openSUSE-2025-181 moderate openSUSE Backports SLE-15-SP7 Update This update for ollama fixes the following issues: Introduce version 0.7.0: * Ollama now supports multimodal models via Ollama's new engine, starting with new vision multimodal models: ~ Meta Llama 4 ~ Google Gemma 3 ~ Qwen 2.5 VL ~ Qwen 2.5 VL * Ollama now supports providing WebP images as input to multimodal models * Improved performance of importing safetensors models via ollama create * Various bug fixes and performance enhancements ollama-0.7.0-bp157.2.1.src.rpm ollama-0.7.0-bp157.2.1.x86_64.rpm ollama-0.7.0-bp157.2.1.aarch64.rpm ollama-0.7.0-bp157.2.1.ppc64le.rpm ollama-0.7.0-bp157.2.1.s390x.rpm openSUSE-2025-182 moderate openSUSE Backports SLE-15-SP7 Update This update for afterburn fixes the following issues: - Update to version 5.8.2: * cargo: Afterburn release 5.8.2 * docs/release-notes: update for release 5.8.2 * cargo: update dependencies * cargo: Afterburn release 5.8.1 * cargo: Afterburn release 5.8.0 * docs/release-notes: update for release 5.8.0 * cargo: update dependencies * packit: add initial support - Update to version 5.7.0.git103.bae893c: * Sync repo templates * build(deps): bump crossbeam-channel from 0.5.13 to 0.5.15 * build(deps): bump tokio from 1.40.0 to 1.44.2 * build(deps): bump openssl from 0.10.71 to 0.10.72 fixes RUSTSEC-2025-0022 AKA CVE-2025-3416 * build(deps): bump zbus from 4.4.0 to 5.5.0 * mod.rs: Fix clippy lint errors * release-notes.md: add release notes for rust version update * Cargo.toml: bump MSRV to 1.84.1 * Fix clippy lint issues * Sync repo templates * build(deps): bump mockito from 1.6.1 to 1.7.0 * build(deps): bump serde_json from 1.0.139 to 1.0.140 * build(deps): bump tempfile from 3.17.1 to 3.19.1 * build(deps): bump clap from 4.5.31 to 4.5.35 * build(deps): bump reqwest from 0.12.12 to 0.12.15 * Update release notes. * proxmoxve: Add more context to log messages. * proxmoxve: Remove unneeded fields * proxmoxve: Add tests for static network configuration from cloud-init. * proxmoxve: Add support for static network configuration from cloud-init. * build(deps): bump mailparse from 0.15.0 to 0.16.1 * Sync repo templates * build(deps): bump ring from 0.17.8 to 0.17.13 * build(deps): bump anyhow from 1.0.95 to 1.0.96 * release notes: add notes for tempfile bump from 3.16.0 to 3.17.1 * build(deps): bump serde from 1.0.217 to 1.0.218 * build(deps): bump openssl from 0.10.70 to 0.10.71 * build(deps): bump tempfile from 3.16.0 to 3.17.1 * build(deps): bump serde_json from 1.0.138 to 1.0.139 * build(deps): bump clap from 4.5.27 to 4.5.31 * add makefile targets for fmt,lint and test * providers/openstack: ignore ec2 metadata if not present * build(deps): bump openssl from 0.10.66 to 0.10.70 * build(deps): bump serde_json from 1.0.137 to 1.0.138 * build(deps): bump tempfile from 3.14.0 to 3.16.0 * build(deps): bump openssl from 0.10.66 to 0.10.69 * build(deps): bump ipnetwork from 0.20.0 to 0.21.1 * build(deps): bump serde from 1.0.215 to 1.0.217 * build(deps): bump serde_json from 1.0.133 to 1.0.137 * build(deps): bump anyhow from 1.0.93 to 1.0.95 * build(deps): bump clap from 4.5.21 to 4.5.27 * build(deps): bump reqwest from 0.12.7 to 0.12.12 * Sync repo templates * build(deps): bump mockito from 1.5.0 to 1.6.1 * build(deps): bump serde_json from 1.0.128 to 1.0.133 * build(deps): bump clap from 4.5.17 to 4.5.21 * build(deps): bump tempfile from 3.12.0 to 3.14.0 * build(deps): bump anyhow from 1.0.89 to 1.0.93 * build(deps): bump serde from 1.0.210 to 1.0.215 * docs: add changelog entry * proxmox: use noop provider if no configdrive * add noop provider * release-notes: remove "upcoming" - Update to version 5.7.0: * cargo: Afterburn release 5.7.0 * docs/release-notes: update for release 5.7.0 * cargo: update dependencies * dhcp: replace dbus_proxy with proxy, and zbus traits * build(deps): bump zbus from 3.15.2 to 4.4.0 * build(deps): bump tempfile from 3.10.1 to 3.12.0 * build(deps): bump serde from 1.0.205 to 1.0.210 * build(deps): bump serde_json from 1.0.121 to 1.0.127 * build(deps): bump reqwest from 0.12.5 to 0.12.7 * build(deps): bump uzers from 0.12.0 to 0.12.1 * build(deps): bump clap from 4.5.13 to 4.5.16 * build(deps): bump serde from 1.0.203 to 1.0.205 * build(deps): bump serde_json from 1.0.119 to 1.0.121 * build(deps): bump mockito from 1.4.0 to 1.5.0 * build(deps): bump openssh-keys from 0.6.3 to 0.6.4 * build(deps): bump clap from 4.5.8 to 4.5.13 * build(deps): bump openssl from 0.10.64 to 0.10.66 * providers/hetzner: private ipv4 addresses in attributes * openstack: Document the two platforms * build(deps): bump zerovec-derive from 0.10.2 to 0.10.3 * build(deps): bump zerovec from 0.10.2 to 0.10.4 * build(deps): bump nix from 0.27.1 to 0.29.0 * build(deps): bump clap from 4.5.7 to 4.5.8 * build(deps): bump serde_json from 1.0.117 to 1.0.119 * microsoft/azure: allow empty certificate chain in PKCS12 file * proxmoxve: implement proxmoxve provider * providers/hetzner: fix duplicate attribute prefix * build(deps): bump pnet_base from 0.34.0 to 0.35.0 * cargo: Afterburn release 5.6.0 * docs/release-notes: update for release 5.6.0 * cargo: update dependencies * build(deps): bump libflate from 1.4.0 to 2.1.0 * build(deps): bump base64 from 0.21.7 to 0.22.1 * build(deps): bump uzers from 0.11.3 to 0.12.0 * build(deps): bump pnet_datalink from 0.34.0 to 0.35.0 * build(deps): bump nix from 0.28.0 to 0.29.0 * lint: silence deadcode warnings * lint: address latest lint's from msrv update * workflows/rust: directly update toolchain to 1.75.0 * cargo: update msrv to 1.75 * Sync repo templates * build(deps): bump reqwest from 0.12.2 to 0.12.4 * build(deps): bump serde from 1.0.197 to 1.0.200 * build(deps): bump anyhow from 1.0.81 to 1.0.82 * build(deps): bump mailparse from 0.14.1 to 0.15.0 * build(deps): bump serde_json from 1.0.115 to 1.0.116 * providers: Add "akamai" provider * build(deps): bump h2 from 0.3.24 to 0.3.26 * build(deps): bump anyhow from 1.0.79 to 1.0.81 * build(deps): bump serde_json from 1.0.113 to 1.0.115 * build(deps): bump reqwest from 0.11.24 to 0.12.2 * build(deps): bump serde_yaml from 0.9.32 to 0.9.34+deprecated * build(deps): bump mio from 0.8.10 to 0.8.11 * build(deps): bump mailparse from 0.14.0 to 0.14.1 * build(deps): bump openssl from 0.10.62 to 0.10.64 * build(deps): bump nix from 0.27.1 to 0.28.0 * build(deps): bump mockito from 1.2.0 to 1.4.0 * build(deps): bump tempfile from 3.9.0 to 3.10.1 * build(deps): bump serde_yaml from 0.9.31 to 0.9.32 * build(deps): bump serde from 1.0.195 to 1.0.197 * build(deps): bump h2 from 0.3.23 to 0.3.24 * build(deps): bump slog-term from 2.9.0 to 2.9.1 * build(deps): bump serde_yaml from 0.9.30 to 0.9.31 * build(deps): bump serde_json from 1.0.111 to 1.0.113 * build(deps): bump clap from 4.4.16 to 4.4.18 * build(deps): bump reqwest from 0.11.23 to 0.11.24 * cargo: Afterburn release 5.5.1 * docs/release-notes: update for release 5.5.1 * cargo: update dependencies * build(deps): bump anyhow from 1.0.75 to 1.0.78 * build(deps): bump serde_yaml from 0.9.27 to 0.9.29 * build(deps): bump reqwest from 0.11.22 to 0.11.23 * build(deps): bump serde_json from 1.0.108 to 1.0.109 * build(deps): bump openssl from 0.10.60 to 0.10.62 * build(deps): bump tempfile from 3.8.1 to 3.9.0 * build(deps): bump clap from 4.4.10 to 4.4.12 * build(deps): bump unsafe-libyaml from 0.2.9 to 0.2.10 * providers/vmware: add missing public functions for non-amd64 * build(deps): bump clap from 4.4.8 to 4.4.10 * cargo: Afterburn release 5.5.0 * build(deps): bump openssl from 0.10.59 to 0.10.60 * docs/release-notes: update for release 5.5.0 * cargo: update dependencies * ci: cancel previous build on PR update * build(deps): allow building with libsystemd 0.7.0 * providers/vmware: Process guestinfo.metadata netplan configuration * kubevirt: Run afterburn-hostname service * build(deps): bump reqwest from 0.11.20 to 0.11.22 * build(deps): bump tempfile from 3.8.0 to 3.8.1 * build(deps): bump clap from 4.4.6 to 4.4.7 * build(deps): bump serde_json from 1.0.107 to 1.0.108 * build(deps): bump serde_yaml from 0.9.25 to 0.9.27 * build(deps): bump rustix from 0.37.19 to 0.37.25 * build(deps): bump clap from 4.4.2 to 4.4.6 * build(deps): bump serde_json from 1.0.105 to 1.0.107 * build(deps): bump mockito from 1.1.0 to 1.2.0 * providers: add support for scaleway * Move away from deprecated `users` to `uzers` * providers/hetzner: add support for Hetzner Cloud * build(deps): bump clap from 4.4.1 to 4.4.2 * cargo: update MSRV to 1.71 * build(deps): bump clap from 4.3.19 to 4.4.1 * chore: Get rid of Clippy warnings * cargo: specify required features for nix dependency * build(deps): bump nix from 0.26.2 to 0.27.1 * build(deps): bump slog-async from 2.7.0 to 2.8.0 * build(deps): bump openssl from 0.10.56 to 0.10.57 * build(deps): bump reqwest from 0.11.18 to 0.11.20 * build(deps): bump serde from 1.0.185 to 1.0.188 * build(deps): bump tempfile from 3.7.1 to 3.8.0 * build(deps): bump serde from 1.0.183 to 1.0.185 * build(deps): bump anyhow from 1.0.72 to 1.0.75 * build(deps): bump serde_json from 1.0.104 to 1.0.105 * build(deps): bump openssl from 0.10.55 to 0.10.56 * build(deps): bump tempfile from 3.7.0 to 3.7.1 * build(deps): bump serde from 1.0.180 to 1.0.183 * Sync repo templates * build(deps): bump serde from 1.0.179 to 1.0.180 * build(deps): bump serde_json from 1.0.103 to 1.0.104 * build(deps): bump serde from 1.0.175 to 1.0.179 * build(deps): bump pnet_datalink from 0.33.0 to 0.34.0 * build(deps): bump serde from 1.0.171 to 1.0.175 * build(deps): bump clap from 4.3.14 to 4.3.19 * build(deps): bump pnet_base from 0.33.0 to 0.34.0 * build(deps): bump serde_yaml from 0.9.23 to 0.9.25 * build(deps): bump tempfile from 3.6.0 to 3.7.0 * build(deps): bump clap from 4.3.11 to 4.3.14 * build(deps): bump serde_yaml from 0.9.22 to 0.9.23 * build(deps): bump anyhow from 1.0.71 to 1.0.72 * build(deps): bump serde_json from 1.0.100 to 1.0.103 * build(deps): bump clap from 4.3.10 to 4.3.11 * build(deps): bump serde_json from 1.0.99 to 1.0.100 * build(deps): bump openssh-keys from 0.6.1 to 0.6.2 * build(deps): bump zbus from 3.13.1 to 3.14.1 * build(deps): bump clap from 4.3.8 to 4.3.10 * build(deps): bump serde from 1.0.164 to 1.0.165 * build(deps): bump serde_json from 1.0.96 to 1.0.99 * build(deps): bump clap from 4.3.3 to 4.3.8 * build(deps): bump serde_yaml from 0.9.21 to 0.9.22 * build(deps): bump openssl from 0.10.54 to 0.10.55 * build(deps): bump mockito from 1.0.2 to 1.1.0 * openstack: Add attribute OPENSTACK_INSTANCE_UUID * build(deps): bump serde from 1.0.163 to 1.0.164 * build(deps): bump clap from 4.3.2 to 4.3.3 * build(deps): bump tempfile from 3.5.0 to 3.6.0 * cargo: Afterburn release 5.4.3 * docs/release-notes: update for release 5.4.3 * cargo: update dependencies * cargo: allow openssl 0.10.46 * build(deps): bump openssl from 0.10.52 to 0.10.54 * build(deps): bump openssh-keys from 0.6.0 to 0.6.1 * build(deps): bump vmw_backdoor from 0.2.3 to 0.2.4 * ci: strip debug symbols * build-sys: Use new tier = 2 for cargo-vendor-filterer * build(deps): bump reqwest from 0.11.17 to 0.11.18 * cargo: Afterburn release 5.4.2 * docs/release-notes: update for release * docs/release-notes: note Azure SSH regression fix with new openssl * cargo: fix minimum version of openssl crate * build(deps): bump serde from 1.0.162 to 1.0.163 * build(deps): bump zbus from 3.12.0 to 3.13.1 * build(deps): bump serde from 1.0.160 to 1.0.162 * build(deps): bump anyhow from 1.0.70 to 1.0.71 * build(deps): bump openssl from 0.10.51 to 0.10.52 * build(deps): bump reqwest from 0.11.16 to 0.11.17 * build(deps): bump openssl from 0.10.50 to 0.10.51 * build(deps): bump enumflags2 from 0.7.5 to 0.7.7 * build(deps): bump openssl from 0.10.48 to 0.10.50 * build(deps): bump zbus from 3.11.1 to 3.12.0 * build(deps): bump serde_json from 1.0.95 to 1.0.96 * build(deps): bump h2 from 0.3.15 to 0.3.17 * build(deps): bump openssl from 0.10.47 to 0.10.48 * microsoft/crypto/mod: replace deprecated function `parse` with `parse2` * build(deps): bump serde from 1.0.159 to 1.0.160 * build(deps): bump serde_yaml from 0.9.19 to 0.9.21 * build(deps): bump tempfile from 3.4.0 to 3.5.0 * build(deps): bump serde from 1.0.158 to 1.0.159 * build(deps): bump mockito from 1.0.1 to 1.0.2 * Update mockito to 1.0.1 * build(deps): bump reqwest from 0.11.15 to 0.11.16 * build(deps): bump serde_json from 1.0.94 to 1.0.95 * cli: switch to clap derive * cli: add descriptive value names for option arguments in --help * build(deps): bump zbus from 3.11.0 to 3.11.1 * build(deps): bump openssl from 0.10.45 to 0.10.47 * build(deps): bump reqwest from 0.11.14 to 0.11.15 * build(deps): bump serde from 1.0.155 to 1.0.158 * build(deps): bump anyhow from 1.0.69 to 1.0.70 * cli: have clap require exactly one of --cmdline/--provider * providers/*: move endpoint mocking into retry::Client * retry/client: move URL parsing into helper function * providers/microsoft: import crate::retry * providers/microsoft: use stored client for all fetches * providers/packet: use stored client for boot checkin * build(deps): bump zbus from 3.10.0 to 3.11.0 * build(deps): bump serde from 1.0.152 to 1.0.155 * docs: Use upstream theme and update to 0.4.1 * build(deps): bump serde_json from 1.0.93 to 1.0.94 * build(deps): bump serde_yaml from 0.9.17 to 0.9.19 * build(deps): bump mockito from 0.32.3 to 0.32.4 * build(deps): bump tempfile from 3.3.0 to 3.4.0 * initrd: remember to write trailing newline to network kargs file * util: drop obsolete "OEM" terminology * Update to clap 4 * build(deps): bump mockito from 0.31.1 to 0.32.3 * workflows: update clippy to 1.67 * Fix clippy lints * Inline variables into format strings * build(deps): bump zbus from 3.9.0 to 3.10.0 * build(deps): bump serde_json from 1.0.92 to 1.0.93 afterburn-5.8.2-bp157.2.3.1.src.rpm afterburn-5.8.2-bp157.2.3.1.x86_64.rpm afterburn-dracut-5.8.2-bp157.2.3.1.noarch.rpm afterburn-5.8.2-bp157.2.3.1.i586.rpm afterburn-5.8.2-bp157.2.3.1.aarch64.rpm afterburn-5.8.2-bp157.2.3.1.ppc64le.rpm afterburn-5.8.2-bp157.2.3.1.s390x.rpm openSUSE-2025-175 important openSUSE Backports SLE-15-SP7 Update This update for chromium fixes the following issues: Update to version 137.0.7151.55 (stable release 2025-05-27) (boo#1243741) - CVE-2025-5063: Use after free in Compositing - CVE-2025-5280: Out of bounds write in V8 - CVE-2025-5064: Inappropriate implementation in Background Fetch API - CVE-2025-5065: Inappropriate implementation in FileSystemAccess API - CVE-2025-5066: Inappropriate implementation in Messages - CVE-2025-5281: Inappropriate implementation in BFCache - CVE-2025-5283: Use after free in libvpx - CVE-2025-5067: Inappropriate implementation in Tab Strip chromedriver-137.0.7151.55-bp157.2.3.2.x86_64.rpm chromium-137.0.7151.55-bp157.2.3.2.src.rpm chromium-137.0.7151.55-bp157.2.3.2.x86_64.rpm chromedriver-137.0.7151.55-bp157.2.3.2.aarch64.rpm chromium-137.0.7151.55-bp157.2.3.2.aarch64.rpm openSUSE-2025-180 important openSUSE Backports SLE-15-SP7 Update This update for varnish fixes the following issues: - Update to release 7.7.1 * VSV-16: Resolve request smuggling attack - Update to release 7.7.0 * The `linux` jail gained control of transparent huge pages settings. * An issue has been fixed which could cause a crash when varnishd receives an invalid Content-Range header from a backend. * Timestamping for HTTP/2 requests (when idle period begins) has been switched to be more in line with HTTP/1. * VSV-15: The client connection is now always closed when a malformed request is received. [CVE-2025-30346, boo#1239892] - Update to release 7.6.0 * The Varnish Delivery Processor (VDP) filter API has been generalized to also accommodate future use for backend request bodies. * VDPs with no vdp_bytes_f function are now supported if the vdp_init_f returns a value greater than zero to signify that the filter is not to be added to the chain. This is useful to support VDPs which only need to work on headers. * The epoll and kqueue waiters have been improved to correctly report WAITER_REMCLOSE, which increases the WAITER.*.remclose counter. * varnishtest now supports the shutdown command corresponding to the shutdown(2) standard C library call. * VSC counters for waiters have been added: * conns to count waits on idle connections * remclose to count idle connections closed by the peer * timeout to count idle connections which timed out in the waiter * action to count idle connections which resulted in a read * The port of a listen_endpoint given with the -a argument to varnishd can now also be a numerical port range like "80-89". * The warning "mlock() of VSM failed" message is now emitted when locking of shared memory segments (via mlock(2)) fails. * A bug has been fixed where string comparisons in VCL could fail with the nonsensical error message "Comparison of different types: STRING '==' STRING". * An issue has been addressed in the builtin.vcl where backend responses would fail if they contained a Content-Range header when no range was requested. * Additional SessError VSL events are now generated for various HTTP/2 protocol errors. * A new Linux jail has been added which is now the default on Linux. For now, it is almost identical to the Unix jail with one addition: * When the new Linux jail is used, the working directory not mounted on tmpfs partition. * A race condition with VCL temperature transitions has been addressed. * Internal management of probes has been reworked to address race conditions. * Backend tasks can now be instructed to queue if the backend has reached its max_connections. * The size of the buffer to hold panic messages is now tunable through the new panic_buffer parameter. * The Varnish Shared Memory (VSM) and Varnish Shared Counters (VSC) consumer implementation in libvarnishapi have been improved for stability and performance. * An issue has been fixed where Varnish Shared Log (VSL) queries (for example using ``varnishlog -q``) with numerical values would fail in unexpected ways due to truncation. * The ``ObjWaitExtend()`` Object API function gained a statep argument to optionally return the busy object state consistent with the current extension. A NULL value may be passed if the caller does not require it. * For backends using the ``.via`` attribute to connect through a proxy, the connect_timeout, ``first_byte_timeout`` and ``between_bytes_timeout`` attributes are now inherited from proxy unless explicitly given. * varnishd now creates a worker_tmpdir which can be used by VMODs for temporary files. The VMOD developer documentation has details. * The environment variable VARNISH_DEFAULT_N now provides the default "varnish name" / "workdir" as otherwise specified by the ``-n`` argument to varnishd and varnish* utilities except varnishtest. * A glitch with TTL comparisons has been fixed which could, for example, lead to unexpected behavior with purge.soft(). - Update to release 7.5.0 * Resolved CVE-2023-44487, CVE-2024-30156 [boo#1221942] * The default value of cli_limit has been increased from 48KB to 64KB. * A new ``pipe_task_deadline`` directive specifies the maximum duration of a pipe transaction. * All the timeout parameters that can be disabled accept the "never" value. * Added parameters to control the HTTP/2 Rapid Reset attach. - update to 7.4.2 (boo#1216123, CVE-2023-44487): * The ``vcl_req_reset`` feature (controllable through the ``feature`` parameter, see `varnishd(1)`) has been added and enabled by default to terminate client side VCL processing early when the client is gone. *req_reset* events trigger a VCL failure and are reported to `vsl(7)` as ``Timestamp: Reset`` and accounted to ``main.req_reset`` in `vsc` as visible through ``varnishstat(1)``. In particular, this feature is used to reduce resource consumption of HTTP/2 "rapid reset" attacks (see below). Note that *req_reset* events may lead to client tasks for which no VCL is called ever. Presumably, this is thus the first time that valid `vcl(7)` client transactions may not contain any ``VCL_call`` records. * Added mitigation options and visibility for HTTP/2 "rapid reset" attacks Global rate limit controls have been added as parameters, which can be overridden per HTTP/2 session from VCL using the new vmod ``h2``: * The ``h2_rapid_reset`` parameter and ``h2.rapid_reset()`` function define a threshold duration for an ``RST_STREAM`` to be classified as "rapid": If an ``RST_STREAM`` frame is parsed sooner than this duration after a ``HEADERS`` frame, it is accounted against the rate limit described below. * The ``h2_rapid_reset_limit`` parameter and ``h2.rapid_reset_limit()`` function define how many "rapid" resets may be received during the time span defined by the ``h2_rapid_reset_period`` parameter / ``h2.rapid_reset_period()`` function before the HTTP/2 connection is forcibly closed with a ``GOAWAY`` and all ongoing VCL client tasks of the connection are aborted. The defaults are 100 and 60 seconds, corresponding to an allowance of 100 "rapid" resets per minute. * The ``h2.rapid_reset_budget()`` function can be used to query the number of