Packages changed: MicroOS-release (20260326 -> 20260331) appstream-glib bluez (5.79 -> 5.82) bolt (0.9.10 -> 0.9.11) cairo createrepo_c (1.2.2 -> 1.2.3) curl distrobox dracut (110+suse.18.g5a7a17b3 -> 110+suse.23.g5d9502c7) ell (0.81 -> 0.83) expat (2.7.4 -> 2.7.5) flatpak fontconfig (2.16.0 -> 2.17.1) gcr gettext-runtime glib-networking gnutls gobject-introspection gtk3 (3.24.51 -> 3.24.52) iso-codes kdump (2.1.7 -> 2.1.8) kernel-source (6.19.9 -> 6.19.10) krb5 kwin6 libavif (1.4.0 -> 1.4.1) libgsm (1.0.22 -> 1.0.24) libhandy libheif libmad (0.15.1b -> 0.16.4) libnotify libpng16 (1.6.55 -> 1.6.56) libproxy-backend libproxy-client libsecret libsoup libssh libupnp (1.18.3 -> 1.18.4) live555 (2024.08.01 -> 2026.03.23) lzlib (1.15 -> 1.16) mozilla-nss (3.120.1 -> 3.121) pango pipewire polkit python-attrs (25.4.0 -> 26.1.0) python-charset-normalizer (3.4.4 -> 3.4.6) python-cryptography (46.0.5 -> 46.0.6) python-gobject (3.56.1 -> 3.56.2) python-jsonpointer (3.0.0 -> 3.1.1) python-maturin (1.11.5 -> 1.12.6) python-requests (2.32.5 -> 2.33.0) qt6-base (6.10.2 -> 6.11.0) qt6-declarative (6.10.2 -> 6.11.0) qt6-imageformats (6.10.2 -> 6.11.0) qt6-location (6.10.2 -> 6.11.0) qt6-multimedia (6.10.2 -> 6.11.0) qt6-positioning (6.10.2 -> 6.11.0) qt6-qt5compat (6.10.2 -> 6.11.0) qt6-quick3d (6.10.2 -> 6.11.0) qt6-quicktimeline (6.10.2 -> 6.11.0) qt6-shadertools (6.10.2 -> 6.11.0) qt6-speech (6.10.2 -> 6.11.0) qt6-svg (6.10.2 -> 6.11.0) qt6-tools (6.10.2 -> 6.11.0) qt6-virtualkeyboard (6.10.2 -> 6.11.0) qt6-webchannel (6.10.2 -> 6.11.0) qt6-webengine (6.10.2 -> 6.11.0) qt6-webview (6.10.2 -> 6.11.0) runc (1.4.0 -> 1.4.1) steam-devices taglib (2.1.1 -> 2.2.1) xkeyboard-config === Details === ==== MicroOS-release ==== Version update (20260326 -> 20260331) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== appstream-glib ==== Subpackages: libappstream-glib8 - Migrate to xz compression and manual service run ==== bluez ==== Version update (5.79 -> 5.82) Subpackages: bluez-cups libbluetooth3 - Add documentation for obexd system bus support: * Add README-obex.SUSE to guide users on how to enable obexd on the system bus. * Move obex.conf to documentation directory to avoid automatic activation due to security concerns. (bsc#1243334, bsc#1258146) - Add bluez.tmpfiles, using systemd-tmpfiles to create /var/lib/bluetooth folder for supporting Immutable Mode. (jsc#PED-14768) ==== bolt ==== Version update (0.9.10 -> 0.9.11) - update to 0.9.11: * Updated NHI PCI IDs: added Maple Ridge, ADL, TGL-H, RPL, MTL, and AMD Strix Point USB4 Routers ==== cairo ==== Subpackages: libcairo-gobject2 libcairo2 - Migrate to xz compression and manual service run ==== createrepo_c ==== Version update (1.2.2 -> 1.2.3) Subpackages: libcreaterepo_c1 python3-createrepo_c - update to 1.2.3: * Properly guard code with CR_DELTA_RPM_SUPPORT in missed out places * Restore compatibility with RPM 4.14.3 * Add cr_HeaderReadingFlags flags: don't load file digests and all set * package_from_rpm: accept optional header_reading_flags ==== curl ==== Subpackages: libcurl4 - Update %suse_version checks for SLES 16.x (jsc#PED-15813) ==== distrobox ==== Subpackages: distrobox-bash-completion - append newline after manually adding tty group (bsc#12594379) add 0001-add-newline-when-appending-tty-group-via-printf-bsc-.patch ==== dracut ==== Version update (110+suse.18.g5a7a17b3 -> 110+suse.23.g5d9502c7) Subpackages: dracut-ima - Update to version 110+suse.23.g5d9502c7: NVMeoF boot: avoid network interface renaming (jsc#PED-14341): * feat(nvmf): set rd.nvmf.nm=1 if NetworkManager 1.54 is detected * feat(nvmf): allow using system interface naming policy * feat(nvmf): add dracut.conf option nvmf_nbft_mode * feat(nvmf): enable adapting to NBFT reconfiguration * fix(dracut.conf.5): move fstab/chroot warning to hostonly_mode section ==== ell ==== Version update (0.81 -> 0.83) - Update to release 0.83 * Fix compilation issues with -std=c23 mode. * Add additional test vectors for AES-CCM. ==== expat ==== Version update (2.7.4 -> 2.7.5) - version update to 2.7.5 (bsc#1259711, bsc#1259729, bsc#1259726) * CVE-2026-32776 -- Fix NULL function pointer dereference for empty external parameter entities; it takes use of both functions XML_ExternalEntityParserCreate