Packages changed:
  AppStream (1.0.4 -> 1.0.5)
  AppStream-qt6 (1.0.4 -> 1.0.5)
  Box2D
  Mesa (25.0.4 -> 25.0.5)
  Mesa-drivers (25.0.4 -> 25.0.5)
  MozillaFirefox (137.0.2 -> 138.0)
  PackageKit-Qt6 (1.1.1 -> 1.1.2)
  aaa_base (84.87+git20250410.71df276 -> 84.87+git20250429.1cad3bc)
  apache-commons-logging (1.3.4 -> 1.3.5)
  at-spi2-core (2.56.1 -> 2.56.2)
  augeas
  ayatana-ido (0.10.2 -> 0.10.4)
  blog (2.34 -> 2.35)
  btrfsprogs
  busybox
  cnf
  container-selinux (2.236.0 -> 2.237.0)
  coreutils
  coreutils-systemd
  crypto-policies
  cyrus-imapd
  dhcp
  ethtool
  fdupes (2.3.1 -> 2.4.0)
  firewalld
  fuse3 (3.17.1 -> 3.17.2)
  gcc14 (14.2.1+git11321 -> 14.2.1+git11702)
  gcc15 (15.0.1+git9352 -> 15.1.1+git9595)
  gdb (15.2 -> 16.3)
  gimp
  glib2-branding-openSUSE
  glslang (15.2.0 -> 15.3.0)
  gnome-music (48.beta+25 -> 48.beta+31)
  gnome-shell
  gnutls
  grub2
  gstreamer (1.26.0 -> 1.26.1)
  gstreamer-plugins-bad (1.26.0 -> 1.26.1)
  gstreamer-plugins-base (1.26.0 -> 1.26.1)
  gstreamer-plugins-good (1.26.0 -> 1.26.1)
  hwdata (0.393 -> 0.394)
  iptables
  java-21-openjdk (21.0.6.0 -> 21.0.7.0)
  jemalloc
  jitterentropy (3.4.1 -> 3.6.3)
  kernel-firmware-amdgpu
  kernel-firmware-ath10k
  kernel-firmware-ath11k (20250227 -> 20250424)
  kernel-firmware-ath12k (20250206 -> 20250424)
  kernel-firmware-atheros
  kernel-firmware-bluetooth
  kernel-firmware-bnx2
  kernel-firmware-brcm
  kernel-firmware-chelsio
  kernel-firmware-dpaa2
  kernel-firmware-i915
  kernel-firmware-intel
  kernel-firmware-iwlwifi (20250312 -> 20250423)
  kernel-firmware-liquidio
  kernel-firmware-marvell
  kernel-firmware-media (20250422 -> 20250424)
  kernel-firmware-mediatek
  kernel-firmware-mellanox
  kernel-firmware-mwifiex
  kernel-firmware-network
  kernel-firmware-nfp
  kernel-firmware-nvidia
  kernel-firmware-platform
  kernel-firmware-prestera
  kernel-firmware-qcom
  kernel-firmware-qlogic
  kernel-firmware-radeon
  kernel-firmware-realtek
  kernel-firmware-serial
  kernel-firmware-sound
  kernel-firmware-ti
  kernel-firmware-ueagle
  kernel-firmware-usb-network
  kernel-source (6.14.3 -> 6.14.4)
  libavif (1.1.1 -> 1.2.1)
  libeconf (0.7.7 -> 0.7.8)
  libedit (20210910.3.1 -> 20250104.3.1)
  libgcrypt
  libgpg-error (1.54 -> 1.55)
  libheif (1.19.7 -> 1.19.8)
  liblogging
  libnftnl
  libqt5-qtwebengine
  libraw (0.21.3 -> 0.21.4)
  libsoup
  libsoup2
  libssh
  libxkbcommon (1.8.1 -> 1.9.0)
  libzip
  libzypp (17.36.6 -> 17.36.7)
  lilv
  lua54
  mariadb-connector-c
  mozilla-nss (3.109 -> 3.110)
  ncurses (6.5.20250412 -> 6.5.20250426)
  nghttp2 (1.64.0 -> 1.65.0)
  open-vm-tools
  openSUSE-release (20250423 -> 20250503)
  openssh (9.9p2 -> 10.0p2)
  openssh-askpass-gnome (9.9p2 -> 10.0p2)
  openssl-3 (3.2.4 -> 3.5.0)
  openssl (3.2.4 -> 3.5.0)
  orca
  postfix (3.10.1 -> 3.10.2)
  publicsuffix (20250407 -> 20250424)
  python-M2Crypto (0.44.0 -> 0.45.1)
  python-MarkupSafe (2.1.5 -> 3.0.2)
  python-gevent (24.10.3 -> 25.4.2)
  python-greenlet (3.1.1 -> 3.2.1)
  python-h11 (0.14.0 -> 0.16.0)
  python-httpcore (1.0.8 -> 1.0.9)
  python-hyperframe (6.0.1 -> 6.1.0)
  python-pycares (4.6.0 -> 4.6.1)
  python-pylsqpack (0.3.19 -> 0.3.20)
  python311
  python311-core
  python313 (3.13.2 -> 3.13.3)
  python313-core (3.13.2 -> 3.13.3)
  qt6-declarative
  rpm
  sane-backends
  sdbootutil (1+git20250421.7ffd25a -> 1+git20250430.f7d1ad1)
  selinux-policy (20250411 -> 20250429)
  sqlite3
  texlive
  unbound (1.22.0 -> 1.23.0)
  webrtc-audio-processing-1
  wtmpdb (0.73.0+git20250408.edb8638 -> 0.74.0+git20250424.2e93e77)
  xfce4-pulseaudio-plugin (0.5.0 -> 0.5.1)
  yast2-journal (5.0.1 -> 5.0.2)
  yast2-trans (84.87.20250416.5cd9324ae2 -> 84.87.20250422.c1fec29547)
  zypper (1.14.88 -> 1.14.89)

=== Details ===

==== AppStream ====
Version update (1.0.4 -> 1.0.5)
Subpackages: libappstream5

- Update to 1.0.5
  Features:
  * qt: Expose markup conversion utils
  * desktop-styles: Add android and iOS
  * validator: Check for xml:lang="en" being used on description
    template elements
  * validator: Flag cases of raw text in "description" elements
  * metadata: Add more known extensions into
    as_metadata_file_guess_style()
  Specification:
  * docs: Clarify that the style segment of a screenshot
    environment is optional
  * docs: Explain consequences of defining an icon for
    desktop-app metainfo
  * docs: Clarify that description content must be in p/li
    elements
  Bugfixes:
  * validator: mark as_validator_issue_tag_list static
  * docs: Add workaround for gi-docgen misnaming devhelp files
  * compose: Do not permit SVG images as screenshots
  * compose: Don't "forget" to scan remaining paths when
    re-encountering a dir
  * pool: Try explicit singular term match if we only have
    low-quality tokens
  * utils: Provide compatibility with Fedora icon tarballs when
    installing them
  * utils: Remove leftover g_chmod()
  * zstd-decompressor: Pass output/written data when decompression
    finished
  * utils: Expect a dash in icons file name
  * utils: Recognize .yml* and .yaml* file extension variants,
    and .zst extension
  * utils: Rename the appstream file when re-saving it on install

==== AppStream-qt6 ====
Version update (1.0.4 -> 1.0.5)

- Update to 1.0.5
  Features:
  * qt: Expose markup conversion utils
  * desktop-styles: Add android and iOS
  * validator: Check for xml:lang="en" being used on description
    template elements
  * validator: Flag cases of raw text in "description" elements
  * metadata: Add more known extensions into
    as_metadata_file_guess_style()
  Specification:
  * docs: Clarify that the style segment of a screenshot
    environment is optional
  * docs: Explain consequences of defining an icon for
    desktop-app metainfo
  * docs: Clarify that description content must be in p/li
    elements
  Bugfixes:
  * validator: mark as_validator_issue_tag_list static
  * docs: Add workaround for gi-docgen misnaming devhelp files
  * compose: Do not permit SVG images as screenshots
  * compose: Don't "forget" to scan remaining paths when
    re-encountering a dir
  * pool: Try explicit singular term match if we only have
    low-quality tokens
  * utils: Provide compatibility with Fedora icon tarballs when
    installing them
  * utils: Remove leftover g_chmod()
  * zstd-decompressor: Pass output/written data when decompression
    finished
  * utils: Expect a dash in icons file name
  * utils: Recognize .yml* and .yaml* file extension variants,
    and .zst extension
  * utils: Rename the appstream file when re-saving it on install

==== Box2D ====

- Drop BuildRequires: glew-devel as it is not used for build

==== Mesa ====
Version update (25.0.4 -> 25.0.5)
Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1

- Update to release 25.0.5
  - -> https://docs.mesa3d.org/relnotes/25.0.5

==== Mesa-drivers ====
Version update (25.0.4 -> 25.0.5)
Subpackages: Mesa-dri Mesa-gallium Mesa-libva Mesa-vulkan-device-select libvulkan_lvp

- Update to release 25.0.5
  - -> https://docs.mesa3d.org/relnotes/25.0.5

==== MozillaFirefox ====
Version update (137.0.2 -> 138.0)
Subpackages: MozillaFirefox-branding-upstream

- Mozilla Firefox 138.0
  https://www.mozilla.org/en-US/firefox/138.0/releasenotes/
  MFSA 2025-28 (bsc#1241621)
  * CVE-2025-2817 (bmo#1917536)
    Privilege escalation in Firefox Updater
  * CVE-2025-4082 (bmo#1937097)
    WebGL shader attribute memory corruption in Firefox for macOS
  * CVE-2025-4083 (bmo#1958350)
    Process isolation bypass using "javascript:" URI links in
    cross-origin frames
  * CVE-2025-4085 (bmo#1915280)
    Potential information leakage and privilege escalation in
    UITour actor
  * CVE-2025-4086 (bmo#1945705)
    Specially crafted filename could be used to obscure download
    type
  * CVE-2025-4087 (bmo#1952465)
    Unsafe attribute access during XPath parsing
  * CVE-2025-4088 (bmo#1953521)
    Cross-site request forgery via storage access API redirects
  * CVE-2025-4089 (bmo#1949994, bmo#1956698, bmo#1960198)
    Potential local code execution in "copy as cURL" command
  * CVE-2025-4090 (bmo#1929478)
    Leaked library paths in Firefox for Android
  * CVE-2025-4091 (bmo#1951161, bmo#1952105)
    Memory safety bugs fixed in Firefox 138, Thunderbird 138,
    Firefox ESR 128.10, and Thunderbird 128.10
  * CVE-2025-4092 (bmo#1924108, bmo#1950780, bmo#1959367)
    Memory safety bugs fixed in Firefox 138 and Thunderbird 138
- requires NSS 3.110
- rebased patches

==== PackageKit-Qt6 ====
Version update (1.1.1 -> 1.1.2)

- Update to 1.1.2
  * offline: Make sure we allow for interactive authorization
  * Allow Transaction::setHints before the transaction has started
  * Fix check for PackageKit D-Bus specs
  * Add missing info enum values

==== aaa_base ====
Version update (84.87+git20250410.71df276 -> 84.87+git20250429.1cad3bc)
Subpackages: aaa_base-extras

- Update to version 84.87+git20250429.1cad3bc:
  * Remove alias "you" (boo#1242011)
- Update to version 84.87+git20250425.1664836:
  * Fix bug boo#1241205 by adding missed endif
  * alias.bash: future-proof egrep/fgrep color aliases

==== apache-commons-logging ====
Version update (1.3.4 -> 1.3.5)

- Upgrade to 1.3.5
  * Fixed Bugs
    + Javadoc is missing its Overview page.
    + Remove -nouses directive from maven-bundle-plugin. OSGi
    package imports now state 'uses' definitions for package
    imports, this doesn't affect JPMS (from
    org.apache.commons:commons-parent:80).
  * Changes
    + Bump org.apache.commons:commons-parent from 72 to 81 #285,
    [#287], #295, #298, #303, #310, #339.
    + Bump org.apache.commons:commons-lang3 from 3.16.0 to 3.17.0
    [#288] [test].
    + Bump log4j2.version from 2.23.1 to 2.24.3 #292, #299, #319,
    [#328].
  * Removed:
    + Remove "cobertura" plugin use JaCoco, Cobertura is
    unmaintained.

==== at-spi2-core ====
Version update (2.56.1 -> 2.56.2)
Subpackages: libatk-1_0-0 libatk-bridge-2_0-0 libatspi0 typelib-1_0-Atk-1_0 typelib-1_0-Atspi-2_0

- Update to version 2.56.2:
  + Fix the build with glib < 2.76.
  + a11y-manager-device: Fix unmap_keysym_modifier.

==== augeas ====
Subpackages: augeas-bash-completion augeas-lenses libaugeas0 libfa1

- Add patch, fix for bsc#1239909 / CVE-2025-2588:
  * CVE-2025-2588.patch

==== ayatana-ido ====
Version update (0.10.2 -> 0.10.4)

- Update to version 0.10.4:
  * src/idoscalemenuitem.c: Disable menu item selection
  * src/idoscalemenuitem.c: Add ability to close the menu when the
    slider's value changes.
- Update to version 0.10.3:
  * src/idoswitchmenuitem.c: Allow the switch to display an
    accelerator.

==== blog ====
Version update (2.34 -> 2.35)
Subpackages: libblogger2

- Update to version 2.35
  * Make s390 3215 console work that is use EPOLLOUT|EPOLLONESHOT
    to control if we can write to ttyS0 in nonblocking mode and if
    not reenable EPOLLOUT|EPOLLONESHOT.
  * At boot set for ttyS0 via vmcp API nonblocking MORE mode with
    `0 0'.  It beeps but boots.
- Remove patches now upstream
  * blog-3215.patch
  * blog-install.patch

==== btrfsprogs ====
Subpackages: btrfsprogs-bash-completion btrfsprogs-udev-rules libbtrfs0 libbtrfsutil1

- Fix name clash of parse_range between common/parse-utils.c and
  libblkid.a from util-linux-2.41
  (btrfsprogs-libblkid-static-lib-clash.patch).

