Packages changed: MicroOS-release (20260428 -> 20260429) at-spi2-core (2.60.1 -> 2.60.2) cups (2.4.18 -> 2.4.19) glib2 hwdata (0.397 -> 0.406) kernel-firmware-amdgpu (20260414 -> 20260427) kernel-firmware-ath12k (20260317 -> 20260421) kernel-firmware-bluetooth (20260408 -> 20260423) kernel-firmware-mediatek (20260317 -> 20260423) kernel-firmware-qcom (20260416 -> 20260423) kernel-firmware-sound (20260408 -> 20260421) libblockdev (3.4.0 -> 3.5.0) libcamera libdrm (2.4.131 -> 2.4.133) libgpg-error (1.59 -> 1.60) llvm22 (22.1.3 -> 22.1.4) mozilla-nss (3.122.1 -> 3.122.2) openSUSE-build-key patterns-kde (20240311 -> 20260428) pipewire polkit-default-privs (1550+20260414.1647bf2 -> 1550+20260428.f2a5d2e) pulseaudio samba (4.23.6+git.466.1a6b75cb208 -> 4.23.7+git.473.9487af01c24) sssd (2.12.0 -> 2.13.0) toolbox (2.4+git20251009.ab435eb -> 2.4+git20260421.7c75c12) xen (4.21.1_02 -> 4.21.1_04) zstd === Details === ==== MicroOS-release ==== Version update (20260428 -> 20260429) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== at-spi2-core ==== Version update (2.60.1 -> 2.60.2) Subpackages: libatk-1_0-0 libatk-bridge-2_0-0 libatspi0 typelib-1_0-Atk-1_0 typelib-1_0-Atspi-2_0 - Update to version 2.60.2: + atspi-device-legacy: add null checks for when x11 isnt available. + python: Fix __getitem__ with a negative offset. + Fix a NULL pointer dereference when sending an event. + device-x11: Fall back on raw key events if there is no focus. ==== cups ==== Version update (2.4.18 -> 2.4.19) Subpackages: cups-client cups-config libcups2 libcupsimage2 - Version upgrade to 2.4.19: See https://github.com/openprinting/cups/releases Release 2.4.19 contains another hotfix after CVE-2026-27447 fix: * Fixed a regression in shared printing from non-local accounts (Issue #1557) Issues are those at https://github.com/OpenPrinting/cups/issues - Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.19 - Added 'Michael R Sweet' key to cups.keyring because cups-2.4.19-source.tar.gz.sig belongs to him. ==== glib2 ==== Subpackages: glib2-tools libgio-2_0-0 libgirepository-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 typelib-1_0-GLib-2_0 typelib-1_0-GLibUnix-2_0 typelib-1_0-GModule-2_0 typelib-1_0-GObject-2_0 typelib-1_0-Gio-2_0 - Install the /usr/share/applications/gnome-mimeapps.list symlink from the package instead of creating it from systemd-tmpfiles since /usr is mounted read-only in immutble systems. This forces to also install an empty file as the symlink target. - Use systemd-tmpfiles to create the default mimeapps lists instead of writing to /var in %post to fix immutable systems (jsc#PED-14839) ==== hwdata ==== Version update (0.397 -> 0.406) - update to 0.406: * Update pci and vendor ids - update to 0.405: * Update pci and vendor ids ==== kernel-firmware-amdgpu ==== Version update (20260414 -> 20260427) - Update to version 20260427 (git commit b64d7354df3a): * amdgpu: DMCUB updates for various ASICs - Update to version 20260421 (git commit 0a7e55438c7c): * amdgpu: DMCUB updates for DCN36 ==== kernel-firmware-ath12k ==== Version update (20260317 -> 20260421) - Update to version 20260421 (git commit 0a7e55438c7c): * ath12k: QCC2072 hw1.0: add to WLAN.COL.1.0.c2-00074-QCACOLSWPL_V1_TO_SILICONZ-1 * ath12k: QCC2072 hw1.0: add board-2.bin * ath12k: IPQ5424 hw1.0: add to WLAN.WBE.1.6-01275-QCAHKSWPL_SILICONZ-1 * ath12k: IPQ5424 hw1.0: add board-2.bin ==== kernel-firmware-bluetooth ==== Version update (20260408 -> 20260423) - Update to version 20260423 (git commit 479a01628094): * linux-firmware: Add firmware file for Intel BlazarIW - Update to version 20260423 (git commit 0d347a3f3ec4): * linux-firmware: Add firmware file for Intel ScorpiusGfp2 core * linux-firmware: Add firmware file for Intel BlazarIGfp2 core * linux-firmware: Update firmware file for Intel BlazarU-HrPGfP core * linux-firmware: Update firmware file for Intel BlazarU core * linux-firmware: Update firmware file for Intel Scorpius core * linux-firmware: Update firmware file for Intel BlazarI core * Revert "linux-firmware: Update firmware file for Intel Quasar core" - Update to version 20260421 (git commit 0a7e55438c7c): * QCA: Update Bluetooth WCN6856 firmware 2.1.0-00665 to 2.1.0-00666 ==== kernel-firmware-mediatek ==== Version update (20260317 -> 20260423) - Update to version 20260423 (git commit 0d347a3f3ec4): * mediatek MT7925: update bluetooth firmware to 20260414153243 * linux-firmware: update firmware for MT7925 WiFi device ==== kernel-firmware-qcom ==== Version update (20260416 -> 20260423) - Update to version 20260423 (git commit 0d347a3f3ec4): * qcom: Update ADSP firmware for Glymur platform * qcom: Add gpdspr.jsn for qcs8300 platform - Update to version 20260421 (git commit 0a7e55438c7c): * qcom: Update ADSP firmware for Kaanapali platform ==== kernel-firmware-sound ==== Version update (20260408 -> 20260421) - Update to version 20260421 (git commit 0a7e55438c7c): * cirrus: cs35l56: Add firmware for Cirrus Amps for some Lenovo laptops * cirrus: cs35l56: Add firmware for Cirrus Amps for some Lenovo laptops (17aa235c 17aa235d) ==== libblockdev ==== Version update (3.4.0 -> 3.5.0) Subpackages: libbd_crypto3 libbd_fs3 libbd_loop3 libbd_lvm3 libbd_mdraid3 libbd_nvme3 libbd_part3 libbd_smart3 libbd_swap3 libbd_utils3 libblockdev3 - Update to version 3.5.0: + More than hundred fixes for various issues both in code and test suite were found and fixed using Claude AI. + Crypto plugin now offers activate functions that accept cryptsetup activation flags. + Two new functions added to the btrfs plugin for recursively removing subvolumes and getting btrfs device stats. ==== libcamera ==== Subpackages: libcamera-base0_7 libcamera0_7 - Add libcamera-ov02e10-initial-support.patch ==== libdrm ==== Version update (2.4.131 -> 2.4.133) Subpackages: libdrm2 libdrm_amdgpu1 libdrm_intel1 - update to 2.4.133 * This release contains few fixes for build errors that weren't caught by CI. ==== libgpg-error ==== Version update (1.59 -> 1.60) - Update to 1.60: * New error codes * Interface changes relative to the 1.57 release: GPG_ERR_PUBKEY_NON_COMPLIANT NEW. GPG_ERR_CIPHER_NON_COMPLIANT NEW. GPG_ERR_DIGEST_NON_COMPLIANT NEW. ==== llvm22 ==== Version update (22.1.3 -> 22.1.4) - Update to version 22.1.4. * This release contains bug-fixes for the LLVM 22.1.0 release. This release is API and ABI compatible with 22.1.0. - Build bolt on riscv64. - Fix shebang for hwasan_symbolize also on riscv64. ==== mozilla-nss ==== Version update (3.122.1 -> 3.122.2) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.122.2: * bmo#2033783 - reject DTLS 1.3 Server Hello after HVR without capping ss->vrange.max ==== openSUSE-build-key ==== - adjust suse_version condition for the Backports key ==== patterns-kde ==== Version update (20240311 -> 20260428) - Update version number - Do not build kde_yast on Leap 16 - Obsoletes kde_minimal pattern if PackageHub bsc#1248107 ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Do not require pulseaudio-setup anymore - Remove workaround for boo#1186561 which was already fixed 5 years ago and which wrote to /var (jsc#PED-15662) ==== polkit-default-privs ==== Version update (1550+20260414.1647bf2 -> 1550+20260428.f2a5d2e) - Update to version 1550+20260428.f2a5d2e: * profiles: whitelisted kdenetwork-filesharing {enable,start}service actions (bsc#1262258, bsc#1263037) - Update to version 1550+20260428.d9ff7af: * profiles: mcp-server-systemd (bsc#1259556) ==== pulseaudio ==== Subpackages: libpulse-mainloop-glib0 libpulse0 pulseaudio-utils - Do not run setup-pulseaudio on %post. Everything should work fine out of the box these days . This improves the behaviour of the package in immutable systems (jsc#PED-14841). - Remove workaround in %post for a bug (bsc#1083473) that was actually fixed in systemd-rpm-macros on