Packages changed: aws-lc (1.68.0 -> 1.70.0) brltty (6.8 -> 6.9) container-selinux (2.246.0 -> 2.247.0) gimp (3.0.8 -> 3.2.0) grub2 kbd (2.7.1 -> 2.9.0) kirigami-addons6 (1.10.0 -> 1.12.0) libupnp (1.18.0 -> 1.18.3) nvidia-open-driver-G06-signed-cuda nvidia-open-driver-G07-signed nvidia-open-driver-G07-signed-cuda openSUSE-release (20260316 -> 20260317) ovmf pipewire (1.6.1 -> 1.6.2) python-cffi python-gssapi (1.10.1 -> 1.11.1) python-markdown-it-py (3.0.0 -> 4.0.0) python-requests python311 python311-core ruby4.0 (4.0.1 -> 4.0.2) === Details === ==== aws-lc ==== Version update (1.68.0 -> 1.70.0) Subpackages: libcrypto-awslc0 libssl-awslc0 - Update to version 1.70.0: * Cache peer CA names on client side after handshake * Add NULL checks for MakeUnique in SSL cipher list inheritance * Fix gRPC integration * Latent memory leaks in KEM_KEY setter functions * Fix PKCS8_decrypt to handle all negative pass_len values * Fix PKCS12_verify_mac OOB read with invalid password_len * Cleanup EVP_DH asn1 parsing * Add INT_MAX bounds check before EVP_CipherUpdate in PKCS8/PKCS12 encryption * Fix PKCS8_encrypt crash when pass is NULL with negative pass_len_in * IWYU: guard stdint.h in fips_shared_support.c * Use proper function type for different callback types * Zeroize intermediate values for ed25519 * Fix sizeof-on-pointer bugs in FIPS assertion failure messages * Remove dead declarations in public headers * TLS Transfer Serialization Findings * XOF fixes * Add a test that arbitrary curves can be wrapped in EVP_PKEY * Improve type safety and bounds checking in EVP cipher ctrl handlers * Fix uninitialized EVP_MD_CTX and harden bn_dup_into * Add ACVP Support for KAS-ECC * Add ACVP Support for KTS-IFC * Various Small Additions to ACVP Tool - Update to version 1.69.0: * Fix FIPS delocator handling of floating-point immediates on aarch64 * Fix link in README.md * Various PKCS7 fixups * Fix error reporting and document EC explicit params single-cert behaviour * Fix PKCS7 verify content memleak * Retain flag after custom critical extensions check * Update ACVP documentation * Fix error return values for no-op UI_xxx stub functions * Key state consistency in PQDSA_KEY setter functions * Simplify d2i_PKCS7 by removing redundant BER-to-DER conversion * Ensure all signer certificate chains are verified * Use CRYPTO_memcmp instead of OPENSSL_memcmp for tag verification * Return correct error value when parsing PKCS7 authenticated attributes fails ==== brltty ==== Version update (6.8 -> 6.9) Subpackages: brltty-driver-at-spi2 brltty-driver-brlapi brltty-driver-speech-dispatcher brltty-driver-xwindow brltty-lang libbrlapi0_8 python3-brlapi system-user-brltty xbrlapi - Update to version 6.9: + Too many changes; please read ChangeLog - API version is now 0.8.8. - Add brltty-handytech-crash-fix.patch: fix crash with some HandyTech displays via USB. ==== container-selinux ==== Version update (2.246.0 -> 2.247.0) - Update to version 2.247.0: * Allow user_u users to run podman containers * Allow staff_t and user_t to start podman.socket via systemd * Add missing type transitions for overlay-containers directories * container_t: allow listen on smc_socket * Condition ptrace permission on deny_ptrace boolean ==== gimp ==== Version update (3.0.8 -> 3.2.0) Subpackages: gimp-plugin-aa gimp-plugin-python3 libgimp-3_0-0 libgimpui-3_0-0 - Update to 3.2.0 https://www.gimp.org/news/2026/03/14/gimp-3-2-released/ - drop gimp-CVE-2026-2239.patch: included in update ==== grub2 ==== Subpackages: grub2-common grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-efi-bls - Fix RAID scenarios stopped being able to boot in Power (bsc#1259631) * 0001-mdraid1x-fix-raid_disks-decoding-on-big-endian-syste.patch ==== kbd ==== Version update (2.7.1 -> 2.9.0) Subpackages: libkbdfile1 libkeymap1 libkfont0 - Fix conversion of h and H fr-afnor xkb keymap (boo#1259269). - Replace setfont --quiet (kbd-setfont-quiet.patch) by upstream solution: add