currently allowed "rapid" resets. * Sessions closed due to rapid reset rate limiting are reported as ``SessClose RAPID_RESET`` in `vsl(7)` and accounted to ``main.sc_rapid_reset`` in `vsc` as visible through ``varnishstat(1)``. * The ``cli_limit`` parameter default has been increased from 48KB to 64KB. * ``VSUB_closefrom()`` now falls back to the base implementation not only if ``close_range()`` was determined to be unusable at compile time, but also at run time. That is to say, even if ``close_range()`` is compiled in, the fallback to the naive implementation remains. libvarnishapi3-7.7.1-bp157.2.3.1.x86_64.rpm varnish-7.7.1-bp157.2.3.1.src.rpm varnish-7.7.1-bp157.2.3.1.x86_64.rpm varnish-devel-7.7.1-bp157.2.3.1.x86_64.rpm libvarnishapi3-7.7.1-bp157.2.3.1.i586.rpm varnish-7.7.1-bp157.2.3.1.i586.rpm varnish-devel-7.7.1-bp157.2.3.1.i586.rpm libvarnishapi3-7.7.1-bp157.2.3.1.aarch64.rpm varnish-7.7.1-bp157.2.3.1.aarch64.rpm varnish-devel-7.7.1-bp157.2.3.1.aarch64.rpm libvarnishapi3-7.7.1-bp157.2.3.1.ppc64le.rpm varnish-7.7.1-bp157.2.3.1.ppc64le.rpm varnish-devel-7.7.1-bp157.2.3.1.ppc64le.rpm libvarnishapi3-7.7.1-bp157.2.3.1.s390x.rpm varnish-7.7.1-bp157.2.3.1.s390x.rpm varnish-devel-7.7.1-bp157.2.3.1.s390x.rpm openSUSE-2025-191 moderate openSUSE Backports SLE-15-SP7 Update This update for micropython, micropython-lib, webrepl fixes the following issues: This update ships micropython in version 1.25.0. micropython-lib-1.25.0-bp157.2.1.noarch.rpm micropython-lib-1.25.0-bp157.2.1.src.rpm micropython-1.25.0-bp157.2.1.src.rpm micropython-1.25.0-bp157.2.1.x86_64.rpm mpremote-1.25.0-bp157.2.1.noarch.rpm mpy-tools-1.25.0-bp157.2.1.x86_64.rpm webrepl-20221108.1e09d9a-bp157.2.1.noarch.rpm webrepl-20221108.1e09d9a-bp157.2.1.src.rpm micropython-1.25.0-bp157.2.1.aarch64.rpm mpy-tools-1.25.0-bp157.2.1.aarch64.rpm micropython-1.25.0-bp157.2.1.s390x.rpm mpy-tools-1.25.0-bp157.2.1.s390x.rpm openSUSE-2025-189 moderate openSUSE Backports SLE-15-SP7 Update This update for opi fixes the following issues: Version 5.8.5: * add librewolf plugin (#205) * Install .NET 9 * Add verbose mode * Change the order of the process in the github module * Add rustdesk plugin Version 5.8.4; * Use arm64 rpm for libation on aarch64 Version 5.8.3: * Install dependencies rpm-build and squashfs at runtime if needed * Drop DNF support Version 5.8.2: * Warn about adding staging repos * Gracefully handle zypper exit code 106 (repos without cache present) Version 5.8.1: * Fix SyntaxWarning: invalid escape sequence '\s' Version 5.8.0: * Add mullvad-brower opi-5.8.5-bp157.2.3.1.noarch.rpm opi-5.8.5-bp157.2.3.1.src.rpm openSUSE-2025-194 moderate openSUSE Backports SLE-15-SP7 Update This update for virtme fixes the following issues: Update to version 1.36: * vng: Fix remote build * virtme_ng: run: --exec and positional arguments are mutually exclusive * virtme-ng: run: Fix quoting * virtme_ng: run: Fix `vng -- ''` virtme-1.36-bp157.2.3.1.noarch.rpm virtme-1.36-bp157.2.3.1.src.rpm openSUSE-2025-196 moderate openSUSE Backports SLE-15-SP7 Update This update for claws-mail fixes the following issues: - Update to 4.3.1: * The configuration option, "Don't popup error dialog on receive error" has been changed to "Show error dialog on receive error". Your previous choice will be automatically changed to the new format. * The option "Warn when pasting files as attachments" has been added to the Compose/Writing preferences page. This option was previously hidden. * chmod 0600 is now set on *history files in the configuration directory. * A new preference has been added to enable setting the chmod value of saved attachments: "Save attachments with chmod [ ]", found on the Other/Miscelleanous preferences page. The default value is 600. * The creation and updating of .mh_sequences files in MH mailbox folders is now optional and disabled by default. This is controlled by a new hidden preference, mh_compat_mode. If you were previously relying on this feature, set mh_compat_mode=1 in clawsrc before running this version. * A new hidden preference has been added, passphrase_dialog_msg_title_switch. This switches the placement of the dialogue message with the dialogue title in the passphrase dialogue. This can be useful for interacting with third-party programs such as KeePassXC. * The top-level 'Mark' menu item has been renamed to 'Marks'. If you have set custom hotkeys for any items in this menu you will need to re-set them. * New accounts now have all secure options activated by default, including TLS connections and SMTP AUTH. * The option to accept valid TLS certificates is now activated by default on new accounts. * Notification plugin: support for Ayatana indicator has been added. * PDF Viewer plugin: support for image/x-eps (encapsulated postscript) images has been added. * Libravatar plugin: the https URL, https://seccdn.libravatar.org/avatar, is now used by default. * vCalendar plugin: CREATED/LAST_MODIFIED are correctly handled, and the VTIMEZONE component is used when present * Various code cleanups. * The English, Spanish and French manuals have been updated. * Updated translations: Albanian, Brazilian Portuguese, British English, Catalan, Czech, Dutch, French, Polish, Portuguese, Romanian, Russian, Simplified Chinese, Slovak, Spanish, Swedish, Turkish. * bug fixes: * bug 3964, 'Attachment icon doesn't show in message list unless the message is clicked and then disappears later' * bug 4658, 'Headers unfolded incorrectly in message view' * bug 4817, 'Edit button in Messages view->Text settings not translatable' * bug 4818, 'Your Claws Mail configuration is from a newer...' dialog is shown more than once' * bug 4819, 'Text wrapping broken when text contains an URL' * bug 4821, 'If the Mail folder is on another partition, folder chmod settings are not applied to draft and queue' * bug 4824, 'No syntax highlighting after exiting external editor' * bug 4828, '"Mark" not translated anymore' * bug 4835, 'Disallow a forward slash in (IMAP) account names' * bug 4840, 'core dump unsubscribing from newsgroups' * CID 1491093: attrib leaked if attvalue is null * CID 1491370: unchecked return value. * archive plugin build in debug mode. * keep newsgroup subscription window on top when 'subscribe to newsgroup...' fails and newsgroup list can't be retrieved * don't silently fail to save a sent msg * IMAP: show the clip icon in the message list as soon as possible * stop needlessly checking which folders want sycnhronising every time we select a msg in an MH mailbox - Update to 4.3.0: * Compose window: when the focus is in the message text, copied files can be pasted as attachments using /Edit/paste or Ctrl+V. (The context menu's Paste will still insert the list of files into the message body.) * '/Mark/Mark all read in folder' and 'Mark/Mark all unread in folder' have been re-added to the Message List context menu. * It is now possible to use '/Tools/Remove references' when forwarding mail. * Keyboard shortcuts: The "Choose preset keyboard shortcuts" selector has been integrated into the main preferences page. When 'Current' is the selected preset, Apply/OK will keep the existing settings. * An MBOX file can now be imported from the command line using `claws-mail --import-mbox %f` where %f is the full path to the MBOX file. * OAUTH2 support for Microsoft 365 GCC High has been added. * LiteHTML Viewer plugin: Updated to LiteHTML 0.9. * The menurc file is now backed-up on startup. * Removed support for the obsolete Avant Window Navigator. * Various code cleanups. * The manual has been updated. * New translation: Albanian. * Updated translations: Catalan, Czech, French, Hungarian, Indonesian, Polish, Romanian, Slovak, Spanish, Swedish, Turkish. * bug 4668, 'Sometimes, at program start, message list takes all the vertical space' * bug 4720, 'matcher: release regex_t in matcherprop_string_match' * bug 4724, 'set proper availability status to sign/encrypt toolbar buttons' * bug 4725, 'oauth2: remove trailing zero from transmit buffer in oauth2_contact_server' * bug 4728, 'socket: handle GNUTLS_E_PREMATURE_TERMINATION in ssl_read' * bug 4730, 'oauth2: fix string handling in oauth2_contact_server' * bug 4733, 'Line breaks lost in headers' * bug 4734, 'ssl_certificate: remove unhelpful warnings from certificate check' * bug 4746, 'matcher: remove incorrect condition in matcherprop_free' * bug 4747, 'matcher: simplify matcherprop_new' * bug 4749, 'release regex_t in summary_compile_simplify_regexp' * bug 4750, 'remove regcomp wrapper and call regcomp directly' * bug 4752, 'Adjust incorrect debug_printf call in pgp plugins' * bug 4754, 'text/enriched literal less-than sign sequence handled incorrectly * bug 4757, 'remove AX_FUNC_MKDIR' * bug 4758, 'remove unused check for bind_textdomain_codeset' * bug 4759, 'remove unused function checks from AC_CHECK_FUNCS' * bug 4760, 'use correct type for move_bar_id' * bug 4762, 'oauth2: preserve an existing refresh token' * bug 4765, 'only store smtp auth if authorization method is OAUTH2' * bug 4766, 'preserve the expiry value of SMTP auth type is not OAUTH2' * bug 4768, 'Adjust logic while evaluating enable_avatars' * bug 4770, 'remove intl from list of include directories' * bug 4773, 'remove obsolescent AC_C_CONST' * bug 4780, 'use proper prototype for two archiver functions' * bug 4781, 'use correct prototype for privacy_free_signature_data' * bug 4782, 'use correct prototype for stop_archiving' * bug 4786, 'remove type confusion in getsockopt call in sock_connect_async_cb' * bug 4787, 'Use correct function for memory transfer in crypt_cfb_buf' * bug 4788, '"Change primary passphrase" disabled status handling' * bug 4790, 'widget spacing in "Changing primary passphrase" dialog' * bug 4791, 'remove obsolete glib version check' * bug 4795, 'Please remove -no-cpp-precomp flag for Apple' * bug 4796, 'URL with wide character doesn't work' * bug 4798, 'Quoting wrong when format=flowed and respect_flowed_format is set' * CIDs 1220325, 1491306 and 1491315, 'Explicit null dereferenced (FORWARD_NULL)' * CIDs 1491064, 1491074, 1491211, 1491105, 1491139, 1491164, 1491166, 1491168, 1491169, 1491178, 1491232, 1491242, 1492281 and 1591844 'Use after free (USE_AFTER_FREE)' * CID 1491137 'Out-of-bounds access (OVERRUN)' * CID 1591952 values overwritten before being used * CID 1596594 (CHECKED_RETURN) * CID 1596595 'Resource leak' * errors caused by invalid MIME viewer command-line * building on non-X11 systems * Use CFLAGS provided by nettle.pc * Fancy plugin, recognise mid and data embedded images claws-mail-4.3.1-bp157.2.3.1.src.rpm claws-mail-4.3.1-bp157.2.3.1.x86_64.rpm claws-mail-devel-4.3.1-bp157.2.3.1.x86_64.rpm claws-mail-lang-4.3.1-bp157.2.3.1.noarch.rpm claws-mail-4.3.1-bp157.2.3.1.aarch64.rpm claws-mail-devel-4.3.1-bp157.2.3.1.aarch64.rpm claws-mail-4.3.1-bp157.2.3.1.ppc64le.rpm claws-mail-devel-4.3.1-bp157.2.3.1.ppc64le.rpm claws-mail-4.3.1-bp157.2.3.1.s390x.rpm claws-mail-devel-4.3.1-bp157.2.3.1.s390x.rpm openSUSE-2025-188 important openSUSE Backports SLE-15-SP7 Update Chromium was updated to 137.0.7151.68 (stable release 2025-06-03) (boo#1244019) * CVE-2025-5419: Out of bounds read and write in V8 * CVE-2025-5068: Use after free in Blink - Google is aware that an exploit for CVE-2025-5419 exists in the wild. chromedriver-137.0.7151.68-bp157.2.6.2.x86_64.rpm chromium-137.0.7151.68-bp157.2.6.2.src.rpm chromium-137.0.7151.68-bp157.2.6.2.x86_64.rpm chromedriver-137.0.7151.68-bp157.2.6.2.aarch64.rpm chromium-137.0.7151.68-bp157.2.6.2.aarch64.rpm openSUSE-2025-204 low openSUSE Backports SLE-15-SP7 Update This update for atop fixes the following issues: - Update to 2.11.1: * Atop will not connect to the TCP port of 'atopgpud' daemon any more by default. The flag -k can be used explicitly when 'atopgpud' is active. Also the code to parse the received strings is improved to avoid future issues with heap corruption. * The flag -K has been implemented to connect to netatop/netatop-bpf. * Fix CVE-2025-31160 (boo#1240393) - Update to 2.11.0: * Cgroups (version 2) support. Show the hierarchical structure of cgroups and the related metrics with key/option 'G', and define the cgroup depth with the keys/options 2 till 7. Key/option 8 also shows the processes per cgroup level, except the kernel processes in the root cgroup. Key/option 9 shows the related processes per cgroup level including the kernel processes in the root cgroup. With key/option 'C' the output is sorted on CPU consumption (default), with key/option 'M' on memory consumption, and with key/option 'D' (requires root privileges) on disk utilization. Note: The collection of cgroup information per process is not supported any more. * Twin mode: live measurement with review option. In twin mode atop spawns into a lower level process that gathers the counters and writes them to a temporary raw file, and an upper level process that reads the counters from the temporary raw file and presents them to the user. The reading of the upper level process keeps in pace with the written samples of the lower level process for live measurements. However, when pressing the 'r' (reset to measurement begin), the 'b' (branch to time stamp), or the 'T' (previous sample), the upper level process implicitly pauses with the possibility to review previous samples. The 'z' (explicit pause) can also be used to pause the live measurement. When pressing the 'z' again (continue after pause) viewing of the live measurement will be continued. * Various corrections related to JSON output. * Improved gathering of current CPU frequency. * Support more than 500 CPUs. * The format of the raw file is incompatible with previous versions. Raw files from previous versions can be converted to the new layout with the atopconvert command. - Update to 2.10.0: * Additional memory statistics on system level: amount of available memory, amount of memory used for Transparant Huge Pages, amount of memory used by two categories of static huge pages (usually 2MiB and 1GiB), and the number of pages transferred to/from zswap. * Additional counters for the number of idle threads on system level and process level. * Refined view of memory bar graph, including free static huge pages. * Generic way to determine the container id or pod name for containerized processes. * Support for a BPF-based alternative[1] for the netatop kernel module to gather network statistics per process/thread. * Use the -z flag followed by a regex to prepend matching environment variables to the full command line that is shown per process (with key 'c'). * Various bugfixes (like memory leak when switching to bar graph mode) and minor improvements. * Bugfix: failing malloc while starting atopsar (unprivileged) for a live measurement. * The program atophide can be used to make an extraction from an input raw log to an output raw log, optionally specifying a begin time and/or an end time. The output raw log can be anonymized, i.e. the hostname will be replaced, command names of non-standard commands will be replaced, all command arguments will be wiped, logical volume names will be replaced and NFS mounted volume names will be replaced. * The format of the raw file is incompatible with previous versions. Raw files from previous versions can be converted to the new layout with the atopconvert command. - Update to 2.9.0: * Avoid compiler warning by limiting PSI average * Install cleanup function to avoid termination of parent process * add man for PAG steal * Oomkills event should not remain orange after boot values * Clarified atop man page * Closing bracket missing in synopsis * Add highlight concerning bar graph mode * Introduce bar graph mode Besides all detailed information that is supplied by atop on system and process level, a (character-based) bar graph can be shown about the utilization of the most critical system resources * Freeing ethlink should depend of ifdef * Added reset to indicate shadow file to be closed * fix atopacctd.c: failed to start atopacct.service * acctatop: reacquire acctfd to collect nprocexit for some bad cases * Calibrate nprocexit to avoid atop coredumps unexpectedly * json.c: fix avque counters output * Resolve compiler warnings from latest versions of GCC * Added versdate.h to make clean target * Revert "Added versdate.h to make clean target" * Added versdate.h to make clean target * fix calculation for scan and steal * only call str.decode if nvml returned bytes * Add exit epoch to parseable output PRG (solves issue #242) * Minor correction in man page for NVCSW/NIVCSW * Context switches (voluntary and involuntary) on process level incorrect * Various modifications releated to (non)voluntary context switches * Add nvcsw and nivcsw for each process * ifprop.c: Fix possible memory leak * Code cleanup and prototype additions * Consistency check on number of threads (solves issue #232) * atop-rotate.service: use restart instead of try-restart * Add link to atophttpd atop-2.11.1-bp157.2.3.1.src.rpm atop-2.11.1-bp157.2.3.1.x86_64.rpm atop-daemon-2.11.1-bp157.2.3.1.x86_64.rpm atop-daemon-debuginfo-2.11.1-bp157.2.3.1.x86_64.rpm atop-debuginfo-2.11.1-bp157.2.3.1.x86_64.rpm atop-debugsource-2.11.1-bp157.2.3.1.x86_64.rpm atop-2.11.1-bp157.2.3.1.i586.rpm atop-daemon-2.11.1-bp157.2.3.1.i586.rpm atop-daemon-debuginfo-2.11.1-bp157.2.3.1.i586.rpm atop-debuginfo-2.11.1-bp157.2.3.1.i586.rpm atop-debugsource-2.11.1-bp157.2.3.1.i586.rpm atop-2.11.1-bp157.2.3.1.aarch64.rpm atop-daemon-2.11.1-bp157.2.3.1.aarch64.rpm atop-daemon-debuginfo-2.11.1-bp157.2.3.1.aarch64.rpm atop-debuginfo-2.11.1-bp157.2.3.1.aarch64.rpm atop-debugsource-2.11.1-bp157.2.3.1.aarch64.rpm atop-2.11.1-bp157.2.3.1.ppc64le.rpm atop-daemon-2.11.1-bp157.2.3.1.ppc64le.rpm atop-daemon-debuginfo-2.11.1-bp157.2.3.1.ppc64le.rpm atop-debuginfo-2.11.1-bp157.2.3.1.ppc64le.rpm atop-debugsource-2.11.1-bp157.2.3.1.ppc64le.rpm atop-2.11.1-bp157.2.3.1.s390x.rpm atop-daemon-2.11.1-bp157.2.3.1.s390x.rpm atop-daemon-debuginfo-2.11.1-bp157.2.3.1.s390x.rpm atop-debuginfo-2.11.1-bp157.2.3.1.s390x.rpm atop-debugsource-2.11.1-bp157.2.3.1.s390x.rpm openSUSE-2025-200 important openSUSE Backports SLE-15-SP7 Update This update for orafce and timescaledb rebuilds them against current postgresql. postgresql12-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.src.rpm postgresql12-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.x86_64.rpm postgresql12-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.x86_64.rpm postgresql12-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.x86_64.rpm postgresql13-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.src.rpm postgresql13-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.x86_64.rpm postgresql13-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.x86_64.rpm postgresql13-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.x86_64.rpm postgresql14-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.src.rpm postgresql14-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.x86_64.rpm postgresql14-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.x86_64.rpm postgresql14-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.x86_64.rpm postgresql15-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.src.rpm postgresql15-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.x86_64.rpm postgresql15-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.x86_64.rpm postgresql15-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.x86_64.rpm postgresql16-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.src.rpm postgresql16-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.x86_64.rpm postgresql16-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.x86_64.rpm postgresql16-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.x86_64.rpm postgresql17-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.src.rpm postgresql17-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.x86_64.rpm postgresql17-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.x86_64.rpm postgresql17-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.x86_64.rpm postgresql14-timescaledb-2.17.1-bp157.2.2.1.src.rpm postgresql14-timescaledb-2.17.1-bp157.2.2.1.x86_64.rpm postgresql15-timescaledb-2.17.1-bp157.2.2.1.src.rpm postgresql15-timescaledb-2.17.1-bp157.2.2.1.x86_64.rpm postgresql16-timescaledb-2.17.1-bp157.2.2.1.src.rpm postgresql16-timescaledb-2.17.1-bp157.2.2.1.x86_64.rpm postgresql17-timescaledb-2.17.1-bp157.2.2.1.src.rpm postgresql17-timescaledb-2.17.1-bp157.2.2.1.x86_64.rpm postgresql12-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.i586.rpm postgresql12-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.i586.rpm postgresql12-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.i586.rpm postgresql13-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.i586.rpm postgresql13-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.i586.rpm postgresql13-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.i586.rpm postgresql14-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.i586.rpm postgresql14-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.i586.rpm