Packages changed: fwupd (2.0.20 -> 2.1.1) glslang (16.2.0 -> 16.3.0) kdenetwork-filesharing (25.12.3 -> 26.04.0) kdump lcms2 (2.19 -> 2.19.1) lftp libexif (0.6.25 -> 0.6.26) libgit2 (1.9.2 -> 1.9.3) memtest86+ (7.20 -> 8.00) ncurses python-kiwi (10.2.38 -> 10.3.3) shadow smartmontools === Details === ==== fwupd ==== Version update (2.0.20 -> 2.1.1) Subpackages: fwupd-bash-completion fwupd-lang libfwupd3 typelib-1_0-Fwupd-2_0 - Update to version 2.1.1: + This release adds the following features: - Add a new fwupd security check for HP Sure Start - Add a new plugin to verify Intel CSME using SMBIOS data - Add a new tpm-eventlog command to explain the TPM eventlog output - Add CycloneDX and SPDX support to uSWID - Add support for AMD Platform Secure boot - Add support for changing AMD GPU UMA carveout size - Add support for emulation for bluetooth devices - Allow systems to use the udev event source without using systemd - Disable the UEFI plugins on 32bit x86 - Drop support for GPG signing of metadata and firmware - No longer depend on json-glib, libarchive or protobuf-c - Remove the concept of blocked firmware - Show translated problems when a device cannot be installed + This release fixes the following bugs: - Add a timeout to the fwupd-refresh systemd unit - Allow systemd service to access block-sr devices - Always show the correct new firmware version in 'fwupdmgr get-history' - Be more defensive with invalid Corsair device responses - Cache the payload verification result to speed up installing modem firmware - Check for integer overflow when constructing a partial stream - Clear the remaining qc-firehose power reset logs - Decompress a zip file in Aver HID rather than a bz2 archive - Do not allow efivar update without TIME_BASED_AUTHENTICATED_WRITE_ACCESS - Do not hang when parsing an invalid USB descriptor - Do not include EV_NO_ACTION when calculating the TPM PCRs - Do not return an error if the fastboot property is not provided - Do not show all IDs as GUIDs if adding quirks after device setup - Find shim when using systemd-boot and distro-specific locations - Fix activation of dell-kestrel NVM when composite updates are completed - Fix a dell-dock regression when enumerating the status component - Fix a fuzzer timeout when parsing a Synaptics RMI SBL container - Fix a missing error check when updating Genesys USB hubs - Fix a potential heap OOB read in AMD Kria SOM EEPROM parser - Fix a potential Logitech HID++ hang when parsing unexpected payload IDs - Fix a potential out-of-bounds read in Dell dock - Fix a regression causing MBIM QDU updates to fail - Fix a regression when installing on the HP G5 dock - Fix a small memory leak when removing a bluetooth device - Fix an integer underflow when parsing a malicious PE file - Fix get-updates --json silently skipping UPDATABLE_HIDDEN devices - Fix the snapd-uefi request when multiple updates are processed - Honor polkit auth for emulation tag modify device - Make Logitech HID++ devices using RDFU actually work - Only load the history database in the daemon when required - Refactor the Snap support out into a new plugin - Remove a warning when updating Intel GSC OPROMDATA - Remove the bcm57xx recovery device support - Require a CHID for generic ElanTP devices - Speed up calculating the cabinet checksum by ~20% - Support 8bitdo firmware with multiple packed images - Try to claim the DFU USB interface more than once - Use crc32() from zlib.h when computing the most common kind of CRC32 - Verify the uncompressed size when decompressing CAB files + This release adds support for the following hardware: - Blestech Touchpads - ELAN Haptic MCU devices - FocalTouch devices - Himax Touchscreens - HP Engage One G2 Advanced Hub - KATAR PRO Wireless Gaming Dongle - Lenovo keyboard and mice accessories - Lenovo Sapphire Folio Keyboard - Lightware Taurus HC40 and HC60 - Novatek touchscreens - PixArt Touchpads - Rolling RW101-CAT12 modems - Sunwinon HID devices - Drop no longer required BuildRequires: pkgconfig(json-glib-1.0), pkgconfig(libarchive), and pkgconfig(protobuf). - Drop upstream merged patch 0001-Allow-systemd-service-to-access-block-sr-cdrom-devic.patch - Drop fwupd-bsc1130056-change-shim-path.patch: no longer