Packages changed: Mesa Mesa-drivers canokey-qemu cups (2.4.14 -> 2.4.16) dmidecode (3.6 -> 3.7) drkonqi6 (6.5.5 -> 6.5.90) flatpak (1.16.2 -> 1.16.3) glib2 harfbuzz (12.3.0 -> 12.3.1) ibus-libpinyin kernel-firmware-intel (20251228 -> 20260122) kernel-firmware-mediatek (20260114 -> 20260119) kernel-source (6.18.6 -> 6.18.7) libstorage-ng (4.5.285 -> 4.5.286) libxfce4windowing lirc mozc multipath-tools mutter (49.2 -> 49.3) openSUSE-release (20260123 -> 20260126) openjpeg2 os-prober pam (1.7.1 -> 1.7.2) pam-full-src (1.7.1 -> 1.7.2) patterns-base perl-Net-DNS (1.530.0 -> 1.540.0) polkit-default-privs (1550+20260108.4fc3a54 -> 1550+20260122.bb2b3c5) presage qalculate (5.8.2 -> 5.9.0) qemu thunar (4.20.6 -> 4.20.7) wireplumber yast2-bootloader (5.0.30 -> 5.0.31) === Details === ==== Mesa ==== Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1 - BuildRequire llvm21-devel, no matter which suse_version/sle_version is being used ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-libva Mesa-vulkan-device-select libvulkan_lvp - BuildRequire llvm21-devel, no matter which suse_version/sle_version is being used ==== canokey-qemu ==== - Fix building with GCC 16 (bsc#1256957) * Patch added: mbedtls-fix-building-with-GCC-16.patch ==== cups ==== Version update (2.4.14 -> 2.4.16) Subpackages: cups-client cups-config libcups2 libcupsimage2 - Version upgrade to 2.4.16: See https://github.com/openprinting/cups/releases The hotfix release 2.4.16 includes fix for infinite loop in GTK, which was caused by change of internal behavior in libcups on which GTK depended on, and workaround for stopping the scheduler if configuration includes unknown directives. Detailed list (from CHANGES.md): * 'cupsUTF8ToCharset' didn't validate 2-byte UTF-8 sequences, potentially reading past the end of the source string (Issue #1438) * The web interface did not support domain usernames fully (Issue #1441) * Fixed an infinite loop issue in the GTK+ print dialog (Issue #1439 boo#1254353) * Fixed stopping scheduler on unknown directive in configuration (Issue #1443) Issues are those at https://github.com/OpenPrinting/cups/issues - Version upgrade to 2.4.15: See https://github.com/openprinting/cups/releases The release CUPS 2.4.15 brings two CVE fixes: Fix various cupsd issues which cause local DoS (CVE-2025-61915 bsc#1253783) Fix unresponsive cupsd process caused by slow client (CVE-2025-58436 bsc#1244057) and several bug fixes described in CHANGES.md. Detailed list (from CHANGES.md): * Fixed potential crash in 'cups-driverd' when there are duplicate PPDs (Issue #1355) * Fixed error recovery when scanning for PPDs in 'cups-driverd' (Issue #1416) Issues are those at https://github.com/OpenPrinting/cups/issues - Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.16 - Fixed entry below dated "Sat Sep 30 08:52:42 UTC 2017" which contained needless UTF-8 Unicode characters that are now replaced by plain ASCII text in "... line - the ..." to fix a rpmlint "non-break-space" warning. - Adapted and enhanced 'tmpfiles.d' related things in cups.spec to "Fix packages for Immutable Mode - cups" (implementation task jsc#PED-14775 from epic jsc#PED-14688) ==== dmidecode ==== Version update (3.6 -> 3.7) - Update to upstream version 3.7: * Memory sizes use binary unit prefixes. * The word "Firmware" is now used instead of "BIOS". * Support for SMBIOS 3.8.0. This includes a new processor family. * Support for SMBIOS 3.9.0. This includes chassis type name adjustments, new rack attributes, slot ID for more slot types, and new memory device form factors and types. * Decode HPE OEM records 193, 195, 202, 211, 226, 229, 232 and 244. * Update HPE OEM records 203, 216, 242 and 245. * EDSFF slot names now include their .S/.L suffix. * Obsoletes dmioem-update-hpe-oem-type-238.patch. ==== drkonqi6 ==== Version update (6.5.5 -> 6.5.90) Subpackages: drkonqi6-lang - Update to 6.5.90: * New feature release * For more details see https://kde.org/announcements/plasma/6/6.5.90 - Changes since 6.5.5: * Update version for new release 6.5.90 * globalnotifiertruck: split notification text and differentiate exe from unit name * cmake: new feature option WITH_DRKONQI_REPORTING (kde#501946) * preamble: also except attributeerror on corefile test * productmapping: also force the component to a hardcoded value on fallback * drkonqidialog: untangle widgets pieces * developerpage: compress text updates * comment-- * coredump/launcher: Fix excessive i18n argument * coredump-gui: add support for flatpak debugging * preamble: quote solib when calling add (kde#506786) * preamble: use new