven-3.9.12-160000.1.1.aarch64.rpm maven-javadoc-3.9.12-160000.1.1.noarch.rpm maven-lib-3.9.12-160000.1.1.aarch64.rpm maven-archiver-3.6.6-160000.1.1.noarch.rpm maven-archiver-javadoc-3.6.6-160000.1.1.noarch.rpm maven-dependency-analyzer-1.17.0-160000.1.1.noarch.rpm maven-dependency-analyzer-javadoc-1.17.0-160000.1.1.noarch.rpm maven-compiler-plugin-3.15.0-160000.1.1.noarch.rpm maven-compiler-plugin-javadoc-3.15.0-160000.1.1.noarch.rpm maven-compiler-plugin-bootstrap-3.15.0-160000.1.1.noarch.rpm maven-assembly-plugin-3.8.0-160000.1.1.noarch.rpm maven-assembly-plugin-javadoc-3.8.0-160000.1.1.noarch.rpm byte-buddy-1.18.3-160000.1.1.noarch.rpm byte-buddy-agent-1.18.3-160000.1.1.noarch.rpm byte-buddy-javadoc-1.18.3-160000.1.1.noarch.rpm byte-buddy-maven-plugin-1.18.3-160000.1.1.noarch.rpm bouncycastle-1.83-160000.1.1.noarch.rpm bouncycastle-javadoc-1.83-160000.1.1.noarch.rpm bouncycastle-jmail-1.83-160000.1.1.noarch.rpm bouncycastle-mail-1.83-160000.1.1.noarch.rpm bouncycastle-pg-1.83-160000.1.1.noarch.rpm bouncycastle-pkix-1.83-160000.1.1.noarch.rpm bouncycastle-tls-1.83-160000.1.1.noarch.rpm bouncycastle-util-1.83-160000.1.1.noarch.rpm apache-parent-37-160000.1.1.noarch.rpm maven-parent-47-160000.1.1.noarch.rpm maven-resolver-1.9.25-160000.1.1.noarch.rpm maven-resolver-api-1.9.25-160000.1.1.noarch.rpm maven-resolver-connector-basic-1.9.25-160000.1.1.noarch.rpm maven-resolver-impl-1.9.25-160000.1.1.noarch.rpm maven-resolver-javadoc-1.9.25-160000.1.1.noarch.rpm maven-resolver-named-locks-1.9.25-160000.1.1.noarch.rpm maven-resolver-spi-1.9.25-160000.1.1.noarch.rpm maven-resolver-test-util-1.9.25-160000.1.1.noarch.rpm maven-resolver-transport-classpath-1.9.25-160000.1.1.noarch.rpm maven-resolver-transport-file-1.9.25-160000.1.1.noarch.rpm maven-resolver-transport-http-1.9.25-160000.1.1.noarch.rpm maven-resolver-transport-wagon-1.9.25-160000.1.1.noarch.rpm maven-resolver-util-1.9.25-160000.1.1.noarch.rpm maven-resolver-supplier-1.9.25-160000.1.1.noarch.rpm maven-resolver-supplier-javadoc-1.9.25-160000.1.1.noarch.rpm maven-resources-plugin-3.4.0-160000.1.1.noarch.rpm maven-resources-plugin-javadoc-3.4.0-160000.1.1.noarch.rpm maven-resources-plugin-bootstrap-3.4.0-160000.1.1.noarch.rpm objectweb-asm-9.9.1-160000.1.1.noarch.rpm objectweb-asm-javadoc-9.9.1-160000.1.1.noarch.rpm truth-0.24-160000.3.1.noarch.rpm truth-javadoc-0.24-160000.3.1.noarch.rpm xmlunit-assertj-2.11.0-160000.1.1.noarch.rpm xmlunit-core-2.11.0-160000.1.1.noarch.rpm xmlunit-jakarta-jaxb-impl-2.11.0-160000.1.1.noarch.rpm xmlunit-javadoc-2.11.0-160000.1.1.noarch.rpm xmlunit-legacy-2.11.0-160000.1.1.noarch.rpm xmlunit-matchers-2.11.0-160000.1.1.noarch.rpm xmlunit-placeholders-2.11.0-160000.1.1.noarch.rpm xz-java-1.11-160000.1.1.noarch.rpm xz-java-javadoc-1.11-160000.1.1.noarch.rpm xmvn-4.3.0-160000.3.2.aarch64.rpm xmvn-minimal-4.3.0-160000.3.2.aarch64.rpm xmvn-connector-4.3.0-160000.3.1.noarch.rpm xmvn-connector-javadoc-4.3.0-160000.3.1.noarch.rpm xmvn-mojo-4.3.0-160000.3.1.noarch.rpm xmvn-mojo-javadoc-4.3.0-160000.3.1.noarch.rpm xmvn-parent-4.3.0-160000.3.1.noarch.rpm xmvn-api-4.3.0-160000.3.1.noarch.rpm xmvn-core-4.3.0-160000.3.1.noarch.rpm xmvn-install-4.3.0-160000.3.1.noarch.rpm xmvn-resolve-4.3.0-160000.3.1.noarch.rpm xmvn-subst-4.3.0-160000.3.1.noarch.rpm xmvn-tools-javadoc-4.3.0-160000.3.1.noarch.rpm maven-3.9.12-160000.1.1.ppc64le.rpm maven-lib-3.9.12-160000.1.1.ppc64le.rpm xmvn-4.3.0-160000.3.2.ppc64le.rpm xmvn-minimal-4.3.0-160000.3.2.ppc64le.rpm maven-3.9.12-160000.1.1.s390x.rpm maven-lib-3.9.12-160000.1.1.s390x.rpm xmvn-4.3.0-160000.3.2.s390x.rpm xmvn-minimal-4.3.0-160000.3.2.s390x.rpm maven-3.9.12-160000.1.1.x86_64.rpm maven-lib-3.9.12-160000.1.1.x86_64.rpm xmvn-4.3.0-160000.3.2.x86_64.rpm xmvn-minimal-4.3.0-160000.3.2.x86_64.rpm openSUSE-Leap-16.0-333 Security update for cpp-httplib important SUSE SLFO 1.2 This update for cpp-httplib fixes the following issues: - CVE-2025-53629: header can allocate memory arbitrarily in the server, potentially leading to its exhaustion (bsc#1246471). - CVE-2025-53628: HTTP header smuggling due to insecure trailers merge (bsc#1246468). cpp-httplib-devel-0.22.0-160000.4.1.aarch64.rpm libcpp-httplib0_22-0.22.0-160000.4.1.aarch64.rpm cpp-httplib-devel-0.22.0-160000.4.1.ppc64le.rpm libcpp-httplib0_22-0.22.0-160000.4.1.ppc64le.rpm cpp-httplib-devel-0.22.0-160000.4.1.s390x.rpm libcpp-httplib0_22-0.22.0-160000.4.1.s390x.rpm cpp-httplib-devel-0.22.0-160000.4.1.x86_64.rpm libcpp-httplib0_22-0.22.0-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-334 Recommended update for smc-tools important SUSE SLFO 1.2 This update for smc-tools fixes the following issues: - Upgrade smc-tools to v1.8.7 (jsc#PED-14601, bsc#1230052): * Bug fixes: + smc_rnics: fix regression when PFT not available + smcd/smcr: prevent DoS on statistics workfile present in /tmp/ - Upgrade smc-tools to v1.8.6 (jsc#PED-14601): * Bug fixes: + man pages: Update man page for smc_pnet + smc-tools: Display sndbuf/RMB stats only if supported by the kernel - Upgrade smc-tools to v1.8.5: * Changes: + smc_rnics: Add support for Network Express RNIC in smc_rnics + smc_rnics: Add PFT and VF columns to smc_rnics output * Bug fixes: + libnetlink..: Fix function declaration to use a void prototype + smc_rnics: Update smc_chk to extract PNetID from column 9 + man pages: Update man page for --rawids option and PFT and VF columns + smc_rnics: Fix missing PPrt values in smc_rnics -r output - fix build with gcc15 - Makefile: Make sure to show the right release number smc-tools-1.8.7-160000.1.1.aarch64.rpm smc-tools-completion-1.8.7-160000.1.1.aarch64.rpm smc-tools-1.8.7-160000.1.1.ppc64le.rpm smc-tools-completion-1.8.7-160000.1.1.ppc64le.rpm smc-tools-1.8.7-160000.1.1.s390x.rpm smc-tools-completion-1.8.7-160000.1.1.s390x.rpm smc-tools-1.8.7-160000.1.1.x86_64.rpm smc-tools-completion-1.8.7-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-335 Security update for rhino moderate SUSE SLFO 1.2 This update for rhino fixes the following issues: Update to 1.7.15.1: - CVE-2025-66453: Fixed a problem with formatting of floating-point numbers to strings that may result in DoS (bsc#1254481). rhino-1.7.15.1-160000.1.1.noarch.rpm rhino-demo-1.7.15.1-160000.1.1.noarch.rpm rhino-engine-1.7.15.1-160000.1.1.noarch.rpm rhino-javadoc-1.7.15.1-160000.1.1.noarch.rpm rhino-runtime-1.7.15.1-160000.1.1.noarch.rpm openSUSE-Leap-16.0-336 Security update for assertj-core moderate SUSE SLFO 1.2 This update for assertj-core fixes the following issues: Upgrade to version 3.27.7: - CVE-2026-24400: Fix XXE vulnerability in isXmlEqualTo assertion (bsc#1257293). assertj-core-3.27.7-160000.1.1.noarch.rpm assertj-core-javadoc-3.27.7-160000.1.1.noarch.rpm openSUSE-Leap-16.0-337 Recommended update for libpinyin moderate SUSE SLFO 1.2 This update for libpinyin fixes the following issues: - Update version to 2.10.3: * Fix bugs libpinyin-data-2.10.3-160000.1.1.aarch64.rpm libpinyin-devel-2.10.3-160000.1.1.aarch64.rpm libpinyin-tools-2.10.3-160000.1.1.aarch64.rpm libpinyin15-2.10.3-160000.1.1.aarch64.rpm libzhuyin15-2.10.3-160000.1.1.aarch64.rpm libpinyin-data-2.10.3-160000.1.1.ppc64le.rpm libpinyin-devel-2.10.3-160000.1.1.ppc64le.rpm libpinyin-tools-2.10.3-160000.1.1.ppc64le.rpm libpinyin15-2.10.3-160000.1.1.ppc64le.rpm libzhuyin15-2.10.3-160000.1.1.ppc64le.rpm libpinyin-data-2.10.3-160000.1.1.s390x.rpm libpinyin-devel-2.10.3-160000.1.1.s390x.rpm libpinyin-tools-2.10.3-160000.1.1.s390x.rpm libpinyin15-2.10.3-160000.1.1.s390x.rpm libzhuyin15-2.10.3-160000.1.1.s390x.rpm libpinyin-data-2.10.3-160000.1.1.x86_64.rpm libpinyin-devel-2.10.3-160000.1.1.x86_64.rpm libpinyin-tools-2.10.3-160000.1.1.x86_64.rpm libpinyin15-2.10.3-160000.1.1.x86_64.rpm libzhuyin15-2.10.3-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-338 Recommended update for grub2 important SUSE SLFO 1.2 This update for grub2 fixes the following issues: - Support dm multipath bootlist on PowerPC (bsc#1254415) - Backport upstream's commit to prevent BIOS assert (bsc#1258022) - Fix error "grub-core/script/lexer.c:352:out of memory" after PowerPC CAS Reboot (bsc#1254299) * Fix PowerPC CAS reboot to evaluate menu context grub2-2.12-160000.5.1.aarch64.rpm grub2-arm64-efi-2.12-160000.5.1.noarch.rpm grub2-arm64-efi-bls-2.12-160000.5.1.noarch.rpm grub2-arm64-efi-debug-2.12-160000.5.1.noarch.rpm grub2-arm64-efi-extras-2.12-160000.5.1.noarch.rpm grub2-branding-upstream-2.12-160000.5.1.noarch.rpm grub2-common-2.12-160000.5.1.aarch64.rpm grub2-snapper-plugin-2.12-160000.5.1.noarch.rpm grub2-systemd-sleep-plugin-2.12-160000.5.1.noarch.rpm grub2-2.12-160000.5.1.ppc64le.rpm grub2-common-2.12-160000.5.1.ppc64le.rpm grub2-powerpc-ieee1275-2.12-160000.5.1.noarch.rpm grub2-powerpc-ieee1275-debug-2.12-160000.5.1.noarch.rpm grub2-powerpc-ieee1275-extras-2.12-160000.5.1.noarch.rpm grub2-2.12-160000.5.1.s390x.rpm grub2-common-2.12-160000.5.1.s390x.rpm grub2-s390x-emu-2.12-160000.5.1.s390x.rpm grub2-s390x-emu-debug-2.12-160000.5.1.s390x.rpm grub2-s390x-emu-extras-2.12-160000.5.1.noarch.rpm grub2-2.12-160000.5.1.x86_64.rpm grub2-common-2.12-160000.5.1.x86_64.rpm grub2-i386-pc-2.12-160000.5.1.noarch.rpm grub2-i386-pc-debug-2.12-160000.5.1.noarch.rpm grub2-i386-pc-extras-2.12-160000.5.1.noarch.rpm grub2-x86_64-efi-2.12-160000.5.1.noarch.rpm grub2-x86_64-efi-bls-2.12-160000.5.1.noarch.rpm grub2-x86_64-efi-debug-2.12-160000.5.1.noarch.rpm grub2-x86_64-efi-extras-2.12-160000.5.1.noarch.rpm grub2-x86_64-xen-2.12-160000.5.1.noarch.rpm grub2-x86_64-xen-debug-2.12-160000.5.1.noarch.rpm grub2-x86_64-xen-extras-2.12-160000.5.1.noarch.rpm openSUSE-Leap-16.0-339 Security update for go1.25-openssl important SUSE SLFO 1.2 This update for go1.25-openssl fixes the following issues: - Update to version 1.25.7 (jsc#SLE-18320) - CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level (bsc#1256821) - CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc#1256820) - CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution (bsc#1256819) - CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm (bsc#1256817) - CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives (bsc#1256816) - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818) - CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host certificate validation (bsc#1254431) - CVE-2025-61727: crypto/x509: excluded subdomain constraint doesn't preclude wildcard SA (bsc#1254430) - CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information (bsc#1251255) - CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress (bsc#1251253) - CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys (bsc#1251260) - CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion (bsc#1251258) - CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion (bsc#1251259) - CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs (bsc#1251256) - CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map (bsc#1251261) - CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames (bsc#1251257) - CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints (bsc#1251254) - CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse (bsc#1251262) go1.25-openssl-1.25.7-160000.1.1.aarch64.rpm go1.25-openssl-doc-1.25.7-160000.1.1.aarch64.rpm go1.25-openssl-race-1.25.7-160000.1.1.aarch64.rpm go1.25-openssl-1.25.7-160000.1.1.ppc64le.rpm go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le.rpm go1.25-openssl-race-1.25.7-160000.1.1.ppc64le.rpm go1.25-openssl-1.25.7-160000.1.1.s390x.rpm go1.25-openssl-doc-1.25.7-160000.1.1.s390x.rpm go1.25-openssl-race-1.25.7-160000.1.1.s390x.rpm go1.25-openssl-1.25.7-160000.1.1.x86_64.rpm go1.25-openssl-doc-1.25.7-160000.1.1.x86_64.rpm go1.25-openssl-race-1.25.7-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-34 Recommended update for smartmontools moderate SUSE SLFO 1.2 This update for smartmontools fixes the following issues: - update-smart-drivedb: * Provide support for the new upstream GitHub repository. * Do not overwrite files in /usr/share. * Use /var/lib provided by --with-drivedbinstdir. - Add smartmontools-drivedb.h version 5894 from the branch 7.5. - Update to 7.5 (jsc#PED-13806). smartmontools-7.5-160000.3.1.aarch64.rpm smartmontools-7.5-160000.3.1.ppc64le.rpm smartmontools-7.5-160000.3.1.s390x.rpm smartmontools-7.5-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-340 Recommended update for ibus, ibus-libpinyin moderate SUSE SLFO 1.2 This update for ibus, ibus-libpinyin fixes the following issues: Changes in ibus,ibus-libpinyin: - Update the package .spec file to get rid of update-desktop-files: * It often duplicates upstream translation effort, wasting a human work, both community translators and contracted ones. * Most of these translations are ~20 years old, and they were never reviewed, so it is possible that they are worse than the upstream ones. Also Desktop Categories specification was updated, and the upstream specification now covers all aspects of former X-SuSE-* Categories extensions. * As a result, the SUSE desktop menu experience differs from other vendors. Applications have a different name, different translations, different placement in the structured menu etc. * Upstream translations have a wider impact. * Package maintainers have only a limited control over the contents visible to users. It is imported during the runtime, and the visible contents could be different from the contents in the package. * update-desktop-files is a complicated tool. It attempts to fix deprecated and obsolete stuff in the desktop files without even informing the developer that something was wrong and something was modified. * It uses a very complicated toolchain that requires access to SUSE intranet and access to OpenQA VPN. The complete toolchain setup was never published, so it has even problems with Open Source ideas. * It mixes SUSE-unique translations with translations that just duplicate the upstream translation effort. As a result it significantly increases number of strings to translate and decreases the quality of the translation (jsc#PED-14507). Changes in ibus: - use return insted of exit in 20-ibus-plasma-setup.sh * such script is sourced not executed, when using exit other scripts in the same directory are not sourced anymore * fix: scripts it $XDG_CONFIG_DIRS/plasma-workspace/env stop working after ibus update (bsc#1255237) Changes in ibus-libpinyin: - fix: Random crashes in ibus-engine-libpinyin (bsc#1257531) - Update version to 1.16.5: * Fix bugs - Make libpinyin setup program could response build config to disable Lua script and user data input (bsc#1246569). ibus-1.5.33-160000.2.1.aarch64.rpm ibus-devel-1.5.33-160000.2.1.aarch64.rpm ibus-dict-emoji-1.5.33-160000.2.1.noarch.rpm ibus-gtk-1.5.33-160000.2.1.aarch64.rpm ibus-gtk3-1.5.33-160000.2.1.aarch64.rpm ibus-lang-1.5.33-160000.2.1.noarch.rpm libibus-1_0-5-1.5.33-160000.2.1.aarch64.rpm typelib-1_0-IBus-1_0-1.5.33-160000.2.1.aarch64.rpm ibus-gtk4-1.5.33-160000.2.1.aarch64.rpm ibus-libpinyin-1.16.5-160000.1.1.aarch64.rpm ibus-1.5.33-160000.2.1.ppc64le.rpm ibus-devel-1.5.33-160000.2.1.ppc64le.rpm ibus-gtk-1.5.33-160000.2.1.ppc64le.rpm ibus-gtk3-1.5.33-160000.2.1.ppc64le.rpm libibus-1_0-5-1.5.33-160000.2.1.ppc64le.rpm typelib-1_0-IBus-1_0-1.5.33-160000.2.1.ppc64le.rpm ibus-gtk4-1.5.33-160000.2.1.ppc64le.rpm ibus-libpinyin-1.16.5-160000.1.1.ppc64le.rpm ibus-1.5.33-160000.2.1.s390x.rpm ibus-devel-1.5.33-160000.2.1.s390x.rpm ibus-gtk-1.5.33-160000.2.1.s390x.rpm ibus-gtk3-1.5.33-160000.2.1.s390x.rpm libibus-1_0-5-1.5.33-160000.2.1.s390x.rpm typelib-1_0-IBus-1_0-1.5.33-160000.2.1.s390x.rpm ibus-gtk4-1.5.33-160000.2.1.s390x.rpm ibus-libpinyin-1.16.5-160000.1.1.s390x.rpm ibus-1.5.33-160000.2.1.x86_64.rpm ibus-devel-1.5.33-160000.2.1.x86_64.rpm ibus-gtk-1.5.33-160000.2.1.x86_64.rpm ibus-gtk3-1.5.33-160000.2.1.x86_64.rpm libibus-1_0-5-1.5.33-160000.2.1.x86_64.rpm typelib-1_0-IBus-1_0-1.5.33-160000.2.1.x86_64.rpm ibus-gtk4-1.5.33-160000.2.1.x86_64.rpm ibus-libpinyin-1.16.5-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-341 Recommended update for NetworkManager moderate SUSE SLFO 1.2 This update for NetworkManager fixes the following issues: - Move dispatcher.d/pre-up.d/90-nm-cloud-setup.sh to cloud-setup subpackage (bsc#1250086). NetworkManager-1.52.0-160000.3.1.aarch64.rpm NetworkManager-bluetooth-1.52.0-160000.3.1.aarch64.rpm NetworkManager-branding-upstream-1.52.0-160000.3.1.noarch.rpm NetworkManager-cloud-setup-1.52.0-160000.3.1.aarch64.rpm NetworkManager-config-server-1.52.0-160000.3.1.noarch.rpm NetworkManager-devel-1.52.0-160000.3.1.aarch64.rpm NetworkManager-lang-1.52.0-160000.3.1.noarch.rpm NetworkManager-ovs-1.52.0-160000.3.1.aarch64.rpm NetworkManager-pppoe-1.52.0-160000.3.1.aarch64.rpm NetworkManager-tui-1.52.0-160000.3.1.aarch64.rpm NetworkManager-wwan-1.52.0-160000.3.1.aarch64.rpm libnm0-1.52.0-160000.3.1.aarch64.rpm typelib-1_0-NM-1_0-1.52.0-160000.3.1.aarch64.rpm NetworkManager-1.52.0-160000.3.1.ppc64le.rpm NetworkManager-bluetooth-1.52.0-160000.3.1.ppc64le.rpm NetworkManager-cloud-setup-1.52.0-160000.3.1.ppc64le.rpm NetworkManager-devel-1.52.0-160000.3.1.ppc64le.rpm NetworkManager-ovs-1.52.0-160000.3.1.ppc64le.rpm NetworkManager-pppoe-1.52.0-160000.3.1.ppc64le.rpm NetworkManager-tui-1.52.0-160000.3.1.ppc64le.rpm NetworkManager-wwan-1.52.0-160000.3.1.ppc64le.rpm libnm0-1.52.0-160000.3.1.ppc64le.rpm typelib-1_0-NM-1_0-1.52.0-160000.3.1.ppc64le.rpm NetworkManager-1.52.0-160000.3.1.s390x.rpm NetworkManager-bluetooth-1.52.0-160000.3.1.s390x.rpm NetworkManager-cloud-setup-1.52.0-160000.3.1.s390x.rpm NetworkManager-devel-1.52.0-160000.3.1.s390x.rpm NetworkManager-ovs-1.52.0-160000.3.1.s390x.rpm NetworkManager-pppoe-1.52.0-160000.3.1.s390x.rpm NetworkManager-tui-1.52.0-160000.3.1.s390x.rpm NetworkManager-wwan-1.52.0-160000.3.1.s390x.rpm libnm0-1.52.0-160000.3.1.s390x.rpm typelib-1_0-NM-1_0-1.52.0-160000.3.1.s390x.rpm NetworkManager-1.52.0-160000.3.1.x86_64.rpm NetworkManager-bluetooth-1.52.0-160000.3.1.x86_64.rpm NetworkManager-cloud-setup-1.52.0-160000.3.1.x86_64.rpm NetworkManager-devel-1.52.0-160000.3.1.x86_64.rpm NetworkManager-ovs-1.52.0-160000.3.1.x86_64.rpm NetworkManager-pppoe-1.52.0-160000.3.1.x86_64.rpm NetworkManager-tui-1.52.0-160000.3.1.x86_64.rpm NetworkManager-wwan-1.52.0-160000.3.1.x86_64.rpm libnm0-1.52.0-160000.3.1.x86_64.rpm typelib-1_0-NM-1_0-1.52.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-342 Recommended update for libzpc moderate SUSE SLFO 1.2 This update for libzpc fixes the following issues: Upgrade libzpc to version 1.5.0 (jsc#PED-14603, jsc#PED-14275, jsc#PED-15049, jsc#PED-15621): * [FEATURE] Support live guest relocation libzpc-devel-1.5.0-160000.1.1.s390x.rpm libzpc1-1.5.0-160000.1.1.s390x.rpm openSUSE-Leap-16.0-343 Security update for podman important SUSE SLFO 1.2 This update for podman fixes the following issues: Changes in podman: - Add symlink to catatonit in /usr/libexec/podman (bsc#1248988) - CVE-2025-47914: Fixed golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1253993) - CVE-2025-47913: Fixed golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542): - CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed runc: Container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1252376): - CVE-2025-9566: Fixed that podman kube play command may overwrite host files (bsc#1249154): podman-5.4.2-160000.4.1.aarch64.rpm podman-docker-5.4.2-160000.4.1.noarch.rpm podman-remote-5.4.2-160000.4.1.aarch64.rpm podmansh-5.4.2-160000.4.1.aarch64.rpm podman-5.4.2-160000.4.1.ppc64le.rpm podman-remote-5.4.2-160000.4.1.ppc64le.rpm podmansh-5.4.2-160000.4.1.ppc64le.rpm podman-5.4.2-160000.4.1.s390x.rpm podman-remote-5.4.2-160000.4.1.s390x.rpm podmansh-5.4.2-160000.4.1.s390x.rpm podman-5.4.2-160000.4.1.x86_64.rpm podman-remote-5.4.2-160000.4.1.x86_64.rpm podmansh-5.4.2-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-344 Security update for expat moderate SUSE SLFO 1.2 This update for expat fixes the following issues: - CVE-2026-24515: failure to copy the encoding handler data passed to XML_SetUnknownEncodingHandler may cause a NULL dereference (bsc#1257144). - CVE-2026-25210: lack of buffer size check can lead to an integer overflow (bsc#1257496). expat-2.7.1-160000.4.1.aarch64.rpm libexpat-devel-2.7.1-160000.4.1.aarch64.rpm libexpat1-2.7.1-160000.4.1.aarch64.rpm expat-2.7.1-160000.4.1.ppc64le.rpm libexpat-devel-2.7.1-160000.4.1.ppc64le.rpm libexpat1-2.7.1-160000.4.1.ppc64le.rpm expat-2.7.1-160000.4.1.s390x.rpm libexpat-devel-2.7.1-160000.4.1.s390x.rpm libexpat1-2.7.1-160000.4.1.s390x.rpm expat-2.7.1-160000.4.1.x86_64.rpm libexpat-devel-2.7.1-160000.4.1.x86_64.rpm libexpat1-2.7.1-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-345 Recommended update for python-numpy moderate SUSE SLFO 1.2 This update for python-numpy fixes the following issues: Changes in python-numpy: - Make debuginfo build reproducible (bsc#1245203) python313-numpy-2.2.2-160000.3.1.aarch64.rpm python313-numpy-devel-2.2.2-160000.3.1.aarch64.rpm python313-numpy-2.2.2-160000.3.1.ppc64le.rpm python313-numpy-devel-2.2.2-160000.3.1.ppc64le.rpm python313-numpy-2.2.2-160000.3.1.s390x.rpm python313-numpy-devel-2.2.2-160000.3.1.s390x.rpm python313-numpy-2.2.2-160000.3.1.x86_64.rpm python313-numpy-devel-2.2.2-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-346 Security update for go1.24-openssl critical SUSE SLFO 1.2 This update for go1.24-openssl fixes the following issues: - Update to version 1.24.13 (jsc#SLE-18320) - CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information. (bsc#1251255) - CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress. (bsc#1251253) - CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys. (bsc#1251260) - CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion. (bsc#1251258) - CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion. (bsc#1251259) - CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs. (bsc#1251256) - CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map. (bsc#1251261) - CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames. (bsc#1251257) - CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints. (bsc#1251254) - CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse. (bsc#1251262) - CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host certificate validation. (bsc#1254431) - CVE-2025-61727: crypto/x509: excluded subdomain constraint doesn't preclude wildcard SAN. (bsc#1254430) - CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level. (bsc#1256821) - CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution. (bsc#1256819) - CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm. (bsc#1256817) - CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives. (bsc#1256816) - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain. (bsc#1256818) - CVE-2025-61732: cmd/go: potential code smuggling using doc comments. (bsc#1257692) - CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain. (bsc#1256820) go1.24-openssl-1.24.13-160000.1.1.aarch64.rpm go1.24-openssl-doc-1.24.13-160000.1.1.aarch64.rpm go1.24-openssl-race-1.24.13-160000.1.1.aarch64.rpm go1.24-openssl-1.24.13-160000.1.1.ppc64le.rpm go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le.rpm go1.24-openssl-race-1.24.13-160000.1.1.ppc64le.rpm go1.24-openssl-1.24.13-160000.1.1.s390x.rpm go1.24-openssl-doc-1.24.13-160000.1.1.s390x.rpm go1.24-openssl-race-1.24.13-160000.1.1.s390x.rpm go1.24-openssl-1.24.13-160000.1.1.x86_64.rpm go1.24-openssl-doc-1.24.13-160000.1.1.x86_64.rpm go1.24-openssl-race-1.24.13-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-347 Security update for cockpit-podman important SUSE SLFO 1.2 This update for cockpit-podman fixes the following issues: - CVE-2025-13465: prototype pollution in the _.unset and _.omit functions can lead to deletion of methods from global prototypes (bsc#1257324). cockpit-podman-117-160000.1.1.noarch.rpm openSUSE-Leap-16.0-348 Recommended update for aws-cli-cmd, flake-pilot moderate SUSE SLFO 1.2 This update for aws-cli-cmd, flake-pilot fixes the following issues: Changes in aws-cli-cmd: - Fix install/upgrade/removal: * With the release of flake-pilot 3.1.27 a force option for registration and deregistration has been added. * This allows for a simpler registration processing in the spec file of the -cmd package. * This commit adds registration and deregistration helper scripts and calls them as part of the spec pre/post processing macros. * The macro setup makes sure: 1. The flake gets registered as %post install action 2. The flake gets deregistered as %preun uninstall (no upgrade) action * With regards to the already released package and the existing macro code the following applies: * The %postun code from the old package runs after the %post code of the new package and only in upgrade mode. This would harm the registration which is the reason why we again call register_aws in %posttrans which is the last action of the entire transaction and ensures the registration will be effective. Changes in flake-pilot: - Bump version: from 3.1.26 to 3.1.27: * Add support for --force option for remove: Add support for podman remove --force mode. In this mode the referenced application will be force removed and no sanity checks if this is pointing to a flake registration will be done. * Fix spec file: Allow to build for Fedora, fix packager e-mail - Bump version: from 3.1.25 to 3.1.26: * Allow force registration with arbitrary data When using --force also register even if the eventually conflicting file does not belong to a flake registration * Add --force option for register command Allow to force writing the registration even if a registration of the same name already exists. Also update the man pages. - Bump version: from 3.1.24 to 3.1.25: * Improve command debug log: Make sure the command called is part of the log message and not only the arguments * drop obsolete permission settings: With the proper user vs. system wide setup there is no need for the hacky permission adaptions. * Fixup flake lookup: system wide first, then user specific * Fix podman remove for both workloads: Make sure podman remove functions properly when called in system and/or user mode. Sanity checks must be performed before any file/directory removal starts. * Add flake-ctl podman --user ... option * Update documentation: Add information how to setup for rootless mode * Allow user specific podman storage location * Allow user specific flake config file: By default and if the calling user is root the setup of the flakes directory and other settings are read fromb/etc/flakes.yml. * Fix typo in storage conf * Update README: Fix repo names and update use case list * Fix image prune for local containers - Bump version: from 3.1.23 to 3.1.24: * Clippy fixes: Avoid unneeded unwrap * Use pull policy set to: newer - Bump version: from 3.1.22 to 3.1.23: * Improve error handling * Better error handling for config_from_str() * Use derive statement for Writeback * Add information about potential firewall conflicts aws-cli-cmd-1.36.2-160000.4.1.noarch.rpm flake-pilot-3.1.27-160000.1.1.aarch64.rpm flake-pilot-firecracker-3.1.27-160000.1.1.aarch64.rpm flake-pilot-firecracker-dracut-netstart-3.1.27-160000.1.1.noarch.rpm flake-pilot-firecracker-guestvm-tools-3.1.27-160000.1.1.aarch64.rpm flake-pilot-podman-3.1.27-160000.1.1.aarch64.rpm flake-pilot-3.1.27-160000.1.1.ppc64le.rpm flake-pilot-firecracker-3.1.27-160000.1.1.ppc64le.rpm flake-pilot-firecracker-guestvm-tools-3.1.27-160000.1.1.ppc64le.rpm flake-pilot-podman-3.1.27-160000.1.1.ppc64le.rpm flake-pilot-3.1.27-160000.1.1.s390x.rpm flake-pilot-firecracker-3.1.27-160000.1.1.s390x.rpm flake-pilot-firecracker-guestvm-tools-3.1.27-160000.1.1.s390x.rpm flake-pilot-podman-3.1.27-160000.1.1.s390x.rpm flake-pilot-3.1.27-160000.1.1.x86_64.rpm flake-pilot-firecracker-3.1.27-160000.1.1.x86_64.rpm flake-pilot-firecracker-guestvm-tools-3.1.27-160000.1.1.x86_64.rpm flake-pilot-podman-3.1.27-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-35 Recommended update for openmpi5 moderate SUSE SLFO 1.2 This update for openmpi5 fixes the following issues: - Enable Grid Cluster Scheduler support (jsc#PED-13373) - Update to 5.0.8 - UCC collective operations: * Improved handling of MPI_IN_PLACE in allgather, allgatherv, alltoall, alltoallv, gather, gatherv, scatter, and scatterv operations - UCX OSC: Added support for "no_locks" info key to disable lock table usage - OFI MTL: Enhanced CXI provider support for better compatibility - AARCH64: Added SVE detection alongside NEON in aarch64 op component - Fortran: Fixed common symbol sizes and alignments for better compatibility - Hugepage Mpool: Fixed sizing of hugepages for better memory management - Configure: Fixed --with-prrte=internal option handling - Documentation: Updated shared memory and networking documentation - Build system: Fixed support for flang on OSX - Removed unused spread contrib sample scripts - Various documentation updates and improvements - CI: Removed Ubuntu 18 and RHEL 7 from test matrix - Fixed type mismatch errors in shared memory components - Updated Java configuration for latest Fedora releases - Fixed memory zone reference counting in UCX dynamic windows - Fixed a compilation error as it was merged upstream openmpi5-5.0.8-160000.1.1.aarch64.rpm openmpi5-config-5.0.8-160000.1.1.aarch64.rpm openmpi5-devel-5.0.8-160000.1.1.aarch64.rpm openmpi5-docs-5.0.8-160000.1.1.aarch64.rpm openmpi5-libs-5.0.8-160000.1.1.aarch64.rpm openmpi5-macros-devel-5.0.8-160000.1.1.aarch64.rpm openmpi5-testsuite-5.0.8-160000.1.1.noarch.rpm openmpi5-5.0.8-160000.1.1.ppc64le.rpm openmpi5-config-5.0.8-160000.1.1.ppc64le.rpm openmpi5-devel-5.0.8-160000.1.1.ppc64le.rpm openmpi5-docs-5.0.8-160000.1.1.ppc64le.rpm openmpi5-libs-5.0.8-160000.1.1.ppc64le.rpm openmpi5-macros-devel-5.0.8-160000.1.1.ppc64le.rpm openmpi5-5.0.8-160000.1.1.s390x.rpm openmpi5-config-5.0.8-160000.1.1.s390x.rpm openmpi5-devel-5.0.8-160000.1.1.s390x.rpm openmpi5-docs-5.0.8-160000.1.1.s390x.rpm openmpi5-libs-5.0.8-160000.1.1.s390x.rpm openmpi5-macros-devel-5.0.8-160000.1.1.s390x.rpm openmpi5-5.0.8-160000.1.1.x86_64.rpm openmpi5-config-5.0.8-160000.1.1.x86_64.rpm openmpi5-devel-5.0.8-160000.1.1.x86_64.rpm openmpi5-docs-5.0.8-160000.1.1.x86_64.rpm openmpi5-libs-5.0.8-160000.1.1.x86_64.rpm openmpi5-macros-devel-5.0.8-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-353 Security update for libxml2, libxslt moderate SUSE SLFO 1.2 This update for libxml2, libxslt fixes the following issues: Changes in libxml2: - CVE-2026-0990: call stack overflow may lead to application crash due to infinite recursion in `xmlCatalogXMLResolveURI` (bsc#1256807, bsc#1256811). - CVE-2026-0992: excessive resource consumption when processing XML catalogs due to exponential behavior when handling `nextCatalog` elements (bsc#1256809, bsc#1256812). - CVE-2025-8732: infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247858). - CVE-2026-1757: memory leak in the `xmllint` interactive shell (bsc#1257594, bsc#1257595). - CVE-2025-10911: parsing xsl nodes may lead to use-after-free with key data stored cross-RVT (bsc#1250553) libxml2-2-2.13.8-160000.4.1.aarch64.rpm libxml2-devel-2.13.8-160000.4.1.aarch64.rpm libxml2-doc-2.13.8-160000.4.1.noarch.rpm libxml2-tools-2.13.8-160000.4.1.aarch64.rpm python313-libxml2-2.13.8-160000.4.1.aarch64.rpm libexslt0-1.1.43-160000.4.1.aarch64.rpm libxslt-devel-1.1.43-160000.4.1.aarch64.rpm libxslt-tools-1.1.43-160000.4.1.aarch64.rpm libxslt1-1.1.43-160000.4.1.aarch64.rpm libxml2-2-2.13.8-160000.4.1.ppc64le.rpm libxml2-devel-2.13.8-160000.4.1.ppc64le.rpm libxml2-tools-2.13.8-160000.4.1.ppc64le.rpm python313-libxml2-2.13.8-160000.4.1.ppc64le.rpm libexslt0-1.1.43-160000.4.1.ppc64le.rpm libxslt-devel-1.1.43-160000.4.1.ppc64le.rpm libxslt-tools-1.1.43-160000.4.1.ppc64le.rpm libxslt1-1.1.43-160000.4.1.ppc64le.rpm libxml2-2-2.13.8-160000.4.1.s390x.rpm libxml2-devel-2.13.8-160000.4.1.s390x.rpm libxml2-tools-2.13.8-160000.4.1.s390x.rpm python313-libxml2-2.13.8-160000.4.1.s390x.rpm libexslt0-1.1.43-160000.4.1.s390x.rpm libxslt-devel-1.1.43-160000.4.1.s390x.rpm libxslt-tools-1.1.43-160000.4.1.s390x.rpm libxslt1-1.1.43-160000.4.1.s390x.rpm libxml2-2-2.13.8-160000.4.1.x86_64.rpm libxml2-devel-2.13.8-160000.4.1.x86_64.rpm libxml2-tools-2.13.8-160000.4.1.x86_64.rpm python313-libxml2-2.13.8-160000.4.1.x86_64.rpm libexslt0-1.1.43-160000.4.1.x86_64.rpm libxslt-devel-1.1.43-160000.4.1.x86_64.rpm libxslt-tools-1.1.43-160000.4.1.x86_64.rpm libxslt1-1.1.43-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-354 Recommended update for plymouth moderate SUSE SLFO 1.2 This update for plymouth fixes the following issues: - Remove unused BuildRequires: update-desktop-files. libply-boot-client5-22.02.122+94.4bd41a3-160000.4.1.aarch64.rpm libply-splash-core5-22.02.122+94.4bd41a3-160000.4.1.aarch64.rpm libply-splash-graphics5-22.02.122+94.4bd41a3-160000.4.1.aarch64.rpm libply5-22.02.122+94.4bd41a3-160000.4.1.aarch64.rpm plymouth-22.02.122+94.4bd41a3-160000.4.1.aarch64.rpm plymouth-branding-upstream-22.02.122+94.4bd41a3-160000.4.1.noarch.rpm plymouth-devel-22.02.122+94.4bd41a3-160000.4.1.aarch64.rpm plymouth-dracut-22.02.122+94.4bd41a3-160000.4.1.noarch.rpm plymouth-lang-22.02.122+94.4bd41a3-160000.4.1.noarch.rpm plymouth-plugin-fade-throbber-22.02.122+94.4bd41a3-160000.4.1.aarch64.rpm plymouth-plugin-label-22.02.122+94.4bd41a3-160000.4.1.aarch64.rpm plymouth-plugin-label-ft-22.02.122+94.4bd41a3-160000.4.1.aarch64.rpm plymouth-plugin-script-22.02.122+94.4bd41a3-160000.4.1.aarch64.rpm plymouth-plugin-space-flares-22.02.122+94.4bd41a3-160000.4.1.aarch64.rpm plymouth-plugin-tribar-22.02.122+94.4bd41a3-160000.4.1.aarch64.rpm plymouth-plugin-two-step-22.02.122+94.4bd41a3-160000.4.1.aarch64.rpm plymouth-scripts-22.02.122+94.4bd41a3-160000.4.1.noarch.rpm plymouth-theme-bgrt-22.02.122+94.4bd41a3-160000.4.1.noarch.rpm plymouth-theme-fade-in-22.02.122+94.4bd41a3-160000.4.1.noarch.rpm plymouth-theme-script-22.02.122+94.4bd41a3-160000.4.1.noarch.rpm plymouth-theme-solar-22.02.122+94.4bd41a3-160000.4.1.noarch.rpm plymouth-theme-spinfinity-22.02.122+94.4bd41a3-160000.4.1.noarch.rpm plymouth-theme-spinner-22.02.122+94.4bd41a3-160000.4.1.noarch.rpm plymouth-theme-tribar-22.02.122+94.4bd41a3-160000.4.1.noarch.rpm libply-boot-client5-22.02.122+94.4bd41a3-160000.4.1.ppc64le.rpm libply-splash-core5-22.02.122+94.4bd41a3-160000.4.1.ppc64le.rpm libply-splash-graphics5-22.02.122+94.4bd41a3-160000.4.1.ppc64le.rpm libply5-22.02.122+94.4bd41a3-160000.4.1.ppc64le.rpm plymouth-22.02.122+94.4bd41a3-160000.4.1.ppc64le.rpm plymouth-devel-22.02.122+94.4bd41a3-160000.4.1.ppc64le.rpm plymouth-plugin-fade-throbber-22.02.122+94.4bd41a3-160000.4.1.ppc64le.rpm plymouth-plugin-label-22.02.122+94.4bd41a3-160000.4.1.ppc64le.rpm plymouth-plugin-label-ft-22.02.122+94.4bd41a3-160000.4.1.ppc64le.rpm plymouth-plugin-script-22.02.122+94.4bd41a3-160000.4.1.ppc64le.rpm plymouth-plugin-space-flares-22.02.122+94.4bd41a3-160000.4.1.ppc64le.rpm plymouth-plugin-tribar-22.02.122+94.4bd41a3-160000.4.1.ppc64le.rpm plymouth-plugin-two-step-22.02.122+94.4bd41a3-160000.4.1.ppc64le.rpm libply-boot-client5-22.02.122+94.4bd41a3-160000.4.1.s390x.rpm libply-splash-core5-22.02.122+94.4bd41a3-160000.4.1.s390x.rpm libply-splash-graphics5-22.02.122+94.4bd41a3-160000.4.1.s390x.rpm libply5-22.02.122+94.4bd41a3-160000.4.1.s390x.rpm plymouth-22.02.122+94.4bd41a3-160000.4.1.s390x.rpm plymouth-devel-22.02.122+94.4bd41a3-160000.4.1.s390x.rpm plymouth-plugin-fade-throbber-22.02.122+94.4bd41a3-160000.4.1.s390x.rpm plymouth-plugin-label-22.02.122+94.4bd41a3-160000.4.1.s390x.rpm plymouth-plugin-label-ft-22.02.122+94.4bd41a3-160000.4.1.s390x.rpm plymouth-plugin-script-22.02.122+94.4bd41a3-160000.4.1.s390x.rpm plymouth-plugin-space-flares-22.02.122+94.4bd41a3-160000.4.1.s390x.rpm plymouth-plugin-tribar-22.02.122+94.4bd41a3-160000.4.1.s390x.rpm plymouth-plugin-two-step-22.02.122+94.4bd41a3-160000.4.1.s390x.rpm libply-boot-client5-22.02.122+94.4bd41a3-160000.4.1.x86_64.rpm libply-splash-core5-22.02.122+94.4bd41a3-160000.4.1.x86_64.rpm libply-splash-graphics5-22.02.122+94.4bd41a3-160000.4.1.x86_64.rpm libply5-22.02.122+94.4bd41a3-160000.4.1.x86_64.rpm plymouth-22.02.122+94.4bd41a3-160000.4.1.x86_64.rpm plymouth-devel-22.02.122+94.4bd41a3-160000.4.1.x86_64.rpm plymouth-plugin-fade-throbber-22.02.122+94.4bd41a3-160000.4.1.x86_64.rpm plymouth-plugin-label-22.02.122+94.4bd41a3-160000.4.1.x86_64.rpm plymouth-plugin-label-ft-22.02.122+94.4bd41a3-160000.4.1.x86_64.rpm plymouth-plugin-script-22.02.122+94.4bd41a3-160000.4.1.x86_64.rpm plymouth-plugin-space-flares-22.02.122+94.4bd41a3-160000.4.1.x86_64.rpm plymouth-plugin-tribar-22.02.122+94.4bd41a3-160000.4.1.x86_64.rpm plymouth-plugin-two-step-22.02.122+94.4bd41a3-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-356 Recommended update for google-cloud-sap-agent moderate SUSE SLFO 1.2 This update for google-cloud-sap-agent fixes the following issues: - Update to version 3.11 (bsc#1257821): * Fix logging calls in hanadiskbackup and hanadiskrestore. * Add instance name label to HANA disk backups. * Update workloadagentplatform submodule hash. * Refactor HANA disk restore to use new-disk-suffix. * Update workloadagentplatform dependency to a newer commit. * Refactor snapshot name generation and validation. * Implement Snapshot Group label setting and SG deletion. * Restart tuned service before verification in configure instance * Remove legacy iam shared package * Improve HANA stop error handling in hanabackup. * Add INFO level log message for WLM ConfigureInstance check. * Add tuned-adm verify to X4 configuration. * sched_min/wakeup_granularity_ns in tuned is under [scheduler] not [sysctl] * Change tuned service check and improve error logging in configurex4. * Bump SAP Agent version to 3.11 * Auto updated compiled protocol buffers * Add status_features to agent configuration proto. * Ensure all properties from the source DB component are copied to the replication site component * Update grub command for RHEL 9+ X4 configure instance * Add additional parameters to improve the performance in RHEL OS * Exclude Backint status when parameters path is not set. * Use local context in loggers for discovery data upload loop. * Add a retry loop to SAP System WriteInsight when the response is a permission error. * Add a custom timeout to HANA queries in hanadiskbackup. * Add check for /usr/sap executable permissions in status command. * Flush logger for Cloud Logging client. * Fix structured logging and empty slice declarations in multidisk.go. * Log errors encountered during LogCollectionHandler startup. - Update to version 3.10: * Update transparent huge page setting for X4 instances on newer OS versions. * Cap the number of threads in performance diagnostics tests. * Remove check SAP instances before starting process metrics goroutine. * Modify Netweaver role metric collection. ASCS is reported true if either process is present, and the metric is always reported regardless if any roles are detected * Fix `regenerateLine` to handle similar key prefixes and guard HyperThreading changes with `Apply`. * [AIOps] Add metric labels key to incident data structs * Add `workqueue.watchdog_thresh=120` to X4 GRUB config. * [status OTE]Dynamically determine Artifact Registry repository location for status checks. * Add temporary el10 version of service file * Write agent logs to Guest Agent errorlogfile. * Add function to save agent configuration from VM extension manager. * Remove benign invalid message logs - this is misleading and clogs up the logs as well * Add Recent Only flag for supportbundle - this collects the 3 recent logs for each log type. * Disable cloud monitoring metric collection for AIOps * Initialize the new filtering feature for Status in daemon mode * Auto updated compiled protocol buffers * Add option to configure SAP details from the pubsub config * Add public IP masking for supportbundle * Skip permission checks for non-existent files in status command. * Add a `-feature` flag to the `status` command. * Add event name support for pubsub actions * Use InstanceName in InstanceUri for status command. * Correct app_server_zonal_separation computation. * Add metrics for validating the settings for the SAP HANA chksrv hook. * Auto updated compiled protocol buffers * Add support in WLM Validation proto to collect a new category of HANA metric. * Auto updated compiled protocol buffers * Add collection of hostname to SAP HANA instance info during discovery of SAP applications. * Remove message validation for log collection for pubsub actions * Make hostname, sid and instance-numbers as optional params * Fix an issue where HAHosts may not get merged properly when mulriple SAP Instances are running on a single host. * Include WLM Observability onboarding scripts. * fix(processmetrics): Fixes for SkippedMetrics * Create event annotation if Backint fails to start - Update to version 3.9 (bsc#1248452, bsc#1249003): * Use correct version comparison to support double digit minor versions * Reduce Process Metrics collection frequency. * Update event topic message structure * Fix network stats skipped metrics * fixing a typo * PubSub Log Collection Unit Tests * Reduce info log volume with default agent config * fix typo in action workflow * Use a github token when adding the workloadagentplatform submodule to avoid rate limits * Add executable permission check for /usr/sap in Status OTE * Delete aianalyzer from SAP Agent - we have moved to a new agent in platform * Update CheckTopology to call sapcontrol as sidadm user correctly * bump oauth2 version to v0.27.0 * Auto updated compiled protocol buffers * Log collection streaming to pub/sub * Version fix and improved LVMRename error handling * Add todo for archive snapshot in hanadiskbackup and hanadiskrestore. * Use snapshot group workflow for version 3.9+ * Add Rename LVM step to restore with Snapshot Group Workflow * Agent for SAP: Add functionality to wait for snapshot group creation till it's status is not 'CREATING' * Modify hanadiskbackup for sidadm user * Implement bulk insert for snapshot group in multidisk restore. * Populate instance uri in agent status * Add `ListDisksFromSnapshot` function to snapshot group utils. * Use Snapshot Group for snapshot validation. * Added method to list snapshots from snapshot group. * Adding snapshot group flag to hanadiskrestore OTE. * Fixes the link to the cloud console for upgrading the storage bucket * Implement function to create disks from snapshot group via bulk insert API. * SAP Agent - HANA Disk Snapshot - Add SG Workflow * Implement WaitForSGUploadCompletionWithRetry function to wait for Snapshot group upload completion. * Implement `ListSGs` function in `snapshotgroup` utils. * Implement get snapshot groups functionality. * Implement CreateSG method. * Add Snapshot group utility library * Auto updated compiled protocol buffers * Remove lastHostChangeTimestamp field from host metrics google-cloud-sap-agent-3.11-160000.1.1.aarch64.rpm google-cloud-sap-agent-3.11-160000.1.1.ppc64le.rpm google-cloud-sap-agent-3.11-160000.1.1.s390x.rpm google-cloud-sap-agent-3.11-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-357 Recommended update for postgresql14 moderate SUSE SLFO 1.2 This update for postgresql14 fixes the following issues: - Update to 14.22 to fix two regressions in 14.21 (bsc#1258754): * The substring() function raises an error "invalid byte sequence for encoding" on non-ASCII text values if the source of that value is a database column. * A standby may halt and return an error "could not access status of transaction". postgresql14-14.22-160000.1.1.aarch64.rpm postgresql14-contrib-14.22-160000.1.1.aarch64.rpm postgresql14-devel-14.22-160000.1.1.aarch64.rpm postgresql14-docs-14.22-160000.1.1.noarch.rpm postgresql14-llvmjit-14.22-160000.1.1.aarch64.rpm postgresql14-llvmjit-devel-14.22-160000.1.1.aarch64.rpm postgresql14-plperl-14.22-160000.1.1.aarch64.rpm postgresql14-plpython-14.22-160000.1.1.aarch64.rpm postgresql14-pltcl-14.22-160000.1.1.aarch64.rpm postgresql14-server-14.22-160000.1.1.aarch64.rpm postgresql14-server-devel-14.22-160000.1.1.aarch64.rpm postgresql14-test-14.22-160000.1.1.aarch64.rpm postgresql14-14.22-160000.1.1.ppc64le.rpm postgresql14-contrib-14.22-160000.1.1.ppc64le.rpm postgresql14-devel-14.22-160000.1.1.ppc64le.rpm postgresql14-llvmjit-14.22-160000.1.1.ppc64le.rpm postgresql14-llvmjit-devel-14.22-160000.1.1.ppc64le.rpm postgresql14-plperl-14.22-160000.1.1.ppc64le.rpm postgresql14-plpython-14.22-160000.1.1.ppc64le.rpm postgresql14-pltcl-14.22-160000.1.1.ppc64le.rpm postgresql14-server-14.22-160000.1.1.ppc64le.rpm postgresql14-server-devel-14.22-160000.1.1.ppc64le.rpm postgresql14-test-14.22-160000.1.1.ppc64le.rpm postgresql14-14.22-160000.1.1.s390x.rpm postgresql14-contrib-14.22-160000.1.1.s390x.rpm postgresql14-devel-14.22-160000.1.1.s390x.rpm postgresql14-llvmjit-14.22-160000.1.1.s390x.rpm postgresql14-llvmjit-devel-14.22-160000.1.1.s390x.rpm postgresql14-plperl-14.22-160000.1.1.s390x.rpm postgresql14-plpython-14.22-160000.1.1.s390x.rpm postgresql14-pltcl-14.22-160000.1.1.s390x.rpm postgresql14-server-14.22-160000.1.1.s390x.rpm postgresql14-server-devel-14.22-160000.1.1.s390x.rpm postgresql14-test-14.22-160000.1.1.s390x.rpm postgresql14-14.22-160000.1.1.x86_64.rpm postgresql14-contrib-14.22-160000.1.1.x86_64.rpm postgresql14-devel-14.22-160000.1.1.x86_64.rpm postgresql14-llvmjit-14.22-160000.1.1.x86_64.rpm postgresql14-llvmjit-devel-14.22-160000.1.1.x86_64.rpm postgresql14-plperl-14.22-160000.1.1.x86_64.rpm postgresql14-plpython-14.22-160000.1.1.x86_64.rpm postgresql14-pltcl-14.22-160000.1.1.x86_64.rpm postgresql14-server-14.22-160000.1.1.x86_64.rpm postgresql14-server-devel-14.22-160000.1.1.x86_64.rpm postgresql14-test-14.22-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-358 Recommended update for shim moderate SUSE SLFO 1.2 This update for shim fixes the following issues: This update for shim fixes the following issues: shim is updated to version 16.1: - shim_start_image(): fix guid/handle pairing when uninstalling protocols - Fix uncompressed ipv6 netboot - fix test segfaults caused by uninitialized memory - SbatLevel_Variable.txt: minor typo fix. - Realloc() needs to allocate one more byte for sprintf() - IPv6: Add more check to avoid multiple double colon and illegal char - Loader proto v2 - loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages - Generate Authenticode for the entire PE file - README: mention new loader protocol and interaction with UKIs - shim: change automatically enable MOK_POLICY_REQUIRE_NX - Save var info - add SbatLevel entry 2025051000 for PSA-2025-00012-1 - Coverity fixes 20250804 - fix http boot - Fix double free and leak in the loader protocol shim is updated to version 16.0: - Validate that a supplied vendor cert is not in PEM format - sbat: Add grub.peimage,2 to latest (CVE-2024-2312) - sbat: Also bump latest for grub,4 (and to todays date) - undo change that limits certificate files to a single file - shim: don't set second_stage to the empty string - Fix SBAT.md for today's consensus about numbers - Update Code of Conduct contact address - make-certs: Handle missing OpenSSL installation - Update MokVars.txt - export DEFINES for sub makefile - Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition - Null-terminate 'arguments' in fallback - Fix "Verifiying" typo in error message - Update Fedora CI targets - Force gcc to produce DWARF4 so that gdb can use it - Minor housekeeping 2024121700 - Discard load-options that start with WINDOWS - Fix the issue that the gBS->LoadImage pointer was empty. - shim: Allow data after the end of device path node in load options - Handle network file not found like disks - Update gnu-efi submodule for EFI_HTTP_ERROR - Increase EFI file alignment - avoid EFIv2 runtime services on Apple x86 machines - Improve shortcut performance when comparing two boolean expressions - Provide better error message when MokManager is not found - tpm: Boot with a warning if the event log is full - MokManager: remove redundant logical constraints - Test import_mok_state() when MokListRT would be bigger than available size - test-mok-mirror: minor bug fix - Fix file system browser hang when enrolling MOK from disk - Ignore a minor clang-tidy nit - Allow fallback to default loader when encountering errors on network boot - test.mk: don't use a temporary random.bin - pe: Enhance debug report for update_mem_attrs - Multiple certificate handling improvements - Generate SbatLevel Metadata from SbatLevel_Variable.txt - Apply EKU check with compile option - Add configuration option to boot an alternative 2nd stage - Loader protocol (with Device Path resolution support) - netboot cleanup for additional files - Document how revocations can be delivered - post-process-pe: add tests to validate NX compliance - regression: CopyMem() in ad8692e copies out of bounds - Save the debug and error logs in mok-variables - Add features for the Host Security ID program - Mirror some more efi variables to mok-variables - This adds DXE Services measurements to HSI and uses them for NX - Add shim's current NX_COMPAT status to HSIStatus - README.tpm: reflect that vendor_db is in fact logged as "vendor_db" - Reject HTTP message with duplicate Content-Length header fields - Disable log saving - fallback: don't add new boot order entries backwards - README.tpm: Update MokList entry to MokListRT - SBAT Level update for February 2025 GRUB CVEs shim-16.1-160000.1.1.aarch64.rpm shim-16.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-359 Security update for virtiofsd important SUSE SLFO 1.2 This update for virtiofsd fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257912). virtiofsd-1.12.0-160000.3.1.aarch64.rpm virtiofsd-1.12.0-160000.3.1.ppc64le.rpm virtiofsd-1.12.0-160000.3.1.s390x.rpm virtiofsd-1.12.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-36 Recommended update for openmpi4 moderate SUSE SLFO 1.2 This update for openmpi4 fixes the following issues: - Enable Grid Cluster Scheduler support (jsc#PED-13373) openmpi4-4.1.8-160000.3.1.aarch64.rpm openmpi4-config-4.1.8-160000.3.1.aarch64.rpm openmpi4-devel-4.1.8-160000.3.1.aarch64.rpm openmpi4-docs-4.1.8-160000.3.1.aarch64.rpm openmpi4-libs-4.1.8-160000.3.1.aarch64.rpm openmpi4-macros-devel-4.1.8-160000.3.1.aarch64.rpm openmpi4-testsuite-4.1.8-160000.3.1.noarch.rpm openmpi4-4.1.8-160000.3.1.ppc64le.rpm openmpi4-config-4.1.8-160000.3.1.ppc64le.rpm openmpi4-devel-4.1.8-160000.3.1.ppc64le.rpm openmpi4-docs-4.1.8-160000.3.1.ppc64le.rpm openmpi4-libs-4.1.8-160000.3.1.ppc64le.rpm openmpi4-macros-devel-4.1.8-160000.3.1.ppc64le.rpm openmpi4-4.1.8-160000.3.1.s390x.rpm openmpi4-config-4.1.8-160000.3.1.s390x.rpm openmpi4-devel-4.1.8-160000.3.1.s390x.rpm openmpi4-docs-4.1.8-160000.3.1.s390x.rpm openmpi4-libs-4.1.8-160000.3.1.s390x.rpm openmpi4-macros-devel-4.1.8-160000.3.1.s390x.rpm openmpi4-4.1.8-160000.3.1.x86_64.rpm openmpi4-config-4.1.8-160000.3.1.x86_64.rpm openmpi4-devel-4.1.8-160000.3.1.x86_64.rpm openmpi4-docs-4.1.8-160000.3.1.x86_64.rpm openmpi4-libs-4.1.8-160000.3.1.x86_64.rpm openmpi4-macros-devel-4.1.8-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-360 Security update for helm moderate SUSE SLFO 1.2 This update for helm fixes the following issues: - Update to version 3.19.1: * CVE-2025-47911: golang.org/x/net/html: Fixed various algorithms with quadratic complexity when parsing HTML documents (bsc#1251442) * CVE-2025-58190: golang.org/x/net/html: Fixed xcessive memory consumption by `html.ParseFragment` when processing specially crafted input (bsc#1251649) * jsonschema: warn and ignore unresolved URN $ref to match v3.18.4 * Avoid "panic: interface conversion: interface {} is nil" * Fix `helm pull` untar dir check with repo urls * Fix deprecation warning * Add timeout flag to repo add and update flags - Update to version 3.19.0: * bump version to v3.19.0 * fix: use username and password if provided * fix(helm-lint): fmt * fix(helm-lint): Add TLSClientConfig * fix(helm-lint): Add HTTP/HTTPS URL support for json schema references * chore(deps): bump the k8s-io group with 7 updates * fix: go mod tidy for v3 * fix Chart.yaml handling * Handle messy index files * json schema fix * fix: k8s version parsing to match original * Do not explicitly set SNI in HTTPGetter * Disabling linter due to unknown issue * Updating link handling * fix: user username password for login * Update pkg/registry/transport.go * fix: add debug logging to oci transport * fix: legacy docker support broken for login * fix: plugin installer test with no Internet * Handle an empty registry config file. * Prevent fetching newReference again as we have in calling method * Prevent failure when resolving version tags in oras memory store * fix(client): skipnode utilization for PreCopy * test: Skip instead of returning early. looks more intentional * test: tests repo stripping functionality * test: include tests for Login based on different protocol prefixes * fix(client): layers now returns manifest - remove duplicate from descriptors * fix(client): return nil on non-allowed media types * Fix 3.18.0 regression: registry login with scheme * Update pkg/plugin/plugin.go * Wait for Helm v4 before raising when platformCommand and Command are set * Revert "fix (helm) : toToml` renders int as float [ backport to v3 ]" * build(deps): bump the k8s-io group with 7 updates * chore: update generalization warning message * fix: move warning to top of block * fix: govulncheck workflow * fix: replace fmt warning with slog * fix: add warning when ignore repo flag * feat: add httproute from gateway-api to create chart template - Update to version 3.18.6: * fix(helm-lint): fmt * fix(helm-lint): Add TLSClientConfig * fix(helm-lint): Add HTTP/HTTPS URL support for json schema references - Update to version 3.18.5: * fix Chart.yaml handling 7799b48 (Matt Farina) * Handle messy index files dd8502f (Matt Farina) * json schema fix cb8595b (Robert Sirchia) - Fix shell completion dependencies * Add BuildRequires to prevent inclusion of folders owned by shells. * Add Requires because installing completions without appropriate shell is questionable. - Fix zsh completion location helm-3.19.1-160000.1.1.aarch64.rpm helm-bash-completion-3.19.1-160000.1.1.noarch.rpm helm-fish-completion-3.19.1-160000.1.1.noarch.rpm helm-zsh-completion-3.19.1-160000.1.1.noarch.rpm helm-3.19.1-160000.1.1.ppc64le.rpm helm-3.19.1-160000.1.1.s390x.rpm helm-3.19.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-361 Recommended update for python-graphviz, graphviz moderate SUSE SLFO 1.2 This update for python-graphviz, graphviz fixes the following issues: Changes in python-graphviz: Update to 0.21: * Drop Python 3.8 support (end of life 7 Oct 2024). * Tag Python 3.13 support. * Add support for ``format='svg_inline'``, available since upstream Graphviz 10.0.1. Produces header-less SVG suitable for inlining into HTML (see https://www.graphviz.org/docs/outputs/svg/). * Switch project to ``pyproject.toml`` and build to ``python -m build``) (https://build.pypa.io). This changes the source distribution formar from ``.zip`` to PEP 625 compliant ``.tar.gz`` (https://peps.python.org/pep-0625/). Changes in graphviz: Update to 12.2.1: * Added - Support for building the SWIG-generated R language bindings has been integrated into the CMake build system. This is controllable by the -DENABLE_R={AUTO|ON|OFF} option. - A sandboxing wrapper, dot_sandbox, is now included with Graphviz. Users should prefer their platform’s native security solutions, but if nothing better is available this wrapper offers safe processing of untrusted inputs in some scenarios. * Changed - JPEG images without an APP0 leading segment are supported for use in src fields and friends. Previously Graphviz was overly strict with the types of JPEGs it would recognize. #2619 - The CMake build system now discovers and uses pango_fc_font_lock_face if possible, for the Pango plugin to provide more information about used fonts. * Fixed - The GVPR library program depath no longer acts on previously deleted nodes, causing unpredictable results. #1702 (closed) - Void-typed function parameters (int foo(void bar)) and variables void baz; in GVPR are gracefully rejected. #2585 (closed) - Input that induce a set node height but no set node width no longer crash with the failure "Assertion failed: (r->boundary[i] <= r->boundary[NUMDIMS + i]), function RTreeInsert". It is typically not obvious to users when their input falls into this situation, hence why the assertion message is quoted here. This was a regression in Graphviz 12.0.0. #2613 (closed) - Strings containing double quote characters preceded by escape sequences (e.g. \n") are once again correctly escaped in dot or canonical output. This was a regression in Graphviz 9.0.0. #2614 (closed) - dot_builtins no longer lists duplicate format options in its error messages. #2604 (closed) - A precision error that resulted in truncated edge lines has been corrected. This was a regression in Graphviz 12.0.0. #2620 (closed) - The xlib plugin (-Tx11) resets its initialization state during finalization. This fixes a rare scenario where multiple input graphs are supplied and initialization for one of the not-first graphs fails. In this scenario, finalization would be unaware of this failure and act on invalid state. Update to 12.2.0: * Removed - Visual Studio build files have been removed. CMake is now the only supported build system on Windows. * Added - Support for building the SWIG-generated PHP language bindings has been integrated into the CMake build system. This is controllable by the -DENABLE_PHP={AUTO|ON|OFF} option. - Support for building the SWIG-generated Python language bindings has been integrated into the CMake build system. This is controllable by the -DENABLE_PYTHON={AUTO|ON|OFF} option. * Changed - An algorithm closer to that described in RFC 1942 and/or the CSS 2.1 specification is now used for sizing table cells within HTML-like labels. This is less scalable than the network simplex algorithm it replaces, but in general produces more intuitive results. #2159 (closed) - Tooltips on table elements within HTML-like labels are now propagated to SVGs produced by the core plugin (-Tsvg) even when the elements do not have href attributes. #1425 (closed) - In the Autotools build system, pkg-config is the only supported way for discovering Guile. Previous use of guile-config* has been removed. #2606 (closed) - The Autotools release artifacts for macOS (Darwin_*_graphviz-*.tar.gz) now use relative paths in links to dependent libraries and plugins. This should make the tree relocatable instead of having to live at /Users/gitlab/builds. #2501 (closed) - gml2gv no longer maps GML label attributes to Graphviz name attributes. These are now mapped to Graphviz label attributes. #2586 (closed) * Fixed - In the Autotools build system, the core plugin links against libm, fixing some unresolvable symbols. This was a regression in Graphviz 4.0.0. Though it would primarily have affected non-Graphviz applications attempting to load this plugin on Linux. - The osage layout engine now understands a cluster to be indicated by the common rules, including the "cluster" prefix being case insensitive and the cluster=true attribute as an alternative. #2187 - acyclic once again produces its output on stdout. This was a regression in Graphviz 10.0.1. #2600 (closed) - When using the Tclpathplan module, created vgpanes can once again be named and addressed. This was a regression in Graphviz 12.1.2. - Omitting a polygon identifier when running triangulation using the Tclpathplan module (e.g. vgpane0 triangulate instead of vgpane0 triangulate 42) no longer goes unnoticed and reads invalid memory. This bug seems to have existed since the first revision of Graphviz. - When using the Tclpathplan module, defining a malformed <3-point polygon and then attempting to triangulate this polygon no longer reads invalid memory. This case is now rejected with an error during triangulation. Like the previous entry, this bug seems to have existed since the first revision of Graphviz. - When using the Tclpathplan module, binding a pane’s triangulation callback to a string ending in a trailing % (e.g. vgpane0 bind triangle %) no longer causes later out-of-bounds reads during triangulation. Like the previous entries, this bug seems to have existed since the first revision of Graphviz. #2596 (closed) - Mouse right-clicks in Smyrna are no longer sticky. In some contexts, right-clicking the mouse would register a mouse down event but no mouse up event, leading Smyrna to believe the user was dragging with the right button held down. - Arrowhead missing from tail-end of edge #2437 (closed) - The Ruby bindings package (libgv-ruby) is once again installable on Ubuntu. This became uninstallable when Ruby 1.8 was no longer available on Ubuntu, as it had a hard coded dependency of Ruby 1.8. This has now been relaxed to depend on any Ruby version ≥ 1.8. #2607 (closed) - Generated GIFs and JPEGs display the graphed image instead of a single solid color. This was a regression in Graphviz 12.1.1. #2609 (closed) - The CMake build system includes some supporting pieces of the SWIG-generated language bindings that were previously missing. It also links further dependencies that were previously missing. - In the CMake build system, linking of the Guile language bindings uses the full path to libguile, fixing issues on macOS. - The provided release packages for Debian-based operating systems (only Ubuntu currently) have corrected package dependencies. #2466 (closed) - Discussion of gvpr -c "" in the gvpr man page has been removed. This invocation did not do what was claimed. #2584 (closed) - To see the full changelog for all intermediate releases, see: https://gitlab.com/graphviz/graphviz/-/blob/main/CHANGELOG.md python313-graphviz-0.21-160000.1.1.noarch.rpm graphviz-12.2.1-160000.1.1.aarch64.rpm graphviz-devel-12.2.1-160000.1.1.aarch64.rpm graphviz-plugins-core-12.2.1-160000.1.1.aarch64.rpm libcdt5-12.2.1-160000.1.1.aarch64.rpm libcgraph6-12.2.1-160000.1.1.aarch64.rpm libgvc6-12.2.1-160000.1.1.aarch64.rpm libgvpr2-12.2.1-160000.1.1.aarch64.rpm libpathplan4-12.2.1-160000.1.1.aarch64.rpm libxdot4-12.2.1-160000.1.1.aarch64.rpm graphviz-doc-12.2.1-160000.1.1.aarch64.rpm graphviz-gd-12.2.1-160000.1.1.aarch64.rpm graphviz-gnome-12.2.1-160000.1.1.aarch64.rpm graphviz-guile-12.2.1-160000.1.1.aarch64.rpm graphviz-lua-12.2.1-160000.1.1.aarch64.rpm graphviz-perl-12.2.1-160000.1.1.aarch64.rpm graphviz-php-12.2.1-160000.1.1.aarch64.rpm graphviz-ruby-12.2.1-160000.1.1.aarch64.rpm graphviz-smyrna-12.2.1-160000.1.1.aarch64.rpm graphviz-tcl-12.2.1-160000.1.1.aarch64.rpm graphviz-webp-12.2.1-160000.1.1.aarch64.rpm python3-gv-12.2.1-160000.1.1.aarch64.rpm graphviz-gvedit-12.2.1-160000.1.1.aarch64.rpm graphviz-12.2.1-160000.1.1.ppc64le.rpm graphviz-devel-12.2.1-160000.1.1.ppc64le.rpm graphviz-plugins-core-12.2.1-160000.1.1.ppc64le.rpm libcdt5-12.2.1-160000.1.1.ppc64le.rpm libcgraph6-12.2.1-160000.1.1.ppc64le.rpm libgvc6-12.2.1-160000.1.1.ppc64le.rpm libgvpr2-12.2.1-160000.1.1.ppc64le.rpm libpathplan4-12.2.1-160000.1.1.ppc64le.rpm libxdot4-12.2.1-160000.1.1.ppc64le.rpm graphviz-doc-12.2.1-160000.1.1.ppc64le.rpm graphviz-gd-12.2.1-160000.1.1.ppc64le.rpm graphviz-gnome-12.2.1-160000.1.1.ppc64le.rpm graphviz-guile-12.2.1-160000.1.1.ppc64le.rpm graphviz-lua-12.2.1-160000.1.1.ppc64le.rpm graphviz-perl-12.2.1-160000.1.1.ppc64le.rpm graphviz-php-12.2.1-160000.1.1.ppc64le.rpm graphviz-ruby-12.2.1-160000.1.1.ppc64le.rpm graphviz-smyrna-12.2.1-160000.1.1.ppc64le.rpm graphviz-tcl-12.2.1-160000.1.1.ppc64le.rpm graphviz-webp-12.2.1-160000.1.1.ppc64le.rpm python3-gv-12.2.1-160000.1.1.ppc64le.rpm graphviz-gvedit-12.2.1-160000.1.1.ppc64le.rpm graphviz-12.2.1-160000.1.1.s390x.rpm graphviz-devel-12.2.1-160000.1.1.s390x.rpm graphviz-plugins-core-12.2.1-160000.1.1.s390x.rpm libcdt5-12.2.1-160000.1.1.s390x.rpm libcgraph6-12.2.1-160000.1.1.s390x.rpm libgvc6-12.2.1-160000.1.1.s390x.rpm libgvpr2-12.2.1-160000.1.1.s390x.rpm libpathplan4-12.2.1-160000.1.1.s390x.rpm libxdot4-12.2.1-160000.1.1.s390x.rpm graphviz-doc-12.2.1-160000.1.1.s390x.rpm graphviz-gd-12.2.1-160000.1.1.s390x.rpm graphviz-gnome-12.2.1-160000.1.1.s390x.rpm graphviz-guile-12.2.1-160000.1.1.s390x.rpm graphviz-lua-12.2.1-160000.1.1.s390x.rpm graphviz-perl-12.2.1-160000.1.1.s390x.rpm graphviz-php-12.2.1-160000.1.1.s390x.rpm graphviz-ruby-12.2.1-160000.1.1.s390x.rpm graphviz-smyrna-12.2.1-160000.1.1.s390x.rpm graphviz-tcl-12.2.1-160000.1.1.s390x.rpm graphviz-webp-12.2.1-160000.1.1.s390x.rpm python3-gv-12.2.1-160000.1.1.s390x.rpm graphviz-gvedit-12.2.1-160000.1.1.s390x.rpm graphviz-12.2.1-160000.1.1.x86_64.rpm graphviz-devel-12.2.1-160000.1.1.x86_64.rpm graphviz-plugins-core-12.2.1-160000.1.1.x86_64.rpm libcdt5-12.2.1-160000.1.1.x86_64.rpm libcgraph6-12.2.1-160000.1.1.x86_64.rpm libgvc6-12.2.1-160000.1.1.x86_64.rpm libgvpr2-12.2.1-160000.1.1.x86_64.rpm libpathplan4-12.2.1-160000.1.1.x86_64.rpm libxdot4-12.2.1-160000.1.1.x86_64.rpm graphviz-doc-12.2.1-160000.1.1.x86_64.rpm graphviz-gd-12.2.1-160000.1.1.x86_64.rpm graphviz-gnome-12.2.1-160000.1.1.x86_64.rpm graphviz-guile-12.2.1-160000.1.1.x86_64.rpm graphviz-lua-12.2.1-160000.1.1.x86_64.rpm graphviz-perl-12.2.1-160000.1.1.x86_64.rpm graphviz-php-12.2.1-160000.1.1.x86_64.rpm graphviz-ruby-12.2.1-160000.1.1.x86_64.rpm graphviz-smyrna-12.2.1-160000.1.1.x86_64.rpm graphviz-tcl-12.2.1-160000.1.1.x86_64.rpm graphviz-webp-12.2.1-160000.1.1.x86_64.rpm python3-gv-12.2.1-160000.1.1.x86_64.rpm graphviz-gvedit-12.2.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-362 Security update for gstreamer-rtsp-server, gstreamer-plugins-ugly, gstreamer-plugins-rs, gstreamer-plugins-libav, gstreamer-plugins-good, gstreamer-plugins-base, gstreamer-plugins-bad, gstreamer-docs, gstreamer-devtools, gstreamer moderate SUSE SLFO 1.2 This update for gstreamer-rtsp-server, gstreamer-plugins-ugly, gstreamer-plugins-rs, gstreamer-plugins-libav, gstreamer-plugins-good, gstreamer-plugins-base, gstreamer-plugins-bad, gstreamer-docs, gstreamer-devtools, gstreamer fixes the following issues: Changes in gstreamer-rtsp-server: - Update to version 1.26.7: + Fix issues with G_DISABLE_CHECKS & G_DISABLE_ASSERT. + rtsp-server: tests: Switch to fixtures to ensure pool shutdown + rtsp-server: tests: Fix a few memory leaks Changes in gstreamer-plugins-ugly: - Update to version 1.26.7: + No changes, stable version bump only. Changes in gstreamer-plugins-rs: - Update to version 1.26.7+git0.6ab75814: * tracers: Fix inverted append logic when writing log files * threadshare: - examples: standalone: also handle buffer lists - Pad push_list: downgrade Pad flushing log level - sinks: fix / handle query() - backpressure: abort pending items on flush start - udpsink: fix panic recalculating latency from certain executors - audiotestsrc: . support more Audio formats . use AudioInfo . fix latency . act as a pseudo live source by default - runtime task: execute action in downward transition - example cleanups - udpsink: distinguish sync status for latency & report added latency - sink elements: implement `send_event` - dataqueue elements: report min and max latency * rtp: - Add linear audio (L8, L16, L24) RTP payloaders / depayloaders * rtp: basedepay: reuse last PTS, when possible * skia: Update to skia-safe 0.89 * mp4: Update to mp4-atom 0.9 * Update dependencies * webrtc: livekit: Drop connection lock after take() * onvifmetadatapay: copy metadata from source buffer * fallbacksrc: Fix custom source reuse case * add `rust-tls-native-roots` feature to the `reqwest` dep * rtpamrpay2: - Actually forward the frame quality indicator - Set frame quality indicator flag - Add patch to fix reproducibility of package build (boo#1237097) - Update to version 1.26.6+git20.e287e869: * Fix some new clippy 1.90 warnings * colordetect: Don't use deprecated color_name API * deny: Update * quinn: Update to web-transport-quinn 0.8 * skia: Update to skia-safe 0.88 * Update Cargo.lock * Allow windows-sys 0.61 too * intersink: add sync property * meson: Fix .pc files installation and simplify build output handling. This also fixes the .pc file install directory and ensures that the .pc files are only installed when static builds is enabled. - Drop devel subpackage following upstream changes. - Update to version 1.26.6: + aws: Ensure task stopping on paused-to-ready state change + fallbacksrc: - Don't panic during retries if the element was shut down in parallel - Don't restart source if the element is just being shut down - Fix some custom source deadlocks - Fix sources only being restarted once + gtk4: Try importing dmabufs withouth DMA_DRM caps + inter: Give the appsrc/appsink a name that has the parent element as prefix + mp4: Skip tests using x264enc if it does not exist + rtpgccbwe: avoid clamp() panic when min_bitrate > max_bitrate + rtpmp4gdepay2: allow only constantduration with neither constantsize nor sizelength set + rtprecv: fix race condition on first buffer + speechmatics: Specify rustls as an explicit dependency + spotify: update to librespot 0.7 + threadshare: - add a blocking adapter element - always use block_on_or_add_subtask - audiotestsrc: fix setting samples-per-buffer... - blocking_adapter: fix Since marker in docs - fix resources not available when preparing asynchronously - fix ts-inter test one_to_one_up_first - have: have Task log its obj - intersink: return from blocking tasks when stopping - inter: update doc example - runtime/pad: lower log level pushing Buffer to flushing pad - separate blocking & throttling schedulers - update examples - Update to getifaddrs 0.5 - Fix macOS build post getifaddrs 0.5 update - Bump up getiffaddrs to 0.1.5 and revert "udp: avoid getifaddrs in android" - Reapply "udp: avoid getifaddrs in android" + transcriberbin: Fix some deadlocks + Update dependencies + webrtc: Migrate to warp 0.4 and switch to tokio-rustls + webrtc/signalling: Fix setting of host address + ci: add script to check readme against plugins list + Fix various new clippy 1.89 warnings + Don't suggest running cargo cinstall after cargo cbuild + meson: Isolate built plugins from cargo target directory - Update to version 1.26.5+git11.949807a4 (boo#1248053, CVE-2025-55159): + rtprecv: fix race condition on first buffer + threadshare: intersink: return from blocking tasks when stopping + threadshare: inter: store upstream latency in InterContext + threadshare: add a blocking adapter element + transcriberbin: Fix settings/state lock order violation in set_property() + transcriberbin: Don't keep state locked while querying upstream latency + threadshare: audiotestsrc: fix setting samples-per-buffer... + rtpgccbwe: avoid clamp() panic when min_bitrate > max_bitrate + fallbacksrc: Don't restart source if the element is just being shut down + aws: Ensure task stopping on paused-to-ready state change + fallbacksrc: Don't panic during retries if the element was shut down in parallel + Update Cargo.lock. - Update to version 1.26.5: + awstranscriber2, awstranslate: Handle multiple stream-start event + ceaX08overlay: support ANY caps features, allowing e.g. memory:GLMemory if downstream supports the overlay composition meta + hlsmultivariantsink: Fix master playlist version + rtprecv: Drop state lock before chaining RTCP packets from the RTP chain function + Add rtpbin2 examples + rtpmp4apay2: fix payload size prefix + rtp: threadshare: fix some property ranges + mpegtslivesrc: Remove leftover debug message + ts-audiotestsrc fixes + threadshare: fix flush for ts-queue ts-proxy & ts-intersrc + threadshare: fix regression in ts-proxysrc + threadshare: improvements to some elements + threadshare: Enable windows Win32_Networking feature + threadshare: queue & proxy: fix race condition stopping + threadshare: Also enable windows Win32_Networking_WinSock feature + tracers: pipeline-snapshot: reduce WebSocket connection log level + tracers: queue-levels: add support for threadshare DataQueue related elements + tracers: Update to etherparse 0.19 + transcriberbin: Fix handling of upstream latency query + webrtcsink: Move videorate before videoconvert and videoscale to avoid processing frames that would be dropped + Fix various new clippy 1.89 warnings - Update to version 1.26.4: + aws: s3hlssink: Write to S3 on OutputStream flush + cea708mux: fix clipping function + dav1ddec: Use video decoder base class latency reporting API + elevenlabssynthesizer: fix running time checks + gopbuffer: Push GOPs in order of time on EOS + gtk4: Improve color-state fallbacks for unknown values + gtk4: Add YCbCr memory texture formats + gtk4: Promote set_caps debug log to info + hlssink3: Fix a comment typo + hlssink3: Use closed fragment location in playlist generation + livekit: add room-timeout + mccparse: Convert "U" to the correct byte representation + mp4mux: add TAI timestamp element and muxing + threadshare: add a ts-rtpdtmfsrc element + rtp: Update to rtcp-types 0.2 + rtpsend: Don't configure a zero min RTCP interval for senders + rtpbin2: Fix handling of unknown PTs and don't warn about incomplete RTP caps to allow for bundling + rtpbin2: Improve rtcp-mux support + rtpbin2: fix race condition on serialized Queries + rtpbin2: sync: fix race condition + rtprecv optimize src pad scheduling + rtprecv: fix SSRC collision event sent in wrong direction + skia: Add harfbuzz, freetype and fontconfig as dependencies in the meson build + tttocea{6,7}08: Disallow pango markup from input caps + ts-intersrc: handle dynamic inter-ctx changes + threadshare: src elements: don't pause the task in downward state transitions + webrtc: sink: avoid recursive locking of the session + webrtcsink: fix deadlock on error setting remote description + webrtcsink: add mitigation modes parameter and signal + webrtc: fix Safari addIceCandidate crash + webrtc-api: Set default bundle policy to max-bundle + WHIP client: emit shutdown after DELETE request + Fix various new clippy 1.88 warnings + Update dependencies - Update to version 1.26.3: + Add new speech synthesis element around ElevenLabs API + cea708mux: fix another WouldOverflow case + cea708mux: support configuring a limit to how much data will be pending. + cea708overlay: also reset the output size on flush stop + gcc: handle out of order packets + fmp4mux: Fix panic on late GOP + livekit: expose a connection state property + mp4mux: add taic box + mp4mux: test the trak structure + pcap_writer: Make target-property and pad-path properties writable again + skia: Don't build skia plugin by default for now + threadshare: cleanups & usability improvements + threadshare: sync runtime with latest async-io + threadshare: fix kqueue reactor + threadshare: Update to getifaddrs 0.2 + threadshare: add new thread-sharing inter elements + threadshare: add a ts-rtpdtmfsrc element + transcriberbin: fix naming of subtitle pads + tttocea708: don't panic if a new service would overflow + webrtc: android: Update Gradle and migrate to FindGStreamerMobile + webrtc: add new examples for stream selection over data channel + webrtcsrc: the webrtcbin get-transceiver index is not mlineindex + webrtcsrc: send CustomUpstream events over control channel .. + webrtcsink: Don't require encoder element for pre-encoded streams + webrtcsink: Don't reject caps events if the codec_data changes + whip: server: pick session-id from the endpoint if specified + cargo: add config file to force CARGO_NET_GIT_FETCH_WITH_CLI=true + Cargo.lock, deny: Update dependencies and log duplicated targo-lexicon + Update windows-sys dependency from ">=0.52, <=0.59" to ">=0.52, <=0.60" + deny: Add override for windows-sys 0.59 + deny: Update lints + cargo_wrapper: Fix backslashes being parsed as escape codes on Windows + Fixes for Clock: non-optional return types + Rename relationmeta plugin to analytics Changes in gstreamer-plugins-libav: - Update to version 1.26.7: + No changes, stable versionbump only. Changes in gstreamer-plugins-good: - Update to version 1.26.7: + matroskamux: Properly check if pads are EOS in find_best_pad + qtdemux: - Bad performance with GoPro videos containing FDSC metadata tracks - Fix open/seek perf for GoPro files with SOS track - Handle unsupported channel layout tags gracefully - Set channel-mask to 0 for unknown layout tags + rtspsrc: Send RTSP keepalives in TCP/interleaved modes + v4l2: - Add GstV4l2Error handling in gst_v4l2_get_capabilities - Fix memory leak for DRM caps negotiation + v4l2transform: reconfigure v4l2object only if respective caps changed + Fix issues with G_DISABLE_CHECKS & G_DISABLE_ASSERT - Update to version 1.26.6: + adaptivedemux2: fix crash due to log + adaptivedemux2: Crash in logging when "Dropping EOS before next period" + hlsdemux2: Fix parsing of byterange and init map directives + mpg123audiodec: Always break the decoding loop and relay downstream flow errors upstream + v4l2: Add support for WVC1 and WMV3 + Monorepo: dv plugin requires explicit enablement now for a build using the Meson subproject fallback - Update to version 1.26.5: + 4l2: fix memory leak for dynamic resolution change + videorate, imagefreeze: add support for JPEG XS - Update to version 1.26.4: + adaptivedemux2: Fixed reverse playback + matroskademux: Send tags after seeking + qtdemux: Fix incorrect FourCC used when iterating over sbgp atoms + qtdemux: Incorrect sibling type used in sbgp iteration loop + rtph265pay: add profile-id, tier-flag, and level-id to output rtp caps + rtpjpeg: fix copying of quant data if it spans memory segments + soup: Disable range requests when talking to Python's http.server + v4l2videodec: need replace acquired_caps on set_format success + Fix various valgrind/test errors when GST_DEBUG is enabled + More valgrind and test fixes + Various ASAN fixes - Update to version 1.26.3: + aacparse: Fix counting audio channels in program_config_element + adaptivedemux2: free cancellable when freeing transfer task + dashdemux2: Fix seeking in a stream with gaps + decodebin wavparse cannot pull header + imagefreeze: fix not negotiate log when stop + osxvideosink: Use gst_pad_push_event() and post navigation messages + qml6glsink: Allow configuring if the item will consume input events + qtmux: Update chunk offsets when converting stco to co64 with faststart + splitmuxsink: Only send closed message once per open fragment + rtph265depay: CRA_NUT can also start an (open) GOP + rtph265depay: fix codec_data generation + rtspsrc: Don't emit error during close if server is EOF + twcc: Fix reference timestamp wrapping (again) + v4l2: Fix possible internal pool leak + v4l2object: Add support for colorimetry bt2100-pq and 1:4:5:3 + wavparse: Don't error out always when parsing acid chunks Changes in gstreamer-plugins-base: - Update to version 1.26.7: + discoverer: Mark gst_discoverer_stream_info_list_free() as transfer full + riff: Add channel reorder maps for 3 and 7 channel audio + sdp: proper usage of gst_buffer_append + videorate: fix assert fail due to invalid buffer duration + Fix build error with glib < 2.68 - Update to version 1.26.6: + decodebin3: Update stream tags + rtpbasedepayload: Avoid potential use-after free + rtspconnection: Add get_url and get_ip return value annotation + gst_rtsp_connection_get_url return value transfer annotation missing + videometa: Fix valgrind warning when deserializing video meta + videorate: don't hold the reference to the buffer in drop-only mode + gst-device-monitor-1.0: Fix device-path regression on Windows + gst-device-monitor-1.0: Add quoting for powershell and cmd + Monorepo: opengl, vorbis, plugins require explicit enablement now for a build using the Meson subproject fallback - Update to version 1.26.5: + audioconvert: mix-matrix causes caps negotiation failure + decodebin3: Don't error on an incoming ONVIF metadata stream + gloverlay: Recompute geometry when caps change, and load texture after stopping and starting again + uridecodebin3: Add missing locking and NULL checks when adding URIs to messages + uridecodebin3: segfault in update_message_with_uri() if no decoder available + videorate, imagefreeze: add support for JPEG XS + gst-device-monitor-1.0: Add shell quoting for launch lines + gst-device-monitor-1.0: Fix criticals, and also accept utf8 in launch lines + gst-device-monitor-1.0: Use gst_print instead of g_print - Update to version 1.26.4: + Revert "streamsynchronizer: Consider streams having received stream-start as waiting" + alsa: free conf cache under valgrind + gst-device-monitor: Fix caps filter splitting + Fix various valgrind/test errors when GST_DEBUG is enabled + More valgrind and test fixes + Various ASAN fixes - Update to version 1.26.3: + GstAudioAggregator: fix structure unref in peek_next_sample() + audioconvert: Fix setting mix-matrix when input caps changes + encodebasebin: Duplicate encoding profile in property setter + gl: simplify private gst_gl_gst_meta_api_type_tags_contain_only() + osxvideosink: Use gst_pad_push_event() and post navigation messages + playsink: Fix race condition in stream synchronizer pad cleanup during state changes + python: Fix pulling events from appsink + streamsynchronizer: Consider streams having received stream-start as waiting + urisourcebin: Text tracks are no longer set as sparse stream in urisourcebin's multiqueue Changes in gstreamer-plugins-bad: - Update to version 1.26.7: + cuda: Fix runtime kernel compile with CUDA 13.0 + d3d12convert: Fix crop meta support + d3d12deinterlace: Fix passthrough handling + gst: Fix a few small leaks + matroskamux: Properly check if pads are EOS in find_best_pad + tsdemux: Directly forward Opus AUs without opus_control_header + tsmux: Write a full Opus channel configuration if no matching Vorbis one is found + unixfd: Fix case of buffer with big payload + vacompositor: Correct scale-method properties + webrtc: nice: Fix a use-after-free and a mem leak + Fix all compiler warnings on Fedora + Fix issues with G_DISABLE_CHECKS & G_DISABLE_ASSERT - Update to version 1.26.6: + analytics: always add GstTensorMeta + cccombiner: Crash fixes + curlsmtpsink: adapt to date formatting issue + decklinkvideosrc: fix decklinkvideosrc becomes unrecoverable if it fails to start streaming + decklinkvideosrc gets into unrecoverable state if device is busy + dwrite: Fix D3D12 critical warning + hlsdemux: Fix parsing of byterange and init map directives + mpegtsmux: Caps event fails with stream type change error + vulkanh24xdec: couple of fixes + vulkanh26xdec: fix discont state handling + waylandsink: add some error handler for event dispatch + zbar: tests: Handle symbol-bytes as not null-terminated + Monorepo: avtp, codec2json, iqa, microdns, openjpeg, qroverlay, soundtouch, tinyalsa plugins require explicit enablement now for a build using the Meson subproject fallback - Update to version 1.26.5: + av1parse: Don't error out on "currently" undefined seq-level indices + av1parse: fails to parse AV1 bitstreams generated by FFmpeg using the av1_nvenc hardware encoder + d3d12screencapturedevice: Avoid false device removal on monitor reconfiguration + d3d12screencapturesrc: Fix OS handle leaks/random crash in WGC mode + meson: d3d12: Add support for MinGW DirectXMath package + va: Re-negotiate after FLUSH + vaXXXenc: calculate latency with corrected framerate + vaXXXenc: fix potential race condition + vkphysicaldevice: enable sampler ycbcr conversion, synchronization2 and timeline semaphore features + vulkan: ycbcr conversion extension got promoted in 1.1.0 + wasapi2: Port to IMMDevice based device selection - Fix really disabling faad when building without faad support. - Do not build with faad in SLE16 where faad2 is not available. - Update to version 1.26.4: + avtp: crf: Setup socket during state change to ensure we handle failure + d3d12screencapture: Add support for monitor add/remove in device provider + mpegtsmux: fix double free caused by shared PMT descriptor + openh264: Ensure src_pic is initialized before use + rtmp2src: various fixes to make it play back AWS medialive streams + ssdobjectdetector: Use correct tensor data index for the scores + v4l2codecs: h265dec: Fix zero-copy of cropped window located at position 0,0 + vp9parse: Fix handling of spatial SVC decoding + vp9parse: Revert "Always default to super-frame" + vtenc: Fix negotiation failure with profile=main-422-10 + vulkan: Fix drawing too many triangles in fullscreenquad + vulkanfullscreenquad: add locks for synchronisation + Fix various valgrind/test errors when GST_DEBUG is enabled + More valgrind and test fixes + Various ASAN fixes - Provide and Obsolete gstreamer-1.20-plugin-openh264 too, not just gstreamer-plugin-openh264. - Update to version 1.26.3: + amc: Overhaul hw-accelerated video codecs detection + bayer2rgb: Fix RGB stride calculation + d3d12compositor: Fix critical warnings + dashsink: Fix failing test + decklink: calculate internal using values closer to the current clock times + decklinkvideosink: show preroll frame correctly + decklink: clock synchronization after pause + h266parser: Fix overflow when parsing subpic_level_info + lcevcdec: Check for errors after receiving all enhanced and base pictures + meson: fix building -bad tests with disabled soundtouch + mpegts: handle MPEG2-TS with KLV metadata safely by preventing out of bounds + mpegtsmux: Corrections around Teletext handling + srtsink: Fix header buffer filtering + transcoder: Fix uritranscodebin reference handling + tsdemux: Allow access unit parsing failures + tsdemux: Send new-segment before GAP + vulkanupload: fix regression for uploading VulkanBuffer + vulkanupload: fix regression when uploading to single memory multiplaned memory images + webrtcbin: disconnect signal ICE handlers on dispose + {d3d12,d3d11}compositor: Fix negative position handling + {nv,d3d12,d3d11}decoder: Use interlace info in input caps - Build with noopenh264, move plugin to main package. - Drop conditionals for fdk-aac, explicitly build it for all targets. - Move faad plugin to main package. Changes in gstreamer-docs: - Update to version 1.26.7: + No changes, stable bump only. + Update docs. Changes in gstreamer-devtools: - Update to version 1.26.7: + Fix issues with G_DISABLE_CHECKS & G_DISABLE_ASSERT - Update to version 1.26.6: + validate: http-actions: Replace GUri with GstURI for GLib 2.64 compatibility + Fix memory leak and use of incorrect context - Update to version 1.26.5: + No changes, stable bump only. - Update vendored dependencies (boo#1248053, CVE-2025-55159). - Update to version 1.26.4: + Update various Rust dependencies - Update to version 1.26.3: + validate: More memory leaks + validate: Valgrind fixes Changes in gstreamer: - Update to version 1.26.7: + Highlighted bugfixes in 1.26.7: - cea608overlay: improve handling of non-system memory - cuda: Fix runtime kernel compile with CUDA 13.0 - d3d12: Fix crop meta support in converter and passthrough handling in deinterlacer - fallbacksrc: source handling improvements; no-more-pads signal for streams-unaware parents - inter: add properties to fine tune the inner elements - qtdemux: surround sound channel layout handling fixes and performance improvements for GoPro videos - rtp: Add linear audio (L8, L16, L24) RTP payloaders / depayloaders - rtspsrc: Send RTSP keepalives in TCP/interleaved modes - rtpamrpay2: frame quality indicator flag related fixes - rtpbasepay2: reuse last PTS when possible, to work around problems with NVIDIA Jetson AV1 encoder - mpegtsmux, tsdemux: Opus audio handling fixes - threadshare: latency related improvements and many other fixes - matroskamux, tsmux, flvmux, cea608mux: Best pad determination fixes at EOS - unixfd: support buffers with a big payload - videorate unknown buffer duration assertion failure with variable framerates - editing services: Make GESTimeline respect SELECT_ELEMENT_TRACK signal discard decision; memory leak fixes - gobject-introspection annotation fixes - cerbero: Update meson to 1.9.0 to enable Xcode 26 compatibility - Various bug fixes, build fixes, memory leak fixes, and other stability and reliability improvements + gstreamer: - controller: Fix get_all() return type annotation - gst-launch: Do not assume error messages have a src element - multiqueue: Fix object reference handling in signal callbacks - netclientclock: Fix memory leak in error paths - Update to version 1.26.6: + Highlighted bugfixes in 1.26.6: - analytics GstTensorMeta handling changes (see note below) - closed caption combiner and transcriberbin stability fixes - decklinkvideosrc: fix unrecoverable state after failing to start streaming because device is busy - decodebin3 tag handling improvements - fallbacksrc: Fix sources only being restarted once, as well as some deadlocks and race conditions on shutdown - gtk4paintablesink: Try importing dmabufs withouth DMA_DRM caps - hlsdemux2: Fix parsing of byterange and init map directives - rtpmp4gdepay2: allow only constantduration with neither constantsize nor sizelength set - spotifysrc: update to librespot 0.7 to make work after recent Spotify changes - threadshare: new blocking adapter element for use in front of block elements such as sinks that sync to the clock - threadshare: various other threadshare element fixes and improvements - v4l2: Add support for WVC1 and WMV3 - videorate: possible performance improvements when operating in drop-only mode - GstBaseParse fixes - Vulkan video decoder fixes - Fix gst-device-monitor-1.0 tool device-path regression on Windows - Monorepo development environment builds fewer plugins using subprojects by default, those require explicit enablement now - Python bindings: Handle buffer PTS, DTS, duration, offset, and offset-end as unsigned long long (regression fix) - Cerbero: Reduce recipe parallelism in various cases and dump cerbero and recipe versions into datadir during packaging - Various bug fixes, build fixes, memory leak fixes, and other stability and reliability improvements + Possibly breaking behavioural changes: - Previously it was guaranteed that there is only ever up to one GstTensorMeta per buffer. This is no longer true and code working with GstTensorMeta must be able to handle multiple GstTensorMeta now. + gstreamer: - baseparse: Try harder to fixate caps based on upstream in default negotiation - gst-discoverer reports 1x1 dimensions for "valid" MP4 files - baseparse: don't clear most sticky events after a FLUSH_STOP event - gstreamer: Disable miniobject inline functions for gobject-introspection for non-subprojects too - gstreamer: Make sure to zero-initialize the GValue before G_VALUE_COLLECT_INIT - ptp: Fix a new Rust 1.89 compiler warning on Windows - ptp: Fix new compiler warning with Rust 1.89 - Segmentation fault when compiled with "-ftrivial-auto-var-init=pattern". Use of unitialized GValue - Update to version 1.26.5: + Highlighted bugfixes: - audioconvert: Fix caps negotiation regression when using a mix matrix - cea608overlay, cea708overlay: Accept GPU memory buffers if downstream supports the overlay composition meta - d3d12screencapture source element and device provider fixes - decodebin3: Don't error on an incoming ONVIF metadata stream - uridecodebin3: Fix potential crash when adding URIs to messages, e.g. if no decoder is available - v4l2: Fix memory leak for dynamic resolution change - VA encoder fixes - videorate, imagefreeze: Add support for JPEG XS - Vulkan integration fixes - wasapi2 audio device monitor improvements - threadshare: Many improvements and fixes to the generic threadshare and RTP threadshare elements - rtpbin2 improvements and fixes - gst-device-monitor-1.0 command line tool improvements - Various bug fixes, build fixes, memory leak fixes, and other stability and reliability improvements + gstreamer: - aggregator: add sub_latency_min to pad queue size - build: Disable C5287 warning on MSVC - Update to version 1.26.4: + Highlighted bugfixes in 1.26.4: - adaptivedemux2: Fixed reverse playback - d3d12screencapture: Add support for monitor add/remove in device provider - rtmp2src: various fixes to make it play back AWS medialive streams - rtph265pay: add profile-id, tier-flag, and level-id to output rtp caps - vp9parse: Fix handling of spatial SVC decoding - vtenc: Fix negotiation failure with profile=main-422-10 - gtk4paintablesink: Add YCbCr memory texture formats and other improvements - livekit: add room-timeout - mp4mux: add TAI timestamp muxing support - rtpbin2: fix various race conditions, plus other bug fixes and performance improvements - threadshare: add a ts-rtpdtmfsrc element, implement run-time input switching in ts-intersrc - webrtcsink: fix deadlock on error setting remote description and other fixes. - cerbero: WiX installer: fix missing props files in the MSI packages - smaller macOS/iOS package sizes - Various bug fixes, build fixes, memory leak fixes, and other stability and reliability improvements + gstreamer: - tracers: Fix deadlock in latency tracer - Fix various valgrind/test errors when GST_DEBUG is enabled - More valgrind and test fixes - Various ASAN fixes - Update to version 1.26.3: + Highlighted bugfixes in 1.26.3: - Security fix for the H.266 video parser - Fix regression for WAV files with acid chunks - Fix high memory consumption caused by a text handling regression in uridecodebin3 and playbin3 - Fix panic on late GOP in fragmented MP4 muxer - Closed caption conversion, rendering and muxing improvements - Decklink video sink preroll frame rendering and clock drift handling fixes - MPEG-TS demuxing and muxing fixes - MP4 muxer fixes for creating very large files with faststart support - New thread-sharing 1:N inter source and sink elements, and a ts-rtpdtmfsrc - New speech synthesis element around ElevenLabs API - RTP H.265 depayloader fixes and improvements, as well as TWCC and GCC congestion control fixes - Seeking improvements in DASH client for streams with gaps - WebRTC sink and source fixes and enhancements, including to LiveKit and WHIP signallers - The macOS osxvideosink now posts navigation messages - QtQML6GL video sink input event handling improvements - Overhaul detection of hardware-accelerated video codecs on Android - Video4Linux capture source fixes and support for BT.2100 PQ and 1:4:5:3 colorimetry - Vulkan buffer upload and memory handling regression fixes - gst-python: fix various regressions introduced in 1.26.2 - cerbero: fix text relocation issues on 32-bit Android and fix broken VisualStudio VC templates - packages: ship pbtypes plugin and update openssl to 3.5.0 LTS - Various bug fixes, build fixes, memory leak fixes, and other stability and reliability improvements + gstreamer: - aggregator: Do not set event seqnum to INVALID - baseparse: test: Fix race on test start - pad: Only remove TAG events on STREAM_START if the stream-id actually changes - utils: Mark times array as static to avoid symbol conflict with the POSIX function - vecdeque: Use correct index type gst_vec_deque_drop_struct() gstreamer-rtsp-server-devel-1.26.7-160000.1.1.aarch64.rpm libgstrtspserver-1_0-0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstRtspServer-1_0-1.26.7-160000.1.1.aarch64.rpm gstreamer-plugins-ugly-1.26.7-160000.1.1.aarch64.rpm gstreamer-plugins-ugly-lang-1.26.7-160000.1.1.noarch.rpm gstreamer-plugins-rs-1.26.7+git0.6ab75814-160000.1.1.aarch64.rpm gstreamer-plugins-libav-1.26.7-160000.1.1.aarch64.rpm gstreamer-plugins-good-1.26.7-160000.1.1.aarch64.rpm gstreamer-plugins-good-extra-1.26.7-160000.1.1.aarch64.rpm gstreamer-plugins-good-gtk-1.26.7-160000.1.1.aarch64.rpm gstreamer-plugins-good-jack-1.26.7-160000.1.1.aarch64.rpm gstreamer-plugins-good-lang-1.26.7-160000.1.1.noarch.rpm gstreamer-plugins-base-1.26.7-160000.1.1.aarch64.rpm gstreamer-plugins-base-devel-1.26.7-160000.1.1.aarch64.rpm gstreamer-plugins-base-lang-1.26.7-160000.1.1.noarch.rpm libgstallocators-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstapp-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstaudio-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstfft-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstgl-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstpbutils-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstriff-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstrtp-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstrtsp-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstsdp-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgsttag-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstvideo-1_0-0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstAllocators-1_0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstApp-1_0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstAudio-1_0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstGL-1_0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstGLEGL-1_0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstGLWayland-1_0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstGLX11-1_0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstPbutils-1_0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstRtp-1_0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstRtsp-1_0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstSdp-1_0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstTag-1_0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstVideo-1_0-1.26.7-160000.1.1.aarch64.rpm gstreamer-plugins-bad-1.26.7-160000.1.1.aarch64.rpm gstreamer-plugins-bad-chromaprint-1.26.7-160000.1.1.aarch64.rpm gstreamer-plugins-bad-devel-1.26.7-160000.1.1.aarch64.rpm gstreamer-plugins-bad-lang-1.26.7-160000.1.1.noarch.rpm gstreamer-transcoder-1.26.7-160000.1.1.aarch64.rpm gstreamer-transcoder-devel-1.26.7-160000.1.1.aarch64.rpm libgstadaptivedemux-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstanalytics-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstbadaudio-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstbasecamerabinsrc-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstcodecparsers-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstcodecs-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstcuda-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstdxva-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstinsertbin-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstisoff-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstmpegts-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstmse-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstphotography-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstplay-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstplayer-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstsctp-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgsttranscoder-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgsturidownloader-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstva-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstvulkan-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstwayland-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstwebrtc-1_0-0-1.26.7-160000.1.1.aarch64.rpm libgstwebrtcnice-1_0-0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-CudaGst-1_0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstAnalytics-1_0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstBadAudio-1_0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstCodecs-1_0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstCuda-1_0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstDxva-1_0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstInsertBin-1_0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstMpegts-1_0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstMse-1_0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstPlay-1_0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstPlayer-1_0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstTranscoder-1_0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstVa-1_0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstVulkan-1_0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstVulkanWayland-1_0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstVulkanXCB-1_0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstWebRTC-1_0-1.26.7-160000.1.1.aarch64.rpm gstreamer-docs-1.26.7-160000.1.1.noarch.rpm gstreamer-devtools-1.26.7-160000.1.1.aarch64.rpm gstreamer-devtools-devel-1.26.7-160000.1.1.aarch64.rpm libgstvalidate-1_0-0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-GstValidate-1_0-1.26.7-160000.1.1.aarch64.rpm gstreamer-1.26.7-160000.1.1.aarch64.rpm gstreamer-devel-1.26.7-160000.1.1.aarch64.rpm gstreamer-lang-1.26.7-160000.1.1.noarch.rpm gstreamer-utils-1.26.7-160000.1.1.aarch64.rpm libgstreamer-1_0-0-1.26.7-160000.1.1.aarch64.rpm typelib-1_0-Gst-1_0-1.26.7-160000.1.1.aarch64.rpm gstreamer-rtsp-server-devel-1.26.7-160000.1.1.ppc64le.rpm libgstrtspserver-1_0-0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstRtspServer-1_0-1.26.7-160000.1.1.ppc64le.rpm gstreamer-plugins-ugly-1.26.7-160000.1.1.ppc64le.rpm gstreamer-plugins-libav-1.26.7-160000.1.1.ppc64le.rpm gstreamer-plugins-good-1.26.7-160000.1.1.ppc64le.rpm gstreamer-plugins-good-extra-1.26.7-160000.1.1.ppc64le.rpm gstreamer-plugins-good-gtk-1.26.7-160000.1.1.ppc64le.rpm gstreamer-plugins-good-jack-1.26.7-160000.1.1.ppc64le.rpm gstreamer-plugins-good-qtqml6-1.26.7-160000.1.1.ppc64le.rpm gstreamer-plugins-base-1.26.7-160000.1.1.ppc64le.rpm gstreamer-plugins-base-devel-1.26.7-160000.1.1.ppc64le.rpm libgstallocators-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstapp-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstaudio-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstfft-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstgl-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstpbutils-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstriff-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstrtp-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstrtsp-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstsdp-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgsttag-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstvideo-1_0-0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstAllocators-1_0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstApp-1_0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstAudio-1_0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstGL-1_0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstGLEGL-1_0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstGLWayland-1_0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstGLX11-1_0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstPbutils-1_0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstRtp-1_0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstRtsp-1_0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstSdp-1_0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstTag-1_0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstVideo-1_0-1.26.7-160000.1.1.ppc64le.rpm gstreamer-plugins-bad-1.26.7-160000.1.1.ppc64le.rpm gstreamer-plugins-bad-chromaprint-1.26.7-160000.1.1.ppc64le.rpm gstreamer-plugins-bad-devel-1.26.7-160000.1.1.ppc64le.rpm gstreamer-transcoder-1.26.7-160000.1.1.ppc64le.rpm gstreamer-transcoder-devel-1.26.7-160000.1.1.ppc64le.rpm libgstadaptivedemux-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstanalytics-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstbadaudio-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstbasecamerabinsrc-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstcodecparsers-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstcodecs-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstcuda-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstdxva-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstinsertbin-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstisoff-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstmpegts-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstmse-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstphotography-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstplay-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstplayer-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstsctp-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgsttranscoder-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgsturidownloader-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstva-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstvulkan-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstwayland-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstwebrtc-1_0-0-1.26.7-160000.1.1.ppc64le.rpm libgstwebrtcnice-1_0-0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-CudaGst-1_0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstAnalytics-1_0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstBadAudio-1_0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstCodecs-1_0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstCuda-1_0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstDxva-1_0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstInsertBin-1_0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstMpegts-1_0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstMse-1_0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstPlay-1_0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstPlayer-1_0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstTranscoder-1_0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstVa-1_0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstVulkan-1_0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstVulkanWayland-1_0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstVulkanXCB-1_0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstWebRTC-1_0-1.26.7-160000.1.1.ppc64le.rpm gstreamer-devtools-1.26.7-160000.1.1.ppc64le.rpm gstreamer-devtools-devel-1.26.7-160000.1.1.ppc64le.rpm libgstvalidate-1_0-0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-GstValidate-1_0-1.26.7-160000.1.1.ppc64le.rpm gstreamer-1.26.7-160000.1.1.ppc64le.rpm gstreamer-devel-1.26.7-160000.1.1.ppc64le.rpm gstreamer-utils-1.26.7-160000.1.1.ppc64le.rpm libgstreamer-1_0-0-1.26.7-160000.1.1.ppc64le.rpm typelib-1_0-Gst-1_0-1.26.7-160000.1.1.ppc64le.rpm gstreamer-rtsp-server-devel-1.26.7-160000.1.1.s390x.rpm libgstrtspserver-1_0-0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstRtspServer-1_0-1.26.7-160000.1.1.s390x.rpm gstreamer-plugins-ugly-1.26.7-160000.1.1.s390x.rpm gstreamer-plugins-libav-1.26.7-160000.1.1.s390x.rpm gstreamer-plugins-good-1.26.7-160000.1.1.s390x.rpm gstreamer-plugins-good-extra-1.26.7-160000.1.1.s390x.rpm gstreamer-plugins-good-gtk-1.26.7-160000.1.1.s390x.rpm gstreamer-plugins-good-jack-1.26.7-160000.1.1.s390x.rpm gstreamer-plugins-good-qtqml6-1.26.7-160000.1.1.s390x.rpm gstreamer-plugins-base-1.26.7-160000.1.1.s390x.rpm gstreamer-plugins-base-devel-1.26.7-160000.1.1.s390x.rpm libgstallocators-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstapp-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstaudio-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstfft-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstgl-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstpbutils-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstriff-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstrtp-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstrtsp-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstsdp-1_0-0-1.26.7-160000.1.1.s390x.rpm libgsttag-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstvideo-1_0-0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstAllocators-1_0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstApp-1_0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstAudio-1_0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstGL-1_0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstGLEGL-1_0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstGLWayland-1_0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstGLX11-1_0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstPbutils-1_0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstRtp-1_0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstRtsp-1_0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstSdp-1_0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstTag-1_0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstVideo-1_0-1.26.7-160000.1.1.s390x.rpm gstreamer-plugins-bad-1.26.7-160000.1.1.s390x.rpm gstreamer-plugins-bad-chromaprint-1.26.7-160000.1.1.s390x.rpm gstreamer-plugins-bad-devel-1.26.7-160000.1.1.s390x.rpm gstreamer-transcoder-1.26.7-160000.1.1.s390x.rpm gstreamer-transcoder-devel-1.26.7-160000.1.1.s390x.rpm libgstadaptivedemux-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstanalytics-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstbadaudio-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstbasecamerabinsrc-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstcodecparsers-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstcodecs-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstcuda-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstdxva-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstinsertbin-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstisoff-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstmpegts-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstmse-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstphotography-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstplay-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstplayer-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstsctp-1_0-0-1.26.7-160000.1.1.s390x.rpm libgsttranscoder-1_0-0-1.26.7-160000.1.1.s390x.rpm libgsturidownloader-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstva-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstvulkan-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstwayland-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstwebrtc-1_0-0-1.26.7-160000.1.1.s390x.rpm libgstwebrtcnice-1_0-0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-CudaGst-1_0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstAnalytics-1_0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstBadAudio-1_0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstCodecs-1_0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstCuda-1_0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstDxva-1_0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstInsertBin-1_0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstMpegts-1_0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstMse-1_0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstPlay-1_0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstPlayer-1_0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstTranscoder-1_0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstVa-1_0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstVulkan-1_0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstVulkanWayland-1_0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstVulkanXCB-1_0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstWebRTC-1_0-1.26.7-160000.1.1.s390x.rpm gstreamer-devtools-1.26.7-160000.1.1.s390x.rpm gstreamer-devtools-devel-1.26.7-160000.1.1.s390x.rpm libgstvalidate-1_0-0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-GstValidate-1_0-1.26.7-160000.1.1.s390x.rpm gstreamer-1.26.7-160000.1.1.s390x.rpm gstreamer-devel-1.26.7-160000.1.1.s390x.rpm gstreamer-utils-1.26.7-160000.1.1.s390x.rpm libgstreamer-1_0-0-1.26.7-160000.1.1.s390x.rpm typelib-1_0-Gst-1_0-1.26.7-160000.1.1.s390x.rpm gstreamer-rtsp-server-devel-1.26.7-160000.1.1.x86_64.rpm libgstrtspserver-1_0-0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstRtspServer-1_0-1.26.7-160000.1.1.x86_64.rpm gstreamer-plugins-ugly-1.26.7-160000.1.1.x86_64.rpm gstreamer-plugins-rs-1.26.7+git0.6ab75814-160000.1.1.x86_64.rpm gstreamer-plugins-libav-1.26.7-160000.1.1.x86_64.rpm gstreamer-plugins-good-1.26.7-160000.1.1.x86_64.rpm gstreamer-plugins-good-extra-1.26.7-160000.1.1.x86_64.rpm gstreamer-plugins-good-gtk-1.26.7-160000.1.1.x86_64.rpm gstreamer-plugins-good-jack-1.26.7-160000.1.1.x86_64.rpm gstreamer-plugins-good-qtqml6-1.26.7-160000.1.1.x86_64.rpm gstreamer-plugins-base-1.26.7-160000.1.1.x86_64.rpm gstreamer-plugins-base-devel-1.26.7-160000.1.1.x86_64.rpm libgstallocators-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstapp-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstaudio-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstfft-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstgl-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstpbutils-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstriff-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstrtp-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstrtsp-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstsdp-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgsttag-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstvideo-1_0-0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstAllocators-1_0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstApp-1_0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstAudio-1_0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstGL-1_0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstGLEGL-1_0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstGLWayland-1_0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstGLX11-1_0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstPbutils-1_0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstRtp-1_0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstRtsp-1_0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstSdp-1_0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstTag-1_0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstVideo-1_0-1.26.7-160000.1.1.x86_64.rpm gstreamer-plugins-bad-1.26.7-160000.1.1.x86_64.rpm gstreamer-plugins-bad-chromaprint-1.26.7-160000.1.1.x86_64.rpm gstreamer-plugins-bad-devel-1.26.7-160000.1.1.x86_64.rpm gstreamer-transcoder-1.26.7-160000.1.1.x86_64.rpm gstreamer-transcoder-devel-1.26.7-160000.1.1.x86_64.rpm libgstadaptivedemux-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstanalytics-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstbadaudio-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstbasecamerabinsrc-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstcodecparsers-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstcodecs-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstcuda-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstdxva-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstinsertbin-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstisoff-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstmpegts-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstmse-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstphotography-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstplay-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstplayer-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstsctp-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgsttranscoder-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgsturidownloader-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstva-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstvulkan-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstwayland-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstwebrtc-1_0-0-1.26.7-160000.1.1.x86_64.rpm libgstwebrtcnice-1_0-0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-CudaGst-1_0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstAnalytics-1_0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstBadAudio-1_0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstCodecs-1_0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstCuda-1_0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstDxva-1_0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstInsertBin-1_0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstMpegts-1_0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstMse-1_0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstPlay-1_0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstPlayer-1_0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstTranscoder-1_0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstVa-1_0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstVulkan-1_0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstVulkanWayland-1_0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstVulkanXCB-1_0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstWebRTC-1_0-1.26.7-160000.1.1.x86_64.rpm gstreamer-devtools-1.26.7-160000.1.1.x86_64.rpm gstreamer-devtools-devel-1.26.7-160000.1.1.x86_64.rpm libgstvalidate-1_0-0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-GstValidate-1_0-1.26.7-160000.1.1.x86_64.rpm gstreamer-1.26.7-160000.1.1.x86_64.rpm gstreamer-devel-1.26.7-160000.1.1.x86_64.rpm gstreamer-utils-1.26.7-160000.1.1.x86_64.rpm libgstreamer-1_0-0-1.26.7-160000.1.1.x86_64.rpm typelib-1_0-Gst-1_0-1.26.7-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-363 Security update for python-uv important SUSE SLFO 1.2 This update for python-uv fixes the following issue: - CVE-2025-13327: parsing differentials when processing specially crafted ZIP archives during package installation can lead to arbitrary code execution (bsc#1258993). python313-uv-0.7.18-160000.4.1.aarch64.rpm python313-uv-bash-completion-0.7.18-160000.4.1.noarch.rpm python313-uv-fish-completion-0.7.18-160000.4.1.noarch.rpm python313-uv-zsh-completion-0.7.18-160000.4.1.noarch.rpm python313-uv-0.7.18-160000.4.1.ppc64le.rpm python313-uv-0.7.18-160000.4.1.s390x.rpm python313-uv-0.7.18-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-364 Recommended update for lifecycle-data-sle-module-live-patching moderate SUSE SLFO 1.2 This update for lifecycle-data-sle-module-live-patching fixes the following issues: This specifies the lifecycle data of the kernel livepatches. - 6_12_0-160000-default, 6_12_0-160000_5-default, 6_12_0-160000_6-default, 6_12_0-160000_7-default, 6_12_0-160000_8-default (bsc#1020320) lifecycle-data-sle-module-live-patching-6-160000.1.1.noarch.rpm openSUSE-Leap-16.0-365 Security update for ImageMagick important SUSE SLFO 1.2 This update for ImageMagick fixes the following issues: - CVE-2026-22770: improper pointer initialization can cause denial of service (bsc#1256969). - CVE-2026-23874: manipulation of digital images can lead to stack overflow (bsc#1256976). - CVE-2026-23876: ImageMagick: maliciously crafted image can lead to heap buffer overflow (bsc#1256962). - CVE-2026-23952: processing comment tag can cause null pointer dereference (bsc#1257076). - CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression (bsc#1258743). - CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion (bsc#1258790). - CVE-2026-24485: denial of service via malformed PCD file processing (bsc#1258791). - CVE-2026-25576: Out of bounds read in multiple coders that read raw pixel data (bsc#1258748). - CVE-2026-25637: Denial of Service via crafted image due to memory leak (bsc#1258759). - CVE-2026-25638: Denial of Service due to memory leak in image processing (bsc#1258793). - CVE-2026-25794: Heap-buffer-overflow via signed integer overflow in `WriteUHDRImage` when writing UHDR images with large dimensions (bsc#1258749). - CVE-2026-25795: Denial of Service due to NULL pointer dereference during temporary file creation failure (bsc#1258792). - CVE-2026-25796: Memory leak of watermark Image object in ReadSTEGANOImage on multiple error/early-return paths (bsc#1258757). - CVE-2026-25797: Code injection in various encoders (bsc#1258770). - CVE-2026-25798: NULL Pointer Dereference in ClonePixelCacheRepository via crafted image (bsc#1258787). - CVE-2026-25799: Division-by-Zero in YUV sampling factor validation leads to crash (bsc#1258786). - CVE-2026-25897: Out-of-bounds heap write via integer overflow in sun decoder (bsc#1258799). - CVE-2026-25898: Information disclosure or denial of service via crafted image with invalid pixel index (bsc#1258807). - CVE-2026-25965: Policy bypass through path traversal allows reading restricted content despite secured policy (bsc#1258785). - CVE-2026-25966: Security Policy Bypass through config/policy-secure.xml via "fd handler" leads to stdin/stdout access (bsc#1258780). - CVE-2026-25967: Stack buffer overflow in FTXT reader via oversized integer field (bsc#1258779). - CVE-2026-25968: MSL attribute stack buffer overflow leads to out of bounds write (bsc#1258776). - CVE-2026-25969: Memory Leak in coders/ashlar.c (bsc#1258775). - CVE-2026-25970: Memory corruption and denial of service via signed integer overflow in SIXEL decoder (bsc#1258802). - CVE-2026-25971: MSL: Stack overflow in ProcessMSLScript (bsc#1258774). - CVE-2026-25982: Heap Out-of-Bounds Read in DCM Decoder (bsc#1258772). - CVE-2026-25983: Denial of service via crafted MSL script (bsc#1258805). - CVE-2026-25985: Memory allocation with excessive without limits in the internal SVG decoder (bsc#1258812). - CVE-2026-25986: Denial of Service via malicious YUV image processing (bsc#1258818). - CVE-2026-25987: Memory disclosure and denial of service via crafted MAP files (bsc#1258821). - CVE-2026-25988: Denial of Service due to memory leak in image processing (bsc#1258810). - CVE-2026-25989: Integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder (bsc#1258771). - CVE-2026-26066: Infinite loop when writing IPTCTEXT leads to denial of service via crafted profile (bsc#1258769). - CVE-2026-26283: Possible infinite loop in JPEG encoder when using `jpeg: extent` (bsc#1258767). - CVE-2026-26284: Heap overflow in pcd decoder leads to out of bounds read (bsc#1258765). - CVE-2026-26983: Invalid MSL <map> can result in a use after free (bsc#1258763). - CVE-2026-27798: Heap Buffer Over-read in WaveletDenoise when processing small images (bsc#1259018). - CVE-2026-27799: ImageMagick has a heap Buffer Over-read in its DJVU image format handler (bsc#1259017). ImageMagick-7.1.2.0-160000.6.1.aarch64.rpm ImageMagick-config-7-SUSE-7.1.2.0-160000.6.1.noarch.rpm ImageMagick-devel-7.1.2.0-160000.6.1.aarch64.rpm ImageMagick-doc-7.1.2.0-160000.6.1.noarch.rpm ImageMagick-extra-7.1.2.0-160000.6.1.aarch64.rpm libMagick++-7_Q16HDRI5-7.1.2.0-160000.6.1.aarch64.rpm libMagick++-devel-7.1.2.0-160000.6.1.aarch64.rpm libMagickCore-7_Q16HDRI10-7.1.2.0-160000.6.1.aarch64.rpm libMagickWand-7_Q16HDRI10-7.1.2.0-160000.6.1.aarch64.rpm perl-PerlMagick-7.1.2.0-160000.6.1.aarch64.rpm ImageMagick-config-7-upstream-limited-7.1.2.0-160000.6.1.noarch.rpm ImageMagick-config-7-upstream-open-7.1.2.0-160000.6.1.noarch.rpm ImageMagick-config-7-upstream-secure-7.1.2.0-160000.6.1.noarch.rpm ImageMagick-config-7-upstream-websafe-7.1.2.0-160000.6.1.noarch.rpm ImageMagick-7.1.2.0-160000.6.1.ppc64le.rpm ImageMagick-devel-7.1.2.0-160000.6.1.ppc64le.rpm ImageMagick-extra-7.1.2.0-160000.6.1.ppc64le.rpm libMagick++-7_Q16HDRI5-7.1.2.0-160000.6.1.ppc64le.rpm libMagick++-devel-7.1.2.0-160000.6.1.ppc64le.rpm libMagickCore-7_Q16HDRI10-7.1.2.0-160000.6.1.ppc64le.rpm libMagickWand-7_Q16HDRI10-7.1.2.0-160000.6.1.ppc64le.rpm perl-PerlMagick-7.1.2.0-160000.6.1.ppc64le.rpm ImageMagick-7.1.2.0-160000.6.1.s390x.rpm ImageMagick-devel-7.1.2.0-160000.6.1.s390x.rpm ImageMagick-extra-7.1.2.0-160000.6.1.s390x.rpm libMagick++-7_Q16HDRI5-7.1.2.0-160000.6.1.s390x.rpm libMagick++-devel-7.1.2.0-160000.6.1.s390x.rpm libMagickCore-7_Q16HDRI10-7.1.2.0-160000.6.1.s390x.rpm libMagickWand-7_Q16HDRI10-7.1.2.0-160000.6.1.s390x.rpm perl-PerlMagick-7.1.2.0-160000.6.1.s390x.rpm ImageMagick-7.1.2.0-160000.6.1.x86_64.rpm ImageMagick-devel-7.1.2.0-160000.6.1.x86_64.rpm ImageMagick-extra-7.1.2.0-160000.6.1.x86_64.rpm libMagick++-7_Q16HDRI5-7.1.2.0-160000.6.1.x86_64.rpm libMagick++-devel-7.1.2.0-160000.6.1.x86_64.rpm libMagickCore-7_Q16HDRI10-7.1.2.0-160000.6.1.x86_64.rpm libMagickWand-7_Q16HDRI10-7.1.2.0-160000.6.1.x86_64.rpm perl-PerlMagick-7.1.2.0-160000.6.1.x86_64.rpm openSUSE-Leap-16.0-367 Recommended update for squid important SUSE SLFO 1.2 This update for squid fixes the following issues: Changes in squid: - fix working with crypto module (bsc#1250223) squid-6.12-160000.4.1.aarch64.rpm squid-6.12-160000.4.1.ppc64le.rpm squid-6.12-160000.4.1.s390x.rpm squid-6.12-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-368 Security update for freerdp important SUSE SLFO 1.2 This update for freerdp fixes the following issues: Update to version 3.22.0 (jsc#PED-15526): + Major bugfix release: * Complete overhaul of SDL client * Introduction of new WINPR_ATTR_NODISCARD macro wrapping compiler or C language version specific [[nodiscard]] attributes * Addition of WINPR_ATTR_NODISCARD to (some) public API functions so usage errors are producing warnings now * Add some more stringify functions for logging * We've received CVE reports, check https://github.com/FreeRDP/FreeRDP/security/advisories for more details! @Keryer reported an issue affecting client and proxy: * CVE-2026-23948 @ehdgks0627 did some more fuzzying and found quite a number of client side bugs. * CVE-2026-24682 * CVE-2026-24683 * CVE-2026-24676 * CVE-2026-24677 * CVE-2026-24678 * CVE-2026-24684 * CVE-2026-24679 * CVE-2026-24681 * CVE-2026-24675 * CVE-2026-24491 * CVE-2026-24680 - Changes from version 3.21.0 * [core,info] fix missing NULL check (#12157) * [gateway,tsg] fix TSG_PACKET_RESPONSE parsing (#12161) * Allow querying auth identity with kerberos when running as a server (#12162) * Sspi krb heimdal (#12163) * Tsg fix idleTimeout parsing (#12167) * [channels,smartcard] revert 649f7de (#12166) * [crypto] deprecate er and der modules (#12170) * [channels,rdpei] lock full update, not only parts (#12175) * [winpr,platform] add WINPR_ATTR_NODISCARD macro (#12178) * Wlog cleanup (#12179) * new stringify functions & touch API defines (#12180) * Add support for querying SECPKG_ATTR_PACKAGE_INFO to NTLM and Kerberos (#12171) * [channels,video] measure times in ns (#12184) * [utils] Nodiscard (#12187) * Error handling fixes (#12186) * [channels,drdynvc] check pointer before reset (#12189) * Winpr api def (#12190) * [winpr,platform] drop C23 [[nodiscard]] (#12192) * [gdi] add additional checks for a valid rdpGdi (#12194) * Sdl3 high dpiv2 (#12173) * peer: Disconnect if Logon() returned FALSE (#12196) * [channels,rdpecam] fix PROPERTY_DESCRIPTION parsing (#12197) * [channel,rdpsnd] only clean up thread before free (#12199) * [channels,rdpei] add RDPINPUT_CONTACT_FLAG_UP (#12195) - Update to version 3.21.0: + Bugfix release with a few new API functions addressing shortcomings with regard to input data validation. Thanks to @ehdgks0627 we have fixed the following additional (medium) client side vulnerabilities: * CVE-2026-23530 * CVE-2026-23531 * CVE-2026-23532 * CVE-2026-23533 * CVE-2026-23534 * CVE-2026-23732 * CVE-2026-23883 * CVE-2026-23884 - Changes from version 3.20.2 * [client,sdl] fix monitor resolution (#12142) * [codec,progressive] fix progressive_rfx_upgrade_block (#12143) * Krb cache fix (#12145) * Rdpdr improved checks (#12141) * Codec advanced length checks (#12146) * Glyph fix length checks (#12151) * Wlog printf format string checks (#12150) * [warnings,format] fix format string warnings (#12152) * Double free fixes (#12153) * [clang-tidy] clean up code warnings (#12154) - Update to version 3.20.2: + Patch release fixing a regression with gateway connections introduced with 3.20.1 ## What's Changed * Warnings and missing enumeration types (#12137) - Changes from version 3.20.1: + New years cleanup release. Fixes some issues reported and does a cleaning sweep to bring down warnings. Thanks to @ehdgks0627 doing some code review/testing we've uncovered the following (medium) vulnerabilities: * CVE-2026-22851 * CVE-2026-22852 * CVE-2026-22853 * CVE-2026-22854 * CVE-2026-22855 * CVE-2026-22856 * CVE-2026-22857 * CVE-2026-22858 * CVE-2026-22859 + These affect FreeRDP based clients only, with the exception of CVE-2026-22858 also affecting FreeRDP proxy. FreeRDP based servers are not affected. - Update to version 3.20.0: * Mingw fixes (#12070) * [crypto,certificate_data] add some hostname sanitation * [client,common]: Fix loading of rdpsnd channel * [client,sdl] set touch and pen hints - Changes from version 3.19.1: * [core,transport] improve SSL error logging * [utils,helpers] fix freerdp_settings_get_legacy_config_path * From stdin and sdl-creds improve * [crypto,certificate] sanitize hostnames * [channels,drdynvc] propagate error in dynamic channel * [CMake] make Mbed-TLS and LibreSSL experimental * Json fix * rdpecam: send sample only if it's available * [channels,rdpecam] allow MJPEG frame skip and direct passthrough * [winpr,utils] explicit NULL checks in jansson WINPR_JSON_ParseWithLength - Changes from version 3.19.0: * [client,common] fix retry counter * [cmake] fix aarch64 neon detection * Fix response body existence check when using RDP Gateway * fix line clipping issue * Clip coord fix * [core,input] Add debug log to keyboard state sync * Update command line usage for gateway option * [codec,ffmpeg] 8.0 dropped AV_PROFILE_AAC_MAIN * [channels,audin] fix pulse memory leak * [channels,drive] Small performance improvements in drive channel * [winpr,utils] fix command line error logging * [common,test] Adjust AVC and H264 expectations * drdynvc: implement compressed packet * [channels,rdpecam] improve log messages * Fix remote credential guard channel loading * Fix inverted ifdef * [core,nego] disable all enabled modes except the one requested * rdpear: handle basic NTLM commands and fix server-side * [smartcardlogon] Fix off-by-one error in `smartcard_hw_enumerateCerts` * rdpecam: fix camera sample grabbing - Update to version 3.18.0: + Fix a regression reading passwords from stdin + Fix a timer regression (µs instead of ms) + Improved multitouch support + Fix a bug with PLANAR codec (used with /bpp:32 or sometimes with /gfx) + Better error handling for ARM transport (Entra) + Fix audio encoder lag (microphone/AAC) with FFMPEG + Support for janssen JSON library - Update to version 3.17.2: + Minor improvements and bugfix release. + Most notably resource usage (file handles) has been greatly reduced and static build pkg-config have been fixed. For users of xfreerdp RAILS/RemoteApp mode the switch to DesktopSession mode has been fixed (working UAC screen) - Changes from version 3.17.1 + Minor improvements and bugfix release. * most notably a memory leak was addressed * fixed header files missing C++ guards * xfreerdp as well as the SDL clients now support a system wide configuration file * Heimdal kerberos support was improved * builds with [MS-RDPEAR] now properly abort at configure if Heimdal is used (this configuration was never supported, so ensure nobody compiles it that way) - Enable openh264 support, we can build against the noopenh264 stub - Update to 3.17.0: * [client,sdl2] fix build with webview (#11685) * [core,nla] use wcslen for password length (#11687) * Clear channel error prior to call channel init event proc (#11688) * Warn args (#11689) * [client,common] fix -mouse-motion (#11690) * [core,proxy] fix IPv4 and IPv6 length (#11692) * Regression fix2 (#11696) * Log fixes (#11693) * [common,settings] fix int casts (#11699) * [core,connection] fix log level of several messages (#11697) * [client,sdl] print current video driver (#11701) * [crypto,tls] print big warning for /cert:ignore (#11704) * [client,desktop] fix StartupWMClass setting (#11708) * [cmake] unify version creation (#11711) * [common,settings] force reallocation on caps copy (#11715) * [manpages] Add example of keyboard remapping (#11718) * Some fixes in Negotiate and NLA (#11722) * [client,x11] fix clipboard issues (#11724) * kerberos: do various tries for TGT retrieval in u2u (#11723) * Cmdline escape strings (#11735) * [winpr,utils] do not log command line arguments (#11736) * [api,doc] Add stylesheed for doxygen (#11738) * [core,proxy] fix BIO read methods (#11739) * [client,common] fix sso_mib_get_access_token return value in error case (#11741) * [crypto,tls] do not use context->settings->instance (#11749) * winpr: re-introduce the credentials module (#11734) * [winpr,timezone] ensure thread-safe initialization (#11754) * core/redirection: Ensure stream has enough space for the certificate (#11762) * [client,common] do not log success (#11766) * Clean up bugs exposed on systems with high core counts (#11761) * [cmake] add installWithRPATH (#11747) * [clang-tidy] fix various warnings (#11769) * Wlog improve type checks (#11774) * [client,common] fix tenantid command line parsing (#11779) * Proxy module static and shared linking support (#11768) * LoadLibrary Null fix (#11786) * [client,common] add freerdp_client_populate_settings_from_rdp_file_un… (#11780) * Fullchain support (#11787) * [client,x11] ignore floatbar events (#11771) * [winpr,credentials] prefer utf-8 over utf-16-LE #11790 * [proxy,modules] ignore bitmap-filter skip remaining #11789 - Update to 3.16.0: * Lots of improvements for the SDL3 client * Various X11 client improvements * Add a timer implementation * Various AAD/Azure/Entra improvements * YUV420 primitives fixes - Update to 3.15.0: * [client,sdl] fix crash on suppress output * [channels,remdesk] fix possible memory leak * [client,x11] map exit code success * Hidef rail checks and deprecation fixe * Standard rdp security network issues * [core,rdp] fix check for SEC_FLAGSHI_VALID * [core,caps] fix rdp_apply_order_capability_set * [core,proxy] align no_proxy to curl * [core,gateway] fix string reading for TSG * [client,sdl] refactor display update - Update to version 3.14.0: + Bugfix and cleanup release. Due to some new API functions the minor version has been increased. - Changes from version 3.13.0: + Friends of old hardware rejoice, serial port redirection got an update (not kidding you) + Android builds have been updated to be usable again + Mingw builds now periodically do a shared and static build + Fixed some bugs and regressions along the way and improved test coverage as well - Changes from version 3.12.0: + Multimonitor backward compatibility fixes + Smartcard compatibility + Improve the [MS-RDPECAM] support + Improve smartcard redirection support + Refactor SSE optimizations: Split headers, unify load/store, require SSE3 for all optimized functions + Refactors the CMake build to better support configuration based builders + Fix a few regressions from last release (USB redirection and graphical glitches) - Changes from version 3.11.0: + A new release with bugfixes and code cleanups as well as a few nifty little features - CVE-2024-22211: In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. (bsc#1219049) - CVE-2024-32658: Fixedout-of-bounds read in Interleaved RLE Bitmap Codec in FreeRDP based clients (bsc#1223353) - Multiple CVE fixes + CVE-2024-32659: Fixed out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`(bsc#1223346) + CVE-2024-32660: Fixed client crash via invalid huge allocation size (bsc#1223347) + CVE-2024-32661: Fixed client NULL pointer dereference (bsc#1223348) - Multiple CVE fixes: * bsc#1223293, CVE-2024-32039 * bsc#1223294, CVE-2024-32040 * bsc#1223295, CVE-2024-32041 * bsc#1223296, CVE-2024-32458 * bsc#1223297, CVE-2024-32459 * bsc#1223298, CVE-2024-32460 * Fix CVE-2023-40574 - bsc#1214869: Out-Of-Bounds Write in general_YUV444ToRGB_8u_P3AC4R_BGRX * Fix CVE-2023-40575 - bsc#1214870: Out-Of-Bounds Read in general_YUV444ToRGB_8u_P3AC4R_BGRX * Fix CVE-2023-40576 - bsc#1214871: Out-Of-Bounds Read in RleDecompress freerdp-3.22.0-160000.1.1.aarch64.rpm freerdp-devel-3.22.0-160000.1.1.aarch64.rpm freerdp-proxy-3.22.0-160000.1.1.aarch64.rpm freerdp-proxy-plugins-3.22.0-160000.1.1.aarch64.rpm freerdp-sdl-3.22.0-160000.1.1.aarch64.rpm freerdp-server-3.22.0-160000.1.1.aarch64.rpm freerdp-wayland-3.22.0-160000.1.1.aarch64.rpm libfreerdp-server-proxy3-3-3.22.0-160000.1.1.aarch64.rpm libfreerdp3-3-3.22.0-160000.1.1.aarch64.rpm librdtk0-0-3.22.0-160000.1.1.aarch64.rpm libuwac0-0-3.22.0-160000.1.1.aarch64.rpm libwinpr3-3-3.22.0-160000.1.1.aarch64.rpm rdtk0-devel-3.22.0-160000.1.1.aarch64.rpm uwac0-devel-3.22.0-160000.1.1.aarch64.rpm winpr-devel-3.22.0-160000.1.1.aarch64.rpm freerdp-3.22.0-160000.1.1.ppc64le.rpm freerdp-devel-3.22.0-160000.1.1.ppc64le.rpm freerdp-proxy-3.22.0-160000.1.1.ppc64le.rpm freerdp-proxy-plugins-3.22.0-160000.1.1.ppc64le.rpm freerdp-sdl-3.22.0-160000.1.1.ppc64le.rpm freerdp-server-3.22.0-160000.1.1.ppc64le.rpm freerdp-wayland-3.22.0-160000.1.1.ppc64le.rpm libfreerdp-server-proxy3-3-3.22.0-160000.1.1.ppc64le.rpm libfreerdp3-3-3.22.0-160000.1.1.ppc64le.rpm librdtk0-0-3.22.0-160000.1.1.ppc64le.rpm libuwac0-0-3.22.0-160000.1.1.ppc64le.rpm libwinpr3-3-3.22.0-160000.1.1.ppc64le.rpm rdtk0-devel-3.22.0-160000.1.1.ppc64le.rpm uwac0-devel-3.22.0-160000.1.1.ppc64le.rpm winpr-devel-3.22.0-160000.1.1.ppc64le.rpm freerdp-3.22.0-160000.1.1.s390x.rpm freerdp-devel-3.22.0-160000.1.1.s390x.rpm freerdp-proxy-3.22.0-160000.1.1.s390x.rpm freerdp-proxy-plugins-3.22.0-160000.1.1.s390x.rpm freerdp-sdl-3.22.0-160000.1.1.s390x.rpm freerdp-server-3.22.0-160000.1.1.s390x.rpm freerdp-wayland-3.22.0-160000.1.1.s390x.rpm libfreerdp-server-proxy3-3-3.22.0-160000.1.1.s390x.rpm libfreerdp3-3-3.22.0-160000.1.1.s390x.rpm librdtk0-0-3.22.0-160000.1.1.s390x.rpm libuwac0-0-3.22.0-160000.1.1.s390x.rpm libwinpr3-3-3.22.0-160000.1.1.s390x.rpm rdtk0-devel-3.22.0-160000.1.1.s390x.rpm uwac0-devel-3.22.0-160000.1.1.s390x.rpm winpr-devel-3.22.0-160000.1.1.s390x.rpm freerdp-3.22.0-160000.1.1.x86_64.rpm freerdp-devel-3.22.0-160000.1.1.x86_64.rpm freerdp-proxy-3.22.0-160000.1.1.x86_64.rpm freerdp-proxy-plugins-3.22.0-160000.1.1.x86_64.rpm freerdp-sdl-3.22.0-160000.1.1.x86_64.rpm freerdp-server-3.22.0-160000.1.1.x86_64.rpm freerdp-wayland-3.22.0-160000.1.1.x86_64.rpm libfreerdp-server-proxy3-3-3.22.0-160000.1.1.x86_64.rpm libfreerdp3-3-3.22.0-160000.1.1.x86_64.rpm librdtk0-0-3.22.0-160000.1.1.x86_64.rpm libuwac0-0-3.22.0-160000.1.1.x86_64.rpm libwinpr3-3-3.22.0-160000.1.1.x86_64.rpm rdtk0-devel-3.22.0-160000.1.1.x86_64.rpm uwac0-devel-3.22.0-160000.1.1.x86_64.rpm winpr-devel-3.22.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-369 Security update for cJSON important SUSE SLFO 1.2 This update for cJSON fixes the following issues: - Update to version 1.7.19 * Check for NULL in cJSON_DetachItemViaPointer. * Check overlap before calling strcpy in cJSON_SetValuestring. * Fix Max recursion depth for cJSON_Duplicate to prevent stack exhaustion. * Allocate memory for the temporary buffer when paring numbers. This fixes CVE-2023-26819. (bsc#1241502) * Fix the incorrect check in decode_array_index_from_pointer. This fixes CVE-2025-57052. (bsc#1249112) - Remove not longer needed patch for NULL to deallocated pointers. cJSON-devel-1.7.19-160000.1.1.aarch64.rpm libcjson1-1.7.19-160000.1.1.aarch64.rpm cJSON-devel-1.7.19-160000.1.1.ppc64le.rpm libcjson1-1.7.19-160000.1.1.ppc64le.rpm cJSON-devel-1.7.19-160000.1.1.s390x.rpm libcjson1-1.7.19-160000.1.1.s390x.rpm cJSON-devel-1.7.19-160000.1.1.x86_64.rpm libcjson1-1.7.19-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-37 Recommended update for plymouth important SUSE SLFO 1.2 This update for plymouth fixes the following issues: - Use frame-buffer in vmware VM platform, since the system use vesa, plymouth DRM driver intial out of time, and the cutomer also feedback frame-buffer works fine (bsc#1234643). - Bochs and cirrus DRM drivers are fully compatible with plymouth. Remove the workaround that forces them to use fbdev. - Resolves the blank screen when disabling fbdev interfaces (bsc#1232727, bsc#1234643). - Support the 2nd monitor hotplugin to the system in random order (bsc#1231214). - Tumbleweed following upstream, which already support "--runstatedir", don't need this modification anymore (jsc#PED-5841). - The current edition of autoconf on SLE-15-SP6:GA don't support "--runstatedir" yet, so reverse plymouth compile option to the old "--withruntimedir" (jsc#PED-5841). - Properly list services as parameters to: * populate-initrd: Install label-freetype plugin into initrd if * ply-device-manager: Add plymouth.force-frame-buffer-on-boot * systemd: Add mkinitcpio support to * ply-device-manager: Also ignore SimpleDRM devs in coldplug - Avoid invalid script commands failure (bsc#1203147). libply-boot-client5-22.02.122+94.4bd41a3-160000.3.1.aarch64.rpm libply-splash-core5-22.02.122+94.4bd41a3-160000.3.1.aarch64.rpm libply-splash-graphics5-22.02.122+94.4bd41a3-160000.3.1.aarch64.rpm libply5-22.02.122+94.4bd41a3-160000.3.1.aarch64.rpm plymouth-22.02.122+94.4bd41a3-160000.3.1.aarch64.rpm plymouth-branding-upstream-22.02.122+94.4bd41a3-160000.3.1.noarch.rpm plymouth-devel-22.02.122+94.4bd41a3-160000.3.1.aarch64.rpm plymouth-dracut-22.02.122+94.4bd41a3-160000.3.1.noarch.rpm plymouth-lang-22.02.122+94.4bd41a3-160000.3.1.noarch.rpm plymouth-plugin-fade-throbber-22.02.122+94.4bd41a3-160000.3.1.aarch64.rpm plymouth-plugin-label-22.02.122+94.4bd41a3-160000.3.1.aarch64.rpm plymouth-plugin-label-ft-22.02.122+94.4bd41a3-160000.3.1.aarch64.rpm plymouth-plugin-script-22.02.122+94.4bd41a3-160000.3.1.aarch64.rpm plymouth-plugin-space-flares-22.02.122+94.4bd41a3-160000.3.1.aarch64.rpm plymouth-plugin-tribar-22.02.122+94.4bd41a3-160000.3.1.aarch64.rpm plymouth-plugin-two-step-22.02.122+94.4bd41a3-160000.3.1.aarch64.rpm plymouth-scripts-22.02.122+94.4bd41a3-160000.3.1.noarch.rpm plymouth-theme-bgrt-22.02.122+94.4bd41a3-160000.3.1.noarch.rpm plymouth-theme-fade-in-22.02.122+94.4bd41a3-160000.3.1.noarch.rpm plymouth-theme-script-22.02.122+94.4bd41a3-160000.3.1.noarch.rpm plymouth-theme-solar-22.02.122+94.4bd41a3-160000.3.1.noarch.rpm plymouth-theme-spinfinity-22.02.122+94.4bd41a3-160000.3.1.noarch.rpm plymouth-theme-spinner-22.02.122+94.4bd41a3-160000.3.1.noarch.rpm plymouth-theme-tribar-22.02.122+94.4bd41a3-160000.3.1.noarch.rpm libply-boot-client5-22.02.122+94.4bd41a3-160000.3.1.ppc64le.rpm libply-splash-core5-22.02.122+94.4bd41a3-160000.3.1.ppc64le.rpm libply-splash-graphics5-22.02.122+94.4bd41a3-160000.3.1.ppc64le.rpm libply5-22.02.122+94.4bd41a3-160000.3.1.ppc64le.rpm plymouth-22.02.122+94.4bd41a3-160000.3.1.ppc64le.rpm plymouth-devel-22.02.122+94.4bd41a3-160000.3.1.ppc64le.rpm plymouth-plugin-fade-throbber-22.02.122+94.4bd41a3-160000.3.1.ppc64le.rpm plymouth-plugin-label-22.02.122+94.4bd41a3-160000.3.1.ppc64le.rpm plymouth-plugin-label-ft-22.02.122+94.4bd41a3-160000.3.1.ppc64le.rpm plymouth-plugin-script-22.02.122+94.4bd41a3-160000.3.1.ppc64le.rpm plymouth-plugin-space-flares-22.02.122+94.4bd41a3-160000.3.1.ppc64le.rpm plymouth-plugin-tribar-22.02.122+94.4bd41a3-160000.3.1.ppc64le.rpm plymouth-plugin-two-step-22.02.122+94.4bd41a3-160000.3.1.ppc64le.rpm libply-boot-client5-22.02.122+94.4bd41a3-160000.3.1.s390x.rpm libply-splash-core5-22.02.122+94.4bd41a3-160000.3.1.s390x.rpm libply-splash-graphics5-22.02.122+94.4bd41a3-160000.3.1.s390x.rpm libply5-22.02.122+94.4bd41a3-160000.3.1.s390x.rpm plymouth-22.02.122+94.4bd41a3-160000.3.1.s390x.rpm plymouth-devel-22.02.122+94.4bd41a3-160000.3.1.s390x.rpm plymouth-plugin-fade-throbber-22.02.122+94.4bd41a3-160000.3.1.s390x.rpm plymouth-plugin-label-22.02.122+94.4bd41a3-160000.3.1.s390x.rpm plymouth-plugin-label-ft-22.02.122+94.4bd41a3-160000.3.1.s390x.rpm plymouth-plugin-script-22.02.122+94.4bd41a3-160000.3.1.s390x.rpm plymouth-plugin-space-flares-22.02.122+94.4bd41a3-160000.3.1.s390x.rpm plymouth-plugin-tribar-22.02.122+94.4bd41a3-160000.3.1.s390x.rpm plymouth-plugin-two-step-22.02.122+94.4bd41a3-160000.3.1.s390x.rpm libply-boot-client5-22.02.122+94.4bd41a3-160000.3.1.x86_64.rpm libply-splash-core5-22.02.122+94.4bd41a3-160000.3.1.x86_64.rpm libply-splash-graphics5-22.02.122+94.4bd41a3-160000.3.1.x86_64.rpm libply5-22.02.122+94.4bd41a3-160000.3.1.x86_64.rpm plymouth-22.02.122+94.4bd41a3-160000.3.1.x86_64.rpm plymouth-devel-22.02.122+94.4bd41a3-160000.3.1.x86_64.rpm plymouth-plugin-fade-throbber-22.02.122+94.4bd41a3-160000.3.1.x86_64.rpm plymouth-plugin-label-22.02.122+94.4bd41a3-160000.3.1.x86_64.rpm plymouth-plugin-label-ft-22.02.122+94.4bd41a3-160000.3.1.x86_64.rpm plymouth-plugin-script-22.02.122+94.4bd41a3-160000.3.1.x86_64.rpm plymouth-plugin-space-flares-22.02.122+94.4bd41a3-160000.3.1.x86_64.rpm plymouth-plugin-tribar-22.02.122+94.4bd41a3-160000.3.1.x86_64.rpm plymouth-plugin-two-step-22.02.122+94.4bd41a3-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-370 Security update for kea important SUSE SLFO 1.2 This update for kea fixes the following issues: Update to release 3.0.1: - CVE-2025-40779: Fixed crash upon interaction between specific client options and subnet selection (bsc#1248801). kea-3.0.1-160000.1.1.aarch64.rpm kea-devel-3.0.1-160000.1.1.aarch64.rpm kea-doc-3.0.1-160000.1.1.noarch.rpm kea-hooks-3.0.1-160000.1.1.aarch64.rpm libkea-asiodns62-3.0.1-160000.1.1.aarch64.rpm libkea-asiolink88-3.0.1-160000.1.1.aarch64.rpm libkea-cc82-3.0.1-160000.1.1.aarch64.rpm libkea-cfgrpt3-3.0.1-160000.1.1.aarch64.rpm libkea-config83-3.0.1-160000.1.1.aarch64.rpm libkea-cryptolink64-3.0.1-160000.1.1.aarch64.rpm libkea-d2srv63-3.0.1-160000.1.1.aarch64.rpm libkea-database76-3.0.1-160000.1.1.aarch64.rpm libkea-dhcp109-3.0.1-160000.1.1.aarch64.rpm libkea-dhcp_ddns68-3.0.1-160000.1.1.aarch64.rpm libkea-dhcpsrv130-3.0.1-160000.1.1.aarch64.rpm libkea-dns71-3.0.1-160000.1.1.aarch64.rpm libkea-eval84-3.0.1-160000.1.1.aarch64.rpm libkea-exceptions45-3.0.1-160000.1.1.aarch64.rpm libkea-hooks119-3.0.1-160000.1.1.aarch64.rpm libkea-http87-3.0.1-160000.1.1.aarch64.rpm libkea-log-interprocess3-3.0.1-160000.1.1.aarch64.rpm libkea-log75-3.0.1-160000.1.1.aarch64.rpm libkea-mysql88-3.0.1-160000.1.1.aarch64.rpm libkea-pgsql88-3.0.1-160000.1.1.aarch64.rpm libkea-process90-3.0.1-160000.1.1.aarch64.rpm libkea-stats53-3.0.1-160000.1.1.aarch64.rpm libkea-tcp33-3.0.1-160000.1.1.aarch64.rpm libkea-util-io12-3.0.1-160000.1.1.aarch64.rpm libkea-util101-3.0.1-160000.1.1.aarch64.rpm python3-kea-3.0.1-160000.1.1.aarch64.rpm kea-3.0.1-160000.1.1.ppc64le.rpm kea-devel-3.0.1-160000.1.1.ppc64le.rpm kea-hooks-3.0.1-160000.1.1.ppc64le.rpm libkea-asiodns62-3.0.1-160000.1.1.ppc64le.rpm libkea-asiolink88-3.0.1-160000.1.1.ppc64le.rpm libkea-cc82-3.0.1-160000.1.1.ppc64le.rpm libkea-cfgrpt3-3.0.1-160000.1.1.ppc64le.rpm libkea-config83-3.0.1-160000.1.1.ppc64le.rpm libkea-cryptolink64-3.0.1-160000.1.1.ppc64le.rpm libkea-d2srv63-3.0.1-160000.1.1.ppc64le.rpm libkea-database76-3.0.1-160000.1.1.ppc64le.rpm libkea-dhcp109-3.0.1-160000.1.1.ppc64le.rpm libkea-dhcp_ddns68-3.0.1-160000.1.1.ppc64le.rpm libkea-dhcpsrv130-3.0.1-160000.1.1.ppc64le.rpm libkea-dns71-3.0.1-160000.1.1.ppc64le.rpm libkea-eval84-3.0.1-160000.1.1.ppc64le.rpm libkea-exceptions45-3.0.1-160000.1.1.ppc64le.rpm libkea-hooks119-3.0.1-160000.1.1.ppc64le.rpm libkea-http87-3.0.1-160000.1.1.ppc64le.rpm libkea-log-interprocess3-3.0.1-160000.1.1.ppc64le.rpm libkea-log75-3.0.1-160000.1.1.ppc64le.rpm libkea-mysql88-3.0.1-160000.1.1.ppc64le.rpm libkea-pgsql88-3.0.1-160000.1.1.ppc64le.rpm libkea-process90-3.0.1-160000.1.1.ppc64le.rpm libkea-stats53-3.0.1-160000.1.1.ppc64le.rpm libkea-tcp33-3.0.1-160000.1.1.ppc64le.rpm libkea-util-io12-3.0.1-160000.1.1.ppc64le.rpm libkea-util101-3.0.1-160000.1.1.ppc64le.rpm python3-kea-3.0.1-160000.1.1.ppc64le.rpm kea-3.0.1-160000.1.1.s390x.rpm kea-devel-3.0.1-160000.1.1.s390x.rpm kea-hooks-3.0.1-160000.1.1.s390x.rpm libkea-asiodns62-3.0.1-160000.1.1.s390x.rpm libkea-asiolink88-3.0.1-160000.1.1.s390x.rpm libkea-cc82-3.0.1-160000.1.1.s390x.rpm libkea-cfgrpt3-3.0.1-160000.1.1.s390x.rpm libkea-config83-3.0.1-160000.1.1.s390x.rpm libkea-cryptolink64-3.0.1-160000.1.1.s390x.rpm libkea-d2srv63-3.0.1-160000.1.1.s390x.rpm libkea-database76-3.0.1-160000.1.1.s390x.rpm libkea-dhcp109-3.0.1-160000.1.1.s390x.rpm libkea-dhcp_ddns68-3.0.1-160000.1.1.s390x.rpm libkea-dhcpsrv130-3.0.1-160000.1.1.s390x.rpm libkea-dns71-3.0.1-160000.1.1.s390x.rpm libkea-eval84-3.0.1-160000.1.1.s390x.rpm libkea-exceptions45-3.0.1-160000.1.1.s390x.rpm libkea-hooks119-3.0.1-160000.1.1.s390x.rpm libkea-http87-3.0.1-160000.1.1.s390x.rpm libkea-log-interprocess3-3.0.1-160000.1.1.s390x.rpm libkea-log75-3.0.1-160000.1.1.s390x.rpm libkea-mysql88-3.0.1-160000.1.1.s390x.rpm libkea-pgsql88-3.0.1-160000.1.1.s390x.rpm libkea-process90-3.0.1-160000.1.1.s390x.rpm libkea-stats53-3.0.1-160000.1.1.s390x.rpm libkea-tcp33-3.0.1-160000.1.1.s390x.rpm libkea-util-io12-3.0.1-160000.1.1.s390x.rpm libkea-util101-3.0.1-160000.1.1.s390x.rpm python3-kea-3.0.1-160000.1.1.s390x.rpm kea-3.0.1-160000.1.1.x86_64.rpm kea-devel-3.0.1-160000.1.1.x86_64.rpm kea-hooks-3.0.1-160000.1.1.x86_64.rpm libkea-asiodns62-3.0.1-160000.1.1.x86_64.rpm libkea-asiolink88-3.0.1-160000.1.1.x86_64.rpm libkea-cc82-3.0.1-160000.1.1.x86_64.rpm libkea-cfgrpt3-3.0.1-160000.1.1.x86_64.rpm libkea-config83-3.0.1-160000.1.1.x86_64.rpm libkea-cryptolink64-3.0.1-160000.1.1.x86_64.rpm libkea-d2srv63-3.0.1-160000.1.1.x86_64.rpm libkea-database76-3.0.1-160000.1.1.x86_64.rpm libkea-dhcp109-3.0.1-160000.1.1.x86_64.rpm libkea-dhcp_ddns68-3.0.1-160000.1.1.x86_64.rpm libkea-dhcpsrv130-3.0.1-160000.1.1.x86_64.rpm libkea-dns71-3.0.1-160000.1.1.x86_64.rpm libkea-eval84-3.0.1-160000.1.1.x86_64.rpm libkea-exceptions45-3.0.1-160000.1.1.x86_64.rpm libkea-hooks119-3.0.1-160000.1.1.x86_64.rpm libkea-http87-3.0.1-160000.1.1.x86_64.rpm libkea-log-interprocess3-3.0.1-160000.1.1.x86_64.rpm libkea-log75-3.0.1-160000.1.1.x86_64.rpm libkea-mysql88-3.0.1-160000.1.1.x86_64.rpm libkea-pgsql88-3.0.1-160000.1.1.x86_64.rpm libkea-process90-3.0.1-160000.1.1.x86_64.rpm libkea-stats53-3.0.1-160000.1.1.x86_64.rpm libkea-tcp33-3.0.1-160000.1.1.x86_64.rpm libkea-util-io12-3.0.1-160000.1.1.x86_64.rpm libkea-util101-3.0.1-160000.1.1.x86_64.rpm python3-kea-3.0.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-371 Security update for go1.26 important SUSE SLFO 1.2 This update for go1.26 fixes the following issues: Changes in go1.26: go1.26.1 (released 2026-03-05) includes security fixes to the crypto/x509, html/template, net/url, and os packages, as well as bug fixes to the go command, the go fix command, the compiler, and the os and reflect packages. ( boo#1255111) CVE-2026-25679 CVE-2026-27142 CVE-2026-27137 CVE-2026-27138 CVE-2026-27139 * go#77970 go#77578 boo#1259264 security: fix CVE-2026-25679 net/url: reject IPv6 literal not at start of host * go#77972 go#77954 boo#1259265 security: fix CVE-2026-27142 html/template: URLs in meta content attribute actions are not escaped * go#77973 go#77952 boo#1259266 security: fix CVE-2026-27137 crypto/x509: incorrect enforcement of email constraints * go#77974 go#77953 boo#1259267 security: fix CVE-2026-27138 crypto/x509: panic in name constraint checking for malformed certificates * go#77834 go#77827 boo#1259268 security: fix CVE-2026-27139 os: FileInfo can escape from a Root * go#77252 cmd/compile: miscompile of global array initialization * go#77407 os: Go 1.25.x regression on RemoveAll for windows * go#77474 cmd/go: CGO compilation fails after upgrading from Go 1.25.5 to 1.25.6 due to --define-variable flag in pkg-config * go#77529 cmd/fix, x/tools/go/analysis/passes/modernize: stringscut: OOB panic in indexArgValid analyzing "buf.Bytes()" call * go#77532 net/smtp: expiry date of localhostCert for testing is too short * go#77536 cmd/compile: internal compiler error: 'main.func1': not lowered: v15, Load STRUCT PTR SSA * go#77618 strings: HasSuffix doesn't work correctly for multibyte runes in go 1.26 * go#77623 cmd/compile: internal compiler error on : "tried to free an already free register" with generic function and type >= 192 bytes * go#77624 cmd/fix, x/tools/go/analysis/passes/modernize: stringsbuilder breaks code when combining two strings.Builders * go#77680 cmd/link: TestFlagW/-w_-linkmode=external fails on illumos * go#77766 cmd/fix,x/tools/go/analysis/passes/modernize: rangeint uses target platform's type in the range expression, breaking other platforms * go#77780 reflect: breaking change for reflect.Value.Interface behaviour * go#77786 cmd/compile: rewriteFixedLoad does not properly sign extend AuxInt * go#77803 cmd/fix,x/tools/go/analysis/passes/modernize: reflect.TypeOf(nil) transformed into reflect.TypeFor[untyped nil]() * go#77804 cmd/fix,x/tools/go/analysis/passes/modernize: minmax breaks select statements * go#77805 cmd/fix, x/tools/go/analysis/passes/modernize: waitgroup leads to a compilation error * go#77807 cmd/fix,x/tools/go/analysis/passes/modernize: stringsbuilder ignores variables if they are used multiple times * go#77849 cmd/fix,x/tools/go/analysis/passes/modernize: stringscut rewrite changes behavior * go#77860 cmd/go: change go mod init default go directive back to 1.N * go#77899 cmd/fix, x/tools/go/analysis/passes/modernize: bad rangeint rewriting * go#77904 x/tools/go/analysis/passes/modernize: stringsbuilder breaks code when GenDecl is a block declaration go1.26.0 (released 2026-02-10) is a major release of Go. go1.26.x minor releases will be provided through February 2027. https://github.com/golang/go/wiki/Go-Release-Cycle go1.26 arrives six months after Go 1.25. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. (boo#1255111) * Language change: The built-in new function, which creates a new variable, now allows its operand to be an expression, specifying the initial value of the variable. * Language change: The restriction that a generic type may not refer to itself in its type parameter list has been lifted. It is now possible to specify type constraints that refer to the generic type being constrained. * go command: The venerable go fix command has been completely revamped and is now the home of Go’s modernizers. It provides a dependable, push-button way to update Go code bases to the latest idioms and core library APIs. The initial suite of modernizers includes dozens of fixers to make use of modern features of the Go language and library, as well a source-level inliner that allows users to automate their own API migrations using //go:fix inline directives. These fixers should not change the behavior of your program, so if you encounter any issues with a fix performed by go fix, please report it. * go command: The rewritten go fix command builds atop the exact same Go analysis framework as go vet. This means the same analyzers that provide diagnostics in go vet can be used to suggest and apply fixes in go fix. The go fix command’s historical fixers, all of which were obsolete, have been removed. * go command: Two upcoming Go blog posts will go into more detail on modernizers, the inliner, and how to get the most out of go fix. * go command: go mod init now defaults to a lower go version in new go.mod files. Running go mod init using a toolchain of version 1.N.X will create a go.mod file specifying the Go version go 1.(N-1).0. Pre-release versions of 1.N will create go.mod files specifying go 1.(N-2).0. For example, the Go 1.26 release candidates will create go.mod files with go 1.24.0, and Go 1.26 and its minor releases will create go.mod files with go 1.25.0. This is intended to encourage the creation of modules that are compatible with currently supported versions of Go. For additional control over the go version in new modules, go mod init can be followed up with go get go@version. * go command: cmd/doc, and go tool doc have been deleted. go doc can be used as a replacement for go tool doc: it takes the same flags and arguments and has the same behavior. * pprof: The pprof tool web UI, enabled with the -http flag, now defaults to the flame graph view. The previous graph view is available in the “View -> Graph” menu, or via /ui/graph. * Runtime: The new Green Tea garbage collector, previously available as an experiment in Go 1.25, is now enabled by default after incorporating feedback. This garbage collector’s design improves the performance of marking and scanning small objects through better locality and CPU scalability. Benchmark results vary, but we expect somewhere between a 10–40% reduction in garbage collection overhead in real-world programs that heavily use the garbage collector. Further improvements, on the order of 10% in garbage collection overhead, are expected when running on newer amd64-based CPU platforms (Intel Ice Lake or AMD Zen 4 and newer), as the garbage collector now leverages vector instructions for scanning small objects when possible. The new garbage collector may be disabled by setting GOEXPERIMENT=nogreenteagc at build time. This opt-out setting is expected to be removed in Go 1.27. If you disable the new garbage collector for any reason related to its performance or behavior, please file an issue. * Runtime: cgo: The baseline runtime overhead of cgo calls has been reduced by ~30%. * Runtime: Heap base address randomization: On 64-bit platforms, the runtime now randomizes the heap base address at startup. This is a security enhancement that makes it harder for attackers to predict memory addresses and exploit vulnerabilities when using cgo. This feature may be disabled by setting GOEXPERIMENT=norandomizedheapbase64 at build time. This opt-out setting is expected to be removed in a future Go release. * Runtime: Experimental goroutine leak profile: A new profile type that reports leaked goroutines is now available as an experiment. The new profile type, named goroutineleak in the runtime/pprof package, may be enabled by setting GOEXPERIMENT=goroutineleakprofile at build time. Enabling the experiment also makes the profile available as a net/http/pprof endpoint, /debug/pprof/goroutineleak. A leaked goroutine is a goroutine blocked on some concurrency primitive (channels, sync.Mutex, sync.Cond, etc) that cannot possibly become unblocked. The runtime detects leaked goroutines using the garbage collector: if a goroutine G is blocked on concurrency primitive P, and P is unreachable from any runnable goroutine or any goroutine that those could unblock, then P cannot be unblocked, so goroutine G can never wake up. While it is impossible to detect permanently blocked goroutines in all cases, this approach detects a large class of such leaks. Because this technique builds on reachability, the runtime may fail to identify leaks caused by blocking on concurrency primitives reachable through global variables or the local variables of runnable goroutines. Special thanks to Vlad Saioc at Uber for contributing this work. The underlying theory is presented in detail in a publication by Saioc et al. The implementation is production-ready, and is only considered an experiment for the purposes of collecting feedback on the API, specifically the choice to make it a new profile. The feature is also designed to not incur any additional run-time overhead unless it is actively in-use. We encourage users to try out the new feature in the Go playground, in tests, in continuous integration, and in production. We welcome additional feedback on the proposal issue. We aim to enable goroutine leak profiles by default in Go 1.27. * Compiler: The compiler can now allocate the backing store for slices on the stack in more situations, which improves performance. If this change is causing trouble, the bisect tool can be used to find the allocation causing trouble using the -compile=variablemake flag. All such new stack allocations can also be turned off using -gcflags=all=-d=variablemakehash=n. If you encounter issues with this optimization, please file an issue. * Linker: On 64-bit ARM-based Windows (the windows/arm64 port), the linker now supports internal linking mode of cgo programs, which can be requested with the -ldflags=-linkmode=internal flag. * Linker: There are several minor changes to executable files. These changes do not affect running Go programs. They may affect programs that analyze Go executables, and they may affect people who use external linking mode with custom linker scripts. * Linker: The moduledata structure is now in its own section, named .go.module. * Linker: The moduledata cutab field, which is a slice, now has the correct length; previously the length was four times too large. * Linker: The pcHeader found at the start of the .gopclntab section no longer records the start of the text section. That field is now always zero. * Linker: That pcHeader change was made so that the .gopclntab section no longer contains any relocations. On platforms that support relro, the section has moved from the relro segment to the rodata segment. * Linker: The funcdata symbols and the findfunctab have moved from the .rodata section to the .gopclntab section. * Linker: The .gosymtab section has been removed. It was previously always present but empty. * Linker: When using internal linking, ELF sections now appear in the section header list sorted by address. The previous order was somewhat unpredictable. * Linker: The references to section names here use the ELF names as seen on Linux and other systems. The Mach-O names as seen on Darwin start with a double underscore and do not contain any dots. * Bootstrap: As mentioned in the Go 1.24 release notes, Go 1.26 now requires Go 1.24.6 or later for bootstrap. We expect that Go 1.28 will require a minor release of Go 1.26 or later for bootstrap. * Standard Library: New crypto/hpke package: The new crypto/hpke package implements Hybrid Public Key Encryption (HPKE) as specified in RFC 9180, including support for post-quantum hybrid KEMs. * Standard Library: New experimental simd/archsimd package: Go 1.26 introduces a new experimental simd/archsimd package, which can be enabled by setting the environment variable GOEXPERIMENT=simd at build time. This package provides access to architecture-specific SIMD operations. It is currently available on the amd64 architecture and supports 128-bit, 256-bit, and 512-bit vector types, such as Int8x16 and Float64x8, with operations such as Int8x16.Add. The API is not yet considered stable. We intend to provide support for other architectures in future versions, but the API intentionally architecture-specific and thus non-portable. In addition, we plan to develop a high-level portable SIMD package in the future. * Standard Library: New experimental runtime/secret package: The new runtime/secret package is available as an experiment, which can be enabled by setting the environment variable GOEXPERIMENT=runtimesecret at build time. It provides a facility for securely erasing temporaries used in code that manipulates secret information—typically cryptographic in nature—such as registers, stack, new heap allocations. This package is intended to make it easier to ensure forward secrecy. It currently supports the amd64 and arm64 architectures on Linux. * bytes: The new Buffer.Peek method returns the next n bytes from the buffer without advancing it. * crypto: The new Encapsulator and Decapsulator interfaces allow accepting abstract KEM encapsulation or decapsulation keys. * crypto/dsa: The random parameter to GenerateKey is now ignored. Instead, it now always uses a secure source of cryptographically random bytes. For deterministic testing, use the new testing/cryptotest.SetGlobalRandom function. The new GODEBUG setting cryptocustomrand=1 temporarily restores the old behavior. * crypto/ecdh: The random parameter to Curve.GenerateKey is now ignored. Instead, it now always uses a secure source of cryptographically random bytes. For deterministic testing, use the new testing/cryptotest.SetGlobalRandom function. The new GODEBUG setting cryptocustomrand=1 temporarily restores the old behavior. The new KeyExchanger interface, implemented by PrivateKey, makes it possible to accept abstract ECDH private keys, e.g. those implemented in hardware. * crypto/ecdsa: The big.Int fields of PublicKey and PrivateKey are now deprecated. The random parameter to GenerateKey, SignASN1, Sign, and PrivateKey.Sign is now ignored. Instead, they now always use a secure source of cryptographically random bytes. For deterministic testing, use the new testing/cryptotest.SetGlobalRandom function. The new GODEBUG setting cryptocustomrand=1 temporarily restores the old behavior. * crypto/ed25519: If the random parameter to GenerateKey is nil, GenerateKey now always uses a secure source of cryptographically random bytes, instead of crypto/rand.Reader (which could have been overridden). The new GODEBUG setting cryptocustomrand=1 temporarily restores the old behavior. * crypto/fips140: The new WithoutEnforcement and Enforced functions now allow running in GODEBUG=fips140=only mode while selectively disabling the strict FIPS 140-3 checks. Version returns the resolved FIPS 140-3 Go Cryptographic Module version when building against a frozen module with GOFIPS140. * crypto/mlkem: The new DecapsulationKey768.Encapsulator and DecapsulationKey1024.Encapsulator methods implement the new crypto.Decapsulator interface. * crypto/mlkem/mlkemtest: The new crypto/mlkem/mlkemtest package exposes the Encapsulate768 and Encapsulate1024 functions which implement derandomized ML-KEM encapsulation, for use with known-answer tests. * crypto/rand: The random parameter to Prime is now ignored. Instead, it now always uses a secure source of cryptographically random bytes. For deterministic testing, use the new testing/cryptotest.SetGlobalRandom function. The new GODEBUG setting cryptocustomrand=1 temporarily restores the old behavior. * crypto/rsa: The new EncryptOAEPWithOptions function allows specifying different hash functions for OAEP padding and MGF1 mask generation. * crypto/rsa: The random parameter to GenerateKey, GenerateMultiPrimeKey, and EncryptPKCS1v15 is now ignored. Instead, they now always use a secure source of cryptographically random bytes. For deterministic testing, use the new testing/cryptotest.SetGlobalRandom function. The new GODEBUG setting cryptocustomrand=1 temporarily restores the old behavior. * crypto/rsa: If PrivateKey fields are modified after calling PrivateKey.Precompute, PrivateKey.Validate now fails. * crypto/rsa: PrivateKey.D is now checked for consistency with precomputed values, even if it is not used. * crypto/rsa: Unsafe PKCS #1 v1.5 encryption padding (implemented by EncryptPKCS1v15, DecryptPKCS1v15, and DecryptPKCS1v15SessionKey) is now deprecated. * crypto/subtle: The WithDataIndependentTiming function no longer locks the calling goroutine to the OS thread while executing the passed function. Additionally, any goroutines which are spawned during the execution of the passed function and their descendants now inherit the properties of WithDataIndependentTiming for their lifetime. This change also affects cgo in the following ways: * crypto/subtle: Any C code called via cgo from within the function passed to WithDataIndependentTiming, or from a goroutine spawned by the function passed to WithDataIndependentTiming and its descendants, will also have data independent timing enabled for the duration of the call. If the C code disables data independent timing, it will be re-enabled on return to Go. * crypto/subtle: If C code called via cgo, from the function passed to WithDataIndependentTiming or elsewhere, enables or disables data independent timing then calling into Go will preserve that state for the duration of the call. * crypto/tls: The hybrid SecP256r1MLKEM768 and SecP384r1MLKEM1024 post-quantum key exchanges are now enabled by default. They can be disabled by setting Config.CurvePreferences or with the tlssecpmlkem=0 GODEBUG setting. * crypto/tls: The new ClientHelloInfo.HelloRetryRequest field indicates if the ClientHello was sent in response to a HelloRetryRequest message. The new ConnectionState.HelloRetryRequest field indicates if the server sent a HelloRetryRequest, or if the client received a HelloRetryRequest, depending on connection role. * crypto/tls: The QUICConn type used by QUIC implementations includes a new event for reporting TLS handshake errors. * crypto/tls: If Certificate.PrivateKey implements crypto.MessageSigner, its SignMessage method is used instead of Sign in TLS 1.2 and later. * crypto/tls: The following GODEBUG settings introduced in Go 1.22 and Go 1.23 will be removed in the next major Go release. Starting in Go 1.27, the new behavior will apply regardless of GODEBUG setting or go.mod language version. * crypto/tls: GODEBUG tlsunsafeekm: ConnectionState.ExportKeyingMaterial will require TLS 1.3 or Extended Master Secret. * crypto/tls: GODEBUG tlsrsakex: legacy RSA-only key exchanges without ECDH won’t be enabled by default. * crypto/tls: GODEBUG tls10server: the default minimum TLS version for both clients and servers will be TLS 1.2. * crypto/tls: GODEBUG tls3des: the default cipher suites will not include 3DES. * crypto/tls: GODEBUG x509keypairleaf: X509KeyPair and LoadX509KeyPair will always populate the Certificate.Leaf field. * crypto/x509: The ExtKeyUsage and KeyUsage types now have String methods that return the corresponding OID names as defined in RFC 5280 and other registries. * crypto/x509: The ExtKeyUsage type now has an OID method that returns the corresponding OID for the EKU. * crypto/x509: The new OIDFromASN1OID function allows converting an encoding/asn1.ObjectIdentifier into an OID. * debug/elf: Additional R_LARCH_* constants from LoongArch ELF psABI v20250521 (global version v2.40) are defined for use with LoongArch systems. * errors: The new AsType function is a generic version of As. It is type-safe, faster, and, in most cases, easier to use. * fmt: For unformatted strings, fmt.Errorf("x") now allocates less and generally matches the allocations for errors.New("x"). * go/ast: The new ParseDirective function parses directive comments, which are comments such as //go:generate. Source code tools can support their own directive comments and this new API should help them implement the conventional syntax. * go/ast: The new BasicLit.ValueEnd field records the precise end position of a literal so that the BasicLit.End method can now always return the correct answer. (Previously it was computed using a heuristic that was incorrect for multi-line raw string literals in Windows source files, due to removal of carriage returns.) * go/ast: Programs that update the ValuePos field of BasicLits produced by the parser may need to also update or clear the ValueEnd field to avoid minor differences in formatted output. * go/token: The new File.End convenience method returns the file’s end position. * go/types: The gotypesalias GODEBUG setting introduced in Go 1.22 will be removed in the next major Go release. Starting in Go 1.27, the go/types package will always produce an Alias type for the representation of type aliases regardless of GODEBUG setting or go.mod language version. * image/jpeg: The JPEG encoder and decoder have been replaced with new, faster, more accurate implementations. Code that expects specific bit-for-bit outputs from the encoder or decoder may need to be updated. * io: ReadAll now allocates less intermediate memory and returns a minimally sized final slice. It is often about two times faster while typically allocating around half as much total memory, with more benefit for larger inputs. * log/slog: The NewMultiHandler function creates a MultiHandler that invokes all the given Handlers. Its Enabled method reports whether any of the handlers’ Enabled methods return true. Its Handle, WithAttrs and WithGroup methods call the corresponding method on each of the enabled handlers. * net: The new Dialer methods DialIP, DialTCP, DialUDP, and DialUnix permit dialing specific network types with context values. * net/http: The new HTTP2Config.StrictMaxConcurrentRequests field controls whether a new connection should be opened if an existing HTTP/2 connection has exceeded its stream limit. * net/http: The new Transport.NewClientConn method returns a client connection to an HTTP server. Most users should continue to use Transport.RoundTrip to make requests, which manages a pool of connections. NewClientConn is useful for users who need to implement their own connection management. * net/http: Client now uses and sets cookies scoped to URLs with the host portion matching Request.Host when available. Previously, the connection address host was always used. * net/http/httptest: The HTTP client returned by Server.Client will now redirect requests for example.com and any subdomains to the server being tested. * net/http/httputil: The ReverseProxy.Director configuration field is deprecated in favor of ReverseProxy.Rewrite. * net/http/httputil: A malicious client can remove headers added by a Director function by designating those headers as hop-by-hop. Since there is no way to address this problem within the scope of the Director API, we added a new Rewrite hook in Go 1.20. Rewrite hooks are provided with both the unmodified inbound request received by the proxy and the outbound request which will be sent by the proxy. Since the Director hook is fundamentally unsafe, we are now deprecating it. * net/netip: The new Prefix.Compare method compares two prefixes. * net/url: Parse now rejects malformed URLs containing colons in the host subcomponent, such as http://::1/ or http://localhost:80:80/. URLs containing bracketed IPv6 addresses, such as http://[::1]/ are still accepted. The new GODEBUG setting urlstrictcolons=0 restores the old behavior. * os: The new Process.WithHandle method provides access to an internal process handle on supported platforms (pidfd on Linux 5.4 or later, Handle on Windows). * os: On Windows, the OpenFile flag parameter can now contain any combination of Windows-specific file flags, such as FILE_FLAG_OVERLAPPED and FILE_FLAG_SEQUENTIAL_SCAN, for control of file or device caching behavior, access modes, and other special-purpose flags. * os/signal: NotifyContext now cancels the returned context with context.CancelCauseFunc and an error indicating which signal was received. * reflect: The new methods Type.Fields, Type.Methods, Type.Ins and Type.Outs return iterators for a type’s fields (for a struct type), methods, inputs and outputs parameters (for a function type), respectively. Similarly, the new methods Value.Fields and Value.Methods return iterators over a value’s fields or methods, respectively. Each iteration yields the type information (StructField or Method) of a field or method, along with the field or method Value. * runtime/metrics: Several new scheduler metrics have been added, including counts of goroutines in various states (waiting, runnable, etc.) under the /sched/goroutines prefix, the number of OS threads the runtime is aware of with /sched/threads:threads, and the total number of goroutines created by the program with /sched/goroutines-created:goroutines. * testing: The new methods T.ArtifactDir, B.ArtifactDir, and F.ArtifactDir return a directory in which to write test output files (artifacts). * testing: When the -artifacts flag is provided to go test, this directory will be located under the output directory (specified with -outputdir, or the current directory by default). Otherwise, artifacts are stored in a temporary directory which is removed after the test completes. * testing: The first call to ArtifactDir when -artifacts is provided writes the location of the directory to the test log. * testing: The B.Loop method no longer prevents inlining in the loop body, which could lead to unanticipated allocation and slower benchmarks. With this fix, we expect that all benchmarks can be converted from the old B.N style to the new B.Loop style with no ill effects. Within the body of a for b.Loop() { ... } loop, function call parameters, results, and assigned variables are still kept alive, preventing the compiler from optimizing away entire parts of the benchmark. * testing/cryptotest: The new SetGlobalRandom function configures a global, deterministic cryptographic randomness source for the duration of the test. It affects crypto/rand, and all implicit sources of cryptographic randomness in the crypto/... packages. * time: The asynctimerchan GODEBUG setting introduced in Go 1.23 will be removed in the next major Go release. Starting in Go 1.27, the time package will always use unbuffered (synchronous) channels for timers regardless of GODEBUG setting or go.mod language version. * Ports: Darwin: Go 1.26 is the last release that will run on macOS 12 Monterey. Go 1.27 will require macOS 13 Ventura or later. * Ports: FreeBSD: The freebsd/riscv64 port (GOOS=freebsd GOARCH=riscv64) has been marked broken. See issue 76475 for details. * Ports: Windows: As announced in the Go 1.25 release notes, the broken 32-bit windows/arm port (GOOS=windows GOARCH=arm) has been removed. * Ports: PowerPC: Go 1.26 is the last release that supports the ELFv1 ABI on the big-endian 64-bit PowerPC port on Linux (GOOS=linux GOARCH=ppc64). It will switch to the ELFv2 ABI in Go 1.27. As the port does not currently support linking against other ELF objects, we expect this change to be transparent to users. * Ports: RISC-V: The linux/riscv64 port now supports the race detector. * Ports: S390X: The s390x port now supports passing function arguments and results using registers. * Ports: WebAssembly: The compiler now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions. These features have been standardized since at least Wasm 2.0. The corresponding GOWASM settings, signext and satconv, are now ignored. * Ports: WebAssembly: For WebAssembly applications, the runtime now manages chunks of heap memory in much smaller increments, leading to significantly reduced memory usage for applications with heaps less than around 16 MiB in size. go1.26-1.26.1-160000.1.1.aarch64.rpm go1.26-doc-1.26.1-160000.1.1.aarch64.rpm go1.26-libstd-1.26.1-160000.1.1.aarch64.rpm go1.26-race-1.26.1-160000.1.1.aarch64.rpm go1.26-1.26.1-160000.1.1.ppc64le.rpm go1.26-doc-1.26.1-160000.1.1.ppc64le.rpm go1.26-race-1.26.1-160000.1.1.ppc64le.rpm go1.26-1.26.1-160000.1.1.s390x.rpm go1.26-doc-1.26.1-160000.1.1.s390x.rpm go1.26-race-1.26.1-160000.1.1.s390x.rpm go1.26-1.26.1-160000.1.1.x86_64.rpm go1.26-doc-1.26.1-160000.1.1.x86_64.rpm go1.26-libstd-1.26.1-160000.1.1.x86_64.rpm go1.26-race-1.26.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-372 Recommended update for ipw-firmware important SUSE SLFO 1.2 This update for ipw-firmware fixes the following issues: - mark LICENSE.ipw2x00 as %license (bsc#1252153) ipw-firmware-9-160000.4.1.noarch.rpm openSUSE-Leap-16.0-373 Recommended update for aws-nitro-enclaves-cli moderate SUSE SLFO 1.2 This update for aws-nitro-enclaves-cli fixes the following issues: - Add header from kernel configs to blobs to fix image builds (bsc#1250573) - Fix group in udev rule (bsc#1250566) - Automatically load kernel module when allocator service is started (bsc#1250567) - Update to version 1.4.3 aws-nitro-enclaves-binaryblobs-upstream-1.4.3~git0.82501bb-160000.1.1.aarch64.rpm aws-nitro-enclaves-cli-1.4.3~git0.82501bb-160000.1.1.aarch64.rpm system-group-ne-1.4.3~git0.82501bb-160000.1.1.aarch64.rpm aws-nitro-enclaves-binaryblobs-upstream-1.4.3~git0.82501bb-160000.1.1.x86_64.rpm aws-nitro-enclaves-cli-1.4.3~git0.82501bb-160000.1.1.x86_64.rpm system-group-ne-1.4.3~git0.82501bb-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-374 Security update for tomcat important SUSE SLFO 1.2 This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371). - CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385). - CVE-2026-24734: certificate revocation bypass due to incomplete OCSP verification checks (bsc#1258387). * Catalina + Fix: 69623: Additional fix for the long standing regression that meant that calls to ClassLoader.getResource().getContent() failed when made from within a web application with resource caching enabled if the target resource was packaged in a JAR file. (markt) + Fix: Pull request #923: Avoid adding multiple CSRF tokens to a URL in the CsrfPreventionFilter. (schultz) + Fix: 69918: Ensure request parameters are correctly parsed for HTTP/2 requests when the content-length header is not set. (dsoumis) + Update: Update the minimum and recommended versions for Tomcat Native to 1.3.4. (markt) + Add: Add a new ssoReauthenticationMode to the Tomcat provided Authenticators that provides a per Authenticator override of the SSO Valve requireReauthentication attribute. (markt) + Fix: Ensure URL encoding errors in the Rewrite Valve trigger an exception rather than silently using a replacement character. (markt) + Fix: 69871: Increase log level to INFO for missing configuration for the rewrite valve. (remm) + Fix: Add log warnings for additional Host appBase suspicious values. (remm) + Fix: Remove hard dependency on tomcat-jni.jar for catalina.jar. org.apache.catalina.Connector no longer requires org.apache.tomcat.jni.AprStatus to be present. (markt) + Add: Add the ability to use a custom function to generate the client identifier in the CrawlerSessionManagerValve. This is only available programmatically. Pull request #902 by Brian Matzon. (markt) + Fix: Change the SSO reauthentication behaviour for SPNEGO authentication so that a normal SPNEGO authentication is performed if the SSL Valve is configured with reauthentication enabled. This is so that the delegated credentials will be available to the web application. (markt) + Fix: When generating the class path in the Loader, re-order the check on individual class path components to avoid a potential NullPointerException. Identified by Coverity Scan. (markt) + Fix: Fix SSL socket factory configuration in the JNDI realm. Based on pull request #915 by Joshua Rogers. (remm) + Update: Add an attribute, digestInRfc3112Order, to MessageDigestCredentialHandler to control the order in which the credential and salt are digested. By default, the current, non-RFC 3112 compliant, order of salt then credential will be used. This default will change in Tomcat 12 to the RFC 3112 compliant order of credential then salt. (markt) * Cluster + Add: 62814: Document that human-readable names maybe used for mapSendOptions and align documentation with channelSendOptions. Based on pull request #929 by archan0621. (markt) * Clustering + Fix: Correct a regression introduced in 9.0.109 that broke some clustering configurations. (markt) * Coyote + Fix: Prevent concurrent release of OpenSSLEngine resources and the termination of the Tomcat Native library as it can cause crashes during Tomcat shutdown. (markt) + Fix: Avoid possible NPEs when using a TLS enabled custom connector. (remm) + Fix: Improve warnings when setting ciphers lists in the FFM code, mirroring the tomcat-native changes. (remm) + Fix: 69910: Dereference TLS objects right after closing a socket to improve memory efficiency. (remm) + Fix: Relax the JSSE vs OpenSSL configuration style checks on SSLHostConfig to reflect the existing implementation that allows one configuration style to be used for the trust attributes and a different style for all the other attributes. (markt) + Fix: Better warning message when OpenSSLConf configuration elements are used with a JSSE TLS implementation. (markt) + Fix: When using OpenSSL via FFM, don't log a warning about missing CA certificates unless CA certificates were configured and the configuration failed. (markt) + Add: For configuration consistency between OpenSSL and JSSE TLS implementations, TLSv1.3 cipher suites included in the ciphers attribute of an SSLHostConfig are now always ignored (previously they would be ignored with OpenSSL implementations and used with JSSE implementations) and a warning is logged that the cipher suite has been ignored. (markt) + Add: Add the ciphersuite attribute to SSLHostConfig to configure the TLSv1.3 cipher suites. (markt) + Add: Add OCSP support to JSSE based TLS connectors and make the use of OCSP configurable per connector for both JSSE and OpenSSL based TLS implementations. Align the checks performed by OpenSSL with those performed by JSSE. (markt) + Add: Add support for soft failure of OCSP checks with soft failure support disabled by default. (markt) + Add: Add support for configuring the verification flags passed to OCSP_basic_verify when using an OpenSSL based TLS implementation. (markt) + Fix: Fix OpenSSL FFM code compatibility with LibreSSL versions below 3.5. + Fix: Don't log an incorrect certificate KeyStore location when creating a TLS connector if the KeyStore instance has been set directly on the connector. (markt) + Fix: HTTP/0.9 only allows GET as the HTTP method. (remm) + Add: Add strictSni attribute on the Connector to allow matching the SSLHostConfig configuration associated with the SNI host name to the SSLHostConfig configuration matched from the HTTP protocol host name. Non matching configurations will cause the request to be rejected. The attribute default value is true, enabling the matching. (remm) + Fix: Graceful failure for OCSP on BoringSSL in the FFM code. (remm) + Fix: 69866: Fix a memory leak when using a trust store with the OpenSSL provider. Pull request #912 by aogburn. (markt) + Fix: Fix AJP message length check. Pull request #916 by Joshua Rogers. * Jasper + Fix: 69333: Correct a regression in the previous fix for 69333 and ensure that reuse() or release() is always called for a tag. (markt) + Fix: 69877: Catch IllegalArgumentException when processing URIs when creating the classpath to handle invalid URIs. (remm) + Fix: Fix populating the classpath with the webapp classloader repositories. (remm) + Fix: 69862: Avoid NPE unwrapping Servlet exception which would hide some exception details. Patch submitted by Eric Blanquer. (remm) * Jdbc-pool + Fix: 64083: If the underlying connection has been closed, don't add it to the pool when it is returned. Pull request #235 by Alex Panchenko. (markt) * Web applications + Fix: Manager: Fix abrupt truncation of the HTML and JSON complete server status output if one or more of the web applications failed to start. (schultz) + Add: Manager: Include web application state in the HTML and JSON complete server status output. (markt) + Add: Documentation: Expand the documentation to better explain when OCSP is supported and when it is not. (markt) * Websocket + Fix: 69920: When attempting to write to a closed Writer or OutputStream obtained from a WebSocket session, throw an IOException rather than an IllegalStateExcpetion as required by Writer and strongly suggested by OutputStream. (markt) * Other + Add: Add property "gpg.sign.files" to optionally disable release artefact signing with GPG. (rjung) + Add: Add test.silent property to suppress JUnit console output during test execution. Useful for cleaner console output when running tests with multiple threads. (csutherl) + Update: Update the internal fork of Commons Pool to 2.13.1. (markt) + Update: Update the internal fork of Commons DBCP to 2.14.0. (markt) + Update: Update Commons Daemon to 1.5.1. (markt) + Update: Update ByteBuddy to 1.18.3. (markt) + Update: Update UnboundID to 7.0.4. (markt) + Update: Update Checkstyle to 12.3.1. (markt) + Add: Improvements to French translations. (markt) + Add: Improvements to Japanese translations provided by tak7iji. (markt) + Add: Improvements to Chinese translations provided by Yang. vincent.h and yong hu. (markt) + Update: Update Tomcat Native to 1.3.5. (markt) + Add: Add test profile system for selective test execution. Profiles can be specified via -Dtest.profile=<name> to run specific test subsets without using patterns directly. Profile patterns are defined in test-profiles.properties. (csutherl) + Update: Update file extension to media type mappings to align with the current list used by the Apache Web Server (httpd). (markt) + Update: Update Commons Daemon to 1.5.0. (markt) + Update: Update Byte Buddy to 1.18.2. (markt) + Update: Update Checkstyle to 12.2.0. (markt) + Add: Improvements to Spanish translations provided by White Vogel. (markt) + Add: Improvements to French translations. (remm) + Update: Update the internal fork of Apache Commons BCEL to 6.11.0. (markt) + Update: Update to Byte Buddy 1.17.8. (markt) + Update: Update to Checkstyle 12.1.1. (markt) + Update: Update to Jacoco 0.8.14. (markt) + Update: Update to SpotBugs 4.9.8. (markt) + Update: Update to JSign 7.4. (markt) + Update: Update Maven Resolver Ant Tasks to 1.6.0. (rjung) tomcat-9.0.115-160000.1.1.noarch.rpm tomcat-admin-webapps-9.0.115-160000.1.1.noarch.rpm tomcat-docs-webapp-9.0.115-160000.1.1.noarch.rpm tomcat-el-3_0-api-9.0.115-160000.1.1.noarch.rpm tomcat-embed-9.0.115-160000.1.1.noarch.rpm tomcat-javadoc-9.0.115-160000.1.1.noarch.rpm tomcat-jsp-2_3-api-9.0.115-160000.1.1.noarch.rpm tomcat-jsvc-9.0.115-160000.1.1.noarch.rpm tomcat-lib-9.0.115-160000.1.1.noarch.rpm tomcat-servlet-4_0-api-9.0.115-160000.1.1.noarch.rpm tomcat-webapps-9.0.115-160000.1.1.noarch.rpm openSUSE-Leap-16.0-375 Security update for amazon-ssm-agent important SUSE SLFO 1.2 This update for amazon-ssm-agent fixes the following issues: - CVE-2025-47913: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253611). amazon-ssm-agent-3.3.2299.0-160000.3.1.aarch64.rpm amazon-ssm-agent-3.3.2299.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-376 Recommended update for nvidia-open-driver-G06-signed moderate SUSE SLFO 1.2 This update for nvidia-open-driver-G06-signed fixes the following issues: - updated CUDA variant to version 580.126.20 - update non-CUDA variant to version 580.126.18 (bsc#1258154) - fixes build against kernel 6.19 - fix build and adjusted it to sle15-sp5 kernel nvidia-open-driver-G06-signed-64kb-devel-580.126.18-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-check-580.126.18-160000.1.1.noarch.rpm nvidia-open-driver-G06-signed-default-devel-580.126.18-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-kmp-64kb-580.126.18_k6.12.0_160000.26-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-kmp-default-580.126.18_k6.12.0_160000.26-160000.1.1.aarch64.rpm nv-prefer-signed-open-driver-580.126.20-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-cuda-64kb-devel-580.126.20-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-cuda-check-580.126.20-160000.1.1.noarch.rpm nvidia-open-driver-G06-signed-cuda-default-devel-580.126.20-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-cuda-kmp-64kb-580.126.20_k6.12.0_160000.26-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-cuda-kmp-default-580.126.20_k6.12.0_160000.26-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-default-devel-580.126.18-160000.1.1.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-580.126.18_k6.12.0_160000.26-160000.1.1.x86_64.rpm nv-prefer-signed-open-driver-580.126.20-160000.1.1.x86_64.rpm nvidia-open-driver-G06-signed-cuda-default-devel-580.126.20-160000.1.1.x86_64.rpm nvidia-open-driver-G06-signed-cuda-kmp-default-580.126.20_k6.12.0_160000.26-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-377 Recommended update for rust1.93 important SUSE SLFO 1.2 This update for rust1.93 fixes the following issues: - Resolve missing gcc requirement that may affect some crate building (bsc#1253321) cargo1.93-1.93.0-160000.2.1.aarch64.rpm rust1.93-1.93.0-160000.2.1.aarch64.rpm rust1.93-src-1.93.0-160000.2.1.noarch.rpm cargo1.93-1.93.0-160000.2.1.ppc64le.rpm rust1.93-1.93.0-160000.2.1.ppc64le.rpm cargo1.93-1.93.0-160000.2.1.s390x.rpm rust1.93-1.93.0-160000.2.1.s390x.rpm cargo1.93-1.93.0-160000.2.1.x86_64.rpm rust1.93-1.93.0-160000.2.1.x86_64.rpm openSUSE-Leap-16.0-378 Security update for libsoup2 important SUSE SLFO 1.2 This update for libsoup2 fixes the following issues: - CVE-2025-4476: null pointer dereference may lead to denial of service (bsc#1243422). - CVE-2025-14523: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (bsc#1254876). - CVE-2025-32049: Denial of Service attack to websocket server (bsc#1240751). - CVE-2026-0716: improper bounds handling may allow out-of-bounds read (bsc#1256418). - CVE-2026-0719: stack-based buffer overflow in NTLM authentication can lead to arbitrary code execution (bsc#1256399). - CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests (bsc#1257398). - CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects (bsc#1257441). - CVE-2026-1760: improper handling of HTTP requests combining certain headers by SoupServer can lead to HTTP request smuggling and potential DoS (bsc#1257597). - CVE-2026-2369: Buffer overread due to integer underflow when handling zero-length resources (bsc#1258120). - CVE-2026-2443: out-of-bounds read when processing specially crafted HTTP Range headers can lead to heap information disclosure to remote attackers (bsc#1258170). - CVE-2026-2708: HTTP request smuggling via duplicate Content-Length headers (bsc#1258508). libsoup-2_4-1-2.74.3-160000.4.1.aarch64.rpm libsoup2-devel-2.74.3-160000.4.1.aarch64.rpm libsoup2-lang-2.74.3-160000.4.1.noarch.rpm typelib-1_0-Soup-2_4-2.74.3-160000.4.1.aarch64.rpm libsoup-2_4-1-2.74.3-160000.4.1.ppc64le.rpm libsoup2-devel-2.74.3-160000.4.1.ppc64le.rpm typelib-1_0-Soup-2_4-2.74.3-160000.4.1.ppc64le.rpm libsoup-2_4-1-2.74.3-160000.4.1.s390x.rpm libsoup2-devel-2.74.3-160000.4.1.s390x.rpm typelib-1_0-Soup-2_4-2.74.3-160000.4.1.s390x.rpm libsoup-2_4-1-2.74.3-160000.4.1.x86_64.rpm libsoup2-devel-2.74.3-160000.4.1.x86_64.rpm typelib-1_0-Soup-2_4-2.74.3-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-379 Recommended update for libwmf moderate SUSE SLFO 1.2 This update for libwmf fixes the following issues: - Remove unused BuildRequires: update-desktop-files (jsc#PED-15225, jsc#PED-14507) libwmf-0_2-7-0.2.13-160000.4.1.aarch64.rpm libwmf-devel-0.2.13-160000.4.1.aarch64.rpm libwmf-gnome-0.2.13-160000.4.1.aarch64.rpm libwmf-tools-0.2.13-160000.4.1.aarch64.rpm libwmf-0_2-7-0.2.13-160000.4.1.ppc64le.rpm libwmf-devel-0.2.13-160000.4.1.ppc64le.rpm libwmf-gnome-0.2.13-160000.4.1.ppc64le.rpm libwmf-tools-0.2.13-160000.4.1.ppc64le.rpm libwmf-0_2-7-0.2.13-160000.4.1.s390x.rpm libwmf-devel-0.2.13-160000.4.1.s390x.rpm libwmf-gnome-0.2.13-160000.4.1.s390x.rpm libwmf-tools-0.2.13-160000.4.1.s390x.rpm libwmf-0_2-7-0.2.13-160000.4.1.x86_64.rpm libwmf-devel-0.2.13-160000.4.1.x86_64.rpm libwmf-gnome-0.2.13-160000.4.1.x86_64.rpm libwmf-tools-0.2.13-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-38 Recommended update for powerpc-utils important SUSE SLFO 1.2 This update for powerpc-utils fixes the following issues: - Fix psize reporting on a CPU pool (bsc#1252108) - Start SMT service after networking (bsc#1249152) powerpc-utils-1.3.13-160000.3.1.ppc64le.rpm openSUSE-Leap-16.0-380 Recommended update for sendmail moderate SUSE SLFO 1.2 This update for sendmail fixes the following issues: - Correct group permission of /var/spool/clientmqueue to make sendmail work again (bsc#1255437) - Support Immutable Mode (jsc#PED-14688): * Note that still sendmail is not part of SLES-16 and above libmilter-doc-8.18.1-160000.3.1.noarch.rpm libmilter1_0-8.18.1-160000.3.1.aarch64.rpm rmail-8.18.1-160000.3.1.aarch64.rpm sendmail-8.18.1-160000.3.1.aarch64.rpm sendmail-devel-8.18.1-160000.3.1.aarch64.rpm sendmail-starttls-8.18.1-160000.3.1.noarch.rpm libmilter1_0-8.18.1-160000.3.1.ppc64le.rpm rmail-8.18.1-160000.3.1.ppc64le.rpm sendmail-8.18.1-160000.3.1.ppc64le.rpm sendmail-devel-8.18.1-160000.3.1.ppc64le.rpm libmilter1_0-8.18.1-160000.3.1.s390x.rpm rmail-8.18.1-160000.3.1.s390x.rpm sendmail-8.18.1-160000.3.1.s390x.rpm sendmail-devel-8.18.1-160000.3.1.s390x.rpm libmilter1_0-8.18.1-160000.3.1.x86_64.rpm rmail-8.18.1-160000.3.1.x86_64.rpm sendmail-8.18.1-160000.3.1.x86_64.rpm sendmail-devel-8.18.1-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-381 Security update for qemu moderate SUSE SLFO 1.2 This update for qemu fixes the following issues: - Update to version 10.0.8 - CVE-2025-14876: Fixed unbounded allocation in virtio-crypto. (bsc#1255400) - CVE-2026-0665: Fixed PIRQ bounds check in xen_physdev_map_pirq. (bsc#1256484) qemu-10.0.8-160000.1.1.aarch64.rpm qemu-SLOF-10.0.8-160000.1.1.noarch.rpm qemu-accel-qtest-10.0.8-160000.1.1.aarch64.rpm qemu-arm-10.0.8-160000.1.1.aarch64.rpm qemu-audio-alsa-10.0.8-160000.1.1.aarch64.rpm qemu-audio-dbus-10.0.8-160000.1.1.aarch64.rpm qemu-audio-jack-10.0.8-160000.1.1.aarch64.rpm qemu-audio-oss-10.0.8-160000.1.1.aarch64.rpm qemu-audio-pa-10.0.8-160000.1.1.aarch64.rpm qemu-audio-pipewire-10.0.8-160000.1.1.aarch64.rpm qemu-audio-spice-10.0.8-160000.1.1.aarch64.rpm qemu-block-curl-10.0.8-160000.1.1.aarch64.rpm qemu-block-dmg-10.0.8-160000.1.1.aarch64.rpm qemu-block-iscsi-10.0.8-160000.1.1.aarch64.rpm qemu-block-nfs-10.0.8-160000.1.1.aarch64.rpm qemu-block-rbd-10.0.8-160000.1.1.aarch64.rpm qemu-block-ssh-10.0.8-160000.1.1.aarch64.rpm qemu-chardev-baum-10.0.8-160000.1.1.aarch64.rpm qemu-chardev-spice-10.0.8-160000.1.1.aarch64.rpm qemu-doc-10.0.8-160000.1.1.noarch.rpm qemu-extra-10.0.8-160000.1.1.aarch64.rpm qemu-guest-agent-10.0.8-160000.1.1.aarch64.rpm qemu-headless-10.0.8-160000.1.1.aarch64.rpm qemu-hw-display-qxl-10.0.8-160000.1.1.aarch64.rpm qemu-hw-display-virtio-gpu-10.0.8-160000.1.1.aarch64.rpm qemu-hw-display-virtio-gpu-pci-10.0.8-160000.1.1.aarch64.rpm qemu-hw-display-virtio-vga-10.0.8-160000.1.1.aarch64.rpm qemu-hw-s390x-virtio-gpu-ccw-10.0.8-160000.1.1.aarch64.rpm qemu-hw-usb-host-10.0.8-160000.1.1.aarch64.rpm qemu-hw-usb-redirect-10.0.8-160000.1.1.aarch64.rpm qemu-hw-usb-smartcard-10.0.8-160000.1.1.aarch64.rpm qemu-img-10.0.8-160000.1.1.aarch64.rpm qemu-ipxe-10.0.8-160000.1.1.noarch.rpm qemu-ivshmem-tools-10.0.8-160000.1.1.aarch64.rpm qemu-ksm-10.0.8-160000.1.1.aarch64.rpm qemu-lang-10.0.8-160000.1.1.noarch.rpm qemu-microvm-10.0.8-160000.1.1.noarch.rpm qemu-ppc-10.0.8-160000.1.1.aarch64.rpm qemu-pr-helper-10.0.8-160000.1.1.aarch64.rpm qemu-s390x-10.0.8-160000.1.1.aarch64.rpm qemu-seabios-10.0.81.16.3_3_g3d33c746-160000.1.1.noarch.rpm qemu-skiboot-10.0.8-160000.1.1.noarch.rpm qemu-spice-10.0.8-160000.1.1.aarch64.rpm qemu-tools-10.0.8-160000.1.1.aarch64.rpm qemu-ui-curses-10.0.8-160000.1.1.aarch64.rpm qemu-ui-dbus-10.0.8-160000.1.1.aarch64.rpm qemu-ui-gtk-10.0.8-160000.1.1.aarch64.rpm qemu-ui-opengl-10.0.8-160000.1.1.aarch64.rpm qemu-ui-spice-app-10.0.8-160000.1.1.aarch64.rpm qemu-ui-spice-core-10.0.8-160000.1.1.aarch64.rpm qemu-vgabios-10.0.81.16.3_3_g3d33c746-160000.1.1.noarch.rpm qemu-vhost-user-gpu-10.0.8-160000.1.1.aarch64.rpm qemu-x86-10.0.8-160000.1.1.aarch64.rpm qemu-linux-user-10.0.8-160000.1.1.aarch64.rpm qemu-10.0.8-160000.1.1.ppc64le.rpm qemu-accel-qtest-10.0.8-160000.1.1.ppc64le.rpm qemu-arm-10.0.8-160000.1.1.ppc64le.rpm qemu-audio-alsa-10.0.8-160000.1.1.ppc64le.rpm qemu-audio-dbus-10.0.8-160000.1.1.ppc64le.rpm qemu-audio-jack-10.0.8-160000.1.1.ppc64le.rpm qemu-audio-oss-10.0.8-160000.1.1.ppc64le.rpm qemu-audio-pa-10.0.8-160000.1.1.ppc64le.rpm qemu-audio-pipewire-10.0.8-160000.1.1.ppc64le.rpm qemu-audio-spice-10.0.8-160000.1.1.ppc64le.rpm qemu-block-curl-10.0.8-160000.1.1.ppc64le.rpm qemu-block-dmg-10.0.8-160000.1.1.ppc64le.rpm qemu-block-iscsi-10.0.8-160000.1.1.ppc64le.rpm qemu-block-nfs-10.0.8-160000.1.1.ppc64le.rpm qemu-block-rbd-10.0.8-160000.1.1.ppc64le.rpm qemu-block-ssh-10.0.8-160000.1.1.ppc64le.rpm qemu-chardev-baum-10.0.8-160000.1.1.ppc64le.rpm qemu-chardev-spice-10.0.8-160000.1.1.ppc64le.rpm qemu-extra-10.0.8-160000.1.1.ppc64le.rpm qemu-guest-agent-10.0.8-160000.1.1.ppc64le.rpm qemu-headless-10.0.8-160000.1.1.ppc64le.rpm qemu-hw-display-qxl-10.0.8-160000.1.1.ppc64le.rpm qemu-hw-display-virtio-gpu-10.0.8-160000.1.1.ppc64le.rpm qemu-hw-display-virtio-gpu-pci-10.0.8-160000.1.1.ppc64le.rpm qemu-hw-display-virtio-vga-10.0.8-160000.1.1.ppc64le.rpm qemu-hw-s390x-virtio-gpu-ccw-10.0.8-160000.1.1.ppc64le.rpm qemu-hw-usb-host-10.0.8-160000.1.1.ppc64le.rpm qemu-hw-usb-redirect-10.0.8-160000.1.1.ppc64le.rpm qemu-hw-usb-smartcard-10.0.8-160000.1.1.ppc64le.rpm qemu-img-10.0.8-160000.1.1.ppc64le.rpm qemu-ivshmem-tools-10.0.8-160000.1.1.ppc64le.rpm qemu-ksm-10.0.8-160000.1.1.ppc64le.rpm qemu-ppc-10.0.8-160000.1.1.ppc64le.rpm qemu-pr-helper-10.0.8-160000.1.1.ppc64le.rpm qemu-s390x-10.0.8-160000.1.1.ppc64le.rpm qemu-spice-10.0.8-160000.1.1.ppc64le.rpm qemu-tools-10.0.8-160000.1.1.ppc64le.rpm qemu-ui-curses-10.0.8-160000.1.1.ppc64le.rpm qemu-ui-dbus-10.0.8-160000.1.1.ppc64le.rpm qemu-ui-gtk-10.0.8-160000.1.1.ppc64le.rpm qemu-ui-opengl-10.0.8-160000.1.1.ppc64le.rpm qemu-ui-spice-app-10.0.8-160000.1.1.ppc64le.rpm qemu-ui-spice-core-10.0.8-160000.1.1.ppc64le.rpm qemu-vhost-user-gpu-10.0.8-160000.1.1.ppc64le.rpm qemu-x86-10.0.8-160000.1.1.ppc64le.rpm qemu-linux-user-10.0.8-160000.1.1.ppc64le.rpm qemu-10.0.8-160000.1.1.s390x.rpm qemu-accel-qtest-10.0.8-160000.1.1.s390x.rpm qemu-arm-10.0.8-160000.1.1.s390x.rpm qemu-audio-alsa-10.0.8-160000.1.1.s390x.rpm qemu-audio-dbus-10.0.8-160000.1.1.s390x.rpm qemu-audio-jack-10.0.8-160000.1.1.s390x.rpm qemu-audio-oss-10.0.8-160000.1.1.s390x.rpm qemu-audio-pa-10.0.8-160000.1.1.s390x.rpm qemu-audio-pipewire-10.0.8-160000.1.1.s390x.rpm qemu-audio-spice-10.0.8-160000.1.1.s390x.rpm qemu-block-curl-10.0.8-160000.1.1.s390x.rpm qemu-block-dmg-10.0.8-160000.1.1.s390x.rpm qemu-block-iscsi-10.0.8-160000.1.1.s390x.rpm qemu-block-nfs-10.0.8-160000.1.1.s390x.rpm qemu-block-rbd-10.0.8-160000.1.1.s390x.rpm qemu-block-ssh-10.0.8-160000.1.1.s390x.rpm qemu-chardev-baum-10.0.8-160000.1.1.s390x.rpm qemu-chardev-spice-10.0.8-160000.1.1.s390x.rpm qemu-extra-10.0.8-160000.1.1.s390x.rpm qemu-guest-agent-10.0.8-160000.1.1.s390x.rpm qemu-headless-10.0.8-160000.1.1.s390x.rpm qemu-hw-display-qxl-10.0.8-160000.1.1.s390x.rpm qemu-hw-display-virtio-gpu-10.0.8-160000.1.1.s390x.rpm qemu-hw-display-virtio-gpu-pci-10.0.8-160000.1.1.s390x.rpm qemu-hw-display-virtio-vga-10.0.8-160000.1.1.s390x.rpm qemu-hw-s390x-virtio-gpu-ccw-10.0.8-160000.1.1.s390x.rpm qemu-hw-usb-host-10.0.8-160000.1.1.s390x.rpm qemu-hw-usb-redirect-10.0.8-160000.1.1.s390x.rpm qemu-hw-usb-smartcard-10.0.8-160000.1.1.s390x.rpm qemu-img-10.0.8-160000.1.1.s390x.rpm qemu-ivshmem-tools-10.0.8-160000.1.1.s390x.rpm qemu-ksm-10.0.8-160000.1.1.s390x.rpm qemu-ppc-10.0.8-160000.1.1.s390x.rpm qemu-pr-helper-10.0.8-160000.1.1.s390x.rpm qemu-s390x-10.0.8-160000.1.1.s390x.rpm qemu-spice-10.0.8-160000.1.1.s390x.rpm qemu-tools-10.0.8-160000.1.1.s390x.rpm qemu-ui-curses-10.0.8-160000.1.1.s390x.rpm qemu-ui-dbus-10.0.8-160000.1.1.s390x.rpm qemu-ui-gtk-10.0.8-160000.1.1.s390x.rpm qemu-ui-opengl-10.0.8-160000.1.1.s390x.rpm qemu-ui-spice-app-10.0.8-160000.1.1.s390x.rpm qemu-ui-spice-core-10.0.8-160000.1.1.s390x.rpm qemu-vhost-user-gpu-10.0.8-160000.1.1.s390x.rpm qemu-x86-10.0.8-160000.1.1.s390x.rpm qemu-linux-user-10.0.8-160000.1.1.s390x.rpm qemu-10.0.8-160000.1.1.x86_64.rpm qemu-accel-qtest-10.0.8-160000.1.1.x86_64.rpm qemu-arm-10.0.8-160000.1.1.x86_64.rpm qemu-audio-alsa-10.0.8-160000.1.1.x86_64.rpm qemu-audio-dbus-10.0.8-160000.1.1.x86_64.rpm qemu-audio-jack-10.0.8-160000.1.1.x86_64.rpm qemu-audio-oss-10.0.8-160000.1.1.x86_64.rpm qemu-audio-pa-10.0.8-160000.1.1.x86_64.rpm qemu-audio-pipewire-10.0.8-160000.1.1.x86_64.rpm qemu-audio-spice-10.0.8-160000.1.1.x86_64.rpm qemu-block-curl-10.0.8-160000.1.1.x86_64.rpm qemu-block-dmg-10.0.8-160000.1.1.x86_64.rpm qemu-block-iscsi-10.0.8-160000.1.1.x86_64.rpm qemu-block-nfs-10.0.8-160000.1.1.x86_64.rpm qemu-block-rbd-10.0.8-160000.1.1.x86_64.rpm qemu-block-ssh-10.0.8-160000.1.1.x86_64.rpm qemu-chardev-baum-10.0.8-160000.1.1.x86_64.rpm qemu-chardev-spice-10.0.8-160000.1.1.x86_64.rpm qemu-extra-10.0.8-160000.1.1.x86_64.rpm qemu-guest-agent-10.0.8-160000.1.1.x86_64.rpm qemu-headless-10.0.8-160000.1.1.x86_64.rpm qemu-hw-display-qxl-10.0.8-160000.1.1.x86_64.rpm qemu-hw-display-virtio-gpu-10.0.8-160000.1.1.x86_64.rpm qemu-hw-display-virtio-gpu-pci-10.0.8-160000.1.1.x86_64.rpm qemu-hw-display-virtio-vga-10.0.8-160000.1.1.x86_64.rpm qemu-hw-s390x-virtio-gpu-ccw-10.0.8-160000.1.1.x86_64.rpm qemu-hw-usb-host-10.0.8-160000.1.1.x86_64.rpm qemu-hw-usb-redirect-10.0.8-160000.1.1.x86_64.rpm qemu-hw-usb-smartcard-10.0.8-160000.1.1.x86_64.rpm qemu-img-10.0.8-160000.1.1.x86_64.rpm qemu-ivshmem-tools-10.0.8-160000.1.1.x86_64.rpm qemu-ksm-10.0.8-160000.1.1.x86_64.rpm qemu-ppc-10.0.8-160000.1.1.x86_64.rpm qemu-pr-helper-10.0.8-160000.1.1.x86_64.rpm qemu-s390x-10.0.8-160000.1.1.x86_64.rpm qemu-spice-10.0.8-160000.1.1.x86_64.rpm qemu-tools-10.0.8-160000.1.1.x86_64.rpm qemu-ui-curses-10.0.8-160000.1.1.x86_64.rpm qemu-ui-dbus-10.0.8-160000.1.1.x86_64.rpm qemu-ui-gtk-10.0.8-160000.1.1.x86_64.rpm qemu-ui-opengl-10.0.8-160000.1.1.x86_64.rpm qemu-ui-spice-app-10.0.8-160000.1.1.x86_64.rpm qemu-ui-spice-core-10.0.8-160000.1.1.x86_64.rpm qemu-vhost-user-gpu-10.0.8-160000.1.1.x86_64.rpm qemu-vmsr-helper-10.0.8-160000.1.1.x86_64.rpm qemu-x86-10.0.8-160000.1.1.x86_64.rpm qemu-linux-user-10.0.8-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-382 Recommended update for openssh important SUSE SLFO 1.2 This update for openssh fixes the following issues: - Fix: L3: openssh is not "ready" to work with sssd-kcm (bsc#1258166): * allow using SSSD with a non-file backend openssh-10.0p2-160000.4.1.aarch64.rpm openssh-cavs-10.0p2-160000.4.1.aarch64.rpm openssh-clients-10.0p2-160000.4.1.aarch64.rpm openssh-common-10.0p2-160000.4.1.aarch64.rpm openssh-helpers-10.0p2-160000.4.1.aarch64.rpm openssh-server-10.0p2-160000.4.1.aarch64.rpm openssh-server-config-rootlogin-10.0p2-160000.4.1.aarch64.rpm openssh-askpass-gnome-10.0p2-160000.4.1.aarch64.rpm openssh-10.0p2-160000.4.1.ppc64le.rpm openssh-cavs-10.0p2-160000.4.1.ppc64le.rpm openssh-clients-10.0p2-160000.4.1.ppc64le.rpm openssh-common-10.0p2-160000.4.1.ppc64le.rpm openssh-helpers-10.0p2-160000.4.1.ppc64le.rpm openssh-server-10.0p2-160000.4.1.ppc64le.rpm openssh-server-config-rootlogin-10.0p2-160000.4.1.ppc64le.rpm openssh-askpass-gnome-10.0p2-160000.4.1.ppc64le.rpm openssh-10.0p2-160000.4.1.s390x.rpm openssh-cavs-10.0p2-160000.4.1.s390x.rpm openssh-clients-10.0p2-160000.4.1.s390x.rpm openssh-common-10.0p2-160000.4.1.s390x.rpm openssh-helpers-10.0p2-160000.4.1.s390x.rpm openssh-server-10.0p2-160000.4.1.s390x.rpm openssh-server-config-rootlogin-10.0p2-160000.4.1.s390x.rpm openssh-askpass-gnome-10.0p2-160000.4.1.s390x.rpm openssh-10.0p2-160000.4.1.x86_64.rpm openssh-cavs-10.0p2-160000.4.1.x86_64.rpm openssh-clients-10.0p2-160000.4.1.x86_64.rpm openssh-common-10.0p2-160000.4.1.x86_64.rpm openssh-helpers-10.0p2-160000.4.1.x86_64.rpm openssh-server-10.0p2-160000.4.1.x86_64.rpm openssh-server-config-rootlogin-10.0p2-160000.4.1.x86_64.rpm openssh-askpass-gnome-10.0p2-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-383 Recommended update for mdadm important SUSE SLFO 1.2 This update for mdadm fixes the following issues: - Update to version 4.4+40.gad81df32: * avoid mdcheck_continue.timer and mdcheck_start.timer firing simultaneously (bsc#1243443, bsc#1259090) - Update to version 4.4+39.g1b34084f: * platform-intel: Deal with hot-unplugged devices (bsc#1258265) * imsm: Fix UEFI backward compatibility for RAID10D4 (bsc#1257009) - Update to version 4.4+37.gea219956: * Backport upstream fixes from 4.5 (bsc#1257009) * Re-enable mdadm --monitor ... for /dev/mdX * Allow RAID0 to be created with v0.90 metadata * Moves memory management into Assemble to avoid null pointer dereference * Support non-absolute name during monitor scan * Don't set badblock flag when adding a new disk * Fix metadata corruption when managing new imsm array mdadm-4.4+40.gad81df32-160000.1.1.aarch64.rpm mdadm-doc-4.4+40.gad81df32-160000.1.1.aarch64.rpm mdadm-4.4+40.gad81df32-160000.1.1.ppc64le.rpm mdadm-doc-4.4+40.gad81df32-160000.1.1.ppc64le.rpm mdadm-4.4+40.gad81df32-160000.1.1.s390x.rpm mdadm-doc-4.4+40.gad81df32-160000.1.1.s390x.rpm mdadm-4.4+40.gad81df32-160000.1.1.x86_64.rpm mdadm-doc-4.4+40.gad81df32-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-384 Recommended update for suse-migration-services moderate SUSE SLFO 1.2 This update for suse-migration-services fixes the following issues: - Bump to version: 2.1.30: * Update docinfo * Update doc/adoc/user_guide.adoc * Update documentation for 12-to-15 in pubclouds Fix information about default service pack target. * Apply make black * Added black for code formatting * refactor: add `Zypper.install` wrapper Add `Zypper.install` wrapper method for package installation * Fixed get_migration_target return behavior * fix: ensure NetworkManager is installed on the target system suse-migration-scripts-2.1.30-160000.1.1.noarch.rpm openSUSE-Leap-16.0-386 Recommended update for multipath-tools important SUSE SLFO 1.2 This update for multipath-tools fixes the following issues: - Bug fixes from 0.12.2 (bsc#1257007) * kpartx: fix segfault when operating on regular files (bsc#1257244, bsc#1257153) * multipathd: print path offline message even without a checker (bsc#1254094) * Fix `mpathpersist --report-capabilities` output. * Fix command descriptions in the multipathd man page. * Fix ISO C23 compatibility issue causing errors with new compilers. * Fix memory leak caused by not joining the "init unwinder" thread. * Fix memory leaks in kpartx. * Print the warning "setting scsi timeouts is unsupported for protocol" only once per protocol. * Make sure multipath-tools is compiled with the compiler flag `-fno-strict-aliasing` (bsc#1255285). - Features from upstream 0.12.0: * Maps that were added outside of multipathd and that couldn't be reloaded by multipathd used to be ignored by multipathd. multipathd will now monitor them. If some paths were offline while the map was created, multipathd will now add them to the map when they go online again. * multipathd retries persistent reservation commands that have failed on one path on another one. - Documentation fixes - Additions to the hardware table kpartx-0.12.2+254+suse.924a3ed8-160000.1.1.aarch64.rpm libdmmp-devel-0.12.2+254+suse.924a3ed8-160000.1.1.aarch64.rpm libdmmp0_2_0-0.12.2+254+suse.924a3ed8-160000.1.1.aarch64.rpm libmpath0-0.12.2+254+suse.924a3ed8-160000.1.1.aarch64.rpm multipath-tools-0.12.2+254+suse.924a3ed8-160000.1.1.aarch64.rpm multipath-tools-devel-0.12.2+254+suse.924a3ed8-160000.1.1.aarch64.rpm kpartx-0.12.2+254+suse.924a3ed8-160000.1.1.ppc64le.rpm libdmmp-devel-0.12.2+254+suse.924a3ed8-160000.1.1.ppc64le.rpm libdmmp0_2_0-0.12.2+254+suse.924a3ed8-160000.1.1.ppc64le.rpm libmpath0-0.12.2+254+suse.924a3ed8-160000.1.1.ppc64le.rpm multipath-tools-0.12.2+254+suse.924a3ed8-160000.1.1.ppc64le.rpm multipath-tools-devel-0.12.2+254+suse.924a3ed8-160000.1.1.ppc64le.rpm kpartx-0.12.2+254+suse.924a3ed8-160000.1.1.s390x.rpm libdmmp-devel-0.12.2+254+suse.924a3ed8-160000.1.1.s390x.rpm libdmmp0_2_0-0.12.2+254+suse.924a3ed8-160000.1.1.s390x.rpm libmpath0-0.12.2+254+suse.924a3ed8-160000.1.1.s390x.rpm multipath-tools-0.12.2+254+suse.924a3ed8-160000.1.1.s390x.rpm multipath-tools-devel-0.12.2+254+suse.924a3ed8-160000.1.1.s390x.rpm kpartx-0.12.2+254+suse.924a3ed8-160000.1.1.x86_64.rpm libdmmp-devel-0.12.2+254+suse.924a3ed8-160000.1.1.x86_64.rpm libdmmp0_2_0-0.12.2+254+suse.924a3ed8-160000.1.1.x86_64.rpm libmpath0-0.12.2+254+suse.924a3ed8-160000.1.1.x86_64.rpm multipath-tools-0.12.2+254+suse.924a3ed8-160000.1.1.x86_64.rpm multipath-tools-devel-0.12.2+254+suse.924a3ed8-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-387 Security update for rust-keylime important SUSE SLFO 1.2 This update for rust-keylime fixes the following issues: - Update to version 0.2.8+116: - CVE-2026-25727: Update vendored crates to fix a date parser can lead to stack exhaustion in Time. (bsc#1257908) keylime-ima-policy-0.2.8+116-160000.1.1.aarch64.rpm rust-keylime-0.2.8+116-160000.1.1.aarch64.rpm keylime-ima-policy-0.2.8+116-160000.1.1.ppc64le.rpm rust-keylime-0.2.8+116-160000.1.1.ppc64le.rpm keylime-ima-policy-0.2.8+116-160000.1.1.s390x.rpm rust-keylime-0.2.8+116-160000.1.1.s390x.rpm keylime-ima-policy-0.2.8+116-160000.1.1.x86_64.rpm rust-keylime-0.2.8+116-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-388 Security update for MozillaFirefox important SUSE SLFO 1.2 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 140.8.0 ESR (bsc#1258568) - CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video component - CVE-2026-2758: Use-after-free in the JavaScript: GC component - CVE-2026-2759: Incorrect boundary conditions in the Graphics: ImageLib component - CVE-2026-2760: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component - CVE-2026-2761: Sandbox escape in the Graphics: WebRender component - CVE-2026-2762: Integer overflow in the JavaScript: Standard Library component - CVE-2026-2763: Use-after-free in the JavaScript Engine component - CVE-2026-2764: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component - CVE-2026-2765: Use-after-free in the JavaScript Engine component - CVE-2026-2766: Use-after-free in the JavaScript Engine: JIT component - CVE-2026-2767: Use-after-free in the JavaScript: WebAssembly component - CVE-2026-2768: Sandbox escape in the Storage: IndexedDB component - CVE-2026-2769: Use-after-free in the Storage: IndexedDB component - CVE-2026-2770: Use-after-free in the DOM: Bindings (WebIDL) component - CVE-2026-2771: Undefined behavior in the DOM: Core HTML component - CVE-2026-2772: Use-after-free in the Audio/Video: Playback component - CVE-2026-2773: Incorrect boundary conditions in the Web Audio component - CVE-2026-2774: Integer overflow in the Audio/Video component - CVE-2026-2775: Mitigation bypass in the DOM: HTML Parser component - CVE-2026-2776: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software - CVE-2026-2777: Privilege escalation in the Messaging System component - CVE-2026-2778: Sandbox escape due to incorrect boundary conditions in the DOM: Core HTML component - CVE-2026-2779: Incorrect boundary conditions in the Networking: JAR component - CVE-2026-2780: Privilege escalation in the Netmonitor component - CVE-2026-2781: Integer overflow in the Libraries component in NSS - CVE-2026-2782: Privilege escalation in the Netmonitor component - CVE-2026-2783: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component - CVE-2026-2784: Mitigation bypass in the DOM: Security component - CVE-2026-2785: Invalid pointer in the JavaScript Engine component - CVE-2026-2786: Use-after-free in the JavaScript Engine component - CVE-2026-2787: Use-after-free in the DOM: Window and Location component - CVE-2026-2788: Incorrect boundary conditions in the Audio/Video: GMP component - CVE-2026-2789: Use-after-free in the Graphics: ImageLib component - CVE-2026-2790: Same-origin policy bypass in the Networking: JAR component - CVE-2026-2791: Mitigation bypass in the Networking: Cache component - CVE-2026-2792: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 - CVE-2026-2793: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 MozillaFirefox-140.8.0-160000.1.1.aarch64.rpm MozillaFirefox-branding-upstream-140.8.0-160000.1.1.aarch64.rpm MozillaFirefox-devel-140.8.0-160000.1.1.noarch.rpm MozillaFirefox-translations-common-140.8.0-160000.1.1.aarch64.rpm MozillaFirefox-translations-other-140.8.0-160000.1.1.aarch64.rpm MozillaFirefox-140.8.0-160000.1.1.ppc64le.rpm MozillaFirefox-branding-upstream-140.8.0-160000.1.1.ppc64le.rpm MozillaFirefox-translations-common-140.8.0-160000.1.1.ppc64le.rpm MozillaFirefox-translations-other-140.8.0-160000.1.1.ppc64le.rpm MozillaFirefox-140.8.0-160000.1.1.s390x.rpm MozillaFirefox-branding-upstream-140.8.0-160000.1.1.s390x.rpm MozillaFirefox-translations-common-140.8.0-160000.1.1.s390x.rpm MozillaFirefox-translations-other-140.8.0-160000.1.1.s390x.rpm MozillaFirefox-140.8.0-160000.1.1.x86_64.rpm MozillaFirefox-branding-upstream-140.8.0-160000.1.1.x86_64.rpm MozillaFirefox-translations-common-140.8.0-160000.1.1.x86_64.rpm MozillaFirefox-translations-other-140.8.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-389 Security update for docker-stable important SUSE SLFO 1.2 This update for docker-stable fixes the following issues: - CVE-2025-58181: Fixed unbounded memory consumption. (bsc#1253904) - CVE-2025-30204: Fixed a bug in jwt-go which allows excessive memory allocation during header parsing. (bsc#1240513) docker-stable-24.0.9_ce-160000.4.1.aarch64.rpm docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch.rpm docker-stable-buildx-0.25.0-160000.4.1.aarch64.rpm docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch.rpm docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch.rpm docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch.rpm docker-stable-24.0.9_ce-160000.4.1.ppc64le.rpm docker-stable-buildx-0.25.0-160000.4.1.ppc64le.rpm docker-stable-24.0.9_ce-160000.4.1.s390x.rpm docker-stable-buildx-0.25.0-160000.4.1.s390x.rpm docker-stable-24.0.9_ce-160000.4.1.x86_64.rpm docker-stable-buildx-0.25.0-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-39 Security update for MozillaFirefox important SUSE SLFO 1.2 This update for MozillaFirefox fixes the following issues: Changes in MozillaFirefox: Firefox Extended Support Release 140.5.0 ESR: * Fixed: Various security fixes (MFSA 2025-88 bsc#1253188): * CVE-2025-13012 Race condition in the Graphics component * CVE-2025-13016 Incorrect boundary conditions in the JavaScript: WebAssembly component * CVE-2025-13017 Same-origin policy bypass in the DOM: Notifications component * CVE-2025-13018 Mitigation bypass in the DOM: Security component * CVE-2025-13019 Same-origin policy bypass in the DOM: Workers component * CVE-2025-13013 Mitigation bypass in the DOM: Core & HTML component * CVE-2025-13020 Use-after-free in the WebRTC: Audio/Video component * CVE-2025-13014 Use-after-free in the Audio/Video component * CVE-2025-13015 Spoofing issue in Firefox - Firefox Extended Support Release 140.4.0 ESR * Fixed: Various security fixes. MFSA 2025-83 (bsc#1251263) * CVE-2025-11708 Use-after-free in MediaTrackGraphImpl::GetInstance() * CVE-2025-11709 Out of bounds read/write in a privileged process triggered by WebGL textures * CVE-2025-11710 Cross-process information leaked due to malicious IPC messages * CVE-2025-11711 Some non-writable Object properties could be modified * CVE-2025-11712 An OBJECT tag type attribute overrode browser behavior on web resources without a content-type * CVE-2025-11713 Potential user-assisted code execution in “Copy as cURL” command * CVE-2025-11714 Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 * CVE-2025-11715 Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 - Firefox Extended Support Release 140.3.1 ESR (bsc#1250452) * Fixed: Improved reliability when HTTP/3 connections fail: Firefox no longer forces HTTP/2 during fallback, allowing the server to choose the protocol and preventing stalls on some sites. Firefox Extended Support Release 140.3.0 ESR * Fixed: Various security fixes (MFSA 2025-75 bsc#1249391) * CVE-2025-10527 Sandbox escape due to use-after-free in the Graphics: Canvas2D component * CVE-2025-10528 Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component * CVE-2025-10529 Same-origin policy bypass in the Layout component * CVE-2025-10532 Incorrect boundary conditions in the JavaScript: GC component * CVE-2025-10533 Integer overflow in the SVG component * CVE-2025-10536 Information disclosure in the Networking: Cache component * CVE-2025-10537 Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 MozillaFirefox-140.5.0-160000.1.1.aarch64.rpm MozillaFirefox-branding-upstream-140.5.0-160000.1.1.aarch64.rpm MozillaFirefox-devel-140.5.0-160000.1.1.noarch.rpm MozillaFirefox-translations-common-140.5.0-160000.1.1.aarch64.rpm MozillaFirefox-translations-other-140.5.0-160000.1.1.aarch64.rpm MozillaFirefox-140.5.0-160000.1.1.ppc64le.rpm MozillaFirefox-branding-upstream-140.5.0-160000.1.1.ppc64le.rpm MozillaFirefox-translations-common-140.5.0-160000.1.1.ppc64le.rpm MozillaFirefox-translations-other-140.5.0-160000.1.1.ppc64le.rpm MozillaFirefox-140.5.0-160000.1.1.s390x.rpm MozillaFirefox-branding-upstream-140.5.0-160000.1.1.s390x.rpm MozillaFirefox-translations-common-140.5.0-160000.1.1.s390x.rpm MozillaFirefox-translations-other-140.5.0-160000.1.1.s390x.rpm MozillaFirefox-140.5.0-160000.1.1.x86_64.rpm MozillaFirefox-branding-upstream-140.5.0-160000.1.1.x86_64.rpm MozillaFirefox-translations-common-140.5.0-160000.1.1.x86_64.rpm MozillaFirefox-translations-other-140.5.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-390 Recommended update for rubygem-agama-yast, agama-products moderate SUSE SLFO 1.2 This update for rubygem-agama-yast, agama-products fixes the following issues: Changes in rubygem-agama-yast: - Do not log the URL password in the "inst.install_url" bootparameter (bsc#1258701) Changes in agama-products: - Update translations. ruby3.4-rubygem-agama-yast-17.devel479.45626eae4-160000.1.1.aarch64.rpm agama-yast-17.devel479.45626eae4-160000.1.1.aarch64.rpm agama-products-opensuse-17+487.2fb7ec56e-160000.6.1.noarch.rpm agama-products-sle-17+487.2fb7ec56e-160000.6.1.noarch.rpm ruby3.4-rubygem-agama-yast-17.devel479.45626eae4-160000.1.1.ppc64le.rpm agama-yast-17.devel479.45626eae4-160000.1.1.ppc64le.rpm ruby3.4-rubygem-agama-yast-17.devel479.45626eae4-160000.1.1.s390x.rpm agama-yast-17.devel479.45626eae4-160000.1.1.s390x.rpm ruby3.4-rubygem-agama-yast-17.devel479.45626eae4-160000.1.1.x86_64.rpm agama-yast-17.devel479.45626eae4-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-391 Security update for ocaml important SUSE SLFO 1.2 This update for ocaml fixes the following issues: - CVE-2026-28364: missing bounds validation in readblock() can lead to arbitrary code execution (bsc#1258992) ocaml-4.14.2-160000.4.1.aarch64.rpm ocaml-compiler-libs-4.14.2-160000.4.1.aarch64.rpm ocaml-compiler-libs-devel-4.14.2-160000.4.1.aarch64.rpm ocaml-ocamldoc-4.14.2-160000.4.1.aarch64.rpm ocaml-runtime-4.14.2-160000.4.1.aarch64.rpm ocaml-source-4.14.2-160000.4.1.aarch64.rpm ocaml-4.14.2-160000.4.1.ppc64le.rpm ocaml-compiler-libs-4.14.2-160000.4.1.ppc64le.rpm ocaml-compiler-libs-devel-4.14.2-160000.4.1.ppc64le.rpm ocaml-ocamldoc-4.14.2-160000.4.1.ppc64le.rpm ocaml-runtime-4.14.2-160000.4.1.ppc64le.rpm ocaml-source-4.14.2-160000.4.1.ppc64le.rpm ocaml-4.14.2-160000.4.1.s390x.rpm ocaml-compiler-libs-4.14.2-160000.4.1.s390x.rpm ocaml-compiler-libs-devel-4.14.2-160000.4.1.s390x.rpm ocaml-ocamldoc-4.14.2-160000.4.1.s390x.rpm ocaml-runtime-4.14.2-160000.4.1.s390x.rpm ocaml-source-4.14.2-160000.4.1.s390x.rpm ocaml-4.14.2-160000.4.1.x86_64.rpm ocaml-compiler-libs-4.14.2-160000.4.1.x86_64.rpm ocaml-compiler-libs-devel-4.14.2-160000.4.1.x86_64.rpm ocaml-ocamldoc-4.14.2-160000.4.1.x86_64.rpm ocaml-runtime-4.14.2-160000.4.1.x86_64.rpm ocaml-source-4.14.2-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-394 Recommended update for nvidia-open-driver-G07-signed moderate SUSE SLFO 1.2 This update for nvidia-open-driver-G07-signed fixes the following issues: - update CUDA variant to 595.45.04 - fixed build of 595.45.04 driver on SP4 - update non-CUDA version to 595.45.04 (bsc#1258797) - adjusted logic for %suse_version bump with SLE16.1 Beta2 (jsc#PED-15826) - fixes build against kernel 6.19 nvidia-open-driver-G07-signed-64kb-devel-595.45.04-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-check-595.45.04-160000.1.1.noarch.rpm nvidia-open-driver-G07-signed-default-devel-595.45.04-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-kmp-64kb-595.45.04_k6.12.0_160000.26-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-kmp-default-595.45.04_k6.12.0_160000.26-160000.1.1.aarch64.rpm nv-prefer-signed-open-driver-G07-595.45.04-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-cuda-64kb-devel-595.45.04-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-cuda-check-595.45.04-160000.1.1.noarch.rpm nvidia-open-driver-G07-signed-cuda-default-devel-595.45.04-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-cuda-kmp-64kb-595.45.04_k6.12.0_160000.26-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-cuda-kmp-default-595.45.04_k6.12.0_160000.26-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-default-devel-595.45.04-160000.1.1.x86_64.rpm nvidia-open-driver-G07-signed-kmp-default-595.45.04_k6.12.0_160000.26-160000.1.1.x86_64.rpm nv-prefer-signed-open-driver-G07-595.45.04-160000.1.1.x86_64.rpm nvidia-open-driver-G07-signed-cuda-default-devel-595.45.04-160000.1.1.x86_64.rpm nvidia-open-driver-G07-signed-cuda-kmp-default-595.45.04_k6.12.0_160000.26-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-395 Security update for python-maturin important SUSE SLFO 1.2 This update for python-maturin fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257918). python313-maturin-1.8.7-160000.4.1.aarch64.rpm python313-maturin-1.8.7-160000.4.1.ppc64le.rpm python313-maturin-1.8.7-160000.4.1.s390x.rpm python313-maturin-1.8.7-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-396 Security update for libpng16 important SUSE SLFO 1.2 This update for libpng16 fixes the following issues: - CVE-2026-25646: Heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020) - CVE-2025-28162: Fixed a memory leaks when running `pngimage`. (bsc#1257364) - CVE-2025-28164: Fixed a memory leaks when running `pngimage`. (bsc#1257365) libpng16-16-1.6.44-160000.5.1.aarch64.rpm libpng16-compat-devel-1.6.44-160000.5.1.aarch64.rpm libpng16-devel-1.6.44-160000.5.1.aarch64.rpm libpng16-tools-1.6.44-160000.5.1.aarch64.rpm libpng16-16-1.6.44-160000.5.1.ppc64le.rpm libpng16-compat-devel-1.6.44-160000.5.1.ppc64le.rpm libpng16-devel-1.6.44-160000.5.1.ppc64le.rpm libpng16-tools-1.6.44-160000.5.1.ppc64le.rpm libpng16-16-1.6.44-160000.5.1.s390x.rpm libpng16-compat-devel-1.6.44-160000.5.1.s390x.rpm libpng16-devel-1.6.44-160000.5.1.s390x.rpm libpng16-tools-1.6.44-160000.5.1.s390x.rpm libpng16-16-1.6.44-160000.5.1.x86_64.rpm libpng16-16-x86-64-v3-1.6.44-160000.5.1.x86_64.rpm libpng16-compat-devel-1.6.44-160000.5.1.x86_64.rpm libpng16-compat-devel-x86-64-v3-1.6.44-160000.5.1.x86_64.rpm libpng16-devel-1.6.44-160000.5.1.x86_64.rpm libpng16-devel-x86-64-v3-1.6.44-160000.5.1.x86_64.rpm libpng16-tools-1.6.44-160000.5.1.x86_64.rpm openSUSE-Leap-16.0-397 Recommended update for makedumpfile important SUSE SLFO 1.2 This update for makedumpfile fixes the following issues: - Fix a data race in multi-threading mode (--num-threads=N) (bsc#1245569, bsc#1256455). makedumpfile-1.7.7-160000.3.1.aarch64.rpm makedumpfile-1.7.7-160000.3.1.ppc64le.rpm makedumpfile-1.7.7-160000.3.1.s390x.rpm makedumpfile-1.7.7-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-398 Security update for snpguest important SUSE SLFO 1.2 This update for snpguest fixes the following issues: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257927). - Update to version 0.10.0 (bsc#1257877): * chore: updating tool version to 0.10.0 * refactor(certs): remove redundant branch in file-write logic * Docs: Adding verify measure, host-data, report-data to docs * verify: verify measurent, host data, and report data attributes from the attestation report. * library: Updating sev library to 7.1.0 * ci: replace deprecated gh actions * feat: multi-format integer parsing for key subcommand arguments * chore(main): remove unused import `clap::arg` * feat(fetch): add fetch crl subcommand * .github/lint: Bump toolchain version to 1.86 * Bump rust version to 1.86 * feat: bumping tool to version 0.9.2 * fix(verify): silence mismatched_lifetime_syntaxes in SnpOid::oid * feat: support SEV-SNP ABI Spec 1.58 (bump sev to v6.3.0) * docs: restore and clarify Global Options section * doc: fix CL argument orders + address recent changes * fix(hyperv): downgrade VMPL check from error to warning * fix(report.rs): remove conflict check between --random flag and Hyper-V * fix(report.rs): Decouple runtime behavior from hyperv build feature * refactor: clarify --platform error message * docs: add Azure/Hyper-V build note for --platform * docs: Update README.md * report: Writing Req Data as Binary (#101) * deps: bump virtee/sev to 6.2.1 (fix TCB-serialization bug) (#99) snpguest-0.10.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-399 Recommended update for suse-lifecycle important SUSE SLFO 1.2 This update for suse-lifecycle fixes the following issues: - Use strip-nondeterminism to normalize .egg mtimes (bsc#1249253) suse-lifecycle-0.9+git20250625.1a90c55-160000.4.1.noarch.rpm openSUSE-Leap-16.0-4 Recommended update of cloud-regionsrv-client moderate SUSE SLFO 1.2 This update for cloud-regionsrv-client fixes the following issues: Update version to 10.5.2 (bsc#1247539) + When an instance fails verification server side the default credentials were left behind requireing manual intervantion prior to the next registration attempt. + Fix issue triggered when using instance-billing-flavor-check due to IP address handling as object rather than string introduced 10.5.0 cloud-regionsrv-client-10.5.2-160000.3.1.noarch.rpm cloud-regionsrv-client-generic-config-1.0.0-160000.3.1.noarch.rpm cloud-regionsrv-client-license-watcher-1.0.0-160000.3.1.noarch.rpm cloud-regionsrv-client-plugin-azure-2.0.0-160000.3.1.noarch.rpm cloud-regionsrv-client-plugin-ec2-1.0.5-160000.3.1.noarch.rpm cloud-regionsrv-client-plugin-gce-1.0.0-160000.3.1.noarch.rpm openSUSE-Leap-16.0-40 Recommended update for docker important SUSE SLFO 1.2 This update for docker fixes the following issues: Changes in docker: - Enable SELinux in default daemon.json config (--selinux-enabled). This has no impact on non-SELinux systems (bsc#1252290) docker-28.3.2_ce-160000.3.1.aarch64.rpm docker-bash-completion-28.3.2_ce-160000.3.1.noarch.rpm docker-buildx-0.25.0-160000.3.1.aarch64.rpm docker-fish-completion-28.3.2_ce-160000.3.1.noarch.rpm docker-rootless-extras-28.3.2_ce-160000.3.1.noarch.rpm docker-zsh-completion-28.3.2_ce-160000.3.1.noarch.rpm docker-28.3.2_ce-160000.3.1.ppc64le.rpm docker-buildx-0.25.0-160000.3.1.ppc64le.rpm docker-28.3.2_ce-160000.3.1.s390x.rpm docker-buildx-0.25.0-160000.3.1.s390x.rpm docker-28.3.2_ce-160000.3.1.x86_64.rpm docker-buildx-0.25.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-400 Recommended update for scap-security-guide moderate SUSE SLFO 1.2 This update for scap-security-guide fixes the following issues: - Update the SSG package description - Add SLE16 profiles to the build - updated to 0.1.79 (jsc#ECO-3319) * Create SLE16 HIPAA profile * Create SLE16 PCI DSS 4 profile * Use Sequoia in RHEL 10 instead of GPG * New Profile for RHEL10: BSI * Move RHEL Control files to product files * Update RHEL 9 CCN profile * Various updates for SLE 12/15 scap-security-guide-0.1.80-160000.1.1.noarch.rpm scap-security-guide-debian-0.1.80-160000.1.1.noarch.rpm scap-security-guide-redhat-0.1.80-160000.1.1.noarch.rpm scap-security-guide-ubuntu-0.1.80-160000.1.1.noarch.rpm openSUSE-Leap-16.0-401 Security update for net-snmp important SUSE SLFO 1.2 This update for net-snmp fixes the following issues: - CVE-2025-68615: Fixed snmptrapd buffer overflow (bsc#1255491). libsnmp40-5.9.4-160000.3.1.aarch64.rpm net-snmp-5.9.4-160000.3.1.aarch64.rpm net-snmp-devel-5.9.4-160000.3.1.aarch64.rpm perl-SNMP-5.9.4-160000.3.1.aarch64.rpm python313-net-snmp-5.9.4-160000.3.1.aarch64.rpm snmp-mibs-5.9.4-160000.3.1.aarch64.rpm libsnmp40-5.9.4-160000.3.1.ppc64le.rpm net-snmp-5.9.4-160000.3.1.ppc64le.rpm net-snmp-devel-5.9.4-160000.3.1.ppc64le.rpm perl-SNMP-5.9.4-160000.3.1.ppc64le.rpm python313-net-snmp-5.9.4-160000.3.1.ppc64le.rpm snmp-mibs-5.9.4-160000.3.1.ppc64le.rpm libsnmp40-5.9.4-160000.3.1.s390x.rpm net-snmp-5.9.4-160000.3.1.s390x.rpm net-snmp-devel-5.9.4-160000.3.1.s390x.rpm perl-SNMP-5.9.4-160000.3.1.s390x.rpm python313-net-snmp-5.9.4-160000.3.1.s390x.rpm snmp-mibs-5.9.4-160000.3.1.s390x.rpm libsnmp40-5.9.4-160000.3.1.x86_64.rpm net-snmp-5.9.4-160000.3.1.x86_64.rpm net-snmp-devel-5.9.4-160000.3.1.x86_64.rpm perl-SNMP-5.9.4-160000.3.1.x86_64.rpm python313-net-snmp-5.9.4-160000.3.1.x86_64.rpm snmp-mibs-5.9.4-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-402 Security update for libsoup important SUSE SLFO 1.2 This update for libsoup fixes the following issues: Update to libsoup 3.6.6: - CVE-2025-12105: heap use-after-free in message queue handling during HTTP/2 read completion (bsc#1252555). - CVE-2025-14523: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (bsc#1254876). - CVE-2025-32049: Denial of Service attack to websocket server (bsc#1240751). - CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests (bsc#1257398). - CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects (bsc#1257441). - CVE-2026-1760: improper handling of HTTP requests combining certain headers by SoupServer can lead to HTTP request smuggling and potential DoS (bsc#1257597). - CVE-2026-2369: Buffer overread due to integer underflow when handling zero-length resources (bsc#1258120). - CVE-2026-2443: out-of-bounds read when processing specially crafted HTTP Range headers can lead to heap information disclosure to remote attackers (bsc#1258170). - CVE-2026-2708: HTTP request smuggling via duplicate Content-Length headers (bsc#1258508). Changelog: - websocket: Fix out-of-bounds read in process_frame - Check nulls returned by soup_date_time_new_from_http_string() - Numerous fixes to handling of Range headers - server: close the connection after responsing a request containing Content-Length and Transfer-Encoding - Use CRLF as line boundary when parsing chunked enconding data - websocket: do not accept messages frames after closing due to an error - Sanitize filename of content disposition header values - Always validate the headers value when coming from untrusted source - uri-utils: do host validation when checking if a GUri is valid - multipart: check length of bytes read soup_filter_input_stream_read_until() - message-headers: Reject duplicate Host headers - server: null-check soup_date_time_to_string() - auth-digest: fix crash in soup_auth_digest_get_protection_space() - session: fix 'heap-use-after-free' caused by 'finishing' queue item twice - cookies: Avoid expires attribute if date is invalid - http1: Set EOF flag once content-length bytes have been read - date-utils: Add value checks for date/time parsing - multipart: Fix multiple boundry limits - Fixed multiple possible memory leaks - message-headers: Correct merge of ranges - body-input-stream: Correct chunked trailers end detection - server-http2: Correctly validate URIs - multipart: Fix read out of buffer bounds under soup_multipart_new_from_message() - headers: Ensure Request-Line comprises entire first line - tests: Fix MSVC build error - Fix possible deadlock on init from gmodule usage - Updated translations. libsoup-3_0-0-3.6.6-160000.1.1.aarch64.rpm libsoup-devel-3.6.6-160000.1.1.aarch64.rpm libsoup-lang-3.6.6-160000.1.1.noarch.rpm typelib-1_0-Soup-3_0-3.6.6-160000.1.1.aarch64.rpm libsoup-3_0-0-3.6.6-160000.1.1.ppc64le.rpm libsoup-devel-3.6.6-160000.1.1.ppc64le.rpm typelib-1_0-Soup-3_0-3.6.6-160000.1.1.ppc64le.rpm libsoup-3_0-0-3.6.6-160000.1.1.s390x.rpm libsoup-devel-3.6.6-160000.1.1.s390x.rpm typelib-1_0-Soup-3_0-3.6.6-160000.1.1.s390x.rpm libsoup-3_0-0-3.6.6-160000.1.1.x86_64.rpm libsoup-devel-3.6.6-160000.1.1.x86_64.rpm typelib-1_0-Soup-3_0-3.6.6-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-403 Security update for libjxl important SUSE SLFO 1.2 This update for libjxl fixes the following issues: Update to libjxl 0.11.2: - CVE-2025-12474: a specially crafted file can cause the decoder to read pixel data from uninitialized allocated memory (bsc#1258090). - CVE-2026-1837: a specially crafted file can cause the decoder to write pixel data to uninitialized unallocated memory (bsc#1258091). libjxl-devel-0.11.2-160000.1.1.aarch64.rpm libjxl-tools-0.11.2-160000.1.1.aarch64.rpm libjxl0_11-0.11.2-160000.1.1.aarch64.rpm libjxl-devel-0.11.2-160000.1.1.ppc64le.rpm libjxl-tools-0.11.2-160000.1.1.ppc64le.rpm libjxl0_11-0.11.2-160000.1.1.ppc64le.rpm libjxl-devel-0.11.2-160000.1.1.s390x.rpm libjxl-tools-0.11.2-160000.1.1.s390x.rpm libjxl0_11-0.11.2-160000.1.1.s390x.rpm libjxl-devel-0.11.2-160000.1.1.x86_64.rpm libjxl-tools-0.11.2-160000.1.1.x86_64.rpm libjxl0_11-0.11.2-160000.1.1.x86_64.rpm libjxl0_11-x86-64-v3-0.11.2-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-404 Security update for cosign moderate SUSE SLFO 1.2 This update for cosign fixes the following issues: Update to version 3.0.5: - CVE-2026-24122: Fixed improper validation of certificates that outlive expired CA certificates (bsc#1258542) - CVE-2026-26958: Fixed filippo.io/edwards25519: failure to initialize receiver in MultiScalarMult can produce invalid results and lead to undefined behavior (bsc#1258612) - CVE-2026-24137: Fixed github.com/sigstore/sigstore/pkg/tuf: legacy TUF client allows for arbitrary file writes with target cache path traversal (bsc#1257139) - CVE-2026-22772: Fixed github.com/sigstore/fulcio: bypass MetaIssuer URL validation bypass can trigger SSRF to arbitrary internal services (bsc#1256562) - CVE-2026-23991: Fixed github.com/theupdateframework/go-tuf/v2: denial of service due to invalid TUF metadata JSON returned by TUF repository (bsc#1257080) - CVE-2026-23992: Fixed github.com/theupdateframework/go-tuf/v2: unauthorized modification to TUF metadata files due to a compromised or misconfigured TUF repository (bsc#1257085) - CVE-2025-11065: Fixed github.com/go-viper/mapstructure/v2: sensitive Information leak in logs (bsc#1250620) - CVE-2026-22703: Fixed that cosign verification accepts any valid Rekor entry under certain conditions (bsc#1256496) - CVE-2025-58181: Fixed golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption (bsc#1253913) cosign-3.0.5-160000.1.1.aarch64.rpm cosign-bash-completion-3.0.5-160000.1.1.noarch.rpm cosign-fish-completion-3.0.5-160000.1.1.noarch.rpm cosign-zsh-completion-3.0.5-160000.1.1.noarch.rpm cosign-3.0.5-160000.1.1.ppc64le.rpm cosign-3.0.5-160000.1.1.s390x.rpm cosign-3.0.5-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-405 Security update for busybox important SUSE SLFO 1.2 This update for busybox fixes the following issues: Changes in busybox: - CVE-2026-26157: Fixed arbitrary file overwrite and potential code execution via incomplete path sanitization. (bsc#1258163) - CVE-2026-26158: Fixed arbitrary file modification and privilege escalation via unvalidated tar archive entries. (bsc#1258167) busybox-1.37.0-160000.5.1.aarch64.rpm busybox-static-1.37.0-160000.5.1.aarch64.rpm busybox-warewulf3-1.37.0-160000.5.1.aarch64.rpm busybox-1.37.0-160000.5.1.ppc64le.rpm busybox-static-1.37.0-160000.5.1.ppc64le.rpm busybox-1.37.0-160000.5.1.s390x.rpm busybox-static-1.37.0-160000.5.1.s390x.rpm busybox-1.37.0-160000.5.1.x86_64.rpm busybox-static-1.37.0-160000.5.1.x86_64.rpm busybox-warewulf3-1.37.0-160000.5.1.x86_64.rpm openSUSE-Leap-16.0-406 Security update for postgresql17 important SUSE SLFO 1.2 This update for postgresql17 fixes the following issues: - Update to version 17.9. (bsc#1258754) - CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector (bsc#1258008) - CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data types. (bsc#1258009) - CVE-2026-2005: Fix buffer overrun in contrib/pgcrypto's PGP decryption functions. (bsc#1258010) - CVE-2026-2006: Fix inadequate validation of multibyte character lengths. (bsc#1258011) postgresql17-17.9-160000.1.1.aarch64.rpm postgresql17-contrib-17.9-160000.1.1.aarch64.rpm postgresql17-devel-17.9-160000.1.1.aarch64.rpm postgresql17-docs-17.9-160000.1.1.noarch.rpm postgresql17-llvmjit-17.9-160000.1.1.aarch64.rpm postgresql17-llvmjit-devel-17.9-160000.1.1.aarch64.rpm postgresql17-plperl-17.9-160000.1.1.aarch64.rpm postgresql17-plpython-17.9-160000.1.1.aarch64.rpm postgresql17-pltcl-17.9-160000.1.1.aarch64.rpm postgresql17-server-17.9-160000.1.1.aarch64.rpm postgresql17-server-devel-17.9-160000.1.1.aarch64.rpm postgresql17-test-17.9-160000.1.1.aarch64.rpm postgresql17-17.9-160000.1.1.ppc64le.rpm postgresql17-contrib-17.9-160000.1.1.ppc64le.rpm postgresql17-devel-17.9-160000.1.1.ppc64le.rpm postgresql17-llvmjit-17.9-160000.1.1.ppc64le.rpm postgresql17-llvmjit-devel-17.9-160000.1.1.ppc64le.rpm postgresql17-plperl-17.9-160000.1.1.ppc64le.rpm postgresql17-plpython-17.9-160000.1.1.ppc64le.rpm postgresql17-pltcl-17.9-160000.1.1.ppc64le.rpm postgresql17-server-17.9-160000.1.1.ppc64le.rpm postgresql17-server-devel-17.9-160000.1.1.ppc64le.rpm postgresql17-test-17.9-160000.1.1.ppc64le.rpm postgresql17-17.9-160000.1.1.s390x.rpm postgresql17-contrib-17.9-160000.1.1.s390x.rpm postgresql17-devel-17.9-160000.1.1.s390x.rpm postgresql17-llvmjit-17.9-160000.1.1.s390x.rpm postgresql17-llvmjit-devel-17.9-160000.1.1.s390x.rpm postgresql17-plperl-17.9-160000.1.1.s390x.rpm postgresql17-plpython-17.9-160000.1.1.s390x.rpm postgresql17-pltcl-17.9-160000.1.1.s390x.rpm postgresql17-server-17.9-160000.1.1.s390x.rpm postgresql17-server-devel-17.9-160000.1.1.s390x.rpm postgresql17-test-17.9-160000.1.1.s390x.rpm postgresql17-17.9-160000.1.1.x86_64.rpm postgresql17-contrib-17.9-160000.1.1.x86_64.rpm postgresql17-devel-17.9-160000.1.1.x86_64.rpm postgresql17-llvmjit-17.9-160000.1.1.x86_64.rpm postgresql17-llvmjit-devel-17.9-160000.1.1.x86_64.rpm postgresql17-plperl-17.9-160000.1.1.x86_64.rpm postgresql17-plpython-17.9-160000.1.1.x86_64.rpm postgresql17-pltcl-17.9-160000.1.1.x86_64.rpm postgresql17-server-17.9-160000.1.1.x86_64.rpm postgresql17-server-devel-17.9-160000.1.1.x86_64.rpm postgresql17-test-17.9-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-407 Recommended update for gcc15 important SUSE SLFO 1.2 This update for gcc15 fixes the following issues: Changes in gcc15: - Fixed bogus expression simplification (bsc#1257463) cpp15-15.2.0+git10201-160000.2.1.aarch64.rpm gcc15-15.2.0+git10201-160000.2.1.aarch64.rpm gcc15-PIE-15.2.0+git10201-160000.2.1.aarch64.rpm gcc15-ada-15.2.0+git10201-160000.2.1.aarch64.rpm gcc15-c++-15.2.0+git10201-160000.2.1.aarch64.rpm gcc15-d-15.2.0+git10201-160000.2.1.aarch64.rpm gcc15-fortran-15.2.0+git10201-160000.2.1.aarch64.rpm gcc15-go-15.2.0+git10201-160000.2.1.aarch64.rpm gcc15-info-15.2.0+git10201-160000.2.1.noarch.rpm gcc15-locale-15.2.0+git10201-160000.2.1.aarch64.rpm gcc15-m2-15.2.0+git10201-160000.2.1.aarch64.rpm gcc15-obj-c++-15.2.0+git10201-160000.2.1.aarch64.rpm gcc15-objc-15.2.0+git10201-160000.2.1.aarch64.rpm libada15-15.2.0+git10201-160000.2.1.aarch64.rpm libasan8-15.2.0+git10201-160000.2.1.aarch64.rpm libatomic1-15.2.0+git10201-160000.2.1.aarch64.rpm libgcc_s1-15.2.0+git10201-160000.2.1.aarch64.rpm libgccjit0-15.2.0+git10201-160000.2.1.aarch64.rpm libgccjit0-devel-gcc15-15.2.0+git10201-160000.2.1.aarch64.rpm libgdruntime6-15.2.0+git10201-160000.2.1.aarch64.rpm libgfortran5-15.2.0+git10201-160000.2.1.aarch64.rpm libgo24-15.2.0+git10201-160000.2.1.aarch64.rpm libgomp1-15.2.0+git10201-160000.2.1.aarch64.rpm libgphobos6-15.2.0+git10201-160000.2.1.aarch64.rpm libhwasan0-15.2.0+git10201-160000.2.1.aarch64.rpm libitm1-15.2.0+git10201-160000.2.1.aarch64.rpm liblsan0-15.2.0+git10201-160000.2.1.aarch64.rpm libm2cor20-15.2.0+git10201-160000.2.1.aarch64.rpm libm2iso20-15.2.0+git10201-160000.2.1.aarch64.rpm libm2log20-15.2.0+git10201-160000.2.1.aarch64.rpm libm2min20-15.2.0+git10201-160000.2.1.aarch64.rpm libm2pim20-15.2.0+git10201-160000.2.1.aarch64.rpm libobjc4-15.2.0+git10201-160000.2.1.aarch64.rpm libstdc++6-15.2.0+git10201-160000.2.1.aarch64.rpm libstdc++6-devel-gcc15-15.2.0+git10201-160000.2.1.aarch64.rpm libstdc++6-locale-15.2.0+git10201-160000.2.1.aarch64.rpm libstdc++6-pp-15.2.0+git10201-160000.2.1.aarch64.rpm libtsan2-15.2.0+git10201-160000.2.1.aarch64.rpm libubsan1-15.2.0+git10201-160000.2.1.aarch64.rpm gcc15-testresults-15.2.0+git10201-160000.2.1.aarch64.rpm cross-riscv64-gcc15-bootstrap-15.2.0+git10201-160000.2.1.aarch64.rpm cross-riscv64-gcc15-15.2.0+git10201-160000.2.1.aarch64.rpm cross-s390x-gcc15-bootstrap-15.2.0+git10201-160000.2.1.aarch64.rpm cross-s390x-gcc15-15.2.0+git10201-160000.2.1.aarch64.rpm cross-ppc64le-gcc15-bootstrap-15.2.0+git10201-160000.2.1.aarch64.rpm cross-ppc64le-gcc15-15.2.0+git10201-160000.2.1.aarch64.rpm cross-hppa-gcc15-bootstrap-15.2.0+git10201-160000.2.1.aarch64.rpm cross-arm-gcc15-15.2.0+git10201-160000.2.1.aarch64.rpm cross-avr-gcc15-bootstrap-15.2.0+git10201-160000.2.1.aarch64.rpm cross-pru-gcc15-bootstrap-15.2.0+git10201-160000.2.1.aarch64.rpm cross-x86_64-gcc15-15.2.0+git10201-160000.2.1.aarch64.rpm cross-ppc64-gcc15-15.2.0+git10201-160000.2.1.aarch64.rpm cross-arm-none-gcc15-bootstrap-15.2.0+git10201-160000.2.1.aarch64.rpm cross-riscv64-elf-gcc15-bootstrap-15.2.0+git10201-160000.2.1.aarch64.rpm cross-rx-gcc15-bootstrap-15.2.0+git10201-160000.2.1.aarch64.rpm cross-bpf-gcc15-15.2.0+git10201-160000.2.1.aarch64.rpm cpp15-15.2.0+git10201-160000.2.1.ppc64le.rpm gcc15-15.2.0+git10201-160000.2.1.ppc64le.rpm gcc15-PIE-15.2.0+git10201-160000.2.1.ppc64le.rpm gcc15-ada-15.2.0+git10201-160000.2.1.ppc64le.rpm gcc15-c++-15.2.0+git10201-160000.2.1.ppc64le.rpm gcc15-fortran-15.2.0+git10201-160000.2.1.ppc64le.rpm gcc15-go-15.2.0+git10201-160000.2.1.ppc64le.rpm gcc15-locale-15.2.0+git10201-160000.2.1.ppc64le.rpm gcc15-m2-15.2.0+git10201-160000.2.1.ppc64le.rpm gcc15-obj-c++-15.2.0+git10201-160000.2.1.ppc64le.rpm gcc15-objc-15.2.0+git10201-160000.2.1.ppc64le.rpm libada15-15.2.0+git10201-160000.2.1.ppc64le.rpm libasan8-15.2.0+git10201-160000.2.1.ppc64le.rpm libatomic1-15.2.0+git10201-160000.2.1.ppc64le.rpm libgcc_s1-15.2.0+git10201-160000.2.1.ppc64le.rpm libgccjit0-15.2.0+git10201-160000.2.1.ppc64le.rpm libgccjit0-devel-gcc15-15.2.0+git10201-160000.2.1.ppc64le.rpm libgfortran5-15.2.0+git10201-160000.2.1.ppc64le.rpm libgo24-15.2.0+git10201-160000.2.1.ppc64le.rpm libgomp1-15.2.0+git10201-160000.2.1.ppc64le.rpm libitm1-15.2.0+git10201-160000.2.1.ppc64le.rpm liblsan0-15.2.0+git10201-160000.2.1.ppc64le.rpm libm2cor20-15.2.0+git10201-160000.2.1.ppc64le.rpm libm2iso20-15.2.0+git10201-160000.2.1.ppc64le.rpm libm2log20-15.2.0+git10201-160000.2.1.ppc64le.rpm libm2min20-15.2.0+git10201-160000.2.1.ppc64le.rpm libm2pim20-15.2.0+git10201-160000.2.1.ppc64le.rpm libobjc4-15.2.0+git10201-160000.2.1.ppc64le.rpm libquadmath0-15.2.0+git10201-160000.2.1.ppc64le.rpm libquadmath0-devel-gcc15-15.2.0+git10201-160000.2.1.ppc64le.rpm libstdc++6-15.2.0+git10201-160000.2.1.ppc64le.rpm libstdc++6-devel-gcc15-15.2.0+git10201-160000.2.1.ppc64le.rpm libstdc++6-locale-15.2.0+git10201-160000.2.1.ppc64le.rpm libstdc++6-pp-15.2.0+git10201-160000.2.1.ppc64le.rpm libtsan2-15.2.0+git10201-160000.2.1.ppc64le.rpm libubsan1-15.2.0+git10201-160000.2.1.ppc64le.rpm gcc15-testresults-15.2.0+git10201-160000.2.1.ppc64le.rpm cross-aarch64-gcc15-bootstrap-15.2.0+git10201-160000.2.1.ppc64le.rpm cross-aarch64-gcc15-15.2.0+git10201-160000.2.1.ppc64le.rpm cross-riscv64-gcc15-bootstrap-15.2.0+git10201-160000.2.1.ppc64le.rpm cross-riscv64-gcc15-15.2.0+git10201-160000.2.1.ppc64le.rpm cross-s390x-gcc15-bootstrap-15.2.0+git10201-160000.2.1.ppc64le.rpm cross-s390x-gcc15-15.2.0+git10201-160000.2.1.ppc64le.rpm cross-hppa-gcc15-bootstrap-15.2.0+git10201-160000.2.1.ppc64le.rpm cross-arm-gcc15-15.2.0+git10201-160000.2.1.ppc64le.rpm cross-avr-gcc15-bootstrap-15.2.0+git10201-160000.2.1.ppc64le.rpm cross-pru-gcc15-bootstrap-15.2.0+git10201-160000.2.1.ppc64le.rpm cross-x86_64-gcc15-15.2.0+git10201-160000.2.1.ppc64le.rpm cross-arm-none-gcc15-bootstrap-15.2.0+git10201-160000.2.1.ppc64le.rpm cross-riscv64-elf-gcc15-bootstrap-15.2.0+git10201-160000.2.1.ppc64le.rpm cross-rx-gcc15-bootstrap-15.2.0+git10201-160000.2.1.ppc64le.rpm cross-bpf-gcc15-15.2.0+git10201-160000.2.1.ppc64le.rpm cpp15-15.2.0+git10201-160000.2.1.s390x.rpm gcc15-15.2.0+git10201-160000.2.1.s390x.rpm gcc15-PIE-15.2.0+git10201-160000.2.1.s390x.rpm gcc15-ada-15.2.0+git10201-160000.2.1.s390x.rpm gcc15-c++-15.2.0+git10201-160000.2.1.s390x.rpm gcc15-d-15.2.0+git10201-160000.2.1.s390x.rpm gcc15-fortran-15.2.0+git10201-160000.2.1.s390x.rpm gcc15-go-15.2.0+git10201-160000.2.1.s390x.rpm gcc15-locale-15.2.0+git10201-160000.2.1.s390x.rpm gcc15-m2-15.2.0+git10201-160000.2.1.s390x.rpm gcc15-obj-c++-15.2.0+git10201-160000.2.1.s390x.rpm gcc15-objc-15.2.0+git10201-160000.2.1.s390x.rpm libada15-15.2.0+git10201-160000.2.1.s390x.rpm libasan8-15.2.0+git10201-160000.2.1.s390x.rpm libatomic1-15.2.0+git10201-160000.2.1.s390x.rpm libgcc_s1-15.2.0+git10201-160000.2.1.s390x.rpm libgccjit0-15.2.0+git10201-160000.2.1.s390x.rpm libgccjit0-devel-gcc15-15.2.0+git10201-160000.2.1.s390x.rpm libgdruntime6-15.2.0+git10201-160000.2.1.s390x.rpm libgfortran5-15.2.0+git10201-160000.2.1.s390x.rpm libgo24-15.2.0+git10201-160000.2.1.s390x.rpm libgomp1-15.2.0+git10201-160000.2.1.s390x.rpm libgphobos6-15.2.0+git10201-160000.2.1.s390x.rpm libitm1-15.2.0+git10201-160000.2.1.s390x.rpm liblsan0-15.2.0+git10201-160000.2.1.s390x.rpm libm2cor20-15.2.0+git10201-160000.2.1.s390x.rpm libm2iso20-15.2.0+git10201-160000.2.1.s390x.rpm libm2log20-15.2.0+git10201-160000.2.1.s390x.rpm libm2min20-15.2.0+git10201-160000.2.1.s390x.rpm libm2pim20-15.2.0+git10201-160000.2.1.s390x.rpm libobjc4-15.2.0+git10201-160000.2.1.s390x.rpm libstdc++6-15.2.0+git10201-160000.2.1.s390x.rpm libstdc++6-devel-gcc15-15.2.0+git10201-160000.2.1.s390x.rpm libstdc++6-locale-15.2.0+git10201-160000.2.1.s390x.rpm libstdc++6-pp-15.2.0+git10201-160000.2.1.s390x.rpm libtsan2-15.2.0+git10201-160000.2.1.s390x.rpm libubsan1-15.2.0+git10201-160000.2.1.s390x.rpm gcc15-testresults-15.2.0+git10201-160000.2.1.s390x.rpm cross-aarch64-gcc15-bootstrap-15.2.0+git10201-160000.2.1.s390x.rpm cross-aarch64-gcc15-15.2.0+git10201-160000.2.1.s390x.rpm cross-riscv64-gcc15-bootstrap-15.2.0+git10201-160000.2.1.s390x.rpm cross-riscv64-gcc15-15.2.0+git10201-160000.2.1.s390x.rpm cross-ppc64le-gcc15-bootstrap-15.2.0+git10201-160000.2.1.s390x.rpm cross-ppc64le-gcc15-15.2.0+git10201-160000.2.1.s390x.rpm cross-hppa-gcc15-bootstrap-15.2.0+git10201-160000.2.1.s390x.rpm cross-arm-gcc15-15.2.0+git10201-160000.2.1.s390x.rpm cross-avr-gcc15-bootstrap-15.2.0+git10201-160000.2.1.s390x.rpm cross-pru-gcc15-bootstrap-15.2.0+git10201-160000.2.1.s390x.rpm cross-x86_64-gcc15-15.2.0+git10201-160000.2.1.s390x.rpm cross-ppc64-gcc15-15.2.0+git10201-160000.2.1.s390x.rpm cross-arm-none-gcc15-bootstrap-15.2.0+git10201-160000.2.1.s390x.rpm cross-riscv64-elf-gcc15-bootstrap-15.2.0+git10201-160000.2.1.s390x.rpm cross-rx-gcc15-bootstrap-15.2.0+git10201-160000.2.1.s390x.rpm cross-bpf-gcc15-15.2.0+git10201-160000.2.1.s390x.rpm cpp15-15.2.0+git10201-160000.2.1.x86_64.rpm gcc15-15.2.0+git10201-160000.2.1.x86_64.rpm gcc15-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm gcc15-PIE-15.2.0+git10201-160000.2.1.x86_64.rpm gcc15-ada-15.2.0+git10201-160000.2.1.x86_64.rpm gcc15-ada-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm gcc15-c++-15.2.0+git10201-160000.2.1.x86_64.rpm gcc15-c++-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm gcc15-d-15.2.0+git10201-160000.2.1.x86_64.rpm gcc15-d-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm gcc15-fortran-15.2.0+git10201-160000.2.1.x86_64.rpm gcc15-fortran-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm gcc15-go-15.2.0+git10201-160000.2.1.x86_64.rpm gcc15-go-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm gcc15-locale-15.2.0+git10201-160000.2.1.x86_64.rpm gcc15-m2-15.2.0+git10201-160000.2.1.x86_64.rpm gcc15-m2-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm gcc15-obj-c++-15.2.0+git10201-160000.2.1.x86_64.rpm gcc15-obj-c++-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm gcc15-objc-15.2.0+git10201-160000.2.1.x86_64.rpm gcc15-objc-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm libada15-15.2.0+git10201-160000.2.1.x86_64.rpm libada15-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm libasan8-15.2.0+git10201-160000.2.1.x86_64.rpm libasan8-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm libatomic1-15.2.0+git10201-160000.2.1.x86_64.rpm libatomic1-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm libgcc_s1-15.2.0+git10201-160000.2.1.x86_64.rpm libgcc_s1-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm libgccjit0-15.2.0+git10201-160000.2.1.x86_64.rpm libgccjit0-devel-gcc15-15.2.0+git10201-160000.2.1.x86_64.rpm libgdruntime6-15.2.0+git10201-160000.2.1.x86_64.rpm libgdruntime6-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm libgfortran5-15.2.0+git10201-160000.2.1.x86_64.rpm libgfortran5-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm libgo24-15.2.0+git10201-160000.2.1.x86_64.rpm libgo24-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm libgomp1-15.2.0+git10201-160000.2.1.x86_64.rpm libgomp1-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm libgphobos6-15.2.0+git10201-160000.2.1.x86_64.rpm libgphobos6-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm libhwasan0-15.2.0+git10201-160000.2.1.x86_64.rpm libitm1-15.2.0+git10201-160000.2.1.x86_64.rpm libitm1-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm liblsan0-15.2.0+git10201-160000.2.1.x86_64.rpm libm2cor20-15.2.0+git10201-160000.2.1.x86_64.rpm libm2cor20-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm libm2iso20-15.2.0+git10201-160000.2.1.x86_64.rpm libm2iso20-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm libm2log20-15.2.0+git10201-160000.2.1.x86_64.rpm libm2log20-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm libm2min20-15.2.0+git10201-160000.2.1.x86_64.rpm libm2min20-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm libm2pim20-15.2.0+git10201-160000.2.1.x86_64.rpm libm2pim20-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm libobjc4-15.2.0+git10201-160000.2.1.x86_64.rpm libobjc4-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm libquadmath0-15.2.0+git10201-160000.2.1.x86_64.rpm libquadmath0-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm libquadmath0-devel-gcc15-15.2.0+git10201-160000.2.1.x86_64.rpm libquadmath0-devel-gcc15-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm libstdc++6-15.2.0+git10201-160000.2.1.x86_64.rpm libstdc++6-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm libstdc++6-devel-gcc15-15.2.0+git10201-160000.2.1.x86_64.rpm libstdc++6-devel-gcc15-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm libstdc++6-locale-15.2.0+git10201-160000.2.1.x86_64.rpm libstdc++6-pp-15.2.0+git10201-160000.2.1.x86_64.rpm libstdc++6-pp-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm libtsan2-15.2.0+git10201-160000.2.1.x86_64.rpm libubsan1-15.2.0+git10201-160000.2.1.x86_64.rpm libubsan1-32bit-15.2.0+git10201-160000.2.1.x86_64.rpm gcc15-testresults-15.2.0+git10201-160000.2.1.x86_64.rpm cross-aarch64-gcc15-bootstrap-15.2.0+git10201-160000.2.1.x86_64.rpm cross-aarch64-gcc15-15.2.0+git10201-160000.2.1.x86_64.rpm cross-riscv64-gcc15-bootstrap-15.2.0+git10201-160000.2.1.x86_64.rpm cross-riscv64-gcc15-15.2.0+git10201-160000.2.1.x86_64.rpm cross-s390x-gcc15-bootstrap-15.2.0+git10201-160000.2.1.x86_64.rpm cross-s390x-gcc15-15.2.0+git10201-160000.2.1.x86_64.rpm cross-ppc64le-gcc15-bootstrap-15.2.0+git10201-160000.2.1.x86_64.rpm cross-ppc64le-gcc15-15.2.0+git10201-160000.2.1.x86_64.rpm cross-hppa-gcc15-bootstrap-15.2.0+git10201-160000.2.1.x86_64.rpm cross-arm-gcc15-15.2.0+git10201-160000.2.1.x86_64.rpm cross-avr-gcc15-bootstrap-15.2.0+git10201-160000.2.1.x86_64.rpm cross-pru-gcc15-bootstrap-15.2.0+git10201-160000.2.1.x86_64.rpm cross-ppc64-gcc15-15.2.0+git10201-160000.2.1.x86_64.rpm cross-arm-none-gcc15-bootstrap-15.2.0+git10201-160000.2.1.x86_64.rpm cross-riscv64-elf-gcc15-bootstrap-15.2.0+git10201-160000.2.1.x86_64.rpm cross-rx-gcc15-bootstrap-15.2.0+git10201-160000.2.1.x86_64.rpm cross-nvptx-gcc15-15.2.0+git10201-160000.2.1.x86_64.rpm cross-nvptx-newlib15-devel-15.2.0+git10201-160000.2.1.x86_64.rpm cross-amdgcn-gcc15-15.2.0+git10201-160000.2.1.x86_64.rpm cross-amdgcn-newlib15-devel-15.2.0+git10201-160000.2.1.x86_64.rpm cross-bpf-gcc15-15.2.0+git10201-160000.2.1.x86_64.rpm openSUSE-Leap-16.0-408 Security update for protobuf moderate SUSE SLFO 1.2 This update for protobuf fixes the following issues: Security fixes: - CVE-2025-4565: Fixed parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages that could lead to crash due to RecursionError (bsc#1244663). - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python json_format.ParseDict (bsc#1257173). Other fixes: - Fixed import issues of reverse-dependency packages within the google namespace (bsc#1244918). libprotobuf-lite28_3_0-28.3-160000.3.1.aarch64.rpm libprotobuf28_3_0-28.3-160000.3.1.aarch64.rpm libprotoc28_3_0-28.3-160000.3.1.aarch64.rpm libutf8_range-28_3_0-28.3-160000.3.1.aarch64.rpm protobuf-devel-28.3-160000.3.1.aarch64.rpm python313-protobuf-5.28.3-160000.3.1.aarch64.rpm protobuf-java-28.3-160000.3.1.noarch.rpm protobuf-java-bom-28.3-160000.3.1.noarch.rpm protobuf-java-javadoc-28.3-160000.3.1.noarch.rpm protobuf-java-parent-28.3-160000.3.1.noarch.rpm libprotobuf-lite28_3_0-28.3-160000.3.1.ppc64le.rpm libprotobuf28_3_0-28.3-160000.3.1.ppc64le.rpm libprotoc28_3_0-28.3-160000.3.1.ppc64le.rpm libutf8_range-28_3_0-28.3-160000.3.1.ppc64le.rpm protobuf-devel-28.3-160000.3.1.ppc64le.rpm python313-protobuf-5.28.3-160000.3.1.ppc64le.rpm libprotobuf-lite28_3_0-28.3-160000.3.1.s390x.rpm libprotobuf28_3_0-28.3-160000.3.1.s390x.rpm libprotoc28_3_0-28.3-160000.3.1.s390x.rpm libutf8_range-28_3_0-28.3-160000.3.1.s390x.rpm protobuf-devel-28.3-160000.3.1.s390x.rpm python313-protobuf-5.28.3-160000.3.1.s390x.rpm libprotobuf-lite28_3_0-28.3-160000.3.1.x86_64.rpm libprotobuf28_3_0-28.3-160000.3.1.x86_64.rpm libprotoc28_3_0-28.3-160000.3.1.x86_64.rpm libutf8_range-28_3_0-28.3-160000.3.1.x86_64.rpm protobuf-devel-28.3-160000.3.1.x86_64.rpm python313-protobuf-5.28.3-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-409 Recommended update for go moderate SUSE SLFO 1.2 This update for go fixes the following issues: Changes in go: - Update to current stable go1.25 (boo#1244485) go-1.25-160000.1.1.aarch64.rpm go-doc-1.25-160000.1.1.aarch64.rpm go-race-1.25-160000.1.1.aarch64.rpm go-1.25-160000.1.1.ppc64le.rpm go-doc-1.25-160000.1.1.ppc64le.rpm go-race-1.25-160000.1.1.ppc64le.rpm go-1.25-160000.1.1.s390x.rpm go-doc-1.25-160000.1.1.s390x.rpm go-race-1.25-160000.1.1.s390x.rpm go-1.25-160000.1.1.x86_64.rpm go-doc-1.25-160000.1.1.x86_64.rpm go-race-1.25-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-41 Recommended update for mariadb moderate SUSE SLFO 1.2 This update for mariadb fixes the following issues: - Update to 11.8.3 - Read config files when doing mysql_upgrade (bsc#1249396) libmariadbd-devel-11.8.3-160000.1.1.aarch64.rpm libmariadbd19-11.8.3-160000.1.1.aarch64.rpm mariadb-11.8.3-160000.1.1.aarch64.rpm mariadb-bench-11.8.3-160000.1.1.aarch64.rpm mariadb-client-11.8.3-160000.1.1.aarch64.rpm mariadb-errormessages-11.8.3-160000.1.1.noarch.rpm mariadb-galera-11.8.3-160000.1.1.aarch64.rpm mariadb-rpm-macros-11.8.3-160000.1.1.aarch64.rpm mariadb-test-11.8.3-160000.1.1.aarch64.rpm mariadb-tools-11.8.3-160000.1.1.aarch64.rpm libmariadbd-devel-11.8.3-160000.1.1.ppc64le.rpm libmariadbd19-11.8.3-160000.1.1.ppc64le.rpm mariadb-11.8.3-160000.1.1.ppc64le.rpm mariadb-bench-11.8.3-160000.1.1.ppc64le.rpm mariadb-client-11.8.3-160000.1.1.ppc64le.rpm mariadb-galera-11.8.3-160000.1.1.ppc64le.rpm mariadb-rpm-macros-11.8.3-160000.1.1.ppc64le.rpm mariadb-test-11.8.3-160000.1.1.ppc64le.rpm mariadb-tools-11.8.3-160000.1.1.ppc64le.rpm libmariadbd-devel-11.8.3-160000.1.1.s390x.rpm libmariadbd19-11.8.3-160000.1.1.s390x.rpm mariadb-11.8.3-160000.1.1.s390x.rpm mariadb-bench-11.8.3-160000.1.1.s390x.rpm mariadb-client-11.8.3-160000.1.1.s390x.rpm mariadb-galera-11.8.3-160000.1.1.s390x.rpm mariadb-rpm-macros-11.8.3-160000.1.1.s390x.rpm mariadb-test-11.8.3-160000.1.1.s390x.rpm mariadb-tools-11.8.3-160000.1.1.s390x.rpm libmariadbd-devel-11.8.3-160000.1.1.x86_64.rpm libmariadbd19-11.8.3-160000.1.1.x86_64.rpm mariadb-11.8.3-160000.1.1.x86_64.rpm mariadb-bench-11.8.3-160000.1.1.x86_64.rpm mariadb-client-11.8.3-160000.1.1.x86_64.rpm mariadb-galera-11.8.3-160000.1.1.x86_64.rpm mariadb-rpm-macros-11.8.3-160000.1.1.x86_64.rpm mariadb-test-11.8.3-160000.1.1.x86_64.rpm mariadb-tools-11.8.3-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-410 Security update for librsvg moderate SUSE SLFO 1.2 This update for librsvg fixes the following issues: Update to version 2.60.2: - CVE-2024-12224: Fixed idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243867). - CVE-2024-43806: Fixed memory explosion in rustix (bsc#1229950). gdk-pixbuf-loader-rsvg-2.60.2-160000.1.1.aarch64.rpm librsvg-2-2-2.60.2-160000.1.1.aarch64.rpm librsvg-devel-2.60.2-160000.1.1.aarch64.rpm rsvg-convert-2.60.2-160000.1.1.aarch64.rpm rsvg-thumbnailer-2.60.2-160000.1.1.noarch.rpm typelib-1_0-Rsvg-2_0-2.60.2-160000.1.1.aarch64.rpm gdk-pixbuf-loader-rsvg-2.60.2-160000.1.1.ppc64le.rpm librsvg-2-2-2.60.2-160000.1.1.ppc64le.rpm librsvg-devel-2.60.2-160000.1.1.ppc64le.rpm rsvg-convert-2.60.2-160000.1.1.ppc64le.rpm typelib-1_0-Rsvg-2_0-2.60.2-160000.1.1.ppc64le.rpm gdk-pixbuf-loader-rsvg-2.60.2-160000.1.1.s390x.rpm librsvg-2-2-2.60.2-160000.1.1.s390x.rpm librsvg-devel-2.60.2-160000.1.1.s390x.rpm rsvg-convert-2.60.2-160000.1.1.s390x.rpm typelib-1_0-Rsvg-2_0-2.60.2-160000.1.1.s390x.rpm gdk-pixbuf-loader-rsvg-2.60.2-160000.1.1.x86_64.rpm librsvg-2-2-2.60.2-160000.1.1.x86_64.rpm librsvg-devel-2.60.2-160000.1.1.x86_64.rpm rsvg-convert-2.60.2-160000.1.1.x86_64.rpm typelib-1_0-Rsvg-2_0-2.60.2-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-411 Security update for poppler moderate SUSE SLFO 1.2 This update for poppler fixes the following issues: - CVE-2025-11896: infinite recursion leading to stack overflow due to object loop in PDF CMap (bsc#1252337). libpoppler-cpp2-25.04.0-160000.4.1.aarch64.rpm libpoppler-devel-25.04.0-160000.4.1.aarch64.rpm libpoppler-glib-devel-25.04.0-160000.4.1.aarch64.rpm libpoppler-glib8-25.04.0-160000.4.1.aarch64.rpm libpoppler148-25.04.0-160000.4.1.aarch64.rpm poppler-tools-25.04.0-160000.4.1.aarch64.rpm typelib-1_0-Poppler-0_18-25.04.0-160000.4.1.aarch64.rpm libpoppler-qt5-1-25.04.0-160000.4.1.aarch64.rpm libpoppler-qt5-devel-25.04.0-160000.4.1.aarch64.rpm libpoppler-qt6-3-25.04.0-160000.4.1.aarch64.rpm libpoppler-qt6-devel-25.04.0-160000.4.1.aarch64.rpm libpoppler-cpp2-25.04.0-160000.4.1.ppc64le.rpm libpoppler-devel-25.04.0-160000.4.1.ppc64le.rpm libpoppler-glib-devel-25.04.0-160000.4.1.ppc64le.rpm libpoppler-glib8-25.04.0-160000.4.1.ppc64le.rpm libpoppler148-25.04.0-160000.4.1.ppc64le.rpm poppler-tools-25.04.0-160000.4.1.ppc64le.rpm typelib-1_0-Poppler-0_18-25.04.0-160000.4.1.ppc64le.rpm libpoppler-qt5-1-25.04.0-160000.4.1.ppc64le.rpm libpoppler-qt5-devel-25.04.0-160000.4.1.ppc64le.rpm libpoppler-qt6-3-25.04.0-160000.4.1.ppc64le.rpm libpoppler-qt6-devel-25.04.0-160000.4.1.ppc64le.rpm libpoppler-cpp2-25.04.0-160000.4.1.s390x.rpm libpoppler-devel-25.04.0-160000.4.1.s390x.rpm libpoppler-glib-devel-25.04.0-160000.4.1.s390x.rpm libpoppler-glib8-25.04.0-160000.4.1.s390x.rpm libpoppler148-25.04.0-160000.4.1.s390x.rpm poppler-tools-25.04.0-160000.4.1.s390x.rpm typelib-1_0-Poppler-0_18-25.04.0-160000.4.1.s390x.rpm libpoppler-qt5-1-25.04.0-160000.4.1.s390x.rpm libpoppler-qt5-devel-25.04.0-160000.4.1.s390x.rpm libpoppler-qt6-3-25.04.0-160000.4.1.s390x.rpm libpoppler-qt6-devel-25.04.0-160000.4.1.s390x.rpm libpoppler-cpp2-25.04.0-160000.4.1.x86_64.rpm libpoppler-devel-25.04.0-160000.4.1.x86_64.rpm libpoppler-glib-devel-25.04.0-160000.4.1.x86_64.rpm libpoppler-glib8-25.04.0-160000.4.1.x86_64.rpm libpoppler148-25.04.0-160000.4.1.x86_64.rpm poppler-tools-25.04.0-160000.4.1.x86_64.rpm typelib-1_0-Poppler-0_18-25.04.0-160000.4.1.x86_64.rpm libpoppler-qt5-1-25.04.0-160000.4.1.x86_64.rpm libpoppler-qt5-devel-25.04.0-160000.4.1.x86_64.rpm libpoppler-qt6-3-25.04.0-160000.4.1.x86_64.rpm libpoppler-qt6-devel-25.04.0-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-412 Security update for keylime critical SUSE SLFO 1.2 This update for keylime fixes the following issues: - Update to version 7.14.0+0 (CVE-2026-1709, bsc#1257895): - CVE-2026-1709: Fixed an authentication bypass which may allow unauthorized administrative operations due to missing client-side TLS authentication. (bsc#1257895) keylime-config-7.14.0+0-160000.1.1.noarch.rpm keylime-firewalld-7.14.0+0-160000.1.1.noarch.rpm keylime-logrotate-7.14.0+0-160000.1.1.noarch.rpm keylime-registrar-7.14.0+0-160000.1.1.noarch.rpm keylime-tenant-7.14.0+0-160000.1.1.noarch.rpm keylime-tpm_cert_store-7.14.0+0-160000.1.1.noarch.rpm keylime-verifier-7.14.0+0-160000.1.1.noarch.rpm python313-keylime-7.14.0+0-160000.1.1.noarch.rpm openSUSE-Leap-16.0-413 Security update for libsodium moderate SUSE SLFO 1.2 This update for libsodium fixes the following issues: - CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070). libsodium-devel-1.0.20-160000.3.1.aarch64.rpm libsodium26-1.0.20-160000.3.1.aarch64.rpm libsodium-devel-1.0.20-160000.3.1.ppc64le.rpm libsodium26-1.0.20-160000.3.1.ppc64le.rpm libsodium-devel-1.0.20-160000.3.1.s390x.rpm libsodium26-1.0.20-160000.3.1.s390x.rpm libsodium-devel-1.0.20-160000.3.1.x86_64.rpm libsodium26-1.0.20-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-414 Recommended update for hwinfo moderate SUSE SLFO 1.2 This update for hwinfo fixes the following issues: - upgrade to version 25.1 - include package spec file in git repo - adjust spec file for immutable mode: switch to using systemd-tmpfiles (jsc#PED-14832) - update git2log script hwinfo-25.1-160000.1.1.aarch64.rpm hwinfo-devel-25.1-160000.1.1.aarch64.rpm libhd25-25.1-160000.1.1.aarch64.rpm hwinfo-25.1-160000.1.1.ppc64le.rpm hwinfo-devel-25.1-160000.1.1.ppc64le.rpm libhd25-25.1-160000.1.1.ppc64le.rpm hwinfo-25.1-160000.1.1.s390x.rpm hwinfo-devel-25.1-160000.1.1.s390x.rpm libhd25-25.1-160000.1.1.s390x.rpm hwinfo-25.1-160000.1.1.x86_64.rpm hwinfo-devel-25.1-160000.1.1.x86_64.rpm libhd25-25.