Packages changed: 7zip (26.00 -> 26.01) AppStream Mesa (26.1.1 -> 26.1.2) Mesa-drivers (26.1.1 -> 26.1.2) aaa_base (84.87+git20260529.c4391e5 -> 84.87+git20260602.e901e17e) adwaita-icon-theme (50.0 -> 50.0+2) alsa (1.2.15.3 -> 1.2.16) alsa-ucm-conf (1.2.15.3 -> 1.2.16) alsa-utils (1.2.15.2 -> 1.2.16) apache2-mod_php8 (8.5.6 -> 8.5.7) ceph curl dracut (110+suse.31.ga81148a -> 110+suse.32.g36b00ba7) file fontconfig (2.17.1 -> 2.18.0) gnome-keyring grub2 harfbuzz (14.2.0 -> 14.2.1) hwdata (0.407 -> 0.408) hwinfo (25.3 -> 25.4) ipxe java-25-openjdk javapackages-tools kernel-source (7.0.10 -> 7.0.11) libavif (1.4.1 -> 1.4.2) libbluray (1.4.0 -> 1.4.1) libgtop libheif (1.22.2 -> 1.23.0) libinput (1.31.2 -> 1.31.3) librsvg (2.62.2 -> 2.62.3) libselinux live555 (2026.05.28 -> 2026.06.01) mariadb-connector-c (3.4.5 -> 3.4.8) mozjs140 mutter (50.1 -> 50.2) nbd (3.26.1 -> 3.27.1) ncurses (6.6.20260516 -> 6.6.20260530) nfs-utils openSUSE-release (20260602 -> 20260605) ovmf (202602 -> 202605) perl-Cpanel-JSON-XS (4.400.0 -> 4.410.0) perl-HTML-Parser (3.830.0 -> 3.850.0) php8 (8.5.6 -> 8.5.7) polkit-default-privs (1550+20260528.62493d2 -> 1550+20260603.7a43683) python-semanage qalculate (5.10.0 -> 5.11.0) samba (4.23.8+git.477.f78166bceed -> 4.24.3+git.475.629de6765b9) sshfs (3.7.5 -> 3.7.6) sssd tpm2.0-tools xtermset zbar === Details === ==== 7zip ==== Version update (26.00 -> 26.01) - Update to 26.01: * linux version of 7-Zip can use huge pages (2 MB pages). It can increase compression speed for 10% for 7z/xz/LZMA/LZMA2 compression. * new -spo[d|c|r] switch specifies the path generation mode for the output directory for archive extraction. The output directory path is generated from the path specified in the -o{dir_path} switch and the name of the archive being unpacked. - spod : for Linux/Posix/macOS: -o{dir_path} specifies the direct path to the output directory. The asterisk (*) character in {dir_path} will not be replaced by the archive name. - spoc : 7-Zip will concatenate the path specified in -o{dir_path} with the archive name to form the final path to the output directory. - spor : 7-Zip will replace asterisk (*) character in the path specified in the -o{dir_path} with the archive name. This is the default option. * some bugs were fixed. * CVE-2026-48095 / GHSL-2026-140 : Heap Buffer Write Overflow ==== AppStream ==== Subpackages: libAppStreamQt3 libappstream5 - Add upstream change: * 0001-Explicitly-add-fcfreetype.h-include-to-asc-font.c.patch ==== Mesa ==== Version update (26.1.1 -> 26.1.2) Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1 - Update to 26.1.2 bugfix release - -> https://docs.mesa3d.org/relnotes/26.1.2 ==== Mesa-drivers ==== Version update (26.1.1 -> 26.1.2) Subpackages: Mesa-dri Mesa-libva Mesa-vulkan-device-select libvulkan_lvp - Update to 26.1.2 bugfix release - -> https://docs.mesa3d.org/relnotes/26.1.2 ==== aaa_base ==== Version update (84.87+git20260529.c4391e5 -> 84.87+git20260602.e901e17e) Subpackages: aaa_base-extras - Update to version 84.87+git20260602.e901e17e: * Fix a typo + follow symlinks in alljava ==== adwaita-icon-theme ==== Version update (50.0 -> 50.0+2) - Update to version 50.0+2: + folder-projects: XDG Projects folder. ==== alsa ==== Version update (1.2.15.3 -> 1.2.16) Subpackages: libasound2 libatopology2 - Update to alsa-lib 1.2.16: fixes for PCM, control remap, topology, UCM extensions, etc For details, see: https://www.alsa-project.org/wiki/Changes_v1.2.15.3_v1.2.16#alsa-lib ==== alsa-ucm-conf ==== Version update (1.2.15.3 -> 1.2.16) - Update to alsa-ucm-conf 1.2.16: * fixes for SOF, soundwire, ACP, USB-audio and other various devices For details, see: https://www.alsa-project.org/wiki/Changes_v1.2.15.3_v1.2.16#alsa-ucm-conf ==== alsa-utils ==== Version update (1.2.15.2 -> 1.2.16) - Update to alsa-utils 1.2.16: * fixes and enhancements in speaker-test, alsaloop, amixer and aply For details, see: https://www.alsa-project.org/wiki/Changes_v1.2.15.3_v1.2.16#alsa-utils ==== apache2-mod_php8 ==== Version update (8.5.6 -> 8.5.7) - version update to 8.5.7 CLI: Fixed bug GH-21901 (Stale getopt() optional value). Date: Fixed bug GH-18422 (int overflow in php_date_llabs). DOM: Fixed bug GH-22077 (UAF in custom XPath function). Opcache: Fixed tracing JIT crash when a VM interrupt is handled during an observed user function call. Fixed bug GH-21746 (Segfault with tracing JIT). Fixed bug GH-22004 (Assertion failure at ext/opcache/jit/zend_jit_trace.c). Fixed tailcall VM crash when a VM interrupt is handled from a VM helper. OpenSSL: Fix compatibility issues with OpenSSL 4.0. Standard: Fixed bug GH-21689 (version_compare() incorrectly handles versions ending with a dot). URI: Fixed CVE-2026-44927 (In uriparser before 1.0.2, there is pointer difference truncation to int in various places). (CVE-2026-44927) [bsc#1264578] Fixed CVE-2026-44928 (In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal). (CVE-2026-44928) [bsc#1264579] - remove deprected --enable-inline-optimization ==== ceph ==== Subpackages: librados2 librbd1 - Add ceph-gcc16-build-fix.patch to fix build with gcc 16 ==== curl ==== Subpackages: libcurl4 - Backport fix for issue gh#curl/curl#21547 and gh#Nheko-Reborn/nheko#2054 which caused applications to busy loop with 100% CPU usage * Add libcurl-fix-wakeup-consumption.patch ==== dracut ==== Version update (110+suse.31.ga81148a -> 110+suse.32.g36b00ba7) - Update to version 110+suse.32.g36b00ba7: * fix(systemd-*): add new dlopen dependencies to modules lists ==== file ==== Subpackages: file-magic libmagic1 - Add patch file-5.47-stanza.patch (boo#1261558 partly) * Avoid many false positive on windows file test ==== fontconfig ==== Version update (2.17.1 -> 2.18.0) Subpackages: libfontconfig1 - Update to 2.18.0 * test: Fix a build issue with musl libc * fc-lang: Add suz.orth for Sunuwar * test: add common helper class * test: port basic functionality check to Python * test: update to pass test cases on Win32 * do not mix up a slash and a backslash in file object on Win32 * meson: Add a missing fontconfig architecture test case * Add fontconfig version in FcCache * Improve a warning message * Better error message when missing default config * ci: install before test to avoid fontconfig error * Fix regex to pick up libtool version * Improve performance in FcConfigAdd * Improve log header in FcConfigSubstituteWithPat * meson: Update WrapDB files for v2 format migration * ci: add an option for the address sanitizer * Fix "UBSAN null pointer passed" to qsort * ci: Enable ASAN and UBSAN * Add genericfamily object in FcPattern * Add xsi:nil attribute support to limited elements * Get out from FcConfigAdd immediately if no valid pointer given * Bump the cache version again * fc-case: Update CaseFolding.txt to Unicode 17 * Add obvious namespace to macros for FC_SPACING * Improve handling of constant name * test: fix pytest error when running on the top project directory * meson: Update wrapdb for expat to the latest * Use FcStrCopy instead of strdup * Fix -Wpointer-sign warnings * Do not store duplicate object name into FcObjectSet * Fix unused variable warning when iconv support disabled * doc: Fix a typo in FcPatternAdd description * Add fc-genconf the configuration generator tool * test-conf: Correct test results to display at the proper place * Fix unexpected priority change when looking up by specific family name * Return error code if FcPatternFormat failed * Add const converter for pattern format * fc-genconf: Add scan pattern to update genericfamily with commandline option * Fix dereferencing a null pointer of FcConfig in FcFontSetSort * conf.d: Fix a typo in 65-khmer.conf * Update doc for xsi:nil attribute support * test: add more conditional for bwrap sandbox test cases * meson: add tests-bwrap option * Avoid locale-dependent float-to-string * test-conf: add wrapper setenv for Win32 * Fix invalid memory access on Win32 * More fixes for locale-dependent float-to-string conversion * Replace strtod() with FcStrtod() * Explicitly declare FcPatternObjectCount as a public function * Update meson dependency to 1.11.0 - modified patches * skip-network-test.patch (refreshed) ==== gnome-keyring ==== Subpackages: gnome-keyring-pam libgck-modules-gnome-keyring - Add 04a6bc68ff4350676c5fc55d1b244a17224fbea2.patch: Fix: avoid potential FD leak in gkm_rpc_layer_startup. - Rebase gnome-keyring-pam-auth-prompt-password.patch with quilt. - Use autosetup/patch macros. ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-arm64-efi-bls grub2-common grub2-snapper-plugin grub2-systemd-sleep-plugin - Fix build with GCC 16 * gcc16.patch * 0001-add-support-for-UEFI-network-protocols.patch ==== harfbuzz ==== Version update (14.2.0 -> 14.2.1) Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - Update to version 14.2.1: + Various AAT shaping fixes: legacy mort contextual offsets (which could produce out-of-font glyph IDs), in-place deleted-glyph replacements, and overflow in obsolete offset math. + Fix Arabic PUA fallback shaping for the isolated lam-alef-maksura ligature. + Fix float-to-int overflow in avar2 mapping with malformed fonts. + Harden buffer verification after detecting non-monotone clusters. + Various COLR v1 fixes: fix handling of .notdef without paint, round alpha consistently, and report the root clip under the font transform. + Various Glyph-extents fixes: inclusive rounding, and floating-point scaling before rounding so the reported box always covers the glyph. + Various Subsetting fixes: keep the palt spacing feature by default, raise the repacker MAX_SPACES limit, fix a repacker crash on shared LigatureSet nodes, guard gvar size overflow on 32-bit, and fix the post glyph-name sort comparator on macOS. + Replace std::sort with an internal quicksort, removing leaked std:: symbols from the libharfbuzz ABI. + Harden size computations with saturating arithmetic against 32-bit overflow. + Various improvements to the experimental Rust shaper (HarfRust) and font functions (fontations): honor custom font funcs, key shape plans on features, faster buffer handling, and update to HarfRust 0.8. + Various fixes to the experimental harfbuzz-gpu and harfbuzz-vector libraries, including a harfbuzz-vector heap buffer overflow and Windows build fixes. + Map the Hrkt (Katakana or Hiragana) script tag to the kana OpenType tag. + Build configuration: new HB_CONFIG_OVERRIDE_LAST_H override header, decouple HB_NO_DRAW from HB_NO_CFF, and an optional hb-allocator Cargo feature. + Various build, CI, and fuzzing fixes. ==== hwdata ==== Version update (0.407 -> 0.408) - Update to version 0.408: * Update