postgresql14-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.i586.rpm postgresql15-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.i586.rpm postgresql15-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.i586.rpm postgresql15-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.i586.rpm postgresql16-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.i586.rpm postgresql16-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.i586.rpm postgresql16-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.i586.rpm postgresql17-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.i586.rpm postgresql17-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.i586.rpm postgresql17-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.i586.rpm postgresql14-timescaledb-2.17.1-bp157.2.2.1.i586.rpm postgresql15-timescaledb-2.17.1-bp157.2.2.1.i586.rpm postgresql16-timescaledb-2.17.1-bp157.2.2.1.i586.rpm postgresql17-timescaledb-2.17.1-bp157.2.2.1.i586.rpm postgresql12-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.aarch64.rpm postgresql12-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.aarch64.rpm postgresql12-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.aarch64.rpm postgresql13-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.aarch64.rpm postgresql13-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.aarch64.rpm postgresql13-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.aarch64.rpm postgresql14-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.aarch64.rpm postgresql14-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.aarch64.rpm postgresql14-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.aarch64.rpm postgresql15-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.aarch64.rpm postgresql15-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.aarch64.rpm postgresql15-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.aarch64.rpm postgresql16-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.aarch64.rpm postgresql16-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.aarch64.rpm postgresql16-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.aarch64.rpm postgresql17-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.aarch64.rpm postgresql17-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.aarch64.rpm postgresql17-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.aarch64.rpm postgresql14-timescaledb-2.17.1-bp157.2.2.1.aarch64.rpm postgresql15-timescaledb-2.17.1-bp157.2.2.1.aarch64.rpm postgresql16-timescaledb-2.17.1-bp157.2.2.1.aarch64.rpm postgresql17-timescaledb-2.17.1-bp157.2.2.1.aarch64.rpm postgresql12-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.ppc64le.rpm postgresql12-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.ppc64le.rpm postgresql12-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.ppc64le.rpm postgresql13-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.ppc64le.rpm postgresql13-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.ppc64le.rpm postgresql13-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.ppc64le.rpm postgresql14-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.ppc64le.rpm postgresql14-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.ppc64le.rpm postgresql14-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.ppc64le.rpm postgresql15-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.ppc64le.rpm postgresql15-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.ppc64le.rpm postgresql15-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.ppc64le.rpm postgresql16-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.ppc64le.rpm postgresql16-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.ppc64le.rpm postgresql16-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.ppc64le.rpm postgresql17-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.ppc64le.rpm postgresql17-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.ppc64le.rpm postgresql17-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.ppc64le.rpm postgresql14-timescaledb-2.17.1-bp157.2.2.1.ppc64le.rpm postgresql15-timescaledb-2.17.1-bp157.2.2.1.ppc64le.rpm postgresql16-timescaledb-2.17.1-bp157.2.2.1.ppc64le.rpm postgresql17-timescaledb-2.17.1-bp157.2.2.1.ppc64le.rpm postgresql12-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.s390x.rpm postgresql12-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.s390x.rpm postgresql12-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.s390x.rpm postgresql13-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.s390x.rpm postgresql13-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.s390x.rpm postgresql13-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.s390x.rpm postgresql14-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.s390x.rpm postgresql14-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.s390x.rpm postgresql14-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.s390x.rpm postgresql15-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.s390x.rpm postgresql15-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.s390x.rpm postgresql15-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.s390x.rpm postgresql16-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.s390x.rpm postgresql16-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.s390x.rpm postgresql16-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.s390x.rpm postgresql17-orafce-4.14.1+git0.48e67e7-bp157.2.2.1.s390x.rpm postgresql17-orafce-debuginfo-4.14.1+git0.48e67e7-bp157.2.2.1.s390x.rpm postgresql17-orafce-debugsource-4.14.1+git0.48e67e7-bp157.2.2.1.s390x.rpm postgresql14-timescaledb-2.17.1-bp157.2.2.1.s390x.rpm postgresql15-timescaledb-2.17.1-bp157.2.2.1.s390x.rpm postgresql16-timescaledb-2.17.1-bp157.2.2.1.s390x.rpm postgresql17-timescaledb-2.17.1-bp157.2.2.1.s390x.rpm openSUSE-2025-201 important openSUSE Backports SLE-15-SP7 Update This update for chromium fixes the following issues: Chromium 137.0.7151.103 (stable release 2025-06-10) (boo#1244452) - CVE-2025-5958: Use after free in Media - CVE-2025-5959: Type Confusion in V8 chromedriver-137.0.7151.103-bp157.2.9.1.x86_64.rpm chromium-137.0.7151.103-bp157.2.9.1.src.rpm chromium-137.0.7151.103-bp157.2.9.1.x86_64.rpm chromedriver-137.0.7151.103-bp157.2.9.1.aarch64.rpm chromium-137.0.7151.103-bp157.2.9.1.aarch64.rpm openSUSE-2025-206 important openSUSE Backports SLE-15-SP7 Update This update for konsole fixes the following issues: - CVE-2025-49091: Fixed potential remote code execution in a certain scenario with url open (boo#1244569) konsole-23.08.5-bp157.2.3.1.src.rpm konsole-23.08.5-bp157.2.3.1.x86_64.rpm konsole-debuginfo-23.08.5-bp157.2.3.1.x86_64.rpm konsole-debugsource-23.08.5-bp157.2.3.1.x86_64.rpm konsole-part-23.08.5-bp157.2.3.1.x86_64.rpm konsole-part-debuginfo-23.08.5-bp157.2.3.1.x86_64.rpm konsole-part-lang-23.08.5-bp157.2.3.1.noarch.rpm konsole-zsh-completion-23.08.5-bp157.2.3.1.noarch.rpm konsole-23.08.5-bp157.2.3.1.aarch64.rpm konsole-debuginfo-23.08.5-bp157.2.3.1.aarch64.rpm konsole-debugsource-23.08.5-bp157.2.3.1.aarch64.rpm konsole-part-23.08.5-bp157.2.3.1.aarch64.rpm konsole-part-debuginfo-23.08.5-bp157.2.3.1.aarch64.rpm konsole-23.08.5-bp157.2.3.1.ppc64le.rpm konsole-debuginfo-23.08.5-bp157.2.3.1.ppc64le.rpm konsole-debugsource-23.08.5-bp157.2.3.1.ppc64le.rpm konsole-part-23.08.5-bp157.2.3.1.ppc64le.rpm konsole-part-debuginfo-23.08.5-bp157.2.3.1.ppc64le.rpm konsole-23.08.5-bp157.2.3.1.s390x.rpm konsole-debuginfo-23.08.5-bp157.2.3.1.s390x.rpm konsole-debugsource-23.08.5-bp157.2.3.1.s390x.rpm konsole-part-23.08.5-bp157.2.3.1.s390x.rpm konsole-part-debuginfo-23.08.5-bp157.2.3.1.s390x.rpm openSUSE-2025-212 moderate openSUSE Backports SLE-15-SP7 Update This update for kanidm fixes the following issues: kanidm was updated to version 1.6.4~git2.a4b3b0f7b: * Remove dead code * OpenSUSE build fix Update to version 1.6.4~git0.e1d26ed10: * Allow deferring spans in unixd * Dark mode improvements (#3660) * Fix SCIM filter parser for quoted values with spaces and escaped quotes (#3673) * fix: strip comments from UNIX files before parsing (#3674) * Fix healthcheck to use ENV for config path (#3656) * Investigate and reduce memory consumption of unixd (#3645) * Swap bytes mut at buffer limits (#3651) * fix: Improve unixd & unixd-tasks startup coupling (#3638) * reload schema before verify (#3643) * Defend against split_at panic (#3636) Update to version 1.6.3~git0.389493eb1: * Fix minor issue with untagged version handling (#3634) * Move shadow processing out of task event loop (#3631) * Dont specify config path in container (#3630) * Accept SSHA with different salt lengths (#3629) * Resolve flaw with ssh key parse if the key has no comment (#3628) * Indicate that this is an ip list, not a range (#3626) * Test for corrupted unicode in SSH keys, keep the key title on error/resubmit (#3618) * Reduce replication logging verbosity * cargo publish (#3613) kanidm-1.6.4~git2.a4b3b0f7b-bp157.2.3.1.src.rpm kanidm-1.6.4~git2.a4b3b0f7b-bp157.2.3.1.x86_64.rpm kanidm-clients-1.6.4~git2.a4b3b0f7b-bp157.2.3.1.x86_64.rpm kanidm-clients-debuginfo-1.6.4~git2.a4b3b0f7b-bp157.2.3.1.x86_64.rpm kanidm-debuginfo-1.6.4~git2.a4b3b0f7b-bp157.2.3.1.x86_64.rpm kanidm-debugsource-1.6.4~git2.a4b3b0f7b-bp157.2.3.1.x86_64.rpm kanidm-docs-1.6.4~git2.a4b3b0f7b-bp157.2.3.1.x86_64.rpm kanidm-server-1.6.4~git2.a4b3b0f7b-bp157.2.3.1.x86_64.rpm kanidm-server-debuginfo-1.6.4~git2.a4b3b0f7b-bp157.2.3.1.x86_64.rpm kanidm-unixd-clients-1.6.4~git2.a4b3b0f7b-bp157.2.3.1.x86_64.rpm kanidm-unixd-clients-debuginfo-1.6.4~git2.a4b3b0f7b-bp157.2.3.1.x86_64.rpm kanidm-1.6.4~git2.a4b3b0f7b-bp157.2.3.1.aarch64.rpm kanidm-clients-1.6.4~git2.a4b3b0f7b-bp157.2.3.1.aarch64.rpm kanidm-clients-debuginfo-1.6.4~git2.a4b3b0f7b-bp157.2.3.1.aarch64.rpm kanidm-debuginfo-1.6.4~git2.a4b3b0f7b-bp157.2.3.1.aarch64.rpm kanidm-debugsource-1.6.4~git2.a4b3b0f7b-bp157.2.3.1.aarch64.rpm kanidm-docs-1.6.4~git2.a4b3b0f7b-bp157.2.3.1.aarch64.rpm kanidm-server-1.6.4~git2.a4b3b0f7b-bp157.2.3.1.aarch64.rpm kanidm-server-debuginfo-1.6.4~git2.a4b3b0f7b-bp157.2.3.1.aarch64.rpm kanidm-unixd-clients-1.6.4~git2.a4b3b0f7b-bp157.2.3.1.aarch64.rpm kanidm-unixd-clients-debuginfo-1.6.4~git2.a4b3b0f7b-bp157.2.3.1.aarch64.rpm openSUSE-2025-215 moderate openSUSE Backports SLE-15-SP7 Update This update for python-certbot-dns-google, python-google-api-python-client, python-google-auth-httplib2, python-uritemplate fixes the following issues: Changes in python-uritemplate, python-google-auth-httplib2, python-google-api-python-client: - shipped for use by python-certbot-dns-google. Changes in python-certbot-dns-google: Update to version 2.11.0: * sync with the main certbot package Update to 2.9.0: * Support for Python 3.12 was added. * Updates `joinpath` syntax to only use one addition per call, because the multiple inputs version was causing mypy errors on Python 3.10. * Makes the `reconfigure` verb actually use the staging server for the dry run to check the new configuration. Update to version 2.7.3: * Filter zones in certbot-dns-google to avoid usage of private DNS zones to create records Update to version 2.6.0: * Support for Python 3.11 was added to Certbot and all of its components. * All Certbot components now require pytest to run tests. * Packaged tests for all Certbot components besides josepy were moved inside the _internal/tests module. * There is now a new Other annotated challenge object to allow plugins to support entirely novel challenges. * --dns-google-project optionally allows for specifying the project that the DNS zone(s) reside in, which allows for Certbot usage in scenarios where the auth credentials reside in a different project to the zone(s) that are being managed. * certbot-dns-google now loads credentials using the standard Application Default Credentials strategy, rather than explicitly requiring the Google Compute metadata server to be present if a service account is not provided using --dns-google-credentials. * --dns-google-credentials now supports additional types of file-based credential, such as External Account Credentials created by Workload Identity Federation. All file-based credentials implemented by the Google Auth library are supported. * certbot-dns-google no longer requires deprecated oauth2client library. * Certbot no longer depends on zope. Update to 1.29.0: * --allow-subset-of-names will now additionally retry in cases where domains are rejected while creating or finalizing orders. This requires subproblem support from the ACME server * The show_account subcommand now uses the "newAccount" ACME endpoint to fetch the account data, so it doesn't rely on the locally stored account URL. This fixes situations where Certbot would use old ACMEv1 registration info with non-functional account URLs. * The generated Certificate Signing Requests are now generated as version 1 instead of version 3. This resolves situations in where strict enforcement of PKCS#10 meant that CSRs that were generated as version 3 were rejected Update to version 1.26.0: * GCP Permission list for certbot-dns-google in plugin documentation python-certbot-dns-google-2.11.0-bp157.2.3.1.src.rpm python311-certbot-dns-google-2.11.0-bp157.2.3.1.noarch.rpm python-google-api-python-client-2.170.0-bp157.2.1.src.rpm python311-google-api-python-client-2.170.0-bp157.2.1.noarch.rpm python-google-auth-httplib2-0.2.0-bp157.2.1.src.rpm python311-google-auth-httplib2-0.2.0-bp157.2.1.noarch.rpm python-uritemplate-4.1.1-bp157.2.1.src.rpm python311-uritemplate-4.1.1-bp157.2.1.noarch.rpm openSUSE-2025-213 moderate openSUSE Backports SLE-15-SP7 Update This update for ollama fixes the following issues: Update to version 0.9.0: * Ollama now has the ability to enable or disable thinking. This gives users the flexibility to choose the model’s thinking behavior for different applications and use cases. Update to version 0.8.0: * Ollama will now stream responses with tool calls * Logs will now include better memory estimate debug information when running models in Ollama's engine. Update to version 0.7.1: * Improved model memory management to allocate sufficient memory to prevent crashes when running multimodal models in certain situations * Enhanced memory estimation for models to prevent unintended memory offloading * ollama show will now show ... when data is truncated * Fixed crash that would occur with qwen2.5vl * Fixed crash on Nvidia's CUDA for llama3.2-vision * Support for Alibaba's Qwen 3 and Qwen 2 architectures in Ollama's new multimodal engine ollama-0.9.0-bp157.5.1.src.rpm ollama-0.9.0-bp157.5.1.x86_64.rpm ollama-0.9.0-bp157.5.1.aarch64.rpm ollama-0.9.0-bp157.5.1.ppc64le.rpm ollama-0.9.0-bp157.5.1.s390x.rpm openSUSE-2025-214 moderate openSUSE Backports SLE-15-SP7 Update This update for openQA fixes the following issues: - Update to version 5.1749832158.cc746ea0: * Bump @eslint/config-helpers from 0.2.2 to 0.2.3 * Docs: Convert images/openqa-in-5-minutes.gif to webm * Add test for failing save_needle with abort call * Document considerations for zero-downtime upgrades * Bump @eslint/config-array from 0.20.0 to 0.20.1 * Bump @eslint/plugin-kit from 0.3.1 to 0.3.2 * Change `do_cleanup` definition in test using `scm git` * apparmor: Allow file lock in fixed iso/hdd images * apparmor: Allow using 'git-lfs' * Disable git_auto_update by default * Re-add git_auto_commit and improved docs for the git settings * Tweak git config access in _git_clone_all * Disentangle git_auto_clone and git_auto_update * Bump brace-expansion from 1.1.11 to 1.1.12 * Update documentation with the new postgres format * Avoid showing too much probably disturbing errors on test details page * Update deprecated postgresql repository * Print one URL per line in test settings * Bump eslint-scope from 8.3.0 to 8.4.0 * Bump espree from 10.3.0 to 10.4.0 * Verify log output when cleanup fail in _save_needles * Improve error handling when loading test module results * Simplify the `createElement()` function * Restore behavior in case of empty details JSON after ca86aec6 * Verify abort job when git is disabled and do_cleanup is 'no' * Avoid job terminated unexpectedly by add signal handler * Bump datatables.net-bs5 from 2.3.1 to 2.3.2 * Bump acorn from 8.14.1 to 8.15.0 * Use regex when checking worker config for relevant sections * Allow appending values in worker config via `+=` * Streamline coding style in `t/24-worker-settings.t` * Allow using list and range specifiers in worker config file - Update to version 5.1749214996.3536da99: * Bump @types/estree from 1.0.7 to 1.0.8 * Support sass generation in all product versions * Avoid sporadic test failures due to warning about closed ws connection * Increase chart testing verbosity for better log trace * Bump ace-builds from 1.41.0 to 1.42.0 * Bump eslint from 9.27.0 to 9.28.0 * Bump @pkgr/core from 0.2.4 to 0.2.7 * Remove nested .gitignore from openQA rpm * Add permissions to avoid the warnings in openQA build - Update to version 5.1748615746.d50d8e24: * Bump synckit from 0.11.6 to 0.11.8 * Bump eslint-plugin-prettier from 5.4.0 to 5.4.1 * Support repeated query params in filter parsing * Replace deprecated ingress class annotation with ingressClassName * CI: Update python version in check-helm-chart * Avoid database error when more than one limit parameter is specified * Use signatures in all functions of `t/ui/18-tests-details.t` * Improve details of test details test * Refactor search_args construction for multi-valued query parameters * Allow comma-separated filtering of flavor * Dependency cron 2025-05-26 * t: Test if flavor options from URL are carried over to the form * t: Add more testing of comma-separated values * t: Check URL contains single flavor * Apply macro to support upcoming opensuse/sle 16 build - Update to version 5.1748004971.d2bfe8ce: * CI: Enable Leap 16.0 OBS build checks * systemd: Increase availability of openqa-webui with ordering * systemd: Remove obsolete ordering of websockets after scheduler * Update GettingStarted.asciidoc Fedora instructions * Deprecate skip-checks and add check-repos option * Switch overly verbose "Updating seen from worker" messages to trace * t: Also use default test database in full-stack+deploy * Fix quoting issue in run-tests-within-container script * Bump eslint from 9.26.0 to 9.27.0 * Bump @modelcontextprotocol/sdk from 1.11.3 to 1.11.4 * Bump synckit from 0.11.5 to 0.11.6 * Create link to the common prove_wrapper * Avoid repeated calls to $t->app->minion * Add linear backoff in hook script * Sync the subrepo external/os-autoinst-common * Bump datatables.net-bs5 from 2.3.0 to 2.3.1 * Dependency cron 2025-05-16 * Bump @modelcontextprotocol/sdk from 1.11.2 to 1.11.3 * Bump eventsource-parser from 3.0.1 to 3.0.2 * Set TESTS_FAILED_FLAG to 1 instead of touching file * Explain container execution and CONTAINER_TEST implications * Remove section which checks unused variable * Update checkstyle invocation in run-tests-within-container script - Update to version 5.1747282262.9a4e6bb5: * load-templates: with --clean, empty job group YAML templates * Fix phrasing in jobs comment carry over unit test * Bump debug from 4.4.0 to 4.4.1 * Bump synckit from 0.11.4 to 0.11.5 * Avoid workers getting stuck with old jobs * Avoid duplicate `use Mojo::JSON` * Follow consistent database DUMP_FOLDER target directory * Create new systemd service and timer for database dump and cleanup * dump-templates: dump job groups as they exist, fix group checks * t: load-templates: check harder for what gets loaded * load-templates: job groups: simplify, don't error on group exists * load-templates: fix loading of job templates openQA-5.1749832158.cc746ea0-bp157.2.4.1.src.rpm openQA-5.1749832158.cc746ea0-bp157.2.4.1.x86_64.rpm openQA-auto-update-5.1749832158.cc746ea0-bp157.2.4.1.x86_64.rpm openQA-bootstrap-5.1749832158.cc746ea0-bp157.2.4.1.x86_64.rpm openQA-client-5.1749832158.cc746ea0-bp157.2.4.1.x86_64.rpm openQA-common-5.1749832158.cc746ea0-bp157.2.4.1.x86_64.rpm openQA-continuous-update-5.1749832158.cc746ea0-bp157.2.4.1.x86_64.rpm openQA-devel-5.1749832158.cc746ea0-bp157.2.4.1.x86_64.rpm openQA-doc-5.1749832158.cc746ea0-bp157.2.4.1.x86_64.rpm openQA-local-db-5.1749832158.cc746ea0-bp157.2.4.1.x86_64.rpm openQA-munin-5.1749832158.cc746ea0-bp157.2.4.1.x86_64.rpm openQA-python-scripts-5.1749832158.cc746ea0-bp157.2.4.1.x86_64.rpm openQA-single-instance-5.1749832158.cc746ea0-bp157.2.4.1.x86_64.rpm openQA-single-instance-nginx-5.1749832158.cc746ea0-bp157.2.4.1.x86_64.rpm openQA-worker-5.1749832158.cc746ea0-bp157.2.4.1.x86_64.rpm openQA-client-test-5.1749832158.cc746ea0-bp157.2.4.1.src.rpm openQA-test-5.1749832158.cc746ea0-bp157.2.4.1.src.rpm openQA-worker-test-5.1749832158.cc746ea0-bp157.2.4.1.src.rpm openQA-5.1749832158.cc746ea0-bp157.2.4.1.aarch64.rpm openQA-auto-update-5.1749832158.cc746ea0-bp157.2.4.1.aarch64.rpm openQA-bootstrap-5.1749832158.cc746ea0-bp157.2.4.1.aarch64.rpm openQA-client-5.1749832158.cc746ea0-bp157.2.4.1.aarch64.rpm openQA-common-5.1749832158.cc746ea0-bp157.2.4.1.aarch64.rpm openQA-continuous-update-5.1749832158.cc746ea0-bp157.2.4.1.aarch64.rpm