gdb corefile enumeration facilities * deadcode-- * coredump-launcher: skip over terminals when detecting services (kde#511731) * Use better way to disable session management * coredump-launcher: report when the gui couldn't start * coredump-launcher: don't use nested eventloops they break things * coredump-gui: implement reporting to KDE (kde#511524) * drkonqi-core: new static library * launcher,coredump-gui: revise UX for non-KDE crashes * Update version for new release 6.5.80 * Set startupId from notification before restarting app ==== flatpak ==== Version update (1.16.2 -> 1.16.3) Subpackages: flatpak-remote-flathub flatpak-selinux libflatpak0 system-user-flatpak - Update to version 1.16.3: + Be selective about when to map font-dirs.xml in flatpak build. ==== glib2 ==== Subpackages: glib2-lang glib2-tools libgio-2_0-0 libgirepository-2_0-0 libglib-2_0-0 libglib-2_0-0-32bit libgmodule-2_0-0 libgobject-2_0-0 libgthread-2_0-0 typelib-1_0-GIRepository-3_0 typelib-1_0-GLib-2_0 typelib-1_0-GModule-2_0 typelib-1_0-GObject-2_0 typelib-1_0-Gio-2_0 - Add glib2-CVE-2026-0988.patch: fix a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049 CVE-2026-0988 glgo#GNOME/glib#3851). ==== harfbuzz ==== Version update (12.3.0 -> 12.3.1) Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - Update to version 12.3.1: + Various speed optimizations. + Build fixes for GCC 4.9. + Fix NULL pointer deference when malloc fails. - Drop harfbuzz-CVE-2026-22693.patch: Fixed upstream. ==== ibus-libpinyin ==== - Update ibus-libpinyin.spec to get rid of update-desktop-files: * It often duplicates upstream translation effort, wasting a human work, both community translators and contracted ones. * Most of these translations are ~20 years old, and they were never reviewed, so it is possible that they are worse than the upstream ones. In the last 20 years it did not provide any way to upstream the changes and translations. The upstream translations got another 20 years of development. Also Desktop Categories specification was updated, and the upstream specification now covers all aspects of former X-SuSE-* Categories extensions. * As a result, the SUSE desktop menu experience differs from other vendors. Applications have a different name, different translations, different placement in the structured menu etc. * Upstream translations have a wider impact. * Package maintainers have only a limited control over the contents visible to users. It is imported during the runtime, and the visible contents could be different from the contents in the package. * update-desktop-files is a complicated tool. It attempts to fix deprecated and obsolete stuff in the desktop files without even informing the developer that something was wrong and something was modified. * It uses a very complicated toolchain that requires access to SUSE intranet and access to OpenQA VPN. The complete toolchain setup was never published, so it has even problems with Open Source ideas. * It mixes SUSE-unique translations with translations that just duplicate the upstream translation effort. As a result it significantly increases number of strings to translate and decreases the quality of the translation. (jsc#PED-14507) ==== kernel-firmware-intel ==== Version update (20251228 -> 20260122) - Update to version 20260122 (git commit 1b7b9f6c3461): * Intel IPU7: Update firmware binary for Panther Lake ==== kernel-firmware-mediatek ==== Version update (20260114 -> 20260119) - Update to version 20260119 (git commit ed7a76faccbc): * linux-firmware: update firmware for MT7921 WiFi device ==== kernel-source ==== Version update (6.18.6 -> 6.18.7) - Linux 6.18.7 (bsc#1012628). - firmware: imx: scu-irq: Set mu_resource_id before get handle (bsc#1012628). - efi/cper: Fix cper_bits_to_str buffer handling and return value (bsc#1012628). - nvme-apple: add "apple,t8103-nvme-ans2" as compatible (bsc#1012628). - Revert "gfs2: Fix use of bio_chain" (bsc#1012628). - x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1 (bsc#1012628). - rust: bitops: fix missing _find_* functions on 32-bit ARM (bsc#1012628). - ASoC: codecs: wsa884x: fix codec initialisation (bsc#1012628). - ASoC: codecs: wsa883x: fix unnecessary initialisation (bsc#1012628). - drm/gud: fix NULL fb and crtc dereferences on USB disconnect (bsc#1012628). - virtio_net: Fix misalignment bug in struct virtnet_info (bsc#1012628). - io_uring: move local task_work in exit cancel loop (bsc#1012628). - xfrm: Fix inner mode lookup in tunnel mode GSO segmentation (bsc#1012628). - xfrm: set ipv4 no_pmtu_disc flag only on output sa when