Packages changed: ImageMagick (7.1.2.17 -> 7.1.2.18) MozillaFirefox (148.0.2 -> 149.0) appstream-glib bind (9.20.20 -> 9.20.21) bluez (5.79 -> 5.82) bolt (0.9.10 -> 0.9.11) cairo checkmedia (6.5 -> 6.6) createrepo_c (1.2.2 -> 1.2.3) curl dconf-editor dracut (110+suse.18.g5a7a17b3 -> 110+suse.23.g5d9502c7) ell (0.81 -> 0.83) expat (2.7.4 -> 2.7.5) file-roller flatpak folks fontconfig (2.16.0 -> 2.17.1) gcr gcr3 gedit gegl (0.4.68 -> 0.4.70) gettext-runtime glib-networking gnome-bluetooth gnome-color-manager gnome-disk-utility gnome-mahjongg gnome-music gnome-tour gnome-tweaks gnome-user-share gnutls gobject-introspection grilo grilo-plugins gsl gspell gtk3 (3.24.51 -> 3.24.52) gupnp gupnp-av iso-codes kdump (2.1.7 -> 2.1.8) kernel-source (6.19.9 -> 6.19.10) krb5 kwin6 ldns libavif (1.4.0 -> 1.4.1) libcloudproviders libgedit-amtk libgedit-gfls libgedit-gtksourceview libgedit-tepl libgsm (1.0.22 -> 1.0.24) libgtop libhandy libheif libmad (0.15.1b -> 0.16.4) libmanette libmaxminddb (1.12.2 -> 1.13.3) libnice libnotify libpeas2 libpng16 (1.6.55 -> 1.6.56) libproxy-backend libproxy-client libsecret libsoup libspelling libssh libupnp (1.18.3 -> 1.18.4) libwnck live555 (2024.08.01 -> 2026.03.23) lzlib (1.15 -> 1.16) mobile-broadband-provider-info mozilla-nss (3.120.1 -> 3.121) msgraph nvidia-open-driver-G06-signed-cuda (580.126.20_k6.19.9_1 -> 580.126.20_k6.19.10_1) openSUSE-release (20260326 -> 20260331) ovmf pango pangomm patterns-gnome pipewire polkit polkit-gnome python-Pygments (2.19.2 -> 2.20.0) python-attrs (25.4.0 -> 26.1.0) python-charset-normalizer (3.4.4 -> 3.4.6) python-cryptography (46.0.5 -> 46.0.6) python-cssselect (1.3.0 -> 1.4.0) python-gobject (3.56.1 -> 3.56.2) python-requests (2.32.5 -> 2.33.0) qt6-base (6.10.2 -> 6.11.0) qt6-declarative (6.10.2 -> 6.11.0) qt6-imageformats (6.10.2 -> 6.11.0) qt6-location (6.10.2 -> 6.11.0) qt6-multimedia (6.10.2 -> 6.11.0) qt6-networkauth (6.10.2 -> 6.11.0) qt6-positioning (6.10.2 -> 6.11.0) qt6-qt5compat (6.10.2 -> 6.11.0) qt6-quick3d (6.10.2 -> 6.11.0) qt6-quicktimeline (6.10.2 -> 6.11.0) qt6-sensors (6.10.2 -> 6.11.0) qt6-shadertools (6.10.2 -> 6.11.0) qt6-speech (6.10.2 -> 6.11.0) qt6-svg (6.10.2 -> 6.11.0) qt6-tools (6.10.2 -> 6.11.0) qt6-translations (6.10.2 -> 6.11.0) qt6-virtualkeyboard (6.10.2 -> 6.11.0) qt6-wayland (6.10.2 -> 6.11.0) qt6-webchannel (6.10.2 -> 6.11.0) qt6-webengine (6.10.2 -> 6.11.0) qt6-webview (6.10.2 -> 6.11.0) quota (4.10 -> 4.11) seahorse simdutf simple-scan taglib (2.1.1 -> 2.2.1) thunar (4.20.7 -> 4.20.8) tigervnc totem totem-pl-parser v4l-utils (1.28.1 -> 1.32.0) wireless-regdb (20251007 -> 20260318) xdg-user-dirs-gtk xfdesktop (4.20.1 -> 4.20.2) xkeyboard-config yast2-trans (84.87.20260317.4036e59979 -> 84.87.20260325.bd0ff66bcc) yelp (49.0 -> 49.0+22) zenity (4.2.1 -> 4.2.2) === Details === ==== ImageMagick ==== Version update (7.1.2.17 -> 7.1.2.18) Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - modified patches * ImageMagick-configuration-SUSE.patch (refreshed) - readd still usefull ImageMagick-s390x-disable-tests.patch - version update to 7.1.2.18 * Fix animated JXL frame delay handling #8622 * Fix off-by-one in MNG FRAM chunk delay/timeout parsing #8623 * Fix MNG frame disposal for transparent animations #8625 * Fix composite -dissolve adding random noise #8621 * Bump actions/download-artifact from 8.0.0 to 8.0.1 #8629 - use %autopatch, disable ImageMagick-s390x-disable-tests.patch for now - modified patches * ImageMagick_policy_etc.patch - fixes CVE-2026-33535 [bsc#1260874] CVE-2026-33536 [bsc#1260879] ==== MozillaFirefox ==== Version update (148.0.2 -> 149.0) Subpackages: MozillaFirefox-branding-upstream - Mozilla Firefox 149.0 https://www.firefox.com/en-US/firefox/149.0/releasenotes MFSA 2026-20 (bsc#1260083) * CVE-2026-4684 (bmo#2011129) Race condition, use-after-free in the Graphics: WebRender component * CVE-2026-4685 (bmo#2016349) Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4686 (bmo#2016351) Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4687 (bmo#2016368) Sandbox escape due to incorrect boundary conditions in the Telemetry component * CVE-2026-4688 (bmo#2016373) Sandbox escape due to use-after-free in the Disability Access APIs component * CVE-2026-4689 (bmo#2016374) Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component * CVE-2026-4690 (bmo#2016375) Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component * CVE-2026-4691 (bmo#2017512) Use-after-free in the CSS Parsing and Computation component * CVE-2026-4692 (bmo#2017643) Sandbox escape in the Responsive Design Mode component * CVE-2026-4693 (bmo#2018102) Incorrect boundary conditions in the Audio/Video: Playback component * CVE-2026-4694 (bmo#2018430) Incorrect boundary conditions, integer overflow in the Graphics component * CVE-2026-4695 (bmo#2020030) Incorrect boundary conditions in the Audio/Video: Web Codecs component * CVE-2026-4696 (bmo#2020190) Use-after-free in the Layout: Text and Fonts component * CVE-2026-4697 (bmo#2020422) Incorrect boundary conditions in the Audio/Video: Web Codecs component * CVE-2026-4698 (bmo#2020906) JIT miscompilation in the JavaScript Engine: JIT component * CVE-2026-4699 (bmo#2021863) Incorrect boundary conditions in the Layout: Text and Fonts component * CVE-2026-4700 (bmo#2003766) Mitigation bypass in the Networking: HTTP component * CVE-2026-4701 (bmo#2009303) Use-after-free in the JavaScript Engine component * CVE-2026-4722 (bmo#2010097) Privilege escalation in the IPC component * CVE-2026-4702 (bmo#2013560) JIT miscompilation in the JavaScript Engine component * CVE-2026-4723 (bmo#2013573) Use-after-free in the JavaScript Engine component * CVE-2026-4724 (bmo#2014865) Undefined behavior in the Audio/Video component * CVE-2026-4704 (bmo#2014868) Denial-of-service in the WebRTC: Signaling component * CVE-2026-4705 (bmo#2014873) Undefined behavior in the WebRTC: Signaling component * CVE-2026-4706 (bmo#2015091) Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4707 (bmo#2015267) Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4708 (bmo#2015268) Incorrect boundary conditions in the Graphics component * CVE-2026-4709 (bmo#2016329, bmo#2016342) Incorrect boundary conditions in the Audio/Video: GMP component * CVE-2026-4710 (bmo#2016370) Incorrect boundary conditions in the Audio/Video component * CVE-2026-4711 (bmo#2017002) Use-after-free in the Widget: Cocoa component * CVE-2026-4725 (bmo#2017108) Sandbox escape due to use-after-free in the Graphics: Canvas2D component * CVE-2026-4712 (bmo#2017666) Information disclosure in the Widget: Cocoa component * CVE-2026-4713 (bmo#2018113) Incorrect boundary conditions in the Graphics