setfont --check that checks for setfont availability without logging errors (boo#1212970, kbd-setfont-check.patch). - Update to version 2.9.0: * keymaps: + Add Georgian font (LatCyrHebKa-16_GIA.psfu) and keymap (i386/qwerty/ge). + Add new i386 azerty afnor keymap (i386/azerty/fr-afnor). + Disable characters >=U+F000 in qwertz/de_alt_UTF-8 (drop kbd-unicode-fxxx.patch). + Add console keymap for Mac swiss german keyboards. * libkeymap: + Support KT_DEAD2 diacritics. + Fix memory leaks. * libkbdfile: + Detect archive type based on content. + Add support for decompressing files without using utilities. Use ELF_DLOPEN_METADATA if possible. * utils: + kbd_mode: support Disabled mode (K_OFF). + loadkeys: Add --tkeymap to dump the keymap as text. - Drop kbd-2.7.1-reproducible-gzip.patch, now handled by the upstream. ==== kirigami-addons6 ==== Version update (1.10.0 -> 1.12.0) Subpackages: kirigami-addons6-lang libKirigamiAddonsStatefulApp6 libKirigamiApp6 - Update to 1.12.0. No changelog ==== libupnp ==== Version update (1.18.0 -> 1.18.3) Subpackages: libixml11 libupnp20 - Update to release 1.18.3 * Fix crash when mixing ns and non-ns attributes during freeing ==== nvidia-open-driver-G06-signed-cuda ==== - add 'Provides: open-driver-non-cuda-variant = %version' for non-CUDA variant to be able to distinguish between both variants; to be used by nvidia-open-driver-G06-signed-kmp-meta for TW ... (boo#1259740) ==== nvidia-open-driver-G07-signed ==== - add 'Provides: open-driver-non-cuda-variant = %version' for non-CUDA variant to be able to distinguish between both variants; to be used by nvidia-open-driver-G07-signed-kmp-meta for TW ... ==== nvidia-open-driver-G07-signed-cuda ==== - add 'Provides: open-driver-non-cuda-variant = %version' for non-CUDA variant to be able to distinguish between both variants; to be used by nvidia-open-driver-G07-signed-kmp-meta for TW ... ==== openSUSE-release ==== Version update (20260316 -> 20260317) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== ovmf ==== Subpackages: qemu-ovmf-x86_64 - Update mbedtls to 3.6.5 to fix CVE-2025-59438 (bsc#1252441) - Requires Mbed TLS 3.6.5 or higher to mitigate vulnerability. ==== pipewire ==== Version update (1.6.1 -> 1.6.2) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-lang pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 1.6.2: * This is a bugfix release that is API and ABI compatible with the previous 1.6.x releases. * Highlights - Fix a potential crash when the wrong memory was freed. - Fix a optimization with shared memory over some links that could cause errors later on. - Fix SOFA filter and default control input in LADSPA and LV2. - Some other small fixes and improvements. * PipeWire - Remove an optimization to skip share mem in links, it causes problems later on. (#5159 (closed)) * Modules - Don't try to free invalid memory or close invalid fds when the client aborted before allocating buffer memory. (#5162 (closed)) * SPA - support ACP_IGNORE_DB in udev. - Use 0x as a prefix for hex values. - Mark Props as write-only in libcamera. - Small optimization in the audio mixer. - Fix initialization of control properties for SOFA and biquads in the filter-graph. (#5152 (closed)) - Fix min/max default values for LADSPA and LV2. * JACK - Fix jack_port_type_id(). Return values that are compatible with JACK1/2. ==== python-cffi ==== Subpackages: python311-cffi python313-cffi - Add patch support-pycparser-3.patch: * Support pycparser 3 exception message changes. ==== python-gssapi ==== Version update (1.10.1 -> 1.11.1) - update to 1.11.1: * Add Free-Threading and Limited API/Stable ABI * Fix up classifier from typo - update to 1.11.0: * Add Free-Threading and Limited API/Stable ABI * Bug: This was never pushed to PyPI due to a bug in the `setup.py` classifiers. The `v1.11.1` release contains the same changes here. ==== python-markdown-it-py ==== Version update (3.0.0 -> 4.0.0) - update to 4.0.0: * This primarily