Packages changed:
  MozillaFirefox (139.0.4 -> 140.0.2)
  coreutils
  coreutils-systemd
  kernel-source (6.15.4 -> 6.15.5)
  libgooglepinyin
  libvirt
  mdevctl
  mozilla-nss (3.110 -> 3.112)
  myrlyn (0.9.6 -> 0.9.7)
  ncompress
  nghttp2 (1.65.0 -> 1.66.0)
  openSUSE-release (20250708 -> 20250709)
  opensc
  openssl-3 (3.5.0 -> 3.5.1)
  openssl (3.5.0 -> 3.5.1)
  patterns-base
  raptor
  selinux-policy
  spu-tools

=== Details ===

==== MozillaFirefox ====
Version update (139.0.4 -> 140.0.2)
Subpackages: MozillaFirefox-branding-upstream MozillaFirefox-translations-common

- Mozilla Firefox 140.0.2
  * Fixed a startup crash on Windows experienced by some users
    (bmo#1974259)
- Mozilla Firefox 140.0.1
  * Fixed text contrast issues in the sidebar with some dark themes
    (bmo#1971487)
  * Fixed a startup crash experienced by some users caused by DLL
    injection (mbo#1973947)
- Firefox 140.0 Release
  * New: Vertical Tabs: You can now keep more — or fewer — pinned
    tabs in view for quicker access to important windows. Just
    drag the divider to resize your pinned tabs section.
  * New: Custom Search Engines: Firefox now supports adding even
    more search engines. To add a custom engine, right-click a
    search field of a supported website and select “Add Search
    Engine”, or go to Settings > Search > Add (below the search
    shortcuts table) to manually enter a search URL.
  * New: Firefox Extensions: Customize your toolbar with the
    option to remove the extensions shortcut, giving you more
    control over your browser. When the button is hidden, you can
    access the extensions panel again at any time from the
    Firefox menu by clicking the Extensions menu item.
  * New: You can now unload tabs by right-clicking on a tab (or
    multiple selected tabs) and selecting "Unload Tab". This can
    speed up performance by reducing Firefox's memory and CPU
    usage.
  * New: Full-Page Translations now prioritizes translating only
    the content near your current view, improving speed and
    responsiveness. Content outside your view is skipped unless
    you scroll to it, reducing unnecessary resource usage.
  * New: Firefox builds in Arabic now come with a built-in Arabic
    dictionary for the Firefox spellchecker.
  * New: Address autofill enabled for users in Italy, Poland, and
    Austria.
  * Changed: The Pocket toolbar icon, as well as the Pocket
    integrations on New Tab, have been removed per the service
    shutdown announcement.
  * HTML5: Added platform support for aria-keyshortcuts in Linux,
    macOS, and Windows.
  * HTML5: Added support for the CookieStore API, an asynchronous
    cookie API for scripts running in HTML documents and service
    workers.
  * HTML5: Added support for the Custom Highlight API, which
    allows styling arbitrary text ranges. Support for text-
    decoration is not included and is planned for an upcoming
    release.
  * HTML5: Added support for the pointerrawupdate event. This
    event provides lower-latency access to pointer movements by
    firing as soon as the pointer data is available, typically
    before the main `pointermove` event. Unlike `pointermove`, it
    performs an additional hit test to determine the target and
    fires more frequently, which may impact performance even if
    only a listener is added. This event is intended for
    applications that require high-precision input handling and
    cannot achieve smooth interaction using coalesced
    `pointermove` events alone.
  * HTML5: Service Workers are now available in Private Browsing
    Mode. This enhancement builds on our efforts to support
    IndexedDB and the DOM Cache API in Private Browsing through
    encrypted storage. With this change, more websites,
    especially those that rely on background tasks, will be able
    to benefit from Service workers.
  * HTML5: Firefox now applies a uniform user agent (UA) style to
    `<h1>` elements, regardless of whether they are used inside
    `<article>`, `<aside>`, `<nav>`, or `<section>`.
  * HTML5: Firefox will now escape less-than (`<`) and greater-
    than (`>`) symbols when serializing HTML attributes, making
    certain mXSS attacks on websites more difficult.
  * Developer: Improved the search feature in the Inspector panel
    to help developers more effectively search the DOM of the
    current page. Sorting the results by the number of matching
    elements, support “pseudo” selector state, etc.
  * Enterprise: You can find information about policy updates and
    enterprise specific bug fixes in the Firefox for Enterprise
    140 Release Notes.
  * Fixed: Various security fixes.
- Mozilla Firefox 140.0
  https://www.mozilla.org/en-US/firefox/140.0/releasenotes/
  MFSA 2025-51 (bsc#1244670)
  * CVE-2025-6424 (bmo#1966423)
    Use-after-free in FontFaceSet
  * CVE-2025-6425 (bmo#1717672)
    The WebCompat WebExtension shipped with Firefox exposed a
    persistent UUID
  * CVE-2025-6426 (bmo#1964385)
    No warning when opening executable terminal files on macOS
  * CVE-2025-6427 (bmo#1966927)
    connect-src Content Security Policy restriction could be
    bypassed
  * CVE-2025-6428 (bmo#1970151)
    Firefox for Android opened URLs specified in a link
    querystring parameter
  * CVE-2025-6429 (bmo#1970658)
    Incorrect parsing of URLs could have allowed embedding of
    youtube.com
  * CVE-2025-6430 (bmo#1971140)
    Content-Disposition header ignored when a file is included in
    an embed or object tag
  * CVE-2025-6431 (bmo#1942716)
    ... changelog too long, skipping 17 lines ...
  cargo/rust 1.86

