Packages changed:
cppcheck (2.16.2 -> 2.17.1)
fftw3
libX11
libxcb
libxkbfile
lokalize
openSUSE-release (20250225 -> 20250226)
patterns-gnome
xorg-x11-server
xwayland
=== Details ===
==== cppcheck ====
Version update (2.16.2 -> 2.17.1)
- update to 2.17.1:
* New checks:
- staticFunction: detect functions that should have internal
linkage since they are not used outside of their translation
unit (C code only).
- Check null pointer return from memory/resource allocation
functions (nullPointerOutOfMemory,
nullPointerArithmeticOutOfMemory, nullPointerOutOfResources,
ctunullpointerOutOfMemory,
ctunullpointerOutOfResources).
* Changed interface:
- Added `reduced` check level. It can be activated with
`--check-level=reduced`. You get faster analysis
but some fewer results. The motivation is to be able to make
analysis time "acceptable" for direct usage.
- Added `--report-type` option. Enables printing of guidelines
and classifications for several coding
standards in place of the regular error identifiers and
severities.
* Other:
- Removed deperecated support for builds via qmake.
- Using a handwritten rule texts file for MISRA C addon
violates license and copyright terms. See the
manual for instructions how to download a official rule
texts file from MISRA.
- switch to qt6
==== fftw3 ====
- Disable openmpi for 32b non-hpc builds as OpenMPI >= 5 has no support
for these architectures.
- Cleanup flags handling mpi with s390/s390x
==== libX11 ====
Subpackages: libX11-6 libX11-data libX11-xcb1
- U_CVE-2025-26597-0001-xkb-Fix-buffer-overflow-in-XkbChangeTypesOfKey.patch
* Buffer overflow in XkbChangeTypesOfKey()
(CVE-2025-26597, bsc#1237431)
==== libxcb ====
Subpackages: libxcb-composite0 libxcb-damage0 libxcb-dpms0 libxcb-dri2-0 libxcb-dri3-0 libxcb-glx0 libxcb-present0 libxcb-randr0 libxcb-record0 libxcb-render0 libxcb-res0 libxcb-shape0 libxcb-shm0 libxcb-sync1 libxcb-xfixes0 libxcb-xinerama0 libxcb-xinput0 libxcb-xkb1 libxcb-xv0 libxcb1
- Switch bug-262309_xcb-xauthlocalhostname.diff to -p1.
- Update descriptions and modernize specfile
(%autosetup/%ldconfig_scriptlets).
==== libxkbfile ====
- U_CVE-2025-26595-0001-xkb-Fix-buffer-overflow-in-XkbVModMaskText.patch
* Buffer overflow in XkbVModMaskText() (CVE-2025-26595, bsc#1237429)
==== lokalize ====
Subpackages: lokalize-lang
- Add the missing qsqlite runtime dependency
==== openSUSE-release ====
Version update (20250225 -> 20250226)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== patterns-gnome ====
Subpackages: patterns-gnome-gnome patterns-gnome-gnome_basic patterns-gnome-gnome_basis patterns-gnome-gnome_games patterns-gnome-gnome_imaging patterns-gnome-gnome_internet patterns-gnome-gnome_multimedia patterns-gnome-gnome_office patterns-gnome-gnome_utilities patterns-gnome-gnome_x11 patterns-gnome-gnome_yast patterns-gnome-sw_management_gnome
- Have pattern gnome_basic recommend pattern() = enhanced_base: most
users of a desktop will want those tools. They were pulled in
before via the recently removed imaging -> x11 -> enahnced_base.
As x11 was removed as a dependency from the desktop-imaging
pattern, this was lost.