openQA-devel-5.1749832158.cc746ea0-bp157.2.4.1.aarch64.rpm openQA-doc-5.1749832158.cc746ea0-bp157.2.4.1.aarch64.rpm openQA-local-db-5.1749832158.cc746ea0-bp157.2.4.1.aarch64.rpm openQA-munin-5.1749832158.cc746ea0-bp157.2.4.1.aarch64.rpm openQA-python-scripts-5.1749832158.cc746ea0-bp157.2.4.1.aarch64.rpm openQA-single-instance-5.1749832158.cc746ea0-bp157.2.4.1.aarch64.rpm openQA-single-instance-nginx-5.1749832158.cc746ea0-bp157.2.4.1.aarch64.rpm openQA-worker-5.1749832158.cc746ea0-bp157.2.4.1.aarch64.rpm openQA-5.1749832158.cc746ea0-bp157.2.4.1.ppc64le.rpm openQA-auto-update-5.1749832158.cc746ea0-bp157.2.4.1.ppc64le.rpm openQA-bootstrap-5.1749832158.cc746ea0-bp157.2.4.1.ppc64le.rpm openQA-client-5.1749832158.cc746ea0-bp157.2.4.1.ppc64le.rpm openQA-common-5.1749832158.cc746ea0-bp157.2.4.1.ppc64le.rpm openQA-continuous-update-5.1749832158.cc746ea0-bp157.2.4.1.ppc64le.rpm openQA-devel-5.1749832158.cc746ea0-bp157.2.4.1.ppc64le.rpm openQA-doc-5.1749832158.cc746ea0-bp157.2.4.1.ppc64le.rpm openQA-local-db-5.1749832158.cc746ea0-bp157.2.4.1.ppc64le.rpm openQA-munin-5.1749832158.cc746ea0-bp157.2.4.1.ppc64le.rpm openQA-python-scripts-5.1749832158.cc746ea0-bp157.2.4.1.ppc64le.rpm openQA-single-instance-5.1749832158.cc746ea0-bp157.2.4.1.ppc64le.rpm openQA-single-instance-nginx-5.1749832158.cc746ea0-bp157.2.4.1.ppc64le.rpm openQA-worker-5.1749832158.cc746ea0-bp157.2.4.1.ppc64le.rpm openQA-5.1749832158.cc746ea0-bp157.2.4.1.s390x.rpm openQA-auto-update-5.1749832158.cc746ea0-bp157.2.4.1.s390x.rpm openQA-bootstrap-5.1749832158.cc746ea0-bp157.2.4.1.s390x.rpm openQA-client-5.1749832158.cc746ea0-bp157.2.4.1.s390x.rpm openQA-common-5.1749832158.cc746ea0-bp157.2.4.1.s390x.rpm openQA-continuous-update-5.1749832158.cc746ea0-bp157.2.4.1.s390x.rpm openQA-devel-5.1749832158.cc746ea0-bp157.2.4.1.s390x.rpm openQA-doc-5.1749832158.cc746ea0-bp157.2.4.1.s390x.rpm openQA-local-db-5.1749832158.cc746ea0-bp157.2.4.1.s390x.rpm openQA-munin-5.1749832158.cc746ea0-bp157.2.4.1.s390x.rpm openQA-python-scripts-5.1749832158.cc746ea0-bp157.2.4.1.s390x.rpm openQA-single-instance-5.1749832158.cc746ea0-bp157.2.4.1.s390x.rpm openQA-single-instance-nginx-5.1749832158.cc746ea0-bp157.2.4.1.s390x.rpm openQA-worker-5.1749832158.cc746ea0-bp157.2.4.1.s390x.rpm openSUSE-2025-210 important openSUSE Backports SLE-15-SP7 Update Chromium was updated to 137.0.7151.119 (stable release 2025-06-17) (boo#1244711): * CVE-2025-6191: Integer overflow in V8 * CVE-2025-6192: Use after free in Profiler chromedriver-137.0.7151.119-bp157.2.12.1.x86_64.rpm chromium-137.0.7151.119-bp157.2.12.1.src.rpm chromium-137.0.7151.119-bp157.2.12.1.x86_64.rpm chromedriver-137.0.7151.119-bp157.2.12.1.aarch64.rpm chromium-137.0.7151.119-bp157.2.12.1.aarch64.rpm openSUSE-2025-217 moderate openSUSE Backports SLE-15-SP7 Update This update for python-libvirt-python fixes the following issues: python-libvirt-python updated to 11.0.0. python-libvirt-python-11.0.0-bp157.4.1.src.rpm python-libvirt-python-debugsource-11.0.0-bp157.4.1.x86_64.rpm python311-libvirt-python-11.0.0-bp157.4.1.x86_64.rpm python311-libvirt-python-debuginfo-11.0.0-bp157.4.1.x86_64.rpm python-libvirt-python-debugsource-11.0.0-bp157.4.1.i586.rpm python311-libvirt-python-11.0.0-bp157.4.1.i586.rpm python311-libvirt-python-debuginfo-11.0.0-bp157.4.1.i586.rpm python-libvirt-python-debugsource-11.0.0-bp157.4.1.aarch64.rpm python311-libvirt-python-11.0.0-bp157.4.1.aarch64.rpm python311-libvirt-python-debuginfo-11.0.0-bp157.4.1.aarch64.rpm python-libvirt-python-debugsource-11.0.0-bp157.4.1.ppc64le.rpm python311-libvirt-python-11.0.0-bp157.4.1.ppc64le.rpm python311-libvirt-python-debuginfo-11.0.0-bp157.4.1.ppc64le.rpm python-libvirt-python-debugsource-11.0.0-bp157.4.1.s390x.rpm python311-libvirt-python-11.0.0-bp157.4.1.s390x.rpm python311-libvirt-python-debuginfo-11.0.0-bp157.4.1.s390x.rpm openSUSE-2025-208 important openSUSE Backports SLE-15-SP7 Update This update for velociraptor fixes the following issues: - Update to version 0.7.0.4.git152.fb24dfd: * audit: fix watch rules in artifacts * audit: update go-libaudit dependency for pcc64le arch filter fix * Use execsnoop plugin in artifacts when possible * Add execsnoop plugin to capture execve system calls * github-actions: update ubuntu runners to 22.04 * Fix failing tls unit test on new go versions - Update to version 0.7.0.4.git142.862ef23: * github: fix deprecated upload artifact again * Update npm packages Includes fixes for the following vulnerabilities: CVE-2023-45133 CVE-2023-46234 CVE-2024-55565 CVE-2024-45296 CVE-2023-44270 CVE-2024-47068 CVE-2024-23331 CVE-2024-31207 CVE-2024-45812 CVE-2024-45811 * Update go dependencies Includes fixes for the following vulnerabilities: CVE-2024-45338 CVE-2024-37298 CVE-2024-24786 CVE-2023-45683 (boo#1216310) CVE-2023-1732 * Update jwt to 4.5.1 Fixes CVE-2024-51744 (boo#1232944) * Update go-retryablehttp to 0.7.7 Fixes CVE-2024-6104 (boo#1227061) * Update go-oidc and go-jose Fixes CVE-2024-28180 (boo#1235168) * Update dompurify to 3.1.3 Fixes CVE-2024-47875 (boo#1231574) * Update package-lock.json * Update micromatch to 4.0.8 Partial fix for CVE-2024-4067 (boo#1224367) Partial fix for CVE-2024-4068 (boo#1224296) * Update axios to 1.7.9 Fixes CVE-2024-39338 (boo#1229424) * Update cross-spawn to 7.0.6 Fixes CVE-2024-21538 (boo#1233845) * Update elliptic to 6.6.1 Update contains fixes for: CVE-2024-48949 (boo#1231558) CVE-2024-48948 (boo#1231685) CVE-2024-42459 (boo#1232543) CVE-2024-42460 (boo#1232543) CVE-2024-42461 (boo#1232543) * Update follow-redirects to 1.15.6 Fixes CVE-2024-28849 (boo#1221456) * fix: gui/velociraptor/package.json to reduce vulnerabilities Fixes CVE-2022-25883 (boo#1212572) - Update to version 0.7.0.4.git126.27cfbe1: * bpf: fix plugins not stopping when context cancelled * tcpsnoop: move parsing to its own function * bpf plugins: remove depreciated libbpfgo calls * bpf plugins: add context to error logs * chattrsnoop: fix files not getting closed * chattrsnoop: move hashing from plugin to artifact * RPM artifact: start checks immediately on artifact load * rpm plugin: fix ndb magic error * audit s390x: fix arch filter rules errors * github: fix deprecated upload artifact * tcpsnoop: fix ipv6 local and remote addresses order * tcpsnoop: fix missing ipv6 outbound connections * Linux.Events.ProcessExecutions: remove parent cmdline * audit: reduce FileBufferLeaseSize to ease GC overhead * audit: fix auditBuf allocation and go vet warnings * audit: fix plugin shutdown race condition * audit: fix audit client data races * audit: fix race in subscriber * audit: prevent Windows loading audit package * sdjournal: fix package causing test failures * github: run linux unit tests - Update node modules with security fixes. * Fixes CVE-2024-39338 (boo#1229424) - Update to version 0.7.0.4.git97.675e45f9: * kafka-humio-gateway: update go version and dependency list * kafka-humio-gateway: specific mTLS cert paths in config.yml * docker-compose: set kafka replication factor and min ISRs * kafka-humio-gateway: add http post retry mechanism * kafka-humio-gateway: add pprof debugging option * kafka-humio-gateway: format with gofmt * kafka-humio-gateway: fix go-staticcheck issues * kafka-humio-gateway: fix sendEvents() never exiting * Kafka.Events.Client: Update to use new artifactset type * docker-compose: add optional Kafka cluser * kafka-humio-gateway: add mTLS support * contrib/kafka-humio-gateway: add new debug option for noisy events * contrib/kafka-humio-gateway: backoff and retry for metadata * kafka-humio-gateway: add sample config file * kafka-humio-gateway: update sarama and dependencies * Add Kafka-Humio Gateway [Depends on PR#10] (#8) * vql/server/kafka: connect sarama logging to velociraptor logging * vql/server/kafka: add exponential backoff (limited to 30s) for metadata retries * vql/server/kafka: set appropriate ClientID * Add a Kafka export plugin - Update to version 0.7.0.4.git74.3426c0a: * Fix services artifact symbol pid not found error * chattrsnoop: correct read size for flags * chattrsnoop: fix wrong FS_IOC_SETFLAGS value for ppc * chattrsnoop: fix do_vfs_ioctl kprobe failure - Update to version 0.7.0.4.git68.ad1f4e5: * Fix undefined binary.NativeEndian build errors - Add llvm16-libclang13 dependency for SLE 15 SP5 and above - Update to version 0.7.0.4.git66.eea7659: * dnssnoop: fix loading protocol from ip header on s390 * dnssnoop: fix htons() so it works on s390 too * Fix systemd Services artifact missing events * chattrsnoop: replace global variables with locals * tcpsnoop: fix garbled results on s390 * chattrsnoop: fix immutable attribute set on s390 * chattrsnoop: fix bpf_probe_read for s390 * tcpsnoop: remove unused filtering code * Add artifact to collect new files without owner * bpf plugins: set a logger callback - Update to version 0.7.0.4.git47.0f8a4de1: * Rename SUSE specific artifacts to have SUSE prefix * Add SUSE.Linux.Events.NewZeroSizeLogFile artifact * Move NewFiles artifact to SUSE * Move ImmutableFile artifact to SUSE * Make ImmutableFile artifact consistent with others * Fix absolute path case in ExecutableFiles artifact * Add client monitoring artifact for RPMs * Add artifact to collect new hidden files * Add artifact to monitor ssh authorized_keys files * Fix split_records error on older clients * Add hash fields to Linux.Events.ProcessExecutions * Add artifact to collect systemd service events * Fix SystemLogins artifacts file extensions * Add SUSE.Linux.Events.Timers artifact * Fix audit filter key typo in Linux.Events.NewFiles * Add server artifact to delete old client data on server * Add SUSE.Linux.Sys.At artifact * chattrsnoop: include full error details in logs * chattrsnoop: handle os.Stat() error properly * chattrsnoop: don't log.Fatal() on hash error * Fix Linux.Events.ImmutableFile not showing hash in GUI * SUSE.Linux.Events.Crontab: Add task execution artifacts * Raise client connection log level to ERROR * sdjournal: Correctly seek to current tail - Update to version 0.7.0.4.git6.7b40b8b: * go.mod: increase go version to 1.19 velociraptor-0.7.0.4.git152.fb24dfd-bp157.2.3.1.src.rpm velociraptor-0.7.0.4.git152.fb24dfd-bp157.2.3.1.x86_64.rpm system-user-velociraptor-1.0.0-bp157.2.3.1.noarch.rpm velociraptor-client-0.7.0.4.git152.fb24dfd-bp157.2.3.1.src.rpm velociraptor-client-0.7.0.4.git152.fb24dfd-bp157.2.3.1.x86_64.rpm velociraptor-client-0.7.0.4.git152.fb24dfd-bp157.2.3.1.aarch64.rpm velociraptor-client-0.7.0.4.git152.fb24dfd-bp157.2.3.1.ppc64le.rpm velociraptor-client-0.7.0.4.git152.fb24dfd-bp157.2.3.1.s390x.rpm openSUSE-2025-235 moderate openSUSE Backports SLE-15-SP7 Update This update for openQA-devel-container fixes the following issues: - Update to version 5.1749650866.7a5a615c8: * Update to latest openQA version openQA-5.1749832158.cc746ea0-bp157.2.6.1.src.rpm openQA-5.1749832158.cc746ea0-bp157.2.6.1.x86_64.rpm openQA-auto-update-5.1749832158.cc746ea0-bp157.2.6.1.x86_64.rpm openQA-bootstrap-5.1749832158.cc746ea0-bp157.2.6.1.x86_64.rpm openQA-client-5.1749832158.cc746ea0-bp157.2.6.1.x86_64.rpm openQA-common-5.1749832158.cc746ea0-bp157.2.6.1.x86_64.rpm openQA-continuous-update-5.1749832158.cc746ea0-bp157.2.6.1.x86_64.rpm openQA-devel-5.1749832158.cc746ea0-bp157.2.6.1.x86_64.rpm openQA-doc-5.1749832158.cc746ea0-bp157.2.6.1.x86_64.rpm openQA-local-db-5.1749832158.cc746ea0-bp157.2.6.1.x86_64.rpm openQA-munin-5.1749832158.cc746ea0-bp157.2.6.1.x86_64.rpm openQA-python-scripts-5.1749832158.cc746ea0-bp157.2.6.1.x86_64.rpm openQA-single-instance-5.1749832158.cc746ea0-bp157.2.6.1.x86_64.rpm openQA-single-instance-nginx-5.1749832158.cc746ea0-bp157.2.6.1.x86_64.rpm openQA-worker-5.1749832158.cc746ea0-bp157.2.6.1.x86_64.rpm openQA-client-test-5.1749832158.cc746ea0-bp157.2.6.1.src.rpm openQA-test-5.1749832158.cc746ea0-bp157.2.6.1.src.rpm openQA-worker-test-5.1749832158.cc746ea0-bp157.2.6.1.src.rpm openQA-5.1749832158.cc746ea0-bp157.2.6.1.aarch64.rpm openQA-auto-update-5.1749832158.cc746ea0-bp157.2.6.1.aarch64.rpm openQA-bootstrap-5.1749832158.cc746ea0-bp157.2.6.1.aarch64.rpm openQA-client-5.1749832158.cc746ea0-bp157.2.6.1.aarch64.rpm openQA-common-5.1749832158.cc746ea0-bp157.2.6.1.aarch64.rpm openQA-continuous-update-5.1749832158.cc746ea0-bp157.2.6.1.aarch64.rpm openQA-devel-5.1749832158.cc746ea0-bp157.2.6.1.aarch64.rpm openQA-doc-5.1749832158.cc746ea0-bp157.2.6.1.aarch64.rpm openQA-local-db-5.1749832158.cc746ea0-bp157.2.6.1.aarch64.rpm openQA-munin-5.1749832158.cc746ea0-bp157.2.6.1.aarch64.rpm openQA-python-scripts-5.1749832158.cc746ea0-bp157.2.6.1.aarch64.rpm openQA-single-instance-5.1749832158.cc746ea0-bp157.2.6.1.aarch64.rpm openQA-single-instance-nginx-5.1749832158.cc746ea0-bp157.2.6.1.aarch64.rpm openQA-worker-5.1749832158.cc746ea0-bp157.2.6.1.aarch64.rpm openQA-5.1749832158.cc746ea0-bp157.2.6.1.ppc64le.rpm openQA-auto-update-5.1749832158.cc746ea0-bp157.2.6.1.ppc64le.rpm openQA-bootstrap-5.1749832158.cc746ea0-bp157.2.6.1.ppc64le.rpm openQA-client-5.1749832158.cc746ea0-bp157.2.6.1.ppc64le.rpm openQA-common-5.1749832158.cc746ea0-bp157.2.6.1.ppc64le.rpm openQA-continuous-update-5.1749832158.cc746ea0-bp157.2.6.1.ppc64le.rpm openQA-devel-5.1749832158.cc746ea0-bp157.2.6.1.ppc64le.rpm openQA-doc-5.1749832158.cc746ea0-bp157.2.6.1.ppc64le.rpm openQA-local-db-5.1749832158.cc746ea0-bp157.2.6.1.ppc64le.rpm openQA-munin-5.1749832158.cc746ea0-bp157.2.6.1.ppc64le.rpm openQA-python-scripts-5.1749832158.cc746ea0-bp157.2.6.1.ppc64le.rpm openQA-single-instance-5.1749832158.cc746ea0-bp157.2.6.1.ppc64le.rpm openQA-single-instance-nginx-5.1749832158.cc746ea0-bp157.2.6.1.ppc64le.rpm openQA-worker-5.1749832158.cc746ea0-bp157.2.6.1.ppc64le.rpm openQA-5.1749832158.cc746ea0-bp157.2.6.1.s390x.rpm openQA-auto-update-5.1749832158.cc746ea0-bp157.2.6.1.s390x.rpm openQA-bootstrap-5.1749832158.cc746ea0-bp157.2.6.1.s390x.rpm openQA-client-5.1749832158.cc746ea0-bp157.2.6.1.s390x.rpm openQA-common-5.1749832158.cc746ea0-bp157.2.6.1.s390x.rpm openQA-continuous-update-5.1749832158.cc746ea0-bp157.2.6.1.s390x.rpm openQA-devel-5.1749832158.cc746ea0-bp157.2.6.1.s390x.rpm openQA-doc-5.1749832158.cc746ea0-bp157.2.6.1.s390x.rpm openQA-local-db-5.1749832158.cc746ea0-bp157.2.6.1.s390x.rpm openQA-munin-5.1749832158.cc746ea0-bp157.2.6.1.s390x.rpm openQA-python-scripts-5.1749832158.cc746ea0-bp157.2.6.1.s390x.rpm openQA-single-instance-5.1749832158.cc746ea0-bp157.2.6.1.s390x.rpm openQA-single-instance-nginx-5.1749832158.cc746ea0-bp157.2.6.1.s390x.rpm openQA-worker-5.1749832158.cc746ea0-bp157.2.6.1.s390x.rpm openSUSE-2025-220 moderate openSUSE Backports SLE-15-SP7 Update This update for libetebase fixes the following issues: Update to version 0.5.8: * CVE-2025-3416: Fixed rust openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242638) * Deps: run cargo update. libetebase-0.5.8-bp157.2.3.1.src.rpm libetebase-devel-0.5.8-bp157.2.3.1.x86_64.rpm libetebase0-0.5.8-bp157.2.3.1.x86_64.rpm libetebase-devel-0.5.8-bp157.2.3.1.i586.rpm libetebase0-0.5.8-bp157.2.3.1.i586.rpm libetebase-devel-0.5.8-bp157.2.3.1.aarch64.rpm libetebase0-0.5.8-bp157.2.3.1.aarch64.rpm libetebase-devel-0.5.8-bp157.2.3.1.ppc64le.rpm libetebase0-0.5.8-bp157.2.3.1.ppc64le.rpm libetebase-devel-0.5.8-bp157.2.3.1.s390x.rpm libetebase0-0.5.8-bp157.2.3.1.s390x.rpm openSUSE-2025-224 moderate openSUSE Backports SLE-15-SP7 Update This update for queue fixes the following issues: Version 1.2.0: - Ignore broken pipe error (e.g. when piping to head) Version 1.2.0: - Only use dark_grey if available Version 1.1.0: - Color scheduled and running entries differently - Enable multi column limiting - Add hint about config location Version 1.3.0: - Ignore broken pipe error (e.g. when piping to head) Version 1.2.0: - Only use dark_grey if available Version 1.1.0: - Color scheduled and running entries differently - Enable multi column limiting - Add hint about config location queue-1.3.0-bp157.2.3.1.noarch.rpm queue-1.3.0-bp157.2.3.1.src.rpm openSUSE-2025-232 important openSUSE Backports SLE-15-SP7 Update this update for chromium 138.0.7204.96 (stable released 2025-06-30) (boo#1245544) fixes the following issues: * cve-2025-6554: type confusion in v8 * CVE-2025-6555: Use after free in Animation * CVE-2025-6556: Insufficient policy enforcement in Loader * CVE-2025-6557: Insufficient data validation in DevTools chromedriver-138.0.7204.96-bp157.2.19.1.x86_64.rpm chromedriver-debuginfo-138.0.7204.96-bp157.2.19.1.x86_64.rpm chromium-138.0.7204.96-bp157.2.19.1.src.rpm chromium-138.0.7204.96-bp157.2.19.1.x86_64.rpm chromium-debuginfo-138.0.7204.96-bp157.2.19.1.x86_64.rpm gh-2.74.2-bp157.2.3.1.src.rpm gh-2.74.2-bp157.2.3.1.x86_64.rpm gh-bash-completion-2.74.2-bp157.2.3.1.noarch.rpm gh-debuginfo-2.74.2-bp157.2.3.1.x86_64.rpm gh-fish-completion-2.74.2-bp157.2.3.1.noarch.rpm gh-zsh-completion-2.74.2-bp157.2.3.1.noarch.rpm gn-0.20250520-bp157.2.3.1.src.rpm gn-0.20250520-bp157.2.3.1.x86_64.rpm gn-debuginfo-0.20250520-bp157.2.3.1.x86_64.rpm gn-debugsource-0.20250520-bp157.2.3.1.x86_64.rpm gh-2.74.2-bp157.2.3.1.i586.rpm gh-debuginfo-2.74.2-bp157.2.3.1.i586.rpm gn-0.20250520-bp157.2.3.1.i586.rpm gn-debuginfo-0.20250520-bp157.2.3.1.i586.rpm gn-debugsource-0.20250520-bp157.2.3.1.i586.rpm chromedriver-138.0.7204.96-bp157.2.19.1.aarch64.rpm chromedriver-debuginfo-138.0.7204.96-bp157.2.19.1.aarch64.rpm chromium-138.0.7204.96-bp157.2.19.1.aarch64.rpm chromium-debuginfo-138.0.7204.96-bp157.2.19.1.aarch64.rpm gh-2.74.2-bp157.2.3.1.aarch64.rpm gh-debuginfo-2.74.2-bp157.2.3.1.aarch64.rpm gn-0.20250520-bp157.2.3.1.aarch64.rpm gn-debuginfo-0.20250520-bp157.2.3.1.aarch64.rpm gn-debugsource-0.20250520-bp157.2.3.1.aarch64.rpm gh-2.74.2-bp157.2.3.1.ppc64le.rpm gh-debuginfo-2.74.2-bp157.2.3.1.ppc64le.rpm gn-0.20250520-bp157.2.3.1.ppc64le.rpm gn-debuginfo-0.20250520-bp157.2.3.1.ppc64le.rpm gn-debugsource-0.20250520-bp157.2.3.1.ppc64le.rpm gh-2.74.2-bp157.2.3.1.s390x.rpm gh-debuginfo-2.74.2-bp157.2.3.1.s390x.rpm gn-0.20250520-bp157.2.3.1.s390x.rpm gn-debuginfo-0.20250520-bp157.2.3.1.s390x.rpm gn-debugsource-0.20250520-bp157.2.3.1.s390x.rpm openSUSE-2025-228 moderate openSUSE Backports SLE-15-SP7 Update This update for gitea-tea fixes the following issues: - update to 0.10.1: * Update release ci * chore(deps): update crazy-max/ghaction-import-gpg action to v6 * fix(deps): update module github.com/urfave/cli/v3 to v3.3.8 - update to 0.10.0: * fix: support SSH remotes with non-standard ports * minor helper fixes * Bump Table Dep * Login via oauth2 flow * Feat: interactive issue edit command * Use flakes vs devbox * Fix helper panic * Add --note-file flag to read release notes from a file * Fix/Login Edit Use Editor Env * Gitea Actions support * Expose --labels option * Add git helper * Support auto detecting branch for PRs * context: move human readable note to stderr * Add repos rm/delete command * Release Asset Management * tea branches list/protect/unprotect * Add OTP and scopes to login * Initial CLI docs * Fix for go tools called from make * fix interactive login add * issues list can show filtered by owner/org instead of repo too * fix: non-standard ssh port URL's repo can't be recognized * updated dependencies gitea-tea-0.10.1-bp157.2.3.1.src.rpm gitea-tea-0.10.1-bp157.2.3.1.x86_64.rpm gitea-tea-bash-completion-0.10.1-bp157.2.3.1.noarch.rpm gitea-tea-zsh-completion-0.10.1-bp157.2.3.1.noarch.rpm gitea-tea-0.10.1-bp157.2.3.1.i586.rpm gitea-tea-0.10.1-bp157.2.3.1.aarch64.rpm gitea-tea-0.10.1-bp157.2.3.1.ppc64le.rpm gitea-tea-0.10.1-bp157.2.3.1.s390x.rpm openSUSE-2025-230 important openSUSE Backports SLE-15-SP7 Update This update for roundcubemail fixes the following issues: Update to 1.6.11: This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: * Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v. - CHANGELOG * Managesieve: Fix match-type selector (remove unsupported options) in delete header action (#9610) * Improve installer to fix confusion about disabling SMTP authentication (#9801) * Fix PHP warning in index.php (#9813) * OAuth: Fix/improve token refresh * Fix dark mode bug where wrong colors were used for blockquotes in HTML mail preview (#9820) * Fix HTML message preview if it contains floating tables (#9804) * Fix removing/expiring redis/memcache records when using a key prefix * Fix bug where a wrong SPECIAL-USE folder could have been detected, if there were more than one per-type (#9781) * Fix a default value and documentation of password_ldap_encodage option (#9658) * Remove mobile/floating Create button from the list in Settings > Folders (#9661) * Fix Delete and Empty buttons state while creating a folder (#9047) * Fix connecting to LDAP using ldapi:// URI (#8990) * Fix cursor position on "below the quote" reply in HTML mode (#8700) * Fix bug where attachments with content type of application/vnd.ms-tnef were not parsed (#7119) roundcubemail-1.6.11-bp157.2.3.1.noarch.rpm roundcubemail-1.6.11-bp157.2.3.1.src.rpm openSUSE-2025-231 important openSUSE Backports SLE-15-SP7 Update This update for sslh fixes the following issues: sslh was updated to 2.2.4: * Fix CVE-2025-46806 (boo#1243120) for "Misaligned Memory Accesses in `is_openvpn_protocol()`" * Fix CVE-2025-46807 (boo#1243122) for "File Descriptor Exhaustion in