Packages changed: MicroOS-release (20260112 -> 20260113) kernel-source (6.18.4 -> 6.18.5) libsolv (0.7.34 -> 0.7.35) libsoup polkit-default-privs (1550+20251212.3e30f11 -> 1550+20260108.4fc3a54) qemu (10.1.3 -> 10.2.0) wireplumber (0.5.12 -> 0.5.13) === Details === ==== MicroOS-release ==== Version update (20260112 -> 20260113) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== kernel-source ==== Version update (6.18.4 -> 6.18.5) - Update patches.kernel.org/6.18.1-002-jbd2-avoid-bug_on-in-jbd2_journal_get_create_a.patch (bsc#1012628 CVE-2025-68337 bsc#1255482). - Update patches.kernel.org/6.18.1-005-locking-spinlock-debug-Fix-data-race-in-do_raw.patch (bsc#1012628 CVE-2025-68336 bsc#1255481). - Update patches.kernel.org/6.18.1-009-comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_.patch (bsc#1012628 CVE-2025-68335 bsc#1255480). - Update patches.kernel.org/6.18.1-024-comedi-c6xdigio-Fix-invalid-PNP-driver-unregis.patch (bsc#1012628 CVE-2025-68332 bsc#1255483). - Update patches.kernel.org/6.18.1-028-staging-rtl8723bs-fix-stack-buffer-overflow-in.patch (bsc#1012628 CVE-2025-68255 bsc#1255395). - Update patches.kernel.org/6.18.2-006-smack-fix-bug-unprivileged-task-can-create-lab.patch (bsc#1012628 CVE-2025-68733 bsc#1255615). - Update patches.kernel.org/6.18.2-008-gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (bsc#1012628 CVE-2025-68732 bsc#1255688). - Update patches.kernel.org/6.18.2-009-accel-amdxdna-Fix-an-integer-overflow-in-aie2_.patch (bsc#1012628 CVE-2025-68731 bsc#1255696). - Update patches.kernel.org/6.18.2-015-accel-ivpu-Fix-page-fault-in-ivpu_bo_unbind_al.patch (bsc#1012628 CVE-2025-68730 bsc#1255602). - Update patches.kernel.org/6.18.2-017-drm-vgem-fence-Fix-potential-deadlock-on-relea.patch (bsc#1012628 CVE-2025-68757 bsc#1255943). - Update patches.kernel.org/6.18.2-041-wifi-ath12k-Fix-MSDU-buffer-types-handling-in-.patch (bsc#1012628 CVE-2025-68729 bsc#1255692). - Update patches.kernel.org/6.18.2-057-ntfs3-fix-uninit-memory-after-failed-mi_read-i.patch (bsc#1012628 CVE-2025-68728 bsc#1255539). - Update patches.kernel.org/6.18.2-058-ntfs3-Fix-uninit-buffer-allocated-by-__getname.patch (bsc#1012628 CVE-2025-68727 bsc#1255568). - Update patches.kernel.org/6.18.2-063-crypto-aead-Fix-reqsize-handling.patch (bsc#1012628 CVE-2025-68726 bsc#1255598). - Update patches.kernel.org/6.18.2-067-bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO.patch (bsc#1012628 CVE-2025-68725 bsc#1255569). - Update patches.kernel.org/6.18.2-087-crypto-asymmetric_keys-prevent-overflow-in-asy.patch (bsc#1012628 CVE-2025-68724 bsc#1255550). - Update patches.kernel.org/6.18.2-090-wifi-ath11k-fix-peer-HE-MCS-assignment.patch (bsc#1012628 CVE-2025-68380 bsc#1255580). - Update patches.kernel.org/6.18.2-129-RDMA-rxe-Fix-null-deref-on-srq-rq.queue-after-.patch (bsc#1012628 CVE-2025-68379 bsc#1255695). - Update patches.kernel.org/6.18.2-139-bpf-Fix-stackmap-overflow-check-in-__bpf_get_s.patch (bsc#1012628 CVE-2025-68378 bsc#1255614). - Update patches.kernel.org/6.18.2-151-accel-ivpu-Fix-race-condition-when-unbinding-B.patch (bsc#1012628 CVE-2025-68749 bsc#1255724). - Update patches.kernel.org/6.18.2-190-drm-panthor-Fix-UAF-race-between-device-unplug.patch (bsc#1012628 CVE-2025-68748 bsc#1255813). - Update patches.kernel.org/6.18.2-192-drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch (bsc#1012628 CVE-2025-68747 bsc#1255723). - Update patches.kernel.org/6.18.2-195-ns-initialize-ns_list_node-for-initial-namespa.patch (bsc#1012628 CVE-2025-68377 bsc#1255592). - Update patches.kernel.org/6.18.2-196-iommu-amd-Fix-potential-out-of-bounds-read-in-.patch (bsc#1012628 CVE-2025-68760 bsc#1255935). - Update patches.kernel.org/6.18.2-198-spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1012628 CVE-2025-68746 bsc#1255722). - Update patches.kernel.org/6.18.2-206-coresight-ETR-Fix-ETR-buffer-use-after-free-is.patch (bsc#1012628 CVE-2025-68376 bsc#1255529). - Update patches.kernel.org/6.18.2-216-hfs-fix-potential-use-after-free-in-hfs_correc.patch (bsc#1012628 CVE-2025-68761 