Packages changed: glib-networking iagno (50.0 -> 50.0+8) kernel-source (7.0.11 -> 7.0.12) less (702 -> 704) libstorage-ng (4.5.329 -> 4.5.330) mariadb (11.8.8 -> 12.3.2) openSUSE-release (20260611 -> 20260612) perl-GD (2.830.0 -> 2.860.0) rsync sudo wicked (0.6.78 -> 0.6.79) === Details === ==== glib-networking ==== Subpackages: glib-networking-lang - Add CVE-2026-10028.patch: tls: detect cycles when setting issuer property (CVE-2026-10028, bsc#1267979, glgo#GNOME/glib-networking!279) ==== iagno ==== Version update (50.0 -> 50.0+8) Subpackages: iagno-lang - Update to version 50.0+8: + Updated translations. ==== kernel-source ==== Version update (7.0.11 -> 7.0.12) - Linux 7.0.12 (bsc#1012628). - Input: usbtouchscreen - clamp NEXIO data_len/x_len to URB buffer size (bsc#1012628). - ACPI: button: Fix ACPI GPE handler leak during removal (bsc#1012628). - ACPI: button: Enable wakeup GPEs for ACPI buttons at probe time (bsc#1012628). - xfrm: move policy_bydst RCU sync from per-netns .exit to .pre_exit (bsc#1012628). - net/sched: sch_sfb: Replace direct dequeue call with peek and qdisc_dequeue_peeked (bsc#1012628). - nfc: llcp: Fix use-after-free in llcp_sock_release() (bsc#1012628). - nfc: llcp: Fix use-after-free race in nfc_llcp_recv_cc() (bsc#1012628). - xfrm: Check for underflow in xfrm_state_mtu (bsc#1012628). - nfc: nxp-nci: i2c: use rising-edge IRQ on ACPI systems (bsc#1012628). - tools/bootconfig: Fix buf leaks in apply_xbc (bsc#1012628). - HID: remove duplicate hid_warn_ratelimited definition (bsc#1012628). - kunit: fix use-after-free in debugfs when using kunit.filter (bsc#1012628). - accel/rocket: fix UAF via dangling GEM handle in create_bo (bsc#1012628). - netfilter: synproxy: refresh tcphdr after skb_ensure_writable (bsc#1012628). - netfilter: xt_cpu: prefer raw_smp_processor_id (bsc#1012628). - netfilter: ebtables: fix OOB read in compat_mtw_from_user (bsc#1012628). - netfilter: nf_tables: fix dst corruption in same register operation (bsc#1012628). - tun: free page on short-frame rejection in tun_xdp_one() (bsc#1012628). - tap: free page on error paths in tap_get_user_xdp() (bsc#1012628). - tun: free page on build_skb failure in tun_xdp_one() (bsc#1012628). - vsock: keep poll shutdown state consistent (bsc#1012628). - net: netlink: fix sending unassigned nsid after assigned one (bsc#1012628). - net: netlink: don't set nsid on local notifications (bsc#1012628). - net/smc: Do not re-initialize smc hashtables (bsc#1012628). - net/iucv: fix locking in .getsockopt (bsc#1012628). - scsi: core: Run queues for all non-SDEV_DEL devices from scsi_run_host_queues (bsc#1012628). - scsi: scsi_debug: Add missing newline in scsi_debug_device_reset() (bsc#1012628). - ipv4: free net->ipv4.sysctl_local_reserved_ports after unregister_net_sysctl_table() (bsc#1012628). - ALSA: hda: cs35l56: Fix system name string leaks (bsc#1012628). - ALSA: pcm: oss: Fix setup list UAF on proc write error (bsc#1012628). - ASoC: Intel: bytcht_es8316: Fix MCLK leak on init errors (bsc#1012628). - net/mlx5: HWS: Reject unsupported remove-header action (bsc#1012628). - net: hsr: fix potential OOB access in supervision frame handling (bsc#1012628). - accel/ivpu: prevent uninitialized data bug in debugfs (bsc#1012628). - gpio: mxc: fix irq_high handling (bsc#1012628). - drm/i915/aux: use polling when irqs are unavailable (bsc#1012628). - net: Avoid checksumming unreadable skb tail on trim (bsc#1012628). - ethtool: rss: avoid modifying the RSS context response (bsc#1012628). - ethtool: rss: add missing errno on RSS context delete (bsc#1012628). - ethtool: rss: fix falsely ignoring indir table updates (bsc#1012628). - ethtool: rss: fix indir_table and hkey leak on get_rxfh failure (bsc#1012628). - ethtool: rss: fix hkey leak when indir_size is 0 (bsc#1012628). - ethtool: rss: avoid device context leak on reply-build failure (bsc#1012628). - ethtool: module: call ethnl_ops_complete() on module flash errors (bsc#1012628). - ethtool: module: avoid leaking a netdev ref on module flash errors (bsc#1012628). - ethtool: module: avoid racy updates to