pci and vendor ids ==== hwinfo ==== Version update (25.3 -> 25.4) Subpackages: libhd25 - merge gh#openSUSE/hwinfo#181 - fix redundant conditions in smbios memory device map - 25.4 - merge gh#openSUSE/hwinfo#182 - fix memory leaks (bsc#1267348) - merge gh#openSUSE/hwinfo#180 - fix(core): free modinfo_ext instead of modinfo in hd_free_hd_data - merge gh#openSUSE/hwinfo#179 - Fix: fix sizeof in joystick allocation to use struct size instead of pointer size (bsc#1267348) ==== ipxe ==== - Restrict the build to x86_64 and aarch64, due to dependencies and to the fact that these arch-es are the only ones where the ROMs are useful. ==== java-25-openjdk ==== Subpackages: java-25-openjdk-headless - Make post scripts less noisy (bsc#1267355) ==== javapackages-tools ==== Subpackages: javapackages-filesystem - Outside of the ancient distros (< SLE-15-SP5) for the Python packaging use the modern style of %pyproject_* macros (soo#python/_ObsPrj#491). ==== kernel-source ==== Version update (7.0.10 -> 7.0.11) Subpackages: kernel-64kb kernel-default - Update patches.kernel.org/7.0.10-0148-bpf-fix-end-of-list-detection-in-cgroup_stora.patch (bsc#1012628 CVE-2026-45838 bsc#1266396). - Update patches.kernel.org/7.0.10-0155-bpf-reject-negative-CO-RE-accessor-indices-in.patch (bsc#1012628 CVE-2026-45839 bsc#1266399). - Update patches.kernel.org/7.0.10-0802-openvswitch-cap-upcall-PID-array-size-and-pre.patch (bsc#1012628 CVE-2026-45840 bsc#1266397). - Update patches.kernel.org/7.0.10-0805-netfilter-nfnetlink_osf-fix-divide-by-zero-in.patch (bsc#1012628 CVE-2026-45841 bsc#1266390). - Update patches.kernel.org/7.0.10-0812-slip-reject-VJ-receive-packets-on-instances-w.patch (bsc#1012628 CVE-2026-45842 bsc#1266400). - Update patches.kernel.org/7.0.10-0813-slip-bound-decode-reads-against-the-compresse.patch (bsc#1012628 CVE-2026-45843 bsc#1266395). - Update patches.kernel.org/7.0.10-0860-eventpoll-fix-ep_remove-struct-eventpoll-stru.patch (bsc#1012628 CVE-2026-46242). - Update patches.kernel.org/7.0.10-0888-netfilter-arp_tables-fix-IEEE1394-ARP-payload.patch (bsc#1012628 CVE-2026-45844 bsc#1266392). - Update patches.kernel.org/7.0.10-0939-net-sched-taprio-fix-NULL-pointer-dereference.patch (bsc#1012628 CVE-2026-45845 bsc#1266393). - Update patches.kernel.org/7.0.10-0981-bareudp-fix-NULL-pointer-dereference-in-bareu.patch (bsc#1012628 CVE-2026-45846 bsc#1266394). - Update patches.kernel.org/7.0.10-1139-net-rds-reset-op_nents-when-zerocopy-page-pin.patch (bsc#1012628 CVE-2026-43494 bsc#1265626). - Update patches.kernel.org/7.0.10-1142-net-skbuff-preserve-shared-frag-marker-during.patch (bsc#1012628 CVE-2026-46300 bsc#1265209). - Update patches.kernel.org/7.0.10-1143-net-skbuff-propagate-shared-frag-marker-throu.patch (bsc#1012628 CVE-2026-43503 bsc#1266229). - Update patches.kernel.org/7.0.11-004-smb-client-reject-userspace-cifs.spnego-descri.patch (bsc#1012628 CVE-2026-46243). - Update patches.kernel.org/7.0.4-001-ALSA-usb-audio-stop-parsing-UAC2-rates-at-MAX_N.patch (bsc#1012628 CVE-2026-46018 bsc#1266751). - Update patches.kernel.org/7.0.4-008-LoongArch-Add-spectre-boundry-for-syscall-dispa.patch (bsc#1012628 CVE-2026-45993). - Update patches.kernel.org/7.0.4-009-drm-nouveau-fix-u32-overflow-in-pushbuf-reloc-b.patch (bsc#1012628 CVE-2026-46006). - Update patches.kernel.org/7.0.4-012-greybus-gb-beagleplay-fix-sleep-in-atomic-conte.patch (bsc#1012628 CVE-2026-46041). - Update patches.kernel.org/7.0.4-013-misc-ibmasm-fix-OOB-MMIO-read-in-ibmasm_handle_.patch (bsc#1012628 CVE-2026-46022). - Update patches.kernel.org/7.0.4-014-ibmasm-fix-OOB-reads-in-command_file_write-due-.patch (bsc#1012628 CVE-2026-45994). - Update patches.kernel.org/7.0.4-015-ibmasm-fix-heap-over-read-in-ibmasm_send_i2o_me.patch (bsc#1012628 CVE-2026-46064). - Update patches.kernel.org/7.0.4-022-fs-afs-revert-mmap_prepare-change.patch (bsc#1012628 CVE-2026-46100). - Update patches.kernel.org/7.0.4-029-mm-fix-deferred-split-queue-races-during-migrat.patch (bsc#1012628 CVE-2026-46017 bsc#1267241). - Update patches.kernel.org/7.0.4-030-ocfs2-split-transactions-in-dio-completion-to-a.patch (bsc#1012628 CVE-2026-46080). - Update patches.kernel.org/7.0.4-031-Input-edt-ft5x06-fix-use-after-free-in-debugfs-.patch (bsc#1012628 CVE-2026-46097). - Update patches.kernel.org/7.0.4-032-zram-do-not-forget-to-endio-for-partial-discard.patch (bsc#1012628 CVE-2026-46089). - Update patches.kernel.org/7.0.4-033-wifi-rtw88-check-for-PCI-upstream-bridge-existe.patch (bsc#1012628 CVE-2026-46092). - Update patches.kernel.org/7.0.4-034-wifi-mwifiex-fix-use-after-free-in-mwifiex_adap.patch (bsc#1012628 CVE-2026-46069). - Update patches.kernel.org/7.0.4-038-vfio-cdx-Serialize-VFIO_DEVICE_SET_IRQS-with-a-.patch (bsc#1012628 CVE-2026-46036). - Update patches.kernel.org/7.0.4-039-vfio-cdx-Fix-NULL-pointer-dereference-in-interr.patch (bsc#1012628 CVE-2026-46034 bsc#1266757). - Update patches.kernel.org/7.0.4-041-thermal-core-Fix-thermal-zone-governor-cleanup-.patch (bsc#1012628 CVE-2026-46021 bsc#1267220). - Update patches.kernel.org/7.0.4-042-spi-imx-fix-use-after-free-on-unbind.patch (bsc#1012628 CVE-2026-45996). - Update patches.kernel.org/7.0.4-043-spi-ch341-fix-memory-leaks-on-probe-failures.patch (bsc#1012628 CVE-2026-46074). ... changelog too long, skipping 1593 lines ... - commit fc624df ==== libavif ==== Version update (1.4.1 -> 1.4.2) - update to 1.4.2: * Added since 1.4.1 - Add --jobs flag to avifgainmaputil to use multiple worker threads when reading/writing AVIF files. * Changed since 1.4.1 - Require C11 for compilation. Public headers will remain C99. - Add --jobs flag to avifgainmaputil and enable auto tiling. - Use AOM_TUNE_IQ for layered image inter-frame encoding. - Update aom.cmd/LocalAom.cmake: v3.14.1 - Update LocalAvm.cmake: research-v15.0.0 - Update libjpeg.cmd/LocalJpeg.cmake: 3.1.4.1 - Update libxml2.cmd/LocalLibXml2.cmake: v2.15.3 - Update libyuv.cmd/LocalLibyuv.cmake: 644251f25 (1924) - Update svt.cmd/svt.sh/LocalSvt.cmake: v4.1.0 - Update zlibpng.cmd/LocalZlibpng.cmake: libpng 1.6.58 - Fix memory leak of altICC if avifDecoderFindGainMapItem returns early. - Avoid MT loop restoration crash in libaom < 3.13.3 - Fix decoding layered image with multiple scaled alpha layers - Fix NaN bypass of AVIF_CLAMP in gain map tone mapping (use fminf/fmaxf) - Fix null pointer dereference in avifImageCopy() when avifImageCreateEmpty() fails to allocate the destination gain map image. - avifenc: reject mismatched --depth for Y4M input - Use libaom AOMD_SET_FRAME_SIZE_LIMIT if available - Fix bug in transfer function 11 (used for gain map creation/tone mapping) ==== libbluray ==== Version update (1.4.0 -> 1.4.1) - version update to 1.4.1 * Fix linking on Windows with Freetype enabled * Improve compilation with MSVC * Cleaning and improvements in Meson build files * Fix build with Java 23 for BD-J * Add SSIF files support to bd_open_file_dec() * Add player setting for UO restriction level * Add all UOs to BD_EVENT_UO_MASK_CHANGED * Improve resilence against invalid input * Fix memory leak in UHD playlists * BD-J: Implement TVTimer, TVTimerSpec * BD-J: Improve Java 1.4 compatibility * BD-J: Fix MediaPresentedEvent event emission on start * BD-J: Fix filesystem hooking in Java 25 * BD-J: Fix locators from org.bluray.ti.[PlayItemImpl,TitleComponentImpl] * BD-J: Multiple compability and performance improvements - deleted patches * libbluray-java25.patch (upstreamed) ==== libgtop ==== - Add missing %verify(not mode) (boo#1263098). ==== libheif ==== Version update (1.22.2 -> 1.23.0) Subpackages: gdk-pixbuf-loader-libheif libheif-aom libheif-dav1d libheif-ffmpeg libheif-jpeg libheif-openh264 libheif-openjpeg libheif-rav1e libheif-svtenc libheif1 - version update to 1.23.0: * add API functions to read and write metadata: ambient viewing environment nominal diffuse white luminance * adds a output_image_nclx_profile_passthrough option to heif_decoding_options * CVE TBD (GHSA-jvmp-j3cw-84mh) - unbounded heap allocation in HEIF sequence parser (stsz fixed-size mode missing bound check) ==== libinput ==== Version update (1.31.2 -> 1.31.3) Subpackages: libinput-udev libinput10 - Update to release 1.31.3 * libinput-device-group now sanitizes the PHYS value which prevents local privilege escalation through udev property injection. * `libinput record`: the --autorestart interval handling was broken for intervals 5s and higher * `libinput recor`: added a convenience fix for running with - -autorestart. * Eraser buttons can now be mapped to any button (previously only BTN_STYLUS, BTN_STYULUS2 and BTN_STYLUS3 were permitted). ==== librsvg ==== Version update (2.62.2 -> 2.62.3) Subpackages: librsvg-2-2 typelib-1_0-Rsvg-2_0 - Update to version 2.62.3: + librsvg crate version 2.62.3 + librsvg-rebind crate version 0.3.0 + Remove loading limits from image-rs. This means that raster images, when embedded in SVG documents, have no limits for their size or memory consumption. The idea, for now, is that security-sensitive applications that use librsvg should do their own sandboxing if they want to impose memory limits. + Fix the logic for whether gdk-pixbuf-query-loaders should be run during cross-compilation. Native builds can of course use it; cross builds can use it if they can run host binaries *and* an executable wrapper has been set *and* the target sysroot contains the corresponding gdk-pixbuf-query-loaders executable ==== libselinux ==== Subpackages: libselinux1 selinux-tools - Add patch for restorecon to log error on readonly fs (bsc#1232226) - Patch: restorecon-Only-log-error-on-readonly-fs-bsc-1232226.patch - Can be dropped with the next toolchain release: https://github.com/SELinuxProject/selinux/commit/fd411d50ba1cb3e8ad5f8ce4e3c9bc7fcbe4340c ==== live555 ==== Version update (2026.05.28 -> 2026.06.01) Subpackages: libBasicUsageEnvironment2 libUsageEnvironment3 libgroupsock33 - Update to version 2026.06.01: + Updated the "RTSPServer" implementation of the "SETUP" command to make it more robust if subclassed code reimplements "lookupServerMediaSession()" as an asynchronous operation. - update to 2026.05.30: * Updated the "RTSPServer" implementation some more to make it more robust if subclassed code reimplements "lookpServerMediaSession()" as an asynchronous operation. * Added an (integer) index to identify each server's 'client connection', and changed the "fClientConnections" table to be indexed by this id. * In the "RTSPServer" implementation, removed the "fOurClientConnection" member variable. This had been left over from when the RTSP "SETUP" command had been implemented as a single, synchronous function. Now that "SETUP" is implemented using multiple functions, possibly asynchronously (depending upon how "lookpServerMediaSession()" is implemented), this member variable was potentially dangerous if more than one "SETUP" is performed concurrently on the same client connection, or on separate client connections. ==== mariadb-connector-c ==== Version update (3.4.5 -> 3.4.8) - Update to release 3.4.8: * Fix compilation with GCC 15 * CONC-762: always set is_null and length in the bind structure to avoid msan errors * CONC-763: add MySQL collation ID 309 (utf8mb4_0900_bin) * CONC-764: fix build of ma_context.c on Android (X18 is a platform-reserved register) * CONC-766: disable clang -Wcast-function-type-strict for makecontext - Drop patches now included upstream: * mariadb-connector-c-3.4.5-gcc15.patch * mariadb-connector-c-3.4.5-gcc15-part2.patch - Update mariadb.keyring with the MariaDB Signing Key (signing-key@mariadb.org); upstream now signs the connector-c release tarballs with it - Fetch sources from archive.mariadb.org ==== mozjs140 ==== - Add mozjs140-CVE-2025-70103.patch: libjxl: take EC into account when checking required PNM input length (bsc#1266463 CVE-2025-70103). ==== mutter ==== Version update (50.1 -> 50.2) - Update to version 50.2: + Fix size increases when quickly unmaximizing window by drag + Fix cursor position hint for Xwayland if scaling is used + Fix fullscreening of edge tiled windows + Scale the hotspot location for tablet tool cursors + Fix moving maximized windows to another monitor via keyboard + Fix alt-tab with sloppy/mouse focus + Implement support for version 2 of text_input_v3 protocol + Ignore repeated events for double click counting + Fix DND data offers on touch + Make DND with tablets work across surfaces + Do not unfullscreen fullscreened window on unmaximize + Fix broken switch-monitor mapping on stylus buttons + Fixed crashes + Misc. bug fixes and cleanups + Updated translations. - Add 5096.patch: Stop mutter spamming logs. - Rebase patches with quilt. ==== nbd ==== Version update (3.26.1 -> 3.27.1) - Update to version 3.27.1: * Enable TLS 1.3 by default (while still disallowing TLS 1.1 and below) * Set a sensible default port again: an nbdtab entry without a port specification is read as the default 10809 instead of 0 * nbd-client: find the index when the device name is given without the /dev/ prefix * nbd-client now depends on the nbd kernel module being loaded * Refactor nbd-client argument parsing into a separate file * Fix configure --disable-manpages * Fix build on musl + gcc14 (incompatible-pointer-types) * Several clang-warning, formatting and cleanup fixes - Drop nbd-forgotten-sh.tmpl.patch: upstream moved the shell template to systemd/sh.tmpl and ships it in the tree - Build from the upstream git archive and regenerate the build system with autogen.sh; add autoconf, autoconf-archive, automake, flex and libtool BuildRequires ==== ncurses ==== Version update (6.6.20260516 -> 6.6.20260530) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20260530 + minor renaming, formatting to align with Juergen Pfeifer's fork. + add configure script check for --enable-ext-mouse2, to support ABI 7. + improve special case in tic for %{code} to allow any non-zero byte as the result %'char' - Add ncurses patch 20260523 + modify _nc_wacs[] to make it per-screen (from Juergen Pfeifer's fork) + eliminate a special case in tic when translating %{code} to %'char', since %{92} mapping to %'\' works with tparm and infocmp. ==== nfs-utils ==== Subpackages: libnfsidmap1 nfs-client nfs-kernel-server - Update to 2.9.1: https://lore.kernel.org/linux-nfs/955a922e-c12d-435b-a698-caf73312f01d@redhat.com/ https://www.kernel.org/pub/linux/utils/nfs-utils/2.9.1/2.9.1-Changelog * Minor version being disabled (which is why the minor release was bumped) * New features bug fixes: * V4.0 is turned off on the servery by default * netlink is now used for upcalls in exportfs, exportd, mountd * signed filehandle support was added. * nfsdctl now checks for listeners before starting. - Update to 2.8.7: https://lore.kernel.org/linux-nfs/4d11b9d7-7b49-4a1e-8c26-29ecb2fefe2f@redhat.com/ * nfsrahead: quieten misleading error for non-NFS block devices * nfsrahead: zero-initialise device_info struct - No functional change (all commits from this release had already been backported) - Removed patches from 2.8.7: * nfsrahead-quieten-misleading-error-for-non-NFS-block-devic.patch * nfsrahead-zero-initialise-device_info-struct.patch ==== openSUSE-release ==== Version update (20260602 -> 20260605) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== ovmf ==== Version update (202602 -> 202605) Subpackages: qemu-uefi-aarch64 - Update to edk2-stable202605 - Patches (git log --oneline --date-order edk2-stable202602..edk2-stable202605) b03a21a63e3b UefiCpuPkg: Remove the absolute address jump in LoongArch exception handler e6863d9cb987 MdePkg: Disable AuditOnly Mode for Spell Check 6f73fbea9778 MdePkg: Fix Spelling Errors in Comments 27f83abf1b65 .pytool: Update cspell Allowed Words b5d4a2c4789d MdePkg,MdeModulePkg: Fix Spelling Error in Udf Definitions 1efbb315fd43 MdePkg: Fix Spelling Errors in CXL Definitions 627860407ae1 MdePkg: Fix Spelling Errors in HiiImageDecoder Definitions 4da6018ffe6e MdePkg: Fix Spelling Errors in IPMI