Packages changed: MicroOS-release (20251120 -> 20251121) curl (8.16.0 -> 8.17.0) freetype2 (2.13.3 -> 2.14.1) glib2 (2.86.1+11 -> 2.86.2) kernel-firmware-amdgpu (20251107 -> 20251119) kernel-firmware-mediatek (20251110 -> 20251119) kernel-firmware-qcom (20251106 -> 20251119) kernel-firmware-realtek (20251110 -> 20251118) kernel-firmware-sound (20251110 -> 20251118) samba (4.22.5+git.431.dc5a539f124 -> 4.22.6+git.435.014e5eceb5d) vmaf xen (4.20.2_02 -> 4.21.0_02) === Details === ==== MicroOS-release ==== Version update (20251120 -> 20251121) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== curl ==== Version update (8.16.0 -> 8.17.0) Subpackages: libcurl4 - Fix a regression in curl 8.17.0: [bsc#1253116] * Builds with no CURL_CA_PATH ignore CURLOPT_CAPATH * vtls: fix CURLOPT_CAPATH use [gh#curl/curl#19401] * Add upstream curl-vtls-fix-CURLOPT_CAPATH-use.patch - Update to 8.17.0: * Security fixes: - [bsc#1252859, CVE-2025-10966] curl: missing SFTP host verification with wolfSSH - [bsc#1253757, CVE-2025-11563] curl: wcurl path traversal with percent-encoded slashes * Changes: - krb5: drop support for Kerberos FTP - multi: add notifications API - ssl: support Apple SecTrust configurations - tool_getparam: add --knownhosts - vssh: drop support for wolfSSH - wcurl: import v2025.11.04 * Bugfixes: - ares: fix leak in tracing - base64: accept zero length argument to base64_encode - c-ares: when resolving failed, persist error - cf-socket: set FD_CLOEXEC on all sockets opened - cf-socket: use the right byte order for ports in bindlocal - conn: fix hostname move on connection reuse - conncache: prevent integer overflow in maxconnects calculation - cookie: avoid saving a cookie file if no transfer was done - curl_easy_getinfo: error code on NULL arg - curl_path: make sure just whitespace is illegal - digest_sspi: fix two memory leaks in error branches - ftp: add extra buffer length check - ftp: check errors on remote ip for data connection - gnutls: check conversion of peer cert chain - gnutls: fix re-handshake comments - gssapi: make channel binding conditional on GSS_C_CHANNEL_BOUND_FLAG - gtls: check the return value of gnutls_pubkey_init() - hmac: free memory properly on errors - HTTP3: clarify the status for "old" OpenSSL, not current - kerberos: bump minimum to 1.3 (2003-07-08), drop legacy logic - krb5_gssapi: fix memory leak on error path - krb5_sspi: the chlg argument is NOT optional - ldap: avoid null ptr deref on failure - ldap: do not base64 encode zero length string - lib: SSL connection reuse - libssh/libssh2: reject quote command lines with too much data - libssh/sftp: fix resume corruption by avoiding O_APPEND with rresume - libssh: acknowledge SSH_AGAIN in the SFTP state machine - nghttp3: return NGHTTP3_ERR_CALLBACK_FAILURE from recv_header - ngtcp2: close just-opened QUIC stream when submit_request fails - ngtcp2: compare idle timeout in ms to avoid overflow - noproxy: fix the IPV6 network mask pattern match - NTLM: disable if DES support missing from OpenSSL or mbedTLS - openldap: limit max incoming size - openssl: call SSL_get_error() with proper error - openssl: check CURL_SSLVERSION_MAX_DEFAULT properly - openssl: fail if more than MAX_ALLOWED_CERT_AMOUNT certs - openssl: fail the transfer if ossl_certchain() fails - openssl: fix peer certificate leak in channel binding - openssl: fix resource leak in provider error path - openssl: free UI_METHOD on exit path - openssl: only try engine/provider if a cert file/name is provided - openssl: set io_need always - openssl: skip session resumption when verifystatus is set - pop3: fix CAPA response termination detection - quic: fix min TLS version handling - quic: ignore EMSGSIZE on receive - schannel: properly close the certfile on error - schannel_verify: fix mem-leak in Curl_verify_host - socks: avoid UAF risk in error path - socks: deny server basic-auth if not configured - socks_gssapi: reject too long tokens - socks_gssapi: remove the forced "no protection" - thread: errno on thread creation - ws: reject curl_ws_recv called with NULL buffer with a buflen * Rebase libcurl-ocloexec.patch * Remove curl-handle_user-defined_connection_headers.patch upstream ==== freetype2 ==== Version update (2.13.3 -> 2.14.1) - update to 2.14.1: * The auto-hinter got new