Packages changed: 7zip (24.09 -> 25.01) MozillaFirefox (141.0.2 -> 142.0.1) SDL3 (3.2.20 -> 3.2.22) aaa_base (84.87+git20250805.3069494 -> 84.87+git20250903.33e5ba4) boost-base boost-extra busybox-links certmonger (0.79.19 -> 0.79.20) cnf (0.8.1~0 -> 0.9.0~0) container-selinux (2.240.0 -> 2.241.0) file icewm (3.7.3 -> 3.9.0) iso-codes (4.16.0 -> 4.18.0) kernel-firmware-ath11k (20250820 -> 20250829) kernel-firmware-ath12k (20250808 -> 20250903) kernel-firmware-bluetooth (20250820 -> 20250903) kernel-firmware-i915 (20250730 -> 20250903) kernel-firmware-intel (20250825 -> 20250903) kernel-firmware-iwlwifi (20250818 -> 20250829) kernel-firmware-media (20250825 -> 20250903) kernel-firmware-mediatek (20250813 -> 20250903) kernel-firmware-qcom (20250820 -> 20250903) libcdr (0.1.7 -> 0.1.8) libqt5-qtwebengine (5.15.18 -> 5.15.19) libreoffice (25.2.5.2 -> 25.8.1.1) libvirt (11.6.0 -> 11.7.0) libvisio (0.1.7 -> 0.1.8) libxmlb (0.3.22 -> 0.3.23) mozilla-nss (3.113 -> 3.115.1) net-tools (2.10 -> 2.10+1) openSUSE-release (20250902 -> 20250905) python-cryptography qt6-declarative raspberrypi-firmware-dt (2023.11.21 -> 2025.05.14) sdbootutil (1+git20250820.077bd8b -> 1+git20250903.f5a076b) selinux-policy (20250812 -> 20250902) wireplumber (0.5.10 -> 0.5.11) zlib-ng-compat (2.2.4 -> 2.2.5) === Details === ==== 7zip ==== Version update (24.09 -> 25.01) - Update to 25.01 (boo#1249130) * The code for handling symbolic links has been changed to provide greater security when extracting files from archives * Command line switch -snld20 can be used to bypass default security checks when creating symbolic links. - includes changes from 25.00: * bzip2 compression speed was increased by 15-40%. * deflate (zip/gz) compression speed was increased by 1-3%. * improved support for zip, cpio and fat archives. * CVE-2025-53816 : 7-Zip could work incorrectly for some incorrect RAR archives (boo#1246706) * CVE-2025-53817 : 7-Zip could crash for some incorrect COM (Compound File) archives (boo#1246707) ==== MozillaFirefox ==== Version update (141.0.2 -> 142.0.1) Subpackages: MozillaFirefox-branding-upstream - Mozilla Firefox 142.0.1 * Dragging multiple non-adjacent tabs in horizontal tab strip mode now correctly moves them together as a group. (bmo#1982933) * Dragging multiple tabs no longer causes toolbar unresponsiveness or visual glitches. (bmo#1984342) * Fixed an issue where the text cursor appeared in the wrong location. (bmo#1984045) * Fixed a crash related to gamepad use, particularly on macOS (bmno#1870379) * Fixed an issue where the expand on hover feature in the sidebar would sometimes stop working. (bmo#1982129) * Fixed a crash in KDE Plasma when using certain custom window decorations. (bmo#1984823) - Mozilla Firefox 142 https://www.mozilla.org/en-US/firefox/142.0/releasenotes/ MFSA 2025-64 (bsc#1248162) * CVE-2025-9179 (bmo#1979527) Sandbox escape due to invalid pointer in the Audio/Video: GMP component * CVE-2025-9180 (bmo#1979782) Same-origin policy bypass in the Graphics: Canvas2D component * CVE-2025-9181 (bmo#1977130) Uninitialized memory in the JavaScript Engine component * CVE-2025-9186 (bmo#1445758) Spoofing issue in the Address Bar component of Firefox Focus for Android * CVE-2025-9182 (bmo#1975837) Denial-of-service due to out-of-memory in the Graphics: WebRender component * CVE-2025-9183 (bmo#1976102) Spoofing issue in the Address Bar component * CVE-2025-9187 (bmo#1825621, bmo#1970079, bmo#1976736, bmo#1979072) Memory safety bugs fixed in Firefox 142 and Thunderbird 142 * CVE-2025-9184 (bmo#1929482, bmo#1976376, bmo#1979163, bmo#1979955) Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 * CVE-2025-9185 (bmo#1970154, bmo#1976782, bmo#1977166) Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 - Refresh mozilla-pgo.patch - requires NSS 3.114 ==== SDL3 ==== Version update (3.2.20 -> 3.2.22) - Update to release 3.2.22 * A bunch of changes for non-Linux