Packages changed: bash blog (2.45 -> 2.46) cryptsetup kernel-firmware-amdgpu (20260614 -> 20260629) kernel-firmware-bluetooth (20260618 -> 20260629) kernel-firmware-i915 (20260610 -> 20260706) kernel-firmware-iwlwifi kernel-firmware-media (20260610 -> 20260706) kernel-firmware-mediatek (20260619 -> 20260629) kernel-firmware-nvidia kernel-firmware-platform (20260610 -> 20260629) kernel-firmware-qcom (20260619 -> 20260629) kernel-firmware-realtek (20260614 -> 20260629) kernel-firmware-sound (20260618 -> 20260706) permissions (1699_20260512 -> 1699_20260707) python-rpds-py (0.30.0 -> 2026.6.3) qemu (10.2.2 -> 11.0.2) ucode-amd wget wpa_supplicant === Details === ==== bash ==== Subpackages: bash-sh - Add workaround for msginit which ignores SOURCE_DATE_EPOCH (boo#1268542) ==== blog ==== Version update (2.45 -> 2.46) Subpackages: libblogger2 - Update to version 2.46 Implement Plymouth-compatible display-message and hide-message commands This commit adds support for the display-message and hide-message Plymouth commands, allowing external tools to print status updates directly to the boot console via blogctl. Key changes: Add MAGIC_SHOW_MSG and MAGIC_HIDE_MSG protocols to blogctl and parse the --text= argument using getopt_long_only(). Broadcast display-message payloads to all active hardware consoles via c->out() to ensure immediate visual feedback, while simultaneously logging it to /var/log/boot.log via copylog(). Add \r\n line endings to printed messages to prevent the staircase effect on serial terminals operating in raw mode. Handle hide-message as a visual no-op (replying with an ACK only) to deliberately avoid ANSI clear-screen sequences that would corrupt the output on line-based, half-duplex consoles like the s390x 3215. Update the blogctl.8 manual page to document the new commands and their specific behavior regarding screen clearing. Implement Plymouth-compatible ask-for-password and ask-question commands This commit extends blogctl to act as a lightweight, fully functional replacement for Plymouth's interactive prompt commands, allowing scripts to securely ask for passwords or questions on the system console. Key changes: Add support for ask-for-password and ask-question in blogctl. Use getopt_long_only() to robustly parse GNU-style long options (--prompt, --command, --number-of-tries, --dont-pause-progress). Offload the retry-loop and command execution (popen) entirely to the blogctl client, keeping the blogd daemon simple and secure. Fix an epoll EEXIST crash in console.c by separating the daemon's process state (asking) from the requested prompt type (ask_mode), resolving a race condition during socket handler registration. Comply strictly with the Plymouth protocol: enforce 1-byte prompt length limits, handle little-endian length headers (le32toh), and ensure null-terminated payloads via asprintf. Update the blogctl.8 manual page to document the new commands. Back to use constructor for initial seed for the process lifetime and inherited across fork() Make tty wait logic real and fix SIGHUP/inotify cleanup Better in-memory reversible obfuscation for cached passwords This is not cryptographic protection against a memory-reading attacker. It is only meant to avoid trivial/plaintext exposure in memory. Fix resource leaks and harden IPC validations This commit addresses several issues found by static code analysis, focusing on memory hygiene, file descriptor management, and robust error handling. Key changes: Fix memory and file descriptor leaks in error paths (proc.c, shm.c, tty.c) and ensure all pending coldstart requests are freed on shutdown. Harden the systemd ask-password interface by adding boundary checks for UNIX socket paths, verifying sendto payloads, and gracefully handling missing directories during early boot without fatal errors. Improve IPC protocol safety by strictly validating the MAGIC_CHROOT argument (must be an absolute path) and sending an explicit NACK on failure. Prevent stale terminal states on s390x by clearing the VMCP cache prior to parsing a new QUERY