Packages changed: 389-ds (3.1.4+64845ffd9 -> 3.1.4+e2562f589) Mesa (26.0.2 -> 26.0.4) Mesa-drivers (26.0.2 -> 26.0.4) SDL3 (3.4.0 -> 3.4.4) bluez certmonger crypto-policies cryptsetup (2.8.4 -> 2.8.6) ding-libs ffmpeg-8 file (5.46 -> 5.47) freerdp gimp (3.2.0 -> 3.2.2) gstreamer-plugins-ugly gtk-layer-shell (0.10.0 -> 0.10.1) ipmitool kernel-firmware-amdgpu (20260310 -> 20260327) kernel-firmware-ath11k (20260202 -> 20260327) kernel-firmware-bluetooth (20260313 -> 20260327) kernel-firmware-i915 (20260214 -> 20260402) kernel-firmware-intel (20260317 -> 20260331) kernel-firmware-iwlwifi (20260317 -> 20260331) kernel-firmware-media (20260221 -> 20260331) kernel-firmware-network (20260130 -> 20260327) kernel-firmware-qcom (20260310 -> 20260402) kernel-firmware-serial (20251004 -> 20260327) kernel-firmware-sound (20260310 -> 20260331) kernel-source (6.19.10 -> 6.19.11) libinput (1.31.0 -> 1.31.1) libnfs libqmi (1.36.0 -> 1.38.0) libreoffice (25.8.3.2 -> 26.2.2.2) libstorage-ng (4.5.307 -> 4.5.308) libvirt (12.1.0 -> 12.2.0) man ncurses (6.6.20260321 -> 6.6.20260328) openSUSE-release (20260331 -> 20260408) openexr (3.4.6 -> 3.4.9) opensc (0.26.1 -> 0.27.1) ovmf python-Pillow (12.1.1 -> 12.2.0) python-charset-normalizer (3.4.6 -> 3.4.7) python-click (8.3.1 -> 8.3.2) python-requests (2.33.0 -> 2.33.1) python-tzdata (2025.3 -> 2026.1) python311 python311-core python313 python313-core qt6-base sdbootutil (1+git20260324.bd0fc60 -> 1+git20260407.f1134c1) sdl12_compat (1.2.74 -> 1.2.76) sdl2-compat (2.32.64 -> 2.32.66) setools spectacle sssd sudo texinfo (7.2 -> 7.3) texlive v4l-utils w3m (0.5.3+git20230121 -> 0.5.6) xz (5.8.2 -> 5.8.3) === Details === ==== 389-ds ==== Version update (3.1.4+64845ffd9 -> 3.1.4+e2562f589) Subpackages: lib389 libsvrcore0 - bsc#1258727 - CVE-2025-14905 - heap buffer overflow due to improper size calculation in `schema_attr_enum_callback` callback. - Update to version 3.1.4+e2562f589: * Security fix for CVE-2025-14905 * Issue 7277 - UI - Fix Japanese translation for "Successfully updated group" in Cockpit UI (#7278) * Issue 7275 - UI - Improve password policy field validation in Cockpit UI (#7276) * Issue 7279 - UI - Fix typo in export certificate dialog (#7280) * Issue 7273 - In a chaining environment binding as remote user causes an invalid error in the logs * Issue 7271 - plugins that create threads need to update active thread count * Issue 5853 - Update concread to 0.5.10 * Issue 7223 - Remove integerOrderingMatch requirement for parentid (#7264) * Issue 7243 - UI - fix certificate table and modal * Issue 7066/7052 - allow password history to be set to zero and remove history * Issue 7223 - Use lexicographical order for ancestorid (#7256) * Issue 7213 - (2nd) MDB_BAD_VALSIZE error while handling VLV (#7258) * Issue 7184 - (2nd) argparse.HelpFormatter _format_actions_usage() is deprecated (#7257) * Issue - CLI - dsctl db2index needs some hardening with MBD * Issue 7248 - CLI - attribute uniqueness - fix usage for exclude subtree option * Issue 7231 - Sync repl tests fail in FIPS mode due to non FIPS compliant crypto (#7232) * Issue 7121 - (2nd) LeakSanitizer: various leaks during replication (#7212) * Issue 6947 - Fix health_system_indexes_test.py * Issue 7221 - CI tests - fix some flaky tests * Issue 7076 - Fix revert_cache() never called in modrdn (#7220) * Issue 7096 - (2nd) During replication online total init the function idl_id_is_in_idlist is not scaling with large database (#7205) * Issue 3555 - UI - Fix audit issue with npm - @isaacs/brace-expansion (#7228) * Issue 7223 - Add dsctl index-check command for offline index repair * Issue 7223 - Detect and log index ordering mismatch during backend startup * Issue 7223 - Add upgrade function to remove ancestorid index config entry * Issue 7223 - Add upgrade function to remove nsIndexIDListScanLimit from parentid * Issue 7223 - Revert index scan limits for system indexes * Issue 7224 - CI Test - Simplify test_reserve_descriptor_validation (#7225) ==== Mesa ==== Version update (26.0.2 -> 26.0.4) Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1 - Update to 26.0.4 bugfix release - -> https://docs.mesa3d.org/relnotes/26.0.4 * This out-of-schedule release contains important raytracing fixes for an upcoming game. - Update to 26.0.3 bugfix release - -> https://docs.mesa3d.org/relnotes/26.0.3 * This out-of-schedule release contains important raytracing fixes for an upcoming game. - use llvm22/clang22 also for Leap/SLE - BuildRequires changes: * use llvm-devel/clang-devel for TW and llvm{version}-devel/ clang{version}-devel for Leap/SLE (version = 21 for now) - make sure to buildrequire the same version of llvm and clang devel package ==== Mesa-drivers ==== Version update (26.0.2 -> 