sslh-select and sslh-ev" * Fix potential parsing of undefined data in syslog probe (no CVE assigned) Update to 2.2.3: * Reverse older commit: version.h cannot be included without breaking the build (everything recompiles every time) and the release archive creation (which relies on git tags). Update to 2.2.2: * Fix potential vulnerability similar to CVE-2020-28935 Update to 2.2.1: * Fix compilation when libproxyprotocol is not present Update to 2.2.0: * Add a boolean setting "is_unix" for listen and protocol entries. This will use the 'host' setting as a path name to a socket file, and connections (listening or connecting) will be performed on Unix socket instead of Internet sockets. * Support HAProxy's proxyprotocol on the backend server side. * Lots of documentation about a new, simpler way to perform transparent proxying. * New "verbose" option that overrides all other verbose settings. Update to 2.1.3: * Landlock access fix Update to 2.1.2: * Fix inetd Update to 2.1.1: * Fix MacOS build error Update to 2.1.0: * Support for the Landlock LSM. After initial setup, sslh gives up all local file access rights. * Reintroduced --ssl as an alias to --tls. * Introduce autoconf to adapt to landlock presence. * Close connexion without error message if remote client forcefully closes connexion, for Windows. Update to 2.0.1: * New semver-compatible version number * New sslh-ev: this is functionaly equivalent to sslh-select (mono-process, only forks for specified protocols), but based on libev, which should make it scalable to large numbers of connections. * New log system: instead of –verbose with arbitrary levels, there are now several message classes. Each message class can be set to go to stderr, syslog, or both. Classes are documented in example.cfg. * UDP connections are now managed in a hash to avoid linear searches. The downside is that the number of UDP connections is a hard limit, configurable with the ‘udp_max_connections’, which defaults to 1024. Timeouts are managed with lists. * inetd merges stderr output to what is sent to the client, which is a security issue as it might give information to an attacker. When inetd is activated, stderr is forcibly closed. * New protocol-level option resolve_on_forward, requests that target names are resolved at each connection instead of at startup. Useful for dynamic DNS situations. sslh-2.2.4-bp157.2.3.1.src.rpm sslh-2.2.4-bp157.2.3.1.x86_64.rpm sslh-2.2.4-bp157.2.3.1.i586.rpm sslh-2.2.4-bp157.2.3.1.aarch64.rpm sslh-2.2.4-bp157.2.3.1.ppc64le.rpm sslh-2.2.4-bp157.2.3.1.s390x.rpm openSUSE-2025-237 moderate openSUSE Backports SLE-15-SP7 Update This update for mosquitto fixes the following issues: mosquitto was update to version 2.0.21: * Broker * Fix clients sending a RESERVED packet not being quickly disconnected. * Fix bind_interface producing an error when used with an interface that has an IPv6 link-local address and no other IPv6 addresses. * Fix mismatched wrapped/unwrapped memory alloc/free in properties. * Fix allow_anonymous false not being applied in local only mode. * Add retain_expiry_interval option to fix expired retained message not being removed from memory if they are not subscribed to. * Produce an error if invalid combinations of cafile/capath/certfile/keyfile are used. * Backport keepalive checking from develop to fix problems in current implementation. * Client library * Fix potential deadlock in mosquitto_sub if -W is used. * Apps * mosquitto_ctrl dynsec now also allows -i to specify a clientid as well as -c. This matches the documentation which states -i. - systemd service: Wait till the network got setup to avoid startup failure. - Update to version 2.0.19 (CVE-2024-3935 boo#1232635, CVE-2024-10525 boo#1232636): libmosquitto1-2.0.21-bp157.2.3.1.x86_64.rpm libmosquittopp1-2.0.21-bp157.2.3.1.x86_64.rpm mosquitto-2.0.21-bp157.2.3.1.src.rpm mosquitto-2.0.21-bp157.2.3.1.x86_64.rpm mosquitto-clients-2.0.21-bp157.2.3.1.x86_64.rpm mosquitto-devel-2.0.21-bp157.2.3.1.x86_64.rpm libmosquitto1-2.0.21-bp157.2.3.1.aarch64.rpm libmosquittopp1-2.0.21-bp157.2.3.1.aarch64.rpm mosquitto-2.0.21-bp157.2.3.1.aarch64.rpm mosquitto-clients-2.0.21-bp157.2.3.1.aarch64.rpm mosquitto-devel-2.0.21-bp157.2.3.1.aarch64.rpm libmosquitto1-2.0.21-bp157.2.3.1.ppc64le.rpm libmosquittopp1-2.0.21-bp157.2.3.1.ppc64le.rpm mosquitto-2.0.21-bp157.2.3.1.ppc64le.rpm mosquitto-clients-2.0.21-bp157.2.3.1.ppc64le.rpm mosquitto-devel-2.0.21-bp157.2.3.1.ppc64le.rpm libmosquitto1-2.0.21-bp157.2.3.1.s390x.rpm libmosquittopp1-2.0.21-bp157.2.3.1.s390x.rpm mosquitto-2.0.21-bp157.2.3.1.s390x.rpm mosquitto-clients-2.0.21-bp157.2.3.1.s390x.rpm mosquitto-devel-2.0.21-bp157.2.3.1.s390x.rpm openSUSE-2025-241 moderate openSUSE Backports SLE-15-SP7 Update This update for spdlog fixes the following issues: - CVE-2025-6140: Fixed input manipulation that may lead to resource consumption (boo#1244696) libspdlog1_11-1.11.0-bp157.2.3.1.x86_64.rpm spdlog-1.11.0-bp157.2.3.1.src.rpm spdlog-devel-1.11.0-bp157.2.3.1.x86_64.rpm libspdlog1_11-1.11.0-bp157.2.3.1.aarch64.rpm libspdlog1_11-64bit-1.11.0-bp157.2.3.1.aarch64_ilp32.rpm spdlog-devel-1.11.0-bp157.2.3.1.aarch64.rpm libspdlog1_11-1.11.0-bp157.2.3.1.ppc64le.rpm spdlog-devel-1.11.0-bp157.2.3.1.ppc64le.rpm libspdlog1_11-1.11.0-bp157.2.3.1.s390x.rpm spdlog-devel-1.11.0-bp157.2.3.1.s390x.rpm openSUSE-2025-247 moderate openSUSE Backports SLE-15-SP7 Update This update for sassist fixes the following issues: Update to 0.8.7 * sos and supportconfig fixes. * documentation updates. * update the revision in _service file sassist-0.8.7-bp157.2.3.1.noarch.rpm sassist-0.8.7-bp157.2.3.1.src.rpm openSUSE-2025-243 important openSUSE Backports SLE-15-SP7 Update This update for chmlib fixes the following issues: - CVE-2025-48172: Fixed integer overflow in _chm_decompress_block of chm_lib.c, that could lead to heap buffer overflow (boo#1245803). chmlib-0.40-bp157.2.3.1.src.rpm chmlib-devel-0.40-bp157.2.3.1.x86_64.rpm chmlib-examples-0.40-bp157.2.3.1.x86_64.rpm libchm0-0.40-bp157.2.3.1.x86_64.rpm chmlib-devel-0.40-bp157.2.3.1.i586.rpm chmlib-devel-32bit-0.40-bp157.2.3.1.x86_64.rpm chmlib-examples-0.40-bp157.2.3.1.i586.rpm libchm0-0.40-bp157.2.3.1.i586.rpm libchm0-32bit-0.40-bp157.2.3.1.x86_64.rpm chmlib-devel-0.40-bp157.2.3.1.aarch64.rpm chmlib-devel-64bit-0.40-bp157.2.3.1.aarch64_ilp32.rpm chmlib-examples-0.40-bp157.2.3.1.aarch64.rpm libchm0-0.40-bp157.2.3.1.aarch64.rpm libchm0-64bit-0.40-bp157.2.3.1.aarch64_ilp32.rpm chmlib-devel-0.40-bp157.2.3.1.ppc64le.rpm chmlib-examples-0.40-bp157.2.3.1.ppc64le.rpm libchm0-0.40-bp157.2.3.1.ppc64le.rpm chmlib-devel-0.40-bp157.2.3.1.s390x.rpm chmlib-examples-0.40-bp157.2.3.1.s390x.rpm libchm0-0.40-bp157.2.3.1.s390x.rpm openSUSE-2025-250 important openSUSE Backports SLE-15-SP7 Update This update for pdns-recursor fixes the following issues: - update to 5.1.3: * Implement rfc6303 special zones (mostly v6 reverse mappings) * Distinguish OS imposed limits from app imposed limits, specifically on chains. - update to 5.1.2 (boo#1231292 CVE-2024-25590) https://doc.powerdns.com/recursor/changelog/5.1.html#change-5.1.2 - update to 5.1.1 https://doc.powerdns.com/recursor/changelog/5.1.html#change-5.1.1 https://doc.powerdns.com/recursor/changelog/5.0.html#change-5.0.8 - update to 5.0.5: * Do not count RRSIGs using unsupported algorithms toward RRSIGs limit * Correctly count NSEC3s considered when chasing the closest encloser. * Let NetmaskGroup parse dont-throttle-netmasks, allowing negations. * Fix types of two YAML settings (incoming.edns_padding_from, incoming.proxy_protocol_from) that should be sequences of subnets * Fix trace=fail regression and add regression test for it pdns-recursor-5.1.3-bp157.2.3.1.src.rpm pdns-recursor-5.1.3-bp157.2.3.1.x86_64.rpm pdns-recursor-5.1.3-bp157.2.3.1.aarch64.rpm pdns-recursor-5.1.3-bp157.2.3.1.ppc64le.rpm openSUSE-2025-254 moderate openSUSE Backports SLE-15-SP7 Update This update for icecast fixes the following issues: - Fix logrotate configuration to set the proper owner (boo#1245967); also dropping the corresponding rpmlintrc entry - Provide user/group symbol for user created during pre. icecast-2.4.4-bp157.2.3.1.src.rpm icecast-2.4.4-bp157.2.3.1.x86_64.rpm icecast-doc-2.4.4-bp157.2.3.1.noarch.rpm icecast-2.4.4-bp157.2.3.1.i586.rpm icecast-2.4.4-bp157.2.3.1.aarch64.rpm icecast-2.4.4-bp157.2.3.1.ppc64le.rpm icecast-2.4.4-bp157.2.3.1.s390x.rpm openSUSE-2025-257 moderate openSUSE Backports SLE-15-SP7 Update This update for munin fixes the following issues: - Let munin-node use its own log and run sub-directory to avoid privilege escalation (boo#1246089) - Drop dependency on fast-cgi which was replaced in 2.0.x by munin-httpd https://guide.munin-monitoring.org/en/latest/reference/munin-httpd.html - Add /srv/www directories to filelist [boo#1231027] - Fix dependenices: the FastCGI perl module is called FCGI. - remove package name based perl requires - remove dependency on /usr/bin/python3 using %python3_fix_shebang_path macro, [boo#1212476] - Provide user(munin) and group(munin): the user and group are created during in the pre script. - Use IO::Socket::IP instead of IO::Socket::INET[6] * Remove the dependency on perl(IO::Socket::INET6) as it has been deprecated by upstream, is no longer suitable for use and its not being maintained. A compatible replacement for this package is perl(IO::Socket::IP) which is shipped by the perl-base package. * Upstream commit back-ported: https://github.com/munin-monitoring/munin/commit/012b33a7 * Add upstream munin-remove-deprecated-INET6.patch - Drop manual requires for python (boo#1210588) munin-2.0.72-bp157.2.3.1.noarch.rpm munin-2.0.72-bp157.2.3.1.src.rpm munin-node-2.0.72-bp157.2.3.1.noarch.rpm openSUSE-2025-259 moderate openSUSE Backports SLE-15-SP7 Update This update for git-credential-oauth fixes the following issues: Introduce version 0.15.0: git-credential-oauth-0.15.0-bp157.2.1.src.rpm git-credential-oauth-0.15.0-bp157.2.1.x86_64.rpm git-credential-oauth-0.15.0-bp157.2.1.i586.rpm git-credential-oauth-0.15.0-bp157.2.1.aarch64.rpm git-credential-oauth-0.15.0-bp157.2.1.ppc64le.rpm git-credential-oauth-0.15.0-bp157.2.1.s390x.rpm openSUSE-2025-261 moderate openSUSE Backports SLE-15-SP7 Update This update for chafa fixes the following issues: - Update to 1.16.1: * Bug fixes: #282 Fish completion not included in release tarball #283 Piping and redirection are broken in Windows - Update to 1.16.0: * Added terminal probing. Currently we can determine geometry, colors and sixel capabilities this way. This supplements the existing heuristics. * The internal terminal database and heuristics were refactored for clarity, with new API added to simplify the configuration process. * I/O is now threaded, resulting in improved responsiveness and pipelining. * New option: --grid=WxH, --grid=[auto|on|off] or -g. This lays out multiple images in a grid for easy browsing. * New option: --label=[on|off] or -l. Labels each image with its filename. Works in both continuous and grid layouts. * New option: --probe=[auto|on|off]. Controls whether to actively probe the terminal. Can take a real number denoting how long to wait for a response. * Sixel quality improved significantly. The quantizer was reimplemented with modern algorithms (#174), and blue noise dithering was introduced (#238). * The new blue noise dithering is also available in symbols mode, and can be turned on with --dither noise. It can be turned off with --dither none. * Numerous small improvements were made to sixel handling: + Terminal cursor placement quirks are now represented and handled. + Images can now cover their cell extents completely. + Workaround for animations "walking up the screen" on quirky terminals. * The JPEG XL loader was improved with optional memory mapping and better container support * Enabled wildcard expansion in Windows builds (#266). * Added completions for the fish shell and updated those for zsh. * Bug fixes: + #111 Provide auto detection of background for perception of transparency + #228 Sixel capability not detected in foot + tmux + #236 Ghostty shows pwd/lock indicator when using Chafa + #238 Sixel image quality significantly different from img2sixel and ImageMagick + #239 Chafa leaves echo on + #245 JPEG file not recognized + #246 Examples using deprecated functions + #249 Sixel detection doesn't set default values + #254 -t 1 doesn't work with -f iterm + #255 Animations scroll/walk up the screen + #265 Enable Kitty image protocol for Warp + #266 On Windows, in a cmd.exe window, filename wildcard expansion is broken + #273 -t 1 messes up some images + #274 -f {kitty,iterm} swaps BG color channels for SVG + #278 Images not always padded to cell boundary + [unfiled] Fix broken bashisms resulting in logic failure + [unfiled] Small leak in chafa_canvas_print_rows() + [unfiled] Uninitialized histogram in nearest-neighbor interp. - Update to 1.14.5: Fixes: * Improve sixel and general terminal support inside tmux * Support JPEGs with CMYK color space * Fix --font-ratio doing nothing * Ensure CLI tool gets linked with libm. - Update to 1.14.4: * Bug fixes: #216 Dither intensity does not work properly - Update to 1.14.3: * Sixel transparency has been reenabled for still frames. Animations will be pre-composited on an opaque background to prevent flicker/glitchiness (#211) * Now supports the Ghostty terminal, defaulting to the Kitty graphics protocol there. * Bug fixes: #185 Chafa version 1.14 breaks image preview on lf. #210 Crash with -f sixels. #211 Sixels are too small in Windows Terminal. #212 Aspect-preserving calculations are off in some cases. [unfiled] Inconsistent fraction parsing in CLI arguments. [unfiled] A few small memory leaks in the JPEG XL loader. - Update to 1.14.2: * #203 Chafa 1.14.1 fails to build on i686 * #205 Symbols mode not working since 1.14.1 * #206 Crash when importing more than 32767 glyphs * Fix erroneous base64 encoding of final byte in some circumstances - Update to 1.14.1: * A JPEG XL (.jxl) loader was added using libjxl (#188). * Added detection of the Eat "Emulate a Terminal" Emacs terminal. * Symbols mode was sped up significantly on AVX2-capable platforms. * Tests: A new test driver was added. It will log the specifics of any failures, which aids debugging of CI builds. * Bug fixes: #189 Fix installation of zsh completions. #190 Fix a small memory leak in ChafaCanvas. #192 Wrong sixel padding in some circumstances. #195 tmux passthrough enabled when already set. #196 iTerm mode not enabled automatically. - Enable optional image formats * jpeg * svg * tiff * webp - Update to 1.14.0: * Removed ImageMagick loader support. Packagers can now remove this dependency * Polite mode is now off by default. The new default eliminates cursor flicker and makes the output more robust against unusual terminal settings. The old behavior can be restored with --polite on. * Added image loaders for the AVIF and QOI formats. * sRGB gamma is now handled correctly in scaling operations. * New option: --passthrough=<auto|none|screen|tmux>. This allows passing graphics protocols like Sixels, iTerm and Kitty through a terminal multiplexer. It will be enabled automatically for Kitty, and can be enabled manually for other protocols with more limited support * New option: --view-size=<WxH>. Specifies width and height of the viewport, overriding the detected terminal size * New option: --fit-width. Fits images to the width of the viewport, allowing them to be taller than the viewport's height * New option: --relative=<bool>. Enables relative cursor positioning. Useful if you've pre-positioned the cursor at a particular offset where you want frames to appear, but tends to make the output illegible in pagers, e.g. less -R * New option: --exact-size=<auto|on|off>. Preserves the input pixel size when possible. Useful to avoid artifacts caused by resampling * New symbol selector: imported. This selects glyphs loaded with --glyph-file * Fontgen: Added a BDF font writer * Fontgen: Cleanup and modernization * The help text and manual page were overhauled for readability, and the API documentation now includes symbol indexes by version and deprecation status. * Added a zsh completion script * Fix "unknown file format" when using AVIF on stdin * Fix broken linking with libwebp-1.3.1 * Fix make check with --without-tools * Fix --duration not working well with still images * Fix sixel rendering of animations * Fix operator precedence in geometry calculation chafa-1.16.1-bp157.2.3.1.src.rpm chafa-1.16.1-bp157.2.3.1.x86_64.rpm chafa-devel-1.16.1-bp157.2.3.1.x86_64.rpm chafa-doc-1.16.1-bp157.2.3.1.noarch.rpm libchafa0-1.16.1-bp157.2.3.1.x86_64.rpm chafa-1.16.1-bp157.2.3.1.i586.rpm chafa-devel-1.16.1-bp157.2.3.1.i586.rpm libchafa0-1.16.1-bp157.2.3.1.i586.rpm chafa-1.16.1-bp157.2.3.1.aarch64.rpm chafa-devel-1.16.1-bp157.2.3.1.aarch64.rpm libchafa0-1.16.1-bp157.2.3.1.aarch64.rpm chafa-1.16.1-bp157.2.3.1.ppc64le.rpm chafa-devel-1.16.1-bp157.2.3.1.ppc64le.rpm libchafa0-1.16.1-bp157.2.3.1.ppc64le.rpm chafa-1.16.1-bp157.2.3.1.s390x.rpm chafa-devel-1.16.1-bp157.2.3.1.s390x.rpm libchafa0-1.16.1-bp157.2.3.1.s390x.rpm openSUSE-2025-256 low openSUSE Backports SLE-15-SP7 Update This update for tinyproxy fixes the following issues: - Add userswitching to logrotate snippet [boo#1246092] - Replace sysvinit call in logrotate snippet by systemctl tinyproxy-1.11.2-bp157.2.3.1.src.rpm tinyproxy-1.11.2-bp157.2.3.1.x86_64.rpm tinyproxy-1.11.2-bp157.2.3.1.i586.rpm tinyproxy-1.11.2-bp157.2.3.1.aarch64.rpm tinyproxy-1.11.2-bp157.2.3.1.ppc64le.rpm tinyproxy-1.11.2-bp157.2.3.1.s390x.rpm openSUSE-2025-267 important openSUSE Backports SLE-15-SP7 Update This update for chromium fixes the following issues: - Chromium 138.0.7204.157 (boo#1246558): * CVE-2025-7656: Integer overflow in V8 * CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and GPU * CVE-2025-7657: Use after free in WebRTC - Chromium 138.0.7204.100: * tweaks to the Google services settings page chromedriver-138.0.7204.157-bp157.2.22.1.x86_64.rpm chromium-138.0.7204.157-bp157.2.22.1.src.rpm chromium-138.0.7204.157-bp157.2.22.1.x86_64.rpm chromedriver-138.0.7204.157-bp157.2.22.1.aarch64.rpm chromium-138.0.7204.157-bp157.2.22.1.aarch64.rpm openSUSE-2025-269 moderate openSUSE Backports SLE-15-SP7 Update This update for python3-pycares fixes the following issues: - CVE-2025-48945: Fixed a use-after-free in the Channel object garbage collection (boo#1244691) python3-pycares-3.1.1-bp157.2.3.1.src.rpm python3-pycares-3.1.1-bp157.2.3.1.x86_64.rpm python3-pycares-3.1.1-bp157.2.3.1.i586.rpm python3-pycares-3.1.1-bp157.2.3.1.aarch64.rpm python3-pycares-3.1.1-bp157.2.3.1.ppc64le.rpm python3-pycares-3.1.1-bp157.2.3.1.s390x.rpm openSUSE-2025-270 moderate openSUSE Backports SLE-15-SP7 Update This update for xtrabackup fixes the following issues: - CVE-2025-5916: Prevented signed integer overflow while reading warcfile (boo#1244383). - CVE-2025-5917: Fixed overflow in build_ustar_entry_name() (boo#1244333). - CVE-2025-5914: Fixed double free due to an integer overflow (boo#1244389). xtrabackup-2.4.26-bp157.2.3.1.src.rpm xtrabackup-2.4.26-bp157.2.3.1.x86_64.rpm xtrabackup-test-2.4.26-bp157.2.3.1.x86_64.rpm xtrabackup-2.4.26-bp157.2.3.1.i586.rpm xtrabackup-test-2.4.26-bp157.2.3.1.i586.rpm xtrabackup-2.4.26-bp157.2.3.1.aarch64.rpm xtrabackup-test-2.4.26-bp157.2.3.1.aarch64.rpm xtrabackup-2.4.26-bp157.2.3.1.ppc64le.rpm xtrabackup-test-2.4.26-bp157.2.3.1.ppc64le.rpm xtrabackup-2.4.26-bp157.2.3.1.s390x.rpm xtrabackup-test-2.4.26-bp157.2.3.1.s390x.rpm openSUSE-2025-273 important openSUSE Backports SLE-15-SP7 Update This security update to chromium 138.0.7204.168 boo#1246902 * CVE-2025-8010: Type Confusion in V8 * CVE-2025-8011: Type Confusion in V8 * Various fixes from internal audits, fuzzing and other initiatives chromedriver-138.0.7204.168-bp157.2.25.1.x86_64.rpm chromedriver-debuginfo-138.0.7204.168-bp157.2.25.1.x86_64.rpm chromium-138.0.7204.168-bp157.2.25.1.src.rpm chromium-138.0.7204.168-bp157.2.25.1.x86_64.rpm chromium-debuginfo-138.0.7204.168-bp157.2.25.1.x86_64.rpm chromedriver-138.0.7204.168-bp157.2.25.1.aarch64.rpm chromedriver-debuginfo-138.0.7204.168-bp157.2.25.1.aarch64.rpm chromium-138.0.7204.168-bp157.2.25.1.aarch64.rpm chromium-debuginfo-138.0.7204.168-bp157.2.25.1.aarch64.rpm openSUSE-2025-276 moderate openSUSE Backports SLE-15-SP7 Update This update for gitea-tea fixes the following issues: - Fix argument parsing. gitea-tea-0.10.1-bp157.2.6.1.src.rpm gitea-tea-0.10.1-bp157.2.6.1.x86_64.rpm gitea-tea-bash-completion-0.10.1-bp157.2.6.1.noarch.rpm gitea-tea-zsh-completion-0.10.1-bp157.2.6.1.noarch.rpm gitea-tea-0.10.1-bp157.2.6.1.i586.rpm gitea-tea-0.10.1-bp157.2.6.1.aarch64.rpm gitea-tea-0.10.1-bp157.2.6.1.ppc64le.rpm gitea-tea-0.10.1-bp157.2.6.1.s390x.rpm openSUSE-2025-277 important openSUSE Backports SLE-15-SP7 Update This update for chromium fixes the following issues: Chromium 138.0.7204.183 (boo#1247365): - CVE-2025-8292: Use after free in Media Stream chromedriver-138.0.7204.183-bp157.2.28.1.x86_64.rpm chromium-138.0.7204.183-bp157.2.28.1.src.rpm chromium-138.0.7204.183-bp157.2.28.1.x86_64.rpm