and XML_SetParamEntityParsing for an application to be vulnerable. * CVE-2026-32777 -- Protect from XML_TOK_INSTANCE_START infinite loop in function entityValueProcessor; it takes use of both functions XML_ExternalEntityParserCreate and XML_SetParamEntityParsing for an application to be vulnerable. * CVE-2026-32778 -- Fix NULL dereference in function setContext on retry after an earlier ouf-of-memory condition; it takes use of function XML_ParserCreateNS or XML_ParserCreate_MM for an application to be vulnerable. * See full changelog here: https://github.com/libexpat/libexpat/blob/R_2_7_5/expat/Changes ==== flatpak ==== Subpackages: flatpak-selinux libflatpak0 system-user-flatpak - Migrate to xz compression and manual service run ==== fontconfig ==== Version update (2.16.0 -> 2.17.1) Subpackages: libfontconfig1 - Update to 2.17.1. - Remove obsoleted documentation packages. - Changes from 2.17.1: * meson: Add 'noinstall' to default-hinting, default-sub-pixel-rendering, bitmap-conf build options * Fix a heap buffer overflow - Changes from 2.17.0: * Avoid conflict between dgettext macro and declaration in fcint.h * fix: Skip empty entries in XDG_DATA_DIRS parsing * Fix padding with "und" in pattern elements * Fix a crash with broken cache * meson: Fix additional-fonts-dirs build option that not taking effect * Add default font paths for Android in configure script * Fix use-after-free in FcConfigGetPrgname * conf.d: Add a conf to guess a generic-family for substitution * Drop FcObjectFini() from FcFini() to fix memory leaks * conf.d/65-nonlatin.conf: Rename Lohit Oriya to Lohit Odia * Make sure that the debugging facilities are initialized at loading config phase * meson: don't force installation of a static library * meson: don't try to call run_command for gperf on --wrap-mode=forcefallback * Do not fallback decoding with UTF-16BE if no iconv support * Trim trailing newline in string in cache * Parse foundry from OS/2 for table version 0 * Allow dotfiles to scan for caching * Increase a reference count for default FcConfig instance with FcInit() * Free the mutex object only when there are no references to the default FcConfig instance * Free the mutex object only when all cache objects isn't referenced * Drop the configuration path migration code * Drop FcDefaultFini() from FcFini() to fix memory leaks * Process and append font capabilities to Pattern * Add bitmap-conf build option to choose default bitmap conf * Enable fc-query indexing through Fontations * Add FcConfigPerferAppFont() to allow changing the order of application fonts * Pattern Bindings for CharSet and LangSet * Add FcPatternObjectGet* impl for CharSet and LangSet * Factor out fcpat.c - add Fontations dependencies * Improve performance of FcPtrListIterInitAtLast - Changes from 2.16.2: * meson: Use Requires.private instead of Requires * meson: don't force build of a shared library * meson: do not require libintl if nls feature is disabled * Add internal PatternBuilder abstraction ==== gcr ==== Subpackages: libgck-2-2 libgcr-4-4 - Migrate to xz compression and manual service run ==== gettext-runtime ==== Subpackages: envsubst libtextstyle0 - Remove autoreconf call, not needed anymore. ==== glib-networking ==== - Migrate to xz compression and manual service run ==== gnutls ==== - Fix build with autoconf 2.73 (bsc#1260395) * Add gnutls-C23.patch ==== gobject-introspection ==== Subpackages: girepository-1_0 libgirepository-1_0-1 - Migrate to xz compression and manual service run ==== gtk3 ==== Version update (3.24.51 -> 3.24.52) Subpackages: gtk3-data gtk3-schema gtk3-tools libgtk-3-0 typelib-1_0-Gtk-3_0 - Update to version 3.24.52: + Bugs fixed: - Zlib required when broadway is enabled. - Invalid a11y events when calling `gtk_tree_view_set_cursor` on an unfocused GtkTreeView (Michael Weghorn) - Firefox crashes at gdk_wayland_drag_context_manage_dnd() when missing toplevel wl_surface - gtk3 refresh_rate calculation overflows on 32-bit targets - Images for recolored icons are constantly being reloaded - Wild strobing in multi window mode - GIMP does not focus on dialogue boxes on Mac - quartz: add automagic uti<->mime conversion for clipboard - Fix position of child tooltips in GTK3 custom windows - a11y: Don't send focus-related