applicable. ==== glslang ==== Version update (16.2.0 -> 16.3.0) - Update to release 16.3.0 * Deprecated the HLSL front-end. ==== kdenetwork-filesharing ==== Version update (25.12.3 -> 26.04.0) Subpackages: kdenetwork-filesharing-lang - Update to 26.04.0 * New feature release * For more details please see: * https://kde.org/announcements/gear/26.04.0/ - No code change since 26.03.90 - Update to 26.03.90 * New feature release - No code change since 26.03.80 - Update to 26.03.80 * New feature release - Changes since 25.12.3: * Handle service being an alias * filepropertiesplugin: Refactor the plugin initialization logic * filepropertiesplugin: Enable and start the Samba service if needed * filepropertiesplugin: Move the kauth helper into a directory, and give it a unique name * filepropertiesplugin: Use non-deprecated Connections syntax * filepropertiesplugin: Clip the user list and disable scrolling in its comboboxes * cmake_minimum_required: drop outdated FATAL_ERROR arg * filepropertiesplugin: Fix regression in smbd path lookup - Drop patch, merged upstream: * 0001-filepropertiesplugin-Fix-regression-in-smbd-path-loo.patch ==== kdump ==== - drop unconditional calibrate BuildRequires ==== lcms2 ==== Version update (2.19 -> 2.19.1) - Update to version 2.19.1 * Fixed sonames generation when using autotools. * Recovered an undocumented memory write feature lost because a "security" report. ==== lftp ==== - Drop update-alternatives BuildRequires and Requires(post|postun): u-a code was removed from lftp package back in July 2023. ==== libexif ==== Version update (0.6.25 -> 0.6.26) - libexif-0.6.26 (2026-04-14): * Security issues fixed: * CVE-2026-40386: An unsigned integer underflow in Fuji and Olympus makernote handling (bsc#1262001) * CVE-2026-40385: An unsigned integer overflow on 32bit systems in Nikon makernote handling (bsc#1262000) * CVE-2026-32775: A buffer overwrite via integer underflow in makernote handling (bsc#1259755) * handle JPEG APP3 marker * added EXIF_TAG_IMAGE_DEPTH tag * translations updated: Arabic, German, Spanish, Polish, Romanian, Serbian, Swedish, Ukrainian, Chinese ==== libgit2 ==== Version update (1.9.2 -> 1.9.3) - update to 1.9.3: * bugfixes and compatibility improvements particularly around SHA256 support ==== memtest86+ ==== Version update (7.20 -> 8.00) - Update to 8.00 - Add support for latest Intel CPUs - Add support for latest AMD CPUs - Faster detection for many-cores CPUs - Added Temperature reporting on DDR5 - Added optional Dark Mode - Fix DDR5 XMP 3.0 issue - Better BadRAM support and reporting - Better SPD detection on early ICHs - Better support for VTxxx serial console - Various refinements for Loongson µarch - Bug fixes & optimizations ==== ncurses ==== Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Remove fix-mouse.patch as it is verified that patch 20260418 includes the fix (boo#1253379) ==== python-kiwi ==== Version update (10.2.38 -> 10.3.3) - Bump version: 10.3.2 → 10.3.3 - Relax check_checkmedia_used_with_msdos_table Relax this runtime check to only apply for tagmedia/checkmedia versions < v6.6. Newer versions also supports GPT. This Fixes bsc#1262229. - Fix TW aarch64 integration tests systemd-sysvinit package got deleted from TW - Do not hardcode dracut omit module in live builder This is a relict from the old days when the pure presence of multipath in a live ISO caused issues at boot time. kiwi should not maintain a hardcoded list of dracut modules except for those that are mandatory for live boot, if there should be any special setting needed it should come from an overlay setup in /etc/dracut.conf.d/*.conf as part of the image description. This is related to bsc#1260340 - Bump version: 10.3.1 → 10.3.2 - Fix TW integration tests systemd-sysvinit package got deleted from TW - Update debian integration test Add a test user (someone) and make sure to install login and other essential packages explicitly. Also use the main console for the Disk profile as example for see the installation workflow without a serial console attached - Update documentation for devicepersistency Setting the devicepersistency also impacts an eventually created install image. This information was missing in the documentation. - Fix toctree