26.0.4) Subpackages: Mesa-dri Mesa-libva Mesa-vulkan-device-select libvulkan_lvp - Update to 26.0.4 bugfix release - -> https://docs.mesa3d.org/relnotes/26.0.4 * This out-of-schedule release contains important raytracing fixes for an upcoming game. - Update to 26.0.3 bugfix release - -> https://docs.mesa3d.org/relnotes/26.0.3 * This out-of-schedule release contains important raytracing fixes for an upcoming game. - use llvm22/clang22 also for Leap/SLE - BuildRequires changes: * use llvm-devel/clang-devel for TW and llvm{version}-devel/ clang{version}-devel for Leap/SLE (version = 21 for now) - make sure to buildrequire the same version of llvm and clang devel package ==== SDL3 ==== Version update (3.4.0 -> 3.4.4) - Update to release 3.4.4 * Fixes a crash when calling SDL_RenderGeometryRaw() with both texture and uv set to NULL * Default SDL_GL_FRAMEBUFFER_SRGB_CAPABLE back to zero, to fix brightness issues with existing applications * Prevent the window from growing when scale to display is used on Wayland * Scale custom cursors with the pointer scale on Wayland * Fixed missing mouse cursor on KMSDRM * Fixed sending duplicate key down events when reconciling X11 modifier state * Fixed Print Screen key capture during keyboard grab * Fixed pipewire audio output hanging under heavy load * Fixed an out of memory issue opening a V4L2 camera with FRMIVAL_TYPE_CONTINUOUS * Added battery status for newer FlyDigi controllers * Added support for the Flydigi Vader 5 Pro in Xbox 360 mode * Added support for battery status on third-party DualSense controllers * Added support for accelerometers on third-party PS3 controllers * Added support for the ZUIKI EVOTOP controller * Fixed several issues with globbing directories - Update to release 3.4.2 * Added SDL_HINT_OPENGL_FORCE_SRGB_FRAMEBUFFER to force specific sRGB behavior for OpenGL and OpenGL ES * Fixed long startup time on Windows when some non-compliant input devices are present * Added support for the Razer Raiju V5 Pro * Fixed a divide by zero when using Nintendo Switch 2 controllers * Fixed handling GameCube adapters in PC mode ==== bluez ==== Subpackages: bluez-auto-enable-devices bluez-cups bluez-obexd libbluetooth3 - Add bluez-mainloop-Only-connect-to-NOTIFY_SOCKET-if-STATUS-Sta.patch to fix that systemd 259.3 causes timeout in starting home-assistant using podman systemd unit / quadlet. (bsc#1259656) ==== certmonger ==== - Fix immutable mode support issues; (jsc#PED-14766). * patch tmpfiles_var_lib_certmonger.patch ==== crypto-policies ==== Subpackages: crypto-policies-scripts - Disable the use of posix_spawn() under qemu user-mode emulation. ==== cryptsetup ==== Version update (2.8.4 -> 2.8.6) Subpackages: cryptsetup-doc libcryptsetup12 - Update to 2.8.6. - Release notes for 2.8.6: * Fixes an autotools regression in 2.8.5 in the locking tmpfiles.d directory configuration. - Release notes for 2.8.5: * Add a specific error for failed detached header allocation. * Check the UUID of the resumed device to match the UUID stored in metadata. * Fix FileVault (fvault2) metadata parsing. * Fix LUKS2 reencryption lock name. * Fix OpenSSL crypto backend if built with LibreSSL. * Fix reading FileVault image metadata from incorrect image offset. * Fix tests not to use aes-generic kernel cipher name. * OpenSSL backend: Increase the number of allowed threads to 64. * Several compatibility fixes to the alternative Meson configuration system. * Various code fixes based on AI-assisted reviews. ==== ding-libs ==== - Update to release 0.7.0 * INI: make 'ini_*_serialize' API private * INI: don't expose "ini_valueobj.h" API ==== ffmpeg-8 ==== Subpackages: libavcodec62 libavfilter11 libavformat62 libavutil60 libswresample6 libswscale9 - Disable VVC decoders/encoders by default. ==== file ==== Version update (5.46 -> 5.47) Subpackages: file-magic libmagic1 - Add patch file-5.47-regression.dif (boo#1261199) * Fix regression in detection of magics in a buffer - Add patch file-5.47-fdf.dif * Use tabs instead of normal white spaces in description of %FDF - Port patches * file-4.20-ssd.dif * file-4.21-xcursor.dif * file-5.19-clicfs.dif * file-5.19-solv.dif * file-5.19-zip2.0.dif * file-5.28-btrfs-image.dif - Remove patches now upstream or solved by upstream * file-4.20-xen.dif * file-4.21-scribus.dif * file-5.14-tex.dif * file-5.19-cromfs.dif - Update to 5.47: * Better multi-compound document identification by following the order of the directories entries. (Thomas Ledoux) * if stat fails, don't attempt to restore times (Steven Grubb) * PR/622: Odd_Bloke: Handle negative offsets in file_buffer(), when fd is not available. * PR/655: jsummers: Obey str_flags in strings like we do for search and regex * PR/659: Pitzl: Apply MAGIC_CONTINUE to