drops support for Python 3.9, adds support for Python 3.13, * and updates the parser to comply with Commonmark 0.31.2 and Markdown-It v14.1.0. * Improve performance of "text" inline rule in #347 * Use `str.removesuffix` in #348 * limit the number of autocompleted cells in a table in #364 * fix quadratic complexity in reference parser in #367 * Fix emphasis inside raw links bugs in #320 ==== python-requests ==== Subpackages: python311-requests python313-requests - Add fix-chardet-RequestsDependencyWarning.patch * Fix RequestsDependencyWarning with chardet (6.0.0dev0) on Factory/TW (gh#psf/requests#7219) (gh#psf/requests#7220) (gh#psf/requests#7239) ==== python311 ==== Subpackages: python311-curses python311-dbm python311-x86-64-v3 - Add CVE-2026-2297-SourcelessFileLoader-io_open_code.patch ensuring that `SourcelessFileLoader` uses `io.open_code` when opening `.pyc` files (bsc#1259240, CVE-2026-2297). ==== python311-core ==== Subpackages: libpython3_11-1_0 libpython3_11-1_0-x86-64-v3 python311-base python311-base-x86-64-v3 - Add CVE-2026-2297-SourcelessFileLoader-io_open_code.patch ensuring that `SourcelessFileLoader` uses `io.open_code` when opening `.pyc` files (bsc#1259240, CVE-2026-2297). ==== ruby4.0 ==== Version update (4.0.1 -> 4.0.2) Subpackages: libruby4_0-4_0 - Update to 4.0.2 This is a routine update that includes a bugfix in YJIT for NoMethodError on Puma. - Bug #21941: Local variable becomes nil when YJIT enabled mid-method with fork/signal/ensure - Ruby - Ruby Issue Tracking System - Bug #21832: segfault with argument forwarding, when combined with splat & positional arg - Ruby - Ruby Issue Tracking System - Bug #21723: binding.irb raises a LoadError under bundle exec when Gemfile contains path: or git: - Ruby - Ruby Issue Tracking System - Bug #21847: Backport syntax_suggest 2.0.3 to supported branches - Ruby - Ruby Issue Tracking System - Bug #21866: Backport Fix for integer overflow checks in enumerator - Ruby - Ruby Issue Tracking System - Bug #21865: Crash on signal raise - Ruby - Ruby Issue Tracking System - Bug #21842: Encoding of rb_interned_str - Ruby - Ruby Issue Tracking System - Bug #21838: Rails seeing degradation (20% slowdown) related to Revision 079ef92b "Implement global allocatable slots and empty pages" (from Sep 5 2024) - Ruby - Ruby Issue Tracking System - Bug #21873: UnboundMethod#== returns false for methods from included/extended modules - Ruby - Ruby Issue Tracking System - ZJIT: Avoid runtime exceptions from RubyVM::ZJIT.stats_string by k0kubun ยท Pull Request #16139 - Bug #21931: GC Crash in String#% (backport 726205b354d1068147719fb42e1de743f1838ef1) - Ruby - Ruby Issue Tracking System - Bug #21944: "Cannot allocate memory" with M:N threads or Ractors on a low RAM Linux machine - Ruby - Ruby Issue Tracking System - Bug #21946: and? predicate confused for leading and keyword - Ruby - Ruby Issue Tracking System - Bug #21927: Prism: misleading error message for forwarding in lambda argument - Ruby - Ruby Issue Tracking System - Bug #21925: Prism misparses standalone "in" pattern matching in "case/in" - Ruby - Ruby Issue Tracking System - Bug #21828: An incorrect warning message related to benchmark is shown when using benchmark-ips - Ruby - Ruby Issue Tracking System - Bug #21917: Unable to build 4.0.1 on AIX 7.2 - Ruby - Ruby Issue Tracking System - Bug #21945: Ripper lexes newline between identifier and and? as ignored newline - Ruby - Ruby Issue Tracking System - Bug #21947: Timeout.timeout doesn't use Timeout::ExitException when Fiber scheduler is in use. - Ruby - Ruby Issue Tracking System - Bug #21926: Thread#value on popen3 wait thread hangs in finalizer - Ruby - Ruby Issue Tracking System - Bug #21880: The ultra_safe mode of pstore bundled with Ruby 4.0 is broken. - Ruby - Ruby Issue Tracking System - Bug #21097: x = a rescue b in c and def f = a rescue b in c parsed differently between parse.y and prism - Ruby - Ruby Issue Tracking System