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-415 Security update for ucode-intel moderate SUSE SLFO 1.2 This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20260210 release (bsc#1258046): - CVE-2024-24853: Updated fix for incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access (bsc#1229129). - CVE-2025-31648: Improper handling of values in the microcode flow for some Intel Processor Family may allow an escalation of privilege (bsc#1258046). - Intel CPU Microcode was updated to the 20251111 release (bsc#1253319): - Update for functional issues. - switch the supplements to use supplements + kernel to allow moving a installation to Intel hardware (bsc#1249138) - Intel CPU Microcode was updated to the 20241029 release (bsc#1230400): - Update for functional issues. ucode-intel-20260210-160000.1.1.x86_64.rpm True openSUSE-Leap-16.0-416 Security update for gstreamer-plugins-ugly important SUSE SLFO 1.2 This update for gstreamer-plugins-ugly fixes the following issues: - CVE-2026-2920: GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability (bsc#1259367). - CVE-2026-2922: GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability (bsc#1259370). gstreamer-plugins-ugly-1.26.7-160000.2.1.aarch64.rpm gstreamer-plugins-ugly-lang-1.26.7-160000.2.1.noarch.rpm gstreamer-plugins-ugly-1.26.7-160000.2.1.ppc64le.rpm gstreamer-plugins-ugly-1.26.7-160000.2.1.s390x.rpm gstreamer-plugins-ugly-1.26.7-160000.2.1.x86_64.rpm openSUSE-Leap-16.0-417 Security update for vim important SUSE SLFO 1.2 This update for vim fixes the following issues: - Update Vim to version 9.2.0110 that includes security fixes for: * CVE-2026-28417: crafted URL parsed by netrw plugin can lead to execute arbitrary shell commands (bsc#1259051). * CVE-2026-26269: stack buffer overflow in Vim's NetBeans integration when processing the specialKeys command (bsc#1258229). * CVE-2025-53906: path traversal in Vim's zip.vim plugin (bsc#1246602). - Other changes: * Add wayland-client to BuildRequires and enable Wayland support. * Add Wayland include path to CFLAGS to fix clipboard compilation. * Package new Swedish (sv) man pages and clean up duplicate encodings (sv.ISO8859-1 and sv.UTF-8). gvim-9.2.0110-160000.1.1.aarch64.rpm vim-9.2.0110-160000.1.1.aarch64.rpm vim-data-9.2.0110-160000.1.1.noarch.rpm vim-data-common-9.2.0110-160000.1.1.noarch.rpm vim-small-9.2.0110-160000.1.1.aarch64.rpm xxd-9.2.0110-160000.1.1.aarch64.rpm gvim-9.2.0110-160000.1.1.ppc64le.rpm vim-9.2.0110-160000.1.1.ppc64le.rpm vim-small-9.2.0110-160000.1.1.ppc64le.rpm xxd-9.2.0110-160000.1.1.ppc64le.rpm gvim-9.2.0110-160000.1.1.s390x.rpm vim-9.2.0110-160000.1.1.s390x.rpm vim-small-9.2.0110-160000.1.1.s390x.rpm xxd-9.2.0110-160000.1.1.s390x.rpm gvim-9.2.0110-160000.1.1.x86_64.rpm vim-9.2.0110-160000.1.1.x86_64.rpm vim-small-9.2.0110-160000.1.1.x86_64.rpm xxd-9.2.0110-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-418 Security update for curl important SUSE SLFO 1.2 This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362). - CVE-2026-3783: token leak with redirect and netrc (bsc#1259363). - CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364). - CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365). curl-8.14.1-160000.5.1.aarch64.rpm curl-fish-completion-8.14.1-160000.5.1.noarch.rpm curl-zsh-completion-8.14.1-160000.5.1.noarch.rpm libcurl-devel-8.14.1-160000.5.1.aarch64.rpm libcurl-devel-doc-8.14.1-160000.5.1.noarch.rpm libcurl4-8.14.1-160000.5.1.aarch64.rpm curl-8.14.1-160000.5.1.ppc64le.rpm libcurl-devel-8.14.1-160000.5.1.ppc64le.rpm libcurl4-8.14.1-160000.5.1.ppc64le.rpm curl-8.14.1-160000.5.1.s390x.rpm libcurl-devel-8.14.1-160000.5.1.s390x.rpm libcurl4-8.14.1-160000.5.1.s390x.rpm curl-8.14.1-160000.5.1.x86_64.rpm libcurl-devel-8.14.1-160000.5.1.x86_64.rpm libcurl4-8.14.1-160000.5.1.x86_64.rpm openSUSE-Leap-16.0-419 Security update for ImageMagick important SUSE SLFO 1.2 This update for ImageMagick fixes the following issues: - CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion (bsc#1258790). - CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write (bsc#1259446). - CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow (bsc#1259447). - CVE-2026-28686: undersized output buffer allocation in the PCL encoder can lead to a heap buffer overflow (bsc#1259448). - CVE-2026-28687: heap use-after-free vulnerability in the MSL decoder via a crafted MSL file (bsc#1259450). - CVE-2026-28688: heap use-after-free in the MSL encoder when a cloned image is destroyed twice (bsc#1259451). - CVE-2026-28689: `domain="path"` authorization is checked before final file open/use and allows for read/write bypass via symlink swaps (bsc#1259452). - CVE-2026-28690: missing bounds check in the MNG encoder can lead to a stack buffer overflow (bsc#1259456). - CVE-2026-28691: missing check in the JBIG decoder can lead to an uninitialized pointer dereference (bsc#1259455). - CVE-2026-28692: 32-bit integer overflow in MAT decoder can lead to a heap buffer over-read (bsc#1259457). - CVE-2026-28693: integer overflow in the DIB coder can lead to an out-of-bounds read or write (bsc#1259466). - CVE-2026-30883: missing bounds check when encoding a PNG image can lead to a heap buffer over-write (bsc#1259467). - CVE-2026-30929: improper use of fixed-size stack buffer in `MagnifyImage`can lead to a stack buffer overflow (bsc#1259468). - CVE-2026-30931: value truncation in the UHDR encoder can lead to a heap buffer overflow (bsc#1259469). - CVE-2026-30935: heap-based buffer over-read in BilateralBlurImage (bsc#1259497). - CVE-2026-30936: heap Buffer Overflow in WaveletDenoiseImage (bsc#1259464). - CVE-2026-30937: heap buffer overflow in XWD encoder due to CARD32 arithmetic overflow (bsc#1259463). - CVE-2026-31853: heap buffer overflow leads to crash in the SFW decoder of 32-bit systems when processing extremely large images (bsc#1259528). ImageMagick-7.1.2.0-160000.7.1.aarch64.rpm ImageMagick-config-7-SUSE-7.1.2.0-160000.7.1.noarch.rpm ImageMagick-devel-7.1.2.0-160000.7.1.aarch64.rpm ImageMagick-doc-7.1.2.0-160000.7.1.noarch.rpm ImageMagick-extra-7.1.2.0-160000.7.1.aarch64.rpm libMagick++-7_Q16HDRI5-7.1.2.0-160000.7.1.aarch64.rpm libMagick++-devel-7.1.2.0-160000.7.1.aarch64.rpm libMagickCore-7_Q16HDRI10-7.1.2.0-160000.7.1.aarch64.rpm libMagickWand-7_Q16HDRI10-7.1.2.0-160000.7.1.aarch64.rpm perl-PerlMagick-7.1.2.0-160000.7.1.aarch64.rpm ImageMagick-config-7-upstream-limited-7.1.2.0-160000.7.1.noarch.rpm ImageMagick-config-7-upstream-open-7.1.2.0-160000.7.1.noarch.rpm ImageMagick-config-7-upstream-secure-7.1.2.0-160000.7.1.noarch.rpm ImageMagick-config-7-upstream-websafe-7.1.2.0-160000.7.1.noarch.rpm ImageMagick-7.1.2.0-160000.7.1.ppc64le.rpm ImageMagick-devel-7.1.2.0-160000.7.1.ppc64le.rpm ImageMagick-extra-7.1.2.0-160000.7.1.ppc64le.rpm libMagick++-7_Q16HDRI5-7.1.2.0-160000.7.1.ppc64le.rpm libMagick++-devel-7.1.2.0-160000.7.1.ppc64le.rpm libMagickCore-7_Q16HDRI10-7.1.2.0-160000.7.1.ppc64le.rpm libMagickWand-7_Q16HDRI10-7.1.2.0-160000.7.1.ppc64le.rpm perl-PerlMagick-7.1.2.0-160000.7.1.ppc64le.rpm ImageMagick-7.1.2.0-160000.7.1.s390x.rpm ImageMagick-devel-7.1.2.0-160000.7.1.s390x.rpm ImageMagick-extra-7.1.2.0-160000.7.1.s390x.rpm libMagick++-7_Q16HDRI5-7.1.2.0-160000.7.1.s390x.rpm libMagick++-devel-7.1.2.0-160000.7.1.s390x.rpm libMagickCore-7_Q16HDRI10-7.1.2.0-160000.7.1.s390x.rpm libMagickWand-7_Q16HDRI10-7.1.2.0-160000.7.1.s390x.rpm perl-PerlMagick-7.1.2.0-160000.7.1.s390x.rpm ImageMagick-7.1.2.0-160000.7.1.x86_64.rpm ImageMagick-devel-7.1.2.0-160000.7.1.x86_64.rpm ImageMagick-extra-7.1.2.0-160000.7.1.x86_64.rpm libMagick++-7_Q16HDRI5-7.1.2.0-160000.7.1.x86_64.rpm libMagick++-devel-7.1.2.0-160000.7.1.x86_64.rpm libMagickCore-7_Q16HDRI10-7.1.2.0-160000.7.1.x86_64.rpm libMagickWand-7_Q16HDRI10-7.1.2.0-160000.7.1.x86_64.rpm perl-PerlMagick-7.1.2.0-160000.7.1.x86_64.rpm openSUSE-Leap-16.0-42 Security update for poppler important SUSE SLFO 1.2 This update for poppler fixes the following issues: - CVE-2025-52885: Fixed raw pointers leading to dangling pointers when the vector is resized (bsc#1251940) libpoppler-cpp2-25.04.0-160000.3.1.aarch64.rpm libpoppler-devel-25.04.0-160000.3.1.aarch64.rpm libpoppler-glib-devel-25.04.0-160000.3.1.aarch64.rpm libpoppler-glib8-25.04.0-160000.3.1.aarch64.rpm libpoppler148-25.04.0-160000.3.1.aarch64.rpm poppler-tools-25.04.0-160000.3.1.aarch64.rpm typelib-1_0-Poppler-0_18-25.04.0-160000.3.1.aarch64.rpm libpoppler-qt5-1-25.04.0-160000.3.1.aarch64.rpm libpoppler-qt5-devel-25.04.0-160000.3.1.aarch64.rpm libpoppler-qt6-3-25.04.0-160000.3.1.aarch64.rpm libpoppler-qt6-devel-25.04.0-160000.3.1.aarch64.rpm libpoppler-cpp2-25.04.0-160000.3.1.ppc64le.rpm libpoppler-devel-25.04.0-160000.3.1.ppc64le.rpm libpoppler-glib-devel-25.04.0-160000.3.1.ppc64le.rpm libpoppler-glib8-25.04.0-160000.3.1.ppc64le.rpm libpoppler148-25.04.0-160000.3.1.ppc64le.rpm poppler-tools-25.04.0-160000.3.1.ppc64le.rpm typelib-1_0-Poppler-0_18-25.04.0-160000.3.1.ppc64le.rpm libpoppler-qt5-1-25.04.0-160000.3.1.ppc64le.rpm libpoppler-qt5-devel-25.04.0-160000.3.1.ppc64le.rpm libpoppler-qt6-3-25.04.0-160000.3.1.ppc64le.rpm libpoppler-qt6-devel-25.04.0-160000.3.1.ppc64le.rpm libpoppler-cpp2-25.04.0-160000.3.1.s390x.rpm libpoppler-devel-25.04.0-160000.3.1.s390x.rpm libpoppler-glib-devel-25.04.0-160000.3.1.s390x.rpm libpoppler-glib8-25.04.0-160000.3.1.s390x.rpm libpoppler148-25.04.0-160000.3.1.s390x.rpm poppler-tools-25.04.0-160000.3.1.s390x.rpm typelib-1_0-Poppler-0_18-25.04.0-160000.3.1.s390x.rpm libpoppler-qt5-1-25.04.0-160000.3.1.s390x.rpm libpoppler-qt5-devel-25.04.0-160000.3.1.s390x.rpm libpoppler-qt6-3-25.04.0-160000.3.1.s390x.rpm libpoppler-qt6-devel-25.04.0-160000.3.1.s390x.rpm libpoppler-cpp2-25.04.0-160000.3.1.x86_64.rpm libpoppler-devel-25.04.0-160000.3.1.x86_64.rpm libpoppler-glib-devel-25.04.0-160000.3.1.x86_64.rpm libpoppler-glib8-25.04.0-160000.3.1.x86_64.rpm libpoppler148-25.04.0-160000.3.1.x86_64.rpm poppler-tools-25.04.0-160000.3.1.x86_64.rpm typelib-1_0-Poppler-0_18-25.04.0-160000.3.1.x86_64.rpm libpoppler-qt5-1-25.04.0-160000.3.1.x86_64.rpm libpoppler-qt5-devel-25.04.0-160000.3.1.x86_64.rpm libpoppler-qt6-3-25.04.0-160000.3.1.x86_64.rpm libpoppler-qt6-devel-25.04.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-420 Security update for python-tornado6 important SUSE SLFO 1.2 This update for python-tornado6 fixes the following issues: - CVE-2026-31958: parsing large multipart bodies with many parts can cause a denial of service (bsc#1259553). - incomplete validation of cookie attributes allows for injection of user-controlled values in other cookie attributes (bsc#1259630). python313-tornado6-6.5-160000.4.1.aarch64.rpm python313-tornado6-6.5-160000.4.1.ppc64le.rpm python313-tornado6-6.5-160000.4.1.s390x.rpm python313-tornado6-6.5-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-421 Security update for python-orjson moderate SUSE SLFO 1.2 This update for python-orjson fixes the following issues: - CVE-2025-67221: Fixed write outsize of allocated memory on json dump (bsc#1257121). python313-orjson-3.10.15-160000.3.1.aarch64.rpm python313-orjson-3.10.15-160000.3.1.ppc64le.rpm python313-orjson-3.10.15-160000.3.1.s390x.rpm python313-orjson-3.10.15-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-422 Security update for postgresql18 important SUSE SLFO 1.2 This update for postgresql18 fixes the following issues: - Update to version 18.3. (bsc#1258754) - CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector (bsc#1258008) - CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data types. (bsc#1258009) - CVE-2026-2005: Fix buffer overrun in contrib/pgcrypto's PGP decryption functions. (bsc#1258010) - CVE-2026-2006: Fix inadequate validation of multibyte character lengths. (bsc#1258011) - CVE-2026-2007: Harden contrib/pg_trgm against changes in string lowercasing behavior. (bsc#1258012) libecpg6-18.3-160000.1.1.aarch64.rpm libpq5-18.3-160000.1.1.aarch64.rpm postgresql18-18.3-160000.1.1.aarch64.rpm postgresql18-contrib-18.3-160000.1.1.aarch64.rpm postgresql18-devel-18.3-160000.1.1.aarch64.rpm postgresql18-docs-18.3-160000.1.1.noarch.rpm postgresql18-llvmjit-18.3-160000.1.1.aarch64.rpm postgresql18-llvmjit-devel-18.3-160000.1.1.aarch64.rpm postgresql18-plperl-18.3-160000.1.1.aarch64.rpm postgresql18-plpython-18.3-160000.1.1.aarch64.rpm postgresql18-pltcl-18.3-160000.1.1.aarch64.rpm postgresql18-server-18.3-160000.1.1.aarch64.rpm postgresql18-server-devel-18.3-160000.1.1.aarch64.rpm postgresql18-test-18.3-160000.1.1.aarch64.rpm postgresql18-devel-mini-18.3-160000.1.1.aarch64.rpm libecpg6-18.3-160000.1.1.ppc64le.rpm libpq5-18.3-160000.1.1.ppc64le.rpm postgresql18-18.3-160000.1.1.ppc64le.rpm postgresql18-contrib-18.3-160000.1.1.ppc64le.rpm postgresql18-devel-18.3-160000.1.1.ppc64le.rpm postgresql18-llvmjit-18.3-160000.1.1.ppc64le.rpm postgresql18-llvmjit-devel-18.3-160000.1.1.ppc64le.rpm postgresql18-plperl-18.3-160000.1.1.ppc64le.rpm postgresql18-plpython-18.3-160000.1.1.ppc64le.rpm postgresql18-pltcl-18.3-160000.1.1.ppc64le.rpm postgresql18-server-18.3-160000.1.1.ppc64le.rpm postgresql18-server-devel-18.3-160000.1.1.ppc64le.rpm postgresql18-test-18.3-160000.1.1.ppc64le.rpm postgresql18-devel-mini-18.3-160000.1.1.ppc64le.rpm libecpg6-18.3-160000.1.1.s390x.rpm libpq5-18.3-160000.1.1.s390x.rpm postgresql18-18.3-160000.1.1.s390x.rpm postgresql18-contrib-18.3-160000.1.1.s390x.rpm postgresql18-devel-18.3-160000.1.1.s390x.rpm postgresql18-llvmjit-18.3-160000.1.1.s390x.rpm postgresql18-llvmjit-devel-18.3-160000.1.1.s390x.rpm postgresql18-plperl-18.3-160000.1.1.s390x.rpm postgresql18-plpython-18.3-160000.1.1.s390x.rpm postgresql18-pltcl-18.3-160000.1.1.s390x.rpm postgresql18-server-18.3-160000.1.1.s390x.rpm postgresql18-server-devel-18.3-160000.1.1.s390x.rpm postgresql18-test-18.3-160000.1.1.s390x.rpm postgresql18-devel-mini-18.3-160000.1.1.s390x.rpm libecpg6-18.3-160000.1.1.x86_64.rpm libpq5-18.3-160000.1.1.x86_64.rpm postgresql18-18.3-160000.1.1.x86_64.rpm postgresql18-contrib-18.3-160000.1.1.x86_64.rpm postgresql18-devel-18.3-160000.1.1.x86_64.rpm postgresql18-llvmjit-18.3-160000.1.1.x86_64.rpm postgresql18-llvmjit-devel-18.3-160000.1.1.x86_64.rpm postgresql18-plperl-18.3-160000.1.1.x86_64.rpm postgresql18-plpython-18.3-160000.1.1.x86_64.rpm postgresql18-pltcl-18.3-160000.1.1.x86_64.rpm postgresql18-server-18.3-160000.1.1.x86_64.rpm postgresql18-server-devel-18.3-160000.1.1.x86_64.rpm postgresql18-test-18.3-160000.1.1.x86_64.rpm postgresql18-devel-mini-18.3-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-423 Security update for harfbuzz moderate SUSE SLFO 1.2 This update for harfbuzz fixes the following issues: Update to version 11.4.5: Security fixes: - CVE-2026-22693: Fixed a NULL pointer dereference in SubtableUnicodesCache::create (bsc#1256459). Other fixes: - Bug fixes for “AAT” shaping, and other shaping micro optimizations. - Fix a shaping regression affecting mark glyphs in certain fonts. - Fix pruning of mark filtering sets when subsetting fonts, which caused changes in shaping behaviour. - Make shaping fail much faster for certain malformed fonts (e.g., those that trigger infinite recursion). - Fix undefined behaviour introduced in 11.4.2. - Fix detection of the “Cambria Math” font when fonts are scaled, so the workaround for the bad MATH table constant is applied. - Various performance and memory usage improvements. - The hb-shape command line tool can now be built with the amalgamated harfbuzz.cc source. - Fix regression in handling version 2 of avar table. - Increase various buffer length limits for better handling of fonts that generate huge number of glyphs per codepoint (e.g. Noto Sans Duployan). - Improvements to the harfrust shaper for more accurate testing. - Fix clang compiler warnings. - General shaping and subsetting speedups. - Fix in Graphite shaping backend when glyph advances became negative. - Subsetting improvements, pruning empty mark-attachment lookups. - Don't use the macro name _S, which is reserved by system liberaries. - Build fixes and speedup. - Add a kbts shaping backend that calls into the kb_text_shape single-header shaping library. This is purely for testing and performance evaluation and we do NOT recommend using it for any other purposes. - Fix bug in vertical shaping of fonts without the vmtx table. - Fix build with non-compliant C++11 compilers that don't recognize the "and" keyword. - Fix crasher in the glyph_v_origin function introduced in 11.3.0. - Speed up handling fonts with very large number of variations. - Speed up getting horizontal and vertical glyph advances by up to 24%. - Significantly speed up vertical text shaping. - Various documentation improvements. - Various build improvements. - Various subsetting improvements. - Various improvements to Rust font functions (fontations integration) and shaper (HarfRust integration). - Rename harfruzz option and shaper to harfrust following upstream rename. - Implement hb_face_reference_blob() for DirectWrite font functions. - Various build improvements. - Fix build with HB_NO_DRAW and HB_NO_PAINT. - Add an optional harfruzz shaper that uses HarfRuzz; an ongoing Rust port of HarfBuzz shaping. This shaper is mainly used for testing the output of the Rust implementation. - Fix regression that caused applying unsafe_to_break() to the whole buffer to be ignored. - Update USE data files. - Fix getting advances of out-of-rage glyph indices in DirectWrite font functions. - Painting of COLRv1 fonts without clip boxes is now about 10 times faster. - Synthetic bold/slant of a sub font is now respected, instead of using the parent’s. - Glyph extents for fonts synthetic bold/slant are now accurately calculated. - Various build fixes. - Include bidi mirroring variants of the requested codepoints when subsetting. The new HB_SUBSET_FLAGS_NO_BIDI_CLOSURE can be used to disable this behaviour. - Various bug fixes. - Various build fixes and improvements. - Various test suite improvements. - The change in version 10.3.0 to apply “trak” table tracking values to glyph advances directly has been reverted as it required every font functions implementation to handle it, which breaks existing custom font functions. Tracking is instead back to being applied during shaping. - When directwrite integration is enabled, we now link to dwrite.dll instead of dynamically loading it. - A new experimental APIs for getting raw “CFF” and “CFF2” CharStrings. - We now provide manpages for the various command line utilities. Building manpages requires “help2man” and will be skipped if it is not present. - The command line utilities now set different return value for different kinds of failures. Details are provided in the manpages. - Various fixes and improvements to fontations font functions. - All shaping operations using the ot shaper have become memory allocation-free. - Glyph extents returned by hb-ot and hb-ft font functions are now rounded in stead of flooring/ceiling them, which also matches what other font libraries do. - Fix “AAT” deleted glyph marks interfering with fallback mark positioning. - Glyph outlines emboldening have been moved out of hb-ot and hb-ft font functions to the HarfBuzz font layer, so that it works with any font functions implementation. - Fix our fallback C++11 atomics integration, which seems to not be widely used. - Various testing fixes and improvements. - Various subsetting fixes and improvements. - Various other fixes and improvements. harfbuzz-devel-11.4.5-160000.1.1.aarch64.rpm harfbuzz-tools-11.4.5-160000.1.1.aarch64.rpm libharfbuzz-cairo0-11.4.5-160000.1.1.aarch64.rpm libharfbuzz-gobject0-11.4.5-160000.1.1.aarch64.rpm libharfbuzz-icu0-11.4.5-160000.1.1.aarch64.rpm libharfbuzz-subset0-11.4.5-160000.1.1.aarch64.rpm libharfbuzz0-11.4.5-160000.1.1.aarch64.rpm typelib-1_0-HarfBuzz-0_0-11.4.5-160000.1.1.aarch64.rpm harfbuzz-devel-11.4.5-160000.1.1.ppc64le.rpm harfbuzz-tools-11.4.5-160000.1.1.ppc64le.rpm libharfbuzz-cairo0-11.4.5-160000.1.1.ppc64le.rpm libharfbuzz-gobject0-11.4.5-160000.1.1.ppc64le.rpm libharfbuzz-icu0-11.4.5-160000.1.1.ppc64le.rpm libharfbuzz-subset0-11.4.5-160000.1.1.ppc64le.rpm libharfbuzz0-11.4.5-160000.1.1.ppc64le.rpm typelib-1_0-HarfBuzz-0_0-11.4.5-160000.1.1.ppc64le.rpm harfbuzz-devel-11.4.5-160000.1.1.s390x.rpm harfbuzz-tools-11.4.5-160000.1.1.s390x.rpm libharfbuzz-cairo0-11.4.5-160000.1.1.s390x.rpm libharfbuzz-gobject0-11.4.5-160000.1.1.s390x.rpm libharfbuzz-icu0-11.4.5-160000.1.1.s390x.rpm libharfbuzz-subset0-11.4.5-160000.1.1.s390x.rpm libharfbuzz0-11.4.5-160000.1.1.s390x.rpm typelib-1_0-HarfBuzz-0_0-11.4.5-160000.1.1.s390x.rpm harfbuzz-devel-11.4.5-160000.1.1.x86_64.rpm harfbuzz-tools-11.4.5-160000.1.1.x86_64.rpm libharfbuzz-cairo0-11.4.5-160000.1.1.x86_64.rpm libharfbuzz-gobject0-11.4.5-160000.1.1.x86_64.rpm libharfbuzz-icu0-11.4.5-160000.1.1.x86_64.rpm libharfbuzz-subset0-11.4.5-160000.1.1.x86_64.rpm libharfbuzz0-11.4.5-160000.1.1.x86_64.rpm typelib-1_0-HarfBuzz-0_0-11.4.5-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-424 Security update for exiv2 important SUSE SLFO 1.2 This update for exiv2 fixes the following issues: Update to exiv2 0.28.8: - CVE-2024-24826: out-of-bounds read in QuickTimeVideo: NikonTagsDecoder (bsc#1219870). - CVE-2024-25112: denial of service due to unbounded recursion in QuickTimeVideo: multipleEntriesDecoder (bsc#1219871). - CVE-2024-39695: out-of-bounds read in AsfVideo: streamProperties (bsc#1227528). - CVE-2025-26623: heap buffer overflow via writing metadata into a crafted image file (bsc#1237347). - CVE-2025-54080: out-of-bounds read in `Exiv2: EpsImage: writeMetadata()` when writing metadata into a crafted image file (bsc#1248962). - CVE-2025-55304: quadratic performance algorithm in the ICC profile parsing code of `JpegBase: readMetadata` (bsc#1248963). - CVE-2026-25884: out-of-bounds read in `CrwMap: decode0x0805` (bsc#1259083). - CVE-2026-27596: integer overflow in `LoaderNative: getData()` leads to out-of-bounds read (bsc#1259084). - CVE-2026-27631: crash due to uncaught exception when trying to create `std: vector` larger than `max_size()` (bsc#1259085). exiv2-0.28.8-160000.1.1.aarch64.rpm exiv2-lang-0.28.8-160000.1.1.noarch.rpm libexiv2-28-0.28.8-160000.1.1.aarch64.rpm libexiv2-devel-0.28.8-160000.1.1.aarch64.rpm exiv2-0.28.8-160000.1.1.ppc64le.rpm libexiv2-28-0.28.8-160000.1.1.ppc64le.rpm libexiv2-devel-0.28.8-160000.1.1.ppc64le.rpm exiv2-0.28.8-160000.1.1.s390x.rpm libexiv2-28-0.28.8-160000.1.1.s390x.rpm libexiv2-devel-0.28.8-160000.1.1.s390x.rpm exiv2-0.28.8-160000.1.1.x86_64.rpm libexiv2-28-0.28.8-160000.1.1.x86_64.rpm libexiv2-28-x86-64-v3-0.28.8-160000.1.1.x86_64.rpm libexiv2-devel-0.28.8-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-425 Recommended update for rust-keylime moderate SUSE SLFO 1.2 This update for rust-keylime fixes the following issues: Changes in rust-keylime: - Suggests only the IMA policy package, and keep it as example (bsc#1259963) Update to version 0.2.9+8: * Remove generate-bindings feature from tss-esapi * Use port constants instead of hardcoded values in tests * push-attestation: Use registrar TLS port when TLS is enabled * dist: Make the services to conflict with each other * Bump version to 0.2.9 * cargo: Bump tracing_subscriber to version 0.3.20 * cargo: Bump time to version 0.3.47 * Update reqwest from 0.12 to 0.13 * auth: Load CA certificate in authentication client * packit: Add missing e2e tests * registrar: Rename insecure option to disable_tls * push-attestation: Drop self-signed mTLS certificate generation * config: Add missing config options to keylime-agent.conf * config: Add support for "default" in registrar_api_versions option * config: Add support for "default" in registrar_tls_ca_cert option * config: Drop unused config options and constants * push-attestation: Drop support for mTLS to registrar * push-attestation: Drop mTLS support and require PoP authentication * auth: Reuse existing ContextInfo to avoid duplicate TPM objects * resilient_client: Reauthenticate if a 403 error is received keylime-ima-policy-0.2.9+8-160000.1.1.aarch64.rpm rust-keylime-0.2.9+8-160000.1.1.aarch64.rpm keylime-ima-policy-0.2.9+8-160000.1.1.ppc64le.rpm rust-keylime-0.2.9+8-160000.1.1.ppc64le.rpm keylime-ima-policy-0.2.9+8-160000.1.1.s390x.rpm rust-keylime-0.2.9+8-160000.1.1.s390x.rpm keylime-ima-policy-0.2.9+8-160000.1.1.x86_64.rpm rust-keylime-0.2.9+8-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-43 Recommended update for liburing moderate SUSE SLFO 1.2 This update for liburing fixes the following issues: - Add upstream patch to fix test on ppc64le liburing-devel-2.8-160000.3.1.aarch64.rpm liburing-ffi2-2.8-160000.3.1.aarch64.rpm liburing2-2.8-160000.3.1.aarch64.rpm liburing-devel-2.8-160000.3.1.ppc64le.rpm liburing-ffi2-2.8-160000.3.1.ppc64le.rpm liburing2-2.8-160000.3.1.ppc64le.rpm liburing-devel-2.8-160000.3.1.s390x.rpm liburing-ffi2-2.8-160000.3.1.s390x.rpm liburing2-2.8-160000.3.1.s390x.rpm liburing-devel-2.8-160000.3.1.x86_64.rpm liburing-ffi2-2.8-160000.3.1.x86_64.rpm liburing2-2.8-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-430 Security update for salt important SUSE SLFO 1.2 This update for salt fixes the following issues: Changes in salt: - Security issues fixed: * CVE-2025-67724: fixed missing validation of supplied reason phrase (bsc#1254903) * CVE-2025-67725: fixed DoS via malicious HTTP request (bsc#1254905) * CVE-2025-67726: fixed HTTP header parameter parsing algorithm (bsc#1254904) - Fixed KeyError in postgres module with PostgreSQL 17 (bsc#1254325) - Use internal deb classes instead of external aptsource lib - Improved performance of wheel key.finger call (bsc#1240532) - Improved performance of utils.find_json function (bsc#1246130) - Extend warn_until period to 2027 python313-salt-3006.0-160000.4.1.aarch64.rpm True salt-3006.0-160000.4.1.aarch64.rpm True salt-api-3006.0-160000.4.1.aarch64.rpm True salt-bash-completion-3006.0-160000.4.1.noarch.rpm True salt-cloud-3006.0-160000.4.1.aarch64.rpm True salt-doc-3006.0-160000.4.1.aarch64.rpm True salt-fish-completion-3006.0-160000.4.1.noarch.rpm True salt-master-3006.0-160000.4.1.aarch64.rpm True salt-minion-3006.0-160000.4.1.aarch64.rpm True salt-proxy-3006.0-160000.4.1.aarch64.rpm True salt-ssh-3006.0-160000.4.1.aarch64.rpm True salt-standalone-formulas-configuration-3006.0-160000.4.1.aarch64.rpm True salt-syndic-3006.0-160000.4.1.aarch64.rpm True salt-transactional-update-3006.0-160000.4.1.aarch64.rpm True salt-zsh-completion-3006.0-160000.4.1.noarch.rpm True python313-salt-testsuite-3006.0-160000.4.1.aarch64.rpm True python313-salt-3006.0-160000.4.1.ppc64le.rpm True salt-3006.0-160000.4.1.ppc64le.rpm True salt-api-3006.0-160000.4.1.ppc64le.rpm True salt-cloud-3006.0-160000.4.1.ppc64le.rpm True salt-doc-3006.0-160000.4.1.ppc64le.rpm True salt-master-3006.0-160000.4.1.ppc64le.rpm True salt-minion-3006.0-160000.4.1.ppc64le.rpm True salt-proxy-3006.0-160000.4.1.ppc64le.rpm True salt-ssh-3006.0-160000.4.1.ppc64le.rpm True salt-standalone-formulas-configuration-3006.0-160000.4.1.ppc64le.rpm True salt-syndic-3006.0-160000.4.1.ppc64le.rpm True salt-transactional-update-3006.0-160000.4.1.ppc64le.rpm True python313-salt-testsuite-3006.0-160000.4.1.ppc64le.rpm True python313-salt-3006.0-160000.4.1.s390x.rpm True salt-3006.0-160000.4.1.s390x.rpm True salt-api-3006.0-160000.4.1.s390x.rpm True salt-cloud-3006.0-160000.4.1.s390x.rpm True salt-doc-3006.0-160000.4.1.s390x.rpm True salt-master-3006.0-160000.4.1.s390x.rpm True salt-minion-3006.0-160000.4.1.s390x.rpm True salt-proxy-3006.0-160000.4.1.s390x.rpm True salt-ssh-3006.0-160000.4.1.s390x.rpm True salt-standalone-formulas-configuration-3006.0-160000.4.1.s390x.rpm True salt-syndic-3006.0-160000.4.1.s390x.rpm True salt-transactional-update-3006.0-160000.4.1.s390x.rpm True python313-salt-testsuite-3006.0-160000.4.1.s390x.rpm True python313-salt-3006.0-160000.4.1.x86_64.rpm True salt-3006.0-160000.4.1.x86_64.rpm True salt-api-3006.0-160000.4.1.x86_64.rpm True salt-cloud-3006.0-160000.4.1.x86_64.rpm True salt-doc-3006.0-160000.4.1.x86_64.rpm True salt-master-3006.0-160000.4.1.x86_64.rpm True salt-minion-3006.0-160000.4.1.x86_64.rpm True salt-proxy-3006.0-160000.4.1.x86_64.rpm True salt-ssh-3006.0-160000.4.1.x86_64.rpm True salt-standalone-formulas-configuration-3006.0-160000.4.1.x86_64.rpm True salt-syndic-3006.0-160000.4.1.x86_64.rpm True salt-transactional-update-3006.0-160000.4.1.x86_64.rpm True python313-salt-testsuite-3006.0-160000.4.1.x86_64.rpm True openSUSE-Leap-16.0-432 Security update for nghttp2 important SUSE SLFO 1.2 This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845). libnghttp2-14-1.64.0-160000.3.1.aarch64.rpm libnghttp2-devel-1.64.0-160000.3.1.aarch64.rpm nghttp2-1.64.0-160000.3.1.aarch64.rpm libnghttp2-14-1.64.0-160000.3.1.ppc64le.rpm libnghttp2-devel-1.64.0-160000.3.1.ppc64le.rpm nghttp2-1.64.0-160000.3.1.ppc64le.rpm libnghttp2-14-1.64.0-160000.3.1.s390x.rpm libnghttp2-devel-1.64.0-160000.3.1.s390x.rpm nghttp2-1.64.0-160000.3.1.s390x.rpm libnghttp2-14-1.64.0-160000.3.1.x86_64.rpm libnghttp2-devel-1.64.0-160000.3.1.x86_64.rpm nghttp2-1.64.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-433 Security update for tomcat11 important SUSE SLFO 1.2 This update for tomcat11 fixes the following issues: Update to Tomcat 11.0.18: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371). - CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385). - CVE-2026-24734: certificate revocation bypass due to incomplete OCSP verification checks (bsc#1258387). Changelog: + Fix: 69932: Fix request end access log pattern regression, which would log the start time of the request instead. (remm) + Fix: 69623: Additional fix for the long standing regression that meant that calls to ClassLoader.getResource().getContent() failed when made from within a web application with resource caching enabled if the target resource was packaged in a JAR file. (markt) + Fix: Pull request #923: Avoid adding multiple CSRF tokens to a URL in the CsrfPreventionFilter. (schultz) + Fix: 69918: Ensure request parameters are correctly parsed for HTTP/2 requests when the content-length header is not set. (dsoumis) + Update: Enable minimum and recommended Tomcat Native versions to be set separately for Tomcat Native 1.x and 2.x. Update the minimum and recommended versions for Tomcat Native 1.x to 1.3.4. Update the minimum and recommended versions for Tomcat Native 2.x to 2.0.12. (markt) + Add: Add a new ssoReauthenticationMode to the Tomcat provided Authenticators that provides a per Authenticator override of the SSO Valve requireReauthentication attribute. (markt) + Fix: Ensure URL encoding errors in the Rewrite Valve trigger an exception rather than silently using a replacement character. (markt) + Fix: 69871: Increase log level to INFO for missing configuration for the rewrite valve. (remm) + Fix: Add log warnings for additional Host appBase suspicious values. (remm) + Fix: Remove hard dependency on tomcat-jni.jar for catalina.jar. org.apache.catalina.Connector no longer requires org.apache.tomcat.jni.AprStatus to be present. (markt) + Add: Add the ability to use a custom function to generate the client identifier in the CrawlerSessionManagerValve. This is only available programmatically. Pull request #902 by Brian Matzon. (markt) + Fix: Change the SSO reauthentication behaviour for SPNEGO authentication so that a normal SPNEGO authentication is performed if the SSL Valve is configured with reauthentication enabled. This is so that the delegated credentials will be available to the web application. (markt) + Fix: When generating the class path in the Loader, re-order the check on individual class path components to avoid a potential NullPointerException. Identified by Coverity Scan. (markt) + Fix: Fix SSL socket factory configuration in the JNDI realm. Based on pull request #915 by Joshua Rogers. (remm) + Update: Add an attribute, digestInRfc3112Order, to MessageDigestCredentialHandler to control the order in which the credential and salt are digested. By default, the current, non-RFC 3112 compliant, order of salt then credential will be used. This default will change in Tomcat 12 to the RFC 3112 compliant order of credential then salt. (markt) * Cluster + Add: 62814: Document that human-readable names may be used for mapSendOptions and align documentation with channelSendOptions. Based on pull request #929 by archan0621. (markt) * Clustering + Fix: Correct a regression introduced in 11.0.11 that broke some clustering configurations. (markt) * Coyote + Fix: 69936: Fix bug in previous fix for Tomcat Native crashes on shutdown that triggered a significant memory leak. Patch provided by Wes. (markt) + Fix: Prevent concurrent release of OpenSSLEngine resources and the termination of the Tomcat Native library as it can cause crashes during Tomcat shutdown. (markt) + Fix: Improve warnings when setting ciphers lists in the FFM code, mirroring the tomcat-native changes. (remm) + Fix: 69910: Dereference TLS objects right after closing a socket to improve memory efficiency. (remm) + Fix: Relax the JSSE vs OpenSSL configuration style checks on SSLHostConfig to reflect the existing implementation that allows one configuration style to be used for the trust attributes and a different style for all the other attributes. (markt) + Fix: Better warning message when OpenSSLConf configuration elements are used with a JSSE TLS implementation. (markt) + Fix: When using OpenSSL via FFM, don't log a warning about missing CA certificates unless CA certificates were configured and the configuration failed. (markt) + Add: For configuration consistency between OpenSSL and JSSE TLS implementations, TLSv1.3 cipher suites included in the ciphers attribute of an SSLHostConfig are now always ignored (previously they would be ignored with OpenSSL implementations and used with JSSE implementations) and a warning is logged that the cipher suite has been ignored. (markt) + Add: Add the ciphersuite attribute to SSLHostConfig to configure the TLSv1.3 cipher suites. (markt) + Add: Add OCSP support to JSSE based TLS connectors and make the use of OCSP configurable per connector for both JSSE and OpenSSL based TLS implementations. Align the checks performed by OpenSSL with those performed by JSSE. (markt) + Add: Add support for soft failure of OCSP checks with soft failure support disabled by default. (markt) + Add: Add support for configuring the verification flags passed to OCSP_basic_verify when using an OpenSSL based TLS implementation. (markt) + Fix: Fix OpenSSL FFM code compatibility with LibreSSL versions below 3.5. + Fix: Don't log an incorrect certificate KeyStore location when creating a TLS connector if the KeyStore instance has been set directly on the connector. (markt) + Fix: HTTP/0.9 only allows GET as the HTTP method. (remm) + Add: Add strictSni attribute on the Connector to allow matching the SSLHostConfig configuration associated with the SNI host name to the SSLHostConfig configuration matched from the HTTP protocol host name. Non matching configurations will cause the request to be rejected. The attribute default value is true, enabling the matching. (remm) + Fix: Graceful failure for OCSP on BoringSSL in the FFM code. (remm) + Fix: 69866: Fix a memory leak when using a trust store with the OpenSSL provider. Pull request #912 by aogburn. (markt) + Fix: Fix potential crash on shutdown when a Connector depends on the Tomcat Native library. (markt) + Fix: Fix AJP message length check. Pull request #916 by Joshua Rogers. * Jasper + Fix: 69333: Correct a regression in the previous fix for 69333 and ensure that reuse() or release() is always called for a tag. (markt) + Fix: 69877: Catch IllegalArgumentException when processing URIs when creating the classpath to handle invalid URIs. (remm) + Fix: Fix populating the classpath with the webapp classloader repositories. (remm) + Fix: 69862: Avoid NPE unwrapping Servlet exception which would hide some exception details. Patch submitted by Eric Blanquer. (remm) * Jdbc-pool + Fix: 64083: If the underlying connection has been closed, don't add it to the pool when it is returned. Pull request #235 by Alex Panchenko. (markt) * Web applications + Fix: Manager: Fix abrupt truncation of the HTML and JSON complete server status output if one or more of the web applications failed to start. (schultz) + Add: Manager: Include web application state in the HTML and JSON complete server status output. (markt) + Add: Documentation: Expand the documentation to better explain when OCSP is supported and when it is not. (markt) * Websocket + Fix: 69920: When attempting to write to a closed Writer or OutputStream obtained from a WebSocket session, throw an IOException rather than an IllegalStateExcpetion as required by Writer and strongly suggested by OutputStream. (markt) * Other + Add: Add property "gpg.sign.files" to optionally disable release artefact signing with GPG. (rjung) + Add: Add test.silent property to suppress JUnit console output during test execution. Useful for cleaner console output when running tests with multiple threads. (csutherl) + Update: Update the internal fork of Commons Pool to 2.13.1. (markt) + Update: Update the internal fork of Commons DBCP to 2.14.0. (markt) + Update: Update Commons Daemon to 1.5.1. (markt) + Update: Update to the Eclipse JDT compiler 4.37. (markt) + Update: Update ByteBuddy to 1.18.3. (markt) + Update: Update UnboundID to 7.0.4. (markt) + Update: Update Checkstyle to 12.3.1. (markt) + Add: Improvements to French translations. (markt) + Add: Improvements to Japanese translations provided by tak7iji. (markt) + Add: Improvements to Chinese translations provided by Yang. vincent.h and yong hu. (markt) + Update: Update Tomcat Native to 2.0.12. (markt) + Add: Add test profile system for selective test execution. Profiles can be specified via -Dtest.profile=<name> to run specific test subsets without using patterns directly. Profile patterns are defined in test-profiles.properties. (csutherl) + Update: Update file extension to media type mappings to align with the current list used by the Apache Web Server (httpd). (markt) + Update: Update the packaged version of the Tomcat Migration Tool for Jakarta EE to 1.0.10. (markt) + Update: Update Commons Daemon to 1.5.0. (markt) + Update: Update Byte Buddy to 1.18.2. (markt) + Update: Update Checkstyle to 12.2.0. (markt) + Add: Improvements to Spanish translations provided by White Vogel. (markt) + Add: Improvements to French translations. (remm) + Update: Update the internal fork of Apache Commons BCEL to 6.11.0. (markt) + Update: Update to Byte Buddy 1.17.8. (markt) + Update: Update to Checkstyle 12.1.1. (markt) + Update: Update to Jacoco 0.8.14. (markt) + Update: Update to SpotBugs 4.9.8. (markt) + Update: Update to JSign 7.4. (markt) + Update: Update Maven Resolver Ant Tasks to 1.6.0. (rjung) tomcat11-11.0.18-160000.1.1.noarch.rpm tomcat11-admin-webapps-11.0.18-160000.1.1.noarch.rpm tomcat11-doc-11.0.18-160000.1.1.noarch.rpm tomcat11-docs-webapp-11.0.18-160000.1.1.noarch.rpm tomcat11-el-6_0-api-11.0.18-160000.1.1.noarch.rpm tomcat11-embed-11.0.18-160000.1.1.noarch.rpm tomcat11-jsp-4_0-api-11.0.18-160000.1.1.noarch.rpm tomcat11-jsvc-11.0.18-160000.1.1.noarch.rpm tomcat11-lib-11.0.18-160000.1.1.noarch.rpm tomcat11-servlet-6_1-api-11.0.18-160000.1.1.noarch.rpm tomcat11-webapps-11.0.18-160000.1.1.noarch.rpm openSUSE-Leap-16.0-434 Security update for 389-ds important SUSE SLFO 1.2 This update for 389-ds fixes the following issue: Update to 389-ds 3.0.6~git249.6688af9b2: - CVE-2025-14905: heap buffer overflow due to improper size calculation in `schema_attr_enum_callback` can lead to DoS and RCE (bsc#1258727). Changelog: * Issue 7277 - UI - Fix Japanese translation for "Successfully updated group" in Cockpit UI (#7278) * Issue 7275 - UI - Improve password policy field validation in Cockpit UI (#7276) * Issue 7279 - UI - Fix typo in export certificate dialog (#7280) * Issue 7273 - In a chaining environment binding as remote user causes an invalid error in the logs * Issue 7271 - plugins that create threads need to update active thread count * Issue 5853 - Update concread to 0.5.10 * Issue 7053 - Remove memberof_del_dn_from_groups from MemberOf plugin (#7064) * Issue 7223 - Remove integerOrderingMatch requirement for parentid (#7264) * Issue 7066/7052 - allow password history to be set to zero and remove history * Issue 7223 - Use lexicographical order for ancestorid (#7256) * Issue 7213 - (2nd) MDB_BAD_VALSIZE error while handling VLV (#7258) * Issue 7184 - (2nd) argparse.HelpFormatter _format_actions_usage() is deprecated (#7257) * Issue - CLI - dsctl db2index needs some hardening with MBD * Issue 7248 - CLI - attribute uniqueness - fix usage for exclude subtree option * Issue 7231 - Sync repl tests fail in FIPS mode due to non FIPS compliant crypto (#7232) * Issue 7121 - (2nd) LeakSanitizer: various leaks during replication (#7212) * Issue 6947 - Fix health_system_indexes_test.py * Issue 7076 - Fix revert_cache() never called in modrdn (#7220) * Issue 7076, 6992, 6784, 6214 - Fix CI test failures (#7077) * Issue 7096 - (2nd) During replication online total init the function idl_id_is_in_idlist is not scaling with large database (#7205) * Issue 3555 - UI - Fix audit issue with npm - @isaacs/brace-expansion (#7228) * Issue 7223 - Add dsctl index-check command for offline index repair * Issue 7223 - Detect and log index ordering mismatch during backend startup * Issue 7223 - Add upgrade function to remove ancestorid index config entry * Issue 7223 - Add upgrade function to remove nsIndexIDListScanLimit from parentid * Issue 7223 - Revert index scan limits for system indexes * Issue 6542 - RPM build errors on Fedora 42 * Issue 7224 - CI Test - Simplify test_reserve_descriptor_validation (#7225) * Issue 7194 - Repl Log Analysis - Add CSN propagation details (#7195) * Issue 7213 - MDB_BAD_VALSIZE error while handling VLV (#7214) * Issue 7027 - (2nd) 389-ds-base OpenScanHub Leaks Detected (#7211) * Issue 7184 - argparse.HelpFormatter _format_actions_usage() is deprecated * Issue 7198 - Web console doesn't show sub-suffix when parent-suffix points to an entry (#7202) * Issue 7189 - DSBLE0007 generates incorrect remediation commands for scan limits * Bump lodash from 4.17.21 to 4.17.23 in /src/cockpit/389-console (#7203) * Issue 7172 - (2nd) Index ordering mismatch after upgrade (#7180) * Issue 7172 - Index ordering mismatch after upgrade (#7173) * Issue - Revise paged result search locking * Issue 7096 - During replication online total init the function idl_id_is_in_idlist is not scaling with large database (#7145) * Revert "Issue 7160 - Add lib389 version sync check to configure (#7165)" * Issue 7160 - Add lib389 version sync check to configure (#7165) * Issue 7049 - RetroCL plugin generates invalid LDIF * Issue 7150 - Compressed access log rotations skipped, accesslog-list out of sync (#7151) * Restore definition for slapi_entry_attr_get_valuearray * Issue 1793 - RFE - Dynamic lists - UI and CLI updates * Issue 7119 - Fix DNA shared config replication test (#7143) * Issue 7081 - Repl Log Analysis - Implement data sampling with performance and timezone fixes (#7086) * Issue 1793 - RFE - Implement dynamic lists * Issue 6753 - Port ticket tests * Issue 6753 - Port and fix ticket 47823 tests * Issue 6753 - Add 'add_exclude_subtree' and 'remove_exclude_subtree' methods to Attribute uniqueness plugin * Issue 6753 - Port ticket test 48026 * Issue 7128 - memory corruption in alias entry plugin (#7131) * Issue 7091 - Duplicate local password policy entries listed (#7092) * Issue 7124 - BDB cursor race condition with transaction isolation (#7125) * Issue 7132 - Keep alive entry updated too soon after an offline import (#7133) * Issue 7121 - LeakSanitizer: various leaks during replication (#7122) * Issue 7115 - LeakSanitizer: leak in `slapd_bind_local_user()` (#7116) * Issue 7109 - AddressSanitizer: SEGV ldap/servers/slapd/csnset.c:302 in csnset_dup (#7114) * Issue 7056 - DSBLE0007 doesn't generate remediation steps for missing indexes * Issue 7119 - Harden DNA plugin locking for shared server list operations (#7120) * Issue 7084 - UI - schema - sorting attributes breaks expanded row * Issue 7007 - Improve paged result search locking * Issue 3555 - UI - Fix audit issue with npm - glob (#7107) * Issue 6846 - Attribute uniqueness is not enforced with modrdn (#7026) * Issue 6901 - Update changelog trimming logging - fix tests * Issue 6901 - Update changelog trimming logging * Bump js-yaml from 4.1.0 to 4.1.1 in /src/cockpit/389-console (#7097) * Issue 7069 - Fix error reporting in HAProxy trusted IP parsing (#7094) * Issue 7055 - Online initialization of consumers fails with error -23 (#7075) * Issue 7042 - Enable global_backend_lock when memberofallbackend is enabled (#7043) * Issue 7078 - audit json logging does not encode binary values * Issue 7069 - Add Subnet/CIDR Support for HAProxy Trusted IPs (#7070) * Issue 6660 - CLI, UI - Improve replication log analyzer usability (#7062) * Issue 7065 - A search filter containing a non normalized DN assertion does not return matching entries (#7068) * Issue 7071 - search filter (&(cn:dn:=groups)) no longer returns results * Issue 7073 - Add NDN cache size configuration and enforcement tests (#7074) * Issue 7041 - CLI/UI - memberOf - no way to add/remove specific group filters * Issue 7061 - CLI/UI - Improve error messages for dsconf localpwp list * Issue 7059 - UI - unable to upload pem file * Issue 7032 - The new ipahealthcheck test ipahealthcheck.ds.backends.BackendsCheck raises CRITICAL issue (#7036) * Issue 7047 - MemberOf plugin logs null attribute name on fixup task completion (#7048) * Issue 7044 - RFE - index sudoHost by default (#7046) * Issue 6979 - Improve the way to detect asynchronous operations in the access logs (#6980) * Issue 7035 - RFE - memberOf - adding scoping for specific groups * Issue - CLI/UI - Add option to delete all replication conflict entries * Issue 7033 - lib389 - basic plugin status not in JSON * Issue 7023 - UI - if first instance that is loaded is stopped it breaks parts of the UI * Issue 7027 - 389-ds-base OpenScanHub Leaks Detected (#7028) * Issue 6966 - On large DB, unlimited IDL scan limit reduce the SRCH performance (#6967) * Issue 6660 - UI - Improve replication log analysis charts and usability (#6968) * Issue 6982 - UI - MemberOf shared config does not validate DN properly (#6983) * Issue 7021 - Units for changing MDB max size are not consistent across different tools (#7022) * Issue 6954 - do not delete referrals on chain_on_update backend * Issue 7018 - BUG - prevent stack depth being hit (#7019) * Issue 6928 - The parentId attribute is indexed with improper matching rule * Issue 6933 - When deferred memberof update is enabled after the server crashed it should not launch memberof fixup task by default (#6935) * Issue 6904 - Fix config_test.py::test_lmdb_config * Issue 7014 - memberOf - ignored deferred updates with LMDB * Issue 7012 - improve dscrl dbverify result when backend does not exists (#7013) * Issue 6929 - Compilation failure with rust-1.89 on Fedora ELN * Issue 6990 - UI - Replace deprecated Select components with new TypeaheadSelect (#6996) * Issue 6990 - UI - Fix typeahead Select fields losing values on Enter keypress (#6991) * Issue 6887 - Enhance logconv.py to add support for JSON access logs (#6889) * Issue 6985 - Some logconv CI tests fail with BDB (#6986) * Issue 6891 - JSON logging - add wrapper function that checks for NULL * Issue 6977 - UI - Show error message when trying to use unavailable ports (#6978) * Issue 6956 - More UI fixes * Issue 6947 - Revise time skew check in healthcheck tool and add option to exclude checks * Issue 6805 - RFE - Multiple backend entry cache tuning * Issue 6843 - Add CI tests for logconv.py (#6856) * Issue - UI - update Radio handlers and LDAP entries last modified time * Issue 6660 - UI - Fix minor typo (#6955) * Issue 6910 - Fix latest coverity issues * Issue 6919 - numSubordinates/tombstoneNumSubordinates are inconsisten... (#6920) * Issue 6663 - Fix NULL subsystem crash in JSON error logging (#6883) * Issue 6940 - dsconf monitor server fails with ldapi:// due to absent server ID (#6941) * Issue 6936 - Make user/subtree policy creation idempotent (#6937) * Issue 6865 - AddressSanitizer: leak in agmt_update_init_status * Issue 6848 - AddressSanitizer: leak in do_search * Issue 6850 - AddressSanitizer: memory leak in mdb_init * Issue 6778 - Memory leak in roles_cache_create_object_from_entry part 2 * Issue 6778 - Memory leak in roles_cache_create_object_from_entry * Issue 6181 - RFE - Allow system to manage uid/gid at startup * Issues 6913, 6886, 6250 - Adjust xfail marks (#6914) * Issue 6768 - ns-slapd crashes when a referral is added (#6780) * Issue 6468 - CLI - Fix default error log level * Issue 6339 - Address Coverity scan issues in memberof and bdb_layer (#6353) * Issue 6897 - Fix disk monitoring test failures and improve test maintainability (#6898) * Issue 6884 - Mask password hashes in audit logs (#6885) * Issue 6594 - Add test for numSubordinates replication consistency with tombstones (#6862) * Issue 6250 - Add test for entryUSN overflow on failed add operations (#6821) * Issue 6895 - Crash if repl keep alive entry can not be created * Issue 6893 - Log user that is updated during password modify extended operation * Issue 6772 - dsconf - Replicas with the "consumer" role allow for viewing and modification of their changelog. (#6773) * Issue 6888 - Missing access JSON logging for TLS/Client auth * Issue 6680 - instance read-only mode is broken (#6681) * Issue 6878 - Prevent repeated disconnect logs during shutdown (#6879) * Issue 6872 - compressed log rotation creates files with world readable permission * Issue 6859 - str2filter is not fully applying matching rules * Issue 6868 - UI - schema attribute table expansion break after moving to a new page * Issue 6854 - Refactor for improved data management (#6855) * Issue 6756 - CLI, UI - Properly handle disabled NDN cache (#6757) * Issue 6857 - uiduniq: allow specifying match rules in the filter * Issue 6838 - lib389/replica.py is using nonexistent datetime.UTC in Python 3.9 * Issue 6822 - Backend creation cleanup and Database UI tab error handling (#6823) * Issue 6782 - Improve paged result locking * Issue 6825 - RootDN Access Control Plugin with wildcards for IP addre... (#6826) * Issue 6736 - Exception thrown by dsconf instance repl get_ruv (#6742) * Issue 6819 - Incorrect pwdpolicysubentry returned for an entry with user password policy * Issue 6553 - Update concread to 0.5.6 (#6824) * Issue 1081 - Add a CI test (#6063) * Issue 6761 - Password modify extended operation should skip password policy checks when executed by root DN * Issue 6791 - crash in liblmdb during instance shutdown (#6793) * Issue 6641 - modrdn fails when a user is member of multiple groups (#6643) * Issue 6776 - Enabling audit log makes slapd coredump * Issue 6534 - CI fails with Fedora 41 and DNF5 * Issue 6787 - Improve error message when bulk import connection is closed * Issue 6727 - RFE - database compaction interval should be persistent * Issue 6438 - Add basic dsidm organizational unit tests * Issue 6439 - Fix dsidm service get_dn option * Issue 5120 - ns-slapd doesn't start in referral mode (#6763) 389-ds-3.0.6~git249.6688af9b2-160000.1.1.aarch64.rpm 389-ds-devel-3.0.6~git249.6688af9b2-160000.1.1.aarch64.rpm 389-ds-snmp-3.0.6~git249.6688af9b2-160000.1.1.aarch64.rpm lib389-3.0.6~git249.6688af9b2-160000.1.1.aarch64.rpm libsvrcore0-3.0.6~git249.6688af9b2-160000.1.1.aarch64.rpm 389-ds-3.0.6~git249.6688af9b2-160000.1.1.ppc64le.rpm 389-ds-devel-3.0.6~git249.6688af9b2-160000.1.1.ppc64le.rpm 389-ds-snmp-3.0.6~git249.6688af9b2-160000.1.1.ppc64le.rpm lib389-3.0.6~git249.6688af9b2-160000.1.1.ppc64le.rpm libsvrcore0-3.0.6~git249.6688af9b2-160000.1.1.ppc64le.rpm 389-ds-3.0.6~git249.6688af9b2-160000.1.1.s390x.rpm 389-ds-devel-3.0.6~git249.6688af9b2-160000.1.1.s390x.rpm 389-ds-snmp-3.0.6~git249.6688af9b2-160000.1.1.s390x.rpm lib389-3.0.6~git249.6688af9b2-160000.1.1.s390x.rpm libsvrcore0-3.0.6~git249.6688af9b2-160000.1.1.s390x.rpm 389-ds-3.0.6~git249.6688af9b2-160000.1.1.x86_64.rpm 389-ds-devel-3.0.6~git249.6688af9b2-160000.1.1.x86_64.rpm 389-ds-snmp-3.0.6~git249.6688af9b2-160000.1.1.x86_64.rpm lib389-3.0.6~git249.6688af9b2-160000.1.1.x86_64.rpm libsvrcore0-3.0.6~git249.6688af9b2-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-435 Security update for the Linux Kernel important SUSE SLFO 1.2 The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues. The following security issues were fixed: - CVE-2025-39753: gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops (bsc#1249590). - CVE-2025-39964: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966). - CVE-2025-40099: cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911). - CVE-2025-40103: smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924). - CVE-2025-40230: mm: prevent poison consumption when splitting THP (bsc#1254817). - CVE-2025-68173: ftrace: Fix softlockup in ftrace_module_enable (bsc#1255311). - CVE-2025-68186: ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up (bsc#1255144). - CVE-2025-68292: mm/memfd: fix information leak in hugetlb folios (bsc#1255148). - CVE-2025-68295: smb: client: fix memory leak in cifs_construct_tcon() (bsc#1255129). - CVE-2025-68329: tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs (bsc#1255490). - CVE-2025-68371: scsi: smartpqi: Fix device resources accessed after device removal (bsc#1255572). - CVE-2025-68745: scsi: qla2xxx: Clear cmds after chip reset (bsc#1255721). - CVE-2025-68785: net: openvswitch: fix middle attribute validation in push_nsh() action (bsc#1256640). - CVE-2025-68810: KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (bsc#1256679). - CVE-2025-71071: iommu/mediatek: fix use-after-free on probe deferral (bsc#1256802). - CVE-2025-71104: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708). - CVE-2025-71125: tracing: Do not register unsupported perf events (bsc#1256784). - CVE-2025-71134: mm/page_alloc: change all pageblocks migrate type on coalescing (bsc#1256732). - CVE-2025-71161: dm-verity: disable recursive forward error correction (bsc#1257174). - CVE-2025-71184: btrfs: tracepoints: use btrfs_root_id() to get the id of a root (bsc#1257635). - CVE-2025-71193: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend (bsc#1257686). - CVE-2025-71225: md: suspend array while updating raid_disks via sysfs (bsc#1258411). - CVE-2026-22979: net: fix memory leak in skb_segment_list for GRO packets (bsc#1257228). - CVE-2026-22998: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (bsc#1257209). - CVE-2026-23003: ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (bsc#1257246). - CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231). - CVE-2026-23010: ipv6: Fix use-after-free in inet6_addr_del() (bsc#1257332). - CVE-2026-23017: idpf: fix error handling in the init_task on load (bsc#1257552). - CVE-2026-23022: idpf: fix memory leak in idpf_vc_core_deinit() (bsc#1257581). - CVE-2026-23023: idpf: fix memory leak in idpf_vport_rel() (bsc#1257556). - CVE-2026-23024: idpf: fix memory leak of flow steer list on rmmod (bsc#1257572). - CVE-2026-23035: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (bsc#1257559). - CVE-2026-23042: idpf: fix aux device unplugging when rdma is not supported by vport (bsc#1257705). - CVE-2026-23047: libceph: make calc_target() set t->paused, not just clear it (bsc#1257682). - CVE-2026-23053: NFS: Fix a deadlock involving nfs_release_folio() (bsc#1257718). - CVE-2026-23057: vsock/virtio: Coalesce only linear skb (bsc#1257740). - CVE-2026-23064: net/sched: act_ife: avoid possible NULL deref (bsc#1257765). - CVE-2026-23066: rxrpc: Fix recvmsg() unconditional requeue (bsc#1257726). - CVE-2026-23068: spi: spi-sprd-adi: Fix double free in probe error path (bsc#1257805). - CVE-2026-23069: vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755). - CVE-2026-23070: Octeontx2-af: Add proper checks for fwdata (bsc#1257709). - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749). - CVE-2026-23083: tools: ynl-gen: use big-endian netlink attribute types (bsc#1257745). - CVE-2026-23084: be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (bsc#1257830). - CVE-2026-23085: irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758). - CVE-2026-23086: vsock/virtio: cap TX credit to local buffer size (bsc#1257757). - CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage (bsc#1257814). - CVE-2026-23095: gue: Fix skb memleak with inner IP protocol 0 (bsc#1257808). - CVE-2026-23097: migrate: correct lock ordering for hugetlb file folios (bsc#1257815). - CVE-2026-23099: bonding: limit BOND_MODE_8023AD to Ethernet devices (bsc#1257816). - CVE-2026-23100: mm/hugetlb: fix hugetlb_pmd_shared() (bsc#1257817). - CVE-2026-23102: arm64/fpsimd: signal: Fix restoration of SVE context (bsc#1257772). - CVE-2026-23104: ice: fix devlink reload call trace (bsc#1257763). - CVE-2026-23105: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (bsc#1257775). - CVE-2026-23107: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762). - CVE-2026-23110: scsi: core: Wake up the error handler when final completions race against each other (bsc#1257761). - CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258181). - CVE-2026-23112: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (bsc#1258184). - CVE-2026-23116: pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu (bsc#1258277). - CVE-2026-23119: bonding: provide a net pointer to __skb_flow_dissect() (bsc#1258273). - CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303). - CVE-2026-23139: netfilter: nf_conncount: update last_gc only when GC has been performed (bsc#1258304). - CVE-2026-23141: btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377). - CVE-2026-23142: mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure (bsc#1258289). - CVE-2026-23144: mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (bsc#1258290). - CVE-2026-23148: nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference (bsc#1258258). - CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO (bsc#1258286). - CVE-2026-23161: mm/shmem, swap: fix race of truncate and swap entry split (bsc#1258355). - CVE-2026-23166: ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues (bsc#1258272). - CVE-2026-23169: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (bsc#1258389). - CVE-2026-23171: bonding: fix use-after-free due to enslave fail after slave array update (bsc#1258349). - CVE-2026-23173: net/mlx5e: TC, delete flows only for existing peers (bsc#1258520). - CVE-2026-23179: nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() (bsc#1258394). - CVE-2026-23189: ceph: fix NULL pointer dereference in ceph_mds_auth_match() (bsc#1258308). - CVE-2026-23198: KVM: Don't clobber irqfd routing type when deassigning irqfd (bsc#1258321). - CVE-2026-23208: ALSA: usb-audio: Prevent excessive number of frames (bsc#1258468). - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518). - CVE-2026-23210: ice: Fix PTP NULL pointer dereference during VSI rebuild (bsc#1258517). - CVE-2026-23214: btrfs: reject new transactions if the fs is fully read-only (bsc#1258464). - CVE-2026-23223: xfs: fix UAF in xchk_btree_check_block_owner (bsc#1258483). - CVE-2026-23224: erofs: fix UAF issue for file-backed mounts w/ directio option (bsc#1258461). The following non security issues were fixed: - ALSA: usb-audio: Update the number of packets properly at receiving (stable-fixes). - ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() (git-fixes). - ASoC: SOF: ipc4-control: If there is no data do not send bytes update (git-fixes). - Add bugnumber to existing mana and mana_ib changes (bsc#1251135 bsc#1251971). - HID: apple: Add EPOMAKER TH87 to the non-apple keyboards list (bsc#1258455). - HID: intel-ish-hid: Update ishtp bus match to support device ID table (stable-fixes). - PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1255868). - PCI: Add ASPEED vendor ID to pci_ids.h (bsc#1258672) - PCI: Add PCI_BRIDGE_NO_ALIAS quirk for ASPEED AST1150 (bsc#1258672) - PM: sleep: wakeirq: Update outdated documentation comments (git-fixes). - Refresh and move upstreamed ath12k patch into sorted section - Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153) - add bugnumber to existing mana change (bsc#1252266). - arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS (bsc#1259329) - bonding: only set speed/duplex to unknown, if getting speed failed (bsc#1253691). - can: bcm: fix locking for bcm_op runtime updates (git-fixes). - clk: qcom: gcc-sm8450: Update the SDCC RCGs to use shared_floor_ops (git-fixes). - clocksource: Fix the CPUs' choice in the watchdog per CPU verification (bsc#1257818). - clocksource: Print durations for sync check unconditionally (bsc#1257818). - clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1257818). - clocksource: Use pr_info() for "Checking clocksource synchronization" message (bsc#1257818). - dm: Fix deadlock when reloading a multipath table (bsc#1254928). - drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129). - ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (git-fixes). - gpiolib-acpi: Update file references in the Documentation and MAINTAINERS (git-fixes). - i3c: master: Update hot-join flag only on success (git-fixes). - ktls, sockmap: Fix missing uncharge operation (bsc#1252008). - media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() (git-fixes). - modpost: Ensure exported symbol namespaces are not quoted (bsc#1258489). - net: mana: Handle hardware recovery events when probing the device (bsc#1257466). - net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). - platform/x86/amd: amd_3d_vcache: Add AMD 3D V-Cache optimizer driver (jsc#PED-11563). - sched/core: Avoid direct access to hrtimer clockbase (bsc#1234634). - sched/deadline: Fix race in push_dl_task() (bsc#1234634). - sched/deadline: Stop dl_server before CPU goes offline (bsc#1234634). - sched/fair: Fix pelt clock sync when entering idle (bsc#1234634). - sched/fair: Fix pelt lost idle time detection (bsc#1234634). - staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure (stable-fixes). - wifi: cfg80211: Fix use_for flag update on BSS refresh (git-fixes). kernel-devel-6.12.0-160000.27.1.noarch.rpm True kernel-macros-6.12.0-160000.27.1.noarch.rpm True kernel-source-6.12.0-160000.27.1.noarch.rpm True kernel-source-vanilla-6.12.0-160000.27.1.noarch.rpm True kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64.rpm True dtb-allwinner-6.12.0-160000.27.1.aarch64.rpm True dtb-altera-6.12.0-160000.27.1.aarch64.rpm True dtb-amazon-6.12.0-160000.27.1.aarch64.rpm True dtb-amd-6.12.0-160000.27.1.aarch64.rpm True dtb-amlogic-6.12.0-160000.27.1.aarch64.rpm True dtb-apm-6.12.0-160000.27.1.aarch64.rpm True dtb-apple-6.12.0-160000.27.1.aarch64.rpm True dtb-arm-6.12.0-160000.27.1.aarch64.rpm True dtb-broadcom-6.12.0-160000.27.1.aarch64.rpm True dtb-cavium-6.12.0-160000.27.1.aarch64.rpm True dtb-exynos-6.12.0-160000.27.1.aarch64.rpm True dtb-freescale-6.12.0-160000.27.1.aarch64.rpm True dtb-hisilicon-6.12.0-160000.27.1.aarch64.rpm True dtb-lg-6.12.0-160000.27.1.aarch64.rpm True dtb-marvell-6.12.0-160000.27.1.aarch64.rpm True dtb-mediatek-6.12.0-160000.27.1.aarch64.rpm True dtb-nvidia-6.12.0-160000.27.1.aarch64.rpm True dtb-qcom-6.12.0-160000.27.1.aarch64.rpm True dtb-renesas-6.12.0-160000.27.1.aarch64.rpm True dtb-rockchip-6.12.0-160000.27.1.aarch64.rpm True dtb-socionext-6.12.0-160000.27.1.aarch64.rpm True dtb-sprd-6.12.0-160000.27.1.aarch64.rpm True dtb-xilinx-6.12.0-160000.27.1.aarch64.rpm True cluster-md-kmp-64kb-6.12.0-160000.27.1.aarch64.rpm True dlm-kmp-64kb-6.12.0-160000.27.1.aarch64.rpm True gfs2-kmp-64kb-6.12.0-160000.27.1.aarch64.rpm True kernel-64kb-6.12.0-160000.27.1.aarch64.rpm True kernel-64kb-devel-6.12.0-160000.27.1.aarch64.rpm True kernel-64kb-extra-6.12.0-160000.27.1.aarch64.rpm True kernel-64kb-optional-6.12.0-160000.27.1.aarch64.rpm True kselftests-kmp-64kb-6.12.0-160000.27.1.aarch64.rpm True ocfs2-kmp-64kb-6.12.0-160000.27.1.aarch64.rpm True cluster-md-kmp-azure-6.12.0-160000.27.1.aarch64.rpm True dlm-kmp-azure-6.12.0-160000.27.1.aarch64.rpm True gfs2-kmp-azure-6.12.0-160000.27.1.aarch64.rpm True kernel-azure-6.12.0-160000.27.1.aarch64.rpm True kernel-azure-devel-6.12.0-160000.27.1.aarch64.rpm True kernel-azure-extra-6.12.0-160000.27.1.aarch64.rpm True kernel-azure-optional-6.12.0-160000.27.1.aarch64.rpm True kselftests-kmp-azure-6.12.0-160000.27.1.aarch64.rpm True ocfs2-kmp-azure-6.12.0-160000.27.1.aarch64.rpm True cluster-md-kmp-default-6.12.0-160000.27.1.aarch64.rpm True dlm-kmp-default-6.12.0-160000.27.1.aarch64.rpm True gfs2-kmp-default-6.12.0-160000.27.1.aarch64.rpm True kernel-default-6.12.0-160000.27.1.aarch64.rpm True kernel-default-devel-6.12.0-160000.27.1.aarch64.rpm True kernel-default-extra-6.12.0-160000.27.1.aarch64.rpm True kernel-default-optional-6.12.0-160000.27.1.aarch64.rpm True kselftests-kmp-default-6.12.0-160000.27.1.aarch64.rpm True ocfs2-kmp-default-6.12.0-160000.27.1.aarch64.rpm True kernel-docs-6.12.0-160000.27.1.noarch.rpm True kernel-docs-html-6.12.0-160000.27.1.noarch.rpm True kernel-kvmsmall-6.12.0-160000.27.1.aarch64.rpm True kernel-kvmsmall-devel-6.12.0-160000.27.1.aarch64.rpm True kernel-obs-build-6.12.0-160000.27.1.aarch64.rpm True kernel-obs-qa-6.12.0-160000.27.1.aarch64.rpm True cluster-md-kmp-rt-6.12.0-160000.27.1.aarch64.rpm True dlm-kmp-rt-6.12.0-160000.27.1.aarch64.rpm True gfs2-kmp-rt-6.12.0-160000.27.1.aarch64.rpm True kernel-rt-6.12.0-160000.27.1.aarch64.rpm True kernel-rt-devel-6.12.0-160000.27.1.aarch64.rpm True kernel-rt-extra-6.12.0-160000.27.1.aarch64.rpm True kernel-rt-optional-6.12.0-160000.27.1.aarch64.rpm True kselftests-kmp-rt-6.12.0-160000.27.1.aarch64.rpm True ocfs2-kmp-rt-6.12.0-160000.27.1.aarch64.rpm True kernel-syms-6.12.0-160000.27.1.aarch64.rpm True kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le.rpm True cluster-md-kmp-default-6.12.0-160000.27.1.ppc64le.rpm True dlm-kmp-default-6.12.0-160000.27.1.ppc64le.rpm True gfs2-kmp-default-6.12.0-160000.27.1.ppc64le.rpm True kernel-default-6.12.0-160000.27.1.ppc64le.rpm True kernel-default-devel-6.12.0-160000.27.1.ppc64le.rpm True kernel-default-extra-6.12.0-160000.27.1.ppc64le.rpm True kernel-default-optional-6.12.0-160000.27.1.ppc64le.rpm True kselftests-kmp-default-6.12.0-160000.27.1.ppc64le.rpm True ocfs2-kmp-default-6.12.0-160000.27.1.ppc64le.rpm True kernel-kvmsmall-6.12.0-160000.27.1.ppc64le.rpm True kernel-kvmsmall-devel-6.12.0-160000.27.1.ppc64le.rpm True kernel-obs-build-6.12.0-160000.27.1.ppc64le.rpm True kernel-obs-qa-6.12.0-160000.27.1.ppc64le.rpm True kernel-syms-6.12.0-160000.27.1.ppc64le.rpm True cluster-md-kmp-default-6.12.0-160000.27.1.s390x.rpm True dlm-kmp-default-6.12.0-160000.27.1.s390x.rpm True gfs2-kmp-default-6.12.0-160000.27.1.s390x.rpm True kernel-default-6.12.0-160000.27.1.s390x.rpm True kernel-default-devel-6.12.0-160000.27.1.s390x.rpm True kernel-default-extra-6.12.0-160000.27.1.s390x.rpm True kernel-default-optional-6.12.0-160000.27.1.s390x.rpm True kselftests-kmp-default-6.12.0-160000.27.1.s390x.rpm True ocfs2-kmp-default-6.12.0-160000.27.1.s390x.rpm True kernel-obs-build-6.12.0-160000.27.1.s390x.rpm True kernel-obs-qa-6.12.0-160000.27.1.s390x.rpm True kernel-syms-6.12.0-160000.27.1.s390x.rpm True kernel-zfcpdump-6.12.0-160000.27.1.s390x.rpm True kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64.rpm True cluster-md-kmp-azure-6.12.0-160000.27.1.x86_64.rpm True dlm-kmp-azure-6.12.0-160000.27.1.x86_64.rpm True gfs2-kmp-azure-6.12.0-160000.27.1.x86_64.rpm True kernel-azure-6.12.0-160000.27.1.x86_64.rpm True kernel-azure-devel-6.12.0-160000.27.1.x86_64.rpm True kernel-azure-extra-6.12.0-160000.27.1.x86_64.rpm True kernel-azure-optional-6.12.0-160000.27.1.x86_64.rpm True kernel-azure-vdso-6.12.0-160000.27.1.x86_64.rpm True kselftests-kmp-azure-6.12.0-160000.27.1.x86_64.rpm True ocfs2-kmp-azure-6.12.0-160000.27.1.x86_64.rpm True cluster-md-kmp-default-6.12.0-160000.27.1.x86_64.rpm True dlm-kmp-default-6.12.0-160000.27.1.x86_64.rpm True gfs2-kmp-default-6.12.0-160000.27.1.x86_64.rpm True kernel-default-6.12.0-160000.27.1.x86_64.rpm True kernel-default-devel-6.12.0-160000.27.1.x86_64.rpm True kernel-default-extra-6.12.0-160000.27.1.x86_64.rpm True kernel-default-optional-6.12.0-160000.27.1.x86_64.rpm True kernel-default-vdso-6.12.0-160000.27.1.x86_64.rpm True kselftests-kmp-default-6.12.0-160000.27.1.x86_64.rpm True ocfs2-kmp-default-6.12.0-160000.27.1.x86_64.rpm True kernel-kvmsmall-6.12.0-160000.27.1.x86_64.rpm True kernel-kvmsmall-devel-6.12.0-160000.27.1.x86_64.rpm True kernel-kvmsmall-vdso-6.12.0-160000.27.1.x86_64.rpm True kernel-obs-build-6.12.0-160000.27.1.x86_64.rpm True kernel-obs-qa-6.12.0-160000.27.1.x86_64.rpm True cluster-md-kmp-rt-6.12.0-160000.27.1.x86_64.rpm True dlm-kmp-rt-6.12.0-160000.27.1.x86_64.rpm True gfs2-kmp-rt-6.12.0-160000.27.1.x86_64.rpm True kernel-rt-6.12.0-160000.27.1.x86_64.rpm True kernel-rt-devel-6.12.0-160000.27.1.x86_64.rpm True kernel-rt-extra-6.12.0-160000.27.1.x86_64.rpm True kernel-rt-optional-6.12.0-160000.27.1.x86_64.rpm True kernel-rt-vdso-6.12.0-160000.27.1.x86_64.rpm True kselftests-kmp-rt-6.12.0-160000.27.1.x86_64.rpm True ocfs2-kmp-rt-6.12.0-160000.27.1.x86_64.rpm True kernel-syms-6.12.0-160000.27.1.x86_64.rpm True openSUSE-Leap-16.0-437 Security update for python-black important SUSE SLFO 1.2 This update for python-black fixes the following issues: - CVE-2026-31900: a malicious pyproject.toml edit can lead to arbitrary code execution (bsc#1259546). - CVE-2026-32274: arbitrary file writes from unsanitized user input in cache file name (bsc#1259608). python313-black-25.1.0-160000.3.1.noarch.rpm openSUSE-Leap-16.0-438 Security update for python-pyasn1 important SUSE SLFO 1.2 This update for python-pyasn1 fixes the following issue: - CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803). python313-pyasn1-0.6.1-160000.4.1.noarch.rpm openSUSE-Leap-16.0-439 Security update for python-pyOpenSSL important SUSE SLFO 1.2 This update for python-pyOpenSSL fixes the following issues: - CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804). - CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808). python313-pyOpenSSL-25.0.0-160000.3.1.noarch.rpm openSUSE-Leap-16.0-44 Recommended update for nvidia-open-driver-G06-signed moderate SUSE SLFO 1.2 This update for nvidia-open-driver-G06-signed fixes the following issues: Changes in nvidia-open-driver-G06-signed: Update CUDA variant to 580.95.05. Update to version 580.95.05 (boo#1250536). Update non-CUDA variant to 580.82.07 (boo#1249235). Update CUDA variant to 580.82.07. nvidia-open-driver-G06-signed-64kb-devel-580.95.05-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-check-580.95.05-160000.1.1.noarch.rpm nvidia-open-driver-G06-signed-default-devel-580.95.05-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-kmp-64kb-580.95.05_k6.12.0_160000.6-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-kmp-default-580.95.05_k6.12.0_160000.6-160000.1.1.aarch64.rpm nv-prefer-signed-open-driver-580.95.05-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-cuda-64kb-devel-580.95.05-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-cuda-check-580.95.05-160000.1.1.noarch.rpm nvidia-open-driver-G06-signed-cuda-default-devel-580.95.05-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-cuda-kmp-64kb-580.95.05_k6.12.0_160000.6-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-cuda-kmp-default-580.95.05_k6.12.0_160000.6-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-default-devel-580.95.05-160000.1.1.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-580.95.05_k6.12.0_160000.6-160000.1.1.x86_64.rpm nv-prefer-signed-open-driver-580.95.05-160000.1.1.x86_64.rpm nvidia-open-driver-G06-signed-cuda-default-devel-580.95.05-160000.1.1.x86_64.rpm nvidia-open-driver-G06-signed-cuda-kmp-default-580.95.05_k6.12.0_160000.6-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-442 Security update for ffmpeg-7 moderate SUSE SLFO 1.2 This update for ffmpeg-7 fixes the following issues: - Updated to version 7.1.2: * avcodec/librsvgdec: fix compilation with librsvg 2.50.3 * libavfilter/af_firequalizer: Add check for av_malloc_array() * avcodec/libsvtav1: unbreak build with latest svtav1 * avformat/hls: Fix Youtube AAC * Various bugfixes. * CVE-2025-7700: Fixed NULL Pointer Dereference in ALS Decoder (bsc#1246790) ffmpeg-7-7.1.2-160000.1.1.aarch64.rpm ffmpeg-7-libavcodec-devel-7.1.2-160000.1.1.aarch64.rpm ffmpeg-7-libavdevice-devel-7.1.2-160000.1.1.aarch64.rpm ffmpeg-7-libavfilter-devel-7.1.2-160000.1.1.aarch64.rpm ffmpeg-7-libavformat-devel-7.1.2-160000.1.1.aarch64.rpm ffmpeg-7-libavutil-devel-7.1.2-160000.1.1.aarch64.rpm ffmpeg-7-libpostproc-devel-7.1.2-160000.1.1.aarch64.rpm ffmpeg-7-libswresample-devel-7.1.2-160000.1.1.aarch64.rpm ffmpeg-7-libswscale-devel-7.1.2-160000.1.1.aarch64.rpm libavcodec61-7.1.2-160000.1.1.aarch64.rpm libavdevice61-7.1.2-160000.1.1.aarch64.rpm libavfilter10-7.1.2-160000.1.1.aarch64.rpm libavformat61-7.1.2-160000.1.1.aarch64.rpm libavutil59-7.1.2-160000.1.1.aarch64.rpm libpostproc58-7.1.2-160000.1.1.aarch64.rpm libswresample5-7.1.2-160000.1.1.aarch64.rpm libswscale8-7.1.2-160000.1.1.aarch64.rpm ffmpeg-7-7.1.2-160000.1.1.ppc64le.rpm ffmpeg-7-libavcodec-devel-7.1.2-160000.1.1.ppc64le.rpm ffmpeg-7-libavdevice-devel-7.1.2-160000.1.1.ppc64le.rpm ffmpeg-7-libavfilter-devel-7.1.2-160000.1.1.ppc64le.rpm ffmpeg-7-libavformat-devel-7.1.2-160000.1.1.ppc64le.rpm ffmpeg-7-libavutil-devel-7.1.2-160000.1.1.ppc64le.rpm ffmpeg-7-libpostproc-devel-7.1.2-160000.1.1.ppc64le.rpm ffmpeg-7-libswresample-devel-7.1.2-160000.1.1.ppc64le.rpm ffmpeg-7-libswscale-devel-7.1.2-160000.1.1.ppc64le.rpm libavcodec61-7.1.2-160000.1.1.ppc64le.rpm libavdevice61-7.1.2-160000.1.1.ppc64le.rpm libavfilter10-7.1.2-160000.1.1.ppc64le.rpm libavformat61-7.1.2-160000.1.1.ppc64le.rpm libavutil59-7.1.2-160000.1.1.ppc64le.rpm libpostproc58-7.1.2-160000.1.1.ppc64le.rpm libswresample5-7.1.2-160000.1.1.ppc64le.rpm libswscale8-7.1.2-160000.1.1.ppc64le.rpm ffmpeg-7-7.1.2-160000.1.1.s390x.rpm ffmpeg-7-libavcodec-devel-7.1.2-160000.1.1.s390x.rpm ffmpeg-7-libavdevice-devel-7.1.2-160000.1.1.s390x.rpm ffmpeg-7-libavfilter-devel-7.1.2-160000.1.1.s390x.rpm ffmpeg-7-libavformat-devel-7.1.2-160000.1.1.s390x.rpm ffmpeg-7-libavutil-devel-7.1.2-160000.1.1.s390x.rpm ffmpeg-7-libpostproc-devel-7.1.2-160000.1.1.s390x.rpm ffmpeg-7-libswresample-devel-7.1.2-160000.1.1.s390x.rpm ffmpeg-7-libswscale-devel-7.1.2-160000.1.1.s390x.rpm libavcodec61-7.1.2-160000.1.1.s390x.rpm libavdevice61-7.1.2-160000.1.1.s390x.rpm libavfilter10-7.1.2-160000.1.1.s390x.rpm libavformat61-7.1.2-160000.1.1.s390x.rpm libavutil59-7.1.2-160000.1.1.s390x.rpm libpostproc58-7.1.2-160000.1.1.s390x.rpm libswresample5-7.1.2-160000.1.1.s390x.rpm libswscale8-7.1.2-160000.1.1.s390x.rpm ffmpeg-7-7.1.2-160000.1.1.x86_64.rpm ffmpeg-7-libavcodec-devel-7.1.2-160000.1.1.x86_64.rpm ffmpeg-7-libavdevice-devel-7.1.2-160000.1.1.x86_64.rpm ffmpeg-7-libavfilter-devel-7.1.2-160000.1.1.x86_64.rpm ffmpeg-7-libavformat-devel-7.1.2-160000.1.1.x86_64.rpm ffmpeg-7-libavutil-devel-7.1.2-160000.1.1.x86_64.rpm ffmpeg-7-libpostproc-devel-7.1.2-160000.1.1.x86_64.rpm ffmpeg-7-libswresample-devel-7.1.2-160000.1.1.x86_64.rpm ffmpeg-7-libswscale-devel-7.1.2-160000.1.1.x86_64.rpm libavcodec61-7.1.2-160000.1.1.x86_64.rpm libavdevice61-7.1.2-160000.1.1.x86_64.rpm libavfilter10-7.1.2-160000.1.1.x86_64.rpm libavformat61-7.1.2-160000.1.1.x86_64.rpm libavutil59-7.1.2-160000.1.1.x86_64.rpm libpostproc58-7.1.2-160000.1.1.x86_64.rpm libswresample5-7.1.2-160000.1.1.x86_64.rpm libswscale8-7.1.2-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-443 Security update for python-ldap moderate SUSE SLFO 1.2 This update for python-ldap fixes the following issues: - CVE-2025-61911: Enforce str for escape_filter_chars (bsc#1251912). - CVE-2025-61912: Escape NULs as per RFC 4514 in escape_dn_chars (bsc#1251913). python313-ldap-3.4.4-160000.3.1.aarch64.rpm python313-ldap-3.4.4-160000.3.1.ppc64le.rpm python313-ldap-3.4.4-160000.3.1.s390x.rpm python313-ldap-3.4.4-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-445 Security update for python-PyJWT important SUSE SLFO 1.2 This update for python-PyJWT fixes the following issue: Update to PyJWT 2.12.1: - CVE-2026-32597: PyJWT accepts unknown `crit` header extensions (bsc#1259616). Changelog: Update to 2.12.1: - Add missing typing_extensions dependency for Python < 3.11 in #1150 Update to 2.12.0: - Annotate PyJWKSet.keys for pyright by @tamird in #1134 - Close HTTPError response to prevent ResourceWarning on Python 3.14 by @veeceey in #1133 - Do not keep algorithms dict in PyJWK instances by @akx in #1143 - Use PyJWK algorithm when encoding without explicit algorithm in #1148 - Docs: Add PyJWKClient API reference and document the two-tier caching system (JWK Set cache and signing key LRU cache). Update to 2.11.0: - Enforce ECDSA curve validation per RFC 7518 Section 3.4. - Fix build system warnings by @kurtmckee in #1105 - Validate key against allowed types for Algorithm family in #964 - Add iterator for JWKSet in #1041 - Validate iss claim is a string during encoding and decoding by @pachewise in #1040 - Improve typing/logic for options in decode, decode_complete by @pachewise in #1045 - Declare float supported type for lifespan and timeout by @nikitagashkov in #1068 - Fix SyntaxWarnings/DeprecationWarnings caused by invalid escape sequences by @kurtmckee in #1103 - Development: Build a shared wheel once to speed up test suite setup times by @kurtmckee in #1114 - Development: Test type annotations across all supported Python versions, increase the strictness of the type checking, and remove the mypy pre-commit hook by @kurtmckee in #1112 - Support Python 3.14, and test against PyPy 3.10 and 3.11 by @kurtmckee in #1104 - Development: Migrate to build to test package building in CI by @kurtmckee in #1108 - Development: Improve coverage config and eliminate unused test suite code by @kurtmckee in #1115 - Docs: Standardize CHANGELOG links to PRs by @kurtmckee in #1110 - Docs: Fix Read the Docs builds by @kurtmckee in #1111 - Docs: Add example of using leeway with nbf by @djw8605 in #1034 - Docs: Refactored docs with autodoc; added PyJWS and jwt.algorithms docs by @pachewise in #1045 - Docs: Documentation improvements for "sub" and "jti" claims by @cleder in #1088 - Development: Add pyupgrade as a pre-commit hook by @kurtmckee in #1109 - Add minimum key length validation for HMAC and RSA keys (CWE-326). Warns by default via InsecureKeyLengthWarning when keys are below minimum recommended lengths per RFC 7518 Section 3.2 (HMAC) and NIST SP 800-131A (RSA). Pass enforce_minimum_key_length=True in options to PyJWT or PyJWS to raise InvalidKeyError instead. - Refactor PyJWT to own an internal PyJWS instance instead of calling global api_jws functions. python313-PyJWT-2.12.1-160000.1.1.noarch.rpm openSUSE-Leap-16.0-449 Security update for fetchmail moderate SUSE SLFO 1.2 This update for fetchmail fixes the following issues: - CVE-2025-61962: Fixed denial of service (bsc#1251194) fetchmail-6.5.2-160000.3.1.aarch64.rpm fetchmailconf-6.5.2-160000.3.1.aarch64.rpm fetchmail-6.5.2-160000.3.1.ppc64le.rpm fetchmailconf-6.5.2-160000.3.1.ppc64le.rpm fetchmail-6.5.2-160000.3.1.s390x.rpm fetchmailconf-6.5.2-160000.3.1.s390x.rpm fetchmail-6.5.2-160000.3.1.x86_64.rpm fetchmailconf-6.5.2-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-45 Recommended update for wsl-firstboot moderate SUSE SLFO 1.2 This update for wsl-firstboot fixes the following issues: Update to version 1.5.9+git20251110.c1fca4e: * Adding Leap/TW check to modules/registration * Changing date tag for modules/switch Update to version 1.5.8+git20251110.828658c: * Adding 'or' for when ID == opensuse-tumbleweed so that wsl-config doesn't list 'switch' as an option in TW as well Update to version 1.5.7+git20251108.7a67d02: * Adding a check for ID since we have Leap/SLE 16.0 - Also will 'continue' when ID == opensuse-leap so that wsl-config doesn't list 'switch' as an option in Leap Update to version 1.5.6+git20251104.86be8d4: * Adding 'sleep and clear' to sbin/wsl-firstboot * Adding skip check for SLE16.0 to modules/switch * Removing ability to skip initual user creation wsl-firstboot-1.5.9+git20251110.c1fca4e-160000.1.1.noarch.rpm openSUSE-Leap-16.0-450 Security update for openexr important SUSE SLFO 1.2 This update for openexr fixes the following issue: - CVE-2026-27622: crafted multipart deep EXR can cause an heap out-of-bound write (bsc#1259177). libIex-3_2-31-3.2.2-160000.5.1.aarch64.rpm libIlmThread-3_2-31-3.2.2-160000.5.1.aarch64.rpm libOpenEXR-3_2-31-3.2.2-160000.5.1.aarch64.rpm libOpenEXRCore-3_2-31-3.2.2-160000.5.1.aarch64.rpm libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.aarch64.rpm openexr-3.2.2-160000.5.1.aarch64.rpm openexr-devel-3.2.2-160000.5.1.aarch64.rpm openexr-doc-3.2.2-160000.5.1.noarch.rpm libIex-3_2-31-3.2.2-160000.5.1.ppc64le.rpm libIlmThread-3_2-31-3.2.2-160000.5.1.ppc64le.rpm libOpenEXR-3_2-31-3.2.2-160000.5.1.ppc64le.rpm libOpenEXRCore-3_2-31-3.2.2-160000.5.1.ppc64le.rpm libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.ppc64le.rpm openexr-3.2.2-160000.5.1.ppc64le.rpm openexr-devel-3.2.2-160000.5.1.ppc64le.rpm libIex-3_2-31-3.2.2-160000.5.1.s390x.rpm libIlmThread-3_2-31-3.2.2-160000.5.1.s390x.rpm libOpenEXR-3_2-31-3.2.2-160000.5.1.s390x.rpm libOpenEXRCore-3_2-31-3.2.2-160000.5.1.s390x.rpm libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.s390x.rpm openexr-3.2.2-160000.5.1.s390x.rpm openexr-devel-3.2.2-160000.5.1.s390x.rpm libIex-3_2-31-3.2.2-160000.5.1.x86_64.rpm libIex-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64.rpm libIlmThread-3_2-31-3.2.2-160000.5.1.x86_64.rpm libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64.rpm libOpenEXR-3_2-31-3.2.2-160000.5.1.x86_64.rpm libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64.rpm libOpenEXRCore-3_2-31-3.2.2-160000.5.1.x86_64.rpm libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64.rpm libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.x86_64.rpm libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64.rpm openexr-3.2.2-160000.5.1.x86_64.rpm openexr-devel-3.2.2-160000.5.1.x86_64.rpm openSUSE-Leap-16.0-451 Recommended update for gdb moderate SUSE SLFO 1.2 This update for gdb fixes the following issues: Changes in gdb: - fixes some bugs - fix hang on whatis (bsc#1250033, swo#33480): gdb-16.3-160000.3.1.aarch64.rpm gdbserver-16.3-160000.3.1.aarch64.rpm gdb-testresults-16.3-160000.3.1.aarch64.rpm gdb-16.3-160000.3.1.ppc64le.rpm gdbserver-16.3-160000.3.1.ppc64le.rpm gdb-testresults-16.3-160000.3.1.ppc64le.rpm gdb-16.3-160000.3.1.s390x.rpm gdbserver-16.3-160000.3.1.s390x.rpm gdb-testresults-16.3-160000.3.1.s390x.rpm gdb-16.3-160000.3.1.x86_64.rpm gdbserver-16.3-160000.3.1.x86_64.rpm gdb-testresults-16.3-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-452 Recommended update for mozilla-nspr moderate SUSE SLFO 1.2 This update for mozilla-nspr fixes the following issues: Update to NSPR 4.36.2: * Fixed a syntax error in test file parsetm.c, which was introduced in 4.36.1 Update to NSPR 4.36.1: * Incorrect time value produced by PR_ParseTimeString and PR_ParseTimeStringToExplodedTime if input string doesn't specify seconds. mozilla-nspr-4.36.2-160000.1.1.aarch64.rpm mozilla-nspr-devel-4.36.2-160000.1.1.aarch64.rpm mozilla-nspr-4.36.2-160000.1.1.ppc64le.rpm mozilla-nspr-devel-4.36.2-160000.1.1.ppc64le.rpm mozilla-nspr-4.36.2-160000.1.1.s390x.rpm mozilla-nspr-devel-4.36.2-160000.1.1.s390x.rpm mozilla-nspr-4.36.2-160000.1.1.x86_64.rpm mozilla-nspr-devel-4.36.2-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-453 Recommended update for az-cli-cmd moderate SUSE SLFO 1.2 This update for az-cli-cmd fixes the following issues: Changes in az-cli-cmd: - Fix install/upgrade/removal With the release of flake-pilot 3.1.27 a force option for registration and deregistration has been added. This allows for a simpler registration processing in the spec file of the -cmd package. This commit adds registration and deregistration helper scripts and calls them as part of the spec pre/post processing macros. The macro setup makes sure: 1. The flake gets registered as %post install action 2. The flake gets deregistered as %preun uninstall (no upgrade) action With regards to the already released package and the existing macro code the following applies: The %postun code from the old package runs after the %post code of the new package and only in upgrade mode. This would harm the registration which is the reason why we again call register_az in %posttrans which is the last action of the entire transaction and ensures the registration will be effective This Fixes bsc#1259604 az-cli-cmd-1.37.1-160000.3.1.noarch.rpm openSUSE-Leap-16.0-454 Security update for net-tools moderate SUSE SLFO 1.2 This update for net-tools fixes the following issues: - Fix stack buffer overflow in parse_hex (bsc#1248687, GHSA-h667-qrp8-gj58). - Fix stack-based buffer overflow in proc_gen_fmt (bsc#1248687, GHSA-w7jq-cmw2-cq59). - Avoid unsafe memcpy in ifconfig (bsc#1248687). - Prevent overflow in ax25 and netrom (bsc#1248687) - Keep possibility to enter long interface names, even if they are not accepted by the kernel, because it was always possible up to CVE-2025-46836 fix. But issue a warning about an interface name concatenation (bsc#1248410). net-tools-2.10-160000.3.1.aarch64.rpm net-tools-deprecated-2.10-160000.3.1.aarch64.rpm net-tools-lang-2.10-160000.3.1.noarch.rpm net-tools-2.10-160000.3.1.ppc64le.rpm net-tools-deprecated-2.10-160000.3.1.ppc64le.rpm net-tools-2.10-160000.3.1.s390x.rpm net-tools-deprecated-2.10-160000.3.1.s390x.rpm net-tools-2.10-160000.3.1.x86_64.rpm net-tools-deprecated-2.10-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-455 Security update for docker-compose important SUSE SLFO 1.2 This update for docker-compose fixes the following issues: - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253584). - CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1254041). - CVE-2025-62725: OCI compose artifacts can be used to escape the cache directory and overwrite arbitrary files (bsc#1252752). docker-compose-2.33.1-160000.4.1.aarch64.rpm docker-compose-2.33.1-160000.4.1.ppc64le.rpm docker-compose-2.33.1-160000.4.1.s390x.rpm docker-compose-2.33.1-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-456 Security update for MozillaFirefox important SUSE SLFO 1.2 This update for MozillaFirefox fixes the following issues: Update to Firefox 140.9.0 ESR (MFSA 2026-22, bsc#1260083): - CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component - CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component - CVE-2026-4686: Incorrect boundary conditions in the Graphics: Canvas2D component - CVE-2026-4687: Sandbox escape due to incorrect boundary conditions in the Telemetry component - CVE-2026-4688: Sandbox escape due to use-after-free in the Disability Access APIs component - CVE-2026-4689: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component - CVE-2026-4690: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component - CVE-2026-4691: Use-after-free in the CSS Parsing and Computation component - CVE-2026-4692: Sandbox escape in the Responsive Design Mode component - CVE-2026-4693: Incorrect boundary conditions in the Audio/Video: Playback component - CVE-2026-4694: Incorrect boundary conditions, integer overflow in the Graphics component - CVE-2026-4695: Incorrect boundary conditions in the Audio/Video: Web Codecs component - CVE-2026-4696: Use-after-free in the Layout: Text and Fonts component - CVE-2026-4697: Incorrect boundary conditions in the Audio/Video: Web Codecs component - CVE-2026-4698: JIT miscompilation in the JavaScript Engine: JIT component - CVE-2026-4699: Incorrect boundary conditions in the Layout: Text and Fonts component - CVE-2026-4700: Mitigation bypass in the Networking: HTTP component - CVE-2026-4701: Use-after-free in the JavaScript Engine component - CVE-2026-4702: JIT miscompilation in the JavaScript Engine component - CVE-2026-4704: Denial-of-service in the WebRTC: Signaling component - CVE-2026-4705: Undefined behavior in the WebRTC: Signaling component - CVE-2026-4706: Incorrect boundary conditions in the Graphics: Canvas2D component - CVE-2026-4707: Incorrect boundary conditions in the Graphics: Canvas2D component - CVE-2026-4708: Incorrect boundary conditions in the Graphics component - CVE-2026-4709: Incorrect boundary conditions in the Audio/Video: GMP component - CVE-2026-4710: Incorrect boundary conditions in the Audio/Video component - CVE-2026-4711: Use-after-free in the Widget: Cocoa component - CVE-2026-4712: Information disclosure in the Widget: Cocoa component - CVE-2026-4713: Incorrect boundary conditions in the Graphics component - CVE-2026-4714: Incorrect boundary conditions in the Audio/Video component - CVE-2026-4715: Uninitialized memory in the Graphics: Canvas2D component - CVE-2026-4716: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component - CVE-2026-4717: Privilege escalation in the Netmonitor component - CVE-2025-59375: Denial-of-service in the XML component - CVE-2026-4718: Undefined behavior in the WebRTC: Signaling component - CVE-2026-4719: Incorrect boundary conditions in the Graphics: Text component - CVE-2026-4720: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 - CVE-2026-4721: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 MozillaFirefox-140.9.0-160000.1.1.aarch64.rpm MozillaFirefox-branding-upstream-140.9.0-160000.1.1.aarch64.rpm MozillaFirefox-devel-140.9.0-160000.1.1.noarch.rpm MozillaFirefox-translations-common-140.9.0-160000.1.1.aarch64.rpm MozillaFirefox-translations-other-140.9.0-160000.1.1.aarch64.rpm MozillaFirefox-140.9.0-160000.1.1.ppc64le.rpm MozillaFirefox-branding-upstream-140.9.0-160000.1.1.ppc64le.rpm MozillaFirefox-translations-common-140.9.0-160000.1.1.ppc64le.rpm MozillaFirefox-translations-other-140.9.0-160000.1.1.ppc64le.rpm MozillaFirefox-140.9.0-160000.1.1.s390x.rpm MozillaFirefox-branding-upstream-140.9.0-160000.1.1.s390x.rpm MozillaFirefox-translations-common-140.9.0-160000.1.1.s390x.rpm MozillaFirefox-translations-other-140.9.0-160000.1.1.s390x.rpm MozillaFirefox-140.9.0-160000.1.1.x86_64.rpm MozillaFirefox-branding-upstream-140.9.0-160000.1.1.x86_64.rpm MozillaFirefox-translations-common-140.9.0-160000.1.1.x86_64.rpm MozillaFirefox-translations-other-140.9.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-457 Recommended update for rage-encryption moderate SUSE SLFO 1.2 This update for rage-encryption fixes the following issues: Changes in rage-encryption: - adjust to deterministic translations to allow reproducible builds (boo#1244083) - build with fuse 3 (boo#1242079) rage-encryption-0.11.1+0-160000.3.1.aarch64.rpm rage-encryption-bash-completion-0.11.1+0-160000.3.1.noarch.rpm rage-encryption-fish-completion-0.11.1+0-160000.3.1.noarch.rpm rage-encryption-zsh-completion-0.11.1+0-160000.3.1.noarch.rpm rage-encryption-0.11.1+0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-458 Security update for GraphicsMagick important SUSE SLFO 1.2 This update for GraphicsMagick fixes the following issues: - CVE-2026-25799: Division-by-Zero in YUV sampling factor validation leads to crash (bsc#1258786). - CVE-2026-28690: missing bounds check in the MNG encoder can lead to a stack buffer overflow (bsc#1259456). - CVE-2026-30883: missing bounds check when encoding a PNG image can lead to a heap buffer over-write (bsc#1259467). GraphicsMagick-1.3.45-160000.3.1.aarch64.rpm GraphicsMagick-devel-1.3.45-160000.3.1.aarch64.rpm libGraphicsMagick++-Q16-12-1.3.45-160000.3.1.aarch64.rpm libGraphicsMagick++-devel-1.3.45-160000.3.1.aarch64.rpm libGraphicsMagick-Q16-3-1.3.45-160000.3.1.aarch64.rpm libGraphicsMagick3-config-1.3.45-160000.3.1.aarch64.rpm libGraphicsMagickWand-Q16-2-1.3.45-160000.3.1.aarch64.rpm perl-GraphicsMagick-1.3.45-160000.3.1.aarch64.rpm GraphicsMagick-1.3.45-160000.3.1.ppc64le.rpm GraphicsMagick-devel-1.3.45-160000.3.1.ppc64le.rpm libGraphicsMagick++-Q16-12-1.3.45-160000.3.1.ppc64le.rpm libGraphicsMagick++-devel-1.3.45-160000.3.1.ppc64le.rpm libGraphicsMagick-Q16-3-1.3.45-160000.3.1.ppc64le.rpm libGraphicsMagick3-config-1.3.45-160000.3.1.ppc64le.rpm libGraphicsMagickWand-Q16-2-1.3.45-160000.3.1.ppc64le.rpm perl-GraphicsMagick-1.3.45-160000.3.1.ppc64le.rpm GraphicsMagick-1.3.45-160000.3.1.s390x.rpm GraphicsMagick-devel-1.3.45-160000.3.1.s390x.rpm libGraphicsMagick++-Q16-12-1.3.45-160000.3.1.s390x.rpm libGraphicsMagick++-devel-1.3.45-160000.3.1.s390x.rpm libGraphicsMagick-Q16-3-1.3.45-160000.3.1.s390x.rpm libGraphicsMagick3-config-1.3.45-160000.3.1.s390x.rpm libGraphicsMagickWand-Q16-2-1.3.45-160000.3.1.s390x.rpm perl-GraphicsMagick-1.3.45-160000.3.1.s390x.rpm GraphicsMagick-1.3.45-160000.3.1.x86_64.rpm GraphicsMagick-devel-1.3.45-160000.3.1.x86_64.rpm libGraphicsMagick++-Q16-12-1.3.45-160000.3.1.x86_64.rpm libGraphicsMagick++-devel-1.3.45-160000.3.1.x86_64.rpm libGraphicsMagick-Q16-3-1.3.45-160000.3.1.x86_64.rpm libGraphicsMagick3-config-1.3.45-160000.3.1.x86_64.rpm libGraphicsMagickWand-Q16-2-1.3.45-160000.3.1.x86_64.rpm perl-GraphicsMagick-1.3.45-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-459 Recommended update for plexus-pom, plexus-io, plexus-interactivity, plexus-compiler, plexus-archiver, modello, maven-surefire, maven-resolver, junit5, byte-buddy, sisu, xmlgraphics-commons, xmlgraphics-fop, apache-commons-io, plexus-testing, maven-shade-plugin, jdependency, maven-filtering, maven-resources-plugin moderate SUSE SLFO 1.2 This update for plexus-pom, plexus-io, plexus-interactivity, plexus-compiler, plexus-archiver, modello, maven-surefire, maven-resolver, junit5, byte-buddy, sisu, xmlgraphics-commons, xmlgraphics-fop, apache-commons-io, plexus-testing, maven-shade-plugin, jdependency, maven-filtering, maven-resources-plugin fixes the following issues: Changes in plexus-pom: Upgrade to version 25 and 24 * New features and improvements + Configure njord publisher and releaseURL in pom + add Reproducible Central report Upgrade to version 23 and 22 * Breaking changes + Prepare for publishing via the Central Portal Upgrade to version 21 * New features and improvements + Add maven-dependency-plugin to pluginManagement + Align Spotless check/apply with Maven parent Upgrade to version 20 * New features and improvements + Enforce minimal Java version + Accept all line endings in spotless + Spotless plugin - format .md files + Apply formatting with spotless-plugin by default + Sync license header with ASF Upgrade to version 19 * Breaking changes + Remove org.apache.maven.plugin-tools:maven-plugin-annotations from dependencyManagement * New features and improvements + Use bestPractices for gpg plugin + Drop using passphrase for maven-gpg-plugin + Skip empty report for taglist-maven-plugin Upgrade to version 18 * New features and improvements + Skip empty surefire and pmd reports + Disable site descriptor publishing by child projects + Warning about usage of deprecated API by compiler + Maven compiler - disable annotation processing by default - Upgrade to version 17 * New features and improvements + Add default Specification and Implementation entries in jar manifest + Add maven-invoker-plugin to pluginManagement - Upgrade to version 16 * New features and improvements + Introduce minimalMavenBuildVersion property + Use default executor for m-release-p - Upgrade to version 15 * Bug Fixes + Update spotless plugin palantir dependency to 2.35.0 to work with Java 21 * Maintenance + Replace plexus-component-metadata plugin (deprecated) with Sisu Changes in plexus-io: Upgrade to version 3.6.0 * Maintenance + JUnit Jupiter best practices + Replace FileUtils.deleteDirectory(File) with JDK provided API + Close DeferredFileOutputStream to prevent FileNotFoundException on temp files + Handle IOException when retrieving file ownership on WSL2 network drives Changes in plexus-interactivity: Upgrade to version 1.5.1 * Maintenance + JUnit Jupiter best practices Changes in plexus-compiler: Upgrade to upstream release 2.16.2 * Bug Fixes + Fixed ConcurrentModificationException on compilerArguments Upgrade to upstream release 2.16.1 * Bug Fixes + Fix detecting java version for JDK 1.8 + #420: fix detection of java version when JAVA_TOOL_OPTIONS is set Upgrade to upstream release 2.16.0 * New features and improvements + Added 3 MSVC csharp compiler options + Bump ErrorProne to 2.37.0 - requires Java 17 * Bug Fixes + Fix Zip Slip vulnerability in JAR extraction + Fixed wrong excludes management * Maintenance + Replace FileUtils.deleteDirectory(File) with JDK provided API + chore: remove junit3 references + Update Java version checks to include JDK 25 + Include JDK 24 in CI + Apply spotless re-formatting + Create codeql.yml + Pass tests with Java 22 and 23 Changes in plexus-archiver: Upgrade to upstream version 4.11.0 * New features and improvements + Replace PlexusIoZipFileResourceCollection with PlexusArchiverZipFileResourceCollection for non-JAR formats * Bug Fixes + Revert "Utilize VT if possible + Fix AbstractZipUnArchiver handling of zip entries with unspecified modification time + Fix AbstractArchiver.getFiles() to return forward slashes for ZIP-based archivers + Reduce heap usage in Zip archiver to prevent OutOfMemoryError in CI builds * Maintenance + Convert to Markdown and compare to Commons Compress + JUnit Jupiter best practices + Replace FileUtils.deleteDirectory(File) with JDK provided API Changes in modello: Upgrade to upstream version 2.6.0 * New features and improvements + Fix XSD generator to respect required field attribute + Give access to XmlModelMetadata from velocity helper + Fix multiplicity=1 for simple type associations in Reader/Writer generators * Bug Fixes + Fix Root class name conflict in JDOM writer generator Changes in maven-surefire: Upgrade to 3.5.5 * New features and improvements + Replace runing external process and parsing output with simple ProcessHandle if available (Java9+) + Pass slf4j context to spawned thread + SUREFIRE-3239: allow override of statistics file checksum + Reduce log level for skipped tests result to info * Bug Fixes + Use PowerShell instead of WMIC for detecting zombie process on Windows. Please note if you are using Windows with Java 8 and not PowerShell you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4 + Properly work with test failures caused during beforeAll phase * Documentation updates + Clarify how late placeholder replacement (@{...}) deals with Changes in maven-resolver: Update to upstream version 1.9.27 * Bug Fixes + Sync TrackingFileManager with 2.x Update to upstream version 1.9.26 * New features and improvements + GH-1773: Treat 410 Gone as 404 Not Found + GH-1737: Revert partially parallel upload change * Bug Fixes + GH-1768; Drastically simplify auth caching + [1.9.x] Bug: GH-1703 Locally cached artifacts defy RRF * Documentation updates + Clarify that HTTP Transport uses Apache HTTP Client Changes in junit5: Update to upstream version 5.14.2 * Principal changes: + Introduce @ClassTemplate and @ParameterizedClass support in JUnit Jupiter + Access to ParameterInfo for JUnit Jupiter extensions + New @SentenceFragment annotation for use with IndicativeSentences display name generator + Add --redirect-stdout and --redirect-stderr options to ConsoleLauncher + Introduce test discovery support in EngineTestKit + Reporting of discovery issues for test engines + Resource management for launcher sessions and execution requests + GraalVM: removal of native-image.properties files from JARs + Bug fixes and other minor improvements + Deprecations along with new APIs to ease migration to JUnit 6 Changes in sisu: Upgrade to upstream release 1.0.0 * Changes + Get rid of ancient logback + Source formatting and license headers + Modernize codebase + Build with Java 25 + Remove "Incubation" from bundle names Changes in apache-commons-io: Upgrade to 2.21.0 * New features + FileUtils#byteCountToDisplaySize() supports Zettabyte, Yottabyte, Ronnabyte and Quettabyte + Add org.apache.commons.io.FileUtils.ONE_RB + Add org.apache.commons.io.FileUtils.ONE_QB + Add org.apache.commons.io.output.ProxyOutputStream .writeRepeat(byte[], int, int, long) + Add org.apache.commons.io.output.ProxyOutputStream .writeRepeat(byte[], long) + Add org.apache.commons.io.output.ProxyOutputStream .writeRepeat(int, long) + Add length unit support in FileSystem limits + Add IOUtils.toByteArray(InputStream, int, int) for safer chunked reading with size validation + Add org.apache.commons.io.file.PathUtils.getPath(String, String) + Add org.apache.commons.io.channels .ByteArraySeekableByteChannel + Add IOIterable.asIterable() + Add NIO channel support to 'AbstractStreamBuilder' + Add CloseShieldChannel to close-shielded NIO Channels + Added IOUtils.checkFromIndexSize as a Java 8 backport of Objects.checkFromIndexSize * Fixed Bugs + When testing on Java 21 and up, enable -XX:+EnableDynamicAgentLoading + When testing on Java 24 and up, don't fail FileUtilsListFilesTest for a different behavior in the JRE + ValidatingObjectInputStream does not validate dynamic proxy interfaces + BoundedInputStream.getRemaining() now reports Long.MAX_VALUE instead of 0 when no limit is set + BoundedInputStream.available() correctly accounts for the maximum read limit + Deprecate IOUtils.readFully(InputStream, int) in favor of toByteArray(InputStream, int) + IOUtils.toByteArray(InputStream) now throws IOException on byte array overflow + Javadoc general improvements + IOUtils.toByteArray() now throws EOFException when not enough data is available + Fix IOUtils.skip() usage in concurrent scenarios + [javadoc] Fix XmlStreamReader Javadoc to indicate the correct class that is built * Removed + Inline private constant field ProxyInputStream.exceptionHandler Upgrade to 2.20.0 * New features + Add org.apache.commons.io.file.CountingPathVisitor .accept(Path, BasicFileAttributes) + Add org.apache.commons.io.Charsets.isAlias(Charset, String) + Add org.apache.commons.io.Charsets.isUTF8(Charset) + Add org.apache.commons.io.Charsets.toCharsetDefault(String, Charset) + Add Tailer ignoreTouch option * Fixed Bugs + [javadoc] Rename parameter of ProxyOutputStream.write(int) + CopyDirectoryVisitor ignores fileFilter + org.apache.commons.io.build.AbstractOrigin.getReader(Charset) now maps a null Charset to the default Charset + org.apache.commons.io.build.AbstractOrigin .AbstractRandomAccessFileOrigin.getReader(Charset) now maps a null Charset to the default Charset + org.apache.commons.io.build.AbstractOrigin.ByeArrayOrigin .getReader(Charset) now maps a null Charset to the default Charset + org.apache.commons.io.build.AbstractOrigin.InputStreamOrigin .getReader(Charset) now maps a null Charset to the default Charset + org.apache.commons.io.build.AbstractOrigin.getWriter(Charset) now maps a null Charset to the default Charset + org.apache.commons.io.build.AbstractOrigin .AbstractRandomAccessFileOrigin.getWriter(Charset) now maps a null Charset to the default Charset + org.apache.commons.io.build.AbstractOrigin.OutputStreamOrigin .getWriter(Charset) now maps a null Charset to the default Charset + FileUtils.readLines(File, Charset) now maps a null Charset to the default Charset + Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream, org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 77] Another occurrence at WindowsLineEndingInputStream.java:[line 81] AT_STALE_THREAD_WRITE_OF_PRIMITIVE + Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 112] AT_STALE_THREAD_WRITE_OF_PRIMITIVE + Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 113] AT_STALE_THREAD_WRITE_OF_PRIMITIVE + Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 75] AT_STALE_THREAD_WRITE_OF_PRIMITIVE + Fix SpotBugs [ERROR] Medium: Shared primitive variable "atEos" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 120] AT_STALE_THREAD_WRITE_OF_PRIMITIVE + Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 124] AT_STALE_THREAD_WRITE_OF_PRIMITIVE + Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 125] AT_STALE_THREAD_WRITE_OF_PRIMITIVE + Fix SpotBugs [ERROR] Medium: Shared primitive variable "closed" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.ProxyInputStream] At ProxyInputStream.java:[line 233] AT_STALE_THREAD_WRITE_OF_PRIMITIVE + Fix SpotBugs [ERROR] Medium: Shared primitive variable "propagateClose" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.BoundedInputStream] At BoundedInputStream.java:[line 555] AT_STALE_THREAD_WRITE_OF_PRIMITIVE + QueueInputStream reads all but the first byte without waiting + Javadoc fixes and improvements + Avoid NPE in org.apache.commons.io.filefilter.WildcardFilter .accept(File) + FileUtils.forceDelete can delete a broken symlink again + Fix infinite loop in AbstractByteArrayOutputStream * Changes + Bump commons.bytebuddy.version from 1.17.5 to 1.17.6 + Bump org.apache.commons:commons-parent from 81 to 85 + Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 Upgrade to 2.19.0 * New features + Add ThrottledInputStream.Builder.setMaxBytes(long, ChronoUnit) + Add IOIterable + ReversedLinesFileReader implements IOIterable<String> + Add AbstractByteArrayOutputStream.write(CharSequence, Charset) + Add AbstractByteArrayOutputStream.write(byte[]) + Add RandomAccessFileOutputStream.getRandomAccessFile() + Add ProxyInputStream.setReference(InputStream), was package-private setIn(InputStream) + Add ProxyOutputStream.setReference(OutputStream) + Add RandomAccessFileInputStream.copy(long, long, OutputStream) + Add ProxyOutputStream.Builder + Add ByteOrderMark.matches(int[]) + Add BrokenOutputStream.BrokenOutputStream(Function<String>, Throwable>) and deprecate Supplier<String> constructor + Add IOBooleanSupplier + Add Uncheck.getAsBoolean(IOBooleanSupplier) + Add FileChannels.contentEquals(SeekableByteChannel, SeekableByteChannel, int) + Add FileChannels.contentEquals(ReadableByteChannel, ReadableByteChannel, int) + Add SimplePathVisitor.AbstractBuilder + Add CountingPathVisitor.AbstractBuilder and CountingPathVisitor.Builder + Add AccumulatorPathVisitor.Builder and builder() + Add PathUtils.contentEquals(FileSystem, FileSystem) * Fixed Bugs + Deprecate constructor Counters.Counters() to be private in 4.0 + Deprecate constructor Charsets.Charsets() to be private in 4.0 + Pick up maven-antrun-plugin version from parent POM org.apache:apache + Javadoc is missing its Overview page + Remove -nouses directive from maven-bundle-plugin. OSGi package imports now state 'uses' definitions for package imports, this doesn't affect JPMS (from org.apache.commons:commons-parent:80) + Deprecate DeferredFileOutputStream.getStream() in favor of getOutputStream() + Improve Javadoc for a BoundedInputStream builder() throwing IOException + Improve Javadoc for all implementations of AbstractOriginSupplier#get() + The Consumer to IOUtils.closeQuietly(Closeable, Consumer) now accepts Exception, not just IOException + The Consumer to IOUtils.close(Closeable, IOConsumer) now accepts wrapped Exception, not just IOException + Use Uncheck.getAsBoolean(IOBooleanSupplier) to avoid boxing and unboxing of boolean values + Avoid unnecessary boxing and unboxing of long values in FileUtils.sizeOf(File) + Avoid unnecessary boxing and unboxing of int values in UncheckedBufferedReader.read() + Avoid unnecessary boxing and unboxing of int values in UncheckedFilterInputStream.available() and read() + Avoid unnecessary boxing and unboxing of int values in UncheckedFilterReader.read() + FileChannels.contentEquals(FileChannel, FileChannel, int) can return false when comparing a non-blocking channel + Deprecate FileChannels.contentEquals(FileChannel, FileChannel, int) in favor of FileChannels .contentEquals(SeekableByteChannel, SeekableByteChannel, int) + Improve performance of IOUtils.contentEquals(InputStream, InputStream) by about 13% + PathUtils.copyFileToDirectory() across file systems + IOUtils.contentEquals is incorrect when InputStream.available under-reports + java.lang.ArithmeticException: long overflow java.lang.Math .addExact(Math.java:932) at org.apache.commons.io.file .attribute.FileTimes.ntfsTimeToFileTime(FileTimes.java:164). See also https://issues.apache.org/jira/browse/MDEP-978 + java.lang.ArithmeticException: long overflow java.lang.Math .addExact(Math.java:932) at org.apache.commons.io.file .attribute.FileTimes.ntfsTimeToDate(long) + FileTimes.toNtfsTime(*) methods can overflow result values + Fix Javadoc for ChunkedOutputStream.Builder + General Javadoc improvements + Calling QueueInputStream.QueueInputStream(null) maps to the same kind of default blocking queue as QueueInputStream.Builder.setBlockingQueue(null) + CopyDirectoryVisitor creates incorrect file names when copying between different file systems that use different file system separators ("/" versus "\"); fixes PathUtils.copyDirectory(Path, Path, CopyOption...) + ThreadUtils.sleep(Duration) should handle the underlying OS time changing Changes in maven-filtering: Upgrade to upstream version 3.5.0: * New features and improvements + Introduce ChangeDetection + Use Release Drafter from shared and improvements * Bug Fixes + Issue 289: filter file names one component at a time on 3.x branch Changes in maven-resource-plugins: Upgrade to version 3.5.0: * New features and improvements + Bug: use change detecton strategies * Maintenance + Add IT for Issue 444 + Migration to JUnit 5 - avoid using AbstractMojoTestCase + Cleanup deps plexus-pom-25-160000.1.1.noarch.rpm plexus-io-3.6.0-160000.1.1.noarch.rpm plexus-io-javadoc-3.6.0-160000.1.1.noarch.rpm plexus-interactivity-api-1.5.1-160000.1.1.noarch.rpm plexus-interactivity-javadoc-1.5.1-160000.1.1.noarch.rpm plexus-compiler-2.16.2-160000.1.1.noarch.rpm plexus-compiler-extras-2.16.2-160000.1.1.noarch.rpm plexus-compiler-javadoc-2.16.2-160000.1.1.noarch.rpm plexus-archiver-4.11.0-160000.1.1.noarch.rpm plexus-archiver-javadoc-4.11.0-160000.1.1.noarch.rpm modello-2.6.0-160000.1.1.noarch.rpm modello-javadoc-2.6.0-160000.1.1.noarch.rpm modello-test-2.6.0-160000.1.1.noarch.rpm modello-maven-plugin-2.6.0-160000.1.1.noarch.rpm modello-maven-plugin-javadoc-2.6.0-160000.1.1.noarch.rpm maven-failsafe-plugin-bootstrap-3.5.5-160000.1.1.noarch.rpm maven-surefire-3.5.5-160000.1.1.noarch.rpm maven-surefire-javadoc-3.5.5-160000.1.1.noarch.rpm maven-surefire-plugin-bootstrap-3.5.5-160000.1.1.noarch.rpm maven-surefire-provider-junit-3.5.5-160000.1.1.noarch.rpm maven-surefire-provider-testng-3.5.5-160000.1.1.noarch.rpm maven-surefire-report-parser-3.5.5-160000.1.1.noarch.rpm maven-surefire-report-plugin-bootstrap-3.5.5-160000.1.1.noarch.rpm maven-failsafe-plugin-3.5.5-160000.1.1.noarch.rpm maven-surefire-plugin-3.5.5-160000.1.1.noarch.rpm maven-surefire-plugins-javadoc-3.5.5-160000.1.1.noarch.rpm maven-surefire-report-plugin-3.5.5-160000.1.1.noarch.rpm maven-surefire-provider-junit5-3.5.5-160000.1.1.noarch.rpm maven-surefire-provider-junit5-javadoc-3.5.5-160000.1.1.noarch.rpm maven-resolver-1.9.27-160000.1.1.noarch.rpm maven-resolver-api-1.9.27-160000.1.1.noarch.rpm maven-resolver-connector-basic-1.9.27-160000.1.1.noarch.rpm maven-resolver-impl-1.9.27-160000.1.1.noarch.rpm maven-resolver-javadoc-1.9.27-160000.1.1.noarch.rpm maven-resolver-named-locks-1.9.27-160000.1.1.noarch.rpm maven-resolver-spi-1.9.27-160000.1.1.noarch.rpm maven-resolver-test-util-1.9.27-160000.1.1.noarch.rpm maven-resolver-transport-classpath-1.9.27-160000.1.1.noarch.rpm maven-resolver-transport-file-1.9.27-160000.1.1.noarch.rpm maven-resolver-transport-http-1.9.27-160000.1.1.noarch.rpm maven-resolver-transport-wagon-1.9.27-160000.1.1.noarch.rpm maven-resolver-util-1.9.27-160000.1.1.noarch.rpm maven-resolver-supplier-1.9.27-160000.1.1.noarch.rpm maven-resolver-supplier-javadoc-1.9.27-160000.1.1.noarch.rpm junit5-5.14.2-160000.1.1.noarch.rpm junit5-bom-5.14.2-160000.1.1.noarch.rpm junit5-javadoc-5.14.2-160000.1.1.noarch.rpm junit5-minimal-5.14.2-160000.1.1.noarch.rpm junit5-minimal-javadoc-5.14.2-160000.1.1.noarch.rpm byte-buddy-1.18.3-160000.2.1.noarch.rpm byte-buddy-agent-1.18.3-160000.2.1.noarch.rpm byte-buddy-javadoc-1.18.3-160000.2.1.noarch.rpm byte-buddy-maven-plugin-1.18.3-160000.2.1.noarch.rpm sisu-inject-1.0.0-160000.1.1.noarch.rpm sisu-javadoc-1.0.0-160000.1.1.noarch.rpm sisu-plexus-1.0.0-160000.1.1.noarch.rpm sisu-mojos-1.0.0-160000.1.1.noarch.rpm sisu-mojos-javadoc-1.0.0-160000.1.1.noarch.rpm sisu-inject-extender-1.0.0-160000.1.1.noarch.rpm sisu-plexus-extender-1.0.0-160000.1.1.noarch.rpm xmlgraphics-commons-2.10-160000.3.1.noarch.rpm xmlgraphics-commons-javadoc-2.10-160000.3.1.noarch.rpm xmlgraphics-fop-2.10-160000.3.1.noarch.rpm apache-commons-io-2.21.0-160000.1.1.noarch.rpm apache-commons-io-javadoc-2.21.0-160000.1.1.noarch.rpm maven-shade-plugin-3.6.2-160000.1.1.noarch.rpm maven-shade-plugin-javadoc-3.6.2-160000.1.1.noarch.rpm plexus-testing-2.1.0-160000.1.1.noarch.rpm plexus-testing-javadoc-2.1.0-160000.1.1.noarch.rpm jdependency-1.4-160000.1.1.noarch.rpm jdependency-javadoc-1.4-160000.1.1.noarch.rpm maven-filtering-3.5.0-160000.1.1.noarch.rpm maven-filtering-javadoc-3.5.0-160000.1.1.noarch.rpm maven-resources-plugin-3.5.0-160000.1.1.noarch.rpm maven-resources-plugin-javadoc-3.5.0-160000.1.1.noarch.rpm maven-resources-plugin-bootstrap-3.5.0-160000.1.1.noarch.rpm openSUSE-Leap-16.0-46 Security update for runc important SUSE SLFO 1.2 This update for runc fixes the following issues: - Update to runc v1.3.3: * CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1252232) runc-1.3.3-160000.1.1.aarch64.rpm runc-1.3.3-160000.1.1.ppc64le.rpm runc-1.3.3-160000.1.1.s390x.rpm runc-1.3.3-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-460 Recommended update for aliyun-cli moderate SUSE SLFO 1.2 This update for aliyun-cli fixes the following issues: Ships aliyun-cli in version 3.1.5. (jsc#PED-13767) aliyun-cli-3.1.5-160000.1.1.aarch64.rpm aliyun-cli-3.1.5-160000.1.1.ppc64le.rpm aliyun-cli-3.1.5-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-462 Security update for tomcat10 important SUSE SLFO 1.2 This update for tomcat10 fixes the following issues: Update to Tomcat 10.1.52: - CVE-2025-55752: directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753). - CVE-2025-55754: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat (bsc#1252905). - CVE-2025-61795: temporary copies during the processing of multipart upload can lead to a denial of service (bsc#1252756). - CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371). - CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385). - CVE-2026-24734: certificate revocation bypass due to incomplete OCSP verification checks (bsc#1258387). Changelog: + Fix: 69623: Additional fix for the long standing regression that meant that calls to ClassLoader.getResource().getContent() failed when made from within a web application with resource caching enabled if the target resource was packaged in a JAR file. (markt) + Fix: Pull request #923: Avoid adding multiple CSRF tokens to a URL in the CsrfPreventionFilter. (schultz) + Fix: 69918: Ensure request parameters are correctly parsed for HTTP/2 requests when the content-length header is not set. (dsoumis) + Update: Enable minimum and recommended Tomcat Native versions to be set separately for Tomcat Native 1.x and 2.x. Update the minimum and recommended versions for Tomcat Native 1.x to 1.3.4. Update the minimum and recommended versions for Tomcat Native 2.x to 2.0.12. (markt) + Add: Add a new ssoReauthenticationMode to the Tomcat provided Authenticators that provides a per Authenticator override of the SSO Valve requireReauthentication attribute. (markt) + Fix: Ensure URL encoding errors in the Rewrite Valve trigger an exception rather than silently using a replacement character. (markt) + Fix: 69932: Fix request end access log pattern regression, which would log the start time of the request instead. (remm) + Fix: 69871: Increase log level to INFO for missing configuration for the rewrite valve. (remm) + Fix: Add log warnings for additional Host appBase suspicious values. (remm) + Fix: Remove hard dependency on tomcat-jni.jar for catalina.jar. org.apache.catalina.Connector no longer requires org.apache.tomcat.jni.AprStatus to be present. (markt) + Add: Add the ability to use a custom function to generate the client identifier in the CrawlerSessionManagerValve. This is only available programmatically. Pull request #902 by Brian Matzon. (markt) + Fix: Change the SSO reauthentication behaviour for SPNEGO authentication so that a normal SPNEGO authentication is performed if the SSL Valve is configured with reauthentication enabled. This is so that the delegated credentials will be available to the web application. (markt) + Fix: When generating the class path in the Loader, re-order the check on individual class path components to avoid a potential NullPointerException. Identified by Coverity Scan. (markt) + Fix: Fix SSL socket factory configuration in the JNDI realm. Based on pull request #915 by Joshua Rogers. (remm) + Update: Add an attribute, digestInRfc3112Order, to MessageDigestCredentialHandler to control the order in which the credential and salt are digested. By default, the current, non-RFC 3112 compliant, order of salt then credential will be used. This default will change in Tomcat 12 to the RFC 3112 compliant order of credential then salt. (markt) + Fix: Log warnings when the SSO configuration does not comply with the documentation. (remm) + Update: Deprecate the RemoteAddrFilter and RemoteAddrValve in favour of the RemoteCIDRFilter and RemoteCIDRValve. (markt) + Fix: 69837: Fix corruption of the class path generated by the Loader when running on Windows. (markt) + Fix: Reject requests that map to invalid Windows file names earlier. (markt) + Fix: 69839: Ensure that changes to session IDs (typically after authentication) are promulgated to the SSO Valve to ensure that SSO entries are fully clean-up on session expiration. Patch provided by Kim Johan Andersson. (markt) + Fix: Fix a race condition in the creation of the storage location for the FileStore. (markt) * Cluster + Add: 62814: Document that human-readable names may be used for mapSendOptions and align documentation with channelSendOptions. Based on pull request #929 by archan0621. (markt) * Clustering + Fix: Correct a regression introduced in 10.1.45 that broke some clustering configurations. (markt) * Coyote + Fix: 69936: Fix bug in previous fix for Tomcat Native crashes on shutdown that triggered a significant memory leak. Patch provided by Wes. (markt) + Fix: Avoid possible NPEs when using a TLS enabled custom connector. (remm) + Fix: Improve warnings when setting ciphers lists in the FFM code, mirroring the tomcat-native changes. (remm) + Fix: 69910: Dereference TLS objects right after closing a socket to improve memory efficiency. (remm) + Fix: Relax the JSSE vs OpenSSL configuration style checks on SSLHostConfig to reflect the existing implementation that allows one configuration style to be used for the trust attributes and a different style for all the other attributes. (markt) + Fix: Better warning message when OpenSSLConf configuration elements are used with a JSSE TLS implementation. (markt) + Fix: When using OpenSSL via FFM, don't log a warning about missing CA certificates unless CA certificates were configured and the configuration failed. (markt) + Add: For configuration consistency between OpenSSL and JSSE TLS implementations, TLSv1.3 cipher suites included in the ciphers attribute of an SSLHostConfig are now always ignored (previously they would be ignored with OpenSSL implementations and used with JSSE implementations) and a warning is logged that the cipher suite has been ignored. (markt) + Add: Add the ciphersuite attribute to SSLHostConfig to configure the TLSv1.3 cipher suites. (markt) + Add: Add OCSP support to JSSE based TLS connectors and make the use of OCSP configurable per connector for both JSSE and OpenSSL based TLS implementations. Align the checks performed by OpenSSL with those performed by JSSE. (markt) + Add: Add support for soft failure of OCSP checks with soft failure support disabled by default. (markt) + Add: Add support for configuring the verification flags passed to OCSP_basic_verify when using an OpenSSL based TLS implementation. (markt) + Fix: Fix OpenSSL FFM code compatibility with LibreSSL versions below 3.5. + Fix: Prevent concurrent release of OpenSSLEngine resources and the termination of the Tomcat Native library as it can cause crashes during Tomcat shutdown. (markt) + Fix: Don't log an incorrect certificate KeyStore location when creating a TLS connector if the KeyStore instance has been set directly on the connector. (markt) + Fix: HTTP/0.9 only allows GET as the HTTP method. (remm) + Add: Add strictSni attribute on the Connector to allow matching the SSLHostConfig configuration associated with the SNI host name to the SSLHostConfig configuration matched from the HTTP protocol host name. Non matching configurations will cause the request to be rejected. The attribute default value is true, enabling the matching. (remm) + Fix: Graceful failure for OCSP on BoringSSL in the FFM code. (remm) + Fix: Fix use of deferAccept attribute in JMX, since it is normally only removed in Tomcat 11. (remm) + Fix: 69866: Fix a memory leak when using a trust store with the OpenSSL provider. Pull request #912 by aogburn. (markt) + Fix: Fix potential crash on shutdown when a Connector depends on the Tomcat Native library. (markt) + Fix: Fix AJP message length check. Pull request #916 by Joshua Rogers. + Fix: 69848: Fix copy/paste errors in 10.1.47 that meant DELETE requests received via the AJP connector were processed as OPTIONS requests and PROPFIND requests were processed as TRACE. (markt) + Fix: Various OCSP processing issues in the OpenSSL FFM code. (dsoumis) * General + Add: Add test.silent property to suppress JUnit console output during test execution. Useful for cleaner console output when running tests with multiple threads. (csutherl) * Jasper + Fix: 69333: Correct a regression in the previous fix for 69333 and ensure that reuse() or release() is always called for a tag. (markt) + Fix: 69877: Catch IllegalArgumentException when processing URIs when creating the classpath to handle invalid URIs. (remm) + Fix: Fix populating the classpath with the webapp classloader repositories. (remm) + Fix: 69862: Avoid NPE unwrapping Servlet exception which would hide some exception details. Patch submitted by Eric Blanquer. (remm) * Jdbc-pool + Fix: 64083: If the underlying connection has been closed, don't add it to the pool when it is returned. Pull request #235 by Alex Panchenko. (markt) * Web applications + Fix: Manager: Fix abrupt truncation of the HTML and JSON complete server status output if one or more of the web applications failed to start. (schultz) + Add: Manager: Include web application state in the HTML and JSON complete server status output. (markt) + Add: Documentation: Expand the documentation to better explain when OCSP is supported and when it is not. (markt) * Websocket + Fix: 69920: When attempting to write to a closed Writer or OutputStream obtained from a WebSocket session, throw an IOException rather than an IllegalStateExcpetion as required by Writer and strongly suggested by OutputStream. (markt) + Fix: 69845: When using permessage-deflate with Java 25 onwards, handle the underlying Inflater and/or Deflater throwing IllegalStateException when closed rather than NullPointerException as they do in Java 24 and earlier. * Other + Update: Update the internal fork of Commons Pool to 2.13.1. (markt) + Update: Update the internal fork of Commons DBCP to 2.14.0. (markt) + Update: Update Commons Daemon to 1.5.1. (markt) + Update: Update ByteBuddy to 1.18.3. (markt) + Update: Update UnboundID to 7.0.4. (markt) + Update: Update Checkstyle to 12.3.1. (markt) + Add: Improvements to French translations. (markt) + Add: Improvements to Japanese translations provided by tak7iji. (markt) + Add: Improvements to Chinese translations provided by Yang. vincent.h and yong hu. (markt) + Update: Update Tomcat Native to 2.0.12. (markt) + Add: Add property "gpg.sign.files" to optionally disable release artefact signing with GPG. (rjung) + Add: Add test profile system for selective test execution. Profiles can be specified via -Dtest.profile=<name> to run specific test subsets without using patterns directly. Profile patterns are defined in test-profiles.properties. (csutherl) + Update: Update file extension to media type mappings to align with the current list used by the Apache Web Server (httpd). (markt) + Update: Update the packaged version of the Tomcat Migration Tool for Jakarta EE to 1.0.10. (markt) + Update: Update Commons Daemon to 1.5.0. (markt) + Update: Update Byte Buddy to 1.18.2. (markt) + Update: Update Checkstyle to 12.2.0. (markt) + Add: Improvements to Spanish translations provided by White Vogel. (markt) + Add: Improvements to French translations. (remm) + Update: Update the internal fork of Apache Commons BCEL to 6.11.0. (markt) + Update: Update to Byte Buddy 1.17.8. (markt) + Update: Update to Checkstyle 12.1.1. (markt) + Update: Update to Jacoco 0.8.14. (markt) + Update: Update to SpotBugs 4.9.8. (markt) + Update: Update to JSign 7.4. (markt) + Update: Update Maven Resolver Ant Tasks to 1.6.0. (rjung) Update to Tomcat 10.1.48: + Update: Deprecate the RemoteAddrFilter and RemoteAddValve in favour of the RemoteCIDRFilter and RemoteCIDRValve. (markt) + Fix: HTTP methods are case-sensitive so always use case sensitive comparisons when comparing HTTP methods. (markt) + Fix: 69814: Ensure that HttpSession.isNew() returns false once the client has joined the session. (markt) + Fix: Further performance improvements for ParameterMap. (jengebr/markt) + Code: Refactor access log time stamps to be based on the Instant request processing starts. (markt) + Fix: Fix a case-sensitivity issue in the trailer header allow list. + Fix: Be proactive in cleaning up temporary files after a failed multi-part upload rather than waiting for GC to do it. (markt) + Update: Change the digest used to calculate strong ETags (if enabled) for the default Servlet from SHA-1 to SHA-256 to align with the recommendation in RFC 9110 that hash functions used to generate strong ETags should be collision resistant. (markt) + Fix: Correct a regression in the fix for 69781 that broke FileStore. + Code: Remove a number of unnecessary packages from the catalina-deployer.jar. (markt) + Fix: 69781: Fix concurrent access issues in the session FileStore implementation that were causing lost sessions when the store was used with the PersistentValve. Based on pull request #882 by Aaron Ogburn. + Fix: Fix handling of QSA and QSD flags in RewriteValve. (markt) + Fix: Prevent the channel configuration (sender, receiver, membership service) from being changed unless the channel is fully stopped. (markt) + Fix: Handle spurious wake-ups during leader election for NonBlockingCoordinator. (markt) + Fix: Handle spurious wake-ups during sending of messages by RpcChannel. + Update: Add specific certificate selection code for TLS 1.3 supporting post quantum cryptography. Certificates defined with type MLDSA will be selected depending on the TLS client hello. (remm) + Update: Add groups attribute on SSLHostConfig allowing to restrict which groups can be enabled on the SSL engine. (remm) + Add: Optimize the conversion of HTTP method from byte form to String form. + Fix: Store HTTP request headers using the original case for the header name rather than forcing it to lower case. (markt) + Update: Add hybrid PQC support to OpenSSL, based on code from mod_ssl. Using this OpenSSL specific code path, additional PQC certificates defined with type MLDSA are added to contexts which use classic certificates. (jfclere/remm) + Fix: Ensure keys are handed out to OpenSSL even if PEMFile fails to process it, with appropriate logging. (remm) + Fix: Add new ML-DSA key algorithm to PEMFile and improve reporting when reading a key fails. (remm) + Fix: Fix possible early timeouts for network operations caused by a spurious wake-up of a waiting thread. Found by Coverity Scan. (markt) + Fix: Documentation. Clarify the purpose of the maxPostSize attribute of the Connector element. (markt) + Fix: Avoid NPE in manager webapp displaying certificate information. + Update: Update Byte Buddy to 1.17.7. (markt) + Update: Update Checkstyle to 11.1.0. (markt) + Update: Update SpotBugs to 4.9.6. (markt) + Update: Update Jsign to 7.2. (markt) + Add: Improvements to Russian translations provided by usmazat. (markt) + Update: Minor refactoring in JULI loggers. Patch provided by minjund. + Code: Review logging and include the full stack trace and exception message by default rather then just the exception message when logging an error or warning in response to an exception. (markt) + Add: Add escaping to log formatters to align with JSON formatter. (markt) + Update: Update Checkstyle to 11.0.0. (markt) tomcat10-10.1.52-160000.1.1.noarch.rpm tomcat10-admin-webapps-10.1.52-160000.1.1.noarch.rpm tomcat10-doc-10.1.52-160000.1.1.noarch.rpm tomcat10-docs-webapp-10.1.52-160000.1.1.noarch.rpm tomcat10-el-5_0-api-10.1.52-160000.1.1.noarch.rpm tomcat10-embed-10.1.52-160000.1.1.noarch.rpm tomcat10-jsp-3_1-api-10.1.52-160000.1.1.noarch.rpm tomcat10-jsvc-10.1.52-160000.1.1.noarch.rpm tomcat10-lib-10.1.52-160000.1.1.noarch.rpm tomcat10-servlet-6_0-api-10.1.52-160000.1.1.noarch.rpm tomcat10-webapps-10.1.52-160000.1.1.noarch.rpm openSUSE-Leap-16.0-463 Recommended update for nm-configurator moderate SUSE SLFO 1.2 This update for nm-configurator fixes the following issues: Changes in nm-configurator: Update to version 0.3.4: * Bump crate version (#189) * Ensure runtime connection dir exists before recreation (#188) * Bump clap from 4.5.46 to 4.5.47 (#186) * Bump log from 0.4.27 to 0.4.28 (#187) * Bump nmstate from 2.2.49 to 2.2.50 (#184) * Bump clap from 4.5.45 to 4.5.46 (#185) * Bump clap from 4.5.43 to 4.5.45 (#183) * Bump anyhow from 1.0.98 to 1.0.99 (#182) * Bump actions/checkout from 4 to 5 (#181) * Bump network-interface from 2.0.2 to 2.0.3 (#179) nm-configurator-0.3.4-160000.1.1.aarch64.rpm nm-configurator-0.3.4-160000.1.1.ppc64le.rpm nm-configurator-0.3.4-160000.1.1.s390x.rpm nm-configurator-0.3.4-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-464 Security update for gnutls moderate SUSE SLFO 1.2 This update for gnutls fixes the following issues: - CVE-2025-14831: Fixed DoS via excessive resource consumption during certificate verification. (bsc#1257960) - CVE-2025-9820: Fixed a buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) - Add the functionality to allow to specify the hash algorithm for the PSK. This fixes a bug in the current implementation where the binder is always calculated with SHA256. (bsc#1258083, jsc#PED-15752, jsc#PED-15753) gnutls-3.8.10-160000.2.1.aarch64.rpm libgnutls-devel-3.8.10-160000.2.1.aarch64.rpm libgnutls-devel-doc-3.8.10-160000.2.1.noarch.rpm libgnutls30-3.8.10-160000.2.1.aarch64.rpm libgnutlsxx-devel-3.8.10-160000.2.1.aarch64.rpm libgnutlsxx30-3.8.10-160000.2.1.aarch64.rpm gnutls-3.8.10-160000.2.1.ppc64le.rpm libgnutls-devel-3.8.10-160000.2.1.ppc64le.rpm libgnutls30-3.8.10-160000.2.1.ppc64le.rpm libgnutlsxx-devel-3.8.10-160000.2.1.ppc64le.rpm libgnutlsxx30-3.8.10-160000.2.1.ppc64le.rpm gnutls-3.8.10-160000.2.1.s390x.rpm libgnutls-devel-3.8.10-160000.2.1.s390x.rpm libgnutls30-3.8.10-160000.2.1.s390x.rpm libgnutlsxx-devel-3.8.10-160000.2.1.s390x.rpm libgnutlsxx30-3.8.10-160000.2.1.s390x.rpm gnutls-3.8.10-160000.2.1.x86_64.rpm libgnutls-devel-3.8.10-160000.2.1.x86_64.rpm libgnutls30-3.8.10-160000.2.1.x86_64.rpm libgnutlsxx-devel-3.8.10-160000.2.1.x86_64.rpm libgnutlsxx30-3.8.10-160000.2.1.x86_64.rpm openSUSE-Leap-16.0-465 Security update for postgresql16 important SUSE SLFO 1.2 This update for postgresql16 fixes the following issues: - Update to versio 16.13. (bsc#1258754) - CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector (bsc#1258008) - CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data types. (bsc#1258009) - CVE-2026-2005: Fix buffer overrun in contrib/pgcrypto's PGP decryption functions. (bsc#1258010) - CVE-2026-2006: Fix inadequate validation of multibyte character lengths. (bsc#1258011) postgresql16-16.13-160000.1.1.aarch64.rpm postgresql16-contrib-16.13-160000.1.1.aarch64.rpm postgresql16-devel-16.13-160000.1.1.aarch64.rpm postgresql16-docs-16.13-160000.1.1.noarch.rpm postgresql16-llvmjit-16.13-160000.1.1.aarch64.rpm postgresql16-llvmjit-devel-16.13-160000.1.1.aarch64.rpm postgresql16-plperl-16.13-160000.1.1.aarch64.rpm postgresql16-plpython-16.13-160000.1.1.aarch64.rpm postgresql16-pltcl-16.13-160000.1.1.aarch64.rpm postgresql16-server-16.13-160000.1.1.aarch64.rpm postgresql16-server-devel-16.13-160000.1.1.aarch64.rpm postgresql16-test-16.13-160000.1.1.aarch64.rpm postgresql16-16.13-160000.1.1.ppc64le.rpm postgresql16-contrib-16.13-160000.1.1.ppc64le.rpm postgresql16-devel-16.13-160000.1.1.ppc64le.rpm postgresql16-llvmjit-16.13-160000.1.1.ppc64le.rpm postgresql16-llvmjit-devel-16.13-160000.1.1.ppc64le.rpm postgresql16-plperl-16.13-160000.1.1.ppc64le.rpm postgresql16-plpython-16.13-160000.1.1.ppc64le.rpm postgresql16-pltcl-16.13-160000.1.1.ppc64le.rpm postgresql16-server-16.13-160000.1.1.ppc64le.rpm postgresql16-server-devel-16.13-160000.1.1.ppc64le.rpm postgresql16-test-16.13-160000.1.1.ppc64le.rpm postgresql16-16.13-160000.1.1.s390x.rpm postgresql16-contrib-16.13-160000.1.1.s390x.rpm postgresql16-devel-16.13-160000.1.1.s390x.rpm postgresql16-llvmjit-16.13-160000.1.1.s390x.rpm postgresql16-llvmjit-devel-16.13-160000.1.1.s390x.rpm postgresql16-plperl-16.13-160000.1.1.s390x.rpm postgresql16-plpython-16.13-160000.1.1.s390x.rpm postgresql16-pltcl-16.13-160000.1.1.s390x.rpm postgresql16-server-16.13-160000.1.1.s390x.rpm postgresql16-server-devel-16.13-160000.1.1.s390x.rpm postgresql16-test-16.13-160000.1.1.s390x.rpm postgresql16-16.13-160000.1.1.x86_64.rpm postgresql16-contrib-16.13-160000.1.1.x86_64.rpm postgresql16-devel-16.13-160000.1.1.x86_64.rpm postgresql16-llvmjit-16.13-160000.1.1.x86_64.rpm postgresql16-llvmjit-devel-16.13-160000.1.1.x86_64.rpm postgresql16-plperl-16.13-160000.1.1.x86_64.rpm postgresql16-plpython-16.13-160000.1.1.x86_64.rpm postgresql16-pltcl-16.13-160000.1.1.x86_64.rpm postgresql16-server-16.13-160000.1.1.x86_64.rpm postgresql16-server-devel-16.13-160000.1.1.x86_64.rpm postgresql16-test-16.13-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-466 Security update for expat important SUSE SLFO 1.2 This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726). - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711). - CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729). expat-2.7.1-160000.5.1.aarch64.rpm libexpat-devel-2.7.1-160000.5.1.aarch64.rpm libexpat1-2.7.1-160000.5.1.aarch64.rpm expat-2.7.1-160000.5.1.ppc64le.rpm libexpat-devel-2.7.1-160000.5.1.ppc64le.rpm libexpat1-2.7.1-160000.5.1.ppc64le.rpm expat-2.7.1-160000.5.1.s390x.rpm libexpat-devel-2.7.1-160000.5.1.s390x.rpm libexpat1-2.7.1-160000.5.1.s390x.rpm expat-2.7.1-160000.5.1.x86_64.rpm libexpat-devel-2.7.1-160000.5.1.x86_64.rpm libexpat1-2.7.1-160000.5.1.x86_64.rpm openSUSE-Leap-16.0-467 Security update for postgresql13 important SUSE SLFO 1.2 This update for postgresql13 fixes the following issues: Security fixes: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts (bsc#1253332) - CVE-2025-12818: Fixed several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer (bsc#1253333) Other fixes: - Update to 13.23 * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/13.23 postgresql13-13.23-160000.1.1.aarch64.rpm postgresql13-contrib-13.23-160000.1.1.aarch64.rpm postgresql13-devel-13.23-160000.1.1.aarch64.rpm postgresql13-docs-13.23-160000.1.1.noarch.rpm postgresql13-llvmjit-13.23-160000.1.1.aarch64.rpm postgresql13-llvmjit-devel-13.23-160000.1.1.aarch64.rpm postgresql13-plperl-13.23-160000.1.1.aarch64.rpm postgresql13-plpython-13.23-160000.1.1.aarch64.rpm postgresql13-pltcl-13.23-160000.1.1.aarch64.rpm postgresql13-server-13.23-160000.1.1.aarch64.rpm postgresql13-server-devel-13.23-160000.1.1.aarch64.rpm postgresql13-test-13.23-160000.1.1.aarch64.rpm postgresql13-13.23-160000.1.1.ppc64le.rpm postgresql13-contrib-13.23-160000.1.1.ppc64le.rpm postgresql13-devel-13.23-160000.1.1.ppc64le.rpm postgresql13-llvmjit-13.23-160000.1.1.ppc64le.rpm postgresql13-llvmjit-devel-13.23-160000.1.1.ppc64le.rpm postgresql13-plperl-13.23-160000.1.1.ppc64le.rpm postgresql13-plpython-13.23-160000.1.1.ppc64le.rpm postgresql13-pltcl-13.23-160000.1.1.ppc64le.rpm postgresql13-server-13.23-160000.1.1.ppc64le.rpm postgresql13-server-devel-13.23-160000.1.1.ppc64le.rpm postgresql13-test-13.23-160000.1.1.ppc64le.rpm postgresql13-13.23-160000.1.1.s390x.rpm postgresql13-contrib-13.23-160000.1.1.s390x.rpm postgresql13-devel-13.23-160000.1.1.s390x.rpm postgresql13-llvmjit-13.23-160000.1.1.s390x.rpm postgresql13-llvmjit-devel-13.23-160000.1.1.s390x.rpm postgresql13-plperl-13.23-160000.1.1.s390x.rpm postgresql13-plpython-13.23-160000.1.1.s390x.rpm postgresql13-pltcl-13.23-160000.1.1.s390x.rpm postgresql13-server-13.23-160000.1.1.s390x.rpm postgresql13-server-devel-13.23-160000.1.1.s390x.rpm postgresql13-test-13.23-160000.1.1.s390x.rpm postgresql13-13.23-160000.1.1.x86_64.rpm postgresql13-contrib-13.23-160000.1.1.x86_64.rpm postgresql13-devel-13.23-160000.1.1.x86_64.rpm postgresql13-llvmjit-13.23-160000.1.1.x86_64.rpm postgresql13-llvmjit-devel-13.23-160000.1.1.x86_64.rpm postgresql13-plperl-13.23-160000.1.1.x86_64.rpm postgresql13-plpython-13.23-160000.1.1.x86_64.rpm postgresql13-pltcl-13.23-160000.1.1.x86_64.rpm postgresql13-server-13.23-160000.1.1.x86_64.rpm postgresql13-server-devel-13.23-160000.1.1.x86_64.rpm postgresql13-test-13.23-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-468 Recommended update for kernel-firmware-amdgpu moderate SUSE SLFO 1.2 This update for kernel-firmware-amdgpu fixes the following issues: Update to version 20251203 (git commit a0f0e52138e5): * Revert "amdgpu: update GC 11.5.0 firmware" Update to version 20251201 (git commit 934bfe7e1e27): * Reapply "amdgpu: update SMU 14.0.3 firmware" * Revert "amdgpu: update SMU 14.0.3 firmware" * Revert "amdgpu: update GC 10.3.6 firmware" * Revert "amdgpu: update GC 11.5.1 firmware" Update to version 20251125 (git commit 23568a4b9420): * Revert "amdgpu: update GC 11.0.1 firmware" Update to version 20251121 (git commit ff6418d18552): * amdgpu: DMCUB updates for various ASICs Update to version 20251119 (git commit fe13aa9b9830): * amdgpu: update vega20 firmware * amdgpu: update vega12 firmware * amdgpu: update vega10 firmware * amdgpu: update vangogh firmware * amdgpu: update renoir firmware * amdgpu: update yellow carp firmware * amdgpu: update VCN 3.1.2 firmware * amdgpu: update PSP 13.0.5 firmware * amdgpu: update GC 10.3.6 firmware * amdgpu: update VCN 5.0.0 firmware * amdgpu: update SMU 14.0.3 firmware * amdgpu: update PSP 14.0.3 firmware * amdgpu: update GC 12.0.1 firmware * amdgpu: update SMU 14.0.2 firmware * amdgpu: update PSP 14.0.2 firmware * amdgpu: update GC 12.0.0 firmware * amdgpu: update VCN 4.0.4 firmware * amdgpu: update smu 13.0.7 firmware * amdgpu: update PSP 13.0.7 firmware * amdgpu: update GC 11.0.2 firmware * amdgpu: update SMU 13.0.10 firmware * amdgpu: update SDMA 6.0.3 firmware * amdgpu: update PSP 13.0.10 firmware * amdgpu: update GC 11.0.3 firmware * amdgpu: update smu 13.0.0 kicker firmware * amdgpu: update PSP 13.0.0 kicker firmware * amdgpu: update VCN 4.0.0 firmware * amdgpu: update SMU 13.0.0 firmware * amdgpu: update PSP 13.0.0 firmware * amdgpu: update GC 11.0.0 firmware * amdgpu: update navy flounder firmware * amdgpu: update sienna cichlid firmware * amdgpu: update navi14 firmware * amdgpu: update navi12 firmware * amdgpu: update navi10 firmware * amdgpu: update VCN 5.0.1 firmware * amdgpu: update PSP 13.0.12 firmware * amdgpu: update GC 9.5.0 firmware * amdgpu: update PSP 13.0.14 firmware * amdgpu: update GC 9.4.4 firmware * amdgpu: update PSP 14.0.5 firmware * amdgpu: update GC 11.5.3 firmware * amdgpu: update PSP 14.0.4 firmware * amdgpu: update GC 11.5.2 firmware * amdgpu: update green sardine firmware * amdgpu: update VCN 4.0.3 firmware * amdgpu: update SDMA 4.4.2 firmware * amdgpu: update PSP 13.0.6 firmware * amdgpu: update GC 9.4.3 firmware * amdgpu: update VCN 4.0.6 firmware * amdgpu: update PSP 14.0.1 firmware * amdgpu: update GC 11.5.1 firmware * amdgpu: update PSP 13.0.11 firmware * amdgpu: update GC 11.0.4 firmware * amdgpu: update VCN 4.0.5 firmware * amdgpu: update PSP 14.0.0 firmware * amdgpu: update GC 11.5.0 firmware * amdgpu: update VCN 4.0.2 firmware * amdgpu: update PSP 13.0.4 firmware * amdgpu: update GC 11.0.1 firmware * amdgpu: update beige goby firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update aldebaran firmware * amdgpu: add vce1 firmware Update to version 20251107 (git commit b918d0b3cb97): * amdgpu: DMCUB updates for various ASICs Update to version 20251031 (git commit 04b323bb64f9): * amdgpu: DMCUB updates for various ASICs Update to version 20251024 (git commit 9b899c779b8a): * amdgpu: DMCUB updates for various ASICs * amdgpu: DMCUB updates for various ASICs Update to version 20251004 (git commit 757854f42d83): * amdgpu: DMCUB updates for various ASICs * Update VCN for Navi1x, Green Sardine and Renoir Update to version 20250926 (git commit fad361e997ee): * amdgpu: DMCUB updates for various ASICs * Revert "amdgpu: update gc 10.3.6 firmware" Update to version 20250919 (git commit 493de17dee99): * amdgpu: DMCUB updates for various ASICs Update to version 20250916 (git commit add225168d0d): * amdgpu: update PSP 14.0.3 kicker firmware * amdgpu: update vega20 firmware * amdgpu: update vega12 firmware * amdgpu: update vega10 firmware * amdgpu: update vangogh firmware * amdgpu: update VCN 4.0.6 firmware * amdgpu: update PSP 14.0.1 firmware * amdgpu: update GC 11.5.1 firmware * amdgpu: update VCN 4.0.5 firmware * amdgpu: update VPE 6.1.0 firmware * amdgpu: update PSP 14.0.0 firmware * amdgpu: update GC 11.5.0 firmware * amdgpu: update renoir firmware * amdgpu: update yellow carp firmware * amdgpu: update VCN 3.1.2 firmware * amdgpu: update PSP 13.0.5 firmware * amdgpu: update GC 10.3.6 firmware * amdgpu: update PSP 13.0.11 firmware * amdgpu: update GC 11.0.4 firmware * amdgpu: update VCN 4.0.2 firmware * amdgpu: update PSP 13.0.4 firmware * amdgpu: update GC 11.0.1 firmware * amdgpu: update VCN 5.0.0 firmware * amdgpu: update PSP 14.0.3 firmware * amdgpu: update GC 12.0.1 firmware * amdgpu: update SMU 14.0.2 firmware * amdgpu: update PSP 14.0.2 firmware * amdgpu: update GC 12.0.0 firmware * amdgpu: update VCN 4.0.4 firmware * amdgpu: update PSP 13.0.7 firmware * amdgpu: update GC 11.0.2 firmware * amdgpu: update SMU 13.0.10 firmware * amdgpu: update PSP 13.0.10 firmware * amdgpu: update GC 11.0.3 firmware * amdgpu: update SMU 13.0.0 kicker firmware * amdgpu: update PSP 13.0.0 kicker firmware * amdgpu: update VCN 4.0.0 firmware * amdgpu: update SDMA 6.0.0 firmware * amdgpu: update SMU 13.0.0 firmware * amdgpu: update PSP 13.0.0 firmware * amdgpu: update GC 11.0.0 firmware * amdgpu: update beige goby firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update navy flounder firmware * amdgpu: update sienna cichlid firmware * amdgpu: update navi14 firmware * amdgpu: update navi12 firmware * amdgpu: update navi10 firmware * amdgpu: update VCN 5.0.1 firmware * amdgpu: update PSP 13.0.12 firmware * amdgpu: update GC 9.5.0 firmware * amdgpu: update PSP 13.0.14 firmware * amdgpu: update GC 9.4.4 firmware * amdgpu: update SDMA 6.1.3 firmware * amdgpu: update PSP 14.0.5 firmware * amdgpu: update GC 11.5.3 firmware * amdgpu: update VPE 6.1.3 firmware * amdgpu: update PSP 14.0.4 firmware * amdgpu: update GC 11.5.2 firmware * amdgpu: update green sardine firmware * amdgpu: update VCN 4.0.3 firmware * amdgpu: update PSP 13.0.6 firmware * amdgpu: update GC 9.4.3 firmware Update to version 20250912 (git commit 46730bc6b999): * amdgpu: DMCUB updates for various ASICs Update to version 20250825 (git commit f044bc789f8e): * amdgpu: Update ISP FW for isp v4.1.1 * amdgpu: DMCUB updates for various ASICs Update to version 20250815 (git commit 07ed893df57c): * amdgpu: DMCUB updates for various ASICs Update to version 20250811 (git commit 08ee93ff8ffa): * amdgpu: DMCUB updates for various ASICs Update to version 20250808 (git commit 8f1ce114de6c): * amdgpu: update renoir firmware * amdgpu: add SMU 14.0.3 kicker firmware * amdgpu: add PSP 14.0.3 firmware * amdgpu: add GC 12.0.1 kicker firmware * amdgpu: update navy flounder firmware * amdgpu: update SDMA 6.1.2 firmware * amdgpu: update PSP 14.0.4 firmware * amdgpu: update GC 11.5.2 firmware * amdgpu: update yellow carp firmware * amdgpu: update VCN 5.0.0 firmware * amdgpu: update SDMA 7.0.1 firmware * amdgpu: update PSP 14.0.3 firmware * amdgpu: update GC 12.0.1 firmware * amdgpu: update sienna cichlid firmware * amdgpu: update vega20 firmware * amdgpu: update SDMA 7.0.0 firmware * amdgpu: update PSP 14.0.2 firmware * amdgpu: update GC 12.0.0 firmware * amdgpu: update vega12 firmware * amdgpu: update vega10 firmware * amdgpu: update VCN 3.1.2 firmware * amdgpu: update PSP 13.0.5 firmware * amdgpu: update GC 10.3.6 firmware * amdgpu: update VCN 4.0.4 firmware * amdgpu: update SDMA 6.0.2 firmware * amdgpu: update PSP 13.0.7 firmware * amdgpu: update GC 11.0.2 firmware * amdgpu: update navi14 firmware * amdgpu: update SDMA 6.0.3 firmware * amdgpu: update PSP 13.0.10 firmware * amdgpu: update GC 11.0.3 firmware * amdgpu: update navi12 firmware * amdgpu: update vangogh firmware * amdgpu: update navi10 firmware * amdgpu: update PSP 13.0.0 kicker firmware * amdgpu: update VCN 5.0.1 firmware * amdgpu: update PSP 13.0.12 firmware * amdgpu: update GC 9.5.0 firmware * amdgpu: update VCN 4.0.0 firmware * amdgpu: update SDMA 6.0.0 firmware * amdgpu: update GC 11.0.0 firmware * amdgpu: update PSP 13.0.14 firmware * amdgpu: update PSP 13.0.6 firmware * amdgpu: update GC 9.4.3 firmware * amdgpu: update vpe 6.1.1 firmware * amdgpu: update VCN 4.0.6 firmware * amdgpu: update SDMA 6.1.1 firmware * amdgpu: update PSP 14.0.1 firmware * amdgpu: update GC 11.5.1 firmware * amdgpu: update PSP 13.0.11 firmware * amdgpu: update GC 11.0.4 firmware * amdgpu: update beige goby firmware * amdgpu: update PSP 13.0.8 firmware * amdgpu: update GC 10.3.7 firmware * amdgpu: update VCN 4.0.5 firmware * amdgpu: update PSP 14.0.0 firmware * amdgpu: update GC 11.5.0 firmware * amdgpu: update VCN 4.0.2 firmware * amdgpu: update SDMA 6.0.1 firmware * amdgpu: update PSP 13.0.4 firmware * amdgpu: update GC 11.0.1 firmware * amdgpu: update dimgrey_cavefish firmware * amdgpu: update aldebaran firmware Update to version 20250805 (git commit b6b0b15278c7): * amdgpu: Update GCN 4.0.5 microcode * amdgpu: Update SDMA 6.1.0 microcode * amdgpu: Update GC 11.5.0 microcode Update to version 20250725 (git commit 4bb152fb4405): * amdgpu: update dmcub fw for dcn314 kernel-firmware-amdgpu-20251203-160000.1.1.noarch.rpm openSUSE-Leap-16.0-469 Security update for gnome-online-accounts, gvfs important SUSE SLFO 1.2 This update for gnome-online-accounts, gvfs fixes the following issues: Changes for gvfs: Update gvfs to 1.59.90: - CVE-2026-28295: information disclosure when processing untrusted PASV responses from FTP servers (bsc#1258953). - CVE-2026-28296: arbitrary FTP command injection due to unsanitized CRLF sequences in user supplied file paths (bsc#1258954). Changelog: Update to version 1.59.90: + client: Fix use-after-free when creating async proxy failed + udisks2: Emit changed signals from update_all() + daemon: Fix race on subscribers list when on thread + ftp: Validate fe_size when parsing symlink target + ftp: Check localtime() return value before use + gphoto2: Use g_try_realloc() instead of g_realloc() + cdda: Reject path traversal in mount URI host + client: Fail when URI has invalid UTF-8 chars + udisks2: Fix memory corruption with duplicate mount paths + build: Update GOA dependency to > 3.57.0 + Some other fixes + ftp: Use control connection address for PASV data. + ftp: Reject paths containing CR/LF characters Update to version 1.59.1: + mtp: replace Android extension checks with capability checks + dav: Add X-OC-Mtime header on push to preserve last modified time + udisks2: Use hash tables in the volume monitor to improve performance + onedrive: Check for identity instead of presentation identity + build: Disable google option and mark as deprecated Update to version 1.58.2: + ftp: Use control connection address for PASV data + ftp: Reject paths containing CR/LF characters Update to version 1.58.1: + cdda: Fix duration of last track for some media + build: Fix build when google option is disabled + Fix various memory leaks + Updated translations. Update to version 1.58.0: + mtp: Allow cancelling ongoing folder enumerations + wsdd: Use socket-activated service if available + onedrive: Set emblem for remote data + fix: Add file rename support in MTP backend move operation + mtp: Fix -Wmaybe-uninitialized warning in pad_file + fuse: use fuse_(un)set_feature_flag for libfuse 3.17+ + smbbrowse: Purge server cache for next auth try + metatree: Open files with O_CLOEXEC + cdda: Fix incorrect track duration for 99-track CDs + metadata: Fix journal file permissions inconsistency + dav: recognize 308 Permanent Redirect Changes for gnome-online-accounts: Update to version 3.58.0: + SMTP server without password cannot be configured + Remove unneeded SMTP password escaping + build: Disable google provider Files feature + MS365: Fix mail address and name + Google: Set mail name to presentation identity + Updated translations. Update to version 3.57.1: + Default Microsoft 365 client is unverified + Microsoft 365: Make use of email for id + goadaemon: Allow manage system notifications + goamsgraphprovider: bump credentials generation + goaprovider: Allow to disable, instead of enable, selected providers Changes from version 3.57.0: + Support for saving a Kerberos password to the keychain after the first login + changing expired kerberos password is not supported. + Provided Files URI does not override undiscovered endpoint + DAV client rejects 204 status in OPTIONS request handler + Include emblem-default-symbolic.svg + Connecting a Runbox CardDAV/CalDAV account hangs/freezes after sign in + i81n: fix translatable string + goaimapsmptprovider: fix accounts without SMTP or authentication-less SMTP + build: only install icons for the goabackend build + build: don't require goabackend to build documentation + ci: test the build without gtk4 + DAV-client: Added short path for SOGo Update to version 3.56.4: + Bugs fixed: - Unclear which part of "IMAP+SMTP" account test failed - Adding nextcloud account which has a subfolder does not work - goadaemon: Handle broken account configs Update to version 3.56.3: - Add DAV detection and configuration for SOGo - DAV discovery fails when certain SRV lookups fail Update to version 3.56.1: - Support for saving a Kerberos password after the first login - Changing expired kerberos password is not supported - Provided Files URI does not override undiscovered endpoint - DAV client rejects 204 status in OPTIONS request handler Update to version 3.56.0: + Code style and logging cleanups + Updated translations Update to version 3.55.2: + goaoauth2provider: improve error handling for auth/token endpoints Update to version 3.55.1: - Support Webflow authentication for Nextcloud - Rename dconf key in gnome-online-accounts settings - "Account Name" GUI field is a bit ambiguous - Failed to generate a new POT file for the user interface of "gnome-online-accounts" (domain: "po") and some missing files from POTFILES.in Update to version 3.55.0: - Add progress spinner for OAuth2 dialogs - Remove Windows Live! option - Improve goa_oauth2_provider_ensure_credentials_sync - Authentication failure in goa IMAP accounts - Missing files from POTFILES.in - WebDAV not detected for mail.ru - goaoauth2provider: fix task chaining for subclasses - Always lowercase domains when looking up base - goadavclient: check Nextcloud fallback last - goabackend: add a composite widget for authflow links - goadavclient: fix the mailbox.org preconfig Update to version 3.54.5: - Adding GOA account fails with sonic.net IMAP service - Cannot add a ProtonMail bridge with IMAP + TLS - Nextcloud login does not work anymore due to OPTIONS /login request - Linked online accounts no longer work - Invalid URI when adding Google account - goamsgraphprovider: ensure a valid PresentationIdentity - goadaemon: complete GTasks to avoid a scary debug warning gnome-online-accounts-3.58.0-160000.1.1.aarch64.rpm gnome-online-accounts-devel-3.58.0-160000.1.1.aarch64.rpm gnome-online-accounts-lang-3.58.0-160000.1.1.noarch.rpm libgoa-1_0-0-3.58.0-160000.1.1.aarch64.rpm libgoa-backend-1_0-2-3.58.0-160000.1.1.aarch64.rpm typelib-1_0-Goa-1_0-3.58.0-160000.1.1.aarch64.rpm gvfs-1.59.90-160000.1.1.aarch64.rpm gvfs-backend-afc-1.59.90-160000.1.1.aarch64.rpm gvfs-backend-goa-1.59.90-160000.1.1.aarch64.rpm gvfs-backend-gphoto-1.59.90-160000.1.1.aarch64.rpm gvfs-backend-samba-1.59.90-160000.1.1.aarch64.rpm gvfs-backends-1.59.90-160000.1.1.aarch64.rpm gvfs-fuse-1.59.90-160000.1.1.aarch64.rpm gvfs-lang-1.59.90-160000.1.1.noarch.rpm gnome-online-accounts-3.58.0-160000.1.1.ppc64le.rpm gnome-online-accounts-devel-3.58.0-160000.1.1.ppc64le.rpm libgoa-1_0-0-3.58.0-160000.1.1.ppc64le.rpm libgoa-backend-1_0-2-3.58.0-160000.1.1.ppc64le.rpm typelib-1_0-Goa-1_0-3.58.0-160000.1.1.ppc64le.rpm gvfs-1.59.90-160000.1.1.ppc64le.rpm gvfs-backend-afc-1.59.90-160000.1.1.ppc64le.rpm gvfs-backend-goa-1.59.90-160000.1.1.ppc64le.rpm gvfs-backend-gphoto-1.59.90-160000.1.1.ppc64le.rpm gvfs-backend-samba-1.59.90-160000.1.1.ppc64le.rpm gvfs-backends-1.59.90-160000.1.1.ppc64le.rpm gvfs-fuse-1.59.90-160000.1.1.ppc64le.rpm gnome-online-accounts-3.58.0-160000.1.1.s390x.rpm gnome-online-accounts-devel-3.58.0-160000.1.1.s390x.rpm libgoa-1_0-0-3.58.0-160000.1.1.s390x.rpm libgoa-backend-1_0-2-3.58.0-160000.1.1.s390x.rpm typelib-1_0-Goa-1_0-3.58.0-160000.1.1.s390x.rpm gvfs-1.59.90-160000.1.1.s390x.rpm gvfs-backend-afc-1.59.90-160000.1.1.s390x.rpm gvfs-backend-goa-1.59.90-160000.1.1.s390x.rpm gvfs-backend-gphoto-1.59.90-160000.1.1.s390x.rpm gvfs-backend-samba-1.59.90-160000.1.1.s390x.rpm gvfs-backends-1.59.90-160000.1.1.s390x.rpm gvfs-fuse-1.59.90-160000.1.1.s390x.rpm gnome-online-accounts-3.58.0-160000.1.1.x86_64.rpm gnome-online-accounts-devel-3.58.0-160000.1.1.x86_64.rpm libgoa-1_0-0-3.58.0-160000.1.1.x86_64.rpm libgoa-backend-1_0-2-3.58.0-160000.1.1.x86_64.rpm typelib-1_0-Goa-1_0-3.58.0-160000.1.1.x86_64.rpm gvfs-1.59.90-160000.1.1.x86_64.rpm gvfs-backend-afc-1.59.90-160000.1.1.x86_64.rpm gvfs-backend-goa-1.59.90-160000.1.1.x86_64.rpm gvfs-backend-gphoto-1.59.90-160000.1.1.x86_64.rpm gvfs-backend-samba-1.59.90-160000.1.1.x86_64.rpm gvfs-backends-1.59.90-160000.1.1.x86_64.rpm gvfs-fuse-1.59.90-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-47 Security update for alloy moderate SUSE SLFO 1.2 This update for alloy fixes the following issues: - CVE-2025-58058: Removed dependency on vulnerable github.com/ulikunitz/xz (bsc#1248960). - CVE-2025-11065: Fixed sensitive information leak in logs (bsc#1250621). alloy-1.11.3-160000.1.1.aarch64.rpm alloy-1.11.3-160000.1.1.ppc64le.rpm alloy-1.11.3-160000.1.1.s390x.rpm alloy-1.11.3-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-470 Security update for kea important SUSE SLFO 1.2 This update for kea fixes the following issues: Update to 3.0.3: - CVE-2025-11232: invalid characters cause assert (bsc#1252863). - CVE-2026-3608: stack overflow via maliciously crafted message (bsc#1260380). Changelog: * A large number of bracket pairs in a JSON payload directed to any endpoint would result in a stack overflow, due to recursive calls when parsing the JSON. This has been fixed. (CVE-2026-3608) [bsc#1260380] * When a hostname or FQDN received from a client is reduced to an empty string by hostname sanitizing, kea-dhcp4 and kea-dhcp6 will now drop the option. (CVE-2025-11232) [bsc#1252863] * A null dereference is now no longer possible when configuring the Control Agent with a socket that lacks the mandatory socket-name entry. * UNIX sockets are now created as group-writable. * Removed logging an error in ping check hook library if using lease cache treshold. * Fixed deadlock in ping-check hooks library. * Fixed a data race in ping-check hooks library. kea-3.0.3-160000.1.1.aarch64.rpm kea-devel-3.0.3-160000.1.1.aarch64.rpm kea-doc-3.0.3-160000.1.1.noarch.rpm kea-hooks-3.0.3-160000.1.1.aarch64.rpm libkea-asiodns62-3.0.3-160000.1.1.aarch64.rpm libkea-asiolink88-3.0.3-160000.1.1.aarch64.rpm libkea-cc83-3.0.3-160000.1.1.aarch64.rpm libkea-cfgrpt3-3.0.3-160000.1.1.aarch64.rpm libkea-config84-3.0.3-160000.1.1.aarch64.rpm libkea-cryptolink64-3.0.3-160000.1.1.aarch64.rpm libkea-d2srv63-3.0.3-160000.1.1.aarch64.rpm libkea-database76-3.0.3-160000.1.1.aarch64.rpm libkea-dhcp109-3.0.3-160000.1.1.aarch64.rpm libkea-dhcp_ddns68-3.0.3-160000.1.1.aarch64.rpm libkea-dhcpsrv131-3.0.3-160000.1.1.aarch64.rpm libkea-dns71-3.0.3-160000.1.1.aarch64.rpm libkea-eval84-3.0.3-160000.1.1.aarch64.rpm libkea-exceptions45-3.0.3-160000.1.1.aarch64.rpm libkea-hooks121-3.0.3-160000.1.1.aarch64.rpm libkea-http87-3.0.3-160000.1.1.aarch64.rpm libkea-log-interprocess3-3.0.3-160000.1.1.aarch64.rpm libkea-log75-3.0.3-160000.1.1.aarch64.rpm libkea-mysql88-3.0.3-160000.1.1.aarch64.rpm libkea-pgsql88-3.0.3-160000.1.1.aarch64.rpm libkea-process91-3.0.3-160000.1.1.aarch64.rpm libkea-stats53-3.0.3-160000.1.1.aarch64.rpm libkea-tcp33-3.0.3-160000.1.1.aarch64.rpm libkea-util-io12-3.0.3-160000.1.1.aarch64.rpm libkea-util102-3.0.3-160000.1.1.aarch64.rpm python3-kea-3.0.3-160000.1.1.aarch64.rpm kea-3.0.3-160000.1.1.ppc64le.rpm kea-devel-3.0.3-160000.1.1.ppc64le.rpm kea-hooks-3.0.3-160000.1.1.ppc64le.rpm libkea-asiodns62-3.0.3-160000.1.1.ppc64le.rpm libkea-asiolink88-3.0.3-160000.1.1.ppc64le.rpm libkea-cc83-3.0.3-160000.1.1.ppc64le.rpm libkea-cfgrpt3-3.0.3-160000.1.1.ppc64le.rpm libkea-config84-3.0.3-160000.1.1.ppc64le.rpm libkea-cryptolink64-3.0.3-160000.1.1.ppc64le.rpm libkea-d2srv63-3.0.3-160000.1.1.ppc64le.rpm libkea-database76-3.0.3-160000.1.1.ppc64le.rpm libkea-dhcp109-3.0.3-160000.1.1.ppc64le.rpm libkea-dhcp_ddns68-3.0.3-160000.1.1.ppc64le.rpm libkea-dhcpsrv131-3.0.3-160000.1.1.ppc64le.rpm libkea-dns71-3.0.3-160000.1.1.ppc64le.rpm libkea-eval84-3.0.3-160000.1.1.ppc64le.rpm libkea-exceptions45-3.0.3-160000.1.1.ppc64le.rpm libkea-hooks121-3.0.3-160000.1.1.ppc64le.rpm libkea-http87-3.0.3-160000.1.1.ppc64le.rpm libkea-log-interprocess3-3.0.3-160000.1.1.ppc64le.rpm libkea-log75-3.0.3-160000.1.1.ppc64le.rpm libkea-mysql88-3.0.3-160000.1.1.ppc64le.rpm libkea-pgsql88-3.0.3-160000.1.1.ppc64le.rpm libkea-process91-3.0.3-160000.1.1.ppc64le.rpm libkea-stats53-3.0.3-160000.1.1.ppc64le.rpm libkea-tcp33-3.0.3-160000.1.1.ppc64le.rpm libkea-util-io12-3.0.3-160000.1.1.ppc64le.rpm libkea-util102-3.0.3-160000.1.1.ppc64le.rpm python3-kea-3.0.3-160000.1.1.ppc64le.rpm kea-3.0.3-160000.1.1.s390x.rpm kea-devel-3.0.3-160000.1.1.s390x.rpm kea-hooks-3.0.3-160000.1.1.s390x.rpm libkea-asiodns62-3.0.3-160000.1.1.s390x.rpm libkea-asiolink88-3.0.3-160000.1.1.s390x.rpm libkea-cc83-3.0.3-160000.1.1.s390x.rpm libkea-cfgrpt3-3.0.3-160000.1.1.s390x.rpm libkea-config84-3.0.3-160000.1.1.s390x.rpm libkea-cryptolink64-3.0.3-160000.1.1.s390x.rpm libkea-d2srv63-3.0.3-160000.1.1.s390x.rpm libkea-database76-3.0.3-160000.1.1.s390x.rpm libkea-dhcp109-3.0.3-160000.1.1.s390x.rpm libkea-dhcp_ddns68-3.0.3-160000.1.1.s390x.rpm libkea-dhcpsrv131-3.0.3-160000.1.1.s390x.rpm libkea-dns71-3.0.3-160000.1.1.s390x.rpm libkea-eval84-3.0.3-160000.1.1.s390x.rpm libkea-exceptions45-3.0.3-160000.1.1.s390x.rpm libkea-hooks121-3.0.3-160000.1.1.s390x.rpm libkea-http87-3.0.3-160000.1.1.s390x.rpm libkea-log-interprocess3-3.0.3-160000.1.1.s390x.rpm libkea-log75-3.0.3-160000.1.1.s390x.rpm libkea-mysql88-3.0.3-160000.1.1.s390x.rpm libkea-pgsql88-3.0.3-160000.1.1.s390x.rpm libkea-process91-3.0.3-160000.1.1.s390x.rpm libkea-stats53-3.0.3-160000.1.1.s390x.rpm libkea-tcp33-3.0.3-160000.1.1.s390x.rpm libkea-util-io12-3.0.3-160000.1.1.s390x.rpm libkea-util102-3.0.3-160000.1.1.s390x.rpm python3-kea-3.0.3-160000.1.1.s390x.rpm kea-3.0.3-160000.1.1.x86_64.rpm kea-devel-3.0.3-160000.1.1.x86_64.rpm kea-hooks-3.0.3-160000.1.1.x86_64.rpm libkea-asiodns62-3.0.3-160000.1.1.x86_64.rpm libkea-asiolink88-3.0.3-160000.1.1.x86_64.rpm libkea-cc83-3.0.3-160000.1.1.x86_64.rpm libkea-cfgrpt3-3.0.3-160000.1.1.x86_64.rpm libkea-config84-3.0.3-160000.1.1.x86_64.rpm libkea-cryptolink64-3.0.3-160000.1.1.x86_64.rpm libkea-d2srv63-3.0.3-160000.1.1.x86_64.rpm libkea-database76-3.0.3-160000.1.1.x86_64.rpm libkea-dhcp109-3.0.3-160000.1.1.x86_64.rpm libkea-dhcp_ddns68-3.0.3-160000.1.1.x86_64.rpm libkea-dhcpsrv131-3.0.3-160000.1.1.x86_64.rpm libkea-dns71-3.0.3-160000.1.1.x86_64.rpm libkea-eval84-3.0.3-160000.1.1.x86_64.rpm libkea-exceptions45-3.0.3-160000.1.1.x86_64.rpm libkea-hooks121-3.0.3-160000.1.1.x86_64.rpm libkea-http87-3.0.3-160000.1.1.x86_64.rpm libkea-log-interprocess3-3.0.3-160000.1.1.x86_64.rpm libkea-log75-3.0.3-160000.1.1.x86_64.rpm libkea-mysql88-3.0.3-160000.1.1.x86_64.rpm libkea-pgsql88-3.0.3-160000.1.1.x86_64.rpm libkea-process91-3.0.3-160000.1.1.x86_64.rpm libkea-stats53-3.0.3-160000.1.1.x86_64.rpm libkea-tcp33-3.0.3-160000.1.1.x86_64.rpm libkea-util-io12-3.0.3-160000.1.1.x86_64.rpm libkea-util102-3.0.3-160000.1.1.x86_64.rpm python3-kea-3.0.3-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-471 Feature update for himmelblau important SUSE SLFO 1.2 This update for himmelblau fixes the following issues: Update to himmelblau 2.3.8 (jsc#PED-14511): Security issues: - CVE-2025-54882: world readable cloud TGT token (bsc#1247735). - CVE-2025-58160: tracing-subscriber: Tracing log pollution (bsc#1249013). - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257904). - CVE-2026-31979: race condition when accessiung /tmp/krb5cc_<uid> (bsc#1259548). Non security issues: - Fix SELinux module packaging to use standard policy macros (bsc#1258236). Changelog: Version 2.3.8: * Add PrivateTmp back to Tasks Daemon * Drop dead code * Drop krb5 ccache dir code * Add a TODO comment * Drop non working packaged krb5 snippet file * Write kerberos config snippet * Extend resolver interface to return kerberos config together with TGTs * Backport SELinux fixes from main * Use libkrimes to store TGTs Version 2.3.7: * cargo vet * Fix AWS-LC has PKCS7_verify Certificate Chain Validation Bypass * Revert dependency change which broke the nightly build * gen_dockerfiles: only himmelblaud has tpm feature, fix all others * fix(build): gen_dockerfiles.py mutates shared features list mid-loop Version 2.3.5: * Better handle Intune API version * Update make vet from main branch * pam_himmelblau: call split_username once in chauthtok * pam_himmelblau: return PAM_IGNORE in chauthtok for local users * Don't attempt a DAG when Hello fails with SSPR demand Version 2.3.4: * deps(rust): bump the all-cargo-updates group across 1 directory with 8 updates * Revert sketching update (which breaks SLE16 build) Version 2.3.3: * /var/cache/private/himmelblaud should not be created tmpfiles * Updatee python vers for dataclasses dep * deps(rust): bump the all-cargo-updates group across 1 directory with 3 updates * Generate pin init service file systemd < 250 * Checkin missing himmelblaud.if file for SELinux * Resolve typos in selinux package commands Version 2.3.2: * Compile SELinux policy at install time for cross-distro compatibility * Improve PAM configuration on openSUSE/SLE * Fix SELinux policy * Add a git hook to ensure selinux policy is tested * Ignore generated himmelblau-hsm-pin-init service file * Refactor SELinux policy for cross-distro compatibility * Fix NSS lookup for mapped local users * Skip OS version compliance checks when min/max values are empty Version 2.3.1: * Remove references to qrcodegen (these are 3.x features) * QR Greeter compatibility for old GNOME * Enable QR greeter automatically * ci: Use latest cargo-vet from git to fix CI * Fix HSM pin migration failure on Debian/Ubuntu upgrades from v1.4.x Version 2.3.0: * Autostart the daemons on fresh install or upgrade * Restart sshd when installing the ssh config * Allow tasks daemon to write krb ccache * Do not enumerate mapped users in NSS * Update libhimmelblau to latest version * Fix Tumbleweed build Version 2.2.0: * Update libhimmelblau to 0.8.x series * deps(rust): bump the all-cargo-updates group with 17 updates * Only use OpenSSH bug workaround for ssh service * Fix debug noise from removing user from sudo group * systemd: install files to /usr/lib/, not /etc/ Version 2.1.0: * Fix nightly authselect build failure * Generate the authselect profiles for each distro * Improve pam config handling in aad-tool * Make `aad-tool configure-pam` detect location of pam files Version 2.0.5: * /var/lib/private/himmelblaud should be owned by root * Use tmpfiles.d to create himmelblaud private data directory * deps(rust): bump the all-cargo-updates group with 13 updates Version 2.0.4: * Update kanidm_build_profiles mask version * Utilize cargo vet from main * Add policies cache patch via systemd-tmpfiles * Fix man page comments about change idmap_range * Stub picky-krb for osc build * Stub a kanidm_build_profiles which builds in osc * Ensure nss cache is created on Ubuntu/Debian * Request a user token if NSS hasn't been called Version 2.0.3: * Add nss cache patch via systemd-tmpfiles Version 2.0.2: * Recommend `patch` with the pam package * Fix passwordless FIDO authentication not being used when available * Git workflow updates for stable-2.x * Only warn on Intune failure Version 2.0.1: * Force o365 desktop files to always rebuild * Always rebuild the o365 apps * Add restart on-failure to systemd services * Clarify `domain` SHOULD match login domain * Remove warning about `domain` himmelblau.conf opt * Pseudo eliminate multi-tenant and domains section * Revert "Fix Hello PIN lookup when an alias domain" * Comment out `KbdInteractiveAuthentication on` in sshd conf * Check the nxset sooner, to avoid unwanted errors * Recommend oddjob_mkhomedir with authselect * Pin libhimmelblau to 0.7.x * Deprecate Fedora 41 * deps(rust): bump the all-cargo-updates group with 11 updates * Bump github/codeql-action from 4.30.8 to 4.31.2 * Bump cachix/install-nix-action from 31.8.1 to 31.8.2 * Bump actions/upload-artifact from 4.6.2 to 5.0.0 * cargo clippy and rebase fix * fixup! add extra debug output to NotFound error code * force error output to show up in CI logs * wrap repeated sources of IdpError::NotFound in helper functions * add extra debug output to NotFound error code * use direnv for loading the nix devshell * We should still encourage mapping by name * Add support for Fedora 43 * Provide a offline 'breakglass' mode * cargo clippy * Add warning about incorrect nsswitch configuration * Distinguish between online and offline token fail * Ensure user token uses original name * Fix alias domain in auth result causing failure * Resolve cargo clippy warnings * Only map on cn name for the primary domain * Install systemd in build scripts for gen service * Fix systemd version parsing * Update libhimmelblau to 0.7.19 * Resolve SELinux build failures in nightly (part 2) * Rocky container image updates were failing * Warn instead of error when no idmap_range specified * deps(rust): bump the all-cargo-updates group across 1 directory with 7 updates * Trim whitespace from local group names * Fix borrowing error * Fix reference to local_sudo_group in condition * Only run sudo_groups if local_groups does not contain local_sudo_group * Leave SELinux in permissive mode for Himmelblau * Resolve SELinux build failures in nightly * nix: add join_type option to nixos-module settings * Build host configuration changes * Ensure that hsm_pin isn't present decrypted * Document Soft HSM changes to TPM bound * Disable SELinux by default on NixOS * sh doesn't have `source` * Encrypt hsm-pin using systemd-creds * Recommend uuid id mapping * Improve himmelblau.conf man page formatting * Implement Local User Mapping * Add o365 dependency for jq * Add selinux rules for gdm login * Narrow the scope of selinux policy with audit2allow * Generate the systemd service files * Fix selinux build for SLE16 * Resolve SLE16 build dependency failure * Fix the rawhide build * Mask the sshkey-attest package * Bump cachix/install-nix-action from 31.7.0 to 31.8.1 * cargo vet dependency updates * deps(rust): bump the all-cargo-updates group across 1 directory with 13 updates * Bump actions/dependency-review-action from 4.8.0 to 4.8.1 * Bump cachix/install-nix-action from 31.7.0 to 31.8.0 * Bump github/codeql-action from 3.30.5 to 4.30.8 * Bump ossf/scorecard-action from 2.4.2 to 2.4.3 * SELinux improvements * Fix a typo in package gen scripts * cargo fmt * Permit NSS response for mapped primary fake group * Fix Nix Error With Fuzz * Decrease CI fuzzer setup time * Document join types * Support for Entra registered devices * Run `cargo test` in a container * Bump cachix/install-nix-action from 31.6.2 to 31.7.0 * deps(rust): bump the all-cargo-updates group across 1 directory with 2 updates * Bump github/codeql-action from 3.30.4 to 3.30.5 * Use pastey crate instead of unmaintained paste * Pin unmaintained serde_cbor dep to serde_cbor_2 * Resolve tower-http `cargo audit` warning * Replace unmaintained fxhash with own version * Resolve warning about workflow top level write permissions * Remove dependabot automerge * Resolve division by 0 in idmap code * [StepSecurity] ci: Harden GitHub Actions * Only idmap against initialized domains * Resolve invalid init of idmap with same domain * Add fuzzing of idmap code * Add basic fuzzing of the config options * Resolve error found by fuzzing * cargo vet prune * deps(rust): bump regex in the all-cargo-updates group * Bump actions/dependency-review-action from 4.7.3 to 4.8.0 * Bump actions/checkout from 3.6.0 to 5.0.0 * Bump cachix/cachix-action from 14 to 16 * Bump ossf/scorecard-action from 2.4.0 to 2.4.2 * Bump cachix/install-nix-action from 25 to 31 * Add the OpenSSF Best Practices badge * Add scorecard badge * [StepSecurity] Apply security best practices * Fix group static mapping * Move aad-tool idmap cache clear to the idmap cmd * Resolve errant "Hello key missing." messages * Update flake.nix * Slow the dependabot update frequency * Audit dependabot updates * deps(rust): bump the all-cargo-updates group across 1 directory with 11 updates * feat: Add support for aarch64 on Debian-based distributions * Resolve possible invalid pointer dereferences * Avoid revealing account ids in debug log * Cause doc links to open in the correct apps * Permit opening multiple instances of Word/Excel * Modify systray and app close behavior * Don't use questionably licensed icons for o365 * Resolve NixOS CI failure * Fix building w/out deprecated interactive feature * Update himmelblau.conf.5 sudo_groups example * Entra group based sudo access * Audited the cargo updates * deps(rust): bump the all-cargo-updates group with 6 updates * Vet libhimmelblau * Add `make vet` command * Update deny.toml * Remove incompatible licenses from deps * Fix RHEL8 package signing * Add SBOM generation * Add an IRP checklist for security incidents * Run the nixos build/release on the correct version * Add crate dependency auditing on MR * Add some exceptions * Initialize cargo vet * Remove in-tree kanidm dependencies * Fix Hello PIN lookup when an alias domain * Raise maximum group lookup from 100 to 999 * Always work with lowercase account names * Modify FUNDING.yml for funding sources * Remove glib dependency * deps(rust): bump the all-cargo-updates group with 10 updates * Add CI check for licenses * Update dependabot.yml to target all stable branches * Add authselect module for Rocky/Fedora * Recommend packages, instead of require * Add a Contributing document * Add a Code of Conduct * add withSelinux flag to nix build, brings SELinux binaries into the build environment. * deps(rust): bump tracing-subscriber in the cargo group * Don't overwrite the himmelblau.conf on rpm upgrade * Add help output to the Makefile * Fix building packages with docker in root mode * Update to latest libhimmelblau and identity_dbus_broker * Make PRT SSO cookie via broker work as well for Edge * Make broker work for Edge * Generate Office 365 desktop apps * Update README * Add `make uninstall` command * Remove the deprecated tests suite * Himmelblau no longer has git submodules * Make install using packages * Add Debian 13 packages * Generate Dockerfiles automatically * Add SELinux configuration * Himmelblau daemon requires system tss user * Add cron dependency for Intune scripts * Do not mangle /usr/etc configuration files * deps(rust): bump the all-cargo-updates group with 7 updates * Add SLE16 (beta) build target * Automatically append to nsswitch.conf in postinst * Correct the RPM postinst script syntax * Fix Kerberos credential cache permissions * Set file owner and group before writing its content * Create SECURITY.md * Rev the dev version to 2.0.0 * Ensure alias domains match when checking Intune device id * Debian 12 doesn't support ConditionPathExists and notify-reload * Write scripts policy to a readable directory * Apply Intune policies right after enrollment * Add more debug instrumentation * Provide device_id to Intune enrollment if not cached * Ensure nss cache directory is created during install * Remove /var/cache/himmelblaud access from tasks daemon * Resolve daemon startup absolute path warnings * Delay Intune enrollment on Device Auth fail * Do not leak the Intune IW service token in the logs Version 1.4.2: * Revert libhimmelblau unstable update Version 1.4.1: * Update Intune to use app version 1.2511.7 Version 1.4.0: * Resolve build failures * deps(rust): bump the all-cargo-updates group across 1 directory with 6 updates Version 1.3.0: * Revert the self-hosted runner name * deps(rust): bump the all-cargo-updates group with 23 updates * Include latest branch in CI * Self hosted runners Version 1.1.0: * Fix policy application * Add remaining Linux password compliance policies * Add custom compliance enforcement * deps(rust): bump the all-cargo-updates group with 3 updates * deps(rust): bump the all-cargo-updates group with 5 updates * Add SLE15SP7 build target * Add RHEL 10 build target * Fix Intermittent auth issue AADSTSError 16000 * Remove old utf8proc dependency * Add `fedora42` build target * Handle PRT expiration and tie to offline auth * Correctly delete the Hello keys on bad pin count * Add ability to disable Hello PIN per-service * Update NixOS support to 25.05 * Handle disabled device by attempting re-enrollment * Always attempt confidential client creds for aad-tool * Include HSM option defs in himmelblau.conf man page * Improve the aad-tool cache-clear command * Add `mfaSshWorkaroundFlag` configuration option to Nix Flake. * Add the ability to remove confidential client creds * If bad PIN count is exceeded, delete the Hello key * deps(rust): bump the all-cargo-updates group with 4 updates * Add instructions for creating developer builds * Fix GDM3 first time login password prompt * Default HsmType should be soft * Add himmelblaud to tss group for TPM startup * Enforce strict order for the systemd units * Update libhimmelblau and compact_jwt * Fix builds w/tpm * aad-tool Authentication flow improvements * Filter out irrelevant debug in aad-tool * Create a unified login experience for aad-tool * Utilize confidential creds for aad-tool enumerate * himmelblau should get posix attributes w/out delegate user access * Always use the Object Id for mapping Group to GID * Update enhancement-request.md for SPI donations * Update bug_report.md with SPI donation * Update build requires in README.md * Update FUNDING.yml with SPI Paypal donation button * Don't break from tasks loop when policies fail * Enroll in Intune as soon as it is enabled * Implement `decoupled hello` behavior * Cache encrypted PRT to disk for offline login SSO * Update to latest hsm-crypto * Enable tpm functionality * Allow altering the password and PIN prompt messages * Ensure Hello PIN lockout happens when online * Cache the build target output to improve build times * Easier build selection w/ Makefile * Revert mistaken removal from Makefile * Make the user wait longer with each incorrect PIN * Make the bad PIN count configurable * Improve aad-tool manpage * aad-tool fails if the user has FIDO2 enabled * Offline auth permits authentication with invalid Hello PIN * PIN complexity to match Windows * Update to latest SSSD idmap code * Add aad-tool options for setting posix attrs * Add scopes and redirect uris aad-tool application create * Add aad-tool commands for managaging extension attrs * Utilize the sidtoname call for object id mapping * Add commands for listing/creating App registrations * Potential fix for code scanning alert no. 2: Workflow does not contain permissions * Potential fix for code scanning alert no. 4: Workflow does not contain permissions * Potential fix for code scanning alert: Workflow does not contain permissions * Never write the app_id to the server config * Disable passwordless Fido by default * Stop using deprecated `users` crate * When group membership lookup fails, use cached groups * aad-tool command for enumerating users and groups * Name-Based Group Matching in `pam_allow_groups` Leads to Potential Security Bypass * Add the configure-pam option to aad-tool man page * Add static idmap cache for on-prem to cloud migration * Update bug_report.md with request for himmelblau.conf * deps(rust): bump the all-cargo-updates group with 2 updates * Update crates in a group * Update crate bumps * Utilize new Intune compliance enforcement via libhimmelblau * Correct the README regarding Intune policy compliance * Disable Chromium policy * Re-enable Intune policy and add scripts and compliance policies * himmelblau.conf alias `domain` as `domains` * Support Fido auth in pam passwd * Add TAP support to himmelblaud and pam passwd * Mixed case names should properly identify Hello Key * Update linux-entra-sso to latest version * Fix group lookup for Entra Id group name * Fix mixed case name lookup from PRT cache * Crate updates * Fix tasks daemon debug output * Remove write locks where unecessary * Fix deadlock in nss * systemd notify fixes * Console * Address Feedback * Order services before gdb/nss-user-target * deps(rust): bump rpassword from 7.3.1 to 7.4.0 * deps(rust): bump tokio from 1.44.2 to 1.45.0 * deps(rust): bump sha2 from 0.10.8 to 0.10.9 * deps(rust): bump systemd-journal-logger from 2.2.0 to 2.2.2 * deps(rust): bump clap from 4.5.31 to 4.5.38 * Update notify-debouncer-full * Update opentelemetry * Update dependencies * deps(rust): bump time from 0.3.39 to 0.3.41 * Replace source filter that blacklists files with filter that whitelists files. * Mark himmelblau.conf as config in rpm * Update README.md * Ensure only the base URL is printed to log * If unix_user_get fails, wait, and try again * Supplying a PRT cookie to SSO doesn't require network * Don't send a password prompt if the network is down * Auth via MFA if Hello PIN fails 3 times * Improve Hello PIN failed auth error * Fix rocky9 build * deps(rust): bump anyhow from 1.0.96 to 1.0.98 * deps(rust): bump libc from 0.2.170 to 0.2.172 * deps(rust): bump cc from 1.2.16 to 1.2.19 * deps(rust): bump tokio from 1.43.0 to 1.44.2 * deps(rust): bump openssl from 0.10.71 to 0.10.72 in the cargo group * deps(rust): bump reqwest from 0.12.12 to 0.12.15 * Update libhimmelblau in Cargo.lock * Fix nss and offline checks for domain aliases * Report error when MS Authenticator denies authorization * Bail out of invalid offline auth * Handle AADSTS errors from BeginAuth response * Never dump failed reqwests to the log * Update sccache-action version to use new cache service * Permit daemon to start when network is down * Add an nss cache for when daemon is down * Additional pam info cues * Proceed with Hello auth even with net down * Indicate to the user what the password and PIN are * Ensure pam messages are seen * Display the minimum PIN length during Hello setup * PAM should loop, not die on error * Ensure prompt msg remains for confirmation * Update bug_report.md * Ignore demands for setting up MS Authenticator * Login fails if Entra is configured to recommend MS authenticator * Add pam configure command to aad-tool * Update README.md with pam passwd instructions * aad-tool authtest needs to map names * Update demo video in README.md * Sign RPM packages * Ensure the pam module is installed correctly for SLE * Improve pam error handling and messaging * Only push cachix builds for stable releases * Terminate linux-entra-sso when browser terminates * On deb, push pam config after install * Increase priority of deb PAM passwd for Himmelblau * Improve offline state handling * Specify request for Entra Id password in PAM * QR Greeter also supports gnome-shell 47 * Fix profile photo loading * Clarify pam_allow_groups in himmelblau.conf man page * Don't hide debug for pam_allow_groups miss * Handle failures in passwordless auth * build all root packages * split config options that can be defined per-domain from those which are global only * configure cachix signing and upload in ci * deps(rust): bump serde_json from 1.0.138 to 1.0.140 * deps(rust): bump serde from 1.0.218 to 1.0.219 * deps(rust): bump time from 0.3.37 to 0.3.39 * deps(rust): bump bytes from 1.10.0 to 1.10.1 * deps(rust): bump pkg-config from 0.3.31 to 0.3.32 * Entra Id is case insensitive, cache lookup must match * deps(rust): bump ring from 0.17.9 to 0.17.13 in the cargo group * Support CompanionAppsNotification mfa method * QR code for gnome-shell greeter * Allow tasks to start if AccountsService dir missing * Remove invalid python dependency from sso package * Fixes https://github.com/himmelblau-idm/himmelblau/issues/397 * Clear server config when clearing cache * Update version in the Cargo.lock * deps(rust): bump async-trait from 0.1.86 to 0.1.87 * deps(rust): bump chrono from 0.4.39 to 0.4.40 * Fix himmelblau.conf man page cn_name_mapping entry * deps(rust): bump pem from 3.0.4 to 3.0.5 * deps(rust): bump serde from 1.0.217 to 1.0.218 Version 1.0.0: * deps(rust): bump cc from 1.2.15 to 1.2.16 * Update workflow versions himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64.rpm himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch.rpm himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch.rpm himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64.rpm libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64.rpm pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64.rpm himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64.rpm himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64.rpm libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64.rpm pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-472 Recommended update for selinux-policy important SUSE SLFO 1.2 This update for selinux-policy fixes the following issues: Changes in selinux-policy: Update to version 20250627+git355.5249ba7d5: * Revert "Define file equivalency for /var/opt" (bsc#1259704) * Make stalld stalld_var_run_t labeling rules more generic (bsc#1259438) Update to version 20250627+git351.529352149: * Allow syslog_t access ISC dhcpd /dev/log socket (bsc#1255725) * privoxy: account for openSUSE chroot configuration (bsc#1237375) Update to version 20250627+git347.b8926451e: * Add support for 'mariadb@.service' (bsc#1255024). selinux-policy-20250627+git355.5249ba7d5-160000.1.1.noarch.rpm selinux-policy-devel-20250627+git355.5249ba7d5-160000.1.1.noarch.rpm selinux-policy-doc-20250627+git355.5249ba7d5-160000.1.1.noarch.rpm selinux-policy-minimum-20250627+git355.5249ba7d5-160000.1.1.noarch.rpm selinux-policy-sandbox-20250627+git355.5249ba7d5-160000.1.1.noarch.rpm selinux-policy-targeted-20250627+git355.5249ba7d5-160000.1.1.noarch.rpm openSUSE-Leap-16.0-473 Security update for python-Pillow important SUSE SLFO 1.2 This update for python-Pillow fixes the following issues: - CVE-2026-25990: Fixed an out-of-bounds write when opening a specially crafted PSD image. (bsc#1258125) python313-Pillow-11.3.0-160000.3.1.aarch64.rpm python313-Pillow-tk-11.3.0-160000.3.1.aarch64.rpm python313-Pillow-11.3.0-160000.3.1.ppc64le.rpm python313-Pillow-tk-11.3.0-160000.3.1.ppc64le.rpm python313-Pillow-11.3.0-160000.3.1.s390x.rpm python313-Pillow-tk-11.3.0-160000.3.1.s390x.rpm python313-Pillow-11.3.0-160000.3.1.x86_64.rpm python313-Pillow-tk-11.3.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-474 Security update for perl-XML-Parser important SUSE SLFO 1.2 This update for perl-XML-Parser fixes the following issues: - CVE-2006-10002: heap buffer overflow in `parse_stream` when processing UTF-8 input streams (bsc#1259901). - CVE-2006-10003: off-by-one heap buffer overflow in `st_serial_stack` (bsc#1259902). perl-XML-Parser-2.470.0-160000.3.1.aarch64.rpm perl-XML-Parser-2.470.0-160000.3.1.ppc64le.rpm perl-XML-Parser-2.470.0-160000.3.1.s390x.rpm perl-XML-Parser-2.470.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-475 Security update for dnsdist low SUSE SLFO 1.2 This update for dnsdist fixes the following issues: Update to dnsdist 1.9.11: - CVE-2025-8671: add mitigations for the HTTP/2 MadeYouReset attack (bsc#1253852). - CVE-2025-30187: denial of service via crafted DoH exchange (bsc#1250054). dnsdist-1.9.11-160000.1.1.aarch64.rpm dnsdist-1.9.11-160000.1.1.ppc64le.rpm dnsdist-1.9.11-160000.1.1.s390x.rpm dnsdist-1.9.11-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-476 Recommended update for bash-completion moderate SUSE SLFO 1.2 This update for bash-completion fixes the following issues: - Skip colon from device names for ethtool (bsc#1246923) bash-completion-2.12.0-160000.3.1.noarch.rpm bash-completion-devel-2.12.0-160000.3.1.noarch.rpm bash-completion-doc-2.12.0-160000.3.1.noarch.rpm openSUSE-Leap-16.0-477 Recommended update for rust1.94 moderate SUSE SLFO 1.2 This update for rust1.94 fixes the following issues: This update adds rust1.94. Release notes can be found externally: https://github.com/rust-lang/rust/releases/tag/1.94.0 cargo1.94-1.94.0-160000.1.1.aarch64.rpm rust1.94-1.94.0-160000.1.1.aarch64.rpm rust1.94-src-1.94.0-160000.1.1.noarch.rpm cargo-1.94.0-160000.1.1.aarch64.rpm rust-1.94.0-160000.1.1.aarch64.rpm rust-src-1.94.0-160000.1.1.aarch64.rpm cargo1.94-1.94.0-160000.1.1.ppc64le.rpm rust1.94-1.94.0-160000.1.1.ppc64le.rpm cargo-1.94.0-160000.1.1.ppc64le.rpm rust-1.94.0-160000.1.1.ppc64le.rpm rust-src-1.94.0-160000.1.1.ppc64le.rpm cargo1.94-1.94.0-160000.1.1.s390x.rpm rust1.94-1.94.0-160000.1.1.s390x.rpm cargo-1.94.0-160000.1.1.s390x.rpm rust-1.94.0-160000.1.1.s390x.rpm rust-src-1.94.0-160000.1.1.s390x.rpm cargo1.94-1.94.0-160000.1.1.x86_64.rpm rust1.94-1.94.0-160000.1.1.x86_64.rpm cargo-1.94.0-160000.1.1.x86_64.rpm rust-1.94.0-160000.1.1.x86_64.rpm rust-src-1.94.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-478 Security update for cockpit-repos important SUSE SLFO 1.2 This update for cockpit-repos fixes the following issue: - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258637). cockpit-repos-4.7-160000.2.1.noarch.rpm openSUSE-Leap-16.0-479 Security update for tigervnc important SUSE SLFO 1.2 This update for tigervnc fixes the following issues: - CVE-2026-34352: Fixed permissions to prevent other users from observing the screen, or modifying what is sent to the client. (bsc#1260871) libXvnc-devel-1.15.0-160000.3.1.aarch64.rpm libXvnc1-1.15.0-160000.3.1.aarch64.rpm tigervnc-1.15.0-160000.3.1.aarch64.rpm tigervnc-selinux-1.15.0-160000.3.1.noarch.rpm tigervnc-x11vnc-1.15.0-160000.3.1.noarch.rpm xorg-x11-Xvnc-1.15.0-160000.3.1.aarch64.rpm xorg-x11-Xvnc-java-1.15.0-160000.3.1.noarch.rpm xorg-x11-Xvnc-module-1.15.0-160000.3.1.aarch64.rpm xorg-x11-Xvnc-novnc-1.15.0-160000.3.1.noarch.rpm libXvnc-devel-1.15.0-160000.3.1.ppc64le.rpm libXvnc1-1.15.0-160000.3.1.ppc64le.rpm tigervnc-1.15.0-160000.3.1.ppc64le.rpm xorg-x11-Xvnc-1.15.0-160000.3.1.ppc64le.rpm xorg-x11-Xvnc-module-1.15.0-160000.3.1.ppc64le.rpm libXvnc-devel-1.15.0-160000.3.1.s390x.rpm libXvnc1-1.15.0-160000.3.1.s390x.rpm tigervnc-1.15.0-160000.3.1.s390x.rpm xorg-x11-Xvnc-1.15.0-160000.3.1.s390x.rpm libXvnc-devel-1.15.0-160000.3.1.x86_64.rpm libXvnc1-1.15.0-160000.3.1.x86_64.rpm tigervnc-1.15.0-160000.3.1.x86_64.rpm xorg-x11-Xvnc-1.15.0-160000.3.1.x86_64.rpm xorg-x11-Xvnc-module-1.15.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-48 Recommended update for crmsh moderate SUSE SLFO 1.2 This update for crmsh fixes the following issues: - Version update 5.0.0+20251110.f6e38810: - Fix: Avoid unnecessary sudo in sftp and ssh commands (bsc#1229416). - Fix: Avoid unnecessary sudo calls in ClusterShell SSH commands (bsc#1229416). - Fix: corosync: Fallback to CIB when node name is missing (bsc#1250585). - Fix: migration: Populate node name during corosync configuration migration (bsc#1250585). - Fix: sbd: Ensure proper cluster restart when adding diskless SBD (bsc#1248874). - Fix: Call crm report directly for the legacy `crm cluster health` command (bsc#1230324). - Fix: various fixes on: user interface, bootstrap auth, logs and docs - Dev: sbd: Check if fence-agents-sbd is installed on all nodes. - Dev: various code refactoring. crmsh-5.0.0+20251110.f6e38810-160000.1.1.noarch.rpm crmsh-scripts-5.0.0+20251110.f6e38810-160000.1.1.noarch.rpm crmsh-test-5.0.0+20251110.f6e38810-160000.1.1.noarch.rpm openSUSE-Leap-16.0-480 Security update for libpng16 important SUSE SLFO 1.2 This update for libpng16 fixes the following issues: - CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). - CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and crashes (bsc#1260755). libpng16-16-1.6.44-160000.6.1.aarch64.rpm libpng16-compat-devel-1.6.44-160000.6.1.aarch64.rpm libpng16-devel-1.6.44-160000.6.1.aarch64.rpm libpng16-tools-1.6.44-160000.6.1.aarch64.rpm libpng16-16-1.6.44-160000.6.1.ppc64le.rpm libpng16-compat-devel-1.6.44-160000.6.1.ppc64le.rpm libpng16-devel-1.6.44-160000.6.1.ppc64le.rpm libpng16-tools-1.6.44-160000.6.1.ppc64le.rpm libpng16-16-1.6.44-160000.6.1.s390x.rpm libpng16-compat-devel-1.6.44-160000.6.1.s390x.rpm libpng16-devel-1.6.44-160000.6.1.s390x.rpm libpng16-tools-1.6.44-160000.6.1.s390x.rpm libpng16-16-1.6.44-160000.6.1.x86_64.rpm libpng16-16-x86-64-v3-1.6.44-160000.6.1.x86_64.rpm libpng16-compat-devel-1.6.44-160000.6.1.x86_64.rpm libpng16-compat-devel-x86-64-v3-1.6.44-160000.6.1.x86_64.rpm libpng16-devel-1.6.44-160000.6.1.x86_64.rpm libpng16-devel-x86-64-v3-1.6.44-160000.6.1.x86_64.rpm libpng16-tools-1.6.44-160000.6.1.x86_64.rpm openSUSE-Leap-16.0-481 Recommended update for amazon-ecs-init moderate SUSE SLFO 1.2 This update for amazon-ecs-init fixes the following issues: - Update to version 1.102.1: * Enhancement - Improve ENI watcher udev logging * Enhancement - Update go version to 1.25.7, Update unit test coverage logic * Enhancement - Upgrade prometheus deps * Enhancement - Use static IP for daemon tasks for Managed Instances, also updates amazon-ecs-cni-plugins * Bugfix - Fix IMDS client rate limiting to prevent token refresh failures after 401 responses - For the changes between 1.64.0 and 1.102.0, see CHANGELOG.md - Fix permissions of systemd service file - Include CHANGELOG.md in %doc section - Switch upstream source to amazon-ecs-agent - Switch to systemd-tmpfiles to store runtime data (jsc#PED-14842) amazon-ecs-init-1.102.1-160000.1.1.aarch64.rpm amazon-ecs-init-1.102.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-482 Security update for python-cbor2 important SUSE SLFO 1.2 This update for python-cbor2 fixes the following issues: - CVE-2025-68131: CBORDecoder reuse across trust boundaries can lead to leak of shareable values from previous decode calls via attacker-controlled messages (bsc#1255783). - CVE-2026-26209: uncontrolled recursion via crafted CBOR payloads can cause a denial of service (bsc#1260367). python313-cbor2-5.6.5-160000.4.1.aarch64.rpm python313-cbor2-5.6.5-160000.4.1.ppc64le.rpm python313-cbor2-5.6.5-160000.4.1.s390x.rpm python313-cbor2-5.6.5-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-483 Security update for cockpit-packages important SUSE SLFO 1.2 This update for cockpit-packages fixes the following issue: Update cockpit-packages to version 4: - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258641). Changes for cockpit-packages: * Translation updates * Dependency updates cockpit-packages-4-160000.1.1.noarch.rpm openSUSE-Leap-16.0-484 Security update for libtasn1 moderate SUSE SLFO 1.2 This update for libtasn1 fixes the following issues: - CVE-2025-13151: lack of validation of input data size leads to stack-based buffer overflow in `asn1_expend_octet_string` (bsc#1256341). libtasn1-6-4.21.0-160000.1.1.aarch64.rpm libtasn1-devel-4.21.0-160000.1.1.aarch64.rpm libtasn1-tools-4.21.0-160000.1.1.aarch64.rpm libtasn1-6-4.21.0-160000.1.1.ppc64le.rpm libtasn1-devel-4.21.0-160000.1.1.ppc64le.rpm libtasn1-tools-4.21.0-160000.1.1.ppc64le.rpm libtasn1-6-4.21.0-160000.1.1.s390x.rpm libtasn1-devel-4.21.0-160000.1.1.s390x.rpm libtasn1-tools-4.21.0-160000.1.1.s390x.rpm libtasn1-6-4.21.0-160000.1.1.x86_64.rpm libtasn1-devel-4.21.0-160000.1.1.x86_64.rpm libtasn1-tools-4.21.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-485 Security update for systemd important SUSE SLFO 1.2 This update for systemd fixes the following issues: Update to systemd v257.13: Security issues: - CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650). - CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418). - udev: local root execution via malicious hardware devices and unsanitized kernel output (bsc#1259697). Non security issues: - Avoid shipping (empty) directories and ghost files in /var (jsc#PED-14853). - Sign systemd-boot EFI binary on aarch64 (bsc#1258344) - terminal-util: stop doing 0/upper bound check in tty_is_vc() (bsc#1255326) Changelog: - 6941d92dc2 machined: reject invalid class types when registering machines (bsc#1259650 CVE-2026-4105) - 03bb697b8d udev: check for invalid chars in various fields received from the kernel (bsc#1259697) - 54588d2ded core: validate input cgroup path more prudently (bsc#1259418 CVE-2026-29111) - fb9d92682b terminal-util: stop doing 0/upper bound check in tty_is_vc() (bsc#1255326) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/3c53ef3ea20bd43ef587cbdfa7107aeb1ef55654...d349fc5cd4f9ee2b7884c2610647e92806d14b28 libsystemd0-257.13-160000.1.1.aarch64.rpm True libudev1-257.13-160000.1.1.aarch64.rpm True systemd-257.13-160000.1.1.aarch64.rpm True systemd-boot-257.13-160000.1.1.aarch64.rpm True systemd-container-257.13-160000.1.1.aarch64.rpm True systemd-devel-257.13-160000.1.1.aarch64.rpm True systemd-doc-257.13-160000.1.1.noarch.rpm True systemd-experimental-257.13-160000.1.1.aarch64.rpm True systemd-homed-257.13-160000.1.1.aarch64.rpm True systemd-journal-remote-257.13-160000.1.1.aarch64.rpm True systemd-lang-257.13-160000.1.1.noarch.rpm True systemd-networkd-257.13-160000.1.1.aarch64.rpm True systemd-portable-257.13-160000.1.1.aarch64.rpm True systemd-resolved-257.13-160000.1.1.aarch64.rpm True systemd-testsuite-257.13-160000.1.1.aarch64.rpm True udev-257.13-160000.1.1.aarch64.rpm True libsystemd0-257.13-160000.1.1.ppc64le.rpm True libudev1-257.13-160000.1.1.ppc64le.rpm True systemd-257.13-160000.1.1.ppc64le.rpm True systemd-container-257.13-160000.1.1.ppc64le.rpm True systemd-devel-257.13-160000.1.1.ppc64le.rpm True systemd-experimental-257.13-160000.1.1.ppc64le.rpm True systemd-homed-257.13-160000.1.1.ppc64le.rpm True systemd-journal-remote-257.13-160000.1.1.ppc64le.rpm True systemd-networkd-257.13-160000.1.1.ppc64le.rpm True systemd-portable-257.13-160000.1.1.ppc64le.rpm True systemd-resolved-257.13-160000.1.1.ppc64le.rpm True systemd-testsuite-257.13-160000.1.1.ppc64le.rpm True udev-257.13-160000.1.1.ppc64le.rpm True libsystemd0-257.13-160000.1.1.s390x.rpm True libudev1-257.13-160000.1.1.s390x.rpm True systemd-257.13-160000.1.1.s390x.rpm True systemd-container-257.13-160000.1.1.s390x.rpm True systemd-devel-257.13-160000.1.1.s390x.rpm True systemd-experimental-257.13-160000.1.1.s390x.rpm True systemd-homed-257.13-160000.1.1.s390x.rpm True systemd-journal-remote-257.13-160000.1.1.s390x.rpm True systemd-networkd-257.13-160000.1.1.s390x.rpm True systemd-portable-257.13-160000.1.1.s390x.rpm True systemd-resolved-257.13-160000.1.1.s390x.rpm True systemd-testsuite-257.13-160000.1.1.s390x.rpm True udev-257.13-160000.1.1.s390x.rpm True libsystemd0-257.13-160000.1.1.x86_64.rpm True libudev1-257.13-160000.1.1.x86_64.rpm True systemd-257.13-160000.1.1.x86_64.rpm True systemd-boot-257.13-160000.1.1.x86_64.rpm True systemd-container-257.13-160000.1.1.x86_64.rpm True systemd-devel-257.13-160000.1.1.x86_64.rpm True systemd-experimental-257.13-160000.1.1.x86_64.rpm True systemd-homed-257.13-160000.1.1.x86_64.rpm True systemd-journal-remote-257.13-160000.1.1.x86_64.rpm True systemd-networkd-257.13-160000.1.1.x86_64.rpm True systemd-portable-257.13-160000.1.1.x86_64.rpm True systemd-resolved-257.13-160000.1.1.x86_64.rpm True systemd-testsuite-257.13-160000.1.1.x86_64.rpm True udev-257.13-160000.1.1.x86_64.rpm True openSUSE-Leap-16.0-486 Security update for tar important SUSE SLFO 1.2 This update for tar fixes the following issue: Security issue: - CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399). Non security issue: - Fixes tar creating invalid tarballs when used with --delete (bsc#1246607) tar-1.35-160000.3.1.aarch64.rpm tar-backup-scripts-1.35-160000.3.1.noarch.rpm tar-doc-1.35-160000.3.1.noarch.rpm tar-lang-1.35-160000.3.1.noarch.rpm tar-rmt-1.35-160000.3.1.aarch64.rpm tar-tests-1.35-160000.3.1.aarch64.rpm tar-1.35-160000.3.1.ppc64le.rpm tar-rmt-1.35-160000.3.1.ppc64le.rpm tar-tests-1.35-160000.3.1.ppc64le.rpm tar-1.35-160000.3.1.s390x.rpm tar-rmt-1.35-160000.3.1.s390x.rpm tar-tests-1.35-160000.3.1.s390x.rpm tar-1.35-160000.3.1.x86_64.rpm tar-rmt-1.35-160000.3.1.x86_64.rpm tar-tests-1.35-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-487 Security update for clamav moderate SUSE SLFO 1.2 This update for clamav fixes the following issues: Update to clamav 1.5.2: Security issue: - CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file (bsc#1259207). Non security issue: - Support transactional updates (jsc#PED-14819). Changelog: * Fixed a possible infinite loop when scanning some JPEG files by upgrading affected ClamAV dependency, a Rust image library. * The CVD verification process will now ignore certificate files in the CVD certs directory when the user lacks read permissions. * Freshclam: Fix CLD verification bug with PrivateMirror option. * Upgraded the Rust bytes dependency to a newer version to resolve RUSTSEC-2026-0007 advisory. * Fixed a possible crash caused by invalid pointer alignment on some platforms. clamav-1.5.2-160000.1.1.aarch64.rpm clamav-devel-1.5.2-160000.1.1.aarch64.rpm clamav-docs-html-1.5.2-160000.1.1.noarch.rpm clamav-milter-1.5.2-160000.1.1.aarch64.rpm libclamav12-1.5.2-160000.1.1.aarch64.rpm libclammspack0-1.5.2-160000.1.1.aarch64.rpm libfreshclam4-1.5.2-160000.1.1.aarch64.rpm clamav-1.5.2-160000.1.1.ppc64le.rpm clamav-devel-1.5.2-160000.1.1.ppc64le.rpm clamav-milter-1.5.2-160000.1.1.ppc64le.rpm libclamav12-1.5.2-160000.1.1.ppc64le.rpm libclammspack0-1.5.2-160000.1.1.ppc64le.rpm libfreshclam4-1.5.2-160000.1.1.ppc64le.rpm clamav-1.5.2-160000.1.1.s390x.rpm clamav-devel-1.5.2-160000.1.1.s390x.rpm clamav-milter-1.5.2-160000.1.1.s390x.rpm libclamav12-1.5.2-160000.1.1.s390x.rpm libclammspack0-1.5.2-160000.1.1.s390x.rpm libfreshclam4-1.5.2-160000.1.1.s390x.rpm clamav-1.5.2-160000.1.1.x86_64.rpm clamav-devel-1.5.2-160000.1.1.x86_64.rpm clamav-milter-1.5.2-160000.1.1.x86_64.rpm libclamav12-1.5.2-160000.1.1.x86_64.rpm libclammspack0-1.5.2-160000.1.1.x86_64.rpm libfreshclam4-1.5.2-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-49 Recommended update for colord moderate SUSE SLFO 1.2 This update for colord fixes the following issues: - Update to version 1.4.8: + New Features: - Add AppStream metainfo XML with hardware provide info. - Add support for -Dsystemd_root_prefix to make local building easier. - Install sysusers.d config file if configured user is not root. + Bugfixes: - Add the source attribute for each man page. - Drop component type from AppStream metadata XML to avoid parsing error. - Fix a critical warning when running the self tests. - Fix USB scanners not working with RestrictAddressFamilies. - Fix writing to the database with ProtectSystem=strict. - Properly set the status to CD_SESSION_STATUS_RUNNING. - Use g_ascii_strtod instead of atof(). - Use sqlite3_errmsg() to avoid getting a mutable error message. - Changes from version 1.4.7: + Bugfixes: - Add various hardenings to the systemd service. - Always close the ICC profile when loading fails. - Avoid destructing LCMS plugin twice with lcms 2.14. - Do not make state files executable in tmpfiles.d/colord.conf. - Fix a double free spotted by Coverity. - Fix an error check when parsing the DTP94 data. - Fix a -Wincompatible-pointer-types warning. - Fix potential crash when reading from broken Huey hardware. - Set FILE_OFFSET_BITS explicitly. - Use a 64-bit time_t. - Use thread context for Gamut Alarm codes. colord-1.4.8-160000.1.1.aarch64.rpm colord-color-profiles-1.4.8-160000.1.1.aarch64.rpm colord-lang-1.4.8-160000.1.1.noarch.rpm libcolord-devel-1.4.8-160000.1.1.aarch64.rpm libcolord2-1.4.8-160000.1.1.aarch64.rpm libcolorhug2-1.4.8-160000.1.1.aarch64.rpm typelib-1_0-Colord-1_0-1.4.8-160000.1.1.aarch64.rpm typelib-1_0-Colorhug-1_0-1.4.8-160000.1.1.aarch64.rpm colord-1.4.8-160000.1.1.ppc64le.rpm colord-color-profiles-1.4.8-160000.1.1.ppc64le.rpm libcolord-devel-1.4.8-160000.1.1.ppc64le.rpm libcolord2-1.4.8-160000.1.1.ppc64le.rpm libcolorhug2-1.4.8-160000.1.1.ppc64le.rpm typelib-1_0-Colord-1_0-1.4.8-160000.1.1.ppc64le.rpm typelib-1_0-Colorhug-1_0-1.4.8-160000.1.1.ppc64le.rpm colord-1.4.8-160000.1.1.s390x.rpm colord-color-profiles-1.4.8-160000.1.1.s390x.rpm libcolord-devel-1.4.8-160000.1.1.s390x.rpm libcolord2-1.4.8-160000.1.1.s390x.rpm libcolorhug2-1.4.8-160000.1.1.s390x.rpm typelib-1_0-Colord-1_0-1.4.8-160000.1.1.s390x.rpm typelib-1_0-Colorhug-1_0-1.4.8-160000.1.1.s390x.rpm colord-1.4.8-160000.1.1.x86_64.rpm colord-color-profiles-1.4.8-160000.1.1.x86_64.rpm libcolord-devel-1.4.8-160000.1.1.x86_64.rpm libcolord2-1.4.8-160000.1.1.x86_64.rpm libcolorhug2-1.4.8-160000.1.1.x86_64.rpm typelib-1_0-Colord-1_0-1.4.8-160000.1.1.x86_64.rpm typelib-1_0-Colorhug-1_0-1.4.8-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-495 Security update for perl-Authen-SASL moderate SUSE SLFO 1.2 This update for perl-Authen-SASL fixes the following issues: Changes in perl-Authen-SASL: - CVE-2025-40918: use Crypt:URandom for generating nonces (bsc#1246623) perl-Authen-SASL-2.170.0-160000.3.1.noarch.rpm perl-Crypt-URandom-0.550.0-160000.1.1.aarch64.rpm perl-Crypt-URandom-0.550.0-160000.1.1.ppc64le.rpm perl-Crypt-URandom-0.550.0-160000.1.1.s390x.rpm perl-Crypt-URandom-0.550.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-496 Recommended update for umoci moderate SUSE SLFO 1.2 This update for umoci fixes the following issues: Update to umoci v0.6.0. Upstream changelog is available from <https://github.com/opencontainers/umoci/releases/tag/v0.6.0> bsc#1252025 * umoci now has automatic SOURCE_DATE_EPOCH support, improving the reproducibility of generated images. * "umoci stat" now provides more information about theimage. * "umoci config" now supports --platform.variant (architecture variants) which resolves issues with images on ARM (on ARM systems, "umoci new" will auto-fill the host CPU variant). Update to umoci v0.5.1. Upstream changelog is available from <https://github.com/opencontainers/umoci/releases/tag/v0.5.1> bsc#1249450 * For images with an empty index.json, umoci will no longer incorrectly set the manifests entry to null. * umoci will now produce an error for images with negative-sized descriptors, based on recent discussions in the upstream image-spec. * Use go:embed to fill umoci --version information from VERSION. * Stop using oci-image-tools for integration tests, instead use some smoke tests and the docker-library-maintained meta-scripts. umoci-0.6.0-160000.1.1.aarch64.rpm umoci-0.6.0-160000.1.1.ppc64le.rpm umoci-0.6.0-160000.1.1.s390x.rpm umoci-0.6.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-497 Recommended update for kernel-firmware-ath12k moderate SUSE SLFO 1.2 This update for kernel-firmware-ath12k fixes the following issues: - amdgpu and ath12k firmware files drivers where missing (bsc#1250952). - Version update 20250919 kernel-firmware-ath12k-20250919-160000.1.1.noarch.rpm openSUSE-Leap-16.0-498 Recommended update for adaptec-firmware moderate SUSE SLFO 1.2 This update for adaptec-firmware fixes the following issues: Changes in adaptec-firmware: - use %license tag [bsc#1252133] adaptec-firmware-1.35-160000.3.1.noarch.rpm openSUSE-Leap-16.0-499 Recommended update for sg3_utils important SUSE SLFO 1.2 This update for sg3_utils fixes the following issues: - Update to version 1.48~20221101+5.c6a1f6b8: * rescan-scsi-bus.sh: + Fix invocation of udevadm (bsc#1258664) + Fix multipath issue when called with -s and without -u (bsc#1215720, bsc#1216355) libsgutils-devel-1.48~20221101+5.c6a1f6b8-160000.1.1.aarch64.rpm libsgutils2-1_48-2-1.48~20221101+5.c6a1f6b8-160000.1.1.aarch64.rpm sg3_utils-1.48~20221101+5.c6a1f6b8-160000.1.1.aarch64.rpm libsgutils-devel-1.48~20221101+5.c6a1f6b8-160000.1.1.ppc64le.rpm libsgutils2-1_48-2-1.48~20221101+5.c6a1f6b8-160000.1.1.ppc64le.rpm sg3_utils-1.48~20221101+5.c6a1f6b8-160000.1.1.ppc64le.rpm libsgutils-devel-1.48~20221101+5.c6a1f6b8-160000.1.1.s390x.rpm libsgutils2-1_48-2-1.48~20221101+5.c6a1f6b8-160000.1.1.s390x.rpm sg3_utils-1.48~20221101+5.c6a1f6b8-160000.1.1.s390x.rpm libsgutils-devel-1.48~20221101+5.c6a1f6b8-160000.1.1.x86_64.rpm libsgutils2-1_48-2-1.48~20221101+5.c6a1f6b8-160000.1.1.x86_64.rpm sg3_utils-1.48~20221101+5.c6a1f6b8-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-5 Recommended update of aws-cli-cmd, az-cli-cmd moderate SUSE SLFO 1.2 This update for aws-cli-cmd and az-cli-cmd fixes the following issues: - Use fixed python version 3.13 aws-cli-cmd-1.36.1-160000.2.1.noarch.rpm az-cli-cmd-1.36.1-160000.2.1.noarch.rpm openSUSE-Leap-16.0-50 Security update for the Linux Kernel important SUSE SLFO 1.2 The SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2024-57891: sched_ext: Fix invalid irq restore in scx_ops_bypass() (bsc#1235953). - CVE-2024-57951: hrtimers: Handle CPU state correctly on hotplug (bsc#1237108). - CVE-2024-57952: Revert "libfs: fix infinite directory reads for offset dir" (bsc#1237131). - CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled (bsc#1240324). - CVE-2025-22034: mm/rmap: avoid -EBUSY from make_device_exclusive() (bsc#1241435). - CVE-2025-22077: Revert "smb: client: fix TCP timers deadlock after rmmod" (bsc#1241403). - CVE-2025-23141: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (bsc#1242782). - CVE-2025-37821: sched/eevdf: Fix se->slice being set to U64_MAX and resulting (bsc#1242864). - CVE-2025-37849: KVM: arm64: Tear down vGIC on failed vCPU creation (bsc#1243000). - CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068). - CVE-2025-37861: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (bsc#1243055). - CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965). - CVE-2025-38006: net: mctp: Do not access ifa_index when missing (bsc#1244930). - CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939). - CVE-2025-38019: mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices (bsc#1245000). - CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792). - CVE-2025-38038: cpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost (bsc#1244812). - CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151). - CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216). - CVE-2025-38075: scsi: target: iscsi: Fix timeout on deleted connection (bsc#1244734). - CVE-2025-38101: ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set() (bsc#1245659). - CVE-2025-38103: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (bsc#1245663). - CVE-2025-38106: io_uring/sqpoll: do not put task_struct on tctx setup failure (bsc#1245664). - CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695). - CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler (bsc#1245700). - CVE-2025-38125: net: stmmac: make sure that ptp_rate is not 0 before configuring EST (bsc#1245710). - CVE-2025-38146: net: openvswitch: Fix the dead loop of MPLS parse (bsc#1245767). - CVE-2025-38160: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (bsc#1245780). - CVE-2025-38168: perf: arm-ni: Unregister PMUs on probe failure (bsc#1245763). - CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970). - CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937). - CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956). - CVE-2025-38185: atm: atmtcp: Free invalid length skb in atmtcp_c_send() (bsc#1246012). - CVE-2025-38190: atm: Revert atm_account_tx() if copy_from_iter_full() fails (bsc#1245973). - CVE-2025-38201: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX (bsc#1245977). - CVE-2025-38205: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 (bsc#1246005). - CVE-2025-38208: smb: client: add NULL check in automount_fullpath (bsc#1245815). - CVE-2025-38216: iommu/vt-d: Restore context entry setup order for aliased devices (bsc#1245963). - CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966). - CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976). - CVE-2025-38242: mm: userfaultfd: fix race of userfaultfd_move and swap cache (bsc#1246176). - CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183). - CVE-2025-38245: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (bsc#1246193). - CVE-2025-38251: atm: clip: prevent NULL deref in clip_push() (bsc#1246181). - CVE-2025-38256: io_uring/rsrc: fix folio unpinning (bsc#1246188). - CVE-2025-38258: mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write (bsc#1246185). - CVE-2025-38263: bcache: fix NULL pointer in cache_set_flush() (bsc#1246248). - CVE-2025-38267: ring-buffer: Do not trigger WARN_ON() due to a commit_overrun (bsc#1246245). - CVE-2025-38270: net: drv: netdevsim: do not napi_complete() from netpoll (bsc#1246252). - CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268). - CVE-2025-38301: nvmem: zynqmp_nvmem: unbreak driver after cleanup (bsc#1246351). - CVE-2025-38306: fs/fhandle.c: fix a race in call of has_locked_children() (bsc#1246366). - CVE-2025-38311: iavf: get rid of the crit lock (bsc#1246376). - CVE-2025-38318: perf: arm-ni: Fix missing platform_set_drvdata() (bsc#1246444). - CVE-2025-38322: perf/x86/intel: Fix crash in icl_update_topdown_event() (bsc#1246447). - CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473). - CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253). - CVE-2025-38341: eth: fbnic: avoid double free when failing to DMA-map FW msg (bsc#1246260). - CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777). - CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781). - CVE-2025-38351: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782). - CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911). - CVE-2025-38359: s390/mm: Fix in_atomic() handling in do_secure_storage_access() (bsc#1247076). - CVE-2025-38360: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees (bsc#1247078). - CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023). - CVE-2025-38374: optee: ffa: fix sleep in atomic context (bsc#1247024). - CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031). - CVE-2025-38383: mm/vmalloc: fix data race in show_numa_info() (bsc#1247250). - CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169). - CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156). - CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097). - CVE-2025-38402: idpf: return 0 size for RSS key if not supported (bsc#1247262). - CVE-2025-38408: genirq/irq_sim: Initialize work context pointers properly (bsc#1247126). - CVE-2025-38418: remoteproc: core: Release rproc->clean_table after rproc_attach() fails (bsc#1247137). - CVE-2025-38419: remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() (bsc#1247136). - CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252). - CVE-2025-38439: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (bsc#1247155). - CVE-2025-38440: net/mlx5e: Fix race between DIM disable and net_dim() (bsc#1247290). - CVE-2025-38441: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (bsc#1247167). - CVE-2025-38444: raid10: cleanup memleak at raid10_make_request (bsc#1247162). - CVE-2025-38445: md/raid1: Fix stack memory use after return in raid1_reshape (bsc#1247229). - CVE-2025-38451: md/md-bitmap: fix GPF in bitmap_get_stats() (bsc#1247102). - CVE-2025-38453: kABI: io_uring: msg_ring ensure io_kiocb freeing is deferred (bsc#1247234). - CVE-2025-38456: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1247099). - CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098). - CVE-2025-38458: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (bsc#1247116). - CVE-2025-38459: atm: clip: Fix infinite recursive call of clip_push() (bsc#1247119). - CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143). - CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113). - CVE-2025-38464: tipc: Fix use-after-free in tipc_conn_close() (bsc#1247112). - CVE-2025-38470: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (bsc#1247288). - CVE-2025-38472: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (bsc#1247313). - CVE-2025-38475: smc: Fix various oops due to inet_sock type confusion (bsc#1247308). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38490: net: libwx: remove duplicate page_pool_put_full_page() (bsc#1247243). - CVE-2025-38491: mptcp: make fallback action and fallback decision atomic (bsc#1247280). - CVE-2025-38493: tracing/osnoise: Fix crash in timerlat_dump_stack() (bsc#1247283). - CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347). - CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976). - CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248088). - CVE-2025-38508: x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation (bsc#1248190). - CVE-2025-38514: rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1248202). - CVE-2025-38524: rxrpc: Fix recv-recv race of completed call (bsc#1248194). - CVE-2025-38526: ice: add NULL check in eswitch lag check (bsc#1248192). - CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199). - CVE-2025-38533: net: libwx: fix the using of Rx buffer DMA (bsc#1248200). - CVE-2025-38539: tracing: Add down_write(trace_event_sem) when adding trace event (bsc#1248211). - CVE-2025-38544: rxrpc: Fix bug due to prealloc collision (bsc#1248225). - CVE-2025-38545: net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info (bsc#1248224). - CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223). - CVE-2025-38549: efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths (bsc#1248235). - CVE-2025-38554: mm: fix a UAF when vma->mm is freed after vma->vm_refcnt got dropped (bsc#1248299). - CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296). - CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312). - CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248374). - CVE-2025-38571: sunrpc: fix client side handling of tls alerts (bsc#1248401). - CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399). - CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365). - CVE-2025-38584: padata: Fix pd UAF once and for all (bsc1248343). - CVE-2025-38588: ipv6: prevent infinite loop in rt6_nlmsg_size() (bsc#1248368). - CVE-2025-38593: kABI workaround for bluetooth discovery_state change (bsc#1248357). - CVE-2025-38597: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port (bsc#1248378). - CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338). - CVE-2025-38614: eventpoll: Fix semi-unbounded recursion (bsc#1248392). - CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1248512). - CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511). - CVE-2025-38622: net: drop UFO packets in udp_rcv_segment() (bsc#1248619). - CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610). - CVE-2025-38628: vdpa/mlx5: Fix release of uninitialized resources on error path (bsc#1248616). - CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674). - CVE-2025-38640: bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622). - CVE-2025-38643: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (bsc#1248681). - CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38660: [ceph] parse_longname(): strrchr() expects NUL-terminated string (bsc#1248634). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38676: iommu/amd: Avoid stack buffer overflow from kernel cmdline (bsc#1248775). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38684: net/sched: ets: use old 'nbands' while purging unused classes (bsc#1249156). - CVE-2025-38686: userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry (bsc#1249160). - CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182). - CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258). - CVE-2025-38709: loop: Avoid updating block size under exclusive owner (bsc#1249199). - CVE-2025-38710: gfs2: Validate i_depth for exhash directories (bsc#1249201). - CVE-2025-38730: io_uring/net: commit partial buffers on retry (bsc#1249172). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320). - CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300). - CVE-2025-39681: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (bsc#1249303). - CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1249284). - CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39698: io_uring/futex: ensure io_futex_wait() cleans up properly on failure (bsc#1249322). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39723: kABI: netfs: handle new netfs_io_stream flag (bsc#1249314). - CVE-2025-39744: rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494). - CVE-2025-39749: rcu: Protect ->defer_qs_iw_pending from data race (bsc#1249533). - CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524). - CVE-2025-39766: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (bsc#1249510). - CVE-2025-39770: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (bsc#1249508). - CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504). - CVE-2025-39775: mm/mremap: fix WARN with uffd that has remap events disabled (bsc#1249500). - CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526). - CVE-2025-39791: dm: dm-crypt: Do not partially accept write BIOs with zoned targets (bsc#1249550). - CVE-2025-39792: dm: Always split write BIOs to zoned device limits (bsc#1249618). - CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608). - CVE-2025-39813: ftrace: Also allocate and copy hash for reading of filter files (bsc#1250032). - CVE-2025-39816: io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths (bsc#1249906). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39825: smb: client: fix race with concurrent opens in rename(2) (bsc#1250179). - CVE-2025-39828: kABI workaround for struct atmdev_ops extension (bsc#1250205). - CVE-2025-39830: net/mlx5: HWS, Fix memory leak in hws_pool_buddy_init error path (bsc#1249974). - CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365). - CVE-2025-39842: ocfs2: prevent release journal inode after journal shutdown (bsc#1250267). - CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292). - CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276). - CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296). - CVE-2025-39852: net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 (bsc#1250258). - CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275). - CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297). - CVE-2025-39857: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (bsc#1250251). - CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294). - CVE-2025-39875: igb: Fix NULL pointer dereference in ethtool loopback test (bsc#1250398). - CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407). - CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742). - CVE-2025-39900: net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y (bsc#1250758). - CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702). - CVE-2025-39922: ixgbe: fix incorrect map used in eee linkmode (bsc#1250722). - CVE-2025-39926: genetlink: fix genl_bind() invoking bind() after -EPERM (bsc#1250737). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114). - CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483). - CVE-2026-38264: nvme-tcp: sanitize request list handling (bsc#1246387). The following non-security bugs were fixed: - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes). - ACPI/processor_idle: Add FFH state handling (jsc#PED-13815). - ACPI/processor_idle: Export acpi_processor_ffh_play_dead() (jsc#PED-13815). - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (stable-fixes). - ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered (stable-fixes). - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list (stable-fixes). - ACPI: LPSS: Remove AudioDSP related ID (git-fixes). - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (git-fixes). - ACPI: RISC-V: Fix FFH_CPPC_CSR error handling (git-fixes). - ACPI: Return -ENODEV from acpi_parse_spcr() when SPCR support is disabled (stable-fixes). - ACPI: Suppress misleading SPCR console message when SPCR table is absent (stable-fixes). - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (git-fixes). - ACPI: battery: Add synchronization between interface updates (git-fixes). - ACPI: debug: fix signedness issues in read/write helpers (git-fixes). - ACPI: pfr_update: Fix the driver update version check (git-fixes). - ACPI: processor: Rescan "dead" SMT siblings during initialization (jsc#PED-13815). - ACPI: processor: fix acpi_object initialization (stable-fixes). - ACPI: processor: idle: Fix memory leak when register cpuidle device failed (git-fixes). - ACPI: processor: perflib: Fix initial _PPC limit application (git-fixes). - ACPI: processor: perflib: Move problematic pr->performance check (git-fixes). - ACPI: property: Fix buffer properties extraction for subnodes (git-fixes). - ACPICA: Fix largest possible resource descriptor index (git-fixes). - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (stable-fixes). - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (stable-fixes). - ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes). - ALSA: hda/cs35l56: Workaround bad dev-index on Lenovo Yoga Book 9i GenX (stable-fixes). - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (stable-fixes). - ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes). - ALSA: hda/realtek - Add mute LED support for HP Victus 15-fa0xxx (stable-fixes). - ALSA: hda/realtek - Fix mute LED for HP Victus 16-d1xxx (MB 8A26) (stable-fixes). - ALSA: hda/realtek - Fix mute LED for HP Victus 16-r0xxx (stable-fixes). - ALSA: hda/realtek - Fix mute LED for HP Victus 16-r1xxx (stable-fixes). - ALSA: hda/realtek - Fix mute LED for HP Victus 16-s0xxx (stable-fixes). - ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup (git-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks (stable-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes). - ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 (stable-fixes). - ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again (git-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY (stable-fixes). - ALSA: hda/realtek: Fix headset mic on ASUS Zenbook 14 (git-fixes). - ALSA: hda/realtek: Fix headset mic on HONOR BRB-X (stable-fixes). - ALSA: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop (git-fixes). - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx (stable-fixes). - ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table (stable-fixes). - ALSA: hda: Disable jack polling at shutdown (stable-fixes). - ALSA: hda: Handle the jack polling always via a work (stable-fixes). - ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE() is NULL (git-fixes). - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (stable-fixes). - ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes). - ALSA: lx_core: use int type to store negative error codes (git-fixes). - ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT (git-fixes). - ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop (stable-fixes). - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes). - ALSA: timer: fix ida_free call while not allocated (git-fixes). - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (stable-fixes). - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on more devices (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on some devices (stable-fixes). - ALSA: usb-audio: Allow Focusrite devices to use low samplerates (git-fixes). - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (stable-fixes). - ALSA: usb-audio: Convert comma to semicolon (git-fixes). - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix block comments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes). - ALSA: usb-audio: Fix code alignment in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix size validation in convert_chmap_v3() (git-fixes). - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (stable-fixes). - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (stable-fixes). - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (git-fixes). - ALSA: usb-audio: Validate UAC3 cluster segment descriptors (git-fixes). - ALSA: usb-audio: Validate UAC3 power domain descriptors, too (git-fixes). - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (git-fixes). - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (stable-fixes). - ASoC: Intel: avs: Fix uninitialized pointer error in probe() (stable-fixes). - ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: catpt: Expose correct bit depth to userspace (git-fixes). - ASoC: Intel: fix SND_SOC_SOF dependencies (stable-fixes). - ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback (git-fixes). - ASoC: SOF: Intel: Read the LLP via the associated Link DMA channel (git-fixes). - ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time (git-fixes). - ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (git-fixes). - ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context (git-fixes). - ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down (git-fixes). - ASoC: SOF: ipc4-topology: Account for different ChainDMA host buffer size (git-fixes). - ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size (git-fixes). - ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode (stable-fixes). - ASoC: amd: acp: Adjust pdm gain value (stable-fixes). - ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx (stable-fixes). - ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx (stable-fixes). - ASoC: amd: yc: add DMI quirk for ASUS M6501RM (stable-fixes). - ASoC: codecs: rt5640: Retry DEVICE_ID verification (stable-fixes). - ASoC: codecs: tx-macro: correct tx_macro_component_drv name (stable-fixes). - ASoC: codecs: wcd9375: Fix double free of regulator supplies (git-fixes). - ASoC: codecs: wcd937x: Drop unused buck_supply (git-fixes). - ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (stable-fixes). - ASoC: fsl_sai: replace regmap_write with regmap_update_bits (git-fixes). - ASoC: fsl_xcvr: get channel status data when PHY is not exists (git-fixes). - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (stable-fixes). - ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes). - ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv (git-fixes). - ASoC: mediatek: use reserved memory or enable buffer pre-allocation (git-fixes). - ASoC: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes). - ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface (git-fixes). - ASoC: qcom: audioreach: fix potential null pointer dereference (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S (git-fixes). - ASoC: qcom: use drvdata instead of component to keep id (stable-fixes). - ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue (stable-fixes). - ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes). - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (stable-fixes). - ASoC: tas2781: Fix the wrong step for TLV on tas2781 (git-fixes). - ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (git-fixes). - ASoC: wm8940: Correct PLL rate rounding (git-fixes). - ASoC: wm8940: Correct typo in control name (git-fixes). - ASoC: wm8974: Correct PLL rate rounding (git-fixes). - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (git-fixes). - Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes). - Bluetooth: ISO: do not leak skb in ISO_CONT RX (git-fixes). - Bluetooth: ISO: free rx_skb if not consumed (git-fixes). - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes). - Bluetooth: MGMT: Fix possible UAFs (git-fixes). - Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown (git-fixes). - Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 (stable-fixes). - Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 (stable-fixes). - Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() (git-fixes). - Bluetooth: hci_core: Fix using {cis,bis}_capable for current settings (git-fixes). - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (git-fixes). - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (git-fixes). - Bluetooth: hci_event: Mark connection as closed during suspend disconnect (git-fixes). - Bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes). - Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success (git-fixes). - Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established (git-fixes). - Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() (stable-fixes). - Bluetooth: hci_sync: Avoid adding default advertising on startup (stable-fixes). - Bluetooth: hci_sync: Fix hci_resume_advertising_sync (git-fixes). - Bluetooth: hci_sync: Fix scan state after PA Sync has been established (git-fixes). - Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements (git-fixes). - Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF (git-fixes). - Bluetooth: hci_sync: fix set_local_name race condition (git-fixes). - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early (git-fixes). - CONFIG & no reference -> OK temporarily, must be resolved eventually - Disable CET before shutdown by tboot (bsc#1247950). - Docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes). - Documentation/x86: Document new attack vector controls (git-fixes). - Documentation: ACPI: Fix parent device references (git-fixes). - Documentation: KVM: Fix unexpected unindent warning (git-fixes). - Documentation: KVM: Fix unexpected unindent warnings (git-fixes). - Documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes). - Drop ath12k patch that was reverted in the upstream (git-fixes) - EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693). - Enable CONFIG_CMA_SYSFS This is a generally useful feature for anyone using CMA or investigating CMA issues, with a small and simple code base and no runtime overhead. - Enable MT7925 WiFi drivers for openSUSE Leap 16.0 (bsc#1247325) - Enable SMC_LO (a.k.a SMC-D) (jsc#PED-13256). - Fix bogus i915 patch backport (bsc#1238972) It's been already cherry-picked in 6.12 kernel itself. - Fix dma_unmap_sg() nents value (git-fixes) - HID: amd_sfh: Add sync across amd sfh work functions (git-fixes). - HID: apple: avoid setting up battery timer for devices without battery (git-fixes). - HID: apple: validate feature-report field count to prevent NULL pointer dereference (git-fixes). - HID: asus: add support for missing PX series fn keys (stable-fixes). - HID: asus: fix UAF via HID_CLAIMED_INPUT validation (git-fixes). - HID: core: do not bypass hid_hw_raw_request (stable-fixes). - HID: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes). - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (stable-fixes). - HID: hidraw: tighten ioctl command parsing (git-fixes). - HID: input: rename hidinput_set_battery_charge_status() (stable-fixes). - HID: input: report battery status changes immediately (git-fixes). - HID: intel-ish-ipc: Remove redundant ready check after timeout function (git-fixes). - HID: logitech: Add ids for G PRO 2 LIGHTSPEED (stable-fixes). - HID: magicmouse: avoid setting up battery timer when not needed (git-fixes). - HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (git-fixes). - HID: quirks: add support for Legion Go dual dinput modes (stable-fixes). - HID: wacom: Add a new Art Pen 2 (stable-fixes). - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes) - IB/sa: Fix sa_local_svc_timeout_ms read race (git-fixes) - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (stable-fixes). - Input: iqs7222 - avoid enabling unused interrupts (stable-fixes). - Input: psxpad-spi - add a check for the return value of spi_setup() (git-fixes). - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (git-fixes). - KEYS: X.509: Fix Basic Constraints CA flag parsing (git-fixes). - KEYS: trusted_tpm1: Compare HMAC values in constant time (git-fixes). - KVM: Allow CPU to reschedule while setting per-page memory attributes (git-fixes). - KVM: Bail from the dirty ring reset flow if a signal is pending (git-fixes). - KVM: Bound the number of dirty ring entries in a single reset at INT_MAX (git-fixes). - KVM: Conditionally reschedule when resetting the dirty ring (git-fixes). - KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199). - KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest (git-fixes). - KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes). - KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (git-fixes). - KVM: TDX: Add new TDVMCALL status code for unsupported subfuncs (jsc#PED-13302). - KVM: TDX: Do not report base TDVMCALLs (git-fixes). - KVM: TDX: Exit to userspace for GetTdVmCallInfo (jsc#PED-13302). - KVM: TDX: Exit to userspace for SetupEventNotifyInterrupt (jsc#PED-13302). - KVM: TDX: Handle TDG.VP.VMCALL<GetQuote> (jsc#PED-13302). - KVM: TDX: Report supported optional TDVMCALLs in TDX capabilities (jsc#PED-13302). - KVM: TDX: Use kvm_arch_vcpu.host_debugctl to restore the host's DEBUGCTL (git-fixes). - KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes). - KVM: VMX: Ensure unused kvm_tdx_capabilities fields are zeroed out (jsc#PED-13302). - KVM: arm64: Adjust range correctly during host stage-2 faults (git-fixes). - KVM: arm64: Do not free hyp pages with pKVM on GICv2 (git-fixes). - KVM: arm64: Fix error path in init_hyp_mode() (git-fixes). - KVM: arm64: Mark freed S2 MMUs as invalid (git-fixes). - KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes). - KVM: s390: Fix access to unavailable adapter indicator pages during postcopy (git-fixes bsc#1250124). - KVM: s390: Fix incorrect usage of mmu_notifier_register() (git-fixes bsc#1250123). - KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (git-fixes). - KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table (git-fixes). - KVM: x86: Avoid calling kvm_is_mmio_pfn() when kvm_x86_ops.get_mt_mask is NULL (git-fixes). - KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes). - KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (git-fixes). - KVM: x86: Reject KVM_SET_TSC_KHZ vCPU ioctl for TSC protected guest (git-fixes). - KVM: x86: avoid underflow when scaling TSC frequency (git-fixes). - Limit patch filenames to 100 characters (bsc#1249604). - Move upstreamed SPI patch into sorted section - NFS: Fix a race when updating an existing write (git-fixes). - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes). - NFS: Fix the setting of capabilities when automounting a new filesystem (git-fixes). - NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes). - NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY (git-fixes). - NFS: nfs_invalidate_folio() must observe the offset and size arguments (git-fixes). - NFSD: Define a proc_layoutcommit for the FlexFiles layout type (git-fixes). - NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (git-fixes). - NFSD: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes). - NFSv4.1: fix backchannel max_resp_sz verification check (git-fixes). - NFSv4.2: another fix for listxattr (git-fixes). - NFSv4/flexfiles: Fix layout merge mirror check (git-fixes). - NFSv4: Clear NFS_CAP_OPEN_XOR and NFS_CAP_DELEGTIME if not supported (git-fixes). - NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (git-fixes). - NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (git-fixes). - NFSv4: Do not clear capabilities that won't be reset (git-fixes). - Octeontx2-af: Skip overlap check for SPI field (git-fixes). - PCI/ACPI: Fix pci_acpi_preserve_config() memory leak (git-fixes). - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes). - PCI/AER: Fix missing uevent on recovery when a reset is requested (git-fixes). - PCI/ERR: Fix uevent on failure to recover (git-fixes). - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (git-fixes). - PCI/MSI: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457). - PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge (git-fixes). - PCI/pwrctrl: Fix device leak at registration (git-fixes). - PCI/sysfs: Ensure devices are powered for config reads (git-fixes). - PCI: Extend isolated function probing to LoongArch (git-fixes). - PCI: Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to PCIE_RESET_CONFIG_WAIT_MS (git-fixes). - PCI: Support Immediate Readiness on devices without PM capabilities (git-fixes). - PCI: dw-rockchip: Replace PERST# sleep time with proper macro (git-fixes). - PCI: dw-rockchip: Wait PCIE_RESET_CONFIG_WAIT_MS after link-up IRQ (git-fixes). - PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up (stable-fixes). - PCI: endpoint: Fix configfs group list head handling (git-fixes). - PCI: endpoint: Fix configfs group removal on driver teardown (git-fixes). - PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes). - PCI: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes). - PCI: hv: Allow dynamic MSI-X vector allocation (bsc#1245457). - PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features (git-fixes). - PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features (git-fixes). - PCI: imx6: Add i.MX8Q PCIe Endpoint (EP) support (git-fixes). - PCI: imx6: Delay link start until configfs 'start' written (git-fixes). - PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset (git-fixes). - PCI: j721e: Fix incorrect error message in probe() (git-fixes). - PCI: j721e: Fix programming sequence of "strap" settings (git-fixes). - PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit (git-fixes). - PCI: pnv_php: Clean up allocated IRQs on unplug (bsc#1215199). - PCI: pnv_php: Work around switches with broken presence detection (bsc#1215199). - PCI: qcom: Wait PCIE_RESET_CONFIG_WAIT_MS after link-up IRQ (git-fixes). - PCI: rcar-gen4: Add missing 1ms delay after PWR reset assertion (git-fixes). - PCI: rcar-gen4: Assure reset occurs before DBI access (git-fixes). - PCI: rcar-gen4: Fix PHY initialization (git-fixes). - PCI: rcar-gen4: Fix inverted break condition in PHY initialization (git-fixes). - PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git-fixes). - PCI: rcar-host: Drop PMSR spinlock (git-fixes). - PCI: rockchip-host: Fix "Unexpected Completion" log message (git-fixes). - PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining (git-fixes). - PCI: rockchip: Use standard PCIe definitions (git-fixes). - PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (git-fixes). - PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes). - PCI: tegra194: Handle errors in BPMP response (git-fixes). - PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes). - PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock (git-fixes). - PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (git-fixes). - PCI: xilinx-nwl: Fix ECAM programming (git-fixes). - PM / devfreq: Check governor before using governor->name (git-fixes). - PM / devfreq: Fix a index typo in trans_stat (git-fixes). - PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() (stable-fixes). - PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() (git-fixes). - PM / devfreq: rockchip-dfi: double count on RK3588 (git-fixes). - PM: EM: use kfree_rcu() to simplify the code (stable-fixes). - PM: cpufreq: powernv/tracing: Move powernv_throttle trace event (git-fixes). - PM: hibernate: Add pm_hibernation_mode_is_suspend() (bsc#1243112). - PM: hibernate: Add stub for pm_hibernate_is_recovering() (bsc#1243112). - PM: hibernate: Fix pm_hibernation_mode_is_suspend() build breakage (bsc#1243112). - PM: hibernate: add new api pm_hibernate_is_recovering() (bsc#1243112). - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (stable-fixes). - PM: runtime: Take active children into account in pm_runtime_get_if_in_use() (git-fixes). - PM: sleep: console: Fix the black screen issue (stable-fixes). - PM: sleep: core: Clear power.must_resume in noirq suspend error path (git-fixes). - RAS/AMD/ATL: Include row bit in row retirement (bsc#1242034). - RAS/AMD/FMPM: Get masked address (bsc#1242034). - RDMA/bnxt_re: Fix a possible memory leak in the driver (git-fixes) - RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM (git-fixes) - RDMA/bnxt_re: Fix to do SRQ armena by default (git-fixes) - RDMA/bnxt_re: Fix to initialize the PBL array (git-fixes) - RDMA/bnxt_re: Fix to remove workload check in SRQ limit path (git-fixes) - RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes) - RDMA/core: Rate limit GID cache warning messages (git-fixes) - RDMA/core: Resolve MAC of next-hop device without ARP support (git-fixes) - RDMA/core: reduce stack using in nldev_stat_get_doit() (git-fixes) - RDMA/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes) - RDMA/erdma: Fix ignored return value of init_kernel_qp (git-fixes) - RDMA/hns: Drop GFP_NOWARN (git-fixes) - RDMA/hns: Fix -Wframe-larger-than issue (git-fixes) - RDMA/hns: Fix HW configurations not cleared in error flow (git-fixes) - RDMA/hns: Fix accessing uninitialized resources (git-fixes) - RDMA/hns: Fix dip entries leak on devices newer than hip09 (git-fixes) - RDMA/hns: Fix double destruction of rsv_qp (git-fixes) - RDMA/hns: Fix querying wrong SCC context for DIP algorithm (git-fixes) - RDMA/hns: Get message length of ack_req from FW (git-fixes) - RDMA/mana_ib: Add device statistics support (bsc#1246651). - RDMA/mana_ib: Drain send wrs of GSI QP (bsc#1251135). - RDMA/mana_ib: Extend modify QP (bsc#1251135). - RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes). - RDMA/mana_ib: add additional port counters (git-fixes). - RDMA/mana_ib: add support of multiple ports (git-fixes). - RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count (git-fixes) - RDMA/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes) - RDMA/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes) - RDMA/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes) - RDMA/mlx5: Fix UMR modifying of mkey page size (git-fixes) - RDMA/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes) - RDMA/mlx5: Fix vport loopback forcing for MPV device (git-fixes) - RDMA/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes) - RDMA/rxe: Fix race in do_task() when draining (git-fixes) - RDMA/rxe: Flush delayed SKBs while releasing RXE resources (git-fixes) - RDMA/siw: Always report immediate post SQ errors (git-fixes) - RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes) - RDMA/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes) - RDMA/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes) - RDMA/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes) - RDMA/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes) - RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (git-fixes) - README.BRANCH: mfranc@suse.cz leaving SUSE - RISC-V: Add defines for the SBI nested acceleration extension (jsc#PED-348). - Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" (git-fixes). - Reapply "x86/smp: Eliminate mwait_play_dead_cpuid_hint()" (jsc#PED-13815). - Revert "SUNRPC: Do not allow waiting for exiting tasks" (git-fixes). - Revert "drm/amdgpu: fix incorrect vm flags to map bo" (stable-fixes). - Revert "drm/nouveau: check ioctl command codes better" (git-fixes). - Revert "gpio: mlxbf3: only get IRQ for device instance 0" (git-fixes). - Revert "leds: trigger: netdev: Configure LED blink interval for HW offload" (git-fixes). - Revert "mac80211: Dynamically set CoDel parameters per station" (stable-fixes). - Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running" (git-fixes). - Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" (stable-fixes). - Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO" (git-fixes). - SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes). - Squashfs: add additional inode sanity checking (git-fixes). - Squashfs: fix uninit-value in squashfs_get_parent (git-fixes). - Squashfs: reject negative file sizes in squashfs_read_inode() (git-fixes). - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (git-fixes). - USB: gadget: f_hid: Fix memory leak in hidg_bind error path (git-fixes). - USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes). - USB: serial: option: add Foxconn T99W640 (stable-fixes). - USB: serial: option: add Foxconn T99W709 (stable-fixes). - USB: serial: option: add SIMCom 8230C compositions (stable-fixes). - USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes). - USB: serial: option: add Telit Cinterion FN990A w/audio compositions (stable-fixes). - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (stable-fixes). - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (stable-fixes). - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (stable-fixes). - Update config files. (bsc#1249186) Enable where we define KABI refs + rely on Kconfig deps. - Update config files: revive pwc driver for Leap (bsc#1249060) - accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() (git-fixes). - accel/ivpu: Correct DCT interrupt handling (git-fixes). - accel/ivpu: Fix reset_engine debugfs file logic (stable-fixes). - accel/ivpu: Fix warning in ivpu_gem_bo_free() (git-fixes). - accel/ivpu: Prevent recovery work from being queued during device removal (git-fixes). - amdgpu/amdgpu_discovery: increase timeout limit for IFWI init (stable-fixes). - aoe: defer rexmit timer downdev work to workqueue (git-fixes). - arch/powerpc: Remove .interp section in vmlinux (bsc#1215199). - arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (git-fixes) - arm64/mm: Check PUD_TYPE_TABLE in pud_bad() (git-fixes) - arm64/mm: Check pmd_table() in pmd_trans_huge() (git-fixes) - arm64/mm: Close theoretical race where stale TLB entry remains valid (git-fixes) - arm64/mm: Drop wrong writes into TCR2_EL1 (git-fixes) - arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes) - arm64/sysreg: Add register fields for HDFGRTR2_EL2 (git-fixes) - arm64/sysreg: Add register fields for HDFGWTR2_EL2 (git-fixes) - arm64/sysreg: Add register fields for HFGITR2_EL2 (git-fixes) - arm64/sysreg: Add register fields for HFGRTR2_EL2 (git-fixes) - arm64/sysreg: Add register fields for HFGWTR2_EL2 (git-fixes) - arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1 (git-fixes) - arm64: Filter out SME hwcaps when FEAT_SME isn't implemented (git-fixes) - arm64: Handle KCOV __init vs inline mismatches (git-fixes) - arm64: Mark kernel as tainted on SAE and SError panic (git-fixes) - arm64: Restrict pagetable teardown to avoid false warning (git-fixes) - arm64: config: Make tpm_tis_spi module build-in (bsc#1246896) - arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (git-fixes) - arm64: dts: add big-endian property back into watchdog node (git-fixes) - arm64: dts: apple: Add ethernet0 alias for J375 template (git-fixes) - arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map (git-fixes) - arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename (git-fixes) - arm64: dts: exynos: gs101: Add 'local-timer-stop' to cpuidle nodes (git-fixes) - arm64: dts: exynos: gs101: ufs: add dma-coherent property (git-fixes) - arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on (git-fixes) - arm64: dts: freescale: imx93-tqma9352: Limit BUCK2 to 600mV (git-fixes) - arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI (git-fixes) - arm64: dts: imx8mm-venice-gw700x: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7901: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7903: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7904: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mn-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI (git-fixes) - arm64: dts: imx8mn-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mp-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes) - arm64: dts: imx8mp-venice-gw702x: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mp-venice-gw71xx: fix TPM SPI frequency (git-fixes) - arm64: dts: imx8mp-venice-gw72xx: fix TPM SPI frequency (git-fixes) - arm64: dts: imx8mp-venice-gw73xx: fix TPM SPI frequency (git-fixes) - arm64: dts: imx8mp-venice-gw74xx: fix TPM SPI frequency (git-fixes) - arm64: dts: imx8mp: Correct thermal sensor index (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes) - arm64: dts: imx93-kontron: Fix GPIO for panel regulator (git-fixes) - arm64: dts: imx93-kontron: Fix USB port assignment (git-fixes) - arm64: dts: imx95: Correct the DMA interrupter number of pcie0_ep (git-fixes) - arm64: dts: imx95: Correct the lpuart7 and lpuart8 srcid (git-fixes) - arm64: dts: marvell: cn9132-clearfog: disable eMMC high-speed modes (git-fixes) - arm64: dts: marvell: cn9132-clearfog: fix multi-lane pci x2 and x4 (git-fixes) - arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi 4B (git-fixes). - arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi CM5 (git-fixes) - arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes) - arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3566-rock3c (git-fixes) - arm64: dts: rockchip: Fix Bluetooth interrupts flag on Neardi LBA3368 (git-fixes) - arm64: dts: rockchip: Fix the headphone detection on the orangepi 5 (git-fixes) - arm64: dts: rockchip: Move SHMEM memory to reserved memory on rk3588 (git-fixes) - arm64: dts: rockchip: Update eMMC for NanoPi R5 series (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma (git-fixes) - arm64: dts: rockchip: fix endpoint dtc warning for PX30 ISP (git-fixes) - arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes) - arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes) - arm64: dts: st: fix timer used for ticks (git-fixes) - arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes) - arm64: map [_text, _stext) virtual address range (git-fixes) - arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes) - arm64: poe: Handle spurious Overlay faults (git-fixes) - arm64: rust: clean Rust 1.85.0 warning using softfloat target (git-fixes) - arm64: stacktrace: Check kretprobe_find_ret_addr() return value (git-fixes) - arm64: tegra: Add uartd serial alias for Jetson TX1 module (git-fixes) - arm64: tegra: Drop remaining serial clock-names and reset-names (git-fixes) - arm64: tegra: Resize aperture for the IGX PCIe C5 slot (git-fixes) - arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator (git-fixes) - arm64: zynqmp: add clock-output-names property in clock nodes (git-fixes) - ata: ahci: Disable DIPM if host lacks support (stable-fixes). - ata: ahci: Disallow LPM policy control if not supported (stable-fixes). - ata: libata-sata: Add link_power_management_supported sysfs attribute (git-fixes). - ata: libata-sata: Disallow changing LPM state if not supported (stable-fixes). - ata: libata-scsi: Fix CDL control (git-fixes). - audit,module: restore audit logging in load failure case (git-fixes). - ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes). - batman-adv: fix OOB read/write in network-coding decode (git-fixes). - benet: fix BUG when creating VFs (git-fixes). - block: Introduce bio_needs_zone_write_plugging() (git-fixes). - block: Make REQ_OP_ZONE_FINISH a write operation (git-fixes, bsc#1249552). - block: ensure discard_granularity is zero when discard is not supported (git-fixes). - block: fix kobject leak in blk_unregister_queue (git-fixes). - block: mtip32xx: Fix usage of dma_map_sg() (git-fixes). - block: sanitize chunk_sectors for atomic write limits (git-fixes). - bnxt_en: Add a helper function to configure MRU and RSS (git-fixes). - bnxt_en: Adjust TX rings if reservation is less than requested (git-fixes). - bnxt_en: Fix DCB ETS validation (git-fixes). - bnxt_en: Fix memory corruption when FW resources change during ifdown (git-fixes). - bnxt_en: Fix stats context reservation logic (git-fixes). - bnxt_en: Flush FW trace before copying to the coredump (git-fixes). - bnxt_en: Update MRU and RSS table of RSS contexts on queue reset (git-fixes). - bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL (git-fixes). - bpf, arm64: Call bpf_jit_binary_pack_finalize() in bpf_jit_free() (git-fixes) - bpf, arm64: Fix fp initialization for exception boundary (git-fixes) - bpf, docs: Fix broken link to renamed bpf_iter_task_vmas.c (git-fixes). - bpf, sockmap: Fix psock incorrectly pointing to sk (git-fixes). - bpf: Adjust free target to avoid global starvation of LRU map (git-fixes). - bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps (git-fixes). - bpf: Avoid RCU context warning when unpinning htab with internal structs (git-fixes). - bpf: Check link_create.flags parameter for multi_kprobe (git-fixes). - bpf: Check link_create.flags parameter for multi_uprobe (git-fixes). - bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (git-fixes). - bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ (git-fixes). - bpf: Forget ranges when refining tnum after JSET (git-fixes). - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes). - bpf: Only fails the busy counter check in bpf_cgrp_storage_get if it creates storage (git-fixes). - bpf: Reject %p% format string in bprintf-like helpers (git-fixes). - bpf: Reject attaching fexit/fmod_ret to __noreturn functions (git-fixes). - bpf: Reject narrower access to pointer ctx fields (git-fixes). - bpf: Return prog btf_id without capable check (git-fixes). - bpf: Use preempt_count() directly in bpf_send_signal_common() (git-fixes). - bpf: Use proper type to calculate bpf_raw_tp_null_args.mask index (git-fixes). - bpf: fix possible endless loop in BPF map iteration (git-fixes). - btrfs: abort transaction during log replay if walk_log_tree() failed (git-fixes). - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (git-fixes). - btrfs: add assertions and comment about path expectations to btrfs_cross_ref_exist() (git-fixes). - btrfs: add debug build only WARN (bsc#1249038). - btrfs: add function comment for check_committed_ref() (git-fixes). - btrfs: always abort transaction on failure to add block group to free space tree (git-fixes). - btrfs: avoid load/store tearing races when checking if an inode was logged (git-fixes). - btrfs: avoid redundant call to get inline ref type at check_committed_ref() (git-fixes). - btrfs: avoid starting new transaction when cleaning qgroup during subvolume drop (git-fixes). - btrfs: clear dirty status from extent buffer on error at insert_new_root() (git-fixes). - btrfs: codify pattern for adding block_group to bg_list (git-fixes). - btrfs: convert ASSERT(0) with handled errors to DEBUG_WARN() (bsc#1249038). - btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (git-fixes). - btrfs: correctly escape subvol in btrfs_show_options() (git-fixes). - btrfs: do not allow relocation of partially dropped subvolumes (bsc#1249540). - btrfs: do not ignore inode missing when replaying log tree (git-fixes). - btrfs: do not output error message if a qgroup has been already cleaned up (git-fixes). - btrfs: do not return VM_FAULT_SIGBUS on failure to set delalloc for mmap write (bsc#1247949). - btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes). - btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes). - btrfs: enhance ASSERT() to take optional format string (bsc#1249038). - btrfs: error on missing block group when unaccounting log tree extent buffers (git-fixes). - btrfs: exit after state split error at set_extent_bit() (git-fixes). - btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068) - btrfs: fix -ENOSPC mmap write failure on NOCOW files/extents (bsc#1247949). - btrfs: fix assertion when building free space tree (git-fixes). - btrfs: fix corruption reading compressed range when block size is smaller than page size (git-fixes). - btrfs: fix data overwriting bug during buffered write when block size < page size (git-fixes). - btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() (git-fixes). - btrfs: fix incorrect log message for nobarrier mount option (git-fixes). - btrfs: fix inode lookup error handling during log replay (git-fixes). - btrfs: fix invalid extref key setup when replaying dentry (git-fixes). - btrfs: fix invalid inode pointer after failure to create reloc inode (git-fixes). - btrfs: fix invalid inode pointer dereferences during log replay (git-fixes). - btrfs: fix iteration bug in __qgroup_excl_accounting() (git-fixes). - btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes). - btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes). - btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes). - btrfs: fix printing of mount info messages for NODATACOW/NODATASUM (git-fixes). - btrfs: fix race between logging inode and checking if it was logged before (git-fixes). - btrfs: fix race between setting last_dir_index_offset and inode logging (git-fixes). - btrfs: fix squota compressed stats leak (git-fixes). - btrfs: fix ssd_spread overallocation (git-fixes). - btrfs: fix subvolume deletion lockup caused by inodes xarray race (git-fixes). - btrfs: fix the inode leak in btrfs_iget() (git-fixes). - btrfs: fix two misuses of folio_shift() (git-fixes). - btrfs: fix wrong length parameter for btrfs_cleanup_ordered_extents() (git-fixes). - btrfs: handle unaligned EOF truncation correctly for subpage cases (bsc#1249038). - btrfs: initialize inode::file_extent_tree after i_mode has been set (git-fixes). - btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068) - btrfs: make btrfs_iget() return a btrfs inode instead (git-fixes). - btrfs: make btrfs_iget_path() return a btrfs inode instead (git-fixes). - btrfs: move transaction aborts to the error site in add_block_group_free_space() (git-fixes). - btrfs: pass a btrfs_inode to fixup_inode_link_count() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_defrag_file() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_double_mmap_lock() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_double_mmap_unlock() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_extent_same_range() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_fill_inode() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_iget_locked() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_inode_inherit_props() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_inode_type() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_load_inode_props() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_read_locked_inode() (git-fixes). - btrfs: pass struct btrfs_inode to can_nocow_extent() (git-fixes). - btrfs: pass struct btrfs_inode to clone_copy_inline_extent() (git-fixes). - btrfs: pass struct btrfs_inode to extent_range_clear_dirty_for_io() (git-fixes). - btrfs: pass struct btrfs_inode to fill_stack_inode_item() (git-fixes). - btrfs: pass struct btrfs_inode to new_simple_dir() (git-fixes). - btrfs: pass true to btrfs_delalloc_release_space() at btrfs_page_mkwrite() (bsc#1247949). - btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes). - btrfs: props: switch prop_handler::apply to struct btrfs_inode (git-fixes). - btrfs: props: switch prop_handler::extract to struct btrfs_inode (git-fixes). - btrfs: push cleanup into btrfs_read_locked_inode() (git-fixes). - btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled (git-fixes). - btrfs: qgroup: fix race between quota disable and quota rescan ioctl (git-fixes). - btrfs: qgroup: remove no longer used fs_info->qgroup_ulist (git-fixes). - btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations (git-fixes). - btrfs: record new subvolume in parent dir earlier to avoid dir logging races (git-fixes). - btrfs: remove conditional path allocation in btrfs_read_locked_inode() (git-fixes). - btrfs: remove no longer needed strict argument from can_nocow_extent() (git-fixes). - btrfs: remove redundant path release when replaying a log tree (git-fixes). - btrfs: remove the snapshot check from check_committed_ref() (git-fixes). - btrfs: restore mount option info messages during mount (git-fixes). - btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes). - btrfs: return a btrfs_inode from read_one_inode() (git-fixes). - btrfs: return any hit error from extent_writepage_io() (git-fixes). - btrfs: send: remove unnecessary inode lookup at send_encoded_inline_extent() (git-fixes). - btrfs: simplify arguments for btrfs_cross_ref_exist() (git-fixes). - btrfs: simplify early error checking in btrfs_page_mkwrite() (bsc#1247949). - btrfs: simplify error detection flow during log replay (git-fixes). - btrfs: simplify return logic at check_committed_ref() (git-fixes). - btrfs: subpage: fix the bitmap dump of the locked flags (git-fixes). - btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes). - btrfs: tree-checker: fix the incorrect inode ref size check (git-fixes). - btrfs: unfold transaction aborts when replaying log trees (git-fixes). - btrfs: unify ordering of btrfs_key initializations (git-fixes). - btrfs: update superblock's device bytes_used when dropping chunk (git-fixes). - btrfs: use a single variable to track return value at btrfs_page_mkwrite() (bsc#1247949). - btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes). - btrfs: use filemap_get_folio() helper (git-fixes). - btrfs: use struct btrfs_inode inside btrfs_get_name() (git-fixes). - btrfs: use struct btrfs_inode inside btrfs_get_parent() (git-fixes). - btrfs: use struct btrfs_inode inside btrfs_remap_file_range() (git-fixes). - btrfs: use struct btrfs_inode inside btrfs_remap_file_range_prep() (git-fixes). - btrfs: use struct btrfs_inode inside create_pending_snapshot() (git-fixes). - btrfs: use verbose ASSERT() in volumes.c (bsc#1249038). - build_bug.h: Add KABI assert (bsc#1249186). - bus: firewall: Fix missing static inline annotations for stubs (git-fixes). - bus: fsl-mc: Check return value of platform_get_resource() (git-fixes). - bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes). - bus: mhi: ep: Fix chained transfer handling in read path (git-fixes). - bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes). - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (git-fixes). - bus: mhi: host: pci_generic: Fix the modem name of Foxconn T99W640 (git-fixes). - can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled (stable-fixes). - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: j1939: implement NETDEV_UNREGISTER notification handler (git-fixes). - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (git-fixes). - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (git-fixes). - can: kvaser_pciefd: Store device channel index (git-fixes). - can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes). - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes). - can: peak_usb: fix USB FD devices potential malfunction (git-fixes). - can: peak_usb: fix shift-out-of-bounds issue (git-fixes). - can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (stable-fixes). - can: rcar_canfd: Fix controller mode setting (stable-fixes). - can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (git-fixes). - cdc-acm: fix race between initial clearing halt and open (git-fixes). - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN (stable-fixes). - cdx: Fix off-by-one error in cdx_rpmsg_probe() (git-fixes). - cgroup/cpuset: Fix a partition error with CPU hotplug (bsc#1241166). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key (bsc#1241166). - cgroup: Add compatibility option for content of /proc/cgroups (jsc#PED-12405). - cgroup: Print message when /proc/cgroups is read on v2-only system (jsc#PED-12405). - cgroup: llist: avoid memory tears for llist_node (bsc#1247963). - cgroup: make css_rstat_updated nmi safe (bsc#1247963). - cgroup: remove per-cpu per-subsystem locks (bsc#1247963). - cgroup: support to enable nmi-safe css_rstat_updated (bsc#1247963). - char: misc: Fix improper and inaccurate error code returned by misc_init() (stable-fixes). - clk: at91: peripheral: fix return value (git-fixes). - clk: at91: sam9x7: update pll clk ranges (git-fixes). - clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes). - clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes). - clk: imx95-blk-ctl: Fix synchronous abort (git-fixes). - clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() (git-fixes). - clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m (git-fixes). - clk: qcom: common: Fix NULL vs IS_ERR() check in qcom_cc_icc_register() (git-fixes). - clk: qcom: gcc-ipq8074: fix broken freq table for nss_port6_tx_clk_src (git-fixes). - clk: qcom: tcsrcc-x1e80100: Set the bi_tcxo as parent to eDP refclk (git-fixes). - clk: renesas: cpg-mssr: Fix memory leak in cpg_mssr_reserved_init() (git-fixes). - clk: renesas: rzv2h: Fix missing CLK_SET_RATE_PARENT flag for ddiv clocks (git-fixes). - clk: samsung: exynos850: fix a comment (git-fixes). - clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD (git-fixes). - clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock (git-fixes). - clk: sunxi-ng: v3s: Fix de clock definition (git-fixes). - clk: tegra: do not overallocate memory for bpmp clocks (git-fixes). - clk: thead: th1520-ap: Correctly refer the parent of osc_12m (git-fixes). - clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes). - comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() (git-fixes). - comedi: Make insn_rw_emulate_bits() do insn->n samples (git-fixes). - comedi: fix race between polling and detaching (git-fixes). - comedi: pcl726: Prevent invalid irq number (git-fixes). - compiler-clang.h: define __SANITIZE_*__ macros only when undefined (stable-fixes). - compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes). - config.sh: SLFO 1.2 branched in IBS - config: arm64: default: enable mtu3 dual-role support for MediaTek platforms (bsc#1245206) - coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes). - cpu: Define attack vectors (git-fixes). - cpufreq/amd-pstate: Fix a regression leading to EPP 0 after resume (git-fixes). - cpufreq/amd-pstate: Fix setting of CPPC.min_perf in active mode for performance governor (git-fixes). - cpufreq/sched: Explicitly synchronize limits_changed flag (git-fixes) - cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS (git-fixes) - cpufreq: Add SM8650 to cpufreq-dt-platdev blocklist (stable-fixes). - cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay (stable-fixes). - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag (stable-fixes). - cpufreq: Exit governor when failed to start old governor (stable-fixes). - cpufreq: Init policy->rwsem before it may be possibly used (git-fixes). - cpufreq: Initialize cpufreq-based frequency-invariance later (git-fixes). - cpufreq: Initialize cpufreq-based invariance before subsys (git-fixes). - cpufreq: Make drivers using CPUFREQ_ETERNAL specify transition latency (stable-fixes git-fixes). - cpufreq: Reference count policy in cpufreq_update_limits() (git-fixes). - cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (stable-fixes). - cpufreq: armada-8k: make both cpu masks static (git-fixes). - cpufreq: cppc: Fix invalid return value in .get() callback (git-fixes). - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (git-fixes). - cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode (stable-fixes). - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode (git-fixes). - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (git-fixes). - cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (git-fixes). - cpufreq: mediatek: fix device leak on probe failure (git-fixes). - cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (git-fixes). - cpufreq: scmi: Skip SCMI devices that are not used by the CPUs (stable-fixes). - cpufreq: scpi: compare kHz instead of Hz (git-fixes). - cpufreq: sun50i: prevent out-of-bounds access (git-fixes). - cpufreq: tegra186: Set target frequency for all cpus in policy (git-fixes). - cpufreq: tegra186: Share policy per cluster (stable-fixes). - cpupower: Fix a bug where the -t option of the set subcommand was not working (stable-fixes). - crypto: af_alg - Set merge to zero early in af_alg_sendmsg (git-fixes). - crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes). - crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes). - crypto: atmel - Fix dma_unmap_sg() direction (git-fixes). - crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP (git-fixes). - crypto: ccp - Add missing bootloader info reg for pspv6 (stable-fixes). - crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes). - crypto: ccp - Fix locking on alloc failure handling (git-fixes). - crypto: essiv - Check ssize for decryption and in-place encryption (git-fixes). - crypto: hisilicon - re-enable address prefetch after device resuming (git-fixes). - crypto: hisilicon/hpre - fix dma unmap sequence (stable-fixes). - crypto: hisilicon/qm - check whether the input function and PF are on the same device (git-fixes). - crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs (git-fixes). - crypto: hisilicon/zip - remove unnecessary validation for high-performance mode configurations (git-fixes). - crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes). - crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes). - crypto: jitter - fix intermediary handling (stable-fixes). - crypto: keembay - Add missing check after sg_nents_for_len() (git-fixes). - crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes). - crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes). - crypto: octeontx2 - Call strscpy() with correct size argument (git-fixes). - crypto: octeontx2 - Fix address alignment issue on ucode loading (stable-fixes). - crypto: octeontx2 - Fix address alignment on CN10K A0/A1 and OcteonTX2 (stable-fixes). - crypto: octeontx2 - Fix address alignment on CN10KB and CN10KA-B0 (stable-fixes). - crypto: octeontx2 - add timeout for load_fvc completion poll (stable-fixes). - crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes). - crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes). - crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes). - crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes). - crypto: qat - fix state restore for banks with exceptions (git-fixes). - crypto: qat - flush misc workqueue during device shutdown (git-fixes). - crypto: qat - lower priority for skcipher and aead algorithms (stable-fixes). - crypto: qat - use unmanaged allocation for dc_data (git-fixes). - crypto: rng - Ensure set_ent is always present (git-fixes). - crypto: rockchip - Fix dma_unmap_sg() nents value (git-fixes). - crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes). - devlink: Add support for u64 parameters (jsc#PED-13331). - devlink: avoid param type value translations (jsc#PED-13331). - devlink: define enum for attr types of dynamic attributes (jsc#PED-13331). - devlink: introduce devlink_nl_put_u64() (jsc#PED-13331). - devlink: let driver opt out of automatic phys_port_name generation (git-fixes). - dm-mpath: do not print the "loaded" message if registering fails (git-fixes). - dm-stripe: limit chunk_sectors to the stripe size (git-fixes). - dm-table: fix checking for rq stackable devices (git-fixes). - dm: Check for forbidden splitting of zone write operations (git-fixes). - dm: split write BIOs on zone boundaries when zone append is not emulated (git-fixes). - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted (stable-fixes). - dmaengine: Fix dma_async_tx_descriptor->tx_submit documentation (git-fixes). - dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes). - dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate (git-fixes). - dmaengine: fsl-dpaa2-qdma: Drop unused mc_enc() (git-fixes). - dmaengine: idxd: Fix double free in idxd_setup_wqs() (git-fixes). - dmaengine: idxd: Fix refcount underflow on module unload (git-fixes). - dmaengine: idxd: Remove improper idxd_free (git-fixes). - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (git-fixes). - dmaengine: mmp: Fix again Wvoid-pointer-to-enum-cast warning (git-fixes). - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes). - dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes). - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (git-fixes). - dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes). - dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs (stable-fixes). - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (git-fixes). - docs: admin-guide: update to current minimum pipe size default (git-fixes). - dpll: Add basic Microchip ZL3073x support (jsc#PED-13331). - dpll: Make ZL3073X invisible (jsc#PED-13331). - dpll: zl3073x: Add support to get/set frequency on pins (jsc#PED-13331). - dpll: zl3073x: Add support to get/set priority on input pins (jsc#PED-13331). - dpll: zl3073x: Fetch invariants during probe (jsc#PED-13331). - dpll: zl3073x: Fix build failure (jsc#PED-13331). - dpll: zl3073x: Implement input pin selection in manual mode (jsc#PED-13331). - dpll: zl3073x: Implement input pin state setting in automatic mode (jsc#PED-13331). - dpll: zl3073x: Read DPLL types and pin properties from system firmware (jsc#PED-13331). - dpll: zl3073x: Register DPLL devices and pins (jsc#PED-13331). - dpll: zl3073x: ZL3073X_I2C and ZL3073X_SPI should depend on NET (jsc#PED-13331). - driver core/PM: Set power.no_callbacks along with power.no_pm (stable-fixes). - drivers/base/node: fix double free in register_one_node() (git-fixes). - drivers/base/node: handle error properly in register_one_node() (git-fixes). - drivers: base: handle module_kobject creation (git-fixes). - drm/amd : Update MES API header file for v11 & v12 (stable-fixes). - drm/amd/amdgpu: Declare isp firmware binary file (stable-fixes). - drm/amd/amdgpu: Fix missing error return on kzalloc failure (git-fixes). - drm/amd/amdgpu: Implement MES suspend/resume gang functionality for v12 (bsc#1243112). - drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode (stable-fixes). - drm/amd/display: Add NULL check for stream before dereference in 'dm_vupdate_high_irq' (bsc#1243112). - drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (git-fixes). - drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() (git-fixes). - drm/amd/display: Add primary plane to commits for correct VRR handling (stable-fixes). - drm/amd/display: Adjust DCE 8-10 clock, do not overclock by 15% (git-fixes). - drm/amd/display: Allow DCN301 to clear update flags (git-fixes). - drm/amd/display: Allow RX6xxx & RX7700 to invoke amdgpu_irq_get/put (git-fixes). - drm/amd/display: Avoid a NULL pointer dereference (stable-fixes). - drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported (stable-fixes). - drm/amd/display: Avoid trying AUX transactions on disconnected ports (stable-fixes). - drm/amd/display: Clear the CUR_ENABLE register on DCN314 w/out DPP PG (stable-fixes). - drm/amd/display: Default IPS to RCG_IN_ACTIVE_IPS2_IN_OFF (git-fixes). - drm/amd/display: Disable CRTC degamma LUT for DCN401 (stable-fixes). - drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121). - drm/amd/display: Disable dsc_power_gate for dcn314 by default (stable-fixes). - drm/amd/display: Disable scaling on DCE6 for now (git-fixes). - drm/amd/display: Do not check for NULL divisor in fixpt code (git-fixes). - drm/amd/display: Do not overclock DCE 6 by 15% (git-fixes). - drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes). - drm/amd/display: Do not print errors for nonexistent connectors (git-fixes). - drm/amd/display: Do not warn when missing DCE encoder caps (stable-fixes). - drm/amd/display: Enable Dynamic DTBCLK Switch (bsc#1243112). - drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs (stable-fixes). - drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (stable-fixes). - drm/amd/display: Fix 'failed to blank crtc!' (stable-fixes). - drm/amd/display: Fix DP audio DTO1 clock source on DCE 6 (stable-fixes). - drm/amd/display: Fix Xorg desktop unresponsive on Replay panel (stable-fixes). - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (git-fixes). - drm/amd/display: Fix mismatch type comparison (stable-fixes). - drm/amd/display: Fix vupdate_offload_work doc (bsc#1243112). - drm/amd/display: Free memory allocation (stable-fixes). - drm/amd/display: Init DCN35 clocks from pre-os HW values (git-fixes). - drm/amd/display: Initialize mode_select to 0 (stable-fixes). - drm/amd/display: Only finalize atomic_obj if it was initialized (stable-fixes). - drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (git-fixes). - drm/amd/display: Properly disable scaling on DCE6 (git-fixes). - drm/amd/display: Remove redundant semicolons (git-fixes). - drm/amd/display: Separate set_gsl from set_gsl_source_select (stable-fixes). - drm/amd/display: Update DMCUB loading sequence for DCN3.5 (stable-fixes). - drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes). - drm/amd/display: fix a Null pointer dereference vulnerability (stable-fixes). - drm/amd/display: fix dmub access race condition (bsc#1243112). - drm/amd/display: fix initial backlight brightness calculation (git-fixes). - drm/amd/display: limit clear_update_flags to dcn32 and above (stable-fixes). - drm/amd/display: more liberal vmin/vmax update for freesync (bsc#1243112). - drm/amd/display: remove output_tf_change flag (git-fixes). - drm/amd/display: use udelay rather than fsleep (git-fixes). - drm/amd/include : MES v11 and v12 API header update (stable-fixes). - drm/amd/include : Update MES v12 API for fence update (stable-fixes). - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes). - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) (git-fixes). - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) (git-fixes). - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) (git-fixes). - drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes). - drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes). - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) (git-fixes). - drm/amd/pm: fix null pointer access (stable-fixes). - drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual (stable-fixes). - drm/amd: Avoid evicting resources at S5 (bsc#1243112). - drm/amd: Check whether secure display TA loaded successfully (bsc#1243112). - drm/amd: Fix hybrid sleep (bsc#1243112). - drm/amd: Only restore cached manual clock settings in restore if OD enabled (bsc#1243112). - drm/amd: Restore cached manual clock settings during resume (bsc#1243112). - drm/amd: Restore cached power limit during resume (stable-fixes). - drm/amdgpu/discovery: fix fw based ip discovery (git-fixes). - drm/amdgpu/discovery: optionally use fw based ip discovery (stable-fixes). - drm/amdgpu/gfx10: fix KGQ reset sequence (git-fixes). - drm/amdgpu/gfx10: fix kiq locking in KCQ reset (git-fixes). - drm/amdgpu/gfx9.4.3: fix kiq locking in KCQ reset (git-fixes). - drm/amdgpu/gfx9: fix kiq locking in KCQ reset (git-fixes). - drm/amdgpu/mes11: implement detect and reset callback (bsc#1243112). - drm/amdgpu/mes12: implement detect and reset callback (bsc#1243112). - drm/amdgpu/mes: add front end for detect and reset hung queue (bsc#1243112). - drm/amdgpu/mes: add missing locking in helper functions (stable-fixes). - drm/amdgpu/mes: enable compute pipes across all MEC (git-fixes). - drm/amdgpu/mes: optimize compute loop handling (stable-fixes). - drm/amdgpu/swm14: Update power limit logic (stable-fixes). - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages (stable-fixes). - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time (stable-fixes). - drm/amdgpu/vcn: fix ref counting for ring based profile handling (git-fixes). - drm/amdgpu/vpe: cancel delayed work in hw_fini (bsc#1243112). - drm/amdgpu: Add additional DCE6 SCL registers (git-fixes). - drm/amdgpu: Avoid extra evict-restore process (stable-fixes). - drm/amdgpu: Avoid rma causes GPU duplicate reset (bsc#1243112). - drm/amdgpu: Enable MES lr_compute_wa by default (stable-fixes). - drm/amdgpu: Fix allocating extra dwords for rings (v2) (git-fixes). - drm/amdgpu: Fix for GPU reset being blocked by KIQ I/O (bsc#1243112). - drm/amdgpu: Increase reset counter only on success (stable-fixes). - drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() (git-fixes). - drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes). - drm/amdgpu: Remove nbiov7.9 replay count reporting (git-fixes). - drm/amdgpu: Report individual reset error (bsc#1243112). - drm/amdgpu: Reset the clear flag in buddy during resume (git-fixes). - drm/amdgpu: Update external revid for GC v9.5.0 (stable-fixes). - drm/amdgpu: VCN v5_0_1 to prevent FW checking RB during DPG pause (stable-fixes). - drm/amdgpu: add kicker fws loading for gfx11/smu13/psp13 (stable-fixes). - drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities (stable-fixes). - drm/amdgpu: do not resume device in thaw for normal hibernation (bsc#1243112). - drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes). - drm/amdgpu: fix a memory leak in fence cleanup when unloading (git-fixes). - drm/amdgpu: fix incorrect vm flags to map bo (git-fixes). - drm/amdgpu: fix link error for !PM_SLEEP (bsc#1243112). - drm/amdgpu: fix task hang from failed job submission during process kill (git-fixes). - drm/amdgpu: fix vram reservation issue (git-fixes). - drm/amdgpu: remove the redeclaration of variable i (git-fixes). - drm/amdgpu: update mmhub 3.0.1 client id mappings (stable-fixes). - drm/amdgpu: update mmhub 4.1.0 client id mappings (stable-fixes). - drm/amdkfd: Destroy KFD debugfs after destroy KFD wq (stable-fixes). - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (git-fixes). - drm/amdkfd: Fix mmap write lock not release (bsc#1243112). - drm/ast: Use msleep instead of mdelay for edid read (git-fixes). - drm/bridge: fix OF node leak (git-fixes). - drm/bridge: it6505: select REGMAP_I2C (git-fixes). - drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes). - drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes). - drm/cirrus-qemu: Fix pitch programming (git-fixes). - drm/connector: hdmi: Evaluate limited range after computing format (git-fixes). - drm/dp: Add an EDID quirk for the DPCD register access probe (bsc#1248121). - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (stable-fixes). - drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to TRAINING_PATTERN_SET (bsc#1248121). - drm/edid: Add support for quirks visible to DRM core and drivers (bsc#1248121). - drm/edid: Define the quirks in an enum list (bsc#1248121). - drm/format-helper: Add conversion from XRGB8888 to BGR888 (stable-fixes). - drm/gem: Internally test import_attach for imported objects (git-fixes). - drm/gem: Test for imported GEM buffers with helper (stable-fixes). - drm/gma500: Fix null dereference in hdmi teardown (git-fixes). - drm/hisilicon/hibmc: fix the hibmc loaded failed bug (git-fixes). - drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed (git-fixes). - drm/hisilicon/hibmc: refactored struct hibmc_drm_private (stable-fixes). - drm/i915/backlight: Return immediately when scale() finds invalid parameters (stable-fixes). - drm/i915/ddi: change intel_ddi_init_{dp, hdmi}_connector() return type (stable-fixes). - drm/i915/ddi: gracefully handle errors from intel_ddi_init_hdmi_connector() (stable-fixes). - drm/i915/ddi: only call shutdown hooks for valid encoders (stable-fixes). - drm/i915/display: Fix dma_fence_wait_timeout() return value handling (git-fixes). - drm/i915/display: add intel_encoder_is_hdmi() (stable-fixes). - drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x (git-fixes). - drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read (stable-fixes). - drm/i915/hdmi: add error handling in g4x_hdmi_init() (stable-fixes). - drm/i915/hdmi: propagate errors from intel_hdmi_init_connector() (stable-fixes). - drm/i915/icl+/tc: Cache the max lane count value (stable-fixes). - drm/i915/icl+/tc: Convert AUX powered WARN to a debug message (stable-fixes). - drm/i915/power: fix size for for_each_set_bit() in abox iteration (git-fixes). - drm/imagination: Clear runtime PM errors while resetting the GPU (stable-fixes). - drm/mediatek: Add error handling for old state CRTC in atomic_disable (git-fixes). - drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv (git-fixes). - drm/mediatek: fix potential OF node use-after-free (git-fixes). - drm/msm/dp: account for widebus and yuv420 during mode validation (git-fixes). - drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes). - drm/msm/dpu: fix incorrect type for ret (git-fixes). - drm/msm/kms: move snapshot init earlier in KMS init (git-fixes). - drm/msm: Add error handling for krealloc in metadata setup (stable-fixes). - drm/msm: Defer fd_install in SUBMIT ioctl (git-fixes). - drm/msm: update the high bitfield of certain DSI registers (git-fixes). - drm/msm: use trylock for debugfs (stable-fixes). - drm/nouveau/disp: Always accept linear modifier (git-fixes). - drm/nouveau/gsp: fix potential leak of memory used during acpi init (git-fixes). - drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor() (git-fixes). - drm/nouveau: fix bad ret code in nouveau_bo_move_prep (git-fixes). - drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 (git-fixes). - drm/nouveau: fix typos in comments (git-fixes). - drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr (git-fixes). - drm/nouveau: remove unused memory target test (git-fixes). - drm/panel: novatek-nt35560: Fix invalid return value (git-fixes). - drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes). - drm/panthor: Add missing explicit padding in drm_panthor_gpu_info (git-fixes). - drm/panthor: Defer scheduler entitiy destruction to queue release (git-fixes). - drm/panthor: Fix memory leak in panthor_ioctl_group_create() (git-fixes). - drm/panthor: validate group queue count (git-fixes). - drm/radeon/r600_cs: clean up of dead code in r600_cs (git-fixes). - drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes). - drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes). - drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes). - drm/simpledrm: Do not upcast in release helpers (git-fixes). - drm/tests: Fix endian warning (git-fixes). - drm/ttm: Respect the shrinker core free target (stable-fixes). - drm/ttm: Should to return the evict error (stable-fixes). - drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes). - drm/vmwgfx: Fix Use-after-free in validation (git-fixes). - drm/vmwgfx: Fix a null-ptr access in the cursor snooper (git-fixes). - drm/vmwgfx: Fix copy-paste typo in validation (git-fixes). - drm/xe/bmg: Add new PCI IDs (stable-fixes). - drm/xe/bmg: Add one additional PCI ID (stable-fixes). - drm/xe/bmg: Update Wa_22019338487 (git-fixes). - drm/xe/gsc: do not flush the GSC worker from the reset path (git-fixes). - drm/xe/hw_engine_group: Fix double write lock release in error path (git-fixes). - drm/xe/mocs: Initialize MOCS index early (stable-fixes). - drm/xe/pf: Move VFs reprovisioning to worker (stable-fixes). - drm/xe/pf: Prepare to stop SR-IOV support prior GT reset (git-fixes). - drm/xe/pf: Sanitize VF scratch registers on FLR (stable-fixes). - drm/xe/tile: Release kobject for the failure path (git-fixes). - drm/xe/uapi: Correct sync type definition in comments (git-fixes). - drm/xe/uapi: loosen used tracking restriction (git-fixes). - drm/xe/vf: Disable CSC support on VF (git-fixes). - drm/xe/vm: Clear the scratch_pt pointer on error (git-fixes). - drm/xe/xe_query: Use separate iterator while filling GT list (stable-fixes). - drm/xe/xe_sync: avoid race during ufence signaling (git-fixes). - drm/xe: Allow dropping kunit dependency as built-in (git-fixes). - drm/xe: Attempt to bring bos back to VRAM after eviction (git-fixes). - drm/xe: Carve out wopcm portion from the stolen memory (git-fixes). - drm/xe: Do not trigger rebind on initial dma-buf validation (git-fixes). - drm/xe: Ensure fixed_slice_mode gets set after ccs_mode change (git-fixes). - drm/xe: Fix a NULL vs IS_ERR() in xe_vm_add_compute_exec_queue() (git-fixes). - drm/xe: Fix build without debugfs (git-fixes). - drm/xe: Make dma-fences compliant with the safe access rules (stable-fixes). - drm/xe: Move page fault init after topology init (git-fixes). - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (git-fixes). - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (git-fixes). - drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range (stable-fixes). - dt-bindings: dpll: Add DPLL device and pin (jsc#PED-13331). - dt-bindings: dpll: Add support for Microchip Azurite chip family (jsc#PED-13331). - e1000e: disregard NVM checksum on tgp when valid checksum bit is not set (git-fixes). - e1000e: ignore uninitialized checksum word on tgp (git-fixes). - efi: stmm: Fix incorrect buffer allocation method (git-fixes). - erofs: avoid reading more for fragment maps (git-fixes). - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC (git-fixes). - execmem: enforce allocation size aligment to PAGE_SIZE (git-fixes). - exfat: add cluster chain loop check for dir (git-fixes). - exfat: fdatasync flag should be same like generic_write_sync() (git-fixes). - ext4: fix checks for orphan inodes (bsc#1250119). - ext4: remove writable userspace mappings before truncating page cache (bsc#1247223). - fbcon: Fix OOB access in font allocation (git-fixes). - fbcon: Fix outdated registered_fb reference in comment (git-fixes). - fbcon: fix integer overflow in fbcon_do_set_font (git-fixes). - fbdev: Fix logic error in "offb" name match (git-fixes). - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (stable-fixes). - fbdev: fix potential buffer overflow in do_register_framebuffer() (stable-fixes). - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes). - fbdev: simplefb: Fix use after free in simplefb_detach_genpds() (git-fixes). - fgraph: Fix set_graph_notrace with setting TRACE_GRAPH_NOTRACE_BIT (git-fixes). - firewire: core: fix overlooked update of subsystem ABI version (git-fixes). - firewire: ohci: correct code comments about bus_reset tasklet (git-fixes). - firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall (stable-fixes). - firmware: arm_scmi: Convert to SYSTEM_SLEEP_PM_OPS (git-fixes). - firmware: arm_scmi: Fix up turbo frequencies selection (git-fixes). - firmware: arm_scmi: Mark VirtIO ready before registering scmi_virtio_driver (git-fixes). - firmware: arm_scmi: power_control: Ensure SCMI_SYSPOWER_IDLE is set early during resume (stable-fixes). - firmware: firmware: meson-sm: fix compile-test default (git-fixes). - firmware: meson_sm: fix device leak at probe (git-fixes). - firmware: tegra: Fix IVC dependency problems (stable-fixes). - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (git-fixes). - fs/nfs/io: make nfs_start_io_*() killable (git-fixes). - fs/proc/task_mmu: check p->vec_buf for NULL (git-fixes). - fs/proc: Use inode_get_dev() for device numbers in procmap_query References: bsc#1246450 - ftrace: Fix function profiler's filtering functionality (git-fixes). - ftrace: fix incorrect hash size in register_ftrace_direct() (git-fixes). - gfs2: Call gfs2_queue_verify_delete from gfs2_evict_inode (bsc#1247220). - gfs2: Clean up delete work processing (bsc#1247220). - gfs2: Faster gfs2_upgrade_iopen_glock wakeups (bsc#1247220). - gfs2: Initialize gl_no_formal_ino earlier (bsc#1247220). - gfs2: Minor delete_work_func cleanup (bsc#1247220). - gfs2: Only defer deletes when we have an iopen glock (bsc#1247220). - gfs2: Prevent inode creation race (2) (bsc#1247220). - gfs2: Prevent inode creation race (bsc#1247220). - gfs2: Randomize GLF_VERIFY_DELETE work delay (bsc#1247220). - gfs2: Rename GIF_{DEFERRED -> DEFER}_DELETE (bsc#1247220). - gfs2: Rename dinode_demise to evict_behavior (bsc#1247220). - gfs2: Replace GIF_DEFER_DELETE with GLF_DEFER_DELETE (bsc#1247220). - gfs2: Return enum evict_behavior from gfs2_upgrade_iopen_glock (bsc#1247220). - gfs2: Simplify DLM_LKF_QUECVT use (bsc#1247220). - gfs2: Update to the evict / remote delete documentation (bsc#1247220). - gfs2: Use mod_delayed_work in gfs2_queue_try_to_evict (bsc#1247220). - gfs2: gfs2_evict_inode clarification (bsc#1247220). - gfs2: minor evict fix (bsc#1247220). - gfs2: skip if we cannot defer delete (bsc#1247220). - gpio: mlxbf2: use platform_get_irq_optional() (git-fixes). - gpio: mlxbf3: use platform_get_irq_optional() (git-fixes). - gpio: tps65912: check the return value of regmap_update_bits() (stable-fixes). - gpio: virtio: Fix config space reading (git-fixes). - gpio: wcd934x: check the return value of regmap_update_bits() (stable-fixes). - gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes). - gpiolib: Extend software-node support to support secondary software-nodes (git-fixes). - gve: Fix stuck TX queue for DQ queue format (git-fixes). - gve: prevent ethtool ops after shutdown (git-fixes). - habanalabs: fix UAF in export_dmabuf() (git-fixes). - hid: fix I2C read buffer overflow in raw_event() for mcp2221 (stable-fixes). - hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111). - hv_netvsc: Link queues to NAPIs (git-fixes). - hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state (stable-fixes). - hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes). - hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems (git-fixes). - hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM (git-fixes). - hwrng: ks-sa - fix division by zero in ks_sa_rng_init (git-fixes). - hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes). - hwrng: nomadik - add ARM_AMBA dependency (git-fixes). - i2c: Force DLL0945 touchpad i2c freq to 100khz (stable-fixes). - i2c: designware: Add disabling clocks when probe fails (git-fixes). - i2c: designware: Add quirk for Intel Xe (stable-fixes). - i2c: designware: Fix clock issue when PM is disabled (git-fixes). - i2c: designware: Use temporary variable for struct device (stable-fixes). - i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes). - i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (git-fixes). - i2c: muxes: mule: Fix an error handling path in mule_i2c_mux_probe() (git-fixes). - i2c: omap: Add support for setting mux (stable-fixes). - i2c: omap: Fix an error handling path in omap_i2c_probe() (git-fixes). - i2c: omap: Handle omap_i2c_init() errors in omap_i2c_probe() (git-fixes). - i2c: omap: fix deprecated of_property_read_bool() use (git-fixes). - i2c: qup: jump out of the loop in case of timeout (git-fixes). - i2c: riic: Allow setting frequencies lower than 50KHz (git-fixes). - i2c: tegra: Fix reset error handling with ACPI (git-fixes). - i2c: tegra: Use internal reset when reset property is not available (bsc#1249143) - i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes). - i3c: Fix default I2C adapter timeout value (git-fixes). - i3c: add missing include to internal header (stable-fixes). - i3c: do not fail if GETHDRCAP is unsupported (stable-fixes). - i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes). - i3c: master: Initialize ret in i3c_i2c_notifier_call() (stable-fixes). - i3c: master: svc: Recycle unused IBI slot (git-fixes). - i3c: master: svc: Use manual response for IBI events (git-fixes). - i40e: When removing VF MAC filters, only check PF-set MAC (git-fixes). - i40e: report VF tx_dropped with tx_errors instead of tx_discards (git-fixes). - ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof (git-fixes). - ice, irdma: fix an off by one in error handling code (bsc#1247712). - ice, irdma: move interrupts code to irdma (bsc#1247712). - ice/ptp: fix crosstimestamp reporting (git-fixes). - ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712). - ice: Replace ice specific DSCP mapping num with a kernel define (jsc#PED-13728 jsc#PED-13762). - ice: check correct pointer in fwlog debugfs (git-fixes). - ice: count combined queues using Rx/Tx count (bsc#1247712). - ice: devlink PF MSI-X max and min parameter (bsc#1247712). - ice: do not leave device non-functional if Tx scheduler config fails (git-fixes). - ice: enable_rdma devlink param (bsc#1247712). - ice: fix NULL pointer dereference in ice_unplug_aux_dev() on reset (jsc#PED-13728). - ice: fix incorrect counter for buffer allocation failures (git-fixes). - ice: get rid of num_lan_msix field (bsc#1247712). - ice: init flow director before RDMA (bsc#1247712). - ice: remove splitting MSI-X between features (bsc#1247712). - ice: simplify VF MSI-X managing (bsc#1247712). - ice: treat dyn_allowed only as suggestion (bsc#1247712). - ice: use fixed adapter index for E825C embedded devices (git-fixes). - idpf: add PTP clock configuration (jsc#PED-13728 jsc#PED-13762). - idpf: add Tx timestamp capabilities negotiation (jsc#PED-13728 jsc#PED-13762). - idpf: add Tx timestamp flows (jsc#PED-13728 jsc#PED-13762). - idpf: add cross timestamping (jsc#PED-13728). - idpf: add flow steering support (jsc#PED-13728). - idpf: add initial PTP support (jsc#PED-13728 jsc#PED-13762). - idpf: add mailbox access to read PTP clock time (jsc#PED-13728 jsc#PED-13762). - idpf: add support for Rx timestamping (jsc#PED-13728 jsc#PED-13762). - idpf: add support for Tx refillqs in flow scheduling mode (jsc#PED-13728). - idpf: assign extracted ptype to struct libeth_rqe_info field (jsc#PED-13728 jsc#PED-13762). - idpf: change the method for mailbox workqueue allocation (jsc#PED-13728 jsc#PED-13762). - idpf: fix UAF in RDMA core aux dev deinitialization (jsc#PED-13728). - idpf: implement IDC vport aux driver MTU change handler (jsc#PED-13728 jsc#PED-13762). - idpf: implement RDMA vport auxiliary dev create, init, and destroy (jsc#PED-13728 jsc#PED-13762). - idpf: implement core RDMA auxiliary dev create, init, and destroy (jsc#PED-13728 jsc#PED-13762). - idpf: implement get LAN MMIO memory regions (jsc#PED-13728 jsc#PED-13762). - idpf: implement remaining IDC RDMA core callbacks and handlers (jsc#PED-13728 jsc#PED-13762). - idpf: improve when to set RE bit logic (jsc#PED-13728). - idpf: move virtchnl structures to the header file (jsc#PED-13728 jsc#PED-13762). - idpf: negotiate PTP capabilities and get PTP clock (jsc#PED-13728 jsc#PED-13762). - idpf: preserve coalescing settings across resets (jsc#PED-13728). - idpf: remove obsolete stashing code (jsc#PED-13728). - idpf: remove unreachable code from setting mailbox (jsc#PED-13728 jsc#PED-13762). - idpf: replace flow scheduling buffer ring with buffer pool (jsc#PED-13728). - idpf: set mac type when adding and removing MAC filters (jsc#PED-13728). - idpf: simplify and fix splitq Tx packet rollback error path (jsc#PED-13728). - idpf: stop Tx if there are insufficient buffer resources (jsc#PED-13728). - idpf: use reserved RDMA vectors from control plane (jsc#PED-13728 jsc#PED-13762). - igb: xsk: solve negative overflow of nb_pkts in zerocopy mode (git-fixes). - igc: disable L1.2 PCI-E link substate to avoid performance issue (git-fixes). - igc: fix disabling L1.2 PCI-E link substate on I226 on init (git-fixes). - iidc/ice/irdma: Break iidc.h into two headers (jsc#PED-13728 jsc#PED-13762). - iidc/ice/irdma: Rename IDC header file (jsc#PED-13728 jsc#PED-13762). - iidc/ice/irdma: Rename to iidc_* convention (jsc#PED-13728 jsc#PED-13762). - iidc/ice/irdma: Update IDC to support multiple consumers (jsc#PED-13728 jsc#PED-13762). - iio/adc/pac1934: fix channel disable configuration (git-fixes). - iio: accel: adxl355: Make timestamp 64-bit aligned using aligned_s64 (git-fixes). - iio: accel: fxls8962af: Fix temperature calculation (git-fixes). - iio: adc: ad7173: fix setting ODR in probe (git-fixes). - iio: adc: ad7266: Fix potential timestamp alignment issue (git-fixes). - iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement (stable-fixes). - iio: adc: ad7768-1: Fix insufficient alignment of timestamp (git-fixes). - iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes). - iio: adc: ad_sigma_delta: do not overallocate scan buffer (stable-fixes). - iio: adc: dln2: Use aligned_s64 for timestamp (git-fixes). - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes). - iio: adc: max1363: Reorder mode_list[] entries (stable-fixes). - iio: chemical: pms7003: use aligned_s64 for timestamp (git-fixes). - iio: chemical: sps30: use aligned_s64 for timestamp (git-fixes). - iio: common: st_sensors: Fix use of uninitialize device structs (stable-fixes). - iio: consumers: Fix handling of negative channel scale in iio_convert_raw_to_processed() (git-fixes). - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (git-fixes). - iio: dac: ad5360: use int type to store negative error codes (git-fixes). - iio: dac: ad5421: use int type to store negative error codes (git-fixes). - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (git-fixes). - iio: frequency: adf4350: Fix prescaler usage (git-fixes). - iio: hid-sensor-prox: Fix incorrect OFFSET calculation (git-fixes). - iio: hid-sensor-prox: Restore lost scale assignments (git-fixes). - iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes). - iio: imu: inv_icm42600: Convert to uXX and sXX integer types (stable-fixes). - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (git-fixes). - iio: imu: inv_icm42600: change invalid data error to -EBUSY (git-fixes). - iio: imu: inv_icm42600: fix spi burst write not supported (git-fixes). - iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 (stable-fixes). - iio: imu: inv_icm42600: use = { } instead of memset() (stable-fixes). - iio: light: Use aligned_s64 instead of open coding alignment (stable-fixes). - iio: light: as73211: Ensure buffer holes are zeroed (git-fixes). - iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() (git-fixes). - iio: pressure: mprls0025pa: use aligned_s64 for timestamp (git-fixes). - iio: proximity: isl29501: fix buffered read on big-endian systems (git-fixes). - iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() (git-fixes). - iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes). - iio: xilinx-ams: Unmask interrupts after updating alarms (git-fixes). - integrity/platform_certs: Allow loading of keys in the static key management mode (jsc#PED-13345 jsc#PED-13343). - intel_idle: Provide the default enter_dead() handler (jsc#PED-13815). - intel_idle: Rescan "dead" SMT siblings during initialization (jsc#PED-13815). - intel_idle: Use subsys_initcall_sync() for initialization (jsc#PED-13815). - interconnect: qcom: sc8180x: specify num_nodes (git-fixes). - interconnect: qcom: sc8280xp: specify num_links for qnm_a1noc_cfg (git-fixes). - io_uring/rw: do not mask in f_iocb_flags (jsc#PED-12882 bsc#1237542). Drop blacklisting. - io_uring: expose read/write attribute capability (jsc#PED-12882 bsc#1237542). - io_uring: fix potential page leak in io_sqe_buffer_register() (git-fixes). - iommu/amd: Enable PASID and ATS capabilities in the correct order (git-fixes). - iommu/amd: Fix alias device DTE setting (git-fixes). - iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes). - iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes). - iommu/arm-smmu-v3: Fix smmu_domain->nr_ats_masters decrement (git-fixes). - iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding (git-fixes). - iommu/vt-d: Disallow dirty tracking if incoherent page walk (git-fixes). - iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() (git-fixes). - iommu/vt-d: Fix missing PASID in dev TLB flush with cache_tag_flush_all (git-fixes). - iommu/vt-d: Fix possible circular locking dependency (git-fixes). - iommu/vt-d: Fix system hang on reboot -f (git-fixes). - iommu/vt-d: PRS isn't usable if PDS isn't supported (git-fixes). - iommu: Handle race with default domain setup (git-fixes). - iosys-map: Fix undefined behavior in iosys_map_clear() (git-fixes). - ipmi: Fix strcpy source and destination the same (stable-fixes). - ipmi: Use dev_warn_ratelimited() for incorrect message warnings (stable-fixes). - ipv6: annotate data-races around rt->fib6_nsiblings (git-fixes). - ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes). - ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes). - ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes). - ipvs: Fix clamp() of ip_vs_conn_tab on small memory systems (git-fixes). - irdma: free iwdev->rf after removing MSI-X (bsc#1247712). - isolcpus: add missing hunk back (bsc#1236897 bsc#1249206). - iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes). - ixgbe: fix ixgbe_orom_civd_info struct layout (bsc#1245410). - ixgbe: prevent from unwanted interface name changes (git-fixes). - ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc (git-fixes). - kABI fix after Add TDX support for vSphere (jsc#PED-13302). - kABI fix after KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes). - kABI fix after KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes). - kABI fix after KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes). - kABI fix after vhost: Reintroduce kthread API and add mode selection (git-fixes). - kABI workaround for "drm/dp: Add an EDID quirk for the DPCD register access probe" (bsc#1248121). - kABI workaround for amd_sfh (git-fixes). - kABI workaround for drm_gem.h (git-fixes). - kABI workaround for struct mtk_base_afe changes (git-fixes). - kABI: Fix the module::name type in audit_context (git-fixes). - kABI: PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes). - kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes). - kABI: fix for struct devlink_port_attrs: move new member to the end (git-fixes). - kABI: netfilter: supress warnings for nft_set_ops (git-fixes). - kABI: x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation (git-fixes). - kabi/severities: ignore kABI compatibility in iio inv_icm42600 drivers They are used only locally - kabi/severities: ignore two unused/dropped symbols from MEI - kabi: Hide adding of u64 to devlink_param_type (jsc#PED-12745). - kabi: Restore layout of parallel_data (bsc1248343). - kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963). - kasan: use vmalloc_dump_obj() for vmalloc error reports (git-fixes). - kbuild/modpost: Continue processing all unresolved symbols when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655). - kbuild: rust: add rustc-min-version support function (git-fixes) - kernel-binary: Another installation ordering fix (bsc#1241353). - kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346) - kernel: globalize lookup_or_create_module_kobject() (stable-fixes). - kernel: param: rename locate_module_kobject (stable-fixes). - leds: flash: leds-qcom-flash: Fix registry access after re-bind (git-fixes). - leds: flash: leds-qcom-flash: Update torch current clamp setting (git-fixes). - leds: leds-lp50xx: Handle reg to get correct multi_index (stable-fixes). - leds: leds-lp55xx: Use correct address for memory programming (git-fixes). - lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897). - libbpf: Add identical pointer detection to btf_dedup_is_equiv() (git-fixes). - libeth: move idpf_rx_csum_decoded and idpf_rx_extracted (jsc#PED-13728 jsc#PED-13762). - livepatch: Add stack_order sysfs attribute (poo#187320). - loop: use kiocb helpers to fix lockdep warning (git-fixes). - lpfc: do not use file->f_path.dentry for comparisons (bsc#1250519). - mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes). - mISDN: hfcpci: Fix warning when deleting uninitialized timer (git-fixes). - mailbox: Not protect module_put with spin_lock_irqsave (stable-fixes). - mailbox: mtk-cmdq: Remove pm_runtime APIs from cmdq_mbox_send_data() (git-fixes). - mailbox: pcc: Always clear the platform ack interrupt first (stable-fixes). - mailbox: pcc: Fix the possible race in updation of chan_in_use flag (stable-fixes). - mailbox: pcc: Use acpi_os_ioremap() instead of ioremap() (stable-fixes). - mailbox: zynqmp-ipi: Fix SGI cleanup on unbind (git-fixes). - mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop (git-fixes). - mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (git-fixes). - mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (git-fixes). - maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs (git-fixes). - maple_tree: fix status setup on restore to active (git-fixes). - maple_tree: fix testing for 32 bit builds (git-fixes). - mctp: no longer rely on net->dev_index_head (git-fixes). - md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes). - md: allow removing faulty rdev during resync (git-fixes). - md: dm-zoned-target: Initialize return variable r to avoid uninitialized use (git-fixes). - md: make rdev_addable usable for rcu mode (git-fixes). - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (git-fixes). - media: cec: extron-da-hd-4k-plus: drop external-module make commands (git-fixes). - media: cx18: Add missing check after DMA map (git-fixes). - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (stable-fixes). - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (stable-fixes). - media: gspca: Add bounds checking to firmware parser (git-fixes). - media: hi556: Fix reset GPIO timings (stable-fixes). - media: hi556: correct the test pattern configuration (git-fixes). - media: i2c: mt9v111: fix incorrect type for ret (git-fixes). - media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (git-fixes). - media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes). - media: ipu-bridge: Add _HID for OV5670 (stable-fixes). - media: ipu6: isys: Use correct pads for xlate_streams() (git-fixes). - media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls (git-fixes). - media: lirc: Fix error handling in lirc_register() (git-fixes). - media: mc: Fix MUST_CONNECT handling for pads with no links (git-fixes). - media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval (git-fixes). - media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes). - media: pci: ivtv: Add missing check after DMA map (git-fixes). - media: pci: mg4b: fix uninitialized iio scan data (git-fixes). - media: pisp_be: Fix pm_runtime underrun in probe (git-fixes). - media: qcom: camss: cleanup media device allocated resource on error path (git-fixes). - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes). - media: rc: fix races with imon_disconnect() (git-fixes). - media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes). - media: s5p-mfc: remove an unused/uninitialized variable (git-fixes). - media: st-delta: avoid excessive stack usage (git-fixes). - media: tc358743: Check I2C succeeded during probe (stable-fixes). - media: tc358743: Increase FIFO trigger level to 374 (stable-fixes). - media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (stable-fixes). - media: ti: j721e-csi2rx: Fix source subdev link creation (git-fixes). - media: ti: j721e-csi2rx: Use devm_of_platform_populate (git-fixes). - media: ti: j721e-csi2rx: fix list_del corruption (git-fixes). - media: tuner: xc5000: Fix use-after-free in xc5000_release (git-fixes). - media: usb: hdpvr: disable zero-length read messages (stable-fixes). - media: usbtv: Lock resolution while streaming (git-fixes). - media: uvcvideo: Add quirk for HP Webcam HD 2300 (stable-fixes). - media: uvcvideo: Do not mark valid metadata as invalid (git-fixes). - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes). - media: uvcvideo: Fix bandwidth issue for Alcor camera (stable-fixes). - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (git-fixes). - media: uvcvideo: Rollback non processed entities on error (git-fixes). - media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control (stable-fixes). - media: v4l2-ctrls: Do not reset handler's error in v4l2_ctrl_handler_free() (git-fixes). - media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes). - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (git-fixes). - media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() (git-fixes). - media: venus: Add a check for packet size after reading from shared memory (git-fixes). - media: venus: Fix MSM8998 frequency table (git-fixes). - media: venus: Fix OOB read due to missing payload bound check (git-fixes). - media: venus: firmware: Use correct reset sequence for IRIS2 (git-fixes). - media: venus: hfi: explicitly release IRQ during teardown (git-fixes). - media: venus: protect against spurious interrupts during probe (git-fixes). - media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes). - media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes). - media: verisilicon: Fix AV1 decoder clock frequency (git-fixes). - media: vivid: fix wrong pixel_array control size (git-fixes). - media: zoran: Remove zoran_fh structure (git-fixes). - mei: bus: Check for still connected devices in mei_cl_bus_dev_release() (stable-fixes). - mei: vsc: Destroy mutex after freeing the IRQ (git-fixes). - mei: vsc: Do not re-init VSC from mei_vsc_hw_reset() on stop (git-fixes). - mei: vsc: Drop unused vsc_tp_request_irq() and vsc_tp_free_irq() (stable-fixes). - mei: vsc: Event notifier fixes (git-fixes). - mei: vsc: Fix "BUG: Invalid wait context" lockdep error (git-fixes). - mei: vsc: Run event callback from a workqueue (git-fixes). - mei: vsc: Unset the event callback on remove and probe errors (git-fixes). - memory: mtk-smi: Add ostd setting for mt8186 (git-fixes). - memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (git-fixes). - memstick: Fix deadlock by moving removing flag earlier (git-fixes). - mfd: axp20x: Set explicit ID for AXP313 regulator (stable-fixes). - mfd: cros_ec: Separate charge-control probing from USB-PD (git-fixes). - mfd: exynos-lpass: Fix another error handling path in exynos_lpass_probe() (git-fixes). - mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes). - mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (git-fixes). - microchip: lan865x: Fix LAN8651 autoloading (git-fixes). - microchip: lan865x: Fix module autoloading (git-fixes). - microchip: lan865x: fix missing Timer Increment config for Rev.B0/B1 (git-fixes). - microchip: lan865x: fix missing netif_start_queue() call on device open (git-fixes). - misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes). - misc: fastrpc: Save actual DMA size in fastrpc_map structure (git-fixes). - misc: fastrpc: Skip reference for DMA handles (git-fixes). - misc: fastrpc: fix possible map leak in fastrpc_put_args (git-fixes). - misc: genwqe: Fix incorrect cmd field being reported in error (git-fixes). - misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type (git-fixes). - misc: pci_endpoint_test: Give disabled BARs a distinct error code (stable-fixes). - misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes). - mm/damon/core: avoid destroyed target reference from DAMOS quota (git-fixes). - mm/damon/core: prevent unnecessary overflow in damos_set_effective_quota() (git-fixes). - mm/damon/core: set quota->charged_from to jiffies at first charge window (git-fixes). - mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() (git-fixes). - mm/damon/ops-common: ignore migration request to invalid nodes (git-fixes). - mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() (git-fixes). - mm/damon/sysfs: fix use-after-free in state_show() (git-fixes). - mm/memory-failure: fix redundant updates for already poisoned pages (bsc#1250087). - mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (git-fixes) - mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE (git-fixes). - mm: close theoretical race where stale TLB entries could linger (git-fixes). - mm: fault in complete folios instead of individual pages for tmpfs (git-fixes). - mm: fix the inaccurate memory statistics issue for users (bsc#1244723). - mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes). - mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma (git-fixes). - mm: memory-tiering: fix PGPROMOTE_CANDIDATE counting (bsc#1245630). - mm: memory-tiering: fix PGPROMOTE_CANDIDATE counting - kabi (bsc#1245630). - mm: move page table sync declarations to linux/pgtable.h (git-fixes). - mm: swap: fix potential buffer overflow in setup_clusters() (git-fixes). - mmc: core: Fix variable shadowing in mmc_route_rpmb_frames() (git-fixes). - mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes). - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (stable-fixes). - mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes). - mmc: sdhci-msm: Ensure SD card power isn't ON when card removed (stable-fixes). - mmc: sdhci-of-arasan: Ensure CD logic stabilization before power-up (stable-fixes). - mmc: sdhci-of-arasan: Support for emmc hardware reset (stable-fixes). - mmc: sdhci-pci-gli: Add a new function to simplify the code (git-fixes). - mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER (git-fixes). - mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency (git-fixes). - mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 (git-fixes). - module: Fix memory deallocation on error path in move_module() (git-fixes). - module: Prevent silent truncation of module name in delete_module(2) (git-fixes). - module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes). - module: Restore the moduleparam prefix length check (git-fixes). - most: core: Drop device reference after usage in get_channel() (git-fixes). - mptcp: fix spurious wake-up on under memory pressure (git-fixes). - mtd: fix possible integer overflow in erase_xfer() (git-fixes). - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (git-fixes). - mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes). - mtd: rawnand: atmel: Fix error handling path in atmel_nand_controller_add_nands (git-fixes). - mtd: rawnand: atmel: set pmecc data setup time (git-fixes). - mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes). - mtd: rawnand: omap2: fix device leak on probe failure (git-fixes). - mtd: rawnand: qcom: Fix last codeword read in qcom_param_page_type_exec() (git-fixes). - mtd: rawnand: renesas: Add missing check after DMA map (git-fixes). - mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes). - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (git-fixes). - mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes). - mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes). - mtd: spi-nor: spansion: Fixup params->set_4byte_addr_mode for SEMPER (git-fixes). - mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes). - mwl8k: Add missing check after DMA map (git-fixes). - neighbour: Fix null-ptr-deref in neigh_flush_dev() (git-fixes). - net/mlx5: Base ECVF devlink port attrs from 0 (git-fixes). - net/mlx5: CT: Use the correct counter offset (git-fixes). - net/mlx5: Check device memory pointer before usage (git-fixes). - net/mlx5: Correctly set gso_segs when LRO is used (git-fixes). - net/mlx5: Correctly set gso_size when LRO is used (git-fixes). - net/mlx5: E-Switch, Fix peer miss rules to use peer eswitch (git-fixes). - net/mlx5: Fix lockdep assertion on sync reset unload event (git-fixes). - net/mlx5: Fix memory leak in cmd_exec() (git-fixes). - net/mlx5: HWS, Fix memory leak in hws_action_get_shared_stc_nic error flow (git-fixes). - net/mlx5: HWS, Fix pattern destruction in mlx5hws_pat_get_pattern error path (git-fixes). - net/mlx5: HWS, fix bad parameter in CQ creation (git-fixes). - net/mlx5: Nack sync reset when SFs are present (git-fixes). - net/mlx5: Prevent flow steering mode changes in switchdev mode (git-fixes). - net/mlx5: Reload auxiliary drivers on fw_activate (git-fixes). - net/mlx5e: Add new prio for promiscuous mode (git-fixes). - net/mlx5e: Clear Read-Only port buffer size in PBMC before update (git-fixes). - net/mlx5e: Preserve shared buffer capacity during headroom updates (git-fixes). - net/mlx5e: Remove skb secpath if xfrm state is not found (git-fixes). - net/mlx5e: Set local Xoff after FW update (git-fixes). - net/mlx5e: Update and set Xon/Xoff upon MTU set (git-fixes). - net/mlx5e: Update and set Xon/Xoff upon port speed set (git-fixes). - net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes). - net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes). - net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes). - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes). - net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes). - net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll (git-fixes). - net: 802: LLC+SNAP OID:PID lookup on start of skb data (git-fixes). - net: dsa: restore dsa_software_vlan_untag() ability to operate on VLAN-untagged traffic (git-fixes). - net: dsa: tag_ocelot_8021q: fix broken reception (git-fixes). - net: hsr: fix fill_frame_info() regression vs VLAN packets (git-fixes). - net: hsr: fix hsr_init_sk() vs network/transport headers (git-fixes). - net: hv_netvsc: fix loss of early receive events from host during channel open (git-fixes). - net: ieee8021q: fix insufficient table-size assertion (stable-fixes). - net: llc: reset skb->transport_header (git-fixes). - net: mana: Add handler for hardware servicing events (bsc#1245730). - net: mana: Add speed support in mana_get_link_ksettings (bsc#1245726). - net: mana: Add support for net_shaper_ops (bsc#1245726). - net: mana: Allocate MSI-X vectors dynamically (bsc#1245457). - net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457). - net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729). - net: mana: Fix build errors when CONFIG_NET_SHAPER is disabled (gix-fixes). - net: mana: Fix potential deadlocks in mana napi ops (bsc#1245726). - net: mana: Handle Reset Request from MANA NIC (bsc#1245728). - net: mana: Handle unsupported HWC commands (bsc#1245726). - net: mana: Set tx_packets to post gso processing packet count (bsc#1245731). - net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754). - net: mana: explain irq_setup() algorithm (bsc#1245457). - net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes). - net: mctp: handle skb cleanup on sock_queue failures (git-fixes). - net: mdio: mdio-bcm-unimac: Correct rate fallback logic (git-fixes). - net: nfc: nci: Add parameter validation for packet data (git-fixes). - net: page_pool: allow enabling recycling late, fix false positive warning (git-fixes). - net: phy: bcm54811: PHY initialization (stable-fixes). - net: phy: fix phy_uses_state_machine() (git-fixes). - net: phy: micrel: Add ksz9131_resume() (stable-fixes). - net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes). - net: phy: smsc: add proper reset flags for LAN8710A (stable-fixes). - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (git-fixes). - net: rose: convert 'use' field to refcount_t (git-fixes). - net: rose: fix a typo in rose_clear_routes() (git-fixes). - net: rose: include node references in rose_neigh refcount (git-fixes). - net: rose: split remove and free operations in rose_remove_neigh() (stable-fixes). - net: thunderbolt: Enable end-to-end flow control also in transmit (stable-fixes). - net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() (stable-fixes). - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (git-fixes). - net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (git-fixes). - net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization (git-fixes). - net: usb: asix_devices: add phy_mask for ax88772 mdio bus (git-fixes). - net: usb: cdc-ncm: check for filtering capability (git-fixes). - net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition (stable-fixes). - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (git-fixes). - net: usb: qmi_wwan: fix Telit Cinterion FE990A name (stable-fixes). - net: usb: qmi_wwan: fix Telit Cinterion FN990A name (stable-fixes). - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes). - net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes). - netfilter: ctnetlink: fix refcount leak on table dump (git-fixes). - netfilter: ctnetlink: remove refcounting in expectation dumpers (git-fixes). - netfilter: nf_conncount: garbage collection is not skipped when jiffies wrap around (git-fixes). - netfilter: nf_nat: also check reverse tuple to obtain clashing entry (git-fixes). - netfilter: nf_reject: do not leak dst refcount for loopback packets (git-fixes). - netfilter: nf_tables: Drop dead code from fill_*_info routines (git-fixes). - netfilter: nf_tables: adjust lockdep assertions handling (git-fixes). - netfilter: nf_tables: fix set size with rbtree backend (git-fixes). - netfilter: nf_tables: imbalance in flowtable binding (git-fixes). - netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template (git-fixes). - netfilter: nft_flow_offload: update tcp state flags under lock (git-fixes). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - netfilter: nft_set_hash: skip duplicated elements pending gc run (git-fixes). - netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext (git-fixes). - netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps (git-fixes). - netfilter: nft_tunnel: fix geneve_opt dump (git-fixes). - netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds (git-fixes). - netlink: fix policy dump for int with validation callback (jsc#PED-13331). - netlink: specs: devlink: replace underscores with dashes in names (jsc#PED-13331). - netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes). - nfs/localio: add direct IO enablement with sync and async IO support (git-fixes). - nfs/localio: remove extra indirect nfs_to call to check {read,write}_iter (git-fixes). - nfsd: Fix NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT (git-fixes). - nfsd: fix access checking for NLM under XPRTSEC policies (git-fixes). - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes). - nouveau: fix disabling the nonstall irq due to storm code (git-fixes). - nvme-auth: update bi_directional flag (git-fixes). - nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500). - nvme-pci: try function level reset on init failure (git-fixes). - nvme-tcp: log TLS handshake failures at error level (git-fixes). - nvme-tcp: send only permitted commands for secure concat (git-fixes). - nvme: fix PI insert on write (git-fixes). - nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes). - nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes). - nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes). - nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500). - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500). - nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500). - nvmet-tcp: fix callback lock for TLS handshake (git-fixes). - nvmet: exit debugfs after discovery subsystem exits (git-fixes). - nvmet: initialize discovery subsys after debugfs is initialized (git-fixes). - nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails (git-fixes). - objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() (stable-fixes). - objtool, lkdtm: Obfuscate the do_nothing() pointer (stable-fixes). - objtool, regulator: rk808: Remove potential undefined behavior in rk806_set_mode_dcdc() (stable-fixes). - of: dynamic: Fix memleak when of_pci_add_properties() failed (git-fixes). - of: dynamic: Fix use after free in of_changeset_add_prop_helper() (git-fixes). - of: resolver: Fix device node refcount leakage in of_resolve_phandles() (git-fixes). - of: resolver: Simplify of_resolve_phandles() using __free() (stable-fixes). - of: unittest: Fix device reference count leak in of_unittest_pci_node_verify (git-fixes). - of: unittest: Unlock on error in unittest_data_add() (git-fixes). - pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes). - pNFS: Fix disk addr range check in block/scsi layout (git-fixes). - pNFS: Fix stripe mapping in block/scsi layout (git-fixes). - pNFS: Fix uninited ptr deref in block/scsi layout (git-fixes). - pNFS: Handle RPC size limit for layoutcommits (git-fixes). - percpu: fix race on alloc failed warning limit (git-fixes). - perf bpf-event: Fix use-after-free in synthesis (git-fixes). - perf bpf-utils: Constify bpil_array_desc (git-fixes). - perf bpf-utils: Harden get_bpf_prog_info_linear (git-fixes). - perf dso: Add missed dso__put to dso__load_kcore (git-fixes). - perf hwmon_pmu: Avoid shortening hwmon PMU name (git-fixes). - perf parse-events: Set default GH modifier properly (git-fixes). - perf record: Cache build-ID of hit DSOs only (git-fixes). - perf sched: Fix memory leaks for evsel->priv in timehist (git-fixes). - perf sched: Fix memory leaks in 'perf sched latency' (git-fixes). - perf sched: Fix memory leaks in 'perf sched map' (git-fixes). - perf sched: Fix thread leaks in 'perf sched timehist' (git-fixes). - perf sched: Free thread->priv using priv_destructor (git-fixes). - perf sched: Make sure it frees the usage string (git-fixes). - perf sched: Use RC_CHK_EQUAL() to compare pointers (git-fixes). - perf symbol-minimal: Fix ehdr reading in filename__read_build_id (git-fixes). - perf test: Fix a build error in x86 topdown test (git-fixes). - perf tests bp_account: Fix leaked file descriptor (git-fixes). - perf tools: Remove libtraceevent in .gitignore (git-fixes). - perf topdown: Use attribute to see an event is a topdown metic or slots (git-fixes). - perf trace: Remove --map-dump documentation (git-fixes). - phy: fsl-imx8mq-usb: fix phy_tx_vboost_level_from_property() (git-fixes). - phy: mscc: Fix parsing of unicast frames (git-fixes). - phy: mscc: Fix timestamping for vsc8584 (git-fixes). - phy: qcom: phy-qcom-m31: Update IPQ5332 M31 USB phy initialization sequence (git-fixes). - phy: qualcomm: phy-qcom-eusb2-repeater: Do not zero-out registers (git-fixes). - phy: qualcomm: phy-qcom-eusb2-repeater: fix override properties (git-fixes). - phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal (stable-fixes). - phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 (git-fixes). - phy: rockchip: samsung-hdptx: Do no set rk_hdptx_phy->rate in case of errors (git-fixes). - phy: rockchip: samsung-hdptx: Fix clock ratio setup (git-fixes). - phy: tegra: xusb: fix device and OF node leak at probe (git-fixes). - phy: ti-pipe3: fix device leak at unbind (git-fixes). - phy: ti: omap-usb2: fix device leak at unbind (git-fixes). - pidfs: Fix memory leak in pidfd_info() (jsc#PED-13113). - pidfs: raise SB_I_NODEV and SB_I_NOEXEC (bsc#1249562). - pinctrl: STMFX: add missing HAS_IOMEM dependency (git-fixes). - pinctrl: berlin: fix memory leak in berlin_pinctrl_build_state() (git-fixes). - pinctrl: equilibrium: Remove redundant semicolons (git-fixes). - pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes). - pinctrl: renesas: Use int type to store negative error codes (git-fixes). - pinctrl: renesas: rzg2l: Fix invalid unsigned return in rzg3s_oen_read() (git-fixes). - pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes). - pinctrl: stm32: Manage irq affinity settings (stable-fixes). - pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes). - pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes). - platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes). - platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready (stable-fixes). - platform/chrome: cros_ec_typec: Defer probe on missing EC parent (stable-fixes). - platform/mellanox: mlxbf-pmc: Remove newline char from event name input (git-fixes). - platform/mellanox: mlxbf-pmc: Use kstrtobool() to check 0/1 input (git-fixes). - platform/mellanox: mlxbf-pmc: Validate event/enable input (git-fixes). - platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (git-fixes). - platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (stable-fixes). - platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (stable-fixes). - platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list (stable-fixes). - platform/x86/amd/pmf: Support new ACPI ID AMDI0108 (stable-fixes). - platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list (stable-fixes). - platform/x86/intel-uncore-freq: Check write blocked for ELC (git-fixes). - platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID (git-fixes). - platform/x86: Fix initialization order for firmware_attributes_class (git-fixes). - platform/x86: asus-nb-wmi: add DMI quirk for ASUS Zenbook Duo UX8406CA (stable-fixes). - platform/x86: asus-wmi: Fix ROG button mapping, tablet mode on ASUS ROG Z13 (stable-fixes). - platform/x86: asus-wmi: Re-add extra keys to ignore_key_wlan quirk (git-fixes). - platform/x86: asus-wmi: Remove extra keys from ignore_key_wlan quirk (git-fixes). - platform/x86: ideapad-laptop: Fix FnLock not remembered among boots (git-fixes). - platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes). - platform/x86: lg-laptop: Fix WMAB call in fan_mode_store() (git-fixes). - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (stable-fixes). - pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes). - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (git-fixes). - power: supply: bq27xxx: restrict no-battery detection to bq27000 (git-fixes). - power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes). - power: supply: cw2015: Fix a alignment coding style issue (git-fixes). - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes). - power: supply: max77976_charger: fix constant current reporting (git-fixes). - power: supply: qcom_battmgr: Add lithium-polymer entry (stable-fixes). - powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes). - powerpc/eeh: Export eeh_unfreeze_pe() (bsc#1215199). - powerpc/eeh: Make EEH driver device hotplug safe (bsc#1215199). - powerpc/ftrace: ensure ftrace record ops are always set for NOPs (git-fixes). - powerpc/ftrace: ensure ftrace record ops are always set for NOPs (jsc#PED-10909 git-fixes). - powerpc/kernel: Fix ppc_save_regs inclusion in build (bsc#1215199). - powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199). - powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199). - powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199). - powerpc/pseries: Correct secvar format representation for static key management (jsc#PED-13345 jsc#PED-13343). - powerpc/secvar: Expose secvars relevant to the key management mode (jsc#PED-13345 jsc#PED-13343). - powerpc64/modules: correctly iterate over stubs in setup_ftrace_ool_stubs (jsc#PED-10909 git-fixes). - powerpc: do not build ppc_save_regs.o always (bsc#1215199). - powerpc: floppy: Add missing checks after DMA map (bsc#1215199). - pptp: fix pptp_xmit() error path (git-fixes). - printk: nbcon: Allow reacquire during panic (bsc#1246688). - psample: adjust size if rate_as_probability is set (git-fixes). - ptp: fix breakage after ptp_vclock_in_use() rework (git-fixes). - pwm: berlin: Fix wrong register in suspend/resume (git-fixes). - pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes). - pwm: mediatek: Fix duty and period setting (git-fixes). - pwm: mediatek: Handle hardware enable and clock enable separately (stable-fixes). - pwm: rockchip: Round period/duty down on apply, up on get (git-fixes). - pwm: tiehrpwm: Do not drop runtime PM reference in .free() (git-fixes). - pwm: tiehrpwm: Fix corner case in clock divisor calculation (git-fixes). - pwm: tiehrpwm: Fix various off-by-one errors in duty-cycle calculation (git-fixes). - pwm: tiehrpwm: Make code comment in .free() more useful (git-fixes). - r8169: add support for RTL8125D (stable-fixes). - r8169: disable RTL8126 ZRX-DC timeout (stable-fixes). - r8169: do not scan PHY addresses > 0 (stable-fixes). - rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes) - regmap: Remove superfluous check for !config in __regmap_init() (git-fixes). - regulator: core: fix NULL dereference on unbind due to stale coupling data (stable-fixes). - regulator: scmi: Use int type to store negative error codes (git-fixes). - regulator: sy7636a: fix lifecycle of power good gpio (git-fixes). - reset: brcmstb: Enable reset drivers for ARCH_BCM2835 (stable-fixes). - reset: eyeq: fix OF node leak (git-fixes). - resource: Add resource set range and size helpers (jsc#PED-13728 jsc#PED-13762). - resource: fix false warning in __request_region() (git-fixes). - ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes). - ring-buffer: Make reading page consistent with the code logic (git-fixes). - rpm/config.sh: SLFO 1.2 is now synced to OBS as well - rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes). - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (stable-fixes). - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (stable-fixes). - rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes). - rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes). - rtc: optee: fix memory leak on driver removal (git-fixes). - rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes). - rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes). - rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes). - rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes). - s390/ap: Unmask SLCF bit in card and queue ap functions sysfs (git-fixes bsc#1247837). - s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246868). - s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes bsc#1249477). - s390/early: Copy last breaking event address to pt_regs (git-fixes bsc#1249061). - s390/hypfs: Avoid unnecessary ioctl registration in debugfs (bsc#1248727 git-fixes). - s390/hypfs: Enable limited access during lockdown (bsc#1248727 git-fixes). - s390/ism: fix concurrency management in ism_cmd() (git-fixes bsc#1247372). - s390/mm: Allocate page table with PAGE_SIZE granularity (git-fixes bsc#1247838). - s390/mm: Do not map lowcore with identity mapping (git-fixes bsc#1249066). - s390/mm: Remove possible false-positive warning in pte_free_defer() (git-fixes bsc#1247366). - s390/pai: Deny all events not handled by this PMU (git-fixes bsc#1249478). - s390/pci: Allow automatic recovery with minimal driver support (bsc#1248728 git-fixes). - s390/sclp: Fix SCCB present check (git-fixes bsc#1249065). - s390/stp: Remove udelay from stp_sync_clock() (git-fixes bsc#1249062). - s390/time: Use monotonic clock in get_cycles() (git-fixes bsc#1249064). - samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora (git-fixes). - samples: mei: Fix building on musl libc (git-fixes). - sched/deadline: Always stop dl-server before changing parameters (bsc#1247936). - sched/deadline: Do not count nr_running for dl_server proxy tasks (git-fixes, bsc#1247936). - sched/deadline: Fix RT task potential starvation when expiry time passed (git-fixes, bsc#1247936). - sched/deadline: Fix dl_server_stopped() (bsc#1247936). - sched/deadline: Initialize dl_servers after SMP (git-fixes) - sched_ext, sched/core: Do not call scx_group_set_weight() (git-fixes) - scsi: Revert "scsi: iscsi: Fix HW conn removal use after free" (git-fixes). - scsi: core: Fix kernel doc for scsi_track_queue_full() (git-fixes). - scsi: elx: efct: Fix dma_unmap_sg() nents value (git-fixes). - scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519). - scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (git-fixes). - scsi: isci: Fix dma_unmap_sg() nents value (git-fixes). - scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519). - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519). - scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519). - scsi: lpfc: Clean up extraneous phba dentries (bsc#1250519). - scsi: lpfc: Convert debugfs directory counts from atomic to unsigned int (bsc#1250519). - scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519). - scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519). - scsi: lpfc: Define size of debugfs entry for xri rebalancing (bsc#1250519). - scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519). - scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519). - scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519). - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519). - scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519). - scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519). - scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519). - scsi: lpfc: Use int type to store negative error codes (bsc#1250519). - scsi: lpfc: Use switch case statements in DIF debugfs handlers (bsc#1250519). - scsi: lpfc: use min() to improve code (bsc#1250519). - scsi: mpi3mr: Event processing debug improvement (bsc#1251186). - scsi: mpi3mr: Fix I/O failures during controller reset (bsc#1251186). - scsi: mpi3mr: Fix controller init failure on fault during queue creation (bsc#1251186). - scsi: mpi3mr: Fix device loss during enclosure reboot due to zero link speed (bsc#1251186). - scsi: mpi3mr: Fix kernel-doc issues in mpi3mr_app.c (git-fixes). - scsi: mpi3mr: Fix premature TM timeouts on virtual drives (bsc#1251186). - scsi: mpi3mr: Fix race between config read submit and interrupt completion (git-fixes). - scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems (git-fixes). - scsi: mpi3mr: Update MPI headers to revision 37 (bsc#1251186). - scsi: mpi3mr: Update driver version to 8.15.0.5.50 (bsc#1251186). - scsi: mpt3sas: Fix a fw_event memory leak (git-fixes). - scsi: mvsas: Fix dma_unmap_sg() nents value (git-fixes). - scsi: qla2xxx: Avoid stack frame size warning in qla_dfs (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() (git-fixes). - scsi: qla2xxx: Remove firmware URL (git-fixes). - scsi: qla2xxx: Use secs_to_jiffies() instead of msecs_to_jiffies() (git-fixes). - scsi: qla2xxx: edif: Fix incorrect sign of error code (git-fixes). - scsi: sd: Make sd shutdown issue START STOP UNIT appropriately (git-fixes). - scsi: smartpqi: Enhance WWID logging logic (bsc#1246631). - scsi: smartpqi: Take drives offline when controller is offline (bsc#1246631). - scsi: smartpqi: Update driver version to 2.1.34-035 (bsc#1246631). - scsi: ufs: Fix toggling of clk_gating.state when clock gating is not allowed (git-fixes). - scsi: ufs: Introduce quirk to extend PA_HIBERN8TIME for UFS devices (git-fixes). - scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails (git-fixes). - scsi: ufs: core: Add missing post notify for power mode change (git-fixes). - scsi: ufs: core: Add ufshcd_send_bsg_uic_cmd() for UFS BSG (git-fixes). - scsi: ufs: core: Always initialize the UIC done completion (git-fixes). - scsi: ufs: core: Do not perform UFS clkscaling during host async scan (git-fixes). - scsi: ufs: core: Fix clk scaling to be conditional in reset and restore (git-fixes). - scsi: ufs: core: Fix error return with query response (git-fixes). - scsi: ufs: core: Fix spelling of a sysfs attribute name (git-fixes). - scsi: ufs: core: Fix ufshcd_is_ufs_dev_busy() and ufshcd_eh_timed_out() (git-fixes). - scsi: ufs: core: Honor runtime/system PM levels if set by host controller drivers (git-fixes). - scsi: ufs: core: Improve ufshcd_mcq_sq_cleanup() (git-fixes). - scsi: ufs: core: Introduce ufshcd_has_pending_tasks() (git-fixes). - scsi: ufs: core: Prepare to introduce a new clock_gating lock (git-fixes). - scsi: ufs: core: Remove redundant query_complete trace (git-fixes). - scsi: ufs: core: Set default runtime/system PM levels before ufshcd_hba_init() (git-fixes). - scsi: ufs: core: Update compl_time_stamp_local_clock after completing a cqe (git-fixes). - scsi: ufs: core: Use link recovery when h8 exit fails during runtime resume (git-fixes). - scsi: ufs: exynos: Add check inside exynos_ufs_config_smu() (git-fixes). - scsi: ufs: exynos: Add gs101_ufs_drv_init() hook and enable WriteBooster (git-fixes). - scsi: ufs: exynos: Enable PRDT pre-fetching with UFSHCD_CAP_CRYPTO (git-fixes). - scsi: ufs: exynos: Ensure consistent phy reference counts (git-fixes). - scsi: ufs: exynos: Ensure pre_link() executes before exynos_ufs_phy_init() (git-fixes). - scsi: ufs: exynos: Fix hibern8 notify callbacks (git-fixes). - scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (git-fixes). - scsi: ufs: exynos: Move UFS shareability value to drvdata (git-fixes). - scsi: ufs: exynos: Move phy calls to .exit() callback (git-fixes). - scsi: ufs: exynos: Remove empty drv_init method (git-fixes). - scsi: ufs: exynos: Remove superfluous function parameter (git-fixes). - scsi: ufs: exynos: gs101: Put UFS device in reset on .suspend() (git-fixes). - scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() (git-fixes). - scsi: ufs: pltfrm: Disable runtime PM during removal of glue drivers (git-fixes). - scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove() (git-fixes). - scsi: ufs: qcom: Fix crypto key eviction (git-fixes). - scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get (git-fixes). - scsi: ufs: ufs-pci: Fix default runtime and system PM levels (git-fixes). - scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers (git-fixes). - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast (git-fixes bsc#1250671). - selftest/livepatch: Only run test-kprobe with CONFIG_KPROBES_ON_FTRACE (poo#187320). - selftests/cpufreq: Fix cpufreq basic read and update testcases (bsc#1250344). - selftests/livepatch: Ignore NO_SUPPORT line in dmesg (poo#187320). - selftests/livepatch: Replace hardcoded module name with variable in test-callbacks.sh (poo#187320). - selftests/run_kselftest.sh: Fix help string for --per-test-log (poo#187320). - selftests/run_kselftest.sh: Use readlink if realpath is not available (poo#187320). - selftests/tracing: Fix false failure of subsystem event test (git-fixes). - selftests: ALSA: fix memory leak in utimer test (git-fixes). - selftests: livepatch: add new ftrace helpers functions (poo#187320). - selftests: livepatch: add test cases of stack_order sysfs interface (poo#187320). - selftests: livepatch: handle PRINTK_CALLER in check_result() (poo#187320). - selftests: livepatch: rename KLP_SYSFS_DIR to SYSFS_KLP_DIR (poo#187320). - selftests: livepatch: save and restore kprobe state (poo#187320). - selftests: livepatch: test if ftrace can trace a livepatched function (poo#187320). - selftests: livepatch: test livepatching a kprobed function (poo#187320). - selftests: ncdevmem: Move ncdevmem under drivers/net/hw (poo#187443). - selinux: change security_compute_sid to return the ssid or tsid on match (git-fixes). - selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (stable-fixes). - serial: 8250: Touch watchdogs in write_atomic() (bsc#1246688). - serial: 8250: fix panic due to PSLVERR (git-fixes). - serial: max310x: Add error checking in probe() (git-fixes). - serial: sc16is7xx: fix bug in flow control levels init (git-fixes). - skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650). - slab: Decouple slab_debug and no_hash_pointers (bsc#1249022). - smb: client: fix crypto buffers in non-linear memory (bsc#1250491, boo#1239206). - smb: client: fix netns refcount leak after net_passive changes (git-fixes). - soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes). - soc/tegra: pmc: Ensure power-domains are in a known state (git-fixes). - soc: mediatek: mtk-svs: fix device leaks on mt8183 probe failure (git-fixes). - soc: mediatek: mtk-svs: fix device leaks on mt8192 probe failure (git-fixes). - soc: qcom: QMI encoding/decoding for big endian (git-fixes). - soc: qcom: fix endianness for QMI header (git-fixes). - soc: qcom: mdt_loader: Actually use the e_phoff (stable-fixes). - soc: qcom: mdt_loader: Deal with zero e_shentsize (git-fixes). - soc: qcom: mdt_loader: Ensure we do not read past the ELF header (git-fixes). - soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() (git-fixes). - soc: qcom: pmic_glink: fix OF node leak (git-fixes). - soc: qcom: rpmh-rsc: Add RSC version 4 support (stable-fixes). - soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (git-fixes). - soundwire: Move handle_nested_irq outside of sdw_dev_lock (stable-fixes). - soundwire: amd: cancel pending slave status handling workqueue during remove sequence (stable-fixes). - soundwire: amd: fix for handling slave alerts after link is down (git-fixes). - soundwire: amd: serialize amd manager resume sequence during pm_prepare (stable-fixes). - soundwire: stream: restore params when prepare ports fail (git-fixes). - spi: bcm2835: Remove redundant semicolons (git-fixes). - spi: cadence-quadspi: Fix cqspi_setup_flash() (git-fixes). - spi: cadence-quadspi: Flush posted register writes before DAC access (git-fixes). - spi: cadence-quadspi: Flush posted register writes before INDAC access (git-fixes). - spi: cadence-quadspi: fix cleanup of rx_chan on failure paths (stable-fixes). - spi: cs42l43: Property entry should be a null-terminated array (bsc#1246979). - spi: fix return code when spi device has too many chipselects (git-fixes). - spi: mtk-snfi: Remove redundant semicolons (git-fixes). - spi: spi-fsl-lpspi: Clamp too high speed_hz (git-fixes). - spi: spi-fsl-lpspi: Clear status register after disabling the module (git-fixes). - spi: spi-fsl-lpspi: Fix transmissions when using CONT (git-fixes). - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (git-fixes). - spi: spi-fsl-lpspi: Set correct chip-select polarity bit (git-fixes). - spi: stm32: Check for cfg availability in stm32_spi_probe (git-fixes). - sprintf.h requires stdarg.h (git-fixes). - sprintf.h: mask additional include (git-fixes). - squashfs: fix memory leak in squashfs_fill_super (git-fixes). - staging: axis-fifo: fix TX handling on copy_from_user() failure (git-fixes). - staging: axis-fifo: fix maximum TX packet length check (git-fixes). - staging: axis-fifo: flush RX FIFO on read errors (git-fixes). - staging: axis-fifo: remove sysfs interface (git-fixes). - staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes). - staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() (git-fixes). - staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes). - staging: vchiq_arm: Make vchiq_shutdown never fail (git-fixes). - struct cdc_ncm_ctx: move new member to end (git-fixes). - sunrpc: fix client side handling of tls alerts (git-fixes). - sunrpc: fix handling of server side tls alerts (git-fixes). - sunrpc: fix null pointer dereference on zero-length checksum (git-fixes). - sunvdc: Balance device refcount in vdc_port_mpgroup_check (git-fixes). - supported.conf: Mark ZL3073X modules supported - supported.conf: mark hyperv_drm as external - tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes). - tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650). - thermal/drivers/mediatek/lvts_thermal: Add lvts commands and their sizes to driver data (stable-fixes). - thermal/drivers/mediatek/lvts_thermal: Add mt7988 lvts commands (stable-fixes). - thermal/drivers/mediatek/lvts_thermal: Change lvts commands array to static const (stable-fixes). - thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required (stable-fixes). - thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes). - thermal: sysfs: Return ENODATA instead of EAGAIN for reads (stable-fixes). - thunderbolt: Compare HMAC values in constant time (git-fixes). - thunderbolt: Fix copy+paste error in match_service_id() (git-fixes). - tools/power turbostat: Clustered Uncore MHz counters should honor show/hide options (stable-fixes). - tools/power turbostat: Fix bogus SysWatt for forked program (git-fixes). - tools/power turbostat: Fix build with musl (stable-fixes). - tools/power turbostat: Handle cap_get_proc() ENOSYS (stable-fixes). - tools/power turbostat: Handle non-root legacy-uncore sysfs permissions (stable-fixes). - tools/resolve_btfids: Fix build when cross compiling kernel with clang (git-fixes). - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (git-fixes). - trace/fgraph: Fix error handling (git-fixes). - trace/ring-buffer: Do not use TP_printk() formatting for boot mapped buffers (git-fixes). - tracepoint: Print the function symbol when tracepoint_debug is set (jsc#PED-13631). - tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (git-fixes). - tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes). - tracing: Correct the refcount if the hist/hist_debug file fails to open (git-fixes). - tracing: Fix filter string testing (git-fixes). - tracing: Fix using ret variable in tracing_set_tracer() (git-fixes). - tracing: Remove unneeded goto out logic (bsc#1249286). - tracing: Switch trace.c code over to use guard() (git-fixes). - tracing: Switch trace_events_hist.c code over to use guard() (git-fixes). - tracing: fprobe events: Fix possible UAF on modules (git-fixes). - tracing: tprobe-events: Fix leakage of module refcount (git-fixes). - tty: hvc_console: Call hvc_kick in hvc_write unconditionally (bsc#1230062). - tty: n_gsm: Do not block input queue by waiting MSC (git-fixes). - tty: serial: fix print format specifiers (stable-fixes). - ublk: sanity check add_dev input for underflow (git-fixes). - ublk: use vmalloc for ublk_device's __queues (git-fixes). - ucount: fix atomic_long_inc_below() argument type (git-fixes). - uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes). - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes). - usb: cdns3: cdnsp-pci: remove redundant pci_disable_device() call (git-fixes). - usb: core: Add 0x prefix to quirks debug output (stable-fixes). - usb: core: config: Prevent OOB read in SS endpoint companion parsing (stable-fixes). - usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test (git-fixes). - usb: core: usb_submit_urb: downgrade type check (stable-fixes). - usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (git-fixes). - usb: dwc3: Remove WARN_ON for device endpoint command timeouts (stable-fixes). - usb: dwc3: imx8mp: fix device leak at unbind (git-fixes). - usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes). - usb: dwc3: pci: add support for the Intel Wildcat Lake (stable-fixes). - usb: dwc3: qcom: Do not leave BCR asserted (git-fixes). - usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes). - usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes). - usb: gadget: configfs: Correctly set use_os_string at bind (git-fixes). - usb: gadget: midi2: Fix MIDI2 IN EP max packet size (git-fixes). - usb: gadget: midi2: Fix missing UMP group attributes initialization (git-fixes). - usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes). - usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (git-fixes). - usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes). - usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes). - usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls (git-fixes). - usb: musb: omap2430: fix device leak at unbind (git-fixes). - usb: phy: twl6030: Fix incorrect type for ret (git-fixes). - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (stable-fixes). - usb: renesas-xhci: Fix External ROM access timeouts (git-fixes). - usb: storage: realtek_cr: Use correct byte order for bcs->Residue (git-fixes). - usb: typec: fusb302: cache PD RX state (git-fixes). - usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present (stable-fixes). - usb: typec: maxim_contaminant: disable low power mode when reading comparator values (git-fixes). - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean (git-fixes). - usb: typec: tcpm/tcpci_maxim: fix irq wake usage (stable-fixes). - usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes). - usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes). - usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes). - usb: typec: tcpm: properly deliver cable vdms to altmode drivers (git-fixes). - usb: typec: tipd: Clear interrupts first (git-fixes). - usb: typec: ucsi: Update power_supply on power role change (git-fixes). - usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default (stable-fixes). - usb: typec: ucsi: yoga-c630: fix error and remove paths (git-fixes). - usb: vhci-hcd: Prevent suspending virtually attached devices (git-fixes). - usb: xhci: Avoid showing errors during surprise removal (stable-fixes). - usb: xhci: Avoid showing warnings for dying controller (stable-fixes). - usb: xhci: Fix slot_id resource race conflict (git-fixes). - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (stable-fixes). - usb: xhci: print xhci->xhc_state when queue_command failed (stable-fixes). - use uniform permission checks for all mount propagation changes (git-fixes). - vdpa/mlx5: Fix needs_teardown flag calculation (git-fixes). - vdpa: Fix IDR memory leak in VDUSE module exit (git-fixes). - vhost-scsi: Fix log flooding with target does not exist errors (git-fixes). - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (git-fixes). - vhost/vsock: Avoid allocating arbitrarily-sized SKBs (git-fixes). - vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER (git-fixes). - vhost: Reintroduce kthread API and add mode selection (git-fixes). - vhost: fail early when __vhost_add_used() fails (git-fixes). - virtchnl2: add flow steering support (jsc#PED-13728). - virtchnl2: rename enum virtchnl2_cap_rss (jsc#PED-13728). - virtchnl: add PTP virtchnl definitions (jsc#PED-13728 jsc#PED-13762). - virtio_net: Enforce minimum TX ring size for reliability (git-fixes). - virtio_ring: Fix error reporting in virtqueue_resize (git-fixes). - vmci: Prevent the dispatching of uninitialized payloads (git-fixes). - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page (git-fixes). - vsock/virtio: Validate length in packet header before skb_put() (git-fixes). - vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes). - vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes). - watchdog: dw_wdt: Fix default timeout (stable-fixes). - watchdog: iTCO_wdt: Report error if timeout configuration fails (stable-fixes). - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (git-fixes). - watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition (stable-fixes). - watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes). - wifi: ath10k: avoid unnecessary wait for service ready message (git-fixes). - wifi: ath10k: shutdown driver when hardware is unreliable (stable-fixes). - wifi: ath11k: HAL SRNG: do not deinitialize and re-initialize again (git-fixes). - wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes). - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (git-fixes). - wifi: ath11k: fix dest ring-buffer corruption (git-fixes). - wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes). - wifi: ath11k: fix group data packet drops during rekey (git-fixes). - wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes). - wifi: ath11k: fix source ring-buffer corruption (git-fixes). - wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes). - wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952). - wifi: ath12k: Add memset and update default rate value in wmi tx completion (stable-fixes). - wifi: ath12k: Correct tid cleanup when tid setup fails (stable-fixes). - wifi: ath12k: Decrement TID on RX peer frag setup error handling (stable-fixes). - wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 (stable-fixes). - wifi: ath12k: Fix station association with MBSSID Non-TX BSS (stable-fixes). - wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (git-fixes). - wifi: ath12k: fix dest ring-buffer corruption (git-fixes). - wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes). - wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes). - wifi: ath12k: fix memory leak in ath12k_pci_remove() (stable-fixes). - wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event (git-fixes). - wifi: ath12k: fix source ring-buffer corruption (git-fixes). - wifi: ath12k: fix the fetching of combined rssi (git-fixes). - wifi: ath12k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes). - wifi: ath12k: fix wrong logging ID used for CE (git-fixes). - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes). - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (git-fixes). - wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes). - wifi: cfg80211: Fix interface type validation (stable-fixes). - wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes). - wifi: cfg80211: reject HTC bit for management frames (stable-fixes). - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (git-fixes). - wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes). - wifi: iwlegacy: Check rate_idx range after addition (stable-fixes). - wifi: iwlwifi: Add missing firmware info for bz-b0-* models (bsc#1252084). - wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes). - wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes). - wifi: iwlwifi: Remove redundant header files (git-fixes). - wifi: iwlwifi: config: unify fw/pnvm MODULE_FIRMWARE (bsc#1252084). - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (stable-fixes). - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (stable-fixes). - wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn (stable-fixes). - wifi: iwlwifi: mvm: fix scan request validation (stable-fixes). - wifi: iwlwifi: mvm: set gtk id also in older FWs (stable-fixes). - wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes). - wifi: iwlwifi: uefi: check DSM item validity (git-fixes). - wifi: libertas: cap SSID len in lbs_associate() (git-fixes). - wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes). - wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes). - wifi: mac80211: Do not schedule stopped TXQs (git-fixes). - wifi: mac80211: Write cnt before copying in ieee80211_copy_rnr_beacon() (git-fixes). - wifi: mac80211: avoid weird state in error path (stable-fixes). - wifi: mac80211: do not complete management TX on SAE commit (stable-fixes). - wifi: mac80211: do not unreserve never reserved chanctx (stable-fixes). - wifi: mac80211: fix Rx packet handling when pubsta information is not available (git-fixes). - wifi: mac80211: fix incorrect type for ret (stable-fixes). - wifi: mac80211: fix rx link assignment for non-MLO stations (stable-fixes). - wifi: mac80211: increase scan_ies_len for S1G (stable-fixes). - wifi: mac80211: reject TDLS operations when station is not associated (git-fixes). - wifi: mac80211: update radar_required in channel context after channel switch (stable-fixes). - wifi: mt76: fix linked list corruption (git-fixes). - wifi: mt76: fix potential memory leak in mt76_wmac_probe() (git-fixes). - wifi: mt76: free pending offchannel tx frames on wcid cleanup (git-fixes). - wifi: mt76: mt7915: fix mt7981 pre-calibration (git-fixes). - wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch (stable-fixes). - wifi: mt76: mt7925: adjust rm BSS flow to prevent next connection failure (git-fixes). - wifi: mt76: mt7925: fix locking in mt7925_change_vif_links() (git-fixes). - wifi: mt76: mt7925: fix the wrong bss cleanup for SAP (git-fixes). - wifi: mt76: mt7925u: use connac3 tx aggr check in tx complete (git-fixes). - wifi: mt76: mt7996: Convert mt7996_wed_rro_addr to LE (git-fixes). - wifi: mt76: mt7996: Fix RX packets configuration for primary WED device (git-fixes). - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() (git-fixes). - wifi: mt76: prevent non-offchannel mgmt tx during scan/roc (git-fixes). - wifi: mwifiex: Initialize the chan_stats array to zero (git-fixes). - wifi: mwifiex: send world regulatory domain to driver (git-fixes). - wifi: nl80211: Set num_sub_specs before looping through sub_specs (git-fixes). - wifi: plfxlc: Fix error handling in usb driver probe (git-fixes). - wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes). - wifi: rtl8xxxu: Do not claim USB ID 07b8:8188 (stable-fixes). - wifi: rtl8xxxu: Fix RX skb size for aggregation disabled (git-fixes). - wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() (stable-fixes). - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()` (stable-fixes). - wifi: rtlwifi: rtl8192cu: Do not claim USB ID 07b8:8188 (stable-fixes). - wifi: rtw88: Fix macid assigned to TDLS station (git-fixes). - wifi: rtw89: Fix rtw89_mac_power_switch() for USB (stable-fixes). - wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB (stable-fixes). - wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes). - wifi: rtw89: avoid circular locking dependency in ser_state_run() (git-fixes). - wifi: rtw89: scan abort when assign/unassign_vif (stable-fixes). - wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode (stable-fixes). - wifi: virt_wifi: Fix page fault on connect (stable-fixes). - wifi: wilc1000: avoid buffer overflow in WID string configuration (stable-fixes). - writeback: Avoid contention on wb->list_lock when switching inodes (bsc#1237776). - writeback: Avoid contention on wb->list_lock when switching inodes (kABI fixup) (bsc#1237776). - writeback: Avoid excessively long inode switching times (bsc#1237776). - writeback: Avoid softlockup when switching many inodes (bsc#1237776). - x86/CPU/AMD: Add CPUID faulting support (jsc#PED-13704). - x86/Kconfig: Add arch attack vector support (git-fixes). - x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes). - x86/boot: Sanitize boot params before parsing command line (git-fixes). - x86/bugs: Add SRSO_MITIGATION_NOSMT (git-fixes). - x86/bugs: Add attack vector controls for BHI (git-fixes). - x86/bugs: Add attack vector controls for GDS (git-fixes). - x86/bugs: Add attack vector controls for ITS (git-fixes). - x86/bugs: Add attack vector controls for L1TF (git-fixes). - x86/bugs: Add attack vector controls for MDS (git-fixes). - x86/bugs: Add attack vector controls for MMIO (git-fixes). - x86/bugs: Add attack vector controls for RFDS (git-fixes). - x86/bugs: Add attack vector controls for SRBDS (git-fixes). - x86/bugs: Add attack vector controls for SRSO (git-fixes). - x86/bugs: Add attack vector controls for SSB (git-fixes). - x86/bugs: Add attack vector controls for TAA (git-fixes). - x86/bugs: Add attack vector controls for TSA (git-fixes). - x86/bugs: Add attack vector controls for retbleed (git-fixes). - x86/bugs: Add attack vector controls for spectre_v1 (git-fixes). - x86/bugs: Add attack vector controls for spectre_v2 (git-fixes). - x86/bugs: Add attack vector controls for spectre_v2_user (git-fixes). - x86/bugs: Allow ITS stuffing in eIBRS+retpoline mode also (git-fixes). - x86/bugs: Avoid AUTO after the select step in the retbleed mitigation (git-fixes). - x86/bugs: Avoid warning when overriding return thunk (git-fixes). - x86/bugs: Clean up SRSO microcode handling (git-fixes). - x86/bugs: Define attack vectors relevant for each bug (git-fixes). - x86/bugs: Fix GDS mitigation selecting when mitigation is off (git-fixes). - x86/bugs: Introduce cdt_possible() (git-fixes). - x86/bugs: Print enabled attack vectors (git-fixes). - x86/bugs: Remove its=stuff dependency on retbleed (git-fixes). - x86/bugs: Select best SRSO mitigation (git-fixes). - x86/bugs: Simplify the retbleed=stuff checks (git-fixes). - x86/bugs: Use IBPB for retbleed if used by SRSO (git-fixes). - x86/bugs: Use switch/case in its_apply_mitigation() (git-fixes). - x86/cacheinfo: Properly parse CPUID(0x80000005) L1d/L1i associativity (git-fixes). - x86/cacheinfo: Properly parse CPUID(0x80000006) L2/L3 associativity (git-fixes). - x86/cpu: Sanitize CPUID(0x80000000) output (git-fixes). - x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes). - x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures (git-fixes). - x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() (git-fixes). - x86/fpu: Delay instruction pointer fixup until after warning (git-fixes). - x86/fpu: Fix guest FPU state buffer allocation size (git-fixes). - x86/fpu: Fully optimize out WARN_ON_FPU() (git-fixes). - x86/fpu: Refactor xfeature bitmask update code for sigframe XSAVE (git-fixes). - x86/fred/signal: Prevent immediate repeat of single step trap on return from SIGTRAP handler (git-fixes). - x86/headers: Replace __ASSEMBLY__ with __ASSEMBLER__ in UAPI headers (git-fixes). - x86/locking: Use ALT_OUTPUT_SP() for percpu_{,try_}cmpxchg{64,128}_op() (git-fixes). - x86/mce/amd: Add default names for MCA banks and blocks (git-fixes). - x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes). - x86/mce: Ensure user polling settings are honored when restarting timer (git-fixes). - x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes). - x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes). - x86/microcode: Consolidate the loader enablement checking (git-fixes). - x86/microcode: Update the Intel processor flag scan check (git-fixes). - x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (git-fixes). - x86/mm/pat: do not collapse pages without PSE set (git-fixes). - x86/nmi: Add an emergency handler in nmi_desc & use it in nmi_shootdown_cpus() (git-fixes). - x86/percpu: Disable named address spaces for UBSAN_BOOL with KASAN for GCC < 14.2 (git-fixes). - x86/pkeys: Simplify PKRU update in signal frame (git-fixes). - x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes). - x86/pti: Add attack vector controls for PTI (git-fixes). - x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes). - x86/smp: Allow calling mwait_play_dead with an arbitrary hint (jsc#PED-13815). - x86/smp: Fix mwait_play_dead() and acpi_processor_ffh_play_dead() noreturn behavior (jsc#PED-13815). - x86/smp: PM/hibernate: Split arch_resume_nosmt() (jsc#PED-13815). - x86/smpboot: Fix INIT delay assignment for extended Intel Families (git-fixes). - x86/topology: Implement topology_is_core_online() to address SMT regression (jsc#PED-13815). - x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes). - xen/gntdev: remove struct gntdev_copy_batch from stack (git-fixes). - xen/netfront: Fix TX response spurious interrupts (git-fixes). - xen: fix UAF in dmabuf_exp_from_pages() (git-fixes). - xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO (git-fixes). - xfs: change xfs_xattr_class from a TRACE_EVENT() to DECLARE_EVENT_CLASS() (git-fixes). - xfs: do not propagate ENODATA disk errors into xattr code (git-fixes). - xfs: fix scrub trace with null pointer in quotacheck (git-fixes). - xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes). - xfs: remove unused event xfs_alloc_near_error (git-fixes). - xfs: remove unused event xfs_alloc_near_nominleft (git-fixes). - xfs: remove unused event xfs_attr_node_removename (git-fixes). - xfs: remove unused event xfs_ioctl_clone (git-fixes). - xfs: remove unused event xfs_pagecache_inval (git-fixes). - xfs: remove unused event xlog_iclog_want_sync (git-fixes). - xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes). - xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes). - xfs: remove unused trace event xfs_discard_rtrelax (git-fixes). - xfs: remove unused trace event xfs_log_cil_return (git-fixes). - xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes). - xfs: remove unused xfs_attr events (git-fixes). - xfs: remove unused xfs_reflink_compare_extents events (git-fixes). - xfs: remove usused xfs_end_io_direct events (git-fixes). - xhci: dbc: Fix full DbC transfer ring after several reconnects (git-fixes). - xhci: dbc: decouple endpoint allocation from initialization (git-fixes). - xhci: fix memory leak regression when freeing xhci vdev devices depth first (git-fixes). - xirc2ps_cs: fix register access when enabling FullDuplex (git-fixes). - zram: permit only one post-processing operation at a time (git-fixes). kernel-devel-6.12.0-160000.6.1.noarch.rpm True kernel-macros-6.12.0-160000.6.1.noarch.rpm True kernel-source-6.12.0-160000.6.1.noarch.rpm True kernel-source-vanilla-6.12.0-160000.6.1.noarch.rpm True dtb-allwinner-6.12.0-160000.6.1.aarch64.rpm True dtb-altera-6.12.0-160000.6.1.aarch64.rpm True dtb-amazon-6.12.0-160000.6.1.aarch64.rpm True dtb-amd-6.12.0-160000.6.1.aarch64.rpm True dtb-amlogic-6.12.0-160000.6.1.aarch64.rpm True dtb-apm-6.12.0-160000.6.1.aarch64.rpm True dtb-apple-6.12.0-160000.6.1.aarch64.rpm True dtb-arm-6.12.0-160000.6.1.aarch64.rpm True dtb-broadcom-6.12.0-160000.6.1.aarch64.rpm True dtb-cavium-6.12.0-160000.6.1.aarch64.rpm True dtb-exynos-6.12.0-160000.6.1.aarch64.rpm True dtb-freescale-6.12.0-160000.6.1.aarch64.rpm True dtb-hisilicon-6.12.0-160000.6.1.aarch64.rpm True dtb-lg-6.12.0-160000.6.1.aarch64.rpm True dtb-marvell-6.12.0-160000.6.1.aarch64.rpm True dtb-mediatek-6.12.0-160000.6.1.aarch64.rpm True dtb-nvidia-6.12.0-160000.6.1.aarch64.rpm True dtb-qcom-6.12.0-160000.6.1.aarch64.rpm True dtb-renesas-6.12.0-160000.6.1.aarch64.rpm True dtb-rockchip-6.12.0-160000.6.1.aarch64.rpm True dtb-socionext-6.12.0-160000.6.1.aarch64.rpm True dtb-sprd-6.12.0-160000.6.1.aarch64.rpm True dtb-xilinx-6.12.0-160000.6.1.aarch64.rpm True cluster-md-kmp-64kb-6.12.0-160000.6.1.aarch64.rpm True dlm-kmp-64kb-6.12.0-160000.6.1.aarch64.rpm True gfs2-kmp-64kb-6.12.0-160000.6.1.aarch64.rpm True kernel-64kb-6.12.0-160000.6.1.aarch64.rpm True kernel-64kb-devel-6.12.0-160000.6.1.aarch64.rpm True kernel-64kb-extra-6.12.0-160000.6.1.aarch64.rpm True kernel-64kb-optional-6.12.0-160000.6.1.aarch64.rpm True kselftests-kmp-64kb-6.12.0-160000.6.1.aarch64.rpm True ocfs2-kmp-64kb-6.12.0-160000.6.1.aarch64.rpm True cluster-md-kmp-default-6.12.0-160000.6.1.aarch64.rpm True dlm-kmp-default-6.12.0-160000.6.1.aarch64.rpm True gfs2-kmp-default-6.12.0-160000.6.1.aarch64.rpm True kernel-default-6.12.0-160000.6.1.aarch64.rpm True kernel-default-devel-6.12.0-160000.6.1.aarch64.rpm True kernel-default-extra-6.12.0-160000.6.1.aarch64.rpm True kernel-default-optional-6.12.0-160000.6.1.aarch64.rpm True kselftests-kmp-default-6.12.0-160000.6.1.aarch64.rpm True ocfs2-kmp-default-6.12.0-160000.6.1.aarch64.rpm True kernel-docs-6.12.0-160000.6.1.noarch.rpm True kernel-docs-html-6.12.0-160000.6.1.noarch.rpm True kernel-kvmsmall-6.12.0-160000.6.1.aarch64.rpm True kernel-kvmsmall-devel-6.12.0-160000.6.1.aarch64.rpm True kernel-obs-build-6.12.0-160000.6.1.aarch64.rpm True kernel-obs-qa-6.12.0-160000.6.1.aarch64.rpm True cluster-md-kmp-rt-6.12.0-160000.6.1.aarch64.rpm True dlm-kmp-rt-6.12.0-160000.6.1.aarch64.rpm True gfs2-kmp-rt-6.12.0-160000.6.1.aarch64.rpm True kernel-rt-6.12.0-160000.6.1.aarch64.rpm True kernel-rt-devel-6.12.0-160000.6.1.aarch64.rpm True kernel-rt-extra-6.12.0-160000.6.1.aarch64.rpm True kernel-rt-optional-6.12.0-160000.6.1.aarch64.rpm True kselftests-kmp-rt-6.12.0-160000.6.1.aarch64.rpm True ocfs2-kmp-rt-6.12.0-160000.6.1.aarch64.rpm True kernel-syms-6.12.0-160000.6.1.aarch64.rpm True kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64.rpm True cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le.rpm True dlm-kmp-default-6.12.0-160000.6.1.ppc64le.rpm True gfs2-kmp-default-6.12.0-160000.6.1.ppc64le.rpm True kernel-default-6.12.0-160000.6.1.ppc64le.rpm True kernel-default-devel-6.12.0-160000.6.1.ppc64le.rpm True kernel-default-extra-6.12.0-160000.6.1.ppc64le.rpm True kernel-default-optional-6.12.0-160000.6.1.ppc64le.rpm True kselftests-kmp-default-6.12.0-160000.6.1.ppc64le.rpm True ocfs2-kmp-default-6.12.0-160000.6.1.ppc64le.rpm True kernel-kvmsmall-6.12.0-160000.6.1.ppc64le.rpm True kernel-kvmsmall-devel-6.12.0-160000.6.1.ppc64le.rpm True kernel-obs-build-6.12.0-160000.6.1.ppc64le.rpm True kernel-obs-qa-6.12.0-160000.6.1.ppc64le.rpm True kernel-syms-6.12.0-160000.6.1.ppc64le.rpm True kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le.rpm True cluster-md-kmp-default-6.12.0-160000.6.1.s390x.rpm True dlm-kmp-default-6.12.0-160000.6.1.s390x.rpm True gfs2-kmp-default-6.12.0-160000.6.1.s390x.rpm True kernel-default-6.12.0-160000.6.1.s390x.rpm True kernel-default-devel-6.12.0-160000.6.1.s390x.rpm True kernel-default-extra-6.12.0-160000.6.1.s390x.rpm True kernel-default-optional-6.12.0-160000.6.1.s390x.rpm True kselftests-kmp-default-6.12.0-160000.6.1.s390x.rpm True ocfs2-kmp-default-6.12.0-160000.6.1.s390x.rpm True kernel-obs-build-6.12.0-160000.6.1.s390x.rpm True kernel-obs-qa-6.12.0-160000.6.1.s390x.rpm True kernel-syms-6.12.0-160000.6.1.s390x.rpm True kernel-zfcpdump-6.12.0-160000.6.1.s390x.rpm True cluster-md-kmp-default-6.12.0-160000.6.1.x86_64.rpm True dlm-kmp-default-6.12.0-160000.6.1.x86_64.rpm True gfs2-kmp-default-6.12.0-160000.6.1.x86_64.rpm True kernel-default-6.12.0-160000.6.1.x86_64.rpm True kernel-default-devel-6.12.0-160000.6.1.x86_64.rpm True kernel-default-extra-6.12.0-160000.6.1.x86_64.rpm True kernel-default-optional-6.12.0-160000.6.1.x86_64.rpm True kernel-default-vdso-6.12.0-160000.6.1.x86_64.rpm True kselftests-kmp-default-6.12.0-160000.6.1.x86_64.rpm True ocfs2-kmp-default-6.12.0-160000.6.1.x86_64.rpm True kernel-kvmsmall-6.12.0-160000.6.1.x86_64.rpm True kernel-kvmsmall-devel-6.12.0-160000.6.1.x86_64.rpm True kernel-kvmsmall-vdso-6.12.0-160000.6.1.x86_64.rpm True kernel-obs-build-6.12.0-160000.6.1.x86_64.rpm True kernel-obs-qa-6.12.0-160000.6.1.x86_64.rpm True cluster-md-kmp-rt-6.12.0-160000.6.1.x86_64.rpm True dlm-kmp-rt-6.12.0-160000.6.1.x86_64.rpm True gfs2-kmp-rt-6.12.0-160000.6.1.x86_64.rpm True kernel-rt-6.12.0-160000.6.1.x86_64.rpm True kernel-rt-devel-6.12.0-160000.6.1.x86_64.rpm True kernel-rt-extra-6.12.0-160000.6.1.x86_64.rpm True kernel-rt-optional-6.12.0-160000.6.1.x86_64.rpm True kernel-rt-vdso-6.12.0-160000.6.1.x86_64.rpm True kselftests-kmp-rt-6.12.0-160000.6.1.x86_64.rpm True ocfs2-kmp-rt-6.12.0-160000.6.1.x86_64.rpm True kernel-syms-6.12.0-160000.6.1.x86_64.rpm True kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64.rpm True openSUSE-Leap-16.0-500 Recommended update for patterns-base moderate SUSE SLFO 1.2 This update for patterns-base fixes the following issues: Changes in patterns-base: - Drop biosdevname, this is being replaced by systemd predictable network interface naming (jsc#PED-262). patterns-base-base-20241218-160000.3.1.aarch64.rpm patterns-base-basesystem-20241218-160000.3.1.aarch64.rpm patterns-base-bootloader-20241218-160000.3.1.aarch64.rpm patterns-base-documentation-20241218-160000.3.1.aarch64.rpm patterns-base-enhanced_base-20241218-160000.3.1.aarch64.rpm patterns-base-fips-20241218-160000.3.1.aarch64.rpm patterns-base-kdump-20241218-160000.3.1.aarch64.rpm patterns-base-minimal_base-20241218-160000.3.1.aarch64.rpm patterns-base-selinux-20241218-160000.3.1.aarch64.rpm patterns-base-sw_management-20241218-160000.3.1.aarch64.rpm patterns-base-base-20241218-160000.3.1.ppc64le.rpm patterns-base-basesystem-20241218-160000.3.1.ppc64le.rpm patterns-base-bootloader-20241218-160000.3.1.ppc64le.rpm patterns-base-documentation-20241218-160000.3.1.ppc64le.rpm patterns-base-enhanced_base-20241218-160000.3.1.ppc64le.rpm patterns-base-fips-20241218-160000.3.1.ppc64le.rpm patterns-base-kdump-20241218-160000.3.1.ppc64le.rpm patterns-base-minimal_base-20241218-160000.3.1.ppc64le.rpm patterns-base-selinux-20241218-160000.3.1.ppc64le.rpm patterns-base-sw_management-20241218-160000.3.1.ppc64le.rpm patterns-base-base-20241218-160000.3.1.s390x.rpm patterns-base-basesystem-20241218-160000.3.1.s390x.rpm patterns-base-bootloader-20241218-160000.3.1.s390x.rpm patterns-base-documentation-20241218-160000.3.1.s390x.rpm patterns-base-enhanced_base-20241218-160000.3.1.s390x.rpm patterns-base-fips-20241218-160000.3.1.s390x.rpm patterns-base-kdump-20241218-160000.3.1.s390x.rpm patterns-base-minimal_base-20241218-160000.3.1.s390x.rpm patterns-base-selinux-20241218-160000.3.1.s390x.rpm patterns-base-sw_management-20241218-160000.3.1.s390x.rpm patterns-base-base-20241218-160000.3.1.x86_64.rpm patterns-base-basesystem-20241218-160000.3.1.x86_64.rpm patterns-base-bootloader-20241218-160000.3.1.x86_64.rpm patterns-base-documentation-20241218-160000.3.1.x86_64.rpm patterns-base-enhanced_base-20241218-160000.3.1.x86_64.rpm patterns-base-fips-20241218-160000.3.1.x86_64.rpm patterns-base-kdump-20241218-160000.3.1.x86_64.rpm patterns-base-minimal_base-20241218-160000.3.1.x86_64.rpm patterns-base-selinux-20241218-160000.3.1.x86_64.rpm patterns-base-sw_management-20241218-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-501 Security update for MozillaFirefox important SUSE SLFO 1.2 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.9.1 ESR (bsc#1261663). - MFSA 2026-27: * CVE-2026-5731: memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2. * CVE-2026-5732: incorrect boundary conditions, integer overflow in the Graphics: Text component. * CVE-2026-5734: memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2. MozillaFirefox-140.9.1-160000.1.1.aarch64.rpm MozillaFirefox-branding-upstream-140.9.1-160000.1.1.aarch64.rpm MozillaFirefox-devel-140.9.1-160000.1.1.noarch.rpm MozillaFirefox-translations-common-140.9.1-160000.1.1.aarch64.rpm MozillaFirefox-translations-other-140.9.1-160000.1.1.aarch64.rpm MozillaFirefox-140.9.1-160000.1.1.ppc64le.rpm MozillaFirefox-branding-upstream-140.9.1-160000.1.1.ppc64le.rpm MozillaFirefox-translations-common-140.9.1-160000.1.1.ppc64le.rpm MozillaFirefox-translations-other-140.9.1-160000.1.1.ppc64le.rpm MozillaFirefox-140.9.1-160000.1.1.s390x.rpm MozillaFirefox-branding-upstream-140.9.1-160000.1.1.s390x.rpm MozillaFirefox-translations-common-140.9.1-160000.1.1.s390x.rpm MozillaFirefox-translations-other-140.9.1-160000.1.1.s390x.rpm MozillaFirefox-140.9.1-160000.1.1.x86_64.rpm MozillaFirefox-branding-upstream-140.9.1-160000.1.1.x86_64.rpm MozillaFirefox-translations-common-140.9.1-160000.1.1.x86_64.rpm MozillaFirefox-translations-other-140.9.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-502 Security update for zlib moderate SUSE SLFO 1.2 This update for zlib fixes the following issues: - CVE-2026-27171: Fixed an infinite loop via the crc32_combine64 and crc32_combine_gen64 functions due to missing checks for negative lengths. (bsc#1258392) - CVE-2023-45853: Fixed an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6. (bsc#1216378) libminizip1-1.2.13-160000.3.1.aarch64.rpm libz1-1.2.13-160000.3.1.aarch64.rpm minizip-devel-1.2.13-160000.3.1.aarch64.rpm zlib-devel-1.2.13-160000.3.1.aarch64.rpm zlib-devel-static-1.2.13-160000.3.1.aarch64.rpm zlib-testsuite-1.2.13-160000.3.1.aarch64.rpm libminizip1-1.2.13-160000.3.1.ppc64le.rpm libz1-1.2.13-160000.3.1.ppc64le.rpm minizip-devel-1.2.13-160000.3.1.ppc64le.rpm zlib-devel-1.2.13-160000.3.1.ppc64le.rpm zlib-devel-static-1.2.13-160000.3.1.ppc64le.rpm zlib-testsuite-1.2.13-160000.3.1.ppc64le.rpm libminizip1-1.2.13-160000.3.1.s390x.rpm libz1-1.2.13-160000.3.1.s390x.rpm minizip-devel-1.2.13-160000.3.1.s390x.rpm zlib-devel-1.2.13-160000.3.1.s390x.rpm zlib-devel-static-1.2.13-160000.3.1.s390x.rpm zlib-testsuite-1.2.13-160000.3.1.s390x.rpm libminizip1-1.2.13-160000.3.1.x86_64.rpm libminizip1-x86-64-v3-1.2.13-160000.3.1.x86_64.rpm libz1-1.2.13-160000.3.1.x86_64.rpm libz1-x86-64-v3-1.2.13-160000.3.1.x86_64.rpm minizip-devel-1.2.13-160000.3.1.x86_64.rpm zlib-devel-1.2.13-160000.3.1.x86_64.rpm zlib-devel-static-1.2.13-160000.3.1.x86_64.rpm zlib-testsuite-1.2.13-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-503 Recommended update for chrony moderate SUSE SLFO 1.2 This update for chrony fixes the following issues: - Add maxunreach option to limit selection of unreachable sources - Add -u option to chronyc to drop root privileges (default chronyc user is set by configure script) - Fix refclock extpps option to work on Linux greater than or equal to 6.15 - Validate refclock samples for reachability updates - Fix racy socket creation (bsc#1246544) - Add opencommands directive to select remote monitoring commands - Add interval option to driftfile directive - Add waitsynced and waitunsynced options to local directive - Add sanity checks for integer values in configuration - Add support for systemd Type=notify service - Add RTC refclock driver - Allow PHC refclock to be specified with network interface name - Do not require multiple refclock samples per poll to simplify filter configuration - Keep refclock reachable when dropping samples with large delay - Improve quantile-based filtering to adapt faster to larger delay - Improve logging of selection failures - Detect clock interference from other processes - Try to reopen message log (-l option) on cyclelogs command - Fix sourcedir reloading to not multiply sources - Fix tracking offset after failed clock step - Drop support for NTS with Nettle less than 3.6 and GnuTLS less than 3.6.14 - Drop support for building without POSIX threads chrony-4.8-160000.1.1.aarch64.rpm chrony-pool-empty-4.8-160000.1.1.noarch.rpm chrony-pool-openSUSE-4.8-160000.1.1.noarch.rpm chrony-pool-suse-4.8-160000.1.1.noarch.rpm chrony-4.8-160000.1.1.ppc64le.rpm chrony-4.8-160000.1.1.s390x.rpm chrony-4.8-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-504 Security update for pgvector important SUSE SLFO 1.2 This update for pgvector fixes the following issue: Update to pgvector 0.8.2: - CVE-2026-3172: Buffer overflow in parallel HNSW index build (bsc#1258945). Changelog: * Fixed Index Searches in EXPLAIN output for Postgres 18 pgvector-devel-0.8.2-160000.1.1.aarch64.rpm postgresql13-pgvector-0.8.2-160000.1.1.aarch64.rpm postgresql14-pgvector-0.8.2-160000.1.1.aarch64.rpm postgresql15-pgvector-0.8.2-160000.1.1.aarch64.rpm postgresql16-pgvector-0.8.2-160000.1.1.aarch64.rpm postgresql17-pgvector-0.8.2-160000.1.1.aarch64.rpm postgresql18-pgvector-0.8.2-160000.1.1.aarch64.rpm pgvector-devel-0.8.2-160000.1.1.ppc64le.rpm postgresql13-pgvector-0.8.2-160000.1.1.ppc64le.rpm postgresql14-pgvector-0.8.2-160000.1.1.ppc64le.rpm postgresql15-pgvector-0.8.2-160000.1.1.ppc64le.rpm postgresql16-pgvector-0.8.2-160000.1.1.ppc64le.rpm postgresql17-pgvector-0.8.2-160000.1.1.ppc64le.rpm postgresql18-pgvector-0.8.2-160000.1.1.ppc64le.rpm pgvector-devel-0.8.2-160000.1.1.s390x.rpm postgresql13-pgvector-0.8.2-160000.1.1.s390x.rpm postgresql14-pgvector-0.8.2-160000.1.1.s390x.rpm postgresql15-pgvector-0.8.2-160000.1.1.s390x.rpm postgresql16-pgvector-0.8.2-160000.1.1.s390x.rpm postgresql17-pgvector-0.8.2-160000.1.1.s390x.rpm postgresql18-pgvector-0.8.2-160000.1.1.s390x.rpm pgvector-devel-0.8.2-160000.1.1.x86_64.rpm postgresql13-pgvector-0.8.2-160000.1.1.x86_64.rpm postgresql14-pgvector-0.8.2-160000.1.1.x86_64.rpm postgresql15-pgvector-0.8.2-160000.1.1.x86_64.rpm postgresql16-pgvector-0.8.2-160000.1.1.x86_64.rpm postgresql17-pgvector-0.8.2-160000.1.1.x86_64.rpm postgresql18-pgvector-0.8.2-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-505 Recommended update for llvm17 moderate SUSE SLFO 1.2 This update for llvm17 fixes the following issues: - Fix build with glibc 2.42 (bsc#1247576) - Disable ASLR during build to make libomp.so reproducible (bsc#1199076) - Replace usage of %jobs for reproducible builds (bsc#1237231) - Fix build with GCC 15 clang17-17.0.6-160000.3.1.aarch64.rpm clang17-devel-17.0.6-160000.3.1.aarch64.rpm clang17-doc-17.0.6-160000.3.1.noarch.rpm libLLVM17-17.0.6-160000.3.1.aarch64.rpm libLTO17-17.0.6-160000.3.1.aarch64.rpm libclang-cpp17-17.0.6-160000.3.1.aarch64.rpm liblldb17-17.0.6-160000.3.1.aarch64.rpm libomp17-devel-17.0.6-160000.3.1.aarch64.rpm lld17-17.0.6-160000.3.1.aarch64.rpm lldb17-17.0.6-160000.3.1.aarch64.rpm lldb17-devel-17.0.6-160000.3.1.aarch64.rpm llvm17-17.0.6-160000.3.1.aarch64.rpm llvm17-devel-17.0.6-160000.3.1.aarch64.rpm llvm17-doc-17.0.6-160000.3.1.noarch.rpm llvm17-gold-17.0.6-160000.3.1.aarch64.rpm llvm17-libc++-devel-17.0.6-160000.3.1.aarch64.rpm llvm17-libc++1-17.0.6-160000.3.1.aarch64.rpm llvm17-libc++abi-devel-17.0.6-160000.3.1.aarch64.rpm llvm17-libc++abi1-17.0.6-160000.3.1.aarch64.rpm llvm17-libclang13-17.0.6-160000.3.1.aarch64.rpm llvm17-opt-viewer-17.0.6-160000.3.1.noarch.rpm llvm17-polly-17.0.6-160000.3.1.aarch64.rpm llvm17-polly-devel-17.0.6-160000.3.1.aarch64.rpm llvm17-vim-plugins-17.0.6-160000.3.1.noarch.rpm python3-clang17-17.0.6-160000.3.1.noarch.rpm python3-lldb17-17.0.6-160000.3.1.aarch64.rpm clang17-17.0.6-160000.3.1.ppc64le.rpm clang17-devel-17.0.6-160000.3.1.ppc64le.rpm libLLVM17-17.0.6-160000.3.1.ppc64le.rpm libLTO17-17.0.6-160000.3.1.ppc64le.rpm libclang-cpp17-17.0.6-160000.3.1.ppc64le.rpm liblldb17-17.0.6-160000.3.1.ppc64le.rpm libomp17-devel-17.0.6-160000.3.1.ppc64le.rpm lld17-17.0.6-160000.3.1.ppc64le.rpm lldb17-17.0.6-160000.3.1.ppc64le.rpm lldb17-devel-17.0.6-160000.3.1.ppc64le.rpm llvm17-17.0.6-160000.3.1.ppc64le.rpm llvm17-devel-17.0.6-160000.3.1.ppc64le.rpm llvm17-gold-17.0.6-160000.3.1.ppc64le.rpm llvm17-libclang13-17.0.6-160000.3.1.ppc64le.rpm llvm17-polly-17.0.6-160000.3.1.ppc64le.rpm llvm17-polly-devel-17.0.6-160000.3.1.ppc64le.rpm python3-lldb17-17.0.6-160000.3.1.ppc64le.rpm clang17-17.0.6-160000.3.1.s390x.rpm clang17-devel-17.0.6-160000.3.1.s390x.rpm libLLVM17-17.0.6-160000.3.1.s390x.rpm libLTO17-17.0.6-160000.3.1.s390x.rpm libclang-cpp17-17.0.6-160000.3.1.s390x.rpm liblldb17-17.0.6-160000.3.1.s390x.rpm lld17-17.0.6-160000.3.1.s390x.rpm lldb17-17.0.6-160000.3.1.s390x.rpm lldb17-devel-17.0.6-160000.3.1.s390x.rpm llvm17-17.0.6-160000.3.1.s390x.rpm llvm17-devel-17.0.6-160000.3.1.s390x.rpm llvm17-gold-17.0.6-160000.3.1.s390x.rpm llvm17-libclang13-17.0.6-160000.3.1.s390x.rpm llvm17-polly-17.0.6-160000.3.1.s390x.rpm llvm17-polly-devel-17.0.6-160000.3.1.s390x.rpm python3-lldb17-17.0.6-160000.3.1.s390x.rpm clang17-17.0.6-160000.3.1.x86_64.rpm clang17-devel-17.0.6-160000.3.1.x86_64.rpm libLLVM17-17.0.6-160000.3.1.x86_64.rpm libLTO17-17.0.6-160000.3.1.x86_64.rpm libclang-cpp17-17.0.6-160000.3.1.x86_64.rpm liblldb17-17.0.6-160000.3.1.x86_64.rpm libomp17-devel-17.0.6-160000.3.1.x86_64.rpm lld17-17.0.6-160000.3.1.x86_64.rpm lldb17-17.0.6-160000.3.1.x86_64.rpm lldb17-devel-17.0.6-160000.3.1.x86_64.rpm llvm17-17.0.6-160000.3.1.x86_64.rpm llvm17-devel-17.0.6-160000.3.1.x86_64.rpm llvm17-gold-17.0.6-160000.3.1.x86_64.rpm llvm17-libc++-devel-17.0.6-160000.3.1.x86_64.rpm llvm17-libc++1-17.0.6-160000.3.1.x86_64.rpm llvm17-libc++abi-devel-17.0.6-160000.3.1.x86_64.rpm llvm17-libc++abi1-17.0.6-160000.3.1.x86_64.rpm llvm17-libclang13-17.0.6-160000.3.1.x86_64.rpm llvm17-polly-17.0.6-160000.3.1.x86_64.rpm llvm17-polly-devel-17.0.6-160000.3.1.x86_64.rpm python3-lldb17-17.0.6-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-506 Recommended update for perf moderate SUSE SLFO 1.2 This update for perf fixes the following issues: - perf list: Add IBM z17 event descriptions (jsc#PED-13611) - perf hwmon_pmu: Fix uninitialized variable warning - perf test: Fix a build error in x86 topdown test - perf bpf-utils: Harden get_bpf_prog_info_linear - perf bpf-utils: Constify bpil_array_desc - perf bpf-event: Fix use-after-free in synthesis - perf symbol-minimal: Fix ehdr reading in filename__read_build_id - perf record: Cache build-ID of hit DSOs only - perf topdown: Use attribute to see an event is a topdown metic or slots - perf hwmon_pmu: Avoid shortening hwmon PMU name - perf tests bp_account: Fix leaked file descriptor - perf sched: Fix memory leaks in 'perf sched latency' - perf sched: Use RC_CHK_EQUAL() to compare pointers - perf sched: Fix memory leaks for evsel: priv in timehist - perf sched: Fix thread leaks in 'perf sched timehist' - perf sched: Fix memory leaks in 'perf sched map' - perf sched: Free thread: priv using priv_destructor - perf sched: Make sure it frees the usage string - perf dso: Add missed dso__put to dso__load_kcore - perf parse-events: Set default GH modifier properly - perf trace: Remove --map-dump documentation perf-6.12.0.git15644.f62e448821-160000.1.1.aarch64.rpm perf-bash-completion-6.12.0.git15644.f62e448821-160000.1.1.aarch64.rpm perf-devel-6.12.0.git15644.f62e448821-160000.1.1.aarch64.rpm perf-gtk-6.12.0.git15644.f62e448821-160000.1.1.aarch64.rpm perf-6.12.0.git15644.f62e448821-160000.1.1.ppc64le.rpm perf-bash-completion-6.12.0.git15644.f62e448821-160000.1.1.ppc64le.rpm perf-devel-6.12.0.git15644.f62e448821-160000.1.1.ppc64le.rpm perf-gtk-6.12.0.git15644.f62e448821-160000.1.1.ppc64le.rpm perf-6.12.0.git15644.f62e448821-160000.1.1.s390x.rpm perf-bash-completion-6.12.0.git15644.f62e448821-160000.1.1.s390x.rpm perf-devel-6.12.0.git15644.f62e448821-160000.1.1.s390x.rpm perf-gtk-6.12.0.git15644.f62e448821-160000.1.1.s390x.rpm perf-6.12.0.git15644.f62e448821-160000.1.1.x86_64.rpm perf-bash-completion-6.12.0.git15644.f62e448821-160000.1.1.x86_64.rpm perf-devel-6.12.0.git15644.f62e448821-160000.1.1.x86_64.rpm perf-gtk-6.12.0.git15644.f62e448821-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-507 Recommended update for PackageKit moderate SUSE SLFO 1.2 This update for PackageKit fixes the following issues: Changes in PackageKit: - Add PackageKit zypp parallel package downloads. zypp: Implement parallel downloading (bsc#1244920). PackageKit-1.2.8-160000.3.1.aarch64.rpm PackageKit-backend-dnf-1.2.8-160000.3.1.aarch64.rpm PackageKit-backend-zypp-1.2.8-160000.3.1.aarch64.rpm PackageKit-branding-upstream-1.2.8-160000.3.1.noarch.rpm PackageKit-devel-1.2.8-160000.3.1.aarch64.rpm PackageKit-gstreamer-plugin-1.2.8-160000.3.1.aarch64.rpm PackageKit-gtk3-module-1.2.8-160000.3.1.aarch64.rpm PackageKit-lang-1.2.8-160000.3.1.noarch.rpm libpackagekit-glib2-18-1.2.8-160000.3.1.aarch64.rpm libpackagekit-glib2-devel-1.2.8-160000.3.1.aarch64.rpm typelib-1_0-PackageKitGlib-1_0-1.2.8-160000.3.1.aarch64.rpm PackageKit-1.2.8-160000.3.1.ppc64le.rpm PackageKit-backend-dnf-1.2.8-160000.3.1.ppc64le.rpm PackageKit-backend-zypp-1.2.8-160000.3.1.ppc64le.rpm PackageKit-devel-1.2.8-160000.3.1.ppc64le.rpm PackageKit-gstreamer-plugin-1.2.8-160000.3.1.ppc64le.rpm PackageKit-gtk3-module-1.2.8-160000.3.1.ppc64le.rpm libpackagekit-glib2-18-1.2.8-160000.3.1.ppc64le.rpm libpackagekit-glib2-devel-1.2.8-160000.3.1.ppc64le.rpm typelib-1_0-PackageKitGlib-1_0-1.2.8-160000.3.1.ppc64le.rpm PackageKit-1.2.8-160000.3.1.s390x.rpm PackageKit-backend-dnf-1.2.8-160000.3.1.s390x.rpm PackageKit-backend-zypp-1.2.8-160000.3.1.s390x.rpm PackageKit-devel-1.2.8-160000.3.1.s390x.rpm PackageKit-gstreamer-plugin-1.2.8-160000.3.1.s390x.rpm PackageKit-gtk3-module-1.2.8-160000.3.1.s390x.rpm libpackagekit-glib2-18-1.2.8-160000.3.1.s390x.rpm libpackagekit-glib2-devel-1.2.8-160000.3.1.s390x.rpm typelib-1_0-PackageKitGlib-1_0-1.2.8-160000.3.1.s390x.rpm PackageKit-1.2.8-160000.3.1.x86_64.rpm PackageKit-backend-dnf-1.2.8-160000.3.1.x86_64.rpm PackageKit-backend-zypp-1.2.8-160000.3.1.x86_64.rpm PackageKit-devel-1.2.8-160000.3.1.x86_64.rpm PackageKit-gstreamer-plugin-1.2.8-160000.3.1.x86_64.rpm PackageKit-gtk3-module-1.2.8-160000.3.1.x86_64.rpm libpackagekit-glib2-18-1.2.8-160000.3.1.x86_64.rpm libpackagekit-glib2-devel-1.2.8-160000.3.1.x86_64.rpm typelib-1_0-PackageKitGlib-1_0-1.2.8-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-508 Optional update for synce4l, gpsd moderate SUSE SLFO 1.2 This update for synce4l, gpsd fixes the following issues: synce4l and gpsd are shipped to SLES and SL Micro. (jsc#PED-15929) synce4l-1.1.1-160000.1.1.aarch64.rpm gpsd-3.27.5-160000.1.1.aarch64.rpm gpsd-clients-3.27.5-160000.1.1.aarch64.rpm gpsd-devel-3.27.5-160000.1.1.aarch64.rpm gpsd-qt6-devel-3.27.5-160000.1.1.aarch64.rpm libQgpsmm32-3.27.5-160000.1.1.aarch64.rpm libgps32-3.27.5-160000.1.1.aarch64.rpm python3-gpsd-3.27.5-160000.1.1.aarch64.rpm synce4l-1.1.1-160000.1.1.ppc64le.rpm gpsd-3.27.5-160000.1.1.ppc64le.rpm gpsd-clients-3.27.5-160000.1.1.ppc64le.rpm gpsd-devel-3.27.5-160000.1.1.ppc64le.rpm gpsd-qt6-devel-3.27.5-160000.1.1.ppc64le.rpm libQgpsmm32-3.27.5-160000.1.1.ppc64le.rpm libgps32-3.27.5-160000.1.1.ppc64le.rpm python3-gpsd-3.27.5-160000.1.1.ppc64le.rpm synce4l-1.1.1-160000.1.1.s390x.rpm gpsd-3.27.5-160000.1.1.s390x.rpm gpsd-clients-3.27.5-160000.1.1.s390x.rpm gpsd-devel-3.27.5-160000.1.1.s390x.rpm gpsd-qt6-devel-3.27.5-160000.1.1.s390x.rpm libQgpsmm32-3.27.5-160000.1.1.s390x.rpm libgps32-3.27.5-160000.1.1.s390x.rpm python3-gpsd-3.27.5-160000.1.1.s390x.rpm synce4l-1.1.1-160000.1.1.x86_64.rpm gpsd-3.27.5-160000.1.1.x86_64.rpm gpsd-clients-3.27.5-160000.1.1.x86_64.rpm gpsd-devel-3.27.5-160000.1.1.x86_64.rpm gpsd-qt6-devel-3.27.5-160000.1.1.x86_64.rpm libQgpsmm32-3.27.5-160000.1.1.x86_64.rpm libgps32-3.27.5-160000.1.1.x86_64.rpm python3-gpsd-3.27.5-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-509 Recommended update for quota moderate SUSE SLFO 1.2 This update for quota fixes the following issues: - Remove `PrivateDevices` systemd hardening from quotad.service because it needs access to block devices in /dev (bsc#1254310). quota-4.09-160000.3.1.aarch64.rpm quota-nfs-4.09-160000.3.1.aarch64.rpm quota-4.09-160000.3.1.ppc64le.rpm quota-nfs-4.09-160000.3.1.ppc64le.rpm quota-4.09-160000.3.1.s390x.rpm quota-nfs-4.09-160000.3.1.s390x.rpm quota-4.09-160000.3.1.x86_64.rpm quota-nfs-4.09-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-510 Security update for util-linux moderate SUSE SLFO 1.2 This update for util-linux fixes the following issues: Security issues: - CVE-2025-14104: heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). - CVE-2026-3184: access control bypass due to improper hostname canonicalization in `login` (bsc#1258859). Non security issues: - fdisk: Fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465). - lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682). libblkid-devel-2.41.1-160000.3.1.aarch64.rpm libblkid-devel-static-2.41.1-160000.3.1.aarch64.rpm libblkid1-2.41.1-160000.3.1.aarch64.rpm libfdisk-devel-2.41.1-160000.3.1.aarch64.rpm libfdisk-devel-static-2.41.1-160000.3.1.aarch64.rpm libfdisk1-2.41.1-160000.3.1.aarch64.rpm libmount-devel-2.41.1-160000.3.1.aarch64.rpm libmount-devel-static-2.41.1-160000.3.1.aarch64.rpm libmount1-2.41.1-160000.3.1.aarch64.rpm libsmartcols-devel-2.41.1-160000.3.1.aarch64.rpm libsmartcols-devel-static-2.41.1-160000.3.1.aarch64.rpm libsmartcols1-2.41.1-160000.3.1.aarch64.rpm libuuid-devel-2.41.1-160000.3.1.aarch64.rpm libuuid-devel-static-2.41.1-160000.3.1.aarch64.rpm libuuid1-2.41.1-160000.3.1.aarch64.rpm util-linux-2.41.1-160000.3.1.aarch64.rpm util-linux-lang-2.41.1-160000.3.1.noarch.rpm python313-libmount-2.41.1-160000.3.1.aarch64.rpm lastlog2-2.41.1-160000.3.1.aarch64.rpm liblastlog2-2-2.41.1-160000.3.1.aarch64.rpm liblastlog2-devel-2.41.1-160000.3.1.aarch64.rpm util-linux-systemd-2.41.1-160000.3.1.aarch64.rpm util-linux-tty-tools-2.41.1-160000.3.1.aarch64.rpm uuidd-2.41.1-160000.3.1.aarch64.rpm libblkid-devel-2.41.1-160000.3.1.ppc64le.rpm libblkid-devel-static-2.41.1-160000.3.1.ppc64le.rpm libblkid1-2.41.1-160000.3.1.ppc64le.rpm libfdisk-devel-2.41.1-160000.3.1.ppc64le.rpm libfdisk-devel-static-2.41.1-160000.3.1.ppc64le.rpm libfdisk1-2.41.1-160000.3.1.ppc64le.rpm libmount-devel-2.41.1-160000.3.1.ppc64le.rpm libmount-devel-static-2.41.1-160000.3.1.ppc64le.rpm libmount1-2.41.1-160000.3.1.ppc64le.rpm libsmartcols-devel-2.41.1-160000.3.1.ppc64le.rpm libsmartcols-devel-static-2.41.1-160000.3.1.ppc64le.rpm libsmartcols1-2.41.1-160000.3.1.ppc64le.rpm libuuid-devel-2.41.1-160000.3.1.ppc64le.rpm libuuid-devel-static-2.41.1-160000.3.1.ppc64le.rpm libuuid1-2.41.1-160000.3.1.ppc64le.rpm util-linux-2.41.1-160000.3.1.ppc64le.rpm python313-libmount-2.41.1-160000.3.1.ppc64le.rpm lastlog2-2.41.1-160000.3.1.ppc64le.rpm liblastlog2-2-2.41.1-160000.3.1.ppc64le.rpm liblastlog2-devel-2.41.1-160000.3.1.ppc64le.rpm util-linux-systemd-2.41.1-160000.3.1.ppc64le.rpm util-linux-tty-tools-2.41.1-160000.3.1.ppc64le.rpm uuidd-2.41.1-160000.3.1.ppc64le.rpm libblkid-devel-2.41.1-160000.3.1.s390x.rpm libblkid-devel-static-2.41.1-160000.3.1.s390x.rpm libblkid1-2.41.1-160000.3.1.s390x.rpm libfdisk-devel-2.41.1-160000.3.1.s390x.rpm libfdisk-devel-static-2.41.1-160000.3.1.s390x.rpm libfdisk1-2.41.1-160000.3.1.s390x.rpm libmount-devel-2.41.1-160000.3.1.s390x.rpm libmount-devel-static-2.41.1-160000.3.1.s390x.rpm libmount1-2.41.1-160000.3.1.s390x.rpm libsmartcols-devel-2.41.1-160000.3.1.s390x.rpm libsmartcols-devel-static-2.41.1-160000.3.1.s390x.rpm libsmartcols1-2.41.1-160000.3.1.s390x.rpm libuuid-devel-2.41.1-160000.3.1.s390x.rpm libuuid-devel-static-2.41.1-160000.3.1.s390x.rpm libuuid1-2.41.1-160000.3.1.s390x.rpm util-linux-2.41.1-160000.3.1.s390x.rpm util-linux-extra-2.41.1-160000.3.1.s390x.rpm python313-libmount-2.41.1-160000.3.1.s390x.rpm lastlog2-2.41.1-160000.3.1.s390x.rpm liblastlog2-2-2.41.1-160000.3.1.s390x.rpm liblastlog2-devel-2.41.1-160000.3.1.s390x.rpm util-linux-systemd-2.41.1-160000.3.1.s390x.rpm util-linux-tty-tools-2.41.1-160000.3.1.s390x.rpm uuidd-2.41.1-160000.3.1.s390x.rpm libblkid-devel-2.41.1-160000.3.1.x86_64.rpm libblkid-devel-static-2.41.1-160000.3.1.x86_64.rpm libblkid1-2.41.1-160000.3.1.x86_64.rpm libfdisk-devel-2.41.1-160000.3.1.x86_64.rpm libfdisk-devel-static-2.41.1-160000.3.1.x86_64.rpm libfdisk1-2.41.1-160000.3.1.x86_64.rpm libmount-devel-2.41.1-160000.3.1.x86_64.rpm libmount-devel-static-2.41.1-160000.3.1.x86_64.rpm libmount1-2.41.1-160000.3.1.x86_64.rpm libsmartcols-devel-2.41.1-160000.3.1.x86_64.rpm libsmartcols-devel-static-2.41.1-160000.3.1.x86_64.rpm libsmartcols1-2.41.1-160000.3.1.x86_64.rpm libuuid-devel-2.41.1-160000.3.1.x86_64.rpm libuuid-devel-static-2.41.1-160000.3.1.x86_64.rpm libuuid1-2.41.1-160000.3.1.x86_64.rpm util-linux-2.41.1-160000.3.1.x86_64.rpm python313-libmount-2.41.1-160000.3.1.x86_64.rpm lastlog2-2.41.1-160000.3.1.x86_64.rpm liblastlog2-2-2.41.1-160000.3.1.x86_64.rpm liblastlog2-devel-2.41.1-160000.3.1.x86_64.rpm util-linux-systemd-2.41.1-160000.3.1.x86_64.rpm util-linux-tty-tools-2.41.1-160000.3.1.x86_64.rpm uuidd-2.41.1-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-511 Security update for go1.25 moderate SUSE SLFO 1.2 This update for go1.25 fixes the following issues: Update to go1.25.8 (bsc#1244485): - CVE-2026-25679: net/url: reject IPv6 literal not at start of host (bsc#1259264). - CVE-2026-27139: os: FileInfo can escape from a Root (bsc#1259268). - CVE-2026-27142: html/template: URLs in meta content attribute actions are not escaped (bsc#1259265). Changelog: * go#77253 cmd/compile: miscompile of global array initialization * go#77406 os: Go 1.25.x regression on RemoveAll for windows * go#77413 runtime: netpollinit() incorrectly prints the error from linux.Eventfd * go#77438 cmd/go: CGO compilation fails after upgrading from Go 1.25.5 to 1.25.6 due to --define-variable flag in pkg-config * go#77531 net/smtp: expiry date of localhostCert for testing is too short go1.25-1.25.8-160000.1.1.aarch64.rpm go1.25-doc-1.25.8-160000.1.1.aarch64.rpm go1.25-libstd-1.25.8-160000.1.1.aarch64.rpm go1.25-race-1.25.8-160000.1.1.aarch64.rpm go1.25-1.25.8-160000.1.1.ppc64le.rpm go1.25-doc-1.25.8-160000.1.1.ppc64le.rpm go1.25-race-1.25.8-160000.1.1.ppc64le.rpm go1.25-1.25.8-160000.1.1.s390x.rpm go1.25-doc-1.25.8-160000.1.1.s390x.rpm go1.25-race-1.25.8-160000.1.1.s390x.rpm go1.25-1.25.8-160000.1.1.x86_64.rpm go1.25-doc-1.25.8-160000.1.1.x86_64.rpm go1.25-libstd-1.25.8-160000.1.1.x86_64.rpm go1.25-race-1.25.8-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-512 Security update for python-gi-docgen moderate SUSE SLFO 1.2 This update for python-gi-docgen fixes the following issues: - CVE-2025-11687: Fixed reflected DOM XSS (bsc#1251961) python3-gi-docgen-2025.5-160000.1.1.noarch.rpm openSUSE-Leap-16.0-513 Recommended update for linux-glibc-devel moderate SUSE SLFO 1.2 This update for linux-glibc-devel fixes the following issues: Changes in linux-glibc-devel: - Sync with SLES 16.0 update kernel (6.12.0-160000.6) (bsc#1253334) cross-aarch64-linux-glibc-devel-6.12-160000.3.1.noarch.rpm cross-arm-linux-glibc-devel-6.12-160000.3.1.noarch.rpm cross-hppa-linux-glibc-devel-6.12-160000.3.1.noarch.rpm cross-i386-linux-glibc-devel-6.12-160000.3.1.noarch.rpm cross-m68k-linux-glibc-devel-6.12-160000.3.1.noarch.rpm cross-mips-linux-glibc-devel-6.12-160000.3.1.noarch.rpm cross-ppc64-linux-glibc-devel-6.12-160000.3.1.noarch.rpm cross-ppc64le-linux-glibc-devel-6.12-160000.3.1.noarch.rpm cross-riscv64-linux-glibc-devel-6.12-160000.3.1.noarch.rpm cross-s390x-linux-glibc-devel-6.12-160000.3.1.noarch.rpm cross-sparc-linux-glibc-devel-6.12-160000.3.1.noarch.rpm cross-sparc64-linux-glibc-devel-6.12-160000.3.1.noarch.rpm cross-x86_64-linux-glibc-devel-6.12-160000.3.1.noarch.rpm linux-glibc-devel-6.12-160000.3.1.aarch64.rpm linux-glibc-devel-6.12-160000.3.1.ppc64le.rpm linux-glibc-devel-6.12-160000.3.1.s390x.rpm linux-glibc-devel-6.12-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-514 Security update for ovmf moderate SUSE SLFO 1.2 This update for ovmf fixes the following issue: - CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error reporting (bsc#1252441). ovmf-202502-160000.4.1.aarch64.rpm ovmf-tools-202502-160000.4.1.aarch64.rpm qemu-ovmf-ia32-202502-160000.4.1.noarch.rpm qemu-ovmf-x86_64-202502-160000.4.1.noarch.rpm qemu-uefi-aarch32-202502-160000.4.1.noarch.rpm qemu-uefi-aarch64-202502-160000.4.1.noarch.rpm qemu-uefi-riscv64-202502-160000.4.1.noarch.rpm ovmf-202502-160000.4.1.x86_64.rpm ovmf-tools-202502-160000.4.1.x86_64.rpm qemu-ovmf-x86_64-debug-202502-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-515 Recommended update for agama moderate SUSE SLFO 1.2 This update for agama fixes the following issue: Change in agama: - Add error reporting when working with AutoYaST profiles (bsc#1259434). agama-17+502.a135c718e-160000.8.1.aarch64.rpm agama-autoinstall-17+502.a135c718e-160000.8.1.aarch64.rpm agama-cli-17+502.a135c718e-160000.8.1.aarch64.rpm agama-cli-bash-completion-17+502.a135c718e-160000.8.1.noarch.rpm agama-cli-fish-completion-17+502.a135c718e-160000.8.1.noarch.rpm agama-cli-zsh-completion-17+502.a135c718e-160000.8.1.noarch.rpm agama-openapi-17+502.a135c718e-160000.8.1.aarch64.rpm agama-scripts-17+502.a135c718e-160000.8.1.aarch64.rpm agama-17+502.a135c718e-160000.8.1.ppc64le.rpm agama-autoinstall-17+502.a135c718e-160000.8.1.ppc64le.rpm agama-cli-17+502.a135c718e-160000.8.1.ppc64le.rpm agama-openapi-17+502.a135c718e-160000.8.1.ppc64le.rpm agama-scripts-17+502.a135c718e-160000.8.1.ppc64le.rpm agama-17+502.a135c718e-160000.8.1.s390x.rpm agama-autoinstall-17+502.a135c718e-160000.8.1.s390x.rpm agama-cli-17+502.a135c718e-160000.8.1.s390x.rpm agama-openapi-17+502.a135c718e-160000.8.1.s390x.rpm agama-scripts-17+502.a135c718e-160000.8.1.s390x.rpm agama-17+502.a135c718e-160000.8.1.x86_64.rpm agama-autoinstall-17+502.a135c718e-160000.8.1.x86_64.rpm agama-cli-17+502.a135c718e-160000.8.1.x86_64.rpm agama-openapi-17+502.a135c718e-160000.8.1.x86_64.rpm agama-scripts-17+502.a135c718e-160000.8.1.x86_64.rpm openSUSE-Leap-16.0-516 Security update for glibc important SUSE SLFO 1.2 This update for glibc fixes the following issues: Security fixes: - CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078). - CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082). Other fixes: - nss: Missing checks in __nss_configure_lookup, __nss_database_get (bsc#1258319). glibc-2.40-160000.4.1.aarch64.rpm glibc-devel-2.40-160000.4.1.aarch64.rpm glibc-devel-static-2.40-160000.4.1.aarch64.rpm glibc-extra-2.40-160000.4.1.aarch64.rpm glibc-gconv-modules-extra-2.40-160000.4.1.aarch64.rpm glibc-html-2.40-160000.4.1.noarch.rpm glibc-i18ndata-2.40-160000.4.1.noarch.rpm glibc-info-2.40-160000.4.1.noarch.rpm glibc-lang-2.40-160000.4.1.noarch.rpm glibc-locale-2.40-160000.4.1.aarch64.rpm glibc-locale-base-2.40-160000.4.1.aarch64.rpm glibc-profile-2.40-160000.4.1.aarch64.rpm cross-ppc64le-glibc-devel-2.40-160000.4.1.noarch.rpm cross-riscv64-glibc-devel-2.40-160000.4.1.noarch.rpm cross-s390x-glibc-devel-2.40-160000.4.1.noarch.rpm glibc-utils-2.40-160000.4.1.aarch64.rpm glibc-2.40-160000.4.1.ppc64le.rpm glibc-devel-2.40-160000.4.1.ppc64le.rpm glibc-devel-static-2.40-160000.4.1.ppc64le.rpm glibc-extra-2.40-160000.4.1.ppc64le.rpm glibc-gconv-modules-extra-2.40-160000.4.1.ppc64le.rpm glibc-locale-2.40-160000.4.1.ppc64le.rpm glibc-locale-base-2.40-160000.4.1.ppc64le.rpm glibc-profile-2.40-160000.4.1.ppc64le.rpm cross-aarch64-glibc-devel-2.40-160000.4.1.noarch.rpm glibc-utils-2.40-160000.4.1.ppc64le.rpm glibc-2.40-160000.4.1.s390x.rpm glibc-devel-2.40-160000.4.1.s390x.rpm glibc-devel-static-2.40-160000.4.1.s390x.rpm glibc-extra-2.40-160000.4.1.s390x.rpm glibc-gconv-modules-extra-2.40-160000.4.1.s390x.rpm glibc-locale-2.40-160000.4.1.s390x.rpm glibc-locale-base-2.40-160000.4.1.s390x.rpm glibc-profile-2.40-160000.4.1.s390x.rpm glibc-utils-2.40-160000.4.1.s390x.rpm glibc-2.40-160000.4.1.x86_64.rpm glibc-devel-2.40-160000.4.1.x86_64.rpm glibc-devel-static-2.40-160000.4.1.x86_64.rpm glibc-extra-2.40-160000.4.1.x86_64.rpm glibc-gconv-modules-extra-2.40-160000.4.1.x86_64.rpm glibc-locale-2.40-160000.4.1.x86_64.rpm glibc-locale-base-2.40-160000.4.1.x86_64.rpm glibc-profile-2.40-160000.4.1.x86_64.rpm glibc-utils-2.40-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-518 Security update for cockpit-podman important SUSE SLFO 1.2 This update for cockpit-podman fixes the following issues: - CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process (bsc#1257836). - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258641). cockpit-podman-117-160000.2.1.noarch.rpm openSUSE-Leap-16.0-519 Security update for cockpit-machines important SUSE SLFO 1.2 This update for cockpit-machines fixes the following issues: - CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash a Node.js process (bsc#1257836). - CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character that doesn't appear in the test string can lead to ReDoS (bsc#1258641). cockpit-machines-346-160000.2.1.noarch.rpm openSUSE-Leap-16.0-52 Security update for lasso critical SUSE SLFO 1.2 This update for lasso fixes the following issues: - CVE-2025-46404: specially crafted SAML response can lead to a denial of service (bsc#1253092). - CVE-2025-46705: specially crafted SAML assertion response can lead to a denial of service (bsc#1253093). - CVE-2025-47151: type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality can lead to an arbitrary code execution (bsc#1253095). liblasso-devel-2.8.2-160000.3.1.aarch64.rpm liblasso3-2.8.2-160000.3.1.aarch64.rpm python3-lasso-2.8.2-160000.3.1.aarch64.rpm liblasso-devel-2.8.2-160000.3.1.ppc64le.rpm liblasso3-2.8.2-160000.3.1.ppc64le.rpm python3-lasso-2.8.2-160000.3.1.ppc64le.rpm liblasso-devel-2.8.2-160000.3.1.s390x.rpm liblasso3-2.8.2-160000.3.1.s390x.rpm python3-lasso-2.8.2-160000.3.1.s390x.rpm liblasso-devel-2.8.2-160000.3.1.x86_64.rpm liblasso3-2.8.2-160000.3.1.x86_64.rpm python3-lasso-2.8.2-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-520 Security update for cockpit important SUSE SLFO 1.2 This update for cockpit fixes the following issues: - CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash a Node.js process (bsc#1257836). - CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character that doesn't appear in the test string can lead to ReDoS (bsc#1258641). cockpit-354-160000.2.1.aarch64.rpm cockpit-bridge-354-160000.2.1.noarch.rpm cockpit-devel-354-160000.2.1.aarch64.rpm cockpit-doc-354-160000.2.1.noarch.rpm cockpit-firewalld-354-160000.2.1.noarch.rpm cockpit-kdump-354-160000.2.1.noarch.rpm cockpit-networkmanager-354-160000.2.1.noarch.rpm cockpit-packagekit-354-160000.2.1.noarch.rpm cockpit-selinux-354-160000.2.1.noarch.rpm cockpit-storaged-354-160000.2.1.noarch.rpm cockpit-system-354-160000.2.1.noarch.rpm cockpit-ws-354-160000.2.1.aarch64.rpm cockpit-ws-selinux-354-160000.2.1.aarch64.rpm cockpit-354-160000.2.1.ppc64le.rpm cockpit-devel-354-160000.2.1.ppc64le.rpm cockpit-ws-354-160000.2.1.ppc64le.rpm cockpit-ws-selinux-354-160000.2.1.ppc64le.rpm cockpit-354-160000.2.1.s390x.rpm cockpit-devel-354-160000.2.1.s390x.rpm cockpit-ws-354-160000.2.1.s390x.rpm cockpit-ws-selinux-354-160000.2.1.s390x.rpm cockpit-354-160000.2.1.x86_64.rpm cockpit-devel-354-160000.2.1.x86_64.rpm cockpit-ws-354-160000.2.1.x86_64.rpm cockpit-ws-selinux-354-160000.2.1.x86_64.rpm openSUSE-Leap-16.0-521 Security update for corosync important SUSE SLFO 1.2 This update for corosync fixes the following issues: - CVE-2026-35091: Denial of Service and information disclosure via crafted UDP packet (bsc#1261299). - CVE-2026-35092: Denial of Service via integer overflow in join message validation (bsc#1261300). corosync-3.1.9-160000.3.1.aarch64.rpm corosync-devel-3.1.9-160000.3.1.aarch64.rpm corosync-libs-3.1.9-160000.3.1.aarch64.rpm corosync-3.1.9-160000.3.1.ppc64le.rpm corosync-devel-3.1.9-160000.3.1.ppc64le.rpm corosync-libs-3.1.9-160000.3.1.ppc64le.rpm corosync-3.1.9-160000.3.1.s390x.rpm corosync-devel-3.1.9-160000.3.1.s390x.rpm corosync-libs-3.1.9-160000.3.1.s390x.rpm corosync-3.1.9-160000.3.1.x86_64.rpm corosync-devel-3.1.9-160000.3.1.x86_64.rpm corosync-libs-3.1.9-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-522 Security update for python-cryptography important SUSE SLFO 1.2 This update for python-cryptography fixes the following issues: - CVE-2026-34073: Fixed X.509 bypass of name constraints on wildcard SANs with matching peer names. (bsc#1260876) - CVE-2026-26007: missing validation can lead to security issues for signature verification (ECDSA) and shared key negotiation (ECDH) (bsc#1258074). python313-cryptography-44.0.3-160000.3.1.aarch64.rpm python313-cryptography-44.0.3-160000.3.1.ppc64le.rpm python313-cryptography-44.0.3-160000.3.1.s390x.rpm python313-cryptography-44.0.3-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-523 Recommended update for nvidia-open-driver-G07-signed moderate SUSE SLFO 1.2 This update for nvidia-open-driver-G07-signed fixes the following issues: - adding 'ExcludeArch: %ix86 s390x ppc64le' to no longer get autoclines by buildservice hoping that this wont't break RPM descriptions for -cuda variant again - update CUDA variant to 595.58.03 - update non-CUDA version to 595.58.03 (bsc#1260044) - do not set ExclusiveArch in order to fix RPM description for -cuda variant (bsc#1259719) - improved RPM description for -cuda and non-cuda variant - add 'Provides: open-driver-non-cuda-variant = %version' for non-CUDA variant to be able: * to distinguish between both variants; * to be used by nvidia-open-driver-G07-signed-kmp-meta for TW nvidia-open-driver-G07-signed-64kb-devel-595.58.03-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-check-595.58.03-160000.1.1.noarch.rpm nvidia-open-driver-G07-signed-default-devel-595.58.03-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-kmp-64kb-595.58.03_k6.12.0_160000.27-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-kmp-default-595.58.03_k6.12.0_160000.27-160000.1.1.aarch64.rpm nv-prefer-signed-open-driver-G07-595.58.03-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-cuda-64kb-devel-595.58.03-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-cuda-check-595.58.03-160000.1.1.noarch.rpm nvidia-open-driver-G07-signed-cuda-default-devel-595.58.03-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-cuda-kmp-64kb-595.58.03_k6.12.0_160000.27-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-cuda-kmp-default-595.58.03_k6.12.0_160000.27-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-default-devel-595.58.03-160000.1.1.x86_64.rpm nvidia-open-driver-G07-signed-kmp-default-595.58.03_k6.12.0_160000.27-160000.1.1.x86_64.rpm nv-prefer-signed-open-driver-G07-595.58.03-160000.1.1.x86_64.rpm nvidia-open-driver-G07-signed-cuda-default-devel-595.58.03-160000.1.1.x86_64.rpm nvidia-open-driver-G07-signed-cuda-kmp-default-595.58.03_k6.12.0_160000.27-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-524 Recommended update for read-only-root-fs moderate SUSE SLFO 1.2 This update for read-only-root-fs fixes the following issues: - Add patch to fix workaround for read-only / subvolumes (bsc#1252892) read-only-root-fs-1.0+git20250708.3eed5de-160000.4.1.noarch.rpm read-only-root-fs-volatile-1.0+git20250708.3eed5de-160000.4.1.noarch.rpm openSUSE-Leap-16.0-525 Recommended update for kernel-firmware-bluetooth moderate SUSE SLFO 1.2 This update for kernel-firmware-bluetooth fixes the following issues: Changes in kernel-firmware-bluetooth: - Update to version 20251202 (git commit 685171356137): * linux-firmware: Update firmware file for Intel Scorpius core * linux-firmware: Update firmware file for Intel BlazarIGfP core * linux-firmware: Update firmware file for Intel BlazarI core * linux-firmware: Update firmware file for Intel BlazarU-HrPGfP core * linux-firmware: Update firmware file for Intel BlazarU core - Update to version 20251125 (git commit 23568a4b9420): * QCA: Add Bluetooth firmware for WCN685x uart interface - Update to version 20251121 (git commit ff6418d18552): * rtl_bt: Update RTL8852B BT USB FW to 0x42D3_4E04 - Update to version 20251111 (git commit 6fc940781a01): * rtl_bt: Update RTL8922A BT USB firmware to 0x41C0_C905 - Update to version 20251106 (git commit b055b3e24542): * linux-firmware: Update firmware file for Intel BlazarU core * linux-firmware: Update firmware file for Intel BlazarI core - Update to version 20251029 (git commit bfc84303530a): * rtl_bt: Add firmware and config files for RTL8761CUV - Update to version 20251024 (git commit 9b899c779b8a): * QCA: Update Bluetooth WCN6856 firmware 2.1.0-00653 to 2.1.0-00659 - Update to version 20251010 (git commit fef0b3bbf494): * linux-firmware: Update firmware file for Intel Magnetar core * linux-firmware: Update firmware file for Intel BlazarU core * linux-firmware: Update firmware file for Intel BlazarI core - Update to version 20251010 (git commit 49fafa182b23): * qca: Update Bluetooth WCN6750 1.1.3-00091 firmware to 1.1.3-00100 - Update to version 20251004 (git commit 757854f42d83): * rtl_bt: Update RTL8852BT/RTL8852BE-VT BT USB FW to 0x3BAC_ADBA - Update to version 20250903 (git commit c784990ba3d2): * rtl_bt: Update RTL8822C BT USB firmware to 0x2B66_D962 - Update to version 20250820 (git commit 70dda28e5098): * Link rtl8723b_config.bin to rtl8723bs - Update to version 20250808 (git commit 8f1ce114de6c): * qca: Update Bluetooth WCN6750 1.1.3-00069 firmware to 1.1.3-00091 kernel-firmware-bluetooth-20251202-160000.1.1.noarch.rpm openSUSE-Leap-16.0-526 Recommended update for kernel-firmware-mediatek moderate SUSE SLFO 1.2 This update for kernel-firmware-mediatek fixes the following issues: Changes in kernel-firmware-mediatek: - Update to version 20251129 (git commit 01006f5dea2d): * linux-firmware: update firmware for MT7925 WiFi device * mediatek MT7925: update bluetooth firmware to 20251124093155 - Update to version 20251119 (git commit fe13aa9b9830): * mediatek MT7922: update bluetooth firmware to 20251118163447 * linux-firmware: update firmware for MT7922 WiFi device - Update to version 20251118 (git commit 53dce114cc5d): * mt76: add firmware for MT7990 * mt76: update firmware for MT7992 * mt76: update firmware for MT7996 - Update to version 20251110 (git commit 15b5dddd9b2a): * linux-firmware: add firmware for mt7987 internal 2.5G ethernet phy - Update aliases - Update to version 20251029 (git commit bfc84303530a): * linux-firmware: update firmware for MT7925 WiFi device * mediatek MT7925: update bluetooth firmware to 20251015213201 - Update to version 20251024 (git commit 9b899c779b8a): * mediatek MT7920: update bluetooth firmware to 20251020151255 * linux-firmware: update firmware for MT7922 WiFi device * linux-firmware: update firmware for MT7920 WiFi device * mediatek MT7922: update bluetooth firmware to 20251020143443 * Revert "linux-firmware: update firmware for MT7922 WiFi device" - Update aliases from 6.18-rc1 - Update to version 20250926 (git commit fad361e997ee): * mediatek: mtk_wed: drop links for mt7988 - Update to version 20250909 (git commit 4573c02ca0ca): * mediatek MT7922: update bluetooth firmware to 20250903123504 * linux-firmware: update firmware for MT7922 WiFi device - Update to version 20250903 (git commit 577ee67ffca2): * linux-firmware: update firmware for MT7925 WiFi device * mediatek MT7925:update bluetooth firmware to 20250825220109 Update binary firmware for MT7925 BT devices. - Update to version 20250813 (git commit acb26167a103): * mediatek: Add MT8189 SCP firmware - Update to version 20250804 (git commit 37b63dc35d98): * linux-firmware: update firmware for MT7925 WiFi device * mediatek MT7925: update bluetooth firmware to 20250721233113 kernel-firmware-mediatek-20251129-160000.1.1.noarch.rpm openSUSE-Leap-16.0-528 Security update for pcre2 moderate SUSE SLFO 1.2 This update for pcre2 fixes the following issue: - CVE-2025-58050: integer overflow leads to heap buffer overread in match_ref due to missing boundary restoration in SCS (bsc#1248842). libpcre2-16-0-10.45-160000.3.1.aarch64.rpm libpcre2-32-0-10.45-160000.3.1.aarch64.rpm libpcre2-8-0-10.45-160000.3.1.aarch64.rpm libpcre2-posix3-10.45-160000.3.1.aarch64.rpm pcre2-devel-10.45-160000.3.1.aarch64.rpm pcre2-devel-static-10.45-160000.3.1.aarch64.rpm pcre2-doc-10.45-160000.3.1.noarch.rpm pcre2-tools-10.45-160000.3.1.aarch64.rpm libpcre2-16-0-10.45-160000.3.1.ppc64le.rpm libpcre2-32-0-10.45-160000.3.1.ppc64le.rpm libpcre2-8-0-10.45-160000.3.1.ppc64le.rpm libpcre2-posix3-10.45-160000.3.1.ppc64le.rpm pcre2-devel-10.45-160000.3.1.ppc64le.rpm pcre2-devel-static-10.45-160000.3.1.ppc64le.rpm pcre2-tools-10.45-160000.3.1.ppc64le.rpm libpcre2-16-0-10.45-160000.3.1.s390x.rpm libpcre2-32-0-10.45-160000.3.1.s390x.rpm libpcre2-8-0-10.45-160000.3.1.s390x.rpm libpcre2-posix3-10.45-160000.3.1.s390x.rpm pcre2-devel-10.45-160000.3.1.s390x.rpm pcre2-devel-static-10.45-160000.3.1.s390x.rpm pcre2-tools-10.45-160000.3.1.s390x.rpm libpcre2-16-0-10.45-160000.3.1.x86_64.rpm libpcre2-32-0-10.45-160000.3.1.x86_64.rpm libpcre2-8-0-10.45-160000.3.1.x86_64.rpm libpcre2-posix3-10.45-160000.3.1.x86_64.rpm pcre2-devel-10.45-160000.3.1.x86_64.rpm pcre2-devel-static-10.45-160000.3.1.x86_64.rpm pcre2-tools-10.45-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-529 Security update for sqlite3 moderate SUSE SLFO 1.2 This update for sqlite3 fixes the following issues: Update sqlite3 to version 3.51.3: Security issues: - CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670). - CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619). Non security issue: - sqlite3 won't build when using --with icu (bsc#1248586). Changelog: Update to version 3.51.3: * Fix the WAL-reset database corruption bug: https://sqlite.org/wal.html#walresetbug * Other minor bug fixes. Update to version 3.51.2: * Fix an obscure deadlock in the new broken-posix-lock detection logic. * Fix multiple problems in the EXISTS-to-JOIN optimization. Update to version 3.51.1: * Fix incorrect results from nested EXISTS queries caused by the optimization in item 6b in the 3.51.0 release. * Fix a latent bug in fts5vocab virtual table, exposed by new optimizations in the 3.51.0 release Update to version 3.51.0: * New macros in sqlite3.h: - SQLITE_SCM_BRANCH -> the name of the branch from which the source code is taken. - SQLITE_SCM_TAGS -> space-separated list of tags on the source code check-in. - SQLITE_SCM_DATETIME -> ISO-8601 date and time of the source * Two new JSON functions, jsonb_each() and jsonb_tree() work the same as the existing json_each() and json_tree() functions except that they return JSONB for the "value" column when the "type" is 'array' or 'object'. * The carray and percentile extensions are now built into the amalgamation, though they are disabled by default and must be activated at compile-time using the -DSQLITE_ENABLE_CARRAY and/or -DSQLITE_ENABLE_PERCENTILE options, respectively. * Enhancements to TCL Interface: - Add the -asdict flag to the eval command to have it set the row data as a dict instead of an array. - User-defined functions may now break to return an SQL NULL. * CLI enhancements: - Increase the precision of ".timer" to microseconds. - Enhance the "box" and "column" formatting modes to deal with double-wide characters. - The ".imposter" command provides read-only imposter tables that work with VACUUM and do not require the --unsafe-testing option. - Add the --ifexists option to the CLI command-line option and to the .open command. - Limit columns widths set by the ".width" command to 30,000 or less, as there is not good reason to have wider columns, but supporting wider columns provides opportunity to malefactors. * Performance enhancements: - Use fewer CPU cycles to commit a read transaction. - Early detection of joins that return no rows due to one or more of the tables containing no rows. - Avoid evaluation of scalar subqueries if the result of the subquery does not change the result of the overall expression. - Faster window function queries when using "BETWEEN :x FOLLOWING AND :y FOLLOWING" with a large :y. * Add the PRAGMA wal_checkpoint=NOOP; command and the SQLITE_CHECKPOINT_NOOP argument for sqlite3_wal_checkpoint_v2(). * Add the sqlite3_set_errmsg() API for use by extensions. * Add the sqlite3_db_status64() API, which works just like the existing sqlite3_db_status() API except that it returns 64-bit results. * Add the SQLITE_DBSTATUS_TEMPBUF_SPILL option to the sqlite3_db_status() and sqlite3_db_status64() interfaces. * In the session extension add the sqlite3changeset_apply_v3() interface. * For the built-in printf() and the format() SQL function, omit the leading '-' from negative floating point numbers if the '+' flag is omitted and the "#" flag is present and all displayed digits are '0'. Use '%#f' or similar to avoid outputs like '-0.00' and instead show just '0.00'. * Improved error messages generated by FTS5. * Enforce STRICT typing on computed columns. * Improved support for VxWorks * JavaScript/WASM now supports 64-bit WASM. The canonical builds continue to be 32-bit but creating one's own 64-bit build is now as simple as running "make". * Improved resistance to database corruption caused by an application breaking Posix advisory locks using close(). lemon-3.51.3-160000.1.1.aarch64.rpm libsqlite3-0-3.51.3-160000.1.1.aarch64.rpm sqlite3-3.51.3-160000.1.1.aarch64.rpm sqlite3-devel-3.51.3-160000.1.1.aarch64.rpm sqlite3-doc-3.51.3-160000.1.1.noarch.rpm sqlite3-tcl-3.51.3-160000.1.1.aarch64.rpm lemon-3.51.3-160000.1.1.ppc64le.rpm libsqlite3-0-3.51.3-160000.1.1.ppc64le.rpm sqlite3-3.51.3-160000.1.1.ppc64le.rpm sqlite3-devel-3.51.3-160000.1.1.ppc64le.rpm sqlite3-tcl-3.51.3-160000.1.1.ppc64le.rpm lemon-3.51.3-160000.1.1.s390x.rpm libsqlite3-0-3.51.3-160000.1.1.s390x.rpm sqlite3-3.51.3-160000.1.1.s390x.rpm sqlite3-devel-3.51.3-160000.1.1.s390x.rpm sqlite3-tcl-3.51.3-160000.1.1.s390x.rpm lemon-3.51.3-160000.1.1.x86_64.rpm libsqlite3-0-3.51.3-160000.1.1.x86_64.rpm libsqlite3-0-x86-64-v3-3.51.3-160000.1.1.x86_64.rpm sqlite3-3.51.3-160000.1.1.x86_64.rpm sqlite3-devel-3.51.3-160000.1.1.x86_64.rpm sqlite3-tcl-3.51.3-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-53 Recommended update for man-pages-posix important SUSE SLFO 1.2 This update for man-pages-posix fixes the following issues: - use %license tag (bsc#1252161) man-pages-posix-2017a-160000.4.1.noarch.rpm openSUSE-Leap-16.0-531 Recommended update for ca-certificates-mozilla moderate SUSE SLFO 1.2 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.84 state (bsc#1258002): * Removed: + Baltimore CyberTrust Root + CommScope Public Trust ECC Root-01 + CommScope Public Trust ECC Root-02 + CommScope Public Trust RSA Root-01 + CommScope Public Trust RSA Root-02 + DigiNotar Root CA * Added: + e-Szigno TLS Root CA 2023 + OISTE Client Root ECC G1 + OISTE Client Root RSA G1 + OISTE Server Root ECC G1 + OISTE Server Root RSA G1 + SwissSign RSA SMIME Root CA 2022 - 1 + SwissSign RSA TLS Root CA 2022 - 1 + TrustAsia SMIME ECC Root CA + TrustAsia SMIME RSA Root CA + TrustAsia TLS ECC Root CA + TrustAsia TLS RSA Root CA ca-certificates-mozilla-2.84-160000.1.1.noarch.rpm ca-certificates-mozilla-prebuilt-2.84-160000.1.2.noarch.rpm openSUSE-Leap-16.0-535 Recommended update for suse-build-key moderate SUSE SLFO 1.2 This update for suse-build-key fixes the following issues: Changes in suse-build-key: - Add the auto import framework, that imports updated gpg keys into the RPM database. - Added post quantum cryptographic keys for SLES 15 and SLES 16 to be used for repository verification. (jsc#PED-11925) - build-pqc-15.pem - build-pqc-16.pem suse-build-key-12.0-160000.3.1.noarch.rpm openSUSE-Leap-16.0-536 Recommended update for libzypp, zypper, libsolv important SUSE SLFO 1.2 This update for libzypp, zypper, libsolv fixes the following issues: Changes in libzypp: - Update to version 17.38.5: * Fix preloader not caching packages from arch specific subrepos (bsc#1253740) * Deprioritize invalid mirrors - Update to version 17.38.4: * Fix Product::referencePackage lookup (bsc#1259311) Use a provided autoproduct() as hint to the package name of the release package. It might be that not just multiple versions of the same release package provide the same product version, but also different release packages. - Update to version 17.38.3: * specfile: on fedora use %{_prefix}/share as zyppconfdir if %{_distconfdir} is undefined This will set '-DZYPPCONFDIR=%{zyppconfdir}' for cmake. * Fall back to a writable location when precaching packages without root (bsc#1247948) Changes in zypper: - Update to version 1.14.95: * Report download progress for command line rpms * Hint to '-vv ref' to see the mirrors used to download the metadata (bsc#1257882) * Service: Allow "zypper ls SERVICE ..." to test whether a service with this alias is defined (bsc#1252744) The command prints an abstract of all services passed on the command line. It returns 3-ZYPPER_EXIT_ERR_INVALID_ARGS if some argument does not name an existing service. * Keep repo data when updating the service settings (bsc#1252744) * info: Enhance pattern content table (bsc#1158038) Alternatives are now listed as a single entry in the content table. The entry shows either the installed package which satisfies the requirement or the requirement itself as type 'Provides'. Changes in libsolv: - bump version to 0.7.36: * respect the "default" attribute in environment optionlist in the comps parser * support suse namespace deps in boolean dependencies (bsc#1258193) * support for the Elbrus2000 (e2k) architecture * support language() suse namespace rewriting libzypp-17.38.5-160000.1.1.aarch64.rpm True libzypp-devel-17.38.5-160000.1.1.aarch64.rpm True libzypp-devel-doc-17.38.5-160000.1.1.aarch64.rpm True zypper-1.14.95-160000.1.1.aarch64.rpm True zypper-aptitude-1.14.95-160000.1.1.noarch.rpm True zypper-log-1.14.95-160000.1.1.noarch.rpm True zypper-needs-restarting-1.14.95-160000.1.1.noarch.rpm True libsolv-demo-0.7.36-160000.1.1.aarch64.rpm True libsolv-devel-0.7.36-160000.1.1.aarch64.rpm True libsolv-devel-static-0.7.36-160000.1.1.aarch64.rpm True libsolv-tools-0.7.36-160000.1.1.aarch64.rpm True libsolv-tools-base-0.7.36-160000.1.1.aarch64.rpm True libsolv1-0.7.36-160000.1.1.aarch64.rpm True perl-solv-0.7.36-160000.1.1.aarch64.rpm True python313-solv-0.7.36-160000.1.1.aarch64.rpm True ruby-solv-0.7.36-160000.1.1.aarch64.rpm True libzypp-17.38.5-160000.1.1.ppc64le.rpm True libzypp-devel-17.38.5-160000.1.1.ppc64le.rpm True libzypp-devel-doc-17.38.5-160000.1.1.ppc64le.rpm True zypper-1.14.95-160000.1.1.ppc64le.rpm True libsolv-demo-0.7.36-160000.1.1.ppc64le.rpm True libsolv-devel-0.7.36-160000.1.1.ppc64le.rpm True libsolv-devel-static-0.7.36-160000.1.1.ppc64le.rpm True libsolv-tools-0.7.36-160000.1.1.ppc64le.rpm True libsolv-tools-base-0.7.36-160000.1.1.ppc64le.rpm True libsolv1-0.7.36-160000.1.1.ppc64le.rpm True perl-solv-0.7.36-160000.1.1.ppc64le.rpm True python313-solv-0.7.36-160000.1.1.ppc64le.rpm True ruby-solv-0.7.36-160000.1.1.ppc64le.rpm True libzypp-17.38.5-160000.1.1.s390x.rpm True libzypp-devel-17.38.5-160000.1.1.s390x.rpm True libzypp-devel-doc-17.38.5-160000.1.1.s390x.rpm True zypper-1.14.95-160000.1.1.s390x.rpm True libsolv-demo-0.7.36-160000.1.1.s390x.rpm True libsolv-devel-0.7.36-160000.1.1.s390x.rpm True libsolv-devel-static-0.7.36-160000.1.1.s390x.rpm True libsolv-tools-0.7.36-160000.1.1.s390x.rpm True libsolv-tools-base-0.7.36-160000.1.1.s390x.rpm True libsolv1-0.7.36-160000.1.1.s390x.rpm True perl-solv-0.7.36-160000.1.1.s390x.rpm True python313-solv-0.7.36-160000.1.1.s390x.rpm True ruby-solv-0.7.36-160000.1.1.s390x.rpm True libzypp-17.38.5-160000.1.1.x86_64.rpm True libzypp-devel-17.38.5-160000.1.1.x86_64.rpm True libzypp-devel-doc-17.38.5-160000.1.1.x86_64.rpm True zypper-1.14.95-160000.1.1.x86_64.rpm True libsolv-demo-0.7.36-160000.1.1.x86_64.rpm True libsolv-devel-0.7.36-160000.1.1.x86_64.rpm True libsolv-devel-static-0.7.36-160000.1.1.x86_64.rpm True libsolv-tools-0.7.36-160000.1.1.x86_64.rpm True libsolv-tools-base-0.7.36-160000.1.1.x86_64.rpm True libsolv1-0.7.36-160000.1.1.x86_64.rpm True perl-solv-0.7.36-160000.1.1.x86_64.rpm True python313-solv-0.7.36-160000.1.1.x86_64.rpm True ruby-solv-0.7.36-160000.1.1.x86_64.rpm True openSUSE-Leap-16.0-539 Security update for python313 important SUSE SLFO 1.2 This update for python313 fixes the following issues: Update to version 3.13.13. - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). - CVE-2026-2297: incorrectly handled hook in FileLoader can lead to validation bypass (bsc#1259240). - CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). - CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). - CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). - CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). python313-3.13.13-160000.1.1.aarch64.rpm python313-curses-3.13.13-160000.1.1.aarch64.rpm python313-dbm-3.13.13-160000.1.1.aarch64.rpm python313-idle-3.13.13-160000.1.1.aarch64.rpm python313-tk-3.13.13-160000.1.1.aarch64.rpm libpython3_13-1_0-3.13.13-160000.1.1.aarch64.rpm python313-base-3.13.13-160000.1.1.aarch64.rpm python313-devel-3.13.13-160000.1.1.aarch64.rpm python313-testsuite-3.13.13-160000.1.1.aarch64.rpm python313-tools-3.13.13-160000.1.1.aarch64.rpm python313-doc-3.13.13-160000.1.1.aarch64.rpm python313-doc-devhelp-3.13.13-160000.1.1.aarch64.rpm python313-3.13.13-160000.1.1.ppc64le.rpm python313-curses-3.13.13-160000.1.1.ppc64le.rpm python313-dbm-3.13.13-160000.1.1.ppc64le.rpm python313-idle-3.13.13-160000.1.1.ppc64le.rpm python313-tk-3.13.13-160000.1.1.ppc64le.rpm libpython3_13-1_0-3.13.13-160000.1.1.ppc64le.rpm python313-base-3.13.13-160000.1.1.ppc64le.rpm python313-devel-3.13.13-160000.1.1.ppc64le.rpm python313-testsuite-3.13.13-160000.1.1.ppc64le.rpm python313-tools-3.13.13-160000.1.1.ppc64le.rpm python313-doc-3.13.13-160000.1.1.ppc64le.rpm python313-doc-devhelp-3.13.13-160000.1.1.ppc64le.rpm python313-nogil-3.13.13-160000.1.1.ppc64le.rpm python313-nogil-curses-3.13.13-160000.1.1.ppc64le.rpm python313-nogil-dbm-3.13.13-160000.1.1.ppc64le.rpm python313-nogil-idle-3.13.13-160000.1.1.ppc64le.rpm python313-nogil-tk-3.13.13-160000.1.1.ppc64le.rpm libpython3_13t1_0-3.13.13-160000.1.1.ppc64le.rpm python313-nogil-base-3.13.13-160000.1.1.ppc64le.rpm python313-nogil-devel-3.13.13-160000.1.1.ppc64le.rpm python313-nogil-testsuite-3.13.13-160000.1.1.ppc64le.rpm python313-nogil-tools-3.13.13-160000.1.1.ppc64le.rpm python313-3.13.13-160000.1.1.s390x.rpm python313-curses-3.13.13-160000.1.1.s390x.rpm python313-dbm-3.13.13-160000.1.1.s390x.rpm python313-idle-3.13.13-160000.1.1.s390x.rpm python313-tk-3.13.13-160000.1.1.s390x.rpm libpython3_13-1_0-3.13.13-160000.1.1.s390x.rpm python313-base-3.13.13-160000.1.1.s390x.rpm python313-devel-3.13.13-160000.1.1.s390x.rpm python313-testsuite-3.13.13-160000.1.1.s390x.rpm python313-tools-3.13.13-160000.1.1.s390x.rpm python313-doc-3.13.13-160000.1.1.s390x.rpm python313-doc-devhelp-3.13.13-160000.1.1.s390x.rpm python313-nogil-3.13.13-160000.1.1.s390x.rpm python313-nogil-curses-3.13.13-160000.1.1.s390x.rpm python313-nogil-dbm-3.13.13-160000.1.1.s390x.rpm python313-nogil-idle-3.13.13-160000.1.1.s390x.rpm python313-nogil-tk-3.13.13-160000.1.1.s390x.rpm libpython3_13t1_0-3.13.13-160000.1.1.s390x.rpm python313-nogil-base-3.13.13-160000.1.1.s390x.rpm python313-nogil-devel-3.13.13-160000.1.1.s390x.rpm python313-nogil-testsuite-3.13.13-160000.1.1.s390x.rpm python313-nogil-tools-3.13.13-160000.1.1.s390x.rpm python313-3.13.13-160000.1.1.x86_64.rpm python313-curses-3.13.13-160000.1.1.x86_64.rpm python313-dbm-3.13.13-160000.1.1.x86_64.rpm python313-idle-3.13.13-160000.1.1.x86_64.rpm python313-tk-3.13.13-160000.1.1.x86_64.rpm python313-x86-64-v3-3.13.13-160000.1.1.x86_64.rpm libpython3_13-1_0-3.13.13-160000.1.1.x86_64.rpm libpython3_13-1_0-x86-64-v3-3.13.13-160000.1.1.x86_64.rpm python313-base-3.13.13-160000.1.1.x86_64.rpm python313-base-x86-64-v3-3.13.13-160000.1.1.x86_64.rpm python313-devel-3.13.13-160000.1.1.x86_64.rpm python313-testsuite-3.13.13-160000.1.1.x86_64.rpm python313-tools-3.13.13-160000.1.1.x86_64.rpm python313-doc-3.13.13-160000.1.1.x86_64.rpm python313-doc-devhelp-3.13.13-160000.1.1.x86_64.rpm python313-nogil-3.13.13-160000.1.1.x86_64.rpm python313-nogil-curses-3.13.13-160000.1.1.x86_64.rpm python313-nogil-dbm-3.13.13-160000.1.1.x86_64.rpm python313-nogil-idle-3.13.13-160000.1.1.x86_64.rpm python313-nogil-tk-3.13.13-160000.1.1.x86_64.rpm libpython3_13t1_0-3.13.13-160000.1.1.x86_64.rpm python313-nogil-base-3.13.13-160000.1.1.x86_64.rpm python313-nogil-devel-3.13.13-160000.1.1.x86_64.rpm python313-nogil-testsuite-3.13.13-160000.1.1.x86_64.rpm python313-nogil-tools-3.13.13-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-54 Recommended update for multipath-tools moderate SUSE SLFO 1.2 This update for multipath-tools fixes the following issues: - Fixes from upstream 0.11.3 (bsc#1253260) * Improved the communication with **udev** and **systemd** by triggering uevents when path devices are added to or removed from multipath maps, or when `multipathd reconfigure` is executed after changing blacklist directives in `multipath.conf`. * Failed paths should be checked every `polling_interval`. In certain cases, this wouldn't happen, because the check interval wasn't reset by multipathd. * It could happen that multipathd would accidentally release a SCSI persistent reservation held by another node. * After manually failing some paths and then reinstating them, sometimes the reinstated paths were immediately failed again by multipathd. * Various minor fixes reported by coverity. kpartx-0.11.3+184+suse.e1501732-160000.1.1.aarch64.rpm libdmmp-devel-0.11.3+184+suse.e1501732-160000.1.1.aarch64.rpm libdmmp0_2_0-0.11.3+184+suse.e1501732-160000.1.1.aarch64.rpm libmpath0-0.11.3+184+suse.e1501732-160000.1.1.aarch64.rpm multipath-tools-0.11.3+184+suse.e1501732-160000.1.1.aarch64.rpm multipath-tools-devel-0.11.3+184+suse.e1501732-160000.1.1.aarch64.rpm kpartx-0.11.3+184+suse.e1501732-160000.1.1.ppc64le.rpm libdmmp-devel-0.11.3+184+suse.e1501732-160000.1.1.ppc64le.rpm libdmmp0_2_0-0.11.3+184+suse.e1501732-160000.1.1.ppc64le.rpm libmpath0-0.11.3+184+suse.e1501732-160000.1.1.ppc64le.rpm multipath-tools-0.11.3+184+suse.e1501732-160000.1.1.ppc64le.rpm multipath-tools-devel-0.11.3+184+suse.e1501732-160000.1.1.ppc64le.rpm kpartx-0.11.3+184+suse.e1501732-160000.1.1.s390x.rpm libdmmp-devel-0.11.3+184+suse.e1501732-160000.1.1.s390x.rpm libdmmp0_2_0-0.11.3+184+suse.e1501732-160000.1.1.s390x.rpm libmpath0-0.11.3+184+suse.e1501732-160000.1.1.s390x.rpm multipath-tools-0.11.3+184+suse.e1501732-160000.1.1.s390x.rpm multipath-tools-devel-0.11.3+184+suse.e1501732-160000.1.1.s390x.rpm kpartx-0.11.3+184+suse.e1501732-160000.1.1.x86_64.rpm libdmmp-devel-0.11.3+184+suse.e1501732-160000.1.1.x86_64.rpm libdmmp0_2_0-0.11.3+184+suse.e1501732-160000.1.1.x86_64.rpm libmpath0-0.11.3+184+suse.e1501732-160000.1.1.x86_64.rpm multipath-tools-0.11.3+184+suse.e1501732-160000.1.1.x86_64.rpm multipath-tools-devel-0.11.3+184+suse.e1501732-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-540 Security update for webkit2gtk3 important SUSE SLFO 1.2 This update for webkit2gtk3 fixes the following issues: Update to version 2.52.1. Security issues fixed: - CVE-2025-43213: processing maliciously crafted web content may lead to an unexpected crash due to improper memory handling (bsc#1259947). - CVE-2025-43214: processing maliciously crafted web content may lead to an unexpected crash due to improper memory handling (bsc#1259946). - CVE-2025-43457: processing maliciously crafted web content may lead to an unexpected crash due to use-after-free (bsc#1259942). - CVE-2025-43511: processing maliciously crafted web content may lead to an unexpected process crash due to use-after-free (bsc#1259941). - CVE-2025-46299: processing maliciously crafted web content may disclose internal states of an app due to improper memory initialization (bsc#1259940). - CVE-2026-20608: processing maliciously crafted web content may lead to an unexpected process crash due to improper state management (bsc#1259939). - CVE-2026-20635: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1259938). - CVE-2026-20636: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1259937). - CVE-2026-20643: processing maliciously crafted web content may bypass Same Origin Policy due to improper input validation (bsc#1261172). - CVE-2026-20644: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1259936). - CVE-2026-20652: a remote attacker may be able to cause a denial-of-service due to improper memory handling (bsc#1259935). - CVE-2026-20664: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1261173). - CVE-2026-20665: processing maliciously crafted web content may prevent Content Security Policy from being enforced due to improper state management (bsc#1261174). - CVE-2026-20676: a website may be able to track users through web extensions due to improper state management (bsc#1259934). - CVE-2026-20691: a maliciously crafted webpage may be able to fingerprint users due to improper state management (bsc#1261175). - CVE-2026-28857: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1261176). - CVE-2026-28859: a malicious website may be able to process restricted web content outside the sandbox due to improper memory management (bsc#1261177). - CVE-2026-28861: a malicious website may be able to access script message handlers intended for other origins due to improper state management (bsc#1261178). - CVE-2026-28871: visiting a maliciously crafted website may lead to a cross-site scripting attack due to missing checks (bsc#1261179). Other updates and bugfixes: - Version 2.52.1: * Reduce the amount of useless MPRIS notifications produced by MediaSession when the information about media being played is incomplete. * Support turning off USE_GSTREAMER to configure the build with all multimedia features disabled. * Add Sysprof marks for mouse events. * Fix MediaSession icon for iheart.com not being displayed. * Fix the build with USE_GSTREAMER_GL disabled. * Fix the build with librice version 0.3.0 or newer. * Fix several crashes and rendering issues. * Translation updates: Georgian. - Version 2.52.0: * Make scrolling with touch input smoother for small movements. * Fix estimated load progress of downloads when Content-Length value is wrong. * Ensure that "scrollend" events are correctly emitted after scroll animations. WebKitGTK-4.1-lang-2.52.1-160000.1.1.noarch.rpm libjavascriptcoregtk-4_1-0-2.52.1-160000.1.1.aarch64.rpm libwebkit2gtk-4_1-0-2.52.1-160000.1.1.aarch64.rpm typelib-1_0-JavaScriptCore-4_1-2.52.1-160000.1.1.aarch64.rpm typelib-1_0-WebKit2-4_1-2.52.1-160000.1.1.aarch64.rpm typelib-1_0-WebKit2WebExtension-4_1-2.52.1-160000.1.1.aarch64.rpm webkit-jsc-4.1-2.52.1-160000.1.1.aarch64.rpm webkit2gtk-4_1-injected-bundles-2.52.1-160000.1.1.aarch64.rpm webkit2gtk3-devel-2.52.1-160000.1.1.aarch64.rpm webkit2gtk3-minibrowser-2.52.1-160000.1.1.aarch64.rpm WebKitGTK-4.0-lang-2.52.1-160000.1.1.noarch.rpm libjavascriptcoregtk-4_0-18-2.52.1-160000.1.1.aarch64.rpm libwebkit2gtk-4_0-37-2.52.1-160000.1.1.aarch64.rpm typelib-1_0-JavaScriptCore-4_0-2.52.1-160000.1.1.aarch64.rpm typelib-1_0-WebKit2-4_0-2.52.1-160000.1.1.aarch64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.52.1-160000.1.1.aarch64.rpm webkit-jsc-4-2.52.1-160000.1.1.aarch64.rpm webkit2gtk-4_0-injected-bundles-2.52.1-160000.1.1.aarch64.rpm webkit2gtk3-soup2-devel-2.52.1-160000.1.1.aarch64.rpm webkit2gtk3-soup2-minibrowser-2.52.1-160000.1.1.aarch64.rpm WebKitGTK-6.0-lang-2.52.1-160000.1.1.noarch.rpm libjavascriptcoregtk-6_0-1-2.52.1-160000.1.1.aarch64.rpm libwebkitgtk-6_0-4-2.52.1-160000.1.1.aarch64.rpm typelib-1_0-JavaScriptCore-6_0-2.52.1-160000.1.1.aarch64.rpm typelib-1_0-WebKit-6_0-2.52.1-160000.1.1.aarch64.rpm typelib-1_0-WebKitWebProcessExtension-6_0-2.52.1-160000.1.1.aarch64.rpm webkit-jsc-6.0-2.52.1-160000.1.1.aarch64.rpm webkit2gtk4-devel-2.52.1-160000.1.1.aarch64.rpm webkit2gtk4-minibrowser-2.52.1-160000.1.1.aarch64.rpm webkitgtk-6_0-injected-bundles-2.52.1-160000.1.1.aarch64.rpm libjavascriptcoregtk-4_1-0-2.52.1-160000.1.1.ppc64le.rpm libwebkit2gtk-4_1-0-2.52.1-160000.1.1.ppc64le.rpm typelib-1_0-JavaScriptCore-4_1-2.52.1-160000.1.1.ppc64le.rpm typelib-1_0-WebKit2-4_1-2.52.1-160000.1.1.ppc64le.rpm typelib-1_0-WebKit2WebExtension-4_1-2.52.1-160000.1.1.ppc64le.rpm webkit-jsc-4.1-2.52.1-160000.1.1.ppc64le.rpm webkit2gtk-4_1-injected-bundles-2.52.1-160000.1.1.ppc64le.rpm webkit2gtk3-devel-2.52.1-160000.1.1.ppc64le.rpm webkit2gtk3-minibrowser-2.52.1-160000.1.1.ppc64le.rpm libjavascriptcoregtk-4_0-18-2.52.1-160000.1.1.ppc64le.rpm libwebkit2gtk-4_0-37-2.52.1-160000.1.1.ppc64le.rpm typelib-1_0-JavaScriptCore-4_0-2.52.1-160000.1.1.ppc64le.rpm typelib-1_0-WebKit2-4_0-2.52.1-160000.1.1.ppc64le.rpm typelib-1_0-WebKit2WebExtension-4_0-2.52.1-160000.1.1.ppc64le.rpm webkit-jsc-4-2.52.1-160000.1.1.ppc64le.rpm webkit2gtk-4_0-injected-bundles-2.52.1-160000.1.1.ppc64le.rpm webkit2gtk3-soup2-devel-2.52.1-160000.1.1.ppc64le.rpm webkit2gtk3-soup2-minibrowser-2.52.1-160000.1.1.ppc64le.rpm libjavascriptcoregtk-6_0-1-2.52.1-160000.1.1.ppc64le.rpm libwebkitgtk-6_0-4-2.52.1-160000.1.1.ppc64le.rpm typelib-1_0-JavaScriptCore-6_0-2.52.1-160000.1.1.ppc64le.rpm typelib-1_0-WebKit-6_0-2.52.1-160000.1.1.ppc64le.rpm typelib-1_0-WebKitWebProcessExtension-6_0-2.52.1-160000.1.1.ppc64le.rpm webkit-jsc-6.0-2.52.1-160000.1.1.ppc64le.rpm webkit2gtk4-devel-2.52.1-160000.1.1.ppc64le.rpm webkit2gtk4-minibrowser-2.52.1-160000.1.1.ppc64le.rpm webkitgtk-6_0-injected-bundles-2.52.1-160000.1.1.ppc64le.rpm libjavascriptcoregtk-4_1-0-2.52.1-160000.1.1.s390x.rpm libwebkit2gtk-4_1-0-2.52.1-160000.1.1.s390x.rpm typelib-1_0-JavaScriptCore-4_1-2.52.1-160000.1.1.s390x.rpm typelib-1_0-WebKit2-4_1-2.52.1-160000.1.1.s390x.rpm typelib-1_0-WebKit2WebExtension-4_1-2.52.1-160000.1.1.s390x.rpm webkit-jsc-4.1-2.52.1-160000.1.1.s390x.rpm webkit2gtk-4_1-injected-bundles-2.52.1-160000.1.1.s390x.rpm webkit2gtk3-devel-2.52.1-160000.1.1.s390x.rpm webkit2gtk3-minibrowser-2.52.1-160000.1.1.s390x.rpm libjavascriptcoregtk-4_0-18-2.52.1-160000.1.1.s390x.rpm libwebkit2gtk-4_0-37-2.52.1-160000.1.1.s390x.rpm typelib-1_0-JavaScriptCore-4_0-2.52.1-160000.1.1.s390x.rpm typelib-1_0-WebKit2-4_0-2.52.1-160000.1.1.s390x.rpm typelib-1_0-WebKit2WebExtension-4_0-2.52.1-160000.1.1.s390x.rpm webkit-jsc-4-2.52.1-160000.1.1.s390x.rpm webkit2gtk-4_0-injected-bundles-2.52.1-160000.1.1.s390x.rpm webkit2gtk3-soup2-devel-2.52.1-160000.1.1.s390x.rpm webkit2gtk3-soup2-minibrowser-2.52.1-160000.1.1.s390x.rpm libjavascriptcoregtk-6_0-1-2.52.1-160000.1.1.s390x.rpm libwebkitgtk-6_0-4-2.52.1-160000.1.1.s390x.rpm typelib-1_0-JavaScriptCore-6_0-2.52.1-160000.1.1.s390x.rpm typelib-1_0-WebKit-6_0-2.52.1-160000.1.1.s390x.rpm typelib-1_0-WebKitWebProcessExtension-6_0-2.52.1-160000.1.1.s390x.rpm webkit-jsc-6.0-2.52.1-160000.1.1.s390x.rpm webkit2gtk4-devel-2.52.1-160000.1.1.s390x.rpm webkit2gtk4-minibrowser-2.52.1-160000.1.1.s390x.rpm webkitgtk-6_0-injected-bundles-2.52.1-160000.1.1.s390x.rpm libjavascriptcoregtk-4_1-0-2.52.1-160000.1.1.x86_64.rpm libwebkit2gtk-4_1-0-2.52.1-160000.1.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_1-2.52.1-160000.1.1.x86_64.rpm typelib-1_0-WebKit2-4_1-2.52.1-160000.1.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_1-2.52.1-160000.1.1.x86_64.rpm webkit-jsc-4.1-2.52.1-160000.1.1.x86_64.rpm webkit2gtk-4_1-injected-bundles-2.52.1-160000.1.1.x86_64.rpm webkit2gtk3-devel-2.52.1-160000.1.1.x86_64.rpm webkit2gtk3-minibrowser-2.52.1-160000.1.1.x86_64.rpm libjavascriptcoregtk-4_0-18-2.52.1-160000.1.1.x86_64.rpm libwebkit2gtk-4_0-37-2.52.1-160000.1.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.52.1-160000.1.1.x86_64.rpm typelib-1_0-WebKit2-4_0-2.52.1-160000.1.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.52.1-160000.1.1.x86_64.rpm webkit-jsc-4-2.52.1-160000.1.1.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.52.1-160000.1.1.x86_64.rpm webkit2gtk3-soup2-devel-2.52.1-160000.1.1.x86_64.rpm webkit2gtk3-soup2-minibrowser-2.52.1-160000.1.1.x86_64.rpm libjavascriptcoregtk-6_0-1-2.52.1-160000.1.1.x86_64.rpm libwebkitgtk-6_0-4-2.52.1-160000.1.1.x86_64.rpm typelib-1_0-JavaScriptCore-6_0-2.52.1-160000.1.1.x86_64.rpm typelib-1_0-WebKit-6_0-2.52.1-160000.1.1.x86_64.rpm typelib-1_0-WebKitWebProcessExtension-6_0-2.52.1-160000.1.1.x86_64.rpm webkit-jsc-6.0-2.52.1-160000.1.1.x86_64.rpm webkit2gtk4-devel-2.52.1-160000.1.1.x86_64.rpm webkit2gtk4-minibrowser-2.52.1-160000.1.1.x86_64.rpm webkitgtk-6_0-injected-bundles-2.52.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-541 Security update for nodejs24 important SUSE SLFO 1.2 This update for nodejs24 fixes the following issues: Update to version 24.14.1. Security issues fixed: - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request (bsc#1260494). - CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file permissions and ownership on already-open file descriptors (bsc#1260462). - CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482). - CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent on stream 0 (bsc#1260480). - CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and potential MAC forgery (bsc#1260463). - CVE-2026-21712: assertion error caused by flaw in URL processing allows for a process crash via a URL with a malformed IDN (bsc#1260460). - CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455). - CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or `ALPNCallback` are in use (bsc#1256576). - CVE-2025-59464: memory leak allows for remote denial of service against applications processing TLS client certificates (bsc#1256572). Other updates and bugfixes: - Version 24.14.0: * async_hooks: add trackPromises option to createHook() * build,deps: replace cjs-module-lexer with merve * deps: add LIEF as a dependency * events: repurpose events.listenerCount() to accept EventTargets * fs: add ignore option to fs.watch * http: add http.setGlobalProxyFromEnv() * module: allow subpath imports that start with #/ * process: preserve AsyncLocalStorage in queueMicrotask only when needed * sea: split sea binary manipulation code * sqlite: enable defensive mode by default * sqlite: add sqlite prepare options args * src: add initial support for ESM in embedder API * stream: add bytes() method to node:stream/consumers * stream: do not pass readable.compose() output via Readable.from() * test: use fixture directories for sea tests * test_runner: add env option to run function * test_runner: support expecting a test-case to fail * util: add convertProcessSignalToExitCode utility * For details, see https://nodejs.org/en/blog/release/v24.14.0 corepack24-24.14.1-160000.1.1.aarch64.rpm nodejs24-24.14.1-160000.1.1.aarch64.rpm nodejs24-devel-24.14.1-160000.1.1.aarch64.rpm nodejs24-docs-24.14.1-160000.1.1.noarch.rpm npm24-24.14.1-160000.1.1.aarch64.rpm corepack24-24.14.1-160000.1.1.ppc64le.rpm nodejs24-24.14.1-160000.1.1.ppc64le.rpm nodejs24-devel-24.14.1-160000.1.1.ppc64le.rpm npm24-24.14.1-160000.1.1.ppc64le.rpm corepack24-24.14.1-160000.1.1.s390x.rpm nodejs24-24.14.1-160000.1.1.s390x.rpm nodejs24-devel-24.14.1-160000.1.1.s390x.rpm npm24-24.14.1-160000.1.1.s390x.rpm corepack24-24.14.1-160000.1.1.x86_64.rpm nodejs24-24.14.1-160000.1.1.x86_64.rpm nodejs24-devel-24.14.1-160000.1.1.x86_64.rpm npm24-24.14.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-542 Recommended update for openal-soft moderate SUSE SLFO 1.2 This update for openal-soft fixes the following issues: Changes in openal-soft: - Update to git version 1.24.3+git7f56dcdf. This includes the port to Qt6 added as a patch previously. - Update to version 1.24.3: * Fixed handling WASAPI enumerated device changes * Fixed a crash with UWP builds when __wargv is null * Fixed using AL_FORMAT_BFORMAT3D_I32 * Improved the bsinc resamplers' cutoff frequencies * Slightly reduced the aliasing noise in the cubic spline resampler * Added new bsinc48 and fast_bsinc48 resampler options. * Added support for using NFC filters with UHJ output. - Update to version 1.24.2 * Implemented the AL_SOFT_bformat_hoa extension. * Implemented default device change events for the PulseAudio backend. * Implemented an option for WASAPI exclusive mode playback. * Fixed reverb being too quiet for sounds from different directions. * Fixed building alffplay on systems without pkg-config. * Improved output format detection for CoreAudio. * Changed the default resampler back to Cubic Spline. * Added an SDL3 playback backend. Disabled by default to avoid a runtime dependency and for compatibility; a single process can't safely use SDL2 and SDL3 together on some OSs, so enable with care. * Converted examples from SDL2 to SDL3. * Integrated fmtlib into the main library and router for logging and string formatting. - Update to version 1.24.1 * Fixed compilation on PowerPC. * Fixed compilation on some targets that lack lock-free 64-bit atomics. * Fixed a crash when parsing certain option values. * Improved compatibility when compiling as C++20 or later. * Integrated fmtlib for some examples and utilities. - Update to version 1.24.0 * Updated library codebase to C++17. * Implemented the ALC_SOFT_system_events extension. * Implemented the AL_EXT_debug extension. * Implemented the AL_EXT_direct_context extension. * Implemented speaker configuration and headphones detection on CoreAudio. * Fixed a crash that can occur when stopping playback with the Oboe backend. * Fixed calculating the reverb room rolloff. * Fixed EAX occlusion, obstruction, and exclusion low-pass filter strength. * Fixed EAX distance factor calculations. * Fixed querying AL_EFFECTSLOT_EFFECT on auxiliary effect slots. * Fixed compilation on some macOS systems that lack libdispatch. * Changed the context error state to be thread-local. This is technically out of spec, but necessary to avoid race conditions with multi-threaded use. * Split the cubic resampler into 4-point spline and gaussian variants. The latter prioritizing the suppression of aliasing distortion and harmonics, the former not reducing high frequencies as much. * Improved timing precision of starting delayed sources. * Improved ring modulator quality. * Improved performance of convolution reverb. * Added 'noexcept' to functions and function types when compiled as C++. As a C API, OpenAL can't be expected to throw C++ exceptions, nor can it handle them if they leave a callback. * Added an experimental config option for using WASAPI spatial audio output. * Added enumeration support to the PortAudio backend. * Added compatibility options to override the AL_VENDOR, AL_VERSION, and AL_RENDERER strings. * Added an example to play LAF files. * Disabled real-time mixing by default for PipeWire playback. - Use ldconfig_scriptlets macro - Fixed SLES build libopenal0-1.24.3~179-160000.1.1.aarch64.rpm libopenal1-1.24.3~179-160000.1.1.aarch64.rpm openal-soft-data-1.24.3~179-160000.1.1.noarch.rpm openal-soft-devel-1.24.3~179-160000.1.1.aarch64.rpm openal-soft-makemhr-1.24.3~179-160000.1.1.aarch64.rpm openal-soft-tools-1.24.3~179-160000.1.1.aarch64.rpm libopenal0-1.24.3~179-160000.1.1.ppc64le.rpm libopenal1-1.24.3~179-160000.1.1.ppc64le.rpm openal-soft-devel-1.24.3~179-160000.1.1.ppc64le.rpm openal-soft-makemhr-1.24.3~179-160000.1.1.ppc64le.rpm openal-soft-tools-1.24.3~179-160000.1.1.ppc64le.rpm libopenal0-1.24.3~179-160000.1.1.s390x.rpm libopenal1-1.24.3~179-160000.1.1.s390x.rpm openal-soft-devel-1.24.3~179-160000.1.1.s390x.rpm openal-soft-makemhr-1.24.3~179-160000.1.1.s390x.rpm openal-soft-tools-1.24.3~179-160000.1.1.s390x.rpm libopenal0-1.24.3~179-160000.1.1.x86_64.rpm libopenal1-1.24.3~179-160000.1.1.x86_64.rpm openal-soft-devel-1.24.3~179-160000.1.1.x86_64.rpm openal-soft-makemhr-1.24.3~179-160000.1.1.x86_64.rpm openal-soft-tools-1.24.3~179-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-543 Recommended update for rsyslog moderate SUSE SLFO 1.2 This update for rsyslog fixes the following issues: - Fix SELinux context of rsyslog run directory (bsc#1253261) rsyslog-8.2502.0-160000.3.1.aarch64.rpm rsyslog-diag-tools-8.2502.0-160000.3.1.aarch64.rpm rsyslog-doc-8.2502.0-160000.3.1.noarch.rpm rsyslog-module-elasticsearch-8.2502.0-160000.3.1.aarch64.rpm rsyslog-module-gcrypt-8.2502.0-160000.3.1.aarch64.rpm rsyslog-module-gssapi-8.2502.0-160000.3.1.aarch64.rpm rsyslog-module-gtls-8.2502.0-160000.3.1.aarch64.rpm rsyslog-module-mmnormalize-8.2502.0-160000.3.1.aarch64.rpm rsyslog-module-mysql-8.2502.0-160000.3.1.aarch64.rpm rsyslog-module-omhttpfs-8.2502.0-160000.3.1.aarch64.rpm rsyslog-module-omtcl-8.2502.0-160000.3.1.aarch64.rpm rsyslog-module-ossl-8.2502.0-160000.3.1.aarch64.rpm rsyslog-module-pgsql-8.2502.0-160000.3.1.aarch64.rpm rsyslog-module-relp-8.2502.0-160000.3.1.aarch64.rpm rsyslog-8.2502.0-160000.3.1.ppc64le.rpm rsyslog-diag-tools-8.2502.0-160000.3.1.ppc64le.rpm rsyslog-module-elasticsearch-8.2502.0-160000.3.1.ppc64le.rpm rsyslog-module-gcrypt-8.2502.0-160000.3.1.ppc64le.rpm rsyslog-module-gssapi-8.2502.0-160000.3.1.ppc64le.rpm rsyslog-module-gtls-8.2502.0-160000.3.1.ppc64le.rpm rsyslog-module-mmnormalize-8.2502.0-160000.3.1.ppc64le.rpm rsyslog-module-mysql-8.2502.0-160000.3.1.ppc64le.rpm rsyslog-module-omhttpfs-8.2502.0-160000.3.1.ppc64le.rpm rsyslog-module-omtcl-8.2502.0-160000.3.1.ppc64le.rpm rsyslog-module-ossl-8.2502.0-160000.3.1.ppc64le.rpm rsyslog-module-pgsql-8.2502.0-160000.3.1.ppc64le.rpm rsyslog-module-relp-8.2502.0-160000.3.1.ppc64le.rpm rsyslog-8.2502.0-160000.3.1.s390x.rpm rsyslog-diag-tools-8.2502.0-160000.3.1.s390x.rpm rsyslog-module-elasticsearch-8.2502.0-160000.3.1.s390x.rpm rsyslog-module-gcrypt-8.2502.0-160000.3.1.s390x.rpm rsyslog-module-gssapi-8.2502.0-160000.3.1.s390x.rpm rsyslog-module-gtls-8.2502.0-160000.3.1.s390x.rpm rsyslog-module-mmnormalize-8.2502.0-160000.3.1.s390x.rpm rsyslog-module-mysql-8.2502.0-160000.3.1.s390x.rpm rsyslog-module-omhttpfs-8.2502.0-160000.3.1.s390x.rpm rsyslog-module-omtcl-8.2502.0-160000.3.1.s390x.rpm rsyslog-module-ossl-8.2502.0-160000.3.1.s390x.rpm rsyslog-module-pgsql-8.2502.0-160000.3.1.s390x.rpm rsyslog-module-relp-8.2502.0-160000.3.1.s390x.rpm rsyslog-8.2502.0-160000.3.1.x86_64.rpm rsyslog-diag-tools-8.2502.0-160000.3.1.x86_64.rpm rsyslog-module-elasticsearch-8.2502.0-160000.3.1.x86_64.rpm rsyslog-module-gcrypt-8.2502.0-160000.3.1.x86_64.rpm rsyslog-module-gssapi-8.2502.0-160000.3.1.x86_64.rpm rsyslog-module-gtls-8.2502.0-160000.3.1.x86_64.rpm rsyslog-module-mmnormalize-8.2502.0-160000.3.1.x86_64.rpm rsyslog-module-mysql-8.2502.0-160000.3.1.x86_64.rpm rsyslog-module-omhttpfs-8.2502.0-160000.3.1.x86_64.rpm rsyslog-module-omtcl-8.2502.0-160000.3.1.x86_64.rpm rsyslog-module-ossl-8.2502.0-160000.3.1.x86_64.rpm rsyslog-module-pgsql-8.2502.0-160000.3.1.x86_64.rpm rsyslog-module-relp-8.2502.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-544 Recommended update for crypto-policies moderate SUSE SLFO 1.2 This update for crypto-policies fixes the following issues: - Fix the testsuite: * Port all the policy changes to the config files in the test suite. * Use the newly introduced SKIP_LINTING=1 option. - Adapt the manpages to SUSE/openSUSE: * Add crypto policies SUSE manpages * Compress all the man pages for update-crypto-policies.8.gz, crypto-policies.7.gz, fips-finish-install.8.gz and fips-mode-setup.8.gz into man-crypto-policies.tar.xz - Update to version 20250714.cd6043a: (bsc#1253025, bsc#1252696) * gnutls: enable ML-DSA, for both secure-sig and secure-sig-for-cert * python, policies, tests: alias X25519-MLKEM768 to MLKEM768-X25519 * FIPS: disable MLKEM768-X25519 for openssh (no-op) * FIPS: deprioritize X25519-MLKEM768 over P256-MLKEM768 for openssl... * TEST-PQ: be more careful with the ordering * openssl: send one PQ and one classic key_share; prioritize PQ groups * sequoia: Generate AEAD policy * Do not include EdDSA in FIPS policy * sequoia: Add PQC algorithm * sequoia: Run tests against PQC capable policy-config-check * Revert "openssl, policies: implement group_key_share option" * openssl, policies: implement group_key_share option * FIPS: enable hybrid ML-KEM (TLS only) and pure ML-DSA * python/build-crypto-policies: output diffs on --test mismatches * sequoia, rpm-sequoia: use ignore_invalid with sha3, x25519, ... * policies, alg_lists, openssl: remove KYBER from allowed values * openssl: stricter enabling of Ciphersuites * openssl: make use of -CBC and -AESGCM keywords * openssl: add TLS 1.3 Brainpool identifiers * fix warning on using experimental key_exchanges * update-crypto-policies: don't output FIPS warning in fips mode * openssh: map mlkem768x25519-sha256 to KEM-ECDH and MLKEM768-X25519 and SHA2-256 * openssh, libssh: refactor kx maps to use tuples * alg_lists: mark MLKEM768/SNTRUP kex experimental * nss: revert enabling mlkem768secp256r1 * nss: add mlkem768x25519 and mlkem768secp256r1, remove xyber * gnutls: add GROUP-X25519-MLKEM768 and GROUP-SECP256R1-MLKEM768 * openssl: use both names for SecP256r1MLKEM768 / X25519MLKEM768 * openssh, TEST-PQ: rename MLKEM key_exchange to MLKEM768 * openssh: add support for sntrup761x25519-sha512 and mlkem768x25519-sha256 * LEGACY: enable 192-bit ciphers for nss pkcs12/smime * openssl: map NULL to TLS_SHA256_SHA256:TLS_SHA384_SHA384... * nss: be stricter with new purposes * python/update-crypto-policies: pacify pylint * fips-mode-setup: tolerate fips dracut module presence w/o FIPS * fips-mode-setup: small Argon2 detection fix * SHA1: add __openssl_block_sha1_signatures = 0 * fips-mode-setup: block if LUKS devices using Argon2 are detected * update-crypto-policies: skip warning on --set=FIPS if bootc * fips-setup-helper: skip warning, BTW * fips-mode-setup: force --no-bootcfg when UKI is detected * fips-crypto-policy-overlay: automount FIPS policy * nss: rewrite backend for 3.101 * cryptopolicies: parent scopes for dumping purposes * policygenerators: move scoping inside generators * openssh: make dss no longer enableble, support is dropped * gnutls: wire GROUP-X25519-KYBER768 to X25519-KYBER768 * TEST-PQ: disable pure Kyber768 * DEFAULT: switch to rh-allow-sha1-signatures = no... * java: drop unused javasystem backend * java: stop specifying jdk.tls.namedGroups in javasystem * ec_min_size: introduce and use in java, default to 256 * java: use and include jdk.disabled.namedCurves * BSI: Update BSI policy for new 2024 minimum recommendations * fips-mode-setup: flashy ticking warning upon use * fips-mode-setup: add another scary "unsupported" * BSI: switch to 3072 minimum RSA key size * java: make hash, mac and sign more orthogonal * java: specify jdk.tls.namedGroups system property * java: respect more key size restrictions * java: disable anon ciphersuites, tying them to NULL... * java: start controlling / disable DTLSv1.0 * nss: wire KYBER768 to XYBER768D00 - Update to version 20250425.9267dee: * openssl: fix mistakes in integrity-only cipher definitions * NO-PQ, cryptopolicies: add experimental value suppression * nss: add mlkem768x25519 and mlkem768secp256r1 * gnutls: 'allow-rsa-pkcs1-encrypt = false' everywhere but in LEGACY * TEST-PQ, openssh: add support for MLKEM768 key_exchange * LEGACY: drop cipher@pkcs12 = SEED-CBC * fips-crypto-policy-overlay: automount FIPS policy, follow-up fixes * nss: TLS-REQUIRE-EMS in FIPS * DEFAULT: disable RSA key exchange * LEGACY: disable sign = *-SHA1 * nss: wire XYBER768D00 to X25519-KYBER768, not KYBER768 - Add the FIPS scripts fips-finish-install and fips-mode-setup as sources in the spec file as they have been removed upstream. * We will maintain these scripts downstream. * Update the man pages for update-crypto-policies.8.gz * Add crypto policies FIPS output * Add man pages in text file in compressed form in the file man-fips-scripts.tar.xz and add them to the Makefile. - Update to version 20250324.3714354: * NO-PQ: introduce * LEGACY/DEFAULT/FUTURE: enable hybrid ML-KEM and pure ML-DSA * _openssl_block_sha1_signatures: flip the default to 1 * sequoia: add sha3, x25519, ed25519, x448, ed448, but not for rpm-sequoia * sequoia: refactor a bit * openssl: specify default key size for req * gnutls: support P384-MLKEM1024 * openssl: stop generating `openssl` in favour of `opensslcnf` * gnutls: drop kyber (switching to leancrypto took it away) * openssl: use both names for P384-MLKEM1024 * Detect the presence of nss-policy-check * Don't use hardcoded python3 path * Make xsltproc settable as XSLTPROC * python/cryptopolicies/validation/scope.py: fix new ruff rule RUF021 * Update the info in the README.SUSE file * Remove the FEDORA policies and directories crypto-policies-20250714.cd6043a-160000.1.1.noarch.rpm crypto-policies-scripts-20250714.cd6043a-160000.1.1.noarch.rpm openSUSE-Leap-16.0-545 Security update for cockpit critical SUSE SLFO 1.2 This update for cockpit fixes the following issues: Changes in cockpit: - CVE-2026-4631: Avoid ssh command injection that could be used to cause remote code execution (bsc#1261829) cockpit-354-160000.3.1.aarch64.rpm cockpit-bridge-354-160000.3.1.noarch.rpm cockpit-devel-354-160000.3.1.aarch64.rpm cockpit-doc-354-160000.3.1.noarch.rpm cockpit-firewalld-354-160000.3.1.noarch.rpm cockpit-kdump-354-160000.3.1.noarch.rpm cockpit-networkmanager-354-160000.3.1.noarch.rpm cockpit-packagekit-354-160000.3.1.noarch.rpm cockpit-selinux-354-160000.3.1.noarch.rpm cockpit-storaged-354-160000.3.1.noarch.rpm cockpit-system-354-160000.3.1.noarch.rpm cockpit-ws-354-160000.3.1.aarch64.rpm cockpit-ws-selinux-354-160000.3.1.aarch64.rpm cockpit-354-160000.3.1.ppc64le.rpm cockpit-devel-354-160000.3.1.ppc64le.rpm cockpit-ws-354-160000.3.1.ppc64le.rpm cockpit-ws-selinux-354-160000.3.1.ppc64le.rpm cockpit-354-160000.3.1.s390x.rpm cockpit-devel-354-160000.3.1.s390x.rpm cockpit-ws-354-160000.3.1.s390x.rpm cockpit-ws-selinux-354-160000.3.1.s390x.rpm cockpit-354-160000.3.1.x86_64.rpm cockpit-devel-354-160000.3.1.x86_64.rpm cockpit-ws-354-160000.3.1.x86_64.rpm cockpit-ws-selinux-354-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-546 Recommended update for libnvidia-egl-wayland, libnvidia-egl-x11 moderate SUSE SLFO 1.2 This update for libnvidia-egl-wayland, libnvidia-egl-x11 fixes the following issues: Changes in libnvidia-egl-wayland: - update to version 1.1.22: * egl-wayland: remove extraneous call to wl_display_rou - update to version 1.1.21: * fix loading libdrm when wl_drm is not available * add FP16 DRM format - requires some fixes to the core driver to fully work however - fixed build against sle15-sp6/Leap 15.6 - update to version 1.1.20 (needed by 580.76.05 driver, bsc#1247907): * Add support for tegradisp-drm Changes in libnvidia-egl-x11: - bump version number to 1.0.5: * fix building on FreeBSD * rename a patch - update to v1.0.4 tarball/version 1.0.5: * fix attribute handling for eglCreateWindowPixmapSur * handle eglQuerySurface EGL_RENDER_BUFFER * enable implicit sync if we re-talking to the NVIDIA - updated to v1.0.2 tarball/version 1.0.3 (needed by 580.76.05 driver, bsc#1247907): * increment the version number to 1.0.3 * egl-x11: add support for tegradisp drm libnvidia-egl-wayland-devel-1.1.22-160000.1.1.aarch64.rpm libnvidia-egl-wayland1-1.1.22-160000.1.1.aarch64.rpm libnvidia-egl-x11-devel-1.0.5-160000.1.1.aarch64.rpm libnvidia-egl-x111-1.0.5-160000.1.1.aarch64.rpm libnvidia-egl-wayland-devel-1.1.22-160000.1.1.ppc64le.rpm libnvidia-egl-wayland1-1.1.22-160000.1.1.ppc64le.rpm libnvidia-egl-x11-devel-1.0.5-160000.1.1.ppc64le.rpm libnvidia-egl-x111-1.0.5-160000.1.1.ppc64le.rpm libnvidia-egl-wayland-devel-1.1.22-160000.1.1.s390x.rpm libnvidia-egl-wayland1-1.1.22-160000.1.1.s390x.rpm libnvidia-egl-x11-devel-1.0.5-160000.1.1.s390x.rpm libnvidia-egl-x111-1.0.5-160000.1.1.s390x.rpm libnvidia-egl-wayland-devel-1.1.22-160000.1.1.x86_64.rpm libnvidia-egl-wayland1-1.1.22-160000.1.1.x86_64.rpm libnvidia-egl-x11-devel-1.0.5-160000.1.1.x86_64.rpm libnvidia-egl-x111-1.0.5-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-547 Security update for openssl-3 important SUSE SLFO 1.2 This update for openssl-3 fixes the following issues: Security issues fixed: - CVE-2026-2673: TLS 1.3 servers may choose unexpected key agreement group (bsc#1259652). - CVE-2026-28387: potential use-after-free in DANE client code (bsc#1260441). - CVE-2026-28388: NULL pointer dereference when processing a delta (bsc#1260442). - CVE-2026-28389: possible NULL pointer dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). - CVE-2026-31789: heap buffer overflow in hexadecimal conversion (bsc#1260444). - CVE-2026-31790: incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). Other updates and bugfixes: - Enable MD2 in legacy provider (jsc#PED-15724). libopenssl-3-devel-3.5.0-160000.7.1.aarch64.rpm libopenssl-3-fips-provider-3.5.0-160000.7.1.aarch64.rpm libopenssl3-3.5.0-160000.7.1.aarch64.rpm openssl-3-3.5.0-160000.7.1.aarch64.rpm openssl-3-doc-3.5.0-160000.7.1.noarch.rpm libopenssl-3-devel-3.5.0-160000.7.1.ppc64le.rpm libopenssl-3-fips-provider-3.5.0-160000.7.1.ppc64le.rpm libopenssl3-3.5.0-160000.7.1.ppc64le.rpm openssl-3-3.5.0-160000.7.1.ppc64le.rpm libopenssl-3-devel-3.5.0-160000.7.1.s390x.rpm libopenssl-3-fips-provider-3.5.0-160000.7.1.s390x.rpm libopenssl3-3.5.0-160000.7.1.s390x.rpm openssl-3-3.5.0-160000.7.1.s390x.rpm libopenssl-3-devel-3.5.0-160000.7.1.x86_64.rpm libopenssl-3-fips-provider-3.5.0-160000.7.1.x86_64.rpm libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.7.1.x86_64.rpm libopenssl3-3.5.0-160000.7.1.x86_64.rpm libopenssl3-x86-64-v3-3.5.0-160000.7.1.x86_64.rpm openssl-3-3.5.0-160000.7.1.x86_64.rpm openSUSE-Leap-16.0-548 Recommended update for post-build-checks-malwarescan moderate SUSE SLFO 1.2 This update for post-build-checks-malwarescan fixes the following issues: Changes in post-build-checks-malwarescan: - only trigger on infected files (return code 1), not on errors (return code 2) (bsc#1257665) post-build-checks-malwarescan-0.1-160000.3.1.noarch.rpm openSUSE-Leap-16.0-549 Recommended update for suse-migration-services important SUSE SLFO 1.2 This update for suse-migration-services fixes the following issues: - Bump version to 2.1.33: * Fix btrfs snapshot services Do not perform snapshot operations if the root filesystem is not btrfs based. * Fix lsm precheck Yet another test that doesn't restrict the scope of its runtime environment. * Fixed scope check for cpu_arch and check_ha * Update documentation - Bump version to2.1.32: * Fixed dataProvider setup in regionserverclnt.cfg In case of Azure the dataProvider information gets a device parameter added. This parameter must be added only once or not at all if it is already present. * Fixup import of certificates Only import if the file exists and is not a directory. We still assume that the file content of the pki trust directories matches certificates and not random non certificate files. * Fix consistency of regionserverclnt.cfg (bsc#1258710) - Bump version to 2.1.31: * Doc update Weave in more updates about the SLE 15 to 16 migration. While we have updated the code to support the migration to 16, the doc has been lacking appropriate references. * Fix setup of migration target for pre-check (bsc#1258174) * Make sure to fallback to scc.suse.com Systems that are not providing /etc/SUSEConnect should fallback to the default registration server which is https://scc.suse.com * Update test data * Switch reboot default * Be more explicit about kexec example Make it more explicit that Xen is only one example where kexec does not work. * Update documentation * Add wicked2nm-continue-migration to user doc * Move default container to official devel project * Fixed disk device name passed to azuremetadata * Fix SLES SAP migration 12 - 15 in public clouds * Fix python compatibility on latest zypper change * Manage documentation version Make sure documentation version and code version are consistently managed. suse-migration-scripts-2.1.33-160000.1.1.noarch.rpm openSUSE-Leap-16.0-55 Recommended update for osinfo-db moderate SUSE SLFO 1.2 This update for osinfo-db fixes the following issues: - Fix: virt-manager does not detect Leap 16.0 offline ISO (bsc#1252429) - Fix: the definition of Leap 16.0 to match the current names of the Leap 16.0 ISOs and the Volume IDs contained within those ISOs (bsc#1236401) osinfo-db-20250606-160000.3.1.noarch.rpm openSUSE-Leap-16.0-551 Security update for Botan critical SUSE SLFO 1.2 This update for Botan fixes the following issues: - CVE-2026-34582: Fixed a client authentication bypass in TLS 1.3 implementation (bsc#1261880) Botan-3.7.1-160000.3.1.aarch64.rpm Botan-doc-3.7.1-160000.3.1.noarch.rpm libbotan-3-7-3.7.1-160000.3.1.aarch64.rpm libbotan-devel-3.7.1-160000.3.1.aarch64.rpm python3-botan-3.7.1-160000.3.1.aarch64.rpm Botan-3.7.1-160000.3.1.ppc64le.rpm libbotan-3-7-3.7.1-160000.3.1.ppc64le.rpm libbotan-devel-3.7.1-160000.3.1.ppc64le.rpm python3-botan-3.7.1-160000.3.1.ppc64le.rpm Botan-3.7.1-160000.3.1.s390x.rpm libbotan-3-7-3.7.1-160000.3.1.s390x.rpm libbotan-devel-3.7.1-160000.3.1.s390x.rpm python3-botan-3.7.1-160000.3.1.s390x.rpm Botan-3.7.1-160000.3.1.x86_64.rpm libbotan-3-7-3.7.1-160000.3.1.x86_64.rpm libbotan-devel-3.7.1-160000.3.1.x86_64.rpm python3-botan-3.7.1-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-552 Recommended update for linuxptp moderate SUSE SLFO 1.2 This update for linuxptp fixes the following issues: - Move to DevicePolicy=closed instead of -PrivateDevices=true to allow access to devices (bsc#1256059) linuxptp-4.4-160000.3.1.aarch64.rpm linuxptp-4.4-160000.3.1.ppc64le.rpm linuxptp-4.4-160000.3.1.s390x.rpm linuxptp-4.4-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-553 Recommended update for elfutils moderate SUSE SLFO 1.2 This update for elfutils fixes the following issues: - Move debuginfod homedir creation to tmpfiles.d debuginfod-dummy-client-0.192-160000.3.1.aarch64.rpm elfutils-0.192-160000.3.1.aarch64.rpm elfutils-lang-0.192-160000.3.1.noarch.rpm libasm-devel-0.192-160000.3.1.aarch64.rpm libasm1-0.192-160000.3.1.aarch64.rpm libdebuginfod-dummy-devel-0.192-160000.3.1.aarch64.rpm libdebuginfod1-dummy-0.192-160000.3.1.aarch64.rpm libdw-devel-0.192-160000.3.1.aarch64.rpm libdw1-0.192-160000.3.1.aarch64.rpm libelf-devel-0.192-160000.3.1.aarch64.rpm libelf1-0.192-160000.3.1.aarch64.rpm debuginfod-client-0.192-160000.3.1.aarch64.rpm debuginfod-profile-0.192-160000.3.1.aarch64.rpm elfutils-debuginfod-0.192-160000.3.1.aarch64.rpm libdebuginfod-devel-0.192-160000.3.1.aarch64.rpm libdebuginfod1-0.192-160000.3.1.aarch64.rpm debuginfod-dummy-client-0.192-160000.3.1.ppc64le.rpm elfutils-0.192-160000.3.1.ppc64le.rpm libasm-devel-0.192-160000.3.1.ppc64le.rpm libasm1-0.192-160000.3.1.ppc64le.rpm libdebuginfod-dummy-devel-0.192-160000.3.1.ppc64le.rpm libdebuginfod1-dummy-0.192-160000.3.1.ppc64le.rpm libdw-devel-0.192-160000.3.1.ppc64le.rpm libdw1-0.192-160000.3.1.ppc64le.rpm libelf-devel-0.192-160000.3.1.ppc64le.rpm libelf1-0.192-160000.3.1.ppc64le.rpm debuginfod-client-0.192-160000.3.1.ppc64le.rpm debuginfod-profile-0.192-160000.3.1.ppc64le.rpm elfutils-debuginfod-0.192-160000.3.1.ppc64le.rpm libdebuginfod-devel-0.192-160000.3.1.ppc64le.rpm libdebuginfod1-0.192-160000.3.1.ppc64le.rpm debuginfod-dummy-client-0.192-160000.3.1.s390x.rpm elfutils-0.192-160000.3.1.s390x.rpm libasm-devel-0.192-160000.3.1.s390x.rpm libasm1-0.192-160000.3.1.s390x.rpm libdebuginfod-dummy-devel-0.192-160000.3.1.s390x.rpm libdebuginfod1-dummy-0.192-160000.3.1.s390x.rpm libdw-devel-0.192-160000.3.1.s390x.rpm libdw1-0.192-160000.3.1.s390x.rpm libelf-devel-0.192-160000.3.1.s390x.rpm libelf1-0.192-160000.3.1.s390x.rpm debuginfod-client-0.192-160000.3.1.s390x.rpm debuginfod-profile-0.192-160000.3.1.s390x.rpm elfutils-debuginfod-0.192-160000.3.1.s390x.rpm libdebuginfod-devel-0.192-160000.3.1.s390x.rpm libdebuginfod1-0.192-160000.3.1.s390x.rpm debuginfod-dummy-client-0.192-160000.3.1.x86_64.rpm elfutils-0.192-160000.3.1.x86_64.rpm libasm-devel-0.192-160000.3.1.x86_64.rpm libasm1-0.192-160000.3.1.x86_64.rpm libdebuginfod-dummy-devel-0.192-160000.3.1.x86_64.rpm libdebuginfod1-dummy-0.192-160000.3.1.x86_64.rpm libdw-devel-0.192-160000.3.1.x86_64.rpm libdw1-0.192-160000.3.1.x86_64.rpm libelf-devel-0.192-160000.3.1.x86_64.rpm libelf1-0.192-160000.3.1.x86_64.rpm debuginfod-client-0.192-160000.3.1.x86_64.rpm debuginfod-profile-0.192-160000.3.1.x86_64.rpm elfutils-debuginfod-0.192-160000.3.1.x86_64.rpm libdebuginfod-devel-0.192-160000.3.1.x86_64.rpm libdebuginfod1-0.192-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-554 Recommended update for gpg2 moderate SUSE SLFO 1.2 This update for gpg2 fixes the following issues: Changes in gpg2: - Fix Y2K38 FTBFS: * gpg2 quick-key-manipulation test FTBFS-2038 (bsc#1251214) * Upstream issue: dev.gnupg.org/T8096 dirmngr-2.5.5-160000.5.1.aarch64.rpm gpg2-2.5.5-160000.5.1.aarch64.rpm gpg2-lang-2.5.5-160000.5.1.noarch.rpm gpg2-tpm-2.5.5-160000.5.1.aarch64.rpm dirmngr-2.5.5-160000.5.1.ppc64le.rpm gpg2-2.5.5-160000.5.1.ppc64le.rpm gpg2-tpm-2.5.5-160000.5.1.ppc64le.rpm dirmngr-2.5.5-160000.5.1.s390x.rpm gpg2-2.5.5-160000.5.1.s390x.rpm gpg2-tpm-2.5.5-160000.5.1.s390x.rpm dirmngr-2.5.5-160000.5.1.x86_64.rpm gpg2-2.5.5-160000.5.1.x86_64.rpm gpg2-tpm-2.5.5-160000.5.1.x86_64.rpm openSUSE-Leap-16.0-555 Security update for cockpit-subscriptions important SUSE SLFO 1.2 This update for cockpit-subscriptions fixes the following issue: - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258637). cockpit-subscriptions-12.1-160000.3.1.noarch.rpm openSUSE-Leap-16.0-556 Security update for pam moderate SUSE SLFO 1.2 This update for pam fixes the following issue: - CVE-2024-10041: libpam: vulnerable to read hashed password (bsc#1232234). pam-1.7.1-160000.3.1.aarch64.rpm pam-devel-1.7.1-160000.3.1.aarch64.rpm pam-doc-1.7.1-160000.3.1.noarch.rpm pam-extra-1.7.1-160000.3.1.aarch64.rpm pam-manpages-1.7.1-160000.3.1.noarch.rpm pam-userdb-1.7.1-160000.3.1.aarch64.rpm pam-1.7.1-160000.3.1.ppc64le.rpm pam-devel-1.7.1-160000.3.1.ppc64le.rpm pam-extra-1.7.1-160000.3.1.ppc64le.rpm pam-userdb-1.7.1-160000.3.1.ppc64le.rpm pam-1.7.1-160000.3.1.s390x.rpm pam-devel-1.7.1-160000.3.1.s390x.rpm pam-extra-1.7.1-160000.3.1.s390x.rpm pam-userdb-1.7.1-160000.3.1.s390x.rpm pam-1.7.1-160000.3.1.x86_64.rpm pam-devel-1.7.1-160000.3.1.x86_64.rpm pam-extra-1.7.1-160000.3.1.x86_64.rpm pam-userdb-1.7.1-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-557 Recommended update for eglexternalplatform moderate SUSE SLFO 1.2 This update for eglexternalplatform fixes the following issues: Changes in eglexternalplatform: - update to release 1.2.1 * Override the installation directory of the pkg-config file to put it in the correct arch-independent directory. eglexternalplatform-devel-1.2.1-160000.1.1.noarch.rpm openSUSE-Leap-16.0-558 Security update for plexus-utils important SUSE SLFO 1.2 This update for plexus-utils fixes the following issue: - CVE-2025-67030: directory traversal via the `extractFile` method of `org.codehaus.plexus.util.Expand` (bsc#1260588). plexus-utils-4.0.2-160000.3.1.noarch.rpm plexus-utils-javadoc-4.0.2-160000.3.1.noarch.rpm openSUSE-Leap-16.0-559 Security update for GraphicsMagick moderate SUSE SLFO 1.2 This update for GraphicsMagick fixes the following issues: - CVE-2026-26284: Heap overflow in pcd decoder leads to out of bounds read. (bsc#1258765) GraphicsMagick-1.3.45-160000.4.1.aarch64.rpm GraphicsMagick-devel-1.3.45-160000.4.1.aarch64.rpm libGraphicsMagick++-Q16-12-1.3.45-160000.4.1.aarch64.rpm libGraphicsMagick++-devel-1.3.45-160000.4.1.aarch64.rpm libGraphicsMagick-Q16-3-1.3.45-160000.4.1.aarch64.rpm libGraphicsMagick3-config-1.3.45-160000.4.1.aarch64.rpm libGraphicsMagickWand-Q16-2-1.3.45-160000.4.1.aarch64.rpm perl-GraphicsMagick-1.3.45-160000.4.1.aarch64.rpm GraphicsMagick-1.3.45-160000.4.1.ppc64le.rpm GraphicsMagick-devel-1.3.45-160000.4.1.ppc64le.rpm libGraphicsMagick++-Q16-12-1.3.45-160000.4.1.ppc64le.rpm libGraphicsMagick++-devel-1.3.45-160000.4.1.ppc64le.rpm libGraphicsMagick-Q16-3-1.3.45-160000.4.1.ppc64le.rpm libGraphicsMagick3-config-1.3.45-160000.4.1.ppc64le.rpm libGraphicsMagickWand-Q16-2-1.3.45-160000.4.1.ppc64le.rpm perl-GraphicsMagick-1.3.45-160000.4.1.ppc64le.rpm GraphicsMagick-1.3.45-160000.4.1.s390x.rpm GraphicsMagick-devel-1.3.45-160000.4.1.s390x.rpm libGraphicsMagick++-Q16-12-1.3.45-160000.4.1.s390x.rpm libGraphicsMagick++-devel-1.3.45-160000.4.1.s390x.rpm libGraphicsMagick-Q16-3-1.3.45-160000.4.1.s390x.rpm libGraphicsMagick3-config-1.3.45-160000.4.1.s390x.rpm libGraphicsMagickWand-Q16-2-1.3.45-160000.4.1.s390x.rpm perl-GraphicsMagick-1.3.45-160000.4.1.s390x.rpm GraphicsMagick-1.3.45-160000.4.1.x86_64.rpm GraphicsMagick-devel-1.3.45-160000.4.1.x86_64.rpm libGraphicsMagick++-Q16-12-1.3.45-160000.4.1.x86_64.rpm libGraphicsMagick++-devel-1.3.45-160000.4.1.x86_64.rpm libGraphicsMagick-Q16-3-1.3.45-160000.4.1.x86_64.rpm libGraphicsMagick3-config-1.3.45-160000.4.1.x86_64.rpm libGraphicsMagickWand-Q16-2-1.3.45-160000.4.1.x86_64.rpm perl-GraphicsMagick-1.3.45-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-56 Security update for mysql-connector-java important SUSE SLFO 1.2 This update for mysql-connector-java fixes the following issues: - Upgrade to Version 9.3.0 - CVE-2025-30706: Fixed Connector/J vulnerability (bsc#1241693) - Updatable ResultSet fails with 'Parameter index out of range'. - Fixed Resultset UPDATE methods not checking validity of ResultSet. - DatabaseMetaData clean up. - Fixed implement missing methods in DatabaseMetaDataUsingInfoSchema. - Fixed procedure execution failing when the parameter name contains escape character. - Fixed allow only Krb5LoginModule in Kerberos authentication. - Fixed EXECUTE on CallableStatement resulting in ArrayIndexOutOfBoundsException. - Mysql connector use an uneffective way to match numericValue. - Fixed parameter index validation not proper in CallableStatement mysql-connector-java-9.3.0-160000.1.1.noarch.rpm openSUSE-Leap-16.0-560 Security update for go1.26-openssl important SUSE SLFO 1.2 This update for go1.26-openssl fixes the following issues: Update to go 1.26.1 (bsc#1255111, jsc#SLE-18320): - CVE-2026-25679: net/url: reject IPv6 literal not at start of host (bsc#1259264). - CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints (bsc#1259266). - CVE-2026-27138: crypto/x509: panic in name constraint checking for malformed certificates (bsc#1259267). - CVE-2026-27139: os: FileInfo can escape from a Root (bsc#1259268). - CVE-2026-27142: html/template: URLs in meta content attribute actions are not escaped (bsc#1259265). Changelog: * Fix fips140only test in boring mode * Fix fips140 only test * Add GODEBUG=fips140=auto mode (#341) * go#77252 cmd/compile: miscompile of global array initialization * go#77407 os: Go 1.25.x regression on RemoveAll for windows * go#77474 cmd/go: CGO compilation fails after upgrading from Go 1.25.5 to 1.25.6 due to --define-variable flag in pkg-config * go#77529 cmd/fix, x/tools/go/analysis/passes/modernize: stringscut: OOB panic in indexArgValid analyzing "buf.Bytes()" call * go#77532 net/smtp: expiry date of localhostCert for testing is too short * go#77536 cmd/compile: internal compiler error: 'main.func1': not lowered: v15, Load STRUCT PTR SSA * go#77618 strings: HasSuffix doesn't work correctly for multibyte runes in go 1.26 * go#77623 cmd/compile: internal compiler error on : "tried to free an already free register" with generic function and type >= 192 bytes * go#77624 cmd/fix, x/tools/go/analysis/passes/modernize: stringsbuilder breaks code when combining two strings.Builders * go#77680 cmd/link: TestFlagW/-w_-linkmode=external fails on illumos * go#77766 cmd/fix,x/tools/go/analysis/passes/modernize: rangeint uses target platform's type in the range expression, breaking other platforms * go#77780 reflect: breaking change for reflect.Value.Interface behaviour * go#77786 cmd/compile: rewriteFixedLoad does not properly sign extend AuxInt * go#77803 cmd/fix,x/tools/go/analysis/passes/modernize: reflect.TypeOf(nil) transformed into reflect.TypeFor[untyped nil]() * go#77804 cmd/fix,x/tools/go/analysis/passes/modernize: minmax breaks select statements * go#77805 cmd/fix, x/tools/go/analysis/passes/modernize: waitgroup leads to a compilation error * go#77807 cmd/fix,x/tools/go/analysis/passes/modernize: stringsbuilder ignores variables if they are used multiple times * go#77849 cmd/fix,x/tools/go/analysis/passes/modernize: stringscut rewrite changes behavior * go#77860 cmd/go: change go mod init default go directive back to 1.N * go#77899 cmd/fix, x/tools/go/analysis/passes/modernize: bad rangeint rewriting * go#77904 x/tools/go/analysis/passes/modernize: stringsbuilder breaks code when GenDecl is a block declaration - go1.26.0 (released 2026-02-10) is a major release of Go. go1.26.x minor releases will be provided through February 2027. https://github.com/golang/go/wiki/Go-Release-Cycle go1.26 arrives six months after Go 1.25. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. * Language change: The built-in new function, which creates a new variable, now allows its operand to be an expression, specifying the initial value of the variable. * Language change: The restriction that a generic type may not refer to itself in its type parameter list has been lifted. It is now possible to specify type constraints that refer to the generic type being constrained. * go command: The venerable go fix command has been completely revamped and is now the home of Go's modernizers. It provides a dependable, push-button way to update Go code bases to the latest idioms and core library APIs. The initial suite of modernizers includes dozens of fixers to make use of modern features of the Go language and library, as well a source-level inliner that allows users to automate their own API migrations using //go:fix inline directives. These fixers should not change the behavior of your program, so if you encounter any issues with a fix performed by go fix, please report it. * go command: The rewritten go fix command builds atop the exact same Go analysis framework as go vet. This means the same analyzers that provide diagnostics in go vet can be used to suggest and apply fixes in go fix. The go fix command's historical fixers, all of which were obsolete, have been removed. * go command: Two upcoming Go blog posts will go into more detail on modernizers, the inliner, and how to get the most out of go fix. * go command: go mod init now defaults to a lower go version in new go.mod files. Running go mod init using a toolchain of version 1.N.X will create a go.mod file specifying the Go version go 1.(N-1).0. Pre-release versions of 1.N will create go.mod files specifying go 1.(N-2).0. For example, the Go 1.26 release candidates will create go.mod files with go 1.24.0, and Go 1.26 and its minor releases will create go.mod files with go 1.25.0. This is intended to encourage the creation of modules that are compatible with currently supported versions of Go. For additional control over the go version in new modules, go mod init can be followed up with go get go@version. * go command: cmd/doc, and go tool doc have been deleted. go doc can be used as a replacement for go tool doc: it takes the same flags and arguments and has the same behavior. * pprof: The pprof tool web UI, enabled with the -http flag, now defaults to the flame graph view. The previous graph view is available in the "View -> Graph" menu, or via /ui/graph. * Runtime: The new Green Tea garbage collector, previously available as an experiment in Go 1.25, is now enabled by default after incorporating feedback. This garbage collector's design improves the performance of marking and scanning small objects through better locality and CPU scalability. Benchmark results vary, but we expect somewhere between a 10--40% reduction in garbage collection overhead in real-world programs that heavily use the garbage collector. Further improvements, on the order of 10% in garbage collection overhead, are expected when running on newer amd64-based CPU platforms (Intel Ice Lake or AMD Zen 4 and newer), as the garbage collector now leverages vector instructions for scanning small objects when possible. The new garbage collector may be disabled by setting GOEXPERIMENT=nogreenteagc at build time. This opt-out setting is expected to be removed in Go 1.27. If you disable the new garbage collector for any reason related to its performance or behavior, please file an issue. * Runtime: cgo: The baseline runtime overhead of cgo calls has been reduced by ~30%. * Runtime: Heap base address randomization: On 64-bit platforms, the runtime now randomizes the heap base address at startup. This is a security enhancement that makes it harder for attackers to predict memory addresses and exploit vulnerabilities when using cgo. This feature may be disabled by setting GOEXPERIMENT=norandomizedheapbase64 at build time. This opt-out setting is expected to be removed in a future Go release. * Runtime: Experimental goroutine leak profile: A new profile type that reports leaked goroutines is now available as an experiment. The new profile type, named goroutineleak in the runtime/pprof package, may be enabled by setting GOEXPERIMENT=goroutineleakprofile at build time. Enabling the experiment also makes the profile available as a net/http/pprof endpoint, /debug/pprof/goroutineleak. A leaked goroutine is a goroutine blocked on some concurrency primitive (channels, sync.Mutex, sync.Cond, etc) that cannot possibly become unblocked. The runtime detects leaked goroutines using the garbage collector: if a goroutine G is blocked on concurrency primitive P, and P is unreachable from any runnable goroutine or any goroutine that those could unblock, then P cannot be unblocked, so goroutine G can never wake up. While it is impossible to detect permanently blocked goroutines in all cases, this approach detects a large class of such leaks. Because this technique builds on reachability, the runtime may fail to identify leaks caused by blocking on concurrency primitives reachable through global variables or the local variables of runnable goroutines. Special thanks to Vlad Saioc at Uber for contributing this work. The underlying theory is presented in detail in a publication by Saioc et al. The implementation is production-ready, and is only considered an experiment for the purposes of collecting feedback on the API, specifically the choice to make it a new profile. The feature is also designed to not incur any additional run-time overhead unless it is actively in-use. We encourage users to try out the new feature in the Go playground, in tests, in continuous integration, and in production. We welcome additional feedback on the proposal issue. We aim to enable goroutine leak profiles by default in Go 1.27. * Compiler: The compiler can now allocate the backing store for slices on the stack in more situations, which improves performance. If this change is causing trouble, the bisect tool can be used to find the allocation causing trouble using the -compile=variablemake flag. All such new stack allocations can also be turned off using -gcflags=all=-d=variablemakehash=n. If you encounter issues with this optimization, please file an issue. * Linker: On 64-bit ARM-based Windows (the windows/arm64 port), the linker now supports internal linking mode of cgo programs, which can be requested with the -ldflags=-linkmode=internal flag. * Linker: There are several minor changes to executable files. These changes do not affect running Go programs. They may affect programs that analyze Go executables, and they may affect people who use external linking mode with custom linker scripts. * Linker: The moduledata structure is now in its own section, named .go.module. * Linker: The moduledata cutab field, which is a slice, now has the correct length; previously the length was four times too large. * Linker: The pcHeader found at the start of the .gopclntab section no longer records the start of the text section. That field is now always zero. * Linker: That pcHeader change was made so that the .gopclntab section no longer contains any relocations. On platforms that support relro, the section has moved from the relro segment to the rodata segment. * Linker: The funcdata symbols and the findfunctab have moved from the .rodata section to the .gopclntab section. * Linker: The .gosymtab section has been removed. It was previously always present but empty. * Linker: When using internal linking, ELF sections now appear in the section header list sorted by address. The previous order was somewhat unpredictable. * Linker: The references to section names here use the ELF names as seen on Linux and other systems. The Mach-O names as seen on Darwin start with a double underscore and do not contain any dots. * Bootstrap: As mentioned in the Go 1.24 release notes, Go 1.26 now requires Go 1.24.6 or later for bootstrap. We expect that Go 1.28 will require a minor release of Go 1.26 or later for bootstrap. * Standard Library: New crypto/hpke package: The new crypto/hpke package implements Hybrid Public Key Encryption (HPKE) as specified in RFC 9180, including support for post-quantum hybrid KEMs. * Standard Library: New experimental simd/archsimd package: Go 1.26 introduces a new experimental simd/archsimd package, which can be enabled by setting the environment variable GOEXPERIMENT=simd at build time. This package provides access to architecture-specific SIMD operations. It is currently available on the amd64 architecture and supports 128-bit, 256-bit, and 512-bit vector types, such as Int8x16 and Float64x8, with operations such as Int8x16.Add. The API is not yet considered stable. We intend to provide support for other architectures in future versions, but the API intentionally architecture-specific and thus non-portable. In addition, we plan to develop a high-level portable SIMD package in the future. * Standard Library: New experimental runtime/secret package: The new runtime/secret package is available as an experiment, which GOEXPERIMENT=runtimesecret at build time. It provides a facility for securely erasing temporaries used in code that manipulates secret information--typically cryptographic in nature--such as registers, stack, new heap allocations. This package is intended to make it easier to ensure forward secrecy. It currently supports the amd64 and arm64 architectures on Linux. * bytes: The new Buffer.Peek method returns the next n bytes from the buffer without advancing it. * crypto: The new Encapsulator and Decapsulator interfaces allow accepting abstract KEM encapsulation or decapsulation keys. * crypto/dsa: The random parameter to GenerateKey is now ignored. Instead, it now always uses a secure source of cryptographically random bytes. For deterministic testing, use the new testing/cryptotest.SetGlobalRandom function. The new GODEBUG setting cryptocustomrand=1 temporarily restores the old behavior. * crypto/ecdh: The random parameter to Curve.GenerateKey is now behavior. The new KeyExchanger interface, implemented by PrivateKey, makes it possible to accept abstract ECDH private keys, e.g. those implemented in hardware. * crypto/ecdsa: The big.Int fields of PublicKey and PrivateKey are now deprecated. The random parameter to GenerateKey, SignASN1, Sign, and PrivateKey.Sign is now ignored. Instead, they now always use a secure source of cryptographically random bytes. For deterministic testing, use the new testing/cryptotest.SetGlobalRandom function. The new GODEBUG setting cryptocustomrand=1 temporarily restores the old * crypto/ed25519: If the random parameter to GenerateKey is nil, GenerateKey now always uses a secure source of cryptographically random bytes, instead of crypto/rand.Reader (which could have been overridden). The new GODEBUG setting cryptocustomrand=1 temporarily restores the old behavior. * crypto/fips140: The new WithoutEnforcement and Enforced functions now allow running in GODEBUG=fips140=only mode while selectively disabling the strict FIPS 140-3 checks. Version returns the resolved FIPS 140-3 Go Cryptographic Module version when building against a frozen module with GOFIPS140. * crypto/mlkem: The new DecapsulationKey768.Encapsulator and DecapsulationKey1024.Encapsulator methods implement the new crypto.Decapsulator interface. * crypto/mlkem/mlkemtest: The new crypto/mlkem/mlkemtest package exposes the Encapsulate768 and Encapsulate1024 functions which implement derandomized ML-KEM encapsulation, for use with known-answer tests. * crypto/rand: The random parameter to Prime is now * crypto/rsa: The new EncryptOAEPWithOptions function allows specifying different hash functions for OAEP padding and MGF1 mask generation. * crypto/rsa: The random parameter to GenerateKey, GenerateMultiPrimeKey, and EncryptPKCS1v15 is now ignored. Instead, they now always use a secure source of * crypto/rsa: If PrivateKey fields are modified after calling PrivateKey.Precompute, PrivateKey.Validate now fails. * crypto/rsa: PrivateKey.D is now checked for consistency with precomputed values, even if it is not used. * crypto/rsa: Unsafe PKCS #1 v1.5 encryption padding (implemented by EncryptPKCS1v15, DecryptPKCS1v15, and DecryptPKCS1v15SessionKey) is now deprecated. * crypto/subtle: The WithDataIndependentTiming function no longer locks the calling goroutine to the OS thread while executing the passed function. Additionally, any goroutines which are spawned during the execution of the passed function and their descendants now inherit the properties of WithDataIndependentTiming for their lifetime. This change also affects cgo in the following ways: * crypto/subtle: Any C code called via cgo from within the function passed to WithDataIndependentTiming, or from a goroutine spawned by the function passed to WithDataIndependentTiming and its descendants, will also have data independent timing enabled for the duration of the call. If the C code disables data independent timing, it will be re-enabled on return to Go. * crypto/subtle: If C code called via cgo, from the function passed to WithDataIndependentTiming or elsewhere, enables or disables data independent timing then calling into Go will preserve that state for the duration of the call. * crypto/tls: The hybrid SecP256r1MLKEM768 and SecP384r1MLKEM1024 post-quantum key exchanges are now enabled by default. They can be disabled by setting Config.CurvePreferences or with the tlssecpmlkem=0 GODEBUG setting. * crypto/tls: The new ClientHelloInfo.HelloRetryRequest field indicates if the ClientHello was sent in response to a HelloRetryRequest message. The new ConnectionState.HelloRetryRequest field indicates if the server sent a HelloRetryRequest, or if the client received a HelloRetryRequest, depending on connection role. * crypto/tls: The QUICConn type used by QUIC implementations includes a new event for reporting TLS handshake errors. * crypto/tls: If Certificate.PrivateKey implements crypto.MessageSigner, its SignMessage method is used instead of Sign in TLS 1.2 and later. * crypto/tls: The following GODEBUG settings introduced in Go 1.22 and Go 1.23 will be removed in the next major Go release. Starting in Go 1.27, the new behavior will apply regardless of GODEBUG setting or go.mod language version. * crypto/tls: GODEBUG tlsunsafeekm: ConnectionState.ExportKeyingMaterial will require TLS 1.3 or Extended Master Secret. * crypto/tls: GODEBUG tlsrsakex: legacy RSA-only key exchanges without ECDH won't be enabled by default. * crypto/tls: GODEBUG tls10server: the default minimum TLS version for both clients and servers will be TLS 1.2. * crypto/tls: GODEBUG tls3des: the default cipher suites will not include 3DES. * crypto/tls: GODEBUG x509keypairleaf: X509KeyPair and LoadX509KeyPair will always populate the Certificate.Leaf field. * crypto/x509: The ExtKeyUsage and KeyUsage types now have String methods that return the corresponding OID names as defined in RFC 5280 and other registries. * crypto/x509: The ExtKeyUsage type now has an OID method that returns the corresponding OID for the EKU. * crypto/x509: The new OIDFromASN1OID function allows converting an encoding/asn1.ObjectIdentifier into an OID. * debug/elf: Additional R_LARCH_* constants from LoongArch ELF psABI v20250521 (global version v2.40) are defined for use with LoongArch systems. * errors: The new AsType function is a generic version of As. It is type-safe, faster, and, in most cases, easier to use. * fmt: For unformatted strings, fmt.Errorf("x") now allocates less and generally matches the allocations for errors.New("x"). * go/ast: The new ParseDirective function parses directive comments, which are comments such as //go:generate. Source code tools can support their own directive comments and this new API should help them implement the conventional syntax. * go/ast: The new BasicLit.ValueEnd field records the precise end position of a literal so that the BasicLit.End method can now always return the correct answer. (Previously it was computed using a heuristic that was incorrect for multi-line raw string literals in Windows source files, due to removal of carriage returns.) * go/ast: Programs that update the ValuePos field of BasicLits produced by the parser may need to also update or clear the ValueEnd field to avoid minor differences in formatted output. * go/token: The new File.End convenience method returns the file's end position. * go/types: The gotypesalias GODEBUG setting introduced in Go 1.22 will be removed in the next major Go release. Starting in Go 1.27, the go/types package will always produce an Alias type for the representation of type aliases regardless of GODEBUG setting or go.mod language version. * image/jpeg: The JPEG encoder and decoder have been replaced with new, faster, more accurate implementations. Code that expects specific bit-for-bit outputs from the encoder or decoder may need to be updated. * io: ReadAll now allocates less intermediate memory and returns a minimally sized final slice. It is often about two times faster while typically allocating around half as much total memory, with more benefit for larger inputs. * log/slog: The NewMultiHandler function creates a MultiHandler that invokes all the given Handlers. Its Enabled method reports whether any of the handlers' Enabled methods return true. Its Handle, WithAttrs and WithGroup methods call the corresponding method on each of the enabled handlers. * net: The new Dialer methods DialIP, DialTCP, DialUDP, and DialUnix permit dialing specific network types with context values. * net/http: The new HTTP2Config.StrictMaxConcurrentRequests field controls whether a new connection should be opened if an existing HTTP/2 connection has exceeded its stream limit. * net/http: The new Transport.NewClientConn method returns a client connection to an HTTP server. Most users should continue to use Transport.RoundTrip to make requests, which manages a pool of connections. NewClientConn is useful for users who need to implement their own connection management. * net/http: Client now uses and sets cookies scoped to URLs with the host portion matching Request.Host when available. Previously, the connection address host was always used. * net/http/httptest: The HTTP client returned by Server.Client will now redirect requests for example.com and any subdomains to the server being tested. * net/http/httputil: The ReverseProxy.Director configuration field is deprecated in favor of ReverseProxy.Rewrite. * net/http/httputil: A malicious client can remove headers added by a Director function by designating those headers as hop-by-hop. Since there is no way to address this problem within the scope of the Director API, we added a new Rewrite hook in Go 1.20. Rewrite hooks are provided with both the unmodified inbound request received by the proxy and the outbound request which will be sent by the proxy. Since the Director hook is fundamentally unsafe, we are now deprecating it. * net/netip: The new Prefix.Compare method compares two prefixes. * net/url: Parse now rejects malformed URLs containing colons in the host subcomponent, such as http://::1/ or http://localhost:80:80/. URLs containing bracketed IPv6 addresses, such as http://[::1]/ are still accepted. The new GODEBUG setting urlstrictcolons=0 restores the old behavior. * os: The new Process.WithHandle method provides access to an internal process handle on supported platforms (pidfd on Linux 5.4 or later, Handle on Windows). * os: On Windows, the OpenFile flag parameter can now contain any combination of Windows-specific file flags, such as FILE_FLAG_OVERLAPPED and FILE_FLAG_SEQUENTIAL_SCAN, for control of file or device caching behavior, access modes, and other special-purpose flags. * os/signal: NotifyContext now cancels the returned context with context.CancelCauseFunc and an error indicating which signal was received. * reflect: The new methods Type.Fields, Type.Methods, Type.Ins and Type.Outs return iterators for a type's fields (for a struct type), methods, inputs and outputs parameters (for a function type), respectively. Similarly, the new methods Value.Fields and Value.Methods return iterators over a value's fields or methods, respectively. Each iteration yields the type information (StructField or Method) of a field or method, along with the field or method Value. * runtime/metrics: Several new scheduler metrics have been added, including counts of goroutines in various states (waiting, runnable, etc.) under the /sched/goroutines prefix, the number of OS threads the runtime is aware of with /sched/threads:threads, and the total number of goroutines created by the program with /sched/goroutines-created:goroutines. * testing: The new methods T.ArtifactDir, B.ArtifactDir, and F.ArtifactDir return a directory in which to write test output files (artifacts). * testing: When the -artifacts flag is provided to go test, this directory will be located under the output directory (specified with -outputdir, or the current directory by default). Otherwise, artifacts are stored in a temporary directory which is removed after the test completes. * testing: The first call to ArtifactDir when -artifacts is provided writes the location of the directory to the test log. * testing: The B.Loop method no longer prevents inlining in the loop body, which could lead to unanticipated allocation and slower benchmarks. With this fix, we expect that all benchmarks can be converted from the old B.N style to the new B.Loop style with no ill effects. Within the body of a for b.Loop() { ... } loop, function call parameters, results, and assigned variables are still kept alive, preventing the compiler from optimizing away entire parts of the benchmark. * testing/cryptotest: The new SetGlobalRandom function configures a global, deterministic cryptographic randomness source for the duration of the test. It affects crypto/rand, and all implicit sources of cryptographic randomness in the crypto/... packages. * time: The asynctimerchan GODEBUG setting introduced in Go 1.23 will be removed in the next major Go release. Starting in Go 1.27, the time package will always use unbuffered (synchronous) channels for timers regardless of GODEBUG setting or go.mod language version. * Ports: Darwin: Go 1.26 is the last release that will run on macOS 12 Monterey. Go 1.27 will require macOS 13 Ventura or later. * Ports: FreeBSD: The freebsd/riscv64 port (GOOS=freebsd GOARCH=riscv64) has been marked broken. See issue 76475 for details. * Ports: Windows: As announced in the Go 1.25 release notes, the broken 32-bit windows/arm port (GOOS=windows GOARCH=arm) has been removed. * Ports: PowerPC: Go 1.26 is the last release that supports the ELFv1 ABI on the big-endian 64-bit PowerPC port on Linux (GOOS=linux GOARCH=ppc64). It will switch to the ELFv2 ABI in Go 1.27. As the port does not currently support linking against other ELF objects, we expect this change to be transparent to users. * Ports: RISC-V: The linux/riscv64 port now supports the race detector. * Ports: S390X: The s390x port now supports passing function arguments and results using registers. * Ports: WebAssembly: The compiler now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions. These features have been standardized since at least Wasm 2.0. The corresponding GOWASM settings, signext and satconv, are now ignored. * Ports: WebAssembly: For WebAssembly applications, the runtime now manages chunks of heap memory in much smaller increments, leading to significantly reduced memory usage for applications with heaps less than around 16 MiB in size. - go1.26rc3 (released 2026-02-04) is a release candidate version of go1.26 cut from the master branch at the revision tagged go1.26rc3. - go1.26rc2 (released 2026-01-15) is a release candidate version of go1.26rc2. * go1.26 requires go1.24.6 or later for bootstrap. - go1.26rc1 (released 2025-12-16) is a release candidate version of go1.26rc1. go1.26-openssl-1.26.1-160000.1.1.aarch64.rpm go1.26-openssl-doc-1.26.1-160000.1.1.aarch64.rpm go1.26-openssl-race-1.26.1-160000.1.1.aarch64.rpm go1.26-openssl-1.26.1-160000.1.1.ppc64le.rpm go1.26-openssl-doc-1.26.1-160000.1.1.ppc64le.rpm go1.26-openssl-race-1.26.1-160000.1.1.ppc64le.rpm go1.26-openssl-1.26.1-160000.1.1.s390x.rpm go1.26-openssl-doc-1.26.1-160000.1.1.s390x.rpm go1.26-openssl-race-1.26.1-160000.1.1.s390x.rpm go1.26-openssl-1.26.1-160000.1.1.x86_64.rpm go1.26-openssl-doc-1.26.1-160000.1.1.x86_64.rpm go1.26-openssl-race-1.26.