Definitions 5981dfcb5f49 MdePkg: Fix Spelling Error in DriverConfiguration2 Definitions 5aaf451f8b67 MdePkg: Fix Spelling Errors in ACPI Definitions efd3635d901e MdePkg: Fix Spelling Error in ScsiIo Definitions f3b29f03c4d6 MdePkg: Fix Spelling Error in Cper Definitions 2ced4c80342a MdePkg: Fix Spelling Error in Hash Definitions 208454c51def MdePkg: Fix Spelling Error in Nvme Definitions bf5ed9cc551b Global: Fix Spelling Errors in PCI/PCIe Definitions e6f401761a73 MdePkg: Fix Spelling Errors in SmBios Definitions 7c440a7a2b55 MdePkg,MdeModulePkg: Fix Spelling Errors in Atapi Definitions 81b7c2912bd6 MdePkg,SecurityPkg: Fix Spelling Errors in TCG/TPM Definitions 4e5672043bd5 ManageabilityPkg: add configurable KCS status-check timeout PCD 441873c2a987 SecurityPkg/SecureBootVariableLib: Cleanup debug print readability 8add400a8be8 MdeModulePkg: Cleanup debug print readability 5caf4c6aeb4a MdeModulePkg,MdePkg: Send I/O without FUA if necessary ee58614bbbb4 MdeModulePkg/ScsiDiskDxe: Check Write Caching and FUA support b8df7d9c8e1e ArmVirtPkg/ArmPlatformLibQemu: Support early ID map on LPA2 capable CPUs d73615b24ba4 Revert "ArmPlatformPkg,EmbeddedPkg,MdeModulePkg: Move RealTimeClockLib ..." f3d49c80246d MdePkg/Include: Add missing ACPI EINJ structure c00c1216ce7f ArmPkg/CpuDxe: Refuse to clear XN from device memory mappings 99d8c3710a0f ArmPkg/CpuDxe: Drop GCD system memory check from MemoryAttribute protocol 7ab771ddcf8d .github: Remove SignedCapsulePkg 1c1f858a4df0 .pytool: Remove SignedCapsulePkg a3c4fd772a17 .azurepipelines/templates/pr-gate-build-job.yml: Remove SignedCapsulePkg 111a799abd83 Maintainers.txt: Remove SignedCapsulePkg c00e8d0bcddf SignedCapsulePkg: Remove package 6d4e97380784 NetworkPkg/DnsDxe: Refactor answer loop to for in ParseDnsResponse ccc95703cd8b NetworkPkg/Ip4Dxe: Fix missing Status check on Ip4Cfg2->SetData call f1f89f454cd8 ShellPkg/UefiShellLevel3: Lower indentation level in MainCmdXXX() 8b5c970c55a7 ShellPkg/Help: Extract PrintMatchingHelp() function 27c785b0df7f ShellPkg/UefiShellLevel3: Extract ProcessFileList() function 014d8fb941f8 ShellPkg/UefiShellLevel3: Extract MainCmdXXX() function 49ba46ec0ae6 ShellPkg/UefiShellLevel3: Return if ShellCommandLineParse() failed a219f8cfc541 ShellPkg/Help: Free package on all paths 899b8b8550f8 ShellPkg/Type: Factorize character display 680ee2e3e9b1 ShellPkg/Cls: Factorize color parsing 68662fd712b9 ShellPkg: Add 'cxl' command d9c842477ec8 OvmfPkg: Include CxlDxe a87c9f062170 MdeModulePkg: Add CxlDxe driver 6afdf4e7fbff MdeModulePkg: Add CxlIo.h protocol 2a8ba80f276d MdePkg: Add CDAT structure definitions 780a9c2dfccb MdePkg: Add Data Object Exchange interface 50537c6a1171 OvmfPkg/OvmfXen: Remove SEC source level debug for Xen 66820c9ace07 OvmfPkg: FSBClock moved to FixedAtBuild for platforms except Xen c801f959bba9 ShellPkg/UefiShellLevel1: Lower indentation level in MainCmdXXX() c50e5fe946ad ShellPkg/UefiShellLevel1: Extract MainCmdXXX() function e8036a9fbbe4 ShellPkg/UefiShellLevel1: Return if ShellCommandLineParse() failed d8b163508842 DynamicTablesPkg: add Hest table generator d9256a20ffb1 DynamicTablesPkg: add X64 objects for error sources 829c70b9efe0 DynamicTablesPkg: add common objects for common error sources 6bd553cc35fd MdeModulePkg: Remove duplicate library class in dsc file 0bc238d06684 MdePkg/AdapterInformation: Add CDAT adapter information type 3b899d2e586c MdeModulePkg/DxeCapsuleLibFmp: Tolerate EFI_ALREADY_STARTED in LockVariable 5acaac4f322d NetworkPkg/Ip4Dxe: Reject IPv4 addresses ending with dot 31ea9bcc70b0 ArmVirtPkg: Kvmtool: Init Arm CCA HOBs in PlatformPeim() 9c05ec80a285 ArmVirtPkg: Add a helper function to initialise Arm CCA HOBs f8ca1db593f9 ArmVirtPkg: Add NULL instance of ArmCcaInitPeiLib 15cf30827650 ArmVirtPkg: Add library for Arm CCA initialisation in PEI eee6ed8b117f OvmfPkg/XenBusDxe: Fix an error message 0d6750b88cbc OvmfPkg/XenPlatformPei: Remove call to XenHypercallLibInit c4cdc1794a51 OvmfPkg/XenHypercallLib: Remove unused HobLib b6480f6270b3 ArmVirtPkg: Add a helper to check protected MMIO address 1ae23a7acd13 ArmVirtPkg: Add Null instance of ArmCcaLib 39ff71df13cb ArmVirtPkg: Add library for Arm CCA helper functions 7c0fed45459b ArmVirtPkg: Add GUID HOBs to cache Realm IPA width and execution state 351dfdb3836f MdeModulePkg: Remove duplicate procotols guid in INF files 7d87a9d339c8 UefiPayloadPkg: Remove duplicate library and file name in INF file c86451e79bce UefiCpuPkg: Remove duplicate libraries in INF files 34c7871fec1a SourceLevelDebugPkg/DebugAgent: Remove duplicate library in INF file 25540b069f9f SecurityPkg: Remove duplicate file name in INF file 687d8049f574 ShellPkg/Shell: Remove duplicate Guid in INF file 42364d6c6f94 OvmfPkg/Sec: Remove duplicate PCD in INF file 6d4f24a74900 NetworkPkg/GoogleTest: Remove duplicate file name in INF file 35102d932fef IntelFsp2WrapperPkg: Remove duplicate library class in INF file 1c39524aec65 EmbeddedPkg: Remove duplicate procotol in INF file 482b4bf0a51a EmulatorPkg/Host: Remove duplicate procotol in INF file 71bf0d807dc2 ArmPkg/ArmGicDxe: Remove duplicate library in INF file c8833afa7a46 MdeModulePkg/NvmExpressDxe: Mark CDW10/CDW11 valid for Format and Sanitize ae2d2d76c1b9 ArmPkg,MdePkg,MdeModulePkg: change ArmFfaLibGetVersion() with whole version 50349c5e07e7 