==== coreutils ====
Subpackages: coreutils-lang

- coreutils-9.7-sort-CVE-2025-5278.patch: Add upstream patch:
  sort with key character offsets of SIZE_MAX, could induce
  a read of 1 byte before an allocated heap buffer.
  (CVE-2025-5278, bsc#1243767)

==== coreutils-systemd ====

- coreutils-9.7-sort-CVE-2025-5278.patch: Add upstream patch:
  sort with key character offsets of SIZE_MAX, could induce
  a read of 1 byte before an allocated heap buffer.
  (CVE-2025-5278, bsc#1243767)

==== kernel-source ====
Version update (6.15.4 -> 6.15.5)

- usb: typec: displayport: Fix potential deadlock (git-fixes).
- commit 478c062
- Linux 6.15.5 (bsc#1012628).
- cifs: Correctly set SMB1 SessionKey field in Session Setup
  Request (bsc#1012628).
- cifs: Fix cifs_query_path_info() for Windows NT servers
  (bsc#1012628).
- cifs: Fix encoding of SMB1 Session Setup NTLMSSP Request in
  non-UNICODE mode (bsc#1012628).
- NFSv4: Always set NLINK even if the server doesn't support it
  (bsc#1012628).
- NFSv4.2: fix listxattr to return selinux security label
  (bsc#1012628).
- NFSv4.2: fix setattr caching of TIME_[MODIFY|ACCESS]_SET when
  timestamps are delegated (bsc#1012628).
- mailbox: Not protect module_put with spin_lock_irqsave
  (bsc#1012628).
- mfd: max77541: Fix wakeup source leaks on device unbind
  (bsc#1012628).
- mfd: max14577: Fix wakeup source leaks on device unbind
  (bsc#1012628).
- mfd: max77705: Fix wakeup source leaks on device unbind
  (bsc#1012628).
- mfd: 88pm886: Fix wakeup source leaks on device unbind
  (bsc#1012628).
- mfd: sprd-sc27xx: Fix wakeup source leaks on device unbind
  (bsc#1012628).
- sunrpc: don't immediately retransmit on seqno miss
  (bsc#1012628).
- hwmon: (isl28022) Fix current reading calculation (bsc#1012628).
- dm vdo indexer: don't read request structure after enqueuing
  (bsc#1012628).
- leds: multicolor: Fix intensity setting while SW blinking
  (bsc#1012628).
- fuse: fix race between concurrent setattrs from multiple nodes
  (bsc#1012628).
- cxl/region: Add a dev_err() on missing target list entries
  (bsc#1012628).
- cxl: core/region - ignore interleave granularity when ways=1
  (bsc#1012628).
- NFSv4: xattr handlers should check for absent nfs filehandles
  (bsc#1012628).
- hwmon: (pmbus/max34440) Fix support for max34451 (bsc#1012628).
- ksmbd: allow a filename to contain special characters on
  SMB3.1.1 posix extension (bsc#1012628).
- ksmbd: provide zero as a unique ID to the Mac client
  (bsc#1012628).
- rust: module: place cleanup_module() in .exit.text section
  (bsc#1012628).
- rust: arm: fix unknown (to Clang) argument '-mno-fdpic'
  (bsc#1012628).
- dmaengine: idxd: Check availability of workqueue allocated by
  idxd wq driver before using (bsc#1012628).
- dmaengine: xilinx_dma: Set dma_device directions (bsc#1012628).
- PCI: dwc: Make link training more robust by setting
  PORT_LOGIC_LINK_WIDTH to one lane (bsc#1012628).
- PCI: apple: Fix missing OF node reference in
  apple_pcie_setup_port (bsc#1012628).
- PCI: imx6: Add workaround for errata ERR051624 (bsc#1012628).
- wifi: iwlwifi: mld: Move regulatory domain initialization
  (bsc#1012628).
- nvme-tcp: fix I/O stalls on congested sockets (bsc#1012628).
- nvme-tcp: sanitize request list handling (bsc#1012628).
- md/md-bitmap: fix dm-raid max_write_behind setting
  (bsc#1012628).
- amd/amdkfd: fix a kfd_process ref leak (bsc#1012628).
- drm/amdgpu/vcn5.0.1: read back register after written
  (bsc#1012628).
- drm/amdgpu/vcn4: read back register after written (bsc#1012628).
- drm/amdgpu/vcn3: read back register after written (bsc#1012628).
- drm/amdgpu/vcn2.5: read back register after written
  (bsc#1012628).
- bcache: fix NULL pointer in cache_set_flush() (bsc#1012628).
- drm/amdgpu: seq64 memory unmap uses uninterruptible lock
  (bsc#1012628).
- drm/scheduler: signal scheduled fence when kill job
  (bsc#1012628).
- iio: pressure: zpa2326: Use aligned_s64 for the timestamp
  (bsc#1012628).
- bus: mhi: host: pci_generic: Add Telit FN920C04 modem support
  (bsc#1012628).
- um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h
  (bsc#1012628).
- um: use proper care when taking mmap lock during segfault
  (bsc#1012628).
- 8250: microchip: pci1xxxx: Add PCIe Hot reset disable support
  for Rev C0 and later devices (bsc#1012628).
- coresight: Only check bottom two claim bits (bsc#1012628).
- usb: dwc2: also exit clock_gating when stopping udc while
  suspended (bsc#1012628).
- iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos
  (bsc#1012628).
- iio: dac: adi-axi-dac: add cntrl chan check (bsc#1012628).
- iio: light: al3000a: Fix an error handling path in
  al3000a_probe() (bsc#1012628).
- iio: adc: ad7606_spi: check error in ad7606B_sw_mode_config()
  (bsc#1012628).
- iio: hid-sensor-prox: Add support for 16-bit report size
  (bsc#1012628).
    ... changelog too long, skipping 375 lines ...
- commit 071950d