component * CVE-2026-4714 (bmo#2018126) Incorrect boundary conditions in the Audio/Video component * CVE-2026-4715 (bmo#2018405) Uninitialized memory in the Graphics: Canvas2D component * CVE-2026-4716 (bmo#2018592) Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component * CVE-2026-4717 (bmo#2021695) Privilege escalation in the Netmonitor component * CVE-2026-4726 (bmo#1955311) Denial-of-service in the XML component * CVE-2025-59375 (bmo#1988467) Denial-of-service in the XML component * CVE-2026-4727 (bmo#2008112) ... changelog too long, skipping 28 lines ... - Use current Clang on Tumbleweed. ==== appstream-glib ==== Subpackages: libappstream-glib8 - Migrate to xz compression and manual service run ==== bind ==== Version update (9.20.20 -> 9.20.21) Subpackages: bind-doc bind-utils - Update to release 9.20.21 Security Fixes: * Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations. (CVE-2026-1519) [bsc#1260805] * Fix memory leaks in code preparing DNSSEC proofs of non-existence. (CVE-2026-3104) [bsc#1260567] * Prevent a crash in code processing queries containing a TKEY record. (CVE-2026-3119) [bsc#1260568] * Fix a stack use-after-return flaw in SIG(0) handling code. (CVE-2026-3591) [bsc#1260569] Bug Fixes: * Fix the handling of key statements defined inside views. ==== bluez ==== Version update (5.79 -> 5.82) Subpackages: bluez-auto-enable-devices bluez-cups bluez-obexd libbluetooth3 - Add documentation for obexd system bus support: * Add README-obex.SUSE to guide users on how to enable obexd on the system bus. * Move obex.conf to documentation directory to avoid automatic activation due to security concerns. (bsc#1243334, bsc#1258146) - Add bluez.tmpfiles, using systemd-tmpfiles to create /var/lib/bluetooth folder for supporting Immutable Mode. (jsc#PED-14768) ==== bolt ==== Version update (0.9.10 -> 0.9.11) - update to 0.9.11: * Updated NHI PCI IDs: added Maple Ridge, ADL, TGL-H, RPL, MTL, and AMD Strix Point USB4 Routers ==== cairo ==== Subpackages: libcairo-gobject2 libcairo-script-interpreter2 libcairo2 - Migrate to xz compression and manual service run ==== checkmedia ==== Version update (6.5 -> 6.6) Subpackages: libmediacheck6 - merge gh#openSUSE/checkmedia#23 - include pre-built documentation (bsc#1260860) - simplify spec file - 6.6 - merge gh#openSUSE/checkmedia#22 - Add support for GPT partitions ==== createrepo_c ==== Version update (1.2.2 -> 1.2.3) Subpackages: libcreaterepo_c1 python3-createrepo_c - update to 1.2.3: * Properly guard code with CR_DELTA_RPM_SUPPORT in missed out places * Restore compatibility with RPM 4.14.3 * Add cr_HeaderReadingFlags flags: don't load file digests and all set * package_from_rpm: accept optional header_reading_flags ==== curl ==== Subpackages: libcurl4 - Update %suse_version checks for SLES 16.x (jsc#PED-15813) ==== dconf-editor ==== - Migrate to xz compression and manual service run ==== dracut ==== Version update (110+suse.18.g5a7a17b3 -> 110+suse.23.g5d9502c7) - Update to version 110+suse.23.g5d9502c7: NVMeoF boot: avoid network interface renaming (jsc#PED-14341): * feat(nvmf): set rd.nvmf.nm=1 if NetworkManager 1.54 is detected * feat(nvmf): allow using system interface naming policy * feat(nvmf): add dracut.conf option nvmf_nbft_mode * feat(nvmf): enable adapting to NBFT reconfiguration * fix(dracut.conf.5): move fstab/chroot warning to hostonly_mode section ==== ell ==== Version update (0.81 -> 0.83) - Update to release 0.83 * Fix compilation issues with -std=c23 mode. * Add additional test vectors for AES-CCM. ==== expat ==== Version update (2.7.4 -> 2.7.5) Subpackages: libexpat1 - version update to 2.7.5 (bsc#1259711, bsc#1259729, bsc#1259726) * CVE-2026-32776 -- Fix NULL function pointer dereference for empty external parameter entities; it takes use of both functions XML_ExternalEntityParserCreate and XML_SetParamEntityParsing for an application to be vulnerable. * CVE-2026-32777 -- Protect from XML_TOK_INSTANCE_START infinite loop in function entityValueProcessor; it takes use of both functions XML_ExternalEntityParserCreate and XML_SetParamEntityParsing for an application to be vulnerable. * CVE-2026-32778 -- Fix NULL dereference in function setContext on retry after an earlier ouf-of-memory condition; it takes use of function XML_ParserCreateNS or XML_ParserCreate_MM for an application to be vulnerable. * See full changelog here: https://github.com/libexpat/libexpat/blob/R_2_7_5/expat/Changes ==== file-roller ==== - Migrate to xz compression and manual service run ==== flatpak ==== Subpackages: flatpak-remote-flathub flatpak-selinux libflatpak0 system-user-flatpak - Migrate to xz compression and manual service run ==== folks ==== Subpackages: folks-data libfolks-eds26 libfolks26 - Migrate to xz compression and manual service run ==== fontconfig ==== Version update (2.16.0 -> 2.17.1) Subpackages: libfontconfig1 - Update to 2.17.1. - Remove obsoleted documentation packages. - Changes from 2.17.1: * meson: Add 'noinstall' to default-hinting, default-sub-pixel-rendering, bitmap-conf build options * Fix a heap buffer overflow - Changes from 2.17.0: * Avoid conflict between dgettext macro and declaration in fcint.h * fix: Skip empty entries in XDG_DATA_DIRS parsing * Fix padding with "und" in pattern elements * Fix a crash with broken cache * meson: Fix additional-fonts-dirs build option that not taking effect * Add default font paths for Android in configure script * Fix use-after-free in FcConfigGetPrgname * conf.d: Add a conf to guess a generic-family for substitution * Drop FcObjectFini() from FcFini() to fix memory leaks * conf.d/65-nonlatin.conf: Rename Lohit Oriya to Lohit Odia * Make sure that the debugging facilities are initialized at loading config phase * meson: don't force installation of a static library * meson: don't try to call run_command for gperf on --wrap-mode=forcefallback * Do not fallback decoding with UTF-16BE if no iconv support * Trim trailing newline in string in cache * Parse foundry from OS/2 for table version 0 * Allow dotfiles to scan for caching * Increase a reference count for default FcConfig instance with FcInit() * Free the mutex object only when there are no references to the default FcConfig instance * Free the mutex object only when all cache objects isn't referenced * Drop the configuration path migration code * Drop FcDefaultFini() from FcFini() to fix memory leaks * Process and append font capabilities to Pattern * Add bitmap-conf build option to choose default bitmap conf * Enable fc-query indexing through Fontations * Add FcConfigPerferAppFont() to allow changing the order of application fonts * Pattern Bindings for CharSet and LangSet * Add