Packages changed: MicroOS-release (20260505 -> 20260506) avahi avahi-glib2 distrobox ethtool (6.19 -> 7.0) kernel-firmware-amdgpu (20260427 -> 20260505) kernel-firmware-bluetooth (20260423 -> 20260505) kernel-firmware-i915 kernel-firmware-intel (20260408 -> 20260505) kernel-firmware-media (20260414 -> 20260505) kernel-firmware-mediatek kernel-firmware-platform (20260416 -> 20260505) kernel-firmware-qcom (20260423 -> 20260505) kernel-firmware-realtek kernel-source (7.0.2 -> 7.0.3) kexec-tools (2.0.30 -> 2.0.32+git15.g677dd2f) libksysguard6 podman (5.8.1 -> 5.8.2) rootlesskit (2.3.6 -> 3.0.0) sord (0.16.20 -> 0.16.22) sqlite3 (3.53.0 -> 3.53.1) === Details === ==== MicroOS-release ==== Version update (20260505 -> 20260506) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== avahi ==== Subpackages: libavahi-client3 libavahi-common3 libavahi-core7 - Add avahi-CVE-2026-24401.patch: Fix unsolicited mDNS response containing a recursive CNAME record (bsc#1257235). ==== avahi-glib2 ==== - Add avahi-CVE-2026-24401.patch: Fix unsolicited mDNS response containing a recursive CNAME record (bsc#1257235). ==== distrobox ==== Subpackages: distrobox-bash-completion - Split openSUSE-provided configuration to its own branding package (jsc#PED-14656, coo#129) - Suggest podman to hint the solver towards it when neither docker or podman are installed (jsc#PED-14656, coo#129) - Recommend flatpak rather than requiring it: it is only needed for the host-exec feature, and it is not desirable to pull it in on minimal installations. ==== ethtool ==== Version update (6.19 -> 7.0) - update to upstream release 7.0 * Feature: support MSE display (--show-mse) * Feature: add 2 new link_ext_state names * Fix: fix index calculation in ixgbe register dump (-d) * Fix: cmis wavelength tolerance output (-m) * Fix: duplicate sfpid Active Cu compliance output (-m) ==== kernel-firmware-amdgpu ==== Version update (20260427 -> 20260505) - Update to version 20260505 (git commit 027be1e3d201): * amdgpu: DMCUB updates for various ASICs ==== kernel-firmware-bluetooth ==== Version update (20260423 -> 20260505) - Update to version 20260505 (git commit 027be1e3d201): * rtl_bt: Add missing rtl8761a_config.bin for RTL8761AU ==== kernel-firmware-i915 ==== - Update aliases from 7.1-rc1 ==== kernel-firmware-intel ==== Version update (20260408 -> 20260505) - Update to version 20260505 (git commit 027be1e3d201): * Linux-firmware: Add Dell ISH firmware 581.7783.0 for Intel Panther Lake systems. ==== kernel-firmware-media ==== Version update (20260414 -> 20260505) - Update to version 20260505 (git commit 027be1e3d201): * qcom: vpu: add Gen2 firmware binary for Agatti ==== kernel-firmware-mediatek ==== - Update aliases from 7.1-rc1 ==== kernel-firmware-platform ==== Version update (20260416 -> 20260505) - Update to version 20260505 (git commit 027be1e3d201): * linux-firmware:Add firmware for Lontium LT7911EXC bridge ==== kernel-firmware-qcom ==== Version update (20260423 -> 20260505) - Update to version 20260505 (git commit 027be1e3d201): * qcom: update ADSP firmware for x1e80100 platform * qcom: Update CDSP firmware for Kaanapali platform ==== kernel-firmware-realtek ==== - Update aliases from 7.1-rc1 ==== kernel-source ==== Version update (7.0.2 -> 7.0.3) - Update patches.kernel.org/7.0.1-001-nfc-llcp-add-missing-return-after-LLCP_CLOSED-c.patch (bsc#1012628 CVE-2026-31629). - Update patches.kernel.org/7.0.1-002-x86-CPU-Fix-FPDSS-on-Zen1.patch (bsc#1012628 CVE-2026-31628). - Update patches.kernel.org/7.0.1-003-can-raw-fix-ro-uniq-use-after-free-in-raw_rcv.patch (bsc#1012628 CVE-2026-31532 bsc#1262757). - Update patches.kernel.org/7.0.1-004-i2c-s3c24xx-check-the-size-of-the-SMBUS-message.patch (bsc#1012628 CVE-2026-31627). - Update patches.kernel.org/7.0.1-005-staging-rtl8723bs-initialize-le_tmp64-in-rtw_BI.patch (bsc#1012628 CVE-2026-31626). - Update patches.kernel.org/7.0.1-006-HID-alps-fix-NULL-pointer-dereference-in-alps_r.patch (bsc#1012628 CVE-2026-31625 bsc#1263030). - Update patches.kernel.org/7.0.1-007-HID-core-clamp-report_size-in-s32ton-to-avoid-u.patch (bsc#1012628 CVE-2026-31624 bsc#1263657). - Update patches.kernel.org/7.0.1-008-net-usb-cdc-phonet-fix-skb-frags-overflow-in-rx.patch (bsc#1012628 CVE-2026-31623). - Update patches.kernel.org/7.0.1-009-NFC-digital-Bounds-check-NFC-A-cascade-depth-in.patch (bsc#1012628 CVE-2026-31622). - Update patches.kernel.org/7.0.1-011-bnge-return-after-auxiliary_device_uninit-in-er.patch (bsc#1012628 CVE-2026-31621). - Update patches.kernel.org/7.0.1-012-ALSA-usx2y-us144mkii-fix-NULL-deref-on-missing-.patch (bsc#1012628 CVE-2026-31620 bsc#1263029). - Update patches.kernel.org/7.0.1-013-ALSA-fireworks-bound-device-supplied-status-bef.patch (bsc#1012628 CVE-2026-31619). - Update patches.kernel.org/7.0.1-014-fbdev-tdfxfb-avoid-divide-by-zero-on-FBIOPUT_VS.patch (bsc#1012628 CVE-2026-31618). - Update patches.kernel.org/7.0.1-015-usb-gadget-f_ncm-validate-minimum-block_len-in-.patch (bsc#1012628 CVE-2026-31617). - Update patches.kernel.org/7.0.1-016-usb-gadget-f_phonet-fix-skb-frags-overflow-in-p.patch (bsc#1012628 CVE-2026-31616). - Update patches.kernel.org/7.0.1-017-usb-gadget-renesas_usb3-validate-endpoint-index.patch (bsc#1012628 CVE-2026-31615). - Update patches.kernel.org/7.0.1-018-smb-client-fix-off-by-8-bounds-check-in-check_w.patch (bsc#1012628 CVE-2026-31614). - Update patches.kernel.org/7.0.1-019-smb-client-fix-OOB-reads-parsing-symlink-error-.patch (bsc#1012628 CVE-2026-31613). - Update patches.kernel.org/7.0.1-020-ksmbd-validate-EaNameLength-in-smb2_get_ea.patch (bsc#1012628 CVE-2026-31612). - Update patches.kernel.org/7.0.1-021-ksmbd-require-3-sub-authorities-before-reading-.patch (bsc#1012628 CVE-2026-31611). - Update patches.kernel.org/7.0.1-022-ksmbd-fix-mechToken-leak-when-SPNEGO-decode-fai.patch (bsc#1012628 CVE-2026-31610 bsc#1263046). - Update patches.kernel.org/7.0.1-023-smb-client-avoid-double-free-in-smbd_free_send_.patch (bsc#1012628 CVE-2026-31609 bsc#1263663). - Update patches.kernel.org/7.0.1-024-smb-server-avoid-double-free-in-smb_direct_free.patch (bsc#1012628 CVE-2026-31608 bsc#1263664). - Update patches.kernel.org/7.0.1-025-usbip-validate-number_of_packets-in-usbip_pack_.patch (bsc#1012628 CVE-2026-31607 bsc#1263600). - Update patches.kernel.org/7.0.1-029-usb-gadget-f_hid-don-t-call-cdev_init-while-cde.patch (bsc#1012628 CVE-2026-31606 bsc#1263591). - Update patches.kernel.org/7.0.1-031-fbdev-udlfb-avoid-divide-by-zero-on-FBIOPUT_VSC.patch (bsc#1012628 CVE-2026-31605 bsc#1263493). - Update patches.kernel.org/7.0.1-034-wifi-rtw88-fix-device-leak-on-probe-failure.patch (bsc#1012628 CVE-2026-31604 bsc#1263045). - Update patches.kernel.org/7.0.1-035-staging-sm750fb-fix-division-by-zero-in-ps_to_h.patch (bsc#1012628 CVE-2026-31603 bsc#1263491). - Update patches.kernel.org/7.0.1-040-ALSA-ctxfi-Limit-PTP-to-a-single-page.patch (bsc#1012628 CVE-2026-31602 bsc#1263723). - Update