annotations; i.e. print only the first, unless -k is specified. * PR/592: allow + in format strings * PR/592: signed operations should be done in signed context * PR/578: jsummers: Don't crash on cygwin when tm_mon == -1 * PR/579: net147: Fix stack overrun. - Remove patches now upstream * file-zipdata.patch * boo1237209.patch * file-seccomp.patch * file-seccomp-ppc.patch * file-5.46-tcgets2.patch - Port and rename patch file-5.46.dif which becomes now file-5.47.dif ==== freerdp ==== Subpackages: libfreerdp3-3 librdtk0-0 libwinpr3-3 - Add sso-mib library to integrate with Microsoft Azure Entra ID Conditional Access, which enables /aad option ==== gimp ==== Version update (3.2.0 -> 3.2.2) Subpackages: gimp-plugin-aa gimp-plugin-python3 libgimp-3_0-0 libgimpui-3_0-0 - Update to 3.2.2 https://www.gimp.org/news/2026/03/28/gimp-3-2-2-released/ ==== gstreamer-plugins-ugly ==== - Drop mpeg2dec plugin, deprecated upstream, lets just remove this now ahead of time, gstreamer-libav provides a prefered software decoder plugin. Drop pkgconfig(libmpeg2) and pass mpeg2dec=disabled to meson setup. ==== gtk-layer-shell ==== Version update (0.10.0 -> 0.10.1) - Update to 0.10.1: * Fix: unmap when surface is immediately requested to close after opening #218 * Fix: time out after 1 second of waiting for configure #220 * Fix: edge cases around montiros changing while being mapped #221 * gtk-priv: rename ast.py -> c_ast.py to avoid name collision with std lib * Compat: bump supported GTK to v3.24.52 ==== ipmitool ==== - Fix bad pid file creation in ipmievd by removing the interface number from the file name (bsc#1259310) A fix_pid_file.patch - Use manual service instead of localonly ==== kernel-firmware-amdgpu ==== Version update (20260310 -> 20260327) - Update to version 20260327 (git commit 85786b4413fd): * amdgpu: DMCUB updates for various ASICs * amdgpu: DMCUB updates for various ASICs ==== kernel-firmware-ath11k ==== Version update (20260202 -> 20260327) - Update to version 20260327 (git commit 85786b4413fd): * ath11k: WCN6855 hw2.0@nfa765: update to WLAN.HSP.1.1-04866.5-QCAHSPSWPL_V1_V2_SILICONZ_IOE-1 * ath11k: QCA6698AQ hw2.1: update to WLAN.HSP.1.1-04866.5-QCAHSPSWPL_V1_V2_SILICONZ_IOE-1 - Update to version 20260211 (git commit e72747d3ca7b): * ath11k: WCN6855 hw2.0: update board-2.bin * ath11k: QCA6390 hw2.0: update board-2.bin ==== kernel-firmware-bluetooth ==== Version update (20260313 -> 20260327) - Update to version 20260327 (git commit 85786b4413fd): * rtl_bt: Update RTL8852B BT USB FW to 0x127C_FD78 * linux-firmware: Add firmware file for Intel BlazarIW * linux-firmware: Add firmware file for Intel BlazarIGfp2 core ==== kernel-firmware-i915 ==== Version update (20260214 -> 20260402) - Update to version 20260402 (git commit 583d336ee7c2): * xe: Update GUC to v70.60.0 for LNL, BMG, PTL - Update to version 20260327 (git commit 85786b4413fd): * xe: Update PTL GSC to v105.0.2.1397 ==== kernel-firmware-intel ==== Version update (20260317 -> 20260331) - Update to version 20260331 (git commit 441bcf2eaa2a): * WHENCE: Move Dell remoteproc firmware to correct section - Update to version 20260327 (git commit 85786b4413fd): * linux-firmware: update firmware for qat_4xxx devices * linux-firmware: update firmware for qat_402xx devices * linux-firmware: update firmware for qat_420xx devices * linux-firmware: qcom: Add FW blobs for DELL XPS13 9345 ==== kernel-firmware-iwlwifi ==== Version update (20260317 -> 20260331) - Update to version 20260331 (git commit 441bcf2eaa2a): * iwlwifi: add Bz/Sc FW for core103-40 release * iwlwifi: Add Hr/Gf firmware for core103-40 release * iwlwifi: update ty/So/Ma firmwares for core103-40 release ==== kernel-firmware-media ==== Version update (20260221 -> 20260331) - Update to version 20260331 (git commit 441bcf2eaa2a): * qcom: vpu: add video firmware for SM8450 ==== kernel-firmware-network ==== Version update (20260130 -> 20260327) - Update to version 20260327 (git commit 85786b4413fd): * linux-firmware: update firmware for an8811hb 2.5G ethernet phy ==== kernel-firmware-qcom ==== Version update (20260310 -> 20260402) - Update to version 20260402 (git commit 583d336ee7c2): * qcom: update ADSP firmware for sm8750 platform * qcom: update CDSP firmware for glymur platform - Update to version 20260331 (git commit 441bcf2eaa2a): * WHENCE: Move Dell remoteproc firmware to correct section ==== kernel-firmware-serial ==== Version update (20251004 -> 20260327) - Update to version 20260327 (git commit 85786b4413fd): * linux-firmware: add firmware for Moxa mux50u devices ==== kernel-firmware-sound ==== Version update (20260310 -> 20260331) - Update to version 20260331 (git commit 441bcf2eaa2a): * cirrus: cs35l41: Add support for new HP laptops * cirrus: cs35l41: Add