Packages changed: MozillaFirefox (138.0.4 -> 139.0.1) gsasl gtk-layer-shell (0.9.1 -> 0.9.2) kernel-source (6.14.6 -> 6.15.0) llvm20 (20.1.5 -> 20.1.6) openSUSE-release (20250601 -> 20250602) ovpn-dco (0.2.20241216~git0.a08b2fd_k6.14.6_2 -> 0.2.20241216~git0.a08b2fd_k6.15.0_1) patterns-media python-rich (13.9.4 -> 14.0.0) python311 python311-core tuned === Details === ==== MozillaFirefox ==== Version update (138.0.4 -> 139.0.1) Subpackages: MozillaFirefox-branding-upstream MozillaFirefox-translations-common - Mozilla Firefox 139.0.1 https://www.mozilla.org/en-US/firefox/139.0.1/releasenotes/ * Fixed graphics corruption with certain NVIDIA graphics adapters and multiple monitors running at mixed refresh rates after updating to Firefox 139. (bmo#1968876) - Mozilla Firefox 139.0 https://www.mozilla.org/en-US/firefox/139.0/releasenotes/ MFSA 2025-42 (bsc#1243353) * MFSA-TMP-2025-0001 (bmo#1962421) Double-free in libvpx encoder * CVE-2025-5263 (bmo#1960745) Error handling for script execution was incorrectly isolated from web content * CVE-2025-5264 (bmo#1950001) Potential local code execution in “Copy as cURL” command * CVE-2025-5265 (bmo#1962301) Potential local code execution in “Copy as cURL” command * CVE-2025-5266 (bmo#1965628) Script element events leaked cross-origin resource status * CVE-2025-5270 (bmo#1910298) SNI was sometimes unencrypted * CVE-2025-5271 (bmo#1920348) Devtools' preview ignored CSP headers * CVE-2025-5267 (bmo#1954137) Clickjacking vulnerability could have led to leaking saved payment card details * CVE-2025-5268 (bmo#1950136, bmo#1958121, bmo#1960499, bmo#1962634) Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11 * CVE-2025-5272 (bmo#1726254, bmo#1742738, bmo#1960121) Memory safety bugs fixed in Firefox 139 and Thunderbird 139 ==== gsasl ==== - Rename patch uninitialized_x.patch to 0001-uninitialized_x.patch and update it for version 2.2.1 - Reenable compilation warnings. Add patches * 0002-Fix-calloc-transposed-arguments.patch * 0003-Fix-more-transposed-calloc-arguments.patch - Use %autosetup to work with rpm-4.20 (bsc#1240154) ==== gtk-layer-shell ==== Version update (0.9.1 -> 0.9.2) - Update to 0.9.2: * Fix: don't set popup window geometry with no buffer attached, #200 * Fix: wait for configure event before letting GTK commit a buffer, #202 * Tests: refactor the mock Wayland compositor used by the tests, brings it in line with the version in the gtk4-layer-shell repo * Meson: bump required Meson version to 0.54.0 * Depends: require wayland-protocols >=1.16.0 to build ==== kernel-source ==== Version update (6.14.6 -> 6.15.0) - Revert "x86/smp: Eliminate mwait_play_dead_cpuid_hint()" (bsc#1243907). - commit 1fa64dc - Update config files: - enable Haoyu Microelectronics HYM8563 module, a popular RTC on ARM64, especially on Rockchip SoCs - commit 6a8b6fb - Revert "drm/amd/display: more liberal vmin/vmax update for freesync" (bsc#1243782). - commit 9dd7b0d - series.conf: cleanup - update upstream references and move into sorted section - patches.suse/ACPICA-Apply-ACPI_NONSTRING-in-more-places.patch - patches.suse/ACPICA-Apply-ACPI_NONSTRING.patch - patches.suse/ACPICA-Introduce-ACPI_NONSTRING.patch - commit 41d2c18 - ACPICA: Apply ACPI_NONSTRING in more places (acpica-build-fix). - commit 2d9e662 - ACPICA: Apply ACPI_NONSTRING (acpica-build-fix). - ACPICA: Introduce ACPI_NONSTRING (acpica-build-fix). - commit cee5f74 - Revert "Use gcc 13 for now" and "config: Set gcc version (jsc#PED-12251)." This reverts commits 1e750ef57517b9a3d42d75065c96ca02b25a7055 and 45c418b088c1e0f8e34c73c29d52b2707b163d2b. gcc 13 is not is factory staging, so the kernel cannot be submitted to factory. Let's revert for now and invent something better. I.e. use system's unversioned gcc. - Revert "Use gcc 13 for now" This reverts commit 45c418b088c1e0f8e34c73c29d52b2707b163d2b. gcc 13 is not is factory staging, so the kernel cannot be submitted to factory. Let's revert for now and invent something better. - commit 9f69fe5 - Delete patches.suse/compiler.h-Avoid-the-usage-of-__typeof_unqual__-when.patch. Superseded by: 1013f5636fd8 genksyms: Handle typeof_unqual keyword and __seg_{fs,gs} qualifiers - commit cd769f1 - update to 6.15 final - refresh configs (headers only) - commit ed9faca - Linux 6.14.8 (bsc#1012628). - phy: tegra: xusb: remove a stray unlock (bsc#1012628). - perf tools: Fix build error for LoongArch (bsc#1012628). - mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1012628). - drm/xe/gsc: do not flush the GSC worker from the reset path (bsc#1012628). - accel/ivpu: Flush pending jobs of device's workqueues (bsc#1012628). - accel/ivpu: Fix missing MMU events if file_priv is unbound (bsc#1012628). - accel/ivpu: Fix missing MMU events from reserved SSID (bsc#1012628). - accel/ivpu: Move parts of MMU event IRQ handling to thread handler (bsc#1012628). - accel/ivpu: Dump only first MMU fault from single context (bsc#1012628). - accel/ivpu: Use workqueue for IRQ handling (bsc#1012628). - dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1012628). - dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe (bsc#1012628). - dmaengine: idxd: fix memory leak in error handling path of idxd_alloc (bsc#1012628). - dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call (bsc#1012628). - dmaengine: idxd: Add missing cleanups in cleanup internals (bsc#1012628). - dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals (bsc#1012628). - dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups (bsc#1012628). - dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines (bsc#1012628). - dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs (bsc#1012628). - dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy (bsc#1012628). - dmaengine: ti: k3-udma: Add missing locking (bsc#1012628). - mm: userfaultfd: correct dirty flags set for both present and swap pte (bsc#1012628). - mm: hugetlb: fix incorrect fallback for subpool (bsc#1012628). - io_uring/uring_cmd: fix hybrid polling initialization issue (bsc#1012628). - io_uring/memmap: don't use page_address() on a highmem page (bsc#1012628). - net: qede: Initialize qede_ll_ops with designated initializer (bsc#1012628). - ring-buffer: Fix persistent buffer when commit page is the reader page (bsc#1012628). - wifi: mt76: mt7925: fix missing hdr_trans_tlv command for broadcast wtbl (bsc#1012628). - wifi: mt76: disable napi on driver removal (bsc#1012628). - tpm: Mask TPM RC in tpm2_start_auth_session() (bsc#1012628). - spi: tegra114: Use value to check for invalid delays (bsc#1012628). - smb: client: fix memory leak during error handling for POSIX mkdir (bsc#1012628). - scsi: sd_zbc: block: Respect bio vector limits for REPORT ... changelog too long, skipping 579 lines ... - commit c1311f9 ==== llvm20 ==== Version update (20.1.5 -> 20.1.6) - Update to version 20.1.6. * This release contains bug-fixes for the LLVM 20.1.0 release. This release is API and ABI compatible with 20.1.0. - Rebase llvm-do-not-install-static-libraries.patch. - Remove obsolete llvm-fix-hexagon-test.patch. - Use generic python3 for SLES 16 as python 3.11 is dropped there. [bsc#1243630] ==== openSUSE-release ==== Version update (20250601 -> 20250602) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== ovpn-dco ==== Version update (0.2.20241216~git0.a08b2fd_k6.14.6_2 -> 0.2.20241216~git0.a08b2fd_k6.15.0_1) - add patches for 6.15 * use-new-timer-api.patch * 6.15-newlink-proto.patch ==== patterns-media ==== Subpackages: patterns-media-rest_cd_core patterns-media-rest_dvd - Drop xen from the DVD. ==== python-rich ==== Version update (13.9.4 -> 14.0.0) - Update to 14.0.0 * Added - Added env var TTY_COMPATIBLE to override auto-detection of TTY support (See console.rst for details). #3675 * Changed - An empty NO_COLOR env var is now considered disabled. #3675 - An empty FORCE_COLOR env var is now considered disabled. #3675 - Rich tracebacks will now render notes on Python 3.11 onwards (added with Exception.add_note) #3676 - Indentation in exceptions won't be underlined #3678 - Rich tracebacks will now render Exception Groups #3677 ==== python311 ==== Subpackages: python311-curses python311-dbm python311-x86-64-v3 - Add CVE-2025-4516-DecodeError-handler.patch fixing CVE-2025-4516 (bsc#1243273) blocking DecodeError handling vulnerability, which could lead to DoS. - Use extended %autopatch. ==== python311-core ==== Subpackages: libpython3_11-1_0 libpython3_11-1_0-x86-64-v3 python311-base python311-base-x86-64-v3 - Add CVE-2025-4516-DecodeError-handler.patch fixing CVE-2025-4516 (bsc#1243273) blocking DecodeError handling vulnerability, which could lead to DoS. - Use extended %autopatch. ==== tuned ==== - Fix newlines in changelog - Add hardened profile (PED-12781) A 0001-hardened-Introduce-hardened-profile.patch