Packages changed: MicroOS-release (20260317 -> 20260318) blog (2.35 -> 2.36) elfutils (0.192 -> 0.194) gpg2 (2.5.17 -> 2.5.18) kdump (2.1.6 -> 2.1.7) kernel-source (6.19.7 -> 6.19.8) openSUSE-build-key zlib-ng-compat (2.3.2 -> 2.3.3) === Details === ==== MicroOS-release ==== Version update (20260317 -> 20260318) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== blog ==== Version update (2.35 -> 2.36) Subpackages: libblogger2 - Update to version 2.36 * If SYS_pidfd_open is not defined use a fallback Include to get __NR_pidfd_open for the definition of SYS_pidfd_open. * Changes to let systemd find plymouth replacements which means to add the appropiate Alias in systemd-ask-password-blog.path and also in systemd-ask-password-blog.service with new Install sections. Also change description in systemd-ask-password-blog.path to hint for blogd as replacement. * Rework password asking method to be asynchronous ==== elfutils ==== Version update (0.192 -> 0.194) Subpackages: libasm1 libdw1 libelf1 - Add elfutils-fix-const-correctness.patch to fix build with new glibc - update to 0.194 elfclassify: New options --has-debug-sections and --any-ar-member. elflint: Presence of vendor- and application-specific ELF note types no longer triggers compliance errors. libdwfl_stacktrace: New function dwflst_sample_getframes. The libdwfl_stacktrace library interface is experimental and may be subject to API/ABI changes. Experimental new library interface for unwinding stack samples into call chains, and tracking and caching Elf data for multiple processes, building on libdwfl. Initially supports perf_events stack sample data. libelf: Manual pages have been added for many libelf library functions. Additional manual pages are planned for future releases. elf_scnshndx has been rewritten to be more robust, particularily for ELF files with more than 64K sections. readelf: Up to 13% faster when using the -N option. Improved handling of corrupt ELF data. - -section-headers output now includes a "Key to Flags" explaining section flag meanings. libdw: Add dwarf_language and dwarf_language_lower_bound functions. Improved support for DWARF6 language metadata as well as DWARF language constants for Nim, Dylan, Algol68, V and Mojo. dwarf_srclang is now forward-compatible with DWARF6 language constants. - Drop no longer necessary fix-static-linking.patch ==== gpg2 ==== Version update (2.5.17 -> 2.5.18) - Update to 2.5.18: * gpg: Support deleting a composite secret key in gpg-agent * gpg: Fix armor parsing when no CRC is found * gpgsm: New option --assert-validsig * agent: Fix the recent regression in pkdecrypt with TPM RSA * scdaemon: Add support for D-Trust Card 6.1/6.4 * dirmngr: Let KS_SEARCH print all uid records for a key Fixes regression since 2015 * gpg-authcode-sign.sh: Keep the log file even on success * Remove patch upstream: - gnupg-gpgscm-New-operator-long-time-t-to-detect-proper-tim.patch ==== kdump ==== Version update (2.1.6 -> 2.1.7) - upgrade to version 2.1.7 * fix VLAN interface naming (bsc#1255300) * fix bonding options for VLAN slaves * fix return value of kdumptool commandline -d (bsc#1257471) * use primary IP address (bsc#1259058) * dracut: avoid error message if /etc/sysctl.conf does not exist * dracut: update dracut hooks path from /lib/dracut to /var/lib/dracut ==== kernel-source ==== Version update (6.19.7 -> 6.19.8) - Linux 6.19.8 (bsc#1012628). - apparmor: fix race between freeing data and fs accessing it (bsc#1012628). - apparmor: fix race on rawdata dereference (bsc#1012628). - apparmor: fix differential encoding verification (bsc#1012628). - apparmor: fix unprivileged local user can do privileged policy management (bsc#1012628). - apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1012628). - apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1012628). - apparmor: fix side-effect bug in match_char() macro usage (bsc#1012628). - apparmor: fix: limit the number of levels of policy namespaces (bsc#1012628). - apparmor: replace recursive profile removal with iterative approach (bsc#1012628). - apparmor: fix memory leak in verify_header (bsc#1012628). - apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1012628). - net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1012628). - net/sched: act_gate: snapshot parameters with RCU on replace (bsc#1012628). - commit 5a5a4f4 - Update patches.kernel.org/6.19.1-003-smb-client-split-cached_fid-bitfields-to-avoid.patch (bsc#1012628 CVE-2026-23230 bsc#1258430). - Update patches.kernel.org/6.19.1-004-ksmbd-fix-infinite-loop-caused-by-next_smb2_rc.patch (bsc#1012628 CVE-2026-23220 bsc#1258432). - Update patches.kernel.org/6.19.1-005-ksmbd-add-chann_lock-to-protect-ksmbd_chann_li.patch (bsc#1012628 CVE-2026-23226 bsc#1258820). - Update patches.kernel.org/6.19.1-006-smb-server-fix-leak-of-active_num_conn-in-ksmb.patch (bsc#1012628 CVE-2026-23228 bsc#1258431). - Update patches.kernel.org/6.19.1-030-crypto-iaa-Fix-out-of-bounds-index-in-find_emp.patch (bsc#1012628 CVE-2025-71231 bsc#1258424). - Update patches.kernel.org/6.19.1-032-crypto-omap-Allocate-OMAP_CRYPTO_FORCE_COPY-sc.patch (bsc#1012628 CVE-2026-23222 bsc#1258484). - Update patches.kernel.org/6.19.1-033-crypto-virtio-Add-spinlock-protection-with-vir.patch (bsc#1012628 CVE-2026-23229 bsc#1258429). - Update patches.kernel.org/6.19.1-035-nilfs2-Fix-potential-block-overflow-that-cause.patch (bsc#1012628 CVE-2025-71237 bsc#1258467). - Update patches.kernel.org/6.19.1-036-hfs-ensure-sb-s_fs_info-is-always-cleaned-up.patch (bsc#1012628 CVE-2025-71230 bsc#1258413). - Update patches.kernel.org/6.19.1-037-wifi-rtw88-Fix-alignment-fault-in-rtw_core_ena.patch (bsc#1012628 CVE-2025-71229 bsc#1258415). - Update patches.kernel.org/6.19.1-038-scsi-qla2xxx-Validate-sp-before-freeing-associ.patch (bsc#1012628 CVE-2025-71236 bsc#1258442). - Update patches.kernel.org/6.19.1-040-scsi-qla2xxx-Delay-module-unload-while-fabric-.patch (bsc#1012628 CVE-2025-71235 bsc#1258469). - Update patches.kernel.org/6.19.1-041-scsi-qla2xxx-Free-sp-in-error-path-to-fix-syst.patch (bsc#1012628 CVE-2025-71232 bsc#1258422). - Update patches.kernel.org/6.19.1-043-sched-mmcid-Don-t-assume-CID-is-CPU-owned-on-m.patch (bsc#1012628 CVE-2026-23225 bsc#1258474). - Update patches.kernel.org/6.19.1-044-bus-fsl-mc-fix-use-after-free-in-driver_overri.patch (bsc#1012628 CVE-2026-23221 bsc#1258660). - Update patches.kernel.org/6.19.1-045-erofs-fix-UAF-issue-for-file-backed-mounts-w-d.patch (bsc#1012628 CVE-2026-23224 bsc#1258461). - Update patches.kernel.org/6.19.1-046-xfs-fix-UAF-in-xchk_btree_check_block_owner.patch (bsc#1012628 CVE-2026-23223 bsc#1258483). - Update patches.kernel.org/6.19.1-047-drm-exynos-vidi-use-ctx-lock-to-protect-struct.patch (bsc#1012628 CVE-2026-23227 bsc#1258472). - Update patches.kernel.org/6.19.1-048-PCI-endpoint-Avoid-creating-sub-groups-asynchr.patch (bsc#1012628 CVE-2025-71233 bsc#1258421). - Update patches.kernel.org/6.19.1-049-wifi-rtl8xxxu-fix-slab-out-of-bounds-in-rtl8xx.patch (bsc#1012628 CVE-2025-71234 bsc#1258419). - Update patches.kernel.org/6.19.3-001-scsi-qla2xxx-Fix-bsg_done-causing-double-free.patch (bsc#1012628 CVE-2025-71238 bsc#1259186). - Update patches.kernel.org/6.19.3-005-fbdev-smscufx-properly-copy-ioctl-memory-to-ke.patch (bsc#1012628 CVE-2026-23236 bsc#1259199). - Update patches.kernel.org/6.19.3-009-f2fs-fix-out-of-bounds-access-in-sysfs-attribu.patch (bsc#1012628 CVE-2026-23235 bsc#1259195). - Update patches.kernel.org/6.19.3-010-f2fs-fix-to-avoid-UAF-in-f2fs_write_end_io.patch (bsc#1012628 CVE-2026-23234 bsc#1259194). - Update patches.kernel.org/6.19.3-012-f2fs-fix-to-avoid-mapping-wrong-physical-block.patch ... changelog too long, skipping 14 lines ... - commit b7e70c1 ==== openSUSE-build-key ==== - move the pqkeys out of gnupg, its not gpg style. ==== zlib-ng-compat ==== Version update (2.3.2 -> 2.3.3) - update to 2.3.3: * Make deflate output deterministic if stream is reused after deflateReset #2102 * minigzip: Fix integer overflow in gz_compress_mmap #2110 * Use GCC's may_alias attribute for access to buffers in crc32_chorba #2078 * Fix false-positive infinite loop warning detected by GCC-14 static analyzer #2101 * Fix warning for potentially uninitialized local variable ft used. #2043