chromedriver-138.0.7204.183-bp157.2.28.1.aarch64.rpm chromium-138.0.7204.183-bp157.2.28.1.aarch64.rpm openSUSE-2025-278 important openSUSE Backports SLE-15-SP7 Update This update for kmozillahelper fixes the following issue: - Drop the requirement on mozilla-kde4-version. It's only provided by old versions of MozillaFirefox and MozillaThunderbird, which we don't want to pull in (boo#1247369) kmozillahelper-5.0.6-bp157.2.3.1.src.rpm kmozillahelper-5.0.6-bp157.2.3.1.x86_64.rpm kmozillahelper-5.0.6-bp157.2.3.1.i586.rpm kmozillahelper-5.0.6-bp157.2.3.1.aarch64.rpm kmozillahelper-5.0.6-bp157.2.3.1.ppc64le.rpm kmozillahelper-5.0.6-bp157.2.3.1.s390x.rpm openSUSE-2025-281 moderate openSUSE Backports SLE-15-SP7 Update This update for kanidm fixes the following issues: - Update to version 1.7.0~git0.621ac7be0: * Release 1.7.0 * Fix a couple of commands in the OAuth2 Proxy examples (#3758) - Update to version 1.7.0-pre~git0.7d9da9dc8: * Release 1.7.0-pre * 20250729 pre release (#3756) * Helps to enable features like defer spans (#3755) * Downgrade notify-debouncer (#3747) * Reduce memory usage on unixd (#3754) * Bump the all group with 4 updates (#3753) * 20250723 application passwords again (#3748) * Docs oauth2 examples (#3750) * Groups WebUI, modify description (#3734) * Improve replication logging (#3746) * 20250711 type migrations (#3741) * Bump the all group with 3 updates (#3743) * Use constants for /etc/shadow and related paths (#3740) * fix: don't show people's whole tokens in debugs (#3742) * Updates to makefile (#3736) * Add a new paragraph in the installation quickstart for installing required client tools, and clarify the client tool setup paragraph (#3735) * Bump the all group with 4 updates (#3737) * Add ppc64le support for docker images (#3733) * Basic interface to get and regenerate the RADIUS password (#3728) * book: fix command example in pam_and_nsswitch.md (#3732) * fix docgen (#3731) * Fix for Failed to deserialize query: missing field 'state' (#3726) * Add user facing SCIM pagination / sorting (#3725) * Admin UI Group name modification (#3717) * fix typo in documentation: tls_path to tls_key (#3727) * Pre-validate and extract UAT into ClientAuthInfo (#3714) * Security policy updates (re: #3719) (#3722) * Fix using wrong template when setting POSIX password (#3719) (#3720) * Resolve startup failure with client TLS certificates (#3712) * Bump the all group with 2 updates (#3718) * Simple group list (#3713) * Update repos (#3711) * 20250621 application passwords (#3700) * Update docs, doc fmt (#3710) * Apply review feedback * Correctly log connection information * Refactor middleware/extractors * [htmx] basic profile updating (#2994) * Correct 389DS command (#3707) * Schema again (#3706) * examples: small grammar fix (#3705) * Clippy (#3702) * 20250627 update hsm crypto (#3701) * Update 389 content sync instructions (#3699) * Corrections to radius examples (#3697) * fix: wording (#3696) * Update radius.md (Explain: NAS == Network Access Server) (#3691) * updating docs around packages (#3695) * 20250618 rustls (#3687) * fix: error message that wasn't an error (#3690) * Only generate passwords on service accounts (#3688) * Add hmac 256 for cryptography operations (#3663) * Update Nextcloud example (#3683) * Bump the all group with 8 updates (#3684) * Allow deferring spans in unixd (#3680) * OpenSUSE build fix (#3681) * Dark mode improvements (#3660) * Add port examples for server.toml (#3679) * Fix SCIM filter parser for quoted values with spaces and escaped quotes (#3673) * fix: strip comments from UNIX files before parsing (#3674) * Bump the all group across 1 directory with 11 updates (#3675) * Start to implement SCIM apis (#3535) * Fix healthcheck to use ENV for config path (#3656) * maint: rewrite crypto Password::try_from (#3637) * doc(book): Add option to Nextcloud Oauth2.0 example (#3654) * Bump the all group with 4 updates (#3655) * Make it clearer that the http address section is needed (#3652) * TODO trimming (#3641) * Investigate and reduce memory consumption of unixd (#3645) * Swap bytes mut at buffer limits (#3651) * Clippy for 1.87 (#3644) * fix: Improve unixd & unixd-tasks startup coupling (#3638) * Bump the all group with 2 updates (#3648) * reload schema before verify (#3643) * Defend against split_at panic (#3636) * Fix minor issue with untagged version handling (#3634) * Move shadow processing out of task event loop (#3631) * Dont specify config path in container (#3630) * Accept SSHA with different salt lengths (#3629) * Bye poetry, hi uv for python things (#3627) * Resolve flaw with ssh key parse if the key has no comment (#3628) * Indicate that this is an ip list, not a range (#3626) * Test for corrupted unicode in SSH keys, keep the key title on error/resubmit (#3618) * Reduce replication logging verbosity * Bump the all group across 1 directory with 7 updates (#3623) * Bump the all group in /pykanidm with 2 updates (#3621) * cargo publish (#3613) * fix: clippy * maint: typo in log message * Set kid manually to prevent divergence * Order keys in application JWKS / Fix rotation bug * Fix toml issues with strings * OAuth2 Client ID's should be processed as lowercase (#3605) * Resolve reload of oauth2 on startup (#3604) * Bump petgraph from 0.7.1 to 0.8.1 in the all group (#3595) * Bump the all group in /pykanidm with 2 updates (#3596) * Avoid openssl for md4 (#3594) * Fixes #3586, inverts the navbar button color (#3593) * Update to 1.7.0-dev (#3592) kanidm-1.7.0~git0.621ac7be0-bp157.2.6.1.src.rpm kanidm-1.7.0~git0.621ac7be0-bp157.2.6.1.x86_64.rpm kanidm-clients-1.7.0~git0.621ac7be0-bp157.2.6.1.x86_64.rpm kanidm-docs-1.7.0~git0.621ac7be0-bp157.2.6.1.x86_64.rpm kanidm-server-1.7.0~git0.621ac7be0-bp157.2.6.1.x86_64.rpm kanidm-unixd-clients-1.7.0~git0.621ac7be0-bp157.2.6.1.x86_64.rpm kanidm-1.7.0~git0.621ac7be0-bp157.2.6.1.aarch64.rpm kanidm-clients-1.7.0~git0.621ac7be0-bp157.2.6.1.aarch64.rpm kanidm-docs-1.7.0~git0.621ac7be0-bp157.2.6.1.aarch64.rpm kanidm-server-1.7.0~git0.621ac7be0-bp157.2.6.1.aarch64.rpm kanidm-unixd-clients-1.7.0~git0.621ac7be0-bp157.2.6.1.aarch64.rpm openSUSE-2025-282 moderate openSUSE Backports SLE-15-SP7 Update This update for exim fixes the following issues: Exim is shipped in release 4.98.2. exim-4.98.2-bp157.2.1.src.rpm exim-4.98.2-bp157.2.1.x86_64.rpm eximon-4.98.2-bp157.2.1.x86_64.rpm eximstats-html-4.98.2-bp157.2.1.x86_64.rpm exim-4.98.2-bp157.2.1.aarch64.rpm eximon-4.98.2-bp157.2.1.aarch64.rpm eximstats-html-4.98.2-bp157.2.1.aarch64.rpm exim-4.98.2-bp157.2.1.ppc64le.rpm eximon-4.98.2-bp157.2.1.ppc64le.rpm eximstats-html-4.98.2-bp157.2.1.ppc64le.rpm exim-4.98.2-bp157.2.1.s390x.rpm eximon-4.98.2-bp157.2.1.s390x.rpm eximstats-html-4.98.2-bp157.2.1.s390x.rpm openSUSE-2025-288 moderate openSUSE Backports SLE-15-SP7 Update This update for kubo fixes the following issues: - 0.35.0 * Opt-in HTTP Retrieval client * Dedicated Reprovider.Strategy for MFS * Experimental support for MFS as a FUSE mount point * Grid view in WebUI * Enhanced DAG-Shaping Controls * Datastore Metrics Now Opt-In * Improved performance of data onboarding * Optimized, dedicated queue for providing fresh CIDs * New Provider configuration options * Deprecated ipfs stats provider * New Bitswap configuration options * Bitswap.Libp2pEnabled * Bitswap.ServerEnabled * Internal.Bitswap.ProviderSearchMaxResults * New Routing configuration options * Routing.IgnoreProviders * Routing.DelegatedRouters * New Pebble database format config * New environment variables * Improved Log Output Setting * New Repo Lock Optional Wait * Updated golang.org/x/net to 0.40.0 (boo#1241776, CVE-2025-22872) - Update to 0.34.1 - for details see * https://github.com/ipfs/kubo/releases/tag/v0.34.1 * Dependency updates - Update to 0.34.0 - for details see * https://github.com/ipfs/kubo/releases/tag/v0.34.0 * AutoTLS now enabled by default for nodes with 1 hour uptime * New WebUI features: CAR file import and QR code sharing * RPC and CLI command changes ~ ipfs config is now validating json fields ~ Deprecated the bitswap reprovide command ~ The stats reprovide command now shows additional stats ~ ipfs files cp now performs basic codec check * Bitswap improvements from Boxo * IPNS publishing TTL change ~ we've lowered the default IPNS Record TTL during publishing to 5 minutes * IPFS_LOG_LEVEL deprecated * Pebble datastore format update * Badger datastore update * Datastore Implementation Updates * Datastore Implementation Updates * Fix hanging pinset operations during reprovides * Important dependency updates - Update to 0.33.1 - for details see * https://github.com/ipfs/kubo/releases/tag/v0.33.1 * Bitswap improvements from Boxo * Improved IPNS interop - Update to 0.33.0 - for details see * https://github.com/ipfs/kubo/releases/tag/v0.33.0 * Shared TCP listeners: Kubo now supports sharing the same TCP port (4001 by default) by both raw TCP and WebSockets libp2p transports. * AutoTLS takes care of Secure WebSockets setup: It is no longer necessary to manually add /tcp/../ws listeners to Addresses.Swarm when AutoTLS.Enabled is set to true. Kubo will detect if /ws listener is missing and add one on the same port as pre-existing TCP (e.g. /tcp/4001), removing the need for any extra configuration. * Bitswap improvements from Boxo * Using default libp2p_rcmgr metrics: Bespoke rcmgr metrics were removed, Kubo now exposes only the default libp2p_rcmgr metrics from go-libp2p. * Flatfs does not sync on each write: New repositories initialized with flatfs in Datastore.Spec will have sync set to false. * ipfs add --to-files no longer works with --wrap * ipfs --api supports HTTPS RPC endpoints * New options for faster writes: WriteThrough, BlockKeyCacheSize, BatchMaxNodes, BatchMaxSize * MFS stability with large number of writes * New DoH resolvers for non-ICANN DNSLinks: .eth and .crypto * Reliability improvements to the WebRTC Direct listener * Fix: Escape Redirect URL for Directory kubo-0.35.0-bp157.2.3.1.src.rpm kubo-0.35.0-bp157.2.3.1.x86_64.rpm kubo-0.35.0-bp157.2.3.1.i586.rpm kubo-0.35.0-bp157.2.3.1.aarch64.rpm kubo-0.35.0-bp157.2.3.1.ppc64le.rpm kubo-0.35.0-bp157.2.3.1.s390x.rpm openSUSE-2025-286 important openSUSE Backports SLE-15-SP7 Update Chromium was updated to fix: - CVE-2025-54874 fix missing error check in openjpeg (bsc#1247661) Chromium 139.0.7258.66 (boo#1247664): * CVE-2025-8576: Use after free in Extensions * CVE-2025-8577: Inappropriate implementation in Picture In Picture * CVE-2025-8578: Use after free in Cast * CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome * CVE-2025-8580: Inappropriate implementation in Filesystems * CVE-2025-8581: Inappropriate implementation in Extensions * CVE-2025-8582: Insufficient validation of untrusted input in DOM * CVE-2025-8583: Inappropriate implementation in Permissions chromedriver-139.0.7258.66-bp157.2.31.1.x86_64.rpm chromium-139.0.7258.66-bp157.2.31.1.src.rpm chromium-139.0.7258.66-bp157.2.31.1.x86_64.rpm chromedriver-139.0.7258.66-bp157.2.31.1.aarch64.rpm chromium-139.0.7258.66-bp157.2.31.1.aarch64.rpm openSUSE-2025-290 moderate openSUSE Backports SLE-15-SP7 Update This update for kanidm fixes the following issues: Update to version 1.7.1~git0.130a31d29: * Release 1.7.1 * Update tracing-forest * Handle SEC1 private key (#3761) kanidm-1.7.1~git0.130a31d29-bp157.2.9.1.src.rpm kanidm-1.7.1~git0.130a31d29-bp157.2.9.1.x86_64.rpm kanidm-clients-1.7.1~git0.130a31d29-bp157.2.9.1.x86_64.rpm kanidm-docs-1.7.1~git0.130a31d29-bp157.2.9.1.x86_64.rpm kanidm-server-1.7.1~git0.130a31d29-bp157.2.9.1.x86_64.rpm kanidm-unixd-clients-1.7.1~git0.130a31d29-bp157.2.9.1.x86_64.rpm kanidm-1.7.1~git0.130a31d29-bp157.2.9.1.aarch64.rpm kanidm-clients-1.7.1~git0.130a31d29-bp157.2.9.1.aarch64.rpm kanidm-docs-1.7.1~git0.130a31d29-bp157.2.9.1.aarch64.rpm kanidm-server-1.7.1~git0.130a31d29-bp157.2.9.1.aarch64.rpm kanidm-unixd-clients-1.7.1~git0.130a31d29-bp157.2.9.1.aarch64.rpm openSUSE-2025-294 moderate openSUSE Backports SLE-15-SP7 Update This update for python-CppHeaderParser fixes the following issues: - Initial version CppHeaderParser 2.7.4 (PED#13362, PED#13381). python-CppHeaderParser-2.7.4-bp157.2.1.src.rpm python3-CppHeaderParser-2.7.4-bp157.2.1.noarch.rpm openSUSE-2025-293 moderate openSUSE Backports SLE-15-SP7 Update This update for chromium fixes the following issues: - install libffmpeg.so if using the bundled one and block the extra dependency chromedriver-139.0.7258.66-bp157.2.34.1.x86_64.rpm chromium-139.0.7258.66-bp157.2.34.1.src.rpm chromium-139.0.7258.66-bp157.2.34.1.x86_64.rpm chromedriver-139.0.7258.66-bp157.2.34.1.aarch64.rpm chromium-139.0.7258.66-bp157.2.34.1.aarch64.rpm openSUSE-2025-298 moderate openSUSE Backports SLE-15-SP7 Update This update for virtme fixes the following issues: Update to 1.37: The most interesting feature in this new version is the initial support for systemd. Until now, virtme-ng didn't support systemd because it relied on a custom init system (virtme-ng-init) to speed up boot time. As a result, tests requiring systemd couldn't run inside the virtme-ng session. With the new --systemd option, virtme-ng can now (optionally) boot with systemd in the virtualized environment, enabling full systemd interaction during testing. virtme-1.37-bp157.2.6.1.noarch.rpm virtme-1.37-bp157.2.6.1.src.rpm openSUSE-2025-301 important openSUSE Backports SLE-15-SP7 Update This update for chromium fixes the following issues: Chromium 139.0.7258.127 (boo#1247981): * CVE-2025-8879: Heap buffer overflow in libaom * CVE-2025-8880: Race in V8 * CVE-2025-8901: Out of bounds write in ANGLE * CVE-2025-8881: Inappropriate implementation in File Picker * CVE-2025-8882: Use after free in Aura * Various fixes from internal audits, fuzzing and other initiatives chromedriver-139.0.7258.127-bp157.2.37.1.x86_64.rpm chromedriver-debuginfo-139.0.7258.127-bp157.2.37.1.x86_64.rpm chromium-139.0.7258.127-bp157.2.37.1.src.rpm chromium-139.0.7258.127-bp157.2.37.1.x86_64.rpm chromium-debuginfo-139.0.7258.127-bp157.2.37.1.x86_64.rpm chromedriver-139.0.7258.127-bp157.2.37.1.aarch64.rpm chromedriver-debuginfo-139.0.7258.127-bp157.2.37.1.aarch64.rpm chromium-139.0.7258.127-bp157.2.37.1.aarch64.rpm chromium-debuginfo-139.0.7258.127-bp157.2.37.1.aarch64.rpm chromedriver-139.0.7258.127-bp157.2.37.1.ppc64le.rpm chromedriver-debuginfo-139.0.7258.127-bp157.2.37.1.ppc64le.rpm chromium-139.0.7258.127-bp157.2.37.1.ppc64le.rpm chromium-debuginfo-139.0.7258.127-bp157.2.37.1.ppc64le.rpm openSUSE-2025-306 moderate openSUSE Backports SLE-15-SP7 Update This update for kanidm fixes the following issues: Update to version 1.7.2~git0.d331ea986: * Release 1.7.2 * Resolve replication show-cert issue (#3792) * Add json codec wrapper for unix integration (#3789) * Trying to clean up order of operations in kanidm_unixd_tasks (#3762) * Break-glass account disable command (#3780) * Make it clearer why the user can't login with unixd (#3778) * Improve argon2id parameter search speed (#3768) kanidm-1.7.2~git0.d331ea986-bp157.2.12.1.src.rpm kanidm-1.7.2~git0.d331ea986-bp157.2.12.1.x86_64.rpm kanidm-clients-1.7.2~git0.d331ea986-bp157.2.12.1.x86_64.rpm kanidm-docs-1.7.2~git0.d331ea986-bp157.2.12.1.x86_64.rpm kanidm-server-1.7.2~git0.d331ea986-bp157.2.12.1.x86_64.rpm kanidm-unixd-clients-1.7.2~git0.d331ea986-bp157.2.12.1.x86_64.rpm kanidm-1.7.2~git0.d331ea986-bp157.2.12.1.aarch64.rpm kanidm-clients-1.7.2~git0.d331ea986-bp157.2.12.1.aarch64.rpm kanidm-docs-1.7.2~git0.d331ea986-bp157.2.12.1.aarch64.rpm kanidm-server-1.7.2~git0.d331ea986-bp157.2.12.1.aarch64.rpm kanidm-unixd-clients-1.7.2~git0.d331ea986-bp157.2.12.1.aarch64.rpm openSUSE-2025-307 moderate openSUSE Backports SLE-15-SP7 Update This update for gh fixes the following issues: - Update to version 2.76.2: * Refactor tab completion test * Test `gh pr create --reviewer` tab completion * Include org teams for PR reviewers * docs(ci): delete obsolete comment - Update to version 2.76.1: * Updated third-party license compliance content * Add tests for reviewer team handling in PR creation * Refactor and improve RepoMetadata teams test * Refactor error assertion in Test_RepoMetadataTeams * FIX: conditionally fetching team reviewers * Add TeamReviewers flag to RepoMetadataInput * Update .github/workflows/scripts/spam-detection/generate-sys-prompt.sh * Use gh go templating for user prompt * Update eval script comments * Remove unnecessary file for heredoc * First pass to optimize and improve * Limit permissions of govulncheck workflow * Incorporate govulncheck into workflows * update ownership of pkg/cmd/release/shared/ * Run Lint and Tests on `push` to `trunk` branch * ci: echo spam detection result * ci: add `models: read` permission * ci: correct `sed` usage to remove Markdown front matter * docs: fix typo in script docs * ci: fix potentially confusing typo in system prompt * ci: use `issue.html_url` instead of `issue.url` * ci: remove unused env vars * ci: add spam issue detection workflow * ci: add spam issue detection scripts * chore(deps): bump github.com/sigstore/sigstore-go from 1.0.0 to 1.1.0 * chore(deps): bump advanced-security/filter-sarif from 1.0.0 to 1.0.1 * Improve `api` `--preview` docs * add tenancy aware for san matcher - Update to version 2.76.0: * Copilot Pro+ / Enterprise subscribers can now assign issues to Copilot during issue creation * Display immutable field in release view command * Do not fetch logs for skipped jobs * Transform extension and filename qualifiers into path qualifier for web code search - Update to version 2.75.0: * Quote Windows rsyso script global hook * test(search): verify `URL` returns quoted query * test(search): test pagination with multi-word quoted queries * fix(search): fix mutating query state fields * Add setup-go to bump-go * Update contribution design link * test(pr merge): always assert stderr * test(pr merge): verify `deleteRemoteBranch` behaviour when API returns error * fix(pr merge): ignore 404 as error when deleting remote branch * Ensure go mod tidy is run in bump-go * Inject token into bump-go workflow * Reformat gh run view help * docs(run view): explain restrictions of fallback API calls * test(run view): delete unused ZIP archive * refactor(run view): remove `Log` field from DTO types * test(run view): update tests * refactor(run view): use API as fallback to fetch job logs * test: add `BinaryResponse` helper function * Ensure bump go script has git user configured * Support --no-repos-selected on secret set * docs: consistently use apt in installation instructions * Consume dependabot minor versions for go modules * test: add test for `ParseURL` * Update microsoft dev-tunnels to v0.1.13 * Bump all dependencies except dev-tunnels * Fix inconsistent use of tabs and spaces * docs: explain PR URL parsing reason * test: improve test case to highlight host name override * test: remove references to `AssignedActorsUsed` field * test: verify providing a URL arg affects the base repo * refactor: select PR fields based on detected features * test: remove tests verifying assigne-related behaviour * fix: remove assignee-related intervention * fix: remove `AssignedActorsUsed` field * Add workflow to automate go version bumping * fix: expose `ParseURL` as a public func * Remove unused GH_TOKEN env variable from workflow * Add `workflow_dispatch` support to PR Help Wanted check (#11179) * chore: improve error message when `versioninfo.json` is not found * Fix: `gh pr create` prioritize `--title` and `--body` over `--fill` when `--web` is present (#10547) * chore: create `.syso` libs only on Windows * chore: delete `script/winres.json` * chore: add `versioninfo.template.json` * refactor: switch to `github.com/josephspurrier/goversioninfo` * chore: exclude generated `.syso` files from git repo * Ensure automation uses pinned go-licenses version * Fix missing newline in install_linux.md * Apply suggestions from code review * Update missed Go 1.23 references * chore: update Go version to 1.24 in devcontainer configuration * Use `make` for license generation and checks * Use temp directory for license checks * Update 3rd party licenses * Restored original test setup, clarified * Enhance Activetoken prioritize test * improve the description for gh release verify cmd * chore: fix function name * Push up * Use active token stubbing on auth config * refactor to simplify implementation * Primer formatting * Fix spacing * Add missing files * Rename READMEs * Initial restore of Primer CLI docs * use standardize color roles logic for the logging * moved to shared lib * moved to shared lib * update the artifact and bundle for testing * empty commit * clean the code * revert the workflow * debug windows env * debug windows env * debug windows env * chore: fix variable name casing * Avoid analyzing 3rd party license content with CodeQL * chore: ensure output path is a directory * clean the path * clean the path * Update 3rd party license information * Adopt license compliance scripts into workflows, docs * clean the path * improve test * fix test * add unit test * chore: prepare Windows resources `.syso` files before build * chore: add