ArmPkg/Library: optimise StandaloneMmMmuLib with FF-A v1.3 03a07cb0f5e9 OvmfPkg/IntelTdx: only add UI to NCCFV 99148f1df884 DynamicTablesPkg: AcpiIortLibArm: Support SMMUv3 revision 5 56a250ad9f84 DynamicTablesPkg: AcpiIortLibArm: Support IORT revision 6 112a43a92d92 RedfishPkg/RedfishHttpDxe: Improve RedfishHttpOperation error handling 3449c60bab69 BaseTools: Add GENFWHII_FLAGS to fix VS2026 GenFw build issue 2f3883dd5912 NetworkPkg/HttpBootDxe: Add all events to HttpBootHttpCallback() 0e6f016032ed MdePkg/IndustryStandard: add LoongArch IOVT structures 53783077e291 RedfishPkg/RedfishDiscoverDxe: Do not require TCP6 if IPv6 HTTP off ef745f258c03 .github/workflows: Enable CodeQL on ManageabilityPkg 19d4bdefde67 ManageabilityPkg: Add ManageabilityPkg CI yaml ... changelog too long, skipping 380 lines ... bdadb269e379 BaseTools: Remove previously deprecated GCC48, GCC49 and GCC5 ==== perl-Cpanel-JSON-XS ==== Version update (4.400.0 -> 4.410.0) - updated to 4.410.0 (4.41) see /usr/share/doc/packages/perl-Cpanel-JSON-XS/Changes 4.41 2026-05-27 (rurban) - Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516) (patch by Paul Johnson) bsc#1267547 - Fix dupkeys_as_arrayref type confusion (CVE-2026-9334) (patch by Paul Johnson) bsc#1267546 - Fix incr_parse single-quote string delimiter (GH #245, reported by Paul Johnson) - Fix a one-byte out-of-bounds heap read reachable via allow_barekey on truncated input (GH #244, reported by Paul Johnson) ==== perl-HTML-Parser ==== Version update (3.830.0 -> 3.850.0) - updated to 3.850.0 (3.85) see /usr/share/doc/packages/perl-HTML-Parser/Changes 3.85 2026-05-19 - Replace deprecated uvuni_to_utf8() with uvchr_to_utf8() (GH#50) (GitHub Copilot, reported by James E Keenan) 3.84 2026-05-19 - Fix heap-use-after-free in _decode_entities (CVE-2026-8829) (GH#56) (Paul Johnson) ==== php8 ==== Version update (8.5.6 -> 8.5.7) Subpackages: php8-ctype php8-dom php8-iconv php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter - version update to 8.5.7 CLI: Fixed bug GH-21901 (Stale getopt() optional value). Date: Fixed bug GH-18422 (int overflow in php_date_llabs). DOM: Fixed bug GH-22077 (UAF in custom XPath function). Opcache: Fixed tracing JIT crash when a VM interrupt is handled during an observed user function call. Fixed bug GH-21746 (Segfault with tracing JIT). Fixed bug GH-22004 (Assertion failure at ext/opcache/jit/zend_jit_trace.c). Fixed tailcall VM crash when a VM interrupt is handled from a VM helper. OpenSSL: Fix compatibility issues with OpenSSL 4.0. Standard: Fixed bug GH-21689 (version_compare() incorrectly handles versions ending with a dot). URI: Fixed CVE-2026-44927 (In uriparser before 1.0.2, there is pointer difference truncation to int in various places). (CVE-2026-44927) [bsc#1264578] Fixed CVE-2026-44928 (In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal). (CVE-2026-44928) [bsc#1264579] - remove deprected --enable-inline-optimization ==== polkit-default-privs ==== Version update (1550+20260528.62493d2 -> 1550+20260603.7a43683) - Update to version 1550+20260603.7a43683: * profiles: added new systemd actions (bsc#1266944) - Update to version 1550+20260602.64ede59: * profiles: fwupd new actions in 2.1.4 (bsc#1267014) ==== python-semanage ==== - Depend on libso before make pywrap is executed to avoid race conditions (bsc#1266385) - Add patch: 1266385-libsemanage-Require-LIBSO-before-SWIGSO-and-SWIGRUBY.patch - Add CFLAGS to %make_install call for consistency with %make_build ==== qalculate ==== Version update (5.10.0 -> 5.11.0) Subpackages: libqalculate23 qalculate-data - Update to version 5.11 * Add set functions (union, intersect, setdiff, setxor, isMember, isSubset) and operators (∪, ∩, ∖, ⊖, ∈, ⊆, etc.) * Add characters(), count(), digitSum(), and digitalRoot(), find(), popCount(), string(), and while() functions * Support negative row and column values in element(), row(), and column() functions * Support matrix[row][column] syntax * Support text objects in sort() function * Add third optional argument to interval() function to allow exclusion of exact endpoints * Ignore "to" and "where" (and equivalent symbols) inside quotation marks * Ignore dot in front of plus or minus (for consistent behavior in line with entrywise operators) * Show "Division by zero" warning for all divisions by zero * Make display of expressions with time units in time format more consistent * Fix support for vector in argument of many functions (erf, mod, exp, etc.) * Fix explicit conversion to mixed units for year variants * Fix first digit missing in return value of integerDigits() in some cases * Fix segfault when Calculator object is destroyed with uninitialized random state * Fix infinite loop when referencing subfunction in another subfunction * Fix segfault in replace() with variable specified using where expression, e.g. "replace(v, x, 1) where v = x" * Fix segfault when data set function name is followed immediately by a single dot * Fix v[i]=a syntax for vector element assignment * Do not bind escape key (fixes bad behavior with keys that generate escape sequences, e.g function keys) (CLI) * Fix use of x, y, z, without backslash, for arguments when using function command (CLI) * Fix parse status and calculate-as-you-type when "where" expression defines a new symbol (Gtk, Qt) * Convert degree Celsius to Fahrenheit and vice versa in Gnome search provider (Gtk) * Fix compilation on macOS (Gtk) * Minor bug fixes and feature enhancements ==== samba ==== Version update (4.23.8+git.477.f78166bceed -> 4.24.3+git.475.629de6765b9) Subpackages: libldb2 python3-ldb samba-ad-dc-libs samba-client samba-client-libs samba-dcerpc samba-gpupdate samba-ldb-ldap samba-libs samba-libs-python3 samba-python3 samba-winbind samba-winbind-libs - Update to 4.24.3 * CVE-2026-4480: Fix Unauthenticated Remote Code Execution; (bso#16033); (bsc#1261161). * CVE-2026-4408: Fix Remote Code Execution in SAMR;(bso#16034); (bsc#1261163). * CVE-2026-3238: Fix unauthenticated udp packet crashes AD DC nbt server; (bso#16012); (bsc#1261160). * CVE-2026-3012: Fix CVE-2026-3012 group policy certificate enrollment using http:// without validation;(bso#16003); (bsc#1261159). * CVE-2026-1933: Fix missing access check on reparse point operations; (bso#15992); (bsc#1261188). * CVE-2026-2340: vfs_worm does not block directory modification; (bso#15997); (bsc#1261158). * CVE-2026-40170: thirdparty ngtcp2 needs to be updated; (bso#16059). - Update to 4.24.2 * Samba 4.24 with cups can't get queue and shows errors about fetch_share_cache_time; (bso#16038). * Fix a directory file descriptor leak in vfs_glusterfs that caused unbounded memory growth on the GlusterFS brick with persistent SMB2 connections; (bso#16043). * Windows Offline Files fails with permission error when directory has the read‑only attribute set; (bso#16030). * samba not triggering mount of zfs snapshot in dataset .zfs/snapshots/ directory; (bso#15991). * net ads join still fails with multiple DCs; (bso#15999). * samba-tool shows wrong format specifiers for timestamp attributes; (bso#16076). * restrict anonymous = 2 breaks RODC functionality; (bso#14638). * smbpasswd can crash winbindd on an AD DC; (bso#15973). * smbd does not cleanup on disconnect of the transport connection on lease break errors; (bso#15995). * CVE-2026-40170: thirdparty ngtcp2 needs to be updated; (bso#16059); (bsc#1262273); (bsc#1262337). * Require NTLMv2 session security on Windows makes trusts to Samba unusable; (bso#16067). * Winbind can change Ownership Of / To A User Who has Homedir / In passwd; (bso#16073). * Winbind lsa_OpenPolicy() fails on lsa connection setup with: NT_STATUS_RPC_CANNOT_SUPPORT; (bso#15987). * CTDB read-only record handling contains use after free and resource leak bugs; (bso#16068). - Update to 4.24.1 * autobuild fails if /proc/version contains trailing space; (bso#16057). * use after free in streams_xattr_connect(); (bso#16035). * rpc workers with long living clients grow server memory keytab; (bso#16042); (bsc#1257200). * vfs_snapper failing to access or enumerate files in subfolders; (bso#16058); (bsc#1259667). * Samba is not build with FORTIFY_SOURCE; (bso#16040). * Fix tests with MIT Kerberos 1.22.x; (bso#16055). - Update to 4.24.0 * incorrect behavior on rpcclient enumport with rpcd_spoolss; (bso#16019). * altSecurityIdentities X509 issuer DN order is reversed; (bso#16001). * vfs_aio_ratelimit: introduce burst-aware and persistent state model; (bso#16000). * No function _python_sysroot defined; (bso#15990). * leases torture test flappy; (bso#15978). * smbd: in contend_dirleases() don't bother checking when not enabled; (bso#15984). * 'net ads kerberos kinit' should use also default ccache name from krb5.conf; (bso#15993). * "use-kerberos=desired" broken; (bso#15789). * source3/libads/kerberos.c sets wrong failure for negative connection cache; (bso#15975); (bso#1255755). * CTDB's statd_callout fails on sm-notify; (bso#15938). * CTDB statd_callout_notify notifies unnecessary clients and loses their state; (bso#15939). * Backport domain default AES encryption types to 4.24; (bso#15998). * possible memory leak on rpc_spoolss; (bso#15979); (bsc#1257200). * Winbind group resolution failure; (bso#15972). * ctdbd socket documentation is wrong; (bso#15977). * time_t related build failure on 32bit arch in 4.24.0rc1; (bso#15976). ==== sshfs ==== Version update (3.7.5 -> 3.7.6) - Update to 3.7.6: - Added new maintainer: abhinavagarwal07 Abhinav Agarwal - CVE-2026-47187: Fixed critical vulnerability - Symlink Escape: Rogue SFTP Server to Local File Read/Write), credit to abhinavagarwal07 (bsc#1267017) - New -o contain_symlinks and -o no_contain_symlinks to control symlink containment behavior - CVE-2026-48711: Fixed high severity vulnerability - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'), credit to abhinavagarwal07 (bsc#1267016) - Fixed null-deref warning in tokenize_on_space, promote strict-warnings to required - Added a number of tests in CI, including rename, chmod, fsync, statvfs values, error paths, option coverage - Fixed malformed SFTP reply handling ==== sssd ==== Subpackages: libnfsidmap-sss libsss_certmap0 libsss_idmap0 sssd-krb5-common sssd-ldap - The logrotate fragment had a wrong systemd service name in it, which was rectified. ==== tpm2.0-tools ==== - Remove dependency to the abrmd broker service ==== xtermset ==== - Modernize spec file: * Drop obsolete Group tag * Use %make_build macro * Use https for URL and Source ==== zbar ==== - Correct the License tag to LGPL-2.1-or-later (the sources are LGPL 2.1 or later, not 2.0) - Minor spec cleanup