abilities. It can now better separate diacritic glyphs from base glyphs at small sizes by artificially moving diacritics up (or down) if necessary * Tilde accent glyphs get vertically stretched at small sizes so that they don't degenerate to horizontal lines. * Diacritics directly attached to a base glyph (like the ogonek in character 'ę') no longer distort the shape of the base glyph * The TrueType instruction interpreter was optimized to produce a 15% gain in the glyph loading speed. * Handling of Variation Fonts is now considerably faster * TrueType and CFF glyph loading speed has been improved by 5-10% on modern 64-bit platforms as a result of better handling of fixed-point multiplication. * The BDF driver now loads fonts 75% faster. ==== glib2 ==== Version update (2.86.1+11 -> 2.86.2) Subpackages: glib2-tools libgio-2_0-0 libgirepository-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 typelib-1_0-GLib-2_0 typelib-1_0-GModule-2_0 typelib-1_0-GObject-2_0 typelib-1_0-Gio-2_0 - Update to version 2.86.2: + Fix tests when run against pcre2 10.47 + Bugs fixed: - GRegex tests fail with pcre2 10.47: different error for ^(a)\g{3 - g_get_user_special_dir doesn't strip trailing slash from $HOME/ - gresolver: Fix loopback detection of IPv6 addresses - gregex: Handle PCRE2_ERROR_MISSING_NUMBER_TERMINATOR if defined - Fix g_memory_monitor_base_query_mem_ratio on Solaris - gutils: Strip all trailing slashes ==== kernel-firmware-amdgpu ==== Version update (20251107 -> 20251119) - Update to version 20251119 (git commit fe13aa9b9830): * amdgpu: update vega20 firmware * amdgpu: update vega12 firmware * amdgpu: update vega10 firmware * amdgpu: update vangogh firmware * amdgpu: update renoir firmware * amdgpu: update yellow carp firmware * amdgpu: update VCN 3.1.2 firmware * amdgpu: update PSP 13.0.5 firmware * amdgpu: update GC 10.3.6 firmware * amdgpu: update VCN 5.0.0 firmware * amdgpu: update SMU 14.0.3 firmware * amdgpu: update PSP 14.0.3 firmware * amdgpu: update GC 12.0.1 firmware * amdgpu: update SMU 14.0.2 firmware * amdgpu: update PSP 14.0.2 firmware * amdgpu: update GC 12.0.0 firmware * amdgpu: update VCN 4.0.4 firmware * amdgpu: update smu 13.0.7 firmware * amdgpu: update PSP 13.0.7 firmware * amdgpu: update GC 11.0.2 firmware * amdgpu: update SMU 13.0.10 firmware * amdgpu: update SDMA 6.0.3 firmware * amdgpu: update PSP 13.0.10 firmware * amdgpu: update GC 11.0.3 firmware * amdgpu: update smu 13.0.0 kicker firmware * amdgpu: update PSP 13.0.0 kicker firmware * amdgpu: update VCN 4.0.0 firmware * amdgpu: update SMU 13.0.0 firmware * amdgpu: update PSP 13.0.0 firmware * amdgpu: update GC 11.0.0 firmware * amdgpu: update navy flounder firmware * amdgpu: update sienna cichlid firmware * amdgpu: update navi14 firmware * amdgpu: update navi12 firmware * amdgpu: update navi10 firmware * amdgpu: update VCN 5.0.1 firmware * amdgpu: update PSP 13.0.12 firmware * amdgpu: update GC 9.5.0 firmware * amdgpu: update PSP 13.0.14 firmware * amdgpu: update GC 9.4.4 firmware * amdgpu: update PSP 14.0.5 firmware * amdgpu: update GC 11.5.3 firmware * amdgpu: update PSP 14.0.4 firmware * amdgpu: update GC 11.5.2 firmware * amdgpu: update green sardine firmware * amdgpu: update VCN 4.0.3 firmware * amdgpu: update SDMA 4.4.2 firmware * amdgpu: update PSP 13.0.6 firmware * amdgpu: update GC 9.4.3 firmware * amdgpu: update VCN 4.0.6 firmware * amdgpu: update PSP 14.0.1 firmware * amdgpu: update GC 11.5.1 firmware * amdgpu: update PSP 13.0.11 firmware * amdgpu: update GC 11.0.4 firmware * amdgpu: update VCN 4.0.5 firmware * amdgpu: update PSP 14.0.0 firmware * amdgpu: update GC 11.5.0 firmware * amdgpu: update VCN 4.0.2 firmware * amdgpu: update PSP 13.0.4 firmware * amdgpu: update GC 11.0.1 firmware * amdgpu: update beige goby firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update aldebaran firmware * amdgpu: add vce1 firmware ==== kernel-firmware-mediatek ==== Version update (20251110 -> 20251119) - Update to version 20251119 (git commit fe13aa9b9830): * mediatek MT7922: update bluetooth firmware to 20251118163447 * linux-firmware: update firmware for MT7922 WiFi device - Update to version 20251118 (git commit 53dce114cc5d): * mt76: add firmware for MT7990 * mt76: update firmware for MT7992 * mt76: update firmware for MT7996 ==== kernel-firmware-qcom ==== Version update (20251106 -> 20251119) - Update to version 20251119 (git commit 8b9fd78478ac): * qcom: update ADSP, CDSP firmware for kaanapali platform, change the license * qcom: add ADSP, CDSP firmware for sm8750 platform - Update to version 20251118 (git commit 53dce114cc5d): * qcom: Update aic100 firmware files * qcom: Add sdx35 Foxconn vendor firmware image file ==== kernel-firmware-realtek ==== Version update (20251110 -> 20251118) - Update to version 20251118 (git commit 53dce114cc5d): * rtl_nic: add firmware rtl9151a-1 ==== kernel-firmware-sound ==== Version update (20251110 -> 20251118) - Update to version 20251118 (git commit 53dce114cc5d): * cirrus: cs35l57: Add firmware for a few Dell products * cirrus: cs42l45: Add firmware for Cirrus Logic CS42L45 SDCA codec ==== samba ==== Version update (4.22.5+git.431.dc5a539f124 -> 4.22.6+git.435.014e5eceb5d) Subpackages: libldb2 samba-client samba-client-libs - Update [printers] location to /var/samba/spool; (bsc#1249179). - Update to 4.22.6 * macOS Finder client DFS broken on 4.22.0; (bso#15843). * Samba 4.22 breaks Time Machine; (bso#15926). * Spotlight search restriction for shares incomplete and default search searches in too many attributes; (bso#15927). * rpcd_mdssvc may crash because name mangling is not initialized; (bso#15931). * Only increment lease epoch if a lease was granted; (bso#15933). * samba-4.21 fails to join AD when multiple DCs are returned; (bso#15905). * 'net ads group' failed to list domain groups; (bso#15900). * vfs_ceph_new should not use ceph_ll_nonblocking_readv_writev for fsync_send; (bso#15919). * CTDB_SOCKET can be used even when CTDB_TEST_MODE is not set; (bso#15921). ==== vmaf ==== - Add xxd.patch and ditch build dependency on vim's xxd ==== xen ==== Version update (4.20.2_02 -> 4.21.0_02) - Update to Xen 4.21.0 FCS release * The minimum toolchain requirements have increased for some architectures: - For x86, GCC 5.1 and Binutils 2.25, or Clang/LLVM 11 - For ARM32 and ARM64, GCC 5.1 and Binutils 2.25 - For RISC-V, GCC 12.2 and Binutils 2.39 * Debian Trixie added to CI. Debian Bullseye retired from CI for RISC-V due to the baseline change. * Linux based device model stubdomains are now fully supported. * New dependency on library json-c 0.15 or later, the toolstack will prefer it to `YAJL` when available. * Introduce libxenmanage as a stable library, replacing xenstored's dependency on unstable libraries. * Introduce new PDX compression algorithm to cope with Intel Sierra Forest and Granite Rapids having sparse memory maps. * Support of qemu-traditional has been removed. * The in-tree oxenstored is deprecated and will be removed in a future version of Xen. It is moving into the Xapi project https://github.com/xapi-project/oxenstored so it can be maintained in line with the other Ocaml projects in the Xen ecosystem. * On x86: - Restrict the cache flushing done as a result of guest physical memory map manipulations and memory type changes. - Allow controlling the MTRR cache attribute of the Xen platform PCI device BAR for HVM guests, to improve performance of guests using it to map the grant table or foreign memory. - Allow configuring the number of altp2m tables per domain via vm.cfg. - Option to attempt to fixup p2m page-faults on PVH dom0. - Resizable BARs is supported for PVH dom0. - Support PCI passthrough for HVM domUs when dom0 is PVH (note SR-IOV capability usage is not yet supported on PVH dom0). - Smoke tests for the FreeBSD Xen builds in Cirrus CI. - PVH xenstore-stubdom now supports Live Update. - Support in hvmloader for new SMBIOS tables: 7 (Cache Info), 8 (Port Connector), 9 (System Slots), 26 (Voltage Probe), 27 (Cooling Device), and 28 (Temperature Probe). - New amd-cppc/amd-cppc-epp cpufreq driver. - GNTTABOP_cache_flush: it's unused on x86 and the implementation is broken. * On Arm: - Ability to enable stack protector. - GICv3.1 eSPI (Extended Shared Peripheral Interrupts) support for Xen and guest domains. - SMMU handling for PCIe passthrough. - R-Car Gen4 PCI host controller support. - SCI SCMI SMC single-agent support. - Initial support for MPU, R82, and R52: reaches the early boot stages. * On RISC-V: - Basic UART support and external interrupts (APLIC/IMSIC only) handling for hypervisor mode.