FcPatternObjectGet* impl for CharSet and LangSet * Factor out fcpat.c - add Fontations dependencies * Improve performance of FcPtrListIterInitAtLast - Changes from 2.16.2: * meson: Use Requires.private instead of Requires * meson: don't force build of a shared library * meson: do not require libintl if nls feature is disabled * Add internal PatternBuilder abstraction ==== gcr ==== Subpackages: gcr-ssh-agent gcr-ssh-askpass gcr-viewer libgck-2-2 libgcr-4-4 typelib-1_0-Gck-2 typelib-1_0-Gcr-4 - Migrate to xz compression and manual service run ==== gcr3 ==== Subpackages: gcr3-data gcr3-prompter gcr3-ssh-agent gcr3-ssh-askpass libgck-1-0 libgcr-3-1 - Migrate to xz compression and manual service run ==== gedit ==== - Migrate to xz compression and manual service run ==== gegl ==== Version update (0.4.68 -> 0.4.70) Subpackages: gegl-0_4 libgegl-0_4-0 typelib-1_0-Gegl-0_4 - Update to version 0.4.70: - Core: - GeglPath: avoid overflows when serializing paths with large coordinates - GeglPath: avoid hang on parsing malformed paths. - Ops: - png-save: avoid integer overflow when computing row_size - exr-save: avoid integer overflow when computing width*height - Build: - Improvements to defcheck, - More efforts to get rid of compiler warnings. ==== gettext-runtime ==== Subpackages: envsubst libtextstyle0 - Remove autoreconf call, not needed anymore. ==== glib-networking ==== - Migrate to xz compression and manual service run ==== gnome-bluetooth ==== Subpackages: libgnome-bluetooth-3_0-13 libgnome-bluetooth-ui-3_0-13 typelib-1_0-GnomeBluetooth-3_0 - Migrate to xz compression and manual service run ==== gnome-color-manager ==== - Migrate to xz compression and manual service run ==== gnome-disk-utility ==== - Migrate to xz compression and manual service run ==== gnome-mahjongg ==== - Migrate to xz compression and manual service run ==== gnome-music ==== - Migrate to xz compression and manual service run ==== gnome-tour ==== Subpackages: gnome-tour-data opensuse-welcome - Migrate to xz compression and manual service run ==== gnome-tweaks ==== - Migrate to xz compression and manual service run ==== gnome-user-share ==== - Migrate to xz compression and manual service run ==== gnutls ==== Subpackages: libgnutls-dane0 libgnutls30 - Fix build with autoconf 2.73 (bsc#1260395) * Add gnutls-C23.patch ==== gobject-introspection ==== Subpackages: girepository-1_0 libgirepository-1_0-1 - Migrate to xz compression and manual service run ==== grilo ==== Subpackages: libgrilo-0_3-0 libgrlnet-0_3-0 libgrlpls-0_3-0 typelib-1_0-Grl-0_3 - Migrate to xz compression and manual service run ==== grilo-plugins ==== Subpackages: grilo-plugin-tracker - Migrate to xz compression and manual service run ==== gsl ==== Subpackages: libgsl28 libgslcblas0 - CVE-2024-50610.patch: add patch for integer overflow (invalid API call) (bsc#1232453, CVE-2024-50610) - Use autosetup for patches ==== gspell ==== - Migrate to xz compression and manual service run ==== gtk3 ==== Version update (3.24.51 -> 3.24.52) Subpackages: gtk3-data gtk3-immodule-amharic gtk3-immodule-inuktitut gtk3-immodule-thai gtk3-immodule-tigrigna gtk3-immodule-vietnamese gtk3-schema gtk3-tools libgtk-3-0 typelib-1_0-Gtk-3_0 - Update to version 3.24.52: + Bugs fixed: - Zlib required when broadway is enabled. - Invalid a11y events when calling `gtk_tree_view_set_cursor` on an unfocused GtkTreeView (Michael Weghorn) - Firefox crashes at gdk_wayland_drag_context_manage_dnd() when missing toplevel wl_surface - gtk3 refresh_rate calculation overflows on 32-bit targets - Images for recolored icons are constantly being reloaded - Wild strobing in multi window mode - GIMP does not focus on dialogue boxes on Mac - quartz: add automagic uti<->mime conversion for clipboard - Fix position of child tooltips in GTK3 custom windows - a11y: Don't send focus-related events for unfocused treeview - quartz: gtkwindow - fix windows fighting focus - gtkmenu: Await more motion events before deactivating on release - wayland: Handle XKB initialization failures gracefully - gdk/win32: Add missing EGL conditional compilation guard + Updated translations. - Migrate to xz compression and manual service run ==== gupnp ==== - Migrate to xz compression and manual service run ==== gupnp-av ==== Subpackages: libgupnp-av-1_0-3 - Migrate to xz compression and manual service run ==== iso-codes ==== - Migrate to xz compression and manual service run ==== kdump ==== Version update (2.1.7 -> 2.1.8) - upgrade to version 2.1.8 * man: fix install instructions in kdump(7) * kdumptool commandline: ignore minor differencies (bsc#1260535) ==== kernel-source ==== Version update (6.19.9 -> 6.19.10) Subpackages: kernel-64kb kernel-default - Linux 6.19.10 (bsc#1012628). - xen/privcmd: add boot control for restricted usage in domU (bsc#1012628). - xen/privcmd: restrict usage in unprivileged domU (bsc#1012628). - hwmon: (max6639) Fix pulses-per-revolution implementation (bsc#1012628). - drm/xe/guc: Fail immediately on GuC load error (bsc#1012628). - arm64: realm: Fix PTE_NS_SHARED for 52bit PA support (bsc#1012628). - tools/bootconfig: fix fd leak in load_xbc_file() on fstat failure (bsc#1012628). - lib/bootconfig: check xbc_init_node() return in override path (bsc#1012628). - fs/tests: exec: Remove bad test vector (bsc#1012628). - drm/i915/gt: Check set_default_submission() before deferencing (bsc#1012628). - ksmbd: fix use-after-free in durable v2 replay of active file handles (bsc#1012628). - ksmbd: fix use-after-free of share_conf in compound request (bsc#1012628). - drm/bridge: dw-hdmi-qp: fix multi-channel audio output (bsc#1012628). - drm/amd: fix dcn 2.01 check (bsc#1012628). - drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr() (bsc#1012628). - iommu/amd: Block identity domain when SNP enabled (bsc#1012628). - iommu/sva: Fix crash in iommu_sva_unbind_device() (bsc#1012628). - iommu: Fix mapping check for 0x0 to avoid re-mapping it (bsc#1012628). - drm/vmwgfx: Don't overwrite KMS surface dirty tracker (bsc#1012628). - spi: amlogic-spisg: Fix memory leak in aml_spisg_probe() (bsc#1012628). - spi: amlogic: spifc-a4: Remove redundant clock cleanup (bsc#1012628). - mshv: Fix use-after-free in mshv_map_user_memory error path (bsc#1012628). - arm_mpam: Fix null pointer dereference when restoring bandwidth counters (bsc#1012628). - x86/hyperv: Use __naked attribute to fix stackless C function (bsc#1012628). - mtd: rawnand: brcmnand: skip DMA during panic write (bsc#1012628). - mtd: rawnand: serialize lock/unlock against other NAND operations (bsc#1012628). - binfmt_elf_fdpic: fix AUXV size calculation for ELF_HWCAP3 and ELF_HWCAP4 (bsc#1012628). - x86/platform/uv: Handle