support for new ASUS laptops * cirrus: cs35l41: Add support for ASUS GZ302EAC and add 15.5dB bincfg * cirrus: cs35l56: Add firmware for Cirrus Amps for some ASUS laptops * cirrus: cs35l56: Add firmware for Cirrus Amps for some Lenovo laptops - Update to version 20260327 (git commit 85786b4413fd): * cirrus: cs35l63: Update firmware for Cirrus Amps for some Dell laptops * cirrus: cs35l63: Fix Cirrus Amp firmware links for some Dell laptops ==== kernel-source ==== Version update (6.19.10 -> 6.19.11) Subpackages: kernel-64kb kernel-default - Linux 6.19.11 (bsc#1012628). - cxl/port: Fix use after free of parent_port in cxl_detach_ep() (bsc#1012628). - cxl/region: Fix leakage in __construct_region() (bsc#1012628). - bpf: Reset register ID for BPF_END value tracking (bsc#1012628). - bpf: Fix constant blinding for PROBE_MEM32 stores (bsc#1012628). - x86/perf: Make sure to program the counter value for stopped events on migration (bsc#1012628). - perf: Make sure to use pmu_ctx->pmu for groups (bsc#1012628). - s390/mm: Add missing secure storage access fixups for donated memory (bsc#1012628). - objtool/klp: fix data alignment in __clone_symbol() (bsc#1012628). - livepatch/klp-build: Fix inconsistent kernel version (bsc#1012628). - cxl/hdm: Avoid incorrect DVSEC fallback when HDM decoders are enabled (bsc#1012628). - hwmon: axi-fan: don't use driver_override as IRQ name (bsc#1012628). - sh: platform_early: remove pdev->driver_override check (bsc#1012628). - driver core: generalize driver_override in struct device (bsc#1012628). - driver core: platform: use generic driver_override infrastructure (bsc#1012628). - bpf: Release module BTF IDR before module unload (bsc#1012628). - cxl: Adjust the startup priority of cxl_pmem to be higher than that of cxl_acpi (bsc#1012628). - bpf: Fix exception exit lock checking for subprogs (bsc#1012628). - bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN (bsc#1012628). - bpf: Fix unsound scalar forking in maybe_fork_scalars() for BPF_OR (bsc#1012628). - tracing: Revert "tracing: Remove pid in task_rename tracing output" (bsc#1012628). - platform/x86: hp-wmi: Add Omen 16-wf0xxx fan and thermal support (bsc#1012628). - HID: asus: avoid memory leak in asus_report_fixup() (bsc#1012628). - platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (bsc#1012628). - nvme-pci: cap queue creation to used queues (bsc#1012628). - nvme-fabrics: use kfree_sensitive() for DHCHAP secrets (bsc#1012628). - platform/x86: hp-wmi: Add Omen 16-xd0xxx fan and thermal support (bsc#1012628). - platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (bsc#1012628). - platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (bsc#1012628). - platform/x86: hp-wmi: add Omen 14-fb1xxx (board 8E41) support (bsc#1012628). - nvme-pci: ensure we're polling a polled queue (bsc#1012628). - HID: magicmouse: fix battery reporting for Apple Magic Trackpad 2 (bsc#1012628). - HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (bsc#1012628). - platform/x86: hp-wmi: Add Victus 16-d0xxx support (bsc#1012628). - HID: intel-ish-hid: ipc: Add Nova Lake-H/S PCI device IDs (bsc#1012628). - platform/x86: oxpec: Add support for OneXPlayer APEX (bsc#1012628). - platform/x86: oxpec: Add support for OneXPlayer X1z (bsc#1012628). - net: usb: r8152: add TRENDnet TUC-ET2G (bsc#1012628). - kbuild: install-extmod-build: Package resolve_btfids if necessary (bsc#1012628). - platform/x86: oxpec: Add support for Aokzoe A2 Pro (bsc#1012628). - platform/x86: oxpec: Add support for OneXPlayer X1 Air (bsc#1012628). - HID: mcp2221: cancel last I2C command on read error (bsc#1012628). - HID: asus: add xg mobile 2023 external hardware support (bsc#1012628). - module: Fix kernel panic when a symbol st_shndx is out of bounds (bsc#1012628). - ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (bsc#1012628). - scsi: mpi3mr: Clear reset history on ready and recheck state after timeout (bsc#1012628). - ASoC: rt1321: fix DMIC ch2/3 mask issue (bsc#1012628). - scsi: devinfo: Add BLIST_SKIP_IO_HINTS for Iomega ZIP (bsc#1012628). - ASoC: Intel: sof_sdw: Add quirk for Alienware Area 51 (2025) 0CCD SKU (bsc#1012628). - ALSA: hda/hdmi: Add Tegra238 HDA codec device ID (bsc#1012628). - ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (bsc#1012628). - ASoC: cs35l56: Only patch ASP registers if the DAI is part of a DAIlink (bsc#1012628). - spi: spi-dw-dma: fix print error log when wait finish transaction (bsc#1012628). - dma-buf: Include ioctl.h in UAPI header (bsc#1012628). - block: break pcpu_alloc_mutex dependency on freeze_lock (bsc#1012628). - ALSA: hda/senary: Ensure EAPD is enabled during init (bsc#1012628). ... changelog too long, skipping 534 lines ... - commit bf9d48f ==== libinput ==== Version update (1.31.0 -> 1.31.1) Subpackages: libinput-udev libinput10 - Update to release 1.31.1 * Fixed sandbox escape in libinput plugins [CVE-2026-35093] * Use after free allowing information leak in libinput plugins [CVE-2026-35094] ==== libnfs ==== - Add libnfs-5.0.3-glibc-2_43-2.patch to fix build with glibc 2.43. ==== libqmi ==== Version update (1.36.0 -> 1.38.0) Subpackages: libqmi-glib5 libqmi-tools - Update to version 1.38.0 New services: * New 'IMSDCM' service to support baseband requests for packet data connections initiated by the host. New request/response/indications: * wms: added "Network Registration Status" request and indication "Set Broadcast Activation" request, "Set Broadcast Config" request, "Get Broadcast Config" request, "Indication Register" request, "Get Transport Network Registration Status" request, and "Transport Network Registration Status" indication. * ims: added "Set IMS Services Enabled Setting" request and "Services Enabled Setting" indication. * uim: added "Write Record" request. * qos: added "Bind Mux Data Port", "Bind Subscription", and "Get Bind Subscription" requests. * wds: added "Bind Subscription" and "Get Bind Subscription" requests. * loc: added "Inject Position" request, "Inject Time Request" indication, "Inject Predicted Orbits Request" indication, "Inject Position Request" indication, "Inject UTC Time" request, and "Get Predicted Orbits Data Validity" request. * pbm: added "Get Emergency List" request. * nas: added "Get ENDC Config" and "Incremental Network Scan". New TLVs supported in existing messages: * wms: added the "Call Mode Preference" TLV in the "Set IMS Services Enabled Setting" request. libqmi-glib: * Allow to decode IMS/IMSA/IMSP messages. * nas: added QMI_NAS_RADIO_INTERFACE_NO_CHANGE value to QmiNasRadioInterface. * loc: use QmiLocReliability instead of guint32 for Vertical Reliability value in position report. * Device open timeout increased to 10 seconds. * Fixed an issue preventing QMI message parsing on big-endian (BE) arches. qmi-proxy: * Don't mistakenly delete qmi-proxy binary when run from same directory. qmicli: * Added capability to inject positions and time into the GNSS engine to speed up initial fix. * Added "--loc-get-predicted-orbits-data-validity", "--loc-inject-position-latitude", "--loc-inject-position-longitude", "--fox-set-fcc-authentication", "--loc-inject-time", "--loc-get-predicted-orbits-data-source", "--pbm-get-emergency-list", "--nas-incremental-network-scan", "--wms-set-cbs-channels", "--wms-get-cbs-channels" * Added support for "--initial-mux-id=" to the "link-add" command. ==== libreoffice ==== Version update (25.8.3.2 -> 26.2.2.2) Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-en libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-qt6 libreoffice-writer libreofficekit - Fix i586 build by lowering the memory requirements for RPM compression. - Update to 26.2.2.2: * Release notes: https://wiki.documentfoundation.org/Releases/26.2.2/RC1 https://wiki.documentfoundation.org/Releases/26.2.2/RC2 - Remove fix_poppler_26.02.0.patch (no longer needed) - Update to 26.2.1.1: * Release notes from 26.2.0: https://wiki.documentfoundation.org/Releases/26.2.0/Beta1 https://wiki.documentfoundation.org/Releases/26.2.0/RC1 https://wiki.documentfoundation.org/Releases/26.2.0/RC2 https://wiki.documentfoundation.org/Releases/26.2.0/RC3 - Refresh fix-sdk-idl.patch - Remove boost-1_89_0.patch (no longer needed) - Remove fix_poppler_26.01.0.patch (no longer needed) - Update pdfium from 7012 to 7471 - Update skia from m136-28685d899b0a35894743e2cedad4c9f525e90e1e to m142-f4ed99d2443962782cf5f8b4dd27179f131e7cbe - Add afdko-4.0.3.tar.gz - Add antlr4-cpp-runtime-4.13.2-source.zip ==== libstorage-ng ==== Version update (4.5.307 -> 4.5.308) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#1063 - use json output of blkid if available - use consistent class names - 4.5.308 ==== libvirt ==== Version update (12.1.0 -> 12.2.0) Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-qemu libvirt-libs - Update to libvirt 12.2.0 - jsc#PED-14623 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v12-2-0-2026-04-01 ==== man ==== - Make choice for transfiletriggerin or filetriggerin rpm version depend (boo#1261544) ==== ncurses ==== Version update (6.6.20260321 -> 6.6.20260328) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20260328 + modify test/ncurses to close stdin when ^D is entered in the getch tests, to demonstrate error return. + adapt some ifdefs, etc., to reduce difference vs Juergen Pfeifer's fork. ==== openSUSE-release ==== Version update (20260331 -> 20260408) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== openexr ==== Version update (3.4.6 -> 3.4.9) Subpackages: libIex-3_4-33 