Packages changed: Mesa Mesa-drivers MicroOS-release (20260123 -> 20260126) cockpit (351 -> 354) cups (2.4.14 -> 2.4.16) dmidecode (3.6 -> 3.7) flatpak (1.16.2 -> 1.16.3) glib2 harfbuzz (12.3.0 -> 12.3.1) kernel-firmware-intel (20251228 -> 20260122) kernel-firmware-mediatek (20260114 -> 20260119) kernel-source (6.18.6 -> 6.18.7) lirc multipath-tools openjpeg2 pam (1.7.1 -> 1.7.2) pam-full-src (1.7.1 -> 1.7.2) patterns-base polkit-default-privs (1550+20260108.4fc3a54 -> 1550+20260122.bb2b3c5) qalculate (5.8.2 -> 5.9.0) qemu wireplumber === Details === ==== Mesa ==== Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1 - BuildRequire llvm21-devel, no matter which suse_version/sle_version is being used ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-vulkan-device-select libvulkan_lvp - BuildRequire llvm21-devel, no matter which suse_version/sle_version is being used ==== MicroOS-release ==== Version update (20260123 -> 20260126) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== cockpit ==== Version update (351 -> 354) Subpackages: cockpit-bridge cockpit-networkmanager cockpit-packagekit cockpit-system cockpit-ws cockpit-ws-selinux - Drop 0010-add-onExpand-prop-to-ListingTable.patch: Has been upstreamed - Update to 354 * changes since 351 - 354 * Convert documentation to AsciiDoc * Work around Firefox 146/147 bug (rhbz#2422331) * Bug fixes - 353 * Networking: Suggest prefix length and gateway address * Bug fixes and translation updates - 352 * Shown a warning if the last shutdown/reboot was unclean * Bug fixes and translation updates - Add 0010-add-onExpand-prop-to-ListingTable.patch to backport a feature ==== cups ==== Version update (2.4.14 -> 2.4.16) Subpackages: cups-client cups-config libcups2 libcupsimage2 - Version upgrade to 2.4.16: See https://github.com/openprinting/cups/releases The hotfix release 2.4.16 includes fix for infinite loop in GTK, which was caused by change of internal behavior in libcups on which GTK depended on, and workaround for stopping the scheduler if configuration includes unknown directives. Detailed list (from CHANGES.md): * 'cupsUTF8ToCharset' didn't validate 2-byte UTF-8 sequences, potentially reading past the end of the source string (Issue #1438) * The web interface did not support domain usernames fully (Issue #1441) * Fixed an infinite loop issue in the GTK+ print dialog (Issue #1439 boo#1254353) * Fixed stopping scheduler on unknown directive in configuration (Issue #1443) Issues are those at https://github.com/OpenPrinting/cups/issues - Version upgrade to 2.4.15: See https://github.com/openprinting/cups/releases The release CUPS 2.4.15 brings two CVE fixes: Fix various cupsd issues which cause local DoS (CVE-2025-61915 bsc#1253783) Fix unresponsive cupsd process caused by slow client (CVE-2025-58436 bsc#1244057) and several bug fixes described in CHANGES.md. Detailed list (from CHANGES.md): * Fixed potential crash in 'cups-driverd' when there are duplicate PPDs (Issue #1355) * Fixed error recovery when scanning for PPDs in 'cups-driverd' (Issue #1416) Issues are those at https://github.com/OpenPrinting/cups/issues - Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.16 - Fixed entry below dated "Sat Sep 30 08:52:42 UTC 2017" which contained needless UTF-8 Unicode characters that are now replaced by plain ASCII text in "... line - the ..." to fix a rpmlint "non-break-space" warning. - Adapted and enhanced 'tmpfiles.d' related things in cups.spec to "Fix packages for Immutable Mode - cups" (implementation task jsc#PED-14775 from epic jsc#PED-14688) ==== dmidecode ==== Version update (3.6 -> 3.7) - Update to upstream version 3.7: * Memory sizes use binary unit prefixes. * The word "Firmware" is now used instead of "BIOS". * Support for SMBIOS 3.8.0. This includes a new processor family. * Support for SMBIOS 3.9.0. This includes chassis type name adjustments, new rack attributes, slot ID for more slot types, and new memory device form factors and types. * Decode HPE OEM records 193, 195, 202, 211, 226, 229, 232 and 244. * Update HPE OEM records 203, 216, 242 and 245. * EDSFF slot names now include their .S/.L suffix. * Obsoletes dmioem-update-hpe-oem-type-238.patch. ==== flatpak ==== Version update (1.16.2 -> 1.16.3) Subpackages: flatpak-selinux libflatpak0 system-user-flatpak - Update to version 1.16.3: + Be selective about when to map font-dirs.xml in flatpak build. ==== glib2 ==== Subpackages: glib2-tools libgio-2_0-0 libgirepository-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 typelib-1_0-GLib-2_0 typelib-1_0-GModule-2_0 typelib-1_0-GObject-2_0 typelib-1_0-Gio-2_0 - Add glib2-CVE-2026-0988.patch: fix a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049 CVE-2026-0988 glgo#GNOME/glib#3851). ==== harfbuzz ==== Version update (12.3.0 -> 12.3.1) Subpackages: libharfbuzz-gobject0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - Update to version 12.3.1: + Various speed optimizations. + Build fixes for GCC 4.9. + Fix NULL pointer deference when malloc fails. - Drop harfbuzz-CVE-2026-22693.patch: Fixed upstream. ==== kernel-firmware-intel ==== Version update (20251228 -> 20260122) - Update to version 20260122 (git commit 1b7b9f6c3461): * Intel IPU7: Update firmware binary for Panther Lake ==== kernel-firmware-mediatek ==== Version update (20260114 -> 20260119) - Update to version 20260119 (git commit ed7a76faccbc): * linux-firmware: update firmware for MT7921 WiFi device ==== kernel-source ==== Version update (6.18.6 -> 6.18.7) - Linux 6.18.7 (bsc#1012628). - firmware: imx: scu-irq: Set mu_resource_id before get handle (bsc#1012628). - efi/cper: Fix cper_bits_to_str buffer handling and return value (bsc#1012628). - nvme-apple: add "apple,t8103-nvme-ans2" as compatible (bsc#1012628). - Revert "gfs2: Fix use of bio_chain" (bsc#1012628). - x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1 (bsc#1012628). - rust: bitops: fix missing _find_* functions on 32-bit ARM (bsc#1012628). - ASoC: codecs: wsa884x: fix codec initialisation (bsc#1012628). - ASoC: codecs: wsa883x: fix unnecessary initialisation (bsc#1012628). - drm/gud: fix NULL fb and crtc dereferences on USB disconnect (bsc#1012628). - virtio_net: Fix misalignment bug in struct virtnet_info (bsc#1012628). - io_uring: move local task_work in exit cancel loop (bsc#1012628). - xfrm: Fix inner mode lookup in tunnel mode GSO segmentation (bsc#1012628). - xfrm: set ipv4 no_pmtu_disc flag only on output sa when direction is set (bsc#1012628). - pNFS: Fix a deadlock when returning a delegation during open() (bsc#1012628). - NFS: Fix a deadlock involving nfs_release_folio() (bsc#1012628). - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (bsc#1012628). - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() (bsc#1012628). - drm/bridge: dw-hdmi-qp: Fix spurious IRQ on resume (bsc#1012628). - drm/vmwgfx: Fix KMS with 3D on HW version 10 (bsc#1012628). - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (bsc#1012628). - NFS/localio: Deal with page bases that are > PAGE_SIZE (bsc#1012628). - drm/rockchip: vop2: Add delay between poll registers (bsc#1012628). - drm/rockchip: vop2: Only wait for changed layer cfg done when there is pending cfgdone bits (bsc#1012628). - PM: EM: Fix incorrect description of the cost field in struct em_perf_state (bsc#1012628). - ipv4: ip_tunnel: spread netdev_lockdep_set_classes() (bsc#1012628). - can: etas_es58x: allow partial RX URB allocation to succeed (bsc#1012628). - nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (bsc#1012628). - cxl/port: Fix target list setup for multiple decoders sharing the same dport (bsc#1012628). - btrfs: release path before iget_failed() in btrfs_read_locked_inode() (bsc#1012628). - btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1012628). - Bluetooth: hci_sync: enable PA Sync Lost event (bsc#1012628). - net: bridge: annotate data-races around fdb->{updated,used} (bsc#1012628). - ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (bsc#1012628). - net: update netdev_lock_{type,name} (bsc#1012628). - macvlan: fix possible UAF in macvlan_forward_source() (bsc#1012628). - block: zero non-PI portion of auto integrity buffer (bsc#1012628). - ipv4: ip_gre: make ipgre_header() robust (bsc#1012628). - vsock/test: add a final full barrier after run all tests (bsc#1012628). - net/mlx5e: Fix crash on profile change rollback failure (bsc#1012628). - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (bsc#1012628). - net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (bsc#1012628). - net/mlx5e: Restore destroying state bit after profile cleanup (bsc#1012628). - btrfs: fix memory leaks in create_space_info() error paths (bsc#1012628). - cxl/hdm: Fix potential infinite loop in __cxl_dpa_reserve() (bsc#1012628). - net: octeon_ep_vf: fix free_irq dev_id mismatch in IRQ rollback (bsc#1012628). - net: phy: motorcomm: fix duplex setting error for phy leds (bsc#1012628). - net: airoha: Fix typo in airoha_ppe_setup_tc_block_cb definition (bsc#1012628). - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip (bsc#1012628). - ALSA: hda/cirrus_scodec_test: Fix test suite name (bsc#1012628). - net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1012628). - dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1012628). - ipv6: Fix use-after-free in inet6_addr_del() (bsc#1012628). - selftests: drv-net: fix RPS mask handling for high CPU numbers (bsc#1012628). - net/sched: sch_qfq: do not free existing class in ... changelog too long, skipping 263 lines ... - commit 76c2c9b ==== lirc ==== - Add lirc.sysusers to replace useradd/groupadd/usermod for transactional updates (jsc#PED-14918) - Add lirc-rpmlintfix.patch to make rpmlint happy - Add %check from Fedora ==== multipath-tools ==== Subpackages: kpartx libmpath0 - Remove %ghost entry for /run/multipath from spec file (jsc#PED-14758) ==== openjpeg2 ==== - Add openjpeg2-cve-2023-39327-limit-iterations.patch (CVE-2023-39327, bsc#1227412). ==== pam ==== Version update (1.7.1 -> 1.7.2) - Update to version 1.7.2: * build: enabled vendordir by default. * pam_access: fixed stack overflow with huge configuration files. * pam_env: enhanced error diagnostics when ignoring backslash at end of string. * pam_faillock: skip clearing user's failed attempt when auth stack is not run. * pam_mkhomedir: added support for vendordir skeleton directory. * pam_unix: added support for pwaccessd. * pam_unix: added support for PAM_CHANGE_EXPIRED_AUTHTOK. * pam_unix: fixed password expiration warnings for large day values. * pam_unix: hardened temporary file handling. * Multiple minor bug fixes, build fixes, portability fixes, documentation improvements, and translation updates. - Drop post-v1.7.1.patch - Drop pam_mkhomedir-Use-vendordir-when-defined.patch - Build source archive directly from git ==== pam-full-src ==== Version update (1.7.1 -> 1.7.2) - Update to version 1.7.2: * build: enabled vendordir by default. * pam_access: fixed stack overflow with huge configuration files. * pam_env: enhanced error diagnostics when ignoring backslash at end of string. * pam_faillock: skip clearing user's failed attempt when auth stack is not run. * pam_mkhomedir: added support for vendordir skeleton directory. * pam_unix: added support for pwaccessd. * pam_unix: added support for PAM_CHANGE_EXPIRED_AUTHTOK. * pam_unix: fixed password expiration warnings for large day values. * pam_unix: hardened temporary file handling. * Multiple minor bug fixes, build fixes, portability fixes, documentation improvements, and translation updates. - Drop post-v1.7.1.patch - Drop pam_mkhomedir-Use-vendordir-when-defined.patch - Build source archive directly from git ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11 - remove dmraid from enhanced_base ==== polkit-default-privs ==== Version update (1550+20260108.4fc3a54 -> 1550+20260122.bb2b3c5) - Update to version 1550+20260122.bb2b3c5: * profiles: drop no longer packaged gsd wacom-*led-helper actions * profiles: whitelist InputPlumber actions (bsc#1249149) * profiles: whitelist tlp-pd actions (bsc#1254768) ==== qalculate ==== Version update (5.8.2 -> 5.9.0) - Update to version 5.9.0 * Improve speed of sort(), rank(), and mode() functions (and other dependent functions). * Parse ± before implicit multiplication when not preceded by number (e.g. "7 km ± 5m"). * Always consider x^(a + b) equivalent to x^a × x^b (fixes "x^(y + z) − x^y × x^z"). * Simplify (x = a || x ≥ a + 1) and (x ≤ a || x ≥ a + 1), and similar, when x and a are integers (fixes "abs(x − 1) = abs(1 − x)"). * Do not remove duplicate whitespace characters from text strings (in quotation marks). * Add exact values for multiples of pi/12 (15°) in sin() and cos(), and tan(7/12pin). * Fix floating point conversion when comma is used as decimal separator. * Fix endless loop with increasingly complex equations in some cases when x + x^(1/a) is transformed to x = (b − x)^a). * Fix and improve function() function. * Fix loading of approximate variable with both approximate and exact values (e.g. in vector). * Fix missing parenthesis for exact number shown as approximate in vector. * Fix conversion to non-unit expression beginning with zero (when not before decimal separator) or minus. * Fix exchange rates updated after calculation of expression with only one currency. * Fix segfault in some corner cases when converting approximate units before uncertainty calculation. * Remove intltool build dependency. * Fix compilation with readline < 7.0 and mpfr < 4.0. * Do not show calculate-as-you-type result for incomplete object name (e.g. "integ" interpreted as "int(e × g)"). * Ellipsize large matrices and vectors when a subset of output, e.g. in a failed function, in qalc. * Completion for commands and options. * Do not show result for variable assignment when --terse and - -file are used. * Minor bug fixes and feature enhancements. ==== qemu ==== - Bug and CVE fixes: * roms/edk2: fix building with GCC 16 (bsc#1256980) * hw/i386/kvm: fix PIRQ bounds check in xen_physdev_map_pirq() (bsc#1256484, CVE-2026-0665) ==== wireplumber ==== Subpackages: libwireplumber-0_5-0 - Backport upstream fixes: 0001-monitors-bluez-request-device-ports-take-loopback-no.patch 0002-autoswitch-bluetooth-profile-Fix-attempt-to-index-a-.patch