==== busybox ====
Subpackages: busybox-static

- fix regression in hexdump that broke kernel build:
  * busybox-1.37.0-fix-regression-n2.patch
- fix build/tests and hexdump on big endian systems (S390):
  * busybox-1.37.0-hexdump-fix-regression-for-uint16-on-big-endian-syst.patch
  * busybox-1.37.0-od-make-B-test-little-endian-only-add-variant-for-bi.patch
  * busybox-1.37.0-hexdump-add-tests-for-x-handle-little-big-endian-pro.patch

==== cnf ====
Subpackages: cnf-bash

- Fix Obsolete of a scout-command-not-found to <= 0.2.9

==== container-selinux ====
Version update (2.236.0 -> 2.237.0)

- Update to version 2.237.0:
  * bootc/install_t: allow transition to container_runtime_t
  * Allow containers to mask parts of their /proc

==== coreutils ====

- coreutils-i18n.patch: update gnulib mbchar+mbfile to the commit
  used by coreutils-9.7:
    https://git.sv.gnu.org/cgit/gnulib.git/commit/?id=41e7b7e0d
    mainly to pick up these commits:
  - c67c553e758 mbfile: Support pushback characters also right before EOF.
  - 87ee7ef66ee mbfile: Allow 2 pushback characters.

==== coreutils-systemd ====

- coreutils-i18n.patch: update gnulib mbchar+mbfile to the commit
  used by coreutils-9.7:
    https://git.sv.gnu.org/cgit/gnulib.git/commit/?id=41e7b7e0d
    mainly to pick up these commits:
  - c67c553e758 mbfile: Support pushback characters also right before EOF.
  - 87ee7ef66ee mbfile: Allow 2 pushback characters.

==== crypto-policies ====
Subpackages: crypto-policies-scripts

- Update crypto-policies-enable-SHA1-sigver-in-DEFAULT.patch

==== cyrus-imapd ====
Subpackages: cyradm libcyrus0 perl-Cyrus-Annotator perl-Cyrus-IMAP perl-Cyrus-SIEVE-managesieve

- CVE-2025-23394: cyrus-imapd: daily-backup.sh allows escalation from
  cyrus to root (bsc#1241536)
  Adapt backup-cyrus.service to run as user cyrus:mail

==== dhcp ====
Subpackages: dhcp-client dhcp-relay dhcp-server

- Add compile option '-std=gnu17' to fix build with gcc15.
  [bsc#1241472]

==== ethtool ====
Subpackages: ethtool-bash-completion

- fix AppStream metainfo XML file
  * misc-fix-AppStream-metainfo-XML.patch

==== fdupes ====
Version update (2.3.1 -> 2.4.0)

- Update to 2.4.0:
  * Add quick summary option that skips byte-for-byte match confirmation.
  * Reduce number of progress indicator updates for better performance.
- Update to 2.3.2:
  * Keep cursor as close to current group as possible after deleting files.

==== firewalld ====
Subpackages: firewalld-bash-completion python3-firewall

- Split the package to build the firewalld-rpmmacros subpackage in
  a _multibuild flavor so that we can build it in Factory/i586 by
  itself instead of building the whole package, which has more
  dependencies (like python-PyQt6).

==== fuse3 ====
Version update (3.17.1 -> 3.17.2)
Subpackages: libfuse3-4

- Updae to release 3.17.2
  * Fixed initialization races related to buffer reallocation when
    large buf sizes are used (/proc/sys/fs/fuse/max_pages_limit).
  * A conn.want flag conversion fix for high-level applications.

==== gcc14 ====
Version update (14.2.1+git11321 -> 14.2.1+git11702)

- Add gcc14-pr108900.patch to revert it, fixing libqt6webengine build.
- Update to gcc-14 branch head, 3418d740b344e0ba38022f3be, git11702
  * Remove gcc14-pr118780.patch now on the upstream branch
- Fix build on s390x [bsc#1241549]

==== gcc15 ====
Version update (15.0.1+git9352 -> 15.1.1+git9595)
Subpackages: cpp15 libasan8 libatomic1 libgcc_s1 libgccjit0 libgfortran5 libgomp1 libhwasan0 libitm1 liblsan0 libobjc4 libstdc++6 libstdc++6-pp libtsan2 libubsan1

- Update to GCC 15 branch head, 15.1.1+git9595
  * includes GCC 15.1 release
- Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs
  for the AMD GCN offload compiler when llvm is new enough.
- Build the COBOL frontend also for risc-v
- Add loongarch64 to quadmath_arch

==== gdb ====
Version update (15.2 -> 16.3)

- Mention fixup-gdb-6.5-gcore-buffer-limit-test.patch.
- Mention changes in GDB 16:
  * GDB now supports watchpoints for tagged data pointers (see
    https://en.wikipedia.org/wiki/Tagged_pointer) on amd64, such
    as the one used by the Linear Address Masking (LAM) feature
    provided by Intel.
  * Debugging support for Intel MPX has been removed.  This
    includes the removal of:
  * MPX register support
  * the commands "show/set mpx bound" (deprecated since GDB 15)
  * i386 and amd64 implementation of the hooks report_signal_info
    and get_siginfo_type.
  * GDB now supports printing of asynchronous events from the
    Intel Processor Trace during 'record instruction-history',
    'record function-call-history' and all stepping commands.
    This can be controlled with the new "set record btrace pt
    event-tracing" command.
  * GDB now supports printing of ptwrite payloads from the Intel
    Processor Trace during 'record instruction-history', 'record
    function-call-history' and all stepping commands.  The payload
    is also accessible in Python as a RecordAuxiliary object.
    Printing is customizable via a ptwrite filter function in
    Python.  By default, the raw ptwrite payload is printed for
    each ptwrite that is encountered.
  * For breakpoints that are created in the 'pending' state, any
    'thread' or 'task' keywords are parsed at the time the
    breakpoint is created, rather than at the time the breakpoint
    becomes non-pending.
  * Thread-specific breakpoints are only inserted into the
    program space in which the thread of interest is running.
    In most cases program spaces are unique for each inferior,
    so this means that thread-specific breakpoints will usually
    only be inserted for the inferior containing the thread of
    interest.  The breakpoint will be hit no less than before.
  * For ARM targets, the offset of the pc in the jmp_buf has
    been fixed to match glibc 2.20 and later.  This should only
    matter when not using libc probes.  This may cause breakage
    when using an incompatible libc, like uclibc or newlib, or
    an older glibc.
  * MTE (Memory Tagging Extension) debugging is now supported on
    AArch64 baremetal targets.
  * In a record session, when a forward emulation reaches the end
    of the reverse history, the warning message has been changed
    to indicate that the end of the history has been reached.  It
    also specifies that the forward execution can continue, and
    the recording will also continue.
  * The Ada 'Object_Size attribute is now supported.
  * New bash script gstack uses GDB to print stack traces of
    running processes.
  * Python API:
  * Added gdb.record.clear.  Clears the trace data of the
    current recording.  This forces re-decoding of the trace for
    successive commands.
  * Added the new event source gdb.tui_enabled.
  * New module gdb.missing_objfile that facilitates dealing with
    missing objfiles when opening a core-file.
  * New function gdb.missing_objfile.register_handler that can
    register an instance of a sub-class of
    gdb.missing_debug.MissingObjfileHandler as a handler for
    missing objfiles.
  * New class gdb.missing_objfile.MissingObjfileHandler which
    can be sub-classed to create handlers for missing objfiles.
  * The 'signed' argument to gdb.Architecture.integer_type()
    will no longer accept non-bool types.
  * The gdb.MICommand.installed property can only be set to True
    or False.
  * The 'qualified' argument to gdb.Breakpoint constructor will
    no longer accept non-bool types.
  * Added the gdb.Symbol.is_artificial attribute.
  * Debugger Adapter Protocol changes:
  * The "scopes" request will now return a scope holding global
    variables from the stack frame's compilation unit.
  * The "scopes" request will return a "returnValue" scope
    holding the return value from the latest "stepOut" command,
    when appropriate.
  * The "launch" and "attach" requests were rewritten in
    accordance with some clarifications to the spec.  Now they
    can be sent at any time after the "initialized" event, but
    will not take effect (or send a response) until after the
    "configurationDone" request has been sent.
  * The "variables" request will not return artificial symbols.
  * New commands:
  * show jit-reader-directory
    Show the name of the directory that "jit-reader-load" uses
    for relative file names.
  * set style line-number foreground COLOR
    set style line-number background COLOR
    set style line-number intensity VALUE
    Control the styling of line numbers printed by GDB.
  * set style command foreground COLOR
    set style command background COLOR
    set style command intensity VALUE
    Control the styling of GDB commands when displayed by GDB.
  * set style title foreground COLOR
    set style title background COLOR
    set style title intensity VALUE
    This style now applies to the header line of lists, for
    example the first line of the output of "info breakpoints".
    Previous uses of this style have been replaced with the new
    ... changelog too long, skipping 120 lines ...
  * gdb-rhbz-818343-set-solib-absolute-prefix-testcase.patch

==== gimp ====
Subpackages: gimp-plugin-aa gimp-plugin-python3 libgimp-3_0-0 libgimpui-3_0-0

- Added libheif-aom dependency to AVIF support (boo#1241553).

==== glib2-branding-openSUSE ====

- Update defaults to match current situation:
  + Remove banshee preference: banshee has not been shipped since
    2016.
  + Add Loupe to the preferred applications for images
  + Do not use Eog by default. As it's alphabetically before
    Loupe, Eog would always win the way it was listed (when
    installed).
  + Explicitly set image/tiff to org.gnome.Loupe as Eog is no
    longer part of the default installations.

==== glslang ====
Version update (15.2.0 -> 15.3.0)

- Update to release 15.3
  * Fix crash calling coopMatLoadTensorNV on an array element
  * Implement GL_EXT_bfloat16
  * Add missing error checks for bfloat16 math

==== gnome-music ====
Version update (48.beta+25 -> 48.beta+31)

- Update to version 48.beta+31:
  + Remove useless GIRepository import.
  + Updated translations.

==== gnome-shell ====
Subpackages: gnome-extensions gnome-shell-calendar

- Drop gnome-shell-executable-path-not-absolute.patch: The original
  patch did not work as expected, and assuming gsettings is in the
  bin dir of gnome-shell is not correct, so keep relative path
  (bsc#1241666).

==== gnutls ====
Subpackages: libgnutls-dane0 libgnutls30

- Fix FIPS mode running on Tumbleweed [bsc#1237101]
  * When nettle or libhogweed are installed with glbic-hwcaps for x86_64-v3,
    some paths differ and we are unable to match the hmac file for the lib.
  * Add gnutls-FIPS-HMAC-x86_64-v3-opt.patch

==== grub2 ====
Subpackages: grub2-arm64-efi grub2-common grub2-snapper-plugin grub2-systemd-sleep-plugin

- grub2-common: use fuse3
- Add support for boot assessment, needed by health-checker
  * grub2-bls-boot-counting.patch
  * grub2-bls-boot-assessment.patch
  * grub2-bls-boot-show-snapshot.patch
  * grub2-blscfg-fix-hang.patch
  * grub2-blscfg-set-efivars.patch
- Fix reading bls fragments in file-system dependent order that is not
  predictable (bsc#1241046)
  * 0001-blscfg-read-fragments-in-order.patch
- Fix PPC CAS reboot failure work when initiated via submenu (bsc#1241132)
  * 0001-Fix-PowerPC-CAS-reboot-to-evaluate-menu-context.patch

==== gstreamer ====
Version update (1.26.0 -> 1.26.1)
Subpackages: gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0

- Update to version 1.26.1:
  + Highlighted bugfixes:
  - awstranslate and speechmatics plugin improvements
  - decodebin3 fixes and urisourcebin/playbin3 stability
    improvements
  - Closed captions: CEA-708 generation and muxing fixes, and
    H.264/H.265 caption extractor fixes
  - dav1d AV1 decoder: RGB support, plus colorimetry,
    renegotiation and buffer pool handling fixes
  - Fix regression when rendering VP9 with alpha
  - H.265 decoder base class and caption inserter SPS/PPS
    handling fixes
  - hlssink3 and hlsmultivariantsink feature enhancements
  - Matroska v4 support in muxer, seeking fixes in demuxer
  - macOS: framerate guessing for cameras or capture devices
    where the OS reports silly framerates
  - MP4 demuxer uncompressed video handling improvements and
    sample table handling fixes
  - oggdemux: seeking improvements in streaming mode
  - unixfdsrc: fix gst_memory_resize warnings
  - Plugin loader fixes, especially for Windows
  - QML6 GL source renegotiation fixes
  - RTP and RTSP stability fixes
  - Thread-safety improvements for the Media Source Extension
    (MSE) library
  - v4l2videodec: fix A/V sync issues after decoding errors
  - Various improvements and fixes for the fragmented and
    non-fragmented MP4 muxers
  - Video encoder base class segment and buffer timestamp
    handling fixes
  - Video time code support for 119.88 fps and
    drop-frames-related conversion fixes
  - WebRTC: Retransmission entry creation fixes and better audio
    level header extension compatibility
  - YUV4MPEG encoder improvments
  - dots-viewer: make work locally without network access
  - gst-python: fix compatibility with PyGObject >= 3.52.0
  - Cerbero: recipe updates, compatibility fixes for Python <
    3.10; Windows Android cross-build improvements
  - Various bug fixes, build fixes, memory leak fixes, and other
    stability and reliability improvements
  + gstreamer:
  - Correctly handle whitespace paths when executing
    gst-plugin-scanner
  - Ensure properties are freed before (re)setting with
    g_value_dup_string() and during cleanup
  - cmake: Fix PKG_CONFIG_PATH formatting for Windows
    cross-builds
  - macos: Move macos function documentation to the .h so the
    introspection has the information
  - meson.build: test for and link against libatomic if it exists
  - pluginloader-win32: Fix helper executable path under devenv
  - pluginloader: fix pending_plugins Glist use-after-free issue
  - unixfdsrc: Complains about resize of memory area
  - tracers: dots: fix debug log