dev->ethtool bitfield (bsc#1012628). - ethtool: module: check fw_flash_in_progress under rtnl_lock (bsc#1012628). - ethtool: module: fix cleanup if socket used for flashing multiple devices (bsc#1012628). - ethtool: cmis: require exact CDB reply length (bsc#1012628). - ethtool: cmis: fix u16-to-u8 truncation of msleep_pre_rpl (bsc#1012628). - ethtool: cmis: validate start_cmd_payload_size from module (bsc#1012628). - ethtool: cmis: validate fw->size against start_cmd_payload_size (bsc#1012628). - cxl/test: Update mock dev array before calling platform_device_add() (bsc#1012628). - tunnels: load network headers after skb_cow() in iptunnel_pmtud_build_icmp[v6]() (bsc#1012628). ... changelog too long, skipping 1174 lines ... - commit c8ca8cf ==== less ==== Version update (702 -> 704) - Update to 704: * Fix possibly passing unsafe options to man when opening an OSC 8 link * Fix possibly sending unsafe OSC sequence to terminal when file contains an unterminated OSC sequence * In Examine and Shell commands, expand % and # to shell-escaped filenames ==== libstorage-ng ==== Version update (4.5.329 -> 4.5.330) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - Translated using Weblate (Danish) (bsc#1149754) - 4.5.330 ==== mariadb ==== Version update (11.8.8 -> 12.3.2) Subpackages: libmariadbd19 mariadb-client mariadb-errormessages - Update to 12.3.2: https://mariadb.com/docs/release-notes/community-server/12.3/12.3.2 https://mariadb.com/docs/release-notes/community-server/changelogs/12.3/12.3.2 https://mariadb.com/docs/release-notes/community-server/12.3/mariadb-12.3-changes-and-improvements - Refresh fix-pamdir.patch - Update list of skipped tests - Remove --ssl option when running the test suite as it was causing some failures - Remove INFO_SRC (dropped upstream) - Adjust file list and removal of systemd unit files for upstream changes in the galera config ==== openSUSE-release ==== Version update (20260611 -> 20260612) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== perl-GD ==== Version update (2.830.0 -> 2.860.0) - updated to 2.860.0 (2.86) see /usr/share/doc/packages/perl-GD/ChangeLog 2.86 * Fix CVE-2026-11526, command injection via 2-arg open() in _make_filehandle. CWE-78, CWE-73 (Reported and fixed by Paul Johnson) 2.85 * Tolerate runtime TIFF decode failures in autodetect (GH #62) * Replace cpm with cpanm in github actions * Fixed a minor precedence bug in t/z_manifest.t 2.84 * Added Makefile.PL --with and --without options to bypass autodetection errors or upstream libgd or subsequent library errors, as libtiff 4.5.1+git230720 wrongly packaged on ubuntu/debian (GH #55). * Better support MSWin32 without gdlib.pc. Requires manual --options and - -lib_gd_path. * Workaround broken ExtUtils::PkgConfig->find (GH #61) * Fixed snprintf for newer MSVC (>= VS 2015) * Added GD::Image::supported() image types method. * Added newFromTiffData() method. * Fixed t/GD.t for unsupported image types. * Add GIFANIM to the default since 2.0.33 (PeterCJ GH #56) * Honor PKG_CONFIG_PATH for finding gdlib.pc (PeterCJ GH #57) * Add demos/png2jpeg.pl ==== rsync ==== - Add missing python3-base BR ==== sudo ==== Subpackages: sudo-plugin-python - Fix missing %verify(not mode) %{_bindir}/sudo (bsc#1263098) ==== wicked ==== Version update (0.6.78 -> 0.6.79) Subpackages: wicked-service - Update to version 0.6.79 - Fix an indirect remote shell command injection via unsanitized dhcp strings and leaseinfo dump (bsc#1265221,CVE-2026-44932): - Fix to escape single-quotes in leaseinfo dump output used by the `wicked test dhcp4` and `wicked test dhcp6` and written to the /run/wicked/leaseinfo.* files, e.g. to pass them to netconfig. A netconfig modify filtered for strict key='value' lines without any escaped quotes and discarded these lines already before. - Fix posix-tz-dbname and tz-string option processing checks to permit only valid characters according to RFC4833. - Discard string values containing single-quotes in other options. - Trigger to regenerate initrd that may contain wicked binaries on updates from wicked versions <= 0.6.78.