Packages changed: MicroOS-release (20250618 -> 20250620) fwupd (2.0.11 -> 2.0.12) hyper-v jq (1.7.1 -> 1.8.0) libsoup ncurses (6.5.20250531 -> 6.5.20250614) pam (1.7.0 -> 1.7.1) pam-full-src (1.7.0 -> 1.7.1) patterns-microos plasma-branding-Kalpa (20250612 -> 20250618) python-certifi (2025.1.31 -> 2025.6.15) selinux-policy (20250616 -> 20250618) sof-firmware (2025.01.1 -> 2025.05) systemd transactional-update === Details === ==== MicroOS-release ==== Version update (20250618 -> 20250620) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== fwupd ==== Version update (2.0.11 -> 2.0.12) Subpackages: libfwupd3 typelib-1_0-Fwupd-2_0 - Update to version 2.0.12: + This release adds the following features: - Add a config option for enforcing immutable device enumeration - Add device emulation support for Thunderbolt host controllers - Do the efivarfs free space checks for dbx, db, KEK and PK devices - Ensure the i2c_dev kernel driver is always loaded if a module - Parse the SBOM data from fwupdx64.efi if provided - Support loading multiple coSWID blobs from PE files + This release fixes the following bugs: - Added HP Elitedesk G6 mini to not get dbx-updates - Add two more uefi dbx checksum->version entries - Be more useful when building modem device Instance IDs - Convert asus-hid and legion-hid2 to hidraw to avoid possible input blips - Do not create radio for Logitech RDFU-capable devices - Fix a modem-manager regression where a PCI device had no vendor ID - Fix a regression when updating DFOTA modem devices - Fix self tests when building with -Defi_os_dir - Fix self tests when the builder does not support DistroVersion - Fix updating Thunderbolt host controllers with some version formats - Handle HECI unsupported status (0x0b) for Dell hardware - Make tar a dependency of the uefi-capsule tests - Mark the KEK and db updates as affecting FDE like BitLocker - Properly detect the Redfish reboot request for Dell servers - Send the proper artifact firmware filename to the Redfish BMC - Set the correct RMM device version for some Dell dock devices - Use inhibits so that the rts54hub device is marked as non-updatable - Use the virtual size to avoid padding when cutting PE sections - Wait for the Logitech Scribe device to replug after updating + This release adds support for the following hardware: - HP Portable USB-C Hub - More Foxconn 5G modem products - More Intel Arc Battlemage products ==== hyper-v ==== - Enable debug logs for hv_kvp_daemon (a9c0b33e) (bsc#1244154) ==== jq ==== Version update (1.7.1 -> 1.8.0) Subpackages: libjq1 - Update to version 1.8.0 Security fixes * CVE-2024-23337: Fix signed integer overflow in jvp_array_write and jvp_object_rehash. * CVE-2024-53427: Reject NaN with payload while parsing JSON. * CVE-2025-48060: Fix heap buffer overflow in jv_string_vfmt. * Fix use of uninitialized value in check_literal. * Fix segmentation fault on strftime/1, strflocaltime/1. * Fix unhandled overflow in @base64d. CLI changes * Fix --indent 0 implicitly enabling --compact-output. * Improve error messages to show problematic position in the filter. * Include column number in parser and compiler error messages. * Fix error message for string literal beginning with single quote. * Improve JQ_COLORS environment variable to support larger escapes like truecolor. * Add --library-path long option for -L. * Fix --slurp --stream when input has no trailing newline character. * Fix --indent option to error for malformed values. * Fix option parsing of --binary on non-Windows platforms. * Fix issue with ~/.jq on Windows where $HOME is not set. * Increase the maximum parsing depth for JSON to 10000. * Parse short options in order given. * Consistently reset color formatting. New functions * Add trim/0, ltrim/0 and rtrim/0 to trim leading and trailing white spaces. * Add trimstr/1 to trim string from both ends. * Add add/1. Generator variant of add/0. * Add skip/2 as the counterpart to limit/2. * Add toboolean/0 to convert strings to booleans. * Add @urid format. Reverse of @uri. Changes to existing functions * Use code point index for indices/1, index/1 and rindex/1. * Improve tonumber/0 performance and rejects numbers with leading or trailing white spaces. * Populate timezone data when formatting time. * Preserve numerical precision on unary negation, abs/0, length/0 * Make last(empty) yield no output values like first(empty). * Make ltrimstr/1 and rtrimstr/1 error for non-string inputs. * Make limit/2 error for negative count. * Fix mktime/0 overflow and allow fewer elements in date-time representation array. * Fix non-matched optional capture group. * Provide