==== gstreamer-plugins-bad ====
Version update (1.26.0 -> 1.26.1)
Subpackages: libgstadaptivedemux-1_0-0 libgstanalytics-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstinsertbin-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstmse-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0

- Update to version 1.26.1:
  + Add missing Requires in pkg-config
  + Ensure properties are freed before (re)setting with
    g_value_dup_string() and during cleanup
  + Update docs
  + aja: Use the correct location of the AJA NTV2 SDK in the docs
  + alphacombine: De-couple flush-start/stop events handling
  + alphadecodebin: use a multiqueue instead of a couple of queues
  + avfvideosrc: Guess reasonable framerate values for some 3rd
    party devices
  + codecalpha: name both queues
  + d3d12converter: Fix cropping when automatic mipmap is enabled
  + dashsink: Make sure to use a non-NULL pad name when requesting
    a pad from splitmuxsink
  + docs: Fix GstWebRTCICE* class documentation
  + h264ccextractor, h265ccextractor: Handle gap with unknown pts
  + h265decoder, h265ccinserter: Fix broken SPS/PPS link
  + h265parser: Fix num_long_term_pics bound check
  + Segmentation fault in H265 decoder
  + h266decoder: fix leak parsing SEI messages
  + meson.build: test for and link against libatomic if it exists
  + mse: Improved Thread Safety of API
  + mse: Revert ownership transfer API change in
    gst_source_buffer_append_buffer()
  + tensordecoders: updating element classification
  + unixfd: Fix wrong memory size when offset > 0
  + uvcsink: Respond to control requests with proper error handling
  + v4l2codecs: unref frame in all error paths of end_picture
  + va: Skip codecs that report maximum width or height lower than
    minimum
  + vapostproc: fix wrong video orientation after restarting the
    element
  + vavp9enc: fix mem leaks in _vp9_decide_profile
  + vkformat: fix build error
  + vtenc: Avoid deadlocking when changing properties on the fly
  + vulkan: fix memory leak at dynamic registering
  + webrtc: enhance rtx entry creation
  + webrtcbin: add missing warning for caps missmatch
  + ZDI-CAN-26596: New Vulnerability Report (Security)
- Drop va-codecs-check-size.patch: Fixed upstream.
- Drop cuda_nvdec conditional, builds fine for aarch64/armv7 now.

==== gstreamer-plugins-base ====
Version update (1.26.0 -> 1.26.1)
Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0

- Update to version 1.26.1:
  + Ensure properties are freed before (re)setting with
    g_value_dup_string() and during cleanup
  + alsadeviceprovider: Fix leak of Alsa longname
  + audioaggregator: fix error added in !8416 when chaining up
  + audiobasesink: Fix custom slaving driftsamples calculation and
    add custom audio clock slaving callback example
  + decodebin3:
  - Don't avoid parsebin even if we have a matching decoder
  - Doesn't plug parsebin for AAC from tsdemux
  + gl: eglimage: warn the reason of export failure
  + glcolorconvert:
  - Fix YUVA<->RGBA conversions
  - Regression when rendering alpha vp9
  + gldownload: Unref glcontext after usage
  + meson.build: test for and link against libatomic if it exists
  + oggdemux: Don't push new packets if there is a pending seek
  + urisourcebin:
  - Make parsebin activation more reliable
  - Deadlock between parsebin and typefind
  + videoencoder: Use the correct segment and buffer timestamp in
    the chain function
  + videotimecode: Fix conversion of timecode to datetime with
    drop-frame timecodes and handle 119.88 fps correctly in all
    places

==== gstreamer-plugins-good ====
Version update (1.26.0 -> 1.26.1)
Subpackages: gstreamer-plugins-good-gtk

- Update to version 1.26.1:
  + Ensure properties are freed before (re)setting with
    g_value_dup_string() and during cleanup
  + gst-plugins-good: Matroska mux v4 support
  + matroska-demux: Prevent corrupt cluster duplication
  + qml6glsrc: update buffer pool on renegotiation
  + qt6: Add a missing newline in unsupported platform message
  + qtdemux:
  - Fix stsc size check in qtdemux_merge_sample_table()
  - Next Iteration Of Uncompressed MP4 Decoder
  - Unref simple caps after use
  + rtspsrc:
  - Do not emit signal 'no-more-pads' too early
  - Don't error out on not-linked too early
  + rtpsession:
  - Do not push events while holding SESSION_LOCK
  - Deadlock when gst_rtp_session_send_rtcp () is forwarding eos
  + v4l2: drop frame for frames that cannot be decoded
  + v4l2videodec: AV unsync for streams with many frames that
    cannot be decoded
  + v4l2object:
  - Fix memory leak
  - Fix type mismatch when ioctl takes int
  + y4menc:
  - Fix Y41B format
  - Handle frames with GstVideoMeta

==== hwdata ====
Version update (0.393 -> 0.394)

- Update to version 0.394:
  * Update pci and vendor ids

==== iptables ====
Subpackages: libip4tc2 libip6tc2 libxtables12 xtables-plugins

- Remove legacy backend from SLES16

==== java-21-openjdk ====
Version update (21.0.6.0 -> 21.0.7.0)
Subpackages: java-21-openjdk-headless

- Update to upstream tag jdk-21.0.7+6 (April 2025 CPU)
  * CVEs
    + CVE-2025-21587, bsc#1241274
    + CVE-2025-30691, bsc#1241275
    + CVE-2025-30698, bsc#1241276
  * Changes
    + JDK-8198237: [macos] Test java/awt/Frame/
    /ExceptionOnSetExtendedStateTest/
    /ExceptionOnSetExtendedStateTest.java fails
    + JDK-8211851: (ch) java/nio/channels/AsynchronousSocketChannel/
    /StressLoopback.java times out (aix)
    + JDK-8226933: [TEST_BUG]GTK L&F: There is no swatches or RGB
    tab in JColorChooser
    + JDK-8226938: [TEST_BUG]GTK L&F: There is no Details button in
    FileChooser Dialog
    + JDK-8227529: With malformed --app-image the error messages
    are awful
    + JDK-8277240: java/awt/Graphics2D/ScaledTransform/
    /ScaledTransform.java dialog does not get disposed
    + JDK-8283664: Remove jtreg tag manual=yesno for
    java/awt/print/PrinterJob/PrintTextTest.java
    + JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit
    access thread fields from native
    + JDK-8293345: SunPKCS11 provider checks on PKCS11 Mechanism
    are problematic
    + JDK-8294316: SA core file support is broken on macosx-x64
    starting with macOS 12.x
    + JDK-8295159: DSO created with -ffast-math breaks Java
    floating-point arithmetic
    + JDK-8302111: Serialization considerations
    + JDK-8304701: Request with timeout aborts later in-flight
    request on HTTP/1.1 cxn
    + JDK-8309841: Jarsigner should print a warning if an entry is
    removed
    + JDK-8311546: Certificate name constraints improperly
    validated with leading period
    + JDK-8312570: [TESTBUG] Jtreg compiler/loopopts/superword/
    /TestDependencyOffsets.java fails on 512-bit SVE
    + JDK-8313633: [macOS] java/awt/dnd/NextDropActionTest/
    /NextDropActionTest.java fails with java.lang.RuntimeException:
    wrong next drop action!
    + JDK-8313905: Checked_cast assert in CDS compare_by_loader
    + JDK-8314752: Use google test string comparison macros
    + JDK-8314909: tools/jpackage/windows/Win8282351Test.java fails
    with java.lang.AssertionError: Expected [0]. Actual [1618]:
    + JDK-8315486: vmTestbase/nsk/jdwp/ThreadReference/
    /ForceEarlyReturn/forceEarlyReturn002/forceEarlyReturn002.java
    timed out
    + JDK-8315825: Open some swing tests
    + JDK-8315882: Open some swing tests 2
    + JDK-8315883: Open source several Swing JToolbar tests
    + JDK-8315952: Open source several Swing JToolbar JTooltip
    JTree tests
    + JDK-8316056: Open source several Swing JTree tests
    + JDK-8316146: Open some swing tests 4
    + JDK-8316149: Open source several Swing JTree JViewport
    KeyboardManager tests
    + JDK-8316218: Open some swing tests 5
    + JDK-8316371: Open some swing tests 6
    + JDK-8316627: JViewport Test headless failure
    + JDK-8316885: jcmd: Compiler.CodeHeap_Analytics cmd does not
    inform about missing aggregate
    + JDK-8317283: jpackage tests run osx-specific checks on
    windows and linux
    + JDK-8317636: Improve heap walking API tests to verify
    correctness of field indexes
    + JDK-8317808: HTTP/2 stream cancelImpl may leave subscriber
    registered
    + JDK-8317919: pthread_attr_init handle return value and
    destroy pthread_attr_t object
    + JDK-8319233: AArch64: Build failure with clang due to
  - Wformat-nonliteral warning
    + JDK-8320372: test/jdk/sun/security/x509/DNSName/
    /LeadingPeriod.java validity check failed
    + JDK-8320676: Manual printer tests have no Pass/Fail buttons,
    instructions close set 1
    + JDK-8320691: Timeout handler on Windows takes 2 hours to
    complete
    + JDK-8320706: RuntimePackageTest.testUsrInstallDir test fails
    on Linux
    + JDK-8320916: jdk/jfr/event/gc/stacktrace/
    /TestParallelMarkSweepAllocationPendingStackTrace.java failed
    with "OutOfMemoryError: GC overhead limit exceeded"
    + JDK-8321818: vmTestbase/nsk/stress/strace/strace015.java
    failed with 'Cannot read the array length because "<local4>"
    is null'
    + JDK-8322983: Virtual Threads: exclude 2 tests
    + JDK-8324672: Update jdk/java/time/tck/java/time/
    /TCKInstant.java now() to be more robust
    + JDK-8324807: Manual printer tests have no Pass/Fail buttons,
    instructions close set 2
    + JDK-8324838: test_nmt_locationprinting.cpp broken in the gcc
    windows build
    + JDK-8325042: Remove unused JVMDITools test files
    + JDK-8325529: Remove unused imports from `ModuleGenerator`
    test file
    + JDK-8325659: Normalize Random usage by incubator vector tests
    + JDK-8325937: runtime/handshake/HandshakeDirectTest.java
    causes "monitor end should be strictly below the frame
    ... changelog too long, skipping 347 lines ...
    + rediff

==== jemalloc ====

- Add fix_make_check_with_gcc15.patch to make the testsuite pass
  despite new GCC malloc-related optimizations. [boo#1240665]

==== jitterentropy ====
Version update (3.4.1 -> 3.6.3)

- Update to 3.6.3: [bsc#1242050]
  * Correct time stamp processing on AIX
  * Use high-resolution time stamp on Apple Silicon
  * GCD power-up test: consider OSR
  * Remove patches fixed in the update:
  - jitterentropy-fix-a-stack-corruption-on-s390x.patch
  * Rebase patches:
  - jitterentropy-split-internal-header.patch
  - jitterentropy-with-debug.patch
- Update to 3.6.2:
  * Fix RCT re-initialization in jent_read_entropy_safe
  * simplify test code
  * improve keyword portability
- Update to 3.6.1:
  * Add more test code
  * Add support for SunPRO compiler
  * Fix compilation on OpenBSD by replacing sed with tr
  * internal timer: Add support for Apple
  * Various small fixes to compilation to imporve portability
- Update to 3.6.0:
  * Remove bi-modal behavior of conditioning function
  * Make jent_read_entropy_safe safer by retrying the health test
  * Move the version information to make them available at compile time
- Update to 3.5.0:
  * add distinction between intermittent and permanent health failure
  * add compile time option to allow configuring a mask to reduce the
    size of the time stamp used for the APT

==== kernel-firmware-amdgpu ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-firmware-ath10k ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-firmware-ath11k ====
Version update (20250227 -> 20250424)

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.
- Update to version 20250424 (git commit c8af472e05cb):
  * ath11k: WCN6855 hw2.0: update board-2.bin
  * ath11k: IPQ5018 hw1.0: update to WLAN.HK.2.6.0.1-01300-QCAHKSWPL_SILICONZ-1

==== kernel-firmware-ath12k ====
Version update (20250206 -> 20250424)

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.
- Update to version 20250424 (git commit c8af472e05cb):
  * ath12k: WCN7850 hw2.0: update to WLAN.HMT.1.1.c5-00284-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3
  * ath12k: QCN9274 hw2.0: update board-2.bin

==== kernel-firmware-atheros ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-firmware-bluetooth ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-firmware-bnx2 ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-firmware-brcm ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-firmware-chelsio ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-firmware-dpaa2 ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-firmware-i915 ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-firmware-intel ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-firmware-iwlwifi ====
Version update (20250312 -> 20250423)

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.
- Update to version 20250423 (git commit c67433231cbd):
  * iwlwifi: add Bz/gl FW for core95-82 release
  * iwlwifi: update ty/So/Ma firmwares for core95-82 release
  * iwlwifi: update cc/Qu/QuZ firmwares for core95-82 release
- Update to version 20250422 (git commit 32f3227b67c0):
  * iwlwifi: add Bz-hr FW for core93-123 release

==== kernel-firmware-liquidio ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-firmware-marvell ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-firmware-media ====
Version update (20250422 -> 20250424)

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.
- Update to version 20250424 (git commit c8af472e05cb):
  * qcom: vpu: update video firmware binary for SA8775p

==== kernel-firmware-mediatek ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-firmware-mellanox ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-firmware-mwifiex ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-firmware-network ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-firmware-nfp ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-firmware-nvidia ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-firmware-platform ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-firmware-prestera ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-firmware-qcom ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-firmware-qlogic ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-firmware-radeon ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-firmware-realtek ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-firmware-serial ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-firmware-sound ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-firmware-ti ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-firmware-ueagle ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-firmware-usb-network ====

- Change conflicts filesystem < 84 to conflicts filesystem without
  may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
  16 uses Version 16; yet we need to ensure we get an up-to-date
  version of filesystem. Relying on the recently introduced provides
  instructing zypp about the usrmerge is perfect for this use case.