events for unfocused treeview - quartz: gtkwindow - fix windows fighting focus - gtkmenu: Await more motion events before deactivating on release - wayland: Handle XKB initialization failures gracefully - gdk/win32: Add missing EGL conditional compilation guard + Updated translations. - Migrate to xz compression and manual service run ==== iso-codes ==== - Migrate to xz compression and manual service run ==== kdump ==== Version update (2.1.7 -> 2.1.8) - upgrade to version 2.1.8 * man: fix install instructions in kdump(7) * kdumptool commandline: ignore minor differencies (bsc#1260535) ==== kernel-source ==== Version update (6.19.9 -> 6.19.10) Subpackages: kernel-64kb kernel-default - Linux 6.19.10 (bsc#1012628). - xen/privcmd: add boot control for restricted usage in domU (bsc#1012628). - xen/privcmd: restrict usage in unprivileged domU (bsc#1012628). - hwmon: (max6639) Fix pulses-per-revolution implementation (bsc#1012628). - drm/xe/guc: Fail immediately on GuC load error (bsc#1012628). - arm64: realm: Fix PTE_NS_SHARED for 52bit PA support (bsc#1012628). - tools/bootconfig: fix fd leak in load_xbc_file() on fstat failure (bsc#1012628). - lib/bootconfig: check xbc_init_node() return in override path (bsc#1012628). - fs/tests: exec: Remove bad test vector (bsc#1012628). - drm/i915/gt: Check set_default_submission() before deferencing (bsc#1012628). - ksmbd: fix use-after-free in durable v2 replay of active file handles (bsc#1012628). - ksmbd: fix use-after-free of share_conf in compound request (bsc#1012628). - drm/bridge: dw-hdmi-qp: fix multi-channel audio output (bsc#1012628). - drm/amd: fix dcn 2.01 check (bsc#1012628). - drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr() (bsc#1012628). - iommu/amd: Block identity domain when SNP enabled (bsc#1012628). - iommu/sva: Fix crash in iommu_sva_unbind_device() (bsc#1012628). - iommu: Fix mapping check for 0x0 to avoid re-mapping it (bsc#1012628). - drm/vmwgfx: Don't overwrite KMS surface dirty tracker (bsc#1012628). - spi: amlogic-spisg: Fix memory leak in aml_spisg_probe() (bsc#1012628). - spi: amlogic: spifc-a4: Remove redundant clock cleanup (bsc#1012628). - mshv: Fix use-after-free in mshv_map_user_memory error path (bsc#1012628). - arm_mpam: Fix null pointer dereference when restoring bandwidth counters (bsc#1012628). - x86/hyperv: Use __naked attribute to fix stackless C function (bsc#1012628). - mtd: rawnand: brcmnand: skip DMA during panic write (bsc#1012628). - mtd: rawnand: serialize lock/unlock against other NAND operations (bsc#1012628). - binfmt_elf_fdpic: fix AUXV size calculation for ELF_HWCAP3 and ELF_HWCAP4 (bsc#1012628). - x86/platform/uv: Handle deconfigured sockets (bsc#1012628). - x86/mce/amd: Check SMCA feature bit before accessing SMCA MSRs (bsc#1012628). - tracing: Fix trace_marker copy link list updates (bsc#1012628). - tracing: Fix failure to read user space from system call trace events (bsc#1012628). - ring-buffer: Fix to update per-subbuf entries of persistent ring buffer (bsc#1012628). - perf/x86: Move event pointer setup earlier in x86_pmu_enable() (bsc#1012628). - perf/x86/intel: Add missing branch counters constraint apply (bsc#1012628). - irqchip/riscv-rpmi-sysmsi: Fix mailbox channel leak in rpmi_sysmsi_probe() (bsc#1012628). - i2c: pxa: defer reset on Armada 3700 when recovery is used (bsc#1012628). - i2c: fsi: Fix a potential leak in fsi_i2c_probe() (bsc#1012628). - i2c: cp2615: fix serial string NULL-deref at probe (bsc#1012628). - hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (bsc#1012628). - hwmon: (pmbus/mp2869) Check pmbus_read_byte_data() before using its return value (bsc#1012628). - hwmon: (pmbus/mp2975) Add error check for pmbus_read_word_data() return value (bsc#1012628). - hwmon: (pmbus/ina233) Add error check for pmbus_read_word_data() return value (bsc#1012628). - MPTCP: fix lock class name family in pm_nl_create_listen_socket (bsc#1012628). - icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1012628). - net: dsa: bcm_sf2: fix missing clk_disable_unprepare() in error paths (bsc#1012628). - net: shaper: protect from late creation of hierarchy (bsc#1012628). - net: shaper: protect late read accesses to the hierarchy (bsc#1012628). - net: mvpp2: guard flow control update