TERMINAL reply. User the --wait option of the blogctl quit command Add an --wait option specially for quit of blogctl Fix gh##7 setting blog.silent=true causes it to be non-silent Make shared library a executable Refactor daemon to use synchronous signalfd and epoll event loop This commit migrates the core architecture from traditional, asynchronous signal handling to a modern, synchronous event loop using signalfd. By integrating signal handling directly into the epoll multiplexer, we eliminate race conditions, unexpected EINTR interruptions during I/O operations, and complex reentrancy issues. Key changes: Add setup_signalfd() to block essential signals (SIGINT, SIGQUIT, SIGTERM, SIGSYS, SIGIO, SIGCHLD) globally and route them through a dedicated file descriptor monitored by epoll. Shield epoll_pwait() using a fully populated signal mask (omask) to guarantee uninterrupted I/O processing. Prevent socket handlers (MAGIC_SYS_INIT, MAGIC_CLOSE) from accidentally unblocking signals and resetting dispositions when signalfd is active. Sanitize the inherited signal mask in forked child processes (e.g., systemd password prompts on tty) by resetting it to an empty mask via sigprocmask(), ensuring agents run without restrictions. Replace the ALIGNED_SIZEOF macro with a cleaner align_up(type, boundary) macro and fix memset() sizes to correctly zero out trailing padding bytes. Update the Makefile to compile a stripped-down fallback object (signals_stripped.o compiled with -DNO_SIGNALFD) to ensure the passive libblogger.so library remains unaffected by the signalfd architecture. Some minor changes in quit and umount unit services The HVC consoles are like sclp console and can do colours as well - Silent some rpmlint warnings ==== cryptsetup ==== Subpackages: libcryptsetup12 - Fix for (bsc#1270254) to avoid undesired pinning of all volume keys (via the thread keyring) through the caller's credentials when the kernel opens a file. This is due to the refactoring in kernel commit a28d893eb327 ("md: port block device access to file") that accidentally causes the caller's thread keyring to be kept alive long beyond the caller's lifetime, the kernel part is tracked in (bsc#1270252). * Add keyring key type. [b6fb6fc0] * Load volume keys in intermediary keyring linked in thread keyring. [413a3dd0] * Use unique intermediary keyring name per device. [04ef07a7] * Add regression tests. [bfcb0c38, bb5e8e9f, e6573494, aa214c09] * Add upstream patches: - cryptsetup-Add-keyring-key-type.patch - cryptsetup-Load-volume-keys-in-intermediary-keyring-linked-in-t.patch - cryptsetup-Use-unique-intermediary-keyring-name-per-device.patch - cryptsetup-tests-revoke-keys-instead-unlinking-from-thread-keyr.patch - cryptsetup-tests-verify-VK-and-internal-keyring-cleanup-after-p.patch - cryptsetup-tests-refactor-keyring-helpers.patch - cryptsetup-tests-verify-intermediary-keyring-cleanup-after-cryp.patch ==== kernel-firmware-amdgpu ==== Version update (20260614 -> 20260629) - Update to version 20260629 (git commit 3ee099cd4a20): * amdgpu: DMCUB updates for various ASICs * amdgpu: DMCUB updates for various ASICs ==== kernel-firmware-bluetooth ==== Version update (20260618 -> 20260629) - Update to version 20260629 (git commit 3ee099cd4a20): * QCA: Update Bluetooth QCA6698 firmware to 2.1.2-00072 ==== kernel-firmware-i915 ==== Version update (20260610 -> 20260706) - Update to version 20260706 (git commit 2c35b1ed46f6): * xe: Release GuC firmware for NVL-S - Update aliases from 7.1 / 7.2-rc1 ==== kernel-firmware-iwlwifi ==== - Update aliases from 7.1 / 7.2-rc1 ==== kernel-firmware-media ==== Version update (20260610 -> 20260706) - Update to version 20260706 (git commit 2c35b1ed46f6): * qcom: vpu: add Gen2 firmware binary for Purwa ==== kernel-firmware-mediatek ==== Version update (20260619 -> 20260629) - Update to version 20260629 (git commit 3ee099cd4a20): * mediatek MT7922: update bluetooth firmware to 20260605203811 * mediatek MT7925: update bluetooth firmware to 20260605184935 * linux-firmware: update firmware for MT7925 WiFi device * linux-firmware: update firmware for MT7922 WiFi device - Update aliases ==== kernel-firmware-nvidia ==== - Update aliases from 7.1 / 7.2-rc1 ==== kernel-firmware-platform ==== Version update (20260610 -> 20260629) - Update to version 20260629 (git commit 3ee099cd4a20): * linux-firmware: Update AMD SEV firmware * nxp: add firmware for IW61x WiFi device - Update aliases ==== kernel-firmware-qcom ==== Version update (20260619 -> 20260629) - Update to version 20260629 (git commit 3ee099cd4a20): * qcom: add LPAICP firmware for shikra platform - Update aliases ==== kernel-firmware-realtek ==== Version update (20260614 -> 20260629) - Update to version 20260629 (git commit 3ee099cd4a20): * rtw89: 8852a: add TX power track R34 - Update aliases ==== kernel-firmware-sound ==== Version update (20260618 -> 20260706) - Update to version 20260706 (git commit 2c35b1ed46f6): * cirrus: cs35l56: Update firmware for the ASUS UX5406SA - Update to version 20260703 (git commit c95059a3774b): * cirrus: cs42l45: Update CS42L45 SDCA codec firmware for Dell laptops * cirrus: cs35l56: Add firmware for Cirrus Amps for a few Dell laptops - Update to version 20260629 (git commit 3ee099cd4a20): * linux-firmware: qcom: sync audioreach firmwares from v1.0.4 build * linux-firmware: Add firmware for new projects - Update aliases ==== permissions ==== Version update (1699_20260512 -> 1699_20260707) Subpackages: permctl permissions-config - Update to version 1699_20260707: * profiles: add cap_perfmon for ksystemstats6 (bsc#1262779) ==== python-rpds-py ==== Version update (0.30.0 -> 2026.6.3) - Update to 2026.6.3: * Update to PyO3 0.28.0 * Drop support for 3.10. Add 3.15. ==== qemu ==== Version update (10.2.2 -> 11.0.2) - Update to latest stable release (11.0.2) Full backport list here: https://lore.kernel.org/qemu-devel/20260627082913.181C717AB6B@think4mjt.localdomain/ Bugs and CVEs fixed: - bsc#1268794 (CVE-2026-48914) A selection of them is reported here below: linux-user: Fix AT_PHDR when program headers are relocated into their own segment hw/pci: Replace assert with bounds check and return ppc/pnv_phb3: Error out on invalid config access linux-user/xtensa: fix unlock of uninitialized frame pointer on sigreturn linux-user/xtensa: save/restore FP registers across signal delivery target/xtensa: add cpu_set_fcr/fsr helpers to sync fp_status target/arm/hvf: Stop pre-allocating cpreg_vmstate arrays ui/sdl2: Set GL ES profile before creating initial GL context ui/sdl2: Explicitly specify EGL platform hw/9pfs: reject . and .. in Twstat rename hw/9pfs: fix abort due to illegal name with Twstat rename gdbstub: Update x86 control register bits target/i386: apply mod to immediate count of an RCL/RCR operation hw/uefi: fix parse_hexstr target/riscv: mask vxrm csrw write to the low 2 bits disas/riscv.c: fix inst_length() target/riscv/tcg: disable svnapot if satp_mode < sv39 target/riscv/cpu_helper.c: add PMA access fault target/riscv/cpu_helper.c: fault with reserved PTE.PBMT val target/riscv/insn_trans/trans_rvzicbo.c.inc: save opcode before helpers disas/riscv.c: add 'cbo' insns to disassembler target/riscv/csr.c: fix mstatus.UXL reserved value target/riscv/csr.c: do not allow mstatus MPV/GVA writes target/riscv/tcg: disable svpbmt if satp_mode < sv39 target/riscv/cpu_helper.c: allow LOAD_ADDR_MIS promotion to AMO fault virtio: Allow to fill a whole virtqueue in order amd_iommu: Reject non-decreasing NextLevel in fetch_pte() amd_iommu: Follow root pointer before page walk and use 1-based levels libvduse: fix buffer overflow in vduse_queue_read_indirect_desc() libvhost-user: fix buffer overflow in virtqueue_read_indirect_desc() tests/qtest: Add amd-iommu command buffer head wrap test amd_iommu: Update command buffer head ptr in MMIO region after wraparound amd_iommu: restrict command buffer head/tail ranges to ring size linux-user: add preadv2/preadv2 system/rtc: Fix a possible year-2038 integer overflow problem linux-user/strace: add fsmount series of syscalls linux-user: implement fsmount(2) series of syscalls fpu: Handle all rounding