Packages changed: Mesa Mesa-drivers amarok (3.3.1 -> 3.3.2) aws-lc (1.63.0 -> 1.66.2) cups (2.4.14 -> 2.4.16) dmidecode (3.6 -> 3.7) drkonqi6 (6.5.5 -> 6.5.90) flatpak (1.16.2 -> 1.16.3) glib2 harfbuzz (12.3.0 -> 12.3.1) kernel-firmware-intel (20251228 -> 20260122) kernel-firmware-mediatek (20260114 -> 20260119) kernel-source (6.18.6 -> 6.18.7) libstorage-ng (4.5.285 -> 4.5.286) libxfce4windowing lirc multipath-tools mutter (49.2 -> 49.3) openSUSE-release (20260123 -> 20260126) openjpeg2 os-prober pam (1.7.1 -> 1.7.2) pam-full-src (1.7.1 -> 1.7.2) patterns-base perl-Net-DNS (1.530.0 -> 1.540.0) polkit-default-privs (1550+20260108.4fc3a54 -> 1550+20260122.bb2b3c5) qalculate (5.8.2 -> 5.9.0) qemu sendmail thunar (4.20.6 -> 4.20.7) wireplumber yast2-bootloader (5.0.30 -> 5.0.31) === Details === ==== Mesa ==== Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1 - BuildRequire llvm21-devel, no matter which suse_version/sle_version is being used ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-libva Mesa-vulkan-device-select libvulkan_lvp - BuildRequire llvm21-devel, no matter which suse_version/sle_version is being used ==== amarok ==== Version update (3.3.1 -> 3.3.2) - Update to 3.3.2 https://blogs.kde.org/2026/01/18/amarok-3.3.2-released/ ==== aws-lc ==== Version update (1.63.0 -> 1.66.2) Subpackages: libcrypto-awslc0 libssl-awslc0 - Update to version 1.66.2: * Fix incorrect assembler directive in AArch64 code * Fix the libwebsockets integration test script * Remove pkcs8 expected in test * Add randomized unit testing for EVP_CIPHERs * fix(target): fix mipseb 64bit compile * Consolidate FORMAT_DER/PEM in tool-openssl * Replace password string with proper class * Fix ppc64le; Improve platform detection - Update to version 1.66.1: * Iterate through all DNS entries in connect CLI * Fix socat integration test * Remove OPENSSL_NO_BF for real * Add openssl genpkey cli utility tool * Add stdin support for pkcs8 tool * Fix extension processing order in x509 cli * ML-DSA: Missing Private Key Validation Checks - Update to version 1.66.0: * Add encap/decapKeyCheck support in ACVP * Clarify comments and API behaviour for equal-preference for TLS 1.3 * Add support for external contexts in ML-DSA ACVP * Route ML-DSA ACVP to the right APIs * Add sha1 CLI * Fix openssl comparison tests * tool-openssl: pkcs8 error output on decrypt * Add RSA_X931_PADDING to rsa.h * Blowfish OFB Block Cipher Mode Support * Run ACCP integration tests on aarch64 * Support stdin for openssl rsa tool * Remove rsa expected in test * [tool-openssl] basic asn1parse support * Several CLI Fixes * Implement enc CLI - Update to version 1.65.1: * Adjust image-build-android concurrency group * s_client: Add TLS 1.2 and 1.3 protocol selection flags * Add EVP_bf_cfb64 * Add conversion and traceability for third-party test vectors * Verify size of mlen in ML-DSA external mu mode * Replicate OpenSSL 1.1.1 behavior for BIO_s_mem BIO_NOCLOSE * Add ACVP support for AES CFB128 * Add support for HMAC-SHA3 to ACVP tool * Move dk to Tests in ML-KEM ACVP - Update to version 1.65.0: * Use new images for fuzzing and x509 * Remove unused Wycheproof test vectors * Fix openldap; regenerate configure script * Fix unchecked return value * Avoid NULL dereference * AES-XTS Enc Dec test on rand incremental length inputs * Make N1 cpucap a subset of that of V1 and V2 * Set SSL_R_NO_CIPHER_MATCH when failing to set ciphers * Add CFI directives to chacha-armv8.pl * Add CFI directives in aesv8-armx.pl * Match req CLI behavior with OpenSSL * Adjust script to handle other event types - Update to version 1.64.0: * Update max polyz value * Support more "openssl rsa" options * Additional options for "openssl c_client" * Use C++11 atomics to update session stats * Support "openssl dhparam" * Remove dead code * Rename snapsafe to VM UBE * Extend grv asan timeout for Golang to allow completion * Implement more options for req CLI * Ensure HMAC_Init_ex reinitializes data properly - enable more tests, by exposing openssl/bssl tools - add skip-test.patch, skipping tool_openssl_test, as for some reason, a lot of features in that tool