Packages changed: aaa_base (84.87+git20260529.c4391e5 -> 84.87+git20260602.e901e17e) alsa (1.2.15.3 -> 1.2.16) file hwinfo (25.3 -> 25.4) libdnf (0.74.0 -> 0.75.0) libheif (1.22.2 -> 1.23.0) librsvg (2.62.2 -> 2.62.3) libselinux live555 (2026.05.28 -> 2026.06.01) ncurses (6.6.20260516 -> 6.6.20260530) polkit-default-privs (1550+20260528.62493d2 -> 1550+20260603.7a43683) samba (4.23.8+git.477.f78166bceed -> 4.24.3+git.475.629de6765b9) === Details === ==== aaa_base ==== Version update (84.87+git20260529.c4391e5 -> 84.87+git20260602.e901e17e) - Update to version 84.87+git20260602.e901e17e: * Fix a typo + follow symlinks in alljava ==== alsa ==== Version update (1.2.15.3 -> 1.2.16) - Update to alsa-lib 1.2.16: fixes for PCM, control remap, topology, UCM extensions, etc For details, see: https://www.alsa-project.org/wiki/Changes_v1.2.15.3_v1.2.16#alsa-lib ==== file ==== Subpackages: file-magic libmagic1 - Add patch file-5.47-stanza.patch (boo#1261558 partly) * Avoid many false positive on windows file test ==== hwinfo ==== Version update (25.3 -> 25.4) Subpackages: libhd25 - merge gh#openSUSE/hwinfo#181 - fix redundant conditions in smbios memory device map - 25.4 - merge gh#openSUSE/hwinfo#182 - fix memory leaks (bsc#1267348) - merge gh#openSUSE/hwinfo#180 - fix(core): free modinfo_ext instead of modinfo in hd_free_hd_data - merge gh#openSUSE/hwinfo#179 - Fix: fix sizeof in joystick allocation to use struct size instead of pointer size (bsc#1267348) ==== libdnf ==== Version update (0.74.0 -> 0.75.0) - version update to 0.75.0 * context: Support libdnf5 drop-in directories and repository overrides. This * allows applications using the context part of libdnf (e.g. microdnf, PackageKit) to take into account the main configuration from drop-in * directories and repository overrides, similar to how libdnf5 does. These directories are also monitored for changes (except when using non-root installroot path.) This feature can be disabled at build time (ENABLE_DNF5_CONF_DROP_IN, ENABLE_DNF5_CONF_REPOS_OVERRIDE CMake options). * context: dnf_context_set_install_root() now sets installroot also to global mainConf configuration. * IniParser: Support glob range definition in section names * history database: Add "persistence" column (possible values are UNKNOWN, PERSIST, or TRANSIENT). * conf: Add usr_drift_protected_paths configuration option which can be configured by adding .conf files to the drop-in directory /etc/dnf/usr-drift-protected-paths.d, similar to /etc/dnf/protected.d. * Distributions will be able to add paths that are known to cause problems when their contents drift with respect to /usr, e.g. /etc/pam.d. * context: Save repository configuration with dnf_repo_commit() to override file. Previously, repository configuration changes were written directly to the original configuration file. Now they are written to the overwrite file "99-config_manager.repo" for compatibility with the dnf5 config-manager. * config: Convert "protected_packages" to an append option * Don't prepend installroot to varsdir in libdnf::dnf_context_load_vars() * Fix file name comparison in filesystem::createSortedFileList() * Stop importing subkeys to RPM >= 5.99.90 because RPM 6 handles subkeys automatically. * Fix typos in messages in package problems dictionary * build: Fix searching libdnf header files when generating bindings with Swig * build: Don't probe for libcheck dependency if no tests are going to be built * spec: Consistently use CMake RPM macros * tests: Replace deprecated "check" macros * tests: Verify "fopen" return value otherwise we could crash * New functions filesystem::pathJoin(), filesystem::createSortedFileList(), filesystem::getRealpath(), filesystem::isSubdirectory(). * Add libdnf::MergedTransaction::listPersistences() method. * Always use