==== kernel-source ====
Version update (6.14.3 -> 6.14.4)
Subpackages: kernel-64kb kernel-default

- Linux 6.14.4 (bsc#1012628).
- scsi: hisi_sas: Enable force phy when SATA disk directly
  connected (bsc#1012628).
- wifi: at76c50x: fix use after free access in at76_disconnect
  (bsc#1012628).
- wifi: mac80211: Update skb's control block key in
  ieee80211_tx_dequeue() (bsc#1012628).
- wifi: mac80211: Purge vif txq in ieee80211_do_stop()
  (bsc#1012628).
- wifi: brcmfmac: fix memory leak in brcmf_get_module_param
  (bsc#1012628).
- wifi: wl1251: fix memory leak in wl1251_tx_work (bsc#1012628).
- scsi: iscsi: Fix missing scsi_host_put() in error path
  (bsc#1012628).
- scsi: smartpqi: Use is_kdump_kernel() to check for kdump
  (bsc#1012628).
- md/raid10: fix missing discard IO accounting (bsc#1012628).
- md/md-bitmap: fix stats collection for external bitmaps
  (bsc#1012628).
- ASoC: dwc: always enable/disable i2s irqs (bsc#1012628).
- ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe()
  (bsc#1012628).
- crypto: tegra - Fix IV usage for AES ECB (bsc#1012628).
- ovl: remove unused forward declaration (bsc#1012628).
- RDMA/bnxt_re: Fix budget handling of notification queue
  (bsc#1012628).
- RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe()
  (bsc#1012628).
- RDMA/hns: Fix wrong maximum DMA segment size (bsc#1012628).
- ALSA: hda/cirrus_scodec_test: Don't select dependencies
  (bsc#1012628).
- ALSA: hda/realtek - Fixed ASUS platform headset Mic issue
  (bsc#1012628).
- ASoC: cs42l43: Reset clamp override on jack removal
  (bsc#1012628).
- RDMA/core: Silence oversized kvmalloc() warning (bsc#1012628).
- firmware: cs_dsp: test_bin_error: Fix uninitialized data used
  as fw version (bsc#1012628).
- Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for
  invalid address (bsc#1012628).
- Bluetooth: btrtl: Prevent potential NULL dereference
  (bsc#1012628).
- Bluetooth: l2cap: Check encryption key size on incoming
  connection (bsc#1012628).
- RDMA/bnxt_re: Remove unusable nq variable (bsc#1012628).
- ipv6: add exception routes to GC list in rt6_insert_exception
  (bsc#1012628).
- xen: fix multicall debug feature (bsc#1012628).
- mlxbf-bootctl: use sysfs_emit_at() in
  secure_boot_fuse_state_show() (bsc#1012628).
- wifi: iwlwifi: pcie: set state to no-FW before reset handshake
  (bsc#1012628).
- Revert "wifi: mac80211: Update skb's control block key in
  ieee80211_tx_dequeue()" (bsc#1012628).
- igc: fix PTM cycle trigger logic (bsc#1012628).
- igc: increase wait time before retrying PTM (bsc#1012628).
- igc: move ktime snapshot into PTM retry loop (bsc#1012628).
- igc: handle the IGC_PTP_ENABLED flag correctly (bsc#1012628).
- igc: cleanup PTP module if probe fails (bsc#1012628).
- igc: add lock preventing multiple simultaneous PTM transactions
  (bsc#1012628).
- perf tools: Remove evsel__handle_error_quirks() (bsc#1012628).
- dt-bindings: soc: fsl: fsl,ls1028a-reset: Fix maintainer entry
  (bsc#1012628).
- smc: Fix lockdep false-positive for IPPROTO_SMC (bsc#1012628).
- test suite: use %zu to print size_t (bsc#1012628).
- selftests: mincore: fix tmpfs mincore test failure
  (bsc#1012628).
- pds_core: fix memory leak in pdsc_debugfs_add_qcq()
  (bsc#1012628).
- ethtool: cmis_cdb: use correct rpl size in
  ethtool_cmis_module_poll() (bsc#1012628).
- net: mctp: Set SOCK_RCU_FREE (bsc#1012628).
- net: hibmcge: fix incorrect pause frame statistics issue
  (bsc#1012628).
- net: hibmcge: fix incorrect multicast filtering issue
  (bsc#1012628).
- net: hibmcge: fix wrong mtu log issue (bsc#1012628).
- net: hibmcge: fix not restore rx pause mac addr after reset
  issue (bsc#1012628).
- block: fix resource leak in blk_register_queue() error path
  (bsc#1012628).
- netlink: specs: ovs_vport: align with C codegen capabilities
  (bsc#1012628).
- net: openvswitch: fix nested key length validation in the set()
  action (bsc#1012628).
- can: rockchip_canfd: fix broken quirks checks (bsc#1012628).
- net: ngbe: fix memory leak in ngbe_probe() error path
  (bsc#1012628).
- octeontx2-pf: handle otx2_mbox_get_rsp errors (bsc#1012628).
- net: ethernet: ti: am65-cpsw: fix port_np reference counting
  (bsc#1012628).
- eth: bnxt: fix missing ring index trim on error path
  (bsc#1012628).
- loop: aio inherit the ioprio of original request (bsc#1012628).
- loop: stop using vfs_iter_{read,write} for buffered I/O
  (bsc#1012628).
- nvmet: pci-epf: always fully initialize completion entries
  (bsc#1012628).
    ... changelog too long, skipping 328 lines ...
- commit f04c2d4

==== libavif ====
Version update (1.1.1 -> 1.2.1)

- Disable tests due to restrictions in Factory/ring1.
- Temporary deactivation of the generation of manual pages
  with pandoc due to restrictions in Factory/ring1.
  (https://build.opensuse.org/request/show/1272161#comment-2136811)
- update to 1.2.1:
  * Added since 1.2.0
  - Add support for outputting all frames of an image sequence in avifdec.
  - avifdec --index all sequence.avif out.png creates files named
  - out-xxxxxxxxxx.png where xxxxxxxxxx are the zero-padded frame indices.
  * Changed since 1.2.0
  - Fix local libargparse dependency patch step on macOS 10.15 and earlier.
  - Patch local libyuv dependency for compatibility with gcc 10.
  - Use stricter C99 syntax to avoid related compilation issues.
  - Update svt.cmd/svt.sh/LocalSvt.cmake to v3.0.1.
- update to 1.2.0:
  * Added since 1.1.1
  - Turn on the gain map API. Remove the AVIF_ENABLE_EXPERIMENTAL_GAIN_MAP CMake
    flag.
  - Allow YCgCo_Re and YCgCo_Ro encoding/decoding and update the enum values to
    the latest CICP specification. Remove the AVIF_ENABLE_EXPERIMENTAL_YCGCO_R
    CMake flag.
  - Add the properties and numProperties fields to avifImage. They are filled by
    the avifDecoder instance with the properties unrecognized by libavif. They are
    written by the avifEncoder.
  - Add avif(Un)SignedFraction structs and avifDoubleTo(Un)SignedFraction
    utility functions.
  - Add 'avifgainmaputil' command line tool to installed apps.
  - Add avifCropRectRequiresUpsampling().
  - Add experimental support for PixelInformationProperty syntax from HEIF 3rd Ed.
    Amd2 behind the compilation flag AVIF_ENABLE_EXPERIMENTAL_EXTENDED_PIXI.
  - Add experimental Sample Transform recipe
    BIT_DEPTH_EXTENSION_12B_8B_OVERLAP_4B.
  * Changed since 1.1.1
  - avifenc: Allow large images to be encoded.
  - Fix empty CMAKE_CXX_FLAGS_RELEASE if -DAVIF_CODEC_AOM=LOCAL -DAVIF_LIBYUV=OFF
    is specified. #2365.
  - Rename AVIF_ENABLE_EXPERIMENTAL_METAV1 to AVIF_ENABLE_EXPERIMENTAL_MINI and
    update the experimental reduced header feature to the latest specification
    draft. Rename AVIF_HEADER_REDUCED to AVIF_HEADER_MINI.
  - Update the experimental Sample Transform feature behind the
    AVIF_ENABLE_EXPERIMENTAL_SAMPLE_TRANSFORM CMake flag to the latest
    specification draft.
  - Ignore gain maps with unsupported metadata. Handle gain maps with
    writer_version > 0 correctly.
  - Simplify gain map API: remove the enableParsingGainMapMetadata setting, now
    gain map metadata is always parsed if present and if this feature is compiled
    in. Replace enableDecodingGainMap and ignoreColorAndAlpha with a bit field to
    choose image content to decode. Remove gainMapPresent: users can check if
    decoder->image->gainMap != NULL instead. Remove avifGainMapMetadata and
    avifGainMapMetadataDouble structs.
  - Write an empty HandlerBox name field instead of "libavif" (saves 7 bytes).
  - Check for FileTypeBox precedence in avifParse().
  - Do not write an alternative group with the same ID as an item.
  - Update aom.cmd/LocalAom.cmake: v3.12.0. The new codec-specific option tune=iq
    (image quality) is added in libaom v3.12.0.
  - Update parseAV2SequenceHeader() and avm.cmd: research-v9.0.0
  - Update dav1d.cmd/dav1d_android.sh/LocalDav1d.cmake: 1.5.1
  - Update libjpeg.cmd/LocalJpeg.cmake: v3.0.4
  - Update libxml2.cmd/LocalLibXml2.cmake: v2.13.5
  - Update libyuv.cmd: ccdf87034 (1903)
  - Update svt.cmd/svt.sh/LocalSvt.cmake to v3.0.0. When available, use
    EbSvtAv1EncConfiguration::lossless and ::level_of_parallelism in libavif.
  - Remove AVIF_ENABLE_GTEST CMake option. It's now implied by
    AVIF_GTEST=LOCAL/SYSTEM.
  - Deprecate avifEncoder's minQuantizer, maxQuantizer, minQuantizerAlpha,
    and maxQuantizerAlpha fields. quality and qualityAlpha should be used
    instead. Deprecate avifenc's --min, --max, --minalpha and --maxalpha
    flags. -q or --qcolor and --qalpha should be used instead.
  - For dependencies, the deprecated way of setting AVIF_LOCAL_* to ON is
    removed. Dependency options can now only be set to OFF/LOCAL/SYSTEM.
  - Change the default quality for alpha to be the same as the quality for color.
  - Allow decoding subsampled images with odd Clean Aperture dimensions or offsets.
  - Deprecate avifCropRectConvertCleanApertureBox() and
    avifCleanApertureBoxConvertCropRect(). Replace them with
    avifCropRectFromCleanApertureBox() and avifCleanApertureBoxFromCropRect().
  - Write descriptive properties before transformative properties.
  - Reject non-essential transformative properties.
  - Treat avifenc --stdin as a regular positional file path argument.
  - Update man pages based on avifenc/dec's --help message.
  - android_jni: Support 16kb page size
  - android_jni: Set threads to 2 instead of CPU count
  - Fix overflows when dealing with alpha during YUV/RGB conversions and in
    avifRGBImageAllocatePixels().
  - Make avifEncoder.headerFormat a flag combination for future features.
  - Rename AVIF_HEADER_FULL to AVIF_HEADER_DEFAULT. Deprecate AVIF_HEADER_FULL.
  - Fix decoding image sequences with non video tracks (such as audio or subtitles).
  - Fix type checking of auxiliary tracks: previously any auxiliary track was
    assumed to be alpha, even if it was a different type. If the aux type is absent,
    it is assumed to be alpha.
- Add libargparse-ee74d1b53bd680748af14e737378de57e2a0a954.tar.gz
- Add %check/tests
- Add man pages

==== libeconf ====
Version update (0.7.7 -> 0.7.8)

- Update to version 0.7.8:
  * Fix memory access if there are a comment character inside a comment.