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-561 Recommended update for libzypp-testsuite-tools moderate SUSE SLFO 1.2 This update for libzypp-testsuite-tools fixes the following issues: Changes in libzypp-testsuite-tools: - Require CMake 3.5 - version 5.0.7 libzypp-testsuite-tools-5.0.7-160000.1.1.aarch64.rpm libzypp-testsuite-tools-5.0.7-160000.1.1.ppc64le.rpm libzypp-testsuite-tools-5.0.7-160000.1.1.s390x.rpm libzypp-testsuite-tools-5.0.7-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-562 Recommended update for python-gcemetadata, regionServiceClientConfigGCE moderate SUSE SLFO 1.2 This update for python-gcemetadata, regionServiceClientConfigGCE fixes the following issues: Changes in python-gcemetadata: - Update to version 1.1.0 (jsc#PED-8944) * Add licenses option in identity command. - Switch the SLE 15 build setup to also use a macro instead of referencing in SLE 16 and later distributions and Python 3.11 for SLE 15 SP4 and Changes in regionServiceClientConfigGCE: - Update to version 5.2.0: * Drop the if condition for gcemetdata requirement - Update to version 5.1.0: * Add licenses info in the metdata - Accomodate build setup: * SLE 16 python-requests requires SSL v3 certificates. Update 2 python-gcemetadata-1.1.0-160000.1.1.noarch.rpm regionServiceClientConfigGCE-5.2.0-160000.1.1.noarch.rpm openSUSE-Leap-16.0-563 Security update for vim important SUSE SLFO 1.2 This update for vim fixes the following issues: - CVE-2026-33412: command injection via newline in glob() (bsc#1259985). - CVE-2026-34714: crafted file can allow code execution (bsc#1261191). - CVE-2026-34982: Vim modeline bypass via various options (bsc#1261271). gvim-9.2.0280-160000.1.1.aarch64.rpm vim-9.2.0280-160000.1.1.aarch64.rpm vim-data-9.2.0280-160000.1.1.noarch.rpm vim-data-common-9.2.0280-160000.1.1.noarch.rpm vim-small-9.2.0280-160000.1.1.aarch64.rpm xxd-9.2.0280-160000.1.1.aarch64.rpm gvim-9.2.0280-160000.1.1.ppc64le.rpm vim-9.2.0280-160000.1.1.ppc64le.rpm vim-small-9.2.0280-160000.1.1.ppc64le.rpm xxd-9.2.0280-160000.1.1.ppc64le.rpm gvim-9.2.0280-160000.1.1.s390x.rpm vim-9.2.0280-160000.1.1.s390x.rpm vim-small-9.2.0280-160000.1.1.s390x.rpm xxd-9.2.0280-160000.1.1.s390x.rpm gvim-9.2.0280-160000.1.1.x86_64.rpm vim-9.2.0280-160000.1.1.x86_64.rpm vim-small-9.2.0280-160000.1.1.x86_64.rpm xxd-9.2.0280-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-564 Recommended update for php8 moderate SUSE SLFO 1.2 This update for php8 fixes the following issues: - Fix: phar.phar not working (bsc#1256905) * remove incorrect patch php8-8.4.16-160000.2.1.aarch64.rpm php8-bcmath-8.4.16-160000.2.1.aarch64.rpm php8-bz2-8.4.16-160000.2.1.aarch64.rpm php8-calendar-8.4.16-160000.2.1.aarch64.rpm php8-cli-8.4.16-160000.2.1.aarch64.rpm php8-ctype-8.4.16-160000.2.1.aarch64.rpm php8-curl-8.4.16-160000.2.1.aarch64.rpm php8-dba-8.4.16-160000.2.1.aarch64.rpm php8-devel-8.4.16-160000.2.1.aarch64.rpm php8-dom-8.4.16-160000.2.1.aarch64.rpm php8-enchant-8.4.16-160000.2.1.aarch64.rpm php8-exif-8.4.16-160000.2.1.aarch64.rpm php8-ffi-8.4.16-160000.2.1.aarch64.rpm php8-fileinfo-8.4.16-160000.2.1.aarch64.rpm php8-ftp-8.4.16-160000.2.1.aarch64.rpm php8-gd-8.4.16-160000.2.1.aarch64.rpm php8-gettext-8.4.16-160000.2.1.aarch64.rpm php8-gmp-8.4.16-160000.2.1.aarch64.rpm php8-iconv-8.4.16-160000.2.1.aarch64.rpm php8-intl-8.4.16-160000.2.1.aarch64.rpm php8-ldap-8.4.16-160000.2.1.aarch64.rpm php8-mbstring-8.4.16-160000.2.1.aarch64.rpm php8-mysql-8.4.16-160000.2.1.aarch64.rpm php8-odbc-8.4.16-160000.2.1.aarch64.rpm php8-opcache-8.4.16-160000.2.1.aarch64.rpm php8-openssl-8.4.16-160000.2.1.aarch64.rpm php8-pcntl-8.4.16-160000.2.1.aarch64.rpm php8-pdo-8.4.16-160000.2.1.aarch64.rpm php8-pgsql-8.4.16-160000.2.1.aarch64.rpm php8-phar-8.4.16-160000.2.1.aarch64.rpm php8-posix-8.4.16-160000.2.1.aarch64.rpm php8-readline-8.4.16-160000.2.1.aarch64.rpm php8-shmop-8.4.16-160000.2.1.aarch64.rpm php8-snmp-8.4.16-160000.2.1.aarch64.rpm php8-soap-8.4.16-160000.2.1.aarch64.rpm php8-sockets-8.4.16-160000.2.1.aarch64.rpm php8-sodium-8.4.16-160000.2.1.aarch64.rpm php8-sqlite-8.4.16-160000.2.1.aarch64.rpm php8-sysvmsg-8.4.16-160000.2.1.aarch64.rpm php8-sysvsem-8.4.16-160000.2.1.aarch64.rpm php8-sysvshm-8.4.16-160000.2.1.aarch64.rpm php8-tidy-8.4.16-160000.2.1.aarch64.rpm php8-tokenizer-8.4.16-160000.2.1.aarch64.rpm php8-xmlreader-8.4.16-160000.2.1.aarch64.rpm php8-xmlwriter-8.4.16-160000.2.1.aarch64.rpm php8-xsl-8.4.16-160000.2.1.aarch64.rpm php8-zip-8.4.16-160000.2.1.aarch64.rpm php8-zlib-8.4.16-160000.2.1.aarch64.rpm apache2-mod_php8-8.4.16-160000.2.1.aarch64.rpm php8-embed-8.4.16-160000.2.1.aarch64.rpm php8-fastcgi-8.4.16-160000.2.1.aarch64.rpm php8-fpm-8.4.16-160000.2.1.aarch64.rpm php8-fpm-apache-8.4.16-160000.2.1.noarch.rpm php8-test-8.4.16-160000.2.1.aarch64.rpm php8-8.4.16-160000.2.1.ppc64le.rpm php8-bcmath-8.4.16-160000.2.1.ppc64le.rpm php8-bz2-8.4.16-160000.2.1.ppc64le.rpm php8-calendar-8.4.16-160000.2.1.ppc64le.rpm php8-cli-8.4.16-160000.2.1.ppc64le.rpm php8-ctype-8.4.16-160000.2.1.ppc64le.rpm php8-curl-8.4.16-160000.2.1.ppc64le.rpm php8-dba-8.4.16-160000.2.1.ppc64le.rpm php8-devel-8.4.16-160000.2.1.ppc64le.rpm php8-dom-8.4.16-160000.2.1.ppc64le.rpm php8-enchant-8.4.16-160000.2.1.ppc64le.rpm php8-exif-8.4.16-160000.2.1.ppc64le.rpm php8-ffi-8.4.16-160000.2.1.ppc64le.rpm php8-fileinfo-8.4.16-160000.2.1.ppc64le.rpm php8-ftp-8.4.16-160000.2.1.ppc64le.rpm php8-gd-8.4.16-160000.2.1.ppc64le.rpm php8-gettext-8.4.16-160000.2.1.ppc64le.rpm php8-gmp-8.4.16-160000.2.1.ppc64le.rpm php8-iconv-8.4.16-160000.2.1.ppc64le.rpm php8-intl-8.4.16-160000.2.1.ppc64le.rpm php8-ldap-8.4.16-160000.2.1.ppc64le.rpm php8-mbstring-8.4.16-160000.2.1.ppc64le.rpm php8-mysql-8.4.16-160000.2.1.ppc64le.rpm php8-odbc-8.4.16-160000.2.1.ppc64le.rpm php8-opcache-8.4.16-160000.2.1.ppc64le.rpm php8-openssl-8.4.16-160000.2.1.ppc64le.rpm php8-pcntl-8.4.16-160000.2.1.ppc64le.rpm php8-pdo-8.4.16-160000.2.1.ppc64le.rpm php8-pgsql-8.4.16-160000.2.1.ppc64le.rpm php8-phar-8.4.16-160000.2.1.ppc64le.rpm php8-posix-8.4.16-160000.2.1.ppc64le.rpm php8-readline-8.4.16-160000.2.1.ppc64le.rpm php8-shmop-8.4.16-160000.2.1.ppc64le.rpm php8-snmp-8.4.16-160000.2.1.ppc64le.rpm php8-soap-8.4.16-160000.2.1.ppc64le.rpm php8-sockets-8.4.16-160000.2.1.ppc64le.rpm php8-sodium-8.4.16-160000.2.1.ppc64le.rpm php8-sqlite-8.4.16-160000.2.1.ppc64le.rpm php8-sysvmsg-8.4.16-160000.2.1.ppc64le.rpm php8-sysvsem-8.4.16-160000.2.1.ppc64le.rpm php8-sysvshm-8.4.16-160000.2.1.ppc64le.rpm php8-tidy-8.4.16-160000.2.1.ppc64le.rpm php8-tokenizer-8.4.16-160000.2.1.ppc64le.rpm php8-xmlreader-8.4.16-160000.2.1.ppc64le.rpm php8-xmlwriter-8.4.16-160000.2.1.ppc64le.rpm php8-xsl-8.4.16-160000.2.1.ppc64le.rpm php8-zip-8.4.16-160000.2.1.ppc64le.rpm php8-zlib-8.4.16-160000.2.1.ppc64le.rpm apache2-mod_php8-8.4.16-160000.2.1.ppc64le.rpm php8-embed-8.4.16-160000.2.1.ppc64le.rpm php8-fastcgi-8.4.16-160000.2.1.ppc64le.rpm php8-fpm-8.4.16-160000.2.1.ppc64le.rpm php8-test-8.4.16-160000.2.1.ppc64le.rpm php8-8.4.16-160000.2.1.s390x.rpm php8-bcmath-8.4.16-160000.2.1.s390x.rpm php8-bz2-8.4.16-160000.2.1.s390x.rpm php8-calendar-8.4.16-160000.2.1.s390x.rpm php8-cli-8.4.16-160000.2.1.s390x.rpm php8-ctype-8.4.16-160000.2.1.s390x.rpm php8-curl-8.4.16-160000.2.1.s390x.rpm php8-dba-8.4.16-160000.2.1.s390x.rpm php8-devel-8.4.16-160000.2.1.s390x.rpm php8-dom-8.4.16-160000.2.1.s390x.rpm php8-enchant-8.4.16-160000.2.1.s390x.rpm php8-exif-8.4.16-160000.2.1.s390x.rpm php8-ffi-8.4.16-160000.2.1.s390x.rpm php8-fileinfo-8.4.16-160000.2.1.s390x.rpm php8-ftp-8.4.16-160000.2.1.s390x.rpm php8-gd-8.4.16-160000.2.1.s390x.rpm php8-gettext-8.4.16-160000.2.1.s390x.rpm php8-gmp-8.4.16-160000.2.1.s390x.rpm php8-iconv-8.4.16-160000.2.1.s390x.rpm php8-intl-8.4.16-160000.2.1.s390x.rpm php8-ldap-8.4.16-160000.2.1.s390x.rpm php8-mbstring-8.4.16-160000.2.1.s390x.rpm php8-mysql-8.4.16-160000.2.1.s390x.rpm php8-odbc-8.4.16-160000.2.1.s390x.rpm php8-opcache-8.4.16-160000.2.1.s390x.rpm php8-openssl-8.4.16-160000.2.1.s390x.rpm php8-pcntl-8.4.16-160000.2.1.s390x.rpm php8-pdo-8.4.16-160000.2.1.s390x.rpm php8-pgsql-8.4.16-160000.2.1.s390x.rpm php8-phar-8.4.16-160000.2.1.s390x.rpm php8-posix-8.4.16-160000.2.1.s390x.rpm php8-readline-8.4.16-160000.2.1.s390x.rpm php8-shmop-8.4.16-160000.2.1.s390x.rpm php8-snmp-8.4.16-160000.2.1.s390x.rpm php8-soap-8.4.16-160000.2.1.s390x.rpm php8-sockets-8.4.16-160000.2.1.s390x.rpm php8-sodium-8.4.16-160000.2.1.s390x.rpm php8-sqlite-8.4.16-160000.2.1.s390x.rpm php8-sysvmsg-8.4.16-160000.2.1.s390x.rpm php8-sysvsem-8.4.16-160000.2.1.s390x.rpm php8-sysvshm-8.4.16-160000.2.1.s390x.rpm php8-tidy-8.4.16-160000.2.1.s390x.rpm php8-tokenizer-8.4.16-160000.2.1.s390x.rpm php8-xmlreader-8.4.16-160000.2.1.s390x.rpm php8-xmlwriter-8.4.16-160000.2.1.s390x.rpm php8-xsl-8.4.16-160000.2.1.s390x.rpm php8-zip-8.4.16-160000.2.1.s390x.rpm php8-zlib-8.4.16-160000.2.1.s390x.rpm apache2-mod_php8-8.4.16-160000.2.1.s390x.rpm php8-embed-8.4.16-160000.2.1.s390x.rpm php8-fastcgi-8.4.16-160000.2.1.s390x.rpm php8-fpm-8.4.16-160000.2.1.s390x.rpm php8-test-8.4.16-160000.2.1.s390x.rpm php8-8.4.16-160000.2.1.x86_64.rpm php8-bcmath-8.4.16-160000.2.1.x86_64.rpm php8-bz2-8.4.16-160000.2.1.x86_64.rpm php8-calendar-8.4.16-160000.2.1.x86_64.rpm php8-cli-8.4.16-160000.2.1.x86_64.rpm php8-ctype-8.4.16-160000.2.1.x86_64.rpm php8-curl-8.4.16-160000.2.1.x86_64.rpm php8-dba-8.4.16-160000.2.1.x86_64.rpm php8-devel-8.4.16-160000.2.1.x86_64.rpm php8-dom-8.4.16-160000.2.1.x86_64.rpm php8-enchant-8.4.16-160000.2.1.x86_64.rpm php8-exif-8.4.16-160000.2.1.x86_64.rpm php8-ffi-8.4.16-160000.2.1.x86_64.rpm php8-fileinfo-8.4.16-160000.2.1.x86_64.rpm php8-ftp-8.4.16-160000.2.1.x86_64.rpm php8-gd-8.4.16-160000.2.1.x86_64.rpm php8-gettext-8.4.16-160000.2.1.x86_64.rpm php8-gmp-8.4.16-160000.2.1.x86_64.rpm php8-iconv-8.4.16-160000.2.1.x86_64.rpm php8-intl-8.4.16-160000.2.1.x86_64.rpm php8-ldap-8.4.16-160000.2.1.x86_64.rpm php8-mbstring-8.4.16-160000.2.1.x86_64.rpm php8-mysql-8.4.16-160000.2.1.x86_64.rpm php8-odbc-8.4.16-160000.2.1.x86_64.rpm php8-opcache-8.4.16-160000.2.1.x86_64.rpm php8-openssl-8.4.16-160000.2.1.x86_64.rpm php8-pcntl-8.4.16-160000.2.1.x86_64.rpm php8-pdo-8.4.16-160000.2.1.x86_64.rpm php8-pgsql-8.4.16-160000.2.1.x86_64.rpm php8-phar-8.4.16-160000.2.1.x86_64.rpm php8-posix-8.4.16-160000.2.1.x86_64.rpm php8-readline-8.4.16-160000.2.1.x86_64.rpm php8-shmop-8.4.16-160000.2.1.x86_64.rpm php8-snmp-8.4.16-160000.2.1.x86_64.rpm php8-soap-8.4.16-160000.2.1.x86_64.rpm php8-sockets-8.4.16-160000.2.1.x86_64.rpm php8-sodium-8.4.16-160000.2.1.x86_64.rpm php8-sqlite-8.4.16-160000.2.1.x86_64.rpm php8-sysvmsg-8.4.16-160000.2.1.x86_64.rpm php8-sysvsem-8.4.16-160000.2.1.x86_64.rpm php8-sysvshm-8.4.16-160000.2.1.x86_64.rpm php8-tidy-8.4.16-160000.2.1.x86_64.rpm php8-tokenizer-8.4.16-160000.2.1.x86_64.rpm php8-xmlreader-8.4.16-160000.2.1.x86_64.rpm php8-xmlwriter-8.4.16-160000.2.1.x86_64.rpm php8-xsl-8.4.16-160000.2.1.x86_64.rpm php8-zip-8.4.16-160000.2.1.x86_64.rpm php8-zlib-8.4.16-160000.2.1.x86_64.rpm apache2-mod_php8-8.4.16-160000.2.1.x86_64.rpm php8-embed-8.4.16-160000.2.1.x86_64.rpm php8-fastcgi-8.4.16-160000.2.1.x86_64.rpm php8-fpm-8.4.16-160000.2.1.x86_64.rpm php8-test-8.4.16-160000.2.1.x86_64.rpm openSUSE-Leap-16.0-565 Recommended update for mksusecd moderate SUSE SLFO 1.2 This update for mksusecd fixes the following issues: - Update to version 5.0 - boot loader config moved to boot/ARCH/loader directory for Agama-based media (bsc#1245295, jsc#PED-13688) - major rewrite to better support different architectures and products - support riscv64, loongarch64 - added sample layout data for testing - update documentation mksusecd-5.0-160000.1.1.aarch64.rpm mksusecd-5.0-160000.1.1.ppc64le.rpm mksusecd-5.0-160000.1.1.s390x.rpm mksusecd-5.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-566 Recommended update for cloud-netconfig important SUSE SLFO 1.2 This update for cloud-netconfig fixes the following issues: - Update to version 1.20: * Fix %suse_version use in spec file (jsc#PED-15774) - Update to version 1.19: * Make sure IPADDR variable is stripped of netmask - Update to version 1.18: * Fix issue with link-local address routing (bsc#1258730) - Update to version 1.17: * Do not set broadcast address explicitly (bsc#1258406) cloud-netconfig-azure-1.20-160000.1.1.noarch.rpm cloud-netconfig-ec2-1.20-160000.1.1.noarch.rpm cloud-netconfig-gce-1.20-160000.1.1.noarch.rpm openSUSE-Leap-16.0-567 Security update for xorg-x11-server important SUSE SLFO 1.2 This update for xorg-x11-server fixes the following issues: - CVE-2026-33999: XKB Integer Underflow in XkbSetCompatMap() (bsc#1260922). - CVE-2026-34000: XKB Out-of-bounds Read in CheckSetGeom() (bsc#1260923). - CVE-2026-34001: XSYNC Use-after-free in miSyncTriggerFence() (bsc#1260924). - CVE-2026-34002: XKB Out-of-bounds read in CheckModifierMap() (bsc#1260925). - CVE-2026-34003: XKB Buffer overflow in CheckKeyTypes() (bsc#1260926). xorg-x11-server-21.1.15-160000.4.1.aarch64.rpm xorg-x11-server-Xvfb-21.1.15-160000.4.1.aarch64.rpm xorg-x11-server-extra-21.1.15-160000.4.1.aarch64.rpm xorg-x11-server-sdk-21.1.15-160000.4.1.aarch64.rpm xorg-x11-server-source-21.1.15-160000.4.1.aarch64.rpm xorg-x11-server-wrapper-21.1.15-160000.4.1.aarch64.rpm xorg-x11-server-21.1.15-160000.4.1.ppc64le.rpm xorg-x11-server-Xvfb-21.1.15-160000.4.1.ppc64le.rpm xorg-x11-server-extra-21.1.15-160000.4.1.ppc64le.rpm xorg-x11-server-sdk-21.1.15-160000.4.1.ppc64le.rpm xorg-x11-server-source-21.1.15-160000.4.1.ppc64le.rpm xorg-x11-server-wrapper-21.1.15-160000.4.1.ppc64le.rpm xorg-x11-server-21.1.15-160000.4.1.s390x.rpm xorg-x11-server-Xvfb-21.1.15-160000.4.1.s390x.rpm xorg-x11-server-extra-21.1.15-160000.4.1.s390x.rpm xorg-x11-server-sdk-21.1.15-160000.4.1.s390x.rpm xorg-x11-server-source-21.1.15-160000.4.1.s390x.rpm xorg-x11-server-wrapper-21.1.15-160000.4.1.s390x.rpm xorg-x11-server-21.1.15-160000.4.1.x86_64.rpm xorg-x11-server-Xvfb-21.1.15-160000.4.1.x86_64.rpm xorg-x11-server-extra-21.1.15-160000.4.1.x86_64.rpm xorg-x11-server-sdk-21.1.15-160000.4.1.x86_64.rpm xorg-x11-server-source-21.1.15-160000.4.1.x86_64.rpm xorg-x11-server-wrapper-21.1.15-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-568 Recommended update for x3270 moderate SUSE SLFO 1.2 This update for x3270 fixes the following issues: - Upgrade x3270 to version 4.5ga5: * 4.5ga5: + wc3270 now turns off Quick Edit mode at run-time, so it is no longer necessary to turn it off in the Console Properties. + The wc3270 OIA is the now same color (host color Blue) as the other emulators. + wc3270 now runs in a very limited way in a Windows Terminal window. + Mouse double-clicks in wc3270 are no longer confused by DBCS characters. * 4.5beta4: + PF keys 1 through 4 now work properly when running a curses-based application as a local process. * 4.5alpha3: + The X Inhibit state, which was never part of the behavior of a real 3270, has been removed. + The KeyboardLockDetail and ReplyMode queries have been added. + PrintText(html) has been enhanced to render APL underlined alphabetics accurately. + All APL characters are always returned to the host with a Graphic Escape (GE), regardless of the reply mode. + In a Read Modified reply sent to the host in character reply mode, extended field character set attributes are reported with a Set Attribute order. + Support for Ukrainian code pages (1123 and 1158) has been added. + c3270 support for 256-color terminals has been added. + c3270 fixed screen elements (menus, OIA) no longer use separate curses colors. + The c3270 CursesColorForProtectedIntensified, CursesColorForProtected, CursesColorForIntensified and CursesColorForDefault resources have been deprecated. + The program name is no longer duplicated in trace file headers. + APL characters are now displayed correctly by the emulators and returned correctly by Ascii1(), Ascii(), PrintText() and ReadBuffer() when they occur inside APL extended fields + Non-APL characters are no longer accepted as input in APL extended fields. + APL underlined alphabetic characters are now displayed correctly by all of the emulators and returned correctly by Ascii1(), Ascii(), PrintText() and ReadBuffer(). + Untranslatable characters are no longer returned incorrectly by ReadBuffer(ascii). + Wrapped DBCS characters and the text that follows them are no longer displayed incorrectly by x3270. + A buffer overrun bug in processing the Set Reply Mode structured field has been fixed. + DBCS operator error state is now displayed in the OIA by c3270 and wc3270. + x3270 no longer corrupts the screen display when a DBCS character is replaced with an SBCS character by keyboard input. + The c3270 and wc3270 on-screen keypad is no longer corrupted when DBCS text is on the screen. + The EraseEOF() action no longer clears the character set extended attributes in a field when the emulator is in field or extended field reply mode. * 4.5alpha2: + The build system has been overhauled for Windows cross-compilation. + Trace messages now have category headings. + x3270if now builds on BSD-based systems. + The SOURCE_DATA_EPOCH environment variable is now supported correctly by the build process. * 4.5alpha1: + Support for DBCS code pages 933 (korean) and 1364 has been added. + PageUp() and PageDown() actions have been added, and NVT-mode behaviors have been added to Home() and FieldEnd(). + A -nomargin option has been added to the PasteString(), Paste() and insert-selection() actions, to disable automatic margin wrapping for a single operation. + x3270 now supports background color. - Removed obsolete patches - Amended the .spec file (jsc#PED-15247) * Removed the update-desktop-files dependencies - Removed the 'x3270.desktop' file x3270-4.5-160000.1.1.aarch64.rpm x3270-4.5-160000.1.1.ppc64le.rpm x3270-4.5-160000.1.1.s390x.rpm x3270-4.5-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-569 Recommended update for AppStream moderate SUSE SLFO 1.2 This update for AppStream fixes the following issues: Changes in AppStream: - Make qt6 the default qt flavor and qt5 the flavor built separately and disable the qt5 flavor in SLE16 where we don't want to have Qt5 libraries. Update to 1.0.5: Features: * qt: Expose markup conversion utils * desktop-styles: Add android and iOS * validator: Check for xml:lang="en" being used on description template elements * validator: Flag cases of raw text in "description" elements * metadata: Add more known extensions into as_metadata_file_guess_style() Specification: * docs: Clarify that the style segment of a screenshot environment is optional * docs: Explain consequences of defining an icon for desktop-app metainfo * docs: Clarify that description content must be in p/li elements Bugfixes: * validator: mark as_validator_issue_tag_list static * docs: Add workaround for gi-docgen misnaming devhelp files * compose: Do not permit SVG images as screenshots * compose: Don't "forget" to scan remaining paths when re-encountering a dir * pool: Try explicit singular term match if we only have low-quality tokens * utils: Provide compatibility with Fedora icon tarballs when installing them * utils: Remove leftover g_chmod() * zstd-decompressor: Pass output/written data when decompression finished * utils: Expect a dash in icons file name * utils: Recognize .yml* and .yaml* file extension variants, and .zst extension * utils: Rename the appstream file when re-saving it on install AppStream-1.0.5-160000.1.1.aarch64.rpm AppStream-compose-1.0.5-160000.1.1.aarch64.rpm AppStream-compose-devel-1.0.5-160000.1.1.aarch64.rpm AppStream-devel-1.0.5-160000.1.1.aarch64.rpm AppStream-doc-1.0.5-160000.1.1.noarch.rpm AppStream-lang-1.0.5-160000.1.1.noarch.rpm appstream-qt6-devel-1.0.5-160000.1.1.aarch64.rpm libAppStreamQt3-1.0.5-160000.1.1.aarch64.rpm libappstream-compose0-1.0.5-160000.1.1.aarch64.rpm libappstream5-1.0.5-160000.1.1.aarch64.rpm typelib-1_0-AppStream-1.0-1.0.5-160000.1.1.aarch64.rpm typelib-1_0-AppStream-compose-1.0-1.0.5-160000.1.1.aarch64.rpm AppStream-1.0.5-160000.1.1.ppc64le.rpm AppStream-compose-1.0.5-160000.1.1.ppc64le.rpm AppStream-compose-devel-1.0.5-160000.1.1.ppc64le.rpm AppStream-devel-1.0.5-160000.1.1.ppc64le.rpm appstream-qt6-devel-1.0.5-160000.1.1.ppc64le.rpm libAppStreamQt3-1.0.5-160000.1.1.ppc64le.rpm libappstream-compose0-1.0.5-160000.1.1.ppc64le.rpm libappstream5-1.0.5-160000.1.1.ppc64le.rpm typelib-1_0-AppStream-1.0-1.0.5-160000.1.1.ppc64le.rpm typelib-1_0-AppStream-compose-1.0-1.0.5-160000.1.1.ppc64le.rpm AppStream-1.0.5-160000.1.1.s390x.rpm AppStream-compose-1.0.5-160000.1.1.s390x.rpm AppStream-compose-devel-1.0.5-160000.1.1.s390x.rpm AppStream-devel-1.0.5-160000.1.1.s390x.rpm appstream-qt6-devel-1.0.5-160000.1.1.s390x.rpm libAppStreamQt3-1.0.5-160000.1.1.s390x.rpm libappstream-compose0-1.0.5-160000.1.1.s390x.rpm libappstream5-1.0.5-160000.1.1.s390x.rpm typelib-1_0-AppStream-1.0-1.0.5-160000.1.1.s390x.rpm typelib-1_0-AppStream-compose-1.0-1.0.5-160000.1.1.s390x.rpm AppStream-1.0.5-160000.1.1.x86_64.rpm AppStream-compose-1.0.5-160000.1.1.x86_64.rpm AppStream-compose-devel-1.0.5-160000.1.1.x86_64.rpm AppStream-devel-1.0.5-160000.1.1.x86_64.rpm appstream-qt6-devel-1.0.5-160000.1.1.x86_64.rpm libAppStreamQt3-1.0.5-160000.1.1.x86_64.rpm libappstream-compose0-1.0.5-160000.1.1.x86_64.rpm libappstream5-1.0.5-160000.1.1.x86_64.rpm typelib-1_0-AppStream-1.0-1.0.5-160000.1.1.x86_64.rpm typelib-1_0-AppStream-compose-1.0-1.0.5-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-57 Security update for curl important SUSE SLFO 1.2 This update for curl fixes the following issues: - CVE-2025-9086: Fixed Out of bounds read for cookie path (bsc#1249191) - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) - CVE-2025-10148: Fixed predictable WebSocket mask (bsc#1249348) Other fixes: - tool_operate: fix return code when --retry is used but not triggered (bsc#1249367) curl-8.14.1-160000.3.1.aarch64.rpm curl-fish-completion-8.14.1-160000.3.1.noarch.rpm curl-zsh-completion-8.14.1-160000.3.1.noarch.rpm libcurl-devel-8.14.1-160000.3.1.aarch64.rpm libcurl-devel-doc-8.14.1-160000.3.1.noarch.rpm libcurl4-8.14.1-160000.3.1.aarch64.rpm curl-8.14.1-160000.3.1.ppc64le.rpm libcurl-devel-8.14.1-160000.3.1.ppc64le.rpm libcurl4-8.14.1-160000.3.1.ppc64le.rpm curl-8.14.1-160000.3.1.s390x.rpm libcurl-devel-8.14.1-160000.3.1.s390x.rpm libcurl4-8.14.1-160000.3.1.s390x.rpm curl-8.14.1-160000.3.1.x86_64.rpm libcurl-devel-8.14.1-160000.3.1.x86_64.rpm libcurl4-8.14.1-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-570 Security update for strongswan important SUSE SLFO 1.2 This update for strongswan fixes the following issues: Update to strongswan 6.0.4: - CVE-2025-9615: NetworkManager File Access (bsc#1257359). - CVE-2026-25075: Integer Underflow When Handling EAP-TTLS AVP (bsc#1259472). Changes for strongswan: - Fixed a vulnerability in the NetworkManager plugin that potentially allows using credentials of other local users. This vulnerability has been registered as CVE-2025-9615. - The maximum supported length for section names in swanctl.conf has been increased to the upper limit of 256 characters that's enforced by VICI. - Prevent a crash if a confused peer rekeys a Child SA twice before sending a delete. - Fixed a memory leak if a peer's self-signed certificate is untrusted. strongswan-6.0.4-160000.1.1.aarch64.rpm strongswan-doc-6.0.4-160000.1.1.noarch.rpm strongswan-fips-6.0.4-160000.1.1.aarch64.rpm strongswan-ipsec-6.0.4-160000.1.1.aarch64.rpm strongswan-mysql-6.0.4-160000.1.1.aarch64.rpm strongswan-nm-6.0.4-160000.1.1.aarch64.rpm strongswan-sqlite-6.0.4-160000.1.1.aarch64.rpm strongswan-6.0.4-160000.1.1.ppc64le.rpm strongswan-fips-6.0.4-160000.1.1.ppc64le.rpm strongswan-ipsec-6.0.4-160000.1.1.ppc64le.rpm strongswan-mysql-6.0.4-160000.1.1.ppc64le.rpm strongswan-nm-6.0.4-160000.1.1.ppc64le.rpm strongswan-sqlite-6.0.4-160000.1.1.ppc64le.rpm strongswan-6.0.4-160000.1.1.s390x.rpm strongswan-fips-6.0.4-160000.1.1.s390x.rpm strongswan-ipsec-6.0.4-160000.1.1.s390x.rpm strongswan-mysql-6.0.4-160000.1.1.s390x.rpm strongswan-nm-6.0.4-160000.1.1.s390x.rpm strongswan-sqlite-6.0.4-160000.1.1.s390x.rpm strongswan-6.0.4-160000.1.1.x86_64.rpm strongswan-fips-6.0.4-160000.1.1.x86_64.rpm strongswan-ipsec-6.0.4-160000.1.1.x86_64.rpm strongswan-mysql-6.0.4-160000.1.1.x86_64.rpm strongswan-nm-6.0.4-160000.1.1.x86_64.rpm strongswan-sqlite-6.0.4-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-572 Recommended update for rpmlint important SUSE SLFO 1.2 This update for rpmlint fixes the following issues: - Update to version 2.7.0+git20260415.44ca4797: * Update openSUSE's licenses.toml * ZipCheck: fix utf8 decoding erros in jarfile manifest (bsc#1261696) rpmlint-2.7.0+git20260415.44ca4797-160000.1.1.noarch.rpm rpmlint-strict-2.7.0+git20260415.44ca4797-160000.1.1.noarch.rpm openSUSE-Leap-16.0-573 Security update for bind important SUSE SLFO 1.2 This update for bind fixes the following issues: - Update to release 9.20.21 - CVE-2026-1519: maliciously crafted DNSSEC-validated zone can lead to denial of service (bsc#1260805). - CVE-2026-3104: memory leak in code preparing DNSSEC proofs of non-existence allows for DoS (bsc#1260567). - CVE-2026-3119: authenticated queries containing a TKEY record may cause `named` to terminate unexpectedly (bsc#1260568). - CVE-2026-3591: stack use-after-return flaw in SIG(0) handling code allows for ACL bypass (bsc#1260569). bind-9.20.21-160000.1.1.aarch64.rpm bind-doc-9.20.21-160000.1.1.noarch.rpm bind-modules-bdbhpt-9.20.21-160000.1.1.aarch64.rpm bind-modules-generic-9.20.21-160000.1.1.aarch64.rpm bind-modules-ldap-9.20.21-160000.1.1.aarch64.rpm bind-modules-mysql-9.20.21-160000.1.1.aarch64.rpm bind-modules-perl-9.20.21-160000.1.1.aarch64.rpm bind-modules-sqlite3-9.20.21-160000.1.1.aarch64.rpm bind-utils-9.20.21-160000.1.1.aarch64.rpm bind-9.20.21-160000.1.1.ppc64le.rpm bind-modules-bdbhpt-9.20.21-160000.1.1.ppc64le.rpm bind-modules-generic-9.20.21-160000.1.1.ppc64le.rpm bind-modules-ldap-9.20.21-160000.1.1.ppc64le.rpm bind-modules-mysql-9.20.21-160000.1.1.ppc64le.rpm bind-modules-perl-9.20.21-160000.1.1.ppc64le.rpm bind-modules-sqlite3-9.20.21-160000.1.1.ppc64le.rpm bind-utils-9.20.21-160000.1.1.ppc64le.rpm bind-9.20.21-160000.1.1.s390x.rpm bind-modules-bdbhpt-9.20.21-160000.1.1.s390x.rpm bind-modules-generic-9.20.21-160000.1.1.s390x.rpm bind-modules-ldap-9.20.21-160000.1.1.s390x.rpm bind-modules-mysql-9.20.21-160000.1.1.s390x.rpm bind-modules-perl-9.20.21-160000.1.1.s390x.rpm bind-modules-sqlite3-9.20.21-160000.1.1.s390x.rpm bind-utils-9.20.21-160000.1.1.s390x.rpm bind-9.20.21-160000.1.1.x86_64.rpm bind-modules-bdbhpt-9.20.21-160000.1.1.x86_64.rpm bind-modules-generic-9.20.21-160000.1.1.x86_64.rpm bind-modules-ldap-9.20.21-160000.1.1.x86_64.rpm bind-modules-mysql-9.20.21-160000.1.1.x86_64.rpm bind-modules-perl-9.20.21-160000.1.1.x86_64.rpm bind-modules-sqlite3-9.20.21-160000.1.1.x86_64.rpm bind-utils-9.20.21-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-574 Recommended update for update-bootloader moderate SUSE SLFO 1.2 This update for update-bootloader fixes the following issues: - Upgrade to version 1.27: * adjust spec file for immutable mode: switch to using * systemd-tmpfiles (jsc#PED-14833) - Upgrade to version 1.26: * adjust test cases - Implement config for BLS (bsc#1246013) update-bootloader-1.27-160000.1.1.aarch64.rpm update-bootloader-1.27-160000.1.1.ppc64le.rpm update-bootloader-1.27-160000.1.1.s390x.rpm update-bootloader-1.27-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-575 Security update for LibVNCServer important SUSE SLFO 1.2 This update for LibVNCServer fixes the following issues: - CVE-2026-32853: crafted FramebufferUpdate message can lead to information disclosure or denial of service (bsc#1260431). - CVE-2026-32854: crafted HTTP requests can cause a denial of service (bsc#1260429). LibVNCServer-devel-0.9.14-160000.4.1.aarch64.rpm libvncclient1-0.9.14-160000.4.1.aarch64.rpm libvncserver1-0.9.14-160000.4.1.aarch64.rpm LibVNCServer-devel-0.9.14-160000.4.1.ppc64le.rpm libvncclient1-0.9.14-160000.4.1.ppc64le.rpm libvncserver1-0.9.14-160000.4.1.ppc64le.rpm LibVNCServer-devel-0.9.14-160000.4.1.s390x.rpm libvncclient1-0.9.14-160000.4.1.s390x.rpm libvncserver1-0.9.14-160000.4.1.s390x.rpm LibVNCServer-devel-0.9.14-160000.4.1.x86_64.rpm libvncclient1-0.9.14-160000.4.1.x86_64.rpm libvncserver1-0.9.14-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-576 Recommended update for opensm important SUSE SLFO 1.2 This update for opensm fixes the following issue: Change in opensm: - Fix issue with NDR switches (bsc#1258143). libopensm9-3.3.24-160000.3.1.aarch64.rpm libosmcomp5-3.3.24-160000.3.1.aarch64.rpm libosmvendor5-3.3.24-160000.3.1.aarch64.rpm opensm-3.3.24-160000.3.1.aarch64.rpm opensm-devel-3.3.24-160000.3.1.aarch64.rpm libopensm9-3.3.24-160000.3.1.ppc64le.rpm libosmcomp5-3.3.24-160000.3.1.ppc64le.rpm libosmvendor5-3.3.24-160000.3.1.ppc64le.rpm opensm-3.3.24-160000.3.1.ppc64le.rpm opensm-devel-3.3.24-160000.3.1.ppc64le.rpm libopensm9-3.3.24-160000.3.1.s390x.rpm libosmcomp5-3.3.24-160000.3.1.s390x.rpm libosmvendor5-3.3.24-160000.3.1.s390x.rpm opensm-3.3.24-160000.3.1.s390x.rpm opensm-devel-3.3.24-160000.3.1.s390x.rpm libopensm9-3.3.24-160000.3.1.x86_64.rpm libosmcomp5-3.3.24-160000.3.1.x86_64.rpm libosmvendor5-3.3.24-160000.3.1.x86_64.rpm opensm-3.3.24-160000.3.1.x86_64.rpm opensm-devel-3.3.24-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-577 Security update for dovecot24 important SUSE SLFO 1.2 This update for dovecot24 fixes the following issues: - Update to v2.4.3 - CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins (bsc#1260894). - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing (bsc#1260895). - CVE-2025-59032: pigeonhole: ManageSieve panic occurs with sieve-connect as a client (bsc#1260902). - CVE-2026-24031: SQL injection possible if auth_username_chars is configured empty. Fixed escaping to always happen. v2.4 regression (bsc#1260896). - CVE-2026-27855: OTP driver vulnerable to replay attack (bsc#1260900). - CVE-2026-27856: Doveadm credentials were not checked using timing-safe checking function (bsc#1260899). - CVE-2026-27857: sending excessive parenthesis causes imap-login to use excessive memory (bsc#1260898). - CVE-2026-27858: pigeonhole: managesieve-login can allocate large amount of memory during authentication (bsc#1260901). - CVE-2026-27859: excessive RFC 2231 MIME parameters in email would can excessive CPU usage (bsc#1260897). - CVE-2026-27860: LDAP query injection possible if auth_username_chars is configured empty. Fixed escaping to always happen. v2.4 regression (bsc#1260893). dovecot24-2.4.3-160000.1.1.aarch64.rpm dovecot24-backend-mysql-2.4.3-160000.1.1.aarch64.rpm dovecot24-backend-pgsql-2.4.3-160000.1.1.aarch64.rpm dovecot24-backend-sqlite-2.4.3-160000.1.1.aarch64.rpm dovecot24-devel-2.4.3-160000.1.1.aarch64.rpm dovecot24-fts-2.4.3-160000.1.1.aarch64.rpm dovecot24-fts-flatcurve-2.4.3-160000.1.1.aarch64.rpm dovecot24-fts-solr-2.4.3-160000.1.1.aarch64.rpm dovecot24-2.4.3-160000.1.1.ppc64le.rpm dovecot24-backend-mysql-2.4.3-160000.1.1.ppc64le.rpm dovecot24-backend-pgsql-2.4.3-160000.1.1.ppc64le.rpm dovecot24-backend-sqlite-2.4.3-160000.1.1.ppc64le.rpm dovecot24-devel-2.4.3-160000.1.1.ppc64le.rpm dovecot24-fts-2.4.3-160000.1.1.ppc64le.rpm dovecot24-fts-flatcurve-2.4.3-160000.1.1.ppc64le.rpm dovecot24-fts-solr-2.4.3-160000.1.1.ppc64le.rpm dovecot24-2.4.3-160000.1.1.s390x.rpm dovecot24-backend-mysql-2.4.3-160000.1.1.s390x.rpm dovecot24-backend-pgsql-2.4.3-160000.1.1.s390x.rpm dovecot24-backend-sqlite-2.4.3-160000.1.1.s390x.rpm dovecot24-devel-2.4.3-160000.1.1.s390x.rpm dovecot24-fts-2.4.3-160000.1.1.s390x.rpm dovecot24-fts-flatcurve-2.4.3-160000.1.1.s390x.rpm dovecot24-fts-solr-2.4.3-160000.1.1.s390x.rpm dovecot24-2.4.3-160000.1.1.x86_64.rpm dovecot24-backend-mysql-2.4.3-160000.1.1.x86_64.rpm dovecot24-backend-pgsql-2.4.3-160000.1.1.x86_64.rpm dovecot24-backend-sqlite-2.4.3-160000.1.1.x86_64.rpm dovecot24-devel-2.4.3-160000.1.1.x86_64.rpm dovecot24-fts-2.4.3-160000.1.1.x86_64.rpm dovecot24-fts-flatcurve-2.4.3-160000.1.1.x86_64.rpm dovecot24-fts-solr-2.4.3-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-578 Security update for google-cloud-sap-agent important SUSE SLFO 1.2 This update for google-cloud-sap-agent fixes the following issue: Update to google-cloud-sap-agent 3.12 (bsc#1259816): - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header (bsc#1260265). Changes for google-cloud-sap-agent: * Collect WLM metric `saphanasr_angi_installed` for all OS types. * Failure handling: Remove attached disks from CG * OTE Status checks for Parameter Manager (SAP Agent) * Log command-line arguments in configureinstance. * Minor multiple reliability checks and fixes * Support custom names for restored disks in hanadiskrestore * Add newAttachedDisks to Restorer and detach them on restore failure. * Improve unit test coverage for hanadiskbackup and hanadiskrestore * Add support for refresh point tests. * Refactor HANA disk backup user validation and physical path parsing. * Auto updated compiled protocol buffers * Parameter Manager integration to SAP Agent * Modify collection logic for SAP HANA configuration files. * Update workloadagentplatform version and hash. * Update WLM Validation metrics to support SAPHanaSR-angi setups. * Increment agent version to 3.12. * SAP HANA Pacemaker failover settings can come from `SAPHanaController`. * Update collection for WLM metric `ha_sr_hook_configured`. * Refactor CheckTopology to accept instance number. * Use constant backoff with max retries for snapshot group operations. * Update workloadagentplatform dependency google-cloud-sap-agent-3.12-160000.1.1.aarch64.rpm google-cloud-sap-agent-3.12-160000.1.1.ppc64le.rpm google-cloud-sap-agent-3.12-160000.1.1.s390x.rpm google-cloud-sap-agent-3.12-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-579 Security update for freeipmi important SUSE SLFO 1.2 This update for freeipmi fixes the following issue: - CVE-2026-33554: improper memory handling and data validation can lead to stack buffer overflows and acceptance of malformed payloads/responses (bsc#1260414). freeipmi-1.6.15-160000.3.1.aarch64.rpm freeipmi-bmc-watchdog-1.6.15-160000.3.1.aarch64.rpm freeipmi-devel-1.6.15-160000.3.1.aarch64.rpm freeipmi-ipmidetectd-1.6.15-160000.3.1.aarch64.rpm freeipmi-ipmiseld-1.6.15-160000.3.1.aarch64.rpm libfreeipmi17-1.6.15-160000.3.1.aarch64.rpm libipmiconsole2-1.6.15-160000.3.1.aarch64.rpm libipmidetect0-1.6.15-160000.3.1.aarch64.rpm libipmimonitoring6-1.6.15-160000.3.1.aarch64.rpm freeipmi-1.6.15-160000.3.1.ppc64le.rpm freeipmi-bmc-watchdog-1.6.15-160000.3.1.ppc64le.rpm freeipmi-devel-1.6.15-160000.3.1.ppc64le.rpm freeipmi-ipmidetectd-1.6.15-160000.3.1.ppc64le.rpm freeipmi-ipmiseld-1.6.15-160000.3.1.ppc64le.rpm libfreeipmi17-1.6.15-160000.3.1.ppc64le.rpm libipmiconsole2-1.6.15-160000.3.1.ppc64le.rpm libipmidetect0-1.6.15-160000.3.1.ppc64le.rpm libipmimonitoring6-1.6.15-160000.3.1.ppc64le.rpm freeipmi-1.6.15-160000.3.1.s390x.rpm freeipmi-bmc-watchdog-1.6.15-160000.3.1.s390x.rpm freeipmi-devel-1.6.15-160000.3.1.s390x.rpm freeipmi-ipmidetectd-1.6.15-160000.3.1.s390x.rpm freeipmi-ipmiseld-1.6.15-160000.3.1.s390x.rpm libfreeipmi17-1.6.15-160000.3.1.s390x.rpm libipmiconsole2-1.6.15-160000.3.1.s390x.rpm libipmidetect0-1.6.15-160000.3.1.s390x.rpm libipmimonitoring6-1.6.15-160000.3.1.s390x.rpm freeipmi-1.6.15-160000.3.1.x86_64.rpm freeipmi-bmc-watchdog-1.6.15-160000.3.1.x86_64.rpm freeipmi-devel-1.6.15-160000.3.1.x86_64.rpm freeipmi-ipmidetectd-1.6.15-160000.3.1.x86_64.rpm freeipmi-ipmiseld-1.6.15-160000.3.1.x86_64.rpm libfreeipmi17-1.6.15-160000.3.1.x86_64.rpm libipmiconsole2-1.6.15-160000.3.1.x86_64.rpm libipmidetect0-1.6.15-160000.3.1.x86_64.rpm libipmimonitoring6-1.6.15-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-58 Security update for the Linux Kernel important SUSE SLFO 1.2 The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-21816: hrtimers: Force migrate away hrtimers queued after (bsc#1238472). - CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630). - CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161). - CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302). - CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317). - CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512). - CVE-2025-39779: btrfs: subpage: keep TOWRITE tag until folio is cleaned (bsc#1249495). - CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202). - CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455). - CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400). - CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379). - CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721). - CVE-2025-39903: of_numa: fix uninitialized memory nodes causing kernel panic (bsc#1250749). - CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704). - CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232). - CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233). - CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177). - CVE-2025-39950: net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR (bsc#1251176). - CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804). - CVE-2025-39956: igc: don't fail igc_probe() on LED setup error (bsc#1251809). - CVE-2025-39963: io_uring: fix incorrect io_kiocb reference in io_link_skb (bsc#1251819). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044). - CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051). - CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052). - CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-39979: net/mlx5: fs, add API for sharing HWS action by refcount (bsc#1252067). - CVE-2025-39984: net: tun: Update napi->skb after XDP process (bsc#1252081). - CVE-2025-39992: mm: swap: check for stable address space before operating on the VMA (bsc#1252076). - CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062). - CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349). - CVE-2025-40012: net/smc: fix warning in smc_rx_splice() when calling get_page() (bsc#1252330). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). - CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858). - CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826). - CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848). - CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789). - CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774). - CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918). The following non security issues were fixed: - add bug reference to existing hv_netvsc change (bsc#1252265) - amd-pstate-ut: Reset amd-pstate driver mode after running selftests (bsc#1249226). - cgroup/cpuset: Remove remote_partition_check() & make update_cpumasks_hier() handle remote partition (bsc#1241166). - cpuset: Use new excpus for nocpu error check when enabling root partition (bsc#1241166). - cpuset: fix failure to enable isolated partition when containing isolcpus (bsc#1241166). - doc/README.SUSE: Correct the character used for TAINT_NO_SUPPORT The character was previously 'N', but upstream used it for TAINT_TEST, which prompted the change of TAINT_NO_SUPPORT to 'n'. - dpll: zl3073x: Add firmware loading functionality (bsc#1252253). - dpll: zl3073x: Add functions to access hardware registers (bsc#1252253). - dpll: zl3073x: Add low-level flash functions (bsc#1252253). - dpll: zl3073x: Add support to get fractional frequency offset (bsc#1252253). - dpll: zl3073x: Add support to get phase offset on connected input pin (bsc#1252253). - dpll: zl3073x: Add support to get/set esync on pins (bsc#1252253). - dpll: zl3073x: Fix double free in zl3073x_devlink_flash_update() (bsc#1252253). - dpll: zl3073x: Handle missing or corrupted flash configuration (bsc#1252253). - dpll: zl3073x: Implement devlink flash callback (bsc#1252253). - dpll: zl3073x: Increase maximum size of flash utility (bsc#1252253). - dpll: zl3073x: Refactor DPLL initialization (bsc#1252253). - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes). - drm/xe/guc: Prepare GuC register list and update ADS size for error capture (stable-fixes). - ixgbe: handle IXGBE_VF_FEATURES_NEGOTIATE mbox cmd (bsc#1247222). - ixgbe: handle IXGBE_VF_GET_PF_LINK_STATE mailbox operation (bsc#1247222). - ixgbevf: fix getting link speed data for E610 devices (bsc#1247222). - ixgbevf: fix mailbox API compatibility by negotiating supported features (bsc#1247222). - kbuild/modfinal: Link livepatches with module-common.o (bsc#1218644, bsc#1252270). - kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939). - kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930). - nvme-auth: update sc_c in host response (git-fixes bsc#1249397). - perf hwmon_pmu: Fix uninitialized variable warning (perf-sle16-v6.13-userspace-update, git-fixes). - phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes). - powerpc/fadump: skip parameter area allocation when fadump is disabled (jsc#PED-9891 git-fixes). - proc: fix missing pde_set_flags() for net proc files (bsc#1248630) - proc: fix type confusion in pde_set_flags() (bsc#1248630) - rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946) - scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267). - x86/microcode/AMD: Limit Entrysign signature checking to known generations (bsc#1252725). - x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (bsc#1252734). - x86/resctrl: Refactor resctrl_arch_rmid_read() (bsc#1252734). - x86/virt/tdx: Mark memory cache state incoherent when making SEAMCALL (jsc#PED-348). kernel-devel-6.12.0-160000.7.1.noarch.rpm True kernel-macros-6.12.0-160000.7.1.noarch.rpm True kernel-source-6.12.0-160000.7.1.noarch.rpm True kernel-source-vanilla-6.12.0-160000.7.1.noarch.rpm True kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64.rpm True dtb-allwinner-6.12.0-160000.7.1.aarch64.rpm True dtb-altera-6.12.0-160000.7.1.aarch64.rpm True dtb-amazon-6.12.0-160000.7.1.aarch64.rpm True dtb-amd-6.12.0-160000.7.1.aarch64.rpm True dtb-amlogic-6.12.0-160000.7.1.aarch64.rpm True dtb-apm-6.12.0-160000.7.1.aarch64.rpm True dtb-apple-6.12.0-160000.7.1.aarch64.rpm True dtb-arm-6.12.0-160000.7.1.aarch64.rpm True dtb-broadcom-6.12.0-160000.7.1.aarch64.rpm True dtb-cavium-6.12.0-160000.7.1.aarch64.rpm True dtb-exynos-6.12.0-160000.7.1.aarch64.rpm True dtb-freescale-6.12.0-160000.7.1.aarch64.rpm True dtb-hisilicon-6.12.0-160000.7.1.aarch64.rpm True dtb-lg-6.12.0-160000.7.1.aarch64.rpm True dtb-marvell-6.12.0-160000.7.1.aarch64.rpm True dtb-mediatek-6.12.0-160000.7.1.aarch64.rpm True dtb-nvidia-6.12.0-160000.7.1.aarch64.rpm True dtb-qcom-6.12.0-160000.7.1.aarch64.rpm True dtb-renesas-6.12.0-160000.7.1.aarch64.rpm True dtb-rockchip-6.12.0-160000.7.1.aarch64.rpm True dtb-socionext-6.12.0-160000.7.1.aarch64.rpm True dtb-sprd-6.12.0-160000.7.1.aarch64.rpm True dtb-xilinx-6.12.0-160000.7.1.aarch64.rpm True cluster-md-kmp-64kb-6.12.0-160000.7.1.aarch64.rpm True dlm-kmp-64kb-6.12.0-160000.7.1.aarch64.rpm True gfs2-kmp-64kb-6.12.0-160000.7.1.aarch64.rpm True kernel-64kb-6.12.0-160000.7.1.aarch64.rpm True kernel-64kb-devel-6.12.0-160000.7.1.aarch64.rpm True kernel-64kb-extra-6.12.0-160000.7.1.aarch64.rpm True kernel-64kb-optional-6.12.0-160000.7.1.aarch64.rpm True kselftests-kmp-64kb-6.12.0-160000.7.1.aarch64.rpm True ocfs2-kmp-64kb-6.12.0-160000.7.1.aarch64.rpm True cluster-md-kmp-default-6.12.0-160000.7.1.aarch64.rpm True dlm-kmp-default-6.12.0-160000.7.1.aarch64.rpm True gfs2-kmp-default-6.12.0-160000.7.1.aarch64.rpm True kernel-default-6.12.0-160000.7.1.aarch64.rpm True kernel-default-devel-6.12.0-160000.7.1.aarch64.rpm True kernel-default-extra-6.12.0-160000.7.1.aarch64.rpm True kernel-default-optional-6.12.0-160000.7.1.aarch64.rpm True kselftests-kmp-default-6.12.0-160000.7.1.aarch64.rpm True ocfs2-kmp-default-6.12.0-160000.7.1.aarch64.rpm True kernel-docs-6.12.0-160000.7.1.noarch.rpm True kernel-docs-html-6.12.0-160000.7.1.noarch.rpm True kernel-kvmsmall-6.12.0-160000.7.1.aarch64.rpm True kernel-kvmsmall-devel-6.12.0-160000.7.1.aarch64.rpm True kernel-obs-build-6.12.0-160000.7.1.aarch64.rpm True kernel-obs-qa-6.12.0-160000.7.1.aarch64.rpm True cluster-md-kmp-rt-6.12.0-160000.7.1.aarch64.rpm True dlm-kmp-rt-6.12.0-160000.7.1.aarch64.rpm True gfs2-kmp-rt-6.12.0-160000.7.1.aarch64.rpm True kernel-rt-6.12.0-160000.7.1.aarch64.rpm True kernel-rt-devel-6.12.0-160000.7.1.aarch64.rpm True kernel-rt-extra-6.12.0-160000.7.1.aarch64.rpm True kernel-rt-optional-6.12.0-160000.7.1.aarch64.rpm True kselftests-kmp-rt-6.12.0-160000.7.1.aarch64.rpm True ocfs2-kmp-rt-6.12.0-160000.7.1.aarch64.rpm True kernel-syms-6.12.0-160000.7.1.aarch64.rpm True kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le.rpm True cluster-md-kmp-default-6.12.0-160000.7.1.ppc64le.rpm True dlm-kmp-default-6.12.0-160000.7.1.ppc64le.rpm True gfs2-kmp-default-6.12.0-160000.7.1.ppc64le.rpm True kernel-default-6.12.0-160000.7.1.ppc64le.rpm True kernel-default-devel-6.12.0-160000.7.1.ppc64le.rpm True kernel-default-extra-6.12.0-160000.7.1.ppc64le.rpm True kernel-default-optional-6.12.0-160000.7.1.ppc64le.rpm True kselftests-kmp-default-6.12.0-160000.7.1.ppc64le.rpm True ocfs2-kmp-default-6.12.0-160000.7.1.ppc64le.rpm True kernel-kvmsmall-6.12.0-160000.7.1.ppc64le.rpm True kernel-kvmsmall-devel-6.12.0-160000.7.1.ppc64le.rpm True kernel-obs-build-6.12.0-160000.7.1.ppc64le.rpm True kernel-obs-qa-6.12.0-160000.7.1.ppc64le.rpm True kernel-syms-6.12.0-160000.7.1.ppc64le.rpm True cluster-md-kmp-default-6.12.0-160000.7.1.s390x.rpm True dlm-kmp-default-6.12.0-160000.7.1.s390x.rpm True gfs2-kmp-default-6.12.0-160000.7.1.s390x.rpm True kernel-default-6.12.0-160000.7.1.s390x.rpm True kernel-default-devel-6.12.0-160000.7.1.s390x.rpm True kernel-default-extra-6.12.0-160000.7.1.s390x.rpm True kernel-default-optional-6.12.0-160000.7.1.s390x.rpm True kselftests-kmp-default-6.12.0-160000.7.1.s390x.rpm True ocfs2-kmp-default-6.12.0-160000.7.1.s390x.rpm True kernel-obs-build-6.12.0-160000.7.1.s390x.rpm True kernel-obs-qa-6.12.0-160000.7.1.s390x.rpm True kernel-syms-6.12.0-160000.7.1.s390x.rpm True kernel-zfcpdump-6.12.0-160000.7.1.s390x.rpm True kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64.rpm True cluster-md-kmp-default-6.12.0-160000.7.1.x86_64.rpm True dlm-kmp-default-6.12.0-160000.7.1.x86_64.rpm True gfs2-kmp-default-6.12.0-160000.7.1.x86_64.rpm True kernel-default-6.12.0-160000.7.1.x86_64.rpm True kernel-default-devel-6.12.0-160000.7.1.x86_64.rpm True kernel-default-extra-6.12.0-160000.7.1.x86_64.rpm True kernel-default-optional-6.12.0-160000.7.1.x86_64.rpm True kernel-default-vdso-6.12.0-160000.7.1.x86_64.rpm True kselftests-kmp-default-6.12.0-160000.7.1.x86_64.rpm True ocfs2-kmp-default-6.12.0-160000.7.1.x86_64.rpm True kernel-kvmsmall-6.12.0-160000.7.1.x86_64.rpm True kernel-kvmsmall-devel-6.12.0-160000.7.1.x86_64.rpm True kernel-kvmsmall-vdso-6.12.0-160000.7.1.x86_64.rpm True kernel-obs-build-6.12.0-160000.7.1.x86_64.rpm True kernel-obs-qa-6.12.0-160000.7.1.x86_64.rpm True cluster-md-kmp-rt-6.12.0-160000.7.1.x86_64.rpm True dlm-kmp-rt-6.12.0-160000.7.1.x86_64.rpm True gfs2-kmp-rt-6.12.0-160000.7.1.x86_64.rpm True kernel-rt-6.12.0-160000.7.1.x86_64.rpm True kernel-rt-devel-6.12.0-160000.7.1.x86_64.rpm True kernel-rt-extra-6.12.0-160000.7.1.x86_64.rpm True kernel-rt-optional-6.12.0-160000.7.1.x86_64.rpm True kernel-rt-vdso-6.12.0-160000.7.1.x86_64.rpm True kselftests-kmp-rt-6.12.0-160000.7.1.x86_64.rpm True ocfs2-kmp-rt-6.12.0-160000.7.1.x86_64.rpm True kernel-syms-6.12.0-160000.7.1.x86_64.rpm True openSUSE-Leap-16.0-580 Recommended update for resource-agents important SUSE SLFO 1.2 This update for resource-agents fixes the following issues: - aws-vpc-move-ip: add awscli_timeout option (bsc#1260984) ldirectord-4.16.0+git90.968ad701-160000.3.1.aarch64.rpm resource-agents-4.16.0+git90.968ad701-160000.3.1.aarch64.rpm resource-agents-zfs-4.16.0+git90.968ad701-160000.3.1.aarch64.rpm ldirectord-4.16.0+git90.968ad701-160000.3.1.ppc64le.rpm resource-agents-4.16.0+git90.968ad701-160000.3.1.ppc64le.rpm resource-agents-zfs-4.16.0+git90.968ad701-160000.3.1.ppc64le.rpm ldirectord-4.16.0+git90.968ad701-160000.3.1.s390x.rpm resource-agents-4.16.0+git90.968ad701-160000.3.1.s390x.rpm resource-agents-zfs-4.16.0+git90.968ad701-160000.3.1.s390x.rpm ldirectord-4.16.0+git90.968ad701-160000.3.1.x86_64.rpm resource-agents-4.16.0+git90.968ad701-160000.3.1.x86_64.rpm resource-agents-zfs-4.16.0+git90.968ad701-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-581 Security update for gdk-pixbuf important SUSE SLFO 1.2 This update for gdk-pixbuf fixes the following issue: - CVE-2026-5201: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image (bsc#1261210). gdk-pixbuf-devel-2.42.12-160000.4.1.aarch64.rpm gdk-pixbuf-lang-2.42.12-160000.4.1.noarch.rpm gdk-pixbuf-query-loaders-2.42.12-160000.4.1.aarch64.rpm gdk-pixbuf-thumbnailer-2.42.12-160000.4.1.aarch64.rpm libgdk_pixbuf-2_0-0-2.42.12-160000.4.1.aarch64.rpm typelib-1_0-GdkPixbuf-2_0-2.42.12-160000.4.1.aarch64.rpm typelib-1_0-GdkPixdata-2_0-2.42.12-160000.4.1.aarch64.rpm gdk-pixbuf-devel-2.42.12-160000.4.1.ppc64le.rpm gdk-pixbuf-query-loaders-2.42.12-160000.4.1.ppc64le.rpm gdk-pixbuf-thumbnailer-2.42.12-160000.4.1.ppc64le.rpm libgdk_pixbuf-2_0-0-2.42.12-160000.4.1.ppc64le.rpm typelib-1_0-GdkPixbuf-2_0-2.42.12-160000.4.1.ppc64le.rpm typelib-1_0-GdkPixdata-2_0-2.42.12-160000.4.1.ppc64le.rpm gdk-pixbuf-devel-2.42.12-160000.4.1.s390x.rpm gdk-pixbuf-query-loaders-2.42.12-160000.4.1.s390x.rpm gdk-pixbuf-thumbnailer-2.42.12-160000.4.1.s390x.rpm libgdk_pixbuf-2_0-0-2.42.12-160000.4.1.s390x.rpm typelib-1_0-GdkPixbuf-2_0-2.42.12-160000.4.1.s390x.rpm typelib-1_0-GdkPixdata-2_0-2.42.12-160000.4.1.s390x.rpm gdk-pixbuf-devel-2.42.12-160000.4.1.x86_64.rpm gdk-pixbuf-query-loaders-2.42.12-160000.4.1.x86_64.rpm gdk-pixbuf-thumbnailer-2.42.12-160000.4.1.x86_64.rpm libgdk_pixbuf-2_0-0-2.42.12-160000.4.1.x86_64.rpm typelib-1_0-GdkPixbuf-2_0-2.42.12-160000.4.1.x86_64.rpm typelib-1_0-GdkPixdata-2_0-2.42.12-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-582 Recommended update for saptune important SUSE SLFO 1.2 This update for saptune fixes the following issues: - update package version of saptune to 3.2.3: * On Azure cloud systems fix a systemd ordering cycle conflict which prevents saptune to run on boot: + The reason for this conflict is an upcoming cloud-init update which will change the order by adding 'After=multi-user.target' to the cloud-final.service. + Since version 3.1.5 saptune has a dependency to cloud-final.service on Azure systems to fix (bsc#1235824). + We will now remove this dependency. (bsc#1260498, jsc#SAPSOL-1050) * Fix systemd service state revert problem. (bsc#1259748) * Fix output of 'saptune verify applied' in case of enabled notes, but nothing is applied. (jsc#SAPSOL-1051) * Add new tag 'kernel' to match the running kernel release. Valid values are extended regular expressions (RE2) that match the output of 'uname -r' (jsc#SAPSOL-810) * Support C-State names for parameter 'force_latency' additional to the already available latency value. (jsc#SAPSOL-806) * Support optional packages in the rpm section. (jsc#SAPSOL-791) * Warn about duplicate Notes/Solutions. (jsc#SAPSOL-948) * Fix kernel regex for HotFix000022286 (bsc#1261866) * Add condition (kernel tag) to HotFix000022286. As the final kernel patch is available for the problem the HotFix will only be active on systems currently not patched to the latest kernel patch. * SLE12/15/16 - deprecate Note 941735 (jsc#SAPSOL-1048) * SAP Note 2684254 updated to Version 27 check that TSX is set to auto on systems running dedicated kernel releases. (jsc#SAPSOL-793) * SAP Note 1656250 updated to Version 71 disable C-states higher than C1 * SAP Note 2578899 updated to Version 55 check for optional sssd package version * SAP Note 1275776 updated to Version 47 * SLE 16 SAP Note 3577842 and 3565382 updated - use versioned Provides/Obsoletes for sapconf - use full path for commands used in pre/post scripts - requires systemd-presets-branding-SLE-SAP (jsc#PED-15405) - update package version of saptune to 3.2.2 - HOTFIX: * ship Note HotFix000022286 and add it to the Solutions 'HANA', 'NETWEAVER+HANA', 'S4HANA-APP+DB' and 'S4HANA-DBSERVER'. + This HotFix addresses a problem described in the TID 22286 + This HotFix is only available for SLES15SP5 to SLES15SP7 on x86_64 architecture. saptune-3.2.3-160000.1.1.ppc64le.rpm saptune-3.2.3-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-583 Security update for xwayland important SUSE SLFO 1.2 This update for xwayland fixes the following issues: - CVE-2026-33999: XKB Integer Underflow in XkbSetCompatMap() (bsc#1260922). - CVE-2026-34000: XKB Out-of-bounds Read in CheckSetGeom() (bsc#1260923). - CVE-2026-34001: XSYNC Use-after-free in miSyncTriggerFence() (bsc#1260924). - CVE-2026-34002: XKB Out-of-bounds read in CheckModifierMap() (bsc#1260925). - CVE-2026-34003: XKB Buffer overflow in CheckKeyTypes() (bsc#1260926). xwayland-24.1.6-160000.4.1.aarch64.rpm xwayland-devel-24.1.6-160000.4.1.aarch64.rpm xwayland-24.1.6-160000.4.1.ppc64le.rpm xwayland-devel-24.1.6-160000.4.1.ppc64le.rpm xwayland-24.1.6-160000.4.1.s390x.rpm xwayland-devel-24.1.6-160000.4.1.s390x.rpm xwayland-24.1.6-160000.4.1.x86_64.rpm xwayland-devel-24.1.6-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-584 Recommended update for libyui moderate SUSE SLFO 1.2 This update for libyui fixes the following issues: libyui was updated to 4.7.6: Allow building with CMake 4.0 * Bump cmake_minumum_required to 3.10, which matches what most other modules in libyui use (3.5 is the minimum required to be supportable by CMake 4.0). * Remove CMP0046, as CMake 4.0 no longer supports it. The OLD mode in any case was a workaround for 'badly written CMakeLists.txt', as it just instructed cmake to ignore non-existing dependenices listed in add_dependencies. This package does not rely on non-existing dependencies and builds perfectly without this policy. - Do not build the qt packages (libyui-qt, libyui-qt-graph, libyui-qt-pkg and libyui-qt-rest-api) in SLE16 since Qt5 won't be available there. - Integrated the graphviz API fix upstream (Let CMake detect graphviz version) - graphviz API broke in a recent version update (bezier size is now of type size_t instead of int). libyui-devel-4.7.6-160000.1.1.aarch64.rpm libyui16-4.7.6-160000.1.1.aarch64.rpm libyui-ncurses-devel-4.7.6-160000.1.1.aarch64.rpm libyui-ncurses-tools-4.7.6-160000.1.1.aarch64.rpm libyui-ncurses16-4.7.6-160000.1.1.aarch64.rpm libyui-ncurses-pkg-devel-4.7.6-160000.1.1.aarch64.rpm libyui-ncurses-pkg16-4.7.6-160000.1.1.aarch64.rpm libyui-rest-api-devel-4.7.6-160000.1.1.aarch64.rpm libyui-rest-api16-4.7.6-160000.1.1.aarch64.rpm libyui-ncurses-rest-api-devel-4.7.6-160000.1.1.aarch64.rpm libyui-ncurses-rest-api16-4.7.6-160000.1.1.aarch64.rpm perl-yui-4.7.6-160000.1.1.aarch64.rpm python3-yui-4.7.6-160000.1.1.aarch64.rpm ruby-yui-4.7.6-160000.1.1.aarch64.rpm libyui-devel-4.7.6-160000.1.1.ppc64le.rpm libyui16-4.7.6-160000.1.1.ppc64le.rpm libyui-ncurses-devel-4.7.6-160000.1.1.ppc64le.rpm libyui-ncurses-tools-4.7.6-160000.1.1.ppc64le.rpm libyui-ncurses16-4.7.6-160000.1.1.ppc64le.rpm libyui-ncurses-pkg-devel-4.7.6-160000.1.1.ppc64le.rpm libyui-ncurses-pkg16-4.7.6-160000.1.1.ppc64le.rpm libyui-rest-api-devel-4.7.6-160000.1.1.ppc64le.rpm libyui-rest-api16-4.7.6-160000.1.1.ppc64le.rpm libyui-ncurses-rest-api-devel-4.7.6-160000.1.1.ppc64le.rpm libyui-ncurses-rest-api16-4.7.6-160000.1.1.ppc64le.rpm perl-yui-4.7.6-160000.1.1.ppc64le.rpm python3-yui-4.7.6-160000.1.1.ppc64le.rpm ruby-yui-4.7.6-160000.1.1.ppc64le.rpm libyui-devel-4.7.6-160000.1.1.s390x.rpm libyui16-4.7.6-160000.1.1.s390x.rpm libyui-ncurses-devel-4.7.6-160000.1.1.s390x.rpm libyui-ncurses-tools-4.7.6-160000.1.1.s390x.rpm libyui-ncurses16-4.7.6-160000.1.1.s390x.rpm libyui-ncurses-pkg-devel-4.7.6-160000.1.1.s390x.rpm libyui-ncurses-pkg16-4.7.6-160000.1.1.s390x.rpm libyui-rest-api-devel-4.7.6-160000.1.1.s390x.rpm libyui-rest-api16-4.7.6-160000.1.1.s390x.rpm libyui-ncurses-rest-api-devel-4.7.6-160000.1.1.s390x.rpm libyui-ncurses-rest-api16-4.7.6-160000.1.1.s390x.rpm perl-yui-4.7.6-160000.1.1.s390x.rpm python3-yui-4.7.6-160000.1.1.s390x.rpm ruby-yui-4.7.6-160000.1.1.s390x.rpm libyui-devel-4.7.6-160000.1.1.x86_64.rpm libyui16-4.7.6-160000.1.1.x86_64.rpm libyui-ncurses-devel-4.7.6-160000.1.1.x86_64.rpm libyui-ncurses-tools-4.7.6-160000.1.1.x86_64.rpm libyui-ncurses16-4.7.6-160000.1.1.x86_64.rpm libyui-ncurses-pkg-devel-4.7.6-160000.1.1.x86_64.rpm libyui-ncurses-pkg16-4.7.6-160000.1.1.x86_64.rpm libyui-rest-api-devel-4.7.6-160000.1.1.x86_64.rpm libyui-rest-api16-4.7.6-160000.1.1.x86_64.rpm libyui-ncurses-rest-api-devel-4.7.6-160000.1.1.x86_64.rpm libyui-ncurses-rest-api16-4.7.6-160000.1.1.x86_64.rpm perl-yui-4.7.6-160000.1.1.x86_64.rpm python3-yui-4.7.6-160000.1.1.x86_64.rpm ruby-yui-4.7.6-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-585 Feature update for libgcrypt, libgpg-error moderate SUSE SLFO 1.2 This update for libgcrypt, libgpg-error fixes the following issues: Update libgcrypt to 1.12.1 (jsc#PED-15059): * New and extended interfaces: - Allow access to the FIPS service indicator via the new GCRYCTL_FIPS_SERVICE_INDICATOR control code. - Make SHA-1 non-FIPS internally for the 1.12 API - Add Dilithium (ML-DSA) support - Support optional random-override and support byte string data * Bug fixes: - Use secure MPI in _gcry_mpi_assign_limb_space. - Use CSIDL_COMMON_APPDATA instead of /etc on Windows. - Apply a Kyber patch from upstream. - Fix an edge case in Jent initialization. - mceliece6688128f: Fix stack overflow crash on win64/wine * Performance: - Many performance improvements, new AVX512 implementations for modern CPUs. - Add RISC-V Zbb+Zbc implementation of CRC. - Add RISC-V vector cryptography implementation of GHASH, AES, SHA256 and SHA512 - Add AVX2 and AVX512 code paths to improve CRC. For a full changelog, see: https://dev.gnupg.org/source/libgcrypt/history/master/;libgcrypt-1.12.0 Update libgpg-error to 1.58: * New src/gpg-error.c (main): New command "fconcat". * Rename src/spawn-posix.c (struct gpgrt_spawn_actions): Rename the field to ENVP. * argparse: Use SYSCONFDIR for /etc. * Update translations for Portugese, German * src/estream.c (parse_mode): Fix parsing of "share". Set sysopen flag. * syscfg: Add 64-bit Android arch. libgcrypt-devel-1.12.1-160000.1.1.aarch64.rpm libgcrypt20-1.12.1-160000.1.1.aarch64.rpm libgpg-error-devel-1.58-160000.1.1.aarch64.rpm libgpg-error0-1.58-160000.1.1.aarch64.rpm libgcrypt-devel-1.12.1-160000.1.1.ppc64le.rpm libgcrypt20-1.12.1-160000.1.1.ppc64le.rpm libgpg-error-devel-1.58-160000.1.1.ppc64le.rpm libgpg-error0-1.58-160000.1.1.ppc64le.rpm libgcrypt-devel-1.12.1-160000.1.1.s390x.rpm libgcrypt20-1.12.1-160000.1.1.s390x.rpm libgpg-error-devel-1.58-160000.1.1.s390x.rpm libgpg-error0-1.58-160000.1.1.s390x.rpm libgcrypt-devel-1.12.1-160000.1.1.x86_64.rpm libgcrypt-devel-x86-64-v3-1.12.1-160000.1.1.x86_64.rpm libgcrypt20-1.12.1-160000.1.1.x86_64.rpm libgcrypt20-x86-64-v3-1.12.1-160000.1.1.x86_64.rpm libgpg-error-devel-1.58-160000.1.1.x86_64.rpm libgpg-error0-1.58-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-586 Recommended update for selinux-policy moderate SUSE SLFO 1.2 This update for selinux-policy fixes the following issues: Changes in selinux-policy: - Move %postInstall to %post as fix until zypper moves to rpm single transaction backend by default (bsc#1262083) Update to version 20250627+git363.7b84cc7fb: * Add missing Nextcloud file contexts (bsc#1261535) * openSUSE uses /var/lib/php8 (bsc#1239177) * /srv/www/htdocs is DocumentRoot of apache (bsc#1261535) * Allow snapper sdbootutil plugin read kernel modules (bsc#1259867) * Allow named_filetrans_domain filetrans flatpak homedir (bsc#1253682) selinux-policy-20250627+git363.7b84cc7fb-160000.1.1.noarch.rpm selinux-policy-devel-20250627+git363.7b84cc7fb-160000.1.1.noarch.rpm selinux-policy-doc-20250627+git363.7b84cc7fb-160000.1.1.noarch.rpm selinux-policy-minimum-20250627+git363.7b84cc7fb-160000.1.1.noarch.rpm selinux-policy-sandbox-20250627+git363.7b84cc7fb-160000.1.1.noarch.rpm selinux-policy-targeted-20250627+git363.7b84cc7fb-160000.1.1.noarch.rpm openSUSE-Leap-16.0-588 Recommended update for haproxy moderate SUSE SLFO 1.2 This update for haproxy fixes the following issues: - Update to version 3.2.15+git64.0fc44b458: * BUG/MINOR: hlua: fix use-after-free of HTTP reason string * BUG/MINOR: sample: fix info leak in regsub when exp_replace fails * BUG/MINOR: spoe: fix pointer arithmetic overflow in spoe_decode_buffer() * BUG/MINOR: resolvers: fix memory leak on AAAA additional records * BUG/MINOR: peers: fix OOB heap write in dictionary cache update * BUG/MINOR: hlua: fix format-string vulnerability in Patref error path * BUG/MINOR: hlua: fix stack overflow in httpclient headers conversion * BUG/MINOR: http-act: fix a typo in the "pause" action error message * BUG/MINOR: cfgcond: fail cleanly on missing argument for "feature" * BUG/MINOR: cfgcond: always set the error string on openssl_version checks * BUG/MINOR: cfgcond: properly set the error pointer on evaluation error * BUG/MINOR: quic: fix documentation for transport params decoding * BUG/MINOR: tcpcheck: Use tcpcheck context for expressions parsing * BUG/MINOR: tcpcheck: Don't enable http_needed when parsing HTTP samples * BUG/MINOR: tcpcheck: Remove unexpected flag on tcpcheck rules for httchck option * BUG/MINOR: stconn: Always declare the SC created from healthchecks as a back SC * BUG/MINOR: quic: close conn on packet reception with incompatible frame * BUG/MINOR: acme: fix task allocation leaked upon error * BUG/MINOR: http-ana: Only consider client abort for abortonclose * BUG/MINOR: config: Properly test warnif_misplaced_* return values * BUG/MINOR: acme: permission checks on the CLI * BUG/MINOR: acme/cli: fix argument check and error in 'acme challenge_ready' * BUG/MINOR: acme: replace atol with len-bounded __strl2uic() for retry-after * BUG/MINOR: acme: free() DER buffer on a2base64url error path * BUG/MINOR: acme: fix incorrect number of arguments allowed in config * BUG/MINOR: acme: wrong labels logic always memprintf errmsg * BUG/MINOR: acme: acme_ctx_destroy() leaks auth dns * BUG/MINOR: acme/cli: wrong argument check in 'acme renew' * BUG/MINOR: acme: wrong error when checking for duplicate section * BUG/MINOR: acme: leak of ext_san upon insertion error * BUG/MINOR: qpack: fix 62-bit overflow and 1-byte OOB reads in decoding * BUG/MINOR: sock: adjust accept() error messages for ENFILE and ENOMEM * BUG/MINOR: mworker: fix sort order of mworker_proc in 'show proc' * BUG/MINOR: mworker/cli: fix show proc pagination losing entries on resume * BUG/MINOR: mux-h2: properly ignore R bit in WINDOW_UPDATE increments * BUG/MINOR: mux-h2: properly ignore R bit in GOAWAY stream ID * BUG/MINOR: mworker: don't try to access an initializing process * BUG/MINOR: spoe: Fix condition to abort processing on client abort * BUG/MINOR: mjson: make mystrtod() length-aware to prevent out-of-bounds reads * BUG/MINOR: stream: Fix crash in stream dump if the current rule has no keyword * BUG/MINOR: proxy: do not forget to validate quic-initial rules * BUG/MINOR: http-ana: Swap L7 buffer with request buffer by hand * BUG/MINOR: h2/h3: Never insert partial headers/trailers in an HTX message * BUG/MINOR: h2/h3: Only test number of trailers inserted in HTX messag * BUG/MINOR: spoe: Properly switch SPOE filter to WAITING_ACK state * BUG/MINOR: sockpair: set FD_CLOEXEC on fd received via SCM_RIGHTS * BUG/MINOR: mworker: avoid passing NULL version in proc list serialization * BUG/MINOR: mworker: set a timeout on the worker socketpair read at startup * BUG/MINOR: mworker: fix typo in proc list serialization * BUG/MINOR: mworker: only match worker processes when looking for unspawned proc * BUG/MINOR: memprof: avoid a small memory leak in "show profiling" * BUG/MINOR: mworker: always stop the receiving listener * BUG/MINOR: jws: fix memory leak in jws_b64_signature * BUG/MINOR: tcpcheck: Fix typo in error error message for `http-check expect` * BUG/MINOR: mworker: don't set the PROC_O_LEAVING flag on master process * BUG/MEDIUM: mux-fcgi: prevent record-length truncation with large bufsize * BUG/MEDIUM: samples: Fix handling of SMP_T_METH samples * BUG/MEDIUM: jwt: fix heap overflow in ECDSA signature DER conversion * BUG/MEDIUM: payload: validate SNI name_len in req.ssl_sni * BUG/MEDIUM: mux-h1: Disable 0-copy forwarding when draining the request * BUG/MEDIUM: mux-h1: Don't set MSG_MORE on bodyless responses forwarded to client * BUG/MEDIUM: map/cli: map/acl commands warn when accessed without admin level * BUG/MEDIUM: ssl/ocsp: ocsp commands warn when accessed without admin level * BUG/MEDIUM: ssl/cli: tls-keys commands warn when accessed without admin level * BUG/MEDIUM: acme: skip doing challenge if it is already valid * BUG/MEDIUM: spoe: Acquire context buffer in applet before consuming a frame * BUG/MEDIUM: acme: fix multiple resource leaks in acme_x509_req() * BUG/MEDIUM: h3: reject unaligned frames except DATA * BUG/MEDIUM: peers: enforce check on incoming table key type * BUG/MEDIUM: spoe: Properly abort processing on client abort * BUG/MAJOR: slz: always make sure to limit fixed output to less than worst case literals (bsc#1261626) * BUG/MAJOR: h3: check body size with content-length on empty FIN * BUG: hlua: fix stack overflow in httpclient headers conversion * DOC: config: fix ambiguous info in log-steps directive description * DOC: config: Reorder params for 'tcp-check expect' directive * DOC: config: Add missing 'status-code' param for 'http-check expect' directive * DOC/CLEANUP: config: update mentions of the old "Global parameters" section * DOC: configuration: http-check expect example typo * SCRIPTS: git-show-backports: list new commits and how to review them with -L * MINOR: mux-h2: report glitches on early RST_STREAM * MINOR: stconn: flag the stream endpoint descriptor when the app has started * MINOR: ncbmbuf: improve itbmap_next() code * CI: github: fix tag listing by implementing proper API pagination * BUILD: tools: potential null pointer dereference in dl_collect_libs_cb * BUILD: spoe: Remove unsused variable * Revert "BUG/MEDIUM: mux-h2: make sure to always report pending errors to the stream" * BUILD: sched: fix leftover of debugging test in single-run changes * MINOR: mux-h2: assign a limited frames processing budget * MINOR: mworker/cli: extract worker "show proc" row printer * MINOR: debug: opportunistically load libthread_db.so.1 with set-dumpable=libs * MINOR: debug: copy debug symbols from /usr/lib/debug when present * MINOR: debug: read all libs in memory when set-dumpable=libs * MINOR: config: support explicit "on" and "off" for "set-dumpable" * MINOR: tools: add a function to load a file into a tar archive * MINOR: tools: add a function to create a tar file header * MINOR: sched: do not punish self-waking tasklets anymore * MINOR: sched: do not requeue a tasklet into the current queue * MINOR: htx: Add function to truncate all blocks after a specific block * MINOR: memprof: attempt different retry slots for different hashes on collision * MINOR: tools: extend the pointer hashing code to ease manipulations * MEDIUM: sched: change scheduler budgets to lower TL_BULK * MEDIUM: sched: do not punish self-waking tasklets if TASK_WOKEN_ANY * MEDIUM: sched: do not run a same task multiple times in series * [RELEASE] Released version 3.2.15 * CI: github: treat vX.Y.Z release tags as stable like haproxy-* branches * DEV: gdb: add a new utility to extract libs from a core dump: libs-from-core * DEV: gdb: add a utility to find the post-mortem address from a core - Update to version 3.2.14+git0.951507193: * [RELEASE] Released version 3.2.14 * SCRIPTS: git-show-backports: add a restart-from-last option * SCRIPTS: git-show-backports: hide the common ancestor warning in quiet mode * BUG/MINOR: backend: Don't get proto to use for webscoket if there is no server * BUG/MINOR: ssl-sample: Fix sample_conv_sha2() by checking EVP_Digest* failures * BUG/MINOR: ssl: error with ssl-f-use when no "crt" * BUG/MINOR: ssl: clarify ssl-f-use errors in post-section parsing * BUG/MINOR: ssl: fix leak in ssl-f-use parser upon error * BUG/MINOR: ssl: double-free on error path w/ ssl-f-use parser * BUG/MINOR: ssl: lack crtlist_dup_ssl_conf() declaration * BUG/MINOR: deviceatlas: set cache_size on hot-reloaded atlas instance * BUG/MINOR: deviceatlas: fix deinit to only finalize when initialized * BUG/MINOR: deviceatlas: fix resource leak on hot-reload compile failure * BUG/MINOR: deviceatlas: fix double-checked locking race in checkinst * BUG/MINOR: deviceatlas: fix cookie vlen using wrong length after extraction * BUG/MINOR: deviceatlas: fix off-by-one in da_haproxy_conv() * BUG/MINOR: h1-htx: Be sure that H1 response version starts by "HTTP/" * BUG/MINOR: qpack: fix 1-byte OOB read in qpack_decode_fs_pfx() * BUG/MINOR: promex: fix server iteration when last server is deleted * BUG/MINOR: http-ana: Stop to wait for body on client error/abort * BUG/MINOR: flt-trace: Properly compute length of the first DATA block * BUG/MINOR: deviceatlas: add NULL checks on strdup() results in config parsers * BUG/MINOR: deviceatlas: add missing return on error in config parsers * BUG/MEDIUM: mux-fcgi: Use a safe loop to resume each stream eligible for sending * BUG/MEDIUM: hpack: correctly deal with too large decoded numbers * BUG/MEDIUM: stream: Handle TASK_WOKEN_RES as a stream event * BUG/MEDIUM: qpack: correctly deal with too large decoded numbers * BUG/MEDIUM: mux-h2: make sure to always report pending errors to the stream * BUG/MEDIUM: applet: Fix test on shut flags for legacy applets (v2) * BUG/MEDIUM: mux-h1: Stop sending vi fast-forward for unexpected states * BUG/MEDIUM: mux-h2/quic: Stop sending via fast-forward if stream is closed * BUG/MEDIUM: h3: reject frontend CONNECT as currently not implemented * BUG/MEDIUM: deviceatlas: fix resource leaks on init error paths * BUG/MAJOR: Revert "MEDIUM: mux-quic: add BUG_ON if sending on locally closed QCS" * BUG/MAJOR: resolvers: Properly lowered the names found in DNS response * BUG/MAJOR: fcgi: Fix param decoding by properly checking its size * BUG/MAJOR: qpack: unchecked length passed to huffman decoder * MINOR: filters: Set last_entity when a filter fails on stream_start callback * MINOR: mux-h2: add a new setting, "tune.h2.log-errors" to tweak error logging * MINOR: mux-h2: also count glitches on invalid trailers * MINOR: stconn: Add missing SC_FL_NO_FASTFWD flag in sc_show_flags * DEBUG: stream: Display the currently running rule in stream dump * [RELEASE] Released version 3.2.13 * CLEANUP: mux-h1: Remove unneeded null check * CLEANUP: compression: Remove unused static buffers * CI: github: disable windows.yml by default on unofficials repo * CI: vtest: move the vtest2 URL to vinyl-cache.org * DEV: term-events: Fix hanshake events decoding * DOC: proxy-proto: underline the packed attribute for struct pp2_tlv_ssl * DOC: internals: addd mworker V3 internals haproxy-3.2.15+git64.0fc44b458-160000.1.1.aarch64.rpm haproxy-3.2.15+git64.0fc44b458-160000.1.1.ppc64le.rpm haproxy-3.2.15+git64.0fc44b458-160000.1.1.s390x.rpm haproxy-3.2.15+git64.0fc44b458-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-590 Security update for Botan moderate SUSE SLFO 1.2 This update for Botan fixes the following issue: - CVE-2026-32884: Certificate validation bypass due to mixed-case Common Name in X.509 certificates (bsc#1261993). Botan-3.7.1-160000.4.1.aarch64.rpm Botan-doc-3.7.1-160000.4.1.noarch.rpm libbotan-3-7-3.7.1-160000.4.1.aarch64.rpm libbotan-devel-3.7.1-160000.4.1.aarch64.rpm python3-botan-3.7.1-160000.4.1.aarch64.rpm Botan-3.7.1-160000.4.1.ppc64le.rpm libbotan-3-7-3.7.1-160000.4.1.ppc64le.rpm libbotan-devel-3.7.1-160000.4.1.ppc64le.rpm python3-botan-3.7.1-160000.4.1.ppc64le.rpm Botan-3.7.1-160000.4.1.s390x.rpm libbotan-3-7-3.7.1-160000.4.1.s390x.rpm libbotan-devel-3.7.1-160000.4.1.s390x.rpm python3-botan-3.7.1-160000.4.1.s390x.rpm Botan-3.7.1-160000.4.1.x86_64.rpm libbotan-3-7-3.7.1-160000.4.1.x86_64.rpm libbotan-devel-3.7.1-160000.4.1.x86_64.rpm python3-botan-3.7.1-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-591 Security update for qemu important SUSE SLFO 1.2 This update for qemu fixes the following issues: Update to version 10.0.9. Security issues fixed: - CVE-2026-3196: unbounded memory allocation and host denial-of-service via PCM_INFO requests sent from the guest (bsc#1259079). - CVE-2026-3195: heap out-of-bounds write when reading input audio in the virtio-snd device input callback (bsc#1259080). - CVE-2026-2243: heap out-of-bounds read and 12-byte information leak when processing specially crafted VMDK files with qemu-img (bsc#1258509). Other updates and bugfixes: - Version 10.0.9: * Full backport list: https://lore.kernel.org/qemu-devel/20260318045608.7E1B513DFF6@think4mjt.localdomain/ * hyperv/syndbg: check length returned by cpu_physical_memory_map() * fuse: Copy write buffer content before polling * target/loongarch: Avoid recursive PNX exception on CSR_BADI fetch * target/loongarch: Preserve PTE permission bits in LDPTE * hw/net/npcm_gmac: Catch accesses off the end of the register array * linux-user: fix TIOCGSID ioctl * tests/tcg/multiarch/test-mmap: Check mmaps beyond reserved_va * bsd-user: Deal with mmap where start > reserved_va * linux-user: Deal with mmap where start > reserved_va * hw/net/xilinx_ethlite: Check for oversized TX packets * virtio-gpu: Ensure BHs are invoked only from main-loop thread * block/nfs: Do not enter coroutine from CB * block: Never drop BLOCK_IO_ERROR with action=stop for rate limiting * block/throttle-groups: fix deadlock with iolimits and muliple iothreads * mirror: Fix missed dirty bitmap writes during startup * block/curl: fix concurrent completion handling * block/vmdk: fix OOB read in vmdk_read_extent() * hw/net/smc91c111: Don't allow negative-length packets * io: fix cleanup for websock I/O source data on cancellation * io: fix cleanup for TLS I/O source data on cancellation * io: separate freeing of tasks from marking them as complete * target/i386/hvf/x86_mmu: Fix compiler warning * hw/i386/vmmouse: Fix hypercall clobbers * tests/docker: upgrade most non-lcitool debian tests to debian 13 * hw/9pfs: fix missing EOPNOTSUPP on Twstat and Trenameat for fs synth driver * hw/9pfs: fix data race in v9fs_mark_fids_unreclaim() - Add support for AMD-Turn CPUs (jsc#PED-13174) * target/i386: Add support for EPYC-Turin model (jsc#PED-13174) * target/i386: Update EPYC-Genoa for Cache property, perfmon-v2, RAS and SVM feature bits (jsc#PED-13174) * target/i386: Add couple of feature bits in CPUID_Fn80000021_EAX (jsc#PED-13174) * target/i386: Update EPYC-Milan CPU model for Cache property, RAS, SVM feature bits (jsc#PED-13174) * target/i386: Update EPYC-Rome CPU model for Cache property, RAS, SVM feature bits (jsc#PED-13174) * target/i386: Update EPYC CPU model for Cache property, RAS, SVM feature bits (jsc#PED-13174) qemu-10.0.9-160000.1.1.aarch64.rpm qemu-SLOF-10.0.9-160000.1.1.noarch.rpm qemu-accel-qtest-10.0.9-160000.1.1.aarch64.rpm qemu-arm-10.0.9-160000.1.1.aarch64.rpm qemu-audio-alsa-10.0.9-160000.1.1.aarch64.rpm qemu-audio-dbus-10.0.9-160000.1.1.aarch64.rpm qemu-audio-jack-10.0.9-160000.1.1.aarch64.rpm qemu-audio-oss-10.0.9-160000.1.1.aarch64.rpm qemu-audio-pa-10.0.9-160000.1.1.aarch64.rpm qemu-audio-pipewire-10.0.9-160000.1.1.aarch64.rpm qemu-audio-spice-10.0.9-160000.1.1.aarch64.rpm qemu-block-curl-10.0.9-160000.1.1.aarch64.rpm qemu-block-dmg-10.0.9-160000.1.1.aarch64.rpm qemu-block-iscsi-10.0.9-160000.1.1.aarch64.rpm qemu-block-nfs-10.0.9-160000.1.1.aarch64.rpm qemu-block-rbd-10.0.9-160000.1.1.aarch64.rpm qemu-block-ssh-10.0.9-160000.1.1.aarch64.rpm qemu-chardev-baum-10.0.9-160000.1.1.aarch64.rpm qemu-chardev-spice-10.0.9-160000.1.1.aarch64.rpm qemu-doc-10.0.9-160000.1.1.noarch.rpm qemu-extra-10.0.9-160000.1.1.aarch64.rpm qemu-guest-agent-10.0.9-160000.1.1.aarch64.rpm qemu-headless-10.0.9-160000.1.1.aarch64.rpm qemu-hw-display-qxl-10.0.9-160000.1.1.aarch64.rpm qemu-hw-display-virtio-gpu-10.0.9-160000.1.1.aarch64.rpm qemu-hw-display-virtio-gpu-pci-10.0.9-160000.1.1.aarch64.rpm qemu-hw-display-virtio-vga-10.0.9-160000.1.1.aarch64.rpm qemu-hw-s390x-virtio-gpu-ccw-10.0.9-160000.1.1.aarch64.rpm qemu-hw-usb-host-10.0.9-160000.1.1.aarch64.rpm qemu-hw-usb-redirect-10.0.9-160000.1.1.aarch64.rpm qemu-hw-usb-smartcard-10.0.9-160000.1.1.aarch64.rpm qemu-img-10.0.9-160000.1.1.aarch64.rpm qemu-ipxe-10.0.9-160000.1.1.noarch.rpm qemu-ivshmem-tools-10.0.9-160000.1.1.aarch64.rpm qemu-ksm-10.0.9-160000.1.1.aarch64.rpm qemu-lang-10.0.9-160000.1.1.noarch.rpm qemu-microvm-10.0.9-160000.1.1.noarch.rpm qemu-ppc-10.0.9-160000.1.1.aarch64.rpm qemu-pr-helper-10.0.9-160000.1.1.aarch64.rpm qemu-s390x-10.0.9-160000.1.1.aarch64.rpm qemu-seabios-10.0.91.16.3_3_g3d33c746-160000.1.1.noarch.rpm qemu-skiboot-10.0.9-160000.1.1.noarch.rpm qemu-spice-10.0.9-160000.1.1.aarch64.rpm qemu-tools-10.0.9-160000.1.1.aarch64.rpm qemu-ui-curses-10.0.9-160000.1.1.aarch64.rpm qemu-ui-dbus-10.0.9-160000.1.1.aarch64.rpm qemu-ui-gtk-10.0.9-160000.1.1.aarch64.rpm qemu-ui-opengl-10.0.9-160000.1.1.aarch64.rpm qemu-ui-spice-app-10.0.9-160000.1.1.aarch64.rpm qemu-ui-spice-core-10.0.9-160000.1.1.aarch64.rpm qemu-vgabios-10.0.91.16.3_3_g3d33c746-160000.1.1.noarch.rpm qemu-vhost-user-gpu-10.0.9-160000.1.1.aarch64.rpm qemu-x86-10.0.9-160000.1.1.aarch64.rpm qemu-linux-user-10.0.9-160000.1.1.aarch64.rpm qemu-10.0.9-160000.1.1.ppc64le.rpm qemu-accel-qtest-10.0.9-160000.1.1.ppc64le.rpm qemu-arm-10.0.9-160000.1.1.ppc64le.rpm qemu-audio-alsa-10.0.9-160000.1.1.ppc64le.rpm qemu-audio-dbus-10.0.9-160000.1.1.ppc64le.rpm qemu-audio-jack-10.0.9-160000.1.1.ppc64le.rpm qemu-audio-oss-10.0.9-160000.1.1.ppc64le.rpm qemu-audio-pa-10.0.9-160000.1.1.ppc64le.rpm qemu-audio-pipewire-10.0.9-160000.1.1.ppc64le.rpm qemu-audio-spice-10.0.9-160000.1.1.ppc64le.rpm qemu-block-curl-10.0.9-160000.1.1.ppc64le.rpm qemu-block-dmg-10.0.9-160000.1.1.ppc64le.rpm qemu-block-iscsi-10.0.9-160000.1.1.ppc64le.rpm qemu-block-nfs-10.0.9-160000.1.1.ppc64le.rpm qemu-block-rbd-10.0.9-160000.1.1.ppc64le.rpm qemu-block-ssh-10.0.9-160000.1.1.ppc64le.rpm qemu-chardev-baum-10.0.9-160000.1.1.ppc64le.rpm qemu-chardev-spice-10.0.9-160000.1.1.ppc64le.rpm qemu-extra-10.0.9-160000.1.1.ppc64le.rpm qemu-guest-agent-10.0.9-160000.1.1.ppc64le.rpm qemu-headless-10.0.9-160000.1.1.ppc64le.rpm qemu-hw-display-qxl-10.0.9-160000.1.1.ppc64le.rpm qemu-hw-display-virtio-gpu-10.0.9-160000.1.1.ppc64le.rpm qemu-hw-display-virtio-gpu-pci-10.0.9-160000.1.1.ppc64le.rpm qemu-hw-display-virtio-vga-10.0.9-160000.1.1.ppc64le.rpm qemu-hw-s390x-virtio-gpu-ccw-10.0.9-160000.1.1.ppc64le.rpm qemu-hw-usb-host-10.0.9-160000.1.1.ppc64le.rpm qemu-hw-usb-redirect-10.0.9-160000.1.1.ppc64le.rpm qemu-hw-usb-smartcard-10.0.9-160000.1.1.ppc64le.rpm qemu-img-10.0.9-160000.1.1.ppc64le.rpm qemu-ivshmem-tools-10.0.9-160000.1.1.ppc64le.rpm qemu-ksm-10.0.9-160000.1.1.ppc64le.rpm qemu-ppc-10.0.9-160000.1.1.ppc64le.rpm qemu-pr-helper-10.0.9-160000.1.1.ppc64le.rpm qemu-s390x-10.0.9-160000.1.1.ppc64le.rpm qemu-spice-10.0.9-160000.1.1.ppc64le.rpm qemu-tools-10.0.9-160000.1.1.ppc64le.rpm qemu-ui-curses-10.0.9-160000.1.1.ppc64le.rpm qemu-ui-dbus-10.0.9-160000.1.1.ppc64le.rpm qemu-ui-gtk-10.0.9-160000.1.1.ppc64le.rpm qemu-ui-opengl-10.0.9-160000.1.1.ppc64le.rpm qemu-ui-spice-app-10.0.9-160000.1.1.ppc64le.rpm qemu-ui-spice-core-10.0.9-160000.1.1.ppc64le.rpm qemu-vhost-user-gpu-10.0.9-160000.1.1.ppc64le.rpm qemu-x86-10.0.9-160000.1.1.ppc64le.rpm qemu-linux-user-10.0.9-160000.1.1.ppc64le.rpm qemu-10.0.9-160000.1.1.s390x.rpm qemu-accel-qtest-10.0.9-160000.1.1.s390x.rpm qemu-arm-10.0.9-160000.1.1.s390x.rpm qemu-audio-alsa-10.0.9-160000.1.1.s390x.rpm qemu-audio-dbus-10.0.9-160000.1.1.s390x.rpm qemu-audio-jack-10.0.9-160000.1.1.s390x.rpm qemu-audio-oss-10.0.9-160000.1.1.s390x.rpm qemu-audio-pa-10.0.9-160000.1.1.s390x.rpm qemu-audio-pipewire-10.0.9-160000.1.1.s390x.rpm qemu-audio-spice-10.0.9-160000.1.1.s390x.rpm qemu-block-curl-10.0.9-160000.1.1.s390x.rpm qemu-block-dmg-10.0.9-160000.1.1.s390x.rpm qemu-block-iscsi-10.0.9-160000.1.1.s390x.rpm qemu-block-nfs-10.0.9-160000.1.1.s390x.rpm qemu-block-rbd-10.0.9-160000.1.1.s390x.rpm qemu-block-ssh-10.0.9-160000.1.1.s390x.rpm qemu-chardev-baum-10.0.9-160000.1.1.s390x.rpm qemu-chardev-spice-10.0.9-160000.1.1.s390x.rpm qemu-extra-10.0.9-160000.1.1.s390x.rpm qemu-guest-agent-10.0.9-160000.1.1.s390x.rpm qemu-headless-10.0.9-160000.1.1.s390x.rpm qemu-hw-display-qxl-10.0.9-160000.1.1.s390x.rpm qemu-hw-display-virtio-gpu-10.0.9-160000.1.1.s390x.rpm qemu-hw-display-virtio-gpu-pci-10.0.9-160000.1.1.s390x.rpm qemu-hw-display-virtio-vga-10.0.9-160000.1.1.s390x.rpm qemu-hw-s390x-virtio-gpu-ccw-10.0.9-160000.1.1.s390x.rpm qemu-hw-usb-host-10.0.9-160000.1.1.s390x.rpm qemu-hw-usb-redirect-10.0.9-160000.1.1.s390x.rpm qemu-hw-usb-smartcard-10.0.9-160000.1.1.s390x.rpm qemu-img-10.0.9-160000.1.1.s390x.rpm qemu-ivshmem-tools-10.0.9-160000.1.1.s390x.rpm qemu-ksm-10.0.9-160000.1.1.s390x.rpm qemu-ppc-10.0.9-160000.1.1.s390x.rpm qemu-pr-helper-10.0.9-160000.1.1.s390x.rpm qemu-s390x-10.0.9-160000.1.1.s390x.rpm qemu-spice-10.0.9-160000.1.1.s390x.rpm qemu-tools-10.0.9-160000.1.1.s390x.rpm qemu-ui-curses-10.0.9-160000.1.1.s390x.rpm qemu-ui-dbus-10.0.9-160000.1.1.s390x.rpm qemu-ui-gtk-10.0.9-160000.1.1.s390x.rpm qemu-ui-opengl-10.0.9-160000.1.1.s390x.rpm qemu-ui-spice-app-10.0.9-160000.1.1.s390x.rpm qemu-ui-spice-core-10.0.9-160000.1.1.s390x.rpm qemu-vhost-user-gpu-10.0.9-160000.1.1.s390x.rpm qemu-x86-10.0.9-160000.1.1.s390x.rpm qemu-linux-user-10.0.9-160000.1.1.s390x.rpm qemu-10.0.9-160000.1.1.x86_64.rpm qemu-accel-qtest-10.0.9-160000.1.1.x86_64.rpm qemu-arm-10.0.9-160000.1.1.x86_64.rpm qemu-audio-alsa-10.0.9-160000.1.1.x86_64.rpm qemu-audio-dbus-10.0.9-160000.1.1.x86_64.rpm qemu-audio-jack-10.0.9-160000.1.1.x86_64.rpm qemu-audio-oss-10.0.9-160000.1.1.x86_64.rpm qemu-audio-pa-10.0.9-160000.1.1.x86_64.rpm qemu-audio-pipewire-10.0.9-160000.1.1.x86_64.rpm qemu-audio-spice-10.0.9-160000.1.1.x86_64.rpm qemu-block-curl-10.0.9-160000.1.1.x86_64.rpm qemu-block-dmg-10.0.9-160000.1.1.x86_64.rpm qemu-block-iscsi-10.0.9-160000.1.1.x86_64.rpm qemu-block-nfs-10.0.9-160000.1.1.x86_64.rpm qemu-block-rbd-10.0.9-160000.1.1.x86_64.rpm qemu-block-ssh-10.0.9-160000.1.1.x86_64.rpm qemu-chardev-baum-10.0.9-160000.1.1.x86_64.rpm qemu-chardev-spice-10.0.9-160000.1.1.x86_64.rpm qemu-extra-10.0.9-160000.1.1.x86_64.rpm qemu-guest-agent-10.0.9-160000.1.1.x86_64.rpm qemu-headless-10.0.9-160000.1.1.x86_64.rpm qemu-hw-display-qxl-10.0.9-160000.1.1.x86_64.rpm qemu-hw-display-virtio-gpu-10.0.9-160000.1.1.x86_64.rpm qemu-hw-display-virtio-gpu-pci-10.0.9-160000.1.1.x86_64.rpm qemu-hw-display-virtio-vga-10.0.9-160000.1.1.x86_64.rpm qemu-hw-s390x-virtio-gpu-ccw-10.0.9-160000.1.1.x86_64.rpm qemu-hw-usb-host-10.0.9-160000.1.1.x86_64.rpm qemu-hw-usb-redirect-10.0.9-160000.1.1.x86_64.rpm qemu-hw-usb-smartcard-10.0.9-160000.1.1.x86_64.rpm qemu-img-10.0.9-160000.1.1.x86_64.rpm qemu-ivshmem-tools-10.0.9-160000.1.1.x86_64.rpm qemu-ksm-10.0.9-160000.1.1.x86_64.rpm qemu-ppc-10.0.9-160000.1.1.x86_64.rpm qemu-pr-helper-10.0.9-160000.1.1.x86_64.rpm qemu-s390x-10.0.9-160000.1.1.x86_64.rpm qemu-spice-10.0.9-160000.1.1.x86_64.rpm qemu-tools-10.0.9-160000.1.1.x86_64.rpm qemu-ui-curses-10.0.9-160000.1.1.x86_64.rpm qemu-ui-dbus-10.0.9-160000.1.1.x86_64.rpm qemu-ui-gtk-10.0.9-160000.1.1.x86_64.rpm qemu-ui-opengl-10.0.9-160000.1.1.x86_64.rpm qemu-ui-spice-app-10.0.9-160000.1.1.x86_64.rpm qemu-ui-spice-core-10.0.9-160000.1.1.x86_64.rpm qemu-vhost-user-gpu-10.0.9-160000.1.1.x86_64.rpm qemu-vmsr-helper-10.0.9-160000.1.1.x86_64.rpm qemu-x86-10.0.9-160000.1.1.x86_64.rpm qemu-linux-user-10.0.9-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-592 Recommended update for crmsh important SUSE SLFO 1.2 This update for crmsh fixes the following issues: - Update to version 5.0.0+20260403.7274d51c: * Fix: bootstrap: Ensure robust node identification when removing from cluster (bsc#1259683) * Fix: utils: Raise UnreachableNodeError for those ssh unreachable nodes (bsc#1250645) * Fix: sbd: Update the formular to calculate the expected fencing-watchdog-timeout * Fix: log: Disable color when not on a TTY (bsc#1259178) * Fix: cibverify: If no errors found, treat crm_verify result as success (bsc#1250349) * Fix: log: Add milliseconds time format to crmsh.log (bsc#1255021) * Fix: ui_cluster: Stop dlm in maintenance mode correctly (bsc#1253733) * Dev: utils: Rename utils.ssh_reachable_check to utils.ssh_port_reachable_check * Dev: utils: Check if the peer node needs password to access * Dev: utils: Rename utils.node_reachable_check to utils.ssh_reachable_check * Dev: utils: Adjust node_reachable_check function and the way it is used * Dev: ui_utils: Move ui_node.parse_option_for_nodes to ui_utils.parse_and_validate_node_args * Dev: doc: Update the formular to calculate the expected fencing-watchdog-timeout * Dev: bootstrap: Sync directory sbd.SBDManager.SBD_SYSTEMD_DELAY_START_DIR * Dev: bootstrap: Refactor retrieve_all_config_files function * Dev: behave_agent: Prevent client hang behind firewall during long cluster joins * Dev: sh: Use sh_helper.py for su commands (bsc#1254757) * Dev: doc: Mention about watchdog-device option also acceptes driver name * Dev: watchdog: Improve the fatal error logging message * Dev: ui_cluster: Hint the watchdog option should be used with sbd option * Dev: bootstrap: Skip inactive cluster node when calling restart_cluster function * Dev: corosync: Add milliseconds to log time format * Dev: utils: Reuse methods in xmlutil.CrmMonXmlParser crmsh-5.0.0+20260403.7274d51c-160000.1.1.noarch.rpm crmsh-scripts-5.0.0+20260403.7274d51c-160000.1.1.noarch.rpm crmsh-test-5.0.0+20260403.7274d51c-160000.1.1.noarch.rpm openSUSE-Leap-16.0-593 Security update for rust1.94 moderate SUSE SLFO 1.2 This update for rust1.94 fixes the following issues: Changes in rust1.94: - Don't force gcc-15 on SLE-16 and higher (bsc#1261876) Update to rust1.94.1: - Release notes can be found externally: https://github.com/rust-lang/rust/releases/tag/1.94.1 - Avoid unwrapping varint decoding during parameters parsing (bsc#1259623 CVE-2026-31812). - Release notes can be found externally: https://github.com/rust-lang/rust/releases/tag/1.94.0 cargo1.94-1.94.1-160000.1.1.aarch64.rpm rust1.94-1.94.1-160000.1.1.aarch64.rpm rust1.94-src-1.94.1-160000.1.1.noarch.rpm cargo1.94-1.94.1-160000.1.1.ppc64le.rpm rust1.94-1.94.1-160000.1.1.ppc64le.rpm cargo1.94-1.94.1-160000.1.1.s390x.rpm rust1.94-1.94.1-160000.1.1.s390x.rpm cargo1.94-1.94.1-160000.1.1.x86_64.rpm rust1.94-1.94.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-594 Security update for go1.25 important SUSE SLFO 1.2 This update for go1.25 fixes the following issues: - Update to version go1.25.9 (bsc#1244485). - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG (bsc#1261653). - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination (bsc#1261654). - CVE-2026-27144: cmd/compile: no-op interface conversion bypasses overlap checking (bsc#1261655). - CVE-2026-32280: crypto/x509: unexpected work during chain building (bsc#1261656). - CVE-2026-32281: crypto/x509: inefficient policy validation (bsc#1261657). - CVE-2026-32282: os: Root.Chmod can follow symlinks out of the root on Linux (bsc#1261658). - CVE-2026-32283: crypto/tls: multiple key update handshake messages can cause connection to deadlock (bsc#1261659). - CVE-2026-32288: archive/tar: unbounded allocation when parsing old format GNU sparse map (bsc#1261660). - CVE-2026-32289: html/template: JS template literal context incorrectly tracked (bsc#1261661). go1.25-1.25.9-160000.1.1.aarch64.rpm go1.25-doc-1.25.9-160000.1.1.aarch64.rpm go1.25-libstd-1.25.9-160000.1.1.aarch64.rpm go1.25-race-1.25.9-160000.1.1.aarch64.rpm go1.25-1.25.9-160000.1.1.ppc64le.rpm go1.25-doc-1.25.9-160000.1.1.ppc64le.rpm go1.25-race-1.25.9-160000.1.1.ppc64le.rpm go1.25-1.25.9-160000.1.1.s390x.rpm go1.25-doc-1.25.9-160000.1.1.s390x.rpm go1.25-race-1.25.9-160000.1.1.s390x.rpm go1.25-1.25.9-160000.1.1.x86_64.rpm go1.25-doc-1.25.9-160000.1.1.x86_64.rpm go1.25-libstd-1.25.9-160000.1.1.x86_64.rpm go1.25-race-1.25.9-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-595 Security update for go1.26 important SUSE SLFO 1.2 This update for go1.26 fixes the following issues: - Update to version go1.26.2 (bsc#1255111). - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG (bsc#1261653). - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination (bsc#1261654). - CVE-2026-27144: cmd/compile: no-op interface conversion bypasses overlap checking (bsc#1261655). - CVE-2026-32280: crypto/x509: unexpected work during chain building (bsc#1261656). - CVE-2026-32281: crypto/x509: inefficient policy validation (bsc#1261657). - CVE-2026-32282: os: Root.Chmod can follow symlinks out of the root on Linux (bsc#1261658). - CVE-2026-32283: crypto/tls: multiple key update handshake messages can cause connection to deadlock (bsc#1261659). - CVE-2026-32288: archive/tar: unbounded allocation when parsing old format GNU sparse map (bsc#1261660). - CVE-2026-32289: html/template: JS template literal context incorrectly tracked (bsc#1261661). - CVE-2026-33810: crypto/x509: excluded DNS constraints not properly applied to wildcard domains (bsc#1261662). go1.26-1.26.2-160000.1.1.aarch64.rpm go1.26-doc-1.26.2-160000.1.1.aarch64.rpm go1.26-libstd-1.26.2-160000.1.1.aarch64.rpm go1.26-race-1.26.2-160000.1.1.aarch64.rpm go1.26-1.26.2-160000.1.1.ppc64le.rpm go1.26-doc-1.26.2-160000.1.1.ppc64le.rpm go1.26-race-1.26.2-160000.1.1.ppc64le.rpm go1.26-1.26.2-160000.1.1.s390x.rpm go1.26-doc-1.26.2-160000.1.1.s390x.rpm go1.26-race-1.26.2-160000.1.1.s390x.rpm go1.26-1.26.2-160000.1.1.x86_64.rpm go1.26-doc-1.26.2-160000.1.1.x86_64.rpm go1.26-libstd-1.26.2-160000.1.1.x86_64.rpm go1.26-race-1.26.2-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-596 Security update for the Linux Kernel important SUSE SLFO 1.2 The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073). - CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084). - CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647). - CVE-2025-71239: audit: add fchmodat2() to change attributes class (bsc#1259759). - CVE-2026-23072: l2tp: Fix memleak in l2tp_udp_encap_recv() (bsc#1257708). - CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). - CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280). - CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293). - CVE-2026-23138: kABI: Preserve values of the trace recursion bits (bsc#1258301). - CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305). - CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330). - CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414). - CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337). - CVE-2026-23204: net: add skb_header_pointer_careful() helper (bsc#1258340). - CVE-2026-23215: x86/vmware: Fix hypercall clobbers (bsc#1258476). - CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447). - CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188). - CVE-2026-23239: espintcp: Fix race condition in espintcp_close() (bsc#1259485). - CVE-2026-23240: tls: Fix race condition in tls_sw_cancel_work_tx() (bsc#1259484). - CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795). - CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). - CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891). - CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870). - CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886). - CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009). - CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). - CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997). - CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998). - CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464). - CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500). - CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486). - CVE-2026-23297: nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit() (bsc#1260490). - CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544). - CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735). - CVE-2026-23326: xsk: Fix fragment node deletion to prevent buffer leak (bsc#1260606). - CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550). - CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527). - CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732). - CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481). - CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471). - CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497). - CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799). - CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion (bsc#1260522). - CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730). - CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498). - CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496). - CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507). - CVE-2026-23425: KVM: arm64: Fix ID register initialization for non-protected pKVM guests (bsc#1261506). - CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707). The following non security issues were fixed: - KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461). - KVM: x86: synthesize CPUID bits only if CPU capability is set (bsc#1257511). - Revert "drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129)." - Update config files (bsc#1254307). - apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). - apparmor: fix differential encoding verification (bsc#1258849). - apparmor: fix memory leak in verify_header (bsc#1258849). - apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). - apparmor: fix race between freeing data and fs accessing it (bsc#1258849). - apparmor: fix race on rawdata dereference (bsc#1258849). - apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). - apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). - apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). - apparmor: replace recursive profile removal with iterative approach (bsc#1258849). - apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). - bpf, btf: Enforce destructor kfunc type with CFI (bsc#1259955). - bpf: crypto: Use the correct destructor kfunc type (bsc#1259955). - btrfs: only enforce free space tree if v1 cache is required for bs < ps cases (bsc#1260459). - btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777). - dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes). - drm/amdkfd: Unreserve bo if queue update failed (git-fixes). - drm/i915/display: Add module param to skip retraining of dp link (bsc#1253129). - drm/i915/dsc: Add Selective Update register definitions (stable-fixes). - drm/i915/dsc: Add helper for writing DSC Selective Update ET parameters (stable-fixes). - firmware: microchip: fail auto-update probe if no flash found (git-fixes). - kABI: Include trace recursion bits in kABI tracking (bsc#1258301). - net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580). - nvme: add support for dynamic quirk configuration via module parameter (bsc#1243208). - nvme: expose active quirks in sysfs (bsc#1243208). - nvme: fix memory leak in quirks_param_set() (bsc#1243208). - powerpc/crash: adjust the elfcorehdr size (jsc#PED-11175 git-fixes). - powerpc/kdump: Fix size calculation for hot-removed memory ranges (jsc#PED-11175 git-fixes). - s390/cio: Update purge function to unregister the unused subchannels (bsc#1254214). - s390/ipl: Clear SBP flag when bootprog is set (bsc#1258175). - s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306). - scsi: fnic: Add Cisco hardware model names (jsc#PED-15441). - scsi: fnic: Add and integrate support for FDMI (jsc#PED-15441). - scsi: fnic: Add and integrate support for FIP (jsc#PED-15441). - scsi: fnic: Add functionality in fnic to support FDLS (jsc#PED-15441). - scsi: fnic: Add headers and definitions for FDLS (jsc#PED-15441). - scsi: fnic: Add stats and related functionality (jsc#PED-15441). - scsi: fnic: Add support for fabric based solicited requests and responses (jsc#PED-15441). - scsi: fnic: Add support for target based solicited requests and responses (jsc#PED-15441). - scsi: fnic: Add support for unsolicited requests and responses (jsc#PED-15441). - scsi: fnic: Add support to handle port channel RSCN (jsc#PED-15441). - scsi: fnic: Code cleanup (jsc#PED-15441). - scsi: fnic: Delete incorrect debugfs error handling (jsc#PED-15441). - scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out (jsc#PED-15441). - scsi: fnic: Fix indentation and remove unnecessary parenthesis (jsc#PED-15441). - scsi: fnic: Fix missing DMA mapping error in fnic_send_frame() (jsc#PED-15441). - scsi: fnic: Fix use of uninitialized value in debug message (jsc#PED-15441). - scsi: fnic: Increment driver version (jsc#PED-15441). - scsi: fnic: Modify IO path to use FDLS (jsc#PED-15441). - scsi: fnic: Modify fnic interfaces to use FDLS (jsc#PED-15441). - scsi: fnic: Propagate SCSI error code from fnic_scsi_drv_init() (jsc#PED-15441). - scsi: fnic: Remove always-true IS_FNIC_FCP_INITIATOR macro (jsc#PED-15441). - scsi: fnic: Remove extern definition from .c files (jsc#PED-15441). - scsi: fnic: Remove unnecessary debug print (jsc#PED-15441). - scsi: fnic: Remove unnecessary else and unnecessary break in FDLS (jsc#PED-15441). - scsi: fnic: Remove unnecessary else to fix warning in FDLS FIP (jsc#PED-15441). - scsi: fnic: Remove unnecessary spinlock locking and unlocking (jsc#PED-15441). - scsi: fnic: Replace fnic->lock_flags with local flags (jsc#PED-15441). - scsi: fnic: Replace shost_printk() with dev_info()/dev_err() (jsc#PED-15441). - scsi: fnic: Replace use of sizeof with standard usage (jsc#PED-15441). - scsi: fnic: Return appropriate error code for mem alloc failure (jsc#PED-15441). - scsi: fnic: Return appropriate error code from failure of scsi drv init (jsc#PED-15441). - scsi: fnic: Test for memory allocation failure and return error code (jsc#PED-15441). - scsi: fnic: Turn off FDMI ACTIVE flags on link down (jsc#PED-15441). - scsi: hisi_sas: Fix NULL pointer exception during user_scan() (bsc#1255687). - scsi: scsi_transport_sas: Fix the maximum channel scanning issue (bsc#1255687, git-fixes). - scsi: smartpqi: Fix memory leak in pqi_report_phys_luns() (git-fixes, jsc#PED-15042). - selftests/bpf: Use the correct destructor kfunc type (bsc#1259955). - selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669 ltc#212590). - tg3: Fix race for querying speed/duplex (bsc#1257183). - x86/platform/uv: Handle deconfigured sockets (bsc#1260347). kernel-devel-6.12.0-160000.28.1.noarch.rpm True kernel-macros-6.12.0-160000.28.1.noarch.rpm True kernel-source-6.12.0-160000.28.1.noarch.rpm True kernel-source-vanilla-6.12.0-160000.28.1.noarch.rpm True kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64.rpm True dtb-allwinner-6.12.0-160000.28.1.aarch64.rpm True dtb-altera-6.12.0-160000.28.1.aarch64.rpm True dtb-amazon-6.12.0-160000.28.1.aarch64.rpm True dtb-amd-6.12.0-160000.28.1.aarch64.rpm True dtb-amlogic-6.12.0-160000.28.1.aarch64.rpm True dtb-apm-6.12.0-160000.28.1.aarch64.rpm True dtb-apple-6.12.0-160000.28.1.aarch64.rpm True dtb-arm-6.12.0-160000.28.1.aarch64.rpm True dtb-broadcom-6.12.0-160000.28.1.aarch64.rpm True dtb-cavium-6.12.0-160000.28.1.aarch64.rpm True dtb-exynos-6.12.0-160000.28.1.aarch64.rpm True dtb-freescale-6.12.0-160000.28.1.aarch64.rpm True dtb-hisilicon-6.12.0-160000.28.1.aarch64.rpm True dtb-lg-6.12.0-160000.28.1.aarch64.rpm True dtb-marvell-6.12.0-160000.28.1.aarch64.rpm True dtb-mediatek-6.12.0-160000.28.1.aarch64.rpm True dtb-nvidia-6.12.0-160000.28.1.aarch64.rpm True dtb-qcom-6.12.0-160000.28.1.aarch64.rpm True dtb-renesas-6.12.0-160000.28.1.aarch64.rpm True dtb-rockchip-6.12.0-160000.28.1.aarch64.rpm True dtb-socionext-6.12.0-160000.28.1.aarch64.rpm True dtb-sprd-6.12.0-160000.28.1.aarch64.rpm True dtb-xilinx-6.12.0-160000.28.1.aarch64.rpm True cluster-md-kmp-64kb-6.12.0-160000.28.1.aarch64.rpm True dlm-kmp-64kb-6.12.0-160000.28.1.aarch64.rpm True gfs2-kmp-64kb-6.12.0-160000.28.1.aarch64.rpm True kernel-64kb-6.12.0-160000.28.1.aarch64.rpm True kernel-64kb-devel-6.12.0-160000.28.1.aarch64.rpm True kernel-64kb-extra-6.12.0-160000.28.1.aarch64.rpm True kernel-64kb-optional-6.12.0-160000.28.1.aarch64.rpm True kselftests-kmp-64kb-6.12.0-160000.28.1.aarch64.rpm True ocfs2-kmp-64kb-6.12.0-160000.28.1.aarch64.rpm True cluster-md-kmp-azure-6.12.0-160000.28.1.aarch64.rpm True dlm-kmp-azure-6.12.0-160000.28.1.aarch64.rpm True gfs2-kmp-azure-6.12.0-160000.28.1.aarch64.rpm True kernel-azure-6.12.0-160000.28.1.aarch64.rpm True kernel-azure-devel-6.12.0-160000.28.1.aarch64.rpm True kernel-azure-extra-6.12.0-160000.28.1.aarch64.rpm True kernel-azure-optional-6.12.0-160000.28.1.aarch64.rpm True kselftests-kmp-azure-6.12.0-160000.28.1.aarch64.rpm True ocfs2-kmp-azure-6.12.0-160000.28.1.aarch64.rpm True cluster-md-kmp-default-6.12.0-160000.28.1.aarch64.rpm True dlm-kmp-default-6.12.0-160000.28.1.aarch64.rpm True gfs2-kmp-default-6.12.0-160000.28.1.aarch64.rpm True kernel-default-6.12.0-160000.28.1.aarch64.rpm True kernel-default-devel-6.12.0-160000.28.1.aarch64.rpm True kernel-default-extra-6.12.0-160000.28.1.aarch64.rpm True kernel-default-optional-6.12.0-160000.28.1.aarch64.rpm True kselftests-kmp-default-6.12.0-160000.28.1.aarch64.rpm True ocfs2-kmp-default-6.12.0-160000.28.1.aarch64.rpm True kernel-docs-6.12.0-160000.28.1.noarch.rpm True kernel-docs-html-6.12.0-160000.28.1.noarch.rpm True kernel-kvmsmall-6.12.0-160000.28.1.aarch64.rpm True kernel-kvmsmall-devel-6.12.0-160000.28.1.aarch64.rpm True kernel-obs-build-6.12.0-160000.28.1.aarch64.rpm True kernel-obs-qa-6.12.0-160000.28.1.aarch64.rpm True cluster-md-kmp-rt-6.12.0-160000.28.1.aarch64.rpm True dlm-kmp-rt-6.12.0-160000.28.1.aarch64.rpm True gfs2-kmp-rt-6.12.0-160000.28.1.aarch64.rpm True kernel-rt-6.12.0-160000.28.1.aarch64.rpm True kernel-rt-devel-6.12.0-160000.28.1.aarch64.rpm True kernel-rt-extra-6.12.0-160000.28.1.aarch64.rpm True kernel-rt-optional-6.12.0-160000.28.1.aarch64.rpm True kselftests-kmp-rt-6.12.0-160000.28.1.aarch64.rpm True ocfs2-kmp-rt-6.12.0-160000.28.1.aarch64.rpm True kernel-syms-6.12.0-160000.28.1.aarch64.rpm True kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le.rpm True cluster-md-kmp-default-6.12.0-160000.28.1.ppc64le.rpm True dlm-kmp-default-6.12.0-160000.28.1.ppc64le.rpm True gfs2-kmp-default-6.12.0-160000.28.1.ppc64le.rpm True kernel-default-6.12.0-160000.28.1.ppc64le.rpm True kernel-default-devel-6.12.0-160000.28.1.ppc64le.rpm True kernel-default-extra-6.12.0-160000.28.1.ppc64le.rpm True kernel-default-optional-6.12.0-160000.28.1.ppc64le.rpm True kselftests-kmp-default-6.12.0-160000.28.1.ppc64le.rpm True ocfs2-kmp-default-6.12.0-160000.28.1.ppc64le.rpm True kernel-kvmsmall-6.12.0-160000.28.1.ppc64le.rpm True kernel-kvmsmall-devel-6.12.0-160000.28.1.ppc64le.rpm True kernel-obs-build-6.12.0-160000.28.1.ppc64le.rpm True kernel-obs-qa-6.12.0-160000.28.1.ppc64le.rpm True kernel-syms-6.12.0-160000.28.1.ppc64le.rpm True cluster-md-kmp-default-6.12.0-160000.28.1.s390x.rpm True dlm-kmp-default-6.12.0-160000.28.1.s390x.rpm True gfs2-kmp-default-6.12.0-160000.28.1.s390x.rpm True kernel-default-6.12.0-160000.28.1.s390x.rpm True kernel-default-devel-6.12.0-160000.28.1.s390x.rpm True kernel-default-extra-6.12.0-160000.28.1.s390x.rpm True kernel-default-optional-6.12.0-160000.28.1.s390x.rpm True kselftests-kmp-default-6.12.0-160000.28.1.s390x.rpm True ocfs2-kmp-default-6.12.0-160000.28.1.s390x.rpm True kernel-obs-build-6.12.0-160000.28.1.s390x.rpm True kernel-obs-qa-6.12.0-160000.28.1.s390x.rpm True kernel-syms-6.12.0-160000.28.1.s390x.rpm True kernel-zfcpdump-6.12.0-160000.28.1.s390x.rpm True kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64.rpm True cluster-md-kmp-azure-6.12.0-160000.28.1.x86_64.rpm True dlm-kmp-azure-6.12.0-160000.28.1.x86_64.rpm True gfs2-kmp-azure-6.12.0-160000.28.1.x86_64.rpm True kernel-azure-6.12.0-160000.28.1.x86_64.rpm True kernel-azure-devel-6.12.0-160000.28.1.x86_64.rpm True kernel-azure-extra-6.12.0-160000.28.1.x86_64.rpm True kernel-azure-optional-6.12.0-160000.28.1.x86_64.rpm True kernel-azure-vdso-6.12.0-160000.28.1.x86_64.rpm True kselftests-kmp-azure-6.12.0-160000.28.1.x86_64.rpm True ocfs2-kmp-azure-6.12.0-160000.28.1.x86_64.rpm True cluster-md-kmp-default-6.12.0-160000.28.1.x86_64.rpm True dlm-kmp-default-6.12.0-160000.28.1.x86_64.rpm True gfs2-kmp-default-6.12.0-160000.28.1.x86_64.rpm True kernel-default-6.12.0-160000.28.1.x86_64.rpm True kernel-default-devel-6.12.0-160000.28.1.x86_64.rpm True kernel-default-extra-6.12.0-160000.28.1.x86_64.rpm True kernel-default-optional-6.12.0-160000.28.1.x86_64.rpm True kernel-default-vdso-6.12.0-160000.28.1.x86_64.rpm True kselftests-kmp-default-6.12.0-160000.28.1.x86_64.rpm True ocfs2-kmp-default-6.12.0-160000.28.1.x86_64.rpm True kernel-kvmsmall-6.12.0-160000.28.1.x86_64.rpm True kernel-kvmsmall-devel-6.12.0-160000.28.1.x86_64.rpm True kernel-kvmsmall-vdso-6.12.0-160000.28.1.x86_64.rpm True kernel-obs-build-6.12.0-160000.28.1.x86_64.rpm True kernel-obs-qa-6.12.0-160000.28.1.x86_64.rpm True cluster-md-kmp-rt-6.12.0-160000.28.1.x86_64.rpm True dlm-kmp-rt-6.12.0-160000.28.1.x86_64.rpm True gfs2-kmp-rt-6.12.0-160000.28.1.x86_64.rpm True kernel-rt-6.12.0-160000.28.1.x86_64.rpm True kernel-rt-devel-6.12.0-160000.28.1.x86_64.rpm True kernel-rt-extra-6.12.0-160000.28.1.x86_64.rpm True kernel-rt-optional-6.12.0-160000.28.1.x86_64.rpm True kernel-rt-vdso-6.12.0-160000.28.1.x86_64.rpm True kselftests-kmp-rt-6.12.0-160000.28.1.x86_64.rpm True ocfs2-kmp-rt-6.12.0-160000.28.1.x86_64.rpm True kernel-syms-6.12.0-160000.28.1.x86_64.rpm True openSUSE-Leap-16.0-598 Recommended update for pcr-oracle moderate SUSE SLFO 1.2 This update for pcr-oracle fixes the following issues: - Update to 0.6.0: * Initial support for CI tests * Fix additional arguments following the PCR index * CI: Shutdown the swtpm instance after tests * Fix stop event check crash for grub-command (bsc#1258119) * Print PCR values during signing or sealing pcr-oracle-0.6.0-160000.1.1.aarch64.rpm pcr-oracle-0.6.0-160000.1.1.ppc64le.rpm pcr-oracle-0.6.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-599 Security update for libraw important SUSE SLFO 1.2 This update for libraw fixes the following issues: - CVE-2026-5342: crafted TIFF/NEF file can cause an out-of-bounds read (bsc#1261499). - CVE-2026-20884: integer overflow vulnerability in the deflate_dng_load_raw (bsc#1261671). - CVE-2026-20889: heap-based buffer overflow vulnerability in the x3f_thumb_loader (bsc#1261672). - CVE-2026-20911: heap-based buffer overflow vulnerability in the HuffTable: initval (bsc#1261673). - CVE-2026-21413: heap-based buffer overflow vulnerability in the lossless_jpeg_load_raw (bsc#1261674). - CVE-2026-24450: integer overflow vulnerability in uncompressed_fp_dng_load_raw (bsc#1261675). - CVE-2026-24660: heap-based buffer overflow vulnerability in the x3f_load_huffman (bsc#1261676). libraw-devel-0.21.4-160000.3.1.aarch64.rpm libraw-devel-static-0.21.4-160000.3.1.aarch64.rpm libraw-tools-0.21.4-160000.3.1.aarch64.rpm libraw23-0.21.4-160000.3.1.aarch64.rpm libraw-devel-0.21.4-160000.3.1.ppc64le.rpm libraw-devel-static-0.21.4-160000.3.1.ppc64le.rpm libraw-tools-0.21.4-160000.3.1.ppc64le.rpm libraw23-0.21.4-160000.3.1.ppc64le.rpm libraw-devel-0.21.4-160000.3.1.s390x.rpm libraw-devel-static-0.21.4-160000.3.1.s390x.rpm libraw-tools-0.21.4-160000.3.1.s390x.rpm libraw23-0.21.4-160000.3.1.s390x.rpm libraw-devel-0.21.4-160000.3.1.x86_64.rpm libraw-devel-static-0.21.4-160000.3.1.x86_64.rpm libraw-tools-0.21.4-160000.3.1.x86_64.rpm libraw23-0.21.4-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-60 Recommended update for cyrus-sasl moderate SUSE SLFO 1.2 This update for cyrus-sasl fixes the following issues: - Fixed Python3 error log upon importing pycurl (bsc#1233529) cyrus-sasl-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-crammd5-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-devel-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-digestmd5-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-gs2-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-gssapi-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-ntlm-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-otp-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-plain-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-scram-2.1.28-160000.3.1.aarch64.rpm libsasl2-3-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-bdb-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-bdb-crammd5-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-bdb-devel-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-bdb-digestmd5-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-bdb-gs2-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-bdb-gssapi-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-bdb-ntlm-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-bdb-otp-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-bdb-plain-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-bdb-scram-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-ldap-auxprop-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-saslauthd-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-sqlauxprop-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-ldap-auxprop-bdb-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-saslauthd-bdb-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-sqlauxprop-bdb-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-crammd5-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-devel-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-digestmd5-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-gs2-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-gssapi-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-ntlm-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-otp-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-plain-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-scram-2.1.28-160000.3.1.ppc64le.rpm libsasl2-3-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-bdb-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-bdb-crammd5-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-bdb-devel-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-bdb-digestmd5-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-bdb-gs2-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-bdb-gssapi-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-bdb-ntlm-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-bdb-otp-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-bdb-plain-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-bdb-scram-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-ldap-auxprop-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-saslauthd-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-sqlauxprop-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-ldap-auxprop-bdb-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-saslauthd-bdb-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-sqlauxprop-bdb-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-crammd5-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-devel-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-digestmd5-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-gs2-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-gssapi-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-ntlm-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-otp-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-plain-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-scram-2.1.28-160000.3.1.s390x.rpm libsasl2-3-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-bdb-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-bdb-crammd5-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-bdb-devel-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-bdb-digestmd5-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-bdb-gs2-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-bdb-gssapi-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-bdb-ntlm-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-bdb-otp-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-bdb-plain-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-bdb-scram-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-ldap-auxprop-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-saslauthd-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-sqlauxprop-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-ldap-auxprop-bdb-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-saslauthd-bdb-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-sqlauxprop-bdb-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-crammd5-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-devel-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-digestmd5-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-gs2-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-gssapi-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-ntlm-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-otp-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-plain-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-scram-2.1.28-160000.3.1.x86_64.rpm libsasl2-3-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-bdb-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-bdb-crammd5-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-bdb-devel-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-bdb-digestmd5-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-bdb-gs2-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-bdb-gssapi-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-bdb-ntlm-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-bdb-otp-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-bdb-plain-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-bdb-scram-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-ldap-auxprop-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-saslauthd-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-sqlauxprop-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-ldap-auxprop-bdb-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-saslauthd-bdb-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-sqlauxprop-bdb-2.1.28-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-600 Security update for gnome-remote-desktop moderate SUSE SLFO 1.2 This update for gnome-remote-desktop fixes the following issues: Update to version 48.3. Security issues fixed: - CVE-2025-5024: an unauthenticated attacker can exhaust system resources (bsc#1244053). Other updates and bugfixes: - Version update to 48.3: + Fix image corruption on some NVIDIA GPUs. - Version upadte to 48.2: + Handle Vulkan dma-buf format compatibility issues. gnome-remote-desktop-48.3-160000.1.1.aarch64.rpm gnome-remote-desktop-lang-48.3-160000.1.1.noarch.rpm gnome-remote-desktop-48.3-160000.1.1.ppc64le.rpm gnome-remote-desktop-48.3-160000.1.1.s390x.rpm gnome-remote-desktop-48.3-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-601 Security update for GraphicsMagick moderate SUSE SLFO 1.2 This update for GraphicsMagick fixes the following issue: - CVE-2026-33535: out-of-bounds write of a zero byte in the X11 `display` interaction path can lead to a crash (bsc#1260874). GraphicsMagick-1.3.45-160000.5.1.aarch64.rpm GraphicsMagick-devel-1.3.45-160000.5.1.aarch64.rpm libGraphicsMagick++-Q16-12-1.3.45-160000.5.1.aarch64.rpm libGraphicsMagick++-devel-1.3.45-160000.5.1.aarch64.rpm libGraphicsMagick-Q16-3-1.3.45-160000.5.1.aarch64.rpm libGraphicsMagick3-config-1.3.45-160000.5.1.aarch64.rpm libGraphicsMagickWand-Q16-2-1.3.45-160000.5.1.aarch64.rpm perl-GraphicsMagick-1.3.45-160000.5.1.aarch64.rpm GraphicsMagick-1.3.45-160000.5.1.ppc64le.rpm GraphicsMagick-devel-1.3.45-160000.5.1.ppc64le.rpm libGraphicsMagick++-Q16-12-1.3.45-160000.5.1.ppc64le.rpm libGraphicsMagick++-devel-1.3.45-160000.5.1.ppc64le.rpm libGraphicsMagick-Q16-3-1.3.45-160000.5.1.ppc64le.rpm libGraphicsMagick3-config-1.3.45-160000.5.1.ppc64le.rpm libGraphicsMagickWand-Q16-2-1.3.45-160000.5.1.ppc64le.rpm perl-GraphicsMagick-1.3.45-160000.5.1.ppc64le.rpm GraphicsMagick-1.3.45-160000.5.1.s390x.rpm GraphicsMagick-devel-1.3.45-160000.5.1.s390x.rpm libGraphicsMagick++-Q16-12-1.3.45-160000.5.1.s390x.rpm libGraphicsMagick++-devel-1.3.45-160000.5.1.s390x.rpm libGraphicsMagick-Q16-3-1.3.45-160000.5.1.s390x.rpm libGraphicsMagick3-config-1.3.45-160000.5.1.s390x.rpm libGraphicsMagickWand-Q16-2-1.3.45-160000.5.1.s390x.rpm perl-GraphicsMagick-1.3.45-160000.5.1.s390x.rpm GraphicsMagick-1.3.45-160000.5.1.x86_64.rpm GraphicsMagick-devel-1.3.45-160000.5.1.x86_64.rpm libGraphicsMagick++-Q16-12-1.3.45-160000.5.1.x86_64.rpm libGraphicsMagick++-devel-1.3.45-160000.5.1.x86_64.rpm libGraphicsMagick-Q16-3-1.3.45-160000.5.1.x86_64.rpm libGraphicsMagick3-config-1.3.45-160000.5.1.x86_64.rpm libGraphicsMagickWand-Q16-2-1.3.45-160000.5.1.x86_64.rpm perl-GraphicsMagick-1.3.45-160000.5.1.x86_64.rpm openSUSE-Leap-16.0-602 Security update for ghostscript moderate SUSE SLFO 1.2 This update for ghostscript fixes the following issues: Update to version 10.06.0. Security issues fixed: - CVE-2025-59800: an integer overflow can lead to a heap-based buffer overflow in ocr_line8 (bsc#1250355). - CVE-2025-59799: a large size value can cause a stack-based buffer overflow in pdfmark_coerce_dest (bsc#1250354). - CVE-2025-59798: stack-based buffer overflow in pdf_write_cmap can lead to a denial-of-service (bsc#1250353). - CVE-2025-48708: lacks of argument sanitization may lead to password disclosure (bsc#1243701). - CVE-2025-46646: mishandling of overlong utf-8 encoding in artifex ghostscript's decode_utf8 function (bsc#1257699). Other updates and bugfixes: - switch over to libalternatives for ghostscript to provide a gs variant (bsc#1245896) - Version upgrade to 10.06.0: * removes the non-standard operator "selectdevice" (cf. the entry below dated Tue Apr 1 09:56:06 UTC 2025) - Version upgrade to 10.05.1: * an overflow issue in Freetype on platforms where long is a 4 byte (rather than 8 byte) type (Microsoft Windows, for example) causing corrupted glyph rendering at higher resolutions * an issue with embedded files, affecting Zugferd format PDF creation. * broken logic in PDF Optional Content processing * potential slow down due to searching for identifiable font files * a small number of extreme edge case segmentation faults. ghostscript-10.06.0-160000.1.1.aarch64.rpm ghostscript-devel-10.06.0-160000.1.1.aarch64.rpm ghostscript-x11-10.06.0-160000.1.1.aarch64.rpm ghostscript-10.06.0-160000.1.1.ppc64le.rpm ghostscript-devel-10.06.0-160000.1.1.ppc64le.rpm ghostscript-x11-10.06.0-160000.1.1.ppc64le.rpm ghostscript-10.06.0-160000.1.1.s390x.rpm ghostscript-devel-10.06.0-160000.1.1.s390x.rpm ghostscript-x11-10.06.0-160000.1.1.s390x.rpm ghostscript-10.06.0-160000.1.1.x86_64.rpm ghostscript-devel-10.06.0-160000.1.1.x86_64.rpm ghostscript-x11-10.06.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-603 Security update for libpng16 moderate SUSE SLFO 1.2 This update for libpng16 fixes the following issue: - CVE-2026-34757: libpng: Information disclosure and data corruption via use-after-free vulnerability (bsc#1261957). libpng16-16-1.6.44-160000.7.1.aarch64.rpm libpng16-compat-devel-1.6.44-160000.7.1.aarch64.rpm libpng16-devel-1.6.44-160000.7.1.aarch64.rpm libpng16-tools-1.6.44-160000.7.1.aarch64.rpm libpng16-16-1.6.44-160000.7.1.ppc64le.rpm libpng16-compat-devel-1.6.44-160000.7.1.ppc64le.rpm libpng16-devel-1.6.44-160000.7.1.ppc64le.rpm libpng16-tools-1.6.44-160000.7.1.ppc64le.rpm libpng16-16-1.6.44-160000.7.1.s390x.rpm libpng16-compat-devel-1.6.44-160000.7.1.s390x.rpm libpng16-devel-1.6.44-160000.7.1.s390x.rpm libpng16-tools-1.6.44-160000.7.1.s390x.rpm libpng16-16-1.6.44-160000.7.1.x86_64.rpm libpng16-16-x86-64-v3-1.6.44-160000.7.1.x86_64.rpm libpng16-compat-devel-1.6.44-160000.7.1.x86_64.rpm libpng16-compat-devel-x86-64-v3-1.6.44-160000.7.1.x86_64.rpm libpng16-devel-1.6.44-160000.7.1.x86_64.rpm libpng16-devel-x86-64-v3-1.6.44-160000.7.1.x86_64.rpm libpng16-tools-1.6.44-160000.7.1.x86_64.rpm openSUSE-Leap-16.0-604 Recommended update for gdb important SUSE SLFO 1.2 This update for gdb fixes the following issues: Changes in gdb: - Re-enable ptype /o for flexible array member types (swo#33966, bsc#1249147). - Fix TUI crash when encountering a debuginfod query while entering TUI (swo#31449, swo#33794). - Fix a case on x86_64/-m32 where displaced stepping steps out of the displaced stepping buffer (swo#33997). - Fix generation of core files using gcore for glibc 2.42 (swo#33855). - Fix slow symbol lookup with dwz-compressed debuginfo (swo#33825, bsc#1257111). - Fix failure to list source file with dwz-compressed debuginfo (brc#2403580). - Fix slow symbol table reading with dwz-compressed debuginfo (swo#33777). - Fix heap-use-after-free, reported by TSAN. - Fix backtrace through signal trampoline on s390x (swo#33708). - Work around recursively defined sle_version on openSUSE Leap 16.0 (bsc#1238724). gdb-16.3-160000.4.1.aarch64.rpm gdbserver-16.3-160000.4.1.aarch64.rpm gdb-testresults-16.3-160000.4.1.aarch64.rpm gdb-16.3-160000.4.1.ppc64le.rpm gdbserver-16.3-160000.4.1.ppc64le.rpm gdb-testresults-16.3-160000.4.1.ppc64le.rpm gdb-16.3-160000.4.1.s390x.rpm gdbserver-16.3-160000.4.1.s390x.rpm gdb-testresults-16.3-160000.4.1.s390x.rpm gdb-16.3-160000.4.1.x86_64.rpm gdbserver-16.3-160000.4.1.x86_64.rpm gdb-testresults-16.3-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-605 Security update for tomcat11 important SUSE SLFO 1.2 This update for tomcat11 fixes the following issues: - Update to Tomcat 11.0.21 - CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850). - CVE-2026-25854: Occasionally open redirect (bsc#1261851). - CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852). - CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853). - CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854). - CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855). - CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856). - CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857). - CVE-2026-32990: The fix for CVE-2025-66614 was incomplete. (bsc#1258371) tomcat11-11.0.21-160000.1.1.noarch.rpm tomcat11-admin-webapps-11.0.21-160000.1.1.noarch.rpm tomcat11-doc-11.0.21-160000.1.1.noarch.rpm tomcat11-docs-webapp-11.0.21-160000.1.1.noarch.rpm tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch.rpm tomcat11-embed-11.0.21-160000.1.1.noarch.rpm tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch.rpm tomcat11-jsvc-11.0.21-160000.1.1.noarch.rpm tomcat11-lib-11.0.21-160000.1.1.noarch.rpm tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch.rpm tomcat11-webapps-11.0.21-160000.1.1.noarch.rpm openSUSE-Leap-16.0-61 Recommended update for libHBAAPI2 important SUSE SLFO 1.2 This update for libHBAAPI2 fixes the following issues: - use %license tag for COPYING (bsc#1252158) libHBAAPI2-2.2.10-160000.3.1.aarch64.rpm libHBAAPI2-devel-2.2.10-160000.3.1.aarch64.rpm libHBAAPI2-2.2.10-160000.3.1.ppc64le.rpm libHBAAPI2-devel-2.2.10-160000.3.1.ppc64le.rpm libHBAAPI2-2.2.10-160000.3.1.s390x.rpm libHBAAPI2-devel-2.2.10-160000.3.1.s390x.rpm libHBAAPI2-2.2.10-160000.3.1.x86_64.rpm libHBAAPI2-devel-2.2.10-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-611 Recommended update for agama, rubygem-agama-yast important SUSE SLFO 1.2 This update for agama, rubygem-agama-yast fixes the following issues: Changes in agama: - Automatically try loading the autoinstallation profile from the root of the installation medium (jsc#PED-16010) - Run scripts from /var/lib/agama/scripts (bsc#1261787). - Add the zFCP controller internal id to the device when some update is notified (bsc#1247445). - When obtaining the controllers through the HTTP API, do not retrieve the controllers LUNs in case of inactive. - Return error code when using "agama config generate", "agama config load" or "agama config validate" does not validate the given profile (bsc#1256951, gh#agama-project/agama#3304). Changes in rubygem-agama-yast: - Use /var/lib/agama/scripts to save the scripts in the target system (bsc#1261787). - Increase the Net::HTTP read_timeout to 300 seconds to mitigates timeouts during installation tasks (e.g., running scripts or writing files) (bsc#1259745) (gh#agama-project/agama#3296). - Cherry pick test fix for the AutoYaST legacy proposal (original PR gh#agama-project/agama#2640). - Add errors to the output of agama-autoyast (related to bsc#1259434). - Properly handle nil user passwords when importing users from AutoYaST (related to bsc#1259434). - Do not report AutoYaST elements as unsupported if the value is empty (bsc#1259458). agama-17+552.696adcca2-160000.9.1.aarch64.rpm agama-autoinstall-17+552.696adcca2-160000.9.1.aarch64.rpm agama-cli-17+552.696adcca2-160000.9.1.aarch64.rpm agama-cli-bash-completion-17+552.696adcca2-160000.9.1.noarch.rpm agama-cli-fish-completion-17+552.696adcca2-160000.9.1.noarch.rpm agama-cli-zsh-completion-17+552.696adcca2-160000.9.1.noarch.rpm agama-openapi-17+552.696adcca2-160000.9.1.aarch64.rpm agama-scripts-17+552.696adcca2-160000.9.1.aarch64.rpm ruby3.4-rubygem-agama-yast-17.devel548.1005e25eb-160000.1.1.aarch64.rpm agama-yast-17.devel548.1005e25eb-160000.1.1.aarch64.rpm agama-17+552.696adcca2-160000.9.1.ppc64le.rpm agama-autoinstall-17+552.696adcca2-160000.9.1.ppc64le.rpm agama-cli-17+552.696adcca2-160000.9.1.ppc64le.rpm agama-openapi-17+552.696adcca2-160000.9.1.ppc64le.rpm agama-scripts-17+552.696adcca2-160000.9.1.ppc64le.rpm ruby3.4-rubygem-agama-yast-17.devel548.1005e25eb-160000.1.1.ppc64le.rpm agama-yast-17.devel548.1005e25eb-160000.1.1.ppc64le.rpm agama-17+552.696adcca2-160000.9.1.s390x.rpm agama-autoinstall-17+552.696adcca2-160000.9.1.s390x.rpm agama-cli-17+552.696adcca2-160000.9.1.s390x.rpm agama-openapi-17+552.696adcca2-160000.9.1.s390x.rpm agama-scripts-17+552.696adcca2-160000.9.1.s390x.rpm ruby3.4-rubygem-agama-yast-17.devel548.1005e25eb-160000.1.1.s390x.rpm agama-yast-17.devel548.1005e25eb-160000.1.1.s390x.rpm agama-17+552.696adcca2-160000.9.1.x86_64.rpm agama-autoinstall-17+552.696adcca2-160000.9.1.x86_64.rpm agama-cli-17+552.696adcca2-160000.9.1.x86_64.rpm agama-openapi-17+552.696adcca2-160000.9.1.x86_64.rpm agama-scripts-17+552.696adcca2-160000.9.1.x86_64.rpm ruby3.4-rubygem-agama-yast-17.devel548.1005e25eb-160000.1.1.x86_64.rpm agama-yast-17.devel548.1005e25eb-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-612 Security update for giflib moderate SUSE SLFO 1.2 This update for giflib fixes the following issue: - CVE-2026-23868: double-free result of a shallow copy can lead to memory corruption (bsc#1259502). giflib-devel-5.2.2-160000.3.1.aarch64.rpm giflib-progs-5.2.2-160000.3.1.aarch64.rpm libgif7-5.2.2-160000.3.1.aarch64.rpm giflib-devel-5.2.2-160000.3.1.ppc64le.rpm giflib-progs-5.2.2-160000.3.1.ppc64le.rpm libgif7-5.2.2-160000.3.1.ppc64le.rpm giflib-devel-5.2.2-160000.3.1.s390x.rpm giflib-progs-5.2.2-160000.3.1.s390x.rpm libgif7-5.2.2-160000.3.1.s390x.rpm giflib-devel-5.2.2-160000.3.1.x86_64.rpm giflib-progs-5.2.2-160000.3.1.x86_64.rpm libgif7-5.2.2-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-614 Recommended update for mutt moderate SUSE SLFO 1.2 This update for mutt fixes the following issues: - Remove dependency on update-desktop-files (jsc#PED-15228) - Update to mutt 2.2.16: * fixing an IMAP search/limit bug - Exclude sample ca-bundle.crt as it is outdated (bsc#1246321) - Update to mutt 2.2.14: * fixing a couple possible crashes, in GPGME and with IMAP when logging out * and correcting a small issue with unnecessary encoding of "." in attachment names (2231 encoding). - Make doc info and hmtl file build without network - Set default mail spool files mutt-2.2.16-160000.1.1.aarch64.rpm mutt-doc-2.2.16-160000.1.1.noarch.rpm mutt-lang-2.2.16-160000.1.1.noarch.rpm mutt-2.2.16-160000.1.1.ppc64le.rpm mutt-2.2.16-160000.1.1.s390x.rpm mutt-2.2.16-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-615 Security update for ignition important SUSE SLFO 1.2 This update for ignition fixes the following issue: - CVE-2026-33186: Fixed an authorization bypass due to improper validation of the HTTP/2: path pseudo-header (bsc#1260251). ignition-2.21.0-160000.3.1.aarch64.rpm ignition-2.21.0-160000.3.1.ppc64le.rpm ignition-2.21.0-160000.3.1.s390x.rpm ignition-2.21.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-616 Security update for sudo important SUSE SLFO 1.2 This update for sudo fixes the following issues: - CVE-2026-35535: unhandled failure of `setuid`, `setgid` or `setgroups` calls during a mailer privilege drop allows for local privilege escalation (bsc#1261420). sudo-1.9.17p1-160000.3.1.aarch64.rpm sudo-devel-1.9.17p1-160000.3.1.aarch64.rpm sudo-plugin-python-1.9.17p1-160000.3.1.aarch64.rpm sudo-policy-sudo-auth-self-1.9.17p1-160000.3.1.aarch64.rpm sudo-policy-wheel-auth-self-1.9.17p1-160000.3.1.aarch64.rpm sudo-test-1.9.17p1-160000.3.1.aarch64.rpm system-group-sudo-1.9.17p1-160000.3.1.aarch64.rpm sudo-1.9.17p1-160000.3.1.ppc64le.rpm sudo-devel-1.9.17p1-160000.3.1.ppc64le.rpm sudo-plugin-python-1.9.17p1-160000.3.1.ppc64le.rpm sudo-policy-sudo-auth-self-1.9.17p1-160000.3.1.ppc64le.rpm sudo-policy-wheel-auth-self-1.9.17p1-160000.3.1.ppc64le.rpm sudo-test-1.9.17p1-160000.3.1.ppc64le.rpm system-group-sudo-1.9.17p1-160000.3.1.ppc64le.rpm sudo-1.9.17p1-160000.3.1.s390x.rpm sudo-devel-1.9.17p1-160000.3.1.s390x.rpm sudo-plugin-python-1.9.17p1-160000.3.1.s390x.rpm sudo-policy-sudo-auth-self-1.9.17p1-160000.3.1.s390x.rpm sudo-policy-wheel-auth-self-1.9.17p1-160000.3.1.s390x.rpm sudo-test-1.9.17p1-160000.3.1.s390x.rpm system-group-sudo-1.9.17p1-160000.3.1.s390x.rpm sudo-1.9.17p1-160000.3.1.x86_64.rpm sudo-devel-1.9.17p1-160000.3.1.x86_64.rpm sudo-plugin-python-1.9.17p1-160000.3.1.x86_64.rpm sudo-policy-sudo-auth-self-1.9.17p1-160000.3.1.x86_64.rpm sudo-policy-wheel-auth-self-1.9.17p1-160000.3.1.x86_64.rpm sudo-test-1.9.17p1-160000.3.1.x86_64.rpm system-group-sudo-1.9.17p1-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-617 Security update for openexr important SUSE SLFO 1.2 This update for openexr fixes the following issues: - CVE-2026-34379: misaligned memory write during file decoding can cause a denial of service (bsc#1261621). - CVE-2026-34380: lack of proper check can lead to integer overflow in image decoding (bsc#1261622). - CVE-2026-34588: crafted EXR file can lead to out of bound read and write (bsc#1261624). - CVE-2026-34589: crafted scanline DWAA file can lead to arbitrary code execution or denial of service (bsc#1261634). libIex-3_2-31-3.2.2-160000.6.1.aarch64.rpm libIlmThread-3_2-31-3.2.2-160000.6.1.aarch64.rpm libOpenEXR-3_2-31-3.2.2-160000.6.1.aarch64.rpm libOpenEXRCore-3_2-31-3.2.2-160000.6.1.aarch64.rpm libOpenEXRUtil-3_2-31-3.2.2-160000.6.1.aarch64.rpm openexr-3.2.2-160000.6.1.aarch64.rpm openexr-devel-3.2.2-160000.6.1.aarch64.rpm openexr-doc-3.2.2-160000.6.1.noarch.rpm libIex-3_2-31-3.2.2-160000.6.1.ppc64le.rpm libIlmThread-3_2-31-3.2.2-160000.6.1.ppc64le.rpm libOpenEXR-3_2-31-3.2.2-160000.6.1.ppc64le.rpm libOpenEXRCore-3_2-31-3.2.2-160000.6.1.ppc64le.rpm libOpenEXRUtil-3_2-31-3.2.2-160000.6.1.ppc64le.rpm openexr-3.2.2-160000.6.1.ppc64le.rpm openexr-devel-3.2.2-160000.6.1.ppc64le.rpm libIex-3_2-31-3.2.2-160000.6.1.s390x.rpm libIlmThread-3_2-31-3.2.2-160000.6.1.s390x.rpm libOpenEXR-3_2-31-3.2.2-160000.6.1.s390x.rpm libOpenEXRCore-3_2-31-3.2.2-160000.6.1.s390x.rpm libOpenEXRUtil-3_2-31-3.2.2-160000.6.1.s390x.rpm openexr-3.2.2-160000.6.1.s390x.rpm openexr-devel-3.2.2-160000.6.1.s390x.rpm libIex-3_2-31-3.2.2-160000.6.1.x86_64.rpm libIex-3_2-31-x86-64-v3-3.2.2-160000.6.1.x86_64.rpm libIlmThread-3_2-31-3.2.2-160000.6.1.x86_64.rpm libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.6.1.x86_64.rpm libOpenEXR-3_2-31-3.2.2-160000.6.1.x86_64.rpm libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.6.1.x86_64.rpm libOpenEXRCore-3_2-31-3.2.2-160000.6.1.x86_64.rpm libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.6.1.x86_64.rpm libOpenEXRUtil-3_2-31-3.2.2-160000.6.1.x86_64.rpm libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.6.1.x86_64.rpm openexr-3.2.2-160000.6.1.x86_64.rpm openexr-devel-3.2.2-160000.6.1.x86_64.rpm openSUSE-Leap-16.0-618 Security update for ImageMagick important SUSE SLFO 1.2 This update for ImageMagick fixes the following issues: - CVE-2026-32259: stack out-of-bounds write due to a memory allocation failure in the sixel encoder can lead to a crash (bsc#1259612). - CVE-2026-32636: out-of-bounds write of a single zero byte due to bug the `NewXMLTree` method can lead to denial of service (bsc#1259872). - CVE-2026-33535: out-of-bounds write of a zero byte in X11 `display` interaction path can lead to a crash (bsc#1260874). - CVE-2026-33536: stack out-of-bounds write due to incorrect return value on certain platforms can lead to a denial of service (bsc#1260879). - CVE-2026-33899: out-of-bounds write of single zero byte in XML parsing can lead to a denial of service (bsc#1262154). - CVE-2026-33900: heap out-of-bounds write due to integer truncation in viff encoder can lead to a crash (bsc#1262156). - CVE-2026-33901: heap buffer overflow in the MVG decoder can lead to memory corruption or a crash (bsc#1262155). - CVE-2026-33902: stack buffer overflow in the FX expression parser can lead to a process crash (bsc#1262153). - CVE-2026-33905: out-of-bounds read in `-sample` operation can lead to a denial of service (bsc#1262097). - CVE-2026-33908: recursive execution with no depth limit imposed when processing XML files can lead to resource exhaustion and a denial of service (bsc#1262152). - CVE-2026-34238: heap buffer overflow due to integer overflow in the despeckle operation can lead to a denial of service (bsc#1262147). - CVE-2026-40169: out-of-bounds heap write when processing a crafted image and writing a YAML or JSON output can lead to a crash (bsc#1262150). - CVE-2026-40183: heap out-of-bounds write in the JXL encoder can lead to a denial of service (bsc#1262145). - CVE-2026-40310: heap out-of-bounds write in the JP2 encoder can lead to a denial of service (bsc#1262148). - CVE-2026-40311: heap use-after-free when reading and printing values from an invalid XMP profile can lead to a denial of service (bsc#1262146). - CVE-2026-40312: off-by-one error in the MSL decoder can lead to a crash (bsc#1262149). ImageMagick-7.1.2.0-160000.8.1.aarch64.rpm ImageMagick-config-7-SUSE-7.1.2.0-160000.8.1.noarch.rpm ImageMagick-devel-7.1.2.0-160000.8.1.aarch64.rpm ImageMagick-doc-7.1.2.0-160000.8.1.noarch.rpm ImageMagick-extra-7.1.2.0-160000.8.1.aarch64.rpm libMagick++-7_Q16HDRI5-7.1.2.0-160000.8.1.aarch64.rpm libMagick++-devel-7.1.2.0-160000.8.1.aarch64.rpm libMagickCore-7_Q16HDRI10-7.1.2.0-160000.8.1.aarch64.rpm libMagickWand-7_Q16HDRI10-7.1.2.0-160000.8.1.aarch64.rpm perl-PerlMagick-7.1.2.0-160000.8.1.aarch64.rpm ImageMagick-config-7-upstream-limited-7.1.2.0-160000.8.1.noarch.rpm ImageMagick-config-7-upstream-open-7.1.2.0-160000.8.1.noarch.rpm ImageMagick-config-7-upstream-secure-7.1.2.0-160000.8.1.noarch.rpm ImageMagick-config-7-upstream-websafe-7.1.2.0-160000.8.1.noarch.rpm ImageMagick-7.1.2.0-160000.8.1.ppc64le.rpm ImageMagick-devel-7.1.2.0-160000.8.1.ppc64le.rpm ImageMagick-extra-7.1.2.0-160000.8.1.ppc64le.rpm libMagick++-7_Q16HDRI5-7.1.2.0-160000.8.1.ppc64le.rpm libMagick++-devel-7.1.2.0-160000.8.1.ppc64le.rpm libMagickCore-7_Q16HDRI10-7.1.2.0-160000.8.1.ppc64le.rpm libMagickWand-7_Q16HDRI10-7.1.2.0-160000.8.1.ppc64le.rpm perl-PerlMagick-7.1.2.0-160000.8.1.ppc64le.rpm ImageMagick-7.1.2.0-160000.8.1.s390x.rpm ImageMagick-devel-7.1.2.0-160000.8.1.s390x.rpm ImageMagick-extra-7.1.2.0-160000.8.1.s390x.rpm libMagick++-7_Q16HDRI5-7.1.2.0-160000.8.1.s390x.rpm libMagick++-devel-7.1.2.0-160000.8.1.s390x.rpm libMagickCore-7_Q16HDRI10-7.1.2.0-160000.8.1.s390x.rpm libMagickWand-7_Q16HDRI10-7.1.2.0-160000.8.1.s390x.rpm perl-PerlMagick-7.1.2.0-160000.8.1.s390x.rpm ImageMagick-7.1.2.0-160000.8.1.x86_64.rpm ImageMagick-devel-7.1.2.0-160000.8.1.x86_64.rpm ImageMagick-extra-7.1.2.0-160000.8.1.x86_64.rpm libMagick++-7_Q16HDRI5-7.1.2.0-160000.8.1.x86_64.rpm libMagick++-devel-7.1.2.0-160000.8.1.x86_64.rpm libMagickCore-7_Q16HDRI10-7.1.2.0-160000.8.1.x86_64.rpm libMagickWand-7_Q16HDRI10-7.1.2.0-160000.8.1.x86_64.rpm perl-PerlMagick-7.1.2.0-160000.8.1.x86_64.rpm openSUSE-Leap-16.0-619 Security update for erlang important SUSE SLFO 1.2 This update for erlang fixes the following issues: Security issues fixed: - CVE-2026-21620: improper isolation and compartmentalization can lead to TFTP relative path traversal and remote arbitrary reads/writes (bsc#1258663). - CVE-2026-23941: improper handling of duplicate Content-Length headers in Erlang OTP can lead to HTTP request smuggling (bsc#1259687). - CVE-2026-23942: improper limitation of a pathname to a restricted directory in the SFTP server can lead to path traversal (bsc#1259681). - CVE-2026-23943: improper handling of highly compressed data in Erlang OTP ssh can lead to denial of service (bsc#1259682). - CVE-2026-28808: incorrect authorization can lead to unauthenticated access to protected CGI scripts (bsc#1261728). - CVE-2026-28810: predictable DNS transaction IDs can lead to DNS cache poisoning (bsc#1261726). - CVE-2026-32144: missing signature verification can lead to OCSP authorization bypass and information disclosure (bsc#1261734). Other updates and bugfixes: - jinterface: allow to build determenistic OtpErlang.jar (bsc#1262288). erlang-27.1.3-160000.4.1.aarch64.rpm erlang-debugger-27.1.3-160000.4.1.aarch64.rpm erlang-debugger-src-27.1.3-160000.4.1.aarch64.rpm erlang-dialyzer-27.1.3-160000.4.1.aarch64.rpm erlang-dialyzer-src-27.1.3-160000.4.1.aarch64.rpm erlang-diameter-27.1.3-160000.4.1.aarch64.rpm erlang-diameter-src-27.1.3-160000.4.1.aarch64.rpm erlang-doc-27.1.3-160000.4.1.aarch64.rpm erlang-epmd-27.1.3-160000.4.1.aarch64.rpm erlang-et-27.1.3-160000.4.1.aarch64.rpm erlang-et-src-27.1.3-160000.4.1.aarch64.rpm erlang-jinterface-27.1.3-160000.4.1.aarch64.rpm erlang-jinterface-src-27.1.3-160000.4.1.aarch64.rpm erlang-observer-27.1.3-160000.4.1.aarch64.rpm erlang-observer-src-27.1.3-160000.4.1.aarch64.rpm erlang-reltool-27.1.3-160000.4.1.aarch64.rpm erlang-reltool-src-27.1.3-160000.4.1.aarch64.rpm erlang-src-27.1.3-160000.4.1.aarch64.rpm erlang-wx-27.1.3-160000.4.1.aarch64.rpm erlang-wx-src-27.1.3-160000.4.1.aarch64.rpm erlang-27.1.3-160000.4.1.ppc64le.rpm erlang-debugger-27.1.3-160000.4.1.ppc64le.rpm erlang-debugger-src-27.1.3-160000.4.1.ppc64le.rpm erlang-dialyzer-27.1.3-160000.4.1.ppc64le.rpm erlang-dialyzer-src-27.1.3-160000.4.1.ppc64le.rpm erlang-diameter-27.1.3-160000.4.1.ppc64le.rpm erlang-diameter-src-27.1.3-160000.4.1.ppc64le.rpm erlang-doc-27.1.3-160000.4.1.ppc64le.rpm erlang-epmd-27.1.3-160000.4.1.ppc64le.rpm erlang-et-27.1.3-160000.4.1.ppc64le.rpm erlang-et-src-27.1.3-160000.4.1.ppc64le.rpm erlang-jinterface-27.1.3-160000.4.1.ppc64le.rpm erlang-jinterface-src-27.1.3-160000.4.1.ppc64le.rpm erlang-observer-27.1.3-160000.4.1.ppc64le.rpm erlang-observer-src-27.1.3-160000.4.1.ppc64le.rpm erlang-reltool-27.1.3-160000.4.1.ppc64le.rpm erlang-reltool-src-27.1.3-160000.4.1.ppc64le.rpm erlang-src-27.1.3-160000.4.1.ppc64le.rpm erlang-wx-27.1.3-160000.4.1.ppc64le.rpm erlang-wx-src-27.1.3-160000.4.1.ppc64le.rpm erlang-27.1.3-160000.4.1.s390x.rpm erlang-debugger-27.1.3-160000.4.1.s390x.rpm erlang-debugger-src-27.1.3-160000.4.1.s390x.rpm erlang-dialyzer-27.1.3-160000.4.1.s390x.rpm erlang-dialyzer-src-27.1.3-160000.4.1.s390x.rpm erlang-diameter-27.1.3-160000.4.1.s390x.rpm erlang-diameter-src-27.1.3-160000.4.1.s390x.rpm erlang-epmd-27.1.3-160000.4.1.s390x.rpm erlang-et-27.1.3-160000.4.1.s390x.rpm erlang-et-src-27.1.3-160000.4.1.s390x.rpm erlang-jinterface-27.1.3-160000.4.1.s390x.rpm erlang-jinterface-src-27.1.3-160000.4.1.s390x.rpm erlang-observer-27.1.3-160000.4.1.s390x.rpm erlang-observer-src-27.1.3-160000.4.1.s390x.rpm erlang-reltool-27.1.3-160000.4.1.s390x.rpm erlang-reltool-src-27.1.3-160000.4.1.s390x.rpm erlang-src-27.1.3-160000.4.1.s390x.rpm erlang-wx-27.1.3-160000.4.1.s390x.rpm erlang-wx-src-27.1.3-160000.4.1.s390x.rpm erlang-27.1.3-160000.4.1.x86_64.rpm erlang-debugger-27.1.3-160000.4.1.x86_64.rpm erlang-debugger-src-27.1.3-160000.4.1.x86_64.rpm erlang-dialyzer-27.1.3-160000.4.1.x86_64.rpm erlang-dialyzer-src-27.1.3-160000.4.1.x86_64.rpm erlang-diameter-27.1.3-160000.4.1.x86_64.rpm erlang-diameter-src-27.1.3-160000.4.1.x86_64.rpm erlang-doc-27.1.3-160000.4.1.x86_64.rpm erlang-epmd-27.1.3-160000.4.1.x86_64.rpm erlang-et-27.1.3-160000.4.1.x86_64.rpm erlang-et-src-27.1.3-160000.4.1.x86_64.rpm erlang-jinterface-27.1.3-160000.4.1.x86_64.rpm erlang-jinterface-src-27.1.3-160000.4.1.x86_64.rpm erlang-observer-27.1.3-160000.4.1.x86_64.rpm erlang-observer-src-27.1.3-160000.4.1.x86_64.rpm erlang-reltool-27.1.3-160000.4.1.x86_64.rpm erlang-reltool-src-27.1.3-160000.4.1.x86_64.rpm erlang-src-27.1.3-160000.4.1.x86_64.rpm erlang-wx-27.1.3-160000.4.1.x86_64.rpm erlang-wx-src-27.1.3-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-620 Security update for fontforge important SUSE SLFO 1.2 This update for fontforge fixes the following issues: - CVE-2025-15270: lack of proper validation of user-supplied data when parsing SFD files can lead to OOB writes and arbitrary code execution (bsc#1256031). fontforge-20251009-160000.2.1.aarch64.rpm fontforge-devel-20251009-160000.2.1.aarch64.rpm fontforge-doc-20251009-160000.2.1.noarch.rpm fontforge-20251009-160000.2.1.ppc64le.rpm fontforge-devel-20251009-160000.2.1.ppc64le.rpm fontforge-20251009-160000.2.1.s390x.rpm fontforge-devel-20251009-160000.2.1.s390x.rpm fontforge-20251009-160000.2.1.x86_64.rpm fontforge-devel-20251009-160000.2.1.x86_64.rpm openSUSE-Leap-16.0-621 Security update for google-guest-agent important SUSE SLFO 1.2 This update for google-guest-agent fixes the following issues: Update to version 20250506.01 (bsc#1243254, bsc#1243505). Security issues fixed: - CVE-2024-45337: golang.org/x/crypto/ssh: misuse of the ServerConfig.PublicKeyCallback callback can lead to authorization bypass in applications (bsc#1234563). - CVE-2023-45288: golang.org/x/net/http2: no limit set for number of HTTP/2 CONTINUATION frames that can be read for an HTTP/2 request can lead to excessive CPU consumption and a DoS (bsc#1236533). Other updates and bugfixes: - Version 20250506.01: * Make sure agent added connections are activated by NM (#534) - Version 20250506.00: * Wrap NSS cache refresh in a goroutine (#533) - Version 20250502.01: * Wicked: Only reload interfaces for which configurations are written or changed. (#524) - Version 20250502.00: * Add AuthorizedKeysCompat to windows packaging (#530) * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527) * Update guest-logging-go dependency (#526) * Add 'created-by' metadata, and pass it as option to logging library (#508) * Revert "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523) * Re-enable disabled services if the core plugin was enabled (#522) * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Update startup/shutdown services to launch compat manager (#503) * Bundle new gce metadata script runner binary in agent package (#502) * Revert "Revert bundling new binaries in the package (#509)" (#511) - Version 20250418.00: * Re-enable disabled services if the core plugin was enabled (#521) - Version 20250414.00: * Add AuthorizedKeysCompat to windows packaging (#530) * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527) * Update guest-logging-go dependency (#526) * Add 'created-by' metadata, and pass it as option to logging library (#508) * Revert "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523) * Re-enable disabled services if the core plugin was enabled (#522) * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Update startup/shutdown services to launch compat manager (#503) * Bundle new gce metadata script runner binary in agent package (#502) * Revert "Revert bundling new binaries in the package (#509)" (#511) - Version 20250327.01 (bsc#1239763, bsc#1239866): * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527) - Version 20250327.00: * Update guest-logging-go dependency (#526) * Add 'created-by' metadata, and pass it as option to logging library (#508) * Revert "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523) * Re-enable disabled services if the core plugin was enabled (#522) * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Update startup/shutdown services to launch compat manager (#503) * Bundle new gce metadata script runner binary in agent package (#502) * Revert "Revert bundling new binaries in the package (#509)" (#511) - Version 20250326.00: * Re-enable disabled services if the core plugin was enabled (#521) - Version 20250324.00: * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Update startup/shutdown services to launch compat manager (#503) * Bundle new gce metadata script runner binary in agent package (#502) * Revert "Revert bundling new binaries in the package (#509)" (#511) * Revert bundling new binaries in the package (#509) * Fix typo in windows build script (#501) * Include core plugin binary for all packages (#500) * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) - Version 20250317.00: * Revert "Revert bundling new binaries in the package (#509)" (#511) * Revert bundling new binaries in the package (#509) * Fix typo in windows build script (#501) * Include core plugin binary for all packages (#500) * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) - Version 20250312.00: * Revert bundling new binaries in the package (#509) * Fix typo in windows build script (#501) * Include core plugin binary for all packages (#500) * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) - Version 20250305.00: * Revert bundling new binaries in the package (#509) * Fix typo in windows build script (#501) * Include core plugin binary for all packages (#500) * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) - Version 20250304.01: * Fix typo in windows build script (#501) - Version 20250214.01: * Include core plugin binary for all packages (#500) - Version 20250212.00: * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) - Version 20250211.00: * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) - Version 20250207.00: * vlan: toggle vlan configuration in debian packaging (#495) * vlan: move config out of unstable section (#494) * Add clarification to comments regarding invalid NICs and the `invalid` tag. (#493) * Include interfaces in lists even if it has an invalid MAC. (#489) * Fix windows package build failures (#491) * vlan: don't index based on the vlan ID (#486) * Revert PR #482 (#488) * Remove Amy and Zach from OWNERS (#487) * Skip interfaces in interfaceNames() instead of erroring if there is an (#482) * Fix Debian packaging if guest agent manager is not checked out (#485) - Version 20250204.02: * force concourse to move version forward. - Version 20250204.01: * vlan: toggle vlan configuration in debian packaging (#495) - Version 20250204.00: * vlan: move config out of unstable section (#494) * Add clarification to comments regarding invalid NICs and the `invalid` tag. (#493) - Version 20250203.01: * Include interfaces in lists even if it has an invalid MAC. (#489) - Version 20250203.00: * Fix windows package build failures (#491) * vlan: don't index based on the vlan ID (#486) * Revert PR #482 (#488) * Remove Amy and Zach from OWNERS (#487) * Skip interfaces in interfaceNames() instead of erroring if there is an (#482) * Fix Debian packaging if guest agent manager is not checked out (#485) - Version 20250122.00: * networkd(vlan): remove the interface in addition to config (#468) * Implement support for vlan dynamic removal, update dhclient to remove only if configured (#465) * Update logging library (#479) * Remove Pat from owners file. (#478) google-guest-agent-20250506.01-160000.1.1.aarch64.rpm google-guest-agent-20250506.01-160000.1.1.ppc64le.rpm google-guest-agent-20250506.01-160000.1.1.s390x.rpm google-guest-agent-20250506.01-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-622 Security update for librsvg important SUSE SLFO 1.2 This update for librsvg fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257922). gdk-pixbuf-loader-rsvg-2.60.2-160000.2.1.aarch64.rpm librsvg-2-2-2.60.2-160000.2.1.aarch64.rpm librsvg-devel-2.60.2-160000.2.1.aarch64.rpm rsvg-convert-2.60.2-160000.2.1.aarch64.rpm rsvg-thumbnailer-2.60.2-160000.2.1.noarch.rpm typelib-1_0-Rsvg-2_0-2.60.2-160000.2.1.aarch64.rpm gdk-pixbuf-loader-rsvg-2.60.2-160000.2.1.ppc64le.rpm librsvg-2-2-2.60.2-160000.2.1.ppc64le.rpm librsvg-devel-2.60.2-160000.2.1.ppc64le.rpm rsvg-convert-2.60.2-160000.2.1.ppc64le.rpm typelib-1_0-Rsvg-2_0-2.60.2-160000.2.1.ppc64le.rpm gdk-pixbuf-loader-rsvg-2.60.2-160000.2.1.s390x.rpm librsvg-2-2-2.60.2-160000.2.1.s390x.rpm librsvg-devel-2.60.2-160000.2.1.s390x.rpm rsvg-convert-2.60.2-160000.2.1.s390x.rpm typelib-1_0-Rsvg-2_0-2.60.2-160000.2.1.s390x.rpm gdk-pixbuf-loader-rsvg-2.60.2-160000.2.1.x86_64.rpm librsvg-2-2-2.60.2-160000.2.1.x86_64.rpm librsvg-devel-2.60.2-160000.2.1.x86_64.rpm rsvg-convert-2.60.2-160000.2.1.x86_64.rpm typelib-1_0-Rsvg-2_0-2.60.2-160000.2.1.x86_64.rpm openSUSE-Leap-16.0-623 Security update for tomcat important SUSE SLFO 1.2 This update for tomcat fixes the following issues: - CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850). - CVE-2026-25854: Occasionally open redirect (bsc#1261851). - CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852). - CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853). - CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854). - CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855). - CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856). - CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857). - CVE-2026-32990: The fix for CVE-2025-66614 was incomplete. (bsc#1258371) tomcat-9.0.117-160000.1.1.noarch.rpm tomcat-admin-webapps-9.0.117-160000.1.1.noarch.rpm tomcat-docs-webapp-9.0.117-160000.1.1.noarch.rpm tomcat-el-3_0-api-9.0.117-160000.1.1.noarch.rpm tomcat-embed-9.0.117-160000.1.1.noarch.rpm tomcat-javadoc-9.0.117-160000.1.1.noarch.rpm tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch.rpm tomcat-jsvc-9.0.117-160000.1.1.noarch.rpm tomcat-lib-9.0.117-160000.1.1.noarch.rpm tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch.rpm tomcat-webapps-9.0.117-160000.1.1.noarch.rpm openSUSE-Leap-16.0-624 Security update for tomcat10 important SUSE SLFO 1.2 This update for tomcat10 fixes the following issues: - Update to Tomcat 10.1.54 - CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850). - CVE-2026-25854: Occasionally open redirect (bsc#1261851). - CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852). - CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853). - CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854). - CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855). - CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856). - CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857). - CVE-2026-32990: The fix for CVE-2025-66614 was incomplete. (bsc#1258371) tomcat10-10.1.54-160000.1.1.noarch.rpm tomcat10-admin-webapps-10.1.54-160000.1.1.noarch.rpm tomcat10-doc-10.1.54-160000.1.1.noarch.rpm tomcat10-docs-webapp-10.1.54-160000.1.1.noarch.rpm tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch.rpm tomcat10-embed-10.1.54-160000.1.1.noarch.rpm tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch.rpm tomcat10-jsvc-10.1.54-160000.1.1.noarch.rpm tomcat10-lib-10.1.54-160000.1.1.noarch.rpm tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch.rpm tomcat10-webapps-10.1.54-160000.1.1.noarch.rpm openSUSE-Leap-16.0-625 Security update for libcap important SUSE SLFO 1.2 This update for libcap fixes the following issues: - CVE-2026-4878: local privilege escalation through file capability injection due to TOCTOU race condition in `cap_set_file()` (bsc#1261809). libcap-devel-2.73-160000.3.1.aarch64.rpm libcap-progs-2.73-160000.3.1.aarch64.rpm libcap2-2.73-160000.3.1.aarch64.rpm libpsx2-2.73-160000.3.1.aarch64.rpm libcap-devel-2.73-160000.3.1.ppc64le.rpm libcap-progs-2.73-160000.3.1.ppc64le.rpm libcap2-2.73-160000.3.1.ppc64le.rpm libpsx2-2.73-160000.3.1.ppc64le.rpm libcap-devel-2.73-160000.3.1.s390x.rpm libcap-progs-2.73-160000.3.1.s390x.rpm libcap2-2.73-160000.3.1.s390x.rpm libpsx2-2.73-160000.3.1.s390x.rpm libcap-devel-2.73-160000.3.1.x86_64.rpm libcap-progs-2.73-160000.3.1.x86_64.rpm libcap2-2.73-160000.3.1.x86_64.rpm libpsx2-2.73-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-626 Recommended update for pf-bb-config moderate SUSE SLFO 1.2 This update for pf-bb-config fixes the following issues: - Update to 25.11 (jsc#PED-16050): * No actual code change. * Removing configuration files in PF mode to avoid confusion since default usage in in VF mode. - Update to 25.01: * VRB2: Allow for extra time when updating Power Gating to avoid potential condition when status is not updated fast enough. * Minor documentation update. - Update to 24.11: * VRB2: Support for the GNR-D B0 ES2 device. This version 24.11 or later is required to support VRB2. * VRB2: Update of the default FFT windowing for VRB2 with variety of window sizes. * Fix: Minor error handling fix in case number of devices being provided is invalid. * Fix: Minor explicit set turbo-decoder fallback settings to avoid unlikely negative scenario. - Update to 24.07: * VRB2: Enforce maximum 256 total queues configured per operation type. * Prevent negative scenario with MMIO marginally outside of PF BAR. * Cosmetic change to remind user to use VRB1 instead of deprecated ACC200, and VF mode by default. * Cosmetic change to adjust log level when not required to be logged as INFO. * Cosmetic change to remove obsolete directory ./acc200/ since ./vrb1 should be used. - Cleanup specfile: * remove not needed needssslcertforbuild, build-deps and %set_permission - Fix package immutable mode (jsc#PED-14970): * all examples are places in %{_datadir}/pf-bb-config/examples/ * DEPRECATION: The legacy example directory /opt/pf-bb-config will be removed in the next product update. - Fix display version string pf-bb-config-25.11-160000.1.1.aarch64.rpm pf-bb-config-25.11-160000.1.1.ppc64le.rpm pf-bb-config-25.11-160000.1.1.s390x.rpm pf-bb-config-25.11-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-629 Security update for python-Pillow important SUSE SLFO 1.2 This update for python-Pillow fixes the following issue: - CVE-2026-40192: Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks (bsc#1262184). python313-Pillow-11.3.0-160000.4.1.aarch64.rpm python313-Pillow-tk-11.3.0-160000.4.1.aarch64.rpm python313-Pillow-11.3.0-160000.4.1.ppc64le.rpm python313-Pillow-tk-11.3.0-160000.4.1.ppc64le.rpm python313-Pillow-11.3.0-160000.4.1.s390x.rpm python313-Pillow-tk-11.3.0-160000.4.1.s390x.rpm python313-Pillow-11.3.0-160000.4.1.x86_64.rpm python313-Pillow-tk-11.3.0-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-63 Recommended update for python-PyQt6, python-PyQt6-sip, python-sip6 moderate SUSE SLFO 1.2 This update for python-PyQt6, python-PyQt6-sip, python-sip6 fixes the following issues: Changes in python-PyQt6: - Update to 6.9.1 * The licensing information now conforms to PEP 639. * Enums that have a base type smaller than int are now properly specified and handled. * Fixed a regression that broke building against versions of Qt older than v6.5. * Fixed pyuic6 to handle QIcons created from QIcon.ThemeIcon. Changes in python-PyQt6-sip: - Update to 13.10.2 * Match python3-sip6-devel 6.11.1 * Changes WRT PEP 639. See python-sip6 Changes in python-sip6: - Update to 6.12.0 - Convert to libalternatives on SLE-16-based and newer systems python313-PyQt6-6.9.1-160000.1.1.aarch64.rpm python313-PyQt6-devel-6.9.1-160000.1.1.aarch64.rpm python313-PyQt6-doc-6.9.1-160000.1.1.noarch.rpm python313-PyQt6-sip-13.10.2-160000.1.1.aarch64.rpm python313-sip6-devel-6.12.0-160000.1.1.noarch.rpm python313-PyQt6-6.9.1-160000.1.1.ppc64le.rpm python313-PyQt6-devel-6.9.1-160000.1.1.ppc64le.rpm python313-PyQt6-sip-13.10.2-160000.1.1.ppc64le.rpm python313-PyQt6-6.9.1-160000.1.1.s390x.rpm python313-PyQt6-devel-6.9.1-160000.1.1.s390x.rpm python313-PyQt6-sip-13.10.2-160000.1.1.s390x.rpm python313-PyQt6-6.9.1-160000.1.1.x86_64.rpm python313-PyQt6-devel-6.9.1-160000.1.1.x86_64.rpm python313-PyQt6-sip-13.10.2-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-632 Security update for haproxy moderate SUSE SLFO 1.2 This update for haproxy fixes the following issues: Security issue: - CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization (bsc#1262103). - bug in SLZ compression (bsc#1261626). haproxy-3.2.15+git64.0fc44b458-160000.2.1.aarch64.rpm haproxy-3.2.15+git64.0fc44b458-160000.2.1.ppc64le.rpm haproxy-3.2.15+git64.0fc44b458-160000.2.1.s390x.rpm haproxy-3.2.15+git64.0fc44b458-160000.2.1.x86_64.rpm openSUSE-Leap-16.0-635 Security update for MozillaFirefox important SUSE SLFO 1.2 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.10.0 ESR. - MFSA 2026-32 (bsc#1262230): * CVE-2026-6746: Use-after-free in the DOM: Core & HTML component * CVE-2026-6747: Use-after-free in the WebRTC component * CVE-2026-6748: Uninitialized memory in the Audio/Video: Web Codecs component * CVE-2026-6749: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component * CVE-2026-6750: Privilege escalation in the Graphics: WebRender component * CVE-2026-6751: Uninitialized memory in the Audio/Video: Web Codecs component * CVE-2026-6752: Incorrect boundary conditions in the WebRTC component * CVE-2026-6753: Incorrect boundary conditions in the WebRTC component * CVE-2026-6754: Use-after-free in the JavaScript Engine component * CVE-2026-6757: Invalid pointer in the JavaScript: WebAssembly component * CVE-2026-6759: Use-after-free in the Widget: Cocoa component * CVE-2026-6761: Privilege escalation in the Networking component * CVE-2026-6762: Spoofing issue in the DOM: Core & HTML component * CVE-2026-6763: Mitigation bypass in the File Handling component * CVE-2026-6764: Incorrect boundary conditions in the DOM: Device Interfaces component * CVE-2026-6765: Information disclosure in the Form Autofill component * CVE-2026-6766: Incorrect boundary conditions in the Libraries component in NSS * CVE-2026-6767: Other issue in the Libraries component in NSS * CVE-2026-6769: Privilege escalation in the Debugger component * CVE-2026-6770: Other issue in the Storage: IndexedDB component * CVE-2026-6771: Mitigation bypass in the DOM: Security component * CVE-2026-6772: Incorrect boundary conditions in the Libraries component in NSS * CVE-2026-6776: Incorrect boundary conditions in the WebRTC: Networking component * CVE-2026-6785: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 * CVE-2026-6786: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 MozillaFirefox-140.10.0-160000.1.1.aarch64.rpm MozillaFirefox-branding-upstream-140.10.0-160000.1.1.aarch64.rpm MozillaFirefox-devel-140.10.0-160000.1.1.noarch.rpm MozillaFirefox-translations-common-140.10.0-160000.1.1.aarch64.rpm MozillaFirefox-translations-other-140.10.0-160000.1.1.aarch64.rpm MozillaFirefox-140.10.0-160000.1.1.ppc64le.rpm MozillaFirefox-branding-upstream-140.10.0-160000.1.1.ppc64le.rpm MozillaFirefox-translations-common-140.10.0-160000.1.1.ppc64le.rpm MozillaFirefox-translations-other-140.10.0-160000.1.1.ppc64le.rpm MozillaFirefox-140.10.0-160000.1.1.s390x.rpm MozillaFirefox-branding-upstream-140.10.0-160000.1.1.s390x.rpm MozillaFirefox-translations-common-140.10.0-160000.1.1.s390x.rpm MozillaFirefox-translations-other-140.10.0-160000.1.1.s390x.rpm MozillaFirefox-140.10.0-160000.1.1.x86_64.rpm MozillaFirefox-branding-upstream-140.10.0-160000.1.1.x86_64.rpm MozillaFirefox-translations-common-140.10.0-160000.1.1.x86_64.rpm MozillaFirefox-translations-other-140.10.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-636 Recommended update for agama-web-ui important SUSE SLFO 1.2 This update for agama-web-ui fixes the following issues: - Invalidate zFCP controllers query after some controller change is notified (bsc#1247445). - Fixed a bug when defining the size of a new logical volume (bsc#1258013). agama-web-ui-17+554.49df42f26-160000.10.1.noarch.rpm openSUSE-Leap-16.0-637 Recommended update for grub2 important SUSE SLFO 1.2 This update for grub2 fixes the following issues: - Fix missing install device check in grub2-install on PowerPC which could lead to bootlist corruption (bsc#1221126) * add mandatoryminstallmdevicemcheckmformPowerPC - Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543) * btrfs: add ability to boot from subvolumes * btrfs: get default subvolume grub2-2.12-160000.6.1.aarch64.rpm grub2-arm64-efi-2.12-160000.6.1.noarch.rpm grub2-arm64-efi-bls-2.12-160000.6.1.noarch.rpm grub2-arm64-efi-debug-2.12-160000.6.1.noarch.rpm grub2-arm64-efi-extras-2.12-160000.6.1.noarch.rpm grub2-branding-upstream-2.12-160000.6.1.noarch.rpm grub2-common-2.12-160000.6.1.aarch64.rpm grub2-snapper-plugin-2.12-160000.6.1.noarch.rpm grub2-systemd-sleep-plugin-2.12-160000.6.1.noarch.rpm grub2-2.12-160000.6.1.ppc64le.rpm grub2-common-2.12-160000.6.1.ppc64le.rpm grub2-powerpc-ieee1275-2.12-160000.6.1.noarch.rpm grub2-powerpc-ieee1275-debug-2.12-160000.6.1.noarch.rpm grub2-powerpc-ieee1275-extras-2.12-160000.6.1.noarch.rpm grub2-2.12-160000.6.1.s390x.rpm grub2-common-2.12-160000.6.1.s390x.rpm grub2-s390x-emu-2.12-160000.6.1.s390x.rpm grub2-s390x-emu-debug-2.12-160000.6.1.s390x.rpm grub2-s390x-emu-extras-2.12-160000.6.1.noarch.rpm grub2-2.12-160000.6.1.x86_64.rpm grub2-common-2.12-160000.6.1.x86_64.rpm grub2-i386-pc-2.12-160000.6.1.noarch.rpm grub2-i386-pc-debug-2.12-160000.6.1.noarch.rpm grub2-i386-pc-extras-2.12-160000.6.1.noarch.rpm grub2-x86_64-efi-2.12-160000.6.1.noarch.rpm grub2-x86_64-efi-bls-2.12-160000.6.1.noarch.rpm grub2-x86_64-efi-debug-2.12-160000.6.1.noarch.rpm grub2-x86_64-efi-extras-2.12-160000.6.1.noarch.rpm grub2-x86_64-xen-2.12-160000.6.1.noarch.rpm grub2-x86_64-xen-debug-2.12-160000.6.1.noarch.rpm grub2-x86_64-xen-extras-2.12-160000.6.1.noarch.rpm openSUSE-Leap-16.0-639 Recommended update for libtcnative-1-0 important SUSE SLFO 1.2 This update for libtcnative-1-0 fixes the following issues: Changes in libtcnative-1-0: Update to 1.3.7: [bsc#1260322] 1.3.7: * Code: Refactor access to ASN1_OCTET_STRING to use setters to fix errors when building against the latest OpenSSL 4.0.x code. (markt) * Fix: Fix the handling of OCSP requests with multiple responder URIs. (jfclere) * Fix: Fix the handling of TRY_AGAIN responses to OCSP requests when soft fail is disabled. (jfclere) 1.3.6; * Code: Refactor the SSL_CONF_CTX clean-up to align it with SSL and SSL_CTX clean-up. (markt) * Fix: Fix unnecessarily large buffer allocation when filtering out NULL and export ciphers. Pull requests #35 and #37 provided by chenjp. (markt) * Fix: Fix a potential memory leak if an invalid OpenSSLConf is provided. Pull request #36 provided by chenjp. (markt) * Fix: Refactor setting of OCSP configuration defaults as they were only applied if the SSL_CONF_CTX was used. While one was always used with Tomcat versions aware of the OCSP configuration options, one was not always used with Tomcat versions unaware of the OCSP configuration options leading to OCSP verification being enabled by default when the expected behaviour was disabled by default. (markt) * Code: Improve performance for the rare case of handling large OCSP responses. (markt) 1.3.5: * Fix: Remove group write permissions from the files in the tar.gz source archive. (markt) * Fix: Clear an additional error in OCSP processing that was preventing OCSP soft fail working with Tomcat's APR/native connector. (markt) 1.3.4: * Fix: Correct logic error that prevented the configuration of TLS 1.3 cipher suites. (markt) 1.3.3: * Fix: Refactor the addition of TLS 1.3 cipher suite configuration to avoid a regression when running a version of Tomcat that pre-dates this change. (markt) 1.3.2: * Update: Rename configure.in to modern autotools style configure.ac. (rjung) * Update: Fix incomplete updates for autotools generated files during "buildconf" execution. (rjung) * Update: Improve quoting in tcnative.m4. (rjung) * Update: Update the minimum version of autoconf for releasing to 2.68. (rjung) * Fix: Fix the autoconf warnings when creating a release. (markt) * Update: The Windows binaries are now built with OCSP support enabled by default. (markt) * Add: Include a nonce with OCSP requests and check the nonce, if any, in the OCSP response. (markt) * Add: Expand verification of OCSP responses. (markt) * Add: Add the ability to configure the OCSP checks to soft-fail - i.e. if the responder cannot be contacted or fails to respond in a timely manner the OCSP check will not fail. (markt) * Add: Add a configurable timeout to the writing of OCSP requests and reading of OCSP responses. (markt) * Add: Add the ability to control the OCSP verification flags. (markt) * Add: Configure TLS 1.3 connections from the provided ciphers list as well as connections using TLS 1.2 and earlier. Pull request provided by gastush. (markt) * Update: Update the Windows build environment to use Visual Studio 2022. (markt) 1.3.1: * Fix: Fix a crash on Windows when SSLContext.setCACertificate() is invoked with a null value for caCertificateFile and a non-null value for caCertificatePath until properly addressed with https://github.com/openssl/openssl/issues/24416. (michaelo) * Add: Use ERR_error_string_n with a definite buffer length as a named constant. (schultz) * Add: Ensure local reference capacity is available when creating new arrays and Strings. (schultz) * Update: Update the recommended minimum version of OpenSSL to 3.0.14. (markt) 1.3.0: * Update: Drop useless compile.optimize option. (michaelo) * Update: Align Java source compile configuration with Tomcat. (michaelo) * Fix: Fix version set in DLL header on Windows. (michaelo) * Update: Remove an unreachable if condition around CRLs in sslcontext.c. (michaelo) * Fix: 67818: When calling SSL.setVerify() or SSLContext.setVerify(), the default verify paths are no longer set. Only the explicitly configured trust store, if any, will be used. (michaelo) * Update: Update the minimum supported version of LibreSSL to 3.5.2. (markt) * Design: Remove NPN support as NPN was never standardised and browser support was removed in 2019. (markt) * Update: Update the recommended minimum version of OpenSSL to 3.0.13. (markt) libtcnative-1-0-1.3.7-160000.1.1.aarch64.rpm libtcnative-1-0-devel-1.3.7-160000.1.1.aarch64.rpm libtcnative-1-0-1.3.7-160000.1.1.ppc64le.rpm libtcnative-1-0-devel-1.3.7-160000.1.1.ppc64le.rpm libtcnative-1-0-1.3.7-160000.1.1.s390x.rpm libtcnative-1-0-devel-1.3.7-160000.1.1.s390x.rpm libtcnative-1-0-1.3.7-160000.1.1.x86_64.rpm libtcnative-1-0-devel-1.3.7-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-64 Recommended update for saptune moderate SUSE SLFO 1.2 This update for saptune fixes the following issues: - Version update 3.2.1 - Restoring CPU performance settings on AWS and Google Cloud - Parameters force_latency and governor set up correctly (bsc#1250217). saptune-3.2.1-160000.1.1.ppc64le.rpm saptune-3.2.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-642 Recommended update for cryptsetup, s390-tools important SUSE SLFO 1.2 This update for cryptsetup, s390-tools fixes the following issues: Changes in cryptsetup: - Update to 2.8.4: (jsc#PED-15889) * Fix integritysetup resize (grow) of the device if integrity bitmap mode is used. Increasing the integrity device in bitmap mode did not work as integritysetup incorrectly used journal settings that were not applicable. * Fix device size status reports in cryptsetup and integritysetup. If the device uses a sector size larger than 512 bytes, the newly reported byte sizes (introduced in 2.8.0) in the status report were incorrectly displayed. * BITLK: Fix unlocking BitLocker device with recovery passphrase. If the recovery passphrase was present in the first keyslot, the device failed to unlock. This bug was introduced in 2.8.2 with Clear Key support. - Update to 2.8.3: * Stable bug-fix release with minor extensions. - Update to 2.8.2: * BITLK: Fix for BitLocker metadata validation on big-endian systems. - Update to 2.8.1: * Fix status and deactivation of TCRYPT (VeraCrypt compatible) devices that use chained ciphers. * Fix unlocking BITLK (BitLocker compatible) devices with multibyte UTF8 characters in the passphrase. * Do not allow activation of the LUKS2 device if the used keyslot is not encrypted (it uses a null cipher). - Such a configuration cannot be created by cryptsetup, but can be crafted outside of it. - Null cipher is sometimes used to create an empty container for later reencryption. - Only an empty passphrase can activate such a container (the same as in LUKS1). * Do not silently decrease PBKDF parallel cost (threads) if set by an option. - The maximum parallel cost is limited to 4 threads. * Fixes to configuration and installation scripts. - Meson and autoconf tools now properly support --prefix option for temporary directory installation. - Multiple fixes and cleanups to config.h for compatibility between Meson and autoconf. - Fix the luks2-external-tokens-path Meson option to work the same as in autoconf. - Fix Meson install for tool binaries, install fvault2Open man page and include test/fuzz/meson.build in release. * Major update to manual pages. - Try to explain the PBKDF hardcoded limits. - Add a better explanation for automatic integrity tag recalculation. - Mention crypt/verity/integritytab. - Remove or reformulate some misleading warnings present only with old and no longer supported kernels. - Clarify that some commands do not wipe data and unify OPAL reset wording. - Clarify the --label option. - There are also many other grammar and stylistic fixes to unify the man-page style. * Fixes for false-positive and annoying (optional) warnings added in recent compilers. - Update to 2.8.0: * Full release notes in: - https://cdn.kernel.org/pub/linux/utils/cryptsetup/v2.8/v2.8.0-ReleaseNotes * Introduce support for inline mode (use HW sectors with additional hardware metadata space). * Finalize use of keyslot context API. * Make all keyslot context types fully self-contained. * Add --key-description and --new-key-description cryptsetup options. * Support more precise keyslot selection in reencryption initialization. * Allow reencryption to resume using token and volume keys. * Cryptsetup repair command now tries to check LUKS keyslot areas for corruption. * Opal2 SED: PSID keyfile is now expected to be 32 alphanumeric characters. * Opal2: Avoid the Erase method and use Secure Erase for locking range. * Opal2: Fix some error description (in debug only). * Opal2: Do not allow deferred deactivation. * Allow --reduce-device-size and --device-size combination for reencryption (encrypt) action. * Fix the userspace storage backend to support kernel "capi:" cipher specification format. * Disallow conversion from LUKS2 to LUKS1 if kernel "capi:" cipher specification is used. * Explicitly disallow kernel "capi:" cipher specification format for LUKS2 keyslot encryption. * Do not allow conversion of LUKS2 to LUKS1 if an unbound keyslot is present. * cryptsetup: Adjust the XTS key size for kernel "capi:" cipher specification. * Remove keyslot warning about possible failure due to low memory. * Do not limit Argon2 KDF memory cost on systems with more than 4GB of available memory. * Properly report out of memory error for cryptographic backends implementing Argon2. * Avoid KDF2 memory cost overflow on 32-bit platforms. * Do not use page size as a fallback for device block size. * veritysetup: Check hash device size in advance. * Print a better error message for unsupported LUKS2 AEAD device resize. * Optimize LUKS2 metadata writes. * veritysetup: support --error-as-corruption option. * Report all sizes in status and dump command output in the correct units. * Add --integrity-key-size option to cryptsetup. * Support trusted and encrypted keyrings for plain devices. * Support plain format resize with a keyring key. * TCRYPT: Clear mapping of system-encrypted partitions. * TCRYPT: Print all information from the decrypted metadata header in the tcryptDump command. * Always lock the volume key structure in memory. * Do not run direct-io read check on block devices. * Fix a possible segfault in deferred deactivation. * Exclude cipher allocation time from the cryptsetup benchmark. * Add Mbed-TLS optional crypto backend. * Fix the wrong preprocessor use of #ifdef for config.h processed by Meson. * Reorganize license files. The license text files are now in docs/licenses. The COPYING file in the root directory is the default license. * Remove cc-by-sa-4.0.txt as already shipped now in docs/licenses and named as COPYING.CC-BY-SA-4.0. * Libcryptsetup API extensions. The libcryptsetup API is backward compatible with all existing symbols. Due to the self-contained memory allocation, these symbols have the new version: - crypt_keyslot_context_init_by_passphrase; - crypt_keyslot_context_init_by_keyfile; - crypt_keyslot_context_init_by_token; - crypt_keyslot_context_init_by_volume_key; - crypt_keyslot_context_init_by_signed_key; - crypt_keyslot_context_init_by_keyring; - crypt_keyslot_context_init_by_vk_in_keyring; * New symbols: - crypt_format_inline - crypt_get_old_volume_key_size - crypt_reencrypt_init_by_keyslot_context - crypt_safe_memcpy * New defines: - CRYPT_ACTIVATE_HIGH_PRIORITY - CRYPT_ACTIVATE_ERROR_AS_CORRUPTION - CRYPT_ACTIVATE_INLINE_MODE - CRYPT_REENCRYPT_CREATE_NEW_DIGEST * New requirement flag: - CRYPT_REQUIREMENT_INLINE_HW_TAGS - Add a dependency on device-mapper to libcryptsetup12 to install the required device-mapper udev rules. [bsc#1241612] Changes in s390-tools: - Applied a patch to remove phmac_s390 kernel module load from dracut - Applied tools-combined modified patch (bsc#1262221) - Amended SUSE's 'pkey.conf' - Re-vendor-ed vendor.tar.zst - Applied patches (bsc#1261824, bsc#1261772) * Replace sort_field option with sort * hyptop opts Fix long command line option abbreviations - Refactored the spec file for transactional and immutable OS * Modernized the .spec file for transactional and immutable OS environments. * Removed legacy suse_version and sle_version conditionals, standardizing on UsrMerge paths. * Replaced manual %pre group creations with systemd-sysusers configuration for ts-shell, zkeyadm, and cpacfstats. * Replaced hardcoded /var/log directory management with systemd-tmpfiles configuration. * Removed obsolete systemctl daemon-reload calls and consolidate standard %service_* systemd macros. * Dropped brittle dynamic file list generation (find/grep) in favor of explicit and deterministic %files declarations. * Resolved "File listed twice" conflicts between the main package and chreipl-fcp-mpath subpackage. * Added missing BuildRequires for systemd-rpm-macros and sysuser-tools. * Fixed unpackaged files errors for mdevctl callouts, shell completions, and root /lib helpers. * Changed BuildArch to noarch for the chreipl-fcp-mpath subpackage. - Added files (renamed from *.opensuse) * 59-graf.rules * dasd_configure * dasd_reload * detach_disks.sh * iucv_configure * killcdl * mkdump.pl * README.SUSE * virtsetup.sh * vmlogrdr.service - Removed obolete files * 59-graf.rules.opensuse * 59-graf.rules.suse * dasd_configure.opensuse * dasd_configure.suse * dasd_reload.opensuse * dasd_reload.suse * detach_disks.sh.opensuse * detach_disks.sh.suse * iucv_configure.opensuse * iucv_configure.suse * killcdl.opensuse * killcdl.suse * mkdump.pl.opensuse * mkdump.pl.suse * README.SUSE.opensuse * README.SUSE.suse * virtsetup.sh.opensuse * virtsetup.sh.suse * vmlogrdr.service.opensuse * vmlogrdr.service.suse - Upgrade s390-tools to version 2.41.0 (jsc#PED-14586, jsc#PED-15488) - Changes of existing tools: * chreipl: Make --bootparms work for ECKD re-IPL * cpacfstats: Add 'unauthorized' state to CPU-MF counters * cpictl: Detect RHCOS using VARIANT_ID * hsci: Automatically set appropriate MTU for HSCI * libutil: Add util_readlink() and util_readlinkat() helpers * libutil: Add util_startswith() to util_str * libutil: Add utility parsing functions * lschp: Add support for structured output (--format) * lsreipl: Suppress 'clear' output if not supported * pvimg: Add '--format text' support to 'pvimg info' * pvimg: Add '--print-schema ' option to 'pvimg info' * pvimg: Add '--show-secrets' flag to 'pvimg info' * pvimg: Provide improved JSON output to 'pvimg info --format json' * pvinfo: Improve User experience on non-SE enabled systems * zipl/ngdump: Ensure ext4 file system is used on dump partition * zkey: Add support for integrity protected disks using HMAC keys - Bug Fixes: * cpumf/pai: Handle different size of perf_event_attr * lscss: Fix memory leak * zipl: Fix dump job on tape devices - Amended the .spec file (bsc#1258506) * "Installing" all shipped rules from etc/udev/rules.d to /usr/lib/udev/rules.d * BuildRequires: cryptsetup-devel >= 2.8.2 - Updated the code for IBM z17 machine type 9176: * read_values.c * cputype * Renamed cputype.1 to cputype.8 and amended * Amended read_values.8 - "Improved" the read_values.c: * Added functionalities for '-a' and '-L attributes' - Reworked and combined all s390-tools patches (jsc#PED-14586) - Applied new combined patches - Removed obsolete patches cryptsetup-2.8.4-160000.1.1.aarch64.rpm cryptsetup-doc-2.8.4-160000.1.1.noarch.rpm cryptsetup-lang-2.8.4-160000.1.1.noarch.rpm cryptsetup-ssh-2.8.4-160000.1.1.aarch64.rpm libcryptsetup-devel-2.8.4-160000.1.1.aarch64.rpm libcryptsetup12-2.8.4-160000.1.1.aarch64.rpm cryptsetup-2.8.4-160000.1.1.ppc64le.rpm cryptsetup-ssh-2.8.4-160000.1.1.ppc64le.rpm libcryptsetup-devel-2.8.4-160000.1.1.ppc64le.rpm libcryptsetup12-2.8.4-160000.1.1.ppc64le.rpm cryptsetup-2.8.4-160000.1.1.s390x.rpm cryptsetup-ssh-2.8.4-160000.1.1.s390x.rpm libcryptsetup-devel-2.8.4-160000.1.1.s390x.rpm libcryptsetup12-2.8.4-160000.1.1.s390x.rpm libekmfweb1-2.41.0-160000.1.1.s390x.rpm libekmfweb1-devel-2.41.0-160000.1.1.s390x.rpm libkmipclient1-2.41.0-160000.1.1.s390x.rpm libkmipclient1-devel-2.41.0-160000.1.1.s390x.rpm osasnmpd-2.41.0-160000.1.1.s390x.rpm s390-tools-2.41.0-160000.1.1.s390x.rpm s390-tools-chreipl-fcp-mpath-2.41.0-160000.1.1.noarch.rpm s390-tools-genprotimg-data-2.41.0-160000.1.1.noarch.rpm s390-tools-hmcdrvfs-2.41.0-160000.1.1.s390x.rpm s390-tools-zdsfs-2.41.0-160000.1.1.s390x.rpm cryptsetup-2.8.4-160000.1.1.x86_64.rpm cryptsetup-ssh-2.8.4-160000.1.1.x86_64.rpm libcryptsetup-devel-2.8.4-160000.1.1.x86_64.rpm libcryptsetup12-2.8.4-160000.1.1.x86_64.rpm s390-tools-2.41.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-643 Security update for bouncycastle important SUSE SLFO 1.2 This update for bouncycastle fixes the following issues: - Update to version 1.84: - CVE-2025-14813: GOSTCTR implementation unable to process more than 255 blocks correctly (bsc#1262225). - CVE-2026-0636: LDAP Injection Vulnerability in LDAPStoreHelper.java (bsc#1262226). - CVE-2026-3505: Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion (bsc#1262232). - CVE-2026-5588: PKIX draft CompositeVerifier accepts empty signature sequence as valid (bsc#1262228). - CVE-2026-5598: Non-constant time comparisons risk private key leakage in FrodoKEM (bsc#1262227). bouncycastle-1.84-160000.1.1.noarch.rpm bouncycastle-javadoc-1.84-160000.1.1.noarch.rpm bouncycastle-jmail-1.84-160000.1.1.noarch.rpm bouncycastle-mail-1.84-160000.1.1.noarch.rpm bouncycastle-pg-1.84-160000.1.1.noarch.rpm bouncycastle-pkix-1.84-160000.1.1.noarch.rpm bouncycastle-tls-1.84-160000.1.1.noarch.rpm bouncycastle-util-1.84-160000.1.1.noarch.rpm openSUSE-Leap-16.0-644 Security update for container-suseconnect moderate SUSE SLFO 1.2 This update for container-suseconnect fixes the following issues: Changes in container-suseconnect: - switch to build with go 1.25 container-suseconnect-2.5.6-160000.2.1.aarch64.rpm container-suseconnect-2.5.6-160000.2.1.ppc64le.rpm container-suseconnect-2.5.6-160000.2.1.s390x.rpm container-suseconnect-2.5.6-160000.2.1.x86_64.rpm openSUSE-Leap-16.0-645 Security update for mariadb important SUSE SLFO 1.2 This update for mariadb fixes the following issue: - Update to v11.8.6 - CVE-2026-32710: heap-based buffer overflow via `JSON_SCHEMA_VALID()` can lead to crash or remote code execution (bsc#1260081). Updating mariadb might impact the database service. Do you want to proceed with the update? libmariadbd-devel-11.8.6-160000.1.1.aarch64.rpm libmariadbd19-11.8.6-160000.1.1.aarch64.rpm mariadb-11.8.6-160000.1.1.aarch64.rpm mariadb-bench-11.8.6-160000.1.1.aarch64.rpm mariadb-client-11.8.6-160000.1.1.aarch64.rpm mariadb-errormessages-11.8.6-160000.1.1.noarch.rpm mariadb-galera-11.8.6-160000.1.1.aarch64.rpm mariadb-rpm-macros-11.8.6-160000.1.1.aarch64.rpm mariadb-test-11.8.6-160000.1.1.aarch64.rpm mariadb-tools-11.8.6-160000.1.1.aarch64.rpm libmariadbd-devel-11.8.6-160000.1.1.ppc64le.rpm libmariadbd19-11.8.6-160000.1.1.ppc64le.rpm mariadb-11.8.6-160000.1.1.ppc64le.rpm mariadb-bench-11.8.6-160000.1.1.ppc64le.rpm mariadb-client-11.8.6-160000.1.1.ppc64le.rpm mariadb-galera-11.8.6-160000.1.1.ppc64le.rpm mariadb-rpm-macros-11.8.6-160000.1.1.ppc64le.rpm mariadb-test-11.8.6-160000.1.1.ppc64le.rpm mariadb-tools-11.8.6-160000.1.1.ppc64le.rpm libmariadbd-devel-11.8.6-160000.1.1.s390x.rpm libmariadbd19-11.8.6-160000.1.1.s390x.rpm mariadb-11.8.6-160000.1.1.s390x.rpm mariadb-bench-11.8.6-160000.1.1.s390x.rpm mariadb-client-11.8.6-160000.1.1.s390x.rpm mariadb-galera-11.8.6-160000.1.1.s390x.rpm mariadb-rpm-macros-11.8.6-160000.1.1.s390x.rpm mariadb-test-11.8.6-160000.1.1.s390x.rpm mariadb-tools-11.8.6-160000.1.1.s390x.rpm libmariadbd-devel-11.8.6-160000.1.1.x86_64.rpm libmariadbd19-11.8.6-160000.1.1.x86_64.rpm mariadb-11.8.6-160000.1.1.x86_64.rpm mariadb-bench-11.8.6-160000.1.1.x86_64.rpm mariadb-client-11.8.6-160000.1.1.x86_64.rpm mariadb-galera-11.8.6-160000.1.1.x86_64.rpm mariadb-rpm-macros-11.8.6-160000.1.1.x86_64.rpm mariadb-test-11.8.6-160000.1.1.x86_64.rpm mariadb-tools-11.8.6-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-646 Recommended update for ansible-sap-infrastructure, ansible-sap-install, ansible-sap-operations, ansible-sap-playbooks moderate SUSE SLFO 1.2 This update for ansible-sap-infrastructure, ansible-sap-install, ansible-sap-operations, ansible-sap-playbooks fixes the following issues: Changes in ansible-sap-infrastructure: - Update to version 1.3.1: * Minor Changes: + collection - Update workflows with dedicated github actions + collection - Add contributors list and sanity ignore files for future-proofing + collection - Add linting rule to ignore stricter var naming rule in 2.20 + collection - Add kubernetes.core 5.3.0 to requirements + sap_vm_provision - Remove ansible.posix dependency for issue 126 + sap_vm_provision - Add SLES 16 images, fix sshd_config and add python311 workaround + sap_vm_provision/kubevirt_vm - Make usage of hugepages configurable + sap_hypervisor_node_preconfigure - Update until conditional for ansible-core 2.19 + sap_hypervisor_node_preconfigure - Add check for webhook endpoint availability * Bugfixes: + sap_hypervisor_node_preconfigure/kubevirt_vm - Fix installation of CNV operator - Update to version 1.3.0: * Minor Changes: + collection - Adjustment of the roles for ansible-core 2.19 + collection - Update ansible-lint actions and configuration + collection - Update Documentation + sap_vm_provision - Add variable validations + sap_vm_provision - Append VMware notes for Issue 82 + sap_vm_provision - Update SLES images and add SLES 15 SP7 * Bugfixes: + sap_hypervisor_node_preconfigure - Fix ansible-lint errors from issue 101 + sap_vm_provision - Removed update-ca-certificates for issue 119 - Update to version 1.2.0: * Minor Changes: + collection - Readme update to align with project readme update + sap_hypervisor_node_preconfigure - Readme update to align with project readme update + sap_hypervisor_node_preconfigure - Updated redhat_ocpv + sap_vm_provision - Updated kubevirt_vm Changes in ansible-sap-install: - Update to version 1.9.0: * Minor Changes: + sap_ha_install_hana_hsr - inventory vs. hostname + sap_ha_pacemaker_cluster - Add firewall steps + sap_ha_pacemaker_cluster - Split off HANA pre_tasks from include_vars and add new force mode + sap_swpm - Update firewall steps * Bugfixes: + collection - No longer use var debug with more than one variable + sap_ha_pacemaker_cluster - (fix) align settings to HANA documentation + sap_hana_install - Fix hana versions mismatch and replace injected vars + sap_swpm - Only ensure the presence of the 'file' package on Suse + sap_swpm - Rename all vars which contain '_swpm_swpm' - Release 1.8.1 with various fixes and compatibility with ansible-core 2.19. - Update to version 1.8.1: * Minor Changes: + collection - Update readme formatting to align with galaxy format + sap*preconfigure - Sync with SAP notes for RHEL 10 + sap_general_preconfigure - Prevent an accidental change to a lower SELinux mode + sap_ha_pacemaker_cluster - Add fence_aws for SLES 16 and remove Tech Debt + sap_hana_install - Revert wrong conditional from PR#1138 + sap_swpm - Sanitize conditions for 2.19 - Update to version 1.8.0: * Minor Changes: + collection - Add Matrix to Sanity tests and ignore files up to 2.25 + collection - Adjust roles for ansible-core 2.19 part 2 + collection - Adjust roles for ansible-core 2.19 part 1 + sap_ha_install_hana_hsr - Rework role with new features, validations and compatibility for 2.20 + sap_hana_install - Rework tags + sap_hana_install - simplified and more flexible SELinux and fapolicyd handling + sap_hana_install - Inventory based Scale-Out and idempotency validations + sap_hana_install - Enhance variable validation and account for missed variable combinations + sap_hana_install - Idempotency Rework + sap_hana_preconfigure - Sync with SAP note 3108302 + sap_hana_preconfigure - Add sap_hana preconfigure vars prefix + sap_netweaver_preconfigure - Add sap_netweaver preconfigure vars prefix + sap_*_preconfigure/SLES - Improved pattern check, sanitize log output and add loop_vars + sap_storage_setup/SUSE - Add btrfs support for SLES 16 + sap_swpm - Enhance detection of multiple files + sap_swpm - extensive variable input validation + sap_swpm - Implement a test and a filter for validating hostnames * Bugfixes: + collection - Fix linting errors in 2.20 with facts and register var names + collection - Update linting workflows and configuration to latest version + collection - Update sanity github action and add missing ignore files for 2.19 and 2.20 + sap_ha_install_hana_hsr - Fix linter failures + sap_ha_pacemaker_cluster - Fix linting errors + sap_hostagent - Fix linting errors + sap_install_media_detect - Fix linting errors - Update to version 1.7.1: * Bugfixes: + sap_hana_install - Enhance validation of variables + sap_hana_preconfigure - New mechanism for loading rhel minor plus vars without having to use "find" files on localhost. + sap_hana_preconfigure/RHEL - Be more flexible with boot command line args - Update to version 1.7.0: * Minor Changes: + sap_hana_preconfigure - Implement SAP note 3108302 v.13 + sap_ha_install_hana_hsr - Add backup location detection and user variable * Bugfixes: + collection - Cleanup scripts + sap_hana_preconfigure - Replace grub2-mkconfig for RHEL by grubby from RHEL 8 onward + sap_hana_install - Enhance SAPCAR detection functionality and handling of multiple files + sap_ha_pacemaker_cluster - Enhance handling of cluster properties and improve ASCS ERS post steps - Update to version 1.6.1: * Bugfixes: + sap_ha_pacemaker_cluster - Remove NIC parameter from IPaddr2 resource agents + sap_*_preconfigure - Assert the presence of the IBM tools only if necessary + sap_*_preconfigure - Define needs-restarting also for RHEL 10, assert mode + sap_*_preconfigure - Define needs-restarting also for RHEL 10 Changes in ansible-sap-operations: - Release 2.0.0 which reworked all Ansible Roles in this collection to modern standard and SLES support. Changes in ansible-sap-playbooks: - Update to version 1.3.0: * Minor Changes: + collection: Update linting and sanity workflows to align with project + collection: Update Contributors list + collection: Bump requirements versions to support 2.19 + all: Update playbooks for ansible-core 2.19 + all: Update image fragments to align with sap_infrastructure PR#118 + all: Add sles16 images for AWS, AZ, GCP + sap_s4hana_sandbox_syscopy: Update readme entry for S4HANA ansible-sap-infrastructure-1.3.1-160000.1.1.noarch.rpm ansible-sap-install-1.9.0-160000.1.1.noarch.rpm ansible-sap-operations-2.0.0-160000.1.1.noarch.rpm ansible-sap-playbooks-1.3.0-160000.1.1.noarch.rpm openSUSE-Leap-16.0-647 Recommended update for fwupd moderate SUSE SLFO 1.2 This update for fwupd fixes the following issues: Changes in fwupd: - Update to version 2.0.20: + This release adds the following features: - Add support for changing AMD UMA carveout size - Warn the user if they are using the blocked-firmware functionality + This release fixes the following bugs: - Disable the UEFI plugins on 32bit x86 - Do not hang when parsing an invalid USB descriptor - Do not return an error if the fastboot property is not provided - Fix a CCGX DMC regression when installing on the HP G5 dock - Fix a harmless heap OOB read in AMD kria SOM EEPROM parser - Fix a potential fastboot string over-read - Fix a regression causing MBIM QDU updates to fail - Honor polkit auth for emulation tag modify device - Speed up calculating the cab checksum by ~21% - Verify the uncompressed size when decompressing CAB files + This release adds support for the following hardware: - HP Engage One G2 Advanced Hub - PixArt PJP274 (Framework Laptop) - Several new Jabra GNP devices - Allow fwupd.service to interact with cdrom (boo#1256507) - Actually build and install manpages: * These were originally removed because including them would have required pulling a nasty set of ghc/pandocs build dependencies directly into Ring 1 * fwupd upstream quickly reverted this change in 1.8.13, but the conditional to block building/installing the manpages by default was never removed from the specfile * This restores the fwupd manpages, which have been sorely missing in openSUSE for a couple years - Update to version 2.0.19: + This release adds the following features: - Add two commands to fwupdtool to calculate and find CRCs - Allow systems to use the udev event source without using systemd + This release fixes the following bugs: - Always show the correct new firmware version in 'fwupdmgr get-history' - Fix an integer underflow when parsing a malicious PE file - Fix a regression when enumerating the dell-dock status component - Fix the fuzzer timeout when parsing a synaptics-rmi SBL container - Fix updating the Intel GPU FWDATA section - Respect 'fwupdmgr --force' when installing firmware + This release adds support for the following hardware: - Lenovo Sapphire Folio Keyboard - Update to version 2.0.18: + This release adds the following features: - Add a MOTD message for devices needing reboot after staged updates - Create the reboot-required file when a firmware update requires reboot - Record the system state for each composite emulation - Update USI docking station firmware without requiring a manual replug + This release fixes the following bugs: - Add a MTD device problem if the Intel SPI BIOS lock is set - Allow changing the child name when using PARENT_NAME_PREFIX - Allow UpdateCapsule to work on systems that do not support SecureBoot - Correctly parse the EFI_CAPSULE_RESULT_VARIABLE_HEADER - Fall back to the SMBIOS version for BIOS MTD devices - Fix a crash when trying to record an i2c emulation - Fixed Huddly upgrade problems with major version changes - Fix man page compatibility with apropos and whatis - Fix parsing USB BOS descriptors - Fix up the x86_64-specific capsule flags when deploying UEFI firmware - Improve firmware stream searching speed by a huge amount - Only convert the release uint32_t to device version format for UEFI devices - Only handle SIGINT in fwupdtool when required - Refactor the hypervisor and container detection to be usable from plugins - Set PlatformArchitecture as the CPU architecture for RISC-V machines - Use a sensible timeout when doing qc-s5gen2 HID requests + This release adds support for the following hardware: - HP Portable USB-C 4K HDMI Hub - Lenovo Legion Go 2 (as a HID device) - Synaptics HapticsPad - Do not try to load i2c_dev kernel module on s390x. S390x has no native i2c devices and does not have the module (bsc#1253138). - Update to version 2.0.17: + This release adds the following features: - Add support for client-side phased update deployment - Add support for post-quantum signatures - Allow clearing the cache dirirectory - Allow fwupdtpmevlog to dump the raw eventlog data - Build a NVMe GUID derived from the serial number - Make fwupdtool extract work with deeply nested images - Parse VSS and FTW variable stores from EFI volumes - Reintroduce the FreeBSD CI target - Support very old versions of UDisks + This release fixes the following bugs: - Add 'fwupdmgr hwids' by exposing another daemon property - Add offline hashes for the Microsoft 20250902 dbx - Add the Framework-specific KEK and db hashes - Allow updating IFD BIOS region via parent MTD - Avoid showing reinstall prompts for composite devices - Clean up the fwupdtool lock file in all cases - Correctly match the correct historical composite component - Do not allow PK or KEK updates when system has a test key installed - Do not allow reinstalling when using ONLY_VERSION_UPGRADE - Do not require AC power to run the installed tests - Do not scan EFI volumes when constructing MTD BIOS devices - Ensure REGION is always set for MTD IFD children - Ensure SCSI instance IDs are valid ASCII values - Fix a critical warning when parsing invalid Jabra firmware - Fix an Ilitek parsing crash found when fuzzing - Fix an inotify race when refreshing metadata - Fix a pending-activation problem with Dell docking stations - Fix a potential hang when creating a chunk array with aligned sizes - Fix MTD emulation recording for PCI-backed devices - Fix the device order when the parent specifies install-parent-first - Fix the FLMSTR layout when reading IFD partitions - Fix the thunderbolt controller rushing to finalize before onlining retimers - Fix writing Intel GPU OptionROM data and OptionROM code - Flush stale events to make the Logitech Rallybar more reliable - Ignore all the Intel GPU MTD devices - Ignore errors when writing the last page of Dell dock firmware - Make an error message more specific - Modify the Dell dock needs-activation flag after updates are installed - Only add one devlink device for each PCI card - Parse the FMAP SBOM area as uSWID when required - Relax the USI dock DMC child device checks for new firmware - Revert back to the flashrom deprecated API as the new API is unusable - Rewrite the fwupdmgr manpage to be more useful - Use higher delay when update status for Logitech peripheral devices + This release adds support for the following hardware: - ASUS CX9406 (touch controller) - Framework Copilot keyboard - Genesys GL352530 and GL352360 - Huddly C1 - Lexar and Maxio NVMe SSDs - Primax Ryder mouse 2 - Add pkgconfig(libmnl) BuildRequires: new dependency. - Fix file list - Update to version 2.0.16: + This release adds the following features: - Add a 'search' feature to fwupdtool and fwupdmgr + This release fixes the following bugs: - Fix missing release locations when loading from artifact - Fix remaining issues to make updates on FreeBSD work - Update to version 2.0.15: + This release adds the following features: - Allow child devices to use the parent name as a prefix + This release fixes the following bugs: - Add newer commands and options for Fish completion - Allow installing archives named as .CAB rather than .cab - Erase Firehose modem devices correctly - Fix Goodix enumeration issues - Fix sending firmware reports without --force - Fix the FreeBSD build - Fix version number of BnR MTD devices - Require additional requirements for the default PS5512 devboard - Require a full system shutdown for all Micron NVMe updates - Use a better name for Elan touchpad and Intel PCH SPI devices + This release adds support for the following hardware: - Foxconn SDX61 Modem - Jabra Evolve2 child devices - NVIDIA ConnectX-6, ConnectX-7 and ConnectX-8 NICs - Update to version 2.0.14: + This release adds the following features: - Add support for ignoring the network connectivity requirement - Allow building on RHEL-9 and RHEL-10 - Allow plugins to know the firmware version during update - Allow UEFI capsule devices to opt-out of Capsule-on-Disk - Allow unsetting HwID plugin context flags - Allow upgrading from a zero "empty" UEFI dbx + This release fixes the following bugs: - Add an automatic firehose counterpart to the QCDM modem device - Disable signature time checks when verifying firmware - Do not add a vendor ID of UNKNOWN when the signature has no vendor - Do not discover ThunderBolt retimer devices when run in single-shot mode - Do not use deprecated libflashrom API - Enhance firmware metadata generation in firmware_packager - Ensure Lexar NVMe drives use a proper version number - Fix parsing and writing UF2 extension sections - Fix Synaptics RMI initialization for new devices - Fix updating DFOTA and MBIM modem devices - Move some vendor name fixups to the quirk file - Remove CapsuleOnDisk HwID match for Dell - Return a sensible error when using build-cabinet wrong - Set the firehose loader filename in a more permissive way - Update the mapping for TPM vendor names - Verify the checksum of the serialized data in tests - Work around a libmbim bug when detaching + This release adds support for the following hardware: - Egis MoC devices - Framework QMK devices - ILITEK touch controllers - SteelSeries Arctis Nova 3P - drop unneeded gpgme build dependency. GPG support is provided with libjcat - Update to version 2.0.13: + This release adds the following features: - Add a daemon config option to ignore efivars free space - Add support for glob-aware version comparison requirements - Allow targeting specific regions in FMAP when using flashrom - Detect static variables and magic numbers during code review - Remove the unused hailuck and rts54hid plugins + This release fixes the following bugs: - Align MTD erase up to the erasesize as necessary - Allow parsing IGSC OptionROM when using fwupdtool - Allow removing private flags from UEFI capsule devices in quirks - Do not copy the vendor for Intel reference ME firmware - Do not use an interactive console if stdout is redirected - Fix the UEFI self-test when the capsule splash is disabled - Get better device information when using PCI-backed MTD devices - Get the Intel GPU SKU and SVN when using BMG hardware - Make MBIM modem devices emulatable - Make sure fwupdtool.exe is available in the Windows PATH - Only show the 'Full Disk Encryption Detected' warning when required - Set all QCDM modem devices to raw mode when updating - Show all devices for fwupdtool get-devices --show-all --force - Show correct dbx version if non-Microsoft entries are present - Show KEK device attributes in fwupdmgr - Use an alternate GUID when the Intel GPU is in recovery mode - Use the kernel netlink hotplug socket when there is no Udev - Various small changes to speed up startup by 60% and lower RSS by 40% + This release adds support for the following hardware: - HP USB-C 100W G6 Dock - Logitech Bulk Controller pheripherals - More MediaTek scaler devices - Fix %{_modulesloaddir}/fwupd-i2c.conf packaging - Update to version 2.0.12: + This release adds the following features: - Add a config option for enforcing immutable device enumeration - Add device emulation support for Thunderbolt host controllers - Do the efivarfs free space checks for dbx, db, KEK and PK devices - Ensure the i2c_dev kernel driver is always loaded if a module - Parse the SBOM data from fwupdx64.efi if provided - Support loading multiple coSWID blobs from PE files + This release fixes the following bugs: - Added HP Elitedesk G6 mini to not get dbx-updates - Add two more uefi dbx checksum->version entries - Be more useful when building modem device Instance IDs - Convert asus-hid and legion-hid2 to hidraw to avoid possible input blips - Do not create radio for Logitech RDFU-capable devices - Fix a modem-manager regression where a PCI device had no vendor ID - Fix a regression when updating DFOTA modem devices - Fix self tests when building with -Defi_os_dir - Fix self tests when the builder does not support DistroVersion - Fix updating Thunderbolt host controllers with some version formats - Handle HECI unsupported status (0x0b) for Dell hardware - Make tar a dependency of the uefi-capsule tests - Mark the KEK and db updates as affecting FDE like BitLocker - Properly detect the Redfish reboot request for Dell servers - Send the proper artifact firmware filename to the Redfish BMC - Set the correct RMM device version for some Dell dock devices - Use inhibits so that the rts54hub device is marked as non-updatable - Use the virtual size to avoid padding when cutting PE sections - Wait for the Logitech Scribe device to replug after updating + This release adds support for the following hardware: - HP Portable USB-C Hub - More Foxconn 5G modem products - More Intel Arc Battlemage products - Update to version 2.0.11: + This release adds the following features: - Add a new check-reboot-needed command for scripts to use - Read the SELinux state in the report failure metadata + This release fixes the following bugs: - Add some notes in the README about security-relevant build flags - Add support for the Dell dock ownership command - Add the subsystem VIDPID when provided by ModemManager - Allow changing the rts54hub block size from a quirk entry - Allow Legion HID2 downgrades without --force, and clear config on upgrades - Allow specifying multiple DEVICE-IDs for the get-updates command - Cache the stream when parsing the processed cabinet to fix the report upload - Do not allow DBX updates on the AiStone X5KK4NAG - Do not use translated low-level error messages in the failure report - Fall back to the activation date if the X.509 cert has no suitable subject - Fix newer Synaptics VMM9 devices by adding a delay after disabling RC - Ignore some sanity checks when parsing PK, KEK and db certificates - Increase timeout requested by logitech RDFU devices - Never include systemd.machine_id in the failure report - Parse the correct VendorID from the ModemManager device ID - Process all pending event sources when waiting for replug - Use the UEFI PK report attributes for the other UEFI plugins + This release adds support for the following hardware: - Lenovo Thunderbolt 5 Smart Dock - Update to version 2.0.10: + This release adds the following features: - Include the AGESA version as the summary of the AMD secure processor device - Include the UEFI PK certificate key ID in the uploaded problem report - Provide a way for the client to restrict the GUID list to an emulated device + This release fixes the following bugs: - Do not allow dbx updates on the HP Elitebook 845 Gen10 - Do not warn about BIOS bugs we can easily work around - Fix a regression in fwupdmgr emulation-save when recording some devices - Fix a regression preventing installation of KEKs - Fix a small memory leak when getting security attributes - Never write a UX capsule when using Capsule-On-Disk - Use the 'OnBattery' property from upower to tell if plugged in + This release adds support for the following hardware: - Lenovo Legion Touchpad - Logitech MX Mechanical - Poly Studio V72 and V12 - Update to version 2.0.9: + This release adds the following features: - Add some documentation about updating the KEK and db - Allow installing multiple db certificate updates at the same time - Show what certificate signed the EFI authenticated variable - Use readline to look up inputs from user, and make it optional + This release fixes the following bugs: - Add several devices with broken firmware to the UEFI dbx blocklist - Constructing the authenticated URI properly when using FirmwareBaseURI - Do not enumerate non-updatable OptionROM devices - Do not export Redfish backup partitions as devices - Fix a crash when installing some Wacom firmware types - Fix a crash when parsing uevents that are not KEY=VALUE - Fix parsing the DFU descriptor when not using libusb - Fix PK and KEK enumeration failure on some systems - Fix SMBIOS parsing for ROM size >= 16MiB - Include a resolution for more of the HSI failures - Include more output when using fwupdtool get-devices --json - Never allow updating updatable-hidden devices with fwupdtool - Properly handle redfish location redirect when installing firmware - Recognize a very old dbx hash to allow upgrades - Require a reboot after updating Intel CVS devices - Rework the MEI code so that a device can use more than one interface - Rewrite the ModemManger plugin to be simpler and more supportable - Simplify parsing USB descriptors + This release adds support for the following hardware: - Intel Arc Battlemage GPUs - Add explicit pkgconfig(libusb-1.0) B?uildREquires: pulled in by gusb already, but having it explicit allows to add specific version constrains. - Add pkgconfig(readline) BuildRequires: new dependency. - Update to version 2.0.8: + This release adds the following features: - Add the updated UEFI db as a new HSI attribute - Add two new plugins that can update the UEFI Signature Database and KEK + This release fixes the following bugs: - Add /sys/firmware/efi/efivars to ReadWritePaths - Avoid any DPAUX IO if the BnR DPCD does not match - Be more careful falling back to older emulation versions - Detect the Firehose protocol features if not automatically sent - Do not match SMC Redfish method on non-Supermicro hardware - Do not show prompts or messages in --json mode - Fix a critical warning when enumerating DTH135K0C - Make the EFI LOADOPT either a path or ShimHive when setting metadata - Match lowercase directory names when checking for ESP - Only allow UEFI capsule updates on UEFI-capable architectures - Set the version format when using fwupdtool install offline - Support segment value 0 in the ccgx-dmc image parser - Update to version 2.0.7: + This release adds the following features: - Allow calling 'fwupdtool security' with a fwupd version parameter - A new plugin to update B&R DisplayPort receivers - A new plugin to update Intel CVS cameras - A new plugin to verify UEFI memory protection attributes - A new quirk to signify that no additional ESP space is required - Build additional Redfish instance IDs for Dell server hardware - Implement the HPE proprietary Redfish firmware push method - Support cabinet archives greater in size than 2GB - Support for showing the SBOM release URL - Support for UEFI capsule installation in the bootloader + This release fixes the following bugs: - Always close USB file descriptors after starting the daemon - Do not add a Redfish release date if set to 00:00:00Z - Fix a critical warning when rescanning a device with no GUIDs - Fix a small memory leak when emumerating Logitech Rallysystem devices - Fix a tiny Redfish memory leak when writing firmware - Fix building against pygobject 3.52 - Fix Logitech BulkController setup for new device firmware versions - Fix scaler-only Wacom USB update deployment - Fix updating the RMM component in the dell-kestrel dock - Fix writing new EFI variables to workaround a kernel regression - Make PCI NAME and SSVID_SSPID based modem-manager IDs visible - Parse firmware before putting the device into bootloader mode - Prepend the capsule header when using Capsule-on-Disk - Put a memory limit on decoding LZMA streams when parsing firmware - Retry claiming the fastboot interface for up to 2500ms - Trigger dpaux rescan on drm changes correctly - Use the metadata version format to set the version_lowest when required + This release adds support for the following hardware: - Another HP wireless dongle - Lenovo ThinkPad Thunderbolt 4 Smart Dock Gen2 - Lenovo USB-C Dual Display Travel Dock - More EDL 5G modem devices - Align meson call with current upstream supported parameters. fwupd-2.0.20-160000.1.1.aarch64.rpm fwupd-bash-completion-2.0.20-160000.1.1.noarch.rpm fwupd-devel-2.0.20-160000.1.1.aarch64.rpm fwupd-doc-2.0.20-160000.1.1.noarch.rpm fwupd-fish-completion-2.0.20-160000.1.1.noarch.rpm fwupd-lang-2.0.20-160000.1.1.noarch.rpm libfwupd3-2.0.20-160000.1.1.aarch64.rpm typelib-1_0-Fwupd-2_0-2.0.20-160000.1.1.aarch64.rpm fwupd-2.0.20-160000.1.1.ppc64le.rpm fwupd-devel-2.0.20-160000.1.1.ppc64le.rpm libfwupd3-2.0.20-160000.1.1.ppc64le.rpm typelib-1_0-Fwupd-2_0-2.0.20-160000.1.1.ppc64le.rpm fwupd-2.0.20-160000.1.1.s390x.rpm fwupd-devel-2.0.20-160000.1.1.s390x.rpm libfwupd3-2.0.20-160000.1.1.s390x.rpm typelib-1_0-Fwupd-2_0-2.0.20-160000.1.1.s390x.rpm fwupd-2.0.20-160000.1.1.x86_64.rpm fwupd-devel-2.0.20-160000.1.1.x86_64.rpm libfwupd3-2.0.20-160000.1.1.x86_64.rpm typelib-1_0-Fwupd-2_0-2.0.20-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-648 Recommended update for mozilla-nss moderate SUSE SLFO 1.2 This update for mozilla-nss fixes the following issues: Changes in mozilla-nss: Update to NSS 3.112.5: * reject DTLS 1.3 Server Hello after HVR without capping ss->vrange.max. * update to version 2.84 of builtins module. - Added "Suggests: p11-kit-nss-trust" to favor over mozilla-nss-certs (Jira: PED-15633) Update to NSS 3.112.4: * improve error handling in PK11_ImportPrivateKeyInfoAndReturnKey. * Improving the allocation of S/MIME DecryptSymKey. * store email on subject cache_entry in NSS trust domain. * Heap use-after-free in cert_VerifyCertChainOld via dangling certsList[] entry on NameConstraints violation. * Improve size calculations in CMS content buffering. * avoid integer overflow while escaping RFC822 Names. * Reject excessively large ASN.1 SEQUENCE OF in quickder. * Deep copy profile data in CERT_FindSMimeProfile. * Improve input validation in DSAU signature decoding. * avoid integer overflow in RSA_EMSAEncodePSS. * RSA_EMSAEncodePSS should validate the length of mHash. * Add a maximum cert uncompressed len and tests. * Clarify extension negotiation mechanism for TLS Handshakes. * ensure permittedSubtrees don't match wildcards that could be outside the permitted tree. * Fix integer underflow in tls13_AEAD when ciphertext is shorter than tag. * Remove invalid PORT_Free(). * free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed. * make ss->ssl3.hs.cookie an owned-copy of the cookie. Update to NSS 3.112.3: * avoid integer overflow in platform-independent ghash - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. libfreebl3-3.112.5-160000.1.1.aarch64.rpm libsoftokn3-3.112.5-160000.1.1.aarch64.rpm mozilla-nss-3.112.5-160000.1.1.aarch64.rpm mozilla-nss-certs-3.112.5-160000.1.1.aarch64.rpm mozilla-nss-devel-3.112.5-160000.1.1.aarch64.rpm mozilla-nss-sysinit-3.112.5-160000.1.1.aarch64.rpm mozilla-nss-tools-3.112.5-160000.1.1.aarch64.rpm libfreebl3-3.112.5-160000.1.1.ppc64le.rpm libsoftokn3-3.112.5-160000.1.1.ppc64le.rpm mozilla-nss-3.112.5-160000.1.1.ppc64le.rpm mozilla-nss-certs-3.112.5-160000.1.1.ppc64le.rpm mozilla-nss-devel-3.112.5-160000.1.1.ppc64le.rpm mozilla-nss-sysinit-3.112.5-160000.1.1.ppc64le.rpm mozilla-nss-tools-3.112.5-160000.1.1.ppc64le.rpm libfreebl3-3.112.5-160000.1.1.s390x.rpm libsoftokn3-3.112.5-160000.1.1.s390x.rpm mozilla-nss-3.112.5-160000.1.1.s390x.rpm mozilla-nss-certs-3.112.5-160000.1.1.s390x.rpm mozilla-nss-devel-3.112.5-160000.1.1.s390x.rpm mozilla-nss-sysinit-3.112.5-160000.1.1.s390x.rpm mozilla-nss-tools-3.112.5-160000.1.1.s390x.rpm libfreebl3-3.112.5-160000.1.1.x86_64.rpm libsoftokn3-3.112.5-160000.1.1.x86_64.rpm mozilla-nss-3.112.5-160000.1.1.x86_64.rpm mozilla-nss-certs-3.112.5-160000.1.1.x86_64.rpm mozilla-nss-devel-3.112.5-160000.1.1.x86_64.rpm mozilla-nss-sysinit-3.112.5-160000.1.1.x86_64.rpm mozilla-nss-tools-3.112.5-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-649 Security update for libsodium moderate SUSE SLFO 1.2 This update for libsodium fixes the following issues: Security fixes: - CVE-2025-15444: Cryptographic bypass via improper elliptic curve point validation (bsc#1256070). - CVE-2025-69277: incorrect validation of elliptic curve points certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point function (bsc#1255764). Other fixes: - Update to 1.0.21 * The new crypto_ipcrypt_* functions implement mechanisms for securely encrypting and anonymizing IP addresses. * The sodium_bin2ip and sodium_ip2bin helper functions have been added to complement the crypto_ipcrypt_* functions and easily convert addresses between bytes and strings. * XOF: the crypto_xof_shake* and crypto_xof_turboshake* functions are * standard extendable output functions. From input of any length, they can derive output of any length with the same properties as hash functions. These primitives are required by many post-quantum mechanisms, but can also be used for a wide range of applications, including key derivation, session encryption and more. * Performance of AES256-GCM and AEGIS on ARM has been improved with some compilers * Security: optblockers have been introduced in critical code paths to prevent compilers from introducing unwanted side channels via conditional jumps. This was observed on RISC-V targets with specific compilers and options. * Security: crypto_core_ed25519_is_valid_point() now properly rejects small-order points that are not in the main subgroup * ((nonnull)) attributes have been relaxed on some crypto_stream* functions to allow NULL output buffers when the output length is zero * A cross-compilation issue with old clang versions has been fixed * crypto_aead_aes256gcm_is_available is exported to JavaScript * Security: memory fences have been added after MAC verification in AEAD to prevent speculative access to plaintext before authentication is complete * Assembly files now include .gnu.property notes for proper IBT and Shadow Stack support when building with CET instrumentation. libsodium-devel-1.0.21-160000.1.1.aarch64.rpm libsodium26-1.0.21-160000.1.1.aarch64.rpm libsodium-devel-1.0.21-160000.1.1.ppc64le.rpm libsodium26-1.0.21-160000.1.1.ppc64le.rpm libsodium-devel-1.0.21-160000.1.1.s390x.rpm libsodium26-1.0.21-160000.1.1.s390x.rpm libsodium-devel-1.0.21-160000.1.1.x86_64.rpm libsodium26-1.0.21-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-65 Security update for xwayland important SUSE SLFO 1.2 This update for xwayland fixes the following issues: - CVE-2025-62229: Fixed use-after-free in XPresentNotify structures creation (bsc#1251958). - CVE-2025-62230: Fixed use-after-free in Xkb client resource removal (bsc#1251959). - CVE-2025-62231: Fixed value overflow in Xkb extension XkbSetCompatMap() (bsc#1251960). xwayland-24.1.6-160000.3.1.aarch64.rpm xwayland-devel-24.1.6-160000.3.1.aarch64.rpm xwayland-24.1.6-160000.3.1.ppc64le.rpm xwayland-devel-24.1.6-160000.3.1.ppc64le.rpm xwayland-24.1.6-160000.3.1.s390x.rpm xwayland-devel-24.1.6-160000.3.1.s390x.rpm xwayland-24.1.6-160000.3.1.x86_64.rpm xwayland-devel-24.1.6-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-650 Recommended update for xfsprogs moderate SUSE SLFO 1.2 This update for xfsprogs fixes the following issues: - update to 6.19.0: * xfs_io: + print more realtime subvolume related information in statfs + fix fsmap help * mkfs: + fix log sunit automatic configuration + fix protofile data corruption when in/out file block sizes don't match + remove unnecessary return value affectation + quiet down warning about insufficient write zones + set rtstart from user-specified dblocks * libxfs: fix data corruption bug in libxfs_file_write * misc: fix a few memory leaks * mkfs.xfs fix sunit size on 512e and 4kN disks. * xfs_scrub_all: fix non-service-mode arguments to xfs_scrub * xfs: use blkdev_report_zones_cached() * include blkzoned.h in platform_defs.h * xfs_mdrestore: fix restoration on filesystems with 4k sectors * xfs_logprint: print log data to the screen in host-endian order libhandle1-6.19.0-160000.1.1.aarch64.rpm xfsprogs-6.19.0-160000.1.1.aarch64.rpm xfsprogs-devel-6.19.0-160000.1.1.aarch64.rpm xfsprogs-scrub-6.19.0-160000.1.1.aarch64.rpm libhandle1-6.19.0-160000.1.1.ppc64le.rpm xfsprogs-6.19.0-160000.1.1.ppc64le.rpm xfsprogs-devel-6.19.0-160000.1.1.ppc64le.rpm xfsprogs-scrub-6.19.0-160000.1.1.ppc64le.rpm libhandle1-6.19.0-160000.1.1.s390x.rpm xfsprogs-6.19.0-160000.1.1.s390x.rpm xfsprogs-devel-6.19.0-160000.1.1.s390x.rpm xfsprogs-scrub-6.19.0-160000.1.1.s390x.rpm libhandle1-6.19.0-160000.1.1.x86_64.rpm xfsprogs-6.19.0-160000.1.1.x86_64.rpm xfsprogs-devel-6.19.0-160000.1.1.x86_64.rpm xfsprogs-scrub-6.19.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-652 Security update for python-jwcrypto important SUSE SLFO 1.2 This update for python-jwcrypto fixes the following issues: - CVE-2026-39373: weak mitigation for JWT bomb attack in the `deserialize` function can lead to memory exhaustion via crafted compressed JWE tokens (bsc#1261802). python313-jwcrypto-1.5.6-160000.3.1.noarch.rpm openSUSE-Leap-16.0-653 Security update for python-Mako important SUSE SLFO 1.2 This update for python-Mako fixes the following issue: - CVE-2026-41205: Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal (bsc#1262716). python313-Mako-1.3.10-160000.3.1.noarch.rpm openSUSE-Leap-16.0-654 Security update for PackageKit important SUSE SLFO 1.2 This update for PackageKit fixes the following issues: - CVE-2026-41651: race condition allows for arbitrary RPM package installation as root and can lead to LPE (bsc#1262220). PackageKit-1.2.8-160000.4.1.aarch64.rpm True PackageKit-backend-dnf-1.2.8-160000.4.1.aarch64.rpm True PackageKit-backend-zypp-1.2.8-160000.4.1.aarch64.rpm True PackageKit-branding-upstream-1.2.8-160000.4.1.noarch.rpm True PackageKit-devel-1.2.8-160000.4.1.aarch64.rpm True PackageKit-gstreamer-plugin-1.2.8-160000.4.1.aarch64.rpm True PackageKit-gtk3-module-1.2.8-160000.4.1.aarch64.rpm True PackageKit-lang-1.2.8-160000.4.1.noarch.rpm True libpackagekit-glib2-18-1.2.8-160000.4.1.aarch64.rpm True libpackagekit-glib2-devel-1.2.8-160000.4.1.aarch64.rpm True typelib-1_0-PackageKitGlib-1_0-1.2.8-160000.4.1.aarch64.rpm True PackageKit-1.2.8-160000.4.1.ppc64le.rpm True PackageKit-backend-dnf-1.2.8-160000.4.1.ppc64le.rpm True PackageKit-backend-zypp-1.2.8-160000.4.1.ppc64le.rpm True PackageKit-devel-1.2.8-160000.4.1.ppc64le.rpm True PackageKit-gstreamer-plugin-1.2.8-160000.4.1.ppc64le.rpm True PackageKit-gtk3-module-1.2.8-160000.4.1.ppc64le.rpm True libpackagekit-glib2-18-1.2.8-160000.4.1.ppc64le.rpm True libpackagekit-glib2-devel-1.2.8-160000.4.1.ppc64le.rpm True typelib-1_0-PackageKitGlib-1_0-1.2.8-160000.4.1.ppc64le.rpm True PackageKit-1.2.8-160000.4.1.s390x.rpm True PackageKit-backend-dnf-1.2.8-160000.4.1.s390x.rpm True PackageKit-backend-zypp-1.2.8-160000.4.1.s390x.rpm True PackageKit-devel-1.2.8-160000.4.1.s390x.rpm True PackageKit-gstreamer-plugin-1.2.8-160000.4.1.s390x.rpm True PackageKit-gtk3-module-1.2.8-160000.4.1.s390x.rpm True libpackagekit-glib2-18-1.2.8-160000.4.1.s390x.rpm True libpackagekit-glib2-devel-1.2.8-160000.4.1.s390x.rpm True typelib-1_0-PackageKitGlib-1_0-1.2.8-160000.4.1.s390x.rpm True PackageKit-1.2.8-160000.4.1.x86_64.rpm True PackageKit-backend-dnf-1.2.8-160000.4.1.x86_64.rpm True PackageKit-backend-zypp-1.2.8-160000.4.1.x86_64.rpm True PackageKit-devel-1.2.8-160000.4.1.x86_64.rpm True PackageKit-gstreamer-plugin-1.2.8-160000.4.1.x86_64.rpm True PackageKit-gtk3-module-1.2.8-160000.4.1.x86_64.rpm True libpackagekit-glib2-18-1.2.8-160000.4.1.x86_64.rpm True libpackagekit-glib2-devel-1.2.8-160000.4.1.x86_64.rpm True typelib-1_0-PackageKitGlib-1_0-1.2.8-160000.4.1.x86_64.rpm True openSUSE-Leap-16.0-655 Security update for libssh moderate SUSE SLFO 1.2 This update for libssh fixes the following issues: - Update to version 0.11.4: - CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request() (bsc#1258049) - CVE-2026-0965: Possible Denial of Service when parsing unexpected configuration files (bsc#1258045) - CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054) - CVE-2026-0967: Specially crafted patterns could cause DoS (bsc#1258081) - CVE-2026-0968: OOB Read in sftp_parse_longname() (bsc#1258080) - CVE-2025-8114: Fix NULL pointer dereference after allocation failure (bsc#1246974) - CVE-2025-8277: Fix memory leak of ephemeral key pair during repeated wrong KEX (bsc#1249375) libssh-config-0.11.4-160000.1.1.noarch.rpm libssh-devel-0.11.4-160000.1.1.aarch64.rpm libssh4-0.11.4-160000.1.1.aarch64.rpm libssh-devel-0.11.4-160000.1.1.ppc64le.rpm libssh4-0.11.4-160000.1.1.ppc64le.rpm libssh-devel-0.11.4-160000.1.1.s390x.rpm libssh4-0.11.4-160000.1.1.s390x.rpm libssh-devel-0.11.4-160000.1.1.x86_64.rpm libssh4-0.11.4-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-656 Recommended update for crmsh important SUSE SLFO 1.2 This update for crmsh fixes the following issues: - Update to version 5.0.0+20260420.f7e8ecad: * Dev: utils: Improve check_port_open to concurrently try all addresses (bsc#1262094) * Dev: qdevice: Remove unused codes * Fix: bootstrap: On join node, retrieve qdevice certification files before starting qdevice (bsc#1254243) crmsh-5.0.0+20260420.f7e8ecad-160000.1.1.noarch.rpm crmsh-scripts-5.0.0+20260420.f7e8ecad-160000.1.1.noarch.rpm crmsh-test-5.0.0+20260420.f7e8ecad-160000.1.1.noarch.rpm openSUSE-Leap-16.0-657 Recommended update for python-urllib3 moderate SUSE SLFO 1.2 This update for python-urllib3 fixes the following issue: - Fix regression in CVE-2025-66471.patch (bsc#1254867) python313-urllib3-2.5.0-160000.5.1.noarch.rpm openSUSE-Leap-16.0-658 Security update for python-PyNaCl moderate SUSE SLFO 1.2 This update for python-PyNaCl fixes the following issues: Security fixes: - CVE-2025-69277: incorrect validation of elliptic curve points certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point function (bsc#1255764). Other fixes: - update to 1.6.2 (bsc#1255764, CVE-2025-69277): * Updated libsodium to 1.0.20-stable (2025-12-31 build) - Update to 1.6.1 * The ``MAKE`` environment variable can now be used to specify the ``make`` binary that should be used in the build process. - update to 1.6.0: * BACKWARDS INCOMPATIBLE: Removed support for Python 3.6 and 3.7. * Added support for the low level AEAD AES bindings. * Added support for crypto_core_ed25519_from_uniform. * Update libsodium to 1.0.20-stable (2025-08-27 build). * Added support for free-threaded Python 3.14. * Added support for Windows on ARM wheels. - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - python-PyNaCl requires python-cffi [bsc#1161557] python313-PyNaCl-1.6.2-160000.1.1.aarch64.rpm python313-PyNaCl-1.6.2-160000.1.1.ppc64le.rpm python313-PyNaCl-1.6.2-160000.1.1.s390x.rpm python313-PyNaCl-1.6.2-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-659 Security update for ntfs-3g_ntfsprogs important SUSE SLFO 1.2 This update for ntfs-3g_ntfsprogs fixes the following issue: - CVE-2026-40706: heap buffer overflow in ntfs_build_permissions_posix() in acls.c (bsc#1262216). libntfs-3g-devel-2022.10.3-160000.3.1.aarch64.rpm libntfs-3g89-2022.10.3-160000.3.1.aarch64.rpm ntfs-3g-2022.10.3-160000.3.1.aarch64.rpm ntfsprogs-2022.10.3-160000.3.1.aarch64.rpm ntfsprogs-extra-2022.10.3-160000.3.1.aarch64.rpm libntfs-3g-devel-2022.10.3-160000.3.1.ppc64le.rpm libntfs-3g89-2022.10.3-160000.3.1.ppc64le.rpm ntfs-3g-2022.10.3-160000.3.1.ppc64le.rpm ntfsprogs-2022.10.3-160000.3.1.ppc64le.rpm ntfsprogs-extra-2022.10.3-160000.3.1.ppc64le.rpm libntfs-3g-devel-2022.10.3-160000.3.1.s390x.rpm libntfs-3g89-2022.10.3-160000.3.1.s390x.rpm ntfs-3g-2022.10.3-160000.3.1.s390x.rpm ntfsprogs-2022.10.3-160000.3.1.s390x.rpm ntfsprogs-extra-2022.10.3-160000.3.1.s390x.rpm libntfs-3g-devel-2022.10.3-160000.3.1.x86_64.rpm libntfs-3g89-2022.10.3-160000.3.1.x86_64.rpm ntfs-3g-2022.10.3-160000.3.1.x86_64.rpm ntfsprogs-2022.10.3-160000.3.1.x86_64.rpm ntfsprogs-extra-2022.10.3-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-66 Security update for libvirt moderate SUSE SLFO 1.2 This update for libvirt fixes the following issues: - CVE-2025-13193: Fixed Information disclosure via world-readable VM snapshots (bsc#1253703) - CVE-2025-12748: Fixed Denial of service in XML parsing (bsc#1253278) Other fixes: - spec: Adjust dbus dependency (bsc#1253642) - qemu: Add support for Intel TDX (jsc#PED-9265) libvirt-11.4.0-160000.3.1.aarch64.rpm libvirt-client-11.4.0-160000.3.1.aarch64.rpm libvirt-client-qemu-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-common-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-config-network-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-config-nwfilter-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-driver-network-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-driver-nodedev-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-driver-nwfilter-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-driver-qemu-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-driver-secret-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-driver-storage-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-driver-storage-core-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-driver-storage-disk-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-driver-storage-iscsi-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-driver-storage-iscsi-direct-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-driver-storage-logical-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-driver-storage-mpath-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-driver-storage-scsi-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-hooks-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-lock-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-log-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-plugin-lockd-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-proxy-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-qemu-11.4.0-160000.3.1.aarch64.rpm libvirt-devel-11.4.0-160000.3.1.aarch64.rpm libvirt-doc-11.4.0-160000.3.1.noarch.rpm libvirt-libs-11.4.0-160000.3.1.aarch64.rpm libvirt-nss-11.4.0-160000.3.1.aarch64.rpm libvirt-ssh-proxy-11.4.0-160000.3.1.aarch64.rpm wireshark-plugin-libvirt-11.4.0-160000.3.1.aarch64.rpm libvirt-11.4.0-160000.3.1.ppc64le.rpm libvirt-client-11.4.0-160000.3.1.ppc64le.rpm libvirt-client-qemu-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-common-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-config-network-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-config-nwfilter-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-driver-network-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-driver-nodedev-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-driver-nwfilter-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-driver-qemu-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-driver-secret-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-driver-storage-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-driver-storage-core-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-driver-storage-disk-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-driver-storage-iscsi-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-driver-storage-iscsi-direct-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-driver-storage-logical-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-driver-storage-mpath-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-driver-storage-scsi-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-hooks-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-lock-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-log-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-plugin-lockd-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-proxy-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-qemu-11.4.0-160000.3.1.ppc64le.rpm libvirt-devel-11.4.0-160000.3.1.ppc64le.rpm libvirt-libs-11.4.0-160000.3.1.ppc64le.rpm libvirt-nss-11.4.0-160000.3.1.ppc64le.rpm libvirt-ssh-proxy-11.4.0-160000.3.1.ppc64le.rpm wireshark-plugin-libvirt-11.4.0-160000.3.1.ppc64le.rpm libvirt-11.4.0-160000.3.1.s390x.rpm libvirt-client-11.4.0-160000.3.1.s390x.rpm libvirt-client-qemu-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-common-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-config-network-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-config-nwfilter-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-driver-network-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-driver-nodedev-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-driver-nwfilter-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-driver-qemu-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-driver-secret-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-driver-storage-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-driver-storage-core-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-driver-storage-disk-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-driver-storage-iscsi-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-driver-storage-iscsi-direct-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-driver-storage-logical-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-driver-storage-mpath-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-driver-storage-scsi-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-hooks-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-lock-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-log-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-plugin-lockd-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-proxy-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-qemu-11.4.0-160000.3.1.s390x.rpm libvirt-devel-11.4.0-160000.3.1.s390x.rpm libvirt-libs-11.4.0-160000.3.1.s390x.rpm libvirt-nss-11.4.0-160000.3.1.s390x.rpm libvirt-ssh-proxy-11.4.0-160000.3.1.s390x.rpm wireshark-plugin-libvirt-11.4.0-160000.3.1.s390x.rpm libvirt-11.4.0-160000.3.1.x86_64.rpm libvirt-client-11.4.0-160000.3.1.x86_64.rpm libvirt-client-qemu-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-common-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-config-network-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-config-nwfilter-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-driver-network-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-driver-nodedev-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-driver-nwfilter-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-driver-qemu-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-driver-secret-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-driver-storage-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-driver-storage-core-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-driver-storage-disk-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-driver-storage-iscsi-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-driver-storage-iscsi-direct-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-driver-storage-logical-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-driver-storage-mpath-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-driver-storage-scsi-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-hooks-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-lock-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-log-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-plugin-lockd-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-proxy-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-qemu-11.4.0-160000.3.1.x86_64.rpm libvirt-devel-11.4.0-160000.3.1.x86_64.rpm libvirt-libs-11.4.0-160000.3.1.x86_64.rpm libvirt-nss-11.4.0-160000.3.1.x86_64.rpm libvirt-ssh-proxy-11.4.0-160000.3.1.x86_64.rpm wireshark-plugin-libvirt-11.4.