==== libgooglepinyin ====

- Mark use of CMake 3.5 okay to make it compatible with CMake 4.0.

==== libvirt ====
Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-qemu libvirt-libs

- qemu: ARM: Change default SCSI controller model from 'lsilogic'
  to 'virtio-scsi'
  bsc#1240762

==== mdevctl ====

- Update vendor.tar.gz and Cargo.lock (boo#1244560)

==== mozilla-nss ====
Version update (3.110 -> 3.112)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-tools

- update to NSS 3.112
  * bmo#1963792 - Fix alias for mac workers on try
  * bmo#1966786 - ensure all options can be configured with
    SSL_OptionSet and SSL_OptionSetDefault
  * bmo#1931930 - ABI/API break in ssl certificate processing
  * bmo#1955971 - remove unnecessary assertion in
    sec_asn1d_init_state_based_on_template.
  * bmo#1965754 - update taskgraph to v14.2.1.
  * bmo#1964358 - Workflow for automation of the release on GitHub
    when pushing a tag
  * bmo#1952860 - fix faulty assertions in SEC_ASN1DecoderUpdate
  * bmo#1934877 - Renegotiations should use a fresh ECH GREASE buffer
  * bmo#1951396 - update taskgraph to v14.1.1
  * bmo#1962503 - Partial fix for ACVP build CI job
  * bmo#1961827 - Initialize find in sftk_searchDatabase
  * bmo#1963121 - Add clang-18 to extra builds
  * bmo#1963044 - Fault tolerant git fetch for fuzzing
  * bmo#1962556 - Tolerate intermittent failures in ssl_policy_pkix_ocsp
  * bmo#1962770 - fix compiler warnings when DEBUG_ASN1D_STATES or
    CMSDEBUG are set
  * bmo#1961835 - fix content type tag check in
    NSS_CMSMessage_ContainsCertsOrCrls.
  * bmo#1963102 - Remove Cryptofuzz CI version check
- Modify bmo1962556.patch to catch OBS specific errors

==== myrlyn ====
Version update (0.9.6 -> 0.9.7)