direction is set (bsc#1012628). - pNFS: Fix a deadlock when returning a delegation during open() (bsc#1012628). - NFS: Fix a deadlock involving nfs_release_folio() (bsc#1012628). - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (bsc#1012628). - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() (bsc#1012628). - drm/bridge: dw-hdmi-qp: Fix spurious IRQ on resume (bsc#1012628). - drm/vmwgfx: Fix KMS with 3D on HW version 10 (bsc#1012628). - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (bsc#1012628). - NFS/localio: Deal with page bases that are > PAGE_SIZE (bsc#1012628). - drm/rockchip: vop2: Add delay between poll registers (bsc#1012628). - drm/rockchip: vop2: Only wait for changed layer cfg done when there is pending cfgdone bits (bsc#1012628). - PM: EM: Fix incorrect description of the cost field in struct em_perf_state (bsc#1012628). - ipv4: ip_tunnel: spread netdev_lockdep_set_classes() (bsc#1012628). - can: etas_es58x: allow partial RX URB allocation to succeed (bsc#1012628). - nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (bsc#1012628). - cxl/port: Fix target list setup for multiple decoders sharing the same dport (bsc#1012628). - btrfs: release path before iget_failed() in btrfs_read_locked_inode() (bsc#1012628). - btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1012628). - Bluetooth: hci_sync: enable PA Sync Lost event (bsc#1012628). - net: bridge: annotate data-races around fdb->{updated,used} (bsc#1012628). - ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (bsc#1012628). - net: update netdev_lock_{type,name} (bsc#1012628). - macvlan: fix possible UAF in macvlan_forward_source() (bsc#1012628). - block: zero non-PI portion of auto integrity buffer (bsc#1012628). - ipv4: ip_gre: make ipgre_header() robust (bsc#1012628). - vsock/test: add a final full barrier after run all tests (bsc#1012628). - net/mlx5e: Fix crash on profile change rollback failure (bsc#1012628). - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (bsc#1012628). - net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (bsc#1012628). - net/mlx5e: Restore destroying state bit after profile cleanup (bsc#1012628). - btrfs: fix memory leaks in create_space_info() error paths (bsc#1012628). - cxl/hdm: Fix potential infinite loop in __cxl_dpa_reserve() (bsc#1012628). - net: octeon_ep_vf: fix free_irq dev_id mismatch in IRQ rollback (bsc#1012628). - net: phy: motorcomm: fix duplex setting error for phy leds (bsc#1012628). - net: airoha: Fix typo in airoha_ppe_setup_tc_block_cb definition (bsc#1012628). - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip (bsc#1012628). - ALSA: hda/cirrus_scodec_test: Fix test suite name (bsc#1012628). - net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1012628). - dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1012628). - ipv6: Fix use-after-free in inet6_addr_del() (bsc#1012628). - selftests: drv-net: fix RPS mask handling for high CPU numbers (bsc#1012628). - net/sched: sch_qfq: do not free existing class in ... changelog too long, skipping 263 lines ... - commit 76c2c9b ==== libstorage-ng ==== Version update (4.5.285 -> 4.5.286) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#1050 - libstorage-ng.spec.in: drop dependency on dmraid - 4.5.286 ==== libxfce4windowing ==== Subpackages: libxfce4windowing-0-0 libxfce4windowing-lang libxfce4windowingui-0-0 - Update copyright year. - Use meson build system - Build with vala to generate vapi files needed by Budgie Desktop ==== lirc ==== - Add lirc.sysusers to replace useradd/groupadd/usermod for transactional updates (jsc#PED-14918) - Add lirc-rpmlintfix.patch to make rpmlint happy - Add %check from Fedora ==== mozc ==== Subpackages: fcitx-mozc ibus-mozc ibus-mozc-candidate-window mozc-gui-tools - Update mozc.spec to get rid of update-desktop-files: * It often duplicates upstream translation effort, wasting a human work, both community translators and contracted ones. * Most of these translations are ~20 years old, and they were never reviewed, so it is possible that they are worse than the upstream ones. In the last 20 years it did not provide any way to upstream the changes and translations. The upstream translations got another 20 years of development. Also Desktop Categories specification was updated, and the upstream specification now covers all aspects of former X-SuSE-* Categories extensions. * As a result, the SUSE desktop menu experience differs from other vendors. Applications have a different name, different translations, different placement in the structured menu etc. * Upstream translations