March 4 2021 (bsc#1183051). - Install sh and csh profiles as static files instead of generating them from setup-pulseaudio (which is not run automatically anymore). - pulseaudio-setup is no longer required by pulseaudio. ==== samba ==== Version update (4.23.6+git.466.1a6b75cb208 -> 4.23.7+git.473.9487af01c24) Subpackages: libldb2 samba-ad-dc-libs samba-client samba-client-libs samba-libs - Update to 4.23.7 * Fix a directory file descriptor leak in vfs_glusterfs that caused unbounded memory growth on the GlusterFS brick with persistent SMB2 connections; (bso#16043). * autobuild fails if /proc/version contains trailing space; (bso#16057). * incorrect behavior on rpcclient enumport with rpcd_spoolss; (bso#16019). * rpc workers with long living clients grow server memory keytab; (bso#16042); (bsc#1257200). * vfs_snapper failing to access or enumerate files in subfolders; (bso#16058); (bsc#1259667). * libsmbclient posix extensions with SMB3 don't work at all; (bso#15960). * Samba is not build with FORTIFY_SOURCE; (bso#16040). - Add support to allow default selinux autolabelling by update-samba-security-profile on service [re]start to be inhibited; (bsc#1259050). - Use multiple threads for SELinux relabeling in update-samba-security-profile (bsc#1259050). ==== sssd ==== Version update (2.12.0 -> 2.13.0) Subpackages: libsss_certmap0 libsss_idmap0 sssd-krb5-common sssd-ldap - Update to release 2.13 * Fixed CVE-2026-6245, an out-of-bounds read in the PAM passkey responder. * During the processing of the `pam_sss_gss` request, SSSD will read the SID from the PAC of the Kerberos ticket and might add authentication indicators based on the value of the new option `pam_gssapi_indicators_apply`. The primary use case is to handle SIDs added by Active Directory’s Authentication Mechanism Assurance (AMA). * Active Directory’s Foreign Security Principals (FSP) are now properly detected and ignored when reading nested group members. The `ldap_ignore_unreadable_references` option is only needed to ignore member objects which are really not accessible. * A number of cache performance optimizations for large deployments. * Tokens acquired from the IdP are now stored in the domain cache, and are automatically refreshed if the new option `idp_auto_refresh` is enabled. * The `idp_type` option allows `entra_idp` url to be specified if user is using a different Microsoft Entra endpoint. * Support for the KDE Plasma Login Manager. * New option `avoid_by_id_lookups` to tell the SSSD responders to use a lookup by name instead of by id where possible. * New options to customize the OAuth2 prompting behavior: `interactive` and `interactive_prompt`. - Delete 0001-Fix-libini_config-related-includes.patch, 0001-INI-get-rid-of-useless-macros.patch, 0001-INI-use-proper-deallocators.patch (obsolete) ==== toolbox ==== Version update (2.4+git20251009.ab435eb -> 2.4+git20260421.7c75c12) - Update to version 2.4+git20260421.7c75c12: * Make toolbox k8s (rke2) aware (#57) ==== xen ==== Version update (4.21.1_02 -> 4.21.1_04) - bsc#1262178 - VUL-0: CVE-2026-23557: xen: Xenstored DoS via XS_RESET_WATCHES command (XSA-484) 69f0ab36-xenstored-make-conn_delete_all_transactions-idempotent.patch - bsc#1262180 - VUL-0: CVE-2026-23558: xen: grant table v2 race in status page mapping (XSA-486) 69f0ab36-gnttab-split-gnttab_map_frame.patch - Upstream bug fixes (bsc#1027519) 69d4ab43-EFI-avoid-OOB-config-file-reads.patch 69d8ed8e-x86-time-dont-kill-calibration-timer-on-S3.patch 69e0e400-x86-use-native-TSC-scaling-factors-when-.patch 69e0e401-CPU-round-cpu_khz-calculations.patch 69e26ac9-x86-mkelf32-actually-pad-segment-to-2Mb.patch 69e26aca-x86-mitigate-AMD-SN-7053-FP-DSS.patch ==== zstd ==== Subpackages: libzstd1 - Backport 1.5.7 man page patch * Documentation was not correctly updated at release time * https://github.com/facebook/zstd/commit/6af3842 Add 0002-fix-1.5.7-documentation.patch