Packages changed: ImageMagick (7.1.2.25 -> 7.1.2.27) cifs-utils curl (8.20.0 -> 8.21.0) git (2.54.0 -> 2.55.0) libXfont2 libva (2.23.0 -> 2.24.0) libva-gl (2.23.0 -> 2.24.0) mcelog (210 -> 211) nvidia-open-driver-G07-signed (595.84_k7.1.2_1 -> 595.84_k7.1.3_1) nvidia-open-driver-G07-signed-cuda (610.43.02_k7.1.2_1 -> 610.43.02_k7.1.3_1) nvme-cli (2.16 -> 3.0~b.3) openSUSE-build-key openSUSE-release (20260708 -> 20260709) python-gevent (26.4.0 -> 26.5.0) python-ply python-tornado6 uriparser xorg-x11-server === Details === ==== ImageMagick ==== Version update (7.1.2.25 -> 7.1.2.27) Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - version update to 7.1.2.27 * Fix HEIC identity CICP with chroma subsampling #8828 * build(deps): bump actions/attest from 4.1.0 to 4.1.1 #8835 * build(deps): bump ubuntu from 53958ec to b7f4819 in /.devcontainer #8834 * build(deps): bump actions/setup-python from 6.2.0 to 6.3.0 #8830 * check profile length before reading header in GetIPTCStream #8829 * Read Cairo ARGB32 in host byte order so SVG colors are correct on big-endian #8825 * Preserve HEIC CICP and CLLI metadata #8824 * reject otb files that declare more pixels than the file holds #8826 * build(deps): bump msys2/setup-msys2 from 2.31.1 to 2.32.0 #8807 * build(deps): bump actions/checkout from 6.0.3 to 7.0.0 #8818 * Fix #8819 revert soname change #8820 * build(deps): bump ubuntu from f3d2860 to 53958ec in /.devcontainer #8814 * Fix #8819 revert soname change (#8820) #8819 * beta release 2c6ba18 * ImageMagick/ImageMagick#8813 71bf0b0 * eliminate compiler warning dc92169 * https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-422r-8c97-xcg4 be99ffa * eliminate compiler warning 82364cf * https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-93x9-jq8c-cwcc 4a3585b * ImageMagick/ImageMagick#8815 5e1a141 * ImageMagick/ImageMagick#8816 532b0f5 * Revert unnecessary patch for GHSA-93x9-jq8c-cwcc e70837c * Removed unnecessary check. 9a5c8ff * https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-422r-8c97-xcg4 0bbf7e4 * remove quantization 4041062 * ImageMagick/ImageMagick#8815 9616e88 * correct allow coder logic 634f3a9 * Use AcquireQuantumMemory instead because it already does the necessary checks. 4e96b11 * support coder strict streaming attribute 727ddc9 * change coder flag name 9f7e3cb * https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xv2g-79vc-75qf 80b268c * https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g568-j2hh-jr58 f8a02fa * https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g568-j2hh-jr58 38b6468 * ImageMagick/ImageMagick#8821 bc16247 * https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cvxf-g9w2-7mcx 1b63224 * latest autoconf/automake updates 1f7213d * Also create an xz version of the source archive. dc0965d * ImageMagick/ImageMagick#8823 64d2e4a * Added job to update the website after a release. 58d6364 * Added a method that can be used to determine the endian of the host. 952c221 * https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cvxf-g9w2-7mcx fdbe649 * https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h22j-f9xw-xjjm 538ad18 * Moved initialization. 42128f2 * Removed redundant checks. e587240 * Cosmetic. 42e20ab * Added earlier exit when image type is invalid. 03a0a68 * Removed all the #if 0 blocks that have been there for ages. f379865 * Added method that can be used to check if incrementing a value would result in an overflow. b2740b9 * overflow check 325fce5 * revert ff4df37 * move add check to private header b3b8d20 * check for possible add overflow c2e84d8 * Improve cache I/O robustness and fix race conditions 92b961a * check for overflow 0ca86fc * Make sure we check the length after each read (GHSA-7rgw-xg25-prjm) 093f476 * Specify the current ref as an argument for the clone in the Windows source job. d0eb51a * Disable job in pull request. c3fef03 * Updated the dependencies. 