with global_tx_fc in buffer switching (bsc#1012628). - nfnetlink_osf: validate individual option lengths in fingerprints (bsc#1012628). - netfilter: nf_tables: release flowtable after rcu grace period on error (bsc#1012628). - netfilter: bpf: defer hook memory release until rcu readers are done (bsc#1012628). - net: bonding: fix NULL deref in bond_debug_rlb_hash_show (bsc#1012628). - udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n (bsc#1012628). - net/mlx5e: Fix race condition during IPSec ESN update (bsc#1012628). - net/mlx5e: Prevent concurrent access to IPSec ASO context ... changelog too long, skipping 298 lines ... - commit a439317 ==== krb5 ==== - Add compatibility with autoconf 2.73 by adding patch 0011-autoconf-2.73-compatibility.patch from upstream pull request https://github.com/krb5/krb5/pull/1485 ==== kwin6 ==== Subpackages: libkwin6 - Add patch to fix color issues with some AMD GPUs (kde#517556): * 0001-backends-drm-disable-drm-color-pipelines-on-AMD.patch ==== libavif ==== Version update (1.4.0 -> 1.4.1) - update to 1.4.1: * Changed since 1.4.0 - Fix build with CMake 3.22 - Update aom.cmd/LocalAom.cmake: v3.13.2 - Update libxml2.cmd/LocalLibXml2.cmake: v2.15.2 - Update libyuv.cmd/LocalLibyuv.cmake: 6067afde5 (1922) - Support long path names in Windows - Fix cicp management and memory leaks in avifgainmaputil #3102. * Removed since 1.4.0 - Remove experimental status for the following options of avifenc: - -progressive, --layered and --scaling-mode, and the extraLayerCount option of avifEncoder. ==== libgsm ==== Version update (1.0.22 -> 1.0.24) - Update to version 1.0.24 * Left-shifting negative signed integers is undefined behavior as per the C standard; so let's not do that. - Update to version 1.0.23 * Declare signal handlers as accepting an int; sometimes, gcc cares. * Also, write &"s"[x == 1] instead of "s" + (x == 1) to pluralize (pointer arithmetic on arrays is so rare as to elicit compiler warnings in some settings); and why didn't toast_lin.c:linear_input() have a P1 proto macro like linear_output()? ==== libhandy ==== Subpackages: libhandy-1-0 typelib-1_0-Handy-1_0 - Migrate to xz compression and manual service run ==== libheif ==== - added patches CVE-2026-3949: manipulation of the argument size of a malicious frame can lead to out-of-bounds read (bsc#1259541) * libheif-CVE-2026-3949.patch ==== libmad ==== Version update (0.15.1b -> 0.16.4) - Update to version 0.16.4 * Switch upstream http://www.underbit.com/products/mad/ - > https://codeberg.org/tenacityteam/libmad * Switch from autotools to cmake - Update to version 0.16.3 * Disable assembly optimizations for all 64 bit CPU architectures; they are only for 32 and 16 bit architectures. * Fix CPU architecture detection for PowerPC. - Update to version 0.16.2 * Fix building assembly file on ARM * Fix pkgconfig file when CMAKE_INSTALL_{INCLUDE,LIB}DIR are absolute paths. - Update to version 0.16.1 * Fix generation of mad.h broken by move to CMake. * Add CMake options for CPU architecture-specific optimizations. - Update to version 0.16.0 * Add CMake build system * Remove autotools build system * Add pkgconfig and CMake config files * Apply patches from Debian and Fedora - Drop not longer needed patches * libmad-0.15.1b-automake.patch * libmad-0.15.1b-pkgconfig.patch * libmad-0.15.1b-gcc43.patch * length-check.patch * libmad-0.15.1b-ppc.patch * libmad.thumb.diff * libmad-x86.patch * Provide-Thumb-2-alternative-code-for-MAD_F_MLN.diff - Add patch: * libmad-x86.patch ==== libnotify ==== Subpackages: libnotify4 typelib-1_0-Notify-0_7 - Migrate to xz compression and manual service run ==== libpng16 ==== Version update (1.6.55 -> 1.6.56) - verson update to 1.6.56: * Fixed CVE-2026-33416 (high severity): * Use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`. (Reported by Halil Oktay and Ryo Shimada; fixed by Halil Oktay and Cosmin Truta.) * Fixed CVE-2026-33636 (high severity): * Out-of-bounds read/write in the palette expansion on ARM Neon. (Reported by Taegu Ha; fixed by Taegu Ha and Cosmin Truta.) * Fixed uninitialized reads beyond `num_trans` in `trans_alpha` buffers. (Contributed by Halil Oktay.) * Fixed stale `info_ptr->palette` after in-place gamma and background transforms. * Fixed wrong channel