libIlmThread-3_4-33 libOpenEXR-3_4-33 libOpenEXRCore-3_4-33 - version update to 3.4.9 * [CVE-2026-34589](https://www.cve.org/CVERecord?id=CVE-2026-34589) DWA Lossy Decoder Heap Out-of-Bounds Write * [CVE-2026-34588](https://www.cve.org/CVERecord?id=CVE-2026-34588) Signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write * [CVE-2026-34380](https://www.cve.org/CVERecord?id=CVE-2026-34380) Signed integer overflow (undefined behavior) in undo_pxr24_impl may allow bounds-check bypass in PXR24 decompression * [CVE-2026-34379](https://www.cve.org/CVERecord?id=CVE-2026-34379) Misaligned write in LossyDctDecoder_execute leading to undefined behavior (DWA/DWAB decompression) * [CVE-2026-34378](https://www.cve.org/CVERecord?id=CVE-2026-34378) Signed integer overflow in generic_unpack() when parsing EXR files with crafted negative dataWindow.min.x * Fix signed integer overflow in `LossyDctDecoder_execute()` pointer arithmatic * fix integer overflow in PIZ wavelet buffer arithmetic * Add a message about image size limits and OOM errors to SECURITY.md and website * Fix shared lib symlink installation path * Fix misaligned memory access in `LossyDctDecoder_execute` HALF→FLOAT expansion * fix signed integer overflow in `undo_pxr24_impl()` * Fix integer overflow in `srcbuffer` pointer arithmetic in `unpack_*` * Add "cherry" and "changes" options to release.py * Fix an integer-overflow bug reading malformed files compressed with * B44A/B44B * Fix a buffer-overrun bug reading malformed files compressed with PXR24 * Fix a bug compressing half data with ZIPS/ZIP data when the * compressed size equals packed size * Single part files no longer get assigned a part name when writing * via the python module * Fix a build failure on FreeBSD involving `threads.h` * Fix an integer overflow decoding very wide htj2k images * Fix build failure with glibc 2.43 * Fix Windows symbol visibility warnings - fixes CVE-2026-34545 [bsc#1261344] CVE-2026-34543 [bsc#1261339] CVE-2026-34544 [bsc#1261342] - deleted patches * openexr-glibc-2.43.patch (upstreamed) ==== opensc ==== Version update (0.26.1 -> 0.27.1) Subpackages: opensc-bash-completion - Update to version 0.27.1 * Bugfix release to fix up infrastructure issues. - Update to version 0.27.0 Security * Fix CVE-2025-13763: Several uses of potentially uninitialized memory detected by fuzzers. * Fix CVE-2025-49010: Possible write beyond buffer bounds during processing of GET RESPONSE APDU (bsc#1261214) * Fix CVE-2025-66215: Possible write beyond buffer bounds in oberthur driver (bsc#1261220) * Fix CVE-2025-66038: Possible read beyond buffer bounds when parsing historical bytes in PIV driver (bsc#1261219) * Fix CVE-2025-66037: Possible buffer overrun while parsing SPKI (bsc#1261218) * More low-severity data handling issues when parsing profile configuration General improvements * Added support for PKCS#11 3.2 in tools and pkcs11-spy and p11test. * Added support for Ed448, X448 mechanisms and improve support for. * Edwards and montgomery keys in general. * Support CKA_PUBKEY_KEY_INFO PKCS#11 attribute. * Various refactoring of autotools build system. * Remove obsolete tokend support. * Run tests against different software PKCS#11 tokens kryoptic and NSS softokn. * Removed internal caching for current EF/DF. * Correctly detect OS-level FIPS mode in OpenSSL automatically or through custom configuration file. * Added support for Brainpool twisted curves to pkcs11-tool and SC-HSM. PC/SC * Handle case when smart card is removed and inserted between two subsequent calls to refresh_attributes(). EsteID * Add support for EstEID 2025. * Implement FinEID 4.0/4.1 support. * Add Latvian IDEMIA Cosmo X card support. * Check if PIN is locked and hint CKF_USER_PIN_TO_BE_CHANGED. * Remove obsolete FinEID cards. * Add Latvian Cosmo 8.2 card support. D-Trust * Prevent unncecessary pin prompts on pinpad readers. * Support for D-Trust Card 5.1 & 5.4. * Implement PIN change and unblock in dtrust-tool. Belpic * Add supports for belpic applet version 1.8. OpenPGP * Implement key derived PIN format (KDF-DO) as per OpenPGP card spec v3.3. IDPrime * Implement 5110+ FIPS and 5110 CC (940) derive support. pkcs11-tool * Added support for ML-DSA, ML-KEM, SLH-DSA keys from PKCS#11 3.2. * Improve support for Edwards and montgomery keys and. * add derive key support for CKK_MONTGOMERY. * Add support for ChaCha20 and Poly1305. * Add support for AES CTR in decrypt_data() and encrypt_data(). * Add initial support for PKCS#11 URIs. * Print more information about RSA keys. - Drop patch: * opensc-gcc15.patch (not longer needed) ==== ovmf ==== Subpackages: qemu-uefi-aarch64 - Update ovmf descriptors - Remove 2MB OVMF descriptor. - Remove IA32 and AArch32 OVMF descriptors. - Align feature