- Update to version 0.9.7:
  * Version bump to 0.9.7
  * Override exclude filters when searching for -devel / -debug* (Closes #105)
  * myrlyn-sudo: Build own environment (Closes #102, closes #104)
  * Don't use login shell (-i) for sudo to avoid XWayland (#104)
  * Keep XDG_RUNTIME_DIR env var (#102)
  * Cleaned up whitespace in comments
  * Fixed coding style
  * Cleaned up .desktop files; myrlyn-xdg-su is now in attic/
  * Added auth method to desktop files
  * Support for prompt arg in myrlyn-askpass
  * Fixed coding style
  * Fixed typo
  * New help menu item: Root Authentication
  * Backup of .spec and _service

==== ncompress ====

- added patches
  https://github.com/vapier/ncompress/issues/43
  + ncompress-gcc15.patch

==== nghttp2 ====
Version update (1.65.0 -> 1.66.0)

- Ship manpages together with binaries
- Ship documentation in previously dangling doc subpackage
- update to 1.66.0:
  * Bump github.com/quic-go/quic-go to v0.50.0
  * build(deps): bump golang.org/x/net from 0.35.0 to 0.37.0
  * h2load: Check the return value from OBJ_nid2sn
  * build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0
  * Remove go toolchain
  * build(deps): bump github.com/quic-go/quic-go from 0.50.0 to
    0.50.1
  * nghttpx: Close h1 connection on CONNECT failure
  * doc:rubydomain: Fix build failure with rubydomain namespace
  * Update integration tests
  * quic: Use secure random generator for ngtcp2_rand
  * Revert "quic: Use secure random generator for ngtcp2_rand"
  * quic: Use secure random generator for ngtcp2_rand
  * GHA: Replace macos-13 with macos-15
  * build(deps): bump golang.org/x/net from 0.38.0 to 0.39.0
  * Bump ngtcp2
  * nghttpx: Refactor QUIC packet write
  * h2load: Refactor QUIC packet write path
  * nghttpx: Adopt std::span::first
  * Rewrite util::quote_string
  * Rewrite util::utos functions
  * Rewrite util::decode_hex
  * Make util::format_hex constexpr
  * Remove util::inp_strlower in favor of util::tolower
  * Refactor util::make_http_hostport and util::make_hostport
  * Refine output iterator requirements
  * Make base64 encoder/decoder constexpr
  * Optimize util::utos
  * Optimize util::format_hex
  * Optimize util::utox
  * Disallow array to substitute R &&
  * Revert "nghttpx: No need to capitalize HTTP/1.1 field name"
  * Refactor http2::capitalize
  * Bump quic-go to v0.52.0
  * nghttpx: Fix integral logging is always done in 64 bits
    integer
- Build with HTTP/3 support
- Tidy up spec file

==== openSUSE-release ====
Version update (20250708 -> 20250709)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd

- automatically generated by openSUSE-release-tools/pkglistgen

==== opensc ====
Subpackages: opensc-bash-completion

- Fix error found when compiling with gcc 15
  * https://github.com/OpenSC/OpenSC/pull/3316
  * Add opensc-gcc15.patch

==== openssl-3 ====
Version update (3.5.0 -> 3.5.1)
Subpackages: libopenssl3 libopenssl3-32bit libopenssl3-x86-64-v3

- Update to 3.5.1:
  * Fix x509 application adds trusted use instead of rejected use.
    [bsc#1243564, CVE-2025-4575]
- Remove patches:
  * openssl-Fix-P384-on-P8-targets.patch
  * openssl-CVE-2025-4575.patch
- Rebase patches:
  * openssl-Allow-disabling-of-SHA1-signatures.patch
  * openssl-FIPS-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
  * openssl-FIPS-NO-DES-support.patch
- Fix a bogus warning caused by -Wfree-nonheap-object
  * Add patch openssl-Fix-Wfree-nonheap-object-warning.patch

==== openssl ====
Version update (3.5.0 -> 3.5.1)

- Update to 3.5.1

==== patterns-base ====
Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-x11 patterns-base-x11_enhanced

- Add a kdump pattern (bsc#1244712).

==== raptor ====

- add raptor-CVE-2024-57822.patch (bsc#1235674, CVE-2024-57822)
- refresh raptor-CVE-2024-57823.patch (bsc#1235673, CVE-2024-57823)
- convert to autosetup

==== selinux-policy ====
Subpackages: selinux-policy-targeted

- Update macros.selinux-policy to trigger a full relabel on transactional
  systems upon module installation. This is rather expensive and will
  hopefully be replaced by a more fine grained solution later on (bsc#1232753)

==== spu-tools ====

- added patches
  build with gcc15
  + spu-tools-gcc15.patch