deconfigured sockets (bsc#1012628). - x86/mce/amd: Check SMCA feature bit before accessing SMCA MSRs (bsc#1012628). - tracing: Fix trace_marker copy link list updates (bsc#1012628). - tracing: Fix failure to read user space from system call trace events (bsc#1012628). - ring-buffer: Fix to update per-subbuf entries of persistent ring buffer (bsc#1012628). - perf/x86: Move event pointer setup earlier in x86_pmu_enable() (bsc#1012628). - perf/x86/intel: Add missing branch counters constraint apply (bsc#1012628). - irqchip/riscv-rpmi-sysmsi: Fix mailbox channel leak in rpmi_sysmsi_probe() (bsc#1012628). - i2c: pxa: defer reset on Armada 3700 when recovery is used (bsc#1012628). - i2c: fsi: Fix a potential leak in fsi_i2c_probe() (bsc#1012628). - i2c: cp2615: fix serial string NULL-deref at probe (bsc#1012628). - hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (bsc#1012628). - hwmon: (pmbus/mp2869) Check pmbus_read_byte_data() before using its return value (bsc#1012628). - hwmon: (pmbus/mp2975) Add error check for pmbus_read_word_data() return value (bsc#1012628). - hwmon: (pmbus/ina233) Add error check for pmbus_read_word_data() return value (bsc#1012628). - MPTCP: fix lock class name family in pm_nl_create_listen_socket (bsc#1012628). - icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1012628). - net: dsa: bcm_sf2: fix missing clk_disable_unprepare() in error paths (bsc#1012628). - net: shaper: protect from late creation of hierarchy (bsc#1012628). - net: shaper: protect late read accesses to the hierarchy (bsc#1012628). - net: mvpp2: guard flow control update with global_tx_fc in buffer switching (bsc#1012628). - nfnetlink_osf: validate individual option lengths in fingerprints (bsc#1012628). - netfilter: nf_tables: release flowtable after rcu grace period on error (bsc#1012628). - netfilter: bpf: defer hook memory release until rcu readers are done (bsc#1012628). - net: bonding: fix NULL deref in bond_debug_rlb_hash_show (bsc#1012628). - udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n (bsc#1012628). - net/mlx5e: Fix race condition during IPSec ESN update (bsc#1012628). - net/mlx5e: Prevent concurrent access to IPSec ASO context ... changelog too long, skipping 298 lines ... - commit a439317 ==== krb5 ==== Subpackages: krb5-client - Add compatibility with autoconf 2.73 by adding patch 0011-autoconf-2.73-compatibility.patch from upstream pull request https://github.com/krb5/krb5/pull/1485 ==== kwin6 ==== Subpackages: libkwin6 - Add patch to fix color issues with some AMD GPUs (kde#517556): * 0001-backends-drm-disable-drm-color-pipelines-on-AMD.patch ==== ldns ==== Subpackages: libldns3 - Add 0001-Fix-illegal-redefinition-of-_Bool.patch to fix build failure with glibc-2.43 [boo#1257250, boo#1257259] ==== libavif ==== Version update (1.4.0 -> 1.4.1) - update to 1.4.1: * Changed since 1.4.0 - Fix build with CMake 3.22 - Update aom.cmd/LocalAom.cmake: v3.13.2 - Update libxml2.cmd/LocalLibXml2.cmake: v2.15.2 - Update libyuv.cmd/LocalLibyuv.cmake: 6067afde5 (1922) - Support long path names in Windows - Fix cicp management and memory leaks in avifgainmaputil #3102. * Removed since 1.4.0 - Remove experimental status for the following options of avifenc: - -progressive, --layered and --scaling-mode, and the extraLayerCount option of avifEncoder. ==== libcloudproviders ==== - Migrate to xz compression and manual service run ==== libgedit-amtk ==== Subpackages: libgedit-amtk-5-0 typelib-1_0-Amtk-5 - Migrate to xz compression and manual service run ==== libgedit-gfls ==== - Migrate to xz compression and manual service run ==== libgedit-gtksourceview ==== Subpackages: libgedit-gtksourceview-300-4 typelib-1_0-GtkSource-300 - Migrate to xz compression and manual service run ==== libgedit-tepl ==== Subpackages: libgedit-tepl-6-4 typelib-1_0-Tepl-6 - Migrate to xz compression and manual service run ==== libgsm ==== Version update (1.0.22 -> 1.0.24) - Update to version 1.0.24 * Left-shifting negative signed integers is undefined behavior as per the C standard; so let's not do that. - Update to version 1.0.23 * Declare signal handlers as accepting an int; sometimes, gcc cares. * Also, write &"s"[x == 1] instead of "s" + (x == 1) to pluralize (pointer arithmetic on arrays is so rare as to elicit compiler warnings in some settings); and why didn't toast_lin.c:linear_input() have a P1 proto macro like linear_output()? ==== libgtop ==== - Migrate to xz compression and manual service run ==== libhandy ==== Subpackages: libhandy-1-0 typelib-1_0-Handy-1_0 - Migrate to xz compression and manual service run ==== libheif ==== Subpackages: gdk-pixbuf-loader-libheif libheif-aom libheif-dav1d libheif-ffmpeg libheif-jpeg libheif-openh264 libheif-openjpeg libheif-rav1e libheif-svtenc libheif1 - added patches CVE-2026-3949: manipulation of the argument size of a malicious frame can lead to out-of-bounds read (bsc#1259541) * libheif-CVE-2026-3949.patch ==== libmad ==== Version update (0.15.1b -> 0.16.4) - Update to version 0.16.4 * Switch upstream http://www.underbit.com/products/mad/ - > https://codeberg.org/tenacityteam/libmad * Switch from autotools to cmake - Update to version 0.16.3 * Disable assembly optimizations for all 64 bit CPU architectures; they are only for 32 and 16 bit architectures. * Fix CPU architecture detection for PowerPC. - Update to version 0.16.2 * Fix building assembly file on ARM * Fix pkgconfig file when CMAKE_INSTALL_{INCLUDE,LIB}DIR are absolute paths. - Update to version 0.16.1 * Fix generation of mad.h broken by move to CMake. * Add CMake options for CPU architecture-specific optimizations. - Update to version 0.16.0 * Add CMake build system * Remove autotools build system * Add pkgconfig and CMake config files * Apply patches from Debian and Fedora - Drop not longer needed patches * libmad-0.15.1b-automake.patch * libmad-0.15.1b-pkgconfig.patch * libmad-0.15.1b-gcc43.patch * length-check.patch * libmad-0.15.1b-ppc.patch * libmad.thumb.diff * libmad-x86.patch * Provide-Thumb-2-alternative-code-for-MAD_F_MLN.diff - Add patch: * libmad-x86.patch ==== libmanette ==== - Migrate to xz compression and manual service run ==== libmaxminddb ==== Version update (1.12.2 -> 1.13.3) - update to 1.13.3: * Fix validation of empty maps and arrays at the end of the metadata section * MMDB_open would incorrectly reject databases where a 0-element map or array was the last field in metadata - includes changes from 1.13.2: * fixes for other platforms - includes changes from 1.13.1: * No code changes - includes changes from 1.13.0: * improved data validation * Fixes for integer overflow, undefined behavior, buffer overflow and other code correctness