are not available ==== cups ==== Version update (2.4.14 -> 2.4.16) Subpackages: cups-client cups-config libcups2 libcupsimage2 - Version upgrade to 2.4.16: See https://github.com/openprinting/cups/releases The hotfix release 2.4.16 includes fix for infinite loop in GTK, which was caused by change of internal behavior in libcups on which GTK depended on, and workaround for stopping the scheduler if configuration includes unknown directives. Detailed list (from CHANGES.md): * 'cupsUTF8ToCharset' didn't validate 2-byte UTF-8 sequences, potentially reading past the end of the source string (Issue #1438) * The web interface did not support domain usernames fully (Issue #1441) * Fixed an infinite loop issue in the GTK+ print dialog (Issue #1439 boo#1254353) * Fixed stopping scheduler on unknown directive in configuration (Issue #1443) Issues are those at https://github.com/OpenPrinting/cups/issues - Version upgrade to 2.4.15: See https://github.com/openprinting/cups/releases The release CUPS 2.4.15 brings two CVE fixes: Fix various cupsd issues which cause local DoS (CVE-2025-61915 bsc#1253783) Fix unresponsive cupsd process caused by slow client (CVE-2025-58436 bsc#1244057) and several bug fixes described in CHANGES.md. Detailed list (from CHANGES.md): * Fixed potential crash in 'cups-driverd' when there are duplicate PPDs (Issue #1355) * Fixed error recovery when scanning for PPDs in 'cups-driverd' (Issue #1416) Issues are those at https://github.com/OpenPrinting/cups/issues - Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.16 - Fixed entry below dated "Sat Sep 30 08:52:42 UTC 2017" which contained needless UTF-8 Unicode characters that are now replaced by plain ASCII text in "... line - the ..." to fix a rpmlint "non-break-space" warning. - Adapted and enhanced 'tmpfiles.d' related things in cups.spec to "Fix packages for Immutable Mode - cups" (implementation task jsc#PED-14775 from epic jsc#PED-14688) ==== dmidecode ==== Version update (3.6 -> 3.7) - Update to upstream version 3.7: * Memory sizes use binary unit prefixes. * The word "Firmware" is now used instead of "BIOS". * Support for SMBIOS 3.8.0. This includes a new processor family. * Support for SMBIOS 3.9.0. This includes chassis type name adjustments, new rack attributes, slot ID for more slot types, and new memory device form factors and types. * Decode HPE OEM records 193, 195, 202, 211, 226, 229, 232 and 244. * Update HPE OEM records 203, 216, 242 and 245. * EDSFF slot names now include their .S/.L suffix. * Obsoletes dmioem-update-hpe-oem-type-238.patch. ==== drkonqi6 ==== Version update (6.5.5 -> 6.5.90) - Update to 6.5.90: * New feature release * For more details see https://kde.org/announcements/plasma/6/6.5.90 - Changes since 6.5.5: * Update version for new release 6.5.90 * globalnotifiertruck: split notification text and differentiate exe from unit name * cmake: new feature option WITH_DRKONQI_REPORTING (kde#501946) * preamble: also except attributeerror on corefile test * productmapping: also force the component to a hardcoded value on fallback * drkonqidialog: untangle widgets pieces * developerpage: compress text updates * comment-- * coredump/launcher: Fix excessive i18n argument * coredump-gui: add support for flatpak debugging * preamble: quote solib when calling add (kde#506786) * preamble: use new gdb corefile enumeration facilities * deadcode-- * coredump-launcher: skip over terminals when detecting services (kde#511731) * Use better way to disable session management * coredump-launcher: report when the gui couldn't start * coredump-launcher: don't use nested eventloops they break things * coredump-gui: implement reporting to KDE (kde#511524) * drkonqi-core: new static library * launcher,coredump-gui: revise UX for non-KDE crashes * Update version for new release 6.5.80 * Set startupId from notification before restarting app ==== flatpak ==== Version update (1.16.2 -> 1.16.3) Subpackages: flatpak-remote-flathub flatpak-selinux libflatpak0 system-user-flatpak - Update to version 1.16.3: + Be selective about when to map font-dirs.xml in flatpak build. ==== glib2 ==== Subpackages: glib2-tools libgio-2_0-0 libgirepository-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 libgthread-2_0-0 typelib-1_0-GIRepository-3_0 typelib-1_0-GLib-2_0 typelib-1_0-GModule-2_0 typelib-1_0-GObject-2_0 typelib-1_0-Gio-2_0 - Add glib2-CVE-2026-0988.patch: fix a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049 CVE-2026-0988 glgo#GNOME/glib#3851). ==== harfbuzz ==== Version update (12.3.0 -> 12.3.1) Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - Update to version 12.3.1: + Various speed optimizations. + Build fixes for GCC 4.9. + Fix NULL pointer deference when malloc fails. - Drop harfbuzz-CVE-2026-22693.patch: Fixed upstream. ==== kernel-firmware-intel ==== Version update (20251228 -> 20260122) - Update to version 20260122 (git commit 1b7b9f6c3461): * Intel IPU7: Update firmware binary for Panther Lake ==== kernel-firmware-mediatek ==== Version update (20260114 -> 20260119) - Update to version 20260119 (git commit ed7a76faccbc): * linux-firmware: update firmware for MT7921 WiFi device ==== kernel-source ==== Version update (6.18.6 -> 6.18.7) Subpackages: kernel-64kb kernel-default - Linux 6.18.7 (bsc#1012628). - firmware: imx: scu-irq: Set mu_resource_id before get handle (bsc#1012628). - efi/cper: Fix cper_bits_to_str buffer handling and return value (bsc#1012628). - nvme-apple: add "apple,t8103-nvme-ans2" as compatible (bsc#1012628). - Revert "gfs2: Fix use of bio_chain" (bsc#1012628). - x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1 (bsc#1012628). - rust: bitops: fix missing _find_* functions on 32-bit ARM (bsc#1012628). - ASoC: codecs: wsa884x: fix codec initialisation (bsc#1012628). - ASoC: codecs: wsa883x: fix unnecessary initialisation (bsc#1012628). - drm/gud: fix NULL fb and crtc dereferences on USB disconnect (bsc#1012628). - virtio_net: Fix misalignment bug in struct virtnet_info (bsc#1012628). - io_uring: move local task_work in exit cancel loop (bsc#1012628). - xfrm: Fix inner mode lookup in tunnel mode GSO segmentation (bsc#1012628). - xfrm: set ipv4 no_pmtu_disc flag only on output sa when direction is set (bsc#1012628). - pNFS: Fix a deadlock when returning a delegation during open() (bsc#1012628). - NFS: Fix a deadlock involving nfs_release_folio() (bsc#1012628). - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (bsc#1012628). - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() (bsc#1012628). - drm/bridge: dw-hdmi-qp: Fix spurious IRQ on resume (bsc#1012628). - drm/vmwgfx: Fix KMS with 3D on HW version 10 (bsc#1012628). - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (bsc#1012628). - NFS/localio: Deal with page bases that are > PAGE_SIZE (bsc#1012628). - drm/rockchip: vop2: Add delay between poll registers (bsc#1012628). - drm/rockchip: vop2: Only wait for changed layer cfg done when there is pending cfgdone bits (bsc#1012628). - PM: EM: Fix incorrect description of the cost field in struct em_perf_state (bsc#1012628). - ipv4: ip_tunnel: spread netdev_lockdep_set_classes() (bsc#1012628). - can: etas_es58x: allow partial RX URB allocation to succeed (bsc#1012628). - nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (bsc#1012628). - cxl/port: Fix target list setup for multiple decoders sharing the same dport (bsc#1012628). - btrfs: release path before iget_failed() in btrfs_read_locked_inode() (bsc#1012628). - btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1012628). - Bluetooth: hci_sync: enable PA Sync Lost event (bsc#1012628). - net: bridge: annotate data-races around fdb->{updated,used} (bsc#1012628). - ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (bsc#1012628). - net: update netdev_lock_{type,name} (bsc#1012628). - macvlan: fix possible UAF in macvlan_forward_source() (bsc#1012628). - block: zero non-PI portion of auto integrity buffer (bsc#1012628). - ipv4: ip_gre: make ipgre_header() robust (bsc#1012628). - vsock/test: add a final full barrier after run all tests (bsc#1012628). - net/mlx5e: Fix crash on profile change rollback failure (bsc#1012628). - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (bsc#1012628). - net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (bsc#1012628). - net/mlx5e: Restore destroying state bit after profile cleanup (bsc#1012628). - btrfs: fix memory leaks in create_space_info() error paths (bsc#1012628). - cxl/hdm: Fix potential infinite loop in __cxl_dpa_reserve() (bsc#1012628). - net: octeon_ep_vf: fix free_irq dev_id mismatch in IRQ rollback (bsc#1012628). - net: phy: motorcomm: fix duplex setting error for phy leds (bsc#1012628). - net: airoha: Fix typo in airoha_ppe_setup_tc_block_cb definition (bsc#1012628). - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip (bsc#1012628). - ALSA: hda/cirrus_scodec_test: Fix test suite name (bsc#1012628). - net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1012628). - dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1012628). - ipv6: Fix use-after-free in inet6_addr_del() (bsc#1012628). - selftests: drv-net: fix RPS mask handling for high CPU numbers (bsc#1012628). - net/sched: sch_qfq: do not free existing class in ... changelog too long, skipping 263 lines ... - commit 76c2c9b ==== libstorage-ng ==== Version update (4.5.285 -> 4.5.286) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#1050 - libstorage-ng.spec.in: drop dependency on dmraid - 4.5.286 ==== libxfce4windowing ==== Subpackages: libxfce4windowing-0-0 libxfce4windowing-lang libxfce4windowingui-0-0 - Update copyright year. - Use meson build system - Build with vala to generate vapi files needed by Budgie Desktop ==== lirc ==== - Add lirc.sysusers to replace useradd/groupadd/usermod for transactional updates (jsc#PED-14918) - Add lirc-rpmlintfix.patch to make rpmlint happy - Add %check from Fedora ==== multipath-tools ==== Subpackages: kpartx libmpath0 - Remove %ghost entry for /run/multipath from spec file (jsc#PED-14758) ==== mutter ==== Version update (49.2 -> 49.3) - Update to version 49.3: + Fix direct scanout on drivers without explicit modifiers + Fix cases of spurious tone mapping + Fix reporing damage region in pipewire streams + Initialize all luminance fields for CICP + Fix subsurface geometry calculation + Fix Xwayland clients becoming unresponsive on 2nd monitor + Improve native Xwayland scaling support + Send color management image description target volume events + Improve support for tablet devices + Do not spin cursor for startup sequences with no app ID + Let gestures influence other gesture before state change + Fixed crash + Plugged leak + Misc. bug fixes and cleanups + Updated translations. ==== openSUSE-release ==== Version update (20260123 -> 20260126) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== openjpeg2 ==== - Add openjpeg2-cve-2023-39327-limit-iterations.patch (CVE-2023-39327, bsc#1227412). ==== os-prober ==== - Drop dependency on dmraid (jsc#PED-15368) ==== pam ==== Version update (1.7.1 -> 1.7.2) - Update to version 1.7.2: * build: enabled vendordir by default. * pam_access: fixed stack overflow with huge configuration files. * pam_env: enhanced error diagnostics when ignoring backslash at end of string. * pam_faillock: skip clearing user's failed attempt when auth stack is not run. * pam_mkhomedir: added support for vendordir skeleton directory. * pam_unix: added support for pwaccessd. * pam_unix: added support for PAM_CHANGE_EXPIRED_AUTHTOK. * pam_unix: fixed password expiration warnings for large day values. * pam_unix: hardened temporary file handling. * Multiple minor bug fixes, build fixes, portability fixes, documentation improvements, and translation updates. - Drop post-v1.7.1.patch - Drop pam_mkhomedir-Use-vendordir-when-defined.patch - Build source archive directly from git ==== pam-full-src ==== Version update (1.7.1 -> 1.7.2) Subpackages: pam-extra pam-manpages - Update to version 1.7.2: * build: enabled vendordir by default. * pam_access: fixed stack overflow with huge configuration files. * pam_env: enhanced error diagnostics when ignoring backslash at end of string. * pam_faillock: skip clearing user's failed attempt when auth stack is not run. * pam_mkhomedir: added support for vendordir skeleton directory. * pam_unix: added support for pwaccessd. * pam_unix: added support for PAM_CHANGE_EXPIRED_AUTHTOK. * pam_unix: fixed password expiration warnings for large day values. * pam_unix: hardened temporary file handling. * Multiple minor bug fixes, build fixes, portability fixes, documentation improvements, and translation updates. - Drop post-v1.7.1.patch - Drop pam_mkhomedir-Use-vendordir-when-defined.patch - Build source archive directly from git ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-x11 patterns-base-x11_enhanced - remove dmraid from enhanced_base ==== perl-Net-DNS ==== Version update (1.530.0 -> 1.540.0) - updated to 1.540.0 (1.54) see /usr/share/doc/packages/perl-Net-DNS/Changes ==== polkit-default-privs ==== Version update (1550+20260108.4fc3a54 -> 1550+20260122.bb2b3c5) - Update to version 1550+20260122.bb2b3c5: * profiles: drop no longer packaged gsd wacom-*led-helper actions * profiles: whitelist InputPlumber actions (bsc#1249149) * profiles: whitelist tlp-pd actions (bsc#1254768) ==== qalculate ==== Version update (5.8.2 -> 5.9.0) Subpackages: libqalculate23 qalculate-data - Update to version 5.9.0 * Improve speed of sort(), rank(), and mode() functions (and other dependent functions). * Parse ± before implicit multiplication when not preceded by number (e.g. "7 km ± 5m"). * Always consider x^(a + b) equivalent to x^a × x^b (fixes "x^(y + z) − x^y × x^z"). * Simplify (x = a || x ≥ a + 1) and (x ≤ a || x ≥ a + 1), and similar, when x and a are integers (fixes "abs(x − 1) = abs(1 − x)"). * Do not remove duplicate whitespace characters from text strings (in quotation marks). * Add exact values for multiples of pi/12 (15°) in sin() and cos(), and tan(7/12pin). * Fix floating point conversion when comma is used as decimal separator. * Fix endless loop with increasingly complex equations in some cases when x + x^(1/a) is transformed to x = (b − x)^a). * Fix and improve function() function. * Fix loading of approximate variable with both approximate and exact values (e.g. in vector). * Fix missing parenthesis for exact number shown as approximate in vector. * Fix conversion to non-unit expression beginning with zero (when not before decimal separator) or minus. * Fix exchange rates updated after calculation of expression with only one currency. * Fix segfault in some corner cases when converting approximate units before uncertainty calculation. * Remove intltool build dependency. * Fix compilation with readline < 7.0 and mpfr < 4.0. * Do not show calculate-as-you-type result for incomplete object name (e.g. "integ" interpreted as "int(e × g)"). * Ellipsize large matrices and vectors when a subset of output, e.g. in a failed function, in qalc. * Completion for commands and options. * Do not show result for variable assignment when --terse and - -file are used. * Minor bug fixes and feature enhancements. ==== qemu ==== Subpackages: qemu-arm qemu-audio-spice qemu-block-curl qemu-block-nfs qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-img qemu-ipxe qemu-ksm qemu-pr-helper qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios - Bug and CVE fixes: * roms/edk2: fix building with GCC 16 (bsc#1256980) * hw/i386/kvm: fix PIRQ bounds check in xen_physdev_map_pirq() (bsc#1256484, CVE-2026-0665) ==== sendmail ==== Subpackages: libmilter1_0 - Correct group permission of /var/spool/clientmqueue to make sendmail work again (boo#1255437) - Support Immutable Mode (jsc#PED-14688) * Note that still sendmail is not part of SLES-16 and above ==== thunar ==== Version update (4.20.6 -> 4.20.7) Subpackages: libthunarx-3-0 thunar-lang - Update to 4.20.7 * Prevent crash on unmount (#1778) * Show 'queued' message only for queued jobs (#1755) * Prevent crash on non-local symlinks (#1757) * Fix g_object_unref warning * Fix symlink resolve for desktop files (#1757) * Translation Updates ==== wireplumber ==== Subpackages: libwireplumber-0_5-0 wireplumber-bash-completion - Backport upstream fixes: 0001-monitors-bluez-request-device-ports-take-loopback-no.patch 0002-autoswitch-bluetooth-profile-Fix-attempt-to-index-a-.patch ==== yast2-bootloader ==== Version update (5.0.30 -> 5.0.31) - Install "shim" only if secure boot is supported (bnc#1254865) - 5.0.31