4a68839 * https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cvhv-g4rq-3hmw e3e6911 * Updated the dependencies. c74cd62 * policies are case sensitive 0b3fa25 * check for EOF 9a38ee0 * accumulates absolute error per channel (not counts) 5848f4a * Cosmetic 7cee9fe * Require at least version 1.11.0 of the libheif library. c893eb2 * latest autoconf update 9993f71 * don't normalize the AE metric 324ee77 * average composite channel ed56d9e * sanity check 374578b * delay image extent check 81eab95 * check for insufficient image data 225ea95 * check for insufficient image data 62c229b * check for insufficient image data 2d28006 * eliminate compiler warning e4c2b40 * release b661ac9 - version update to 7.1.2-26 * check rows*columns overflow in sct ReadSCTImage #8812 * bound 8bim resolution resource read in GetProfilesFromResourceBlock #8798 * OSS-Fuzz: Fix build errors #8808 * heic: add primary still image to animated AVIF for Firefox compatibility #8804 * chore: remove legacy vsprintf fallback in drawing-wand.c #8796 * Detect Ultra HDR JPEGs from gain-map metadata #8794 * build(deps): bump github/codeql-action from 4.36.1 to 4.36.2 #8795 * Preserve Ultra HDR JPEG gain maps when transcoding #8788 * build(deps): bump actions/checkout from 6.0.2 to 6.0.3 #8790 * build(deps): bump github/codeql-action from 4.36.0 to 4.36.1 #8789 * reject cineon files with an invalid bits per pixel #8781 * beta release 8ee9390 * https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-c8r2-mc3p-4f8j fe20c95 * https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6vxp-gfwf-hcr9 f3ff3af * https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7c7m-fpjw-gwcq 174275b * https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j8rh-v2r8-v94x b535126 * https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hwf3-r46v-5ggx 4079949 * https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hv63-qgj6-7gh7 d0d8ae7 * https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3564-h588-56gr f80b878 * https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-99w9-hv66-rfv7 0bb3578 * https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jfq9-q63x-rc63 f34065e * https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h7f2-f9cc-h2gv 808506d ... changelog too long, skipping 96 lines ... CVE-2026-55595 [bsc#1270079] ==== cifs-utils ==== Subpackages: wb-cifs-idmap-plugin - Add missing dependencies for "modern" distros (>= SLE-16). ==== curl ==== Version update (8.20.0 -> 8.21.0) Subpackages: libcurl4 - Update to 8.21.0: * Security fixes: - CVE-2026-8286: wrong STARTTLS connection reuse (bsc#1268402) - CVE-2026-8458: wrong reuse for different services (bsc#1268407) - CVE-2026-8924: traling dot domain super cookie (bsc#1268409) - CVE-2026-8925: SASL double-free (bsc#1268411) - CVE-2026-8926: password leak with netrc and user in URL (bsc#1268412) - CVE-2026-8927: env-set cross-proxy Digest auth state leak (bsc#1268413) - CVE-2026-8932: incomplete mTLS config matching in conn reuse (bsc#1268414) - CVE-2026-9079: stale proxy password leak (bsc#1268415) - CVE-2026-9080: UAF after pause in socket callback (bsc#1268416) - CVE-2026-9545: exposing HTTP/3 early data (bsc#1268417) - CVE-2026-9546: sending old referer (bsc#1268419) - CVE-2026-9547: SSH improper host validation (bsc#1268420) - CVE-2026-10536: HTTP/2 stream-dependency tree UAF (bsc#1268422) - CVE-2026-11352: QUIC zero-length UDP datagrams busy-loop (bsc#1268423) - CVE-2026-11564: Native CA trust persist (bsc#1268424) - CVE-2026-11586: WS Auto-PONG memory exhaustion (bsc#1268425) - CVE-2026-11856: cross-origin Digest auth state leak (bsc#1268426) - CVE-2026-12064: proto-default skips SSH verification (bsc#1268427) * For a complete changelog see: https://curl.se/ch/8.21.0.html - Remove patches now in upstream: curl-disabled-redirect-protocol-message.patch libcurl-fix-wakeup-consumption.patch ==== git ==== Version update (2.54.0 -> 2.55.0) Subpackages: git-core git-email git-gui git-web gitk perl-Git - update to 2.55.0: * Hook scripts defined via the configuration system can now be configured to run in parallel. * The userdiff driver for the Scheme language has been extended to cover other