Packages changed: MicroOS-release (20260316 -> 20260318) blog (2.35 -> 2.36) container-selinux (2.246.0 -> 2.247.0) elfutils (0.192 -> 0.194) gpg2 (2.5.17 -> 2.5.18) grub2 kbd (2.7.1 -> 2.9.0) kdump (2.1.6 -> 2.1.7) kernel-source (6.19.7 -> 6.19.8) kirigami-addons6 (1.10.0 -> 1.12.0) libupnp (1.18.0 -> 1.18.3) openSUSE-build-key pipewire (1.6.1 -> 1.6.2) podman (5.8.0 -> 5.8.1) python-cffi python-requests zlib-ng-compat (2.3.2 -> 2.3.3) === Details === ==== MicroOS-release ==== Version update (20260316 -> 20260318) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== blog ==== Version update (2.35 -> 2.36) Subpackages: libblogger2 - Update to version 2.36 * If SYS_pidfd_open is not defined use a fallback Include to get __NR_pidfd_open for the definition of SYS_pidfd_open. * Changes to let systemd find plymouth replacements which means to add the appropiate Alias in systemd-ask-password-blog.path and also in systemd-ask-password-blog.service with new Install sections. Also change description in systemd-ask-password-blog.path to hint for blogd as replacement. * Rework password asking method to be asynchronous ==== container-selinux ==== Version update (2.246.0 -> 2.247.0) - Update to version 2.247.0: * Allow user_u users to run podman containers * Allow staff_t and user_t to start podman.socket via systemd * Add missing type transitions for overlay-containers directories * container_t: allow listen on smc_socket * Condition ptrace permission on deny_ptrace boolean ==== elfutils ==== Version update (0.192 -> 0.194) Subpackages: libasm1 libdw1 libelf1 - Add elfutils-fix-const-correctness.patch to fix build with new glibc - update to 0.194 elfclassify: New options --has-debug-sections and --any-ar-member. elflint: Presence of vendor- and application-specific ELF note types no longer triggers compliance errors. libdwfl_stacktrace: New function dwflst_sample_getframes. The libdwfl_stacktrace library interface is experimental and may be subject to API/ABI changes. Experimental new library interface for unwinding stack samples into call chains, and tracking and caching Elf data for multiple processes, building on libdwfl. Initially supports perf_events stack sample data. libelf: Manual pages have been added for many libelf library functions. Additional manual pages are planned for future releases. elf_scnshndx has been rewritten to be more robust, particularily for ELF files with more than 64K sections. readelf: Up to 13% faster when using the -N option. Improved handling of corrupt ELF data. - -section-headers output now includes a "Key to Flags" explaining section flag meanings. libdw: Add dwarf_language and dwarf_language_lower_bound functions. Improved support for DWARF6 language metadata as well as DWARF language constants for Nim, Dylan, Algol68, V and Mojo. dwarf_srclang is now forward-compatible with DWARF6 language constants. - Drop no longer necessary fix-static-linking.patch ==== gpg2 ==== Version update (2.5.17 -> 2.5.18) - Update to 2.5.18: * gpg: Support deleting a composite secret key in gpg-agent * gpg: Fix armor parsing when no CRC is found * gpgsm: New option --assert-validsig * agent: Fix the recent regression in pkdecrypt with TPM RSA * scdaemon: Add support for D-Trust Card 6.1/6.4 * dirmngr: Let KS_SEARCH print all uid records for a key Fixes regression since 2015 * gpg-authcode-sign.sh: Keep the log file even on success * Remove patch upstream: - gnupg-gpgscm-New-operator-long-time-t-to-detect-proper-tim.patch ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-common grub2-snapper-plugin - Fix RAID scenarios stopped being able to boot in Power (bsc#1259631) * 0001-mdraid1x-fix-raid_disks-decoding-on-big-endian-syste.patch ==== kbd ==== Version update (2.7.1 -> 2.9.0) Subpackages: libkbdfile1 libkeymap1 libkfont0 - Fix conversion of h and H fr-afnor xkb keymap (boo#1259269). - Replace setfont --quiet (kbd-setfont-quiet.patch) by upstream solution: add setfont --check that checks for setfont availability without logging errors (boo#1212970, kbd-setfont-check.patch). - Update to version 2.9.0: * keymaps: + Add Georgian font (LatCyrHebKa-16_GIA.psfu) and keymap (i386/qwerty/ge). + Add new i386 azerty afnor keymap (i386/azerty/fr-afnor). + Disable characters >=U+F000 in qwertz/de_alt_UTF-8 (drop kbd-unicode-fxxx.patch). + Add console keymap for Mac swiss german keyboards. * libkeymap: + Support KT_DEAD2 diacritics. + Fix memory leaks. * libkbdfile: + Detect archive type based on content. + Add support for decompressing files without using utilities. Use ELF_DLOPEN_METADATA if possible. * utils: + kbd_mode: support Disabled mode (K_OFF). + loadkeys: Add --tkeymap to dump the keymap as text. - Drop kbd-2.7.1-reproducible-gzip.patch, now handled by the upstream. ==== kdump ==== Version update (2.1.6 -> 2.1.7) - upgrade to version 2.1.7 * fix VLAN interface naming (bsc#1255300) * fix bonding options for VLAN slaves * fix return value of kdumptool commandline -d (bsc#1257471) * use primary IP address (bsc#1259058) * dracut: avoid error message if /etc/sysctl.conf does not exist * dracut: update dracut hooks path from /lib/dracut to /var/lib/dracut ==== kernel-source ==== Version update (6.19.7 -> 6.19.8) Subpackages: kernel-64kb kernel-default - Linux 6.19.8 (bsc#1012628). - apparmor: fix race between freeing data and fs accessing it (bsc#1012628). - apparmor: fix race on rawdata dereference (bsc#1012628). - apparmor: fix differential encoding verification (bsc#1012628). - apparmor: fix unprivileged local user can do privileged policy management (bsc#1012628). - apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1012628). - apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1012628). - apparmor: fix side-effect bug in match_char() macro usage (bsc#1012628). - apparmor: fix: limit the number of levels of policy namespaces (bsc#1012628). - apparmor: replace recursive profile removal with iterative approach (bsc#1012628). - apparmor: fix memory leak in verify_header (bsc#1012628). - apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1012628). - net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1012628). - net/sched: act_gate: snapshot parameters with RCU on replace (bsc#1012628). - commit 5a5a4f4 - Update patches.kernel.org/6.19.1-003-smb-client-split-cached_fid-bitfields-to-avoid.patch (bsc#1012628 CVE-2026-23230 bsc#1258430). - Update patches.kernel.org/6.19.1-004-ksmbd-fix-infinite-loop-caused-by-next_smb2_rc.patch (bsc#1012628 CVE-2026-23220 bsc#1258432). - Update patches.kernel.org/6.19.1-005-ksmbd-add-chann_lock-to-protect-ksmbd_chann_li.patch (bsc#1012628 CVE-2026-23226 bsc#1258820). - Update patches.kernel.org/6.19.1-006-smb-server-fix-leak-of-active_num_conn-in-ksmb.patch (bsc#1012628 CVE-2026-23228 bsc#1258431). - Update patches.kernel.org/6.19.1-030-crypto-iaa-Fix-out-of-bounds-index-in-find_emp.patch (bsc#1012628 CVE-2025-71231 bsc#1258424). - Update patches.kernel.org/6.19.1-032-crypto-omap-Allocate-OMAP_CRYPTO_FORCE_COPY-sc.patch (bsc#1012628 CVE-2026-23222 bsc#1258484). - Update patches.kernel.org/6.19.1-033-crypto-virtio-Add-spinlock-protection-with-vir.patch (bsc#1012628 CVE-2026-23229 bsc#1258429). - Update patches.kernel.org/6.19.1-035-nilfs2-Fix-potential-block-overflow-that-cause.patch (bsc#1012628 CVE-2025-71237 bsc#1258467). - Update patches.kernel.org/6.19.1-036-hfs-ensure-sb-s_fs_info-is-always-cleaned-up.patch (bsc#1012628 CVE-2025-71230 bsc#1258413). - Update patches.kernel.org/6.19.1-037-wifi-rtw88-Fix-alignment-fault-in-rtw_core_ena.patch (bsc#1012628 CVE-2025-71229 bsc#1258415). - Update patches.kernel.org/6.19.1-038-scsi-qla2xxx-Validate-sp-before-freeing-associ.patch (bsc#1012628 CVE-2025-71236 bsc#1258442). - Update patches.kernel.org/6.19.1-040-scsi-qla2xxx-Delay-module-unload-while-fabric-.patch (bsc#1012628 CVE-2025-71235 bsc#1258469). - Update patches.kernel.org/6.19.1-041-scsi-qla2xxx-Free-sp-in-error-path-to-fix-syst.patch (bsc#1012628 CVE-2025-71232 bsc#1258422). - Update patches.kernel.org/6.19.1-043-sched-mmcid-Don-t-assume-CID-is-CPU-owned-on-m.patch (bsc#1012628 CVE-2026-23225 bsc#1258474). - Update patches.kernel.org/6.19.1-044-bus-fsl-mc-fix-use-after-free-in-driver_overri.patch (bsc#1012628 CVE-2026-23221 bsc#1258660). - Update patches.kernel.org/6.19.1-045-erofs-fix-UAF-issue-for-file-backed-mounts-w-d.patch (bsc#1012628 CVE-2026-23224 bsc#1258461). - Update patches.kernel.org/6.19.1-046-xfs-fix-UAF-in-xchk_btree_check_block_owner.patch (bsc#1012628 CVE-2026-23223 bsc#1258483). - Update patches.kernel.org/6.19.1-047-drm-exynos-vidi-use-ctx-lock-to-protect-struct.patch (bsc#1012628 CVE-2026-23227 bsc#1258472). - Update patches.kernel.org/6.19.1-048-PCI-endpoint-Avoid-creating-sub-groups-asynchr.patch (bsc#1012628 CVE-2025-71233 bsc#1258421). - Update patches.kernel.org/6.19.1-049-wifi-rtl8xxxu-fix-slab-out-of-bounds-in-rtl8xx.patch (bsc#1012628 CVE-2025-71234 bsc#1258419). - Update patches.kernel.org/6.19.3-001-scsi-qla2xxx-Fix-bsg_done-causing-double-free.patch (bsc#1012628 CVE-2025-71238 bsc#1259186). - Update patches.kernel.org/6.19.3-005-fbdev-smscufx-properly-copy-ioctl-memory-to-ke.patch (bsc#1012628 CVE-2026-23236 bsc#1259199). - Update patches.kernel.org/6.19.3-009-f2fs-fix-out-of-bounds-access-in-sysfs-attribu.patch (bsc#1012628 CVE-2026-23235 bsc#1259195). - Update patches.kernel.org/6.19.3-010-f2fs-fix-to-avoid-UAF-in-f2fs_write_end_io.patch (bsc#1012628 CVE-2026-23234 bsc#1259194). - Update patches.kernel.org/6.19.3-012-f2fs-fix-to-avoid-mapping-wrong-physical-block.patch ... changelog too long, skipping 14 lines ... - commit b7e70c1 ==== kirigami-addons6 ==== Version update (1.10.0 -> 1.12.0) Subpackages: libKirigamiAddonsStatefulApp6 libKirigamiApp6 - Update to 1.12.0. No changelog ==== libupnp ==== Version update (1.18.0 -> 1.18.3) Subpackages: libixml11 libupnp20 - Update to release 1.18.3 * Fix crash when mixing ns and non-ns attributes during freeing ==== openSUSE-build-key ==== - move the pqkeys out of gnupg, its not gpg style. ==== pipewire ==== Version update (1.6.1 -> 1.6.2) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 1.6.2: * This is a bugfix release that is API and ABI compatible with the previous 1.6.x releases. * Highlights - Fix a potential crash when the wrong memory was freed. - Fix a optimization with shared memory over some links that could cause errors later on. - Fix SOFA filter and default control input in LADSPA and LV2. - Some other small fixes and improvements. * PipeWire - Remove an optimization to skip share mem in links, it causes problems later on. (#5159 (closed)) * Modules - Don't try to free invalid memory or close invalid fds when the client aborted before allocating buffer memory. (#5162 (closed)) * SPA - support ACP_IGNORE_DB in udev. - Use 0x as a prefix for hex values. - Mark Props as write-only in libcamera. - Small optimization in the audio mixer. - Fix initialization of control properties for SOFA and biquads in the filter-graph. (#5152 (closed)) - Fix min/max default values for LADSPA and LV2. * JACK - Fix jack_port_type_id(). Return values that are compatible with JACK1/2. ==== podman ==== Version update (5.8.0 -> 5.8.1) - Update to version 5.8.1: * Bump to v5.8.1 * Release notes for v5.8.1 * docs: make the --migrate-db more clear * update boltdb migrating warning * libpod: prefer sqlite in getDBState() * libpod: fix parallel migration issue * libpod: return full path in sqliteStatePath() * migrate to oidc * Bump Podman to v5.8.1-dev * Disable lint to fix CI ==== python-cffi ==== - Add patch support-pycparser-3.patch: * Support pycparser 3 exception message changes. ==== python-requests ==== - Add fix-chardet-RequestsDependencyWarning.patch * Fix RequestsDependencyWarning with chardet (6.0.0dev0) on Factory/TW (gh#psf/requests#7219) (gh#psf/requests#7220) (gh#psf/requests#7239) ==== zlib-ng-compat ==== Version update (2.3.2 -> 2.3.3) - update to 2.3.3: * Make deflate output deterministic if stream is reused after deflateReset #2102 * minigzip: Fix integer overflow in gz_compress_mmap #2110 * Use GCC's may_alias attribute for access to buffers in crc32_chorba #2078 * Fix false-positive infinite loop warning detected by GCC-14 static analyzer #2101 * Fix warning for potentially uninitialized local variable ft used. #2043