platforms only ==== aaa_base ==== Version update (84.87+git20250805.3069494 -> 84.87+git20250903.33e5ba4) Subpackages: aaa_base-extras - Update to version 84.87+git20250903.33e5ba4: * Correct fix for boo#1247495 (boo#1248158) ==== boost-base ==== Subpackages: boost-license1_88_0 libboost_filesystem1_88_0 libboost_iostreams1_88_0 libboost_locale1_88_0 libboost_thread1_88_0 - require shared library package in versioned libboost_url-devel (bsc#1248645) ==== boost-extra ==== - require shared library package in versioned libboost_url-devel (bsc#1248645) ==== busybox-links ==== Subpackages: busybox-coreutils busybox-diffutils busybox-ed busybox-findutils busybox-gawk busybox-grep busybox-gzip busybox-procps busybox-psmisc busybox-sed busybox-sendmail busybox-which busybox-xz - Set net-tools conflict version properly. - Add busybox-ether-wake replacing downstream ether-wake from net-tools (boo#1249034). - Provide support for net-tools-dummy-ether-wake (bsc#1242048). ==== certmonger ==== Version update (0.79.19 -> 0.79.20) - Disable failing tests with NSS 3.115.1: 007-certsave-dbm and 007-certsave-sql 025-casave-dbm * patch disable_some_tests.patch - Update to 0.79.20 * Fix type error in cm_tdbusm_get_vn * Adjust parameter type for util_EVP_PKEY_id * Update tests to be compatible with OpenSSL 3.2 * Switch BR from /usr/include/popt.h to popt-devel * getcert: return 2 when trying to create a duplicate entry * getcert: add NULL check to duplicate string compare * Use correct object path for 'ca' property of request objects in D-Bus API * Move shell_escape function to util.c * Add more environment variables to be passed on to the notification command * Translated using Weblate (Chinese (Simplified) (zh_CN)) * Translated using Weblate (Georgian) * Translated using Weblate (Russian) - Remove patches merged upstream * 0001-Update-tests-to-be-compatible-with-OpenSSL-3.2.patch * certmonger-c99-01.patch * certmonger-c99-02.patch - New patch * add_some_missing_tests.patch ==== cnf ==== Version update (0.8.1~0 -> 0.9.0~0) Subpackages: cnf-bash - Update to version 0.9.0~0: * mark 0.9.0 version * Documented what configuration variables are relied on. * Change rust code to say 'dnf' instead of 'dnf4' * Fixed some grammar errors in README.md * (ci): run zypper dnf5 and dnf integration tests in a parallel * Added fish support. * Added instructions for .zsh * Updated documentation to mention dnf5 support * Updated documentation examples. * Check if zypper is installed. * Look for dnf5 repos in /etc/dnf/repos.d * Add CI tests for dnf4 * Updated documentation to mention dnf4 support * Adds support for dnf4. * Added CI tests for dnf5. * Rename docker images with -zypper suffix. * Allow manually triggering the ci tests. * Added fish support. * Added instructions for .zsh * Updated documentation to mention dnf5 support * Updated documentation examples. * Check if zypper is installed. * Look for dnf5 repos in /etc/dnf/repos.d * Use dnf5 if it's installed. * Translated using Weblate (Portuguese (Brazil)) ==== container-selinux ==== Version update (2.240.0 -> 2.241.0) - Update to version 2.241.0: * Allow domains that trans to container_runtime_t bpf:prog_run ==== file ==== Subpackages: file-magic libmagic1 - Add patch file-5.46-tcgets2.patch from https://bugs.astron.com/view.php?id=678 but disable hunk 1 to avoid conflict with file-seccomp-ppc.patch This should fix bug boo#1249071 - Modify patch file-seccomp-ppc.patch that is use on all architectures ==== icewm ==== Version update (3.7.3 -> 3.9.0) Subpackages: icewm-config-upstream icewm-default icewm-lite - Update to version 3.9.0: * This release has a new dependency: libXcursor. The dependency on libXpm is no longer required. * Features: - If a theme doesn't define a cursor, prefer the system Xcursor theme. - Add support for themed cursors to gdk-pixbuf without requiring libXpm. - Add support for Xcursor files as an alternative