Packages changed: MicroOS-release (20260507 -> 20260509) PackageKit boost-base dracut (110+suse.23.g5d9502c7 -> 110+suse.29.g16072cee) dracut-pcr-signature (0.6+4 -> 0.7+0) glibc kernel-source (7.0.3 -> 7.0.5) krb5 libdnf-plugin-txnupd libsndfile openjph (0.27.0 -> 0.27.1) patterns-containers sdbootutil (1+git20260421.88e40c4 -> 1+git20260506.25d47bf) === Details === ==== MicroOS-release ==== Version update (20260507 -> 20260509) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== PackageKit ==== Subpackages: PackageKit-backend-dnf5 libpackagekit-glib2-18 typelib-1_0-PackageKitGlib-1_0 - spec: requires_ge takes a package name as parameter, not a full NVR.arch string (that just happens to work sometimes): Fix by passing '--qf "%%{name}' to the rpm call identifying the target package name. ==== boost-base ==== Subpackages: boost-license1_91_0 libboost_filesystem1_91_0 libboost_thread1_91_0 - extended baselibs.conf - minor spec file cleanup ==== dracut ==== Version update (110+suse.23.g5d9502c7 -> 110+suse.29.g16072cee) Subpackages: dracut-ima - Update to version 110+suse.29.g16072cee: * fix(dracut-install): remove FTS_NOSTAT in install_modules() fts traversal * fix(systemd-cryptsetup): load libcryptsetup via dlopen * fix(systemd-repart): load libfdisk via dlopen * fix(systemd-sysusers): do not run systemd-sysusers as part of the build process * fix(systemd): revert changes related to deduplication of cryptsetup targets * feat(systemd-coredump): save coredumps to journal ==== dracut-pcr-signature ==== Version update (0.6+4 -> 0.7+0) - Update to version 0.7+0: * Boot the ESP in /sysefi during initrd ==== glibc ==== Subpackages: glibc-locale glibc-locale-base - ibm139x-pending-char-state.patch: Use pending character state in IBM1390, IBM1399 character sets (CVE-2026-4046, bsc#1261206, BZ #33980) ==== kernel-source ==== Version update (7.0.3 -> 7.0.5) - Linux 7.0.5 (bsc#1012628). - xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1012628). - commit 77ae3c4 - Linux 7.0.4 (bsc#1012628). - ipmi:ssif: NULL thread on error (bsc#1012628). - ipmi:ssif: Remove unnecessary indention (bsc#1012628). - netfilter: reject zero shift in nft_bitwise (bsc#1012628). - net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels (bsc#1012628). - mm/slab: return NULL early from kmalloc_nolock() in NMI on UP (bsc#1012628). - mm/page_alloc: return NULL early from alloc_frozen_pages_nolock() in NMI on UP (bsc#1012628). - vmalloc: fix buffer overflow in vrealloc_node_align() (bsc#1012628). - ALSA: aloop: Fix peer runtime UAF during format-change stop (bsc#1012628). - ALSA: caiaq: fix usb_dev refcount leak on probe failure (bsc#1012628). - drm/imagination: Fix segfault when updating ftrace mask (bsc#1012628). - drm/amdgpu: fix zero-size GDS range init on RDNA4 (bsc#1012628). - ipv6: rpl: reserve mac_len headroom when recompressed SRH grows (bsc#1012628). - ALSA: caiaq: Don't abort when no input device is available (bsc#1012628). - ALSA: caiaq: Fix potentially leftover ep1_in_urb at error path (bsc#1012628). - driver core: Add kernel-doc for DEV_FLAG_COUNT enum value (bsc#1012628). - crypto: authencesn - reject short ahash digests during instance creation (bsc#1012628). - mei: me: add nova lake point H DID (bsc#1012628). - mei: me: use PCI_DEVICE_DATA macro (bsc#1012628). - mm: avoid deadlock when holding rmap on mmap_prepare error (bsc#1012628). - mm: various small mmap_prepare cleanups (bsc#1012628). - wifi: mt76: mt792x: fix mt7925u USB WFSYS reset handling (bsc#1012628). - wifi: mt76: mt792x: describe USB WFSYS reset with a descriptor (bsc#1012628). - iio: frequency: admv1013: fix NULL pointer dereference on str (bsc#1012628). - iio: frequency: admv1013: add dev variable (bsc#1012628). - perf loongarch: Fix build failure with CONFIG_LIBDW_DWARF_UNWIND (bsc#1012628). - seg6: fix seg6 lwtunnel