strptime/1 on all systems. * Improve bsearch/1 performance by implementing in C. * Improve unique/0 and unique_by/1 performance. * Fix error messages including long string literal not to break Unicode characters. * Remove pow10/0 as it has been deprecated in glibc 2.27. Use exp10/0 instead. * Remove private (and undocumented) _nwise filter. Language changes * Fix precedence of binding syntax against unary and binary operators. * Support Tcl-style multiline comments. * Fix foreach not to break init backtracking with DUPN. * Fix reduce/foreach state variable should not be reset each iteration. * Support CRLF line breaks in filters. * Improve performance of repeating strings. - Drop not longer needed patches (fixed by upstream): * CVE-2024-23337.patch * CVE-2024-53427.patch - Remove not longer needed hardcoded compiler option "-std-gnu17" gh#3206 ==== libsoup ==== - Add libsoup-CVE-2025-4945.patch: add value checks for date/time parsing (boo#1243314 CVE-2025-4945). ==== ncurses ==== Version update (6.5.20250531 -> 6.5.20250614) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20250614 + reduce lintian warnings for test-packages. + clean up some shellcheck warnings + improve test/configure checks for X libraries, reducing duplicates + fix some typos/errata in license text, to help with scripted checks ==== pam ==== Version update (1.7.0 -> 1.7.1) - hardcode disabling elogind, meson detection is unreliable in OBS - Update to version 1.7.1 - pam_access: do not resolve ttys or display variables as hostnames. - pam_access: added "nodns" option to disallow resolving of tokens as hostnames (CVE-2024-10963). - pam_limits: added support for rttime (RLIMIT_RTTIME). - pam_namespace: fixed potential privilege escalation (CVE-2025-6020). - meson: added support of elogind as a logind provider. - Multiple minor bug fixes, build fixes, portability fixes, documentation improvements, and translation updates. - pam_access-rework-resolving-of-tokens-as-hostname.patch got obsoleted ==== pam-full-src ==== Version update (1.7.0 -> 1.7.1) - hardcode disabling elogind, meson detection is unreliable in OBS - Update to version 1.7.1 - pam_access: do not resolve ttys or display variables as hostnames. - pam_access: added "nodns" option to disallow resolving of tokens as hostnames (CVE-2024-10963). - pam_limits: added support for rttime (RLIMIT_RTTIME). - pam_namespace: fixed potential privilege escalation (CVE-2025-6020). - meson: added support of elogind as a logind provider. - Multiple minor bug fixes, build fixes, portability fixes, documentation improvements, and translation updates. - pam_access-rework-resolving-of-tokens-as-hostname.patch got obsoleted ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap - Adjusted Font selection in the kde pattern to fix some rendering issues (boo#1244927) - Removed GNOME desktop pattern - Changed Kalpa to use tuned-ppd by default - Cleaned up a few things in the KDE/Kalpa pattern ==== plasma-branding-Kalpa ==== Version update (20250612 -> 20250618) - Bump version to 20250618 - Change to using release tarball - Renamed flatpak-update to kalpa-discover-update to reduce potential confusion with the update services provided by the flatpak package ==== python-certifi ==== Version update (2025.1.31 -> 2025.6.15) - Update to 2024.6.15 * Declare setuptools as the build backend in pyproject.toml * remove code that's no longer required that 3.7 is our minimum - Rebase python-certifi-shipped-requests-cabundle.patch ==== selinux-policy ==== Version update (20250616 -> 20250618) Subpackages: selinux-policy-targeted - Update to version 20250618: * Set /srv/www = /var/www as equivalent file context (bsc#1239177) ==== sof-firmware ==== Version update (2025.01.1 -> 2025.05) - Update to v2025.05: For v2.13 series (Meteor Lake and newer), new DSP topologies added - Modify the workaround for symlink -> directory change with Lua script for singletrans ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-boot systemd-experimental udev - Import commit 1e42ecf5a145589954df77da05937ee69619f3e5 1e42ecf5a1 firstboot: make sure labelling is enabled 3bdb2efbe0 tmpfiles: fix symlink creation when replacing 61c228d2cc firstboot: use WRITE_STRING_FILE_LABEL more f5148acf37 env-file: port write_env_file() to label_ops_pre() bbff8b5523 fs-util: replace symlink_atomic_full_label() by a flag to symlinkat_atomic_full() (bsc#1244237) 2b39393efa env-file: rework write_env_file() to make use of O_TMPFILE ==== transactional-update ==== Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit tukit-snapper-plugin tukitd - Add correct SELinux policy version dependency for SLE 16