==== xorg-x11-server ====
Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra
- U_CVE-2025-26594-0001-Cursor-Refuse-to-free-the-root-cursor.patch
U_CVE-2025-26594-0002-dix-keep-a-ref-to-the-rootCursor.patch
* Use-after-free of the root cursor (CVE-2025-26594, bsc#1237427)
- U_CVE-2025-26595-0001-xkb-Fix-buffer-overflow-in-XkbVModMaskText.patch
* Buffer overflow in XkbVModMaskText() (CVE-2025-26595, bsc#1237429)
- U_CVE-2025-26596-0001-xkb-Fix-computation-of-XkbSizeKeySyms.patch
* Heap overflow in XkbWriteKeySyms() (CVE-2025-26596, bsc#1237430)
- U_CVE-2025-26597-0001-xkb-Fix-buffer-overflow-in-XkbChangeTypesOfKey.patch
* Buffer overflow in XkbChangeTypesOfKey() (CVE-2025-26597, bsc#1237431)
- U_CVE-2025-26598-0001-Xi-Fix-barrier-device-search.patch
* Out-of-bounds write in CreatePointerBarrierClient() (CVE-2025-26598, bsc#1237432)
- U_CVE-2025-26599-0001-composite-Handle-failure-to-redirect-in-compRedirect.patch
U_CVE-2025-26599-0002-composite-initialize-border-clip-even-when-pixmap-al.patch
* Use of uninitialized pointer in compRedirectWindow() (CVE-2025-26599, bsc#1237433)
- U_CVE-2025-26600-0001-dix-Dequeue-pending-events-on-frozen-device-on-remov.patch
* Use-after-free in PlayReleasedEvents() (CVE-2025-26600, bsc#1237434)
- U_CVE-2025-26601-0001-sync-Do-not-let-sync-objects-uninitialized.patch
U_CVE-2025-26601-0002-sync-Check-values-before-applying-changes.patch
U_CVE-2025-26601-0003-sync-Do-not-fail-SyncAddTriggerToSyncObject.patch
U_CVE-2025-26601-0004-sync-Apply-changes-last-in-SyncChangeAlarmAttributes.patch
* Use-after-free in SyncInitTrigger() (CVE-2025-26601, bsc#1237435)
==== xwayland ====
- U_CVE-2025-26594-0001-Cursor-Refuse-to-free-the-root-cursor.patch
U_CVE-2025-26594-0002-dix-keep-a-ref-to-the-rootCursor.patch
* Use-after-free of the root cursor (CVE-2025-26594, bsc#1237427)
- U_CVE-2025-26595-0001-xkb-Fix-buffer-overflow-in-XkbVModMaskText.patch
* Buffer overflow in XkbVModMaskText() (CVE-2025-26595, bsc#1237429)
- U_CVE-2025-26596-0001-xkb-Fix-computation-of-XkbSizeKeySyms.patch
* Heap overflow in XkbWriteKeySyms() (CVE-2025-26596, bsc#1237430)
- U_CVE-2025-26597-0001-xkb-Fix-buffer-overflow-in-XkbChangeTypesOfKey.patch
* Buffer overflow in XkbChangeTypesOfKey() (CVE-2025-26597, bsc#1237431)
- U_CVE-2025-26598-0001-Xi-Fix-barrier-device-search.patch
* Out-of-bounds write in CreatePointerBarrierClient() (CVE-2025-26598, bsc#1237432)
- U_CVE-2025-26599-0001-composite-Handle-failure-to-redirect-in-compRedirect.patch
U_CVE-2025-26599-0002-composite-initialize-border-clip-even-when-pixmap-al.patch
* Use of uninitialized pointer in compRedirectWindow() (CVE-2025-26599, bsc#1237433)
- U_CVE-2025-26600-0001-dix-Dequeue-pending-events-on-frozen-device-on-remov.patch
* Use-after-free in PlayReleasedEvents() (CVE-2025-26600, bsc#1237434)
- U_CVE-2025-26601-0001-sync-Do-not-let-sync-objects-uninitialized.patch
U_CVE-2025-26601-0002-sync-Check-values-before-applying-changes.patch
U_CVE-2025-26601-0003-sync-Do-not-fail-SyncAddTriggerToSyncObject.patch
U_CVE-2025-26601-0004-sync-Apply-changes-last-in-SyncChangeAlarmAttributes.patch
* Use-after-free in SyncInitTrigger() (CVE-2025-26601, bsc#1237435)