script to create Windows resources * Cleanup * fix: get token for active user instead of blank if possible * remove filepath test * update Sprintf * removed unused file * added the unit test * add json format * change verify-asset logic * minor fix * clean up the code * update the lng * wip * remove comment * wip * init * docs: install_linux.md: add Solus linux install instructions gh-2.76.2-bp157.2.6.1.src.rpm gh-2.76.2-bp157.2.6.1.x86_64.rpm gh-bash-completion-2.76.2-bp157.2.6.1.noarch.rpm gh-fish-completion-2.76.2-bp157.2.6.1.noarch.rpm gh-zsh-completion-2.76.2-bp157.2.6.1.noarch.rpm gh-2.76.2-bp157.2.6.1.i586.rpm gh-2.76.2-bp157.2.6.1.aarch64.rpm gh-2.76.2-bp157.2.6.1.ppc64le.rpm gh-2.76.2-bp157.2.6.1.s390x.rpm openSUSE-2025-302 important openSUSE Backports SLE-15-SP7 Update This update for trivy fixes the following issues: - CVE-2025-53547: Fixed code execution in Helm Chart (boo#1246151) - Update to version 0.64.1: * release: v0.64.1 [release/v0.64] (#9122) * fix(misconf): skip rewriting expr if attr is nil [backport: release/v0.64] (#9127) * fix(cli): Add more non-sensitive flags to telemetry [backport: release/v0.64] (#9124) * fix(rootio): check full version to detect `root.io` packages [backport: release/v0.64] (#9120) * fix(alma): parse epochs from rpmqa file [backport: release/v0.64] (#9119) * release: v0.64.0 [main] (#8955) * docs(python): fix type with METADATA file name (#9090) * feat: reject unsupported artifact types in remote image retrieval (#9052) * chore(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 (#9088) * refactor(misconf): rewrite Rego module filtering using functional filters (#9061) * feat(terraform): add partial evaluation for policy templates (#8967) * feat(vuln): add Root.io support for container image scanning (#9073) * feat(sbom): add manufacturer field to CycloneDX tools metadata (#9019) * fix(cli): add some values to the telemetry call (#9056) * feat(ubuntu): add end of life date for Ubuntu 25.04 (#9077) * refactor: centralize HTTP transport configuration (#9058) * test: include integration tests in linting and fix all issues (#9060) * chore(deps): bump the common group across 1 directory with 26 updates (#9063) * feat(java): dereference all maven settings.xml env placeholders (#9024) * fix(misconf): reduce log noise on incompatible check (#9029) * fix(misconf): .Config.User always takes precedence over USER in .History (#9050) * chore(deps): update Docker to v28.2.2 and fix compatibility issues (#9037) * docs(misconf): simplify misconfiguration docs (#9030) * fix(misconf): move disabled checks filtering after analyzer scan (#9002) * docs: add PR review policy for maintainers (#9032) * fix(sbom): remove unnecessary OS detection check in SBOM decoding (#9034) * test: improve and extend tests for iac/adapters/arm (#9028) * chore: bump up Go version to 1.24.4 (#9031) * feat(cli): add version constraints to annoucements (#9023) * fix(misconf): correct Azure value-to-time conversion in AsTimeValue (#9015) * feat(ubuntu): add eol date for 20.04-ESM (#8981) * fix(report): don't panic when report contains vulns, but doesn't contain packages for `table` format (#8549) * fix(nodejs): correctly parse `packages` array of `bun.lock` file (#8998) * refactor: use strings.SplitSeq instead of strings.Split in for-loop (#8983) * docs: change --disable-metrics to --disable-telemetry in example (#8999) (#9003) * feat(misconf): add OpenTofu file extension support (#8747) * refactor(misconf): set Trivy version by default in Rego scanner (#9001) * docs: fix assets with versioning (#8996) * docs: add partners page (#8988) * chore(alpine): add EOL date for Alpine 3.22 (#8992) * fix: don't show corrupted trivy-db warning for first run (#8991) * Update installation.md (#8979) * feat(misconf): normalize CreatedBy for buildah and legacy docker builder (#8953) * chore(k8s): update comments with deprecated command format (#8964) * chore: fix errors and typos in docs (#8963) * fix: Add missing version check flags (#8951) * feat(redhat): Add EOL date for RHEL 10. (#8910) * fix: Correctly check for semver versions for trivy version check (#8948) * refactor(server): change custom advisory and vulnerability data types fr… (#8923) * ci(helm): bump Trivy version to 0.63.0 for Trivy Helm Chart 0.15.0 (#8946) * release: v0.63.0 [main] (#8809) * fix(misconf): use argument value in WithIncludeDeprecatedChecks (#8942) * chore(deps): Bump trivy-checks (#8934) * fix(julia): add `Relationship` field support (#8939) * feat(minimos): Add support for MinimOS (#8792) * feat(alpine): add maintainer field extraction for APK packages (#8930) * feat(echo): Add Echo Support (#8833) * fix(redhat): Also try to find buildinfo in root layer (layer 0) (#8924) * fix(wolfi): support new APK database location (#8937) * feat(k8s): get components from namespaced resources (#8918) * refactor(cloudformation): remove unused ScanFile method from Scanner (#8927) * refactor(terraform): remove result sorting from scanner (#8928) * feat(misconf): Add support for `Minimum Trivy Version` (#8880) * docs: improve skipping files documentation (#8749) * feat(cli): Add available version checking (#8553) * feat(nodejs): add a bun.lock analyzer (#8897) * feat: terraform parser option to set current working directory (#8909) * perf(secret): only match secrets of meaningful length, allow example strings to not be matched (#8602) * feat(misconf): export raw Terraform data to Rego (#8741) * refactor(terraform): simplify AllReferences method signature in Attribute (#8906) * fix: check post-analyzers for StaticPaths (#8904) * feat: add Bottlerocket OS package analyzer (#8653) * feat(license): improve work text licenses with custom classification (#8888) * chore(deps): bump github.com/containerd/containerd/v2 from 2.1.0 to 2.1.1 (#8901) * chore(deps): bump the common group across 1 directory with 9 updates (#8887) * refactor(license): simplify compound license scanning (#8896) * feat(license): Support compound licenses (licenses using SPDX operators) (#8816) * fix(k8s): use in-memory cache backend during misconfig scanning (#8873) * feat(nodejs): add bun.lock parser (#8851) * feat(license): improve work with custom classification of licenses from config file (#8861) * fix(cli): disable `--skip-dir` and `--skip-files` flags for `sbom` command (#8886) * fix: julia parser panicing (#8883) * refactor(db): change logic to detect wrong DB (#8864) * fix(cli): don't use allow values for `--compliance` flag (#8881) * docs(misconf): Reorganize misconfiguration scan pages (#8206) * fix(server): add missed Relationship field for `rpc` (#8872) * feat: add JSONC support for comments and trailing commas (#8862) * fix(vex): use `lo.IsNil` to check `VEX` from OCI artifact (#8858) * feat(go): support license scanning in both GOPATH and vendor (#8843) * fix(redhat): save contentSets for OS packages in fs/vm modes (#8820) * fix: filter all files when processing files installed from package managers (#8842) * feat(misconf): add misconfiguration location to junit template (#8793) * docs(vuln): remove OSV for Python from data sources (#8841) * chore: add an issue template for maintainers (#8838) * chore: enable staticcheck (#8815) * ci(helm): bump Trivy version to 0.62.1 for Trivy Helm Chart 0.14.1 (#8836) * feat(license): scan vendor directory for license for go.mod files (#8689) * docs(java): Update info about dev deps in gradle lock (#8830) * chore(deps): bump golang.org/x/sync from 0.13.0 to 0.14.0 in the common group (#8822) * fix(java): exclude dev dependencies in gradle lockfile (#8803) * fix: octalLiteral from go-critic (#8811) * fix(redhat): trim invalid suffix from content_sets in manifest parsing (#8818) * chore(deps): bump the common group across 1 directory with 10 updates (#8817) * fix: use-any from revive (#8810) * fix: more revive rules (#8814) * docs: change in java.md: fix the Trity -to-> Trivy typo (#8813) * fix(misconf): check if for-each is known when expanding dyn block (#8808) * ci(helm): bump Trivy version to 0.62.0 for Trivy Helm Chart 0.14.0 (#8802) - Update to version 0.62.1: * release: v0.62.1 [release/v0.62] (#8825) * chore(deps): bump the common group across 1 directory with 10 updates [backport: release/v0.62] (#8831) * fix(misconf): check if for-each is known when expanding dyn block [backport: release/v0.62] (#8826) * fix(redhat): trim invalid suffix from content_sets in manifest parsing [backport: release/v0.62] (#8824) * release: v0.62.0 [main] (#8669) * feat(nodejs): add root and workspace for `yarn` packages (#8535) * fix: unused-parameter rule from revive (#8794) * chore(deps): Update trivy-checks (#8798) * fix: early-return, indent-error-flow and superfluous-else rules from revive (#8796) * fix(k8s): remove using `last-applied-configuration` (#8791) * refactor(misconf): remove unused methods from providers (#8781) * refactor(misconf): remove unused methods from iac types (#8782) * fix(misconf): filter null nodes when parsing json manifest (#8785) * fix: testifylint last issues (#8768) * fix(misconf): perform operations on attribute safely (#8774) * refactor(ubuntu): update time handling for fixing time (#8780) * chore(deps): bump golangci-lint to v2.1.2 (#8766) * feat(image): save layers metadata into report (#8394) * feat(misconf): convert AWS managed policy to document (#8757) * chore(deps): bump the docker group across 1 directory with 3 updates (#8762) * ci(helm): bump Trivy version to 0.61.1 for Trivy Helm Chart 0.13.1 (#8753) * ci(helm): create a helm branch for patches from main (#8673) * fix(terraform): hcl object expressions to return references (#8271) * chore(terraform): option to pass in instanced logger (#8738) * ci: use `Skitionek/notify-microsoft-teams` instead of `aquasecurity` fork (#8740) * chore(terraform): remove os.OpenPath call from terraform file functions (#8737) * chore(deps): bump the common group across 1 directory with 23 updates (#8733) * feat(rust): add root and workspace relationships/package for `cargo` lock files (#8676) * refactor(misconf): remove module outputs from parser.EvaluateAll (#8587) * fix(misconf): populate context correctly for module instances (#8656) * fix(misconf): check if metadata is not nil (#8647) * refactor(misconf): switch to x/json (#8719) * fix(report): clean buffer after flushing (#8725) * ci: improve PR title validation workflow (#8720) * refactor(flag): improve flag system architecture and extensibility (#8718) * fix(terraform): `evaluateStep` to correctly set `EvalContext` for multiple instances of blocks (#8555) * refactor: migrate from `github.com/aquasecurity/jfather` to `github.com/go-json-experiment/json` (#8591) * feat(misconf): support auto_provisioning_defaults in google_container_cluster (#8705) * ci: use `github.event.pull_request.user.login` for release PR check workflow (#8702) * refactor: add hook interface for extended functionality (#8585) * fix(misconf): add missing variable as unknown (#8683) * docs: Update maintainer docs (#8674) * ci(vuln): reduce github action script injection attack risk (#8610) * fix(secret): ignore .dist-info directories during secret scanning (#8646) * fix(server): fix redis key when trying to delete blob (#8649) * chore(deps): bump the testcontainers group with 2 updates (#8650) * test: use `aquasecurity` repository for test images (#8677) * chore(deps): bump the aws group across 1 directory with 5 updates (#8652) * fix(k8s): skip passed misconfigs for the summary report (#8684) * fix(k8s): correct compare artifact versions (#8682) * chore: update Docker lib (#8681) * refactor(misconf): remove unused terraform attribute methods (#8657) * feat(misconf): add option to pass Rego scanner to IaC scanner (#8369) * chore: typo fix to replace `rego` with `repo` on the RepoFlagGroup options error output (#8643) * docs: Add info about helm charts release (#8640) * ci(helm): bump Trivy version to 0.61.0 for Trivy Helm Chart 0.13.0 (#8638) - Update to version 0.61.1: * release: v0.61.1 [release/v0.61] (#8704) * fix(k8s): skip passed misconfigs for the summary report [backport: release/v0.61] (#8748) * fix(k8s): correct compare artifact versions [backport: release/v0.61] (#8699) * test: use `aquasecurity` repository for test images [backport: release/v0.61] (#8698) * release: v0.61.0 [main] (#8507) * fix(misconf): Improve logging for unsupported checks (#8634) * feat(k8s): add support for controllers (#8614) * fix(debian): don't include empty licenses for `dpkgs` (#8623) * fix(misconf): Check values wholly prior to evalution (#8604) * chore(deps): Bump trivy-checks (#8619) * fix(k8s): show report for `--report all` (#8613) * chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (#8597) * refactor: rename scanner to service (#8584) * fix(misconf): do not skip loading documents from subdirectories (#8526) * refactor(misconf): get a block or attribute without calling HasChild (#8586) * fix(misconf): identify the chart file exactly by name (#8590) * test: use table-driven tests in Helm scanner tests (#8592) * refactor(misconf): Simplify misconfig checks bundle parsing (#8533) * chore(deps): bump the common group across 1 directory with 10 updates (#8566) * fix(misconf): do not use cty.NilVal for non-nil values (#8567) * docs(cli): improve flag value display format (#8560) * fix(misconf): set default values for AWS::EKS::Cluster.ResourcesVpcConfig (#8548) * docs: remove slack (#8565) * fix: use `--file-patterns` flag for all post analyzers (#7365) * docs(python): Mention pip-compile (#8484) * feat(misconf): adapt aws_opensearch_domain (#8550) * feat(misconf): adapt AWS::EC2::VPC (#8534) * docs: fix a broken link (#8546) * fix(fs): check postAnalyzers for StaticPaths (#8543) * refactor(misconf): remove unused methods for ec2.Instance (#8536) * feat(misconf): adapt aws_default_security_group (#8538) * feat(fs): optimize scanning performance by direct file access for known paths (#8525) * feat(misconf): adapt AWS::DynamoDB::Table (#8529) * style: Fix MD syntax in self-hosting.md (#8523) * perf(misconf): retrieve check metadata from annotations once (#8478) * feat(misconf): Add support for aws_ami (#8499) * fix(misconf): skip Azure CreateUiDefinition (#8503) * refactor(misconf): use OPA v1 (#8518) * fix(misconf): add ephemeral block type to config schema (#8513) * perf(misconf): parse input for Rego once (#8483) * feat: replace TinyGo with standard Go for WebAssembly modules (#8496) * chore: replace deprecated tenv linter with usetesting (#8504) * fix(spdx): save text licenses into `otherLicenses` without normalize (#8502) * chore(deps): bump the common group across 1 directory with 13 updates (#8491) * chore: use go.mod for managing Go tools (#8493) * ci(helm): bump Trivy version to 0.60.0 for Trivy Helm Chart 0.12.0 (#8494) * release: v0.60.0 [main] (#8327) * fix(sbom): improve logic for binding direct dependency to parent component (#8489) * chore(deps): remove missed replace of `trivy-db` (#8492) * chore(deps): bump alpine from 3.21.0 to 3.21.3 in the docker group across 1 directory (#8490) * chore(deps): update Go to 1.24 and switch to go-version-file (#8388) * docs: add abbreviation list (#8453) * chore(terraform): assign *terraform.Module 'parent' field (#8444) * feat: add report summary table (#8177) * chore(deps): bump the github-actions group with 3 updates (#8473) * refactor(vex): improve SBOM reference handling with project standards (#8457) * ci: update GitHub Actions cache to v4 (#8475) * feat: add `--vuln-severity-source` flag (#8269) * fix(os): add mapping OS aliases (#8466) * chore(deps): bump the aws group across 1 directory with 7 updates (#8468) * chore(deps): Bump trivy-checks to v1.7.1 (#8467) * refactor(report): write tables after rendering all results (#8357) * docs: update VEX documentation index page (#8458) * fix(db): fix case when 2 trivy-db were copied at the same time (#8452) * feat(misconf): render causes for Terraform (#8360) * fix(misconf): fix incorrect k8s locations due to JSON to YAML conversion (#8073) * feat(cyclonedx): Add initial support for loading external VEX files from SBOM references (#8254) * chore(deps): update go-rustaudit location (#8450) * fix: update all documentation links (#8045) * chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 (#8443) * chore(deps): bump the common group with 6 updates (#8411) * fix(k8s): add missed option `PkgRelationships` (#8442) * fix(sbom): add SBOM file's filePath as Application FilePath if we can't detect its path (#8346) * feat(go): fix parsing main module version for go >= 1.24 (#8433) * refactor(misconf): make Rego scanner independent of config type (#7517) * fix(image): disable AVD-DS-0007 for history scanning (#8366) * fix(server): secrets inspectation for the config analyzer in client server mode (#8418) * chore: remove mockery (#8417) * test(server): replace mock driver with memory cache in server tests (#8416) * test: replace mock with memory cache and fix non-deterministic tests (#8410) * test: replace mock with memory cache in scanner tests (#8413) * test: use memory cache (#8403) * fix(spdx): init `pkgFilePaths` map for all formats (#8380) * chore(deps): bump the common group across 1 directory with 11 updates (#8381) * docs: correct Ruby documentation (#8402) * chore: bump `mockery` to update v2.52.2 version and rebuild mock files (#8390) * fix: don't use `scope` for `trivy registry login` command (#8393) * fix(go): merge nested flags into string for ldflags for Go binaries (#8368) * chore(terraform): export module path on terraform modules (#8374) * fix(terraform): apply parser options to submodule parsing (#8377) * docs: Fix typos in documentation (#8361) * docs: fix navigate links (#8336) * ci(helm): bump Trivy version to 0.59.1 for Trivy Helm Chart 0.11.1 (#8354) * ci(spdx): add `aqua-installer` step to fix `mage` error (#8353) * chore: remove debug prints (#8347) * fix(misconf): do not log scanners when misconfig scanning is disabled (#8345) * fix(report): remove html escaping for `shortDescription` and `fullDescription` fields for sarif reports (#8344) * chore(deps): bump Go to `v1.23.5` (#8341) * fix(python): add `poetry` v2 support (#8323) * chore(deps): bump the github-actions group across 1 directory with 4 updates (#8331) * fix(misconf): ecs include enhanced for container insights (#8326) * fix(sbom): preserve OS packages from multiple SBOMs (#8325) * ci(helm): bump Trivy version to 0.59.0 for Trivy Helm Chart 0.11.0 (#8311) trivy-0.64.1-bp157.2.3.1.src.rpm trivy-0.64.1-bp157.2.3.1.x86_64.rpm trivy-0.64.1-bp157.2.3.1.i586.rpm trivy-0.64.1-bp157.2.3.1.aarch64.rpm trivy-0.64.1-bp157.2.3.1.ppc64le.rpm trivy-0.64.1-bp157.2.3.1.s390x.rpm openSUSE-2025-313 moderate openSUSE Backports SLE-15-SP7 Update This update for fuc fixes the following issues: - Update to version 3.1.1: * fix recursive copy detection for multiple directories * Upgrade deps - Update to version 3.1.0: * Support hard linking files in cpz! * Fixed bugs with --force and symlinks. * Upgrade deps - Update to version 3.0.1: * dependency bumps, including Rustix1.0 - Update to version 3.0.0: * Upgrade deps * Fix bug when trying to copy "." into a directory * Eliminate pointless statx when removing files with unknown d_type * requires Rust 2024 edition * Remove extra mkdir (push that responsibility outside the library so we don't have a ton of redundant mkdirs) * Avoid pointless copy_file_range calls that we know won't copy anything * Remember cross-device copy failures per directory * Swap binary name and arch for better sorting * Add docs on progress indicator - Update to version 2.2.0: * Stable rust patch * Upgrade deps * Add -L / --dereference option (#36) * Add NO_UNSHARE envvar support to avoid calling unshare for default docker configs which block the syscall (closes #34) * Use official cache-size version * Use my own cache-size dep to fix the build * Remove cargo warning about "no edition set" * Clarify what rmz/cpz are - Update to version 2.1.0: * Stable rust patch * Upgrade FTZZ * Add progress feature (closes #14) * Upgrade deps * Remove release_max_level_off since tracing is completely compiled out by default anyway * Add tip for merging directories * Integrate tracing - Update to version 2.0.0: * Improved handling of deeply nested folders and other IO errors * Never follow symlinks for deletion - Update to version 1.1.9: * Upgrade deps * Don't show stack traces in errors * Tweak copy error message slightly * Use better pattern matching * Fix inconsistent badge sytling * Support flipping cpz argument order * Slight efficiency improvement (at the expense of throughput in hopefully rare cases) * Update README.md fuc-3.1.1-bp157.2.3.1.src.rpm fuc-3.1.1-bp157.2.3.1.x86_64.rpm fuc-3.1.1-bp157.2.3.1.aarch64.rpm openSUSE-2025-304 important openSUSE Backports SLE-15-SP7 Update This update for chromium fixes the following issues: Chromium 139.0.7258.138 (boo#1248315): * CVE-2025-9132: Out of bounds write in V8 chromedriver-139.0.7258.138-bp157.2.40.1.x86_64.rpm chromium-139.0.7258.138-bp157.2.40.1.src.rpm chromium-139.0.7258.138-bp157.2.40.1.x86_64.rpm chromedriver-139.0.7258.138-bp157.2.40.1.aarch64.rpm