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-660 Security update for openexr important SUSE SLFO 1.2 This update for openexr fixes the following issues: - CVE-2026-40244: integer overflow in DWA setupChannelData planarUncRle pointer arithmetic (bsc#1262426). - CVE-2026-40250: integer overflow in DWA decoder outBufferEnd pointer arithmetic (bsc#1262425). libIex-3_2-31-3.2.2-160000.7.1.aarch64.rpm libIlmThread-3_2-31-3.2.2-160000.7.1.aarch64.rpm libOpenEXR-3_2-31-3.2.2-160000.7.1.aarch64.rpm libOpenEXRCore-3_2-31-3.2.2-160000.7.1.aarch64.rpm libOpenEXRUtil-3_2-31-3.2.2-160000.7.1.aarch64.rpm openexr-3.2.2-160000.7.1.aarch64.rpm openexr-devel-3.2.2-160000.7.1.aarch64.rpm openexr-doc-3.2.2-160000.7.1.noarch.rpm libIex-3_2-31-3.2.2-160000.7.1.ppc64le.rpm libIlmThread-3_2-31-3.2.2-160000.7.1.ppc64le.rpm libOpenEXR-3_2-31-3.2.2-160000.7.1.ppc64le.rpm libOpenEXRCore-3_2-31-3.2.2-160000.7.1.ppc64le.rpm libOpenEXRUtil-3_2-31-3.2.2-160000.7.1.ppc64le.rpm openexr-3.2.2-160000.7.1.ppc64le.rpm openexr-devel-3.2.2-160000.7.1.ppc64le.rpm libIex-3_2-31-3.2.2-160000.7.1.s390x.rpm libIlmThread-3_2-31-3.2.2-160000.7.1.s390x.rpm libOpenEXR-3_2-31-3.2.2-160000.7.1.s390x.rpm libOpenEXRCore-3_2-31-3.2.2-160000.7.1.s390x.rpm libOpenEXRUtil-3_2-31-3.2.2-160000.7.1.s390x.rpm openexr-3.2.2-160000.7.1.s390x.rpm openexr-devel-3.2.2-160000.7.1.s390x.rpm libIex-3_2-31-3.2.2-160000.7.1.x86_64.rpm libIex-3_2-31-x86-64-v3-3.2.2-160000.7.1.x86_64.rpm libIlmThread-3_2-31-3.2.2-160000.7.1.x86_64.rpm libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.7.1.x86_64.rpm libOpenEXR-3_2-31-3.2.2-160000.7.1.x86_64.rpm libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.7.1.x86_64.rpm libOpenEXRCore-3_2-31-3.2.2-160000.7.1.x86_64.rpm libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.7.1.x86_64.rpm libOpenEXRUtil-3_2-31-3.2.2-160000.7.1.x86_64.rpm libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.7.1.x86_64.rpm openexr-3.2.2-160000.7.1.x86_64.rpm openexr-devel-3.2.2-160000.7.1.x86_64.rpm openSUSE-Leap-16.0-661 Security update for helm moderate SUSE SLFO 1.2 This update for helm fixes the following issues: Update to version 3.20.2. Security issued fixed: - CVE-2025-55199: specially crafted JSON Schema can lead to out of memory (OOM) termination (bsc#1248093). - CVE-2026-35206: specially crafted Chart will have contents extracted to immediate output directory rather than to expected output directory suffixed by the Chart's name (bsc#1261938). Other updates and bugfixes: - Version 3.20.1: - chore(deps): bump the k8s-io group with 7 updates a2369ca (dependabot[bot]) - add image index test 90e1056 (Pedro Tôrres) - fix pulling charts from OCI indices 911f2e9 (Pedro Tôrres) - Remove refactorring changes from coalesce_test.go 76dad33 (Evans Mungai) - Fix import 45c12f7 (Evans Mungai) - Update pkg/chart/common/util/coalesce_test.go 26c6f19 (Evans Mungai) - Fix lint warning 09f5129 (Evans Mungai) - Preserve nil values in chart already 417deb2 (Evans Mungai) - fix(values): preserve nil values when chart default is empty map 5417bfa (Evans Mungai) - Version 3.20.0: - SDK: bump k8s API versions to v0.35.0 - v3 backport: Fixed a bug where helm uninstall with --keep-history did not suspend previous deployed releases #12564 - v3 backport: Bump Go version to v1.25 - bump version to v3.20 - chore(deps): bump golang.org/x/text from 0.32.0 to 0.33.0 - chore(deps): bump golang.org/x/term from 0.38.0 to 0.39.0 - chore(deps): bump github.com/foxcpp/go-mockdns from 1.1.0 to 1.2.0 - chore(deps): bump the k8s-io group with 7 updates - [dev-v3] Replace deprecated `NewSimpleClientset` - [dev-v3] Bump Go v1.25, `golangci-lint` v2 - chore(deps): bump github.com/BurntSushi/toml from 1.5.0 to 1.6.0 - chore(deps): bump github.com/containerd/containerd from 1.7.29 to 1.7.30 - fix(rollback): `errors.Is` instead of string comp - fix(uninstall): supersede deployed releases - Use latest patch release of Go in releases - chore(deps): bump golang.org/x/crypto from 0.45.0 to 0.46.0 - chore(deps): bump golang.org/x/text from 0.31.0 to 0.32.0 - chore(deps): bump golang.org/x/term from 0.37.0 to 0.38.0 - chore(deps): bump github.com/spf13/cobra from 1.10.1 to 1.10.2 - chore(deps): bump github.com/rubenv/sql-migrate from 1.8.0 to 1.8.1 - chore(deps): bump golang.org/x/crypto from 0.44.0 to 0.45.0 - chore(deps): bump github.com/cyphar/filepath-securejoin - chore(deps): bump golang.org/x/text from 0.30.0 to 0.31.0 - chore(deps): bump golang.org/x/crypto from 0.43.0 to 0.44.0 - Remove dev-v3 `helm-latest-version` publish - chore(deps): bump golang.org/x/term from 0.36.0 to 0.37.0 1.7.28 to 1.7.29 - Revert "pkg/registry: Login option for passing TLS config in memory" - jsonschema: warn and ignore unresolved URN $ref to match v3.18.4 - Fix `helm pull` untar dir check with repo urls - chore(deps): bump golang.org/x/crypto from 0.42.0 to 0.43.0 - chore(deps): bump github.com/gofrs/flock from 0.12.1 to 0.13.0 - chore(deps): bump golang.org/x/text from 0.29.0 to 0.30.0 - [backport] fix: get-helm-3 script use helm3-latest-version - pkg/registry: Login option for passing TLS config in memory - Fix deprecation warning - chore(deps): bump golang.org/x/crypto from 0.41.0 to 0.42.0 - chore(deps): bump golang.org/x/term from 0.34.0 to 0.35.0 - Avoid "panic: interface conversion: interface {} is nil" - bump version to v3.19.0 - chore(deps): bump github.com/spf13/pflag from 1.0.7 to 1.0.10 - fix: set repo authorizer in registry.Client.Resolve() - fix null merge - Add timeout flag to repo add and update flags - Version 3.19.5: - Fixed bug where removing subchart value via override resulted in warning #31118 - Fixed bug where helm uninstall with --keep-history did not suspend previous deployed releases #12556 - fix(rollback): errors.Is instead of string comp 4a19a5b (Hidde Beydals) - fix(uninstall): supersede deployed releases 7a00235 (Hidde Beydals) - fix null merge 578564e (Ben Foster) - Version 3.19.4: - Use latest patch release of Go in releases 7cfb6e4 (Matt Farina) - chore(deps): bump github.com/gofrs/flock from 0.12.1 to 0.13.0 59c951f (dependabot[bot]) - chore(deps): bump github.com/cyphar/filepath-securejoin d45f3f1 - chore(deps): bump golang.org/x/crypto from 0.44.0 to 0.45.0 d459544 (dependabot[bot]) - chore(deps): bump golang.org/x/term from 0.36.0 to 0.37.0 becd387 (dependabot[bot]) - chore(deps): bump the k8s-io group with 7 updates edb1579 - Version 3.19.3: - Bump golang.org/x/crypto to v0.45.0 - Version 3.19.2: - [backport] fix: get-helm-3 script use helm3-latest-version 8766e71 (George Jenkins) helm-3.20.2-160000.1.1.aarch64.rpm helm-bash-completion-3.20.2-160000.1.1.noarch.rpm helm-fish-completion-3.20.2-160000.1.1.noarch.rpm helm-zsh-completion-3.20.2-160000.1.1.noarch.rpm helm-3.20.2-160000.1.1.ppc64le.rpm helm-3.20.2-160000.1.1.s390x.rpm helm-3.20.2-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-662 Recommended update for sysctl-logger moderate SUSE SLFO 1.2 This update for sysctl-logger fixes the following issues: - Update to v0.0.7: * Add systemd hardenings * Make output directory visible - Specify LLVM version to use for SLES 15 SP7 sysctl-logger-0.0.7-160000.1.1.aarch64.rpm sysctl-logger-0.0.7-160000.1.1.ppc64le.rpm sysctl-logger-0.0.7-160000.1.1.s390x.rpm sysctl-logger-0.0.7-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-663 Security update for freerdp important SUSE SLFO 1.2 This update for freerdp fixes the following issues: Update to version 3.24.2. Security issues fixed: - CVE-2026-25941: out-of-bounds read in the FreeRDP client RDPGFX channel (bsc#1258919). - CVE-2026-25942: buffer overflow of global array in `xf_rail_server_execute_result` (bsc#1258920). - CVE-2026-25952: heap use-after-free in `xf_SetWindowMinMaxInfo` (bsc#1258921). - CVE-2026-25953: heap use-after-free in `xf_AppUpdateWindowFromSurface` (bsc#1258923). - CVE-2026-25954: heap use-after-free in `xf_rail_server_local_move_size` (bsc#1258924). - CVE-2026-25955: heap use-after-free in `xf_AppUpdateWindowFromSurface` (bsc#1258973). - CVE-2026-25959: heap use-after-free in `xf_cliprdr_provide_data_` (bsc#1258976). - CVE-2026-25997: heap use-after-free in `xf_clipboard_format_equal` (bsc#1258977). - CVE-2026-26271: buffer overread in FreeRDP icon processing (bsc#1258979). - CVE-2026-26955: out-of-bounds write in FreeRDP clients using the GDI surface pipeline (bsc#1258982). - CVE-2026-26965: out-of-bounds write in FreeRDP client RLE planar decode path (bsc#1258985). - CVE-2026-29774: heap buffer overflow in the FreeRDP client's AVC420/AVC444 YUV-to-RGB conversion path (bsc#1259689). - CVE-2026-29775: out-of-bounds access in the FreeRDP client bitmap cache subsystem (bsc#1259684). - CVE-2026-29776: integer underflow in `update_read_cache_bitmap_order` (bsc#1259692). - CVE-2026-31806: heap buffer overflow in `nsc_process_message` (bsc#1259653). - CVE-2026-31883: heap buffer overwrite due to a `size_t` underflow in the IMA-ADPCM and MS-ADPCM audio decoders (bsc#1259679). - CVE-2026-31884: division by zero in MS-ADPCM and IMA-ADPCM decoders (bsc#1259680). - CVE-2026-31885: out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders (bsc#1259686). - CVE-2026-31897: out-of-bounds read in `freerdp_bitmap_decompress_planar` (bsc#1259693). - CVE-2026-33952: client-side crash due to `WINPR_ASSERT()` failure in `rts_read_auth_verifier_no_checks()` (bsc#1261196). - CVE-2026-33977: client-side crash due to `WINPR_ASSERT()` failure in IMA ADPCM audio decoder (bsc#1261198). - CVE-2026-33982: heap buffer overread in in `winpr_aligned_offset_recalloc` (bsc#1261222). - CVE-2026-33983: undefined behavior and resource exhaustion via 80 billion iteration loop in `progressive_decompress_tile_upgrade` (bsc#1261200). - CVE-2026-33984: heap buffer overflow in ClearCodec `resize_vbar_entry` (bsc#1261211). - CVE-2026-33985: heap out-of-bounds read in `clear_decompress_glyph_data` (bsc#1261217). - CVE-2026-33986: heap out-of-bounds write due to H.264 YUV buffer dimension desync (bsc#1261223). - CVE-2026-33987: heap out-of-bounds write due to persistent cache bmpSize desync (bsc#1261226). - CVE-2026-33995: double-free vulnerability in `kerberos_AcceptSecurityContext` and `kerberos_InitializeSecurityContextA` (bsc#1261227). Other updates and bugfixes: - Version 3.24.2: * [channels,video] fix wrong cast (#12511) * [codec,openh264] reject encoder ABI mismatch on runtime-loaded library (#12510) * [client,sdl] create a copy of rdpPointer (#12512) * [codec,video] properly pass intermediate format (#12518) * [utils, signal] lazily initialize Windows CRITICAL_SECTION to match POSIX static mutex behavior (#12520) winpr: improve libunwind backtraces (#12530) * [server,shadow] remember selected caps (#12528) * Zero credential data before free in NLA and NTLM context (#12532) * [server,proxy] ignore missing client in input channel (#12536) * [server,proxy] ignore rdpdr messages (#12537) * [winpr,sspi] improve kerberos logging (#12538) * Codec fixes (#12542) - Version 3.24.1: * [warnings] fix various sign and cast warnings (#12480) * [client,x11] start with xfc->remote_app = TRUE; (#12491) * Sam file read regression fix (#12484) * [ncrypt,smartcardlogon] support ECC keys in PKCS#11 smartcard enumeration (#12490) * Fix: memory leak in rdp_client_establish_keys() (#12494) * Fix memory leak in freerdp_settings_int_buffer_copy() on error paths (libfreerdp/core/settings.c) (#12486) * Code Cleanups (#12493) * Fix: memory leak in PCSC_SCardListReadersW() (#12495) * [channels,telemetry] use dynamic logging (#12496) * [channel,gfx] use generic plugin log (@12498, #12499) * [channels,audin] set error when audio_format_read fails (#12500) * [channels,video] unify error handling (#12502) * Fastpath fine grained lock (#12503) * [core,update] make the PlaySound callback non-mandatory (#12504) * Refinements: RPM build updates, FIPS improvements (#12506) - Version 3.24.0: * Completed the [[nodiscard]] marking of the API to warn about problematic * unchecked use of functions * Added full C23 support (default stays at C11) to allow new compilers * to do stricter checking * Improved X11 and SDL3 clients * Improved smartcard support * proxy now supports RFX graphics mode * Attribute nodiscard related chanes (#12325, #12360, #12395, #12406, #12421, #12426, #12177, #12403, #12405, #12407, #12409, #12408, #12412, #12413) * c23 related improvements (#12368, #12371, #12379, #12381, #12383, #12385, #12386, #12387, #12384) * Generic code cleanups (#12382, #12439, #12455, #12462, #12399, #12473) [core,utils] ignore NULL values in remove_rdpdr_type (#12372) * [codec,fdk] revert use of WinPR types (#12373) * [core,gateway] ignore incomplete rpc header (#12375, #12376) * [warnings] make function declaration names consistent (#12377) * [libfreerdp] Add new define for logon error info (#12380) * [client,x11] improve rails window locking (#12392) * Reload fix missing null checks (#12396) * Bounds checks (#12400) * [server,proxy] check for nullptr before using scard_call_context (#12404) * [uwac] fix rectangular glitch around surface damage regions (#12410) * Address various error handling inconsistencies (#12411) * [core,server] Improve WTS API locking (#12414) * Address some GCC compile issues (#12415, #12420) * Winpr atexit (#12416) * [winpr,smartcard] fix function pointer casts (#12422) * Xf timer fix (#12423) * [client,sdl] workaround for wlroots compositors (#12425) * [client,sdl] fix SdlWindow::query (#12378) * [winpr,smartcard] fix PCSC_ReleaseCardContext (#12427) * [client,x11] eliminate obsolete compile flags (#12428) * [client,common] skip sending input events when not connected (#12429) * Input connected checks (#12430) * Floatbar and display channel improvements (#12431) * [winpr,platform] fix WINPR_ATTR_NODISCARD definition (#12432) * [client] Fix writing of gatewayusagemethod to .rdp files (#12433) * Nodiscard finetune (#12435) * [core] fix missing gateway credential sync (#12436) * [client,sdl3] limit FREERDP_WLROOTS_HACK (#12441) * [core,settings] Allow FreeRDP_instance in setter (#12442) * [codec,h264] make log message trace (#12444) * X11 rails improve (#12440) * [codec,nsc] limit copy area in nsc_process_message (#12448) * Proxy support RFX and NSC settings (#12449) * [client,common] display a shortened help on parsing issues (#12450) * [winpr,smartcard] refine locking for pcsc layer (#12451) * [codec,swscale] allow runtime loading of swscale (#12452) * Swscale fallback (#12454) * Sdl multi scaling support (#12456) * [packaging,flatpak] update runtime and dependencies (#12457) * [codec,video] add doxygen version details (#12458) * [github,templates] update templates (#12460) * [client,sdl] allow FREERDP_WLROOTS_HACK for all sessions (#12461) * [warnings,nodiscard] add log messages for failures (#12463) * [gdi,gdi] ignore empty rectangles (#12467) * Smartcard fix smartcard-login, pass rdpContext for abort (#12466) * [winpr,smartcard] fix compiler warnings (#12469) * [winpr,timezone] fix search for transition dates (#12468) * [client,common] improve /p help (#12471) * Scard logging refactored (#12472) * [emu,scard] fix smartcard emulation (#12475) * Sdl null cursor (#12474) - Version 3.23.0: * Sdl cleanup (#12202) * [client,sdl] do not apply window offset (#12205) * [client,sdl] add SDL_Error to exceptions (#12214) * Rdp monitor log (#12215) * [winpr,smartcard] implement some attributes (#12213) * [client,windows] Fix return value checks for mouse event functions (#12279) * [channels,rdpecam] fix sws context checks (#12272) * [client,windows] Enhance error handling and context validation (#12264) * [client,windows] Add window handle validation in RDP_EVENT_TYPE_WINDOW_NEW (#12261) * [client,sdl] fix multimon/fullscreen on wayland (#12248) * Vendor by app (#12207) * [core,gateway] relax TSG parsing (#12283) * [winpr,smartcard] simplify PCSC_ReadDeviceSystemName (#12273) * [client,windows] Implement complete keyboard indicator synchronization (#12268) * Fixes more more more (#12286) * Use application details for names (#12285) * warning cleanups (#12289) * Warning cleanup (#12291) * [client,windows] Enhance memory safety with NULL checks and resource protection (#12271) * [client,x11] apply /size:xx% only once (#12293) * Freerdp config test (#12295) * [winpr,smartcard] fix returned attribute length (#12296) * [client,SDL3] Fix properly handle smart-sizing with fullscreen (#12298) * [core,test] fix use after free (#12299) * Sign warnings (#12300) * [cmake,compiler] disable -Wjump-misses-init (#12301) * [codec,color] fix input length checks (#12302) * [client,sdl] improve cursor updates, fix surface sizes (#12303) * Sdl fullscreen (#12217) * [client,sdl] fix move constructor of SdlWindow (#12305) * [utils,smartcard] check stream length on padding (#12306) * [android] Fix invert scrolling default value mismatch (#12309) * Clear fix bounds checks (#12310) * Winpr attr nodiscard fkt ptr (#12311) * [codec,planar] fix missing destination bounds checks (#12312) * [codec,clear] fix destination checks (#12315) * NSC Codec fixes (#12317) * Freerdp api nodiscard (#12313) * [allocations] fix growth of preallocated buffers (#12319) * Rdpdr simplify (#12320) * Resource fix (#12323) * [winpr,utils] ensure message queue capacity (#12322) * [server,shadow] fix return and parameter checks (#12330) * Shadow fixes (#12331) * [rdtk,nodiscard] mark rdtk API nodiscard (#12329) * [client,x11] fix XGetWindowProperty return handling (#12334) * Win32 signal (#12335) * [channel,usb] fix message parsing and creation (#12336) * [cmake] Define WINPR_DEFINE_ATTR_NODISCARD (#12338) * Proxy config fix (#12345) * [codec,progressive] refine progressive decoding (#12347) * [client,sdl] fix sdl_Pointer_New (#12350) * [core,gateway] parse [MS-TSGU] 2.2.10.5 HTTP_CHANNEL_RESPONSE_OPTIONAL (#12353) * X11 kbd sym (#12354) * Windows compile warning fixes (#12357,#12358,#12359) freerdp-3.24.2-160000.1.1.aarch64.rpm freerdp-devel-3.24.2-160000.1.1.aarch64.rpm freerdp-proxy-3.24.2-160000.1.1.aarch64.rpm freerdp-proxy-plugins-3.24.2-160000.1.1.aarch64.rpm freerdp-sdl-3.24.2-160000.1.1.aarch64.rpm freerdp-server-3.24.2-160000.1.1.aarch64.rpm freerdp-wayland-3.24.2-160000.1.1.aarch64.rpm libfreerdp-server-proxy3-3-3.24.2-160000.1.1.aarch64.rpm libfreerdp3-3-3.24.2-160000.1.1.aarch64.rpm librdtk0-0-3.24.2-160000.1.1.aarch64.rpm libuwac0-0-3.24.2-160000.1.1.aarch64.rpm libwinpr3-3-3.24.2-160000.1.1.aarch64.rpm rdtk0-devel-3.24.2-160000.1.1.aarch64.rpm uwac0-devel-3.24.2-160000.1.1.aarch64.rpm winpr-devel-3.24.2-160000.1.1.aarch64.rpm freerdp-3.24.2-160000.1.1.ppc64le.rpm freerdp-devel-3.24.2-160000.1.1.ppc64le.rpm freerdp-proxy-3.24.2-160000.1.1.ppc64le.rpm freerdp-proxy-plugins-3.24.2-160000.1.1.ppc64le.rpm freerdp-sdl-3.24.2-160000.1.1.ppc64le.rpm freerdp-server-3.24.2-160000.1.1.ppc64le.rpm freerdp-wayland-3.24.2-160000.1.1.ppc64le.rpm libfreerdp-server-proxy3-3-3.24.2-160000.1.1.ppc64le.rpm libfreerdp3-3-3.24.2-160000.1.1.ppc64le.rpm librdtk0-0-3.24.2-160000.1.1.ppc64le.rpm libuwac0-0-3.24.2-160000.1.1.ppc64le.rpm libwinpr3-3-3.24.2-160000.1.1.ppc64le.rpm rdtk0-devel-3.24.2-160000.1.1.ppc64le.rpm uwac0-devel-3.24.2-160000.1.1.ppc64le.rpm winpr-devel-3.24.2-160000.1.1.ppc64le.rpm freerdp-3.24.2-160000.1.1.s390x.rpm freerdp-devel-3.24.2-160000.1.1.s390x.rpm freerdp-proxy-3.24.2-160000.1.1.s390x.rpm freerdp-proxy-plugins-3.24.2-160000.1.1.s390x.rpm freerdp-sdl-3.24.2-160000.1.1.s390x.rpm freerdp-server-3.24.2-160000.1.1.s390x.rpm freerdp-wayland-3.24.2-160000.1.1.s390x.rpm libfreerdp-server-proxy3-3-3.24.2-160000.1.1.s390x.rpm libfreerdp3-3-3.24.2-160000.1.1.s390x.rpm librdtk0-0-3.24.2-160000.1.1.s390x.rpm libuwac0-0-3.24.2-160000.1.1.s390x.rpm libwinpr3-3-3.24.2-160000.1.1.s390x.rpm rdtk0-devel-3.24.2-160000.1.1.s390x.rpm uwac0-devel-3.24.2-160000.1.1.s390x.rpm winpr-devel-3.24.2-160000.1.1.s390x.rpm freerdp-3.24.2-160000.1.1.x86_64.rpm freerdp-devel-3.24.2-160000.1.1.x86_64.rpm freerdp-proxy-3.24.2-160000.1.1.x86_64.rpm freerdp-proxy-plugins-3.24.2-160000.1.1.x86_64.rpm freerdp-sdl-3.24.2-160000.1.1.x86_64.rpm freerdp-server-3.24.2-160000.1.1.x86_64.rpm freerdp-wayland-3.24.2-160000.1.1.x86_64.rpm libfreerdp-server-proxy3-3-3.24.2-160000.1.1.x86_64.rpm libfreerdp3-3-3.24.2-160000.1.1.x86_64.rpm librdtk0-0-3.24.2-160000.1.1.x86_64.rpm libuwac0-0-3.24.2-160000.1.1.x86_64.rpm libwinpr3-3-3.24.2-160000.1.1.x86_64.rpm rdtk0-devel-3.24.2-160000.1.1.x86_64.rpm uwac0-devel-3.24.2-160000.1.1.x86_64.rpm winpr-devel-3.24.2-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-664 Security update for himmelblau moderate SUSE SLFO 1.2 This update for himmelblau fixes the following issues: Update to version 2.3.9+git0.a9fd29b. Security issues fixed: - CVE-2026-34397: Fixed naming collision that can lead to local privilege escalation (bsc#1261324). Other updates and bugfixes: - update aws-lc-sys to 0.39.0 for security fixes - update rustls-webpki to 0.103.10 for CRL revocation fix - Version 2.3.9: * packaging: fix if/else block for debian's postrm * Update apparmor.unix-chkpwd.local (Issue #1252) * When Hello user encounters SSPR demand, be permissive * add tests for sudo_groups functionality * Fix config tests to ignore local host config * Do not clear $NOTIFY_SOCKET when calling sd_ready * Fix token cache 24h purge * broker: use SSO server nonce for PRT only when provided * Fix pam_himmelblau blocking local user password changes (#1199) * Remove unused File import * Use is_ascii_alphanumeric() for account_id validation * Fix path traversal in LoadProfilePhoto AccountsService writes * Drop initialization tracing span * himmelblau-hsm-pin-init: drop RemainAfterExit=yes * Add fallback behavior when consent is required * qr-greeter: enable extension without socket noise * debian: make install/remove noninteractive; reduce QR postinst noise; soften missing hello prt * Never respond with BadRequest without error detail * deps(rust): bump the all-cargo-updates group across 1 directory with 7 updates himmelblau-2.3.9+git0.a9fd29b-160000.1.1.aarch64.rpm himmelblau-qr-greeter-2.3.9+git0.a9fd29b-160000.1.1.noarch.rpm himmelblau-sshd-config-2.3.9+git0.a9fd29b-160000.1.1.noarch.rpm himmelblau-sso-2.3.9+git0.a9fd29b-160000.1.1.aarch64.rpm libnss_himmelblau2-2.3.9+git0.a9fd29b-160000.1.1.aarch64.rpm pam-himmelblau-2.3.9+git0.a9fd29b-160000.1.1.aarch64.rpm himmelblau-2.3.9+git0.a9fd29b-160000.1.1.x86_64.rpm himmelblau-sso-2.3.9+git0.a9fd29b-160000.1.1.x86_64.rpm libnss_himmelblau2-2.3.9+git0.a9fd29b-160000.1.1.x86_64.rpm pam-himmelblau-2.3.9+git0.a9fd29b-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-665 Security update for libspectre moderate SUSE SLFO 1.2 This update for libspectre fixes the following issues: - rebuilds against ghostscript version update. libspectre-devel-0.2.12-160000.2.3.aarch64.rpm libspectre1-0.2.12-160000.2.3.aarch64.rpm libspectre-devel-0.2.12-160000.2.3.ppc64le.rpm libspectre1-0.2.12-160000.2.3.ppc64le.rpm libspectre-devel-0.2.12-160000.2.3.s390x.rpm libspectre1-0.2.12-160000.2.3.s390x.rpm libspectre-devel-0.2.12-160000.2.3.x86_64.rpm libspectre1-0.2.12-160000.2.3.x86_64.rpm openSUSE-Leap-16.0-666 Security update for the Linux Kernel important SUSE SLFO 1.2 The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573). kernel-default-base-6.12.0-160000.29.1.160000.2.9.aarch64.rpm True kernel-devel-6.12.0-160000.29.1.noarch.rpm True kernel-macros-6.12.0-160000.29.1.noarch.rpm True kernel-source-6.12.0-160000.29.1.noarch.rpm True kernel-source-vanilla-6.12.0-160000.29.1.noarch.rpm True dtb-allwinner-6.12.0-160000.29.1.aarch64.rpm True dtb-altera-6.12.0-160000.29.1.aarch64.rpm True dtb-amazon-6.12.0-160000.29.1.aarch64.rpm True dtb-amd-6.12.0-160000.29.1.aarch64.rpm True dtb-amlogic-6.12.0-160000.29.1.aarch64.rpm True dtb-apm-6.12.0-160000.29.1.aarch64.rpm True dtb-apple-6.12.0-160000.29.1.aarch64.rpm True dtb-arm-6.12.0-160000.29.1.aarch64.rpm True dtb-broadcom-6.12.0-160000.29.1.aarch64.rpm True dtb-cavium-6.12.0-160000.29.1.aarch64.rpm True dtb-exynos-6.12.0-160000.29.1.aarch64.rpm True dtb-freescale-6.12.0-160000.29.1.aarch64.rpm True dtb-hisilicon-6.12.0-160000.29.1.aarch64.rpm True dtb-lg-6.12.0-160000.29.1.aarch64.rpm True dtb-marvell-6.12.0-160000.29.1.aarch64.rpm True dtb-mediatek-6.12.0-160000.29.1.aarch64.rpm True dtb-nvidia-6.12.0-160000.29.1.aarch64.rpm True dtb-qcom-6.12.0-160000.29.1.aarch64.rpm True dtb-renesas-6.12.0-160000.29.1.aarch64.rpm True dtb-rockchip-6.12.0-160000.29.1.aarch64.rpm True dtb-socionext-6.12.0-160000.29.1.aarch64.rpm True dtb-sprd-6.12.0-160000.29.1.aarch64.rpm True dtb-xilinx-6.12.0-160000.29.1.aarch64.rpm True cluster-md-kmp-64kb-6.12.0-160000.29.1.aarch64.rpm True dlm-kmp-64kb-6.12.0-160000.29.1.aarch64.rpm True gfs2-kmp-64kb-6.12.0-160000.29.1.aarch64.rpm True kernel-64kb-6.12.0-160000.29.1.aarch64.rpm True kernel-64kb-devel-6.12.0-160000.29.1.aarch64.rpm True kernel-64kb-extra-6.12.0-160000.29.1.aarch64.rpm True kernel-64kb-optional-6.12.0-160000.29.1.aarch64.rpm True kselftests-kmp-64kb-6.12.0-160000.29.1.aarch64.rpm True ocfs2-kmp-64kb-6.12.0-160000.29.1.aarch64.rpm True cluster-md-kmp-azure-6.12.0-160000.29.1.aarch64.rpm True dlm-kmp-azure-6.12.0-160000.29.1.aarch64.rpm True gfs2-kmp-azure-6.12.0-160000.29.1.aarch64.rpm True kernel-azure-6.12.0-160000.29.1.aarch64.rpm True kernel-azure-devel-6.12.0-160000.29.1.aarch64.rpm True kernel-azure-extra-6.12.0-160000.29.1.aarch64.rpm True kernel-azure-optional-6.12.0-160000.29.1.aarch64.rpm True kselftests-kmp-azure-6.12.0-160000.29.1.aarch64.rpm True ocfs2-kmp-azure-6.12.0-160000.29.1.aarch64.rpm True cluster-md-kmp-default-6.12.0-160000.29.1.aarch64.rpm True dlm-kmp-default-6.12.0-160000.29.1.aarch64.rpm True gfs2-kmp-default-6.12.0-160000.29.1.aarch64.rpm True kernel-default-6.12.0-160000.29.1.aarch64.rpm True kernel-default-devel-6.12.0-160000.29.1.aarch64.rpm True kernel-default-extra-6.12.0-160000.29.1.aarch64.rpm True kernel-default-optional-6.12.0-160000.29.1.aarch64.rpm True kselftests-kmp-default-6.12.0-160000.29.1.aarch64.rpm True ocfs2-kmp-default-6.12.0-160000.29.1.aarch64.rpm True kernel-docs-6.12.0-160000.29.1.noarch.rpm True kernel-docs-html-6.12.0-160000.29.1.noarch.rpm True kernel-kvmsmall-6.12.0-160000.29.1.aarch64.rpm True kernel-kvmsmall-devel-6.12.0-160000.29.1.aarch64.rpm True kernel-obs-build-6.12.0-160000.29.1.aarch64.rpm True kernel-obs-qa-6.12.0-160000.29.1.aarch64.rpm True cluster-md-kmp-rt-6.12.0-160000.29.1.aarch64.rpm True dlm-kmp-rt-6.12.0-160000.29.1.aarch64.rpm True gfs2-kmp-rt-6.12.0-160000.29.1.aarch64.rpm True kernel-rt-6.12.0-160000.29.1.aarch64.rpm True kernel-rt-devel-6.12.0-160000.29.1.aarch64.rpm True kernel-rt-extra-6.12.0-160000.29.1.aarch64.rpm True kernel-rt-optional-6.12.0-160000.29.1.aarch64.rpm True kselftests-kmp-rt-6.12.0-160000.29.1.aarch64.rpm True ocfs2-kmp-rt-6.12.0-160000.29.1.aarch64.rpm True kernel-syms-6.12.0-160000.29.1.aarch64.rpm True kernel-default-base-6.12.0-160000.29.1.160000.2.9.ppc64le.rpm True cluster-md-kmp-default-6.12.0-160000.29.1.ppc64le.rpm True dlm-kmp-default-6.12.0-160000.29.1.ppc64le.rpm True gfs2-kmp-default-6.12.0-160000.29.1.ppc64le.rpm True kernel-default-6.12.0-160000.29.1.ppc64le.rpm True kernel-default-devel-6.12.0-160000.29.1.ppc64le.rpm True kernel-default-extra-6.12.0-160000.29.1.ppc64le.rpm True kernel-default-optional-6.12.0-160000.29.1.ppc64le.rpm True kselftests-kmp-default-6.12.0-160000.29.1.ppc64le.rpm True ocfs2-kmp-default-6.12.0-160000.29.1.ppc64le.rpm True kernel-kvmsmall-6.12.0-160000.29.1.ppc64le.rpm True kernel-kvmsmall-devel-6.12.0-160000.29.1.ppc64le.rpm True kernel-obs-build-6.12.0-160000.29.1.ppc64le.rpm True kernel-obs-qa-6.12.0-160000.29.1.ppc64le.rpm True kernel-syms-6.12.0-160000.29.1.ppc64le.rpm True cluster-md-kmp-default-6.12.0-160000.29.1.s390x.rpm True dlm-kmp-default-6.12.0-160000.29.1.s390x.rpm True gfs2-kmp-default-6.12.0-160000.29.1.s390x.rpm True kernel-default-6.12.0-160000.29.1.s390x.rpm True kernel-default-devel-6.12.0-160000.29.1.s390x.rpm True kernel-default-extra-6.12.0-160000.29.1.s390x.rpm True kernel-default-optional-6.12.0-160000.29.1.s390x.rpm True kselftests-kmp-default-6.12.0-160000.29.1.s390x.rpm True ocfs2-kmp-default-6.12.0-160000.29.1.s390x.rpm True kernel-obs-build-6.12.0-160000.29.1.s390x.rpm True kernel-obs-qa-6.12.0-160000.29.1.s390x.rpm True kernel-syms-6.12.0-160000.29.1.s390x.rpm True kernel-zfcpdump-6.12.0-160000.29.1.s390x.rpm True kernel-default-base-6.12.0-160000.29.1.160000.2.9.x86_64.rpm True cluster-md-kmp-azure-6.12.0-160000.29.1.x86_64.rpm True dlm-kmp-azure-6.12.0-160000.29.1.x86_64.rpm True gfs2-kmp-azure-6.12.0-160000.29.1.x86_64.rpm True kernel-azure-6.12.0-160000.29.1.x86_64.rpm True kernel-azure-devel-6.12.0-160000.29.1.x86_64.rpm True kernel-azure-extra-6.12.0-160000.29.1.x86_64.rpm True kernel-azure-optional-6.12.0-160000.29.1.x86_64.rpm True kernel-azure-vdso-6.12.0-160000.29.1.x86_64.rpm True kselftests-kmp-azure-6.12.0-160000.29.1.x86_64.rpm True ocfs2-kmp-azure-6.12.0-160000.29.1.x86_64.rpm True cluster-md-kmp-default-6.12.0-160000.29.1.x86_64.rpm True dlm-kmp-default-6.12.0-160000.29.1.x86_64.rpm True gfs2-kmp-default-6.12.0-160000.29.1.x86_64.rpm True kernel-default-6.12.0-160000.29.1.x86_64.rpm True kernel-default-devel-6.12.0-160000.29.1.x86_64.rpm True kernel-default-extra-6.12.0-160000.29.1.x86_64.rpm True kernel-default-optional-6.12.0-160000.29.1.x86_64.rpm True kernel-default-vdso-6.12.0-160000.29.1.x86_64.rpm True kselftests-kmp-default-6.12.0-160000.29.1.x86_64.rpm True ocfs2-kmp-default-6.12.0-160000.29.1.x86_64.rpm True kernel-kvmsmall-6.12.0-160000.29.1.x86_64.rpm True kernel-kvmsmall-devel-6.12.0-160000.29.1.x86_64.rpm True kernel-kvmsmall-vdso-6.12.0-160000.29.1.x86_64.rpm True kernel-obs-build-6.12.0-160000.29.1.x86_64.rpm True kernel-obs-qa-6.12.0-160000.29.1.x86_64.rpm True cluster-md-kmp-rt-6.12.0-160000.29.1.x86_64.rpm True dlm-kmp-rt-6.12.0-160000.29.1.x86_64.rpm True gfs2-kmp-rt-6.12.0-160000.29.1.x86_64.rpm True kernel-rt-6.12.0-160000.29.1.x86_64.rpm True kernel-rt-devel-6.12.0-160000.29.1.x86_64.rpm True kernel-rt-extra-6.12.0-160000.29.1.x86_64.rpm True kernel-rt-optional-6.12.0-160000.29.1.x86_64.rpm True kernel-rt-vdso-6.12.0-160000.29.1.x86_64.rpm True kselftests-kmp-rt-6.12.0-160000.29.1.x86_64.rpm True ocfs2-kmp-rt-6.12.0-160000.29.1.x86_64.rpm True kernel-syms-6.12.0-160000.29.1.x86_64.rpm True openSUSE-Leap-16.0-669 Security update for MozillaFirefox important SUSE SLFO 1.2 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.10.1 ESR. - MFSA 2026-36 (bsc#1263110) * CVE-2026-7320: Information disclosure due to incorrect boundary conditions in the Audio/Video component. * CVE-2026-7321: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. * CVE-2026-7322: Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1, Thunderbird ESR 140.10.1, Firefox 150.0.1 and Thunderbird 150.0.1 * CVE-2026-7323: Memory safety bugs fixed in Firefox ESR 140.10.1, Thunderbird ESR 140.10.1, Firefox 150.0.1 and Thunderbird 150.0.1 MozillaFirefox-140.10.1-160000.1.1.aarch64.rpm MozillaFirefox-branding-upstream-140.10.1-160000.1.1.aarch64.rpm MozillaFirefox-devel-140.10.1-160000.1.1.noarch.rpm MozillaFirefox-translations-common-140.10.1-160000.1.1.aarch64.rpm MozillaFirefox-translations-other-140.10.1-160000.1.1.aarch64.rpm MozillaFirefox-140.10.1-160000.1.1.ppc64le.rpm MozillaFirefox-branding-upstream-140.10.1-160000.1.1.ppc64le.rpm MozillaFirefox-translations-common-140.10.1-160000.1.1.ppc64le.rpm MozillaFirefox-translations-other-140.10.1-160000.1.1.ppc64le.rpm MozillaFirefox-140.10.1-160000.1.3.s390x.rpm MozillaFirefox-branding-upstream-140.10.1-160000.1.3.s390x.rpm MozillaFirefox-devel-140.10.1-160000.1.3.noarch.rpm MozillaFirefox-translations-common-140.10.1-160000.1.3.s390x.rpm MozillaFirefox-translations-other-140.10.1-160000.1.3.s390x.rpm MozillaFirefox-140.10.1-160000.1.1.x86_64.rpm MozillaFirefox-branding-upstream-140.10.1-160000.1.1.x86_64.rpm MozillaFirefox-translations-common-140.10.1-160000.1.1.x86_64.rpm MozillaFirefox-translations-other-140.10.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-67 Recommended update for read-only-root-fs moderate SUSE SLFO 1.2 This update for read-only-root-fs fixes the following issues: - Add additional check in %post to prevent generating the btrfs /etc subvolume during a KIWI run (bsc#1250133) read-only-root-fs-1.0+git20250708.3eed5de-160000.3.1.noarch.rpm read-only-root-fs-volatile-1.0+git20250708.3eed5de-160000.3.1.noarch.rpm openSUSE-Leap-16.0-670 Recommended update for rpmlint moderate SUSE SLFO 1.2 This update for rpmlint fixes the following issues: - Update to version 2.7.0+git20260429.f70bc58d (bsc#1261308): * AlternativesCheck: Fix .conf files regex * CI: Use leap containers instead of TW rpmlint-2.7.0+git20260429.f70bc58d-160000.1.1.noarch.rpm rpmlint-strict-2.7.0+git20260429.f70bc58d-160000.1.1.noarch.rpm openSUSE-Leap-16.0-671 Security update for google-cloud-sap-agent important SUSE SLFO 1.2 This update for google-cloud-sap-agent fixes the following issue: - CVE-2026-34986: github.com/go-jose/go-jose/v4: processing of JWE object with empty `encrypted_key` field but key wrapping algorithm set can lead to a denial of service (bsc#1262936). google-cloud-sap-agent-3.12-160000.2.1.aarch64.rpm google-cloud-sap-agent-3.12-160000.2.1.ppc64le.rpm google-cloud-sap-agent-3.12-160000.2.1.s390x.rpm google-cloud-sap-agent-3.12-160000.2.1.x86_64.rpm openSUSE-Leap-16.0-672 Security update for php-composer2 important SUSE SLFO 1.2 This update for php-composer2 fixes the following issues: - CVE-2025-67746: ANSI control characters injection in terminal output of various Composer commands via attacker controlled remote sources (bsc#1255768). - CVE-2026-40176: arbitrary command injection via malicious Perforce repository definition (bsc#1262254). - CVE-2026-40261: arbitrary command injection via malicious Perforce source reference/url (bsc#1262255). php-composer2-2.8.9-160000.3.1.noarch.rpm openSUSE-Leap-16.0-673 Recommended update for libica moderate SUSE SLFO 1.2 This update for libica fixes the following issues: - Upgrade libica to version 4.4.1. - Applied a patch for FIPS 140-3 project for SLES16.0 and SL Micro 6.2. - Removed obsolete patch. - Move unversioned libica.so from tools to libica4 subpackage to ensure openssl-ibmca can reliably load it via DSO_load() in minimal environments (bsc#952871). libica-devel-4.4.1-160000.1.1.s390x.rpm libica-devel-static-4.4.1-160000.1.1.s390x.rpm libica-tools-4.4.1-160000.1.1.s390x.rpm libica4-4.4.1-160000.1.1.s390x.rpm openSUSE-Leap-16.0-674 Security update for java-25-openjdk important SUSE SLFO 1.2 This update for java-25-openjdk fixes the following issues: Update to upstream tag jdk-25.0.3+9 (April 2026 CPU). Security issues fixed: - CVE-2026-22007: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of accessible data (bsc#1262490). - CVE-2026-22008: Libraries: unauthenticated attacker with network access via multiple protocols can gain unauthorized update, insert or delete access to data (bsc#1262493). - CVE-2026-22013: JGSS: unauthenticated attacker with network access via multiple protocols can gain unauthorized access to critical data (bsc#1262494). - CVE-2026-22016: JAXP: unauthenticated attacker with network access via multiple protocols can gain unauthorized to access critical data (bsc#1262495). - CVE-2026-22018: Libraries: unauthenticated attacker with network access via multiple protocols can cause a partial denial of service (bsc#1262496). - CVE-2026-22021: JSSE: unauthenticated attacker with network access via HTTPS can cause a partial denial of service (bsc#1262497). - CVE-2026-23865: freetype2: integer overflow in the `tt_var_load_item_variation_store` function allows for an out-of-bounds read when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts(bsc#1259118). - CVE-2026-34268: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of data (bsc#1262500). - CVE-2026-34282: Networking: unauthenticated attacker with network access via multiple protocols can cause a hang or frequently repeatable crash (bsc#1262501). Other updates and bugfixes: - Provide the timezone-java and tzdata-java (jsc#PED-15898). - Migrate to the new logic of FIPS patch developed by RedHat in https://github.com/rh-openjdk/jdk/tree/fips-25u. - Add the sources of /nss-native-fips-key-import-export-adapter. * This native library is an adapter for OpenJDK to use the NSS PKCS #11 software token (libsoftokn3.so) in FIPS mode. - Allow overriding of gcc name. - Don't make missing system crypto-policies fatal. - Add create-crypto-properties-files.bash that generates during the build the config files for different fips and non-fips scenarios. - Add TestSecurityProperties.java to test the loading of system security properties where applicable. java-25-openjdk-25.0.3.0-160000.1.1.aarch64.rpm java-25-openjdk-demo-25.0.3.0-160000.1.1.aarch64.rpm java-25-openjdk-devel-25.0.3.0-160000.1.1.aarch64.rpm java-25-openjdk-headless-25.0.3.0-160000.1.1.aarch64.rpm java-25-openjdk-javadoc-25.0.3.0-160000.1.1.noarch.rpm java-25-openjdk-jmods-25.0.3.0-160000.1.1.aarch64.rpm java-25-openjdk-src-25.0.3.0-160000.1.1.aarch64.rpm java-25-openjdk-25.0.3.0-160000.1.1.ppc64le.rpm java-25-openjdk-demo-25.0.3.0-160000.1.1.ppc64le.rpm java-25-openjdk-devel-25.0.3.0-160000.1.1.ppc64le.rpm java-25-openjdk-headless-25.0.3.0-160000.1.1.ppc64le.rpm java-25-openjdk-jmods-25.0.3.0-160000.1.1.ppc64le.rpm java-25-openjdk-src-25.0.3.0-160000.1.1.ppc64le.rpm java-25-openjdk-25.0.3.0-160000.1.1.s390x.rpm java-25-openjdk-demo-25.0.3.0-160000.1.1.s390x.rpm java-25-openjdk-devel-25.0.3.0-160000.1.1.s390x.rpm java-25-openjdk-headless-25.0.3.0-160000.1.1.s390x.rpm java-25-openjdk-jmods-25.0.3.0-160000.1.1.s390x.rpm java-25-openjdk-src-25.0.3.0-160000.1.1.s390x.rpm java-25-openjdk-25.0.3.0-160000.1.1.x86_64.rpm java-25-openjdk-demo-25.0.3.0-160000.1.1.x86_64.rpm java-25-openjdk-devel-25.0.3.0-160000.1.1.x86_64.rpm java-25-openjdk-headless-25.0.3.0-160000.1.1.x86_64.rpm java-25-openjdk-jmods-25.0.3.0-160000.1.1.x86_64.rpm java-25-openjdk-src-25.0.3.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-676 Security update for mozjs128 important SUSE SLFO 1.2 This update for mozjs128 fixes the following issues: - CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259728). - CVE-2026-32777: libexpat: denial of service due to infinite loop in DTD content parsing (bsc#1259713). - CVE-2026-32778: libexpat: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259731). libmozjs-128-0-128.14.0-160000.2.1.aarch64.rpm mozjs128-128.14.0-160000.2.1.aarch64.rpm mozjs128-devel-128.14.0-160000.2.1.aarch64.rpm libmozjs-128-0-128.14.0-160000.2.1.ppc64le.rpm mozjs128-128.14.0-160000.2.1.ppc64le.rpm mozjs128-devel-128.14.0-160000.2.1.ppc64le.rpm libmozjs-128-0-128.14.0-160000.2.1.s390x.rpm mozjs128-128.14.0-160000.2.1.s390x.rpm mozjs128-devel-128.14.0-160000.2.1.s390x.rpm libmozjs-128-0-128.14.0-160000.2.1.x86_64.rpm mozjs128-128.14.0-160000.2.1.x86_64.rpm mozjs128-devel-128.14.0-160000.2.1.x86_64.rpm openSUSE-Leap-16.0-677 Recommended update for mariadb moderate SUSE SLFO 1.2 This update for mariadb fixes the following issues: Changes in mariadb: * Fixes crash in information_schema.table_constraints when --skip-grant-tables (bsc#1263153) Updating mariadb might impact the database service. Do you want to proceed with the update? libmariadbd-devel-11.8.6-160000.2.1.aarch64.rpm libmariadbd19-11.8.6-160000.2.1.aarch64.rpm mariadb-11.8.6-160000.2.1.aarch64.rpm mariadb-bench-11.8.6-160000.2.1.aarch64.rpm mariadb-client-11.8.6-160000.2.1.aarch64.rpm mariadb-errormessages-11.8.6-160000.2.1.noarch.rpm mariadb-galera-11.8.6-160000.2.1.aarch64.rpm mariadb-rpm-macros-11.8.6-160000.2.1.aarch64.rpm mariadb-test-11.8.6-160000.2.1.aarch64.rpm mariadb-tools-11.8.6-160000.2.1.aarch64.rpm libmariadbd-devel-11.8.6-160000.2.1.ppc64le.rpm libmariadbd19-11.8.6-160000.2.1.ppc64le.rpm mariadb-11.8.6-160000.2.1.ppc64le.rpm mariadb-bench-11.8.6-160000.2.1.ppc64le.rpm mariadb-client-11.8.6-160000.2.1.ppc64le.rpm mariadb-galera-11.8.6-160000.2.1.ppc64le.rpm mariadb-rpm-macros-11.8.6-160000.2.1.ppc64le.rpm mariadb-test-11.8.6-160000.2.1.ppc64le.rpm mariadb-tools-11.8.6-160000.2.1.ppc64le.rpm libmariadbd-devel-11.8.6-160000.2.1.s390x.rpm libmariadbd19-11.8.6-160000.2.1.s390x.rpm mariadb-11.8.6-160000.2.1.s390x.rpm mariadb-bench-11.8.6-160000.2.1.s390x.rpm mariadb-client-11.8.6-160000.2.1.s390x.rpm mariadb-galera-11.8.6-160000.2.1.s390x.rpm mariadb-rpm-macros-11.8.6-160000.2.1.s390x.rpm mariadb-test-11.8.6-160000.2.1.s390x.rpm mariadb-tools-11.8.6-160000.2.1.s390x.rpm libmariadbd-devel-11.8.6-160000.2.1.x86_64.rpm libmariadbd19-11.8.6-160000.2.1.x86_64.rpm mariadb-11.8.6-160000.2.1.x86_64.rpm mariadb-bench-11.8.6-160000.2.1.x86_64.rpm mariadb-client-11.8.6-160000.2.1.x86_64.rpm mariadb-galera-11.8.6-160000.2.1.x86_64.rpm mariadb-rpm-macros-11.8.6-160000.2.1.x86_64.rpm mariadb-test-11.8.6-160000.2.1.x86_64.rpm mariadb-tools-11.8.6-160000.2.1.x86_64.rpm openSUSE-Leap-16.0-678 Security update for build, product-composer moderate SUSE SLFO 1.2 This update for build, product-composer fixes the following issues: Changes in build: - Support a new "IgnoreRebuild" config. - build-recipe-kiwi: * Add support for oci containers * Avoid needlessly compressing container images * Detect container images based on build result file name - Fix queryrecipe to use the summary and the description from the main package - config: Add slfo-main build configuration - drop the inner quotes, not needed on bash 4 and breaks on bash 3 - build: in the ccache case, after test -e also accept -L - container: * Add microdnf package manager support * Add experimental support for the container-timestamp build option - sbom: * allow to create v1 intoto data * spdx: connect OPERATING-SYSTEM package to the root package * Transfer product vcs and disturl - Support --cms-nocerts and --cms-keyid in the signdummy - Support chroot builds inside of containers - runservice tool, allow to specify the modes. Can be used on plain git source now also - Support --mtime option for cpio creation - generate_sbom: * Support also unzck compressed repomd files * Fail when given --product directory is missing * support zstd compressed repomd data - build-vm-lxc: support lxc >= 5 - vc: Hide an annoying error message when not using NIS - added leap-16.0 and leap-16.1 build configs. (not named sl16.0 anymore, but using same string as the git branch) - Implement cmssign support in signdummy - pbuild: mark git assets with a fixed commit as immutable - mkosi * check if old parameters are supported before passing them * support old bash version - Do not crash on small files that start with the PE magic - Harden export_debian_orig_from_git (CVE-2024-22038, boo#1230469) Changes in product-composer: update to version 0.9.6: * Speed-up reading of rpm headers * Flush output lines to get get correct timestamps in OBS update to version 0.9.5: * Be a bit more verbose to track used times per step in OBS * Fix a crash when doing version compare with an epoch update to version 0.9.4: * Give an error when trying to add updateinfo meta data without all binary revisions. * Hand over vcs and disturl data to generate_sbom. (We require a recent build package therefore) build-20260415-160000.1.1.noarch.rpm build-initvm-aarch64-20260415-160000.1.1.noarch.rpm build-mkbaselibs-20260415-160000.1.1.noarch.rpm build-mkdrpms-20260415-160000.1.1.noarch.rpm product-composer-0.9.6-160000.1.1.noarch.rpm build-initvm-powerpc64le-20260415-160000.1.1.noarch.rpm build-initvm-s390x-20260415-160000.1.1.noarch.rpm build-initvm-x86_64-20260415-160000.1.1.noarch.rpm openSUSE-Leap-16.0-679 Recommended update for ipmitool important SUSE SLFO 1.2 This update for ipmitool fixes the following issue: Change in ipmitool: - Fix for improper PID file creation (bsc#1259310). ipmitool-1.8.19.13.gbe11d94-160000.3.1.aarch64.rpm ipmitool-bmc-snmp-proxy-1.8.19.13.gbe11d94-160000.3.1.noarch.rpm ipmitool-1.8.19.13.gbe11d94-160000.3.1.ppc64le.rpm ipmitool-1.8.19.13.gbe11d94-160000.3.1.s390x.rpm ipmitool-1.8.19.13.gbe11d94-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-68 Recommended update for numatop important SUSE SLFO 1.2 This update for numatop fixes the following issues: - Fix segmentation fault in the latency view (bsc#1248317) - Fix inability to start on processors with more than 256 CPUs per NUMA node (bsc#1247358) - Switch to ncursesw6 numatop-2.5.1-160000.1.1.ppc64le.rpm numatop-2.5.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-680 Security update for strongswan important SUSE SLFO 1.2 This update for strongswan fixes the following issues: Update to version 6.0.6 (jsc#PED-16145). Security issued fixed: - CVE-2026-35328: infinite loop when handling supported versions TLS extension (bsc#1261712). - CVE-2026-35329: NULL pointer dereference when processing padding in PKCS#7 (bsc#1261717). - CVE-2026-35330: integer underflow when handling EAP-SIM/AKA attributes (bsc#1261705). - CVE-2026-35331: acceptance of certificates violating X.509 name constraints (bsc#1261718). - CVE-2026-35332: NULL pointer dereference when handling ECDH public value in TLS (bsc#1261708). - CVE-2026-35333: integer underflow when handling RADIUS attributes (bsc#1261706). - CVE-2026-35334: possible NULL pointer dereference in RSA decryption (bsc#1261720). Other updates and bugfixes: - Version 6.0.6. * Enhancements and Optimizations * Added the unique ID to the log messages when creating an IKE SA as responder and when deleting such a half-open SA * The credential factory now enforces an upper limit of 10 when creating nested credentials. * Added Georgian translation to the NM plugin. * Fixes * IKEv2 fragments with a total fragment count lower than before are now dropped as mandated by the RFC . * Fixed a potential out-of-bounds read when parsing EAP-SIM/AKA attributes with actual length field. * Fixed a potential out-of-bounds read when enumerating hashes in OCSP CERTREQ payloads . * Fixed a potential crash in the vici plugin when parsing messages that encode the length of a VICI_LIST_ITEM incorrectly. * Avoid allocating a large buffer for TLS cipher suites on the stack using alloca(). * Ensure TLS 1.3 CertificateRequest structures are valid on the client. * Prevent an infinite loop if the EAP-SIM version list on the client contains more than one entry . * Fixed a crash in the tnccs_11 plugin if TNCCS-ReasonStrings is empty or only contains empty nodes . * Fixed verification of RSA signatures with SHA3-224 via botan plugin. * Close the internal IPv6 socket when a tun_device_t is destroyed . * Update the address family in the SA selector when the addresses of a tunnel mode IPsec SA change in the kernel-netlink plugin. - Version 6.0.5: * Fixed a vulnerability in the eap-ttls plugin related to processing EAP-TTLS AVPs that can lead to resource exhaustion or a crash. * The new `icmp` option enables the forwarding of certain ICMP error messages (e.g. Fragmentation Needed), even if their source address doesn't match the negotiated traffic selectors, when running on Linux kernels that support this (v6.9+). * charon-cmd now supports childless IKE SA initiation with the `--childless` option. * The dhcp plugin now keeps track of address leases across make-before-break reauthentications to avoid releasing the address when the old SA is terminated * Added support for `organizationIdentifier` RDNs, which are used in e.g. eIDAS certificates, when parsing ASN.1 DN identities from strings. strongswan-6.0.6-160000.1.1.aarch64.rpm strongswan-doc-6.0.6-160000.1.1.noarch.rpm strongswan-fips-6.0.6-160000.1.1.aarch64.rpm strongswan-ipsec-6.0.6-160000.1.1.aarch64.rpm strongswan-mysql-6.0.6-160000.1.1.aarch64.rpm strongswan-nm-6.0.6-160000.1.1.aarch64.rpm strongswan-sqlite-6.0.6-160000.1.1.aarch64.rpm strongswan-6.0.6-160000.1.1.ppc64le.rpm strongswan-fips-6.0.6-160000.1.1.ppc64le.rpm strongswan-ipsec-6.0.6-160000.1.1.ppc64le.rpm strongswan-mysql-6.0.6-160000.1.1.ppc64le.rpm strongswan-nm-6.0.6-160000.1.1.ppc64le.rpm strongswan-sqlite-6.0.6-160000.1.1.ppc64le.rpm strongswan-6.0.6-160000.1.1.s390x.rpm strongswan-fips-6.0.6-160000.1.1.s390x.rpm strongswan-ipsec-6.0.6-160000.1.1.s390x.rpm strongswan-mysql-6.0.6-160000.1.1.s390x.rpm strongswan-nm-6.0.6-160000.1.1.s390x.rpm strongswan-sqlite-6.0.6-160000.1.1.s390x.rpm strongswan-6.0.6-160000.1.1.x86_64.rpm strongswan-fips-6.0.6-160000.1.1.x86_64.rpm strongswan-ipsec-6.0.6-160000.1.1.x86_64.rpm strongswan-mysql-6.0.6-160000.1.1.x86_64.rpm strongswan-nm-6.0.6-160000.1.1.x86_64.rpm strongswan-sqlite-6.0.6-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-682 Recommended update for suse-kabi-tools moderate SUSE SLFO 1.2 This update for suse-kabi-tools fixes the following issues: Changes in suse-kabi-tools: Update to version 1.1.0+git0.3857c3a: * Add support for parsing quoted type names * Report changes from a forward declaration to a definition in a succinct manner * Fix the path reported in symtypes parsing errors * Reject any extra data at the end of an override record * Fix formatting of typedef enum declarations * Fix the paths displayed when reporting duplicated exports * Reject duplicate paths when reading symtypes data * Ensure that loading symtypes data has commit or rollback semantics Update to version 1.0.0+git0.4b3a0d0: * Make parsing errors more informative * Add the --filter-symbol-list option for 'ksymvers compare' * Restrict 'ksymtypes split' to loading only consolidated symtypes files * Restrict 'ksymtypes consolidate' to loading only split symtypes files * Be less aggressive about wrapping '(', ')' and ',' * Enable setting output format of the ksymtypes comparison * Add --format=mod-symbols for 'ksymvers compare' and 'ksymtypes compare' * Add --format=short for 'ksymvers compare' and 'ksymtypes compare' * Adopt a three-value exit status similar to that of diff/grep * Exit 'ksymtypes compare' with code indicating input equality * Require Rust version 1.88 or higher Update to version 0.5.0+git6.7ef8a5e: * Correct the --version output suse-kabi-tools-1.1.0+git0.3857c3a-160000.1.1.aarch64.rpm suse-kabi-tools-1.1.0+git0.3857c3a-160000.1.1.ppc64le.rpm suse-kabi-tools-1.1.0+git0.3857c3a-160000.1.1.s390x.rpm suse-kabi-tools-1.1.0+git0.3857c3a-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-683 Security update for java-17-openjdk important SUSE SLFO 1.2 This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.19+10 (April 2026 CPU). Security issues fixed: - CVE-2026-22007: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of accessible data (bsc#1262490). - CVE-2026-22013: JGSS: unauthenticated attacker with network access via multiple protocols can gain unauthorized access to critical data (bsc#1262494). - CVE-2026-22016: JAXP: unauthenticated attacker with network access via multiple protocols can gain unauthorized to access critical data (bsc#1262495). - CVE-2026-22018: Libraries: unauthenticated attacker with network access via multiple protocols can cause a partial denial of service (bsc#1262496). - CVE-2026-22021: JSSE: unauthenticated attacker with network access via HTTPS can cause a partial denial of service (bsc#1262497). - CVE-2026-23865: freetype2: integer overflow in the `tt_var_load_item_variation_store` function allows for an out-of-bounds read when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts(bsc#1259118). - CVE-2026-34268: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of data (bsc#1262500). - CVE-2026-34282: Networking: unauthenticated attacker with network access via multiple protocols can cause a hang or frequently repeatable crash (bsc#1262501). Other updates and bugfixes: - Provide the timezone-java and tzdata-java (jsc#PED-15898). java-17-openjdk-17.0.19.0-160000.1.1.aarch64.rpm java-17-openjdk-demo-17.0.19.0-160000.1.1.aarch64.rpm java-17-openjdk-devel-17.0.19.0-160000.1.1.aarch64.rpm java-17-openjdk-headless-17.0.19.0-160000.1.1.aarch64.rpm java-17-openjdk-javadoc-17.0.19.0-160000.1.1.noarch.rpm java-17-openjdk-jmods-17.0.19.0-160000.1.1.aarch64.rpm java-17-openjdk-src-17.0.19.0-160000.1.1.aarch64.rpm java-17-openjdk-17.0.19.0-160000.1.1.ppc64le.rpm java-17-openjdk-demo-17.0.19.0-160000.1.1.ppc64le.rpm java-17-openjdk-devel-17.0.19.0-160000.1.1.ppc64le.rpm java-17-openjdk-headless-17.0.19.0-160000.1.1.ppc64le.rpm java-17-openjdk-jmods-17.0.19.0-160000.1.1.ppc64le.rpm java-17-openjdk-src-17.0.19.0-160000.1.1.ppc64le.rpm java-17-openjdk-17.0.19.0-160000.1.1.s390x.rpm java-17-openjdk-demo-17.0.19.0-160000.1.1.s390x.rpm java-17-openjdk-devel-17.0.19.0-160000.1.1.s390x.rpm java-17-openjdk-headless-17.0.19.0-160000.1.1.s390x.rpm java-17-openjdk-jmods-17.0.19.0-160000.1.1.s390x.rpm java-17-openjdk-src-17.0.19.0-160000.1.1.s390x.rpm java-17-openjdk-17.0.19.0-160000.1.1.x86_64.rpm java-17-openjdk-demo-17.0.19.0-160000.1.1.x86_64.rpm java-17-openjdk-devel-17.0.19.0-160000.1.1.x86_64.rpm java-17-openjdk-headless-17.0.19.0-160000.1.1.x86_64.rpm java-17-openjdk-jmods-17.0.19.0-160000.1.1.x86_64.rpm java-17-openjdk-src-17.0.19.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-684 Security update for java-21-openjdk important SUSE SLFO 1.2 This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.11+10 (April 2026 CPU). Security issues fixed: - CVE-2026-22007: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of accessible data (bsc#1262490). - CVE-2026-22013: JGSS: unauthenticated attacker with network access via multiple protocols can gain unauthorized access to critical data (bsc#1262494). - CVE-2026-22016: JAXP: unauthenticated attacker with network access via multiple protocols can gain unauthorized to access critical data (bsc#1262495). - CVE-2026-22018: Libraries: unauthenticated attacker with network access via multiple protocols can cause a partial denial of service (bsc#1262496). - CVE-2026-22021: JSSE: unauthenticated attacker with network access via HTTPS can cause a partial denial of service (bsc#1262497). - CVE-2026-23865: freetype2: integer overflow in the `tt_var_load_item_variation_store` function allows for an out-of-bounds read when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts(bsc#1259118). - CVE-2026-34268: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of data (bsc#1262500). - CVE-2026-34282: Networking: unauthenticated attacker with network access via multiple protocols can cause a hang or frequently repeatable crash (bsc#1262501). Other updates and bugfixes: - Provide the timezone-java and tzdata-java (jsc#PED-15898). java-21-openjdk-21.0.11.0-160000.1.1.aarch64.rpm java-21-openjdk-demo-21.0.11.0-160000.1.1.aarch64.rpm java-21-openjdk-devel-21.0.11.0-160000.1.1.aarch64.rpm java-21-openjdk-headless-21.0.11.0-160000.1.1.aarch64.rpm java-21-openjdk-javadoc-21.0.11.0-160000.1.1.noarch.rpm java-21-openjdk-jmods-21.0.11.0-160000.1.1.aarch64.rpm java-21-openjdk-src-21.0.11.0-160000.1.1.aarch64.rpm java-21-openjdk-21.0.11.0-160000.1.1.ppc64le.rpm java-21-openjdk-demo-21.0.11.0-160000.1.1.ppc64le.rpm java-21-openjdk-devel-21.0.11.0-160000.1.1.ppc64le.rpm java-21-openjdk-headless-21.0.11.0-160000.1.1.ppc64le.rpm java-21-openjdk-jmods-21.0.11.0-160000.1.1.ppc64le.rpm java-21-openjdk-src-21.0.11.0-160000.1.1.ppc64le.rpm java-21-openjdk-21.0.11.0-160000.1.1.s390x.rpm java-21-openjdk-demo-21.0.11.0-160000.1.1.s390x.rpm java-21-openjdk-devel-21.0.11.0-160000.1.1.s390x.rpm java-21-openjdk-headless-21.0.11.0-160000.1.1.s390x.rpm java-21-openjdk-jmods-21.0.11.0-160000.1.1.s390x.rpm java-21-openjdk-src-21.0.11.0-160000.1.1.s390x.rpm java-21-openjdk-21.0.11.0-160000.1.1.x86_64.rpm java-21-openjdk-demo-21.0.11.0-160000.1.1.x86_64.rpm java-21-openjdk-devel-21.0.11.0-160000.1.1.x86_64.rpm java-21-openjdk-headless-21.0.11.0-160000.1.1.x86_64.rpm java-21-openjdk-jmods-21.0.11.0-160000.1.1.x86_64.rpm java-21-openjdk-src-21.0.11.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-685 Security update for frr moderate SUSE SLFO 1.2 This update for frr fixes the following issues: Security issues: - CVE-2025-61099: NULL Pointer Dereference in FRRouting (bsc#1252838). - CVE-2025-61100: NULL Pointer Dereference in FRRouting (bsc#1252829). - CVE-2025-61101: NULL Pointer Dereference in FRRouting (bsc#1252833). - CVE-2025-61102: NULL Pointer Dereference in FRRouting (bsc#1252835). - CVE-2025-61103: NULL pointer dereference in show_vty_ext_link_lan_adj_sid() in ospf_ext.c (bsc#1252810). - CVE-2025-61104: NULL pointer dereference in show_vty_unknown_tlv() in ospf_ext.c (bsc#1252811). - CVE-2025-61105: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c (bsc#1252761). - CVE-2025-61106: NULL pointer dereference in show_vty_ext_pref_pref_sid() in ospf_ext.c (bsc#1252812). - CVE-2025-61107: NULL pointer dereference in show_vty_ext_pref_pref_sid() in ospf_ext.c (bsc#1252813). - CVE-2026-5107: A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper a (bsc#1261013). frr-10.2.1-160000.3.1.aarch64.rpm frr-devel-10.2.1-160000.3.1.aarch64.rpm libfrr0-10.2.1-160000.3.1.aarch64.rpm libfrr_pb0-10.2.1-160000.3.1.aarch64.rpm libfrrcares0-10.2.1-160000.3.1.aarch64.rpm libfrrfpm_pb0-10.2.1-160000.3.1.aarch64.rpm libfrrospfapiclient0-10.2.1-160000.3.1.aarch64.rpm libfrrsnmp0-10.2.1-160000.3.1.aarch64.rpm libfrrzmq0-10.2.1-160000.3.1.aarch64.rpm libmgmt_be_nb0-10.2.1-160000.3.1.aarch64.rpm frr-10.2.1-160000.3.1.ppc64le.rpm frr-devel-10.2.1-160000.3.1.ppc64le.rpm libfrr0-10.2.1-160000.3.1.ppc64le.rpm libfrr_pb0-10.2.1-160000.3.1.ppc64le.rpm libfrrcares0-10.2.1-160000.3.1.ppc64le.rpm libfrrfpm_pb0-10.2.1-160000.3.1.ppc64le.rpm libfrrospfapiclient0-10.2.1-160000.3.1.ppc64le.rpm libfrrsnmp0-10.2.1-160000.3.1.ppc64le.rpm libfrrzmq0-10.2.1-160000.3.1.ppc64le.rpm libmgmt_be_nb0-10.2.1-160000.3.1.ppc64le.rpm frr-10.2.1-160000.3.1.s390x.rpm frr-devel-10.2.1-160000.3.1.s390x.rpm libfrr0-10.2.1-160000.3.1.s390x.rpm libfrr_pb0-10.2.1-160000.3.1.s390x.rpm libfrrcares0-10.2.1-160000.3.1.s390x.rpm libfrrfpm_pb0-10.2.1-160000.3.1.s390x.rpm libfrrospfapiclient0-10.2.1-160000.3.1.s390x.rpm libfrrsnmp0-10.2.1-160000.3.1.s390x.rpm libfrrzmq0-10.2.1-160000.3.1.s390x.rpm libmgmt_be_nb0-10.2.1-160000.3.1.s390x.rpm frr-10.2.1-160000.3.1.x86_64.rpm frr-devel-10.2.1-160000.3.1.x86_64.rpm libfrr0-10.2.1-160000.3.1.x86_64.rpm libfrr_pb0-10.2.1-160000.3.1.x86_64.rpm libfrrcares0-10.2.1-160000.3.1.x86_64.rpm libfrrfpm_pb0-10.2.1-160000.3.1.x86_64.rpm libfrrospfapiclient0-10.2.1-160000.3.1.x86_64.rpm libfrrsnmp0-10.2.1-160000.3.1.x86_64.rpm libfrrzmq0-10.2.1-160000.3.1.x86_64.rpm libmgmt_be_nb0-10.2.1-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-686 Security update for opencc moderate SUSE SLFO 1.2 This update for opencc fixes the following issues: Update to version 1.2.0. Security issues fixed: - CVE-2025-15536: specifically crafted string can lead to out-of-bounds read (bsc#1256930). Other updates and bugfixes: - Version 1.2.0: * Fix the crash issue when reading configuration files. * Add type definitions (Typing). * Fix two out-of-bounds reading issues when handling truncated UTF-8 input. libopencc1_2-1.2.0-160000.1.1.aarch64.rpm opencc-1.2.0-160000.1.1.aarch64.rpm opencc-data-1.2.0-160000.1.1.aarch64.rpm opencc-devel-1.2.0-160000.1.1.aarch64.rpm libopencc1_2-1.2.0-160000.1.1.ppc64le.rpm opencc-1.2.0-160000.1.1.ppc64le.rpm opencc-data-1.2.0-160000.1.1.ppc64le.rpm opencc-devel-1.2.0-160000.1.1.ppc64le.rpm libopencc1_2-1.2.0-160000.1.1.s390x.rpm opencc-1.2.0-160000.1.1.s390x.rpm opencc-data-1.2.0-160000.1.1.s390x.rpm opencc-devel-1.2.0-160000.1.1.s390x.rpm libopencc1_2-1.2.0-160000.1.1.x86_64.rpm opencc-1.2.0-160000.1.1.x86_64.rpm opencc-data-1.2.0-160000.1.1.x86_64.rpm opencc-devel-1.2.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-69 Recommended update for SAPHanaSR-angi important SUSE SLFO 1.2 This update for SAPHanaSR-angi fixes the following issues: - Version update: 1.2.12. - saphana_monitor send OCF_NOT_RUNNING for PROBES, when workload is down AND clone-flag is "DEMOTED". This allows crm_mon to show proper status (bsc#1245661). - SAPHanaSR-showAttr is now supporting hostnames containing dashes (bsc#1236893). - Enhance fencing behavior in case of FAST-STOP. Trigger fencing when running into timeouts or getting lss==0; in case of Scale-Out score the nameserver slave higher than a possible secondary takeover candidate to delay it until the current primary is completely down (bsc#1250160). - Basic tool improving for a better support of life and post mortem analysis. - Updated man pages SAPHanaSR-angi-1.2.12-160000.1.1.noarch.rpm openSUSE-Leap-16.0-7 Recommended update for busybox moderate SUSE SLFO 1.2 This update for busybox fixes the following issues: - Fix adduser inside containers on an SELinux host (boo#1247779): - Don't throw debug info away during build, let RPM separate it afterwards - fix mkdir path to point to /usr/bin instead of /bin busybox-1.37.0-160000.3.1.aarch64.rpm busybox-static-1.37.0-160000.3.1.aarch64.rpm busybox-warewulf3-1.37.0-160000.3.1.aarch64.rpm busybox-1.37.0-160000.3.1.ppc64le.rpm busybox-static-1.37.0-160000.3.1.ppc64le.rpm busybox-1.37.0-160000.3.1.s390x.rpm busybox-static-1.37.0-160000.3.1.s390x.rpm busybox-1.37.0-160000.3.1.x86_64.rpm busybox-static-1.37.0-160000.3.1.x86_64.rpm busybox-warewulf3-1.37.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-70 Recommended update for aws-cli-cmd moderate SUSE SLFO 1.2 This update for aws-cli-cmd fixes the following issues: Changes in aws-cli-cmd: - Update postun scriplet (bsc#1253743) - Do not run the postun scriptlet on upgrade as it will remove the just created command. aws-cli-cmd-1.36.2-160000.1.1.noarch.rpm openSUSE-Leap-16.0-701 Recommended update for apparmor moderate SUSE SLFO 1.2 This update for apparmor fixes the following issues: Changes in apparmor: - Use systemd-tmpfiles for path creation (jsc#PED-14916, jsc#PED-14917) - Update to AppArmor 4.1.7 - profile updates - minor fixes in parser and program utilities - update %files for new python LibAppArmor location - Fix file list to match all possible LibAppArmor module names - Updating kerberosclient utility - Removed dovecot upstreamed patches apache2-mod_apparmor-4.1.7-160000.1.1.aarch64.rpm apparmor-abstractions-4.1.7-160000.1.1.noarch.rpm apparmor-docs-4.1.7-160000.1.1.noarch.rpm apparmor-parser-4.1.7-160000.1.1.aarch64.rpm apparmor-parser-lang-4.1.7-160000.1.1.noarch.rpm apparmor-profiles-4.1.7-160000.1.1.noarch.rpm apparmor-utils-4.1.7-160000.1.1.noarch.rpm apparmor-utils-lang-4.1.7-160000.1.1.noarch.rpm pam_apparmor-4.1.7-160000.1.1.aarch64.rpm perl-apparmor-4.1.7-160000.1.1.aarch64.rpm python3-apparmor-4.1.7-160000.1.1.aarch64.rpm ruby-apparmor-4.1.7-160000.1.1.aarch64.rpm libapparmor-devel-4.1.7-160000.1.1.aarch64.rpm libapparmor1-4.1.7-160000.1.1.aarch64.rpm apache2-mod_apparmor-4.1.7-160000.1.1.ppc64le.rpm apparmor-parser-4.1.7-160000.1.1.ppc64le.rpm pam_apparmor-4.1.7-160000.1.1.ppc64le.rpm perl-apparmor-4.1.7-160000.1.1.ppc64le.rpm python3-apparmor-4.1.7-160000.1.1.ppc64le.rpm ruby-apparmor-4.1.7-160000.1.1.ppc64le.rpm libapparmor-devel-4.1.7-160000.1.1.ppc64le.rpm libapparmor1-4.1.7-160000.1.1.ppc64le.rpm apache2-mod_apparmor-4.1.7-160000.1.1.s390x.rpm apparmor-parser-4.1.7-160000.1.1.s390x.rpm pam_apparmor-4.1.7-160000.1.1.s390x.rpm perl-apparmor-4.1.7-160000.1.1.s390x.rpm python3-apparmor-4.1.7-160000.1.1.s390x.rpm ruby-apparmor-4.1.7-160000.1.1.s390x.rpm libapparmor-devel-4.1.7-160000.1.1.s390x.rpm libapparmor1-4.1.7-160000.1.1.s390x.rpm apache2-mod_apparmor-4.1.7-160000.1.1.x86_64.rpm apparmor-parser-4.1.7-160000.1.1.x86_64.rpm pam_apparmor-4.1.7-160000.1.1.x86_64.rpm perl-apparmor-4.1.7-160000.1.1.x86_64.rpm python3-apparmor-4.1.7-160000.1.1.x86_64.rpm ruby-apparmor-4.1.7-160000.1.1.x86_64.rpm libapparmor-devel-4.1.7-160000.1.1.x86_64.rpm libapparmor1-4.1.7-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-702 Security update for wireshark important SUSE SLFO 1.2 This update for wireshark fixes the following issues - CVE-2026-3201: missing limit checks in USB HID protocol dissector's `parse_report_descriptor` function can lead to memory exhaustion (bsc#1258907). - CVE-2026-3203: missing length checks in the RF4CE Profile protocol dissector can lead to illegal memory access and crash (bsc#1258909). - CVE-2026-5299: ICMPv6 dissector crash (bsc#1263757). - CVE-2026-5401: AFP dissector crash (bsc#1263756). - CVE-2026-5403: SBC audio codec crash (bsc#1263765). - CVE-2026-5404: K12 RF5 file parser crash (bsc#1263766). - CVE-2026-5405: RDP dissector crash (bsc#1263767). - CVE-2026-5406: FC-SWILS dissector crash (bsc#1263754). - CVE-2026-5407: SMB2 dissector infinite loop (bsc#1263753). - CVE-2026-5408: BT-DHT dissector crash (bsc#1263752). - CVE-2026-5409: Monero dissector crash (bsc#1263751). - CVE-2026-5653: DCP-ETSI dissector crash (bsc#1263750). - CVE-2026-5654: AMR-NB audio codec crash (bsc#1263749). - CVE-2026-5656: Profile import crash and possible code execution (bsc#1263809). - CVE-2026-5657: iLBC audio codec crash (bsc#1263747). - CVE-2026-6519: MBIM protocol dissector infinite loop (bsc#1263746). - CVE-2026-6520: OpenFlow v6 protocol dissector infinite loop (bsc#1263745). - CVE-2026-6521: OpenFlow v5 protocol dissector infinite loops (bsc#1263744). - CVE-2026-6522: RPKI-Router protocol dissector infinite loop (bsc#1263743). - CVE-2026-6523: GNW protocol dissector infinite loop (bsc#1263742). - CVE-2026-6524: MySQL protocol dissector crash (bsc#1263741). - CVE-2026-6527: ASN.1 PER dissector crash (bsc#1263739). - CVE-2026-6529: iLBC audio codec crash (bsc#1263737). - CVE-2026-6530: DCP-ETSI protocol dissector crash (bsc#1263736). - CVE-2026-6531: SANE protocol dissector infinite loop (bsc#1263735). - CVE-2026-6532: Kismet protocol dissector crash (bsc#1263734). - CVE-2026-6533: Dissection engine LZ77 decompression crash (bsc#1263733). - CVE-2026-6534: USB HID dissector infinite loop (bsc#1263732). - CVE-2026-6535: Dissection engine zlib decompression crash (bsc#1263731). - CVE-2026-6537: ZigBee dissector crash (bsc#1263729). - CVE-2026-6538: BEEP dissector crash (bsc#1263728). - CVE-2026-6868: HTTP protocol dissector crash (bsc#1263762). - CVE-2026-6869: WebSocket protocol dissector crash (bsc#1263726). Changes for wireshark: - Updated to 4.4.15 libwireshark18-4.4.15-160000.1.1.aarch64.rpm libwiretap15-4.4.15-160000.1.1.aarch64.rpm libwsutil16-4.4.15-160000.1.1.aarch64.rpm wireshark-4.4.15-160000.1.1.aarch64.rpm wireshark-devel-4.4.15-160000.1.1.aarch64.rpm wireshark-ui-qt-4.4.15-160000.1.1.aarch64.rpm libwireshark18-4.4.15-160000.1.1.ppc64le.rpm libwiretap15-4.4.15-160000.1.1.ppc64le.rpm libwsutil16-4.4.15-160000.1.1.ppc64le.rpm wireshark-4.4.15-160000.1.1.ppc64le.rpm wireshark-devel-4.4.15-160000.1.1.ppc64le.rpm wireshark-ui-qt-4.4.15-160000.1.1.ppc64le.rpm libwireshark18-4.4.15-160000.1.1.s390x.rpm libwiretap15-4.4.15-160000.1.1.s390x.rpm libwsutil16-4.4.15-160000.1.1.s390x.rpm wireshark-4.4.15-160000.1.1.s390x.rpm wireshark-devel-4.4.15-160000.1.1.s390x.rpm wireshark-ui-qt-4.4.15-160000.1.1.s390x.rpm libwireshark18-4.4.15-160000.1.1.x86_64.rpm libwiretap15-4.4.15-160000.1.1.x86_64.rpm libwsutil16-4.4.15-160000.1.1.x86_64.rpm wireshark-4.4.15-160000.1.1.x86_64.rpm wireshark-devel-4.4.15-160000.1.1.x86_64.rpm wireshark-ui-qt-4.4.15-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-703 Security update for distribution important SUSE SLFO 1.2 This update for distribution fixes the following issues Security issues: - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header (bsc#1260283). - CVE-2026-33540: information disclosure via improper validation of authentication realm URL (bsc#1261793). - CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key can lead to a denial of service (bsc#1262951). - CVE-2026-35172: information disclosure via stale references after content deletion (bsc#1262096). Non security issues: - add distribution-registry.tmpfiles (jsc#PED-14747). - distribution builds against go1.24 EOL (bsc#1259718). Changes for distribution: - update to 3.1.0 * Adds support for tag pagination * Fixes default credentials in Azure storage provider * Drops support for go1.23 and go1.24 and updates to go1.25 * See the full changelog below for the full list of changes. * docs: Update to refer to new image tag v3 * Fix default_credentials in azure storage provider * chore: make function comment match function name * build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 in the go_modules group across 1 directory * fix: implement JWK thumbprint for Ed25519 public keys * fix: Annotate code block from validation.indexes configuration docs * feat: extract redis config to separate struct * Fix: resolve issue #4478 by using a temporary file for non- append writes * build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 * docs: Add note about `OTEL_TRACES_EXPORTER` * fix: set OTEL traces to disabled by default * Fix markdown syntax for OTEL traces link in docs * Switch UUIDs to UUIDv7 * refactor: replace map iteration with maps.Copy/Clone * s3-aws: fix build for 386 * docs: Add OpenTelemetry links to quickstart docs * Fix S3 driver loglevel param * Fixed data race in TestSchedule test * Fixes #4683 - uses X/Y instead of Gx/Gy for thumbprint of ecdsa keys * build(deps): bump actions/checkout from 4 to 5 * Fix broken link to Docker Hub fair use policy * fix(registry/handlers/app): redis CAs * build(deps): bump actions/labeler from 5 to 6 * build(deps): bump actions/setup-go from 5 to 6 * build(deps): bump actions/upload-pages-artifact from 3 to 4 * build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 * build(deps): bump github/codeql-action from 3.26.5 to 4.30.7 * build(deps): bump github/codeql-action from 4.30.7 to 4.30.8 * chore: labeler: add area/client mapping for internal/client/** * client: add Accept headers to Exists() HEAD * feat(registry): Make graceful shutdown test robust * fix(registry): Correct log formatting for upstream challenge * build(deps): bump github/codeql-action from 4.30.8 to 4.30.9 * build(deps): bump github/codeql-action from 4.30.9 to 4.31.3 * refactor: remove redundant variable declarations in for loops * "should" -> "must" regarding redis eviction policy * build(deps): bump actions/checkout from 5 to 6 * Incorrect warning hint * Add return error when list object * build(deps): bump actions/checkout from 5.0.1 to 6.0.0 * build(deps): bump peter-evans/dockerhub-description from 4 to 5 * fix: Logging regression for manifest HEAD requests * Add boolean parsing util * Expose `useFIPSEndpoint` for S3 * Add Cloudfleet Container Registry to adopters * fix(ci): Fix broken Azure e2e storage tests * BUG: Fix notification filtering to work with actions when mediatypes is empty * build(deps): bump actions/checkout from 6.0.0 to 6.0.1 * build(deps): bump actions/upload-artifact from 4.6.2 to 6.0.0 * build(deps): bump github/codeql-action from 4.31.3 to 4.31.10 * build(deps): bump github/codeql-action from 4.31.10 to 4.32.2 * build(deps): bump actions/checkout from 6.0.1 to 6.0.2 * update golangci-lint to v2.9 and fix linting issues * update to go1.25.7, alpine 3.23, xx v1.9.0 * vendor: github.com/sirupsen/logrus v1.9.4 * vendor: update golang.org/x/* dependencies * vendor: github.com/docker/docker-credential-helpers v0.9.5 * vendor: github.com/opencontainers/image-spec v1.1.1 * vendor: github.com/klauspost/compress v1.18.4 * fix: prefer otel variables over hard coded service name * vendor: github.com/spf13/cobra v1.10.2 * vendor: github.com/bshuster-repo/logrus-logstash-hook v1.1.0 * fix: sync parent dir to ensure data is reliably stored * modernize code * vendor: github.com/docker/go-events 605354379745 * vendor: github.com/go-jose/go-jose/v4 v4.1.3 * build(deps): bump github/codeql-action from 4.32.2 to 4.32.5 * build(deps): bump docker/login-action from 3 to 4 * build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 * build(deps): bump docker/setup-buildx-action from 3 to 4 * build(deps): bump docker/bake-action from 6 to 7 * build(deps): bump docker/metadata-action from 5 to 6 * fix: nil-check scheduler in `proxyingRegistry.Close()` * fix: set MD5 on GCS writer before first `Write` call in `putContent` * docs: pull through cache will pull from remote multiple times * Update s3.md regionendpoint option * chore(deps): Bump Go to latest 1.25 in CI workflows and go.mod * fix: correct Ed25519 JWK thumbprint `kty` from `"OTP"` to `"OKP"` * Update vacuum.go * Opt: refector tag list pagination support (stage 1) * Correctly match environment variables to YAML-inlined structs in configuration * Enable Redis TLS without client certificates * build(deps): bump actions/deploy-pages from 4 to 5 * build(deps): bump github/codeql-action from 4.32.5 to 4.34.1 * fix(registry/proxy): use detached context when flushing write buffer * ci: pin actions and apply zizmor auto-fixes * build(deps): bump actions/setup-go from 6.3.0 to 6.4.0 * build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in the go_modules group across 1 directory * chore(app): warn when partial TLS config is used in Redis * feat(registry): enhance authentication checks in htpasswd implementation * Opt: refactor tag list pagination support * build(deps): bump codecov/codecov-action from 5.5.4 to 6.0.0 * build(deps): bump actions/configure-pages from 5.0.0 to 6.0.0 * fix(vendor): fix broke vendor validation * chore(ci): Prep for v3.1 release - Update to version 3.1.0: * fix(vendor): fix broke vendpor validation * fix redis repo-scoped blob descriptor revocation * proxy: bind bearer realms to upstream trust boundary - restore directory ownership after last change - Move config files in systemd tmpfiles dir for immutable mode distribution-registry-3.1.0-160000.1.1.aarch64.rpm distribution-registry-3.1.0-160000.1.1.ppc64le.rpm distribution-registry-3.1.0-160000.1.1.s390x.rpm distribution-registry-3.1.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-704 Recommended update for raspberrypi-eeprom moderate SUSE SLFO 1.2 This update for raspberrypi-eeprom fixes the following issues: - Update to 2026.01.09: * arm_loader: Apply rpifwcrypto lock permissions GET/SET USER OTP * Query all sdram devices for temperature when adjusting refresh * Add support for more SDRAM die configurations. - Update to 2025.12.08: * arm_loader: Add machine ID derived from OTP values * arm_ldconfig: Avoid double os_prefix on initramfs * recovery: Use OTP rpiboot GPIO if non-zero * Manufacture test updates for SDRAM. - Update to 2025.05.08: * arm_loader: Correct some mailbox response lengths * Signed boot and HTTP boot mode * Implement TCP window for net boot * netboot: Correct the TCP MSS * rp1_net: Overwrite the length field * Correct msecs in debug timestamps * Implement GET_BOARD_MAC_ADDRESS on Pi5 * Ensure the initramfs matches the kernel * Enable logging messages from OS loader * arm_dt: Revert to using the max fan speed * os_check: cm5: Check for CM5 specific dtbs * Log the fan speed at boot * Add current_supply to HAT+ support - Completely delete strings command check. Fixes (bsc#1230279) - Update to 2024.06.05: * Refresh patch - Update to v2023.10.30: * Fix SDIO / WiFi clock-setup for BOOT_ORDER=0xf14 * Fix SD power-on-reset * Firmware support for improved watchdog driver * Update DHCP Option97 to be R,P,i,5 on Pi5 - Updates from skipped v2023.10.18: * Add support for HAT gpiomap for improved HAT compatibility. * Add I2C probe for DSI display auto detect * Automatically set dtparam=nvme if booted from nvme * Fix network boot reset issue where only the first attempt works. * Adding pciex4_reset=0 to config.txt will leave RP1 PCIe enabled when ARM stage is started. * Prevent HDMI diagnostics being displayed immediately when waking after HALT. * Update board-name - "Raspberry Pi 5" raspberrypi-eeprom-2026.01.09-160000.1.1.noarch.rpm raspberrypi-eeprom-firmware-2026.01.09-160000.1.1.noarch.rpm openSUSE-Leap-16.0-707 Security update for Mesa moderate SUSE SLFO 1.2 This update for Mesa fixes the following issue: - CVE-2026-40393: out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party (bsc#1261998). Mesa-24.3.3-160000.3.1.aarch64.rpm Mesa-KHR-devel-24.3.3-160000.3.1.aarch64.rpm Mesa-devel-24.3.3-160000.3.1.aarch64.rpm Mesa-dri-devel-24.3.3-160000.3.1.aarch64.rpm Mesa-libEGL-devel-24.3.3-160000.3.1.aarch64.rpm Mesa-libEGL1-24.3.3-160000.3.1.aarch64.rpm Mesa-libGL-devel-24.3.3-160000.3.1.aarch64.rpm Mesa-libGL1-24.3.3-160000.3.1.aarch64.rpm Mesa-libGLESv1_CM-devel-24.3.3-160000.3.1.aarch64.rpm Mesa-libGLESv2-devel-24.3.3-160000.3.1.aarch64.rpm Mesa-libGLESv3-devel-24.3.3-160000.3.1.aarch64.rpm Mesa-libglapi-devel-24.3.3-160000.3.1.aarch64.rpm Mesa-libglapi0-24.3.3-160000.3.1.aarch64.rpm libOSMesa-devel-24.3.3-160000.3.1.aarch64.rpm libOSMesa8-24.3.3-160000.3.1.aarch64.rpm libgbm-devel-24.3.3-160000.3.1.aarch64.rpm libgbm1-24.3.3-160000.3.1.aarch64.rpm Mesa-dri-24.3.3-160000.3.1.aarch64.rpm Mesa-dri-nouveau-24.3.3-160000.3.1.aarch64.rpm Mesa-dri-vc4-24.3.3-160000.3.1.aarch64.rpm Mesa-gallium-24.3.3-160000.3.1.aarch64.rpm Mesa-libOpenCL-24.3.3-160000.3.1.aarch64.rpm Mesa-libRusticlOpenCL-24.3.3-160000.3.1.aarch64.rpm Mesa-libva-24.3.3-160000.3.1.aarch64.rpm Mesa-vulkan-device-select-24.3.3-160000.3.1.aarch64.rpm Mesa-vulkan-overlay-24.3.3-160000.3.1.aarch64.rpm libvdpau_nouveau-24.3.3-160000.3.1.aarch64.rpm libvdpau_r600-24.3.3-160000.3.1.aarch64.rpm libvdpau_radeonsi-24.3.3-160000.3.1.aarch64.rpm libvdpau_virtio_gpu-24.3.3-160000.3.1.aarch64.rpm libvulkan_broadcom-24.3.3-160000.3.1.aarch64.rpm libvulkan_freedreno-24.3.3-160000.3.1.aarch64.rpm libvulkan_intel-24.3.3-160000.3.1.aarch64.rpm libvulkan_lvp-24.3.3-160000.3.1.aarch64.rpm libvulkan_radeon-24.3.3-160000.3.1.aarch64.rpm libxatracker-devel-1.0.0-160000.3.1.aarch64.rpm libxatracker2-1.0.0-160000.3.1.aarch64.rpm Mesa-24.3.3-160000.3.1.ppc64le.rpm Mesa-KHR-devel-24.3.3-160000.3.1.ppc64le.rpm Mesa-devel-24.3.3-160000.3.1.ppc64le.rpm Mesa-dri-devel-24.3.3-160000.3.1.ppc64le.rpm Mesa-libEGL-devel-24.3.3-160000.3.1.ppc64le.rpm Mesa-libEGL1-24.3.3-160000.3.1.ppc64le.rpm Mesa-libGL-devel-24.3.3-160000.3.1.ppc64le.rpm Mesa-libGL1-24.3.3-160000.3.1.ppc64le.rpm Mesa-libGLESv1_CM-devel-24.3.3-160000.3.1.ppc64le.rpm Mesa-libGLESv2-devel-24.3.3-160000.3.1.ppc64le.rpm Mesa-libGLESv3-devel-24.3.3-160000.3.1.ppc64le.rpm Mesa-libglapi-devel-24.3.3-160000.3.1.ppc64le.rpm Mesa-libglapi0-24.3.3-160000.3.1.ppc64le.rpm libOSMesa-devel-24.3.3-160000.3.1.ppc64le.rpm libOSMesa8-24.3.3-160000.3.1.ppc64le.rpm libgbm-devel-24.3.3-160000.3.1.ppc64le.rpm libgbm1-24.3.3-160000.3.1.ppc64le.rpm Mesa-dri-24.3.3-160000.3.1.ppc64le.rpm Mesa-dri-nouveau-24.3.3-160000.3.1.ppc64le.rpm Mesa-gallium-24.3.3-160000.3.1.ppc64le.rpm Mesa-libOpenCL-24.3.3-160000.3.1.ppc64le.rpm Mesa-libRusticlOpenCL-24.3.3-160000.3.1.ppc64le.rpm Mesa-libva-24.3.3-160000.3.1.ppc64le.rpm libvdpau_nouveau-24.3.3-160000.3.1.ppc64le.rpm libvdpau_r600-24.3.3-160000.3.1.ppc64le.rpm libvdpau_radeonsi-24.3.3-160000.3.1.ppc64le.rpm libvdpau_virtio_gpu-24.3.3-160000.3.1.ppc64le.rpm libxatracker-devel-1.0.0-160000.3.1.ppc64le.rpm libxatracker2-1.0.0-160000.3.1.ppc64le.rpm Mesa-24.1.7-160000.3.1.s390x.rpm Mesa-KHR-devel-24.1.7-160000.3.1.s390x.rpm Mesa-devel-24.1.7-160000.3.1.s390x.rpm Mesa-dri-devel-24.1.7-160000.3.1.s390x.rpm Mesa-libEGL-devel-24.1.7-160000.3.1.s390x.rpm Mesa-libEGL1-24.1.7-160000.3.1.s390x.rpm Mesa-libGL-devel-24.1.7-160000.3.1.s390x.rpm Mesa-libGL1-24.1.7-160000.3.1.s390x.rpm Mesa-libGLESv1_CM-devel-24.1.7-160000.3.1.s390x.rpm Mesa-libGLESv2-devel-24.1.7-160000.3.1.s390x.rpm Mesa-libGLESv3-devel-24.1.7-160000.3.1.s390x.rpm Mesa-libglapi-devel-24.1.7-160000.3.1.s390x.rpm Mesa-libglapi0-24.1.7-160000.3.1.s390x.rpm libOSMesa-devel-24.1.7-160000.3.1.s390x.rpm libOSMesa8-24.1.7-160000.3.1.s390x.rpm libgbm-devel-24.1.7-160000.3.1.s390x.rpm libgbm1-24.1.7-160000.3.1.s390x.rpm Mesa-dri-24.1.7-160000.3.1.s390x.rpm Mesa-24.3.3-160000.3.1.x86_64.rpm Mesa-KHR-devel-24.3.3-160000.3.1.x86_64.rpm Mesa-devel-24.3.3-160000.3.1.x86_64.rpm Mesa-dri-devel-24.3.3-160000.3.1.x86_64.rpm Mesa-libEGL-devel-24.3.3-160000.3.1.x86_64.rpm Mesa-libEGL1-24.3.3-160000.3.1.x86_64.rpm Mesa-libGL-devel-24.3.3-160000.3.1.x86_64.rpm Mesa-libGL1-24.3.3-160000.3.1.x86_64.rpm Mesa-libGLESv1_CM-devel-24.3.3-160000.3.1.x86_64.rpm Mesa-libGLESv2-devel-24.3.3-160000.3.1.x86_64.rpm Mesa-libGLESv3-devel-24.3.3-160000.3.1.x86_64.rpm Mesa-libglapi-devel-24.3.3-160000.3.1.x86_64.rpm Mesa-libglapi0-24.3.3-160000.3.1.x86_64.rpm libOSMesa-devel-24.3.3-160000.3.1.x86_64.rpm libOSMesa8-24.3.3-160000.3.1.x86_64.rpm libgbm-devel-24.3.3-160000.3.1.x86_64.rpm libgbm1-24.3.3-160000.3.1.x86_64.rpm Mesa-dri-24.3.3-160000.3.1.x86_64.rpm Mesa-dri-nouveau-24.3.3-160000.3.1.x86_64.rpm Mesa-gallium-24.3.3-160000.3.1.x86_64.rpm Mesa-libOpenCL-24.3.3-160000.3.1.x86_64.rpm Mesa-libRusticlOpenCL-24.3.3-160000.3.1.x86_64.rpm Mesa-libd3d-24.3.3-160000.3.1.x86_64.rpm Mesa-libd3d-devel-24.3.3-160000.3.1.x86_64.rpm Mesa-libva-24.3.3-160000.3.1.x86_64.rpm Mesa-vulkan-device-select-24.3.3-160000.3.1.x86_64.rpm Mesa-vulkan-overlay-24.3.3-160000.3.1.x86_64.rpm libvdpau_d3d12-24.3.3-160000.3.1.x86_64.rpm libvdpau_nouveau-24.3.3-160000.3.1.x86_64.rpm libvdpau_r600-24.3.3-160000.3.1.x86_64.rpm libvdpau_radeonsi-24.3.3-160000.3.1.x86_64.rpm libvdpau_virtio_gpu-24.3.3-160000.3.1.x86_64.rpm libvulkan_intel-24.3.3-160000.3.1.x86_64.rpm libvulkan_lvp-24.3.3-160000.3.1.x86_64.rpm libvulkan_radeon-24.3.3-160000.3.1.x86_64.rpm libxatracker-devel-1.0.0-160000.3.1.x86_64.rpm libxatracker2-1.0.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-708 Recommended update for libselinux moderate SUSE SLFO 1.2 This update for libselinux fixes the following issues: - Backport commit "libselinux: retain LIFO order for path substitutions" (bsc#1261639) * otherwise we can not add equivalencies that overload each other in the policy * libselinux: retain LIFO order for path substitutions libselinux-devel-3.8.1-160000.3.1.aarch64.rpm libselinux-devel-static-3.8.1-160000.3.1.aarch64.rpm libselinux1-3.8.1-160000.3.1.aarch64.rpm selinux-tools-3.8.1-160000.3.1.aarch64.rpm python313-selinux-3.8.1-160000.3.1.aarch64.rpm ruby-selinux-3.8.1-160000.3.1.aarch64.rpm libselinux-devel-3.8.1-160000.3.1.ppc64le.rpm libselinux-devel-static-3.8.1-160000.3.1.ppc64le.rpm libselinux1-3.8.1-160000.3.1.ppc64le.rpm selinux-tools-3.8.1-160000.3.1.ppc64le.rpm python313-selinux-3.8.1-160000.3.1.ppc64le.rpm ruby-selinux-3.8.1-160000.3.1.ppc64le.rpm libselinux-devel-3.8.1-160000.3.1.s390x.rpm libselinux-devel-static-3.8.1-160000.3.1.s390x.rpm libselinux1-3.8.1-160000.3.1.s390x.rpm selinux-tools-3.8.1-160000.3.1.s390x.rpm python313-selinux-3.8.1-160000.3.1.s390x.rpm ruby-selinux-3.8.1-160000.3.1.s390x.rpm libselinux-devel-3.8.1-160000.3.1.x86_64.rpm libselinux-devel-static-3.8.1-160000.3.1.x86_64.rpm libselinux1-3.8.1-160000.3.1.x86_64.rpm selinux-tools-3.8.1-160000.3.1.x86_64.rpm python313-selinux-3.8.1-160000.3.1.x86_64.rpm ruby-selinux-3.8.1-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-709 Recommended update for protobuf moderate SUSE SLFO 1.2 This update for protobuf fixes the following issues: - Fix import issues with google.protobuf namespace (bsc#1257662). - Opt for individual %patch statements for varying strip levels. - Configure _default_patch_fuzz to 2 for successful application of cherry-picked patches. libprotobuf-lite28_3_0-28.3-160000.4.1.aarch64.rpm libprotobuf28_3_0-28.3-160000.4.1.aarch64.rpm libprotoc28_3_0-28.3-160000.4.1.aarch64.rpm libutf8_range-28_3_0-28.3-160000.4.1.aarch64.rpm protobuf-devel-28.3-160000.4.1.aarch64.rpm python313-protobuf-5.28.3-160000.4.1.aarch64.rpm protobuf-java-28.3-160000.4.1.noarch.rpm protobuf-java-bom-28.3-160000.4.1.noarch.rpm protobuf-java-javadoc-28.3-160000.4.1.noarch.rpm protobuf-java-parent-28.3-160000.4.1.noarch.rpm libprotobuf-lite28_3_0-28.3-160000.4.1.ppc64le.rpm libprotobuf28_3_0-28.3-160000.4.1.ppc64le.rpm libprotoc28_3_0-28.3-160000.4.1.ppc64le.rpm libutf8_range-28_3_0-28.3-160000.4.1.ppc64le.rpm protobuf-devel-28.3-160000.4.1.ppc64le.rpm python313-protobuf-5.28.3-160000.4.1.ppc64le.rpm libprotobuf-lite28_3_0-28.3-160000.4.1.s390x.rpm libprotobuf28_3_0-28.3-160000.4.1.s390x.rpm libprotoc28_3_0-28.3-160000.4.1.s390x.rpm libutf8_range-28_3_0-28.3-160000.4.1.s390x.rpm protobuf-devel-28.3-160000.4.1.s390x.rpm python313-protobuf-5.28.3-160000.4.1.s390x.rpm libprotobuf-lite28_3_0-28.3-160000.4.1.x86_64.rpm libprotobuf28_3_0-28.3-160000.4.1.x86_64.rpm libprotoc28_3_0-28.3-160000.4.1.x86_64.rpm libutf8_range-28_3_0-28.3-160000.4.1.x86_64.rpm protobuf-devel-28.3-160000.4.1.x86_64.rpm python313-protobuf-5.28.3-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-71 Recommended update for qemu important SUSE SLFO 1.2 This update for qemu fixes the following issues: Changes in qemu: - Update to version 10.0.4 - Support for Intel TDX (jsc#PED-9266) - rpm/spec: qemu-vgabios is required on ppc (bsc#1230042) qemu-10.0.4-160000.1.1.aarch64.rpm qemu-SLOF-10.0.4-160000.1.1.noarch.rpm qemu-accel-qtest-10.0.4-160000.1.1.aarch64.rpm qemu-arm-10.0.4-160000.1.1.aarch64.rpm qemu-audio-alsa-10.0.4-160000.1.1.aarch64.rpm qemu-audio-dbus-10.0.4-160000.1.1.aarch64.rpm qemu-audio-jack-10.0.4-160000.1.1.aarch64.rpm qemu-audio-oss-10.0.4-160000.1.1.aarch64.rpm qemu-audio-pa-10.0.4-160000.1.1.aarch64.rpm qemu-audio-pipewire-10.0.4-160000.1.1.aarch64.rpm qemu-audio-spice-10.0.4-160000.1.1.aarch64.rpm qemu-block-curl-10.0.4-160000.1.1.aarch64.rpm qemu-block-dmg-10.0.4-160000.1.1.aarch64.rpm qemu-block-gluster-10.0.4-160000.1.1.aarch64.rpm qemu-block-iscsi-10.0.4-160000.1.1.aarch64.rpm qemu-block-nfs-10.0.4-160000.1.1.aarch64.rpm qemu-block-rbd-10.0.4-160000.1.1.aarch64.rpm qemu-block-ssh-10.0.4-160000.1.1.aarch64.rpm qemu-chardev-baum-10.0.4-160000.1.1.aarch64.rpm qemu-chardev-spice-10.0.4-160000.1.1.aarch64.rpm qemu-doc-10.0.4-160000.1.1.noarch.rpm qemu-extra-10.0.4-160000.1.1.aarch64.rpm qemu-guest-agent-10.0.4-160000.1.1.aarch64.rpm qemu-headless-10.0.4-160000.1.1.aarch64.rpm qemu-hw-display-qxl-10.0.4-160000.1.1.aarch64.rpm qemu-hw-display-virtio-gpu-10.0.4-160000.1.1.aarch64.rpm qemu-hw-display-virtio-gpu-pci-10.0.4-160000.1.1.aarch64.rpm qemu-hw-display-virtio-vga-10.0.4-160000.1.1.aarch64.rpm qemu-hw-s390x-virtio-gpu-ccw-10.0.4-160000.1.1.aarch64.rpm qemu-hw-usb-host-10.0.4-160000.1.1.aarch64.rpm qemu-hw-usb-redirect-10.0.4-160000.1.1.aarch64.rpm qemu-hw-usb-smartcard-10.0.4-160000.1.1.aarch64.rpm qemu-img-10.0.4-160000.1.1.aarch64.rpm qemu-ipxe-10.0.4-160000.1.1.noarch.rpm qemu-ivshmem-tools-10.0.4-160000.1.1.aarch64.rpm qemu-ksm-10.0.4-160000.1.1.aarch64.rpm qemu-lang-10.0.4-160000.1.1.noarch.rpm qemu-microvm-10.0.4-160000.1.1.noarch.rpm qemu-ppc-10.0.4-160000.1.1.aarch64.rpm qemu-pr-helper-10.0.4-160000.1.1.aarch64.rpm qemu-s390x-10.0.4-160000.1.1.aarch64.rpm qemu-seabios-10.0.41.16.3_3_g3d33c746-160000.1.1.noarch.rpm qemu-skiboot-10.0.4-160000.1.1.noarch.rpm qemu-spice-10.0.4-160000.1.1.aarch64.rpm qemu-tools-10.0.4-160000.1.1.aarch64.rpm qemu-ui-curses-10.0.4-160000.1.1.aarch64.rpm qemu-ui-dbus-10.0.4-160000.1.1.aarch64.rpm qemu-ui-gtk-10.0.4-160000.1.1.aarch64.rpm qemu-ui-opengl-10.0.4-160000.1.1.aarch64.rpm qemu-ui-spice-app-10.0.4-160000.1.1.aarch64.rpm qemu-ui-spice-core-10.0.4-160000.1.1.aarch64.rpm qemu-vgabios-10.0.41.16.3_3_g3d33c746-160000.1.1.noarch.rpm qemu-vhost-user-gpu-10.0.4-160000.1.1.aarch64.rpm qemu-x86-10.0.4-160000.1.1.aarch64.rpm qemu-linux-user-10.0.4-160000.1.1.aarch64.rpm qemu-10.0.4-160000.1.1.ppc64le.rpm qemu-accel-qtest-10.0.4-160000.1.1.ppc64le.rpm qemu-arm-10.0.4-160000.1.1.ppc64le.rpm qemu-audio-alsa-10.0.4-160000.1.1.ppc64le.rpm qemu-audio-dbus-10.0.4-160000.1.1.ppc64le.rpm qemu-audio-jack-10.0.4-160000.1.1.ppc64le.rpm qemu-audio-oss-10.0.4-160000.1.1.ppc64le.rpm qemu-audio-pa-10.0.4-160000.1.1.ppc64le.rpm qemu-audio-pipewire-10.0.4-160000.1.1.ppc64le.rpm qemu-audio-spice-10.0.4-160000.1.1.ppc64le.rpm qemu-block-curl-10.0.4-160000.1.1.ppc64le.rpm qemu-block-dmg-10.0.4-160000.1.1.ppc64le.rpm qemu-block-gluster-10.0.4-160000.1.1.ppc64le.rpm qemu-block-iscsi-10.0.4-160000.1.1.ppc64le.rpm qemu-block-nfs-10.0.4-160000.1.1.ppc64le.rpm qemu-block-rbd-10.0.4-160000.1.1.ppc64le.rpm qemu-block-ssh-10.0.4-160000.1.1.ppc64le.rpm qemu-chardev-baum-10.0.4-160000.1.1.ppc64le.rpm qemu-chardev-spice-10.0.4-160000.1.1.ppc64le.rpm qemu-extra-10.0.4-160000.1.1.ppc64le.rpm qemu-guest-agent-10.0.4-160000.1.1.ppc64le.rpm qemu-headless-10.0.4-160000.1.1.ppc64le.rpm qemu-hw-display-qxl-10.0.4-160000.1.1.ppc64le.rpm qemu-hw-display-virtio-gpu-10.0.4-160000.1.1.ppc64le.rpm qemu-hw-display-virtio-gpu-pci-10.0.4-160000.1.1.ppc64le.rpm qemu-hw-display-virtio-vga-10.0.4-160000.1.1.ppc64le.rpm qemu-hw-s390x-virtio-gpu-ccw-10.0.4-160000.1.1.ppc64le.rpm qemu-hw-usb-host-10.0.4-160000.1.1.ppc64le.rpm qemu-hw-usb-redirect-10.0.4-160000.1.1.ppc64le.rpm qemu-hw-usb-smartcard-10.0.4-160000.1.1.ppc64le.rpm qemu-img-10.0.4-160000.1.1.ppc64le.rpm qemu-ivshmem-tools-10.0.4-160000.1.1.ppc64le.rpm qemu-ksm-10.0.4-160000.1.1.ppc64le.rpm qemu-ppc-10.0.4-160000.1.1.ppc64le.rpm qemu-pr-helper-10.0.4-160000.1.1.ppc64le.rpm qemu-s390x-10.0.4-160000.1.1.ppc64le.rpm qemu-spice-10.0.4-160000.1.1.ppc64le.rpm qemu-tools-10.0.4-160000.1.1.ppc64le.rpm qemu-ui-curses-10.0.4-160000.1.1.ppc64le.rpm qemu-ui-dbus-10.0.4-160000.1.1.ppc64le.rpm qemu-ui-gtk-10.0.4-160000.1.1.ppc64le.rpm qemu-ui-opengl-10.0.4-160000.1.1.ppc64le.rpm qemu-ui-spice-app-10.0.4-160000.1.1.ppc64le.rpm qemu-ui-spice-core-10.0.4-160000.1.1.ppc64le.rpm qemu-vhost-user-gpu-10.0.4-160000.1.1.ppc64le.rpm qemu-x86-10.0.4-160000.1.1.ppc64le.rpm qemu-linux-user-10.0.4-160000.1.1.ppc64le.rpm qemu-10.0.4-160000.1.1.s390x.rpm qemu-accel-qtest-10.0.4-160000.1.1.s390x.rpm qemu-arm-10.0.4-160000.1.1.s390x.rpm qemu-audio-alsa-10.0.4-160000.1.1.s390x.rpm qemu-audio-dbus-10.0.4-160000.1.1.s390x.rpm qemu-audio-jack-10.0.4-160000.1.1.s390x.rpm qemu-audio-oss-10.0.4-160000.1.1.s390x.rpm qemu-audio-pa-10.0.4-160000.1.1.s390x.rpm qemu-audio-pipewire-10.0.4-160000.1.1.s390x.rpm qemu-audio-spice-10.0.4-160000.1.1.s390x.rpm qemu-block-curl-10.0.4-160000.1.1.s390x.rpm qemu-block-dmg-10.0.4-160000.1.1.s390x.rpm qemu-block-gluster-10.0.4-160000.1.1.s390x.rpm qemu-block-iscsi-10.0.4-160000.1.1.s390x.rpm qemu-block-nfs-10.0.4-160000.1.1.s390x.rpm qemu-block-rbd-10.0.4-160000.1.1.s390x.rpm qemu-block-ssh-10.0.4-160000.1.1.s390x.rpm qemu-chardev-baum-10.0.4-160000.1.1.s390x.rpm qemu-chardev-spice-10.0.4-160000.1.1.s390x.rpm qemu-extra-10.0.4-160000.1.1.s390x.rpm qemu-guest-agent-10.0.4-160000.1.1.s390x.rpm qemu-headless-10.0.4-160000.1.1.s390x.rpm qemu-hw-display-qxl-10.0.4-160000.1.1.s390x.rpm qemu-hw-display-virtio-gpu-10.0.4-160000.1.1.s390x.rpm qemu-hw-display-virtio-gpu-pci-10.0.4-160000.1.1.s390x.rpm qemu-hw-display-virtio-vga-10.0.4-160000.1.1.s390x.rpm qemu-hw-s390x-virtio-gpu-ccw-10.0.4-160000.1.1.s390x.rpm qemu-hw-usb-host-10.0.4-160000.1.1.s390x.rpm qemu-hw-usb-redirect-10.0.4-160000.1.1.s390x.rpm qemu-hw-usb-smartcard-10.0.4-160000.1.1.s390x.rpm qemu-img-10.0.4-160000.1.1.s390x.rpm qemu-ivshmem-tools-10.0.4-160000.1.1.s390x.rpm qemu-ksm-10.0.4-160000.1.1.s390x.rpm qemu-ppc-10.0.4-160000.1.1.s390x.rpm qemu-pr-helper-10.0.4-160000.1.1.s390x.rpm qemu-s390x-10.0.4-160000.1.1.s390x.rpm qemu-spice-10.0.4-160000.1.1.s390x.rpm qemu-tools-10.0.4-160000.1.1.s390x.rpm qemu-ui-curses-10.0.4-160000.1.1.s390x.rpm qemu-ui-dbus-10.0.4-160000.1.1.s390x.rpm qemu-ui-gtk-10.0.4-160000.1.1.s390x.rpm qemu-ui-opengl-10.0.4-160000.1.1.s390x.rpm qemu-ui-spice-app-10.0.4-160000.1.1.s390x.rpm qemu-ui-spice-core-10.0.4-160000.1.1.s390x.rpm qemu-vhost-user-gpu-10.0.4-160000.1.1.s390x.rpm qemu-x86-10.0.4-160000.1.1.s390x.rpm qemu-linux-user-10.0.4-160000.1.1.s390x.rpm qemu-10.0.4-160000.1.1.x86_64.rpm qemu-accel-qtest-10.0.4-160000.1.1.x86_64.rpm qemu-arm-10.0.4-160000.1.1.x86_64.rpm qemu-audio-alsa-10.0.4-160000.1.1.x86_64.rpm qemu-audio-dbus-10.0.4-160000.1.1.x86_64.rpm qemu-audio-jack-10.0.4-160000.1.1.x86_64.rpm qemu-audio-oss-10.0.4-160000.1.1.x86_64.rpm qemu-audio-pa-10.0.4-160000.1.1.x86_64.rpm qemu-audio-pipewire-10.0.4-160000.1.1.x86_64.rpm qemu-audio-spice-10.0.4-160000.1.1.x86_64.rpm qemu-block-curl-10.0.4-160000.1.1.x86_64.rpm qemu-block-dmg-10.0.4-160000.1.1.x86_64.rpm qemu-block-gluster-10.0.4-160000.1.1.x86_64.rpm qemu-block-iscsi-10.0.4-160000.1.1.x86_64.rpm qemu-block-nfs-10.0.4-160000.1.1.x86_64.rpm qemu-block-rbd-10.0.4-160000.1.1.x86_64.rpm qemu-block-ssh-10.0.4-160000.1.1.x86_64.rpm qemu-chardev-baum-10.0.4-160000.1.1.x86_64.rpm qemu-chardev-spice-10.0.4-160000.1.1.x86_64.rpm qemu-extra-10.0.4-160000.1.1.x86_64.rpm qemu-guest-agent-10.0.4-160000.1.1.x86_64.rpm qemu-headless-10.0.4-160000.1.1.x86_64.rpm qemu-hw-display-qxl-10.0.4-160000.1.1.x86_64.rpm qemu-hw-display-virtio-gpu-10.0.4-160000.1.1.x86_64.rpm qemu-hw-display-virtio-gpu-pci-10.0.4-160000.1.1.x86_64.rpm qemu-hw-display-virtio-vga-10.0.4-160000.1.1.x86_64.rpm qemu-hw-s390x-virtio-gpu-ccw-10.0.4-160000.1.1.x86_64.rpm qemu-hw-usb-host-10.0.4-160000.1.1.x86_64.rpm qemu-hw-usb-redirect-10.0.4-160000.1.1.x86_64.rpm qemu-hw-usb-smartcard-10.0.4-160000.1.1.x86_64.rpm qemu-img-10.0.4-160000.1.1.x86_64.rpm qemu-ivshmem-tools-10.0.4-160000.1.1.x86_64.rpm qemu-ksm-10.0.4-160000.1.1.x86_64.rpm qemu-ppc-10.0.4-160000.1.1.x86_64.rpm qemu-pr-helper-10.0.4-160000.1.1.x86_64.rpm qemu-s390x-10.0.4-160000.1.1.x86_64.rpm qemu-spice-10.0.4-160000.1.1.x86_64.rpm qemu-tools-10.0.4-160000.1.1.x86_64.rpm qemu-ui-curses-10.0.4-160000.1.1.x86_64.rpm qemu-ui-dbus-10.0.4-160000.1.1.x86_64.rpm qemu-ui-gtk-10.0.4-160000.1.1.x86_64.rpm qemu-ui-opengl-10.0.4-160000.1.1.x86_64.rpm qemu-ui-spice-app-10.0.4-160000.1.1.x86_64.rpm qemu-ui-spice-core-10.0.4-160000.1.1.x86_64.rpm qemu-vhost-user-gpu-10.0.4-160000.1.1.x86_64.rpm qemu-vmsr-helper-10.0.4-160000.1.1.x86_64.rpm qemu-x86-10.0.4-160000.1.1.x86_64.rpm qemu-linux-user-10.0.4-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-710 Recommended update for python-hatchling moderate SUSE SLFO 1.2 This update for python-hatchling fixes the following issues: Changes in python-hatchling: - Convert to libalternatives on SLE-16-based and newer systems only python313-hatchling-1.27.0-160000.3.1.noarch.rpm openSUSE-Leap-16.0-711 Security update for python-pytest moderate SUSE SLFO 1.2 This update for python-pytest fixes the following issue: - CVE-2025-71176: a TOCTOU race condition can cause a denial of service or possibly gain privileges (bsc#1257090). python313-pytest-8.3.5-160000.3.1.noarch.rpm openSUSE-Leap-16.0-712 Recommended update for nvidia-open-driver-G07-signed moderate SUSE SLFO 1.2 This update for nvidia-open-driver-G07-signed fixes the following issues: Changes in nvidia-open-driver-G07-signed: - update CUDA variant to 595.71.05 - update non-CUDA variant to 595.71.05 (boo#1262574) * get rid of confusing objtool warnings (boo#1212841) nvidia-open-driver-G07-signed-64kb-devel-595.71.05-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-check-595.71.05-160000.1.1.noarch.rpm nvidia-open-driver-G07-signed-default-devel-595.71.05-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-kmp-64kb-595.71.05_k6.12.0_160000.29-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-kmp-default-595.71.05_k6.12.0_160000.29-160000.1.1.aarch64.rpm nv-prefer-signed-open-driver-G07-595.71.05-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-cuda-64kb-devel-595.71.05-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-cuda-check-595.71.05-160000.1.1.noarch.rpm nvidia-open-driver-G07-signed-cuda-default-devel-595.71.05-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-cuda-kmp-64kb-595.71.05_k6.12.0_160000.29-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-cuda-kmp-default-595.71.05_k6.12.0_160000.29-160000.1.1.aarch64.rpm nvidia-open-driver-G07-signed-default-devel-595.71.05-160000.1.1.x86_64.rpm nvidia-open-driver-G07-signed-kmp-default-595.71.05_k6.12.0_160000.29-160000.1.1.x86_64.rpm nv-prefer-signed-open-driver-G07-595.71.05-160000.1.1.x86_64.rpm nvidia-open-driver-G07-signed-cuda-default-devel-595.71.05-160000.1.1.x86_64.rpm nvidia-open-driver-G07-signed-cuda-kmp-default-595.71.05_k6.12.0_160000.29-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-713 Recommended update for nvidia-open-driver-G06-signed critical SUSE SLFO 1.2 This update for nvidia-open-driver-G06-signed fixes the following issues: Changes in nvidia-open-driver-G06-signed: - update CUDA variant to 580.159.03 - update non-CUDA variant to 580.159.03 (boo#1262749) - get rid of confusing objtool warnings (boo#1212841) - improved RPM description for -cuda and non-cuda variant - add 'Provides: open-driver-non-cuda-variant = %version' for non-CUDA variant to be able to distinguish between both variants; to be used by nvidia-open-driver-G06-signed-kmp-meta for TW ... (boo#1259740) nvidia-open-driver-G06-signed-64kb-devel-580.159.03-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-check-580.159.03-160000.1.1.noarch.rpm nvidia-open-driver-G06-signed-default-devel-580.159.03-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-kmp-64kb-580.159.03_k6.12.0_160000.29-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-kmp-default-580.159.03_k6.12.0_160000.29-160000.1.1.aarch64.rpm nv-prefer-signed-open-driver-580.159.03-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-cuda-64kb-devel-580.159.03-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-cuda-check-580.159.03-160000.1.1.noarch.rpm nvidia-open-driver-G06-signed-cuda-default-devel-580.159.03-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-cuda-kmp-64kb-580.159.03_k6.12.0_160000.29-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-cuda-kmp-default-580.159.03_k6.12.0_160000.29-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-default-devel-580.159.03-160000.1.1.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-580.159.03_k6.12.0_160000.29-160000.1.1.x86_64.rpm nv-prefer-signed-open-driver-580.159.03-160000.1.1.x86_64.rpm nvidia-open-driver-G06-signed-cuda-default-devel-580.159.03-160000.1.1.x86_64.rpm nvidia-open-driver-G06-signed-cuda-kmp-default-580.159.03_k6.12.0_160000.29-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-714 Security update for libtpms moderate SUSE SLFO 1.2 This update for libtpms fixes the following issues: - CVE-2025-49133: Fixed potential out of bounds (OOB) read vulnerability (bsc#1244528). - CVE-2026-21444: Fixed remote data confidentiality compromise via incorrect Initialization Vector (IV) handling (bsc#1260439). libtpms-devel-0.10.0-160000.5.1.aarch64.rpm libtpms0-0.10.0-160000.5.1.aarch64.rpm libtpms-devel-0.10.0-160000.5.1.ppc64le.rpm libtpms0-0.10.0-160000.5.1.ppc64le.rpm libtpms-devel-0.10.0-160000.5.1.s390x.rpm libtpms0-0.10.0-160000.5.1.s390x.rpm libtpms-devel-0.10.0-160000.5.1.x86_64.rpm libtpms0-0.10.0-160000.5.1.x86_64.rpm openSUSE-Leap-16.0-715 Security update for iproute2 low SUSE SLFO 1.2 This update for iproute2 fixes the following issues: Security issues fixed: - CVE-2024-58251: terminal lock up via ANSI terminal escape sequence set in `argv[0]` (bsc#1254324). Other updates and bugfixes: - Fix package for immutable mode (jsc#PED-14787). - Add netshaper support (bsc#1253044). - Add follow-up fixes included by upstream after the 6.12 release (bsc#1241316): * Parse FQ band weights correctly * bond: fix stack smash in xstats * ip: support setting multiple features * tc: gred: fix debug print iproute2-6.12-160000.3.1.aarch64.rpm iproute2-arpd-6.12-160000.3.1.aarch64.rpm iproute2-bash-completion-6.12-160000.3.1.aarch64.rpm libnetlink-devel-6.12-160000.3.1.aarch64.rpm iproute2-6.12-160000.3.1.ppc64le.rpm iproute2-arpd-6.12-160000.3.1.ppc64le.rpm iproute2-bash-completion-6.12-160000.3.1.ppc64le.rpm libnetlink-devel-6.12-160000.3.1.ppc64le.rpm iproute2-6.12-160000.3.1.s390x.rpm iproute2-arpd-6.12-160000.3.1.s390x.rpm iproute2-bash-completion-6.12-160000.3.1.s390x.rpm libnetlink-devel-6.12-160000.3.1.s390x.rpm iproute2-6.12-160000.3.1.x86_64.rpm iproute2-arpd-6.12-160000.3.1.x86_64.rpm iproute2-bash-completion-6.12-160000.3.1.x86_64.rpm libnetlink-devel-6.12-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-716 Security update for cairo low SUSE SLFO 1.2 This update for cairo fixes the following issue: - CVE-2025-50422: Poppler crash on malformed input (bsc#1247589). cairo-devel-1.18.4-160000.3.1.aarch64.rpm cairo-tools-1.18.4-160000.3.1.aarch64.rpm libcairo-gobject2-1.18.4-160000.3.1.aarch64.rpm libcairo-script-interpreter2-1.18.4-160000.3.1.aarch64.rpm libcairo2-1.18.4-160000.3.1.aarch64.rpm cairo-devel-1.18.4-160000.3.1.ppc64le.rpm cairo-tools-1.18.4-160000.3.1.ppc64le.rpm libcairo-gobject2-1.18.4-160000.3.1.ppc64le.rpm libcairo-script-interpreter2-1.18.4-160000.3.1.ppc64le.rpm libcairo2-1.18.4-160000.3.1.ppc64le.rpm cairo-devel-1.18.4-160000.3.1.s390x.rpm cairo-tools-1.18.4-160000.3.1.s390x.rpm libcairo-gobject2-1.18.4-160000.3.1.s390x.rpm libcairo-script-interpreter2-1.18.4-160000.3.1.s390x.rpm libcairo2-1.18.4-160000.3.1.s390x.rpm cairo-devel-1.18.4-160000.3.1.x86_64.rpm cairo-tools-1.18.4-160000.3.1.x86_64.rpm libcairo-gobject2-1.18.4-160000.3.1.x86_64.rpm libcairo-script-interpreter2-1.18.4-160000.3.1.x86_64.rpm libcairo2-1.18.4-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-717 Security update for c-ares moderate SUSE SLFO 1.2 This update for c-ares fixes the following issue - CVE-2025-62408: use after free in read_answers() (bsc#1254738). Changes for c-ares: - c-ares 1.35.6: * Ignore Windows IDN Search Domains until proper IDN support is added * Various bug fixes c-ares-devel-1.34.6-160000.1.1.aarch64.rpm c-ares-utils-1.34.6-160000.1.1.aarch64.rpm libcares2-1.34.6-160000.1.1.aarch64.rpm c-ares-devel-1.34.6-160000.1.1.ppc64le.rpm c-ares-utils-1.34.6-160000.1.1.ppc64le.rpm libcares2-1.34.6-160000.1.1.ppc64le.rpm c-ares-devel-1.34.6-160000.1.1.s390x.rpm c-ares-utils-1.34.6-160000.1.1.s390x.rpm libcares2-1.34.6-160000.1.1.s390x.rpm c-ares-devel-1.34.6-160000.1.1.x86_64.rpm c-ares-utils-1.34.6-160000.1.1.x86_64.rpm libcares2-1.34.6-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-718 Security update for openCryptoki moderate SUSE SLFO 1.2 This update for openCryptoki fixes the following issues Security issue: - CVE-2026-40253: Updated fix for malformed BER-encoded cryptographic objects (bsc#1262283). Non security issue: - Refactored .spec file to fully support transactional and immutable operating systems (jsc#PED-14609): * Migrated user and group creation (pkcs11, pkcsslotd) from imperative %pre shell commands to declarative systemd-sysusers configuration. * Replaced manual /var directory tracking and %ghost directives with comprehensive systemd-tmpfiles configurations. * Implemented dynamic, architecture-specific tmpfiles.d generation to properly provision hardware-specific token directories (e.g., ccatok, ep11tok, lite, and HSM_MK_CHANGE). - Fixed permissions for /run/opencryptoki within tmpfiles.d to ensure the daemon can successfully drop privileges and bind its communication socket. * Moved 32-bit and 64-bit shared library symlink creation (such as PKCS11_API.so, stdll, and methods) from %post scriptlets into the %install phase, ensuring they are correctly packaged and tracked on the read-only /usr partition. * Removed legacy /etc/pkcs11 bash migration logic from %post, replacing it with a declarative tmpfiles.d symlink rule. - Cleaned up scriptlets to only execute transaction-safe macros (such as ldconfig and systemd service handlers). openCryptoki-3.26.0-160000.2.1.aarch64.rpm openCryptoki-64bit-3.26.0-160000.2.1.aarch64.rpm openCryptoki-devel-3.26.0-160000.2.1.aarch64.rpm openCryptoki-3.26.0-160000.2.1.ppc64le.rpm openCryptoki-64bit-3.26.0-160000.2.1.ppc64le.rpm openCryptoki-devel-3.26.0-160000.2.1.ppc64le.rpm openCryptoki-3.26.0-160000.2.1.s390x.rpm openCryptoki-64bit-3.26.0-160000.2.1.s390x.rpm openCryptoki-devel-3.26.0-160000.2.1.s390x.rpm openCryptoki-3.26.0-160000.2.1.x86_64.rpm openCryptoki-64bit-3.26.0-160000.2.1.x86_64.rpm openCryptoki-devel-3.26.0-160000.2.1.x86_64.rpm openSUSE-Leap-16.0-719 Recommended update for rear29a important SUSE SLFO 1.2 This update for rear29a fixes the following issues: - SLE16 fixes - Aligning with upstream pull requests (#bsc1246136). - For SLE 16 and openSUSE Leap 16.x and openSUSE Factory, set OS_VERSION="16" in `/etc/rear/os.conf`. - Fix packages for Immutable Mode (jsc#PED-14776, jsc#PED-14688). rear29a-2.9-160000.3.1.ppc64le.rpm rear29a-2.9-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-72 Security update for tomcat11 important SUSE SLFO 1.2 This update for tomcat11 fixes the following issues: Update to Tomcat 11.0.13: - CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753). - CVE-2025-55754: Fixed Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat (bsc#1252905). - CVE-2025-61795: Fixed temporary copies during the processing of multipart upload can lead to a denial of service (bsc#1252756). tomcat11-11.0.13-160000.1.1.noarch.rpm tomcat11-admin-webapps-11.0.13-160000.1.1.noarch.rpm tomcat11-doc-11.0.13-160000.1.1.noarch.rpm tomcat11-docs-webapp-11.0.13-160000.1.1.noarch.rpm tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch.rpm tomcat11-embed-11.0.13-160000.1.1.noarch.rpm tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch.rpm tomcat11-jsvc-11.0.13-160000.1.1.noarch.rpm tomcat11-lib-11.0.13-160000.1.1.noarch.rpm tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch.rpm tomcat11-webapps-11.0.13-160000.1.1.noarch.rpm openSUSE-Leap-16.0-720 Recommended update for gtk-vnc moderate SUSE SLFO 1.2 This update for gtk-vnc fixes the following issues: - Fixed that removal of spice led to a regression in functionality, specifically for graphical console copy paste (bsc#1251850) gtk-vnc-devel-1.5.0-160000.3.1.aarch64.rpm gtk-vnc-lang-1.5.0-160000.3.1.noarch.rpm gtk-vnc-tools-1.5.0-160000.3.1.aarch64.rpm libgtk-vnc-2_0-0-1.5.0-160000.3.1.aarch64.rpm libgvnc-1_0-0-1.5.0-160000.3.1.aarch64.rpm libgvncpulse-1_0-0-1.5.0-160000.3.1.aarch64.rpm typelib-1_0-GVnc-1_0-1.5.0-160000.3.1.aarch64.rpm typelib-1_0-GVncPulse-1_0-1.5.0-160000.3.1.aarch64.rpm typelib-1_0-GtkVnc-2_0-1.5.0-160000.3.1.aarch64.rpm gtk-vnc-devel-1.5.0-160000.3.1.ppc64le.rpm gtk-vnc-tools-1.5.0-160000.3.1.ppc64le.rpm libgtk-vnc-2_0-0-1.5.0-160000.3.1.ppc64le.rpm libgvnc-1_0-0-1.5.0-160000.3.1.ppc64le.rpm libgvncpulse-1_0-0-1.5.0-160000.3.1.ppc64le.rpm typelib-1_0-GVnc-1_0-1.5.0-160000.3.1.ppc64le.rpm typelib-1_0-GVncPulse-1_0-1.5.0-160000.3.1.ppc64le.rpm typelib-1_0-GtkVnc-2_0-1.5.0-160000.3.1.ppc64le.rpm gtk-vnc-devel-1.5.0-160000.3.1.s390x.rpm gtk-vnc-tools-1.5.0-160000.3.1.s390x.rpm libgtk-vnc-2_0-0-1.5.0-160000.3.1.s390x.rpm libgvnc-1_0-0-1.5.0-160000.3.1.s390x.rpm libgvncpulse-1_0-0-1.5.0-160000.3.1.s390x.rpm typelib-1_0-GVnc-1_0-1.5.0-160000.3.1.s390x.rpm typelib-1_0-GVncPulse-1_0-1.5.0-160000.3.1.s390x.rpm typelib-1_0-GtkVnc-2_0-1.5.0-160000.3.1.s390x.rpm gtk-vnc-devel-1.5.0-160000.3.1.x86_64.rpm gtk-vnc-tools-1.5.0-160000.3.1.x86_64.rpm libgtk-vnc-2_0-0-1.5.0-160000.3.1.x86_64.rpm libgvnc-1_0-0-1.5.0-160000.3.1.x86_64.rpm libgvncpulse-1_0-0-1.5.0-160000.3.1.x86_64.rpm typelib-1_0-GVnc-1_0-1.5.0-160000.3.1.x86_64.rpm typelib-1_0-GVncPulse-1_0-1.5.0-160000.3.1.x86_64.rpm typelib-1_0-GtkVnc-2_0-1.5.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-721 Recommended update for elemental-toolkit moderate SUSE SLFO 1.2 This update for elemental-toolkit fixes the following issues: Changes in elemental-toolkit: - Drop upstream reproducible build patch. elemental-toolkit-2.3.2-160000.2.1.aarch64.rpm elemental-toolkit-2.3.2-160000.2.1.ppc64le.rpm elemental-toolkit-2.3.2-160000.2.1.s390x.rpm elemental-toolkit-2.3.2-160000.2.1.x86_64.rpm openSUSE-Leap-16.0-722 Security update for perl-Text-CSV_XS important SUSE SLFO 1.2 This update for perl-Text-CSV_XS fixes the following issue: - CVE-2026-7111: use-after-free when registered callbacks extend the Perl argument stack may enable type confusion or memory corruption (bsc#1263690). perl-Text-CSV_XS-1.600.0-160000.3.1.aarch64.rpm perl-Text-CSV_XS-1.600.0-160000.3.1.ppc64le.rpm perl-Text-CSV_XS-1.600.0-160000.3.1.s390x.rpm perl-Text-CSV_XS-1.600.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-73 Recommended update for mdadm moderate SUSE SLFO 1.2 This update for mdadm fixes the following issues: - Version update 4.4+29.gf8bb524b. - Fix race condition between mdcheck_start.service and mdcheck_continue.service (bsc#1243443, bsc#1248097). - mdadm_env.sh ignoring MDADM_RAIDDEVICES if MDADM_SCAN is set (bsc#1229997). - Split off the Software RAID HOWTO into a -doc package. - Upstream bug fixes for mdadm (bsc#1253060). - _service: switch to tar_scm for better interoperabity with SLFO. - Fix systemd unit file handling in spec file (bnc#1207266). - Stop emitting %release into program binaries (bnc#1246806). - Add MAILFROM address to email envelope, avoid smtp auth errors (bsc#1241474). mdadm-4.4+29.gf8bb524b-160000.1.1.aarch64.rpm mdadm-doc-4.4+29.gf8bb524b-160000.1.1.aarch64.rpm mdadm-4.4+29.gf8bb524b-160000.1.1.ppc64le.rpm mdadm-doc-4.4+29.gf8bb524b-160000.1.1.ppc64le.rpm mdadm-4.4+29.gf8bb524b-160000.1.1.s390x.rpm mdadm-doc-4.4+29.gf8bb524b-160000.1.1.s390x.rpm mdadm-4.4+29.gf8bb524b-160000.1.1.x86_64.rpm mdadm-doc-4.4+29.gf8bb524b-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-74 Recommended update for libnxz moderate SUSE SLFO 1.2 This update for libnxz fixes the following issues: Update to version 0.64+git4.2f1ae54: * lib/nx_crc : Fix compile error with gcc15 * Changed README.md instructions to substitute zlib libnxz-devel-0.64+git4.2f1ae54-160000.1.1.ppc64le.rpm libnxz0-0.64+git4.2f1ae54-160000.1.1.ppc64le.rpm openSUSE-Leap-16.0-75 Optional update for java-25-openjdk moderate SUSE SLFO 1.2 This update for java-25-openjdk fixes the following issues: Adds the Java OpenJDK in version 25. java-25-openjdk-25.0.1.0-160000.1.1.aarch64.rpm java-25-openjdk-demo-25.0.1.0-160000.1.1.aarch64.rpm java-25-openjdk-devel-25.0.1.0-160000.1.1.aarch64.rpm java-25-openjdk-headless-25.0.1.0-160000.1.1.aarch64.rpm java-25-openjdk-javadoc-25.0.1.0-160000.1.1.noarch.rpm java-25-openjdk-jmods-25.0.1.0-160000.1.1.aarch64.rpm java-25-openjdk-src-25.0.1.0-160000.1.1.aarch64.rpm java-25-openjdk-25.0.1.0-160000.1.1.ppc64le.rpm java-25-openjdk-demo-25.0.1.0-160000.1.1.ppc64le.rpm java-25-openjdk-devel-25.0.1.0-160000.1.1.ppc64le.rpm java-25-openjdk-headless-25.0.1.0-160000.1.1.ppc64le.rpm java-25-openjdk-jmods-25.0.1.0-160000.1.1.ppc64le.rpm java-25-openjdk-src-25.0.1.0-160000.1.1.ppc64le.rpm java-25-openjdk-25.0.1.0-160000.1.1.s390x.rpm java-25-openjdk-demo-25.0.1.0-160000.1.1.s390x.rpm java-25-openjdk-devel-25.0.1.0-160000.1.1.s390x.rpm java-25-openjdk-headless-25.0.1.0-160000.1.1.s390x.rpm java-25-openjdk-jmods-25.0.1.0-160000.1.1.s390x.rpm java-25-openjdk-src-25.0.1.0-160000.1.1.s390x.rpm java-25-openjdk-25.0.1.0-160000.1.1.x86_64.rpm java-25-openjdk-demo-25.0.1.0-160000.1.1.x86_64.rpm java-25-openjdk-devel-25.0.1.0-160000.1.1.x86_64.rpm java-25-openjdk-headless-25.0.1.0-160000.1.1.x86_64.rpm java-25-openjdk-jmods-25.0.1.0-160000.1.1.x86_64.rpm java-25-openjdk-src-25.0.1.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-76 Recommended update for urw-base35-fonts moderate SUSE SLFO 1.2 This update for urw-base35-fonts fixes the following issues: Changes in urw-base35-fonts: - Add provides for recently obsoleted packages ghostscript-fonts-std-converted and xorg-x11-fonts-converted urw-base35-fonts-20200910-160000.3.1.noarch.rpm urw-base35-fonts-C059-20200910-160000.3.1.noarch.rpm urw-base35-fonts-D050000L-20200910-160000.3.1.noarch.rpm urw-base35-fonts-NimbusMonoPS-20200910-160000.3.1.noarch.rpm urw-base35-fonts-NimbusRoman-20200910-160000.3.1.noarch.rpm urw-base35-fonts-NimbusSans-20200910-160000.3.1.noarch.rpm urw-base35-fonts-P052-20200910-160000.3.1.noarch.rpm urw-base35-fonts-StandardSymbolsPS-20200910-160000.3.1.noarch.rpm urw-base35-fonts-URWBookman-20200910-160000.3.1.noarch.rpm urw-base35-fonts-URWGothic-20200910-160000.3.1.noarch.rpm urw-base35-fonts-Z003-20200910-160000.3.1.noarch.rpm openSUSE-Leap-16.0-77 Recommended update for gpgme important SUSE SLFO 1.2 This update for gpgme fixes the following issues: - Treat empty DISPLAY variable as unset (bsc#1252425, bsc#1231055) * To avoid gpgme constructing an invalid gpg command line when the DISPLAY variable is empty it can be treated as unset. * Reported upstream: dev.gnupg.org/T7919 gpgme-1.24.3-160000.3.1.aarch64.rpm libgpgme-devel-1.24.3-160000.3.1.aarch64.rpm libgpgme11-1.24.3-160000.3.1.aarch64.rpm libgpgmepp-devel-1.24.3-160000.3.1.aarch64.rpm libgpgmepp6-1.24.3-160000.3.1.aarch64.rpm python313-gpg-1.24.3-160000.3.1.aarch64.rpm libqgpgmeqt6-15-1.24.3-160000.3.1.aarch64.rpm libqgpgmeqt6-devel-1.24.3-160000.3.1.aarch64.rpm gpgme-1.24.3-160000.3.1.ppc64le.rpm libgpgme-devel-1.24.3-160000.3.1.ppc64le.rpm libgpgme11-1.24.3-160000.3.1.ppc64le.rpm libgpgmepp-devel-1.24.3-160000.3.1.ppc64le.rpm libgpgmepp6-1.24.3-160000.3.1.ppc64le.rpm python313-gpg-1.24.3-160000.3.1.ppc64le.rpm libqgpgmeqt6-15-1.24.3-160000.3.1.ppc64le.rpm libqgpgmeqt6-devel-1.24.3-160000.3.1.ppc64le.rpm gpgme-1.24.3-160000.3.1.s390x.rpm libgpgme-devel-1.24.3-160000.3.1.s390x.rpm libgpgme11-1.24.3-160000.3.1.s390x.rpm libgpgmepp-devel-1.24.3-160000.3.1.s390x.rpm libgpgmepp6-1.24.3-160000.3.1.s390x.rpm python313-gpg-1.24.3-160000.3.1.s390x.rpm libqgpgmeqt6-15-1.24.3-160000.3.1.s390x.rpm libqgpgmeqt6-devel-1.24.3-160000.3.1.s390x.rpm gpgme-1.24.3-160000.3.1.x86_64.rpm libgpgme-devel-1.24.3-160000.3.1.x86_64.rpm libgpgme11-1.24.3-160000.3.1.x86_64.rpm libgpgmepp-devel-1.24.3-160000.3.1.x86_64.rpm libgpgmepp6-1.24.3-160000.3.1.x86_64.rpm python313-gpg-1.24.3-160000.3.1.x86_64.rpm libqgpgmeqt6-15-1.24.3-160000.3.1.x86_64.rpm libqgpgmeqt6-devel-1.24.3-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-78 Recommended update for libnbd moderate SUSE SLFO 1.2 This update for libnbd fixes the following issues: - Fix libnbd: Unsanitized hostnames in nbd+ssh URIs allow remote execution (bsc#1253059) libnbd-1.22.2-160000.3.1.aarch64.rpm libnbd-bash-completion-1.22.2-160000.3.1.noarch.rpm libnbd-devel-1.22.2-160000.3.1.aarch64.rpm libnbd0-1.22.2-160000.3.1.aarch64.rpm nbdfuse-1.22.2-160000.3.1.aarch64.rpm python3-libnbd-1.22.2-160000.3.1.aarch64.rpm libnbd-1.22.2-160000.3.1.ppc64le.rpm libnbd-devel-1.22.2-160000.3.1.ppc64le.rpm libnbd0-1.22.2-160000.3.1.ppc64le.rpm nbdfuse-1.22.2-160000.3.1.ppc64le.rpm python3-libnbd-1.22.2-160000.3.1.ppc64le.rpm libnbd-1.22.2-160000.3.1.s390x.rpm libnbd-devel-1.22.2-160000.3.1.s390x.rpm libnbd0-1.22.2-160000.3.1.s390x.rpm nbdfuse-1.22.2-160000.3.1.s390x.rpm python3-libnbd-1.22.2-160000.3.1.s390x.rpm libnbd-1.22.2-160000.3.1.x86_64.rpm libnbd-devel-1.22.2-160000.3.1.x86_64.rpm libnbd0-1.22.2-160000.3.1.x86_64.rpm nbdfuse-1.22.2-160000.3.1.x86_64.rpm python3-libnbd-1.22.2-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-79 Security update for dovecot24 moderate SUSE SLFO 1.2 This update for dovecot24 fixes the following issues: - Update dovecot to 2.4.2: - CVE-2025-30189: Fixed users cached with same cache key when auth cache was enabled (bsc#1252839) - Changes - auth: Remove proxy_always field. - config: Change settings history parsing to use python3. - doveadm: Print table formatter - Print empty values as "-". - imapc: Propagate remote error codes properly. - lda: Default mail_home=$HOME environment if not using userdb lookup - lib-dcrypt: Salt for new version 2 keys has been increased to 16 bytes. - lib-dregex: Add libpcre2 based regular expression support to Dovecot, if the library is missing, disable all regular expressions. This adds libpcre2-32 as build dependency. - lib-oauth2: jwt - Allow nbf and iat to point 1 second into future. - lib: Replace libicu with our own unicode library. Removes libicu as build dependency. - login-common: If proxying fails due to remote having invalid SSL cert, don't reconnect. - New features - auth: Add ssl_client_cert_fp and ssl_client_cert_pubkey_fp fields - config: Add support for $SET:filter/path/setting. - config: Improve @group includes to work with overwriting their settings. - doveadm kick: Add support for kicking multiple usernames - doveadm mailbox status: Add support for deleted status item. - imap, imap-client: Add experimental partial IMAP4rev2 support. - imap: Implement support for UTF8=ACCEPT for APPEND - lib-oauth2, oauth2: Add oauth2_token_expire_grace setting. - lmtp: lmtp-client - Support command pipelining. - login-common: Support local/remote blocks better. - master: accept() unix/inet connections before creating child process to handle it. This reduces timeouts when child processes are slow to spawn themselves. - Bug fixes - SMTPUTF8 was accepted even when it wasn't enabled. - auth, *-login: Direct logging with -L parameter was not working. - auth: Crash occured when OAUTH token validation failed with oauth2_use_worker_with_mech=yes. - auth: Invalid field handling crashes were fixed. - auth: ldap - Potential crash could happen at deinit. - auth: mech-gssapi - Server sending empty initial response would cause errors. - auth: mech-winbind - GSS-SPNEGO mechanism was erroneously marked as - not accepting NUL. - config: Multiple issues with $SET handling has been fixed. - configure: Building without LDAP didn't work. - doveadm: If source user didn't exist, a crash would occur. - imap, pop3, submission, imap-urlauth: USER environment usage was broken when running standalone. - imap-hibernate: Statistics would get truncated on unhibernation. - imap: "SEARCH MIMEPART FILENAME ENDS" command could have accessed memory outside allocated buffer, resulting in a crash. - imapc: Fetching partial headers would cause other cached headers to be cached empty, breaking e.g. imap envelope responses when caching to disk. - imapc: Shared namespace's INBOX mailbox was not always uppercased. - imapc: imapc_features=guid-forced GUID generation was not working correctly. - lda: USER environment was not accepted if -d hasn't been specified. - lib-http: http-url - Significant path percent encoding through parse and create was not preserved. This is mainly important for Dovecot's Lua bindings for lib-http. - lib-settings: Crash would occur when using %variables in SET_FILE type settings. - lib-storage: Attachment flags were attempted to be added for readonly mailboxes with mail_attachment_flags=add-flags. - lib-storage: Root directory for unusable shared namespaces was unnecessarily attempted to be created. - lib: Crash would occur when config was reloaded and logging to syslog. - login-common: Crash might have occured when login proxy was destroyed. - sqlite: The sqlite_journal_mode=wal setting didn't actually do anything. - Many other bugs have been fixed. - Update pigeonhole to 2.4.2 - Changes - lib-sieve: Use new regular expression library in core. - managesieve: Add default service_extra_groups=$SET:default_internal_group. - New features - lib-sieve: Add support for "extlists" extension. - lib-sieve: regex - Allow unicode comparator. - Bug fixes - lib-sieve-tool: sieve-tool - All sieve_script settings were overriden. - lib-sieve: storage: dict: sieve_script_dict filter was missing from settings. - sieve-ldap-storage: Fix compile without LDAP. dovecot24-2.4.2-160000.1.1.aarch64.rpm dovecot24-backend-mysql-2.4.2-160000.1.1.aarch64.rpm dovecot24-backend-pgsql-2.4.2-160000.1.1.aarch64.rpm dovecot24-backend-sqlite-2.4.2-160000.1.1.aarch64.rpm dovecot24-devel-2.4.2-160000.1.1.aarch64.rpm dovecot24-fts-2.4.2-160000.1.1.aarch64.rpm dovecot24-fts-flatcurve-2.4.2-160000.1.1.aarch64.rpm dovecot24-fts-solr-2.4.2-160000.1.1.aarch64.rpm dovecot24-2.4.2-160000.1.1.ppc64le.rpm dovecot24-backend-mysql-2.4.2-160000.1.1.ppc64le.rpm dovecot24-backend-pgsql-2.4.2-160000.1.1.ppc64le.rpm dovecot24-backend-sqlite-2.4.2-160000.1.1.ppc64le.rpm dovecot24-devel-2.4.2-160000.1.1.ppc64le.rpm dovecot24-fts-2.4.2-160000.1.1.ppc64le.rpm dovecot24-fts-flatcurve-2.4.2-160000.1.1.ppc64le.rpm dovecot24-fts-solr-2.4.2-160000.1.1.ppc64le.rpm dovecot24-2.4.2-160000.1.1.s390x.rpm dovecot24-backend-mysql-2.4.2-160000.1.1.s390x.rpm dovecot24-backend-pgsql-2.4.2-160000.1.1.s390x.rpm dovecot24-backend-sqlite-2.4.2-160000.1.1.s390x.rpm dovecot24-devel-2.4.2-160000.1.1.s390x.rpm dovecot24-fts-2.4.2-160000.1.1.s390x.rpm dovecot24-fts-flatcurve-2.4.2-160000.1.1.s390x.rpm dovecot24-fts-solr-2.4.2-160000.1.1.s390x.rpm dovecot24-2.4.2-160000.1.1.x86_64.rpm dovecot24-backend-mysql-2.4.2-160000.1.1.x86_64.rpm dovecot24-backend-pgsql-2.4.2-160000.1.1.x86_64.rpm dovecot24-backend-sqlite-2.4.2-160000.1.1.x86_64.rpm dovecot24-devel-2.4.2-160000.1.1.x86_64.rpm dovecot24-fts-2.4.2-160000.1.1.x86_64.rpm dovecot24-fts-flatcurve-2.4.2-160000.1.1.x86_64.rpm dovecot24-fts-solr-2.4.2-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-8 Recommended update for autofs critical SUSE SLFO 1.2 This update for autofs contains the following fixes: - Link against ldap.so instead of ldap_r.so; the former now provides thread-safety and the latter is a symlink which may not exist. (bsc#1249966) * drop previous patch now unnecessary. - Fix xmlStructuredErrorFunc callback parameter patch (bsc#1246612) to account for: * d2feac6784b6 autofs-5.1.6 - make autofs.a a shared library * bcd8e1b642e9 autofs-5.0.7 - use LIBS for link libraries autofs-5.1.9-160000.3.1.aarch64.rpm autofs-5.1.9-160000.3.1.ppc64le.rpm autofs-5.1.9-160000.3.1.s390x.rpm autofs-5.1.9-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-80 Security update for himmelblau important SUSE SLFO 1.2 This update for himmelblau fixes the following issues: - Update to version 0.9.23+git.0.9776141: * CVE-2025-59044: Fixed GID collision of same-name groups allowing privilege escalation (bsc#1250687) * deps(rust): bump the all-cargo-updates group * CVE-2025-58160: tracing-subscriber: Fixed log pollution (bsc#1249013) himmelblau-0.9.23+git.0.9776141-160000.1.1.aarch64.rpm himmelblau-qr-greeter-0.9.23+git.0.9776141-160000.1.1.aarch64.rpm himmelblau-sshd-config-0.9.23+git.0.9776141-160000.1.1.noarch.rpm himmelblau-sso-0.9.23+git.0.9776141-160000.1.1.aarch64.rpm libnss_himmelblau2-0.9.23+git.0.9776141-160000.1.1.aarch64.rpm pam-himmelblau-0.9.23+git.0.9776141-160000.1.1.aarch64.rpm himmelblau-0.9.23+git.0.9776141-160000.1.1.x86_64.rpm himmelblau-qr-greeter-0.9.23+git.0.9776141-160000.1.1.x86_64.rpm himmelblau-sso-0.9.23+git.0.9776141-160000.1.1.x86_64.rpm libnss_himmelblau2-0.9.23+git.0.9776141-160000.1.1.x86_64.rpm pam-himmelblau-0.9.23+git.0.9776141-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-81 Security update for openssh moderate SUSE SLFO 1.2 This update for openssh fixes the following issues: - CVE-2025-61984: code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198). - CVE-2025-61985: code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199). openssh-10.0p2-160000.3.1.aarch64.rpm openssh-cavs-10.0p2-160000.3.1.aarch64.rpm openssh-clients-10.0p2-160000.3.1.aarch64.rpm openssh-common-10.0p2-160000.3.1.aarch64.rpm openssh-helpers-10.0p2-160000.3.1.aarch64.rpm openssh-server-10.0p2-160000.3.1.aarch64.rpm openssh-server-config-rootlogin-10.0p2-160000.3.1.aarch64.rpm openssh-askpass-gnome-10.0p2-160000.3.1.aarch64.rpm openssh-10.0p2-160000.3.1.ppc64le.rpm openssh-cavs-10.0p2-160000.3.1.ppc64le.rpm openssh-clients-10.0p2-160000.3.1.ppc64le.rpm openssh-common-10.0p2-160000.3.1.ppc64le.rpm openssh-helpers-10.0p2-160000.3.1.ppc64le.rpm openssh-server-10.0p2-160000.3.1.ppc64le.rpm openssh-server-config-rootlogin-10.0p2-160000.3.1.ppc64le.rpm openssh-askpass-gnome-10.0p2-160000.3.1.ppc64le.rpm openssh-10.0p2-160000.3.1.s390x.rpm openssh-cavs-10.0p2-160000.3.1.s390x.rpm openssh-clients-10.0p2-160000.3.1.s390x.rpm openssh-common-10.0p2-160000.3.1.s390x.rpm openssh-helpers-10.0p2-160000.3.1.s390x.rpm openssh-server-10.0p2-160000.3.1.s390x.rpm openssh-server-config-rootlogin-10.0p2-160000.3.1.s390x.rpm openssh-askpass-gnome-10.0p2-160000.3.1.s390x.rpm openssh-10.0p2-160000.3.1.x86_64.rpm openssh-cavs-10.0p2-160000.3.1.x86_64.rpm openssh-clients-10.0p2-160000.3.1.x86_64.rpm openssh-common-10.0p2-160000.3.1.x86_64.rpm openssh-helpers-10.0p2-160000.3.1.x86_64.rpm openssh-server-10.0p2-160000.3.1.x86_64.rpm openssh-server-config-rootlogin-10.0p2-160000.3.1.x86_64.rpm openssh-askpass-gnome-10.0p2-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-82 Security update for java-21-openjdk important SUSE SLFO 1.2 This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.9+10 (October 2025 CPU): - CVE-2025-53066: Fixed enhance path factories (bsc#1252417). - CVE-2025-61748: Fixed enhance string handling (bsc#1252418). - CVE-2025-53057: Fixed enhance certificate handling (bsc#1252414). Other bug fixes: - Do not embed rebuild counter (bsc#1246806) java-21-openjdk-21.0.9.0-160000.1.1.aarch64.rpm java-21-openjdk-demo-21.0.9.0-160000.1.1.aarch64.rpm java-21-openjdk-devel-21.0.9.0-160000.1.1.aarch64.rpm java-21-openjdk-headless-21.0.9.0-160000.1.1.aarch64.rpm java-21-openjdk-javadoc-21.0.9.0-160000.1.1.noarch.rpm java-21-openjdk-jmods-21.0.9.0-160000.1.1.aarch64.rpm java-21-openjdk-src-21.0.9.0-160000.1.1.aarch64.rpm java-21-openjdk-21.0.9.0-160000.1.1.ppc64le.rpm java-21-openjdk-demo-21.0.9.0-160000.1.1.ppc64le.rpm java-21-openjdk-devel-21.0.9.0-160000.1.1.ppc64le.rpm java-21-openjdk-headless-21.0.9.0-160000.1.1.ppc64le.rpm java-21-openjdk-jmods-21.0.9.0-160000.1.1.ppc64le.rpm java-21-openjdk-src-21.0.9.0-160000.1.1.ppc64le.rpm java-21-openjdk-21.0.9.0-160000.1.1.s390x.rpm java-21-openjdk-demo-21.0.9.0-160000.1.1.s390x.rpm java-21-openjdk-devel-21.0.9.0-160000.1.1.s390x.rpm java-21-openjdk-headless-21.0.9.0-160000.1.1.s390x.rpm java-21-openjdk-jmods-21.0.9.0-160000.1.1.s390x.rpm java-21-openjdk-src-21.0.9.0-160000.1.1.s390x.rpm java-21-openjdk-21.0.9.0-160000.1.1.x86_64.rpm java-21-openjdk-demo-21.0.9.0-160000.1.1.x86_64.rpm java-21-openjdk-devel-21.0.9.0-160000.1.1.x86_64.rpm java-21-openjdk-headless-21.0.9.0-160000.1.1.x86_64.rpm java-21-openjdk-jmods-21.0.9.0-160000.1.1.x86_64.rpm java-21-openjdk-src-21.0.9.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-83 Recommended update for python-azure-agent important SUSE SLFO 1.2 This update for python-azure-agent fixes the following issues: - Fix dependencies for SLE 16 (bsc#1254129) * procps instead of sysvinit-tools - Update to version 2.14.0.1 (bsc#1253001) * FIPS 140-3 support * Block extensions disallowed by policy * Report ext policy errors in heartbeat * Implement signature validation helper functions * Prevent ssh public key override * Use proper filesystem creation flag for btrfs * Enable resource monitoring in cgroup v2 machines * Update agent cgroup cleanup * Add cgroupv2 distros to supported list * Clean old agent cgroup setup * Redact sas tokens in telemetry events and agent log * Add conf option to use hardcoded wireserver ip instead of dhcp request to discover wireserver ip * Support for python 3.12 * Update telemetry message for agent updates and send new telemetry for ext resource governance * Disable rsm downgrade * Add community support for Chainguard OS * Swap out legacycrypt for crypt-r for Python 3.13+ * Pin setuptools version * Set the agent config file path for FreeBSD * Handle errors importing crypt module - From 2.13.1.1 * Setup: Fix install_requires list syntax * Pickup latest goal state on tenant certificate rotation + Avoid infinite loop when the tenant certificate is missing * Fix unsupported syntax in py2.6 * Cgroup rewrite: uses systemctl for expressing desired configuration instead drop-in files * Remove usages of tempfile.mktemp * Use random time for attempting new Agent update * Enable logcollector in v2 machines * Clean history files * Missing firewall rules reason * Add support for nftables (+ refactoring of firewall code) * Create walinuxagent nftable atomically python-azure-agent-2.14.0.1-160000.1.1.noarch.rpm python-azure-agent-config-default-2.14.0.1-160000.1.1.noarch.rpm python-azure-agent-config-hpc-2.14.0.1-160000.1.1.noarch.rpm python-azure-agent-config-micro-2.14.0.1-160000.1.1.noarch.rpm python-azure-agent-config-server-2.14.0.1-160000.1.1.noarch.rpm python-azure-agent-test-2.14.0.1-160000.1.1.noarch.rpm openSUSE-Leap-16.0-84 Security update for java-17-openjdk important SUSE SLFO 1.2 This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.17+10 (October 2025 CPU): - CVE-2025-53066: Fixed enhance path factories (bsc#1252417). - CVE-2025-53057: Fixed enhance certificate handling (bsc#1252414). Other bug fixes: - Do not embed rebuild counter (bsc#1246806). java-17-openjdk-17.0.17.0-160000.1.1.aarch64.rpm java-17-openjdk-demo-17.0.17.0-160000.1.1.aarch64.rpm java-17-openjdk-devel-17.0.17.0-160000.1.1.aarch64.rpm java-17-openjdk-headless-17.0.17.0-160000.1.1.aarch64.rpm java-17-openjdk-javadoc-17.0.17.0-160000.1.1.noarch.rpm java-17-openjdk-jmods-17.0.17.0-160000.1.1.aarch64.rpm java-17-openjdk-src-17.0.17.0-160000.1.1.aarch64.rpm java-17-openjdk-17.0.17.0-160000.1.1.ppc64le.rpm java-17-openjdk-demo-17.0.17.0-160000.1.1.ppc64le.rpm java-17-openjdk-devel-17.0.17.0-160000.1.1.ppc64le.rpm java-17-openjdk-headless-17.0.17.0-160000.1.1.ppc64le.rpm java-17-openjdk-jmods-17.0.17.0-160000.1.1.ppc64le.rpm java-17-openjdk-src-17.0.17.0-160000.1.1.ppc64le.rpm java-17-openjdk-17.0.17.0-160000.1.1.s390x.rpm java-17-openjdk-demo-17.0.17.0-160000.1.1.s390x.rpm java-17-openjdk-devel-17.0.17.0-160000.1.1.s390x.rpm java-17-openjdk-headless-17.0.17.0-160000.1.1.s390x.rpm java-17-openjdk-jmods-17.0.17.0-160000.1.1.s390x.rpm java-17-openjdk-src-17.0.17.0-160000.1.1.s390x.rpm java-17-openjdk-17.0.17.0-160000.1.1.x86_64.rpm java-17-openjdk-demo-17.0.17.0-160000.1.1.x86_64.rpm java-17-openjdk-devel-17.0.17.0-160000.1.1.x86_64.rpm java-17-openjdk-headless-17.0.17.0-160000.1.1.x86_64.rpm java-17-openjdk-jmods-17.0.17.0-160000.1.1.x86_64.rpm java-17-openjdk-src-17.0.17.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-85 Recommended update for drbd-utils moderate SUSE SLFO 1.2 This update for drbd-utils fixes the following issues: - [SELinux] nfs_drbd: * Fix: "fence-peer helper broken, returned 0" and nfs WRITE hang when power off the secondary node (bsc#1252991) - Allow domtrans from kernel_t to drbd_t (bsc#1252991) - Fix drbd_passive didn't start due to drbd.rules returning error (bsc#1247534) drbd-selinux-9.29.0-160000.3.1.aarch64.rpm drbd-utils-9.29.0-160000.3.1.aarch64.rpm drbd-selinux-9.29.0-160000.3.1.ppc64le.rpm drbd-utils-9.29.0-160000.3.1.ppc64le.rpm drbd-selinux-9.29.0-160000.3.1.s390x.rpm drbd-utils-9.29.0-160000.3.1.s390x.rpm drbd-selinux-9.29.0-160000.3.1.x86_64.rpm drbd-utils-9.29.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-86 Recommended update for suse-fonts moderate SUSE SLFO 1.2 This update for suse-fonts fixes the following issues: - Version update 2.001 - Added Black weight to SUSE family, with matching italics. - Introduced SUSE Mono variant (Thin → ExtraBold) with matching italics. - Added full Vietnamese coverage. - Implemented coding ligatures in SUSE Mono, optimized for terminal and coding environments. - Added PUA and emoji-trigger options for chameleon logo in Mono styles. - Updated vertical metrics, naming tables, and weight classes for consistency. - Refreshed Google Fonts specimen images to reflect expanded family. suse-fonts-2.001-160000.1.1.noarch.rpm openSUSE-Leap-16.0-89 Recommended update for ibus moderate SUSE SLFO 1.2 This update for ibus fixes the following issues: - Add an initial setup feature for Plasma Wayland * enables IBus as the active virtual keyboard on the first login, allowing users to input text using IBus without manual configuration * fix: Plasma + Wayland: input method does not start (bsc#1084804) * fix: IBus/Fcitx5 does not start automatically under Plasma Wayland out of the box (bsc#1246423) ibus-1.5.32-160000.3.1.aarch64.rpm ibus-devel-1.5.32-160000.3.1.aarch64.rpm ibus-dict-emoji-1.5.32-160000.3.1.noarch.rpm ibus-gtk-1.5.32-160000.3.1.aarch64.rpm ibus-gtk3-1.5.32-160000.3.1.aarch64.rpm ibus-lang-1.5.32-160000.3.1.noarch.rpm libibus-1_0-5-1.5.32-160000.3.1.aarch64.rpm typelib-1_0-IBus-1_0-1.5.32-160000.3.1.aarch64.rpm ibus-gtk4-1.5.32-160000.3.1.aarch64.rpm ibus-1.5.32-160000.3.1.ppc64le.rpm ibus-devel-1.5.32-160000.3.1.ppc64le.rpm ibus-gtk-1.5.32-160000.3.1.ppc64le.rpm ibus-gtk3-1.5.32-160000.3.1.ppc64le.rpm libibus-1_0-5-1.5.32-160000.3.1.ppc64le.rpm typelib-1_0-IBus-1_0-1.5.32-160000.3.1.ppc64le.rpm ibus-gtk4-1.5.32-160000.3.1.ppc64le.rpm ibus-1.5.32-160000.3.1.s390x.rpm ibus-devel-1.5.32-160000.3.1.s390x.rpm ibus-gtk-1.5.32-160000.3.1.s390x.rpm ibus-gtk3-1.5.32-160000.3.1.s390x.rpm libibus-1_0-5-1.5.32-160000.3.1.s390x.rpm typelib-1_0-IBus-1_0-1.5.32-160000.3.1.s390x.rpm ibus-gtk4-1.5.32-160000.3.1.s390x.rpm ibus-1.5.32-160000.3.1.x86_64.rpm ibus-devel-1.5.32-160000.3.1.x86_64.rpm ibus-gtk-1.5.32-160000.3.1.x86_64.rpm ibus-gtk3-1.5.32-160000.3.1.x86_64.rpm libibus-1_0-5-1.5.32-160000.3.1.x86_64.rpm typelib-1_0-IBus-1_0-1.5.32-160000.3.1.x86_64.rpm ibus-gtk4-1.5.32-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-9 Optional update for mcphost moderate SUSE SLFO 1.2 This update for mcphost fixes the following issues: This adds mcphost in release 0.31.1. mcphost-0.31.1-160000.4.1.aarch64.rpm mcphost-0.31.1-160000.4.1.ppc64le.rpm mcphost-0.31.1-160000.4.1.s390x.rpm mcphost-0.31.1-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-90 Security update for strongswan important SUSE SLFO 1.2 This update for strongswan fixes the following issues: - CVE-2025-62291: Fixed buffer overflow when handling EAP-MSCHAPv2 failure requests (bsc#1251941). strongswan-6.0.1-160000.3.1.aarch64.rpm strongswan-doc-6.0.1-160000.3.1.noarch.rpm strongswan-fips-6.0.1-160000.3.1.aarch64.rpm strongswan-ipsec-6.0.1-160000.3.1.aarch64.rpm strongswan-mysql-6.0.1-160000.3.1.aarch64.rpm strongswan-nm-6.0.1-160000.3.1.aarch64.rpm strongswan-sqlite-6.0.1-160000.3.1.aarch64.rpm strongswan-6.0.1-160000.3.1.ppc64le.rpm strongswan-fips-6.0.1-160000.3.1.ppc64le.rpm strongswan-ipsec-6.0.1-160000.3.1.ppc64le.rpm strongswan-mysql-6.0.1-160000.3.1.ppc64le.rpm strongswan-nm-6.0.1-160000.3.1.ppc64le.rpm strongswan-sqlite-6.0.1-160000.3.1.ppc64le.rpm strongswan-6.0.1-160000.3.1.s390x.rpm strongswan-fips-6.0.1-160000.3.1.s390x.rpm strongswan-ipsec-6.0.1-160000.3.1.s390x.rpm strongswan-mysql-6.0.1-160000.3.1.s390x.rpm strongswan-nm-6.0.1-160000.3.1.s390x.rpm strongswan-sqlite-6.0.1-160000.3.1.s390x.rpm strongswan-6.0.1-160000.3.1.x86_64.rpm strongswan-fips-6.0.1-160000.3.1.x86_64.rpm strongswan-ipsec-6.0.1-160000.3.1.x86_64.rpm strongswan-mysql-6.0.1-160000.3.1.x86_64.rpm strongswan-nm-6.0.1-160000.3.1.x86_64.rpm strongswan-sqlite-6.0.1-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-91 Security update for python-cbor2 important SUSE SLFO 1.2 This update for python-cbor2 fixes the following issues: - CVE-2025-64076: Fixed bug in decode_definite_long_string() that causes incorrect chunk length calculation (bsc#1253746). Already fixed in release 5.6.3: - CVE-2024-26134: Fixed potential crash when hashing a CBORTag (bsc#1220096). python313-cbor2-5.6.5-160000.3.1.aarch64.rpm python313-cbor2-5.6.5-160000.3.1.ppc64le.rpm python313-cbor2-5.6.5-160000.3.1.s390x.rpm python313-cbor2-5.6.5-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-92 Recommended update for afterburn important SUSE SLFO 1.2 This update for afterburn fixes the following issues: - Update to version 5.9.0.git21.a73f509: * docs/release-notes: update for release 5.10.0 * cargo: update dependencies * microsoft/azure: Add XML attribute alias for serde-xml-rs Fedora compat * docs/release-notes: Add entry for Azure SharedConfig XML parsing fix * microsoft/azure: Fix SharedConfig parsing of XML attributes * microsoft/azure: Mock goalstate.SharedConfig output in tests * providers/azure: switch SSH key retrieval from certs endpoint to IMDS as azure stopped providing keys in the old one (bsc#1250471) * build(deps): bump the build group with 8 updates * build(deps): bump slab from 0.4.10 to 0.4.11 * build(deps): bump actions/checkout from 4 to 5 * upcloud: implement UpCloud provider * build(deps): bump the build group with 4 updates - Update to version 5.9.0: * cargo: Afterburn release 5.9.0 * docs/release-notes: update for release 5.9.0 * cargo: update dependencies * Add TMT test structure and basic smoke test * build(deps): bump openssl from 0.10.72 to 0.10.73 * build(deps): bump reqwest from 0.12.15 to 0.12.18 * docs/release-notes: Update changelog entry * dracut: Return 255 in module-setup * oraclecloud: add release note and move base URL to constant * oraclecloud: implement oraclecloud provider * build(deps): bump nix from 0.29.0 to 0.30.1 * build(deps): bump zbus from 5.7.0 to 5.7.1 * build(deps): bump serde-xml-rs from 0.6.0 to 0.8.1 * build(deps): bump ipnetwork from 0.20.0 to 0.21.1 * build(deps): bump clap from 4.5.38 to 4.5.39 afterburn-5.9.0.git21.a73f509-160000.1.1.aarch64.rpm afterburn-dracut-5.9.0.git21.a73f509-160000.1.1.noarch.rpm afterburn-5.9.0.git21.a73f509-160000.1.1.ppc64le.rpm afterburn-5.9.0.git21.a73f509-160000.1.1.s390x.rpm afterburn-5.9.0.git21.a73f509-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-93 Security update for mozjs128 important SUSE SLFO 1.2 This update for mozjs128 fixes the following issues: - Update to version 128.14.0 (bsc#1248162): + CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component + CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component + CVE-2025-9181: Uninitialized memory in the JavaScript Engine component + CVE-2025-9185: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 - Update to version 128.13.0: + CVE-2025-8027: JavaScript engine only wrote partial return value to stack + CVE-2025-8028: Large branch table could lead to truncated instruction + CVE-2025-8029: javascript: URLs executed on object and embed tags + CVE-2025-8030: Potential user-assisted code execution in “Copy as cURL” command + CVE-2025-8031: Incorrect URL stripping in CSP reports + CVE-2025-8032: XSLT documents could bypass CSP + CVE-2025-8033: Incorrect JavaScript state machine for generators + CVE-2025-8034: Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 + CVE-2025-8035: Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 - Update to version 128.12.0: + CVE-2025-6424: Use-after-free in FontFaceSet + CVE-2025-6425: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID + CVE-2025-6426: No warning when opening executable terminal files on macOS + CVE-2025-6429: Incorrect parsing of URLs could have allowed embedding of youtube.com + CVE-2025-6430: Content-Disposition header ignored when a file is included in an embed or object tag - Update to version 128.11.0: + CVE-2025-5283: Double-free in libvpx encoder + CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content + CVE-2025-5264: Potential local code execution in “Copy as cURL” command + CVE-2025-5265: Potential local code execution in “Copy as cURL” command + CVE-2025-5266: Script element events leaked cross-origin resource status + CVE-2025-5267: Clickjacking vulnerability could have led to leaking saved payment card details + CVE-2025-5268: Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11 + CVE-2025-5269: Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird 128.11 libmozjs-128-0-128.14.0-160000.1.1.aarch64.rpm mozjs128-128.14.0-160000.1.1.aarch64.rpm mozjs128-devel-128.14.0-160000.1.1.aarch64.rpm libmozjs-128-0-128.14.0-160000.1.1.ppc64le.rpm mozjs128-128.14.0-160000.1.1.ppc64le.rpm mozjs128-devel-128.14.0-160000.1.1.ppc64le.rpm libmozjs-128-0-128.14.0-160000.1.1.s390x.rpm mozjs128-128.14.0-160000.1.1.s390x.rpm mozjs128-devel-128.14.0-160000.1.1.s390x.rpm libmozjs-128-0-128.14.0-160000.1.1.x86_64.rpm mozjs128-128.14.0-160000.1.1.x86_64.rpm mozjs128-devel-128.14.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-94 Recommended update for samba moderate SUSE SLFO 1.2 This update for samba fixes the following issues: - Update [printers] location to /var/samba/spool (bsc#1249179). - Update to version 4.22.6: * macOS Finder client DFS broken on 4.22.0; * Samba 4.22 breaks Time Machine; * Spotlight search restriction for shares incomplete and default search searches in too many attributes; * rpcd_mdssvc may crash because name mangling is not initialized; * Only increment lease epoch if a lease was granted; * samba-4.21 fails to join AD when multiple DCs are returned; * 'net ads group' failed to list domain groups; * vfs_ceph_new should not use ceph_ll_nonblocking_readv_writev for fsync_send; * CTDB_SOCKET can be used even when CTDB_TEST_MODE is not set; ctdb-4.22.6+git.435.014e5eceb5d-160000.1.1.aarch64.rpm ctdb-pcp-pmda-4.22.6+git.435.014e5eceb5d-160000.1.1.aarch64.rpm ldb-tools-4.22.6+git.435.014e5eceb5d-160000.1.1.aarch64.rpm libldb-devel-4.22.6+git.435.014e5eceb5d-160000.1.1.aarch64.rpm libldb2-4.22.6+git.435.014e5eceb5d-160000.1.1.aarch64.rpm python3-ldb-4.22.6+git.435.014e5eceb5d-160000.1.1.aarch64.rpm samba-4.22.6+git.435.014e5eceb5d-160000.1.1.aarch64.rpm samba-ad-dc-4.22.6+git.435.014e5eceb5d-160000.1.1.aarch64.rpm samba-ad-dc-libs-4.22.6+git.435.014e5eceb5d-160000.1.1.aarch64.rpm samba-ceph-4.22.6+git.435.014e5eceb5d-160000.1.1.aarch64.rpm samba-client-4.22.6+git.435.014e5eceb5d-160000.1.1.aarch64.rpm samba-client-libs-4.22.6+git.435.014e5eceb5d-160000.1.1.aarch64.rpm samba-dcerpc-4.22.6+git.435.014e5eceb5d-160000.1.1.aarch64.rpm samba-devel-4.22.6+git.435.014e5eceb5d-160000.1.1.aarch64.rpm samba-doc-4.22.6+git.435.014e5eceb5d-160000.1.1.noarch.rpm samba-dsdb-modules-4.22.6+git.435.014e5eceb5d-160000.1.1.aarch64.rpm samba-gpupdate-4.22.6+git.435.014e5eceb5d-160000.1.1.aarch64.rpm samba-ldb-ldap-4.22.6+git.435.014e5eceb5d-160000.1.1.aarch64.rpm samba-libs-4.22.6+git.435.014e5eceb5d-160000.1.1.aarch64.rpm samba-libs-python3-4.22.6+git.435.014e5eceb5d-160000.1.1.aarch64.rpm samba-python3-4.22.6+git.435.014e5eceb5d-160000.1.1.aarch64.rpm samba-test-4.22.6+git.435.014e5eceb5d-160000.1.1.aarch64.rpm samba-tool-4.22.6+git.435.014e5eceb5d-160000.1.1.aarch64.rpm samba-winbind-4.22.6+git.435.014e5eceb5d-160000.1.1.aarch64.rpm samba-winbind-libs-4.22.6+git.435.014e5eceb5d-160000.1.1.aarch64.rpm ctdb-4.22.6+git.435.014e5eceb5d-160000.1.1.ppc64le.rpm ctdb-pcp-pmda-4.22.6+git.435.014e5eceb5d-160000.1.1.ppc64le.rpm ldb-tools-4.22.6+git.435.014e5eceb5d-160000.1.1.ppc64le.rpm libldb-devel-4.22.6+git.435.014e5eceb5d-160000.1.1.ppc64le.rpm libldb2-4.22.6+git.435.014e5eceb5d-160000.1.1.ppc64le.rpm python3-ldb-4.22.6+git.435.014e5eceb5d-160000.1.1.ppc64le.rpm samba-4.22.6+git.435.014e5eceb5d-160000.1.1.ppc64le.rpm samba-ad-dc-4.22.6+git.435.014e5eceb5d-160000.1.1.ppc64le.rpm samba-ad-dc-libs-4.22.6+git.435.014e5eceb5d-160000.1.1.ppc64le.rpm samba-client-4.22.6+git.435.014e5eceb5d-160000.1.1.ppc64le.rpm samba-client-libs-4.22.6+git.435.014e5eceb5d-160000.1.1.ppc64le.rpm samba-dcerpc-4.22.6+git.435.014e5eceb5d-160000.1.1.ppc64le.rpm samba-devel-4.22.6+git.435.014e5eceb5d-160000.1.1.ppc64le.rpm samba-dsdb-modules-4.22.6+git.435.014e5eceb5d-160000.1.1.ppc64le.rpm samba-gpupdate-4.22.6+git.435.014e5eceb5d-160000.1.1.ppc64le.rpm samba-ldb-ldap-4.22.6+git.435.014e5eceb5d-160000.1.1.ppc64le.rpm samba-libs-4.22.6+git.435.014e5eceb5d-160000.1.1.ppc64le.rpm samba-libs-python3-4.22.6+git.435.014e5eceb5d-160000.1.1.ppc64le.rpm samba-python3-4.22.6+git.435.014e5eceb5d-160000.1.1.ppc64le.rpm samba-test-4.22.6+git.435.014e5eceb5d-160000.1.1.ppc64le.rpm samba-tool-4.22.6+git.435.014e5eceb5d-160000.1.1.ppc64le.rpm samba-winbind-4.22.6+git.435.014e5eceb5d-160000.1.1.ppc64le.rpm samba-winbind-libs-4.22.6+git.435.014e5eceb5d-160000.1.1.ppc64le.rpm ctdb-4.22.6+git.435.014e5eceb5d-160000.1.1.s390x.rpm ctdb-pcp-pmda-4.22.6+git.435.014e5eceb5d-160000.1.1.s390x.rpm ldb-tools-4.22.6+git.435.014e5eceb5d-160000.1.1.s390x.rpm libldb-devel-4.22.6+git.435.014e5eceb5d-160000.1.1.s390x.rpm libldb2-4.22.6+git.435.014e5eceb5d-160000.1.1.s390x.rpm python3-ldb-4.22.6+git.435.014e5eceb5d-160000.1.1.s390x.rpm samba-4.22.6+git.435.014e5eceb5d-160000.1.1.s390x.rpm samba-ad-dc-4.22.6+git.435.014e5eceb5d-160000.1.1.s390x.rpm samba-ad-dc-libs-4.22.6+git.435.014e5eceb5d-160000.1.1.s390x.rpm samba-client-4.22.6+git.435.014e5eceb5d-160000.1.1.s390x.rpm samba-client-libs-4.22.6+git.435.014e5eceb5d-160000.1.1.s390x.rpm samba-dcerpc-4.22.6+git.435.014e5eceb5d-160000.1.1.s390x.rpm samba-devel-4.22.6+git.435.014e5eceb5d-160000.1.1.s390x.rpm samba-dsdb-modules-4.22.6+git.435.014e5eceb5d-160000.1.1.s390x.rpm samba-gpupdate-4.22.6+git.435.014e5eceb5d-160000.1.1.s390x.rpm samba-ldb-ldap-4.22.6+git.435.014e5eceb5d-160000.1.1.s390x.rpm samba-libs-4.22.6+git.435.014e5eceb5d-160000.1.1.s390x.rpm samba-libs-python3-4.22.6+git.435.014e5eceb5d-160000.1.1.s390x.rpm samba-python3-4.22.6+git.435.014e5eceb5d-160000.1.1.s390x.rpm samba-test-4.22.6+git.435.014e5eceb5d-160000.1.1.s390x.rpm samba-tool-4.22.6+git.435.014e5eceb5d-160000.1.1.s390x.rpm samba-winbind-4.22.6+git.435.014e5eceb5d-160000.1.1.s390x.rpm samba-winbind-libs-4.22.6+git.435.014e5eceb5d-160000.1.1.s390x.rpm ctdb-4.22.6+git.435.014e5eceb5d-160000.1.1.x86_64.rpm ctdb-pcp-pmda-4.22.6+git.435.014e5eceb5d-160000.1.1.x86_64.rpm ldb-tools-4.22.6+git.435.014e5eceb5d-160000.1.1.x86_64.rpm libldb-devel-4.22.6+git.435.014e5eceb5d-160000.1.1.x86_64.rpm libldb2-4.22.6+git.435.014e5eceb5d-160000.1.1.x86_64.rpm python3-ldb-4.22.6+git.435.014e5eceb5d-160000.1.1.x86_64.rpm samba-4.22.6+git.435.014e5eceb5d-160000.1.1.x86_64.rpm samba-ad-dc-4.22.6+git.435.014e5eceb5d-160000.1.1.x86_64.rpm samba-ad-dc-libs-4.22.6+git.435.014e5eceb5d-160000.1.1.x86_64.rpm samba-ceph-4.22.6+git.435.014e5eceb5d-160000.1.1.x86_64.rpm samba-client-4.22.6+git.435.014e5eceb5d-160000.1.1.x86_64.rpm samba-client-libs-4.22.6+git.435.014e5eceb5d-160000.1.1.x86_64.rpm samba-dcerpc-4.22.6+git.435.014e5eceb5d-160000.1.1.x86_64.rpm samba-devel-4.22.6+git.435.014e5eceb5d-160000.1.1.x86_64.rpm samba-dsdb-modules-4.22.6+git.435.014e5eceb5d-160000.1.1.x86_64.rpm samba-gpupdate-4.22.6+git.435.014e5eceb5d-160000.1.1.x86_64.rpm samba-ldb-ldap-4.22.6+git.435.014e5eceb5d-160000.1.1.x86_64.rpm samba-libs-4.22.6+git.435.014e5eceb5d-160000.1.1.x86_64.rpm samba-libs-python3-4.22.6+git.435.014e5eceb5d-160000.1.1.x86_64.rpm samba-python3-4.22.6+git.435.014e5eceb5d-160000.1.1.x86_64.rpm samba-test-4.22.6+git.435.014e5eceb5d-160000.1.1.x86_64.rpm samba-tool-4.22.6+git.435.014e5eceb5d-160000.1.1.x86_64.rpm samba-winbind-4.22.6+git.435.014e5eceb5d-160000.1.1.x86_64.rpm samba-winbind-libs-4.22.6+git.435.014e5eceb5d-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-95 Recommended update for libpulp important SUSE SLFO 1.2 This update for libpulp fixes the following issues: - Fix dlopen and dlmopen search paths (bsc#1250436). - Fix ld.so.conf being modified in SLE-16. - Fix `ldconfig` constructing ld.so.cache in the new snapshot (bsc#1249417). - Improve `ulp <command> --help` (bsc#1243787). - Add support to glibc 2.42. libpulp-tools-0.3.17-160000.1.1.ppc64le.rpm libpulp0-0.3.17-160000.1.1.ppc64le.rpm libpulp-tools-0.3.17-160000.1.1.x86_64.rpm libpulp0-0.3.17-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-96 Security update for openexr important SUSE SLFO 1.2 This update for openexr fixes the following issues: Changes in openexr: - CVE-2025-12495: Fixed a file parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability [bsc#1253714] - CVE-2025-12839: Fixed a file parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability [bsc#1253715] - CVE-2025-12840: Fixed a file parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability [bsc#1253713] libIex-3_2-31-3.2.2-160000.4.1.aarch64.rpm libIlmThread-3_2-31-3.2.2-160000.4.1.aarch64.rpm libOpenEXR-3_2-31-3.2.2-160000.4.1.aarch64.rpm libOpenEXRCore-3_2-31-3.2.2-160000.4.1.aarch64.rpm libOpenEXRUtil-3_2-31-3.2.2-160000.4.1.aarch64.rpm openexr-3.2.2-160000.4.1.aarch64.rpm openexr-devel-3.2.2-160000.4.1.aarch64.rpm openexr-doc-3.2.2-160000.4.1.noarch.rpm libIex-3_2-31-3.2.2-160000.4.1.ppc64le.rpm libIlmThread-3_2-31-3.2.2-160000.4.1.ppc64le.rpm libOpenEXR-3_2-31-3.2.2-160000.4.1.ppc64le.rpm libOpenEXRCore-3_2-31-3.2.2-160000.4.1.ppc64le.rpm libOpenEXRUtil-3_2-31-3.2.2-160000.4.1.ppc64le.rpm openexr-3.2.2-160000.4.1.ppc64le.rpm openexr-devel-3.2.2-160000.4.1.ppc64le.rpm libIex-3_2-31-3.2.2-160000.4.1.s390x.rpm libIlmThread-3_2-31-3.2.2-160000.4.1.s390x.rpm libOpenEXR-3_2-31-3.2.2-160000.4.1.s390x.rpm libOpenEXRCore-3_2-31-3.2.2-160000.4.1.s390x.rpm libOpenEXRUtil-3_2-31-3.2.2-160000.4.1.s390x.rpm openexr-3.2.2-160000.4.1.s390x.rpm openexr-devel-3.2.2-160000.4.1.s390x.rpm libIex-3_2-31-3.2.2-160000.4.1.x86_64.rpm libIex-3_2-31-x86-64-v3-3.2.2-160000.4.1.x86_64.rpm libIlmThread-3_2-31-3.2.2-160000.4.1.x86_64.rpm libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.4.1.x86_64.rpm libOpenEXR-3_2-31-3.2.2-160000.4.1.x86_64.rpm libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.4.1.x86_64.rpm libOpenEXRCore-3_2-31-3.2.2-160000.4.1.x86_64.rpm libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.4.1.x86_64.rpm libOpenEXRUtil-3_2-31-3.2.2-160000.4.1.x86_64.rpm libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.4.1.x86_64.rpm openexr-3.2.2-160000.4.1.x86_64.rpm openexr-devel-3.2.2-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-97 Recommended update for libX11 important SUSE SLFO 1.2 This update for libX11 fixes the following issues: - Fix: Barcode scanner input gets jumbled when ibus is running and an application written in certain frameworks has focus (bsc#1252250) libX11-6-1.8.10-160000.3.1.aarch64.rpm libX11-data-1.8.10-160000.3.1.noarch.rpm libX11-devel-1.8.10-160000.3.1.aarch64.rpm libX11-devel-doc-1.8.10-160000.3.1.noarch.rpm libX11-xcb1-1.8.10-160000.3.1.aarch64.rpm libX11-6-1.8.10-160000.3.1.ppc64le.rpm libX11-devel-1.8.10-160000.3.1.ppc64le.rpm libX11-xcb1-1.8.10-160000.3.1.ppc64le.rpm libX11-6-1.8.10-160000.3.1.s390x.rpm libX11-devel-1.8.10-160000.3.1.s390x.rpm libX11-xcb1-1.8.10-160000.3.1.s390x.rpm libX11-6-1.8.10-160000.3.1.x86_64.rpm libX11-devel-1.8.10-160000.3.1.x86_64.rpm libX11-xcb1-1.8.10-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-98 Security update for binutils important SUSE SLFO 1.2 This update for binutils fixes the following issues: Changes in binutils: - Update to current 2.45 branch at 94cb1c075 to include fix for PR33584 (a problem related to LTO vs fortran COMMON blocks). - Do not enable '-z gcs=implicit' on aarch64 for old codestreams. Update to version 2.45: * New versioned release of libsframe.so.2 * s390: tools now support SFrame format 2; recognize "z17" as CPU name [bsc#1247105, jsc#IBM-1485] * sframe sections are now of ELF section type SHT_GNU_SFRAME. * sframe secions generated by the assembler have SFRAME_F_FDE_FUNC_START_PCREL set. * riscv: Support more extensions: standard: Zicfiss v1.0, Zicfilp v1.0, Zcmp v1.0, Zcmt v1.0, Smrnmi v1.0, S[sm]dbltrp v1.0, S[sm]ctr v1.0, ssqosid v1.0, ssnpm v1.0, smnpm v1.0, smmpm v1.0, sspm v1.0, supm v1.0, sha v1.0, zce v1.0, smcdeleg v1.0, ssccfg v1.0, svvptc v1.0, zilsd v1.0, zclsd v1.0, smrnmi v1.0; vendor: CORE-V, xcvbitmanip v1.0 and xcvsimd v1.0; SiFive, xsfvqmaccdod v1.0, xsfvqmaccqoqv1.0 and xsfvfnrclipxfqf v1.0; T-Head: xtheadvdot v1.0; MIPS: xmipscbop v1.0, xmipscmov v1.0, xmipsexectl v1.0, xmipslsp v1.0. * Support RISC-V privileged version 1.13, profiles 20/22/23, and .bfloat16 directive. * x86: Add support for these ISAs: Intel Diamond Rapids AMX, MOVRS, AVX10.2 (including SM4), MSR_IMM; Zhaoxin PadLock PHE2, RNG2, GMI, XMODX. Drop support for AVX10.2 256 bit rounding. * arm: Add support for most of Armv9.6, enabled by -march=armv9.6-a and extensions '+cmpbr', '+f8f16mm', '+f8f32mm', '+fprcvt', '+lsfe', '+lsui', '+occmo', '+pops', '+sme2p2', '+ssve-aes', '+sve-aes', '+sve-aes2', '+sve-bfscale', '+sve-f16f32mm' and '+sve2p2'. * Predefined symbols "GAS(version)" and, on non-release builds, "GAS(date)" are now being made available. * Add .errif and .warnif directives. * linker: - Add --image-base=<ADDR> option to the ELF linker to behave the same as -Ttext-segment for compatibility with LLD. - Add support for mixed LTO and non-LTO codes in relocatable output. - s390: linker generates .eh_frame and/or .sframe for linker generated .plt sections by default (can be disabled by --no-ld-generated-unwind-info). - riscv: add new PLT formats, and GNU property merge rules for zicfiss and zicfilp extensions. - gold is no longer included - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1236632 aka CVE-2025-0840 aka PR32560 * bsc#1236977 aka CVE-2025-1149 aka PR32576 * bsc#1236978 aka CVE-2025-1148 aka PR32576 * bsc#1236999 aka CVE-2025-1176 aka PR32636 * bsc#1237000 aka CVE-2025-1153 aka PR32603 * bsc#1237001 aka CVE-2025-1152 aka PR32576 * bsc#1237003 aka CVE-2025-1151 aka PR32576 * bsc#1237005 aka CVE-2025-1150 aka PR32576 * bsc#1237018 aka CVE-2025-1178 aka PR32638 * bsc#1237019 aka CVE-2025-1181 aka PR32643 * bsc#1237020 aka CVE-2025-1180 aka PR32642 * bsc#1237021 aka CVE-2025-1179 aka PR32640 * bsc#1237042 aka CVE-2025-1182 aka PR32644 * bsc#1240870 aka CVE-2025-3198 aka PR32716 * bsc#1243756 aka CVE-2025-5244 aka PR32858 * bsc#1243760 aka CVE-2025-5245 aka PR32829 * bsc#1246481 aka CVE-2025-7545 aka PR33049 * bsc#1246486 aka CVE-2025-7546 aka PR33050 * bsc#1247114 aka CVE-2025-8224 aka PR32109 * bsc#1247117 aka CVE-2025-8225 no PR * bsc#1236976 aka CVE-2025-1147 aka PR32556 * bsc#1250632 aka CVE-2025-11083 aka PR33457 * bsc#1251275 aka CVE-2025-11412 aka PR33452 * bsc#1251276 aka CVE-2025-11413 aka PR33456 * bsc#1251277 aka CVE-2025-11414 aka PR33450 * bsc#1251794 aka CVE-2025-11494 aka PR33499 * bsc#1251795 aka CVE-2025-11495 aka PR33502 binutils-2.43-branch.diff.gz binutils-2.45-160000.1.1.aarch64.rpm binutils-devel-2.45-160000.1.1.aarch64.rpm gprofng-2.45-160000.1.1.aarch64.rpm libctf-nobfd0-2.45-160000.1.1.aarch64.rpm libctf0-2.45-160000.1.1.aarch64.rpm cross-hppa-binutils-2.45-160000.1.1.aarch64.rpm cross-hppa64-binutils-2.45-160000.1.1.aarch64.rpm cross-arm-binutils-2.45-160000.1.1.aarch64.rpm cross-i386-binutils-2.45-160000.1.1.aarch64.rpm cross-x86_64-binutils-2.45-160000.1.1.aarch64.rpm cross-s390-binutils-2.45-160000.1.1.aarch64.rpm cross-s390x-binutils-2.45-160000.1.1.aarch64.rpm cross-ppc-binutils-2.45-160000.1.1.aarch64.rpm cross-ppc64-binutils-2.45-160000.1.1.aarch64.rpm cross-ppc64le-binutils-2.45-160000.1.1.aarch64.rpm cross-ia64-binutils-2.45-160000.1.1.aarch64.rpm cross-sparc-binutils-2.45-160000.1.1.aarch64.rpm cross-sparc64-binutils-2.45-160000.1.1.aarch64.rpm cross-spu-binutils-2.45-160000.1.1.aarch64.rpm cross-avr-binutils-2.45-160000.1.1.aarch64.rpm cross-pru-binutils-2.45-160000.1.1.aarch64.rpm cross-loongarch64-binutils-2.45-160000.1.1.aarch64.rpm cross-mips-binutils-2.45-160000.1.1.aarch64.rpm cross-m68k-binutils-2.45-160000.1.1.aarch64.rpm cross-epiphany-binutils-2.45-160000.1.1.aarch64.rpm cross-rx-binutils-2.45-160000.1.1.aarch64.rpm cross-riscv64-binutils-2.45-160000.1.1.aarch64.rpm cross-xtensa-binutils-2.45-160000.1.1.aarch64.rpm cross-bpf-binutils-2.45-160000.1.1.aarch64.rpm bpftool-7.5.0-160000.2.3.aarch64.rpm bpftool-bash-completion-7.5.0-160000.2.3.aarch64.rpm binutils-2.45-160000.1.1.ppc64le.rpm binutils-devel-2.45-160000.1.1.ppc64le.rpm libctf-nobfd0-2.45-160000.1.1.ppc64le.rpm libctf0-2.45-160000.1.1.ppc64le.rpm cross-aarch64-binutils-2.45-160000.1.1.ppc64le.rpm cross-hppa-binutils-2.45-160000.1.1.ppc64le.rpm cross-hppa64-binutils-2.45-160000.1.1.ppc64le.rpm cross-arm-binutils-2.45-160000.1.1.ppc64le.rpm cross-i386-binutils-2.45-160000.1.1.ppc64le.rpm cross-x86_64-binutils-2.45-160000.1.1.ppc64le.rpm cross-s390-binutils-2.45-160000.1.1.ppc64le.rpm cross-s390x-binutils-2.45-160000.1.1.ppc64le.rpm cross-ppc-binutils-2.45-160000.1.1.ppc64le.rpm cross-ppc64-binutils-2.45-160000.1.1.ppc64le.rpm cross-ia64-binutils-2.45-160000.1.1.ppc64le.rpm cross-sparc-binutils-2.45-160000.1.1.ppc64le.rpm cross-sparc64-binutils-2.45-160000.1.1.ppc64le.rpm cross-spu-binutils-2.45-160000.1.1.ppc64le.rpm cross-avr-binutils-2.45-160000.1.1.ppc64le.rpm cross-pru-binutils-2.45-160000.1.1.ppc64le.rpm cross-loongarch64-binutils-2.45-160000.1.1.ppc64le.rpm cross-mips-binutils-2.45-160000.1.1.ppc64le.rpm cross-m68k-binutils-2.45-160000.1.1.ppc64le.rpm cross-epiphany-binutils-2.45-160000.1.1.ppc64le.rpm cross-rx-binutils-2.45-160000.1.1.ppc64le.rpm cross-riscv64-binutils-2.45-160000.1.1.ppc64le.rpm cross-xtensa-binutils-2.45-160000.1.1.ppc64le.rpm cross-bpf-binutils-2.45-160000.1.1.ppc64le.rpm bpftool-7.5.0-160000.2.3.ppc64le.rpm bpftool-bash-completion-7.5.0-160000.2.3.ppc64le.rpm binutils-2.45-160000.1.1.s390x.rpm binutils-devel-2.45-160000.1.1.s390x.rpm libctf-nobfd0-2.45-160000.1.1.s390x.rpm libctf0-2.45-160000.1.1.s390x.rpm cross-aarch64-binutils-2.45-160000.1.1.s390x.rpm cross-hppa-binutils-2.45-160000.1.1.s390x.rpm cross-hppa64-binutils-2.45-160000.1.1.s390x.rpm cross-arm-binutils-2.45-160000.1.1.s390x.rpm cross-i386-binutils-2.45-160000.1.1.s390x.rpm cross-x86_64-binutils-2.45-160000.1.1.s390x.rpm cross-s390-binutils-2.45-160000.1.1.s390x.rpm cross-ppc-binutils-2.45-160000.1.1.s390x.rpm cross-ppc64-binutils-2.45-160000.1.1.s390x.rpm cross-ppc64le-binutils-2.45-160000.1.1.s390x.rpm cross-ia64-binutils-2.45-160000.1.1.s390x.rpm cross-sparc-binutils-2.45-160000.1.1.s390x.rpm cross-sparc64-binutils-2.45-160000.1.1.s390x.rpm cross-spu-binutils-2.45-160000.1.1.s390x.rpm cross-avr-binutils-2.45-160000.1.1.s390x.rpm cross-pru-binutils-2.45-160000.1.1.s390x.rpm cross-loongarch64-binutils-2.45-160000.1.1.s390x.rpm cross-mips-binutils-2.45-160000.1.1.s390x.rpm cross-m68k-binutils-2.45-160000.1.1.s390x.rpm cross-epiphany-binutils-2.45-160000.1.1.s390x.rpm cross-rx-binutils-2.45-160000.1.1.s390x.rpm cross-riscv64-binutils-2.45-160000.1.1.s390x.rpm cross-xtensa-binutils-2.45-160000.1.1.s390x.rpm cross-bpf-binutils-2.45-160000.1.1.s390x.rpm bpftool-7.5.0-160000.2.3.s390x.rpm bpftool-bash-completion-7.5.0-160000.2.3.s390x.rpm binutils-2.45-160000.1.1.x86_64.rpm binutils-devel-2.45-160000.1.1.x86_64.rpm gprofng-2.45-160000.1.1.x86_64.rpm libctf-nobfd0-2.45-160000.1.1.x86_64.rpm libctf0-2.45-160000.1.1.x86_64.rpm cross-aarch64-binutils-2.45-160000.1.1.x86_64.rpm cross-hppa-binutils-2.45-160000.1.1.x86_64.rpm cross-hppa64-binutils-2.45-160000.1.1.x86_64.rpm cross-arm-binutils-2.45-160000.1.1.x86_64.rpm cross-i386-binutils-2.45-160000.1.1.x86_64.rpm cross-s390-binutils-2.45-160000.1.1.x86_64.rpm cross-s390x-binutils-2.45-160000.1.1.x86_64.rpm cross-ppc-binutils-2.45-160000.1.1.x86_64.rpm cross-ppc64-binutils-2.45-160000.1.1.x86_64.rpm cross-ppc64le-binutils-2.45-160000.1.1.x86_64.rpm cross-ia64-binutils-2.45-160000.1.1.x86_64.rpm cross-sparc-binutils-2.45-160000.1.1.x86_64.rpm cross-sparc64-binutils-2.45-160000.1.1.x86_64.rpm cross-spu-binutils-2.45-160000.1.1.x86_64.rpm cross-avr-binutils-2.45-160000.1.1.x86_64.rpm cross-pru-binutils-2.45-160000.1.1.x86_64.rpm cross-loongarch64-binutils-2.45-160000.1.1.x86_64.rpm cross-mips-binutils-2.45-160000.1.1.x86_64.rpm cross-m68k-binutils-2.45-160000.1.1.x86_64.rpm cross-epiphany-binutils-2.45-160000.1.1.x86_64.rpm cross-rx-binutils-2.45-160000.1.1.x86_64.rpm cross-riscv64-binutils-2.45-160000.1.1.x86_64.rpm cross-xtensa-binutils-2.45-160000.1.1.x86_64.rpm cross-bpf-binutils-2.45-160000.1.1.x86_64.rpm bpftool-7.5.0-160000.2.3.x86_64.rpm bpftool-bash-completion-7.5.0-160000.2.3.x86_64.rpm openSUSE-Leap-16.0-99 Recommended update for re2c important SUSE SLFO 1.2 This update for re2c fixes the following issues: - Fix the %licence tag for re2c (bsc#1252224) re2c-4.1-160000.3.1.aarch64.rpm re2c-4.1-160000.3.1.ppc64le.rpm re2c-4.1-160000.3.1.s390x.rpm re2c-4.1-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-leap-10 Recommended update for virtualbox moderate openSUSE Leap 16.0 This update for virtualbox fixes the following issues: Introduce virtualbox. virtualbox-7.2.6-lp160.1.1.x86_64.rpm virtualbox-devel-7.2.6-lp160.1.1.x86_64.rpm virtualbox-guest-desktop-icons-7.2.6-lp160.1.1.noarch.rpm virtualbox-guest-source-7.2.6-lp160.1.1.noarch.rpm virtualbox-guest-tools-7.2.6-lp160.1.1.x86_64.rpm virtualbox-host-source-7.2.6-lp160.1.1.noarch.rpm virtualbox-qt-7.2.6-lp160.1.1.x86_64.rpm virtualbox-vnc-7.2.6-lp160.1.1.x86_64.rpm virtualbox-websrv-7.2.6-lp160.1.1.x86_64.rpm virtualbox-kmp-default-7.2.6_k6.12.0_160000.28-lp160.1.1.x86_64.rpm openSUSE-Leap-16.0-leap-2 Recommended update for opensuse-migration-tool moderate openSUSE Leap 16.0 This update for opensuse-migration-tool fixes the following issues: Changes in opensuse-migration-tool: - Drop accidentally created submodule * Add opensuse-migration-tool to .gitignore - Update to version 20251029.ed0d12d: * Update opensuse-migration-tool - Update to version 20251017.e28f94c: * fix: remove the check for x86-64-v3 flag xsave from the v2 check - Update to version 20251001.d4b9783: * Be consistently not using abbreviations in zypper * Refactor upgrade for not just Tumbleweed * Update migration matrix * Add support from MicroOS-Slowroll -> MicroOS * Enable MicroOS-Slowroll migration target * fix: remove the check for x86-64-v3 flag `movbe` from the v2 check * Update README to remove duplicate warning * Revise experimental usage warning in README * Update screenshot * Keep only Experimental in the title - Update to version 20250815.344dba5: * Keep only Experimental in the title * Install custom dialogrc with a green theme - Update to version 20250731.8b95d00: * Do not enable migration scripts by default - Update to version 20250731.2b96308: * Add 10_keepapparmor.sh 10_keepselinux.sh 20_ia32.sh migration services * Fancy README.md opensuse-migration-tool-20251029.ed0d12d-lp160.1.1.noarch.rpm openSUSE-Leap-16.0-leap-3 Recommended update for mcomix moderate openSUSE Leap 16.0 This update for mcomix fixes the following issues: Update to 3.1.1: * Fix "context has already been set" error - replace Requires: /usr/bin/chardetect with %{pythons}-chardet * let chardetect use the same python version as mcomix - for Leap 16.0 requires python3 instead of python311 mcomix-3.1.1-lp160.1.1.noarch.rpm openSUSE-Leap-16.0-leap-4 Recommended update for terminology moderate openSUSE Leap 16.0 This update for terminology fixes the following issues: Update to 1.14.0: * New translations: Hungarian, Slovak * Report or Set Selection through escape codes * Handle Alternate Escape (7728) * Handle Application Escape Code * Add configuration whether emojis should be considered as double width. Default is double width. * Colorshemes: add GruvBox Material Dark * Translation updates for Chinese (Simplified), Catalan, Croatian, Dutch, Finnish, French, Indonesian, Japanese, Lithuanian, Polish, Portuguese, Portuguese (Brazil), Russian, Serbian, Spanish, Swedish, Turkish * Unify format of responses to OSC 10, 11 and 12 * Fix translucent background on startup * Fix wheel events emitted even if wheel has not moved * Do not use spaces when returning terminal name * Colorschemes: ensure metadata.name and file name are the same * Fix issue when exiting on *BSD * Do not interpret “CSI = 5 u” as DECRC * Handle empty CSI SRG 38/48 * Do not consider Key Resources as color * Build with Meson 0.59 or later * Cleanup the code base about misuse of calloc() * Testing on OSC 52 terminology-1.14.0-lp160.1.1.x86_64.rpm terminology-lang-1.14.0-lp160.1.1.noarch.rpm terminology-theme-Flat-1.14.0-lp160.1.1.x86_64.rpm terminology-theme-misc-1.14.0-lp160.1.1.x86_64.rpm terminology-theme-upstream-1.14.0-lp160.1.1.x86_64.rpm terminology-1.14.0-lp160.1.1.s390x.rpm terminology-theme-Flat-1.14.0-lp160.1.1.s390x.rpm terminology-theme-misc-1.14.0-lp160.1.1.s390x.rpm terminology-theme-upstream-1.14.0-lp160.1.1.s390x.rpm terminology-1.14.0-lp160.1.1.ppc64le.rpm terminology-theme-Flat-1.14.0-lp160.1.1.ppc64le.rpm terminology-theme-misc-1.14.0-lp160.1.1.ppc64le.rpm terminology-theme-upstream-1.14.0-lp160.1.1.ppc64le.rpm terminology-1.14.0-lp160.1.1.aarch64.rpm terminology-theme-Flat-1.14.0-lp160.1.1.aarch64.rpm terminology-theme-misc-1.14.0-lp160.1.1.aarch64.rpm terminology-theme-upstream-1.14.0-lp160.1.1.aarch64.rpm openSUSE-Leap-16.0-leap-5 Recommended update for glib2-branding moderate openSUSE Leap 16.0 This update for glib2-branding fixes the following issues: Update branding for glib2. gio-branding-openSUSE-42.1-lp160.3.2.noarch.rpm openSUSE-Leap-16.0-leap-6 Recommended update for opensuse-migration-tool moderate openSUSE Leap 16.0 This update for opensuse-migration-tool fixes the following issues: - Add dependency on update-bootloader to fix boo#1255897 - Update to version 20260106.d2cfd39: * Update scripts/20_pulse2pipewire.sh * Update scripts/20_ia32.sh * Update scripts/20_pulse2pipewire.sh * Consistent no-use of sudo in migration scripts * Update scripts/10_keepapparmor.sh * Update scripts/10_keepselinux.sh * Update scripts/10_keepapparmor.sh * Update scripts/10_keepapparmor.sh * Update opensuse-migration-tool * Update scripts/10_keepselinux.sh * Improve DRYRUN option to work well even from scripts * Enable migration to SElinux with proper dryrun * Update 10_keepselinux.sh * Update 10_keepapparmor.sh * Update 10_keepapparmor.sh opensuse-migration-tool-20260106.d2cfd39-lp160.1.1.noarch.rpm openSUSE-Leap-16.0-leap-7 Recommended update for opensuse-migration-tool moderate openSUSE Leap 16.0 This update for opensuse-migration-tool fixes the following issues: Changes in opensuse-migration-tool: - Update to version 20260204.2cf77a3: * Drop requires on update-bootloader as it's not available on 15.6. Install it in post-script on target of migration instead. boo#1255897 * Refine post-scripts * Ensure update bootloader is installed in post scripts * don't install selinux-policy-targeted-gaming by default opensuse-migration-tool-20260204.2cf77a3-lp160.1.1.noarch.rpm openSUSE-Leap-16.0-leap-9 Recommended update for opensuse-migration-tool moderate openSUSE Leap 16.0 This update for opensuse-migration-tool fixes the following issues: Changes in opensuse-migration-tool: - Update to version 20260421.e72b645: * Update ports temp repo url for Tumbleweed - Update to version 20260408.218e5ee: * Add support for Leap Micro to Leap migration * Add quick start guide for git installation * Use .tar.xz for some reason obs service tar fails on 15.6 opensuse-migration-tool-20260421.e72b645-lp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-1 Security update for chromium critical openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: Chromium 141.0.7390.76: * Do not send URLs as AIM input. This is to resolve a privacy concern, around passing urls to AI Mode. Chromium 141.0.7390.65 (boo#1251334): * CVE-2025-11458: Heap buffer overflow in Sync * CVE-2025-11460: Use after free in Storage * CVE-2025-11211: Out of bounds read in WebCodecs Chromium 141.0.7390.54 (stable released 2025-09-30) (boo#1250780) * CVE-2025-11205: Heap buffer overflow in WebGPU * CVE-2025-11206: Heap buffer overflow in Video * CVE-2025-11207: Side-channel information leakage in Storage * CVE-2025-11208: Inappropriate implementation in Media * CVE-2025-11209: Inappropriate implementation in Omnibox * CVE-2025-11210: Side-channel information leakage in Tab * CVE-2025-11211: Out of bounds read in Media * CVE-2025-11212: Inappropriate implementation in Media * CVE-2025-11213: Inappropriate implementation in Omnibox * CVE-2025-11215: Off by one error in V8 * CVE-2025-11216: Inappropriate implementation in Storage * CVE-2025-11219: Use after free in V8 * Various fixes from internal audits, fuzzing and other initiatives Chromium 141.0.7390.37 (beta released 2025-09-24) Chromium 140.0.7339.207 (boo#1250472) * CVE-2025-10890: Side-channel information leakage in V8 * CVE-2025-10891: Integer overflow in V8 * CVE-2025-10892: Integer overflow in V8 chromedriver-141.0.7390.76-bp160.1.1.aarch64.rpm chromium-141.0.7390.76-bp160.1.1.aarch64.rpm chromedriver-141.0.7390.76-bp160.1.1.ppc64le.rpm chromium-141.0.7390.76-bp160.1.1.ppc64le.rpm chromedriver-141.0.7390.76-bp160.1.1.x86_64.rpm chromium-141.0.7390.76-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-10 Security update for MozillaThunderbird important openSUSE Backports SLE-16.0 This update for MozillaThunderbird fixes the following issues: Changes in MozillaThunderbird: Mozilla Thunderbird 140.3.0 ESR: * Right-clicking 'List-ID' -> 'Unsubscribe' created double encoded draft subject * Thunderbird could crash on startup * Thunderbird could crash when importing mail * Opening Website header link in RSS feed incorrectly re-encoded URL parameters MFSA 2025-78 (bsc#1249391) * CVE-2025-10527 Sandbox escape due to use-after-free in the Graphics: Canvas2D component * CVE-2025-10528 Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component * CVE-2025-10529 Same-origin policy bypass in the Layout component * CVE-2025-10532 Incorrect boundary conditions in the JavaScript: GC component * CVE-2025-10533 Integer overflow in the SVG component * CVE-2025-10536 Information disclosure in the Networking: Cache component * CVE-2025-10537 Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 MozillaThunderbird-140.3.0-bp160.1.1.aarch64.rpm MozillaThunderbird-openpgp-librnp-140.3.0-bp160.1.1.aarch64.rpm MozillaThunderbird-translations-common-140.3.0-bp160.1.1.aarch64.rpm MozillaThunderbird-translations-other-140.3.0-bp160.1.1.aarch64.rpm MozillaThunderbird-140.3.0-bp160.1.1.ppc64le.rpm MozillaThunderbird-openpgp-librnp-140.3.0-bp160.1.1.ppc64le.rpm MozillaThunderbird-translations-common-140.3.0-bp160.1.1.ppc64le.rpm MozillaThunderbird-translations-other-140.3.0-bp160.1.1.ppc64le.rpm MozillaThunderbird-140.3.0-bp160.1.1.x86_64.rpm MozillaThunderbird-openpgp-librnp-140.3.0-bp160.1.1.x86_64.rpm MozillaThunderbird-translations-common-140.3.0-bp160.1.1.x86_64.rpm MozillaThunderbird-translations-other-140.3.0-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-100 Recommended update for perl-Perl-Tidy moderate openSUSE Backports SLE-16.0 This update for perl-Perl-Tidy fixes the following issues: Changes in perl-Perl-Tidy: - updated to 20260109.0.0 (20260109) see /usr/share/doc/packages/perl-Perl-Tidy/CHANGES.md ## 2026 01 09 - A new parameter --break-at-old-trailing-loops, or -botl, keeps existing line breaks at these trailing loop control keywords: 'for', 'foreach', 'while', 'until'. This is the default. For example, given the following two input lines: FindExt::scan_ext("../$_") foreach qw(cpan dist ext); The new default keeps two lines. The previous version flattened the statement, since it fits on a single line: FindExt::scan_ext("../$_") foreach qw(cpan dist ext); Use -nbotl to deactivate this new option. - A related new parameter --break-at-old-trailing-conditionals, or -botc keeps existing line breaks at trailing conditional control keywords: 'if', 'unless'. This is the default. The capability was previously handled by parameter --break-at-old-logical-breakpoints, or -bol, which was also true by default, but which also also controls logical breakpoints, such as '&&'. This change simplifies the input. Use -nbotc to deactivate this option. - A new switch --blanks-before-opening-comments, -bboc, has been added for issue git #192. This is on by default and allows perltidy to insert a blank line before full-line comments which start at a new indentation level. Use the negated form to prevent such blank lines, -nbboc or --noblanks-before-opening-comments - A new parameter --dump-keyword-usage, or -dku, can be used to dump a list of the the perl builtin keywords used in a file. A companion flag --dump-keyword-usage-list=s can be used to give a specific list of keywords or user functions to be included in the list. - When the -html option is used with the default --pod2html setting, perltidy will look for a pod-to-html formatter in this order: Pod::Simple::XHTML, Pod::Simple::HTML, and Pod::Html. A preferred formatter can be selected with --use-pod-formatter=s. Previously the only option was Pod::Html, and it can still be selected with --use-pod-formatter="Pod::Html". The reason for this update is that this older formatter has limitations, and requires the creation of a temporary file for data transfer. This update also allows formatting of pod text containing non-ascii characters. - When perltidy is run with the -html option, and pod is rendered to html with Pod::Html, the pod2html option 'backlink' could not be set in in previous versions due to a programming error. This has been fixed. This setting can now be made by giving perltidy the flag '--podbacklink'. - The default for --timeout-in-seconds is reduced from 10 to 5 seconds. A default value of 10 seemed excessive. It can be changed with -tos=n. - The option --delete-weld-interfering-commas, or -dwic, has been made much more accurate. It now makes fewer unnecessary comma deletions. - This version does more extensive checking of all string input parameters and will exit early on an error. The intention is to catch input errors as early as possible. - Fixed issue with --dump-mixed-call-parens. A trailing statement modifier such as the following 'if' was incorrectly being counted as having parens: return $class if ($old_quote - $new_quote) == 0; - updated to 20250912.0.0 (20250912) see /usr/share/doc/packages/perl-Perl-Tidy/CHANGES.md ## 2025 09 12 - Fix git #191, where a new check to escape whitespace in a qw() quote in perl-5.43.2 caused Perl::Tidy to emit unwanted warning messages. - A new output field for the --dump-block-summary command gives the number of lines of comments and pod in a block. For subs and anonymous subs, the existence of header comments is also indicated. - Added --dump-nested-ternaries, --warn-nested-ternaries, and --nested-ternary-maximum-depth=n. These can be used to locate nested ternary statements in a script. - For the --line-up-parentheses option, a line length tolerance was adjusted by 1 character to help keep table formatting unchanged when adding and deleting trailing commas. This can occasionally change formatting of some small lists when formatted with -lp. - In hash key lists which have side comments after sub blocks, long lines which were previously broken before a comma may now be broken after a previous '=>'. This change was made to fix a very rare stability problem. For example: OLD: '+' => sub { $turtle->turn( $changes->{"dtheta"} ); } , # Turn clockwise NEW: '+' => sub { $turtle->turn( $changes->{"dtheta"} ); }, # Turn clockwise - Fixed undefined variable reference when --dump-block-summary was run with --dump-block-types='package'. The dump was okay, but an error message like the following was emitted: Use of uninitialized value $seqno in hash element ... - The parameter --integer-range-check no longer accepts a 0 value, which allowed integer range checks to be skipped. This option was included temporarily when new range-checking code was added to provide a workaround in case problems arose with the new logic. No problems have been encountered, so this has been removed. - updated to 20250711.0.0 (20250711) see /usr/share/doc/packages/perl-Perl-Tidy/CHANGES.md ## 2025 07 11 - Update for issue git #187: add vertical alignment of colons used as attribute separators. These colons have token type 'A', and this vertical alignment will be on by default (since all vertical alignments occur by default). For example: # old default field $tile_size : param; field $bar : reader : writer; # new default with alignment of token type 'A' field $tile_size : param; field $bar : reader : writer; This alignment can be turned off to recover the previous formatting with --valign-exclusion-list='A', or -vxl='A'. - Update for issue git #186: if a closing format skipping comment '#>>>' is encountered before any '#<<<' is seen, then format skipping is assumed to start with the first line of the file. Use --nodetect-format-skipping-from-start or -ndfsfs to prevent this check. - Added option --code-skipping-from-start, or -csfs. This causes code-skipping to begin from the start of a file even though there is no starting marker comment, '#<<V'. - Fixed a bug involving the --format-skipping option. If a line in the skipped code had trailing blanks, then the newline at the end of that line was lost. - Added a check to insure that format skipping begin and end markers strictly alternate along the lines of a file. If these markers do not alternate, a warning occurs and formatting is skipped. This is intended to help catch errors. - For lists which contain here docs and which are formatted with the --line-up-parentheses option, the formatting may in some cases change to more closely follow the -lp style. - updated to 20250616.0.0 (20250616) see /usr/share/doc/packages/perl-Perl-Tidy/CHANGES.md ## 2025 06 16 - Added support for the assigning logical xor ^^= operator - For input parameters which allow a paren type to be selected, the selection 'f' (function call) now includes functions called with a direct arrow before the paren, '->('. This was an oversight which has been corrected. - A new parameter --break-at-old-comma-types=s, or -boct=s, allows the parameter --break-at-old-comma-breakpoints (-boc) to be limited to selected container types. For example, -boc -boct='f(' means break at old commas but only if they are function call lists. - A new parameter --cuddled-paren-brace-weld, or -cpbw, has been added to handle issue git #184. This modifies --cuddled-paren-brace by preventing a paren and following brace from getting separated in certain situations. The difference is illustrated here: # perltidy -cpb alone has no effect for this short snippet: if ( $Kouter_opening == $Kfirst && $has_tight_paren{$type_prev} ) { $Kref = $Kprev; } # perltidy -cpb -cpbw keeps the closing paren next to the opening brace: if ( $Kouter_opening == $Kfirst && $has_tight_paren{$type_prev} ) { $Kref = $Kprev; } - The parameter --maximum-fields-per-table, or -mft, now accepts a string input which can limit its application to certain containers. For example, -mft='f(1' means that function call lists should be formatted with just 1 item per line. It has no effect on other tables. The manual has further information. - Add option --break-open-compact-parens=s, discussed in git #78. This changes the default formatting for lists which would normally be displayed compactly on two lines. It causes them to be formatted in the same way as long lists, with line breaks at the opening and closing parentheses. - Add option --skip-formatting-except-id=NAME, or -sfei=NAME, discussed in git #183. This allows formatting to apply only to lines tagged with #<<< id=NAME, where NAME is a user-defined tag. The special variation -sfei='-' can be used to run perltidy with full checking but without any formatting changes. - A relatively rare problem with the formatting combination -xci and -lp or -xlp has been fixed. Some lines had more leading spaces that intended. - New option -m added to --dump-mismatched-returns and --warn-mismatched-returns. This checks for multiple array return sizes. A warning occurs when a sub has multiple returns of finite lists with different counts greater than 1, and not all of them are matched with calls. - Improved support for Object::Pad, see git #182. - A limitation on the treatment of lexical subs has been fixed. Previously, a lexical sub with the same name as a quote operator would produce a warning, and might cause a tokenization error. - Here targets in quotes are now located and handled correctly. - updated to 20250311.0.0 (20250311) see /usr/share/doc/packages/perl-Perl-Tidy/CHANGES.md ## 2025 03 11 - The options --want-call-parens and --nowant-call-parens were accidentally being skipped in version 20250214. This has been fixed. - Fixed git #32, a tokenization error with message "hit EOF seeking end of quote/pattern" for a function call without paren or arg before a ternary operator. - A new option --dump-similar-keys will dump hash keys which are similar but slightly different to standard output and then exit. A related option --warn-similar-keys will report keys with are similar to the error output while formatting. Both of these can be controlled by parameters which are described in the input manual. - A new option --dump-hash-keys will dump all hash keys found by perltidy to standard output. - The output table for --dump-block-summary has an additional field. It is an alternate McCabe complexity count which is the same as the previous count except for subs. For subs, the complexity number is reduced by the values for any contained anonymous subs. - Fix git #181, remove continuation indentation from closing brace of an anonymous sub which terminates an input stream. - updated to 20250214.0.0 (20250214) see /usr/share/doc/packages/perl-Perl-Tidy/CHANGES.md ## 2025 02 14 - A new option --keep-old-blank-lines-exceptions=s, or --kblx=s, allows selected blank lines to be ignored when an input stream is read. The parameter s is used to select the blank lines to be ignored. This option provides an inverse to other blank line parameters. The manual has details. See discussion git #180. - A new option --warn-unused-keys, or -wuk, has been added which will produce warnings for unused hash keys during formatting. This is similar to --dump-unused-keys, which just exits and does not continue formatting. A related new parameter --warn-unused-keys-cutoff=N provides control over a filter which prevents warnings for keys which appear to be members of large hashes used to communicate with external packages. The manual has details. See git #177. - A new option --pack-opening-types='->' has been added to provide more control over breaks of method call chains. It tells perltidy not to break at every method call when a chain of calls spans multiple lines. This was the behavior in versions prior to 20250105. The default starting with 20250105 is to break at each call of a method call chain which spans multiple lines. See git #171. - updated to 20250105.0.0 (20250105) see /usr/share/doc/packages/perl-Perl-Tidy/CHANGES.md ## 2025 01 05 - If a file consists only of comments, then the starting indentation will be guessed from the indentation of the first comment. Previously it would be guessed to be zero. Parameter --starting-indentation-level=n can be used to specify an indentation and avoid a guess. This issue can arise when formatting a block of comments from within an editor. - Added missing 'use File::Temp' for -html option. This was causing the message: "Undefined subroutine &File::Temp::tempfile called at ..." See git #176. - A new parameter --dump-unique-keys, or -duk, dumps a list of hash keys which appear to be used just once, and do not appear among the quoted strings in a file. For example: perltidy -duk File.pm >output.txt This can help locate misspelled hash keys. - Line breaks at long chains of method calls now break at all calls with args in parens, as in this example from git #171 # Old default sub bla_p( $value = 42 ) { return Mojo::Promise->resolve($value)->then( sub { shift() / 2 } ) ->then( sub { shift() + 6 } )->then( sub { shift() / 2 } ) ->catch( sub { warn shift } ); } # New default sub bla_p( $value = 42 ) { return Mojo::Promise->resolve($value) ->then( sub { shift() / 2 } ) ->then( sub { shift() + 6 } ) ->then( sub { shift() / 2 } ) ->catch( sub { warn shift } ); } - Parameter --break-at-old-method-breakpoints, or -bom, has been updated to insure that it only applies to lines beginning with method calls, as intended. Line breaks for all lines beginning with '->', even non-method calls, can be retained by using --keep-old-breakpoints_before='->'. - Added parameter --multiple-token-tightness=s, or -mutt=s. The default value --paren-tightness=1 adds space within the parens if, and only if, the container holds multiple tokens. Some perltidy tokens may be rather long, and it can be preferable to also space some of them as if they were multiple tokens. This can be done with this parameter, and it applies to parens as well as square brackets and curly braces. For example, the default below has no space within the square brackets: # perltidy my $rlist = [qw( alpha beta gamma )]; Spaces can be obtained with: # perltidy -mutt='q*' my $rlist = [ qw( alpha beta gamma ) ]; The parameter -mutt='q*' means treat qw and similar quote operators as multiple tokens. The manual has details; git #120 has another example. - Added parameter --indent-leading-semicolon, -ils; see git #171. When this is negated, a line with a leading semicolon does not get the extra leading continuation indentation spaces (defined with -ci=n). - Space around here doc delimiters follow spacing controls better. For example, a space is now added before the closing paren here: OLD: (without the here doc): push( @script, <<'EOT'); NEW: push( @script, <<'EOT' ); Also, any spaces between the '<<' and here target are removed (git #174): OLD: push( @script, << 'EOT'); NEW: push( @script, <<'EOT' ); - Added parameter --break-at-trailing-comma-types=s, or -btct=s, where s is a string which selects trailing commas. For example, -btct='f(b' places a line break after all bare trailing commas in function calls. The manual has details. - Fix git #165, strings beginning with v before => gave an incorrect error message. - The parameter --add-lone-trailing-commas, -altc, is now on by default. This will simplify input for trailing comma operations. Use --noadd-lone-trailing-commas, or -naltc to turn it off. - More edge cases for adding and deleting trailing commas are now handled (git #156). - A problem has been fixed in which the addition or deletion of trailing commas with the -atc or -dtc flags did not occur due to early convergence when the -conv flag was set (git #143). - Added parameter --qw-as-function, or -qwaf, discussed in git #164. When this parameter is set, a qw list which begins with 'qw(' is formatted as if it were a function call with call args being a list of comma-separated quoted items. For example, given this input: @fields = qw( $st_dev $st_ino $st_mode $st_nlink $st_uid $st_gid $st_rdev $st_size $st_atime $st_mtime $st_ctime $st_blksize $st_blocks); # perltidy -qwaf @fields = qw( $st_dev $st_ino $st_mode $st_nlink $st_uid $st_gid $st_rdev $st_size $st_atime $st_mtime $st_ctime $st_blksize $st_blocks ); - updated to 20240903.0.0 (20240903) see /usr/share/doc/packages/perl-Perl-Tidy/CHANGES.md ## 2024 09 03 - Add partial support for Syntax::Operator::In and Syntax::Keyword::Match (see git #162). - Add --timeout-in-seconds=n, or -tos=n. When the standard input supplies the input stream, and the input has not been received within n seconds, perltidy will end with a timeout message. The intention is to catch a situation where perltidy is accidentally invoked without a file to process and therefore waits for input from the system standard input (stdin), which never arrives. The default is n=10. This check can be turned off with -tos=0. - Add parameter --closing-side-comment-exclusion-list=string, or -cscxl=string, where string is a list of block types to exclude for closing side comment operations. Also, closing side comments now work for anonymous subs if a --closing-side-comment-list (-cscl) is not specified, and when 'asub' is requested with -cscl=asub. Use -cscxl=asub to prevent this. - Include check for unused constants in --dump-unusual-variables and --warn-variable-types (new issue type 'c'). Also expand checks to cover variables introduced with 'use vars'. - Include signature variables in --dump-unusual-variables and --warn-variable-types; see git #158. - Add logical xor operator ^^ available in perl version 5.40, as noted in git #157. - Keyword 'state' now has default space before a paren, like 'my'. Previously there was no space and no control. So the default is now "state ($x)". This space can be removed with -nsak='state'. - Add options --add-lone-trailing-commas, -altc and --delete-lone-trailing-commas, -dltc, to provide control over adding and deleting the only comma in a list. See discussion in git #143 and the updated manual. - Add options --dump-mismatched-returns (or -dmr) and --warn-mismatched-returns (or -wmr). These options report function calls where the number of values requested may disagree with sub return statements. The -dump version writes the results for a single file to standard output and exits: perltidy -dmr somefile.pl >results.txt The -warn version formats as normal but reports any issues as warnings in the error file: perltidy -wmr somefile.pl The -warn version may be customized with the following additional parameters if necessary to avoid needless warnings: --warn-mismatched-return-types=s (or -wmrt=s), --warn-mismatched-return-exclusion-list=s (or -wmrxl=s) where 's' is a control string. These are explained in the manual. - Updates for issue git #151: (1) --warn-variable-types=u is now okay if a named file is processed. (2) --warn-variable-exclusion-list=s now allows leading and/or trailing * on variable names to allow a wildcard match. For example -wvxl='*_unused' is okay and would match $var1_unused and $var2_unused. (3) --dump-unusual-variables now outputs the filename. - A option was added to filter unimplemented parameters from perltidy configuration files, suggested in git #146. It works like this: if a line in the config file begins with three dashes followed by a parameter name (rather than two dashes), then the line will be removed if the parameter is unknown. Otherwise, a dash will be removed to make the line valid. - Parameters --dump-mismatched-args (or -dma) and --warn-mismatched-args (or -wma) have been updated to catch more arg count issues. - Fixed issue git #143, extend -add-trailing-commas to apply to a list with just a fat comma. - The minimum perl version is 5.8.1. Previously it was 5.8.0, which was not correct because of the use of utf8::is_utf8. - Fixed issue git #142, test failure installing on perl versions before version 5.10. The error caused the new parameter -interbracket-arrow-style=s not to work. Except for this limitation, Version 20240511 will work on older perl versions. perl-Perl-Tidy-20260109.0.0-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-101 Security update for chromium moderate openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: - Chromium 144.0.7559.109 (boo#1257404) * CVE-2026-1504: Inappropriate implementation in Background Fetch API chromedriver-144.0.7559.109-bp160.1.1.x86_64.rpm chromium-144.0.7559.109-bp160.1.1.x86_64.rpm chromedriver-144.0.7559.109-bp160.1.1.ppc64le.rpm chromium-144.0.7559.109-bp160.1.1.ppc64le.rpm chromedriver-144.0.7559.109-bp160.1.1.aarch64.rpm chromium-144.0.7559.109-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-102 Recommended update for php-APCu moderate openSUSE Backports SLE-16.0 This update for php-APCu fixes the following issues: Introduce php-APCu. php8-APCu-5.1.28-bp160.1.1.x86_64.rpm php8-APCu-5.1.28-bp160.1.1.s390x.rpm php8-APCu-5.1.28-bp160.1.1.ppc64le.rpm php8-APCu-5.1.28-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-103 Recommended update for myrlyn moderate openSUSE Backports SLE-16.0 This update for myrlyn fixes the following issues: Changes in myrlyn: - Update to version 1.0.0: * Version bump to 1.0.0 * Document zypp history filters * Wider columns in zypp history * zypp history filters are working * New classes for zypp history filters * Use [OK] as the default dialog button * Suppress Qt bullshit messages that keep flooding the log * Add zypp history filter dialog * Add infrastructure for zypp history filters * Extend zypp history browser time line to today if the last activity date was just 10 or less days ago * Zypp history error handling * Fix (+/-) count conditions * Show (+/-) count in zypp history only for nontrivial transactions * Reasonable column widths in zypp history browser * Initial selection in zypp history browser * Added new zypp history browser to features in README.md * Show (+/-) count for commands in zypp history * Show --zypp-history in usage message as normal, not debugging option * Use standard columns in zypp history only for packages and patches * Fixed column spanning for parent items * Working zypp history browser navigation * Populated history events tree * First populated timeline (navigation) tree for the zypp history * First rough parsing tests ok * Add Ctrl+Shift+H shortcut to show zypp history * First new (still empty) ZyppHistoryBrowser, drop old YQPkgHistoryDialog * Code reorg + consistency * Handle incomplete zypp history files * New designer form for the zypp history browser * More zypp history test data * Add zypp history test data * Factor out ZyppHistoryEvents * Use a namespace for better organization * Lots of boring zypp history parser code * Parse zypp history command events * Filling ZyppHistoryParser with life * Filling ZyppHistoryParser with life * New class ZyppHistoryParser * New class ZyppHistory * Handle command line options with additional argument * Make sure at least one "search in" check box is checked when searching * Support searching in RPM recommends, too * Added tooltip for auto search default mode button * Right-align auto search default mode button * Enable switching the default auto search mode between "Starts With" and "Contains" * New icons * Allow no parent * Unneeded includes * Fixed script she-bang * Class rename MyrlynTranslator -> Translator * Generalize MyrlynTranslator * Re-imported latest QDirStat logger * Show special resolver modes (up/dup) in status line * Silenced left-over debug output * Support using ~/.config/openSUSE/myrlyn-sudo.conf * Fixed typo in .desktop file * Added Video LAN community repo (also serves libdvdcss) * Log the Qt environment * More HiDPI hints in .desktop files * Ensure the popup is centered * Commented out unavailable/redundant community repos on 16.x * No progress bar during post-transaction scripts * Actually use myrlyn-run0 in myrlyn-run0.desktop * Added systemd run0 support (#122 by @zeusgoose) * Updated docs: Stability and maturity * Added myrlyn-stable for Leap 15.6 from OBS home:shundhammer to downloads - Update to version 0.9.9: * Version bump to 0.9.9 * Default to not using RPM groups on openSUSE / SLE distros * Added the freshly published community repos for Leap 16.0 / SLES-16.0 * Hint about HiDPI scaling in .desktop files * Keep QT_SCALE_FACTOR in myrlyn-sudo environment * Don't show service filter view by default - Update to version 0.9.8: * Version bump to 0.9.8 * Don't write a default for useRpmGroups for now (Closes #112) * Make the default for "useRpmGroups" compile-time configurable * Make "useRpmGroups" configurable in config file * Use textdomain "rpm-groups" for RPM groups * Removed redundant initial selection * Class rename for consistency * Lazy RPM tree init for startup performance * Filter correcty for empty RPM groups * Removed ancient fallback RPM groups * Consistent terminology * Open only the first two levels of the RPM groups tree * Suppress Qt logging spam * First hacky version of RPM groups (#112) * Translate RPM groups and suppress 'Unspecified' * Show RPM group in technical details view (#112) * Use non-breaking hyphen in read‑only * Don't consider ignored missing RPM signature as failed task (Closes #110) * GitHub config * Added Leap 16.x community repos myrlyn-1.0.0-bp160.1.1.x86_64.rpm myrlyn-1.0.0-bp160.1.1.s390x.rpm myrlyn-1.0.0-bp160.1.1.ppc64le.rpm myrlyn-1.0.0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-104 Recommended update for openQA, os-autoinst, openQA-devel-container moderate openSUSE Backports SLE-16.0 This update for openQA, os-autoinst, openQA-devel-container fixes the following issues: Changes in openQA: - Update to version 5.1769550212.662a4f95: * refactor(investigation): Use TEST_GIT_URL and NEEDLES_GIT_URL * refactor(investigation): Rename gitrepodir function * Restart: handle subclassed AMQP plugin * Revert "Update CircleCI image to Leap 16.0" * fix: Fix invalid HTML in test creation form * feat: Make test creation discoverable to all users * refactor: Simplify/extend flash message templates * feat: Avoid confusing/wrong "Administrator level required" error * Update CircleCI image to Leap 16.0 * feat: Support `async=1` flag via `openqa-cli schedule --monitor` * fix: Avoid serializing `null` click point after e19aee4 and da7cce6b * test: Fix failing style checks due to test file with invalid YAML * test: Cover redirection to Git platform via CASEDIR and TEST_GIT_HASH * fix: Fix error handling when redirecting to Git platform * test: Distinguish different cases for showing settings files * test: Cover case of invalid scenario definitions when creating test * test: Consider `Step.pm` fully covered * test: Cover case of showing unsupported results * fix: Improve condition for checking valid step result * test: Cover case of showing candidate needle with no tags * refactor: Simplify `calc_matches` * refactor: Write uncoverable error handler in one line * refactor: Simplify `_new_screenshot` * refactor: Rewrite code for screenshot name in a more compact way * test: Cover options to take images/areas from existing needles * Use body parameters in POST request * feat: Add symlink for aeon in openqa-bootstrap script * chore(deps): bump lodash from 4.17.21 to 4.17.23 * test: Add test for displaying audio results * test: Cover remaining lines of `File.pm` * feat: Improve log message about invalid config in df-based cleanup * feat: Add dry run to df-based cleanup of job results * Fix grammatic mistakes on the snapshots documentation * Describe how snapshots work internally * doc: Improve wording in documentation about space-aware cleanup * doc: Clarify settings for space-aware cleanup * doc: Use "file system" consistently in comments in config files * doc: Wrap comments in `openqa.ini` at 80 characters * doc: Use "file system" consistently in users documentation * doc: Mention also `…_cleanup_max_free_percentage` * doc: Move documentation about space-aware cleanup into its own section * doc: Use "filesystem" instead of "partition" in config comments * fix: Account deletion of screenshots of archived jobs correctly * doc: Mention variables for df-based job result cleanup * feat: Consider archive as well in df-based cleanup of job results Changes in os-autoinst: - Update to version 5.1769602729.9728790: * fix: Improve wrong comment about enablement of modern Perl features * Replace remaining functions with subroutine signatures in 18-qemu.t * Fix snapshot overlay mechanism to avoid duplication * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * Remove deprecated BIOS and UEFI_PFLASH variables Changes in openQA-devel-container: - Update to version 5.1769550212.662a4f950: * Update to latest openQA version openQA-5.1769550212.662a4f95-bp160.1.1.x86_64.rpm openQA-auto-update-5.1769550212.662a4f95-bp160.1.1.x86_64.rpm openQA-bootstrap-5.1769550212.662a4f95-bp160.1.1.x86_64.rpm openQA-client-5.1769550212.662a4f95-bp160.1.1.x86_64.rpm openQA-common-5.1769550212.662a4f95-bp160.1.1.x86_64.rpm openQA-continuous-update-5.1769550212.662a4f95-bp160.1.1.x86_64.rpm openQA-devel-5.1769550212.662a4f95-bp160.1.1.x86_64.rpm openQA-doc-5.1769550212.662a4f95-bp160.1.1.x86_64.rpm openQA-local-db-5.1769550212.662a4f95-bp160.1.1.x86_64.rpm openQA-mcp-5.1769550212.662a4f95-bp160.1.1.x86_64.rpm openQA-munin-5.1769550212.662a4f95-bp160.1.1.x86_64.rpm openQA-python-scripts-5.1769550212.662a4f95-bp160.1.1.x86_64.rpm openQA-single-instance-5.1769550212.662a4f95-bp160.1.1.x86_64.rpm openQA-single-instance-nginx-5.1769550212.662a4f95-bp160.1.1.x86_64.rpm openQA-worker-5.1769550212.662a4f95-bp160.1.1.x86_64.rpm os-autoinst-5.1769602729.9728790-bp160.1.1.x86_64.rpm os-autoinst-devel-5.1769602729.9728790-bp160.1.1.x86_64.rpm os-autoinst-ipmi-deps-5.1769602729.9728790-bp160.1.1.x86_64.rpm os-autoinst-openvswitch-5.1769602729.9728790-bp160.1.1.x86_64.rpm os-autoinst-qemu-kvm-5.1769602729.9728790-bp160.1.1.x86_64.rpm os-autoinst-qemu-x86-5.1769602729.9728790-bp160.1.1.x86_64.rpm os-autoinst-s390-deps-5.1769602729.9728790-bp160.1.1.x86_64.rpm os-autoinst-swtpm-5.1769602729.9728790-bp160.1.1.x86_64.rpm openQA-5.1769550212.662a4f95-bp160.1.1.s390x.rpm openQA-auto-update-5.1769550212.662a4f95-bp160.1.1.s390x.rpm openQA-bootstrap-5.1769550212.662a4f95-bp160.1.1.s390x.rpm openQA-client-5.1769550212.662a4f95-bp160.1.1.s390x.rpm openQA-common-5.1769550212.662a4f95-bp160.1.1.s390x.rpm openQA-continuous-update-5.1769550212.662a4f95-bp160.1.1.s390x.rpm openQA-devel-5.1769550212.662a4f95-bp160.1.1.s390x.rpm openQA-doc-5.1769550212.662a4f95-bp160.1.1.s390x.rpm openQA-local-db-5.1769550212.662a4f95-bp160.1.1.s390x.rpm openQA-mcp-5.1769550212.662a4f95-bp160.1.1.s390x.rpm openQA-munin-5.1769550212.662a4f95-bp160.1.1.s390x.rpm openQA-python-scripts-5.1769550212.662a4f95-bp160.1.1.s390x.rpm openQA-single-instance-5.1769550212.662a4f95-bp160.1.1.s390x.rpm openQA-single-instance-nginx-5.1769550212.662a4f95-bp160.1.1.s390x.rpm openQA-worker-5.1769550212.662a4f95-bp160.1.1.s390x.rpm os-autoinst-5.1769602729.9728790-bp160.1.1.s390x.rpm os-autoinst-devel-5.1769602729.9728790-bp160.1.1.s390x.rpm os-autoinst-ipmi-deps-5.1769602729.9728790-bp160.1.1.s390x.rpm os-autoinst-openvswitch-5.1769602729.9728790-bp160.1.1.s390x.rpm os-autoinst-s390-deps-5.1769602729.9728790-bp160.1.1.s390x.rpm os-autoinst-swtpm-5.1769602729.9728790-bp160.1.1.s390x.rpm openQA-5.1769550212.662a4f95-bp160.1.1.ppc64le.rpm openQA-auto-update-5.1769550212.662a4f95-bp160.1.1.ppc64le.rpm openQA-bootstrap-5.1769550212.662a4f95-bp160.1.1.ppc64le.rpm openQA-client-5.1769550212.662a4f95-bp160.1.1.ppc64le.rpm openQA-common-5.1769550212.662a4f95-bp160.1.1.ppc64le.rpm openQA-continuous-update-5.1769550212.662a4f95-bp160.1.1.ppc64le.rpm openQA-devel-5.1769550212.662a4f95-bp160.1.1.ppc64le.rpm openQA-doc-5.1769550212.662a4f95-bp160.1.1.ppc64le.rpm openQA-local-db-5.1769550212.662a4f95-bp160.1.1.ppc64le.rpm openQA-mcp-5.1769550212.662a4f95-bp160.1.1.ppc64le.rpm openQA-munin-5.1769550212.662a4f95-bp160.1.1.ppc64le.rpm openQA-python-scripts-5.1769550212.662a4f95-bp160.1.1.ppc64le.rpm openQA-single-instance-5.1769550212.662a4f95-bp160.1.1.ppc64le.rpm openQA-single-instance-nginx-5.1769550212.662a4f95-bp160.1.1.ppc64le.rpm openQA-worker-5.1769550212.662a4f95-bp160.1.1.ppc64le.rpm os-autoinst-5.1769602729.9728790-bp160.1.1.ppc64le.rpm os-autoinst-devel-5.1769602729.9728790-bp160.1.1.ppc64le.rpm os-autoinst-ipmi-deps-5.1769602729.9728790-bp160.1.1.ppc64le.rpm os-autoinst-openvswitch-5.1769602729.9728790-bp160.1.1.ppc64le.rpm os-autoinst-s390-deps-5.1769602729.9728790-bp160.1.1.ppc64le.rpm os-autoinst-swtpm-5.1769602729.9728790-bp160.1.1.ppc64le.rpm openQA-5.1769550212.662a4f95-bp160.1.1.aarch64.rpm openQA-auto-update-5.1769550212.662a4f95-bp160.1.1.aarch64.rpm openQA-bootstrap-5.1769550212.662a4f95-bp160.1.1.aarch64.rpm openQA-client-5.1769550212.662a4f95-bp160.1.1.aarch64.rpm openQA-common-5.1769550212.662a4f95-bp160.1.1.aarch64.rpm openQA-continuous-update-5.1769550212.662a4f95-bp160.1.1.aarch64.rpm openQA-devel-5.1769550212.662a4f95-bp160.1.1.aarch64.rpm openQA-doc-5.1769550212.662a4f95-bp160.1.1.aarch64.rpm openQA-local-db-5.1769550212.662a4f95-bp160.1.1.aarch64.rpm openQA-mcp-5.1769550212.662a4f95-bp160.1.1.aarch64.rpm openQA-munin-5.1769550212.662a4f95-bp160.1.1.aarch64.rpm openQA-python-scripts-5.1769550212.662a4f95-bp160.1.1.aarch64.rpm openQA-single-instance-5.1769550212.662a4f95-bp160.1.1.aarch64.rpm openQA-single-instance-nginx-5.1769550212.662a4f95-bp160.1.1.aarch64.rpm openQA-worker-5.1769550212.662a4f95-bp160.1.1.aarch64.rpm os-autoinst-5.1769602729.9728790-bp160.1.1.aarch64.rpm os-autoinst-devel-5.1769602729.9728790-bp160.1.1.aarch64.rpm os-autoinst-ipmi-deps-5.1769602729.9728790-bp160.1.1.aarch64.rpm os-autoinst-openvswitch-5.1769602729.9728790-bp160.1.1.aarch64.rpm os-autoinst-s390-deps-5.1769602729.9728790-bp160.1.1.aarch64.rpm os-autoinst-swtpm-5.1769602729.9728790-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-105 Security update for xrdp important openSUSE Backports SLE-16.0 This update for xrdp fixes the following issues: Changes in xrdp: - CVE-2025-68670: Fixed a potential overflow (bsc#1257362). libpainter0-0.9.26-bp160.2.1.x86_64.rpm librfxencode0-0.9.26-bp160.2.1.x86_64.rpm xrdp-0.9.26-bp160.2.1.x86_64.rpm xrdp-devel-0.9.26-bp160.2.1.x86_64.rpm libpainter0-0.9.26-bp160.2.1.s390x.rpm librfxencode0-0.9.26-bp160.2.1.s390x.rpm xrdp-0.9.26-bp160.2.1.s390x.rpm xrdp-devel-0.9.26-bp160.2.1.s390x.rpm libpainter0-0.9.26-bp160.2.1.ppc64le.rpm librfxencode0-0.9.26-bp160.2.1.ppc64le.rpm xrdp-0.9.26-bp160.2.1.ppc64le.rpm xrdp-devel-0.9.26-bp160.2.1.ppc64le.rpm libpainter0-0.9.26-bp160.2.1.aarch64.rpm librfxencode0-0.9.26-bp160.2.1.aarch64.rpm xrdp-0.9.26-bp160.2.1.aarch64.rpm xrdp-devel-0.9.26-bp160.2.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-106 Recommended update for gimp moderate openSUSE Backports SLE-16.0 This update for gimp fixes the following issues: Changes in gimp: - Update to 3.0.8 - Font Loading Performance - Improvements in start-up time for users with a large number of fonts was backported from our 3.2 RC2 release. As a result, we now wait to load images until fonts are initialized - this prevents some occasional odd displays and other issues when an XCF file tried to access a partially loaded font. - Assorted updates and fixes - Daniel Plakhotich helped us identify an issue when exporting a lossless WEBP image could be affected by lossy settings (such as Quality being less than 100%). We’ve updated our WEBP plug-in to prevent this from happening. - Thanks to Jehan‘s efforts, the standard gimp-3.0 executable can now be run with a --no-interface flag instead of requiring users to call gimp-console-3.0 even on devices with no display. The --show-debug-menu flag is now visible as well. - programmer_ceds improved our flatpak by adding safe guards to show the correct configuration directory regardless of whether XDG_CONFIG_HOME is defined on the user’s system. This should make it much easier for flatpak users to install and use third party plug-ins. - We fixed a rare but possible crash when using the Equalize filter on images with NaN values. Images that contain these are usually created from scientific or mapping data, so you’re unlikely to come across them in standard editing. - Jeremy Bicha fixed an internal issue where the wrong version number could be used when installing minor releases (such as the 3.2 release candidates and upcoming 3.2 stable release). - As noted in our 3.2RC2 news post, we have updated our SVG import code to improve the rendered path. - Further improvements have been made to our non-destructive filter code to improve stability, especially when copying and pasting layers and images with filters attached to them. Some issues related to applying NDE filters on Quick Masks have also been corrected. - An unintended Search pop-up that appeared when typing while the Channels dockable was selected has been turned off. - When saving XCFs for GIMP 2.10 compatibility, we unintentionally saved Grid color using the new color format. This caused errors when reopening the XCF in 2.10. This problem has now been fixed! If you encounter any other XCF incompatibility, please let us know. - Themes and UX - The Navigation and Selection Editor dockables no longer show a large bright texture when no image is actively selected. This was especially noticeable on dark themes. - When a layer has no active filters, the Fx column had the same “checkbox” outline when hovered over as the lock column. This led to confusion about clicking it to add filters. We have removed the outline on hover as a small step to help address this. - Ondřej Míchal fixed alignment and cut-off issues with the buttons on our Transform tool overlays. All buttons should now be properly centered and visible. - The options for filling layers with colors when resizing the canvas will be turned off when not relevant (such as when you set layers to not be resized). - More GUI elements such as dialog header icons will now respond to your icon size preferences. - Ondřej Míchal has continued his work to update our UI with the more usable Spin Scale widget. He has also updated the widget itself to improve how it works for users and developers alike. - Security fixes - Jacob Boerema and Gabriele Barbero continued to patch potential security issues related to some of our file format plug-ins. In addition to existing fixes mentioned in the release candidate news posts, the following exploits are now prevented: ZDI-CAN-28232 ZDI-CAN-28265 ZDI-CAN-28530 ZDI-CAN-28591 ZDI-CAN-28599 - Another potential issue related to ICO files with incorrect metadata was reported by Dhiraj. It does not have a CVE number yet, but it has been fixed for GIMP 3.0.8. Jacob Boerema also fixed a potential issue with loading Creator blocks in Paintshop Pro PSP images. - API - For plug-in and script developers, a few new public APIs were backported to GIMP 3.0.8. gimp_cairo_surface_get_buffer () allows you to retrieve a GEGL buffer from a Cairo surface (such as a text layer). Note that this deprecates gimp_cairo_surface_create_buffer (). - gimp_config_set_xcf_version () and gimp_config_get_xcf_version () can be used to specify a particular XCF version for a configuration. This will allow you to have that data serialized/deserialized for certain versions of GIMP if there were differences (such as the Grid colors mentioned above). - Fixes were made for retrieving image metadata via scripting. GimpMetadata is now a visible child of GExiv2Metadata, so you can use standard gexiv2 functions to retrieve information from it. - Original thumbnail metadata is also now removed on export to prevent potential issues when exporting into a new format. gimp-3.0.8-bp160.1.1.x86_64.rpm gimp-devel-3.0.8-bp160.1.1.x86_64.rpm gimp-extension-goat-excercises-3.0.8-bp160.1.1.x86_64.rpm gimp-lang-3.0.8-bp160.1.1.noarch.rpm gimp-plugin-aa-3.0.8-bp160.1.1.x86_64.rpm gimp-plugin-python3-3.0.8-bp160.1.1.x86_64.rpm gimp-vala-3.0.8-bp160.1.1.x86_64.rpm libgimp-3_0-0-3.0.8-bp160.1.1.x86_64.rpm libgimpui-3_0-0-3.0.8-bp160.1.1.x86_64.rpm gimp-3.0.8-bp160.1.1.ppc64le.rpm gimp-devel-3.0.8-bp160.1.1.ppc64le.rpm gimp-extension-goat-excercises-3.0.8-bp160.1.1.ppc64le.rpm gimp-plugin-aa-3.0.8-bp160.1.1.ppc64le.rpm gimp-plugin-python3-3.0.8-bp160.1.1.ppc64le.rpm gimp-vala-3.0.8-bp160.1.1.ppc64le.rpm libgimp-3_0-0-3.0.8-bp160.1.1.ppc64le.rpm libgimpui-3_0-0-3.0.8-bp160.1.1.ppc64le.rpm gimp-3.0.8-bp160.1.1.aarch64.rpm gimp-devel-3.0.8-bp160.1.1.aarch64.rpm gimp-extension-goat-excercises-3.0.8-bp160.1.1.aarch64.rpm gimp-plugin-aa-3.0.8-bp160.1.1.aarch64.rpm gimp-plugin-python3-3.0.8-bp160.1.1.aarch64.rpm gimp-vala-3.0.8-bp160.1.1.aarch64.rpm libgimp-3_0-0-3.0.8-bp160.1.1.aarch64.rpm libgimpui-3_0-0-3.0.8-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-107 Recommended update for perl-TAP-Harness-JUnit moderate openSUSE Backports SLE-16.0 This update for perl-TAP-Harness-JUnit fixes the following issues: Introduce perl-TAP-Harness-JUnit. perl-TAP-Harness-JUnit-0.42-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-108 Recommended update for perl-Date-Manip moderate openSUSE Backports SLE-16.0 This update for perl-Date-Manip fixes the following issues: Introduce perl-Date-Manip. perl-Date-Manip-6.980.0-bp160.1.1.x86_64.rpm perl-Date-Manip-6.980.0-bp160.1.1.s390x.rpm perl-Date-Manip-6.980.0-bp160.1.1.ppc64le.rpm perl-Date-Manip-6.980.0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-109 Recommended update for OpenBoard moderate openSUSE Backports SLE-16.0 This update for OpenBoard fixes the following issues: Changes in OpenBoard: - add AppData in metainfo.xml - update to release version 1.7.5 OpenBoard-1.7.5-bp160.1.1.x86_64.rpm OpenBoard-1.7.5-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-11 Security update for python-Django important openSUSE Backports SLE-16.0 This update for python-Django fixes the following issues: - CVE-2025-59681: Fixed a potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB (boo#1250485) - CVE-2025-59682: Fixed a potential partial directory-traversal via archive.extract() (boo#1250487) python313-Django-5.2.4-bp160.3.1.noarch.rpm openSUSE-Leap-16.0-packagehub-110 Recommended update for evolution moderate openSUSE Backports SLE-16.0 This update for evolution fixes the following issues: Changes in evolution: - Fix incorrect week numbers in calendar year view (bsc#1256465). evolution-3.56.2-bp160.3.1.x86_64.rpm evolution-devel-3.56.2-bp160.3.1.x86_64.rpm evolution-lang-3.56.2-bp160.3.1.noarch.rpm evolution-plugin-bogofilter-3.56.2-bp160.3.1.x86_64.rpm evolution-plugin-pst-import-3.56.2-bp160.3.1.x86_64.rpm evolution-plugin-spamassassin-3.56.2-bp160.3.1.x86_64.rpm evolution-plugin-text-highlight-3.56.2-bp160.3.1.x86_64.rpm evolution-3.56.2-bp160.3.1.s390x.rpm evolution-devel-3.56.2-bp160.3.1.s390x.rpm evolution-plugin-bogofilter-3.56.2-bp160.3.1.s390x.rpm evolution-plugin-pst-import-3.56.2-bp160.3.1.s390x.rpm evolution-plugin-spamassassin-3.56.2-bp160.3.1.s390x.rpm evolution-plugin-text-highlight-3.56.2-bp160.3.1.s390x.rpm evolution-3.56.2-bp160.3.1.ppc64le.rpm evolution-devel-3.56.2-bp160.3.1.ppc64le.rpm evolution-plugin-bogofilter-3.56.2-bp160.3.1.ppc64le.rpm evolution-plugin-pst-import-3.56.2-bp160.3.1.ppc64le.rpm evolution-plugin-spamassassin-3.56.2-bp160.3.1.ppc64le.rpm evolution-plugin-text-highlight-3.56.2-bp160.3.1.ppc64le.rpm evolution-3.56.2-bp160.3.1.aarch64.rpm evolution-devel-3.56.2-bp160.3.1.aarch64.rpm evolution-plugin-bogofilter-3.56.2-bp160.3.1.aarch64.rpm evolution-plugin-pst-import-3.56.2-bp160.3.1.aarch64.rpm evolution-plugin-spamassassin-3.56.2-bp160.3.1.aarch64.rpm evolution-plugin-text-highlight-3.56.2-bp160.3.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-111 Recommended update for perl-Mojolicious-Plugin-OpenAPI moderate openSUSE Backports SLE-16.0 This update for perl-Mojolicious-Plugin-OpenAPI fixes the following issues: Introduce perl-Mojolicious-Plugin-OpenAPI. perl-Mojolicious-Plugin-OpenAPI-5.110.0-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-112 Security update for chromium important openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: Changes in chromium: - Chromium 144.0.7559.132 (boo#1257650) * CVE-2026-1861: Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. * CVE-2026-1862: Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. chromedriver-144.0.7559.132-bp160.1.1.x86_64.rpm chromium-144.0.7559.132-bp160.1.1.x86_64.rpm chromedriver-144.0.7559.132-bp160.1.1.ppc64le.rpm chromium-144.0.7559.132-bp160.1.1.ppc64le.rpm chromedriver-144.0.7559.132-bp160.1.1.aarch64.rpm chromium-144.0.7559.132-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-113 Security update for python-Django important openSUSE Backports SLE-16.0 This update for python-Django fixes the following issues: Changes in python-Django: - CVE-2026-1312: Fixed potential SQL injection via QuerySet.order_by and FilteredRelation (bsc#1257408). - CVE-2026-1287: Fixed potential SQL injection in column aliases via control characters (bsc#1257407). - CVE-2026-1207: Fixed potential SQL injection via raster lookups on PostGIS (bsc#1257405). - CVE-2026-1285: Fixed potential denial-of-service in django.utils.text.Truncator HTML methods (bsc#1257406). - CVE-2025-13473: Fixed username enumeration through timing difference in mod_wsgi authentication handler (bsc#1257401). - CVE-2025-14550: Fixed potential denial-of-service via repeated headers when using ASGI (bsc#1257403). python313-Django-5.2.4-bp160.5.1.noarch.rpm openSUSE-Leap-16.0-packagehub-114 Recommended update for messagelib moderate openSUSE Backports SLE-16.0 This update for messagelib fixes the following issues: Changes in messagelib: - Fix links sometimes not opening (boo#1257869, kde#493325): messagelib-25.04.3-bp160.2.1.x86_64.rpm messagelib-devel-25.04.3-bp160.2.1.x86_64.rpm messagelib-lang-25.04.3-bp160.2.1.noarch.rpm messagelib-25.04.3-bp160.2.1.aarch64.rpm messagelib-devel-25.04.3-bp160.2.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-115 Recommended update for gnucobol moderate openSUSE Backports SLE-16.0 This update for gnucobol fixes the following issues: Introduce gnucobol. esql-3.2-bp160.1.1.x86_64.rpm esql-devel-3.2-bp160.1.1.x86_64.rpm gnucobol-3.2-bp160.1.1.x86_64.rpm libcob4-3.2-bp160.1.1.x86_64.rpm esql-3.2-bp160.1.1.s390x.rpm esql-devel-3.2-bp160.1.1.s390x.rpm gnucobol-3.2-bp160.1.1.s390x.rpm libcob4-3.2-bp160.1.1.s390x.rpm esql-3.2-bp160.1.1.ppc64le.rpm esql-devel-3.2-bp160.1.1.ppc64le.rpm gnucobol-3.2-bp160.1.1.ppc64le.rpm libcob4-3.2-bp160.1.1.ppc64le.rpm esql-3.2-bp160.1.1.aarch64.rpm esql-devel-3.2-bp160.1.1.aarch64.rpm gnucobol-3.2-bp160.1.1.aarch64.rpm libcob4-3.2-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-116 Recommended update for doomsday moderate openSUSE Backports SLE-16.0 This update for doomsday fixes the following issues: Introduce doomsday. doomsday-2.3.1-bp160.1.1.x86_64.rpm doomsday-2.3.1-bp160.1.1.s390x.rpm doomsday-2.3.1-bp160.1.1.ppc64le.rpm openSUSE-Leap-16.0-packagehub-117 Recommended update for pdfarranger moderate openSUSE Backports SLE-16.0 This update for pdfarranger fixes the following issues: Changes in pdfarranger: - Fixed compatibility with python313 (boo#1257190). pdfarranger-1.11.1-bp160.2.1.noarch.rpm pdfarranger-lang-1.11.1-bp160.2.1.noarch.rpm openSUSE-Leap-16.0-packagehub-118 Security update for trivy important openSUSE Backports SLE-16.0 This update for trivy fixes the following issues: Changes in trivy: - Update to version 0.69.0 (bsc#1255366, CVE-2025-64702): * release: v0.69.0 [main] (#9886) * chore: bump trivy-checks to v2 (#9875) * chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.1 to 2.4.1 (#10091) * fix(repo): return a nil interface for gitAuth if missing (#10097) * fix(java): correctly inherit properties from parent fields for pom.xml files (#9111) * fix(rust): implement version inheritance for Cargo mono repos (#10011) * feat(activestate): add support ActiveState images (#10081) * feat(vex): support per-repo tls configuration (#10030) * refactor: allow per-request transport options override (#10083) * chore(deps): bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 (#10084) * chore(deps): bump github.com/sigstore/sigstore from 1.10.3 to 1.10.4 (#10085) * fix(java): correctly propagate repositories from upper POMs to dependencies (#10077) * feat(rocky): enable modular package vulnerability detection (#10069) * chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.3.1 (#10079) * docs: fix mistake in config file example for skip-dirs/skip-files flag (#10070) * feat(report): add Trivy version to JSON output (#10065) * fix(rust): add cargo workspace members glob support (#10032) * feat: add AnalyzedBy field to track which analyzer detected packages (#10059) * fix: use canonical SPDX license IDs from embeded licenses.json (#10053) * docs: fix link to Docker Image Specification (#10057) * feat(secret): add detection for Symfony default secret key (#9892) * refactor(misconf): move common logic to base value and simplify typed values (#9986) * fix(java): add hash of GAV+root pom file path for pkgID for packages from pom.xml files (#9880) * feat(misconf): use Terraform plan configuration to partially restore schema (#9623) * feat(misconf): add action block to Terraform schema (#10035) * fix(misconf): correct typos in block and attribute names (#9993) * test(misconf): simplify test values using *Test helpers (#9985) * fix(misconf): safely parse rotation_period in google_kms_crypto_key (#9980) * feat(misconf): support for ARM resources defined as an object (#9959) * feat(misconf): support for azurerm_*_web_app (#9944) * test: migrate private test helpers to `export_test.go` convention (#10043) * chore(deps): bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.6.2 (#10048) * fix(secret): improve word boundary detection for Hugging Face tokens (#10046) * fix(go): use ldflags version for all pseudo-versions (#10037) * chore: switch to ID from AVDID in internal and user-facing fields (#9655) * refactor(misconf)!: use ID instead of AVDID for providers mapping (#9752) * fix: move enum into items for array-type fields in JSON Schema (#10039) * docs: fix incorrect documentation URLs (#10038) * feat(sbom): exclude PEP 770 SBOMs in .dist-info/sboms/ (#10033) * fix(docker): fix non-det scan results for images with embedded SBOM (#9866) * chore(deps): bump the github-actions group with 11 updates (#10001) * test: fix assertion after 2026 roll over (#10002) * fix(vuln): skip vulns detection for CentOS Stream family without scan failure (#9964) * fix(license): normalize licenses for PostAnalyzers (#9941) * feat(nodejs): parse licenses from `package-lock.json` file (#9983) * chore: update reference links to Go Wiki (#9987) * refactor: add xslices.Map and replace lo.Map usages (#9984) * fix(image): race condition in image artifact inspection (#9966) * feat(flag): add JSON Schema for trivy.yaml configuration file (#9971) * refactor(debian): use txtar format for test data (#9957) * chore(deps): bump `golang.org/x/tools` to `v0.40.0` + `gopls` to `v0.21.0` (#9973) * feat(rootio): Update trivy db to support usage of Severity from root.io feed (#9930) * feat(vuln): skip vulnerability scanning for third-party packages in Debian/Ubuntu (#9932) * docs: add info that `--file-pattern` flag doesn't disable default behaviuor (#9961) * perf(misconf): optimize string concatenation in azure scanner (#9969) * chore: add client option to install script (#9962) * ci(helm): bump Trivy version to 0.68.2 for Trivy Helm Chart 0.20.1 (#9956) * chore(deps): bump github.com/quic-go/quic-go from 0.54.1 to 0.57.0 (#9952) * docs: update binary signature verification for sigstore bundles (#9929) * chore(deps): bump alpine from `3.22.1` to `3.23.0` (#9935) * chore(alpine): add EOL date for alpine 3.23 (#9934) * feat(cloudformation): add support for Fn::ForEach (#9508) * ci: enable `check-latest` for `setup-go` (#9931) * feat(debian): detect third-party packages using maintainer list (#9917) * fix(vex): add CVE-2025-66564 as not_affected into Trivy VEX file (#9924) * feat(helm): add sslCertDir parameter (#9697) * fix(misconf): respect .yml files when Helm charts are detected (#9912) * feat(php): add support for dev dependencies in Composer (#9910) * chore(deps): bump the common group across 1 directory with 9 updates (#9903) * chore(deps): bump github.com/docker/cli from 29.0.3+incompatible to 29.1.1+incompatible in the docker group (#9859) * fix: remove trailing tab in statefulset template (#9889) * feat(julia): enable vulnerability scanning for the Julia language ecosystem (#9800) * feat(misconf): initial ansible scanning support (#9332) * feat(misconf): Update Azure Database schema (#9811) * ci(helm): bump Trivy version to 0.68.1 for Trivy Helm Chart 0.20.0 (#9869) * chore: update the install script (#9874) trivy-0.69.0-bp160.1.1.x86_64.rpm trivy-0.69.0-bp160.1.1.s390x.rpm trivy-0.69.0-bp160.1.1.ppc64le.rpm trivy-0.69.0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-119 Security update for tailscale important openSUSE Backports SLE-16.0 This update for tailscale fixes the following issues: Changes in tailscale: - Update to version 1.94.0: * IS SET and NOT SET have been added as device posture operators * India DERP Region City Name updated * Custom DERP servers support GCP Certificate Manager * Tailscale SSH authentication, when successful, results in LOGIN audit messages being sent to the kernel audit subsystem * Tailscale Peer Relay throughput is improved when the SO_REUSEPORT socket option is supported on multi-core systems * Tailscale Peer Relay server handshake transmission is guarded against routing loops over Tailscale * MagicDNS always resolves when using resolv.conf without a DNS manager * tailscaled_peer_relay_forwarded_packets_total and tailscaled_peer_relay_forwarded_bytes_total client metrics are available for Tailscale Peer Relays * Identity tokens are automatically generated for workload identities * --audience flag added to tailscale up command to support auto generation of ID tokens for workload identity * tsnet nodes can host Tailscale Services * The tailscale lock status -json command returns tailnet key authority (TKA) data in a stable format * Tailscale Peer Relays deliver improved throughput through monotonic time comparison optimizations and reduced lock contention * Tailscale Services virtual IPs are now automatically accepted by clients across all platforms regardless of the status of the --accept-routes feature - Update to version 1.94.0: * derp/derpserver: add a unique sender cardinality estimate * syncs: add means of declare locking assumptions for debug mode * cmd/k8s-operator: add support for taiscale.com/http-redirect * cmd/k8s-operator fix populateTLSSecret on tests * feature/posture: log method and full URL for posture identity requests * k8s-operator: Fix typos in egress-pod-readiness.go * cmd/tailscale,ipn: add Unix socket support for serve * client/systray: change systray to start after graphical.target * cmd/k8s-operator: warn if users attempt to expose a headless Service * cmd/tailscale/cli, util/qrcodes: format QR codes on Linux consoles * tsnet: ensure funnel listener cleans up after itself when closed * ipn/store/kubestore: don't load write replica certs in memory * tsnet: allow for automatic ID token generation - Update to version 1.92.5: * types/persist: omit Persist.AttestationKey based on IsZero * disable hardware attestation for kubernetes * allow opting out of ACME order replace extension - Update to version 1.92.4: * nothing of importance - Update to version 1.92.3: * WireGuard configuration that occurs automatically in the client, no longer results in a panic - Update to version 1.92.2: * cmd/derper: add GCP Certificate Manager support - Update to version 1.92.1: * fix LocalBackend deadlock when packet arrives during profile switch * wgengine: fix TSMP/ICMP callback leak - Update to version 1.92.0: * no changelog provided - Update to version 1.90.9: * tailscaled no longer deadlocks during event bursts * The client no longer hangs after wake up - Update to version 1.90.8: * tka: move RemoveAll() to CompactableChonk - Update to version 1.90.7: * wgengine/magicsock: validate endpoint.derpAddr * wgengine/magicsock: fix UDPRelayAllocReq/Resp deadlock * net/udprelay: replace VNI pool with selection algorithm * feature/relayserver,ipn/ipnlocal,net/udprelay: plumb DERPMap * feature/relayserver: fix Shutdown() deadlock * net/netmon: do not abandon a subscriber when exiting early * tka: don't try to read AUMs which are partway through being written * tka: rename a mutex to mu instead of single-letter l * ipn/ipnlocal: use an in-memory TKA store if FS is unavailable - Update to version 1.90.6: * Routes no longer stall and fail to apply when updated repeatedly in a short period of time * Tailscale SSH no longer hangs for 10s when connecting to tsrecorder. This affected tailnets that use Tailscale SSH recording - Update to version 1.90.4: * deadlock issue no longer occurs in the client when checking for the network to be available * tailscaled no longer sporadically panics when a Trusted Platform Module (TPM) device is present - Update to version 1.90.3: * tailscaled shuts down as expected and without panic * tailscaled starts up as expected in a no router configuration environment - Update to version 1.90.2: * util/linuxfw: fix 32-bit arm regression with iptables * health: compare warnable codes to avoid errors on release branch * feature/tpm: check TPM family data for compatibility - Upate to version 1.90.1: * Clients can use configured DNS resolvers for all domains * Node keys will be renewed seamlessly * Unnecessary path discovery packets over DERP servers are suppressed * Node key sealing is GA (generally available) and enabled by default - update to version 1.88.3: * cmd/tailscale/cli: add ts2021 debug flag to set a dial plan * control/controlhttp: simplify, fix race dialing, remove priority concept - update to version 1.88.2: * k8s-operator: reset service status before append - require the minimum go version directly, in comparison to using the golang(API) symbol - update to version 1.88.1: * Tailscale CLI prompts users to confirm impactful actions * Tailscale SSH works as expected when using an IP address instead of a hostname and MagicDNS is disabled * fixed: Taildrive sharing when su not present * Taildrive files remain consistently accessible * new: Tailscale tray GUI * DERP IPs changed for Singapore and Tokyo - Fixing CVE-2025-58058, bsc#1248920 - update to version 1.86.5: * cmd/k8s-proxy,k8s-operator: fix serve config for userspace mode - update to version 1.86.4: * nothing of relevance - update to version 1.86.3: * nothing of relevance - update to version 1.86.2: * A deadlock issue that may have occurred in the client * An occasional crash when establishing a new port mapping with a gateway or firewall - update to version 1.86.0: * tsStateEncrypted device posture attribute for checking whether the Tailscale client state is encrypted at rest * Cross-site request forgery (CSRF) issue that may have resulted in a log in error when accessing the web interface * Recommended exit node when the previously recommended exit node is offline * tailscale up --exit-node=auto:any and tailscale set --exit-node=auto:any CLI commands track the recommended exit node and automatically switches to it when available exit nodes or network conditions change * tailscaled CLI command flag --encrypt-state encrypts the node state file on the disk using trusted platform module (TPM) - update to 1.84.3: * ipn/ipnlocal: Update hostinfo to control on service config change - update to 1.84.2: * Re-enable setting —accept-dns by using TS_EXTRA_ARGS. This issue resulted from stricter CLI arguments parsing introduced in Tailscale v1.84.0 - update to 1.84.1: * net/dns: cache dns.Config for reuse when compileConfig fails - update to 1.84.0: * The --reason flag is added to the tailscale down command * ReconnectAfter policy setting, which configures the maximum period of time between a user disconnecting Tailscale and the client automatically reconnecting * Tailscale CLI commands throw an error if multiple of the same flag are detected * Network connectivity issues when creating a new profile or switching profiles while using an exit node * DNS-over-TCP fallback works correctly with upstream servers reachable only via the tailnet - update to 1.82.5: * A panic issue related to CUBIC congestion control in userspace mode is resolved. - update to 1.82.0: * DERP functionality within the client supports certificate pinning for self-signed IP address certificates for those unable to use Let's Encrypt or WebPKI certificates. * Go is updated to version 1.24.1 * NAT traversal code uses the DERP connection that a packet arrived on as an ultimate fallback route if no other information is available * Captive portal detection reliability is improved on some in-flight Wi-Fi networks * Port mapping success rate is improved * Helsinki is added as a DERP region. tailscale-1.94.1-bp160.1.1.x86_64.rpm tailscale-bash-completion-1.94.1-bp160.1.1.noarch.rpm tailscale-fish-completion-1.94.1-bp160.1.1.noarch.rpm tailscale-zsh-completion-1.94.1-bp160.1.1.noarch.rpm tailscale-1.94.1-bp160.1.1.s390x.rpm tailscale-1.94.1-bp160.1.1.ppc64le.rpm tailscale-1.94.1-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-120 Security update for orthanc, gdcm, orthanc-authorization, orthanc-dicomweb, orthanc-gdcm, orthanc-indexer, orthanc-mysql, orthanc-neuro, orthanc-postgresql, orthanc-python, orthanc-stl, orthanc-tcia, orthanc-wsi, python-pyorthanc important openSUSE Backports SLE-16.0 This update for orthanc, gdcm, orthanc-authorization, orthanc-dicomweb, orthanc-gdcm, orthanc-indexer, orthanc-mysql, orthanc-neuro, orthanc-postgresql, orthanc-python, orthanc-stl, orthanc-tcia, orthanc-wsi, python-pyorthanc fixes the following issues: Changes in orthanc: - dcmtk 370 breaks TW build - switch to lua 5.4 - patch out boost component system from framework - version 1.12.10 ' long changelog - see NEWS for details - apply boost patch to source tree - Stop trying to pull libboost_system-devel in all orthanc packages. - remove libboost_system-devel for TW (removed in boost 1.89) - version 1.12.9 * long changelog - see NEWS for details Changes in gdcm: - apply fix for poppler 25.10 build error Changes in orthanc-authorization: - version 0.10.3 * New default permissions for worklists * New default permissions for tools/metrics-prometheus * New default permissions for tools/generate-uid - version 0.10.2 * New default permissions to add/delete modalities through the Rest API https://discourse.orthanc-server.org/t/managing-modalities-using-the-rest-api-and-keycloak/6137 * New standard configuration "stl" - remove libboost_system-devel for TW (removed in boost 1.89)- - version 0.10.1 * Fix audit-logs export in CSV format. * New configuration "ExtraPermissions" to ADD new permissions to the default "Permissions" entries. * Improved handling of "Anonymous" user profiles (when no auth-tokens are provided): The plugin will now request the auth-service to get an anonymous user profile even if there are no auth-tokens in the HTTP request. * The User profile can now contain a "groups" field if the auth-service provides it. * The User profile can now contain an "id" field if the auth-service provides it. * New experimental feature: audit-logs - Enabled by the "EnableAuditLogs" configuration. - Audit-logs are currently handled by the PostgreSQL plugin and can be browsed through the route /auth/audit-logs. - New default permission "audit-logs" to grant access to the "/auth/audit-logs" route. * Fix: The "server-id" field is now included in all requests sent to the auth-service. Changes in orthanc-dicomweb: - version 1.22 * framework2.diff added for compatibilty with Orthanc framework <= 1.12.10 * Fixed a possible deadlock when using "WadoRsLoaderThreadsCount" > 1 when the HTTP client disconnects while downloading the response. * Fixed "Success: Success" errors when trying to send resources synchronously to a remote DICOMweb server while the Orthanc job engine was busy with other tasks. - remove libboost_system-devel for TW (removed in boost 1.89) - version 1.21 * New configuration "WadoRsLoaderThreadsCount" to configure how many threads are loading files from the storage when answering to a WADO-RS query. A value > 1 is meaningful only if the storage is a distributed network storage (e.g object storage plugin). A value of 0 means reading and writing are performed in sequence (default behaviour). * New configuration "EnablePerformanceLogs" to display performance logs. Currently only showing the time required to execute a WADO-RS query. For example: WADO-RS: elapsed: 26106623 us, rate: 14.86 instances/s, 155.23Mbps * Fix false errors logs generated e.g when OHIF requests the /dicom-web/studies/../metadata route: "dicom-web:/Configuration.cpp:643] Unsupported return MIME type: application/dicom+json, multipart/related; type=application/octet-stream; transfer-syntax=*, will return DICOM+JSON" Changes in orthanc-gdcm: - version 1.8 * Prevent transcoding of DICOM images with empty SharedFunctionalGroupsSequence (5200,9229), as this might crash GDCM. * The built-in Orthanc transcoder being usually more stable, the default value of the "RestrictTransferSyntaxes" configuration has been updated to configure the GDCM plugin for J2K transfer syntaxes only since these transfer syntaxes are currently not supported by the built-in Orthanc transcoder. - If "RestrictTransferSyntaxes" is not specified in your configuration, it is now equivalent to "RestrictTransferSyntaxes" : [ "1.2.840.10008.1.2.4.90", // JPEG 2000 Image Compression (Lossless Only) "1.2.840.10008.1.2.4.91", // JPEG 2000 Image Compression "1.2.840.10008.1.2.4.92", // JPEG 2000 Part 2 Multicomponent Image Compression (Lossless Only) "1.2.840.10008.1.2.4.93" // JPEG 2000 Part 2 Multicomponent Image Compression ] which was the recommended configuration. - If "RestrictTransferSyntaxes" is defined but empty, the GDCM plugin will now be used to transcode ALL transfer syntaxes (this was the default behaviour up to version 1.7) - remove libboost_system-devel for TW (removed in boost 1.89) - version 1.7 * Upgrade to GDCM 3.0.24 for static builds. Fixes: - CVE-2024-22373: https://nvd.nist.gov/vuln/detail/CVE-2024-22373 - CVE-2024-22391: https://nvd.nist.gov/vuln/detail/CVE-2024-22391 - CVE-2024-25569: https://nvd.nist.gov/vuln/detail/CVE-2024-25569 Changes in orthanc-indexer: - remove libboost_system-devel for TW (removed in boost 1.89) Changes in orthanc-mysql: - remove libboost_system-devel for TW (removed in boost 1.89) Changes in orthanc-neuro: - remove libboost_system-devel for TW (removed in boost 1.89) Changes in orthanc-postgresql: - version 10.0 * update mainly providing new Reserve and Acknowledge primitives for Queues in plugins - remove libboost_system-devel for TW (removed in boost 1.89) - version 9.0 * DB-scheme rev. 6 - check Orthanc book - version 8.0 * no changelog provided * New DB scheme Changes in orthanc-python: - version 7.0 * The "orthanc.pyi" stub is now excluded from the "install" step during the build * Wrapped new SCP callbacks: - RegisterFindCallback2() - RegisterMoveCallback3() - RegisterWorklistCallback2() - RegisterStorageCommitmentScpCallback2() * Wrapped new Queues methods: - ReserveQueueValue() - AcknowledgeQueueValue() - remove libboost_system-devel for TW (removed in boost 1.89) - remove /usr/orthanc.pyi - unneeded - version 6.0 * The auto-generation of the Python wrapper is now part of the build, to exploit the ORTHANC_PLUGIN_SINCE_SDK macro. This provides backward compatibility with the SDK that is actually installed on the system * Added Windows builder for Python 3.13 * Added Docker-based builder scripts for Debian 13 (trixie) Changes in orthanc-stl: - patch out libboost-system to fix build error - remove libboost_system-devel for TW (removed in boost 1.89) Changes in orthanc-tcia: - version 1.3 * Replaced default base URL of TCIA REST API from "https://services.cancerimagingarchive.net/services/v4/TCIA/query" to "https://nbia.cancerimagingarchive.net/nbia-api/services/v4" * Added configuration option "BaseUrl" to manually configure the base URL * Fix for newer versions of the NBIA cart file format * Upgrade to Orthanc framework 1.12.3 - remove libboost_system-devel for TW (removed in boost 1.89) Changes in orthanc-wsi: - fix build error w framework 1.12.10 - version 3.3 * OrthancWSIDicomizer: - New option "--encoding" to specify the specific character set of DICOM instances - Placeholder tags are now automatically inserted when the "--dataset" option provides incomplete data, ensuring the generated DICOM instances remain valid - The version of the DICOM-izer is available in DICOM tag "SoftwareVersions" - ImagedVolumeWidth and ImagedVolumeHeight are swapped with respect to releases <= 3.2: https://discourse.orthanc-server.org/t/5912 * Viewer plugin: - Added rotation button in the viewer - The viewer displays a label if the "description" GET parameter is provided - Upgraded to OpenLayers 10.6.1 - remove libboost_system-devel for TW (removed in boost 1.89) Changes in python-pyorthanc: - version 1.22.1 * no changelog provided orthanc-1.12.10-bp160.1.1.x86_64.rpm orthanc-devel-1.12.10-bp160.1.1.noarch.rpm orthanc-doc-1.12.10-bp160.1.1.noarch.rpm orthanc-source-1.12.10-bp160.1.1.noarch.rpm gdcm-3.0.24-bp160.2.1.x86_64.rpm gdcm-applications-3.0.24-bp160.2.1.x86_64.rpm gdcm-devel-3.0.24-bp160.2.1.x86_64.rpm gdcm-examples-3.0.24-bp160.2.1.x86_64.rpm libgdcm3_0-3.0.24-bp160.2.1.x86_64.rpm libsocketxx1_2-3.0.24-bp160.2.1.x86_64.rpm python3-gdcm-3.0.24-bp160.2.1.x86_64.rpm orthanc-authorization-0.10.3-bp160.1.1.x86_64.rpm orthanc-dicomweb-1.22-bp160.1.1.x86_64.rpm orthanc-gdcm-1.8-bp160.1.1.x86_64.rpm orthanc-indexer-1.0-bp160.2.1.x86_64.rpm orthanc-mysql-5.2-bp160.2.1.x86_64.rpm orthanc-neuro-1.1-bp160.2.1.x86_64.rpm orthanc-postgresql-10.0-bp160.1.1.x86_64.rpm orthanc-python-7.0-bp160.1.1.x86_64.rpm orthanc-stl-1.2-bp160.2.1.x86_64.rpm orthanc-tcia-1.3-bp160.1.1.x86_64.rpm orthanc-wsi-3.3-bp160.1.1.x86_64.rpm python313-pyorthanc-1.22.1-bp160.1.1.noarch.rpm orthanc-1.12.10-bp160.1.1.s390x.rpm gdcm-3.0.24-bp160.2.1.s390x.rpm gdcm-applications-3.0.24-bp160.2.1.s390x.rpm gdcm-devel-3.0.24-bp160.2.1.s390x.rpm gdcm-examples-3.0.24-bp160.2.1.s390x.rpm libgdcm3_0-3.0.24-bp160.2.1.s390x.rpm libsocketxx1_2-3.0.24-bp160.2.1.s390x.rpm python3-gdcm-3.0.24-bp160.2.1.s390x.rpm orthanc-authorization-0.10.3-bp160.1.1.s390x.rpm orthanc-dicomweb-1.22-bp160.1.1.s390x.rpm orthanc-gdcm-1.8-bp160.1.1.s390x.rpm orthanc-indexer-1.0-bp160.2.1.s390x.rpm orthanc-mysql-5.2-bp160.2.1.s390x.rpm orthanc-neuro-1.1-bp160.2.1.s390x.rpm orthanc-postgresql-10.0-bp160.1.1.s390x.rpm orthanc-python-7.0-bp160.1.1.s390x.rpm orthanc-tcia-1.3-bp160.1.1.s390x.rpm orthanc-wsi-3.3-bp160.1.1.s390x.rpm orthanc-1.12.10-bp160.1.1.ppc64le.rpm gdcm-3.0.24-bp160.2.1.ppc64le.rpm gdcm-applications-3.0.24-bp160.2.1.ppc64le.rpm gdcm-devel-3.0.24-bp160.2.1.ppc64le.rpm gdcm-examples-3.0.24-bp160.2.1.ppc64le.rpm libgdcm3_0-3.0.24-bp160.2.1.ppc64le.rpm libsocketxx1_2-3.0.24-bp160.2.1.ppc64le.rpm python3-gdcm-3.0.24-bp160.2.1.ppc64le.rpm orthanc-authorization-0.10.3-bp160.1.1.ppc64le.rpm orthanc-dicomweb-1.22-bp160.1.1.ppc64le.rpm orthanc-gdcm-1.8-bp160.1.1.ppc64le.rpm orthanc-indexer-1.0-bp160.2.1.ppc64le.rpm orthanc-mysql-5.2-bp160.2.1.ppc64le.rpm orthanc-neuro-1.1-bp160.2.1.ppc64le.rpm orthanc-postgresql-10.0-bp160.1.1.ppc64le.rpm orthanc-python-7.0-bp160.1.1.ppc64le.rpm orthanc-stl-1.2-bp160.2.1.ppc64le.rpm orthanc-tcia-1.3-bp160.1.1.ppc64le.rpm orthanc-wsi-3.3-bp160.1.1.ppc64le.rpm orthanc-1.12.10-bp160.1.1.aarch64.rpm gdcm-3.0.24-bp160.2.1.aarch64.rpm gdcm-applications-3.0.24-bp160.2.1.aarch64.rpm gdcm-devel-3.0.24-bp160.2.1.aarch64.rpm gdcm-examples-3.0.24-bp160.2.1.aarch64.rpm libgdcm3_0-3.0.24-bp160.2.1.aarch64.rpm libsocketxx1_2-3.0.24-bp160.2.1.aarch64.rpm python3-gdcm-3.0.24-bp160.2.1.aarch64.rpm orthanc-authorization-0.10.3-bp160.1.1.aarch64.rpm orthanc-dicomweb-1.22-bp160.1.1.aarch64.rpm orthanc-gdcm-1.8-bp160.1.1.aarch64.rpm orthanc-indexer-1.0-bp160.2.1.aarch64.rpm orthanc-mysql-5.2-bp160.2.1.aarch64.rpm orthanc-neuro-1.1-bp160.2.1.aarch64.rpm orthanc-postgresql-10.0-bp160.1.1.aarch64.rpm orthanc-python-7.0-bp160.1.1.aarch64.rpm orthanc-stl-1.2-bp160.2.1.aarch64.rpm orthanc-tcia-1.3-bp160.1.1.aarch64.rpm orthanc-wsi-3.3-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-121 Recommended update for yt-dlp moderate openSUSE Backports SLE-16.0 This update for yt-dlp fixes the following issues: Changes in yt-dlp: - Update to release 2026.01.31 * yt: Add `web_embedded` fallback for `android_vr` client * yt: Remove broken `ios_downgraded` and `tv_embedded` player clients - added quickjs recommends as a lighter alternative to deno and nodejs - Update to release 2026.01.29 * Accept float values for command-line option `--sleep-subtitles` * Add `--format-sort-reset` option * yt: Support comment subthreads - Update to release 2025.12.08 * cookies: Fix --cookies-from-browser for new installs of Firefox 147+ * floatplane: add subtitle support * yt: detect AI-upscaled formats - Relax JS runtime requirement from required to recommended, some formats can be downloaded without either runtime. - Recommend nodejs as an alternative to deno (Leap 15.6 has just nodejs). - Update to release 2025.11.12 * An external JavaScript runtime is now used for full YouTube support (e.g. deno). - Use the pythons macro to reduce the amount of suse_version usage - Update to version 2025.10.22 * A stopgap release with a TEMPORARY partial fix for YouTube support. Some formats may still be unavailable, especially if cookies are passed to yt-dlp. The NEXT release, expected very soon, will require an external JS runtime (e.g. Deno) in order for YouTube downloads to work properly. * The minimum required Python version has been raised to 3.10 (Python 3.9 has reached its end-of-life as of October 2025). - Update to release 2025.10.14 * yt: Detect experiment binding GVS PO Token to video id * yt: Fix approximate timestamp extraction for feeds - Use Python 3.13 in 15.7, due to lack of 3.12 - Update to release 2025.09.26 * twitch: vod: Fix live_status detection * yt: Fix player JS overrides * yt: Improve PO token logging * yt: Player client maintenance * yt: Replace tv_simply with web_safari in default clients - Fix Leap 15.6 build - Update to release 2025.09.23 * youtube: Force player 0004de42 - Update to version 2025.09.05 * Fix --id deprecation warning * charlierose: Fix extractor * googledrive: Fix subtitles extraction * itvbtcc: Fix extractor * kick: vod: Support ongoing livestream VODs * lrt: Fix extractors * tver: Extract more metadata * vevo: Restore extractors * build: Overhaul Linux builds and refactor release workflow - Update to release 2025.08.27 * Add tcc player JS variant * Deprioritize web_safari m3u8 formats * Use alternative tv user-agent when authenticated - Update to release 2025.08.22 * cookies: Fix --cookies-from-browser with Firefox 142+ - Update to release 2025.08.20 * Warn against use of `-f mp4` * yt: Add es5 and es6 player JS variants * yt: Default to main player JS variant * yt: Extract title and description from initial data * yt: Handle required preroll waiting period - Update to release 2025.08.11 * yt: Add player params to mweb client * dash: Re-extract if using --load-info-json with --live-from-start - Update to release 2025.07.21 * Default behaviour changed from --mtime to --no-mtime * yt: Do not require PO Token for premium accounts * yt: Extract global nsig helper functions * yt: tab: Fix subscriptions feed extraction - Update to release 2025.06.30 * youtube: Fix premium formats extraction - Update to release 2025.06.25 * yt: Check any ios m3u8 formats prior to download * yt: Improve player context payloads - Update to release 2025.06.09 * adobepass: add Fubo MSO, fix Philo MSO authentication * yt: Add tv_simply player client * yt: Extract srt subtitles * yt: Rework nsig function name extraction - Update to release 2025.05.22 * yt: Add PO token support for subtitles * yt: Add web_embedded client for age-restricted videos * yt: Add a PO Token Provider Framework * yt: Extract media_type for all videos * yt: Fix --live-from-start support for premieres * yt: Fix geo-restriction error handling - Update to release 2025.04.30 [boo#1242186] * New option --preset-alias/-t has been added - Update to release 2025.03.31 * yt: add player_js_variant extractor-arg * yt/tab: Fix playlist continuation extraction - Update to release 2025.03.27 * youtube: Make signature and nsig extraction more robust - Update to release 2025.03.26 * youtube: fix signature and nsig extraction for player 4fcd6e4a - Update to release 2025.03.21 * Fix external downloader availability when using ``--ffmpeg-location`` * youtube: fix nsig and signature extraction for player 643afba4. - Require same version between yt-dlp -> python-yt-dlp - Update to release 2025.02.19 * NSIG workaround for tce player JS - Update to release 2025.01.26 * bilibili: Support space video list extraction without login * crunchyroll: Remove extractors * youtube: Download tv client Innertube config * youtube: Use different PO token for GVS and Player - Update to release 2025.01.15 * youtube: Do not use web_creator as a default client - Update to release 2025.01.12 * yt: fix DASH formats incorrectly skipped in some situations * yt: refactor cookie auth - Fix 15.6 build - Update to release 2024.12.23 * yt: add age-gate workaround for some embeddable videos - Update to release 2024.12.13 * yt: fix signature function extraction for 2f1832d2 * yt: prioritize original language over auto-dubbed audio - Update to release 2024.12.06 * yt: fix ``n`` sig extraction for player 3bb1f723 * yt: fix signature function extraction * yt: player client maintenance - Update to release 2024.12.03 * bilibili: Always try to extract HD formats * youtube: Adjust player clients for site changes - Update to release 2024.11.18 * cloudflarestream: Avoid extraction via videodelivery.net * youtube: remove broken OAuth support - Update to release 2024.11.04 * Prioritize AV1 * Remove Python <= 3.8 support * youtube: Adjust OAuth refresh token handling - Update to release 2024.10.22 * yt: Remove broken android_producer client * yt: Remove broken age-restriction workaround * yt: Support logging in with OAuth - Update to release 2024.10.07 * Fix cookie load error handling * youtube: Change default player clients to ios,mweb * patreon: Extract all m3u8 formats for locked posts - Update to release 2024.09.27 * Support excluding player_clients in extractor-arg * clip: Prioritize https formats python313-yt-dlp-2026.01.31-bp160.1.1.noarch.rpm yt-dlp-2026.01.31-bp160.1.1.noarch.rpm yt-dlp-youtube-dl-2026.01.31-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-122 Security update for micropython low openSUSE Backports SLE-16.0 This update for micropython fixes the following issues: Changes in micropython: - CVE-2026-1998: Fixed segmentation fault in `mp_map_lookup` via `mp_import_all` (bsc#1257803). - Version 1.26.1 * esp32: update esp_tinyusb component to v1.7.6 * tools: add an environment variable MICROPY_MAINTAINER_BUILD * esp32: add IDF Component Lockfiles to git repo * shared/tinyusb: fix hang from new tx_overwritabe_if_not_connected flag * shared/tinyusb/mp_usbd_cdc: rewrite USB CDC TX loop * tools/mpremote: don't apply Espressif DTR/RTS quirk to TinyUSB CDC dev - Fix building on single core systems * Skip tests/thread/stress_schedule.py when single core system detected micropython-1.26.1-bp160.1.1.x86_64.rpm mpremote-1.26.1-bp160.1.1.noarch.rpm mpy-tools-1.26.1-bp160.1.1.x86_64.rpm micropython-1.26.1-bp160.1.1.aarch64.rpm mpy-tools-1.26.1-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-123 Recommended update for openQA, os-autoinst-distri-opensuse-deps moderate openSUSE Backports SLE-16.0 This update for openQA, os-autoinst-distri-opensuse-deps fixes the following issues: Changes in openQA: - Update to version 5.1770274061.387b318c: * Remove dependencies not available in 16 * Remove all explicit versions from ci-packages.txt * Explicitly use new cache key for fullstack_cache * Use devel:openQA 16.0 repositories * fix: Create user directory without sudo * refactor(ui): use native DOM APIs for bulk action logic * Update devel:openQA:ci/base container to Leap 16 * Mark some one line catch statements uncoverable * Move t/07-api_jobtokens.t to t/api/ * refactor: Avoid mapping of actions in df-based cleanup * refactor: Use loop to invoke `_delete_jobs` repeatedly * refactor: Simplify code for df-based cleanup further * refactor: Extract repeated lookup and loop into separate function * Dependency cron 2026-02-03 * feat(ui): add bulk action checkboxes to test overview filters * feat(openqa-clone-custom-git-refspec): add "BADGE" mode * fix(openqa-clone-custom-git-refspec): fix "MARKDOWN" mode * feat(UI): add delete button for job groups and parent groups * refactor(javascripts): harden by using const in admin_groups.js * feat(api): prevent deletion of non-empty parent job groups * docs: Fix typo in MCP documentation * docs: Improve note about enabling modern Perl features * test: Remove unused parameters in `OpenQA::Test::Case::login` * navbar: add new item in menu to link MCP documentation * Refactor t/lib/OpenQA/Test/Case.pm with signatures * test: Consider all API controller code covered * test: Cover remaining error cases of worker API * fix: Improve error handling when updating records in admin tables * test: Ensure consistent coverage of job cancellation function * Prepare documentation generation for Leap 16.0 * test: Cover remaining lines of `Search.pm` * test: Cover remaining lines of `Locks.pm` * refactor: Simplify `JobTemplate::destroy` * refactor: Remove unused code from `JobTemplate.pm` * git subrepo pull (merge) external/os-autoinst-common * style: Add quotes in openqa-bootstrap * feat: default API key expiration to 1 year, aligning with UI * feat: wrap array in an object in api_key API responses * feat: add API endpoint for deleting API keys * feat: add API endpoint for listing API keys * feat: add API endpoint for creating API keys * fix(openqa-bootstrap): prevent shellcheck warning SC2086 * Add dependency on 'file' * refactor: Write code in `JobGroup.pm` in a more compact way * test: Consider `Job.pm` fully covered * test: Add tests for error handling of artefact upload * refactor: Format artefact upload test in a more compact way * test: Add tests for using assigned worker on job status updates * test: Add tests for re-scheduling invalid scheduled product * test: Add tests for querying non-existent scheduled product * refactor: Use more compact coding style in `show_scheduled_product` * refactor: Improve `Mm.pm` * test: Improve tests of multi-machine API * Remove unused module Config::Tiny from dependencies - Update to version 5.1769603414.6c0fa72e: * Handle links on test_log on missing git repo extension * test: Consider `Test.pm` fully covered * test: Extend tests for showing dependency graph * fix: Merge parallel clusters correctly for displaying dependency tree Changes in os-autoinst-distri-opensuse-deps: - Added dependency perl(constant) - Added dependency perl(Inline::Python) - Removed dependency perl(Inline::Python) - Removed dependency perl(LWP::Simple) - Added dependency perl(LWP::Simple) - Removed dependency perl(POSIX) - Added dependency perl(parent) - Added dependency perl(POSIX) - Added dependency perl(strict) - Added dependency perl(utf8) - Added dependency perl(version) - Added dependency perl(warnings) - Removed dependency perl(constant) - Removed dependency perl(parent) - Removed dependency perl(strict) - Removed dependency perl(utf8) - Removed dependency perl(version) - Removed dependency perl(warnings) - Removed dependency /usr/bin/gzip - Added dependency /usr/bin/gzip - Removed dependency gzip - Added dependency /usr/bin/gzip openQA-5.1770274061.387b318c-bp160.1.1.x86_64.rpm openQA-auto-update-5.1770274061.387b318c-bp160.1.1.x86_64.rpm openQA-bootstrap-5.1770274061.387b318c-bp160.1.1.x86_64.rpm openQA-client-5.1770274061.387b318c-bp160.1.1.x86_64.rpm openQA-common-5.1770274061.387b318c-bp160.1.1.x86_64.rpm openQA-continuous-update-5.1770274061.387b318c-bp160.1.1.x86_64.rpm openQA-devel-5.1770274061.387b318c-bp160.1.1.x86_64.rpm openQA-doc-5.1770274061.387b318c-bp160.1.1.x86_64.rpm openQA-local-db-5.1770274061.387b318c-bp160.1.1.x86_64.rpm openQA-mcp-5.1770274061.387b318c-bp160.1.1.x86_64.rpm openQA-munin-5.1770274061.387b318c-bp160.1.1.x86_64.rpm openQA-python-scripts-5.1770274061.387b318c-bp160.1.1.x86_64.rpm openQA-single-instance-5.1770274061.387b318c-bp160.1.1.x86_64.rpm openQA-single-instance-nginx-5.1770274061.387b318c-bp160.1.1.x86_64.rpm openQA-worker-5.1770274061.387b318c-bp160.1.1.x86_64.rpm os-autoinst-distri-opensuse-deps-1.1770726271.4c22ee70-bp160.1.1.noarch.rpm os-autoinst-distri-opensuse-deps-worker-1.1770726271.4c22ee70-bp160.1.1.noarch.rpm openQA-5.1770274061.387b318c-bp160.1.1.s390x.rpm openQA-auto-update-5.1770274061.387b318c-bp160.1.1.s390x.rpm openQA-bootstrap-5.1770274061.387b318c-bp160.1.1.s390x.rpm openQA-client-5.1770274061.387b318c-bp160.1.1.s390x.rpm openQA-common-5.1770274061.387b318c-bp160.1.1.s390x.rpm openQA-continuous-update-5.1770274061.387b318c-bp160.1.1.s390x.rpm openQA-devel-5.1770274061.387b318c-bp160.1.1.s390x.rpm openQA-doc-5.1770274061.387b318c-bp160.1.1.s390x.rpm openQA-local-db-5.1770274061.387b318c-bp160.1.1.s390x.rpm openQA-mcp-5.1770274061.387b318c-bp160.1.1.s390x.rpm openQA-munin-5.1770274061.387b318c-bp160.1.1.s390x.rpm openQA-python-scripts-5.1770274061.387b318c-bp160.1.1.s390x.rpm openQA-single-instance-5.1770274061.387b318c-bp160.1.1.s390x.rpm openQA-single-instance-nginx-5.1770274061.387b318c-bp160.1.1.s390x.rpm openQA-worker-5.1770274061.387b318c-bp160.1.1.s390x.rpm openQA-5.1770274061.387b318c-bp160.1.1.ppc64le.rpm openQA-auto-update-5.1770274061.387b318c-bp160.1.1.ppc64le.rpm openQA-bootstrap-5.1770274061.387b318c-bp160.1.1.ppc64le.rpm openQA-client-5.1770274061.387b318c-bp160.1.1.ppc64le.rpm openQA-common-5.1770274061.387b318c-bp160.1.1.ppc64le.rpm openQA-continuous-update-5.1770274061.387b318c-bp160.1.1.ppc64le.rpm openQA-devel-5.1770274061.387b318c-bp160.1.1.ppc64le.rpm openQA-doc-5.1770274061.387b318c-bp160.1.1.ppc64le.rpm openQA-local-db-5.1770274061.387b318c-bp160.1.1.ppc64le.rpm openQA-mcp-5.1770274061.387b318c-bp160.1.1.ppc64le.rpm openQA-munin-5.1770274061.387b318c-bp160.1.1.ppc64le.rpm openQA-python-scripts-5.1770274061.387b318c-bp160.1.1.ppc64le.rpm openQA-single-instance-5.1770274061.387b318c-bp160.1.1.ppc64le.rpm openQA-single-instance-nginx-5.1770274061.387b318c-bp160.1.1.ppc64le.rpm openQA-worker-5.1770274061.387b318c-bp160.1.1.ppc64le.rpm openQA-5.1770274061.387b318c-bp160.1.1.aarch64.rpm openQA-auto-update-5.1770274061.387b318c-bp160.1.1.aarch64.rpm openQA-bootstrap-5.1770274061.387b318c-bp160.1.1.aarch64.rpm openQA-client-5.1770274061.387b318c-bp160.1.1.aarch64.rpm openQA-common-5.1770274061.387b318c-bp160.1.1.aarch64.rpm openQA-continuous-update-5.1770274061.387b318c-bp160.1.1.aarch64.rpm openQA-devel-5.1770274061.387b318c-bp160.1.1.aarch64.rpm openQA-doc-5.1770274061.387b318c-bp160.1.1.aarch64.rpm openQA-local-db-5.1770274061.387b318c-bp160.1.1.aarch64.rpm openQA-mcp-5.1770274061.387b318c-bp160.1.1.aarch64.rpm openQA-munin-5.1770274061.387b318c-bp160.1.1.aarch64.rpm openQA-python-scripts-5.1770274061.387b318c-bp160.1.1.aarch64.rpm openQA-single-instance-5.1770274061.387b318c-bp160.1.1.aarch64.rpm openQA-single-instance-nginx-5.1770274061.387b318c-bp160.1.1.aarch64.rpm openQA-worker-5.1770274061.387b318c-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-124 Recommended update for gn moderate openSUSE Backports SLE-16.0 This update for gn fixes the following issues: Changes in gn: - Update to version 0.20251217: * Fix sha2 on big endian * [Windows] Reduce the number of worker threads on many-core machines * Add a sha256 hash implementation and use it for string_hash * Opt-in to the Windows SegmentHeap * Add a `module_name` flag to source_set. * Refactor module name to be dynamic. * Optimize vector creation in compile_commands_writer.cc. * Run 'tools/run_formatter.sh' * Implement `string_hash` function. * Support weak_libraries * Do not add .inputdeps paths to --ninja-outputs-file * Make clang modules output -fmodule-file=foo=<pcm>. * infra: Revert CIPD autoconf * infra: Include autoconf bin directory to PATH * infra: Fix autoconf executable path * infra: Use CIPD autoconf * Allow led access in GN via http://go/ciba * Revert "Build non-linkable deps async with Ninja's validaitons" * Upgrade linux bots from ubuntu 22.04 to ubuntu 24.04 * Use unordered_map instead of map in HeaderChecker * Add --file_relation to gn refs command * Optimize vector initialization and preallocation in desc_builder.cc. * Add `reserve` statement when vector size is known beforehand. * Refactor container update by preferring the range insert. * Handle symlinked directories correctly during gn clean on Windows. * Fix relative imports from args.gn. - Update to version 0.20250918: * update reference.md * Include -fmodule-file flags in compile_commands.json * Refactor C++ module dependency logic into a new utility * Gitiles navigation bar * Adds a len() function * Avoid clashes of include_dir in rust-project.json. * Check all targets to find duplicated outputs. * infra/config: Remove luci.recipes.use_python3 experiment * Handle empty outputs in WriteInputDepsStampOrPhonyAndGetDep * build: Propagate module dependencies through group targets * Deduplicate item in 'deps', 'sources' and related lists * infra: Update comment for macOS version used in CQ/CI * [Apple] Allow passing a manifest to the post-processing script * Update link to buganizer in README.md * [Apple] Fix `gn gen` when using swift and no_stamp_files * [Apple] Remove deprecated aliases for `post_processing_$var` * Revert "Allow newline in string literal" * Use std::ranges::all_of in parse_tree_unittest * infra: Correctly use macOS 13 instead of 11 * Update Xcode and macOS version in bots * infra: Add shadow buckets to trigger led job * Allow newline in string literal * Revert "Update macOS version to 13 used in CQ/CI" * Update macOS version to 13 used in CQ/CI * Refactor command_format.cc * Shorten targets from //path/to/foo:foo to //path/to/foo * Modernize and improve parse_tree.cc * Auto-format the codebase * Remove hardcoded -fmodules-embed-all-files flag * Reland "Use JSON escaping for JSON string output" gn-0.20251217-bp160.1.1.x86_64.rpm gn-0.20251217-bp160.1.1.s390x.rpm gn-0.20251217-bp160.1.1.ppc64le.rpm gn-0.20251217-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-125 Recommended update for motif moderate openSUSE Backports SLE-16.0 This update for motif fixes the following issues: Introduce motif. libMrm4-2.3.8-bp160.1.1.x86_64.rpm libUil4-2.3.8-bp160.1.1.x86_64.rpm libXm4-2.3.8-bp160.1.1.x86_64.rpm motif-2.3.8-bp160.1.1.x86_64.rpm motif-devel-2.3.8-bp160.1.1.x86_64.rpm libMrm4-2.3.8-bp160.1.1.s390x.rpm libUil4-2.3.8-bp160.1.1.s390x.rpm libXm4-2.3.8-bp160.1.1.s390x.rpm motif-2.3.8-bp160.1.1.s390x.rpm motif-devel-2.3.8-bp160.1.1.s390x.rpm libMrm4-2.3.8-bp160.1.1.ppc64le.rpm libUil4-2.3.8-bp160.1.1.ppc64le.rpm libXm4-2.3.8-bp160.1.1.ppc64le.rpm motif-2.3.8-bp160.1.1.ppc64le.rpm motif-devel-2.3.8-bp160.1.1.ppc64le.rpm libMrm4-2.3.8-bp160.1.1.aarch64.rpm libUil4-2.3.8-bp160.1.1.aarch64.rpm libXm4-2.3.8-bp160.1.1.aarch64.rpm motif-2.3.8-bp160.1.1.aarch64.rpm motif-devel-2.3.8-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-126 Recommended update for OpenSMTPD moderate openSUSE Backports SLE-16.0 This update for OpenSMTPD fixes the following issues: Introduce OpenSMTPD. OpenSMTPD-7.8.0p0-bp160.1.1.x86_64.rpm OpenSMTPD-7.8.0p0-bp160.1.1.s390x.rpm OpenSMTPD-7.8.0p0-bp160.1.1.ppc64le.rpm OpenSMTPD-7.8.0p0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-127 Recommended update for kbuild moderate openSUSE Backports SLE-16.0 This update for kbuild fixes the following issues: Changes in kbuild: - Update to snapshot 0.1.9998+svn3686 * header.kmk,footer-pass2-compiling-targets.kmk: Added EARLY_LIBS and LATE_LIBS properties to better control the library order when using templates. The libraries are collected from EARLY_LIBS first, then LIBS, and LATE_LIBS last. * header.kmk: Added KB_FN_LOAD_TOOL and KB_FN_LOAD_SDK for explictly loading a tool or an sdk implementation. * kmk: Automatically ascend if no makefile found and a goal was given on the command line. This is to eliminating the need for Makefile.kup-files as far as compiling individual source files from an editor is concerned. * header.kmk: Always zap the IFS variable so it won't confuse kmk_ash. * kmk/job.c: Deal with escape sequences inside double quotes when we're using kmk_ash. * kBuild/header.kmk: drop the .noarch suffix for KBUILD_DEVTOOLS_TRG_NOARCH and KBUILD_DEVTOOLS_HST_NOARCH. kbuild-0.1.9998+svn3686-bp160.1.1.x86_64.rpm kbuild-0.1.9998+svn3686-bp160.1.1.ppc64le.rpm kbuild-0.1.9998+svn3686-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-128 Security update for htmldoc critical openSUSE Backports SLE-16.0 This update for htmldoc fixes the following issues: Changes in htmldoc: - CVE-2024-46478: Fixed buffer overflow when handling tabs through the parse_pre function (bsc#1232380). - version update to 1.9.23: * Fixed a regression in list handling that caused a crash for empty list items (Issue #553) * Fixed a regression in the number of rendered table of contents levels in PDF and PostScript output (Issue #554) - version update to 1.9.22: * Added a "--without-http" configure option to build without CUPS HTTP/HTTPS support (Issue #547) * Updated HTTP/HTTPS support to work with both CUPS 2.x and 3.x. * Updated the maximum image dimension to prevent integer overflow on 32-bit platforms (Issue #550) * Updated the HTML parser to correctly report the line number of errors in files with more than 2^32-1 lines (Issue #551) * Fixed a crash bug with certain markdown files (Issue #548) * Fixed an unrestricted recursion bug when reading and formatting HTML (Issue #552) - version update to 1.9.21 * Updated HTTP/HTTPS connection error reporting to include the reason. * Updated markdown parser. * Updated the HTTP/HTTPS connection timeout to 5 minutes (Issue #541) * Fixed a bug in the new PDF link code (Issue #536) * Fixed a bug in the number-up code (Issue #539) * Fixed a regression in leading whitespace handling (Issue #540) * Fixed a bug in numbered heading support (Issue #543) * Fixed a bug with setting the header on the first page (Issue #544) * Fixed paths in the HTMLDOC snap (Issue #545) - update to 1.9.20: * Fix a regression that caused spaces to disappear between some words * Fix resolution of relative links within a document - includes changes from 1.9.19: * Add support for ‘file’ method in links * Update markdown support code to mmd * Fix hyperlinks to subfolders * Fix export of UTF-8 HTML * Fix handling of whitespace-only nodes * Fix case sensitivity of link targets htmldoc-1.9.23-bp160.1.1.x86_64.rpm htmldoc-1.9.23-bp160.1.1.s390x.rpm htmldoc-1.9.23-bp160.1.1.ppc64le.rpm htmldoc-1.9.23-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-129 Recommended update for gitea-tea moderate openSUSE Backports SLE-16.0 This update for gitea-tea fixes the following issues: Changes in gitea-tea: - Fix terminal rendering errors gitea-tea-0.11.1-bp160.3.1.x86_64.rpm gitea-tea-bash-completion-0.11.1-bp160.3.1.noarch.rpm gitea-tea-zsh-completion-0.11.1-bp160.3.1.noarch.rpm gitea-tea-0.11.1-bp160.3.1.s390x.rpm gitea-tea-0.11.1-bp160.3.1.ppc64le.rpm gitea-tea-0.11.1-bp160.3.