indices in `png_image_read_and_map` RGB_ALPHA path. (Contributed by Yuelin Wang.) * Fixed wrong background color in colormap read. (Contributed by Yuelin Wang.) * Fixed dead loop in sPLT write. (Contributed by Yuelin Wang.) * Added missing null pointer checks in four public API functions. (Contributed by Yuelin Wang.) * Validated shift bit depths in `png_set_shift` to prevent infinite loop. (Contributed by Yuelin Wang.) * Avoided undefined behavior in library and tests. * Deprecated the hardly-ever-tested POINTER_INDEXING config option. * Added negative-stride test coverage for the simplified API. * Fixed memory leaks and API misuse in oss-fuzz. (Contributed by Owen Sanzas.) * Implemented various fixes and improvements in oss-fuzz. (Contributed by Bob Friesenhahn and Philippe Antoine.) * Performed various refactorings and cleanups. - fixes (bsc#1260754) and (bsc#1260755) ==== libproxy-backend ==== - Migrate to xz compression and manual service run ==== libproxy-client ==== - Migrate to xz compression and manual service run ==== libsecret ==== Subpackages: libsecret-1-0 typelib-1_0-Secret-1 - Migrate to xz compression and manual service run ==== libsoup ==== - Migrate to xz compression and manual service run ==== libssh ==== Subpackages: libssh-config libssh4 - Update %suse_version checks for SLES 16.x (jsc#PED-15815) ==== libupnp ==== Version update (1.18.3 -> 1.18.4) Subpackages: libixml11 libupnp20 - Update to release 1.18.4 * Only use SO_REUSEPORT from Linux >= 3.9 onwards ==== live555 ==== Version update (2024.08.01 -> 2026.03.23) Subpackages: libBasicUsageEnvironment2 libUsageEnvironment3 - Update to version 2026.03.23: + Fixed a bug in the RTSP server code that caused it to improperly handle non-interleaved "SETUP"s that were sent for a session where interleaving (i.e., RTP/RTCP-over-TCP) had already been "SETUP". (This could cause a 'use-after-free' error. - For changes between 2024.08.01 to today, please refer to https://download.live555.com/changelog.txt ==== lzlib ==== Version update (1.15 -> 1.16) - Update to release 1.16 * An index of functions and constants has been added to the manual. ==== mozilla-nss ==== Version update (3.120.1 -> 3.121) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.121 * bmo#2017366 - update vendored zlib to v1.3.2. * bmo#2012645 - Revert the unnecessary changes to intel-gcm-wrap.gyp. * bmo#2012645 - Use C fallback for AES-GCM on MinGW builds. * bmo#2005669 - fix ML-KEM PCT. * bmo#2017008 - Extend NSS Fuzzing docs. * bmo#2009552 - avoid integer overflow in platform-independent ghash. * bmo#2003189 - Fix errant whitespace in OISTE Server Root RSA G1 nickname. * bmo#2012313 - fix build with glibc-2.43 assignment discards 'const' qualifier from pointer. * bmo#2013188 - add gcm.gyp dependency for Solaris SPARC builds. * bmo#2010389 - Set nssckbi version to 2.84. * bmo#2010389 - Add e-Szigno TLS Root CA 2023 to NSS. * bmo#2005516 - allow manual selection of CPU_ARCH=x86_64 and ppc64 in coreconf/Darwin.mk. * bmo#2009998 - Update cryptofuzz version. * bmo#2001167 - Paranoia assert. * bmo#2000737 - Darwin compatibility for intel-aes.S and intel-gcm.S. * bmo#2000737 - rename intel-{aes,gcm}.s to .S. * bmo#2000737 - rename C files for platform-specific ghash implementations. * bmo#2000737 - simplify compilation of platform-specific GCM and GHASH. * bmo#2007911 - FORWARD_NULL null deref of worker in p7decode.c (sec_pkcs7_decoder_abort_digests). * bmo#2008112 - Out-of-Bounds Read in ML-DSA Private Key Parsing (zero-length privateKey). ==== pango ==== Subpackages: libpango-1_0-0 typelib-1_0-Pango-1_0 - Migrate to xz compression and manual service run ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Add pipewire-const-correctness-1.patch and pipewire-const-correctness-2.patch picking upstream changes to fix build with glibc 2.43 ==== polkit ==== Subpackages: libpolkit-agent-1-0 libpolkit-gobject-1-0 typelib-1_0-Polkit-1_0 - avoid reading endless amounts of memory (CVE-2026-4897 bsc#1260859) 0001-CVE-2026-4897-getline-string-overflow.patch ==== python-attrs ==== Version update (25.4.0 -> 26.1.0) - update to 26.1.0: * Field aliases are now resolved *before* calling `field_transformer`, so transformers receive fully populated `Attribute` objects with usable `alias` values instead of `None`. * The new `Attribute.alias_is_default` flag indicates whether the alias was auto-generated (`True`) or explicitly set by the user (`False`). * Fix type annotations for `attrs.validators.optional()`, so it no longer rejects tuples with more than one validator. * The `attrs.validators.disabled()` contextmanager can now be nested. * Frozen classes can set `on_setattr=attrs.setters.NO_OP` in addition to `None`. * It's now possible to pass *attrs* **instances** in addition to *attrs* **classes** to `attrs.fields()`. ==== python-charset-normalizer ==== Version update (3.4.4 -> 3.4.6) - update to 3.4.6: * Flattened the logic in `charset_normalizer.md` for higher performance. Removed `eligible(..)` and `feed(...)` in favor of `feed_info(...)`. * Updated `UNICODE_RANGES_COMBINED` using Unicode blocks v17. * Edge case where noise difference between two candidates can be almost insignificant. * CLI `--normalize` writing to wrong path when passing multiple files in. * Freethreaded pre-built wheels now shipped in PyPI starting with 3.14t. * Update `setuptools` constraint to `setuptools>=68,<=82`. * Raised upper bound of mypyc for the optional pre-built extension to v1.19.1 * Add explicit link to lib math in our optimized build. * Logger level not restored correctly for empty byte sequences. * TypeError when passing bytearray to from_bytes. * Applied safe micro-optimizations in both our noise detector and language detector. * Rewrote the `query_yes_no` function (inside CLI) to avoid using ambiguous licensed code. * Added `cd.py` submodule into mypyc optional compilation to reduce further the performance impact. ==== python-cryptography ==== Version update (46.0.5 -> 46.0.6) - Add patch support-maturin-1.12.patch: * Correctly deal with maturin bugfix that installs tests and docs under sitearch. - update to 46.0.6 (CVE-2026-34073, bsc#1260876): * SECURITY ISSUE: Fixed a bug where name constraints were not applied to peer names during verification when the leaf certificate contains a wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug, including those used by the Web PKI. Credit to Oleh Konko (1seal) for reporting the issue. CVE-2026-34073 ==== python-gobject ==== Version update (3.56.1 -> 3.56.2) Subpackages: python313-gobject python313-gobject-Gdk python313-gobject-cairo - Update to version 3.56.2: + Leave floating state intact for get/set property + Only call do_dispose if it's implemented on the class - Migrate to xz compression and manual service run ==== python-jsonpointer ==== Version update (3.0.0 -> 3.1.1) - update to 3.1.1: * Add Python versions 3.13 and 3.14 to workflow * Fix flake8 issue * testsuite fixes ==== python-maturin ==== Version update (1.11.5 -> 1.12.6) - Drop CVE-2026-25727.patch (handled in _service) - Update to 1.12.6 * Sync legacy_py.rs with upstream PyPI warehouse legacy.py gh#PyO3/maturin#3053 * Keep cargo build artifact at original path after staging gh#PyO3/maturin#3054 - Update to 1.12.5 * feat: include debug info files (.pdb, .dSYM, .dwp) in wheels gh#PyO3/maturin#3024 * Fix wrong abi3 tag for conditional cargo features enabled pyo3 abi3 feature gh#PyO3/maturin#3029 * fix: maturin build --sdist wheel name/layout for excluded workspace crates gh#PyO3/maturin#3031 * fix: preserve wheel output dir when building from unpacked sdist gh#PyO3/maturin#3036 * feat: add python-implementation condition to conditional features gh#PyO3/maturin#3038 * Fix non-existent comment tag gh#PyO3/maturin#3044 * Use mmap for faster warn_missing_py_init, to be safe we now move the cargo built artifact to target/maturin so this may cause breakage if you rely on it in standard cargo target/ location gh#PyO3/maturin#2950 - Update to 1.12.4 * Upgrade memmap2 version gh#PyO3/maturin#3021 * fix: platform tag detection for Android targets gh#PyO3/maturin#3023 * fix: only ignore maturin-generated native libraries on all platforms gh#PyO3/maturin#3025 * fix: ignore develop artifacts for all binding types during build gh#PyO3/maturin#3026 * feat: support conditional cargo features based on Python version gh#PyO3/maturin#3027 - Update to 1.12.3 * docs(config): minor fixes gh#PyO3/maturin#3008 * fix: support maturin develop on Windows ARM with x86 Python gh#PyO3/maturin#3011 * fix: exclude external_packages bindings from uniffi wheels gh#PyO3/maturin#3013 * Update cargo-zigbuild to 0.22.1 gh#PyO3/maturin#3015 * feat: build wheels from sdist with --sdist flag gh#PyO3/maturin#3014 * feat: add include-import-lib option to bundle Windows import libraries in wheels gh#PyO3/maturin#3017 * fix: auditwheel external lib check respects musllinux and reports symbol versions gh#PyO3/maturin#3019 - Update to 1.12.2 * fix: allow absolute paths for --sbom-include gh#PyO3/maturin#3004 - Update to 1.12.1 * Add --sbom-include CLI argument for additional SBOM files gh#PyO3/maturin#2999 * fix: resolve include patterns relative to python-source for sdist and wheel gh#PyO3/maturin#3000 * feat: support including OUT_DIR assets in wheel builds gh#PyO3/maturin#3001 * add test case for uniffi with multiple crates gh#PyO3/maturin#2839 - Update to 1.12.0 * Update toml crates for toml 1.1 support gh#PyO3/maturin#2934 * Use a single location for MSRV gh#PyO3/maturin#2936 * Fix editable install for binary projects with Python modules gh#PyO3/maturin#2938 * Filter linked_paths by KIND and linked_libs gh#PyO3/maturin#2949 * Update bytes to 1.11.1 gh#PyO3/maturin#2960 * Normalize wheel distribution names to match the PyPA spec gh#PyO3/maturin#2954 * Allow build loongarch64 and riscv64 for musllinux gh#PyO3/maturin#2963 * Strip excluded cargo targets in sdist gh#PyO3/maturin#2964 * Normalize wheel RECORD paths (on Windows) gh#PyO3/maturin#2965 * Bump MSRV to 1.88.0 gh#PyO3/maturin#2966 * Support MATURIN_STRIP env var and --strip true/false to override pyproject.toml gh#PyO3/maturin#2968 * fix: copy bin artifacts before auditwheel repair to avoid rerun failures gh#PyO3/maturin#2969 ... changelog too long, skipping 53 lines ... gh#PyO3/maturin#2997 ==== python-requests ==== Version update (2.32.5 -> 2.33.0) - Update to 2.33.0 (bsc#1260589, CVE-2026-25645): - Announcements - Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. - Security - CVE-2026-25645 requests.utils.extract_zipped_paths now extracts * contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly. - Improvements - Migrated to a PEP 517 build system using setuptools. (#7012) - Bugfixes - Fixed an issue where an empty netrc entry could cause * malformed authentication to be applied to Requests on Python 3.11+. (#7205) - Deprecations - Dropped support for Python 3.9 following its end of support. (#7196) - Documentation - Various typo fixes and doc improvements. - Drop uneeded patch fix-chardet-RequestsDependencyWarning.patch ==== qt6-base ==== Version update (6.10.2 -> 6.11.0) Subpackages: libQt6Concurrent6 libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6OpenGLWidgets6 libQt6PrintSupport6 libQt6Sql6 libQt6Test6 libQt6WaylandClient6 libQt6Widgets6 libQt6WlShellIntegration6 libQt6Xml6 qt6-network-tls qt6-networkinformation-glib qt6-networkinformation-nm qt6-printsupport-cups qt6-sql-sqlite qt6-wayland - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released - Drop patches, merged upstream: * 0001-fix-slow-scrolling-on-wayland.patch * 0001-wayland-Fix-crash-in-QWaylandShmBackingStore-scroll.patch ==== qt6-declarative ==== Version update (6.10.2 -> 6.11.0) Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsPlatform6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsSynchronizer6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlMeta6 libQt6QmlModels6 libQt6QmlNetwork6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 libQt6QuickVectorImage6 libQt6QuickWidgets6 qt6-declarative-imports - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released - Drop patches, merged upstream: * 0001-QtQml-Fix-corner-cases-around-dead-contexts-in-AOT-a.patch * 0001-QtQml-Do-not-clear-objects-propertyCaches-on-last-GC.patch * 0001-QtQml-Handle-the-case-of-getFallbackMethod-returning.patch ==== qt6-imageformats ==== Version update (6.10.2 -> 6.11.0) - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released ==== qt6-location ==== Version update (6.10.2 -> 6.11.0) Subpackages: libQt6Location6 - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released ==== qt6-multimedia ==== Version update (6.10.2 -> 6.11.0) Subpackages: libQt6Multimedia6 libQt6MultimediaQuick6 libQt6MultimediaWidgets6 libQt6Quick3DSpatialAudio6 