issues what could be triggered by large or malicously crafted database * Prevent stack overflow via unbounded recursion ==== libnice ==== Subpackages: gstreamer-libnice libnice10 - Migrate to xz compression and manual service run ==== libnotify ==== Subpackages: libnotify-tools libnotify4 typelib-1_0-Notify-0_7 - Migrate to xz compression and manual service run ==== libpeas2 ==== Subpackages: libpeas-2-0 libpeas2-loader-gjs libpeas2-loader-python - Migrate to xz compression and manual service run ==== libpng16 ==== Version update (1.6.55 -> 1.6.56) - verson update to 1.6.56: * Fixed CVE-2026-33416 (high severity): * Use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`. (Reported by Halil Oktay and Ryo Shimada; fixed by Halil Oktay and Cosmin Truta.) * Fixed CVE-2026-33636 (high severity): * Out-of-bounds read/write in the palette expansion on ARM Neon. (Reported by Taegu Ha; fixed by Taegu Ha and Cosmin Truta.) * Fixed uninitialized reads beyond `num_trans` in `trans_alpha` buffers. (Contributed by Halil Oktay.) * Fixed stale `info_ptr->palette` after in-place gamma and background transforms. * Fixed wrong channel indices in `png_image_read_and_map` RGB_ALPHA path. (Contributed by Yuelin Wang.) * Fixed wrong background color in colormap read. (Contributed by Yuelin Wang.) * Fixed dead loop in sPLT write. (Contributed by Yuelin Wang.) * Added missing null pointer checks in four public API functions. (Contributed by Yuelin Wang.) * Validated shift bit depths in `png_set_shift` to prevent infinite loop. (Contributed by Yuelin Wang.) * Avoided undefined behavior in library and tests. * Deprecated the hardly-ever-tested POINTER_INDEXING config option. * Added negative-stride test coverage for the simplified API. * Fixed memory leaks and API misuse in oss-fuzz. (Contributed by Owen Sanzas.) * Implemented various fixes and improvements in oss-fuzz. (Contributed by Bob Friesenhahn and Philippe Antoine.) * Performed various refactorings and cleanups. - fixes (bsc#1260754) and (bsc#1260755) ==== libproxy-backend ==== - Migrate to xz compression and manual service run ==== libproxy-client ==== - Migrate to xz compression and manual service run ==== libsecret ==== Subpackages: libsecret-1-0 typelib-1_0-Secret-1 - Migrate to xz compression and manual service run ==== libsoup ==== Subpackages: libsoup-3_0-0 typelib-1_0-Soup-3_0 - Migrate to xz compression and manual service run ==== libspelling ==== - Migrate to xz compression and manual service run ==== libssh ==== Subpackages: libssh-config libssh4 - Update %suse_version checks for SLES 16.x (jsc#PED-15815) ==== libupnp ==== Version update (1.18.3 -> 1.18.4) Subpackages: libixml11 libupnp20 - Update to release 1.18.4 * Only use SO_REUSEPORT from Linux >= 3.9 onwards ==== libwnck ==== Subpackages: libwnck-3-0 typelib-1_0-Wnck-3_0 - Migrate to xz compression and manual service run ==== live555 ==== Version update (2024.08.01 -> 2026.03.23) Subpackages: libBasicUsageEnvironment2 libUsageEnvironment3 - Update to version 2026.03.23: + Fixed a bug in the RTSP server code that caused it to improperly handle non-interleaved "SETUP"s that were sent for a session where interleaving (i.e., RTP/RTCP-over-TCP) had already been "SETUP". (This could cause a 'use-after-free' error. - For changes between 2024.08.01 to today, please refer to https://download.live555.com/changelog.txt ==== lzlib ==== Version update (1.15 -> 1.16) - Update to release 1.16 * An index of functions and constants has been added to the manual. ==== mobile-broadband-provider-info ==== - Migrate to xz compression and manual service run ==== mozilla-nss ==== Version update (3.120.1 -> 3.121) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-tools - update to NSS 3.121 * bmo#2017366 - update vendored zlib to v1.3.2. * bmo#2012645 - Revert the unnecessary changes to intel-gcm-wrap.gyp. * bmo#2012645 - Use C fallback for AES-GCM on MinGW builds. * bmo#2005669 - fix ML-KEM PCT. * bmo#2017008 - Extend NSS Fuzzing docs. * bmo#2009552 - avoid integer overflow in platform-independent ghash. * bmo#2003189 - Fix errant whitespace in OISTE Server Root RSA G1 nickname. * bmo#2012313 - fix build with glibc-2.43 assignment discards 'const' qualifier from pointer. * bmo#2013188 - add gcm.gyp dependency for Solaris SPARC builds. * bmo#2010389 - Set nssckbi version to 2.84. * bmo#2010389 - Add e-Szigno TLS Root CA 2023 to NSS. * bmo#2005516 - allow manual selection of CPU_ARCH=x86_64 and ppc64 in coreconf/Darwin.mk. * bmo#2009998 - Update cryptofuzz version. * bmo#2001167 - Paranoia assert. * bmo#2000737 - Darwin compatibility for intel-aes.S and intel-gcm.S. * bmo#2000737 - rename intel-{aes,gcm}.s to .S. * bmo#2000737 - rename C files for platform-specific ghash implementations. * bmo#2000737 - simplify compilation of platform-specific GCM and GHASH. * bmo#2007911 - FORWARD_NULL null deref of worker in p7decode.c (sec_pkcs7_decoder_abort_digests). * bmo#2008112 - Out-of-Bounds Read in ML-DSA Private Key Parsing (zero-length privateKey). ==== msgraph ==== - Migrate to xz compression and manual service run ==== nvidia-open-driver-G06-signed-cuda ==== Version update (580.126.20_k6.19.9_1 -> 580.126.20_k6.19.10_1) - adding 'ExcludeArch: %ix86 s390x ppc64le' to no longer get autoclines by buildservice hoping that this wont't break RPM descriptions for -cuda variant again ... - do not set ExclusiveArch in order to fix RPM description for -cuda variant (bsc#1259719) - improved RPM description for -cuda and non-cuda variant ==== openSUSE-release ==== Version update (20260326 -> 20260331) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== ovmf ==== Subpackages: qemu-uefi-aarch64 - Add ovmf-Revert-OvmfPkg-X86QemuLoadImageLib-flip-default-for-.patch (bsc#1260358, bsc#1259826) - Since d2cbaefc0822 (flip EnableLegacyLoader to false), shim is required for direct kernel boot with Secure Boot to avoid CVE-2025-2296. - While libvirt >= v11.2.0 and qemu >= 10.0 support the shim option, the latest version of virt-install remains incompatible. - Upstream plans to remove the legacy loader in 1-2 years (dropping X86QemuLoadImageLib in favor of GenericQemuLoadImageLib). - Revert this patch as a workaround. - Add ovmf-ArmPkg-CpuDxe-Support-multiple-entries-in-RegionIsSy.patch (bsc#1259640) - The check performed by RegionIsSystemMemory is not necessarily limited to a single entry of type EfiGcdSystemMemory in the GCD memory map. For example, when a memory region spans multiple contiguous GCD entries, the current implementation returns False even though the entire range is system memory. - Therefore, this modification expands the RegionIsSystemMemory check to support multiple contiguous entries. ==== pango ==== Subpackages: libpango-1_0-0 typelib-1_0-Pango-1_0 - Migrate to xz compression and manual service run ==== pangomm ==== - Migrate to xz compression and manual service run ==== patterns-gnome ==== Subpackages: patterns-gnome-gnome patterns-gnome-gnome_basic patterns-gnome-gnome_basis patterns-gnome-gnome_games patterns-gnome-gnome_imaging patterns-gnome-gnome_internet patterns-gnome-gnome_multimedia patterns-gnome-gnome_office patterns-gnome-gnome_utilities patterns-gnome-gnome_yast patterns-gnome-sw_management_gnome - Fix Gnome applications ignoring dead keys (boo#1251853). ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Add pipewire-const-correctness-1.patch and pipewire-const-correctness-2.patch picking upstream changes to fix build with glibc 2.43 ==== polkit ==== Subpackages: libpolkit-agent-1-0 libpolkit-gobject-1-0 pkexec typelib-1_0-Polkit-1_0 - avoid reading endless amounts of memory (CVE-2026-4897 bsc#1260859) 0001-CVE-2026-4897-getline-string-overflow.patch ==== polkit-gnome ==== - Drop packageand(polkit:gnome-session) Supplements: polkit-gnome is no longer needed nor wanted in a modern GNOME desktop. ==== python-Pygments ==== Version update (2.19.2 -> 2.20.0) - update to 2.20.0: * archetype: Fix catastrophic backtracking in GUID and ID patterns (#3064) * ASN.1: Recognize minus sign and fix range operator (#3014, [#3060]) * C++: Add C++26 keywords (#2955), add integer literal suffixes (#2966) * ComponentPascal: Fix ``analyse_text`` (#3028, #3032) * Coq renamed to Rocq (#2883, #2908) * Cython: Various improvements (#2932, #2933) * Debian control: Improve architecture parsing (#3052) * Devicetree: Add support for overlay/fragments (#3021), add bytestring support (#3022), fix catastrophic backtracking (#3057) * Fennel: Various improvements (#2911) * Haskell: Handle escape sequences in character literals (#3069, #1795) * Java: Add module keywords (#2955) * Lean4: Add operators ``]'``, ``]?``, ``]!`` (#2946) * LESS: Support single-line comments (#3005) * LilyPond: Update to 2.25.29 (#2974) * LLVM: Support C-style comments (#3023, #2978) * Lua(u): Fix catastrophic backtracking (#3047) * Macaulay2: Update to 1.25.05 (#2893), 1.25.11 (#2988) * Mathematica: Various improvements (#2957) * meson: Add additional operators (#2919) * MySQL: Update keywords (#2970) * org-Mode: Support both schedule and deadline (#2899) * PHP: Add ``__PROPERTY__`` magic constant (#2924), add reserved keywords (#3002) * PostgreSQL: Add more keywords (#2985) * protobuf: Fix namespace tokenization (#2929) * Python: Add ``t``-string support (#2973, #3009, #3010) * Tablegen: Fix infinite loop (#2972, #2940) * Tera Term macro: Add commands introduced in v5.3 through v5.6 (#2951) * TOML: Support TOML 1.1.0 (#3026, #3027) * Turtle: Allow empty comment lines (#2980) * XML: Added ``.xbrl`` as file ending (#2890, #2891) * Drop Python 3.8, and add Python 3.14 as a supported version (#2987, #3012) * Various improvements to ``autopygmentize`` (#2894) * Update ``onedark`` style to support more token types (#2977) * Update ``rtt`` style to support more token types (#2895) * Cache entry points to improve performance (#2979) * Fix ``xterm-256`` color table (#3043) * Fix ``kwargs`` dictionary getting mutated on each call (#3044) ==== python-attrs ==== Version update (25.4.0 -> 26.1.0) - update to 26.1.0: * Field aliases are now resolved *before* calling `field_transformer`, so transformers receive fully populated `Attribute` objects with usable `alias` values instead of `None`. * The new `Attribute.alias_is_default` flag indicates whether the alias was auto-generated (`True`) or explicitly set by the user (`False`). * Fix type annotations for `attrs.validators.optional()`, so it no longer rejects tuples with more than one validator. * The `attrs.validators.disabled()` contextmanager can now be nested. * Frozen classes can set `on_setattr=attrs.setters.NO_OP` in addition to `None`. * It's now possible to pass *attrs* **instances** in addition to *attrs* **classes** to `attrs.fields()`. ==== python-charset-normalizer ==== Version update (3.4.4 -> 3.4.6) Subpackages: python311-charset-normalizer python313-charset-normalizer - update to 3.4.6: * Flattened the logic in `charset_normalizer.md` for higher performance. Removed `eligible(..)` and `feed(...)` in favor of `feed_info(...)`. * Updated `UNICODE_RANGES_COMBINED` using Unicode blocks v17. * Edge case where noise difference between two candidates can be almost insignificant. * CLI `--normalize` writing to wrong path when passing multiple files in. * Freethreaded pre-built wheels now shipped in PyPI starting with 3.14t. * Update `setuptools` constraint to `setuptools>=68,<=82`. * Raised upper bound of mypyc for the optional pre-built extension to v1.19.1 * Add explicit link to lib math in our optimized build. * Logger level not restored correctly for empty byte sequences. * TypeError when passing bytearray to from_bytes. * Applied safe micro-optimizations in both our noise detector and language detector. * Rewrote the `query_yes_no` function (inside CLI) to avoid using ambiguous licensed code. * Added `cd.py` submodule into mypyc optional compilation to reduce further the performance impact. ==== python-cryptography ==== Version update (46.0.5 -> 46.0.6) Subpackages: python311-cryptography python313-cryptography - Add patch support-maturin-1.12.patch: * Correctly deal with maturin bugfix that installs tests and docs under sitearch. - update to 46.0.6 (CVE-2026-34073, bsc#1260876): * SECURITY ISSUE: Fixed a bug where name constraints were not applied to peer names during verification when the leaf certificate contains a wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug, including those used by the Web PKI. Credit to Oleh Konko (1seal) for reporting the issue. CVE-2026-34073 ==== python-cssselect ==== Version update (1.3.0 -> 1.4.0) - update to 1.4.0: * Dropped support for Python 3.9 and PyPy 3.10. * Added support for Python 3.14 and PyPy 3.11. * Switched the build system to ``hatchling``. * CI fixes and improvements. ==== python-gobject ==== Version update (3.56.1 -> 3.56.2) Subpackages: python311-gobject python311-gobject-Gdk python311-gobject-cairo python313-gobject python313-gobject-Gdk python313-gobject-cairo - Update to version 3.56.2: + Leave floating state intact for get/set property + Only call do_dispose if it's implemented on the class - Migrate to xz compression and manual service run ==== python-requests ==== Version update (2.32.5 -> 2.33.0) Subpackages: python311-requests python313-requests - Update to 2.33.0 (bsc#1260589, CVE-2026-25645): - Announcements - Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. - Security - CVE-2026-25645 requests.utils.extract_zipped_paths now extracts * contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly. - Improvements - Migrated to a PEP 517 build system using setuptools. (#7012) - Bugfixes - Fixed an issue where an empty netrc entry could cause * malformed authentication to be applied to Requests on Python 3.11+. (#7205) - Deprecations - Dropped support for Python 3.9 following its end of support. (#7196) - Documentation - Various typo fixes and doc improvements. - Drop uneeded patch fix-chardet-RequestsDependencyWarning.patch ==== qt6-base ==== Version update (6.10.2 -> 6.11.0) Subpackages: libQt6Concurrent6 libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6OpenGLWidgets6 libQt6PrintSupport6 libQt6Sql6 libQt6Test6 libQt6WaylandClient6 libQt6Widgets6 libQt6WlShellIntegration6 libQt6Xml6 qt6-network-tls qt6-networkinformation-glib qt6-networkinformation-nm qt6-platformtheme-gtk3 qt6-printsupport-cups qt6-sql-mysql qt6-sql-sqlite qt6-wayland - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released - Drop patches, merged upstream: * 0001-fix-slow-scrolling-on-wayland.patch * 0001-wayland-Fix-crash-in-QWaylandShmBackingStore-scroll.patch ==== qt6-declarative ==== Version update (6.10.2 -> 6.11.0) Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsPlatform6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsSynchronizer6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlMeta6 libQt6QmlModels6 libQt6QmlNetwork6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 libQt6QuickVectorImage6 libQt6QuickWidgets6 qt6-declarative-imports - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released - Drop patches, merged upstream: * 0001-QtQml-Fix-corner-cases-around-dead-contexts-in-AOT-a.patch * 0001-QtQml-Do-not-clear-objects-propertyCaches-on-last-GC.patch * 0001-QtQml-Handle-the-case-of-getFallbackMethod-returning.patch ==== qt6-imageformats ==== Version update (6.10.2 -> 6.11.0) - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released ==== qt6-location ==== Version update (6.10.2 -> 6.11.0) Subpackages: libQt6Location6 - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released ==== qt6-multimedia ==== Version update (6.10.2 -> 6.11.0) Subpackages: libQt6Multimedia6 libQt6MultimediaQuick6 libQt6MultimediaWidgets6 libQt6Quick3DSpatialAudio6 libQt6SpatialAudio6 qt6-multimedia-imports - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released ==== qt6-networkauth ==== Version update (6.10.2 -> 6.11.0) - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released ==== qt6-positioning ==== Version update (6.10.2 -> 6.11.0) Subpackages: libQt6Positioning6 libQt6PositioningQuick6 qt6-positioning-imports - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released ==== qt6-qt5compat ==== Version update (6.10.2 -> 6.11.0) Subpackages: libQt6Core5Compat6 qt6-qt5compat-imports - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released ==== qt6-quick3d ==== Version update (6.10.2 -> 6.11.0) Subpackages: libQt6Quick3D6 libQt6Quick3DAssetImport6 libQt6Quick3DAssetUtils6 libQt6Quick3DEffects6 libQt6Quick3DHelpers6 libQt6Quick3DHelpersImpl6 libQt6Quick3DParticleEffects6 libQt6Quick3DParticles6 libQt6Quick3DRuntimeRender6 libQt6Quick3DUtils6 libQt6Quick3DXr6 qt6-quick3d-imports - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released - Drop patch: * 0001-XR-fix-build-error-for-using-EGL-without-GL-ES.patch ==== qt6-quicktimeline ==== Version update (6.10.2 -> 6.11.0) - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released ==== qt6-sensors ==== Version update (6.10.2 -> 6.11.0) Subpackages: libQt6Sensors6 - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released ==== qt6-shadertools ==== Version update (6.10.2 -> 6.11.0) - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released ==== qt6-speech ==== Version update (6.10.2 -> 6.11.0) Subpackages: libQt6TextToSpeech6 qt6-texttospeech - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released ==== qt6-svg ==== Version update (6.10.2 -> 6.11.0) Subpackages: libQt6Svg6 libQt6SvgWidgets6 - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released ==== qt6-tools ==== Version update (6.10.2 -> 6.11.0) Subpackages: libQt6Designer6 libQt6UiTools6 qt6-tools-qdbus - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released - Add patches: * 0001-QDoc-Add-LLVM-22-implementation-to-QualTypeNames-for.patch * 0002-CMake-Add-LLVM-22-to-supported-QDoc-Clang-versions.patch ==== qt6-translations ==== Version update (6.10.2 -> 6.11.0) - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released ==== qt6-virtualkeyboard ==== Version update (6.10.2 -> 6.11.0) Subpackages: libQt6HunspellInputMethod6 libQt6VirtualKeyboard6 libQt6VirtualKeyboardQml6 qt6-virtualkeyboard-imports - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released ==== qt6-wayland ==== Version update (6.10.2 -> 6.11.0) - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released ==== qt6-webchannel ==== Version update (6.10.2 -> 6.11.0) Subpackages: libQt6WebChannel6 libQt6WebChannelQuick6 qt6-webchannel-imports - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released ==== qt6-webengine ==== Version update (6.10.2 -> 6.11.0) Subpackages: libQt6WebEngineCore6 libQt6WebEngineQuick6 libQt6WebEngineWidgets6 qt6-webengine-imports - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released Based on Chromium version: 140.0.7339.264 Patched with security patches up to Chromium version: 146.0.7680.80 - Drop patch, merged upstream: * 0001-sandbox-Fix-build-with-glibc-2.43-and-above.patch ==== qt6-webview ==== Version update (6.10.2 -> 6.11.0) - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released ==== quota ==== Version update (4.10 -> 4.11) Subpackages: quota-nfs - update to 4.11: * rquota_server: Fix group presence checking (Jan Kara) * Drop support for V0 and V1 kernel interfaces (Jan Kara) * Drop support for old quotactl(2) syscall (Jan Kara) * Provide quotactl_mnt() helper and use it where possible (Jan Kara) * quotaon: Fix handling of filesystems without single device (Jan Kara) * setproject: Fix openWRT build (Jan Kara) * setproject: fix openat() call (Konstantin Demin) ==== seahorse ==== Subpackages: gnome-shell-search-provider-seahorse - Migrate to xz compression and manual service run ==== simdutf ==== - Migrate to xz compression and manual service run ==== simple-scan ==== - Migrate to xz compression and manual service run ==== taglib ==== Version update (2.1.1 -> 2.2.1) Subpackages: libtag2 libtag_c2 - update to 2.2.1: * Support edition, chapter and attachment UIDs in Matroska simple tags. * Avoid duplicates in