Packages changed: GraphicsMagick (1.3.46 -> 1.3.47) aaa_base (84.87+git20260602.e901e17e -> 84.87+git20260610.3b5a868c) flatpak (1.16.6 -> 1.18.0) fwupd (2.1.4 -> 2.1.5) ldns (1.9.0 -> 1.9.2) netcfg openSUSE-release (20260610 -> 20260611) perl-IO-Tty (1.290.0 -> 1.310.0) policycoreutils selinux-policy sendmail texlive xdg-desktop-portal (1.20.4 -> 1.22.0) xorg-x11-server === Details === ==== GraphicsMagick ==== Version update (1.3.46 -> 1.3.47) Subpackages: libGraphicsMagick++-Q16-12 libGraphicsMagick-Q16-3 libGraphicsMagick3-config - version update to 1.3.47 * DPX: Fix subsampling validation logic which was failing due to incorrect logic. This avoids a divide by zero possibility. * JNG writer: Properly handle and report the case where ImageToBlob()returns NULL. * MNG writer: Enforce that MNG only supports a color palette up to 256 colors (ImageMagick CVE-2026-28690). * MagickXImageWindowCommand(): Assure that static buffer does not overflow if the user keeps a numeric key depressed (ImageMagick CVE-2026-33535). * PCD: Prevent an out of bounds read (ImageMagick security advisory GHSA-wrhr-rf8j-r842). * PNG writer: Detect and report an excessively large profile, an other unexpected conditions (ImageMagick CVE-2026-30883). * RenderFreetype(): Use MagickConfirmAccess() to verify that font file name is allowed to be read. * TIFF EXIF IFD writer: Detect and prevent infinite looping (EXIF IFD writer code may be excluded by the -DEXPERIMENTAL_EXIF_TAGS=0 define). * TIFF EXIF IFD writer: Only transfer tags from EXIF and GPS IFDs. Do not transfer tags from the main IFDs. * YUV: Fix validation of 'sampling-factor' argument. (ImageMagick CVE-2026-25799). Given that the argument normally comes from a user (rather than an input file) this seems to be a minor security issue at most. * PS, PS2, PS3: Enforce that width and height dimensions, and total pixels, to/from Ghostscript are within the same limits as specified for GraphicsMagick. This helps avoid Ghostscript-based denial of service opportunities. * SVG: Add validations for element id syntax. Reject invalid attribute values which contain single quotes. * XCF: Report an error if there are no layers. Fix two unsigned integer overflow cases. * DescribeImage(): Avoid heap write overflow while parsing the image directory. * and so on, see NEWS.txt - modified patches * GraphicsMagick-CVE-2026-42050.patch (refreshed) * GraphicsMagick-disable-insecure-coders.patch (refreshed) * GraphicsMagick-perl-linkage.patch (refreshed) - deleted patches * GraphicsMagick-CVE-2026-25799.patch (upstreamed) * GraphicsMagick-CVE-2026-26284.patch (upstreamed) * GraphicsMagick-CVE-2026-28690.patch (upstreamed) * GraphicsMagick-CVE-2026-30883.patch (upstreamed) * GraphicsMagick-CVE-2026-33535.patch (upstreamed) - modified patches * GraphicsMagick-perl-linkage.patch (refreshed) ==== aaa_base ==== Version update (84.87+git20260602.e901e17e -> 84.87+git20260610.3b5a868c) Subpackages: aaa_base-extras - Update to version 84.87+git20260610.3b5a868c: * Add missing "=" in alljava.csh (boo#1267423) ==== flatpak ==== Version update (1.16.6 -> 1.18.0) Subpackages: flatpak-remote-flathub flatpak-selinux libflatpak0 system-user-flatpak - Update to version 1.18.0: + Enhancements: - Improve error handling and printed output of flatpak-coredumpctl - Support the AMD vendor specific compute interface (/dev/kfd) via the DRI device permission - Improve the output of flatpak update with failure causes - Improve startup time for fish shell integration + Bug fixes: - Fix building when HAVE_LIBSYSTEMD but not USE_SYSTEM_HELPER is defined - Ignore system bus failures in parental controls check - Fix some return values and replace deprecated GTimeVal with g_get_real_time() - Suppress an unused-result warning in the tests + Updated translations. - Stop passing http_backend=curl to meson setup, no longer needed, nor recognized. - Drop patch fixed upstream: + 1262051-selinux-flatpak.if-should-be-installed-in-distribute.patch ==== fwupd ==== Version update (2.1.4 -> 2.1.5) Subpackages: fwupd-bash-completion fwupd-lang libfwupd3 typelib-1_0-Fwupd-2_0 - Update to version 2.1.5: + This release adds the following features: - Allow overriding the detected CPU vendor to allow more self tests - Allow updating the Windows-specific UEFI CA on dual boot machines - Install the db updates on broken hardware with new firmware + This release fixes the following bugs: - Add tests for the vbe, upower, uefi-sbat, pci-bcr, mtd, gpio and msr plugins - Check the array index in some runtime-generated code - Claim the udev netlink backend before old libusb versions - Expand the netlink socket buffer to prevent packet loss during event floods - Fix a msgpack regression when updating some Huddly cameras - Fix HID feature read buffer size in goodix-tp device probe - Fix reproducible builds - Fix the check-reboot-needed command - Increase the i2c-hid re-bind delay for synaptics-rmi PID 0x96e7 - Parse the dell-dock marketing name in a more safe way - Set a firmware size limit on intel-gsc aux and oprom firmware types - Simplify the engine by only loading the config object once - Use a cryptographically secure RNG when building the idle and inhibit IDs - Use a more appropriate firmware maximum size for Huddly cameras + This release adds support for the following hardware: - Elan touchscreens ==== ldns ==== Version update (1.9.0 -> 1.9.2) Subpackages: libldns3 - Update to version 1.9.2 Insufficient verification that responses belong to a query (CVE-2026-10846, bsc#1267670) - ldns.keyring: updated from https://nlnetlabs.nl/signing-keys/ ==== netcfg ==== - Patch services file in %prep instead of in %install - Spec cleanup - Add missing %verify(not mode) (boo#1263098) - services: remove invalid SIEVE entry, again (was fixed and broken again in 2013 already) boo#1243708, boo#822653 ==== openSUSE-release ==== Version update (20260610 -> 20260611) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== perl-IO-Tty ==== Version update (1.290.0 -> 1.310.0) - updated to 1.310.0 (1.31) see /usr/share/doc/packages/perl-IO-Tty/ChangeLog 1.31 2026-05-24 Todd Rinaldo Bug Fixes: * GH #91, PR #94 - Fix v1.27 regression where _open_tty() always passed O_NOCTTY, preventing make_slave_controlling_terminal() from acquiring a controlling terminal via the POSIX-standard open-without-O_NOCTTY mechanism (it was forced to fall through to an explicit TIOCSCTTY ioctl). _open_tty() now takes an optional noctty flag (default 1 for backward compatibility); make_slave_controlling_terminal() passes 0. * GH #92, PR #93 - Fix openpty() detection on Fedora 33-34 / glibc 2.32-2.33 where LTO flags (-flto=auto) caused the libc-only compile probe to falsely succeed, producing "undefined symbol: openpty" at runtime. Try -lutil before libc; harmless on systems where openpty lives in libc (glibc 2.34+, musl) and necessary where it doesn't. Maintenance: * PR #90 - Address CPANTS kwalitee issues: add LICENSE, SECURITY.md, and CONTRIBUTING.md; add META `provides` for IO::Tty, IO::Pty, and IO::Tty::Constant; use --format=ustar in TARFLAGS to prevent PaxHeader entries in distribution tarballs. * Clean up MANIFEST.SKIP: add #!include_default so ExtUtils::Manifest's built-in skip list is in effect, drop five entries that duplicate those defaults, and add a ^\.claude/ rule. ==== policycoreutils ==== Subpackages: policycoreutils-lang policycoreutils-python-utils python313-policycoreutils - Reintroduce sandbox package (bsc#1266226) and a couple quality of life improvements: add policycoreutils-sandbox-fix-cleanup.patch add sandbox-sandbox-fix-saving-file-changes.patch ==== selinux-policy ==== Subpackages: selinux-policy-targeted - move %postMigration from %posttrans to %post to finish migration and copy user/custom modules to /etc when zypper dup is aborted due different package issue or semodu invocation (fixes boo#1264463) ==== sendmail ==== Subpackages: libmilter1_0 - Skip verification of the mode of sendmail binary (boo#1263098) ==== texlive ==== - Skip verification of the mode of the public binary (boo#1263098) ==== xdg-desktop-portal ==== Version update (1.20.4 -> 1.22.0) Subpackages: xdg-desktop-portal-lang - Update to version 1.22.0: + Bug Fixes: - Correct passing icon GVariant around in the Dynamic Launcher Portal - Improve Document Portal document path resolving for the File Chooser and OpenURI Portals ==== xorg-x11-server ==== Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra - Add missing %verify(not mode) (boo#1263098).