libQt6SpatialAudio6 qt6-multimedia-imports - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released ==== qt6-positioning ==== Version update (6.10.2 -> 6.11.0) Subpackages: libQt6Positioning6 libQt6PositioningQuick6 qt6-positioning-imports - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released ==== qt6-qt5compat ==== Version update (6.10.2 -> 6.11.0) Subpackages: libQt6Core5Compat6 qt6-qt5compat-imports - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released ==== qt6-quick3d ==== Version update (6.10.2 -> 6.11.0) Subpackages: libQt6Quick3D6 libQt6Quick3DAssetImport6 libQt6Quick3DAssetUtils6 libQt6Quick3DEffects6 libQt6Quick3DHelpers6 libQt6Quick3DHelpersImpl6 libQt6Quick3DParticleEffects6 libQt6Quick3DParticles6 libQt6Quick3DRuntimeRender6 libQt6Quick3DUtils6 libQt6Quick3DXr6 qt6-quick3d-imports - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released - Drop patch: * 0001-XR-fix-build-error-for-using-EGL-without-GL-ES.patch ==== qt6-quicktimeline ==== Version update (6.10.2 -> 6.11.0) - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released ==== qt6-shadertools ==== Version update (6.10.2 -> 6.11.0) - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released ==== qt6-speech ==== Version update (6.10.2 -> 6.11.0) Subpackages: libQt6TextToSpeech6 qt6-texttospeech - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released ==== qt6-svg ==== Version update (6.10.2 -> 6.11.0) - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released ==== qt6-tools ==== Version update (6.10.2 -> 6.11.0) Subpackages: libQt6UiTools6 qt6-tools-qdbus - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released - Add patches: * 0001-QDoc-Add-LLVM-22-implementation-to-QualTypeNames-for.patch * 0002-CMake-Add-LLVM-22-to-supported-QDoc-Clang-versions.patch ==== qt6-virtualkeyboard ==== Version update (6.10.2 -> 6.11.0) Subpackages: libQt6HunspellInputMethod6 libQt6VirtualKeyboard6 libQt6VirtualKeyboardQml6 qt6-virtualkeyboard-imports - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released ==== qt6-webchannel ==== Version update (6.10.2 -> 6.11.0) Subpackages: libQt6WebChannel6 libQt6WebChannelQuick6 qt6-webchannel-imports - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released ==== qt6-webengine ==== Version update (6.10.2 -> 6.11.0) Subpackages: libQt6WebEngineCore6 libQt6WebEngineQuick6 libQt6WebEngineWidgets6 qt6-webengine-imports - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released Based on Chromium version: 140.0.7339.264 Patched with security patches up to Chromium version: 146.0.7680.80 - Drop patch, merged upstream: * 0001-sandbox-Fix-build-with-glibc-2.43-and-above.patch ==== qt6-webview ==== Version update (6.10.2 -> 6.11.0) - Update to 6.11.0 https://www.qt.io/blog/qt-6.11-released ==== runc ==== Version update (1.4.0 -> 1.4.1) - Update to runc v1.4.1. Upstream changelog is available from . - runc.keyring has been updated to match the new version from upstream. ==== steam-devices ==== - Conditionally require selinux-policy-targeted-gaming on SELinux enabled systems (boo#1257456). ==== taglib ==== Version update (2.1.1 -> 2.2.1) - update to 2.2.1: * Support edition, chapter and attachment UIDs in Matroska simple tags. * Avoid duplicates in Matroska complex property keys. * Support for Matroska (MKA, MKV) and WebM files. * Support for NI STEM in MP4 files. * New method isDsd() in WavPack Properties. * Stricter verification of ID3v2 frames. * Fix setting the last header flag in Ogg FLAC files. * Fix reading of the last page in Ogg streams. * Avoid corrupting invalid Ogg FLAC files without Vorbis comment. * Windows: Support MP4 files with 64-bit atoms. * Fix use of property keys with non-ASCII characters in C bindings. * Fix building with Android NDK 29. - drop 0001-Do-not-warn-when-seeing-FLAC-picture-block-in-Ogg-fi.patch, 0002-Set-last-header-flag-in-FLAC-Metadata-block-type-fie.patch, 0003-Avoid-corrupting-an-invalid-FLAC-Ogg-file-without-Vo.patch, 0004-Fix-reading-of-last-page-in-ogg-stream.patch: upstream ==== xkeyboard-config ==== - Reintroduce /usr/share/xkeyboard-config-2/compiled symlink and remove it again from xkeyboard-config.tmpfiles; add /var dirs as ghosts to avoid having a dangling symlink (boo#1260803, boo#1256912, PED-14831)