Packages changed: Mesa (25.3.3 -> 25.3.4) Mesa-drivers (25.3.3 -> 25.3.4) MicroOS-release (20260128 -> 20260131) cockpit cockpit-podman (117 -> 119.1) dbus-broker gcc glib2 gpg2 (2.5.16 -> 2.5.17) health-checker (1.13+git20251028.c9a2249 -> 1.13+git20251219.f90f390) libXmu (1.3.0 -> 1.3.1) mandoc mdadm (4.4+31.g541b40d3 -> 4.5+39.g1aa6e5de) microos-tools (4.0+git19 -> 4.0+git21) multipath-tools (0.14.0+207+suse.18c17be5 -> 0.14.1+208+suse.d08f5475) open-vm-tools (13.0.5 -> 13.0.10) patterns-base pulseaudio sdbootutil (1+git20260115.cd41d07 -> 1+git20260127.6240918) shadow systemd-presets-common-SUSE xen (4.21.0_02 -> 4.21.0_04) === Details === ==== Mesa ==== Version update (25.3.3 -> 25.3.4) Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1 - Update to Mesa 25.3.4 - -> https://docs.mesa3d.org/relnotes/25.3.4 ==== Mesa-drivers ==== Version update (25.3.3 -> 25.3.4) Subpackages: Mesa-dri Mesa-vulkan-device-select libvulkan_lvp - Update to Mesa 25.3.4 - -> https://docs.mesa3d.org/relnotes/25.3.4 ==== MicroOS-release ==== Version update (20260128 -> 20260131) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== cockpit ==== Subpackages: cockpit-bridge cockpit-networkmanager cockpit-packagekit cockpit-system cockpit-ws cockpit-ws-selinux - Update dependencies for bsc#1257324 ==== cockpit-podman ==== Version update (117 -> 119.1) - Update dependencies for bsc#1257324 - Update to 119.1 * 119 - Bug fixes and translation updates * 118 - Bug fixes and translation updates ==== dbus-broker ==== Subpackages: dbus-broker-block-restart - dbus-broker should require dbus-1-common (bsc#1255655) ==== gcc ==== - Improve go/gofmt alternative removal upon migration to an alternative-less system. ==== glib2 ==== Subpackages: glib2-tools libgio-2_0-0 libgirepository-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 typelib-1_0-GLib-2_0 typelib-1_0-GModule-2_0 typelib-1_0-GObject-2_0 typelib-1_0-Gio-2_0 - Add CVE fixes: + glib2-CVE-2026-1484.patch (bsc#1257355 CVE-2026-1484 glgo#GNOME/glib!4979). + glib2-CVE-2026-1485.patch (bsc#1257354 CVE-2026-1485 glgo#GNOME/glib!4981). + glib2-CVE-2026-1489.patch (bsc#1257353 CVE-2026-1489 glgo#GNOME/glib!4984). ==== gpg2 ==== Version update (2.5.16 -> 2.5.17) - Update to 2.5.17: * agent: Fix stack buffer overflow when using gpgsm and KEM (CVE-2026-24881, boo#1257358) * tpm: Fix possible buffer overflow in PKDECRYPT (CVE-2026-24882, boo#1257396) * gpg: Fix possible NULL-deref with overlong signature packets (CVE-2026-24883, boo#1257395) * gpg: New export-option "keep-expired-subkeys" * gpgsm: Make multiple search patterns work with keyboxd * agent: Add accelerator keys for "Wrong" and "Correct" * dirmngr: Help detection of bad keyserver configurations ==== health-checker ==== Version update (1.13+git20251028.c9a2249 -> 1.13+git20251219.f90f390) Subpackages: health-checker-plugins-MicroOS - Update to version 1.13+git20251219.f90f390: * Revert "fix(systemd): Fix dependency cycle with other systemd services" - Update to version 1.13+git20251209.bb58b41: * fix(systemd): Fix dependency cycle with other systemd services * fix(dracut): Skip dracut module on BLS systems ==== libXmu ==== Version update (1.3.0 -> 1.3.1) Subpackages: libXmu6 libXmuu1 - Update to version 1.3.1 * Fix compilation on 32-bit targets - supersedes u_int-to-pointer-cast.patch ==== mandoc ==== - Use libalternatives for soelim, fixing conflict with groff. - Remove %{_mandir}/man7/roff.7, the only remaining conflict with groff. - Remove executable bits on manpages - Add dont-change-rights.patch not to mess with file mode https://inbox.vuxu.org/mandoc-discuss/20210814145000.GC88512@athene.usta.de/T/#t - Don’t Conflict groff, just man. ==== mdadm ==== Version update (4.4+31.g541b40d3 -> 4.5+39.g1aa6e5de) - Update to version 4.5+39.g1aa6e5de: * fix compilation errors with GCC 16 (bsc#1256973) * load md_mod before creating array (bsc#1257330) - Update to version 4.5+33.g9560967f (bsc#1257009): - Upstream feature additions in 4.5: * Support --logical-block-size in --create * Remove --freeze-reshape logic in reshape * Create array with sync del gendisk mode * Re-enable mdadm --monitor ... for /dev/mdX * Don't stop array after creating it during assemble * Allow RAID0 to be created with v0.90 metadata * Optimize DDF header search for widely used RAID controllers Upstream bug fixes from 4.5: * Moves memory management into Assemble to avoid null pointer dereference * Wait a while before removing a member in Incremental * Fix memory leaks * Support non-absolute name during monitor scan * Enable udev block for Incremental/Assemble to avoid race condition * Don't set badblock flag when adding a new disk * Fix metadata corruption when managing new imsm array * Do not start reshape before switchroot ==== microos-tools ==== Version update (4.0+git19 -> 4.0+git21) Subpackages: selinux-autorelabel - Update to version 4.0+git21: * Add zypp-no-multiversion sub-package * Add config snippets for zypp.conf ==== multipath-tools ==== Version update (0.14.0+207+suse.18c17be5 -> 0.14.1+208+suse.d08f5475) Subpackages: kpartx libmpath0 - Update to version 0.14.1+208+suse.d08f5475: * kpartx: fix segfault when operating on regular files (bsc#1257244, bsc#1257153) * multipathd: print path offline message even without a checker (bsc#1254094) * multipathd: make "multipathd show status" busy checker better * multipathd: finish initalization of paths added while offline * multipathd: don't add removed/partial paths to new maps ==== open-vm-tools ==== Version update (13.0.5 -> 13.0.10) Subpackages: libvmtools0 - update to 13.0.10 based on build 25056151: (boo#1257357): Please refer to the Release Notes at https://github.com/vmware/open-vm-tools/blob/stable-13.0.10/ReleaseNotes.md. The granular changes that have gone into the open-vm-tools 13.0.10 release are in the ChangeLog at https://github.com/vmware/open-vm-tools/blob/stable-13.0.10/open-vm-tools/ChangeLog. There are no new features in the open-vm-tools 13.0.10 release. This is primarily a maintenance release that addresses a fix. A minor enhancement has been made for Guest OS Customization. The DeployPkg plugin has been updated to handle a new cloud-init error code that signals a recoverable error and allow cloud-init to finish running. For a more complete description of what's new in this release, see the What's New and Resolved Issues sections of the Release Notes. ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11 - rename transactional_base to immutable_base ==== pulseaudio ==== Subpackages: libpulse-mainloop-glib0 libpulse0 pulseaudio-setup pulseaudio-utils - Remove pulseaudio-rpmlintrc which only had filters for the pulseaudio-gdm-hooks subpackage which was moved to the gdm package. - Added permissions for the ghost dir /var/lib/pulseaudio. ==== sdbootutil ==== Version update (1+git20260115.cd41d07 -> 1+git20260127.6240918) Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper sdbootutil-tukit - Update to version 1+git20260127.6240918: * Correctly replace the boot entry with a new name - Update to version 1+git20260122.dd5ba5c: * Fix boot entries detection when boot counting is enabled * [.github]: Improve issue templates ==== shadow ==== Subpackages: libsubid5 login_defs shadow-pw-mgmt - Add shadow-utils Provides for compatibility with RH/Fedora packages - Remove --enable-account-tools-setuid build flag: This was a leftover. The package builds chgpasswd, chpasswd, groupadd, groupdel, groupmod, newusers, useradd, userdel, and usermod as setuid binaries via this flag and then strips the setuid bit again in the install section. See gh/shadow-maint/shadow#1518 - Cleanup PAM config files which are no longer needed: groupadd, groupdel, groupmod, useradd, userdel, usermod ==== systemd-presets-common-SUSE ==== - Enable vpdupdate service for lsvpd (jsc#PED-14567). ==== xen ==== Version update (4.21.0_02 -> 4.21.0_04) - bsc#1257399 - Package xen doesn't build with glibc 2.43 glibc2.43-fixes.patch - bsc#1256745 - VUL-0: CVE-2025-58150: xen: x86: buffer overrun with shadow paging + tracing (XSA-477) xsa477.patch - bsc#1256747 - VUL-0: CVE-2026-23553: xen: x86: incomplete IBPB for vCPU isolation (XSA-479) xsa479.patch - Drop x86-ioapic-ack-default.patch Upstream changes make this patch unnecessary.