chromium-139.0.7258.138-bp157.2.40.1.aarch64.rpm chromedriver-139.0.7258.138-bp157.2.40.1.ppc64le.rpm chromium-139.0.7258.138-bp157.2.40.1.ppc64le.rpm openSUSE-2025-321 moderate openSUSE Backports SLE-15-SP7 Update This update for rpi-imager fixes the following issues: - Turned off dependency vendoring, to get security fixes for libarchive and others. Includes a fix for CVE-2025-5916 (boo#1244387) rpi-imager-1.7.5-bp157.2.3.1.src.rpm rpi-imager-1.7.5-bp157.2.3.1.x86_64.rpm rpi-imager-1.7.5-bp157.2.3.1.i586.rpm rpi-imager-1.7.5-bp157.2.3.1.aarch64.rpm rpi-imager-1.7.5-bp157.2.3.1.ppc64le.rpm openSUSE-2025-315 important openSUSE Backports SLE-15-SP7 Update This update for proftpd fixes the following issues: - CVE-2024-57392: Null pointer dereference vulnerability by sending a maliciously crafted message (boo#1236889). - CVE-2024-48651: Supplemental group inheritance grants unintended access to GID 0 (boo#1233997). proftpd-1.3.8d-bp157.2.3.1.src.rpm proftpd-1.3.8d-bp157.2.3.1.x86_64.rpm proftpd-debuginfo-1.3.8d-bp157.2.3.1.x86_64.rpm proftpd-debugsource-1.3.8d-bp157.2.3.1.x86_64.rpm proftpd-devel-1.3.8d-bp157.2.3.1.x86_64.rpm proftpd-doc-1.3.8d-bp157.2.3.1.x86_64.rpm proftpd-lang-1.3.8d-bp157.2.3.1.noarch.rpm proftpd-ldap-1.3.8d-bp157.2.3.1.x86_64.rpm proftpd-ldap-debuginfo-1.3.8d-bp157.2.3.1.x86_64.rpm proftpd-mysql-1.3.8d-bp157.2.3.1.x86_64.rpm proftpd-mysql-debuginfo-1.3.8d-bp157.2.3.1.x86_64.rpm proftpd-pgsql-1.3.8d-bp157.2.3.1.x86_64.rpm proftpd-pgsql-debuginfo-1.3.8d-bp157.2.3.1.x86_64.rpm proftpd-radius-1.3.8d-bp157.2.3.1.x86_64.rpm proftpd-radius-debuginfo-1.3.8d-bp157.2.3.1.x86_64.rpm proftpd-sqlite-1.3.8d-bp157.2.3.1.x86_64.rpm proftpd-sqlite-debuginfo-1.3.8d-bp157.2.3.1.x86_64.rpm proftpd-1.3.8d-bp157.2.3.1.i586.rpm proftpd-debuginfo-1.3.8d-bp157.2.3.1.i586.rpm proftpd-debugsource-1.3.8d-bp157.2.3.1.i586.rpm proftpd-devel-1.3.8d-bp157.2.3.1.i586.rpm proftpd-doc-1.3.8d-bp157.2.3.1.i586.rpm proftpd-ldap-1.3.8d-bp157.2.3.1.i586.rpm proftpd-ldap-debuginfo-1.3.8d-bp157.2.3.1.i586.rpm proftpd-mysql-1.3.8d-bp157.2.3.1.i586.rpm proftpd-mysql-debuginfo-1.3.8d-bp157.2.3.1.i586.rpm proftpd-pgsql-1.3.8d-bp157.2.3.1.i586.rpm proftpd-pgsql-debuginfo-1.3.8d-bp157.2.3.1.i586.rpm proftpd-radius-1.3.8d-bp157.2.3.1.i586.rpm proftpd-radius-debuginfo-1.3.8d-bp157.2.3.1.i586.rpm proftpd-sqlite-1.3.8d-bp157.2.3.1.i586.rpm proftpd-sqlite-debuginfo-1.3.8d-bp157.2.3.1.i586.rpm proftpd-1.3.8d-bp157.2.3.1.aarch64.rpm proftpd-debuginfo-1.3.8d-bp157.2.3.1.aarch64.rpm proftpd-debugsource-1.3.8d-bp157.2.3.1.aarch64.rpm proftpd-devel-1.3.8d-bp157.2.3.1.aarch64.rpm proftpd-doc-1.3.8d-bp157.2.3.1.aarch64.rpm proftpd-ldap-1.3.8d-bp157.2.3.1.aarch64.rpm proftpd-ldap-debuginfo-1.3.8d-bp157.2.3.1.aarch64.rpm proftpd-mysql-1.3.8d-bp157.2.3.1.aarch64.rpm proftpd-mysql-debuginfo-1.3.8d-bp157.2.3.1.aarch64.rpm proftpd-pgsql-1.3.8d-bp157.2.3.1.aarch64.rpm proftpd-pgsql-debuginfo-1.3.8d-bp157.2.3.1.aarch64.rpm proftpd-radius-1.3.8d-bp157.2.3.1.aarch64.rpm proftpd-radius-debuginfo-1.3.8d-bp157.2.3.1.aarch64.rpm proftpd-sqlite-1.3.8d-bp157.2.3.1.aarch64.rpm proftpd-sqlite-debuginfo-1.3.8d-bp157.2.3.1.aarch64.rpm proftpd-1.3.8d-bp157.2.3.1.ppc64le.rpm proftpd-debuginfo-1.3.8d-bp157.2.3.1.ppc64le.rpm proftpd-debugsource-1.3.8d-bp157.2.3.1.ppc64le.rpm proftpd-devel-1.3.8d-bp157.2.3.1.ppc64le.rpm proftpd-doc-1.3.8d-bp157.2.3.1.ppc64le.rpm proftpd-ldap-1.3.8d-bp157.2.3.1.ppc64le.rpm proftpd-ldap-debuginfo-1.3.8d-bp157.2.3.1.ppc64le.rpm proftpd-mysql-1.3.8d-bp157.2.3.1.ppc64le.rpm proftpd-mysql-debuginfo-1.3.8d-bp157.2.3.1.ppc64le.rpm proftpd-pgsql-1.3.8d-bp157.2.3.1.ppc64le.rpm proftpd-pgsql-debuginfo-1.3.8d-bp157.2.3.1.ppc64le.rpm proftpd-radius-1.3.8d-bp157.2.3.1.ppc64le.rpm proftpd-radius-debuginfo-1.3.8d-bp157.2.3.1.ppc64le.rpm proftpd-sqlite-1.3.8d-bp157.2.3.1.ppc64le.rpm proftpd-sqlite-debuginfo-1.3.8d-bp157.2.3.1.ppc64le.rpm proftpd-1.3.8d-bp157.2.3.1.s390x.rpm proftpd-debuginfo-1.3.8d-bp157.2.3.1.s390x.rpm proftpd-debugsource-1.3.8d-bp157.2.3.1.s390x.rpm proftpd-devel-1.3.8d-bp157.2.3.1.s390x.rpm proftpd-doc-1.3.8d-bp157.2.3.1.s390x.rpm proftpd-ldap-1.3.8d-bp157.2.3.1.s390x.rpm proftpd-ldap-debuginfo-1.3.8d-bp157.2.3.1.s390x.rpm proftpd-mysql-1.3.8d-bp157.2.3.1.s390x.rpm proftpd-mysql-debuginfo-1.3.8d-bp157.2.3.1.s390x.rpm proftpd-pgsql-1.3.8d-bp157.2.3.1.s390x.rpm proftpd-pgsql-debuginfo-1.3.8d-bp157.2.3.1.s390x.rpm proftpd-radius-1.3.8d-bp157.2.3.1.s390x.rpm proftpd-radius-debuginfo-1.3.8d-bp157.2.3.1.s390x.rpm proftpd-sqlite-1.3.8d-bp157.2.3.1.s390x.rpm proftpd-sqlite-debuginfo-1.3.8d-bp157.2.3.1.s390x.rpm openSUSE-2025-328 moderate openSUSE Backports SLE-15-SP7 Update This update for kanidm fixes the following issues: Update to version 1.7.3~git0.10847190e: * Release 1.7.3 * Make it clearer why acceptor isnt available (#3812) * Minor: reduce logging verbosity during debug (#3810) * Handle IP addresses in replication SAN field (#3811) * Update to use the codec properly (#3807) kanidm-1.7.3~git0.10847190e-bp157.2.15.1.src.rpm kanidm-1.7.3~git0.10847190e-bp157.2.15.1.x86_64.rpm kanidm-clients-1.7.3~git0.10847190e-bp157.2.15.1.x86_64.rpm kanidm-docs-1.7.3~git0.10847190e-bp157.2.15.1.x86_64.rpm kanidm-server-1.7.3~git0.10847190e-bp157.2.15.1.x86_64.rpm kanidm-unixd-clients-1.7.3~git0.10847190e-bp157.2.15.1.x86_64.rpm kanidm-1.7.3~git0.10847190e-bp157.2.15.1.aarch64.rpm kanidm-clients-1.7.3~git0.10847190e-bp157.2.15.1.aarch64.rpm kanidm-docs-1.7.3~git0.10847190e-bp157.2.15.1.aarch64.rpm kanidm-server-1.7.3~git0.10847190e-bp157.2.15.1.aarch64.rpm kanidm-unixd-clients-1.7.3~git0.10847190e-bp157.2.15.1.aarch64.rpm openSUSE-2025-317 important openSUSE Backports SLE-15-SP7 Update This update for minikube fixes the following issues: - Update to version 1.36.0: * Features - Support Kubernetes version v1.33.1 #20784 - New flag "-f" to allow passing a config file for addon configure command. #20255 - vfkit: bump to Preferred driver on macOs #20808 - vfkit: new network option "--network vment-shared' for vfkit driver #20501 * Bug Fixes: - fix bootpd check on macOS >= 15 #20400 - fix bug in parsing proxies with dashes #20648 - fix waiting for all pods having specified labels to be Ready #20315 - fix: incorrect finalImg affecting downloading kic form github assets #20316 - fix: reference missing files in schema (Closes #20752) #20761 - Improvements: - Additional checks for 9p support #20288 - vfkit: Graceful shutdown on stop #20504 - vfkit: More robust state management #20506 - vfkit vmnet: support running without sudoers configuration #20719 - Revert "fix --wait's failure to work on coredns pods" #20313 * Languages: - Add Indonesian translation #20494 - Add more french translation #20361 - Add more Korean translations #20634 - Add more Chinese translations #20543#20543 - fixed minor typo in german translation #20546 - Version Updates: - Addon cloud-spanner: Update cloud-spanner-emulator/emulator image from 1.5.28 to 1.5.34 #20451 #20539 #20602#20623 #20670 #20704 #20795 - Addon headlamp: Update headlamp-k8s/headlamp image from v0.26.0 to v0.28.0 #20311 - Addon ingress: Update ingress-nginx/controller image from v1.11.3 to v1.12.2 #20789 - Addon inspektor-gadget: Update inspektor-gadget image from v0.36.0 to v0.40.0 #20325#20354#20512 #20736 - Addon kong: Update kong image from 3.8.0 to 3.9.0 #20151 #20384 #20728 - Addon kong: Update kong/kubernetes-ingress-controller image from 3.3.1 to 3.4.5 #20319#20446#20788 - Addon kubevirt: Update bitnami/kubectl image from 1.31.3 to 1.33.1 #20321#20349#20665#20731#20790 - Addon nvidia-device-plugin: Update nvidia/k8s-device-plugin image from v0.17.0 to v0.17.2 #20786#20534 - Addon registry: Update kube-registry-proxy image from 0.0.8 to 0.0.9 #20717 - Addon registry: Update registry image from 2.8.3 to 3.0.0 #20242 #20425 - Addon Volcano: Update volcano images from v1.10.0 to v1.11.2 #20318 #20616 #20697 - CNI: Update cilium from v1.17.0 to v3.30.0 #20419 #20390 #20584 #20734 #20317 #20383 #20535 #20637 #20787 - CNI: Update flannel from v0.26.2 to v0.26.7 #20385#20617 #20639 - CNI: Update kindnetd from v20241108-5c6d2daf to v20250512-df8de77b #20327#20427 #20797 - HA (multi-control plane): Update kube-vip from v0.8.10 to v0.9.1 #20638#20238#20598 #20699 - Kicbase: Bump ubuntu:jammy from 20240911.1 to 20250126 #20387 #20718 - Kicbase/ISO: Update buildroot from 2023.02.9 to 2025.2 #20720 - Kicbase/ISO: Update cni-plugins from v1.6.2 to v1.7.1 #20771 - Kicbase/ISO: Update cri-dockerd from v0.3.15 to v0.4.0 #20747 - Kicbase/ISO: Update docker from 27.4.0 to 28.0.4 #20436 #20523 #20591 - Kicbase/ISO: Update runc from v1.2.3 to v1.3.0#20433#20604 #20764 - update to 1.35.0 (boo#1234528, CVE-2024-45337): * Features: - Add support for AMD GPUs via --gpus=amd #19749 - publish & download kicbase image in github release assets #19464 - Support latest Kubernetes v1.32.0 #20091 - Adds support for kubeadm.k8s.io/v1beta4 available since k8s v1.31 #19790 * Improvements: - Merge nvidia-gpu-device-plugin and nvidia-device-plugin. #19545 - cilium: remove appArmorProfile for k8s<v1.30.0 #19888 - auto-pause: restart service after configuration #19900 - Revert "Change MINIKUBE_HOME logic" #20045 - HA (multi-control plane): Update kube-vip from v0.8.6 to v0.8.7 #20053 - don't pollute minikube profile list with errors if exitcode is absent #19728 - unified minikube cluster status query #18998 - Vfkit driver: fix TestMachineType failing on macOS #19726 - No more arch restriction on nerdctld #19730 - remove helm-tiller addon #19636 - More robust MAC address matching #19750 - Add instructions to resolve docker context error #19197 * Bug fixes: - fix --wait's failure to work on coredns pods #19748 - Fix panic when no services in namespace with --all specified #19957 - fix timeout when stopping KVM machine with CRI-O container runtime #19758 - Fix long lines in lastStart.txt not outputting in log outputs #19740 - Fix wrongly detecting kicbase arch as incorrect #19664 * Breaking Changes: - skip building kvm2-arm64 till 19959 is resolved #20062 - remove arm64 kvm #19985 * Languages: - Add more Chinese translations #19490 - Add more Chinese translations #19508 - Fix chinnese translation on wrong line #19718 - Add more chinnese translations #19962 - Add more chinnese translations #19772 - Fix french translation #19978 - Improve french translation #19654 * - Version Updates: - Please see the full changelog - https://github.com/kubernetes/minikube/releases/tag/v0.35.0 docker-machine-driver-kvm2-1.36.0-bp157.2.3.1.x86_64.rpm minikube-1.36.0-bp157.2.3.1.src.rpm minikube-1.36.0-bp157.2.3.1.x86_64.rpm minikube-bash-completion-1.36.0-bp157.2.3.1.noarch.rpm minikube-fish-completion-1.36.0-bp157.2.3.1.noarch.rpm minikube-zsh-completion-1.36.0-bp157.2.3.1.noarch.rpm minikube-1.36.0-bp157.2.3.1.i586.rpm docker-machine-driver-kvm2-1.36.0-bp157.2.3.1.aarch64.rpm minikube-1.36.0-bp157.2.3.1.aarch64.rpm openSUSE-2025-323 important openSUSE Backports SLE-15-SP7 Update This update for v2ray-core fixes the following issues: - Update version to 5.33.0 * bump github.com/quic-go/quic-go from 0.51.0 to 0.52.0(boo#1243946 and CVE-2025-297850) * Update other vendor source - Update version to 5.31.0 * Add Dns Proxy Response TTL Control * Fix call newError Base with a nil value error * Update vendor (boo#1235164) - Update version to 5.29.3 * Enable restricted mode load for http protocol client * Correctly implement QUIC sniffer when handling multiple initial packets * Fix unreleased cache buffer in QUIC sniffing * A temporary testing fix for the buffer corruption issue * QUIC Sniffer Restructure - Update version to 5.22.0 * Add packetEncoding for Hysteria * Add ECH Client Support * Add support for parsing some shadowsocks links * Add Mekya Transport * Fix bugs - Update version to 5.18.0 * Add timeout for http request roundtripper * Fix ss2022 auth reader size overflow * Add pie build mode to all binary builds * Support "services" root config in cfgv4 * packet_encoding for config v4 * add MPTCP support * Add (Experimental) Meyka Building Blocks to request Transport * Add timeout for http request roundtripper * Hysteria2: Add Hysteria2 Protocol * Add AllowInsecureIfPinnedPeerCertificate option to tls security * Add tls certChainHash command * add support for socket activation * Add pprof flag for debugging * Fix bugs - Update version to 5.16.1 * Add Keep-Alive to removed headers - Update version to 5.15.1 * feat: RandomStrategy AliveOnly * Improve container image tags and timestamp * Add delay_auth_write to Socks5 Client Advanced Config * Add MaxMin TLS version support in TLS Setting * feat: RandomStrategy AliveOnly * Improve container image tags and timestamp * Fixed an encrypted traffic's malleable vulnerability that allow integrity corruption by an attacker with a privileged network position to silently drop segments of traffic from an encrypted traffic stream. * Update documents * Fix bugs - Update vendor, fix CVE-2024-22189 boo#1222488 - Update version to 5.12.1 * Shadowsocks2022 Client Support * Apply DomainStrategy to outbound target * Add DomainStrategy to JSONv5 outbound * Add sniffing for TUN * Add HTTPUpgrade transport * It is a reduced version of WebSocket Transport that can pass many reverse proxies and CDNs without running a WebSocket protocol stack * TUN Support * Add uTLS support for h2 transport * Fix bugs golang-github-v2fly-v2ray-core-5.33.0-bp157.2.3.1.noarch.rpm v2ray-core-5.33.0-bp157.2.3.1.src.rpm v2ray-core-5.33.0-bp157.2.3.1.x86_64.rpm v2ray-core-5.33.0-bp157.2.3.1.i586.rpm v2ray-core-5.33.0-bp157.2.3.1.aarch64.rpm v2ray-core-5.33.0-bp157.2.3.1.ppc64le.rpm v2ray-core-5.33.0-bp157.2.3.1.s390x.rpm openSUSE-2025-324 important openSUSE Backports SLE-15-SP7 Update This update for etcd fixes the following issues: - Update to version 3.6.2: * Avoid lowering revision of watchers in the future after restore * Add verification to verify the watch response have a bigger revision than minRev * Disable progress notify validation until we can guarantee response * Skip sending progress notification for watch with starting revision in the future - See upgrade guide: https://etcd.io/docs/v3.6/upgrades/upgrade_3_6/ - Update to version 3.6.1: * etcd server: - Replaced the deprecated/removed UnaryServerInterceptor and StreamServerInterceptor in otelgrpc with NewServerHandler - Add protection on PromoteMember and UpdateRaftAttributes to prevent panicking - Fix the issue that --force-new-cluster can't remove all other members in a corner case - Fix mvcc: avoid double decrement of watcher gauge on close/cancel race - Add validation to ensure there is no empty v3discovery endpoint * etcdctl: - Fix command etcdctl endpoint health doesn't work when options are set via environment variables - Update to version 3.6.0: https://github.com/etcd-io/etcd/compare/v3.5.21...v3.6.0 * Dropped flags in v3.6.0: ETCD_ENABLE_V2 ETCD_PROXY ETCD_PROXY_DIAL_TIMEOUT ETCD_PROXY_FAILURE_WAIT ETCD_PROXY_READ_TIMEOUT ETCD_PROXY_REFRESH_INTERVAL ETCD_PROXY_WRITE_TIMEOUT - Update to version 3.5.21: * bump golang.org/x/net from v0.36.0 to v0.38.0 * bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 to address CVE-2025-30204 (boo#1240515) - Update to version 3.5.20: * Fix the issue that learner promotion command doesn't support json output * overwrite the member if already exist * add verification to check whether membership data is in sync between v2store and v3store * fix: grpcproxy can get stuck in and endless loop causing high cpu usage * perf(release3.5): use RLock in Demoted method for read-only access to expiry - Update to version 3.5.19: * Bump go toolchain to 1.23.7 * fix a compaction induce latency issue * Add learner id into log when being promoted or removed * add learner check to readyz * tools: add mixed read-write performance evaluation scripts - Update to version 3.5.18: * Ensure all goroutines created by StartEtcd to exit before closing the errc * mvcc: restore tombstone index if it's first revision * Bump go toolchain to 1.22.11 * Avoid deadlock in etcd.Close when stopping during bootstrapping * etcdutl/etcdutl: use datadir package to build wal/snapdir * Remove duplicated <-s.ReadyNotify() * Do not wait for ready notify if the server is stopping * Fix mixVersion test case: ensure a snapshot to be sent out * *: support custom content check offline in v2store * Print warning message for deprecated flags if set * fix runtime error: comparing uncomparable type * add tls min/max version to grpc proxy - Fixing a configuration data loss bug: Fillup really really wants that the template and the target file actually follow the sysconfig format. The current config and the current template do not fulfill this requirement. Move the current /etc/sysconfig/etcd to /etc/default/etcd and install a new sysconfig file which only adds the ETCD_OPTIONS option, which is actually used by the unit file. This also makes it a bit cleaner to move etcd to use --config-file in the long run. - Update etcd configuration file based on https://github.com/etcd-io/etcd/blob/v3.5.17/etcd.conf.yml.sample - Update to version 3.5.17: * fix(defrag): close temp file in case of error * Bump go toolchain to 1.22.9 * fix(defrag): handle defragdb failure * fix(defrag): handle no space left error * [3.5] Fix risk of a partial write txn being applied * [serverWatchStream] terminate recvLoop on sws.close() - Update to version 3.5.16: * Bump go toolchain to 1.22.7 * Introduce compaction sleep interval flag * Fix passing default grpc call options in Kubernetes client * Skip leadership check if the etcd instance is active processing heartbeats * Introduce Kubernetes KV interface to etcd client - Update to version 3.5.15: * Differentiate the warning message for rejected client and peer * connections * Suppress noisy basic auth token deletion log * Support multiple values for allowed client and peer TLS identities(#18015) * print error log when validation on conf change failed - Update to version 3.5.14: * etcdutl: Fix snapshot restore memory alloc issue * server: Implement WithMmapSize option for backend config * gRPC health server sets serving status to NOT_SERVING on defrag * server/mvcc: introduce compactBeforeSetFinishedCompact failpoint * Update the compaction log when bootstrap and update compact's signature * add experimental-snapshot-catchup-entries flag. * Fix retry requests when receiving ErrGPRCNotSupportedForLearner - Update to version 3.5.13: * Fix progress notification for watch that doesn't get any events * pkg/types: Support Unix sockets in NewURLS * added arguments to the grpc-proxy: dial-keepalive-time, dial-keepalive-timeout, permit-without-stream * server: fix comment to match function name * Make CGO_ENABLED configurable for etcd 3.5 * etcdserver: drain leaky goroutines before test completed etcd-3.6.2-bp157.2.3.1.src.rpm etcd-3.6.2-bp157.2.3.1.x86_64.rpm etcdctl-3.6.2-bp157.2.3.1.x86_64.rpm etcdutl-3.6.2-bp157.2.3.1.x86_64.rpm etcd-3.6.2-bp157.2.3.1.aarch64.rpm etcdctl-3.6.2-bp157.2.3.1.aarch64.rpm etcdutl-3.6.2-bp157.2.3.1.aarch64.rpm etcd-3.6.2-bp157.2.3.1.ppc64le.rpm etcdctl-3.6.2-bp157.2.3.1.ppc64le.rpm etcdutl-3.6.2-bp157.2.3.1.ppc64le.rpm etcd-3.6.2-bp157.2.3.1.s390x.rpm etcdctl-3.6.2-bp157.2.3.1.s390x.rpm etcdutl-3.6.2-bp157.2.3.1.s390x.rpm openSUSE-2025-332 moderate openSUSE Backports SLE-15-SP7 Update This update for go-sendxmpp fixes the following issues: - Update to 0.15.0: Added: * Add flag --verbose to show debug information. * Add flag --recipients to specify recipients by file. * Add flag --retry-connect to try after a waiting time if the connection fails. * Add flag --retry-connect-max to specify the amount of retry attempts. * Add flag --legacy-pgp for using XEP-0027 PGP encryption with Ox keys. * Add support for punycode domains. Changed: * Update gopenpgp library to v3. * Improve error detection for MUC joins. * Don't try to connect to other SRV record targets if error contains 'auth-failure'. * Remove support for old SSDP version (via go-xmpp v0.2.15). * Http-upload: Stop checking other disco items after finding upload component. * Increase default TLS version to 1.3. - CVE-2025-22872: Fixed golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction (boo#1241814) - Update to 0.14.1: * Use prettier date format for error messages. * Update XEP-0474 to version 0.4.0 (requires go-xmpp >= 0.2.10). go-sendxmpp-0.15.0-bp157.2.3.1.src.rpm go-sendxmpp-0.15.0-bp157.2.3.1.x86_64.rpm go-sendxmpp-0.15.0-bp157.2.3.1.i586.rpm go-sendxmpp-0.15.0-bp157.2.3.1.aarch64.rpm go-sendxmpp-0.15.0-bp157.2.3.1.ppc64le.rpm go-sendxmpp-0.15.0-bp157.2.3.1.s390x.rpm openSUSE-2025-327 important openSUSE Backports SLE-15-SP7 Update This update for chromium fixes the following issues: Chromium 139.0.7258.154 (boo#1248769) * CVE-2025-9478: Use after free in ANGLE chromedriver-139.0.7258.154-bp157.2.43.1.x86_64.rpm chromium-139.0.7258.154-bp157.2.43.1.src.rpm chromium-139.0.7258.154-bp157.2.43.1.x86_64.rpm chromedriver-139.0.7258.154-bp157.2.43.1.aarch64.rpm chromium-139.0.7258.154-bp157.2.43.1.aarch64.rpm chromedriver-139.0.7258.154-bp157.2.43.1.ppc64le.rpm chromium-139.0.7258.154-bp157.2.43.1.ppc64le.rpm