Lisp dialects. * Terminal control sequences coming over the sideband while talking to a remote repository are mostly disabled by default, except for ANSI color escape sequences. * "ort" merge backend improvements. * "git checkout -m another-branch" was invented to deal with local changes to paths that are different between the current and the new branch, but it gave only one chance to resolve conflicts. The command was taught to create a stash to save the local changes. * A new builtin "git format-rev" is introduced for pretty formatting one revision expression per line or commit object names found in running text. * "git history" learned "fixup" command. * The internal URL parsing logic has been made accessible via a new subcommand "git url-parse". * Misspelt proxy URL (e.g., httt://…​) did not trigger any warning or failure, which has been corrected. We had a regression in this update that broke https:// proxies, but that has been caught and corrected. * Document the fact that .git/info/exclude is shared across worktrees linked to the same repository. * The command line parser for "git diff" learned a few options take only non-negative integers. * The graph output from commands like "git log --graph" can now be limited to a specified number of lanes, preventing overly wide output in repositories with many branches. * The fsmonitor daemon has been implemented for Linux. * "git cat-file --batch" learns an in-line command "mailmap" that lets the user toggle use of mailmap. * The "git pack-objects --path-walk" traversal has been integrated with several object filters, including blobless and sparse filters. * "git push" learned to take a "remote group" name to push to, which causes pushes to multiple places, just like "git fetch" would do. * The git-jump command (in contrib/) has been taught to automatically pick a mode (merge, diff, or ws) when invoked without arguments. * The documentation for push.default = simple has been clarified to better explain its behavior, making it clear that it pushes the current branch to a same-named branch on the remote, and detailing the upstream requirements for centralized workflows. * The documentation for "--word-diff" has been extended with a bit of implementation detail of where these different words come from. * "git config foo.bar=baz" is not likely to be a request to read the value of such a variable with = in its name; rather it is plausible that the user meant "git config set foo.bar baz". Give advice when giving an error message. * "git rev-list" (and "git log" family of commands) learned a new "--max-count-oldest" that picks oldest N commits in the range instead of the usual newest. * Various AsciiDoc markup fixes in git config documentation and related files to ensure lists and formatting are rendered correctly. ==== libXfont2 ==== - bsc1269018_CVE-2026-56001_0001-bitscale-fix-integer-overflow-in-BitmapScaleBitmaps-.patch * BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow (CVE-2026-56001, bsc#1269018) - bsc1269019_CVE-2026-56002_0002-pcfread-validate-bitmap-sizes-and-offsets-against-pe.patch * PCF Font Parsing Heap Buffer Overflow (CVE-2026-56002, bsc#1269019) - bsc1269020_CVE-2026-56003_0003-bitscale-add-bounds-check-to-computeProps-for-proper.patch * computeProps Property Buffer Heap Buffer Overflow (CVE-2026-56003, bsc#1269020) ==== libva ==== Version update (2.23.0 -> 2.24.0) Subpackages: libva-drm2 libva-wayland2 libva-x11-2 libva2 - update to 2.24.0: * va: Add VA_PICTURE_H264_NON_EXISTING flag * va: use secure_getenv instead of getenv in va_x11.c * doc: fix libva av1 link for doxygen * trace: dump input/output data in va_TraceProtectedSessionExecute * trace: Add ProtectedSession Related Log in Trace ==== libva-gl ==== Version update (2.23.0 -> 2.24.0) - update to 2.24.0: * va: Add VA_PICTURE_H264_NON_EXISTING flag * va: use secure_getenv instead of getenv in va_x11.c * doc: fix libva av1 link for doxygen * trace: dump input/output data in va_TraceProtectedSessionExecute * trace: Add ProtectedSession Related Log in Trace ==== mcelog ==== Version update (210 -> 211) - Add missing python3-base BR (bsc#1270322). - Update to version 211: * mcelog: Don't try to offline "unknown" CPU * Parse PPIN (processor identifier) instead of bailing out * Parse SOCKET as SOCKETID - Loosen not needed restrictions and allow mcelog in VM env for testing - Use default logfile /var/log/mcelog in --daemon --foreground mode A log_file_fix.patch - Previous change already contained jsc#PED-14849 by: * Removing Requires(pre): %fillup_prereq ==== nvidia-open-driver-G07-signed ==== Version update (595.84_k7.1.2_1 -> 595.84_k7.1.3_1) - preamble: * Workaround: Require update-alternatives on SLE16.1/Leap 16.1 and later as long as CUDA packages have not been adjusted yet (bsc#1267820) ==== nvidia-open-driver-G07-signed-cuda ==== Version update (610.43.02_k7.1.2_1 -> 610.43.02_k7.1.3_1) - preamble: * Workaround: Require update-alternatives on SLE16.1/Leap 16.1 and later as long as CUDA packages have not been adjusted yet (bsc#1267820) ==== nvme-cli ==== Version update (2.16 -> 3.0~b.3) Subpackages: nvme-cli-bash-completion - Update to version 3.0~b.3: * Release v3.0-b.3 * doc: Regenerate all docs for v3.0-b.3 * libnvme: rename Python binding to libnvme3 * libnvme: classify scoped IPv6 addresses with the TID's numeric test * libnvme/test: drop the netdb gating from the libnvme tests * nvme-cli/fabrics: resolve hostnames before handing addresses to libnvme * libnvme: reject hostname addresses instead of resolving them * libnvme/util: reimplement numeric address helpers without getaddrinfo * nvme-top: avoid recreating the global NVMe context on topology updates * libnvme: return status from libnvme_refresh_topology() * sfx-nvme: fix sizeof mismatch in calloc in nvme_dump_evtlog() * libnvme/tid: group functions by role in tid.c/tid.h * libnvme/fabrics: use str(), not get_canonical(), in the exclusion log * libnvme/tid: replace per-field setters with a set_identity triplet * libnvme/tid: drop get_hash() and equal() * libnvme/tid: reject hostnames, canonicalize numeric addresses * libnvme/doc: add the smart-TID design * libnvme/doc: state the library/application boundary * nvme-print: Update generic name listing to be platform independent * readme: Add readme section on Windows build and environment setup script * plugins: Add build support on Windows * libnvme: fix null pointer dereference in _discovery_config_json() * nvme_test: Update run_ns_io to be platform agnostic. * nbft: fix missing error checks for ftell() and rewind() * nvme-print: use status variable instead of errno * nvme: do not print status message on default * nvme-print-json: centralize init/finish * nvme-print-json: only output json if none empty * nvme-print: add nvme_show_verbose_* helpder * plugins: add newline after json output * tests: Add linting support for all python files recursively under tests. * tests/plugins: Expand testing framework to support plugin tests * nvme: enable cli for windows build * nvme-top: synthesize NVMe kobject uevent on ENOBUFS * nvme-top: support paging in the top dashboard * nvme-top: restore selected subsystem to the first entry * libnvme-wrap: drop unused code * nvme: add windows support for rpmb hash functions * test: Update build configuration to support testing on Windows * test-uint128: Update tostr_test locale handling to be Windows compatible * tests: Update get features test base on Windows capabilities * tests: Configure PATH for tests in a platform-agnostic way. * tests: Add is_windows check and skip unsupported tests on Windows * libnvme: make discovery connects honor the exclusion list * plugins/exclusion: operate on the default list when --name is omitted * libnvme: substitute RUNDIR into the registry udev rule - spec file updates * removed nvme-cli-rpmlintrc * remove duplicates (fdupes) * rename library package name to libnvme3-1 * fixed soname versioning * added ldconfig section for libnvme * fixed include path * fixed python sitesearch path - Update to version 3.0.b.2: * Release v3.0-b.2 * doc: Regenerate all docs