have a wider impact. * Package maintainers have only a limited control over the contents visible to users. It is imported during the runtime, and the visible contents could be different from the contents in the package. * update-desktop-files is a complicated tool. It attempts to fix deprecated and obsolete stuff in the desktop files without even informing the developer that something was wrong and something was modified. * It uses a very complicated toolchain that requires access to SUSE intranet and access to OpenQA VPN. The complete toolchain setup was never published, so it has even problems with Open Source ideas. * It mixes SUSE-unique translations with translations that just duplicate the upstream translation effort. As a result it significantly increases number of strings to translate and decreases the quality of the translation. (jsc#PED-14507) ==== multipath-tools ==== Subpackages: kpartx libmpath0 - Remove %ghost entry for /run/multipath from spec file (jsc#PED-14758) ==== mutter ==== Version update (49.2 -> 49.3) Subpackages: mutter-lang - Update to version 49.3: + Fix direct scanout on drivers without explicit modifiers + Fix cases of spurious tone mapping + Fix reporing damage region in pipewire streams + Initialize all luminance fields for CICP + Fix subsurface geometry calculation + Fix Xwayland clients becoming unresponsive on 2nd monitor + Improve native Xwayland scaling support + Send color management image description target volume events + Improve support for tablet devices + Do not spin cursor for startup sequences with no app ID + Let gestures influence other gesture before state change + Fixed crash + Plugged leak + Misc. bug fixes and cleanups + Updated translations. ==== openSUSE-release ==== Version update (20260123 -> 20260126) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== openjpeg2 ==== Subpackages: libopenjp2-7 libopenjp2-7-x86-64-v3 - Add openjpeg2-cve-2023-39327-limit-iterations.patch (CVE-2023-39327, bsc#1227412). ==== os-prober ==== - Drop dependency on dmraid (jsc#PED-15368) ==== pam ==== Version update (1.7.1 -> 1.7.2) Subpackages: pam-32bit - Update to version 1.7.2: * build: enabled vendordir by default. * pam_access: fixed stack overflow with huge configuration files. * pam_env: enhanced error diagnostics when ignoring backslash at end of string. * pam_faillock: skip clearing user's failed attempt when auth stack is not run. * pam_mkhomedir: added support for vendordir skeleton directory. * pam_unix: added support for pwaccessd. * pam_unix: added support for PAM_CHANGE_EXPIRED_AUTHTOK. * pam_unix: fixed password expiration warnings for large day values. * pam_unix: hardened temporary file handling. * Multiple minor bug fixes, build fixes, portability fixes, documentation improvements, and translation updates. - Drop post-v1.7.1.patch - Drop pam_mkhomedir-Use-vendordir-when-defined.patch - Build source archive directly from git ==== pam-full-src ==== Version update (1.7.1 -> 1.7.2) Subpackages: pam-extra pam-manpages - Update to version 1.7.2: * build: enabled vendordir by default. * pam_access: fixed stack overflow with huge configuration files. * pam_env: enhanced error diagnostics when ignoring backslash at end of string. * pam_faillock: skip clearing user's failed attempt when auth stack is not run. * pam_mkhomedir: added support for vendordir skeleton directory. * pam_unix: added support for pwaccessd. * pam_unix: added support for PAM_CHANGE_EXPIRED_AUTHTOK. * pam_unix: fixed password expiration warnings for large day values. * pam_unix: hardened temporary file handling. * Multiple minor bug fixes, build fixes, portability fixes, documentation improvements, and translation updates. - Drop post-v1.7.1.patch - Drop pam_mkhomedir-Use-vendordir-when-defined.patch - Build source archive directly from git ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-x11 patterns-base-x11_enhanced - remove dmraid from enhanced_base ==== perl-Net-DNS ==== Version update (1.530.0 -> 1.540.0) - updated to 1.540.0 (1.54) see /usr/share/doc/packages/perl-Net-DNS/Changes ==== polkit-default-privs ==== Version update (1550+20260108.4fc3a54 -> 1550+20260122.bb2b3c5) - Update to version 1550+20260122.bb2b3c5: * profiles: drop no longer packaged gsd wacom-*led-helper actions * profiles: whitelist InputPlumber actions (bsc#1249149) * profiles: whitelist tlp-pd actions (bsc#1254768) ==== presage ==== Subpackages: libpresage1 presage-data - Update presage.spec to get rid of update-desktop-files: * It often duplicates upstream translation effort, wasting a human work, both community