Packages changed: MozillaFirefox (152.0.2 -> 152.0.3) btrfsprogs cpupower dbus-1-glib (0.112 -> 0.114) fwupd gnome-sudoku (50.1 -> 50.2.1) gpgme (2.1.0 -> 2.1.1) kompare libass (0.17.4 -> 0.17.5) libstorage-ng (4.5.335 -> 4.5.336) libwmf (0.2.13 -> 0.2.15) mutter ncurses (6.6.20260608 -> 6.6.20260613) nghttp2 openSUSE-release (20260628 -> 20260630) pango (1.57.1 -> 1.58.0) perl-HTTP-Date (6.06 -> 6.70.0) python-greenlet (3.5.0 -> 3.5.3) python-linux-procfs (0.7.3 -> 0.7.4) python-lxml (6.1.0 -> 6.1.1) rubygem-nokogiri (1.18.9 -> 1.19.4) socat (1.8.1.1 -> 1.8.1.3) systemd vim (9.2.0530 -> 9.2.0725) xclock (1.1.1 -> 1.2.0) === Details === ==== MozillaFirefox ==== Version update (152.0.2 -> 152.0.3) Subpackages: MozillaFirefox-branding-upstream MozillaFirefox-translations-common - Mozilla Firefox 152.0.3 https://www.firefox.com/en-US/firefox/152.0.3/releasenotes/ * Fix an issue that could cause extreme memory usage and freezing on startup for users with language packs installed (bmo#2049845, boo#1269477) - Add mozilla-bmo2048250.patch, fix input method candidate window tracking by explicitly committing Wayland surface after setting cursor location. (boo#1268447 and bmo#2048250) ==== btrfsprogs ==== Subpackages: btrfsprogs-bash-completion btrfsprogs-udev-rules libbtrfs0 libbtrfsutil1 - Modernize building of Python bindings, to generate binary subpackages for each Python interpreter in the distro. ==== cpupower ==== Subpackages: cpupower-bash-completion cpupower-lang libcpupower1 - Fix broken EnvironmentFile path in cpupower service config file bsc#1269478 - Introduce cpupower-rpmlintrc to suppress devel dependency error A cpupower-rpmlintrc ==== dbus-1-glib ==== Version update (0.112 -> 0.114) - update to 0.114: * Fix bug reporting URL (Simon McVittie) * Move license documents to a REUSE-style LICENSES/ directory * Fix numerous deprecation warnings (Simon McVittie) * Avoid naming a variable 'bool', which is a reserved word in C23 and caused compilation to fail with gcc-15 * dbus-glib version control is now hosted on freedesktop.org's Gitlab installation, and bug reports and feature requests have switched from Bugzilla bugs (indicated by "fd.o #nnn") to ==== fwupd ==== Subpackages: fwupd-bash-completion fwupd-lang libfwupd3 typelib-1_0-Fwupd-2_0 - Migrate to manual service run ==== gnome-sudoku ==== Version update (50.1 -> 50.2.1) Subpackages: gnome-sudoku-lang - Update to version 50.2.1: + Fix tag being on the wrong commit - Changes from version 50.2: + Fix buttons not resetting on new game + Update translations. ==== gpgme ==== Version update (2.1.0 -> 2.1.1) Subpackages: libgpgme45 - Update to 2.1.1: * gpgme_op_export now also returns operational errors ==== kompare ==== Subpackages: kompare-lang - add AlignTop-the-text.patch to fix text clipping (kde#481778) ==== libass ==== Version update (0.17.4 -> 0.17.5) - Update to 0.17.5: * Fix limited OOB read and write in wrap_lines_measure * Fix OOB bit clears for negative Matroska ReadOrder fields * Fix \fay with glyph clusters * Fix small alpha changes not always splitting runs when combined with fade * Fades are now applied to BorderStyle=4 boxes too * Fonts using legacy arabic Windows charmaps are now supported * ass_render_frame no longer returns fully transparent images * Avoid SSE instructions if compiler baseline already includes AVX - Remove d013d97631bf86577e7eb44941b2b7b9cf4192d0.patch: included in upstream release ==== libstorage-ng ==== Version update (4.5.335 -> 4.5.336) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#1084 - make more use of new SystemCmd interface - 4.5.336 ==== libwmf ==== Version update (0.2.13 -> 0.2.15) - update to 0.2.15: * BMP image parsing fixes in embedded DIBs * record size validation for polyline, polygon, polypolygon and text records * fix RLE decoder row-stride mismatch * limit DC stack depth to prevent resource exhaustion * add basic test suite * MSVC build fixes * new