for v3.0-b.2 * ioctl-win: Implement reset_ctrl_device using a PnP-level reset. * nvme-cli/fabrics: note an excluded target on connect under --verbose * doc: move REGISTRY.md under libnvme/design/ * doc: add NVMe-oF exclusion list documentation * nvme-cli/fabrics: add --exclude to nvme disconnect * plugins/exclusion: add the nvme exclusion management plugin * libnvme: add the NVMe-oF exclusion list * libnvme: add the libnvmf_tid transport identity * libnvme: add shared fabrics helpers in preparation for exclusion list * libnvme: drop the log messages from the no-netdb stubs * tree: add windows tree support * tree: add global context to libnvme_get_ctrl_transport * nvme: Open files using nvme_open_rawdata to fix Windows issues * plugins/wdc: fix typed malloc size expressions for log buffers * wdc-nvme: validate PCI ID lookup in wdc_log_page_directory() * tree: replace strdup with xstrdup in nvme_alloc_subsystem() * micron: Fix temp directory access security * micron: Fix possible NULL pointer dereference issues * micron: Fix buffer overflow vulnerabilities * fabrics: split uuid_from_dmi_entries file read function * fabrics: make uuid_from_dmi_entries more robust * wdc-nvme: fix null dereference of sph in get_dev_mgmt_log_page_lid_data() * doc: document nvme-cli-ai companion repository * solidigm: Apply fixes to allow compilation on Windows * micron: Fix command injection vulnerabilities * plugins/sandisk: fix memory leak in sndk_get_enc_drive_capabilities() * libnvme: validate context in libnvme_rescan_ctrl() * nvme: fix null pointer dereference in get_log_offset() * plugins/sed: fix null pointer dereference in sedopal_print_locking_features() * telemetry-log: Fix telemetry-log invalid argument error - Update to version 3.0.b.1: * Release v3.0-b.1 * doc: Regenerate all docs for v3.0-b.1 * libnvme/json: persist the registry owner in the config file * libnvme/test: fix exit-code capture in config-diff.sh * tree-linux: move all sysfs-related code to this file * fabrics: move hostnqn/hostid code to fabrics files * tree: unexport libnvme_host_get_ids * scan: refactor filter API * lib: remove log arguments from global context constructor * linux: move crypto APIs in new header ... changelog too long, skipping 844 lines ... * remmove 0002-fabrics-add-helper-to-update-tls-and-concat.patch ==== openSUSE-build-key ==== - Update key for zSystems (managed by OBS, expires 2026-12-06) - replace gpg-pubkey-f6ab3975-62e9e6fb.asc - by gpg-pubkey-f6ab3975-66f622c2.asc ==== openSUSE-release ==== Version update (20260708 -> 20260709) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== python-gevent ==== Version update (26.4.0 -> 26.5.0) - update to 26.5.0: * Build and publish Windows 11 ARM wheels. See :issue:`2172`. * Add preliminary support for Python 3.15b1 and distribute binary wheels for it. ==== python-ply ==== - add py315-testfails.patch: fix build with python 3.15+ ==== python-tornado6 ==== - Fix test_strip_headers_on_redirect's URL-embedded-credentials cases. * Update the test_strip_headers_on_redirect test to Correctly handle credential injection in redirect URLs and account for a known libcurl regression with same-origin redirects. (gh#tornadoweb/tornado#3674) * Add python-tornado6-Fix-test_strip_headers_on_redirects.patch ==== uriparser ==== - doc builds via multibuild (https://build.opensuse.org/request/show/1364334) - added sources * _multibuild ==== xorg-x11-server ==== Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra - bsc1268893_CVE-2026-55999_0002-fb-mi-glamor-reject-glyphs-with-negative-dimensions.patch * glamor Font Atlas Heap Buffer Overflow (CVE-2026-55999, bsc#1268893) - bsc1268893_CVE-2026-55999_0003-glamor-reject-fonts-with-per-glyph-metrics-exceeding.patch * GLX contextTags Use-After-Free in CommonMakeCurrent() (CVE-2026-55999, bsc#1268893) - U_GLX-Free-the-tag-of-the-old-context-later.patch bsc1268894_CVE-2026-56000_0001-glx-free-old-context-tag-before-allocating-new-one-i.patch * GLX contextTags Use-After-Free in CommonMakeCurrent() (CVE-2026-56000, bsc#1268894)