to XPM cursors. - Add new -kovered filter to icesh to test if a client is covered. * Fixes: - When lseek on /proc/net/dev fails, avoid it for the future. - Ensure that _NET_CLIENT_LIST_STACKING is always up-to-date. - Correct red and blue colors in icesh for loadicon and saveicon. - When truncating a title in icesh, respect UTF-8 codepoint boundaries. * Changes: When the cursor X/Y-hotspot is absent in a XPM, smart guess it. * Updated translations. - Replace pkgconfig(xpm) with pkgconfig(xcursor) BuildRequires following upstream changes. - Rebase patches with quilt. ==== iso-codes ==== Version update (4.16.0 -> 4.18.0) - Update to version 4.18.0: + Replace FSF postal address with their website + Rename Chinese translations. + Updated translations. - Changes from version 4.17.0: + Add letter 'g' to conversion script for Tatar + Regenerate cyrillic Tatar from latin Tatar + Update Romanian translation and remove most pre- and suffixes + Updated translations. ==== kernel-firmware-ath11k ==== Version update (20250820 -> 20250829) - Update to version 20250829 (git commit 64596902d2db): * ath11k: Support WCN6855 hw2.1 with NFA firmware variant ==== kernel-firmware-ath12k ==== Version update (20250808 -> 20250903) - Update to version 20250903 (git commit 577ee67ffca2): * ath12k: WCN7850 hw2.0@ncm865: add to WLAN.IOE_HMT.1.1-00018-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1 ==== kernel-firmware-bluetooth ==== Version update (20250820 -> 20250903) - Update to version 20250903 (git commit c784990ba3d2): * rtl_bt: Update RTL8822C BT USB firmware to 0x2B66_D962 ==== kernel-firmware-i915 ==== Version update (20250730 -> 20250903) - Update to version 20250903 (git commit c784990ba3d2): * xe: Update GUC to v70.49.4 for BMG, LNL, PTL * i915: Update GUC to v70.49.4 for ADL-P, DG1, DG2, MTL, TGL ==== kernel-firmware-intel ==== Version update (20250825 -> 20250903) - Update to version 20250903 (git commit c784990ba3d2): * intel_vpu: Update NPU firmware - Update to version 20250829 (git commit 993ff19b553c): * Fix link entry for qat_895xcc.bin - Update to version 20250829 (git commit 64596902d2db): * Move QAT firmware to intel/ subdirectory * Revert "intel/ish: Add firmware for LENOVO THINKPAD X1 2-in-1 Gen 10" ==== kernel-firmware-iwlwifi ==== Version update (20250818 -> 20250829) - Update to version 20250829 (git commit 64596902d2db): * Move all iwlwifi top level files to intel/ directory ==== kernel-firmware-media ==== Version update (20250825 -> 20250903) - Update to version 20250903 (git commit 577ee67ffca2): * qcom: vpu: update firmware binaries to fix encoder drain handling ==== kernel-firmware-mediatek ==== Version update (20250813 -> 20250903) - Update to version 20250903 (git commit 577ee67ffca2): * linux-firmware: update firmware for MT7925 WiFi device * mediatek MT7925:update bluetooth firmware to 20250825220109 Update binary firmware for MT7925 BT devices. ==== kernel-firmware-qcom ==== Version update (20250820 -> 20250903) - Update to version 20250903 (git commit c784990ba3d2): * qcom: add ADSP firmware for qcs615 platform ==== libcdr ==== Version update (0.1.7 -> 0.1.8) - version update to 0.1.8 * fix build with ICU 75 and ICU 76 * Upgrade m4 macros from autoconf-archive.git v2023.02.20 * Fix crash appear with format CDR 14 and Gradients ==== libqt5-qtwebengine ==== Version update (5.15.18 -> 5.15.19) - Change the way we pin to ffmpeg-7: set maximum versions for the libav* buildrequires insteaf of hardcoding ffmpeg-7-*devel. This allows OBS to still shortcut through the mini packages. - Update to version 5.15.19: * Bump version to 5.15.19 * qmake: Fix qmake2cmake parsing issue for 5.15 SBOM * Update Chromium (patched with security updates up to 135.0.7049.95): * [Backport] CVE-2024-10229: Inappropriate implementation in Extensions * [Backport] CVE-2024-10827: Use after free in Serial * [Backport] Security bug 378701682 * [Backport] CVE-2024-12694: Use after free in Compositing * [Backport] Security bug 382135228 * [Backport] Security bug 384565015 * [Backport] CVE-2025-0436: Integer overflow in Skia * [Backport] CVE-2024-11477 / Security bug 383772517 * [Backport] CVE-2025-0996: Inappropriate implementation in Browser UI * [Backport] CVE-2025-1426: Heap buffer overflow in GPU * [Backport] Security bug 396481096 * [Backport] CVE-2025-0762: Use after free in DevTools * [Backport] CVE-2025-0999: Heap buffer overflow in V8 * [Backport] CVE-2024-55549: Fix UAF related to excluded namespaces * [Backport] CVE-2025-24855 Fix use-after-free of XPath context node * [backport] CVE-2025-1919 * [Backport] CVE-2025-2783: Incorrect handle provided in unspecified circumstances in Mojo on Windows * [backport] CVE-2025-24201 * [backport] CVE-2025-2136 * [Backport] Security bug 399002829 * [Backport] Security bug 396460489 * [Backport] CVE-2025-3619 * Various python fixes - Drop patches: * python3.12-imp.patch * python3.12-six.patch * python3.13-pipes.patch - Don't try to build with ffmpeg >= 8 on factory ==== libreoffice ==== Version update (25.2.5.2 -> 25.8.1.1) Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-en libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-qt6 libreoffice-writer libreofficekit - Update to 25.8.1.1: * Release notes: https://wiki.documentfoundation.org/Releases/25.8.0/RC1 https://wiki.documentfoundation.org/Releases/25.8.0/RC2 https://wiki.documentfoundation.org/Releases/25.8.0/RC3 https://wiki.documentfoundation.org/Releases/25.8.0/RC4 https://wiki.documentfoundation.org/Releases/25.8.1/RC1 - Update bundled libraries: * pdfium-6764.tar.bz2 -> pdfium-7012.tar.bz2 * skia-m130-3c64459d5df2fa9794b277f0959ed8a92552bf4c.tar.xz -> skia-m136-28685d899b0a35894743e2cedad4c9f525e90e1e.tar.xz ==== libvirt ==== Version update (11.6.0 -> 11.7.0) Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-qemu libvirt-libs - Update to libvirt 11.7.0 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v11-7-0-2025-09-01 ==== libvisio ==== Version update (0.1.7 -> 0.1.8) - version update to 0.1.8 * tests: Fix build with libxml 2.12 * Add support for simple solid fill styles * Add support for TextBackground from SheetStyle (tdf136564) * Improve Arrowheads appearance (tdf#126402) * Fix reading FillStyleLst and TextBkgnd from shape (tdf#154379) * Add support to DrawingUnits types (tdf#154379) * Visio5: Provide cellType to collector in readTextField ==== libxmlb ==== Version update (0.3.22 -> 0.3.23) - Update to version 0.3.23: * Bugfixes: Do not reallocate the final silo blob when compiling to reduce peak RSS by about ~6%. ==== mozilla-nss ==== Version update (3.113 -> 3.115.1) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-sysinit mozilla-nss-tools - update to NSS 3.115.1 * bmo#1982742 - restore support for finding certificates by decoded serial number. * bmo#1984165 - avoid CKR_BUFFER_TO_SMALL error in trust lookups. - update to NSS 3.115 * bmo#1970304 - CID 1648399 - Resource leak in shlibsign.c * bmo#1981034 - CKA_SEED needs to be marked as a private attribute * bmo#1981518 - Fix bad syntax on Windows in softoken_gtest.cc * bmo#1974505 - Key private/public/secret keys by key type in softoken keydb * bmo#1980990 - add PK11_HPKE_GetSharedSecret to abi-check expected report * bmo#1980429 - remove NetscapeStepUpMatchesServerAuth from mozpkix TrustDomain * bmo#1927351 - Fixup ABI * bmo#1927351 - add ECH_SECRET and ECH_CONFIG to SSLKEYLOG for both client and server * bmo#1900841 - ECH fuzz target * bmo#1965331 - Implement PKCS #11 v3.2 FIPS indicator and validation objects * bmo#1978677 - remove expired explicitly distrusted DigiNotar lookalike root * bmo#1965329 - Implement PKCS #11 v3.2 functions - update to NSS 3.114 * bmo#1977376 - NSS 3.114 source distribution should include NSPR 4.37 * bmo#1970079 - Prevent leaks during pkcs12 decoding * bmo#1953731 - Remove redundant assert in