modes in partsN_uncanon_normal hw/usb/hcd-ohci: Clean up USBPacket before freeing ISO TD packet qed: Don't try to flush during incoming migration iotests: test shared mmap for fuse export block/export/fuse: set FUSE_DIRECT_IO_ALLOW_MMAP flag to fix regression block/export/fuse: use struct fuse_init_in qcow2: Fix data loss on zero write with detect-zeroes=unmap iotests/046: Test that discard/write_zeroes wait for dependencies qcow2: Fix corruption on discard during write with COW qemu-io: Add 'aio_discard' command virtio-blk: add missing VIRTIO_BLK_T_SCSI_CMD size check (CVE-2026-48914) block/io: fallback to bounce buffer if BLKZEROOUT is not supported because of alignment hw/i3c: fix CMD/data FIFO depth reset values to match real silicon s390x/pci: Fix interrupt forwarding disable for interpreted devices target/s390x: Make container ids in SysIB_15x 1-based lcitool: remove Cirrus CI support gitlab: remove x64-freebsd-14-build Cirrus job gitlab: add initial MacOS 15 on gitlab runner ci: drop cirrus MacOS build tests/unit: add test-envlist covering setenv/unsetenv name matching util/envlist: fix prefix-match in envlist_unsetenv() name lookup ... - Fix bsc#1268279, bsc#1268245, bsc#1263098: * [openSUSE][RPM] spec: fix post-build-checks failure for qemu-tools (bsc#1263098) * [openSUSE][RPM] spec: fix missing unversioned ppc64 cross-compiler binaries (bsc#1268245) * ppc/spapr: Skip system reset for quiesced CPUs (bsc#1268279) - Update to latest stable release (11.0.1) Full backport list here: https://lore.kernel.org/qemu-devel/20260528061820.CEE521691A9@think4mjt.localdomain/ A selection of them is reported here below: block/graph-lock: fix missed wakeup in bdrv_graph_co_rdunlock() commit: Drain nodes across all of bdrv_commit() block: Add more defaults to DEFAULT_BLOCK_CONF block: Create DEFAULT_BLOCK_CONF macro ide-test: Test reset during TRIM ide-test: Factor out wait_dma_completion() ide: Clean up ide_trim_co_entry() to be idiomatic coroutine code ide: Minimal fix for deadlock between TRIM and drain block: Add flags parameter to blk_*_pdiscard() block: Add blk_co_start/end_request() and BDRV_REQ_NO_QUEUE blkdebug: Add 'delay-ns' option linux-user/sh4: Fix setup_sigtramp to match Linux kernel trampoline pattern linux-user/sh4: Fix target_ucontext tuc_link field type linux-user: Fix AT_EXECFN in AUXV for symlinked programs hw/nvme: fix admin cq msix setup target/arm/hvf: Fix WFI halting to stop idle vCPU spinning tests/functional/qemu_test/asset.py: Don't use setxattr when it doesn't exist hw/remote/machine.c: Mark x-remote machine as OK for AArch64 and AArch32 meson.build: Add -fzero-init-padding-bits=all tests/qtest/iommu-smmuv3-test: Skip if no TCG GICv3 device present ati-vga: fix ati_set_dirty address calculation hw/i2c/microbit_i2c: Don't index off end of twi_read_sequence[] aspeed/hace: Prevent total_req_len overflow aspeed/hace: Fix out-of-bounds read in has_padding() hw/misc/aspeed_sbc: Add bounds checking for OTP write operations hw/display/cirrus_vga: Fix packed-24 color-expansion transparent copies ... changelog too long, skipping 68 lines ... * [openSUSE][RPM] spec: enable passt support ==== ucode-amd ==== - Install README, too ==== wget ==== - Fix buffer underflow in clean_metalink_link [bsc#1271033, CVE-2026-58469] * CVE-2026-58469.patch - Fix integer overflow in parse_content_range [bsc#1271034, CVE-2026-58470] * CVE-2026-58470.patch - Fix buffer size handling in filename conversion [bsc#1271035, CVE-2026-58471] * CVE-2026-58471.patch - Fix integer+buffer overflow in html_quote_string [bsc#1271036, CVE-2026-58472] * CVE-2026-58472.patch ==== wpa_supplicant ==== - Add Require-network_ctx-and-AKMP-match-for-accepting-PMK.patch https://w1.fi/security/2026-2/ - Add SAE-Fix-crash-due-to-NULL-pointer-dereference-in-H2E.patch https://w1.fi/security/2026-3/ - Add CVE-2026-58374.patch: Missing multi-link parsing validation in wpa_supplicant and hostapd (bsc#1269892) - Add wpa_supplicant_support_pem_encoded_chain.patch: OpenSSL: Support PEM encoded chain from ca_cert blob (bsc#1258365).