translators and contracted ones. * Most of these translations are ~20 years old, and they were never reviewed, so it is possible that they are worse than the upstream ones. In the last 20 years it did not provide any way to upstream the changes and translations. The upstream translations got another 20 years of development. Also Desktop Categories specification was updated, and the upstream specification now covers all aspects of former X-SuSE-* Categories extensions. * As a result, the SUSE desktop menu experience differs from other vendors. Applications have a different name, different translations, different placement in the structured menu etc. * Upstream translations have a wider impact. * Package maintainers have only a limited control over the contents visible to users. It is imported during the runtime, and the visible contents could be different from the contents in the package. * update-desktop-files is a complicated tool. It attempts to fix deprecated and obsolete stuff in the desktop files without even informing the developer that something was wrong and something was modified. * It uses a very complicated toolchain that requires access to SUSE intranet and access to OpenQA VPN. The complete toolchain setup was never published, so it has even problems with Open Source ideas. * It mixes SUSE-unique translations with translations that just duplicate the upstream translation effort. As a result it significantly increases number of strings to translate and decreases the quality of the translation. (jsc#PED-14507) ==== qalculate ==== Version update (5.8.2 -> 5.9.0) Subpackages: libqalculate23 qalculate-data - Update to version 5.9.0 * Improve speed of sort(), rank(), and mode() functions (and other dependent functions). * Parse ± before implicit multiplication when not preceded by number (e.g. "7 km ± 5m"). * Always consider x^(a + b) equivalent to x^a × x^b (fixes "x^(y + z) − x^y × x^z"). * Simplify (x = a || x ≥ a + 1) and (x ≤ a || x ≥ a + 1), and similar, when x and a are integers (fixes "abs(x − 1) = abs(1 − x)"). * Do not remove duplicate whitespace characters from text strings (in quotation marks). * Add exact values for multiples of pi/12 (15°) in sin() and cos(), and tan(7/12pin). * Fix floating point conversion when comma is used as decimal separator. * Fix endless loop with increasingly complex equations in some cases when x + x^(1/a) is transformed to x = (b − x)^a). * Fix and improve function() function. * Fix loading of approximate variable with both approximate and exact values (e.g. in vector). * Fix missing parenthesis for exact number shown as approximate in vector. * Fix conversion to non-unit expression beginning with zero (when not before decimal separator) or minus. * Fix exchange rates updated after calculation of expression with only one currency. * Fix segfault in some corner cases when converting approximate units before uncertainty calculation. * Remove intltool build dependency. * Fix compilation with readline < 7.0 and mpfr < 4.0. * Do not show calculate-as-you-type result for incomplete object name (e.g. "integ" interpreted as "int(e × g)"). * Ellipsize large matrices and vectors when a subset of output, e.g. in a failed function, in qalc. * Completion for commands and options. * Do not show result for variable assignment when --terse and - -file are used. * Minor bug fixes and feature enhancements. ==== qemu ==== Subpackages: qemu-audio-spice qemu-block-curl qemu-block-nfs qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-img qemu-ipxe qemu-ksm qemu-lang qemu-microvm qemu-pr-helper qemu-seabios qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios qemu-vmsr-helper qemu-x86 - Bug and CVE fixes: * roms/edk2: fix building with GCC 16 (bsc#1256980) * hw/i386/kvm: fix PIRQ bounds check in xen_physdev_map_pirq() (bsc#1256484, CVE-2026-0665) ==== thunar ==== Version update (4.20.6 -> 4.20.7) Subpackages: libthunarx-3-0 thunar-lang - Update to 4.20.7 * Prevent crash on unmount (#1778) * Show 'queued' message only for queued jobs (#1755) * Prevent crash on non-local symlinks (#1757) * Fix g_object_unref warning * Fix symlink resolve for desktop files (#1757) * Translation Updates ==== wireplumber ==== Subpackages: libwireplumber-0_5-0 wireplumber-bash-completion wireplumber-lang - Backport upstream fixes: 0001-monitors-bluez-request-device-ports-take-loopback-no.patch 0002-autoswitch-bluetooth-profile-Fix-attempt-to-index-a-.patch ==== yast2-bootloader ==== Version update (5.0.30 -> 5.0.31) - Install "shim" only if secure boot is supported (bnc#1254865) - 5.0.31