p7local.c * bmo#1974515 - Bump nssckbi version to 2.80 * bmo#1961848 - Remove expired Baltimore CyberTrust Root * bmo#1972391 - Add TrustAsia Dedicated Roots to NSS * bmo#1974511 - Add SwissSign 2022 Roots to NSS * bmo#1836559 - Add backwards compatibility for CK_PKCS5_PBKD2_PARAMS * bmo#1965328 - Implement PKCS #11 v3.2 trust objects in softoken * bmo#1965328 - Implement PKCS #11 v3.2 trust objects - nss proper * bmo#1974331 - remove dead code in ssl3con.c * bmo#1934867 - DTLS (excl DTLS1.3) Changing Holddown timer logic * bmo#1974299 - Bump nssckbi version to 2.79 * bmo#1967826 - remove unneccessary assertion * bmo#1948485 - Update mechanisms for Softoken PCT * bmo#1974299 - convert Chunghwa Telecom ePKI Root removal to a distrust after * bmo#1973925 - Ensure ssl_HaveRecvBufLock and friends respect opt.noLocks * bmo#1973930 - use -O2 for asan build * bmo#1973187 - Fix leaking locks when toggling SSL_NO_LOCKS * bmo#1973105 - remove out-of-function semicolon * bmo#1963009 - Extend pkcs8 fuzz target * bmo#1963008 - Extend pkcs7 fuzz target * bmo#1908763 - Remove unused assignment to pageno * bmo#1908762 - Remove unused assignment to nextChunk * bmo#1973490 - don't run commands as part of shell `local` declarations * bmo#1973490 - fix sanitizer setup * bmo#1973187 - don't silence ssl_gtests output when running with coverage * bmo#1967411 - Release docs and housekeeping * bmo#1972768 - migrate to new linux tester pool - rebase FIPS patches to adjust for upstream FIPS work ==== net-tools ==== Version update (2.10 -> 2.10+1) - Set net-tools conflict version properly. - Drop ether-wake binary in favor of wol. It was never part of the upstream net-tools, and we have ether-wake in busybox. Bump rpm version to 2.10.0.0.1 to make a seamless update possible (boo#1249034, drop 0001-Add-ether-wake-binary.patch). - Provide support for net-tools-dummy (bsc#1242048). - Remove net_tool Provides/Obsoletes for SuSE Linux 7 and SLES 7. ==== openSUSE-release ==== Version update (20250902 -> 20250905) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== python-cryptography ==== Subpackages: python311-cryptography python313-cryptography - Add Make-unsafe-subinterpreter-support-available-via-cfg.patch to allow ceph-mgr to load modules (boo#1248987) ==== qt6-declarative ==== Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsPlatform6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlMeta6 libQt6QmlModels6 libQt6QmlNetwork6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 libQt6QuickVectorImage6 libQt6QuickWidgets6 qt6-declarative-imports - Disable LTO on armv6/7 as a workaround - boo#1249054 ==== raspberrypi-firmware-dt ==== Version update (2023.11.21 -> 2025.05.14) - Fix compatible for bcm2712 pinctrl * bcm2712-fix-compatible.patch - Slow down eMMC and WiFi interface for CM5 modules. * 0001-ARM-dts-bcm2712-Slow-down-eMMC-interface.patch - Remove DMA support from devices. No upstream support for it. * 0001-ARM-dts-bcm2712-Remove-DMA-support.patch - Make rp1_nexus node The interrupt controller - Fix sram@400000 reg mapping. - Update devicetree files to 6.12.y from vendor linux tree. - Refresh following patch which now includes RPi5 related files: * 0001-ARM-dts-bcm27xx-Use-better-name-for-spidev.patch - Remove upstream RPi5 devicetree file. We will use downstream version, which will bring us all of the overlays. * 0001-arm64-dts-broadcom-bcm2712-Add-RaspberryPi-5-support.patch - Add following patches. Firs one adjust RP1 devicetree bindings to the upstream device driver requirements. The second patch fixes possible device crash in s2idle. * 0001-dts-rp1-Wrap-RP1-node-into-nexus-node-as-expected-by.patch * 0002-ARM-dts-bcm2711-Fix-xHCI-power-domain.patch - Add bootloader nmmem configuration fixup overlay. Firmware will put start address and size of bootloader configuration information into $blconfig node, but it will use hard coded #address-cells=2 and #size-cells=1, which is not always true. This will make Linux driver to refuse to register region and because of this rpi-eeprom-update tool will not work. Add workaround which will properly populate reg=<> propery. Hopefully device firmware will be fixed.. - Add nvmem DeviceTree nodes - Add RaspberryPi 5 support ==== sdbootutil ==== Version update (1+git20250820.077bd8b -> 1+git20250903.f5a076b) Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper - Update to version 1+git20250903.f5a076b: * Distiguish between path and id for boot entries ==== selinux-policy ==== Version update (20250812 -> 20250902) Subpackages: selinux-policy-targeted - Update to version 20250902: * Label /usr/lib/systemd/systemd-ssh-issue with systemd_ssh_issue_exec_t * Allow stalld map sysfs files * Allow NetworkManager-dispatcher-winbind get pidfs attributes * Allow openvpn create and use generic netlink socket * policy_capabilities: remove estimated from released versions * policy_capabilities: add stub for userspace_initial_context * add netlink_xperm policy capability and nlmsg permission definitions * policy_capabilities: add ioctl_skip_cloexec * selinux-policy: add allow rule for tuned_ppd_t * selinux-policy: add allow rule for switcheroo_control_t * Label /run/audit with auditd_var_run_t * Allow virtqemud start a vm which uses nbdkit * Add nbdkit_signal() and nbdkit_signull() interfaces * Fix insights_client interfaces names * Add insights_core and insights_client interfaces * dist/targeted/modules.conf: enable slrnpull module * Allow bootupd delete symlinks in the /boot directory * Allow systemd-coredumpd capabilities in the user namespace * Allow openvswitch read virtqemud process state - Syncing with upstream rawhide selinux-policy up to: * 17956d28c011c35560e75a7293ac5924df57a1ee - Update embedded container-selinux version to commit: * 5997aa524734886d35e187f52de2546f25c9f500 (version 2.241.0) ==== wireplumber ==== Version update (0.5.10 -> 0.5.11) Subpackages: libwireplumber-0_5-0 - Update to version 0.5.11: * Additions & Enhancements: - Added modem manager module for tracking voice call status and voice call device profile selection hooks to improve phone call audio routing on mobile devices (!722, !729, #819) - Added MPRIS media player pause functionality that automatically pauses media playback when the audio target (e.g. headphones) is removed (!699, #764) - Added support for human-readable names and localization of settings in wireplumber.conf with wpctl displaying localized setting descriptions (!712) - Improved default node selection logic to use both session and route priorities when nodes have equal session priorities (!720) - Increased USB device priority in the ALSA monitor (!719) * Fixes: - Fixed multiple Lua runtime issues including type confusion bugs, stack overflow prevention, and SPA POD array/choice builders (!723, !728) - Fixed proxy object lifecycle management by properly clearing the OWNED_BY_PROXY flag when proxies are destroyed to prevent dangling pointers (!732) - Fixed state-routes handling to prevent saving unavailable routes and eliminate race conditions during profile switching (!730, #762) - Fixed some memory leaks in the script tester and the settings iterator (!727, !726) - Fixed a potential crash caused by module-loopback destroying itself when the pipewire connection is closed (#812) - Fixed profile saving behavior in wpctl set-profile command (#808) - Fixed GObject introspection closure annotation ==== zlib-ng-compat ==== Version update (2.2.4 -> 2.2.5) - Update to 2.2.5: * RiscV: chunkset_rvv: fix SIGSEGV in CHUNKCOPY #1889 * MSVC: Disable optimizations for AVX512 GET_CHUNK_MAG causing inflate failure #1884 * Fix building with runtime CPU detection disabled (native) [#1931] * Also check for ZMM support when detecting VPCLMULQDQ support [#1932] * Revert "Clean up insert_match() in deflate_medium" due to performance regression #1938