==== libedit ====
Version update (20210910.3.1 -> 20250104.3.1)

- update to 20250104:
  * all: sync with upstream source
  * doc/Makefile.am: fix regression.  Name all manpage links as
    el_* (e.g. el_history.3) to avoid conflicts.
  * src/chartype.c: Add missing stdint.h
  * src/sys.h, src/reallocarr.c: Remove unused sys/cdefs.h
    include, to compile against musl libc
  * src/sys.h: Add __sun guard around sys/types.h in sys.h
- drop libedit-20180525-manpage-conflicts.patch and
  libedit-hidden-symbols.patch: upstreamed
- no need for autoreconf and it's BuildRequires:

==== libgcrypt ====

- Differentiate use of SHA1 in the service level indicator [jsc#PED-12227]
  * Include upstream SLI revamp and fips certification fixes
  * Add patches:
  - libgcrypt-fips-Introduce-an-internal-API-for-FIPS-service-indicator.patch
  - libgcrypt-fips-Introduce-GCRYCTL_FIPS_SERVICE_INDICATOR-and-the-macro.patch
  - libgcrypt-fips-kdf-Implement-new-FIPS-service-indicator-for-gcry_kdf_derive.patch
  - libgcrypt-fips-md-Implement-new-FIPS-service-indicator-for-gcry_md_hash_.patch
  - libgcrypt-fips-tests-Add-t-digest.patch
  - libgcrypt-fips-Change-the-internal-API-for-new-FIPS-service-indicator.patch
  - libgcrypt-fips-md-Implement-new-FIPS-service-indicator-for-gcry_md_open-API.patch
  - libgcrypt-fips-tests-Add-tests-for-md_open-write-read-close-for-t-digest.patch
  - libgcrypt-fips-mac-Implement-new-FIPS-service-indicator-for-gcry_mac_open.patch
  - libgcrypt-fips-cipher-Implement-new-FIPS-service-indicator-for-cipher_open.patch
  - libgcrypt-tests-fips-Add-gcry_mac_open-tests.patch
  - libgcrypt-tests-fips-Rename-t-fips-service-ind.patch
  - libgcrypt-tests-fips-Move-KDF-tests-to-t-fips-service-ind.patch
  - libgcrypt-tests-fips-Add-gcry_cipher_open-tests.patch
  - libgcrypt-fips-md-gcry_md_copy-should-care-about-FIPS-service-indicator.patch
  - libgcrypt-fips-cipher-Implement-FIPS-service-indicator-for-gcry_pk_hash_-API.patch
  - libgcrypt-fips-Introduce-GCRYCTL_FIPS_REJECT_NON_FIPS.patch
  - libgcrypt-Fix-the-previous-change.patch
  - libgcrypt-fips-Rejection-by-GCRYCTL_FIPS_REJECT_NON_FIPS-not-by-open-flags.patch
  - libgcrypt-fips-cipher-Add-behavior-not-to-reject-but-mark-non-compliant.patch
  - libgcrypt-fips-ecc-Add-rejecting-or-marking-for-gcry_pk_get_curve.patch
  - libgcrypt-tests-Add-more-tests-to-tests-t-fips-service-ind.patch
  - libgcrypt-fips-ecc-Check-DATA-in-gcry_pk_sign-verify-in-FIPS-mode.patch
  - libgcrypt-fips-cipher-Fix-memory-leak-for-gcry_pk_hash_sign.patch
  - libgcrypt-build-Improve-__thread-specifier-check.patch
  - libgcrypt-cipher-Check-and-mark-non-compliant-cipher-modes-in-the-SLI.patch
  - libgcrypt-cipher-Rename-_gcry_cipher_is_mode_fips_compliant.patch
  - libgcrypt-cipher-Don-t-differentiate-GCRY_CIPHER_MODE_CMAC-in-FIPS-mode.patch
  - libgcrypt-cipher-rsa-Mark-reject-SHA1-unknown-with-RSA-signature-generation.patch
  - libgcrypt-md-Fix-gcry_md_algo_info-to-mark-reject-under-FIPS-mode.patch
  - libgcrypt-md-Use-check_digest_algo_spec-in-_gcry_md_selftest.patch
  - libgcrypt-tests-Update-t-fips-service-ind-using-GCRY_MD_SHA256-for-KDF-tests.patch
  - libgcrypt-fips-cipher-Do-the-computation-when-marking-non-compliant.patch
  - libgcrypt-tests-Allow-tests-with-USE_RSA.patch
  - libgcrypt-cipher-Add-KAT-for-non-rfc6979-ECDSA-with-fixed-k.patch
  - libgcrypt-cipher-Differentiate-use-of-label-K-in-the-SLI.patch
  - libgcrypt-cipher-Differentiate-igninvflag-in-the-SLI.patch
  - libgcrypt-cipher-Differentiate-no-blinding-flag-in-the-SLI.patch
  - libgcrypt-fips-cipher-Add-GCRY_FIPS_FLAG_REJECT_PK_FLAGS.patch
  - libgcrypt-cipher-ecc-Fix-for-supplied-K.patch
  - libgcrypt-cipher-visibility-Differentiate-use-of-random-override-in-the-SLI.patch
  - libgcrypt-cipher-fips-Fix-for-random-override.patch
  - libgcrypt-md-Make-SHA-1-non-FIPS-internally-for-1.12-API.patch
  - libgcrypt-fips-Fix-GCRY_FIPS_FLAG_REJECT_MD.patch
  - libgcrypt-doc-Add-about-GCRYCTL_FIPS_SERVICE_INDICATOR.patch
  - libgcrypt-doc-Fix-syntax-error.patch
  * Rebase patches:
  - libgcrypt-FIPS-SLI-kdf-leylength.patch

==== libgpg-error ====
Version update (1.54 -> 1.55)

- Update to 1.55:
  * Rewrite the extended length path handling under Windows. [T5754]
  * Add new test commands to the gpg-error tool. Allow command w/o
    dashes and reformat the help. [rEc002490a8f]
  * Silence warning from gcc 15. [T7621]

==== libheif ====
Version update (1.19.7 -> 1.19.8)
Subpackages: gdk-pixbuf-loader-libheif libheif-aom libheif-dav1d libheif-ffmpeg libheif-jpeg libheif-openjpeg libheif-rav1e libheif-svtenc libheif1

- update to 1.19.8:
  * Set essential flag for transformative properties as required by
    MIAF. This fixes the display of AVIF images with transformations
    encoded by libheif in Chrome, which checks whether this flag is
    set. This mainly affected images encoded by ImageMagick.
  * If the environment variable LIBHEIF_SECURITY_LIMITS is set to OFF,
    libheif will not check any security limits. This can be used if a
    user works with large images and the application software does not
    allow to adjust the libheif security limits.
  * Resolved processing 16-bit JPEG-2000

==== liblogging ====

- Compile with gcc15 instead of gcc14
  * gcc14 is not availalbe in the Leap16 codestream

==== libnftnl ====

- Update signing key to 0x8C5F7146A1757A65E2422A94D70D1A666ACF2B21,
  which is currently used to sign the latest tarballs including
  version 1.2.9.

==== libqt5-qtwebengine ====

- Add some backported upstream changes to fix gcc-15 compile time
  errors:
  * qtwebengine-5.15.18-gcc15-cstdint.patch

==== libraw ====
Version update (0.21.3 -> 0.21.4)

- version update to 0.21.4
  * additional checks in PhaseOne correction tag 0x412 processing
  * Do not apply canon metadata crop to DNG files
  * Make sure the profile_length is the same size as the allocated memory.
  * fix: remove duplicated supported camera
  * check split_col/split_row values in phase_one_correct
  * Prevent out-of-bounds read in fuji 0xf00c tag parser
  * prevent OOB reads in phase_one_correct
- modified sources
  % baselibs.conf
- fixes:
  * CVE-2025-43964 [bsc#1241584]
  * CVE-2025-43962 [bsc#1241585]
  * CVE-2025-43961 [bsc#1241643]
  * CVE-2025-43963 [bsc#1241642]

==== libsoup ====
Subpackages: libsoup-3_0-0 typelib-1_0-Soup-3_0

- Add libsoup-CVE-2025-32907.patch: correct merge of ranges
  (boo#1241222 CVE-2025-32907 glgo#GNOME/libsoup!452).

==== libsoup2 ====

- Add more CVE fixes:
  + c9083869.patch (boo#1241686 CVE-2025-46420)
  + libsoup-CVE-2025-32914.patch (boo#1241164 CVE-2025-32914)
  + libsoup-CVE-2025-32907.patch (boo#1241222 CVE-2025-32907)
  + libsoup-CVE-2025-46421.patch (boo#1241688 CVE-2025-46421)

==== libssh ====
Subpackages: libssh-config libssh4

- Fix build and tests with OpenSSH >= 10.0
  * Use %make_build instead of naked make
  * Add patches:
  - libssh-CmakeLists-Fix-multiple-digit-major-version-for-OpenSSH.patch
  - libssh-misc-Fix-OpenSSH-banner-parsing.patch

==== libxkbcommon ====
Version update (1.8.1 -> 1.9.0)
Subpackages: libxkbcommon-x11-0 libxkbcommon0 libxkbregistry0

- Update to release 1.9.0
  * keysyms can now be written as just Unicode strings, including
    multi-keysyms.
  * Added support for new `<none>`, `<some>` and `<any>` wildcard
    syntax in rules files.
  * Added support for a new escaping format for Unicode, `\u{NNNN}`.

==== libzip ====

- Fix libzip-devel dependencies. libzip-targets*.cmake create
  CMake targets for zipcmp, zipmerge and ziptool.

==== libzypp ====
Version update (17.36.6 -> 17.36.7)

- fixed build with boost 1.88.
- XmlReader: Fix detection of bad input streams (fixes #635)
  libxml2 2.14 potentially reads the complete stream, so it may
  have the 'eof' bit set. Which is not 'good' but also not 'bad'.
- rpm: Fix detection of %triggerscript starts (bsc#1222044)
- RepoindexFileReader: add more <repo> related attributes a
  service may set.
  Add optional attributes gpgcheck, repo_gpgcheck, pkg_gpgcheck,
  keeppackages, gpgkey, mirrorlist, and metalink with the same
  semantic as in a .repo file.
- version 17.36.7 (35)

==== lilv ====

- Rework the way the preferred python flavor is used as prefix so
  it also works with Slowroll
- Add BuildRequires for pkgconfig(zix) which was pulled in
  indirectly but is actually required since 0.24.22.
- Generate the python subpackage with the python flavored prefix
  it's being used instead of always using python3

==== lua54 ====

- Fix license: it is MIT, not GPL-3.0-or-later.

==== mariadb-connector-c ====

- add patches from upstream to fix gcc-15 compile time errors:
  * mariadb-connector-c-3.4.5-gcc15.patch
  * mariadb-connector-c-3.4.5-gcc15-part2.patch

==== mozilla-nss ====
Version update (3.109 -> 3.110)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-sysinit mozilla-nss-tools

- update to NSS 3.110
  * bmo#1930806 - FIPS changes need to be upstreamed: force ems policy
  * bmo#1954724 - Prevent excess allocations in sslBuffer_Grow
  * bmo#1953429 - Remove Crl templates from ASN1 fuzz target
  * bmo#1953429 - Remove CERT_CrlTemplate from ASN1 fuzz target
  * bmo#1952855 - Fix memory leak in NSS_CMSMessage_IsSigned
  * bmo#1930807 - NSS policy updates
  * bmo#1951161 - Improve locking in nssPKIObject_GetInstances
  * bmo#1951394 - Fix race in sdb_GetMetaData
  * bmo#1951800 - Fix member access within null pointer
  * bmo#1950077 - Increase smime fuzzer memory limit
  * bmo#1949677 - Enable resumption when using custom extensions
  * bmo#1952568 - change CN of server12 test certificate
  * bmo#1949118 - Part 2: Add missing check in
    NSS_CMSDigestContext_FinishSingle
  * bmo#1949118 - Part 1: Fix smime UBSan errors
  * bmo#1930806 - FIPS changes need to be upstreamed: updated key checks
  * bmo#1951491 - Don't build libpkix in static builds
  * bmo#1951395 - handle `-p all` in try syntax
  * bmo#1951346 - fix opt-make builds to actually be opt
  * bmo#1951346 - fix opt-static builds to actually be opt
  * bmo#1916439 - Remove extraneous assert
- Removed upstreamed nss-fips-stricter-dh.patch
- Added bmo1962556.patch to fix test failures
- Rebased nss-fips-approved-crypto-non-ec.patch nss-fips-combined-hash-sign-dsa-ecdsa.patch

==== ncurses ====
Version update (6.5.20250412 -> 6.5.20250426)
Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen

- Modify patch ncurses-5.9-ibm327x.dif
  * sclp term: use ASCII Console key mapping and support home
  * ibm327x term: can do color and drawings but no cursor
- Add ncurses patch 20250426
  + expand note on extensions in curs_addch.3x
  + add illumos, sun-16color, sun-256color, sun-direct -TD
  + add wyse+cvis -TD
- Add ncurses patch 20250419
  + add note on scrolling and lower-right corner to waddch and wadd_wch
    manual pages.
- Modify patch ncurses-5.9-ibm327x.dif
  * sclp term: more missed features like home/end/pageup/pagedown keys

==== nghttp2 ====
Version update (1.64.0 -> 1.65.0)

- version update to 1.65.0
  * Change clang-format options by @tatsuhiro-t in #2240
  * build(deps): bump github.com/quic-go/quic-go from 0.46.0 to 0.47.0 by @dependabot in #2243
  * build(deps): bump golang.org/x/net from 0.28.0 to 0.29.0 by @dependabot in #2244
  * nghttp2_map: Port ngtcp2 changes by @tatsuhiro-t in #2245
  * h2load: Fix UDP datagram send/recv metric by @tatsuhiro-t in #2248
  * build(deps): bump golang.org/x/net from 0.29.0 to 0.30.0 by @dependabot in #2252
  * fix race condition on h1 connection close by @TuxInvader in #2249
  * Gha ubuntu 24.04 by @tatsuhiro-t in #2254
  * GHA: Run tests for i686-w64-mingw32 host by @tatsuhiro-t in #2255
  * cmake: Fix c-ares v1.34.0 version detection failure by @tatsuhiro-t in #2256
  * fix: -Wextra-semi errors in nghttp2_helper.h by @codebytere in #2258
  * clang-format macros that do not need semicolon at the end by @tatsuhiro-t in #2259
  * Remove extra semicolons by @tatsuhiro-t in #2260
  * Bump ngtcp2 and its dependencies by @tatsuhiro-t in #2261
  * Do not allow '@' in :authority or host field values by @tatsuhiro-t in #2262
  * h2load: GRO buffer size should be 64KiB by @tatsuhiro-t in #2263
  * Bump libbpf to v1.4.6 by @tatsuhiro-t in #2264
  * Update nghttp2_check_authority doc by @tatsuhiro-t in #2265

==== open-vm-tools ====
Subpackages: libvmtools0 open-vm-tools-desktop

- (bsc#1237147): Newer version of containerd do not have the directory
  /usr/share/go/1.x/contrib/src/github.com/containerd/containerd/api.
  Update detect-suse-location.patch to point to the directory
  /usr/share/go/1.x/contrib/src/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api
  to find the needed files and update the tasks.proto file to import from
  github.com/containerd/containerd/vendor/github.com/containerd/containerd/api

==== openSUSE-release ====
Version update (20250423 -> 20250503)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd

- automatically generated by openSUSE-release-tools/pkglistgen

==== openssh ====
Version update (9.9p2 -> 10.0p2)
Subpackages: openssh-clients openssh-common openssh-server