bsc#1255936). - Update patches.kernel.org/6.18.2-219-perf-x86-Fix-NULL-event-access-and-potential-P.patch (bsc#1012628 CVE-2025-68375 bsc#1255575). - Update patches.kernel.org/6.18.2-223-md-fix-rcu-protection-in-md_wakeup_thread.patch (bsc#1012628 CVE-2025-68374 bsc#1255530). - Update patches.kernel.org/6.18.2-224-md-avoid-repeated-calls-to-del_gendisk.patch (bsc#1012628 CVE-2025-68373 bsc#1255610). - Update patches.kernel.org/6.18.2-225-nbd-defer-config-put-in-recv_work.patch (bsc#1012628 CVE-2025-68372 bsc#1255537). - Update patches.kernel.org/6.18.2-227-scsi-smartpqi-Fix-device-resources-accessed-af.patch (bsc#1012628 CVE-2025-68371 bsc#1255572). - Update patches.kernel.org/6.18.2-228-staging-most-remove-broken-i2c-driver.patch (bsc#1012628 CVE-2025-68755 bsc#1255940). ... changelog too long, skipping 170 lines ... - commit 95bea31 ==== libsolv ==== Version update (0.7.34 -> 0.7.35) Subpackages: libsolv-tools-base libsolv1 - fixed rare crash in the handling of allowuninstall in combination with forcebest updates - new pool_satisfieddep_map feature to test if a set of packages satisfies a dependency - bump version to 0.7.35 ==== libsoup ==== - Add libsoup-CVE-2026-0716.patch: Fix out-of-bounds read for websocket (bsc#1256418, CVE-2026-0716, glgo#GNOME/libsoup!494). - Add libsoup-CVE-2026-0719.patch: Fix overflow for password md4sum (bsc#1256399, CVE-2026-0719, glgo#GNOME/libsoup!493). ==== polkit-default-privs ==== Version update (1550+20251212.3e30f11 -> 1550+20260108.4fc3a54) - Update to version 1550+20260108.4fc3a54: * profiles: whitelist Foomuuri actions (bsc#1254385) ==== qemu ==== Version update (10.1.3 -> 10.2.0) - Build ui-sdl and audio-sdl modules as some applications (like quickemu) requires them. * [openSUSE][RPM]: add enable-sdl and enable-sdl-image flags - Update to version 10.2.0 (jsc#PED-14599) The full list of changes are available at: https://wiki.qemu.org/ChangeLog/10.2 Highlights include: * Arm - New CPU architectural features emulated: FEAT_SCTLR2, FEAT_TCR2, FEAT_CSSC, ... - The deprecated pxa CPU family has now been removed - The gdbstub now exposes the SME and SME2 registers to debuggers - virt: You can now create multiple SMMUv3 devices on the command line, to give separate PCIe roots their own IOMMU * PowerPC - Support for PowerNV11 and PPE42 CPU/Machines. - FADUMP Support for pSeries - Decodetree movement for some floating-point instructions - Firmware updates for SLOF, sam460ex u-boot * x86 - The HPET device does not take the big QEMU lock anymore. - The isapc machine can only use 3.5G memory and will warn when used with 64-bit CPUs. Also, when -cpu max is used with isapc it will pick a Pentium III CPU. - Support for a new accelerator, MSHV, which lets you create VMs from a Hyper-V guest without using nested virtualization. * VFIO - Removal of the deprecated vfio-platform, vfio-calxeda-xgmac and vfio-amd-xgbe devices * TCG Plugins - new uftrace plugin - new hooks for discontinuity events (irqs, host calls and exceptions) * Migration - Supported new cpr-exec migration mode - Supported mapped-ram on snapshot save/load - Fixed a false positive TLS warning when postcopy preempt migration is completing - Fixed source QEMU hang when a postcopy migration failed at switchover phase - Fixed a possible interrupt performance regression after migration when with VFIO-PCI devices - Fixed snapshot crash when migration capabilities were wrongly specified - Fixed COLO regression (since QEMU 10.0) * Block device backends and tools - It is now possible to open both the server and client endpoints of an NBD connection from the same process. Previously, attempting to connect QEMU as an NBD client to a socket being served by the same process would deadlock. - The block limits detected for a block backend (such as required request alignment, maximum request size etc.) are now exposed in QMP as part of the data returned by the 'query-block' and 'query-named-block-nodes' commands. The same information is displayed in 'qemu-img info' if the new option '--limits' is given. - 