tags for libvirt parsing. ==== python-Pillow ==== Version update (12.1.1 -> 12.2.0) - update to 12.2.0: * Prevent FITS decompression bomb * Fix OOB write with invalid tile extents * Prevent PDF parsing trailer infinite loop * Integer overflow when processing fonts ==== python-charset-normalizer ==== Version update (3.4.6 -> 3.4.7) Subpackages: python311-charset-normalizer python313-charset-normalizer - update to 3.4.7: * Pre-built optimized version using mypy[c] v1.20. * Relax `setuptools` constraint to `setuptools>=68,<82.1`. * Correctly remove SIG remnant in utf-7 decoded string. (#718) ==== python-click ==== Version update (8.3.1 -> 8.3.2) - update to 8.3.2: * Fix handling of flag_value when is_flag=False to allow such options to be used without an explicit value. :issue:`3084` :pr:`3152` * Hide Sentinel.UNSET values as None when using lookup_default(). :issue:`3136` :pr:`3199` :pr:`3202` :pr:`3209` :pr:`3212` :pr:`3224` * Prevent _NamedTextIOWrapper from closing streams owned by StreamMixer. :issue:`824` :issue:`2991` :issue:`2993` :issue:`3110` :pr:`3139` :pr:`3140` * Add comprehensive tests for CliRunner stream lifecycle, covering logging interaction, multi-threaded safety, and sequential invocation isolation. Add high-iteration stress tests behind a stress marker with a dedicated CI job. :pr:`3139` * Fix callable flag_value being instantiated when used as a default via default=True. :issue:`3121` :pr:`3201` :pr:`3213` :pr:`3225` ==== python-requests ==== Version update (2.33.0 -> 2.33.1) Subpackages: python311-requests python313-requests - update to 2.33.1: * Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. * Fixed Content-Type header parsing for malformed values. * Improved error consistency for malformed header values. ==== python-tzdata ==== Version update (2025.3 -> 2026.1) - Update to 2026.1: - Upstream version 2026a released 2026-03-02T06:59:49+00:00 - Since 2022 Moldova has observed EU transition times, that is, it has sprung forward at 03:00, not 02:00, and has fallen back at 04:00, not 03:00. - Remove Europe/Chisinau from zonenow.tab, as it now agrees with Europe/Athens for future timestamps. ==== python311 ==== Subpackages: python311-curses python311-dbm - Add CVE-2026-4519-webbrowser-open-dashes.patch to reject leading dashes in webbrowser URLs (bsc#1260026, CVE-2026-4519, gh#python/cpython#143930). - Add CVE-2025-13462-tarinfo-header-parse.patch which skips TarInfo DIRTYPE normalization during GNU long name handling (bsc#1259611, CVE-2025-13462). - Add CVE-2026-4224-expat-unbound-C-recursion.patch avoiding unbound C recursion in conv_content_model in pyexpat.c (bsc#1259735, CVE-2026-4224). - Add CVE-2026-3644-cookies-Morsel-update-II.patch to reject control characters in http.cookies.Morsel.update() and http.cookies.BaseCookie.js_output (bsc#1259734, CVE-2026-3644). ==== python311-core ==== Subpackages: libpython3_11-1_0 python311-base - Add CVE-2026-4519-webbrowser-open-dashes.patch to reject leading dashes in webbrowser URLs (bsc#1260026, CVE-2026-4519, gh#python/cpython#143930). - Add CVE-2025-13462-tarinfo-header-parse.patch which skips TarInfo DIRTYPE normalization during GNU long name handling (bsc#1259611, CVE-2025-13462). - Add CVE-2026-4224-expat-unbound-C-recursion.patch avoiding unbound C recursion in conv_content_model in pyexpat.c (bsc#1259735, CVE-2026-4224). - Add CVE-2026-3644-cookies-Morsel-update-II.patch to reject control characters in http.cookies.Morsel.update() and http.cookies.BaseCookie.js_output (bsc#1259734, CVE-2026-3644). ==== python313 ==== Subpackages: python313-curses python313-dbm python313-tk - Add CVE-2026-4519-webbrowser-open-dashes.patch to reject leading dashes in webbrowser URLs (bsc#1260026, CVE-2026-4519, gh#python/cpython#143930). - Add CVE-2025-13462-tarinfo-header-parse.patch which skips TarInfo DIRTYPE normalization during GNU long name handling (bsc#1259611, CVE-2025-13462). - Add CVE-2026-4224-expat-unbound-C-recursion.patch avoiding unbound C recursion in conv_content_model in pyexpat.c (bsc#1259735, CVE-2026-4224). - Add CVE-2026-3644-cookies-Morsel-update-II.patch to reject control characters in http.cookies.Morsel.update() and http.cookies.BaseCookie.js_output (bsc#1259734, CVE-2026-3644). ==== python313-core ==== Subpackages: libpython3_13-1_0 python313-base python313-devel - Add CVE-2026-4519-webbrowser-open-dashes.patch to reject leading dashes in webbrowser URLs (bsc#1260026, CVE-2026-4519, gh#python/cpython#143930). - Add CVE-2025-13462-tarinfo-header-parse.patch which skips TarInfo DIRTYPE normalization during GNU long name handling (bsc#1259611, CVE-2025-13462). - Add CVE-2026-4224-expat-unbound-C-recursion.patch avoiding unbound C recursion in conv_content_model in pyexpat.c (bsc#1259735, CVE-2026-4224). - Add CVE-2026-3644-cookies-Morsel-update-II.patch to reject control characters in http.cookies.Morsel.update() and http.cookies.BaseCookie.js_output (bsc#1259734, CVE-2026-3644). ==== qt6-base ==== Subpackages: libQt6Concurrent6 libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6OpenGLWidgets6 libQt6PrintSupport6 libQt6Sql6 libQt6Test6 libQt6WaylandClient6 libQt6Widgets6 libQt6WlShellIntegration6 libQt6Xml6 qt6-network-tls qt6-networkinformation-connman qt6-networkinformation-glib qt6-networkinformation-nm qt6-platformtheme-gtk3 qt6-printsupport-cups qt6-sql-mysql qt6-sql-sqlite qt6-wayland - Added patch to fix qdbus segfaults (QTBUG-145359) * 0001-Ensure-custom-types-are-normalized.patch ==== sdbootutil ==== Version update (1+git20260324.bd0fc60 -> 1+git20260407.f1134c1) Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper - Update to version 1+git20260407.f1134c1: * Add missing e2fsprogs dependency * Check that the efivars filesystem is writable - Update to version 1+git20260406.42f6bd8: * Detect if shim is installed in the ESP * Update entries for the system if no snapshot is provided * Allow version values without snapshot number * Detect in buildroot invocations (mkosi) * Avoid cleaning entries without subvol * Use more idiomatic way to refer the snapshot * Drop mkmoduleinitrd * Find cmdline when there is no subvolumes * Change rootflags based on local information * Ignore lsblk sdterr output ==== sdl12_compat ==== Version update (1.2.74 -> 1.2.76) - Update to relase 1.2.76 * Handle applications manually freeing surface pixels ==== sdl2-compat ==== Version update (2.32.64 -> 2.32.66) - Update to release 2.32.66 * Fixed video flicker in Domino-Chain * Fixed window size being delivered to windows created in fullscreen mode * Fixed double scaling when setting a logical presentation size * Fixed SDL_LoadBMP() and SDL_LoadBMP_RW() returning < 8bpp surfaces in some cases ==== setools ==== Subpackages: python313-setools setools-console - Adjust %suse_version to ne scheme (jsc#PED-15790) ==== spectacle ==== - Added patch to fix libtesseract filename (kde#516162) * 0001-libtesseract.patch - Recommend dependency for OCR ==== sssd ==== Subpackages: libnfsidmap-sss libsss_certmap0 libsss_idmap0 sssd-krb5-common sssd-ldap - Add 0001-Fix-libini_config-related-includes.patch, 0001-INI-get-rid-of-useless-macros.patch, 0001-INI-use-proper-deallocators.patch to allow build with newer ding-libs >= 0.7.0. ==== sudo ==== Subpackages: sudo-plugin-python - CVE-2026-35535: potential privilege escalation when running the mailer (bsc#1261420) * fix-CVE-2026-35535.patch - Move tests under /usr/share for transactional system support (jsc#PED-14830) ==== texinfo ==== Version update (7.2 -> 7.3) Subpackages: info info-lang - Update to version 7.3 (02 March 2026): * Language . new commands for title page creation: @documentinfo, @publication, and @maketitle. you can use these instead of explicit formatting inside @titlepage. . you can use heading commands such as @heading after @node. nodes defined this way are not part of the chapter structure of the document (unlike if @section etc. were used). . new command @xrefname can follow @node in place of a heading command. this is for when you do not want any heading at all to be displayed. . new command @namedanchor for defining text to be used for a cross- reference to an anchor (with @xrefautomaticsectiontitle on) . new command @thispart to print part name in headings or footings . deprecate @clickstyle . if there is no @documentlanguage, the language is unspecified, rather than en_US. (texi2any will still use English strings by default, but will not put en_US in the output, depending on output format.) * texi2any . texi2any uses the Perl extensions in C for converters when possible, which results in a large speed-up for HTML output. set the `TEXINFO_XS_CONVERT' environment variable to 0 for pure Perl. . optional experimental texi2any program implementation in C embedding Perl. use --enable-using-c-texi2any to prefer the C implementation. . report leading directory components of input file names in messages (this reverses 6.8 release change, 2021). . when CHECK_NORMAL_MENU_STRUCTURE is on, give the line number of the problem menu entry . DUMP_TREE should now be a file name, or - to output to standard error . remove USE_REL_REV variable; former effect is now always on . (API only) rename LINKS_BUTTONS customization variable to LINKS_DIRECTIONS . (API only) rename space direction ' ' to 'Space' . HTML output: . the HIGHLIGHT_SYNTAX variable can be used for syntax highlighting of code samples. this feature was present in earlier releases but is no longer marked as experimental. . do not wrap the contents of