Packages changed: MicroOS-release (20260609 -> 20260610) boost-base file (5.47 -> 5.48) fwupd (2.1.3 -> 2.1.4) hplip ncurses (6.6.20260530 -> 6.6.20260608) patterns-base sdl2-compat (2.32.68 -> 2.32.70) systemd (260.1 -> 260.2) === Details === ==== MicroOS-release ==== Version update (20260609 -> 20260610) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== boost-base ==== Subpackages: boost-license1_91_0 libboost_filesystem1_91_0 libboost_thread1_91_0 - Force remove boost_atomic directory to fix the failing build with GCC 16 ==== file ==== Version update (5.47 -> 5.48) Subpackages: file-magic libmagic1 - Update to 5.48: * add landlock support (valoq) * add BE/LE GUID * multiple fixes to prevent integer overflow in 32 bits (kerwin) * PR/745: bitstreamout: Don't flush when trying to set negative offsets on pipes, just continue, fixes 'cat file.zip | file -' * PR/753: vmihalko: Fix race is magic_getpath() * PR/728: Anton Monroe: Reinstate regex/c - Port patch file-5.47.dif and rename it to file-5.48.dif - Port patches * file-4.21-xcursor.dif * file-5.19-biorad.dif * file-5.19-printf.dif * file-5.22-elf.dif * file-5.28-btrfs-image.dif * file-secure_getenv.patch - Remove patches now upstream * file-5.47-regression.dif * file-5.47-s390x.patch * file-5.47-stanza.patch ==== fwupd ==== Version update (2.1.3 -> 2.1.4) Subpackages: libfwupd3 typelib-1_0-Fwupd-2_0 - Update to version 2.1.4: + This release adds the following features: - Add a libcrypto-based JCat implementation for Android - Add support for NixOS to the quickstart script - Add support for the Compal BIOS version format - Allow a remote to specify that a username or password is required - Allow storing a per-user password in XDG_CONFIG_HOME - Detect encrypted swap devices below device-mapper - Ensure that all firmware subclasses set the maximum size - Remove the flashrom plugin - Save the SMBIOS BiosReleaseDate string to uploaded reports - Tell Star Labs coreboot users to manually update when required + This release fixes the following bugs: - Add a retry limit when updating failing Goodix MoC devices - Add several bounds checks for when updating Dell docks - Add vendor name and name for the various Framework UEFI certificates - Allow recovery if the Lenovo dock internal state is invalid - Avoid truncation when calculating the AMD GPU atombios size - Check firmware size against Novatek flash start address - Check for config offset overflow when updating Synaptics RMI devices - Check for multiplication overflow in BCM57xx stage1 size calculation - Check for overflow when writing to CCGX DMC devices - Check stream size before calculating Legion HID ID offset - Check stream size before subtracting Ilitek ITS CRC length - Clear Sunplus camera download state if the previous flash failed - Do not show plugin warnings when using --version - Filter the install flags provided by the D-Bus client - Fix a potential heap buffer overflow in FDT strlist parsing - Fix a potential heap buffer overflow in Nordic HID peer validation - Fix a potential OOB read in DFOTA modem response parsing - Fix a potential path traversal vulnerability in firmware backup - Fix a regression when searching for file magic - Fix a regression when using report-export --sign - Fix fwupd domain check bypass when using Qubes - Ignore efivar free space requirement on Microsoft Hyper-V hosts - Limit the number of hints a D-Bus client can set - Limit the size of parsed USB descriptors to ~64KiB - Make it easy to enable an authenticated remote - Make the Novatek boot update more reliable - Only read BCR from Intel SPI controllers - Prevent a possible division by zero error in the progressbar code - Prevent decompression bomb attacks in uSWID zlib payload parsing - Prevent NVRAM-seeded ptential path traversal when loading ESP files - Redact the username and password of remotes when using a non-active console - Require authorization for firmware installation on emulated devices - Require authorization for more D-Bus methods from non-local users - Restrict Curl protocols to prevent potential SSRF attacks - Restrict ModifyRemote to prevent a supply-chain redirection - Show a short easy-to-read string as the Pixart touchpad name - Tolerate post-quantum CA PKCS#7 failures when using Qubes - Validate ACPI PHAT specific data offset before parsing - Validate Corsair write size before subtracting header size - Validate DFU address offset before parsing the header - Validate Elan touchpad IAP address is within firmware bounds - Validate Logitech TAP AP region bounds before calculating size - Validate payload length is large enough for FPC sec-link - Validate sector range before writing pixart-tp firmware - Validate VBE area start does not exceed area size - Validate write offset does not exceed TI TPS6598x stream size + This release adds support for the following hardware: - Egis MoC devices with PID 9201 - Intel Arc Pro B65 and Arc Pro B70 (#10389) - Lenovo dock devices in 'provisioned' mode - Pixart TP devices with PID 1343 - Several GigaDevice and Puya SPI chips - Drop no longer needed BuildRequires: pkgconfig(jcat), pkgconfig(flashrom) ==== hplip ==== Subpackages: hplip-common hplip-cups hplip-driver-hpcups libhplip0 - hp-plugin: fix plugin installation from local file (lp#2154206) * add pluginhandler-fix-plugin-installation-from-local-fil.patch ==== ncurses ==== Version update (6.6.20260530 -> 6.6.20260608) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20260608 + amend *.map to put recent cookie-related functions in a new tinfo ".current" section (report by Sven Joachim). + add npc to kmscon, fixing flash -TD - Add ncurses patch 20260607 + actually add kmscon (report by Branden Robinson) - Add ncurses patch 20260606 + add kmscon (report by Jocelyn Falempe) -TD + fix a minor regression in infocmp -g option. + fixes for compiler warnings/cppcheck. ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11 - only do Requires: libyui-ncurses-pkg and libyui-qt-pkg if Tumbleweed since libyui is no longer available in Leap 16.1 ==== sdl2-compat ==== Version update (2.32.68 -> 2.32.70) - Update to release 2.32.70 * Fixed showing the on-screen keyboard at application startup. ==== systemd ==== Version update (260.1 -> 260.2) Subpackages: libsystemd0 libudev1 systemd-boot systemd-container udev - Temporarily add 1001-units-drop-Before-sockets.target-from-networkd-resol.patch until upstream releases it. - Import commit a1ca0edbe97b747694600671445c19aa565f7b7e (merge of v260.2) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/1e45daa2fb423eb95ad00dcc389e03cfea8f86dc...a1ca0edbe97b747694600671445c19aa565f7b7e This update includes the following fix: a2c799878a logind: keep lingering users at startup-time GC (bsc#1262305)