- Add openssh-send-extra-term-env.patch, which appends a few
  environment variables useful for terminal identification to the
  default send and accept lists.
- "Update" to openssh 10.0p2:
  - There was an issue during the packaging of 10.0p1 which made it
    identify itself as 10.0p2 so 10.0p1 is now considered identical
    to 10.0p2 and upstream won't release a separate 10.0p2 package.
- Update to openssh 10.0p1:
  = Potentially-incompatible changes
  * This release removes support for the weak DSA signature
    algorithm, completing the deprecation process that began in
    2015 (when DSA was disabled by default) and repeatedly warned
    over the last 12 months.
  * scp(1), sftp(1): pass "ControlMaster no" to ssh when invoked by
    scp & sftp. This disables implicit session creation by these
    tools when ControlMaster was set to yes/auto by configuration,
    which some users found surprising. This change will not prevent
    scp/sftp from using an existing multiplexing session if one had
    already been created. GHPR557
  * This release has the version number 10.0 and announces itself
    as "SSH-2.0-OpenSSH_10.0". Software that naively matches
    versions using patterns like "OpenSSH_1*" may be confused by
    this.
  * sshd(8): this release removes the code responsible for the
    user authentication phase of the protocol from the per-
    connection sshd-session binary to a new sshd-auth binary.
    Splitting this code into a separate binary ensures that the
    crucial pre-authentication attack surface has an entirely
    disjoint address space from the code used for the rest of the
    connection. It also yields a small runtime memory saving as the
    authentication code will be unloaded after the authentication
    phase completes. This change should be largely invisible to
    users, though some log messages may now come from "sshd-auth"
    instead of "sshd-session". Downstream distributors of OpenSSH
    will need to package the sshd-auth binary.
  * sshd(8): this release disables finite field (a.k.a modp)
    Diffie-Hellman key exchange in sshd by default. Specifically,
    this removes the "diffie-hellman-group*" and
    "diffie-hellman-group-exchange-*" methods from the default
    KEXAlgorithms list. The client is unchanged and continues to
    support these methods by default. Finite field Diffie Hellman
    is slow and computationally expensive for the same security
    level as Elliptic Curve DH or PQ key agreement while offering
    no redeeming advantages. ECDH has been specified for the SSH
    protocol for 15 years and some form of ECDH has been the
    default key exchange in OpenSSH for the last 14 years.
  * sshd(8): this release removes the implicit fallback to
    compiled-in groups for Diffie-Hellman Group Exchange KEX when
    the moduli file exists but does not contain moduli within the
    client-requested range.  The fallback behaviour remains for the
    case where the moduli file does not exist at all. This allows
    administrators more explicit control over which DH groups will
    be selected, but can lead to connection failures if the moduli
    file is edited incorrectly. bz#2793
  = Security
  * sshd(8): fix the DisableForwarding directive, which was failing
    to disable X11 forwarding and agent forwarding as documented.
    X11 forwarding is disabled by default in the server and agent
    forwarding is off by default in the client.
  = New features
  * ssh(1): the hybrid post-quantum algorithm mlkem768x25519-sha256
    is now used by default for key agreement. This algorithm is
    considered to be safe against attack by quantum computers,
    is guaranteed to be no less strong than the popular
    curve25519-sha256 algorithm, has been standardised by NIST
    and is considerably faster than the previous default.
  * ssh(1): prefer AES-GCM to AES-CTR mode when selecting a cipher
    for the connection. The default cipher preference list is now
    Chacha20/Poly1305, AES-GCM (128/256) followed by AES-CTR
    (128/192/256).
  * ssh(1): add %-token and environment variable expansion to the
    ssh_config SetEnv directive.
  * ssh(1): allow %-token and environment variable expansion in
    the ssh_config User directive, with the exception of %r and %C
    which would be self-referential. bz#3477
  * ssh(1), sshd(8): add "Match version" support to ssh_config and
    sshd_config. Allows matching on the local version of OpenSSH,
    e.g. "Match version OpenSSH_10.*".
  * ssh(1): add support for "Match sessiontype" to ssh_config.
    Allows matching on the type of session initially requested,
    either "shell" for interactive sessions, "exec" for command
    execution sessions, "subsystem" for subsystem requests, such as
    sftp, or "none" for transport/forwarding-only sessions.
  * ssh(1): add support for "Match command ..." support to
    ssh_config, allowing matching on the remote command as
    specified on the command-line.
  * ssh(1): allow 'Match tagged ""' and 'Match command ""' to match
    empty tag and command values respectively.
  * sshd(8): allow glob(3) patterns to be used in sshd_config
    AuthorizedKeysFile and AuthorizedPrincipalsFile directives.
    bz2755
  * sshd(1): support the VersionAddendum in the client, mirroring
    the option of the same name in the server; bz2745
  * ssh-agent(1): the agent will now delete all loaded keys when
    signaled with SIGUSR1. This allows deletion of keys without
    having access to $SSH_AUTH_SOCK.
  * Portable OpenSSH, ssh-agent(1): support systemd-style socket
    activation in ssh-agent using the LISTEN_PID/LISTEN_FDS
    mechanism. Activated when these environment variables are set,
    ... changelog too long, skipping 116 lines ...
  * fix-nopie-flag.patch

==== openssh-askpass-gnome ====
Version update (9.9p2 -> 10.0p2)

- "Update" to openssh 10.0p2:
  * No changes for askpass, see main package changelog for
    details.
- Update to openssh 10.0p1:
  * No changes for askpass, see main package changelog for
    details.

==== openssl-3 ====
Version update (3.2.4 -> 3.5.0)
Subpackages: libopenssl3

- Update to 3.5.0:
  * Changes:
  - Default encryption cipher for the req, cms, and smime applications
    changed from des-ede3-cbc to aes-256-cbc.
  - The default TLS supported groups list has been changed to include
    and prefer hybrid PQC KEM groups. Some practically unused groups
    were removed from the default list.
  - The default TLS keyshares have been changed to offer X25519MLKEM768
    and and X25519.
  - All BIO_meth_get_*() functions were deprecated.
  * New features:
  - Support for server side QUIC (RFC 9000)
  - Support for 3rd party QUIC stacks including 0-RTT support
  - Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA)
  - A new configuration option no-tls-deprecated-ec to disable support
    for TLS groups deprecated in RFC8422
  - A new configuration option enable-fips-jitter to make the FIPS
    provider to use the JITTER seed source
  - Support for central key generation in CMP
  - Support added for opaque symmetric key objects (EVP_SKEY)
  - Support for multiple TLS keyshares and improved TLS key establishment
    group configurability
  - API support for pipelining in provided cipher algorithms
  * Remove patches:
  - openssl-3-disable-hmac-hw-acceleration-with-engine-digest.patch
  - openssl-3-support-CPACF-sha3-shake-perf-improvement.patch
  - openssl-3-add-defines-CPACF-funcs.patch
  - openssl-3-fix-memleak-s390x_HMAC_CTX_copy.patch
  - openssl-3-add-xof-state-handling-s3_absorb.patch
  - openssl-3-fix-state-handling-sha3_absorb_s390x.patch
  - openssl-3-fix-s390x_shake_squeeze.patch
  - openssl-3-hw-acceleration-aes-xts-s390x.patch
  - openssl-3-support-EVP_DigestSqueeze-in-digest-prov-s390x.patch
  - openssl-3-fix-state-handling-keccak_final_s390x.patch
  - openssl-3-add-hw-acceleration-hmac.patch
  - openssl-3-fix-state-handling-sha3_final_s390x.patch
  - openssl-3-fix-hmac-digest-detection-s390x.patch
  - openssl-3-support-multiple-sha3_squeeze_s390x.patch
  - openssl-3-fix-sha3-squeeze-ppc64.patch
  - openssl-3-fix-s390x_sha3_absorb.patch
  - openssl-3-fix-state-handling-shake_final_s390x.patch
  - openssl-3-add_EVP_DigestSqueeze_api.patch
  - openssl-FIPS-enforce-security-checks-during-initialization.patch
  - openssl-FIPS-140-3-zeroization.patch
  - openssl-FIPS-Add-explicit-indicator-for-key-length.patch
  - openssl-FIPS-Mark-SHA1-as-nonapproved.patch
  - openssl-Remove-EC-curves.patch
  - openssl-FIPS-services-minimize.patch
  - openssl-Revert-Improve-FIPS-RSA-keygen-performance.patch
  - openssl-3-FIPS-GCM-Implement-explicit-indicator-for-IV-gen.patch
  - openssl-3-fix-quic_multistream_test.patch
  - openssl-3-jitterentropy-3.4.0.patch
  - openssl-Add-FIPS-indicator-parameter-to-HKDF.patch
  - openssl-FIPS-140-3-DRBG.patch
  - openssl-FIPS-Use-FFDHE2048-in-self-test.patch
  - openssl-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
  - openssl-FIPS-signature-Add-indicator-for-PSS-salt-length.patch
  - openssl-pbkdf2-Set-indicator-if-pkcs5-param-disabled-checks.patch
  - openssl-FIPS-enforce-EMS-support.patch
  - openssl-Allow-disabling-of-SHA1-signatures.patch
  - openssl-3-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch
  * Rebased patches:
  - openssl-pkgconfig.patch
  - openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
  - openssl-Add-Kernel-FIPS-mode-flag-support.patch
  - openssl-Force-FIPS.patch
  - openssl-disable-fipsinstall.patch
  - openssl-FIPS-embed-hmac.patch
  - openssl-Add-changes-to-ectest-and-eccurve.patch
  - openssl-Disable-explicit-ec.patch
  - openssl-skipped-tests-EC-curves.patch
  - openssl-FIPS-140-3-keychecks.patch
  - openssl-FIPS-early-KATS.patch
  - openssl-FIPS-limit-rsa-encrypt.patch
  - openssl-FIPS-Expose-a-FIPS-indicator.patch
  - openssl-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
  - openssl-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
  - openssl-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
  - openssl-FIPS-RSA-disable-shake.patch
  - openssl-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
  - openssl-FIPS-Enforce-error-state.patch
  - openssl-FIPS-Remove-X9.31-padding-from-FIPS-prov.patch
  - openssl-FIPS-enforce-EMS-support.patch
  - openssl-TESTS-Disable-default-provider-crypto-policies.patch
  - openssl-skip-quic-pairwise.patch
  * Add patches:
  - openssl-FIPS-Fix-encoder-decoder-negative-test.patch
  - openssl-FIPS-SUSE-FIPS-module-version.patch
  - openssl-FIPS-EC-disable-weak-curves.patch
  - openssl-FIPS-NO-DES-support.patch
  - openssl-FIPS-NO-DSA-Support.patch
  - openssl-FIPS-NO-Kmac.patch
  - openssl-FIPS-NO-PQ-ML-SLH-DSA.patch
  - openssl-shared-jitterentropy.patch
  - openssl-rh-allow-sha1-signatures.patch
  - openssl-disable-75-test_quicapi-test.patch
- Changes between 3.3.0 and 3.4.0:
  * Changes:
  - Deprecation of TS_VERIFY_CTX_set_* functions and addition of
    ... changelog too long, skipping 96 lines ...
  - Support for using certificate profiles and extened delayed delivery in CMP

==== openssl ====
Version update (3.2.4 -> 3.5.0)

- Update to 3.5.0

==== orca ====

- Downgrade Wnck to Recommends. It is an optional dependency and
  is not used under Wayland (bsc#1241516).

==== postfix ====
Version update (3.10.1 -> 3.10.2)

- update to 3.10.2
  * Bugfix (defect introduced: date 19991116): when appending a
    setting to a main.cf or master.cf file that did not end in a
    newline character, the "postconf -e" command did not add an
    extra newline character before appending the new setting, causing
    information to become garbled.
  * Bugfix (defect introduced: Postfix 2.3, date 20051222): the
    Dovecot auth client did not attempt to create a new connection
    after an I/O error on an existing connection.
  * Improved and corrected error messages when converting (host or
    service) information to (symbolic text, numerical text, or
    binary) form.
  * Documentation: updated link to Dovecot documentation.

==== publicsuffix ====
Version update (20250407 -> 20250424)

- Update to version 20250424:
  * Add lp.dev to public_suffix_list.dat (#2391)
  * fix: autopin dependencies (#2430)
  * Run go mod tidy
  * Bump golang.org/x/net from 0.33.0 to 0.38.0 in /tools (#2438)
  * Add mmv.kr / vki.kr (#2442)
  * dev.project-study.com (#2444)
  * add `preview.site` (#2445)
  * Add `luyani.app` (#2440)
  * Add objectstorage.ch (#2439)
  * Add val.run (#2432)
  * Update public_suffix_list.dat (#2437)
  * Add seg.ar to public_suffix_list.dat (#2433)
  * Add convex.app and convex.site (#2436)
  * Add e2b.app (#2431)
  * Add *.devinapps.com (#2435)
  * Add rules for Amazon Cognito (#2366)
  * add `figma.site` (#2429)

==== python-M2Crypto ====
Version update (0.44.0 -> 0.45.1)

- Update to 0.45.1:
  - ci: switch from using sha1 to sha256.
  - ci(keys): regenerate rsa*.pem keys as well
  - fix: make the package compatible with OpenSSL >= 3.4 (don’t
    rely on LEGACY crypto-policies)
  - chore: package also system_shadowing directory to make builds more reliable
- Update to 0.45.0:
  - chore: preparing 0.45.0 release
  - fix(lib,ssl): rewrite ssl_accept, ssl_{read,write}_nbio for better error handling
  - fix: replace m2_PyBuffer_Release with native PyBuffer_Release
  - chore: build Windows builds with Python 3.13 as well
  - fix: remove support for Engine
  - chore: use actual license of the project
  - ci(Debian): make M2Crypto buildable on Debian (bsc#1240965)
  - swig: Workaround for reading sys/select.h ending with wrong types.
  - ci: bump required setuptools version because of change in naming strategy
  - fix: add fix for build with older GCC
  - fix: remove AnyStr and Any types

==== python-MarkupSafe ====
Version update (2.1.5 -> 3.0.2)

- Update to 3.0.2
  * Fix compatibility when __str__ returns a str subclass. #472
  * Build requires setuptools >= 70.1. #475
- Update to 3.0.1
  * Address compiler warnings that became errors in GCC 14. #466
  * Fix compatibility with proxy objects. #467
- Update to 3.0.0
  * Support Python 3.13 and its experimental free-threaded build. #461
  * Drop support for Python 3.7 and 3.8.
  * Use modern packaging metadata with pyproject.toml instead
    of setup.cfg. #348
  * Change distutils imports to setuptools. #399
  * Use deferred evaluation of annotations. #400
  * Update signatures for Markup methods to match str signatures.
    Use positional-only arguments. #400
  * Some str methods on Markup no longer escape their argument: strip,
    lstrip, rstrip, removeprefix, removesuffix, partition, and
    rpartition; replace only escapes its new argument. These methods
    are conceptually linked to search methods such as in, find, and
    index, which already do not escape their argument. #401
  * The __version__ attribute is deprecated. Use feature detection,
    or importlib.metadata.version("markupsafe"), instead. #402
  * Speed up escaping plain strings by 40%. #434
  * Simplify speedups implementation. #437

==== python-gevent ====
Version update (24.10.3 -> 25.4.2)

- Update to 25.4.2: [bsc#1241067, bsc#1241037]
  * Make gevent's queue classes subscriptable to match the standard
    library. See issue #2102.
  * Make the c-ares resolver build on Windows.
  * The gevent testsuite runs a copy of the test_ssl from cpython but
    the follwoing change has not been ported yet:
  - gh-126500: test_ssl: Don't stop ThreadedEchoServer on OSError
    in ConnectionHandler [gh#python/cpython/pull/126503]
  - Rebase gevent-openssl35-test-fix.patch
  - Upstream PR: [gh#gevent/gevent/pull/2103]
- Update to 25.4.1
  * Remove some legacy code that supported Python 2 for compatibility
    with the upcoming releases of Cython 3.1.
  * Add a new environment variable and configuration setting to control
    whether blocking reports are printed by the monitor thread.
  * Add initial support for Python 3.14a7.
  * Fix using gevent’s BackdoorServer with Unix sockets.
  * Do not use pywsgi in a security-conscious environment. Fix one
    security issue related to HTTP 100 Continue handling. See issue #2075.