output redirect for L2 reduced encap mode (bsc#1012628). - scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails (bsc#1012628). - sched_ext: Documentation: Clarify ops.dispatch() role in task lifecycle (bsc#1012628). - rxgk: Fix potential integer overflow in length check (bsc#1012628). - rtmutex: Use waiter::task instead of current in remove_waiter() (bsc#1012628). - ntfs3: fix integer overflow in run_unpack() volume boundary check (bsc#1012628). - ntfs3: add buffer boundary checks to run_unpack() (bsc#1012628). - NFSv4.1: Apply session size limits on clone path (bsc#1012628). - ktest: Fix the month in the name of the failure directory (bsc#1012628). - IB/core: Fix zero dmac race in neighbor resolution (bsc#1012628). - gtp: disable BH before calling udp_tunnel_xmit_skb() (bsc#1012628). - ceph: only d_add() negative dentries when they are unhashed (bsc#1012628). - ceph: fix num_ops off-by-one when crypto allocation fails (bsc#1012628). - erofs: fix unsigned underflow in z_erofs_lz4_handle_overlap() (bsc#1012628). - dm mirror: fix integer overflow in create_dirty_log() (bsc#1012628). - crypto: nx - Fix packed layout in struct nx842_crypto_header (bsc#1012628). - crypto: nx - fix context leak in nx842_crypto_free_ctx (bsc#1012628). - crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx (bsc#1012628). - crypto: atmel-sha204a - Fix uninitialized data access on OTP read error (bsc#1012628). - crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path (bsc#1012628). - crypto: atmel-sha204a - Fix error codes in OTP reads (bsc#1012628). - crypto: atmel-tdes - fix DMA sync direction (bsc#1012628). - crypto: ccree - fix a memory leak in cc_mac_digest() (bsc#1012628). - crypto: hisilicon - Fix dma_unmap_single() direction (bsc#1012628). - crypto: atmel-ecc - Release client on allocation failure (bsc#1012628). - crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup (bsc#1012628). - crypto: arm64/aes - Fix 32-bit aes_mac_update() arg treated as 64-bit (bsc#1012628). - crypto: acomp - fix wrong pointer stored by acomp_save_req() ... changelog too long, skipping 469 lines ... - commit 2d1ff64 ==== krb5 ==== - Fix Fix two NegoEx parsing vulnerabilities: * CVE-2026-40355, bsc#1263366 * CVE-2026-40356, bsc#1263367 - Add patch 0012-Fix-two-NegoEx-parsing-vulnerabilities.patch ==== libdnf-plugin-txnupd ==== - requires_ge takes a package name as parameter, not a full NVR.arch string (that just happens to work sometimes): Fix by passing '--qf "%%{name}' to the rpm call identifying the target package name. ==== libsndfile ==== - Fix IMA-ADPCM integer overflow (bsc#1263695, CVE-2026-37555): libsndfile-CVE-2026-37555.patch - Fix buffer overflow in the ircam_read_header function (bsc#1248458, CVE-2025-52194): libsndfile-CVE-2025-52194.patch ==== openjph ==== Version update (0.27.0 -> 0.27.1) - Update to 0.27.1: * Adds a check that we do not use reversible Sqcd/Sqcc with irreversible transform * Detecting illegal precinct width or height #269 ==== patterns-containers ==== - Remove incorrect and redundant parent provides in podman subpattern ==== sdbootutil ==== Version update (1+git20260421.88e40c4 -> 1+git20260506.25d47bf) Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper sdbootutil-tukit - Update to version 1+git20260506.25d47bf: * Drop systemd.machine_id if /etc/machine-id is present * Support XBOOTLDR partition * Add CLAUDE.md file * Use command -v instead of hash * Remove dead code * Fix regular expression non-capturing group * Add comment about default values in config file * Clarify when swap is mounted * Fix typo in comment * Exit early if we are outside the initrd * Fix variable name * Fix typo * When cleaning pcrlock.d remove only the content * Do not check in_buildroot when updating entries * update_kernels: Update entries for the system if no snapshot is provided