result config.optBinds() by reference, not copy * Remove unused functions with a bug * config: Support optionTListAppend for options lacking fromString - modified patches * libdnf-0.55.0-Switch-allow_vendor_change-off.patch (refreshed) * libdnf-0.72.0-with-static-libsolvext.patch (refreshed) ==== libheif ==== Version update (1.22.2 -> 1.23.0) - version update to 1.23.0: * add API functions to read and write metadata: ambient viewing environment nominal diffuse white luminance * adds a output_image_nclx_profile_passthrough option to heif_decoding_options * CVE TBD (GHSA-jvmp-j3cw-84mh) - unbounded heap allocation in HEIF sequence parser (stsz fixed-size mode missing bound check) ==== librsvg ==== Version update (2.62.2 -> 2.62.3) - Update to version 2.62.3: + librsvg crate version 2.62.3 + librsvg-rebind crate version 0.3.0 + Remove loading limits from image-rs. This means that raster images, when embedded in SVG documents, have no limits for their size or memory consumption. The idea, for now, is that security-sensitive applications that use librsvg should do their own sandboxing if they want to impose memory limits. + Fix the logic for whether gdk-pixbuf-query-loaders should be run during cross-compilation. Native builds can of course use it; cross builds can use it if they can run host binaries *and* an executable wrapper has been set *and* the target sysroot contains the corresponding gdk-pixbuf-query-loaders executable ==== libselinux ==== Subpackages: libselinux1 selinux-tools - Add patch for restorecon to log error on readonly fs (bsc#1232226) - Patch: restorecon-Only-log-error-on-readonly-fs-bsc-1232226.patch - Can be dropped with the next toolchain release: https://github.com/SELinuxProject/selinux/commit/fd411d50ba1cb3e8ad5f8ce4e3c9bc7fcbe4340c ==== live555 ==== Version update (2026.05.28 -> 2026.06.01) Subpackages: libBasicUsageEnvironment2 libUsageEnvironment3 libgroupsock33 - Update to version 2026.06.01: + Updated the "RTSPServer" implementation of the "SETUP" command to make it more robust if subclassed code reimplements "lookupServerMediaSession()" as an asynchronous operation. - update to 2026.05.30: * Updated the "RTSPServer" implementation some more to make it more robust if subclassed code reimplements "lookpServerMediaSession()" as an asynchronous operation. * Added an (integer) index to identify each server's 'client connection', and changed the "fClientConnections" table to be indexed by this id. * In the "RTSPServer" implementation, removed the "fOurClientConnection" member variable. This had been left over from when the RTSP "SETUP" command had been implemented as a single, synchronous function. Now that "SETUP" is implemented using multiple functions, possibly asynchronously (depending upon how "lookpServerMediaSession()" is implemented), this member variable was potentially dangerous if more than one "SETUP" is performed concurrently on the same client connection, or on separate client connections. ==== ncurses ==== Version update (6.6.20260516 -> 6.6.20260530) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20260530 + minor renaming, formatting to align with Juergen Pfeifer's fork. + add configure script check for --enable-ext-mouse2, to support ABI 7. + improve special case in tic for %{code} to allow any non-zero byte as the result %'char' - Add ncurses patch 20260523 + modify _nc_wacs[] to make it per-screen (from Juergen Pfeifer's fork) + eliminate a special case in tic when translating %{code} to %'char', since %{92} mapping to %'\' works with tparm and infocmp. ==== polkit-default-privs ==== Version update (1550+20260528.62493d2 -> 1550+20260603.7a43683) - Update to version 1550+20260603.7a43683: * profiles: added new systemd actions (bsc#1266944) - Update to version 1550+20260602.64ede59: * profiles: fwupd new actions in 2.1.4 (bsc#1267014) ==== samba ==== Version update (4.23.8+git.477.f78166bceed -> 4.24.3+git.475.629de6765b9) Subpackages: libldb2 samba-ad-dc-libs samba-client samba-client-libs samba-libs - Update to 4.24.3 * CVE-2026-4480: Fix Unauthenticated Remote Code Execution; (bso#16033); (bsc#1261161). * CVE-2026-4408: Fix Remote Code Execution in SAMR;(bso#16034); (bsc#1261163). * CVE-2026-3238: Fix unauthenticated udp packet crashes AD DC nbt server; (bso#16012); (bsc#1261160). * CVE-2026-3012: Fix CVE-2026-3012 group policy certificate enrollment using http:// without validation;(bso#16003); (bsc#1261159). * CVE-2026-1933: Fix missing access check on reparse point operations; (bso#15992); (bsc#1261188). * CVE-2026-2340: vfs_worm does not block directory modification; (bso#15997); (bsc#1261158). * CVE-2026-40170: thirdparty ngtcp2 needs to be updated; (bso#16059). - Update to 4.24.2 * Samba 4.24 with cups can't get queue and shows errors about fetch_share_cache_time; (bso#16038). * Fix a directory file descriptor leak in vfs_glusterfs that caused unbounded memory growth on the GlusterFS brick with persistent SMB2 connections; (bso#16043). * Windows Offline Files fails with permission error when directory has the read‑only attribute set; (bso#16030). * samba not triggering mount of zfs snapshot in dataset .zfs/snapshots/ directory; (bso#15991). * net ads join still fails with multiple DCs; (bso#15999). * samba-tool shows wrong format specifiers for timestamp attributes; (bso#16076). * restrict anonymous = 2 breaks RODC functionality; (bso#14638). * smbpasswd can crash winbindd on an AD DC; (bso#15973). * smbd does not cleanup on disconnect of the transport connection on lease break errors; (bso#15995). * CVE-2026-40170: thirdparty ngtcp2 needs to be updated; (bso#16059); (bsc#1262273); (bsc#1262337). * Require NTLMv2 session security on Windows makes trusts to Samba unusable; (bso#16067). * Winbind can change Ownership Of / To A User Who has Homedir / In passwd; (bso#16073). * Winbind lsa_OpenPolicy() fails on lsa connection setup with: NT_STATUS_RPC_CANNOT_SUPPORT; (bso#15987). * CTDB read-only record handling contains use after free and resource leak bugs; (bso#16068). - Update to 4.24.1 * autobuild fails if /proc/version contains trailing space; (bso#16057). * use after free in streams_xattr_connect(); (bso#16035). * rpc workers with long living clients grow server memory keytab; (bso#16042); (bsc#1257200). * vfs_snapper failing to access or enumerate files in subfolders; (bso#16058); (bsc#1259667). * Samba is not build with FORTIFY_SOURCE; (bso#16040). * Fix tests with MIT Kerberos 1.22.x; (bso#16055). - Update to 4.24.0 * incorrect behavior on rpcclient enumport with rpcd_spoolss; (bso#16019). * altSecurityIdentities X509 issuer DN order is reversed; (bso#16001). * vfs_aio_ratelimit: introduce burst-aware and persistent state model; (bso#16000). * No function _python_sysroot defined; (bso#15990). * leases torture test flappy; (bso#15978). * smbd: in contend_dirleases() don't bother checking when not enabled; (bso#15984). * 'net ads kerberos kinit' should use also default ccache name from krb5.conf; (bso#15993). * "use-kerberos=desired" broken; (bso#15789). * source3/libads/kerberos.c sets wrong failure for negative connection cache; (bso#15975); (bso#1255755). * CTDB's statd_callout fails on sm-notify; (bso#15938). * CTDB statd_callout_notify notifies unnecessary clients and loses their state; (bso#15939). * Backport domain default AES encryption types to 4.24; (bso#15998). * possible memory leak on rpc_spoolss; (bso#15979); (bsc#1257200). * Winbind group resolution failure; (bso#15972). * ctdbd socket documentation is wrong; (bso#15977). * time_t related build failure on 32bit arch in 4.24.0rc1; (bso#15976).