Matroska complex property keys. * Support for Matroska (MKA, MKV) and WebM files. * Support for NI STEM in MP4 files. * New method isDsd() in WavPack Properties. * Stricter verification of ID3v2 frames. * Fix setting the last header flag in Ogg FLAC files. * Fix reading of the last page in Ogg streams. * Avoid corrupting invalid Ogg FLAC files without Vorbis comment. * Windows: Support MP4 files with 64-bit atoms. * Fix use of property keys with non-ASCII characters in C bindings. * Fix building with Android NDK 29. - drop 0001-Do-not-warn-when-seeing-FLAC-picture-block-in-Ogg-fi.patch, 0002-Set-last-header-flag-in-FLAC-Metadata-block-type-fie.patch, 0003-Avoid-corrupting-an-invalid-FLAC-Ogg-file-without-Vo.patch, 0004-Fix-reading-of-last-page-in-ogg-stream.patch: upstream ==== thunar ==== Version update (4.20.7 -> 4.20.8) Subpackages: libthunarx-3-0 thunar-lang - Update to 4.20.8 * Store pending column size changes on close (#1318) * Pass current dir to catfish (#1785) * Ignore G_IO_ERROR_NOT_SUPPORTED (#1782) * Translation Updates ==== tigervnc ==== Subpackages: libXvnc1 tigervnc-selinux xorg-x11-Xvnc xorg-x11-Xvnc-module - U_Prevent-other-users-reading-x0vncserver-screen.patch * Prevent other users from observing the screen, or modifying what is sent to the client. Malicious attackers could even crash x0vncserver if they timed the modifications right. (CVE-2026-34352, bsc#1260871) ==== totem ==== Subpackages: totem-plugins totem-video-thumbnailer - Migrate to xz compression and manual service run - Drop (gnome-shell and nautilus) Supplements from totem-video-thumbnailer subpackage, we do not want this one to be autoinstalled anymore, surplanted by gst-thumbnailers. ==== totem-pl-parser ==== Subpackages: libtotem-plparser-mini18 libtotem-plparser18 typelib-1_0-TotemPlParser-1_0 - Migrate to xz compression and manual service run ==== v4l-utils ==== Version update (1.28.1 -> 1.32.0) Subpackages: libv4l libv4l1-0 libv4l2-0 libv4lconvert0 - update to 1.32.0: * v4l-utils: Add is_compressed_format helper to centralize compressed format checks * edid-decode: be more relaxed on InfoFrames format * edid-decode: allow using stdin for InfoFrame decoding * v4l2-compliance: run testBlockingWait when streaming * v4l2-ctl: fix string in hdmi-4k-600mhz-with-displayid-eeodb * v4l2-compliance: report unsupported devices as such * cobalt-ctl: fix search for the mtd device * v4l2-ctl: log bitmask control value has hex number * edid-decode: add sanity checks for DTD image size * v4l2-compliance: fix pix_array control test * test-media: add 'date' commands to the vicodec tests * test-media: speed up stateful decoder compliance tests * v4l-utils: sync with v6.17-rc1 * v4l-utils: update Hans Verkuil's email addresses * cec-ctl: --show-raw should show raw transmit data as well * v4l-utils: sync with latest media kernel tree * cec-compliance: fix Vendor Command With ID vivid tests * v4l2-tracer: fix out of date comment * v4l2-ctl: use strtoul instead of strtol where appropriate * rds-ctl: use strtoul instead of strtol where appropriate * ivtv-ctl: use strtoul instead of strtol where appropriate * cx18-ctl: use strtoul instead of strtol where appropriate * cec-ctl: use strtoul instead of strtol where appropriate * libv4lconvert: use strtoul instead of strtol where appropriate * capture-example.c: use strtoul instead of strtol for -c * libv4l2: prefix HAVE_POSIX_IOCTL with LIBV4L_ for public header * qv4l2: Fix video capture being transparent on Wayland * qvidcap: Fix video capture being transparent on Wayland * ir-ctl: remove quirky -rmw command line parsing * libv4l2: zero v4l2_buffer * media-ctl: libv4l2subdev: Add Y16 format * v4l2-ctl: process events before queues in stateful_m2m() * v4l2-compliance: Add test for V4L2_FMTDESC_FLAG_ENUM_ALL flag * v4l2-ctl-vidcap: Add options to enumerate all pixel formats * edid-decode: support parsing EDID-Like Data * qvidcap: fix core dump * qv4l2: fix crash when disabling openGL ==== wireless-regdb ==== Version update (20251007 -> 20260318) - Update to version 2026-03-18: * db2bin.py: Switch from M2Crypto to python-cryptography. * Update regulatory rules for Australia (AU), Canada (CA), Greece (GR), Malaysia (MY), and Tunisia (TN). * Update documentation URL in regulatory.bin.5. - Update to version 20260318: * wireless-regdb: update regulatory database based on preceding changes * wireless-regdb: Update regulatory rules for India (IN) on 6GHz * wireless-regdb: Replace M2Crypto with cryptography package * wireless-regdb: Fix regulatory.bin signing with new M2Crypto * wireless-regdb: update regulatory database based on preceding changes * wireless-regdb: Update regulatory info for Canada (CA) for 2025 * wireless-regdb: Update regulatory info for Tunisia (TN) on 6GHz for 2025 * wireless-regdb: Update regulatory info for Malaysia (MY) for 2025 * wireless-regdb: Update regulatory info for Malaysia (MY) for 2024 * wireless-regdb: Update broken link in regulatory.bin(5) manpage ==== xdg-user-dirs-gtk ==== - Migrate to xz compression and manual service run ==== xfdesktop ==== Version update (4.20.1 -> 4.20.2) Subpackages: xfdesktop-lang - Update to version 4.20.2: * I18n: Update po/LINGUAS list * Fix criticals in g_file_info_get_name with trashed files * I18n: Update po/LINGUAS list * Fix a use-after-free crash in the icon unplace/removal code * Fix column boundary check in xfdesktop_icon_view_unplace_item * Mark shortcut editor group names as translatable * Ensure src icon & parent are writable and can be moved more thoroughly * autotools: ensure xfdesktop-settings links with libxfce4util * Don't limit number of templates shown in the 'Create Document' menu * Add gradient benchmarking test binary to .gitignore * Add test-gradient-benchmarking to autotools build * Set up for new machinery to automatically update copyright year * I18n: Update po/LINGUAS list * Translation Updates ==== xkeyboard-config ==== - Reintroduce /usr/share/xkeyboard-config-2/compiled symlink and remove it again from xkeyboard-config.tmpfiles; add /var dirs as ghosts to avoid having a dangling symlink (boo#1260803, boo#1256912, PED-14831) ==== yast2-trans ==== Version update (84.87.20260317.4036e59979 -> 84.87.20260325.bd0ff66bcc) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20260325.bd0ff66bcc: * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) ==== yelp ==== Version update (49.0 -> 49.0+22) Subpackages: libyelp-1-0 - Migrate to xz compression and manual service run - Update to version 49.0+22: + Updated translations. ==== zenity ==== Version update (4.2.1 -> 4.2.2) - Update to version 4.2.2: + colview: Actually hide header via --hide-header when possible