'stats-intervals' can now be configured in '-device' for block devices. Previously, this was only available in '-drive' (and therefore inaccessible when using '-blockdev'). * Miscellaneous - On host systems that support io_uring, QEMU's main loop is now based on io_uring, which can improve performance in some cases and will enable new features and potentially further performance improvements in the future. - The '-run-with' argument gains a new 'exit-with-parent=on' parameter which, on Linux, FreeBSD and macOS platforms, will ensure QEMU is terminated when the parent process exists. - Fixed possible memory leak on CPU hot plug / unplug - Fixed TDX regression on using hugetlbfs - Fixed guest-memfd use case on shmem - Fixed possible poweroff hang on virtio devices with iommu_platform=on * User-mode emulation - various bugfixes and added features - implement fchmodat2 syscall - support MADV_DONTDUMP and MADV_DODUMP - fix FIBMAP and FIGETBSZ ioctls - permit sendto() with NULL buf and 0 len * Guest agent - Fix truncated output handling in guest-exec status reporting - Fix 'retry_path' logic for Windows service (Windows only) - VSS: Write the hex value of the error in the log (Windows only) ==== wireplumber ==== Version update (0.5.12 -> 0.5.13) Subpackages: libwireplumber-0_5-0 - Update to version 0.5.13: * Additions & Enhancements: - Added internal filter graph support for audio nodes, allowing users to create audio preprocessing and postprocessing chains without exposing filters to applications, useful for software DSP (!743 (merged)) - Added new Lua Properties API that significantly improves performance by avoiding constant serialization between WpProperties and Lua tables, resulting in approximately 40% faster node linking (!757 (merged)) - Added WpIterator Lua API for more efficient parameter enumeration (!746 (merged)) - Added bash completions for wpctl command (!762 (merged)) - Added script to find suitable volume control when using role-based policy, allowing volume sliders to automatically adjust the volume of the currently active role (e.g., ringing, call, media) (!711 (merged)) - Added experimental HDMI channel detection setting to use HDMI ELD information for channel configuration (!749 (merged)) - Enhanced role-based policy to allow setting preferred target sinks for media role loopbacks via policy.role-based.preferred-target (!754 (merged)) - Enhanced Bluetooth profile autoswitch logic to be more robust and handle saved profiles correctly, including support for loopback sink nodes (!739 (merged)) - Enhanced ALSA monitor to include alsa.* device properties on nodes for rule matching (!761 (merged)) - Optimized stream node linking for common cases to reduce latency when new audio/video streams are added (!760) - Improved event dispatcher performance by using hash table registration for event hooks, eliminating performance degradation as more hooks are registered (!765 (merged)) - Increased audio headroom for VMware and VirtualBox virtual machines (!756 (merged)) - Added setting to prevent restoring "Off" profiles via session.dont-restore-off-profile property (!753 (merged)) - Added support for 128 audio channels when compiled with a recent version of PipeWire (pipewire#4995 (closed)) * Fixes: - Fixed memory leaks and issues in the modem manager module (!770 (merged), !764 (merged)) - Fixed MPRIS module incorrectly treating GHashTable as GObject (!759 (merged)) - Fixed warning messages when process files in /proc//* don't exist, particularly when processes are removed quickly (#816 (closed), !717 (merged)) - Fixed MONO audio configuration to only apply to device sink nodes, allowing multi-channel mixing in the graph (!769) - Fixed event dispatcher hook registration and removal to avoid spurious errors (!747 (merged)) - Improved logging for standard-link activation failures (!744) - Simplified event-hook interest matching for better performance (!758 (merged)) - Remove patch already included by upstream: * 0001-automute-alsa-routes.lua-Dont-register_remove-hooks-if.patch