==== python-greenlet ====
Version update (3.1.1 -> 3.2.1)

- Update to 3.2.1
  * Fix a crash regression for Riscv64. See issue 443.
- from version 3.2.0
  * Remove support for Python 3.7 and 3.8.
  * Add untested, community supported implementation for RiscV 32. See PR 438.
  * Make greenlet build and run on Python 3.14a7. It will not build on earlier
    3.14 alpha releases, and may not build on later 3.14 releases.
  * Packaging: Use PEP 639 license expressions and include license files.

==== python-h11 ====
Version update (0.14.0 -> 0.16.0)

- Update 0.16.0:
  * Security fix (CVE-2025-43859, bsc#1241872)
    Reject certain malformed Transfer-Encoding: chunked bodies that
    were previously accepted. These could have enabled
    request-smuggling attacks when an h11-based HTTP server was placed
    behind a load balancer with a matching bug in its chunked
    handling.
    Advisory with more details:
    https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj
- 0.15.0:
  * Reject Content-Lengths >= 1 zettabyte (1 billion terabytes) early,
    without attempting to parse the integer (#181)

==== python-httpcore ====
Version update (1.0.8 -> 1.0.9)

- Update to 1.0.9
  * Resolve https://github.com/advisories/GHSA-vqfr-h8mv-ghfj with h11
    dependency update. (#1008)

==== python-hyperframe ====
Version update (6.0.1 -> 6.1.0)
Subpackages: python311-hyperframe python313-hyperframe

- Update to 6.1.0
  * API Changes (Backward Incompatible)
  * Support for Python 3.6 has been removed.
  * Support for Python 3.7 has been removed.
  * Support for Python 3.8 has been removed.
  * API Changes (Backward Compatible)
  * Support for Python 3.10 has been added.
  * Support for Python 3.11 has been added.
  * Support for Python 3.12 has been added.
  * Support for Python 3.13 has been added.
  * Updated packaging and testing infrastructure.
  * Code cleanup and linting.
  * Improved type hints.

==== python-pycares ====
Version update (4.6.0 -> 4.6.1)

- update to 4.6.1:
  * Fix missing attribute type information for errno

==== python-pylsqpack ====
Version update (0.3.19 -> 0.3.20)

- update to 0.3.20:
  * update ls-qpack to 2.6.1

==== python311 ====
Subpackages: python311-curses python311-dbm

- Update to 3.11.12:
  - gh-131809: Update bundled libexpat to 2.7.1
  - gh-131261: Upgrade to libexpat 2.7.0
  - gh-105704: When using urllib.parse.urlsplit() and
    urllib.parse.urlparse() host parsing would not reject domain
    names containing square brackets ([ and ]). Square brackets
    are only valid for IPv6 and IPvFuture hosts according to RFC
    3986 Section 3.2.2 (bsc#1236705, CVE-2025-0938,
    gh#python/cpython#105704).
  - gh-121284: Fix bug in the folding of rfc2047 encoded-words
    when flattening an email message using a modern email
    policy. Previously when an encoded-word was too long for
    a line, it would be decoded, split across lines, and
    re-encoded. But commas and other special characters in the
    original text could be left unencoded and unquoted. This
    could theoretically be used to spoof header lines using a
    carefully constructed encoded-word if the resulting rendered
    email was transmitted or re-parsed.
  - gh-80222: Fix bug in the folding of quoted strings
    when flattening an email message using a modern email
    policy. Previously when a quoted string was folded so that
    it spanned more than one line, the surrounding quotes and
    internal escapes would be omitted. This could theoretically
    be used to spoof header lines using a carefully constructed
    quoted string if the resulting rendered email was transmitted
    or re-parsed.
  - gh-119511: Fix a potential denial of service in the imaplib
    module. When connecting to a malicious server, it could
    cause an arbitrary amount of memory to be allocated. On many
    systems this is harmless as unused virtual memory is only
    a mapping, but if this hit a virtual address size limit
    it could lead to a MemoryError or other process crash. On
    unusual systems or builds where all allocated memory is
    touched and backed by actual ram or storage it could’ve
    consumed resources doing so until similarly crashing.
  - gh-127257: In ssl, system call failures that OpenSSL reports
    using ERR_LIB_SYS are now raised as OSError.
  - gh-121277: Writers of CPython’s documentation can now use
    next as the version for the versionchanged, versionadded,
    deprecated directives.
  - gh-106883: Disable GC during the _PyThread_CurrentFrames()
    and _PyThread_CurrentExceptions() calls to avoid the
    interpreter to deadlock.
- Remove upstreamed patch:
  - CVE-2025-0938-sq-brackets-domain-names.patch
- Add gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch
  which makes test_ssl not to stop ThreadedEchoServer on OSError,
  which makes test_ssl pass with OpenSSL 3.5 (bsc#1241067,
  gh#python/cpython!126572)

==== python311-core ====
Subpackages: libpython3_11-1_0 python311-base

- Update to 3.11.12:
  - gh-131809: Update bundled libexpat to 2.7.1
  - gh-131261: Upgrade to libexpat 2.7.0
  - gh-105704: When using urllib.parse.urlsplit() and
    urllib.parse.urlparse() host parsing would not reject domain
    names containing square brackets ([ and ]). Square brackets
    are only valid for IPv6 and IPvFuture hosts according to RFC
    3986 Section 3.2.2 (bsc#1236705, CVE-2025-0938,
    gh#python/cpython#105704).
  - gh-121284: Fix bug in the folding of rfc2047 encoded-words
    when flattening an email message using a modern email
    policy. Previously when an encoded-word was too long for
    a line, it would be decoded, split across lines, and
    re-encoded. But commas and other special characters in the
    original text could be left unencoded and unquoted. This
    could theoretically be used to spoof header lines using a
    carefully constructed encoded-word if the resulting rendered
    email was transmitted or re-parsed.
  - gh-80222: Fix bug in the folding of quoted strings
    when flattening an email message using a modern email
    policy. Previously when a quoted string was folded so that
    it spanned more than one line, the surrounding quotes and
    internal escapes would be omitted. This could theoretically
    be used to spoof header lines using a carefully constructed
    quoted string if the resulting rendered email was transmitted
    or re-parsed.
  - gh-119511: Fix a potential denial of service in the imaplib
    module. When connecting to a malicious server, it could
    cause an arbitrary amount of memory to be allocated. On many
    systems this is harmless as unused virtual memory is only
    a mapping, but if this hit a virtual address size limit
    it could lead to a MemoryError or other process crash. On
    unusual systems or builds where all allocated memory is
    touched and backed by actual ram or storage it could’ve
    consumed resources doing so until similarly crashing.
  - gh-127257: In ssl, system call failures that OpenSSL reports
    using ERR_LIB_SYS are now raised as OSError.
  - gh-121277: Writers of CPython’s documentation can now use
    next as the version for the versionchanged, versionadded,
    deprecated directives.
  - gh-106883: Disable GC during the _PyThread_CurrentFrames()
    and _PyThread_CurrentExceptions() calls to avoid the
    interpreter to deadlock.
- Remove upstreamed patch:
  - CVE-2025-0938-sq-brackets-domain-names.patch
- Add gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch
  which makes test_ssl not to stop ThreadedEchoServer on OSError,
  which makes test_ssl pass with OpenSSL 3.5 (bsc#1241067,
  gh#python/cpython!126572)

==== python313 ====
Version update (3.13.2 -> 3.13.3)
Subpackages: python313-curses python313-dbm python313-tk

- Update to 3.13.3:
  - Tools/Demos
  - gh-131852: msgfmt no longer adds the POT-Creation-Date to
    generated .mo files for consistency with GNU msgfmt.
  - gh-85012: Correctly reset msgctxt when compiling messages
    in msgfmt.
  - gh-130025: The iOS testbed now correctly handles symlinks
    used as Python framework references.
  - Tests
  - gh-131050: test_ssl.test_dh_params is skipped if the
    underlying TLS library does not support finite-field
    ephemeral Diffie-Hellman.
  - gh-129200: Multiple iOS testbed runners can now be started
    at the same time without introducing an ambiguity over
    simulator ownership.
  - gh-130292: The iOS testbed will now run successfully on a
    machine that has not previously run Xcode tests (such as CI
    configurations).
  - gh-130293: The tests of terminal colorization are no longer
    sensitive to the value of the TERM variable in the testing
    environment.
  - gh-126332: Add unit tests for pyrepl.
  - Security
  - gh-131809: Update bundled libexpat to 2.7.1
  - gh-131261: Upgrade to libexpat 2.7.0
  - gh-127371: Avoid unbounded buffering for
    tempfile.SpooledTemporaryFile.writelines(). Previously,
    disk spillover was only checked after the lines iterator
    had been exhausted. This is now done after each line is
    written.
  - gh-121284: Fix bug in the folding of rfc2047 encoded-words
    when flattening an email message using a modern email
    policy. Previously when an encoded-word was too long for
    a line, it would be decoded, split across lines, and
    re-encoded. But commas and other special characters in the
    original text could be left unencoded and unquoted. This
    could theoretically be used to spoof header lines using
    a carefully constructed encoded-word if the resulting
    rendered email was transmitted or re-parsed.
  - Library
  - gh-132174: Fix function name in error message of
    _interpreters.run_string.
  - gh-132171: Fix crash of _interpreters.run_string on string
    subclasses.
  - gh-129204: Introduce new _PYTHON_SUBPROCESS_USE_POSIX_SPAWN
    environment variable knob in subprocess to control the use
    of os.posix_spawn().
  - gh-132159: Do not shadow user arguments in generated
    __new__() by decorator warnings.deprecated. Patch by Xuehai
    Pan.
  - gh-132075: Fix possible use of socket address structures
    with uninitialized members. Now all structure members are
    initialized with zeroes by default.
  - gh-132002: Fix crash when deallocating
    contextvars.ContextVar with weird unahashable string names.
  - gh-131668: socket: Fix code parsing AF_BLUETOOTH socket
    addresses.
  - gh-131492: Fix a resource leak when constructing a
    gzip.GzipFile with a filename fails, for example when
    passing an invalid compresslevel.
  - gh-131325: Fix sendfile fallback implementation to drain
    data after writing to transport in asyncio.
  - gh-129843: Fix incorrect argument passing in
    warnings.warn_explicit().
  - gh-131204: Use monospace font from System Font Stack for
    cross-platform support in difflib.HtmlDiff.
  - gh-130940: The PyConfig.use_system_logger attribute,
    introduced in Python 3.13.2, has been removed. The
    introduction of this attribute inadvertently introduced an
    ABI breakage on macOS and iOS. The use of the system logger
    is now enabled by default on iOS, and disabled by default
    on macOS.
  - gh-131045: Fix issue with __contains__, values, and
    pseudo-members for enum.Flag.
  - gh-130959: Fix pure-Python implementation of
    datetime.time.fromisoformat() to reject times with spaces
    in fractional part (for example, 12:34:56.400 +02:00),
    matching the C implementation. Patch by Michał Gorny.
  - gh-130637: Add validation for numeric response data in
    poplib.POP3.stat() method
  - gh-130461: Remove .. index:: directives from the uuid
    module documentation. These directives previously created
    entries in the general index for getnode() as well as
    the uuid1(), uuid3(), uuid4(), and uuid5() constructor
    functions.
  - gh-130379: The zipapp module now calculates the list of
    files to be added to the archive before creating the
    archive. This avoids accidentally including the target when
    it is being created in the source directory.
  - gh-130285: Fix corner case for random.sample() allowing the
    counts parameter to specify an empty population. So now,
    sample([], 0, counts=[]) and sample('abc', k=0, counts=[0,
    0, 0]) both give the same result as sample([], 0).
  - gh-130250: Fix regression in traceback.print_last().
  - gh-130230: Fix crash in pow() with only Decimal third
    argument.
  - gh-118761: Reverts a change in the previous release
    attempting to make some stdlib imports used within the
    subprocess module lazy as this was causing errors during
    ... changelog too long, skipping 175 lines ...
  (gh#python/cpython#132535).