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-13 Recommended update for openQA, os-autoinst moderate openSUSE Backports SLE-16.0 This update for openQA, os-autoinst fixes the following issues: Changes in openQA: - Update to version 5.1761296552.ae7c17aa: * Add tests for file_security_policy * Pass parameter $is_userfile to log_url * Remove redirect and serve files as attachments if necessary * Serve files uploaded by tests via asset domain * Use direct link to subdomain for the test assets * Revert "Don't redirect to asset domain via /needles/ID/(image|json) route" * Revert "Don't redirect screenshots, thumbs and needles to files_domain" - Update to version 5.1761228068.a3a7f84d: * Dependency cron 2025-10-23 - Update to version 5.1761037330.ad78558e: * Avoid needless check for number of clones * Avoid creation of `git_clone` tasks for jobs with empty `DISTRI` - Update to version 5.1760515610.a802d1dd: * Lower the prio of archiving jobs to avoid piling up finalize jobs * Add signatures in Schema::Result::ApiKeys - Update to version 5.1760245411.e3aeaaec: * Dependency cron 2025-10-12 - Update to version 5.1760108577.fd2f2a48: * Log unavailability due to high load only as warning * Filter job stats of scheduled products also by arch and build * Document how to disable image optimizations * Make image optimization errors stop the job producing an incomplete job * Improve wording in description about job stats API * Run `optipng` for real and handle errors if it fails - Update to version 5.1759912962.689b31ed: * Avoid failing `obs_rsync_run` jobs when restarting `openqa-gru.service` - Update to version 5.1759834744.06a7028a: * parser: ktap: Return earlier if subtest result is SKIP * parser: ktap: Fallback to subtest index if name is not available - Update to version 5.1759440640.bb989cab: * Don't redirect to asset domain via /needles/ID/(image|json) route - Update to version 5.1759402042.49e912c3: * Introduce array job settings * Retry `obs_rsync_update_*` tasks if Gru service terminates - Update to version 5.1759329378.3b8e8685: * Reduce the number of required checks for Mergify again * Ensure a failing cache service is seen as such by the worker/scheduler - Update to version 5.1759248257.70b23b32: * Increase number of successful checks in Mergify config again * Disable Helm Chart CI checks temporarily * Consider all jobs for cleanup, not just jobs that were executed * Verify job deletion when dependent job present - Update to version 5.1759149505.49c40b0b: * Use always the latest PostgreSQL image in Compose and documentation * Update the PostgreSQL version in the contributing documentation * Update PostgreSQL data path in Docker Compose file after updating to v18 * Specify PostgreSQL version in Docker Compose configuration explicitly * mergify: Allow more time for dependabot update reaction * Remove version property from docker-compose * README: Fix openQA badge after switch to UEFI * build(deps-dev): bump eslint from 9.35.0 to 9.36.0 - Update to version 5.1758910696.7549bb98: * Replace argument assignment with signatures on ObsRsync/Task * Enable automatic dependabot updates again after improvements * docs: Add instructions for a continuous dashboard setup * Replace argument assignment with signatures Folders package * Fully cover WebAPI::Plugin::ObsRsync::Controller::Folders * script: Also use OPENQA_WEBUI_MODE for related services - Update to version 5.1758814503.03d923a4: * Use Mojo::File in Worker for is_qemu_running * Use Mojo::File in Worker for meminfo * Document archiving of important jobs - Update to version 5.1758729450.b88c0b40: * Reject jobs if worker is broken when receiving a new job - Update to version 5.1758711845.e5c02221: * script: Allow to configure openQA mode * t: run at least once Memorylimit register with max_rss_limit > 0 * Replace argument assignation with signatures on MemoryLimit Changes in os-autoinst: - Update to version 5.1761036042.c43e4ab: * Update perltidy * Allow redirects in needle NeedleDownloader * Don't overwrite firewall xml * Add UEFI support for ipxe kernel boot * os-autoinst-setup-multi-machine: Simplify determine_ethernet_interface - Update to version 5.1759328765.e7438f7: * Allow redirects in needle NeedleDownloader * Don't overwrite firewall xml * Add UEFI support for ipxe kernel boot * t: Use consistent Mojo::File in 08-autotest as well * os-autoinst-setup-multi-machine: Simplify determine_ethernet_interface - Update to version 5.1759134946.e08d7c7: * Add UEFI support for ipxe kernel boot * t: Use consistent Mojo::File in 08-autotest as well * os-autoinst-setup-multi-machine: Simplify determine_ethernet_interface * os-autoinst-setup-multi-machine: Only call zypper when necessary * os-autoinst-setup-multi-machine: Improve network interface check openQA-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm openQA-auto-update-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm openQA-bootstrap-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm openQA-client-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm openQA-common-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm openQA-continuous-update-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm openQA-devel-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm openQA-doc-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm openQA-local-db-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm openQA-mcp-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm openQA-munin-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm openQA-python-scripts-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm openQA-single-instance-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm openQA-single-instance-nginx-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm openQA-worker-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm os-autoinst-5.1761036042.c43e4ab-bp160.1.1.aarch64.rpm os-autoinst-devel-5.1761036042.c43e4ab-bp160.1.1.aarch64.rpm os-autoinst-ipmi-deps-5.1761036042.c43e4ab-bp160.1.1.aarch64.rpm os-autoinst-openvswitch-5.1761036042.c43e4ab-bp160.1.1.aarch64.rpm os-autoinst-s390-deps-5.1761036042.c43e4ab-bp160.1.1.aarch64.rpm os-autoinst-swtpm-5.1761036042.c43e4ab-bp160.1.1.aarch64.rpm openQA-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm openQA-auto-update-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm openQA-bootstrap-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm openQA-client-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm openQA-common-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm openQA-continuous-update-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm openQA-devel-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm openQA-doc-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm openQA-local-db-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm openQA-mcp-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm openQA-munin-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm openQA-python-scripts-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm openQA-single-instance-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm openQA-single-instance-nginx-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm openQA-worker-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm os-autoinst-5.1761036042.c43e4ab-bp160.1.1.ppc64le.rpm os-autoinst-devel-5.1761036042.c43e4ab-bp160.1.1.ppc64le.rpm os-autoinst-ipmi-deps-5.1761036042.c43e4ab-bp160.1.1.ppc64le.rpm os-autoinst-openvswitch-5.1761036042.c43e4ab-bp160.1.1.ppc64le.rpm os-autoinst-s390-deps-5.1761036042.c43e4ab-bp160.1.1.ppc64le.rpm os-autoinst-swtpm-5.1761036042.c43e4ab-bp160.1.1.ppc64le.rpm openQA-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm openQA-auto-update-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm openQA-bootstrap-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm openQA-client-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm openQA-common-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm openQA-continuous-update-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm openQA-devel-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm openQA-doc-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm openQA-local-db-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm openQA-mcp-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm openQA-munin-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm openQA-python-scripts-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm openQA-single-instance-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm openQA-single-instance-nginx-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm openQA-worker-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm os-autoinst-5.1761036042.c43e4ab-bp160.1.1.s390x.rpm os-autoinst-devel-5.1761036042.c43e4ab-bp160.1.1.s390x.rpm os-autoinst-ipmi-deps-5.1761036042.c43e4ab-bp160.1.1.s390x.rpm os-autoinst-openvswitch-5.1761036042.c43e4ab-bp160.1.1.s390x.rpm os-autoinst-s390-deps-5.1761036042.c43e4ab-bp160.1.1.s390x.rpm os-autoinst-swtpm-5.1761036042.c43e4ab-bp160.1.1.s390x.rpm openQA-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm openQA-auto-update-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm openQA-bootstrap-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm openQA-client-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm openQA-common-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm openQA-continuous-update-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm openQA-devel-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm openQA-doc-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm openQA-local-db-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm openQA-mcp-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm openQA-munin-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm openQA-python-scripts-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm openQA-single-instance-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm openQA-single-instance-nginx-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm openQA-worker-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm os-autoinst-5.1761036042.c43e4ab-bp160.1.1.x86_64.rpm os-autoinst-devel-5.1761036042.c43e4ab-bp160.1.1.x86_64.rpm os-autoinst-ipmi-deps-5.1761036042.c43e4ab-bp160.1.1.x86_64.rpm os-autoinst-openvswitch-5.1761036042.c43e4ab-bp160.1.1.x86_64.rpm os-autoinst-qemu-kvm-5.1761036042.c43e4ab-bp160.1.1.x86_64.rpm os-autoinst-qemu-x86-5.1761036042.c43e4ab-bp160.1.1.x86_64.rpm os-autoinst-s390-deps-5.1761036042.c43e4ab-bp160.1.1.x86_64.rpm os-autoinst-swtpm-5.1761036042.c43e4ab-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-130 Recommended update for neovim low openSUSE Backports SLE-16.0 This update for neovim fixes the following issues: Changes in neovim: - Update license header in the spec file template neovim-0.11.3-bp160.2.1.x86_64.rpm neovim-lang-0.11.3-bp160.2.1.noarch.rpm neovim-0.11.3-bp160.2.1.s390x.rpm neovim-0.11.3-bp160.2.1.ppc64le.rpm neovim-0.11.3-bp160.2.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-131 Recommended update for python-tenacity moderate openSUSE Backports SLE-16.0 This update for python-tenacity fixes the following issues: Introduce python-tenacity. python313-tenacity-9.1.2-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-132 Recommended update for python-pynetbox moderate openSUSE Backports SLE-16.0 This update for python-pynetbox fixes the following issues: Introduce python-pynetbox. python313-pynetbox-7.6.1-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-133 Recommended update for python-radon, python-mando moderate openSUSE Backports SLE-16.0 This update for python-radon, python-mando fixes the following issues: Introduce python-radon and dependency python-mando. python313-radon-6.0.1-bp160.1.1.noarch.rpm python313-mando-0.7.1-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-134 Security update for chromium important openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: Changes in chromium: - more fixes for desktop file, some variables were lowercased, further adaptions in INSTALL script (boo#1258199) - also copy rollup into third_party/node/node_modules - stay on llvm-10 for swiftshader but bring a similar patch - drop use of rollup binaries and use rollup-3.x which does not use prebuilt binaries (that fail at least on older ppc64le) follow the approach of the debian packaging - update/resync ppc64le patches from fedora - fix INSTALL.sh again to replace the tags in desktop file, appdata and manpage (boo#1258199) - Chromium 145.0.7632.75: * CVE-2026-2441: Use after free in CSS (boo#1258185) - Chromium 145.0.7632.67: * Revert a change in url_fixer that may have caused crashes - Chromium 145.0.7632.45 (boo#1258116) * jpeg-xl support has been readded * CVE-2026-2313: Use after free in CSS * CVE-2026-2314: Heap buffer overflow in Codecs * CVE-2026-2315: Inappropriate implementation in WebGPU * CVE-2026-2316: Insufficient policy enforcement in Frames * CVE-2026-2317: Inappropriate implementation in Animation * CVE-2026-2318: Inappropriate implementation in PictureInPicture * CVE-2026-2319: Race in DevTools * CVE-2026-2320: Inappropriate implementation in File input * CVE-2026-2321: Use after free in Ozone * CVE-2026-2322: Inappropriate implementation in File input * CVE-2026-2323: Inappropriate implementation in Downloads chromedriver-145.0.7632.75-bp160.1.1.x86_64.rpm chromium-145.0.7632.75-bp160.1.1.x86_64.rpm chromedriver-145.0.7632.75-bp160.1.1.ppc64le.rpm chromium-145.0.7632.75-bp160.1.1.ppc64le.rpm chromedriver-145.0.7632.75-bp160.1.1.aarch64.rpm chromium-145.0.7632.75-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-135 Security update for python-Authlib moderate openSUSE Backports SLE-16.0 This update for python-Authlib fixes the following issues: Changes in python-Authlib: - CVE-2025-68158: Fixed 1-click account takeover in applications that use the Authlib library (bsc#1256414) python313-Authlib-1.5.2-bp160.2.1.noarch.rpm openSUSE-Leap-16.0-packagehub-136 Security update for chromium important openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: Changes in chromium: - Chromium 145.0.7632.109 (boo#1258438): * CVE-2026-2648: Heap buffer overflow in PDFium * CVE-2026-2649: Integer overflow in V8 * CVE-2026-2650: Heap buffer overflow in Media chromedriver-145.0.7632.109-bp160.1.1.x86_64.rpm chromium-145.0.7632.109-bp160.1.1.x86_64.rpm chromedriver-145.0.7632.109-bp160.1.1.ppc64le.rpm chromium-145.0.7632.109-bp160.1.1.ppc64le.rpm chromedriver-145.0.7632.109-bp160.1.1.aarch64.rpm chromium-145.0.7632.109-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-137 Recommended update for qscintilla, python-qt5, python-qtwebengine-qt5 moderate openSUSE Backports SLE-16.0 This update for qscintilla, python-qt5, python-qtwebengine-qt5 fixes the following issues: Changes in qscintilla: - Allow lowercase distinfo due to new pyqt-builder following PEP 639 Changes in python-qt5: - Allow lowercase distinfo due to new pyqt-builder following PEP 639 Changes in python-qtwebengine-qt5: - Allow lowercase distinfo due to new pyqt-builder following PEP 639 libqscintilla2_qt5-15-2.14.1-bp160.2.1.x86_64.rpm python313-qscintilla-qt5-2.14.1-bp160.2.1.x86_64.rpm qscintilla-qt5-2.14.1-bp160.2.1.x86_64.rpm qscintilla-qt5-devel-2.14.1-bp160.2.1.x86_64.rpm libqscintilla2_qt6-15-2.14.1-bp160.2.1.x86_64.rpm python313-PyQt6-QScintilla-2.14.1-bp160.2.1.x86_64.rpm qscintilla-qt6-2.14.1-bp160.2.1.x86_64.rpm qscintilla-qt6-devel-2.14.1-bp160.2.1.x86_64.rpm python313-qt5-5.15.10-bp160.2.1.x86_64.rpm python313-qt5-devel-5.15.10-bp160.2.1.x86_64.rpm python313-qt5-doc-5.15.10-bp160.2.1.noarch.rpm python313-qt5-quick3d-5.15.10-bp160.2.1.x86_64.rpm python313-qt5-quick3d-devel-5.15.10-bp160.2.1.x86_64.rpm python313-qt5-remoteobjects-5.15.10-bp160.2.1.x86_64.rpm python313-qt5-remoteobjects-devel-5.15.10-bp160.2.1.x86_64.rpm python313-qtwebengine-qt5-5.15.6-bp160.2.1.x86_64.rpm python313-qtwebengine-qt5-devel-5.15.6-bp160.2.1.x86_64.rpm libqscintilla2_qt5-15-2.14.1-bp160.2.1.s390x.rpm python313-qscintilla-qt5-2.14.1-bp160.2.1.s390x.rpm qscintilla-qt5-2.14.1-bp160.2.1.s390x.rpm qscintilla-qt5-devel-2.14.1-bp160.2.1.s390x.rpm libqscintilla2_qt6-15-2.14.1-bp160.2.1.s390x.rpm python313-PyQt6-QScintilla-2.14.1-bp160.2.1.s390x.rpm qscintilla-qt6-2.14.1-bp160.2.1.s390x.rpm qscintilla-qt6-devel-2.14.1-bp160.2.1.s390x.rpm python313-qt5-5.15.10-bp160.2.1.s390x.rpm python313-qt5-devel-5.15.10-bp160.2.1.s390x.rpm python313-qt5-quick3d-5.15.10-bp160.2.1.s390x.rpm python313-qt5-quick3d-devel-5.15.10-bp160.2.1.s390x.rpm python313-qt5-remoteobjects-5.15.10-bp160.2.1.s390x.rpm python313-qt5-remoteobjects-devel-5.15.10-bp160.2.1.s390x.rpm libqscintilla2_qt5-15-2.14.1-bp160.2.1.ppc64le.rpm python313-qscintilla-qt5-2.14.1-bp160.2.1.ppc64le.rpm qscintilla-qt5-2.14.1-bp160.2.1.ppc64le.rpm qscintilla-qt5-devel-2.14.1-bp160.2.1.ppc64le.rpm libqscintilla2_qt6-15-2.14.1-bp160.2.1.ppc64le.rpm python313-PyQt6-QScintilla-2.14.1-bp160.2.1.ppc64le.rpm qscintilla-qt6-2.14.1-bp160.2.1.ppc64le.rpm qscintilla-qt6-devel-2.14.1-bp160.2.1.ppc64le.rpm python313-qt5-5.15.10-bp160.2.1.ppc64le.rpm python313-qt5-devel-5.15.10-bp160.2.1.ppc64le.rpm python313-qt5-quick3d-5.15.10-bp160.2.1.ppc64le.rpm python313-qt5-quick3d-devel-5.15.10-bp160.2.1.ppc64le.rpm python313-qt5-remoteobjects-5.15.10-bp160.2.1.ppc64le.rpm python313-qt5-remoteobjects-devel-5.15.10-bp160.2.1.ppc64le.rpm libqscintilla2_qt5-15-2.14.1-bp160.2.1.aarch64.rpm python313-qscintilla-qt5-2.14.1-bp160.2.1.aarch64.rpm qscintilla-qt5-2.14.1-bp160.2.1.aarch64.rpm qscintilla-qt5-devel-2.14.1-bp160.2.1.aarch64.rpm libqscintilla2_qt6-15-2.14.1-bp160.2.1.aarch64.rpm python313-PyQt6-QScintilla-2.14.1-bp160.2.1.aarch64.rpm qscintilla-qt6-2.14.1-bp160.2.1.aarch64.rpm qscintilla-qt6-devel-2.14.1-bp160.2.1.aarch64.rpm python313-qt5-5.15.10-bp160.2.1.aarch64.rpm python313-qt5-devel-5.15.10-bp160.2.1.aarch64.rpm python313-qt5-quick3d-5.15.10-bp160.2.1.aarch64.rpm python313-qt5-quick3d-devel-5.15.10-bp160.2.1.aarch64.rpm python313-qt5-remoteobjects-5.15.10-bp160.2.1.aarch64.rpm python313-qt5-remoteobjects-devel-5.15.10-bp160.2.1.aarch64.rpm python313-qtwebengine-qt5-5.15.6-bp160.2.1.aarch64.rpm python313-qtwebengine-qt5-devel-5.15.6-bp160.2.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-138 Security update for mosquitto critical openSUSE Backports SLE-16.0 This update for mosquitto fixes the following issues: Changes in mosquitto: - update to 2.0.23 (boo#1258671) * Fix handling of disconnected sessions for `per_listener_settings true` * Check return values of openssl *_get_ex_data() and *_set_ex_data() to prevent possible crash. This could occur only in extremely unlikely situations * Check return value of openssl ASN1_string_[get0_]data() functions for NULL. This prevents a crash in case of incorrect certificate handling in openssl * Fix potential crash on startup if a malicious/corrupt persistence file from mosquitto 1.5 or earlier is loaded * Limit auto_id_prefix to 50 characters - Update to version 2.0.22 Broker * Bridge: Fix idle_timeout never occurring for lazy bridges. * Fix case where max_queued_messages = 0 was not treated as unlimited. * Fix --version exit code and output. * Fix crash on receiving a $CONTROL message over a bridge, if per_listener_settings is set true and the bridge is carrying out topic remapping. * Fix incorrect reference clock being selected on startup on Linux. Closes #3238. * Fix reporting of client disconnections being incorrectly attributed to "out of memory". * Fix compilation when using WITH_OLD_KEEPALIVE. * Fix problems with secure websockets. * Fix crash on exit when using WITH_EPOLL=no. * Fix clients being incorrectly expired when they have keepalive == max_keepalive. Closes #3226, #3286. Dynamic security plugin * Fix mismatch memory free when saving config which caused memory tracking to be incorrect. Client library * Fix C++ symbols being removed when compiled with link time optimisation. * TLS error handling was incorrectly setting a protocol error for non-TLS errors. This would cause the mosquitto_loop_start() thread to exit if no broker was available on the first connection attempt. This has been fixed. Closes #3258. * Fix linker errors on some architectures using cmake. - Update to version 2.0.21 Broker * Fix clients sending a RESERVED packet not being quickly disconnected. * Fix bind_interface producing an error when used with an interface that has an IPv6 link-local address and no other IPv6 addresses. * Fix mismatched wrapped/unwrapped memory alloc/free in properties. * Fix allow_anonymous false not being applied in local only mode. * Add retain_expiry_interval option to fix expired retained message not being removed from memory if they are not subscribed to. * Produce an error if invalid combinations of cafile/capath/certfile/keyfile are used. * Backport keepalive checking from develop to fix problems in current implementation. Client library * Fix potential deadlock in mosquitto_sub if -W is used. Apps * mosquitto_ctrl dynsec now also allows -i to specify a clientid as well as -c. This matches the documentation which states -i. Tests * Fix 08-ssl-connect-cert-auth-expired and 08-ssl-connect-cert-auth-revoked tests when under load. - systemd service: Wait till the network got setup to avoid startup failure. libmosquitto1-2.0.23-bp160.1.1.x86_64.rpm libmosquittopp1-2.0.23-bp160.1.1.x86_64.rpm mosquitto-2.0.23-bp160.1.1.x86_64.rpm mosquitto-clients-2.0.23-bp160.1.1.x86_64.rpm mosquitto-devel-2.0.23-bp160.1.1.x86_64.rpm libmosquitto1-2.0.23-bp160.1.1.s390x.rpm libmosquittopp1-2.0.23-bp160.1.1.s390x.rpm mosquitto-2.0.23-bp160.1.1.s390x.rpm mosquitto-clients-2.0.23-bp160.1.1.s390x.rpm mosquitto-devel-2.0.23-bp160.1.1.s390x.rpm libmosquitto1-2.0.23-bp160.1.1.ppc64le.rpm libmosquittopp1-2.0.23-bp160.1.1.ppc64le.rpm mosquitto-2.0.23-bp160.1.1.ppc64le.rpm mosquitto-clients-2.0.23-bp160.1.1.ppc64le.rpm mosquitto-devel-2.0.23-bp160.1.1.ppc64le.rpm libmosquitto1-2.0.23-bp160.1.1.aarch64.rpm libmosquittopp1-2.0.23-bp160.1.1.aarch64.rpm mosquitto-2.0.23-bp160.1.1.aarch64.rpm mosquitto-clients-2.0.23-bp160.1.1.aarch64.rpm mosquitto-devel-2.0.23-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-139 Security update for openQA, os-autoinst, openQA-devel-container important openSUSE Backports SLE-16.0 This update for openQA, os-autoinst, openQA-devel-container fixes the following issues: Changes in openQA: - Update to version 5.1771422749.560a3b26: * fix(mcp): set navbar check expression to read-only * feat: support inverted result filters in /tests/overview * fix(test): Enable helm install-chart test again * git subrepo pull (merge) --force external/os-autoinst-common * feat: Make allowed hosts for SCENARIO_DEFINITIONS_YAML_FILE configurable * test: Consider everything under `lib/OpenQA/Shared/` covered * fix: Provide specific error message if job was removed `enqueue_…_track` * refactor: Remove useless error message in `enqueue_and_keep_track` * test: Cover case of successful executing in `enqueue_and_keep_track` * refactor: Simplify error handling of `enqueue_and_keep_track` * test: Cover error handling of `enqueue_and_keep_track` * test: Consider shared session controller fully covered * refactor: Avoid duplications in sessions controller * refactor: Use signatures in session controller code * test: Cover error handling in case of a bad CRSF token * test: Cover test route for session * fix(worker): reject jobs explicitly when worker is stopping * feat: Remove workaround for codecov and gpg * feat: Switch to Leap 16 in Helm charts * feat: Switch to Leap 16.0 in openqa_data container * feat: Replace all Leap 15.6 with 16.0 in docs and scripts * test: Cover showing special image when backend has terminated * fix: Use new apachectl command * Update openQA containers to Leap 16.0 * test: Extend tests for controller handling live view * refactor: Move throttling into its own function * feat(throttling): throttle jobs resources based on parameters size * refactor: Avoid repeated use of `$t->app->minion` in gru tasks tests * feat: Allow archiving jobs with infinite important storage durations * feat: Flag jobs without results as archived for consistency * feat: Remove one corner case preventing jobs from being archived - Update to version 5.1770718745.ce2072d3: * feat(ui): use clickable test overview summary counts for quick filtering * build(Makefile): fix uninterruptable tests * docs: Mention caveats of `…_cleanup_max_free_percentage` setting * test(25-cache-service): fix race conditions * test(ui/21-admin-needles): properly wait for modal dialog and deletion * test(ui/13-admin): properly wait for API key deletion * test(40-openqa-clone-job): properly isolate from system config * test(15-asset): bump timeout to current runtime * chore: fix CVE-2026-25547 (boo#1257852) by overriding minimatch * build(deps-dev): bump @eslint from 9.36.0 to 9.38.0 * fix(eslint): correct style to be eslint-9.38 compliant * build(deps-dev): bump @eslint-community/regexpp from 4.12.1 to 4.12.2 * build(deps-dev): bump @eslint/config-array from 0.21.0 to 0.21.1 * build(deps-dev): bump @eslint/object-schema from 2.1.6 to 2.1.7 * refactor: Improve variable names in function to determine expired jobs * test: Improve name of subtest for archiving * test: Verify that archiving works regardless of logs/results present * Dependency cron 2026-02-06 * Bump js-yaml from 4.1.0 to 4.1.1 * build(deps): bump ace-builds from 1.43.3 to 1.43.4 - Update to version 5.1770308102.12dfd0e4: * fix: Configure sudoers correctly in Leap 16 * Also use devel:openQA/16.0 in dependency bot workflow * test: Consider all controller code covered * refactor: Remove unused "group connect" endpoints * test: Cover `openqa_jobs_by_worker` field of InfluxDB endpoint * test: Cover all cases of search of audit log table * refactor: Simplify function to render audit log index page * test: Add test for `eventid` parameter of audit log page * test: Cover remaining lines of `Asset.pm` - Update to version 5.1769644379.ef069e9d: Changes in os-autoinst: - Update to version 5.1771353921.c8005c9: * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings - Update to version 5.1770715824.6a80a85: * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings * test: Allow running tests with `Test::Warnings<0.033` * test: Format test of `loadtestdir` in a more compact way - Update to version 5.1770127521.c249fe9: * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings * test: Allow running tests with `Test::Warnings<0.033` * test: Format test of `loadtestdir` in a more compact way * test: Use `ENABLE_MODERN_PERL_FEATURES=1` in test suite * feat: Allow enabling strict/warnings/signatures globally * fix: Improve wrong comment about enablement of modern Perl features Changes in openQA-devel-container: - Update to version 5.1771422749.560a3b26b: * Update to latest openQA version openQA-5.1771422749.560a3b26-bp160.1.1.x86_64.rpm openQA-auto-update-5.1771422749.560a3b26-bp160.1.1.x86_64.rpm openQA-bootstrap-5.1771422749.560a3b26-bp160.1.1.x86_64.rpm openQA-client-5.1771422749.560a3b26-bp160.1.1.x86_64.rpm openQA-common-5.1771422749.560a3b26-bp160.1.1.x86_64.rpm openQA-continuous-update-5.1771422749.560a3b26-bp160.1.1.x86_64.rpm openQA-devel-5.1771422749.560a3b26-bp160.1.1.x86_64.rpm openQA-doc-5.1771422749.560a3b26-bp160.1.1.x86_64.rpm openQA-local-db-5.1771422749.560a3b26-bp160.1.1.x86_64.rpm openQA-mcp-5.1771422749.560a3b26-bp160.1.1.x86_64.rpm openQA-munin-5.1771422749.560a3b26-bp160.1.1.x86_64.rpm openQA-python-scripts-5.1771422749.560a3b26-bp160.1.1.x86_64.rpm openQA-single-instance-5.1771422749.560a3b26-bp160.1.1.x86_64.rpm openQA-single-instance-nginx-5.1771422749.560a3b26-bp160.1.1.x86_64.rpm openQA-worker-5.1771422749.560a3b26-bp160.1.1.x86_64.rpm os-autoinst-5.1771353921.c8005c9-bp160.1.1.x86_64.rpm os-autoinst-devel-5.1771353921.c8005c9-bp160.1.1.x86_64.rpm os-autoinst-ipmi-deps-5.1771353921.c8005c9-bp160.1.1.x86_64.rpm os-autoinst-openvswitch-5.1771353921.c8005c9-bp160.1.1.x86_64.rpm os-autoinst-qemu-kvm-5.1771353921.c8005c9-bp160.1.1.x86_64.rpm os-autoinst-qemu-x86-5.1771353921.c8005c9-bp160.1.1.x86_64.rpm os-autoinst-s390-deps-5.1771353921.c8005c9-bp160.1.1.x86_64.rpm os-autoinst-swtpm-5.1771353921.c8005c9-bp160.1.1.x86_64.rpm openQA-5.1771422749.560a3b26-bp160.1.1.s390x.rpm openQA-auto-update-5.1771422749.560a3b26-bp160.1.1.s390x.rpm openQA-bootstrap-5.1771422749.560a3b26-bp160.1.1.s390x.rpm openQA-client-5.1771422749.560a3b26-bp160.1.1.s390x.rpm openQA-common-5.1771422749.560a3b26-bp160.1.1.s390x.rpm openQA-continuous-update-5.1771422749.560a3b26-bp160.1.1.s390x.rpm openQA-devel-5.1771422749.560a3b26-bp160.1.1.s390x.rpm openQA-doc-5.1771422749.560a3b26-bp160.1.1.s390x.rpm openQA-local-db-5.1771422749.560a3b26-bp160.1.1.s390x.rpm openQA-mcp-5.1771422749.560a3b26-bp160.1.1.s390x.rpm openQA-munin-5.1771422749.560a3b26-bp160.1.1.s390x.rpm openQA-python-scripts-5.1771422749.560a3b26-bp160.1.1.s390x.rpm openQA-single-instance-5.1771422749.560a3b26-bp160.1.1.s390x.rpm openQA-single-instance-nginx-5.1771422749.560a3b26-bp160.1.1.s390x.rpm openQA-worker-5.1771422749.560a3b26-bp160.1.1.s390x.rpm os-autoinst-5.1771353921.c8005c9-bp160.1.1.s390x.rpm os-autoinst-devel-5.1771353921.c8005c9-bp160.1.1.s390x.rpm os-autoinst-ipmi-deps-5.1771353921.c8005c9-bp160.1.1.s390x.rpm os-autoinst-openvswitch-5.1771353921.c8005c9-bp160.1.1.s390x.rpm os-autoinst-s390-deps-5.1771353921.c8005c9-bp160.1.1.s390x.rpm os-autoinst-swtpm-5.1771353921.c8005c9-bp160.1.1.s390x.rpm openQA-5.1771422749.560a3b26-bp160.1.1.ppc64le.rpm openQA-auto-update-5.1771422749.560a3b26-bp160.1.1.ppc64le.rpm openQA-bootstrap-5.1771422749.560a3b26-bp160.1.1.ppc64le.rpm openQA-client-5.1771422749.560a3b26-bp160.1.1.ppc64le.rpm openQA-common-5.1771422749.560a3b26-bp160.1.1.ppc64le.rpm openQA-continuous-update-5.1771422749.560a3b26-bp160.1.1.ppc64le.rpm openQA-devel-5.1771422749.560a3b26-bp160.1.1.ppc64le.rpm openQA-doc-5.1771422749.560a3b26-bp160.1.1.ppc64le.rpm openQA-local-db-5.1771422749.560a3b26-bp160.1.1.ppc64le.rpm openQA-mcp-5.1771422749.560a3b26-bp160.1.1.ppc64le.rpm openQA-munin-5.1771422749.560a3b26-bp160.1.1.ppc64le.rpm openQA-python-scripts-5.1771422749.560a3b26-bp160.1.1.ppc64le.rpm openQA-single-instance-5.1771422749.560a3b26-bp160.1.1.ppc64le.rpm openQA-single-instance-nginx-5.1771422749.560a3b26-bp160.1.1.ppc64le.rpm openQA-worker-5.1771422749.560a3b26-bp160.1.1.ppc64le.rpm os-autoinst-5.1771353921.c8005c9-bp160.1.1.ppc64le.rpm os-autoinst-devel-5.1771353921.c8005c9-bp160.1.1.ppc64le.rpm os-autoinst-ipmi-deps-5.1771353921.c8005c9-bp160.1.1.ppc64le.rpm os-autoinst-openvswitch-5.1771353921.c8005c9-bp160.1.1.ppc64le.rpm os-autoinst-s390-deps-5.1771353921.c8005c9-bp160.1.1.ppc64le.rpm os-autoinst-swtpm-5.1771353921.c8005c9-bp160.1.1.ppc64le.rpm openQA-5.1771422749.560a3b26-bp160.1.1.aarch64.rpm openQA-auto-update-5.1771422749.560a3b26-bp160.1.1.aarch64.rpm openQA-bootstrap-5.1771422749.560a3b26-bp160.1.1.aarch64.rpm openQA-client-5.1771422749.560a3b26-bp160.1.1.aarch64.rpm openQA-common-5.1771422749.560a3b26-bp160.1.1.aarch64.rpm openQA-continuous-update-5.1771422749.560a3b26-bp160.1.1.aarch64.rpm openQA-devel-5.1771422749.560a3b26-bp160.1.1.aarch64.rpm openQA-doc-5.1771422749.560a3b26-bp160.1.1.aarch64.rpm openQA-local-db-5.1771422749.560a3b26-bp160.1.1.aarch64.rpm openQA-mcp-5.1771422749.560a3b26-bp160.1.1.aarch64.rpm openQA-munin-5.1771422749.560a3b26-bp160.1.1.aarch64.rpm openQA-python-scripts-5.1771422749.560a3b26-bp160.1.1.aarch64.rpm openQA-single-instance-5.1771422749.560a3b26-bp160.1.1.aarch64.rpm openQA-single-instance-nginx-5.1771422749.560a3b26-bp160.1.1.aarch64.rpm openQA-worker-5.1771422749.560a3b26-bp160.1.1.aarch64.rpm os-autoinst-5.1771353921.c8005c9-bp160.1.1.aarch64.rpm os-autoinst-devel-5.1771353921.c8005c9-bp160.1.1.aarch64.rpm os-autoinst-ipmi-deps-5.1771353921.c8005c9-bp160.1.1.aarch64.rpm os-autoinst-openvswitch-5.1771353921.c8005c9-bp160.1.1.aarch64.rpm os-autoinst-s390-deps-5.1771353921.c8005c9-bp160.1.1.aarch64.rpm os-autoinst-swtpm-5.1771353921.c8005c9-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-14 Recommended update for product-composer moderate openSUSE Backports SLE-16.0 This update for product-composer fixes the following issues: Update to version 0.6.16: - merge updateinfo's with same id into one - error out on updateinfo with same id, but non-mergable content Update to version 0.6.15: * Support updateinfo handling in arch specific meta data Update to version 0.6.14: * option to disable joliet extensions on media * no joliet extensions on source and debug media anymore product-composer-0.6.16-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-140 Security update for gimp low openSUSE Backports SLE-16.0 This update for gimp fixes the following issues: Changes in gimp: - CVE-2026-2239: Fixed a heap buffer overflow in psd-util.c (bsc#1257959). gimp-3.0.8-bp160.2.1.x86_64.rpm gimp-devel-3.0.8-bp160.2.1.x86_64.rpm gimp-extension-goat-excercises-3.0.8-bp160.2.1.x86_64.rpm gimp-lang-3.0.8-bp160.2.1.noarch.rpm gimp-plugin-aa-3.0.8-bp160.2.1.x86_64.rpm gimp-plugin-python3-3.0.8-bp160.2.1.x86_64.rpm gimp-vala-3.0.8-bp160.2.1.x86_64.rpm libgimp-3_0-0-3.0.8-bp160.2.1.x86_64.rpm libgimpui-3_0-0-3.0.8-bp160.2.1.x86_64.rpm gimp-3.0.8-bp160.2.1.ppc64le.rpm gimp-devel-3.0.8-bp160.2.1.ppc64le.rpm gimp-extension-goat-excercises-3.0.8-bp160.2.1.ppc64le.rpm gimp-plugin-aa-3.0.8-bp160.2.1.ppc64le.rpm gimp-plugin-python3-3.0.8-bp160.2.1.ppc64le.rpm gimp-vala-3.0.8-bp160.2.1.ppc64le.rpm libgimp-3_0-0-3.0.8-bp160.2.1.ppc64le.rpm libgimpui-3_0-0-3.0.8-bp160.2.1.ppc64le.rpm gimp-3.0.8-bp160.2.1.aarch64.rpm gimp-devel-3.0.8-bp160.2.1.aarch64.rpm gimp-extension-goat-excercises-3.0.8-bp160.2.1.aarch64.rpm gimp-plugin-aa-3.0.8-bp160.2.1.aarch64.rpm gimp-plugin-python3-3.0.8-bp160.2.1.aarch64.rpm gimp-vala-3.0.8-bp160.2.1.aarch64.rpm libgimp-3_0-0-3.0.8-bp160.2.1.aarch64.rpm libgimpui-3_0-0-3.0.8-bp160.2.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-141 Recommended update for uzdoom moderate openSUSE Backports SLE-16.0 This update for uzdoom fixes the following issues: Introduces uzdoom. uzdoom-4.14.3-bp160.1.1.x86_64.rpm uzdoom-4.14.3-bp160.1.1.s390x.rpm uzdoom-4.14.3-bp160.1.1.ppc64le.rpm uzdoom-4.14.3-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-142 Security update for chromium important openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: Changes in chromium: - Chromium 145.0.7632.116 (boo#1258733): * CVE-2026-3061: Out of bounds read in Media * CVE-2026-3062: Out of bounds read and write in Tint * CVE-2025-3063: Inappropriate implementation in DevTools chromedriver-145.0.7632.116-bp160.1.1.x86_64.rpm chromium-145.0.7632.116-bp160.1.1.x86_64.rpm chromedriver-145.0.7632.116-bp160.1.1.ppc64le.rpm chromium-145.0.7632.116-bp160.1.1.ppc64le.rpm chromedriver-145.0.7632.116-bp160.1.1.aarch64.rpm chromium-145.0.7632.116-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-143 Recommended update for openQA, os-autoinst, openQA-devel-container moderate openSUSE Backports SLE-16.0 This update for openQA, os-autoinst, openQA-devel-container fixes the following issues: Changes in openQA: - Update to version 5.1771872170.9e49dbec: * tweak: Improve logging of Git output * tweak: Avoid warnings about invalid revision ranges * tweak: Use normal warning log messages when encountering Git problems * fix: Avoid Perl warnings if URL passed to `git_commit_url` is invalid * fix: update ajv to fix moderate severity ReDoS vulnerability * fix: update minimatch override to fix high severity ReDoS vulnerability * openqa-load-templates: Slightly simplify - Update to version 5.1771626210.b82f14f2: * refactor(test/overview): use signatures and clean up code * refactor(test/overview): reduce duplication - Update to version 5.1771589939.8f8502b4: * feat: Improve default `PRODUCTDIR` after ef229dc2 * refactor(ui): simplify removal of empty query parameters (after rebase) * test(45-make-update-deps): allow bypassing dependency update check * fix(test): improve UI test robustness by using state-based waiting * test: Improve workaround for candidates menu not opening sometimes * docs: Mention use of relative paths in `CASEDIR` to avoid symlinking * fix: Fix wrong uses of "checkout" that should be "check out" * feat: support filtering by meta-results+states in /tests/overview * Revert "feat: Add symlink for aeon in openqa-bootstrap script" * fix(43-scheduling-and-worker-scalability): prevent sporadic issues * refactor: use join for properties in determine_free_workers * fix: do not cache websocket_api_version if not set - Update to version 5.1771473096.98530511: * feat(ui): remove empty query parameters from /tests/overview URL * feat: Allow specifying `CASEDIR` to avoid symlinking Changes in os-autoinst: - Update to version 5.1771858186.01b8328: * test: implement conventional commits check with gitlint * fix: Fix wrong uses of "checkout" that should be "check out" * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output - Update to version 5.1771520411.2601197: * fix: Fix wrong uses of "checkout" that should be "check out" * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs Changes in openQA-devel-container: - Update to version 5.1771872170.9e49dbec8: * Update to latest openQA version openQA-5.1771872170.9e49dbec-bp160.1.1.x86_64.rpm openQA-auto-update-5.1771872170.9e49dbec-bp160.1.1.x86_64.rpm openQA-bootstrap-5.1771872170.9e49dbec-bp160.1.1.x86_64.rpm openQA-client-5.1771872170.9e49dbec-bp160.1.1.x86_64.rpm openQA-common-5.1771872170.9e49dbec-bp160.1.1.x86_64.rpm openQA-continuous-update-5.1771872170.9e49dbec-bp160.1.1.x86_64.rpm openQA-devel-5.1771872170.9e49dbec-bp160.1.1.x86_64.rpm openQA-doc-5.1771872170.9e49dbec-bp160.1.1.x86_64.rpm openQA-local-db-5.1771872170.9e49dbec-bp160.1.1.x86_64.rpm openQA-mcp-5.1771872170.9e49dbec-bp160.1.1.x86_64.rpm openQA-munin-5.1771872170.9e49dbec-bp160.1.1.x86_64.rpm openQA-python-scripts-5.1771872170.9e49dbec-bp160.1.1.x86_64.rpm openQA-single-instance-5.1771872170.9e49dbec-bp160.1.1.x86_64.rpm openQA-single-instance-nginx-5.1771872170.9e49dbec-bp160.1.1.x86_64.rpm openQA-worker-5.1771872170.9e49dbec-bp160.1.1.x86_64.rpm os-autoinst-5.1771858186.01b8328-bp160.1.1.x86_64.rpm os-autoinst-devel-5.1771858186.01b8328-bp160.1.1.x86_64.rpm os-autoinst-ipmi-deps-5.1771858186.01b8328-bp160.1.1.x86_64.rpm os-autoinst-openvswitch-5.1771858186.01b8328-bp160.1.1.x86_64.rpm os-autoinst-qemu-kvm-5.1771858186.01b8328-bp160.1.1.x86_64.rpm os-autoinst-qemu-x86-5.1771858186.01b8328-bp160.1.1.x86_64.rpm os-autoinst-s390-deps-5.1771858186.01b8328-bp160.1.1.x86_64.rpm os-autoinst-swtpm-5.1771858186.01b8328-bp160.1.1.x86_64.rpm openQA-5.1771872170.9e49dbec-bp160.1.1.s390x.rpm openQA-auto-update-5.1771872170.9e49dbec-bp160.1.1.s390x.rpm openQA-bootstrap-5.1771872170.9e49dbec-bp160.1.1.s390x.rpm openQA-client-5.1771872170.9e49dbec-bp160.1.1.s390x.rpm openQA-common-5.1771872170.9e49dbec-bp160.1.1.s390x.rpm openQA-continuous-update-5.1771872170.9e49dbec-bp160.1.1.s390x.rpm openQA-devel-5.1771872170.9e49dbec-bp160.1.1.s390x.rpm openQA-doc-5.1771872170.9e49dbec-bp160.1.1.s390x.rpm openQA-local-db-5.1771872170.9e49dbec-bp160.1.1.s390x.rpm openQA-mcp-5.1771872170.9e49dbec-bp160.1.1.s390x.rpm openQA-munin-5.1771872170.9e49dbec-bp160.1.1.s390x.rpm openQA-python-scripts-5.1771872170.9e49dbec-bp160.1.1.s390x.rpm openQA-single-instance-5.1771872170.9e49dbec-bp160.1.1.s390x.rpm openQA-single-instance-nginx-5.1771872170.9e49dbec-bp160.1.1.s390x.rpm openQA-worker-5.1771872170.9e49dbec-bp160.1.1.s390x.rpm os-autoinst-5.1771858186.01b8328-bp160.1.1.s390x.rpm os-autoinst-devel-5.1771858186.01b8328-bp160.1.1.s390x.rpm os-autoinst-ipmi-deps-5.1771858186.01b8328-bp160.1.1.s390x.rpm os-autoinst-openvswitch-5.1771858186.01b8328-bp160.1.1.s390x.rpm os-autoinst-s390-deps-5.1771858186.01b8328-bp160.1.1.s390x.rpm os-autoinst-swtpm-5.1771858186.01b8328-bp160.1.1.s390x.rpm openQA-5.1771872170.9e49dbec-bp160.1.1.ppc64le.rpm openQA-auto-update-5.1771872170.9e49dbec-bp160.1.1.ppc64le.rpm openQA-bootstrap-5.1771872170.9e49dbec-bp160.1.1.ppc64le.rpm openQA-client-5.1771872170.9e49dbec-bp160.1.1.ppc64le.rpm openQA-common-5.1771872170.9e49dbec-bp160.1.1.ppc64le.rpm openQA-continuous-update-5.1771872170.9e49dbec-bp160.1.1.ppc64le.rpm openQA-devel-5.1771872170.9e49dbec-bp160.1.1.ppc64le.rpm openQA-doc-5.1771872170.9e49dbec-bp160.1.1.ppc64le.rpm openQA-local-db-5.1771872170.9e49dbec-bp160.1.1.ppc64le.rpm openQA-mcp-5.1771872170.9e49dbec-bp160.1.1.ppc64le.rpm openQA-munin-5.1771872170.9e49dbec-bp160.1.1.ppc64le.rpm openQA-python-scripts-5.1771872170.9e49dbec-bp160.1.1.ppc64le.rpm openQA-single-instance-5.1771872170.9e49dbec-bp160.1.1.ppc64le.rpm openQA-single-instance-nginx-5.1771872170.9e49dbec-bp160.1.1.ppc64le.rpm openQA-worker-5.1771872170.9e49dbec-bp160.1.1.ppc64le.rpm os-autoinst-5.1771858186.01b8328-bp160.1.1.ppc64le.rpm os-autoinst-devel-5.1771858186.01b8328-bp160.1.1.ppc64le.rpm os-autoinst-ipmi-deps-5.1771858186.01b8328-bp160.1.1.ppc64le.rpm os-autoinst-openvswitch-5.1771858186.01b8328-bp160.1.1.ppc64le.rpm os-autoinst-s390-deps-5.1771858186.01b8328-bp160.1.1.ppc64le.rpm os-autoinst-swtpm-5.1771858186.01b8328-bp160.1.1.ppc64le.rpm openQA-5.1771872170.9e49dbec-bp160.1.1.aarch64.rpm openQA-auto-update-5.1771872170.9e49dbec-bp160.1.1.aarch64.rpm openQA-bootstrap-5.1771872170.9e49dbec-bp160.1.1.aarch64.rpm openQA-client-5.1771872170.9e49dbec-bp160.1.1.aarch64.rpm openQA-common-5.1771872170.9e49dbec-bp160.1.1.aarch64.rpm openQA-continuous-update-5.1771872170.9e49dbec-bp160.1.1.aarch64.rpm openQA-devel-5.1771872170.9e49dbec-bp160.1.1.aarch64.rpm openQA-doc-5.1771872170.9e49dbec-bp160.1.1.aarch64.rpm openQA-local-db-5.1771872170.9e49dbec-bp160.1.1.aarch64.rpm openQA-mcp-5.1771872170.9e49dbec-bp160.1.1.aarch64.rpm openQA-munin-5.1771872170.9e49dbec-bp160.1.1.aarch64.rpm openQA-python-scripts-5.1771872170.9e49dbec-bp160.1.1.aarch64.rpm openQA-single-instance-5.1771872170.9e49dbec-bp160.1.1.aarch64.rpm openQA-single-instance-nginx-5.1771872170.9e49dbec-bp160.1.1.aarch64.rpm openQA-worker-5.1771872170.9e49dbec-bp160.1.1.aarch64.rpm os-autoinst-5.1771858186.01b8328-bp160.1.1.aarch64.rpm os-autoinst-devel-5.1771858186.01b8328-bp160.1.1.aarch64.rpm os-autoinst-ipmi-deps-5.1771858186.01b8328-bp160.1.1.aarch64.rpm os-autoinst-openvswitch-5.1771858186.01b8328-bp160.1.1.aarch64.rpm os-autoinst-s390-deps-5.1771858186.01b8328-bp160.1.1.aarch64.rpm os-autoinst-swtpm-5.1771858186.01b8328-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-144 Recommended update for OpenBoard moderate openSUSE Backports SLE-16.0 This update for OpenBoard fixes the following issues: Changes in OpenBoard: - update to release version 1.7.6 * fix: crash when using the "add to document" button in Documents Mode * fix: standard PDF export method would constantly fail * fix: rearrange board thumbnails after duplicating scene - Fix for compatibility with poppler 26.02 OpenBoard-1.7.6-bp160.1.1.x86_64.rpm OpenBoard-1.7.6-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-145 Recommended update for openQA, os-autoinst, openQA-devel-container moderate openSUSE Backports SLE-16.0 This update for openQA, os-autoinst, openQA-devel-container fixes the following issues: Changes in openQA: - Update to version 5.1772092969.74a39650: * test: Consider all of `lib/OpenQA/Task/` covered * test: Cover handling developer session when saving needles * test: Cover further error cases when saving needles * fix: Fix error handling when saving needle JSON * test: Workaround limitation of coverage tracking * feat: Improve needle JSON validation * test: Cover all cases of needle JSON validation * fix: Avoid Perl warning when validating needle JSON * refactor: Simplify code in `_delete_needles` * test: Cover handling error when asset directory is not writable * test: Cover skipping screenshot cleanup if still enqueued * feat(openqa-upstreams.inc): set `max_conns` to max connection handled * refactor: optimize and harden aggregate overview badges implementation * refactor: improve aggregate overview badges implementation * test: consolidate SVG badge unit tests * feat: implement test result badges for aggregate overview queries - Update to version 5.1772031289.93bc2a13: * docs(image): describe the TW image with openQA available in o3 * fix(t/03-auth): avoid 'Too many open files' with mocks * fix: avoid constant redefinition warnings in ScheduledProducts * feat: add aggregate favicons for test overview * build: improve cleanup of generated favicon assets * feat: add Makefile targets to run services with temporary test database * ci(helm): increase timeout on ct install * feat: add gitlint for conventional commit checks - Update to version 5.1771942065.808b073f: * test(t/44-scripts): extend to cover Python scripts * test(t/44-scripts): implement individual timeouts * fix(script): add early argument validation where missing * test: harmonize Test::More call format using '+' prefix * Dependency cron 2026-02-24 * test: refine style check and fix ambiguous test calls * Replace Ingress with Kubernetes Gateway API for external access * refactor: ensure consistent test call parentheses format * chore: add dependency for python3-gitlint commit checks * docs: Add section about security * Fix tools/test_helm_chart after Helm chart reorganization * Update Helm chart documentation * Move worker subchart under openqa/ and fix connectivity * Add single openqa parent chart with ingress and nginx * Remove old helm chart structure Changes in os-autoinst: - Update to version 5.1772097392.f4e2912: * fix: Update gre_tunnel_preup script to support NetworkManager * build(Makefile): add top-level help target * test: implement conventional commits check with gitlint * fix: Fix wrong uses of "checkout" that should be "check out" * git subrepo pull (merge) --force external/os-autoinst-common - Update to version 5.1771958644.63a1790: * build(Makefile): add top-level help target * test: implement conventional commits check with gitlint * fix: Fix wrong uses of "checkout" that should be "check out" * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * parse_extra_log: Allow passing additional args to upload_logs Changes in openQA-devel-container: - Update to version 5.1772057077.6d7513f8d: * Update to latest openQA version openQA-5.1772092969.74a39650-bp160.1.1.x86_64.rpm openQA-auto-update-5.1772092969.74a39650-bp160.1.1.x86_64.rpm openQA-bootstrap-5.1772092969.74a39650-bp160.1.1.x86_64.rpm openQA-client-5.1772092969.74a39650-bp160.1.1.x86_64.rpm openQA-common-5.1772092969.74a39650-bp160.1.1.x86_64.rpm openQA-continuous-update-5.1772092969.74a39650-bp160.1.1.x86_64.rpm openQA-devel-5.1772092969.74a39650-bp160.1.1.x86_64.rpm openQA-doc-5.1772092969.74a39650-bp160.1.1.x86_64.rpm openQA-local-db-5.1772092969.74a39650-bp160.1.1.x86_64.rpm openQA-mcp-5.1772092969.74a39650-bp160.1.1.x86_64.rpm openQA-munin-5.1772092969.74a39650-bp160.1.1.x86_64.rpm openQA-python-scripts-5.1772092969.74a39650-bp160.1.1.x86_64.rpm openQA-single-instance-5.1772092969.74a39650-bp160.1.1.x86_64.rpm openQA-single-instance-nginx-5.1772092969.74a39650-bp160.1.1.x86_64.rpm openQA-worker-5.1772092969.74a39650-bp160.1.1.x86_64.rpm os-autoinst-5.1772097392.f4e2912-bp160.1.1.x86_64.rpm os-autoinst-devel-5.1772097392.f4e2912-bp160.1.1.x86_64.rpm os-autoinst-ipmi-deps-5.1772097392.f4e2912-bp160.1.1.x86_64.rpm os-autoinst-openvswitch-5.1772097392.f4e2912-bp160.1.1.x86_64.rpm os-autoinst-qemu-kvm-5.1772097392.f4e2912-bp160.1.1.x86_64.rpm os-autoinst-qemu-x86-5.1772097392.f4e2912-bp160.1.1.x86_64.rpm os-autoinst-s390-deps-5.1772097392.f4e2912-bp160.1.1.x86_64.rpm os-autoinst-swtpm-5.1772097392.f4e2912-bp160.1.1.x86_64.rpm openQA-5.1772092969.74a39650-bp160.1.1.s390x.rpm openQA-auto-update-5.1772092969.74a39650-bp160.1.1.s390x.rpm openQA-bootstrap-5.1772092969.74a39650-bp160.1.1.s390x.rpm openQA-client-5.1772092969.74a39650-bp160.1.1.s390x.rpm openQA-common-5.1772092969.74a39650-bp160.1.1.s390x.rpm openQA-continuous-update-5.1772092969.74a39650-bp160.1.1.s390x.rpm openQA-devel-5.1772092969.74a39650-bp160.1.1.s390x.rpm openQA-doc-5.1772092969.74a39650-bp160.1.1.s390x.rpm openQA-local-db-5.1772092969.74a39650-bp160.1.1.s390x.rpm openQA-mcp-5.1772092969.74a39650-bp160.1.1.s390x.rpm openQA-munin-5.1772092969.74a39650-bp160.1.1.s390x.rpm openQA-python-scripts-5.1772092969.74a39650-bp160.1.1.s390x.rpm openQA-single-instance-5.1772092969.74a39650-bp160.1.1.s390x.rpm openQA-single-instance-nginx-5.1772092969.74a39650-bp160.1.1.s390x.rpm openQA-worker-5.1772092969.74a39650-bp160.1.1.s390x.rpm os-autoinst-5.1772097392.f4e2912-bp160.1.1.s390x.rpm os-autoinst-devel-5.1772097392.f4e2912-bp160.1.1.s390x.rpm os-autoinst-ipmi-deps-5.1772097392.f4e2912-bp160.1.1.s390x.rpm os-autoinst-openvswitch-5.1772097392.f4e2912-bp160.1.1.s390x.rpm os-autoinst-s390-deps-5.1772097392.f4e2912-bp160.1.1.s390x.rpm os-autoinst-swtpm-5.1772097392.f4e2912-bp160.1.1.s390x.rpm openQA-5.1772092969.74a39650-bp160.1.1.ppc64le.rpm openQA-auto-update-5.1772092969.74a39650-bp160.1.1.ppc64le.rpm openQA-bootstrap-5.1772092969.74a39650-bp160.1.1.ppc64le.rpm openQA-client-5.1772092969.74a39650-bp160.1.1.ppc64le.rpm openQA-common-5.1772092969.74a39650-bp160.1.1.ppc64le.rpm openQA-continuous-update-5.1772092969.74a39650-bp160.1.1.ppc64le.rpm openQA-devel-5.1772092969.74a39650-bp160.1.1.ppc64le.rpm openQA-doc-5.1772092969.74a39650-bp160.1.1.ppc64le.rpm openQA-local-db-5.1772092969.74a39650-bp160.1.1.ppc64le.rpm openQA-mcp-5.1772092969.74a39650-bp160.1.1.ppc64le.rpm openQA-munin-5.1772092969.74a39650-bp160.1.1.ppc64le.rpm openQA-python-scripts-5.1772092969.74a39650-bp160.1.1.ppc64le.rpm openQA-single-instance-5.1772092969.74a39650-bp160.1.1.ppc64le.rpm openQA-single-instance-nginx-5.1772092969.74a39650-bp160.1.1.ppc64le.rpm openQA-worker-5.1772092969.74a39650-bp160.1.1.ppc64le.rpm os-autoinst-5.1772097392.f4e2912-bp160.1.1.ppc64le.rpm os-autoinst-devel-5.1772097392.f4e2912-bp160.1.1.ppc64le.rpm os-autoinst-ipmi-deps-5.1772097392.f4e2912-bp160.1.1.ppc64le.rpm os-autoinst-openvswitch-5.1772097392.f4e2912-bp160.1.1.ppc64le.rpm os-autoinst-s390-deps-5.1772097392.f4e2912-bp160.1.1.ppc64le.rpm os-autoinst-swtpm-5.1772097392.f4e2912-bp160.1.1.ppc64le.rpm openQA-5.1772092969.74a39650-bp160.1.1.aarch64.rpm openQA-auto-update-5.1772092969.74a39650-bp160.1.1.aarch64.rpm openQA-bootstrap-5.1772092969.74a39650-bp160.1.1.aarch64.rpm openQA-client-5.1772092969.74a39650-bp160.1.1.aarch64.rpm openQA-common-5.1772092969.74a39650-bp160.1.1.aarch64.rpm openQA-continuous-update-5.1772092969.74a39650-bp160.1.1.aarch64.rpm openQA-devel-5.1772092969.74a39650-bp160.1.1.aarch64.rpm openQA-doc-5.1772092969.74a39650-bp160.1.1.aarch64.rpm openQA-local-db-5.1772092969.74a39650-bp160.1.1.aarch64.rpm openQA-mcp-5.1772092969.74a39650-bp160.1.1.aarch64.rpm openQA-munin-5.1772092969.74a39650-bp160.1.1.aarch64.rpm openQA-python-scripts-5.1772092969.74a39650-bp160.1.1.aarch64.rpm openQA-single-instance-5.1772092969.74a39650-bp160.1.1.aarch64.rpm openQA-single-instance-nginx-5.1772092969.74a39650-bp160.1.1.aarch64.rpm openQA-worker-5.1772092969.74a39650-bp160.1.1.aarch64.rpm os-autoinst-5.1772097392.f4e2912-bp160.1.1.aarch64.rpm os-autoinst-devel-5.1772097392.f4e2912-bp160.1.1.aarch64.rpm os-autoinst-ipmi-deps-5.1772097392.f4e2912-bp160.1.1.aarch64.rpm os-autoinst-openvswitch-5.1772097392.f4e2912-bp160.1.1.aarch64.rpm os-autoinst-s390-deps-5.1772097392.f4e2912-bp160.1.1.aarch64.rpm os-autoinst-swtpm-5.1772097392.f4e2912-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-146 Security update for gitea-tea moderate openSUSE Backports SLE-16.0 This update for gitea-tea fixes the following issues: Changes in gitea-tea: - update to 0.12.0: * New Features - Add tea actions commands for managing workflow runs and workflows in #880, #796 - Add tea api subcommand for arbitrary API calls not covered by existing commands in #879 - Add repository webhook management commands in #798 - Add JSON output support for single PR view in #864 - Add JSON output and file redirection for issue detail view in #841 - Support creating AGit flow pull requests in #867 * Bug Fixes - Fix authentication via environment variables when specifying repo argument in #809 - Fix issue detail view ignoring --owner flag in #899 - Fix PR create crash in #823 - Fix TTY prompt handling in #897 - Fix termenv OSC RGBA handling in #907 - Fix labels delete command and --id flag type in #865 - Fix delete repo command description in #858 - Fix pagination flags for secrets list, webhooks list, and pull requests list in #853, #852, - #851 - Enable git worktree support and improve PR create error handling in #850 - Only prompt for SSH passphrase when necessary in #844 - Only prompt for login confirmation when no default login is set in #839 - Skip token uniqueness check when using SSH authentication in #898 - Require non-empty token in GetLoginByToken in #895 - Fix config file permissions to remove group read/write in #856 * Improvements - Add file locking for safe concurrent access to config file in #881 - Improve error messages throughout the CLI in #871 - Send consistent HTTP request headers in #888 - Revert requiring HTTP/HTTPS login URLs; restore SSH as a login method in #891 - Refactor context into dedicated subpackages in #873, #888 - General code cleanup and improvements in #869, #870 - Add test coverage for login matching in #820 * Build & Dependencies - Build with Go 1.25 in #886 - Build for Windows aarch64 - Update Gitea SDK version in #868 - Update Nix flake in #872 - Update dependencies including lipgloss v2, urfave/cli v3.6.2, go-git v5.16.5, and various Go modules in #849, #875, #876, #878, #884, #885, #900, #901, #904, #905 - Update CI actions (checkout v6, setup-go v6) in #882, #883 gitea-tea-0.12.0-bp160.1.1.x86_64.rpm gitea-tea-bash-completion-0.12.0-bp160.1.1.noarch.rpm gitea-tea-zsh-completion-0.12.0-bp160.1.1.noarch.rpm gitea-tea-0.12.0-bp160.1.1.s390x.rpm gitea-tea-0.12.0-bp160.1.1.ppc64le.rpm gitea-tea-0.12.0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-147 Recommended update for python-ty moderate openSUSE Backports SLE-16.0 This update for python-ty fixes the following issues: Introduce python-ty. python313-ty-0.0.4-bp160.1.1.x86_64.rpm python313-ty-0.0.4-bp160.1.1.s390x.rpm python313-ty-0.0.4-bp160.1.1.ppc64le.rpm python313-ty-0.0.4-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-148 Security update for freerdp2 important openSUSE Backports SLE-16.0 This update for freerdp2 fixes the following issues: Changes in freerdp2: - Multiple CVE fixes: CVE-2026-24491, bsc#1257981, CVE-2026-24675, bsc#1257982, CVE-2026-24676, bsc#1257983, CVE-2026-24679, bsc#1257986, CVE-2026-24681, bsc#1257988, CVE-2026-24682, bsc#1257989, CVE-2026-24683, bsc#1257990, CVE-2026-24684, bsc#1257991, CVE-2026-22852, bsc#1256718, CVE-2026-22854, bsc#1256720, CVE-2026-22856, bsc#1256722, CVE-2026-22859, bsc#1256725, CVE-2026-23530, bsc#1256940, CVE-2026-23531, bsc#1256941, CVE-2026-23532, bsc#1256942, CVE-2026-23534, bsc#1256944. - Fix build issue in h264_ffmpeg.c (ffmpeg 7). - Add upstream fixes (picked from Debian) (boo#1231317) freerdp2-2.11.7-bp160.2.1.x86_64.rpm freerdp2-devel-2.11.7-bp160.2.1.x86_64.rpm freerdp2-proxy-2.11.7-bp160.2.1.x86_64.rpm freerdp2-server-2.11.7-bp160.2.1.x86_64.rpm libfreerdp2-2-2.11.7-bp160.2.1.x86_64.rpm libwinpr2-2-2.11.7-bp160.2.1.x86_64.rpm winpr2-devel-2.11.7-bp160.2.1.x86_64.rpm freerdp2-2.11.7-bp160.2.1.s390x.rpm freerdp2-devel-2.11.7-bp160.2.1.s390x.rpm freerdp2-proxy-2.11.7-bp160.2.1.s390x.rpm freerdp2-server-2.11.7-bp160.2.1.s390x.rpm libfreerdp2-2-2.11.7-bp160.2.1.s390x.rpm libwinpr2-2-2.11.7-bp160.2.1.s390x.rpm winpr2-devel-2.11.7-bp160.2.1.s390x.rpm freerdp2-2.11.7-bp160.2.1.ppc64le.rpm freerdp2-devel-2.11.7-bp160.2.1.ppc64le.rpm freerdp2-proxy-2.11.7-bp160.2.1.ppc64le.rpm freerdp2-server-2.11.7-bp160.2.1.ppc64le.rpm libfreerdp2-2-2.11.7-bp160.2.1.ppc64le.rpm libwinpr2-2-2.11.7-bp160.2.1.ppc64le.rpm winpr2-devel-2.11.7-bp160.2.1.ppc64le.rpm freerdp2-2.11.7-bp160.2.1.aarch64.rpm freerdp2-devel-2.11.7-bp160.2.1.aarch64.rpm freerdp2-proxy-2.11.7-bp160.2.1.aarch64.rpm freerdp2-server-2.11.7-bp160.2.1.aarch64.rpm libfreerdp2-2-2.11.7-bp160.2.1.aarch64.rpm libwinpr2-2-2.11.7-bp160.2.1.aarch64.rpm winpr2-devel-2.11.7-bp160.2.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-149 Recommended update for obs-service-format_spec_file moderate openSUSE Backports SLE-16.0 This update for obs-service-format_spec_file fixes the following issues: Changes in obs-service-format_spec_file: - Add PKGBUILD to enable builds for Arch Linux - Update to version 20250923: * Update test case for changes in 1ccd56d0 * Empty section may contain empty lines instead of setting 'after_lines' * Update test case for changes in 51da0388 * Fix _split_final_comments hack - Update to version 20250918: * Don't add unneeded empty lines after Copyrights - Update to version 20250907: * Update test cases * Special handling for 'SUSE Software Solutions Germany' license * Keep 3rd party licenses intact * Keep SUSE T&Cs close to SUSE Copyright * Make create_copyright_section() return true when SUSE Copyright processed - Update to version 20250804: * Remove more LLC and contributors also from the copyright strings - Update to version 20250725: * Fix indentation to run checks on pull request * Change autoadded copyright header to include "and contributors" * Add 3 extra test-cases * Run tests in github actions * Preserve the order of multiple copyright lines. * Allow for truly empty lines in copyright sections * Accept empty lines in %changelog sections * Update licenses * Avoid using temporary files for tests obs-service-format_spec_file-20250923-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-15 Security update for MozillaThunderbird moderate openSUSE Backports SLE-16.0 This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 140.4: * changed: Account Hub is now disabled by default for second email account * changed: Flatpak runtime has been updated to Freedesktop SDK 24.08 * fixed: Users could not read mail signed with OpenPGP v6 and PQC keys * fixed: Image preview in Insert Image dialog failed with CSP error for web resources * fixed: Emptying trash on exit did not work with some providers * fixed: Thunderbird could crash when applying filters * fixed: Users were unable to override expired mail server certificate * fixed: Opening Website header link in RSS feed incorrectly re-encoded URL parameters * fixed: Security fixes MFSA 2025-85 (bsc#1251263): * CVE-2025-11708 Use-after-free in MediaTrackGraphImpl::GetInstance() * CVE-2025-11709 Out of bounds read/write in a privileged process triggered by WebGL textures * CVE-2025-11710 Cross-process information leaked due to malicious IPC messages * CVE-2025-11711 Some non-writable Object properties could be modified * CVE-2025-11712 An OBJECT tag type attribute overrode browser behavior on web resources without a content-type * CVE-2025-11713 Potential user-assisted code execution in “Copy as cURL” command * CVE-2025-11714 Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 * CVE-2025-11715 Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 MozillaThunderbird-140.4.0-bp160.1.1.x86_64.rpm MozillaThunderbird-openpgp-librnp-140.4.0-bp160.1.1.x86_64.rpm MozillaThunderbird-translations-common-140.4.0-bp160.1.1.x86_64.rpm MozillaThunderbird-translations-other-140.4.0-bp160.1.1.x86_64.rpm MozillaThunderbird-140.4.0-bp160.1.1.s390x.rpm MozillaThunderbird-openpgp-librnp-140.4.0-bp160.1.1.s390x.rpm MozillaThunderbird-translations-common-140.4.0-bp160.1.1.s390x.rpm MozillaThunderbird-translations-other-140.4.0-bp160.1.1.s390x.rpm MozillaThunderbird-140.4.0-bp160.1.1.ppc64le.rpm MozillaThunderbird-openpgp-librnp-140.4.0-bp160.1.1.ppc64le.rpm MozillaThunderbird-translations-common-140.4.0-bp160.1.1.ppc64le.rpm MozillaThunderbird-translations-other-140.4.0-bp160.1.1.ppc64le.rpm MozillaThunderbird-140.4.0-bp160.1.1.aarch64.rpm MozillaThunderbird-openpgp-librnp-140.4.0-bp160.1.1.aarch64.rpm MozillaThunderbird-translations-common-140.4.0-bp160.1.1.aarch64.rpm MozillaThunderbird-translations-other-140.4.0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-150 Security update for python-joserfc important openSUSE Backports SLE-16.0 This update for python-joserfc fixes the following issues: Changes in python-joserfc: - CVE-2026-27932: unbounded PBKDF2 iteration count can lead to a denial of service (bsc#1259154) python313-joserfc-1.1.0-bp160.2.1.noarch.rpm openSUSE-Leap-16.0-packagehub-151 Security update for roundcubemail important openSUSE Backports SLE-16.0 This update for roundcubemail fixes the following issues: Changes to roundcubemail: Update to 1.6.13: This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: + Fix CSS injection vulnerability reported by CERT Polska (boo#1258052, CVE-2026-26079). + Fix remote image blocking bypass via SVG content reported by nullcathedral (boo#1257909, CVE-2026-25916). This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating! CHANGELOG + Managesieve: Fix handling of string-list format values for date tests in Out of Office (#10075) + Fix CSS injection vulnerability reported by CERT Polska. + Fix remote image blocking bypass via SVG content reported by nullcathedral. Update to 1.6.12: This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: + Fix Cross-Site-Scripting vulnerability via SVG's animate tag reported by Valentin T., CrowdStrike (boo#1255308, CVE-2025-68461). + Fix Information Disclosure vulnerability in the HTML style sanitizer reported by somerandomdev (boo#1255306, CVE-2025-68460). This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. + Support IPv6 in database DSN (#9937) + Don't force specific error_reporting setting + Fix compatibility with PHP 8.5 regarding array_first() + Remove X-XSS-Protection example from .htaccess file (#9875) + Fix "Assign to group" action state after creation of a first group (#9889) + Fix bug where contacts search would fail if contactlist_fields contained vcard fields (#9850) + Fix bug where an mbox export file could include inconsistent message delimiters (#9879) + Fix parsing of inline styles that aren't well-formatted (#9948) + Fix Cross-Site-Scripting vulnerability via SVG's animate tag + Fix Information Disclosure vulnerability in the HTML style sanitizer Update to 1.6.11 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: * Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v. - CHANGELOG * Managesieve: Fix match-type selector (remove unsupported options) in delete header action (#9610) * Improve installer to fix confusion about disabling SMTP authentication (#9801) * Fix PHP warning in index.php (#9813) * OAuth: Fix/improve token refresh * Fix dark mode bug where wrong colors were used for blockquotes in HTML mail preview (#9820) * Fix HTML message preview if it contains floating tables (#9804) * Fix removing/expiring redis/memcache records when using a key prefix * Fix bug where a wrong SPECIAL-USE folder could have been detected, if there were more than one per-type (#9781) * Fix a default value and documentation of password_ldap_encodage option (#9658) * Remove mobile/floating Create button from the list in Settings > Folders (#9661) * Fix Delete and Empty buttons state while creating a folder (#9047) * Fix connecting to LDAP using ldapi:// URI (#8990) * Fix cursor position on "below the quote" reply in HTML mode (#8700) * Fix bug where attachments with content type of application/vnd.ms-tnef were not parsed (#7119) Update to 1.6.10: This is the next service release to update the stable version 1.6. * IMAP: Partial support for ANNOTATE-EXPERIMENT-1 extension (RFC 5257) * OAuth: Support standard authentication with short-living password received with OIDC token (#9530) * Fix PHP warnings (#9616, #9611) * Fix whitespace handling in vCard line continuation (#9637) * Fix current script state after initial scripts creation in managesieve_kolab_master mode * Fix rcube_imap::get_vendor() result (and PHP warning) on Zimbra server (#9650) * Fix regression causing inline SVG images to be missing in mail preview (#9644) * Fix plugin "virtuser_file" to handle backward slashes in username (#9668) * Fix PHP fatal error when parsing some malformed BODYSTRUCTURE responses (#9689) * Fix insert_or_update() and reading database server config on PostgreSQL (#9710) * Fix Oauth issues with use_secure_urls=true (#9722) * Fix handling of binary mail parts (e.g. PDF) encoded with quoted-printable (#9728) * Fix links in comments and config to https:// where available (#9759, #9756) * Fix decoding of attachment names encoded using both RFC2231 and RFC2047 standards (#9725) roundcubemail-1.6.13-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-152 Security update for chromium important openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: Changes in chromium: - Chromium 145.0.7632.159 (boo#1259213) * CVE-2026-3536: Integer overflow in ANGLE * CVE-2026-3537: Object lifecycle issue in PowerVR * CVE-2026-3538: Integer overflow in Skia * CVE-2026-3539: Object lifecycle issue in DevTools * CVE-2026-3540: Inappropriate implementation in WebAudio * CVE-2026-3541: Inappropriate implementation in CSS * CVE-2026-3542: Inappropriate implementation in WebAssembly * CVE-2026-3543: Inappropriate implementation in V8 * CVE-2026-3544: Heap buffer overflow in WebCodecs * CVE-2026-3545: Insufficient data validation in Navigation chromedriver-145.0.7632.159-bp160.1.1.x86_64.rpm chromium-145.0.7632.159-bp160.1.1.x86_64.rpm chromedriver-145.0.7632.159-bp160.1.1.ppc64le.rpm chromium-145.0.7632.159-bp160.1.1.ppc64le.rpm chromedriver-145.0.7632.159-bp160.1.1.aarch64.rpm chromium-145.0.7632.159-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-153 Security update for python-PyPDF2 important openSUSE Backports SLE-16.0 This update for python-PyPDF2 fixes the following issues: Changes in python-PyPDF2: - CVE-2026-27628: Fixed infinite loop when loading circular /Prev entries in cross-reference streams (bsc#1258940) - CVE-2026-27888: Fixed issue where manipulated FlateDecode XFA streams can exhaust RAM (bsc#1258934) - CVE-2025-55197: Fixed denial of service via craft PDF (bsc#1248089) - CVE-2026-27024: Fixed infinite loop when processing TreeObject (bsc#1258691) - CVE-2026-27025: Fixed long runtimes/large memory usage for large /ToUnicode streams (bsc#1258692) - CVE-2026-27026: Fixed long runtimes for malformed FlateDecode streams (bsc#1258693) - Convert to pip-based build python313-PyPDF2-2.11.1-bp160.2.1.noarch.rpm openSUSE-Leap-16.0-packagehub-154 Recommended update for openQA, os-autoinst, openQA-devel-container important openSUSE Backports SLE-16.0 This update for openQA, os-autoinst, openQA-devel-container fixes the following issues: Changes in openQA: - Update to version 5.1772536058.8ca2d170: * fix(config): Drop max_conns to allow proper queueing * refactor: Improve code in `renderTestLists()` * feat: Pass all parameters when making AJAX requests on "All tests" page * feat: Allow use of `job_setting` parameter also on "All tests" page * refactor: Simplify code for passing query parameters on "All tests" * fix(dependencies): add missing "make" to devel sub-package * test: remove stabilized tests from tools/unstable_tests.txt * test(lib): remove unused "disconnect" function * test(lib): mark uncovered line * build(Makefile): add make target help text * fix(npm): bump to non-vulerable versions (boo#1259005, boo#1258632) - Update to version 5.1772460208.7a4e1e06: * docs: Document array-like job settings and `job_setting` parameter * test: Ensure test of filter params of jobs API fails if code breaks * feat: Support searching by job settings in API to list jobs * refactor: Improve `cancel_by_settings` * fix: Allow filtering by more than one job setting in various routes * test: Improve checks in `t/api/02-iso.t` * feat: Allow searching by job settings via overview routes * style: use consistent q{} syntax for SQL strings in Cache Model * refactor: streamline IPC::Run usage and signal handling * test: remove t/25-cache-service.t from unstable_tests.txt * test: improve robustness of t/25-cache-service.t * test: refactor InfluxDB subtest to reduce duplication * test: improve infrastructure for t/25-cache-service.t * fix: improve database robustness in Cache model * fix: log rsync stderr in CacheService::Task::Sync * test: support OPENQA_TEST_WAIT_INTERVAL in wait_for * fix(cache): capture stderr and handle exit status robustly in Sync task * test: make SIGCHLD handler selective in OpenQA::Test::Utils * docs: document aggregate result badges for overview queries Changes in os-autoinst: - Update to version 5.1772663930.9a9bd7d: * feat: add EXIT_AFTER_MODULE to stop after a specified module * fix: Update gre_tunnel_preup script to support NetworkManager * feat: Handle timeout when typing command in `background_script_run` * feat: Allow opting-out of check when typing command in `script_run` * feat: Handle timeout when typing command in `script_run` * test: implement conventional commits check with gitlint Changes in openQA-devel-container: - Update to version 5.1772536058.8ca2d1709: * Update to latest openQA version openQA-5.1772536058.8ca2d170-bp160.1.1.x86_64.rpm openQA-auto-update-5.1772536058.8ca2d170-bp160.1.1.x86_64.rpm openQA-bootstrap-5.1772536058.8ca2d170-bp160.1.1.x86_64.rpm openQA-client-5.1772536058.8ca2d170-bp160.1.1.x86_64.rpm openQA-common-5.1772536058.8ca2d170-bp160.1.1.x86_64.rpm openQA-continuous-update-5.1772536058.8ca2d170-bp160.1.1.x86_64.rpm openQA-devel-5.1772536058.8ca2d170-bp160.1.1.x86_64.rpm openQA-doc-5.1772536058.8ca2d170-bp160.1.1.x86_64.rpm openQA-local-db-5.1772536058.8ca2d170-bp160.1.1.x86_64.rpm openQA-mcp-5.1772536058.8ca2d170-bp160.1.1.x86_64.rpm openQA-munin-5.1772536058.8ca2d170-bp160.1.1.x86_64.rpm openQA-python-scripts-5.1772536058.8ca2d170-bp160.1.1.x86_64.rpm openQA-single-instance-5.1772536058.8ca2d170-bp160.1.1.x86_64.rpm openQA-single-instance-nginx-5.1772536058.8ca2d170-bp160.1.1.x86_64.rpm openQA-worker-5.1772536058.8ca2d170-bp160.1.1.x86_64.rpm os-autoinst-5.1772663930.9a9bd7d-bp160.1.1.x86_64.rpm os-autoinst-devel-5.1772663930.9a9bd7d-bp160.1.1.x86_64.rpm os-autoinst-ipmi-deps-5.1772663930.9a9bd7d-bp160.1.1.x86_64.rpm os-autoinst-openvswitch-5.1772663930.9a9bd7d-bp160.1.1.x86_64.rpm os-autoinst-qemu-kvm-5.1772663930.9a9bd7d-bp160.1.1.x86_64.rpm os-autoinst-qemu-x86-5.1772663930.9a9bd7d-bp160.1.1.x86_64.rpm os-autoinst-s390-deps-5.1772663930.9a9bd7d-bp160.1.1.x86_64.rpm os-autoinst-swtpm-5.1772663930.9a9bd7d-bp160.1.1.x86_64.rpm openQA-5.1772536058.8ca2d170-bp160.1.1.s390x.rpm openQA-auto-update-5.1772536058.8ca2d170-bp160.1.1.s390x.rpm openQA-bootstrap-5.1772536058.8ca2d170-bp160.1.1.s390x.rpm openQA-client-5.1772536058.8ca2d170-bp160.1.1.s390x.rpm openQA-common-5.1772536058.8ca2d170-bp160.1.1.s390x.rpm openQA-continuous-update-5.1772536058.8ca2d170-bp160.1.1.s390x.rpm openQA-devel-5.1772536058.8ca2d170-bp160.1.1.s390x.rpm openQA-doc-5.1772536058.8ca2d170-bp160.1.1.s390x.rpm openQA-local-db-5.1772536058.8ca2d170-bp160.1.1.s390x.rpm openQA-mcp-5.1772536058.8ca2d170-bp160.1.1.s390x.rpm openQA-munin-5.1772536058.8ca2d170-bp160.1.1.s390x.rpm openQA-python-scripts-5.1772536058.8ca2d170-bp160.1.1.s390x.rpm openQA-single-instance-5.1772536058.8ca2d170-bp160.1.1.s390x.rpm openQA-single-instance-nginx-5.1772536058.8ca2d170-bp160.1.1.s390x.rpm openQA-worker-5.1772536058.8ca2d170-bp160.1.1.s390x.rpm os-autoinst-5.1772663930.9a9bd7d-bp160.1.1.s390x.rpm os-autoinst-devel-5.1772663930.9a9bd7d-bp160.1.1.s390x.rpm os-autoinst-ipmi-deps-5.1772663930.9a9bd7d-bp160.1.1.s390x.rpm os-autoinst-openvswitch-5.1772663930.9a9bd7d-bp160.1.1.s390x.rpm os-autoinst-s390-deps-5.1772663930.9a9bd7d-bp160.1.1.s390x.rpm os-autoinst-swtpm-5.1772663930.9a9bd7d-bp160.1.1.s390x.rpm openQA-5.1772536058.8ca2d170-bp160.1.1.ppc64le.rpm openQA-auto-update-5.1772536058.8ca2d170-bp160.1.1.ppc64le.rpm openQA-bootstrap-5.1772536058.8ca2d170-bp160.1.1.ppc64le.rpm openQA-client-5.1772536058.8ca2d170-bp160.1.1.ppc64le.rpm openQA-common-5.1772536058.8ca2d170-bp160.1.1.ppc64le.rpm openQA-continuous-update-5.1772536058.8ca2d170-bp160.1.1.ppc64le.rpm openQA-devel-5.1772536058.8ca2d170-bp160.1.1.ppc64le.rpm openQA-doc-5.1772536058.8ca2d170-bp160.1.1.ppc64le.rpm openQA-local-db-5.1772536058.8ca2d170-bp160.1.1.ppc64le.rpm openQA-mcp-5.1772536058.8ca2d170-bp160.1.1.ppc64le.rpm openQA-munin-5.1772536058.8ca2d170-bp160.1.1.ppc64le.rpm openQA-python-scripts-5.1772536058.8ca2d170-bp160.1.1.ppc64le.rpm openQA-single-instance-5.1772536058.8ca2d170-bp160.1.1.ppc64le.rpm openQA-single-instance-nginx-5.1772536058.8ca2d170-bp160.1.1.ppc64le.rpm openQA-worker-5.1772536058.8ca2d170-bp160.1.1.ppc64le.rpm os-autoinst-5.1772663930.9a9bd7d-bp160.1.1.ppc64le.rpm os-autoinst-devel-5.1772663930.9a9bd7d-bp160.1.1.ppc64le.rpm os-autoinst-ipmi-deps-5.1772663930.9a9bd7d-bp160.1.1.ppc64le.rpm os-autoinst-openvswitch-5.1772663930.9a9bd7d-bp160.1.1.ppc64le.rpm os-autoinst-s390-deps-5.1772663930.9a9bd7d-bp160.1.1.ppc64le.rpm os-autoinst-swtpm-5.1772663930.9a9bd7d-bp160.1.1.ppc64le.rpm openQA-5.1772536058.8ca2d170-bp160.1.1.aarch64.rpm openQA-auto-update-5.1772536058.8ca2d170-bp160.1.1.aarch64.rpm openQA-bootstrap-5.1772536058.8ca2d170-bp160.1.1.aarch64.rpm openQA-client-5.1772536058.8ca2d170-bp160.1.1.aarch64.rpm openQA-common-5.1772536058.8ca2d170-bp160.1.1.aarch64.rpm openQA-continuous-update-5.1772536058.8ca2d170-bp160.1.1.aarch64.rpm openQA-devel-5.1772536058.8ca2d170-bp160.1.1.aarch64.rpm openQA-doc-5.1772536058.8ca2d170-bp160.1.1.aarch64.rpm openQA-local-db-5.1772536058.8ca2d170-bp160.1.1.aarch64.rpm openQA-mcp-5.1772536058.8ca2d170-bp160.1.1.aarch64.rpm openQA-munin-5.1772536058.8ca2d170-bp160.1.1.aarch64.rpm openQA-python-scripts-5.1772536058.8ca2d170-bp160.1.1.aarch64.rpm openQA-single-instance-5.1772536058.8ca2d170-bp160.1.1.aarch64.rpm openQA-single-instance-nginx-5.1772536058.8ca2d170-bp160.1.1.aarch64.rpm openQA-worker-5.1772536058.8ca2d170-bp160.1.1.aarch64.rpm os-autoinst-5.1772663930.9a9bd7d-bp160.1.1.aarch64.rpm os-autoinst-devel-5.1772663930.9a9bd7d-bp160.1.1.aarch64.rpm os-autoinst-ipmi-deps-5.1772663930.9a9bd7d-bp160.1.1.aarch64.rpm os-autoinst-openvswitch-5.1772663930.9a9bd7d-bp160.1.1.aarch64.rpm os-autoinst-s390-deps-5.1772663930.9a9bd7d-bp160.1.1.aarch64.rpm os-autoinst-swtpm-5.1772663930.9a9bd7d-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-155 Recommended update for vlc moderate openSUSE Backports SLE-16.0 This update for vlc fixes the following issues: Changes in vlc: - Update to version 3.0.23: + Codecs: * Fix WebVTT line positioning * Expose additional audio codec information (notably for Flac 24bit) + Demuxers: * fix some JPEG files wih JFIF headers + Security: * Fix null deref in libass, undefined shift in theora and cc-708, integer overflow in daala, Infinite loop in h264 parsing, buffer overflow in png and multiple format-overflows + Misc: * Prepare compatibility for taglib 2.0, Qt6, FFmpeg8, mingw-w64 v13 and newer versions of libplacebo and pupnp - Update to version 3.0.22: + Core: Assume subpictures are in SDR by default + Decoders: * Fix Opus channel mapping * Fix hardware decoding with VideoToolbox of XVID MPEG-4 video * Add dav1d-all-layers option * Fix DVD CEA-608 captions parsing * Fix ProRes 4:4:4:4 * Disable decoding using libdca, libmpeg2 and liba52 by default in favor of libavcodec + Demuxers: * Add support for DMX audio music (MUS) files * Handle mkv-use-chapter-codec option * Add A_ATRAC/AT1 support in matroska * Prevent FLAC seeking logic get stuck * Handle pictures in FLAC * Fix VOB/AOB LPCM/MLP detection failing occasionally * Cut QNap title on first invalid character * Fix display of certain JPEG files * Fix playback of very short ASF files (duration less than 1s) * Multiple fixes in MPEG-TS * Fix crashes in multiple demuxers (reported by rub.de, oss-fuzz and others) + Input: Fix SFTP seeking for large files on 32-bit OS + Interface: * Qt: Add option to use dark palette * Qt: Add compilation support for newer versions of Qt5 * Qt: Fix scrolling on volume slider * KDE: fix MPRIS state when started from file + Service Discovery: UPnP: remove SAT>IP channel list fallback + Video Output: * Use a better stretch mode in wingdi * Fetch missing device information when running in UWP + Video Filter: * Add AMD GPU Frame Rate Doubler (Direct3D11) * Improve visualization of low frequencies in spectrogram libvlc5-3.0.23-bp160.1.1.x86_64.rpm libvlccore9-3.0.23-bp160.1.1.x86_64.rpm vlc-3.0.23-bp160.1.1.x86_64.rpm vlc-codec-fluidsynth-3.0.23-bp160.1.1.x86_64.rpm vlc-codec-gstreamer-3.0.23-bp160.1.1.x86_64.rpm vlc-devel-3.0.23-bp160.1.1.x86_64.rpm vlc-jack-3.0.23-bp160.1.1.x86_64.rpm vlc-lang-3.0.23-bp160.1.1.noarch.rpm vlc-noX-3.0.23-bp160.1.1.x86_64.rpm vlc-qt-3.0.23-bp160.1.1.x86_64.rpm libvlc5-3.0.23-bp160.1.1.s390x.rpm libvlccore9-3.0.23-bp160.1.1.s390x.rpm vlc-3.0.23-bp160.1.1.s390x.rpm vlc-codec-fluidsynth-3.0.23-bp160.1.1.s390x.rpm vlc-codec-gstreamer-3.0.23-bp160.1.1.s390x.rpm vlc-devel-3.0.23-bp160.1.1.s390x.rpm vlc-jack-3.0.23-bp160.1.1.s390x.rpm vlc-noX-3.0.23-bp160.1.1.s390x.rpm vlc-qt-3.0.23-bp160.1.1.s390x.rpm libvlc5-3.0.23-bp160.1.1.ppc64le.rpm libvlccore9-3.0.23-bp160.1.1.ppc64le.rpm vlc-3.0.23-bp160.1.1.ppc64le.rpm vlc-codec-fluidsynth-3.0.23-bp160.1.1.ppc64le.rpm vlc-codec-gstreamer-3.0.23-bp160.1.1.ppc64le.rpm vlc-devel-3.0.23-bp160.1.1.ppc64le.rpm vlc-jack-3.0.23-bp160.1.1.ppc64le.rpm vlc-noX-3.0.23-bp160.1.1.ppc64le.rpm vlc-qt-3.0.23-bp160.1.1.ppc64le.rpm libvlc5-3.0.23-bp160.1.1.aarch64.rpm libvlccore9-3.0.23-bp160.1.1.aarch64.rpm vlc-3.0.23-bp160.1.1.aarch64.rpm vlc-codec-fluidsynth-3.0.23-bp160.1.1.aarch64.rpm vlc-codec-gstreamer-3.0.23-bp160.1.1.aarch64.rpm vlc-devel-3.0.23-bp160.1.1.aarch64.rpm vlc-jack-3.0.23-bp160.1.1.aarch64.rpm vlc-noX-3.0.23-bp160.1.1.aarch64.rpm vlc-qt-3.0.23-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-156 Recommended update for perl-MCP moderate openSUSE Backports SLE-16.0 This update for perl-MCP fixes the following issues: Changes in perl-MCP: - updated to 0.80.0 (0.08) see /usr/share/doc/packages/perl-MCP/Changes 0.08 2026-02-17 - Added support for tool annotations. (d3flex) - updated to 0.70.0 (0.07) see /usr/share/doc/packages/perl-MCP/Changes 0.07 2026-01-16 - Fixed bug in MCP::Prompt where text prompts had the wrong format. - updated to 0.60.0 (0.06) see /usr/share/doc/packages/perl-MCP/Changes 0.06 2025-12-05 - Protocol version is now 2025-11-25. - Added support for resources. - Added support for audio and resource results. - Added support for sessions specific prompt, resource, and tool lists. - Added MCP::Resource class. - Added read_resource and list_resources methods to MCP::Client. - Added resource method to MCP::Server. - Added audio_result and resource_link_result methods to MCP::Tool. - Added prompts, resources, and tools events to MCP::Server. - updated to 0.50.0 (0.05) see /usr/share/doc/packages/perl-MCP/Changes 0.05 2025-08-28 - Added supprot for prompts. - Added MCP::Prompt class. - Added get_prompt and list_pronmpts methods to MCP::Client. - Added prompt method to MCP::Server. perl-MCP-0.80.0-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-157 Security update for python-lxml_html_clean moderate openSUSE Backports SLE-16.0 This update for python-lxml_html_clean fixes the following issues: Changes in python-lxml_html_clean: - CVE-2026-28348: improper keywords checking can allow external CSS loading (bsc#1259378) - CVE-2026-28350: lack of base tag handling can allow the hijacking of the resolution of relative URLs (bsc#1259379) python313-lxml_html_clean-0.4.2-bp160.2.1.noarch.rpm openSUSE-Leap-16.0-packagehub-158 Recommended update for openQA, os-autoinst, openQA-devel-container moderate openSUSE Backports SLE-16.0 This update for openQA, os-autoinst, openQA-devel-container fixes the following issues: Changes in openQA: - Update to version 5.1773056733.e071deaf: * feat: allow filtering by job result and state in /tests/latest * style(gitlint): allow unwrappable longer URLs in git commit message body * feat: unify priority management of max_job_time and throttling * ci(helm): pull container images in advance * ci(helm): make sure that install-chart runs after lint-chart * feat: optimize size of devel:openQA:ci/base container * feat: allow users to delete/anonymize their own account - Update to version 5.1772722702.3877b2ca: * style: Use builtin functions without parentheses consistently * build: update minimatch to fix ReDoS vulnerabilities - Update to version 5.1772705410.5c7fe0aa: * style(t): fix formatting of long line in t/37-limit_assets.t * test(Makefile): treat t/01-style consistently with tidy+compile tests * ci: cover sporadic download errors with retries * feat: support show_build=1 for overview badges - Update to version 5.1772550094.48b5cce5: * refactor: Improve code for testing OpenID auth * test: Consider everything under `lib/OpenQA/WebAPI/` covered * test: Cover all code for OpenID auth * test: Cover retrying of OBS rsync tasks * fix: Return correctly when OBS dirty status cannot be determined * refactor: Remove unused local variable in OBS rsync code * test: Cover parameter validation warnings code for API descriptions Changes in os-autoinst: - Update to version 5.1773054031.9ab699d: * chore(deps): Update perltidy * fix: Remove logger message from else condition * style: Use single quotes for strings without interpolation * fix: restore author tests in CI and optimize git message check * refactor: move scheduling rules out of basetest::is_applicable - Update to version 5.1772729929.93a4b15: * feat: normalize gre tunnel script for NetworkManager and wicked * refactor: use more Mojo::File operations in commands.pm * refactor: use more Mojo::File operations in bmwqemu.pm * refactor: use more Mojo::File operations in t/ * refactor: move scheduling rules out of basetest::is_applicable * feat: add EXIT_AFTER_MODULE to stop after a specified module Changes in openQA-devel-container: - Update to version 5.1773056733.e071deaf7: * Update to latest openQA version openQA-5.1773056733.e071deaf-bp160.1.1.x86_64.rpm openQA-auto-update-5.1773056733.e071deaf-bp160.1.1.x86_64.rpm openQA-bootstrap-5.1773056733.e071deaf-bp160.1.1.x86_64.rpm openQA-client-5.1773056733.e071deaf-bp160.1.1.x86_64.rpm openQA-common-5.1773056733.e071deaf-bp160.1.1.x86_64.rpm openQA-continuous-update-5.1773056733.e071deaf-bp160.1.1.x86_64.rpm openQA-devel-5.1773056733.e071deaf-bp160.1.1.x86_64.rpm openQA-doc-5.1773056733.e071deaf-bp160.1.1.x86_64.rpm openQA-local-db-5.1773056733.e071deaf-bp160.1.1.x86_64.rpm openQA-mcp-5.1773056733.e071deaf-bp160.1.1.x86_64.rpm openQA-munin-5.1773056733.e071deaf-bp160.1.1.x86_64.rpm openQA-python-scripts-5.1773056733.e071deaf-bp160.1.1.x86_64.rpm openQA-single-instance-5.1773056733.e071deaf-bp160.1.1.x86_64.rpm openQA-single-instance-nginx-5.1773056733.e071deaf-bp160.1.1.x86_64.rpm openQA-worker-5.1773056733.e071deaf-bp160.1.1.x86_64.rpm os-autoinst-5.1773054031.9ab699d-bp160.1.1.x86_64.rpm os-autoinst-devel-5.1773054031.9ab699d-bp160.1.1.x86_64.rpm os-autoinst-ipmi-deps-5.1773054031.9ab699d-bp160.1.1.x86_64.rpm os-autoinst-openvswitch-5.1773054031.9ab699d-bp160.1.1.x86_64.rpm os-autoinst-qemu-kvm-5.1773054031.9ab699d-bp160.1.1.x86_64.rpm os-autoinst-qemu-x86-5.1773054031.9ab699d-bp160.1.1.x86_64.rpm os-autoinst-s390-deps-5.1773054031.9ab699d-bp160.1.1.x86_64.rpm os-autoinst-swtpm-5.1773054031.9ab699d-bp160.1.1.x86_64.rpm openQA-5.1773056733.e071deaf-bp160.1.1.s390x.rpm openQA-auto-update-5.1773056733.e071deaf-bp160.1.1.s390x.rpm openQA-bootstrap-5.1773056733.e071deaf-bp160.1.1.s390x.rpm openQA-client-5.1773056733.e071deaf-bp160.1.1.s390x.rpm openQA-common-5.1773056733.e071deaf-bp160.1.1.s390x.rpm openQA-continuous-update-5.1773056733.e071deaf-bp160.1.1.s390x.rpm openQA-devel-5.1773056733.e071deaf-bp160.1.1.s390x.rpm openQA-doc-5.1773056733.e071deaf-bp160.1.1.s390x.rpm openQA-local-db-5.1773056733.e071deaf-bp160.1.1.s390x.rpm openQA-mcp-5.1773056733.e071deaf-bp160.1.1.s390x.rpm openQA-munin-5.1773056733.e071deaf-bp160.1.1.s390x.rpm openQA-python-scripts-5.1773056733.e071deaf-bp160.1.1.s390x.rpm openQA-single-instance-5.1773056733.e071deaf-bp160.1.1.s390x.rpm openQA-single-instance-nginx-5.1773056733.e071deaf-bp160.1.1.s390x.rpm openQA-worker-5.1773056733.e071deaf-bp160.1.1.s390x.rpm os-autoinst-5.1773054031.9ab699d-bp160.1.1.s390x.rpm os-autoinst-devel-5.1773054031.9ab699d-bp160.1.1.s390x.rpm os-autoinst-ipmi-deps-5.1773054031.9ab699d-bp160.1.1.s390x.rpm os-autoinst-openvswitch-5.1773054031.9ab699d-bp160.1.1.s390x.rpm os-autoinst-s390-deps-5.1773054031.9ab699d-bp160.1.1.s390x.rpm os-autoinst-swtpm-5.1773054031.9ab699d-bp160.1.1.s390x.rpm openQA-5.1773056733.e071deaf-bp160.1.1.ppc64le.rpm openQA-auto-update-5.1773056733.e071deaf-bp160.1.1.ppc64le.rpm openQA-bootstrap-5.1773056733.e071deaf-bp160.1.1.ppc64le.rpm openQA-client-5.1773056733.e071deaf-bp160.1.1.ppc64le.rpm openQA-common-5.1773056733.e071deaf-bp160.1.1.ppc64le.rpm openQA-continuous-update-5.1773056733.e071deaf-bp160.1.1.ppc64le.rpm openQA-devel-5.1773056733.e071deaf-bp160.1.1.ppc64le.rpm openQA-doc-5.1773056733.e071deaf-bp160.1.1.ppc64le.rpm openQA-local-db-5.1773056733.e071deaf-bp160.1.1.ppc64le.rpm openQA-mcp-5.1773056733.e071deaf-bp160.1.1.ppc64le.rpm openQA-munin-5.1773056733.e071deaf-bp160.1.1.ppc64le.rpm openQA-python-scripts-5.1773056733.e071deaf-bp160.1.1.ppc64le.rpm openQA-single-instance-5.1773056733.e071deaf-bp160.1.1.ppc64le.rpm openQA-single-instance-nginx-5.1773056733.e071deaf-bp160.1.1.ppc64le.rpm openQA-worker-5.1773056733.e071deaf-bp160.1.1.ppc64le.rpm os-autoinst-5.1773054031.9ab699d-bp160.1.1.ppc64le.rpm os-autoinst-devel-5.1773054031.9ab699d-bp160.1.1.ppc64le.rpm os-autoinst-ipmi-deps-5.1773054031.9ab699d-bp160.1.1.ppc64le.rpm os-autoinst-openvswitch-5.1773054031.9ab699d-bp160.1.1.ppc64le.rpm os-autoinst-s390-deps-5.1773054031.9ab699d-bp160.1.1.ppc64le.rpm os-autoinst-swtpm-5.1773054031.9ab699d-bp160.1.1.ppc64le.rpm openQA-5.1773056733.e071deaf-bp160.1.1.aarch64.rpm openQA-auto-update-5.1773056733.e071deaf-bp160.1.1.aarch64.rpm openQA-bootstrap-5.1773056733.e071deaf-bp160.1.1.aarch64.rpm openQA-client-5.1773056733.e071deaf-bp160.1.1.aarch64.rpm openQA-common-5.1773056733.e071deaf-bp160.1.1.aarch64.rpm openQA-continuous-update-5.1773056733.e071deaf-bp160.1.1.aarch64.rpm openQA-devel-5.1773056733.e071deaf-bp160.1.1.aarch64.rpm openQA-doc-5.1773056733.e071deaf-bp160.1.1.aarch64.rpm openQA-local-db-5.1773056733.e071deaf-bp160.1.1.aarch64.rpm openQA-mcp-5.1773056733.e071deaf-bp160.1.1.aarch64.rpm openQA-munin-5.1773056733.e071deaf-bp160.1.1.aarch64.rpm openQA-python-scripts-5.1773056733.e071deaf-bp160.1.1.aarch64.rpm openQA-single-instance-5.1773056733.e071deaf-bp160.1.1.aarch64.rpm openQA-single-instance-nginx-5.1773056733.e071deaf-bp160.1.1.aarch64.rpm openQA-worker-5.1773056733.e071deaf-bp160.1.1.aarch64.rpm os-autoinst-5.1773054031.9ab699d-bp160.1.1.aarch64.rpm os-autoinst-devel-5.1773054031.9ab699d-bp160.1.1.aarch64.rpm os-autoinst-ipmi-deps-5.1773054031.9ab699d-bp160.1.1.aarch64.rpm os-autoinst-openvswitch-5.1773054031.9ab699d-bp160.1.1.aarch64.rpm os-autoinst-s390-deps-5.1773054031.9ab699d-bp160.1.1.aarch64.rpm os-autoinst-swtpm-5.1773054031.9ab699d-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-159 Recommended update for distrobox moderate openSUSE Backports SLE-16.0 This update for distrobox fixes the following issues: Changes in distrobox: - Fixed container being incompatible with distrobox (bsc#1259032) * it still gives a visual error when initializing a new container, but works distrobox-1.8.0-bp160.2.1.noarch.rpm distrobox-bash-completion-1.8.0-bp160.2.1.noarch.rpm openSUSE-Leap-16.0-packagehub-16 Recommended update for knot moderate openSUSE Backports SLE-16.0 This update for knot fixes the following issues: Changes in knot: - disable quic in stable releases due to the missing libraries update to version 3.5.1, see https://www.knot-dns.cz/2025-10-16-version-351.html update to version 3.5.0, see https://www.knot-dns.cz/2025-09-18-version-350.html update to version 3.4.8, see https://www.knot-dns.cz/2025-07-29-version-348.html Use the libngtcp2_crypto_gnutls-devel instead of libngtcp2-devel to account for the openssl and gnutls devel files split in ngtcp2. update to version 3.4.7, see https://www.knot-dns.cz/2025-06-04-version-347.html knot-3.5.1-bp160.1.1.x86_64.rpm knot-devel-3.5.1-bp160.1.1.x86_64.rpm knot-utils-3.5.1-bp160.1.1.x86_64.rpm libdnssec10-3.5.1-bp160.1.1.x86_64.rpm libknot16-3.5.1-bp160.1.1.x86_64.rpm libzscanner5-3.5.1-bp160.1.1.x86_64.rpm knot-3.5.1-bp160.1.1.s390x.rpm knot-devel-3.5.1-bp160.1.1.s390x.rpm knot-utils-3.5.1-bp160.1.1.s390x.rpm libdnssec10-3.5.1-bp160.1.1.s390x.rpm libknot16-3.5.1-bp160.1.1.s390x.rpm libzscanner5-3.5.1-bp160.1.1.s390x.rpm knot-3.5.1-bp160.1.1.ppc64le.rpm knot-devel-3.5.1-bp160.1.1.ppc64le.rpm knot-utils-3.5.1-bp160.1.1.ppc64le.rpm libdnssec10-3.5.1-bp160.1.1.ppc64le.rpm libknot16-3.5.1-bp160.1.1.ppc64le.rpm libzscanner5-3.5.1-bp160.1.1.ppc64le.rpm knot-3.5.1-bp160.1.1.aarch64.rpm knot-devel-3.5.1-bp160.1.1.aarch64.rpm knot-utils-3.5.1-bp160.1.1.aarch64.rpm libdnssec10-3.5.1-bp160.1.1.aarch64.rpm libknot16-3.5.1-bp160.1.1.aarch64.rpm libzscanner5-3.5.1-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-160 Security update for python-PyPDF2 moderate openSUSE Backports SLE-16.0 This update for python-PyPDF2 fixes the following issues: Changes in python-PyPDF2: - CVE-2026-28804: Denial of Service via crafted PDF with ASCIIHexDecode filter (bsc#1259404) - Update sources with osc run download_files python313-PyPDF2-2.11.1-bp160.3.1.noarch.rpm openSUSE-Leap-16.0-packagehub-161 Recommended update for cockpit-client-launcher moderate openSUSE Backports SLE-16.0 This update for cockpit-client-launcher fixes the following issues: Introduce cockpit-client-launcher. cockpit-client-launcher-356-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-162 Security update for osc, obs-scm-bridge moderate openSUSE Backports SLE-16.0 This update for osc, obs-scm-bridge fixes the following issues: Changes in osc: - 1.24.0 - Command-line: - Add '--target-owner' option to 'git-obs repo fork' command - Add '--self' parameter to fix 'no matching parent repo' error message in 'git-obs pr create' - Fix 'osc aggregatepac' for scmsync packages - Fix 'osc build' to retrieve buildconfig from git package's cache - Fix 'osc token' error handling for project wide trigger - Fix string formatting for id in obs-request.xml in 'git-obs pr dump' - Library: - Consolidate build types in build.py and commandline.py - Fix build.get_build_type() by comparing binary_type only if specified - Make use of queryconfig tool configurable and consistent - Fix how get_request_collection() filters the projects and packages - Support copying packages from an scmsync source, when target exists - Add timestamps to the DEBUG output - Update new project template - 1.23.0 - Command-line: - Add '--target-owner' option to 'git-obs pr create' to specify the target owner explicitly - Add '--target-branch' option to 'git-obs staging search' command - Added 'git-obs staging search' command to find project PRs with referenced package PRs that have all been approved - Change 'git-obs pr dump' to produce directories that match the specified pull request IDs - Change 'git-obs pr dump' to write STATUS file - Properly error out on invalid 'PR:' references in 'git-obs pr dump' - Fix 'git-obs pr create' when the source repo is not a fork - Fix 'git-obs api' command when server returns 'null' - Fix 'osc build --alternative-project=...' when there's no .osc in the current directory - Fix argument and store handling in 'osc results' command - Library: - Add Manifest.get_package_paths() method that lists all paths to existings packages in a project - Fix Manifest class to handle loading empty YAML files or strings - Fix working with meta during git rebase by determining the current branch from rebase head - Fix handling local branch when fetching remote - Move get_label_ids() from PullRequest to Repo class - Change GitStore not to require apiurl anymore - Fix storing last_buildroot for git packages - Store the last buildroot only if there's a store detected - Fix BuildRoot so it acts as a tuple and the individual values are accessible via indexes - Make PullReqest.parse_id() more permissive by accepting trailing whitespaces - Fix 'missingok' argument in server_diff() - Fix gitea_api.PullRequest ordering methods - Add return to gitea_api.Branch.list() - PKGBUILD changes * Remove redundant packages from makedepends. If a package depends on something, it implicitly makedepends on it as well * Add python-ruamel-yaml dependency * Build and install man pages * Add python-argparse-manpage and python-sphinx to makedepends for building man pages * Add check() to run the test suite * Add checkdepends for test suite dependencies * Add optdepends as an equivalent to RPM's Recommends, making it easier for users to find packages needed for optional features * Use $pkgname variable across the script * Install shell completion files * Bump pkgrel - 1.22.0 - Command-line: - Add 'git-obs staging' commands - Add '--gitea-fork-org' option to 'osc fork' command - Add '--git-branch' option to 'osc fork' command - Add 'DELETE' to 'git-obs api' allowed methods - Add commit messages as commented lines to the template in 'git-obs pr create' - Add filtering by label to 'git-obs pr list' - Properly handle fork mismatch in 'osc fork' - Change 'osc build' to build from any git repo if '--alternative-project' is specified - Fix 'osc service' for git based packages - Fix 'git-obs pr dump' to skip the dump if the target has the same updated_at timestamp as the pull request in Gitea - Fix 'git-obs pr dump' to do case insensitive check on owner and repo - Fix retrieving 'arch' argument in 'osc buildlog' - Library: - Add 'status' to the output of gitea_api.Git.get_submodules() - Add 'remote' argument to gitea_api.Repo.clone_or_update() - Add gitea_api.common.TemporaryDirectory class that supports 'delete' argument on python 3.6+ - Add gitea_api.GitDiffGenerator class for creating submodule diffs without a git checkout - Add 'depth' argument to gitea_api.Repo.clone() and clone_or_update() - Add gitea_api.StagingPullRequestWrapper class for handling staging - Add gitea_api.PullRequest.get_host_owner_repo_number() method - Make GitObsCommand.add_argument_owner_repo() and add_argument_owner_repo_pull() reusable by allowing setting 'dest' argument - Warn if the git package doesn't have the same branch as the parent project - Extend gitea_api.PullRequest with methods that work with 'PR:' references - Support setting labels in gitea_api.PullRequest.create() - Fix gitea_api to use pagination instead of limit -1 everywhere - Remove duplicate, unused PullRequestReview class from gitea_api.pr - Move clone_or_update() from 'git-obs pr dump' command to gitea_api.Repo - Change gitea_api.Repo.clone_or_update() to take 'ssh_private_key_path' argument - Improve performance of gitea_api.IssueTimelineEntry by listing and caching requests instead of fetching them one by one - Make GitObsCommand.add_argument_owner_repo() and add_argument_owner_repo_pull() reusable by allowing setting 'help' argument - Change gitea_api.Repo.clone() to stop borrowing objects when 'reference' or 'reference_if_able' is used - Fix the resulting dictionary in gitea_api.PullRequest._get_label_ids() - Make gitea_api.RepoExists exception more helpful by giving a hint to fork under a different name - Use server_diff() instead of server_diff_noex() to exit with a non-zero return code - Return preinstallimage.info and allow podman to use preinstallimage - 1.21.0 - Command-line: - Modify osc subcommands to error out if they don't work with git - Add 'git-obs meta' commands for managing the local metadata - Add 'git-obs meta info' command for printing resolved metadata about the current checkout - Add -b/--branch option to 'git-obs repo clone' command - Add 'git-obs pr dump' command to store pull request information on disk - Add 'git-obs --quiet' option (that mutes printing gitea settings now) - Automatially pull meta after 'git-obs repo clone' - Change 'git-obs pr review interactive' to write 'merge ok' comment instead of scheduling a merge - Mute stderr when creating a worktree in 'git-obs pr review interactive' - Change 'git-obs -G' to accept url to select a gitea login entry - Support substitutions in 'osc build --root' - Fix crash in 'osc build' when 'build_repositories' in store was None - Fix filtering by reviewers in 'git-obs pr list' - Update 'osc rq show' command to include history comments in verbose mode - Library: - Refactor GitStore - Migrate git_scm.Store over to gitea_api.Git - Store buildinfo and buildconfig files in GitStore's cache instead directly in the repo - Move code from 'git-obs meta pull' command to GitStore.pull() - Improve GitStore.pull() to support reading project from project.build - Rephrase the error message about detached HEAD in GitStore - Improve GitStore's error messages by adding instructions on how to fix missing metadata - Be more permissive when loading parent project_store in GitStore - Fix loading _manifest in a project git - Fix git store to check if all the required fields are present - Derive package name from topdir if a package is part of a project checkout - Change 'git-obs pr review interactive' to run pager process as a context manager - Change obs_api.TarDiff to spawn a process extracting archives as a context manager - Change 'commit' argument in gitea_api.Git.reset() to optional - Add gitea_api.Git.get_owner_repo_from_url() staticmethod - Add gitea_api.Git.urljoin() static method - Fix gitea_api.Git.get_branch_head() to raise a proper exception if the HEAD cannot be retrieved - Fix gitea_api.Git to work with the current remote instead of 'origin' - Fix get_store() to throw the exception from git store if .osc directory is not present - Introduce GitObsRuntimeError exception and use it where appropriate - Fix tardiff by removing directories with shutil.rmtree() and files by os.unlink() - Add 'quiet' option to gitea_api.Git.switch() - Mute stderr in git_obs.Git.lfs_cat_file() - Treat None flavor as "" in multibuild resolve - Make Token.triggered_at optional as it's not available in the oficially released OBS code - Add BaseModel.from_string() and BaseModel.to_string() methods - Add BaseModel.from_file() and BaseModel.to_file() methods - Fix BaseModel to initialize from a dictionary via __init__ instead of setattr - Docs: - Update docs for the new git metadata store - Update list of recommended gitea permissions in git-obs-quickstart - Spec: - Install git-obs-metadata man page - 1.20.0 - Command-line: - Fix 'osc fork' command to use the right tracking branch - Fix 'osc blt' command by checking if the working copy is a package - Make 'osc buildlog' work outside of osc package directory - Add 'git-obs pr close' and 'git-obs pr reopen' commands - Add 'close' option to 'git-obs pr review interactive' - Change 'git-obs pr review interactive' to work with all archives, not only those in Git LFS - Fix checkout of the base branch in 'git-obs pr review interactive' command - Library: - Support _manifest file in git store - Allow pull request IDs in '<owner>/<repo>!<number>' format - Properly handle deleted users and teams in the git-obs timeline - Handle situations when there's 'None' among timeline entries - Skip binary files in gitea_api.PullRequest.get_patch() - Change get_user_input(), add support for vertically printed list of answers - Spec: - Provide git-obs - 1.19.1 - Command-line: - Use OSC_PACKAGE_CACHE_DIR env var instead of deprecated OSC_PACKAGECACHEDIR - Connection: - Check for both upper and lowercase versions of HTTP_PROXY and HTTPS_PROXY env vars - Library: - Add 'trackingbranch' field to ScmsyncObsinfo model - Revert "Return None if GitStore cannot determine apiurl" - Throw a proper exception when 'apiurl' argument of 'makeurl()' is empty - Move code setting apiurl from store to 'osc.conf.get_config()' - Simplify 'osc.commandline.Osc.get_api_url()' to return the value from 'self.options' - Remove 'osc.commandline.Osc.post_argparse()' because it's no longer used - Fix unit tests to use the new code path to run osc - Fix osc.gitea_api.dt_sanitize() by replacing dateutil with datetime - 1.19.0 - Command-line: - Add 'git-obs pr cancel-scheduled-merge' command - Add timeline to 'git-obs pr review interactive' - Add '--timeline' option to 'git-obs pr get' - Fix 'git-obs pr search' by using pagination to retrieve all results - Extend '--message' option in git-obs subcommands with the '-m' short option - Add a different message for scheduled merges in 'git-obs pr merge' command - Library: - Add 'conn' parameter to gitea_api.common.GiteaModel - Add gitea_api.Connection.scheme attribute - Add gitea_api.PullRequest.merge_commit property - Add gitea_api.PullRequest.get_owner_repo_number() - Add gitea_api.common.dt_sanitize() for sanitizing datetime strings - Handle missing head repo in the PullRequest properties - Return None if GitStore cannot determine apiurl - Remove extra newline from store files - Fix the 'Move remaining imports in osc.babysitter into try-except block' change by preserving the order of handling the exceptions - Spec: - Use primary_python to define runtime requires matching the shebang lines - Provide %{use_python_pkg}-osc for all pythons and python3-osc for primary_python - Add conflict with obs-scm-bridge < 0.7.3 - 1.18.0 - Command-line: - Add 'git-obs pr comment [--message=...]' command - Add 'git-obs pr show-patch' command - Add '--reviewer' option to 'git-obs pr review {approve,decline,interactive}' to support group reviews via group review bot - Update 'git-obs pr review interactive' to return non-zero return codes for 'exit' and 'skip' actions - Make 'osc results --show-excluded' work in a project context - Add '--no-pager' global option - Fix 'osc fork' by copying whole query part to the new scmsync url - Fix 'osc buildinfo' for git packages by handing the 'build_repositories' files by store objects - Fix crash in 'git-obs pr get --patch' - Fix git-obs to exit with 130 on keyboard interrupt - Fix --sccache help typo in 'osc build' command - Connection: - Don't retry requests on 504 Gateway Timeout - Library: - If a devel project is not specified, try reading it from a mapping from URL set in OBS:GitDevelProjectMap project attribute - Improve detection of packages and projects in git - scmsync_obsinfo: Pass correct revision to obs-scm-bridge - Add obs_api.Request.search() method - Raise an exception if obs-scm-bridge fails - Fix obs_scm.Package.get_pulled_srcmd5() returning an empty string - Fix git store to support non-default remote - Extend 'gitea_api.User.get()' to take 'username' parameter - Move get_editor() and related functions from command-line module to gitea_api.common - Migrate subcommands from using Store() to get_store() that is git aware - Make imports lazy to imporove osc load times Changes in obs-scm-bridge: - use the system default python version (boo#1247410) - 0.7.4 * syntax fix - 0.7.3 * fix .gitsubmodule parser to handle space and tabs mixed - package /etc/obs/service directories - 0.7.2 * Improved error reporting of invalid files in package subdirs * Introducing a mechanic to limit asset handling - 0.7.1 * export trackingbranch to scmsync.obsinfo - 0.7.0 * supporting _manifest file as successor of _subdirs * record configured branch of submodules in package scmsync url * stay on the configured branch of a submodule on checkout - 0.6.3 * Allow ssh:// scm urls as used by osc * project mode: avoid unecessary changes in package meta url * code cleanup - fix dependency (it is python3-PyYAML) - fix missing dependency to PyYAML - 0.6.2 * Make project mode always look for _config in the top dir, also when using subdirs. - 0.6.1 * new noobsinfo query parameter (can be used to hide git informations in sources, binaries won't contain them either then). - 0.6.0 * project mode: switching to to track package sources using git sha sums instead of md5sum via download_assets - 0.5.4 * fixed support of subdir parameter usage on project level * Fix handling of projectscmsync in the package xml writers - 0.5.3 * Switch to ssh url when using the bridge via osc - 0.5.2 * Don't overwrite files from git, but complain instead with an error. For example _scmsync.obsinfo file must not be part of the git tree. boo#1230469 CVE-2024-22038 - 0.5.1 * Don't generate _scmsync.obsinfo outside of OBS source server import use case (eg. no more for osc co) * Enforce python 3.11 requirement * Fix export of _scmsync.obsinfo in project mode * Fix submodule detection * EXPERIMENTAL: support multiple package subdirs via _subdirs file. This syntax will change! (not documented on purpose therefore atm) * Using git credential manager * Report some errors as transient, so that OBS can re-try osc-1.24.0-bp160.1.1.noarch.rpm obs-scm-bridge-0.7.4-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-163 Recommended update for haveged important openSUSE Backports SLE-16.0 This update for haveged fixes the following issues: Changes in haveged: - Remove haveged-once.service. Service is no longer required exactly as of version 1.9.19, because the fix for it was merged upstream (synchronize haveged instances during switch root). - Revert a change in haveged-dracut.module, as haveged should be required by systemd-journald.service, not sysinit.target. - Update to 1.9.19: * Added --time_interval N to add entropy unconditionally every N seconds. * Synchronize haveged instances during switch root. * 90-haveged.rules: fix warnings reported by udevadm verify. - Introduce haveged-once.service. * This new service is meant to be called from initrd, and it uses the '--once' flag. * Haveged is executed, and then exits, raising the entropy levels during very early boot. Once / is mounted and 'systemd switch-root' is called, then the regular haveged.service is invoked. * Fix for bsc#1165294 and bsc#1222296. - Improve haveged-dracut.module, so that haveged is called only once from initrd. haveged-1.9.19-bp160.1.1.x86_64.rpm haveged-devel-1.9.19-bp160.1.1.x86_64.rpm libhavege2-1.9.19-bp160.1.1.x86_64.rpm haveged-1.9.19-bp160.1.1.s390x.rpm haveged-devel-1.9.19-bp160.1.1.s390x.rpm libhavege2-1.9.19-bp160.1.1.s390x.rpm haveged-1.9.19-bp160.1.1.ppc64le.rpm haveged-devel-1.9.19-bp160.1.1.ppc64le.rpm libhavege2-1.9.19-bp160.1.1.ppc64le.rpm haveged-1.9.19-bp160.1.1.aarch64.rpm haveged-devel-1.9.19-bp160.1.1.aarch64.rpm libhavege2-1.9.19-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-164 Recommended update for openQA, os-autoinst, openQA-devel-container moderate openSUSE Backports SLE-16.0 This update for openQA, os-autoinst, openQA-devel-container fixes the following issues: Changes in openQA: - Update to version 5.1773248854.f2e05df9: * style: Use HTTP::Status status code constants * Revert "feat: optimize size of devel:openQA:ci/base container" * refactor: Write `renderComments()` in a more compact way * fix: Restore spacing between bug and other icons after 9346b7165 * ci(helm): replace internal retry with okurz/retry/ * refactor: Use signature in callback to clarify input parameters * style: Add three perlcritic rules * style: Make .perlcriticrc a real file instead of a symlink * chore(deps): Adjust bot commit message to conventional commits * test: Add test for rendering `label:linked` with bug reference * feat: Improve handling non-bugref URLs in `mark_job_linked` after 7f6790 * test: Verify that only one label is added via `mark_job_linked` * feat: Render labels with bug references as clickable links * refactor: Improve coding style in `renderComments()` * feat: Use bugref within label when creating 'Job mentioned in …' comment * docs: document the priority throttling for scheduled jobs * Dependency cron 2026-03-09 * feat: Streamline "relates to default checkout" condition * feat: Enable `git_auto_update` if `CASEDIR` and `NEEDLES_DIR` are set * feat: Support `CASEDIR` lookup introduced in ef229dc also in Git tasks * fix: Handle error when determining Git server host correctly * feat: add privacy policy * feat: adapt to os-autoinst switching to markdown - Update to version 5.1773068319.a9347c1b: * docs: Link to latest passed job to ensure the download tab exists * style: Always pass a regex match to split * style: Use map only in block form * style: Use grep only in block form Changes in os-autoinst: - Update to version 5.1773245056.43fc8f0: * chore(deps): Update perltidy * fix: Remove logger message from else condition * style: Use single quotes for strings without interpolation * fix: restore author tests in CI and optimize git message check * docs: convert doc/backend_vars.asciidoc to Markdown Changes in openQA-devel-container: - Update to version 5.1773248854.f2e05df9d: * Update to latest openQA version openQA-5.1773248854.f2e05df9-bp160.1.1.x86_64.rpm openQA-auto-update-5.1773248854.f2e05df9-bp160.1.1.x86_64.rpm openQA-bootstrap-5.1773248854.f2e05df9-bp160.1.1.x86_64.rpm openQA-client-5.1773248854.f2e05df9-bp160.1.1.x86_64.rpm openQA-common-5.1773248854.f2e05df9-bp160.1.1.x86_64.rpm openQA-continuous-update-5.1773248854.f2e05df9-bp160.1.1.x86_64.rpm openQA-devel-5.1773248854.f2e05df9-bp160.1.1.x86_64.rpm openQA-doc-5.1773248854.f2e05df9-bp160.1.1.x86_64.rpm openQA-local-db-5.1773248854.f2e05df9-bp160.1.1.x86_64.rpm openQA-mcp-5.1773248854.f2e05df9-bp160.1.1.x86_64.rpm openQA-munin-5.1773248854.f2e05df9-bp160.1.1.x86_64.rpm openQA-python-scripts-5.1773248854.f2e05df9-bp160.1.1.x86_64.rpm openQA-single-instance-5.1773248854.f2e05df9-bp160.1.1.x86_64.rpm openQA-single-instance-nginx-5.1773248854.f2e05df9-bp160.1.1.x86_64.rpm openQA-worker-5.1773248854.f2e05df9-bp160.1.1.x86_64.rpm os-autoinst-5.1773245056.43fc8f0-bp160.1.1.x86_64.rpm os-autoinst-devel-5.1773245056.43fc8f0-bp160.1.1.x86_64.rpm os-autoinst-ipmi-deps-5.1773245056.43fc8f0-bp160.1.1.x86_64.rpm os-autoinst-openvswitch-5.1773245056.43fc8f0-bp160.1.1.x86_64.rpm os-autoinst-qemu-kvm-5.1773245056.43fc8f0-bp160.1.1.x86_64.rpm os-autoinst-qemu-x86-5.1773245056.43fc8f0-bp160.1.1.x86_64.rpm os-autoinst-s390-deps-5.1773245056.43fc8f0-bp160.1.1.x86_64.rpm os-autoinst-swtpm-5.1773245056.43fc8f0-bp160.1.1.x86_64.rpm openQA-5.1773248854.f2e05df9-bp160.1.1.s390x.rpm openQA-auto-update-5.1773248854.f2e05df9-bp160.1.1.s390x.rpm openQA-bootstrap-5.1773248854.f2e05df9-bp160.1.1.s390x.rpm openQA-client-5.1773248854.f2e05df9-bp160.1.1.s390x.rpm openQA-common-5.1773248854.f2e05df9-bp160.1.1.s390x.rpm openQA-continuous-update-5.1773248854.f2e05df9-bp160.1.1.s390x.rpm openQA-devel-5.1773248854.f2e05df9-bp160.1.1.s390x.rpm openQA-doc-5.1773248854.f2e05df9-bp160.1.1.s390x.rpm openQA-local-db-5.1773248854.f2e05df9-bp160.1.1.s390x.rpm openQA-mcp-5.1773248854.f2e05df9-bp160.1.1.s390x.rpm openQA-munin-5.1773248854.f2e05df9-bp160.1.1.s390x.rpm openQA-python-scripts-5.1773248854.f2e05df9-bp160.1.1.s390x.rpm openQA-single-instance-5.1773248854.f2e05df9-bp160.1.1.s390x.rpm openQA-single-instance-nginx-5.1773248854.f2e05df9-bp160.1.1.s390x.rpm openQA-worker-5.1773248854.f2e05df9-bp160.1.1.s390x.rpm os-autoinst-5.1773245056.43fc8f0-bp160.1.1.s390x.rpm os-autoinst-devel-5.1773245056.43fc8f0-bp160.1.1.s390x.rpm os-autoinst-ipmi-deps-5.1773245056.43fc8f0-bp160.1.1.s390x.rpm os-autoinst-openvswitch-5.1773245056.43fc8f0-bp160.1.1.s390x.rpm os-autoinst-s390-deps-5.1773245056.43fc8f0-bp160.1.1.s390x.rpm os-autoinst-swtpm-5.1773245056.43fc8f0-bp160.1.1.s390x.rpm openQA-5.1773248854.f2e05df9-bp160.1.1.ppc64le.rpm openQA-auto-update-5.1773248854.f2e05df9-bp160.1.1.ppc64le.rpm openQA-bootstrap-5.1773248854.f2e05df9-bp160.1.1.ppc64le.rpm openQA-client-5.1773248854.f2e05df9-bp160.1.1.ppc64le.rpm openQA-common-5.1773248854.f2e05df9-bp160.1.1.ppc64le.rpm openQA-continuous-update-5.1773248854.f2e05df9-bp160.1.1.ppc64le.rpm openQA-devel-5.1773248854.f2e05df9-bp160.1.1.ppc64le.rpm openQA-doc-5.1773248854.f2e05df9-bp160.1.1.ppc64le.rpm openQA-local-db-5.1773248854.f2e05df9-bp160.1.1.ppc64le.rpm openQA-mcp-5.1773248854.f2e05df9-bp160.1.1.ppc64le.rpm openQA-munin-5.1773248854.f2e05df9-bp160.1.1.ppc64le.rpm openQA-python-scripts-5.1773248854.f2e05df9-bp160.1.1.ppc64le.rpm openQA-single-instance-5.1773248854.f2e05df9-bp160.1.1.ppc64le.rpm openQA-single-instance-nginx-5.1773248854.f2e05df9-bp160.1.1.ppc64le.rpm openQA-worker-5.1773248854.f2e05df9-bp160.1.1.ppc64le.rpm os-autoinst-5.1773245056.43fc8f0-bp160.1.1.ppc64le.rpm os-autoinst-devel-5.1773245056.43fc8f0-bp160.1.1.ppc64le.rpm os-autoinst-ipmi-deps-5.1773245056.43fc8f0-bp160.1.1.ppc64le.rpm os-autoinst-openvswitch-5.1773245056.43fc8f0-bp160.1.1.ppc64le.rpm os-autoinst-s390-deps-5.1773245056.43fc8f0-bp160.1.1.ppc64le.rpm os-autoinst-swtpm-5.1773245056.43fc8f0-bp160.1.1.ppc64le.rpm openQA-5.1773248854.f2e05df9-bp160.1.1.aarch64.rpm openQA-auto-update-5.1773248854.f2e05df9-bp160.1.1.aarch64.rpm openQA-bootstrap-5.1773248854.f2e05df9-bp160.1.1.aarch64.rpm openQA-client-5.1773248854.f2e05df9-bp160.1.1.aarch64.rpm openQA-common-5.1773248854.f2e05df9-bp160.1.1.aarch64.rpm openQA-continuous-update-5.1773248854.f2e05df9-bp160.1.1.aarch64.rpm openQA-devel-5.1773248854.f2e05df9-bp160.1.1.aarch64.rpm openQA-doc-5.1773248854.f2e05df9-bp160.1.1.aarch64.rpm openQA-local-db-5.1773248854.f2e05df9-bp160.1.1.aarch64.rpm openQA-mcp-5.1773248854.f2e05df9-bp160.1.1.aarch64.rpm openQA-munin-5.1773248854.f2e05df9-bp160.1.1.aarch64.rpm openQA-python-scripts-5.1773248854.f2e05df9-bp160.1.1.aarch64.rpm openQA-single-instance-5.1773248854.f2e05df9-bp160.1.1.aarch64.rpm openQA-single-instance-nginx-5.1773248854.f2e05df9-bp160.1.1.aarch64.rpm openQA-worker-5.1773248854.f2e05df9-bp160.1.1.aarch64.rpm os-autoinst-5.1773245056.43fc8f0-bp160.1.1.aarch64.rpm os-autoinst-devel-5.1773245056.43fc8f0-bp160.1.1.aarch64.rpm os-autoinst-ipmi-deps-5.1773245056.43fc8f0-bp160.1.1.aarch64.rpm os-autoinst-openvswitch-5.1773245056.43fc8f0-bp160.1.1.aarch64.rpm os-autoinst-s390-deps-5.1773245056.43fc8f0-bp160.1.1.aarch64.rpm os-autoinst-swtpm-5.1773245056.43fc8f0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-165 Security update for chromium critical openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: Changes in chromium: - Chromium 146.0.7680.80: * CVE-2026-3909: Out of bounds write in Skia (boo#1259659) - Chromium 146.0.7680.75 (released 2026-03-12) (boo#1259648) * CVE-2026-3910: Inappropriate implementation in V8. - Chromium 146.0.7680.71 (released 2026-03-11) (boo#1259530) * CVE-2026-3913: Heap buffer overflow in WebML * CVE-2026-3914: Integer overflow in WebML * CVE-2026-3915: Heap buffer overflow in WebML * CVE-2026-3916: Out of bounds read in Web Speech * CVE-2026-3917: Use after free in Agents * CVE-2026-3918: Use after free in WebMCP * CVE-2026-3919: Use after free in Extensions * CVE-2026-3920: Out of bounds memory access in WebML * CVE-2026-3921: Use after free in TextEncoding * CVE-2026-3922: Use after free in MediaStream * CVE-2026-3923: Use after free in WebMIDI * CVE-2026-3924: Use after free in WindowDialog * CVE-2026-3925: Incorrect security UI in LookalikeChecks * CVE-2026-3926: Out of bounds read in V8 * CVE-2026-3927: Incorrect security UI in PictureInPicture * CVE-2026-3928: Insufficient policy enforcement in Extensions * CVE-2026-3929: Side-channel information leakage in ResourceTiming * CVE-2026-3930: Unsafe navigation in Navigation * CVE-2026-3931: Heap buffer overflow in Skia * CVE-2026-3932: Insufficient policy enforcement in PDF * CVE-2026-3934: Insufficient policy enforcement in ChromeDriver * CVE-2026-3935: Incorrect security UI in WebAppInstalls * CVE-2026-3936: Use after free in WebView * CVE-2026-3937: Incorrect security UI in Downloads * CVE-2026-3938: Insufficient policy enforcement in Clipboard * CVE-2026-3939: Insufficient policy enforcement in PDF * CVE-2026-3940: Insufficient policy enforcement in DevTools * CVE-2026-3941: Insufficient policy enforcement in DevTools * CVE-2026-3942: Incorrect security UI in PictureInPicture chromedriver-146.0.7680.80-bp160.1.1.x86_64.rpm chromium-146.0.7680.80-bp160.1.1.x86_64.rpm chromedriver-146.0.7680.80-bp160.1.1.ppc64le.rpm chromium-146.0.7680.80-bp160.1.1.ppc64le.rpm chromedriver-146.0.7680.80-bp160.1.1.aarch64.rpm chromium-146.0.7680.80-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-166 Security update for python-Django moderate openSUSE Backports SLE-16.0 This update for python-Django fixes the following issues: Changes in python-Django: - CVE-2026-25674: Fixed race condition which can lead to potential incorrect permissions on newly created file system objects (bsc#1259142) python313-Django-5.2.4-bp160.6.1.noarch.rpm openSUSE-Leap-16.0-packagehub-167 Security update for krb5-appl critical openSUSE Backports SLE-16.0 This update for krb5-appl fixes the following issues: Changes in krb5-appl: - CVE-2026-32746: Remote Pre-Auth Buffer Overflow in GNU Inetutils telnetd LINEMODE (bsc#1259691) krb5-appl-clients-1.0.3-bp160.2.1.x86_64.rpm krb5-appl-servers-1.0.3-bp160.2.1.x86_64.rpm krb5-appl-clients-1.0.3-bp160.2.1.s390x.rpm krb5-appl-servers-1.0.3-bp160.2.1.s390x.rpm krb5-appl-clients-1.0.3-bp160.2.1.ppc64le.rpm krb5-appl-servers-1.0.3-bp160.2.1.ppc64le.rpm krb5-appl-clients-1.0.3-bp160.2.1.aarch64.rpm krb5-appl-servers-1.0.3-bp160.2.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-168 Security update for python-PyPDF2 moderate openSUSE Backports SLE-16.0 This update for python-PyPDF2 fixes the following issues: Changes in python-PyPDF2: - CVE-2025-31826: Fixed denial of service due to excessive memory consumption via crafted PDF (bsc#1259508). python313-PyPDF2-2.11.1-bp160.4.1.noarch.rpm openSUSE-Leap-16.0-packagehub-169 Recommended update for perl-Test-Perl-Critic moderate openSUSE Backports SLE-16.0 This update for perl-Test-Perl-Critic fixes the following issues: Introduce perl-Test-Perl-Critic. perl-Test-Perl-Critic-1.40.0-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-17 Security update for micropython moderate openSUSE Backports SLE-16.0 This update for micropython fixes the following issues: Changes in micropython: - Build with mbedtls-3.6.5 instead of bundled 3.6.2 to fix CVE-2025-59438 Version 1.26.0: * Added machine.I2CTarget for creating I2C target devices on multiple ports. * New MCU support: STM32N6xx (800 MHz, ML accel) & ESP32-C2 (WiFi + BLE). * Major float accuracy boost (~28% → ~98%), constant folding in compiler. * Optimized native/Viper emitters; reduced heap use for slices. * Time functions standardized (1970–2099); new boards across ESP32, SAMD, STM32, Zephyr. * ESP32: ESP-IDF 5.4.2, flash auto-detect, PCNT class, LAN8670 PHY. * RP2: compressed errors, better lightsleep, hard IRQ timers. * Zephyr v4.0.0: PWM, SoftI2C/SPI, BLE runtime services, boot.py/main.py support. * mpremote adds fs tree, improved df, portable config paths. * Updated lwIP, LittleFS, libhydrogen, stm32lib; expanded hardware/CI tests. micropython-1.26.0-bp160.1.1.x86_64.rpm mpremote-1.26.0-bp160.1.1.noarch.rpm mpy-tools-1.26.0-bp160.1.1.x86_64.rpm micropython-1.26.0-bp160.1.1.aarch64.rpm mpy-tools-1.26.0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-170 Security update for MozillaThunderbird important openSUSE Backports SLE-16.0 This update for MozillaThunderbird fixes the following issues: Changes in MozillaThunderbird: - Mozilla Thunderbird 140.8.1 ESR * Add mail.openpgp.load_untested_gpgme_version to load untested GPGME version - Mozilla Thunderbird 140.8.0 ESR MFSA 2026-17 (boo#1258568) * CVE-2026-2757 (bmo#2001637) Incorrect boundary conditions in the WebRTC: Audio/Video component * CVE-2026-2758 (bmo#2009608) Use-after-free in the JavaScript: GC component * CVE-2026-2759 (bmo#2010933) Incorrect boundary conditions in the Graphics: ImageLib component * CVE-2026-2760 (bmo#2011062) Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component * CVE-2026-2761 (bmo#2011063) Sandbox escape in the Graphics: WebRender component * CVE-2026-2762 (bmo#2011649) Integer overflow in the JavaScript: Standard Library component * CVE-2026-2763 (bmo#2012018) Use-after-free in the JavaScript Engine component * CVE-2026-2764 (bmo#2012608) JIT miscompilation, use-after-free in the JavaScript Engine: JIT component * CVE-2026-2765 (bmo#2013562) Use-after-free in the JavaScript Engine component * CVE-2026-2766 (bmo#2013583) Use-after-free in the JavaScript Engine: JIT component * CVE-2026-2767 (bmo#2013741) Use-after-free in the JavaScript: WebAssembly component * CVE-2026-2768 (bmo#2014101) Sandbox escape in the Storage: IndexedDB component * CVE-2026-2769 (bmo#2014550) Use-after-free in the Storage: IndexedDB component * CVE-2026-2770 (bmo#2014585) Use-after-free in the DOM: Bindings (WebIDL) component * CVE-2026-2771 (bmo#2014593) Undefined behavior in the DOM: Core & HTML component * CVE-2026-2772 (bmo#2014827) Use-after-free in the Audio/Video: Playback component * CVE-2026-2773 (bmo#2014832) Incorrect boundary conditions in the Web Audio component * CVE-2026-2774 (bmo#2014883) Integer overflow in the Audio/Video component * CVE-2026-2775 (bmo#2015199) Mitigation bypass in the DOM: HTML Parser component * CVE-2026-2776 (bmo#2015266) Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software * CVE-2026-2777 (bmo#2015305) Privilege escalation in the Messaging System component * CVE-2026-2778 (bmo#2016358) Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component * CVE-2026-2779 (bmo#1164141) Incorrect boundary conditions in the Networking: JAR component * CVE-2026-2780 (bmo#2007829) Privilege escalation in the Netmonitor component * CVE-2026-2781 (bmo#2009552) Integer overflow in the Libraries component in NSS * CVE-2026-2782 (bmo#2010743) Privilege escalation in the Netmonitor component * CVE-2026-2783 (bmo#2010943) Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component * CVE-2026-2784 (bmo#2012984) Mitigation bypass in the DOM: Security component * CVE-2026-2785 (bmo#2013549) Invalid pointer in the JavaScript Engine component * CVE-2026-2786 (bmo#2013612) Use-after-free in the JavaScript Engine component * CVE-2026-2787 (bmo#2014560) Use-after-free in the DOM: Window and Location component * CVE-2026-2788 (bmo#2014824) Incorrect boundary conditions in the Audio/Video: GMP component * CVE-2026-2789 (bmo#2015179) Use-after-free in the Graphics: ImageLib component * CVE-2026-2790 (bmo#2008426) Same-origin policy bypass in the Networking: JAR component * CVE-2026-2791 (bmo#2015220) Mitigation bypass in the Networking: Cache component * CVE-2026-2792 (bmo#2008912, bmo#2010050, bmo#2010275, bmo#2012331) Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 * CVE-2026-2793 (bmo#2015196, bmo#2016423, bmo#2016498) Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 - Mozilla Thunderbird 140.7.2 ESR MFSA 2026-11 (boo#1258231) * CVE-2026-2447 (bmo#2014390) Heap buffer overflow in libvpx - Mozilla Thunderbird 140.7.1 ESR MFSA 2026-08 (bsc#1257397) * CVE-2026-0818 (bmo#1881530) CSS-based exfiltration of the content from partially encrypted emails when allowing remote content - Support using system GnuPG with gpgme 2, boo#1253718 - Mozilla Thunderbird 140.7.0 ESR MFSA 2026-05 (bsc#1256340) * CVE-2026-0877 (bmo#1999257) Mitigation bypass in the DOM: Security component * CVE-2026-0878 (bmo#2003989) Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component * CVE-2026-0879 (bmo#2004602) Sandbox escape due to incorrect boundary conditions in the Graphics component * CVE-2026-0880 (bmo#2005014) Sandbox escape due to integer overflow in the Graphics component * CVE-2026-0882 (bmo#1924125) Use-after-free in the IPC component * CVE-2025-14327 (bmo#1970743) Spoofing issue in the Downloads Panel component * CVE-2026-0883 (bmo#1989340) Information disclosure in the Networking component * CVE-2026-0884 (bmo#2003588) Use-after-free in the JavaScript Engine component * CVE-2026-0885 (bmo#2003607) Use-after-free in the JavaScript: GC component * CVE-2026-0886 (bmo#2005658) Incorrect boundary conditions in the Graphics component * CVE-2026-0887 (bmo#2006500) Clickjacking issue, information disclosure in the PDF Viewer component * CVE-2026-0890 (bmo#2005081) Spoofing issue in the DOM: Copy & Paste and Drag & Drop component * CVE-2026-0891 (bmo#1964722, bmo#2000981, bmo#2003100, bmo#2003278) Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147 MozillaThunderbird-140.8.1-bp160.1.1.x86_64.rpm MozillaThunderbird-openpgp-librnp-140.8.1-bp160.1.1.x86_64.rpm MozillaThunderbird-translations-common-140.8.1-bp160.1.1.x86_64.rpm MozillaThunderbird-translations-other-140.8.1-bp160.1.1.x86_64.rpm MozillaThunderbird-140.8.1-bp160.1.1.s390x.rpm MozillaThunderbird-openpgp-librnp-140.8.1-bp160.1.1.s390x.rpm MozillaThunderbird-translations-common-140.8.1-bp160.1.1.s390x.rpm MozillaThunderbird-translations-other-140.8.1-bp160.1.1.s390x.rpm MozillaThunderbird-140.8.1-bp160.1.1.ppc64le.rpm MozillaThunderbird-openpgp-librnp-140.8.1-bp160.1.1.ppc64le.rpm MozillaThunderbird-translations-common-140.8.1-bp160.1.1.ppc64le.rpm MozillaThunderbird-translations-other-140.8.1-bp160.1.1.ppc64le.rpm MozillaThunderbird-140.8.1-bp160.1.1.aarch64.rpm MozillaThunderbird-openpgp-librnp-140.8.1-bp160.1.1.aarch64.rpm MozillaThunderbird-translations-common-140.8.1-bp160.1.1.aarch64.rpm MozillaThunderbird-translations-other-140.8.1-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-171 Security update for python-Authlib critical openSUSE Backports SLE-16.0 This update for python-Authlib fixes the following issues: Changes in python-Authlib: - CVE-2026-27962: JWS `deserialize_compact()` allows for signature bypass by accepting user-controlled embedded JWK as verification key (bsc#1259738) - CVE-2026-28490: cryptographic padding oracle in JWE RSA1_5 key management algorithm (bsc#1259736) - CVE-2026-28498: fail-open in behavior OIDC hash validation allows for bypass mandatory integrity protections (bsc#1259737) python313-Authlib-1.5.2-bp160.3.1.noarch.rpm openSUSE-Leap-16.0-packagehub-172 Security update for python-simpleeval important openSUSE Backports SLE-16.0 This update for python-simpleeval fixes the following issues: Changes in python-simpleeval: - CVE-2026-32640: Objects (including modules) can leak dangerous modules through to direct access inside the sandbox (bsc#1259685) python313-simpleeval-0.9.13-bp160.2.1.noarch.rpm openSUSE-Leap-16.0-packagehub-173 Security update for mumble low openSUSE Backports SLE-16.0 This update for mumble fixes the following issues: Changes in mumble: - CVE-2025-71264: (opus) incorrect size calculations allow for an out-of-bounds array access and can lead to a client crash (boo#1259721) - Update to version 1.5.857: * fixes for undesired ACL behavior * Client bug fixes: UI, memory leaks, audio mute/volume behavior mumble-1.5.857-bp160.1.1.x86_64.rpm mumble-server-1.5.857-bp160.1.1.x86_64.rpm mumble-1.5.857-bp160.1.1.s390x.rpm mumble-server-1.5.857-bp160.1.1.s390x.rpm mumble-1.5.857-bp160.1.1.ppc64le.rpm mumble-server-1.5.857-bp160.1.1.ppc64le.rpm mumble-1.5.857-bp160.1.1.aarch64.rpm mumble-server-1.5.857-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-174 Security update for chromium important openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: Changes in chromium: - Chromium 146.0.7680.153 (boo#1259964): * CVE-2026-4439: Out of bounds memory access in WebGL * CVE-2026-4440: Out of bounds read and write in WebGL * CVE-2026-4441: Use after free in Base * CVE-2026-4442: Heap buffer overflow in CSS * CVE-2026-4443: Heap buffer overflow in WebAudio * CVE-2026-4444: Stack buffer overflow in WebRTC * CVE-2026-4445: Use after free in WebRTC * CVE-2026-4446: Use after free in WebRTC * CVE-2026-4447: Inappropriate implementation in V8 * CVE-2026-4448: Heap buffer overflow in ANGLE * CVE-2026-4449: Use after free in Blink * CVE-2026-4450: Out of bounds write in V8 * CVE-2026-4451: Insufficient validation of untrusted input in Navigation * CVE-2026-4452: Integer overflow in ANGLE * CVE-2026-4453: Integer overflow in Dawn * CVE-2026-4454: Use after free in Network * CVE-2026-4455: Heap buffer overflow in PDFium * CVE-2026-4456: Use after free in Digital Credentials API * CVE-2026-4457: Type Confusion in V8 * CVE-2026-4458: Use after free in Extensions * CVE-2026-4459: Out of bounds read and write in WebAudio * CVE-2026-4460: Out of bounds read in Skia * CVE-2026-4461: Inappropriate implementation in V8 * CVE-2026-4462: Out of bounds read in Blink * CVE-2026-4463: Heap buffer overflow in WebRTC * CVE-2026-4464: Integer overflow in ANGLE chromedriver-146.0.7680.153-bp160.1.1.x86_64.rpm chromium-146.0.7680.153-bp160.1.1.x86_64.rpm chromedriver-146.0.7680.153-bp160.1.1.ppc64le.rpm chromium-146.0.7680.153-bp160.1.1.ppc64le.rpm chromedriver-146.0.7680.153-bp160.1.1.aarch64.rpm chromium-146.0.7680.153-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-175 Security update for freeciv moderate openSUSE Backports SLE-16.0 This update for freeciv fixes the following issues: Changes in freeciv: - freeciv 3.2.4: * CVE-2026-33250: Fix a vulnerability allowing remote crashing of the server (boo#1260036) * SDL2 client: Fix crash on selecting nation style or nation - includes changes from version 3.2.3: * Restore server to sane state after savegame loading failures * Assert unit goto tile validity rather than outright crashing * Improvements to AI players * Client UI tweaks and bug fixes * translation updates - freeciv 3.2.2, a compatible general bugfix release: * Fix backward compatibility in loading unit actions from a savegame * Fix crashes after continuing game from a savegame * Fix an error after player is added mid-game * Fix various crashes in client, and client UI tweaks - freeciv 3.2.1, a compatible general bugfix release: * Fixes for units carrying goods * Fix no city being considered capital for a turn after savegame loading * Corrected what situations make it impossible to airlift a unit * Fix culture victory with very high values of culture * Client UI and crash fixes freeciv-3.2.4-bp160.1.1.x86_64.rpm freeciv-gtk3-3.2.4-bp160.1.1.x86_64.rpm freeciv-gtk4-3.2.4-bp160.1.1.x86_64.rpm freeciv-lang-3.2.4-bp160.1.1.noarch.rpm freeciv-qt-3.2.4-bp160.1.1.x86_64.rpm freeciv-sdl2-3.2.4-bp160.1.1.x86_64.rpm freeciv-3.2.4-bp160.1.1.s390x.rpm freeciv-gtk3-3.2.4-bp160.1.1.s390x.rpm freeciv-gtk4-3.2.4-bp160.1.1.s390x.rpm freeciv-qt-3.2.4-bp160.1.1.s390x.rpm freeciv-sdl2-3.2.4-bp160.1.1.s390x.rpm freeciv-3.2.4-bp160.1.1.ppc64le.rpm freeciv-gtk3-3.2.4-bp160.1.1.ppc64le.rpm freeciv-gtk4-3.2.4-bp160.1.1.ppc64le.rpm freeciv-qt-3.2.4-bp160.1.1.ppc64le.rpm freeciv-sdl2-3.2.4-bp160.1.1.ppc64le.rpm freeciv-3.2.4-bp160.1.1.aarch64.rpm freeciv-gtk3-3.2.4-bp160.1.1.aarch64.rpm freeciv-gtk4-3.2.4-bp160.1.1.aarch64.rpm freeciv-qt-3.2.4-bp160.1.1.aarch64.rpm freeciv-sdl2-3.2.4-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-176 Recommended update for patterns-cockpit moderate openSUSE Backports SLE-16.0 This update for patterns-cockpit fixes the following issues: Introduce patterns-cockpit. patterns-cockpit-16.0-bp160.1.1.x86_64.rpm patterns-cockpit-client-16.0-bp160.1.1.x86_64.rpm patterns-cockpit-16.0-bp160.1.1.s390x.rpm patterns-cockpit-client-16.0-bp160.1.1.s390x.rpm patterns-cockpit-16.0-bp160.1.1.ppc64le.rpm patterns-cockpit-client-16.0-bp160.1.1.ppc64le.rpm patterns-cockpit-16.0-bp160.1.1.aarch64.rpm patterns-cockpit-client-16.0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-177 Recommended update for python-vulture moderate openSUSE Backports SLE-16.0 This update for python-vulture fixes the following issues: Introduce python-vulture. python313-vulture-2.15-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-178 Recommended update for putty moderate openSUSE Backports SLE-16.0 This update for putty fixes the following issues: Changes in putty: - Update to release 0.83 * Support for ML-KEM, a NIST-standardised post-quantum key exchange mechanism. * Bug fix: psftp -b works again. * Fixed bug which crashed Pageant if an SSH connection is abandoned while waiting for a deferred decryption passphrase. * Fix a tight loop bug occurring if PuTTY tried to send an empty answerback string. * Fixed a bug where some configuration edit boxes' contents were accidentally truncated to 127 characters. * Bug fix: the small keypad keys did not reliably work in the terminal on Unix. - Update to release 0.82 * Major refactoring of Unicode handling to allow the use of 'foreign' Unicode characters outside the system's configured default character set. * Bracketed paste mode can now be turned off in the Terminal > Features panel. * The "border width" configuration option is now honoured even when the window is maximised. putty-0.83-bp160.1.1.x86_64.rpm putty-0.83-bp160.1.1.s390x.rpm putty-0.83-bp160.1.1.ppc64le.rpm putty-0.83-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-179 Security update for chromium important openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: Changes in chromium: - Chromium 146.0.7680.164 (boo#1260376) * CVE-2026-4673: Heap buffer overflow in WebAudio * CVE-2026-4674: Out of bounds read in CSS * CVE-2026-4675: Heap buffer overflow in WebGL * CVE-2026-4676: Use after free in Dawn * CVE-2026-4677: Out of bounds read in WebAudio * CVE-2026-4678: Use after free in WebGPU * CVE-2026-4679: Integer overflow in Fonts * CVE-2026-4680: Use after free in FedCM chromedriver-146.0.7680.164-bp160.1.1.x86_64.rpm chromium-146.0.7680.164-bp160.1.1.x86_64.rpm chromedriver-146.0.7680.164-bp160.1.1.ppc64le.rpm chromium-146.0.7680.164-bp160.1.1.ppc64le.rpm chromedriver-146.0.7680.164-bp160.1.1.aarch64.rpm chromium-146.0.7680.164-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-18 Recommended update for amarok moderate openSUSE Backports SLE-16.0 This update for amarok fixes the following issues: Changes in amarok: - Update to version 3.3.1 * Enable saving and loading script console items, autocompletion in script console, and re-enable some more scripting functionality * Convert the remaining main UI toolbuttons to use icons from theme * Clear out remnants of the now-discontinued MusicDNS service * Fix example permission grant command in database settings (kde#386004) * Fix equalizer gains not updating when selecting some presets (kde#463908) * Fix continuing playback after timecoded tracks (cue files etc, (kde#270003) * Fix MusicBrainz search * Properly start CD playback if Amarok is not already running (kde#503310) * Also transmit embedded cover art through MPRIS (kde#357620) * Don't show transcoding dialog after canceling download (kde#275840) * Load network information earlier to avoid crashes on startup (kde#507497) * Try to export as-compatible-as-possible playlist files (kde#507329) * Fix some random crashes during playback amarok-3.3.1-bp160.1.1.x86_64.rpm amarok-doc-3.3.1-bp160.1.1.x86_64.rpm amarok-lang-3.3.1-bp160.1.1.noarch.rpm amarok-3.3.1-bp160.1.1.s390x.rpm amarok-doc-3.3.1-bp160.1.1.s390x.rpm amarok-3.3.1-bp160.1.1.ppc64le.rpm amarok-doc-3.3.1-bp160.1.1.ppc64le.rpm amarok-3.3.1-bp160.1.1.aarch64.rpm amarok-doc-3.3.1-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-180 Security update for gimp important openSUSE Backports SLE-16.0 This update for gimp fixes the following issues: Changes in gimp: - CVE-2026-4150: Fixed PSD file parsing integer overflow vulnerability (bsc#1259979) = CVE-2026-4151: Fixed ANI file parsing integer overflow vulnerability (bsc#1259983) - CVE-2026-4153: Fixed PSP file parsing heap-based buffer overflow vulnerability (bsc#1259984) - CVE-2026-4154: Fixed XPM file parsing integer overflow vulnerability (bsc#1259986) gimp-3.0.8-bp160.3.1.x86_64.rpm gimp-devel-3.0.8-bp160.3.1.x86_64.rpm gimp-extension-goat-excercises-3.0.8-bp160.3.1.x86_64.rpm gimp-lang-3.0.8-bp160.3.1.noarch.rpm gimp-plugin-aa-3.0.8-bp160.3.1.x86_64.rpm gimp-plugin-python3-3.0.8-bp160.3.1.x86_64.rpm gimp-vala-3.0.8-bp160.3.1.x86_64.rpm libgimp-3_0-0-3.0.8-bp160.3.1.x86_64.rpm libgimpui-3_0-0-3.0.8-bp160.3.1.x86_64.rpm gimp-3.0.8-bp160.3.1.ppc64le.rpm gimp-devel-3.0.8-bp160.3.1.ppc64le.rpm gimp-extension-goat-excercises-3.0.8-bp160.3.1.ppc64le.rpm gimp-plugin-aa-3.0.8-bp160.3.1.ppc64le.rpm gimp-plugin-python3-3.0.8-bp160.3.1.ppc64le.rpm gimp-vala-3.0.8-bp160.3.1.ppc64le.rpm libgimp-3_0-0-3.0.8-bp160.3.1.ppc64le.rpm libgimpui-3_0-0-3.0.8-bp160.3.1.ppc64le.rpm gimp-3.0.8-bp160.3.1.aarch64.rpm gimp-devel-3.0.8-bp160.3.1.aarch64.rpm gimp-extension-goat-excercises-3.0.8-bp160.3.1.aarch64.rpm gimp-plugin-aa-3.0.8-bp160.3.1.aarch64.rpm gimp-plugin-python3-3.0.8-bp160.3.1.aarch64.rpm gimp-vala-3.0.8-bp160.3.1.aarch64.rpm libgimp-3_0-0-3.0.8-bp160.3.1.aarch64.rpm libgimpui-3_0-0-3.0.8-bp160.3.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-181 Security update for python-dynaconf important openSUSE Backports SLE-16.0 This update for python-dynaconf fixes the following issues: Changes in python-dynaconf: - CVE-2026-33154: Server-Side Template Injection in the @Jinja resolver (bsc#1260063) python313-dynaconf-3.2.5-bp160.2.1.noarch.rpm openSUSE-Leap-16.0-packagehub-182 Security update for python-PyPDF2 moderate openSUSE Backports SLE-16.0 This update for python-PyPDF2 fixes the following issues: Changes in python-PyPDF2: - CVE-2026-33123: Fixed excessive resource consumption when processing specially crafted PDF due to inefficient decoding of array-based streams (bsc#1259992) python313-PyPDF2-2.11.1-bp160.5.1.noarch.rpm openSUSE-Leap-16.0-packagehub-183 Recommended update for apcupsd moderate openSUSE Backports SLE-16.0 This update for apcupsd fixes the following issues: Introduce apcupsd. apcupsd-3.14.14-bp160.1.1.x86_64.rpm apcupsd-cgi-3.14.14-bp160.1.1.x86_64.rpm apcupsd-3.14.14-bp160.1.1.s390x.rpm apcupsd-cgi-3.14.14-bp160.1.1.s390x.rpm apcupsd-3.14.14-bp160.1.1.ppc64le.rpm apcupsd-cgi-3.14.14-bp160.1.1.ppc64le.rpm apcupsd-3.14.14-bp160.1.1.aarch64.rpm apcupsd-cgi-3.14.14-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-184 Recommended update for openQA, os-autoinst, openQA-devel-container moderate openSUSE Backports SLE-16.0 This update for openQA, os-autoinst, openQA-devel-container fixes the following issues: Changes in openQA: - Update to version 5.1774104919.9788babf: * feat: add pre-commit hooks with gitlint * ci: replace GHA commit-message-checker with os-autoinst-common one * refactor: replace .gitlint with identical os-autoinst-common one * git subrepo pull (merge) external/os-autoinst-common * fix: needlediff view alignment (regression from dc1a3709e) * fix: robust group property validation and reliable UI tests * test: Consider the `CacheService` directory fully covered * test: Mark whole function `_kill_db_accessing_processes` as uncoverable * test: Track coverage of InfluxDB route of cache service * refactor: Remove CORE:: prefix from function calls * fix: avoid duplicating users on provider mismatch * refactor(Utils): remove unnecessary CORE:: prefix again * fix: use proper Mojo::Base attribute for developer_session_running * refactor: convert all remaining lib/ modules to signatures * fix: use Scalar::Util::set_prototype for compatibility with Perl 5.26.1 * refactor(LiveHandler): convert remaining modules to signatures * refactor(Scheduler): convert remaining modules to signatures * refactor(Schema): convert remaining modules to signatures * refactor(Shared): convert remaining modules to signatures * refactor(Task): convert remaining modules to signatures * refactor(WebAPI): convert remaining modules to signatures * refactor(WebSockets): convert remaining modules to signatures * refactor(Worker): convert remaining modules to signatures * refactor(Parser): convert remaining modules to signatures * refactor(CacheService): convert remaining modules to signatures * refactor(t::lib::OpenQA): convert remaining modules to signatures * refactor: Simplify `_handle_command_resume_test_execution` * chore(t::OpenQA::Test::Utils): remove obsolete "_get_worker" mock * fix: Add missing Mojo::File import in Parser::Format::Base * refactor: remove unused function OpenQA::Parser::Result::write_json * feat(tests): reduce wait_for_ajax default timeout from 5min to 30s * Revert "feat: modernize test result styling with data attributes" * refactor: Use File::stat to avoid magic numbers * refactor: Use Time::Seconds to avoid magic numbers * chore: adapt openQA for jQuery 4.0.0 * feat: improve local gitlint by picking the most recent base branch * ci: ensure local gitlint checks all commits in the branch * ci(check-helm-chart): try harder to download from registry.opensuse.org * fix: resolve instability in cache-service rsync test * feat: use localhost instead of manual IP addresses in startup message * feat: modernize test result styling with data attributes * fix(audit): show all audit events in the web UI * docs: Add missing line break to fix Deletion section * build: integrate stylelint for automated CSS/SCSS styling * feat: Allow reproducing test with pinned test code via clone-job * feat(webui): make rendering batch size configurable * fix: resolve sporadic failure in UI test tabs loading * fix(investigation): select casedir/needledir correctly when no symlink - Update to version 5.1773427330.0b172206: * fix: Display GitHub bugrefs correctly when used within a label * refactor: Improve style in `t/39-scheduled_products-table.t` * feat: improve responsiveness of tabs in job details view * ci(helm): override pullPolicy when install helm via ct * test: Consider everything under `lib/OpenQA/Schema` covered * test: Cover generating Gravatar URLs * test: Cover handling failed job cancellation when scheduling iso * feat: add zypper clean command in base container * test: Cover computing Git log diff * test: Cover adding logs to result file list * refactor: Simplify and slightly improve `create_asset` * refactor: Simplify error handling in function for appending job logs * test: Cover setting and deleting job properties * test: Cover error handling when duplicating jobs * test: Mark error handling in `_hashref` as uncoverable * test: Cover remaining lines of `JobModules.pm` * refactor: Remove unused function `locked_by_jobs` * test: Cover removing test suite defaults * test: Cover rendering description of parent job group * test: Consider everything under `lib/OpenQA/Script/` covered * test: Cover `openqa_baseurl` used by clone script * test: Cover handling unexpected return code in clone script - Update to version 5.1773333964.ffc5eff5: * test: Fix unstable test for stacking of parallel tests on overview page - Update to version 5.1773291834.69acf4b4: * chore(deps): Dependency cron 2026-03-12 * feat: adapt to os-autoinst switching to markdown Changes in os-autoinst: - Update to version 5.1774101470.e82b4cb: * feat: implement 'always_run' test flag * refactor: use gitlint from os-autoinst-common * git subrepo pull (merge) --force external/os-autoinst-common * feat(snd2png): restore erroneously deleted test * style: fix copyright in crop.py * chore: remove unused pyproject line * chore(deps): Add PPI to development dependencies * chore(snd2png): update test.png.md5.original based on current snd2png * test(full-stack): optimize execution time by reducing timeouts * feat(vnc): make connection retry sleep configurable * feat: add configurable secret key hiding support - Update to version 5.1773429030.ba0de6e: * fix: Correct number of internal test_count * chore(AGENTS.md): add customized file * chore(deps): add perl-Test-Perl-Critic dependency for parallel execution * fix: Remove logger message from else condition * style: Use single quotes for strings without interpolation * docs: convert doc/backend_vars.asciidoc to Markdown * docs: convert README.asciidoc to Markdown * docs: convert doc/memorydumps.asciidoc to Markdown * feat: add gitlint pre-commit setup - Update to version 5.1773327169.ae7c574: * chore(AGENTS.md): add customized file * chore(deps): add perl-Test-Perl-Critic dependency for parallel execution * chore(deps): Update perltidy * fix: Remove logger message from else condition * docs: convert doc/backend_vars.asciidoc to Markdown * docs: convert README.asciidoc to Markdown * docs: convert doc/memorydumps.asciidoc to Markdown * feat: add gitlint pre-commit setup Changes in openQA-devel-container: - Update to version 5.1774104919.9788babf3: * Update to latest openQA version openQA-5.1774104919.9788babf-bp160.1.1.x86_64.rpm openQA-auto-update-5.1774104919.9788babf-bp160.1.1.x86_64.rpm openQA-bootstrap-5.1774104919.9788babf-bp160.1.1.x86_64.rpm openQA-client-5.1774104919.9788babf-bp160.1.1.x86_64.rpm openQA-common-5.1774104919.9788babf-bp160.1.1.x86_64.rpm openQA-continuous-update-5.1774104919.9788babf-bp160.1.1.x86_64.rpm openQA-devel-5.1774104919.9788babf-bp160.1.1.x86_64.rpm openQA-doc-5.1774104919.9788babf-bp160.1.1.x86_64.rpm openQA-local-db-5.1774104919.9788babf-bp160.1.1.x86_64.rpm openQA-mcp-5.1774104919.9788babf-bp160.1.1.x86_64.rpm openQA-munin-5.1774104919.9788babf-bp160.1.1.x86_64.rpm openQA-python-scripts-5.1774104919.9788babf-bp160.1.1.x86_64.rpm openQA-single-instance-5.1774104919.9788babf-bp160.1.1.x86_64.rpm openQA-single-instance-nginx-5.1774104919.9788babf-bp160.1.1.x86_64.rpm openQA-worker-5.1774104919.9788babf-bp160.1.1.x86_64.rpm os-autoinst-5.1774101470.e82b4cb-bp160.1.1.x86_64.rpm os-autoinst-devel-5.1774101470.e82b4cb-bp160.1.1.x86_64.rpm os-autoinst-ipmi-deps-5.1774101470.e82b4cb-bp160.1.1.x86_64.rpm os-autoinst-openvswitch-5.1774101470.e82b4cb-bp160.1.1.x86_64.rpm os-autoinst-qemu-kvm-5.1774101470.e82b4cb-bp160.1.1.x86_64.rpm os-autoinst-qemu-x86-5.1774101470.e82b4cb-bp160.1.1.x86_64.rpm os-autoinst-s390-deps-5.1774101470.e82b4cb-bp160.1.1.x86_64.rpm os-autoinst-swtpm-5.1774101470.e82b4cb-bp160.1.1.x86_64.rpm openQA-5.1774104919.9788babf-bp160.1.1.s390x.rpm openQA-auto-update-5.1774104919.9788babf-bp160.1.1.s390x.rpm openQA-bootstrap-5.1774104919.9788babf-bp160.1.1.s390x.rpm openQA-client-5.1774104919.9788babf-bp160.1.1.s390x.rpm openQA-common-5.1774104919.9788babf-bp160.1.1.s390x.rpm openQA-continuous-update-5.1774104919.9788babf-bp160.1.1.s390x.rpm openQA-devel-5.1774104919.9788babf-bp160.1.1.s390x.rpm openQA-doc-5.1774104919.9788babf-bp160.1.1.s390x.rpm openQA-local-db-5.1774104919.9788babf-bp160.1.1.s390x.rpm openQA-mcp-5.1774104919.9788babf-bp160.1.1.s390x.rpm openQA-munin-5.1774104919.9788babf-bp160.1.1.s390x.rpm openQA-python-scripts-5.1774104919.9788babf-bp160.1.1.s390x.rpm openQA-single-instance-5.1774104919.9788babf-bp160.1.1.s390x.rpm openQA-single-instance-nginx-5.1774104919.9788babf-bp160.1.1.s390x.rpm openQA-worker-5.1774104919.9788babf-bp160.1.1.s390x.rpm os-autoinst-5.1774101470.e82b4cb-bp160.1.1.s390x.rpm os-autoinst-devel-5.1774101470.e82b4cb-bp160.1.1.s390x.rpm os-autoinst-ipmi-deps-5.1774101470.e82b4cb-bp160.1.1.s390x.rpm os-autoinst-openvswitch-5.1774101470.e82b4cb-bp160.1.1.s390x.rpm os-autoinst-s390-deps-5.1774101470.e82b4cb-bp160.1.1.s390x.rpm os-autoinst-swtpm-5.1774101470.e82b4cb-bp160.1.1.s390x.rpm openQA-5.1774104919.9788babf-bp160.1.1.ppc64le.rpm openQA-auto-update-5.1774104919.9788babf-bp160.1.1.ppc64le.rpm openQA-bootstrap-5.1774104919.9788babf-bp160.1.1.ppc64le.rpm openQA-client-5.1774104919.9788babf-bp160.1.1.ppc64le.rpm openQA-common-5.1774104919.9788babf-bp160.1.1.ppc64le.rpm openQA-continuous-update-5.1774104919.9788babf-bp160.1.1.ppc64le.rpm openQA-devel-5.1774104919.9788babf-bp160.1.1.ppc64le.rpm openQA-doc-5.1774104919.9788babf-bp160.1.1.ppc64le.rpm openQA-local-db-5.1774104919.9788babf-bp160.1.1.ppc64le.rpm openQA-mcp-5.1774104919.9788babf-bp160.1.1.ppc64le.rpm openQA-munin-5.1774104919.9788babf-bp160.1.1.ppc64le.rpm openQA-python-scripts-5.1774104919.9788babf-bp160.1.1.ppc64le.rpm openQA-single-instance-5.1774104919.9788babf-bp160.1.1.ppc64le.rpm openQA-single-instance-nginx-5.1774104919.9788babf-bp160.1.1.ppc64le.rpm openQA-worker-5.1774104919.9788babf-bp160.1.1.ppc64le.rpm os-autoinst-5.1774101470.e82b4cb-bp160.1.1.ppc64le.rpm os-autoinst-devel-5.1774101470.e82b4cb-bp160.1.1.ppc64le.rpm os-autoinst-ipmi-deps-5.1774101470.e82b4cb-bp160.1.1.ppc64le.rpm os-autoinst-openvswitch-5.1774101470.e82b4cb-bp160.1.1.ppc64le.rpm os-autoinst-s390-deps-5.1774101470.e82b4cb-bp160.1.1.ppc64le.rpm os-autoinst-swtpm-5.1774101470.e82b4cb-bp160.1.1.ppc64le.rpm openQA-5.1774104919.9788babf-bp160.1.1.aarch64.rpm openQA-auto-update-5.1774104919.9788babf-bp160.1.1.aarch64.rpm openQA-bootstrap-5.1774104919.9788babf-bp160.1.1.aarch64.rpm openQA-client-5.1774104919.9788babf-bp160.1.1.aarch64.rpm openQA-common-5.1774104919.9788babf-bp160.1.1.aarch64.rpm openQA-continuous-update-5.1774104919.9788babf-bp160.1.1.aarch64.rpm openQA-devel-5.1774104919.9788babf-bp160.1.1.aarch64.rpm openQA-doc-5.1774104919.9788babf-bp160.1.1.aarch64.rpm openQA-local-db-5.1774104919.9788babf-bp160.1.1.aarch64.rpm openQA-mcp-5.1774104919.9788babf-bp160.1.1.aarch64.rpm openQA-munin-5.1774104919.9788babf-bp160.1.1.aarch64.rpm openQA-python-scripts-5.1774104919.9788babf-bp160.1.1.aarch64.rpm openQA-single-instance-5.1774104919.9788babf-bp160.1.1.aarch64.rpm openQA-single-instance-nginx-5.1774104919.9788babf-bp160.1.1.aarch64.rpm openQA-worker-5.1774104919.9788babf-bp160.1.1.aarch64.rpm os-autoinst-5.1774101470.e82b4cb-bp160.1.1.aarch64.rpm os-autoinst-devel-5.1774101470.e82b4cb-bp160.1.1.aarch64.rpm os-autoinst-ipmi-deps-5.1774101470.e82b4cb-bp160.1.1.aarch64.rpm os-autoinst-openvswitch-5.1774101470.e82b4cb-bp160.1.1.aarch64.rpm os-autoinst-s390-deps-5.1774101470.e82b4cb-bp160.1.1.aarch64.rpm os-autoinst-swtpm-5.1774101470.e82b4cb-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-185 Security update for tinyproxy important openSUSE Backports SLE-16.0 This update for tinyproxy fixes the following issues: Changes in tinyproxy: - CVE-2026-3945: Fixed denial of service by unauthenticated remote attacker (boo#1261024) - Update to release 1.11.3 * conf: add BasicAuthRealm feature * basic auth: fix error status 401 vs 407 * tinyproxy.conf.5: explain what a site_spec looks like * tinyproxy.conf.5: add an IPv6 example to allow/deny section * reqs: fix integer overflow in port number processing tinyproxy-1.11.3-bp160.1.1.x86_64.rpm tinyproxy-1.11.3-bp160.1.1.s390x.rpm tinyproxy-1.11.3-bp160.1.1.ppc64le.rpm tinyproxy-1.11.3-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-186 Security update for chromium important openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: Changes in chromium: - Chromium 146.0.7680.177 (boo#1261249) * CVE-2026-5273: Use after free in CSS * CVE-2026-5272: Heap buffer overflow in GPU * CVE-2026-5274: Integer overflow in Codecs * CVE-2026-5275: Heap buffer overflow in ANGLE * CVE-2026-5276: Insufficient policy enforcement in WebUSB * CVE-2026-5277: Integer overflow in ANGLE * CVE-2026-5278: Use after free in Web MIDI * CVE-2026-5279: Object corruption in V8 * CVE-2026-5280: Use after free in WebCodecs * CVE-2026-5281: Use after free in Dawn * CVE-2026-5282: Out of bounds read in WebCodecs * CVE-2026-5283: Inappropriate implementation in ANGLE * CVE-2026-5284: Use after free in Dawn * CVE-2026-5285: Use after free in WebGL * CVE-2026-5286: Use after free in Dawn * CVE-2026-5287: Use after free in PDF * CVE-2026-5288: Use after free in WebView * CVE-2026-5289: Use after free in Navigation * CVE-2026-5290: Use after free in Compositing * CVE-2026-5291: Inappropriate implementation in WebGL * CVE-2026-5292: Out of bounds read in WebCodecs chromedriver-146.0.7680.177-bp160.1.1.x86_64.rpm chromium-146.0.7680.177-bp160.1.1.x86_64.rpm chromedriver-146.0.7680.177-bp160.1.1.ppc64le.rpm chromium-146.0.7680.177-bp160.1.1.ppc64le.rpm chromedriver-146.0.7680.177-bp160.1.1.aarch64.rpm chromium-146.0.7680.177-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-187 Security update for osslsigncode critical openSUSE Backports SLE-16.0 This update for osslsigncode fixes the following issues: Changes in osslsigncode: - Update to 2.13 (bsc#1260680, CVE-2025-70888): * fixed integer overflows when processing APPX compressed data streams * fixed double-free vulnerabilities in APPX file processing * fixed multiple memory corruption issues in PE page hash computation - Changes from 2.12: * fixed a buffer overflow while extracting message digests - Changes from 2.11: * added keyUsage validation for signer certificate * added printing CRL details during signature verification * implemented a workaround for CRL servers returning the HTTP Content-Type header other than application/pkix-crl * fixed HTTP keep-alive handling * fixed macOS compiler and linker flags * fixed undefined BIO_get_fp() behavior with BIO_FLAGS_UPLINK_INTERNAL - update to 2.10: * added JavaScript signing * added PKCS#11 provider support (requires OpenSSL 3.0+) * added support for providers without specifying "-pkcs11module" option * (OpenSSL 3.0+, e.g., for the upcoming CNG provider) * added compatibility with the CNG engine version 1.1 or later * added the "-engineCtrl" option to control hardware and CNG engines * added the '-blobFile' option to specify a file containing the blob content * improved unauthenticated blob support (thanks to Asger Hautop Drewsen) * improved UTF-8 handling for certificate subjects and issuers * fixed support for multiple signerInfo contentType OIDs (CTL and Authenticode) * fixed tests for python-cryptography >= 43.0.0 - update to version 2.9: * added a 64 bit long pseudo-random NONCE in the TSA request * missing NID_pkcs9_signingTime is no longer an error * added support for PEM-encoded CRLs * fixed the APPX central directory sorting order * added a special "-" file name to read the passphrase from stdin * used native HTTP client with OpenSSL 3.x, removing libcurl dependency * added '-login' option to force a login to PKCS11 engines * added the "-ignore-crl" option to disable fetching and verifying CRL Distribution Points * changed error output to stderr instead of stdout * various testing framework improvements * various memory corruption fixes - update to version 2.8: * Microsoft PowerShell signing sponsored by Cisco Systems, Inc. * fixed setting unauthenticated attributes (Countersignature, Unauthenticated * Data Blob) in a nested signature * added the "-index" option to verify a specific signature or modify its unauthenticated attributes * added CAT file verification * added listing the contents of a CAT file with the "-verbose" option * added the new "extract-data" command to extract a PKCS#7 data content to be signed with "sign" and attached with "attach-signature" * added PKCS9_SEQUENCE_NUMBER authenticated attribute support * added the "-ignore-cdp" option to disable CRL Distribution Points (CDP) online verification * unsuccessful CRL retrieval and verification changed into a critical error the "-p" option modified to also use to configured proxy to connect CRL Distribution Points * added implicit allowlisting of the Microsoft Root Authority serial number 00C1008B3C3C8811D13EF663ECDF40 * added listing of certificate chain retrieved from the signature in case of verification failure osslsigncode-2.13-bp160.1.1.x86_64.rpm osslsigncode-2.13-bp160.1.1.s390x.rpm osslsigncode-2.13-bp160.1.1.ppc64le.rpm osslsigncode-2.13-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-188 Recommended update for OpenBoard moderate openSUSE Backports SLE-16.0 This update for OpenBoard fixes the following issues: Changes in OpenBoard: - update to release version 1.7.7 * fix: transparent background for widgets * fix: enable Cookie storage * feat: display warning for broken documents * feat: add document converter in preparation for document format change with an upcoming version 1.8.0 OpenBoard-1.7.7-bp160.1.1.x86_64.rpm OpenBoard-1.7.7-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-189 Recommended update for mc moderate openSUSE Backports SLE-16.0 This update for mc fixes the following issues: Changes in mc: - Update to 4.8.33: - Core * Minimal version of Automake is 1.14 (#4604) * Upgrade C standard to C99 (#4604) * Support ksh variants as subshell (#3748) * Improve fish 4.0 shell support (#4597) * Add support for bash PROMPT_COMMAND being an array (#4599) * Don't override ENV variable for ash/dash subshell (#4605) * Don't disable verbose mode if tty baudrate can't be reliably determined (#2452) * New keymap for vim users (#4588) - VFS * extfs vfs: chmod/chown inside extfs (e.g. zip archive) silently fails (#4629) * Add embedded torrent viewer/vfs (#3100) - Misc * Code cleanup (#4572, #4593, #4595, #4598) * Adjust mc-wrappers to work with the new MC_TMPDIR creation logic (#4575) * Prefer console players for sound, images and video in non-graphical sessions (#4479, #4596) * Support `TERM=xterm-clear` for FreeBSD users (#2633) * mc.ext.ini: - Support for Rust crates file format (#4609) - Support for OpenEmbedded ipk archives (#4626) * ext.d: select browser at runtime (#4615) * Move CI from Travis to GitHub Actions (#4170, #3738, #4602) - Fixes * Segfault if filter makes file panel empty (#4600) * Segfault in built-in help when going to the previous topic (#4627) * Incorrect handling of ext2 attributes of a directory (#4590) * Failed copy/move operations make ETA inaccurate (#3205, #4613, #4623) * Hotlist: use after free (#4621) * mc.ext.ini: typo for apt view command line (#4583) * mcedit: visual glitches if built with aspell, but libraries not installed (#4576) * mcedit: segfault on new file creation (#4580) * mcedit: PageDown skips lines in edit window (#4617) * mcedit: cursor jumps during PageDown in edit window (#4618) * mvciew: false-positive regex search of BOL (#4587) * mcdiff: segmentation fault on empty files merge (#4608) * tar vfs: double free (#4616) * sftpfs vfs: use after free (#4620) * tests: fix charset-related code on non-glibc platforms (Alpine, Illumos) (#3972, #4495) * tests: use weak symbols instead of symbol duplication to support non-GNU linkers / macOS (#4584, #3542) mc-4.8.33-bp160.1.1.x86_64.rpm mc-lang-4.8.33-bp160.1.1.noarch.rpm mc-4.8.33-bp160.1.1.s390x.rpm mc-4.8.33-bp160.1.1.ppc64le.rpm mc-4.8.33-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-19 Security update for chromium moderate openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: Chromium 142.0.7444.134 (boo#1253089): * CVE-2025-12725: Out of bounds write in WebGPU * CVE-2025-12726: Inappropriate implementation in Views * CVE-2025-12727: Inappropriate implementation in V8 * CVE-2025-12728: Inappropriate implementation in Omnibox * CVE-2025-12729: Inappropriate implementation in Omnibox chromedriver-142.0.7444.59-bp160.1.1.x86_64.rpm chromium-142.0.7444.59-bp160.1.1.x86_64.rpm chromedriver-142.0.7444.59-bp160.1.1.ppc64le.rpm chromium-142.0.7444.59-bp160.1.1.ppc64le.rpm chromedriver-142.0.7444.59-bp160.1.1.aarch64.rpm chromium-142.0.7444.59-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-190 Security update for mapserver moderate openSUSE Backports SLE-16.0 This update for mapserver fixes the following issues: Changes in mapserver: - Update to release 8.6.1 * msSLDParseRasterSymbolizer: fix potential heap buffer overflow [boo#1260869] [CVE-2026-33721] * GetFeatureInfo with IDENTIFY CLASSAUTO: take into account SYMBOL.ANCHORPOINT * WCS 2.0: fix issue when input raster in a rotated pole lon/lat CRS with lon_0 > 180 * UVRaster: fix WMS-Time support on layers with TILEINDEX pointing to a shapefile * WMS GetCapabilities response: use group title and abstract when using wms_layer_group instead of GROUP - Update to release 8.6.0 * Add `CONNECTIONTYPE RASTERLABEL` * Set `MS_LEGEND_KEYSIZE_MAX` to 1000 * Add 4 new `COMPOSITE.COMPOP` blending operations * Allow encryption key files to use paths relative to a mapfile * Allow `use_default_extent_for_getfeature` to be used for OGC Features API and PostGIS * Allow append of additional query parameters for OGCAPI * New MapServer index page * WMS `GetFeatureInfo`: add options to precisely identify points through their symbols * Add `FALLBACK` parameter for the `CLASS` object, to be applied if none of the previously defined classes has been applied libjavamapscript-8.6.1-bp160.1.1.x86_64.rpm libmapserver2-8.6.1-bp160.1.1.x86_64.rpm mapserver-8.6.1-bp160.1.1.x86_64.rpm mapserver-devel-8.6.1-bp160.1.1.x86_64.rpm perl-mapscript-8.6.1-bp160.1.1.x86_64.rpm php-mapscriptng-8.6.1-bp160.1.1.x86_64.rpm python313-mapserver-8.6.1-bp160.1.1.x86_64.rpm libjavamapscript-8.6.1-bp160.1.1.ppc64le.rpm libmapserver2-8.6.1-bp160.1.1.ppc64le.rpm mapserver-8.6.1-bp160.1.1.ppc64le.rpm mapserver-devel-8.6.1-bp160.1.1.ppc64le.rpm perl-mapscript-8.6.1-bp160.1.1.ppc64le.rpm php-mapscriptng-8.6.1-bp160.1.1.ppc64le.rpm python313-mapserver-8.6.1-bp160.1.1.ppc64le.rpm libjavamapscript-8.6.1-bp160.1.1.aarch64.rpm libmapserver2-8.6.1-bp160.1.1.aarch64.rpm mapserver-8.6.1-bp160.1.1.aarch64.rpm mapserver-devel-8.6.1-bp160.1.1.aarch64.rpm perl-mapscript-8.6.1-bp160.1.1.aarch64.rpm php-mapscriptng-8.6.1-bp160.1.1.aarch64.rpm python313-mapserver-8.6.1-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-191 Security update for aws-c-event-stream important openSUSE Backports SLE-16.0 This update for aws-c-event-stream fixes the following issues: Changes in aws-c-event-stream: - CVE-2026-5190: Fixed a out-of-bounds write caused by crafted event-stream messages (bsc#1261298) aws-c-event-stream-devel-0.4.2-bp160.2.1.x86_64.rpm libaws-c-event-stream1-0.4.2-bp160.2.1.x86_64.rpm aws-c-event-stream-devel-0.4.2-bp160.2.1.ppc64le.rpm libaws-c-event-stream1-0.4.2-bp160.2.1.ppc64le.rpm aws-c-event-stream-devel-0.4.2-bp160.2.1.aarch64.rpm libaws-c-event-stream1-0.4.2-bp160.2.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-192 Recommended update for virtme moderate openSUSE Backports SLE-16.0 This update for virtme fixes the following issues: Changes in virtme: - Update to 1.41: * Improve the consistency and reliability of the guest init process (virtme-ng-init / virtme-init). * Broader support across different distributions and architectures, including better compatibility with minimal rootfs environments. * Debugging capabilities have been enhanced with support for customizing the GDB port for each guest session. * Networking has been refined as well, with improved SSH handling and new options for PCI device passthrough via --vfio-pci. * Integration with AI agents has also been enhanced. In particular, vng can now be used more effectively in non-interactive sessions, allowing AI agents to automate fairly advanced workflows for kernel testing and patch validation. virtme-1.41-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-193 Security update for chromium moderate openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: Chromium 147.0.7727.55 (boo#1261758): * CVE-2026-5858: Heap buffer overflow in WebML * CVE-2026-5859: Integer overflow in WebML * CVE-2026-5860: Use after free in WebRTC * CVE-2026-5861: Use after free in V8 * CVE-2026-5862: Inappropriate implementation in V8 * CVE-2026-5863: Inappropriate implementation in V8 * CVE-2026-5864: Heap buffer overflow in WebAudio * CVE-2026-5865: Type Confusion in V8 * CVE-2026-5866: Use after free in Media * CVE-2026-5867: Heap buffer overflow in WebML * CVE-2026-5868: Heap buffer overflow in ANGLE * CVE-2026-5869: Heap buffer overflow in WebML * CVE-2026-5870: Integer overflow in Skia * CVE-2026-5871: Type Confusion in V8 * CVE-2026-5872: Use after free in Blink * CVE-2026-5873: Out of bounds read and write in V8 * CVE-2026-5874: Use after free in PrivateAI * CVE-2026-5875: Policy bypass in Blink * CVE-2026-5876: Side-channel information leakage in Navigation * CVE-2026-5877: Use after free in Navigation * CVE-2026-5878: Incorrect security UI in Blink * CVE-2026-5879: Insufficient validation of untrusted input in ANGLE * CVE-2026-5880: Incorrect security UI in browser UI * CVE-2026-5881: Policy bypass in LocalNetworkAccess * CVE-2026-5882: Incorrect security UI in Fullscreen * CVE-2026-5883: Use after free in Media * CVE-2026-5884: Insufficient validation of untrusted input in Media * CVE-2026-5885: Insufficient validation of untrusted input in WebML * CVE-2026-5886: Out of bounds read in WebAudio * CVE-2026-5887: Insufficient validation of untrusted input in Downloads * CVE-2026-5888: Uninitialized Use in WebCodecs * CVE-2026-5889: Cryptographic Flaw in PDFium * CVE-2026-5890: Race in WebCodecs * CVE-2026-5891: Insufficient policy enforcement in browser UI * CVE-2026-5892: Insufficient policy enforcement in PWAs * CVE-2026-5893: Race in V8 * CVE-2026-5894: Inappropriate implementation in PDF * CVE-2026-5895: Incorrect security UI in Omnibox * CVE-2026-5896: Policy bypass in Audio * CVE-2026-5897: Incorrect security UI in Downloads * CVE-2026-5898: Incorrect security UI in Omnibox * CVE-2026-5899: Incorrect security UI in History Navigation * CVE-2026-5900: Policy bypass in Downloads * CVE-2026-5901: Policy bypass in DevTools * CVE-2026-5902: Race in Media * CVE-2026-5903: Policy bypass in IFrameSandbox * CVE-2026-5904: Use after free in V8 * CVE-2026-5905: Incorrect security UI in Permissions * CVE-2026-5906: Incorrect security UI in Omnibox * CVE-2026-5907: Insufficient data validation in Media * CVE-2026-5908: Integer overflow in Media * CVE-2026-5909: Integer overflow in Media * CVE-2026-5910: Integer overflow in Media * CVE-2026-5911: Policy bypass in ServiceWorkers * CVE-2026-5912: Integer overflow in WebRTC * CVE-2026-5913: Out of bounds read in Blink * CVE-2026-5914: Type Confusion in CSS * CVE-2026-5915: Insufficient validation of untrusted input in WebML * CVE-2026-5918: Inappropriate implementation in Navigation * CVE-2026-5919: Insufficient validation of untrusted input in WebSockets * enforce a number of new Local Area Network (LAN) restrictions * New Web Printing API * vertical tabs support (trial) - new in 147 (for developers): * Element-scoped view transitions exposes startViewTransition on arbitrary HTML elements. * CSS contrast-color() helps meet accessibility requirements * The CSS border-shape property lets you create non-rectangular borders * CVE-2025-4096: Heap buffer overflow in HTML * CVE-2025-4050: Out of bounds memory access in DevTools * CVE-2025-4051: Insufficient data validation in DevTools * CVE-2025-4052: Inappropriate implementation in DevTools * CVE-2024-7000: Use after free in CSS * CVE-2024-3834: Use after free in Downloads * CVE-2020-6465: Use after free in reader mode * CVE-2020-6466: Use after free in media * CVE-2020-6467: Use after free in WebRTC * CVE-2020-6468: Type Confusion in V8 * CVE-2020-6469: Insufficient policy enforcement in developer tools * CVE-2020-6470: Insufficient validation of untrusted input in clipboard * CVE-2020-6471: Insufficient policy enforcement in developer tools * CVE-2020-6472: Insufficient policy enforcement in developer tools * CVE-2020-6473: Insufficient policy enforcement in Blink * CVE-2020-6474: Use after free in Blink * CVE-2020-6475: Incorrect security UI in full screen * CVE-2020-6476: Insufficient policy enforcement in tab strip * CVE-2020-6477: Inappropriate implementation in installer * CVE-2020-6478: Inappropriate implementation in full screen * CVE-2020-6479: Inappropriate implementation in sharing * CVE-2020-6480: Insufficient policy enforcement in enterprise * CVE-2020-6481: Insufficient policy enforcement in URL formatting * CVE-2020-6482: Insufficient policy enforcement in developer tools * CVE-2020-6483: Insufficient policy enforcement in payments * CVE-2020-6484: Insufficient data validation in ChromeDriver * CVE-2020-6485: Insufficient data validation in media router * CVE-2020-6486: Insufficient policy enforcement in navigations * CVE-2020-6487: Insufficient policy enforcement in downloads * CVE-2020-6488: Insufficient policy enforcement in downloads * CVE-2020-6489: Inappropriate implementation in developer tools * CVE-2020-6490: Insufficient data validation in loader * CVE-2020-6491: Incorrect security UI in site information * CVE-2019-5754: Inappropriate implementation in QUIC Networking * CVE-2019-5782: Inappropriate implementation in V8 * CVE-2019-5755: Inappropriate implementation in V8 * CVE-2019-5756: Use after free in PDFium * CVE-2019-5757: Type Confusion in SVG * CVE-2019-5758: Use after free in Blink * CVE-2019-5759: Use after free in HTML select elements * CVE-2019-5760: Use after free in WebRTC * CVE-2019-5761: Use after free in SwiftShader * CVE-2019-5762: Use after free in PDFium * CVE-2019-5763: Insufficient validation of untrusted input in V8 * CVE-2019-5764: Use after free in WebRTC * CVE-2019-5765: Insufficient policy enforcement in the browser * CVE-2019-5766: Insufficient policy enforcement in Canvas * CVE-2019-5767: Incorrect security UI in WebAPKs * CVE-2019-5768: Insufficient policy enforcement in DevTools * CVE-2019-5769: Insufficient validation of untrusted input in Blink * CVE-2019-5770: Heap buffer overflow in WebGL * CVE-2019-5771: Heap buffer overflow in SwiftShader * CVE-2019-5772: Use after free in PDFium * CVE-2019-5773: Insufficient data validation in IndexedDB * CVE-2019-5774: Insufficient validation of untrusted input in SafeBrowsing * CVE-2019-5775: Insufficient policy enforcement in Omnibox * CVE-2019-5776: Insufficient policy enforcement in Omnibox * CVE-2019-5777: Insufficient policy enforcement in Omnibox * CVE-2019-5778: Insufficient policy enforcement in Extensions * CVE-2019-5779: Insufficient policy enforcement in ServiceWorker * CVE-2019-5780: Insufficient policy enforcement * CVE-2019-5781: Insufficient policy enforcement in Omnibox * High CVE-2018-6031: Use after free in PDFium * High CVE-2018-6032: Same origin bypass in Shared Worker * High CVE-2018-6033: Race when opening downloaded files * Medium CVE-2018-6034: Integer overflow in Blink * Medium CVE-2018-6035: Insufficient isolation of devtools from extensions * Medium CVE-2018-6036: Integer underflow in WebAssembly * Medium CVE-2018-6037: Insufficient user gesture requirements in autofill * Medium CVE-2018-6038: Heap buffer overflow in WebGL * Medium CVE-2018-6039: XSS in DevTools * Medium CVE-2018-6040: Content security policy bypass * Medium CVE-2018-6041: URL spoof in Navigation * Medium CVE-2018-6042: URL spoof in OmniBox * Medium CVE-2018-6043: Insufficient escaping with external URL handlers * Medium CVE-2018-6045: Insufficient isolation of devtools from extensions * Medium CVE-2018-6046: Insufficient isolation of devtools from extensions * Medium CVE-2018-6047: Cross origin URL leak in WebGL * Low CVE-2018-6048: Referrer policy bypass in Blink * Low CVE-2017-15420: URL spoofing in Omnibox * Low CVE-2018-6049: UI spoof in Permissions * Low CVE-2018-6050: URL spoof in OmniBox * Low CVE-2018-6051: Referrer leak in XSS Auditor * Low CVE-2018-6052: Incomplete no-referrer policy implementation * Low CVE-2018-6053: Leak of page thumbnails in New Tab Page * Low CVE-2018-6054: Use after free in WebUI * CVE-2017-5070: Type confusion in V8 * CVE-2017-5071: Out of bounds read in V8 * CVE-2017-5072: Address spoofing in Omnibox * CVE-2017-5073: Use after free in print preview * CVE-2017-5074: Use after free in Apps Bluetooth * CVE-2017-5075: Information leak in CSP reporting * CVE-2017-5086: Address spoofing in Omnibox * CVE-2017-5076: Address spoofing in Omnibox * CVE-2017-5077: Heap buffer overflow in Skia * CVE-2017-5078: Possible command injection in mailto handling * CVE-2017-5079: UI spoofing in Blink * CVE-2017-5080: Use after free in credit card autofill * CVE-2017-5081: Extension verification bypass * CVE-2017-5082: Insufficient hardening in credit card editor * CVE-2017-5083: UI spoofing in Blink * CVE-2017-5085: Inappropriate javascript execution on WebUI pages - CVE-2016-1663: Use-after-free in Blink's V8 bindings * CVE-2013-6643: Unprompted sync with an attacker's * Use Google's online spellchecker to identify misspelled words chromedriver-147.0.7727.55-bp160.1.1.x86_64.rpm chromium-147.0.7727.55-bp160.1.1.x86_64.rpm chromedriver-147.0.7727.55-bp160.1.1.ppc64le.rpm chromium-147.0.7727.55-bp160.1.1.ppc64le.rpm chromedriver-147.0.7727.55-bp160.1.1.aarch64.rpm chromium-147.0.7727.55-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-194 Security update for python-Flask-HTTPAuth moderate openSUSE Backports SLE-16.0 This update for python-Flask-HTTPAuth fixes the following issues: Changes in python-Flask-HTTPAuth: - CVE-2026-34531: Do not accept empty tokens (bsc#1261355) python313-Flask-HTTPAuth-4.8.0-bp160.2.1.noarch.rpm openSUSE-Leap-16.0-packagehub-195 Recommended update for json-simple moderate openSUSE Backports SLE-16.0 This update for json-simple fixes the following issues: Changes in json-simple: - Update to cliftonlabs fork 2.3.1, backward compatible with 1.1.1 * Changes of 2.3.1 + Bugfix: patched Chris's fix backwards for 2.* * Changes of 2.3.0 + Deprecated the feature in Jsoner that serializes Enums to fully qualified strings, the Enums should implement Jsonable instead. + Deprecated getEnum and getEnumOrDefault methods in JsonArray and JsonObject. + Deprecated get___(String) and get___OrDefault(String, ___) in favor of get___(JsonKey) and get___OrDefault(JsonKey) respectively. + Enhancement: Added JsonKey interface to aid with code maintainability and convenience. + Enhancement: Jsoner can mint a JsonKey. + Enhancement: Jsoner deserialization no longer throws IOExceptions in favor of a DeserializationException with an IOEXCEPTION problem since the code to handle one is typically duplicated to handle the other. * Changes of 2.2.0 + Bug fix: getEnum and getInteger and friends return null when the paired value is null to better match the java Map contract. + Enhancement: Jsoner can prettyPrint with tabs or spaces. * Changes of 2.1.2 + Bug fix: Jsoner#prettyPrint(printable) no longer quotes colons. + Enhancement: for convenience a colon missing between a key value pair will officially continue to function as it has since the 1.* versions. Deserialization test cases have been updated. * Changes of 2.1.1 + Separated the CHANGLOG and LICENSE from the README as they are recognized by tools like github. Most of the information in README is linked to on the project's website. + Enhancement: JsonArray and JsonObject convenience gets are more flexible on their expected value. Booleans now allow Booleans or Strings. Numbers now allow Numbers or Strings. Strings now allow Booleans, Numbers, or Strings. * Changes of 2.1.0 + Bug fix: JsonObject#getDefaultByte(key, defaultValue) now properly returns a byte value instead of a float. + Enhancement: JsonObject has typed gets for each JSON value type. + Enhancement: JsonArray and JsonObject no longer return primitives. * Changes 2.0.0 + Removed ant build file. + SCM section of the POM is updated with the github information since the svn repo urls were 404s. + POM now defines the source at 1.7 instead of 1.2, and is the only cause for the major version increment. The 2.0.0 release of this library is otherwise 100% backwards compatible with the older versions. + Minor code quality changes have been made to the old files of the project. + JFlex plugin now included in POM. + JFlex will produce a lexing class from all lex files in src/main/lex. + Javadocs are now produced when the jar goal is executed. + Moved lex files from doc/ to src/main/lex. + Deprecated the old json.lex in favor of jsonstrict.lex. + Deprecated ContentHandler and doesn't have a 2.0 equivalent. + Deprecated ContainerFactory and doesn't have a 2.0 equivalent. + Deprecated ItemList and doesn't have a 2.0 equivalent. + Deprecated JSONParse and JSONValue in favor of Jsoner. + Deprecated JSONStreamAware and JSONAware in favor of Jsonable. + Deprecated JSONObject in favor of JsonObject. + Deprecated JSONArray in favor of JsonArray. + Deprecated org.json.simple.parser.ParseException for org.json.simple.DeserializationException. + Deprecated org.json.simple.parser.Yytoken for org.json.simple.Yytoken. + Deprecated org.json.simple.parser.Yylex for org.json.simple.Yylex. + Tests for deprecated classes have been reorganized and updated to ensure backwards compatibility is maintained throughout the 2.x release lifetime. + Classes that have been deprecated still have shoddy javadocs but were updated to not produce errors and warnings during the build process. + Classes introduced in the 2.0 release have substantial javadocs to help projects heathily update ASAP. + The Jsonable interface allows others to define how their objects should be serialized in JSON. + DeserializationException has a new problem type for disallowed tokens. + DeserializationException now recommends recovery actions based on the problem that caused the DeserializationException in its message. All recovery scenarios are basically the same so DeserializationException is still the only json-simple exception class. + The new Yytoken types are renamed. + The new Yytoken is robustly constructed only allowing a null value when it is a null value in the DATUM tokens. + Jsoner can escape strings provided to it to help with implementing the Jsonable interface. + Jsoner can pretty print JSON strings provided to it for logging and basic display purposes. + Jsoner can serialize data defined in the RFC 4627 specification and objects that implement the Jsonable interface. If data could be serialized multiple ways the deepest Jsonable implementation in the heiarchy is preferred. Any defined Jsonable implementation will be preferred before falling back to a default serialization. + Jsoner can serialize an Enum that doesn't implement Jsonable. + Jsoner will deserialize any numerical value as a BigDecimal. + Jsoner can deserialize JsonArrays, JsonObjects, Strings, Numbers, Booleans, and null from strings provided to it. + Jsoner can deserialize a JsonArray and exception out if any other value would be returned. + Jsoner can deserialize a JsonObject and exception out if any other value would be returned. + Jsoner can deserialize multiple JsonArrays, JsonObjects, Strings, Numbers, Booleans, and nulls from a single string provided to it. + Jsoner deserialization (parsing) is thread safe. + JsonArray is based on ArrayList<Object>. So it won't produce code warnings and can be used to construct a more convenient Collection. + JsonArrays that are homogeneous can be cast and copied into a provided collection of the homogenous type. + JsonArray contains gets for each allowed data type in JSON and convenience methods for Collections, Enums, and Maps. Note that they will throw ClassCastExceptions in such cases since it is still indicative of a programmer's error. + JsonObject is based on HashMap<String, Object>. + JsonObject contains getTypeOrDefault for each allowed data type in JSON and convenience methods for Collections, Enums, and Maps. Note that they will throw ClassCastExceptions in such cases since it is still indicative of a programmer's error. json-simple-2.3.1-bp160.1.1.noarch.rpm json-simple-javadoc-2.3.1-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-196 Security update for python-Django important openSUSE Backports SLE-16.0 This update for python-Django fixes the following issues: Changes in python-Django: - CVE-2026-3902: ASGI header spoofing via underscore/hyphen conflation (bsc#1261729) - CVE-2026-4277: Privilege abuse in GenericInlineModelAdmin (bsc#1261731) - CVE-2026-4292: Privilege abuse in ModelAdmin.list_editable (bsc#1261732) - CVE-2026-33033: Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload (bsc#1261722) - CVE-2026-33034: Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass (bsc#1261724) python313-Django-5.2.4-bp160.7.1.noarch.rpm openSUSE-Leap-16.0-packagehub-197 Security update for gosec important openSUSE Backports SLE-16.0 This update for gosec fixes the following issues: Changes in gosec: - Update to version 2.25.0: * chore(deps): bump google.golang.org/grpc from 1.75.0 to 1.79.3 (#1617) * fix: allow barry action to access secrets on fork PRs (#1616) * fix: reduce G117 false positives for custom marshalers and transformed values (#1614) (#1615) * Add barry security scanner as a step in the CI (#1612) * chore(deps): update all dependencies (#1611) * fix: prevent taint analysis hang on packages with many CHA call graph edges (#1608) (#1610) * Add some skills for claude code to automate some tasks (#1609) * Add G701-G706 rule-to-CWE mappings and CWE-117, CWE-918 entries (#1606) * fix: skip SSA analysis on ill-typed packages to prevent panic (#1607) * Port G120 from SSA-based to taint analysis (fixes #1600, #1603) (#1605) * fix(G118): eliminate false positive for package-level cancel variables (#1602) * feat: add G124 rule for insecure HTTP cookie configuration (#1599) * feat: add G709 rule for unsafe deserialization of untrusted data (#1598) * feat: add G708 rule for server-side template injection via text/template (#1597) * fix(G118): eliminate false positive when cancel is called via struct field in a closure (#1596) * Fix infinite recursion in interprocedural taint analysis (#1594) * Fix G118 false positive when cancel is stored in returned struct field (#1593) * Fix G118 false positive on cancel called inside goroutine closure (#1592) * fix(analyzer): per-package rule instantiation eliminates concurrent map crash (#1589) * chore(deps): update all dependencies (#1588) * fix(G118): treat returned cancel func as called (fixes #1584) (#1585) * chore(go): update supported Go versions to 1.25.8 and 1.26.1 (#1583) * Update the README with the correct version of the Github action for gosec (#1582) * chore(deps): update all dependencies (#1579) * Fix G115 false positives for guarded int64-to-byte conversions (#1578) * Update the container image migration notice (#1576) * chore(action): bump gosec to 2.24.7 (#1575) - Update to version 2.24.7: * Ignore nosec comments in action integration workflow to generate some warnings (#1573) * Add a workflow for action integration test (#1571) * fix(sarif): avoid invalid null relationships in SARIF output (#1569) * chore: migrate gosec container image references to GHCR (#1567) * Update gorelease to use the latest cosign bundle argument (#1565) * Migrate goreleaser to use the proper cosign arguments (#1564) * Update the cosing to version v3.0.5 (#1563) * fix(release): use existing cosign-installer action version (#1562) * chore(prompts): add skill and prompt to update supported Go versions (#1561) * chore(prompts): add action version update skill and prompt (#1560) * fix(analyzers): avoid SSA dependency cycle blowups in issue #1555 paths (#1559) * Add a SKILL and PROMPT for fixing a GitHub issue (#1558) * Add a SKILL and PROMPT for generating rules with AI (#1557) * fix(G120): prevent hang-like analysis blowup in wrapper protection checks (#1556) * fix(G705): eliminate false positive when guard type cannot be resolved (#1554) * Remove gcmurphy from funding list * Extend the release workflow to push the container images also to GHCR * Update to gosec to v2.24.0 in the action and fix the docker image signing (#1552) - Update to version 2.24.0: * fix: G704 false positive on const URL (#1551) * fix(G705): eliminate false positive for non-HTTP io.Writer (#1550) * G120: avoid false positive when MaxBytesReader is applied in middleware (#1547) * Fix G602 regression coverage for issue #1545 and stabilize G117 TOML test dependency (#1546) * taint: skip `context.Context` arguments during taint propagation to fix false positives (#1543) * test: add missing rules to formatter report tests (#1540) * chore(deps): update all dependencies (#1541) * Regenrate the TLS config rule (#1539) * Improve documentation (#1538) * Expand analyzer-core test coverage for orchestration, go/analysis adapter logic, and taint integration (#1537) * Add unit tests for CLI orchestration, TLS config generation, and SSA cache behavior (#1536) * Add G707 taint analyzer for SMTP command/header injection (#1535) * Add G123 analyzer for tls.VerifyPeerCertificate resumption bypass risk (#1534) * Add G122 SSA analyzer for filepath.Walk/WalkDir symlink TOCTOU race risks (#1532) * fix(G602): avoid false positives for range-over-array indexing (#1531) * Improve taint analyzer performance with shared SSA cache, parallel analyzer execution, and CI regression guard (#1530) * fix: taint analysis false positives with G703,G705 (#1522) * Extend the G117 rule to cover other types of serialization such as yaml/xml/toml (#1529) * Fix the G117 rule to take the JSON serialization into account (#1528) * (docs) fix justification format (#1524) * Add G121 analyzer for unsafe CORS bypass patterns in CrossOriginProtection (#1521) * Add G120 SSA analyzer for unbounded form parsing in HTTP handlers (#1520) * Add G119 analyzer for unsafe redirect header propagation in CheckRedirect callbacks (#1519) * Fix G115 false positives and negatives (Issue #1501) (#1518) * chore(deps): update all dependencies (#1517) * Add G118 SSA analyzer for context propagation failures that can cause goroutine/resource leaks (#1516) * Add G113: Detect HTTP Request Smuggling via conflicting headers (CVE-2025-22891, CWE-444) (#1515) * Add G408: SSH PublicKeyCallback Authentication Bypass Analyzer (#1513) * Add more unit tests to improve coverage (#1512) * Improve test coverage in various areas (#1511) * Imprve the test coverage (#1510) * Fix incorrect detection of fixed iv in G407 (#1509) * Add support for go 1.26.x and removed support for go 1.24.x (#1508) * Fix the sonar report to follow the latest schema (#1507) * fix: broken taint analysis causing false positives (#1506) * fix: panic on float constants in overflow analyzer (#1505) * fix: panic when scanning multi-module repos from root (#1504) * fix: G602 false positive for array element access (#1499) * Update gosec to version v2.23.0 in the Github action (#1496) - Update to version 2.23.0: * feat: Support for adding taint analysis engine (#1486) * chore(deps): update all dependencies (#1494) * chore(deps): update all dependencies (#1494) * chore(deps): update all dependencies (#1488) * Fix G602 analyzer panic that kills gosec process (#1491) * update go version to 1.25.7 (#1492) * Fix URL regexp and remove redundant Google regex patterns (#1485) * feat: implement global cache usage in rules (#1480) * chore(deps): update module google.golang.org/genai to v1.43.0 (#1484) * refactor: optimize nosec parsing and reduce allocations (#1478) * Fix SARIF artifactChanges null validation error (#1483) * feat: optimize GetCallInfo with per-package sync.Pool caching (#1481) * feat: implement entropy pre-filtering to optimize secret detection (#1479) * feat: ensure GoVersion is cached using sync.Once (#1477) * Fix #1240: nosec comments now work with trailing open brackets (#1475) * Debug Build Profiling Support: Code improvement suggestions for PR#1471 (#1476) * Update the go version to 1.25.6 and 1.24.12 (#1474) * G115: Enhance RangeAnalyzer with constant propagation and chained arithmetic support (#1470) * chore(deps): update all dependencies (#1473) * feat: support path-based rule exclusions via exclude-rules (#1465) * Optimize analyzer with parallel package processing (#1466) * feat: add goanalysis package for nogo (#1449) * Refactor Analyzers: Unify Range Logic & Optimize Allocations (#1464) * Optimize G115, G602, G407 analyzers to reduce allocations and memory (#1463) * refactor(g115): improve coverage (#1462) * Refine G407 to improve detection and coverage of hardcoded nonces (#1460) * chore(deps): update all dependencies (#1461) * Refactor rules to use callListRule base structure (#1458) * feat(slice): enhance slice bounds analysis with dynamic bounds handling (#1457) * remove deprecated ast.Object (#1455) * feat(sql): enhance SQL injection detection with improved string concatenation checks (#1454) * feat(rules): enhance subprocess variable checks (#1453) * feat(resolve): enhance TryResolve to handle KeyValueExpr, IndexExpr, and SliceExpr (#1452) * feat: add secrets serialization G117 (#1451) * feat(rules): add support for detecting high entropy strings in composite literals (#1447) * whitelist crypto/rand Read from error checks (#1446) * chore(deps): update all dependencies (#1443) * Improve slice bound check (#1442) * docs: add documentation for using gosec with private modules (#1441) * chore(deps): update all dependencies (#1440) * docs: add G116 rule description to README (#1439) * Update GitHub action to gosec 2.22.11 (#1438) - Update to version 2.22.11: * feature: add rule for trojan source (#1431) * feat(ai): add OpenAI and custom API provider support (#1424) * chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#1437) * chore(deps): update module google.golang.org/genai to v1.37.0 (#1435) * refactor: simplify report functions in main.go (#1434) * Update go to 1.25.5 and 1.24.11 in CI (#1433) * chore(deps): update all dependencies (#1425) * feat(ai): add support for latest Claude models and update provider flags (#1423) * Bump golang.org/x/crypto from 0.43.0 to 0.45.0 (#1427) * chore(deps): update module golang.org/x/crypto to v0.45.0 [security] (#1428) * fix: correct schema with temporary placeholder (#1418) * perf: skip SSA analysis if no analyzers are loaded (#1419) * test: add sarif validation (#1417) * chore(deps): update all dependencies (#1421) * Update go to version 1.25.4 and 1.24.10 in CI (#1415) * fix: build tag parsing. (#1413) * chore(deps): update all dependencies (#1411) * chore(deps): update all dependencies (#1409) * chore(deps): update all dependencies (#1408) * Update gosec to version v2.22.10 in the github action (#1405) - Update to version 2.22.10: * Update go to version 1.25.3 and 1.24.9 in CI (#1404) * chore(deps): update all dependencies (#1402) * Update go to version 1.25.2 and 2.24.8 in CI (#1401) * chore(deps): update all dependencies (#1399) * check nil slices, partially check bounds (#1396) * Remove unused target from the makefile * Use the ginkgo command install by the dependencies * Keep the go module at 1.24 version for compatibility reasons * Remove manual test deps * fix: text must be supplied when markdown is used * fix: improve error message of CheckAnalyzers * fix: log panic on SSA * chore(deps): update all dependencies * Update gosec to version v.22.9 in the github action - Update to version 2.22.9: * Update cosign to v2.6.0 and go in the CI to latest version * fix(autofix): unnecessary conversion * feat(autofix): update gemini sdk and add anthropic claude * feat(G304): add os.Root remediation hint (Autofix) when Go >= 1.24 * chore(deps): update all dependencies * refactor(G304): remove unused trackJoin helper; no functional change * style: gofmt rules/readfile.go * test(g304): add samples for var perm and var flag with cleaned path\n\n- Ensure G304 does not fire when only non-path args (flag/perm) are variables\n- Both samples use filepath.Clean on the path arg\n- Rules suite remains green (42 passed) * rules(G304): analyze only path arg; ignore flag/perm vars; track Clean and safe Join; fix nil-context panic\n\n- Limit G304 checks to first arg (path) for os.Open/OpenFile/ReadFile, avoiding false positives when flag/perm are variables\n- Track filepath.Clean so cleaned identifiers are treated as safe\n- Consider safe joins: filepath.Join(const|resolvedBase, Clean(var)|cleanedIdent)\n- Record Join(...) assigned to identifiers and allow if later cleaned\n- Fix panic by passing non-nil context in trackJoinAssignStmt\n- All rules tests: 42 passed * rules(G202): detect SQL concat in ValueSpec declarations; add test sample\n\n- Handle var query string = 'SELECT ...' + user style declarations\n- Reuse existing binary expr detection on ValueSpec.Values\n- Add postgres sample mirroring issue #1309 report\n- Rules tests: 42 passed * chore(deps): update all dependencies * chore(deps): update all dependencies * chore(deps): update all dependencies * Update gosec version to v2.22.8 in the Github action - Update to version 2.22.8: * Add support for go version 1.25.0 * Update go version in CI to 1.24.6 and 1.23.12 * chore(deps): update all dependencies * chore(deps): update all dependencies * Update github action to release v2.22.7 - Update to version 2.22.7: * Fix crash in hardcoded_nonce analyzer * Update go action to use release v2.22.6 * Update go version to 1.24.5 and 1.23.11 in the CI * chore(deps): update module google.golang.org/api to v0.242.0 * chore(deps): update all dependencies * chore(deps): update all dependencies * chore(deps): update all dependencies * chore(deps): update all dependencies * Do not allow dashes in file names * Update gosec to version 2.22.5 in Github action - Update to version 2.22.5: * Switch back go.mod to minimum 1.23.0 * Update dependencies * Update go version 1.24.4 and 1.23.10 in CI * chore(deps): update all dependencies * G201/G202: add checks for injection into sql.Conn methods * chore(deps): update module google.golang.org/api to v0.235.0 * chore(deps): update module google.golang.org/api to v0.234.0 * chore(deps): update module google.golang.org/api to v0.233.0 * chore(deps): update module google.golang.org/api to v0.232.0 - Switch vendor from gz to xz for consistency - Switch from version to revision in _service - Update to version 2.22.4: * Update to go version 1.24.3 and 1.23.9 * update: updated the build command to include version metadata * chore(deps): update all dependencies * Update the AI provider API key value when provided as an argument * chore(deps): update module google.golang.org/api to v0.230.0 * chore(deps): update module google.golang.org/api to v0.229.0 * chore(deps): update all dependencies * Comment the reason why the file can be nil when an issue is created * Handle nil file when creating a new issue * chore(deps): update all dependencies (#1333) - Update to version 2.22.3: * Update version in 'action.yml' to 2.22.3 (anticipating next version (#1332) * Update go version to 1.24.2 and 1.23.8 (#1331) * remove G113. It only affects old/unsupported versions of Go (#1328) * chore(deps): update all dependencies (#1325) * Add SSOJet (#1320) * chore(deps): update all dependencies (#1319) * Update the integrity sha for babel dependency in html report (#1316) * Add support for `//gosec:disable` directive (#1314) * chore(deps): update all dependencies (#1315) - Update to version 2.22.2: * Update to go version 1.24.1 and 1.23.7 (#1313) * chore(deps): update all dependencies (#1310) * chore(deps): update all dependencies (#1308) * Update gosec version in the GitHub action to v2.22.1 (#1307) * chore(deps): update module google.golang.org/api to v0.221.0 (#1305) - Update to version 2.22.1: * Update cosign to v2.4.2 (#1303) * Add support for go 1.24 and phased out support for go 1.22 (#1302) * chore(deps): update all dependencies (#1300) * Update to go version 1.23.6 and 1.22.12 (#1299) * chore(deps): update module google.golang.org/api to v0.219.0 (#1296) * chore(deps): update module google.golang.org/api to v0.218.0 (#1294) * Add test to conver unit parssing for G115 rule (#1293) * Update to go version 1.23.5 and 1.22.11 (#1291) * chore(deps): update all dependencies (#1290) * Update gosec in github action to 2.22.0 (#1286) gosec-2.25.0-bp160.1.1.x86_64.rpm gosec-2.25.0-bp160.1.1.s390x.rpm gosec-2.25.0-bp160.1.1.ppc64le.rpm gosec-2.25.0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-198 Recommended update for gitea-tea moderate openSUSE Backports SLE-16.0 This update for gitea-tea fixes the following issues: Changes in gitea-tea: - update to 0.13.0: * docs: add v0.13.0 release notes to CHANGELOG (#945) * feat(pulls): add edit subcommand for pull requests (#944) * fix(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (#943) * fix(deps): update module github.com/go-git/go-git/v5 to v5.17.1 (#942) * fix(deps): update module code.gitea.io/sdk/gitea to v0.24.1 (#936) * fix(deps): update module github.com/go-authgate/sdk-go to v0.6.1 (#935) * fix(deps): update module github.com/urfave/cli/v3 to v3.8.0 (#937) * replace log.Fatal/os.Exit with error returns (#941) * chore(deps): update docker.gitea.com/gitea docker tag to v1.25.5 (#934) * fix(deps): update module github.com/olekukonko/tablewriter to v1.1.4 (#933) * chore(deps): update mcr.microsoft.com/devcontainers/go docker tag to v2.1 (#930) * chore(deps): update Go dependencies and CI workflow action versions (#932) * feat(repos): support owner-based repository listing with robust lookup (#931) * feat(repos): add repo edit subcommand (#928) * feat: store OAuth tokens in OS keyring via credstore (#926) * add function comment * make vet&fmt pass * Update to charm libraries v2 (#923) * fix(deps): update module golang.org/x/oauth2 to v0.36.0 (#919) * go 1.26 * fix(deps): update module github.com/go-git/go-git/v5 to v5.17.0 (#910) * Parse multiple values in api subcommand (#911) gitea-tea-0.13.0-bp160.1.1.x86_64.rpm gitea-tea-bash-completion-0.13.0-bp160.1.1.noarch.rpm gitea-tea-zsh-completion-0.13.0-bp160.1.1.noarch.rpm gitea-tea-0.13.0-bp160.1.1.s390x.rpm gitea-tea-0.13.0-bp160.1.1.ppc64le.rpm gitea-tea-0.13.0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-199 Security update for nebula important openSUSE Backports SLE-16.0 This update for nebula fixes the following issues: Changes in nebula: - Update to version 1.10.3: * Fix an issue where blocklist bypass is possible when using curve P256 Any newly issued P256 based certificates will have their signature clamped to the low-s form. Nebula will assert the low-s signature form when validating certificates in a future version - Update to version 1.10.2: * Fix panic when using use_system_route_table - Update to version 1.10.1: * Fix a bug where an unsafe route derived from the system route table could be lost on a config reload * Fix the PEM banner for ECDSA P256 public keys * Fix a bug in handshake processing when a peer sends an unexpected public key * Add a config option to control accepting recv_error packets which defaults to always - Update to version 1.10.0: * Support for ipv6 and multiple ipv4/6 addresses in the overlay * Add the ability to mark packets on linux to better target nebula packets in iptables/nftables * Add ECMP support for unsafe_routes * PKCS11 support for P256 keys when built with pkcs11 tag * default_local_cidr_any now defaults to false * Improve logging when a relay is in use on an inbound packet * Avoid fatal errors if rountines is > 1 on systems that <= 1 * Log a warning if a firewall rule contains an any that negates a more restrictive filter * Accept encrypted CA passphrase from an environment variable * Allow handshaking with any trusted remote * Log only the count of blocklisted certificate fingerprints instead of the entire list * Don't fatal when the ssh server is unable to be configured successfully * Improve lost packet statistics * Honor remote_allow_list in hole punch response - remove patch fix-CVE-2025-22869.patch, fixed upstream - update to version 1.9.7: * Disable sending recv_error messages when a packet is received outside the allowable counter window * Improve error messages and remove some unnecessary fatal conditions in the generic udp listener - update to version 1.9.6: * Support dropping inactive tunnels. This is disabled by default * Ensure the same relay tunnel is always used when multiple relay tunnels are present * Fix relay migration panic nebula-1.10.3-bp160.1.1.x86_64.rpm nebula-cert-1.10.3-bp160.1.1.x86_64.rpm nebula-1.10.3-bp160.1.1.ppc64le.rpm nebula-cert-1.10.3-bp160.1.1.ppc64le.rpm nebula-1.10.3-bp160.1.1.aarch64.rpm nebula-cert-1.10.3-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-20 Recommended update for product-composer moderate openSUSE Backports SLE-16.0 This update for product-composer fixes the following issues: Update to version 0.6.17: - fix multiarch media handling of updateinfo id's product-composer-0.6.17-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-200 Recommended update for gnuhealth moderate openSUSE Backports SLE-16.0 This update for gnuhealth fixes the following issues: Changes in gnuhealth: - version 5.0.7 * health_crypto_lab: Wrong display of the validation button and 403 error (https://codeberg.org/gnuhealth/his/issues/177) * Update woodpecker CI and packages automated tests (thanks, Cedric!). (https://codeberg.org/gnuhealth/his/commit/5decf55f83fda9e98588dbe5c11eda152df82dbf) * Update pyproject.toml to PEP639 project.license current specification (https://codeberg.org/gnuhealth/his/issues/178) - gnuhealth 5.0.6 * see changelog for details gnuhealth-5.0.7-bp160.1.1.noarch.rpm gnuhealth-orthanc-5.0.7-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-201 Recommended update for osc moderate openSUSE Backports SLE-16.0 This update for osc fixes the following issues: Changes in osc: - 1.26.0 - Command-line: - Add 'git-obs repo init' command - Add 'git-obs pr review cancel-request' command - Add '--allow-empty' option to 'git-obs pr create' command - Add '--source-owner' option to 'git-obs pr list' command - Add '--target-repo' and '--source-owner' args to 'git-obs staging group' - Improve help of 'git-obs staging' commands - Running 'git-obs pr create' without '--description' no longer pops up an editor - Fix 'git-obs pr dump' by resetting the pull request branch to the target state and removing any untracked files - Allow only relative submodule paths in 'git-obs pr dump' - Fix Git.get_submodules() to always retrieve submodule paths relative to git topdir - Fix 'osc up' to avoid downloading a file when .osc/sources has a matching copy already - Fix 'osc buildlog' output by flushing TTY buffer - Fix 'osc search': NameResolutionError and MaxRetryError are not available in urllib3 v1 - Speed fetching LFS objects in 'git-obs pr forward' up - Support '.' expansion for projects in 'osc fork' command - Extend 'osc maintainer' search with git based projects and packages - Connection: - Fix temp ssh public key file creation - Configuration: - Add 'http_manual_approve' with matching 'OSC_HTTP_MANUAL_APPROVE' env variable to enable user approval on HTTP requests that may change something - Library: - Add gitea_api.Maintainership class for parsing maintainership.json - Add 'relative' argument to Manifest.get_package_paths() - Sanitize submodule URLs in'git-obs pr dump' by removing trailing '.git' and '/' - Fix BaseModel to handle Dict[str, BaseModel] fields - Better handle GitStore in obs_scm.Package - Fix GitObsMainCommand.gitea_login - Sanitize multiple consequent slashes in prj/pac strings in core.slash_split() - Tests: - Fix broken tests dicovered after modifying BaseModel for Dict[str, BaseModel] fields - Spec: - Use pip to build rpm package - Add basic pyproject.toml file - Change license to SPDX format in setup.cfg - Add more supported python versions to classifiers in setup.cfg - 1.25.0 - Command-line: - Add 'git-obs pr forward' command that is close to 'osc sr', allowing forwarding sources from one branch to another (e.g., Factory to Leap/SLFO) via a Pull Request - Add --separate-requests and --dry-run to 'git-obs pr create' - Add support for SSH authentication of Gitea API calls in git-obs - Change 'git-obs staging group' command to allow PR creation without a fork - Change 'git-obs staging group' to rely on the workflow-pr bot - Extend 'osc search' with gitea data cached in an external service - Use PullRequest.list branch filter in 'git-obs pr list' - Make 'osc remotebuildlog' an alias of 'osc buildlog' - Library: - Add 'target_branch' filter to PullRequest.list() - Update gitea_api.Git.get_branch_head() to take optional argument 'remote' - Add gitea_api.Git.branch_is_fast_forwardable() method - Add gitea_api.Git.has_changes property to determine if there are any staged or unstaged changes in the current working copy - Add 'alldirect_or_localdep' entry to LinkedbuildModes enum - Fix git_scm.Manifest to skip subdirectories that do not exist - Fix oscrc lookup: prefer XDG location, warn if there are multiple configs osc-1.26.0-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-202 Security update for v2ray-core important openSUSE Backports SLE-16.0 This update for v2ray-core fixes the following issues: Changes in v2ray-core: - Update version to 5.47.0 * Add sticky choice option for leastping * Add support for enrollment links in tlsmirror * Add Wireguard Outbound (unreleased) * Add sticky choice option for leastping * Generalize IP address parsing in TUN stack options * Fix bugs - CVE-2026-33186: google.golang.org/grpc: Fixed authorization bypass caused by improper validation of the HTTP/2 :path pseudo-header (boo#1260329) - Update version to 5.44.1 * uTLS: bundled library updated to v1.8.2 for Chrome120 imitation profile identification * Update golang toolchain to v1.25.6, which fixed an vulnerable (tls.Config).Clone function * Fix bugs - Update version to 5.42.0 * Add TLSMirror bootstrap enrollment and self enrollment feature * TLSMirror Inverse Role Request Tripper Enrollment Server Support golang-github-v2fly-v2ray-core-5.47.0-bp160.1.1.noarch.rpm v2ray-core-5.47.0-bp160.1.1.x86_64.rpm v2ray-core-5.47.0-bp160.1.1.s390x.rpm v2ray-core-5.47.0-bp160.1.1.ppc64le.rpm v2ray-core-5.47.0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-203 Recommended update for kscreenlocker6 moderate openSUSE Backports SLE-16.0 This update for kscreenlocker6 fixes the following issues: Changes in kscreenlocker6: - Use a hardcoded list of PAM modules for auth in kde-fingerprint and kde-smartcard and deny password (boo#1244496) kscreenlocker6-6.4.2-bp160.2.1.x86_64.rpm kscreenlocker6-devel-6.4.2-bp160.2.1.x86_64.rpm kscreenlocker6-lang-6.4.2-bp160.2.1.noarch.rpm libKScreenLocker6-6.4.2-bp160.2.1.x86_64.rpm kscreenlocker6-6.4.2-bp160.2.1.s390x.rpm kscreenlocker6-devel-6.4.2-bp160.2.1.s390x.rpm libKScreenLocker6-6.4.2-bp160.2.1.s390x.rpm kscreenlocker6-6.4.2-bp160.2.1.ppc64le.rpm kscreenlocker6-devel-6.4.2-bp160.2.1.ppc64le.rpm libKScreenLocker6-6.4.2-bp160.2.1.ppc64le.rpm kscreenlocker6-6.4.2-bp160.2.1.aarch64.rpm kscreenlocker6-devel-6.4.2-bp160.2.1.aarch64.rpm libKScreenLocker6-6.4.2-bp160.2.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-204 Security update for roundcubemail important openSUSE Backports SLE-16.0 This update for roundcubemail fixes the following issues: Changes in roundcubemail: - update to 1.6.15 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some regressions introduced in the previous release as well a recently reported security vulnerability: SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke, reported by class_nzm. This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating! + Fix regression where mail search would fail on non-ascii search criteria (#10121) + Fix regression where some data url images could get ignored/lost (#10128) + Fix SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke (bsc#1261157) - update to 1.6.14 This is a security update to the stable version 1.6 of Roundcube Webmail. + Fix Postgres connection using IPv6 address (#10104) + Security: Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler (bsc#1261488, CVE-2026-35537) + Security: Fix bug where a password could get changed without providing the old password + Security: Fix IMAP Injection + CSRF bypass in mail search + Security: Fix remote image blocking bypass via various SVG animate attributes + Security: Fix remote image blocking bypass via a crafted body background attribute + Security: Fix fixed position mitigation bypass via use of !important + Security: Fix XSS issue in a HTML attachment preview + Security: Fix SSRF + Information Disclosure via stylesheet links to a local network hosts roundcubemail-1.6.15-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-205 Recommended update for openSUSE-signkey-cert moderate openSUSE Backports SLE-16.0 This update for openSUSE-signkey-cert fixes the following issues: Changes in openSUSE-signkey-cert: - Add trigger-rebuild.timestamp, this dummy file is updated manually to trigger a rebuild when the project certificate (_projectcert.crt) changes, as OBS doesn't track it automatically in some cases. (bsc#1256888) openSUSE-signkey-cert-20220613-bp160.2.1.x86_64.rpm openSUSE-signkey-cert-20220613-bp160.2.1.ppc64le.rpm openSUSE-signkey-cert-20220613-bp160.2.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-206 Security update for chromium critical openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: Changes in chromium: - Chromium 147.0.7727.101 (boo#1262174) * CVE-2026-6296: Heap buffer overflow in ANGLE * CVE-2026-6297: Use after free in Proxy * CVE-2026-6298: Heap buffer overflow in Skia * CVE-2026-6299: Use after free in Prerender * CVE-2026-6358: Use after free in XR * CVE-2026-6359: Use after free in Video * CVE-2026-6300: Use after free in CSS * CVE-2026-6301: Type Confusion in Turbofan * CVE-2026-6302: Use after free in Video * CVE-2026-6303: Use after free in Codecs * CVE-2026-6304: Use after free in Graphite * CVE-2026-6305: Heap buffer overflow in PDFium * CVE-2026-6306: Heap buffer overflow in PDFium * CVE-2026-6307: Type Confusion in Turbofan * CVE-2026-6308: Out of bounds read in Media * CVE-2026-6309: Use after free in Viz * CVE-2026-6360: Use after free in FileSystem * CVE-2026-6310: Use after free in Dawn * CVE-2026-6311: Uninitialized Use in Accessibility * CVE-2026-6312: Insufficient policy enforcement in Passwords * CVE-2026-6313: Insufficient policy enforcement in CORS * CVE-2026-6314: Out of bounds write in GPU * CVE-2026-6315: Use after free in Permissions * CVE-2026-6316: Use after free in Forms * CVE-2026-6361: Heap buffer overflow in PDFium * CVE-2026-6362: Use after free in Codecs * CVE-2026-6317: Use after free in Cast * CVE-2026-6363: Type Confusion in V8 * CVE-2026-6318: Use after free in Codecs * CVE-2026-6319: Use after free in Payments * CVE-2026-6364: Out of bounds read in Skia chromedriver-147.0.7727.101-bp160.1.1.x86_64.rpm chromium-147.0.7727.101-bp160.1.1.x86_64.rpm chromedriver-147.0.7727.101-bp160.1.1.ppc64le.rpm chromium-147.0.7727.101-bp160.1.1.ppc64le.rpm chromedriver-147.0.7727.101-bp160.1.1.aarch64.rpm chromium-147.0.7727.101-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-207 Security update for tor moderate openSUSE Backports SLE-16.0 This update for tor fixes the following issues: Changes in tor: - update to 0.4.8.23: * Fix a memory compare using the wrong length. This could lead to a remote crash when using the conflux subsystem (TROVE-2026-004, boo#1262302) * Fix a series of defense in depth security issues found across the codebase * Regenerate fallback directories generated on March 25, 2026. * Update the geoip files to match the IPFire Location Database, as retrieved on 2026/03/25. - includes changes from 0.4.8.22: * Avoid an out-of-bounds read error that could occur with V1-formatted EXTEND cells (TROVE-2025-016, boo#1262301) * Allow old clients to fetch the consensus even if they use version 0 of the SENDME protocol * Do not check for compression bombs for buffers smaller than 5MB (increased from 64 KB) * Improvements to directory server statistics - update to 0.4.8.21: * This release is a continuation of the previous one and addresses additional Conflux-related issues identified through further testing and feedback from relay operators. We strongly recommend upgrading as soon as possible. * Major bugfixes (conflux, exit): - When dequeuing out-of-order conflux cells, the circuit could be close in between two dequeue which could lead to a mishandling of a NULL pointer. Fixes bug 41162; * Add -mbranch-protection=standard for arm64. * Regenerate fallback directories generated on November * Update the geoip files to match the IPFire Location Database, as retrieved on 2025/11/17. * Fix a bug causing the initial tor process to hang intead of exiting with RunAsDaemon, when pluggable transports are used. - 0.4.8.20 * Add a new hardening compiler flag -fcf-protection=full * Fix the root cause of some conflux fragile asserts * Fix a series of conflux edge cases - 0.4.8.19 * Fix some clients not being able to connect to LibreSSL relays * Improve stream flow control performance tor-0.4.8.23-bp160.1.1.x86_64.rpm tor-0.4.8.23-bp160.1.1.s390x.rpm tor-0.4.8.23-bp160.1.1.ppc64le.rpm tor-0.4.8.23-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-208 Security update for python-PyPDF2 moderate openSUSE Backports SLE-16.0 This update for python-PyPDF2 fixes the following issues: Changes in python-PyPDF2: - CVE-2026-40260: crafted PDF can lead to large memory usage (bsc#1262284) python313-PyPDF2-2.11.1-bp160.6.1.noarch.rpm openSUSE-Leap-16.0-packagehub-209 Recommended update for librepods moderate openSUSE Backports SLE-16.0 This update for librepods fixes the following issues: Introduce librepods. librepods-0.1.0-bp160.1.1.x86_64.rpm librepods-0.1.0-bp160.1.1.s390x.rpm librepods-0.1.0-bp160.1.1.ppc64le.rpm librepods-0.1.0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-210 Security update for qt6-translations moderate openSUSE Backports SLE-16.0 This update for qt6-translations fixes the following issues: Added qt6-translations. qt6-translations-6.9.1-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-211 Recommended update for php-imagick moderate openSUSE Backports SLE-16.0 This update for php-imagick fixes the following issues: Introducing php-imagick. php8-imagick-3.8.1-bp160.1.1.x86_64.rpm php8-imagick-3.8.1-bp160.1.1.s390x.rpm php8-imagick-3.8.1-bp160.1.1.ppc64le.rpm php8-imagick-3.8.1-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-212 Security update for coredns important openSUSE Backports SLE-16.0 This update for coredns fixes the following issues: Changes in coredns: - Update to version 1.14.2: * plugin/reload: Allow disabling jitter with 0s * bump deps * plugin/forward: fix parsing error when handling TLS+IPv6 address * plugin/loop: use crypto/rand for query name generation * plugin: reorder rewrite before acl to prevent bypass * fix(rewrite): fix cname target rewrite for CNAME chains * fix(kubernetes): panic on empty ListenHosts * chore: bump minimum Go version to 1.25 * feat(proxyproto): add proxy protocol support * refactor(cache): modernize with generics * Add metadata for response Type and Class to Log * docs: clarify kubernetes auth docs * fix: return SOA and NS records when queried for a record CNAMEd to origin - fixes bsc#1259320 CVE-2026-26017 - fixes bsc#1259319 CVE-2026-26018 - address more unstable unstable tests under aarch64 and s390x - Update to version 1.14.1: * This release primarily addresses security vulnerabilities affecting Go versions prior to Go 1.25.6 and Go 1.24.12 (CVE-2025-61728, CVE-2025-61726, CVE-2025-68121, CVE-2025-61731, CVE-2025-68119). It also includes performance improvements to the proxy plugin via multiplexed connections, along with various documentation updates. coredns-1.14.2-bp160.1.1.x86_64.rpm coredns-extras-1.14.2-bp160.1.1.noarch.rpm coredns-1.14.2-bp160.1.1.ppc64le.rpm coredns-1.14.2-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-213 Security update for rclone critical openSUSE Backports SLE-16.0 This update for rclone fixes the following issues: Changes in rclone: - Update to version 1.73.5: * Version v1.73.5 * operations: add AuthRequired to operations/fsinfo to prevent backend creation CVE-2026-41179 * rc: snapshot NoAuth at startup to prevent runtime auth bypass CVE-2026-41176 * rc: add AuthRequired to options/set to prevent auth bypass CVE-2026-41176 * s3: fix empty delimiter parameter rejected by Archiware P5 server * azureblob/auth: add Microsoft Partner Network User-Agent prefix * drime: fix User.EntryPermissions JSON unmarshalling * filter: fix debug logs that fire before logger is configured - fixes #9291 * s3: fix TencentCOS CDN endpoint failing on bucket check * iclouddrive: fix 'directory not found' error when the directory contains accent marks * Start v1.73.5-DEV development - Update to version 1.73.4: * Version v1.73.4 * Update to go 1.25.9 to fix multiple CVEs * build: fix Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder * docs: fix markdown issues in mount docs * docs: fix header level for metadata option * fix(docs): Fix link to not be language specific * filen: update SDK version * build(deps): bump golang.org/x/image from 0.36.0 to 0.38.0 * docs: note macOS 10.15 (Catalina) support with version v1.70.3 * Start v1.73.4-DEV development - Update to version 1.73.3: (CVE-2026-33186 GHSA-6g7g-w4f8-9c9x) * Version v1.73.3 * build(deps): bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 * docs/jottacloud: fix broken link * docs: clarify Filen password change requires updating both password and API key in rclone config * docs: note that Filen API key changes on password change * build(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 * s3: add multi tenant support for Cubbit * lib/rest: fix URLPathEscapeAll breaking WebDAV servers (eg nzbdav) with strict path matching * list: fix nil pointer panic in Sorter when temp file creation fails * docs: update RELEASE procedure to avoid mistakes * docs: added text to the label showing version-introduced info * Start v1.73.3-DEV development * docs: update sponsors - Update to version 1.73.2: * Version v1.73.2 * Update to go 1.25.8 to fix multiple CVEs * build: update to golang.org/x/net v0.51.0 to fix CVE-2026-27141 #9220 * docs: fix new drive flag typo in changelog * webdav: add missing headers for CORS * docs: Document unsupported S3 object keys with double slashes * docs: note that --use-server-modtime only works on some backends * internxt: fix Entry doesn't belong in directory errors on windows * drime: fix chunk-uploaded files ignoring workspace ID * docs: Fix headers hierarchy for mount.md * webdav: escape reserved characters in URL path segments * bisync: add group Sync to the bisync command * archive: extract: strip "./" prefix from tar entry paths * docs: add instructions on how to update Go version * buid: update github.com/cloudflare/circl to v1.6.3 to fix CVE-2026-1229 * Start v1.73.2-DEV development - Update to version 1.73.1: * Version v1.73.1 * build: fix build using go 1.26.0 instead of go 1.25.7 * fs/march: fix runtime: program exceeds 10000-thread limit * accounting: fix missing server side stats from core/stats rc * pacer: re-read the sleep time as it may be stale * pacer: fix deadlock between pacer token and --max-connections * build: fix CVE-2025-68121 by updating go to 1.25.7 or later - fixes #9167 * drime: fix files and directories being created in the default workspace * docs: update sponsors * copyurl: Extend copyurl docs with an example of CSV FILENAMEs starting with a path. * internxt: implement re-login under refresh logic, improve retry logic - fixes #9174 * docs: add ExchangeRate-API as a sponsor * build: bump github.com/go-chi/chi/v5 from 5.2.3 to 5.2.5 to fix GO-2026-4316 * Set list_version to 2 for FileLu S3 configuration * filelu: add multipart upload support with configurable cutoff * filelu: add multipart init response type * filelu: add comment for response body wrapping * filelu: avoid buffering entire file in memory * docs: update sponsor logos * filen: fix potential panic in case of error during upload * filen: fix 32 bit targets not being able to list directories Fixes #9142 * Start v1.73.1-DEV development - Update to version 1.73.0: * Version v1.73.0 * drive: fix crash when trying to creating shortcut to a Google doc * azureblob,azurefiles: factor the common auth into a library * test: allow backends to return fs.ErrorCantListRoot to skip Root tests * build: add privatebeta Makefile target * docs: add Internxt as a sponsor * internxt: remove use of CVE laden github.com/disintegration/imaging * docs: fix Internxt docs after merge * docs: update making a new backend docs * docs: build overview page from the backend data * docs: add tiering to the documentation - fixes #8873 * docs: add data about each backend in YAML format * docs: add bin/manage_backends.py for managing the backend data files * internxt: use rclone's http.Client to enable more features * internxt: fix lint problems * Add StarHack to contributors * Add lullius to contributors * Add jzunigax2 to contributors * internxt: add Internxt backend - fixes #7610 * drive: add --drive-metadata-force-expansive-access flag - Fixes #8980 * test_all: allow drime more time to complete * onedrive: fix permissions on onedrive Personal * onedrive: fix require sign in for Onedrive Personal * onedrive: Onedrive Personal no longer supports description * onedrive: fix setting modification time on directories for onedrive Personal * onedrive: fix cancelling multipart upload * docs: fix WinFsp link in mount documentation * cmount: make work under OpenBSD - fixes #1727 * vfs: make mount tests run on OpenBSD * docs: improve alignment of icons * protondrive: update to use forks of upstream modules * Add hyusap to contributors * Add Nick Owens to contributors * Add Mikel Olasagasti Uranga to contributors * docs: fix googlephotos custom client_id instructions * cmount: fix OpenBSD mount support. * fs: fix bwlimit: correctly report minutes * fs: fix bwlimit: use %d instead of %q for ints * mega: reverts TLS workaround * docs: fix formatting * docs: add faq entry about re-enabling old TLS ciphers * Add Marc-Philip to contributors * Add yy to contributors * filen: swap to blake3 hashes * docs: fix echo command syntax for password input * docs: fix typos in comments and messages * docs: fix use of removed rem macro * uptobox: remove backend as service is no longer available * rc: add operations/hashsumfile to sum a single file only * docs: update sponsor link * filen: add Filen backend - Fixes #6728 * sftp: fix proxy initialisation * fstest: skip Copy mutation test with --sftp-copy-is-hardlink * fstest: Make Copy mutation test work properly * Add Qingwei Li to contributors * Add Nicolas Dessart to contributors * log: fix systemd adding extra newline - fixes #9086 * oracleobjectstorage, sftp: eliminate unnecessary heap allocation * sftp,ftp: add http proxy authentication support * Add Drime backend * lib/rest: add opts.MultipartContentType to explicitly set Content-Type of attachements * dircache: allow empty string as root parent id * docs: update sponsors * s3: add provider Bizfly Cloud Simple Storage * docs: update sponsor logos * Add sys6101 to contributors * Add darkdragon-001 to contributors * Add vupn0712 to contributors * docs: add cloudinary to readme * docs: fix headers hierarchy in mount docs * s3: fix Copy ignoring storage class * serve s3: make errors in --s3-auth-key fatal - fixes #9044 * Add masrlinu to contributors * pcloud: add support for real-time updates in mount * memory: add --memory-discard flag for speed testing - fixes #9037 * Add vyv03354 to contributors * shade: Fix VFS test issues * docs: mention use of ListR feature in ls docs * build: bump actions/download-artifact from 6 to 7 * build: bump actions/upload-artifact from 5 to 6 * build: bump actions/cache from 4 to 5 * docs: reflects the fact that pCloud supports ListR * S3: Linode: updated endpoints to use ISO 3166-1 alpha-2 standard * sync: fix error propagation in tests (#9025) * Changelog updates from Version v1.72.1 * s3: add more regions for Selectel * Add jhasse-shade to contributors * Add Shade backend * log: fix backtrace not going to the --log-file #9014 * build: fix lint warning after linter upgrade * Add Jonas Tingeborn to contributors * Add Tingsong Xu to contributors * configfile: add piped config support - fixes #9012 * fs/log: fix PID not included in JSON log output * build: adjust lint rules to exclude new errors from linter update * proxy: fix error handling in tests spotted by the linter * Add Johannes Rothe to contributors * Add Leo to contributors * Add Vladislav Tropnikov to contributors * Add Cliff Frey to contributors * Add vicerace to contributors * b2: Fix listing root buckets with unrestricted API key * googlecloudstorage: improve endpoint parameter docs * serve webdav: implement download-directory-as-zip * s3: The ability to specify an IAM role for cross-account interaction * azureblob: add metadata and tags support across upload and copy paths * refactor: use strings.Cut to simplify code * docs: note where a provider has an S3 compatible alternative * Add Shade as sponsor * Add Duncan Smart to contributors * Add Diana to contributors * docs: Clarify OAuth scopes for readonly Google Drive access * b2: support authentication with new bucket restricted application keys * docs: update sponsor logos * docs: fix lint error in changelog * Start v1.73.0-DEV development - Update to version 1.72.1: * Version v1.72.1 * s3: add more regions for Selectel * log: fix backtrace not going to the --log-file #9014 * build: fix lint warning after linter upgrade * configfile: add piped config support - fixes #9012 * fs/log: fix PID not included in JSON log output * build: adjust lint rules to exclude new errors from linter update * proxy: fix error handling in tests spotted by the linter * googlecloudstorage: improve endpoint parameter docs * docs: note where a provider has an S3 compatible alternative * Add Shade as sponsor * docs: Clarify OAuth scopes for readonly Google Drive access * docs: update sponsor logos * docs: fix lint error in changelog * Start v1.72.1-DEV development - Update to version 1.72.0: * Version v1.72.0 * rc: fix formatting in job/batch * test speed: fix formatting of help * docs: update sponsor logos * build: bump actions/checkout from 5 to 6 * s3: add multi-part-upload support for If-Match and If-None-Match * rc: config/unlock: rename parameter to `configPassword` accept old as well * rc: correct names of parameters in job/list output * Add Nikolay Kiryanov to contributors * rc: add `executeId` to job statuses - fixes #8972 * build: bump golang.org/x/crypto from 0.43.0 to 0.45.0 to fix CVE-2025-58181 * s3: fix single file copying behavior with low permission - Fixes #8975 * docs: onedrive: note how to backup up any user's data * Add Dominik Sander to contributors * Add jijamik to contributors * box: allow to configure with config file contents * http: add basic metadata and provide it via serve * ftp: fix transfers from servers that return 250 ok messages * b2: allow individual old versions to be deleted with --b2-versions - fixes #1626 * build: fix tls: failed to verify certificate: x509: negative serial number * Add Sean Turner to contributors * s3: add support for --upload-header If-Match and If-None-Match * fix: comment typos * dropbox: fix error moving just created objects - fixes #8881 * s3: add --s3-use-data-integrity-protections to fix BadDigest error in Alibaba, Tencent * rc: make sure fatal errors don't crash rclone - fixes #8955 * pacer: factor call stack searching into its own package * rc: add osVersion, osKernel and osArch to core/version * build: update all dependencies * build(deps): bump golangci/golangci-lint-action from 8 to 9 * webdav: fix out of memory with sharepoint-ntlm when uploading large file * testserver: fix owncloud test server startup * Add aliaj1 to contributors * ulozto: Fix downloads returning HTML error page * docs: adjust spectra logic example endpoint name * docs: update version introduced to v1.70 in doi docs * testserver: fix HDFS server after run.bash adjustments * testserver: remind developers about allocating a port * testserver: make run.bash variables less likely to collide with scripts * testserver: fix seafile servers messing up _connect string * testserver: make sure TestWebdavInfiniteScale uses an assigned port * testserver: make sure we don't overwrite the NAME variable set * Add n4n5 to contributors * Add Alex to contributors * Add Copilot to contributors * docs: update contributing docs regarding backend documentation * rc: add jobs stats * docs: fix alignment of some of the icons in the storage system dropdown * docs: run markdownlint on _index.md * docs: fix markdownlint issues and other styling improvements in backend command docs * docs: fix markdownlint issue md046/code-block-style in backend command docs * docs: fix missing punctuation in backend commands short description * docs: fix markdownlint issues in backend command generated output * build: improve backend docs autogenerated marker line * backend/compress: add zstd compression * sftp: fix zombie SSH processes with --sftp-ssh - Fixes #8929 * testserver: fix tests failing due to stopped servers * docs: add new integration tester site link * docs: update the method for running integration tests * bisync: fix failing tests * Add SublimePeace to contributors * b2: fix "expected a FileSseMode but found: ''" * docs: s3: clarify multipart uploads memory usage * test_all: fix detection of running servers * accounting: add AccountReadN for use in cluster * fs: add NonDefaultRC for discovering options in use * fs: move tests into correct files * rc: add NewJobFromBytes for reading jobs from non HTTP transactions * rc: add job/batch for sending batches of rc commands to run concurrently * Add Ted Robertson to contributors * Add Joseph Brownlee to contributors * Add fries1234 to contributors * Add Fawzib Rojas to contributors * Add Riaz Arbi to contributors * Add Lukas Krejci to contributors * Add Adam Dinwoodie to contributors * Add dulanting to contributors * docs: add AppArmor restrictions to rclone mount * check: improved reporting of differences in sizes and contents * mega: implement 2FA login * docs: change to light code block style to better match overall theme * docs: fix various markdownlint issues * build: restrict the markdown languages to use for code blocks * docs: fix various markdownlint issues * docs: fix markdownlint issue md013/line-length * docs: change syntax hightlighting for command examples from sh to console * docs: Clarify remote naming convention * b2: Add Server-Side encryption support * Added rclone archive command to create and read archive files * accounting: add io.Seeker/io.ReaderAt support to accounting.Account * operations: add ReadAt method to ReOpen * fstest: add ResetRun to allow the remote to be reset in tests * gcs: fix --gcs-storage-class to work with server side copy for objects * ulozto: implement the about functionality * local: add --skip-specials to ignore special files * swift: Report disk usage in segment containers * refactor: use strings.Builder to improve performance * Archive backend to read archives on cloud storage. * vfs: remove unecessary import in tests to fix import cycles * Add Lakshmi-Surekha to contributors * Add Andrew Gunnerson to contributors * Add divinity76 to contributors * build: enable support for aix/ppc64 * rc: fix name of "queue" JSON key in docs for vfs/cache * cmount: windows: improve error message on missing winfsp * docs: add the Provider to the options examples in the backend docs * Add Aneesh Agrawal to contributors * Add viocha to contributors * Add reddaisyy to contributors * fs: remove unnecessary Seek call on log file * s3: make it easier to add new S3 providers * build(deps): bump actions/upload-artifact from 4 to 5 * build(deps): bump actions/download-artifact from 5 to 6 * ftp: fix SOCK proxy support - fixes #8892 (#8918) * webdav: Add Access-Control-Max-Age header for CORS preflight caching - fixes #5078 * webdav: use SpaceSepList to parse bearer token command * refactor: use strings.Builder to improve performance * docs: re-arrange sponsors page * docs: add Spectra Logic as a sponsor * Add Oleksandr Redko to contributors * build: enable all govet checks (except fieldalignment and shadow) and fix issues. * march: fix --no-traverse being very slow - fixes #8860 * Add vastonus to contributors * s3: add new FileLu S5 endpoints * build: remove obsolete build tag * azurefiles: add ListP interface - #4788 * dropbox: add ListP interface - #4788 * webdav: add ListP interface - #4788 * pcloud: add ListP interface - #4788 * box: add ListP interface - #4788 * onedrive: add ListP interface - #4788 * drive: add ListP interface - #4788 * Add hunshcn to contributors * webdav: optimize bearer token fetching with singleflight * Changelog updates from Version v1.71.2 * lib/http: cleanup indentation and other whitespace in http serve template * docs: improve formatting of http serve template parameters * build: stop markdown linter leaving behind docker containers * Add Marco Ferretti to contributors * s3: add cubbit as provider * s3: add servercore as a provider * docs: update sponsors * docs: update sponsor images * docs: update privacy policy with a section on user data * Add Dulani Woods to contributors * Add spiffytech to contributors * gcs: add region us-east5 - fixes #8863 * jottacloud: refactor service list from map to slice to get predefined order * jottacloud: added support for traditional oauth authentication also for the main service * oauthutil: improved debug logs from token refresh * backend: add S3 provider for Hetzner object storage #8183 * jottacloud: improved token refresh handling * s3: provider reordering * index: add missing providers * docs: add missing ` * s3: add rabata as a provider * mega: fix 402 payment required errors - fixes #8758 * Add Andrew Ruthven to contributors * Add Microscotch to contributors * Add iTrooz to contributors * build: Bump SwiftAIO container to a newer one * build: Retry stopping the test server * build: Increase attempts to connect to test server * swift: If storage_policy isn't set, use the root containers policy * proton: automated 2FA login with OTP secret key * serve s3: fix log output to remove the EXTRA messages * docs/jottacloud: update description of invalid_grant error according to changes * jottacloud: add support for MediaMarkt Cloud as a whitelabel service * s3: add FileLu S5 provider * docs: fix variants of --user-from-header * vfs: fix chunker integration test * test_all: give TestZoho: extra time as it has been timing out * test_all: give TestCompressDrive: extra time as it has been timing out * rclone config string: reduce quoting with Human rendering for strings #8859 * Add juejinyuxitu to contributors * docs/jottacloud: update documentation with new whitelabel services and changed configuration flow * jottacloud: abort attempts to run unsupported rclone authorize command * jottacloud: minor adjustment of texts in config ui * jottacloud: add support for Let's Go Cloud (from MediaMarkt) as a whitelabel service * jottacloud: fix authentication for whitelabel services from Elkjøp subsidiaries * jottacloud: refactor config handling of whitelabel services to use openid provider configuration * jottacloud: remove nil error object from error message * jottacloud: fix legacy authentication * docs: add remote setup page to main docs dropdown * docs: update remote setup page * docs: add link from authorize command docs to remote setup docs * docs: lowercase internet and web browser instead of Internet browser * docs: use the term backend name instead of fs name for authorize command * add `rclone config string` for making connection strings #8859 * config: add more human readable configmap.Simple output * serve http: download folders as zip * s3: reorder providers to be in alphabetical order * refactor: use strings.FieldsFuncSeq to reduce memory allocations * accounting: add SetMaxCompletedTransfers method to fix bisync race #8815 * accounting: add RemoveDoneTransfers method to fix bisync race #8815 * bisync: fix race when CaptureOutput is used concurrently #8815 * build: update all dependencies * Makefile: remove deprecated go mod usage * azurefiles: Fix server side copy not waiting for completion - fixes #8848 * Changelog updates from Version v1.71.1 * test_all: fix branch name in test report * pacer: fix deadlock with --max-connections * Revert "azureblob: fix deadlock with --max-connections with InvalidBlockOrBlob errors" * Add Youfu Zhang to contributors * Add Matt LaPaglia to contributors * smb: optimize smb mount performance by avoiding stat checks during initialization * pikpak: fix unnecessary retries by using URL expire parameter - fixes #8601 * serve http: fix: logging url on start * docs: fix typo * b2: fix 1TB+ uploads * march: fix deadlock when using --fast-list on syncs - fixes #8811 * build: slices.Contains, added in go1.21 * build: use strings.CutPrefix introduced in go1.20 * build: use sequence Split introduced in go1.24 * build: use "for i := range n", added in go1.22 * build: modernize benchmark usage * build: in tests use t.Context, added in go1.24 * build: replace interface{} by the 'any' type added in go1.18 * build: use the built-in min or max functions added in go1.21 * Add russcoss to contributors * build: remove x := x made unnecessary by the new semantics of loops in go1.22 * lib/pool: fix unreliable TestPoolMaxBufferMemory test * Update S-Pegg1 email * Add Jean-Christophe Cura to contributors * pool: fix flaky unreliability test * copyurl: reworked code, added concurrency and tests * copyurl: Added --url to read urls from csv file - #8127 * docs: HDFS: erasure coding limitation #8808 * fstest: fix slice bounds out of range error when using -remotes local * local: fix time zones on tests * s3: added SpectraLogic as a provider * local: fix rmdir "Access is denied" on windows - fixes #8363 * bisync: fix error handling for renamed conflicts * docs: pcloud: update root_folder_id instructions * operations: fix partial name collisions for non --inplace copies * drive: docs: update making your own client ID instructions * swift: add ListP interface - #4788 * memory: add ListP interface - #4788 * oraceobjectstorage: add ListP interface - #4788 * B2: add ListP interface - #4788 * azureblob: add ListP interface - #4788 * googlecloudstorage: add ListP interface - Fixes #8763 * build: bump actions/github-script from 7 to 8 * build: bump actions/setup-go from 5 to 6 * bisync: fix chunker integration tests * bisync: fix koofr integration tests * internetarchive: fix server side copy files with spaces * lib/rest: add URLPathEscapeAll to URL escape as many chars as possible * Add alternate email for dougal to contributors * test speed: add command to test a specified remotes speed * docs: add link to MEGA S4 from MEGA page * Add Robin Rolf to contributors * Add anon-pradip to contributors * s3: Add Intercolo provider * gendocs: refactor and add logging of skipped command docs * gendocs: ignore missing rclone_mount.md, rclone_nfsmount.md, rclone_serve_nfs.md on windows * bin: add bisync.md generator * fstest: refactor to decouple package from implementation * gendocs: ignore missing rclone_mount.md on macOS * bisync: ignore expected "nothing to transfer" differences on tests * bisync: fix TestBisyncConcurrent ignoring -case * bisync: make number of parallel tests configurable * docs: clarify subcommand description in rclone usage * docs: fix description of regex syntax of name transform * docs: add some more details about supported regex syntax * makefile: fix lib/transform docs not getting updated * lib/pool: fix flaky test which was causing timeouts * Add dougal to contributors * vfs: fix SIGHUP killing serve instead of flushing directory caches * bisync: use unique stats groups on tests * fstest: stop errors in test cleanup changing the global stats * Add Motte to contributors * Add Claudius Ellsel to contributors * build: add local markdown linting to make check * lsf: add support for unix and unixnano time formats * docs: remove broken links from rc to commands * hashsum: changed output format when listing algorithms * docs: add example of how to add date as suffix * box: fix about after change in API return - fixes #8776 * Add skbeh to contributors * Add Tilman Vogel to contributors * docs: fix incorrectly escaped windows path separators * build: restore error handling in gendocs * combine: propagate SlowHash feature * docs/oracleobjectstorage: add introduction before external links and remove broken link * docs: fix markdown lint issues in backend docs * docs: fix markdown lint issues in command docs * docs: update markdown code block json indent size 2 * mount: do not log successful unmount as an error - fixes #8766 * Start v1.72.0-DEV development - Update to version 1.71.2: * Version v1.71.2 * docs: update sponsors * docs: update sponsor images * docs: update privacy policy with a section on user data * gcs: add region us-east5 - fixes #8863 * index: add missing providers * docs: add missing ` * mega: fix 402 payment required errors - fixes #8758 * docs: fix variants of --user-from-header * docs: add remote setup page to main docs dropdown * docs: update remote setup page * docs: add link from authorize command docs to remote setup docs * docs: lowercase internet and web browser instead of Internet browser * docs: use the term backend name instead of fs name for authorize command * bisync: fix race when CaptureOutput is used concurrently #8815 * azurefiles: Fix server side copy not waiting for completion - fixes #8848 * pikpak: fix unnecessary retries by using URL expire parameter - fixes #8601 * serve http: fix: logging url on start * docs: fix typo * b2: fix 1TB+ uploads * Start v1.71.2-DEV development - Update to version 1.71.1: * Version v1.71.1 * pacer: fix deadlock with --max-connections * Revert "azureblob: fix deadlock with --max-connections with InvalidBlockOrBlob errors" * march: fix deadlock when using --fast-list on syncs - fixes #8811 * docs: HDFS: erasure coding limitation #8808 * local: fix rmdir "Access is denied" on windows - fixes #8363 * bisync: fix error handling for renamed conflicts * docs: pcloud: update root_folder_id instructions * operations: fix partial name collisions for non --inplace copies * drive: docs: update making your own client ID instructions * internetarchive: fix server side copy files with spaces * lib/rest: add URLPathEscapeAll to URL escape as many chars as possible * docs: add link to MEGA S4 from MEGA page * docs: clarify subcommand description in rclone usage * docs: fix description of regex syntax of name transform * docs: add some more details about supported regex syntax * makefile: fix lib/transform docs not getting updated * vfs: fix SIGHUP killing serve instead of flushing directory caches * docs: remove broken links from rc to commands * docs: add example of how to add date as suffix * box: fix about after change in API return - fixes #8776 * docs: fix incorrectly escaped windows path separators * build: restore error handling in gendocs * combine: propagate SlowHash feature * docs/oracleobjectstorage: add introduction before external links and remove broken link * docs: fix markdown lint issues in backend docs * docs: fix markdown lint issues in command docs * docs: update markdown code block json indent size 2 * mount: do not log successful unmount as an error - fixes #8766 * Start v1.71.1-DEV development - Update to version 1.71.0: * Version v1.71.0 * fs: tls: add --client-pass support for encrypted --client-key files * ftp: make TLS config default to global TLS config - Fixes #6671 * fshttp: return *Transport rather than http.RoundTripper from NewTransport * bisync: release from beta * bisync: fix markdown formatting issues flagged by linter in docs * bisync: fix --no-slow-hash settings on path2 * Add cui to contributors * docs: add code of conduct * lib/mmap: convert to using unsafe.Slice to avoid deprecated reflect.SliceHeader * build: bump golangci/golangci-lint-action from 6 to 8 * build: update golangci-lint configuration * build: ignore revive lint issue var-naming: avoid meaningless package names * build: fix lint issue: should omit type error from declaration * Revert "build: downgrade linter to use go1.24 until it is fixed for go1.25" * build: migrate golangci-lint configuration to v2 format * s3: add --s3-use-arn-region flag - fixes #8686 * Add Binbin Qian to contributors * Add Lucas Bremgartner to contributors * docs: add tips about outdated certificates * FAQ: specify the availability of SSL_CERT_* env vars * pikpak: add file name integrity check during upload * bisync: skip TestBisyncConcurrent on non-local * internetarchive: fix server side copy files with & * Revert "s3: set useAlreadyExists to false for Alibaba OSS" * Add huangnauh to contributors * smb: improve multithreaded upload performance using multiple connections * bisync: fix data races on tests * bisync: remove unused parameters * bisync: deglobalize to fix concurrent runs via rc - fixes #8675 * mount: fix identification of symlinks in directory listings * s3: fix Content-Type: aws-chunked causing upload errors with --metadata * config: fix problem reading pasted tokens over 4095 bytes * config: fix test failure on local machine with a config file * log: add log rotation to --log-file - fixes #2259 * accounting: Fix stats (speed=0 and eta=nil) when starting jobs via rc * docs: update overview table for oracle object storage * Add praveen-solanki-oracle to contributors * oracleobjectstorage: add read only metadata support - Fixes #8705 * doc: sync doesn't symlinks in dest without --link - Fixes #8749 * s3: sort providers in docs * s3: add docs for Exaba Object Storage * azureblob: fix double accounting for multipart uploads - fixes #8718 * pool: fix deadlock with --max-buffer-memory * azureblob: fix deadlock with --max-connections with InvalidBlockOrBlob errors * build: downgrade linter to use go1.24 until it is fixed for go1.25 * build: update all dependencies * build: update to go1.25 and make go1.24 the minimum required version * Add Timothy Jacobs to contributors * bisync: fix time.Local data race on tests - fixes #8272 * googlecloudstorage: fix rateLimitExceeded error on bisync tests * accounting: populate transfer snapshot with "what" value * build(deps): bump actions/checkout from 4 to 5 * build(deps): bump actions/download-artifact from 4 to 5 * googlecloudstorage: enable bisync integration tests * fstest: fix parsing of commas in -remotes * azurefiles: fix hash getting erased when modtime is set * bisync: disable --sftp-copy-is-hardlink on sftp tests * local: fix --copy-links on Windows when listing Junction points * operations: fix too many connections open when using --max-memory * pool: fix deadlock with --max-memory and multipart transfers * pool: unify memory between multipart and asyncreader to use one pool * docs: update links to rcloneui * docs: add MEGA S4 as a gold sponsor * about: fix potential overflow of about in various backends * box: fix about: cannot unmarshal number 1.0e+18 into Go struct field * oauthutil: fix nil pointer crash when started with expired token * rc: listremotes should send an empty array instead of nil * config: add error if RCLONE_CONFIG_PASS was supplied but didn't decrypt config * rc: add config/unlock to unlock the config file * ftp: allow insecure TLS ciphers - fixes #8701 * s3: set useAlreadyExists to false for Alibaba OSS * docs: update sponsors page * fs: allow global variables to be overriden or set on backend creation * fs: allow setting of --http_proxy from command line * tests: cloudinary: remove test ignore after merging fix from #8707 * Add Antonin Goude to contributors * Add Yu Xin to contributors * Add houance to contributors * Add Florent Vennetier to contributors * Add n4n5 to contributors * Add Albin Parou to contributors * Add liubingrun to contributors * sync: fix testLoggerVsLsf when backend only reads modtime * sync: fix testLoggerVsLsf checking wrong fs * docs: fix make opengraph tags absolute as not all sites understand relative * docs: update contributing guide regarding markdown documentation * build: add markdown linting to workflow * build: add markdownlint configuration * docs: minor format cleanup install.md * docs: fix markdownlint issue md049/emphasis-style * docs: fix markdownlint issue md036/no-emphasis-as-heading * docs: fix markdownlint issue md033/no-inline-html * docs: fix markdownlint issue md025/single-title * docs: fix markdownlint issue md041/first-line-heading * docs: fix markdownlint issue md001/heading-increment * docs: fix markdownlint issue md003/heading-style * docs: fix markdownlint issue md034/no-bare-urls * docs: fix markdownlint issue md010/no-hard-tabs * docs: fix markdownlint issue md013/line-length * docs: fix markdownlint issue md038/no-space-in-code * docs: fix markdownlint issue md040/fenced-code-language * docs: fix markdownlint issue md046/code-block-style * docs: fix markdownlint issue md037/no-space-in-emphasis * docs: fix markdownlint issue md059/descriptive-link-text * docs: fix markdownlint issues md007/ul-indent md004/ul-style * docs: fix markdownlint issue md012/no-multiple-blanks * docs: fix markdownlint issue md058/blanks-around-tables * docs: fix markdownlint issue md022/blanks-around-headings * docs: fix markdownlint issue md031/blanks-around-fences * docs: fix markdownlint issue md032/blanks-around-lists * docs: fix markdownlint issue md009/no-trailing-spaces * docs: fix markdownlint issue md014/commands-show-output * docs: fix markdownlint issues md007/ul-indent md004/ul-style (bin/update-authors.py) * docs: fix markdownlint issues md007/ul-indent md004/ul-style (authors.md) * docs: add opengraph tags for website social media previews * mount: note that bucket based remotes can use directory markers * pikpak: add docs for methods to clarify name collision handling and restrictions * pikpak: enhance Copy method to handle name collisions and improve error management * pikpak: enhance Move for better handling of error and name collision * accounting: fix incorrect stats with --transfers=1 - fixes #8670 * rc: fix `operations/check` ignoring `oneWay` parameter * s3: add OVHcloud Object Storage provider * docs: rc: fix description of how to read local config * build: limit check for edits of autogenerated files to only commits in a pull request * build: extend check for edits of autogenerated files to all commits in a pull request * smb: refresh Kerberos credentials when ccache file changes * s3: fix multipart upload and server side copy when using bucket policy SSE-C * backend/s3: Fix memory leak by cloning strings #8683 * purge: exit with a fatal error if filters are set on `rclone purge` * docs: Add Backblaze as a Platinum sponsor * Add Sam Pegg to contributors * googlephotos: added warning for Google Photos compatability-fixes #8672 * test: remove flakey TestChunkerChunk50bYandex: test * docs: Consolidate entries for Josh Soref in contributors * docs: remove dead link to example of writing a plugin * filescom: document that hashes need to be enabled - fixes #8674 * Add Sudipto Baral to contributors * docs: fix incorrect json syntax in sample output * docs: ignore author email piyushgarg80 * docs: fix header level for --dump option section * docs: use stringArray as parameter type * docs: use consistent markdown heading syntax * imagekit: remove server side Copy method as it was downloading and uploading * imagekit: don't low level retry uploads * imagekit: return correct error when attempting to upload zero length files * smb: add --smb-kerberos-ccache option to set kerberos ccache per smb backend * test: fix smb kerberos integration tests * Changelog updates from Version v1.70.3 * config: make parsing of duration options consistent * docs: cleanup usage * docs: break long lines * docs: add option value type to header where missing * docs: mention that identifiers in option values are case insensitive * docs: rewrite dump option examples * docs: use markdown inline code format for dump option headers that are real examples * docs: change spelling from server side to server-side * docs: cleanup header casing * docs: rename OSX to macOS * docs: fix list and code block issue * docs: consistent markdown list format * docs: split section with general description of options with that documenting actual main options * docs: improve description of option types * docs: use space instead of equal sign to separate option and value in headers * docs: use comma to separate short and long option format in headers * docs: remove use of uncommon parameter types * docs: remove use of parameter type FILE * docs: remove use of parameter type DIR * docs: remove use of parameter type CONFIG_FILE * docs: change use of parameter type N and NUMBER to int consistent with flags and cli help * docs: change use of parameter type TIME to Duration consistent with flags and cli help * docs: change use of parameter type BANDWIDTH_SPEC to BwTimetable consistent with flags and cli help * docs: change use of parameter type SIZE to SizeSuffix consistent with flags and cli help * docs: cleanup markdown header format * docs: explain separated list parameters * azureblob: fix server side copy error "requires exactly one scope" * test: remove and ignore failing integration tests * docs: explain the json log format in more detail * check: fix difference report (was reporting error counts) * serve sftp: add support for more hashes (crc32, sha256, blake3, xxh3, xxh128) * serve sftp: extract function refactoring for handling hashsum commands * sftp: add support for more hashes (crc32, sha256, blake3, xxh3, xxh128) * local: configurable supported hashes * hash: add support for BLAKE3, XXH3, XXH128 * vfs: make integration TestDirEntryModTimeInvalidation test more reliable * smb: skip non integration tests when doing integration tests * seafile: fix integration test errors by adding dot to encoding * linkbox: fix upload error "user upload file not exist" * build: remove integration tests which are too slow * march: fix deadlock when using --no-traverse - fixes #8656 * pikpak: improve error handling for missing links and unrecoverable 500s * pikpak: rewrite upload to bypass AWS S3 manager - fixes #8629 * test: fix TestSMBKerberos password expiring errors * Add Vikas Bhansali to contributors * Add Ross Smith II to contributors * azureblob,azurefiles: add support for client assertion based authentication * webdav: fix setting modtime to that of local object instead of remote * build: set default shell to bash in build.yml * docs: fix filescom/filelu link mixup * Add Davide Bizzarri to contributors * fix: b2 versionAt read metadata * test: make TestWebdavInfiniteScale startup more reliable * test_all: add _connect_delay for slow starting servers * docs: update link for filescom * test_all: make TestWebdav InfiniteScale integration tests run * test_all: make SMB with Kerberos integration tests run properly * test_all: allow an env parameter to set environment variables * Changelog updates from Version v1.70.2 * Add Ali Zein Yousuf to contributors * Add $@M@RTH_ to contributors * docs: update client ID instructions to current Azure AD portal - fixes #8027 * s3: add Zata provider * pacer: fix nil pointer deref in RetryError - fixes #8077 * docs: Remove Warp as a sponsor * docs: add files.com as a Gold sponsor * docs: add links to SecureBuild docker image * Add curlwget to contributors * convmv: fix moving to unicode-equivalent name - fixes #8634 * transform: add truncate_keep_extension and truncate_bytes * convmv: make --dry-run logs less noisy * sync: avoid copying dir metadata to itself * docs: fix some function names in comments * combine: fix directory not found errors with ListP interface - Fixes #8627 * local: fix --skip-links on Windows when skipping Junction points * Add Marvin Rösch to contributors * build: bump github.com/go-chi/chi/v5 from 5.2.1 to 5.2.2 to fix GHSA-vrw8-fxc6-2r93 * copy,copyto,move,moveto: implement logger flags to store result of sync * log: fix deadlock when using systemd logging - fixes #8621 * docs: googlephotos: detail how to make your own client_id - fixes #8622 * Add necaran to contributors * mega: fix tls handshake failure - fixes #8565 * Changelog updates from Version v1.70.1 * Add jinjingroad to contributors * docs: DOI grammar error * docs: lib/transform: cleanup formatting * lib/transform: avoid empty charmap entry * chore: fix function name * convmv: fix spurious "error running command echo" on Windows * docs: client-credentials is not support by all backends * Start v1.71.0-DEV development - Update to version 1.70.3: * Version v1.70.3 * azureblob: fix server side copy error "requires exactly one scope" * docs: explain the json log format in more detail * check: fix difference report (was reporting error counts) * linkbox: fix upload error "user upload file not exist" * march: fix deadlock when using --no-traverse - fixes #8656 * pikpak: improve error handling for missing links and unrecoverable 500s * webdav: fix setting modtime to that of local object instead of remote * fix: b2 versionAt read metadata * Start v1.70.3-DEV development * docs: fix filescom/filelu link mixup * docs: update link for filescom - Update to version 1.70.2: * Version v1.70.2 * docs: update client ID instructions to current Azure AD portal - fixes #8027 * mega: fix tls handshake failure - fixes #8565 * pacer: fix nil pointer deref in RetryError - fixes #8077 * convmv: fix moving to unicode-equivalent name - fixes #8634 * convmv: make --dry-run logs less noisy * sync: avoid copying dir metadata to itself * combine: fix directory not found errors with ListP interface - Fixes #8627 * local: fix --skip-links on Windows when skipping Junction points * build: bump github.com/go-chi/chi/v5 from 5.2.1 to 5.2.2 to fix GHSA-vrw8-fxc6-2r93 * log: fix deadlock when using systemd logging - fixes #8621 * docs: googlephotos: detail how to make your own client_id - fixes #8622 * pikpak: fix uploads fail with "aws-chunked encoding is not supported" error * Start v1.70.2-DEV development * docs: Remove Warp as a sponsor * docs: add files.com as a Gold sponsor * docs: add links to SecureBuild docker image - Update to version 1.70.1: * Version v1.70.1 * docs: DOI grammar error * docs: lib/transform: cleanup formatting * lib/transform: avoid empty charmap entry * chore: fix function name * convmv: fix spurious "error running command echo" on Windows * docs: client-credentials is not support by all backends * Start v1.70.1-DEV development - Update to version 1.70.0: * Version v1.70.0 * ftp: add --ftp-http-proxy to connect via HTTP CONNECT proxy * pcloud: fix "Access denied. You do not have permissions to perform this operation" on large uploads * operations: fix TransformFile when can't server-side copy/move * fstest: fix -verbose flag after logging revamp * googlecloudstorage: fix directory marker after // changes in #5858 * s3: fix directory marker after // changes in #5858 * azureblob: fix directory marker after // changes in #5858 * tests: ignore some more habitually failing tests * googlephotos: fix typo in error message - Fixes #8600 * s3: MEGA S4 support * Add Ser-Bul to contributors * chunker: fix double-transform * docs: mailru: added note about permissions level choice for the apps password * tests: ignore habitually failing tests and backends * docs: link to asciinema rather than including the js * docs: target="_blank" must have rel="noopener" * sync: fix testLoggerVsLsf when dst is local * docs: fix FileLu docs * build: update all dependencies * onedrive: fix crash if no metadata was updated * Add kingston125 to contributors * Add Flora Thiebaut to contributors * Add FileLu cloud storage backend * doi: add new doi backend * build: fix check_autogenerated_edits.py flagging up files that didn't exist * docs: rc: add more info on how to discover _config and _filter parameters #8584 * s3: add Exaba provider * convmv: add convmv command * lib/transform: add transform library and --name-transform flag * march: split src and dst * Add ahxxm to contributors * Add Nathanael Demacon to contributors * b2: use file id from listing when not presented in headers - fixes #8113 * fs: fix goroutine leak and improve stats accounting process * march: fix syncing with a duplicate file and directory * Add PrathameshLakawade to contributors * Add Oleksiy Stashok to contributors * docs: fix page_facing_up typo next to Lyve Cloud in README.md * backend/s3: require custom endpoint for Lyve Cloud v2 support * backend: skip hash calculation when the hashType is None - fixes #8518 * azureblob: fix multipart server side copies of 0 sized files * Add Jeremy Daer to contributors * Add wbulot to contributors * s3: add Pure Storage FlashBlade provider support (#8575) * backend/gofile: update to use new direct upload endpoint * log: add --windows-event-log-level to support Windows Event Log * fs: Remove github.com/sirupsen/logrus and replace with log/slog * Add fhuber to contributors * cmd serve s3: fix ListObjectsV2 response * Changelog updates from Version v1.69.3 * onedrive: re-add --onedrive-upload-cutoff flag * onedrive: fix "The upload session was not found" errors * Add Germán Casares to contributors * Add Jeff Geerling to contributors * googlephotos: update read only and read write scopes to meet Google's requirements. * build: update github.com/ebitengine/purego to v0.8.3 to fix mac_amd64 build * docs: add hint about config touch and config file not found * docs: add FAQ for dismissing 'rclone.conf not found' * docs: document how to keep an out of tree backend * Add Clément Wehrung to contributors * iclouddrive: fix panic and files potentially downloaded twice * docs: move --max-connections documentation to the correct place * Add Ben Boeckel to contributors * Add Tho Neyugn to contributors * docs: fix typo in s3/storj docs * serve s3: remove redundant handler initialization * Changelog updates from Version 1.69.2 * sftp: add --sftp-http-proxy to connect via HTTP CONNECT proxy * Add Jugal Kishore to contributors * docs: correct SSL docs anchor link from #ssl-tls to #tls-ssl * drive: metadata: fix error when setting copy-requires-writer-permission on a folder * docs: Update contributors * build: bump golang.org/x/net from 0.36.0 to 0.38.0 * Update README.md * docs: fix typos via codespell * webdav: add an ownCloud Infinite Scale vendor that enables tus chunked upload support * onedrive: fix metadata ordering in permissions * Add Ben Alex to contributors * Add simwai to contributors * iclouddrive: fix so created files are writable * cmd/authorize: show required arguments in help text * cloudinary: var naming convention - #8416 * cloudinary: automatically add/remove known media files extensions #8416 * Add Markus Gerstel to contributors * Add Enduriel to contributors * Add huanghaojun to contributors * Add simonmcnair to contributors * Add Samantha Bowen to contributors * s3: documentation regression - fixes #8438 * hash: add SHA512 support for file hashes * vfs: fix inefficient directory caching when directory reads are slow * docs: update fuse version in docker docs * fs/config: Read configuration passwords from stdin even when terminated with EOF - fixes #8480 * cmd/gitannex: Reject unknown layout modes in INITREMOTE * cmd/gitannex: Add configparse.go and refactor * cmd/gitannex: Permit remotes with options * serve ftp: add serve rc interface * serve sftp: add serve rc interface * serve restic: add serve rc interface * serve s3: add serve rc interface * serve dlna: add serve rc interface * serve webdav: add serve rc interface - fixes #4505 * serve http: add serve rc interface * serve nfs: add serve rc interface * serve: Add rc control for serve commands #4505 * configstruct: add SetAny to parse config from the rc * rc: In options/info make FieldName contain a "." if it should be nested * serve restic: convert options to new style * serve s3: convert options to new style * serve http: convert options to new style * serve webdav: convert options to new style * auth proxy: convert options to new style * auth proxy: add VFS options parameter for use for default VFS * serve: make the servers self registering * lib/http: fix race between Serve() and Shutdown() * lib/http: add Addr() method to return the first configured server address * Add Danny Garside to contributors * docs: fix minor typo in box docs * sync: implement --list-cutoff to allow on disk sorting for reduced memory use * march: Implement callback based syncing * list: add ListDirSortedFn for callback oriented directory listing * list: Implement Sorter to sort directory entries * cache: mark ListP as not supported yet * hasher: implement ListP interface * compress: implement ListP interface * chunker: mark ListP as not supported yet * union: mark ListP as not supported yet * crypt: implement ListP interface * combine: implement ListP interface * s3: Implement paged listing interface ListP * list: add WithListP helper to implement List for ListP backends * walk: move NewListRHelper into list.Helper to avoid circular dependency * fs: define ListP interface for paged listing #4788 * accounting: Add listed stat for number of directory entries listed * walk: factor Listing helpers into their own file and add tests * serve nfs: make metadata files have special file handles * serve nfs: change the format of --nfs-cache-type symlink file handles * vfs: add --vfs-metadata-extension to expose metadata sidecar files * docs: Add rcloneui.com as Silver Sponsor * Add Klaas Freitag to contributors * Add eccoisle to contributors * Add Fernando Fernández to contributors * Add alingse to contributors * Add Jörn Friedrich Dreyer to contributors * docs: replace option --auto-filename-header with --header-filename * build: update github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 to fix CVE-2025-30204 * docs/googlephotos: fix typos * build: bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 * operations: fix call fmt.Errorf with wrong err * webdav: retry propfind on 425 status * Add --max-connections to control maximum backend concurrency * rc: fix debug/* commands not being available over unix sockets * cmd/gitannex: Prevent tests from hanging when assertion fails * cmd/gitannex: Add explicit timeout for mock stdout reads in tests * http: correct root if definitely pointing to a file - fixes #8428 * pool: add --max-buffer-memory to limit total buffer memory usage * filter: Add `--hash-filter` to deterministically select a subset of files * build: update golang.org/x/net to 0.36.0. to fix CVE-2025-22869 * rc: add add short parameter to core/stats to not return transferring and checking * fs: fix corruption of SizeSuffix with "B" suffix in config (eg --min-size) * filters: show --min-size and --max-size in --dump filters * build: check docs for edits of autogenerated sections * Add jack to contributors * docs: fix incorrect mentions of vfs-cache-min-free-size * fs/object: fix memory object out of bounds Seek * serve nfs: fix unlikely crash * docs: update minimum OS requirements for go1.24 * cmd/gitannex: Tweak parsing of "rcloneremotename" config * cmd/gitannex: Drop var rebindings now that we have go1.23 * docs: add note for using rclone cat for slicing out a byte range from a file * rcserver: improve content-type check * build: modernize Go usage * build: update all dependencies and fix deprecations * build: update golang.org/x/crypto to v0.35.0 to fix CVE-2025-22869 * build: make go1.23 the minimum go version * cmd/gitannex: Add to integration tests * cmd/gitannex: Simplify verbose failures in tests * cmd/gitannex: Port unit tests to fstest * vfs: fix integration test failures * azureblob: fix errors not being retried when doing single part copy * azureblob: handle retry error codes more carefully * touch: make touch obey --transfers * Add luzpaz to contributors * Add Dave Vasilevsky to contributors * docs: fix various typos Found via * dropbox: Retry link without expiry * Dropbox: Support Dropbox Paper * chore: update contributor email * docs: correct stable release workflow * Add Lorenz Brun to contributors * Add Michael Kebe to contributors * vfs: fix directory cache serving stale data * build: fix docker plugin build - fixes #8394 * docs: improved sftp limitations * Changelog updates from Version v1.69.1 * docs: add FileLu as sponsors and tidy sponsor logos * accounting: fix percentDiff calculation -- fixes #8345 * vfs: fix the cache failing to upload symlinks when --links was specified * Add jbagwell-akamai to contributors * Add ll3006 to contributors * doc: add note on concurrency of rclone purge * s3: add latest Linode Object Storage endpoints * cmd: fix crash if rclone is invoked without any arguments - Fixes #8378 * build: disable docker builds on PRs & add missing dockerfile changes * sync: copy dir modtimes even when copyEmptySrcDirs is false - fixes #8317 * sync: add tests to check dir modtimes are kept when syncing * fix golangci-lint errors * bisync: fix false positive on integration tests * s3: split the GCS quirks into -s3-use-x-id and -s3-sign-accept-encoding #8373 * Add Joel K Biju to contributors * stats: fix the speed not getting updated after a pause in the processing * opendrive: added --opendrive-access flag to handle permissions * bisync: fix listings missing concurrent modifications - fixes #8359 * Added parallel docker builds and caching for go build in the container * smb: improve connection pooling efficiency * lib/oauthutil: fix redirect URL mismatch errors - fixes #8351 * b2: fix "fatal error: concurrent map writes" - fixes #8355 * Add Alexander Minbaev to contributors * Add Zachary Vorhies to contributors * Add Jess to contributors * s3: add IBM IAM signer - fixes #7617 * serve nfs: update docs to note Windows is not supported - fixes #8352 * cmd/config(update remote): introduce --no-output option * s3: add DigitalOcean regions SFO2, LON1, TOR1, BLR1 * sync: fix cpu spinning when empty directory finding with leading slashes * s3: fix handling of objects with // in #5858 * azureblob: fix handling of objects with // in #5858 * fstest: add integration tests objects with // on bucket based backends #5858 * fs/list: tweak directory listing assertions after allowing // names * lib/bucket: fix tidying of // in object keys #5858 * lib/bucket: add IsAllSlashes function * azureblob: remove uncommitted blocks on InvalidBlobOrBlock error * azureblob: implement multipart server side copy * azureblob: speed up server side copies for small files #8249 * azureblob: cleanup uncommitted blocks on upload errors * azureblob: factor readMetaData into readMetaDataAlways returning blob properties * Add b-wimmer to contributors * azurefiles: add --azurefiles-use-az and --azurefiles-disable-instance-discovery * onedrive: mark German (de) region as deprecated * Add Trevor Starick to contributors * Add hiddenmarten to contributors * Add Corentin Barreau to contributors * Add Bruno Fernandes to contributors * Add Moises Lima to contributors * Add izouxv to contributors * Add Robin Schneider to contributors * Add Tim White to contributors * Add Christoph Berger to contributors * azureblob: add support for `x-ms-tags` header * rc: disable the metrics server when running `rclone rc` * internetarchive: add --internetarchive-metadata="key=value" for setting item metadata * lib/batcher: Deprecate unused option: batch_commit_timeout * s3: Added new storage class to magalu provider * http servers: add --user-from-header to use for authentication * b2: add SkipDestructive handling to backend commands - fixes #8194 * vfs: close the change notify channel on Shutdown * Docker image: Add label org.opencontainers.image.source for release notes in Renovate dependency updates * docs: add OneDrive Impersonate instructions - fixes #5610 * docs: explain the stringArray flag parameter descriptor * iclouddrive: add notes on ADP and Missing PCS cookies - fixes #8310 * docs: fix typos found by codespell in docs and code comments * fs: fix confusing "didn't find section in config file" error * vfs: fix race detected by race detector * Add Jonathan Giannuzzi to contributors * Add Spencer McCullough to contributors * Add Matt Ickstadt to contributors * smb: add support for kerberos authentication * drive: added `backend moveid` command * docs: fix reference to serves3 setting disable_multipart_uploads which was renamed * docs: fix link to Rclone Serve S3 * serve s3: fix list objects encoding-type * build: update gopkg.in/yaml.v2 to v3 * build: update all dependencies * bisync: fix go vet problems with go1.24 * build: update to go1.24rc1 and make go1.22 the minimum required version * version: add --deps flag to show dependencies and other build info * doc: make man page well formed for whatis - fixes #7430 * Start v1.70.0-DEV development - Install completion files in the right place. - Update to version 1.69.3: * build: update github.com/ebitengine/purego to work around bug in go1.24.3 * build: reapply update github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 to fix CVE-2025-30204 - Update to version 1.69.2: - Bug fixes - accounting: Fix percentDiff calculation -- (Anagh Kumar Baranwal) - build - Update github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 to fix CVE-2025-30204 (dependabot[bot]) - Update github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 to fix CVE-2025-30204 (dependabot[bot]) - Update golang.org/x/crypto to v0.35.0 to fix CVE-2025-22869 (Nick Craig-Wood) - Update golang.org/x/net from 0.36.0 to 0.38.0 to fix CVE-2025-22870 (dependabot[bot]) - Update golang.org/x/net to 0.36.0. to fix CVE-2025-22869 (dependabot[bot]) - Stop building with go < go1.23 as security updates forbade it (Nick Craig-Wood) - Fix docker plugin build (Anagh Kumar Baranwal) - cmd: Fix crash if rclone is invoked without any arguments (Janne Hellsten) - config: Read configuration passwords from stdin even when terminated with EOF (Samantha Bowen) - doc fixes (Andrew Kreimer, Danny Garside, eccoisle, Ed Craig-Wood, emyarod, jack, Jugal Kishore, Markus Gerstel, Michael Kebe, Nick Craig-Wood, simonmcnair, simwai, Zachary Vorhies) - fs: Fix corruption of SizeSuffix with "B" suffix in config (eg --min-size) (Nick Craig-Wood) - lib/http: Fix race between Serve() and Shutdown() (Nick Craig-Wood) - object: Fix memory object out of bounds Seek (Nick Craig-Wood) - operations: Fix call fmt.Errorf with wrong err (alingse) - rc - Disable the metrics server when running rclone rc (hiddenmarten) - Fix debug/* commands not being available over unix sockets (Nick Craig-Wood) - serve nfs: Fix unlikely crash (Nick Craig-Wood) - stats: Fix the speed not getting updated after a pause in the processing (Anagh Kumar Baranwal) - sync - Fix cpu spinning when empty directory finding with leading slashes (Nick Craig-Wood) - Copy dir modtimes even when copyEmptySrcDirs is false (ll3006) - vfs - Fix directory cache serving stale data (Lorenz Brun) - Fix inefficient directory caching when directory reads are slow (huanghaojun) - Fix integration test failures (Nick Craig-Wood) - Drive - Metadata: fix error when setting copy-requires-writer-permission on a folder (Nick Craig-Wood) - Dropbox - Retry link without expiry (Dave Vasilevsky) - HTTP - Correct root if definitely pointing to a file (nielash) - Iclouddrive - Fix so created files are writable (Ben Alex) - Onedrive - Fix metadata ordering in permissions (Nick Craig-Wood) - Update to version 1.69.1: * Version v1.69.1 * build: disable docker builds on PRs & add missing dockerfile changes * Added parallel docker builds and caching for go build in the container * docs: add FileLu as sponsors and tidy sponsor logos * vfs: fix the cache failing to upload symlinks when --links was specified * doc: add note on concurrency of rclone purge * s3: add latest Linode Object Storage endpoints * fix golangci-lint errors * bisync: fix listings missing concurrent modifications - fixes #8359 * lib/oauthutil: fix redirect URL mismatch errors - fixes #8351 * b2: fix "fatal error: concurrent map writes" - fixes #8355 * serve nfs: update docs to note Windows is not supported - fixes #8352 * s3: add DigitalOcean regions SFO2, LON1, TOR1, BLR1 * onedrive: mark German (de) region as deprecated * s3: Added new storage class to magalu provider * vfs: close the change notify channel on Shutdown * docs: add OneDrive Impersonate instructions - fixes #5610 * docs: explain the stringArray flag parameter descriptor * iclouddrive: add notes on ADP and Missing PCS cookies - fixes #8310 * docs: fix typos found by codespell in docs and code comments * fs: fix confusing "didn't find section in config file" error * vfs: fix race detected by race detector * docs: fix reference to serves3 setting disable_multipart_uploads which was renamed * docs: fix link to Rclone Serve S3 * serve s3: fix list objects encoding-type * doc: make man page well formed for whatis - fixes #7430 * Start v1.69.1-DEV development - Update to version 1.69.0: https://rclone.org/changelog/#v1-69-0-2025-01-12 Rclone is using golang.org/x/net but was not affected to CVE-2024-45337 and CVE-2024-45338. * Version v1.69.0 * test_all: disable docker plugin tests * docs: fix typo * accounting: fix race stopping/starting the stats counter * docs: add github.com/icholy/gomajor to RELEASE for updating major versions * ftp: fix ls commands returning empty on "Microsoft FTP Service" servers * s3: add docs on data integrity * webdav: make --webdav-auth-redirect to fix 401 unauthorized on redirect * rest: make auth preserving redirects an option * box: fix panic when decoding corrupted PEM from JWT file * size: make output compatible with -P * vfs: add remote name to vfs cache log messages - fixes #7952 * dropbox: fix return status when full to be fatal error * rc: add relative to vfs/queue-set-expiry * vfs: fix open files disappearing from directory listings * docker serve: parse all remaining mount and VFS options * smb: fix panic if stat fails * googlephotos: fix nil pointer crash on upload - fixes #8233 * iclouddrive: tweak docs * serve dlna: sort the directory entries by directories first then alphabetically by name * serve nfs: fix missing inode numbers which was messing up ls -laR * serve nfs: implement --nfs-cache-type symlink * azureblob,oracleobjectstorage,s3: quit multipart uploads if the context is cancelled * http: fix incorrect URLs with initial slash * build: update `github.com/shirou/gopsutil` to v4 * Replace Windows-specific NewLazyDLL with NewLazySystemDLL * lib/oauthutil: don't require token to exist for client credentials flow * fs/operations: make log messages consistent for mkdir/rmdir at INFO level * Add Francesco Frassinelli to contributors * smb: Add support for Kerberos authentication. * docs: smb: link to CloudSoda/go-smb2 fork * cloudinary: add cloudinary backend - fixes #7989 * operations: fix eventual consistency in TestParseSumFile test * Add TAKEI Yuya to contributors * docs: Remove Backblaze as a Platinum sponsor * docs: add RcloneView as silver sponsor * serve docker: fix incorrect GID assignment * serve s3: fix Last-Modified timestamp * Add ToM to contributors * Add Henry Lee to contributors * Add Louis Laureys to contributors * docs: filtering: mention feeding --files-from from standard input * docs: filtering: fix --include-from copypaste error * s3: rename glacier storage class to flexible retrieval * b2: add daysFromStartingToCancelingUnfinishedLargeFiles to backend lifecycle command * build: update golang.org/x/net to v0.33.0 to fix CVE-2024-45338 * azurefiles: fix missing x-ms-file-request-intent header * Add Thomas ten Cate to contributors * docs: Document --url and --unix-socket on the rc page * docs: link to the outstanding vfs symlinks issue * Add Yxxx to contributors * Add hayden.pan to contributors * docs: update pcloud doc to avoid puzzling token error when use remote rclone authorize * pikpak: add option to use original file links - fixes #8246 * rc/job: use mutex for adding listeners thread safety * docs: mention in serve tls options when value is path to file - fixes #8232 * build: update all dependencies * accounting: fix debug printing when debug wasn't set * Add Filipe Azevedo to contributors * fs: make --links flag global and add new --local-links and --vfs-links flag * vfs: add docs for -l/--links flag * nfsmount,serve nfs: introduce symlink support #2975 * mount2: introduce symlink support #2975 * mount: introduce symlink support #2975 * cmount: introduce symlink support #2975 * vfstest: make VFS test suite support symlinks * vfs: add symlink support to VFS * vfs: add ELOOP error * vfs: Add link permissions * vfs: Add VFS --links command line switch * vfs: add vfs.WriteFile to match os.WriteFile * fs: Move link suffix to fs * cmount: fix problems noticed by linter * mount2: Fix missing . and .. entries * sftp: fix nil check when using auth proxy * Add Martin Hassack to contributors * serve sftp: resolve CVE-2024-45337 * googlecloudstorage: typo fix in docs * onedrive: add support for OAuth client credential flow - fixes #6197 * lib/oauthutil: add support for OAuth client credential flow * lib/oauthutil: return error messages from the oauth process better * bin/test_backend_sizes.py fix compile flags and s3 reporting * test makefiles: add --flat flag for making directories with many entries * Add divinity76 to contributors * Add Ilias Ozgur Can Leonard to contributors * Add remygrandin to contributors * Add Michael R. Davis to contributors * cmd/mountlib: better snap mount error message * vfs: with --vfs-used-is-size value is calculated and then thrown away - fixes #8220 * serve sftp: fix loading of authorized keys file with comment on last line - fixes #8227 * oracleobjectstorage: make specifying compartmentid optional * plcoud: fix failing large file uploads - fixes #8147 * docs: add docker volume plugin troubleshooting steps * docs: fix missing `state` parameter in `/auth` link in instructions * build: fix build failure on ubuntu * docs: upgrade fontawesome to v6 * s3: fix multitenant multipart uploads with CEPH * Add David Seifert to contributors * Add vintagefuture to contributors * use better docs * googlecloudstorage: update docs on service account access tokens * test_all: POSIX head/tail invocations * icloud: Added note about app specific password not working * s3: fix download of compressed files from Cloudflare R2 - fixes #8137 * s3: fix testing tiers which don't exist except on AWS * Changelog updates from Version v1.68.2 * local: fix permission and ownership on symlinks with --links and --metadata * Revert "Merge commit from fork" * Add Dimitrios Slamaris to contributors * Merge commit from fork * onedrive: fix integration tests after precision change * operations: fix TestRemoveExisting on crypt backends by shortening the file name * bisync: fix output capture restoring the wrong output for logrus * serve sftp: update github.com/pkg/sftp to v1.13.7 and fix deadlock in tests * build: fix comments after golangci-lint upgrade * build: update all dependencies * build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 * pikpak: fix fatal crash on startup with token that can't be refreshed * yandex: fix server side copying over existing object * sugarsync: fix server side copying over existing object * putio: fix server side copying over existing object * onedrive: fix server side copying over existing object * dropbox: fix server side copying over existing object * operations: add RemoveExisting to safely remove an existing file * gofile: fix server side copying over existing object * test_all: try to fix mailru rate limits in integration tests * Add shenpengfeng to contributors * Add Dimitar Ivanov to contributors * docs: fix function name in comment * sftp: allow inline ssh public certificate for sftp * serve s3: fix excess locking which was making serve s3 single threaded * lib/oauthutil: allow the browser opening function to be overridden * Add Moises Lima to contributors * lib/http: disable automatic authentication skipping for unix sockets * onedrive: fix Retry-After handling to look at 503 errors also * s3: Storj provider: fix server-side copy of files bigger than 5GB * s3: add Selectel as a provider * fs: fix Don't know how to set key "chunkSize" on upload errors in tests * drive: implement rclone backend rescue to rescue orphaned files * Add tgfisher to contributors * Add Diego Monti to contributors * Add Randy Bush to contributors * Add Alexandre Hamez to contributors * Add Simon Bos to contributors * docs: mention that inline comments are not supported in a filter-file * s3: add Wasabi eu-south-1 region * docs: fix forward refs in step 9 of using your own client id * docs: fix Scaleway Glacier website URL * dlna: fix loggingResponseWriter disregarding log level * build: remove required property on boolean inputs * build: use inputs context in github workflow * s3: fix crash when using --s3-download-url after migration to SDKv2 * docs: update overview to show pcloud can set modtime * Add André Tran to contributors * Add Matthias Gatto to contributors * Add lostb1t to contributors * Add Noam Ross to contributors * Add Benjamin Legrand to contributors * s3: add Outscale provider * Add ICloud Drive backend * drive: add support for markdown format * accounting: fix global error acounting * onedrive: fix time precision for OneDrive personal * Add RcloneView as a sponsor * Add Leandro Piccilli to contributors * cache: skip bisync tests * bisync: allow blank hashes on tests * box: fix server-side copying a file over existing dst - fixes #3511 * sync: add tests for copying/moving a file over itself * fs/cache: fix parent not getting pinned when remote is a file * gcs: add access token auth with --gcs-access-token * accounting: write the current bwlimit to the log on SIGUSR2 * accounting: fix wrong message on SIGUSR2 to enable/disable bwlimit * gphotos: implment --gphotos-proxy to allow download of full resolution media * googlephotos: remove noisy debugging statements * docs: add note to CONTRIBUTING that the overview needs editing in 2 places * test_all: add ignoretests parameter for skipping certain tests * build: replace "golang.org/x/exp/slices" with "slices" now go1.21 is required * Changelog updates from Version v1.68.1 * Makefile: Fail when doc recipes create dir named '$HOME' * Makefile: Prevent `doc` recipe from creating dir named '$HOME' * pikpak: fix cid/gcid calculations for fs.OverrideRemote * bisync: change exit code from 2 to 7 for critically aborted run * cmd: change exit code from 1 to 2 for syntax and usage errors * local: fix --copy-links on macOS when cloning * azureblob: add --azureblob-use-az to force the use of the Azure CLI for auth * azureblob: add --azureblob-disable-instance-discovery * s3: add initial --s3-directory-bucket to support AWS Directory Buckets * Add Lawrence Murray to contributors * backend/protondrive: improve performance of Proton Drive backend * ftp: implement --ftp-no-check-upload to allow upload to write only dirs * docs: document that fusermount3 may be needed when mounting/unmounting * Add rishi.sridhar to contributors * Add quiescens to contributors * docs/zoho: update options * zoho: make upload cutoff configurable * zoho: add support for private spaces * zoho: try to handle rate limits a bit better * zoho: print clear error message when missing oauth scope * zoho: switch to large file upload API for larger files, fix missing URL encoding of filenames for the upload API * zoho: use download server to accelerate downloads * opendrive: add about support to backend * pikpak: fix login issue where token retrieval fails * webdav: nextcloud: implement backoff and retry for 423 LOCKED errors * s3: fix rclone ignoring static credentials when env_auth=true * fs: fix setting stringArray config values from environment variables * rc: fix default value of --metrics-addr * fs: fix --dump filters not always appearing * docs: correct notes on docker manual build * Add ttionya to contributors * build: fix docker release build - fixes #8062 * docs: add section for improving performance for s3 * onedrive: fix spurious "Couldn't decode error response: EOF" DEBUG * Add Divyam to contributors * serve docker: add missing vfs-read-chunk-streams option in docker volume driver * Start v1.69.0-DEV development - Update to version 1.68.2: * Version v1.68.2 * s3: fix multitenant multipart uploads with CEPH * local: fix permission and ownership on symlinks with --links and --metadata CVE-2024-52522 boo#1233422 * bisync: fix output capture restoring the wrong output for logrus * build: fix comments after golangci-lint upgrade * build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 * pikpak: fix fatal crash on startup with token that can't be refreshed * serve s3: fix excess locking which was making serve s3 single threaded * onedrive: fix Retry-After handling to look at 503 errors also * s3: Storj provider: fix server-side copy of files bigger than 5GB * docs: mention that inline comments are not supported in a filter-file * docs: fix forward refs in step 9 of using your own client id * docs: fix Scaleway Glacier website URL * dlna: fix loggingResponseWriter disregarding log level * s3: fix crash when using --s3-download-url after migration to SDKv2 * docs: update overview to show pcloud can set modtime * Add RcloneView as a sponsor * accounting: fix wrong message on SIGUSR2 to enable/disable bwlimit * pikpak: fix cid/gcid calculations for fs.OverrideRemote * local: fix --copy-links on macOS when cloning * Start v1.68.2-DEV development - CVE-2024-51744: updated jwt to v4.5.1 (bsc#1232964). rclone-1.73.5-bp160.1.1.x86_64.rpm rclone-bash-completion-1.73.5-bp160.1.1.noarch.rpm rclone-zsh-completion-1.73.5-bp160.1.1.noarch.rpm rclone-1.73.5-bp160.1.1.ppc64le.rpm rclone-1.73.5-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-214 Security update for chromium important openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: Changes in chromium: - Chromium 147.0.7727.116 (boo#1262586) chromedriver-147.0.7727.116-bp160.1.1.x86_64.rpm chromium-147.0.7727.116-bp160.1.1.x86_64.rpm chromedriver-147.0.7727.116-bp160.1.1.ppc64le.rpm chromium-147.0.7727.116-bp160.1.1.ppc64le.rpm chromedriver-147.0.7727.116-bp160.1.1.aarch64.rpm chromium-147.0.7727.116-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-215 Recommended update for gn moderate openSUSE Backports SLE-16.0 This update for gn fixes the following issues: Changes in gn: - Update to version 0.20260331: * Add modulemap generation to GN. * Support building gn without a .git directory. * Limit the maximum number of GN worker threads to 32. * Remove premature target writing before validation during `gn gen`. * Only run target checks in background threads during resolution. * Add additional files to gitignore * Add `inputs` parameter to `tool`. * Unit test foo* not just *foo patterns * Unit test edge cases around consecutive \b in patterns * Reject newlines in string config values (defines, cflags, etc.) * Set clang-format to use C++20 * Run formatter * Bump min mac version flag. * Add --error-limit flag to control error output count * [gn] Fix Value::operator== for empty lists * [gn] Optimize Value::LIST with Copy-On-Write using nullptr * Capture C++ modules compilation commands in compile_commands.json * Output -fmodule-map-file as well as -fmodule-file for module dependencies. * Optimize HeaderChecker by parallelizing ReachabilityCache pre-calculation and removing lock contention. * Optimize HeaderChecker file I/O by parsing files only once * Optimize reachability cache to drastically reduce BFS executions * Remove unused targets_count_ in HeaderChecker * Apply clang-format * Use high-performance cores on Apple Silicon for worker pool * Optimize HeaderChecker::IsDependencyOf using HashTableBase * [perf] Optimize HeaderChecker BFS using reserve() * [perf] Share ResolvedTargetData across worker threads * [perf] Cache dependency checks in HeaderChecker * [test] Fix SetupTest.AbsolutePythonPathInsideRootDir on macOS * [mac] Update minimum macOS version to 10.12 * Include validations when collecting metadata * Fix target being written twice under certain circumstances * Add validation support to gn analyze/desc/path/refs * Fix race condition when using validations * Add pcm files to the deps of phony target * Add `validations` dependency type to targets * Fix result of Scheduler::Run() with empty work queue * Add conductor setup files * Improve writing runtime deps * Unit test label user visible name * Improve error message for rebase_path builtin * Minor table-driven test refactor * win: Use relative path for python in ninja files if possible gn-0.20260331-bp160.1.1.x86_64.rpm gn-0.20260331-bp160.1.1.s390x.rpm gn-0.20260331-bp160.1.1.ppc64le.rpm gn-0.20260331-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-216 Security update for freerdp2 important openSUSE Backports SLE-16.0 This update for freerdp2 fixes the following issues: Changes in freerdp2: - Update freerdp-3-macro: + Add WINPR_ATTR_MALLOC macro from freerdp 3 - Security fixes for the following issues: * CVE-2026-25941: Fixed a out of bounds read (bsc#1258919) * CVE-2026-25942: Fixed a buffer overflow in xf_rail_server_execute_result() (bsc#1258920) * CVE-2026-27951: Fixed a denial of service in Stream_EnsureCapacity() (bsc#1258939) * CVE-2026-25997: Fixed a use-after-free in xf_clipboard_format_equal() (bsc#1258977) * CVE-2026-26986: Fixed a use-after-free in rail_window_free() (bsc#1258967) * CVE-2026-27015: Fixed a client denial of service via reachable assert (bsc#1258987) * CVE-2026-25952: Fixed a use-after-free in xf_SetWindowMinMaxInfo() (bsc#1258921) * CVE-2026-25953: Fixed a use-after-free in xf_AppUpdateWindowFromSurface() (bsc#1258923) * CVE-2026-25954: Fixed a use-after-free in xf_rail_server_local_move_size() (bsc#1258924) * CVE-2026-24684: Fixed a use-after-free in play_thread() (bsc#1257991). * CVE-2026-26271: Fixed a buffer overread in icon processing (bsc#1258979) * CVE-2026-26955: Fixed a out of bounds write (bsc#1258982) * CVE-2026-26965: Fixed a out of bounds write (bsc#1258985) * CVE-2026-31806: Fixed a buffer overflow via improper validation of server messages (bsc#1259653) * CVE-2026-31883: Fixed a buffer overflow via crafted audio format and wave data (bsc#1259679) * CVE-2026-31885: Fixed a out of bounds read (bsc#1259686) * CVE-2026-24491: Fix use-after-free that was accidentally introduced in the backport (bsc#1257981) * CVE-2026-22855: Fixed a buffer overflow in smartcard_unpack_set_attrib_call() (bsc#1256721) * CVE-2026-22857: Fixed a use-after-free in irp_thread_func() (bsc#1256723) * CVE-2026-23533: Fixed a buffer overflow in clear_decompress_residual_data() (bsc#1256943) * CVE-2026-23732: Fixed a buffer overflow in Glyph_Alloc() (bsc#1256945) * CVE-2026-23883: Fixed a use-after-free (bsc#1256946) * CVE-2026-23884: Fixed a use-after-free in gdi_set_bounds (bsc#1256947) freerdp2-2.11.7-bp160.3.1.x86_64.rpm freerdp2-devel-2.11.7-bp160.3.1.x86_64.rpm freerdp2-proxy-2.11.7-bp160.3.1.x86_64.rpm freerdp2-server-2.11.7-bp160.3.1.x86_64.rpm libfreerdp2-2-2.11.7-bp160.3.1.x86_64.rpm libwinpr2-2-2.11.7-bp160.3.1.x86_64.rpm winpr2-devel-2.11.7-bp160.3.1.x86_64.rpm freerdp2-2.11.7-bp160.3.1.s390x.rpm freerdp2-devel-2.11.7-bp160.3.1.s390x.rpm freerdp2-proxy-2.11.7-bp160.3.1.s390x.rpm freerdp2-server-2.11.7-bp160.3.1.s390x.rpm libfreerdp2-2-2.11.7-bp160.3.1.s390x.rpm libwinpr2-2-2.11.7-bp160.3.1.s390x.rpm winpr2-devel-2.11.7-bp160.3.1.s390x.rpm freerdp2-2.11.7-bp160.3.1.ppc64le.rpm freerdp2-devel-2.11.7-bp160.3.1.ppc64le.rpm freerdp2-proxy-2.11.7-bp160.3.1.ppc64le.rpm freerdp2-server-2.11.7-bp160.3.1.ppc64le.rpm libfreerdp2-2-2.11.7-bp160.3.1.ppc64le.rpm libwinpr2-2-2.11.7-bp160.3.1.ppc64le.rpm winpr2-devel-2.11.7-bp160.3.1.ppc64le.rpm freerdp2-2.11.7-bp160.3.1.aarch64.rpm freerdp2-devel-2.11.7-bp160.3.1.aarch64.rpm freerdp2-proxy-2.11.7-bp160.3.1.aarch64.rpm freerdp2-server-2.11.7-bp160.3.1.aarch64.rpm libfreerdp2-2-2.11.7-bp160.3.1.aarch64.rpm libwinpr2-2-2.11.7-bp160.3.1.aarch64.rpm winpr2-devel-2.11.7-bp160.3.