release with accumulated fixes ==== mutter ==== Subpackages: mutter-lang - Add ba64e055b5159a3acd5b4e4bc3d381066b26c62c.patch: Fix build with new pango ==== ncurses ==== Version update (6.6.20260608 -> 6.6.20260613) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Mark build recipe as requiring bash - Modernize specfile/drop old constructs - Add ncurses patch 20260613 + add ich/ich1 to putty -TD + reorder %i's in some capabilities for better matching of blocks -TD + add sc/rc to ti928 -TD + add rin to ncr260vt300an and ncr260vt100an, matching the AT&T ind/indn -TD + add rwidm, kdch1 to att730 -TD + change %2d and %3d to %02d and %03d to match original termcaps -TD + reduce unnecessary %2d and %3d to just %d -TD + correct conversion of termcap %2 and %3 to terminfo in _nc_captoinfo. ==== nghttp2 ==== - stricter validation for HTTP CONNECT and Upgrade requests across HTTP/1, HTTP/2, and HTTP/3 upstreams, specifically rejecting requests that incorrectly include Content-Length or Transfer-Encoding headers * Add 0001-nghttpx-Tighten-up-CONNECT-and-HTTP-Upgrade-handling.patch CVE-2026-58055, bsc#1269489 ==== openSUSE-release ==== Version update (20260628 -> 20260630) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== pango ==== Version update (1.57.1 -> 1.58.0) Subpackages: libpango-1_0-0 typelib-1_0-Pango-1_0 - Update to version 1.58.0: + PangoFontDescription has a new width attribute, which is like stretch, but allows intermediate values + PangoRenderer has gained the ability to render only certain components of a layout (such overlines, underlines, text,...) ==== perl-HTTP-Date ==== Version update (6.06 -> 6.70.0) - updated to 6.70.0 (6.07) see /usr/share/doc/packages/perl-HTTP-Date/Changes 6.07 2026-06-25 15:12:09Z - Add test with Time::Zone (GH#25) (Michal Josef Špaček) - Add test with bad Time::Zone string (GH#26) (Michal Josef Špaček) - Add tests with negative time (GH#26) (Michal Josef Špaček) - Replace all instances of \d with [0-9] in regular expressions to reject non-ASCII Unicode digits, with a regression test (GH#27) (Robert Rothenberg) - Reject malformed ISO 8601 timezones with a doubled colon (GH#31) (Olaf Alders) - Document day/month/year ordering for numeric dates (GH#32) (Olaf Alders) ==== python-greenlet ==== Version update (3.5.0 -> 3.5.3) - Add build-Cpp-linking.patch fixing linking C++ problems with Python 3.14.6 (see https://discuss.python.org/t/c-linking-in-3-14-6-is-there-a-regression/107932) - update to 3.5.3: * Fix a crash on free-threaded builds when multiple greenlets were holding a critical section on an object and the GIL for the thread was dropped. See issue 513. Thanks to ddorian. - Update to 3.5.2 * The minimum supported version of Python 3.15 is now 3.15b2. * Fix some garbage-collection related crashes on free-threaded Python 3.15. Thanks to Kumar Aditya in PR #511. * Improve garbage collection of greenlets. This mostly applies to Python 3.15. Thanks to Kumar Aditya in PR #512. - Update to 3.5.1 * Add preliminary support for Python 3.15b1. This has not been reviewed by CPython core developers, but all tests pass. Binary wheels of this version won't work on earlier Python 3.15 builds and may not work on later 3.15 builds. * Fix the discrepancy in the way the two ``getcurrent`` APIs behave during greenlet teardown. One API (the C API used by, e.g., gevent raised a ``RuntimeError``; the other (the Python ``greenlet.getcurrent`` API) returned ``None``. This second way is incompatible with greenlet's type annotations, so ``greenlet.getcurrent`` now raises a ``RuntimeError`` as well. ==== python-linux-procfs ==== Version update (0.7.3 -> 0.7.4) - update to 0.7.4: * Fix spelling mistakes in comments * Modernize packaging and update authorship * Remove import of range from six.moves ==== python-lxml ==== Version update (6.1.0 -> 6.1.1) - update to 6.1.1 (bsc#, CVE-2026-49825): * The known link attributes in ``lxml.html.defs.link_attrs`` were