Packages changed: MicroOS-release (20250714 -> 20250716) NetworkManager-openconnect apparmor at-spi2-core curl docker (28.3.1_ce -> 28.3.2_ce) hwinfo (24.1 -> 25.0) kernel-firmware-bluetooth (20250613 -> 20250707) kernel-firmware-realtek (20250613 -> 20250630) libapparmor libostree (2025.2 -> 2025.3) libzypp (17.37.10 -> 17.37.11) lua54 (5.4.7 -> 5.4.8) ncurses (6.5.20250628 -> 6.5.20250712) patterns-base perl (5.40.2 -> 5.42.0) poppler (25.06.0 -> 25.07.0) poppler-qt6 (25.06.0 -> 25.07.0) procps python-maturin (1.9.0 -> 1.9.1) python-requests qt6-base rust-keylime (0.2.7+70 -> 0.2.7+117) systemd-presets-common-SUSE === Details === ==== MicroOS-release ==== Version update (20250714 -> 20250716) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== NetworkManager-openconnect ==== - Work with newer gettext-runtime. In gettext 0.24.1 the m4 files moved from /usr/share/aclocal/ to /usr/share/gettext/m4 ==== apparmor ==== - replace dovecot24.diff with upstream fix from MR 1733 (boo#1243008) ==== at-spi2-core ==== Subpackages: libatk-1_0-0 libatk-bridge-2_0-0 libatspi0 typelib-1_0-Atk-1_0 - Add upstream fixes: + at-spi2-core-grab-memory-leak.patch + at-spi2-core-key-grabs.patch (glgo#GNOME/at-spi2-core!193) + at-spi2-core-plug-crash.patch (glgo#GNOME/at-spi2-core#198) ==== curl ==== Subpackages: libcurl4 - Fix the --ftp-pasv option in curl v8.14.1 [bsc#1246197] * tool_getparam: fix --ftp-pasv [5f805ee] * Add curl-fix--ftp-pasv.patch ==== docker ==== Version update (28.3.1_ce -> 28.3.2_ce) Subpackages: docker-buildx docker-rootless-extras - Update to Docker 28.3.2-ce. See upstream changelog online at ==== hwinfo ==== Version update (24.1 -> 25.0) - merge gh#openSUSE/hwinfo#170 - Makefile: fix build for ARCH=i686 - 25.0 - merge gh#openSUSE/hwinfo#165 - Fix memory leaks in block device name handling - merge gh#openSUSE/hwinfo#164 - feat: capture usb alternate setting - feat: capture usb interface association - feat: use interface association descriptor first when classifying usb devices - USB improvements - merge gh#openSUSE/hwinfo#169 - add nvmeof and iscsi info (jsc#PED-13261, jsc#PED-13209) ==== kernel-firmware-bluetooth ==== Version update (20250613 -> 20250707) - Update to version 20250707 (git commit ba5e4e381494): * Revert "linux-firmware: Update firmware file for Intel Pulsar core" ==== kernel-firmware-realtek ==== Version update (20250613 -> 20250630) - Update to version 20250630 (git commit e2dad11e8d4b): * rtw89: 8922a: update fw to v0.35.80.0 * rtw89: 8852c: update fw to v0.27.129.1 * rtw89: 8852c: update fw to v0.27.128.0 ==== libapparmor ==== - replace dovecot24.diff with upstream fix from MR 1733 (boo#1243008) ==== libostree ==== Version update (2025.2 -> 2025.3) Subpackages: libostree-1-1 - Update to version 2025.3: + preparations for soft-reboot + admin status gets json output + config set now validates and rolls back if invalid + bug fixes ==== libzypp ==== Version update (17.37.10 -> 17.37.11) - Add runtime check for a broken rpm-4.18.0 --runpostrans (bsc#1246149) - Add regression test for bsc#1245220 and some other filesize related tests. - version 17.37.11 (35) ==== lua54 ==== Version update (5.4.7 -> 5.4.8) - Update to version 5.4.8: * Fixed 8 bugs from 5.4.7 - Add upstream1.patch: Numbered upstream patch ==== ncurses ==== Version update (6.5.20250628 -> 6.5.20250712) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20250712 + improve readability of term.h + modify recursive make rules to avoid interference with GNU make's "-j" option (report by Stas Sergeev). - Add ncurses patch 20250705 + when installing the terminfo database, check if symbolic links are supported before attemping to link lib/terminfo from share/terminfo (report by Kirill Makurin). + modify configure check for MAKEFLAGS/MFLAGS to ignore existing value ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11 - Add suse-lifecyle* packages to sw_management pattern (bsc#1240517). ==== perl ==== Version update (5.40.2 -> 5.42.0) Subpackages: perl-base - update to 5.42.0 * new pragma "source::encoding" * new ":writer" attribute on field variables * new "any" and "all" operators * lexical method declaration using "my method" * lexical method invocation operator "->&" * switch and Smart Match operator kept, behind a feature * unicode 16.0 supported * assigning logical xor "^^=" operator * many performance enhancements - drop perl-dirdup.diff (included upstream) ==== poppler ==== Version update (25.06.0 -> 25.07.0) - Update to version 25.07.0: + core: - Changed rendering of malformed documents to mimic what Adobe Reader does - Improvemenst in signature validation in the NSS backend - Add more detailed output when signing fails - Internal code improvements - Fix crashes in malformed documents + utils: pdfsig: command line option for allowing PGP signatures in GnuPG backend - Bump sover following upstream changes. ==== poppler-qt6 ==== Version update (25.06.0 -> 25.07.0) - Update to version 25.07.0: + core: - Changed rendering of malformed documents to mimic what Adobe Reader does - Improvemenst in signature validation in the NSS backend - Add more detailed output when signing fails - Internal code improvements - Fix crashes in malformed documents + utils: pdfsig: command line option for allowing PGP signatures in GnuPG backend - Bump sover following upstream changes. ==== procps ==== Subpackages: libproc2-1 - Add patch procps-ng-4.0.5-bsc1246330.patch * Do not Fail in year 2038 (bsc#1246330) ==== python-maturin ==== Version update (1.9.0 -> 1.9.1) - Convert to libalternatives - Update to 1.9.1 * Fix absolute license path in generated Python wheels gh#PyO3/maturin#2666 ==== python-requests ==== - Add revert-caching-default-sslcontext.patch upstream patch to avoid problems with certificate caching in sslcontext. bsc#1246104, gh#psf/requests#6767 ==== qt6-base ==== Subpackages: libQt6Concurrent6 libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6OpenGLWidgets6 libQt6PrintSupport6 libQt6Sql6 libQt6Test6 libQt6Widgets6 libQt6Xml6 qt6-network-tls qt6-networkinformation-glib qt6-networkinformation-nm qt6-printsupport-cups qt6-sql-sqlite - Add upstream fix (CVE-2025-5992, boo#1246343) * 0001-Add-clamping-to-QColorTransferGenericFunction.patch ==== rust-keylime ==== Version update (0.2.7+70 -> 0.2.7+117) - Update vendored crates (bsc#1242623, CVE-2025-3416) * openssl 0.10.73 - Update to version 0.2.7+117: * Increase coverage in evidence handling structure * Add Capabilities Negotiations resp. missing fields * Fix UEFI test to check file access in all cases * context_info_handler: Do not assume /var/lib/keylime exists * Fix clippy warnings about uninlined format arguments * attestation: Allow unwrap() in tests * Increase coverage (groom code, extend unit tests) * Include IMA/UEFI logs in Evidence Handling request * Include method to get all IMA entries as string * Send correct list of pcr banks and sign algorithms * Try to fix TPM tests related issues * Define attestation perform asynchronous * Perform attestation in push model agent binary * Refactor code to use new attestation.rs * Create attestation.rs for Attestation stuff * Move ContextInfo management to its own handler * Adjust context_info.rs after rebase * Add attestation function to ContextInfo structure * Add prohibited signing algorithms, avoid ecschnorr * keylime/config: Use macro to implement PushModelConfigTrait * Introduce keylime-macros and define_view_trait * config: Remove KeylimeConfig structure * config: Remove unnecessary options and lazy initialization * Fix pcr_bank function to send all possible slots * Send Content-Type:application/json on request (#1039) * Send correct 'key_algorithm' in certification_keys (#1035) * Push Model: Persist Attestation Key to file * Add Keylime push model binary to root GNUmakefile * Use singleton to avoid multiple Context allocation * tests: Do not assume `/var/lib/keylime` exists (#1030) * lib/cert: Fix race condition due to use of same file path * payloads: Fix race condition in tests * Add uefi_log_handler.rs to parse UEFI binary * Use IMA log parser to send correct entry count * Add IMA log parser * build(deps): bump once_cell from 1.19.0 to 1.21.3 * lib/config/base.rs: Add more unit tests * lib/permissions: Add unit tests * keylime-agent: move JsonWrapper from common.rs to the library * lib/agent_data: Move agent_data related tests from common * common: Replace APIVersion with the library Version structure * keylime_agent: Move secure_mount.rs to the library * lib: Rename keylime_error.rs as error.rs * config: Move config to keylime library * config: Rename push_model_config to push_model * lib: Move permissions.rs from keylime-agent to the lib * Extract Capabilities Negotiation info from TPM (#1014) ==== systemd-presets-common-SUSE ==== - Add cockpit.socket to improve user experience as it is replacing YaST (jsc#PED-13228)