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-217 Recommended update for kf6-kio moderate openSUSE Backports SLE-16.0 This update for kf6-kio fixes the following issues: Changes in kf6-kio: - Fix copy/move operations within WebDAV (kde#487503, kde#443386, boo#889789): kf6-kio-6.16.0-bp160.2.1.x86_64.rpm kf6-kio-devel-6.16.0-bp160.2.1.x86_64.rpm kf6-kio-doc-6.16.0-bp160.2.1.x86_64.rpm kf6-kio-lang-6.16.0-bp160.2.1.noarch.rpm libKF6KIO6-6.16.0-bp160.2.1.x86_64.rpm kf6-kio-6.16.0-bp160.2.1.s390x.rpm kf6-kio-devel-6.16.0-bp160.2.1.s390x.rpm kf6-kio-doc-6.16.0-bp160.2.1.s390x.rpm libKF6KIO6-6.16.0-bp160.2.1.s390x.rpm kf6-kio-6.16.0-bp160.2.1.ppc64le.rpm kf6-kio-devel-6.16.0-bp160.2.1.ppc64le.rpm kf6-kio-doc-6.16.0-bp160.2.1.ppc64le.rpm libKF6KIO6-6.16.0-bp160.2.1.ppc64le.rpm kf6-kio-6.16.0-bp160.2.1.aarch64.rpm kf6-kio-devel-6.16.0-bp160.2.1.aarch64.rpm kf6-kio-doc-6.16.0-bp160.2.1.aarch64.rpm libKF6KIO6-6.16.0-bp160.2.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-218 Recommended update for openvino moderate openSUSE Backports SLE-16.0 This update for openvino fixes the following issues: Changes in openvino: - Update to 2026.1.0 - More GenAI coverage and framework integrations to minimize code changes * New models supported on CPUs & GPUs: Qwen3 VL * New models supported on CPUs: GPT-OSS 120B * Preview: Introducing the OpenVINO backend for llama.cpp, which enables optimized inference on Intel CPUs, GPUs, and NPUs. Validated on GGUF models such as Llama-3.2-1B-Instruct-GGUF, Phi-3-mini-4k-instruct-gguf, Qwen2.5-1.5B-Instruct-GGUF, and Mistral-7B-Instruct-v0.3. * New notebook: Unified VLM chatbot with video file support and interactive model switching across Qwen3-VL, Qwen2.5-VL, and LLaVa-NeXT-Video. - Broader LLM model support and more model compression techniques * OpenVINO™ GenAI adds TaylorSeer Lite caching for image and video generation, accelerating diffusion-transformer inference across Flux, SD3, and LTX-Video pipelines, aligned with Hugging Face Diffusers. * LTX-Video generation on GPU achieves end-to-end acceleration through fusion of RMSNorm and RoPE operators, significantly improving video generation performance. * OpenVINO™ GenAI adds dynamic LoRA support for Qwen3-VL and VL models with LLM, allowing developers to swap adapters at runtime for efficient serving of multiple model variants in production without reloading the base model. * Preview: The release-weights API for ov::Model enables memory reclamation during model compilation on NPUs, delivering dramatically lower peak memory consumption for edge and client deployments. Users must set this property in ov::Model, and it will be applied during compilation. - More portability and performance to run AI at the edge, in the cloud, or locally. * Introducing support for Intel® Core™ Series 3 processors (formerly codenamed Wildcat Lake) and Intel® Arc™ Pro B70 Graphics with 32GB memory for single-GPU inference on 20-30B parameter LLMs * Prompt Lookup Decoding extended to vision-language pipelines, delivering significantly faster token generation for multimodal workloads on Intel CPUs and GPUs. * OpenVINO™ GenAI now has a smaller runtime footprint after eliminating ICU DLL dependencies from tokenization, leading to reduced memory usage, faster startup, and easier deployment. * OpenVINO GenAI introduces WhisperPipeline for Node.js via its NPM package, delivering production-ready speech recognition with word-level audio-to-text transcription. * OpenVINO™ Model Server enhances support for Qwen3-MOE and GPT-OSS-20b models, delivering improved performance, accuracy, and robust concurrent request handling with continuous batching. These pre-optimized models are available on Hugging Face for easy deployment. Additionally, the Model Server introduces image inpainting and outpainting capabilities via the /image endpoint for AI image editing. - Update to 2026.0.0 - More GenAI coverage and framework integrations to minimize code changes * New models supported on CPUs & GPUs: GPT-OSS-20B, MiniCPM-V-4_5-8B, and MiniCPM-o-2.6. * New models supported on NPUs: MiniCPM-o-2.6. In addition, NPU support is now available on Qwen2.5-1.5B-Instruct, Qwen3-Embedding-0.6B, Qwen-2.5-coder-0.5B. * OpenVINO? GenAI now adds word-level timestamp functionality to the Whisper Pipeline on CPUs, GPUs, and NPUs, enabling more accurate transcriptions and subtitling in line with OpenAI and FasterWhisper implementations. * Phi-3-mini FastDraft model is now available on Hugging Face to accelerate LLM inference on NPUs. FastDraft optimizes speculative decoding for LLMs. - Broader LLM model support and more model compression techniques * With the new int4 data-aware weight compression for 3D MatMuls, the Neural Network Compression Framework enables MoE LLMs to run with reduced memory, bandwidth, and improved accuracy compared to data-free schemes-delivering faster, more efficient deployment on resource-constrained devices. * Preview: the Neural Network Compression Framework now supports per-layer and per-group Look-Up Tables (LUT) for FP8-4BLUT quantization. This enables fine-grained, codebook-based compression that reduces model size and bandwidth while improving inference speed and accuracy for LLMs and transformer workloads. - More portability and performance to run AI at the edge, in the cloud, or locally. * Preview: OpenVINO? GenAI adds VLM pipeline support to enhance Agentic AI framework integration. * OpenVINO GenAI now supports speculative decoding for NPUs, delivering improved performance and efficient text generation through a small draft model that is periodically validated by the full-size model. * Preview: NPU compiler integration with the NPU plugin enables ahead-of-time and on-device compilation without relying on OEM driver updates. Developers can enable this feature for a single, ready-to-ship package that reduces integration friction and accelerates time-to-value. * OpenVINO? Model Server adds enhanced support for audio endpoint plus agentic continuous batching and concurrent runs for improved LLM performance in agentic workflows on Intel CPUs and GPUs. - Support Change and Deprecation Notices * Discontinued in 2026.0: + The deprecated openvino.runtime namespace has been removed. Please use the openvino namespace directly. + The deprecated openvino.Type.undefined has been removed. Please use openvino.Type.dynamic instead. + The PostponedConstant constructor signature has been updated for improved usability: - Old (removed): Callable[[Tensor], None] - New: Callable[[], Tensor] + The deprecated OpenVINO GenAI predefined generation configs were removed. + The deprecated OpenVINO GenAI support for whisper stateless decoder model has been removed. Please use a stateful model. + The deprecated OpenVINO GenAI StreamerBase put method, bool return type for callbacks, and ChunkStreamer class has been removed. + NNCF create_compressed_model() method is now deprecated and removed in 2026. Please use nncf.prune() method for unstructured pruning and nncf.quantize() for INT8 quantization. + NNCF optimization methods for TensorFlow models and TensorFlow backend in NNCF are deprecated and removed in 2026. It is recommended to use PyTorch analogous models for training-aware optimization methods and OpenVINO? IR, PyTorch, and ONNX models for post-training optimization methods from NNCF. + The following experimental NNCF methods are deprecated and removed: NAS, Structural Pruning, AutoML, Knowledge Distillation, Mixed-Precision Quantization, Movement Sparsity. + CPU plugin now requires support for the AVX2 instruction set as a minimum system requirement. The SSE instruction set will no longer be supported. + OpenVINO migrated builds based on RHEL 8 to RHEL 9. + manylinux2014 upgraded to manylinux_2_28. This aligns with modern toolchain requirements but also means that CentOS 7 will no longer be supported due to glibc incompatibility. + MacOS x86 is no longer supported. + APT & YUM Repositories Restructure: Starting with release 2025.1, users can switch to the new repository structure for APT and YUM, which no longer uses year-based subdirectories (like 2025). The old (legacy) structure is unavailable starting 2026.0. Detailed instructions are available on the relevant documentation pages: - Installation guide - yum - Installation guide - apt + OpenCV binaries removed from Docker images. * Deprecated and to be removed in the future: + Support for Ubuntu 20.04 has been discontinued due to the end of its standard support. + auto shape and auto batch size (reshaping a model in runtime) will be removed in the future. OpenVINO?s dynamic shape models are recommended instead. + With the release of Node.js v22, updated Node.js bindings are now available and compatible with the latest LTS version. These bindings do not support CentOS 7, as they rely on newer system libraries unavailable on legacy systems. + Starting with 2026.0 release major internal refactoring of the graph iteration mechanism has been implemented for improved performance and maintainability. The legacy path can be enabled by setting the ONNX_ITERATOR=0 environment variable. This legacy path is deprecated and will be removed in future releases. + OpenVINO Model Server: - The dedicated OpenVINO operator for Kubernetes and OpenShift is now deprecated in favor of the recommended KServe operator. The OpenVINO operator will remain functional in upcoming OpenVINO Model Server releases but will no longer be actively developed. Since KServe provides broader capabilities, no loss of functionality is expected. On the contrary, more functionalities will be accessible and migration between other serving solutions and OpenVINO Model Server will be much easier. - TensorFlow Serving (TFS) API support is planned for deprecation. With increasing adoption of the KServe API for classic models and the OpenAI API for generative workloads, usage of the TFS API has significantly declined. Dropping date is to be determined based on the feedback, with a tentative target of mid-2026. - Support for Stateful models will be deprecated. These capabilities were originally introduced for Kaldi audio models which is no longer relevant. Current audio models support relies on the OpenAI API, and pipelines implemented via OpenVINO GenAI library. - Directed Acyclic Graph Scheduler will be deprecated in favor of pipelines managed by MediaPipe scheduler and will be removed in 2026.3. That approach gives more flexibility, includes wider range of calculators and has support for using processing accelerators. - Enable intel gpu option and add associated package. - Update to 2025.4.0 * Preview: Mixture of Experts (MoE) models optimized for CPUs and GPUs, validated for GPT-OSS 20B model. How to convert model: optimum-cli export openvino -m "openai/gpt-oss-20b" out_dir --weight-format int4 * Fixed issue ID 174531: Accuracy regression of Mistral-7b-instruct-v0.2 and Mistral-7b-instruct-v0.3 on all devices when executed with OpenVINO GenAI. As a workaround, use the IR converted with OpenVINO 2025.3. * Fixed issue ID 176777: Using the callback parameter with the Python API call generate() in Text2ImagePipeline, Image2ImagePipeline, InpaintingPipeline may cause the process to hang. As a workaround, do not use the callback parameter. C++ implementations was not affected. * Resolved an issue in the NPU plugin where the Level Zero (L0) context was implemented as a static global object and only destroyed during DLL unload, even after unload_plugin() was called. This behavior prevented the driver from spawning threads required for certain optimizations and features. - Update to 2025.4.0 - More GenAI coverage and framework integrations to minimize code changes * New models supported: + On CPUs & GPUs: Qwen3-Embedding-0.6B, Qwen3-Reranker-0.6B, Mistral-Small-24B-Instruct-2501. + On NPUs: Gemma-3-4b-it and Qwen2.5-VL-3B-Instruct. * Preview: Mixture of Experts (MoE) models optimized for CPUs and GPUs, validated for Qwen3-30B-A3B. * GenAI pipeline integrations: Qwen3-Embedding-0.6B and Qwen3-Reranker-0.6B for enhanced retrieval/ranking, and Qwen2.5VL-7B for video pipeline. - Broader LLM model support and more model compression techniques * The Neural Network Compression Framework (NNCF) ONNX backend now supports INT8 static post-training quantization (PTQ) and INT8/INT4 weight-only compression to ensure accuracy parity with OpenVINO IR format models. SmoothQuant algorithm support added for INT8 quantization. * Accelerated multi-token generation for GenAI, leveraging optimized GPU kernels to deliver faster inference, smarter KV-cache reuse, and scalable LLM performance. * GPU plugin updates include improved performance with prefix caching for chat history scenarios and enhanced LLM accuracy with dynamic quantization support for INT8. - More portability and performance to run AI at the edge, in the cloud, or locally. * Announcing support for Intel® Core Ultra Processor Series 3. * Encrypted blob format support added for secure model deployment with OpenVINO GenAI. Model weights and artifacts are stored and transmitted in an encrypted format, reducing risks of IP theft during deployment. Developers can deploy with minimal code changes using OpenVINO GenAI pipelines. * OpenVINO™ Model Server and OpenVINO™ GenAI now extend support for Agentic AI scenarios with new features such as output parsing and improved chat templates for reliable multi-turn interactions, and preview functionality for the Qwen3-30B-A3B model. OVMS also introduces a preview for audio endpoints. * NPU deployment is simplified with batch support, enabling seamless model execution across Intel® Core Ultra processors while eliminating driver dependencies. Models are reshaped to batch_size=1 before compilation. * The improved NVIDIA Triton Server* integration with OpenVINO backend now enables developers to utilize Intel GPUs or NPUs for deployment. - Update to 2025.3.0 - More GenAI coverage and framework integrations to minimize code changes * New models supported: Phi-4-mini-reasoning, AFM-4.5B, Gemma-3-1B-it, Gemma-3-4B-it, and Gemma-3-12B, * NPU support added for: Qwen3-1.7B, Qwen3-4B, and Qwen3-8B. * LLMs optimized for NPU now available on OpenVINO Hugging Face collection. - Broader LLM model support and more model compression techniques * The NPU plug-in adds support for longer contexts of up to 8K tokens, dynamic prompts, and dynamic LoRA for improved LLM performance. * The NPU plug-in now supports dynamic batch sizes by reshaping the model to a batch size of 1 and concurrently managing multiple inference requests, enhancing performance and optimizing memory utilization. * Accuracy improvements for GenAI models on both built-in and discrete graphics achieved through the implementation of the key cache compression per channel technique, in addition to the existing KV cache per-token compression method. * OpenVINO™ GenAI introduces TextRerankPipeline for improved retrieval relevance and RAG pipeline accuracy, plus Structured Output for enhanced response reliability and function calling while ensuring adherence to predefined formats. - More portability and performance to run AI at the edge, in the cloud, or locally. * Announcing support for Intel® Arc™ Pro B-Series (B50 and B60). * Preview: Hugging Face models that are GGUF-enabled for OpenVINO GenAI are now supported by the OpenVINO™ Model Server for popular LLM model architectures such as DeepSeek Distill, Qwen2, Qwen2.5, and Llama 3. This functionality reduces memory footprint and simplifies integration for GenAI workloads. * With improved reliability and tool call accuracy, the OpenVINO™ Model Server boosts support for agentic AI use cases on AI PCs, while enhancing performance on Intel CPUs, built-in GPUs, and NPUs. * int4 data-aware weights compression, now supported in the Neural Network Compression Framework (NNCF) for ONNX models, reduces memory footprint while maintaining accuracy and enables efficient deployment in resource-constrained environments. libopenvino2610-2026.1.0-bp160.1.1.x86_64.rpm libopenvino_c2610-2026.1.0-bp160.1.1.x86_64.rpm libopenvino_ir_frontend2610-2026.1.0-bp160.1.1.x86_64.rpm libopenvino_onnx_frontend2610-2026.1.0-bp160.1.1.x86_64.rpm libopenvino_paddle_frontend2610-2026.1.0-bp160.1.1.x86_64.rpm libopenvino_pytorch_frontend2610-2026.1.0-bp160.1.1.x86_64.rpm libopenvino_tensorflow_frontend2610-2026.1.0-bp160.1.1.x86_64.rpm libopenvino_tensorflow_lite_frontend2610-2026.1.0-bp160.1.1.x86_64.rpm openvino-auto-batch-plugin-2026.1.0-bp160.1.1.x86_64.rpm openvino-auto-plugin-2026.1.0-bp160.1.1.x86_64.rpm openvino-devel-2026.1.0-bp160.1.1.x86_64.rpm openvino-hetero-plugin-2026.1.0-bp160.1.1.x86_64.rpm openvino-intel-cpu-plugin-2026.1.0-bp160.1.1.x86_64.rpm openvino-intel-gpu-plugin-2026.1.0-bp160.1.1.x86_64.rpm openvino-intel-npu-plugin-2026.1.0-bp160.1.1.x86_64.rpm openvino-sample-2026.1.0-bp160.1.1.noarch.rpm python3-openvino-2026.1.0-bp160.1.1.x86_64.rpm libopenvino2610-2026.1.0-bp160.1.1.aarch64.rpm libopenvino_c2610-2026.1.0-bp160.1.1.aarch64.rpm libopenvino_ir_frontend2610-2026.1.0-bp160.1.1.aarch64.rpm libopenvino_onnx_frontend2610-2026.1.0-bp160.1.1.aarch64.rpm libopenvino_paddle_frontend2610-2026.1.0-bp160.1.1.aarch64.rpm libopenvino_pytorch_frontend2610-2026.1.0-bp160.1.1.aarch64.rpm libopenvino_tensorflow_frontend2610-2026.1.0-bp160.1.1.aarch64.rpm libopenvino_tensorflow_lite_frontend2610-2026.1.0-bp160.1.1.aarch64.rpm openvino-arm-cpu-plugin-2026.1.0-bp160.1.1.aarch64.rpm openvino-auto-batch-plugin-2026.1.0-bp160.1.1.aarch64.rpm openvino-auto-plugin-2026.1.0-bp160.1.1.aarch64.rpm openvino-devel-2026.1.0-bp160.1.1.aarch64.rpm openvino-hetero-plugin-2026.1.0-bp160.1.1.aarch64.rpm python3-openvino-2026.1.0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-219 Recommended update for emacs-auctex moderate openSUSE Backports SLE-16.0 This update for emacs-auctex fixes the following issues: Introducing emacs-auctex. emacs-auctex-14.1.0-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-22 Security update for certbot important openSUSE Backports SLE-16.0 This update for certbot fixes the following issues: This update adds the certbot stack. (python modules: ConfigArgParse, acme, certbot, certbot-nginx, josepy, pyRFC3339). python313-ConfigArgParse-1.7-bp160.1.1.noarch.rpm python313-acme-5.1.0-bp160.1.1.noarch.rpm python313-certbot-5.1.0-bp160.1.1.noarch.rpm python313-certbot-nginx-5.1.0-bp160.1.1.noarch.rpm python313-josepy-2.2.0-bp160.1.1.noarch.rpm python313-pyRFC3339-2.0.1-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-220 Recommended update for frizbee moderate openSUSE Backports SLE-16.0 This update for frizbee fixes the following issues: Changes in frizbee: - Update to version 0.1.10: * chore(deps): update github/codeql-action digest to c10b806 (#388) * chore(deps): update github/codeql-action digest to b8bb9f2 (#378) * chore(deps): consolidate all pending dependency updates (#387) * chore: migrate from Trivy to Grype for vulnerability scanning (#381) - Update to version 0.1.9: * chore(deps): update anchore/sbom-action action to v0.23.1 (#373) * chore(deps): update sigstore/cosign-installer action to v4.1.0 (#372) * fix(deps): update module github.com/google/go-github/v66 to v84 (#363) * chore(deps): update github/codeql-action digest to 0d579ff (#365) * chore(deps): update github artifact actions (#361) * chore(deps): update anchore/sbom-action action to v0.23.0 (#360) * chore(deps): bump github.com/moby/buildkit from 0.27.1 to 0.28.0 (#369) * fix(deps): update module golang.org/x/sync to v0.20.0 (#371) * fix(deps): update module github.com/go-git/go-billy/v5 to v5.8.0 (#357) * chore(deps): update aquasecurity/trivy-action action to v0.35.0 (#366) * fix(deps): update module github.com/google/go-containerregistry to v0.21.2 (#356) * chore(deps): update goreleaser/goreleaser-action action to v7 (#355) * fix(deps): update module github.com/google/go-containerregistry to v0.21.0 (#352) * fix(deps): update module github.com/google/go-github/v66 to v83 (#351) * chore(deps): update aquasecurity/trivy-action action to v0.34.1 (#350) * chore(deps): update anchore/sbom-action action to v0.22.2 (#348) * chore(deps): update github/codeql-action digest to 89a39a4 (#347) * chore(deps): update actions/checkout digest to de0fac2 (#337) * chore: enable parallel runners for golangci-lint (#349) - Update to version 0.1.8: * Update goreleaser (#345) * chore(deps): update sigstore/cosign-installer action to v4 (#320) * chore(deps): update golangci/golangci-lint-action action to v9 (#325) * chore(deps): update sigstore/cosign-installer action to v3.10.1 (#319) * chore(deps): update github/codeql-action digest to b20883b (#311) * chore(deps): update anchore/sbom-action action to v0.22.1 (#307) * chore(deps): update actions/setup-go digest to 40f1582 (#343) * chore(deps): update actions/checkout action to v6 (#344) * Pins go and bumps dependencies (#342) * chore(deps): update github artifact actions (#321) * chore(deps): update dependency go to v1.25.2 (#314) * chore(deps): update github/codeql-action action to v4 (#315) * chore(deps): bump github.com/moby/buildkit from 0.24.0 to 0.25.1 (#316) * chore(deps): update sigstore/cosign-installer action to v3.10.0 (#306) * Fix the linter failing (#305) * Fix tablewriter API compatibility for v1.0.9 dependency upgrade (#302) * chore(deps): update golangci/golangci-lint-action action to v8 (#282) * chore(deps): update actions/checkout digest to 08eba0b (#287) * Bump github.com/moby/buildkit from 0.23.2 to 0.24.0 (#299) * Bump golang.org/x/sync from 0.16.0 to 0.17.0 (#300) * chore(deps): update aquasecurity/trivy-action action to v0.33.1 (#301) * Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (#296) * chore(deps): update github/codeql-action digest to d3678e2 (#289) * chore(deps): update aquasecurity/trivy-action action to v0.33.0 (#295) * chore(deps): update goreleaser/goreleaser-action digest to e435ccd (#291) * chore(deps): update anchore/sbom-action action to v0.20.5 (#292) * Bump github.com/stretchr/testify from 1.10.0 to 1.11.1 (#294) * chore(deps): update goreleaser/goreleaser-action action to v6 (#283) * chore(deps): update github/codeql-action action to v3 (#281) * chore(deps): update actions/setup-go action to v5 (#280) * chore(deps): update actions/checkout action to v4 (#278) * chore(deps): update actions/download-artifact action to v5 (#279) * chore(deps): update slsa-framework/slsa-verifier action to v2.7.1 (#277) * chore(deps): update slsa-framework/slsa-github-generator action to v2.1.0 (#276) * chore(deps): update actions/setup-go digest to 19bb512 (#264) * chore(deps): update github/codeql-action digest (#266) * chore(deps): update golangci/golangci-lint-action digest to 3a91952 (#267) * chore(deps): update goreleaser/goreleaser-action digest to 5742e2a (#268) * chore(deps): update dependency go to v1.24.6 (#270) * chore(deps): update actions/checkout digest (#263) * chore(deps): update coverallsapp/github-action action to v2.3.6 (#269) * chore(deps): update actions/download-artifact action to v4.3.0 (#271) * chore(deps): update sigstore/cosign-installer action to v3.9.2 (#275) * chore(deps): update aquasecurity/trivy-action action to v0.32.0 (#274) * chore(deps): update anchore/sbom-action action to v0.20.4 (#273) * chore(deps): update actions/upload-artifact action to v4.6.2 (#272) * Add renovate.json (#262) * Bump golang.org/x/sync from 0.14.0 to 0.16.0 (#259) * fix: strip quotes from uses field (#260) * Bump github.com/moby/buildkit from 0.22.0 to 0.23.2 (#257) * Bump github.com/google/go-containerregistry from 0.20.5 to 0.20.6 (#254) * Bump github.com/moby/buildkit from 0.21.1 to 0.22.0 (#250) * Bump github.com/google/go-containerregistry from 0.20.4 to 0.20.5 (#251) * Bump github.com/google/go-containerregistry from 0.20.3 to 0.20.4 (#249) * Bump golang.org/x/sync from 0.13.0 to 0.14.0 (#244) * Bump github.com/moby/buildkit from 0.21.0 to 0.21.1 (#243) * Add SARIF output and upload to Trivy workflow (#241) * Bump github.com/moby/buildkit from 0.20.2 to 0.21.0 (#240) * Bump golang.org/x/sync from 0.12.0 to 0.13.0 (#239) - Update to version 0.1.7: * Bump dependencies * feat: implement --error * chore: fix typos * Resolve commit ref correctly. frizbee-0.1.10-bp160.1.1.x86_64.rpm frizbee-bash-completion-0.1.10-bp160.1.1.noarch.rpm frizbee-fish-completion-0.1.10-bp160.1.1.noarch.rpm frizbee-zsh-completion-0.1.10-bp160.1.1.noarch.rpm frizbee-0.1.10-bp160.1.1.s390x.rpm frizbee-0.1.10-bp160.1.1.ppc64le.rpm frizbee-0.1.10-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-221 Recommended update for openSUSE-signkey-cert moderate openSUSE Backports SLE-16.0 This update for openSUSE-signkey-cert fixes the following issues: Changes in openSUSE-signkey-cert: - select for installation if you install virtualbox-kmp-default (bsc#1263027) openSUSE-signkey-cert-20220613-bp160.3.1.x86_64.rpm openSUSE-signkey-cert-20220613-bp160.3.1.ppc64le.rpm openSUSE-signkey-cert-20220613-bp160.3.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-222 Recommended update for nginx-module-rtmp moderate openSUSE Backports SLE-16.0 This update for nginx-module-rtmp fixes the following issues: Introducing nginx-module-rtmp. nginx-module-rtmp-1.2.2-bp160.1.1.x86_64.rpm nginx-module-rtmp-1.2.2-bp160.1.1.s390x.rpm nginx-module-rtmp-1.2.2-bp160.1.1.ppc64le.rpm nginx-module-rtmp-1.2.2-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-223 Recommended update for f3 moderate openSUSE Backports SLE-16.0 This update for f3 fixes the following issues: Introducing f3. f3-9.0-bp160.1.1.x86_64.rpm f3-9.0-bp160.1.1.s390x.rpm f3-9.0-bp160.1.1.ppc64le.rpm f3-9.0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-224 Security update for radare2 critical openSUSE Backports SLE-16.0 This update for radare2 fixes the following issues: Changes in radare2: - Update to version 6.1.4 (bsc#1262142, CVE-2026-40499): * Analysis: improve autoname scoring, jmptbl detection, and performance * Add callargs modifier, rnum expressions, and typed function context * Refactor autoname into plugin; extend RAnalPlugin hooks * Fix leaks, overflows, and command injection in analysis scripts * Improve string detection, wide strings, and switch/case analysis * Arch: fix v850/nds32 ESIL, optimize to O(1), improve pseudo support * Cache capstone options and improve multi-arch disassembly * ASM: add camel syntax support, unify via RArch API * Bin: major parser fixes (ELF, Mach-O, PE, DEX, PDB, WAD, XCOFF) * Fix leaks, OOB reads/writes, overflows, and improve bounds checks * Improve Swift demangling, ARM hints, relocations, and imports * Add nds32 reloc support and optimize kernelcache parsing * Build: install to lib64, fix illumos and packaging issues * CI: add GitHub Actions and FilC builds * Console: fix multiple overflows, OOB issues, and improve performance * Core: API renames, plugin load order, sandbox/config fixes * Crash: extensive fixes (UAF, OOB, overflows, injections, fuzz bugs) * Harden ELF, PDB, kernelcache, regex, disassemblers, and webserver * Debug: improve ptrace, winkd support, breakpoints, checkpoints * Disasm: cache flag lookups for performance * FS/IO: fix leaks, bounds, sparse IO, and device handling * HTTP/socket: webserver fixes and SSL fallback handling * Print/projects: improve formatting, endian handling, project metadata * Pseudo: add while/switch support and cleaner control flow * Search/shell: improve commands, parsing, and usability * Security: fix widespread command injection and sandbox escapes * Tests/tools: improve r2r, CLI tools, fuzzing, and plugin support * Types/util: parsing improvements, JSON/base64 updates, optimizations * Visual: fix UAF/leaks, improve panels and UX * Full changelog is available at: https://github.com/radareorg/radare2/releases/tag/6.1.4 - Update to version 6.1.2: * Analysis: preserve timeouts, improve bb/jmptbl validation and limits * Optimize string detection and hot-path functions * Add APIs for function signatures, vars limits, and instruction hints * Fix overlapped functions, invalid code checks, and large bb handling * API: remove deprecated librmagic/filetype APIs and name filter * Arch: fix Thumb/endianness issues, add Python pseudo plugin * ASM: unify settings via RArch, fix directives, add bf pseudo plugin * Bin: improve ELF/Mach-O stripped detection and parsing safety * Harden Mach-O bounds, optimize kernelcache and XNU parsing * Fix many leaks (DEX, demangler, parsers) and infinite loops * Improve DWARF handling and symbol/type extraction * Build: improve meson, toolchains, and add ISO/docker support * Console: preserve timeout, fix themes and UTF-8 handling * Core: fix config bugs, improve startup and addressing support * Crash: fix UAF, OOB, race conditions, regex bugs, and overflows * Add safety checks across dotnet, Mach-O, DWARF, and webserver * Debug/ESIL: safer execution and divide-by-zero handling * FS/IO: fix HFS+, dyldcache speedups, safer zip handling * Graph: add bb size limit option * Print: merge commands, improve UTF-8 and formatting * Projects/tools: new configs, plugin support, CLI improvements * Search: faster analysis search and block buffering * Shell: improve grep/macros and file operations * Types: lazy-load, cache, and improve parsing (varargs, structs) * Tests: expand fuzzing and test suites * General cleanup, performance tuning, and safety improvements * Full changelog is available at: https://github.com/radareorg/radare2/releases/tag/6.1.4 - Update to version 6.1.0: * Reimplement RBufRef using RRef; fix RLibDelHandler API * Remove stale JAY code; improve analysis performance and CI speed * Optimize type propagation, jump tables, and plugin integration * Fix infinite loops, antidisasm tricks, and function autonaming * Add new analysis options and trace import plugin (DRCOV) * Improve RCore seek operations and naming APIs * API: add RNum.getErr, enforce safe alloc macros, new helpers * Arch: update ARC disasm, refactor sessions, remove unsafe string ops * ASM: improve x86 validation, add CIL and ARC pseudo plugins * Bin: major fixes for PE, ELF, Java, MDMP, LE, DEX; reduce memory use * Add/import DWARF types, improve relocations and symbol handling * Extensive memory leak fixes and parser hardening across formats * Improve string handling, caching, and zero-copy optimizations * Build: improve meson, remove zip deps, add 3rd-party plugin support * Console: fix UTF-8 graphs and color propagation * Core: improve plugin handling and background task stability * Crash: fix multiple UAF, OOB, overflows, and injection issues * Sanitize inputs (function names, demangler, callconv) * Debug: add source breakpoints, ARM64/XNU support, FPU regs * Disasm: improve string handling, comments, and color logic * ESIL: extend x86 FPU emulation * FS/IO: fixes and plugin reorganizations * HTTP: fix sandbox webserver issues * Hash/tools: minor fixes and output improvements * General cleanup, safety checks, and performance optimizations * Full changelog is available at: https://github.com/radareorg/radare2/releases/tag/6.1.0 - Update to version 6.0.8: * Migrate r_vector to RVec across core components * Refactor and optimize type propagation (now plugin-based) * Remove redundant anal.a2f and related duplication * Improve caching, memoization, and performance in analysis * Fix file corruption, null asserts, and command issues * Enhance x86 (AT&T syntax, enter instruction) and z80 support * Add initial .NET (CIL) disasm/asm support * Improve Java, ELF, Mach-O, APK, and PDB handling * Fix demangling, symbols, and relocation issues * Resolve multiple memory leaks and parser bugs * Fix UAF, OOB, overflows, and command injection vulnerabilities * Improve GDB debugging and breakpoint handling * Enhance disassembly visuals and color options * Update ESIL operators and behavior * Add support for APFS, GPT, BSD, APM partitions * Improve IO handling and add new plugins * Optimize performance (strbuf, memory usage) * Improve console UI, themes, and terminal handling * Refine SDK builds and CI pipelines * Improve CLI tools (rabin2, rasm2, rafs2) * Add JSON support and better help/version info * Expand type parsing (typedef, enum, union) * Improve socket/HTTP handling and downloads * Add and refine tests and reporting * General cleanup, safety checks, and code modernization * Full changelog is available at: https://github.com/radareorg/radare2/releases/tag/6.0.8 - Update to version 6.0.7: * shell: Fix parsing r2 -H$(VARNAME) without a space - Update to version 6.0.6: * Full changelog is available at: https://github.com/radareorg/radare2/releases/tag/6.0.6 - Update to version 6.0.4: * Full changelog is available at: https://github.com/radareorg/radare2/releases/tag/6.0.4 - Update to version 6.0.2: * Full changelog is available at: https://github.com/radareorg/radare2/releases/tag/6.0.2 - Update to version 6.0.0: * ABI changes: ~ RCorePlugins now have a session ~ Finish the RKons refactoring, all r_cons calls take instance instead of global ~ Rename RCrypto to RMuta ~ Use RCons instance from RLine ~ Rename RIOPlugin.widget to RIOPlugin.data ~ Refactor the RRegAlias api ~ Camelcase all the RCoreBind methods * Breaking API changes: ~ Boolify r_cons_rgb_parse ~ Add RLogLevel.fromString() and use it from -e log.level=? ~ Deprecate r_bin_addr2line ~ Rename RBinDbgItem into RBinAddrline ~ RNumCalc is now known as RNumMath ~ Move RFlagItem.alias into the Meta ~ Rename core->offset into core->addr (asm.offset and more!) ~ Rename RFlagItem.offset -> addr * API changes: ~ Boolify r_cons_rgb_parse ~ Add RLogLevel.fromString() and use it from -e log.level=? ~ Deprecate r_bin_addr2line ~ Rename RBinDbgItem into RBinAddrline ~ RNumCalc is now known as RNumMath ~ Move RFlagItem.alias into the Meta ~ Rename core->offset into core->addr (asm.offset and more!) ~ Rename RFlagItem.offset -> addr ~ Deprecate RLang.list() ~ Unified function to jsonify the plugin meta + more fields ~ Redesign the REvent API * Full changelog is available at: https://github.com/radareorg/radare2/releases/tag/6.0.0 - CVE-2025-5641: Fix memory corruption by manipulation of the argument -T (bsc#1244121) - CVE-2025-1864: Fix buffer overflow and potential code execution (bsc#bsc#1238451) - CVE-2025-1744: Fix heap-based buffer over-read or buffer overflow (bsc#1238075) - CVE-2025-1378: Fix memory corruption (bsc#1237250) - Update to version 5.9.8: * Resolved CVE: - CVE-2024-29645: buffer overflow vulnerability allows an attacker to execute arbitrary code via the parse_die function (boo#1234065). For details, check full release notes: https://github.com/radareorg/radare2/releases/tag/5.9.8 https://github.com/radareorg/radare2/releases/tag/5.9.6 https://github.com/radareorg/radare2/releases/tag/5.9.4 https://github.com/radareorg/radare2/releases/tag/5.9.2 https://github.com/radareorg/radare2/releases/tag/5.9.0 libsdb2_4_2-6.1.4-bp160.1.1.x86_64.rpm radare2-6.1.4-bp160.1.1.x86_64.rpm radare2-devel-6.1.4-bp160.1.1.x86_64.rpm radare2-zsh-completion-6.1.4-bp160.1.1.noarch.rpm libsdb2_4_2-6.1.4-bp160.1.1.s390x.rpm radare2-6.1.4-bp160.1.1.s390x.rpm radare2-devel-6.1.4-bp160.1.1.s390x.rpm libsdb2_4_2-6.1.4-bp160.1.1.ppc64le.rpm radare2-6.1.4-bp160.1.1.ppc64le.rpm radare2-devel-6.1.4-bp160.1.1.ppc64le.rpm libsdb2_4_2-6.1.4-bp160.1.1.aarch64.rpm radare2-6.1.4-bp160.1.1.aarch64.rpm radare2-devel-6.1.4-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-225 Security update for grafana critical openSUSE Backports SLE-16.0 This update for grafana fixes the following issues: Changes in grafana: - Update to version 11.6.11: Features and enhancements: * Alerting: Add limits for the size of expanded notification templates * Correlations: Remove support for org_id=0 Security: * CVE-2026-21722: Public dashboards annotations: use dashboard timerange if time selection disabled (bsc#1258136) - Update to version 11.6.10: Features and enhancements: * API: Add missing scope check on dashboards * Avatar: Require sign-in, remove queue, respect timeout Bug fixes: * Alerting: Fix a race condition panic in ResetStateByRuleUID - Update to version 11.6.9: Features and enhancements: * Plugins: Add PluginContext to plugins when scenes is disabled Bug fixes: * Alerting: Fix contacts point issues - Update to version 11.6.8: Bug fixes: * Alerting: Fix unmarshalling of GettableStatus to include time intervals - Update to version 11.6.7: Bug fixes: * Auth: Fix render user OAuth passthrough * LDAP Authentication: Fix URL to propagate username context as parameter * Plugins: Dependencies do not inherit parent URL for preinstall * URLParams: Stringify true values as key=true always (fixes issues with variables with true value) - Update to version 11.6.6: Bug fixes: * Alerting: Fix copying of recording rule fields * Fix redirection after login when Grafana is served from subpath - Update to version 11.6.5: Features and enhancements: * Alerting: Bump alerting package to include change to NewTLSClient - Update to version 11.6.4: Features and enhancements: * StateTimeline: Add endTime to tooltip * Unified storage: Respect GF_DATABASE_URL override Bug fixes: * Alerting: Fix group interval override when adding new rules * Azure: Fix legend formatting * Azure: Fix resource name determination in template variable queries * Graphite: Fix annotation queries * Graphite: Fix date mutation * Graphite: Fix nested variable interpolation for repeated rows - Update to version 11.6.3: Security: * Fixes CVE-2025-3415 - Update to version 11.6.2: Bug fixes: * Dashboard: Fixes issue with row repeats and first row * Graphite: Ensure template variables are interpolated correctly * Graphite: Fix Graphite series interpolation * Prometheus: Fix semver import path - Update to version 11.6.1: Features and enhancements: * DashboardScenePage: Correct slug in self referencing data links * GrafanaUI: Use safePolygon close handler for interactive tooltips instead of a delay * Prometheus: Add support for cloud partners Prometheus data sources Bug fixes: * Alertmanager: Add Role-Based Access Control via reqAction Field * GrafanaUI: Remove blurred background from overlay backdrops to improve performance * InfluxDB: Fix nested variable interpolation * LDAP test: Fix page crash * Org redirection: Fix linking between orgs - Upgrade to version 11.6.0: Features and enhancements: * Visualisations: One click links and actions * Annotations: Add cron syntax support * WebGL-powered geomaps for better performance * Alerting: Add alert rule version history Security: * API keys: Migrate API keys to service accounts at startup - CVE-2026-21721: Fix access control by the dashboard permissions API (bsc#1257337) - CVE-2026-21720: Fix unauthenticated DoS (bsc#1257349) - CVE-2025-68156: Fix potential DoS via unbounded recursion in builtin functions (bsc#1255340) - CVE-2025-64751: Drop experimental implementation of authorization Zanzana server/client (bsc#1254113) - Use forked wire from Grafana repository instead of external package (jsc#PED-14178). - Update to version 11.5.10: Security: * CVE-2025-47911: Fix parsing HTML documents (bsc#1251454) * CVE-2025-58190: Fix excessive memory consumption (bsc#1251657) Features and enhancements: * Update to Go 1.25 * Update to golang.org/x/net v0.45.0 Bug fixes: * Auth: Fix render user OAuth passthrough. * LDAP Authentication: Fix URL to propagate username context as parameter. * Plugins: Dependencies do not inherit parent URL for preinstall. - Update to version 11.5.9: * Security: CVE-2025-11065: Fix sensitive information leak in logs (bsc#1250616) * Features and enhancements: Auditing: Document new options for recording datasource query request/response body. * Bug fixes: Login: Fix redirection after login when Grafana is served from subpath. - Update to version 11.5.8: * No relevant changes - Update to version 11.5.7: * Security: CVE-2025-6023: Fix cross-site-scripting via scripted dashboards (bsc#1246735) CVE-2025-6197: Fix open redirect in organization switching (bsc#1246736) * Bug fixes: Azure: Fix legend formatting. Azure: Fix resource name determination in template variable queries. - Update to version 11.5.6: * Security: CVE-2025-3415: Fix exposure of DingDing alerting integration URL to Viewer level users (bsc#1245302) - Update to version 11.5.5 (jsc#PED-12918): * Security: CVE-2025-4123: Fix cross-site scripting vulnerability (bsc#1243714). CVE-2025-22872: Bump golang.org/x/net/html (bsc#1241809) CVE-2025-3580: Prevent unauthorized server admin deletion (bsc#1243672). - Update to version 11.5.4: * Security: CVE-2025-29923: Bump github.com/redis/go-redis/v9 to 9.6.3. CVE-2025-3454: Sanitize paths before evaluating access to route (bsc#1241683). CVE-2025-2703: Fix built-in XY Chart plugin (bsc#1241687). * Features and enhancements: Azure Monitor: Filter namespaces by resource group. Azure: Add support for custom namespace and custom metrics variable queries. Azure: Resource picker improvements. Azure: Support more complex variable interpolation. Azure: Variable editor and resource picker improvements. DashboardScenePage: Correct slug in self referencing data links. Prometheus: Add support for cloud partners Prometheus data sources. * Bug fixes: InfluxDB: Fix nested variable interpolation. LDAP test: Fix page crash. - Update to version 11.5.3: * Security: CVE-2025-22870: Bump golang.org/x/net (bsc#1238703). * Bug fixes: Alerting: Fix token-based Slack image upload to work with channel names. Auth: Fix AzureAD config UI's ClientAuthentication dropdown. Dashboard: Fix the unintentional time range and variables updates on saving. Dashboards: Fix missing v/e/i keybindings to return back to dashboard. InfluxDB: Improve handling of template variables contained in regular expressions (InfluxQL). Org redirection: Fix linking between orgs. - Update to version 11.5.2: * Bug fixes: Alerting: Allow specifying uid for new rules added to groups. Alerting: Call RLock() before reading sendAlertsTo map. Auth: Fix redirect with JWT auth URL login. AuthN: Refetch user on "ErrUserAlreadyExists". Azure: Correctly set application insights resource values. DashboardList: Throttle the re-renders. Dashboards: Bring back scripted dashboards. Plugin Metrics: Eliminate data race in plugin metrics middleware. RBAC: Don't check folder access if annotationPermissionUpdate FT is enabled. - Update to version 11.5.1: * Bug fixes: CodeEditor: Fix cursor alignment. TransformationFilter: Include transformation outputs in transformation filtering options. - Upgrade to version 11.5.0: * Breaking changes: Loki: Default to /labels API with query param instead of /series API. * Features and enhancements: Extended Cloud Migration Assistent support for plugins and alerts. Redesigned filters for dashboards. New regular expression option for Extract fields transformation. Redesigned sharing experience in Dashboards. Customizable shareable dashboard panel images. RBAC for alerting notifications and notification policies. Add support for Elasticsearch cross-cluster search. Time series macro support in visual query builder for SQL data sources. OAuth and SAML session handling improvements. Plugin Frontend Sandbox for additiona security. Renamed Public dashboards to Shared dashboards. - Update to version 11.4.1: * Bug fixes: Alerting: AlertingQueryRunner should skip descendant nodes of invalid queries. Alerting: Fix alert rules unpausing after moving rule to different folder. Alerting: Fix label escaping in rule export. Alerting: Fix slack image uploading to use new api. Azure/GCM: Improve error display. Dashboards: Fix issue where filtered panels would not react to variable changes. Dashboards: Fixes issue with panel header showing even when hide time override was enabled. Dashboards: Fixes week relative time ranges when weekStart was changed. Dashboards: Panel react for timeFrom and timeShift changes using variables. DateTimePicker: Fixes issue with date picker showing invalid date. Fix: Add support for datasource variable queries. InfluxDB: Adhoc filters can use template vars as values. LibraryPanel: Fallback to panel title if library panel title is not set. - Upgrade to version 11.4.0: * Features and enhancements: Cloudwatch: OpenSearch PPL and SQL support in Logs Insights. - Update to version 11.3.1: * Features and enhancements: Alerting: Make context deadline on AlertNG service startup configurable. MigrationAssistant: Restrict dashboards, folders and datasources by the org id of the signed in user. User: Check SignedInUser OrgID in RevokeInvite. * Bug fixes: Alerting: Fix escaping of silence matchers in utf8 mode. Alerting: Fix overflow for long receiver names. Alerting: Fix saving advanced mode toggle state in the alert rule editor. Alerting: Fix setting datasource uid, when datasource is string in old version. Alerting: Force refetch prom rules when refreshing panel. Anonymous User: Adds validator service for anonymous users. Azure Monitor: Support metric namespaces fallback. Azure: Fix duplicated traces in multi-resource trace query. Azure: Handle namespace request rejection. CloudWatch: Interpolate region in log context query. Dashboard datasource: Return annotations as series when query topic is "annotations". Dashboard: Append orgId to URL. Dashboards: Fixes performance issue expanding a row. Flame Graph: Fix crash when it receives empty data. Folders: Add admin permissions upon creation of a folder w. SA. Folders: Don't show error pop-up if the user can't fetch the root folder. Migration: Remove table aliasing in delete statement to make it work for mariadb. ServerLock: Fix pg concurrency/locking issue. Service Accounts: Run service account creation in transaction. Table: Fix text wrapping applying to wrong field. Unified Storage: Use ssl_mode instead of sslmode. - Update to version 11.3.0+security-01: * Security: CVE-2024-9476: Fix Migration Assistant issue (bsc#1233343) - Upgrade to version 11.3.0: * Features and enhancements: View mode and Edit mode are generally available. Template variables and the time range picker remain visible when scrolling. Added timezone parameter in Grafana URL. Kiosk mode displays dashboard controls. Auto-formatted table cell values in Cell Inspect. Allow adding actions to canvas elements. Legend support in bar gauge visualizations. Apply the same binary transformation to all the number fields in a given table at once. Add support for data links and actions in several visualizations. The Explore Logs plugin is installed by default. Added correlations to external URLs in Explore. Simplified query section for alert rule creation. Introduced recording rules for Grafana-managed alerts. GitHub App authentication for the GitHub data source. Improved subfolder creation flow. Redesigned plugin details page. Added UI for LDAP configuration. Added RBAC support in Plugins. - Update to version 11.2.2+security-01: * Bug fix: SQL Expressions: Fixes CVE-2024-9264 (bsc#1231844) - Update to version 11.2.2: * Features and enhancements: Data sources: Hide the datasource redirection banner for users who can't interact with data sources. * Bug fixes: Alerting: Fix preview of silences when label name contains spaces. Alerting: Make query wrapper match up datasource UIDs if necessary. AzureMonitor: Improve resource picker efficiency. AzureMonitor: Remove Basic Logs retention warning. CloudWatch: Fix segfault when migrating legacy queries. DashboardScene: Fix broken error handling and error rendering. Plugins: Avoid returning 404 for AutoEnabled apps. - Update to version 11.2.1: * Features and enhancements: Alerting: Support for optimistic concurrency in priovisioning Tempate API. Logs panel: Enable displayedFields in dashboards and apps. State timeline: Add pagination support. * Bug fixes: Authn: No longer hash service account token twice during authentication. CloudMigrations: Fix snapshot creation on Windows systems. DashGPT: Fixes issue with generation on Safari. Dashboard: Fix Annotation runtime error when a data source does not support annotations. Grafana SQL: Fix broken import in NumberInput component. Logs: Show older logs button when infinite scroll is enabled and sort order is descending. RBAC: Fix an issue with server admins not being able to manage users in orgs that they don't belong to. Templating: Fix searching non-latin template variables. - Upgrade to version 11.2.0: * Features and enhancements: Grafana Cloud Migration Assistant is in public preview. Added navigation bookmarks. Added template variables support in some transformations. Introduced Transpose transformation. Group to nested tables is now generally available. Format string transformation is now generally available. New cumulative and window calculations available in Add field from calculation. Canvas: Standardized tooltips. Canvas: Allow adding data links without using an override. Canvas: Allow opening data links with a single click. Canvas: Add the ability to control the order in which data links are displayed. Added pagination support for state timeline. Centralized alert history page. Grafana Explore now allows for logs filtering and pinning in content outline. Added forward direction search for Loki. Added Cloudwatch Metric Insights cross account observability support. Added Yugabyte data source. Map org-specific user roles from your OAuth provider. Better SAML integration for Azure AD. API support for LDAP configuration (experimental). OpenID Connect Discovery URL for Generic OAuth. - Update to version 11.1.5: * Bug fixes: Alerting: Fix permissions for prometheus rule endpoints. Alerting: Fix persisting result fingerprint that is used by recovery threshold. RBAC: Fix an issue with server admins not being able to manage users in orgs that they don't belong to. Snapshots: Fix panic when snapshot_remove_expired is true. VizTooltip: Fix positioning at bottom and right edges on mobile. Plugins: Fix QueryField typeahead missing background color. - Update to version 11.1.3: * Bug fix: RBAC: Allow plugins to use scoped actions. - Update to version 11.1.1: * Bug fixes: Alerting: Skip fetching alerts for unsaved dashboards. Alerting: Support utf8_strict_mode: false in Mimir. Scenes: Fixes issue with panel repeat height calculation. Table Panel: Fix Image hover without datalinks. Tempo: Fix grpc streaming support over pdc-agent. RBAC: Allow plugins to use scoped actions. - Upgrade to version 11.1.0: * Security: CVE-2023-45288: Bump golang.org/x/net (bsc#1236510) * Features and improvements: Allow table cell text wrapping. Added stat visualization percent change color mode options. XA chart is generally available. Redesigned settings page for Alerting. Added alerting template selector. Added OAuth2 to HTTP settings for vanilla Alertmanager / Mimir. Improved paused alert visibility. Rule-specific silences with permissions. Support for AWS SNS integration in Grafana-managed alerts. Added GeoMap and panel shortcut keyboard support. Accessability headings improvements. Added reduced motion support. - Update to version 11.0.1: * Breaking changes: If you had selected your language as "Português Brasileiro" previously, this will be reset. You have to select it again in your Preferences for the fix to be applied and the translations will then be shown. * Bug fixes: Echo: Suppress errors from frontend-metrics API call failing. Analytics: Fix ApplicationInsights integration. DashboardScene: Fixes issue removing override rule. BrowseDashboards: Prepend subpath to New Browse Dashboard actions. Alerting: Fix rule storage to filter by group names using case-sensitive comparison. RBAC: List only the folders that the user has access to. DashboardScene: Fixes lack of re-render when updating field override properties. DashboardScene: Fixes inspect with transforms issue. AzureMonitor: Fix bug detecting app insights queries. Access Control: Clean up permissions for deprovisioned data sources. Loki: Fix editor history in wrong order. SSE: Fix threshold unmarshal to avoid panic. LibraryPanels/RBAC: Ignore old folder permission check when deleting/patching lib panel. Dashboards: Correctly display Admin access to dashboards in the UI. LogsTable: Fix default sort by time. Alerting: Fix rules deleting when reordering whilst filtered. Alerting: Fix typo in JSON response for rule export. CloudMonitoring: Fix query type selection issue. Alerting: Fix scheduler to sort rules before evaluation. DashboardScene: Skip panel repeats when values are the same. Alerting: Do not store series values from past evaluations in state manager for no reason. DashboardScene: Fixing major row repeat issues. DashboardScene: Fixes checkbox orienation in save forms. - Upgrade to version 11.0.0: * Breaking changes: AngularJS support is turned off by default. Legacy alerting is entirely removed. Subfolders cause very rare issues with folders which have slashes in their names. The input data source is removed. Data sources: Responses which are associated with hidden queries will be removed (filtered) by Grafana. The URL which is generated when viewing an individual repeated panel has changed. React Router is deprecated. The grafana/e2e testing tool is deprecated. * Features and enhancements: Introduced Explore Metrics (public preview) and Explore Logs (experimental). Introduced edit mode to provide an easier way to discover and interact with the dashboard edit exprerience. Fixed positioning of template variables and time picker. Introduced dashboard subfolders. Use AI to generate titles and descriptions for panels and dashboards. Canvas: Enhanced flowcharting functionality. Canvas: Universal data link support. Canvas: Added infinite panning editor option. Added colored table rows with conditional formatting. Set threshold colors in the Config from query transformation. Substring matcher added to the Filter by value transformation. Keep Last State for Grafana Managed Alerting. Redesigned alert detail view. The Alerting Provisioning HTTP API has been updated to enforce RBAC. Removed old Tempo Search and Loki Search. MSSQL: Windows Active Directory (Kerberos) authentication. New strong password policy. - CVE-2025-27144: Fix Go JOSE's Parsing Vulnerability (bsc#1237671) - CVE-2024-51744: Fix bad documentation of error handling in ParseWithClaims (bsc#1232975) - CVE-2024-45339: Fix vulnerability when creating log files (bsc#1236559) - Update to version 10.4.15: * Bugfixes CVE-2024-11741: Fix the Grafana Alerting VictorOps integration (bsc#1236734) Chore: Bump dependency golang.org/x/crypto to v0.31.0 - Update to version 10.4.14: * Bugfixes Alerting: Do not fetch Orgs if the user is authenticated by apikey/sa or render key grafana-11.6.11-bp160.1.1.x86_64.rpm grafana-11.6.11-bp160.1.1.s390x.rpm grafana-11.6.11-bp160.1.1.ppc64le.rpm grafana-11.6.11-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-226 Security update for chromium critical openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: Changes in chromium: - Chromium 147.0.7727.137 (boo#1263158) * CVE-2026-7363: Use after free in Canvas * CVE-2026-7361: Use after free in iOS * CVE-2026-7344: Use after free in Accessibility * CVE-2026-7343: Use after free in Views * CVE-2026-7333: Use after free in GPU * CVE-2026-7360: Insufficient validation of untrusted input in Compositing * CVE-2026-7359: Use after free in ANGLE * CVE-2026-7358: Use after free in Animation * CVE-2026-7334: Use after free in Views * CVE-2026-7357: Use after free in GPU * CVE-2026-7356: Use after free in Navigation * CVE-2026-7354: Out of bounds read and write in Angle * CVE-2026-7353: Heap buffer overflow in Skia * CVE-2026-7352: Use after free in Media * CVE-2026-7351: Race in MHTML * CVE-2026-7350: Use after free in WebMIDI * CVE-2026-7349: Use after free in Cast * CVE-2026-7348: Use after free in Codecs * CVE-2026-7335: Use after free in media * CVE-2026-7336: Use after free in WebRTC * CVE-2026-7337: Type Confusion in V8 * CVE-2026-7347: Use after free in Chromoting * CVE-2026-7346: Inappropriate implementation in Tint * CVE-2026-7345: Insufficient validation of untrusted input in Feedback * CVE-2026-7338: Use after free in Cast * CVE-2026-7342: Use after free in WebView * CVE-2026-7341: Use after free in WebRTC * CVE-2026-7339: Heap buffer overflow in WebRTC * CVE-2026-7340: Integer overflow in ANGLE * CVE-2026-7355: Use after free in Media chromedriver-147.0.7727.137-bp160.1.1.x86_64.rpm chromium-147.0.7727.137-bp160.1.1.x86_64.rpm chromedriver-147.0.7727.137-bp160.1.1.ppc64le.rpm chromium-147.0.7727.137-bp160.1.1.ppc64le.rpm chromedriver-147.0.7727.137-bp160.1.1.aarch64.rpm chromium-147.0.7727.137-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-227 Recommended update for glab moderate openSUSE Backports SLE-16.0 This update for glab fixes the following issues: Changes in glab: - Update to version 1.93.0: * Features - 90960872: feat(ci-list): display running pipelines in blue, use light/dark 24-bit colors when able (Emil Chludziński tanstaafl@tlen.pl) - f8f25b15: feat(mr note): add 'create' subcommand with discussion-based notes (Tomas Vik tvik@gitlab.com) - 95a61c83: feat: add --assignee flag to glab stack sync (Gary Holtz gholtz@gitlab.com) - f73a54fe: feat: add --label flag to glab stack sync (Gary Holtz gholtz@gitlab.com) - 35df967c: feat: add --template flag to issue and mr create commands (Kai Armstrong karmstrong@gitlab.com) - e59047ed: feat: add glab search semantic command (Tian Gao tgao@gitlab.com) * Bug Fixes - d3454a07: fix(api): avoid panic on invalid absolute endpoint URL (Mikel mikel@olasagasti.info) - b98d93a6: fix(ci view): Setup default theme (Philipp Hahn pmhahn@pmhahn.de) - f07689ce: fix(duo): honor custom Duo CLI path on unsupported CPU architectures (Mikel mikel@olasagasti.info) - 033e8039: fix: Always Use Long Git Status (Jonathan Bowe jonathan@bowedev.com) - 3e5c995d: fix: add HTTP timeout and propagate context in auth commands (Kai Armstrong karmstrong@gitlab.com) - ee920b4d: fix: respect repository target branch rules in mr create (Kai Armstrong karmstrong@gitlab.com) - 5593a1e8: fix: support git worktrees in stack operations (Daniel Bankmann 11852855-dba223@users.noreply.gitlab.com) - 34af5c48: fix: use local viper instance in GroupOverride to prevent data race (Jay McCure jmccure@gitlab.com) * Documentation - 4edb2bdd: docs: Clarify time format for glab token rotate (Brendan Lynch blynch@gitlab.com) - 40099e89: docs: add CLI docs style guide references and contributor guidance (Brendan Lynch blynch@gitlab.com) - fe2ed6fc: docs: fix punctuation in Short and flag descriptions (Brendan Lynch blynch@gitlab.com) - ee555c88: docs: improve auth login CI/CD documentation and --api-host flag (Kai Armstrong karmstrong@gitlab.com) - 784d046e: docs: standardize positional arg notation in mr commands (Brendan blynch@gitlab.com) * Dependencies - bb755050: chore(deps): Switch to a maintained YAML library (Mikel mikel@olasagasti.info) - 377c4198: chore(deps): drop github.com/pkg/errors in favor of stdlib errors (Mikel mikel@olasagasti.info) - 0a9d6bc7: chore(deps): drop mitchellh/go-homedir for stdlib home dir (Mikel mikel@olasagasti.info) - 7821c8d9: chore(deps): update module charm.land/bubbletea/v2 to v2.0.5 (GitLab Renovate Bot gitlab-bot@gitlab.com) - f4807f6c: chore(deps): update module charm.land/lipgloss/v2 to v2.0.3 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 0e3c1048: chore(deps): update module github.com/docker/cli to v29.4.0+incompatible (GitLab Renovate Bot gitlab-bot@gitlab.com) - 6ca80615: chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 8c3b14f9: chore(deps): update module github.com/mattn/go-runewidth to v0.0.23 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 5cca166a: chore(deps): update module gitlab.com/gitlab-org/api/client-go/v2 to v2.17.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 1cca432d: chore(deps): update module gitlab.com/gitlab-org/api/client-go/v2 to v2.19.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 59cdf34d: chore(deps): update module gitlab.com/gitlab-org/api/client-go/v2 to v2.20.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - aa8b94d1: chore(deps): update module gitlab.com/gitlab-org/api/client-go/v2 to v2.20.1 (GitLab Renovate Bot gitlab-bot@gitlab.com) - ef351c1e: chore(deps): update module golang.org/x/crypto to v0.50.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 8c009a20: chore(deps): update module k8s.io/client-go to v0.35.4 (GitLab Renovate Bot gitlab-bot@gitlab.com) * Maintenance - 4e8a8817: chore(duo): hide and deprecate 'glab duo ask' command (Kai Armstrong karmstrong@gitlab.com) - Update to version 1.92.1: * Bug Fixes - a91ac2ae: fix(auth): clear stale credentials before OAuth flow, not after (Kai Armstrong karmstrong@gitlab.com) * Maintenance - b830236f: ci: fix release notes bot token override and remove redundant jq install (Kai Armstrong karmstrong@gitlab.com) - Update to version 1.92.0: * Features - a5848540: feat: add duo-cli path override (Andrei Zubov azubov@gitlab.com) - 388a0f44: feat: add glab todo list and done commands (Kai Armstrong karmstrong@gitlab.com) * Bug Fixes - 8acb8487: fix(auth): clear stale credentials on re-login to fix OAuth-to-token switch (Kai Armstrong karmstrong@gitlab.com) - 6f30fd44: fix(clone): "glab repo clone" with custom directory (Martin Schurz 2090677-schurzi@users.noreply.gitlab.com) - 3dffae69: fix(token): fix rotate command failing to match tokens by numeric ID (Kai Armstrong karmstrong@gitlab.com) - b5624786: fix: add enum constraints and positional arg hints to MCP tool schemas (Kai Armstrong karmstrong@gitlab.com) - 8b01065a: fix: avoid GET /projects/:id in changelog generate to support CI job tokens (Kai Armstrong karmstrong@gitlab.com) - 5a83a038: fix: handle numeric timezone offsets in oauth2_expiry_date parsing (Kai Armstrong karmstrong@gitlab.com) - d0fa983b: fix: map 'user' config key to GLAB_USER to prevent $USER shadowing (Kai Armstrong karmstrong@gitlab.com) - 0d7a0be7: fix: use GitLab API for default branch instead of git remote show (Kai Armstrong karmstrong@gitlab.com) * Documentation - 5b34c099: docs: Add link to changelogs info (Brendan blynch@gitlab.com) - 5cd14e11: docs: update mr note examples to use resolve/reopen subcommands (Kai Armstrong karmstrong@gitlab.com) * Dependencies - 29e4990c: chore(deps): update module github.com/hashicorp/go-version to v1.9.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 4571890b: chore(deps): update module github.com/modelcontextprotocol/go-sdk to v1.5.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 3284fe2a: chore(deps): update module gitlab.com/gitlab-org/api/client-go/v2 to v2.13.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) * Maintenance - 08deb1d3: chore: add Claude Code project settings and gitignore local overrides (Kai Armstrong karmstrong@gitlab.com) - 412f53ec: ci: add expire_in to sign_windows job artifacts (Kai Armstrong karmstrong@gitlab.com) - 40d9efbd: ci: use dedicated GITLAB_TOKEN_RELEASE_NOTES variable for notify-issues job (Kai Armstrong karmstrong@gitlab.com) - Update to version 1.91.0: * Features - 7347ec5d: feat(duo): lock Duo CLI auto-updates to compatible major version (Kai Armstrong karmstrong@gitlab.com) - e60b4a84: feat: add multipart/form-data support to glab api via --form flag (Kai Armstrong karmstrong@gitlab.com) * Bug Fixes - 2ce57436: fix: URL-encode filename in release asset DirectAssetPath (Kai Armstrong karmstrong@gitlab.com) - bdda0f84: fix: improve diagnostics when env-based token fails auth (Kai Armstrong karmstrong@gitlab.com) - 6d4c9d43: fix: improve duo cli confirm prompt UX (Kai Armstrong karmstrong@gitlab.com) - 44d7c10f: fix: nil pointer dereference in DisplayIssueList and DisplayIssue when CreatedAt is null (Kai Armstrong karmstrong@gitlab.com) - dc75f9f3: fix: use /bin/sh shebang in notify-issues-on-release script (Kai Armstrong karmstrong@gitlab.com) * Documentation - 1892d844: docs: make Markdown for 'glab runner' command adhere to standards (Evan Read eread@gitlab.com) - 3f03c08c: docs: update command docs for Duo CLI beta release (Uma Chandran uchandran@gitlab.com) * Dependencies - 71b960c7: chore(deps): bump golangci-lint to v2.11.4 (GitLab Renovate Bot gitlab-bot@gitlab.com) - d8ee4806: chore(deps): update module github.com/zalando/go-keyring to v0.2.8 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 874b483b: chore(deps): update module gitlab.com/gitlab-org/api/client-go/v2 to v2.11.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - a6031009: chore(deps): update module gitlab.com/gitlab-org/api/client-go/v2 to v2.7.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 8bd1ac64: chore(deps): update ruby docker tag to v3.4 (GitLab Renovate Bot gitlab-bot@gitlab.com) * Maintenance - 879dce24: chore: Apply 1 suggestion(s) to 1 file(s) (Evan Read eread@gitlab.com) - ba5fb25b: chore: add documentation review apps to project (Evan Read eread@gitlab.com) - b0df7324: chore: add jq to Docker image (Kai Armstrong karmstrong@gitlab.com) - 8401888f: chore: adds beta string and applies it to duo cli (Uma Chandran uchandran@gitlab.com) * Others - 0e917e36: test: reduce unit test runtime by fixing slow polling and real HTTP calls (Kai Armstrong karmstrong@gitlab.com) - Update to version 1.90.0: * Features - c33f8508: feat(auth): add --web, --container-registry-domains, --ssh-hostname flags to login (Ashutosh Kumar Singh ashutoshkumarsingh0x@gmail.com) - ceb51ebd: feat(ci auto login): move from experimental to GA (Timo Furrer tfurrer@gitlab.com) - 4f7b1815: feat(mr): add note list subcommand (Tomas Vik tvik@gitlab.com) - e3ff3569: feat(mr): add note resolve and reopen subcommands (Tomas Vik tvik@gitlab.com) - 9c6e4129: feat(runner-controller): implement new get command (Timo Furrer tfurrer@gitlab.com) - d1ad6fd2: feat(stack): model save and amend add file behavior after git commit (Casey Morris casey@philo.com) - a535468c: feat(stacked-diffs): add warning when saving from non-last stack entry (Gary Holtz gholtz@gitlab.com) - e2dfc31c: feat: add --auto-merge flag to mr create command (Kai Armstrong karmstrong@gitlab.com) - d54279e5: feat: add new command for checking job status by runner (kumaraayush9810 kumaraayush9810@gmail.com) - 59808c96: feat: add new command for listing the manager of runner (kumaraayush9810 kumaraayush9810@gmail.com) - b9f1c8cc: feat: automatically notify issues when released (Kai Armstrong karmstrong@gitlab.com) * Bug Fixes - 8e876852: fix(auth): rewrite remote repo host when SSH hostname maps to config host (Carsten Hoffmann morl99@web.de) - 31fa0af6: fix(mr): show all proposed changes in update preview (Kai Armstrong karmstrong@gitlab.com) - 4280006b: fix(style): ensure config value is used (Filip Aleksic faleksic@gitlab.com) - 735e6f1b: fix: add Ctrl+C signal handling to exit glab ci status --live (Kai Armstrong karmstrong@gitlab.com) - d14dd1dc: fix: bump CI Go version to 1.25.8 for glamour v2 compatibility (Tomas Vik tvik@gitlab.com) - d1e1217e: fix: remove redundant SCP parsing and add smart Git protocol defaults (Kai Armstrong karmstrong@gitlab.com) - 5d0ba457: fix: resolve linting issues introduced by Go 1.26 version bump (Jay McCure jmccure@gitlab.com) - 30b1d0f1: fix: restore glamour v1 auto-detection for TTY/noTTY style selection (Tomas Vik tvik@gitlab.com) - 799a8298: fix: return error when release notes file exists but is unreadable (Ashutosh Kumar Singh ashutoshkumarsingh0x@gmail.com) - fa616eff: fix: sanitize git hook env vars in test helpers for worktree isolation (Tomas Vik tvik@gitlab.com) - 144e41c0: fix: skip TestDetectPlatform on unsupported architectures (Ashutosh Kumar Singh ashutoshkumarsingh0x@gmail.com) - 8d9197d9: fix: update Remote.Repo hostname for SSH remotes in split-host setups (Kai Armstrong karmstrong@gitlab.com) - 8d404c09: fix: update glamour v2 import path and API changes (Tomas Vik tvik@gitlab.com) * Documentation - abd3ff94: docs: Remove EOL spaces in doc files - 2026-03-06 (Brendan Lynch blynch@gitlab.com) - 10548a1c: docs: Review and update glab note list subcommand page (Brendan Lynch blynch@gitlab.com) - 6b47f909: docs: renames classic chat to non-agentic chat (Uma Chandran uchandran@gitlab.com) - 515ab7f1: docs: wrap glab CLI commands in backticks (Evan Read eread@gitlab.com) * Dependencies - a0241495: chore(deps): bump go version updates to v1.26.1 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 67acc347: chore(deps): bump golangci-lint to v2.11.1 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 736b087b: chore(deps): bump golangci-lint to v2.11.1 (Ahmed Hemdan ahemdan@gitlab.com) - 83758be2: chore(deps): bump golangci-lint to v2.11.2 (GitLab Renovate Bot gitlab-bot@gitlab.com) - a6f2afa7: chore(deps): bump golangci-lint to v2.11.3 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 0e7a03e7: chore(deps): migrate fang to charm.land/fang/v2 (Tomas Vik tvik@gitlab.com) - 47e7f706: chore(deps): replace huhtest with ugh to support huh v2 (Timo Furrer tfurrer@gitlab.com) - c483714b: chore(deps): update dependency @commitlint/cli to ^20.4.4 (GitLab Renovate Bot gitlab-bot@gitlab.com) - e2168b07: chore(deps): update dependency @commitlint/cli to ^20.5.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 9e0d8a41: chore(deps): update dependency @commitlint/format to ^20.4.4 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 28d6a89f: chore(deps): update dependency @commitlint/format to ^20.5.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - c167e385: chore(deps): update dependency @commitlint/lint to ^20.5.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 0dc4ec68: chore(deps): update dependency @commitlint/read to ^20.5.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - a0f4e7c3: chore(deps): update dependency markdownlint-cli2 to v0.22.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 9a364b95: chore(deps): update module charm.land/lipgloss/v2 to v2.0.2 (GitLab Renovate Bot gitlab-bot@gitlab.com) - a8ceb927: chore(deps): update module github.com/charmbracelet/glamour to v2 (GitLab Renovate Bot gitlab-bot@gitlab.com) - dc8eff1f: chore(deps): update module github.com/docker/cli to v29.3.0+incompatible (GitLab Renovate Bot gitlab-bot@gitlab.com) - a27c93b8: chore(deps): update module github.com/mattn/go-runewidth to v0.0.21 (GitLab Renovate Bot gitlab-bot@gitlab.com) - c2a9f2cb: chore(deps): update module github.com/modelcontextprotocol/go-sdk to v1.4.1 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 192012ae: chore(deps): update module github.com/zalando/go-keyring to v0.2.7 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 93a3e065: chore(deps): update module gitlab.com/gitlab-org/api/client-go/v2 to v2.4.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 245f98e4: chore(deps): update module gitlab.com/gitlab-org/api/client-go/v2 to v2.5.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 1b384b6a: chore(deps): update module gitlab.com/gitlab-org/api/client-go/v2 to v2.6.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 5b744812: chore(deps): update module golang.org/x/crypto to v0.49.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - cf354fb0: chore(deps): update module golang.org/x/oauth2 to v0.36.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - bc5dcc57: chore(deps): update module golang.org/x/text to v0.35.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - d35095ba: chore(deps): update module k8s.io/client-go to v0.35.3 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 4275d2b0: chore(deps): upgrade to huh v2 (Timo Furrer tfurrer@gitlab.com) * Maintenance - 5f37677f: chore(ai): add AGENTS.md and pre-push verification (Tomas Vik tvik@gitlab.com) - 699b5d18: chore(ci): ci maintenance (Filip Aleksic faleksic@gitlab.com) - e21faffe: chore(gen-docs): dont create empty dirs (Filip Aleksic faleksic@gitlab.com) - 76292112: chore(mod): regroup go.mod (Timo Furrer tfurrer@gitlab.com) - f7308511: chore(tests): ensure keyring test uses tmp env (Filip Aleksic faleksic@gitlab.com) - 009cd795: chore: final tidy up of Markdown in project (Evan Read eread@gitlab.com) - cfcc00f1: chore: make 'repo' and other Markdown files adhere to linting standards (Evan Read eread@gitlab.com) - 00a7aaf2: chore: make Markdown files for subcommands adhere to linting standards (Evan Read eread@gitlab.com) - d0899a30: chore: make Markdown files in 'mr' directory adhere to linting standards (Evan Read eread@gitlab.com) - e26db556: chore: make additional Markdown files adhere to linting standards (Evan Read eread@gitlab.com) - ebdf5693: chore: make even more Markdown files adhere to linting standards (Evan Read eread@gitlab.com) - 65a0481a: chore: make more Markdown files adhere to linting standards (Evan Read eread@gitlab.com) - 6620df6b: chore: make remaining 'ci' Markdown files adhere to linting standards (Evan Read eread@gitlab.com) - 7464b954: chore: make remaining Markdown files for subcommands adhere to standards (Evan Read eread@gitlab.com) - 49703916: chore: make runner-related Markdown files adhere to linting standards (Evan Read eread@gitlab.com) - 6dc90c5a: chore: make some Markdown files adhere to linting standards (Evan Read eread@gitlab.com) - c8856222: chore: use alternative method for wrapping bare URLs in Markdown (Evan Read eread@gitlab.com) - c761ae27: ci: add Go version consistency check (Tomas Vik tvik@gitlab.com) - 64c52d3c: refactor(mr): extract discussion helpers and rendering to mrutils (Tomas Vik tvik@gitlab.com) - f5e9828c: refactor: remove redundant signal handling in ci status command (Kai Armstrong karmstrong@gitlab.com) - dd04eb2f: refactor: rename glamourStyle to getGlamourStyle for clarity (Tomas Vik tvik@gitlab.com) - e29240c2: refactor: use EnableJSONOutput helper for 14 additional commands (Kai Armstrong karmstrong@gitlab.com) * Others - ec7b3600: build: update Go version in .tool-versions to match go.mod (Tomas Vik tvik@gitlab.com) - Update to version 1.89.0: * Features - 039a3495: feat(auth): add SSH hostname prompting for self-hosted instances (Kai Armstrong karmstrong@gitlab.com) - 05fe9806: feat(stack): Add update-base flag to sync command to rebase onto updated base branch (Casey Morris casey@philo.com) - 1c42d1e8: feat: add JSON output support to 18 commands for agent automation (Kai Armstrong karmstrong@gitlab.com) * Bug Fixes - 5650beec: fix(release): make notes optional for create/update operations (Kai Armstrong karmstrong@gitlab.com) - ad5731ae: fix(runner): remove redundant EnableRepoOverride from parent runner command (Ashutosh Kumar Singh ashutoshkumarsingh0x@gmail.com) * Documentation - 9b5c3efc: docs: Review and update glab runner docs (Brendan Lynch blynch@gitlab.com) - f3de08bb: docs: Review and update new glab duo cli docs (Brendan Lynch blynch@gitlab.com) * Dependencies - 14c4a74b: chore(deps): adjust to client-go v2 breaking changes (Timo Furrer tfurrer@gitlab.com) - 65c93b4e: chore(deps): change client-go import paths to v2 (Timo Furrer tfurrer@gitlab.com) - 72007fcc: chore(deps): update dependency @commitlint/cli to ^20.4.3 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 0deaee8b: chore(deps): update module gitlab.com/gitlab-org/api/client-go to v2 (GitLab Renovate Bot gitlab-bot@gitlab.com) - Update to version 1.88.0: * Features - 6fcf0f0f: feat(duo cli): add support for help command (Kai Armstrong karmstrong@gitlab.com) - 608d331a: feat(mr note): add --resolve and --unresolve flags (Kai Armstrong karmstrong@gitlab.com) - 8409c32c: feat(mr view): add --resolved and --unresolved filtering flags (Kai Armstrong karmstrong@gitlab.com) - f1b8d6be: feat: add a new command for the unassigning the runner from the project (Aayush kumaraayush9810@gmail.com) - 184e47a5: feat: add new command for assigning the project to a runner (Aayush kumaraayush9810@gmail.com) * Bug Fixes - 7347ebe2: fix(create): show template selection before editor for -d- flag (Kai Armstrong karmstrong@gitlab.com) - 87064fda: fix(duo): force update check when --update flag is used (Kai Armstrong karmstrong@gitlab.com) - e333c538: fix: parse editor command arguments for huh external editor (Kai Armstrong karmstrong@gitlab.com) * Documentation - 7537c2f7: docs: Update and clarify glab auth login command (Brendan Lynch blynch@gitlab.com) * Dependencies - 7cf3cd3d: chore(deps): update dependency @commitlint/format to ^20.4.3 (GitLab Renovate Bot gitlab-bot@gitlab.com) - Update to version 1.87.0: * Features - c56196f1: feat(duo): add cli command with binary download management (Kai Armstrong karmstrong@gitlab.com) - e3ba483a: feat(mr-list): add more flags (Filip Aleksic faleksic@gitlab.com) - 29e4b5a3: feat(runner-controller): add runner controller runner scope create support (Timo Furrer tfurrer@gitlab.com) - c15d2a2f: feat(runner-controller): add runner controller runner scope delete support (Timo Furrer tfurrer@gitlab.com) - cb1b9639: feat(runner-controller): add runner controller runner scope list support (Timo Furrer tfurrer@gitlab.com) - 02052a33: feat(workitems): add list command (Carlos Corona ccorona@gitlab.com) - dcec8338: feat: add subfolder and ssh_host support for GitLab instances (Kai Armstrong karmstrong@gitlab.com) - 8db560e5: feat: create a new command for getting list of runners info (Aayush kumaraayush9810@gmail.com) - 7f6bcddf: feat: new command for the pausing the runner (Aayush kumaraayush9810@gmail.com) - fcd88b76: feat: new delete command for the runner (kumaraayush9810 kumaraayush9810@gmail.com) * Bug Fixes - 0c9c0326: fix(ci view): prevent crash when viewing unrun downstream pipeline triggers (Kai Armstrong karmstrong@gitlab.com) - 6f89aa11: fix(ci): trigger/retry when branch is not specified and not on default branch (Jay McCure jmccure@gitlab.com) - 317d1453: fix(mr-view): usernames have at prefix (Filip Aleksic faleksic@gitlab.com) - 608c001a: fix: URL encode state name in OpenTofu URLs (Timo Furrer tfurrer@gitlab.com) - 1fb2815a: fix: detect piped stdin properly in snippet create (Kai Armstrong karmstrong@gitlab.com) - 9a51b51b: fix: enable filtering and fetch all members in user selection prompts (Kai Armstrong karmstrong@gitlab.com) - a3934515: fix: use separate config keys for base and head repository resolutions (Kai Armstrong karmstrong@gitlab.com) * Documentation - 4816190b: docs: Update glab job artifact docs (Brendan blynch@gitlab.com) - c5f2fe5f: docs: fix instance of double space in docs (Evan Read eread@gitlab.com) - a724a137: docs: improve error message and examples for --variables-from flag (Kai Armstrong karmstrong@gitlab.com) - 1dbaffe1: docs: remove now unused image from project (Evan Read eread@gitlab.com) * Dependencies - f8fdd33b: chore(deps): update dependency @commitlint/cli to ^20.4.2 (GitLab Renovate Bot gitlab-bot@gitlab.com) - ffaaedff: chore(deps): update dependency @commitlint/config-conventional to ^20.4.2 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 8a2125e2: chore(deps): update module github.com/mattn/go-runewidth to v0.0.20 (GitLab Renovate Bot gitlab-bot@gitlab.com) - b7606ac0: chore(deps): update module github.com/modelcontextprotocol/go-sdk to v1.4.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 5d897b63: chore(deps): update module gitlab.com/gitlab-org/api/client-go to v1.44.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 91ab5aa6: chore(deps): update module gitlab.com/gitlab-org/api/client-go to v1.46.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - cb75cad0: chore(deps): update module k8s.io/client-go to v0.35.2 (GitLab Renovate Bot gitlab-bot@gitlab.com) * Maintenance - e3d3de69: chore(ci): golangci-lint update, dont print empty tests (Filip Aleksic faleksic@gitlab.com) - d92a64f9: refactor(cmdutils): improve bool flag pair type (Timo Furrer tfurrer@gitlab.com) - 24800c62: refactor(mr view): switch from Notes API to Discussions API (Kai Armstrong karmstrong@gitlab.com) - 189ed700: refactor: improve TTY checks for non-interactive environments (Kai Armstrong karmstrong@gitlab.com) - Update to version 1.86.0: * Features - adfbc234: feat(config): support per-host https proxy config (Filipe Pina french-ember-gap@duck.com) - 5df7c2b5: feat(mcp): auto-enable JSON output for better LLM parsing (Kai Armstrong karmstrong@gitlab.com) * Bug Fixes - 5f8bc6cc: fix(ci): resolve SIGTTOU hang in ci view for snap installations (Kai Armstrong karmstrong@gitlab.com) - 8602557a: fix(mcp): return only content field in tool responses (Kai Armstrong karmstrong@gitlab.com) - 4fdb0082: fix(release-download): checkbox should be green (Filip Aleksic faleksic@gitlab.com) * Dependencies - 38f8bc43: chore(deps): bump golangci-lint to v2.10.1 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 0c39bcc6: chore(deps): update module github.com/modelcontextprotocol/go-sdk to v1.3.1 (GitLab Renovate Bot gitlab-bot@gitlab.com) * Maintenance - b32b2865: refactor(config): split config command into subcommand packages (Kai Armstrong karmstrong@gitlab.com) - d2241b81: refactor(mcp): add MCP annotations to commands that were missing it (Timo Furrer tfurrer@gitlab.com) - d40ec1eb: refactor(mcp): do not register unannotated commands as MCP tools (Timo Furrer tfurrer@gitlab.com) - Update to version 1.85.3: * Bug Fixes - 0a42506b: fix(auth): prevent legacy keyring ambiguity causing 401 errors (Kai Armstrong karmstrong@gitlab.com) - fe12c08d: fix(token): preserve JSON field names in list output (Kai Armstrong karmstrong@gitlab.com) * Documentation - f14c3fd0: docs: Minor changes to runner controller scopes docs (Brendan Lynch blynch@gitlab.com) - 9724cb17: docs: avoid bare URLs in YAML frontmatter in documentation (Evan Read eread@gitlab.com) * Dependencies - d5dc84ba: chore(deps): update dependency @commitlint/cli to ^20.4.1 (GitLab Renovate Bot gitlab-bot@gitlab.com) - bd2b3bcf: chore(deps): update dependency markdownlint-cli2 to v0.21.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - Update to version 1.85.2: * Features - feat(cred-helper): fallback to default configured host in non-git folders - Update to version 1.85.1: * Maintenance - ccff6d6b: chore(mcp): add exclude annotation commands when running mcp (Kai Armstrong karmstrong@gitlab.com) - Update to version 1.85.0: * Features - b9acbf32: feat(runner-controller): add runner controller scope create command (Timo Furrer tfurrer@gitlab.com) - 440e067e: feat(runner-controller): add runner controller scope delete command (Timo Furrer tfurrer@gitlab.com) - 17584dfd: feat(runner-controller): add runner controller scope list command (Timo Furrer tfurrer@gitlab.com) - a60d14e8: feat: allow to skip commands for MCP (Timo Furrer tfurrer@gitlab.com) - 1426c9ff: feat: support generic credential helper (Timo Furrer tfurrer@gitlab.com) * Bug Fixes - fb5725e5: fix(download): propagate context for same‑host asset download (David Grieser gitlab@david-grieser.de) * Dependencies - 89ad9a1d: chore(deps): bump GitLab client-go (Timo Furrer tfurrer@gitlab.com) - 699e23b9: chore(deps): update module github.com/modelcontextprotocol/go-sdk to v1.3.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 056a9c97: chore(deps): update module gitlab.com/gitlab-org/api/client-go to v1.32.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - f5d08210: chore(deps): update module golang.org/x/crypto to v0.48.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - fb83e882: chore(deps): update module k8s.io/client-go to v0.35.1 (GitLab Renovate Bot gitlab-bot@gitlab.com) * Maintenance - b1de8584: refactor(test): support api client with auth source (Timo Furrer tfurrer@gitlab.com) - 61e07344: refactor: use unauthenticated auth source from GitLab client-go (Timo Furrer tfurrer@gitlab.com) - Update to version 1.84.0: * Bug Fixes - 032e82b0: fix(auth): store tokens in keyring when --use-keyring is specified (Kai Armstrong karmstrong@gitlab.com) - c6b792d5: fix(token): respect --active flag in JSON output (Kai Armstrong karmstrong@gitlab.com) * Documentation - aa792b84: docs: Update the text for experiment string (Brendan Lynch blynch@gitlab.com) - Update to version 1.83.0: * Features - 402b39f8: feat(runner-controller): add runner controller create command (Timo Furrer tfurrer@gitlab.com) - 1ee82efe: feat(runner-controller): add runner controller delete command (Timo Furrer tfurrer@gitlab.com) - 265eef13: feat(runner-controller): add runner controller list command (Timo Furrer tfurrer@gitlab.com) - 13c7a4f7: feat(runner-controller): add runner controller token create command (Timo Furrer tfurrer@gitlab.com) - b0ce395b: feat(runner-controller): add runner controller token list command (Timo Furrer tfurrer@gitlab.com) - f561b857: feat(runner-controller): add runner controller token revoke command (Timo Furrer tfurrer@gitlab.com) - e57ddb48: feat(runner-controller): add runner controller token rotate command (Timo Furrer tfurrer@gitlab.com) - 890f1cd2: feat(runner-controller): add runner controller update command (Timo Furrer tfurrer@gitlab.com) - fed9d351: feat(stack): add git push options support to stack sync command (Swapnaneel Patra swapnaneel06@gmail.com) * Bug Fixes - cfc236d9: fix(ci): add merge result pipeline support to glab ci status trace and glab ci trace <job_name> (Tomas Vik tvik@gitlab.com) - a146646e: fix(ci): prevent crash when ci view used in non-interactive environments (Kai Armstrong karmstrong@gitlab.com) - 43bc0a2a: fix(config): detect symlinked config paths as same file (Miroslav Vadkerti mvadkert@redhat.com) - 238aced4: fix(mr): allow boolean flags to explicitly override project defaults (Kai Armstrong karmstrong@gitlab.com) - 4cb5c2c2: fix: Download gotestsum with correct arch (Patrick Bajao ebajao@gitlab.com) - 23759fcc: fix: correct MCP server flag schema (Caio Ramos caioramos97@gmail.com) - 9f4a05d9: fix: properly set gitlab base URL in tests (Timo Furrer tfurrer@gitlab.com) * Documentation - e7b5bb2b: docs(repo): improve clone command documentation and examples (Kai Armstrong karmstrong@gitlab.com) - b44a4394: docs: Fix issue related to capitalization error (Brendan blynch@gitlab.com) - c97e0d17: docs: avoid using redirecting GitLab Handbook links (Evan Read eread@gitlab.com) - f509cae1: docs: clarifies that duo ask uses classic, add link to duo cli (Uma Chandran uchandran@gitlab.com) - 0ffa4ec3: docs: fix link to DPoP information (Evan Read eread@gitlab.com) - abedc299: docs: updates the issue link for consolidating the CLI tools (Uma Chandran uchandran@gitlab.com) * Dependencies - cfc51ba1: chore(deps): update dependency @commitlint/config-conventional to ^20.4.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 326ae073: chore(deps): update dependency @commitlint/config-conventional to ^20.4.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - cc091c98: chore(deps): update dependency @commitlint/config-conventional to ^20.4.1 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 13fad6f6: chore(deps): update dependency @commitlint/format to ^20.4.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 97c32d06: chore(deps): update dependency @commitlint/read to ^20.4.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - c8ed4b79: chore(deps): update module github.com/avast/retry-go/v4 to v5 (GitLab Dependency Bot tfurrer+gitlab-renovate-bot@gitlab.com) - 8d780b56: chore(deps): update module github.com/charmbracelet/fang to v0.4.4 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 07d97c27: chore(deps): update module github.com/docker/cli to v29.2.1+incompatible (GitLab Renovate Bot gitlab-bot@gitlab.com) - 2b5931dc: chore(deps): update module gitlab.com/gitlab-org/api/client-go to v1.29.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) * Maintenance - 19b9ebdc: chore: Update linting configuration from GitLab project (Evan Read eread@gitlab.com) - 7f4416e4: chore: update appsec handle in vulnerability issue template (Félix Veillette-Potvin fveillette@gitlab.com) - 0739d003: refactor(mcp): migrate to official MCP SDK (Kai Armstrong karmstrong@gitlab.com) - f16c985a: refactor: support ~string types enum flag values (Timo Furrer tfurrer@gitlab.com) - Update to version 1.82.0: * Features - 5ff014e1: feat(installer): Add dark mode support in setup_windows.iss (RC Chuah 4343069-rc-chuah@users.noreply.gitlab.com) - 1304c75f: feat(installer): improve PATH management with programmatic control (Oldřich Jedlička oldium.pro@gmail.com) - e170e21f: feat: add -d- flag support to create commands (Kai Armstrong karmstrong@gitlab.com) - e53cde38: feat: support OAuth2 Access Token only authentication (Timo Furrer tfurrer@gitlab.com) * Bug Fixes - 7883dc24: fix(glrepo): use Host instead of Hostname in FromURL function (Swapnaneel Patra swapnaneel06@gmail.com) - 3aca775d: fix(stack): reorder spinner is displayed over terminal-based editor (Sandro Sauer sauersandro149@gmail.com) - ba8e90ef: fix: normalize nil slices to empty arrays in JSON output (Kai Armstrong karmstrong@gitlab.com) - 9cc43eee: fix: suppress informational messages in JSON output mode (Kai Armstrong karmstrong@gitlab.com) * Documentation - e501773c: docs: Remove EOL spaces in doc files - 2026-01-28 (Marcel Amirault mamirault@gitlab.com) - e6e2eb2d: docs: Remove trailing dot from auth login URL tip (Benedikt Reinartz benedikt.reinartz@statkraft.com) - 56e9970b: docs: Update SHA description for glab mr merge (Brendan Lynch blynch@gitlab.com) - 4c4e16ea: docs: Update install from source instructions (Tom Elliff-O'Shea telliffoshea@rigetti.com) * Dependencies - 52d33754: chore(deps): update dependency golangci-lint to v2.8.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 2d5732d4: chore(deps): update golangci-lint version in CI (Ahmed Hemdan ahemdan@gitlab.com) - b3f9cc6c: chore(deps): update module github.com/docker/cli to v29.2.0+incompatible (GitLab Renovate Bot gitlab-bot@gitlab.com) - 807598a6: chore(deps): update module github.com/gdamore/tcell/v2 to v2.13.8 (GitLab Renovate Bot gitlab-bot@gitlab.com) - b5de98e9: chore(deps): update module github.com/golang-jwt/jwt/v5 to v5.3.1 (GitLab Renovate Bot gitlab-bot@gitlab.com) * Maintenance - 614c42a5: chore(ci): remove unnecessary pre-build step from prepare_go_cache (Kai Armstrong karmstrong@gitlab.com) - dcba5bc1: chore(docs): gen-docs for mr list (Filip Aleksic faleksic@gitlab.com) - ab44a3bf: chore: Add fdignore to gitignore file (Gary Holtz gholtz@gitlab.com) - 2406d1c7: chore: Adding fdignore to prevent markdown edits (Gary Holtz gholtz@gitlab.com) - 7c5b1dfa: chore: clarify sort/order flags and add consistency improvements (Kai Armstrong karmstrong@gitlab.com) - 4f107308: chore: enable a few linters (Oleksandr Redko oleksandr.red+gitlab@gmail.com) - 428e1d2b: ci(deps): remove GOLANGCI_LINT_VERSION from CI configuration (Ahmed Hemdan ahemdan@gitlab.com) * Others - a8c7c1b6: Revert "Merge branch 'gmh-add-fdignore' into 'main'" (Gary Holtz gholtz@gitlab.com) - 21d1ef08: test: fix expires value in TestClear_WithRevoke_ActiveToken (Oleksandr Redko oleksandr.red+gitlab@gmail.com) - Update to version 1.81.0: * Features - 508116ae: feat(attestation): implement attestation verification in glab (Sam Roque-Worcel sroque-worcel@gitlab.com) - f1dc549a: feat(ci-autologin): exclusively use predefined vars when enabled (Timo Furrer tfurrer@gitlab.com) - 476c3902: feat(stacked-diffs): allow multiline stack ref descriptions (Kev Kloss kkloss@gitlab.com) - 84176fbc: feat: add --active flag to repo clone command for group filtering (Kai Armstrong karmstrong@gitlab.com) - 48970633: feat: implement Executor factory function (Timo Furrer tfurrer@gitlab.com) * Bug Fixes - b514a082: fix(auth login): Fix missing-client_id message (FeRD (Frank Dana) ferdnyc@gmail.com) - 971f673c: fix: allow approving and revoking approvals on draft merge requests (Kai Armstrong karmstrong@gitlab.com) - d156ceb9: fix: ci lint --dry-run fails with 'Reference not found' when --ref is not specified (Kai Armstrong karmstrong@gitlab.com) - 2eb49b9b: fix: directly open external editor when using -d- flag (Kai Armstrong karmstrong@gitlab.com) - 66ff43ee: fix: prevent panic when baseRepoFactory is not initialized in project mirror (Kai Armstrong karmstrong@gitlab.com) - 09779a25: fix: properly propagate errors in mr create when outside git repo (Kai Armstrong karmstrong@gitlab.com) - 5887ad30: fix: properly setup SIGTERM and SIGINT signal handling (Timo Furrer tfurrer@gitlab.com) * Documentation - 754cadaf: docs: improve project mirror command documentation and error messages (Kai Armstrong karmstrong@gitlab.com) * Dependencies - 21f0a360: chore(deps): update dependency @commitlint/cli to ^20.3.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 01a7223c: chore(deps): update dependency @commitlint/cli to ^20.3.1 (GitLab Renovate Bot gitlab-bot@gitlab.com) - eb4f9e30: chore(deps): update dependency @commitlint/config-conventional to ^20.3.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 478b5921: chore(deps): update dependency @commitlint/format to ^20.3.1 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 4ad653dc: chore(deps): update dependency @commitlint/read to ^20.3.1 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 2f85f2c8: chore(deps): update module github.com/docker/cli to v29.1.5+incompatible (GitLab Renovate Bot gitlab-bot@gitlab.com) - 8e9988f4: chore(deps): update module github.com/docker/docker-credential-helpers to v0.9.5 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 47d3b309: chore(deps): update module github.com/gdamore/tcell/v2 to v2.13.7 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 04c8e4e2: chore(deps): update module github.com/google/renameio/v2 to v2.0.2 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 6e727e16: chore(deps): update module gitlab.com/gitlab-org/api/client-go to v1.10.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 810aadad: chore(deps): update module gitlab.com/gitlab-org/api/client-go to v1.11.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - a2e643ac: chore(deps): update module gitlab.com/gitlab-org/api/client-go to v1.12.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - f0f30513: chore(deps): update module gitlab.com/gitlab-org/api/client-go to v1.13.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 2790055a: chore(deps): update module gitlab.com/gitlab-org/api/client-go to v1.14.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 5495005e: chore(deps): update module golang.org/x/crypto to v0.47.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 91c50a8f: chore(deps): update module golang.org/x/term to v0.39.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) * Maintenance - a5f6780c: chore(ci): improve caching with separate cache keys per job type (Kai Armstrong karmstrong@gitlab.com) - bfff40a4: chore(makedeb removal): removing unmaintained software documentation (Filip Aleksic faleksic@gitlab.com) - f1d59ace: chore: fix dupword lint issues (Oleksandr Redko oleksandr.red+gitlab@gmail.com) - 72a7a06d: chore: fix typos in comments and variable names across multiple files (Oleksandr Redko oleksandr.red+gitlab@gmail.com) - f5f3d18c: ci: allow failure in snap release job (Timo Furrer tfurrer@gitlab.com) - f3db768a: refactor(alias): use cmdtest.SetupCmdForTest instead of custom cmd setup (Timo Furrer tfurrer@gitlab.com) - 1c988f4d: refactor(attestation): use new command executor interface (Timo Furrer tfurrer@gitlab.com) - f88498a8: refactor(auth): use cmdtest.SetupCmdForTest instead of custom cmd setup (Timo Furrer tfurrer@gitlab.com) - ea264208: refactor(ci): use GitLab client-go mocking instead of HTTP mocks (Timo Furrer tfurrer@gitlab.com) - d6f8fdfc: refactor(ci): use cmdtest.SetupCmdForTest instead of custom cmd setup (Timo Furrer tfurrer@gitlab.com) - 33006b32: refactor(ci): use cmdtest.SetupCmdForTest instead of custom cmd setup (Timo Furrer tfurrer@gitlab.com) - ce81090c: refactor(commands): use context from cobra cmd instead of Background (Timo Furrer tfurrer@gitlab.com) - f1028d1b: refactor(deploy key): use GitLab client-go mocking instead of HTTP mocks (Timo Furrer tfurrer@gitlab.com) - f99ed615: refactor(duo): use GitLab client-go mocking instead of HTTP mocks (Timo Furrer tfurrer@gitlab.com) - b8936f99: refactor(gpg-key): use cmdtest.SetupCmdForTest instead of custom cmd setup (Timo Furrer tfurrer@gitlab.com) - 6b5e8803: refactor(httpmock): remove unused httpmock package (Timo Furrer tfurrer@gitlab.com) - 4da67d62: refactor(issuable): use GitLab client-go mocking instead of HTTP mocks (Timo Furrer tfurrer@gitlab.com) - ff522b28: refactor(issuable): use cmdtest.SetupCmdForTest instead of custom cmd setup (Timo Furrer tfurrer@gitlab.com) - 228ff301: refactor(issue): use GitLab client-go mocking instead of HTTP mocks (Timo Furrer tfurrer@gitlab.com) - d4f360c6: refactor(iteration): use GitLab client-go mocking instead of HTTP mocks (Timo Furrer tfurrer@gitlab.com) - 76448cd6: refactor(label): use GitLab client-go mocking instead of HTTP mocks (Timo Furrer tfurrer@gitlab.com) - 080c872d: refactor(mr): use GitLab client-go mocking instead of HTTP mocks (Timo Furrer tfurrer@gitlab.com) - 21c3f34f: refactor(mr): use cmdtest.SetupCmdForTest instead of custom cmd setup (Timo Furrer tfurrer@gitlab.com) - aa479583: refactor(opentofu): use new factory executor for tf subprocesses (Timo Furrer tfurrer@gitlab.com) - 94a13bb1: refactor(project): use GitLab client-go mocking instead of HTTP mocks (Timo Furrer tfurrer@gitlab.com) - c1d841ed: refactor(project): use cmdtest.SetupCmdForTest instead of custom cmd setup (Timo Furrer tfurrer@gitlab.com) - 889b6a0a: refactor(release): use GitLab client-go mocking instead of HTTP mocks (Timo Furrer tfurrer@gitlab.com) - 5944cd40: refactor(schedule): use GitLab client-go mocking instead of HTTP mocks (Timo Furrer tfurrer@gitlab.com) - 89df3156: refactor(securefile): use GitLab client-go mocking instead of HTTP mocks (Timo Furrer tfurrer@gitlab.com) - 299328d3: refactor(securefile): use cmdtest.SetupCmdForTest instead of custom cmd setup (Timo Furrer tfurrer@gitlab.com) - 0a19d0ab: refactor(snippet): use GitLab client-go mocking instead of HTTP mocks (Timo Furrer tfurrer@gitlab.com) - 89dae8c8: refactor(stack): use cmdtest.SetupCmdForTest instead of custom cmd setup (Timo Furrer tfurrer@gitlab.com) - 7f83526b: refactor(stacks): use GitLab client-go mocking instead of HTTP mocks (Timo Furrer tfurrer@gitlab.com) - af34285b: refactor(testing): allow to override test IOStreams (Timo Furrer tfurrer@gitlab.com) - 543cc13e: refactor(testing): isolate integration test-only helpers (Timo Furrer tfurrer@gitlab.com) - f0b6a94c: refactor(testing): move api test helper to dedicated file (Timo Furrer tfurrer@gitlab.com) - a09aa417: refactor(testing): move factory test helper to dedicated file (Timo Furrer tfurrer@gitlab.com) - 48dba104: refactor(testing): move generic test tools to dedicated file (Timo Furrer tfurrer@gitlab.com) - 9368f8b5: refactor(testing): move iostreams test helper to dedicated file (Timo Furrer tfurrer@gitlab.com) - 8fbfe78b: refactor(testing): remove tests without value (Timo Furrer tfurrer@gitlab.com) - aae3766a: refactor(token): use GitLab client-go mocking instead of HTTP mocks (Timo Furrer tfurrer@gitlab.com) - 9705ecae: refactor(update): use GitLab client-go mocking instead of HTTP mocks (Timo Furrer tfurrer@gitlab.com) - c9eba1ae: refactor(update): use cmdtest.SetupCmdForTest instead of custom cmd setup (Timo Furrer tfurrer@gitlab.com) - 396ed205: refactor(variable): use GitLab client-go mocking instead of HTTP mocks (Timo Furrer tfurrer@gitlab.com) - f468a8ad: refactor: allow attestation verify cmd tests to run in parallel (Timo Furrer tfurrer@gitlab.com) - ce31da55: refactor: remove execext package (Timo Furrer tfurrer@gitlab.com) - fafb990e: refactor: remove unused global variable (Timo Furrer tfurrer@gitlab.com) - 4ccb6536: refactor: rename attestation verify command ctor (Timo Furrer tfurrer@gitlab.com) - 37dd5d47: refactor: rename attestation verify command files (Timo Furrer tfurrer@gitlab.com) * Others - 87acb329: test: adjust whitespace in issuable list test (Jay McCure jmccure@gitlab.com) - 751e6793: test: update ci get test expectations for api client v1.14.0 (Tomas Vik tvik@gitlab.com) - Update to version 1.80.4 (.3 was not released): * Bug Fixes - e8b10d9d: fix(goreleaser): replace unsupported negative lookahead with group reordering (Kai Armstrong karmstrong@gitlab.com) * Dependencies - chore(deps): update module k8s.io/client-go to v0.35.0 - Update to version 1.80.2: * Maintenance - 4bc7ac00: chore(goreleaser): use .ReleaseNotes template variable in Slack announcement (Kai Armstrong karmstrong@gitlab.com) - Update to version 1.80.1: * Bug Fixes - f32543b1: fix: correct syntax for slack announcement (Kai Armstrong karmstrong@gitlab.com) * Maintenance - 6c638a17: refactor(ci): improve Go module caching strategy (Kai Armstrong karmstrong@gitlab.com) - Update to version 1.80.0: * Features - 91cf0912: feat(api): add ndjson output option (Kai Armstrong karmstrong@gitlab.com) - 77b4c815: feat(release): fallback to predefined CI/CD variable for default branch (Timo Furrer tfurrer@gitlab.com) - a9f37d71: feat: migrate prompts from survey to huh (Kai Armstrong karmstrong@gitlab.com) * Bug Fixes - 29753e92: fix(installer): support non-admin Windows installation mode (Oldřich Jedlička oldium.pro@gmail.com) - a8ed68af: fix(mr): enable label priority ordering for project and group MRs (Itzamna itzamna@mayaprotocol.com) * Maintenance - dcbcc550: chore(deps): update dependency @commitlint/config-conventional to ^20.2.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 8048060f: chore(deps): update dependency @commitlint/format to ^20.2.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - bcfa59c6: chore(deps): update dependency @commitlint/lint to ^20.2.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 6e8dabdd: chore(deps): update dependency @commitlint/read to ^20.2.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - c75b1ba7: chore(deps): update dependency golangci-lint to v2.7.2 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 506962fc: chore(deps): update dependency markdownlint-cli2 to v0.20.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 5b07844b: chore(deps): update module github.com/docker/cli to v29.1.3+incompatible (GitLab Renovate Bot gitlab-bot@gitlab.com) - 043f3533: chore(deps): update module gitlab.com/gitlab-org/api/client-go to v1.8.2 (GitLab Dependency Bot tfurrer+gitlab-renovate-bot@gitlab.com) - 4c4b0a44: chore(deps): update module golang.org/x/crypto to v0.46.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 38011a0a: chore(deps): update module golang.org/x/sync to v0.19.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 15d13baf: chore(deps): update module golang.org/x/term to v0.38.0 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 6edf0caa: chore(deps): update module k8s.io/apimachinery to v0.34.3 (GitLab Renovate Bot gitlab-bot@gitlab.com) - 6ca9b74b: chore(deps): update module k8s.io/client-go to v0.34.3 (GitLab Renovate Bot gitlab-bot@gitlab.com) - f2cd4488: chore(tooling): update golangci lint version (Filip Aleksic faleksic@gitlab.com) - 9d1268e6: chore: improve changelog and add slack announce (Kai Armstrong karmstrong@gitlab.com) - 399fe403: chore: migrate note commands from utils.Editor() to IOStreams.Editor() (Kai Armstrong karmstrong@gitlab.com) - 62a747d1: chore: remove explicit Go version requirements in docs and direct to SSOT (Kai Armstrong karmstrong@gitlab.com) - e1955f0a: chore: remove legacy prompt package and complete huh migration (Kai Armstrong karmstrong@gitlab.com) - 5319171e: chore: remove survey/v2 dependency and complete huh migration (Kai Armstrong karmstrong@gitlab.com) - 4ca48d95: refactor: fix modernize lint issues (Oleksandr Redko oleksandr.red+gitlab@gmail.com) - 2727d78f: refactor: use directional channel parameters (Oleksandr Redko oleksandr.red+gitlab@gmail.com) * Others - 91cc1a93: fix(repo create): handle git operation failures and fix NO_PROMPT behavior (Kai Armstrong karmstrong@gitlab.com) - 71060345: fix(repo list): --group with --include-subgroups does not work with --all (Eric de Ruiter eric@famderuiter.net) - ef41e568: fix(variable export): provide clean JSON output on stdout (Daniel Sonck daniel@sonck.nl) - Update to version 1.79.0: * chore(deps): update dependency @commitlint/cli to ^20.2.0 * fix: make token cache tests compatible with macOS * feat: add --output flag and deprecate --format for variable export * fix: ensure Git output is in English for stack sync * chore(deps): update dependency golangci-lint to v2.7.1 * chore(deps): update module github.com/mark3labs/mcp-go to v0.43.2 * chore(deps): update module github.com/spf13/cobra to v1.10.2 * chore(deps): update dependency golangci-lint to v2.7.0 * feat: support GITLAB_HOST in auth status * chore: wrap bare urls in markdown syntax for doc generation * feat: CI auto-login * chore(deps): update module github.com/docker/cli to v29.1.2+incompatible * refactor(ci): remove factory dependency and handle empty pipelines * fix(ci): correct branch filtering in ci view command * docs: add example for glab mr note command * feat: add securefile download via name * chore: migrate multi-option select prompts to huh * chore: migrate login prompts to huh * docs: update glab repo delete description * docs: update StringSliceVar flags that support repetition * chore(deps): update module github.com/docker/cli to v29.1.1+incompatible * chore(deps): update module github.com/hashicorp/go-version to v1.8.0 * chore(deps): update module github.com/docker/cli to v29.1.0+incompatible * docs: update description for variable strings option * docs(config set): fixing glab config set helper messages * refactor: move away from deprecated tcell code in v2.12.0 * refactor: adapt to breaking changes of client-go v1 * chore(deps): update module github.com/gdamore/tcell/v2 to v2.12.0 * chore(deps): update module github.com/docker/cli to v29.0.4+incompatible * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v1 - Update to version 1.78.3: * chore(deps): update module github.com/docker/cli to v29.0.3+incompatible * chore(deps): update module github.com/mark3labs/mcp-go to v0.43.1 * chore: sort imports with gci formatter * chore(deps): update module github.com/gdamore/tcell/v2 to v2.11.0 * chore(deps): update dependency markdownlint-cli2 to v0.19.1 * chore: allow homebrew to update again for release * chore(deps): update module golang.org/x/crypto to v0.45.0 - Update to version 1.78.2: * chore: prevent homebrew update for publishing - Update to version 1.78.1: * chore: remove edge publish on tag and pin brew version - Update to version 1.78.0: * fix: improve token duration flag clarity and consistency * chore: remove legacy install instruction for script * fix(check-update): avoid using self-hosted credentials for gitlab.com * ci(docs): update Hugo test build * chore(dependencies): roll documentation linting tool versions forward * fix: move token cache info and delete file * chore: refactor make bootstrap to separate script * fix: create config directory earlier in init * feat(token-cache): add token-cache commands for GitLab Agent tokens * chore(deps): update module github.com/gdamore/tcell/v2 to v2.10.0 * chore: update docs for mcp configuration * fix: resource leaks in file handles and HTTP response bodies * chore: fix typos in tests * chore(deps): update module github.com/docker/cli to v29.0.2+incompatible * chore(deps): update module github.com/google/renameio/v2 to v2.0.1 * chore(deps): update module github.com/docker/cli to v29 * chore(deps): update dependency golangci-lint to v2.6.2 * chore(deps): update dependency markdownlint-cli2 to v0.19.0 * chore(deps): update dependency @commitlint/cli to ^20.1.0 * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.160.0 * chore(deps): update module k8s.io/client-go to v0.34.2 * chore: add lefthook configuration and bootstrap tools command * chore(deps): update module k8s.io/apimachinery to v0.34.2 * chore: publish to snapcraft edge on tag release * feat: migrate survey prompts to huh (phase 2) * chore(deps): bump all Go versions to 1.25.4 * chore(deps): update module github.com/mark3labs/mcp-go to v0.43.0 * chore(deps): bump go to v1.25.4 - Update to version 1.77.0: * docs(duo): improve documentation for duo and duo ask commands * chore(deps): update module golang.org/x/crypto to v0.44.0 * chore: pin dind version for API mismatch * chore(deps): update module golang.org/x/sync to v0.18.0 * chore(deps): update module golang.org/x/oauth2 to v0.33.0 * feat(milestone): edit and delete * ci(tests): speed up tests execution by using cache * fix: Revert "feat(milestone): edit and delete milestone" * feat(milestone): edit and delete milestone * fix(docs): update the documentation * feat(milestone): added create, list and get commands * refactor(tests): separate unit from integration tests via build tags * chore(deps): update dependency go to v1.25.4 * chore(contributing): fix the vscode debug command * chore(ci): start tests immediately * chore(ci): automate snapcraft build and publishing * feat(label): edit labels * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.159.0 - Update to version 1.76.2: * fix(config): deduplicate paths in config file detection * chore(deps): update dependency golangci-lint to v2.6.1 - Update to version 1.76.1: * fix(ci): snapcraft remove proxy - Update to version 1.76.0: * chore(ci): snapcraft and build stage * fix(config): maintain backward compatibility with legacy config path * fix(logger): clarify log target * chore(tests): create tests for all ssh-key commands * chore(docs): updates name on docs index page * chore(docs): Move images to source directory * chore(docs): prep for Hugo site * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.158.0 * docs(release-process): remove outdated info * feat: migrate Confirm prompts from survey to huh * fix: sign macOS binaries * chore(deps): update dependency golangci-lint to v2.6.0 - Update to version 1.75.0: * chore(snapcraft): add more information on how the package is built * chore(ci): update image versions * chore: use a post-build hook to sign binaries * feat: create shared GitLab theme for Charm libraries * chore(release-docs): update the release docs * feat(auth login): auto-detect GitLab URLs from git remotes * fix(docs): remove index with no underscore * feat(ci-view): view any pipeline via id * docs(repo-list): clarify available options * feat(gpg-key): add gpg-key management commands * chore(deps): update module github.com/docker/cli to v28.5.1+incompatible * fix(config): implement XDG Base Directory Spec compliance * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.157.1 * feat(members): add commands to manage project members * build: adding s390x linux build * chore(deps): bump go to v1.25.3 * fix(ci view): display masked variables in job logs * fix(auth git-credentials): refresh oauth2 access token when expired * chore(deps): update module github.com/mark3labs/mcp-go to v0.42.0 * fix(auth git-credentials): ignore unsupported operations * feat(git-credential): properly support all token types in git-credential plugin * chore(deps): update module github.com/avast/retry-go/v4 to v4.7.0 * chore(deps): update module github.com/charmbracelet/huh to v0.8.0 * chore: Update Vale rules from GitLab project * chore(deps): update dependency golang to v1.25.3 * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.157.0 * test(job artifact): simplify zip tests * chore(deps): update module golang.org/x/oauth2 to v0.32.0 * chore(deps): update dependency @commitlint/lint to v20 - Update to version 1.74.0: * caac5301: fix: do not result in bool parse error for empty config (Timo Furrer tfurrer@gitlab.com) - Update to version 1.73.1: * 4ae0efc4: docs: update CLI docs format to work with Hugo (Pearl Latteier platteier@gitlab.com) * 159d7ab4: fix(events): print the title when listing user events (Oleksandr Redko oleksandr.red+gitlab@gmail.com) * 97fcfa9f: fix(tables): add table names to output data (Filip Aleksic faleksic@gitlab.com) * 45524b28: fix: prevent cmdutils.SilentError from printing in error handler (Daniel Lecklider lecklider.6@gmail.com) * 3612240c: fix: return proper not found error for empty hosts in config file (Timo Furrer tfurrer@gitlab.com) * 6e9ce18e: fix: stop generating documentation for deprecated commands (Kai Armstrong karmstrong@gitlab.com) - Update to version 1.73.0: * b47057c7: feat(api): Add support for custom HTTP headers via config (which can point to environment variables) (Henri Cook 2467396-henricook@users.noreply.gitlab.com) * ac56c58a: feat(auth logout): logout from job token and OAuth2 auth (Timo Furrer tfurrer@gitlab.com) * ba8946a7: feat(config): setting empty config value removes its node from config (Timo Furrer tfurrer@gitlab.com) * 0555045f: feat(duo / codex): Added Codex support to Duo (Shekhar Patnaik spatnaik@gitlab.com) * 2839a829: feat(duo claude): add option to configure GitLab MCP for claude code (Timo Furrer tfurrer@gitlab.com) * 85b5a8bf: feat(env): deprecate glab variables without GLAB_ prefix (Filip Aleksic faleksic@gitlab.com) * 5e6c63aa: feat(securefile): Add --all flag to download all secure files (Fred Reinink freinink@gitlab.com) * 5b79e347: feat(securefile): Verify checksum when downloading secure files (Fred Reinink freinink@gitlab.com) * d176a870: feat: add support for CI/CD pipeline inputs in ci run and ci run-trig commands (Florian Forster fforster@gitlab.com) * b427ce28: fix(ci status): properly exit status (Kai Armstrong karmstrong@gitlab.com) * b0013035: fix(mr view): runtime error: invalid memory address or nil pointer dereference (Kai Armstrong karmstrong@gitlab.com) * e068b8d5: fix(repo list): fix project group filtering reliability (Eric de Ruiter eric@thisisdevelopment.nl) * 493e48ca: fix(tests): avoid duplicate test case names (Timo Furrer tfurrer@gitlab.com) * 0d3765e6: fix(tests): properly use t.Parallel() where it's currently used (Timo Furrer tfurrer@gitlab.com) * 6c9f1f1c: fix: cli display parity chars (Jose Gabriel Companioni Benitez 53531665+elC0mpa@users.noreply.github.com) * 8e59a412: fix: prevents claude tests from writing settings.json (Kai Armstrong karmstrong@gitlab.com) * db9d5296: refactor(cmdtest): mark test helper as such (Timo Furrer tfurrer@gitlab.com) * 7c1c95e5: refactor(confirm): use new IOStreams Confirm (Timo Furrer tfurrer@gitlab.com) * 7947cff0: refactor(dependency): remove dependency to securejoin by using os.Root (Timo Furrer tfurrer@gitlab.com) * 973c3f17: refactor(duo ask): use cmdtest.SetupCmdForTest directly (Timo Furrer tfurrer@gitlab.com) * 58e6abec: refactor(select): use select prompt from huh (Timo Furrer tfurrer@gitlab.com) * 668c79b9: refactor(testing): setup test factory for huh (Timo Furrer tfurrer@gitlab.com) * chore(deps): adjust test for client-go bump * chore(deps): update dependency @commitlint/config-conventional to v20 * chore(deps): update dependency @commitlint/format to v20 * chore(deps): update dependency @commitlint/read to v20 * chore(deps): update dependency golangci-lint to v2.5.0 * chore(deps): update module github.com/charmbracelet/fang to v0.4.3 * chore(deps): update module github.com/docker/docker-credential-helpers to v0.9.4 * chore(deps): update module github.com/mark3labs/mcp-go to v0.40.0 * chore(deps): update module github.com/mark3labs/mcp-go to v0.40.0 * chore(deps): update module github.com/mark3labs/mcp-go to v0.41.0 * chore(deps): update module github.com/mark3labs/mcp-go to v0.41.1 * chore(deps): update module github.com/mattn/go-runewidth to v0.0.17 * chore(deps): update module github.com/mattn/go-runewidth to v0.0.19 * chore(deps): update module github.com/mattn/go-runewidth to v0.0.19 * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.146.0 * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.147.0 * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.147.1 * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.148.0 * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.148.1 * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.149.0 * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.150.0 * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.151.0 - Update to version 1.72.0: * chore: flag claude and mcp features as experimental * feat(cluster agent): introduce revoke command * fix: normalized all commands chars * refactor(login): use url.Parse instead of regex to validate hostname - Update to version 1.71.2: * feat(duo claude): improve error message when duo claude token retrieval is forbidden * chore: optimize MCP tool descriptions and reduce token usage * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.145.0 - Update to version 1.71.1: * Revert "chore: enable signing for all (test)" * chore: enable signing for all (test) * fix: tweak signature name to avoid bin/ - Update to version 1.71.0: * a61ec841: fix: add checksums to signing (Stan Hu) - Update to version 1.70.0 (1.69.0 does not exist): * fix(release): ignore .gitlab-secrets * feat: sign all macOS and Windows binaries in goreleaser * feat(duo claude): add MCP server integration for enhanced Claude Code functionality * fix: glab ci status fails for an MR branch, when Merged Results Pipelines are enabled * docs: Fix malformed link in CONTRIBUTING * feat: sign Windows installer * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.144.1 * feat: sign Windows glab.exe * chore: Use go 1.25.1 * chore: Better explain hosts + Self-Managed for 'repo create' * chore(deps): update module k8s.io/client-go to v0.34.1 * fix(auth): allow dash in hostname URI * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.143.3 * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.143.2 * chore: Remove period from "EXPERIMENTAL" string * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.143.1 * docs: Revise docs for 'release create' command * chore(deps): update module golang.org/x/oauth2 to v0.31.0 * chore(deps): update module github.com/spf13/viper to v1.21.0 * feat(opentofu init): support OAuth2 token auth * chore(deps): update module golang.org/x/crypto to v0.42.0 * fix(debug http): deep-copy body for request dump * chore(deps): update module oss.terrastruct.com/d2 to v0.7.1 * chore(deps): update module golang.org/x/sync to v0.17.0 * chore(deps): update module github.com/coder/websocket to v1.8.14 * fix: Subsequent job traces fail to load after the first call to RunTraceSha() * feat: add automatic documentation generation for root command * chore(cluster/graph): add HelmRelease metadata - Update to version 1.68.0: * Changelog - 78c7dc2f: feat(agent bootstrap): support configuring commit author (Timo Furrer tfurrer@gitlab.com) - ab9c7f09: feat(agent): implement token list command (Timo Furrer tfurrer@gitlab.com) - 3a4d34d5: feat(duo/claude): Added support for Claude Code (Shekhar Patnaik spatnaik@gitlab.com) - a1809f2b: feat(issue-list): sort and order functionality (Filip Aleksic faleksic@gitlab.com) - 240f6800: feat(mr): add URL parsing support for mr (Munish munishkumar631@gmail.com) - 76692fd8: feat(release): remove experimental status from --use-package-registry flag (Timo Furrer tfurrer@gitlab.com) - 5101d572: feat(schedule-id): print schedule id on creation (Filip Aleksic faleksic@gitlab.com) - 6e81bd0d: fix(cluster/agent/get_token): clean up lock on OS signal (Mikhail Mazurskiy mmazurskiy@gitlab.com) - 376f3ffa: fix(commands): fixes to commands and env vars (Filip Aleksic faleksic@gitlab.com) - 713ea1b7: fix(env-var): respect GITLAB_HOST environment variable in all commands (Timo Furrer tfurrer@gitlab.com) - 8a6f45d7: fix(help): preserve newlines in glamour output (Jay McCure jmccure@gitlab.com) - d2c2e9da: fix(mr ci): use gitlab api to fetch default branch with fallback to main when... (Munish munishkumar631@gmail.com) - 6adb5415: fix: resolve host mismatch bug in repository resolution (Alex Romanov alex@romanov.ws) - 2fc5d0c6: refactor(cluster/agent/get_token): ensure the right error is returned (Mikhail Mazurskiy mmazurskiy@gitlab.com) * Dependencies - chore(deps): update module github.com/docker/cli to v28.4.0+incompatible - chore(deps): update module github.com/spf13/pflag to v1.0.10 - chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.142.6 - chore(deps): update module github.com/spf13/cobra to v1.10.1 - chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.142.4 - chore(deps): update module k8s.io/client-go to v0.34.0 - chore(deps): update module github.com/stretchr/testify to v1.11.1 - chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.142.2 - chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.142.1 - chore(deps): update module github.com/stretchr/testify to v1.11.0 - chore(deps): update module github.com/gdamore/tcell/v2 to v2.9.0 - chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.142.0 - chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.141.2 - chore(deps): update mock/mockgen to v0.6.0 - chore(deps): update golangci-lint to v2.4.0 - chore(deps): bump go to v1.25.0 in .tool-versions and .gitlab-ci.yml - chore(deps): bump go to v1.25.0 - chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.141.1 - chore(deps): bump effectively used mockgen version - chore(deps): update module go.uber.org/mock to v0.6.0 - chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.139.2 - chore(deps): update dependency golangci-lint to v2.4.0 - Update to version 1.67.0: * refactor(release download): cleanup request creation * fix(release download): use unauthenticated client for non-GitLab asset links * feat(opentofu): add `terraform` and `tf` as aliases for the `opentofu` * feat(debug): support `GLAB_DEBUG_HTTP` env variable to log HTTP traffic * chore(deps): update module k8s.io/client-go to v0.33.4 - Update to version 1.66.0: * feat(agent token): generate new token if cached token has been revoked * feat(agent token): lock token creation for concurrent plugin calls * feat(agent token): force keyring mode by default * feat(opentofu): add delete command * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.139.0 * chore(opentofu): fix command docs * fix(tests): Add missing can_create_organization to mock * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.138.0 * feat(state list): add OpenTofu state download command * feat(state list): add OpenTofu state unlock command * feat(state list): add OpenTofu state lock command * feat(state list): add OpenTofu state list command * refactor(release): avoid repeating calls to cmd.Flags() * feat(release): support configuring name of release asset package * fix(git): fix git test * chore: Apply 3 suggestion(s) to 3 file(s) * feat(cluster/graph): support ignoring arc direction when filtering by roots * feat(opentofu): implement new `opentofu init` command * feat(project): enhance fork handling for existing repos * chore: add .vscode/launch.json for debugging configuration * fix(mr checkout): respect git_protocol configuration instead of hardcoding SSH * fix(warnings): fix misc warnings across the code base * chore(deps): update module golang.org/x/crypto to v0.41.0 * refactor(factory): rename GitLab client variables * refactor(factory): rename misleading HttpClient func to GitLabClient * refactor: simplify tests with t.TempDir and t.Chdir * chore(deps): bump go to v1.24.6 * chore(deps): update dependency golang to v1.24.6 * feat(cluster/graph): support filtering by roots * feat: add autofill flags to mr update command * docs: Add a troubleshooting subheading to the README * feat(help): document -h short option * chore: Add additional mocks to git package * chore: don't run tests for doc changes only * chore(deps): remove duplicate golangci-lint entry from tools-versions * chore(deps): update dependency golangci-lint to v2.3.1 * docs: testing against staging * chore(hostname): remove h flag for hostname * chore(gen-docs): run gen docs without cmdtest package dependency * fix(api): respect --hostname argument * chore(deps): update module github.com/golang-jwt/jwt/v5 to v5.3.0 * feat(mr-list): support "Any" user * chore: simplified token validation * feat(duo ask): self-hosted instance url check - Update to version 1.65.0: * fix(get-token): gracefully handle concurrent token cache writes * feat(issue-update): add due-date functionality * chore(deps): update module github.com/docker/cli to v28.3.3+incompatible * feat(issue): Remove --label and --not-label mutual exclusivity * feat(mr): display file and line context for code comments * feat(job artifact): Add --list-paths to print paths - Update to version 1.64.0: * fix(ci run): honor passing `--variables` * docs: Add bare explanation of mTLS config * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.137.0 * chore(deps): update dependency golangci-lint to v2.3.0 * refactor: use AutoMerge * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.135.0 * refactor: factory ApiClient method does not ned to rely on config * refactor(config): remove unused UnsetHost method from Config * fix(docker-credential-helper): default config stub fixes * fix(api): use correct API path for GraphQL requests * refactor(get-token): us os.UserCacheDir instead of own version * feat: show all configured hosts in interactive login prompt * refactor(agent get-token): support cache mode * chore(enum flag): implement enum flag helper * refactor(agent get-token): use keyring and fallback to fs for token cache * feat(release): support uploading release assets to generic package registry * chore(deps): update module k8s.io/client-go to v0.33.3 * chore(deps): update module k8s.io/client-go to v0.33.3 * chore(deps): update module github.com/golang-jwt/jwt/v5 to v5.2.3 * feat(agent): support configurable token expiration duration * refactor(agent update-kubeconfig): remove unnecessary use of persistent flags * feat(agent get-token): cache token in local file * refactor(agent get-token): move pat creation into separate function - Update to version 1.63.0: * fix(docker-credential-helper): init cred helpers if empty * feat(hidden-variables): List and set hidden variables * refactor: do not use SSH URL translator for non-SSH URLs * refactor: remove unused url translator function * chore(deps): bump go to v1.24.5 * chore(deps): update dependency golangci-lint to v2.2.2 * chore(deps): update module golang.org/x/crypto to v0.40.0 * chore(deps): update module github.com/docker/cli to v28.3.2+incompatible - Update to version 1.62.0: * feat: allow (un)archiving repo with `repo update --archive` * chore(deps): update module golang.org/x/text to v0.27.0 * chore(deps): update module golang.org/x/sync to v0.16.0 * refactor: use oauth2 package from GitLab client-go * refactor: use context in OAuth2 authorization flow * refactor: use x/oauth2 instead of custom OAuth2 types * refactor: rename oAuthClientID to oauthClientID * refactor: use x/oauth2 for authorization flow * refactor: use x/oauth2 for refreshing token * chore(deps): update module github.com/docker/cli to v28.3.1+incompatible * feat: add docker-credential-helper * chore: Backport change to backend file * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.134.0 * chore: Revise UI and docs strings * fix: glab auth login to work with mTLS by using api.NewClientWithCfg instead of native HTTPClient * feat(var): add option to list instance vars * refactor: do not write test key files if they already exist * chore(pipeline): add job to verify generated code * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.133.0 * fix: reflection panic when using survey with release create * refactor: improve structure of API client constructor * refactor: make api client auth source available for OAuth2 refresh workflow * refactor: use context for client HTTPRequest functions * refactor: make api client initialization more flexible and more maintainable * refactor: remove condition httpclient nil check in api client * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.132.0 * refactor: remove globals in variable create command * refactor: remove globals in create issue board command * refactor: remove globals in ci run command * refactor: remove globals in ci lint command * refactor: remove globals in issue board view command * refactor: move global API functions that are overridden in tests to a local scope * refactor: use GitLab client-go directly in some commands * refactor: use GitLab client-go directly in some ci commands * refactor: use GitLab client-go mocks instead of HTTP mocks in changelog commands * refactor: use GitLab client-go mocks instead of HTTP mocks in auth commands * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.131.0 * refactor: speed up dpop generate test by pre-generating test data * refactor: remove unused BaseURL method in API client * refactor: remove unnecessary lazy initalization of GitLab Client in API client * refactor: rename api.NewClientWithCfg to api.NewClientFromConfig * refactor: remove unused protocol parameter for api.NewClientWithCfg * refactor: remove unnecessary if err check when creating new client * refactor: move commands/flag into cmdutils * chore(pipeline): use 2x large runners for release test * refactor: use NewTestFactory instead of manually constructing test factory * refactor: use NewTestFactory with NewTestApiClient to remove TestClient * refactor: rename MustTestClient to NewTestApiClient * refactor: remove unused cmdtest.InitFactory * refactor: use NewTestFactory instead of InitFactory in command tests * feat(cluster/graph): use struct for arc attributes * refactor: use NewTestFactory in SetupCmdTest * refactor: move hooks package into telemetry files in main pkg * fix: prevent crash when it is not possible to get client for telemtry * refactor: do not used named returns unless it makes sense * refactor: remove unused parameters * refactor: remove unneccessary type conversions * refactor: remove deadcode * refactor: move httpmock to testing/ and introduce testing/gitmock * refactor: remove unused git_mock package * refactor: move api package into internal/ * refactor: add depguard rule that no testing package is used in non-testing code * refactor: only depend on cmdutils from commands * refactor: move cmdutils package from commands/ to internal/ directly * refactor: move cmdtest package into internal/testing * refactor: move packages from pkg/ under internal/ * refactor: move commands/ under internal/ * refactor: cache base repo * chore(deps): update dependency golangci-lint to v2.2.1 * chore(deps): update dependency golangci-lint to v2.2.0 * feat(cluster/graph): better error reporting * refactor: remove integration test that doesn't make sense * refactor: remove manual RepoOverride from integration tests * refactor: remove manual RepoOverride from commands * chore(deps): update dependency golangci-lint to v1.64.8 * ci: upgrade golangci-lint to v2 * chore(ci): enable race detector in tests * refactor: update check from main function * refactor: rename telemtry hook setup function * refactor: concentrate debug mode setup in one place * refactor: move survey core setup out of main function * refactor: introduce build info to factory and use consistently in commands * refactor: remove global debug variable * refactor: remove global default hostname and protocol variables * refactor: remove global build info and introduce user agent to factories * refactor: use ExecuteCommand in favor of RunCommnad * refactor: remove exotic FirstLine test helper function * refactor: remove custom Eq test helper * refactor: use prod factory directly in integration tests * refactor: directly create factory with test config instead of stubbing * refactor: do not stub factory when no required * refactor: initialize config exactly once * refactor: reduce down to single factory creation function * refactor: configure iostreams from config in factory func * refactor: create config before factory to improve factory immutability * refactor: exclusively use `cmdtest.TestIOStreams` factory func in tests * refactor: unexport internal 256 color support check function * refactor: use tagged switch instead of if to set iostreams prompt * refactor: introduce proper factory for iostreams * refactor: remove global terminal-related variables * refactor: remove IOStreams globals * refactor: remove global apiClient instance * refactor: always use factory to create client from commands * refactor: introduce ApiClient factory function * refactor: remove unneccessary use of global apiClient * refactor: remove obsolete client refresh functionality * refactor: remove introduce HTTP client override functionality * refactor: introduce http client client option funcs * refactor: unexport internal gitlab client * refactor: unexport client protocol * refactor: introduce client option funcs to replace various client factory functions * refactor: unexport private client factory functions * refactor: move API test client to cmdtest package * refactor: add allowInsecure flag to tlsConfig func - remove ldflags '-s -w' from build command - fix missing git commit in 'glab version' output - Update to version 1.61.0: * refactor: remove unused option struct fields * refactor: align more commands with common structure * refactor: remove unnecessary copying of test var * refactor: remove unused runE / runF cmd args * feat(cluster/graph): extra docs on CEL * feat(cluster/graph): support logging watch request * feat(cluster/graph): support selecting namespaces * feat: add 'repo update' command * feat: command for ci run mr * refactor: first pass of aligning command structure * chore(deps): update module k8s.io/client-go to v0.33.2 * feat(cluster/graph): enhance docs * feat(cluster/graph): allow selecting resources by name * feat(cluster/graph): allow selecting common resources in common groups * refactor(cluster/graph): rework default query construction * fix(cluster/graph): remove print * chore(deps): update module k8s.io/apimachinery to v0.33.2 * chore(deps): update module github.com/hashicorp/go-retryablehttp to v0.7.8 - Update to version 1.60.2: * chore: Make telemetry warning debug level * refactor: custom factory for docs generation * refactor: use the test factory * refactor: use stubs in the test factory * refactor: mutate io before passing * refactor: rework test factory * refactor: use IO function * refactor: pass IO streams to factory constructor * refactor: remove error handling from RepoOverride() calls * refactor: use the interface * refactor: new factory interface - Update to version 1.60.1: * fix: fix regression from 6fbcfab310b545cdd1cd4ca20918b5862be34255 * chore(deps): bump go to v1.24.4 - Update to version 1.60.0: * fix: correctly use t.Setenv() in tests * refactor: remove unused fucntions * refactor: do not use global OverrideAPIProtocol, set it on local client * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.130.1 * refactor(agent bootstrap): use options struct * refactor(cluster agent): mock GitLab API in get token cmd tests * refactor(cluster agent): use options struct * fix(agent): use UTC when calculating token expiration * chore: Readding telemetry, fixing segfault * refactor(cluster graph): unexport run method * refactor: Add thread safety for factory * chore(deps): update module github.com/coder/websocket to v1.8.13 * feat: cluster graph command * feat: :wrench: Add helm-repository-address to cluster agent bootstrap command * fix(cluster/agent): propagate repo host and name * refactor: cleanup cluster agent update-kubeconfig * fix: Improving user feedback when no jobs exist in a pipeline * fix: log errors to StdErr * fix(deps): drop direct golang.org/x/exp dependency * fix: add missing newline * docs(workspace): update doc for using workspace with cli project * chore(docs): update example to $># format * refactor: remove globals from tests * chore(deps): update module golang.org/x/crypto to v0.39.0 * chore(deps): update module golang.org/x/text to v0.26.0 * refactor: remove some of the global state, part 2 - Update to version 1.59.2: * Revert "fix(telemetry): remove data race in telemetry hook" - Update to version 1.59.1: * fix(telemetry): remove data race in telemetry hook - Update to version 1.59.0: * refactor: do not use the global client * refactor: do not use api.GetClient() in commands/api * fix: make HttpClient always safe to use * chore(usage-ping): Add telemetry data for commands/projects/namespaces * feat(config): added GitDir to get proper location to put local configs * chore: Update command examples following new style guide * feat: add pagination to ci trigger command * docs(api): add simple GraphQL oneliner - Update to version 1.58.0: * feat(deploy-key): Deploy key functionality * fix(auth): fix CI JOB TOKEN with custom CA file * chore: Adding initial git function mocks * chore(usage-ping): Add configuration option to opt out of usage data * feat(securefile): add project secure file get support * chore: Update command examples following new style guide, fixes #7833 * chore: Make scopes of non-admin PATs clearer * chore(docs): update example to $># format * chore(deps): update module k8s.io/client-go to v0.33.1 * chore(deps): update module k8s.io/apimachinery to v0.33.1 * chore(deps): update dependency markdownlint-cli2 to v0.18.1 * docs: Add mise as an install method * chore: Update go to 1.24.3 * chore(deps): update dependency markdownlint-cli2 to v0.18.0 * chore(deps): update dependency @commitlint/read to ^19.8.1 * chore(deps): update dependency @commitlint/format to ^19.8.1 * chore(deps): update dependency @commitlint/lint to ^19.8.1 * feat(cluster): add FluxCD environment creation during agent bootstrap * chore(deps): update dependency golang to v1.24.3 * refactor(auth): Move auth helper to its own location * chore(deps): update module golang.org/x/oauth2 to v0.30.0 * chore(docs): update example tro $># format * fix: try to update ref head only if remote has diverged * chore(deps): update module golang.org/x/crypto to v0.38.0 * docs: improve help text for `ci run` `--variables-from` * feat: Add iteration command * chore: Update links to docs.gitlab.com * chore(docs): update example to $># format * test(stacked-diffs): adding missing test for stack save * refactor(cmdutils): remove used once function - Update to version 1.57.0: * test: Use GITLAB_TOKEN_TEST instead of GITLAB_TOKEN * chore: update to gomock 0.5.2 * chore(deps): update module go.uber.org/mock to v0.5.2 * test: Add UT for StackRootDir * chore: apply gopls modernize * chore(deps): update module k8s.io/client-go to v0.33.0 * chore(deps): add node * chore: account for breaking changes in client-go 0.128.0 * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.128.0 * chore: format release commands * chore: format schedule commands * chore(deps): update module k8s.io/apimachinery to v0.32.4 * refactor: mrutils.getMRForBranch & mrutils.mrOptions * chore(deps): update module github.com/charmbracelet/glamour to v0.10.0 - Update to version 1.56.0: * feat(securefile): add project secure file create support * chore: Update command examples following new style guide * fix(release): allow use of commit log for release notes * fix: readibility & consistency of persing pipeline variable error * refactor: Explicit nil return for error in successful snippet creation * chore: apply new style guide for MR command examples * fix: Initialize factory HTTP client with error handling to support stub behavior * chore: apply new style guide for misc ci command help texts * chore: apply new style guide for more cli ci command help texts * chore: Change plaintext syntax to 'console' for examples * chore: apply new style guide for cli ci command help texts * chore(docs): update examples to $># format * chore(docs): update example to $># format * chore: apply new style guide for more cli help texts * docs: Add docs change to clear a couple of Vale warnings * chore: Update Vale rules for project * chore: apply new style guide for cli help texts * chore(docs): update example to $># format * chore(docs): update example to $># format * chore(docs): update example to `$>#` format * chore(docs): update example to $># format * chore(docs): update example to $># format * chore: disable markdownlint rule MD014 * fix: change the example cli help example section * feat: ouput option json for project search * chore: Update linting tools in project * feat(issue): Implement the `--epic` option for `issue list` * docs: Fix last markdownlint errors, restore linting * feat(securefile): add project secure file remove support * chore: restrict access to test job artifacts * fix(project): remove extra --tag option from "publish catalog" command * feat(securefile): add project secure file download support * chore(deps): update module golang.org/x/oauth2 to v0.29.0 * chore(deps): update module go.uber.org/mock to v0.5.1 * chore(deps): update module golang.org/x/crypto to v0.37.0 * feat(securefile): add project secure file list support * chore(deps): update module gitlab.com/gitlab-org/api/client-go to v0.127.0 * fix(update-check): environment variable has higher priority * chore: Update glamour version * ci: update commit lint to the latest version * feat(logout): support token removal * fix(ci list): correct timezone format * chore(deps): update dependency @commitlint/config-conventional ^19.8.0 * chore(deps): update dependency @commitlint/read to ^19.8.0 * chore(deps): bump golang to v1.24.2 * chore(ci): enable dependency proxy * chore(deps): update module github.com/gdamore/tcell/v2 to v2.8.1 * chore(deps): update dependency @commitlint/format to ^19.8.0 * chore(deps): update dependency danger-review to v2.1.0 * refactor: set HTTPClient without factory * chore: Fixing homebrew pull request version bump * chore(deps): update module github.com/spf13/viper to v1.20.1 * docs(examples): update all examples * chore(deps): update module k8s.io/client-go to v0.32.3 - Update to version 1.55.0: * chore(deps): update module github.com/golang-jwt/jwt/v5 to v5.2.2 * refactor(cluster agent): use new client-go testing pkg * refactor(tokens): Add description and refactor token creation * feat(config-edit): add config edit command * build(windows-builds): include installer sha in checksum file * feat: add command for publishing to CI catalog * refactor: move CI/CD catalog publishing to project command - Update to version 1.54.0: * chore(deps): update dependency axios to ^1.8.4 * build(version): standardize versions accross builds * feat: create project command can skip creating git repository * chore: Updating client-go * feat: Create stack from created branch * chore(deps): update golang to v1.24.1 * test: Start using mocks for git tests * feat(ssh-key): add usage-type when creating ssh key * chore(deps): update module github.com/spf13/viper to v1.20.0 * chore(deps): adjust for breaking changes in client-go * chore(deps): update module client-go to v0.125.0 * fix(issue/mr create): add ability to assign group milestones * feat: Render markdown help text in glamour * chore(deps): update module k8s.io/apimachinery to v0.32.3 * chore(deps): update dependency axios to ^1.8.3 * chore: update gitlab.com/gitlab-org/api/client-go v0.124.0 * feat(dpop): add option to generate DPoP JWTs * chore(deps): update dependency @commitlint/lint to ^19.8.0 * fix: goreleaser archives.format is deprecated * chore(deps): update dependency axios to ^1.8.2 * chore(deps): update module golang.org/x/oauth2 to v0.28.0 * chore(deps): update module golang.org/x/crypto to v0.36.0 * chore(deps): update module golang.org/x/text to v0.23.0 * chore(docs): use consistent language in flags * chore: Add USERNAME to environment variables cleared for test * fix(formatting): fixed output formatting for commands * chore: Update source of documentation linting image * chore: Update Vale rules from 'gitlab' project * chore(deps): update golang to v1.24.0 * chore(deps): update dependency axios to ^1.8.1 * feat: give credits in changelog * chore(deps): update module golang.org/x/oauth2 to v0.27.0 * chore(deps): update module golang.org/x/crypto to v0.35.0 * chore(deps): update module github.com/avast/retry-go/v4 to v4.6.1 * feat(var): make count of listed vars configurable * fix(token-list): expiration time can be null * docs(help): document all environment variables * chore: Improve re-auth and self-managed strings * fix(ci status): allow live to loop with NO_PROMPT * chore(snap): update base and fix version * feat(ssh-key): add usage type to output * feat: show help hint on error instead of full usage * docs: improve ci job variable docs * fix(token-list): token list works outside a repository * fix: replace `GetLastPipeline` calls with `GetLatestPipeline` * chore(deps): update module github.com/spf13/cobra to v1.9.1 * feat(ci status): return error when pipeline failed * fix(ci status): use GetLatestPipeline API for branches * chore(deps): update gitlab.com/gitlab-org/api/client-go to v0.123.0 * feat(ci-run-web): add --web flag to ci run * chore(deps): update module k8s.io/apimachinery to v0.32.2 * chore(ca-certificates): include ca-certificates in docker * fix(ci get): do not require branch if pipelineID is given * fix(mr update): multiple draft prefixes * chore(onboarding): update urls * chore(deps): update module golang.org/x/crypto to v0.33.0 * test: create with multiple files * fix(table-headers): add table headers to output * fix(parsing): recover from unparsable structs * chore(deps): update module golang.org/x/term to v0.29.0 * fix: accept input from stdin when stdin is TTY * fix: print to `Opts.IO` because it can be processed * docs: document multiple files feature * feat(snippets): support uploading multiple files * refactor(snippets): use newer files API * feat(snippets): support multiple files * refactor: remove unnecessary `opts.Lab` - Update to version 1.53.0: * feat(release): add experimental notes text-or-file parameter * feat(diffs): Add --raw option to mr diffs * fix: fix incorrect API host being shown in status * fix(docs): document GLAB_CHECK_UPDATE environment variable * chore(tests): added ssh-key list tests * refactor(pagination): add parameters on struct creation * feat(repo): list user projects * fix(pkg/tableprinter): handle nil pointer cell values * test(archive): fix flaky archive test * chore(deps): update module golang.org/x/text to v0.22.0 * refactor(main): move SilentError check out of printError * chore: Fixing a test that keeps failing * fix(issueable list): remove support multiple not- filter flags * chore(uploads): ignore deprecated UploadFile function * refactor(issues): rename ListIssues to ListProjectIssues * chore(client-go): account for breaking changes * chore(deps): update module client-go to v0.122.0 * fix: make SilentError exit with code 1 as documented * feat(update): check for updates periodically * chore(deps): update module golang.org/x/oauth2 to v0.26.0 * fix(snippet): show friendly error for project snippet without repo * feat(variables): add option to list/update/set description of vars * chore(deps): update dep @commitlint/config-conventional to ^19.7.1 * chore(deps): update dependency @commitlint/lint to ^19.7.1 * refactor(git): remove excessive argument processing for RunClone * docs(project-search): Fixed project search example usage * chore(deps): update dependency @commitlint/lint to ^19.7.1 * feat(label): add command to delete labels * test(label): add missing tests to label-creation * docs: Shift environment variables from unordered list to table * fix(snippet create): complete usage info * chore: Tidy up docs for 'schedule update' * feat(update_check): Rename variable to GLAB_CHECK_UPDATE * build(flags): strip symbols from binary * refactor(var): rename functions to match what they do * fix(artifact): create subdirs instead of failing * fix(mr merge): friendly error when merges require CI to pass * refactor(perms): cleanup Windows permissions FIXME * fix(ci status): detect branch repo from remote * feat(schedule): Add option to edit an existing scheduled pipeline * chore: show colored diff when docs update is needed * fix: listing of group variables without git repository * feat(update check): Add env variable to skip update check * fix(repo clone): correctly separate gitflags arguments * feat(mr list): Add sorting functionality for MRs * feat(cancel): implement glab ci cancel command * docs(repo): explain archive-flag better * feat(repo clone): document group syntax in usage * feat: add debug output for tracing `glab ci status` * chore(deps): update module k8s.io/client-go to v0.32.1 * chore(deps): update module k8s.io/client-go to v0.32.1 - Update to version 1.52.0: * feat(release): add --no-close-milestone flag for release creation * chore(deps): update module github.com/briandowns/spinner to v1.23.2 * chore: roll docs linting tooling forward * feat(release): Add --no-update to release create * chore(deps): update module k8s.io/apimachinery to v0.32.1 * chore(deps): update module github.com/mattn/go-colorable to v0.1.14 * fix: update path where config.yml is displayed * feat: Add reordering of stacks * fix(docs): change toc to show actual contents * chore: Post-merge review of UI strings * docs: Fix missing period in display * chore(deps): update golang to v1.23.4 * docs: add command for previewing release commits * chore(deps): update module golang.org/x/crypto to v0.32.0 * chore(deps): update module golang.org/x/term to v0.28.0 * chore(deps): update module github.com/otiai10/copy to v1.14.1 * chore(deps): update module golang.org/x/oauth2 to v0.25.0 * feat: add support for setting issue weight in glab issue update * chore(dep): update x/net * chore(deps): update golang to v1.23.3 - Update to version 1.51.0: * feat(ci): add more flags to filter ci list output * refactor: Moving and adding some test helpers for `stack reorder` * feat(list): add project list filter for all non-archived projects * chore(deps): update module k8s.io/client-go to v0.32.0 * chore(deps): migrate go-gitlab to gitlab.com/gitlab-org/api/client-go * chore(deps): update module k8s.io/apimachinery to v0.32.0 * chore(deps): update module golang.org/x/crypto to v0.31.0 * fix(variable): add quotes to export-commands * refactor: Refactor some functions and add some stack helpers * feat: add --active flag to glab token list * fix(agent bootstrap): panic when cfg exists but no user access defined * chore(deps): update module golang.org/x/term to v0.27.0 * chore(deps): update module golang.org/x/text to v0.21.0 * chore(deps): update dependency danger-review to v2 * chore(deps): update dependency axios to ^1.7.9 * feat: added mr list filtering flag --not-draft - Update to version 1.50.0: * feat(release): "release create --publish-to-catalog" flag * feat: add environment scope for export * chore(deps): update dependency axios to ^1.7.8 * feat(label list): flag to list group labels * chore(deps): update module github.com/stretchr/testify to v1.10.0 * feat(auth): support CI JOB TOKEN * refactor: Fix some package names * chore(deps): update module k8s.io/client-go to v0.31.3 * fix(cluster agent): constructing KAS Kubernetes API Proxy URL * chore(dep): update cross-spawn * test: Add basic stack sync testing * chore(deps): update dependency @commitlint/config-conventional ^19.6.0 * chore(deps): update dependency @commitlint/lint to ^19.6.0 * fix: adjust test data for new go-gitlab release * chore(deps): update module github.com/xanzy/go-gitlab to v0.114.0 * docs(debug): add information about debugging glab * feat(test): Integration test for create mr with recover option - Update to version 1.49.0: * chore: Restore markdownlint testing, disable rule MD029 for ol-prefix * fix(stacked-diffs): remove merged or closed MRs in sync * feat(test): Integration test for create issue with recover option * docs: Spacing, capitalization, and punctuation * fix(commands/cluster/agent/get_token): agentID is always 64 bit * feat(release): "release create --tag-message" flag * refactor: Remove package-level vars * fix(diff): return most recent diff version only * chore(deps): update module golang.org/x/oauth2 to v0.24.0 * chore(deps): update module golang.org/x/crypto to v0.29.0 * feat: list personal, project or group access tokens * chore(deps): update module github.com/xanzy/go-gitlab to v0.113.0 * test: Adding checking of post body to http mocks * chore(license): Update LICENSE * docs: add flux bootstrap path note to agent bootstrap cmd * docs: ignore generated documentation when running markdownlint-cli2 * fix: add more info to gitlab agent reconcile error * chore(deps): update module github.com/zalando/go-keyring to v0.2.6 * chore(deps): update module k8s.io/client-go to v0.31.2 * chore(deps): update module k8s.io/apimachinery to v0.31.2 * feat: add environment format for variable export * feat(auth login): allow more non-interactive login options * feat(issues): add filter by iteration option to issue list * feat: rotate personal, project or group access tokens * fix: utilize api_host in config to avoid git subdomain issues * chore(deps): update module go.uber.org/mock to v0.5.0 * feat(agent bootstrap): support specifying Agent Helm Chart values glab-1.93.0-bp160.1.1.x86_64.rpm glab-bash-completion-1.93.0-bp160.1.1.noarch.rpm glab-doc-1.93.0-bp160.1.1.noarch.rpm glab-fish-completion-1.93.0-bp160.1.1.noarch.rpm glab-zsh-completion-1.93.0-bp160.1.1.noarch.rpm glab-1.93.0-bp160.1.1.s390x.rpm glab-1.93.0-bp160.1.1.ppc64le.rpm glab-1.93.0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-228 Security update for hauler moderate openSUSE Backports SLE-16.0 This update for hauler fixes the following issues: Changes in hauler: - update to 1.4.2 (bsc#1258614, CVE-2026-24122): * Bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.3.1 in the go_modules group across 1 directory * fix for new helm chart features * Bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 in the go_modules group across 1 directory * Bump github.com/sigstore/sigstore from 1.10.3 to 1.10.4 in the go_modules group across 1 directory * Bump github.com/theupdateframework/go-tuf/v2 from 2.3.1 to 2.4.1 in the go_modules group across 1 directory * update cosign fork to 3.0.4 plus dep tidy * fix: Fix file:// dependency chart path resolution * update github.com/olekukonko/tablewriter to v1.1.2 * keep registry on image rewrite if not specified * Bump github.com/theupdateframework/go-tuf/v2 from 2.3.1 to 2.4.1 in the go_modules group across 1 directory * fix: handling of file referenced dependencies without repository field * Bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 in the go_modules group across 1 directory * dev.md file * smaller changes and updates for v1.4.2 release hauler-1.4.2-bp160.1.1.x86_64.rpm hauler-1.4.2-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-229 Recommended update for canfigger moderate openSUSE Backports SLE-16.0 This update for canfigger fixes the following issues: Introduce canfigger. libcanfigger0-0.3.1-bp160.1.1.x86_64.rpm libcanfigger0-devel-0.3.1-bp160.1.1.x86_64.rpm libcanfigger0-doc-0.3.1-bp160.1.1.noarch.rpm libcanfigger0-0.3.1-bp160.1.1.s390x.rpm libcanfigger0-devel-0.3.1-bp160.1.1.s390x.rpm libcanfigger0-0.3.1-bp160.1.1.ppc64le.rpm libcanfigger0-devel-0.3.1-bp160.1.1.ppc64le.rpm libcanfigger0-0.3.1-bp160.1.1.aarch64.rpm libcanfigger0-devel-0.3.1-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-23 Recommended update for quilt important openSUSE Backports SLE-16.0 This update for quilt fixes the following issues: Changes in quilt: Update to version 0.69: * Fix escaping of % and backslash in patch names * new: Stop claiming support of option -p ab * patches: Several performance optimizations * series: Simplify the code - Make it possible to run "quilt setup" on a spec file which excludes the local architecture (boo#1238516). - Fix building noarch packages with rpm >= 4.20 (boo#1236907). - Make it possible to preprocess spec files which do not comply with the standard. Most notably multibuild OBS spec files need to be preprocessed. Use option "--spec-filter=obs" for these (boo#1236907). - Detect the change of build root path hierarchy introduced by rpm 4.20 (boo#1236907). - Install the bash completion file to the right directory (reported by rpmlint). quilt-0.69-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-230 Security update for MozillaThunderbird important openSUSE Backports SLE-16.0 This update for MozillaThunderbird fixes the following issues: Changes in MozillaThunderbird: - Mozilla Thunderbird 140.10.0 ESR * Newly translated strings were not available in Thunderbird MFSA 2026-34 (bsc#1262230) * CVE-2026-6746 Use-after-free in the DOM: Core & HTML component * CVE-2026-6747 Use-after-free in the WebRTC component * CVE-2026-6748 Uninitialized memory in the Audio/Video: Web Codecs component * CVE-2026-6749 Information disclosure due to uninitialized memory in the Graphics: Canvas2D component * CVE-2026-6750 Privilege escalation in the Graphics: WebRender component * CVE-2026-6751 Uninitialized memory in the Audio/Video: Web Codecs component * CVE-2026-6752 Incorrect boundary conditions in the WebRTC component * CVE-2026-6753 Incorrect boundary conditions in the WebRTC component * CVE-2026-6754 Use-after-free in the JavaScript Engine component * CVE-2026-6757 Invalid pointer in the JavaScript: WebAssembly component * CVE-2026-6759 Use-after-free in the Widget: Cocoa component * CVE-2026-6761 Privilege escalation in the Networking component * CVE-2026-6762 Spoofing issue in the DOM: Core & HTML component * CVE-2026-6763 Mitigation bypass in the File Handling component * CVE-2026-6764 Incorrect boundary conditions in the DOM: Device Interfaces component * CVE-2026-6765 Information disclosure in the Form Autofill component * CVE-2026-6766 Incorrect boundary conditions in the Libraries component in NSS * CVE-2026-6767 Other issue in the Libraries component in NSS * CVE-2026-6769 Privilege escalation in the Debugger component * CVE-2026-6770 Other issue in the Storage: IndexedDB component * CVE-2026-6771 Mitigation bypass in the DOM: Security component * CVE-2026-6772 Incorrect boundary conditions in the Libraries component in NSS * CVE-2026-6776 Incorrect boundary conditions in the WebRTC: Networking component * CVE-2026-6785 Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 * CVE-2026-6786 Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 - Mozilla Thunderbird 140.9.1 ESR MFSA 2026-29 * CVE-2026-5732 Incorrect boundary conditions, integer overflow in the Graphics: Text component * CVE-2026-5731 Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 * CVE-2026-5734 Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 - Mozilla Thunderbird 140.9.0 ESR MFSA 2026-24 (bsc#1260083) * CVE-2026-3889 Spoofing issue in Thunderbird * CVE-2026-4371 Out of bounds read in IMAP parsing * CVE-2026-4684 Race condition, use-after-free in the Graphics: WebRender component * CVE-2026-4685 Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4686 Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4687 Sandbox escape due to incorrect boundary conditions in the Telemetry component * CVE-2026-4688 Sandbox escape due to use-after-free in the Disability Access APIs component * CVE-2026-4689 Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component * CVE-2026-4690 Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component * CVE-2026-4691 Use-after-free in the CSS Parsing and Computation component * CVE-2026-4692 Sandbox escape in the Responsive Design Mode component * CVE-2026-4693 Incorrect boundary conditions in the Audio/Video: Playback component * CVE-2026-4694 Incorrect boundary conditions, integer overflow in the Graphics component * CVE-2026-4695 Incorrect boundary conditions in the Audio/Video: Web Codecs component * CVE-2026-4696 Use-after-free in the Layout: Text and Fonts component * CVE-2026-4697 Incorrect boundary conditions in the Audio/Video: Web Codecs component * CVE-2026-4698 JIT miscompilation in the JavaScript Engine: JIT component * CVE-2026-4699 Incorrect boundary conditions in the Layout: Text and Fonts component * CVE-2026-4700 Mitigation bypass in the Networking: HTTP component * CVE-2026-4701 Use-after-free in the JavaScript Engine component * CVE-2026-4702 JIT miscompilation in the JavaScript Engine component * CVE-2026-4704 Denial-of-service in the WebRTC: Signaling component * CVE-2026-4705 Undefined behavior in the WebRTC: Signaling component * CVE-2026-4706 Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4707 Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4708 Incorrect boundary conditions in the Graphics component * CVE-2026-4709 Incorrect boundary conditions in the Audio/Video: GMP component * CVE-2026-4710 Incorrect boundary conditions in the Audio/Video component * CVE-2026-4711 Use-after-free in the Widget: Cocoa component * CVE-2026-4712 Information disclosure in the Widget: Cocoa component * CVE-2026-4713 Incorrect boundary conditions in the Graphics component * CVE-2026-4714 Incorrect boundary conditions in the Audio/Video component * CVE-2026-4715 Uninitialized memory in the Graphics: Canvas2D component * CVE-2026-4716 Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component * CVE-2026-4717 Privilege escalation in the Netmonitor component * CVE-2025-59375 Denial-of-service in the XML component * CVE-2026-4718 Undefined behavior in the WebRTC: Signaling component * CVE-2026-4719 Incorrect boundary conditions in the Graphics: Text component * CVE-2026-4720 Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 * CVE-2026-4721 Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 MozillaThunderbird-140.10.0-bp160.1.1.x86_64.rpm MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64.rpm MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64.rpm MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64.rpm MozillaThunderbird-140.10.0-bp160.1.1.s390x.rpm MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x.rpm MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x.rpm MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x.rpm MozillaThunderbird-140.10.0-bp160.1.1.ppc64le.rpm MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le.rpm MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le.rpm MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le.rpm MozillaThunderbird-140.10.0-bp160.1.1.aarch64.rpm MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64.rpm MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64.rpm MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-231 Security update for kf6-kcoreaddons important openSUSE Backports SLE-16.0 This update for kf6-kcoreaddons fixes the following issues: Changes in kf6-kcoreaddons: - CVE-2026-41526: Fixed arbitrary code execution via improper shell argument quoting (boo#1263441) kf6-kcoreaddons-6.16.0-bp160.2.1.x86_64.rpm kf6-kcoreaddons-devel-6.16.0-bp160.2.1.x86_64.rpm kf6-kcoreaddons-imports-6.16.0-bp160.2.1.x86_64.rpm kf6-kcoreaddons-lang-6.16.0-bp160.2.1.noarch.rpm libKF6CoreAddons6-6.16.0-bp160.2.1.x86_64.rpm python3-kf6-kcoreaddons-6.16.0-bp160.2.1.x86_64.rpm kf6-kcoreaddons-6.16.0-bp160.2.1.s390x.rpm kf6-kcoreaddons-devel-6.16.0-bp160.2.1.s390x.rpm kf6-kcoreaddons-imports-6.16.0-bp160.2.1.s390x.rpm libKF6CoreAddons6-6.16.0-bp160.2.1.s390x.rpm python3-kf6-kcoreaddons-6.16.0-bp160.2.1.s390x.rpm kf6-kcoreaddons-6.16.0-bp160.2.1.ppc64le.rpm kf6-kcoreaddons-devel-6.16.0-bp160.2.1.ppc64le.rpm kf6-kcoreaddons-imports-6.16.0-bp160.2.1.ppc64le.rpm libKF6CoreAddons6-6.16.0-bp160.2.1.ppc64le.rpm python3-kf6-kcoreaddons-6.16.0-bp160.2.1.ppc64le.rpm kf6-kcoreaddons-6.16.0-bp160.2.1.aarch64.rpm kf6-kcoreaddons-devel-6.16.0-bp160.2.1.aarch64.rpm kf6-kcoreaddons-imports-6.16.0-bp160.2.1.aarch64.rpm libKF6CoreAddons6-6.16.0-bp160.2.1.aarch64.rpm python3-kf6-kcoreaddons-6.16.0-bp160.2.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-232 Security update for trivy important openSUSE Backports SLE-16.0 This update for trivy fixes the following issues: Changes in trivy: - Update to version 0.70.0 ( bsc#1260193, CVE-2026-33186, bsc#1260971, CVE-2026-33747, bsc#1261052, CVE-2026-33748, bsc#1262389, CVE-2026-39984, bsc#1262893, CVE-2026-34986): * release: v0.70.0 [main] (#10105) * chore(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 (#10496) * chore(deps): bump github.com/sigstore/timestamp-authority/v2 from 2.0.3 to 2.0.6 (#10526) * chore(deps): bump the common group across 1 directory with 8 updates (#10540) * chore(deps): bump the docker group across 1 directory with 2 updates (#10538) * fix: use Development category for GoReleaser discussions (#10530) * chore(deps): bump testcontainers-go to v0.42.0 (#10531) * chore: update CODEOWNERS (#10529) * chore(deps): bump helm.sh/helm/v3 from 3.20.1 to 3.20.2 (#10511) * chore(deps): bump github.com/hashicorp/go-getter from 1.8.5 to 1.8.6 (#10510) * chore(deps): bump github.com/moby/buildkit from 0.27.1 to 0.28.1 (#10449) * ci: migrate from mkdocs-material-insiders to mkdocs-material (#10509) * chore: remove aquasecurity/homebrew-trivy tap from GoReleaser (#10508) * ci: update runners for workflows that interact with GitHub API (#10502) * ci: rename tokens and update runners (#10500) * ci: trigger helm chart publishing via helm-charts workflow (#10474) * ci: remove ruleset update step from release-please workflow (#10499) * ci: use large runner and replace ORG_REPO_TOKEN in release-please workflow (#10498) * ci: trigger rpm/deb deployment via trivy-repo workflow (#10476) * fix: remove os.Stdout from wazero module config (#10403) * chore(deps): bump the common group across 1 directory with 22 updates (#10408) * chore(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.3 (#10407) * fix(flag): validate template file extension (#10296) * fix(sbom): preserve Red Hat BuildInfo when scanning SBOMs without layer info (#10378) * fix: handle Go 1.26 GOEXPERIMENT version format change (#10351) * fix(python): handle multiple version specifiers in requirements.txt (#10361) * ci: run Trivy version bump in trivy-action (#10272) * fix(python): nil pointer dereference with optional poetry groups without dependencies (#10359) * ci: replace personal email with github-actions[bot] in workflows (#10369) * chore: replace smithy epoch parsing with stdlib time.Unix (#10286) * test: update golden files for purl changes (#10372) * ci: add zizmor to scan GitHub Actions workflows (#10322) * refactor: log statuses as strings (#10285) * ci: add build provenance attestations for release artifacts (#10316) * fix(sbom): add NOASSERTION for licenseDeclared/licenseConcluded in SPDX non-library packages (#10368) * fix(report): set correct sarif ROOTPATH uri when scanning a git repository (#10366) * perf(plugin): optimize directory traversal by replacing filepath.Walk with filepath.WalkDir (#10325) * docs: correct typos in CHANGELOG and diagram (#10320) * chore: delete roadmap wf (#10295) * ci(helm): bump Trivy version to 0.69.3 for Trivy Helm Chart 0.21.3 (#10310) * fix(cyclonedx): include CVSS v4 vulnerability ratings (#10313) * fix: detected vulnerability fields in azure and mariner detector (#10275) * ci: add persist-credentials: false to checkout steps (#10306) * ci(helm): bump Trivy version to 0.69.2 for Trivy Helm Chart 0.21.2 (#10270) * chore(deps): bump the common group across 1 directory with 8 updates (#10248) * chore(deps): bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 (#10257) * chore(deps): bump the aws group across 1 directory with 6 updates (#10249) * chore(deps): bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 (#10241) * ci: remove apidiff workflow (#10259) * chore(deps): bump github.com/docker/cli from 29.1.4+incompatible to 29.2.1+incompatible in the docker group across 1 directory (#10221) * ci: bump golangci-lint to v2.10 in cache-test-assets (#10243) * feat(java): add support for proxy configuration from Maven settings.xml (#10187) * chore(deps): bump the github-actions group across 3 directories with 11 updates (#10242) * feat(python): add pylock.toml support (#10137) * chore: bump SPDX license IDs and exceptions to `v3.28.0` (#10233) * docs: fix typos and upgrade insecure HTTP links to HTTPS (#10219) * chore: bump golangci-lint to v2.10.0 (#10223) * feat(misconf): support for azurerm_network_interface_security_group_association (#10215) * ci: pin Docker Engine to v29 for integration tests (#10232) * feat(go): detect version from ELF symbol table for binaries built with -trimpath (#10197) * docs: migrate private registry documentation from GCR to GAR (#10208) * chore(deps): bump the common group across 1 directory with 24 updates (#10206) * chore(deps): update Docker client SDK to v29 (#10202) * test: update Docker Engine integration tests for Docker API v0.29.0+ compatibility (#10199) * fix(misconf): initialize custom annotation field if empty (#10123) * feat(ubuntu): add eol data for 25.10 (#10181) * docs: fix incorrect count of Python package managers (#10175) * chore(deps): bump github.com/go-git/go-git/v5 from 5.16.4 to 5.16.5 (#10179) * feat(misconf): resolve Azure resources via resource_id (#10173) * ci(helm): bump Trivy version to 0.69.1 for Trivy Helm Chart 0.21.1 (#10155) * refactor: remove unused Insecure field from ServiceOption (#10113) * refactor: reduce complexity of init in detect.go (#10163) * feat(misconf): adapt ARM k8s clusters (#9696) (#10125) * docs: update version endpoint example in client/server documentation (#10151) * feat(vuln): skip third-party packages in common Detect function (#10129) * ci: add composite action for Go setup (#10146) * fix(misconf): apply check aliases when filtering results via .trivyignore (#10112) * docs(terraform): add limitation for data sources and computed resource attributes (#10128) * fix: update PhotonOS feed URL (#10122) * feat(server): include server version info in JSON output for client/server mode (#10075) * chore(deps): bump to alpine:3.23.3 and go-1.25.6 to fix CVEs (#10107) * refactor: unify scanner error limit and compiler limit (#10106) * ci(helm): bump Trivy version to 0.69.0 for Trivy Helm Chart 0.21.0 (#10103) * fix(java): Disable overwriting exclusions (#10088) * refactor(rust): use txtar format for cargo analyzer test data (#10104) * feat(python): add pylock.toml (PEP 751) parser (#9632) * chore(deps): bump the aws group across 1 directory with 6 updates (#10068) * fix(server): exclude JavaDB and CheckBundle from /version endpoint (#10100) - Update to version 0.69.3 (CVE-2026-25934, bsc#1258094): * release: v0.69.3 [release/v0.69] (#10293) * fix(deps): bump github.com/go-git/go-git/v5 from 5.16.4 to 5.16.5 [backport: release/v0.69] (#10291) * release: v0.69.2 [release/v0.69] (#10266) * fix(deps): bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 [backport: release/v0.69] (#10267) * fix(deps): bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 [backport: release/v0.69] (#10264) * ci: remove apidiff workflow * release: v0.69.1 [release/v0.69] (#10145) * ci: add composite action for Go setup [backport: release/v0.69] (#10150) * fix(misconf): apply check aliases when filtering results via .trivyignore [backport: release/v0.69] (#10143) * chore(deps): bump to alpine:3.23.3 and go-1.25.6 to fix CVEs [backport: release/v0.69] (#10135) trivy-0.70.0-bp160.1.1.x86_64.rpm trivy-0.70.0-bp160.1.1.s390x.rpm trivy-0.70.0-bp160.1.1.ppc64le.rpm trivy-0.70.0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-233 Security update for coredns important openSUSE Backports SLE-16.0 This update for coredns fixes the following issues: Changes in coredns: - Update to version 1.14.3: * This release introduces Windows service support, along with full TSIG verification across DoH, DoH3, QUIC, and gRPC transports, and improved TSIG propagation and DoH request validation. * It also adds optional TLS for the metrics endpoint. * Performance and stability are improved through cache prefetching, QUIC optimizations, and a new max_age option in the forward plugin. * Additional updates include enhanced SVCB/HTTPS support, improved zone transfer behavior, and various DNSSEC, PROXY protocol, and concurrency fixes. * The release is built with Go 1.26.2, which includes security fixes addressing CVE-2026-32282, CVE-2026-32289, CVE-2026-33810, CVE-2026-27144, CVE-2026-27143, CVE-2026-32288, CVE-2026-32283, and CVE-2026-27140, and also includes fixes for CVE-2026-32936, CVE-2026-33190, CVE-2026-33489, CVE-2026-32934, and CVE-2026-35579. coredns-1.14.3-bp160.1.1.x86_64.rpm coredns-extras-1.14.3-bp160.1.1.noarch.rpm coredns-1.14.3-bp160.1.1.ppc64le.rpm coredns-1.14.3-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-234 Security update for python-Django moderate openSUSE Backports SLE-16.0 This update for python-Django fixes the following issues: Changes in python-Django: - CVE-2026-5766: Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass (bsc#1264153) - CVE-2026-35192: Session fixation via public cached pages and SESSION_SAVE_EVERY_REQUEST (bsc#1264154) - CVE-2026-6907: Potential exposure of private data due to incorrect handling of Vary: * in UpdateCacheMiddleware (bsc#1264152) python313-Django-5.2.4-bp160.8.1.noarch.rpm openSUSE-Leap-16.0-packagehub-235 Security update for log4cxx moderate openSUSE Backports SLE-16.0 This update for log4cxx fixes the following issues: Changes in log4cxx: - update to 1.7.0 (bsc#1261994, CVE-2026-40023): * Non-ascii characters incorrectly encoded in JSON output [#615] * XML output could contain characters not allowed by the XML 1.0 specification * An XML configuration file with recursive references caused program termination [#605] * Possible undefined behavior during a configuration change * Message loss when the calculation of a logged value also logs * ODBCAppender prepared statement value buffers had incorrect lifetimes [#581] - update to 1.6.0: * Configuration ${varname} values can be set programatically prior to loading a configuration file (see com/foo/config4.cpp) [#520] * The current executable's file name and its components are available for use in a configuration file and the LOG4CXX_CONFIGURATION environment variable (see log4cxx::spi::Configurator::properties). [#520] * Console output (Log4cxx internal logging and BasicConfigurator) use a color per message level by default [#529] * New logging macros that defer binary-to-text conversion until used in AsyncAppender's background thread * A simplified way to attach an AsyncAppender to a logger using a configuration file [#550] liblog4cxx-devel-1.7.0-bp160.1.1.x86_64.rpm liblog4cxx15-1.7.0-bp160.1.1.x86_64.rpm liblog4cxx-devel-1.7.0-bp160.1.1.s390x.rpm liblog4cxx15-1.7.0-bp160.1.1.s390x.rpm liblog4cxx-devel-1.7.0-bp160.1.1.ppc64le.rpm liblog4cxx15-1.7.0-bp160.1.1.ppc64le.rpm liblog4cxx-devel-1.7.0-bp160.1.1.aarch64.rpm liblog4cxx15-1.7.0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-24 Security update for chromium important openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: Changes in chromium: Chromium 142.0.7444.175 (boo#1253698): * CVE-2025-13223: Type Confusion in V8 * CVE-2025-13224: Type Confusion in V8 chromedriver-142.0.7444.162-bp160.1.1.x86_64.rpm chromium-142.0.7444.162-bp160.1.1.x86_64.rpm chromedriver-142.0.7444.162-bp160.1.1.ppc64le.rpm chromium-142.0.7444.162-bp160.1.1.ppc64le.rpm chromedriver-142.0.7444.162-bp160.1.1.aarch64.rpm chromium-142.0.7444.162-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-25 Recommended update for nmon moderate openSUSE Backports SLE-16.0 This update for nmon fixes the following issues: Changes in nmon: - Increase CPU MAX to 2048 (bsc#1247368) update to 16q: * bugfixes * POWER pool_capacity now correctly divided by 100. * Online view POWER Welcome panel on POWER reports the top MHz Small changes only: * Boottime shown online in the Kernel "k" panel * Utilisation stats: /proc/stat now reports 10 Utilisation stats * Bug caused Seg Faults core dumps fixed while collecting to a * Fix: Improved memory handling for extreme numbers of processes (1000's) or rapid exec of processes (100's in a millisecond) for large Linux servers. We have examples on Intel of 80 CPU * Online Dot "." command no longer also changes what is displayed as users said it was confusing. * Minor online start-up flash screen text changes to include C concise CPU stats and U for full Utilisation stats (all 10 of them) instead of a file. * Copyright and GPL v3 notice in the code plus online "h" and * Source code re-indented. * Fixes for Welcome screen on Mainframe * Fixed for Curses handling when collecting data to file - big bug for main frame and x86. * Fixes for Welcome screen on Mainframe * Fixed for Curses handling when collecting data to file - big bug for main frame and x86. + You need a S822LC With NVIDIA GPU(s) and Nvidia Library installed libnvidia-ml.so * CPU Wide View - online view for up to 192 CPUs * CPU MHz per Core ratings for machine that allow cores with different MHz - online & saved to file * lscpu stats capture - online & to file * Z experiment mode showing CPU interrupts - Renamed U stats in version 16b - online only * Online colourising stats to aid usability - online only * Massive improvement in help information: nmon -? and nmon -h * Code change to alphabetic order for getopt() and key input * New nmon logo on flash screen - online only * Extra kernel stats - online only nmon-16q-bp160.1.1.aarch64.rpm nmon-16q-bp160.1.1.ppc64le.rpm nmon-16q-bp160.1.1.s390x.rpm nmon-16q-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-26 Recommended update for synce4l moderate openSUSE Backports SLE-16.0 This update for synce4l fixes the following issues: synce4l was updated to 1.1.1: * fix possible resource leak * fix requested thread stack size * fix scorecard.yml * initialize pin ID to -1 * fix crash in dpll_rt_recv() * create scorecard.yml * unlink smc_socket_path before binding * check smc_socket_path length * change default smc_socket_path to /run/synce4l_socket * fix more compiler warnings - Initial packaging of version 1.0.0. synce4l-1.1.1-bp160.1.1.aarch64.rpm synce4l-1.1.1-bp160.1.1.ppc64le.rpm synce4l-1.1.1-bp160.1.1.s390x.rpm synce4l-1.1.1-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-27 Security update for MozillaThunderbird important openSUSE Backports SLE-16.0 This update for MozillaThunderbird fixes the following issues: Changes in MozillaThunderbird: Mozilla Thunderbird 140.5.0 ESR MFSA 2025-91 (bsc#1253188): * CVE-2025-13012 Race condition in the Graphics component * CVE-2025-13016 Incorrect boundary conditions in the JavaScript: WebAssembly component * CVE-2025-13017 Same-origin policy bypass in the DOM: Notifications component * CVE-2025-13018 Mitigation bypass in the DOM: Security component * CVE-2025-13019 Same-origin policy bypass in the DOM: Workers component * CVE-2025-13013 Mitigation bypass in the DOM: Core & HTML component * CVE-2025-13020 Use-after-free in the WebRTC: Audio/Video component * CVE-2025-13014 Use-after-free in the Audio/Video component * CVE-2025-13015 Spoofing issue in Thunderbird * fixed: Could not drag and drop ICS file to Today Pane * fixed: With Thunderbird closed, clicking a 'mailto:' link to send signed message failed * fixed: Upgrade from 128.x->140.x broke authentication for @att.net using Yahoo backend Mozilla Thunderbird 140.4.0 ESR * Account Hub is now disabled by default for second email account * Users could not read mail signed with OpenPGP v6 and PQC keys * Image preview in Insert Image dialog failed with CSP error for web resources * Emptying trash on exit did not work with some providers * Thunderbird could crash when applying filters * Users were unable to override expired mail server certificate * Opening Website header link in RSS feed incorrectly re-encoded URL parameters Mozilla Thunderbird 140.3.1 ESR: * several bugfixes listed here https://www.thunderbird.net/en-US/thunderbird/140.3.1esr/releasenotes ------------------------------------------------------------------- MozillaThunderbird-140.5.0-bp160.1.1.x86_64.rpm MozillaThunderbird-openpgp-librnp-140.5.0-bp160.1.1.x86_64.rpm MozillaThunderbird-translations-common-140.5.0-bp160.1.1.x86_64.rpm MozillaThunderbird-translations-other-140.5.0-bp160.1.1.x86_64.rpm MozillaThunderbird-140.5.0-bp160.1.1.s390x.rpm MozillaThunderbird-openpgp-librnp-140.5.0-bp160.1.1.s390x.rpm MozillaThunderbird-translations-common-140.5.0-bp160.1.1.s390x.rpm MozillaThunderbird-translations-other-140.5.0-bp160.1.1.s390x.rpm MozillaThunderbird-140.5.0-bp160.1.1.ppc64le.rpm MozillaThunderbird-openpgp-librnp-140.5.0-bp160.1.1.ppc64le.rpm MozillaThunderbird-translations-common-140.5.0-bp160.1.1.ppc64le.rpm MozillaThunderbird-translations-other-140.5.0-bp160.1.1.ppc64le.rpm MozillaThunderbird-140.5.0-bp160.1.1.aarch64.rpm MozillaThunderbird-openpgp-librnp-140.5.0-bp160.1.1.aarch64.rpm MozillaThunderbird-translations-common-140.5.0-bp160.1.1.aarch64.rpm MozillaThunderbird-translations-other-140.5.0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-28 Recommended update for product-composer moderate openSUSE Backports SLE-16.0 This update for product-composer fixes the following issues: Changes in product-composer: Update to version 0.6.18: - Fix filtering of not used rpms in updateinfo product-composer-0.6.18-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-29 Recommended update for gramps moderate openSUSE Backports SLE-16.0 This update for gramps fixes the following issues: Changes in gramps: Update to version 6.0.3: * Revert “Pass an object rather than a handle to the note editor callback”. Fixes #13884. * Update translations. Update to version 6.0.2; * Fix date modifiers for lt. * Update translation template for new release. * Add optimization to HasIdOf rules. * Connect the Help button in the repository reference editor. Fixes #13352. * Pass an object rather than a handle to the note editor callback. Fixes #13702. * Fix broken compound dates with bce year in XML import. Fixes #13631. * Avoid multiple copies of Rules after Plugin manager reload. Fixes #13844. * Fix bad surname list after upgrade from bsddb. Fixes #13807. * Fix narrated web when two places have same name but a different type. Fixes #13841. * Fix crash in citation view due to wrong filter_info. Fixes #13796. * Don’t attempt to call set_orientation if self.pui is None. Fixes #13820. * Don’t crash in search_changed if self.search_list has no active item. Fixes #13793. * Fix incorrect addons project after upgrade from Gramps 5.2. Fixes #13789. * Respect user choice of CSS files for existing narrated web site. Fixes #13792. * Ensure that the spell checker gets removed with the editor. Fixes #13795. * Fix Optimizer class when combining sub-filters. Fixes #13799. * Remove check for Gtk translations in Snap packages. * Update translations. Update to version 6.0.1: * Update translations: ar, br, ca, cs, de, de_AT, el, en_GB, es, fi, fr, ga, he, it, ja, ko, nb, nl, pl, pt_PT, ro, sk, sv, tr, uk, zh_CN. * Update translation template for new release. * Extend SearchBar so that it supports text search and filters. Fixes #13720. * Fix patronymic in name display. Fixes #13764. * Update links in the README to v6.0. * Update the INSTALL file. Issue #13717. + Change install from setup.py to pip. + Update typical installation locations. + Remove the --resourcepath option which no longer exists. * Fix wiki help link in the Addon Manager. Fixes #13735. * Remove the outer progress meter from the filter prepare phase. Fixes #13725. * Fix error when importing a GEDCOM file into an existing tree. Fixes #13726. * Avoid empty metadata fields. Fixes #13721. * Update Italian date modifiers. Update to version 6.0.0: * Full changelog available at https://gramps-project.org/blog/2025/03/gramps-6-0-0-released/ * Reports + The narrative web report has four main improvements: - New indexes for big databases. - Add heatmap. - Improve language and hamburger menus. - Show other roles for an event. + Other report changes: - Add gender symbol option to the detailed descendant, detailed ancestral and descendant report. - Add Gramps ID option to Kinship Report. - Tree reports convert images to thumbnails for embedding. This allows cropped rectangles selected in the media references to be displayed. - Report options are now memorised on a per family tree (database) level. * Gramplets + Improvements to the backlinks (References) gramplets: + Allow an object to be made active from within the backlinks gramplet. + Add a context menu to make “Edit” and “Make Active” more discoverable. + Allow objects in the backlinks gramplets to be dragged to the clipboard. + Add edit capability to the notes gramplets. + Enhanced version of the Filter gramplet. * Selector dialogs + A standard search bar has been added to the person selector dialog. It may default to selecting men or women by default, but selecting on other columns is possible. + It is now possible to select multiple media objects in the media selector and gallery tabs. + The media selector has a new path column. * Other changes + Improvements to the Probably Alive code. + New rules: “Has Event”, “Has Source” and “Having Note of Type”. + New Gedcom 7.0 event roles: “Father”, Mother”, “Parent”, “Child”, “Multiple”, Friend”, “Neighbour” and “Officiator”. + Allow web-accessible file references in media objects. + Add a preference option for the selection of the toolbar style. + Enhancements to the help display. This is ongoing though. + Enable Web Connection menu in all list views. Update to version 5.2.4: * Fix Citations gramplet to recognize event reference citations. Fixes #13555. * Fix exception when finding relationship to home person. Fixes #13495. * Fix mouse scroll direction in pedigree view. * Fix incorrect usage of exec. As of PEP558, locals() is not populated by exec(). This change means that this call is broken on Python 3.13. * Remove some usage of globals(). * Remove unnecessary use of exec. * Test current_date being an empty date in probably alive function. Fixes #13431. * Improve warning message in date_test.py when 3 tests are skipped. * Correctly assign sortval = 0 when a date is EMPTY. Fixes #13415, #13423. * Fix unicode conversion bug when upgrading from schema 16 to 17. * Correct the documentation for the match() method of the Date class. Also added more detail to documentation in 3 other cases. Fixes #13428. * Gramps version output now reports OS rather than Platform. Fixes #12285. * Downgrade upgrade messages from warning to informational level. Fixes #13464. * Fix list size option in the top surnames gramplet. Allow users to specify how many surnames appear in the list from 10 to 1000. Fixes #13448. * Correct misleading description of GUI element placement. * Use the preferred calendar for new dates only in the date editor. Fixes #13403. * Fix docs typo in INSTALL file. * Fix printing of Books. Fixes #12804. * Render reports with styled notes containing subscript and strikethrough. Fixes #13417. * Remove broken link to svn2cl package in the About dialog. Fixes #13152. * Improve media performance in the narrative web report. Fixes #13370. * Updated translations. gramps-6.0.3-bp160.1.1.noarch.rpm gramps-lang-6.0.3-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-3 Security update for chromium moderate openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: Chromium 141.0.7390.107: * CVE-2025-11756: Use after free in Safe Browsing (boo#1252013) chromedriver-141.0.7390.107-bp160.1.1.aarch64.rpm chromium-141.0.7390.107-bp160.1.1.aarch64.rpm chromedriver-141.0.7390.107-bp160.1.1.ppc64le.rpm chromium-141.0.7390.107-bp160.1.1.ppc64le.rpm chromedriver-141.0.7390.107-bp160.1.1.x86_64.rpm chromium-141.0.7390.107-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-30 Security update for helmfile important openSUSE Backports SLE-16.0 This update for helmfile fixes the following issues: Changes in helmfile: Update to version 1.1.9: * feat: update strategy for reinstall by @simbou2000 in #2019 * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.88.7 to 1.89.0 by @dependabot[bot] in #2239 * Fix: Handle empty helmBinary in base files with environment values by @Copilot in #2237 Update to version 1.1.8: * build(deps): bump github.com/hashicorp/go-getter from 1.8.0 to 1.8.1 by @dependabot[bot] in #2194 * fix typos in both comment and error message by @d-fal in #2199 * cleanup disk in release ci by @yxxhero in #2203 * Migrate AWS SDK from v1 to v2 to resolve deprecation warnings by @Copilot in #2202 * build(deps): bump github.com/helmfile/vals from 0.42.1 to 0.42.2 by @dependabot[bot] in #2200 * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.88.2 to 1.88.3 by @dependabot[bot] in #2206 * Bump Alpine to 3.22 in Dockerfile by @orishamir in #2205 * build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.31.10 to 1.31.12 by @dependabot[bot] in #2207 * Add yq to Dockerfile by @orishamir in #2208 * fix: skip chartify for build command jsonPatches by @sstarcher in #2212 * build(deps): bump github.com/hashicorp/go-getter from 1.8.1 to 1.8.2 by @dependabot[bot] in #2210 * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.88.3 to 1.88.4 by @dependabot[bot] in #2213 * build(deps): bump golang.org/x/term from 0.35.0 to 0.36.0 by @dependabot[bot] in #2214 * Avoid fetching same chart/version multiple times by @Copilot in #2197 * build(deps): bump github.com/helmfile/vals from 0.42.2 to 0.42.4 by @dependabot[bot] in #2217 * docs: add zread badge to README by @yxxhero in #2219 * Bump helm-diff to v3.13.1 by @Copilot in #2223 * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.88.4 to 1.88.5 by @dependabot[bot] in #2226 * build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.31.12 to 1.31.13 by @dependabot[bot] in #2225 * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.88.5 to 1.88.6 by @dependabot[bot] in #2230 * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.88.6 to 1.88.7 by @dependabot[bot] in #2232 * build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.31.13 to 1.31.15 by @dependabot[bot] in #2233 * Fix helmBinary and kustomizeBinary being ignored when using bases by @Copilot in #2228 Update to version 1.1.7: What's Changed * fix pflag error by @zhaque44 in #2164 * build(deps): bump actions/setup-go from 5 to 6 by @dependabot[bot] in #2166 * build(deps): bump github.com/hashicorp/go-getter from 1.7.9 to 1.7.10 by @dependabot[bot] in #2165 * build(deps): bump github.com/spf13/pflag from 1.0.9 to 1.0.10 by @dependabot[bot] in #2163 * Add helm diff installation to README by @nwneisen in #2170 * build(deps): bump github.com/hashicorp/go-getter from 1.7.10 to 1.8.0 by @dependabot[bot] in #2175 * build(deps): bump golang.org/x/term from 0.34.0 to 0.35.0 by @dependabot[bot] in #2174 * build(deps): bump github.com/zclconf/go-cty from 1.16.4 to 1.17.0 by @dependabot[bot] in #2173 * Fix panic when helm isn't installed by @nwneisen in #2169 * build(deps): bump golang.org/x/sync from 0.16.0 to 0.17.0 by @dependabot[bot] in #2172 * ci: update minikube and kubernetes versions by @yxxhero in #2181 * build(deps): bump k8s.io/apimachinery from 0.34.0 to 0.34.1 by @dependabot[bot] in #2180 * Remove deprecated --wait-retries flag support to fix Helm compatibility error by @Copilot in #2179 * build(deps): bump go.yaml.in/yaml/v2 from 2.4.2 to 2.4.3 by @dependabot[bot] in #2183 * build: update Helm to v3.19.0 across all components by @yxxhero in #2187 * build: update helm-diff plugin to v3.13.0 by @yxxhero in #2189 * feat: Implement caching for pulling OCI charts by @mustdiechik in #2171 * build(deps): bump github.com/helmfile/chartify from 0.24.7 to 0.25.0 by @dependabot[bot] in #2190 - Update to version 1.1.6: What's Changed * build(deps): bump github.com/hashicorp/go-getter from 1.7.8 to 1.7.9 by @dependabot[bot] in #2139 * build(deps): bump github.com/zclconf/go-cty from 1.16.3 to 1.16.4 by @dependabot[bot] in #2145 * build: update helm to v3.18.6 by @yxxhero in #2144 * build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.0 by @dependabot[bot] in #2150 * Add missing --timeout flag to helmfile sync command with documentation by @Copilot in #2148 * Fix enableDNS flag missing in diff command and refactor duplicate logic by @Copilot in #2147 * build(deps): bump github.com/stretchr/testify from 1.11.0 to 1.11.1 by @dependabot[bot] in #2151 * build(deps): bump github.com/ulikunitz/xz from 0.5.10 to 0.5.14 by @dependabot[bot] in #2154 * Bump github.com/ulikunitz/xz from v0.5.14 to v0.5.15 by @Copilot in #2159 * build(deps): bump github.com/helmfile/vals from 0.42.0 to 0.42.1 by @dependabot[bot] in #2161 * build(deps): bump github.com/spf13/pflag from 1.0.7 to 1.0.9 by @dependabot[bot] in #2160 * build(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1 by @dependabot[bot] in #2162 * Fix error propagation in helmfile diff when Kubernetes is unreachable by @Copilot in #2149 - Update to version 1.1.5: What's Changed * build(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in #2128 * Update recommended Helm versions in init.go and run.sh by @yxxhero in #2129 * Add comprehensive .github/copilot-instructions.md for coding agents by @Copilot in #2131 * refactor(state): extract getMissingFileHandler method for clarity by @yxxhero in #2133 * Fix parseHelmVersion to handle helm versions without 'v' prefix by @Copilot in #2132 * build(deps): bump k8s.io/apimachinery from 0.33.3 to 0.33.4 by @dependabot[bot] in #2136 * build(deps): bump github.com/helmfile/chartify from 0.24.6 to 0.24.7 by @dependabot[bot] in #2135 - Update to version 1.1.4: What's Changed * build(deps): bump github.com/helmfile/vals from 0.41.2 to 0.41.3 by @dependabot[bot] in #2100 * build(deps): bump k8s.io/apimachinery from 0.33.2 to 0.33.3 by @dependabot[bot] in #2101 * fix: update Helm version to v3.17.4 in CI and init.go by @yxxhero in #2102 * build(deps): bump github.com/spf13/pflag from 1.0.6 to 1.0.7 by @dependabot[bot] in #2104 * feat(state): add missingFileHandlerConfig and related logic by @yxxhero in #2105 * refactor(filesystem): add CopyDir method and optimize Fetch function by @yxxhero in #2111 * Allow caching of remote files to be disabled by @jess-sol in #2112 * refactor(yaml): switch yaml library import paths from gopkg.in to go.yaml.in by @yxxhero in #2114 * build(deps): bump actions/download-artifact from 4 to 5 by @dependabot[bot] in #2121 * build(deps): bump golang.org/x/term from 0.33.0 to 0.34.0 by @dependabot[bot] in #2123 - Update to version 1.1.3: What's Changed * build: update Helm to v3.18.3 and related dependencies by @yxxhero in #2082 * Expose release version as .Release.ChartVersion for templating by @Simske in #2080 * build(deps): bump github.com/helmfile/chartify from 0.24.3 to 0.24.4 by @dependabot[bot] in #2083 * build(deps): bump k8s.io/apimachinery from 0.33.1 to 0.33.2 by @dependabot[bot] in #2086 * build(deps): bump github.com/helmfile/chartify from 0.24.4 to 0.24.5 by @dependabot[bot] in #2087 * build(deps): bump github.com/Masterminds/semver/v3 from 3.3.1 to 3.4.0 by @dependabot[bot] in #2089 * build(deps): bump github.com/hashicorp/hcl/v2 from 2.23.0 to 2.24.0 by @dependabot[bot] in #2092 * build: update Helm and plugin versions to v3.18.4 and v3.12.3 by @yxxhero in #2093 * docs: update status section with May 2025 release information by @yxxhero in #2096 * build(deps): bump golang.org/x/sync from 0.15.0 to 0.16.0 by @dependabot[bot] in #2099 * build(deps): bump golang.org/x/term from 0.32.0 to 0.33.0 by @dependabot[bot] in #2098 - Update to version 1.1.2: What's Changed * build(deps): bump github.com/helmfile/chartify from 0.24.2 to 0.24.3 by @dependabot in #2065 * build: update Helm to v3.18.2 and adjust related configurations by @yxxhero in #2064 * build(deps): bump github.com/helmfile/vals from 0.41.1 to 0.41.2 by @dependabot in #2067 * build(deps): bump golang.org/x/sync from 0.14.0 to 0.15.0 by @dependabot in #2068 * fix-insecure-flag by @anontrex in #2072 * build(deps): bump github.com/cloudflare/circl from 1.4.0 to 1.6.1 by @dependabot in #2074 * fix: update helm-diff to version 3.12.2 in CI and Dockerfiles by @yxxhero in #2073 * fix: TestToYaml not working with 32-bit architectures by @ProbstDJakob in #2075 - Update to version 1.1.1: What's Changed * Update README.md by @mumoshu in #2046 * build(deps): bump github.com/helmfile/vals from 0.41.0 to 0.41.1 by @dependabot in #2048 * build(helm) update to v3.18.0 by @yxxhero in #2044 * build(deps): bump github.com/helmfile/chartify from 0.23.0 to 0.24.1 by @dependabot in #2049 * build: update Helm and plugin versions in CI and Dockerfiles by @yxxhero in #2059 - Update to version 1.1.0: What's Changed * chore: fix typo in create_test.go by @sadikkuzu in #2025 * build(deps): bump golangci/golangci-lint-action from 7 to 8 by @dependabot in #2029 * build(deps): bump golang.org/x/sync from 0.13.0 to 0.14.0 by @dependabot in #2028 * build(deps): bump github.com/helmfile/chartify from 0.22.0 to 0.23.0 by @dependabot in #2027 * chore: remove test data files by @yxxhero in #2026 * build(deps): bump golang.org/x/term from 0.31.0 to 0.32.0 by @dependabot in #2033 * build(deps): bump github.com/helmfile/vals from 0.40.1 to 0.41.0 by @dependabot in #2032 * build(deps): bump dario.cat/mergo from 1.0.1 to 1.0.2 by @dependabot in #2035 * feat(tmpl): enhance ToYaml test with multiple scenarios by @yxxhero in #2031 * [sops, age] update to have SSH key support with sops by @itscaro in #2036 * feat(yaml): add JSON style encoding option to NewEncoder by @yxxhero in #2038 * refactor(yaml): upgrade from gopkg.in/yaml.v2 to v3 by @yxxhero in #2039 * Update readme & documentation with 2025 status of helmfile project by @zhaque44 in #2040 * build(deps): bump k8s.io/apimachinery from 0.33.0 to 0.33.1 by @dependabot in #2041 * build(deps): bump github.com/zclconf/go-cty from 1.16.2 to 1.16.3 by @dependabot in #2043 - Update to version 1.0.0: PLEASE READ https://github.com/helmfile/helmfile/blob/main/docs/proposals/towards-1.0.md What's Changed: * build(deps): bump github.com/helmfile/vals from 0.39.0 to 0.39.1 by @dependabot in #1926 * Bump kubectl to current version (1.32.1) by @DerDaku in #1924 * build(deps): bump github.com/goccy/go-yaml from 1.15.21 to 1.15.22 by @dependabot in #1925 * build: update Helm to v3.17.1 and related dependencies by @yxxhero in #1928 * build(deps): bump k8s.io/apimachinery from 0.32.1 to 0.32.2 by @dependabot in #1931 * feat: inject cli state values (--state-values-set) into environment templating context by @Vince-Chenal in #1917 * docs: add skipSchemaValidation to index.md and update related structs by @yxxhero in #1935 * refactor(state): optimize HelmState flags handling by @yxxhero in #1937 * Update vals package to v0.39.2 by @aditmeno in #1938 * build(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 by @dependabot in #1940 * build(deps): bump github.com/goccy/go-yaml from 1.15.22 to 1.15.23 by @dependabot in #1941 * build(deps): bump github.com/helmfile/chartify from 0.20.8 to 0.20.9 by @dependabot in #1942 * feat: colorized DELETED by @yurrriq in #1944 * feat(docs): add proposal to remove charts and delete subcommands by @yxxhero in #1936 * build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 by @dependabot in #1945 * build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 by @dependabot in #1946 * build: update golang version to 1.24 and golangci-lint to v1.64.5 by @yxxhero in #1949 * build(deps): bump github.com/helmfile/vals from 0.39.2 to 0.39.3 by @dependabot in #1951 * build(deps): bump github.com/helmfile/chartify from 0.20.9 to 0.21.0 by @dependabot in #1950 * build(deps): bump golang.org/x/sync from 0.11.0 to 0.12.0 by @dependabot in #1955 * build(deps): bump jinja2 from 3.1.5 to 3.1.6 in /docs by @dependabot in #1956 * Don't warn if this and the needed release set installed: false by @jayme-github in #1958 * build(deps): bump golang.org/x/term from 0.29.0 to 0.30.0 by @dependabot in #1959 * Remove all v0.x references by @yxxhero in #1919 * build(deps): bump k8s.io/apimachinery from 0.32.2 to 0.32.3 by @dependabot in #1960 * build(deps): bump golang.org/x/net from 0.35.0 to 0.36.0 by @dependabot in #1961 * build(deps): bump github.com/helmfile/vals from 0.39.3 to 0.39.4 by @dependabot in #1962 * build: update Helm to v3.17.2 and related dependencies by @yxxhero in #1965 * build: update yaml.v3 dependency and remove colega/go-yaml-yaml by @yxxhero in #1929 * build(deps): bump github.com/containerd/containerd from 1.7.24 to 1.7.27 by @dependabot in #1966 * build(deps): bump github.com/goccy/go-yaml from 1.15.23 to 1.16.0 by @dependabot in #1967 * build(deps): bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 by @dependabot in #1969 * build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 by @dependabot in #1970 * build(deps): bump golangci/golangci-lint-action from 6 to 7 by @dependabot in #1975 * build(deps): bump github.com/helmfile/vals from 0.39.4 to 0.40.0 by @dependabot in #1978 * build(deps): bump github.com/helmfile/chartify from 0.21.0 to 0.21.1 by @dependabot in #1979 * docs(fix): correct typo in 'tier=fronted' to 'tier=frontend' by @yxxhero in #1980 * feat: add labels for helm release by @yxxhero in #1046 * build(deps): bump github.com/helmfile/vals from 0.40.0 to 0.40.1 by @dependabot in #1981 * build(deps): bump github.com/goccy/go-yaml from 1.16.0 to 1.17.1 by @dependabot in #1982 * fix: Check needs with context and namespace by @aarnq in #1986 * build(deps): bump golang.org/x/sync from 0.12.0 to 0.13.0 by @dependabot in #1991 * build(deps): bump golang.org/x/term from 0.30.0 to 0.31.0 by @dependabot in #1990 * fix(state): enhance error message for missing .gotmpl extension in helmfile v1 by @yxxhero in #1989 * build(deps): bump github.com/helmfile/chartify from 0.21.1 to 0.22.0 by @dependabot in #1996 * build: update Helm plugin versions in CI and Dockerfiles by @yxxhero in #1995 * build: update Helm to v3.17.3 and update related Dockerfiles by @yxxhero in #1993 * build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 by @dependabot in #2010 * feat: add helmfile archive configuration in goreleaser by @yxxhero in #2000 * docs: add more complex examples section in README by @yxxhero in #2013 * Feat: setting reuseValues flag in release by @blaskoa in #2004 * build(deps): bump k8s.io/apimachinery from 0.32.3 to 0.32.4 by @dependabot in #2016 * build(deps): bump github.com/aws/aws-sdk-go from 1.55.6 to 1.55.7 by @dependabot in #2015 * chore: support parsing any type with fromYaml by @ProbstDJakob in #2017 * build(deps): bump k8s.io/apimachinery from 0.32.4 to 0.33.0 by @dependabot in #2018 * feat: add --take-ownership flag to helm diff and related config by @yxxhero in #1992 - Update to version 0.171.0: * feat: execute templates against postRendererHooks by @allanger in #1839 * build(deps): bump github.com/spf13/pflag from 1.0.5 to 1.0.6 by @dependabot in #1897 * build(deps): bump github.com/goccy/go-yaml from 1.15.15 to 1.15.16 by @dependabot in #1901 * build(deps): bump github.com/goccy/go-yaml from 1.15.16 to 1.15.17 by @dependabot in #1905 * Use a regex to match --state-values-set-string arguments by @gllb in #1902 * build(deps): bump golang.org/x/sync from 0.10.0 to 0.11.0 by @dependabot in #1911 * Chartify v0.20.8 update by @scodeman in #1908 * cleanup: remove all about v0.x by @yxxhero in #1903 * build(deps): bump golang.org/x/term from 0.28.0 to 0.29.0 by @dependabot in #1913 * chore: update babel to resolve CVEs by @zhaque44 in #1916 * remove deprecated charts.yaml by @yxxhero in #1437 * Revert "cleanup: remove all about v0.x" by @yxxhero in #1918 * build(deps): bump github.com/goccy/go-yaml from 1.15.17 to 1.15.19 by @dependabot in #1920 * build(deps): bump github.com/goccy/go-yaml from 1.15.19 to 1.15.20 by @dependabot in #1921 * feat: Add support for --wait-retries flag. by @connyay in #1922 * build: update go-yaml to v1.15.21 by @yxxhero in #1923 - Update to version 0.170.1: * build(deps): bump github.com/goccy/go-yaml from 1.15.14 to 1.15.15 by @dependabot in #1882 * build(deps): bump github.com/hashicorp/go-slug from 0.15.0 to 0.16.3 by @dependabot in #1886 (CVE-2025-0377) * Ensure 'helm repo add' is also not pollute on helmfile template by @baurmatt in #1887 * build(deps): bump github.com/zclconf/go-cty from 1.16.1 to 1.16.2 by @dependabot in #1888 * fix: using correct option for takeOwnership flag by @blaskoa in #1892 * fix typo in docs by @adamab48 in #1889 - Update to version 0.170.0: * build(deps): bump github.com/goccy/go-yaml from 1.15.6 to 1.15.7 by @dependabot in #1818 * build(deps): bump golang.org/x/term from 0.26.0 to 0.27.0 by @dependabot in #1817 * chore(doc): fix the indent of the selector usage sample yaml by @Ladicle in #1819 * feat(state): add support for setString in ReleaseSpec and HelmState by @yxxhero in #1821 * build(deps): bump github.com/goccy/go-yaml from 1.15.7 to 1.15.8 by @dependabot in #1822 * test(state): add TestHelmState_setStringFlags for setStringFlags method by @yxxhero in #1823 * build(deps): bump k8s.io/apimachinery from 0.31.3 to 0.31.4 by @dependabot in #1826 * build(deps): bump golang.org/x/crypto from 0.29.0 to 0.31.0 by @dependabot in #1828 * build(deps): bump github.com/goccy/go-yaml from 1.15.8 to 1.15.9 by @dependabot in #1831 * build(deps): bump k8s.io/apimachinery from 0.31.4 to 0.32.0 by @dependabot in #1830 * feat: updating sops version to 3.9.2 by @zhaque44 in #1834 * build(deps): bump github.com/goccy/go-yaml from 1.15.9 to 1.15.10 by @dependabot in #1835 * build(deps): bump helm.sh/helm/v3 from 3.16.3 to 3.16.4 by @dependabot in #1836 * build: update Helm version to v3.16.4 in CI and Dockerfiles by @yxxhero in #1837 * build(deps): bump github.com/goccy/go-yaml from 1.15.10 to 1.15.11 by @dependabot in #1838 * build(deps): bump filippo.io/age from 1.2.0 to 1.2.1 by @dependabot in #1840 * build(deps): bump github.com/goccy/go-yaml from 1.15.11 to 1.15.12 by @dependabot in #1843 * build: update helm-diff to v3.9.13 in Dockerfiles and init.go by @yxxhero in #1841 * build(deps): bump github.com/helmfile/chartify from 0.20.4 to 0.20.5 by @dependabot in #1845 * build(deps): bump github.com/goccy/go-yaml from 1.15.12 to 1.15.13 by @dependabot in #1844 * build(deps): bump jinja2 from 3.1.4 to 3.1.5 in /docs by @dependabot in #1846 * CVE-2024-45338: updating golang.org/x/net: to version: v0.33.0 by @zhaque44 in #1849 * build(deps): bump github.com/zclconf/go-cty from 1.15.1 to 1.16.0 by @dependabot in #1851 * build(deps): bump golang.org/x/term from 0.27.0 to 0.28.0 by @dependabot in #1852 * update sops versions to 3.9.3 by @zhaque44 in #1861 * build(deps): bump github.com/hashicorp/go-getter from 1.7.6 to 1.7.7 by @dependabot in #1862 * feat: add --take-ownership flag to apply and sync commands by @yxxhero in #1863 * fix: ensure plain http is supported across all helmfile commands by @purpleclay in #1858 * fix: ensure development versions of charts can be used across helmfile commands by @purpleclay in #1865 * build(deps): bump github.com/helmfile/chartify from 0.20.5 to 0.20.6 by @dependabot in #1866 * update kubectl version (1.30) to stay up to date with new releases by @zhaque44 in #1867 * build(deps): bump github.com/zclconf/go-cty from 1.16.0 to 1.16.1 by @dependabot in #1870 * build(deps): bump github.com/hashicorp/go-getter from 1.7.7 to 1.7.8 by @dependabot in #1869 * feat: Add "--no-hooks" to helmfile template by @jwlai in #1813 * update helm and k8s versions in ci, dockerfiles, and go.mod by @yxxhero in #1872 * build(deps): bump github.com/helmfile/vals from 0.38.0 to 0.39.0 by @dependabot in #1876 * build(deps): bump k8s.io/apimachinery from 0.32.0 to 0.32.1 by @dependabot in #1873 * build(deps): bump github.com/goccy/go-yaml from 1.15.13 to 1.15.14 by @dependabot in #1874 * build: update helm-diff to v3.9.14 in Dockerfiles and init.go by @yxxhero in #1877 - Update to version 0.169.2: * build(deps): bump github.com/helmfile/vals from 0.37.6 to 0.37.7 by @dependabot in #1747 * build(deps): bump k8s.io/apimachinery from 0.31.1 to 0.31.2 by @dependabot in #1754 * Reset extra args before running 'dependency build' by @baurmatt in #1751 * Introducing Helmfile Guru on Gurubase.io by @kursataktas in #1748 * feat: add skip json schema validation during the install /upgrade of a Chart by @zhaque44 in #1737 * fix(maputil): prevent nil value overwrite by @ban11111 in #1755 * build(deps): bump github.com/goccy/go-yaml from 1.12.0 to 1.13.0 by @dependabot in #1759 * fix: this url doesn't work anymore by @zekena2 in #1760 * build(deps): bump github.com/goccy/go-yaml from 1.13.0 to 1.13.1 by @dependabot in #1762 * build(deps): bump github.com/goccy/go-yaml from 1.13.1 to 1.13.2 by @dependabot in #1763 * build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 by @dependabot in #1767 * build(deps): bump github.com/helmfile/vals from 0.37.7 to 0.37.8 by @dependabot in #1764 * build(deps): bump github.com/goccy/go-yaml from 1.13.2 to 1.13.4 by @dependabot in #1765 * fix(integration-tests): read correct minikube status (#1768) by @ceriath in #1769 * build(deps): bump github.com/goccy/go-yaml from 1.13.4 to 1.13.5 by @dependabot in #1770 * Add integration tests for #1749 by @baurmatt in #1766 * fix: update acme chart URL in input.yaml by @yxxhero in #1773 * build(deps): bump github.com/goccy/go-yaml from 1.13.5 to 1.13.6 by @dependabot in #1771 * build(deps): bump golang.org/x/sync from 0.8.0 to 0.9.0 by @dependabot in #1775 * build(deps): bump golang.org/x/term from 0.25.0 to 0.26.0 by @dependabot in #1774 * Revive dead badge links by @eggplants in #1776 * feat: refactor label creation in state.go by @yxxhero in #1758 * docs: Add Gurubase badge to README-zh_CN by @yxxhero in #1777 * build(deps): bump github.com/goccy/go-yaml from 1.13.6 to 1.13.9 by @dependabot in #1781 * build(deps): bump github.com/goccy/go-yaml from 1.13.9 to 1.14.0 by @dependabot in #1782 * build(deps): bump github.com/goccy/go-yaml from 1.14.0 to 1.14.3 by @dependabot in #1788 * build(deps): bump helm.sh/helm/v3 from 3.16.2 to 3.16.3 by @dependabot in #1786 * fix: update helm-diff to version 3.9.12 in CI and Dockerfiles by @yxxhero in #1792 * build: update Helm version to v3.16.3 in CI and Dockerfiles by @yxxhero in #1791 * feat: add HELMFILE_INTERACTIVE env var to enable interactive mode by @thevops in #1787 * build(deps): bump github.com/hashicorp/hcl/v2 from 2.22.0 to 2.23.0 by @dependabot in #1793 * build(deps): bump github.com/Masterminds/semver/v3 from 3.3.0 to 3.3.1 by @dependabot in #1795 * chore: update with testify/assert assertion and table driven tests for fs.go by @zhaque44 in #1794 * build(deps): bump k8s.io/apimachinery from 0.31.2 to 0.31.3 by @dependabot in #1798 * build(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 by @dependabot in #1800 * build(deps): bump github.com/goccy/go-yaml from 1.14.3 to 1.15.0 by @dependabot in #1804 * build(deps): bump github.com/goccy/go-yaml from 1.15.0 to 1.15.1 by @dependabot in #1807 * build(deps): bump github.com/zclconf/go-cty from 1.15.0 to 1.15.1 by @dependabot in #1806 * update example chart URL in remote-secrets doc by @daveneeley in #1809 * build(deps): bump github.com/goccy/go-yaml from 1.15.1 to 1.15.3 by @dependabot in #1811 * build(deps): bump github.com/goccy/go-yaml from 1.15.3 to 1.15.6 by @dependabot in #1812 * fix: inject global values in Chartify by @xabufr in #1805 * build(deps): bump github.com/helmfile/vals from 0.37.8 to 0.38.0 by @dependabot in #1814 * build(deps): bump github.com/helmfile/chartify from 0.20.3 to 0.20.4 by @dependabot in #1815 * build(deps): bump golang.org/x/sync from 0.9.0 to 0.10.0 by @dependabot in #1816 - Update to version 0.169.1: * feat: update sops version to 3.9.1 by @zhaque44 in #1742 * chore: improve test assertions and descriptions for file download test by @zhaque44 in #1745 * feat: add 'hide-notes' flag to helm in sync and apply commands by @yxxhero in #1746 helmfile-1.1.9-bp160.1.1.x86_64.rpm helmfile-bash-completion-1.1.9-bp160.1.1.noarch.rpm helmfile-fish-completion-1.1.9-bp160.1.1.noarch.rpm helmfile-zsh-completion-1.1.9-bp160.1.1.noarch.rpm helmfile-1.1.9-bp160.1.1.s390x.rpm helmfile-1.1.9-bp160.1.1.ppc64le.rpm helmfile-1.1.9-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-31 Security update for pnpm moderate openSUSE Backports SLE-16.0 This update for pnpm fixes the following issues: Changes in pnpm: - update to 10.22.0: * Minor Changes - Added support for trustPolicyExclude #10164. You can now list one or more specific packages or versions that pnpm should allow to install, even if those packages don't satisfy the trust policy requirement. For example: trustPolicy: no-downgrade trustPolicyExclude: - chokidar@4.0.3 - webpack@4.47.0 || 5.102.1 - Allow to override the engines field on publish by the publishConfig.engines field. * Patch Changes - Don't crash when two processes of pnpm are hardlinking the contents of a directory to the same destination simultaneously #10179. - update to 10.21.0: * Minor Changes - Node.js Runtime Installation for Dependencies. Added support for automatic Node.js runtime installation for dependencies. pnpm will now install the Node.js version required by a dependency if that dependency declares a Node.js runtime in the "engines" field. For example: { "engines": { "runtime": { "name": "node", "version": "^24.11.0", "onFail": "download" } } } If the package with the Node.js runtime dependency is a CLI app, pnpm will bind the CLI app to the required Node.js version. This ensures that, regardless of the globally installed Node.js instance, the CLI will use the compatible version of Node.js. If the package has a postinstall script, that script will be executed using the specified Node.js version. Related PR: #10141 - Added a new setting: trustPolicy. When set to no-downgrade, pnpm will fail installation if a package’s trust level has decreased compared to previous releases — for example, if it was previously published by a trusted publisher but now only has provenance or no trust evidence. This helps prevent installing potentially compromised versions of a package. Related issue: #8889. - Added support for pnpm config get globalconfig to retrieve the global config file path #9977. * Patch Changes - When a user runs pnpm update on a dependency that is not directly listed in package.json, none of the direct dependencies should be updated #10155. - Don't crash when two processes of pnpm are hardlinking the contents of a directory to the same destination simultaneously #10160. - Setting gitBranchLockfile and related settings via pnpm-workspace.yaml should work #9651. - update to 10.20.0: * Minor Changes - Support --all option in pnpm --help to list all commands #8628. * Patch Changes - When the latest version doesn't satisfy the maturity requirement configured by minimumReleaseAge, pick the highest version that is mature enough, even if it has a different major version #10100. - create command should not verify patch info. - Set managePackageManagerVersions to false, when switching to a different version of pnpm CLI, in order to avoid subsequent switches #10063. - update to 10.19.0: * Minor Changes - You can now allow specific versions of dependencies to run postinstall scripts. onlyBuiltDependencies now accepts package names with lists of trusted versions. For example: Related PR: #10104. onlyBuiltDependencies: - nx@21.6.4 || 21.6.5 - esbuild@0.25.1 - Added support for exact versions in minimumReleaseAgeExclude #9985. You can now list one or more specific versions that pnpm should allow to install, even if those versions don’t satisfy the maturity requirement set by minimumReleaseAge. For example: minimumReleaseAge: 1440 minimumReleaseAgeExclude: - nx@21.6.5 - webpack@4.47.0 || 5.102.1 - update to 10.18.3: * Patch Changes - Fix a bug where pnpm would infinitely recurse when using verifyDepsBeforeInstall: install and pre/post install scripts that called other pnpm scripts #10060. - Fixed scoped registry keys (e.g., @scope:registry) being parsed as property paths in pnpm config get when --location=project is used #9362. - Remove pnpm-specific CLI options before passing to npm publish to prevent "Unknown cli config" warnings #9646. - Fixed EISDIR error when bin field points to a directory #9441. - Preserve version and hasBin for variations packages #10022. - Fixed pnpm config set --location=project incorrectly handling keys with slashes (auth tokens, registry settings) #9884. - When both pnpm-workspace.yaml and .npmrc exist, pnpm config set --location=project now writes to pnpm-workspace.yaml (matching read priority) #10072. - Prevent a table width error in pnpm outdated --long #10040. - Sync bin links after injected dependencies are updated by build scripts. This ensures that binaries created during build processes are properly linked and accessible to consuming projects #10057. - update to 10.18.2: * Patch Changes - pnpm outdated --long should work #10040. - Replace ndjson with split2. Reduce the bundle size of pnpm CLI #10054. - pnpm dlx should request the full metadata of packages, when minimumReleaseAge is set #9963. - pnpm version switching should work when the pnpm home directory is in a symlinked directory #9715. - Fix EPIPE errors when piping output to other commands #10027. - update to 10.18.1: * Patch Changes - Don't print a warning, when --lockfile-only is used #8320. - pnpm setup creates a command shim to the pnpm executable. This is needed to be able to run pnpm self-update on Windows #5700. - When using pnpm catalogs and running a normal pnpm install, pnpm produced false positive warnings for "skip adding to the default catalog because it already exists". This warning now only prints when using pnpm add --save-catalog as originally intended. - update to 10.18.0: * Minor Changes - Added network performance monitoring to pnpm by implementing warnings for slow network requests, including both metadata fetches and tarball downloads. Added configuration options for warning thresholds: fetchWarnTimeoutMs and fetchMinSpeedKiBps. Warning messages are displayed when requests exceed time thresholds or fall below speed minimums Related PR: #10025. * Patch Changes - Retry filesystem operations on EAGAIN errors #9959. - Outdated command respects minimumReleaseAge configuration #10030. - Correctly apply the cleanupUnusedCatalogs configuration when removing dependent packages. - Don't fail with a meaningless error when scriptShell is set to false #8748. - pnpm dlx should not fail when minimumReleaseAge is set #10037. - update to 10.17.1: * Patch Changes - When a version specifier cannot be resolved because the versions don't satisfy the minimumReleaseAge setting, print this information out in the error message #9974. - Fix state.json creation path when executing pnpm patch in a workspace project #9733. - When minimumReleaseAge is set and the latest tag is not mature enough, prefer a non-deprecated version as the new latest #9987. - update to 10.17: * Minor Changes - The minimumReleaseAgeExclude setting now supports patterns. For instance: minimumReleaseAge: 1440 minimumReleaseAgeExclude: - "@eslint/*" * Patch Changes - Don't ignore the minimumReleaseAge check, when the package is requested by exact version and the packument is loaded from cache #9978. - When minimumReleaseAge is set and the active version under a dist-tag is not mature enough, do not downgrade to a prerelease version in case the original version wasn't a prerelease one #9979. - update to 10.16.1: * Patch Changes - The full metadata cache should be stored not at the same location as the abbreviated metadata. This fixes a bug where pnpm was loading the abbreviated metadata from cache and couldn't find the "time" field as a result #9963. - Forcibly disable ANSI color codes when generating patch diff #9914. - update to 10.16: * Minor Changes - There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour. - The new setting is called minimumReleaseAge. It specifies the number of minutes that must pass after a version is published before pnpm will install it. For example, setting minimumReleaseAge: 1440 ensures that only packages released at least one day ago can be installed. - If you set minimumReleaseAge but need to disable this restriction for certain dependencies, you can list them under the minimumReleaseAgeExclude setting. For instance, with the following configuration pnpm will always install the latest version of webpack, regardless of its release time: minimumReleaseAgeExclude: - webpack - Added support for finders #9946. In the past, pnpm list and pnpm why could only search for dependencies by name (and optionally version). For example: pnpm why minimist prints the chain of dependencies to any installed instance of minimist: verdaccio 5.20.1 ├─┬ handlebars 4.7.7 │ └── minimist 1.2.8 └─┬ mv 2.1.1 └─┬ mkdirp 0.5.6 └── minimist 1.2.8 What if we want to search by other properties of a dependency, not just its name? For instance, find all packages that have react@17 in their peer dependencies? This is now possible with "finder functions". Finder functions can be declared in .pnpmfile.cjs and invoked with the --find-by=<function name> flag when running pnpm list or pnpm why. Let's say we want to find any dependencies that have React 17 in peer dependencies. We can add this finder to our .pnpmfile.cjs: module.exports = { finders: { react17: (ctx) => { return ctx.readManifest().peerDependencies?.react === "^17.0.0"; }, }, }; Now we can use this finder function by running: pnpm why --find-by=react17 pnpm will find all dependencies that have this React in peer dependencies and print their exact locations in the dependency graph. @apollo/client 4.0.4 ├── @graphql-typed-document-node/core 3.2.0 └── graphql-tag 2.12.6 It is also possible to print out some additional information in the output by returning a string from the finder. For example, with the following finder: module.exports = { finders: { react17: (ctx) => { const manifest = ctx.readManifest(); if (manifest.peerDependencies?.react === "^17.0.0") { return `license: ${manifest.license}`; } return false; }, }, }; Every matched package will also print out the license from its package.json: @apollo/client 4.0.4 ├── @graphql-typed-document-node/core 3.2.0 │ license: MIT └── graphql-tag 2.12.6 license: MIT * Patch Changes - Fix deprecation warning printed when executing pnpm with Node.js 24 #9529. - Throw an error if nodeVersion is not set to an exact semver version #9934. - pnpm publish should be able to publish a .tar.gz file #9927. - Canceling a running process with Ctrl-C should make pnpm run return a non-zero exit code #9626. - update to 10.15.1: * Patch Changes - Fix .pnp.cjs crash when importing subpath #9904. - When resolving peer dependencies, pnpm looks whether the peer dependency is present in the root workspace project's dependencies. This change makes it so that the peer dependency is correctly resolved even from aliased npm-hosted dependencies or other types of dependencies #9913. - update to 10.15.0: * Minor Changes - Added the cleanupUnusedCatalogs configuration. When set to true, pnpm will remove unused catalog entries during installation #9793. - Automatically load pnpmfiles from config dependencies that are named @*/pnpm-plugin-* #9780. - pnpm config get now prints an INI string for an object value #9797. - pnpm config get now accepts property paths (e.g. pnpm config get catalog.react, pnpm config get .catalog.react, pnpm config get 'packageExtensions["@babel/parser"].peerDependencies["@babel/types"]'), and pnpm config set now accepts dot-leading or subscripted keys (e.g. pnpm config set .ignoreScripts true). - pnpm config get --json now prints a JSON serialization of config value, and pnpm config set --json now parses the input value as JSON. * Patch Changes - Semi-breaking. When automatically installing missing peer dependencies, prefer versions that are already present in the direct dependencies of the root workspace package #9835. - When executing the pnpm create command, must verify whether the node version is supported even if a cache already exists #9775. - When making requests for the non-abbreviated packument, add */* to the Accept header to avoid getting a 406 error on AWS CodeArtifact #9862. - The standalone exe version of pnpm works with glibc 2.26 again #9734. - Fix a regression in which pnpm dlx pkg --help doesn't pass --help to pkg #9823. - update to 10.14.0: * Minor Changes - Added support for JavaScript runtime installation (Related PR: #9755.) Declare Node.js, Deno, or Bun in devEngines.runtime (inside package.json) and let pnpm download and pin it automatically. Usage example: { "devEngines": { "runtime": { "name": "node", "version": "^24.4.0", "onFail": "download" // we only support the "download" value for now } } } How it works: - pnpm install resolves your specified range to the latest matching runtime version. - The exact version (and checksum) is saved in the lockfile. - Scripts use the local runtime, ensuring consistency across environments. Why this is better: - This new setting supports also Deno and Bun (vs. our Node-only settings useNodeVersion and executionEnv.nodeVersion) - Supports version ranges (not just a fixed version). - The resolved version is stored in the pnpm lockfile, along with an integrity checksum for future validation of the Node.js content's validity. - It can be used on any workspace project (like executionEnv.nodeVersion). So, different projects in a workspace can use different runtimes. - For now devEngines.runtime setting will install the runtime locally, which we will improve in future versions of pnpm by using a shared location on the computer. - Add --cpu, --libc, and --os to pnpm install, pnpm add, and pnpm dlx to customize supportedArchitectures via the CLI #7510. * Patch Changes - Fix a bug in which pnpm add downloads packages whose libc differ from pnpm.supportedArchitectures.libc. - The integrities of the downloaded Node.js artifacts are verified #9750. - Allow dlx to parse CLI flags and options between the dlx command and the command to run or between the dlx command and -- #9719. - pnpm install --prod should removing hoisted dev dependencies #9782. - Fix an edge case bug causing local tarballs to not re-link into the virtual store. This bug would happen when changing the contents of the tarball without renaming the file and running a filtered install. - Fix a bug causing pnpm install to incorrectly assume the lockfile is up to date after changing a local tarball that has peers dependencies. - update to 10.13.1: * Patch Changes - Run user defined pnpmfiles after pnpmfiles of plugins. - update to 10.13.0: * Minor Changes - Added the possibility to load multiple pnpmfiles. The pnpmfile setting can now accept a list of pnpmfile locations #9702. - pnpm will now automatically load the pnpmfile.cjs file from any config dependency named @pnpm/plugin-* or pnpm-plugin-* #9729. - The order in which config dependencies are initialized should not matter — they are initialized in alphabetical order. If a specific order is needed, the paths to the pnpmfile.cjs files in the config dependencies can be explicitly listed using the pnpmfile setting in pnpm-workspace.yaml. * Patch Changes - When patching dependencies installed via pkg.pr.new, treat them as Git tarball URLs #9694. - Prevent conflicts between local projects' config and the global config in dangerouslyAllowAllBuilds, onlyBuiltDependencies, onlyBuiltDependenciesFile, and neverBuiltDependencies #9628. - Sort keys in pnpm-workspace.yaml with deep #9701. - The pnpm rebuild command should not add pkgs included in ignoredBuiltDependencies to ignoredBuilds in node_modules/.modules.yaml #9338. - Replaced shell-quote with shlex for quoting command arguments #9381. - update to 10.12.4: * Patch Changes - Fix pnpm licenses command for local dependencies #9583. - Fix a bug in which pnpm ls --filter=not-exist --json prints nothing instead of an empty array #9672. - Fix a deadlock that sometimes happens during peer dependency resolution #9673. - Running pnpm install after pnpm fetch should hoist all dependencies that need to be hoisted. - Fixes a regression introduced in v10.12.2 by #9648; resolves #9689. - update to 10.12.3: * Patch Changes - Restore hoisting of optional peer dependencies when installing with an outdated lockfile. Regression introduced in v10.12.2 by #9648; resolves #9685. - update to 10.12.2: * Patch Changes - Fixed hoisting with enableGlobalVirtualStore set to true #9648. - Fix the --help and -h flags not working as expected for the pnpm create command. - The dependency package path output by the pnpm licenses list --json command is incorrect. - Fix a bug in which pnpm deploy fails due to overridden dependencies having peer dependencies causing ERR_PNPM_OUTDATED_LOCKFILE #9595. - update to 10.12.1 (10.2.0 was yanked): * Minor Changes - Experimental. Added support for global virtual stores. When enabled, node_modules contains only symlinks to a central virtual store, rather to node_modules/.pnpm. By default, this central store is located at <store-path>/links (you can find the store path by running pnpm store path). In the central virtual store, each package is hard linked into a directory whose name is the hash of its dependency graph. This allows multiple projects on the system to symlink shared dependencies from this central location, significantly improving installation speed when a warm cache is available. This is conceptually similar to how NixOS manages packages, using dependency graph hashes to create isolated and reusable package directories. To enable the global virtual store, set enableGlobalVirtualStore: true in your root pnpm-workspace.yaml, or globally via: pnpm config -g set enable-global-virtual-store true NOTE: In CI environments, where caches are typically cold, this setting may slow down installation. pnpm automatically disables the global virtual store when running in CI. Related PR: #8190 - The pnpm update command now supports updating catalog: protocol dependencies and writes new specifiers to pnpm-workspace.yaml. - A new catalogMode setting is available for controlling if and how dependencies are added to the default catalog. It can be configured to several modes: - strict: Only allows dependency versions from the catalog. Adding a dependency outside the catalog's version range will cause an error. - prefer: Prefers catalog versions, but will fall back to direct dependencies if no compatible version is found. - manual (default): Does not automatically add dependencies to the catalog. - Added two new CLI options (--save-catalog and --save-catalog-name=<name>) to pnpm add to save new dependencies as catalog entries. catalog: or catalog:<name> will be added to package.json and the package specifier will be added to the catalogs or catalog[<name>] object in pnpm-workspace.yaml #9425. - Semi-breaking. The keys used for side-effects caches have changed. If you have a side-effects cache generated by a previous version of pnpm, the new version will not use it and will create a new cache instead #9605. - Added a new setting called ci for explicitly telling pnpm if the current environment is a CI or not. * Patch Changes - Sort versions printed by pnpm patch using semantic versioning rules. - Improve the way the error message displays mismatched specifiers. Show differences instead of 2 whole objects #9598. - Revert #9574 to fix a regression #9596. - update to 10.11.1: * Patch Changes - Fix an issue in which pnpm deploy --legacy creates unexpected directories when the root package.json has a workspace package as a peer dependency #9550. - Dependencies specified via a URL that redirects will only be locked to the target if it is immutable, fixing a regression when installing from GitHub releases. (#9531) - Installation should not exit with an error if strictPeerDependencies is true but all issues are ignored by peerDependencyRules #9505. - Use pnpm_config_ env variables instead of npm_config_ #9571. - Fix a regression (in v10.9.0) causing the --lockfile-only flag on pnpm update to produce a different pnpm-lock.yaml than an update without the flag. - Let pnpm deploy work in repos with overrides when inject-workspace-packages=true #9283. - Fixed the problem of path loss caused by parsing URL address. Fixes a regression shipped in pnpm v10.11 via #9502. - pnpm -r --silent run should not print out section #9563. - update to 10.11.0: * Minor Changes - A new setting added for pnpm init to create a package.json with type=module, when init-type is module. Works as a flag for the init command too #9463. - Added support for Nushell to pnpm setup #6476. - Added two new flags to the pnpm audit command, --ignore and --ignore-unfixable #8474. Ignore all vulnerabilities that have no solution: > pnpm audit --ignore-unfixable Provide a list of CVE's to ignore those specifically, even if they have a resolution. > pnpm audit --ignore=CVE-2021-1234 --ignore=CVE-2021-5678 - Added support for recursively running pack in every project of a workspace #4351. Now you can run pnpm -r pack to pack all packages in the workspace. * Patch Changes - pnpm version management should work, when dangerouslyAllowAllBuilds is set to true #9472. - pnpm link should work from inside a workspace #9506. - Set the default workspaceConcurrency to Math.min(os.availableParallelism(), 4) #9493. - Installation should not exit with an error if strictPeerDependencies is true but all issues are ignored by peerDependencyRules #9505. - Read updateConfig from pnpm-workspace.yaml #9500. - Add support for recursive pack - Remove url.parse usage to fix warning on Node.js 24 #9492. - pnpm run should be able to run commands from the workspace root, if ignoreScripts is set tot true #4858. - update to 10.10.0: * Allow loading the preResolution, importPackage, and fetchers hooks from local pnpmfile. * Fix cd command, when shellEmulator is true #7838. * Sort keys in pnpm-workspace.yaml #9453. * Pass the npm_package_json environment variable to the executed scripts #9452. * Fixed a mistake in the description of the --reporter=silent option. - update to 10.9.0: * Minor Changes - Added support for installing JSR packages. You can now install JSR packages using the following syntax: add jsr:<pkg_name> or with a version range: pnpm add jsr:<pkg_name>@<range> For example, running: pnpm add jsr:@foo/bar will add the following entry to your package.json: { "dependencies": { "@foo/bar": "jsr:^0.1.2" } } When publishing, this entry will be transformed into a format compatible with npm, older versions of Yarn, and previous pnpm versions: { "dependencies": { "@foo/bar": "npm:@jsr/foo__bar@^0.1.2" } } Related issue: #8941. Note: The @jsr scope defaults to https://npm.jsr.io/ if the @jsr:registry setting is not defined. - Added a new setting, dangerouslyAllowAllBuilds, for automatically running any scripts of dependencies without the need to approve any builds. It was already possible to allow all builds by adding this to pnpm-workspace.yaml: neverBuiltDependencies: [] dangerouslyAllowAllBuilds has the same effect but also allows to be set globally via: pnpm config set dangerouslyAllowAllBuilds true It can also be set when running a command: pnpm install --dangerously-allow-all-builds * Patch Changes - Fix a false negative in verifyDepsBeforeRun when nodeLinker is hoisted and there is a workspace package without dependencies and node_modules directory #9424. - Explicitly drop verifyDepsBeforeRun support for nodeLinker: pnp. Combining verifyDepsBeforeRun and nodeLinker: pnp will now print a warning. - udate to 10.8.1: * Patch Changes - Removed bright white highlighting, which didn't look good on some light themes #9389. - If there is no pnpm related configuration in package.json, onlyBuiltDependencies will be written to pnpm-workspace.yaml file #9404. - The patch file path saved by the pnpm patch-commit and patch-remove commands should be a relative path #9403. - update to 10.8: * Minor Changes Experimental. A new hook is supported for updating configuration settings. The hook can be provided via .pnpmfile.cjs. For example: module.exports = { hooks: { updateConfig: (config) => ({ ...config, nodeLinker: "hoisted", }), }, }; Now you can use the pnpm add command with the --config flag to install new configurational dependencies #9377. * Patch Changes - Do not hang indefinitely, when there is a glob that starts with !