missing ``xlink:href``, which can be used for URL bypass attacks in embedded SVG/MathML/etc. content. * https://github.com/fedora- python/lxml_html_clean/security/advisories/GHSA-4jhm- jv67-739f * The Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and CVE-2025-11731. * The Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and CVE-2025-11731. ==== rubygem-nokogiri ==== Version update (1.18.9 -> 1.19.4) - 1.19.4: see included CHANGELOG.md - 1.19.1: see included CHANGELOG.md - 1.18.10: see included CHANGELOG.md ==== socat ==== Version update (1.8.1.1 -> 1.8.1.3) - update to 1.8.1.3 (bsc#1269219, CVE-2026-56123): * The new SOCKS5_OVERFL test for CVE-2026-56123 failed on platforms with non-bash default shell (false positive). * There was a possible heap overflow in the socks5 client code. It could be triggered by connecting to a malicious socks5 server that expected this connection and had knowledge about details of the client binary code. ==== systemd ==== Subpackages: libsystemd0 libsystemd0-32bit libudev1 systemd-32bit systemd-boot systemd-container systemd-lang udev - Temporarily add 1002-nss-systemd-avoid-ELF-TLS-for-recursion-guard.patch until upstream releases it (bsc#1254924) ==== vim ==== Version update (9.2.0530 -> 9.2.0725) Subpackages: vim-data vim-data-common xxd - Replace pkgconfig(gtk+-3.0) with pkgconfig(gtk4) and pass - -enable-gui=gtk4 instead of --enable-gui=gtk3 to configure. Build gvim with gtk4 instead of gtk3. - Refresh patches with quilt. - Updated to version 9.2.0725, fixes the following problems: 9.2.0531: tests: Test_cd_completion() fails on MS-Windows with E344 9.2.0532: GTK: preedit font size is wrong for fractional point sizes 9.2.0533: '[ mark moved to end of inserted text after CTRL-R CTRL-P paste 9.2.0534: GTK UI does not support fullscreen mode 9.2.0535: tests: matchit plugin is not tested 9.2.0536: tests: Test_invalid_args() fails on GTK4 without xterm_clipboard 9.2.0537: GTK4: mouse popup menu does not show up at mouse pointer 9.2.0538: Cannot keep leading whitespace in %{} statusline expr 9.2.0539: filetype: too many Bitbake include files are recognized 9.2.0540: tests: Test_mswin_event_mouse is flaky 9.2.0541: Vim9: endclass/endenum/endinterface can give errors 9.2.0542: tests: test_codestyle fails 9.2.0543: Vim9: wrong error when redeclaring a typed variable 9.2.0544: GTK4: window blank after a resize or drag 9.2.0545: popup: blending uses hardcoded fallback colors 9.2.0546: configure: GTK4 build requires GTK >= 4.10 9.2.0547: "%v" in 'errorformat' is affected by 'tabstop' 9.2.0548: GTK4: terminal and pty job output is not processed 9.2.0549: Cursor wrong after autoindent strip is skipped 9.2.0550: GTK4: 'mousehide' unhides cursor when switching tabs 9.2.0551: filetype: Tolk files are not recognized 9.2.0552: GTK4: F10 does nothing when the menubar is hidden 9.2.0553: runtime(netrw): netrw rejects hostnames containing _ 9.2.0554: GTK4: memory leak in free_menu() 9.2.0555: too many strlen() in ex_substitute() 9.2.0556: GTK4: scrollbars not shown and do not respond to clicks 9.2.0557: filetype: Kawasaki Robots files are not recognized 9.2.0558: filetype: Popcap Reanimation files are not recognized 9.2.0559: filetype: Kaitai struct files are not recogonized 9.2.0560: filetype: busybox shebang lines are not recognized 9.2.0561: [security]: possible code execution with python3complete 9.2.0562: filetype: SGF files are not recognized 9.2.0563: GTK3/Wayland: crash with right mouse-button in tabline 9.2.0564: GTK4: tabline does not respond to mouse clicks 9.2.0565: [security]: out-of-bounds read in update_snapshot() 9.2.0566: f duplicates window if do_ecmd() is aborted 9.2.0567: dict function name allocation failure not handled 9.2.0568: pythoncomplete: g:pythoncomplete_allow_import had no effect 9.2.0569: out-of-bounds access in libvterm CSI 8 t resize 9.2.0570: GTK4: mouse wheel scrolling does not work