in documentation The toctree directive does not support the 'only' statement - Update contribution chapter Update contribution chapter with regards to AI usage and also fixing outdated information regarding the project - Do not manually edit the grubenv file Make sure to use grub2-editenv for changing content in the grub env blob. This Fixes #2986 - Fix inconsistent comments regarding OVA creation Prior open-vmdk the ovftool was used to create OVA images. There are some left over misleading comments in code which gets fixed by this commit. This is related to Issue #2292 - Recreate VTOC with fdasd before recreating partitions Changing partitions with fdasd after a parted resize leads to an internal error because some internal structures mismatch. Work around that by recreating the partition table initially. - Let udev settle after partition resize The partition resize (resp. recreation) causes udev to remove the partition from /dev temporarily. Make sure it's back before attempting to resize the filesystem. - Bump version: 10.3.0 → 10.3.1 - Update Red Hat distribution CA certificate tool In the original commit, we used `update-ca-certificates` for Red Hat based distributions. This was a mistake, as since earlier versions of RHEL it has used `update-ca-trust` instead. This commit fixes that earlier mistake. - Refactor use of kiwi settings file KIWI supports an optional runtime configuration file for settings to control the behavior of the tools used by KIWI on the build host. So far this config file could be specified via --config or is searched in the user's HOME or looked up as /etc/kiwi.yml. With this commit the following changes to this heuristic are made: 1. Support reading of /etc/kiwi.yml.d/*.yml 2. Support reading of /usr/share/kiwi/kiwi.yml and /usr/share/kiwi/kiwi.yml.d/*.yml 3. Install default settings file as /usr/share/kiwi/kiwi.yml.example from the main package and drop it from kiwi-man-pages which was considered a weird place. - Fixed raid integration test Was missing console setting - Bump version: 10.2.45 → 10.3.0 - Fix race condition on architecture setting Make sure to not inherit arch settings from parallel runs of the unit tests. - Fix caller environment for non chroot scripts Make sure non chroot scripts also knows about the kiwi profile environment such that e.g. the current profile name or other settings from the build can be used in the script - workaround patch to make it render For some reason the idref of :contact on the main page is not available on the docbook side. If possible this workaround should go away - Fix bootloader setup with custom partitions If there is a custom partitions setup which provides bootloader tools e.g. grub2-mkconfig at a path that is now in a custom partition e.g /usr, those tools will not be found because the respective bootloader code providing the system environment did not mount them. This commit makes sure also custom partitions are taken into account for all bootloader actions. This Fixes #2160 - Add schema rule for use of btrfs type attributes The btrfs type attributes are not effectively used when LVM was selected as the volume manager or the filesystem is not btrfs. Instead of silently building an image that ignores these settings a schema rule is introduced to check and prevent that combination. This Fixes #2305 - Update spec file due to new package restrictions On SUSE new package restrictions where added to support the concept of the so called immutable mode. The new guideline says "Any files in the RPM spec %files section that are not in /usr or /etc is likely to break in Immutable Mode". For ... changelog too long, skipping 268 lines ... - Bump version: 10.2.39 → 10.2.40 ==== shadow ==== Subpackages: libsubid5 login_defs shadow-pw-mgmt - Use `%verify(not mode caps)` and remove setuid bit for newgidmap and newuidmap. Related to gh/openSUSE/post-build-checks#66 - shadow-util-linux.patch: util-linux-2.42 introduced new variable: LOGIN_SHELL_FALLBACK. Recognize it and update dependencies. The patch includes gh/shadow-maint/shadow/pull#1621. - shadow-login_defs-check.sh: Adjust for new quilt. ==== smartmontools ==== - Update smartmontools-drivedb.h to the latest version from the upstream branch 7.5.