/ in pnpm-workspace.yaml. This fixes a regression introduced by #9169. - pnpm audit --fix should update the overrides in pnpm-workspace.yaml. - pnpm link should update overrides in pnpm-workspace.yaml, not in package.json #9365. - update to 10.7.1: * Patch Changes - pnpm config set should convert the settings to their correct type before adding them to pnpm-workspace.yaml #9355. - pnpm config get should read auth related settings via npm CLI #9345. - Replace leading ~/ in a path in .npmrc with the home directory #9217. - update to 10.7: * Minor Changes - pnpm config get and list also show settings set in pnpm-workspace.yaml files #9316. - It should be possible to use env variables in pnpm-workspace.yaml setting names and value. - Add an ability to patch dependencies by version ranges. Exact versions override version ranges, which in turn override name-only patches. Version range * is the same as name-only, except that patch application failure will not be ignored. For example: patchedDependencies: foo: patches/foo-1.patch foo@^2.0.0: patches/foo-2.patch foo@2.1.0: patches/foo-3.patch The above configuration would apply patches/foo-3.patch to foo@2.1.0, patches/foo-2.patch to all foo versions which satisfy ^2.0.0 except 2.1.0, and patches/foo-1.patch to the remaining foo versions. [!WARNING] The version ranges should not overlap. If you want to specialize a sub range, make sure to exclude it from the other keys. For example: # pnpm-workspace.yaml patchedDependencies: # the specialized sub range 'foo@2.2.0-2.8.0': patches/foo.2.2.0-2.8.0.patch # the more general patch, excluding the sub range above 'foo@>=2.0.0 <2.2.0 || >2.8.0': 'patches/foo.gte2.patch In most cases, however, it's sufficient to just define an exact version to override the range. - pnpm config set --location=project saves the setting to a pnpm-workspace.yaml file if no .npmrc file is present in the directory #9316. - Rename pnpm.allowNonAppliedPatches to pnpm.allowUnusedPatches. The old name is still supported but it would print a deprecation warning message. - Add pnpm.ignorePatchFailures to manage whether pnpm would ignore patch application failures. - If ignorePatchFailures is not set, pnpm would throw an error when patches with exact versions or version ranges fail to apply, and it would ignore failures from name-only patches. - If ignorePatchFailures is explicitly set to false, pnpm would throw an error when any type of patch fails to apply. - If ignorePatchFailures is explicitly set to true, pnpm would print a warning when any type of patch fails to apply. * Patch Changes - Remove dependency paths from audit output to prevent out-of-memory errors #9280. - update to 10.6.5: * Patch Changes - Remove warnings after having explicitly approved no builds #9296. - When installing different dependency packages, should retain the ignoredBuilds field in the .modules.yaml file #9240. - Fix usages of the catalog: protocol in injected local workspace packages. This previously errored with ERR_PNPM_SPEC_NOT_SUPPORTED_BY_ANY_RESOLVER. #8715 - Setting workspace-concurrency to less than or equal to 0 should work #9297. - update to 10.6.4: * Patch Changes - Fix pnpm dlx with --allow-build flag #9263. - Invalid Node.js version in use-node-version should not cause pnpm itself to break #9276. - The max amount of workers running for linking packages from the store has been reduced to 4 to achieve optimal results #9286. The workers are performing many file system operations, so increasing the number of CPUs doesn't help performance after some point. - update to 10.6.3: * Patch Changes - pnpm install --prod=false should not crash, when executed in a project with a pnpm-workspace.yaml file #9233. This fixes regression introduced via #9211. - Add the missing node-options config to recursive run #9180. - Removed a branching code path that only executed when dedupe-peer-dependents=false. We believe this internal refactor will not result in behavior changes, but we expect it to make future pnpm versions behave more consistently for projects that override dedupe-peer-dependents to false. There should be less unique bugs from turning off dedupe-peer-dependents. See details in #9259. - update to 10.6.2: * Patch Changes - pnpm self-update should always update the version in the packageManager field of package.json. - Fix running pnpm CLI from pnpm CLI on Windows when the CLI is bundled to an executable #8971. - pnpm patch-commit will now use the same filesystem as the store directory to compare and create patch files. - Don't show info output when --loglevel=error is used. - peerDependencyRules should be set in pnpm-workspace.yaml to take effect. - update to 10.6.1: * Patch Changes - The pnpm CLI process should not stay hanging, when --silent reporting is used. - When --loglevel is set to error, don't show installation summary, execution time, and big tarball download progress. - Don't ignore pnpm.patchedDependencies from package.json #9226. - When executing the approve-builds command, if package.json contains onlyBuiltDependencies or ignoredBuiltDependencies, the selected dependency package will continue to be written into package.json. - When a package version cannot be found in the package metadata, print the registry from which the package was fetched. - update to 10.6.0: * Minor Changes - pnpm-workspace.yaml can now hold all the settings that .npmrc accepts. The settings should use camelCase #9211. pnpm-workspace.yaml example: verifyDepsBeforeRun: install optimisticRepeatInstall: true publicHoistPattern: - "*types*" - "!@types/react" - Projects using a file: dependency on a local tarball file (i.e. .tgz, .tar.gz, .tar) will see a performance improvement during installation. Previously, using a file: dependency on a tarball caused the lockfile resolution step to always run. The lockfile will now be considered up-to-date if the tarball is unchanged. * Patch Changes - pnpm self-update should not leave a directory with a broken pnpm installation if the installation fails. - fast-glob replace with tinyglobby to reduce the size of the pnpm CLI dependencies #9169. - pnpm deploy should not remove fields from the deployed package's package.json file #9215. - pnpm self-update should not read the pnpm settings from the package.json file in the current working directory. - Fix pnpm deploy creating a package.json without the imports and license field #9193. - pnpm update -i should list only packages that have newer versions #9206. - Fix a bug causing entries in the catalogs section of the pnpm-lock.yaml file to be removed when dedupe-peer-dependents=false on a filtered install. #9112 - update to 10.5.2: * The pnpm config set command should change the global .npmrc file by default. This was a regression introduced by #9151 and shipped in pnpm v10.5.0. - update to 10.5.1: * Throw an error message if a pnpm-workspaces.yaml or pnpm-workspaces.yml file is found instead of a pnpm-workspace.yaml #9170. * Fix the update of pnpm-workspace.yaml by the pnpm approve-builds command #9168. * Normalize generated link paths in package.json #9163 * Specifying overrides in pnpm-workspace.yaml should work. * pnpm dlx should ignore settings from the package.json file in the current working directory #9178. - update to 10.5.0: * The pnpm.* settings from package.json can now be specified in the pnpm-workspace.yaml file instead #9121. * Added support for automatically syncing files of injected workspace packages after pnpm run #9081. Use the sync-injected -deps-after-scripts setting to specify which scripts build the workspace package. This tells pnpm when syncing is needed. The setting should be defined in a .npmrc file at the root of the workspace. * The packages field in pnpm-workspace.yaml became optional. * pnpm link with no parameters should work as if --global is specified #9151 * Allow scope registry CLI option without --config. prefix such as --@scope:registry=https://scope.example.com/npm #9089 * pnpm link <path> should calculate relative path from the root of the workspace directory #9132 * Fix a bug causing catalog snapshots to be removed from the pnpm-lock.yaml file when using --fix-lockfile and --filter. #8639 * Fix a bug causing catalog protocol dependencies to not re- resolve on a filtered install #8638 - update to 10.4.1: * Throws an error when the value provided by the --allow-build option overlaps with the pnpm.ignoredBuildDependencies list #9105. * Print pnpm's version after the execution time at the end of the console output. * Print warning about ignored builds of dependencies on repeat install #9106. * Setting init-package-manager should work. - includes 10.4.0: * pnpm approve-builds --global works now for allowing dependencies of globally installed packages to run postinstall scripts. * The pnpm add command now supports a new flag, --allow-build, which allows building the specified dependencies. * pnpm approve-builds should work after two consecutive pnpm install runs #9083. * Fix instruction for updating pnpm with corepack #9101. * The pnpm version specified by packageManager cannot start with v. - update to 10.3.0: * Added a new setting called strict-dep-builds. When enabled, the installation will exit with a non-zero exit code if any dependencies have unreviewed build scripts (aka postinstall scripts) #9071. * Fix a false negative of verify-deps-before-run after pnpm install --production|--no-optional #9019. * Print the warning about blocked installation scripts at the end of the installation output and make it more prominent. - update to 10.2.1: * Don't read a package from side-effects cache if it isn't allowed to be built #9042. * pnpm approve-builds should work, when executed from a subdirectory of a workspace #9042. * pnpm deploy --legacy should work without injected dependencies * Add information about how to deploy without "injected dependencies" to the "pnpm deploy" error message. - includes 10.2.0: * Packages executed via pnpm dlx and pnpm create are allowed to be built (run postinstall scripts) by default. * Quote args for scripts with shell-quote to support new lines (on POSIX only) #8980. * Fix a bug in which pnpm deploy fails to read the correct projectId when the deploy source is the same as the workspace directory #9001. * Proxy settings should be respected, when resolving Git-hosted dependencies #6530. * Prevent overrides from adding invalid version ranges to peerDependencies by keeping the peerDependencies and overriding them with prod dependencies #8978. * Sort the package names in the "pnpm.onlyBuiltDependencies" list saved by pnpm approve-builds. - update to 10.1.0: * Added a new command for printing the list of dependencies with ignored build scripts: pnpm ignored-builds #8963. * Added a new command for approving dependencies for running scripts during installation: pnpm approve-builds #8963. * Added a new setting called optimistic-repeat-install. When enabled, a fast check will be performed before proceeding to installation. This way a repeat install or an install on a project with everything up-to-date becomes a lot faster. But some edge cases might arise, so we keep it disabled by default for now #8977. * Added a new field "pnpm.ignoredBuiltDependencies" for explicitly listing packages that should not be built. When a package is in the list, pnpm will not print an info message about that package not being built #8935. * Verify that the package name is valid when executing the publish command. * When running pnpm install, the preprepare and postprepare scripts of the project should be executed #8989. * Allow workspace: and catalog: to be part of wider version range in peerDependencies. * pnpm deploy should inherit the pnpm object from the root package.json #8991. * Make sure that the deletion of a node_modules in a sub- project of a monorepo is detected as out-of-date #8959. * Fix infinite loop caused by lifecycle scripts using pnpm to execute other scripts during pnpm install with verify-deps-before-run=install #8954. * Replace strip-ansi with the built-in util. stripVTControlCharacters #9009. * Do not print patched dependencies as ignored dependencies that require a build #8952. - update to 10.0.0: * Lifecycle scripts of dependencies are not executed during installation by default! This is a breaking change aimed at increasing security. In order to allow lifecycle scripts of specific dependencies, they should be listed in the pnpm onlyBuiltDependencies field of package.json #8897 * The pnpm link command now adds overrides to the root package.json. #8653 * Secure hashing with SHA256 * Configuration updates * Changes to the global store * The # character is now escaped in directory names within node_modules/.pnpm. #8557 * Running pnpm add --global pnpm or pnpm add --global @pnpm/exe now fails with an error message, directing you to use pnpm self-update instead. #8728 * Dependencies added via a URL now record the final resolved URL in the lockfile, ensuring that any redirects are fully captured. #8833 * The pnpm deploy command now only works in workspaces that have inject-workspace-packages=true. This limitation is introduced to allow us to create a proper lockfile for the deployed project using the workspace lockfile. * Removed conversion from lockfile v6 to v9. If you need v6-to- v9 conversion, use pnpm CLI v9. * pnpm test now passes all parameters after the test keyword directly to the underlying script. This matches the behavior of pnpm run test. Previously you needed to use the -- prefix. #8619 * node-gyp updated to version 11. * pnpm deploy now tries creating a dedicated lockfile from a shared lockfile for deployment. It will fallback to deployment without a lockfile if there is no shared lockfile or force-legacy-deploy is set to true. * Added support for a new type of dependencies called "configurational dependencies". These dependencies are installed before all the other types of dependencies (befor "dependencies", "devDependencies", "optionalDependencies"). * New verify-deps-before-run setting. This setting controls how pnpm checks node_modules before running scripts #8836 * On repeated installs, pnpm performs a quick check to ensure node_modules is up to date. #8838 * pnpm add integrates with default workspace catalog: #8640 * pnpm dlx now resolves packages to their exact versions and uses these exact versions for cache keys. This ensures pnpm dlx always installs the latest requested packages #8811 * No node_modules validation on certain commands. Commands that should not modify node_modules (e.g., pnpm install --lockfile- only) no longer validate or purge node_modules. #8657 * for full changes, see https://github.com/pnpm/pnpm/releases/tag/v10.0.0 - update to 9.15.3: * Fixed the Regex used to find the package manifest during packing #8938. * pnpm update --filter <pattern> --latest <pkg> should only change the specified package for the specified workspace, when dedupe-peer-dependents is set to true #8877. * Exclude .DS_Store file at patch-commit #8922. * Fix a bug in which pnpm patch is unable to bring back old patch without specifying @version suffix #8919. - update to 9.15.2: * Fixed publish/pack error with workspace dependencies with relative paths #8904. It was broken in v9.4.0 (398472c). * Use double quotes in the command suggestion by pnpm patch on Windows #7546. * Do not fall back to SSH, when resolving a git-hosted package if git ls-remote works via HTTPS #8906. * Improve how packages with blocked lifecycle scripts are reported during installation. Always print the list of ignored scripts at the end of the output. Include a hint about how to allow the execution of those packages. - update to version 9.15.1: * pnpm remove should not link dependencies from the workspace, when link-workspace-packages is set to false #7674 * Installation with hoisted node_modules should not fail, when a dependency has itself in its own peer dependencies #8854 - update to version 9.15.0: * Metadata directory version bumped to force fresh cache after we shipped a fix to the metadata write function. This change is backward compatible as install doesn't require a metadata cache * pnpm update --global should not crash if there are no any global packages installed #7898 * Fix an exception when running pnpm update --interactive if catalogs are used. - update to version 9.14.4: * Don't ever save mutated metadata to the metadata cache - includes 9.14.3: * Some commands should ignore the packageManager field check of package.json #7959 - update to version 9.14.2: pnpm publish --json should work #8788 - includes 9.14.1: * Added support for pnpm pack --json to print packed tarball and contents in JSON format #8765 * pnpm exec should print a meaningful error message when no command is provided #8752 * pnpm setup should remove the CLI from the target location before moving the new binary #8173 * Fix ERR_PNPM_TARBALL_EXTRACT error while installing a dependency from GitHub having a slash in branch name #7697 * Don't crash if the use-node-version setting is used and the system has no Node.js installed #8769 * Convert settings in local .npmrc files to their correct types. For instance, child-concurrency should be a number, not a string #5075 * pnpm should fail if a project requires a different package manager even if manage-package-manager-versions is set to true * pnpm init should respect the --dir option #8768 - includes 9.14.0: * chore: use verify-deps-before-run * fix(init): --dir option should be respected (#8768) * feat: support json format output in pnpm pack (#8765) * fix: pnpm exec should specify command (#8774) * fix: proper types of settings in local .npmrc files (#8775) * fix: ERR_PNPM_TARBALL_EXTRACT when the URL's hash contains a slash * fix: the CLI should fail if a different package manager is required by the project * fix: ETXTBSY error on running setup (#8780) * feat: add linux-riscv64 build (#8779) * fix: remove link to X from update notifier (#8773) * docs: update sponsors * fix: upgrade cross-sapwn (#8782) * fix: don't crash when use-node-version is set and there is no node.js * docs: update changesets - update to version 9.13.2: * Detection of circular peer dependencies should not crash with aliased dependencies #8759. Fixes a regression introduced in the previous version. * Fix race condition of symlink creations caused by multiple parallel dlx processes. - update to version 9.13.1: * Fixed some edge cases where resolving circular peer dependencies caused a dead lock #8720 - update to version 9.13.0: * The self-update now accepts a version specifier to install a specific version of pnpm. * Fix Cannot read properties of undefined (reading 'name') that is printed while trying to render the missing peer dependencies warning message #8538 - update to version 9.12.3: * Don't purge node_modules, when typing "n" in the prompt that asks whether to remove node_modules before installation #8655 * Fix a bug causing pnpm to infinitely spawn itself when manage- package-manager-versions=true is set and the .tools directory is corrupt * Use crypto.hash, when available, for improved performance #8629 * Fixed a race condition in temporary file creation in the store by including worker thread ID in filename. Previously, multiple worker threads could attempt to use the same temporary file. Temporary files now include both process ID and thread ID for uniqueness #8703 * All commands should read settings from the package.json at the root of the workspace #8667 * When manage-package-manager-versions is set to true, errors spawning a self-managed version of pnpm will now be shown (instead of being silent) * Pass the find command to npm, it is an alias for npm search - includes 9.12.2: * When checking whether a file in the store has executable permissions, the new approach checks if at least one of the executable bits (owner, group, and others) is set to 1. Previously, a file was incorrectly considered executable only when all the executable bits were set to 1. This fix ensures that files with any executable permission, regardless of the user class, are now correctly identified as executable #8546 pnpm-10.22.0-bp160.1.1.noarch.rpm pnpm-bash-completion-10.22.0-bp160.1.1.noarch.rpm pnpm-fish-completion-10.22.0-bp160.1.1.noarch.rpm pnpm-zsh-completion-10.22.0-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-32 Security update for rnp moderate openSUSE Backports SLE-16.0 This update for rnp fixes the following issues: - update to 0.18.1: * CVE-2025-13470: PKESK (public-key encrypted) session keys were generated as all-zero, allowing trivial decryption of messages encrypted with public keys only (boo#1253957, CVE-2025-13402) librnp0-0.18.1-bp160.1.1.aarch64.rpm rnp-0.18.1-bp160.1.1.aarch64.rpm rnp-devel-0.18.1-bp160.1.1.aarch64.rpm librnp0-0.18.1-bp160.1.1.ppc64le.rpm rnp-0.18.1-bp160.1.1.ppc64le.rpm rnp-devel-0.18.1-bp160.1.1.ppc64le.rpm librnp0-0.18.1-bp160.1.1.s390x.rpm rnp-0.18.1-bp160.1.1.s390x.rpm rnp-devel-0.18.1-bp160.1.1.s390x.rpm librnp0-0.18.1-bp160.1.1.x86_64.rpm rnp-0.18.1-bp160.1.1.x86_64.rpm rnp-devel-0.18.1-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-33 Security update for trivy important openSUSE Backports SLE-16.0 This update for trivy fixes the following issues: Changes in trivy: Update to version 0.67.2 (bsc#1250625, CVE-2025-11065, bsc#1248897, CVE-2025-58058): * fix: Use `fetch-level: 1` to check out trivy-repo in the release workflow [backport: release/v0.67] (#9638) * fix: restore compatibility for google.protobuf.Value [backport: release/v0.67] (#9631) * fix: using SrcVersion instead of Version for echo detector [backport: release/v0.67] (#9629) * fix: add `buildInfo` for `BlobInfo` in `rpc` package [backport: release/v0.67] (#9615) * fix(vex): don't use reused BOM [backport: release/v0.67] (#9612) * fix(vex): don't suppress vulns for packages with infinity loop (#9465) * fix(aws): use `BuildableClient` insead of `xhttp.Client` (#9436) * refactor(misconf): replace github.com/liamg/memoryfs with internal mapfs and testing/fstest (#9282) * docs: clarify inline ignore limitations for resource-less checks (#9537) * fix(k8s): disable parallel traversal with fs cache for k8s images (#9534) * fix(misconf): handle tofu files in module detection (#9486) * feat(seal): add seal support (#9370) * docs: fix modules path and update code example (#9539) * fix: close file descriptors and pipes on error paths (#9536) * feat: add documentation URL for database lock errors (#9531) * fix(db): Dowload database when missing but metadata still exists (#9393) * feat(cloudformation): support default values and list results in Fn::FindInMap (#9515) * fix(misconf): unmark cty values before access (#9495) * feat(cli): change --list-all-pkgs default to true (#9510) * fix(nodejs): parse workspaces as objects for package-lock.json files (#9518) * refactor(fs): use underlyingPath to determine virtual files more reliably (#9302) * refactor: remove google/wire dependency and implement manual DI (#9509) * chore(deps): bump the aws group with 6 updates (#9481) * chore(deps): bump the common group across 1 directory with 24 updates (#9507) * fix(misconf): wrap legacy ENV values in quotes to preserve spaces (#9497) * docs: move info about `detection priority` into coverage section (#9469) * feat(sbom): added support for CoreOS (#9448) * fix(misconf): strip build metadata suffixes from image history (#9498) * feat(cyclonedx): preserve SBOM structure when scanning SBOM files with vulnerability updates (#9439) * docs: Fix typo in terraform docs (#9492) * feat(redhat): add os-release detection for RHEL-based images (#9458) * ci(deps): add 3-day cooldown period for Dependabot updates (#9475) * refactor: migrate from go-json-experiment to encoding/json/v2 (#9422) * fix(vuln): compare `nuget` package names in lower case (#9456) * chore: Update release flow to include chocolatey (#9460) * docs: document eol supportability (#9434) * docs(report): add nuanses about secret/license scanner in summary table (#9442) * ci: use environment variables in GitHub Actions for improved security (#9433) * chore: bump Go to 1.24.7 (#9435) * fix(nodejs): use snapshot string as `Package.ID` for pnpm packages (#9330) * ci(helm): bump Trivy version to 0.66.0 for Trivy Helm Chart 0.18.0 (#9425) Update to version 0.66.0 (bsc#1248937, CVE-2025-58058): * chore(deps): bump the aws group with 7 updates (#9419) * refactor(secret): clarify secret scanner messages (#9409) * fix(cyclonedx): handle multiple license types (#9378) * fix(repo): sanitize git repo URL before inserting into report metadata (#9391) * test: add HTTP basic authentication to git test server (#9407) * fix(sbom): add support for `file` component type of `CycloneDX` (#9372) * fix(misconf): ensure module source is known (#9404) * ci: migrate GitHub Actions from version tags to SHA pinning (#9405) * fix: create temp file under composite fs dir (#9387) * chore(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 (#9403) * refactor: switch to stable azcontainerregistry SDK package (#9319) * chore(deps): bump the common group with 7 updates (#9382) * refactor(misconf): migrate from custom Azure JSON parser (#9222) * fix(repo): preserve RepoMetadata on FS cache hit (#9389) * refactor(misconf): use atomic.Int32 (#9385) * chore(deps): bump the aws group with 6 updates (#9383) * docs: Fix broken link to "Built-in Checks" (#9375) * fix(plugin): don't remove plugins when updating index.yaml file (#9358) * fix: persistent flag option typo (#9374) * chore(deps): bump the common group across 1 directory with 26 updates (#9347) * fix(image): use standardized HTTP client for ECR authentication (#9322) * refactor: export `systemFileFiltering` Post Handler (#9359) * docs: update links to Semaphore pages (#9352) * fix(conda): memory leak by adding closure method for `package.json` file (#9349) * feat: add timeout handling for cache database operations (#9307) * fix(misconf): use correct field log_bucket instead of target_bucket in gcp bucket (#9296) * fix(misconf): ensure ignore rules respect subdirectory chart paths (#9324) * chore(deps): bump alpine from 3.21.4 to 3.22.1 (#9301) * feat(terraform): use .terraform cache for remote modules in plan scanning (#9277) * chore: fix some function names in comment (#9314) * chore(deps): bump the aws group with 7 updates (#9311) * docs: add explanation for how to use non-system certificates (#9081) * chore(deps): bump the github-actions group across 1 directory with 2 updates (#8962) * fix(misconf): preserve original paths of remote submodules from .terraform (#9294) * refactor(terraform): make Scan method of Terraform plan scanner private (#9272) * fix: suppress debug log for context cancellation errors (#9298) * feat(secret): implement streaming secret scanner with byte offset tracking (#9264) * fix(python): impove package name normalization (#9290) * feat(misconf): added audit config attribute (#9249) * refactor(misconf): decouple input fs and track extracted files with fs references (#9281) * test(misconf): remove BenchmarkCalculate using outdated check metadata (#9291) * refactor: simplify Detect function signature (#9280) * ci(helm): bump Trivy version to 0.65.0 for Trivy Helm Chart 0.17.0 (#9288) * fix(fs): avoid shadowing errors in file.glob (#9286) * test(misconf): move terraform scan tests to integration tests (#9271) * test(misconf): drop gcp iam test covered by another case (#9285) * chore(deps): bump to alpine from `3.21.3` to `3.21.4` (#9283) Update to version 0.65.0: * fix(cli): ensure correct command is picked by telemetry (#9260) * feat(flag): add schema validation for `--server` flag (#9270) * chore(deps): bump github.com/docker/docker from 28.3.2+incompatible to 28.3.3+incompatible (#9274) * ci: skip undefined labels in discussion triage action (#9175) * feat(repo): add git repository metadata to reports (#9252) * fix(license): handle WITH operator for `LaxSplitLicenses` (#9232) * chore: add modernize tool integration for code modernization (#9251) * fix(secret): add UTF-8 validation in secret scanner to prevent protobuf marshalling errors (#9253) * chore: implement process-safe temp file cleanup (#9241) * fix: prevent graceful shutdown message on normal exit (#9244) * fix(misconf): correctly parse empty port ranges in google_compute_firewall (#9237) * feat: add graceful shutdown with signal handling (#9242) * chore: update template URL for brew formula (#9221) * test: add end-to-end testing framework with image scan and proxy tests (#9231) * refactor(db): use `Getter` interface with `GetParams` for trivy-db sources (#9239) * ci: specify repository for `gh cache delete` in canary worklfow (#9240) * ci: remove invalid `--confirm` flag from `gh cache delete` command in canary builds (#9236) * fix(misconf): fix log bucket in schema (#9235) * chore(deps): bump the common group across 1 directory with 24 updates (#9228) * ci: move runner.os context from job-level env to step-level in canary workflow (#9233) * chore(deps): bump up Trivy-kubernetes to v0.9.1 (#9214) * feat(misconf): added logging and versioning to the gcp storage bucket (#9226) * fix(server): add HTTP transport setup to server mode (#9217) * chore: update the rpm download Update (#9202) * feat(alma): add AlmaLinux 10 support (#9207) * fix(nodejs): don't use prerelease logic for compare npm constraints (#9208) * fix(rootio): fix severity selection (#9181) * fix(sbom): merge in-graph and out-of-graph OS packages in scan results (#9194) * fix(cli): panic: attempt to get os.Args[1] when len(os.Args) < 2 (#9206) * fix(misconf): correctly adapt azure storage account (#9138) * feat(misconf): add private ip google access attribute to subnetwork (#9199) * feat(report): add CVSS vectors in sarif report (#9157) * fix(terraform): `for_each` on a map returns a resource for every key (#9156) * fix: supporting .egg-info/METADATA in python.Packaging analyzer (#9151) * chore: migrate protoc setup from Docker to buf CLI (#9184) * ci: delete cache after artifacts upload in canary workflow (#9177) * refactor: remove aws flag helper message (#9080) * ci: use gh pr view to get PR number for forked repositories in auto-ready workflow (#9183) * ci: add auto-ready-for-review workflow (#9179) * feat(image): add Docker context resolution (#9166) * ci: optimize golangci-lint performance with cache-based strategy (#9173) * feat: add HTTP request/response tracing support (#9125) * fix(aws): update amazon linux 2 EOL date (#9176) * chore: Update release workflow to trigger version updates (#9162) * chore(deps): bump helm.sh/helm/v3 from 3.18.3 to 3.18.4 (#9164) * fix: also check `filepath` when removing duplicate packages (#9142) * chore: add debug log to show image source location (#9163) * docs: add section on customizing default check data (#9114) * chore(deps): bump the common group across 1 directory with 9 updates (#9153) * docs: partners page content updates (#9149) * chore(license): add missed spdx exceptions: (#9147) * docs: trivy partners page updates (#9133) * fix: migrate from `*.list` to `*.md5sums` files for `dpkg` (#9131) * ci(helm): bump Trivy version to 0.64.1 for Trivy Helm Chart 0.16.1 (#9135) * feat(sbom): add SHA-512 hash support for CycloneDX SBOM (#9126) * fix(misconf): skip rewriting expr if attr is nil (#9113) * fix(license): add missed `GFDL-NIV-1.1` and `GFDL-NIV-1.2` into Trivy mapping (#9116) * fix(cli): Add more non-sensitive flags to telemetry (#9110) * fix(alma): parse epochs from rpmqa file (#9101) * fix(rootio): check full version to detect `root.io` packages (#9117) * chore: drop FreeBSD 32-bit support (#9102) * fix(sbom): use correct field for licenses in CycloneDX reports (#9057) * fix(secret): fix line numbers for multiple-line secrets (#9104) * feat(license): observe pkg types option in license scanner (#9091) * ci(helm): bump Trivy version to 0.64.0 for Trivy Helm Chart 0.16.0 (#9107) - (CVE-2025-53547, bsc#1246151) - Update to version 0.64.1 (bsc#1243633, CVE-2025-47291, (bsc#1246730, CVE-2025-46569): * fix(misconf): skip rewriting expr if attr is nil [backport: release/v0.64] (#9127) * fix(cli): Add more non-sensitive flags to telemetry [backport: release/v0.64] (#9124) * fix(rootio): check full version to detect `root.io` packages [backport: release/v0.64] (#9120) * fix(alma): parse epochs from rpmqa file [backport: release/v0.64] (#9119) * docs(python): fix type with METADATA file name (#9090) * feat: reject unsupported artifact types in remote image retrieval (#9052) * chore(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 (#9088) * refactor(misconf): rewrite Rego module filtering using functional filters (#9061) * feat(terraform): add partial evaluation for policy templates (#8967) * feat(vuln): add Root.io support for container image scanning (#9073) * feat(sbom): add manufacturer field to CycloneDX tools metadata (#9019) * fix(cli): add some values to the telemetry call (#9056) * feat(ubuntu): add end of life date for Ubuntu 25.04 (#9077) * refactor: centralize HTTP transport configuration (#9058) * test: include integration tests in linting and fix all issues (#9060) * chore(deps): bump the common group across 1 directory with 26 updates (#9063) * feat(java): dereference all maven settings.xml env placeholders (#9024) * fix(misconf): reduce log noise on incompatible check (#9029) * fix(misconf): .Config.User always takes precedence over USER in .History (#9050) * chore(deps): update Docker to v28.2.2 and fix compatibility issues (#9037) * docs(misconf): simplify misconfiguration docs (#9030) * fix(misconf): move disabled checks filtering after analyzer scan (#9002) * docs: add PR review policy for maintainers (#9032) * fix(sbom): remove unnecessary OS detection check in SBOM decoding (#9034) * test: improve and extend tests for iac/adapters/arm (#9028) * chore: bump up Go version to 1.24.4 (#9031) * feat(cli): add version constraints to annoucements (#9023) * fix(misconf): correct Azure value-to-time conversion in AsTimeValue (#9015) * feat(ubuntu): add eol date for 20.04-ESM (#8981) * fix(report): don't panic when report contains vulns, but doesn't contain packages for `table` format (#8549) * fix(nodejs): correctly parse `packages` array of `bun.lock` file (#8998) * refactor: use strings.SplitSeq instead of strings.Split in for-loop (#8983) * docs: change --disable-metrics to --disable-telemetry in example (#8999) (#9003) * feat(misconf): add OpenTofu file extension support (#8747) * refactor(misconf): set Trivy version by default in Rego scanner (#9001) * docs: fix assets with versioning (#8996) * docs: add partners page (#8988) * chore(alpine): add EOL date for Alpine 3.22 (#8992) * fix: don't show corrupted trivy-db warning for first run (#8991) * Update installation.md (#8979) * feat(misconf): normalize CreatedBy for buildah and legacy docker builder (#8953) * chore(k8s): update comments with deprecated command format (#8964) * chore: fix errors and typos in docs (#8963) * fix: Add missing version check flags (#8951) * feat(redhat): Add EOL date for RHEL 10. (#8910) * fix: Correctly check for semver versions for trivy version check (#8948) * refactor(server): change custom advisory and vulnerability data types fr… (#8923) * ci(helm): bump Trivy version to 0.63.0 for Trivy Helm Chart 0.15.0 (#8946) * fix(misconf): use argument value in WithIncludeDeprecatedChecks (#8942) * chore(deps): Bump trivy-checks (#8934) * fix(julia): add `Relationship` field support (#8939) * feat(minimos): Add support for MinimOS (#8792) * feat(alpine): add maintainer field extraction for APK packages (#8930) * feat(echo): Add Echo Support (#8833) * fix(redhat): Also try to find buildinfo in root layer (layer 0) (#8924) * fix(wolfi): support new APK database location (#8937) * feat(k8s): get components from namespaced resources (#8918) * refactor(cloudformation): remove unused ScanFile method from Scanner (#8927) * refactor(terraform): remove result sorting from scanner (#8928) * feat(misconf): Add support for `Minimum Trivy Version` (#8880) * docs: improve skipping files documentation (#8749) * feat(cli): Add available version checking (#8553) * feat(nodejs): add a bun.lock analyzer (#8897) * feat: terraform parser option to set current working directory (#8909) * perf(secret): only match secrets of meaningful length, allow example strings to not be matched (#8602) * feat(misconf): export raw Terraform data to Rego (#8741) * refactor(terraform): simplify AllReferences method signature in Attribute (#8906) * fix: check post-analyzers for StaticPaths (#8904) * feat: add Bottlerocket OS package analyzer (#8653) * feat(license): improve work text licenses with custom classification (#8888) * chore(deps): bump github.com/containerd/containerd/v2 from 2.1.0 to 2.1.1 (#8901) * chore(deps): bump the common group across 1 directory with 9 updates (#8887) * refactor(license): simplify compound license scanning (#8896) * feat(license): Support compound licenses (licenses using SPDX operators) (#8816) * fix(k8s): use in-memory cache backend during misconfig scanning (#8873) * feat(nodejs): add bun.lock parser (#8851) * feat(license): improve work with custom classification of licenses from config file (#8861) * fix(cli): disable `--skip-dir` and `--skip-files` flags for `sbom` command (#8886) * fix: julia parser panicing (#8883) * refactor(db): change logic to detect wrong DB (#8864) * fix(cli): don't use allow values for `--compliance` flag (#8881) * docs(misconf): Reorganize misconfiguration scan pages (#8206) * fix(server): add missed Relationship field for `rpc` (#8872) * feat: add JSONC support for comments and trailing commas (#8862) * fix(vex): use `lo.IsNil` to check `VEX` from OCI artifact (#8858) * feat(go): support license scanning in both GOPATH and vendor (#8843) * fix(redhat): save contentSets for OS packages in fs/vm modes (#8820) * fix: filter all files when processing files installed from package managers (#8842) * feat(misconf): add misconfiguration location to junit template (#8793) * docs(vuln): remove OSV for Python from data sources (#8841) * chore: add an issue template for maintainers (#8838) * chore: enable staticcheck (#8815) * ci(helm): bump Trivy version to 0.62.1 for Trivy Helm Chart 0.14.1 (#8836) * feat(license): scan vendor directory for license for go.mod files (#8689) * docs(java): Update info about dev deps in gradle lock (#8830) * chore(deps): bump golang.org/x/sync from 0.13.0 to 0.14.0 in the common group (#8822) * fix(java): exclude dev dependencies in gradle lockfile (#8803) * fix: octalLiteral from go-critic (#8811) * fix(redhat): trim invalid suffix from content_sets in manifest parsing (#8818) * chore(deps): bump the common group across 1 directory with 10 updates (#8817) * fix: use-any from revive (#8810) * fix: more revive rules (#8814) * docs: change in java.md: fix the Trity -to-> Trivy typo (#8813) * fix(misconf): check if for-each is known when expanding dyn block (#8808) * ci(helm): bump Trivy version to 0.62.0 for Trivy Helm Chart 0.14.0 (#8802) - Update to version 0.62.1 (bsc#1239225, CVE-2025-22868, bsc#1241724, CVE-2025-22872): * chore(deps): bump the common group across 1 directory with 10 updates [backport: release/v0.62] (#8831) * fix(misconf): check if for-each is known when expanding dyn block [backport: release/v0.62] (#8826) * fix(redhat): trim invalid suffix from content_sets in manifest parsing [backport: release/v0.62] (#8824) * feat(nodejs): add root and workspace for `yarn` packages (#8535) * fix: unused-parameter rule from revive (#8794) * chore(deps): Update trivy-checks (#8798) * fix: early-return, indent-error-flow and superfluous-else rules from revive (#8796) * fix(k8s): remove using `last-applied-configuration` (#8791) * refactor(misconf): remove unused methods from providers (#8781) * refactor(misconf): remove unused methods from iac types (#8782) * fix(misconf): filter null nodes when parsing json manifest (#8785) * fix: testifylint last issues (#8768) * fix(misconf): perform operations on attribute safely (#8774) * refactor(ubuntu): update time handling for fixing time (#8780) * chore(deps): bump golangci-lint to v2.1.2 (#8766) * feat(image): save layers metadata into report (#8394) * feat(misconf): convert AWS managed policy to document (#8757) * chore(deps): bump the docker group across 1 directory with 3 updates (#8762) * ci(helm): bump Trivy version to 0.61.1 for Trivy Helm Chart 0.13.1 (#8753) * ci(helm): create a helm branch for patches from main (#8673) * fix(terraform): hcl object expressions to return references (#8271) * chore(terraform): option to pass in instanced logger (#8738) * ci: use `Skitionek/notify-microsoft-teams` instead of `aquasecurity` fork (#8740) * chore(terraform): remove os.OpenPath call from terraform file functions (#8737) * chore(deps): bump the common group across 1 directory with 23 updates (#8733) * feat(rust): add root and workspace relationships/package for `cargo` lock files (#8676) * refactor(misconf): remove module outputs from parser.EvaluateAll (#8587) * fix(misconf): populate context correctly for module instances (#8656) * fix(misconf): check if metadata is not nil (#8647) * refactor(misconf): switch to x/json (#8719) * fix(report): clean buffer after flushing (#8725) * ci: improve PR title validation workflow (#8720) * refactor(flag): improve flag system architecture and extensibility (#8718) * fix(terraform): `evaluateStep` to correctly set `EvalContext` for multiple instances of blocks (#8555) * refactor: migrate from `github.com/aquasecurity/jfather` to `github.com/go-json-experiment/json` (#8591) * feat(misconf): support auto_provisioning_defaults in google_container_cluster (#8705) * ci: use `github.event.pull_request.user.login` for release PR check workflow (#8702) * refactor: add hook interface for extended functionality (#8585) * fix(misconf): add missing variable as unknown (#8683) * docs: Update maintainer docs (#8674) * ci(vuln): reduce github action script injection attack risk (#8610) * fix(secret): ignore .dist-info directories during secret scanning (#8646) * fix(server): fix redis key when trying to delete blob (#8649) * chore(deps): bump the testcontainers group with 2 updates (#8650) * test: use `aquasecurity` repository for test images (#8677) * chore(deps): bump the aws group across 1 directory with 5 updates (#8652) * fix(k8s): skip passed misconfigs for the summary report (#8684) * fix(k8s): correct compare artifact versions (#8682) * chore: update Docker lib (#8681) * refactor(misconf): remove unused terraform attribute methods (#8657) * feat(misconf): add option to pass Rego scanner to IaC scanner (#8369) * chore: typo fix to replace `rego` with `repo` on the RepoFlagGroup options error output (#8643) * docs: Add info about helm charts release (#8640) * ci(helm): bump Trivy version to 0.61.0 for Trivy Helm Chart 0.13.0 (#8638) Update to version 0.61.1 (bsc#1239385, CVE-2025-22869, bsc#1240466, CVE-2025-30204): * fix(k8s): skip passed misconfigs for the summary report [backport: release/v0.61] (#8748) * fix(k8s): correct compare artifact versions [backport: release/v0.61] (#8699) * test: use `aquasecurity` repository for test images [backport: release/v0.61] (#8698) * fix(misconf): Improve logging for unsupported checks (#8634) * feat(k8s): add support for controllers (#8614) * fix(debian): don't include empty licenses for `dpkgs` (#8623) * fix(misconf): Check values wholly prior to evalution (#8604) * chore(deps): Bump trivy-checks (#8619) * fix(k8s): show report for `--report all` (#8613) * chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (#8597) * refactor: rename scanner to service (#8584) * fix(misconf): do not skip loading documents from subdirectories (#8526) * refactor(misconf): get a block or attribute without calling HasChild (#8586) * fix(misconf): identify the chart file exactly by name (#8590) * test: use table-driven tests in Helm scanner tests (#8592) * refactor(misconf): Simplify misconfig checks bundle parsing (#8533) * chore(deps): bump the common group across 1 directory with 10 updates (#8566) * fix(misconf): do not use cty.NilVal for non-nil values (#8567) * docs(cli): improve flag value display format (#8560) * fix(misconf): set default values for AWS::EKS::Cluster.ResourcesVpcConfig (#8548) * docs: remove slack (#8565) * fix: use `--file-patterns` flag for all post analyzers (#7365) * docs(python): Mention pip-compile (#8484) * feat(misconf): adapt aws_opensearch_domain (#8550) * feat(misconf): adapt AWS::EC2::VPC (#8534) * docs: fix a broken link (#8546) * fix(fs): check postAnalyzers for StaticPaths (#8543) * refactor(misconf): remove unused methods for ec2.Instance (#8536) * feat(misconf): adapt aws_default_security_group (#8538) * feat(fs): optimize scanning performance by direct file access for known paths (#8525) * feat(misconf): adapt AWS::DynamoDB::Table (#8529) * style: Fix MD syntax in self-hosting.md (#8523) * perf(misconf): retrieve check metadata from annotations once (#8478) * feat(misconf): Add support for aws_ami (#8499) * fix(misconf): skip Azure CreateUiDefinition (#8503) * refactor(misconf): use OPA v1 (#8518) * fix(misconf): add ephemeral block type to config schema (#8513) * perf(misconf): parse input for Rego once (#8483) * feat: replace TinyGo with standard Go for WebAssembly modules (#8496) * chore: replace deprecated tenv linter with usetesting (#8504) * fix(spdx): save text licenses into `otherLicenses` without normalize (#8502) * chore(deps): bump the common group across 1 directory with 13 updates (#8491) * chore: use go.mod for managing Go tools (#8493) * ci(helm): bump Trivy version to 0.60.0 for Trivy Helm Chart 0.12.0 (#8494) * fix(sbom): improve logic for binding direct dependency to parent component (#8489) * chore(deps): remove missed replace of `trivy-db` (#8492) * chore(deps): bump alpine from 3.21.0 to 3.21.3 in the docker group across 1 directory (#8490) * chore(deps): update Go to 1.24 and switch to go-version-file (#8388) * docs: add abbreviation list (#8453) * chore(terraform): assign *terraform.Module 'parent' field (#8444) * feat: add report summary table (#8177) * chore(deps): bump the github-actions group with 3 updates (#8473) * refactor(vex): improve SBOM reference handling with project standards (#8457) * ci: update GitHub Actions cache to v4 (#8475) * feat: add `--vuln-severity-source` flag (#8269) * fix(os): add mapping OS aliases (#8466) * chore(deps): bump the aws group across 1 directory with 7 updates (#8468) * chore(deps): Bump trivy-checks to v1.7.1 (#8467) * refactor(report): write tables after rendering all results (#8357) * docs: update VEX documentation index page (#8458) * fix(db): fix case when 2 trivy-db were copied at the same time (#8452) * feat(misconf): render causes for Terraform (#8360) * fix(misconf): fix incorrect k8s locations due to JSON to YAML conversion (#8073) * feat(cyclonedx): Add initial support for loading external VEX files from SBOM references (#8254) * chore(deps): update go-rustaudit location (#8450) * fix: update all documentation links (#8045) * chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 (#8443) * chore(deps): bump the common group with 6 updates (#8411) * fix(k8s): add missed option `PkgRelationships` (#8442) * fix(sbom): add SBOM file's filePath as Application FilePath if we can't detect its path (#8346) * feat(go): fix parsing main module version for go >= 1.24 (#8433) * refactor(misconf): make Rego scanner independent of config type (#7517) * fix(image): disable AVD-DS-0007 for history scanning (#8366) * fix(server): secrets inspectation for the config analyzer in client server mode (#8418) * chore: remove mockery (#8417) * test(server): replace mock driver with memory cache in server tests (#8416) * test: replace mock with memory cache and fix non-deterministic tests (#8410) * test: replace mock with memory cache in scanner tests (#8413) * test: use memory cache (#8403) * fix(spdx): init `pkgFilePaths` map for all formats (#8380) * chore(deps): bump the common group across 1 directory with 11 updates (#8381) * docs: correct Ruby documentation (#8402) * chore: bump `mockery` to update v2.52.2 version and rebuild mock files (#8390) * fix: don't use `scope` for `trivy registry login` command (#8393) * fix(go): merge nested flags into string for ldflags for Go binaries (#8368) * chore(terraform): export module path on terraform modules (#8374) * fix(terraform): apply parser options to submodule parsing (#8377) * docs: Fix typos in documentation (#8361) * docs: fix navigate links (#8336) * ci(helm): bump Trivy version to 0.59.1 for Trivy Helm Chart 0.11.1 (#8354) * ci(spdx): add `aqua-installer` step to fix `mage` error (#8353) * chore: remove debug prints (#8347) * fix(misconf): do not log scanners when misconfig scanning is disabled (#8345) * fix(report): remove html escaping for `shortDescription` and `fullDescription` fields for sarif reports (#8344) * chore(deps): bump Go to `v1.23.5` (#8341) * fix(python): add `poetry` v2 support (#8323) * chore(deps): bump the github-actions group across 1 directory with 4 updates (#8331) * fix(misconf): ecs include enhanced for container insights (#8326) * fix(sbom): preserve OS packages from multiple SBOMs (#8325) * ci(helm): bump Trivy version to 0.59.0 for Trivy Helm Chart 0.11.0 (#8311) * (bsc#1237618, CVE-2025-27144) Update to version 0.59.1: * fix(misconf): do not log scanners when misconfig scanning is disabled [backport: release/v0.59] (#8349) * chore(deps): bump Go to `v1.23.5` [backport: release/v0.59] (#8343) * fix(python): add `poetry` v2 support [backport: release/v0.59] (#8335) * fix(sbom): preserve OS packages from multiple SBOMs [backport: release/v0.59] (#8333) Update to version 0.59.0: * feat(image): return error early if total size of layers exceeds limit (#8294) * chore(deps): Bump trivy-checks (#8310) * chore(terraform): add accessors to underlying raw hcl values (#8306) * fix: improve conversion of image config to Dockerfile (#8308) * docs: replace short codes with Unicode emojis (#8296) * feat(k8s): improve artifact selections for specific namespaces (#8248) * chore: update code owners (#8303) * fix(misconf): handle heredocs in dockerfile instructions (#8284) * fix: de-duplicate same `dpkg` packages with different filePaths from different layers (#8298) * chore(deps): bump the aws group with 7 updates (#8299) * chore(deps): bump the common group with 12 updates (#8301) * chore: enable int-conversion from perfsprint (#8194) * feat(fs): use git commit hash as cache key for clean repositories (#8278) * fix(spdx): use the `hasExtractedLicensingInfos` field for licenses that are not listed in the SPDX (#8077) * chore: use require.ErrorContains when possible (#8291) * feat(image): prevent scanning oversized container images (#8178) * chore(deps): use aqua forks for `github.com/liamg/jfather` and `github.com/liamg/iamgo` (#8289) * fix(fs): fix cache key generation to use UUID (#8275) * fix(misconf): correctly handle all YAML tags in K8S templates (#8259) * feat: add support for registry mirrors (#8244) * chore(deps): bump the common group across 1 directory with 29 updates (#8261) * refactor(license): improve license expression normalization (#8257) * feat(misconf): support for ignoring by inline comments for Dockerfile (#8115) * feat: add a examples field to check metadata (#8068) * chore(deps): bump alpine from 3.20.0 to 3.21.0 in the docker group across 1 directory (#8196) * ci: add workflow to restrict direct PRs to release branches (#8240) * fix(suse): SUSE - update OSType constants and references for compatility (#8236) * ci: fix path to main dir for canary builds (#8231) * chore(secret): add reported issues related to secrets in junit template (#8193) * refactor: use trivy-checks/pkg/specs package (#8226) * ci(helm): bump Trivy version to 0.58.1 for Trivy Helm Chart 0.10.0 (#8170) * fix(misconf): allow null values only for tf variables (#8112) * feat(misconf): support for ignoring by inline comments for Helm (#8138) * fix(redhat): check `usr/share/buildinfo/` dir to detect content sets (#8222) * chore(alpine): add EOL date for Alpine 3.21 (#8221) * fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field (#8207) * fix(misconf): disable git terminal prompt on tf module load (#8026) * chore: remove aws iam related scripts (#8179) * docs: Updated JSON schema version 2 in the trivy documentation (#8188) * refactor(python): use once + debug for `License acquired from METADATA...` logs (#8175) * refactor: use slices package instead of custom function (#8172) * chore(deps): bump the common group with 6 updates (#8162) * feat(python): add support for uv dev and optional dependencies (#8134) * feat(python): add support for poetry dev dependencies (#8152) * fix(sbom): attach nested packages to Application (#8144) * docs(vex): use debian minor version in examples (#8166) * refactor: add generic Set implementation (#8149) * chore(deps): bump the aws group across 1 directory with 6 updates (#8163) * fix(python): skip dev group's deps for poetry (#8106) * fix(sbom): use root package for `unknown` dependencies (if exists) (#8104) * chore(deps): bump `golang.org/x/net` from `v0.32.0` to `v0.33.0` (#8140) * chore(vex): suppress CVE-2024-45338 (#8137) * feat(python): add support for uv (#8080) * chore(deps): bump the docker group across 1 directory with 3 updates (#8127) * chore(deps): bump the common group across 1 directory with 14 updates (#8126) * chore: bump go to 1.23.4 (#8123) * test: set dummy value for NUGET_PACKAGES (#8107) * chore(deps): bump `github.com/CycloneDX/cyclonedx-go` from `v0.9.1` to `v0.9.2` (#8105) * chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#8103) * fix: wasm module test (#8099) * fix: CVE-2024-45337: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass (#8088) * chore(vex): suppress CVE-2024-45337 (#8101) * fix(license): always trim leading and trailing spaces for licenses (#8095) * fix(sbom): scan results of SBOMs generated from container images are missing layers (#7635) * fix(redhat): correct rewriting of recommendations for the same vulnerability (#8063) * fix: enable err-error and errorf rules from perfsprint linter (#7859) * chore(deps): bump the aws group across 1 directory with 6 updates (#8074) * perf: avoid heap allocation in applier findPackage (#7883) * fix: Updated twitter icon (#7772) * docs(k8s): add a note about multi-container pods (#7815) * feat: add `--distro` flag to manually specify OS distribution for vulnerability scanning (#8070) * fix(oracle): add architectures support for advisories (#4809) * fix: handle `BLOW_UNKNOWN` error to download DBs (#8060) * feat(misconf): generate placeholders for random provider resources (#8051) * fix(sbom): fix wrong overwriting of applications obtained from different sbom files but having same app type (#8052) * fix(flag): skip hidden flags for `--generate-default-config` command (#8046) * fix(java): correctly overwrite version from depManagement if dependency uses `project.*` props (#8050) * feat(nodejs): respect peer dependencies for dependency tree (#7989) * ci(helm): bump Trivy version to 0.58.0 for Trivy Helm Chart 0.10.0 (#8038) * fix: respect GITHUB_TOKEN to download artifacts from GHCR (#7580) * chore(deps): bump github.com/moby/buildkit from 0.17.2 to 0.18.0 in the docker group (#8029) * fix(misconf): use log instead of fmt for logging (#8033) * docs: add commercial content (#8030) - Update to version 0.58.2 ( bsc#1234512, CVE-2024-45337, bsc#1235265, CVE-2024-45338, bsc#1232948, CVE-2024-51744): * fix(misconf): allow null values only for tf variables [backport: release/v0.58] (#8238) * fix(suse): SUSE - update OSType constants and references for compatility [backport: release/v0.58] (#8237) * fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field [backport: release/v0.58] (#8215) * fix(sbom): attach nested packages to Application [backport: release/v0.58] (#8168) * fix(python): skip dev group's deps for poetry [backport: release/v0.58] (#8158) * fix(sbom): use root package for `unknown` dependencies (if exists) [backport: release/v0.58] (#8156) * chore(deps): bump `golang.org/x/net` from `v0.32.0` to `v0.33.0` [backport: release/v0.58] (#8142) * chore(deps): bump `github.com/CycloneDX/cyclonedx-go` from `v0.9.1` to `v0.9.2` [backport: release/v0.58] (#8136) * fix(redhat): correct rewriting of recommendations for the same vulnerability [backport: release/v0.58] (#8135) * fix(oracle): add architectures support for advisories [backport: release/v0.58] (#8125) * fix(sbom): fix wrong overwriting of applications obtained from different sbom files but having same app type [backport: release/v0.58] (#8124) * chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 [backport: release/v0.58] (#8122) * fix: handle `BLOW_UNKNOWN` error to download DBs [backport: release/v0.58] (#8121) * fix(java): correctly overwrite version from depManagement if dependency uses `project.*` props [backport: release/v0.58] (#8119) * fix(misconf): wrap AWS EnvVar to iac types (#7407) * chore(deps): Upgrade trivy-checks (#8018) * refactor(misconf): Remove unused options (#7896) * docs: add terminology page to explain Trivy concepts (#7996) * feat: add `workspaceRelationship` (#7889) * refactor(sbom): simplify relationship generation (#7985) * chore: remove Go checks (#7907) * docs: improve databases documentation (#7732) * refactor: remove support for custom Terraform checks (#7901) * docs: fix dead links (#7998) * docs: drop AWS account scanning (#7997) * fix(aws): change CPU and Memory type of ContainerDefinition to a string (#7995) * fix(cli): Handle empty ignore files more gracefully (#7962) * fix(misconf): load full Terraform module (#7925) * fix(misconf): properly resolve local Terraform cache (#7983) * refactor(k8s): add v prefix for Go packages (#7839) * test: replace Go checks with Rego (#7867) * feat(misconf): log causes of HCL file parsing errors (#7634) * chore(deps): bump the aws group across 1 directory with 7 updates (#7991) * chore(deps): bump github.com/moby/buildkit from 0.17.0 to 0.17.2 in the docker group across 1 directory (#7990) * chore(deps): update csaf module dependency from csaf-poc to gocsaf (#7992) * chore: downgrade the failed block expand message to debug (#7964) * fix(misconf): do not erase variable type for child modules (#7941) * feat(go): construct dependencies of `go.mod` main module in the parser (#7977) * feat(go): construct dependencies in the parser (#7973) * feat: add cvss v4 score and vector in scan response (#7968) * docs: add `overview` page for `others` (#7972) * fix(sbom): Fixes for Programming Language Vulnerabilities and SBOM Package Maintainer Details (#7871) * feat(suse): Align SUSE/OpenSUSE OS Identifiers (#7965) * chore(deps): bump the common group with 4 updates (#7949) * feat(oracle): add `flavors` support (#7858) * fix(misconf): Update trivy-checks default repo to `mirror.gcr.io` (#7953) * chore(deps): Bump up trivy-checks to v1.3.0 (#7959) * fix(k8s): check all results for vulnerabilities (#7946) * ci(helm): bump Trivy version to 0.57.1 for Trivy Helm Chart 0.9.0 (#7945) * feat(secret): Add built-in secrets rules for Private Packagist (#7826) * docs: Fix broken links (#7900) * docs: fix mistakes/typos (#7942) * feat: Update registry fallbacks (#7679) * fix(alpine): add `UID` for removed packages (#7887) * chore(deps): bump the aws group with 6 updates (#7902) * chore(deps): bump the common group with 6 updates (#7904) * fix(debian): infinite loop (#7928) * fix(redhat): don't return error if `root/buildinfo/content_manifests/` contains files that are not `contentSets` files (#7912) * docs: add note about temporary podman socket (#7921) * docs: combine trivy.dev into trivy docs (#7884) * test: change branch in spdx schema link to check in integration tests (#7935) * docs: add Headlamp to the Trivy Ecosystem page (#7916) * fix(report): handle `git@github.com` schema for misconfigs in `sarif` report (#7898) * chore(k8s): enhance k8s scan log (#6997) * fix(terraform): set null value as fallback for missing variables (#7669) * fix(misconf): handle null properties in CloudFormation templates (#7813) * fix(fs): add missing defered Cleanup() call to post analyzer fs (#7882) * chore(deps): bump the common group across 1 directory with 20 updates (#7876) * chore: bump containerd to v2.0.0 (#7875) * fix: Improve version comparisons when build identifiers are present (#7873) * feat(k8s): add default commands for unknown platform (#7863) * chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#7868) * refactor(secret): optimize performance by moving ToLower operation outside loop (#7862) * test: save `containerd` image into archive and use in tests (#7816) * chore(deps): bump the github-actions group across 1 directory with 2 updates (#7854) * chore: bump golangci-lint to v1.61.0 (#7853) Update to version 0.57.1: * feat: Update registry fallbacks [backport: release/v0.57] (#7944) * fix(redhat): don't return error if `root/buildinfo/content_manifests/` contains files that are not `contentSets` files [backport: release/v0.57] (#7939) * test: change branch in spdx schema link to check in integration tests [backport: release/v0.57] (#7940) * release: v0.57.0 [main] (#7710) * chore: lint `errors.Join` (#7845) * feat(db): append errors (#7843) * docs(java): add info about supported scopes (#7842) * docs: add example of creating whitelist of checks (#7821) * chore(deps): Bump trivy-checks (#7819) * fix(go): Do not trim v prefix from versions in Go Mod Analyzer (#7733) * fix(k8s): skip resources without misconfigs (#7797) * fix(sbom): use `Annotation` instead of `AttributionTexts` for `SPDX` formats (#7811) * fix(cli): add config name to skip-policy-update alias (#7820) * fix(helm): properly handle multiple archived dependencies (#7782) * refactor(misconf): Deprecate `EXCEPTIONS` for misconfiguration scanning (#7776) * fix(k8s)!: support k8s multi container (#7444) * fix(k8s): support kubernetes v1.31 (#7810) * docs: add Windows install instructions (#7800) * ci(helm): auto public Helm chart after PR merged (#7526) * feat: add end of life date for Ubuntu 24.10 (#7787) * feat(report): update gitlab template to populate operating_system value (#7735) * feat(misconf): Show misconfig ID in output (#7762) * feat(misconf): export unresolvable field of IaC types to Rego (#7765) * refactor(k8s): scan config files as a folder (#7690) * fix(license): fix license normalization for Universal Permissive License (#7766) * fix: enable usestdlibvars linter (#7770) * fix(misconf): properly expand dynamic blocks (#7612) * feat(cyclonedx): add file checksums to `CycloneDX` reports (#7507) * fix(misconf): fix for Azure Storage Account network acls adaptation (#7602) * refactor(misconf): simplify k8s scanner (#7717) * feat(parser): ignore white space in pom.xml files (#7747) * test: use forked images (#7755) * fix(java): correctly inherit `version` and `scope` from upper/root `depManagement` and `dependencies` into parents (#7541) * fix(misconf): check if property is not nil before conversion (#7578) * fix(misconf): change default ACL of digitalocean_spaces_bucket to private (#7577) * feat(misconf): ssl_mode support for GCP SQL DB instance (#7564) * test: define constants for test images (#7739) * docs: add note about disabled DS016 check (#7724) * feat(misconf): public network support for Azure Storage Account (#7601) * feat(cli): rename `trivy auth` to `trivy registry` (#7727) * docs: apt-transport-https is a transitional package (#7678) * refactor(misconf): introduce generic scanner (#7515) * fix(cli): `clean --all` deletes only relevant dirs (#7704) * feat(cli): add `trivy auth` (#7664) * fix(sbom): add options for DBs in private registries (#7660) * docs(report): fix reporting doc format (#7671) * fix(repo): `git clone` output to Stderr (#7561) * fix(redhat): include arch in PURL qualifiers (#7654) * fix(report): Fix invalid URI in SARIF report (#7645) * docs(report): Improve SARIF reporting doc (#7655) * fix(db): fix javadb downloading error handling (#7642) * feat(cli): error out when ignore file cannot be found (#7624) Update to version 0.56.2: * fix(redhat): include arch in PURL qualifiers [backport: release/v0.56] (#7702) * fix(sbom): add options for DBs in private registries [backport: release/v0.56] (#7691) - Update to version 0.51.1 (bsc#1227010, CVE-2024-3817): trivy-0.66.0-bp160.1.1.x86_64.rpm trivy-0.66.0-bp160.1.1.s390x.rpm trivy-0.66.0-bp160.1.1.ppc64le.rpm trivy-0.66.0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-34 Security update for gitea-tea moderate openSUSE Backports SLE-16.0 This update for gitea-tea fixes the following issues: Changes in gitea-tea: - update to 0.11.1: * 61d4e57 Fix Pr Create crash (#823) * 4f33146 add test for matching logins (#820) * 08b8398 Update README.md (#819) - CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially crafted input (boo#1251663) - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents (boo#1251471) - update to 0.11.0: * Fix yaml output single quote (#814) * generate man page (#811) * feat: add validation for object-format flag in repo create command (#741) * Fix release version (#815) * update gitea sdk to v0.22 (#813) * don't fallback login directly (#806) * Check duplicated login name in interact mode when creating new login (#803) * Fix bug when output json with special chars (#801) * add debug mode and update readme (#805) * update go.mod to retract the wrong tag v1.3.3 (#802) * revert completion scripts removal (#808) * Remove pagination from context (#807) * Continue auth when failed to open browser (#794) * Fix bug (#793) * Fix tea login add with ssh public key bug (#789) * Add temporary authentication via environment variables (#639) * Fix attachment size (#787) * deploy image when tagging (#792) * Add Zip URL for release list (#788) * Use bubbletea instead of survey for interacting with TUI (#786) * capitalize a few items * rm out of date comparison file * README: Document logging in to gitea (#790) * remove autocomplete command (#782) * chore(deps): update ghcr.io/devcontainers/features/git-lfs docker tag to v1.2.5 (#773) * replace arch package url (#783) * fix: Reenable -p and --limit switches (#778) - Update to 0.10.1+git.1757695903.cc20b52: - feat: add validation for object-format flag in repo create command (see gh#openSUSE/openSUSE-git#60) - Fix release version - update gitea sdk to v0.22 - don't fallback login directly - Check duplicated login name in interact mode when creating new login - Fix bug when output json with special chars - add debug mode and update readme - update go.mod to retract the wrong tag v1.3.3 - revert completion scripts removal - Remove pagination from context - Continue auth when failed to open browser - Fix bug - Fix tea login add with ssh public key bug - Add temporary authentication via environment variables - Fix attachment size - deploy image when tagging - Add Zip URL for release list - Use bubbletea instead of survey for interacting with TUI - capitalize a few items - rm out of date comparison file - README: Document logging in to gitea - remove autocomplete command - chore(deps): update ghcr.io/devcontainers/features/git-lfs docker tag to v1.2.5 - replace arch package url - fix: Reenable `-p` and `--limit` switches gitea-tea-0.11.1-bp160.1.1.aarch64.rpm gitea-tea-bash-completion-0.11.1-bp160.1.1.noarch.rpm gitea-tea-zsh-completion-0.11.1-bp160.1.1.noarch.rpm gitea-tea-0.11.1-bp160.1.1.ppc64le.rpm gitea-tea-0.11.1-bp160.1.1.s390x.rpm gitea-tea-0.11.1-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-35 Security update for tcpreplay important openSUSE Backports SLE-16.0 This update for tcpreplay fixes the following issues: - update to 4.5.2: * features added since 4.4.4 - fix/recalculate header checksum for ipv6-frag - IPv6 frag checksum support - AF_XDP socket support - tcpreplay -w (write into a pcap file) - tcpreplay --fixhdrlen - --include and --exclude options - SLL2 support - Haiku support * security fixes reported for 4.4.4 fixed in 4.5.2 - CVE-2023-4256 / bsc#1218249 - CVE-2023-43279 / bsc#1221324 - CVE-2024-3024 / bsc#1222131 (likely) - CVE-2024-22654 / bsc#1243845 - CVE-2025-9157 / bsc#1248322 - CVE-2025-9384 / bsc#1248595 - CVE-2025-9385 / bsc#1248596 - CVE-2025-9386 / bsc#1248597 - CVE-2025-9649 / bsc#1248964 - CVE-2025-51006 / bsc#1250356 tcpreplay-4.5.2-bp160.1.1.aarch64.rpm tcpreplay-4.5.2-bp160.1.1.ppc64le.rpm tcpreplay-4.5.2-bp160.1.1.s390x.rpm tcpreplay-4.5.2-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-36 Recommended update for evolution moderate openSUSE Backports SLE-16.0 This update for evolution fixes the following issues: Changes in evolution: - Fix JavaScript dictionary objects creation. Needed for WebKitGTK >= 2.50 (bsc#1252722 glgo#GNOME/evolution#3124). evolution-3.56.2-bp160.2.1.x86_64.rpm evolution-devel-3.56.2-bp160.2.1.x86_64.rpm evolution-lang-3.56.2-bp160.2.1.noarch.rpm evolution-plugin-bogofilter-3.56.2-bp160.2.1.x86_64.rpm evolution-plugin-pst-import-3.56.2-bp160.2.1.x86_64.rpm evolution-plugin-spamassassin-3.56.2-bp160.2.1.x86_64.rpm evolution-plugin-text-highlight-3.56.2-bp160.2.1.x86_64.rpm evolution-3.56.2-bp160.2.1.s390x.rpm evolution-devel-3.56.2-bp160.2.1.s390x.rpm evolution-plugin-bogofilter-3.56.2-bp160.2.1.s390x.rpm evolution-plugin-pst-import-3.56.2-bp160.2.1.s390x.rpm evolution-plugin-spamassassin-3.56.2-bp160.2.1.s390x.rpm evolution-plugin-text-highlight-3.56.2-bp160.2.1.s390x.rpm evolution-3.56.2-bp160.2.1.ppc64le.rpm evolution-devel-3.56.2-bp160.2.1.ppc64le.rpm evolution-plugin-bogofilter-3.56.2-bp160.2.1.ppc64le.rpm evolution-plugin-pst-import-3.56.2-bp160.2.1.ppc64le.rpm evolution-plugin-spamassassin-3.56.2-bp160.2.1.ppc64le.rpm evolution-plugin-text-highlight-3.56.2-bp160.2.1.ppc64le.rpm evolution-3.56.2-bp160.2.1.aarch64.rpm evolution-devel-3.56.2-bp160.2.1.aarch64.rpm evolution-plugin-bogofilter-3.56.2-bp160.2.1.aarch64.rpm evolution-plugin-pst-import-3.56.2-bp160.2.1.aarch64.rpm evolution-plugin-spamassassin-3.56.2-bp160.2.1.aarch64.rpm evolution-plugin-text-highlight-3.56.2-bp160.2.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-37 Security update for redis critical openSUSE Backports SLE-16.0 This update for redis fixes the following issues: - Updated to 8.2.3 (boo#1252996 CVE-2025-62507) * https://github.com/redis/redis/releases/tag/8.2.3 - Security fixes - (CVE-2025-62507) Bug in `XACKDEL` may lead to stack overflow and potential RCE - Bug fixes - `HGETEX`: A missing `numfields` argument when `FIELDS` is used can lead to Redis crash - An overflow in `HyperLogLog` with 2GB+ entries may result in a Redis crash - Cuckoo filter - Division by zero in Cuckoo filter insertion - Cuckoo filter - Counter overflow - Bloom filter - Arbitrary memory read/write with invalid filter - Bloom filter - Out-of-bounds access with empty chain - Top-k - Out-of-bounds access - Bloom filter - Restore invalid filter [We thank AWS security for responsibly disclosing the security bug] - Updated to 8.2.2 (boo#1250995) * https://github.com/redis/redis/releases/tag/8.2.2 * Fixed Lua script may lead to remote code execution (CVE-2025-49844). * Fixed Lua script may lead to integer overflow (CVE-2025-46817). * Fixed Lua script can be executed in the context of another user (CVE-2025-46818). * Fixed LUA out-of-bound read (CVE-2025-46819). * Fixed potential crash on Lua script or streams and HFE defrag. * Fixed potential crash when using ACL rules. * Added VSIM: new EPSILON argument to specify maximum distance. * Added SVS-VAMANA: allow use of BUILD_INTEL_SVS_OPT flag. * Added RESP3 serialization performance. * Added INFO SEARCH: new SVS-VAMANA metrics. - Updated to 8.2.1 * https://github.com/redis/redis/releases/tag/8.2.1 - Bug fixes * #14240 INFO KEYSIZES - potential incorrect histogram updates on cluster mode with modules * #14274 Disable Active Defrag during flushing replica * #14276 XADD or XTRIM can crash the server after loading RDB * #Q6601 Potential crash when running FLUSHDB (MOD-10681) * Performance and resource utilization * Query Engine - LeanVec and LVQ proprietary Intel optimizations were removed from Redis Open Source * #Q6621 Fix regression in INFO (MOD-10779) redis-8.2.3-bp160.1.1.x86_64.rpm redis-8.2.3-bp160.1.1.s390x.rpm redis-8.2.3-bp160.1.1.ppc64le.rpm redis-8.2.3-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-38 Security update for shadowsocks-v2ray-plugin, v2ray-core important openSUSE Backports SLE-16.0 This update for shadowsocks-v2ray-plugin, v2ray-core fixes the following issues: Changes in shadowsocks-v2ray-plugin: - Update version to 5.25.0 * Update v2ray-core to v5.25.0 - Add update-vendor.patch, update v2ray-core to v5.33.0 (boo#1243954 and CVE-2025-297850) Changes in v2ray-core: - Fix CVE-2025-47911 and boo#1251404 * Add fix-CVE-2025-47911.patch * Update golang.org/x/net to 0.45.0 in vendor - Update version to 5.38.0 * TLSMirror Connection Enrollment System * Add TLSMirror Sequence Watermarking * LSMirror developer preview protocol is now a part of mainline V2Ray * proxy dns with NOTIMP error * Add TLSMirror looks like TLS censorship resistant transport protocol as a developer preview transport * proxy dns with NOTIMP error * fix false success from SOCKS server when Dispatch() fails * HTTP inbound: Directly forward plain HTTP 1xx response header * add a option to override domain used to query https record * Fix bugs * Update vendor - Update version to 5.33.0 * bump github.com/quic-go/quic-go from 0.51.0 to 0.52.0(boo#1243946 and CVE-2025-297850) * Update other vendor source - Update version to 5.31.0 * Add Dns Proxy Response TTL Control * Fix call newError Base with a nil value error * Update vendor (boo#1235164) - Update version to 5.29.3 * Enable restricted mode load for http protocol client * Correctly implement QUIC sniffer when handling multiple initial packets * Fix unreleased cache buffer in QUIC sniffing * A temporary testing fix for the buffer corruption issue * QUIC Sniffer Restructure - Update version to 5.22.0 * Add packetEncoding for Hysteria * Add ECH Client Support * Add support for parsing some shadowsocks links * Add Mekya Transport * Fix bugs golang-github-teddysun-v2ray-plugin-5.25.0-bp160.1.1.noarch.rpm shadowsocks-v2ray-plugin-5.25.0-bp160.1.1.x86_64.rpm golang-github-v2fly-v2ray-core-5.40.0-bp160.1.1.noarch.rpm v2ray-core-5.40.0-bp160.1.1.x86_64.rpm shadowsocks-v2ray-plugin-5.25.0-bp160.1.1.s390x.rpm v2ray-core-5.40.0-bp160.1.1.s390x.rpm shadowsocks-v2ray-plugin-5.25.0-bp160.1.1.ppc64le.rpm v2ray-core-5.40.0-bp160.1.1.ppc64le.rpm shadowsocks-v2ray-plugin-5.25.0-bp160.1.1.aarch64.rpm v2ray-core-5.40.0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-39 Recommended update for openQA, os-autoinst, openQA-devel-container moderate openSUSE Backports SLE-16.0 This update for openQA, os-autoinst, openQA-devel-container fixes the following issues: Changes in openQA: - Update to version 5.1763743683.1da97aa2: * Optimize Job Group dropdown database query * Split dependency handling out of create_from_settings * Give jobs with high MAX_JOB_TIME a priority malus * Make the number of builds per group on the front page configurable * docs: Feature auto-generated deepwiki less prominently * apparmor: Additional perms for tests in osado to run - Update to version 5.1763153079.b36ac754: * Skip a build if there are no jobs * Remove unused variable - Update to version 5.1762879267.52145e9a: * Avoid installing unwanted package versions * Fix check in git_clone for dirty git dir * Prevent `t/24-worker-webui-connection.t` from running into timeout * Be explicit about certain aspects of archiving in the documentation * Fix sporadic failures in `t/ui/10-tests_overview.t` * Adapt os-autoinst-scripts reference after rename * Properly conclude scheduling if there are no jobs - Update to version 5.1762193001.2f6e71ca: * Potentially improve stability of `t/ui/16-tests_job_next_previous.t` * Avoid failing check in `t/16-utils-runcmd.t` * README: Add deepwiki badge * Dependency cron 2025-10-27 * Retry image optimizations Changes in os-autoinst: - Update to version 5.1763561851.03e049d: * Avoid `Can't exec "ffmpeg"` if ffmpeg isn't present * Fix syntax errors in nft due to multiple interfaces in $ethernet * README: Feature auto-generated deepwiki less prominently * Install NetworkManager-ovs in os-autoinst-setup-multi-machine * Add disconnect_usb (qemu only, for now) - Update to version 5.1763048144.30f43a0: * Configure ftables in os-autoinst-setup-multi-machine * Makefile: Fix reruns on incomplete build dir generations * Propagate C++ exceptions to Perl in image write function * Add support NICPCIADDR variable to QEMU backend * Remove test which causes unhandled output * Improve includes in tinycv library * Handle OpenCV exceptions when writing an image * Avoid ignoring errors silently when writing images * Avoid saving test results referring to non-existent screenshots - Update to version 5.1762250353.5150272: * Makefile: Fix reruns on incomplete build dir generations * Propagate C++ exceptions to Perl in image write function * Add support NICPCIADDR variable to QEMU backend * Remove test which causes unhandled output * Allow array keys like `ISSUES[]` as introduced in openQA commit a53b19b * Improve includes in tinycv library - Update to version 5.1761723693.2b88807: * Propagate C++ exceptions to Perl in image write function * Add support NICPCIADDR variable to QEMU backend * Remove test which causes unhandled output * Allow array keys like `ISSUES[]` as introduced in openQA commit a53b19b * Improve includes in tinycv library * Handle OpenCV exceptions when writing an image * Avoid ignoring errors silently when writing images Changes in openQA-devel-container: - Update to version 5.1763743683.1da97aa28: * Update to latest openQA version openQA-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm openQA-auto-update-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm openQA-bootstrap-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm openQA-client-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm openQA-common-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm openQA-continuous-update-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm openQA-devel-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm openQA-doc-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm openQA-local-db-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm openQA-mcp-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm openQA-munin-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm openQA-python-scripts-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm openQA-single-instance-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm openQA-single-instance-nginx-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm openQA-worker-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm os-autoinst-5.1763561851.03e049d-bp160.1.1.x86_64.rpm os-autoinst-devel-5.1763561851.03e049d-bp160.1.1.x86_64.rpm os-autoinst-ipmi-deps-5.1763561851.03e049d-bp160.1.1.x86_64.rpm os-autoinst-openvswitch-5.1763561851.03e049d-bp160.1.1.x86_64.rpm os-autoinst-qemu-kvm-5.1763561851.03e049d-bp160.1.1.x86_64.rpm os-autoinst-qemu-x86-5.1763561851.03e049d-bp160.1.1.x86_64.rpm os-autoinst-s390-deps-5.1763561851.03e049d-bp160.1.1.x86_64.rpm os-autoinst-swtpm-5.1763561851.03e049d-bp160.1.1.x86_64.rpm openQA-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm openQA-auto-update-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm openQA-bootstrap-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm openQA-client-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm openQA-common-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm openQA-continuous-update-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm openQA-devel-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm openQA-doc-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm openQA-local-db-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm openQA-mcp-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm openQA-munin-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm openQA-python-scripts-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm openQA-single-instance-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm openQA-single-instance-nginx-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm openQA-worker-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm os-autoinst-5.1763561851.03e049d-bp160.1.1.s390x.rpm os-autoinst-devel-5.1763561851.03e049d-bp160.1.1.s390x.rpm os-autoinst-ipmi-deps-5.1763561851.03e049d-bp160.1.1.s390x.rpm os-autoinst-openvswitch-5.1763561851.03e049d-bp160.1.1.s390x.rpm os-autoinst-s390-deps-5.1763561851.03e049d-bp160.1.1.s390x.rpm os-autoinst-swtpm-5.1763561851.03e049d-bp160.1.1.s390x.rpm openQA-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm openQA-auto-update-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm openQA-bootstrap-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm openQA-client-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm openQA-common-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm openQA-continuous-update-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm openQA-devel-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm openQA-doc-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm openQA-local-db-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm openQA-mcp-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm openQA-munin-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm openQA-python-scripts-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm openQA-single-instance-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm openQA-single-instance-nginx-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm openQA-worker-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm os-autoinst-5.1763561851.03e049d-bp160.1.1.ppc64le.rpm os-autoinst-devel-5.1763561851.03e049d-bp160.1.1.ppc64le.rpm os-autoinst-ipmi-deps-5.1763561851.03e049d-bp160.1.1.ppc64le.rpm os-autoinst-openvswitch-5.1763561851.03e049d-bp160.1.1.ppc64le.rpm os-autoinst-s390-deps-5.1763561851.03e049d-bp160.1.1.ppc64le.rpm os-autoinst-swtpm-5.1763561851.03e049d-bp160.1.1.ppc64le.rpm openQA-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm openQA-auto-update-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm openQA-bootstrap-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm openQA-client-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm openQA-common-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm openQA-continuous-update-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm openQA-devel-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm openQA-doc-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm openQA-local-db-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm openQA-mcp-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm openQA-munin-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm openQA-python-scripts-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm openQA-single-instance-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm openQA-single-instance-nginx-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm openQA-worker-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm os-autoinst-5.1763561851.03e049d-bp160.1.1.aarch64.rpm os-autoinst-devel-5.1763561851.03e049d-bp160.1.1.aarch64.rpm os-autoinst-ipmi-deps-5.1763561851.03e049d-bp160.1.1.aarch64.rpm os-autoinst-openvswitch-5.1763561851.03e049d-bp160.1.1.aarch64.rpm os-autoinst-s390-deps-5.1763561851.03e049d-bp160.1.1.aarch64.rpm os-autoinst-swtpm-5.1763561851.03e049d-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-4 Recommended update for opi moderate openSUSE Backports SLE-16.0 This update for opi fixes the following issues: - Version 5.8.8 * Fix adding openh264 repo on leap 16.0 This update for opi fixes the following issues: - Version 5.8.7 * Fix ocenaudio url * Add LocalSend plugin * Run all tests in verbose mode * Print written repo files in verbose mode * Increase timeouts in test/06_install_non_interactive.py * Remove DNF references from README.md This update for opi fixes the following issues: - Version 5.8.5 * add librewolf plugin (#205) * Install .NET 9 * Add verbose mode * Change the order of the process in the github module * Add rustdesk plugin This update for opi fixes the following issues: - Version 5.8.4 * Use arm64 rpm for libation on aarch64 This update for opi fixes the following issues: - Version 5.8.3 * Install dependencies rpm-build and squashfs at runtime if needed * Drop DNF support This update for opi fixes the following issues: - Version 5.8.2 * Warn about adding staging repos * Gracefully handle zypper exit code 106 (repos without cache present) This update for opi fixes the following issues: - Version 5.8.1 * Fix SyntaxWarning: invalid escape sequence '\s' This update for opi fixes the following issues: - Version 5.8.0 * Add mullvad-brower This update for opi fixes the following issues: - Version 5.7.0 * Add leap-only plugin to install zellij from github release * Don't use subprocess.run user kwarg on 15.6 * Fix tests: Use helloworld-opi-tests instead of zfs * Perform search despite locked rpmdb * Simplify backend code This update for opi fixes the following issues: - Use no macros in url in .spec for packtrack This update for opi fixes the following issues: - Version 5.6.0 * Add plugin to install vagrant from hashicorp repo This update for opi fixes the following issues: - Version 5.5.0 * Update opi/plugins/collabora.py * add collabora office desktop * Omit unsupported cli args on leap in 99_install_opi.py * Switch to PEP517 install * Fix 09_install_with_multi_repos_in_single_file_non_interactive.py * Fix 07_install_multiple.py on tumbleweed * Fix test suite on tumbleweed * Update available apps in opi - README.md This update for opi fixes the following issues: - Version 5.4.0 * Show key ID when importing or deleting package signing keys * Add option to install google-chrome-canary This update for opi fixes the following issues: - Version 5.3.0 * Fix tests for new zypper version * fix doblue slash in packman repo url * Add Plugin to install Libation opi-5.8.8-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-40 Security update for bash-git-prompt moderate openSUSE Backports SLE-16.0 This update for bash-git-prompt fixes the following issues: - CVE-2025-61659: Fixed an issue where predictable files in /tmp were used for a copy of the git index (bsc#1247489) bash-git-prompt-2.7.1-bp160.2.1.noarch.rpm openSUSE-Leap-16.0-packagehub-41 Security update for act important openSUSE Backports SLE-16.0 This update for act fixes the following issues: - CVE-2025-47913: Prevent panic in embedded golang.org/x/crypto/ssh/agent client when receiving unexpected message types for key listing or signing requests (boo#1253608) act-0.2.64-bp160.2.1.aarch64.rpm act-0.2.64-bp160.2.1.ppc64le.rpm act-0.2.64-bp160.2.1.s390x.rpm act-0.2.64-bp160.2.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-42 Recommended update for openQA, os-autoinst, openQA-devel-container moderate openSUSE Backports SLE-16.0 This update for openQA, os-autoinst, openQA-devel-container fixes the following issues: Changes in openQA: - Update to version 5.1764349525.ffb59486: * Also use TIMEOUT_SCALE for priority malus calculation * docs: Fix wrapping and typo * Document multi machine ovs flow setup and IPv6 usage * Avoid computing time constraint for scheduled product cleanup in Perl * rpm: Move `…-enqueue-needle-ref-cleanup` to other `…-enqueue-…` scripts * Add task to limit scheduled products similar to audit events * Extract generic parts from audit event cleanup task into generic task * parser: ktap: Show full output by default if no line was parsed * Ignore npm scripts also via `.npmrc` to make bare npm calls more secure * Avoid repeating `MAIN_SETTINGS` in various places * Fix possibly excessive memory use when computer test result overview * Fix typo in `_prepare_complex_query_search_args` * Fix indentation in `overview.html.ep` * Prevent logging AMQP credentials in debug output * Make restart_openqa_job emit proper event payload * Enable gru tasks to emit AMQP messages * Remove explicit loading AMQP plugin in Gru plugin * Emit restart events when job restarted automatically * Add debug message about priority malus * Fix ordering of job groups after 2ad929ceca43d Changes in os-autoinst: - Update to version 5.1764330105.c5cfd48: * Add port forwarding example for NICTYPE_USER_OPTIONS * Fix regression from abcaa66b by disabling virtio-keyboard by default * Add IPv6 support for multi machine tests * distribution: Add "disable_key_repeat" * Use 'virtio-keyboard' by default to allow fixing key repetition errors Changes in openQA-devel-container: - Update to version 5.1764349525.ffb594867: openQA-5.1764349525.ffb59486-bp160.1.1.aarch64.rpm openQA-auto-update-5.1764349525.ffb59486-bp160.1.1.aarch64.rpm openQA-bootstrap-5.1764349525.ffb59486-bp160.1.1.aarch64.rpm openQA-client-5.1764349525.ffb59486-bp160.1.1.aarch64.rpm openQA-common-5.1764349525.ffb59486-bp160.1.1.aarch64.rpm openQA-continuous-update-5.1764349525.ffb59486-bp160.1.1.aarch64.rpm openQA-devel-5.1764349525.ffb59486-bp160.1.1.aarch64.rpm openQA-doc-5.1764349525.ffb59486-bp160.1.1.aarch64.rpm openQA-local-db-5.1764349525.ffb59486-bp160.1.1.aarch64.rpm openQA-mcp-5.1764349525.ffb59486-bp160.1.1.aarch64.rpm openQA-munin-5.1764349525.ffb59486-bp160.1.1.aarch64.rpm openQA-python-scripts-5.1764349525.ffb59486-bp160.1.1.aarch64.rpm openQA-single-instance-5.1764349525.ffb59486-bp160.1.1.aarch64.rpm openQA-single-instance-nginx-5.1764349525.ffb59486-bp160.1.1.aarch64.rpm openQA-worker-5.1764349525.ffb59486-bp160.1.1.aarch64.rpm os-autoinst-5.1764330105.c5cfd48-bp160.1.1.aarch64.rpm os-autoinst-devel-5.1764330105.c5cfd48-bp160.1.1.aarch64.rpm os-autoinst-ipmi-deps-5.1764330105.c5cfd48-bp160.1.1.aarch64.rpm os-autoinst-openvswitch-5.1764330105.c5cfd48-bp160.1.1.aarch64.rpm os-autoinst-s390-deps-5.1764330105.c5cfd48-bp160.1.1.aarch64.rpm os-autoinst-swtpm-5.1764330105.c5cfd48-bp160.1.1.aarch64.rpm openQA-5.1764349525.ffb59486-bp160.1.1.ppc64le.rpm openQA-auto-update-5.1764349525.ffb59486-bp160.1.1.ppc64le.rpm openQA-bootstrap-5.1764349525.ffb59486-bp160.1.1.ppc64le.rpm openQA-client-5.1764349525.ffb59486-bp160.1.1.ppc64le.rpm openQA-common-5.1764349525.ffb59486-bp160.1.1.ppc64le.rpm openQA-continuous-update-5.1764349525.ffb59486-bp160.1.1.ppc64le.rpm openQA-devel-5.1764349525.ffb59486-bp160.1.1.ppc64le.rpm openQA-doc-5.1764349525.ffb59486-bp160.1.1.ppc64le.rpm openQA-local-db-5.1764349525.ffb59486-bp160.1.1.ppc64le.rpm openQA-mcp-5.1764349525.ffb59486-bp160.1.1.ppc64le.rpm openQA-munin-5.1764349525.ffb59486-bp160.1.1.ppc64le.rpm openQA-python-scripts-5.1764349525.ffb59486-bp160.1.1.ppc64le.rpm openQA-single-instance-5.1764349525.ffb59486-bp160.1.1.ppc64le.rpm openQA-single-instance-nginx-5.1764349525.ffb59486-bp160.1.1.ppc64le.rpm openQA-worker-5.1764349525.ffb59486-bp160.1.1.ppc64le.rpm os-autoinst-5.1764330105.c5cfd48-bp160.1.1.ppc64le.rpm os-autoinst-devel-5.1764330105.c5cfd48-bp160.1.1.ppc64le.rpm os-autoinst-ipmi-deps-5.1764330105.c5cfd48-bp160.1.1.ppc64le.rpm os-autoinst-openvswitch-5.1764330105.c5cfd48-bp160.1.1.ppc64le.rpm os-autoinst-s390-deps-5.1764330105.c5cfd48-bp160.1.1.ppc64le.rpm os-autoinst-swtpm-5.1764330105.c5cfd48-bp160.1.1.ppc64le.rpm openQA-5.1764349525.ffb59486-bp160.1.1.s390x.rpm openQA-auto-update-5.1764349525.ffb59486-bp160.1.1.s390x.rpm openQA-bootstrap-5.1764349525.ffb59486-bp160.1.1.s390x.rpm openQA-client-5.1764349525.ffb59486-bp160.1.1.s390x.rpm openQA-common-5.1764349525.ffb59486-bp160.1.1.s390x.rpm openQA-continuous-update-5.1764349525.ffb59486-bp160.1.1.s390x.rpm openQA-devel-5.1764349525.ffb59486-bp160.1.1.s390x.rpm openQA-doc-5.1764349525.ffb59486-bp160.1.1.s390x.rpm openQA-local-db-5.1764349525.ffb59486-bp160.1.1.s390x.rpm openQA-mcp-5.1764349525.ffb59486-bp160.1.1.s390x.rpm openQA-munin-5.1764349525.ffb59486-bp160.1.1.s390x.rpm openQA-python-scripts-5.1764349525.ffb59486-bp160.1.1.s390x.rpm openQA-single-instance-5.1764349525.ffb59486-bp160.1.1.s390x.rpm openQA-single-instance-nginx-5.1764349525.ffb59486-bp160.1.1.s390x.rpm openQA-worker-5.1764349525.ffb59486-bp160.1.1.s390x.rpm os-autoinst-5.1764330105.c5cfd48-bp160.1.1.s390x.rpm os-autoinst-devel-5.1764330105.c5cfd48-bp160.1.1.s390x.rpm os-autoinst-ipmi-deps-5.1764330105.c5cfd48-bp160.1.1.s390x.rpm os-autoinst-openvswitch-5.1764330105.c5cfd48-bp160.1.1.s390x.rpm os-autoinst-s390-deps-5.1764330105.c5cfd48-bp160.1.1.s390x.rpm os-autoinst-swtpm-5.1764330105.c5cfd48-bp160.1.1.s390x.rpm openQA-5.1764349525.ffb59486-bp160.1.1.x86_64.rpm openQA-auto-update-5.1764349525.ffb59486-bp160.1.1.x86_64.rpm openQA-bootstrap-5.1764349525.ffb59486-bp160.1.1.x86_64.rpm openQA-client-5.1764349525.ffb59486-bp160.1.1.x86_64.rpm openQA-common-5.1764349525.ffb59486-bp160.1.1.x86_64.rpm openQA-continuous-update-5.1764349525.ffb59486-bp160.1.1.x86_64.rpm openQA-devel-5.1764349525.ffb59486-bp160.1.1.x86_64.rpm openQA-doc-5.1764349525.ffb59486-bp160.1.1.x86_64.rpm openQA-local-db-5.1764349525.ffb59486-bp160.1.1.x86_64.rpm openQA-mcp-5.1764349525.ffb59486-bp160.1.1.x86_64.rpm openQA-munin-5.1764349525.ffb59486-bp160.1.1.x86_64.rpm openQA-python-scripts-5.1764349525.ffb59486-bp160.1.1.x86_64.rpm openQA-single-instance-5.1764349525.ffb59486-bp160.1.1.x86_64.rpm openQA-single-instance-nginx-5.1764349525.ffb59486-bp160.1.1.x86_64.rpm openQA-worker-5.1764349525.ffb59486-bp160.1.1.x86_64.rpm os-autoinst-5.1764330105.c5cfd48-bp160.1.1.x86_64.rpm os-autoinst-devel-5.1764330105.c5cfd48-bp160.1.1.x86_64.rpm os-autoinst-ipmi-deps-5.1764330105.c5cfd48-bp160.1.1.x86_64.rpm os-autoinst-openvswitch-5.1764330105.c5cfd48-bp160.1.1.x86_64.rpm os-autoinst-qemu-kvm-5.1764330105.c5cfd48-bp160.1.1.x86_64.rpm os-autoinst-qemu-x86-5.1764330105.c5cfd48-bp160.1.1.x86_64.rpm os-autoinst-s390-deps-5.1764330105.c5cfd48-bp160.1.1.x86_64.rpm os-autoinst-swtpm-5.1764330105.c5cfd48-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-44 Recommended update for virtme moderate openSUSE Backports SLE-16.0 This update for virtme fixes the following issues: Changes in virtme: Update to 1.39: * The most noticeable change in this release is the new Model Context Protocol (MCP) server. This feature lets you connect with AI assistants such as Claude, Cursor, etc., and use natural human language to automate kernel development tasks. In this way, AI agents can automatically configure kernels, apply patches from lore.kernel.org, and run commands within recompiled kernels. You can even have the AI agent perform bug bisection for you and run specific commands/scripts inside each recompiled version to determine whether the kernel is good or bad. * An additional feature is vCPU pinning (using the --pin CPU_LIST option), which enables binding virtual CPUs to particular physical host CPUs. This ensures more consistent performance testing within the vng guest environment. * The release also adds support for memoryless NUMA nodes, enablingusers to specify size=0 with the --numa argument to create NUMA nodes without memory. This capability can be useful for simulating heterogeneous architectures, where devices like GPUs are represented as memoryless NUMA nodes to model their CPU locality relationships. * Last, but not least, there's a new --shell BINARY option which lets users choose a different shell to use within the vng session, rather than using their system's default shell and a new --empty-password option that creates empty passwords in the vng guest, instead of blocking login for other users, enabling easier debugging and SSH access during testing. * Updated Python versions in CI (dropped EOL 3.8 and 3.9) * Various bug fixes in virtme-init * Enhanced documentation and README updates * Improved error handling and validation virtme-1.39-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-45 Recommended update for gitea-tea moderate openSUSE Backports SLE-16.0 This update for gitea-tea fixes the following issues: Changes in gitea-tea: - Do not make config file group-readable. gitea-tea-0.11.1-bp160.2.1.aarch64.rpm gitea-tea-bash-completion-0.11.1-bp160.2.1.noarch.rpm gitea-tea-zsh-completion-0.11.1-bp160.2.1.noarch.rpm gitea-tea-0.11.1-bp160.2.1.ppc64le.rpm gitea-tea-0.11.1-bp160.2.1.s390x.rpm gitea-tea-0.11.1-bp160.2.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-46 Security update for git-bug important openSUSE Backports SLE-16.0 This update for git-bug fixes the following issues: Changes in git-bug: - Revendor to include fixed version of depending libraries: - GO-2025-4116 (CVE-2025-47913, bsc#1253506) upgrade golang.org/x/crypto to v0.43.0 - GO-2025-3900 (GHSA-2464-8j7c-4cjm) upgrade github.com/go-viper/mapstructure/v2 to v2.4.0 - GO-2025-3787 (GHSA-fv92-fjc5-jj9h) included in the previous - GO-2025-3754 (GHSA-2x5j-vhc8-9cwm) upgrade github.com/cloudflare/circl to v1.6.1 - GO-2025-4134 (CVE-2025-58181, bsc#1253930) upgrade golang.org/x/crypto/ssh to v0.45.0 - GO-2025-4135 (CVE-2025-47914, bsc#1254084) upgrade golang.org/x/crypto/ssh/agent to v0.45.0 - Revendor to include golang.org/x/net/html v 0.45.0 to prevent possible DoS by various algorithms with quadratic complexity when parsing HTML documents (bsc#1251463, CVE-2025-47911 and bsc#1251664, CVE-2025-58190). Update to version 0.10.1: - cli: ignore missing sections when removing configuration (ddb22a2f) Update to version 0.10.0: - bridge: correct command used to create a new bridge (9942337b) - web: simplify header navigation (7e95b169) - webui: remark upgrade + gfm + syntax highlighting (6ee47b96) - BREAKING CHANGE: dev-infra: remove gokart (89b880bd) Update to version 0.10.0: - bridge: correct command used to create a new bridge (9942337b) - web: simplify header navigation (7e95b169) - web: remark upgrade + gfm + syntax highlighting (6ee47b96) Update to version 0.9.0: - completion: remove errata from string literal (aa102c91) - tui: improve readability of the help bar (23be684a) Update to version 0.8.1+git.1746484874.96c7a111: * docs: update install, contrib, and usage documentation (#1222) * fix: resolve the remote URI using url.*.insteadOf (#1394) * build(deps): bump the go_modules group across 1 directory with 3 updates (#1376) * chore: gofmt simplify gitlab/export_test.go (#1392) * fix: checkout repo before setting up go environment (#1390) * feat: bump to go v1.24.2 (#1389) * chore: update golang.org/x/net (#1379) * fix: use -0700 when formatting time (#1388) * fix: use correct url for gitlab PATs (#1384) * refactor: remove depdendency on pnpm for auto-label action (#1383) * feat: add action: auto-label (#1380) * feat: remove lifecycle/frozen (#1377) * build(deps): bump the npm_and_yarn group across 1 directory with 12 updates (#1378) * feat: support new exclusion label: lifecycle/pinned (#1375) * fix: refactor how gitlab title changes are detected (#1370) * revert: "Create Dependabot config file" (#1374) * refactor: rename //:git-bug.go to //:main.go (#1373) * build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.16 to 2.5.25 (#1361) * fix: set GitLastTag to an empty string when git-describe errors (#1355) * chore: update go-git to v5@masterupdate_mods (#1284) * refactor: Directly swap two variables to optimize code (#1272) * Update README.md Matrix link to new room (#1275) - Update to version 0.8.0+git.1742269202.0ab94c9: * deps(crypto): bump golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for CVE-2024-45337) (#1312) - Update golang.org/x/crypto/ssh to v0.35.0 (bsc#1239494, CVE-2025-22869). - Add missing Requires to completion subpackages. Update to version 0.8.0+git.1733745604.d499b6e: * fix typos in docs (#1266) * build(deps): bump github.com/go-git/go-billy/v5 from 5.5.0 to 5.6.0 (#1289) - bump golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for CVE-2024-45337, bsc#1234565). git-bug-0.10.1-bp160.1.1.aarch64.rpm git-bug-bash-completion-0.10.1-bp160.1.1.noarch.rpm git-bug-fish-completion-0.10.1-bp160.1.1.noarch.rpm git-bug-zsh-completion-0.10.1-bp160.1.1.noarch.rpm git-bug-0.10.1-bp160.1.1.ppc64le.rpm git-bug-0.10.1-bp160.1.1.s390x.rpm git-bug-0.10.1-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-47 Recommended update for weechat moderate openSUSE Backports SLE-16.0 This update for weechat fixes the following issues: Changes in weechat: Update to 4.7.2: Fixed: * api: fix file descriptor leak in hook_url when a timeout occurs or if the hook is removed during the transfer (#2284) * irc: fix colors in messages 367 (ban mask), 728 (quiet mask) and MODE (#2286) * irc: fix reset of color when multiple modes are set with command /mode weechat-4.7.2-bp160.1.1.aarch64.rpm weechat-devel-4.7.2-bp160.1.1.aarch64.rpm weechat-lang-4.7.2-bp160.1.1.noarch.rpm weechat-lua-4.7.2-bp160.1.1.aarch64.rpm weechat-perl-4.7.2-bp160.1.1.aarch64.rpm weechat-python-4.7.2-bp160.1.1.aarch64.rpm weechat-ruby-4.7.2-bp160.1.1.aarch64.rpm weechat-spell-4.7.2-bp160.1.1.aarch64.rpm weechat-tcl-4.7.2-bp160.1.1.aarch64.rpm weechat-4.7.2-bp160.1.1.ppc64le.rpm weechat-devel-4.7.2-bp160.1.1.ppc64le.rpm weechat-lua-4.7.2-bp160.1.1.ppc64le.rpm weechat-perl-4.7.2-bp160.1.1.ppc64le.rpm weechat-python-4.7.2-bp160.1.1.ppc64le.rpm weechat-ruby-4.7.2-bp160.1.1.ppc64le.rpm weechat-spell-4.7.2-bp160.1.1.ppc64le.rpm weechat-tcl-4.7.2-bp160.1.1.ppc64le.rpm weechat-4.7.2-bp160.1.1.s390x.rpm weechat-devel-4.7.2-bp160.1.1.s390x.rpm weechat-lua-4.7.2-bp160.1.1.s390x.rpm weechat-perl-4.7.2-bp160.1.1.s390x.rpm weechat-python-4.7.2-bp160.1.1.s390x.rpm weechat-ruby-4.7.2-bp160.1.1.s390x.rpm weechat-spell-4.7.2-bp160.1.1.s390x.rpm weechat-tcl-4.7.2-bp160.1.1.s390x.rpm weechat-4.7.2-bp160.1.1.x86_64.rpm weechat-devel-4.7.2-bp160.1.1.x86_64.rpm weechat-lua-4.7.2-bp160.1.1.x86_64.rpm weechat-perl-4.7.2-bp160.1.1.x86_64.rpm weechat-python-4.7.2-bp160.1.1.x86_64.rpm weechat-ruby-4.7.2-bp160.1.1.x86_64.rpm weechat-spell-4.7.2-bp160.1.1.x86_64.rpm weechat-tcl-4.7.2-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-48 Recommended update for gnome-browser-connector moderate openSUSE Backports SLE-16.0 This update for gnome-browser-connector fixes the following issues: Changes in gnome-browser-connector: - add unzip as a requires, otherwise the extensions can't get extracted gnome-browser-connector-42.1-bp160.2.1.aarch64.rpm gnome-browser-connector-42.1-bp160.2.1.ppc64le.rpm gnome-browser-connector-42.1-bp160.2.1.s390x.rpm gnome-browser-connector-42.1-bp160.2.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-49 Recommended update for perl-Mojolicious-Plugin-Webpack moderate openSUSE Backports SLE-16.0 This update for perl-Mojolicious-Plugin-Webpack fixes the following issues: Changes in perl-Mojolicious-Plugin-Webpack: - See https://github.com/jhthorsen/mojolicious-plugin-webpack/pull/17 perl-Mojolicious-Plugin-Webpack-1.02-bp160.2.1.noarch.rpm openSUSE-Leap-16.0-packagehub-5 Recommended update for virtme moderate openSUSE Backports SLE-16.0 This update for virtme fixes the following issues: - Update to 1.38: * Fix the infamous Stale file handle (ESTALE) errors with virtiofsd * Fix for systemctl daemon-reload when systemd support is enabled * Fix for a kernel symlink issue affecting openSUSE/SLE * README/docs improvements * Various coding style cleanups virtme-1.38-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-50 Security update for python-Django important openSUSE Backports SLE-16.0 This update for python-Django fixes the following issues: - CVE-2025-64459: Fixed a potential SQL injection via `_connector` keyword argument in `QuerySet` and `Q` objects (bsc#1252926) - CVE-2025-13372,CVE-2025-64460: Fixed Denial of Service in 'django.core.serializers.xml_serializer.getInnerText()' (bsc#1254437) python313-Django-5.2.4-bp160.4.1.noarch.rpm openSUSE-Leap-16.0-packagehub-51 Recommended update for trivy moderate openSUSE Backports SLE-16.0 This update for trivy fixes the following issues: Changes in trivy: Update to version 0.68.1: * fix: update cosing settings for GoReleaser after bumping cosing to v3 (#9863) * chore(deps): bump the testcontainers group with 2 updates (#9506) * feat(aws): Add support for dualstack ECR endpoints (#9862) * fix(vex): use a separate `visited` set for each DFS path (#9760) * docs: catch some missed docs -> guide (#9850) * refactor(misconf): parse azure_policy_enabled to addonprofile.azurepolicy.enabled (#9851) * chore(cli): Remove Trivy Cloud (#9847) * fix(misconf): ensure value used as ignore marker is non-null and known (#9835) * fix(misconf): map healthcheck start period flag to --start-period instead of --startPeriod (#9837) * chore(deps): bump the docker group with 3 updates (#9776) * chore(deps): bump golang.org/x/crypto from 0.41.0 to 0.45.0 (#9827) * chore(deps): bump the common group across 1 directory with 20 updates (#9840) * feat(image): add Sigstore bundle SBOM support (#9516) * chore(deps): bump the aws group with 7 updates (#9691) * test(k8s): update k8s integrtion test (#9725) * chore(deps): bump github.com/containerd/containerd from 1.7.28 to 1.7.29 (#9764) * feat(sbom): add support for SPDX attestations (#9829) * docs(misconf): Remove duplicate sections (#9819) * feat(misconf): Update Azure network schema for new checks (#9791) * feat(misconf): Update AppService schema (#9792) * fix(misconf): ensure boolean metadata values are correctly interpreted (#9770) * feat(misconf): support https_traffic_only_enabled in Az storage account (#9784) * docs: restructure docs for new hosting (#9799) * docs(server): fix info about scanning licenses on the client side. (#9805) * ci: remove unused preinstalled software/images for build tests to free up disk space. (#9814) * feat(report): add fingerprint generation for vulnerabilities (#9794) * chore: trigger the trivy-www workflow (#9737) * fix: update all documentation links (#9777) * feat(suse): Add new openSUSE, Micro and SLES releases end of life dates (#9788) * test(go): set `GOPATH` for tests (#9785) * feat(flag): add `--cacert` flag (#9781) * fix(misconf): handle unsupported experimental flags in Dockerfile (#9769) * test(go): refactor mod_test.go to use txtar format (#9775) * docs: Fix typos and linguistic errors in documentation / hacktoberfest (#9586) * chore(deps): bump github.com/opencontainers/selinux from 1.12.0 to 1.13.0 (#9778) * chore(deps): bump github.com/containerd/containerd/v2 from 2.1.4 to 2.1.5 (#9763) * fix(java): use `true` as default value for Repository Release|Snapshot Enabled in pom.xml and settings.xml files (#9751) * docs: add info that `SSL_CERT_FILE` works on `Unix systems other than macOS` only (#9772) * docs: change SecObserve URLs in documentatio (#9771) * feat(db): enable concurrent access to vulnerability database (#9750) * feat(misconf): add agentpools to azure container schema (#9714) * feat(report): switch ReportID from UUIDv4 to UUIDv7 (#9749) * feat(misconf): Update Azure Compute schema (#9675) * feat(misconf): Update azure storage schema (#9728) * feat(misconf): Update SecurityCenter schema (#9674) * feat(image): pass global context to docker/podman image save func (#9733) * chore(deps): bump the github-actions group with 4 updates (#9739) * fix(flag): remove viper.SetDefault to fix IsSet() for config-only flags (#9732) * feat(license): use separate SPDX ids to ignore SPDX expressions (#9087) * feat(dotnet): add dependency graph support for .deps.json files (#9726) * feat(misconf): Add support for configurable Rego error limit (#9657) * feat(misconf): Add RoleAssignments attribute (#9396) * feat(report): add image reference to report metadata (#9729) * fix(os): Add photon 5.0 in supported OS (#9724) * fix(license): handle SPDX WITH exceptions as single license in category detection (#9380) * refactor: add case-insensitive string set implementation (#9720) * feat: include registry and repository in artifact ID calculation (#9689) * feat(java): add support remote repositories from settings.xml files (#9708) * fix(sbom): don’t panic on SBOM format if scanned CycloneDX file has empty metadata (#9562) * docs: update vulnerability reporting guidelines in SECURITY.md (#9395) * docs: add info about `java-db` subdir (#9706) * fix(report): correct field order in SARIF license results (#9712) * test: improve golden file management in integration tests (#9699) * ci: get base_sha using base.ref (#9704) * refactor(misconf): mark AVDID fields as deprecated and use ID internally (#9576) * fix(nodejs): fix npmjs parser.pkgNameFromPath() panic issue (#9688) * fix: close all opened resources if an error occurs (#9665) * refactor(misconf): type-safe parser results in generic scanner (#9685) * feat(image): add RepoTags support for Docker archives (#9690) * chore(deps): bump github.com/quic-go/quic-go from 0.52.0 to 0.54.1 (#9694) * feat(misconf): Update Azure Container Schema (#9673) * ci: use merge commit for apidiff to avoid false positives (#9622) * feat(misconf): include map key in manifest snippet for diagnostics (#9681) * refactor(misconf): add ManifestFromYAML for unified manifest parsing (#9680) * test: update golden files for TestRepository* integration tests (#9684) * refactor(cli): Update the cloud config command (#9676) * fix(sbom): add `buildInfo` info as properties (#9683) * feat: add ReportID field to scan reports (#9670) * docs: add vulnerability database contribution guide (#9667) * feat(cli): Add trivy cloud suppport (#9637) * feat: add ArtifactID field to uniquely identify scan targets (#9663) * fix(nodejs): use the default ID format to match licenses in pnpm packages. (#9661) * feat(sbom): use SPDX license IDs list to validate SPDX IDs (#9569) * fix: use context for analyzers (#9538) * chore(deps): bump the docker group with 3 updates (#9545) * chore(deps): bump the aws group with 6 updates (#9547) * ci(helm): bump Trivy version to 0.67.2 for Trivy Helm Chart 0.19.1 (#9641) * test(helm): bump up Yamale dependency for Helm chart-testing-action (#9653) * fix: Trim the end-of-range suffix (#9618) * test(k8s): use a specific bundle for k8s misconfig scan (#9633) * fix: Use `fetch-level: 1` to check out trivy-repo in the release workflow (#9636) * refactor: move the aws config (#9617) * fix(license): don't normalize `unlicensed` licenses into `unlicense` (#9611) * fix: using SrcVersion instead of Version for echo detector (#9552) * feat(fs): change artifact type to repository when git info is detected (#9613) * fix: add `buildInfo` for `BlobInfo` in `rpc` package (#9608) * fix(vex): don't use reused BOM (#9604) * ci: use pull_request_target for apidiff workflow to support fork PRs (#9605) * fix: restore compatibility for google.protobuf.Value (#9559) * ci: add API diff workflow (#9600) * chore(deps): update to module-compatible docker-credential-gcr/v2 (#9591) * docs: improve documentation for scanning raw IaC configurations (#9571) * feat: allow ignoring findings by type in Rego (#9578) * docs: bump pygments from 2.18.0 to 2.19.2 (#9596) * refactor(misconf): add ID to scan.Rule (#9573) * fix(java): update order for resolving package fields from multiple demManagement (#9575) * chore(deps): bump the github-actions group across 1 directory with 9 updates (#9563) * chore(deps): bump the common group across 1 directory with 7 updates (#9590) * chore(deps): Switch to go-viper/mapstructure (#9579) * chore: add context to the cache interface (#9565) * ci(helm): bump Trivy version to 0.67.0 for Trivy Helm Chart 0.19.0 (#9554) * fix: validate backport branch name (#9548) trivy-0.68.1-bp160.1.1.aarch64.rpm trivy-0.68.1-bp160.1.1.ppc64le.rpm trivy-0.68.1-bp160.1.1.s390x.rpm trivy-0.68.1-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-52 Security update for exim moderate openSUSE Backports SLE-16.0 This update for exim fixes the following issues: - CVE-2025-53881: Fixed a potential security issue with logfile rotation (bsc#1246457) exim-4.98.2-bp160.2.1.x86_64.rpm eximon-4.98.2-bp160.2.1.x86_64.rpm eximstats-html-4.98.2-bp160.2.1.x86_64.rpm exim-4.98.2-bp160.2.1.s390x.rpm eximon-4.98.2-bp160.2.1.s390x.rpm eximstats-html-4.98.2-bp160.2.1.s390x.rpm exim-4.98.2-bp160.2.1.ppc64le.rpm eximon-4.98.2-bp160.2.1.ppc64le.rpm eximstats-html-4.98.2-bp160.2.1.ppc64le.rpm exim-4.98.2-bp160.2.1.aarch64.rpm eximon-4.98.2-bp160.2.1.aarch64.rpm eximstats-html-4.98.2-bp160.2.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-53 Recommended update for virtme moderate openSUSE Backports SLE-16.0 This update for virtme fixes the following issues: - Update to 1.40: * No significant change, this is just a very small hotfix release to solve a packaging problem introduced by a conflict with the new vng-mcp tool. * While at it, there're also some small improved hints in the MCP server, so that AI agents can better understand how to build the kernel using vng --build. virtme-1.40-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-54 Security update for hauler important openSUSE Backports SLE-16.0 This update for hauler fixes the following issues: - Update to version 1.3.1 (bsc#1251516, CVE-2025-47911, bsc#1251891, CVE-2025-11579, bsc#1251651, CVE-2025-58190, bsc#1248937, CVE-2025-58058): * bump github.com/containerd/containerd (#474) * another fix to tests for new tests (#472) * fixed typo in testdata (#471) * fixed/cleaned new tests (#470) * trying a new way for hauler testing (#467) * update for cosign v3 verify (#469) * added digests view to info (#465) * bump github.com/nwaples/rardecode/v2 from 2.1.1 to 2.2.0 in the go_modules group across 1 directory (#457) * update oras-go to v1.2.7 for security patches (#464) * update cosign to v3.0.2+hauler.1 (#463) * fixed homebrew directory deprecation (#462) * add registry logout command (#460) - Update to version 1.3.0: * bump the go_modules group across 1 directory with 2 updates (#455) * upgraded versions/dependencies/deprecations (#454) * allow loading of docker tarballs (#452) * bump the go_modules group across 1 directory with 2 updates (#449) - update to 1.2.5 (bsc#1246722, CVE-2025-46569): * Bump github.com/open-policy-agent/opa from 1.1.0 to 1.4.0 in the go_modules group across 1 directory (CVE-2025-46569) * deprecate auth from hauler store copy * Bump github.com/cloudflare/circl from 1.3.7 to 1.6.1 in the go_modules group across 1 directory * Bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 in the go_modules group across 1 directory * upgraded go and dependencies versions - Update to version 1.2.5: * upgraded go and dependencies versions (#444) * Bump github.com/go-viper/mapstructure/v2 (#442) * bump github.com/cloudflare/circl (#441) * deprecate auth from hauler store copy (#440) * Bump github.com/open-policy-agent/opa (#438) - update to 1.2.4 (CVE-2025-22872, bsc#1241804): * Bump golang.org/x/net from 0.37.0 to 0.38.0 in the go_modules group across 1 directory * minor tests updates - Update to version 1.2.3: * formatting and flag text updates * add keyless signature verification (#434) * bump helm.sh/helm/v3 in the go_modules group across 1 directory (#430) * add --only flag to hauler store copy (for images) (#429) * fix tlog verification error/warning output (#428) - Update to version 1.2.2 (bsc#1241184, CVE-2024-0406): * cleanup new tlog flag typos and add shorthand (#426) * default public transparency log verification to false to be airgap friendly but allow override (#425) * bump github.com/golang-jwt/jwt/v4 (#423) * bump the go_modules group across 1 directory with 2 updates (#422) * bump github.com/go-jose/go-jose/v3 (#417) * bump github.com/go-jose/go-jose/v4 (#415) * clear default manifest name if product flag used with sync (#412) * updates for v1.2.0 (#408) * fixed remote code (#407) * added remote file fetch to load (#406) * added remote and multiple file fetch to sync (#405) * updated save flag and related logs (#404) * updated load flag and related logs [breaking change] (#403) * updated sync flag and related logs [breaking change] (#402) * upgraded api update to v1/updated dependencies (#400) * fixed consts for oci declarations (#398) * fix for correctly grabbing platform post cosign 2.4 updates (#393) * use cosign v2.4.1+carbide.2 to address containerd annotation in index.json (#390) * Bump the go_modules group across 1 directory with 2 updates (#385) * replace mholt/archiver with mholt/archives (#384) * forked cosign bump to 2.4.1 and use as a library vs embedded binary (#383) * cleaned up registry and improved logging (#378) * Bump golang.org/x/crypto in the go_modules group across 1 directory (#377) - bump net/html dependencies (bsc#1235332, CVE-2024-45338) - Update to version 1.1.1: * fixed cli desc for store env var (#374) * updated versions for go/k8s/helm (#373) * updated version flag to internal/flags (#369) * renamed incorrectly named consts (#371) * added store env var (#370) * adding ignore errors and retries for continue on error/fail on error (#368) * updated/fixed hauler directory (#354) * standardize consts (#353) * removed cachedir code (#355) * removed k3s code (#352) * updated dependencies for go, helm, and k8s (#351) * [feature] build with boring crypto where available (#344) * updated workflow to goreleaser builds (#341) * added timeout to goreleaser workflow (#340) * trying new workflow build processes (#337) * improved workflow performance (#336) * have extract use proper ref (#335) * yet another workflow goreleaser fix (#334) * even more workflow fixes (#333) * added more fixes to github workflow (#332) * fixed typo in hauler store save (#331) * updates to fix build processes (#330) * added integration tests for non hauler tarballs (#325) * bump: golang >= 1.23.1 (#328) * add platform flag to store save (#329) * Update feature_request.md * updated/standardize command descriptions (#313) * use new annotation for 'store save' manifest.json (#324) * enable docker load for hauler tarballs (#320) * bump to cosign v2.2.3-carbide.3 for new annotation (#322) * continue on error when adding images to store (#317) * Update README.md (#318) * fixed completion commands (#312) * github.com/rancherfederal/hauler => hauler.dev/go/hauler (#311) * pages: enable go install hauler.dev/go/hauler (#310) * Create CNAME * pages: initial workflow (#309) * testing and linting updates (#305) * feat-273: TLS Flags (#303) * added list-repos flag (#298) * fixed hauler login typo (#299) * updated cobra function for shell completion (#304) * updated install.sh to remove github api (#293) * fix image ref keys getting squashed when containing sigs/atts (#291) * fix missing versin info in release build (#283) * bump github.com/docker/docker in the go_modules group across 1 directory (#281) * updated install script (`install.sh`) (#280) * fix digest images being lost on load of hauls (Signed). (#259) * feat: add readonly flag (#277) * fixed makefile for goreleaser v2 changes (#278) * updated goreleaser versioning defaults (#279) * update feature_request.md (#274) * updated old references * updated actions workflow user * added dockerhub to github actions workflow * removed helm chart * added debug container and workflow * updated products flag description * updated chart for release * fixed workflow errors/warnings * fixed permissions on testdata * updated chart versions (will need to update again) * last bit of fixes to workflow * updated unit test workflow * updated goreleaser deprecations * added helm chart release job * updated github template names * updated imports (and go fmt) * formatted gitignore to match dockerignore * formatted all code (go fmt) * updated chart tests for new features * Adding the timeout flag for fileserver command * Configure chart commands to use helm clients for OCI and private registry support * Added some documentation text to sync command * Bump golang.org/x/net from 0.17.0 to 0.23.0 * fix for dup digest smashing in cosign * removed vagrant scripts * last bit of updates and formatting of chart * updated hauler testdata * adding functionality and cleaning up * added initial helm chart * removed tag in release workflow * updated/fixed image ref in release workflow * updated/fixed platforms in release workflow * updated/cleaned github actions (#222) * Make Product Registry configurable (#194) * updated fileserver directory name (#219) * fix logging for files * add extra info for the tempdir override flag * tempdir override flag for load * deprecate the cache flag instead of remove * switch to using bci-golang as builder image * fix: ensure /tmp for hauler store load * added the copy back for now * remove copy at the image sync not needed with cosign update * removed misleading cache flag * better logging when adding to store * update to v2.2.3 of our cosign fork * add: dockerignore * add: Dockerfile * Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 * Bump github.com/docker/docker * updated and added new logos * updated github files hauler-1.3.1-bp160.1.1.aarch64.rpm hauler-1.3.1-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-55 Security update for chromium important openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: - Chromium 143.0.7499.109 (boo#1254776): * CVE-2025-14372: Use after free in Password Manager * CVE-2025-14373: Inappropriate implementation in Toolbar * third issue with an exploit is known to exist in the wild chromedriver-143.0.7499.40-bp160.1.1.x86_64.rpm chromium-143.0.7499.40-bp160.1.1.x86_64.rpm chromedriver-143.0.7499.40-bp160.1.1.ppc64le.rpm chromium-143.0.7499.40-bp160.1.1.ppc64le.rpm chromedriver-143.0.7499.40-bp160.1.1.aarch64.rpm chromium-143.0.7499.40-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-56 Recommended update for labwc moderate openSUSE Backports SLE-16.0 This update for labwc fixes the following issues: Changes in labwc: - Fixed layershell unmap segfault when no outputs left (boo#1254386) labwc-0.8.1-bp160.2.1.aarch64.rpm labwc-lang-0.8.1-bp160.2.1.noarch.rpm labwc-0.8.1-bp160.2.1.ppc64le.rpm labwc-0.8.1-bp160.2.1.s390x.rpm labwc-0.8.1-bp160.2.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-57 Recommended update for cmake-extras moderate openSUSE Backports SLE-16.0 This update for cmake-extras fixes the following issues: - Support both qmlplugindump-qt5 and qmlplugindump-qt6 (boo#1254531) - Fix filename and path of qmlplugindump-qt5 for openSUSE - Update to 1.9 * add support for CMake 4.0 - Update to 1.8 * GMock: wire dependencies between GMock step and library files * QmlPlugins: Crude support for qt6 cmake-extras-1.9-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-58 Optional update for rawtherapee moderate openSUSE Backports SLE-16.0 This update for rawtherapee fixes the following issues: Ship rawtherapee image editor. rawtherapee-5.12-bp160.3.1.x86_64.rpm rawtherapee-5.12-bp160.3.1.s390x.rpm rawtherapee-5.12-bp160.3.1.ppc64le.rpm rawtherapee-5.12-bp160.3.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-59 Security update for cheat important openSUSE Backports SLE-16.0 This update for cheat fixes the following issues: - Security: * CVE-2025-47913: Fix client process termination (bsc#1253593) * CVE-2025-58181: Fix potential unbounded memory consumption (bsc#1253922) * CVE-2025-47914: Fix panic due to an out of bounds read (bsc#1254051) * Replace golang.org/x/crypto=golang.org/x/crypto@v0.45.0 * Replace golang.org/x/net=golang.org/x/net@v0.47.0 * Replace golang.org/x/sys=golang.org/x/sys@v0.38.0 - Packaging improvements: * Drop Requires: golang-packaging. The recommended Go toolchain dependency expression is BuildRequires: golang(API) >= 1.x or optionally the metapackage BuildRequires: go * Use BuildRequires: golang(API) >= 1.19 matching go.mod * Build PIE with pattern that may become recommended procedure: %%ifnarch ppc64 GOFLAGS="-buildmode=pie" %%endif go build A go toolchain buildmode default config would be preferable but none exist at this time. * Drop mod=vendor, go1.14+ will detect vendor dir and auto-enable * Remove go build -o output binary location and name. Default binary has the same name as package of func main() and is placed in the top level of the build directory. * Add basic %check to execute binary --help - Packaging improvements: * Service go_modules replace dependencies with CVEs * Replace github.com/cloudflare/circl=github.com/cloudflare/circl@v1.6.1 Fix GO-2025-3754 GHSA-2x5j-vhc8-9cwm * Replace golang.org/x/net=golang.org/x/net@v0.36.0 Fixes GO-2025-3503 CVE-2025-22870 * Replace golang.org/x/crypto=golang.org/x/crypto@v0.35.0 Fixes GO-2023-2402 CVE-2023-48795 GHSA-45x7-px36-x8w8 Fixes GO-2025-3487 CVE-2025-22869 * Replace github.com/go-git/go-git/v5=github.com/go-git/go-git/v5@v5.13.0 Fixes GO-2025-3367 CVE-2025-21614 GHSA-r9px-m959-cxf4 Fixes GO-2025-3368 CVE-2025-21613 GHSA-v725-9546-7q7m * Service tar_scm set mode manual from disabled * Service tar_scm create archive from git so we can exclude vendor directory upstream committed to git. Committed vendor directory contents have build issues even after go mod tidy. * Service tar_scm exclude dir vendor * Service set_version set mode manual from disabled * Service set_version remove param basename not needed cheat-4.4.2-bp160.2.1.aarch64.rpm cheat-4.4.2-bp160.2.1.ppc64le.rpm cheat-4.4.2-bp160.2.1.s390x.rpm cheat-4.4.2-bp160.2.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-6 Recommended update for lutris moderate openSUSE Backports SLE-16.0 This update for lutris fixes the following issues: - Move selinux dependency - Fix gaming under selinux (bsc#1206292) - Fix wrong placement of lang_package macro in spec file - Update to 0.5.19: * Fix Proton integration bugs so Proton-fixes are applied * Do not offer DXVK, VKD3D, D3D Extras or DDXVK-NVAPI on Proton versions; Proton will handle these. * The "Enable Esync" and "Enable Fsync" settings are now passed on to Proton * DXVK's integrated D8VK will be enabled in Proton * Emulator BIOS file location (used by libretro) may be set in Preferences * Obtain the release year from GOG and Itch.io. * MAME Machine setting uses a searchable entry for its enourmous list * Support for importing Commodore 64 ROMs - Add BuildRequires apparmor-abstractions, apparmor-rpm-macros for Leap, fix for build error: directories not owned by a package: /etc/apparmor.d - update to 0.5.18: * Lutris downloads the latest GE-Proton build for Wine if any Wine version is installed * Use dark theme by default * Display cover-art rather than banners by default * Add 'Uncategorized' view to sidebar * Preference options that do not work on Wayland will be hidden when on Wayland * Game searches can now use fancy tags like 'installed:yes' or 'source:gog', with explanatory tool-tip * A new filter button on the search box can build many of these fancy tags for you * Runner searches can use 'installed:yes' as well, but no other fancy searches or anything * Updated the Flathub and Amazon source to new APIs, restoring integration * Itch.io source integration will load a collection named 'Lutris' if present * GOG and Itch.io sources can now offer Linux and Windows installers for the same game * Added support for the 'foot' terminal * Support for DirectX 8 in DXVK v2.4 * Support for Ayatana Application Indicators * Additional options for Ruffle runner * Updated download links for the Atari800 and MicroM8 runners * No longer re-download cached installation files even when some are missing * Lutris log is included in the 'System' tab of the Preferences window * Improved error reporting, with the Lutris log included in the error details * Add AppArmor profile for Ubuntu versions >= 23.10 * Add Duckstation runner lutris-0.5.19-bp160.1.1.noarch.rpm lutris-apparmor-0.5.19-bp160.1.1.noarch.rpm lutris-lang-0.5.19-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-60 Security update for chromium important openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: Changes in chromium: Chromium 143.0.7499.146 (boo#1255115): * CVE-2025-14765: Use after free in WebGPU * CVE-2025-14766: Out of bounds read and write in V8 * CVE-2025-14174: Out of bounds memory access in ANGLE chromedriver-143.0.7499.146-bp160.1.1.x86_64.rpm chromium-143.0.7499.146-bp160.1.1.x86_64.rpm chromedriver-143.0.7499.146-bp160.1.1.ppc64le.rpm chromium-143.0.7499.146-bp160.1.1.ppc64le.rpm chromedriver-143.0.7499.146-bp160.1.1.aarch64.rpm chromium-143.0.7499.146-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-61 Recommended update for icinga-php-thirdparty, icinga-php-library, icingaweb2 moderate openSUSE Backports SLE-16.0 This update for icinga-php-thirdparty, icinga-php-library, icingaweb2 fixes the following issues: Changes in icinga-php-thirdparty: - Update to 0.13.1 - No changelog from upstream. - Update to 0.12.1 - No changelog from upstream. Changes in icinga-php-library: - Update to 1.17.0 - No changelog from upstream. Changes in icingaweb2: - Update to 2.12.6 - Search box shows many magnifying glasses for some community themes #5395 - Authentication hooks are not called with external backends #5415 - Improve Minimal layout #5386 - Update to 2.12.5 * PHP 8.4 Support We're again a little behind schedule, but now we support PHP 8.4! This means that installations on Ubuntu 25.04 and Fedora 42+ can now install Icinga Web without worrying about PHP related incompatibilities. Icinga packages will be available in the next few days. * Good Things Take Time There's only a single (notable) recent issue that is fixed with this release. All the others are a bit older. - External URLs set up as dashlets are not embedded the same as navigation items #5346 * But the team sat together a few weeks ago and fixed a bug here and there. And of course, also in Icinga Web! - Users who are not allowed to change the theme, cannot change the theme mode either #5385 - Improved compatibility with several SSO authentication providers #5000, #5227 - Filtering for older-than events with relative time does not work #5263 - Empty values are NULL in CSV exports #5350 * Breaking, Somewhat This is mainly for developers. With the support of PHP 8.4, we introduced a new environment variable, ICINGAWEB_ENVIRONMENT. Unless set to dev, Icinga Web will not show nor log deprecation notices anymore. icinga-php-thirdparty-0.13.1-bp160.1.1.noarch.rpm icinga-php-library-0.17.0-bp160.1.1.noarch.rpm icingacli-2.12.6-bp160.1.1.noarch.rpm icingaweb2-2.12.6-bp160.1.1.noarch.rpm icingaweb2-common-2.12.6-bp160.1.1.noarch.rpm icingaweb2-php-fpm-2.12.6-bp160.1.1.noarch.rpm php-icinga-2.12.6-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-62 Recommended update for openQA, os-autoinst, openQA-devel-container moderate openSUSE Backports SLE-16.0 This update for openQA, os-autoinst, openQA-devel-container fixes the following issues: Changes in openQA: Thu Dec 18 03:54:10 UTC 2025 - okurz@suse.com - Update to version 5.1766014013.377e64fe: * feat(Needle::Save): Adapt to new error handling * feat(OpenQA::Git): Make error handling more flexible with exceptions - Update to version 5.1765887110.8fc02990: * Avoid partial deletion of a screenshot if Minion job is aborted * Add `SignalBlocker` to delay signal handling during critical sections - Update to version 5.1765805960.2112d43d: * fix(codecov): Fix wrong casing for 'fully_covered' entries - Update to version 5.1765535865.b566a24c: * fix(codecov): Be strict about coverage thresholds * Show jobs that have been cloned when `t` parameter is used on overview - Update to version 5.1765469360.5c0525b5: * worker: Add coverage for OVS DBus checks * Fix overview when filtering by test and module result at the same time * Return signal as part of run_cmd result * Add scanner for untracked screenshots * KTAP: Properly hide details of a skipped subtest * docs: Restory logic of the sentence about NFT vs firewalld * docs: Clarify DHCP/RA availability on MM networks * feat: Allow to configure key+secret with env variables - Update to version 5.1765286149.3debb8ea: * KTAP: Don't increment parsed_lines_count in "SKIP" lines * KTAP: Define unparsed_lines and parsed_lines_count - Update to version 5.1765217707.d6e697fd: * Test commenting on overview page together with TODO filter * Fix job IDs that are considered for mass-commenting on overview page - Update to version 5.1765009312.be30f6e0: * README: Remove left-over empty badge reference Changes in os-autoinst: - Update to version 5.1767623406.688dd0e: * os-autoinst-generate-needle-preview: Embed PNG * Tweak curl call not to hang * Fix opencv dependency due to upstream changes * Restore package builds on older openSUSE versions * Remove `ShellCheck` from devel dependencies on s390x - Update to version 5.1766037062.44c7d2a: * Tweak curl call not to hang * Fix opencv dependency due to upstream changes * Restore package builds on older openSUSE versions * Remove `ShellCheck` from devel dependencies on s390x * Remove obsolete 'bin/' folder - Update to version 5.1765976654.0026f92: * Fix opencv dependency due to upstream changes * Restore package builds on older openSUSE versions * Remove `ShellCheck` from devel dependencies on s390x * Remove obsolete 'bin/' folder * Improve documentation strings for get/check_var - Update to version 5.1765808557.b89e9b4: * Restore package builds on older openSUSE versions * Remove `ShellCheck` from devel dependencies on s390x * Remove obsolete 'bin/' folder * Simplify the code to increment the counter * audio: Allow for multiple audio recordings per test - Update to version 5.1765804109.1e7c99a: * Remove `ShellCheck` from devel dependencies on s390x * Remove obsolete 'bin/' folder * Simplify the code to increment the counter * audio: Allow for multiple audio recordings per test * Improve documentation strings for get/check_var - Update to version 5.1765533145.a82864c: * Remove obsolete 'bin/' folder * Simplify the code to increment the counter * audio: Allow for multiple audio recordings per test * Improve documentation strings for get/check_var * Add port forwarding example for NICTYPE_USER_OPTIONS - Update to version 5.1765450253.f16e6ac: * Simplify the code to increment the counter * audio: Allow for multiple audio recordings per test * Improve documentation strings for get/check_var * Add port forwarding example for NICTYPE_USER_OPTIONS * Fix regression from abcaa66b by disabling virtio-keyboard by default * distribution: Add "disable_key_repeat" * Use 'virtio-keyboard' by default to allow fixing key repetition errors - Update to version 5.1765311639.7e3a762: * Simplify the code to increment the counter * audio: Allow for multiple audio recordings per test * Add port forwarding example for NICTYPE_USER_OPTIONS * Fix regression from abcaa66b by disabling virtio-keyboard by default * Add IPv6 support for multi machine tests Changes in openQA-devel-container: - Update to version 5.1766014013.377e64fe9: * Update to latest openQA version openQA-5.1766014013.377e64fe-bp160.1.1.x86_64.rpm openQA-auto-update-5.1766014013.377e64fe-bp160.1.1.x86_64.rpm openQA-bootstrap-5.1766014013.377e64fe-bp160.1.1.x86_64.rpm openQA-client-5.1766014013.377e64fe-bp160.1.1.x86_64.rpm openQA-common-5.1766014013.377e64fe-bp160.1.1.x86_64.rpm openQA-continuous-update-5.1766014013.377e64fe-bp160.1.1.x86_64.rpm openQA-devel-5.1766014013.377e64fe-bp160.1.1.x86_64.rpm openQA-doc-5.1766014013.377e64fe-bp160.1.1.x86_64.rpm openQA-local-db-5.1766014013.377e64fe-bp160.1.1.x86_64.rpm openQA-mcp-5.1766014013.377e64fe-bp160.1.1.x86_64.rpm openQA-munin-5.1766014013.377e64fe-bp160.1.1.x86_64.rpm openQA-python-scripts-5.1766014013.377e64fe-bp160.1.1.x86_64.rpm openQA-single-instance-5.1766014013.377e64fe-bp160.1.1.x86_64.rpm openQA-single-instance-nginx-5.1766014013.377e64fe-bp160.1.1.x86_64.rpm openQA-worker-5.1766014013.377e64fe-bp160.1.1.x86_64.rpm os-autoinst-5.1767623406.688dd0e-bp160.1.1.x86_64.rpm os-autoinst-devel-5.1767623406.688dd0e-bp160.1.1.x86_64.rpm os-autoinst-ipmi-deps-5.1767623406.688dd0e-bp160.1.1.x86_64.rpm os-autoinst-openvswitch-5.1767623406.688dd0e-bp160.1.1.x86_64.rpm os-autoinst-qemu-kvm-5.1767623406.688dd0e-bp160.1.1.x86_64.rpm os-autoinst-qemu-x86-5.1767623406.688dd0e-bp160.1.1.x86_64.rpm os-autoinst-s390-deps-5.1767623406.688dd0e-bp160.1.1.x86_64.rpm os-autoinst-swtpm-5.1767623406.688dd0e-bp160.1.1.x86_64.rpm openQA-5.1766014013.377e64fe-bp160.1.1.s390x.rpm openQA-auto-update-5.1766014013.377e64fe-bp160.1.1.s390x.rpm openQA-bootstrap-5.1766014013.377e64fe-bp160.1.1.s390x.rpm openQA-client-5.1766014013.377e64fe-bp160.1.1.s390x.rpm openQA-common-5.1766014013.377e64fe-bp160.1.1.s390x.rpm openQA-continuous-update-5.1766014013.377e64fe-bp160.1.1.s390x.rpm openQA-devel-5.1766014013.377e64fe-bp160.1.1.s390x.rpm openQA-doc-5.1766014013.377e64fe-bp160.1.1.s390x.rpm openQA-local-db-5.1766014013.377e64fe-bp160.1.1.s390x.rpm openQA-mcp-5.1766014013.377e64fe-bp160.1.1.s390x.rpm openQA-munin-5.1766014013.377e64fe-bp160.1.1.s390x.rpm openQA-python-scripts-5.1766014013.377e64fe-bp160.1.1.s390x.rpm openQA-single-instance-5.1766014013.377e64fe-bp160.1.1.s390x.rpm openQA-single-instance-nginx-5.1766014013.377e64fe-bp160.1.1.s390x.rpm openQA-worker-5.1766014013.377e64fe-bp160.1.1.s390x.rpm os-autoinst-5.1767623406.688dd0e-bp160.1.1.s390x.rpm os-autoinst-devel-5.1767623406.688dd0e-bp160.1.1.s390x.rpm os-autoinst-ipmi-deps-5.1767623406.688dd0e-bp160.1.1.s390x.rpm os-autoinst-openvswitch-5.1767623406.688dd0e-bp160.1.1.s390x.rpm os-autoinst-s390-deps-5.1767623406.688dd0e-bp160.1.1.s390x.rpm os-autoinst-swtpm-5.1767623406.688dd0e-bp160.1.1.s390x.rpm openQA-5.1766014013.377e64fe-bp160.1.1.ppc64le.rpm openQA-auto-update-5.1766014013.377e64fe-bp160.1.1.ppc64le.rpm openQA-bootstrap-5.1766014013.377e64fe-bp160.1.1.ppc64le.rpm openQA-client-5.1766014013.377e64fe-bp160.1.1.ppc64le.rpm openQA-common-5.1766014013.377e64fe-bp160.1.1.ppc64le.rpm openQA-continuous-update-5.1766014013.377e64fe-bp160.1.1.ppc64le.rpm openQA-devel-5.1766014013.377e64fe-bp160.1.1.ppc64le.rpm openQA-doc-5.1766014013.377e64fe-bp160.1.1.ppc64le.rpm openQA-local-db-5.1766014013.377e64fe-bp160.1.1.ppc64le.rpm openQA-mcp-5.1766014013.377e64fe-bp160.1.1.ppc64le.rpm openQA-munin-5.1766014013.377e64fe-bp160.1.1.ppc64le.rpm openQA-python-scripts-5.1766014013.377e64fe-bp160.1.1.ppc64le.rpm openQA-single-instance-5.1766014013.377e64fe-bp160.1.1.ppc64le.rpm openQA-single-instance-nginx-5.1766014013.377e64fe-bp160.1.1.ppc64le.rpm openQA-worker-5.1766014013.377e64fe-bp160.1.1.ppc64le.rpm os-autoinst-5.1767623406.688dd0e-bp160.1.1.ppc64le.rpm os-autoinst-devel-5.1767623406.688dd0e-bp160.1.1.ppc64le.rpm os-autoinst-ipmi-deps-5.1767623406.688dd0e-bp160.1.1.ppc64le.rpm os-autoinst-openvswitch-5.1767623406.688dd0e-bp160.1.1.ppc64le.rpm os-autoinst-s390-deps-5.1767623406.688dd0e-bp160.1.1.ppc64le.rpm os-autoinst-swtpm-5.1767623406.688dd0e-bp160.1.1.ppc64le.rpm openQA-5.1766014013.377e64fe-bp160.1.1.aarch64.rpm openQA-auto-update-5.1766014013.377e64fe-bp160.1.1.aarch64.rpm openQA-bootstrap-5.1766014013.377e64fe-bp160.1.1.aarch64.rpm openQA-client-5.1766014013.377e64fe-bp160.1.1.aarch64.rpm openQA-common-5.1766014013.377e64fe-bp160.1.1.aarch64.rpm openQA-continuous-update-5.1766014013.377e64fe-bp160.1.1.aarch64.rpm openQA-devel-5.1766014013.377e64fe-bp160.1.1.aarch64.rpm openQA-doc-5.1766014013.377e64fe-bp160.1.1.aarch64.rpm openQA-local-db-5.1766014013.377e64fe-bp160.1.1.aarch64.rpm openQA-mcp-5.1766014013.377e64fe-bp160.1.1.aarch64.rpm openQA-munin-5.1766014013.377e64fe-bp160.1.1.aarch64.rpm openQA-python-scripts-5.1766014013.377e64fe-bp160.1.1.aarch64.rpm openQA-single-instance-5.1766014013.377e64fe-bp160.1.1.aarch64.rpm openQA-single-instance-nginx-5.1766014013.377e64fe-bp160.1.1.aarch64.rpm openQA-worker-5.1766014013.377e64fe-bp160.1.1.aarch64.rpm os-autoinst-5.1767623406.688dd0e-bp160.1.1.aarch64.rpm os-autoinst-devel-5.1767623406.688dd0e-bp160.1.1.aarch64.rpm os-autoinst-ipmi-deps-5.1767623406.688dd0e-bp160.1.1.aarch64.rpm os-autoinst-openvswitch-5.1767623406.688dd0e-bp160.1.1.aarch64.rpm os-autoinst-s390-deps-5.1767623406.688dd0e-bp160.1.1.aarch64.rpm os-autoinst-swtpm-5.1767623406.688dd0e-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-63 Recommended update for trivy moderate openSUSE Backports SLE-16.0 This update for trivy fixes the following issues: - Update to version 0.68.2: * release: v0.68.2 [release/v0.68] (#9950) * fix(deps): bump alpine from `3.22.1` to `3.23.0` [backport: release/v0.68] (#9949) * ci: enable `check-latest` for `setup-go` [backport: release/v0.68] (#9946) trivy-0.68.2-bp160.1.1.x86_64.rpm trivy-0.68.2-bp160.1.1.s390x.rpm trivy-0.68.2-bp160.1.1.ppc64le.rpm trivy-0.68.2-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-64 Security update for chromium important openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: Changes in chromium: - Chromium 143.0.7499.192 (boo#1256067): * CVE-2026-0628: Insufficient policy enforcement in WebView tag - Chromium 143.0.7499.169 (stable released 2025-12-18) * no cve listed yet chromedriver-143.0.7499.192-bp160.1.1.x86_64.rpm chromium-143.0.7499.192-bp160.1.1.x86_64.rpm chromedriver-143.0.7499.192-bp160.1.1.ppc64le.rpm chromium-143.0.7499.192-bp160.1.1.ppc64le.rpm chromedriver-143.0.7499.192-bp160.1.1.aarch64.rpm chromium-143.0.7499.192-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-65 Recommended update for ranger moderate openSUSE Backports SLE-16.0 This update for ranger fixes the following issues: - Update to version 1.9.4+git20250910.3f7a3546: * img_display: Avoid unicode escape sequences for Ueberzug input * man: fix documentation of which license ranger uses exactly * rifle: fixed+clarified usage string - Update to version 1.9.4+git20250604.7e38143: * fixed bug with command info staying * Revert "fixed open_with bugginess" * fixed open_with bugginess * commands: Reword comment for brevity and accuracy * GHActions: Pass config_files rather than boolean to flake8 * commands: Disable invalid-name and too-many-lines pylints * Pylint: Disable invalid-name and too-many-lines for commands.py * add :unnarrow to disable :narrow mode * rifle: Update version - Update to version 1.9.4+git20250305.7ad50fa: * 7-zip now has an official Linux version (7zz) * add: support for tilde in bookmarks * img_display: address PR feedback * docs: kitty image previews are supported in other terminals now * img_display: auto-detect support for kitty image previews * rifle(terminals): support auto-detecting ghostty terminal emulator * Modified order of expantions in peview_script * Add GNOME papers to document viewers * Added ability to use environmental variables in preview_script option * doc: Regenerate man pages to have the proper version * Makefile: Update version Grep since adding logo to README * ranger/__init__: Caught another unbumped version * mime.types: Add .nim extension for text/plain * Fixed mistooks of nim scripts as a video aNIMations in rifle.conf * GHActions: Pypy don't run old Flake8/Pylint * GHActions: Use Pypy 3.10 * actions: Use keywords for rifle.execute * runner: Allow action as positional argument * ui: Refresh window in initialize * ui: endwin already sets cursor to normal visibility * requirements: Add setuptools * img_display: Silence no-member false positive * core/main: Drop unused variable prefix_length * core,ext: Avoid return in finally shadowing return value * test_py2_compat: Prevent use of yield from * core,ext: Reduce positional arguments where possible * pager,history: Replace branch with min/max builtins * Pylint: Update custom checker for compatibility with 3.3.1 * GHActions: Bump action versions * README: Use forge-agnostic URL * README: Capitalize ranger * README: Bump version * README: Replace Travis with GHActions badge * README: Center header * make logo in readme wider * move the ranger logo to the very top * Add option confirm_on_trash * Fix typos * Add IINA to rifle.conf * browsercolumn: ANSI escape codes support * #1182: Fix signals for OS X - Update to version 1.9.3+git20240801.bd9b37f: * properly decode file:// urls given to ranger as argument (fixes #2900) * fix #2873 WM_NAME now shows "not accessible" in non-existent directories * Fixed inconsistency in ranger documentation where it was stated that commanding 'linemode humanreadablesizemtime' changed the linemode to display human readable modification time and file size, but the correct command for this is 'linemode sizehumanreadablemtime' * README: fix link formatting on github's markdown renderer * README: add liberapay badge * Mention viewmode key binding in man ranger-1.9.4+git20250910.3f7a3546-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-66 Security update for matio important openSUSE Backports SLE-16.0 This update for matio fixes the following issues: - update to version 1.5.29: * Fix printing rank-1-variable in Mat_VarPrint * Fix array index out of bounds in Mat_VarPrint when printing UTF-8 character data (boo#1239678, CVE-2025-2337) * Fix heap-based buffer overflow in strdup_vprintf (boo#1239677, CVE-2025-2338) * Changed Mat_VarPrint to print all values of rank-2-variable * Several other fixes, for example for access violations in Mat_VarPrint - Update to version 1.5.28: * Fixed bug writing MAT_T_INT8/MAT_T_UINT8 encoded character array to compressed v5 MAT file (regression of v1.5.12). * Fixed bug reading all-zero sparse array of v4 MAT file (regression of v1.5.18). * Updated C99 snprintf.c. * CMake: Enabled testing. * Several other fixes, for example for access violations in Mat_VarPrint. libmatio-devel-1.5.29-bp160.1.1.x86_64.rpm libmatio13-1.5.29-bp160.1.1.x86_64.rpm matio-tools-1.5.29-bp160.1.1.x86_64.rpm libmatio-devel-1.5.29-bp160.1.1.s390x.rpm libmatio13-1.5.29-bp160.1.1.s390x.rpm matio-tools-1.5.29-bp160.1.1.s390x.rpm libmatio-devel-1.5.29-bp160.1.1.ppc64le.rpm libmatio13-1.5.29-bp160.1.1.ppc64le.rpm matio-tools-1.5.29-bp160.1.1.ppc64le.rpm libmatio-devel-1.5.29-bp160.1.1.aarch64.rpm libmatio13-1.5.29-bp160.1.1.aarch64.rpm matio-tools-1.5.29-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-67 Recommended update for grub2-compat-ia32 moderate openSUSE Backports SLE-16.0 This update for grub2-compat-ia32 fixes the following issues: - Drop update-bootloader --get as it returns 0 even if the variable is unset - Add update-bootloader also into post and postun Requires grub2-compat-ia32-1-bp160.2.1.noarch.rpm openSUSE-Leap-16.0-packagehub-68 Optional update for certbot moderate openSUSE Backports SLE-16.0 This update for certbot fixes the following issues: Various certbot packages and dependencies are being added. certbot-systemd-timer-0.0-bp160.1.1.noarch.rpm python313-augeas-1.2.0-bp160.1.1.x86_64.rpm python313-bson-0.5.10-bp160.1.1.noarch.rpm python313-certbot-apache-5.1.0-bp160.1.1.noarch.rpm python313-certbot-dns-cloudflare-5.1.0-bp160.1.1.noarch.rpm python313-certbot-dns-digitalocean-5.1.0-bp160.1.1.noarch.rpm python313-certbot-dns-dnsimple-5.1.0-bp160.1.1.noarch.rpm python313-certbot-dns-dnsmadeeasy-5.1.0-bp160.1.1.noarch.rpm python313-certbot-dns-linode-5.1.0-bp160.1.1.noarch.rpm python313-certbot-dns-luadns-5.1.0-bp160.1.1.noarch.rpm python313-certbot-dns-nsone-5.1.0-bp160.1.1.noarch.rpm python313-certbot-dns-ovh-5.1.0-bp160.1.1.noarch.rpm python313-certbot-dns-rfc2136-5.1.0-bp160.1.1.noarch.rpm python313-certbot-dns-route53-5.1.0-bp160.1.1.noarch.rpm python313-cloudflare-2.20.0-bp160.1.1.noarch.rpm python313-digitalocean-1.17.0-bp160.1.1.noarch.rpm python313-dns-lexicon-3.23.2-bp160.1.1.noarch.rpm python313-jsonlines-4.0.0-bp160.1.1.noarch.rpm python313-jsonpickle-4.1.1-bp160.1.1.noarch.rpm python313-localzone-0.9.8-bp160.1.1.noarch.rpm python313-pytest-httpx-0.35.0-bp160.1.1.noarch.rpm python313-requests-file-2.1.0-bp160.1.1.noarch.rpm python313-softlayer-6.2.7-bp160.1.1.noarch.rpm python313-softlayer-zeep-5.0.0-bp160.1.1.noarch.rpm python313-tldextract-5.3.0-bp160.1.1.noarch.rpm python313-augeas-1.2.0-bp160.1.1.s390x.rpm python313-augeas-1.2.0-bp160.1.1.ppc64le.rpm python313-augeas-1.2.0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-69 Recommended update for openQA, os-autoinst, openQA-devel-container moderate openSUSE Backports SLE-16.0 This update for openQA, os-autoinst, openQA-devel-container fixes the following issues: Changes in openQA: Thu Jan 08 10:09:35 UTC 2026 - okurz@suse.com - Update to version 5.1767864265.63cd20df: * Skip caching for KERNEL and INITRD variables - Update to version 5.1766150951.2799046e: * Coverage of openQA: add folder Client/ in codecov.yaml * Improve openQA coverage of _download_handler in Archive.pm - Update to version 5.1766053374.57cdeee3: * fix(docs): Fix indentation in job template examples Changes in os-autoinst: - Update to version 5.1767893100.fd5003c: * Add documentation of APPEND variable * Add undocumented KERNEL/INITRD to the supported variables * os-autoinst-generate-needle-preview: Embed PNG * Tweak curl call not to hang * Fix opencv dependency due to upstream changes Changes in openQA-devel-container: - Update to version 5.1767864265.63cd20dfc: * Update to latest openQA version openQA-5.1767864265.63cd20df-bp160.1.1.x86_64.rpm openQA-auto-update-5.1767864265.63cd20df-bp160.1.1.x86_64.rpm openQA-bootstrap-5.1767864265.63cd20df-bp160.1.1.x86_64.rpm openQA-client-5.1767864265.63cd20df-bp160.1.1.x86_64.rpm openQA-common-5.1767864265.63cd20df-bp160.1.1.x86_64.rpm openQA-continuous-update-5.1767864265.63cd20df-bp160.1.1.x86_64.rpm openQA-devel-5.1767864265.63cd20df-bp160.1.1.x86_64.rpm openQA-doc-5.1767864265.63cd20df-bp160.1.1.x86_64.rpm openQA-local-db-5.1767864265.63cd20df-bp160.1.1.x86_64.rpm openQA-mcp-5.1767864265.63cd20df-bp160.1.1.x86_64.rpm openQA-munin-5.1767864265.63cd20df-bp160.1.1.x86_64.rpm openQA-python-scripts-5.1767864265.63cd20df-bp160.1.1.x86_64.rpm openQA-single-instance-5.1767864265.63cd20df-bp160.1.1.x86_64.rpm openQA-single-instance-nginx-5.1767864265.63cd20df-bp160.1.1.x86_64.rpm openQA-worker-5.1767864265.63cd20df-bp160.1.1.x86_64.rpm os-autoinst-5.1767893100.fd5003c-bp160.1.1.x86_64.rpm os-autoinst-devel-5.1767893100.fd5003c-bp160.1.1.x86_64.rpm os-autoinst-ipmi-deps-5.1767893100.fd5003c-bp160.1.1.x86_64.rpm os-autoinst-openvswitch-5.1767893100.fd5003c-bp160.1.1.x86_64.rpm os-autoinst-qemu-kvm-5.1767893100.fd5003c-bp160.1.1.x86_64.rpm os-autoinst-qemu-x86-5.1767893100.fd5003c-bp160.1.1.x86_64.rpm os-autoinst-s390-deps-5.1767893100.fd5003c-bp160.1.1.x86_64.rpm os-autoinst-swtpm-5.1767893100.fd5003c-bp160.1.1.x86_64.rpm openQA-5.1767864265.63cd20df-bp160.1.1.s390x.rpm openQA-auto-update-5.1767864265.63cd20df-bp160.1.1.s390x.rpm openQA-bootstrap-5.1767864265.63cd20df-bp160.1.1.s390x.rpm openQA-client-5.1767864265.63cd20df-bp160.1.1.s390x.rpm openQA-common-5.1767864265.63cd20df-bp160.1.1.s390x.rpm openQA-continuous-update-5.1767864265.63cd20df-bp160.1.1.s390x.rpm openQA-devel-5.1767864265.63cd20df-bp160.1.1.s390x.rpm openQA-doc-5.1767864265.63cd20df-bp160.1.1.s390x.rpm openQA-local-db-5.1767864265.63cd20df-bp160.1.1.s390x.rpm openQA-mcp-5.1767864265.63cd20df-bp160.1.1.s390x.rpm openQA-munin-5.1767864265.63cd20df-bp160.1.1.s390x.rpm openQA-python-scripts-5.1767864265.63cd20df-bp160.1.1.s390x.rpm openQA-single-instance-5.1767864265.63cd20df-bp160.1.1.s390x.rpm openQA-single-instance-nginx-5.1767864265.63cd20df-bp160.1.1.s390x.rpm openQA-worker-5.1767864265.63cd20df-bp160.1.1.s390x.rpm os-autoinst-5.1767893100.fd5003c-bp160.1.1.s390x.rpm os-autoinst-devel-5.1767893100.fd5003c-bp160.1.1.s390x.rpm os-autoinst-ipmi-deps-5.1767893100.fd5003c-bp160.1.1.s390x.rpm os-autoinst-openvswitch-5.1767893100.fd5003c-bp160.1.1.s390x.rpm os-autoinst-s390-deps-5.1767893100.fd5003c-bp160.1.1.s390x.rpm os-autoinst-swtpm-5.1767893100.fd5003c-bp160.1.1.s390x.rpm openQA-5.1767864265.63cd20df-bp160.1.1.ppc64le.rpm openQA-auto-update-5.1767864265.63cd20df-bp160.1.1.ppc64le.rpm openQA-bootstrap-5.1767864265.63cd20df-bp160.1.1.ppc64le.rpm openQA-client-5.1767864265.63cd20df-bp160.1.1.ppc64le.rpm openQA-common-5.1767864265.63cd20df-bp160.1.1.ppc64le.rpm openQA-continuous-update-5.1767864265.63cd20df-bp160.1.1.ppc64le.rpm openQA-devel-5.1767864265.63cd20df-bp160.1.1.ppc64le.rpm openQA-doc-5.1767864265.63cd20df-bp160.1.1.ppc64le.rpm openQA-local-db-5.1767864265.63cd20df-bp160.1.1.ppc64le.rpm openQA-mcp-5.1767864265.63cd20df-bp160.1.1.ppc64le.rpm openQA-munin-5.1767864265.63cd20df-bp160.1.1.ppc64le.rpm openQA-python-scripts-5.1767864265.63cd20df-bp160.1.1.ppc64le.rpm openQA-single-instance-5.1767864265.63cd20df-bp160.1.1.ppc64le.rpm openQA-single-instance-nginx-5.1767864265.63cd20df-bp160.1.1.ppc64le.rpm openQA-worker-5.1767864265.63cd20df-bp160.1.1.ppc64le.rpm os-autoinst-5.1767893100.fd5003c-bp160.1.1.ppc64le.rpm os-autoinst-devel-5.1767893100.fd5003c-bp160.1.1.ppc64le.rpm os-autoinst-ipmi-deps-5.1767893100.fd5003c-bp160.1.1.ppc64le.rpm os-autoinst-openvswitch-5.1767893100.fd5003c-bp160.1.1.ppc64le.rpm os-autoinst-s390-deps-5.1767893100.fd5003c-bp160.1.1.ppc64le.rpm os-autoinst-swtpm-5.1767893100.fd5003c-bp160.1.1.ppc64le.rpm openQA-5.1767864265.63cd20df-bp160.1.1.aarch64.rpm openQA-auto-update-5.1767864265.63cd20df-bp160.1.1.aarch64.rpm openQA-bootstrap-5.1767864265.63cd20df-bp160.1.1.aarch64.rpm openQA-client-5.1767864265.63cd20df-bp160.1.1.aarch64.rpm openQA-common-5.1767864265.63cd20df-bp160.1.1.aarch64.rpm openQA-continuous-update-5.1767864265.63cd20df-bp160.1.1.aarch64.rpm openQA-devel-5.1767864265.63cd20df-bp160.1.1.aarch64.rpm openQA-doc-5.1767864265.63cd20df-bp160.1.1.aarch64.rpm openQA-local-db-5.1767864265.63cd20df-bp160.1.1.aarch64.rpm openQA-mcp-5.1767864265.63cd20df-bp160.1.1.aarch64.rpm openQA-munin-5.1767864265.63cd20df-bp160.1.1.aarch64.rpm openQA-python-scripts-5.1767864265.63cd20df-bp160.1.1.aarch64.rpm openQA-single-instance-5.1767864265.63cd20df-bp160.1.1.aarch64.rpm openQA-single-instance-nginx-5.1767864265.63cd20df-bp160.1.1.aarch64.rpm openQA-worker-5.1767864265.63cd20df-bp160.1.1.aarch64.rpm os-autoinst-5.1767893100.fd5003c-bp160.1.1.aarch64.rpm os-autoinst-devel-5.1767893100.fd5003c-bp160.1.1.aarch64.rpm os-autoinst-ipmi-deps-5.1767893100.fd5003c-bp160.1.1.aarch64.rpm os-autoinst-openvswitch-5.1767893100.fd5003c-bp160.1.1.aarch64.rpm os-autoinst-s390-deps-5.1767893100.fd5003c-bp160.1.1.aarch64.rpm os-autoinst-swtpm-5.1767893100.fd5003c-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-7 Security update for warewulf4 important openSUSE Backports SLE-16.0 This update for warewulf4 fixes the following issues: Changes in warewulf4: - Update to version 4.6.4: * v4.6.4 release updates * Convert disk booleans from wwbool to *bool which allows bools in disk to be set to false via command line (bsc#1248768) * Update NetworkManager Overlay * Disable ipv4 in NetworkManager if no address or route is specified * fix(wwctl): Create overlay edit tempfile in tmpdir * Add default for systemd name for warewulf in warewulf.conf * Atomic overlay file application in wwclient * Simpler names for overlay methods * Fix warewulfd api behavior when deleting distribution overlay - Update to version 4.6.3: * v4.6.3 release * IPv6 iPXE support * Fix a syntax error in the RPM specfile * Fix a race condition in wwctl overlay edit * Fixed handling of comma-separated mount options in `fstab` and `ignition` overlays * Move reexec.Init() to beginning of wwctl * Add documentation for using tmpfs to distribute across numa nodes * added warewuld configure option * Fix wwctl upgrade nodes to handle kernel argument lists (bsc#1227686 bsc#1227465) * Address copilot review from #1945 * Refactor wwapi tests for proper isolation * Bugfix: cloning a site overlay when parent dir does not exist * Clone to a site overlay when adding files in wwapi * Consolidated createOverlayFile and updateOverlayFile to addOverlayFile * Support for creating and updating overlay file in wwapi * Only return overlay files that refer to a path within the overlay * add overlay file deletion support * DELETE /api/overlays/{id}?force=true can delete overlays in use * Restore idempotency of PUT /api/nodes/{id} * Simplify overlay mtime api and add tests * add node overlay buildtime * Improved netplan support * Rebuild overlays for discovered nodes * Restrict userdocs from building during pr when not modified * Update to v4.6.2 GitHub release notes warewulf4-4.6.4-bp160.1.1.aarch64.rpm warewulf4-dracut-4.6.4-bp160.1.1.noarch.rpm warewulf4-man-4.6.4-bp160.1.1.noarch.rpm warewulf4-overlay-4.6.4-bp160.1.1.aarch64.rpm warewulf4-overlay-rke2-4.6.4-bp160.1.1.noarch.rpm warewulf4-overlay-slurm-4.6.4-bp160.1.1.noarch.rpm warewulf4-reference-doc-4.6.4-bp160.1.1.noarch.rpm warewulf4-4.6.4-bp160.1.1.x86_64.rpm warewulf4-overlay-4.6.4-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-70 Security update for wget2 important openSUSE Backports SLE-16.0 This update for wget2 fixes the following issues: Changes in wget2: - Update to release 2.2.1 * Fix file overwrite issue with metalink [CVE-2025-69194 bsc#1255728] * Fix remote buffer overflow in get_local_filename_real() [CVE-2025-69195 bsc#1255729] * Fix a redirect/mirror regression from 400713ca * Use the local system timestamp when requested via --no-use-server-timestamps * Prevent file truncation with --no-clobber * Improve messages about why URLs are not being followed * Fix metalink with -O/--output-document * Fix sorting of metalink mirrors by priority * Add --show-progress to improve backwards compatibility to wget * Fix buffer overflow in wget_iri_clone() after wget_iri_set_scheme() * Allow 'no_' prefix in config options * Use libnghttp2 for HTTP/2 testing * Set exit status to 8 on 403 response code * Fix convert-links * Fix --server-response for HTTP/1.1 - Update to release 2.2.0 * Don't truncate file when -c and -O are combined * Don't log URI userinfo to logs * Fix downloading multiple files via HTTP/2 * Support connecting with HTTP/1.0 proxies * Ignore 1xx HTTP responses for HTTP/1.1 * Disable TCP Fast Open by default * Fix segfault when OCSP response is missing * Add libproxy support libwget4-2.2.1-bp160.1.1.x86_64.rpm wget2-2.2.1-bp160.1.1.x86_64.rpm wget2-devel-2.2.1-bp160.1.1.x86_64.rpm libwget4-2.2.1-bp160.1.1.s390x.rpm wget2-2.2.1-bp160.1.1.s390x.rpm wget2-devel-2.2.1-bp160.1.1.s390x.rpm libwget4-2.2.1-bp160.1.1.ppc64le.rpm wget2-2.2.1-bp160.1.1.ppc64le.rpm wget2-devel-2.2.1-bp160.1.1.ppc64le.rpm libwget4-2.2.1-bp160.1.1.aarch64.rpm wget2-2.2.1-bp160.1.1.aarch64.rpm wget2-devel-2.2.1-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-71 Recommended update for knot moderate openSUSE Backports SLE-16.0 This update for knot fixes the following issues: - update to version 3.5.2, see https://www.knot-dns.cz/2025-11-28-version-352.html knot-3.5.2-bp160.1.1.x86_64.rpm knot-devel-3.5.2-bp160.1.1.x86_64.rpm knot-utils-3.5.2-bp160.1.1.x86_64.rpm libdnssec10-3.5.2-bp160.1.1.x86_64.rpm libknot16-3.5.2-bp160.1.1.x86_64.rpm libzscanner5-3.5.2-bp160.1.1.x86_64.rpm knot-3.5.2-bp160.1.1.s390x.rpm knot-devel-3.5.2-bp160.1.1.s390x.rpm knot-utils-3.5.2-bp160.1.1.s390x.rpm libdnssec10-3.5.2-bp160.1.1.s390x.rpm libknot16-3.5.2-bp160.1.1.s390x.rpm libzscanner5-3.5.2-bp160.1.1.s390x.rpm knot-3.5.2-bp160.1.1.ppc64le.rpm knot-devel-3.5.2-bp160.1.1.ppc64le.rpm knot-utils-3.5.2-bp160.1.1.ppc64le.rpm libdnssec10-3.5.2-bp160.1.1.ppc64le.rpm libknot16-3.5.2-bp160.1.1.ppc64le.rpm libzscanner5-3.5.2-bp160.1.1.ppc64le.rpm knot-3.5.2-bp160.1.1.aarch64.rpm knot-devel-3.5.2-bp160.1.1.aarch64.rpm knot-utils-3.5.2-bp160.1.1.aarch64.rpm libdnssec10-3.5.2-bp160.1.1.aarch64.rpm libknot16-3.5.2-bp160.1.1.aarch64.rpm libzscanner5-3.5.2-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-72 Security update for MozillaThunderbird important openSUSE Backports SLE-16.0 This update for MozillaThunderbird fixes the following issues: Changes in MozillaThunderbird: - Mozilla Thunderbird 140.6.0 ESR MFSA 2025-96 (bsc#1254551) * CVE-2025-14321 (bmo#1992760) Use-after-free in the WebRTC: Signaling component * CVE-2025-14322 (bmo#1996473) Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component * CVE-2025-14323 (bmo#1996555) Privilege escalation in the DOM: Notifications component * CVE-2025-14324 (bmo#1996840) JIT miscompilation in the JavaScript Engine: JIT component * CVE-2025-14325 (bmo#1998050) JIT miscompilation in the JavaScript Engine: JIT component * CVE-2025-14328 (bmo#1996761) Privilege escalation in the Netmonitor component * CVE-2025-14329 (bmo#1997018) Privilege escalation in the Netmonitor component * CVE-2025-14330 (bmo#1997503) JIT miscompilation in the JavaScript Engine: JIT component * CVE-2025-14331 (bmo#2000218) Same-origin policy bypass in the Request Handling component * CVE-2025-14333 (bmo#1966501, bmo#1997639) Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146 MozillaThunderbird-140.6.0-bp160.1.1.x86_64.rpm MozillaThunderbird-openpgp-librnp-140.6.0-bp160.1.1.x86_64.rpm MozillaThunderbird-translations-common-140.6.0-bp160.1.1.x86_64.rpm MozillaThunderbird-translations-other-140.6.0-bp160.1.1.x86_64.rpm MozillaThunderbird-140.6.0-bp160.1.1.s390x.rpm MozillaThunderbird-openpgp-librnp-140.6.0-bp160.1.1.s390x.rpm MozillaThunderbird-translations-common-140.6.0-bp160.1.1.s390x.rpm MozillaThunderbird-translations-other-140.6.0-bp160.1.1.s390x.rpm MozillaThunderbird-140.6.0-bp160.1.1.ppc64le.rpm MozillaThunderbird-openpgp-librnp-140.6.0-bp160.1.1.ppc64le.rpm MozillaThunderbird-translations-common-140.6.0-bp160.1.1.ppc64le.rpm MozillaThunderbird-translations-other-140.6.0-bp160.1.1.ppc64le.rpm MozillaThunderbird-140.6.0-bp160.1.1.aarch64.rpm MozillaThunderbird-openpgp-librnp-140.6.0-bp160.1.1.aarch64.rpm MozillaThunderbird-translations-common-140.6.0-bp160.1.1.aarch64.rpm MozillaThunderbird-translations-other-140.6.0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-73 Recommended update for apache2-mod_wsgi moderate openSUSE Backports SLE-16.0 This update for apache2-mod_wsgi fixes the following issues: Changes in apache2-mod_wsgi: - Don't enable the module by default. Instead, include instructions in the description, consistent with other comparable modules, such as apache2-mod_fcgid, apache2-mod_jk and apache2-mod_mono. If a reverse dependency of this module requires it, that package may execute `a2enmod wsgi`. Update to 5.0.2 includes changes from 5.0.1: * Eliminate noise in logs under Python 3.13 when Python garbage collection decides to delay destruction of objects until a second phase, resulting in the wsgi.errors log object being accessed after the request had been completed and the log object marked as invalid. This resulted due to changes in garbage collection behaviour in Python 3.13. * Internally, when using Python 3.8 or newer, the PyConfig API will now be used due to deprecation and future removal of older C API alternatives. This was required to support Python 3.13. * Fix issue which could result in process crashing when values were supplied for user/password/realm of HTTP basic authentication which weren’t compliant with UTF-8 encoding format. * Fix memory leak in check_password() authentication hook handler. * Change use of deprecated thread.setDaemon to thread.daemon. apache2-mod_wsgi-5.0.2-bp160.1.1.x86_64.rpm apache2-mod_wsgi-5.0.2-bp160.1.1.s390x.rpm apache2-mod_wsgi-5.0.2-bp160.1.1.ppc64le.rpm apache2-mod_wsgi-5.0.2-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-74 Recommended update for fcitx5 moderate openSUSE Backports SLE-16.0 This update for fcitx5 fixes the following issues: - Use return instead of exit in 20-fcitx-plasma-setup.sh (boo#1255237) - Replace "IBus" with "Fcitx" in a log message fcitx5-5.1.13-bp160.3.1.x86_64.rpm fcitx5-devel-5.1.13-bp160.3.1.x86_64.rpm libFcitx5Config6-5.1.13-bp160.3.1.x86_64.rpm libFcitx5Core7-5.1.13-bp160.3.1.x86_64.rpm libFcitx5Utils2-5.1.13-bp160.3.1.x86_64.rpm fcitx5-5.1.13-bp160.3.1.s390x.rpm fcitx5-devel-5.1.13-bp160.3.1.s390x.rpm libFcitx5Config6-5.1.13-bp160.3.1.s390x.rpm libFcitx5Core7-5.1.13-bp160.3.1.s390x.rpm libFcitx5Utils2-5.1.13-bp160.3.1.s390x.rpm fcitx5-5.1.13-bp160.3.1.ppc64le.rpm fcitx5-devel-5.1.13-bp160.3.1.ppc64le.rpm libFcitx5Config6-5.1.13-bp160.3.1.ppc64le.rpm libFcitx5Core7-5.1.13-bp160.3.1.ppc64le.rpm libFcitx5Utils2-5.1.13-bp160.3.1.ppc64le.rpm fcitx5-5.1.13-bp160.3.1.aarch64.rpm fcitx5-devel-5.1.13-bp160.3.1.aarch64.rpm libFcitx5Config6-5.1.13-bp160.3.1.aarch64.rpm libFcitx5Core7-5.1.13-bp160.3.1.aarch64.rpm libFcitx5Utils2-5.1.13-bp160.3.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-75 Recommended update for flint moderate openSUSE Backports SLE-16.0 This update for flint fixes the following issues: Changes in flint: - Fixed a compile error for downstream users when using -std=c23 or a newer GCC which defaults to such. flint-devel-3.1.3-bp160.2.1.x86_64.rpm libflint19-3.1.3-bp160.2.1.x86_64.rpm flint-devel-3.1.3-bp160.2.1.s390x.rpm libflint19-3.1.3-bp160.2.1.s390x.rpm flint-devel-3.1.3-bp160.2.1.ppc64le.rpm libflint19-3.1.3-bp160.2.1.ppc64le.rpm flint-devel-3.1.3-bp160.2.1.aarch64.rpm libflint19-3.1.3-bp160.2.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-76 Optional update for dehydrated moderate openSUSE Backports SLE-16.0 This update for dehydrated fixes the following issues: Adds dehydrated to PackageHub / Leap 16.0. dehydrated-0.7.1-bp160.1.1.noarch.rpm dehydrated-apache2-0.7.1-bp160.1.1.noarch.rpm dehydrated-nginx-0.7.1-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-77 Recommended update for polymake, cddlib moderate openSUSE Backports SLE-16.0 This update for polymake, cddlib fixes the following issues: Changes in polymake: - Enable polydb for Tumbleweed / suse_version >=1690 - Reenable callable library mode [boo#1256453] - Update to release 4.15 * graph: graphviz: use PDF instead of PS * polytope: MILP: allow non-rational coordinates * Some bugfixes - Update to release 4.14 * tropical: cone: refactoring and fixes for DOME, COVECTORs and PSEUDOVERTICES * tropical: polytope: fix vertices computation * tropical: hypersurface: fixes for monomials and binomials - Update to release 4.13 * Support for Perl 5.40 and -std=c++20 builds Changes in cddlib: - Update to release 0.94n * Fixed a potential dd_MatrixCanonicalize segfault. * cddlib.pc file now points to the non-GMP version, and cddgmp.pc has been added for the GMP version. * Copy certificate and handle errors correctly in dd_SRedundant for the V-representation code path. * cddlib is now thread-safe. libpolymake4_15-4.15-bp160.1.1.x86_64.rpm polymake-4.15-bp160.1.1.x86_64.rpm polymake-devel-4.15-bp160.1.1.x86_64.rpm cddlib-devel-0.94n-bp160.1.1.x86_64.rpm cddlib-doc-0.94n-bp160.1.1.noarch.rpm cddlib-tools-0.94n-bp160.1.1.x86_64.rpm libcdd0-0.94n-bp160.1.1.x86_64.rpm libpolymake4_15-4.15-bp160.1.1.s390x.rpm polymake-4.15-bp160.1.1.s390x.rpm polymake-devel-4.15-bp160.1.1.s390x.rpm cddlib-devel-0.94n-bp160.1.1.s390x.rpm cddlib-tools-0.94n-bp160.1.1.s390x.rpm libcdd0-0.94n-bp160.1.1.s390x.rpm libpolymake4_15-4.15-bp160.1.1.ppc64le.rpm polymake-4.15-bp160.1.1.ppc64le.rpm polymake-devel-4.15-bp160.1.1.ppc64le.rpm cddlib-devel-0.94n-bp160.1.1.ppc64le.rpm cddlib-tools-0.94n-bp160.1.1.ppc64le.rpm libcdd0-0.94n-bp160.1.1.ppc64le.rpm libpolymake4_15-4.15-bp160.1.1.aarch64.rpm polymake-4.15-bp160.1.1.aarch64.rpm polymake-devel-4.15-bp160.1.1.aarch64.rpm cddlib-devel-0.94n-bp160.1.1.aarch64.rpm cddlib-tools-0.94n-bp160.1.1.aarch64.rpm libcdd0-0.94n-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-78 Recommended update for ansible-sap-launchpad moderate openSUSE Backports SLE-16.0 This update for ansible-sap-launchpad fixes the following issues: Changes in ansible-sap-launchpad: - Refactor Ansible Modules and adjust for ansible-core 2.19. - 1.3.1 - Bugfixes: - collection: Add ansible-test sanity workflow and fix sanity errors - 1.3.0 - Changes: - collection: Refactor all Ansible Modules - sap_software_download: Update for ansible-core 2.19 - Bugfixes: - sap_software_download: Fix for failed checksums not correctly retrying ansible-sap-launchpad-1.3.1-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-79 Recommended update for openQA, os-autoinst, openQA-devel-container moderate openSUSE Backports SLE-16.0 This update for openQA, os-autoinst, openQA-devel-container fixes the following issues: Changes in openQA: - Update to version 5.1768323619.9a70ab91: * refactor: Extend tests of df-based cleanup * fix: Avoid wrong deletion of archived jobs in df-based cleanup * refactor: Move logic for validating percentage into helper * refactor: Clarify wording in comment regarding job cleanup * Use template literals in certain JavaScript code * Retry delete_needles job on server restart * Add test for _delete_needles * feat(OpenQA::Git): Cleanup git dir in commit() on shutdown * feat: Improve rendering results on the scheduled product page - Update to version 5.1768209690.f34c2973: * feat(scheduled-products): Allow adding note to result data * docs: Use node_modules target * docs: Mention minimum PostgreSQL version * ci: Update PostgreSQL in CI/packaging to at least 14 * Revert "Add MCP tool annotations for Claude connector compliance" - Update to version 5.1767868268.dacbd3f7: * Add MCP tool annotations for Claude connector compliance Changes in os-autoinst: - Update to version 5.1768317525.86a9a7f: * fix(dist): exclude unstable t/28-signalblocker.t in OBS checks * Remove deprecated BIOS and UEFI_PFLASH variables * Add documentation of APPEND variable * Add undocumented KERNEL/INITRD to the supported variables * os-autoinst-generate-needle-preview: Embed PNG Changes in openQA-devel-container: - Update to version 5.1768323619.9a70ab916: * Update to latest openQA version openQA-5.1768323619.9a70ab91-bp160.1.1.x86_64.rpm openQA-auto-update-5.1768323619.9a70ab91-bp160.1.1.x86_64.rpm openQA-bootstrap-5.1768323619.9a70ab91-bp160.1.1.x86_64.rpm openQA-client-5.1768323619.9a70ab91-bp160.1.1.x86_64.rpm openQA-common-5.1768323619.9a70ab91-bp160.1.1.x86_64.rpm openQA-continuous-update-5.1768323619.9a70ab91-bp160.1.1.x86_64.rpm openQA-devel-5.1768323619.9a70ab91-bp160.1.1.x86_64.rpm openQA-doc-5.1768323619.9a70ab91-bp160.1.1.x86_64.rpm openQA-local-db-5.1768323619.9a70ab91-bp160.1.1.x86_64.rpm openQA-mcp-5.1768323619.9a70ab91-bp160.1.1.x86_64.rpm openQA-munin-5.1768323619.9a70ab91-bp160.1.1.x86_64.rpm openQA-python-scripts-5.1768323619.9a70ab91-bp160.1.1.x86_64.rpm openQA-single-instance-5.1768323619.9a70ab91-bp160.1.1.x86_64.rpm openQA-single-instance-nginx-5.1768323619.9a70ab91-bp160.1.1.x86_64.rpm openQA-worker-5.1768323619.9a70ab91-bp160.1.1.x86_64.rpm os-autoinst-5.1768317525.86a9a7f-bp160.1.1.x86_64.rpm os-autoinst-devel-5.1768317525.86a9a7f-bp160.1.1.x86_64.rpm os-autoinst-ipmi-deps-5.1768317525.86a9a7f-bp160.1.1.x86_64.rpm os-autoinst-openvswitch-5.1768317525.86a9a7f-bp160.1.1.x86_64.rpm os-autoinst-qemu-kvm-5.1768317525.86a9a7f-bp160.1.1.x86_64.rpm os-autoinst-qemu-x86-5.1768317525.86a9a7f-bp160.1.1.x86_64.rpm os-autoinst-s390-deps-5.1768317525.86a9a7f-bp160.1.1.x86_64.rpm os-autoinst-swtpm-5.1768317525.86a9a7f-bp160.1.1.x86_64.rpm openQA-5.1768323619.9a70ab91-bp160.1.1.s390x.rpm openQA-auto-update-5.1768323619.9a70ab91-bp160.1.1.s390x.rpm openQA-bootstrap-5.1768323619.9a70ab91-bp160.1.1.s390x.rpm openQA-client-5.1768323619.9a70ab91-bp160.1.1.s390x.rpm openQA-common-5.1768323619.9a70ab91-bp160.1.1.s390x.rpm openQA-continuous-update-5.1768323619.9a70ab91-bp160.1.1.s390x.rpm openQA-devel-5.1768323619.9a70ab91-bp160.1.1.s390x.rpm openQA-doc-5.1768323619.9a70ab91-bp160.1.1.s390x.rpm openQA-local-db-5.1768323619.9a70ab91-bp160.1.1.s390x.rpm openQA-mcp-5.1768323619.9a70ab91-bp160.1.1.s390x.rpm openQA-munin-5.1768323619.9a70ab91-bp160.1.1.s390x.rpm openQA-python-scripts-5.1768323619.9a70ab91-bp160.1.1.s390x.rpm openQA-single-instance-5.1768323619.9a70ab91-bp160.1.1.s390x.rpm openQA-single-instance-nginx-5.1768323619.9a70ab91-bp160.1.1.s390x.rpm openQA-worker-5.1768323619.9a70ab91-bp160.1.1.s390x.rpm os-autoinst-5.1768317525.86a9a7f-bp160.1.1.s390x.rpm os-autoinst-devel-5.1768317525.86a9a7f-bp160.1.1.s390x.rpm os-autoinst-ipmi-deps-5.1768317525.86a9a7f-bp160.1.1.s390x.rpm os-autoinst-openvswitch-5.1768317525.86a9a7f-bp160.1.1.s390x.rpm os-autoinst-s390-deps-5.1768317525.86a9a7f-bp160.1.1.s390x.rpm os-autoinst-swtpm-5.1768317525.86a9a7f-bp160.1.1.s390x.rpm openQA-5.1768323619.9a70ab91-bp160.1.1.ppc64le.rpm openQA-auto-update-5.1768323619.9a70ab91-bp160.1.1.ppc64le.rpm openQA-bootstrap-5.1768323619.9a70ab91-bp160.1.1.ppc64le.rpm openQA-client-5.1768323619.9a70ab91-bp160.1.1.ppc64le.rpm openQA-common-5.1768323619.9a70ab91-bp160.1.1.ppc64le.rpm openQA-continuous-update-5.1768323619.9a70ab91-bp160.1.1.ppc64le.rpm openQA-devel-5.1768323619.9a70ab91-bp160.1.1.ppc64le.rpm openQA-doc-5.1768323619.9a70ab91-bp160.1.1.ppc64le.rpm openQA-local-db-5.1768323619.9a70ab91-bp160.1.1.ppc64le.rpm openQA-mcp-5.1768323619.9a70ab91-bp160.1.1.ppc64le.rpm openQA-munin-5.1768323619.9a70ab91-bp160.1.1.ppc64le.rpm openQA-python-scripts-5.1768323619.9a70ab91-bp160.1.1.ppc64le.rpm openQA-single-instance-5.1768323619.9a70ab91-bp160.1.1.ppc64le.rpm openQA-single-instance-nginx-5.1768323619.9a70ab91-bp160.1.1.ppc64le.rpm openQA-worker-5.1768323619.9a70ab91-bp160.1.1.ppc64le.rpm os-autoinst-5.1768317525.86a9a7f-bp160.1.1.ppc64le.rpm os-autoinst-devel-5.1768317525.86a9a7f-bp160.1.1.ppc64le.rpm os-autoinst-ipmi-deps-5.1768317525.86a9a7f-bp160.1.1.ppc64le.rpm os-autoinst-openvswitch-5.1768317525.86a9a7f-bp160.1.1.ppc64le.rpm os-autoinst-s390-deps-5.1768317525.86a9a7f-bp160.1.1.ppc64le.rpm os-autoinst-swtpm-5.1768317525.86a9a7f-bp160.1.1.ppc64le.rpm openQA-5.1768323619.9a70ab91-bp160.1.1.aarch64.rpm openQA-auto-update-5.1768323619.9a70ab91-bp160.1.1.aarch64.rpm openQA-bootstrap-5.1768323619.9a70ab91-bp160.1.1.aarch64.rpm openQA-client-5.1768323619.9a70ab91-bp160.1.1.aarch64.rpm openQA-common-5.1768323619.9a70ab91-bp160.1.1.aarch64.rpm openQA-continuous-update-5.1768323619.9a70ab91-bp160.1.1.aarch64.rpm openQA-devel-5.1768323619.9a70ab91-bp160.1.1.aarch64.rpm openQA-doc-5.1768323619.9a70ab91-bp160.1.1.aarch64.rpm openQA-local-db-5.1768323619.9a70ab91-bp160.1.1.aarch64.rpm openQA-mcp-5.1768323619.9a70ab91-bp160.1.1.aarch64.rpm openQA-munin-5.1768323619.9a70ab91-bp160.1.1.aarch64.rpm openQA-python-scripts-5.1768323619.9a70ab91-bp160.1.1.aarch64.rpm openQA-single-instance-5.1768323619.9a70ab91-bp160.1.1.aarch64.rpm openQA-single-instance-nginx-5.1768323619.9a70ab91-bp160.1.1.aarch64.rpm openQA-worker-5.1768323619.9a70ab91-bp160.1.1.aarch64.rpm os-autoinst-5.1768317525.86a9a7f-bp160.1.1.aarch64.rpm os-autoinst-devel-5.1768317525.86a9a7f-bp160.1.1.aarch64.rpm os-autoinst-ipmi-deps-5.1768317525.86a9a7f-bp160.1.1.aarch64.rpm os-autoinst-openvswitch-5.1768317525.86a9a7f-bp160.1.1.aarch64.rpm os-autoinst-s390-deps-5.1768317525.86a9a7f-bp160.1.1.aarch64.rpm os-autoinst-swtpm-5.1768317525.86a9a7f-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-8 Security update for chromium moderate openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: Chromium 141.0.7390.122: * CVE-2025-12036: Inappropriate implementation in V8 (boo#1252402) chromedriver-141.0.7390.122-bp160.1.1.aarch64.rpm chromium-141.0.7390.122-bp160.1.1.aarch64.rpm chromedriver-141.0.7390.122-bp160.1.1.ppc64le.rpm chromium-141.0.7390.122-bp160.1.1.ppc64le.rpm chromedriver-141.0.7390.122-bp160.1.1.x86_64.rpm chromium-141.0.7390.122-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-80 Security update for chromium moderate openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: Changes in chromium: - Chromium 144.0.7559.59 (boo#1256614) * CVE-2026-0899: Out of bounds memory access in V8 * CVE-2026-0900: Inappropriate implementation in V8 * CVE-2026-0901: Inappropriate implementation in Blink * CVE-2026-0902: Inappropriate implementation in V8 * CVE-2026-0903: Insufficient validation of untrusted input in Downloads * CVE-2026-0904: Incorrect security UI in Digital Credentials * CVE-2026-0905: Insufficient policy enforcement in Network * CVE-2026-0906: Incorrect security UI * CVE-2026-0907: Incorrect security UI in Split View * CVE-2026-0908: Use after free in ANGLE - use noopenh264 where available chromedriver-144.0.7559.59-bp160.1.1.x86_64.rpm chromium-144.0.7559.59-bp160.1.1.x86_64.rpm chromedriver-144.0.7559.59-bp160.1.1.ppc64le.rpm chromium-144.0.7559.59-bp160.1.1.ppc64le.rpm chromedriver-144.0.7559.59-bp160.1.1.aarch64.rpm chromium-144.0.7559.59-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-81 Security update for gimp important openSUSE Backports SLE-16.0 This update for gimp fixes the following issues: Changes in gimp: Update to 3.0.6: - Security: - During development, we received reports from the Zero Day Initiative of potential security issues with some of our file import plug-ins. While these issues are very unlikely to occur with real files, developers like Jacob Boerema and Alx Sa proactively improved security for those imports. The resolved reports are: - ZDI-CAN-27793 - ZDI-CAN-27823 - ZDI-CAN-27836 - ZDI-CAN-27878 - ZDI-CAN-27863 - ZDI-CAN-27684 - Core: - Many false-positive build warnings have been cleaned out (and proper issues fixed). - Various crashes fixed. - When creating a layer mask from the layer's alpha, but the layer has no alpha, simply fill the mask with complete opacity instead of a completely transparent layer. - Various core infrastructure code reviewed, cleaned up, refactored and improved, in drawable, layer and filter handling code, tree view code, and more. - GIMP_ICONS_LIKE_A_BOSS environment variable is not working anymore (because "gtk-menu-images" and "gtk-button-images" have been deprecated in GTK3 and removed in GTK4) and was therefore removed. - Lock Content now shows as an undo step. - Add alpha channel for certain transforms. - Add alpha channel on filter merge, when necessary. - Filters can now be applied non-destructively on channels. - Improved Photoshop brush support. - After deleting a palette entry, the next entry is automatically selected. This allows easily deleting several entries in a row, among other usage. - Resize image to layers irrespective to selections. - Improved in-GUI release notes' demo script language: - We can now set a button value to click it: "toolbox:text, tool-options:outline=1, tool-options:outline-direction" - Color selector's module names can be used as identifiers: "color-editor,color-editor:CMYK=1,color-editor:total-ink-coverage" - Fixed Alpha to Selection on single layers with no transparency. - Various code is slowly ported to newer code, preparing for GTK4 port (in an unplanned future step): - Using g_set_str() (optionally redefining it in our core code to avoid bumping the GLib minimum requirement). - Start using GListModel in various pieces of code, in particular getting rid of more and more usage of GtkTreeView when possible (as it will be deprecated with GTK4). - New GimpRow class for all future row widgets. - Use more of G_DECLARE_DERIVABLE_TYPE and G_DECLARE_FINAL_TYPE where relevant. - New GimpContainerListView using a GtkListBox. - New GimpRowSeparator, GimpRowSettings, GimpRowFilter and GimpRowDrawableFilter widgets. - (Experimental) GEX Format was updated. - Palette import: - Set alpha value for image palette imports. - Fix Lab & CMYK ACB palette import. - Add palette format filters to import dialog, making it more apparent what palette formats are supported, and giving the ability to hide irrelevant files. - Improved filter actions' sensitivity to make sure they are set insensitive when relevant. In particular filters which cannot be run non-destructively (e.g. filters with aux inputs, non-interactive filters and GEGL Graph) must be insensitive when trying to run them on group layers. - Fix bad axis centering on zoom out. - Export better SVG when exporting paths. - Tools: - Text tool: make sure the default color is only changed when the user confirms the color change. - Foreground Selection tool: do not create a selection when no strokes has been made. In particular this removes the unnecessary delay which happened when switching to another tool without actually stroking anything. - All Transform tools: transform boundaries for preview is now multi-layers aware. - (Experimental) Seamless Clone tool: made to work again, though it is still too slow to get out of Playground. - Graphical User Interface: - Various improvements to window management: - Keep-Above windows are set with the Utility hint. - Utility windows are not made transient to a parent. - Transient factory dialogs follow the active display, ensuring that new image windows would not hide your toolbox and dock windows. - Various CSS improvements for styling of the interface. Some theme leaks were also fixed. - New toggle button in Brushes and Fonts dockable, allowing brush and font previews to optionally follow the color theme. For instance, when using a dark theme, the brush and font previews could be drawn on the theme background, using the theme foreground colors. By default, these data previews are still drawn as black on white. - Palette grid is now drawn with the theme's background color. - Consistent naming patterns on human-facing options (first word only capitalized). - About dialog: - We will now display the date and time of the last check in a "Up to date as of <date> at <time>" string, differing from the "Last checked on <date> at <time>" string. The former will be used to indicate that GIMP is indeed up-to-date whereas the latter when a new version was released and that you should update. - We now respect the system time/date format on macOS and Windows. - The search popup won't pop up without an image. - Better zoom step algorithm for data previews in container popup (e.g. the brush popup in paint Tool Options). - Disable animation in the Input Controller, Preferences and Welcome dialogs for stack transition when animation are disabled in system settings. - Fixed crosshair hotspot on Windows (crosshair cursor for brushes was offset with a non-100% display scale factor). - Debug/CRITICAL dialog: - Make sure it is non-modal. - Follow the theme mode under Windows. - While loading images, all widgets in the file dialog are made insensitive, except for the Cancel button and the progress bar. - Both grid and list views can now zoom via scroll and zoom gestures (it used to only work in list views). - Pop an error message up on startup when GIO modules to read HTTPS links are not found and that we therefore fail to load the remote gimp_versions.json file. With the AppImage package in particular, we depend on an environment daemon which cannot be shipped in the package. So the next best thing is to warn people and tell them what they should install to get version checks. - Welcome dialog: - The "Community Tutorials" link is now shown after the "Documentation" link. - The "Learn more" link in Release Notes tab leads to the actual release news for this version. - Plug-ins: - PDF export: do not draw disabled layer masks. - Jigsaw: the plug-in can now draw on transparent layers. - Various file format fixes and improvements: JPEG 2000 import, TIFF import, DDS import, SVG import, PSP import, FITS export, ICNS import, Dicom import, WBMP import, Farbfeld import, XWD import, ILBM import. - Sphere Designer: use spin scale instead of spin entries (the latter is unusable with little horizontal space). - Animation Play: frames are shown again in the playback progress bar. - Vala Goat Exercise: ignoring C warning in this Vala plug-in as it is generated code and we cannot control it. - file-gih: brush pipe selection modes now have nice, translatable names. - Metadata viewer: port from GtkTreeView to GtkListBox. - File Raw Data: reduce Raw Data load dialogue height by moving to a 2-column layout. - SVG import: it is now possible to break aspect ratio with specific width/height arguments, when calling the PDB procedure non-interactively (from other plug-ins). - Print: when run through a portal print dialog, the "Image Settings" will be exposed as a secondary dialog, outputted after the portal dialog, instead of a tab on the main print dialog (because it is not possible to tweak the print dialog when it is created by a portal). This will bring back usable workflow of printing with GIMP when run in a sandbox (e.g. Flatpak or Snap). - Recompose: fixed for YCbCr decomposed images. - Fixed vulnerabilities: ZDI-CAN-27684, ZDI-CAN-27863, ZDI-CAN-27878, ZDI-CAN-27836, ZDI-CAN-27823, ZDI-CAN-27793. - C Source and HTML export can now be run non-interactively too (e.g. from other plug-ins). - Map Object: fix missing spin boxes. - Small Tiles: fix display lag. - CVE-2025-10925: Fix GIMP ILBM file parsing stack-based buffer overflow remote code execution vulnerability. (ZDI-25-914, ZDI-CAN-27793, bsc#1250501) - CVE-2025-10922: Fix GIMP DCM file parsing heap-based buffer overflow remote code execution vulnerability. (ZDI-25-911, ZDI-CAN-27863, bsc#1250497) - CVE-2025-10920: Prevent overflow attack by checking if output >= max, not just output > max. (ZDI-25-909, ZDI-CAN-27684, bsc#1250495) - CVE-2025-10924: Fix integer overflow while parsing FF files. (bsc#1250499) - CVE-2025-2760: A vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. The specific flaw exists within parsing of XWD files. An integer overflow happens before allocating a buffer. This fixed in GIMP 3.0.0. https://www.gimp.org/news/2025/03/16/gimp-3-0-released (bsc#1241690) gimp-3.0.6-bp160.1.1.x86_64.rpm gimp-devel-3.0.6-bp160.1.1.x86_64.rpm gimp-extension-goat-excercises-3.0.6-bp160.1.1.x86_64.rpm gimp-lang-3.0.6-bp160.1.1.noarch.rpm gimp-plugin-aa-3.0.6-bp160.1.1.x86_64.rpm gimp-plugin-python3-3.0.6-bp160.1.1.x86_64.rpm gimp-vala-3.0.6-bp160.1.1.x86_64.rpm libgimp-3_0-0-3.0.6-bp160.1.1.x86_64.rpm libgimpui-3_0-0-3.0.6-bp160.1.1.x86_64.rpm gimp-3.0.6-bp160.1.1.ppc64le.rpm gimp-devel-3.0.6-bp160.1.1.ppc64le.rpm gimp-extension-goat-excercises-3.0.6-bp160.1.1.ppc64le.rpm gimp-plugin-aa-3.0.6-bp160.1.1.ppc64le.rpm gimp-plugin-python3-3.0.6-bp160.1.1.ppc64le.rpm gimp-vala-3.0.6-bp160.1.1.ppc64le.rpm libgimp-3_0-0-3.0.6-bp160.1.1.ppc64le.rpm libgimpui-3_0-0-3.0.6-bp160.1.1.ppc64le.rpm gimp-3.0.6-bp160.1.1.aarch64.rpm gimp-devel-3.0.6-bp160.1.1.aarch64.rpm gimp-extension-goat-excercises-3.0.6-bp160.1.1.aarch64.rpm gimp-plugin-aa-3.0.6-bp160.1.1.aarch64.rpm gimp-plugin-python3-3.0.6-bp160.1.1.aarch64.rpm gimp-vala-3.0.6-bp160.1.1.aarch64.rpm libgimp-3_0-0-3.0.6-bp160.1.1.aarch64.rpm libgimpui-3_0-0-3.0.6-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-82 Security update for go-sendxmpp moderate openSUSE Backports SLE-16.0 This update for go-sendxmpp fixes the following issues: Changes in go-sendxmpp: - Update to 0.15.1: Added * Add XEP-0359 Origin-ID to messages (requires go-xmpp >= v0.2.18). Changed * HTTP upload: Ignore timeouts on disco IQs as some components do not reply. - Upgrades the embedded golang.org/x/net to 0.46.0 * Fixes: bsc#1251461, CVE-2025-47911: various algorithms with quadratic complexity when parsing HTML documents * Fixes: bsc#1251677, CVE-2025-58190: excessive memory consumption by 'html.ParseFragment' when processing specially crafted input - Update to 0.15.0: Added: * Add flag --verbose to show debug information. * Add flag --recipients to specify recipients by file. * Add flag --retry-connect to try after a waiting time if the connection fails. * Add flag --retry-connect-max to specify the amount of retry attempts. * Add flag --legacy-pgp for using XEP-0027 PGP encryption with Ox keys. * Add support for punycode domains. Changed: * Update gopenpgp library to v3. * Improve error detection for MUC joins. * Don't try to connect to other SRV record targets if error contains 'auth-failure'. * Remove support for old SSDP version (via go-xmpp v0.2.15). * Http-upload: Stop checking other disco items after finding upload component. * Increase default TLS version to 1.3. - bsc#1241814 (CVE-2025-22872): This update includes golang.org/x/net/html 0.43.0 - Update to 0.14.1: * Use prettier date format for error messages. * Update XEP-0474 to version 0.4.0 (requires go-xmpp >= 0.2.10). - Update to 0.14.0: Added: * Add --fast-invalidate to allow invalidating the FAST token. Changed: * Don't create legacy Ox private key directory in ~/.local/share/go-sendxmpp/oxprivkeys. * Delete legacy Ox private key directory if it's empty. * Show proper error if saved FAST mechanism isn't usable with current TLS version (requires go-xmpp >= 0.2.9). * Print debug output to stdout, not stderr (requires go-xmpp >= 0.2.9). * Show RECV: and SEND: prefix for debug output (requires go-xmpp >= 0.2.9). * Delete stored fast token if --fast-invalidate and --fast-off are set. * Show error when FAST creds are stored but non-FAST mechanism is requested. - Update to 0.13.0: Added: * Add --anonymous to support anonymous authentication (requires go-xmpp >= 0.2.8). * Add XEP-0480: SASL Upgrade Tasks support (requires go-xmpp >= 0.2.8). * Add support for see-other-host stream error (requires go-xmpp >= 0.2.8). Changed: * Don't automatically try other auth mechanisms if FAST authentication fails. - Update to 0.12.1: Changed: * Print error instead of quitting if a message of type error is received. * Allow upload of multiple files. Added: * Add flag --suppress-root-warning to suppress the warning when go-sendxmpp is used by the root user. - Update to 0.12.0: Added: * Add possibility to look up direct TLS connection endpoint via hostmeta2 (requires xmppsrv >= 0.3.3). * Add flag --allow-plain to allow PLAIN authentication (requires go-xmpp >= 0.2.5). Changed: * Disable PLAIN authentication per default. * Disable PLAIN authentication after first use of a SCRAM auth mechanism (overrides --allow-plain) (requires go-xmpp >= 0.2.5). - Update to 0.11.4: * Fix bug in SCRAM-SHA-256-PLUS (via go-xmpp >= 0.2.4). - Update to 0.11.3: * Add go-xmpp library version to --version output (requires go-xmpp >= 0.2.2). * Fix XEP-0474: SASL SCRAM Downgrade Protection hash calculation bug (via go-xmpp >= v0.2.3). * [gocritic]: Improve code quality. go-sendxmpp-0.15.1-bp160.1.1.aarch64.rpm go-sendxmpp-0.15.1-bp160.1.1.ppc64le.rpm go-sendxmpp-0.15.1-bp160.1.1.s390x.rpm go-sendxmpp-0.15.1-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-83 Recommended update for wicked moderate openSUSE Backports SLE-16.0 This update for wicked fixes the following issues: Changes in wicked: - Update to version 0.6.78 - man: small fixes in wireless manpage (gh#opensuse/wicked#1053) - rtnetlink: fix RTM_NEWLINK name resolution in debug (gh#opensuse/wicked#1052) - Add support for IPVLAN/IPVTAP (jsc#PED-1942, gh#opensuse/wicked#1050, gh#opensuse/wicked#1051) - fsm: remove children reference array from worker (gh#opensuse/wicked#1049) - ifxml: migrate and generate lower configs/policies (gh#opensuse/wicked#1048) - fsm: use refcount and array macros in worker and policy (gh#opensuse/wicked#1047) - route: use refcounted array and fix error leaks (gh#opensuse/wicked#1046) - utils: add support for refcounted objects in generic array (gh#openSUSE/wicked#1045) wicked-0.6.78-bp160.1.1.x86_64.rpm wicked-nbft-0.6.78-bp160.1.1.x86_64.rpm wicked-service-0.6.78-bp160.1.1.x86_64.rpm wicked-0.6.78-bp160.1.1.s390x.rpm wicked-nbft-0.6.78-bp160.1.1.s390x.rpm wicked-service-0.6.78-bp160.1.1.s390x.rpm wicked-0.6.78-bp160.1.1.ppc64le.rpm wicked-nbft-0.6.78-bp160.1.1.ppc64le.rpm wicked-service-0.6.78-bp160.1.1.ppc64le.rpm wicked-0.6.78-bp160.1.1.aarch64.rpm wicked-nbft-0.6.78-bp160.1.1.aarch64.rpm wicked-service-0.6.78-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-84 Security update for ffmpeg-4 important openSUSE Backports SLE-16.0 This update for ffmpeg-4 fixes the following issues: - CVE-2025-63757: Fixed swscale/output: Fix integer overflow in yuv2ya16_X_c_template() (bsc#1255392). ffmpeg-4-4.4.5-bp160.2.1.x86_64.rpm ffmpeg-4-libavcodec-devel-4.4.5-bp160.2.1.x86_64.rpm ffmpeg-4-libavdevice-devel-4.4.5-bp160.2.1.x86_64.rpm ffmpeg-4-libavfilter-devel-4.4.5-bp160.2.1.x86_64.rpm ffmpeg-4-libavformat-devel-4.4.5-bp160.2.1.x86_64.rpm ffmpeg-4-libavresample-devel-4.4.5-bp160.2.1.x86_64.rpm ffmpeg-4-libavutil-devel-4.4.5-bp160.2.1.x86_64.rpm ffmpeg-4-libpostproc-devel-4.4.5-bp160.2.1.x86_64.rpm ffmpeg-4-libswresample-devel-4.4.5-bp160.2.1.x86_64.rpm ffmpeg-4-libswscale-devel-4.4.5-bp160.2.1.x86_64.rpm ffmpeg-4-private-devel-4.4.5-bp160.2.1.x86_64.rpm libavcodec58_134-4.4.5-bp160.2.1.x86_64.rpm libavdevice58_13-4.4.5-bp160.2.1.x86_64.rpm libavfilter7_110-4.4.5-bp160.2.1.x86_64.rpm libavformat58_76-4.4.5-bp160.2.1.x86_64.rpm libavresample4_0-4.4.5-bp160.2.1.x86_64.rpm libavutil56_70-4.4.5-bp160.2.1.x86_64.rpm libpostproc55_9-4.4.5-bp160.2.1.x86_64.rpm libswresample3_9-4.4.5-bp160.2.1.x86_64.rpm libswscale5_9-4.4.5-bp160.2.1.x86_64.rpm ffmpeg-4-4.4.5-bp160.2.1.s390x.rpm ffmpeg-4-libavcodec-devel-4.4.5-bp160.2.1.s390x.rpm ffmpeg-4-libavdevice-devel-4.4.5-bp160.2.1.s390x.rpm ffmpeg-4-libavfilter-devel-4.4.5-bp160.2.1.s390x.rpm ffmpeg-4-libavformat-devel-4.4.5-bp160.2.1.s390x.rpm ffmpeg-4-libavresample-devel-4.4.5-bp160.2.1.s390x.rpm ffmpeg-4-libavutil-devel-4.4.5-bp160.2.1.s390x.rpm ffmpeg-4-libpostproc-devel-4.4.5-bp160.2.1.s390x.rpm ffmpeg-4-libswresample-devel-4.4.5-bp160.2.1.s390x.rpm ffmpeg-4-libswscale-devel-4.4.5-bp160.2.1.s390x.rpm ffmpeg-4-private-devel-4.4.5-bp160.2.1.s390x.rpm libavcodec58_134-4.4.5-bp160.2.1.s390x.rpm libavdevice58_13-4.4.5-bp160.2.1.s390x.rpm libavfilter7_110-4.4.5-bp160.2.1.s390x.rpm libavformat58_76-4.4.5-bp160.2.1.s390x.rpm libavresample4_0-4.4.5-bp160.2.1.s390x.rpm libavutil56_70-4.4.5-bp160.2.1.s390x.rpm libpostproc55_9-4.4.5-bp160.2.1.s390x.rpm libswresample3_9-4.4.5-bp160.2.1.s390x.rpm libswscale5_9-4.4.5-bp160.2.1.s390x.rpm ffmpeg-4-4.4.5-bp160.2.1.ppc64le.rpm ffmpeg-4-libavcodec-devel-4.4.5-bp160.2.1.ppc64le.rpm ffmpeg-4-libavdevice-devel-4.4.5-bp160.2.1.ppc64le.rpm ffmpeg-4-libavfilter-devel-4.4.5-bp160.2.1.ppc64le.rpm ffmpeg-4-libavformat-devel-4.4.5-bp160.2.1.ppc64le.rpm ffmpeg-4-libavresample-devel-4.4.5-bp160.2.1.ppc64le.rpm ffmpeg-4-libavutil-devel-4.4.5-bp160.2.1.ppc64le.rpm ffmpeg-4-libpostproc-devel-4.4.5-bp160.2.1.ppc64le.rpm ffmpeg-4-libswresample-devel-4.4.5-bp160.2.1.ppc64le.rpm ffmpeg-4-libswscale-devel-4.4.5-bp160.2.1.ppc64le.rpm ffmpeg-4-private-devel-4.4.5-bp160.2.1.ppc64le.rpm libavcodec58_134-4.4.5-bp160.2.1.ppc64le.rpm libavdevice58_13-4.4.5-bp160.2.1.ppc64le.rpm libavfilter7_110-4.4.5-bp160.2.1.ppc64le.rpm libavformat58_76-4.4.5-bp160.2.1.ppc64le.rpm libavresample4_0-4.4.5-bp160.2.1.ppc64le.rpm libavutil56_70-4.4.5-bp160.2.1.ppc64le.rpm libpostproc55_9-4.4.5-bp160.2.1.ppc64le.rpm libswresample3_9-4.4.5-bp160.2.1.ppc64le.rpm libswscale5_9-4.4.5-bp160.2.1.ppc64le.rpm ffmpeg-4-4.4.5-bp160.2.1.aarch64.rpm ffmpeg-4-libavcodec-devel-4.4.5-bp160.2.1.aarch64.rpm ffmpeg-4-libavdevice-devel-4.4.5-bp160.2.1.aarch64.rpm ffmpeg-4-libavfilter-devel-4.4.5-bp160.2.1.aarch64.rpm ffmpeg-4-libavformat-devel-4.4.5-bp160.2.1.aarch64.rpm ffmpeg-4-libavresample-devel-4.4.5-bp160.2.1.aarch64.rpm ffmpeg-4-libavutil-devel-4.4.5-bp160.2.1.aarch64.rpm ffmpeg-4-libpostproc-devel-4.4.5-bp160.2.1.aarch64.rpm ffmpeg-4-libswresample-devel-4.4.5-bp160.2.1.aarch64.rpm ffmpeg-4-libswscale-devel-4.4.5-bp160.2.1.aarch64.rpm ffmpeg-4-private-devel-4.4.5-bp160.2.1.aarch64.rpm libavcodec58_134-4.4.5-bp160.2.1.aarch64.rpm libavdevice58_13-4.4.5-bp160.2.1.aarch64.rpm libavfilter7_110-4.4.5-bp160.2.1.aarch64.rpm libavformat58_76-4.4.5-bp160.2.1.aarch64.rpm libavresample4_0-4.4.5-bp160.2.1.aarch64.rpm libavutil56_70-4.4.5-bp160.2.1.aarch64.rpm libpostproc55_9-4.4.5-bp160.2.1.aarch64.rpm libswresample3_9-4.4.5-bp160.2.1.aarch64.rpm libswscale5_9-4.4.5-bp160.2.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-85 Recommended update for niri moderate openSUSE Backports SLE-16.0 This update for niri fixes the following issues: - Fixed portal notification proxy (boo#1254975) niri-0.1.9-bp160.2.1.x86_64.rpm niri-0.1.9-bp160.2.1.s390x.rpm niri-0.1.9-bp160.2.1.ppc64le.rpm niri-0.1.9-bp160.2.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-86 Security update for python-weasyprint important openSUSE Backports SLE-16.0 This update for python-weasyprint fixes the following issues: Changes in python-weasyprint: - CVE-2025-68616: Fixed a server-side request forgery in default fetcher (boo#1256936). python313-weasyprint-65.1-bp160.2.1.noarch.rpm openSUSE-Leap-16.0-packagehub-87 Security update for coredns important openSUSE Backports SLE-16.0 This update for coredns fixes the following issues: Changes in coredns: - fix CVE-2025-68156 bsc#1255345 - fix CVE-2025-68161 bsc#1256411 - Update to version 1.14.0: * core: Fix gosec G115 integer overflow warnings * core: Add regex length limit * plugin/azure: Fix slice init length * plugin/errors: Add optional show_first flag to consolidate directive * plugin/file: Fix for misleading SOA parser warnings * plugin/kubernetes: Rate limits to api server * plugin/metrics: Implement plugin chain tracking * plugin/sign: Report parser err before missing SOA * build(deps): bump github.com/expr-lang/expr from 1.17.6 to 1.17.7 - Update to version 1.13.2: * core: Add basic support for DoH3 * core: Avoid proxy unnecessary alloc in Yield * core: Fix usage of sync.Pool to save an alloc * core: Fix data race with sync.RWMutex for uniq * core: Prevent QUIC reload panic by lazily initializing the listener * core: Refactor/use reflect.TypeFor * plugin/auto: Limit regex length * plugin/cache: Remove superfluous allocations in item.toMsg * plugin/cache: Isolate metadata in prefetch goroutine * plugin/cache: Correct spelling of MaximumDefaultTTL in cache and dnsutil packages * plugin/dnstap: Better error handling (redial & logging) when Dnstap is busy * plugin/file: Performance finetuning * plugin/forward: Disallow NOERROR in failover * plugin/forward: Added support for per-nameserver TLS SNI * plugin/forward: Prevent busy loop on connection err * plugin/forward: Add max connect attempts knob * plugin/geoip: Add ASN schema support * plugin/geoip: Add support for subdivisions * plugin/kubernetes: Fix kubernetes plugin logging * plugin/multisocket: Cap num sockets to prevent OOM * plugin/nomad: Support service filtering * plugin/rewrite: Pre-compile CNAME rewrite regexp * plugin/secondary: Fix reload causing secondary plugin goroutine to leak - Update to version 1.13.1: * core: Avoid string concatenation in loops * core: Update golang to 1.25.2 and golang.org/x/net to v0.45.0 on CVE fixes * plugin/sign: Reject invalid UTF‑8 dbfile token - Update to version 1.13.0: * core: Export timeout values in dnsserver.Server * core: Fix Corefile infinite loop on unclosed braces * core: Fix Corefile related import cycle issue * core: Normalize panics on invalid origins * core: Rely on dns.Server.ShutdownContext to gracefully stop * plugin/dnstap: Add bounds for plugin args * plugin/file: Fix data race in tree Elem.Name * plugin/forward: No failover to next upstream when receiving SERVFAIL or REFUSED response codes * plugin/grpc: Enforce DNS message size limits * plugin/loop: Prevent panic when ListenHosts is empty * plugin/loop: Avoid panic on invalid server block * plugin/nomad: Add a Nomad plugin * plugin/reload: Prevent SIGTERM/reload deadlock - fix CVE-2025-58063 bsc#1249389 - Update to version 1.12.4: * bump deps * fix(transfer): goroutine leak on axfr err (#7516) * plugin/etcd: fix import order for ttl test (#7515) * fix(grpc): check proxy list length in policies (#7512) * fix(https): propagate HTTP request context (#7491) * fix(plugin): guard nil lookups across plugins (#7494) * lint: add missing prealloc to backend lookup test (#7510) * fix(grpc): span leak on error attempt (#7487) * test(plugin): improve backend lookup coverage (#7496) * lint: enable prealloc (#7493) * lint: enable durationcheck (#7492) * Add Sophotech to adopters list (#7495) * plugin: Use %w to wrap user error (#7489) * fix(metrics): add timeouts to metrics HTTP server (#7469) * chore(ci): restrict token permissions (#7470) * chore(ci): pin workflow dependencies (#7471) * fix(forward): use netip package for parsing (#7472) * test(plugin): improve test coverage for pprof (#7473) * build(deps): bump github.com/go-viper/mapstructure/v2 (#7468) * plugin/file: fix label offset problem in ClosestEncloser (#7465) * feat(trace): migrate dd-trace-go v1 to v2 (#7466) * test(multisocket): deflake restart by using a fresh port and coordinated cleanup (#7438) * chore: update Go version to 1.24.6 (#7437) * plugin/header: Remove deprecated syntax (#7436) * plugin/loadbalance: support prefer option (#7433) * Improve caddy.GracefulServer conformance checks (#7416) - Update to version 1.12.3: * chore: Minor changes to `Dockerfile` (#7428) * Properly create hostname from IPv6 (#7431) * Bump deps * fix: handle cached connection closure in forward plugin (#7427) * plugin/test: fix TXT record comparison for multi-chunk vs multiple records * plugin/file: preserve case in SRV record names and targets per RFC 6763 * fix(auto/file): return REFUSED when no next plugin is available (#7381) * Port to AWS Go SDK v2 (#6588) * fix(cache): data race when refreshing cached messages (#7398) * fix(cache): data race when updating the TTL of cached messages (#7397) * chore: fix docs incompatibility (#7390) * plugin/rewrite: Add EDNS0 Unset Action (#7380) * add args: startup_timeout for kubernetes plugin (#7068) * [plugin/cache] create a copy of a response to ensure original data is never modified * Add support for fallthrough to the grpc plugin (#7359) * view: Add IPv6 example match (#7355) * chore: enable more rules from revive (#7352) * chore: enable early-return and superfluous-else from revive (#7129) * test(plugin): improve tests for auto (#7348) * fix(proxy): flaky dial tests (#7349) * test: add t.Helper() calls to test helper functions (#7351) * fix(kubernetes): multicluster DNS race condition (#7350) * lint: enable wastedassign linter (#7340) * test(plugin): add tests for any (#7341) * Actually invoke make release -f Makefile.release during test (#7338) * Keep golang to 1.24.2 due to build issues in 1.24.3 (#7337) * lint: enable protogetter linter (#7336) * lint: enable nolintlint linter (#7332) * fix: missing intrange lint fix (#7333) * perf(kubernetes): optimize AutoPath slice allocation (#7323) * lint: enable intrange linter (#7331) * feat(plugin/file): fallthrough (#7327) * lint: enable canonicalheader linter (#7330) * fix(proxy): avoid Dial hang after Transport stopped (#7321) * test(plugin): add tests for pkg/rand (#7320) * test(dnsserver): add unit tests for gRPC and QUIC servers (#7319) * fix: loop variable capture and linter (#7328) * lint: enable usetesting linter (#7322) * test: skip certain network-specific tests on non-Linux (#7318) * test(dnsserver): improve core/dnsserver test coverage (#7317) * fix(metrics): preserve request size from plugins (#7313) * fix: ensure DNS query name reset in plugin.NS error path (#7142) * feat: enable plugins via environment during build (#7310) * fix(plugin/bind): remove zone for link-local IPv4 (#7295) * test(request): improve coverage across package (#7307) * test(coremain): Add unit tests (#7308) * ci(test-e2e): add Go version setup to workflow (#7309) * kubernetes: add multicluster support (#7266) * chore: Add new maintainer thevilledev (#7298) * Update golangci-lint (#7294) * feat: limit concurrent DoQ streams and goroutines (#7296) * docs: add man page for multisocket plugin (#7297) * Prepare for the k8s api upgrade (#7293) * fix(rewrite): truncated upstream response (#7277) * fix(plugin/secondary): make transfer property mandatory (#7249) * plugin/bind: remove macOS bug mention in docs (#7250) * Remove `?bla=foo:443` for `POST` DoH (#7257) * Do not interrupt querying readiness probes for plugins (#6975) * Added `SetProxyOptions` function for `forward` plugin (#7229) - Backported quic-go PR #5094: Fix parsing of ifindex from packets to ensure compatibility with big-endian architectures (see quic-go/quic-go#4978, coredns/coredns#6682). - Update to version 1.12.1: * core: Increase CNAME lookup limit from 7 to 10 (#7153) * plugin/kubernetes: Fix handling of pods having DeletionTimestamp set * plugin/kubernetes: Revert "only create PTR records for endpoints with hostname defined" * plugin/forward: added option failfast_all_unhealthy_upstreams to return servfail if all upstreams are down * bump dependencies, fixing bsc#1239294 and bsc#1239728 - Update to version 1.12.0: * New multisocket plugin - allows CoreDNS to listen on multiple sockets * bump deps - Update to version 1.11.4: * forward plugin: new option next, to try alternate upstreams when receiving specified response codes upstreams on (functions like the external plugin alternate) * dnssec plugin: new option to load keys from AWS Secrets Manager * rewrite plugin: new option to revert EDNS0 option rewrites in responses - Update to version 1.11.3+git129.387f34d: * fix CVE-2024-51744 (https://bugzilla.suse.com/show_bug.cgi?id=1232991) build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#6955) * core: set cache-control max-age as integer, not float (#6764) * Issue-6671: Fixed the order of plugins. (#6729) * `root`: explicit mark `dnssec` support (#6753) * feat: dnssec load keys from AWS Secrets Manager (#6618) * fuzzing: fix broken oss-fuzz build (#6880) * Replace k8s.io/utils/strings/slices by Go stdlib slices (#6863) * Update .go-version to 1.23.2 (#6920) * plugin/rewrite: Add "revert" parameter for EDNS0 options (#6893) * Added OpenSSF Scorecard Badge (#6738) * fix(cwd): Restored backwards compatibility of Current Workdir (#6731) * fix: plugin/auto: call OnShutdown() for each zone at its own OnShutdown() (#6705) * feature: log queue and buffer memory size configuration (#6591) * plugin/bind: add zone for link-local IPv6 instead of skipping (#6547) * only create PTR records for endpoints with hostname defined (#6898) * fix: reverter should execute the reversion in reversed order (#6872) * plugin/etcd: fix etcd connection leakage when reload (#6646) * kubernetes: Add useragent (#6484) * Update build (#6836) * Update grpc library use (#6826) * Bump go version from 1.21.11 to 1.21.12 (#6800) * Upgrade antonmedv/expr to expr-lang/expr (#6814) * hosts: add hostsfile as label for coredns_hosts_entries (#6801) * fix TestCorefile1 panic for nil handling (#6802) coredns-1.14.0-bp160.1.1.x86_64.rpm coredns-extras-1.14.0-bp160.1.1.noarch.rpm coredns-1.14.0-bp160.1.1.ppc64le.rpm coredns-1.14.0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-88 Security update for gimp important openSUSE Backports SLE-16.0 This update for gimp fixes the following issues: Changes in gimp: - CVE-2025-14422: Fixed PNM File Parsing Integer Overflow (bsc#1255293) - CVE-2025-14423: Fixed LBM File Parsing Stack-based Buffer Overflow (bsc#1255294) - CVE-2025-14424: Fixed XCF File Parsing Use-After-Free (bsc#1255295) - CVE-2025-14425: Fixed JP2 File Parsing Heap-based Buffer Overflow(bsc#1255296) gimp-3.0.6-bp160.2.1.x86_64.rpm gimp-devel-3.0.6-bp160.2.1.x86_64.rpm gimp-extension-goat-excercises-3.0.6-bp160.2.1.x86_64.rpm gimp-lang-3.0.6-bp160.2.1.noarch.rpm gimp-plugin-aa-3.0.6-bp160.2.1.x86_64.rpm gimp-plugin-python3-3.0.6-bp160.2.1.x86_64.rpm gimp-vala-3.0.6-bp160.2.1.x86_64.rpm libgimp-3_0-0-3.0.6-bp160.2.1.x86_64.rpm libgimpui-3_0-0-3.0.6-bp160.2.1.x86_64.rpm gimp-3.0.6-bp160.2.1.ppc64le.rpm gimp-devel-3.0.6-bp160.2.1.ppc64le.rpm gimp-extension-goat-excercises-3.0.6-bp160.2.1.ppc64le.rpm gimp-plugin-aa-3.0.6-bp160.2.1.ppc64le.rpm gimp-plugin-python3-3.0.6-bp160.2.1.ppc64le.rpm gimp-vala-3.0.6-bp160.2.1.ppc64le.rpm libgimp-3_0-0-3.0.6-bp160.2.1.ppc64le.rpm libgimpui-3_0-0-3.0.6-bp160.2.1.ppc64le.rpm gimp-3.0.6-bp160.2.1.aarch64.rpm gimp-devel-3.0.6-bp160.2.1.aarch64.rpm gimp-extension-goat-excercises-3.0.6-bp160.2.1.aarch64.rpm gimp-plugin-aa-3.0.6-bp160.2.1.aarch64.rpm gimp-plugin-python3-3.0.6-bp160.2.1.aarch64.rpm gimp-vala-3.0.6-bp160.2.1.aarch64.rpm libgimp-3_0-0-3.0.6-bp160.2.1.aarch64.rpm libgimpui-3_0-0-3.0.6-bp160.2.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-89 Recommended update for helmfile moderate openSUSE Backports SLE-16.0 This update for helmfile fixes the following issues: Changes in helmfile: - Update to version 1.2.3: * build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.32.2 to 1.32.3 by @dependabot[bot] in #2308 * build(deps): bump github.com/spf13/cobra from 1.10.1 to 1.10.2 by @dependabot[bot] in #2310 * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.92.1 to 1.93.0 by @dependabot[bot] in #2307 * Add parameter to render helmfile as go template without .gotmpl extension by @ronaldour in #2312 * build(deps): bump golang.org/x/sync from 0.18.0 to 0.19.0 by @dependabot[bot] in #2315 * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.93.0 to 1.93.2 by @dependabot[bot] in #2323 * build(deps): bump k8s.io/apimachinery from 0.34.2 to 0.34.3 by @dependabot[bot] in #2322 * build(deps): bump golang.org/x/term from 0.37.0 to 0.38.0 by @dependabot[bot] in #2317 * build(deps): bump k8s.io/client-go from 0.34.2 to 0.34.3 by @dependabot[bot] in #2321 * build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.32.3 to 1.32.5 by @dependabot[bot] in #2320 * build(deps): bump helm.sh/helm/v3 from 3.19.2 to 3.19.3 by @dependabot[bot] in #2325 * build(deps): bump helm.sh/helm/v4 from 4.0.1 to 4.0.2 by @dependabot[bot] in #2326 * build(deps): bump actions/upload-artifact from 5 to 6 by @dependabot[bot] in #2331 * build(deps): bump helm.sh/helm/v3 from 3.19.3 to 3.19.4 by @dependabot[bot] in #2328 * build(deps): bump actions/download-artifact from 6 to 7 by @dependabot[bot] in #2332 * build(deps): bump dessant/lock-threads from 5 to 6 by @dependabot[bot] in #2330 * build(deps): bump helm.sh/helm/v4 from 4.0.3 to 4.0.4 by @dependabot[bot] in #2329 * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.93.2 to 1.94.0 by @dependabot[bot] in #2333 * bump helm version to 4.0.4 by @yxxhero in #2335 * build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.32.5 to 1.32.6 by @dependabot[bot] in #2336 * build(deps): bump github.com/zclconf/go-cty-yaml from 1.1.0 to 1.2.0 by @dependabot[bot] in #2340 * build(deps): bump k8s.io/client-go from 0.34.3 to 0.35.0 by @dependabot[bot] in #2338 * fix: rewrite relative file:// chart dependencies to absolute paths by @sstarcher in #2334 - Update to version 1.2.2: * Fix AWS SDK debug logging by making it configurable (issue #2270) by @aditmeno in #2290 * test: add integration test for issue #2291 (CRD preservation with strategicMergePatches) by @aditmeno in #2292 * build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.32.1 to 1.32.2 by @dependabot[bot] in #2300 * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.92.0 to 1.92.1 by @dependabot[bot] in #2299 * fix: resolve issues #2295, #2296, and #2297 by @aditmeno in #2298 * build(deps): update Helm v4 to 4.0.1 and helm-secrets to 4.7.4 by @aditmeno in #2304 * feat: add print-env command by @dschmidt in #2279 - Update to version 1.2.1: * build(deps): bump azure/setup-helm from 4.3.0 to 4.3.1 by @dependabot[bot] in #2274 * build(deps): bump github.com/helmfile/vals from 0.42.4 to 0.42.5 by @dependabot[bot] in #2272 * build(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 by @dependabot[bot] in #2277 * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.90.2 to 1.91.1 by @dependabot[bot] in #2284 * Fix four critical issues: environment merging, kubeVersion detection, lookup() with kustomize, and Helm 4 color flags by @aditmeno in #2276 * build(deps): bump go.uber.org/zap from 1.27.0 to 1.27.1 by @dependabot[bot] in #2283 * build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.31.20 to 1.32.0 by @dependabot[bot] in #2282 * build(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in #2287 * build(deps): bump k8s.io/client-go from 0.34.1 to 0.34.2 by @dependabot[bot] in #2285 * Fix four critical bugs: array merging (#2281), AWS SDK logging (#2270), helmDefaults skip flags (#2269), and OCI chart versions (#2247) by @aditmeno in #2288 * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.91.1 to 1.92.0 by @dependabot[bot] in #2286 - Update to version 1.2.0: * build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.31.15 to 1.31.16 by @dependabot[bot] in #2242 * build(deps): bump github.com/hashicorp/go-getter from 1.8.2 to 1.8.3 by @dependabot[bot] in #2241 * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.89.0 to 1.89.1 by @dependabot[bot] in #2240 * build(deps): bump github.com/containerd/containerd from 1.7.28 to 1.7.29 by @dependabot[bot] in #2249 * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.89.1 to 1.90.0 by @dependabot[bot] in #2248 * build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.31.16 to 1.31.17 by @dependabot[bot] in #2245 * build(deps): bump golang.org/x/sync from 0.17.0 to 0.18.0 by @dependabot[bot] in #2251 * build(deps): bump golangci/golangci-lint-action from 8 to 9 by @dependabot[bot] in #2250 * build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.31.17 to 1.31.18 by @dependabot[bot] in #2253 * build(deps): bump golang.org/x/term from 0.36.0 to 0.37.0 by @dependabot[bot] in #2256 * build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.31.18 to 1.31.20 by @dependabot[bot] in #2259 * perf(app): Parallelize helmfile.d rendering and eliminate chdir race conditions by @aditmeno in #2261 * build(deps): bump k8s.io/apimachinery from 0.34.1 to 0.34.2 by @dependabot[bot] in #2264 * Issue-1883 fix by @zhaque44 in #2058 * feat: add Helm 4 support while maintaining Helm 3 compatibility by @aditmeno in #2262 * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.90.0 to 1.90.2 by @dependabot[bot] in #2258 helmfile-1.2.3-bp160.1.1.x86_64.rpm helmfile-bash-completion-1.2.3-bp160.1.1.noarch.rpm helmfile-fish-completion-1.2.3-bp160.1.1.noarch.rpm helmfile-zsh-completion-1.2.3-bp160.1.1.noarch.rpm helmfile-1.2.3-bp160.1.1.s390x.rpm helmfile-1.2.3-bp160.1.1.ppc64le.rpm helmfile-1.2.3-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-9 Optional update for fprintd moderate openSUSE Backports SLE-16.0 This update ships fprintd 1.94.4 to openSUSE Leap 16.0 and SLES Package Hub 16.0 fprintd-1.94.4-bp160.1.1.aarch64.rpm fprintd-devel-1.94.4-bp160.1.1.noarch.rpm fprintd-doc-1.94.4-bp160.1.1.noarch.rpm fprintd-lang-1.94.4-bp160.1.1.noarch.rpm fprintd-pam-1.94.4-bp160.1.1.aarch64.rpm fprintd-1.94.4-bp160.1.1.ppc64le.rpm fprintd-pam-1.94.4-bp160.1.1.ppc64le.rpm fprintd-1.94.4-bp160.1.1.x86_64.rpm fprintd-pam-1.94.4-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-90 Recommended update for micro-editor moderate openSUSE Backports SLE-16.0 This update for micro-editor fixes the following issues: Changes in micro-editor: - Update to version 2.0.15: * truecolor (supersedes the MICRO_TRUECOLOR environment variable) * showchars (deprecates indentchar) * lockbindings for completely disallowing plugins to modify keybindings * helpsplit for changing default split type for the help command * pageoverlap for setting number of lines kept during page up/page down * Added FirstTab, LastTab, FirstSplit and LastSplit commands * SkipMultiCursorBack as a counterpart to SkipMultiCursor * CursorToViewTop, CursorToViewCenter, CursorToViewBottom * Duplicate for duplicating the selection only, not the whole line * Plugins never write to settings.json or bindings.json anymore * Add onBufferOptionChanged callback * Add SpawnCursorAtLoc() * Expose bufpane's DoubleClick and TripleClick to plugins * Pass mouse info to {on,pre}MouseXXX callbacks * Support goto statement from Lua 5.2 * Various Syntax Highlighting improvements - Update to version 2.0.14: * matchbracestyle to choose whether to underline or highlight matching braces * matchbraceleft to choose whether to match brace to the left of the cursor * hltrailingws to highlight trailing whitespace * hltaberrors to highlight tab vs space inconsistencies * Add jump command to perform a relative goto * Add sub-word movement actions and improve word movements * Add paragraph selection actions and improve paragraph movements * Make Shift-PageUp/Down the default keybindings for SelectPageUp/Down * Add signatures support to improve filetype detection in ambiguous cases * Provide default.yaml for default syntax highlighting * Improvements in syntax highlighting for various languages * More generic support for mouse events handling * Add mouse release and mouse drag events * Make MouseMultiCursor toggle cursors * Better support for handling mouse events in lua * Better API for lua timers * Add onAnyEvent callback * Allow colorschemes to include other colorschemes * Give user's files in ~/.config/micro/ precedence over micro's built-in files * Respect umask when creating files * Smarter smartpaste * Make default fileformat value suited to the OS * Improve buffer view relocation after jumping to a far-away location * Improve return values of some actions for better action chaining * Autocomplete filetypes * Allow raw escape sequence to be bound with bind * Various small improvements * Fix various crashes * Fix micro killed by SIGINT sent to its shell job * Various fixes for setting local options * Various fixes for reloading settings via reload command * Various fixes for updating settings after changing filetype * Fix unneeded rewriting of settings.json * Fix overwriting persistent non-default settings in settings.json with temporary default settings * Don't apply rmtrailingws on autosave * Don't autosave unmodified buffer * Properly update autosave timer when the autosave option value changes * Fix opening filenames including colons with parsecursor * Fix replace to be able to insert '$' * Fix cursor moving to an unexpected location after a redo * Make cursor movements after selection consistent * Fix incorrect buffer view after reloading file * Fix lost mouse release events in case the pane becomes inactive * Add proper locking to LineArray to fix potential races * Cleanup indentation and trailing whitespace * Improve plugin documentation micro-editor-2.0.15-bp160.1.1.x86_64.rpm micro-editor-2.0.15-bp160.1.1.s390x.rpm micro-editor-2.0.15-bp160.1.1.ppc64le.rpm micro-editor-2.0.15-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-91 Security update for chromium moderate openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: Changes in chromium: - Chromium 144.0.7559.96 (boo#1257011) * CVE-2026-1220: Race in V8 - update INSTALL.sh to handle the addded tags in the desktop file (boo#1256938) chromedriver-144.0.7559.96-bp160.1.1.x86_64.rpm chromium-144.0.7559.96-bp160.1.1.x86_64.rpm chromedriver-144.0.7559.96-bp160.1.1.ppc64le.rpm chromium-144.0.7559.96-bp160.1.1.ppc64le.rpm chromedriver-144.0.7559.96-bp160.1.1.aarch64.rpm chromium-144.0.7559.96-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-92 Recommended update for minisign moderate openSUSE Backports SLE-16.0 This update for minisign fixes the following issues: Changes in minisign: - Bugfix: * bugfix: duplicate command-line arguments [7dfdb3c] - Security fix: [gpg.fail/trustcomment] * Trusted comment injection (minisign) [6c59875] * trim(): only trim trailing \r\n, reject straight \r characters - Security fix: [gpg.fail/minisign] * Trusted comment injection (minisign) [a10dc92] * Bail out if the signature file contains unprintable characters - Update to version 0.12 * Libsodium is now an optional dependency. When using the Zig toolchain to compile Minisign, you can specify the -Dwithout-libsodium flag to build and run without libsodium. * Key identifiers are now zero-padded when printed. minisign-0.12-bp160.1.1.x86_64.rpm minisign-0.12-bp160.1.1.s390x.rpm minisign-0.12-bp160.1.1.ppc64le.rpm minisign-0.12-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-93 Security update for sbctl moderate openSUSE Backports SLE-16.0 This update for sbctl fixes the following issues: Changes in sbctl: - Upgrade the embedded golang.org/x/net to 0.46.0 * Fixes: bsc#1251399, CVE-2025-47911: various algorithms with quadratic complexity when parsing HTML documents * Fixes: bsc#1251609, CVE-2025-58190: excessive memory consumption by 'html.ParseFragment' when processing specially crafted input - Update to version 0.18: * logging: fixup new go vet warning * workflows: add cc for cross compile * workflow: add sudo to apt * workflow: add pcsclite to ci * workflow: try enable cgo * go.mod: update golang.org/x/ dependencies * fix: avoid adding bogus Country attribute to subject DNs * sbctl: only store file if we did actually sign the file * installkernel: add post install hook for Debian's traditional installkernel * CI: missing libpcsclite pkg * workflows: add missing depends and new pattern keyword * Add yubikey example for create keys to the README * Initial yubikey backend keytype support * verify: ensure we pass args in correct order - bsc#1248949 (CVE-2025-58058): Bump xz to 0.5.14 - Update to version 0.17: * Ensure we don't wrongly compare input/output files when signing * Added --json supprt to sbctl verify * Ensure sbctl setup with no arguments returns a helpful output * Import latest Microsoft keys for KEK and db databases * Ensure we print the path of the file when encountering an invalid PE file * Misc fixups in tests * Misc typo fixes in prints - Update to version 0.16: * Ensure sbctl reads --config even if /etc/sbctl/sbctl.conf is present * Fixed a bug where sbctl would abort if the TPM eventlog contains the same byte multiple times * Fixed a landlock bug where enroll-keys --export did not work * Fixed a bug where an ESP mounted to multiple paths would not be detected * Exporting keys without efivars present work again * sbctl sign will now use the saved output path if the signed file is enrolled * enroll-keys --append will now work without --force. - Updates from version 0.15.4: * Fixed an issue where sign-all did not report a non-zero exit code when something failed * Fixed and issue where we couldn't write to a file with landlock * Fixed an issue where --json would print the human readable output and the json * Fixes landlock for UKI/bundles by disabling the sandbox feature * Some doc fixups that mentioned /usr/share/ sbctl-0.18-bp160.1.1.x86_64.rpm sbctl-0.18-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-94 Recommended update for openQA, os-autoinst, openQA-devel-container moderate openSUSE Backports SLE-16.0 This update for openQA, os-autoinst, openQA-devel-container fixes the following issues: Changes in openQA: Fri Jan 16 20:30:53 UTC 2026 - okurz@suse.com - Update to version 5.1768564451.45d5d5b2: * feat: optionally configure fake auth key+secret+expiration * OpenSuseIssueReporter: Avoid multiple push calls * unit_tests: Add unit tests for OpenSuseBugzillaUtils * unit_tests: Adapt the UI tests to the new kernel bug button * plugins: Introduce OpenSuseIssueReporter for external issue reporting Changes in os-autoinst: Fri Jan 16 20:43:12 UTC 2026 - okurz@suse.com - Update to version 5.1768577300.b85e486: * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content Changes in openQA-devel-container: Fri Jan 16 20:41:22 UTC 2026 - okurz@suse.de - Update to version 5.1768564451.45d5d5b2e: * Update to latest openQA version openQA-5.1768564451.45d5d5b2-bp160.1.1.x86_64.rpm openQA-auto-update-5.1768564451.45d5d5b2-bp160.1.1.x86_64.rpm openQA-bootstrap-5.1768564451.45d5d5b2-bp160.1.1.x86_64.rpm openQA-client-5.1768564451.45d5d5b2-bp160.1.1.x86_64.rpm openQA-common-5.1768564451.45d5d5b2-bp160.1.1.x86_64.rpm openQA-continuous-update-5.1768564451.45d5d5b2-bp160.1.1.x86_64.rpm openQA-devel-5.1768564451.45d5d5b2-bp160.1.1.x86_64.rpm openQA-doc-5.1768564451.45d5d5b2-bp160.1.1.x86_64.rpm openQA-local-db-5.1768564451.45d5d5b2-bp160.1.1.x86_64.rpm openQA-mcp-5.1768564451.45d5d5b2-bp160.1.1.x86_64.rpm openQA-munin-5.1768564451.45d5d5b2-bp160.1.1.x86_64.rpm openQA-python-scripts-5.1768564451.45d5d5b2-bp160.1.1.x86_64.rpm openQA-single-instance-5.1768564451.45d5d5b2-bp160.1.1.x86_64.rpm openQA-single-instance-nginx-5.1768564451.45d5d5b2-bp160.1.1.x86_64.rpm openQA-worker-5.1768564451.45d5d5b2-bp160.1.1.x86_64.rpm os-autoinst-5.1768577300.b85e486-bp160.1.1.x86_64.rpm os-autoinst-devel-5.1768577300.b85e486-bp160.1.1.x86_64.rpm os-autoinst-ipmi-deps-5.1768577300.b85e486-bp160.1.1.x86_64.rpm os-autoinst-openvswitch-5.1768577300.b85e486-bp160.1.1.x86_64.rpm os-autoinst-qemu-kvm-5.1768577300.b85e486-bp160.1.1.x86_64.rpm os-autoinst-qemu-x86-5.1768577300.b85e486-bp160.1.1.x86_64.rpm os-autoinst-s390-deps-5.1768577300.b85e486-bp160.1.1.x86_64.rpm os-autoinst-swtpm-5.1768577300.b85e486-bp160.1.1.x86_64.rpm openQA-5.1768564451.45d5d5b2-bp160.1.1.s390x.rpm openQA-auto-update-5.1768564451.45d5d5b2-bp160.1.1.s390x.rpm openQA-bootstrap-5.1768564451.45d5d5b2-bp160.1.1.s390x.rpm openQA-client-5.1768564451.45d5d5b2-bp160.1.1.s390x.rpm openQA-common-5.1768564451.45d5d5b2-bp160.1.1.s390x.rpm openQA-continuous-update-5.1768564451.45d5d5b2-bp160.1.1.s390x.rpm openQA-devel-5.1768564451.45d5d5b2-bp160.1.1.s390x.rpm openQA-doc-5.1768564451.45d5d5b2-bp160.1.1.s390x.rpm openQA-local-db-5.1768564451.45d5d5b2-bp160.1.1.s390x.rpm openQA-mcp-5.1768564451.45d5d5b2-bp160.1.1.s390x.rpm openQA-munin-5.1768564451.45d5d5b2-bp160.1.1.s390x.rpm openQA-python-scripts-5.1768564451.45d5d5b2-bp160.1.1.s390x.rpm openQA-single-instance-5.1768564451.45d5d5b2-bp160.1.1.s390x.rpm openQA-single-instance-nginx-5.1768564451.45d5d5b2-bp160.1.1.s390x.rpm openQA-worker-5.1768564451.45d5d5b2-bp160.1.1.s390x.rpm os-autoinst-5.1768577300.b85e486-bp160.1.1.s390x.rpm os-autoinst-devel-5.1768577300.b85e486-bp160.1.1.s390x.rpm os-autoinst-ipmi-deps-5.1768577300.b85e486-bp160.1.1.s390x.rpm os-autoinst-openvswitch-5.1768577300.b85e486-bp160.1.1.s390x.rpm os-autoinst-s390-deps-5.1768577300.b85e486-bp160.1.1.s390x.rpm os-autoinst-swtpm-5.1768577300.b85e486-bp160.1.1.s390x.rpm openQA-5.1768564451.45d5d5b2-bp160.1.1.ppc64le.rpm openQA-auto-update-5.1768564451.45d5d5b2-bp160.1.1.ppc64le.rpm openQA-bootstrap-5.1768564451.45d5d5b2-bp160.1.1.ppc64le.rpm openQA-client-5.1768564451.45d5d5b2-bp160.1.1.ppc64le.rpm openQA-common-5.1768564451.45d5d5b2-bp160.1.1.ppc64le.rpm openQA-continuous-update-5.1768564451.45d5d5b2-bp160.1.1.ppc64le.rpm openQA-devel-5.1768564451.45d5d5b2-bp160.1.1.ppc64le.rpm openQA-doc-5.1768564451.45d5d5b2-bp160.1.1.ppc64le.rpm openQA-local-db-5.1768564451.45d5d5b2-bp160.1.1.ppc64le.rpm openQA-mcp-5.1768564451.45d5d5b2-bp160.1.1.ppc64le.rpm openQA-munin-5.1768564451.45d5d5b2-bp160.1.1.ppc64le.rpm openQA-python-scripts-5.1768564451.45d5d5b2-bp160.1.1.ppc64le.rpm openQA-single-instance-5.1768564451.45d5d5b2-bp160.1.1.ppc64le.rpm openQA-single-instance-nginx-5.1768564451.45d5d5b2-bp160.1.1.ppc64le.rpm openQA-worker-5.1768564451.45d5d5b2-bp160.1.1.ppc64le.rpm os-autoinst-5.1768577300.b85e486-bp160.1.1.ppc64le.rpm os-autoinst-devel-5.1768577300.b85e486-bp160.1.1.ppc64le.rpm os-autoinst-ipmi-deps-5.1768577300.b85e486-bp160.1.1.ppc64le.rpm os-autoinst-openvswitch-5.1768577300.b85e486-bp160.1.1.ppc64le.rpm os-autoinst-s390-deps-5.1768577300.b85e486-bp160.1.1.ppc64le.rpm os-autoinst-swtpm-5.1768577300.b85e486-bp160.1.1.ppc64le.rpm openQA-5.1768564451.45d5d5b2-bp160.1.1.aarch64.rpm openQA-auto-update-5.1768564451.45d5d5b2-bp160.1.1.aarch64.rpm openQA-bootstrap-5.1768564451.45d5d5b2-bp160.1.1.aarch64.rpm openQA-client-5.1768564451.45d5d5b2-bp160.1.1.aarch64.rpm openQA-common-5.1768564451.45d5d5b2-bp160.1.1.aarch64.rpm openQA-continuous-update-5.1768564451.45d5d5b2-bp160.1.1.aarch64.rpm openQA-devel-5.1768564451.45d5d5b2-bp160.1.1.aarch64.rpm openQA-doc-5.1768564451.45d5d5b2-bp160.1.1.aarch64.rpm openQA-local-db-5.1768564451.45d5d5b2-bp160.1.1.aarch64.rpm openQA-mcp-5.1768564451.45d5d5b2-bp160.1.1.aarch64.rpm openQA-munin-5.1768564451.45d5d5b2-bp160.1.1.aarch64.rpm openQA-python-scripts-5.1768564451.45d5d5b2-bp160.1.1.aarch64.rpm openQA-single-instance-5.1768564451.45d5d5b2-bp160.1.1.aarch64.rpm openQA-single-instance-nginx-5.1768564451.45d5d5b2-bp160.1.1.aarch64.rpm openQA-worker-5.1768564451.45d5d5b2-bp160.1.1.aarch64.rpm os-autoinst-5.1768577300.b85e486-bp160.1.1.aarch64.rpm os-autoinst-devel-5.1768577300.b85e486-bp160.1.1.aarch64.rpm os-autoinst-ipmi-deps-5.1768577300.b85e486-bp160.1.1.aarch64.rpm os-autoinst-openvswitch-5.1768577300.b85e486-bp160.1.1.aarch64.rpm os-autoinst-s390-deps-5.1768577300.b85e486-bp160.1.1.aarch64.rpm os-autoinst-swtpm-5.1768577300.b85e486-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-95 Recommended update for OpenBoard moderate openSUSE Backports SLE-16.0 This update for OpenBoard fixes the following issues: Changes in OpenBoard: - update to release version 1.7.4 OpenBoard-1.7.4-bp160.1.1.x86_64.rpm OpenBoard-1.7.4-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-96 Recommended update for hauler moderate openSUSE Backports SLE-16.0 This update for hauler fixes the following issues: Changes in hauler: - Update to version 1.4.1 (bsc#1256546, CVE-2026-22772): * fixed typos for containerd imports (#493) * fix and support containerd imports of `hauls` (#492) * bump github.com/sigstore/fulcio (#489) - Update to version 1.4.0: * added/updated logging for `serve` and `remove` (#487) * added/fixed helm chart images/dependencies features (#485) * more experimental feature updates (#486) * add experimental notes (#483) * updated tempdir flag to store persistent flags (#484) * delete artifacts from store (#473) * path rewrites (#475) * updated/fixed workflow dependency versions (#478) - Update to version 1.3.2: * bump to latest cosign fork release (#481) * Bump golang.org/x/crypto in the go_modules group across 1 directory (#476) hauler-1.4.1-bp160.1.1.x86_64.rpm hauler-1.4.1-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-97 Recommended update for os-autoinst-distri-opensuse-deps moderate openSUSE Backports SLE-16.0 This update for os-autoinst-distri-opensuse-deps fixes the following issues: Changes in os-autoinst-distri-opensuse-deps: - Added dependency perl(Inline::Python) - Added dependency mkisofs - Added dependency jq - Added dependency gzip os-autoinst-distri-opensuse-deps-1.1768848815.573053a6-bp160.1.1.noarch.rpm os-autoinst-distri-opensuse-deps-worker-1.1768848815.573053a6-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-98 Recommended update for openQA, os-autoinst, openQA-devel-container moderate openSUSE Backports SLE-16.0 This update for openQA, os-autoinst, openQA-devel-container fixes the following issues: Changes in openQA: - Update to version 5.1769068942.639067ee: * Dependency cron 2026-01-22 * feat: Show limits on "Next & Previous" tab within table - Update to version 5.1768996386.e3f58202: * fix: Avoid Perl warning if product spec contains undef values * GenericBug: Add [QE] to the subject * doc: Mention version lookup of mediums and special value `*` * doc: Wrap section about medium types consistently at 80 characters * doc: Remove surplus white-space * chore: Improve indentation/wrapping of comment * feat: Improve error message when product contains no templates * tests: Improve/add tests for "no products found" case * KernelBug: Extend the kernel bug template * feat: Improve error message when falling back to version `*` - Update to version 5.1768856318.847e4fc7: * fix(systemd): prevent openqa-gru starting while mounts are unavailable * fix(systemd): try restarts on failure to be more resilient * feat: Show when "Next & Previous" jobs are limited * refactor: Format SQL code for "Next & Previous" jobs more nicely * refactor: Simplify determining latest job in "Next & Previous" list - Update to version 5.1768402729.462b3957: * feat: optionally configure fake auth key+secret+expiration Changes in os-autoinst: - Update to version 5.1769153586.72cabd0: * Replace remaining functions with subroutine signatures in 18-qemu.t * Fix snapshot overlay mechanism to avoid duplication * fix(dist): provide proper copyright headers in all spec-files * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content * fix(dist): exclude unstable t/28-signalblocker.t in OBS checks * Add documentation of APPEND variable * Add undocumented KERNEL/INITRD to the supported variables * os-autoinst-generate-needle-preview: Embed PNG Changes in openQA-devel-container: - Update to version 5.1769167363.fd9ad8d88: * Update to latest openQA version openQA-5.1769068942.639067ee-bp160.1.1.x86_64.rpm openQA-auto-update-5.1769068942.639067ee-bp160.1.1.x86_64.rpm openQA-bootstrap-5.1769068942.639067ee-bp160.1.1.x86_64.rpm openQA-client-5.1769068942.639067ee-bp160.1.1.x86_64.rpm openQA-common-5.1769068942.639067ee-bp160.1.1.x86_64.rpm openQA-continuous-update-5.1769068942.639067ee-bp160.1.1.x86_64.rpm openQA-devel-5.1769068942.639067ee-bp160.1.1.x86_64.rpm openQA-doc-5.1769068942.639067ee-bp160.1.1.x86_64.rpm openQA-local-db-5.1769068942.639067ee-bp160.1.1.x86_64.rpm openQA-mcp-5.1769068942.639067ee-bp160.1.1.x86_64.rpm openQA-munin-5.1769068942.639067ee-bp160.1.1.x86_64.rpm openQA-python-scripts-5.1769068942.639067ee-bp160.1.1.x86_64.rpm openQA-single-instance-5.1769068942.639067ee-bp160.1.1.x86_64.rpm openQA-single-instance-nginx-5.1769068942.639067ee-bp160.1.1.x86_64.rpm openQA-worker-5.1769068942.639067ee-bp160.1.1.x86_64.rpm os-autoinst-5.1769153586.72cabd0-bp160.1.1.x86_64.rpm os-autoinst-devel-5.1769153586.72cabd0-bp160.1.1.x86_64.rpm os-autoinst-ipmi-deps-5.1769153586.72cabd0-bp160.1.1.x86_64.rpm os-autoinst-openvswitch-5.1769153586.72cabd0-bp160.1.1.x86_64.rpm os-autoinst-qemu-kvm-5.1769153586.72cabd0-bp160.1.1.x86_64.rpm os-autoinst-qemu-x86-5.1769153586.72cabd0-bp160.1.1.x86_64.rpm os-autoinst-s390-deps-5.1769153586.72cabd0-bp160.1.1.x86_64.rpm os-autoinst-swtpm-5.1769153586.72cabd0-bp160.1.1.x86_64.rpm openQA-5.1769068942.639067ee-bp160.1.1.s390x.rpm openQA-auto-update-5.1769068942.639067ee-bp160.1.1.s390x.rpm openQA-bootstrap-5.1769068942.639067ee-bp160.1.1.s390x.rpm openQA-client-5.1769068942.639067ee-bp160.1.1.s390x.rpm openQA-common-5.1769068942.639067ee-bp160.1.1.s390x.rpm openQA-continuous-update-5.1769068942.639067ee-bp160.1.1.s390x.rpm openQA-devel-5.1769068942.639067ee-bp160.1.1.s390x.rpm openQA-doc-5.1769068942.639067ee-bp160.1.1.s390x.rpm openQA-local-db-5.1769068942.639067ee-bp160.1.1.s390x.rpm openQA-mcp-5.1769068942.639067ee-bp160.1.1.s390x.rpm openQA-munin-5.1769068942.639067ee-bp160.1.1.s390x.rpm openQA-python-scripts-5.1769068942.639067ee-bp160.1.1.s390x.rpm openQA-single-instance-5.1769068942.639067ee-bp160.1.1.s390x.rpm openQA-single-instance-nginx-5.1769068942.639067ee-bp160.1.1.s390x.rpm openQA-worker-5.1769068942.639067ee-bp160.1.1.s390x.rpm os-autoinst-5.1769153586.72cabd0-bp160.1.1.s390x.rpm os-autoinst-devel-5.1769153586.72cabd0-bp160.1.1.s390x.rpm os-autoinst-ipmi-deps-5.1769153586.72cabd0-bp160.1.1.s390x.rpm os-autoinst-openvswitch-5.1769153586.72cabd0-bp160.1.1.s390x.rpm os-autoinst-s390-deps-5.1769153586.72cabd0-bp160.1.1.s390x.rpm os-autoinst-swtpm-5.1769153586.72cabd0-bp160.1.1.s390x.rpm openQA-5.1769068942.639067ee-bp160.1.1.ppc64le.rpm openQA-auto-update-5.1769068942.639067ee-bp160.1.1.ppc64le.rpm openQA-bootstrap-5.1769068942.639067ee-bp160.1.1.ppc64le.rpm openQA-client-5.1769068942.639067ee-bp160.1.1.ppc64le.rpm openQA-common-5.1769068942.639067ee-bp160.1.1.ppc64le.rpm openQA-continuous-update-5.1769068942.639067ee-bp160.1.1.ppc64le.rpm openQA-devel-5.1769068942.639067ee-bp160.1.1.ppc64le.rpm openQA-doc-5.1769068942.639067ee-bp160.1.1.ppc64le.rpm openQA-local-db-5.1769068942.639067ee-bp160.1.1.ppc64le.rpm openQA-mcp-5.1769068942.639067ee-bp160.1.1.ppc64le.rpm openQA-munin-5.1769068942.639067ee-bp160.1.1.ppc64le.rpm openQA-python-scripts-5.1769068942.639067ee-bp160.1.1.ppc64le.rpm openQA-single-instance-5.1769068942.639067ee-bp160.1.1.ppc64le.rpm openQA-single-instance-nginx-5.1769068942.639067ee-bp160.1.1.ppc64le.rpm openQA-worker-5.1769068942.639067ee-bp160.1.1.ppc64le.rpm os-autoinst-5.1769153586.72cabd0-bp160.1.1.ppc64le.rpm os-autoinst-devel-5.1769153586.72cabd0-bp160.1.1.ppc64le.rpm os-autoinst-ipmi-deps-5.1769153586.72cabd0-bp160.1.1.ppc64le.rpm os-autoinst-openvswitch-5.1769153586.72cabd0-bp160.1.1.ppc64le.rpm os-autoinst-s390-deps-5.1769153586.72cabd0-bp160.1.1.ppc64le.rpm os-autoinst-swtpm-5.1769153586.72cabd0-bp160.1.1.ppc64le.rpm openQA-5.1769068942.639067ee-bp160.1.1.aarch64.rpm openQA-auto-update-5.1769068942.639067ee-bp160.1.1.aarch64.rpm openQA-bootstrap-5.1769068942.639067ee-bp160.1.1.aarch64.rpm openQA-client-5.1769068942.639067ee-bp160.1.1.aarch64.rpm openQA-common-5.1769068942.639067ee-bp160.1.1.aarch64.rpm openQA-continuous-update-5.1769068942.639067ee-bp160.1.1.aarch64.rpm openQA-devel-5.1769068942.639067ee-bp160.1.1.aarch64.rpm openQA-doc-5.1769068942.639067ee-bp160.1.1.aarch64.rpm openQA-local-db-5.1769068942.639067ee-bp160.1.1.aarch64.rpm openQA-mcp-5.1769068942.639067ee-bp160.1.1.aarch64.rpm openQA-munin-5.1769068942.639067ee-bp160.1.1.aarch64.rpm openQA-python-scripts-5.1769068942.639067ee-bp160.1.1.aarch64.rpm openQA-single-instance-5.1769068942.639067ee-bp160.1.1.aarch64.rpm openQA-single-instance-nginx-5.1769068942.639067ee-bp160.1.1.aarch64.rpm openQA-worker-5.1769068942.639067ee-bp160.1.1.aarch64.rpm os-autoinst-5.1769153586.72cabd0-bp160.1.1.aarch64.rpm os-autoinst-devel-5.1769153586.72cabd0-bp160.1.1.aarch64.rpm os-autoinst-ipmi-deps-5.1769153586.72cabd0-bp160.1.1.aarch64.rpm os-autoinst-openvswitch-5.1769153586.72cabd0-bp160.1.1.aarch64.rpm os-autoinst-s390-deps-5.1769153586.72cabd0-bp160.1.1.aarch64.rpm os-autoinst-swtpm-5.1769153586.72cabd0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-99 Recommended update for tryton, trytond, gnuhealth, trytond_account, gnuhealth-client, proteus, python-PyWebDAV3-GNUHealth, trytond_account_invoice, trytond_party, trytond_product, trytond_purchase, trytond_stock, trytond_stock_lot, trytond_stock_supply moderate openSUSE Backports SLE-16.0 This update for tryton, trytond, gnuhealth, trytond_account, gnuhealth-client, proteus, python-PyWebDAV3-GNUHealth, trytond_account_invoice, trytond_party, trytond_product, trytond_purchase, trytond_stock, trytond_stock_lot, trytond_stock_supply fixes the following issues: Changes in tryton: - Version 7.0.31 - Bugfix Release - Version 7.0.29 - Bugfix Release Changes in trytond: - Version 7.0.44 - Bugfix Release - Version 7.0.43 - Bugfix Release - Version 7.0.42 - Bugfix Release - Version 7.0.40 - Bugfix Release - Version 7.0.38 - Bugfix Release - Version 7.0.37 - Bugfix Release - Version 7.0.36 - Security Release for issue #14220 - Version 7.0.35 - Bugfix Release - Version 7.0.34 - Bugfix Release - Version 7.0.33 - Bugfix Release Changes in gnuhealth: - version 5.0.5 * optimizations to language files * various fixes * install_demo_database.sh added - version 5.0.2 * inconsistent naming of package and directories, switch to local copy * gnuhealth.keyring removed due to local copy * Remove unused dependencies from health module * Wrong cursor field teeth (dentistry module) * remove pillow dependency from lab and dentistry Changes in trytond_account: - Version 7.0.23 - Bugfix Release - Version 7.0.22 - Bugfix Release - Version 7.0.21 - Bugfix Release Changes in gnuhealth-client: - version 5.0.1 * Fix issue #11. default settings for federation.gnhealth.org not working * allow Python 3.14 Changes in proteus: - Version 7.0.3 - Bugfix Release - Version 7.0.2 - Bugfix Release Changes in python-PyWebDAV3-GNUHealth: - version 0.13.0 * no changelog provided * source file renamed Changes in trytond_account_invoice: - Version 7.0.14 - Bugfix Release Changes in trytond_party: - Version 7.0.7 - Bugfix Release Changes in trytond_product: - Version 7.0.3 - Bugfix Release Changes in trytond_purchase: - Version 7.0.16 - Bugfix Release - Version 7.0.15 - Bugfix Release Changes in trytond_stock: - Version 7.0.16 - Bugfix Release - Version 7.0.15 - Bugfix Release - Version 7.0.14 - Bugfix Release Changes in trytond_stock_lot: - Version 7.0.5 - Bugfix Release - Version 7.0.4 - Bugfix Release Changes in trytond_stock_supply: - Version 7.0.5 - Bugfix Release tryton-7.0.31-bp160.1.1.noarch.rpm trytond-7.0.44-bp160.1.1.noarch.rpm gnuhealth-5.0.5-bp160.1.1.noarch.rpm gnuhealth-orthanc-5.0.5-bp160.1.1.noarch.rpm trytond_account-7.0.23-bp160.1.1.noarch.rpm gnuhealth-client-5.0.1-bp160.1.1.noarch.rpm proteus-7.0.3-bp160.1.1.noarch.rpm python313-PyWebDAV3-GNUHealth-0.13.0-bp160.1.1.noarch.rpm trytond_account_invoice-7.0.14-bp160.1.1.noarch.rpm trytond_party-7.0.7-bp160.1.1.noarch.rpm trytond_product-7.0.3-bp160.1.1.noarch.rpm trytond_purchase-7.0.16-bp160.1.1.noarch.rpm trytond_stock-7.0.16-bp160.1.1.noarch.rpm trytond_stock_lot-7.0.5-bp160.1.1.noarch.rpm trytond_stock_supply-7.0.5-bp160.1.1.noarch.rpm