correctly 9.2.0571: Vim9: memory leak in compile_nested_function() on failure 9.2.0572: lines disappear with wrapping virtual text after a double-width char 9.2.0573: Vim9: missing EX_WHOLE on some block keywords 9.2.0574: tests: missing test for v9.2.0572 9.2.0575: tests: filetype test for v9.2.0557 can be improved 9.2.0576: popup_create() not blocked in secure/sandbox 9.2.0577: GTK4: window resizing issues 9.2.0578: GTK4: :unmenu does not remove entries from the menubar 9.2.0579: :mksession, :mkview and :mkvimrc emit legacy Vim script 9.2.0580: xxd: binary output is not colored with -R 9.2.0581: After maximizing and deleting the quickfix buffer, window height is wrong 9.2.0582: GTK4: compile error when XFONTSET is defined 9.2.0583: completion: indent not ignored for fuzzy line completion 9.2.0584: GTK4: missing UI features 9.2.0585: line number wrong after undoing a deletion in quickfix buffer 9.2.0586: Crash with TextPut autocmd when pasting in terminal buffer 9.2.0587: GTK4: left scrollbar overlaps drawarea 9.2.0588: GTK4: drawing area loses focus after closing a menubar popover 9.2.0589: filetype: xinitrc files are not recognized 9.2.0590: GTK4: drawing area loses focus shape on popup menu open 9.2.0591: 'scrolljump' ignored when scrolling up 9.2.0592: Error when restoring session with terminal window 9.2.0593: :wqall ignores term_setkill() on running terminal buffers 9.2.0594: Use-after-free with ":wqall" and a running terminal job 9.2.0595: MS-Windows: Wrong buffer size calculation for gvimext 9.2.0596: cmdline completion popup cannot be scrolled with the mouse 9.2.0597: [security]: possible code execution with python complete 9.2.0598: tests: Test_statusline() is flaky 9.2.0599: popup: title set with popup_setoptions() is not shown 9.2.0600: clientserver method needs to be given as argument 9.2.0601: matchfuzzypos() returns garbage positions for long candidates 9.2.0602: popup: No opacity when background not set for Popup group 9.2.0603: possible heap-buffer-overflow when resizing the GUI 9.2.0604: tests: Test_mswin_event_mouse() is still flaky 9.2.0605: tests: Test_screenpos() is flaky in GUI 9.2.0606: GTK4: does not support all clipboard formats 9.2.0607: GTK4: inputdialog() does not work as expected 9.2.0608: popup_setoptions()/ch_setoptions() does not check secure mode 9.2.0609: completion info popup cannot be scrolled with the keyboard 9.2.0610: cindent: closing brace in a comment affects the next line's indent 9.2.0611: MS-Windows: evim.exe not working with VIMDLL 9.2.0612: Cannot render images in popup windows 9.2.0613: tests: test_xxd_color2() checks for dash but uses sh 9.2.0614: opacity popup leaves stale cells 9.2.0615: sixel encoder drops pixels on the right edge of shapes 9.2.0616: GTK4: use-after-free on clipboard read timeout 9.2.0617: GvimExt: does not support different runtime dirs 9.2.0618: use-after-free in popup_getoptions() on dict_add() failure 9.2.0619: integer overflow in popup image size validation 9.2.0620: runtime(netrw): fix 2match pattern rebuild 9.2.0621: 'autoindent' not stripped with virtualedit=onemore 9.2.0622: str2blob() does not work with wide UTF-16 encoding 9.2.0623: possible integer overflow in spellfile tree bounds check 9.2.0624: C-N/C-P cannot be mapped in complete() completion ... changelog too long, skipping 102 lines ... * vim-9.1.1732-fix-inc-detection.patch ==== xclock ==== Version update (1.1.1 -> 1.2.0) - Update to version 1.2.0 * This release adds new command line options -proportional, -analog24, - help, --help, -version, and --version; and new X resources analog24, amColor, pmColor, fixed1Color, fixed2Color, fixed3Color, hourShape, minuteShape, secondShape, majorShape, minorShape, amShape, pmShape, fixed1Shape, fixed2Shape, fixed3Shape, rotateAmpm, zOrder, and proportional. See the updated man page for details of each. * It also adds support for building with meson as well as autoconf. - switch to meson