==== python313-core ====
Version update (3.13.2 -> 3.13.3)
Subpackages: libpython3_13-1_0 python313-base

- Update to 3.13.3:
  - Tools/Demos
  - gh-131852: msgfmt no longer adds the POT-Creation-Date to
    generated .mo files for consistency with GNU msgfmt.
  - gh-85012: Correctly reset msgctxt when compiling messages
    in msgfmt.
  - gh-130025: The iOS testbed now correctly handles symlinks
    used as Python framework references.
  - Tests
  - gh-131050: test_ssl.test_dh_params is skipped if the
    underlying TLS library does not support finite-field
    ephemeral Diffie-Hellman.
  - gh-129200: Multiple iOS testbed runners can now be started
    at the same time without introducing an ambiguity over
    simulator ownership.
  - gh-130292: The iOS testbed will now run successfully on a
    machine that has not previously run Xcode tests (such as CI
    configurations).
  - gh-130293: The tests of terminal colorization are no longer
    sensitive to the value of the TERM variable in the testing
    environment.
  - gh-126332: Add unit tests for pyrepl.
  - Security
  - gh-131809: Update bundled libexpat to 2.7.1
  - gh-131261: Upgrade to libexpat 2.7.0
  - gh-127371: Avoid unbounded buffering for
    tempfile.SpooledTemporaryFile.writelines(). Previously,
    disk spillover was only checked after the lines iterator
    had been exhausted. This is now done after each line is
    written.
  - gh-121284: Fix bug in the folding of rfc2047 encoded-words
    when flattening an email message using a modern email
    policy. Previously when an encoded-word was too long for
    a line, it would be decoded, split across lines, and
    re-encoded. But commas and other special characters in the
    original text could be left unencoded and unquoted. This
    could theoretically be used to spoof header lines using
    a carefully constructed encoded-word if the resulting
    rendered email was transmitted or re-parsed.
  - Library
  - gh-132174: Fix function name in error message of
    _interpreters.run_string.
  - gh-132171: Fix crash of _interpreters.run_string on string
    subclasses.
  - gh-129204: Introduce new _PYTHON_SUBPROCESS_USE_POSIX_SPAWN
    environment variable knob in subprocess to control the use
    of os.posix_spawn().
  - gh-132159: Do not shadow user arguments in generated
    __new__() by decorator warnings.deprecated. Patch by Xuehai
    Pan.
  - gh-132075: Fix possible use of socket address structures
    with uninitialized members. Now all structure members are
    initialized with zeroes by default.
  - gh-132002: Fix crash when deallocating
    contextvars.ContextVar with weird unahashable string names.
  - gh-131668: socket: Fix code parsing AF_BLUETOOTH socket
    addresses.
  - gh-131492: Fix a resource leak when constructing a
    gzip.GzipFile with a filename fails, for example when
    passing an invalid compresslevel.
  - gh-131325: Fix sendfile fallback implementation to drain
    data after writing to transport in asyncio.
  - gh-129843: Fix incorrect argument passing in
    warnings.warn_explicit().
  - gh-131204: Use monospace font from System Font Stack for
    cross-platform support in difflib.HtmlDiff.
  - gh-130940: The PyConfig.use_system_logger attribute,
    introduced in Python 3.13.2, has been removed. The
    introduction of this attribute inadvertently introduced an
    ABI breakage on macOS and iOS. The use of the system logger
    is now enabled by default on iOS, and disabled by default
    on macOS.
  - gh-131045: Fix issue with __contains__, values, and
    pseudo-members for enum.Flag.
  - gh-130959: Fix pure-Python implementation of
    datetime.time.fromisoformat() to reject times with spaces
    in fractional part (for example, 12:34:56.400 +02:00),
    matching the C implementation. Patch by Michał Gorny.
  - gh-130637: Add validation for numeric response data in
    poplib.POP3.stat() method
  - gh-130461: Remove .. index:: directives from the uuid
    module documentation. These directives previously created
    entries in the general index for getnode() as well as
    the uuid1(), uuid3(), uuid4(), and uuid5() constructor
    functions.
  - gh-130379: The zipapp module now calculates the list of
    files to be added to the archive before creating the
    archive. This avoids accidentally including the target when
    it is being created in the source directory.
  - gh-130285: Fix corner case for random.sample() allowing the
    counts parameter to specify an empty population. So now,
    sample([], 0, counts=[]) and sample('abc', k=0, counts=[0,
    0, 0]) both give the same result as sample([], 0).
  - gh-130250: Fix regression in traceback.print_last().
  - gh-130230: Fix crash in pow() with only Decimal third
    argument.
  - gh-118761: Reverts a change in the previous release
    attempting to make some stdlib imports used within the
    subprocess module lazy as this was causing errors during
    ... changelog too long, skipping 175 lines ...
  (gh#python/cpython#132535).

==== qt6-declarative ====
Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsPlatform6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlMeta6 libQt6QmlModels6 libQt6QmlNetwork6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 libQt6QuickVectorImage6 libQt6QuickWidgets6 qt6-declarative-imports

- Add 0001-do-not-re-resolve-iterator-value-types.patch
  We've resolved the value type in the type propagator. Trying to do it
  again in the code generator, after the iterator may have been adjusted,
  is quite wrong. If we resolve the list value type on a type that's not
  a list (anymore), then we get an invalid type, which subsequently
  crashes.

==== rpm ====
Subpackages: librpmbuild10

- print scriptlet messages in --runposttrans
  * needed to fix leaking tmp files [bsc#1218459]
  * updated patch: posttrans.diff
- backport architecture check fix from upstream
  * new patch: archcheck.diff
- backport empty password fix from upstream
  * new patch: emptypw.diff
- backport buildsys specific prep fix from upstream
  * new patch: buildsysprep.diff
- fix memory leak in str2locale [bsc#1241052]
  * updated patch: localetag.diff

==== sane-backends ====
Subpackages: libsane1 sane-backends-autoconfig

- add c23-keywords.patch from upstream to fix gcc15 compile error

==== sdbootutil ====
Version update (1+git20250421.7ffd25a -> 1+git20250430.f7d1ad1)
Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper

- Update to version 1+git20250430.f7d1ad1:
  * Update DA lockout message
  * jeos-firstboot-enroll: show errors as dialog
- Update to version 1+git20250425.25d659b:
  * get-timeout for sd-boot return unsigned value
  * jeos-firstboot-enroll: drop unused variable
  * jeos-firstboot-enroll: continue if no enrollment (bsc#1236583)
  * jeos-firstboot-enroll: hide keyctl output
  * jeos-firstboot-enroll: add title and description
- Update to version 1+git20250423.61ca94f:
  * Revert "Use filesystem order in grub2-bls" (bsc#1241046)
- Update to version 1+git20250423.7e34390:
  * Check if TPM2 is in lockout (bsc#1241168)
  * Retry password when mismatch

==== selinux-policy ====
Version update (20250411 -> 20250429)
Subpackages: selinux-policy-targeted

- Update to version 20250429:
  * Allow cluster_t use NoNewPrivileges systemd hardening (bsc#1241921)
  * allows gssd_t to read nfs symlinks (bsc#1241042)
  * Label tpm2-measure.log with systemd_pcrlock_var_lib_t (bsc#1240887)

==== sqlite3 ====
Subpackages: libsqlite3-0 sqlite3-tcl

- Add subpackage for the lemon parser generator.
- Add patches:
  * sqlite-3.49.0-fix-lemon-missing-cflags.patch
  * sqlite-3.6.23-lemon-system-template.patch

==== texlive ====

- Add source-asymptote-liblsp.dif:  fix some missing #include
  statements (boo#1241475)

==== unbound ====
Version update (1.22.0 -> 1.23.0)
Subpackages: libunbound8 unbound-anchor

- Update to 1.23.0:
  Features:
  * Increase the default of max-global-quota to 200 from 128 after
    operational feedback. Still keeping the possible amplification
    factor (CAMP related issues) in the hundreds.
  * Fix #1175: serve-expired does not adhere to secure-by-default
    principle. The default value of serve-expired-client-timeout
    is set to 1800 as suggested by RFC8767.
  * For #1175, the default value of serve-expired-ttl is set to 86400
    (1 day) as suggested by RFC8767.
  * For #1207: [FR] Support for RESINFO RRType 261 (RFC9606), add
    LDNS_RR_TYPE_RESINFO similar to LDNS_RR_TYPE_TXT.
  * Add resolver.arpa and service.arpa to the default locally served
    zones.
  * Merge #1042: Fast Reload. The unbound-control fast_reload is added.
    It reads changed config in a thread, then only briefly pauses the
    service threads, that keep running. DNS service is only interrupted
    briefly, less than a second.
  * Merge #1019: Redis read-only replica support.
    Introduces new 'redis-replica-*' options for the Redis cache backend.
  * Merge #902: DNS Error Reporting (RFC 9567). Introduces new
    configuration option 'dns-error-reporting' and new statistics for
    'num.dns_error_reports'.
  Bug Fixes:
  * Fix #1154: Tag Incorrectly Applying for Other Interfaces
    Using the Same IP. This fix is not for 1.22.0.
  * Fix #1163: Typos in unbound.conf documentation.
  * Merge #1159: Stats for discard-timeout and wait-limit.
  * Add test case for #1159.
  * Some clean up for stat_values.test.
  * Merge #1170 from Melroy van den Berg, Fix chroot manpage
    description.
  * Merge #1157 from Liang Zhu, Fix heap corruption when calling
    ub_ctx_delete in Windows.
  * Fix redis that during a reload it does not fail if the redis
    server does not connect or does not respond. It still logs the
    errors and if the server is up checks expiration features.
  * Merge #1167: Makefile.in: fix occasional parallel build failures
    around bison rule.
  * Fix SETEX check during Redis (re)initialization.
  * Fix for the serve expired DNSSEC information fix, it would not allow
    current delegation information be updated in cache. The fix allows
    current delegation and validation recursion information to be
    updated, but as a consequence no longer has certain expired
    information around for later dnssec valid expired responses.
  * Fix to log redis timeout error string on failure.
  * More descriptive text for 'harden-algo-downgrade'.
  * Complete fix for max-global-quota to 200.
  * Fix #1183: the data being used is released in method
    nsec3_hash_test_entry.
  * Fix for #1183: release nsec3 hashes per test file.
  * Merge #1169 from Sergey Kacheev, fix: lock-free counters for
    auth_zone up/down queries.
  * Fix comparison to help static analyzer.
  * For #1175, update serve-expired tests.
  * Merge #1189: Fix the dname_str method to cause conversion errors
    when the domain name length is 255.
  * Merge #1197: dname_str() fixes.
  * Merge #1198: Fix log-servfail with serve expired and no useful cache
    contents.
  * Safeguard alias loop while looking in the cache for expired answers.
  * Merge #1187: Create the SSL_CTX for QUIC before chroot and privilege
    drop.
  * Fix typo in log_servfail.tdir test.
  * Merge #1204: ci: set persist-credentials: false for actions/checkout
    per zizmor suggestion.
  * Merge #1174: Serve expired cache update fixes. Fixes a regression bug
    with serve-expired that appeared in 1.22.0 and would not allow the
    iterator to update the cache with not-yet-validated entries resulting
    in increased outgoing traffic.
  * Merge #1214: Use TCP_NODELAY on TLS sockets to speed up the TLS
    handshake.
  * Fix #1213: Misleading error message on default access control causing
    refuse.
  * Merge #1221: Consider auth zones when checking for forwarders.
  * Merge #1222: Unique DoT and DoH SSL contexts to allow for different
    ALPN.
  * Create the quic SSL listening context only when needed.
  * Fix compile of interface check code when dnscrypt or quic is
    disabled.
  * Fix encoding of RR type ATMA.
  * Fix to check length in ATMA string to wire.
  * Merge #1229: check before use daemon->shm_info.
  * Use the same interface listening port discovery code for all needed
    protocols.
  * Port to string only when needed before getaddrinfo().
  * Do not open unencrypted channels next to encrypted ones on the same
    port.
  * Merge #1224 from Theo Buehler: Do not use DSA API unless USE_DSA is
    set.
  * Merge #1220 from Petr Menšík, Add unbound members group access to
    control key.
  * Make the default value of module-config "validator iterator"
    regardless of compilation options. --enable-subnet would implicitly
    change the value to enable the subnetcache module by default in the
    past.
  * Fix #986: Resolving sas.com with dnssec-validation fails though
    signed delegations seem to be (mostly) correct.
    Consider reconfigurations when calculating the still_useful_timeout
    ... changelog too long, skipping 62 lines ...
  * Merge #1265: Fix WSAPoll.

==== webrtc-audio-processing-1 ====

- Add webrtc-audio-processing-1.3-gcc15.patch to fix gcc-15
  compile time errors

==== wtmpdb ====
Version update (0.73.0+git20250408.edb8638 -> 0.74.0+git20250424.2e93e77)
Subpackages: libwtmpdb0

- Update to version 0.74.0+git20250424.2e93e77:
  * Release version 0.74.0
  * Fix varlink interface name (rebootmgr vs wtmpdb)
  * import: match login by tty if non-zero pid does not match

==== xfce4-pulseaudio-plugin ====
Version update (0.5.0 -> 0.5.1)
Subpackages: xfce4-pulseaudio-plugin-lang

- Update to version 0.5.1
  * Add device ports selector to the menu
  * Fix missing icon in first notification popup
  * Translation Updates

==== yast2-journal ====
Version update (5.0.1 -> 5.0.2)

- Fixed regexp for changed 'journalctl --list-boots' output:
  Now taking daylight savings time on/off into account
  (bsc#1241904)
- 5.0.2

==== yast2-trans ====
Version update (84.87.20250416.5cd9324ae2 -> 84.87.20250422.c1fec29547)
Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu

- Update to version 84.87.20250422.c1fec29547:
  * Translated using Weblate (Polish)

==== zypper ====
Version update (1.14.88 -> 1.14.89)
Subpackages: zypper-log zypper-needs-restarting

- Updated translations (bsc#1230267)
- version 1.14.89