patches.kernel.org/7.0.1-042-vfio-xe-Reorganize-the-init-to-decouple-migrati.patch (bsc#1012628 CVE-2026-31601 bsc#1263722). - Update patches.kernel.org/7.0.1-043-arm64-mm-Handle-invalid-large-leaf-mappings-cor.patch (bsc#1012628 CVE-2026-31600 bsc#1263721). - Update patches.kernel.org/7.0.1-044-media-vidtv-fix-NULL-pointer-dereference-in-vid.patch (bsc#1012628 CVE-2026-31599 bsc#1263031). - Update patches.kernel.org/7.0.1-045-ocfs2-fix-possible-deadlock-between-unlink-and-.patch (bsc#1012628 CVE-2026-31598 bsc#1263718). ... changelog too long, skipping 90 lines ... - commit 086d181 ==== kexec-tools ==== Version update (2.0.30 -> 2.0.32+git15.g677dd2f) - update to 2.0.32+git15.g677dd2f: * x86_64: Support UKI image format * pe-zboot: Truncate the trailing zero if Image is signed * kexec: Enable zstd in kexec decompression paths * x86_64: Use the x86-64 level for purgatory * RISC-V: Enable kexec_file_load syscall * RISC-V: Support loading Image binary file * kexec/zboot: Add boundary check on PE header offset * LoongArch: Change COMMAND_LINE_SIZE to 4096 * kexec: Handle removal of multiple 'crashkernel' parameters * LoongArch: Enforce relocatable kernel check for crash dump * LoongArch: Change initrd allocation to top-down * LoongArch: Add kexec_file_load syscall * LoongArch: Remove 'kexec_file' cmdline parameters when using --reuse-cmdline option * kexec/ifdown.c: Use AF_NETLINK instead of AF_INET * ppc64: ensure /memreserve/ sections exist in user-provided FDT * ppc64: handle reboot CPU in case of user provided DTB * ppc64: lift the dtb and initrd restriction * kexec: add kexec flag to support debug printing * UKI: Fix the size of real payload * ppc64: Reserve FDT memory for full elfcorehdr memory size * LoongArch: Increase MAX_MEMORY_RANGES to 1024 - drop outdated patches: * kexec-tools-SYS_getrandom.patch * kexec-tools-riscv64.patch * kexec-tools-riscv-hotplug.patch ==== libksysguard6 ==== Subpackages: ksysguardsystemstats6-data libKSysGuardSystemStats2 libksysguard6-imports - Add missing %verify(not caps) (boo#1263098) ==== podman ==== Version update (5.8.1 -> 5.8.2) - Update to version 5.8.2: * Bump to v5.8.2 * Release notes for v5.8.2 * hyperV: fix powershell path escape (CVE-2026-33414) * cirrus: bump linux machine aarch64 test timeout * Remove iptables references in upgrade tests * bindings: artifact extract reject invalid names * use chrootarchive over plain archive package * fix symlink handling in checkpoint restore * add missing O_CLOEXEC to open calls * Fix Quadlet `Lookup()` stripping unmatched quotes * Add e2e test for shell driver DriverOpts cross-contamination fix * Fix shell driver DriverOpts cross-contamination in secret creation * libpod: fix data race on deferredErr in attachExecHTTP * Consolidate build secret tests and assert no podman-build-secret leak * Remote build: `nTar` secrets with relative paths and ignore bypass * api: fix missing return after error in SystemCheck handler * test: relax rootless runc pid namespace assertion * New images 2026-03-19 * cirrus: ensure NOTIFY_SOCKET is properly unset for all tests * update fedoral base image to 43 and related tests * new image sfx for debian 14 * libpod: Don't dereference ctrSpec.Linux if it is nil * quadlet: allow empty Entrypoint to clear image default * [v5.8] Bump Buildah to 1.43.1, c/common v0.67.1, c/image v5.39.2 * bump go-jose/go-jose to v4.1.4 * [v5.8] Fix `unless-stopped` containers not restarting after ... * Bump Podman to v5.8.2-dev ==== rootlesskit ==== Version update (2.3.6 -> 3.0.0) - Update to version 3.0.0: * v3.0.0 * docs: update * v3.0.0-rc.0+dev * v3.0.0-rc.0 * port/builtin: support source IP propagation for UDP via IP_TRANSPARENT * testsuite: split protocol-specific code out of testTransparentWithPID * testsuite: use non-loopback IP in TestTCPTransparent * CI: add iptables (required by source-ip-transparent) * Build(deps): Bump golang.org/x/sys from 0.42.0 to 0.43.0 * v3.0.0-beta.1+dev * v3.0.0-beta.1 * docs/port.md: update * port/gvisor-tap-vsock: fix incompatibility with Docker * v3.0.0-beta.0+dev * v3.0.0-beta.0 * rootlesskit-docker-proxy: postpone removal to v4 * Preserve real client source IP in builtin port driver via IP_TRANSPARENT * CI: increase sleep * fix: remove Setsid from runWithoutReap to restore TTY * Build(deps): Bump golang.org/x/sys from 0.41.0 to 0.42.0 * Build(deps): Bump golang.org/x/sync from 0.19.0 to 0.20.0 * Dockerfile: update test deps * Build(deps): Bump actions/attest-build-provenance from 3 to 4 * Build(deps): Bump github.com/containernetworking/plugins * v3.0.0-alpha.2+dev * v3.0.0-alpha.2 * Build(deps): Bump golang.org/x/sys from 0.39.0 to 0.40.0 * Build(deps): Bump github.com/containers/gvisor-tap-vsock * fix(testsuite):fix flaky by ensure port is free to use * Build(deps): Bump golang.org/x/sys from 0.38.0 to 0.39.0 * Build(deps): Bump github.com/containernetworking/plugins * Build(deps): Bump golang.org/x/sync from 0.18.0 to 0.19.0 * Build(deps): Bump actions/setup-go from 5 to 6 * Build(deps): Bump actions/checkout from 5 to 6 * v3.0.0-alpha.1+dev * v3.0.0-alpha.1 * Build(deps): Bump golang.org/x/sync from 0.17.0 to 0.18.0 * Build(deps): Bump golang.org/x/crypto from 0.42.0 to 0.45.0 * Build(deps): Bump actions/checkout from 5 to 6 * ci: fix missing tag variable in release note generation * network/port driver build tags support * Build(deps): Bump github.com/gofrs/flock from 0.12.1 to 0.13.0 * v3.0.0-alpha.0+dev * v3.0.0-alpha.0 * go.mod: bump up * port.md: update benchmark description for gvisor-tap-vsock driver * go.mod: update gvisor-tap-vsock to v0.8.8 and improve port driver benchmarks * refactor: replace Debugf with Debug for logging messages * bump go to version 1.24 (version 1.23 is not supported) update go.mod and go.sum for dependency upgrades and fix gvisor-tap-vsock compatibility * Add gvisortapvsock port driver support * Build(deps): Bump actions/attest-build-provenance from 2 to 3 * Build(deps): Bump actions/checkout from 4 to 5 * Build(deps): Bump golang.org/x/sys from 0.34.0 to 0.35.0 * Build(deps): Bump golang.org/x/sys from 0.33.0 to 0.34.0 * network: add support for gvisor-tap-vsock driver and integration tests * Build(deps): Bump github.com/Masterminds/semver/v3 from 3.3.1 to 3.4.0 * Build(deps): Bump github.com/urfave/cli/v2 from 2.27.6 to 2.27.7 * Implement Pdeathsig behavior for child processes and enhance integration tests * child: refactor command execution to use goroutines with Pdeathsig ==== sord ==== Version update (0.16.20 -> 0.16.22) - update to 0.16.22: * Add clang nullability annotations * Address new warnings in clang and clang-tidy 21 * Make more API functions tolerate NULL ==== sqlite3 ==== Version update (3.53.0 -> 3.53.1) - Update to version 3.53.1: * Fixes for problems in 3.53.0 reported by users. * See the check-in timeline for details: https://sqlite.org/src/timeline?from=version-3.53.0&to=version-3.53.1